Re: OT red por cable con portal captivo sin trafico interno.

[Antonio Trujillo Carmona]

El 3/2/20 a las 14:34, Paynalton escribió:
>
>
> El lun., 3 de febrero de 2020 2:26 a. m., Antonio Trujillo Carmona
>  > escribió:
>
> El 1/2/20 a las 14:14, Ramses escribió:
> > El 31 de enero de 2020 12:04:37 CET, Antonio Trujillo Carmona
>  > escribió:
> >> El 29/1/20 a las 17:41, Paynalton escribió:
> >>>
> >>>
> >>> El mié., 29 ene. 2020 a las 7:40, Antonio Trujillo Carmona
> >>> ( 
> >>>  >>) escribió:
> >>>
> >>>     El 28/1/20 a las 8:42, Antonio Trujillo Carmona escribió:
> >>>     >     En nuestro hospital tenemos una VLan de gracia para los
> >>>     equipos no
> >>>     > identificados.
> >>>     > Debido al abuso que se hace de esa vlan nos estamos
> planteando
> >>>     poner un
> >>>     > portal de validación y anular el trafico interno.
> >>>     > No se trata tanto de bloquear o filtrar usuarios como de
> evitar
> >>>     que se
> >>>     > puedan conectar dispositivos electromédicos u OT a la
> red, por
> >>>     lo que no
> >>>     > es importante el nivel de seguridad, cualquier elección
> haría
> >> que un
> >>>     > dispositivo automático fallara en adquirir red, que es
> lo que
> >>>     buscamos.
> >>>     > Los conmutadores (HP procurbe) solo admiten 2 de 3 posibles
> >>>     formas de
> >>>     > acceso y tienen activado el filtrado 802.1x y por MAC,
> por lo
> >>>     que no se
> >>>     > puede activar el acceso web.
> >>>     > ¿Alguna idea?
> >>>     >
> >>>     Muchas gracias a todos por las respuestas.
> >>>
> >>>     Realmente mi pregunta no iba sobre que portal usar, aunque
> >>>     agradezco los
> >>>     apuntes y los probare, si no por como configurar una red
> por dhcp
> >> para
> >>>     que los equipos que estén en la misma red y en el mismo
> >> conmutador
> >>>     (switch) no se vean entre ellos.
> >>>
> >>>
> >>>
> >>> Para mantener aislamiento debes usar vlans, manteniendo a la red
> >>> médica en una vlan y la red pública en otra.
> >>>
> >>> El mismo DHCP puede decidir a qué vlan se va cada equipo y qué
> >>> servicios puede tener.
> >>>
> >>> En el gateway de la red pública debes colocar un acceso por proxy
> >>> controlado por temporizador como te había mencionado en un correo
> >>> anterior.
> >>>
> >>> El DHCP debe entregar la ruta de un wpad para la configuración
> >>> automática del proxy.
> >>>
> >>> Debes tener un servicio web que entregue el archivo wpad, el cual
> >>> indicará que la salida a internet es a través del proxy.
> >>>
> >>> Así, en un caso de uso típico sucede:
> >>>
> >>> Caso A:
> >>>
> >>> -visitante llega con su teléfono.
> >>> -visitante se conecta a la red pública abierta
> >>> -teléfono solicita configuración al DHCP
> >>> -DHCP entrega configuración de red y una ruta para wpad
> >>> -visitante intenta entrar a internet
> >>> -navegador del teléfono consulta el wpad
> >>> -navegador redirige la petición al proxy
> >>> -proxy redirige al visitante a una página de error donde le pide
> >>> contraseña, o una encuesta o la foto de la enfermera Salo en
> traje de
> >> baño
> >>> -visitante interactúa con la página y gana el acceso temporizado
> >>> -proxy permite el acceso por 15 minutos antes de mostrar de
> nuevo el
> >>> pack de verano de la enfermera Salo.
> >>>
> >>> Caso B:
> >>>
> >>> -llega un interno con un novedoso aparato que no sirve para
> nada pero
> >>> que consiguió barato en amazon.
> >>> -interno conecta el aparato a la red pública por flojera de ir a
> >>> sistemas a pedir acceso
> >>> -aparato no tiene navegador, por lo que no puede ver las candentes
> >>> fotos de la enfermera Salo
> >>> -aparato no logra conectarse y el interno no tiene más remedio
> que ir
> >>> a pedir acceso a la red controlada.
> >>> -Helpdesk registra macaddress en el DHCP
> >>> -aparato se vuelve a conectar a la red
> >>> -DHCP encuentra al aparato en su waitlist y entrega IP de la vlan
> >>> controlada.
> >>>  
> >> Muchas gracias por las aportaciones.
> >>
> >> Si esto ya lo se, se trata de evitar que llegue un laboratorio e
> >> instale
> >> unos equipos sin pasar por el servicio de informática, en la
> >> actualidad,
> >> como no están identificados van a parar a la VLAN de gracia
> donde si se
> >> ven entre ellos y verifican el funcionamiento con el portatil
> que lleva
> >> el instalador, lo dan por bueno y se van, después 

unsubcribe

[Salvador Rueda]

-- 

*Salvador Rueda Pau*


*Tutor i professor de CFGM *

*Col·legi Maria Rosa Molas -Reus-*

*-www.mariarosamolas.org- 977312740 <977%2031%2027%2040>*


*Abans d'imprimir aquest missatge, penseu si és realment necessari fer-ho:
el medi ambient és cosa de tothom.*

*Aquest missatge s'adreça exclusivament a la persona destinatària i pot
contenir informació privilegiada o confidencial. Si no sou la persona
indicada, us recordem que  l'ús, divulgació i/o còpia sense autorització és
prohibida en virtut de la legislació vigent. Si heu rebut aquest missatge
per error, us demanem que ens ho feu saber immediatament per aquesta via i
que el destruïu*

Re: fmtree: line 0: unknown keyword sha256digest

[David Christensen]

On 2020-02-03 06:08, Greg Wooledge wrote:

On Sun, Feb 02, 2020 at 02:19:30PM -0800, David Christensen wrote:

https://wiki.debian.org/SimpleBackportCreation


The tutorial says "Add sid to your sources.list".  So, I added the following
lines to /etc/apt/sources.list:

 deb http://ftp.us.debian.org/debian/ sid main
 deb-src http://ftp.us.debian.org/debian/ sid main


  :( :( :(

Thank you for pointing out the problem.  I've changed the text on that
page.


Thanks for the clarification.  There's nothing like blowing up your 
system periodically to test backup/ recovery procedures.  ;-)



So, add only the following line to /etc/apt/sources.list, modifying the 
mirror per local requirements?


deb-src http://ftp.us.debian.org/debian/ sid main


It would probably be best to show an example line, especially for 
non-native English readers.



David

Re: can't mount sdf1 in stretch, gparted claims its fat32

[deloptes]

Dan Ritter wrote:

> There's no FAT filesystem there. It might be corrupted, it might
> actually be on /dev/sdf with a bogus partition table.

I bet some of his RT patches caused a mess

Re: can't mount sdf1 in stretch, gparted claims its fat32

[Gene Heskett]

On Monday 03 February 2020 23:56:47 David Wright wrote:

> Well, at least one of my guesses was correct.

:)

FWIW, the reboot fixed the can't mount, both partitions on this sd card 
now mount normally, but are on /dev/sde now since the were found at 
bootup. I've had this happen before, back before the other mobo caught 
fire.

 > Any chance of responding 
> to more than one item at a time? Dan asked for a listing of the
> partition table, and I asked how the "device" was written. I might as
> well add the question: does the second partition fare any better on
> mounting?

Its fixed now, everything looks and works normal. Now to bring the rest 
of my network back up and get some utilities started.
>
> Cheers,
> David.

Shoulda rebooted 3 days ago. But now we wait about a month, for the first 
shoe to drop... My apologies for making several folks waste their time. 

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: can't mount sdf1 in stretch, gparted claims its fat32

[Gene Heskett]

On Monday 03 February 2020 23:56:47 David Wright wrote:

> On Mon 03 Feb 2020 at 16:20:59 (-0500), Gene Heskett wrote:
> > On Monday 03 February 2020 14:15:14 David Wright wrote:
> > > On Mon 03 Feb 2020 at 14:02:31 (-0500), Gene Heskett wrote:
> > > > On Monday 03 February 2020 13:31:16 David Wright wrote:
> > > > > On Mon 03 Feb 2020 at 12:40:20 (-0500), Gene Heskett wrote:
> > > > > > I want to look at its directory structure because its
> > > > > > different, and I'd like to deduce how to generate it in a
> > > > > > kernel make for a newer, preempt-rt kernel.
> > > > >
> > > > > Yes, I can't mount it either, because I'm not running stretch.
> > > >
> > > > And I am running stretch with a custom realtime kernel for
> > > > linuxcnc use.
> > > >
> > > > > > Thanks for any enlightenment.
> > > > >
> > > > > I've given my reason; can you give us yours, for our further
> > > > > enlightenment?
> > > >
> > > > gene@coyote:~/PublicA/pi-buster$ sudo mount -tvfat /dev/sdf1
> > > > /media/sdf1 mount: wrong fs type, bad option, bad superblock on
> > > > /dev/sdf1, missing codepage or helper program, or other error
> > > >
> > > >In some cases useful info is found in syslog - try
> > > >dmesg | tail or so.
> > > >
> > > > And dmesg says:
> > > > [2903524.766017] usb 1-12.4.1.3: new high-speed USB device
> > > > number 20 using xhci_hcd
> > > > [2903525.047017] usb 1-12.4.1.3: New USB device found,
> > > > idVendor=048d, idProduct=1336
> > > > [2903525.047027] usb 1-12.4.1.3: New USB device strings: Mfr=1,
> > > > Product=2, SerialNumber=3
> > > > [2903525.047033] usb 1-12.4.1.3: Product: Mass Storage Device
> > > > [2903525.047037] usb 1-12.4.1.3: Manufacturer: Generic
> > > > [2903525.047041] usb 1-12.4.1.3: SerialNumber: 06
> > > > [2903525.047961] usb-storage 1-12.4.1.3:1.0: USB Mass Storage
> > > > device detected
> > > > [2903525.052481] scsi host7: usb-storage 1-12.4.1.3:1.0
> > > > [2903526.760829] scsi 7:0:0:0: Direct-Access Generic 
> > > > Storage Device 0.00 PQ: 0 ANSI: 2
> > > > [2903526.798501] sd 7:0:0:0: Attached scsi generic sg6 type 0
> > > > [2903526.798879] sd 7:0:0:0: [sdf] 121319424 512-byte logical
> > > > blocks: (62.1 GB/57.8 GiB)
> > > > [2903526.799039] sd 7:0:0:0: [sdf] Write Protect is off
> > > > [2903526.799041] sd 7:0:0:0: [sdf] Mode Sense: 03 00 00 00
> > > > [2903526.799210] sd 7:0:0:0: [sdf] No Caching mode page found
> > > > [2903526.799211] sd 7:0:0:0: [sdf] Assuming drive cache: write
> > > > through [2903526.801588]  sdf: sdf1 sdf2
> > > > [2903526.803323] sd 7:0:0:0: [sdf] Attached SCSI removable disk
> > >
> > > I see there are two partitions, which is a little unusual for a
> > > USB stick. Are you by any chance trying to write a bootable stick?
> > > It might help to know how you wrote this stick, assuming you did.
> >
> > Stick?
>
> Well, here's a very similar log from a USB stick being inserted:
>
> [] usb 1-4: new high-speed USB device number 8 using xhci_hcd
> [] usb 1-4: New USB device found, idVendor=0c76, idProduct=0005,
> bcdDevice= 1.00 [] usb 1-4: New USB device strings: Mfr=1, Product=2,
> SerialNumber=3 [] usb 1-4: Product: DataTraveler 2.0
> [] usb 1-4: Manufacturer: Kingston
> [] usb 1-4: SerialNumber: 2731542023F1DE82
> [] usb-storage 1-4:1.0: USB Mass Storage device detected
> [] scsi host3: usb-storage 1-4:1.0
> [] scsi 3:0:0:0: Direct-Access Kingston DataTraveler 2.0 4.10 PQ:
> 0 ANSI: 2 [] sd 3:0:0:0: Attached scsi generic sg1 type 0
> [] sd 3:0:0:0: [sdb] 503808 512-byte logical blocks: (258 MB/246 MiB)
> [] sd 3:0:0:0: [sdb] Write Protect is off
> [] sd 3:0:0:0: [sdb] Mode Sense: 0b 00 00 08
> [] sd 3:0:0:0: [sdb] No Caching mode page found
> [] sd 3:0:0:0: [sdb] Assuming drive cache: write through
> []  sdb: sdb1
> [] sd 3:0:0:0: [sdb] Attached SCSI removable disk
>
> > Its a u-sd card
>
> Well, here's a very different log for a card:
>
> [] pciehp :00:1c.3:pcie004: Slot(3): Card present
> [] pciehp :00:1c.3:pcie004: Slot(3): Link Up
> [] pci :03:00.0: [10ec:5227] type 00 class 0xff
> [] pci :03:00.0: reg 0x10: [mem 0x-0x0fff]
> [] pci :03:00.0: supports D1 D2
> [] pci :03:00.0: PME# supported from D1 D2 D3hot D3cold
> [] pci :03:00.0: BAR 0: assigned [mem 0xb100-0xb1000fff]
> [] pcieport :00:1c.3: PCI bridge to [bus 03-08]
> [] pcieport :00:1c.3:   bridge window [io  0x3000-0x3fff]
> [] pcieport :00:1c.3:   bridge window [mem 0xb100-0xb1ff]
> [] pcieport :00:1c.3:   bridge window [mem 0xb000-0xb0ff
> 64bit pref] [] rtsx_pci :03:00.0: enabling device ( -> 0002)
> [] mmc0: cannot verify signal voltage switch
> [] mmc0: new ultra high speed SDR104 SDHC card at address 
> [] mmcblk0: mmc0: SE32G 29.7 GiB
> []  mmcblk0: p1
>
> So forgive my mistake. OTOH, here's exactly the same card:
>
> [] usb 2-2: new high-speed USB device number 7 using xhci_hcd
> [] usb 2-2: New USB device found, idVendor=0781, idProduct=a7a8,
> 

Re: can't mount sdf1 in stretch, gparted claims its fat32

[Gene Heskett]

On Monday 03 February 2020 21:34:46 songbird wrote:

> Gene Heskett wrote:
> > On Monday 03 February 2020 13:17:04 Dan Ritter wrote:
> >> Gene Heskett wrote:
> >> > Greetings all;
> >> >
> >> > I want to look at its directory structure because its different,
> >> > and I'd like to deduce how to generate it in a kernel make for a
> >> > newer, preempt-rt kernel.
> >>
> >> Actual error message, please.
> >
> > gene@coyote:~/PublicA/pi-buster$ sudo mount -tvfat /dev/sdf1
> > /media/sdf1
>
>   don't you need a space between -t and vfat?
>
Its always been optional, tried just now, same error.

> > mount: wrong fs type, bad option, bad superblock on /dev/sdf1,
> >missing codepage or helper program, or other error
> >
> >In some cases useful info is found in syslog - try
> >dmesg | tail or so.
> >
> >> sudo parted -l
> >> sudo mkdir /mnt/tmp
> >> sudo mount /dev/sdf1 /mnt/tmp
> >>
> >> -dsr-
> >
> > Thanks Dan R.
> >
> > Cheers, Gene Heskett
>
>   songbird


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: can't mount sdf1 in stretch, gparted claims its fat32

[David Wright]

On Mon 03 Feb 2020 at 16:20:59 (-0500), Gene Heskett wrote:
> On Monday 03 February 2020 14:15:14 David Wright wrote:
> > On Mon 03 Feb 2020 at 14:02:31 (-0500), Gene Heskett wrote:
> > > On Monday 03 February 2020 13:31:16 David Wright wrote:
> > > > On Mon 03 Feb 2020 at 12:40:20 (-0500), Gene Heskett wrote:
> > > > > I want to look at its directory structure because its different,
> > > > > and I'd like to deduce how to generate it in a kernel make for a
> > > > > newer, preempt-rt kernel.
> > > >
> > > > Yes, I can't mount it either, because I'm not running stretch.
> > >
> > > And I am running stretch with a custom realtime kernel for linuxcnc
> > > use.
> > >
> > > > > Thanks for any enlightenment.
> > > >
> > > > I've given my reason; can you give us yours, for our further
> > > > enlightenment?
> > >
> > > gene@coyote:~/PublicA/pi-buster$ sudo mount -tvfat /dev/sdf1
> > > /media/sdf1 mount: wrong fs type, bad option, bad superblock on
> > > /dev/sdf1, missing codepage or helper program, or other error
> > >
> > >In some cases useful info is found in syslog - try
> > >dmesg | tail or so.
> > >
> > > And dmesg says:
> > > [2903524.766017] usb 1-12.4.1.3: new high-speed USB device number 20
> > > using xhci_hcd
> > > [2903525.047017] usb 1-12.4.1.3: New USB device found,
> > > idVendor=048d, idProduct=1336
> > > [2903525.047027] usb 1-12.4.1.3: New USB device strings: Mfr=1,
> > > Product=2, SerialNumber=3
> > > [2903525.047033] usb 1-12.4.1.3: Product: Mass Storage Device
> > > [2903525.047037] usb 1-12.4.1.3: Manufacturer: Generic
> > > [2903525.047041] usb 1-12.4.1.3: SerialNumber: 06
> > > [2903525.047961] usb-storage 1-12.4.1.3:1.0: USB Mass Storage device
> > > detected
> > > [2903525.052481] scsi host7: usb-storage 1-12.4.1.3:1.0
> > > [2903526.760829] scsi 7:0:0:0: Direct-Access Generic  Storage
> > > Device 0.00 PQ: 0 ANSI: 2
> > > [2903526.798501] sd 7:0:0:0: Attached scsi generic sg6 type 0
> > > [2903526.798879] sd 7:0:0:0: [sdf] 121319424 512-byte logical
> > > blocks: (62.1 GB/57.8 GiB)
> > > [2903526.799039] sd 7:0:0:0: [sdf] Write Protect is off
> > > [2903526.799041] sd 7:0:0:0: [sdf] Mode Sense: 03 00 00 00
> > > [2903526.799210] sd 7:0:0:0: [sdf] No Caching mode page found
> > > [2903526.799211] sd 7:0:0:0: [sdf] Assuming drive cache: write
> > > through [2903526.801588]  sdf: sdf1 sdf2
> > > [2903526.803323] sd 7:0:0:0: [sdf] Attached SCSI removable disk
> >
> > I see there are two partitions, which is a little unusual for a USB
> > stick. Are you by any chance trying to write a bootable stick?
> > It might help to know how you wrote this stick, assuming you did.
> >
> 
> Stick?

Well, here's a very similar log from a USB stick being inserted:

[] usb 1-4: new high-speed USB device number 8 using xhci_hcd
[] usb 1-4: New USB device found, idVendor=0c76, idProduct=0005, bcdDevice= 1.00
[] usb 1-4: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[] usb 1-4: Product: DataTraveler 2.0
[] usb 1-4: Manufacturer: Kingston
[] usb 1-4: SerialNumber: 2731542023F1DE82
[] usb-storage 1-4:1.0: USB Mass Storage device detected
[] scsi host3: usb-storage 1-4:1.0
[] scsi 3:0:0:0: Direct-Access Kingston DataTraveler 2.0 4.10 PQ: 0 ANSI: 2
[] sd 3:0:0:0: Attached scsi generic sg1 type 0
[] sd 3:0:0:0: [sdb] 503808 512-byte logical blocks: (258 MB/246 MiB)
[] sd 3:0:0:0: [sdb] Write Protect is off
[] sd 3:0:0:0: [sdb] Mode Sense: 0b 00 00 08
[] sd 3:0:0:0: [sdb] No Caching mode page found
[] sd 3:0:0:0: [sdb] Assuming drive cache: write through
[]  sdb: sdb1
[] sd 3:0:0:0: [sdb] Attached SCSI removable disk

> Its a u-sd card

Well, here's a very different log for a card:

[] pciehp :00:1c.3:pcie004: Slot(3): Card present
[] pciehp :00:1c.3:pcie004: Slot(3): Link Up
[] pci :03:00.0: [10ec:5227] type 00 class 0xff
[] pci :03:00.0: reg 0x10: [mem 0x-0x0fff]
[] pci :03:00.0: supports D1 D2
[] pci :03:00.0: PME# supported from D1 D2 D3hot D3cold
[] pci :03:00.0: BAR 0: assigned [mem 0xb100-0xb1000fff]
[] pcieport :00:1c.3: PCI bridge to [bus 03-08]
[] pcieport :00:1c.3:   bridge window [io  0x3000-0x3fff]
[] pcieport :00:1c.3:   bridge window [mem 0xb100-0xb1ff]
[] pcieport :00:1c.3:   bridge window [mem 0xb000-0xb0ff 64bit pref]
[] rtsx_pci :03:00.0: enabling device ( -> 0002)
[] mmc0: cannot verify signal voltage switch
[] mmc0: new ultra high speed SDR104 SDHC card at address 
[] mmcblk0: mmc0: SE32G 29.7 GiB 
[]  mmcblk0: p1

So forgive my mistake. OTOH, here's exactly the same card:

[] usb 2-2: new high-speed USB device number 7 using xhci_hcd
[] usb 2-2: New USB device found, idVendor=0781, idProduct=a7a8, bcdDevice= 1.27
[] usb 2-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[] usb 2-2: Product: SDDR-113
[] usb 2-2: Manufacturer: SanDisk Corp.
[] usb 2-2: SerialNumber: 633301B1
[] usb-storage 2-2:1.0: USB Mass Storage device detected
[] 

Re: [1/2HS] Mysql et le symbole Euro €

[G2PC]

 Et si tu fais une requête de sélection avec le terminal, 
 ça retourne quoi comme réponse ? :
>>> 2020 : 20€  alors qu'avec phpmyadmin = 2020 : 20¤

D'après ce que tu écris, PHPMyAdmin retournerait le symbole en tant que
ISO 8859-1 ?

https://fr.wikipedia.org/wiki/ISO/CEI_8859-15

Lire :
https://openclassrooms.com/forum/sujet/afficher-le-symbole-euro-present-dans-une-base-de-donnees-52071


Lire :
https://forum.phpfrance.com/php-debutant/stocker-sigle-symbole-euro-dans-table-sql-t269428.html
En conclure qu'il faut vérifier l'encodage :
1- De ton fichier
2- De ta base/table
3- De ta connexion PHP car tu peux forcer l'encodage lors de la connexion


Ta BDD utilise quel encodage ? Le meilleur moyen de le savoir ou de s'en
assurer, c'est de faire un dump d'une ligne qui a un symbole euro dans
un fichier et d'ouvrir ce fichier avec un editeur hexa pour voir si
c'est bien de l'UTF-8 (sequence UTF-8: E2 82 AC ).

Je dis UTF8 car il serait préférable d'être en UTF8, puisque c'est la
norme à suivre d'après le W3C, et, qui permet justement de standardiser
ce type de problématiques de caractères spéciaux.


En gros, ça se rapproche avec ça :
https://www.developpez.net/forums/d606691/php/php-base-donnees/encodage-caracteres-sigle/
https://openclassrooms.com/forum/sujet/signe-euro-avec-utf8decode-79959



Bref, assures toi déjà de connaître l'encodage de ta base de données,
et, de ton fichier.
Si tu as quelque chose qui n'est pas en UTF8, demande toi si il ne
serait pas mieux de passer à l'UTF8.
Une fois en UTF8, et, les problèmes d'accents réglés, le euro devrait
passer sans aucun problème.

Pense à bien sauvegarder les données, et BDD, avant de commencer à faire
des conversions, au risque de tout casser.

Re: [1/2HS] Mysql et le symbole Euro €

[G2PC]

>> Étrange, PhpMyAdmin devrait prendre en charge UTF-8.
>> Et ta page web elle affiche le même symbole, et, elle est en UTF-8 ?
> Si je mets UTF-8, j'ai  "2020 : 20?"
>
> Sinon, ma page est en iso-8859-15.
>
>> Après, tu peux voir à contourner le problème, si tu ne l'identifies pas :
>> Encodage Html Entité Héxadécimal  | €
>> Encodage Html Entité Décimal  | €
>> Code ASCII
>> 
>> ou entité Html  | €
>> Encodage pour l'Url UTF-8 %E2%82%AC | €

Je ne voudrais pas dire de bêtise, mais, si ta page est en ISO, elle
n'affichera pas les caractères spéciaux directement, non ?

Il faudrait utiliser les codes que je t'ai proposé, le code HTML : 

Il me semble que pour utiliser le caractère directement, si tu le places
en BDD, il faut que ton site soit en UTF8, quoi que ...

  * l'ISO-8859-1 (parfois appelé latin1), qui permet d'enregistrer
presque tous les caractères du français ;
  * l'ISO-8859-15 (parfois appelé latin9), une variation de
l'ISO-8859-1, qui rajoute le symbole « euro » et le « l'o dans l'e» ;
  * l'UTF-8, qui permet théoriquement d'encoder toutes les langues, du
français au japonais en passant par l'arabe.


Tu peux lire cet échange qui résume bien ce qu'il faudrait faire :
https://forum.alsacreations.com/topic-3-53149-1-Iso-8859-15-et-.html

En gros, passer en UTF8, et, bien veiller à ce que les données soient
bien enregistrées en UTF8 pour les afficher en UTF8.
Cela va obliger à réencoder les données, très certainement ( les accents
notamment, et, les caractères spéciaux. )

Re: can't mount sdf1 in stretch, gparted claims its fat32

[songbird]

Gene Heskett wrote:
> On Monday 03 February 2020 13:17:04 Dan Ritter wrote:
>
>> Gene Heskett wrote:
>> > Greetings all;
>> >
>> > I want to look at its directory structure because its different, and
>> > I'd like to deduce how to generate it in a kernel make for a newer,
>> > preempt-rt kernel.
>>
>> Actual error message, please.
> gene@coyote:~/PublicA/pi-buster$ sudo mount -tvfat /dev/sdf1 /media/sdf1

  don't you need a space between -t and vfat?


> mount: wrong fs type, bad option, bad superblock on /dev/sdf1,
>missing codepage or helper program, or other error
>
>In some cases useful info is found in syslog - try
>dmesg | tail or so.
>
>>
>> sudo parted -l
>> sudo mkdir /mnt/tmp
>> sudo mount /dev/sdf1 /mnt/tmp
>>
>> -dsr-
>
> Thanks Dan R.
>
> Cheers, Gene Heskett


  songbird

Re: apache2 virtual host

[Russell L. Harris]

On Mon, Feb 03, 2020 at 09:10:25AM -0500, Greg Wooledge wrote:

On Mon, Feb 03, 2020 at 06:59:55AM +, Russell L. Harris wrote:

I receive the following error message when attempting to enable a
virtual host (apache2 in Debian 10):

   root@penelope:/etc/apache2/sites-available# a2ensite domain1.com.conf
   bash: a2ensite: command not found


You used "su", right?

https://wiki.debian.org/NewInBuster#Changes



Yes, I used "su"; I was not aware of the change.  Thanks, Greg.
Mystery solved; issue resolved.  Now back to the tutorial...

RLH

Re: Re: apt-get build-dep emacs-gtk: unmet dependencies

[Clive Standbridge]

> > $ apt-cache policy libtiff-dev libtiff5
> 
> The command (w/ libidn2-0 added) reports:
> 
> libtiff-dev:
>   Installed: (none)
>   Candidate: 4.0.10-4
>   Version table:
>  4.0.10-4 500
> 500 http://ftp.uk.debian.org/debian stable/main amd64 Packages
> libtiff5:
>   Installed: 4.1.0+git191117-2~deb10u1
>   Candidate: 4.1.0+git191117-2~deb10u1
>   Version table:
>  *** 4.1.0+git191117-2~deb10u1 100
> 100 /var/lib/dpkg/status
>  4.0.10-4 500
> 500 http://ftp.uk.debian.org/debian stable/main amd64 Packages
> libidn2-0:
>   Installed: 2.0.5-1+deb10u1
>   Candidate: 2.0.5-1+deb10u1
>   Version table:
>  *** 2.0.5-1+deb10u1 100
> 100 /var/lib/dpkg/status
>  2.0.5-1 500
> 500 http://ftp.uk.debian.org/debian stable/main amd64 Packages
> 

Your installed versions of libtiff5 and libidn2-0 are the same as the versions 
currently in the buster security updates. Contrast:

$ apt-cache policy libtiff-dev libtiff5 libidn2-0
libtiff-dev:
  Installed: 4.1.0+git191117-2~deb10u1
  Candidate: 4.1.0+git191117-2~deb10u1
  Version table:
 *** 4.1.0+git191117-2~deb10u1 990
990 http://security.debian.org buster/updates/main amd64 Packages
100 /var/lib/dpkg/status
 4.0.10-4 990
990 http://deb.debian.org/debian buster/main amd64 Packages
libtiff5:
  Installed: 4.1.0+git191117-2~deb10u1
  Candidate: 4.1.0+git191117-2~deb10u1
  Version table:
 *** 4.1.0+git191117-2~deb10u1 990
990 http://security.debian.org buster/updates/main amd64 Packages
100 /var/lib/dpkg/status
 4.0.10-4 990
990 http://deb.debian.org/debian buster/main amd64 Packages
libidn2-0:
  Installed: 2.0.5-1+deb10u1
  Candidate: 2.0.5-1+deb10u1
  Version table:
 *** 2.0.5-1+deb10u1 990
990 http://security.debian.org buster/updates/main amd64 Packages
100 /var/lib/dpkg/status
 2.0.5-1 990
990 http://deb.debian.org/debian buster/main amd64 Packages


It looks as though you have installed from security.debian.org but now it's not 
in your sources.list. If you add a line like

deb http://security.debian.org/  buster/updates main contrib non-free

then do "apt-get update", does that help the "apt-get build-dep"?

-- 
Cheers,
Clive

Re: apt-get build-dep emacs-gtk: unmet dependencies

[Göktuğ Kayaalp]

> You could try downgrading the two library packages explicitly:
>
> $ apt-get install libtiff5=1.0.10-4 libidn2-0=2.0.5-1

This is what I tried eventually, and it worked, thanks!

> That might result in other errors if doing this breaks versioned
> dependencies from other packages, but it's at least a starting point,
> and worth trying.

It luckily didn’t.

> The real questions are A: how you wound up with these newer versions
> installed in the first place, and B: whether there are similarly "newer
> than anything available in your-configured repos" versions of any
> *other* packages installed.

For A, well, my installation process is like this: use netinst (first I
had tried w/ 10.0, the last time I downloaded 10.2, because who knows,
but it persisted), usual stuff, partitioning (UEFI, rest is ext4, one
LVM vg which includes / and /home, separate /boot in primary partition),
then install, selecting print server, ssh server, and standard packages
(bottom three in tasksel screen).  Then, I reboot and run a script that
basically builds up an ‘apt-get install ...’ command with ~200 pkgs
(ends up installing >4k dependencies).  It uses usual debian stable
repos.  No local .debs, no other repos.  I don’t even use
backports. /etc/apt/preferences is empty.  FWIW, the mentioned
installation command is as follows:

,
| apt-get install -y apt-transport-https curl cups-bsd dnsutils equivs
| gawk gvfs-bin net-tools netcat-openbsd telnet traceroute bind9utils
| moreutils lftp libpam-cgroup libpam-cgfs bridge-utils qemu rsync
| openssh-server network-manager smartmontools entr docker.io snapd rar
| unrar dunst pasystray i3-wm i3status i3lock xinit libxrandr-dev
| network-manager-gnome dbus-x11 pulseaudio pulseaudio-utils pavucontrol
| alsa-oss alsa-utils alsamixergui pcmanfm ristretto xbacklight feh
| gvfs-backends gvfs-fuse okular cheese gimp gparted libreoffice
| libreoffice-gtk3 libreoffice-gnome mpv simple-scan transmission-gtk
| vokoscreen redshift-gtk suckless-tools laptop-mode-tools xclip xdotool
| xinput libnotify-bin devhelp audacity flameshot xfce4-clipman compton
| dconf-editor wmctrl arandr inkscape pdfsam xarchiver lmms libjansson-dev
| libpoppler-glib-dev libpoppler-private-dev spek praat python3-matplotlib
| python3-numpy python3-scipy python3-matplotlib python3-pandas
| python3-sympy python3-nose texlive-full perl-tk pass pv tmux units vim
| vorbis-tools vorbisgain w3m w3m-el webalizer whois syncthing libnss-mdns
| mailutils mairix mutt mpop msmtp procmail certbot dirmngr youtube-dl
| hugo inotify-tools pandoc fbi ddgr hledger jq djvulibre-bin gitit lynx
| pwgen gnupg2 qemu-utils qemu-system-x86 build-essential cvs git git-cvs
| git-email mercurial python-hglib python-dulwich python-fastimport
| python3-pip quilt rcs subversion autoconf autoconf-archive automake
| bmake libuniversal-isa-perl libimage-exiftool-perl libswitch-perl
| cpanminus liblocal-lib-perl perlbrew python python-pip python3-tk
| python3-venv ipython3 python3-notify2 r-base r-recommended r-doc-info
| r-cran-tidyverse r-cran-rio r-cran-psych ruby bundler ri
| haskell-platform haskell-platform-doc redis-server redis-tools gjs
| libgjs-dev gnome-js-common valac valadoc gnuplot feedgnuplot
| exuberant-ctags gdb strace make-doc gawk-doc apt-doc autoconf-doc
| bash-doc binutils-doc aspell-doc binutils-doc bzip2-doc cvs-doc
| debconf-doc diffutils-doc ffmpeg-doc gdb-doc gettext-doc git-doc
| glibc-doc gmp-doc gnuplot-doc gnutls-doc graphviz-doc grub-doc
| imagemagick-doc libtool-doc m4-doc mailutils-doc make-doc multiboot-doc
| ncurses-doc parted-doc pinentry-doc python-apt-doc python-certbot-doc
| python-doc python-numpy-doc python-setuptools-doc python3-doc
| readline-doc rsyslog-doc sgml-base-doc sharutils-doc sqlite3-doc tar-doc
| vim-doc libgtk-3-doc libcairo2-doc libxaw-doc libx11-doc libxcb-doc
| libglib2.0-doc iproute2-doc libasound2-doc docker-doc
| libreoffice-help-en-us
`


> Tracking those down and fixing them would definitely be possible, but
> honestly, if this system was installed so recently you're probably
> better off doing the reinstall and hoping whatever error it was doesn't
> happen this time.

I persistently got the same results after reinstalling twice (botched
one trying to use btrfs on root).  I suppose it could be a problem with
Debian reports.  Do you think I should report this as a bug?

In any case, I’ll try to reinstall on a VM in a few days, maybe this is
a temporary issue w/ package archives, or a packaging bug.


-- 
İ. Göktuğ Kayaalp / @cadadr / 
pgp:   024C 30DD 597D 142B 49AC 40EB 465C D949 B101 2427

Re: can't mount sdf1 in stretch, gparted claims its fat32

[Dan Ritter]

Gene Heskett wrote: 
> On Monday 03 February 2020 14:07:46 David Wright wrote:
> 
> > On Mon 03 Feb 2020 at 13:57:08 (-0500), Gene Heskett wrote:
> > > On Monday 03 February 2020 13:17:04 Dan Ritter wrote:
> > > > Actual error message, please.
> > >
> > > gene@coyote:~/PublicA/pi-buster$ sudo mount -tvfat /dev/sdf1
> > > /media/sdf1 mount: wrong fs type, bad option, bad superblock on
> > > /dev/sdf1, missing codepage or helper program, or other error
> > >
> > >In some cases useful info is found in syslog - try
> > >dmesg | tail or so.
> >
> > What happens if you leave out the type option?
> 
> from dmesg:
> 2903654.091619] FAT-fs (sdf1): bogus number of reserved sectors
> [2903654.091622] FAT-fs (sdf1): Can't find a valid FAT filesystem

> [2911401.900020] FAT-fs (sdf1): invalid media value (0x00)
> [2911401.900031] FAT-fs (sdf1): Can't find a valid FAT filesystem
> 
> 
> I duuno what to make of that!

There's no FAT filesystem there. It might be corrupted, it might
actually be on /dev/sdf with a bogus partition table.

-dsr-

Re: can't mount sdf1 in stretch, gparted claims its fat32

[Gene Heskett]

On Monday 03 February 2020 14:15:14 David Wright wrote:

> On Mon 03 Feb 2020 at 14:02:31 (-0500), Gene Heskett wrote:
> > On Monday 03 February 2020 13:31:16 David Wright wrote:
> > > On Mon 03 Feb 2020 at 12:40:20 (-0500), Gene Heskett wrote:
> > > > I want to look at its directory structure because its different,
> > > > and I'd like to deduce how to generate it in a kernel make for a
> > > > newer, preempt-rt kernel.
> > >
> > > Yes, I can't mount it either, because I'm not running stretch.
> >
> > And I am running stretch with a custom realtime kernel for linuxcnc
> > use.
> >
> > > > Thanks for any enlightenment.
> > >
> > > I've given my reason; can you give us yours, for our further
> > > enlightenment?
> >
> > gene@coyote:~/PublicA/pi-buster$ sudo mount -tvfat /dev/sdf1
> > /media/sdf1 mount: wrong fs type, bad option, bad superblock on
> > /dev/sdf1, missing codepage or helper program, or other error
> >
> >In some cases useful info is found in syslog - try
> >dmesg | tail or so.
> >
> > And dmesg says:
> > [2903524.766017] usb 1-12.4.1.3: new high-speed USB device number 20
> > using xhci_hcd
> > [2903525.047017] usb 1-12.4.1.3: New USB device found,
> > idVendor=048d, idProduct=1336
> > [2903525.047027] usb 1-12.4.1.3: New USB device strings: Mfr=1,
> > Product=2, SerialNumber=3
> > [2903525.047033] usb 1-12.4.1.3: Product: Mass Storage Device
> > [2903525.047037] usb 1-12.4.1.3: Manufacturer: Generic
> > [2903525.047041] usb 1-12.4.1.3: SerialNumber: 06
> > [2903525.047961] usb-storage 1-12.4.1.3:1.0: USB Mass Storage device
> > detected
> > [2903525.052481] scsi host7: usb-storage 1-12.4.1.3:1.0
> > [2903526.760829] scsi 7:0:0:0: Direct-Access Generic  Storage
> > Device 0.00 PQ: 0 ANSI: 2
> > [2903526.798501] sd 7:0:0:0: Attached scsi generic sg6 type 0
> > [2903526.798879] sd 7:0:0:0: [sdf] 121319424 512-byte logical
> > blocks: (62.1 GB/57.8 GiB)
> > [2903526.799039] sd 7:0:0:0: [sdf] Write Protect is off
> > [2903526.799041] sd 7:0:0:0: [sdf] Mode Sense: 03 00 00 00
> > [2903526.799210] sd 7:0:0:0: [sdf] No Caching mode page found
> > [2903526.799211] sd 7:0:0:0: [sdf] Assuming drive cache: write
> > through [2903526.801588]  sdf: sdf1 sdf2
> > [2903526.803323] sd 7:0:0:0: [sdf] Attached SCSI removable disk
>
> I see there are two partitions, which is a little unusual for a USB
> stick. Are you by any chance trying to write a bootable stick?
> It might help to know how you wrote this stick, assuming you did.
>

Stick?  Its a u-sd card to boot an rpi4 with.

> Cheers,
> David.


Cheers David, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: can't mount sdf1 in stretch, gparted claims its fat32

[Gene Heskett]

On Monday 03 February 2020 14:07:46 David Wright wrote:

> On Mon 03 Feb 2020 at 13:57:08 (-0500), Gene Heskett wrote:
> > On Monday 03 February 2020 13:17:04 Dan Ritter wrote:
> > > Actual error message, please.
> >
> > gene@coyote:~/PublicA/pi-buster$ sudo mount -tvfat /dev/sdf1
> > /media/sdf1 mount: wrong fs type, bad option, bad superblock on
> > /dev/sdf1, missing codepage or helper program, or other error
> >
> >In some cases useful info is found in syslog - try
> >dmesg | tail or so.
>
> What happens if you leave out the type option?

from dmesg:
2903654.091619] FAT-fs (sdf1): bogus number of reserved sectors
[2903654.091622] FAT-fs (sdf1): Can't find a valid FAT filesystem
[2904108.303894] INFO: task systemd-udevd:31796 blocked for more than 120 
seconds.
[2904108.303905]   Not tainted 4.9.0-11-rt-amd64 #1 Debian 
4.9.189-3+deb9u2
[2904108.303910] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" 
disables this message.
[2904108.303915] systemd-udevd   D0 31796  1 0x0120
[2904108.303926]  0086 9d357affc800  
9d37ae4e9a00
[2904108.303938]  9d371a884100 9d37a84a8000 bbc3089ffa98 
8963b355
[2904108.303950]  00ffbbc3089ffb70 9d37ae4e9a00 890a9ef1 
9d371a884100
[2904108.303961] Call Trace:
[2904108.303975]  [] ? __schedule+0x275/0x5d0
[2904108.303982]  [] ? __raw_spin_unlock+0x11/0x50
[2904108.303988]  [] ? schedule+0x43/0xd0
[2904108.303995]  [] ? __rt_mutex_slowlock+0xb8/0x140
[2904108.304002]  [] ? 
rt_mutex_slowlock_locked+0xbb/0x220
[2904108.304008]  [] ? rt_mutex_slowlock+0x75/0xc0
[2904108.304018]  [] ? __blkdev_get+0x6a/0x470
[2904108.304024]  [] ? blkdev_get+0x120/0x340
[2904108.304031]  [] ? unpin_current_cpu+0x12/0x70
[2904108.304037]  [] ? migrate_enable+0x1d0/0x310
[2904108.304043]  [] ? migrate_disable+0x84/0xe0
[2904108.304049]  [] ? blkdev_get_by_dev+0x40/0x40
[2904108.304057]  [] ? do_dentry_open+0x234/0x340
[2904108.304063]  [] ? path_openat+0x77a/0x15b0
[2904108.304069]  [] ? vsnprintf+0xf3/0x4f0
[2904108.304076]  [] ? do_filp_open+0x91/0x100
[2904108.304084]  [] ? unpin_current_cpu+0x12/0x70
[2904108.304089]  [] ? migrate_enable+0x1d0/0x310
[2904108.304098]  [] ? do_sys_open+0x12e/0x210
[2904108.304106]  [] ? do_syscall_64+0x75/0x110
[2904108.304114]  [] ? 
entry_SYSCALL_64_after_swapgs+0x58/0xc6
[2911401.900020] FAT-fs (sdf1): invalid media value (0x00)
[2911401.900031] FAT-fs (sdf1): Can't find a valid FAT filesystem

> Cheers,
> David.

I duuno what to make of that!

Thanks David

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: [1/2HS] Mysql et le symbole Euro €

[ajh-valmer]

On Monday 03 February 2020 19:16:54 G2PC wrote:
> >> Et si tu fais une requête de sélection avec le terminal, 
> >> ça retourne quoi comme réponse ? :
> > 2020 : 20€  alors qu'avec phpmyadmin = 2020 : 20¤

> Étrange, PhpMyAdmin devrait prendre en charge UTF-8.
> Et ta page web elle affiche le même symbole, et, elle est en UTF-8 ?

Si je mets UTF-8, j'ai  "2020 : 20?"

Sinon, ma page est en iso-8859-15.

> Après, tu peux voir à contourner le problème, si tu ne l'identifies pas :
> Encodage Html Entité Héxadécimal  | €
> Encodage Html Entité Décimal  | €
> Code ASCII
>
> ou entité Html  | €
> Encodage pour l'Url UTF-8 %E2%82%AC | €

Re: can't mount sdf1 in stretch, gparted claims its fat32

[David Wright]

On Mon 03 Feb 2020 at 14:02:31 (-0500), Gene Heskett wrote:
> On Monday 03 February 2020 13:31:16 David Wright wrote:
> > On Mon 03 Feb 2020 at 12:40:20 (-0500), Gene Heskett wrote:
> > > I want to look at its directory structure because its different, and
> > > I'd like to deduce how to generate it in a kernel make for a newer,
> > > preempt-rt kernel.
> >
> > Yes, I can't mount it either, because I'm not running stretch.
> 
> And I am running stretch with a custom realtime kernel for linuxcnc use. 
> >
> > > Thanks for any enlightenment.
> >
> > I've given my reason; can you give us yours, for our further
> > enlightenment?
> >
> gene@coyote:~/PublicA/pi-buster$ sudo mount -tvfat /dev/sdf1 /media/sdf1
> mount: wrong fs type, bad option, bad superblock on /dev/sdf1,
>missing codepage or helper program, or other error
> 
>In some cases useful info is found in syslog - try
>dmesg | tail or so.
> 
> And dmesg says:
> [2903524.766017] usb 1-12.4.1.3: new high-speed USB device number 20 
> using xhci_hcd
> [2903525.047017] usb 1-12.4.1.3: New USB device found, idVendor=048d, 
> idProduct=1336
> [2903525.047027] usb 1-12.4.1.3: New USB device strings: Mfr=1, 
> Product=2, SerialNumber=3
> [2903525.047033] usb 1-12.4.1.3: Product: Mass Storage Device
> [2903525.047037] usb 1-12.4.1.3: Manufacturer: Generic
> [2903525.047041] usb 1-12.4.1.3: SerialNumber: 06
> [2903525.047961] usb-storage 1-12.4.1.3:1.0: USB Mass Storage device 
> detected
> [2903525.052481] scsi host7: usb-storage 1-12.4.1.3:1.0
> [2903526.760829] scsi 7:0:0:0: Direct-Access Generic  Storage Device   
> 0.00 PQ: 0 ANSI: 2
> [2903526.798501] sd 7:0:0:0: Attached scsi generic sg6 type 0
> [2903526.798879] sd 7:0:0:0: [sdf] 121319424 512-byte logical blocks: 
> (62.1 GB/57.8 GiB)
> [2903526.799039] sd 7:0:0:0: [sdf] Write Protect is off
> [2903526.799041] sd 7:0:0:0: [sdf] Mode Sense: 03 00 00 00
> [2903526.799210] sd 7:0:0:0: [sdf] No Caching mode page found
> [2903526.799211] sd 7:0:0:0: [sdf] Assuming drive cache: write through
> [2903526.801588]  sdf: sdf1 sdf2
> [2903526.803323] sd 7:0:0:0: [sdf] Attached SCSI removable disk

I see there are two partitions, which is a little unusual for a USB
stick. Are you by any chance trying to write a bootable stick?
It might help to know how you wrote this stick, assuming you did.

Cheers,
David.

Re: can't mount sdf1 in stretch, gparted claims its fat32

[David Wright]

On Mon 03 Feb 2020 at 13:57:08 (-0500), Gene Heskett wrote:
> On Monday 03 February 2020 13:17:04 Dan Ritter wrote:
> > Actual error message, please.
> gene@coyote:~/PublicA/pi-buster$ sudo mount -tvfat /dev/sdf1 /media/sdf1
> mount: wrong fs type, bad option, bad superblock on /dev/sdf1,
>missing codepage or helper program, or other error
> 
>In some cases useful info is found in syslog - try
>dmesg | tail or so.

What happens if you leave out the type option?

> > sudo parted -l
> > sudo mkdir /mnt/tmp
> > sudo mount /dev/sdf1 /mnt/tmp

Cheers,
David.

Re: can't mount sdf1 in stretch, gparted claims its fat32

[Gene Heskett]

On Monday 03 February 2020 13:31:16 David Wright wrote:

> On Mon 03 Feb 2020 at 12:40:20 (-0500), Gene Heskett wrote:
> > I want to look at its directory structure because its different, and
> > I'd like to deduce how to generate it in a kernel make for a newer,
> > preempt-rt kernel.
>
> Yes, I can't mount it either, because I'm not running stretch.

And I am running stretch with a custom realtime kernel for linuxcnc use. 
>
> > Thanks for any enlightenment.
>
> I've given my reason; can you give us yours, for our further
> enlightenment?
>
gene@coyote:~/PublicA/pi-buster$ sudo mount -tvfat /dev/sdf1 /media/sdf1
mount: wrong fs type, bad option, bad superblock on /dev/sdf1,
   missing codepage or helper program, or other error

   In some cases useful info is found in syslog - try
   dmesg | tail or so.

And dmesg says:
[2903524.766017] usb 1-12.4.1.3: new high-speed USB device number 20 
using xhci_hcd
[2903525.047017] usb 1-12.4.1.3: New USB device found, idVendor=048d, 
idProduct=1336
[2903525.047027] usb 1-12.4.1.3: New USB device strings: Mfr=1, 
Product=2, SerialNumber=3
[2903525.047033] usb 1-12.4.1.3: Product: Mass Storage Device
[2903525.047037] usb 1-12.4.1.3: Manufacturer: Generic
[2903525.047041] usb 1-12.4.1.3: SerialNumber: 06
[2903525.047961] usb-storage 1-12.4.1.3:1.0: USB Mass Storage device 
detected
[2903525.052481] scsi host7: usb-storage 1-12.4.1.3:1.0
[2903526.760829] scsi 7:0:0:0: Direct-Access Generic  Storage Device   
0.00 PQ: 0 ANSI: 2
[2903526.798501] sd 7:0:0:0: Attached scsi generic sg6 type 0
[2903526.798879] sd 7:0:0:0: [sdf] 121319424 512-byte logical blocks: 
(62.1 GB/57.8 GiB)
[2903526.799039] sd 7:0:0:0: [sdf] Write Protect is off
[2903526.799041] sd 7:0:0:0: [sdf] Mode Sense: 03 00 00 00
[2903526.799210] sd 7:0:0:0: [sdf] No Caching mode page found
[2903526.799211] sd 7:0:0:0: [sdf] Assuming drive cache: write through
[2903526.801588]  sdf: sdf1 sdf2
[2903526.803323] sd 7:0:0:0: [sdf] Attached SCSI removable disk

> Cheers,
> David.
Thanks David

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: can't mount sdf1 in stretch, gparted claims its fat32

[Gene Heskett]

On Monday 03 February 2020 13:17:04 Dan Ritter wrote:

> Gene Heskett wrote:
> > Greetings all;
> >
> > I want to look at its directory structure because its different, and
> > I'd like to deduce how to generate it in a kernel make for a newer,
> > preempt-rt kernel.
>
> Actual error message, please.
gene@coyote:~/PublicA/pi-buster$ sudo mount -tvfat /dev/sdf1 /media/sdf1
mount: wrong fs type, bad option, bad superblock on /dev/sdf1,
   missing codepage or helper program, or other error

   In some cases useful info is found in syslog - try
   dmesg | tail or so.

>
> sudo parted -l
> sudo mkdir /mnt/tmp
> sudo mount /dev/sdf1 /mnt/tmp
>
> -dsr-

Thanks Dan R.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: can't mount sdf1 in stretch, gparted claims its fat32

[David Wright]

On Mon 03 Feb 2020 at 12:40:20 (-0500), Gene Heskett wrote:
> 
> I want to look at its directory structure because its different, and I'd 
> like to deduce how to generate it in a kernel make for a newer, 
> preempt-rt kernel.

Yes, I can't mount it either, because I'm not running stretch.

> Thanks for any enlightenment.

I've given my reason; can you give us yours, for our further enlightenment?

Cheers,
David.

Re: can't mount sdf1 in stretch, gparted claims its fat32

[Dan Ritter]

Gene Heskett wrote: 
> Greetings all;
> 
> I want to look at its directory structure because its different, and I'd 
> like to deduce how to generate it in a kernel make for a newer, 
> preempt-rt kernel.

Actual error message, please.

sudo parted -l
sudo mkdir /mnt/tmp
sudo mount /dev/sdf1 /mnt/tmp

-dsr-

Re: [1/2HS] Mysql et le symbole Euro €

[G2PC]

>> Et si tu fais une requête de sélection avec le terminal, ça retourne
>> quoi comme réponse ? :
> 2020 : 20€
>
> alors qu'avec phpmyadmin = 2020 : 20¤

Étrange, PhpMyAdmin devrait prendre en charge UTF-8.

Et ta page web elle affiche le même symbole, et, elle est en UTF-8 ?


Après, tu peux voir à contourner le problème, si tu ne l'identifies pas :

Encodage Html Entité Héxadécimal | €
Encodage Html Entité Décimal | €
Code ASCII

ou entité Html   | €
Encodage pour l'Url UTF-8   %E2%82%AC | €

Re: [1/2HS] Mysql et le symbole Euro €

[ajh . valmer]

On Monday 03 February 2020 14:39:52 G2PC wrote:
> Le 03/02/2020 à 13:28, ajh-valmer a écrit :
> > Depuis peu, lorsque j'INSERT ou UPDATE une table MySQL,
> > via scripts PHP et SQL, je mets le montant  : "30"
> > et apparait dans le champ via phpmyadmin : "30¤".
> > Pareil si j'écris "30€".
> > Pourtant, si j'interroge la table (SELECT),
> > apparait bien dans le navigateur "30€".
> > L'interclassement est UTF8_general_ci.
> > Si je mets : latin1_general_ci, pareil.
> > Ce problème fait suite à un upgrade de mysql.

> Et si tu fais une requête de sélection avec le terminal, ça retourne
> quoi comme réponse ? :
2020 : 20€

alors qu'avec phpmyadmin = 2020 : 20¤

Re: OT red por cable con portal captivo sin trafico interno.

[Ramses]

El 3 de febrero de 2020 18:26:01 CET, Ramses  
escribió:
>El 3 de febrero de 2020 15:59:03 CET, Paynalton 
>escribió:
>>El lun., 3 de febrero de 2020 8:42 a. m., Ramses
>>
>>escribió:
>>
>>> El 3 de febrero de 2020 15:33:46 CET, Paynalton
>>
>>> escribió:
>>> >El lun., 3 de febrero de 2020 8:00 a. m., Ramses
>>> >
>>> >escribió:
>>> >
>>> >> El 3 de febrero de 2020 14:34:00 CET, Paynalton
>>> >
>>> >> escribió:
>>> >> >El lun., 3 de febrero de 2020 2:26 a. m., Antonio Trujillo
>>Carmona <
>>> >> >antonio.trujillo.s...@juntadeandalucia.es> escribió:
>>> >> >
>>> >> >> El 1/2/20 a las 14:14, Ramses escribió:
>>> >> >> > El 31 de enero de 2020 12:04:37 CET, Antonio Trujillo
>Carmona
>><
>>> >> >> antonio.trujillo.s...@juntadeandalucia.es> escribió:
>>> >> >> >> El 29/1/20 a las 17:41, Paynalton escribió:
>>> >> >> >>>
>>> >> >> >>>
>>> >> >> >>> El mié., 29 ene. 2020 a las 7:40, Antonio Trujillo Carmona
>>> >> >> >>> (>> >> >> >>> >)
>>escribió:
>>> >> >> >>>
>>> >> >> >>> El 28/1/20 a las 8:42, Antonio Trujillo Carmona
>>escribió:
>>> >> >> >>> > En nuestro hospital tenemos una VLan de gracia
>>para
>>> >los
>>> >> >> >>> equipos no
>>> >> >> >>> > identificados.
>>> >> >> >>> > Debido al abuso que se hace de esa vlan nos estamos
>>> >> >planteando
>>> >> >> >>> poner un
>>> >> >> >>> > portal de validación y anular el trafico interno.
>>> >> >> >>> > No se trata tanto de bloquear o filtrar usuarios
>como
>>de
>>> >> >evitar
>>> >> >> >>> que se
>>> >> >> >>> > puedan conectar dispositivos electromédicos u OT a
>la
>>> >red,
>>> >> >por
>>> >> >> >>> lo que no
>>> >> >> >>> > es importante el nivel de seguridad, cualquier
>>elección
>>> >> >haría
>>> >> >> >> que un
>>> >> >> >>> > dispositivo automático fallara en adquirir red, que
>>es
>>> >lo
>>> >> >que
>>> >> >> >>> buscamos.
>>> >> >> >>> > Los conmutadores (HP procurbe) solo admiten 2 de 3
>>> >posibles
>>> >> >> >>> formas de
>>> >> >> >>> > acceso y tienen activado el filtrado 802.1x y por
>>MAC,
>>> >por
>>> >> >lo
>>> >> >> >>> que no se
>>> >> >> >>> > puede activar el acceso web.
>>> >> >> >>> > ¿Alguna idea?
>>> >> >> >>> >
>>> >> >> >>> Muchas gracias a todos por las respuestas.
>>> >> >> >>>
>>> >> >> >>> Realmente mi pregunta no iba sobre que portal usar,
>>aunque
>>> >> >> >>> agradezco los
>>> >> >> >>> apuntes y los probare, si no por como configurar una
>>red
>>> >por
>>> >> >dhcp
>>> >> >> >> para
>>> >> >> >>> que los equipos que estén en la misma red y en el
>mismo
>>> >> >> >> conmutador
>>> >> >> >>> (switch) no se vean entre ellos.
>>> >> >> >>>
>>> >> >> >>>
>>> >> >> >>>
>>> >> >> >>> Para mantener aislamiento debes usar vlans, manteniendo a
>>la
>>> >red
>>> >> >> >>> médica en una vlan y la red pública en otra.
>>> >> >> >>>
>>> >> >> >>> El mismo DHCP puede decidir a qué vlan se va cada equipo y
>>qué
>>> >> >> >>> servicios puede tener.
>>> >> >> >>>
>>> >> >> >>> En el gateway de la red pública debes colocar un acceso
>por
>>> >proxy
>>> >> >> >>> controlado por temporizador como te había mencionado en un
>>> >correo
>>> >> >> >>> anterior.
>>> >> >> >>>
>>> >> >> >>> El DHCP debe entregar la ruta de un wpad para la
>>configuración
>>> >> >> >>> automática del proxy.
>>> >> >> >>>
>>> >> >> >>> Debes tener un servicio web que entregue el archivo wpad,
>>el
>>> >cual
>>> >> >> >>> indicará que la salida a internet es a través del proxy.
>>> >> >> >>>
>>> >> >> >>> Así, en un caso de uso típico sucede:
>>> >> >> >>>
>>> >> >> >>> Caso A:
>>> >> >> >>>
>>> >> >> >>> -visitante llega con su teléfono.
>>> >> >> >>> -visitante se conecta a la red pública abierta
>>> >> >> >>> -teléfono solicita configuración al DHCP
>>> >> >> >>> -DHCP entrega configuración de red y una ruta para wpad
>>> >> >> >>> -visitante intenta entrar a internet
>>> >> >> >>> -navegador del teléfono consulta el wpad
>>> >> >> >>> -navegador redirige la petición al proxy
>>> >> >> >>> -proxy redirige al visitante a una página de error donde
>le
>>> >pide
>>> >> >> >>> contraseña, o una encuesta o la foto de la enfermera Salo
>>en
>>> >> >traje de
>>> >> >> >> baño
>>> >> >> >>> -visitante interactúa con la página y gana el acceso
>>> >temporizado
>>> >> >> >>> -proxy permite el acceso por 15 minutos antes de mostrar
>de
>>> >nuevo
>>> >> >el
>>> >> >> >>> pack de verano de la enfermera Salo.
>>> >> >> >>>
>>> >> >> >>> Caso B:
>>> >> >> >>>
>>> >> >> >>> -llega un interno con un novedoso aparato que no sirve
>para
>>> >nada
>>> >> >pero
>>> >> >> >>> que consiguió barato en amazon.
>>> >> >> >>> -interno conecta el aparato a la red pública por flojera
>de
>>ir
>>> >a
>>> >> >> >>> sistemas a pedir acceso
>>> >> >> >>> -aparato no tiene navegador, por lo que no puede ver las
>>> >> >candentes
>>> >> >> >>> fotos de la enfermera Salo
>>> >> >> >>> -aparato no logra conectarse y el interno no tiene más

About "deprecated" packages

[Vincas Dargis]

Hi,

I've discovered that we have `openbve-data` [0] package for o-o-stable up to the unstable, but 
binary package `openbve` [1] is only available for o-o-stable...


`openbve-data` looks useless without binaries, and probably should be removed..?

What's the way to notify about this kind of packages?

Thanks!

[0] https://tracker.debian.org/pkg/openbve-data
[1] https://tracker.debian.org/pkg/openbve

Re: could not resolve deb.debian.org after installing via debian live image

[Curt]

On 2020-02-03, Thomas Schmitt  wrote:
> Hi,
>
> Tamar Nirenberg's apt-get wrote:
>> > Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get
>> >  update cannot be used to add new CD-ROMs
>
> Curt wrote:
>> Is that what he did (use apt-cdrom) to add the local repository?
>
> Dunno. But that was a red herring caused by the "deb cdrom:" line.
> Needed is "deb file:" because the (pseudo-)repository is accessible as
> directory in a mounted filesystem on USB stick.
>

I thought he installed his OS from the
debian-live-10.2.0-amd64-gnome.iso sitting on a usb stick.

I'm uncertain why, for example
 
 apt-cdrom -d /usbmountpoint/ add

would not be operational here (if the appropriate /etc/fstab entry
exists).

That is, if live cd repositories work the same way as regular old cd
repositories.

-- 
"J'ai pour me guérir du jugement des autres toute la distance qui me sépare de
moi." Antonin Artaud

can't mount sdf1 in stretch, gparted claims its fat32

[Gene Heskett]

Greetings all;

I want to look at its directory structure because its different, and I'd 
like to deduce how to generate it in a kernel make for a newer, 
preempt-rt kernel.

Thanks for any enlightenment.
 
Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

[SOLVED] Re: Delay evolution-*-factory startup

[Jim Popovitch]

On Mon, 2020-02-03 at 10:24 -0500, Jim Popovitch wrote:
> On Mon, 2020-02-03 at 15:19 +, Nektarios Katakis wrote:
> > Στις 2020-02-03 14:59, Jim Popovitch έγραψε:
> > > On Mon, 2020-02-03 at 14:49 +, Nektarios Katakis wrote:
> > > > Στις 2020-02-03 14:24, Jim Popovitch έγραψε:
> > > > > On Mon, 2020-02-03 at 14:07 +, Nektarios Katakis wrote:
> > > > > > Στις 2020-02-03 12:59, Jim Popovitch έγραψε:
> > > > > > > Hello!
> > > > > > > 
> > > > > > > Is there a way in Buster+Cinnamon to disable evolution-
> > > > > > > (calendar|addressbook)-factory until after a VPN has connected?
> > > > > > > 
> > > > > > > Everytime I login and start Evolution I have a handful of blue
> > > > > > > warnings,
> > > > > > > that I must clear, because Evolution was unable to connect to 
> > > > > > > services
> > > > > > > only available over a VPN. By the time I clear the blue warnings 
> > > > > > > the
> > > > > > > VPN
> > > > > > > is active, the warning just accrue after login and before network
> > > > > > > manager activates the VPN.
> > > > > > > 
> > > > > > > -Jim P.
> > > > > > 
> > > > > > You can run the VPN as a systemd user service as the Evolution is 
> > > > > > now.
> > > > > > And put VPN service to run before the evolution one.
> > > > > 
> > > > > The NetworkManager-OVPN depends on user configuration, therefore the
> > > > > VPN won't start until after user login.
> > > > 
> > > > The calendar service should be the same. Since it s a user service it
> > > > starts after you login.
> > > 
> > > It does, but I don't want it started until after it can reach the
> > > calendar server (which is only available on the VPN).
> > > 
> > > > > > Alternatively you can disable evolution from starting automatically
> > > > > > and
> > > > > > do it once you have connected manually in your VPN.
> > > > 
> > > > To disable it you can try: `systemctl --user disable
> > > > evolution-calendar-factory.service`
> > > > Alternatively you can remove the WantedBy block from the unit file.
> > > 
> > > Thanks again, unfortunately that doesn't seem to survive a reboot. :-(
> > > 
> > > I tried disabling all evolution related services, but they still 
> > > startup
> > > after a normal reboot
> > 
> > If no one else is using evolution on that PC you can do `rm 
> > /usr/lib/systemd/user/evolution-*`
> > 
> > When you reinstall the package you ll have the service files back 
> > anyway.
> 
> Thanks, I'd rather not do it that way.
> 
> I guess I'll open a bug with Gnome to see if they can suppress the blue
> connectivity warnings at startup as there is no need to report an error
> that resolves itself once the user has started the application.

While messing around with some Evolution settings I resolved this
problem by setting:
   Evolution -> Preferences -> Network Preferences -> 
Method to detect online state = Network Manager.  

Bam! Problem solved.

-Jim P.

Re: could not resolve deb.debian.org after installing via debian live image

[Brian]

On Mon 03 Feb 2020 at 16:30:25 -, Curt wrote:

> On 2020-02-03, Brian  wrote:
> >  
> >> Aren't any sources.list experts present who could keep me from guessing
> >> around ?
> >
> > You are doing ok without us so-called experts.
> >
> 
>  Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get
>  update cannot be used to add new CD-ROMs
> 
> was the error message he received earlier (amongst others).
> 
> Is that what he did (use apt-cdrom) to add the local repository? I can't
> find that critical detail somehow in the thread.

No, Tamar Nirenberg did not add a cdrom://... line in his sources.list.
Note the date that goes with it - 2019-11-16T10:36. It would have been
added and commented out by the installer. He has uncommented it. This
has not led to the outcome he desired but, as I said, it makes the
screen output more complicated than it need be. My procedure, when
testing a sources.list, is to have only a single operative line.

-- 
Brian.

Re: OT red por cable con portal captivo sin trafico interno.

[Ramses]

El 3 de febrero de 2020 15:59:03 CET, Paynalton  escribió:
>El lun., 3 de febrero de 2020 8:42 a. m., Ramses
>
>escribió:
>
>> El 3 de febrero de 2020 15:33:46 CET, Paynalton
>
>> escribió:
>> >El lun., 3 de febrero de 2020 8:00 a. m., Ramses
>> >
>> >escribió:
>> >
>> >> El 3 de febrero de 2020 14:34:00 CET, Paynalton
>> >
>> >> escribió:
>> >> >El lun., 3 de febrero de 2020 2:26 a. m., Antonio Trujillo
>Carmona <
>> >> >antonio.trujillo.s...@juntadeandalucia.es> escribió:
>> >> >
>> >> >> El 1/2/20 a las 14:14, Ramses escribió:
>> >> >> > El 31 de enero de 2020 12:04:37 CET, Antonio Trujillo Carmona
><
>> >> >> antonio.trujillo.s...@juntadeandalucia.es> escribió:
>> >> >> >> El 29/1/20 a las 17:41, Paynalton escribió:
>> >> >> >>>
>> >> >> >>>
>> >> >> >>> El mié., 29 ene. 2020 a las 7:40, Antonio Trujillo Carmona
>> >> >> >>> (> >> >> >>> >)
>escribió:
>> >> >> >>>
>> >> >> >>> El 28/1/20 a las 8:42, Antonio Trujillo Carmona
>escribió:
>> >> >> >>> > En nuestro hospital tenemos una VLan de gracia
>para
>> >los
>> >> >> >>> equipos no
>> >> >> >>> > identificados.
>> >> >> >>> > Debido al abuso que se hace de esa vlan nos estamos
>> >> >planteando
>> >> >> >>> poner un
>> >> >> >>> > portal de validación y anular el trafico interno.
>> >> >> >>> > No se trata tanto de bloquear o filtrar usuarios como
>de
>> >> >evitar
>> >> >> >>> que se
>> >> >> >>> > puedan conectar dispositivos electromédicos u OT a la
>> >red,
>> >> >por
>> >> >> >>> lo que no
>> >> >> >>> > es importante el nivel de seguridad, cualquier
>elección
>> >> >haría
>> >> >> >> que un
>> >> >> >>> > dispositivo automático fallara en adquirir red, que
>es
>> >lo
>> >> >que
>> >> >> >>> buscamos.
>> >> >> >>> > Los conmutadores (HP procurbe) solo admiten 2 de 3
>> >posibles
>> >> >> >>> formas de
>> >> >> >>> > acceso y tienen activado el filtrado 802.1x y por
>MAC,
>> >por
>> >> >lo
>> >> >> >>> que no se
>> >> >> >>> > puede activar el acceso web.
>> >> >> >>> > ¿Alguna idea?
>> >> >> >>> >
>> >> >> >>> Muchas gracias a todos por las respuestas.
>> >> >> >>>
>> >> >> >>> Realmente mi pregunta no iba sobre que portal usar,
>aunque
>> >> >> >>> agradezco los
>> >> >> >>> apuntes y los probare, si no por como configurar una
>red
>> >por
>> >> >dhcp
>> >> >> >> para
>> >> >> >>> que los equipos que estén en la misma red y en el mismo
>> >> >> >> conmutador
>> >> >> >>> (switch) no se vean entre ellos.
>> >> >> >>>
>> >> >> >>>
>> >> >> >>>
>> >> >> >>> Para mantener aislamiento debes usar vlans, manteniendo a
>la
>> >red
>> >> >> >>> médica en una vlan y la red pública en otra.
>> >> >> >>>
>> >> >> >>> El mismo DHCP puede decidir a qué vlan se va cada equipo y
>qué
>> >> >> >>> servicios puede tener.
>> >> >> >>>
>> >> >> >>> En el gateway de la red pública debes colocar un acceso por
>> >proxy
>> >> >> >>> controlado por temporizador como te había mencionado en un
>> >correo
>> >> >> >>> anterior.
>> >> >> >>>
>> >> >> >>> El DHCP debe entregar la ruta de un wpad para la
>configuración
>> >> >> >>> automática del proxy.
>> >> >> >>>
>> >> >> >>> Debes tener un servicio web que entregue el archivo wpad,
>el
>> >cual
>> >> >> >>> indicará que la salida a internet es a través del proxy.
>> >> >> >>>
>> >> >> >>> Así, en un caso de uso típico sucede:
>> >> >> >>>
>> >> >> >>> Caso A:
>> >> >> >>>
>> >> >> >>> -visitante llega con su teléfono.
>> >> >> >>> -visitante se conecta a la red pública abierta
>> >> >> >>> -teléfono solicita configuración al DHCP
>> >> >> >>> -DHCP entrega configuración de red y una ruta para wpad
>> >> >> >>> -visitante intenta entrar a internet
>> >> >> >>> -navegador del teléfono consulta el wpad
>> >> >> >>> -navegador redirige la petición al proxy
>> >> >> >>> -proxy redirige al visitante a una página de error donde le
>> >pide
>> >> >> >>> contraseña, o una encuesta o la foto de la enfermera Salo
>en
>> >> >traje de
>> >> >> >> baño
>> >> >> >>> -visitante interactúa con la página y gana el acceso
>> >temporizado
>> >> >> >>> -proxy permite el acceso por 15 minutos antes de mostrar de
>> >nuevo
>> >> >el
>> >> >> >>> pack de verano de la enfermera Salo.
>> >> >> >>>
>> >> >> >>> Caso B:
>> >> >> >>>
>> >> >> >>> -llega un interno con un novedoso aparato que no sirve para
>> >nada
>> >> >pero
>> >> >> >>> que consiguió barato en amazon.
>> >> >> >>> -interno conecta el aparato a la red pública por flojera de
>ir
>> >a
>> >> >> >>> sistemas a pedir acceso
>> >> >> >>> -aparato no tiene navegador, por lo que no puede ver las
>> >> >candentes
>> >> >> >>> fotos de la enfermera Salo
>> >> >> >>> -aparato no logra conectarse y el interno no tiene más
>remedio
>> >> >que ir
>> >> >> >>> a pedir acceso a la red controlada.
>> >> >> >>> -Helpdesk registra macaddress en el DHCP
>> >> >> >>> -aparato se vuelve a conectar a la red
>> >> >> >>> -DHCP encuentra al 

Re: [epilogue] cpu frequence

[Stefan Monnier]

> in fact when I restarted my laptop the problem returned.
> By reading the link  https://wiki.debian.org/CpuFrequencyScaling more 
> carefully

Note that this page is pretty old/outdated.  AFAIK nowadays the better
option is to just throw away most of those tools and configs and just
use the default (unless your needs are unusual and you know what you're
doing).


Stefan

Re: could not resolve deb.debian.org after installing via debian live image

[Thomas Schmitt]

Hi,

Tamar Nirenberg's apt-get wrote:
> > Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get
> >  update cannot be used to add new CD-ROMs

Curt wrote:
> Is that what he did (use apt-cdrom) to add the local repository?

Dunno. But that was a red herring caused by the "deb cdrom:" line.
Needed is "deb file:" because the (pseudo-)repository is accessible as
directory in a mounted filesystem on USB stick.

We seem to have found the solution in

  deb [trusted=yes] file:...parent.directory.of.dist.and.pool...

as Brian confirms.
But only to recognize that the desired .deb package is not in the ISO.
Whether it makes sense to install the .udeb against the warning would
have to be tested, if obtaining a pool with the .deb is not an option.


Have a nice day :)

Thomas

Re: could not resolve deb.debian.org after installing via debian live image

[Curt]

On 2020-02-03, Brian  wrote:
>  
>> Aren't any sources.list experts present who could keep me from guessing
>> around ?
>
> You are doing ok without us so-called experts.
>

 Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get
 update cannot be used to add new CD-ROMs

was the error message he received earlier (amongst others).

Is that what he did (use apt-cdrom) to add the local repository? I can't
find that critical detail somehow in the thread.

-- 
"J'ai pour me guérir du jugement des autres toute la distance qui me sépare de
moi." Antonin Artaud

Re: identity confusion

[Wayne Sallee]

 Original Message 
*Subject: *  Re: identity confusion
*From: * The Wanderer 
*To: * Debian-user 
*CC: *
*Date: *  2020-1-24  01:19 PM

I've just re-checked the raw message, and although I could have sworn
I'd seen a plain-text version of the message included (at the bottom,
after the HTML version), I'm not seeing it now; I just see the HTML
block. So unless something has magically modified this on my end but
still displays it the same way, I may have mis-reported initially.


You probably looked at the source of my first post. I have my mailer (Thunderbird) set up to send e-mail by default as 
text, but if I reply to an e-mail that is html, thunderbird will reply as html. For some reason thunderbird thought that 
his e-mail needed to be replied to as html.


Realizing that this list was not set as text ( I thought I had already done that), I set this list as as text, and did a 
test reply to the same e-mail post, [but sent it to myself (with my user {address book entry} set as text) ], and it 
sent as text. Then I replied to his second e-mail post, and it sent as text.


Now if someone posts to the list with html, and I reply to it, it will probably go out as html unless I catch it, and 
change it, before it goes out. There is another switch in thunderbird for that, but if that is switched, it will let out 
the insert picture bug. And I don't want to let out the insert picture bug. :-)


Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com

Re: apache2 virtual host

[john doe]

On 2/3/2020 4:55 PM, Russell L. Harris wrote:
> On Mon, Feb 03, 2020 at 07:42:12AM +, Andy Smith wrote:
>> Does calling it as:
>>
>> # /usr/sbin/a2ensite ???
>>
>> work?
>
> root@penelope:/usr/sbin# /usr/sbin/a2ensite
> Your choices are: 000-default default-ssl domain1.com domain2.com
> Which site(s) do you want to enable (wildcards ok)?
> domain1.com
> Enabling site domain1.com.
> To activate the new configuration, you need to run:
>  systemctl reload apache2
>  root@penelope:/usr/sbin# /usr/sbin/a2ensite domain2.com
>  Enabling site domain2.com.
>  To activate the new configuration, you need to run:
>    systemctl reload apache2
>    root@penelope:/usr/sbin# systemctl reload apache2
>    Job for apache2.service failed.
>    See "systemctl status apache2.service" and "journalctl -xe" for
>    details.
>    root@penelope:/usr/sbin#
>   

Give us the output of the mention commands.

--
John Doe

Re: apache2 virtual host

[Russell L. Harris]

On Mon, Feb 03, 2020 at 07:42:12AM +, Andy Smith wrote:

Does calling it as:

# /usr/sbin/a2ensite ???

work?


root@penelope:/usr/sbin# /usr/sbin/a2ensite
Your choices are: 000-default default-ssl domain1.com domain2.com
Which site(s) do you want to enable (wildcards ok)?
domain1.com
Enabling site domain1.com.
To activate the new configuration, you need to run:
 systemctl reload apache2
 root@penelope:/usr/sbin# /usr/sbin/a2ensite domain2.com
 Enabling site domain2.com.
 To activate the new configuration, you need to run:
   systemctl reload apache2
   root@penelope:/usr/sbin# systemctl reload apache2
   Job for apache2.service failed.
   See "systemctl status apache2.service" and "journalctl -xe" for
   details.
   root@penelope:/usr/sbin#
   

Re: Delay evolution-*-factory startup

[Jim Popovitch]

On Mon, 2020-02-03 at 15:19 +, Nektarios Katakis wrote:
> Στις 2020-02-03 14:59, Jim Popovitch έγραψε:
> > On Mon, 2020-02-03 at 14:49 +, Nektarios Katakis wrote:
> > > Στις 2020-02-03 14:24, Jim Popovitch έγραψε:
> > > > On Mon, 2020-02-03 at 14:07 +, Nektarios Katakis wrote:
> > > > > Στις 2020-02-03 12:59, Jim Popovitch έγραψε:
> > > > > > Hello!
> > > > > > 
> > > > > > Is there a way in Buster+Cinnamon to disable evolution-
> > > > > > (calendar|addressbook)-factory until after a VPN has connected?
> > > > > > 
> > > > > > Everytime I login and start Evolution I have a handful of blue
> > > > > > warnings,
> > > > > > that I must clear, because Evolution was unable to connect to 
> > > > > > services
> > > > > > only available over a VPN. By the time I clear the blue warnings the
> > > > > > VPN
> > > > > > is active, the warning just accrue after login and before network
> > > > > > manager activates the VPN.
> > > > > > 
> > > > > > -Jim P.
> > > > > 
> > > > > You can run the VPN as a systemd user service as the Evolution is now.
> > > > > And put VPN service to run before the evolution one.
> > > > 
> > > > The NetworkManager-OVPN depends on user configuration, therefore the
> > > > VPN won't start until after user login.
> > > 
> > > The calendar service should be the same. Since it s a user service it
> > > starts after you login.
> > 
> > It does, but I don't want it started until after it can reach the
> > calendar server (which is only available on the VPN).
> > 
> > > > > Alternatively you can disable evolution from starting automatically
> > > > > and
> > > > > do it once you have connected manually in your VPN.
> > > 
> > > To disable it you can try: `systemctl --user disable
> > > evolution-calendar-factory.service`
> > > Alternatively you can remove the WantedBy block from the unit file.
> > 
> > Thanks again, unfortunately that doesn't seem to survive a reboot. :-(
> > 
> > I tried disabling all evolution related services, but they still 
> > startup
> > after a normal reboot
> 
> If no one else is using evolution on that PC you can do `rm 
> /usr/lib/systemd/user/evolution-*`
> 
> When you reinstall the package you ll have the service files back 
> anyway.

Thanks, I'd rather not do it that way.

I guess I'll open a bug with Gnome to see if they can suppress the blue
connectivity warnings at startup as there is no need to report an error
that resolves itself once the user has started the application.

-Jim P.

Re: identity confusion

[Tony van der Hoff]

On 03/02/2020 15:11, to...@tuxteam.de wrote:

On Mon, Feb 03, 2020 at 09:57:13AM -0500, Wayne Sallee wrote:
[...]


That's strange I thought I had it set for text for this list. But it wasn't. 
It's fixed now.


Things happen. It is now. And I thank you very much :-)

Cheers
-- tomás


 Now all *you* need to do is fix your sig.sep :)

--
Tony van der Hoff| mailto:t...@vanderhoff.org
Buckinghamshire, England |

Re: Delay evolution-*-factory startup

[Nektarios Katakis]

Στις 2020-02-03 14:59, Jim Popovitch έγραψε:

On Mon, 2020-02-03 at 14:49 +, Nektarios Katakis wrote:

Στις 2020-02-03 14:24, Jim Popovitch έγραψε:
> On Mon, 2020-02-03 at 14:07 +, Nektarios Katakis wrote:
> > Στις 2020-02-03 12:59, Jim Popovitch έγραψε:
> > > Hello!
> > >
> > > Is there a way in Buster+Cinnamon to disable evolution-
> > > (calendar|addressbook)-factory until after a VPN has connected?
> > >
> > > Everytime I login and start Evolution I have a handful of blue
> > > warnings,
> > > that I must clear, because Evolution was unable to connect to services
> > > only available over a VPN. By the time I clear the blue warnings the
> > > VPN
> > > is active, the warning just accrue after login and before network
> > > manager activates the VPN.
> > >
> > > -Jim P.
> >
> > You can run the VPN as a systemd user service as the Evolution is now.
> > And put VPN service to run before the evolution one.
>
> The NetworkManager-OVPN depends on user configuration, therefore the
> VPN won't start until after user login.

The calendar service should be the same. Since it s a user service it
starts after you login.


It does, but I don't want it started until after it can reach the
calendar server (which is only available on the VPN).


> > Alternatively you can disable evolution from starting automatically
> > and
> > do it once you have connected manually in your VPN.

To disable it you can try: `systemctl --user disable
evolution-calendar-factory.service`
Alternatively you can remove the WantedBy block from the unit file.


Thanks again, unfortunately that doesn't seem to survive a reboot. :-(

I tried disabling all evolution related services, but they still 
startup

after a normal reboot


If no one else is using evolution on that PC you can do `rm 
/usr/lib/systemd/user/evolution-*`


When you reinstall the package you ll have the service files back 
anyway.




-Jim P.


---
Regards,
Nektarios Katakis

Re: identity confusion

[tomas]

On Mon, Feb 03, 2020 at 09:57:13AM -0500, Wayne Sallee wrote:
[...] 

> That's strange I thought I had it set for text for this list. But it wasn't. 
> It's fixed now.

Things happen. It is now. And I thank you very much :-)

Cheers
-- tomás


signature.asc
Description: Digital signature

Re: apache2 virtual host

[Daryl]

On Mon, 3 Feb 2020 07:40:25 +
"Russell L. Harris"  wrote:

> On Mon, Feb 03, 2020 at 08:29:30AM +0100, john doe wrote:
> >What is the content of your 'PATH' env?
> >
> >$ printf "%s\n" "$PATH"  
> 
> root@penelope:/usr/sbin# printf "%s\n" "$PATH"
> /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
> 
> I really must turn in for the night, and resume this on the morrow.
> RLH
> 

a2ensite just a different way to
link /etc/apache2/sites-available/domain1.com.conf
to /etc/apache2/sites-enabled/domain1.com.conf

ln
-s /etc/apache2/sites-available/domain1.com.conf 
/etc/apache2/sites-enabled/domain1.com.conf

Re: could not resolve deb.debian.org after installing via debian live image

[Brian]

On Mon 03 Feb 2020 at 10:00:23 +0100, Thomas Schmitt wrote:

> Hi,
> 
> Tamar Nirenberg's apt-get wrote:
> > Err:3 cdrom://[Official Debian GNU/Linux Live 10.2.0 gnome 2019-11-16T10:36]
> > buster Release
> > Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update
> > cannot be used to add new CD-ROMs
> > [...]
> > E: The repository 'cdrom://[Official Debian GNU/Linux Live 10.2.0 gnome
> > 2019-11-16T10:36] buster Release' does not have a Release file.
> 
> Do you have "deb cdrom:" lines in your sources.list ?
> If so, comment them out and try whether these complaints vanish.

The complaints will probably not vanish but commenting this source out
makes it easier to interpret the output of 'apt update'.
 
> > E: The repository 'file:/media/deploy/UUI buster Release' is not signed.
> > N: Updating from such a repository can't be done securely, and is therefore
> > disabled by default.
> > N: See apt-secure(8) manpage for repository creation and user configuration
> > details.

I get that without [trusted=yes].

> I understand that apt-secure can be used to create a signed repo.
> I assume that you'd have to copy the ./dist and ./pool trees to a writable
> filesystem before producing the signature.

This route very much complicates matters, IMO.

> But the internet proposes as quick workaround in sources.list:
> 
>   deb [trusted=yes] file:/media/deploy/UUI buster main
 
> (documented in man sources.list)

Works for me.

> -
> 
> Aren't any sources.list experts present who could keep me from guessing
> around ?

You are doing ok without us so-called experts.

-- 
Brian.

Re: OT red por cable con portal captivo sin trafico interno.

[Paynalton]

El lun., 3 de febrero de 2020 8:42 a. m., Ramses 
escribió:

> El 3 de febrero de 2020 15:33:46 CET, Paynalton 
> escribió:
> >El lun., 3 de febrero de 2020 8:00 a. m., Ramses
> >
> >escribió:
> >
> >> El 3 de febrero de 2020 14:34:00 CET, Paynalton
> >
> >> escribió:
> >> >El lun., 3 de febrero de 2020 2:26 a. m., Antonio Trujillo Carmona <
> >> >antonio.trujillo.s...@juntadeandalucia.es> escribió:
> >> >
> >> >> El 1/2/20 a las 14:14, Ramses escribió:
> >> >> > El 31 de enero de 2020 12:04:37 CET, Antonio Trujillo Carmona <
> >> >> antonio.trujillo.s...@juntadeandalucia.es> escribió:
> >> >> >> El 29/1/20 a las 17:41, Paynalton escribió:
> >> >> >>>
> >> >> >>>
> >> >> >>> El mié., 29 ene. 2020 a las 7:40, Antonio Trujillo Carmona
> >> >> >>> ( >> >> >>> >) escribió:
> >> >> >>>
> >> >> >>> El 28/1/20 a las 8:42, Antonio Trujillo Carmona escribió:
> >> >> >>> > En nuestro hospital tenemos una VLan de gracia para
> >los
> >> >> >>> equipos no
> >> >> >>> > identificados.
> >> >> >>> > Debido al abuso que se hace de esa vlan nos estamos
> >> >planteando
> >> >> >>> poner un
> >> >> >>> > portal de validación y anular el trafico interno.
> >> >> >>> > No se trata tanto de bloquear o filtrar usuarios como de
> >> >evitar
> >> >> >>> que se
> >> >> >>> > puedan conectar dispositivos electromédicos u OT a la
> >red,
> >> >por
> >> >> >>> lo que no
> >> >> >>> > es importante el nivel de seguridad, cualquier elección
> >> >haría
> >> >> >> que un
> >> >> >>> > dispositivo automático fallara en adquirir red, que es
> >lo
> >> >que
> >> >> >>> buscamos.
> >> >> >>> > Los conmutadores (HP procurbe) solo admiten 2 de 3
> >posibles
> >> >> >>> formas de
> >> >> >>> > acceso y tienen activado el filtrado 802.1x y por MAC,
> >por
> >> >lo
> >> >> >>> que no se
> >> >> >>> > puede activar el acceso web.
> >> >> >>> > ¿Alguna idea?
> >> >> >>> >
> >> >> >>> Muchas gracias a todos por las respuestas.
> >> >> >>>
> >> >> >>> Realmente mi pregunta no iba sobre que portal usar, aunque
> >> >> >>> agradezco los
> >> >> >>> apuntes y los probare, si no por como configurar una red
> >por
> >> >dhcp
> >> >> >> para
> >> >> >>> que los equipos que estén en la misma red y en el mismo
> >> >> >> conmutador
> >> >> >>> (switch) no se vean entre ellos.
> >> >> >>>
> >> >> >>>
> >> >> >>>
> >> >> >>> Para mantener aislamiento debes usar vlans, manteniendo a la
> >red
> >> >> >>> médica en una vlan y la red pública en otra.
> >> >> >>>
> >> >> >>> El mismo DHCP puede decidir a qué vlan se va cada equipo y qué
> >> >> >>> servicios puede tener.
> >> >> >>>
> >> >> >>> En el gateway de la red pública debes colocar un acceso por
> >proxy
> >> >> >>> controlado por temporizador como te había mencionado en un
> >correo
> >> >> >>> anterior.
> >> >> >>>
> >> >> >>> El DHCP debe entregar la ruta de un wpad para la configuración
> >> >> >>> automática del proxy.
> >> >> >>>
> >> >> >>> Debes tener un servicio web que entregue el archivo wpad, el
> >cual
> >> >> >>> indicará que la salida a internet es a través del proxy.
> >> >> >>>
> >> >> >>> Así, en un caso de uso típico sucede:
> >> >> >>>
> >> >> >>> Caso A:
> >> >> >>>
> >> >> >>> -visitante llega con su teléfono.
> >> >> >>> -visitante se conecta a la red pública abierta
> >> >> >>> -teléfono solicita configuración al DHCP
> >> >> >>> -DHCP entrega configuración de red y una ruta para wpad
> >> >> >>> -visitante intenta entrar a internet
> >> >> >>> -navegador del teléfono consulta el wpad
> >> >> >>> -navegador redirige la petición al proxy
> >> >> >>> -proxy redirige al visitante a una página de error donde le
> >pide
> >> >> >>> contraseña, o una encuesta o la foto de la enfermera Salo en
> >> >traje de
> >> >> >> baño
> >> >> >>> -visitante interactúa con la página y gana el acceso
> >temporizado
> >> >> >>> -proxy permite el acceso por 15 minutos antes de mostrar de
> >nuevo
> >> >el
> >> >> >>> pack de verano de la enfermera Salo.
> >> >> >>>
> >> >> >>> Caso B:
> >> >> >>>
> >> >> >>> -llega un interno con un novedoso aparato que no sirve para
> >nada
> >> >pero
> >> >> >>> que consiguió barato en amazon.
> >> >> >>> -interno conecta el aparato a la red pública por flojera de ir
> >a
> >> >> >>> sistemas a pedir acceso
> >> >> >>> -aparato no tiene navegador, por lo que no puede ver las
> >> >candentes
> >> >> >>> fotos de la enfermera Salo
> >> >> >>> -aparato no logra conectarse y el interno no tiene más remedio
> >> >que ir
> >> >> >>> a pedir acceso a la red controlada.
> >> >> >>> -Helpdesk registra macaddress en el DHCP
> >> >> >>> -aparato se vuelve a conectar a la red
> >> >> >>> -DHCP encuentra al aparato en su waitlist y entrega IP de la
> >vlan
> >> >> >>> controlada.
> >> >> >>>
> >> >> >> Muchas gracias por las aportaciones.
> >> >> >>
> >> >> >> Si esto ya lo se, se trata de evitar que llegue un 

Re: Delay evolution-*-factory startup

[Jim Popovitch]

On Mon, 2020-02-03 at 14:49 +, Nektarios Katakis wrote:
> Στις 2020-02-03 14:24, Jim Popovitch έγραψε:
> > On Mon, 2020-02-03 at 14:07 +, Nektarios Katakis wrote:
> > > Στις 2020-02-03 12:59, Jim Popovitch έγραψε:
> > > > Hello!
> > > > 
> > > > Is there a way in Buster+Cinnamon to disable evolution-
> > > > (calendar|addressbook)-factory until after a VPN has connected?
> > > > 
> > > > Everytime I login and start Evolution I have a handful of blue
> > > > warnings,
> > > > that I must clear, because Evolution was unable to connect to services
> > > > only available over a VPN. By the time I clear the blue warnings the
> > > > VPN
> > > > is active, the warning just accrue after login and before network
> > > > manager activates the VPN.
> > > > 
> > > > -Jim P.
> > > 
> > > You can run the VPN as a systemd user service as the Evolution is now.
> > > And put VPN service to run before the evolution one.
> > 
> > The NetworkManager-OVPN depends on user configuration, therefore the 
> > VPN won't start until after user login.
> 
> The calendar service should be the same. Since it s a user service it 
> starts after you login.

It does, but I don't want it started until after it can reach the
calendar server (which is only available on the VPN).

> > > Alternatively you can disable evolution from starting automatically 
> > > and
> > > do it once you have connected manually in your VPN.
> 
> To disable it you can try: `systemctl --user disable 
> evolution-calendar-factory.service`
> Alternatively you can remove the WantedBy block from the unit file.

Thanks again, unfortunately that doesn't seem to survive a reboot. :-(

I tried disabling all evolution related services, but they still startup
after a normal reboot

-Jim P.

Re: identity confusion

[Wayne Sallee]

 Original Message 
*Subject: *  Re: identity confusion
*From: * Tomas 
*To: * Debian-user 
*CC: *
*Date: *  2020-1-24  12:06 PM

You're very welcome. One small request -- could you teach your
mailer to not send HTML? I was hard-pressed to make heads or
tails of your response.

Pretty please?

Cheers & thanks
-- tomás


That's strange I thought I had it set for text for this list. But it wasn't. 
It's fixed now.

Wayne Sallee
wa...@waynesallee.com
http://www.WayneSallee.com

Re: Delay evolution-*-factory startup

[Nektarios Katakis]

Στις 2020-02-03 14:24, Jim Popovitch έγραψε:

On Mon, 2020-02-03 at 14:07 +, Nektarios Katakis wrote:

Στις 2020-02-03 12:59, Jim Popovitch έγραψε:
> Hello!
>
> Is there a way in Buster+Cinnamon to disable evolution-
> (calendar|addressbook)-factory until after a VPN has connected?
>
> Everytime I login and start Evolution I have a handful of blue
> warnings,
> that I must clear, because Evolution was unable to connect to services
> only available over a VPN. By the time I clear the blue warnings the
> VPN
> is active, the warning just accrue after login and before network
> manager activates the VPN.
>
> -Jim P.

You can run the VPN as a systemd user service as the Evolution is now.
And put VPN service to run before the evolution one.


The NetworkManager-OVPN depends on user configuration, therefore the 
VPN

won't start until after user login.


The calendar service should be the same. Since it s a user service it 
starts

after you login.



Alternatively you can disable evolution from starting automatically 
and

do it once you have connected manually in your VPN.




To disable it you can try: `systemctl --user disable 
evolution-calendar-factory.service`

Alternatively you can remove the WantedBy block from the unit file.


Thanks, any thoughts on how to do that?

-Jim P.


---
Regards,
Nektarios Katakis

Re: OT red por cable con portal captivo sin trafico interno.

[Ramses]

El 3 de febrero de 2020 15:33:46 CET, Paynalton  escribió:
>El lun., 3 de febrero de 2020 8:00 a. m., Ramses
>
>escribió:
>
>> El 3 de febrero de 2020 14:34:00 CET, Paynalton
>
>> escribió:
>> >El lun., 3 de febrero de 2020 2:26 a. m., Antonio Trujillo Carmona <
>> >antonio.trujillo.s...@juntadeandalucia.es> escribió:
>> >
>> >> El 1/2/20 a las 14:14, Ramses escribió:
>> >> > El 31 de enero de 2020 12:04:37 CET, Antonio Trujillo Carmona <
>> >> antonio.trujillo.s...@juntadeandalucia.es> escribió:
>> >> >> El 29/1/20 a las 17:41, Paynalton escribió:
>> >> >>>
>> >> >>>
>> >> >>> El mié., 29 ene. 2020 a las 7:40, Antonio Trujillo Carmona
>> >> >>> (> >> >>> >) escribió:
>> >> >>>
>> >> >>> El 28/1/20 a las 8:42, Antonio Trujillo Carmona escribió:
>> >> >>> > En nuestro hospital tenemos una VLan de gracia para
>los
>> >> >>> equipos no
>> >> >>> > identificados.
>> >> >>> > Debido al abuso que se hace de esa vlan nos estamos
>> >planteando
>> >> >>> poner un
>> >> >>> > portal de validación y anular el trafico interno.
>> >> >>> > No se trata tanto de bloquear o filtrar usuarios como de
>> >evitar
>> >> >>> que se
>> >> >>> > puedan conectar dispositivos electromédicos u OT a la
>red,
>> >por
>> >> >>> lo que no
>> >> >>> > es importante el nivel de seguridad, cualquier elección
>> >haría
>> >> >> que un
>> >> >>> > dispositivo automático fallara en adquirir red, que es
>lo
>> >que
>> >> >>> buscamos.
>> >> >>> > Los conmutadores (HP procurbe) solo admiten 2 de 3
>posibles
>> >> >>> formas de
>> >> >>> > acceso y tienen activado el filtrado 802.1x y por MAC,
>por
>> >lo
>> >> >>> que no se
>> >> >>> > puede activar el acceso web.
>> >> >>> > ¿Alguna idea?
>> >> >>> >
>> >> >>> Muchas gracias a todos por las respuestas.
>> >> >>>
>> >> >>> Realmente mi pregunta no iba sobre que portal usar, aunque
>> >> >>> agradezco los
>> >> >>> apuntes y los probare, si no por como configurar una red
>por
>> >dhcp
>> >> >> para
>> >> >>> que los equipos que estén en la misma red y en el mismo
>> >> >> conmutador
>> >> >>> (switch) no se vean entre ellos.
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> Para mantener aislamiento debes usar vlans, manteniendo a la
>red
>> >> >>> médica en una vlan y la red pública en otra.
>> >> >>>
>> >> >>> El mismo DHCP puede decidir a qué vlan se va cada equipo y qué
>> >> >>> servicios puede tener.
>> >> >>>
>> >> >>> En el gateway de la red pública debes colocar un acceso por
>proxy
>> >> >>> controlado por temporizador como te había mencionado en un
>correo
>> >> >>> anterior.
>> >> >>>
>> >> >>> El DHCP debe entregar la ruta de un wpad para la configuración
>> >> >>> automática del proxy.
>> >> >>>
>> >> >>> Debes tener un servicio web que entregue el archivo wpad, el
>cual
>> >> >>> indicará que la salida a internet es a través del proxy.
>> >> >>>
>> >> >>> Así, en un caso de uso típico sucede:
>> >> >>>
>> >> >>> Caso A:
>> >> >>>
>> >> >>> -visitante llega con su teléfono.
>> >> >>> -visitante se conecta a la red pública abierta
>> >> >>> -teléfono solicita configuración al DHCP
>> >> >>> -DHCP entrega configuración de red y una ruta para wpad
>> >> >>> -visitante intenta entrar a internet
>> >> >>> -navegador del teléfono consulta el wpad
>> >> >>> -navegador redirige la petición al proxy
>> >> >>> -proxy redirige al visitante a una página de error donde le
>pide
>> >> >>> contraseña, o una encuesta o la foto de la enfermera Salo en
>> >traje de
>> >> >> baño
>> >> >>> -visitante interactúa con la página y gana el acceso
>temporizado
>> >> >>> -proxy permite el acceso por 15 minutos antes de mostrar de
>nuevo
>> >el
>> >> >>> pack de verano de la enfermera Salo.
>> >> >>>
>> >> >>> Caso B:
>> >> >>>
>> >> >>> -llega un interno con un novedoso aparato que no sirve para
>nada
>> >pero
>> >> >>> que consiguió barato en amazon.
>> >> >>> -interno conecta el aparato a la red pública por flojera de ir
>a
>> >> >>> sistemas a pedir acceso
>> >> >>> -aparato no tiene navegador, por lo que no puede ver las
>> >candentes
>> >> >>> fotos de la enfermera Salo
>> >> >>> -aparato no logra conectarse y el interno no tiene más remedio
>> >que ir
>> >> >>> a pedir acceso a la red controlada.
>> >> >>> -Helpdesk registra macaddress en el DHCP
>> >> >>> -aparato se vuelve a conectar a la red
>> >> >>> -DHCP encuentra al aparato en su waitlist y entrega IP de la
>vlan
>> >> >>> controlada.
>> >> >>>
>> >> >> Muchas gracias por las aportaciones.
>> >> >>
>> >> >> Si esto ya lo se, se trata de evitar que llegue un laboratorio
>e
>> >> >> instale
>> >> >> unos equipos sin pasar por el servicio de informática, en la
>> >> >> actualidad,
>> >> >> como no están identificados van a parar a la VLAN de gracia
>donde
>> >si se
>> >> >> ven entre ellos y verifican el funcionamiento con el portatil
>que
>> >lleva
>> >> >> el instalador, lo dan por bueno y se 

Re: could not resolve deb.debian.org after installing via debian live image

[Thomas Schmitt]

Hi,

(where are the DDs when Debian has to be explained ?)

Tamar Nirenberg wrote:
> root@deploy-pc:~# apt-get install openssh-server
> E: Unable to locate package openssh-server
> I see in debian-live-10.2.0-amd64-gnome.contents [cdimage.debian.org] these:
> /pool/main/o/openssh/openssh-server-udeb_7.9p1-10+deb10u1_amd64.udeb

Moan. This is openssh-server-udeb, not openssh-server.

  https://packages.debian.org/unstable/openssh-server-udeb
says
  Warning: This package is intended for the use in building debian-installer
  images only. Do not install it on a normal Debian system.

  https://packages.debian.org/unstable/openssh-server
says
  This package provides the sshd server.
But it is not in the Live ISO's pool.
(wc counts 435 .udeb and 45 .deb in the pool. So it seems not to be
 intended as repository.)


You will need to get some larger pool and put it on USB stick.
Let us search:

  https://cdimage-search.debian.org/
  [v] "release (The most recent release of Debian, currently 10.2.0)"
  (*) "exact filename search (faster); shell globs (*,?) are permitted"
  openssh-server*amd64*

yields:

 1. openssh-server-udeb_7.9p1-10+deb10u1_amd64.udeb appears in:
...
 2. openssh-server_7.9p1-10+deb10u1_amd64.deb appears in:
debian-10.2.0-amd64-STICK16GB-1 (list.gz | jigdo | iso)
debian-10.2.0-amd64-BD-1 (list.gz | jigdo | iso)
debian-edu-10.2.0-amd64-BD-1 (list.gz | jigdo | iso)
debian-10.2.0-amd64-netinst (list.gz | jigdo | iso)
debian-10.2.0-amd64-xfce-CD-1 (list.gz | jigdo | iso)
debian-edu-10.2.0-amd64-netinst (list.gz | jigdo | iso)
debian-mac-10.2.0-amd64-netinst (list.gz | jigdo | iso)
debian-10.2.0-amd64-DLBD-1 (list.gz | jigdo | iso)
debian-10.2.0-amd64-DVD-1 (list.gz | jigdo | iso)
debian-update-10.2.0-amd64-DVD-2 (list.gz | jigdo | iso)
debian-10.2.0-amd64-i386-netinst (list.gz | jigdo | iso)

Depending on the size of the available USB stick, i'd download and dd to
the stick (or to a partition of it, or into a filesystem in a partition) :
  debian-10.2.0-amd64-DLBD-1   (~ 50 GB)
  debian-10.2.0-amd64-BD-1 (~ 25 GB)
  debian-10.2.0-amd64-STICK16GB-1  (guess from name)
  debian-10.2.0-amd64-DVD-1(~  4 GB)
  debian-10.2.0-amd64-netinst  (~  0.35 GB)
Then adapt sources.list to use the mounted ISO on the stick (mounted as
the whole stick device, partition, or file in its mounted host filesystem).


Have a nice day :)

Thomas

Re: OT red por cable con portal captivo sin trafico interno.

[Paynalton]

El lun., 3 de febrero de 2020 8:00 a. m., Ramses 
escribió:

> El 3 de febrero de 2020 14:34:00 CET, Paynalton 
> escribió:
> >El lun., 3 de febrero de 2020 2:26 a. m., Antonio Trujillo Carmona <
> >antonio.trujillo.s...@juntadeandalucia.es> escribió:
> >
> >> El 1/2/20 a las 14:14, Ramses escribió:
> >> > El 31 de enero de 2020 12:04:37 CET, Antonio Trujillo Carmona <
> >> antonio.trujillo.s...@juntadeandalucia.es> escribió:
> >> >> El 29/1/20 a las 17:41, Paynalton escribió:
> >> >>>
> >> >>>
> >> >>> El mié., 29 ene. 2020 a las 7:40, Antonio Trujillo Carmona
> >> >>> ( >> >>> >) escribió:
> >> >>>
> >> >>> El 28/1/20 a las 8:42, Antonio Trujillo Carmona escribió:
> >> >>> > En nuestro hospital tenemos una VLan de gracia para los
> >> >>> equipos no
> >> >>> > identificados.
> >> >>> > Debido al abuso que se hace de esa vlan nos estamos
> >planteando
> >> >>> poner un
> >> >>> > portal de validación y anular el trafico interno.
> >> >>> > No se trata tanto de bloquear o filtrar usuarios como de
> >evitar
> >> >>> que se
> >> >>> > puedan conectar dispositivos electromédicos u OT a la red,
> >por
> >> >>> lo que no
> >> >>> > es importante el nivel de seguridad, cualquier elección
> >haría
> >> >> que un
> >> >>> > dispositivo automático fallara en adquirir red, que es lo
> >que
> >> >>> buscamos.
> >> >>> > Los conmutadores (HP procurbe) solo admiten 2 de 3 posibles
> >> >>> formas de
> >> >>> > acceso y tienen activado el filtrado 802.1x y por MAC, por
> >lo
> >> >>> que no se
> >> >>> > puede activar el acceso web.
> >> >>> > ¿Alguna idea?
> >> >>> >
> >> >>> Muchas gracias a todos por las respuestas.
> >> >>>
> >> >>> Realmente mi pregunta no iba sobre que portal usar, aunque
> >> >>> agradezco los
> >> >>> apuntes y los probare, si no por como configurar una red por
> >dhcp
> >> >> para
> >> >>> que los equipos que estén en la misma red y en el mismo
> >> >> conmutador
> >> >>> (switch) no se vean entre ellos.
> >> >>>
> >> >>>
> >> >>>
> >> >>> Para mantener aislamiento debes usar vlans, manteniendo a la red
> >> >>> médica en una vlan y la red pública en otra.
> >> >>>
> >> >>> El mismo DHCP puede decidir a qué vlan se va cada equipo y qué
> >> >>> servicios puede tener.
> >> >>>
> >> >>> En el gateway de la red pública debes colocar un acceso por proxy
> >> >>> controlado por temporizador como te había mencionado en un correo
> >> >>> anterior.
> >> >>>
> >> >>> El DHCP debe entregar la ruta de un wpad para la configuración
> >> >>> automática del proxy.
> >> >>>
> >> >>> Debes tener un servicio web que entregue el archivo wpad, el cual
> >> >>> indicará que la salida a internet es a través del proxy.
> >> >>>
> >> >>> Así, en un caso de uso típico sucede:
> >> >>>
> >> >>> Caso A:
> >> >>>
> >> >>> -visitante llega con su teléfono.
> >> >>> -visitante se conecta a la red pública abierta
> >> >>> -teléfono solicita configuración al DHCP
> >> >>> -DHCP entrega configuración de red y una ruta para wpad
> >> >>> -visitante intenta entrar a internet
> >> >>> -navegador del teléfono consulta el wpad
> >> >>> -navegador redirige la petición al proxy
> >> >>> -proxy redirige al visitante a una página de error donde le pide
> >> >>> contraseña, o una encuesta o la foto de la enfermera Salo en
> >traje de
> >> >> baño
> >> >>> -visitante interactúa con la página y gana el acceso temporizado
> >> >>> -proxy permite el acceso por 15 minutos antes de mostrar de nuevo
> >el
> >> >>> pack de verano de la enfermera Salo.
> >> >>>
> >> >>> Caso B:
> >> >>>
> >> >>> -llega un interno con un novedoso aparato que no sirve para nada
> >pero
> >> >>> que consiguió barato en amazon.
> >> >>> -interno conecta el aparato a la red pública por flojera de ir a
> >> >>> sistemas a pedir acceso
> >> >>> -aparato no tiene navegador, por lo que no puede ver las
> >candentes
> >> >>> fotos de la enfermera Salo
> >> >>> -aparato no logra conectarse y el interno no tiene más remedio
> >que ir
> >> >>> a pedir acceso a la red controlada.
> >> >>> -Helpdesk registra macaddress en el DHCP
> >> >>> -aparato se vuelve a conectar a la red
> >> >>> -DHCP encuentra al aparato en su waitlist y entrega IP de la vlan
> >> >>> controlada.
> >> >>>
> >> >> Muchas gracias por las aportaciones.
> >> >>
> >> >> Si esto ya lo se, se trata de evitar que llegue un laboratorio e
> >> >> instale
> >> >> unos equipos sin pasar por el servicio de informática, en la
> >> >> actualidad,
> >> >> como no están identificados van a parar a la VLAN de gracia donde
> >si se
> >> >> ven entre ellos y verifican el funcionamiento con el portatil que
> >lleva
> >> >> el instalador, lo dan por bueno y se van, después llaman al
> >servicio de
> >> >> informática por que la red del hospital esta mal y no se ven desde
> >los
> >> >> ordenadores del hospital, porque ellos han verificado la
> >instalación
> >> 

Re:[epilogue] cpu frequence

[Gerard ROBIN]

On Sat, Feb 01, 2020 at 10:37:55PM +0100, Gerard ROBIN wrote:
> Date: Sat, 1 Feb 2020 22:37:55 +0100
> From: Gerard ROBIN 
> To: debian-user@lists.debian.org
> Subject: Re: cpu frequence
 
> On Sat, Feb 01, 2020 at 08:11:17PM +0100, Jörg-Volker Peetz wrote:
> > Date: Sat, 1 Feb 2020 20:11:17 +0100
> > From: Jörg-Volker Peetz 
> > To: debian-user@lists.debian.org
> > Subject: Re: cpu frequence
> 
> > Then, take a look at the available governors:
> > 
> > $ cat /sys/devices/system/cpu/cpufreq/policy?/scaling_available_governors
> > 
> > or using cpupower, if available. As the name says, "powersave" would be the
> > better choice.
> > Take a look at https://wiki.debian.org/CpuFrequencyScaling as how to change 
> > the
> > cpufreq governor permanently even when rebooting. I suppose, you somehow 
> > changed
> > the default behavior.
> 
> Thanks so much I selected performance powersave (I installed
> linux-cpupower) and now the frequency oscillates between 800 MHZ
> and 2.8 GHz. as with Buster. :)
 
I answered too quickly:
in fact when I restarted my laptop the problem returned.
By reading the link  https://wiki.debian.org/CpuFrequencyScaling more carefully
I understood that the laptop-mode-tools package was concerned and I noticed that
the laptop-mode-tools package is not installed in BUSTER and so I simply
uninstalled it in BULLSEYE and now it's really OK.

-- 
Gerard
___
***
Created with Mutt  1.13.2 
under Debian Linux BULLSEYE
***

Re: Delay evolution-*-factory startup

[Jim Popovitch]

On Mon, 2020-02-03 at 14:07 +, Nektarios Katakis wrote:
> Στις 2020-02-03 12:59, Jim Popovitch έγραψε:
> > Hello!
> > 
> > Is there a way in Buster+Cinnamon to disable evolution-
> > (calendar|addressbook)-factory until after a VPN has connected?
> > 
> > Everytime I login and start Evolution I have a handful of blue 
> > warnings,
> > that I must clear, because Evolution was unable to connect to services
> > only available over a VPN. By the time I clear the blue warnings the 
> > VPN
> > is active, the warning just accrue after login and before network
> > manager activates the VPN.
> > 
> > -Jim P.
> 
> You can run the VPN as a systemd user service as the Evolution is now.
> And put VPN service to run before the evolution one.

The NetworkManager-OVPN depends on user configuration, therefore the VPN
won't start until after user login.

> Alternatively you can disable evolution from starting automatically and 
> do it once you have connected manually in your VPN.

Thanks, any thoughts on how to do that?

-Jim P.

Re: apache2 virtual host

[Greg Wooledge]

On Mon, Feb 03, 2020 at 06:59:55AM +, Russell L. Harris wrote:
> I receive the following error message when attempting to enable a
> virtual host (apache2 in Debian 10):
> 
>root@penelope:/etc/apache2/sites-available# a2ensite domain1.com.conf
>bash: a2ensite: command not found

You used "su", right?

https://wiki.debian.org/NewInBuster#Changes

Re: fmtree: line 0: unknown keyword sha256digest

[Greg Wooledge]

On Sun, Feb 02, 2020 at 02:19:30PM -0800, David Christensen wrote:
> > https://wiki.debian.org/SimpleBackportCreation
> 
> The tutorial says "Add sid to your sources.list".  So, I added the following
> lines to /etc/apt/sources.list:
> 
> deb http://ftp.us.debian.org/debian/ sid main
> deb-src http://ftp.us.debian.org/debian/ sid main

  :( :( :(

Thank you for pointing out the problem.  I've changed the text on that
page.

Re: Delay evolution-*-factory startup

[Nektarios Katakis]

Στις 2020-02-03 12:59, Jim Popovitch έγραψε:

Hello!

Is there a way in Buster+Cinnamon to disable evolution-
(calendar|addressbook)-factory until after a VPN has connected?

Everytime I login and start Evolution I have a handful of blue 
warnings,

that I must clear, because Evolution was unable to connect to services
only available over a VPN. By the time I clear the blue warnings the 
VPN

is active, the warning just accrue after login and before network
manager activates the VPN.

-Jim P.


You can run the VPN as a systemd user service as the Evolution is now.
And put VPN service to run before the evolution one.

Alternatively you can disable evolution from starting automatically and 
do it

once you have connected manually in your VPN.

---
Regards,
Nektarios Katakis

Re: OT red por cable con portal captivo sin trafico interno.

[Ramses]

El 3 de febrero de 2020 14:34:00 CET, Paynalton  escribió:
>El lun., 3 de febrero de 2020 2:26 a. m., Antonio Trujillo Carmona <
>antonio.trujillo.s...@juntadeandalucia.es> escribió:
>
>> El 1/2/20 a las 14:14, Ramses escribió:
>> > El 31 de enero de 2020 12:04:37 CET, Antonio Trujillo Carmona <
>> antonio.trujillo.s...@juntadeandalucia.es> escribió:
>> >> El 29/1/20 a las 17:41, Paynalton escribió:
>> >>>
>> >>>
>> >>> El mié., 29 ene. 2020 a las 7:40, Antonio Trujillo Carmona
>> >>> (> >>> >) escribió:
>> >>>
>> >>> El 28/1/20 a las 8:42, Antonio Trujillo Carmona escribió:
>> >>> > En nuestro hospital tenemos una VLan de gracia para los
>> >>> equipos no
>> >>> > identificados.
>> >>> > Debido al abuso que se hace de esa vlan nos estamos
>planteando
>> >>> poner un
>> >>> > portal de validación y anular el trafico interno.
>> >>> > No se trata tanto de bloquear o filtrar usuarios como de
>evitar
>> >>> que se
>> >>> > puedan conectar dispositivos electromédicos u OT a la red,
>por
>> >>> lo que no
>> >>> > es importante el nivel de seguridad, cualquier elección
>haría
>> >> que un
>> >>> > dispositivo automático fallara en adquirir red, que es lo
>que
>> >>> buscamos.
>> >>> > Los conmutadores (HP procurbe) solo admiten 2 de 3 posibles
>> >>> formas de
>> >>> > acceso y tienen activado el filtrado 802.1x y por MAC, por
>lo
>> >>> que no se
>> >>> > puede activar el acceso web.
>> >>> > ¿Alguna idea?
>> >>> >
>> >>> Muchas gracias a todos por las respuestas.
>> >>>
>> >>> Realmente mi pregunta no iba sobre que portal usar, aunque
>> >>> agradezco los
>> >>> apuntes y los probare, si no por como configurar una red por
>dhcp
>> >> para
>> >>> que los equipos que estén en la misma red y en el mismo
>> >> conmutador
>> >>> (switch) no se vean entre ellos.
>> >>>
>> >>>
>> >>>
>> >>> Para mantener aislamiento debes usar vlans, manteniendo a la red
>> >>> médica en una vlan y la red pública en otra.
>> >>>
>> >>> El mismo DHCP puede decidir a qué vlan se va cada equipo y qué
>> >>> servicios puede tener.
>> >>>
>> >>> En el gateway de la red pública debes colocar un acceso por proxy
>> >>> controlado por temporizador como te había mencionado en un correo
>> >>> anterior.
>> >>>
>> >>> El DHCP debe entregar la ruta de un wpad para la configuración
>> >>> automática del proxy.
>> >>>
>> >>> Debes tener un servicio web que entregue el archivo wpad, el cual
>> >>> indicará que la salida a internet es a través del proxy.
>> >>>
>> >>> Así, en un caso de uso típico sucede:
>> >>>
>> >>> Caso A:
>> >>>
>> >>> -visitante llega con su teléfono.
>> >>> -visitante se conecta a la red pública abierta
>> >>> -teléfono solicita configuración al DHCP
>> >>> -DHCP entrega configuración de red y una ruta para wpad
>> >>> -visitante intenta entrar a internet
>> >>> -navegador del teléfono consulta el wpad
>> >>> -navegador redirige la petición al proxy
>> >>> -proxy redirige al visitante a una página de error donde le pide
>> >>> contraseña, o una encuesta o la foto de la enfermera Salo en
>traje de
>> >> baño
>> >>> -visitante interactúa con la página y gana el acceso temporizado
>> >>> -proxy permite el acceso por 15 minutos antes de mostrar de nuevo
>el
>> >>> pack de verano de la enfermera Salo.
>> >>>
>> >>> Caso B:
>> >>>
>> >>> -llega un interno con un novedoso aparato que no sirve para nada
>pero
>> >>> que consiguió barato en amazon.
>> >>> -interno conecta el aparato a la red pública por flojera de ir a
>> >>> sistemas a pedir acceso
>> >>> -aparato no tiene navegador, por lo que no puede ver las
>candentes
>> >>> fotos de la enfermera Salo
>> >>> -aparato no logra conectarse y el interno no tiene más remedio
>que ir
>> >>> a pedir acceso a la red controlada.
>> >>> -Helpdesk registra macaddress en el DHCP
>> >>> -aparato se vuelve a conectar a la red
>> >>> -DHCP encuentra al aparato en su waitlist y entrega IP de la vlan
>> >>> controlada.
>> >>>
>> >> Muchas gracias por las aportaciones.
>> >>
>> >> Si esto ya lo se, se trata de evitar que llegue un laboratorio e
>> >> instale
>> >> unos equipos sin pasar por el servicio de informática, en la
>> >> actualidad,
>> >> como no están identificados van a parar a la VLAN de gracia donde
>si se
>> >> ven entre ellos y verifican el funcionamiento con el portatil que
>lleva
>> >> el instalador, lo dan por bueno y se van, después llaman al
>servicio de
>> >> informática por que la red del hospital esta mal y no se ven desde
>los
>> >> ordenadores del hospital, porque ellos han verificado la
>instalación
>> >> que
>> >> hicieron.
>> >>
>> >> Como soy muy cabezota, tengo que encontrar la solución, me he
>planteado
>> >> varios caminos:
>> >>
>> >> Investigar a fondo ipv6 que creo que traía algún protocolo para
>esto
>> >> (forzando a levantar una comunicación punto a punto entre la
>maquina y
>> >> un nodo centrar 

Re: dislocker package broken, fix in 'sid'. How long 'til in backports?

[Greg Wooledge]

On Sun, Feb 02, 2020 at 02:49:55PM -0500, Michael Bonert wrote:
> Thank you for the comments!  I emailed the developer.
> 
> As the dislocker packages don't seem to have dependencies - that aren't part
> of stable (buster),
> I decided to create a so-called "FrankenDebian" (
> https://wiki.debian.org/DontBreakDebian )

Why?

Just backport it yourself.

Re: "Ethernet trouble" thread

[Greg Wooledge]

On Sat, Feb 01, 2020 at 05:45:26PM +0100, Tom H wrote:
> You state that it's no longer udev that renames NICs. The following's
> from a sid VM using svsinit+sysvrc.
[...]
> udev is renaming "eth0".
> 
> You can still use "/etc/udev/rules.d/" to rename NICs. Just like with
> "/etc/systemd/network/*.link", you gain simple names linked to a NIC's
> MAC address, but lose the predictable names' advantage that swapiing
> out a NIC preserves its name.

Yes, it MIGHT still work.  Or it might not.  Support for it has
been officially removed.  Whatever the 70-persistent-net.rules file
does on your system is unique to your system.

https://wiki.debian.org/NewInBuster#Network_interface_name_migration

  "The buster release notes warn that the
  /etc/udev/rules.d/70-persistent-net.rules method for assigning
  persistent network interface names is no longer supported."

https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#migrate-interface-names

  "If your system was upgraded from an earlier release, and still uses
  the old-style network interface names that were deprecated with stretch
  (such as eth0 or wlan0), you should be aware that the mechanism of
  defining their names via /etc/udev/rules.d/70-persistent-net.rules is
  officially not supported by udev in buster (while it may still work
  in some cases)."

Re: OT red por cable con portal captivo sin trafico interno.

[Paynalton]

El lun., 3 de febrero de 2020 2:26 a. m., Antonio Trujillo Carmona <
antonio.trujillo.s...@juntadeandalucia.es> escribió:

> El 1/2/20 a las 14:14, Ramses escribió:
> > El 31 de enero de 2020 12:04:37 CET, Antonio Trujillo Carmona <
> antonio.trujillo.s...@juntadeandalucia.es> escribió:
> >> El 29/1/20 a las 17:41, Paynalton escribió:
> >>>
> >>>
> >>> El mié., 29 ene. 2020 a las 7:40, Antonio Trujillo Carmona
> >>> ( >>> >) escribió:
> >>>
> >>> El 28/1/20 a las 8:42, Antonio Trujillo Carmona escribió:
> >>> > En nuestro hospital tenemos una VLan de gracia para los
> >>> equipos no
> >>> > identificados.
> >>> > Debido al abuso que se hace de esa vlan nos estamos planteando
> >>> poner un
> >>> > portal de validación y anular el trafico interno.
> >>> > No se trata tanto de bloquear o filtrar usuarios como de evitar
> >>> que se
> >>> > puedan conectar dispositivos electromédicos u OT a la red, por
> >>> lo que no
> >>> > es importante el nivel de seguridad, cualquier elección haría
> >> que un
> >>> > dispositivo automático fallara en adquirir red, que es lo que
> >>> buscamos.
> >>> > Los conmutadores (HP procurbe) solo admiten 2 de 3 posibles
> >>> formas de
> >>> > acceso y tienen activado el filtrado 802.1x y por MAC, por lo
> >>> que no se
> >>> > puede activar el acceso web.
> >>> > ¿Alguna idea?
> >>> >
> >>> Muchas gracias a todos por las respuestas.
> >>>
> >>> Realmente mi pregunta no iba sobre que portal usar, aunque
> >>> agradezco los
> >>> apuntes y los probare, si no por como configurar una red por dhcp
> >> para
> >>> que los equipos que estén en la misma red y en el mismo
> >> conmutador
> >>> (switch) no se vean entre ellos.
> >>>
> >>>
> >>>
> >>> Para mantener aislamiento debes usar vlans, manteniendo a la red
> >>> médica en una vlan y la red pública en otra.
> >>>
> >>> El mismo DHCP puede decidir a qué vlan se va cada equipo y qué
> >>> servicios puede tener.
> >>>
> >>> En el gateway de la red pública debes colocar un acceso por proxy
> >>> controlado por temporizador como te había mencionado en un correo
> >>> anterior.
> >>>
> >>> El DHCP debe entregar la ruta de un wpad para la configuración
> >>> automática del proxy.
> >>>
> >>> Debes tener un servicio web que entregue el archivo wpad, el cual
> >>> indicará que la salida a internet es a través del proxy.
> >>>
> >>> Así, en un caso de uso típico sucede:
> >>>
> >>> Caso A:
> >>>
> >>> -visitante llega con su teléfono.
> >>> -visitante se conecta a la red pública abierta
> >>> -teléfono solicita configuración al DHCP
> >>> -DHCP entrega configuración de red y una ruta para wpad
> >>> -visitante intenta entrar a internet
> >>> -navegador del teléfono consulta el wpad
> >>> -navegador redirige la petición al proxy
> >>> -proxy redirige al visitante a una página de error donde le pide
> >>> contraseña, o una encuesta o la foto de la enfermera Salo en traje de
> >> baño
> >>> -visitante interactúa con la página y gana el acceso temporizado
> >>> -proxy permite el acceso por 15 minutos antes de mostrar de nuevo el
> >>> pack de verano de la enfermera Salo.
> >>>
> >>> Caso B:
> >>>
> >>> -llega un interno con un novedoso aparato que no sirve para nada pero
> >>> que consiguió barato en amazon.
> >>> -interno conecta el aparato a la red pública por flojera de ir a
> >>> sistemas a pedir acceso
> >>> -aparato no tiene navegador, por lo que no puede ver las candentes
> >>> fotos de la enfermera Salo
> >>> -aparato no logra conectarse y el interno no tiene más remedio que ir
> >>> a pedir acceso a la red controlada.
> >>> -Helpdesk registra macaddress en el DHCP
> >>> -aparato se vuelve a conectar a la red
> >>> -DHCP encuentra al aparato en su waitlist y entrega IP de la vlan
> >>> controlada.
> >>>
> >> Muchas gracias por las aportaciones.
> >>
> >> Si esto ya lo se, se trata de evitar que llegue un laboratorio e
> >> instale
> >> unos equipos sin pasar por el servicio de informática, en la
> >> actualidad,
> >> como no están identificados van a parar a la VLAN de gracia donde si se
> >> ven entre ellos y verifican el funcionamiento con el portatil que lleva
> >> el instalador, lo dan por bueno y se van, después llaman al servicio de
> >> informática por que la red del hospital esta mal y no se ven desde los
> >> ordenadores del hospital, porque ellos han verificado la instalación
> >> que
> >> hicieron.
> >>
> >> Como soy muy cabezota, tengo que encontrar la solución, me he planteado
> >> varios caminos:
> >>
> >> Investigar a fondo ipv6 que creo que traía algún protocolo para esto
> >> (forzando a levantar una comunicación punto a punto entre la maquina y
> >> un nodo centrar donde instalare alguno de los portales que me han
> >> aconsejado).
> >>
> >> Subdividir el rango de la VLAN en redes con prefijo 30, aunque en los
> >> conmutadores solo admiten una vlan por 

Re: OT red por cable con portal captivo sin trafico interno.

[Felix Perez]

El vie., 31 de ene. de 2020 a la(s) 08:04, Antonio Trujillo Carmona
(antonio.trujillo.s...@juntadeandalucia.es) escribió:
>







>
> Muchas gracias por las aportaciones.
>
> Si esto ya lo se, se trata de evitar que llegue un laboratorio e instale
> unos equipos sin pasar por el servicio de informática, en la actualidad,
> como no están identificados van a parar a la VLAN de gracia donde si se
> ven entre ellos y verifican el funcionamiento con el portatil que lleva
> el instalador, lo dan por bueno y se van, después llaman al servicio de
> informática por que la red del hospital esta mal y no se ven desde los
> ordenadores del hospital, porque ellos han verificado la instalación que
> hicieron.
>
> Como soy muy cabezota, tengo que encontrar la solución, me he planteado
> varios caminos:
>
> Investigar a fondo ipv6 que creo que traía algún protocolo para esto
> (forzando a levantar una comunicación punto a punto entre la maquina y
> un nodo centrar donde instalare alguno de los portales que me han
> aconsejado).
>
> Subdividir el rango de la VLAN en redes con prefijo 30, aunque en los
> conmutadores solo admiten una vlan por defecto, esto reduciria de 254 a
> 64 los equipos que se permiten concurentemente en la Vlan de gracia,
> pero espero que sea un numero suficiente.
>
> Investigar el tema de la validación web para que "emule" la validación
> MAC y puedan acceder tanto los equipos con MAC autorizada (en sus Vlanes
> correspondientes) como los no autorizados a las Vlanes preparadas de la
> forma que he dicho antes.
>
>
> Contare como acaba la cosa, y otra vez muchas gracias por las aportaciones.
>
>
Estimado me parece que su problema va más por el lado de la gestión de
recursos que por alguna técnica a utilizar para bloqueo de acceso.

Habilitando un portal público con pocas IPs puedes controlar la
cantidad de usuarios conectados públicos y evitas colapso del ancho de
banda, que no es ilimitada.

Por reglamento un usuario interno "NO DEBE" llevar, instalar o usar la
red interna para cosas personales, eso es una gran brecha de
seguridad.  Idem con proveedores externos, debe existir un protocolo
para ese efecto, en cuanto a registro, instalación, configuración,
prueba y recepción de equipos.

Con políticas claras y conocidas del uso de los recursos informáticos
reduces las incidencias y solo debes centrarte en las instrusiones o
en los accesos sin permiso.

Los recursos no son ilimitados, por tanto no puedes ofrecer recursos a
todo el mundo sin alguna limitación.

Saludos.

-- 
usuario linux  #274354
normas de la lista:  http://wiki.debian.org/es/NormasLista
como hacer preguntas inteligentes:
http://www.sindominio.net/ayuda/preguntas-inteligentes.html

Delay evolution-*-factory startup

[Jim Popovitch]

Hello!

Is there a way in Buster+Cinnamon to disable evolution-
(calendar|addressbook)-factory until after a VPN has connected?

Everytime I login and start Evolution I have a handful of blue warnings,
that I must clear, because Evolution was unable to connect to services
only available over a VPN. By the time I clear the blue warnings the VPN
is active, the warning just accrue after login and before network
manager activates the VPN. 

-Jim P.

[1/2HS] Mysql et le symbole Euro €

[ajh-valmer]

Bonjour,

Depuis peu, lorsque j'INSERT ou UPDATE une table MySQL,
via scripts PHP et SQL, je mets le montant  : "30"
et apparait dans le champ via phpmyadmin : "30¤".
Pareil si j'écris "30€".

Pourtant, si j'interroge la table (SELECT),
apparait bien dans le navigateur "30€".

L'interclassement est UTF8_general_ci.
Si je mets : latin1_general_ci, pareil.

Ce problème fait suite à un upgrade de mysql.

Merci,

A. Valmer

Re: could not resolve deb.debian.org after installing via debian live image

[Thomas Schmitt]

Hi,

urm, looking again at

  N: Download is performed unsandboxed as root as file
  '/media/deploy/UUI/dists/buster/InRelease' couldn't be accessed by user
  '_apt'. - pkgAcquire::Run (13: Permission denied)

i wonder whether it did simply work fine as root.

"N:" is probably the prefix for a note which reports some peculiarity
but not a real problem. The story would be that the superuser could not
do the work after downgrading itself to "_apt" and thus had to work
by its own superpowers.

In the failure messages of "apt-get install" we see "E:" as prefix.
I guess that means "error". But i find no explanation of these markers
anywhere in man dpkg-deb, dpkg, apt, apt-get.
Probably it is lintian style
  https://www.debian.org/doc/manuals/maint-guide/checkit.en.html#lintians

Whatever, try whether you now can install openssh-server.


Tamar Nirenberg wrote:
> https://www.mail-archive.com/debian-user@lists.debian.org/msg740814.html

That's obviously a typical example of branching unrelated discussions
from an originally interesting technical question.
Maybe we can present an answer after some more struggle.


Have a nice day :)

Thomas

Re: diagramme de gantt

[Christian Quentin]

Bonjour, 


Ça répond peut-être un poil à côté de ton besoin mais redmine qui permet
de faire du suivi de bug affiche des diagrammes de gantt en mode web. Tu
peux soit utiliser l'outil tel quel ou peut-être analyser le code de la
partie diagramme de Gantt comme source d'inspiration (codé avec le
framework Ruby On Rails). 

Et merci d'avoir attiré mon attention sur younohost :-) 

Bonne exploration 

Christian 


Le 2020-02-03 07:00, Bernard Schoenacker a écrit :


bonjour,

je recherche une solution pour employer des diagrammes 
de gantt en version web et je n'arrive pas à trouver

la solution sachant que je part d'une base sur younohost

qui pourrait simplement me donner un début de solution
pour éclairer ma lanterne

merci pour votre aimable attention

bien à vous
bernard

Re: Comment enlever facilement la PUB d'un enregistrement tv ?

[Maxime G.]

Sinon il y a LosslessCut ou VidCutter qui font le job en 3 clics de souris et 
en split/merge/copy.


https://github.com/mifi/lossless-cut

https://github.com/ozmartian/vidcutter



3 février 2020 00:19 "Haricophile"  a écrit:

> Le dimanche 02 février 2020 à 17:56 +0100, hamster a écrit :
> 
>> Le 02/02/2020 à 13:56, Haricophile a écrit :
>> et ffmpeg, ce qui est le plus «simple et stupide».
>> C'est vrai. Et comme de bien entendu j'ai commencé par faire man ffmpeg
>> mais… je ne suis jamais arrivé au bout !
> 
> https://www.ffmpeg.org/ffmpeg.html#Main-options option -ss et -to

Re: OT red por cable con portal captivo sin trafico interno.

[Ramses]

El 3 de febrero de 2020 9:26:00 CET, Antonio Trujillo Carmona 
 escribió:
>El 1/2/20 a las 14:14, Ramses escribió:
>> El 31 de enero de 2020 12:04:37 CET, Antonio Trujillo Carmona
> escribió:
>>> El 29/1/20 a las 17:41, Paynalton escribió:


 El mié., 29 ene. 2020 a las 7:40, Antonio Trujillo Carmona
 (>>> >) escribió:

 El 28/1/20 a las 8:42, Antonio Trujillo Carmona escribió:
 >     En nuestro hospital tenemos una VLan de gracia para los
 equipos no
 > identificados.
 > Debido al abuso que se hace de esa vlan nos estamos
>planteando
 poner un
 > portal de validación y anular el trafico interno.
 > No se trata tanto de bloquear o filtrar usuarios como de
>evitar
 que se
 > puedan conectar dispositivos electromédicos u OT a la red,
>por
 lo que no
 > es importante el nivel de seguridad, cualquier elección haría
>>> que un
 > dispositivo automático fallara en adquirir red, que es lo que
 buscamos.
 > Los conmutadores (HP procurbe) solo admiten 2 de 3 posibles
 formas de
 > acceso y tienen activado el filtrado 802.1x y por MAC, por lo
 que no se
 > puede activar el acceso web.
 > ¿Alguna idea?
 >
 Muchas gracias a todos por las respuestas.

 Realmente mi pregunta no iba sobre que portal usar, aunque
 agradezco los
 apuntes y los probare, si no por como configurar una red por
>dhcp
>>> para
 que los equipos que estén en la misma red y en el mismo
>>> conmutador
 (switch) no se vean entre ellos.



 Para mantener aislamiento debes usar vlans, manteniendo a la red
 médica en una vlan y la red pública en otra.

 El mismo DHCP puede decidir a qué vlan se va cada equipo y qué
 servicios puede tener.

 En el gateway de la red pública debes colocar un acceso por proxy
 controlado por temporizador como te había mencionado en un correo
 anterior.

 El DHCP debe entregar la ruta de un wpad para la configuración
 automática del proxy.

 Debes tener un servicio web que entregue el archivo wpad, el cual
 indicará que la salida a internet es a través del proxy.

 Así, en un caso de uso típico sucede:

 Caso A:

 -visitante llega con su teléfono.
 -visitante se conecta a la red pública abierta
 -teléfono solicita configuración al DHCP
 -DHCP entrega configuración de red y una ruta para wpad
 -visitante intenta entrar a internet
 -navegador del teléfono consulta el wpad
 -navegador redirige la petición al proxy
 -proxy redirige al visitante a una página de error donde le pide
 contraseña, o una encuesta o la foto de la enfermera Salo en traje
>de
>>> baño
 -visitante interactúa con la página y gana el acceso temporizado
 -proxy permite el acceso por 15 minutos antes de mostrar de nuevo
>el
 pack de verano de la enfermera Salo.

 Caso B:

 -llega un interno con un novedoso aparato que no sirve para nada
>pero
 que consiguió barato en amazon.
 -interno conecta el aparato a la red pública por flojera de ir a
 sistemas a pedir acceso
 -aparato no tiene navegador, por lo que no puede ver las candentes
 fotos de la enfermera Salo
 -aparato no logra conectarse y el interno no tiene más remedio que
>ir
 a pedir acceso a la red controlada.
 -Helpdesk registra macaddress en el DHCP
 -aparato se vuelve a conectar a la red
 -DHCP encuentra al aparato en su waitlist y entrega IP de la vlan
 controlada.
  
>>> Muchas gracias por las aportaciones.
>>>
>>> Si esto ya lo se, se trata de evitar que llegue un laboratorio e
>>> instale
>>> unos equipos sin pasar por el servicio de informática, en la
>>> actualidad,
>>> como no están identificados van a parar a la VLAN de gracia donde si
>se
>>> ven entre ellos y verifican el funcionamiento con el portatil que
>lleva
>>> el instalador, lo dan por bueno y se van, después llaman al servicio
>de
>>> informática por que la red del hospital esta mal y no se ven desde
>los
>>> ordenadores del hospital, porque ellos han verificado la instalación
>>> que
>>> hicieron.
>>>
>>> Como soy muy cabezota, tengo que encontrar la solución, me he
>planteado
>>> varios caminos:
>>>
>>> Investigar a fondo ipv6 que creo que traía algún protocolo para esto
>>> (forzando a levantar una comunicación punto a punto entre la maquina
>y
>>> un nodo centrar donde instalare alguno de los portales que me han
>>> aconsejado).
>>>
>>> Subdividir el rango de la VLAN en redes con prefijo 30, aunque en
>los
>>> conmutadores solo admiten una vlan por defecto, esto reduciria de
>254 a
>>> 64 los equipos que se permiten concurentemente en la Vlan de gracia,
>>> pero espero que sea un numero suficiente.
>>>
>>> Investigar el tema de la validación 

Re: could not resolve deb.debian.org after installing via debian live image

[Thomas Schmitt]

Hi,

Tamar Nirenberg wrote:
> root@deploy-pc:/etc/apt# apt-get update
> [...]
> N: Download is performed unsandboxed as root as file
> '/media/deploy/UUI/dists/buster/InRelease' couldn't be accessed by user
> '_apt'. - pkgAcquire::Run (13: Permission denied)

First i would try to find out what is the permission problem with
the directories and file name of path
  /media/deploy/UUI/dists/buster/InRelease

Especially i wonder about "user '_apt'".
Doesn't the "#" in your shell prompt indicate that you are superuser ?

I also wonder why apt-get complains when there is no file
/dists/buster/InRelease in the ISO filesystem.
Do you see a file
  /media/deploy/UUI/dists/buster/InRelease
?


> Do you think I have to copy , as you suggested, the /media/deploy/UUI/pool
> and /media/deploy/UUI/dists to another location?

That could be worth a try.
  https://wiki.debian.org/DebianRepository/Format
looks like InRelease is looked for if there is no Release.gpg.
You would probably get a Release.gpg file from what is described in the
"ARCHIVE CONFIGURATION" chapter of man apt-secure.

But i wonder for what "[trusted=yes]" is good, if it does not avoid the
need for an InRelease or Release.gpg file.


Have a nice day :)

Thomas

Re: could not resolve deb.debian.org after installing via debian live image

[Thomas Schmitt]

Hi,

Tamar Nirenberg's apt-get wrote:
> Err:3 cdrom://[Official Debian GNU/Linux Live 10.2.0 gnome 2019-11-16T10:36]
> buster Release
> Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get update
> cannot be used to add new CD-ROMs
> [...]
> E: The repository 'cdrom://[Official Debian GNU/Linux Live 10.2.0 gnome
> 2019-11-16T10:36] buster Release' does not have a Release file.

Do you have "deb cdrom:" lines in your sources.list ?
If so, comment them out and try whether these complaints vanish.


> E: The repository 'file:/media/deploy/UUI buster Release' is not signed.
> N: Updating from such a repository can't be done securely, and is therefore
> disabled by default.
> N: See apt-secure(8) manpage for repository creation and user configuration
> details.

I understand that apt-secure can be used to create a signed repo.
I assume that you'd have to copy the ./dist and ./pool trees to a writable
filesystem before producing the signature.

But the internet proposes as quick workaround in sources.list:

  deb [trusted=yes] file:/media/deploy/UUI buster main

(documented in man sources.list)

-

Aren't any sources.list experts present who could keep me from guessing
around ?


Have a nice day :)

Thomas

Re: could not resolve deb.debian.org after installing via debian live image

[Tamar Nirenberg]

Hi Thomas,

Thanks for your reply.

I tried to put this in sources.list:

deb file:/media/deploy/UUI buster main

--Where /media/deploy/UUI is the mount for the USB stick

Running apt-get update, I get this:

root@deploy-pc:~# apt-get update
Get:1 file:/media/deploy/UUI buster InRelease
Ign:2 cdrom://[Official Debian GNU/Linux Live 10.2.0 gnome
2019-11-16T10:36] buster InRelease
Ign:1 file:/media/deploy/UUI buster InRelease
Err:3 cdrom://[Official Debian GNU/Linux Live 10.2.0 gnome
2019-11-16T10:36] buster Release
  Please use apt-cdrom to make this CD-ROM recognized by APT. apt-get
update cannot be used to add new CD-ROMs
Get:4 file:/media/deploy/UUI buster Release [1,130 B]
Get:4 file:/media/deploy/UUI buster Release [1,130 B]
Get:5 file:/media/deploy/UUI buster Release.gpg
Ign:5 file:/media/deploy/UUI buster Release.gpg
Reading package lists... Done
N: Download is performed unsandboxed as root as file
'/media/deploy/UUI/dists/buster/InRelease' couldn't be accessed by user
'_apt'. - pkgAcquire::Run (13: Permission denied)
E: The repository 'cdrom://[Official Debian GNU/Linux Live 10.2.0 gnome
2019-11-16T10:36] buster Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore
disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration
details.
E: The repository 'file:/media/deploy/UUI buster Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore
disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration
details.

Thanks,
Tamar


‫בתאריך יום ב׳, 3 בפבר׳ 2020 ב-10:18 מאת ‪Thomas Schmitt‬‏ <‪
scdbac...@gmx.net‬‏>:‬

> Hi,
>
> Rick Thomas wrote:
> > Anybody know what's the procedure for adding a local disk as a repo?
>
> I had hoped for other, more experienced self-admins to care for Tamar's
> questions. My theories about "deb file:..." in sources.list are below.
>
>
> Tamar Nirenberg's apt-get wrote:
> > openssh-server openssh-sftp-server
> > [...]
> > Could not resolve 'deb.debian.org [deb.debian.org]'
> > [...]
> > E: Unable to fetch some archives, maybe run apt-get update or try with
> > --fix-missing?
>
> If the ISO would be on DVD, i'd try what
>   man sources.list
> says about "URI SPECIFICATION" with type "cdrom".
>
> Since the ISO is on a USB stick, then i'd try type "file". I understand
> that the path after "file:" should point to the directory with
> subdirectories ./dist and ./pool . That would be the root directory o
> the mounted ISO on the stick.
> The squashfs seems to contain no pool.
>
> Assumed that the Live ISO is mounted at /mnt/liveiso i'd try:
>
>   deb file:/mnt/liveiso buster main
>
>
> Have a nice day :)
>
> Thomas
>
>

Re: OT red por cable con portal captivo sin trafico interno.

[Antonio Trujillo Carmona]

El 1/2/20 a las 14:14, Ramses escribió:
> El 31 de enero de 2020 12:04:37 CET, Antonio Trujillo Carmona 
>  escribió:
>> El 29/1/20 a las 17:41, Paynalton escribió:
>>>
>>>
>>> El mié., 29 ene. 2020 a las 7:40, Antonio Trujillo Carmona
>>> (>> >) escribió:
>>>
>>> El 28/1/20 a las 8:42, Antonio Trujillo Carmona escribió:
>>> >     En nuestro hospital tenemos una VLan de gracia para los
>>> equipos no
>>> > identificados.
>>> > Debido al abuso que se hace de esa vlan nos estamos planteando
>>> poner un
>>> > portal de validación y anular el trafico interno.
>>> > No se trata tanto de bloquear o filtrar usuarios como de evitar
>>> que se
>>> > puedan conectar dispositivos electromédicos u OT a la red, por
>>> lo que no
>>> > es importante el nivel de seguridad, cualquier elección haría
>> que un
>>> > dispositivo automático fallara en adquirir red, que es lo que
>>> buscamos.
>>> > Los conmutadores (HP procurbe) solo admiten 2 de 3 posibles
>>> formas de
>>> > acceso y tienen activado el filtrado 802.1x y por MAC, por lo
>>> que no se
>>> > puede activar el acceso web.
>>> > ¿Alguna idea?
>>> >
>>> Muchas gracias a todos por las respuestas.
>>>
>>> Realmente mi pregunta no iba sobre que portal usar, aunque
>>> agradezco los
>>> apuntes y los probare, si no por como configurar una red por dhcp
>> para
>>> que los equipos que estén en la misma red y en el mismo
>> conmutador
>>> (switch) no se vean entre ellos.
>>>
>>>
>>>
>>> Para mantener aislamiento debes usar vlans, manteniendo a la red
>>> médica en una vlan y la red pública en otra.
>>>
>>> El mismo DHCP puede decidir a qué vlan se va cada equipo y qué
>>> servicios puede tener.
>>>
>>> En el gateway de la red pública debes colocar un acceso por proxy
>>> controlado por temporizador como te había mencionado en un correo
>>> anterior.
>>>
>>> El DHCP debe entregar la ruta de un wpad para la configuración
>>> automática del proxy.
>>>
>>> Debes tener un servicio web que entregue el archivo wpad, el cual
>>> indicará que la salida a internet es a través del proxy.
>>>
>>> Así, en un caso de uso típico sucede:
>>>
>>> Caso A:
>>>
>>> -visitante llega con su teléfono.
>>> -visitante se conecta a la red pública abierta
>>> -teléfono solicita configuración al DHCP
>>> -DHCP entrega configuración de red y una ruta para wpad
>>> -visitante intenta entrar a internet
>>> -navegador del teléfono consulta el wpad
>>> -navegador redirige la petición al proxy
>>> -proxy redirige al visitante a una página de error donde le pide
>>> contraseña, o una encuesta o la foto de la enfermera Salo en traje de
>> baño
>>> -visitante interactúa con la página y gana el acceso temporizado
>>> -proxy permite el acceso por 15 minutos antes de mostrar de nuevo el
>>> pack de verano de la enfermera Salo.
>>>
>>> Caso B:
>>>
>>> -llega un interno con un novedoso aparato que no sirve para nada pero
>>> que consiguió barato en amazon.
>>> -interno conecta el aparato a la red pública por flojera de ir a
>>> sistemas a pedir acceso
>>> -aparato no tiene navegador, por lo que no puede ver las candentes
>>> fotos de la enfermera Salo
>>> -aparato no logra conectarse y el interno no tiene más remedio que ir
>>> a pedir acceso a la red controlada.
>>> -Helpdesk registra macaddress en el DHCP
>>> -aparato se vuelve a conectar a la red
>>> -DHCP encuentra al aparato en su waitlist y entrega IP de la vlan
>>> controlada.
>>>  
>> Muchas gracias por las aportaciones.
>>
>> Si esto ya lo se, se trata de evitar que llegue un laboratorio e
>> instale
>> unos equipos sin pasar por el servicio de informática, en la
>> actualidad,
>> como no están identificados van a parar a la VLAN de gracia donde si se
>> ven entre ellos y verifican el funcionamiento con el portatil que lleva
>> el instalador, lo dan por bueno y se van, después llaman al servicio de
>> informática por que la red del hospital esta mal y no se ven desde los
>> ordenadores del hospital, porque ellos han verificado la instalación
>> que
>> hicieron.
>>
>> Como soy muy cabezota, tengo que encontrar la solución, me he planteado
>> varios caminos:
>>
>> Investigar a fondo ipv6 que creo que traía algún protocolo para esto
>> (forzando a levantar una comunicación punto a punto entre la maquina y
>> un nodo centrar donde instalare alguno de los portales que me han
>> aconsejado).
>>
>> Subdividir el rango de la VLAN en redes con prefijo 30, aunque en los
>> conmutadores solo admiten una vlan por defecto, esto reduciria de 254 a
>> 64 los equipos que se permiten concurentemente en la Vlan de gracia,
>> pero espero que sea un numero suficiente.
>>
>> Investigar el tema de la validación web para que "emule" la validación
>> MAC y puedan acceder tanto los equipos con MAC autorizada (en sus
>> Vlanes
>> correspondientes) como los no autorizados a las Vlanes preparadas de la
>> forma que he dicho 

Re: could not resolve deb.debian.org after installing via debian live image

[Tamar Nirenberg]

Hi,

I think there must be a way to use the live image a s source for the apt
installations, instead of the internet...

I will post a new question with this title and see if anyone knows...

Thanks again!
Tamar

‫בתאריך יום ב׳, 3 בפבר׳ 2020 ב-2:09 מאת ‪Daryl‬‏ <‪lists@soldmydata.online
‬‏>:‬

> On Sun, 02 Feb 2020 15:27:49 -0800
> "Rick Thomas"  wrote:
>
> > I'm not sure myself, but maybe somebody on the list knows?
> >
> > Anybody know what's the procedure for adding a local disk as a repo?
> >
> > Thanks in advance!
> >
> > On Sun, Feb 2, 2020, at 4:15 AM, Tamar Nirenberg wrote:
> > > Hi Rick,
> > >
> > > Thank you for your answer.
> > >
> > > The sources file contains only these lines, no reference to the
> > > live installer image:
> > >
> > > $ cat sources.list
> >
> > > # See https://wiki.debian.org/SourcesList for more information.
> >
> > > deb http://deb.debian.org/debian buster main
> >
> > > deb-src http://deb.debian.org/debian buster main
> >
> > >
> >
> > > deb http://deb.debian.org/debian buster-updates main
> >
> > > deb-src http://deb.debian.org/debian buster-updates main
> >
> > >
> >
> > > deb http://security.debian.org/debian-security/ buster/updates
> > > main
> >
> > > deb-src http://security.debian.org/debian-security/ buster/updates
> > > main
> >
> > >
> > >
> > > Do you know how I can add the USB mount (i did not use a DVD, but a
> > > USB stick) as a source for the apt install?
> > >
> > > Thanks,
> > > Tamar
> > >
> > >
> > > ‫בתאריך יום א׳, 2 בפבר׳ 2020 ב-13:45 מאת ‪Rick Thomas‬‏
> > > <‪rick.tho...@pobox.com‬‏>:‬
> > >> __
> > >> Hi Tamar,
> > >>
> > >> I think your problem is that the box is not connected to the
> > >> internet. The sources.list file left by the install process
> > >> assumes you will be connected.
> > >>
> > >> So take a look at /etc/apt/sources.list and comment out the lines
> > >> that refer to internet sites such as deb.debian.org, Then
> > >> un-comment the line(s) that refer(s) to the live installer image.
> > >> Then make sure the DVD is in the drive and mounted. You should now
> > >> be able to install packages from the DVD.
> > >>
> > >> Good luck!
> > >> Rick
> > >>
> > >> On Sun, Feb 2, 2020, at 3:13 AM, Tamar Nirenberg wrote:
> > >>> Hi,
> > >>>
> > >>> I installed Debian 10 on a new server using live
> > >>> image:debian-live-10.2.0-amd64-gnome.iso The box is not connected
> > >>> to the internet.
> >
> > >>> Installation ended successfully, but now when I try to install
> > >>> open-ssh I get an error saying "could not resolve
> > >>> deb.debian.org"
> >
> > >>>
> >
> > >>
>
> This is cross posted over to debian-live.
>
> What you typically would do here is use apt-cdrom add
>
> It will ask you for a CD/DVD which it will scan and add an entry to
> your /etc/apt/sources.list
>
> In the future if you want a package:
>
> apt install foo
>
> will tell you what DVD or CD you need to insert. Works the same for
> dependencies and you might need to switch out the DVD's a time or two
> depending on what is required.
>
> If you want to do this without DVD's you would need to sync a repo to a
> machine on your LAN and configure a webserver to hand out the files.
>
>

Re: could not resolve deb.debian.org after installing via debian live image

[Thomas Schmitt]

Hi,

Rick Thomas wrote:
> Anybody know what's the procedure for adding a local disk as a repo?

I had hoped for other, more experienced self-admins to care for Tamar's
questions. My theories about "deb file:..." in sources.list are below.


Tamar Nirenberg's apt-get wrote:
> openssh-server openssh-sftp-server
> [...]
> Could not resolve 'deb.debian.org [deb.debian.org]'
> [...]
> E: Unable to fetch some archives, maybe run apt-get update or try with
> --fix-missing?

If the ISO would be on DVD, i'd try what
  man sources.list
says about "URI SPECIFICATION" with type "cdrom".

Since the ISO is on a USB stick, then i'd try type "file". I understand
that the path after "file:" should point to the directory with
subdirectories ./dist and ./pool . That would be the root directory o
the mounted ISO on the stick.
The squashfs seems to contain no pool.

Assumed that the Live ISO is mounted at /mnt/liveiso i'd try:

  deb file:/mnt/liveiso buster main


Have a nice day :)

Thomas

Re: apache2 virtual host

[Russell L. Harris]

On Mon, Feb 03, 2020 at 08:29:30AM +0100, john doe wrote:

What is the content of your 'PATH' env?

$ printf "%s\n" "$PATH"


root@penelope:/usr/sbin# printf "%s\n" "$PATH"
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

I really must turn in for the night, and resume this on the morrow.
RLH