Re: mozillla firefox

[Walter Omar Dari]

Hola Diego:

El 5/7/21 a las 20:12, diego leon giraldo garcia escribió:
buenas tardes cómo instalo firefox 89.0.2 en debian 10.9 ?habían escrito 
sobre la versión 85 pero será el mismo proceso? no basta con apt get 
install es un archivo tar.bz2


Yo descomprimo el tar.bz2 en /usr/local/ y después agrego un acceso en 
el menú de aplicaciones dentro de "Internet"


/usr/local/
├── bin
├── Brother
│   └── Printer
│   └── HL2270DW
│   ├── cupswrapper
│   ├── inf
│   └── lpd
├── etc
├── firefox
│   ├── browser
│   │   ├── chrome
│   │   │   └── icons
│   │   │   └── default
│   │   ├── features
│   │   └── META-INF
│   ├── defaults
│   │   └── pref
│   ├── fonts
│   ├── gmp-clearkey
│   │   └── 0.1
│   ├── gtk2
│   ├── icons
│   └── META-INF





gracias


Saludos,

--

Walter O. Dari

http://swcomputacion.com/
http://swcomputacion.com/sistemas/
https://facebook.com/swcomputacion/
https://facebook.com/sistemasSW/

Nuestros horarios:
L a V 8 a 13 hs.
S 11 a 14 hs.

WhatsApp:
2396 577140 (no se atienden llamadas)

Re: Oracle Java 16.0.1 CPU usage 100% after kernel update to 4.19.0-17-amd64

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-07-07 11:34 p.m., David Wright wrote:
> On Wed 07 Jul 2021 at 20:11:20 (-0400), Polyna-Maude Racicot-Summerside wrote:
>> On 2021-07-07 5:55 p.m., Andrei POPESCU wrote:
>>> On Mi, 07 iul 21, 16:05:13, Polyna-Maude Racicot-Summerside wrote:
 On 2021-07-07 2:47 p.m., Andrei POPESCU wrote:
> On Mi, 07 iul 21, 09:35:17, Polyna-Maude Racicot-Summerside wrote:
>>
>> Yes you can downgrand
>> apt-get downlaod linux-image-4.19.0-16-amd64
>> dpkg -i linux-image-4.19.0.16-amd64.deb
>
> Why so complicated?
>
> If APT can download the package it can also install it (by calling dpkg 
> itself, of course).
>
 You could do so...
 apt-get reinstall linux-image-4.19.0-16-amd64
>>>
>>> `reinstall` is still two letters longer than a simple `install`, for no 
>>> obvious reason ;)
>>>
>> There's a sentence that says "Don't try to cut hair in four".
>> Why do I state "reinstall" instead of install ?
>> Because he already has the linux-image-4.19.0-16-amd64
>> So it will only say "already installed".
>> By forcing "reinstall" you also make sure it gets as default kernel for
>> booting.
>>
>> Have something to add ? (Ha ha ha)
 and it will be back as default in grub.
>>>
>>> The default in the grub menu is typically the newest kernel installed, 
>>> regardless of when it was (re)installed.
>> If this is true then all this talk is useless because he already has
>> this kernel installed.
>> So that's a waste of time and simply use the "advanced option".
> 
> It's quite simple really. Grub doesn't know why it was invoked, it's
> just run because something changed. And, as usual, it looks at the
> /current/ state of the system to ascertain how to build grub.cfg.
> 
> If you want to be able to set and change the default entry to boot,
> that's straightforward to do with GRUB_DEFAULT and GRUB_SAVEDEFAULT
> in /etc/default/grub, assuming certain conditions.¹
> 
Wasn't it more simple when using Lilo or Syslinux (Keep It Simple for
Stupid) ?

Yes I know, grub have so much more but sometime you don't need that much
and this just make it more complicated.

A bit like using Microsoft Office 2020... There's so much stuff you
don't need that the options you are looking for feel dissolved in
everything else. So you just find it harder than when it was Word 6.0 or
even better WordPerfect 5.1

> ¹ /boot/grub/ "on a plain disk (no LVM or RAID), using a
>   non-checksumming filesystem (no ZFS), and using BIOS or
>   EFI functions (no ATA, USB or IEEE1275)."
> 
> Cheers,
> David.
> 

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Mail Reader

[Polyna-Maude Racicot-Summerside]

Hi guys (and possibly girls),

I am currently using Thunderbird as a mail reader.
It did a good job until now.
I am also using the PGP plugin.

But I am feeling the limits, it also gets somewhat pretty slow (even
with a powerful enough computer) if I need for example delete 100
messages on my mailing list inbox.

I was planning at first to create different folder and copy messages to
each of them, so I have a local archive of my conversation on the Debian
mailing list.

But I've changed my mind as Thunderbird is somewhat slow.

What would any of you suggest as a mail reading software ?
I could use claws-mail
I could use other mail client
I could also install a web based mail client on another server and
possibly create some local folders (don't know if this is possible).
I get my mail for a IMAP server and use SMTP for sending, so this is
pretty much a standard installation.

As I have a unused server in a data center, I wouldn't mind to use it as
a remote mail client. But this is a 2nd choice, I would rather have a
local copy of my messages. This way I can easily do some search, even if
I'm having problem with Internet or copy it onto my laptop, having
access where I don't have access to 3G/4G internet.

Thanks for all the opinions you may give.


-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: Oracle Java 16.0.1 CPU usage 100% after kernel update to 4.19.0-17-amd64

[David Wright]

On Wed 07 Jul 2021 at 20:11:20 (-0400), Polyna-Maude Racicot-Summerside wrote:
> On 2021-07-07 5:55 p.m., Andrei POPESCU wrote:
> > On Mi, 07 iul 21, 16:05:13, Polyna-Maude Racicot-Summerside wrote:
> >> On 2021-07-07 2:47 p.m., Andrei POPESCU wrote:
> >>> On Mi, 07 iul 21, 09:35:17, Polyna-Maude Racicot-Summerside wrote:
> 
>  Yes you can downgrand
>  apt-get downlaod linux-image-4.19.0-16-amd64
>  dpkg -i linux-image-4.19.0.16-amd64.deb
> >>>
> >>> Why so complicated?
> >>>
> >>> If APT can download the package it can also install it (by calling dpkg 
> >>> itself, of course).
> >>>
> >> You could do so...
> >> apt-get reinstall linux-image-4.19.0-16-amd64
> > 
> > `reinstall` is still two letters longer than a simple `install`, for no 
> > obvious reason ;)
> > 
> There's a sentence that says "Don't try to cut hair in four".
> Why do I state "reinstall" instead of install ?
> Because he already has the linux-image-4.19.0-16-amd64
> So it will only say "already installed".
> By forcing "reinstall" you also make sure it gets as default kernel for
> booting.
> 
> Have something to add ? (Ha ha ha)
> >> and it will be back as default in grub.
> > 
> > The default in the grub menu is typically the newest kernel installed, 
> > regardless of when it was (re)installed.
> If this is true then all this talk is useless because he already has
> this kernel installed.
> So that's a waste of time and simply use the "advanced option".

It's quite simple really. Grub doesn't know why it was invoked, it's
just run because something changed. And, as usual, it looks at the
/current/ state of the system to ascertain how to build grub.cfg.

If you want to be able to set and change the default entry to boot,
that's straightforward to do with GRUB_DEFAULT and GRUB_SAVEDEFAULT
in /etc/default/grub, assuming certain conditions.¹

¹ /boot/grub/ "on a plain disk (no LVM or RAID), using a
  non-checksumming filesystem (no ZFS), and using BIOS or
  EFI functions (no ATA, USB or IEEE1275)."

Cheers,
David.

Re: Help: explanation of secure flash?

[rhkramer]

On Wednesday, July 07, 2021 08:57:30 PM Polyna-Maude Racicot-Summerside wrote:
> Are you a TikiWiki user ?

No -- TWiki / Foswiki

Re: Help: explanation of secure flash?

[Polyna-Maude Racicot-Summerside]

Hi,
> (Try to ignore the markup -- it is what I use in what I sometimes call my 
> offline TWiki.)
> 
>* 
Are you a TikiWiki user ?

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Some stuff about DPI [was: Re: text size xfce4 panel]

[Andrei POPESCU]

On Ma, 06 iul 21, 13:05:26, mick crane wrote:
> On 2021-07-06 12:47, Andrei POPESCU wrote:
> > On Ma, 06 iul 21, 12:36:31, mick crane wrote:
> > > On 2021-07-06 12:18, Dan Ritter wrote:
> > > > mick crane wrote:
> > > > > hello,
> > > > > recently got 4K monitor, I struggle to read the tiny text in
> > > > > bullseye xfce4
> > > > > desktop.
> > > > > I see how to increase size of desktop items but the panel text and
> > > > > pop up
> > > > > menu text are tiny.
> > > > > Also the tabs in brave browser and browser menu settings.
> > > > > I have looked but unable to find where to change those text sizes.
> > > >
> > > > Start with the DPI setting in the XFCE settings for display.
> > > 
> > > Would that not also change the resolution for any image software ?
> > 
> > Short answer: no, though you might need to (partially) undo some of 
> > the
> > other tweaks you already did.
> > 
> > The long answer is *very* long.
> > 
> 
> I would like to read the long answer if you have the time and inclination.

I'm guessing your question above is due to an assumption that DPI in 
refers strictly to the actual dots per inch of your display device, so 
until we have resizeable monitors[1] the only way to adjust the real DPI 
is by adjusting the resolution (please do correct me if I'm wrong).


I'm not familiar with the entire historical background here, but 
basically the mess we have today is due to a combination of:

1. No or (later) unreliable methods of getting the real DPI

2. GUI / website designers specifying sizes in pixels
   
   (hey, text interfaces were specified in characters, so it must be 
   fine for graphical interfaces as well, right?)

3. Various software assuming and/or hardcoding the DPI value
   
   (96 DPI ought to be enough for anyone)


The problems weren't major as long as screen sizes increased in parallel 
with resolutions and with CRT monitors one could just run them at a 
lower resolution.

However, there are some practical limits to monitor sizes, and the real 
DPI has a noticeable impact on image quality. Add to this that LCDs look 
really bad if used at resolutions that don't match nicely to their real 
dots[1].

Modern display devices do have the means to inform the OS of their size 
and resolution (EDID), but these are sometimes buggy or just lie 
(sometimes with good reason, like TVs).

So in addition to the real DPI we also have the X DPI setting (still 
hardcoded to 96 x 96, regardless of the EDID values) and the Xft DPI 
(which is for fonts, but not all of them).

Not sure which of these (if any) the Xfce setting will actually change, 
but it should affect at least Xfce applications, but not necessarily 
applications using other toolkits (QT), or the elements in Firefox that 
aren't using GTK.

(did I already mention it's a mess?)


So what should you set the DPI value to?


For one monitor sitting somewhere around an arm's length away from you 
the real DPI is probably a good start, but this is definitely personal 
preference territory and some tweaking might be necessary regardless.

With the correct DPI value set a 10 pt font should be the same size on 
screen as on paper, so this has some practical value.

This [2] article describes several methods of setting X and Xft DPI and 
appears to be reasonably up to date. My personal preference is to 
specify the size of the display device from the EDID (i.e. what X would 
be using if it actually cared about it).

Some applications might still give you troubles. Firefox is a common 
offender, because it has some additional internal settings.


Things get more complicated if you start considering multi monitor 
setups (with different sizes and/or resolutions), as well as other types 
of devices, because there is no way that I'm aware of to specify the 
third dimension: viewing distance.

So if you want to use a TV as a monitor from 2+ meters away you might 
want to use a higher than real DPI setting[3]. Some TVs even 
intentionally provide wrong dimensions via EDID to achieve the same 
effect.


[1] e.g. like 1920 x 1080 (a.k.a. 2K) on a 4K (3840 x 2160) monitor.
[2] https://linuxreviews.org/HOWTO_set_DPI_in_Xorg
[3] e.g. 240 x 135 mm works for me for a 40" 1080p TV (i.e. 203 DPI)


Hope this provides at least some idea on the topic, because it likely 
doesn't really explain much.


Kind regards,
Andrei
-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Oracle Java 16.0.1 CPU usage 100% after kernel update to 4.19.0-17-amd64

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-07-07 5:55 p.m., Andrei POPESCU wrote:
> On Mi, 07 iul 21, 16:05:13, Polyna-Maude Racicot-Summerside wrote:
>> Hi !
>>
>> On 2021-07-07 2:47 p.m., Andrei POPESCU wrote:
>>> On Mi, 07 iul 21, 09:35:17, Polyna-Maude Racicot-Summerside wrote:

 Yes you can downgrand
 apt-get downlaod linux-image-4.19.0-16-amd64
 dpkg -i linux-image-4.19.0.16-amd64.deb
>>>
>>> Why so complicated?
>>>
>>> If APT can download the package it can also install it (by calling dpkg 
>>> itself, of course).
>>>
>> You could do so...
>> apt-get reinstall linux-image-4.19.0-16-amd64
> 
> `reinstall` is still two letters longer than a simple `install`, for no 
> obvious reason ;)
> 
There's a sentence that says "Don't try to cut hair in four".
Why do I state "reinstall" instead of install ?
Because he already has the linux-image-4.19.0-16-amd64
So it will only say "already installed".
By forcing "reinstall" you also make sure it gets as default kernel for
booting.

Have something to add ? (Ha ha ha)
>> and it will be back as default in grub.
> 
> The default in the grub menu is typically the newest kernel installed, 
> regardless of when it was (re)installed.
If this is true then all this talk is useless because he already has
this kernel installed.
So that's a waste of time and simply use the "advanced option".
> 
> Kind regards,
> Andrei
> 

Sincerely (with love)

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: Docker installation problems

[IL Ka]

>
> I suspect that something might be wrong with the /etc/apt/daemon.json
> file but am not sure what.
>
> try
# dockerd
https://docs.docker.com/config/daemon/#start-the-daemon-manually

Do you see any errors?

Docker installation problems

[Gary L. Roach]

Operating System: Debian GNU/Linux 10
KDE Plasma Version: 5.14.5
Qt Version: 5.11.3
KDE Frameworks Version: 5.54.0
Kernel Version: 4.19.0-17-amd64
OS Type: 64-bit
Processors: 4 × AMD FX(tm)-4350 Quad-Core Processor
Memory: 15.6 GiB of RAM

Hi All,

I'm still having installation problems with Docker. I followed the 
Digital Ocean instructions for Debian 10 to the letter. Everything went 
fine until I tried to run the test case. I got the following:



root@debian:/home/gary# docker run hello-world
docker: Cannot connect to the Docker daemon at 
unix:///var/run/docker.sock. Is the docker daemon running?.

See 'docker run --help'.
root@debian:/var/lib/docker# systemctl status docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor 
preset: enabled)
   Active: failed (Result: exit-code) since Mon 2021-07-05 12:43:13 
PDT; 2 days ago

 Docs: https://docs.docker.com
 Main PID: 1026 (code=exited, status=1/FAILURE)

Jul 05 12:43:13 debian systemd[1]: docker.service: Service 
RestartSec=2s expired, scheduling restart.
Jul 05 12:43:13 debian systemd[1]: docker.service: Scheduled restart 
job, restart counter is at 3.
Jul 05 12:43:13 debian systemd[1]: Stopped Docker Application 
Container Engine.
Jul 05 12:43:13 debian systemd[1]: docker.service: Start request 
repeated too quickly.
Jul 05 12:43:13 debian systemd[1]: docker.service: Failed with result 
'exit-code'.
Jul 05 12:43:13 debian systemd[1]: Failed to start Docker Application 
Container Engine.


I suspect that something might be wrong with the /etc/apt/daemon.json 
file but am not sure what.



root@debian:/etc/docker# less daemon.json

{

  "debug": true,
  "tls": true,
  "tlscert": "/var/docker/server.pem",
  "tlskey": "/var/docker/serverkey.pem",
  "hosts": ["tcp://192.168.254.12:2376"]
}
My installation doesn't seem to be very stable. I'm using the free 
community edition if that helps. Any help will be sincerely appreciated.


Gary R.

Re: Oracle Java 16.0.1 CPU usage 100% after kernel update to 4.19.0-17-amd64

[David Wright]

On Wed 07 Jul 2021 at 16:05:13 (-0400), Polyna-Maude Racicot-Summerside wrote:
> On 2021-07-07 2:47 p.m., Andrei POPESCU wrote:
> > On Mi, 07 iul 21, 09:35:17, Polyna-Maude Racicot-Summerside wrote:
> >>
> >> Yes you can downgrand
> >> apt-get downlaod linux-image-4.19.0-16-amd64
> >> dpkg -i linux-image-4.19.0.16-amd64.deb
> > 
> > Why so complicated?
> > 
> > If APT can download the package it can also install it (by calling dpkg 
> > itself, of course).
> > 
> You could do so...
> apt-get reinstall linux-image-4.19.0-16-amd64
> and it will be back as default in grub.

Apart from being an extravagant way to try reordering grub.cfg,
of course, it doesn't, because 17 > 16:

# apt-get reinstall linux-image-4.19.0-16-amd64
Reading package lists... Done
Building dependency tree   
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
Need to get 48.4 MB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster/main amd64 
linux-image-4.19.0-16-amd64 amd64 4.19.181-1 [48.4 MB]
Fetched 48.4 MB in 4s (10.8 MB/s)  
(Reading database ... 308149 files and directories currently installed.)
Preparing to unpack .../linux-image-4.19.0-16-amd64_4.19.181-1_amd64.deb ...
Unpacking linux-image-4.19.0-16-amd64 (4.19.181-1) over (4.19.181-1) ...
Setting up linux-image-4.19.0-16-amd64 (4.19.181-1) ...
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-4.19.0-16-amd64
cryptsetup: WARNING: The initramfs image may not contain cryptsetup binaries 
nor crypto modules. If that's on purpose, you may want to uninstall the 
'cryptsetup-initramfs' package in order to disable the cryptsetup initramfs 
integration and avoid this warning.
/etc/kernel/postinst.d/zz-update-grub:
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.19.0-17-amd64
Found initrd image: /boot/initrd.img-4.19.0-17-amd64
Found linux image: /boot/vmlinuz-4.19.0-16-amd64
Found initrd image: /boot/initrd.img-4.19.0-16-amd64
Found Debian GNU/Linux 11 (bullseye) on /dev/sda5
done
Scanning processes...   
Scanning processor microcode... 
Scanning linux images...

Running kernel seems to be up-to-date.

The processor microcode seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.
# 

and so:

$ grep Loading /boot/grub/grub.cfg
echo'Loading Linux 4.19.0-17-amd64 ...'
echo'Loading initial ramdisk ...'
echo'Loading Linux 4.19.0-17-amd64 ...'
echo'Loading initial ramdisk ...'
echo'Loading Linux 4.19.0-17-amd64 ...'
echo'Loading initial ramdisk ...'
echo'Loading Linux 4.19.0-16-amd64 ...'
echo'Loading initial ramdisk ...'
echo'Loading Linux 4.19.0-16-amd64 ...'
echo'Loading initial ramdisk ...'
$ 

Cheers,
David.

Re: Oracle Java 16.0.1 CPU usage 100% after kernel update to 4.19.0-17-amd64

[Andrei POPESCU]

On Mi, 07 iul 21, 16:05:13, Polyna-Maude Racicot-Summerside wrote:
> Hi !
> 
> On 2021-07-07 2:47 p.m., Andrei POPESCU wrote:
> > On Mi, 07 iul 21, 09:35:17, Polyna-Maude Racicot-Summerside wrote:
> >>
> >> Yes you can downgrand
> >> apt-get downlaod linux-image-4.19.0-16-amd64
> >> dpkg -i linux-image-4.19.0.16-amd64.deb
> > 
> > Why so complicated?
> > 
> > If APT can download the package it can also install it (by calling dpkg 
> > itself, of course).
> > 
> You could do so...
> apt-get reinstall linux-image-4.19.0-16-amd64

`reinstall` is still two letters longer than a simple `install`, for no 
obvious reason ;)

> and it will be back as default in grub.

The default in the grub menu is typically the newest kernel installed, 
regardless of when it was (re)installed.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: badblocks

[Stefan Monnier]

> I got a cheap SATA to USB external adaptor and used it to look at a 500Gb
[...]
> Might I think that there is something amiss with the USB/SATA adapter
> thing ?

In my experience, USB<->SATA adapters are not super-reliable (cheap or
not), the main problem stemming from power delivery, so you might like
to retry it on other USB ports, the more power it can deliver
the better.

[ Obviously, I presume that your adapter does not have its own power
  source.  ]


Stefan

Order inquiry and catalog

[Mr.Roger Bibu]

Hello Dear,

Kindly send us your company's latest catalog and your best price list.
this is my second mail to this your email address : debian-user@lists.debian.org

We may place an order
Also confirm the teams and conditions . 

I await your feedback
Thanks & Best Regards…
Mr. Roger Bibu
Sales Manager | Marketing Enthusiast

TKM United States Inc.
1845 Airport Exchange Blvd # 150,
Erlanger, KY 41018
United States

Re: OT: LibreOffice Calc - Fusión de hojas

[Felix Perez]

El mié, 30 de jun. de 2021 a la(s) 12:34, Debian
(javier.debian.bb...@gmail.com) escribió:
>
> Buenos días.
>
> Si bien no es tema Debian puro, tiene que ver con un paquete de Debian.
>
> Mi pregunta es la siguiente:
>
> Tengo dos libros de Calc, llamémosle Libro1 y Libro2.
> Ambos tienen una hoja de datos, exactamente igual en formato, pero con
> datos distintos, llamémosle Hoja.
>
> Quiero pasar los datos de Libro2-Hoja a Libro1-Hoja;
> ¿cómo puedo fusionar DOS hojas de distintos libros en UNA SOLA hoja?
>
> Ya sé que se puede importar una hoja desde un libro externo, pero se
> carga como una nueva hoja; yo quiero FUSIONARLA a una existente.
> Puedo importarla como una hoja nueva; pero se me reformula la pregunta a
> ¿cómo puedo fusionar DOS hojas de un mismo libro en UNA SOLA hoja?
>
> "Copiar y pegar" no va porque son 10.000 filas y 60 columnas, y a veces,
> se congela LibreOffice por la demanda de memoria.
>
> ¿Para qué?
>
> Pues que en mi trabajo usan una porquería de base de datos, con una
> porquería de instancia de consultas, y debo hacer cálculos sobre esa
> información. Encima, el BOFH del sistema lo bloqueó para no poder
> exportar más de 10.000 registros a xls por vez.
>
> Por ahora me las estoy arreglando con "Copiar y enlazar" y desactivando
> el cálculo automático, para evitar que se quede dando vueltas cada vez
> que modifico un dato o edito una fórmula (AMD A8 con 8GB la pobrecita);
> pero no me gusta.
>
> Si alguno me puede ayudar...
Hola.
Revisaste esto?:
https://help.libreoffice.org/latest/es/text/scalc/guide/consolidate.html

Ahora y si exportas a csv y manejas los csv resultantes?

Saludos.

>
> Gracias
>
> JAP
>


-- 
usuario linux  #274354
normas de la lista:  http://wiki.debian.org/es/NormasLista
como hacer preguntas inteligentes:
http://www.sindominio.net/ayuda/preguntas-inteligentes.html

Re: badblocks

[Cindy Sue Causey]

On 7/7/21, mick crane  wrote:
> On 2021-07-07 18:30, Stefan Monnier wrote:
>>> I got a cheap SATA to USB external adaptor and used it to look at a
>>> 500Gb
>> [...]
>>> Might I think that there is something amiss with the USB/SATA adapter
>>> thing ?
>>
>> In my experience, USB<->SATA adapters are not super-reliable (cheap or
>> not), the main problem stemming from power delivery, so you might like
>> to retry it on other USB ports, the more power it can deliver
>> the better.
>>
>> [ Obviously, I presume that your adapter does not have its own power
>>   source.  ]
>
> has 12v supply, I've ordered another one and see if any different.


I think I'm picturing what you're using because I've used that myself.
I switched to the black, boxlike "docking stations" a couple years ago
because I was having some kind of trouble, maybe even like you now,
with those other "wiring harness" adapters.

One caveat is that the "dual" docking stations that have the clone
ability may be easy to trigger into an irreversible clone that
destroys data on the second hard drive. I'd seen someone complain
about that in their product review.

Now I think I did it myself because one hard drive keeps reporting
that it's a duplicate something or other at boot. All I can figure is
I accidentally bumped the duplicate button on the docking station, and
off it went without asking for verification first. The harmed hard
drive is sitting untouched until I brave up toward attempting a
software autopsy in hopes of salvaging data. The holdup is that I'm
mentally not prepared to hear I lost that data forever. :)

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with birdseed *

Re: Busybox Debian commanding

[Cindy Sue Causey]

On 7/7/21, Polyna-Maude Racicot-Summerside  wrote:
> On 2021-07-06 9:27 a.m., David wrote:
>> On Tue, 6 Jul 2021 at 23:17, Gunnar Gervin  wrote:
>>
>>> grub rescue>
>>
>> Try reading this:
>> https://www.gnu.org/software/grub/manual/grub/html_node/GRUB-only-offers-a-rescue-shell.html#GRUB-only-offers-a-rescue-shell
>>
>>> Tried to remove all 7 partitions in grub rescue>
>>
>> Why are you trying to remove partitions?
>> What is your goal?
>>
> This was the "killer" question you've asked here !
> People are always afraid when they ask themselves what am I trying to
> do, and ever worst, is this the way to do...
>
> Why would someone do partition editing inside GRUB ?
> Maybe getting confused between the partitions and menu options...


I wondered yesterday, too, but David covered it so I didn't ponder it
any further. TODAY is different so I'm taking the above one step
further to specifically ask if this is YOUR (OP's) choice or is the
system randomly telling you to go that route?

My thought process is to rule out that a malicious third party is at
work because of all the chatter about [malware] these days. :)

That GRUB prompt has beat me up often in the last couple of years. It
first came up when GRUB started failing for some of us with respect to
however we set up our GPT [tables].

The other times that were a lot easier to fix were about having
mismatched /vmlinuz and/or /initrd.img during booting. That problem
disappears when the right kernel is being booted.

Prior to realizing what I broke, I had mixed things up so that
something like 4.19 was booting instead of 5.10, but even ~5.7 was
causing that issue. If it manages to boot past the GRUB prompt, it
still eventually fails by multiple different types of freezing at the
login screen.**

It's a fair/rational talking point/checkpoint if that error ever pops
up on tech lists. The fact that it magically goes away without
intervention sometimes is because there was probably another kernel
upgrade that incidentally fixed the cross-wiring.. :)

Cindy :)

** There was a period of time where I accidentally tripped over that
my cursor was hiding offscreen sometimes when login was failing. I
almost posted on Debian-Accessiblity to ask if they had helped change
some boot accessibility setting (related to negative margins for
positioning screenreader features)... and then I tripped over the
mismatched kernels. Cursor stays on screen now.

One last head scratcher about it was that I couldn't login at all if
cursor wasn't visible. If the cursor was movable and could be dragged
into view from the right side, I could suddenly log in to a normal,
long session just fine. That was an odd trigger toward success when
the real problem was about mismatched kernels.
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with birdseed *

Re: Help: explanation of secure flash?

[rhkramer]

On Tuesday, July 06, 2021 07:07:29 PM Jeremy Nicoll wrote:
> On Tue, 6 Jul 2021, at 23:37, rhkra...@gmail.com wrote:
> > I've seen warnings (against hacks) that say (among other things) to
> > enable "secure flash".  I've been googling to learn more about that, but
> > I haven't found any good explanation.
> > 
> > I'm beginning to get hints that it is not so much a thing (to be
> > enabled), but more the (a) process to update the computer's BIOS. 
> > (e.g., "'Unable to start a Secure flash session' error message.")
> 
> It might be a suggestion that you use your BIOS or UEFI to disable the
> machine's ability to boot off a USB stick ... because that - if it's on -
> allows anyone to reboot your machine with the OS and tools of their
> choice.

Thanks to all who replied!

I found some more information.  It seems that SecureFlash might be an American 
Megatrends (AMI) thing related to SecureBoot and UEFI.  

It is a apparently a means to flash a BIOS and make sure that the new image is 
"secure" (for some definition of secure).  

The word that I could not remember exactly was rollback (not rollover) and 
"anti-rollback" is apparently intended to prevent a hacker from rolling back 
the BIOS to an earlier less secure version.

The following is a link to an old (20120220) presentation on the subject, with 
some quotes captured from the slides.

I don't know if Secure Flash is still a thing or has been replaced by 
something else.

(Try to ignore the markup -- it is what I use in what I sometimes call my 
offline TWiki.)

   * 
[[https://members.uefi.org/learning_center/UEFI_Plugfest_2012Q1_v3_AMI.pdf]
[Secure Firmware Update]]: "UEFI Winter Plugfest – February 20-23, 2012: 
Presented by Zachary Bobroff(AMI)"
`=
Why Secure Flash Update?
•••Platform security is a broad topic...
– Many overlapping technologies (TPM, secure boot,
secure flash update, etc)
– System complexity is increasing with new
technologies (Execute Disable, virtualization, etc)
– No one specification ties all security technologies
together
Firmware modification/tinkering by the hobbyist
is becoming more commonplace
The UEFI specification completely documents all
interfaces
– Malicious software can attack the firmware

...

Connection with Secure Boot
Secure boot dictates that all external images
must be authenticated prior to execution
Secure boot ensures the system booted in a
trusted state
Secure boot prevents attacks targeting the
firmware to OS handoff
Secure boot does not prevent any direct attacks
on the firmware itself, and the UEFI
specification has no provisioning for firmware
protection

...

Secure Flash Demonstration
• The following will be demonstrated:
– The capsule update method using AMI ASFU (AMI
Secure Flash Update) Utility
– Anti-Rollback will be tested by trying to flash original
image
– A modified binary will be used to simulate a malicious
BIOS update
• A binary modified after signing will have an invalid
signature
='

Re: Oracle Java 16.0.1 CPU usage 100% after kernel update to 4.19.0-17-amd64

[Polyna-Maude Racicot-Summerside]

Hi !

On 2021-07-07 2:47 p.m., Andrei POPESCU wrote:
> On Mi, 07 iul 21, 09:35:17, Polyna-Maude Racicot-Summerside wrote:
>>
>> Yes you can downgrand
>> apt-get downlaod linux-image-4.19.0-16-amd64
>> dpkg -i linux-image-4.19.0.16-amd64.deb
> 
> Why so complicated?
> 
> If APT can download the package it can also install it (by calling dpkg 
> itself, of course).
> 
You could do so...
apt-get reinstall linux-image-4.19.0-16-amd64
and it will be back as default in grub.
> 
> Kind regards,
> Andrei
> 
Thabks for adding this one.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: apt tells me that grub-efi, grub2-common are no longer needed

[Anssi Saari]

The Wanderer  writes:

> #990082 is for shim-signed, and it does seem to be closed now, but if
> I'm reading the discussion correctly that's not the package we're
> concerned with.

True, especially as #990082 is specific to ARM.

> $984520 is for grub-efi-amd64, which I think is the package we're
> concerned with, and as far as I can tell it's still open.

I missed this. The report seems a little dubious though.

Re: Problème de montage d'un disque dur "ZFS"

[Gaëtan Perrier]

Le mercredi 07 juillet 2021 à 00:50 +0200, Nicolas FRANCOIS a écrit :
> Le Tue, 06 Jul 2021 23:13:57 +0200,
> Gaëtan Perrier  a écrit :
> 
> > Bonjour,
> > 
> > J'avoue ne pas tout comprendre de ce que tu indiques. 
> > GPT et ZFS ne sont pas antinomiques. GPT est un format de table de
> > partitions alors que ZFS est un système de fichier pour une partition.
> > Tu peux donc très bien avoir un disque avec une table GPT qui
> > contient des partitions ZFS.
> 
> Jusque là, je comprends.
>  
> > Ensuite tu dis que gparted l'identifie comme étant ZFS mais dans la
> > copie de sortie de gparted je ne vois pas trace de quelque chose en
> > ZFS ... Le disque semble effectivement avoir une table de partitions
> > en GPT et des partitions en ext4, une de swap et la première qui ne
> > semble pas formatée.
> 
> gparted l'identifie comme un bloc zfs, point, voir fichier joint.
> 
> parted me donne d'autres résultats, et voit les partitions à
> l'intérieur, mais je ne peux pas les monter.

Ok je ne pensais pas que les sorties de parted et gparted puissent être
différentes alors qu'ils se basent tous les deux libparted2.

J'ai pensais, à tort, que ta copie de parted illustrait ton propos sur gparted.

Toutes mes confuses,

Gaëtan






signature.asc
Description: This is a digitally signed message part

Installing Debian without any Recommends, by hacking

[David Wright]

I've already posted a couple of hacks to reduce the number of
Recommends packages that are installed by netinst, but they
weren't enough to override the main installation step, ie
"Select and install software". The extra hack reported here
appears to do just that.

The first two hacks were to /bin/apt-install:

  --with-recommends)
WITH_RECOMMENDS=1 ← change this to 0
OPTS="$OPTS $1"
;;

near line 20, and:

  apt_opts="-q -y"
  if [ -z "$ALLOW_REMOVE" ]; then
  apt_opts="$apt_opts --no-remove"
  fi
  if [ "$WITH_RECOMMENDS" ]; then
  apt_opts="$apt_opts -o APT::Install-Recommends=true" ← change this to 
false
  elif [ "$NO_RECOMMENDS" ]; then
  apt_opts="$apt_opts -o APT::Install-Recommends=false"
  fi

about 20 lines before the end.¹

/bin/apt-install is available for editing as early as before the
"Detect and mount installation media" step.

The third hack is to /target/usr/bin/tasksel, about 25 lines before
the end:

  push @cmd, qw{apt-get -q -y -o APT::Install-Recommends=true -o 
APT::Get::AutomaticRemove=true -o Acquire::Retries=3 install}; ← change the 
first true to false

This appears to build the command that installs the bulk of the
packages. The binary is available for editing immediately after
the "Install the base system" step. Note that any edits are
permanent, because you're modifying the installed copy.²

So those changes are enough to prevent any Recommends being
obeyed during, and possibly after (when using tasksel),
installation. Whether this is wise is left to the reader/sysadmin.
Hopefully, that puts this problem to bed.

(Examples are from bullseye rc2 amd64 netinst with firmware.)

¹ /bin/apt-install comes out of the installer's initrd, so I suppose
  the latter could be unpacked, modified and repacked into a rebuilt
  ISO file. Bear in mind there are three initrds for different options.

² /target/usr/bin/tasksel comes from the tasksel package, which is
  found in pool/main/t/tasksel/tasksel_…_all.deb. I would hazard
  a guess that modifying this package might not affect its
  installation (the installation medium is Trusted?), but could
  affect upgrading it, which appears to be a rare event.¹

The footnotes are aimed only at people who want to build an ISO
containing these modifications, so that they don't have to do
the editing each time they install a new system.

Cheers,
David.

Re: Buster error no release file

[Cindy Sue Causey]

On 7/7/21, kris  wrote:
> Install completed but when open software in desktop no release file
> error.
> Where do I obtain file and how do I install it?


Hi, kris.. I'm "just" an everyday Debian User who tried a quick search
by using your error wording there. This came back about Ubuntu which
works similar to Debian but with their own personal developer tweaks:

https://itsfoss.com/repository-does-not-have-release-file-error-ubuntu/

Yes, that's talking about repositories, but it still sounds like a
good place to start looking. That could still be a possible
explanation for a similar error popping up related to the software
that would be downloaded and installed from those repositories.

If that method doesn't work, what might help other Users help you is
if you can provide the name of whatever installer you used, e.g. an
ISO file name or similar. It might also help to share the entire
contents of your "/etc/apt/sources.list" file if you find one on your
setup.

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with birdseed *

Re: badblocks

[Andrei POPESCU]

On Mi, 07 iul 21, 13:30:40, Stefan Monnier wrote:
> > I got a cheap SATA to USB external adaptor and used it to look at a 500Gb
> [...]
> > Might I think that there is something amiss with the USB/SATA adapter
> > thing ?
> 
> In my experience, USB<->SATA adapters are not super-reliable (cheap or
> not), the main problem stemming from power delivery, so you might like
> to retry it on other USB ports, the more power it can deliver
> the better.
> 
> [ Obviously, I presume that your adapter does not have its own power
>   source.  ]

I've had occasional failures with a powered version, so that's no 
guarantee either.

The error is indeed quite suspicious and I'd be weary of making any 
permanent changes to the drive, unless it's 100% reproducible with a 
known good connection (preferably pure SATA).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Buster error no release file

[Andrei POPESCU]

On Mi, 07 iul 21, 06:20:21, kris wrote:
> Install completed but when open software in desktop no release file
> error.
> Where do I obtain file and how do I install it?
 
Please show us the full content of the file /etc/apt/sources.list and 
any file that might exist under /etc/apt/sources.list.d/

(preferably attached, but copy-paste is also fine if you can ensure long 
lines are preserved as such)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Oracle Java 16.0.1 CPU usage 100% after kernel update to 4.19.0-17-amd64

[Andrei POPESCU]

On Mi, 07 iul 21, 09:35:17, Polyna-Maude Racicot-Summerside wrote:
> 
> Yes you can downgrand
> apt-get downlaod linux-image-4.19.0-16-amd64
> dpkg -i linux-image-4.19.0.16-amd64.deb

Why so complicated?

If APT can download the package it can also install it (by calling dpkg 
itself, of course).


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Problème de montage d'un disque dur "ZFS"

[didier gaumet]

Le mercredi 07 juillet 2021 à 19:13 +0200, Bernard Schoenacker a
écrit :
> 

> Bonjour Didier,
> 
> Je suis vraiment navré de devoir jouer le chieur de petits 
> points
[...]

Ben , faut pas être navré: quand je raconte des conn... des fadaises,
j'aime bien qu'on rectifie gentiment, donc merci pour les précisions 
:-) 

Re: badblocks

[mick crane]

On 2021-07-07 18:30, Stefan Monnier wrote:
I got a cheap SATA to USB external adaptor and used it to look at a 
500Gb

[...]

Might I think that there is something amiss with the USB/SATA adapter
thing ?


In my experience, USB<->SATA adapters are not super-reliable (cheap or
not), the main problem stemming from power delivery, so you might like
to retry it on other USB ports, the more power it can deliver
the better.

[ Obviously, I presume that your adapter does not have its own power
  source.  ]


has 12v supply, I've ordered another one and see if any different.

mick
--
Key ID4BFEBB31

Re: Bullseye installation problem (with Matrox GPU)

[Stefan Monnier]

> I did a little more experimenting and learned my G550 doesn't need
> nomodeset for the MGA X driver to work, but it only produces 1920x1080
> on my 2560x1440 screen, and xrandr still can't identify output names.

You can trying playing with "modelines" where you reduce the screen
refresh rate to 30Hz to keep the "dot frequency" below the card's limit.

Contrary to CRT, current displays tend not to need as high a refresh
rate to avoid flicker.  Of course a lower refresh rate may encounter
other problems (e.g. your display may simply refuse to display it).


Stefan

Re: Problème de montage d'un disque dur "ZFS"

[Bernard Schoenacker]

- Mail original -
> De: "didier gaumet" 
> À: debian-user-french@lists.debian.org
> Envoyé: Mercredi 7 Juillet 2021 16:38:25
> Objet: Re: Re: Problème de montage d'un disque dur "ZFS"
> 
> et puis tout à coup je me rappelle avoir lu quelque part que Freenas
> avait abandonné FreeBSD pour Debian il y a peu de temps. Donc si ton
> Freenas était basé sur Debian, tout ce que j'ai raconté était hors
> propos...
> 

Bonjour Didier,

Je suis vraiment navré de devoir jouer le chieur de petits 
points, mais ce que tu affirmes ne concerne n'est pas encore
en route complètement, pour mémoire voici la page de 
Wikipedia sur TrueNas :

https://fr.wikipedia.org/wiki/TrueNas

En revanche, la prochaine version de TrueNas se basera sur une Debian
version 11 et je viens de vérifier la nouvelle via "ars technica"

https://arstechnica.com/gadgets/2020/06/truenas-isnt-abandoning-bsd-but-it-is-adopting-linux/

et l'annonce de la préversion téléchargeable :
https://www.cachem.fr/truenas-core-12-disponible-rc-scale/

Par conséquent, la version Debian nommée Scale ne sera opérationnelle
et stabilisée qu'à partir de la fin de l'été (c'est mon impression 
personnelle) ...

Voici l'ensemble des versions pour TrueNas :


TrueNAS Core: FreeBSD
TrueNAS Enterprise: FreeBSD
TrueNAS SCALE: Linux


Merci pour ton aimable billet 

Bien à toi

Bernard

Re: badblocks

[Alexander V. Makartsev]

On 07.07.2021 21:19, mick crane wrote:

hello,
I got a cheap SATA to USB external adaptor and used it to look at a 
500Gb drive from redundant PC that I'd already got what I wanted from.

Bullseye Xfce tried to auto mount it but baulked over one directory.
I mounted partition OK in terminal emulator.
Ran badblocks on partition which reported
"488251288 bad blocks found"
which seems excessive.
Might I think that there is something amiss with the USB/SATA adapter 
thing ?


mick
It certainly could be. SATA-to-USB adapters are not made the same and 
their functionality depends on microcontroller IC they based on.
Some of these adapters can interrogate the drive and get SMART data, 
some of them can't.
Now there is also a possibility, if the bad block(-s) was actually found 
during the scan, HDD firmware could fall into "retry/error" loop trying 
to recover, constantly reporting failed state to a host system, which 
could be interpreted\translated by HDD-to-USB adapter as operation 
failure for each sector requested by badblock utility.


--
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: badblocks

[Charles Curley]

On Wed, 07 Jul 2021 17:19:15 +0100
mick crane  wrote:

> Ran badblocks on partition which reported
> "488251288 bad blocks found"
> which seems excessive.
> Might I think that there is something amiss with the USB/SATA adapter 
> thing ?

Yeah, that sounds fishy. I'd run "fdisk -l" on the device file
(/dev/sdX) and see if that's reasonable. If it does, try "fsck -N" on
each partition and see if those results look reasonable.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

badblocks

[mick crane]

hello,
I got a cheap SATA to USB external adaptor and used it to look at a 
500Gb drive from redundant PC that I'd already got what I wanted from.

Bullseye Xfce tried to auto mount it but baulked over one directory.
I mounted partition OK in terminal emulator.
Ran badblocks on partition which reported
"488251288 bad blocks found"
which seems excessive.
Might I think that there is something amiss with the USB/SATA adapter 
thing ?


mick
--
Key ID4BFEBB31

Re: PCSC CCID & horizon view

[Javier Silva]

Hola,

El mié, 7 jul 2021 a las 8:50, Leopold Palomo-Avellaneda
() escribió:
>
> Bones!
>
> El 6/7/21 a les 16:03, Javier Silva ha escrit:
> > Hola,
> >
> > Dono totes les dades que he vist fins ara del meu problema per si algú
> > em pot ajudar:
> >
> > He instal·lat un lector de targetes Cherry Smart Card ST-1044 per USB
> > a Debian 10 (Buster) amb Backports per defecte activat, nucli 5.10.
>
>
> Ok
>
> > La libccid ho detecta sense problemes:
> >
> > pcsc_scan
> >
> > Informa correctament de tot.
> >
> > A més a he instal·lat AET SafeSign i DNI-e sense problemes que
> > identifiquen les diferents targetes i permeten validar amb els serveis
> > que corresponen.
>
>
> Dues preguntes.
>
> 1) Quin soft has instal·lat del AET SafeSign i d'on l'has tret?

He instal·lat el SafeSign 3.5.0 ho he tret de l'AOC i el dni-e de la DGP.


>
> 2) Has pogut signar amb el DNI-e? Amb l'autofirma?

Tot això va perfecte en Linux, puc connectar-me a llocs en internet
amb Chrome i Firefox, com ara EACAT, Seguretat Social, AEAT i altres
corporatives etc.

L'autofirma funciona sense problemes per signar documents.


>
> > He instal·lat vmware-view connectat a un pool d'escriptoris amb
> > Windows 2008R2 i 2019, el lector l'identifica (aparentment de forma
> > correcta, però no detecta la versió de firmware) resulta que les
> > targetes s'identifiquen, però no són llegibles, donen error i el clock
> > rate de la comunicació torna error.
>
> Mala peça al teler ...

Que farem, és el que tenim avui dia, sistemes heterogenis.


>
> > En proves addicionals, he comprovat que una VM amb Windows (virtualbox
> > amb view instal·lat) hauria de funcionar, però també he vist que VBox
> > passa el dispositiu USB complet, cosa que no fa el view, que només es
> > comunica amb el dimoni pcscd.
> >
> > Així mateix he vist que el servei pcscd.socket aixeca correctament el
> > pcscd.service.
> >
> > Hi ha algú que li hagi passat alguna cosa similar i pugui ajudar-me
> > d'alguna manera?
>
> No, jo només m'he barallat amb el suport natiu.

Exactament igual que jo i on tinc la problemàtica és al connectar amb el view.

>
> Leopold

Moltes gràcies per l'ajuda i paciència,

Salut!

Javier


>
>
>
> --
> --
> Linux User 152692 GPG: 05F4A7A949A2D9AA
> Catalonia
> -
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> A: Top-posting.
> Q: What is the most annoying thing in e-mail?

Re: Re: Problème de montage d'un disque dur "ZFS"

[didier . gaumet]

et puis tout à coup je me rappelle avoir lu quelque part que Freenas
avait abandonné FreeBSD pour Debian il y a peu de temps. Donc si ton
Freenas était basé sur Debian, tout ce que j'ai raconté était hors
propos...

Re: PCSC CCID y horizon view

[Javier Silva]

Hola Camaleon,

El mar, 6 jul 2021 a las 20:31, Camaleón () escribió:
>
> El 2021-07-06 a las 18:34 +0200, Javier Silva escribió:
>
> > Gracias por la respuesta, te contesto debajo de las mismas:
> >
> > El mar, 6 jul 2021 a las 18:10, Camaleón () escribió:
> > >
> > > El 2021-07-06 a las 16:00 +0200, Javier Silva escribió:
> > >
> > > > Doy todos los datos que he visto hasta ahora de mi problema por si
> > > > alguien me puede ayudar:
> > > >
> > > > He instalado un lector de tarjetas Cherry Smart Card ST-1044 por USB
> > > > en Debian 10 (Buster) con Backports por defecto activado, kernel 5.10.
> > > >
> > > > La libccid lo detecta sin problemas:
> > > >
> > > > pcsc_scan
> > > >
> > > > Informa correctamente de todo.
> > > >
> > > > Adicionalmente he instalado AET SafeSign y DNI-e sin problemas que
> > > > identifican las diferentes tarjetas y permiten validar con los
> > > > servicios que corresponden.
> > >
> > > Entiendo que el lector lo detecta correctamente el linux anfitrión.
> > >
> > Lo detecta perfectamente y si instalo el software de la propia tarjeta
> > puedo acceder a los sitios autorizados (Seguridad Social, AEAT, etc.).
> >
> > Te paso la salida de pcsc_scan:
> >
> > $ pcsc_scan
> > Using reader plug'n play mechanism
> > Scanning present readers...
> > 0: Cherry GmbH SmartTerminal XX44 00 00
> >
> > Tue Jul  6 18:18:41 2021
> >  Reader 0: Cherry GmbH SmartTerminal XX44 00 00
> >   Event number: 0
> >   Card state: Card removed,
>
> (...)
>
> Vale, no veo ningún error.
>
> > > > He instalado vmware-view conectado a un pool de escritorios con
> > > > Windows 2008R2  y 2019, el lector lo identifica (aparentemente de
> > > > forma correcta, pero no detecta la versión de firmware) resulta que
> > > > las tarjetas se identifican, pero no son legibles, dan error y el
> > > > clock rate de la comunicación devuelve error.
>
> (...)
>
> > > > Hay alguien que le haya pasado algo similar y pueda ayudarme de alguna 
> > > > forma?
> > >
> > > Sólo he podido localizar estos artículos que quizá te sirvan. Aunque
> > > son para anfitriones Windows, la idea sería configurar el host USB para
> > > que pase a las máquinas virtuales en bruto, sin filtrar:
> > >
> > > Troubleshooting Smartcard Reader redirection issues in VMware View 
> > > Manager and Horizon View (2015494)
> > > https://kb.vmware.com/s/article/2015494
> > >
> > > SmartCard reader as a pass-through device for VMware View 5.0 (NOT USED 
> > > FOR AUTHENTICATION)
> > > https://communities.vmware.com/t5/Horizon-Desktops-and-Apps/SmartCard-reader-as-a-pass-through-device-for-VMware-View-5-0/td-p/2168848
> > >
> > > Unable to passthrough a USB smart card reader to a guest operating system 
> > > in ESXi version 6.x and later (55789)
> > > https://kb.vmware.com/s/article/55789
> > >
> >
> > Tengo Horizon 8 y el cliente es el 5.5 y según la documentación de
> > VMware no se ha de canalizar las tarjetas, es tanto de esta forma que
> > no aparecen ni como dispositivos que sean elegibles.
> >
> > He activado la depuración en el servicio pcscd.service y no logro ver
> > nada extraño, aparentemente el cliente de view realiza toda la
> > comunicación con el driver pcscd.service en el momento en que va a
> > conectarse al escitorio remoto, pero cuándo voy a comprobar el
> > funcionamiento de la misma, si bien el lector me aparece (aunque me he
> > dado cuenta que no aparece la línea en la que se muestra la versión de
> > firmware), cuándo se conecta una tarjeta, el campo clock rate aparece
> > con error, en lugar de a aparecer 3.58 MHz
>
> Así a bote pronto es como si detectara el lector de tarjetas pero de
> manera genérica y no pudiera obtener todos los parámetros para
> configurarlo debidamente.
>
> > Lo último que he realizado ha sido descargar los paquetes de Ubuntu
> > 20.04 (que oficialmente sí parece estar soportada) que corresponden a:
> >
> > libccid/now 1.4.31-1 amd64
> > libpcsclite1/now 1.8.26-3 amd64
> > pcscd/now 1.8.26-3 amd64
> >
> > Los que había instalados en la versión de Debian, eran:
> >
> > libccid/stable 1.4.30-1 amd64
> > libpcsclite1/buster-backports 1.9.1-1~bpo10+1 amd64
> > pcscd/buster-backports 1.9.1-1~bpo10+1
> >
> > Pero esto tampoco ha solucionado el problema y me quedo sin opciones, la 
> > verdad.
>
> Pues no se me ocurre nada más, salvo que habilites la depuración de los
> puertos USB para ver si te saca algún dato que te sirva o te dé alguna
> pista de dónde mirar:
>
> Archivos de registro específicos de dispositivos USB
> 
>

Incrementaré el log del cliente view a ver si saco algo bueno,
incrementando el log de pcscd no he sabido ver problemas.

En paralelo he abierto una incidencia con VMware.

Gracias por tu tiempo y tu ayuda.

Saludos,
Javier


> Saludos,
>
> --
> Camaleón
>

Re: servidor em notebook e desligamento da tela

[Linux - Junior Polegato]

Em 06/07/2021 23:51, José Figueiredo escreveu:

Pessoal, boa noite.
Fiz um servidor, usando Debian 10 em um notebook antigo que tenho - a 
instalação está ultra limpa - apenas a instalação do netinstall com um 
acesso SSH.
A dificuldade está em que a tela fica 100% do tempo ligada, o que é 
inútil pois faço todo acesso remotamente. Gostaria de dicas de como 
desativar a tela - tipo descanso de tela em modo texto.

Não tenho servidor X instalado nessa máquina.
Estou pesquisando há alguns dias e não consegui encontrar uma solução.
Grato.
--
José de Figueiredo
Seja Livre, use GNU/Linux. Use Debian !!!

Antes de autorizar um aborto, pense que poderia ser vc lá dentro,
esperando alguém decidir se vc morre ou não...
http://www.brasilsemaborto.com.br/ 

Venha estudar no IFSul - é público, federal e de qualidade.


Olá!

        Não sei o que já tentou, mas há muito muito tempo atrás 
utilizei com sucesso o setterm.


        Pesquisei para ver se tinha algo para Debian 10, achei um bem 
interessante para Ubuntu de 2019, provavelmente deve rolar bem no Debian 
10 e com systemd para automatizar:


Blank screen after 1 min and turn it off after 2 min. Any keypress will 
turn it back on. Make it auto-start after reboot.


The magic command what will do all the work:

|setterm --blank 1 --powerdown 2 |

If you get error: setterm: terminal xterm-256color does not support --blank

 * You are probably trying this command by SSH. You must run it from
   local of your machine, or do next stage of this guide.




   Make it auto-start

Insert command in executable file. Store it for example in hidden folder 
of your home directory /home/USER/.boot-scripts/screen-off.sh


|#!/bin/bash setterm --blank 1 --powerdown 2 |

And make script file executable by systemctl. Create file 
/etc/systemd/system/screen-off.service


|[Unit] Description=Blank screen after 1 min and turn it off after 2 
min. Any keypress will turn it back on. After=ssh.service [Service] 
Type=oneshot Environment=TERM=linux StandardOutput=tty 
TTYPath=/dev/console ExecStart=/home/USER/.boot-scripts/screen-off.sh 
[Install] WantedBy=local.target |


Make it executable:

|sudo chmod +x /home/USER/.boot-scripts/screen-off.sh sudo chmod +x 
/etc/systemd/system/screen-off.service |


And finally get it working and enabled on boot:

|sudo systemctl start screen-off.service sudo systemctl enable 
screen-off.service |


To disable it:

|sudo systemctl disable screen-off.service |


answered Dec 6 '19 at 14:11

Marek Vach 



--

[]'s

Junior Polegato

Re: Help: explanation of secure flash?

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-07-07 8:46 a.m., rhkra...@gmail.com wrote:
> On Tuesday, July 06, 2021 10:53:52 PM Kevin N. wrote:
>>> Can somebody provide either a little more explanation and / or a link to
>>> a (reasonably simple) reference?
>>
>> https://www.embeddedcomputing.com/technology/security/network-security/secu
>> re-flash-the-cure-for-insecurity-in-connected-automotive-and-industrial-app
>> lications-part-1
>>
>> https://www.embeddedcomputing.com/technology/security/network-security/secu
>> re-flash-the-cure-for-insecurity-in-connected-automotive-and-industrial-app
>> lications-part-2
> 
This was a good explanation to the original thread name.

> Thanks to all who replied!
> 
> This (the link above) happens to be one of the links I did find and read / 
> skim 
> -- it didn't seem applicable.  
> 
> I thought it would be something applicable to secure boot or similar.  
> 
What you may want to use is secure boot. Your original message was
related to something different and this seem why you got the links above.

> Maybe unrelated but I also came across some kind of option in my search, 
> which 
> without looking for again, is something like diable  
> rollover (right word?).
For sure, if you write messages using such precision as " " then your risk of receiving answer that are good but don 
> I guess I'll let things sit for now, and when I install Debian (presumably 
> Bulleye) on my newest computer, I'll look again.
> 

Maybe reading on the subject of Secure Boot (on Debian doc is a good
start) and the general subject of hardware security in general would
help you for the next step.

You can find much information online. If you get into a link that is not
closely related to your problem, read it anyway as it will allow you to
get better understanding of other use-case.
Sincerely,
-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Buster error no release file

[kris]

Install completed but when open software in desktop no release file
error.
Where do I obtain file and how do I install it?

Re: Oracle Java 16.0.1 CPU usage 100% after kernel update to 4.19.0-17-amd64

[David Wright]

On Wed 07 Jul 2021 at 09:35:17 (-0400), Polyna-Maude Racicot-Summerside wrote:
> On 2021-07-07 7:59 a.m., Dan Ritter wrote:
> > w f wrote: 
> >> I locally host and maintain some Minecraft (Java) servers for my kids and 
> >> their friends. This morning, I kicked everyone off the servers while I did 
> >> some routine maintenance. I finished with a standard sudo apt update && 
> >> sudo apt full-upgrade
> >> A few things were updated - PHP, a library or two, and the kernel from 
> >> 4.19.0-16-amd64 to 4.19.0-17-amd64
> >> All went fine.
> >> After I was done, I rebooted the system and fired up the MC servers. As 
> >> soon as a player joins an MC server, the CPU usage on all cores slams to 
> >> 100% and stays there. The game is unplayable.
> >> Nothing has changed with regards to the versions of game server, game 
> >> clients, or Java.
> >> Debian buster.Oracle Java 16.0.1
> >> Is there any way to downgrade back to 4.19.0-16-amd64 ... ?

No need.

> Yes you can downgrand
> apt-get downlaod linux-image-4.19.0-16-amd64
> dpkg -i linux-image-4.19.0.16-amd64.deb
> 
> > Probably, but I can attest that
> > 
> > openjdk-11-jre-headless
> > 
> > runs Minecraft servers perfectly well with that kernel, so
> > perhaps switching Java runtimes is a less drastic choice.
> > 
> I'd go with using openjdk-11-jre-headless
> As it's not a solution to downgrade the kernel, what do you do after
> this ? Stay with this kernel and hope it will be fixed for the next
> update (not knowing what's causing the issue)...

While taking no view on the cause of the problem, I would
recommend that you eliminate a kernel problem by running
version 16 of the kernel.

You should barely need to lift a finger to achieve this,
because version 16 should (a) still be installed, and
(b) be listed in the Grub menu under "Advanced options".

Cheers,
David.

Re: Busybox Debian commanding

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-07-06 9:27 a.m., David wrote:
> On Tue, 6 Jul 2021 at 23:17, Gunnar Gervin  wrote:
> 
>> grub rescue>
> 
> Try reading this:
> https://www.gnu.org/software/grub/manual/grub/html_node/GRUB-only-offers-a-rescue-shell.html#GRUB-only-offers-a-rescue-shell
> 
>> Tried to remove all 7 partitions in grub rescue>
> 
> Why are you trying to remove partitions?
> What is your goal?
> 
This was the "killer" question you've asked here !
People are always afraid when they ask themselves what am I trying to
do, and ever worst, is this the way to do...

Why would someone do partition editing inside GRUB ?
Maybe getting confused between the partitions and menu options...


-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: Oracle Java 16.0.1 CPU usage 100% after kernel update to 4.19.0-17-amd64

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-07-07 7:59 a.m., Dan Ritter wrote:
> w f wrote: 
>> I locally host and maintain some Minecraft (Java) servers for my kids and 
>> their friends. This morning, I kicked everyone off the servers while I did 
>> some routine maintenance. I finished with a standard sudo apt update && sudo 
>> apt full-upgrade
>> A few things were updated - PHP, a library or two, and the kernel from 
>> 4.19.0-16-amd64 to 4.19.0-17-amd64
>> All went fine.
>> After I was done, I rebooted the system and fired up the MC servers. As soon 
>> as a player joins an MC server, the CPU usage on all cores slams to 100% and 
>> stays there. The game is unplayable.
>> Nothing has changed with regards to the versions of game server, game 
>> clients, or Java.
>> Debian buster.Oracle Java 16.0.1
>> Is there any way to downgrade back to 4.19.0-16-amd64 ... ?
> 
Yes you can downgrand
apt-get downlaod linux-image-4.19.0-16-amd64
dpkg -i linux-image-4.19.0.16-amd64.deb

> Probably, but I can attest that
> 
> openjdk-11-jre-headless
> 
> runs Minecraft servers perfectly well with that kernel, so
> perhaps switching Java runtimes is a less drastic choice.
> 
I'd go with using openjdk-11-jre-headless
As it's not a solution to downgrade the kernel, what do you do after
this ? Stay with this kernel and hope it will be fixed for the next
update (not knowing what's causing the issue)...
> -dsr-
> 

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: Help: explanation of secure flash?

[rhkramer]

On Tuesday, July 06, 2021 10:53:52 PM Kevin N. wrote:
> > Can somebody provide either a little more explanation and / or a link to
> > a (reasonably simple) reference?
> 
> https://www.embeddedcomputing.com/technology/security/network-security/secu
> re-flash-the-cure-for-insecurity-in-connected-automotive-and-industrial-app
> lications-part-1
> 
> https://www.embeddedcomputing.com/technology/security/network-security/secu
> re-flash-the-cure-for-insecurity-in-connected-automotive-and-industrial-app
> lications-part-2

Thanks to all who replied!

This (the link above) happens to be one of the links I did find and read / skim 
-- it didn't seem applicable.  

I thought it would be something applicable to secure boot or similar.  

Maybe unrelated but I also came across some kind of option in my search, which 
without looking for again, is something like diable  
rollover (right word?).

I guess I'll let things sit for now, and when I install Debian (presumably 
Bulleye) on my newest computer, I'll look again.

Re: apt tells me that grub-efi, grub2-common are no longer needed

[The Wanderer]

On 2021-07-07 at 08:19, Anssi Saari wrote:

> Markus  writes:
> 
>> So it seems that apt-listbugs has done the pinning. Right?
> 
> Right and while I've never used apt-listbugs, it should've asked you
>  what to do when you updated your system? Since the issue concerns 
> ARM based systems only, binning was not the correct choice.
> 
> As the bug is fixed now

Is it?

I saw two bugs listed under the 3 apt-listbugs pins: #984520 and
#990082.

#990082 is for shim-signed, and it does seem to be closed now, but if
I'm reading the discussion correctly that's not the package we're
concerned with.

$984520 is for grub-efi-amd64, which I think is the package we're
concerned with, and as far as I can tell it's still open.

> it seems to me apt-listbugs should clean this up by itself, it's
> supposed to run periodically. I guess you could run it manually too.

If I'm not mistaken, the cleanup will only happen when the appropriate
package version is available in the repositories configured as visible
in /etc/apt/sources.list*.

As far as I can see at a quick glance, the package versions with the fix
are not in testing; they're only in unstable and in buster-security. If
Markus is not tracking either of those repos, then the fixed version
won't show as available yet, so the pin won't be automatically removed.


(I learned something today; I thought the check for removing the pin was
done at apt-listbugs invocation time, not on a daily cron job. In
hindsight it makes sense, since apt-listbugs can be invoked manually and
the invoking user probably wouldn't have write access to modify
/etc/apt/preferences/ contents, but I wasn't expecting it.)

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: apt tells me that grub-efi, grub2-common are no longer needed

[Anssi Saari]

Markus  writes:

> So it seems that apt-listbugs has done the pinning. Right?

Right and while I've never used apt-listbugs, it should've asked you
what to do when you updated your system? Since the issue concerns ARM
based systems only, binning was not the correct choice.

As the bug is fixed now it seems to me apt-listbugs should clean this up
by itself, it's supposed to run periodically. I guess you could run it
manually too.

Re: Oracle Java 16.0.1 CPU usage 100% after kernel update to 4.19.0-17-amd64

[Dan Ritter]

w f wrote: 
> I locally host and maintain some Minecraft (Java) servers for my kids and 
> their friends. This morning, I kicked everyone off the servers while I did 
> some routine maintenance. I finished with a standard sudo apt update && sudo 
> apt full-upgrade
> A few things were updated - PHP, a library or two, and the kernel from 
> 4.19.0-16-amd64 to 4.19.0-17-amd64
> All went fine.
> After I was done, I rebooted the system and fired up the MC servers. As soon 
> as a player joins an MC server, the CPU usage on all cores slams to 100% and 
> stays there. The game is unplayable.
> Nothing has changed with regards to the versions of game server, game 
> clients, or Java.
> Debian buster.Oracle Java 16.0.1
> Is there any way to downgrade back to 4.19.0-16-amd64 ... ?

Probably, but I can attest that

openjdk-11-jre-headless

runs Minecraft servers perfectly well with that kernel, so
perhaps switching Java runtimes is a less drastic choice.

-dsr-

Re: Bullseye installation problem (with Matrox GPU)

[Dan Ritter]

Felix Miata wrote: 
> > https://www.phoronix.com/scan.php?page=news_item=Linux-5.10-Matrox-G200  
> > 
> I did a little more experimenting and learned my G550 doesn't need nomodeset 
> for
> the MGA X driver to work, but it only produces 1920x1080 on my 2560x1440 
> screen,
> and xrandr still can't identify output names.

I believe that the DAC on the G550 is only good up to 2048x1536
(DVI) or 1600x1200 (VGA).

It was pretty good when it was introduced 20 years ago, and not
too bad when the PCIe version was made 15 years ago.


-dsr-

Order inquiry and catalog,

[Mr.Roger Bibu]

Hello Dear,

Kindly send us your company's latest catalog and your best price list.
this is my second mail to this your email address : debian-user@lists.debian.org

We may place an order
Also confirm the teams and conditions . 

I await your feedback
Thanks & Best Regards…
Roger Bibu
Sales Manager | Marketing Enthusiast

TKM United States Inc.
1845 Airport Exchange Blvd # 150,
Erlanger, KY 41018
United States

Re: apt tells me that grub-efi, grub2-common are no longer needed

[Greg Wooledge]

On Wed, Jul 07, 2021 at 08:21:17AM +0200, Markus wrote:
> Am 24.06.21 um 18:51 schrieb Greg Wooledge:
> > On Thu, Jun 24, 2021 at 06:43:15PM +0200, Markus wrote:
> > > grub-efi-amd64:
> > >Installed: (none)
> > >Candidate: 2.02+dfsg1-20+deb10u3
> > >Version table:
> > >   2.02+dfsg1-20+deb10u4 500
> > >  500 http://ftp.de.debian.org/debian buster/main amd64 Packages
> > >  500 http://security.debian.org buster/updates/main amd64 Packages
> > >   2.02+dfsg1-20+deb10u3 3
> > >  100 /var/lib/dpkg/status
> > 
> > Everything else looks good, except for this "3" section.  You've got
> > a pin somewhere, for an older version of grub-efi-amd64, and it's
> > throwing everything out of whack.
> > 
> Could you please help me fixing this? What are the next steps to go? How
> can I unpin this or find out why it was pinned?

I would have started with "grep -r 3 /etc/apt" but it seems you
found another path to the answer.

Re: apt tells me that grub-efi, grub2-common are no longer needed

[Markus]

Am 07.07.21 um 09:24 schrieb Andrei POPESCU:

On Mi, 07 iul 21, 08:21:17, Markus wrote:

Am 24.06.21 um 18:51 schrieb Greg Wooledge:

On Thu, Jun 24, 2021 at 06:43:15PM +0200, Markus wrote:

grub-efi-amd64:
Installed: (none)
Candidate: 2.02+dfsg1-20+deb10u3
Version table:
   2.02+dfsg1-20+deb10u4 500
  500 http://ftp.de.debian.org/debian buster/main amd64 Packages
  500 http://security.debian.org buster/updates/main amd64 Packages
   2.02+dfsg1-20+deb10u3 3
  100 /var/lib/dpkg/status


Everything else looks good, except for this "3" section.  You've got
a pin somewhere, for an older version of grub-efi-amd64, and it's
throwing everything out of whack.


Could you please help me fixing this? What are the next steps to go? How
can I unpin this or find out why it was pinned?


Please show the output of `apt policy` (without any package) as well as
the contents of /etc/apt/preferences and any file under
/etc/apt/preferences.d/

Kind regards,
Andrei



apt policy:

Package files:
 100 /var/lib/dpkg/status
 release a=now
 100 http://ftp.de.debian.org/debian buster-backports/non-free i386
Packages
 release o=Debian
Backports,a=buster-backports,n=buster-backports,l=Debian
Backports,c=non-free,b=i386
 origin ftp.de.debian.org
 100 http://ftp.de.debian.org/debian buster-backports/non-free amd64
Packages
 release o=Debian
Backports,a=buster-backports,n=buster-backports,l=Debian
Backports,c=non-free,b=amd64
 origin ftp.de.debian.org
 100 http://ftp.de.debian.org/debian buster-backports/contrib i386 Packages
 release o=Debian
Backports,a=buster-backports,n=buster-backports,l=Debian
Backports,c=contrib,b=i386
 origin ftp.de.debian.org
 100 http://ftp.de.debian.org/debian buster-backports/contrib amd64
Packages
 release o=Debian
Backports,a=buster-backports,n=buster-backports,l=Debian
Backports,c=contrib,b=amd64
 origin ftp.de.debian.org
 100 http://ftp.de.debian.org/debian buster-backports/main i386 Packages
 release o=Debian
Backports,a=buster-backports,n=buster-backports,l=Debian
Backports,c=main,b=i386
 origin ftp.de.debian.org
 100 http://ftp.de.debian.org/debian buster-backports/main amd64 Packages
 release o=Debian
Backports,a=buster-backports,n=buster-backports,l=Debian
Backports,c=main,b=amd64
 origin ftp.de.debian.org
 500 http://ftp.de.debian.org/debian buster-updates/main i386 Packages
 release
o=Debian,a=stable-updates,n=buster-updates,l=Debian,c=main,b=i386
 origin ftp.de.debian.org
 500 http://ftp.de.debian.org/debian buster-updates/main amd64 Packages
 release
o=Debian,a=stable-updates,n=buster-updates,l=Debian,c=main,b=amd64
 origin ftp.de.debian.org
 500 http://security.debian.org buster/updates/non-free i386 Packages
 release
v=10,o=Debian,a=stable,n=buster,l=Debian-Security,c=non-free,b=i386
 origin security.debian.org
 500 http://security.debian.org buster/updates/non-free amd64 Packages
 release
v=10,o=Debian,a=stable,n=buster,l=Debian-Security,c=non-free,b=amd64
 origin security.debian.org
 500 http://security.debian.org buster/updates/main i386 Packages
 release
v=10,o=Debian,a=stable,n=buster,l=Debian-Security,c=main,b=i386
 origin security.debian.org
 500 http://security.debian.org buster/updates/main amd64 Packages
 release
v=10,o=Debian,a=stable,n=buster,l=Debian-Security,c=main,b=amd64
 origin security.debian.org
 500 http://ftp.de.debian.org/debian buster/non-free i386 Packages
 release v=10.10,o=Debian,a=stable,n=buster,l=Debian,c=non-free,b=i386
 origin ftp.de.debian.org
 500 http://ftp.de.debian.org/debian buster/non-free amd64 Packages
 release v=10.10,o=Debian,a=stable,n=buster,l=Debian,c=non-free,b=amd64
 origin ftp.de.debian.org
 500 http://ftp.de.debian.org/debian buster/contrib i386 Packages
 release v=10.10,o=Debian,a=stable,n=buster,l=Debian,c=contrib,b=i386
 origin ftp.de.debian.org
 500 http://ftp.de.debian.org/debian buster/contrib amd64 Packages
 release v=10.10,o=Debian,a=stable,n=buster,l=Debian,c=contrib,b=amd64
 origin ftp.de.debian.org
 500 http://ftp.de.debian.org/debian buster/main i386 Packages
 release v=10.10,o=Debian,a=stable,n=buster,l=Debian,c=main,b=i386
 origin ftp.de.debian.org
 500 http://ftp.de.debian.org/debian buster/main amd64 Packages
 release v=10.10,o=Debian,a=stable,n=buster,l=Debian,c=main,b=amd64
 origin ftp.de.debian.org
Pinned packages:
 grub-efi-amd64 -> 2.02+dfsg1-20+deb10u3 with priority 3




markus@bmtMB1:/etc/apt$ cat preferences
cat: preferences: No such file or directory



markus@bmtMB1:/etc/apt/preferences.d$ ls
apt-listbugs
markus@bmtMB1:/etc/apt/preferences.d$ cat apt-listbugs

Explanation: Pinned by apt-listbugs at 2021-03-06 12:05:35 +0100
Explanation:   #984520: 'error: symbol "grub_register_command_lockdown"
not found' and then lightdm fails to start
Package: grub-efi-amd64
Pin: version 2.02+dfsg1-20+deb10u3
Pin-Priority: 

Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?

[tomas]

On Tue, Jul 06, 2021 at 11:06:22PM -0400, Stefan Monnier wrote:
> > I'm aware of that. My critique was specific to the "we take it out
> > because it's dangerous to the user" part.
> 
> That's often an explanation but not the main motivation.

That would be even worse :)

The reason I'm "in" free software comes from the realisation that the
programmer has often "too much" power over their users. Imposing policy
decisions on the users ("this way of rendering fonts looks ugly", "that
sort of key management is insecure") is unavoidable: we do take many
of those decisions at a subconscient level. But I think as programmers
we have the responsibiblty to avoid that the best we can.

> For the `none` cipher, I think it was, tho.
> 
> IIRC the problem was that using the `none` cipher causes the
> authentication to be exposed in a way that is worse than using Telnet:
> with Telnet you only expose the data you send to the wire, whereas with
> SSH's `none` cipher you ended up exposing the data plus your
> (valued) credentials.

AFAIK Telnet also sends the login sequence in the clear over the
network (to be more precise: my dusty memory says that Telnet isn't
even in the auth business -- it connects you to something which
does the authentication, all in the clear). Unless you are talking
about RFC2491 and friends -- I doubt they have seen widespread
use, SSH having taken over in the 2000s anyway.

> > I'm torn on this one... Sometimes I've the impression that this leads to
> > asocial software [...]

> Indeed, it has its downsides.

Interesting times :)

Cheers
 - t


signature.asc
Description: Digital signature

Re: Re: Problème de montage d'un disque dur "ZFS"

[didier gaumet]

Pour compléter ce qui a été dit et bien que je sois vraiment pas très
connaisseur de toutes ces choses (donc ne pas accepter mes
élucubrations comme parles d'évangile),

je me demanderais si la table GPT est véritablement corrompue ou si le
parted de Debian la désigne comme telle: Freenas/Truenas c'est du BSD,
je pense que le monde BSD s'est mis à GPT plus tard que le monde Linux
et qu'il traîne potentiellement avec lui des éléments anciens (slices,
couche de compatibilité MBR dans le GPT). De plus en termes de systèmes
de fichiers on évoque possiblement la récupération avec l'OpenZFS de
Debian de données crées avec le ZFS de Freenas (si j'ai bien compris,
au début mais ça a changé récemment, d'origine SunOS/Solaris,
différente de la branche OpenZFS), donc avec de possibles(?)
incohérences.

Dans un premier temps, j'essaierais d'utiliser un live*BSD récent
(NomadBSD? déjà que je n'étais pas très au courant de *BSD, ça fait des
années que j'ai décroché) pour voir si je peux voir mes données et les
sauvegarder sous une forme récupérable de manière fiable sous Debian.
Au cas où les données ne seraient pas visibles, j'essaierais un support
*BSD plus ancien si le Freenas qui a été utilisé pour créer les données
était ancien aussi.

Bon, ceci dit, compte-tenu de mon immense expertise du domaine, je
comprendrais que mes suggestions soient accueillies  par un haussement
d'épaules ;-)

Re: apt tells me that grub-efi, grub2-common are no longer needed

[Andrei POPESCU]

On Mi, 07 iul 21, 08:21:17, Markus wrote:
> Am 24.06.21 um 18:51 schrieb Greg Wooledge:
> > On Thu, Jun 24, 2021 at 06:43:15PM +0200, Markus wrote:
> > > grub-efi-amd64:
> > >Installed: (none)
> > >Candidate: 2.02+dfsg1-20+deb10u3
> > >Version table:
> > >   2.02+dfsg1-20+deb10u4 500
> > >  500 http://ftp.de.debian.org/debian buster/main amd64 Packages
> > >  500 http://security.debian.org buster/updates/main amd64 Packages
> > >   2.02+dfsg1-20+deb10u3 3
> > >  100 /var/lib/dpkg/status
> > 
> > Everything else looks good, except for this "3" section.  You've got
> > a pin somewhere, for an older version of grub-efi-amd64, and it's
> > throwing everything out of whack.
> > 
> Could you please help me fixing this? What are the next steps to go? How
> can I unpin this or find out why it was pinned?

Please show the output of `apt policy` (without any package) as well as 
the contents of /etc/apt/preferences and any file under 
/etc/apt/preferences.d/

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Suggested way to ssh into obsolete devices (with old ssh crypto)?

[Stefan Monnier]

> I'm aware of that. My critique was specific to the "we take it out
> because it's dangerous to the user" part.

That's often an explanation but not the main motivation.
For the `none` cipher, I think it was, tho.

IIRC the problem was that using the `none` cipher causes the
authentication to be exposed in a way that is worse than using Telnet:
with Telnet you only expose the data you send to the wire, whereas with
SSH's `none` cipher you ended up exposing the data plus your
(valued) credentials.

> I'm torn on this one... Sometimes I've the impression that this leads to
> asocial software (i.e. nobody goes to any effort to make their software
> compatible to reasonable ranges of library (and other dependencies's)
> versions).
> Akin to the Flatpaks and Snaps of this world, perhaps with a less horrible
> dependencies management story).

Indeed, it has its downsides.


Stefan

Re: PCSC CCID & horizon view

[Leopold Palomo-Avellaneda]

Bones!

El 6/7/21 a les 16:03, Javier Silva ha escrit:

Hola,

Dono totes les dades que he vist fins ara del meu problema per si algú
em pot ajudar:

He instal·lat un lector de targetes Cherry Smart Card ST-1044 per USB
a Debian 10 (Buster) amb Backports per defecte activat, nucli 5.10.



Ok


La libccid ho detecta sense problemes:

pcsc_scan

Informa correctament de tot.

A més a he instal·lat AET SafeSign i DNI-e sense problemes que
identifiquen les diferents targetes i permeten validar amb els serveis
que corresponen.



Dues preguntes.

1) Quin soft has instal·lat del AET SafeSign i d'on l'has tret?

2) Has pogut signar amb el DNI-e? Amb l'autofirma?


He instal·lat vmware-view connectat a un pool d'escriptoris amb
Windows 2008R2 i 2019, el lector l'identifica (aparentment de forma
correcta, però no detecta la versió de firmware) resulta que les
targetes s'identifiquen, però no són llegibles, donen error i el clock
rate de la comunicació torna error.


Mala peça al teler ...


En proves addicionals, he comprovat que una VM amb Windows (virtualbox
amb view instal·lat) hauria de funcionar, però també he vist que VBox
passa el dispositiu USB complet, cosa que no fa el view, que només es
comunica amb el dimoni pcscd.

Així mateix he vist que el servei pcscd.socket aixeca correctament el
pcscd.service.

Hi ha algú que li hagi passat alguna cosa similar i pugui ajudar-me
d'alguna manera?


No, jo només m'he barallat amb el suport natiu.

Leopold



--
--
Linux User 152692 GPG: 05F4A7A949A2D9AA
Catalonia
-
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: apt tells me that grub-efi, grub2-common are no longer needed

[Markus]

Am 24.06.21 um 18:51 schrieb Greg Wooledge:

On Thu, Jun 24, 2021 at 06:43:15PM +0200, Markus wrote:

grub-efi-amd64:
   Installed: (none)
   Candidate: 2.02+dfsg1-20+deb10u3
   Version table:
  2.02+dfsg1-20+deb10u4 500
 500 http://ftp.de.debian.org/debian buster/main amd64 Packages
 500 http://security.debian.org buster/updates/main amd64 Packages
  2.02+dfsg1-20+deb10u3 3
 100 /var/lib/dpkg/status


Everything else looks good, except for this "3" section.  You've got
a pin somewhere, for an older version of grub-efi-amd64, and it's
throwing everything out of whack.


Could you please help me fixing this? What are the next steps to go? How
can I unpin this or find out why it was pinned?

Thanks in advance