Re: Cannot see update to recent linux kernel 5.10.19-1~bpo10+1 (from 5.10.13-1~bpo10+1)
l0f...@tuta.io wrote: $ apt policy linux-image-5.10.0-0.bpo.3-amd64 linux-image-5.10.0-0.bpo.3-amd64: Installed: 5.10.13-1~bpo10+1 Candidate: 5.10.13-1~bpo10+1 Version table: *** 5.10.13-1~bpo10+1 100 100 http://deb.debian.org/debian buster-backports/main amd64 Packages 100 /var/lib/dpkg/status You're probably missing the metapackage, linux-image-amd64. Regards.
Re: [OT] Re: Social-media antipathy (was Re: How i can optimize my operating system?)
On 22-03-2021 11:20, Long Wind wrote: > deloptes wrote: > > Well, they are brain washed - in a sense they know that it is > impossible to > > stand up against and also might be not wise, because proven is the > fact > > they manage things better than neighbor India or developed Europe. > > I wanted to avoid being criticized for praising China. > > can you give some examples that china manage better than india or > europe? > like all dictatorship, china rule by violence and propaganda Rubbish! Obviously never been there. The Chinese cops are the friendliest I've ever come across. Nobody there has any hesitation in going to them with a problem. They see themselves as public servants, which is a perception that doesn't live in many westernised countries any more. If you need directions or advice, go to them: most of them have a translation app on their smart phones, and they'll set you right and do it with a smile. If you want governmental corruption, go to India. There's so much back-pocket business going on there, it's a whole new industry and, arguably, India's largest. Developed Europe? What would you call that? Macron's France or Merkel's Germany? > china do better , because all bad news are hidden by communist > leadership Garbage! There's an extremely active anti-corruption drive happening in China. Politicians found guilty of it get heavy prison sentences, at best, and often a death sentence. China now has lifted its entire population above poverty level. It's lauded by the World Bank as an unprecedented achievement. > term Chinese government is quite misleading > it's used as if it's same as other legitimate government, i.e. > elected by people It was. China has already had its revolution. What would you call a legitimate government? The U.S., where congressmen become millionaires, even billionaires, on salaries it's impossible to do it on, and nobody says a word? > its true nature is criminal group, as described in bill by US senator I think you need to stop believing everything you see on TV. But thanks for providing a perfect example of exactly what we have been talking about in the earlier stages of this conversation. Cheers! Harry. -- `The World is not dangerous because of those who do harm but because of those who look on without doing anything'. -- Albert Einstein
Re: efibootmgr headach?
On 21/03/2021 6:13 pm, Morgan Read wrote: > Thanks Didier, Greg & Deloptes > > Right! So, TWO problems - I might have guessed I was getting poked from > two sides at once... > 1) PureOS doesn't do UEFI - yup, that would have lost me completely - > thank you very much Didier for noticing that! > 2) '... although if you have something like "Fast Boot" etc. could > cause problems.' > Hmm - I wonder - I do have 'Fast Boot' enabled... Thank you Deloptes, I > will investigate. > > M Sorted, thanks.
Re: WiFi Hardware not detected, during Debian NetInst Install
On Sun, Mar 21, 2021, 9:24 PM Robbi Nespu wrote: > On 22/3/2021 6:27 am, Kenneth Parker wrote: > > Hello, > > > > Later this week, I will be helping a friend install Debian onto a Lenovo > > Ideapad Laptop. This will be in a Public Space with, only WiFi > available. > > > > Both his Lenovo, and my HP Laptop have the same WiFi hardware, found via > > a "lspci" command: > > > > > Network controller: Realtek Semiconductor Co., Ltd. RTL8723DE > > 802.11b/g/n PCIe Adapter > > > > So, to ensure that we can complete the Install, I wanted to test, using, > > first a Debian Bullseye Netinst CD and, when it failed, a Debian Buster > > 10.3 NetInst CD. > > > > In both cases, I used my favorite, Text / Expert Install (but also tried > > Bullseye with the "normal" Text Install). it gets to the step, to find, > > and configure the Network, but only finds the Ethernet Port which, for > > the purposes of my test, has no Cable attached. So, obviously, the > > Network Configuration fails! > > > > I was ready for it to Find the WiFi, and had, in advance, populated the > > /firmware directory of a USB Thumbdrive, but it never gets to the step, > > where it is asking for it. > > > > Any Insights? > > > > Thanks in advance! > > > > Kenneth Parker > Does the installer said missing firmware? or nothing at all? > It sits for, about a minute in the "Detect Network Hardware" step. Then, when it continues, only the Ethernet Port is detected. It does not, even *ask* about Firmware. So, nothing at all. if the installer said missing firmware, you may take look my previous > thread[2] (my solution are here[2]) > > [1] https://lists.debian.org/debian-user/2021/02/msg00727.html > [2] https://lists.debian.org/debian-user/2021/02/msg00766.html So, for my purposes, install without network is the best that I can do. And then, in the running system, install the Firmware. Thanks! Kenneth Parker > >
Re: WiFi Hardware not detected, during Debian NetInst Install
On Sun 21 Mar 2021 at 18:27:22 (-0400), Kenneth Parker wrote: > > Later this week, I will be helping a friend install Debian onto a Lenovo > Ideapad Laptop. This will be in a Public Space with, only WiFi available. > > Both his Lenovo, and my HP Laptop have the same WiFi hardware, found via a > "lspci" command: > > > Network controller: Realtek Semiconductor Co., Ltd. RTL8723DE 802.11b/g/n > PCIe Adapter > > So, to ensure that we can complete the Install, I wanted to test, using, > first a Debian Bullseye Netinst CD and, when it failed, a Debian Buster > 10.3 NetInst CD. > > In both cases, I used my favorite, Text / Expert Install (but also tried > Bullseye with the "normal" Text Install). it gets to the step, to find, > and configure the Network, but only finds the Ethernet Port which, for the > purposes of my test, has no Cable attached. So, obviously, the Network > Configuration fails! > > I was ready for it to Find the WiFi, and had, in advance, populated the > /firmware directory of a USB Thumbdrive, but it never gets to the step, > where it is asking for it. > > Any Insights? The tests I carried out at the end of last month showed that whereas wheezy's installer could find "loose files" of firmware on a USB stick, buster's was unable to. So the choice nowadays seems to be either to copy .deb files of firmware onto a USB stick, or to copy the loose files into the real /lib/firmware directory any time before the "Detect Network Hardware" step. You might have to create /lib/firmware, and any subdirectory that the firmware habitually inhabits, eg /lib/firmware/rtlwifi for rtl8192*. Cheers, David.
Re: WiFi Hardware not detected, during Debian NetInst Install
On 22/3/2021 6:27 am, Kenneth Parker wrote: Hello, Later this week, I will be helping a friend install Debian onto a Lenovo Ideapad Laptop. This will be in a Public Space with, only WiFi available. Both his Lenovo, and my HP Laptop have the same WiFi hardware, found via a "lspci" command: > Network controller: Realtek Semiconductor Co., Ltd. RTL8723DE 802.11b/g/n PCIe Adapter So, to ensure that we can complete the Install, I wanted to test, using, first a Debian Bullseye Netinst CD and, when it failed, a Debian Buster 10.3 NetInst CD. In both cases, I used my favorite, Text / Expert Install (but also tried Bullseye with the "normal" Text Install). it gets to the step, to find, and configure the Network, but only finds the Ethernet Port which, for the purposes of my test, has no Cable attached. So, obviously, the Network Configuration fails! I was ready for it to Find the WiFi, and had, in advance, populated the /firmware directory of a USB Thumbdrive, but it never gets to the step, where it is asking for it. Any Insights? Thanks in advance! Kenneth Parker Does the installer said missing firmware? or nothing at all? if the installer said missing firmware, you may take look my previous thread[2] (my solution are here[2]) [1] https://lists.debian.org/debian-user/2021/02/msg00727.html [2] https://lists.debian.org/debian-user/2021/02/msg00766.html -- Email : Robbi Nespu PGP fingerprint : D311 B5FF EEE6 0BE8 9C91 FA9E 0C81 FA30 3B3A 80BA PGP key : https://keybase.io/robbinespu/pgp_keys.asc
Re: [OT] Re: Social-media antipathy (was Re: How i can optimize my operating system?)
deloptes wrote: Well, they are brain washed - in a sense they know that it is impossible to stand up against and also might be not wise, because proven is the fact they manage things better than neighbor India or developed Europe. I wanted to avoid being criticized for praising China. can you give some examples that china manage better than india or europe?like all dictatorship, china rule by violence and propaganda china do better , because all bad news are hidden by communist leadership term Chinese government is quite misleadingit's used as if it's same as other legitimate government, i.e. elected by people its true nature is criminal group, as described in bill by US senator
Re: WiFi Hardware not detected, during Debian NetInst Install
On 3/21/21 3:27 PM, Kenneth Parker wrote: Hello, Later this week, I will be helping a friend install Debian onto a Lenovo Ideapad Laptop. This will be in a Public Space with, only WiFi available. Both his Lenovo, and my HP Laptop have the same WiFi hardware, found via a "lspci" command: Network controller: Realtek Semiconductor Co., Ltd. RTL8723DE 802.11b/g/n PCIe Adapter So, to ensure that we can complete the Install, I wanted to test, using, first a Debian Bullseye Netinst CD and, when it failed, a Debian Buster 10.3 NetInst CD. In both cases, I used my favorite, Text / Expert Install (but also tried Bullseye with the "normal" Text Install). it gets to the step, to find, and configure the Network, but only finds the Ethernet Port which, for the purposes of my test, has no Cable attached. So, obviously, the Network Configuration fails! I was ready for it to Find the WiFi, and had, in advance, populated the /firmware directory of a USB Thumbdrive, but it never gets to the step, where it is asking for it. Any Insights? I cannot explain why the d-i is not prompting for the Wi-Fi adapter firmware, but I would use a complete installation image, ignore Wi-Fi, and then add Wi-Fi afterwards: https://www.debian.org/CD/ David
Re: WiFi Hardware not detected, during Debian NetInst Install
On Sun, Mar 21, 2021 at 7:05 PM Brian wrote: > On Sun 21 Mar 2021 at 18:27:22 -0400, Kenneth Parker wrote: > > [...] > > > In both cases, I used my favorite, Text / Expert Install (but also tried > > Bullseye with the "normal" Text Install). it gets to the step, to find, > > and configure the Network, but only finds the Ethernet Port which, for > the > > purposes of my test, has no Cable attached. So, obviously, the Network > > Configuration fails! > > > > I was ready for it to Find the WiFi, and had, in advance, populated the > > /firmware directory of a USB Thumbdrive, but it never gets to the step, > > where it is asking for it. > > > > Any Insights? > > Try an official unofficial image linked at > > https://www.debian.org/distrib/ No good. I downloaded "Debian GNU/Linux bullseye-DI-alpha3 "Bullseye" - Unofficial amd64 NETINST with firmware 20201203-12:50" (Above was the description in the Expert Text Install). One note: It took about a minute on the "Detect Network Hardware" step, before continuing, and only finding Ethernet. So what is special about the RTL8723DE WiFi Adapter? (After Installation, I can find it, and the Realtek Firmware works). Thanks in advance, Kenneth Parker
Re: WiFi Hardware not detected, during Debian NetInst Install
On Sun 21 Mar 2021 at 18:27:22 -0400, Kenneth Parker wrote: [...] > In both cases, I used my favorite, Text / Expert Install (but also tried > Bullseye with the "normal" Text Install). it gets to the step, to find, > and configure the Network, but only finds the Ethernet Port which, for the > purposes of my test, has no Cable attached. So, obviously, the Network > Configuration fails! > > I was ready for it to Find the WiFi, and had, in advance, populated the > /firmware directory of a USB Thumbdrive, but it never gets to the step, > where it is asking for it. > > Any Insights? Try an official unofficial image linked at https://www.debian.org/distrib/ -- Brian.
Re: efibootmgr headach?
On 21/03/2021 5:30 pm, didier gaumet wrote: > Le 21/03/2021 à 11:17, Morgan Read a écrit : > [...] >> I was trying to boot from standard PureOS usb boot image. > [...] >> 'The selected boot device failed. Press to Continue.' > [...] > > Hint: the following page of the PureOS website seems to indicate that > PureOS is not UEFI compliant > https://tracker.pureos.net/w/installation_guide/boot_prompt/ > > I just downloaded the PureOS iso file and I cam confirm this is still > valid: needed EFI files are not present > > So if you want to boot PureOS and your UEFI permit it, configure it in > something like BIOS Legacy mode or BIOS compatibility mode (try to make > your UEFI be seen by the OS as a real BIOS). > When you want to boot Windows/Fedora/Debian, revert to pure UEFI Thanks Didier, Greg & Deloptes Right! So, TWO problems - I might have guessed I was getting poked from two sides at once... 1) PureOS doesn't do UEFI - yup, that would have lost me completely - thank you very much Didier for noticing that! 2) '... although if you have something like "Fast Boot" etc. could cause problems.' Hmm - I wonder - I do have 'Fast Boot' enabled... Thank you Deloptes, I will investigate. M
Cannot see update to recent linux kernel 5.10.19-1~bpo10+1 (from 5.10.13-1~bpo10+1)
Hi, I'm running the following kernel: $ uname -a Linux 5.10.0-0.bpo.3-amd64 #1 SMP Debian 5.10.13-1~bpo10+1 (2021-02-11) x86_64 GNU/Linux Backports repository is configured: $ cat /etc/apt/sources.list deb http://deb.debian.org/debian/ buster main contrib non-free deb-src http://deb.debian.org/debian/ buster main contrib non-free deb http://security.debian.org/debian-security buster/updates main contrib non-free deb-src http://security.debian.org/debian-security buster/updates main contrib non-free deb http://deb.debian.org/debian/ buster-updates main contrib non-free deb-src http://deb.debian.org/debian/ buster-updates main contrib non-free deb http://deb.debian.org/debian/ buster-backports main contrib non-free deb-src http://deb.debian.org/debian/ buster-backports main contrib non-free However, apt doesn't inform me about new version 5.10.19-1~bpo10+1 (according to https://tracker.debian.org/pkg/linux): $ sudo apt update [...] Hit:3 http://deb.debian.org/debian buster-backports InRelease [...] Reading package lists... Done Building dependency tree Reading state information... Done All packages are up to date. apt policy doesn't see any newer version as well: $ apt policy linux-image-5.10.0-0.bpo.3-amd64 linux-image-5.10.0-0.bpo.3-amd64: Installed: 5.10.13-1~bpo10+1 Candidate: 5.10.13-1~bpo10+1 Version table: *** 5.10.13-1~bpo10+1 100 100 http://deb.debian.org/debian buster-backports/main amd64 Packages 100 /var/lib/dpkg/status Could you explain me why I can't update to 5.10.19-1~bpo10+1? Is something misconfigured somewhere please? Are mirrors simply not up to date yet (5 days old)? Thanks in advance :) Best regards, l0f4r0
WiFi Hardware not detected, during Debian NetInst Install
Hello, Later this week, I will be helping a friend install Debian onto a Lenovo Ideapad Laptop. This will be in a Public Space with, only WiFi available. Both his Lenovo, and my HP Laptop have the same WiFi hardware, found via a "lspci" command: > Network controller: Realtek Semiconductor Co., Ltd. RTL8723DE 802.11b/g/n PCIe Adapter So, to ensure that we can complete the Install, I wanted to test, using, first a Debian Bullseye Netinst CD and, when it failed, a Debian Buster 10.3 NetInst CD. In both cases, I used my favorite, Text / Expert Install (but also tried Bullseye with the "normal" Text Install). it gets to the step, to find, and configure the Network, but only finds the Ethernet Port which, for the purposes of my test, has no Cable attached. So, obviously, the Network Configuration fails! I was ready for it to Find the WiFi, and had, in advance, populated the /firmware directory of a USB Thumbdrive, but it never gets to the step, where it is asking for it. Any Insights? Thanks in advance! Kenneth Parker
Re: routing problem
On 22/3/21 5:17 am, Dan Ritter wrote: ghe2001 wrote: There are 2 computers on my LAN. I'll call one Fast and the other Slow. When I, for example, type ping www.cbs.com, Fast pings right away, Slow pauses for about 5 seconds ('time' says that). When I ping something in /etc/hosts, both start right away. On Slow, 'route' takes the 5 second pause, but 'route -n' is fast. On Fast, both are equally snappy. You have just described a DNS lookup problem. -dsr- in particular cat /etc/resolv.conf on each machine and then use dig @ google.com One or more of the digs will be slow on the slow machine telling you where your DNS problems are I'd suggest copying /etc/resolv.conf from the fast machine to slow machine, but it's often overwritten by abominations such as NetworkManager -- Jeremy OpenPGP_signature Description: OpenPGP digital signature
Re: routing problem
ghe2001 wrote: > There are 2 computers on my LAN. I'll call one Fast and the other Slow. > When I, for example, type ping www.cbs.com, Fast pings right away, Slow > pauses for about 5 seconds ('time' says that). When I ping something in > /etc/hosts, both start right away. On Slow, 'route' takes the 5 second > pause, but 'route -n' is fast. On Fast, both are equally snappy. > You have just described a DNS lookup problem. -dsr-
routing problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Debian GNU/Linux (Buster) There are 2 computers on my LAN. I'll call one Fast and the other Slow. When I, for example, type ping www.cbs.com, Fast pings right away, Slow pauses for about 5 seconds ('time' says that). When I ping something in /etc/hosts, both start right away. On Slow, 'route' takes the 5 second pause, but 'route -n' is fast. On Fast, both are equally snappy. It didn't used to be that way. They both used to be snappy. And I can't figure out why. Routing tables: Fast: route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface default 10.200.184.254 0.0.0.0 UG0 00 enp8s0 localnet0.0.0.0 255.255.255.0 U 0 00 enp8s0 216.17.134.00.0.0.0 255.255.255.0 U 0 00 enp7s0 route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 10.200.184.254 0.0.0.0 UG0 00 enp8s0 10.200.184.00.0.0.0 255.255.255.0 U 0 00 enp8s0 216.17.134.00.0.0.0 255.255.255.0 U 0 00 enp7s0 Slow: route Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface default 10.200.184.254 0.0.0.0 UG0 00 eth0 10.200.184.00.0.0.0 255.255.255.0 U 0 00 eth0 link-local 0.0.0.0 255.255.0.0 U 1000 00 eth0 216.17.134.00.0.0.0 255.255.255.0 U 0 00 eth0 route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 10.200.184.254 0.0.0.0 UG0 00 eth0 10.200.184.00.0.0.0 255.255.255.0 U 0 00 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1000 00 eth0 216.17.134.00.0.0.0 255.255.255.0 U 0 00 eth0 (169.254.0.0 in IANA -- no idea why that's in there. It's not mentioned in /etc/network/interfaces.) Both these are built by the same version of the OS on boot. Why they're different, I have no idea -- Fast has 2 Ethernet holes, Slow has 1 (configured as eth0 and eth0:1 to get to the 2 nets). I've tried removing the link-local line from the Slow's table -- doesn't seem to make any difference. Other than routing, Slow (with i5 CPU, DDR4 RAM, same clock speed) runs circles around Fast. -- Glenn English -BEGIN PGP SIGNATURE- Version: ProtonMail wsBzBAEBCAAGBQJgV7EKACEJEObKK1bRaqt3FiEExEbtoeXBeE9fruv35sor VtFqq3dWDQgAtpKNGULtszPvWr6Gk9k0ZdPngzUf7zlNNpKLob9H8RgsWOYJ i7zwPNp4sL8mRce24wIJGDukln40JLSSWp6QMbtHtdpVM54anmF7VWRihqFJ l2+tUxcVeLb6wG5m/x5ly1OnSs4C7oHbQAntON1O4q51sn/5egiLMaIypBsY CzmbH/GuBM+cmr8vBc2HHq8CA16gD5CzUvYHKlyeN58OWUvQcrTjnMveYZ+I Z1dFIYT+9vLV+dVlvpAhYIUbhwYW1hP6QhdeVKHGaLjV+zu8cEov0kQhhFtH J0m7yVmp681Xzxp2dCvrjLW7u6duPCLyqb94z/xX+UJyJ551gjf/OQ== =MuPr -END PGP SIGNATURE-
Re: efibootmgr headach?
On Sun, 21 Mar 2021 19:51:26 +0100 deloptes wrote: > Greg Wooledge wrote: > > > "debian" is obviously put there by the Debian installer. There may > > be other entries as well, which were put there by other entities. > > you are right, but OP said he left Windows months ago > The BIOS, or whatever it's supposed to be called these days, mucks about with the EFI table. In the case of a certain Acer BIOS, any attempt to set DefaultBoot will be overwritten by the default first drive, and if that drive does not contain the relevant code, booting will not occur, and another 'debian' entry will be added to the EFI table. The BIOS will continue to try to boot from the unbootable drive, and will add another EFI entry each time it does so. -- Joe
Re: efibootmgr headach?
Sorry, the link to the Fedora doc: https://blog.uncooperative.org/blog/2014/02/06/the-efi-system-partition/
Re: efibootmgr headach?
the /EFI/BOOT subdirectory is a common standard: https://members.uefi.org/specs/esp_registry I have not retrieved the UEFI specification wich details its usage, but there is a Fedora doc that explains it a little the shim (SecureBoot) case. And I seem to recall that years ago, I needed to manually copy /boot/efi/EFI/debian/grubx64.efi to /boot/efi/EFI/Boot/bootx64.efi for Debian to boot.
Re: efibootmgr headach?
Greg Wooledge wrote: > "debian" is obviously put there by the Debian installer. There may > be other entries as well, which were put there by other entities. you are right, but OP said he left Windows months ago
Re: efibootmgr headach?
Le 21/03/2021 à 11:17, Morgan Read a écrit : [...] I was trying to boot from standard PureOS usb boot image. [...] 'The selected boot device failed. Press to Continue.' [...] Hint: the following page of the PureOS website seems to indicate that PureOS is not UEFI compliant https://tracker.pureos.net/w/installation_guide/boot_prompt/ I just downloaded the PureOS iso file and I cam confirm this is still valid: needed EFI files are not present So if you want to boot PureOS and your UEFI permit it, configure it in something like BIOS Legacy mode or BIOS compatibility mode (try to make your UEFI be seen by the OS as a real BIOS). When you want to boot Windows/Fedora/Debian, revert to pure UEFI
Re: Sugerencias de front end para KVM
El 2021-03-21 a las 17:06 +0100, Roberto Leon Lopez escribió: > Buenas, ya tengo mis scripts desarrollados para facilitar la creación de > máquinas KVM, de hecho estoy en proceso de transformar las antiguas máquinas > VirtualBox a KVM. Hasta ahora me he manejado bien con los scripts pero se > hace pesado cuando ya tienes dos servidores dedicados a virtualización con > vista de un tercero, con más de 10 máquinas virtuales sean linux > Debian/Ubuntu/Centos/Redhat y Windows10. > > Me recomendáis algún frontend para hacer más cómodo el día a día. He leído > sobre virt-manager pero tendría que montar un servicio vnc en cada nodo, > también de Cockpit pero lo primero que hace es instalar NetworkManager y > fastidiar la red que tengo. Sólo algunos apuntes, por si te sirve de ayuda en la decisión. En la página de KVM tienes un buen listado de sistemas de gestión: https://www.linux-kvm.org/page/Management_Tools Y en Debian veo disponible el paquete «aqemu», aunque desconozco si su desarrollo seguirá activo. Saludos, -- Camaleón
Re: efibootmgr headach?
On Sun, Mar 21, 2021 at 12:01:51PM +0100, deloptes wrote: > I don't know about /boot/efi/EFI/BOOT > IMO it shouldn't be there > > # ls /boot/efi/EFI/ > debian > > The directory "debian" is the entry, you see when the PC boots. "debian" is obviously put there by the Debian installer. There may be other entries as well, which were put there by other entities. unicorn:~$ sudo ls /boot/efi/EFI [sudo] password for greg: Boot debian HP Microsoft
Re: Sugerencias de front end para KVM
Buenas... Hay varias alternativas de las cuales he probado algunas: - kimchi (https://github.com/kimchi-project/kimchi) - Cockpit Web Console (https://cockpit-project.org/) - VMDashboard (https://vmdashboard.org/) No diría que es una recomendación para lo que buscas (Ya que es un poco salida de onda, si ya tienes tus VMs montadas) es usar PROXMOX ( https://www.proxmox.com/). Es Debian y KVM en la base, y tiene un interfaz web que sirve muy bien para los propósitos de administración de las VMs, maneja clusterización y movimiento en línea de las VMs. Aunque luego no puedas tán fácilmente actualizar, tiene la ventaja de que puedes conectarte a los repos de Debian si luego quieres instalar paquetes adicionales para agregar nuevas funcionalidades. Lo he usado en varias instalaciones, y lo recomiendo usar si buscas una plataforma de virtualización estable. Si ya luego decides pagar la suscripción, tu decides, pero tienes todos los componentes para realizar una buena virtualización desde el primer momento. Saludos, German Cardozo Chirinos ~ memento mori ~ :wq! On Sun, Mar 21, 2021 at 10:06 AM Roberto Leon Lopez < i32lelor.deb...@gmail.com> wrote: > Buenas, ya tengo mis scripts desarrollados para facilitar la creación de > máquinas KVM, de hecho estoy en proceso de transformar las antiguas > máquinas VirtualBox a KVM. Hasta ahora me he manejado bien con los scripts > pero se hace pesado cuando ya tienes dos servidores dedicados a > virtualización con vista de un tercero, con más de 10 máquinas virtuales > sean linux Debian/Ubuntu/Centos/Redhat y Windows10. > > Me recomendáis algún frontend para hacer más cómodo el día a día. He leído > sobre virt-manager pero tendría que montar un servicio vnc en cada nodo, > también de Cockpit pero lo primero que hace es instalar NetworkManager y > fastidiar la red que tengo. > > Un saludo. >
Sugerencias de front end para KVM
Buenas, ya tengo mis scripts desarrollados para facilitar la creación de máquinas KVM, de hecho estoy en proceso de transformar las antiguas máquinas VirtualBox a KVM. Hasta ahora me he manejado bien con los scripts pero se hace pesado cuando ya tienes dos servidores dedicados a virtualización con vista de un tercero, con más de 10 máquinas virtuales sean linux Debian/Ubuntu/Centos/Redhat y Windows10. Me recomendáis algún frontend para hacer más cómodo el día a día. He leído sobre virt-manager pero tendría que montar un servicio vnc en cada nodo, también de Cockpit pero lo primero que hace es instalar NetworkManager y fastidiar la red que tengo. Un saludo.
efibootmgr headach?
Hello Folks, (Apologies for the long post, but there's a lot of circularity to follow...) I'm finding it difficult to understand the relationship between efibootmgr, what's showing up in my F10 boot 'BIOS setup options > System Configuration > Boot Options' and what exists under /boot/efi/EFI I was trying to boot from standard PureOS usb boot image. No trouble booting from usb before (iirc). Trying to boot from the usb has failed with the machine going straight to into debian. I booted with F10 into the 'BIOS setup options > System Configuration > Boot Options' and selected the boot order under 'UEFI Boot Order' to be 'USB Diskette on Key/USB Hard Disk', 'USB CD/DVD ROM Drive' and finally 'OS Boot Manager'. Changing that order didn't change anything ('OS Boot Manager' was initially first). Next boot I had a look under the 'OS Boot Manager' menu and there were a couple of old entries other than 'debian': 'fedora' and 'Windows Boot Manager'. ('Doz$ left my system 5 years ago when it arrived in the post...) After a bit of Internet searching I discovered efibootmgr and also that redundant entries can accumulate under /boot/efi/EFI. Under /boot/efi/EFI I discovered: $ sudo ls /boot/efi/EFI BOOT debian fedora And, efibootmgr: $ sudo efibootmgr BootCurrent: 0004 Timeout: 0 seconds BootOrder: 0004,,0001, Boot* fedora Boot0001* Solid State Disk Boot0004* debian Boot* USB Drive (UEFI) 'efibootmgr -b 0 -B' got rid of the fedora entry from both efibootmgr and the BIOS 'OS Boot Manager' menu, but left /boot/efi/EFI/fedora which I delete manually. efibootmgr -n produced: 'The selected boot device failed. Press to Continue.' On next boot followed by the 'Boot Manager - Boot Options Menu' with listings as for the 'OS Boot Manager' efibootmgr -t 10 does seem to have an effect, counting the difference between t=0 and t=10 and reboot and grub menu - but, I never see an OS boot menu to choose between 'USB Diskette on Key/USB Hard Disk', 'USB CD/DVD ROM Drive' and 'OS Boot Manager' So, I was left with: 'Windows Boot Manager' 'debian' Under the F10 boot 'BIOS setup options > System Configuration > Boot Options' menu; BOOT debian directories under /boot/efi/EFI; And, efibootmgr gave me- $ sudo efibootmgr BootCurrent: 0004 Timeout: 0 seconds BootOrder: 0004,0001, Boot0001* Solid State Disk Boot0004* debian Boot* USB Drive (UEFI) I had a punt that 'Boot0001* Solid State Disk' /boot/efi/EFI/BOOT and the Boot Options' menu entry 'Windows Boot Manager' might be related so did 'efibootmgr -b 1 -B' and that removed the 'Boot Options' menu entry 'Windows Boot Manager' but not /boot/efi/EFI/BOOT. So, I moved /boot/efi/EFI/BOOT to /BOOT and nothing seemed to change on rebooting - so, I put back /boot/efi/EFI/BOOT and low and behold, under the 'Boot Options' menu the 'Windows Boot Manager' had reappeared and efibootmgr now gives me: BootCurrent: 0004 Timeout: 0 seconds BootOrder: 0004,0005, Boot0004* debian Boot0005* Solid State Disk Boot* USB Drive (UEFI) I feel like I'm going completely potty!!! Is anyone able to shed some light on what is going on? And, get me able to boot from my usb flash drive...? (Again.) System info to follow. Thanks, Morgan. $ uname -a Linux mymachine 4.19.0-14-amd64 #1 SMP Debian 4.19.171-2 (2021-01-30) x86_64 GNU/Linux $ sudo lshw -short -sanitize H/W path Device Class Description == system HP Spectre x360 Convertible (N5R16UA#ABA) /0 bus802D /0/0memory 64KiB BIOS /0/10 memory 32KiB L1 cache /0/11 memory 32KiB L1 cache /0/12 memory 256KiB L2 cache /0/13 memory 3MiB L3 cache /0/14 processor Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz /0/16 memory 8GiB System Memory /0/16/0 memory 4GiB Row of chips LPDDR3 Synchronous 1600 MHz (0.6 ns) /0/16/1 memory 4GiB Row of chips LPDDR3 Synchronous 1600 MHz (0.6 ns) /0/100 bridge Broadwell-U Host Bridge -OPI /0/100/2displayHD Graphics 5500 /0/100/3multimedia Broadwell-U Audio Controller /0/100/14 busWildcat Point-LP USB xHCI Controller /0/100/14/0 usb1 busxHCI Host Controller /0/100/14/0/1 input USB Optical Mouse /0/100/14/0/3 multimedia HP Wide Vision FHD Camera /0/100/14/0/4 input Touchscreen /0/100/14/0/5 input ITE
Re: administrer un serveur via cockpit
> Bonjour, > > pas encore pris le temps d'aller voir les liens, mais perso j'utilise > de > temps en temps Cockpit pour "administrer" les serveurs directement > avec > le compte "root" de ceux-ci. > J'avais remarqué que si le compte "root" a le même mot de passe sur > chacun des serveurs ajoutés dans Cockpit, il est possible de les > avoir > tous sous la main en cliquant sur "Réutiliser mon mot de passe pour > les > tâches privilégiées", les autres machines seront alors administrables > sans s'embêter... > Mais peut-être est-ce une mauvaise méthode un peu bofbof point de vue > sécurité, il est alors peut-être judicieux de créer un user identique > sur chaque machine qui pourra administrer ces différentes machines ? > > Bien à toi Bonjour, Ce que je propose est un peut particulier, il s'agit de créer un utilisateur cockpit sans home avec les droits "seteuid" et qui aura accès à l'interface d'administration en lecture seule ... Ensuite, sur chaque machine le compte root est employé sans que ce soit le même mot de passe avec un système "crédentiel" et en employant kerberos Je remercie particulièrement Basile Starynkevitch qui m'a indiqué les pages du manuel à consulter : man credentials(7): https://man7.org/linux/man-pages/man7/credentials.7.html man seteuid(2): https://man7.org/linux/man-pages/man2/seteuid.2.html man passwd(5) https://man7.org/linux/man-pages/man2/passwd.5.html man syscalls(2) : https://man7.org/linux/man-pages/man2/syscalls.2.html Merci pour votre aimable attention Bien à vous Bernard
Re: [OT] Re: Social-media antipathy (was Re: How i can optimize my operating system?)
On Sun, 21 Mar 2021 14:33:50 +0100 deloptes wrote: > Weaver wrote: > > > > I was in China at the time, and it was far from > > `totalitarian/militant'. The people just played it smart, as they > > also did in New Zealand, which was also not > > `totalitarian/militant'. > > Well, they are brain washed - in a sense they know that it is > impossible to stand up against and also might be not wise, because > proven is the fact they manage things better than neighbor India or > developed Europe. I wanted to avoid being criticized for praising > China. > > The Chinese government knows that it is the government of China, and not a participant in some kind of international PC-willy-waving contest with no prizes. The same with Russia and a few other non-western countries. -- Joe
Re: [OT] Re: Social-media antipathy (was Re: How i can optimize my operating system?)
Weaver wrote: > On 21-03-2021 20:39, deloptes wrote: >> Andrei POPESCU wrote: >> >>> In hindsight, what was meant as a joke probably came out as mocking, I >>> apologise for that. >>> >>> I'm sure you do know that the public key needs to be made available for >>> others to be able to send you encrypted messages. >>> >>> Of course the *primary* private key should be protected properly. A >>> Debian recommendation (that I can't find) was suggesting to generate and >>> keep it on a Tails USB stick and use it only for certifying other keys. >>> >>> Day to day work (messages, signing packages, etc.) should be done with >>> sub-keys instead. >> >> Yes, I recall this from the past. So basically there are two use cases >> here. What I was reffering to is cases like Snowden or Assange or some >> investigative journalists who do not survive like Navalni and are not >> Russians ;-). > > Well, Navalny isn't an investigative journalist, he's just an agitator. > And, word is, he's a CIA asset, so you're right in he isn't Russian, > either. He got it lucky: I thought he'd wind up in Black Dolphin, or > similar, but he got a really easy gig in a work camp, not far from > Moscow. > Yes he is working for one guy called Bill Browder, who himself is behind the anti Russia campaigns - google it - it is worth reading/knowing. Everytime I write in public about it, I fear, although I am in a western democratic country. I fear, because I know what happened to people with much more capabilities than me. >> You are reffering to cases in the public domain, but IMO here it works >> perfectly well (signing packages or similar) >> In the use case I reffer to one should take care of his/her life. > > This is important. The individual has the right to make their own > decisions on their own personal existence. The right to make the wrong > one, and the right to suffer by it. > Indeed - this is why I am against over regulating stuff. For example I find it good that in the EU food manufactureres are obliged to write the content on the package. You then decide if you buy and eat or not. It is amazing to me that these products still sell - something called food and does not have anything to do with food. No wonder stomach and other types of cancer explode. >> Exchanging >> keys via public domain is not what I would do and even so - it was >> proven "they" are capturing your screen (after you decrypted) and sending >> it home for further analyses. > > Making the `public domain `public' again would be a good move. When the > network is owned, as it is now, there will always be compromise. There > will be a `product' to sell. > Agree - but it is complicated topic. IMO it is similar to Water Supply - also very interesting stories, no one is talking about (France, England, Germany etc.). >> In the public domain I do not see how the avg. Joe would manage it to >> stay safe. It is impossible ... most do not care, do not understand or do >> not have the capacity. > > Most are currently involved with whether they're going to be voting > Republican or Democrat, next time, in and endless cycle of always voting > for the same party with two different names, and which of the two only > pre-selected Presidential candidates they are going to place their faith > in, in a show that is no more than the illusion of a democratic process. > >> I would not bother unless they have the right to vote - >> and yes they do and so determine your future. >> >> So to jump to the conclusion - this form of democracy is counter >> productive and we should have open debate regarding some better form of >> democracy - lets say next generation democracy. (Covid-19 also showed >> that a more totalitarian/military style approach gives better results - >> and I do not mean China here). > > I was in China at the time, and it was far from `totalitarian/militant'. > The people just played it smart, as they also did in New Zealand, which > was also not `totalitarian/militant'. Well, they are brain washed - in a sense they know that it is impossible to stand up against and also might be not wise, because proven is the fact they manage things better than neighbor India or developed Europe. I wanted to avoid being criticized for praising China.
Re: su - kees en DISPLAY voor kees
On Sun, Mar 21, 2021 at 02:09:19PM +0100, Richard Lucassen wrote: > On Sun, 21 Mar 2021 10:45:55 +0100 Geert Stappers wrote: > > On Sun, Mar 21, 2021, Richard Lucassen wrote: > > > sudo -u kees XAUTHORITY=/home/kees/.Xauthority /path/to/executable > > > > Daarmee aan de slag gegaan en na wat expirimenten: > > > > > > sudo -u kees xterm & > > > > > > En in die Xterm heb ik de gewenste "su - kees" en DISPLAY gevuld. > > Dat hoeft niet: > > sudo -u kees XAUTHORITY=/home/kees/.Xauthority /usr/bin/xterm > > Die is dan al van user kees, je hoeft als het goed is dan niets meer te > doen in die xterm aan su en zo Ja
Re: graphic tablet
Kamil Jońca writes: > I thought about HUION 1060p, but there are different opinions (for For a record: I took a risk and bought it. After putting: --8<---cut here---start->8--- Section "InputClass" Identifier "Huion on wacom" MatchIsTablet "on" MatchProduct "HID 256c:006d Pad" MatchDevicePath "/dev/input/event*" Driver "wacom" EndSection --8<---cut here---end--->8--- in /etc/X11/xorg.conf.d/50-huion.conf situation is as follows: - moving works (can draw in gimp) :) - tablet side buttons work (at least are reported by xev) - pen buttons seems to work but I am not sure what they really do (in gimp they can move cannvas and show menu) - 16 press fields does not work or I cannot configure them KJ -- http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
Re: administrer un serveur via cockpit
Bonjour, pas encore pris le temps d'aller voir les liens, mais perso j'utilise de temps en temps Cockpit pour "administrer" les serveurs directement avec le compte "root" de ceux-ci. J'avais remarqué que si le compte "root" a le même mot de passe sur chacun des serveurs ajoutés dans Cockpit, il est possible de les avoir tous sous la main en cliquant sur "Réutiliser mon mot de passe pour les tâches privilégiées", les autres machines seront alors administrables sans s'embêter... Mais peut-être est-ce une mauvaise méthode un peu bofbof point de vue sécurité, il est alors peut-être judicieux de créer un user identique sur chaque machine qui pourra administrer ces différentes machines ? Bien à toi Le 19/03/2021 à 11:10, Bernard Schoenacker a écrit : > Bonjour, > > Je viens de voir un article assez succinct et > je reste sur ma faim du fait que ce n'est pas > suffisamment explicite sur la création d'un > compte dédié pour l'administration à partir > d'une page ouaibe ... > > voici le lien : > > https://www.linuxtricks.fr/wiki/debian-administrer-son-serveur-en-web-avec-cockpit > > en Anglais : > https://www.howtogeek.com/702841/how-to-manage-linux-servers-with-the-cockpit-web-interface/ > > Merci pour votre aimable attention > > Bien à vous > > Bernard >
Re: su - kees en DISPLAY voor kees
On Sun, 21 Mar 2021 10:45:55 +0100 Geert Stappers wrote: > > sudo -u kees XAUTHORITY=/home/kees/.Xauthority /path/to/executable > > Daarmee aan de slag gegaan en na wat expirimenten: > > > sudo -u kees xterm & > > > En in die Xterm heb ik de gewenste "su - kees" en DISPLAY gevuld. Dat hoeft niet: sudo -u kees XAUTHORITY=/home/kees/.Xauthority /usr/bin/xterm Die is dan al van user kees, je hoeft als het goed is dan niets meer te doen in die xterm aan su en zo -- richard lucassen http://contact.xaq.nl/
Re: [OT] Re: Social-media antipathy (was Re: How i can optimize my operating system?)
On 21-03-2021 20:39, deloptes wrote: > Andrei POPESCU wrote: > >> In hindsight, what was meant as a joke probably came out as mocking, I >> apologise for that. >> >> I'm sure you do know that the public key needs to be made available for >> others to be able to send you encrypted messages. >> >> Of course the *primary* private key should be protected properly. A >> Debian recommendation (that I can't find) was suggesting to generate and >> keep it on a Tails USB stick and use it only for certifying other keys. >> >> Day to day work (messages, signing packages, etc.) should be done with >> sub-keys instead. > > Yes, I recall this from the past. So basically there are two use cases here. > What I was reffering to is cases like Snowden or Assange or some > investigative journalists who do not survive like Navalni and are not > Russians ;-). Well, Navalny isn't an investigative journalist, he's just an agitator. And, word is, he's a CIA asset, so you're right in he isn't Russian, either. He got it lucky: I thought he'd wind up in Black Dolphin, or similar, but he got a really easy gig in a work camp, not far from Moscow. > You are reffering to cases in the public domain, but IMO here it works > perfectly well (signing packages or similar) > In the use case I reffer to one should take care of his/her life. This is important. The individual has the right to make their own decisions on their own personal existence. The right to make the wrong one, and the right to suffer by it. > Exchanging > keys via public domain is not what I would do and even so - it was > proven "they" are capturing your screen (after you decrypted) and sending > it home for further analyses. Making the `public domain `public' again would be a good move. When the network is owned, as it is now, there will always be compromise. There will be a `product' to sell. > In the public domain I do not see how the avg. Joe would manage it to stay > safe. It is impossible ... most do not care, do not understand or do not > have the capacity. Most are currently involved with whether they're going to be voting Republican or Democrat, next time, in and endless cycle of always voting for the same party with two different names, and which of the two only pre-selected Presidential candidates they are going to place their faith in, in a show that is no more than the illusion of a democratic process. > I would not bother unless they have the right to vote - > and yes they do and so determine your future. > > So to jump to the conclusion - this form of democracy is counter productive > and we should have open debate regarding some better form of democracy - > lets say next generation democracy. (Covid-19 also showed that a more > totalitarian/military style approach gives better results - and I do not > mean China here). I was in China at the time, and it was far from `totalitarian/militant'. The people just played it smart, as they also did in New Zealand, which was also not `totalitarian/militant'. Cheers! Harry -- `The World is not dangerous because of those who do harm but because of those who look on without doing anything'. -- Albert Einstein
Re: efibootmgr headach?
Morgan Read wrote: > I had a punt that 'Boot0001* Solid State Disk' /boot/efi/EFI/BOOT and > the Boot Options' menu entry 'Windows Boot Manager' might be related so > did 'efibootmgr -b 1 -B' and that removed the 'Boot Options' menu entry > 'Windows Boot Manager' but not /boot/efi/EFI/BOOT. So, I moved > /boot/efi/EFI/BOOT to /BOOT and nothing seemed to change on rebooting - > so, I put back /boot/efi/EFI/BOOT and low and behold, under the 'Boot > Options' menu the 'Windows Boot Manager' had reappeared and efibootmgr > now gives me: > BootCurrent: 0004 > Timeout: 0 seconds > BootOrder: 0004,0005, > Boot0004* debian > Boot0005* Solid State Disk > Boot* USB Drive (UEFI) > > I feel like I'm going completely potty!!! Is anyone able to shed some > light on what is going on? And, get me able to boot from my usb flash > drive...? (Again.) > > System info to follow. I don't know about /boot/efi/EFI/BOOT IMO it shouldn't be there # ls /boot/efi/EFI/ debian The directory "debian" is the entry, you see when the PC boots. What is in /boot/efi/EFI is a bit of UEFI code that tells the system to read from /boot/grub/grub.cfg. You handle this with 1. boot in UEFI mode 2. grub-install /dev/sdX 3. update-grub check with efibootmgr # efibootmgr -v BootCurrent: 0003 Timeout: 1 seconds BootOrder: 0003,0006,0005,0007,0008 Boot0003* debian HD(1,GPT,b5d4d6b6-4111-4591-bf50-71df738ef848,0x800,0x8)/File(\EFI\debian\shimx64.efi) Boot0005* WDC WDS500G1B0A-00H9H0BBS(HD,,0x0)AMBO Boot0006* TSSTcorp CDDVDW SN-208AB BBS(CDROM,,0x0)AMBO Boot0007* WDC WDS500G1R0A-68A4W0 BBS(HD,,0x0)AMBO Boot0008* IBA GE Slot 00C8 v1372BBS(Network,,0x0)AMBO Last but not least it also depends on how the BIOS is done, but recent work quite well, although if you have something like "Fast Boot" etc. could cause problems.
Re: [OT] Re: Social-media antipathy (was Re: How i can optimize my operating system?)
Andrei POPESCU wrote: > In hindsight, what was meant as a joke probably came out as mocking, I > apologise for that. > > I'm sure you do know that the public key needs to be made available for > others to be able to send you encrypted messages. > > Of course the *primary* private key should be protected properly. A > Debian recommendation (that I can't find) was suggesting to generate and > keep it on a Tails USB stick and use it only for certifying other keys. > > Day to day work (messages, signing packages, etc.) should be done with > sub-keys instead. Yes, I recall this from the past. So basically there are two use cases here. What I was reffering to is cases like Snowden or Assange or some investigative journalists who do not survive like Navalni and are not Russians ;-). You are reffering to cases in the public domain, but IMO here it works perfectly well (signing packages or similar) In the use case I reffer to one should take care of his/her life. Exchanging keys via public domain is not what I would do and even so - it was proven "they" are capturing your screen (after you decrypted) and sending it home for further analyses. In the public domain I do not see how the avg. Joe would manage it to stay safe. It is impossible ... most do not care, do not understand or do not have the capacity. I would not bother unless they have the right to vote - and yes they do and so determine your future. So to jump to the conclusion - this form of democracy is counter productive and we should have open debate regarding some better form of democracy - lets say next generation democracy. (Covid-19 also showed that a more totalitarian/military style approach gives better results - and I do not mean China here).
Re: su - kees en DISPLAY voor kees
On Sun, Mar 21, 2021 at 09:44:45AM +0100, Richard Lucassen wrote: > xhost wordt om security redenen wel afgeraden. `xhost +` wordt om security redenen wel afgeraden. Vandaar de subtielere `xhost +si:local:kees` Om een of andere reden gaat dat nu niet meer, een `xhost +local` wel. Niet heel subtiel. > Je kunt daarentegen ook de xauth-cookie gebruiken: > > COOKIE=$(xauth list ${DISPLAY} | egrep -wo '[0-9a-f]{32,32}') > sudo -u kees xauth -f /home/kees/.Xauthority add ${DISPLAY} . ${COOKIE} > > sudo -u kees XAUTHORITY=/home/kees/.Xauthority /path/to/executable Daarmee aan de slag gegaan en na wat expirimenten: sudo -u kees xterm & En in die Xterm heb ik de gewenste "su - kees" en DISPLAY gevuld. Dank. Groeten Geert Stappers -- Silence is hard to parse
Re: Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)
On 21.03.2021 12:40, Andrei POPESCU wrote: [Bcc: debian-boot] Dear Debian-User subscribers, The Release Notes editor is asking whether this is still an issue for bullseye (i.e. if the patch to Debian Installer mentioned below was applied in the meantime). It will be a while until I get to check that. If someone can confirm either way please write to #977358. Full quote below for context. Thanks, Andrei This is still an issue for bullseye. Patch was not applied, but solution works if you apply it manually after OS installation. I've tested it on latest weekly build (debian-testing-amd64-netinst.iso). -- With kindest regards, Alexander. ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org ⠈⠳⣄
Re: su - kees en DISPLAY voor kees
On Sat, 20 Mar 2021 21:42:28 +0100 Geert Stappers wrote: > xhost +si:local:kees > echo $DISPLAY xhost wordt om security redenen wel afgeraden. Je kunt daarentegen ook de xauth-cookie gebruiken: COOKIE=$(xauth list ${DISPLAY} | egrep -wo '[0-9a-f]{32,32}') sudo -u kees xauth -f /home/kees/.Xauthority add ${DISPLAY} . ${COOKIE} sudo -u kees XAUTHORITY=/home/kees/.Xauthority /path/to/executable R. -- richard lucassen http://contact.xaq.nl/
Re: [OT] Re: Social-media antipathy (was Re: How i can optimize my operating system?)
On Sb, 20 mar 21, 19:11:07, deloptes wrote: > Andrei POPESCU wrote: > > > In my (not so humble) opinion, this level of security could make sense > > for a disident in a totalitarian state, less so for regular users in > > democratic country. > > > > And you disappoint me here too - you believe in illusion of democracy, which > is not so obvious as i.e. in China, but I found out it is even much worse. > No need to argue and explain - I will not - Assange, Snowden are enough! > This is like in The Matrix. > Enjoy the feeling for democracy as long as you can, but keep in mind the > reality is not so far from a "totalitarian state" and don't take the > colorful glasses off - it may lead to depression. As someone who grew up in a totalitarian state I'm quite aware of the differences as well as similarities, thank you. My point is that going full "encrypt everything on an air-gapped machine" might work for you, but it's *not* going to scale well as a defence to *mass* surveillance. While it might protect you, the vast majority of users will just dismiss this as complete paranoia and carry on *willingly* providing their data to various companies and governments, data that totalitarian surveillance in previous times could only dream of. Mass surveillance doesn't care about any single individual, the point is to get data from as many people as possible, whether in the name of "security" or to sell it to advertisers. Protecting only ourselves is meaningless in this context, we are just a statistical rounding error anyway. Getting the majority of users on services that are resistent to mass surveillance (even if less than perfect) is the only way to make a difference here. I'm guessing most of us are the ones friends and family turn to for advice on those pesky technical matters that they don't care about enough to learn, and we can make a difference simply by getting them to switch from WhatAspp to Signal or from Gmail to ProtonMail. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: [OT] Re: Social-media antipathy (was Re: How i can optimize my operating system?)
On Sb, 20 mar 21, 19:03:58, deloptes wrote: > Andrei POPESCU wrote: > > > Good luck in doing public key cryptography without publishing the public > > key :) > > Andrei - you disappoint me here! In hindsight, what was meant as a joke probably came out as mocking, I apologise for that. I'm sure you do know that the public key needs to be made available for others to be able to send you encrypted messages. Of course the *primary* private key should be protected properly. A Debian recommendation (that I can't find) was suggesting to generate and keep it on a Tails USB stick and use it only for certifying other keys. Day to day work (messages, signing packages, etc.) should be done with sub-keys instead. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: [OT] Re: Social-media antipathy (was Re: How i can optimize my operating system?)
On 21-03-2021 17:06, Charlie Gibbs wrote: > On Sun Mar 21 00:01:59 2021 Stefan Monnier wrote: > >>> In my (not so humble) opinion, this level of security could make >>> sense for a disident in a totalitarian state, less so for regular >>> users in democratic country. >> >> Reminds me of the saying that the difference between USA and USSR was >> that in USSR the population knew that it was propaganda. > > Under capitalism, man exploits man. > Under communism, it's just the opposite. > -- John Kenneth Galbraith That's actually a paraphrase of an old Polish proverb: `Under capitalism man exploits man; under socialism the reverse is true' -- Polish Proverb. Cheers! Harry -- `The World is not dangerous because of those who do harm but because of those who look on without doing anything'. -- Albert Einstein
Re: Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)
[Bcc: debian-boot] Dear Debian-User subscribers, The Release Notes editor is asking whether this is still an issue for bullseye (i.e. if the patch to Debian Installer mentioned below was applied in the meantime). It will be a while until I get to check that. If someone can confirm either way please write to #977358. Full quote below for context. Thanks, Andrei On Lu, 14 dec 20, 13:12:59, Andrei POPESCU wrote: > Package: release-notes > X-Debbugs-CC: debian-user@lists.debian.org > > Dear Release Notes Maintainers, > > Some text based on below would make sense for the Release Notes for > buster. If agreed I'll try to come up with a wording. > > On Lu, 07 dec 20, 10:11:48, Greg Wooledge wrote: > > On Sat, Dec 05, 2020 at 12:41:57PM +0200, Andrei POPESCU wrote: > > > On Vi, 04 dec 20, 08:09:44, Greg Wooledge wrote: > > > > I am also going to guess that Deepin, like Ubuntu, defaults to giving > > > > you a user account with sudo access, and no root password. You can > > > > achieve that in Debian as well, by doing something special during the > > > > installation. In all cases, it's a stupid idea and you shouldn't do it. > > > > > > This is a pretty strong (and harsh!) statement. Care to expand on the > > > reasons? > > > > It prevents access to single-user mode. The fact that Debian (and > > these others?) still puts a single-user mode entry into the GRUB menu, > > knowing that it won't work, is just adding insult to injury. > > A web search found #802211[1]. > > Short version: > > For systemd >= 240 (buster[2]) run as root > > systemctl edit rescue.service > > and add: > > [Service] > Environment=SYSTEMD_SULOGIN_FORCE=1 > > (see /usr/share/doc/systemd/ENVIRONMENT.md.gz) > > > The 'rescue.service' is started by systemd in case it detects 'single' > on the kernel command line (see systemd(1)). > > You might want to do the same for 'emergency.service' as well (or > instead), since this service is started *automatically* in case of > certain errors (see systemd.special(7)) or if you add 'emergency' to the > kernel command line (e.g. if you can't fix your system via the 'rescue' > service). > > > An untested patch to the Debian Installer exists to add both snippets if > the user chooses to leave the root password blank. > > > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211 > [2] see the bug for another snippet that should work for squeeze or > earlier. > > Kind regards, > Andrei > -- > http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: [OT] Re: Social-media antipathy (was Re: How i can optimize my operating system?)
On Sun Mar 21 00:01:59 2021 Stefan Monnier wrote: >> In my (not so humble) opinion, this level of security could make >> sense for a disident in a totalitarian state, less so for regular >> users in democratic country. > > Reminds me of the saying that the difference between USA and USSR was > that in USSR the population knew that it was propaganda. Under capitalism, man exploits man. Under communism, it's just the opposite. -- John Kenneth Galbraith -- cgi...@surfnaked.ca (Charlie Gibbs)