Re: Micrófono de auricular USB no funciona

[Camaleón]

El 2022-02-22 a las 19:52 -0300, Álvaro Rivoir escribió:

> Hola. Es mi primer mensaje al grupo. Se trata de la configuración del
> sonido de un auricular con micrófono incluido USB. Una vez conectado puedo
> escuchar normalmente pero no puedo grabar.

Lo primero sería saber qué sistema de sonido tienes instalado 
(PulseAudio, ALSA, OSS, Jack...) y qué aplicaciones de control has 
habilitado (pavucontrol, alsamixer, etc...).

> Cuando hago una prueba de microfono en la página https://es.mictests.com/ o
> cuando uso Audacity y selecciono "Logitech USB Headset: Audio" funciona
> todo bien asi que pienso que tengo que cambiar la salida "por defecto". ¿Me
> podrian decir como cambio el dispositivo por defecto? Gracias.

Suponiendo que tienes PA y pavucontrol instalados, lo primero que 
comprobaría es que los cascos estén detectados y configurados como 
dispositivo de grabación predeterminado.

Si PA te lo ha detectado corectamente y aparecen como predeterminados 
en la pestaña de Grabación, revisa la wiki de Archlinux que siempre 
tiene busnas sugerencias:

PulseAudio/Troubleshooting
https://wiki.archlinux.org/title/PulseAudio/Troubleshooting#Microphone

Saludos,

-- 
Camaleón 

Re: about 10th new install of bullseye

[Charles Kroeger]

replace the GPU card Gene it's kaput.

C

Re: Xfce4: screen visible upon resume before xscreensaver locks it

[John Crawley]

On 23/02/2022 11:50, John Crawley wrote:

On 22/02/2022 23:12, Celejar wrote:

Hello,

I'm running Xfce4 on a recent install of Sid. I have configured Xfce4
to "Lock screen before sleep" (in Session and Startup / General), but
when I use xscreensaver, when resuming from suspend the screen is often
visible for a brief period before xscreensaver kicks in. I have not
seen this problem when using light-locker. ...
I can't make out whether I have misconfigured something here, or
whether this is a serious security bug in the current Xfce4 -
xscreensaver integration.


I can't shed any light on the cause, but can report I see the same thing on a 
non-xfce system. I'm using lightdm and light-locker, then openbox, although am 
using some xfce utilities.

Usually when booting up a flash of the previous user desktop is shown before 
the login window. Agreed, this is not desirable at all. The only possible 
culprit I can think of is xfdesktop4 - can you try booting to a session with 
that disabled?


Forgot to mention - I'm not using xscreensaver.

--
John

Re: 73-usb-net-by-mac.rules is no longer used in Bullseye for USB ethernet devices?

[Flacusbigotis]

> I did not have this problem in Debian 10.  I do not know if the card's
driver has changed between the two versions of Debian, so I am going to
boot into a Debian 10 live image and see if it displays the same behavior.

Good news:  I verified that this whole thing is indeed introduced in Debian
11 (Bullseye) and is not an issue on Debian 10 (Buster).
Bad news: this mean I can't use the card for now! :-)

I verified the above claim (bug in Bullseye) by booting into BUSTER using a
Debian 10 live USB, and I also tested the same with a Debian 11 (Bullseye)
live USB and obviously also with my hard drive install of bullseye.

The BUSTER USB booted fine and the interface came up without any issues
100% of the time, several times.  I even went back and forth randomly
between the different distros, sometimes fully powering off the machine,
others simply just rebooting...

In contrast, the BULLSEYE USB and the "BULLSEYE hard drive installed OS"
each failed 100% of the time and exhibited the same exact problem, every
single time I tested them.

Another bit of good news (well, progress) is that I also now noticed these
logs in /var/log/messages:

Feb 22 17:22:53 server1 kernel: [1.380198] xhci_hcd :1c:00.0: xHCI
Host Controller
Feb 22 17:22:53 server1 kernel: [1.380205] xhci_hcd :1c:00.0: new
USB bus registered, assigned bus number 5
Feb 22 17:22:53 server1 kernel: [1.380209] xhci_hcd :1c:00.0: Host
supports USB 3.0 SuperSpeed
Feb 22 17:22:53 server1 kernel: [1.380260] usb usb5: New USB device
found, idVendor=1d6b, idProduct=0003, bcdDevice= 5.10
Feb 22 17:22:53 server1 kernel: [1.380261] usb usb5: New USB device
strings: Mfr=3, Product=2, SerialNumber=1
Feb 22 17:22:53 server1 kernel: [1.380263] usb usb5: Product: xHCI Host
Controller
Feb 22 17:22:53 server1 kernel: [1.380264] usb usb5: Manufacturer:
Linux 5.10.0-11-amd64 xhci-hcd
Feb 22 17:22:53 server1 kernel: [1.380265] usb usb5: SerialNumber:
:1c:00.0
Feb 22 17:22:53 server1 kernel: [1.380396] hub 5-0:1.0: USB hub found
Feb 22 17:22:53 server1 kernel: [1.380411] hub 5-0:1.0: 4 ports detected
Feb 22 17:22:53 server1 kernel: [5.508457] ax88179_178a 5-1:1.0 eth0:
register 'ax88179_178a' at usb-:1c:00.0-1, ASIX AX88179 USB 3.0 Gigabit
Ethernet, 00:11:22:33:44:55
Feb 22 17:23:25 server1 kernel: [   39.576966] xhci_hcd :1c:00.0:
WARNING: Host System Error
Feb 22 17:26:00 server1 kernel: [  194.596335] ax88179_178a 5-1:1.0
enx001122334455: Failed to read reg index 0x0002: -22
Feb 22 17:26:00 server1 kernel: [  194.596338] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0002: -22
Feb 22 17:26:11 server1 kernel: [  205.378965] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0002: -22
Feb 22 17:26:11 server1 kernel: [  205.378969] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0002: -22
Feb 22 17:26:11 server1 kernel: [  205.585506] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0001: -22
Feb 22 17:26:11 server1 kernel: [  205.693515] ax88179_178a 5-1:1.0
enx001122334455: Failed to read reg index 0x0001: -22
Feb 22 17:26:11 server1 kernel: [  205.693524] ax88179_178a 5-1:1.0
enx001122334455: Failed to read reg index 0x0006: -22
Feb 22 17:26:11 server1 kernel: [  205.693527] ax88179_178a 5-1:1.0
enx001122334455: invalid MAC address, using random
Feb 22 17:26:11 server1 kernel: [  205.693532] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0006: -22
Feb 22 17:26:11 server1 kernel: [  205.693535] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0005: -22
Feb 22 17:26:11 server1 kernel: [  205.693538] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0001: -22
Feb 22 17:26:11 server1 kernel: [  205.693541] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0001: -22
Feb 22 17:26:11 server1 kernel: [  205.693544] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0001: -22
Feb 22 17:26:11 server1 kernel: [  205.693547] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0001: -22
Feb 22 17:26:11 server1 kernel: [  205.693550] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0002: -22
Feb 22 17:26:11 server1 kernel: [  205.693553] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0001: -22
Feb 22 17:26:11 server1 kernel: [  205.693555] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0002: -22
Feb 22 17:26:11 server1 kernel: [  205.693561] ax88179_178a 5-1:1.0
enx001122334455: Failed to read reg index 0x0001: -22
Feb 22 17:26:11 server1 kernel: [  205.693564] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0001: -22
Feb 22 17:26:11 server1 kernel: [  205.693567] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x001f: -22
Feb 22 17:26:11 server1 kernel: [  205.693570] ax88179_178a 5-1:1.0
enx001122334455: Failed to write reg index 0x0019: -22
Feb 22 17:26:11 

Re: Xfce4: screen visible upon resume before xscreensaver locks it

[John Crawley]

On 22/02/2022 23:12, Celejar wrote:

Hello,

I'm running Xfce4 on a recent install of Sid. I have configured Xfce4
to "Lock screen before sleep" (in Session and Startup / General), but
when I use xscreensaver, when resuming from suspend the screen is often
visible for a brief period before xscreensaver kicks in. I have not
seen this problem when using light-locker. 
...

I can't make out whether I have misconfigured something here, or
whether this is a serious security bug in the current Xfce4 -
xscreensaver integration.


I can't shed any light on the cause, but can report I see the same thing on a 
non-xfce system. I'm using lightdm and light-locker, then openbox, although am 
using some xfce utilities.

Usually when booting up a flash of the previous user desktop is shown before 
the login window. Agreed, this is not desirable at all. The only possible 
culprit I can think of is xfdesktop4 - can you try booting to a session with 
that disabled?

--
John

Re: Mouse problem.

[David Christensen]

On 2/22/22 10:15, Tim Woodall wrote:

I have a problem with my mouse which operates through a KVM switch.

Initially it works fine but once I switch away from the computer and
then switch back, the scroll wheel is "amplified".

Testing with xev I see 16 messages where I previously expected to see
one.

rmmod usbhid; modprobe usbhid
  does not fix. Removing all of hid_multitouch, usbhid, hid_generic,
i2c_hid and hid and re modprobing them also doesn't fix.

xinput set-prop 10 "Evdev Scrolling Distance" 16 1 1
  does fix it - but running this before it's gone into it's "amplified"
state makes the mouse wheel almost unusable as it needs 16 clicks to
generate one up/down event.

It appears to be only the button 4/5 scrollwheel that have this problem.
Everything else seems to work normally.

xinput list-props 10 shows no differences at all between the bad and the
good state.

Unplugging and replugging the dongle does fix it until I use the switch
box again. But unplugging the computer from the KVM box and plugging it
back in does NOT fix the problem.

$ xinput list-props 10
Device 'Microsoft Microsoft?? 2.4GHz Transceiver v8.0 Mouse':
     Device Enabled (150):   1
     Coordinate Transformation Matrix (152): 1.00, 0.00, 
0.00, 0.00, 1.00, 0.00, 0.00, 0.00, 1.00

     Device Accel Profile (280): 0
     Device Accel Constant Deceleration (281):   1.00
     Device Accel Adaptive Deceleration (282):   1.00
     Device Accel Velocity Scaling (283):    10.00
     Device Product ID (272):    1118, 1861
     Device Node (273):  "/dev/input/event8"
     Evdev Axis Inversion (284): 0, 0
     Evdev Axes Swap (286):  0
     Axis Labels (287):  "Rel X" (160), "Rel Y" (161), "Rel 
Horiz Wheel" (278), "Rel Vert Wheel" (279)
     Button Labels (288):    "Button Left" (153), "Button Middle" 
(154), "Button Right" (155), "Button Wheel Up" (156), "Button Wheel 
Down" (157), "Button Horiz Wheel Left" (158), "Button Horiz Wheel Right" 
(159), "Button Side" (276), "Button Extra" (277), "Button Unknown" 
(275), "Button Unknown" (275), "Button Unknown" (275), "Button Unknown" 
(275)

     Evdev Scrolling Distance (289): 1, 1, 1
     Evdev Middle Button Emulation (290):    0
     Evdev Middle Button Timeout (291):  50
     Evdev Middle Button Button (292):   2
     Evdev Third Button Emulation (293): 0
     Evdev Third Button Emulation Timeout (294): 1000
     Evdev Third Button Emulation Button (295):  3
     Evdev Third Button Emulation Threshold (296):   20
     Evdev Wheel Emulation (297):    0
     Evdev Wheel Emulation Axes (298):   0, 0, 4, 5
     Evdev Wheel Emulation Inertia (299):    10
     Evdev Wheel Emulation Timeout (300):    200
     Evdev Wheel Emulation Button (301): 4
     Evdev Drag Lock Buttons (302):  0

Anyone ever seen anything like this and got any ideas how I can fix it?
New keyboard and mouse is an option if this is a known problem with this
model.



On 2/22/22 10:19, Tim Woodall wrote:
> In fact, unplugging the switchbox from the computer and plugging it back
> in is enough to trigger this problem. Only just thought to try that.


I have been using Microsoft Wheel Mouse Optical USB and PS/2 Compatible 
for 20+ years and IOGEAR 8-Port MiniView PS/2 KVM switch (GCS78KIT) for 
10+ years.  Finding a KVM switch that worked correctly with Windows, 
Linux, and FreeBSD was non-trivial.



For the past 2+ years (?), I have experienced berzerk mouse behavior 
with Debian 9, 10, and 11 with Xfce desktop on a Dell Latitude E6520 
laptop with Intel/NVIDIA Optimus graphics -- when I move the mouse, 
there can be storms of rapid random mouse and keyboard events that open, 
close, resize, etc., Windows and/or menus, insert strings of characters 
that I have previously typed, etc..  It is not uncommon for the mouse 
pointer to be left in what appears to be a rectangular drag select mode. 
 Moving the mouse is the trigger; especially when moving the mouse out 
of a window.  Moving the mouse out of a Firefox window that is browsing 
a web site with heavy JavaScript is the most likely trigger (notably 
eBay and the photo viewer).



I have been unable to isolate the problem to the E6520, the KVM switch, 
the mouse, Debian, nouveau, or Firefox.  Debian 10 has always been the 
worst.  Debian 11 had reduced frequency, but is still unusable.  Debian 
9 has the least frequent problems, and is what I run on the E6520 as a 
daily driver.



I also have a desktop computer with an Intel DQ67SW motherboard and 
Intel Core i7-2600S processor (Intel HD Graphics 2000) connected to the 
KVM switch.  Malfunctions are rare, but do occur.



My strategy over the years has been to use major brand, mass produced, 
commodity hardware.  It is best if the hardware is at least a few years 
old.  Intel supports FOSS, so their hardware seems to 

Re: Re: jigdo can't complete debian-10.9.0-amd64-STICK16GB-1.iso: 63 files not found

[Danilo Schembri]

On Tue, 22 Feb 2022 22:35:14 + Andrew M.A. Cater wrote:

> Is there a particular reason why you're using
> 10.9 rather than 10.11

The reason is because I need to test upgrade strategies on a 10.9 Debian
server. And I didn't want to perform a system copy.

I'll try 10.11 as first instance.

Thank you and best regards.
Danilo

Micrófono de auricular USB no funciona

[Álvaro Rivoir]

Hola. Es mi primer mensaje al grupo. Se trata de la configuración del
sonido de un auricular con micrófono incluido USB. Una vez conectado puedo
escuchar normalmente pero no puedo grabar.
Cuando hago una prueba de microfono en la página https://es.mictests.com/ o
cuando uso Audacity y selecciono "Logitech USB Headset: Audio" funciona
todo bien asi que pienso que tengo que cambiar la salida "por defecto". ¿Me
podrian decir como cambio el dispositivo por defecto? Gracias.

Salud,
Álvaro Rivoir.

Re: Micrófono de auricular USB no funciona

[Álvaro Rivoir]

Perdón pero es la "entrada" microfono debí decir.

Salud,
Álvaro Rivoir.


El mar, 22 feb 2022 a las 19:52, Álvaro Rivoir ()
escribió:

> Hola. Es mi primer mensaje al grupo. Se trata de la configuración del
> sonido de un auricular con micrófono incluido USB. Una vez conectado puedo
> escuchar normalmente pero no puedo grabar.
> Cuando hago una prueba de microfono en la página https://es.mictests.com/
> o cuando uso Audacity y selecciono "Logitech USB Headset: Audio" funciona
> todo bien asi que pienso que tengo que cambiar la salida "por defecto". ¿Me
> podrian decir como cambio el dispositivo por defecto? Gracias.
>
> Salud,
> Álvaro Rivoir.
>

Re: jigdo can't complete debian-10.9.0-amd64-STICK16GB-1.iso: 63 files not found

[Andrew M.A. Cater]

On Tue, Feb 22, 2022 at 11:06:17PM +0100, Danilo Schembri wrote:
> Hi,
> 
> jigdo can't complete debian-10.9.0-amd64-STICK16GB-1.iso: 63 files not found.
> 
> I use jigdo-lite 0.8.1.
> 
> Is there a clean way to solve this?
> 
> Regards,
> Danilo Schembri
> Fingerprint 83e0 dd30 92c2 0121 1fe7 d67d df06 0dca 80b3 9009 via
> https://keys.openpgp.org/vks/v1/by-fingerprint/83E0DD3092C201211FE7D67DDF060DCA80B39009
>

Is there a particular reason why you're using 10.9 rather than 10.11
which is the latest point release. It might be that if you try 10.11,
all the files will be current.

With every good wish, as ever,

Andrew Cater 

jigdo can't complete debian-10.9.0-amd64-STICK16GB-1.iso: 63 files not found

[Danilo Schembri]

Hi,

jigdo can't complete debian-10.9.0-amd64-STICK16GB-1.iso: 63 files not found.

I use jigdo-lite 0.8.1.

Is there a clean way to solve this?

Regards,
Danilo Schembri
Fingerprint 83e0 dd30 92c2 0121 1fe7 d67d df06 0dca 80b3 9009 via
https://keys.openpgp.org/vks/v1/by-fingerprint/83E0DD3092C201211FE7D67DDF060DCA80B39009

Re: [OT] Online CPU configuration tool

[Grzesiek]

Thanks for all links. Only thing I miss is search by number of memory 
channels. As I understand only sockets with quad channels are LGA2066 
and TR4?

Re: [OT] Online CPU configuration tool

[Darac Marjal]

For Intel processors,
https://ark.intel.com/content/www/us/en/ark/search/featurefilter.html?productType=873
might be of use to you. For AMD, it seems to need to choose a processor
type first https://www.amd.com/en/products/specifications

If you're after other manufacturers or other architectures, you might
want to be more specific.

On 22/02/2022 19:59, Grzesiek wrote:
> Hi there,
>
> I'm looking for a tool listing CPUs by different criteria like the
> number of cores, number of memory channels clock speed etc. Is there
> any web page capable of that? I tried to google, no luck.
>
> Regards
> Greg
>

Re: KVM et réseau en mode utilisateur

[BERTRAND Joël]

NoSpam a écrit :
> 
> Le 22/02/2022 à 21:46, BERTRAND Joël a écrit :
>> Bon, trouvé, il y a un problème dans le paquet debian. Il faut
>> rajouter
>> le setuid bit à /usr/lib/qemu/qemu-bridge-helper, rendre les bridges
>> permanents et ensuite, tout roule lorsqu'on utilise directement comme
>> source du réseau de la VM le bridge.
> 
> D'ou l'intérêt de gérer soi même les bridges et faire du routing. J'ai
> des Debian 9/10/11 avec KVM, jamais rencontré ce soucis.

Certes, mais là, la configuration est un peu tordue (machine diskless,
donc pas évidant de jouer brutalement avec les bridges) et je tiens à ce
que cela fonctionne pour un utilisateur lambda. Dans mon ancienne
configuration, je lançais la VM en tant que root dans un terminal. Je
préfère éviter.

JKB

Re: KVM et réseau en mode utilisateur

[NoSpam]

Le 22/02/2022 à 21:46, BERTRAND Joël a écrit :

Bon, trouvé, il y a un problème dans le paquet debian. Il faut rajouter
le setuid bit à /usr/lib/qemu/qemu-bridge-helper, rendre les bridges
permanents et ensuite, tout roule lorsqu'on utilise directement comme
source du réseau de la VM le bridge.


D'ou l'intérêt de gérer soi même les bridges et faire du routing. J'ai 
des Debian 9/10/11 avec KVM, jamais rencontré ce soucis.


--
Daniel

Re: KVM et réseau en mode utilisateur

[BERTRAND Joël]

Bon, trouvé, il y a un problème dans le paquet debian. Il faut rajouter
le setuid bit à /usr/lib/qemu/qemu-bridge-helper, rendre les bridges
permanents et ensuite, tout roule lorsqu'on utilise directement comme
source du réseau de la VM le bridge.

Désolé pour le bruit.

JKB

Re: [OT] Online CPU configuration tool

[Celejar]

On Tue, 22 Feb 2022 21:12:26 +0100
Tom  wrote:

> 
> 
> On 2/22/22 20:59, Grzesiek wrote:
> > Hi there,
> > 
> > I'm looking for a tool listing CPUs by different criteria like the 
> > number of cores, number of memory channels clock speed etc. Is there any 
> > web page capable of that? I tried to google, no luck.
> > 
> > Regards
> > Greg
> > 
> 
> Certain webshops will surely offer this? For my locale 
> https://tweakers.net/processors/vergelijken/ comes to mind.

The popular site PCPartPicker allows searching on at least some, if not
necessarily all, of the criteria in which the OP is interested:

https://pcpartpicker.com/products/cpu/

Celejar

Re: [OT] Online CPU configuration tool

[Tom]

On 2/22/22 20:59, Grzesiek wrote:

Hi there,

I'm looking for a tool listing CPUs by different criteria like the 
number of cores, number of memory channels clock speed etc. Is there any 
web page capable of that? I tried to google, no luck.


Regards
Greg



Certain webshops will surely offer this? For my locale 
https://tweakers.net/processors/vergelijken/ comes to mind.


Best,
Tom

Re: [OT] Online CPU configuration tool

[Grzesiek]

On 2/22/22 21:05, Klaus Singvogel wrote:

Grzesiek wrote:

I'm looking for a tool listing CPUs by different criteria like the number of
cores, number of memory channels clock speed etc. Is there any web page
capable of that? I tried to google, no luck.


What's wrong with Wikipedia?

grep "model name" /proc/cpuinfo| uniq

and search for the output on wikipedia.org


It's not about system I poses. It's about choosing optimal CPU for a new 
one. For example, I would like to get a list of all available CPU with 
quad memory channel (Intel and AMD).


Regards
Greg

Re: [OT] Online CPU configuration tool

[Klaus Singvogel]

Grzesiek wrote:
> I'm looking for a tool listing CPUs by different criteria like the number of
> cores, number of memory channels clock speed etc. Is there any web page
> capable of that? I tried to google, no luck.

What's wrong with Wikipedia?

grep "model name" /proc/cpuinfo| uniq

and search for the output on wikipedia.org

Regards,
Klaus.
-- 
Klaus Singvogel
GnuPG-Key-ID: 1024R/5068792D  1994-06-27

[OT] Online CPU configuration tool

[Grzesiek]

Hi there,

I'm looking for a tool listing CPUs by different criteria like the 
number of cores, number of memory channels clock speed etc. Is there any 
web page capable of that? I tried to google, no luck.


Regards
Greg

Re: KVM et réseau en mode utilisateur

[BERTRAND Joël]

NoSpam a écrit :
> 
> Le 22/02/2022 à 19:24, BERTRAND Joël a écrit :
>> NoSpam a écrit :
>>> J'ai, sachant que 192.168.122.0/24 est le réseau NAT.
>>>
>>> Chain LIBVIRT_PRT (1 references)
>>>   pkts bytes target prot opt in out source  
>>> destination
>>>     32  3138 RETURN all  --  *  * 192.168.122.0/24
>>> 224.0.0.0/24
>>>  0 0 RETURN all  --  *  * 192.168.122.0/24
>>> 255.255.255.255
>>>    106  5512 MASQUERADE  tcp  --  *  * 192.168.122.0/24
>>> !192.168.122.0/24 masq ports: 1024-65535
>>>  2   400 MASQUERADE  udp  --  *  * 192.168.122.0/24
>>> !192.168.122.0/24 masq ports: 1024-65535
>>>  1    60 MASQUERADE  all  --  *  * 192.168.122.0/24
>>> !192.168.122.0/24
>>>
>> Un ifconfig ne me donne que l'interface matérielle enp5s0 et lo.
>> Faut-il créer un bridge aussi ?
> 
> Non. KVM utilise virbrX pour bridge. Ex:
> 
> h@feijoa ~ $ brctl show
> bridge name    bridge id        STP enabled    interfaces
> lan        8000.4865ee1493b2    no        enx4865ee1493b2
>                         vnet0
> virbr1        8000.52540097d3a5    yes        virbr1-nic
>                         vnet1

Je peux créer le bridge dans virsh, mais je n'ai jamais d'interfaces
qui montent lors du démarrage d'une VM. Je pense que le problème est de
ce côté-là...

Root hilbert:[~] > ifconfig
enp5s0: flags=4163  mtu 1500
inet 192.168.10.103  netmask 255.255.255.0  broadcast 192.168.10.255
inet6 fe80::d65d:64ff:feb4:9a3b  prefixlen 64  scopeid 0x20
inet6 2001:7a8:a8ed:10:d65d:64ff:feb4:9a3b  prefixlen 64
scopeid 0x0
ether d4:5d:64:b4:9a:3b  txqueuelen 1000  (Ethernet)
RX packets 21553029  bytes 19246112647 (17.9 GiB)
RX errors 0  dropped 97  overruns 0  frame 0
TX packets 18893397  bytes 17568477915 (16.3 GiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
inet6 ::1  prefixlen 128  scopeid 0x10
loop  txqueuelen 1000  (Boucle locale)
RX packets 12038  bytes 8707319 (8.3 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 12038  bytes 8707319 (8.3 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099  mtu 1500
inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
ether 52:54:00:c9:90:17  txqueuelen 1000  (Ethernet)
RX packets 0  bytes 0 (0.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 0  bytes 0 (0.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Root hilbert:[~] > brctl show
bridge name bridge id   STP enabled interfaces
virbr0  8000.525400c99017   yes
Root hilbert:[~] >

JKB

Re: KVM et réseau en mode utilisateur

[didier gaumet]

Perso je n'ai pas de problèmes pour émuler du win10 famille (VM en UEFI
et Secure Boot) avec virt-manager et les drivers Windows de RedHat. 

il m'est déjà arrivé que ça couine (signature) pour le driver graphique
(pas pour le réseau) mais en insistant, bien que ça couine, il me
semble que ça finissait par passer

les drivers ici:
https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.215-2/

ensuite se rendre dans windows à la racine du CD ainsi monté dans Virt-
manager et exécuter l'installation globale de tous les drivers
(préalablement dans virt-manager choisir le driver virtio, pas e1000 ou
autre)

d'une manière générale, surtout pour le disque dur, je pense que
préférer les drivers virtio améliore les perfs (tu peux reconfigurer le
dsique dur après l'install si tu ne l'as pas déclaré en virtio pendant
celle-ci)

Re: Weird delay in ssh login

[tomas]

On Tue, Feb 22, 2022 at 08:47:59AM -0500, Stefan Monnier wrote:
> >> The connection looks like:

[...]

> > This smells like your VM's ssh server is trying to reverse-resolve
> > the client's IP address [...]

> My intuition also suggests this possibility but I tried to put `UseDNS
> no` in /etc/ssh/sshd_config and it made no difference.

Darn :-(

> But this prompted me to try and increase sshd's logging to `DEBUG3` and
> now I do something apparently related in the log: right when the delay
> ends I get:
> 
> Feb 22 08:43:20 ... systemd[1]: user@1001.service: start operation timed 
> out. Terminating.
> Feb 22 08:43:20 ... systemd[1]: user@1001.service: Main process exited, 
> code=exited, status=1/FAILURE
> Feb 22 08:43:20 ... systemd[1]: user@1001.service: Killing process 
> 3659208 (gpgconf) with signal SIGKILL.
> Feb 22 08:43:20 ... systemd[1]: user@1001.service: Killing process 
> 3659209 (awk) with signal SIGKILL.
> Feb 22 08:43:20 ... systemd[1]: user@1001.service: Killing process 
> 3659214 (dirmngr) with signal SIGKILL.
> Feb 22 08:43:20 ... systemd[1]: user@1001.service: Failed with result 
> 'timeout'.
> Feb 22 08:43:20 ... systemd[1]: user@1001.service: Unit process 3659208 
> (gpgconf) remains running after unit stopped.
> Feb 22 08:43:20 ... systemd[1]: user@1001.service: Unit process 3659209 
> (awk) remains running after unit stopped.
> Feb 22 08:43:20 ... systemd[1]: user@1001.service: Unit process 3659214 
> (dirmngr) remains running after unit stopped.
> Feb 22 08:43:20 ... systemd[1]: Failed to start User Manager for UID 1001.
> Feb 22 08:43:20 ... systemd[1]: Started Session 50020 of user .
> 
> Any idea what that systemd's "start operation timed out" might be about
> or how to track it down?

I'm totally out of my depth on this one, sorry. My search engine says it
looks a bit like

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877985;msg=7

which points to

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841740

which suggests that something with the systemd user session for your
user 1001 went sour. I know, handwaving...

Perhaps some systemd buff around here?

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Definitive instructions for Buster LTS security updates

[Keith Christian]

> The OP is tilting at windmills.
>
> The example I posted has been used every three hours of my waking day
> for the past 2½ years. It fails when my cable company fails.
>
> The OP has quoted some hearsay off the web, period. And not a single
> reference with it. The OP calls this "pre-startup research", and
> will "verify [ … ] your suggestions" when the Oracle has handed down
> "the correct sources.list".
>
> Until then, the Buster machine will stay de-activated, the OP remains
> safe, and we await the Oracle.
>
> (Those who know their Classical history will realise that advice
> pulled from the Internet can be as ambiguous as the Oracle always was.)
>
> Cheers,
> David.

David,

Windmills, LOL.  I've always liked that one.
I brought up the old Buster machine and it's working fine with one mod
to he original sources list, uncommenting this line:
   deb http://security.debian.org/debian-security buster/updates main
Since I didn't know that Buster was not yet in LTS, and that there are
no changes needed, I thought I should ask first in case there were
repo changes.
Thanks for your comments.

Keith

Re: KVM et réseau en mode utilisateur

[NoSpam]

Le 22/02/2022 à 19:24, BERTRAND Joël a écrit :

NoSpam a écrit :

J'ai, sachant que 192.168.122.0/24 est le réseau NAT.

Chain LIBVIRT_PRT (1 references)
  pkts bytes target prot opt in out source   destination
    32  3138 RETURN all  --  *  * 192.168.122.0/24 224.0.0.0/24
     0 0 RETURN all  --  *  * 192.168.122.0/24
255.255.255.255
   106  5512 MASQUERADE  tcp  --  *  * 192.168.122.0/24
!192.168.122.0/24 masq ports: 1024-65535
     2   400 MASQUERADE  udp  --  *  * 192.168.122.0/24
!192.168.122.0/24 masq ports: 1024-65535
     1    60 MASQUERADE  all  --  *  * 192.168.122.0/24
!192.168.122.0/24


Un ifconfig ne me donne que l'interface matérielle enp5s0 et lo.
Faut-il créer un bridge aussi ?


Non. KVM utilise virbrX pour bridge. Ex:

h@feijoa ~ $ brctl show
bridge name    bridge id        STP enabled    interfaces
lan        8000.4865ee1493b2    no        enx4865ee1493b2
                        vnet0
virbr1        8000.52540097d3a5    yes        virbr1-nic
                        vnet1

Perso mes interfaces sont toujours en bridge, j'attaque donc directement 
celle ci ce qui permet d'inclure les VM dans le-s réseau-x locaux existants


--
Daniel

Re: KVM et réseau en mode utilisateur

[BERTRAND Joël]

NoSpam a écrit :
> 
> J'ai, sachant que 192.168.122.0/24 est le réseau NAT.
> 
> Chain LIBVIRT_PRT (1 references)
>  pkts bytes target prot opt in out source   destination
>    32  3138 RETURN all  --  *  * 192.168.122.0/24 224.0.0.0/24
>     0 0 RETURN all  --  *  * 192.168.122.0/24
> 255.255.255.255
>   106  5512 MASQUERADE  tcp  --  *  * 192.168.122.0/24   
> !192.168.122.0/24 masq ports: 1024-65535
>     2   400 MASQUERADE  udp  --  *  * 192.168.122.0/24   
> !192.168.122.0/24 masq ports: 1024-65535
>     1    60 MASQUERADE  all  --  *  * 192.168.122.0/24   
> !192.168.122.0/24
> 

Un ifconfig ne me donne que l'interface matérielle enp5s0 et lo.
Faut-il créer un bridge aussi ?

JKB

Re: KVM et réseau en mode utilisateur

[NoSpam]

Le 22/02/2022 à 19:10, BERTRAND Joël a écrit :

NoSpam a écrit :

Bonjour

Le 22/02/2022 à 18:25, BERTRAND Joël a écrit :

 Bonjour à tous,

 Je suis contraint pour un soft d'installer une VM Windows et je
galère
réellement.

 J'ai déjà fait cela par le passé même avec des VM biécran à grands
coups de bridge réseau et de spicec, mais plus rien ne fonctionne.
spicec n'existe plus dans debian et je n'ai aucune envie de lancer le
tout en root pour avoir un accès réseau.

Tu peux utiliser Remmina, fait VNC, SPICE et RDP

Là, j'ai virt-manager, mais ce n'est pas le problème qui m'intéresse
aujourd'hui.


 J'ai donc essayé de configurer une VM dans Virtualbox. La VM
s'installe, mais il m'est impossible d'utiliser les addons. Leur
installation plante (problème de signature dans un pilote) et j'ai beau
demander à Windows de ne pas vérifier, ça ne veut pas. Inutilisable.
J'ai essayé W7 32 bits, 64 bits, POS 64 bits avec toujours la même
erreur de signature (et j'ai des licences officielles, ce n'est pas du
craqué).

 J'ai donc tenté l'installation sur qemu en mode utilisateur.
J'arrive à
installer la VM mais je n'ai aucun accès réseau (ou partiel, lorsque
j'envoie des paquets icmp depuis la VM, ça passe, mais c'est à peu près
tout).

Quel est le mode réseau ? /etc/libvirt/qemu/networks Le NAT est le plus
facile

Root hilbert:[~] > cat /etc/libvirt/qemu/networks/default.xml



   default
   53493377-2b48-4bfd-a316-57364d36820d
   
   
   
   
 
   
 
   

Root hilbert:[~] >


 Présentement, j'ai une VM avec un Windows7pos en 64 bits. La carte
réseau utilisée est une e1000 dans la configuration de la VM. Windows la
voit et récupère une adresse par DHCP (10.0.2.15).

Donc le réseau fonctionne

 Lorsque je fais un simple ping depuis la VM (qui tourne sur host)
vers
le dns, je n'obtiens que :

legendre# tcpdump -p -i agr0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on agr0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:22:05.105125 IP dns > host: ICMP legendre.systella.fr udp port echo
unreachable, length 36

Tu masquerade bien en sortie de l'hôte ?

iptables -t nat -p all -s 10.0.2.0/24 ! -d 10.0.2.0/24 -j MASQUERADE

Non, je pensais que c'était fait automatiquement. Actuellement, j'ai
dans la table nat :

Root hilbert:[~] > iptables -L -t nat
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain PREROUTING (policy ACCEPT)
target prot opt source   destination

Chain INPUT (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source   destination
LIBVIRT_PRT  all  --  anywhere anywhere

Chain LIBVIRT_PRT (1 references)
target prot opt source   destination
Root hilbert:[~] >

Mais en rajoutant ceci :
iptables -t nat -A POSTROUTING -s 10.0.2.0/24 ! -d 10.0.2.0/24 -j MASQUERADE

ça ne fonctionne guère mieux.


J'ai, sachant que 192.168.122.0/24 est le réseau NAT.

Chain LIBVIRT_PRT (1 references)
 pkts bytes target prot opt in out source   
destination

   32  3138 RETURN all  --  *  * 192.168.122.0/24 224.0.0.0/24
    0 0 RETURN all  --  *  * 192.168.122.0/24 
255.255.255.255
  106  5512 MASQUERADE  tcp  --  *  * 192.168.122.0/24    
!192.168.122.0/24 masq ports: 1024-65535
    2   400 MASQUERADE  udp  --  *  * 192.168.122.0/24    
!192.168.122.0/24 masq ports: 1024-65535
    1    60 MASQUERADE  all  --  *  * 192.168.122.0/24    
!192.168.122.0/24

Re: Mouse problem.

[Tim Woodall]

On Tue, 22 Feb 2022, Tim Woodall wrote:


I have a problem with my mouse which operates through a KVM switch.


Unplugging and replugging the dongle does fix it until I use the switch
box again. But unplugging the computer from the KVM box and plugging it
back in does NOT fix the problem.



In fact, unplugging the switchbox from the computer and plugging it back
in is enough to trigger this problem. Only just thought to try that.

Mouse problem.

[Tim Woodall]

I have a problem with my mouse which operates through a KVM switch.

Initially it works fine but once I switch away from the computer and
then switch back, the scroll wheel is "amplified".

Testing with xev I see 16 messages where I previously expected to see
one.

rmmod usbhid; modprobe usbhid
 does not fix. Removing all of hid_multitouch, usbhid, hid_generic,
i2c_hid and hid and re modprobing them also doesn't fix.

xinput set-prop 10 "Evdev Scrolling Distance" 16 1 1
 does fix it - but running this before it's gone into it's "amplified"
state makes the mouse wheel almost unusable as it needs 16 clicks to
generate one up/down event.

It appears to be only the button 4/5 scrollwheel that have this problem.
Everything else seems to work normally.

xinput list-props 10 shows no differences at all between the bad and the
good state.

Unplugging and replugging the dongle does fix it until I use the switch
box again. But unplugging the computer from the KVM box and plugging it
back in does NOT fix the problem.

$ xinput list-props 10
Device 'Microsoft Microsoft?? 2.4GHz Transceiver v8.0 Mouse':
Device Enabled (150):   1
Coordinate Transformation Matrix (152): 1.00, 0.00, 0.00, 
0.00, 1.00, 0.00, 0.00, 0.00, 1.00
Device Accel Profile (280): 0
Device Accel Constant Deceleration (281):   1.00
Device Accel Adaptive Deceleration (282):   1.00
Device Accel Velocity Scaling (283):10.00
Device Product ID (272):1118, 1861
Device Node (273):  "/dev/input/event8"
Evdev Axis Inversion (284): 0, 0
Evdev Axes Swap (286):  0
Axis Labels (287):  "Rel X" (160), "Rel Y" (161), "Rel Horiz Wheel" (278), 
"Rel Vert Wheel" (279)
Button Labels (288):"Button Left" (153), "Button Middle" (154), "Button Right" (155), "Button Wheel Up" (156), "Button Wheel Down" (157), 
"Button Horiz Wheel Left" (158), "Button Horiz Wheel Right" (159), "Button Side" (276), "Button Extra" (277), "Button Unknown" (275), "Button 
Unknown" (275), "Button Unknown" (275), "Button Unknown" (275)
Evdev Scrolling Distance (289): 1, 1, 1
Evdev Middle Button Emulation (290):0
Evdev Middle Button Timeout (291):  50
Evdev Middle Button Button (292):   2
Evdev Third Button Emulation (293): 0
Evdev Third Button Emulation Timeout (294): 1000
Evdev Third Button Emulation Button (295):  3
Evdev Third Button Emulation Threshold (296):   20
Evdev Wheel Emulation (297):0
Evdev Wheel Emulation Axes (298):   0, 0, 4, 5
Evdev Wheel Emulation Inertia (299):10
Evdev Wheel Emulation Timeout (300):200
Evdev Wheel Emulation Button (301): 4
Evdev Drag Lock Buttons (302):  0

Anyone ever seen anything like this and got any ideas how I can fix it?
New keyboard and mouse is an option if this is a known problem with this
model.

Re: KVM et réseau en mode utilisateur

[BERTRAND Joël]

NoSpam a écrit :
> Bonjour
> 
> Le 22/02/2022 à 18:25, BERTRAND Joël a écrit :
>> Bonjour à tous,
>>
>> Je suis contraint pour un soft d'installer une VM Windows et je
>> galère
>> réellement.
>>
>> J'ai déjà fait cela par le passé même avec des VM biécran à grands
>> coups de bridge réseau et de spicec, mais plus rien ne fonctionne.
>> spicec n'existe plus dans debian et je n'ai aucune envie de lancer le
>> tout en root pour avoir un accès réseau.
> Tu peux utiliser Remmina, fait VNC, SPICE et RDP

Là, j'ai virt-manager, mais ce n'est pas le problème qui m'intéresse
aujourd'hui.

>>
>> J'ai donc essayé de configurer une VM dans Virtualbox. La VM
>> s'installe, mais il m'est impossible d'utiliser les addons. Leur
>> installation plante (problème de signature dans un pilote) et j'ai beau
>> demander à Windows de ne pas vérifier, ça ne veut pas. Inutilisable.
>> J'ai essayé W7 32 bits, 64 bits, POS 64 bits avec toujours la même
>> erreur de signature (et j'ai des licences officielles, ce n'est pas du
>> craqué).
>>
>> J'ai donc tenté l'installation sur qemu en mode utilisateur.
>> J'arrive à
>> installer la VM mais je n'ai aucun accès réseau (ou partiel, lorsque
>> j'envoie des paquets icmp depuis la VM, ça passe, mais c'est à peu près
>> tout).
> Quel est le mode réseau ? /etc/libvirt/qemu/networks Le NAT est le plus
> facile
Root hilbert:[~] > cat /etc/libvirt/qemu/networks/default.xml



  default
  53493377-2b48-4bfd-a316-57364d36820d
  
  
  
  

  

  

Root hilbert:[~] >

>> Présentement, j'ai une VM avec un Windows7pos en 64 bits. La carte
>> réseau utilisée est une e1000 dans la configuration de la VM. Windows la
>> voit et récupère une adresse par DHCP (10.0.2.15).
> Donc le réseau fonctionne
>> Lorsque je fais un simple ping depuis la VM (qui tourne sur host)
>> vers
>> le dns, je n'obtiens que :
>>
>> legendre# tcpdump -p -i agr0 icmp
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>> decode
>> listening on agr0, link-type EN10MB (Ethernet), capture size 262144 bytes
>> 18:22:05.105125 IP dns > host: ICMP legendre.systella.fr udp port echo
>> unreachable, length 36
> 
> Tu masquerade bien en sortie de l'hôte ?
> 
> iptables -t nat -p all -s 10.0.2.0/24 ! -d 10.0.2.0/24 -j MASQUERADE

Non, je pensais que c'était fait automatiquement. Actuellement, j'ai
dans la table nat :

Root hilbert:[~] > iptables -L -t nat
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain PREROUTING (policy ACCEPT)
target prot opt source   destination

Chain INPUT (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source   destination
LIBVIRT_PRT  all  --  anywhere anywhere

Chain LIBVIRT_PRT (1 references)
target prot opt source   destination
Root hilbert:[~] >

Mais en rajoutant ceci :
iptables -t nat -A POSTROUTING -s 10.0.2.0/24 ! -d 10.0.2.0/24 -j MASQUERADE

ça ne fonctionne guère mieux.

Bien cordialement,

JKB

Re: 73-usb-net-by-mac.rules is no longer used in Bullseye for USB ethernet devices?

[Reco]

Hi.

On Tue, Feb 22, 2022 at 10:56:43AM -0600, Nicholas Geovanis wrote:
> > It's possible, of course. What's also possible is card's EEPROM may have
> > gone haywire. I had a similar problem back in the day with rtl8139 NIC,
> > IIRC. One day the thing simply started to assign itself a random MAC
> > (but worked in every other regard), and since the thing was a part of
> > the motherboard - I had to try almost every workaround in the existence.
> >
> 
> And you checked to make certain that really really really no firmware
> upgrades took place in the meantime?

Of course I'm sure. I'd remember rewriting card's EEPROM.
That NIC had only built-in impossible to upgrade firmware, just in case.

And in the grand scheme of things ever-changing MAC was a nuisance, not
a problem. Changing the MAC on boot was a klugde, but it worked.

> Or downgrades?

See above.

> Not even from some dual-booted OS on the same box?

I don't do dual-boot for last 20 years at least. Dual-boot may be useful
to someone, but I have no need of it.


Besides, I don't own that hardware anymore. Unless I'm mistaken, it was
"retired" to a nearest garbage dump.

Reco

Re: KVM et réseau en mode utilisateur

[NoSpam]

Bonjour

Le 22/02/2022 à 18:25, BERTRAND Joël a écrit :

Bonjour à tous,

Je suis contraint pour un soft d'installer une VM Windows et je galère
réellement.

J'ai déjà fait cela par le passé même avec des VM biécran à grands
coups de bridge réseau et de spicec, mais plus rien ne fonctionne.
spicec n'existe plus dans debian et je n'ai aucune envie de lancer le
tout en root pour avoir un accès réseau.

Tu peux utiliser Remmina, fait VNC, SPICE et RDP


J'ai donc essayé de configurer une VM dans Virtualbox. La VM
s'installe, mais il m'est impossible d'utiliser les addons. Leur
installation plante (problème de signature dans un pilote) et j'ai beau
demander à Windows de ne pas vérifier, ça ne veut pas. Inutilisable.
J'ai essayé W7 32 bits, 64 bits, POS 64 bits avec toujours la même
erreur de signature (et j'ai des licences officielles, ce n'est pas du
craqué).

J'ai donc tenté l'installation sur qemu en mode utilisateur. J'arrive à
installer la VM mais je n'ai aucun accès réseau (ou partiel, lorsque
j'envoie des paquets icmp depuis la VM, ça passe, mais c'est à peu près
tout).
Quel est le mode réseau ? /etc/libvirt/qemu/networks Le NAT est le plus 
facile

Présentement, j'ai une VM avec un Windows7pos en 64 bits. La carte
réseau utilisée est une e1000 dans la configuration de la VM. Windows la
voit et récupère une adresse par DHCP (10.0.2.15).

Donc le réseau fonctionne

Lorsque je fais un simple ping depuis la VM (qui tourne sur host) vers
le dns, je n'obtiens que :

legendre# tcpdump -p -i agr0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on agr0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:22:05.105125 IP dns > host: ICMP legendre.systella.fr udp port echo
unreachable, length 36


Tu masquerade bien en sortie de l'hôte ?

iptables -t nat -p all -s 10.0.2.0/24 ! -d 10.0.2.0/24 -j MASQUERADE


Et là, je ne sais plus où chercher. Dans ma mémoire, il me semblait que
le réseau fonctionnait 'out of the box' et la lecture de la doc ne m'a
pas beaucoup aidée.

Une idée ?

Bien cordialement,

JKB

KVM et réseau en mode utilisateur

[BERTRAND Joël]

Bonjour à tous,

Je suis contraint pour un soft d'installer une VM Windows et je galère
réellement.

J'ai déjà fait cela par le passé même avec des VM biécran à grands
coups de bridge réseau et de spicec, mais plus rien ne fonctionne.
spicec n'existe plus dans debian et je n'ai aucune envie de lancer le
tout en root pour avoir un accès réseau.

J'ai donc essayé de configurer une VM dans Virtualbox. La VM
s'installe, mais il m'est impossible d'utiliser les addons. Leur
installation plante (problème de signature dans un pilote) et j'ai beau
demander à Windows de ne pas vérifier, ça ne veut pas. Inutilisable.
J'ai essayé W7 32 bits, 64 bits, POS 64 bits avec toujours la même
erreur de signature (et j'ai des licences officielles, ce n'est pas du
craqué).

J'ai donc tenté l'installation sur qemu en mode utilisateur. J'arrive à
installer la VM mais je n'ai aucun accès réseau (ou partiel, lorsque
j'envoie des paquets icmp depuis la VM, ça passe, mais c'est à peu près
tout).

Présentement, j'ai une VM avec un Windows7pos en 64 bits. La carte
réseau utilisée est une e1000 dans la configuration de la VM. Windows la
voit et récupère une adresse par DHCP (10.0.2.15).

Lorsque je fais un simple ping depuis la VM (qui tourne sur host) vers
le dns, je n'obtiens que :

legendre# tcpdump -p -i agr0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on agr0, link-type EN10MB (Ethernet), capture size 262144 bytes
18:22:05.105125 IP dns > host: ICMP legendre.systella.fr udp port echo
unreachable, length 36

Et là, je ne sais plus où chercher. Dans ma mémoire, il me semblait que
le réseau fonctionnait 'out of the box' et la lecture de la doc ne m'a
pas beaucoup aidée.

Une idée ?

Bien cordialement,

JKB

Re: 73-usb-net-by-mac.rules is no longer used in Bullseye for USB ethernet devices?

[Nicholas Geovanis]

On Tue, Feb 22, 2022, 5:18 AM Reco  wrote:

>
> On Sun, Feb 20, 2022 at 05:30:10PM -0600, Flacusbigotis wrote:
> .
> > > If the MAC address of the NIC is not persistent, that means udev will
> > > provide you with different interface name each time you boot.
> > > That means that you've hit yet another case of unpredictability of so
> > > called Predictable Network Interface Names.
> > >
> > I did not have this problem in Debian 10.  I do not know if the card's
> > driver has changed between the two versions of Debian, so I am going to
> > boot into a Debian 10 live image and see if it displays the same
> behavior.
>
> It's possible, of course. What's also possible is card's EEPROM may have
> gone haywire. I had a similar problem back in the day with rtl8139 NIC,
> IIRC. One day the thing simply started to assign itself a random MAC
> (but worked in every other regard), and since the thing was a part of
> the motherboard - I had to try almost every workaround in the existence.
>

And you checked to make certain that really really really no firmware
upgrades took place in the meantime? Or downgrades? Not even from some
dual-booted OS on the same box?

> If the drivers are the same then the issue was probably introduced by the
> > changes made to start using ".link" vs .rules" files.
>
> ".link" and ".rules" are merely means to configure udev, they mean
> nothing to the kernel. By default udev should not randomize NIC's MAC.
>
>
> > > > I also tried adding a udev file (/etc/udev/rules.d/99_fix_usb.rules)
> with
> > > > the following content to try to force the addr_assign_type to 0, but
> this
> > > > did nothing:
> > > >
> > > > SUBSYSTEMS=="usb", SUBSYSTEM=="net", ATTR{addr_assign_type}="0"
> > >
> > > Try this:
> > >
> > > 1) Create a file called /etc/systemd/network/00-usb.link with the
> following
> > > contents:
> > >
> > > [Match]
> > > Driver=ax88179_178a
> > >
> > > [Link]
> > > MACAddressPolicy=none
> > > NamePolicy=kernel
> > >
> > > You may have to create an appropriate directory, and the file name has
> > > to start with double zeroes.
> > >
> > > 2) Invoke (really needed):
> > >
> > > update-initramfs -k all -u
> > >
> > > 3) Reboot.
> > >
> > > 4) Watch your network interface is called usb0 from now then.
> > >
> > > Thanks!
>
> You're welcome.
>
>
> > > Now, this approach has its caveats, so:
> > >
> > > 1) If you ever plug-in two USB devices that both served with
> > > "ax88179_178a" - you won't be able to distinguish between them. They
> > > will be called usb0, usb1, etc without any meaningful order.
> > >
> > > Ugghhh.. I am not entirely comfortable with that.
> >
> >
> > > 2) If they decide to rename "ax88179_178a" in the kernel - this link
> > > file will cease to work for obvious reasons.
> > >
> > >  Also not comfortable with this.
> >
> > I'll first check if I can replicate the behavior in Buster.
>
> IIRC in Buster .link files are ignored if 73-usb-net-by-mac.rules apply
> to the NIC. But you can cheat it by creating an empty file called:
> /etc/udev/rules.d/73-usb-net-by-mac.rules
>
> Reco
>
>

Re: Trying to deug initramfs boot delay

[Andrew M.A. Cater]

On Tue, Feb 22, 2022 at 09:19:14AM -0700, Charles Curley wrote:
> On Tue, 22 Feb 2022 09:45:34 +
> "Andrew M.A. Cater"  wrote:
> 
> > I think Charles Curley is also installing on one, too.
> 
> I am installing on an Ideapad, a "Lenovo IdeaPad Yoga 13". I have not
> seen anything like what the OP, Michael Lange ,
> describes. Indeed, my beastie boots very quickly.
> 
> > 
> > I used the unofficial .iso including non-free firmware.
> 
> As did I. According to /etc/apt/sources.list, "Debian GNU/Linux 11.2.0
> _Bullseye_ - Unofficial amd64 NETINST with firmware 20211218-11:12"
> 
> Note that I went full Amd64. I wonder if the OP might be better off
> with that.
> 

The Ideapad 100S is one of the Bay Lake Intels with 32 bit UEFI and 64
bit processor - hence the suggestion for multi-arch.

These and similar were deliberately released on cut down hardware to fill
a market niche - I think Windows 7 S - one application at a time, essentially,
and were designed down to a price point in terms of limited memory.

All the very best, as ever,

Andy Cater

> -- 
> Does anybody read signatures any more?
> 
> https://charlescurley.com
> https://charlescurley.com/blog/
> 

Re: Trying to deug initramfs boot delay

[Charles Curley]

On Tue, 22 Feb 2022 09:45:34 +
"Andrew M.A. Cater"  wrote:

> I think Charles Curley is also installing on one, too.

I am installing on an Ideapad, a "Lenovo IdeaPad Yoga 13". I have not
seen anything like what the OP, Michael Lange ,
describes. Indeed, my beastie boots very quickly.

> 
> I used the unofficial .iso including non-free firmware.

As did I. According to /etc/apt/sources.list, "Debian GNU/Linux 11.2.0
_Bullseye_ - Unofficial amd64 NETINST with firmware 20211218-11:12"

Note that I went full Amd64. I wonder if the OP might be better off
with that.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Definitive instructions for Buster LTS security updates

[David Wright]

On Tue 22 Feb 2022 at 13:50:20 (+), Tixy wrote:
> On Tue, 2022-02-22 at 06:00 -0700, Keith Christian wrote:
> > On Mon, Feb 21, 2022 at 7:33 AM Tixy  wrote:
> > > I assume because Buster isn't in Long Term Support yet, it's still in
> > > normal support by the security team. From the schedule on the wiki,
> > > it's due to go into LTS this July.
> > 
> > I remembered that I made a copy of the original sources.list file on
> > the day of install.
> > Here it is, I wonder why the security line failed to verify (Line 11) ?
> > The entire sources.list appears below.
> > 
> > # Line commented out by installer because it failed to verify:
> > #deb http://security.debian.org/debian-security buster/updates main
> > 
> > It seems this line should be uncommented?
> > 
> > #deb http://security.debian.org/debian-security buster/updates main
> 
> I just tried that URL and did an 'apt update' and it seemed to work,
> there were no errors and seemed to be download a new package list.
> Interesting that the one I had doesn't have the 'debian-security' bit.
> 
> Also, the online examples of sources.list for Buster have the URL
> 'http://deb.debian.org/debian-security', I beleive that uses the CDN.
> 
> So, for me, all three of these seem work...
> 
> deb http://security.debian.org/ buster/updates main
> deb http://security.debian.org/debian-security buster/updates main
> deb http://deb.debian.org/debian-security buster/updates main

The OP is tilting at windmills.

The example I posted has been used every three hours of my waking day
for the past 2½ years. It fails when my cable company fails.

The OP has quoted some hearsay off the web, period. And not a single
reference with it. The OP calls this "pre-startup research", and
will "verify [ … ] your suggestions" when the Oracle has handed down
"the correct sources.list".

Until then, the Buster machine will stay de-activated, the OP remains
safe, and we await the Oracle.

(Those who know their Classical history will realise that advice
pulled from the Internet can be as ambiguous as the Oracle always was.)

Cheers,
David.

Re: Converting a BIOS (CSM) Debian installation into UEFI

[David Wright]

On Tue 15 Feb 2022 at 14:20:55 (-0500), Felix Miata wrote:
> David Wright composed on 2022-02-15 10:11 (UTC-0600):
> 
> > Is anything else required for B to become a "native EFI" installation?
> 
> > This conversion process will, I think, make the system boot into
> > the EFI-ed B by default. If I want to make E boot by default again,
> > should I boot E and run update-grub and grub-install?³
> > Or should I do this by running efibootmgr?
> 
> Without changing GRUB_DISTRIBUTOR= in /etc/default/grub, you'll wind up with 
> only
> /boot/efi/EFI/debian. It will be just like MBR booting, where the last updated
> Grub overwrites what the previous one put in the MBR. I avoid this by 
> changing the
> default
> 
>   GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
> 
> to e.g.
> 
>   GRUB_DISTRIBUTOR="bookworm"

That was useful — I hadn't realised the connection between that
variable and the directory name in EFI/. It's quite tricky pulling all
the threads together: the directory layout in EFI/, all the stuff
that's in /sys/firmware/efi/efivars, the efibootmgr's listing, and
the contents (and actions) of the EFI menus when you boot into the
firmware interface (reached with Esc F9 here, IIRC).

> Once you have a unique /boot/efi/EFI/ entry for each installation, you 
> /should/ be
> able to switch which has control either in the BIOS directly, or with 
> efibootmgr.
> Likely update-grub and grub-install would do the same thing, but I've never 
> given
> them the opportunity here. I say /should/ because some UEFI BIOS are finicky
> beasts that can't always be trusted to do as expected.
> 
> I avoid the issue of priority usurpation in two ways:
> 1-only mount the ESP filesystem to /boot/efi/ on one installation
> 2-don't install any bootloader

I think I've decided to keep mine simple by:
. booting into one primary system from the ESP,
. only that primary system has /boot/efi/EFI/ mounted (your 1),
. no Grub on the non-primary systems (your 2),
. the primary's Grub will choose which system to boot.

I'm used to using grubenv for one-time boot selection, even when
I'm not at the machine, but am happy to use the EFI menus whenever
I need to boot from a stick, etc.

> I actually boot from /boot/grub/custom.cfg, by copying /etc/grub.d/40_custom 
> to
> 06_custom. This causes grub-mkconfig to generate a grub.cfg that displays my
> custom.cfg entries before its auto-generated entries, minimizing need to 
> scroll
> the menu to find a desired selection. My custom.cfg boots via kernel and 
> initrd
> symlinks (and volume LABEL rather than UUID, same as fstab), so infrequently 
> has
> any need to be updated. Note that my use of singular filenames is inaccurate, 
> as I
> have 5 UEFI systems configured this way, and all have 10 or more Linux 
> installations.

I'll probably go through another iteration of my edgrub
script, to reduce even more of the "garbage" in grub.cfg.
Thanks for the suggestions.

Cheers,
David.

Re: OT: Quien se va sin que lo echen vuelve sin que lo llamen

[Marcelo Eduardo Giordano]

El 21/2/22 a las 04:11, Camaleón escribió:

El 2022-02-20 a las 22:53 -0300, Marcelo Eduardo Giordano escribió:


Vuelvo de Arch a Debian.

¡Olé! :-)
  

Prefiero tener paquetes viejos y probados. Trabajo con mi pc y la necesito
24/7

Muy linda la lista.

Lo comparto con ustedes porque se que me entiende mejor que nadie

¿Alguien que haya estado con Arch Linux y Debian testing podría
explicar ventajas e incovenientes que le ve a estas dos distribuciones?

Saludos,


Yo he probado ambos. Aunque soy un usuario común y corriente.
Con respecto a debian el fuerte que tiene es la seguridad que vas a 
prender la computadora y todo va a funcionar. Nunca vas a perder un día 
de trabajo.
Con Debian testing tuve problemas con virtualbox que no saca versión 
para versión testing y nunca puede hacerlo funcionar aunque hay algunas 
alternativas.
También me parece que la idea es buscar opciones simples para usar, 
actualizar y modificar linux para que cualquier pueda usarlo. No podemos 
estar haciendo un sinfin de clicks para instalar un programa. Es mi opinión.

Con Arch tuve dos problemas en 1 semana, después de usarlo bastante tiempo.
1) Actualicé un paquete de AUR y la netbook no arrancó nunca mas
2) En mi pc de escritorio (la que uso habitualmente) tengo problemas con 
el escritorio plasma. Siempre hay alguna cosita que no funciona.

Bueno amigo, espero haber respondido lo que me preguntas
Saludos
--

Marcelo E. Giordano
/Contador Público/
*(2634) **4***417505**

Pedro Molina 574· San Martín - Mendoza
_c ontadorgiordano.com.ar_

Xfce4: screen visible upon resume before xscreensaver locks it

[Celejar]

Hello,

I'm running Xfce4 on a recent install of Sid. I have configured Xfce4
to "Lock screen before sleep" (in Session and Startup / General), but
when I use xscreensaver, when resuming from suspend the screen is often
visible for a brief period before xscreensaver kicks in. I have not
seen this problem when using light-locker. I also tried briefly with
xfce4-screensaver and did not see the problem, but I have not done
extensive testing with xfce4-screensaver.

This is obviously a serious problem: I see that this has been a
commonly reported Xfce issue, with various distros / screensavers, etc.,
over the years, e.g.:

https://bugs.mageia.org/show_bug.cgi?id=28286
https://bugzilla.xfce.org/show_bug.cgi?id=14782
https://bugzilla.xfce.org/show_bug.cgi?id=15929
https://askubuntu.com/questions/1383379/xubuntu-desktop-visible-after-suspend-before-lock-screen

but I can't make out whether I have misconfigured something here, or
whether this is a serious security bug in the current Xfce4 -
xscreensaver integration.

Celejar

Re: Definitive instructions for Buster LTS security updates

[Tixy]

On Tue, 2022-02-22 at 06:00 -0700, Keith Christian wrote:
> On Mon, Feb 21, 2022 at 7:33 AM Tixy  wrote:
> > I assume because Buster isn't in Long Term Support yet, it's still in
> > normal support by the security team. From the schedule on the wiki,
> > it's due to go into LTS this July.
> 
> Thanks Tixy,
> 
> I remembered that I made a copy of the original sources.list file on
> the day of install.
> Here it is, I wonder why the security line failed to verify (Line 11) ?
> The entire sources.list appears below.
> 
> # Line commented out by installer because it failed to verify:
> #deb http://security.debian.org/debian-security buster/updates main
> 
> It seems this line should be uncommented?
> 
> #deb http://security.debian.org/debian-security buster/updates main

I just tried that URL and did an 'apt update' and it seemed to work,
there were no errors and seemed to be download a new package list.
Interesting that the one I had doesn't have the 'debian-security' bit.

Also, the online examples of sources.list for Buster have the URL
'http://deb.debian.org/debian-security', I beleive that uses the CDN.

So, for me, all three of these seem work...

deb http://security.debian.org/ buster/updates main
deb http://security.debian.org/debian-security buster/updates main
deb http://deb.debian.org/debian-security buster/updates main

-- 
Tixy 

Re: Definitive instructions for Buster LTS security updates

[Greg Wooledge]

On Tue, Feb 22, 2022 at 06:00:53AM -0700, Keith Christian wrote:
> On Mon, Feb 21, 2022 at 7:33 AM Tixy  wrote:
> > I assume because Buster isn't in Long Term Support yet, it's still in
> > normal support by the security team. From the schedule on the wiki,
> > it's due to go into LTS this July.
> 
> Thanks Tixy,
> 
> I remembered that I made a copy of the original sources.list file on
> the day of install.
> Here it is, I wonder why the security line failed to verify (Line 11) ?
> The entire sources.list appears below.
> 
> # Line commented out by installer because it failed to verify:
> #deb http://security.debian.org/debian-security buster/updates main

Only someone who was present for the installation would know for sure,
but at the time, the installer was unable to contact that web site.
Could have been due to missing network interface firmware, or a transient
DNS problem, or ... who knows?

> It seems this line should be uncommented?
> 
> #deb http://security.debian.org/debian-security buster/updates main

Yes.

> 
> =LISTING START
> $ cat /etc/apt/sources.list.orig
> #
> 
> # deb cdrom:[Official Debian GNU/Linux Live 10.0.0 kde
> 2019-07-06T10:52]/ buster main
> 
> #deb cdrom:[Official Debian GNU/Linux Live 10.0.0 kde
> 2019-07-06T10:52]/ buster main
> 
> deb http://deb.debian.org/debian/ buster main
> deb-src http://deb.debian.org/debian/ buster main

But that one worked?  Interesting.  That points more toward an issue
with DNS or with the (small) set of security.debian.org servers, rather
than something like missing firmware which would have affected all
network activity during the installation.

Re: Definitive instructions for Buster LTS security updates

[Keith Christian]

On Mon, Feb 21, 2022 at 7:33 AM Tixy  wrote:
> I assume because Buster isn't in Long Term Support yet, it's still in
> normal support by the security team. From the schedule on the wiki,
> it's due to go into LTS this July.

Thanks Tixy,

I remembered that I made a copy of the original sources.list file on
the day of install.
Here it is, I wonder why the security line failed to verify (Line 11) ?
The entire sources.list appears below.

# Line commented out by installer because it failed to verify:
#deb http://security.debian.org/debian-security buster/updates main

It seems this line should be uncommented?

#deb http://security.debian.org/debian-security buster/updates main

=LISTING START
$ cat /etc/apt/sources.list.orig
#

# deb cdrom:[Official Debian GNU/Linux Live 10.0.0 kde
2019-07-06T10:52]/ buster main

#deb cdrom:[Official Debian GNU/Linux Live 10.0.0 kde
2019-07-06T10:52]/ buster main

deb http://deb.debian.org/debian/ buster main
deb-src http://deb.debian.org/debian/ buster main

# Line commented out by installer because it failed to verify:
#deb http://security.debian.org/debian-security buster/updates main
# Line commented out by installer because it failed to verify:
#deb-src http://security.debian.org/debian-security buster/updates main

# buster-updates, previously known as 'volatile'
# Line commented out by installer because it failed to verify:
#deb http://deb.debian.org/debian/ buster-updates main
# Line commented out by installer because it failed to verify:
#deb-src http://deb.debian.org/debian/ buster-updates main

# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.
=LISTING END

Keith

Re: [HS] Possible attaque SSH

[Dethegeek]

Bonjour

De mon expérience avec fail2banet ssh, dans une situation similaire (NAT
derrière une box) les IP des attaquants sont celles venant de l'extérieur.
Donc si dans les logs les ip appartiennent au réseau local, c'est que
l'attaquant s'y trouve, ou bien utilise une machine locale pour effectuer
ses attaques.

Idem que précédemment, fail2ban enregistre de nombreuses attaques par heure
en permanence.

Le mar. 22 févr. 2022 à 12:29, Belaïd  a écrit :

> Bonjour,
>
> C'est possible que ça vienne de l'extérieur (a l'époque ca pouvait être
> une attaque par IP spoofing/paquet martien). Mais ça ne ce fait plus trop
> de nos jours , les routeurs/firewall savent gérer cela
>
> Le mar. 22 févr. 2022 à 11:50, Sil  a écrit :
>
>> Le 22/02/2022 à 09:27, Sil a écrit :
>> > /var/log/auth.log.2.gz:Feb 7 09:34:58 monserveur sshd[]:
>> > Disconnected from invalid user Admin 192.168.X.X port  [preauth]
>>
>> Mais est-ce que l'IP du fichier log peut provenir de l’extérieur ? Ou
>> est-ce impossible ?
>>
>> Est-il possible de différencier les connexions nattées de la box et
>> celles du réseau local ?
>>
>> Merci
>>
>> Sil
>>
>>

Re: [HS] Possible attaque SSH

[Belaïd]

Bonjour,

C'est possible que ça vienne de l'extérieur (a l'époque ca pouvait être une
attaque par IP spoofing/paquet martien). Mais ça ne ce fait plus trop de
nos jours , les routeurs/firewall savent gérer cela

Le mar. 22 févr. 2022 à 11:50, Sil  a écrit :

> Le 22/02/2022 à 09:27, Sil a écrit :
> > /var/log/auth.log.2.gz:Feb 7 09:34:58 monserveur sshd[]:
> > Disconnected from invalid user Admin 192.168.X.X port  [preauth]
>
> Mais est-ce que l'IP du fichier log peut provenir de l’extérieur ? Ou
> est-ce impossible ?
>
> Est-il possible de différencier les connexions nattées de la box et
> celles du réseau local ?
>
> Merci
>
> Sil
>
>

Re: [HS] Possible attaque SSH

[ajh-valmer]

On Tuesday 22 February 2022 09:27:46 Sil wrote:
> Bonjour la liste,
> Pourriez-vous m'enlever un doute... sur un réseau local derrière une 
> box, j'ai des postes w$ DHCP et un serveur Debian stable à jour. Ce 
> serveur est accessible via SSH sur le réseau local via le port classique 
> et depuis l’extérieur sur un autre port via le NAT de la box. Seule 
> l’authentification par clé est autorisée.
> J'ai un utilisateur qui s'est plaint d'avoir été banni par Fail2ban. 
> Après quelques recherches dans les logs, j'ai trouvé plusieurs 
> tentatives de connexions SSH via des adresses locales.
> Un exemple de log :
> /var/log/auth.log.2.gz:Feb  7 09:34:58 monserveur sshd[]: 
> Disconnected from invalid user Admin 192.168.X.X port  [preauth]
> Est-il possible que l'attaque vienne quand même de l’extérieur ? Ou 
> faut-il suspecter les postes w$ ?

Hello,

J'ai un serveur, il ne faut pas trop s'inquiéter du fichier "/var/log/auth.log",
ce sont des milliers de tentatives de connexion / jour, sans résultats,
(souvent par une méthode automatique) si le serveur possède
les outils classiques de protection, failban, firewall, connexions que par
clés SSH (publique et privée)...

A. Valmer

Re: 73-usb-net-by-mac.rules is no longer used in Bullseye for USB ethernet devices?

[Reco]

Hi.

On Sun, Feb 20, 2022 at 05:30:10PM -0600, Flacusbigotis wrote:
> On Thu, Feb 17, 2022 at 1:06 AM Reco  wrote:
> > On Thu, Feb 17, 2022 at 12:32:48AM -0600, Flacusbigotis wrote:
> > > Thanks Reco & Greg.  I did see the
> > > /lib/systemd/network/73-usb-net-by-mac.link file. Thanks for that.
> > >
> > > I don't know exactly what is happening, but the MAC address of the device
> > > keeps changing  after an ifdown/ifup cycle post boot.
> >
> > You should've said that first.
> >
> 
> I only found that out later after the 1st post :-)

:)


> > If the MAC address of the NIC is not persistent, that means udev will
> > provide you with different interface name each time you boot.
> > That means that you've hit yet another case of unpredictability of so
> > called Predictable Network Interface Names.
> >
> I did not have this problem in Debian 10.  I do not know if the card's
> driver has changed between the two versions of Debian, so I am going to
> boot into a Debian 10 live image and see if it displays the same behavior.

It's possible, of course. What's also possible is card's EEPROM may have
gone haywire. I had a similar problem back in the day with rtl8139 NIC,
IIRC. One day the thing simply started to assign itself a random MAC
(but worked in every other regard), and since the thing was a part of
the motherboard - I had to try almost every workaround in the existence.


> If the drivers are the same then the issue was probably introduced by the
> changes made to start using ".link" vs .rules" files.

".link" and ".rules" are merely means to configure udev, they mean
nothing to the kernel. By default udev should not randomize NIC's MAC.


> > > I also tried adding a udev file (/etc/udev/rules.d/99_fix_usb.rules) with
> > > the following content to try to force the addr_assign_type to 0, but this
> > > did nothing:
> > >
> > > SUBSYSTEMS=="usb", SUBSYSTEM=="net", ATTR{addr_assign_type}="0"
> >
> > Try this:
> >
> > 1) Create a file called /etc/systemd/network/00-usb.link with the following
> > contents:
> >
> > [Match]
> > Driver=ax88179_178a
> >
> > [Link]
> > MACAddressPolicy=none
> > NamePolicy=kernel
> >
> > You may have to create an appropriate directory, and the file name has
> > to start with double zeroes.
> >
> > 2) Invoke (really needed):
> >
> > update-initramfs -k all -u
> >
> > 3) Reboot.
> >
> > 4) Watch your network interface is called usb0 from now then.
> >
> > Thanks!

You're welcome.


> > Now, this approach has its caveats, so:
> >
> > 1) If you ever plug-in two USB devices that both served with
> > "ax88179_178a" - you won't be able to distinguish between them. They
> > will be called usb0, usb1, etc without any meaningful order.
> >
> > Ugghhh.. I am not entirely comfortable with that.
> 
> 
> > 2) If they decide to rename "ax88179_178a" in the kernel - this link
> > file will cease to work for obvious reasons.
> >
> >  Also not comfortable with this.
> 
> I'll first check if I can replicate the behavior in Buster.

IIRC in Buster .link files are ignored if 73-usb-net-by-mac.rules apply
to the NIC. But you can cheat it by creating an empty file called:
/etc/udev/rules.d/73-usb-net-by-mac.rules

Reco

Re: [HS] Possible attaque SSH

[Sil]

Le 22/02/2022 à 09:27, Sil a écrit :
/var/log/auth.log.2.gz:Feb 7 09:34:58 monserveur sshd[]: 
Disconnected from invalid user Admin 192.168.X.X port  [preauth]


Mais est-ce que l'IP du fichier log peut provenir de l’extérieur ? Ou 
est-ce impossible ?


Est-il possible de différencier les connexions nattées de la box et 
celles du réseau local ?


Merci

Sil

Re: Gracias a todos

[Debian]

El 21/2/22 a las 18:19, NAIRO TORRES escribió:
Gracias a todos por sus valiosos aportes , los tendre en cuenta en este 
camino ke apenas empiezo


atte


nairo



"ke"

¡¡¡Agggh!!

Re: [HS] Possible attaque SSH

[BERTRAND Joël]

Sil a écrit :
> Bonjour la liste,
> 
> Pourriez-vous m'enlever un doute... sur un réseau local derrière une
> box, j'ai des postes w$ DHCP et un serveur Debian stable à jour. Ce
> serveur est accessible via SSH sur le réseau local via le port classique
> et depuis l’extérieur sur un autre port via le NAT de la box. Seule
> l’authentification par clé est autorisée.
> 
> J'ai un utilisateur qui s'est plaint d'avoir été banni par Fail2ban.
> Après quelques recherches dans les logs, j'ai trouvé plusieurs
> tentatives de connexions SSH via des adresses locales.
> 
> Un exemple de log :
> 
> /var/log/auth.log.2.gz:Feb  7 09:34:58 monserveur sshd[]:
> Disconnected from invalid user Admin 192.168.X.X port  [preauth]
> 
> Est-il possible que l'attaque vienne quand même de l’extérieur ? Ou
> faut-il suspecter les postes w$ ?
> 
> Par avance merci
Bonjour,

Par expérience, suspecter les postes Windows. Il y a quinze ans, j'ai
râlé avec un client qui laissait ses utilisateurs sur MSN (fallait bien
qu'ils s'occupent !) et les machines Windows ont servi de relais à des
attaques de l'extérieur malgré un firewall entrant (on m'avait interdit
le firewall sortant). Un lundi matin, je me suis fait enguirlander parce
que le serveur principal avait été attaqué (mais sans accès root,
c'était une machine sparc64).

Cordialement,

JKB

Re: Trying to deug initramfs boot delay

[Andrew M.A. Cater]

On Tue, Feb 22, 2022 at 12:50:13AM +0100, Michael Lange wrote:
> Hi,
> 
> I installed bullseye (32-bit) onto a Lenovo IdeaPad 100S laptop. The
> system generalliy runs fine, however there is a minor nuisance with a
> delay of about 40 sec. at the begining of the boot process at the 
> "Loading initial ramdisk..." stage.
> 

I have one of these: I found that the multi-arch .iso worked better.
The UEFI in these is 32 bti, the processor is 64 bit - that might 
have something to do with it, particularly if there's some alignment 
issue.

Mine doesn't stop for many seconds - but that's only one datum point.

I think Charles Curley is also installing on one, too.

I used the unofficial .iso including non-free firmware.

> available hard drive partitions, which somehow at some point seems to
> fail.
> I don't really know what the function that is responsible here tries to
> do, but it looks like a lot of lines to me for the three partitions on the
> laptop's drive (output of lsblk:
> 
> NAME MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
> mmcblk2  179:00 29,1G  0 disk 
> ├─mmcblk2p1  179:10  100M  0 part /boot/efi
> ├─mmcblk2p2  179:20  3,4G  0 part [SWAP]
> └─mmcblk2p3  179:30 22,9G  0 part /
> mmcblk2boot0 179:256  04M  1 disk 
> mmcblk2boot1 179:512  04M  1 disk 
> 
> cont. of /etc/fstab:
> 
> # / was on /dev/mmcblk1p3 during installation
> UUID=ba9bd08f-5a25-4e42-95a4-ce0fa41be38d /   ext4
> errors=remount-ro 0   1
> # /boot/efi was on /dev/mmcblk1p1 during installation
> UUID=78BA-12AF  /boot/efi   vfatumask=0077  0   1
> # swap was on /dev/mmcblk1p2 during installation
> UUID=e1016bf0-5a98-4269-9e94-01ec54f1d541 noneswap
> sw  0   0
> 
> )
> 
> Does anyone have a clue if either of these two things might be the
> problem here, or -if not- what else I could try to identify the problem's
> source?
> 
> Thanks in advance, and have a nice day,
> 
> Michael
>

With every good wish, as ever,

Andrew Cater 
> .-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.
> 
> It is a human characteristic to love little animals, especially if
> they're attractive in some way.
>   -- McCoy, "The Trouble with Tribbles", stardate 4525.6
> 

[HS] Possible attaque SSH

[Sil]

Bonjour la liste,

Pourriez-vous m'enlever un doute... sur un réseau local derrière une 
box, j'ai des postes w$ DHCP et un serveur Debian stable à jour. Ce 
serveur est accessible via SSH sur le réseau local via le port classique 
et depuis l’extérieur sur un autre port via le NAT de la box. Seule 
l’authentification par clé est autorisée.


J'ai un utilisateur qui s'est plaint d'avoir été banni par Fail2ban. 
Après quelques recherches dans les logs, j'ai trouvé plusieurs 
tentatives de connexions SSH via des adresses locales.


Un exemple de log :

/var/log/auth.log.2.gz:Feb  7 09:34:58 monserveur sshd[]: 
Disconnected from invalid user Admin 192.168.X.X port  [preauth]


Est-il possible que l'attaque vienne quand même de l’extérieur ? Ou 
faut-il suspecter les postes w$ ?


Par avance merci

Sil