Re: choix d'un ISP professionnel pour la fibre

[Basile Starynkevitch]

On 8/1/19 5:02 AM, Bernard Schoenacker wrote:

bonjour,

 je recherche à avoir un débit montant conséquent


Pourquoi faire? D'après mon expérience, un VPS (tournant chez Debian) 
chez OVH coûte bien moins cher qu'un ISP professionnel.


Mais j'ai été un client satisfait de nerim.net

--
Basile Starynkevitch (92340 Bourg La Reine, France)
http://starynkevitch.net/Basile/ 
Opinions are only mine - mes opinions ne sont que miennes
(tel. mobile: cf my web page / voir ma page web)

Re: Preseed installation: definition of host/domain names

[Polar Bear]

Hello,

progress report on the issue resolution...

I have found that there are a several cases related to the issue with
installation run from netboot (DHCP-PXE):

Case A
Requirements: New installed system should obtain hostname and domain from
DHCP/DNS server during installation process without pause for confirmation.
Solution: It is sufficient to add 'priority=critical' into kernel
parameters of PXE configuration file

Case B
Requirements: During installation Debian installer should stop for
confirmation of DHCP/DNS offer for hostname and domain name
Solution: don't put anything related to hostname and domain name of PXE
configuration file (DHCP/DNS) offers names and you confirm it by pressing
'Enter'

Case C
Requirements: We in advance assign host and domain names to a computer for
netboot installation
Solution: add 'hostname=some_name domain=some_domain' into PXE
configuration file -- Debian installer accepts selection and proceed
without pause for confirmation

Case D
Requirements: We in advance assign host and domain names to a computer for
netboot installation, during installation we should be asked for
confirmation
Solution: add 'hostname?=some_name domain?=some_domain' to PXE
configuration file, Debian installer will ask for confirmation

Documentation has some reference (without good example)
https://www.debian.org/releases/stretch/amd64/apbs02.html.en

In my particular case the solution is to append following 'auto=true
url=install'. Debian installer will look for
http://install.example.com/d-i/buster/preseed.cfg preseed file, postpone
questions about locale and keyboard until network interface gets up and
preseed file become available (delay for definition of locale and keyboard
is achieved with auto=true).

Andy

On Wed, Jul 31, 2019 at 3:42 PM Polar Bear  wrote:

> Hi,
>
> modifying required block of preseed file to following, Debian intaller
> still asks to confirm hostname and domain
>
> # Any hostname and domain names assigned from dhcp take precedence over
> # values set here. However, setting the values still prevents the questions
> # from being shown, even if values come from dhcp.
> d-i netcfg/get_hostname string unassigned-hostname
> d-i netcfg/get_domain string unassigned-domain d-i netcfg/get_hostname
> seen true
> d-i netcfg/get_domain string true 'seen true' stanza does no effect
> (although in this case host and domain names correct and picked up from
> DHCP/DNS server) What should be put into preseed file so that installation
> did not ask for host and domain names? Thank you Andy
>
>
> On Wed, Jul 31, 2019 at 3:13 PM Polar Bear  wrote:
>
>> Hello,
>>
>> please find bellow an examples for "Buster" (Stretch, Jessie)
>>
>> https://www.debian.org/releases/buster/example-preseed.txt
>> https://www.debian.org/releases/stretch/example-preseed.txt
>> https://www.debian.org/releases/jessie/example-preseed.txt
>>
>> Andy
>> Andy
>>
>> On Wed, Jul 31, 2019 at 2:39 PM Polar Bear  wrote:
>>
>>> Hello,
>>>
>>> can somebody explain how to configure preseed file so that auto
>>> installation picks up the host and domain name from DHCP server (DNS
>>> server).
>>>
>>> This question was 'rised' earlier on StackExchange
>>>
>>> https://unix.stackexchange.com/questions/106614/preseed-cfg-ignoring-hostname-setting
>>>
>>> Situation:
>>> I have install server (TFTP/DHCP/Apache) with several distributions and
>>> installation works fine. But there is one issue: I use LVM at disk
>>> partition step and LVM creates volume groups with hostname encoded in the
>>> name of volume group.
>>>
>>> I went through documentation for preseed file and found it confusing as
>>> it does work differently depending on Debian release.
>>>
>>> For example if I install 'Buster' (Debian 10) and specify in TFTP PXE
>>> configuration file hostname=dhcp domainname=dhcp then computer will get
>>> installed with name 'dhcp', I utilize Dynamic DNS update -- this name will
>>> get pushed out to register computer in DNS server with name 'dhcp' which
>>> overwrites earlier assigned name to the computer.
>>>  (NOTE: name 'dhcp' is selected more for descriptive purpose, according
>>> the documentation preseed file should have priority -- but it does not,
>>> without specifying hostname='.' domainname='.' auto install stops
>>> for confirmation of hostname and domainname [which are correct in this case
>>> but require to press 'Enter' twice] even though both specified in preseed
>>> file to be auto configured by obtaining data from dhcp -- see below
>>> reference to configuration file)
>>>
>>> All my attempts to find a solution for this issue failed so far.
>>>
>>> What I am looking for:
>>> 1. I register DNS record for a new computer through 'dnsupdate'
>>> 2. Add record into /etc/dhcp/dhcpd.conf (to match MAC with DNS name)
>>> 3. systemclt restart isc-dhcp-server
>>> 4. Boot 'new' computer over network (PXE)
>>> 5. Select from a menu 'Debian->Debian 10->Install preseed adm64'
>>> 6. On completion I desire to have 

choix d'un ISP professionnel pour la fibre

[Bernard Schoenacker]

bonjour,

je recherche à avoir un débit montant conséquent et pour
l'instant je n'arrive pas à trouver de solution sous les yeux qui
me satisfassent, ensuite j'ai dans le lot un utilisateur trop accroc
chez agrumes  et il ne se rends pas compte qu'il se fait vraiment
escroqué au niveau du tarif et il en redemande ...

qui pourrais m'aiguiller ou me donner une bonne information ou contact
afin de pouvoir décrocher le graal ?

merci pour votre aimable attention

Bien à vous
Bernard

Re: 3 phase power (was Re: Wireless home LAN - WiFi vs Bluetooth?

[John Hasler]

rhkramer writes:
> Oh, wow, how quickly I forget -- I did encounter systems like that,
> often for lighting in industrial applications, And, further, iirc, we
> could (and did) buy and install florescent light (and maybe HID?)
> fixtures designed to work on 208 volts, which we connected phase to
> phase in that kind of system.

> Of course, I could be misremembering.

You're correct.  120/208 is commonplace.

There are also 480/277 systems with the loads connected phase to
neutral.  The advantage is that the load is dead when the light switch
on the phase side of the load is opened and the voltage is low enough to
permit the use of ordinary devices yet high enough to save money on
wire.

At U of M Hospital the electricians managed to miswire a corridor on
such a system in such a way the last half of the corridor and all the
rooms off of it were connected in star but not connected to the neutral.
Hilarity ensued.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: Wireless home LAN - WiFi vs Bluetooth?

[Celejar]

On Wed, 31 Jul 2019 16:44:23 +0300
Reco  wrote:

> On Wed, Jul 31, 2019 at 02:32:25PM +0100, Brian wrote:
> > On Wed 31 Jul 2019 at 16:07:33 +0300, Reco wrote:
> > 
> > > On Wed, Jul 31, 2019 at 07:58:54AM -0400, Celejar wrote:
> > > > mathematical analysis of how much hardware would be necessary to crack
> > > > a good WPA2 password. I've seen lots of sites explaining how to use
> > > > hashcat with a GPU, and various real-world tests on lists of hashed
> > > > passwords (e.g., [1]), but can you provide a serious analysis of the
> > > > practical cost, in time or hardware, of cracking a real-world WPA setup?
> > > 
> > > Cost - Amazon will take 11c per hour for that VM that comes with NVIDIA
> > > Tesla videocard.
> > > Said hour is more than enough to bruteforce 8 character WPA passphrase
> > > with hashcat.
> > 
> > In the context of a home user producing a secure wireless configuration,
> > a 64 random character passphrase works wonders. The sky is not about to
> > fall in.
> 
> Agreed. If 64 character password is reasonably random, bruteforcing it is
> economically unfeasible. With obvious exceptions, of course.

Explain, please? What exceptions?

Celejar

Re: Wireless home LAN - WiFi vs Bluetooth?

[Celejar]

On Thu, 1 Aug 2019 11:23:40 +1200
Ben Caradoc-Davies  wrote:

> On 01/08/2019 01:44, Reco wrote:
> > On Wed, Jul 31, 2019 at 02:32:25PM +0100, Brian wrote:
> >> On Wed 31 Jul 2019 at 16:07:33 +0300, Reco wrote:
> >>> On Wed, Jul 31, 2019 at 07:58:54AM -0400, Celejar wrote:
>  mathematical analysis of how much hardware would be necessary to crack
>  a good WPA2 password. I've seen lots of sites explaining how to use
>  hashcat with a GPU, and various real-world tests on lists of hashed
>  passwords (e.g., [1]), but can you provide a serious analysis of the
>  practical cost, in time or hardware, of cracking a real-world WPA setup?
> >>> Cost - Amazon will take 11c per hour for that VM that comes with NVIDIA
> >>> Tesla videocard.
> >>> Said hour is more than enough to bruteforce 8 character WPA passphrase
> >>> with hashcat.
> >> In the context of a home user producing a secure wireless configuration,
> >> a 64 random character passphrase works wonders. The sky is not about to
> >> fall in.
> > Agreed. If 64 character password is reasonably random, bruteforcing it is
> > economically unfeasible. With obvious exceptions, of course.
> > Entering such password to a device is somewhat tedious though.
> 
> Especially tedious on devices with limited input interfaces, such as 
> smart TVs, game consoles, and printers. Restricting the WPA2 passphrase 

True that. I'm embarrassed to admit how much gnashing of teeth I
engaged in while trying to enter a WPA passphrase via my printer's
keypad / LCD interface, until I realized the right way to do it: hook
it up via ethernet, log into the web interface, copy and paste the
passphrase, enable the wireless interface, unhook the ethernet cable.

> to digits and lowercase letters reduces entropy but makes input more 
> bearable. Seeing the reaction of guests when they are handed a piece of 
> paper with a long random WPA2 passphrase: priceless. It never gets old.  :-D

Indeed ;) Now I just maintain a separate guest network, firewalled off
from the main network.

Celejar

Re: Wireless home LAN - WiFi vs Bluetooth?

[Celejar]

On Wed, 31 Jul 2019 16:07:33 +0300
Reco  wrote:

>   Hi.
> 
> On Wed, Jul 31, 2019 at 07:58:54AM -0400, Celejar wrote:
> > On Wed, 31 Jul 2019 10:43:48 +0300
> > Reco  wrote:
> > 
> > >   Hi.
> > > 
> > > On Tue, Jul 30, 2019 at 07:06:08PM -0400, Celejar wrote:
> > > > On Mon, 29 Jul 2019 13:57:25 +0300
> > > > Reco  wrote:

...

> > > > > You have authentication frames that can be intercepted (so WPA
> > > > > passphrase can be bruteforced).
> > > > 
> > > > Lots of things (such as TLS, ssh) can theoretically be brute forced -
> > > > the question is whether such brute forcing is sufficiently practical to
> > > > be a threat. I have seen nothing to indicate that properly configured
> > > > WPA2 can be realistically brute forced.
> > > 
> > > For WPA2 it's not that hard really, assuming pre-shared key usage.
> > > Can be expensive (all those videocards and ASICs have their cost), but
> > > definitely doable.
> > 
> > I'd be interested in seeing some real-world studies, or simply just a
> > mathematical analysis of how much hardware would be necessary to crack
> > a good WPA2 password. I've seen lots of sites explaining how to use
> > hashcat with a GPU, and various real-world tests on lists of hashed
> > passwords (e.g., [1]), but can you provide a serious analysis of the
> > practical cost, in time or hardware, of cracking a real-world WPA setup?
> 
> Cost - Amazon will take 11c per hour for that VM that comes with NVIDIA
> Tesla videocard.
> Said hour is more than enough to bruteforce 8 character WPA passphrase
> with hashcat.

Yes, and who said anything about using 8 character passphrase? How
about the cost of cracking a 16 character passphrase? Or a 60 character
one?

> > > You have several encryption algorithms, but:
> > > > > b) You may have a hardware that lack support for a good ones.
> > > > 
> > > > I suppose, but my impression is that most hardware from the last few
> > > > years is fine.
> > > 
> > > Cheap smartphones and tablets. Whatever they put instead of a proper
> > 
> > This misses the point - we're comparing ethernet to wifi. Cheap
> > smartphones and tablets aren't usually going to support ethernet.
> 
> You seem to misunderstand me.
> 
> You have a network that's supposed to be secure.
> You have that small herd of assorted client devices, some of them are
> better, some are worse.
> Excommunicating "bad devices" from the network is usually out of
> question if said devices are owned by family members or trusted friends
> or, say, business associates.

I understand all that, but then your recommendation of "use ethernet"
doesn't solve the problem: how is that "herd of assorted client
devices", which - by your assumption - includes "cheap smartphones and
tablets" that may be owned by family members, trusted friends, or
business associates, going to connect via ethernet?

> Due to the way APs work you cannot announce one set of encryption
> algorithms to one client, and different one to another, hence you bring
> down announced algorithms to the lowest common denominator.
> 
> You can announce several, but it's bad for obvious reasons.
> You *could* get away with it with mutliple virtual APs, but that adds
> complexity.

Well, that is what I do (guest network, network for devices that don't
support 802.11ac), and it does add some complexity, but I wouldn't
call it "fiendishly difficult" - I don't have your network chops, and
I probably wouldn't be able to handle it if it were really that
difficult ;)

Celejar

Re: Wireless home LAN - WiFi vs Bluetooth?

[Ben Caradoc-Davies]

On 01/08/2019 01:44, Reco wrote:

On Wed, Jul 31, 2019 at 02:32:25PM +0100, Brian wrote:

On Wed 31 Jul 2019 at 16:07:33 +0300, Reco wrote:

On Wed, Jul 31, 2019 at 07:58:54AM -0400, Celejar wrote:

mathematical analysis of how much hardware would be necessary to crack
a good WPA2 password. I've seen lots of sites explaining how to use
hashcat with a GPU, and various real-world tests on lists of hashed
passwords (e.g., [1]), but can you provide a serious analysis of the
practical cost, in time or hardware, of cracking a real-world WPA setup?

Cost - Amazon will take 11c per hour for that VM that comes with NVIDIA
Tesla videocard.
Said hour is more than enough to bruteforce 8 character WPA passphrase
with hashcat.

In the context of a home user producing a secure wireless configuration,
a 64 random character passphrase works wonders. The sky is not about to
fall in.

Agreed. If 64 character password is reasonably random, bruteforcing it is
economically unfeasible. With obvious exceptions, of course.
Entering such password to a device is somewhat tedious though.


Especially tedious on devices with limited input interfaces, such as 
smart TVs, game consoles, and printers. Restricting the WPA2 passphrase 
to digits and lowercase letters reduces entropy but makes input more 
bearable. Seeing the reaction of guests when they are handed a piece of 
paper with a long random WPA2 passphrase: priceless. It never gets old.  :-D


Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Re: 3 phase power (was Re: Wireless home LAN - WiFi vs Bluetooth?

[rhkramer]

An update | correction | recollection ;-)

On Tuesday, July 30, 2019 11:34:43 AM rhkra...@gmail.com wrote:
> I have seen diagrams in NEC code books for a different arrangement to get
> 120 volt 3 phase power, but I don't recall ever actually encountering that
> in real life.  

Oh, wow, how quickly I forget -- I did encounter systems like that, often for 
lighting in industrial applications,  And, further, iirc, we could (and did) 
buy and install florescent light (and maybe HID?) fixtures designed to work on 
208 volts, which we connected phase to phase in that kind of system.

Of course, I could be misremembering.

> In that case, iirc, 120 volt loads are connected from a hot
> tap to the neutral wire (the 4th wire of the 3 phase arrangement), and you
> get (nominally) 208 volts (RMS) connecting phase to phase.  I have seen
> things like motors that were rated like 240 / 208 volts (or something like
> that).

Fwd: Upcoming stable point release (10.1)

[Juan Lavieri]

Para información de todos.

 Mensaje reenviado 
Asunto: Upcoming stable point release (10.1)
Resent-Date: Wed, 31 Jul 2019 20:09:39 + (UTC)
Resent-From: debian-secur...@lists.debian.org
Fecha: Wed, 31 Jul 2019 21:08:36 +0100
De: Adam D. Barratt 
Para: debian-rele...@lists.debian.org

Hi,

The first point release for "buster" (10.1) is scheduled for Saturday,
September 7th. Processing of new uploads into buster-proposed-updates
will be frozen during the preceding weekend.

Regards,

Adam

Saludos.


--
Errar es de humanos, pero es mas humano culpar a los demás

Nettoyage du spam : juillet 2019

[Jean-Pierre Giraud]

Bonjour,
Comme nous sommes en août, il est désormais possible de
traiter les archives du mois de juillet 2019 des listes francophones.

N'oubliez bien sûr pas d'ajouter votre nom à la liste des relecteurs
pour que nous sachions où nous en sommes.

Détails du processus de nettoyage du spam sur :

https://wiki.debian.org/I18n/FrenchSpamClean

Re: Changing nameservers - WAS "Which resolv.conf file?"

[Bob Bernstein]

I _think_ my upgrade from Jessie to Stretch -- which entailed 
installing systemd for the first time on this box -- introduced 
that 8.8.8.8. into my config. I've never been at a loss to 
select my own nameservers, and that never has been one of them.


I was not even aware of that other file 'interface/' to wit: 
'/etc/resolvconf/run/interface/' or I would have been more 
specific indicating which file I edited, which was our old 
friend '/etc/network/interfaces'.


I followed up the edit with an "# /etc/init.d/network reload".

Lastly, I see now that even 
'/etc/resolvconf/run/interface/eth0.inet' contains a nameserver 
line holding my desired replacement for 8.8.8.8.


QED, yes?

Thank you

--
These are not the droids you are looking for.

Re: Preseed installation: definition of host/domain names

[Polar Bear]

Hi,

modifying required block of preseed file to following, Debian intaller
still asks to confirm hostname and domain

# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain d-i netcfg/get_hostname seen
true
d-i netcfg/get_domain string true 'seen true' stanza does no effect
(although in this case host and domain names correct and picked up from
DHCP/DNS server) What should be put into preseed file so that installation
did not ask for host and domain names? Thank you Andy


On Wed, Jul 31, 2019 at 3:13 PM Polar Bear  wrote:

> Hello,
>
> please find bellow an examples for "Buster" (Stretch, Jessie)
>
> https://www.debian.org/releases/buster/example-preseed.txt
> https://www.debian.org/releases/stretch/example-preseed.txt
> https://www.debian.org/releases/jessie/example-preseed.txt
>
> Andy
> Andy
>
> On Wed, Jul 31, 2019 at 2:39 PM Polar Bear  wrote:
>
>> Hello,
>>
>> can somebody explain how to configure preseed file so that auto
>> installation picks up the host and domain name from DHCP server (DNS
>> server).
>>
>> This question was 'rised' earlier on StackExchange
>>
>> https://unix.stackexchange.com/questions/106614/preseed-cfg-ignoring-hostname-setting
>>
>> Situation:
>> I have install server (TFTP/DHCP/Apache) with several distributions and
>> installation works fine. But there is one issue: I use LVM at disk
>> partition step and LVM creates volume groups with hostname encoded in the
>> name of volume group.
>>
>> I went through documentation for preseed file and found it confusing as
>> it does work differently depending on Debian release.
>>
>> For example if I install 'Buster' (Debian 10) and specify in TFTP PXE
>> configuration file hostname=dhcp domainname=dhcp then computer will get
>> installed with name 'dhcp', I utilize Dynamic DNS update -- this name will
>> get pushed out to register computer in DNS server with name 'dhcp' which
>> overwrites earlier assigned name to the computer.
>>  (NOTE: name 'dhcp' is selected more for descriptive purpose, according
>> the documentation preseed file should have priority -- but it does not,
>> without specifying hostname='.' domainname='.' auto install stops
>> for confirmation of hostname and domainname [which are correct in this case
>> but require to press 'Enter' twice] even though both specified in preseed
>> file to be auto configured by obtaining data from dhcp -- see below
>> reference to configuration file)
>>
>> All my attempts to find a solution for this issue failed so far.
>>
>> What I am looking for:
>> 1. I register DNS record for a new computer through 'dnsupdate'
>> 2. Add record into /etc/dhcp/dhcpd.conf (to match MAC with DNS name)
>> 3. systemclt restart isc-dhcp-server
>> 4. Boot 'new' computer over network (PXE)
>> 5. Select from a menu 'Debian->Debian 10->Install preseed adm64'
>> 6. On completion I desire to have computer assigned 'hostname' according
>> DNS record created in step #1
>>
>> Following example did not help with the issue
>> https://www.debian.org/releases/jessie/example-preseed.txt
>>
>> -- Quote -
>> # Any hostname and domain names assigned from dhcp take precedence over
>> # values set here. However, setting the values still prevents the
>> questions
>> # from being shown, even if values come from dhcp.
>> d-i netcfg/get_hostname string unassigned-hostname
>> d-i netcfg/get_domain string unassigned-domain
>>
>> # If you want to force a hostname, regardless of what either the DHCP
>> # server returns or what the reverse DNS entry for the IP is, uncomment
>> # and adjust the following line.
>> #d-i netcfg/hostname string somehost
>> -- End of quote ---
>>
>> On side note in 'Stretch' (Debian 9) specifying hostname=some_name and
>> domainname=example.com in PXE configuration file is not recognized by
>> Debian installer.
>>
>> What is correct solution for this situation?
>>
>> I am interested in 'Buster', 'Stretch', 'Jessie' releases.
>>
>> Thank you in advance
>> Andy
>>
>

Re: Preseed installation: definition of host/domain names

[Polar Bear]

Hello,

please find bellow an examples for "Buster" (Stretch, Jessie)

https://www.debian.org/releases/buster/example-preseed.txt
https://www.debian.org/releases/stretch/example-preseed.txt
https://www.debian.org/releases/jessie/example-preseed.txt

Andy
Andy

On Wed, Jul 31, 2019 at 2:39 PM Polar Bear  wrote:

> Hello,
>
> can somebody explain how to configure preseed file so that auto
> installation picks up the host and domain name from DHCP server (DNS
> server).
>
> This question was 'rised' earlier on StackExchange
>
> https://unix.stackexchange.com/questions/106614/preseed-cfg-ignoring-hostname-setting
>
> Situation:
> I have install server (TFTP/DHCP/Apache) with several distributions and
> installation works fine. But there is one issue: I use LVM at disk
> partition step and LVM creates volume groups with hostname encoded in the
> name of volume group.
>
> I went through documentation for preseed file and found it confusing as it
> does work differently depending on Debian release.
>
> For example if I install 'Buster' (Debian 10) and specify in TFTP PXE
> configuration file hostname=dhcp domainname=dhcp then computer will get
> installed with name 'dhcp', I utilize Dynamic DNS update -- this name will
> get pushed out to register computer in DNS server with name 'dhcp' which
> overwrites earlier assigned name to the computer.
>  (NOTE: name 'dhcp' is selected more for descriptive purpose, according
> the documentation preseed file should have priority -- but it does not,
> without specifying hostname='.' domainname='.' auto install stops
> for confirmation of hostname and domainname [which are correct in this case
> but require to press 'Enter' twice] even though both specified in preseed
> file to be auto configured by obtaining data from dhcp -- see below
> reference to configuration file)
>
> All my attempts to find a solution for this issue failed so far.
>
> What I am looking for:
> 1. I register DNS record for a new computer through 'dnsupdate'
> 2. Add record into /etc/dhcp/dhcpd.conf (to match MAC with DNS name)
> 3. systemclt restart isc-dhcp-server
> 4. Boot 'new' computer over network (PXE)
> 5. Select from a menu 'Debian->Debian 10->Install preseed adm64'
> 6. On completion I desire to have computer assigned 'hostname' according
> DNS record created in step #1
>
> Following example did not help with the issue
> https://www.debian.org/releases/jessie/example-preseed.txt
>
> -- Quote -
> # Any hostname and domain names assigned from dhcp take precedence over
> # values set here. However, setting the values still prevents the questions
> # from being shown, even if values come from dhcp.
> d-i netcfg/get_hostname string unassigned-hostname
> d-i netcfg/get_domain string unassigned-domain
>
> # If you want to force a hostname, regardless of what either the DHCP
> # server returns or what the reverse DNS entry for the IP is, uncomment
> # and adjust the following line.
> #d-i netcfg/hostname string somehost
> -- End of quote ---
>
> On side note in 'Stretch' (Debian 9) specifying hostname=some_name and
> domainname=example.com in PXE configuration file is not recognized by
> Debian installer.
>
> What is correct solution for this situation?
>
> I am interested in 'Buster', 'Stretch', 'Jessie' releases.
>
> Thank you in advance
> Andy
>

Preseed installation: definition of host/domain names

[Polar Bear]

Hello,

can somebody explain how to configure preseed file so that auto
installation picks up the host and domain name from DHCP server (DNS
server).

This question was 'rised' earlier on StackExchange
https://unix.stackexchange.com/questions/106614/preseed-cfg-ignoring-hostname-setting

Situation:
I have install server (TFTP/DHCP/Apache) with several distributions and
installation works fine. But there is one issue: I use LVM at disk
partition step and LVM creates volume groups with hostname encoded in the
name of volume group.

I went through documentation for preseed file and found it confusing as it
does work differently depending on Debian release.

For example if I install 'Buster' (Debian 10) and specify in TFTP PXE
configuration file hostname=dhcp domainname=dhcp then computer will get
installed with name 'dhcp', I utilize Dynamic DNS update -- this name will
get pushed out to register computer in DNS server with name 'dhcp' which
overwrites earlier assigned name to the computer.
 (NOTE: name 'dhcp' is selected more for descriptive purpose, according the
documentation preseed file should have priority -- but it does not, without
specifying hostname='.' domainname='.' auto install stops for
confirmation of hostname and domainname [which are correct in this case but
require to press 'Enter' twice] even though both specified in preseed file
to be auto configured by obtaining data from dhcp -- see below reference to
configuration file)

All my attempts to find a solution for this issue failed so far.

What I am looking for:
1. I register DNS record for a new computer through 'dnsupdate'
2. Add record into /etc/dhcp/dhcpd.conf (to match MAC with DNS name)
3. systemclt restart isc-dhcp-server
4. Boot 'new' computer over network (PXE)
5. Select from a menu 'Debian->Debian 10->Install preseed adm64'
6. On completion I desire to have computer assigned 'hostname' according
DNS record created in step #1

Following example did not help with the issue
https://www.debian.org/releases/jessie/example-preseed.txt

-- Quote -
# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain

# If you want to force a hostname, regardless of what either the DHCP
# server returns or what the reverse DNS entry for the IP is, uncomment
# and adjust the following line.
#d-i netcfg/hostname string somehost
-- End of quote ---

On side note in 'Stretch' (Debian 9) specifying hostname=some_name and
domainname=example.com in PXE configuration file is not recognized by
Debian installer.

What is correct solution for this situation?

I am interested in 'Buster', 'Stretch', 'Jessie' releases.

Thank you in advance
Andy

Re: Changing nameservers - WAS "Which resolv.conf file?"

[Pascal Hambourg]

Le 31/07/2019 à 23:30, ghe a écrit :

On 7/31/19 2:52 PM, Pascal Hambourg wrote:


Without resolvconf, the DHCP client would have completely overwritten
resolv.conf instead of just adding one line. With resolvconf, at least
you can have some control over resolv.conf.


OK. vi gives me all the control I need over resolv.conf.


No it doesn't. It does not prevent other programs from overwriting your 
changes the next second.

Re: Changing nameservers - WAS "Which resolv.conf file?"

[ghe]

On 7/31/19 2:52 PM, Pascal Hambourg wrote:

> Without resolvconf, the DHCP client would have completely overwritten
> resolv.conf instead of just adding one line. With resolvconf, at least
> you can have some control over resolv.conf.

OK. vi gives me all the control I need over resolv.conf. I understand
that some people need and think the world of resolvconf. I don't see any
need for it at all for the computers here.

-- 
Glenn English

Re: Easiest way to do VGA to Text

[deloptes]

Joe Pfeiffer wrote:

> I wasn't keeping track of statistics (I wasn't conducting an experiment,
> I had a pamphlet that needed to be recreated and then edited), but the
> results were very very close to 100%  I certainly spent a lot more time
> on reformatting and editing than I did proofreading.

ok but because you completed a simple task, you can not conclude it is
working good. I mean good for you. I have tried many programs. Couple of
OCR for example and I compared with commercial OCR. I tried festival,
viavoice and many others TTS and STT - nothing useful - just a prove of
concept or incomplete useless code. Yes it is useless compared to
commercial tools, so again if you want good results in this area it should
be commercial. It is interesting to know if something runs under linux.

Re: Easiest way to do VGA to Text

[deloptes]

Doug McGarrett wrote:

> Does your repo have cuneiform? I found that cuneiform works LOTS better
> than tesseract.
> (You can find cuneiform in the rpmfind app, and convert it with alien if
> you can't find a deb version.)

Looks like it is 10y old already - as I said - all the investments in
research and development stopped around that time. And as I said I am very
sceptic - I mean compared to commercial tools all the sort of thing looks
childish. If you want to play and waste some time - good, if you want to do
a serious work - bad.

regards

Re: Changing nameservers - WAS "Which resolv.conf file?"

[Pascal Hambourg]

Le 31/07/2019 à 21:44, ghe a écrit :

On 7/31/19 1:20 PM, Greg Wooledge wrote:


I still feel like you're missing the big picture here.  resolvconf isn't
the thing that's modifying your /etc/resolv.conf file.


It's the thing (that was) modifying my resolv.conf.


Resolvconf does not modify resolv.conf on its own. Some other program 
requested it to do so instead of overwriting resolv.conf itself.



The WiFi server (DHCP) was always changing my DNS server to something I
didn't want -- when I'd cat resolv.conf, there was always a line at the
top saying the file had been created by resolvconf.


Without resolvconf, the DHCP client would have completely overwritten 
resolv.conf instead of just adding one line. With resolvconf, at least 
you can have some control over resolv.conf.

Re: Easiest way to do VGA to Text

[Joe Pfeiffer]

deloptes  writes:

> Joe Pfeiffer wrote:
>
>> I used tesseract-ocr, mentioned previously, a couple of years ago with
>> very good success.  Also, the problem he's trying to solve is much
>
> what means very good success? You had to proof read it at the end - time
> spent. For me either something works or it doesn't none of them worked even
> close to good

Yes, I did have to proofread, and of course that took time.  But if
you're setting perfection as the only acceptable performance level, no
OCR software will ever achieve it.  Human eyes don't meet that standard.

I wasn't keeping track of statistics (I wasn't conducting an experiment,
I had a pamphlet that needed to be recreated and then edited), but the
results were very very close to 100%  I certainly spent a lot more time
on reformatting and editing than I did proofreading.

>> simpler than the general OCR problem; he's got the actual correct pixels
>> (rather than a scan), and maybe even have knowledge of what fonts are
>> used.  That makes a huge difference.
>> 
>
> I doubt it - really! Let me know at the end. I am curious.
>
> regards

Re: Changing nameservers - WAS "Which resolv.conf file?"

[Andrei POPESCU]

On Mi, 31 iul 19, 13:44:51, ghe wrote:
> On 7/31/19 1:20 PM, Greg Wooledge wrote:
> 
> > I still feel like you're missing the big picture here.  resolvconf isn't
> > the thing that's modifying your /etc/resolv.conf file.  
> 
> It's the thing (that was) modifying my resolv.conf.

[...]
 
> At first I kept a resolv file as I wanted it to be in /etc, and the
> script just copied it over resolvconf's creation. Then I just deleted
> the resolvconf file, and quit having problems.

If all you've got is a hammer...

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Which resolv.conf file?

[Andrei POPESCU]

On Mi, 31 iul 19, 02:37:40, Bob Bernstein wrote:
> On Wed, 31 Jul 2019, Andrei POPESCU wrote:
> 
> > It depends a lot on what combination of packages you have installed and
> > are using.
> > 
> > Starting with the obvious ones, please show the output of:
> 
> Ok. One dotted-four required obfuscation in my humble judgement. I hope I
> got your list correctly:
> 
> $ apt list resolvconf
> Listing... Done
> resolvconf/oldstable,now 1.79 all [installed]

Ok
 
> $ apt list network-manager
> Listing... Done
> network-manager/oldstable 1.6.2-3+deb9u2 amd64

Not installed.

> ls -l /etc/resolv.conf
> lrwxrwxrwx 1 root root 31 Jun 16 23:51 /etc/resolv.conf -> 
> /etc/resolvconf/run/resolv.conf

Ok
 
> $ cat /etc/resolvconf/run/resolv.conf # Dynamic resolv.conf(5) file for
> glibc resolver(3) generated by resolvconf(8)
> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver aaa.bbb.ccc.ddd (obfuscated)
> nameserver 8.8.8.8
> nameserver 127.0.0.53

Are you using a local DNS server?

You have three entries here...
 
> $ cat /etc/network/interfaces
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
> 
> source /etc/network/interfaces.d/*
> 
> auto lo eth0
> iface lo inet loopback
> 
> iface eth0 inet static
> address 192.168.1.40
> netmask 255.255.255.0
> gateway 192.168.1.1
> dns-nameserver 8.8.8.8

... but only one entry here.

Anyway, if you want to add 'nameserver' entries you have to add them as 
'dns-nameserver' in /etc/network/interfaces.

If you want to remove some the other ones you have to trace which 
package is adding them (via resolvconf). Could be a dhcp client, DNS 
server, another network manager (e.g wicd), etc.

Hope this helps,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Debian 9: imagenes para descargar con jigdo...

[Miguel Matos]

On Wed, Jul 31, 2019 at 4:14 PM Walter O. Dari  wrote:

> Hola gente:
>
> Alguien me podrá facilitar el vínculo, si es que existe, para descargar
> la última versión de Debian 9 mediante jigdo-lite ?
>
> Estuve intentando encontrarlas pero termino siempre en las de Debian 10.
>
> Gracias,
>
> --
>
> Walter O. Dari
>
> http://swcomputacion.com/
> http://swcomputacion.com/sistemas/
> https://facebook.com/swcomputacion/
> https://facebook.com/sistemasSW/
>
> Nuestros horarios:
> L a V 9 a 16 hs.
> S 10 a 14 hs.
>
>
Nunca he usado eso de jigdo, primera vez que lo oigo; pero, ¿será este un
camino que necesites llegar?
ftp://cdimage.debian.org/cdimage/archive/9.9.0/amd64/jigdo-cd/
Y, según el FTP, me lista estas otras opciones:
[DIR] jigdo-bd May 14 17:44
[DIR] jigdo-cd May 14 17:44
[DIR] jigdo-dlbd May 14 17:44
[DIR] jigdo-dvd May 14 17:44


-- 

Ayuda para hacer preguntas inteligentes: http://is.gd/NJIwRz

Re: Which resolv.conf file?

[Andrei POPESCU]

On Mi, 31 iul 19, 08:59:11, David Wright wrote:
> On Wed 31 Jul 2019 at 08:50:34 (-0400), Greg Wooledge wrote:
> > On Wed, Jul 31, 2019 at 09:21:32AM +0300, Reco wrote:
> > > On Wed, Jul 31, 2019 at 09:16:03AM +0300, Andrei POPESCU wrote:
> > > > On Mi, 31 iul 19, 09:06:36, Reco wrote:
> > > > > Assuming it is, and you're using ifupdown, you need to change
> > > > > "dns-nameserver" stanza in the interface definition.
> > > > 
> > > > Careful, in /etc/network/interfaces it's 'dns-nameservers' (mind the 
> > > > trailing 's'), because you can list more servers ;)
> > > 
> > > /usr/share/doc/resolvconf/README.gz disagrees with you:
> > > 
> > > * For each inet static logical interface through which a nameserver
> > >   is accessible, add lines like the following to /etc/network/interfaces .
> > > 
> > > dns-nameserver 11.22.33.44
> > > dns-nameserver 55.66.77.88
> > > dns-search foo.org bar.com
> > 
> > Reco is correct.
> > 
> > isc-dhcp-client uses "domain-name-servers" in its configuration file,
> > whereas resolvconf uses "dns-nameserver".  Most likely, Andrei momentarily
> > confused the two.
> 
> It might be the documentation that's confused. Here's an extract from
> man resolvconf

[...]
 
>The dns-nameservers option is also accepted and, unlike 
> dns-nameserver, can be given  mul‐
>tiple arguments, separated by spaces.

Ok, the 'dns-nameserver' option must have been added in the meantime, as 
'dns-nameservers' was quite confusing (I got bit by it several times).

Let's see... according to the changelog it was added in Jessie ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Debian 9: imagenes para descargar con jigdo...

[Walter O. Dari]

Hola gente:

Alguien me podrá facilitar el vínculo, si es que existe, para descargar 
la última versión de Debian 9 mediante jigdo-lite ?


Estuve intentando encontrarlas pero termino siempre en las de Debian 10.

Gracias,

--

Walter O. Dari

http://swcomputacion.com/
http://swcomputacion.com/sistemas/
https://facebook.com/swcomputacion/
https://facebook.com/sistemasSW/

Nuestros horarios:
L a V 9 a 16 hs.
S 10 a 14 hs.

Re: xsane: incoherent behaviours

[Brad Rogers]

On Wed, 31 Jul 2019 21:53:43 +0200 (CEST)
Pierre Frenkiel  wrote:

Hello Pierre,

>   grep "envy_photo_7100" /usr/share/hplip/data/models/models.dat
>   I added it to models.dat

You should be aware that, come next update of hplip, your changes may be
lost, unless you are careful.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
Never give in until they crack
Emergency - 999


pgpvvUyivnaKH.pgp
Description: OpenPGP digital signature

Re: Wireless home LAN - WiFi vs Bluetooth?

[Andrei POPESCU]

On Mi, 31 iul 19, 04:43:31, Bonno Bloksma wrote:
> 
> >> You have several encryption algorithms, but:
> >> a) They are not equally good.
> > Of course not - they never are ;) The trick is to pick a good one, and for 
> > wifi, that's WPA2 using AES.
> 
> Indeed, if one uses AES instead of PSK then it gets lots safer but now 
> we ARE getting in to harder to use protocol. Not all WiFi hardware 
> knows how to use WPA2 AES encryption.

PSK = Pre-shared key
AES = Advanced Encryption Standard Encryption

It's not "AES instead of PSK", but "WPA2-PSK, with AES encryption".
 
> >> b) You may have a hardware that lack support for a good ones.
> > I suppose, but my impression is that most hardware from the last few years 
> > is fine.
> 
> All devices should know WPA2 and PSK, maybe not AES.

WPA2-PSK with AES has been my wireless configuration for several years. 
The only complaints I've had were about the length of the password ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: xsane: incoherent behaviours

[Pierre Frenkiel]

On Wed, 31 Jul 2019, Brian wrote:


But you said your was laptop amd64/stretch; it wasn't. models.dat had
been altered at some time by you. You failed to mention that.


  I never modified models.dat before.
  until last week, I used "scanimage -d hpaio:/net/envy_photo_7100..."
  after your question about:
  grep "envy_photo_7100" /usr/share/hplip/data/models/models.dat
  I added it to models.dat

best regards,
--
Pierre Frenkiel

Re: Changing nameservers - WAS "Which resolv.conf file?"

[ghe]

On 7/31/19 1:20 PM, Greg Wooledge wrote:

> I still feel like you're missing the big picture here.  resolvconf isn't
> the thing that's modifying your /etc/resolv.conf file.  

It's the thing (that was) modifying my resolv.conf.

I have 2 Enet connections: a reliable T1 and a reasonably fast WiFi. I
have a shell script to bring up WiFi, and modify the routing table a
little, for downloads and stuff.

The WiFi server (DHCP) was always changing my DNS server to something I
didn't want -- when I'd cat resolv.conf, there was always a line at the
top saying the file had been created by resolvconf.

At first I kept a resolv file as I wanted it to be in /etc, and the
script just copied it over resolvconf's creation. Then I just deleted
the resolvconf file, and quit having problems.

It's quite possible I just didn't have something configured correctly,
but I did figure out a way to keep somebody from scribbling on my DNS
config. And there's nothing on my computers that changes it.

-- 
Glenn English

After upgraded to Buster the Energy Settings is problematic: get blank scree on laptop and the power off is only applicable

[Csanyi Pal]

Hello,

I just upgraded to Debian Buster from Stretch.

I am running it on an Acer Aspire V3-571 laptop.

I am using XFCE Desktop Environment ( in Stretch I used it also ).

In the Energy ... Settings I did set up in Stretch that that after 3 
minutes of inactivity the screen comes blank and it works.


But, from there I can't wake up the laptop, whatever I am doing: moving 
or clicking with the mice, hit Shift, Esc, Enter, Cursor Down or Up, 
these does not help to get back to my Desktop.


The only way to get it back is to hold down the Power button until it is 
shut down, then hit again Power button to start the laptop.


I purge the apmd package, but that does not helped me out.

How can I solve this problem?

Meanwhile I switch off in the Energy ... Settings that that the Screen 
come blank after some inactivity.


--
Best, Pali

Re: Easiest way to do VGA to Text

[Doug McGarrett]

On 07/31/2019 02:22 PM, deloptes wrote:

Joe Pfeiffer wrote:


I used tesseract-ocr, mentioned previously, a couple of years ago with
very good success.  Also, the problem he's trying to solve is much


what means very good success? You had to proof read it at the end - time
spent. For me either something works or it doesn't none of them worked even
close to good


simpler than the general OCR problem; he's got the actual correct pixels
(rather than a scan), and maybe even have knowledge of what fonts are
used.  That makes a huge difference.



I doubt it - really! Let me know at the end. I am curious.

regards


Does your repo have cuneiform? I found that cuneiform works LOTS better 
than tesseract.
(You can find cuneiform in the rpmfind app, and convert it with alien if 
you can't find a deb version.)


--doug

Re: Changing nameservers - WAS "Which resolv.conf file?"

[Greg Wooledge]

On Wed, Jul 31, 2019 at 01:13:27PM -0600, ghe wrote:
> On 7/31/19 12:52 PM, Greg Wooledge wrote:
> 
> > Removing /etc/resolvconf sounds like terrible> advice.  
> > If you want to remove resolvconf, remove the> package with dpkg or apt.  
> > Don't just start removing random
> configuration> files and directories
> Good point, well taken.
> 
> I've always just deleted the /etc dir, and it's always killed
> resolvconf. dpkg/apt is a much better idea -- more thorough deletion...
> 
> But then go remove that config stuff in /etc. If it's still there.

I still feel like you're missing the big picture here.  resolvconf isn't
the thing that's modifying your /etc/resolv.conf file.  resolvconf is
a mitigating layer that's trying to take control over the *other*
entities which are trying to edit the file.

If you remove resolvconf from the picture, then isc-dhcp-client and
other actors are going to go back to directly editing the file as they
see fit, undoing each other's work, etc.  If isc-dhcp-client is the
only such actor in play, and if you *want* it to edit your file, then
that may be perfectly fine.  resolvconf is there to handle all the
other cases.  Well, most of them.  The ones that it knows about and
knows how to subvert, anyway.

Re: Changing nameservers - WAS "Which resolv.conf file?"

[ghe]

On 7/31/19 12:52 PM, Greg Wooledge wrote:

> Removing /etc/resolvconf sounds like terrible> advice.  
> If you want to remove resolvconf, remove the> package with dpkg or apt.  
> Don't just start removing random
configuration> files and directories
Good point, well taken.

I've always just deleted the /etc dir, and it's always killed
resolvconf. dpkg/apt is a much better idea -- more thorough deletion...

But then go remove that config stuff in /etc. If it's still there.

-- 
Glenn English

Re: recherche ressources libres pour photographe professionnel

[Gaëtan Perrier]

Dire que le traitement raw est le parent pauvre et ne pas citer darktable et 
rawtherapee c'est un poil bizarre pour un site photo ...

Le 31 juillet 2019 10:37:59 GMT+02:00, contact 
 a écrit :
>sinon il y  a ceci
>
>http://www.virusphoto.com/15792-dossier-32-logiciels-libres-pour-limage-et-la-photo.html
>
>
>François-Marie BILLARD
>Le 31/07/2019 à 04:41, Bernard Schoenacker a écrit :
>> bonjour,
>>
>> j'avais en tête un site anglophone recensant
>> les logiciels libres utilisables par des
>> professionnels (photographes) et qui
>> contiennent des témoignages, mais je n'arrive
>> plus à le trouver ...
>>
>>
>> merci pour votre aimable attention
>> bien à vous
>> Bernard
>>

-- 
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma 
brièveté.

Re: Changing nameservers - WAS "Which resolv.conf file?"

[Greg Wooledge]

On Wed, Jul 31, 2019 at 12:44:50PM -0600, ghe wrote:
> On 7/31/19 12:17 PM, Bob Bernstein wrote:
> 
> > Sure enough, there it was, for eth0. I commented it out and added a line
> > for the nameserver I wanted, and bingo, we have lift off.
> 
> That works, but if you want to specify the DNS server, delete those 2
> DNS lines in /etc...interfaces, and edit /etc/resolv.conf.
> 
> And rm -rf /etc/resolvconf. How often do you want to change your DNS
> server? And when you do, edit /etc/resolv.conf.
> 
> There are those of us who hate 'helpful' software...

https://wiki.debian.org/resolv.conf

Just editing /etc/resolv.conf is NOT enough, because other things will
change it BEHIND YOUR BACK.

https://wiki.debian.org/resolv.conf

resolvconf is actually one of the things that you can use to STOP OTHER
THINGS from changing it.  Removing /etc/resolvconf sounds like terrible
advice.  Why would you remove the configuration of a package but leave
the package installed?  Are you just going to hope it does something
good without any guidance?  If you want to remove resolvconf, remove the
package with dpkg or apt.  Don't just start removing random configuration
files and directories.

https://wiki.debian.org/resolv.conf

Re: Changing nameservers - WAS "Which resolv.conf file?"

[ghe]

On 7/31/19 12:17 PM, Bob Bernstein wrote:

> Sure enough, there it was, for eth0. I commented it out and added a line
> for the nameserver I wanted, and bingo, we have lift off.

That works, but if you want to specify the DNS server, delete those 2
DNS lines in /etc...interfaces, and edit /etc/resolv.conf.

And rm -rf /etc/resolvconf. How often do you want to change your DNS
server? And when you do, edit /etc/resolv.conf.

There are those of us who hate 'helpful' software...

-- 
Glenn English

Re: xsane: incoherent behaviours

[Brian]

On Wed 31 Jul 2019 at 20:18:09 +0200, Pierre Frenkiel wrote:

> On Wed, 31 Jul 2019, Brian wrote:
> 
> > You are misunderstanding. When I said "Neither should have an envy photo
> > 7100 entry in models.dat.", I meant that the *stretch* models.dat does
> > not have it as an entry. If it is there, it has been put there - and not
> > by anything which a stretch inastallation would do.
> 
>- the stretch models.dat does not have an envy entry ==> envy is not seen, 
> and
>  of course scanning is not available

Agreed.

>- now, it is there because I put it ==> envy is seen, and scanning works
>  do you see an other solution?

Agreed.

But you said your was laptop amd64/stretch; it wasn't. models.dat had
been altered at some time by you. You failed to mention that.

-- 
Brian.

Re: Changing nameservers - WAS "Which resolv.conf file?"

[Pascal Hambourg]

Le 31/07/2019 à 19:56, Greg Wooledge a écrit :

On Wed, Jul 31, 2019 at 07:51:45PM +0200, Pascal Hambourg wrote:

Le 31/07/2019 à 17:10, Bob Bernstein a écrit :


What I want to do is get rid of the google 8.8.8.8 and replace it with a
static nameserver suggested by my vpn.


Edit /etc/network/interfaces.


That isn't a full answer.


Indeed. The full answer was "edit /etc/network/interfaces and reboot".


 That could be one step in the answer that
begins with "install resolvconf".


The information posted by the OP indicated that resolvconf is already 
installed.



But a deeper investigation is required, to find out where the 8.8.8.8
is coming from in the first place.


No investigation is required. All the required information has already 
been posted by the OP.

Re: Easiest way to do VGA to Text

[deloptes]

Joe Pfeiffer wrote:

> I used tesseract-ocr, mentioned previously, a couple of years ago with
> very good success.  Also, the problem he's trying to solve is much

what means very good success? You had to proof read it at the end - time
spent. For me either something works or it doesn't none of them worked even
close to good

> simpler than the general OCR problem; he's got the actual correct pixels
> (rather than a scan), and maybe even have knowledge of what fonts are
> used.  That makes a huge difference.
> 

I doubt it - really! Let me know at the end. I am curious.

regards

Re: xsane: incoherent behaviours

[Pierre Frenkiel]

On Wed, 31 Jul 2019, Brian wrote:


You are misunderstanding. When I said "Neither should have an envy photo
7100 entry in models.dat.", I meant that the *stretch* models.dat does
not have it as an entry. If it is there, it has been put there - and not
by anything which a stretch inastallation would do.


   - the stretch models.dat does not have an envy entry ==> envy is not seen, 
and
 of course scanning is not available
   - now, it is there because I put it ==> envy is seen, and scanning works
 do you see an other solution?

best regards,
--
Pierre Frenkiel

Re: Changing nameservers - WAS "Which resolv.conf file?"

[Bob Bernstein]

SOLVED, I think.

After all the reading you guys gave me I sat pondering this 
morning, and it dawned on me that if I looked at 'interfaces' 
and found that darn 8.8.8.8 ip in there, that I might have the 
clue I needed.


Sure enough, there it was, for eth0. I commented it out and 
added a line for the nameserver I wanted, and bingo, we have 
lift off.


I know, I know; I posted the contents of 'interfaces' in reply 
to Andrei's request last night, but at that point in the 
proceedings I did not see its significance.


Thank you

--
These are not the droids you are looking for.

Re: xsane: incoherent behaviours

[Brian]

On Wed 31 Jul 2019 at 19:43:24 +0200, Pierre Frenkiel wrote:

> On Wed, 31 Jul 2019, Brian wrote:
> 
> > Which laptop? Both have stretch. Neither should have an envy photo 7100
> > entry in models.dat.
> 
>   this time, facts prove that your are wrong (we say in french
>   "les faits sont têtus" i.e. "facts are stubborn"
>   and here are the facts:
> 
>   - without the envy entry in models.dat, the envy is not seen on both 
> laptops.
>   - with the envy entry in models.dat, the envy is seen on both laptops,
> and scanning works perfectly...

You are misunderstanding. When I said "Neither should have an envy photo
7100 entry in models.dat.", I meant that the *stretch* models.dat does
not have it as an entry. If it is there, it has been put there - and not
by anything which a stretch inastallation would do.

-- 
Brian.

Re: Easiest way to do VGA to Text

[Joe Pfeiffer]

deloptes  writes:

> Martin McCormick wrote:
>
>> I have 4 older PC's that generally work well running
>> debian but Right now, 3 of them need varying degrees of attention
>> to their BIOS setups as Dell motherboards and possibly other
>> brands will occasionally modify their boot sequences for some
>> reason and the only way one can boot from a CDROM is to get in to
>> the BIOS setup and yank the boot order back to one where the CD
>> drive is ahead of the hard drive or put an unbootable hard drive
>> in.  Six or eight months later, one will suddenly discover that
>> the boot sequence has fallen back to  the useless one where the
>> floppy drive is first, followed by the hard drive followed by the
>> CDROM.
>
> I have not heard so far of working OCR free under linux. I would buy
> commercial software that can work as screen reader. You can pipe the images
> from the linux PC to that software and hear the text.
>
> This is not only the OCR part, but also the reading and what I have seen
> under Linux is all BS. There were very good projects 10-15y ago, but I have
> not heard of a break through in any of them. For example ViaVoice a STT
> program used to run on linux and was dropped when IBM and Phillips stopped
> the project cause DARPA stopped the funding. Festival is good as TTS, but
> is far away from commercial quality and so on. 
>
> Making a good reader program is very complex and sophisticated thing and
> there are many unsolved problems to deal with. This means you can not just
> OCR the screen and dump it to the reader - you must preprocess it and often
> go to semantics, which makes it pretty difficult.

I used tesseract-ocr, mentioned previously, a couple of years ago with
very good success.  Also, the problem he's trying to solve is much
simpler than the general OCR problem; he's got the actual correct pixels
(rather than a scan), and maybe even have knowledge of what fonts are
used.  That makes a huge difference.

> If you have time to waste, keep us posted of your progress. Last time I did
> research on the topic was 10+y ago, when I wrote my thesis on dialogue
> systems, so please, correct me if I am wrong and if there is a useful
> software out there. Honestly I doubt it, cause people massively got dumber
> in the past 10y, of course except the readers of this list :)
>
> best regards

Re: Changing nameservers - WAS "Which resolv.conf file?"

[Greg Wooledge]

On Wed, Jul 31, 2019 at 07:51:45PM +0200, Pascal Hambourg wrote:
> Le 31/07/2019 à 17:10, Bob Bernstein a écrit :
> > 
> > What I want to do is get rid of the google 8.8.8.8 and replace it with a
> > static nameserver suggested by my vpn.
> 
> Edit /etc/network/interfaces.

That isn't a full answer.  That could be one step in the answer that
begins with "install resolvconf".

https://wiki.debian.org/resolv.conf#Configuring_resolvconf

But a deeper investigation is required, to find out where the 8.8.8.8
is coming from in the first place.  If someone has already *done*
something (i.e. this is not a vanilla installation), then first we have
to discover what has been done.

Re: Changing nameservers - WAS "Which resolv.conf file?"

[Pascal Hambourg]

Le 31/07/2019 à 17:10, Bob Bernstein a écrit :


What I want to do is get rid of the google 8.8.8.8 and replace it with a 
static nameserver suggested by my vpn.


Edit /etc/network/interfaces.

Re: xsane: incoherent behaviours

[Pierre Frenkiel]

On Wed, 31 Jul 2019, Brian wrote:


Which laptop? Both have stretch. Neither should have an envy photo 7100
entry in models.dat.


  this time, facts prove that your are wrong (we say in french
  "les faits sont têtus" i.e. "facts are stubborn"
  and here are the facts:

  - without the envy entry in models.dat, the envy is not seen on both laptops.
  - with the envy entry in models.dat, the envy is seen on both laptops,
and scanning works perfectly...

the remaining problem is why scanning with the laserjet fails on my desktop
(but this is an other story)

anyway, thank you for your cooperation.
best regards,
--
Pierre Frenkiel

Re: Changing nameservers - WAS "Which resolv.conf file?"

[Reco]

Hi.

On Wed, Jul 31, 2019 at 11:10:32AM -0400, Bob Bernstein wrote:
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by r$

This simplifies things greatly

> What I want to do is get rid of the google 8.8.8.8 and replace it with a 
> static nameserver suggested by my vpn.

ls -al /run/resolvconf/interfaces

Reco

Re: Which resolv.conf file?

[tomas]

On Wed, Jul 31, 2019 at 12:09:38PM -0400, Greg Wooledge wrote:
> On Wed, Jul 31, 2019 at 05:55:17PM +0200, to...@tuxteam.de wrote:
> > On Wed, Jul 31, 2019 at 10:27:01AM -0400, Greg Wooledge wrote:
> > > wooledg:~$ dpkg -S resolvconf.1
> > > systemd: /usr/share/man/man1/resolvconf.1.gz
> > 
> > tomas@trotzki:~$ dpkg -S resolv.conf
> > manpages: /usr/share/man/man5/resolv.conf.5.gz
> 
> resolv.conf(5) is the configuration file for the DNS resolver in libc.
> 
> resolvconf(8) is a Debian package that intercepts attempts by various
> other packages to mangle your /etc/resolv.conf file, and lets you control
> how they can or cannot do so.
> 
> resolvconf(1) is apparently an alias for resolvctl(1) which is part of
> systemd, and has absolutely nothing to do with ANYTHING, other than
> getting in the way if a naive person (in this example, me) tries to
> run "man resolvconf".

:-)

Cheers
-- t


signature.asc
Description: Digital signature

Re: Grub

[diego leon giraldo garcia]

MUCHAS GRACIAS.

El lun., 29 jul. 2019 11:09 p. m., Fran Torres 
escribió:

> Buenas,
>
> Por como está escrito el mensaje (no se entiende bien) deduzco lo
> siguiente:
> 1. quieres actualizar Windows 10, a sabiendas que Windows reescribirá
> el gestor de arranque y por tanto, aunque no perderás la instalación
> de debian, no la podrás arrancar.
> 2. No quieres usar discos live de Ubuntu. Bien, ahí va mi solución.
>
> 1. Actualiza Windows sin preocuparte.
> 2. Cuando arranque y hayas hecho la configuración de primera vez,
> utiliza el mismo disco que utilizaste para instalar debian.
> 3. Haz la instalación normal de debian y cuando llegues al
> particionador, pulsa por ejemplo, ctrl+alt+f2 y pulsa dos veces enter.
> (te encontrarás en el prompt de busybox para escribir comandos).
> 4. Ahora escribe lo siguiente:
> grub-install /dev/sda
> 5. Una vez se complete el proceso, debian detectará la instalación de
> debian, detectará la partición de Windows, la partición msr, la
> partición efi y lo escribirá todo en /boot/grub/grub.cfg
> 6. Pulsa ctrl+alt+del, retira el disco y debería funcionar.
>
> Fran.
>
>
> El 30/7/19, diego leon giraldo garcia 
> escribió:
> > Amigos de la lista, tengo pc con debían y windows 7, quiero actualizar el
> > windows 7 al 10. Pero se que windows reescribe el mar. Opción para
> > restaurar grub live cd de ubuntu. Pero quiero otras opciones si me pueden
> > sugerir gracias.
> >
>

Re: Chromium 76

[Michael Fothergill]

On Wed, 31 Jul 2019 at 13:01, Paul Sutton  wrote:

> Hi
>
> Looks like chromium 76 is out soon, hopefully will make its way in to
> Buster.  As Chromium + Scratch website is still very sluggish on Buster.
>
> I  have compiled and installed chromium 76 using gentoo prefix which I
have running on debian buster.

Chromium 77 is out there somewhere.

I am interested to try out bedrock linux at some point. I think it could
help get around some of these problems.


Regards

Michael Fothergill

Re: Which resolv.conf file?

[Greg Wooledge]

On Wed, Jul 31, 2019 at 05:55:17PM +0200, to...@tuxteam.de wrote:
> On Wed, Jul 31, 2019 at 10:27:01AM -0400, Greg Wooledge wrote:
> > wooledg:~$ dpkg -S resolvconf.1
> > systemd: /usr/share/man/man1/resolvconf.1.gz
> 
> tomas@trotzki:~$ dpkg -S resolv.conf
> manpages: /usr/share/man/man5/resolv.conf.5.gz

resolv.conf(5) is the configuration file for the DNS resolver in libc.

resolvconf(8) is a Debian package that intercepts attempts by various
other packages to mangle your /etc/resolv.conf file, and lets you control
how they can or cannot do so.

resolvconf(1) is apparently an alias for resolvctl(1) which is part of
systemd, and has absolutely nothing to do with ANYTHING, other than
getting in the way if a naive person (in this example, me) tries to
run "man resolvconf".

Re: Which resolv.conf file?

[tomas]

On Wed, Jul 31, 2019 at 10:27:01AM -0400, Greg Wooledge wrote:
> On Wed, Jul 31, 2019 at 08:59:11AM -0500, David Wright wrote:
> > It might be the documentation that's confused. Here's an extract from
> > man resolvconf
> > 
> > 
> > 
> >ifup
> >The ifup program can be used to configure network  interfaces
> [...]
> 
> Mine doesn't... wait, what...
> 
> wooledg:~$ dpkg -S resolvconf.1
> systemd: /usr/share/man/man1/resolvconf.1.gz

tomas@trotzki:~$ dpkg -S resolv.conf
manpages: /usr/share/man/man5/resolv.conf.5.gz

Hmmm.

Cheers
-- t


signature.asc
Description: Digital signature

Re: xsane: incoherent behaviours

[Brian]

On Wed 31 Jul 2019 at 17:18:16 +0200, Pierre Frenkiel wrote:

> On Wed, 31 Jul 2019, Brian wrote:
> 
> > On Wed 31 Jul 2019 at 13:52:29 +0200, Pierre Frenkiel wrote:
> > 
> > >   Here are the outputs of scanimage on my desktop:
> > > 
> > >scanimage: open of device 
> > > hpaio:/net/HP_LaserJet_MFP_M227-M231?ip=192.168.1.41 failed: Error during 
> > > device I/O
> > >scanimage: open of device 
> > > hpaio:/net/laserjet_mfp_m227-m231?ip=192.168.1.41=false failed: 
> > > Error during device I/O
> > 
> > Install the non-free plugin on your desktop (or laptop). 'hp-plugin' should 
> > do it.
> > 
> > (Yes, I know upstream HPLIP says you do not need one).
> 
>   it is already installed. When I run it, it says:
> 
> error: Unable to open /data/home/frenkiel/.hplip/hp-plugin.lock lock file.
> 
>I tried to create this file (touch ...), but I get the same error
> 
> 
> on both laptops, the driver plugin was successfully installed with the same 
> command.

Previously, scanning didn't work on the laserjet from your laptop. Does
it work now?

-- 
Brian.

Re: xsane: incoherent behaviours

[Brian]

On Wed 31 Jul 2019 at 17:31:38 +0200, Pierre Frenkiel wrote:

> On Wed, 31 Jul 2019, Brian wrote:
> 
> > Another check:
> > 
> > grep "envy_photo_7100" /usr/share/hplip/data/models/models.dat
> > 
> 
>   you are right: the envy entry was missing on this laptop.
>   thanks a lot for your help

Which laptop? Both have stretch. Neither should have an envy photo 7100
entry in models.dat.

-- 
Brian.

Re: xsane: incoherent behaviours

[Pierre Frenkiel]

On Wed, 31 Jul 2019, Brian wrote:


Another check:

grep "envy_photo_7100" /usr/share/hplip/data/models/models.dat



  you are right: the envy entry was missing on this laptop.
  thanks a lot for your help

best regards,
--
Pierre Frenkiel

RE: Wireless home LAN - WiFi vs Bluetooth?

[Bonno Bloksma]

Helllo Celejar,

>> WPA2's (that's your conventional WiFi standard) secure configuration 
>> is fiendishly difficult.
> I take your point, but "fiendishly difficult"? I think you're exaggerating.

I think so too, WPA2 has been around for a rather long time and all software 
knows about it.

>> You have beacon frames that are broadcasted without any encryption.
> True, but is there any evidence that this constitutes a security risk?

Yes,
https://www.bleepingcomputer.com/news/security/new-method-simplifies-cracking-wpa-wpa2-passwords-on-80211-networks/
This tells about that method and mainly talks about how it is now a lot easier 
to get a password hash for PSK in WPA2.

>> You have authentication frames that can be intercepted (so WPA passphrase 
>> can be bruteforced).
> Lots of things (such as TLS, ssh) can theoretically be brute forced - the 
> question is whether such 
> brute forcing is sufficiently practical to be a threat. I have seen nothing 
> to indicate that properly 
> configured WPA2 can be realistically brute forced.

Reco talks about WPA and you and I talk WPA2, maybe that is the difference, 
although at the top Reco also mentions WPA2.

>> You have several encryption algorithms, but:
>> a) They are not equally good.
> Of course not - they never are ;) The trick is to pick a good one, and for 
> wifi, that's WPA2 using AES.

Indeed, if one uses AES instead of PSK then it gets lots safer but now we ARE 
getting in to harder to use protocol. Not all WiFi hardware knows how to use 
WPA2 AES encryption.

>> b) You may have a hardware that lack support for a good ones.
> I suppose, but my impression is that most hardware from the last few years is 
> fine.

All devices should know WPA2 and PSK, maybe not AES.
But what the hashcat method does is simply get the PSK password hash quicker 
than any other method before, after that it is still a bruteforce job to get 
the password. The article I referenced talks about THAT sometimes being easier 
because most people use the default password of the WiFi router, and some of 
those passwords being predictable.
If one sets a new and long PSK key then cracking it is a lot harder. After that 
it is just making sure all your devices can handle the password length you have 
chosen.

Celejar

Re: xsane: incoherent behaviours

[Pierre Frenkiel]

On Wed, 31 Jul 2019, Brian wrote:


On Wed 31 Jul 2019 at 13:52:29 +0200, Pierre Frenkiel wrote:


  Here are the outputs of scanimage on my desktop:

   scanimage: open of device 
hpaio:/net/HP_LaserJet_MFP_M227-M231?ip=192.168.1.41 failed: Error during 
device I/O
   scanimage: open of device 
hpaio:/net/laserjet_mfp_m227-m231?ip=192.168.1.41=false failed: Error 
during device I/O


Install the non-free plugin on your desktop (or laptop). 'hp-plugin' should do 
it.

(Yes, I know upstream HPLIP says you do not need one).


  it is already installed. When I run it, it says:

error: Unable to open /data/home/frenkiel/.hplip/hp-plugin.lock lock file.

   I tried to create this file (touch ...), but I get the same error


on both laptops, the driver plugin was successfully installed with the same 
command.

best regards,
--
Pierre Frenkiel

Changing nameservers - WAS "Which resolv.conf file?"

[Bob Bernstein]

I've begun a new thread to add some back-story to my "Which 
resolv.conf file?" inquiry. *Thanks* to all who have chimed in.


nb. Judah: If "DE" means "desktop environment" then I don't 
think I have one. I run the minimalist icewm, and I do not have 
network manager installed.


I do not want to turn off all rewriting of my resolv.conf file 
since my vpn needs to do that. And, I have no concept about how 
dhcp now might enter into the picture. I am an older citizen and 
have not kept up.


I posted this to my initial thread on this topic:

--snip--
$ cat /etc/resolvconf/run/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by 
r$
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE 
OVERWR$

nameserver aaa.bbb.ccc.ddd
nameserver 8.8.8.8
nameserver 127.0.0.53
--snip--

This is how this file looks when I am connected to my vpn, hence 
the obfuscation.


What I want to do is get rid of the google 8.8.8.8 and replace 
it with a static nameserver suggested by my vpn.


I welcome all of your feedback (well, within certain bounds of 
course. ).


Thank you

--
Poobah

Re: xsane: incoherent behaviours

[Brian]

On Wed 31 Jul 2019 at 16:28:55 +0200, Pierre Frenkiel wrote:

> On Wed, 31 Jul 2019, Brian wrote:
> 
> > What is given by 'dpkg -l libsane-hpaio' from both stretch machines?
> 
>   exactly same output:
> 
> ii  libsane-hpaio:amd64   3.16.11+repack0-3   amd64   HP 
> SANE backend for multi-function peripherals

I thought you might have had a backported package on one machine.

Another check:

grep "envy_photo_7100" /usr/share/hplip/data/models/models.dat

-- 
Brian.

Re: Which resolv.conf file?

[Reco]

On Wed, Jul 31, 2019 at 10:27:01AM -0400, Greg Wooledge wrote:
> On Wed, Jul 31, 2019 at 08:59:11AM -0500, David Wright wrote:
> > It might be the documentation that's confused. Here's an extract from
> > man resolvconf
> > 
> > 
> > 
> >ifup
> >The ifup program can be used to configure network  interfaces
> [...]
> 
> Mine doesn't... wait, what...
> 
> wooledg:~$ dpkg -S resolvconf.1
> systemd: /usr/share/man/man1/resolvconf.1.gz
> 
> Well, THAT's confusing as hell.

Read it ;) It's not about resolvconf(1).
Real resolvconf is resolvconf(8).
It's impossible to understand, it's only possible to remember.

Reco

Re: xsane: incoherent behaviours

[Pierre Frenkiel]

On Wed, 31 Jul 2019, Brian wrote:


What is given by 'dpkg -l libsane-hpaio' from both stretch machines?


  exactly same output:

ii  libsane-hpaio:amd64   3.16.11+repack0-3   amd64   HP 
SANE backend for multi-function peripherals

best regards,
--
Pierre Frenkiel

Re: Which resolv.conf file?

[Greg Wooledge]

On Wed, Jul 31, 2019 at 08:59:11AM -0500, David Wright wrote:
> It might be the documentation that's confused. Here's an extract from
> man resolvconf
> 
> 
> 
>ifup
>The ifup program can be used to configure network  interfaces
[...]

Mine doesn't... wait, what...

wooledg:~$ dpkg -S resolvconf.1
systemd: /usr/share/man/man1/resolvconf.1.gz

Well, THAT's confusing as hell.

Re: recherche ressources libres pour photographe professionnel

[Bernard Schoenacker]

- Mail original -
> De: "sTriX" 
> À: debian-user-french@lists.debian.org
> Envoyé: Mercredi 31 Juillet 2019 16:10:48
> Objet: Re: recherche ressources libres pour photographe professionnel
> 
> Par hasard, serait-ce ce site ?
>   https://pixls.us/software/
> 

hi, 

it's marvelous and thanks for your friendly answer

thank you for your kind attention
Yours truly
Bernard
Saverne (near Strasbourg)
Alsace

Re: recherche ressources libres pour photographe professionnel

[sTriX]

le mercredi 31 juillet 2019 à 04:41 (+0200), Bernard Schoenacker a écrit:
> bonjour,
> 
> j'avais en tête un site anglophone recensant
> les logiciels libres utilisables par des 
> professionnels (photographes) et qui 
> contiennent des témoignages, mais je n'arrive
> plus à le trouver ...
> 
Par hasard, serait-ce ce site ?
  https://pixls.us/software/
  

Re: Debian Buster: Is it safe to use on autodefrag on a Btrfs filesystem that is used for (Restic) backup only with no Btrfs snapshots or subvolumes?

[Judah Richardson]

This. From the Btfrs Gotchas page:

Files with a lot of random writes can become heavily fragmented (1+
> extents) causing thrashing on HDDs and excessive multi-second spikes of CPU
> load on systems with an SSD or large amount a RAM.
>
>- On servers and workstations this affects databases and virtual
>machine images.
>   - The nodatacow mount option
>    may be of
>   use here, with associated gotchas.
>- On desktops this primarily affects application databases (including
>Firefox and Chromium profiles, GNOME Zeitgeist, Ubuntu Desktop Couch,
>Banshee, and Evolution's datastore.)
>   - Workarounds include manually defragmenting your home directory
>   using btrfs fi defragment. Auto-defragment (mount option autodefrag) 
> should
>   solve this problem in 3.0.
>- Symptoms include btrfs-transacti and btrfs-endio-wri taking up a lot
>of CPU time (in spikes, possibly triggered by syncs). You can use filefrag
>to locate heavily fragmented files (may not work correctly with
>compression).
>
>
On Wed, Jul 31, 2019 at 5:50 AM Mart van de Wege  wrote:

> Stefan Monnier  writes:
>
> >> Is it safe to use autodefrag for my use case?
> >
> > It sounds like it might be "safe" (the text doesn't actually say it's
> > unsafe, but just that it has downsides).
> >
> > I do wonder why you'd want to do that, tho.  Fragmentation is typically
> > something that clueless Windows users worry about
>
> No. Fragmentation is an issue with all copy-on-write filesystems
> (including ZFS, which avoids periodic defrag by keeping an enormous
> amount of information in memory and doing defrag on the fly on that).
>
> Mart
>
> --
> "We will need a longer wall when the revolution comes."
> --- AJS, quoting an uncertain source.
>
>

Re: Which resolv.conf file?

[David Wright]

On Wed 31 Jul 2019 at 08:50:34 (-0400), Greg Wooledge wrote:
> On Wed, Jul 31, 2019 at 09:21:32AM +0300, Reco wrote:
> > On Wed, Jul 31, 2019 at 09:16:03AM +0300, Andrei POPESCU wrote:
> > > On Mi, 31 iul 19, 09:06:36, Reco wrote:
> > > > Assuming it is, and you're using ifupdown, you need to change
> > > > "dns-nameserver" stanza in the interface definition.
> > > 
> > > Careful, in /etc/network/interfaces it's 'dns-nameservers' (mind the 
> > > trailing 's'), because you can list more servers ;)
> > 
> > /usr/share/doc/resolvconf/README.gz disagrees with you:
> > 
> > * For each inet static logical interface through which a nameserver
> >   is accessible, add lines like the following to /etc/network/interfaces .
> > 
> >   dns-nameserver 11.22.33.44
> >   dns-nameserver 55.66.77.88
> >   dns-search foo.org bar.com
> 
> Reco is correct.
> 
> isc-dhcp-client uses "domain-name-servers" in its configuration file,
> whereas resolvconf uses "dns-nameserver".  Most likely, Andrei momentarily
> confused the two.

It might be the documentation that's confused. Here's an extract from
man resolvconf



   ifup
   The ifup program can be used to configure network  interfaces
   according  to  settings  in /etc/network/interfaces.   To  make
   ifup push nameserver information to resolvconf when it
   configures an interface the administrator must add dns- option
   lines to the relevant iface stanza  in  interfaces(5).   The
   following  option  names  are  accepted: dns-nameserver,
   dns-search, and dns-sortlist. To add a nameserver IP address,
   add an option line consisting of  dns-nameserver  and  the
   address.   To  add  multiple  nameserver  addresses,  include
   multiple such dns-nameserver lines.

   dns-nameserver 192.168.1.254
   dns-nameserver 8.8.8.8

   To add search domain names, add a line beginning with dns-search.

   dns-search foo.org bar.com

   The dns-nameservers option is also accepted and, unlike dns-nameserver, 
can be given  mul‐
   tiple arguments, separated by spaces.

   The dns-domain option is deprecated in favor of dns-search.

   The resulting stanza might look like the following example.

   iface eth0 inet static
   address 192.168.1.3
   netmask 255.255.255.0
   gateway 192.168.1.1
   dns-nameserver 192.168.1.254
   dns-nameserver 8.8.8.8
   dns-search foo.org bar.com



IOW you should be able to write

   dns-nameserver 192.168.1.254
   dns-nameserver 8.8.8.8

or

   dns-nameservers 192.168.1.254 8.8.8.8

But I have no idea whether

   dns-nameservers 8.8.8.8

and

   dns-nameservers 192.168.1.254
   dns-nameservers 8.8.8.8

are supported. Messy.

Cheers,
David.

Re: Wireless home LAN - WiFi vs Bluetooth?

[Reco]

On Wed, Jul 31, 2019 at 02:32:25PM +0100, Brian wrote:
> On Wed 31 Jul 2019 at 16:07:33 +0300, Reco wrote:
> 
> > On Wed, Jul 31, 2019 at 07:58:54AM -0400, Celejar wrote:
> > > mathematical analysis of how much hardware would be necessary to crack
> > > a good WPA2 password. I've seen lots of sites explaining how to use
> > > hashcat with a GPU, and various real-world tests on lists of hashed
> > > passwords (e.g., [1]), but can you provide a serious analysis of the
> > > practical cost, in time or hardware, of cracking a real-world WPA setup?
> > 
> > Cost - Amazon will take 11c per hour for that VM that comes with NVIDIA
> > Tesla videocard.
> > Said hour is more than enough to bruteforce 8 character WPA passphrase
> > with hashcat.
> 
> In the context of a home user producing a secure wireless configuration,
> a 64 random character passphrase works wonders. The sky is not about to
> fall in.

Agreed. If 64 character password is reasonably random, bruteforcing it is
economically unfeasible. With obvious exceptions, of course.
Entering such password to a device is somewhat tedious though.

Reco

Re: Wireless home LAN - WiFi vs Bluetooth?

[Brian]

On Wed 31 Jul 2019 at 16:07:33 +0300, Reco wrote:

> On Wed, Jul 31, 2019 at 07:58:54AM -0400, Celejar wrote:
> > mathematical analysis of how much hardware would be necessary to crack
> > a good WPA2 password. I've seen lots of sites explaining how to use
> > hashcat with a GPU, and various real-world tests on lists of hashed
> > passwords (e.g., [1]), but can you provide a serious analysis of the
> > practical cost, in time or hardware, of cracking a real-world WPA setup?
> 
> Cost - Amazon will take 11c per hour for that VM that comes with NVIDIA
> Tesla videocard.
> Said hour is more than enough to bruteforce 8 character WPA passphrase
> with hashcat.

In the context of a home user producing a secure wireless configuration,
a 64 random character passphrase works wonders. The sky is not about to
fall in.

-- 
Brian.

Re: xsane: incoherent behaviours

[Brian]

On Wed 31 Jul 2019 at 13:52:29 +0200, Pierre Frenkiel wrote:

>   Here are the outputs of scanimage on my desktop:
> 
>scanimage: open of device 
> hpaio:/net/HP_LaserJet_MFP_M227-M231?ip=192.168.1.41 failed: Error during 
> device I/O
>scanimage: open of device 
> hpaio:/net/laserjet_mfp_m227-m231?ip=192.168.1.41=false failed: Error 
> during device I/O

Install the non-free plugin on your desktop (or laptop). 'hp-plugin' should do 
it.

(Yes, I know upstream HPLIP says you do not need one).

-- 
Brian.

Re: Wireless home LAN - WiFi vs Bluetooth?

[Reco]

Hi.

On Wed, Jul 31, 2019 at 07:58:54AM -0400, Celejar wrote:
> On Wed, 31 Jul 2019 10:43:48 +0300
> Reco  wrote:
> 
> > Hi.
> > 
> > On Tue, Jul 30, 2019 at 07:06:08PM -0400, Celejar wrote:
> > > On Mon, 29 Jul 2019 13:57:25 +0300
> > > Reco  wrote:
> > > 
> > > ...
> > > 
> > > > WPA2's (that's your conventional WiFi standard) secure configuration is
> > > > fiendishly difficult. 
> > > 
> > > I take your point, but "fiendishly difficult"? I think you're
> > > exaggerating.
> > 
> > WPA Enterprise. 802.1r. An "interesting" choice between CCMP and TKIP
> > (yep, it's hardware dependent). De-authentication attacks. "Evil twin"
> > attacks.
> > 
> > I meant it when I wrote "fiendishly difficult".
> 
> I'm afraid that I'm missing your point. The context here was a home
> user choosing between wifi and wired ethernet, and you are arguing that
> configuring wifi securely is fiendishly difficult. Why are we talking
> about WPA Enterprise, as opposed to PSK?

If you need to eavesdrop Ethernet you need to tap wires physically.
If you need to eavesdrop WiFi then all you need is 802.1x compliant card
and to be in range.
Hence WPA encryption is a vital part of WiFi security. Such encryption
is as good as the session key, transmission of which is protected either
by PSK (bad), EAP (better if you can use these '09 extensions).
Therefore one *needs* to use EAP aka WPA Enterprise to get a secure
WiFi.


> > > > You have authentication frames that can be intercepted (so WPA
> > > > passphrase can be bruteforced).
> > > 
> > > Lots of things (such as TLS, ssh) can theoretically be brute forced -
> > > the question is whether such brute forcing is sufficiently practical to
> > > be a threat. I have seen nothing to indicate that properly configured
> > > WPA2 can be realistically brute forced.
> > 
> > For WPA2 it's not that hard really, assuming pre-shared key usage.
> > Can be expensive (all those videocards and ASICs have their cost), but
> > definitely doable.
> 
> I'd be interested in seeing some real-world studies, or simply just a
> mathematical analysis of how much hardware would be necessary to crack
> a good WPA2 password. I've seen lots of sites explaining how to use
> hashcat with a GPU, and various real-world tests on lists of hashed
> passwords (e.g., [1]), but can you provide a serious analysis of the
> practical cost, in time or hardware, of cracking a real-world WPA setup?

Cost - Amazon will take 11c per hour for that VM that comes with NVIDIA
Tesla videocard.
Said hour is more than enough to bruteforce 8 character WPA passphrase
with hashcat.


> > You have several encryption algorithms, but:
> > > > b) You may have a hardware that lack support for a good ones.
> > > 
> > > I suppose, but my impression is that most hardware from the last few
> > > years is fine.
> > 
> > Cheap smartphones and tablets. Whatever they put instead of a proper
> 
> This misses the point - we're comparing ethernet to wifi. Cheap
> smartphones and tablets aren't usually going to support ethernet.

You seem to misunderstand me.

You have a network that's supposed to be secure.
You have that small herd of assorted client devices, some of them are
better, some are worse.
Excommunicating "bad devices" from the network is usually out of
question if said devices are owned by family members or trusted friends
or, say, business associates.

Due to the way APs work you cannot announce one set of encryption
algorithms to one client, and different one to another, hence you bring
down announced algorithms to the lowest common denominator.

You can announce several, but it's bad for obvious reasons.
You *could* get away with it with mutliple virtual APs, but that adds
complexity.

A classical example of one rotten apple spoiling the whole barrel.


> > WiFi in printers (yep, I'm looking at you, HP). Oh, D-Link and Linksys.
> > There are *always* some exceptions to "newer is the better" rule.
> 
> D-Link and Linksys don't support WPA2-PSK with AES?

If you mean "random hangs and CPU exhaustion" by trying to use CCMP -
then yes, they do. But usually you're limited to TKIP if you need a
glimpse of stability. Ones that I've seen, anyway. Maybe they hid good
ones from me ;)

Reco

Re: xsane: incoherent behaviours

[Brian]

On Wed 31 Jul 2019 at 13:52:29 +0200, Pierre Frenkiel wrote:

> On Wed, 31 Jul 2019, Brian wrote:
> 
> > On Wed 31 Jul 2019 at 11:16:34 +0100, Brian wrote:
> > 
> > > The URIs with "queue=false" indicate that your desktop and laptop have
> > > discovered the MFDs from their DNS-SD (Bonjour) broadcasts. Your wife's
> > > laptop does not do such a discovery. This implies that there is some
> > > issue with avahi-daemon on this machine. What do you get for
> > 
> > The HP Envy Photo 7100 is not supported by libsane-hpaio on stretch.
> > How come your laptop can scan from it but your wife's machine cannot?
> 
>   It's a good question, as both are on stretch, but I don't have the answer...
>   As
>   "scanimage -d 
> hpaio:/net/envy_photo_7100_series?ip=192.168.1.200\=false > t
>   works on my laptop, it seems that it is supported.

What is given by 'dpkg -l libsane-hpaio' from both stretch machines?

>   for avahi-browse -rt _uscan._tcp  and avahi-browse -rt _ipp._tcp
>   I put both outputs as attached files, as they are rather big
>   If I understand well, they indicate that the envy is actually seen.
>   I hope you will understand, as I don't...
> 
>   Here are the outputs of scanimage on my desktop:
> 
>scanimage: open of device 
> hpaio:/net/HP_LaserJet_MFP_M227-M231?ip=192.168.1.41 failed: Error during 
> device I/O
>scanimage: open of device 
> hpaio:/net/laserjet_mfp_m227-m231?ip=192.168.1.41=false failed: Error 
> during device I/O

Thinking.

-- 
Brian.

Re: Which resolv.conf file?

[Greg Wooledge]

On Wed, Jul 31, 2019 at 09:21:32AM +0300, Reco wrote:
> On Wed, Jul 31, 2019 at 09:16:03AM +0300, Andrei POPESCU wrote:
> > On Mi, 31 iul 19, 09:06:36, Reco wrote:
> > > Assuming it is, and you're using ifupdown, you need to change
> > > "dns-nameserver" stanza in the interface definition.
> > 
> > Careful, in /etc/network/interfaces it's 'dns-nameservers' (mind the 
> > trailing 's'), because you can list more servers ;)
> 
> /usr/share/doc/resolvconf/README.gz disagrees with you:
> 
> * For each inet static logical interface through which a nameserver
>   is accessible, add lines like the following to /etc/network/interfaces .
> 
> dns-nameserver 11.22.33.44
> dns-nameserver 55.66.77.88
> dns-search foo.org bar.com

Reco is correct.

isc-dhcp-client uses "domain-name-servers" in its configuration file,
whereas resolvconf uses "dns-nameserver".  Most likely, Andrei momentarily
confused the two.

Re: Which resolv.conf file?

[Greg Wooledge]

On Wed, Jul 31, 2019 at 01:46:45AM -0400, Bob Bernstein wrote:
> I want to make a change or two to resolv.conf, but every time I come across
> it I flee in terror, warned that my changes will be destroyed and the linux
> gods angered.
> 
> What is the approved method for changing the list of DNS servers called upon
> by, in my case, Stretch on amd-64?

https://wiki.debian.org/resolv.conf

Chromium 76

[Paul Sutton]

Hi

Looks like chromium 76 is out soon, hopefully will make its way in to
Buster.  As Chromium + Scratch website is still very sluggish on Buster.

http://www.tuxmachines.org/node/126454

Paul

-- 
Paul Sutton
http://www.zleap.net
gnupg : 7D6D B682 F351 8D08 1893  1E16 F086 5537 D066 302D

https://fediverse.party/ - zl...@social.isurf.ca

Re: Wireless home LAN - WiFi vs Bluetooth?

[Celejar]

On Wed, 31 Jul 2019 10:43:48 +0300
Reco  wrote:

>   Hi.
> 
> On Tue, Jul 30, 2019 at 07:06:08PM -0400, Celejar wrote:
> > On Mon, 29 Jul 2019 13:57:25 +0300
> > Reco  wrote:
> > 
> > ...
> > 
> > > WPA2's (that's your conventional WiFi standard) secure configuration is
> > > fiendishly difficult. 
> > 
> > I take your point, but "fiendishly difficult"? I think you're
> > exaggerating.
> 
> WPA Enterprise. 802.1r. An "interesting" choice between CCMP and TKIP
> (yep, it's hardware dependent). De-authentication attacks. "Evil twin"
> attacks.
> 
> I meant it when I wrote "fiendishly difficult".

I'm afraid that I'm missing your point. The context here was a home
user choosing between wifi and wired ethernet, and you are arguing that
configuring wifi securely is fiendishly difficult. Why are we talking
about WPA Enterprise, as opposed to PSK?

> > > You have beacon frames that are broadcasted without any encryption.
> > 
> > True, but is there any evidence that this constitutes a security risk?
> 
> Some people believe that hiding AP name gives them another layer of
> security. Beacon frames prove otherwise.

Certainly, but that has no bearing on the underlying question of
whether wifi can be configured to be tolerably secure in a reasonably
straightforward fashion by a home user.

> > > You have authentication frames that can be intercepted (so WPA
> > > passphrase can be bruteforced).
> > 
> > Lots of things (such as TLS, ssh) can theoretically be brute forced -
> > the question is whether such brute forcing is sufficiently practical to
> > be a threat. I have seen nothing to indicate that properly configured
> > WPA2 can be realistically brute forced.
> 
> For WPA2 it's not that hard really, assuming pre-shared key usage.
> Can be expensive (all those videocards and ASICs have their cost), but
> definitely doable.

I'd be interested in seeing some real-world studies, or simply just a
mathematical analysis of how much hardware would be necessary to crack
a good WPA2 password. I've seen lots of sites explaining how to use
hashcat with a GPU, and various real-world tests on lists of hashed
passwords (e.g., [1]), but can you provide a serious analysis of the
practical cost, in time or hardware, of cracking a real-world WPA setup?

> You have several encryption algorithms, but:

...

> > > b) You may have a hardware that lack support for a good ones.
> > 
> > I suppose, but my impression is that most hardware from the last few
> > years is fine.
> 
> Cheap smartphones and tablets. Whatever they put instead of a proper

This misses the point - we're comparing ethernet to wifi. Cheap
smartphones and tablets aren't usually going to support ethernet.

> WiFi in printers (yep, I'm looking at you, HP). Oh, D-Link and Linksys.
> There are *always* some exceptions to "newer is the better" rule.

D-Link and Linksys don't support WPA2-PSK with AES?

[1]
https://arstechnica.com/information-technology/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

Celejar

Re: Which resolv.conf file?

[Curt]

On 2019-07-31, Bob Bernstein  wrote:
> I want to make a change or two to resolv.conf, but every time I 
> come across it I flee in terror, warned that my changes will be 
> destroyed and the linux gods angered.
>
> What is the approved method for changing the list of DNS servers 
> called upon by, in my case, Stretch on amd-64?

I'm unaware of who might or might not approve it, but I override the nameservers
provided through DHCP by editing the '/etc/dhcp/dhclient.conf' like this:

 supersede domain-name-servers 193.183.98.154, 104.244.72.13;

(it's possible to list several, comma-separated servers).

I'm lame enough to use Network Manager, though, so in the contrary case,
(if such is your case) maybe this ain't the way to go or proves
inoperative.

Works here, however (yep, just checked to make sure!).

> (Is there someone I could slide a few simoleons to in order to 
> facilitate this business?)
>
> Thank you
>


-- 
“We are all in the gutter, but some of us are looking at the stars.” 
― Oscar Wilde, Lady Windermere's Fan

Re: xsane: incoherent behaviours

[Pierre Frenkiel]

On Wed, 31 Jul 2019, Brian wrote:


On Wed 31 Jul 2019 at 11:16:34 +0100, Brian wrote:


The URIs with "queue=false" indicate that your desktop and laptop have
discovered the MFDs from their DNS-SD (Bonjour) broadcasts. Your wife's
laptop does not do such a discovery. This implies that there is some
issue with avahi-daemon on this machine. What do you get for


The HP Envy Photo 7100 is not supported by libsane-hpaio on stretch.
How come your laptop can scan from it but your wife's machine cannot?


  It's a good question, as both are on stretch, but I don't have the answer...
  As
  "scanimage -d hpaio:/net/envy_photo_7100_series?ip=192.168.1.200\=false 
> t
  works on my laptop, it seems that it is supported.

  for avahi-browse -rt _uscan._tcp  and avahi-browse -rt _ipp._tcp
  I put both outputs as attached files, as they are rather big
  If I understand well, they indicate that the envy is actually seen.
  I hope you will understand, as I don't...

  Here are the outputs of scanimage on my desktop:

   scanimage: open of device 
hpaio:/net/HP_LaserJet_MFP_M227-M231?ip=192.168.1.41 failed: Error during 
device I/O
   scanimage: open of device 
hpaio:/net/laserjet_mfp_m227-m231?ip=192.168.1.41=false failed: Error 
during device I/O


best regards,
--
Pierre Frenkiel+  wlan0 IPv6 HP ENVY Photo 7100 series [9679A5]_uscan._tcp 
 local
+  wlan0 IPv6 HP LaserJet MFP M227sdn (BDD3AA)  _uscan._tcp 
 local
+  wlan0 IPv4 HP ENVY Photo 7100 series [9679A5]_uscan._tcp 
 local
+  wlan0 IPv4 HP LaserJet MFP M227sdn (BDD3AA)  _uscan._tcp 
 local
+   eth0 IPv6 HP ENVY Photo 7100 series [9679A5]_uscan._tcp 
 local
+   eth0 IPv6 HP LaserJet MFP M227sdn (BDD3AA)  _uscan._tcp 
 local
+   eth0 IPv4 HP ENVY Photo 7100 series [9679A5]_uscan._tcp 
 local
+   eth0 IPv4 HP LaserJet MFP M227sdn (BDD3AA)  _uscan._tcp 
 local
=   eth0 IPv6 HP LaserJet MFP M227sdn (BDD3AA)  _uscan._tcp 
 local
   hostname = [NPIBDD3AA.local]
   address = [192.168.1.41]
   port = [8080]
   txt = ["note=unitedStates" "duplex=F" "is=platen,adf" "cs=color,grayscale" 
"pdl=application/pdf,image/jpeg" "uuid=564e4333-5032-3139-3837-3c5282bdd3aa" 
"rs=eSCL" "representation=http://NPIBDD3AA.local/ipp/images/printer.png; 
"vers=2.5" "usb_MDL=HP LaserJet MFP M227-M231" "usb_MFG=HP" "mdl=LaserJet MFP 
M227-M231" "mfg=HP" "ty=HP LaserJet MFP M227-M231" 
"adminurl=http://NPIBDD3AA.local.; "txtvers=1"]
=   eth0 IPv4 HP LaserJet MFP M227sdn (BDD3AA)  _uscan._tcp 
 local
   hostname = [NPIBDD3AA.local]
   address = [192.168.1.41]
   port = [8080]
   txt = ["note=unitedStates" "duplex=F" "is=platen,adf" "cs=color,grayscale" 
"pdl=application/pdf,image/jpeg" "uuid=564e4333-5032-3139-3837-3c5282bdd3aa" 
"rs=eSCL" "representation=http://NPIBDD3AA.local/ipp/images/printer.png; 
"vers=2.5" "usb_MDL=HP LaserJet MFP M227-M231" "usb_MFG=HP" "mdl=LaserJet MFP 
M227-M231" "mfg=HP" "ty=HP LaserJet MFP M227-M231" 
"adminurl=http://NPIBDD3AA.local.; "txtvers=1"]
=   eth0 IPv4 HP ENVY Photo 7100 series [9679A5]_uscan._tcp 
 local
   hostname = [HP84A93E9679A5.local]
   address = [192.168.1.200]
   port = [8080]
   txt = ["duplex=F" "is=platen" "cs=binary,color,grayscale" 
"pdl=application/octet-stream,application/pdf,image/jpeg" "ty=HP ENVY Photo 
7100 series" "rs=eSCL" "representation=images/printer.png" "vers=2.62" 
"UUID=30c282dc-e708-58dd-1d0c-b1f2547cee53" "note=" 
"adminurl=http://HP84A93E9679A5.local.; "txtvers=1"]
=   eth0 IPv6 HP ENVY Photo 7100 series [9679A5]_uscan._tcp 
 local
   hostname = [HP84A93E9679A5.local]
   address = [192.168.1.200]
   port = [8080]
   txt = ["duplex=F" "is=platen" "cs=binary,color,grayscale" 
"pdl=application/octet-stream,application/pdf,image/jpeg" "ty=HP ENVY Photo 
7100 series" "rs=eSCL" "representation=images/printer.png" "vers=2.62" 
"UUID=30c282dc-e708-58dd-1d0c-b1f2547cee53" "note=" 
"adminurl=http://HP84A93E9679A5.local.; "txtvers=1"]
=  wlan0 IPv4 HP LaserJet MFP M227sdn (BDD3AA)  _uscan._tcp 
 local
   hostname = [NPIBDD3AA.local]
   address = [192.168.1.41]
   port = [8080]
   txt = ["note=unitedStates" "duplex=F" "is=platen,adf" "cs=color,grayscale" 
"pdl=application/pdf,image/jpeg" "uuid=564e4333-5032-3139-3837-3c5282bdd3aa" 
"rs=eSCL" "representation=http://NPIBDD3AA.local/ipp/images/printer.png; 
"vers=2.5" "usb_MDL=HP LaserJet MFP M227-M231" "usb_MFG=HP" "mdl=LaserJet MFP 
M227-M231" "mfg=HP" "ty=HP LaserJet MFP M227-M231" 
"adminurl=http://NPIBDD3AA.local.; "txtvers=1"]
=  wlan0 IPv6 HP LaserJet MFP M227sdn (BDD3AA)  _uscan._tcp 
 local
   hostname = [NPIBDD3AA.local]
   address = [192.168.1.41]
   port = [8080]
   txt = ["note=unitedStates" "duplex=F" "is=platen,adf" "cs=color,grayscale" 
"pdl=application/pdf,image/jpeg" 

Re: Which resolv.conf file?

[Maxim Svobonas]

I use USB tethering and NetworkManager just creates a new wired connection 
whenever I make changes to existing one and reconnect a phone. Also I may use 
random WiFi spots from time to time and do not want to set up each of them.

The solution for me is:

[main]
dns=none

in /etc/NetworkManager/NetworkManager.conf

and

nameserver 208.67.222.222
nameserver 208.67.220.220

in /etc/resolv.conf

This way NetworkManager does not overwrite resolv.conf

Best regards,
Max

Re: Which resolv.conf file?

[Judah Richardson]

Assuming you're using a DE, make your desired changes in the GUI
network/connection settings and they'll get written to resolv.conf.

On Wed, Jul 31, 2019, 01:03 Bob Bernstein  wrote:

> I want to make a change or two to resolv.conf, but every time I
> come across it I flee in terror, warned that my changes will be
> destroyed and the linux gods angered.
>
> What is the approved method for changing the list of DNS servers
> called upon by, in my case, Stretch on amd-64?
>
> (Is there someone I could slide a few simoleons to in order to
> facilitate this business?)
>
> Thank you
>
> --
> These are not the droids you are looking for.
>
>

Re: Which resolv.conf file?

[Nate Bargmann]

Rather than try to control this on each machine, I have set up my
router, running OpenWRT, to serve the nameservers as part of the DHCP
configuration.

- Nate

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Web: https://www.n0nb.us
Projects: https://github.com/N0NB
GPG fingerprint: 82D6 4F6B 0E67 CD41 F689 BBA6 FB2C 5130 D55A 8819



signature.asc
Description: PGP signature

Re: xsane: incoherent behaviours

[Brian]

On Wed 31 Jul 2019 at 11:16:34 +0100, Brian wrote:

> The URIs with "queue=false" indicate that your desktop and laptop have
> discovered the MFDs from their DNS-SD (Bonjour) broadcasts. Your wife's
> laptop does not do such a discovery. This implies that there is some
> issue with avahi-daemon on this machine. What do you get for

The HP Envy Photo 7100 is not supported by libsane-hpaio on stretch.
How come your laptop can scan from it but your wife's machine cannot?

>  avahi-browse -rt _uscan._tcp
> 
> and
> 
>  avahi-browse -rt _ipp._tcp
> 
> avahi-browse is in the avahi-utils package.

These outputs will still be useful.

-- 
Brian.

Re: Stream m3u8 not supported by network music player

[john doe]

Answering from this e-mail to all of the answers.

On 7/30/2019 1:50 PM, Celejar wrote:
> On Tue, 30 Jul 2019 13:04:10 +0200
> john doe  wrote:
>
>> Hi,
>>
>> I listen to a webradio for which I have a direct URL but my network
>> music players do not support the 'm3u8' format.
>
> Which network players? VLC and mpv, for example, apparently do support
> m3u8 playlists:
>
> https://www.lifewire.com/m3u8-file-2621956
>
> [and the manpage for mpv mentions m3u8]
>
>> I'm thinking to convert in realtime this m3u8 stream to a supported
>
> m3u8 is not a stream format, but a playlist format:
>
> https://en.wikipedia.org/wiki/M3U
>

Thanks for all of the answers.

I downloaded this m3u8 file:

https://cbcliveradio-lh.akamaihd.net/i/CBCR1_EKI@106780/index_96_a-b.m3u8

then in the above file I downloaded the following m3u8 file:

https://cbcliveradio-lh.akamaihd.net/i/CBCR1_EKI@106780/index_96_a-b.m3u8?sd=10=on


but now I have some .ts files, I get error 404 if I try to download one
of those file.

Where should I go from here?

I'd like to understand where/how I can find a direct URL to the m4a
stream from the above (VLC does it, so I should be able to  do the same).

As suggested I will look at transcoding if I can't find that direct URL.

--
John Doe

Re: Debian Buster: Is it safe to use on autodefrag on a Btrfs filesystem that is used for (Restic) backup only with no Btrfs snapshots or subvolumes?

[Mart van de Wege]

Stefan Monnier  writes:

>> Is it safe to use autodefrag for my use case?
>
> It sounds like it might be "safe" (the text doesn't actually say it's
> unsafe, but just that it has downsides).
>
> I do wonder why you'd want to do that, tho.  Fragmentation is typically
> something that clueless Windows users worry about

No. Fragmentation is an issue with all copy-on-write filesystems
(including ZFS, which avoids periodic defrag by keeping an enormous
amount of information in memory and doing defrag on the fly on that).

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Debian Days 2019 Stockholm

[Luna Jernberg]

Fick svar från Goto10 nu så vi kommer vara där på Fredag 16:e Augusti
istället och inne i stan

On Mon, Jul 22, 2019 at 3:32 PM Luna Jernberg  wrote:

> Hejsan!
>
> Det blir Debian Pizza för att fira 26 års dagen i Kista Galleria från
> 16:00 på Fredag 16:e Augusti
>
> Några tänkte även gå på Mcdonalds dagen efter Lördag 17:e Augusti 15:00
>
>
> https://wiki.debian.org/DebianDay/2019#DebianDay.2F2019.2FSweden.2FStockholm.Sweden:_Stockholm
>
> Dök även upp ett förslag idag
> https://www.acc.umu.se/~maswan/debian/20190722-DebconfBidACC.pdf om att
> ha Debconf i Umeå år: 2021, 2022 eller 2023
>

Re: Debian Days 2019 Stockholm

[Luna Jernberg]

Fick svar från Goto10 nu så vi kommer vara där på Fredag 16:e Augusti
istället och inne i stan

On Mon, Jul 22, 2019 at 3:32 PM Luna Jernberg  wrote:

> Hejsan!
>
> Det blir Debian Pizza för att fira 26 års dagen i Kista Galleria från
> 16:00 på Fredag 16:e Augusti
>
> Några tänkte även gå på Mcdonalds dagen efter Lördag 17:e Augusti 15:00
>
>
> https://wiki.debian.org/DebianDay/2019#DebianDay.2F2019.2FSweden.2FStockholm.Sweden:_Stockholm
>
> Dök även upp ett förslag idag
> https://www.acc.umu.se/~maswan/debian/20190722-DebconfBidACC.pdf om att
> ha Debconf i Umeå år: 2021, 2022 eller 2023
>

Re: xsane: incoherent behaviours

[Brian]

On Wed 31 Jul 2019 at 00:35:51 +0200, Pierre Frenkiel wrote:

> On Tue, 30 Jul 2019, Brian wrote:
> 
> > The outputs of 'scanimage -L' from each machine were asked for. They
> > provide information you have not given.
> > 
> > -- 
> > Brian.
> > 
>  hi brian,
>  I thought that they don't provide more information than what I wrote 
> previously,

The outputs provide the URIs seen by scanimage (and xsane), how the
URIs have been formed and the names of the devices. All essential
information.
 
>  (on my desktop(buster) and my laptop (amd64/stretch), both devices are 
> listed.
>  on my wife's laptop(amd64/stretch), only the laserjet)

Being listed is not sufficient; a URI also has to be correct.
 
>  but if you want them, here they are
> 
>  my desktop:
> device `hpaio:/net/HP_LaserJet_MFP_M227-M231?ip=192.168.1.41' is a 
> Hewlett-Packard HP_LaserJet_MFP_M227-M231 all-in-one
>device `hpaio:/net/laserjet_mfp_m227-m231?ip=192.168.1.41=false' is 
> a Hewlett-Packard laserjet_mfp_m227-m231 all-in-one

I think that scanimage (and xsane) use the first offered URI.

Test:

 scanimage -d hpaio:/net/HP_LaserJet_MFP_M227-M231?ip=192.168.1.41 > out.dat
 scanimage -d hpaio:/net/laserjet_mfp_m227-m231?ip=192.168.1.41=false > 
out.dat

>device `hpaio:/net/envy_photo_7100_series?ip=192.168.1.200=false' is 
> a Hewlett-Packard envy_photo_7100_series all-in-one
> 
>  my laptop:
>device `hpaio:/net/laserjet_mfp_m227-m231?ip=192.168.1.41=false' is 
> a Hewlett-Packard laserjet_mfp_m227-m231 all-in-one
>device `hpaio:/net/envy_photo_7100_series?ip=192.168.1.200=false' is 
> a Hewlett-Packard envy_photo_7100_series all-in-one
> 
>  my wife's laptop:
>device `hpaio:/net/HP_LaserJet_MFP_M227-M231?zc=NPIBDD3AA' is a 
> Hewlett-Packard HP_LaserJet_MFP_M227-M231 all-in-one
> 
>  I would be glad if that helps you to explain what happens.
>  I specially don't understand why she doesn't see the envy.

The URIs with "queue=false" indicate that your desktop and laptop have
discovered the MFDs from their DNS-SD (Bonjour) broadcasts. Your wife's
laptop does not do such a discovery. This implies that there is some
issue with avahi-daemon on this machine. What do you get for

 avahi-browse -rt _uscan._tcp

and

 avahi-browse -rt _ipp._tcp

avahi-browse is in the avahi-utils package.

-- 
Brian.

Re: Debian Linux 26års kalas på Goto10 ??

[Luna Jernberg]

Det är på Fredag 16:e Augusti, vi tänkt oss vara på Goto10 mellan
16:00-17:00
Det är för att fira att Linux distributionen/versionen Debian som är
storebror till Ubuntu Linux fyller 26år
Vi har inte planerat vad vi ska göra än, men har äta tårta eller pizza och
kanske en kort presentation uppe på förslag
Så är Debian Linux Usergroups världen över för detta är vi väl 3-4 personer
i den svenska som snackat lite Jag, Helio, Per och Mattias

On Wed, Jul 31, 2019 at 11:28 AM info goto10  wrote:

> Hej Luna,
>
>
>
> Vad roligt att ni vill fira Debian Day på Goto 10! Självklart ska ni vara
> här!
>
>
>
> Vår evenemangskoordinator är på plats from imorgon och kommer att kunna ge
> er lite mer information, men jag kan redan nu bekräfta att det går bra och
> att ni är hjärtligt välkomna. Gäller det alltså både fredag 16 aug och
> lördag 17e aug, eller endast fredag?
>
>
>
> Vi har tagit emot preliminärbokningen, men vi skulle behöva en något mer
> utförlig evenemangsbeskrivning. Skicka oss gärna en text som berättar vad
> evenemanget är, vad det är för/varför, vem det är för (vem borde gå på
> evenemanget?), och vem som arrangerar det. Vi kan hjälpa till att redigera
> därefter.
>
>
>
> Allt gott,
>
>
>
> Isadora
>
>
>
> *Z. Isadora Hellegren*
>
> Projektledare Goto 10, Internetstiftelsen
> Hammarby Kaj 10D, Box 92073, 120 07 Stockholm
>
> Mejl: isadora.helleg...@internetstiftelsen.se| Mobil/Signal: 073-527 04 68
> https://www.internetstiftelsen.se  |
> https://www.goto10.se/
>
> Twitter: @Zeldazadora  | @Goto10se
>  | @Stiftelsen
> 
>
>
>
>
>
>
>
>
>
>
>
> *From: *Luna Jernberg 
> *Date: *Tuesday, 23 July 2019 at 22:06
> *To: *info goto10 , Helio Loureiro ,
> Per Andersson , "ma...@iis.se" 
> *Cc: *Isadora Hellegren ,
> Mattias Axell , "
> debian-user-swedish@lists.debian.org" <
> debian-user-swedish@lists.debian.org>, "debian-dug-nor...@lists.debian.org"
> 
> *Subject: *Re: Debian Linux 26års kalas på Goto10 ??
>
>
>
> Vi väntar på svar då tar nog tills efter 5:e Augusti dock, då Goto10 och
> Internetstiftelsen Sverige har sommarsemester just nu
>
>
>
> On Tue, Jul 23, 2019 at 9:56 PM Luna Jernberg 
> wrote:
>
> Någon i vårat Team som är smartare än mig, kom på att man kan boka tider
> själv på eran hemsida som gratis medlem i Goto10 vilket jag har vart sen
> Maj 2017
>
>
>
> Så planen ser nu ut såhär på 26års dagen för Debian dvs Fredag 16:e
> Augusti Träff på Goto10 16:00-17:00 och sen eventuell pizza och öl i stan
> och dagen efter Lördag 17:e Augusti träff på Mcdonalds i Kista för folk som
> behöver lite extra möte för att signera GPG nycklar eller uppdatera något i
> IRC-Kanaler och Hemsida etc för Debian Sverige
>
>
>
> On Tue, Jul 23, 2019 at 9:39 PM Luna Jernberg 
> wrote:
>
> Hejsan!
>
>
>
> Vi har snackat lite om att Fira Debian Linux https://www.debian.org/
> 26års kalas i Stockholm
>
> och det dök upp ett förslag om att vissa personer skulle vilja ha firandet
> hos er på Goto10 https://www.goto10.se/
>
>
>
> Debian Day: https://wiki.debian.org/DebianDay/ firas världen över 16-17:e
> Augusti
>
> Så vi funderar på om ni har något passande rum på Goto10 eller Foo Cafe
> att låna ut gratis på Fredag 16:e Augusti 16:00 och Lördag 17:e Augusti
> 15:00 i några timmar då vissa vill ha firandet centralt i stan
>
>
>
> Annars har vi förslag på Ericsson och Pizzeria/Mcdonalds i Kista Galleria
>
>
>
> Vet att Goto10 har semester tills 5:e Augusti men ni får gärna återkomma
> med svar så fort ni kan
>
>
>
> Tack på förhand Luna "bittin" Jernberg on behalf of Debian Linux Sweden
>
>

Re: recherche ressources libres pour photographe professionnel

[contact]

sinon il y  a ceci

http://www.virusphoto.com/15792-dossier-32-logiciels-libres-pour-limage-et-la-photo.html


François-Marie BILLARD
Le 31/07/2019 à 04:41, Bernard Schoenacker a écrit :

bonjour,

j'avais en tête un site anglophone recensant
les logiciels libres utilisables par des
professionnels (photographes) et qui
contiennent des témoignages, mais je n'arrive
plus à le trouver ...


merci pour votre aimable attention
bien à vous
Bernard

Re: updmap-user: command not found

[Curt]

On 2019-07-30, Rodolfo Medina  wrote:
>>> 
>>> 
>>> curty@einstein:~$ apt-cache show texlive-base  | grep -i updmap
>>>  updmap-map --
>>> 
>>> So simply spelt 'updmap-map', I guess.
>>
>> On stretch, it seems it's just updmap
>
>
> Thanks all, that seems to be the case...

Yes, I managed to get that wrong, which wasn't easy, I assure you.

> Rodolfo
>
>


-- 
“We are all in the gutter, but some of us are looking at the stars.” 
― Oscar Wilde, Lady Windermere's Fan

Re: 3 phase power (was Re: Wireless home LAN - WiFi vs Bluetooth?

[Joe]

On Wed, 31 Jul 2019 17:47:13 +1000
Erik Christiansen  wrote:

> On 30.07.19 11:34, rhkra...@gmail.com wrote:
> > Most residential power in the US is created using a single phase
> > transformer (so called because (1) it only takes power from one of
> > the 3 phases mentioned above and (2) darn -- it's a bitch getting
> > old.  
> 
> Tell me about it. ;-) I'd offer that (2) is simply that there's only
> one primary and one secondary, not three of each, on multiple arms of
> the core.
> 
> > The secondary of that 
> > transformer is center tapped with the center tap almost always
> > grounded, such that the other two taps from the secondary both
> > produce 120 volts (RMS nominal), but out of phase with each other
> > by 180 degrees.  
> 
> Those details on this thread have been interesting, because 120v is
> unknown down under - and, I think, in the UK.
> 

We use it for tools on construction sites, hopefully through isolating
transformers. I had some trouble getting permission to use a 240V
soldering iron inside a train factory in the UK.

-- 
Joe

Re: 3 phase power (was Re: Wireless home LAN - WiFi vs Bluetooth?

[Erik Christiansen]

On 30.07.19 11:34, rhkra...@gmail.com wrote:
> Most residential power in the US is created using a single phase transformer 
> (so called because (1) it only takes power from one of the 3 phases mentioned 
> above and (2) darn -- it's a bitch getting old.

Tell me about it. ;-) I'd offer that (2) is simply that there's only one
primary and one secondary, not three of each, on multiple arms of the
core.

> The secondary of that 
> transformer is center tapped with the center tap almost always grounded, such 
> that the other two taps from the secondary both produce 120 volts (RMS 
> nominal), but out of phase with each other by 180 degrees.

Those details on this thread have been interesting, because 120v is unknown
down under - and, I think, in the UK.

Erik

Re: Wireless home LAN - WiFi vs Bluetooth?

[Reco]

Hi.

On Tue, Jul 30, 2019 at 07:06:08PM -0400, Celejar wrote:
> On Mon, 29 Jul 2019 13:57:25 +0300
> Reco  wrote:
> 
> ...
> 
> > WPA2's (that's your conventional WiFi standard) secure configuration is
> > fiendishly difficult. 
> 
> I take your point, but "fiendishly difficult"? I think you're
> exaggerating.

WPA Enterprise. 802.1r. An "interesting" choice between CCMP and TKIP
(yep, it's hardware dependent). De-authentication attacks. "Evil twin"
attacks.

I meant it when I wrote "fiendishly difficult".


> > You have beacon frames that are broadcasted without any encryption.
> 
> True, but is there any evidence that this constitutes a security risk?

Some people believe that hiding AP name gives them another layer of
security. Beacon frames prove otherwise.


> > You have authentication frames that can be intercepted (so WPA
> > passphrase can be bruteforced).
> 
> Lots of things (such as TLS, ssh) can theoretically be brute forced -
> the question is whether such brute forcing is sufficiently practical to
> be a threat. I have seen nothing to indicate that properly configured
> WPA2 can be realistically brute forced.

For WPA2 it's not that hard really, assuming pre-shared key usage.
Can be expensive (all those videocards and ASICs have their cost), but
definitely doable.


> > You have several encryption algorithms, but:
> > a) They are not equally good.
> 
> Of course not - they never are ;) The trick is to pick a good one, and
> for wifi, that's WPA2 using AES.

See above.


> > b) You may have a hardware that lack support for a good ones.
> 
> I suppose, but my impression is that most hardware from the last few
> years is fine.

Cheap smartphones and tablets. Whatever they put instead of a proper
WiFi in printers (yep, I'm looking at you, HP). Oh, D-Link and Linksys.
There are *always* some exceptions to "newer is the better" rule.

Reco

Logiciels alternatifs d'édition photo

[firenze . rt]

 Je vous propose d'abord un lien vers une comparaison entre Photoscape x
et Rawtherapee :
 
https://www.youtube.com/watch?v=nWC-SAuYOzw
 
Si les logiciels libres et gratuits peuvent intéresser, essayez ce lien :
 
https://framalibre.org/recherche-par-crit-res?keys=Photo ou 
https://framalibre.org/recherche-par-crit-res?keys=Photo_os_tid%5B%5D=120
 
Bonne découverte !

Re: Wireless home LAN - WiFi vs Bluetooth?

[Joe]

On Tue, 30 Jul 2019 19:06:08 -0400
Celejar  wrote:

> On Mon, 29 Jul 2019 13:57:25 +0300
> Reco  wrote:
> 
> ...
> 
> > WPA2's (that's your conventional WiFi standard) secure
> > configuration is fiendishly difficult.   
> 
> I take your point, but "fiendishly difficult"? I think you're
> exaggerating.
> 

I take it we're talking RADIUS here? There are several different things
to get exactly right, otherwise it just sulks and doesn't tell you why.

It took me about three days last time I tried it, several years ago. I'm
in the process of trying it again, I believe (!) that I have FreeRADIUS
and the certificates right, now I'm trying to get both the enthusiasm
and the time to finish it. 

I had a try at installing certificates on a stretch netbook using
Network Manager, but the 'save' button stayed greyed out, and no, it
wouldn't tell me why. I'll probably try it on a Windows laptop, with
more confidence of it working. 

And I know that my Cisco router has a bug around the RADIUS
configuration. I can't recall what it is, but I found a workaround
before so I'll probably manage it again. It manifests itself by
(silently) not sending anything to the server. Great.

But plug and play? No way. 'Fiendishly difficult'? M, I'll tell you
that after I've got it working.

-- 
Joe

Re: Which resolv.conf file?

[Bob Bernstein]

On Wed, 31 Jul 2019, Andrei POPESCU wrote:


It depends a lot on what combination of packages you have installed and
are using.

Starting with the obvious ones, please show the output of:


Ok. One dotted-four required obfuscation in my humble 
judgement. I hope I got your list correctly:


$ apt list resolvconf
Listing... Done
resolvconf/oldstable,now 1.79 all [installed]

$ apt list network-manager
Listing... Done
network-manager/oldstable 1.6.2-3+deb9u2 amd64

ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 31 Jun 16 23:51 /etc/resolv.conf -> 
/etc/resolvconf/run/resolv.conf

$ systemctl status systemd-resolved
? systemd-resolved.service - Network Name Resolution
   Loaded: loaded (/lib/systemd/system/systemd-resolved.service; di
  Drop-In: /lib/systemd/system/systemd-resolved.service.d
   ??resolvconf.conf
   Active: active (running) since Wed 2019-07-31 00:36:51 EDT; 1h 4
 Docs: man:systemd-resolved.service(8)
   http://www.freedesktop.org/wiki/Software/systemd/resolve
   http://www.freedesktop.org/wiki/Software/systemd/writing
   http://www.freedesktop.org/wiki/Software/systemd/writing
  Process: 2100 ExecStartPost=/bin/sh -c [ ! -e /run/resolvconf/ena
 Main PID: 2099 (systemd-resolve)
   Status: "Processing requests..."
Tasks: 1 (limit: 4915)
   CGroup: /system.slice/systemd-resolved.service
   ??2099 /lib/systemd/systemd-resolved

$ cat /etc/resolvconf/run/resolv.conf 
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)

# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver aaa.bbb.ccc.ddd (obfuscated)
nameserver 8.8.8.8
nameserver 127.0.0.53

$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

auto lo eth0
iface lo inet loopback

iface eth0 inet static
address 192.168.1.40
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameserver 8.8.8.8

$ cat /etc/NetworkManager/NetworkManager.conf
cat: /etc/NetworkManager/NetworkManager.conf: No such file or directory

Thank you

--
These are not the droids you are looking for.

Re: recherche ressources libres pour photographe professionnel

[Cyrille Bollu]

En tout cas, darktable comme alternative à lightroom

Cyrille

> Le 31 juil. 2019 à 04:41, Bernard Schoenacker  a 
> écrit :
> 
> bonjour,
> 
> j'avais en tête un site anglophone recensant
> les logiciels libres utilisables par des 
> professionnels (photographes) et qui 
> contiennent des témoignages, mais je n'arrive
> plus à le trouver ...
> 
> 
> merci pour votre aimable attention
> bien à vous
> Bernard
> 

Re: Which resolv.conf file?

[Bob Bernstein]

Sorry! Switched machines and lost track of who I was!

-- Forwarded message --
From: Bob Bernstein 
To: Debian User List 
Subject: Re: Which resolv.conf file?
Date: Wed, 31 Jul 2019 02:37:40
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)

On Wed, 31 Jul 2019, Andrei POPESCU wrote:

It depends a lot on what combination of packages you have 
installed and

are using.

Starting with the obvious ones, please show the output of:


Ok. One dotted-four required obfuscation in my humble judgement. I 
hope I got your list correctly:


$ apt list resolvconf
Listing... Done
resolvconf/oldstable,now 1.79 all [installed]

$ apt list network-manager
Listing... Done
network-manager/oldstable 1.6.2-3+deb9u2 amd64

ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 31 Jun 16 23:51 /etc/resolv.conf -> 
/etc/resolvconf/run/resolv.conf


$ systemctl status systemd-resolved
? systemd-resolved.service - Network Name Resolution
   Loaded: loaded (/lib/systemd/system/systemd-resolved.service; 
di

  Drop-In: /lib/systemd/system/systemd-resolved.service.d
   ??resolvconf.conf
   Active: active (running) since Wed 2019-07-31 00:36:51 EDT; 1h 
4

 Docs: man:systemd-resolved.service(8)
   http://www.freedesktop.org/wiki/Software/systemd/resolve
   http://www.freedesktop.org/wiki/Software/systemd/writing
   http://www.freedesktop.org/wiki/Software/systemd/writing
  Process: 2100 ExecStartPost=/bin/sh -c [ ! -e 
/run/resolvconf/ena

 Main PID: 2099 (systemd-resolve)
   Status: "Processing requests..."
Tasks: 1 (limit: 4915)
   CGroup: /system.slice/systemd-resolved.service
   ??2099 /lib/systemd/systemd-resolved

$ cat /etc/resolvconf/run/resolv.conf # Dynamic resolv.conf(5) 
file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE 
OVERWRITTEN

nameserver aaa.bbb.ccc.ddd (obfuscated)
nameserver 8.8.8.8
nameserver 127.0.0.53

$ cat /etc/network/interfaces
# This file describes the network interfaces available on your 
system
# and how to activate them. For more information, see 
interfaces(5).


source /etc/network/interfaces.d/*

auto lo eth0
iface lo inet loopback

iface eth0 inet static
address 192.168.1.40
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameserver 8.8.8.8

$ cat /etc/NetworkManager/NetworkManager.conf
cat: /etc/NetworkManager/NetworkManager.conf: No such file or 
directory


Thank you

--
These are not the droids you are looking for.

Re: Which resolv.conf file?

[Reco]

Hi.

On Wed, Jul 31, 2019 at 09:16:03AM +0300, Andrei POPESCU wrote:
> On Mi, 31 iul 19, 09:06:36, Reco wrote:
> > On Wed, Jul 31, 2019 at 01:46:45AM -0400, Bob Bernstein wrote:
> > > I want to make a change or two to resolv.conf, but every time I come
> > > across it I flee in terror, warned that my changes will be destroyed
> > > and the linux gods angered.
> > 
> > Have you meant this resolv.conf line?
> > 
> > # Dynamic resolv.conf(5) file for glibc resolver(3) generated by # 
> > resolvconf(8)
> > # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> > 
> > 
> > > What is the approved method for changing the list of DNS servers
> > > called upon by, in my case, Stretch on amd-64?
> > 
> > Assuming it is, and you're using ifupdown, you need to change
> > "dns-nameserver" stanza in the interface definition.
> 
> Careful, in /etc/network/interfaces it's 'dns-nameservers' (mind the 
> trailing 's'), because you can list more servers ;)

/usr/share/doc/resolvconf/README.gz disagrees with you:

* For each inet static logical interface through which a nameserver
  is accessible, add lines like the following to /etc/network/interfaces .

  dns-nameserver 11.22.33.44
  dns-nameserver 55.66.77.88
  dns-search foo.org bar.com

Reco

Re: Which resolv.conf file?

[Andrei POPESCU]

On Mi, 31 iul 19, 09:06:36, Reco wrote:
>   Hi.
> 
> On Wed, Jul 31, 2019 at 01:46:45AM -0400, Bob Bernstein wrote:
> > I want to make a change or two to resolv.conf, but every time I come
> > across it I flee in terror, warned that my changes will be destroyed
> > and the linux gods angered.
> 
> Have you meant this resolv.conf line?
> 
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by # 
> resolvconf(8)
> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> 
> 
> > What is the approved method for changing the list of DNS servers
> > called upon by, in my case, Stretch on amd-64?
> 
> Assuming it is, and you're using ifupdown, you need to change
> "dns-nameserver" stanza in the interface definition.

Careful, in /etc/network/interfaces it's 'dns-nameservers' (mind the 
trailing 's'), because you can list more servers ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature