Re: Dangerous installation of bullseye: What shall i do next?
Hey, excellent! much to my liking, you are coming up with most of the things, i already do. But never stop improving on them ... Yes, i use VCS, in my case git. Yes, i use SSD, in my case nvme, yes, i use SSH (even from a vm to the host), in order to create a simulation of it for experimentation. (undocumented, but very handy). BTW: That is one of the reasons to upgrade, bcoz virtualbox is no longer maintained proper on buster. Of course, i use snapshots and zfs-auto-snapshot and many services on top of it. I even do keep images of the OS in the pool for reference, history or for having the option to rollback to it. Ok, the thing with the UIDs is going to be useful, as i maintain those manually uptil now. The only step, i am refusing to take is the replacing of SSD's (I couldnt do that on my own and would require assistance always.) Thus i prefer to multi-boot, which is fine, as long, as you know, what you are doing and keep most of its config static, which i do. Also, i did avoid SMR since years, and i have no need for samba at all. Everything is local (or local to a vm). I was using a fast SSD for ZFS, but theat one got consumed due to all the IO from the cache device. Now, i opted for large enough RAM, which gives even better performance. As you can see, we are almost on the same page, and i might add: i am enjoying that a lot! Am 27.03.2022 um 04:01 schrieb David Christensen: > > I suggest that you get an entry-level server. Install a small SSD. Do > a fresh install of your server OS of choice. Use the recommended > filesystem -- e.g. ext4 on Debian. Do not create an unprivileged user > account during installation; or create a generic account if required > (e.g. "debian"). Enable SSH service. Add site users and groups with > planned UID's and GID's. > > > Get an external HDD and take a raw binary image of the OS drive. Create > a checksum file for the image file. Repeat periodically and as needed. > > > Install two large HDD's (avoid SMR). Create a ZFS mirror. Install > zfs-auto-snapshot and create cron job. Consider enabling default > compression (lz4). Avoid deduplication. Consider adding a fast SSD as > a cache device. > > > Choose a networked version control system (I use CVS). Create a ZFS > filesystem for the repository. Enable service and connect to > repository. Install client. Check in your modified OS configuration > files and any working files you maintain. > > > Create a ZFS filesystem for Samba data. Enable Samba service and share > filesystem. Avoid NFS. Collect and organize all of your data. > > > Get two or more large external HDD's and implement backups in rotation. > > > Archive important images and/or backups periodically and as needed. > > > Finally, remove the OS drive in your existing computer. Install a blank > SSD. Do a fresh install of your desktop OS of choice. If you want more > than one OS, repeat with another blank SSD; e.g. avoid multi-boot. > Install SSH client. Install version control system client. Create > users, groups, UID's, and GID's to match server. Mount the Samba data > share in a local directory. Add computer to image, backup, and archive > procedures. > > > David
Re: Dangerous installation of bullseye: What shall i do next?
Hi songbird, Am 27.03.2022 um 03:46 schrieb songbird: > also have both grub and refind > installed. Excellent to know! I was certain, that refind was the debian way to multi-booting on UEFI and not broken in any way. Thanks for confirming that. And when it comes to your suggestions, appreciated, as they come, they look rather like manual intevention, what could/should be solved with a config file and a command. See: > https://askubuntu.com/questions/348463/refind-configuration-change-boot-order-and-default-boot > https://manpages.ubuntu.com/manpages/bionic/man8/refind-mkdefault.8.html just my 2 cents DdB
Re: Under each of these scenarios, what is the neatest and simplest way to manipulate the /etc/network/interfaces file?
Hello, On Sat, Mar 26, 2022 at 08:48:35AM -0400, Greg Wooledge wrote: > Maybe I should remove the trinity-3c-app-mailcom block, since it > no longer seems to be doing anything helpful...? Looking at my mailbox I've got hundreds of hits matching that, from many differently apparently-real people all over the world. I suspect it's just the signature of a particular email app. Cheers, Andy
Dangerous installation of bullseye: What shall i do next?
Hello Felix, thank you for your roadmap layout for solving my problem in a smart way. Am 27.03.2022 um 00:15 schrieb Felix Miata: > I find online upgrades to be easier than all the reconfiguration necessary to > reach my happy state starting from a virgin installation. Yep, i remember the shift from Wheezy to Stretch, i used that method, but never got rid of the feeling, that i might still carry some old misconfig due to not starting fresh. Later, when i went from Stretch to Buster, i used the other mothod, but that turned out to be some other sort of problem, because the filesysem in my (ZFS-) pools did carry UIDs and GID's from the older system, and those failed to match the newer ones... What a mess! ... And there are still residues from it. So i was hoping, that a new, fresh install would at least be consistent to itself, and that i would have to correct the file attributes only once before i would definitely mount the ZFS filesystems. And anyhow, many things, i was doing uptil now, are not going to be prolonged into the future. Several software solutions will have to be replaced by current ones working differently. (Just to give you an example: Currently, i am writing from thunderbird 52.9.1 + enigmail, which will not work in bullseye. But Thunderbird (current) has an unsafe cryptography, which forces me to look for alternatives. This problem alone could turn out to have major implications!) That is why a simple full-upgrade is not going to satisfy my needs anyhow. Maybe, i am going to take both approaches and have 2 resulting root partitions on top of the buster one for the time being, until i feel ready to decide? Once again: I feel honored by your kind explanations, which invite me to think ahead... Very much appreciated! Thank you, DdB PS: Sorry: i messed up recipient and list address, causing unnecessary duplication. :-(
Re: Dangerous installation of bullseye: What shall i do next?
On 3/26/22 15:16, Datakanja de Bruyn wrote: Just a bit of context: I am old + handicapped + pretty much isolated, thus certainly not an expert. But i am happily using debian stable (oldstable by now) since several years. But since more and more software got outdated, i was interested to move to bullseye. In order to have 2 bootable instances (oldstable + stable), i installed and tested refind, in ordeer to have some safety during the migration period. I did test the whole setup, which went well. Then installed bullseye (11.2), but after that, apparently nothing did work any longer. It took me several days to find out, what destroyed my configuration: 1. bullseye installer had installed grub2 over refind, thereby killing my setup made for safety purpose. 2. Also, when i tried to boot into the oldstable by hand, it failed to come up due to some error in fstab, bcoz the installer, while reformatting the free partition, assigned a new partuuid to it, which no longer corresponded to the entry in fstab. 3. Furthermore, it installed a grub2 version, that is buggy and which cannot boot the bootentries, i was used to resort to in case of trouble (a.k.a. booting straight from an ISO image as an emergency system. The version installed was known to fail to boot on my kind of hardwae since several years, and i assumed (my mistake), that a stable debian would have been fixing the issue by now. (I refer to the links at the bottom). Ok. After days in panic, i was able to straigthen out my old system and get it to boot again. But since then, i am totally undecided (and a bit overwhelmed) with the options, i have to decide about now. What shall i focus on next? 1. Try the whole process once again and manually downgrade grub2 in order to have the ISO-boot at hand? (What risk would that involve?) 2. Report a bug (but honestly, i am not skilled enough to even determine the package(s) causing the mess i encountered. I suspect at least one of grub2 packages to be involved, but also the installer itself does a pretty careless job IMHO. (I learned to create proper assertion checks before shooting a working configuration to death.) 3. Continue to work with oldstable, which increasingly causes problems due to the outdated software involved. That is, what i am using right now. Or is there a better option? - Like maybe someone willing to assist in the process or at least guiding me some steps further? But i am scared to show the details of what i am doing, as i am a ZFS user since many years, which is pretty much non-standard! The bug, i mentioned seems to be related to grub2 2.04 and UEFI booting, which is necessary on my machine: https://superuser.com/questions/755641/grub2-boot-error-out-of-memory https://bugzilla.redhat.com/show_bug.cgi?id=1838633 https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1851311 https://ubuntuforums.org/showthread.php?t=2430437 Any hint will be greatly appreciated. DdB I suggest that you get an entry-level server. Install a small SSD. Do a fresh install of your server OS of choice. Use the recommended filesystem -- e.g. ext4 on Debian. Do not create an unprivileged user account during installation; or create a generic account if required (e.g. "debian"). Enable SSH service. Add site users and groups with planned UID's and GID's. Get an external HDD and take a raw binary image of the OS drive. Create a checksum file for the image file. Repeat periodically and as needed. Install two large HDD's (avoid SMR). Create a ZFS mirror. Install zfs-auto-snapshot and create cron job. Consider enabling default compression (lz4). Avoid deduplication. Consider adding a fast SSD as a cache device. Choose a networked version control system (I use CVS). Create a ZFS filesystem for the repository. Enable service and connect to repository. Install client. Check in your modified OS configuration files and any working files you maintain. Create a ZFS filesystem for Samba data. Enable Samba service and share filesystem. Avoid NFS. Collect and organize all of your data. Get two or more large external HDD's and implement backups in rotation. Archive important images and/or backups periodically and as needed. Finally, remove the OS drive in your existing computer. Install a blank SSD. Do a fresh install of your desktop OS of choice. If you want more than one OS, repeat with another blank SSD; e.g. avoid multi-boot. Install SSH client. Install version control system client. Create users, groups, UID's, and GID's to match server. Mount the Samba data share in a local directory. Add computer to image, backup, and archive procedures. David p.s. I prefer FreeBSD for my SOHO servers, in part because of available documentation: https://www.pearson.com/us/higher-education/program/Mc-Kusick-Design-and-Implementation-of-the-Free-BSD-Operating-System-The-2nd-Edition/PGM224032.html https://mwl.io/nonfiction/os
Re: Dangerous installation of bullseye: What shall i do next?
Datakanja de Bruyn wrote:
...
> 1. bullseye installer had installed grub2 over refind, thereby killing
> my setup made for safety purpose.
some of this may not fit your system, but it may help get
you further in the ballpark. :)
here are my notes and suggestions from previous events:
if grub gets reinstalled it can remove or mess up the boot menu so the
following command will recreate the entry if it has been deleted:
# efibootmgr -c -L Debian_Refind -l "\EFI\BOOT\BOOTX64.EFI"
this shows the current setup:
# efibootmgr
BootCurrent: 0001
Timeout: 1 seconds
BootOrder: 0001,,0006,0007,0005
Boot* Debian_Refind
Boot0001* debian
Boot0005* ASUSDVD-E818AAT a
Boot0006* Samsung SSD 850 EVO 500GB
Boot0007* Samsung SSD 860 EVO 2TB
this sets the boot order:
# efibootmgr -o 0,1,5,6,7
BootCurrent: 0001
Timeout: 1 seconds
BootOrder: ,0001,0005,0006,0007
Boot* Debian_Refind
Boot0001* debian
Boot0005* ASUSDVD-E818AAT a
Boot0006* Samsung SSD 850 EVO 500GB
Boot0007* Samsung SSD 860 EVO 2TB
If reinstalling grub gets rid of your 40_custom menu entry this will work:
you may need to change where the root is in the script below
using the file /etc/grub.d/40_custom replace it with:
=
#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
#
menuentry "Refind Menu" {
insmod part_gpt
insmod fat
insmod chain
root=hd0,1
chainloader /EFI/BOOT/BOOTX64.EFI
}
=
> 2. Also, when i tried to boot into the oldstable by hand, it failed to
> come up due to some error in fstab, bcoz the installer, while
> reformatting the free partition, assigned a new partuuid to it, which no
> longer corresponded to the entry in fstab.
yes. it may also set up a new swap partition.
> 3. Furthermore, it installed a grub2 version, that is buggy and which
> cannot boot the bootentries, i was used to resort to in case of trouble
> (a.k.a. booting straight from an ISO image as an emergency system. The
> version installed was known to fail to boot on my kind of hardwae since
> several years, and i assumed (my mistake), that a stable debian would
> have been fixing the issue by now. (I refer to the links at the bottom).
>
> Ok. After days in panic, i was able to straigthen out my old system and
> get it to boot again. But since then, i am totally undecided (and a bit
> overwhelmed) with the options, i have to decide about now. What shall i
> focus on next?
see if you can fix the UEFI setup and add the other thing
above to give you a way to get back to refind even if grub
gets installed by accident again. i've had to use the above
efibootmgr a few times.
> 1. Try the whole process once again and manually downgrade grub2 in
> order to have the ISO-boot at hand? (What risk would that involve?)
> 2. Report a bug (but honestly, i am not skilled enough to even determine
> the package(s) causing the mess i encountered. I suspect at least one of
> grub2 packages to be involved, but also the installer itself does a
> pretty careless job IMHO. (I learned to create proper assertion checks
> before shooting a working configuration to death.)
> 3. Continue to work with oldstable, which increasingly causes problems
> due to the outdated software involved. That is, what i am using right now=
>=2E
>
> Or is there a better option? - Like maybe someone willing to assist in
> the process or at least guiding me some steps further?
> But i am scared to show the details of what i am doing, as i am a ZFS
> user since many years, which is pretty much non-standard!
>
> The bug, i mentioned seems to be related to grub2 2.04 and UEFI booting,
> which is necessary on my machine:
> https://superuser.com/questions/755641/grub2-boot-error-out-of-memory
> https://bugzilla.redhat.com/show_bug.cgi?id=3D1838633
> https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1851311
> https://ubuntuforums.org/showthread.php?t=3D2430437
>
> Any hint will be greatly appreciated.
> DdB
hopefully what i've provided above will help. i don't use
ZFS myself. i try to keep thing simple. but i do dual boot
stable and testing/unstable and also have both grub and refind
installed.
songbird
Re: Dangerous installation of bullseye: What shall i do next?
Andrew M.A. Cater wrote: ... > What _exactly_ did you do? Refind is not guaranteed to work. once it is installed it shouldn't be clobbered by grub upgrades either, but oh well stuff happens. see my other note... > Did you have two partitions on the disk / two separate disks to do the install > on? > > Did you use a graphical installer / text mode installer? > Did you use expert mode - which would ask you more detailed questions. >> Then installed >> bullseye (11.2), but after that, apparently nothing did work any longer. >> It took me several days to find out, what destroyed my configuration: >> >> 1. bullseye installer had installed grub2 over refind, thereby killing >> my setup made for safety purpose. > > This would be standard, yes. Refind is not guaranteed to work and is thereby > NOT recommended. it works just fine for me as long as something else doesn't break it... songbird
Re: Dangerous installation of bullseye: What shall i do next?
Thank you Andrew, answering to your questions first: >>(...) Am 26.03.2022 um 23:45 schrieb Andrew M.A. Cater: > What _exactly_ did you do? Refind is not guaranteed to work. apt install refind refind-mkdefault > > Did you have two partitions on the disk / two separate disks to do the install > on? sgdisk -p /dev/nvme0n1 Disk /dev/nvme0n1: 976773168 sectors, 465.8 GiB Model: Samsung SSD 970 EVO Plus 500GB Sector size (logical/physical): 512/512 bytes Disk identifier (GUID): 9C76AED7-574B-48B6-9309-62D74E5303CB Partition table holds up to 128 entries Main partition table begins at sector 2 and ends at sector 33 First usable sector is 34, last usable sector is 976773134 Partitions will be aligned on 16-sector boundaries Total free space is 14 sectors (7.0 KiB) Number Start (sector)End (sector) Size Code Name 1 48 1048623 512.0 MiB EF00 EFISYS 2 104862442991663 20.0 GiB8300 buster-main <-- 34299166484934703 20.0 GiB8300 SOS <-- 48493470487031855 1024.0 MiB BF01 bpool 587031856 683171839 284.3 GiB BF01 rpool 6 683171840 976773134 140.0 GiB 8200 swap For testing purpose, i used SOS to install to > > Did you use a graphical installer / text mode installer? > Did you use expert mode - which would ask you more detailed questions. > Yes, i used the graphical installer, becoz in the past, i was rarely able to answer skillfully to expertmode questions. Took me 3 years to learn installing, using virtualisation, before i did dare bare-metal. :( Nonetheless, yours is a valuabe hint, an i will give it another go as soon as time permits it. >>(...) > I've just spent an evening testing media: grub2 works well. UEFI would > install grub-efi which also works. Grub-efi with secure boot also works > for both Buster and Bullseye. Almost cannot believe this. On buster i have: dpkg -l grub* | grep ^ii ii grub-common 2.02+dfsg1-20+deb10u4 amd64GRand Unified Bootloader (common files) ii grub-efi-amd642.02+dfsg1-20+deb10u4 amd64GRand Unified Bootloader, version 2 (EFI-AMD64 version) ii grub-efi-amd64-bin2.02+dfsg1-20+deb10u4 amd64GRand Unified Bootloader, version 2 (EFI-AMD64 modules) ii grub-efi-amd64-signed 1+2.02+dfsg1+20+deb10u4 amd64GRand Unified Bootloader, version 2 (amd64 UEFI signed by Debian) ii grub2-common 2.02+dfsg1-20+deb10u4 amd64GRand Unified Bootloader (common files for version 2) And in fact, i can boot to ISO files, if needed. But with grub 2.04, that did no longer work, just as in the reported links. Will have to investigate this some more, but i am afraid to lose my working machine one more time. (Fix was to chroot into the old partition and reinstall grub from there.) > >> Ok. After days in panic, i was able to straigthen out my old system and >> get it to boot again. But since then, i am totally undecided (and a bit >> overwhelmed) with the options, i have to decide about now. What shall i >> focus on next? >> > I would suggest a clean install of Bullseye in expert mode - once you've > backed up any configuration files that are vital to you. I would also > suggest that you check that the machine's firmware is set to boot UEFI > only. The latter, i can confirm immediately. Also /sys/firmware/efi is a directory, which should indicate, that i booted in UEFI mode right now. Of course i had a backup, but without an elaborate setup, i would not have been able to access my backup server running ZFS either. BTW: The ISO i am using for emergency has ZFS incorporated, which enables direct access to all of my storage pools. > >> 1. Try the whole process once again and manually downgrade grub2 in >> order to have the ISO-boot at hand? (What risk would that involve?) > The rescue mode put in by Bullseye and Buster is, effectively, the same > as an ISO boot in functionality ... but without zfs. :( > >> 2. Report a bug (but honestly, i am not skilled enough to even determine >> the package(s) causing the mess i encountered. I suspect at least one of >> grub2 packages to be involved, but also the installer itself does a >> pretty careless job IMHO. (I learned to create proper assertion checks >> before shooting a working configuration to death.) > Check to see which grub package is installed: for UEFI, it should be > grub-efi see above > >> 3. Continue to work with oldstable, which increasingly causes problems >> due to the outdated software involved. That is, what i am using right now. >> > I'd suggest that you do not do this: I'd suggest an upgrade in place - but > that might cause you as many problems. > >> Or is there a better option? - Like maybe someone willing to assist in >> the process or at least guiding me some steps further? >> But i am scared to show the details of what i am doing, as i am a ZFS >> user since many years, which is pretty
Re: Under each of these scenarios, what is the neatest and simplest way to manipulate the /etc/network/interfaces file?
On Sat, 26 Mar 2022 at 23:48, Greg Wooledge wrote: > On Fri, Mar 25, 2022 at 11:43:36PM -0500, David Wright wrote: > > On Fri 25 Mar 2022 at 07:31:14 (+0100), Stella Ashburne wrote: > If "Stella" is > a real person who has been blocked as collateral damage, well, that's > unfortunate. You can judge for yourself. https://lists.debian.org/cgi-bin/search?P=Stella+Ashburne=and=Gdebian-user No resemblance to your troll that I can see.
Re: Dangerous installation of bullseye: What shall i do next?
Datakanja de Bruyn composed on 2022-03-26 23:16 (UTC+0100): > Any hint will be greatly appreciated. If you've recovered your original (Buster?) oldstable to good working/booting order, you may install Bullseye without a bootloader, thus not disrupting Buster booting, and use Buster or rEFInd to boot Bullseye. If in the process of installing Bullseye, you elect not to mount a swap partition that already exists, you will avoid the installer's insistence on formatting swap, which assigns it a new UUID, which breaks fstab on any existing installation that uses that swap partition, as well as bootloader configs that include the UUID of the swap for resume=. I find online upgrades to be easier than all the reconfiguration necessary to reach my happy state starting from a virgin installation. You could clone your Buster to another filesystem(s), correct the duplicate UUIDs and volume labels, adjust fstab to the new location(s), get booting sorted out, then full-upgrade either the original or the clone to Bullseye. If your PC is new enough to include UEFI, consider switching to it. It makes multiboot less problematic, with reduced possibility for a new installation to damage or inhibit booting an existing installation. -- Evolution as taught in public schools is, like religion, based on faith, not based on science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata
Re: Dangerous installation of bullseye: What shall i do next?
On Sat, Mar 26, 2022 at 11:16:37PM +0100, Datakanja de Bruyn wrote: Hi Datakanja > Just a bit of context: > I am old + handicapped + pretty much isolated, thus certainly not an expert. > But i am happily using debian stable (oldstable by now) since several > years. But since more and more software got outdated, i was interested > to move to bullseye. Today, more or less, there is a point release of both Debian 11 Bullseye and Debian 10 (Buster). Buster will have one more point release, somewhere around 14th August 2022 at the point when it moves to LTS. > In order to have 2 bootable instances (oldstable + stable), i installed > and tested refind, in ordeer to have some safety during the migration > period. I did test the whole setup, which went well. What _exactly_ did you do? Refind is not guaranteed to work. Did you have two partitions on the disk / two separate disks to do the install on? Did you use a graphical installer / text mode installer? Did you use expert mode - which would ask you more detailed questions. > Then installed > bullseye (11.2), but after that, apparently nothing did work any longer. > It took me several days to find out, what destroyed my configuration: > > 1. bullseye installer had installed grub2 over refind, thereby killing > my setup made for safety purpose. This would be standard, yes. Refind is not guaranteed to work and is thereby NOT recommended. > 2. Also, when i tried to boot into the oldstable by hand, it failed to > come up due to some error in fstab, bcoz the installer, while > reformatting the free partition, assigned a new partuuid to it, which no > longer corresponded to the entry in fstab. Also standard: there is no substitute for backups. > 3. Furthermore, it installed a grub2 version, that is buggy and which > cannot boot the bootentries, i was used to resort to in case of trouble > (a.k.a. booting straight from an ISO image as an emergency system. The > version installed was known to fail to boot on my kind of hardwae since > several years, and i assumed (my mistake), that a stable debian would > have been fixing the issue by now. (I refer to the links at the bottom). > I've just spent an evening testing media: grub2 works well. UEFI would install grub-efi which also works. Grub-efi with secure boot also works for both Buster and Bullseye. > Ok. After days in panic, i was able to straigthen out my old system and > get it to boot again. But since then, i am totally undecided (and a bit > overwhelmed) with the options, i have to decide about now. What shall i > focus on next? > I would suggest a clean install of Bullseye in expert mode - once you've backed up any configuration files that are vital to you. I would also suggest that you check that the machine's firmware is set to boot UEFI only. > 1. Try the whole process once again and manually downgrade grub2 in > order to have the ISO-boot at hand? (What risk would that involve?) The rescue mode put in by Bullseye and Buster is, effectively, the same as an ISO boot in functionality > 2. Report a bug (but honestly, i am not skilled enough to even determine > the package(s) causing the mess i encountered. I suspect at least one of > grub2 packages to be involved, but also the installer itself does a > pretty careless job IMHO. (I learned to create proper assertion checks > before shooting a working configuration to death.) Check to see which grub package is installed: for UEFI, it should be grub-efi > 3. Continue to work with oldstable, which increasingly causes problems > due to the outdated software involved. That is, what i am using right now. > I'd suggest that you do not do this: I'd suggest an upgrade in place - but that might cause you as many problems. > Or is there a better option? - Like maybe someone willing to assist in > the process or at least guiding me some steps further? > But i am scared to show the details of what i am doing, as i am a ZFS > user since many years, which is pretty much non-standard! > You are (slightly) on your own there - I certainly can't help you but there may be others on the list who can. Hints on the hardware configuration would also be very much appreciated. > The bug, i mentioned seems to be related to grub2 2.04 and UEFI booting, > which is necessary on my machine: > https://superuser.com/questions/755641/grub2-boot-error-out-of-memory > https://bugzilla.redhat.com/show_bug.cgi?id=1838633 > https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1851311 > https://ubuntuforums.org/showthread.php?t=2430437 > > Any hint will be greatly appreciated. > DdB > With every good wish, as ever, Andy Cater [Part of the Debian media team producing CD/DVD/Blu-Ray images - which is why I know that the installer generally works well in both BIOS and UEFI mode - we've been testing for about 12 hours straight now] > -- > > Liebe ist ... > Datakanja > >
Dangerous installation of bullseye: What shall i do next?
Just a bit of context: I am old + handicapped + pretty much isolated, thus certainly not an expert. But i am happily using debian stable (oldstable by now) since several years. But since more and more software got outdated, i was interested to move to bullseye. In order to have 2 bootable instances (oldstable + stable), i installed and tested refind, in ordeer to have some safety during the migration period. I did test the whole setup, which went well. Then installed bullseye (11.2), but after that, apparently nothing did work any longer. It took me several days to find out, what destroyed my configuration: 1. bullseye installer had installed grub2 over refind, thereby killing my setup made for safety purpose. 2. Also, when i tried to boot into the oldstable by hand, it failed to come up due to some error in fstab, bcoz the installer, while reformatting the free partition, assigned a new partuuid to it, which no longer corresponded to the entry in fstab. 3. Furthermore, it installed a grub2 version, that is buggy and which cannot boot the bootentries, i was used to resort to in case of trouble (a.k.a. booting straight from an ISO image as an emergency system. The version installed was known to fail to boot on my kind of hardwae since several years, and i assumed (my mistake), that a stable debian would have been fixing the issue by now. (I refer to the links at the bottom). Ok. After days in panic, i was able to straigthen out my old system and get it to boot again. But since then, i am totally undecided (and a bit overwhelmed) with the options, i have to decide about now. What shall i focus on next? 1. Try the whole process once again and manually downgrade grub2 in order to have the ISO-boot at hand? (What risk would that involve?) 2. Report a bug (but honestly, i am not skilled enough to even determine the package(s) causing the mess i encountered. I suspect at least one of grub2 packages to be involved, but also the installer itself does a pretty careless job IMHO. (I learned to create proper assertion checks before shooting a working configuration to death.) 3. Continue to work with oldstable, which increasingly causes problems due to the outdated software involved. That is, what i am using right now. Or is there a better option? - Like maybe someone willing to assist in the process or at least guiding me some steps further? But i am scared to show the details of what i am doing, as i am a ZFS user since many years, which is pretty much non-standard! The bug, i mentioned seems to be related to grub2 2.04 and UEFI booting, which is necessary on my machine: https://superuser.com/questions/755641/grub2-boot-error-out-of-memory https://bugzilla.redhat.com/show_bug.cgi?id=1838633 https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1851311 https://ubuntuforums.org/showthread.php?t=2430437 Any hint will be greatly appreciated. DdB -- Liebe ist ... Datakanja signature.asc Description: OpenPGP digital signature
Re: Torrents for 10.12
On Sat, 26 Mar 2022 14:00:14 -0500 Intense Red wrote: Hello Intense, > I think you mean 11.3. Yves means 10.12. Just because you have no interest in it -- Regards _ / ) "The blindingly obvious is never immediately apparent" / _)rad "Is it only me that has a working delete key?" Going round on the Circle Line trying to find a way out Titanic (My Over) Reaction - 999 pgpGigbFaFPzh.pgp Description: OpenPGP digital signature
Re: Torrents for 10.12
On Sat, Mar 26, 2022 at 02:00:14PM -0500, Intense Red wrote: > > Are there torrents for Debian 10.12 which was just announced? > >I think you mean 11.3. > >Either way, it usually takes a few hours or the next day before torrents > are created and the web pages are updated. > > https://www.debian.org/CD/torrent-cd/ > > -- > Fast fact: 90% of the American media is controlled by only 5 companies: > Comcast(NBC Universal), TimeWarner, NewsCorp, Disney, and National > Amusement(Viacom/CBS). > > > It is anticipated that we may finish both sets of media today UTC / early tomorrow at which point there will be torrents for both. It's unusual in that we've got two point releases today: one for Debian 11 and one as a wrap up release for Debian 10. Debian 10 will almost certainly also get a further point release sometime around 2022-07-14 (on the anniversary of the release of Debian 11) which is when it will move to LTS. Hope this helps, Andy Cater
Re: Torrents for 10.12
> Are there torrents for Debian 10.12 which was just announced? I think you mean 11.3. Either way, it usually takes a few hours or the next day before torrents are created and the web pages are updated. https://www.debian.org/CD/torrent-cd/ -- Fast fact: 90% of the American media is controlled by only 5 companies: Comcast(NBC Universal), TimeWarner, NewsCorp, Disney, and National Amusement(Viacom/CBS).
Re: Torrents for 10.12
On Sat, Mar 26, 2022 at 02:29:00PM -0400, Yves Bellefeuille wrote: > Are there torrents for Debian 10.12 which was just announced? I can't > find any. > > -- > Yves Bellefeuille > > > Hi Yves Please wait - we're in the middle of testing images for Debian 11 at the moment and images for Debian 10 are still being generated. Once both are tested, they will be published by the Debian media team - and at that point, I expect that someone will torrent them. As ever, if you already have Debian media for a previous release - say Debian 10.11 - you can use these and your machine will be updated as you install. Hope this helps, Andy Cater Hi Yves, Attendez un petit peu, s'il vous plait. Les images sont en train d'etre generees Amities Andy
Torrents for 10.12
Are there torrents for Debian 10.12 which was just announced? I can't find any. -- Yves Bellefeuille
Torrents for 10.12
Are there torrents for Debian 10.12 which was just announced? I can't find any. -- Yves Bellefeuille
Bind9, /etc/network/interfaces och resolv.conf?
Hoppas någon kan ge mej ett råd. Har i många kört en lokal dns-server som forwarder och som root för min egen högst privata och lokala domän. Vid en av de senaste apt-uppgraderingarna slutade dns-server att fungera fullt ut. I probklemlösandet stöter jag på denna fråga: Ska den serverns egen lokala dns-serveradress konfigureras i /etc/network/interfaces (dns-server 127.0.0.1) eller i /etc/resolv.conf? Enligt apt list är inte resolvconf installerad. Servern kör Debian 11. Tack på förhand. -- //Jens == Jens Andersson ja...@barbanet.com VHF: SC8895 MMSI:265586130 PGP finger print: BD36 399B 2594 74DA EFAB B72C B655 55D1
Re: Fwd: How to Diagnose Mysterious System Freeze?
On 26/03/2022 03:22, Phil V wrote: Please help! About once a week my up-to-date Debian system freezes completely. What GPU and driver? Please show inxi -G -- With kindest regards, Piotr. ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/ ⠈⠳⣄
Re: Fwd: How to Diagnose Mysterious System Freeze?
Phil V wrote: >> If you are unable to determine which package your bug report should be filed >> against, please send e-mail to the Debian user mailing list asking for >> advice. > > Please help! > About once a week my up-to-date Debian system freezes completely. > Graphical interface is unchanged. > System does not respond to ssh. > Mouse remains lit but does not move cursor. > Keyboard LEDs for NumLock and Caps Lock remain on or off and cannot be > changed. > Keyboard keypresses seems to have no effect. > Not possible to change to virtual consoles with Ctrl-Alt-F1 .. F6. > SysReq is no use because even when system is working, it does not seem > to have an effect in GUI, only in virtual consoles. > Once-per-second "free -m" output shows about 16GB free RAM. (Virtual > memory generally unused.) > Eventually I force power down system, after about a half hour or more > of waiting. > kdump was installed, but created no dump. > > OS: Debian 11.2 KDE system > Hardware: Dell Optiplex 7070 Micro Form Factor > > Questions: > 1. How do I file a bug report? > 2. What can I do to diagnose this, this time or next? > 3. Which logs should I inspect? > > Xorg has periodically messages like this. They seem to happen > frequently and not only before a freeze, but perhaps they are a hint? > [396395.522] (EE) event4 - PixArt Dell MS116 USB Optical Mouse: > client bug: event processing lagging behind by 16ms, your system is > too slow > [396914.093] (EE) event8 - Chicony USB Keyboard: client bug: event > processing lagging behind by 18ms, your system is too slow > [398959.514] (EE) event8 - Chicony USB Keyboard: client bug: event > processing lagging behind by 11ms, your system is too slow > [399013.586] (EE) event5 - CASUE USB KB: client bug: event processing > lagging behind by 16ms, your system is too slow > [399561.782] (EE) event5 - CASUE USB KB: client bug: event processing > lagging behind by 35ms, your system is too slow i run MATE desktop on bookworm/sid (but it is mostly testing packages with just a few more recent things that i follow). pretty much the same trouble i had for a while and no further information have i been able to gather. https://lists.debian.org/debian-user/2022/03/msg00233.html i made sure i was using the most recent firmware packages i could find plus i've had quite a few package updates come through and have also been running the most recent kernel i could get ahold of - so far no lock ups since then, but i could not tell you which of my actions helped or if i'll get a lock up again. songbird
Re: debug systemd restart networking problem
On 3/26/2022 2:15 PM, Jeremy Ardley wrote:
I have been doing various changes to my network but have now got to the
stage where I have errors running
systemd restart networking
systemctl status networking
● networking.service - Raise network interfaces
Loaded: loaded (/lib/systemd/system/networking.service; enabled;
vendor preset: enabled)
Drop-In: /etc/systemd/system/networking.service.d
└─override.conf
Active: failed (Result: exit-code) since Sat 2022-03-26 20:50:03
AWST; 13min ago
Docs: man:interfaces(5)
Main PID: 1935 (code=exited, status=1/FAILURE)
CPU: 326m
cat /etc/network/interfaces
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
iface eth0 inet6 dhcp
request_prefix 1
accept_ra 2
auto lan0
iface lan0 inet static
address 10.31.40.1/24
iface lan0 inet static
address 10.31.40.5/24
iface lan0 inet6 static
address ::1/64
iface lan0 inet6 static
address ::5/64
I check the interfaces using ip a I see all the ipv4 interfaces as
configured in /etc/network/interfaces but none of the ipv6 ones. I do
have ipv6 though as lan0 has has an fe80 address
I have tried a lot of things to debug this but no luck. e.g.
systemctl edit networking.service command
[Service]
# remove existing ExecStart rule
ExecStart=
# start ifup with verbose option
ExecStart=/sbin/ifup -av
Does it change anything if you reboot ('systemctl reboot')?
What are you seeing in the logs?
--
John Doe
Re: inkomende mail met poort 25 geblokkeerd
Hoi, Op 26-03-2022 om 15:14 schreef Martijn van de Streek: Persoonlijk zou ik hiervoor een (virtueel) servertje huren voor een paar euro per maand. Dan kun je een tunnel (bijv. WireGuard) opzetten tussen je mailhost thuis en die VPS, wat port forwards instellen en zo voor een "vast IP" voor je mailserver zorgen. Ja, ook over zitten denken. Dat kan natuurlijk altijd. En bij een ISP switch zal ik dit zeker meenemen. Ik zit op zichzelf nu wel heel goed: hoge snelheid en weinig kosten. Probeer toch nog even om via t-mobile een werkende oplossing te krijgen. En dan het liefst op een andere manier dan dynu.com, hoewel die goed werkt, maar waar je voor elk domain apart moet betalen. Dank voor alle reacties, ook offlist. De gouden vonst zit er echter nog niet tussen. Keep 'm coming. :-) Fijn weekend allen! MJ
Re: inkomende mail met poort 25 geblokkeerd
mj schreef op za 26-03-2022 om 09:57 [+0100]: > Ik ben vast niet de enige hier die zoiets probeert te doen, met een > ISP > die poort 25 blokkeert. > > Zijn er mensen hier met tips of suggesties? Ik kan natuurlijk altijd > ergens een cloud server nemen en daar zelf de 'herbezorging-naar- > huis' > regelen, of de hele mailserver in de cloud neer zetten. > > Maar ik wil proberen het thuis te doen, en dus zoek ik een oplossing > voor het poort-25 probleem. Persoonlijk zou ik hiervoor een (virtueel) servertje huren voor een paar euro per maand. Dan kun je een tunnel (bijv. WireGuard) opzetten tussen je mailhost thuis en die VPS, wat port forwards instellen en zo voor een "vast IP" voor je mailserver zorgen. En dan als je de volgende keer van internetprovider wisselt, er een kiezen die je een vast IP geeft en poort 25 niet blokkeert :) -Martijn
Re: Thunderbird security
> Security is always a tradeoff with usability; ... +; Sincerely, Linux fan Byung-Hee -- ^고맙습니다 _和合團結_ 감사합니다_^))//
debug systemd restart networking problem
I have been doing various changes to my network but have now got to the stage where I have errors running systemd restart networking systemctl status networking ● networking.service - Raise network interfaces Loaded: loaded (/lib/systemd/system/networking.service; enabled; vendor preset: enabled) Drop-In: /etc/systemd/system/networking.service.d └─override.conf Active: failed (Result: exit-code) since Sat 2022-03-26 20:50:03 AWST; 13min ago Docs: man:interfaces(5) Main PID: 1935 (code=exited, status=1/FAILURE) CPU: 326m cat /etc/network/interfaces source /etc/network/interfaces.d/* auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp iface eth0 inet6 dhcp request_prefix 1 accept_ra 2 auto lan0 iface lan0 inet static address 10.31.40.1/24 iface lan0 inet static address 10.31.40.5/24 iface lan0 inet6 static address ::1/64 iface lan0 inet6 static address ::5/64 I check the interfaces using ip a I see all the ipv4 interfaces as configured in /etc/network/interfaces but none of the ipv6 ones. I do have ipv6 though as lan0 has has an fe80 address I have tried a lot of things to debug this but no luck. e.g. systemctl edit networking.service command [Service] # remove existing ExecStart rule ExecStart= # start ifup with verbose option ExecStart=/sbin/ifup -av Any assistance in resolving this problem appreciated. -- Jeremy OpenPGP_signature Description: OpenPGP digital signature
Re: inkomende mail met poort 25 geblokkeerd
Hoi! Op 26-03-2022 om 11:40 schreef Diederik de Haas: Heb je al aan t-mobile gevraagd of ze het voor jou willen de-blokkeren? Ik kan me voorstellen dat ze het *by default* blokkeren omdat de meeste van hun klanten waarschijnlijk te weinig kennis hebben om hun systemen zo in te richten en bij te houden dat hun systemen NIET gebruikt worden door kwaadwilligen en enorme hoeveelheden spam versturen ... met als gevolg dat (alle) t-mobile hosts op een blacklist terecht komen, inclusief t-mobile zelf. Nee niet gevraagd nee... ik lees op hun fora dat er meer mensen over klagen, dus ik denk dat ze dat niet doen. Ik krijg ook geen statisch ip van ze. Dat wisselt. Denk dus eigenlijk niet dat ze dat gaan doen, maar kan het eens proberen. Zelfs al zou het alleen zijn alleen om een signaal af te geven. Overigens, https://www.dynu.com/ doet ook wat ik zoek, ZONDER het To: adres te herschrijven. Ik heb dus een oplossing, voor jaarlijks 10 dollar per domain. Andere oplossingen ben ik nog steeds in geinteresseerd, dus als iemand input/suggesties heeft? MJ
Re: Under each of these scenarios, what is the neatest and simplest way to manipulate the /etc/network/interfaces file?
On Fri, Mar 25, 2022 at 11:43:36PM -0500, David Wright wrote: > In passing, I'm mystified by your quoting mechanism thinking > it appropriate to display my time header in Chinese time: > $ TZ='Asia/Shanghai' date --date='Thu, 24 Mar 2022 21:09:41 -0500' > Fri Mar 25 10:09:41 CST 2022 > $ > > On Fri 25 Mar 2022 at 07:31:14 (+0100), Stella Ashburne wrote: > > > Sent: Friday, March 25, 2022 at 10:09 AM > > From: "David Wright" Some MUAs show the message's Date in the reader's local time zone, or at least what it *thinks* the reader's local time zone is. I don't know why you'd be shocked by that. They're using an MUA which makes up its own pseudo-headers like "Sent:". I'm not sure whether it's web-based or not. The only other thing I know about that MUA is that the most evil person I've ever encountered on the Internet used it to create literally dozens of fake personas in order to troll the bash mailing lists. Therefore, it's in my killfile. I'm not seeing any messages from "Stella" except when they're quoted. If "Stella" is one of the fake personas created by that person, then it's working as intended. If "Stella" is a real person who has been blocked as collateral damage, well, that's unfortunate. But email is never going to be perfect. This is the regex I added to my killfile: ^Message-ID:
Re: Thunderbird security
On 26.03.2022 13:50, André Rodier wrote: Hi all, I would like to collect, from this thread, your experience and opinion about Mozilla Thunderbird, in term of security. I am registered on The Debian security list, and I see a lot of CVE coming, some of them with a high score, mentioning execution of arbitrary code or information disclosure. Most of them seems pretty severe to me, and I am now running Thunderbird in firejail. However, I wonder if such vulnerability would allow a remote attacker to send an email, and get, for instance, the credentials stored in Thunderbird, with or without master password. This seem habitual to me, compared to other mail clients in Debian, like evolution / claws, etc... In term of security, Which email clients, or which practices, you would recommend to me ? Thanks for your understanding and advice, but please, I don't want to start a troll. I've used Thunderbird for many years on different platforms. It is my favorite mail client and I've never had any major or security problems with it. When it comes to security, it is a good thing to have a healthy dose of paranoia and monitor most recent known threats and vulnerabilities, however the actual exploitation of them is usually quite difficult if not impossible, especially if you keep your software up-to-date. When I search for CVEs for a current version of Thunderbird: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Thunderbird+91 I don't see any results that could affect 91 version. All of them are for older ( < 91 ) versions of Thunderbird. There is always a possibility of some 0-day vulnerability in any software, so if you being smart and exercise some precaution procedures you still could be fine. There are many ways, ex.: You can disable JavaScript in Thunderbird altogether using "about:config" page. Never open any URLs inside Thunderbird and copy-paste and edit them instead, because many of them crafted for purpose of tracking. Don't open any attachments right away, but save them to disk and inspect them instead, especially if they come from unknown sources. Also, any exploit that could be received by mail has to pass through many filters and AV scanners before it will be delivered, so it makes exploitation of known vulnerabilities even more difficult for the badguys. Protecting you credentials with Master Password is a good way to protect your data if credential db files were somehow stolen by data-miner class malware, completely unrelated to Thunderbird. Best antivirus is your head and healthy work habits. -- With kindest regards, Alexander. ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org ⠈⠳⣄
Re: Thunderbird security
On 2022-03-26 at 07:20, Dan Ritter wrote: > André Rodier wrote: > >> I would like to collect, from this thread, your experience and opinion about >> Mozilla Thunderbird, in term of security. > > Security is always a tradeoff with usability; Thunderbird is so > heavily skewed towards usability, it has a whole web browser in > it. And it's *still* better in that respect than, say, Outlook. Or essentially any modern Web-based E-mail interface. >> In term of security, Which email clients, or which practices, you would >> recommend to me ? > > The number one recommendation would be a mail client that cannot > execute JavaScript or show you pictures directly. Fixing that > solves many user security issues. To be fair, Thunderbird in "display messages as plain text" mode serves adequately well in that regard. (Though there are unfortunately-many messages where it won't display them in any usable form - but a lot of those seem to be more the fault of poor structuring of the mail on the part of the sender, and Outlook tends to handle such messages even worse.) -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw signature.asc Description: OpenPGP digital signature
Re: Thunderbird security
André Rodier wrote: > I would like to collect, from this thread, your experience and opinion about > Mozilla Thunderbird, in term of security. Security is always a tradeoff with usability; Thunderbird is so heavily skewed towards usability, it has a whole web browser in it. > In term of security, Which email clients, or which practices, you would > recommend to me ? The number one recommendation would be a mail client that cannot execute JavaScript or show you pictures directly. Fixing that solves many user security issues. -dsr-
Re: Thunderbird security
On 26/03/2022 05:50, André Rodier wrote: I would like to collect, from this thread, your experience and opinion about Mozilla Thunderbird, in term of security. I am registered on The Debian security list, and I see a lot of CVE coming, some of them with a high score, mentioning execution of arbitrary code or information disclosure. Most of them seems pretty severe to me, and I am now running Thunderbird in firejail. However, I wonder if such vulnerability would allow a remote attacker to send an email, and get, for instance, the credentials stored in Thunderbird, with or without master password. This seem habitual to me, compared to other mail clients in Debian, like evolution / claws, etc... In term of security, Which email clients, or which practices, you would recommend to me ? If you search the CVE numbers[0], you should be able to find information about the vulnerabilities[1], describing the conditions necessary for it to be exploited and the possible consequences. You can then judge if they might affect you (some vulnerabilities can only be exploited in particular circunstances, which might not apply to your case) and evaluate the risk. But, overall, the fact the vulnerabilities are being found and fixed is a good sign: it means that the code is being looked at and problems are being solved. The fact that the details have not been released yet suggests that those were found by someone well-intentioned, and not because they were being exploited in the wild, but on the other hand also suggests the risk is high enough that it's better to withhold that information until people have had a chance to upgrade to a fixed version. [0] The announcements on debian-security-announce could be improved by having a link to the CVE database. But for now, you'll have to search them manually. [1] Eventually... The last CVEs for Thunderbird are still in the "reserved" state. I believe this is meant to give some time for distributions to update the software before the details about how to exploit the vulnerability are disclosed. -- Insomnia isn't anything to lose sleep over. Eduardo M KALINOWSKI edua...@kalinowski.com.br
Re: inkomende mail met poort 25 geblokkeerd
On Saturday, 26 March 2022 09:57:11 CET mj wrote: > Ik wil graag thuis (via mn glasvezel) een mailserver draaien, echter > t-mobile blokkeert poort 25, zowel in als uit. Heb je al aan t-mobile gevraagd of ze het voor jou willen de-blokkeren? Ik kan me voorstellen dat ze het *by default* blokkeren omdat de meeste van hun klanten waarschijnlijk te weinig kennis hebben om hun systemen zo in te richten en bij te houden dat hun systemen NIET gebruikt worden door kwaadwilligen en enorme hoeveelheden spam versturen ... met als gevolg dat (alle) t-mobile hosts op een blacklist terecht komen, inclusief t-mobile zelf. signature.asc Description: This is a digitally signed message part.
Re: Under each of these scenarios, what is the neatest and simplest way to manipulate the /etc/network/interfaces file?
On 2022-03-26, David Wright wrote: >> >> When the /etc/network/interfaces file has the line >> >> source-directory /etc/network/interfaces.d/* > > An eccentric choice. But no elaboration, opinion, or reasoning. > >> Best wishes. > > To you too. Over and out. I think it was John Hasler who informed us one day that it was either one or the other and that in fact the terms are contradictory, Over denoting the transmitter is done speaking and is expecting a response and Out signifying one was terminating the exchange. So you mean out, I bet. :-) > Cheers, > David. > > --
inkomende mail met poort 25 geblokkeerd
Hoi! Niet debian specifiek, maar hopelijk toch relevant en wellicht interessant. Ik wil graag thuis (via mn glasvezel) een mailserver draaien, echter t-mobile blokkeert poort 25, zowel in als uit. Uit is geen probleem, want kan natuurlijk versturen via een smarthost. Ik zit een beetje met inkomende mail. Ik ken inmiddels forwardemail.net, waarmee je inkomende email kunt laten 'her-bezorgen' op een andere poort dan 25. Precies wat ik zoek dus. Alleen lijkt forwardemail ook het domain van het To: adres te herschrijven naar het fqdn van de mailserver. Ik ben bij hen een ticket hierover begonnen. Ik ben vast niet de enige hier die zoiets probeert te doen, met een ISP die poort 25 blokkeert. Zijn er mensen hier met tips of suggesties? Ik kan natuurlijk altijd ergens een cloud server nemen en daar zelf de 'herbezorging-naar-huis' regelen, of de hele mailserver in de cloud neer zetten. Maar ik wil proberen het thuis te doen, en dus zoek ik een oplossing voor het poort-25 probleem. Tips, ideeen? MJ
Thunderbird security
Hi all, I would like to collect, from this thread, your experience and opinion about Mozilla Thunderbird, in term of security. I am registered on The Debian security list, and I see a lot of CVE coming, some of them with a high score, mentioning execution of arbitrary code or information disclosure. Most of them seems pretty severe to me, and I am now running Thunderbird in firejail. However, I wonder if such vulnerability would allow a remote attacker to send an email, and get, for instance, the credentials stored in Thunderbird, with or without master password. This seem habitual to me, compared to other mail clients in Debian, like evolution / claws, etc... In term of security, Which email clients, or which practices, you would recommend to me ? Thanks for your understanding and advice, but please, I don't want to start a troll. -- 퓐퓡 - 퐴푛푑푟푒 푅표푑푖푒푟
Thunderbird security
Hi all, I would like to collect, from this thread, your experience and opinion about Mozilla Thunderbird, in term of security. I am registered on The Debian security list, and I see a lot of CVE coming, some of them with a high score, mentioning execution of arbitrary code or information disclosure. Most of them seems pretty severe to me, and I am now running Thunderbird in firejail. However, I wonder if such vulnerability would allow a remote attacker to send an email, and get, for instance, the credentials stored in Thunderbird, with or without master password. This seem habitual to me, compared to other mail clients in Debian, like evolution / claws, etc... In term of security, Which email clients, or which practices, you would recommend to me ? Thanks for your understanding and advice, but please, I don't want to start a troll. -- 퓐퓡 - 퐴푛푑푟푒 푅표푑푖푒푟
