Re: which X11 app can show wifi info

[David Wright]

On Wed 15 Jun 2022 at 03:30:53 (+0200), Vincent Lefevre wrote:
> On 2022-06-14 15:43:40 +0100, Brian wrote:
> > On Tue 14 Jun 2022 at 13:15:56 +0200, Vincent Lefevre wrote:
> > > No issues with iwlist and nmcli.
> > 
> > /usr/sbin/wpa_gui and /sbin/wpa_cli should both give sensible outputs
> > when run as root.
> 
> For security reasons, I don't want to run them as root.

Then don't run them? You can put  wpa_cli status  into sudoers
so that it will only run with that command.

> The iwlist and nmcli utilities don't need root to work correctly.

Run them then? I wasn't aware that iwlist would tell the OP
which AP is the connected one.

I presume nmcli is something to do with NetworkManager, which
I've never installed. But, as I wrote earlier, "I would have
thought that the program by which you connect would be able
to show you all the information it, by definition, knows about
the connection that it set up."

For most machines, I now use iwd, like Celejar.

Cheers,
David.

Re: Printing the old way

[David Wright]

On Tue 14 Jun 2022 at 23:25:32 (+0200), Thomas Schmitt wrote:
> Paul M. Foster wrote:
> > > Back in the dark days of early Linux, before CUPS, we printed with
> > > printers all the time. There was an infrastructure for doing this. Does
> > > anyone remember how that worked? As in, what packages were needed, etc.?
> 
> Greg Wooledge wrote:
> > lprng was the most common one, I think.  As the name implies, that one
> > is the "next generation" of lpr, the old BSD tool.
> 
> "printcap" is another term which pops up from my 1990s memories.
> There still exist lpr and lprng as Debian packages:
>   lpr: /usr/share/man/man5/printcap.5.gz
>   lprng: /usr/share/man/man5/printcap.5.gz

My notes from bo (1.3) mention a program called checkpc. You edited
the files /etc/lpd.{conf,perms} and /etc/printcap, and then ran
checkpc (as user) and checkpc -f (as root) to set it all up.

Cheers,
David.

Re: user perms

[David Wright]

On Tue 14 Jun 2022 at 18:20:15 (-0400), gene heskett wrote:
> On 6/14/22 13:25, David Wright wrote:
> > On Mon 13 Jun 2022 at 19:03:47 (-0400), gene heskett wrote:
> > > On 6/13/22 14:36, Greg Wooledge wrote:
> > > > On Mon, Jun 13, 2022 at 01:56:12PM -0400, gene heskett wrote:  >>
> > > > I appear as user 1000 seem to be stuck behind some sort of a >>
> > > permissions wall. > > SHOW. US.
> > > 
> > > I got tired of fighting with it Greg, so I did install #32 and installed
> > > gnome_desktop (that was new) and xfce4 during the install, and
> > > now things including the screen colors are back to normal,
> > > 
> > > I've installed the brother printers and scanner drivers and I can modify t
> > > them by the usual rules. I also set a root pw in addition to adding myself
> > > to /etc/group in the appropriate places. I created an /sshnet tree with 
> > > the
> > > other 5 machines here, did a root chown -R me:me on that path and just now
> > > mounted all of them as me, so I own the path to me on the other 5 
> > > machines.

> > "adding myself to /etc/group in the appropriate places" sounds just
> > like the sort of thing that might have caused /etc/passwd to become
> > screwed up in installation #31.
> > 
> > > And my working environment is getting close to completed, something
> > > that only been workable occasionally since that last Seagate 2T drive
> > > went tits down in the night last Dec 8th.
> > > 
> > > Kmail5 is buggier than road kill in June, but t-bird is more like
> > > August, so
> > > I'm looking for a mailer that actually works. tbirds sort filters
> > > don't, and
> > > they think everybody uses only html, so word wrap doesn't work So I'm
> > > doing this by hand..
> > > 
> > > So my only instant question is when will the developers understand that
> > > stuff that runs as a $USER, needs one of two changes, either a .conf file
> > > someplace readable by the $USER that tells things like t-bird, running as
> > > the user, can have write privs to /var/log, /or/ an entry in that *.conf 
> > > so
> > > logging can be done instead of just gobbling up the denial w/o bothering
> > > to tell the user it can't open the log. Its trivial to fix logrotate
> > > to service
> > > the logs in /home/$USER/logs where there's no perms problem because
> > > the $USER owns the whole path.

> > No idea what this is all about, sorry.
> > 
> > > Same perms story for heyu and nut,
> > > but some somebody, thinking security as opposed to usability, insists
> > > on building /dev/ttyUSB*, with 0600 perms. Neither nut, nor heyu can
> > > get past that to get their job done. And IF I reset those two devices
> > > to 0777,
> > > re reboot fixes that.
> > > 
> > > I must have asked 15 or 20 times in the last decade, how to fix this in
> > > permanently in /lib/udev, and have been ignored when I ask that for
> > > several years. Usability, letting a computer actually DO its job simply
> > > isn't on the menu. With a record like that, can you blame me for being
> > > frustrated? Frustrated by asking for advice so I do do it right, and being
> > > ignored.

> > The trouble with writing this is that people can look back.
> > 
> > There was a thread in May 2020 on this topic, where all your posts
> > have followups except for the two that sign out just like this one
> > does below; ie "Now I know how but my editing foo is burned out for
> > today", and "I'll see about it tomorrow, having used up my creative
> > juices on another project today".
> > 
> > In that thread, there is a working set of rules showing how udev
> > runs a script when a USB stick is inserted or removed, the scripts
> > themselves, and the data files that the scripts read¹. The scripts
> > have no problem performing mkdir and rmdir in the /media directory:
> > 
> > $ ls -ld /media
> > drwxr-xr-x 3 root root 4096 Jun 14 08:30 /media
> > $
> > 
> > > [...]
> > > 
> > > > You're a goddamned 20+ year Linux veteran.  You should be able to
> > > > handle something as ridiculously simple as this.

> > > I just did,

> > As usual, we don't know what you actually did to handle it.
> > 

> yes I did, but you snipped that part. How convenient...

Get a grip: your entire post was quoted in mine, apart from your signature.

> So I write it again:
> As soon as it rebooted from the install, and I had gained root,
> I nano'd /etc/group and added me to group lp, so I could configure
> my 2 printers.

I see; so messing about with /etc/group was "handling it". Well then,
I'll repeat myself too:

  > > "adding myself to /etc/group in the appropriate places" sounds just
  > > like the sort of thing that might have caused /etc/passwd to become
  > > screwed up in installation #31.

> The catted group listing today, from install #32, now has
> me all over that file 12 times where the previous 31 installs only had
> me in
> sudo.
> 
> Is that because I finally gave up and defined a root pw during the install?
> In that event IMNSHO the installer is broken in 2 ways. In ways 

Re: Nouveau GeForce 7025

[Gilberto F da Silva]

unsubscribe


-- 

Stela dato:2.459.745,621  Loka tempo:2022-06-14 23:53:47 Mardo openSUSE 
Tumbleweed
-==-
En la kapo (header) de la mesaĝo aperu via vera plena nomo.
   --Retiketo
Je Wed, Jun 01, 2022 at 10:19:23AM -0300, luigui skribis:
>Bom dia a todos.
>
>Sim confirmando a liberacao de drivers open source
>
>NVINVIDIA has decided to publish Linux GPU kernel modules as open-source
>software for the first time, starting with the R515 driver release. This source
>code is available on GitHub. The driver only supports NVIDIA Turing Chip GPUs
>and newer ones.DIA has decided to publish Linux GPU kernel modules as
>open-source software for the first time, starting with the R515 driver release.
>This source code is available on GitHub. The driver only supports NVIDIA Turing
>Chip GPUs and newer ones.
>
>On 01/06/2022 09:54, Diego Rabatone Oliveira wrote:
>
>"Ouvi dizer" que a nvidia liberou drivers open source recentemente... não
>vi detalhes, não testei  só compartilhando informação :)
>
>
>Diego Rabatone Oliveira
>diraol (arroba) diraol (ponto) eng (ponto) br
>Twitter: @diraol
>
>
>Em qua., 1 de jun. de 2022 às 09:48, Yuri Musachio > escreveu:
>
>Vitor, bom dia!
>
>Se não me engano há uma solução chamada "bumblebee", mas nunca usei e
>não sei se é melhor ou pior do que o nouveau.
>
>
>
>
>
>Best,
>On Jun 1 2022, at 9:21 am, Vitor Hugo  wrote:
>
>Bom dia,
>
>Estou tentando rodar o Debian em um computador com uma placa de
>vídeo
>integrada GeForce 7025, porem os drivers da Nouveau ficam meio
>estranhos, falhando, existe outra alternativa melhor, além dos
>drivers
>proprietários da Nvidia?
>
>Obrigado;
>

>null


signature.asc
Description: Digital signature

Re: Nouveau GeForce 7025

[Gilberto F da Silva]

unsubscribe


-- 

Stela dato:2.459.745,620  Loka tempo:2022-06-14 23:53:06 Mardo openSUSE 
Tumbleweed
-==-
La celo de citado estas provizi sufiĉe da kunteksto por komprenigi 
vian respondon: do forigu el la citajxo ĉion neutilan kaj lasu nur la 
frazojn al  kiuj vi volas reagi. Aperu unue la citajxo kaj poste la 
responda frazo. Forigu  el la citajxo ankaŭ la eventualajn 
subskribojn kaj la aŭtomate aldonitajn  varbajxojn.
   --Retiketo
Je Wed, Jun 01, 2022 at 09:54:10AM -0300, Diego Rabatone Oliveira skribis:
>"Ouvi dizer" que a nvidia liberou drivers open source recentemente... não vi
>detalhes, não testei  só compartilhando informação :)
>
>
>Diego Rabatone Oliveira
>diraol (arroba) diraol (ponto) eng (ponto) br
>Twitter: @diraol
>
>
>Em qua., 1 de jun. de 2022 às 09:48, Yuri Musachio 
>escreveu:
>
>Vitor, bom dia!
>
>Se não me engano há uma solução chamada "bumblebee", mas nunca usei e não
>sei se é melhor ou pior do que o nouveau.
>
>
>
>
>
>Best,
>On Jun 1 2022, at 9:21 am, Vitor Hugo  wrote:
>
>Bom dia,
>
>Estou tentando rodar o Debian em um computador com uma placa de vídeo
>integrada GeForce 7025, porem os drivers da Nouveau ficam meio
>estranhos, falhando, existe outra alternativa melhor, além dos drivers
>proprietários da Nvidia?
>
>Obrigado;
>
>Sent from Mailspring
>


signature.asc
Description: Digital signature

Re: Nouveau GeForce 7025

[Gilberto F da Silva]

unsubscribe


-- 

Stela dato:2.459.745,619  Loka tempo:2022-06-14 23:51:29 Mardo openSUSE 
Tumbleweed
-==-
Skribu klare, orde kaj afable. Prefere sendu plurajn etajn, unutemajn 
kaj unulingvajn mesaĝojn anstataŭ longajn mesaĝojn kun miksita enhavo.
   --Retiketo
Je Wed, Jun 01, 2022 at 09:54:10AM -0300, Diego Rabatone Oliveira skribis:
>"Ouvi dizer" que a nvidia liberou drivers open source recentemente... não vi
>detalhes, não testei  só compartilhando informação :)
>
>
>Diego Rabatone Oliveira
>diraol (arroba) diraol (ponto) eng (ponto) br
>Twitter: @diraol
>
>
>Em qua., 1 de jun. de 2022 às 09:48, Yuri Musachio 
>escreveu:
>
>Vitor, bom dia!
>
>Se não me engano há uma solução chamada "bumblebee", mas nunca usei e não
>sei se é melhor ou pior do que o nouveau.
>
>
>
>
>
>Best,
>On Jun 1 2022, at 9:21 am, Vitor Hugo  wrote:
>
>Bom dia,
>
>Estou tentando rodar o Debian em um computador com uma placa de vídeo
>integrada GeForce 7025, porem os drivers da Nouveau ficam meio
>estranhos, falhando, existe outra alternativa melhor, além dos drivers
>proprietários da Nvidia?
>
>Obrigado;
>
>Sent from Mailspring
>


signature.asc
Description: Digital signature

Re: OpenSSH: cause of random kex_exchange_identification errors?

[Vincent Lefevre]

On 2022-06-14 19:17:01 +0100, Tim Woodall wrote:
[MaxStartups limit]
> In the case where I hit it it was a cron job starting an ssh connection
> from multiple machines - 'out of hours' where 'convenience' was more
> valuable than 'performance'.

Note that I get the errors at random times of the day and night,
with periods where the error occurs quite often and other periods
where I cannot reproduce it.

> I don't have any more suggestions, sorry. Do you know how unset_nonblock
> can fail?

The source from misc.c is

int
unset_nonblock(int fd)
{
int val;

val = fcntl(fd, F_GETFL);
if (val < 0) {
error("fcntl(%d, F_GETFL): %s", fd, strerror(errno));
return (-1);
}
if (!(val & O_NONBLOCK)) {
debug3("fd %d is not O_NONBLOCK", fd);
return (0);
}
debug("fd %d clearing O_NONBLOCK", fd);
val &= ~O_NONBLOCK;
if (fcntl(fd, F_SETFL, val) == -1) {
debug("fcntl(%d, F_SETFL, ~O_NONBLOCK): %s",
fd, strerror(errno));
return (-1);
}
return (0);
}

Well, one should get at least a debug message. I had already told
that to the admins last week. But no such debug message appears,
even when the connection succeeds! I'll try to have more information
from the admins, in particular which debug lines they claim to see.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: which X11 app can show wifi info

[Vincent Lefevre]

On 2022-06-14 15:43:40 +0100, Brian wrote:
> On Tue 14 Jun 2022 at 13:15:56 +0200, Vincent Lefevre wrote:
> > No issues with iwlist and nmcli.
> 
> /usr/sbin/wpa_gui and /sbin/wpa_cli should both give sensible outputs
> when run as root.

For security reasons, I don't want to run them as root.
The iwlist and nmcli utilities don't need root to work correctly.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: user perms

[gene heskett]

On 6/14/22 13:25, David Wright wrote:

On Mon 13 Jun 2022 at 19:03:47 (-0400), gene heskett wrote:

On 6/13/22 14:36, Greg Wooledge wrote:

On Mon, Jun 13, 2022 at 01:56:12PM -0400, gene heskett wrote:  >>
I appear as user 1000 seem to be stuck behind some sort of a >>

permissions wall. > > SHOW. US.

I got tired of fighting with it Greg, so I did install #32 and installed
gnome_desktop (that was new) and xfce4 during the install, and
now things including the screen colors are back to normal,

I've installed the brother printers and scanner drivers and I can modify t
them by the usual rules. I also set a root pw in addition to adding myself
to /etc/group in the appropriate places. I created an /sshnet tree with the
other 5 machines here, did a root chown -R me:me on that path and just now
mounted all of them as me, so I own the path to me on the other 5 machines.

"adding myself to /etc/group in the appropriate places" sounds just
like the sort of thing that might have caused /etc/passwd to become
screwed up in installation #31.


And my working environment is getting close to completed, something
that only been workable occasionally since that last Seagate 2T drive
went tits down in the night last Dec 8th.

Kmail5 is buggier than road kill in June, but t-bird is more like
August, so
I'm looking for a mailer that actually works. tbirds sort filters
don't, and
they think everybody uses only html, so word wrap doesn't work So I'm
doing this by hand..

So my only instant question is when will the developers understand that
stuff that runs as a $USER, needs one of two changes, either a .conf file
someplace readable by the $USER that tells things like t-bird, running as
the user, can have write privs to /var/log, /or/ an entry in that *.conf so
logging can be done instead of just gobbling up the denial w/o bothering
to tell the user it can't open the log. Its trivial to fix logrotate
to service
the logs in /home/$USER/logs where there's no perms problem because
the $USER owns the whole path.

No idea what this is all about, sorry.


Same perms story for heyu and nut,
but some somebody, thinking security as opposed to usability, insists
on building /dev/ttyUSB*, with 0600 perms. Neither nut, nor heyu can
get past that to get their job done. And IF I reset those two devices
to 0777,
re reboot fixes that.

I must have asked 15 or 20 times in the last decade, how to fix this in
permanently in /lib/udev, and have been ignored when I ask that for
several years. Usability, letting a computer actually DO its job simply
isn't on the menu. With a record like that, can you blame me for being
frustrated? Frustrated by asking for advice so I do do it right, and being
ignored.

The trouble with writing this is that people can look back.

There was a thread in May 2020 on this topic, where all your posts
have followups except for the two that sign out just like this one
does below; ie "Now I know how but my editing foo is burned out for
today", and "I'll see about it tomorrow, having used up my creative
juices on another project today".

In that thread, there is a working set of rules showing how udev
runs a script when a USB stick is inserted or removed, the scripts
themselves, and the data files that the scripts read¹. The scripts
have no problem performing mkdir and rmdir in the /media directory:

$ ls -ld /media
drwxr-xr-x 3 root root 4096 Jun 14 08:30 /media
$


[...]


You're a goddamned 20+ year Linux veteran.  You should be able to
handle something as ridiculously simple as this.

I just did,

As usual, we don't know what you actually did to handle it.


yes I did, but you snipped that part. How convenient...
So I write it again:
As soon as it rebooted from the install, and I had gained root,
I nano'd /etc/group and added me to group lp, so I could configure
my 2 printers.

The catted group listing today, from install #32, now has
me all over that file 12 times where the previous 31 installs only had 
me in

sudo.

Is that because I finally gave up and defined a root pw during the install?
In that event IMNSHO the installer is broken in 2 ways. In ways not 
apparently
related to to the auto install of all the brltty and orca crap that 
drives a
sighted person into screaming fits. It stalls the machine while it 
trying to

speak every keypress, fails because it hasn't learned how to speak English
and can't be turned off w/o destroying the uptime.

I've met your blind person. He is running OpenSCAD, the gfx composer
from that synth. I'd have to assume it speaks a lot better german than
it does English. I have to admire his determination,
he has a quadruple share of it to run OpenSCAD blind.

If that's not changeable, then it should advertise the diff, but it does 
not.

but haven't changed the perms of /dev/ttyUSB* yet.

Of course, the idea was that /you/ don't have to do that: udev should
do it when you boot up the machine or plug in the items. That's what
makes it permanent. And by reading their distinctive serial 

Re: Printing the old way

[IL Ka]

Old printer connected via LPT port was accessed using /dev/lpt
Because several processes shouldn't print at the same time, there was a
spooler called lpd and the client tool called lpr.

https://www.linuxtopia.org/online_books/linux_system_administration/linux_printer_HOWTO/setup_002.html


On Tue, Jun 14, 2022 at 11:00 PM  wrote:

> Folks:
>
> Back in the dark days of early Linux, before CUPS, we printed with
> printers all the time. There was an infrastructure for doing this. Does
> anyone remember how that worked? As in, what packages were needed, etc.?
>
> Paul
>
> --
> Paul M. Foster
> Personal Blog: http://noferblatz.com
> Company Site: http://quillandmouse.com
> Software Projects: https://gitlab.com/paulmfoster
>
>

Re: Printing the old way

[Bijan Soleymani]

On 6/14/2022 4:59 PM, pa...@quillandmouse.com wrote:

Folks:

Back in the dark days of early Linux, before CUPS, we printed with
printers all the time. There was an infrastructure for doing this. Does
anyone remember how that worked? As in, what packages were needed, etc.?


If you want to do this for practical reasons and not for nostalgia's sake then 
you can make a RAW spool/queue printer in CUPS. And then use the command line 
cups command as lp/lpr.

As in the olden days you'll have to make sure what you're sending to the 
printer is in some format it understands.

Unless you have a really weird printer or printer setup cthough you're better 
off having cups to the conversion to printer format for you.

https://stackoverflow.com/questions/26329186/creating-a-raw-printer-queue-in-cups-host-and-adding-them-through-cups-client

https://www.cups.org/doc/options.html

Bijan

Re: Printing the old way

[Thomas Schmitt]

Hi,

Paul M. Foster wrote:
> > Back in the dark days of early Linux, before CUPS, we printed with
> > printers all the time. There was an infrastructure for doing this. Does
> > anyone remember how that worked? As in, what packages were needed, etc.?

Greg Wooledge wrote:
> lprng was the most common one, I think.  As the name implies, that one
> is the "next generation" of lpr, the old BSD tool.

"printcap" is another term which pops up from my 1990s memories.
There still exist lpr and lprng as Debian packages:
  lpr: /usr/share/man/man5/printcap.5.gz
  lprng: /usr/share/man/man5/printcap.5.gz


Have a nice day :)

Thomas

Re: Printing the old way

[Klaus Singvogel]

pa...@quillandmouse.com wrote:
> Back in the dark days of early Linux, before CUPS, we printed with
> printers all the time. There was an infrastructure for doing this. Does
> anyone remember how that worked? As in, what packages were needed, etc.?

LPRng was the most common printing spooler before CUPS.

Additional you needed printer specific drivers, if you don't have a
PostScript capable printer.

But I cant remember anymore how to setup these things - around 20 years
have passed.

I have doubts that programs like libreoffice, gimp, or PDF readers will
still work without CUPS. But don't know for sure.

Best regards,
Klaus.
-- 
Klaus Singvogel
GnuPG-Key-ID: 1024R/5068792D  1994-06-27

Re: Printing the old way

[Greg Wooledge]

On Tue, Jun 14, 2022 at 04:59:36PM -0400, pa...@quillandmouse.com wrote:
> Back in the dark days of early Linux, before CUPS, we printed with
> printers all the time. There was an infrastructure for doing this. Does
> anyone remember how that worked? As in, what packages were needed, etc.?

lprng was the most common one, I think.  As the name implies, that one
is the "next generation" of lpr, the old BSD tool.

Printing the old way

[paulf]

Folks:

Back in the dark days of early Linux, before CUPS, we printed with
printers all the time. There was an infrastructure for doing this. Does
anyone remember how that worked? As in, what packages were needed, etc.?

Paul

-- 
Paul M. Foster
Personal Blog: http://noferblatz.com
Company Site: http://quillandmouse.com
Software Projects: https://gitlab.com/paulmfoster

Re: user perms

[Joe]

On Mon, 13 Jun 2022 19:03:47 -0400
gene heskett  wrote:


> 
> Kmail5 is buggier than road kill in June, but t-bird is more like 
> August, so
> 
> I'm looking for a mailer that actually works. tbirds sort filters
> don't, and
> 
> they think everybody uses only html, so word wrap doesn't work So I'm
> 
> doing this by hand..

Have you tried Claws-mail? It used to be a bit buggy, but usable, but
I haven't had any trouble for quite a while (the remaining bugs are
well-hidden). I switched to it when I finally tired of waiting for TB
to wake up and do things, it was cheaper than buying a faster computer.
> 
> 
> So my only instant question is when will the developers understand
> that
> 
> stuff that runs as a $USER, needs one of two changes, either a .conf
> file
> 
> someplace readable by the $USER that tells things like t-bird,
> running as
> 
> the user, can have write privs to /var/log, /or/ an entry in that
> *.conf so
> 
I haven't installed MS Office for a while, but last time I did, it
required root privileges on the first run, as all previous versions
have done. A user file had to be created in a Windows system
directory. It was no good doing it as root, each *user* had to be given
admin privileges for that first run (of each Office component) and if
the IT admin isn't allowed to know the users' passwords (as he
shouldn't be) this required the presence of the user, at least to log
on. In an office where anyone may log on to any computer, that's a
monumental pain. When last I had to do that, there was no centralised
way to do it, even in a domain.

Beat that.

-- 
Joe

Re: Re: [OT] Error de autenticación en cuentas @gmail.com en Clientes de Correo que no son el de Gmail.

[Camaleón]

El 2022-06-14 a las 19:40 +0200, Ramses escribió:

> El 14 de junio de 2022 19:28:48 CEST, "Camaleón"  
> escribió:
> >El 2022-06-14 a las 13:56 -0300, Gonzalo Rivero escribió:
> >
> >> El mar, 14 jun 2022 a la(s) 13:47, Gonzalo Rivero (fishfromsa...@gmail.com)
> >> escribió:

(...)

> >> sabía que estaba en algún lugar: en la pantalla principa de gmail hay que
> >> ir hasta abajo a la derecha, donde pone "Última actividad de la cuenta:
> >> hace 1 minuto. Detalles" ese 'detalles' es un enlace, que por la hoja de
> >> estilo no es obvio hasta que uno pasa por allí con el mouse. Entonces se
> >> despliega algo como esto:

^

> >
> >Ahí sí veo las sesiones que usan una contraseña de aplicación. Indica 
> >el tipo de sesión (KMAP/POP3/Atom/esconocido), la IP y la fecha/hora del
> >acceso. Veo los accesos desde Mutt y también desde el complemento XFCE 
> >Mailwatch.
> >
> >Saludos,
> >
> 
> ¿En qué enlace aparece esa información?

En la que te dice Gonzalo más arriba ^^^

;-)

Saludos,

-- 
Camaleón 

Re: Comment activer la virtualisation imbriquée sur un hôte AMD

[steve]

Salut Olivier,

J'ai aucune idée pour répondre à ta question par contre j'aimerais bien
connaître, par pure curiosité, les use case pour un tel montage.

Merci et bonne soirée

steve

Re: OpenSSH: cause of random kex_exchange_identification errors?

[Tim Woodall]

On Tue, 14 Jun 2022, Vincent Lefevre wrote:


On 2022-06-07 17:19:12 +0100, Tim Woodall wrote:

On Tue, 7 Jun 2022, Vincent Lefevre wrote:

I eventually did a packet capture on the client side as I was able to
reproduce the problem. When it occurs, I get the following sequence:

Client ? Server: [SYN] Seq=0
Server ? Client: [SYN, ACK] Seq=0
Client ? Server: [ACK] Seq=1
Server ? Client: [FIN, ACK] Seq=1
Client ? Server: Client: Protocol (SSH-2.0-OpenSSH_9.0p1 Debian-1)
Server ? Client: [RST] Seq=2
Client ? Server: [FIN, ACK] Seq=33
Server ? Client: [RST] Seq=2

So the issue comes from the server, which sends [FIN, ACK] to terminate
the connection. In OpenSSH's sshd.c, this could be due to

   if (unset_nonblock(*newsock) == -1 ||
   drop_connection(*newsock, startups) ||
   pipe(startup_p) == -1) {
   close(*newsock);
   continue;
   }

At least 2 kinds of errors are not logged:

* In unset_nonblock(), a "fcntl(fd, F_SETFL, val) == -1" condition.

* the "pipe(startup_p) == -1" condition.

I'm not sure about drop_connection(), which is related to MaxStartups.



I've not seen the start of this thread but is this occasional or always?


Occasional. Someone else at my lab could reproduce the issue.
But the admins can't.


If occasional, how many concurrent connections do you have starting all
at once.


I'm not sure what you mean by "concurrent connections". The server
is a SSH gateway, so that many users connect to it. But for the
client host above (my personal machine at my lab), this was the
only connection from this machine; note I did this connection only
for testing, as there is no need to connect to this SSH gateway
from the lab.



It doesn't matter if they're from the same machine, the problem happens
if the target machine has too many connections that haven't finished
authenticating (but from what you say below I doubt this is the problem)


The default ssh config has a super-annoying default that
randomly kills sessions if too many are handshaking at once.

It's the MaxStartups setting you allude to. I've been bitten by this
where cron jobs all start at the same time and ssh to the same host.


MaxStartups was increased in February, after I initially reported
the problem.


So long as they've increased the first parameter then that should have
fixed it if it was the cause.


Since this is a Debian 10 machine with OpenSSH_7.9p1 Debian-10+deb10u2,
I should have quoted the code from this sshd.c version. Thus the
connection close issue should occur in

if (unset_nonblock(*newsock) == -1) {
close(*newsock);
continue;
}
if (drop_connection(startups) == 1) {
char *laddr = get_local_ipaddr(*newsock);
char *raddr = get_peer_ipaddr(*newsock);

verbose("drop connection #%d from [%s]:%d "
"on [%s]:%d past MaxStartups", startups,
raddr, get_peer_port(*newsock),
laddr, get_local_port(*newsock));
free(laddr);
free(raddr);
close(*newsock);
continue;
}
if (pipe(startup_p) == -1) {
close(*newsock);
continue;
}

Now, it appears that verbose() logs at SYSLOG_LEVEL_VERBOSE, and it
is just below the default SYSLOG_LEVEL_INFO, so that nothing would be
logged by default concerning MaxStartups, if I understand correctly.

But the admins changed the log level to some debug one a few days ago,
and debug messages effectively appear, but nothing concerning my case
(I had sent the exact time of the failures to the admins).

BTW, the issue also occurs at night, while there should be very few
connections at handshaking status.



In the case where I hit it it was a cron job starting an ssh connection
from multiple machines - 'out of hours' where 'convenience' was more
valuable than 'performance'.

I don't have any more suggestions, sorry. Do you know how unset_nonblock
can fail? Other than building a patched version with more logging I
don't know what else to try that you haven't already done.

Tim.

Re: user perms

[Brian]

On Tue 14 Jun 2022 at 12:22:05 -0500, David Wright wrote:

> On Mon 13 Jun 2022 at 19:03:47 (-0400), gene heskett wrote:
> > On 6/13/22 14:36, Greg Wooledge wrote:
> > > On Mon, Jun 13, 2022 at 01:56:12PM -0400, gene heskett wrote:  >>
> > > I appear as user 1000 seem to be stuck behind some sort of a >>
> > permissions wall. > > SHOW. US.
> > 
> > I got tired of fighting with it Greg, so I did install #32 and installed
> > gnome_desktop (that was new) and xfce4 during the install, and
> > now things including the screen colors are back to normal,
> > 
> > I've installed the brother printers and scanner drivers and I can modify t
> > them by the usual rules. I also set a root pw in addition to adding myself
> > to /etc/group in the appropriate places. I created an /sshnet tree with the
> > other 5 machines here, did a root chown -R me:me on that path and just now
> > mounted all of them as me, so I own the path to me on the other 5 machines.
> 
> "adding myself to /etc/group in the appropriate places" sounds just
> like the sort of thing that might have caused /etc/passwd to become
> screwed up in installation #31.

"...appropriate places" is about as fuzzy as it gets. The user appears
to have been put is group lp. This is completely unwanted as it opens
up a security hole. Thank goodness the OP is not managing my machines
(or my TV reception capabilities :) ).

-- 
Brian.

Re: user perms

[Andrew M.A. Cater]

On Tue, Jun 14, 2022 at 12:22:05PM -0500, David Wright wrote:
> On Mon 13 Jun 2022 at 19:03:47 (-0400), gene heskett wrote:
> > On 6/13/22 14:36, Greg Wooledge wrote:
> > > On Mon, Jun 13, 2022 at 01:56:12PM -0400, gene heskett wrote:  >>
> > > I appear as user 1000 seem to be stuck behind some sort of a >>
> > permissions wall. > > SHOW. US.
> > 
> > I got tired of fighting with it Greg, so I did install #32 and installed
> > gnome_desktop (that was new) and xfce4 during the install, and
> > now things including the screen colors are back to normal,
> > 
> > I've installed the brother printers and scanner drivers and I can modify t
> > them by the usual rules. I also set a root pw in addition to adding myself
> > to /etc/group in the appropriate places. I created an /sshnet tree with the
> > other 5 machines here, did a root chown -R me:me on that path and just now
> > mounted all of them as me, so I own the path to me on the other 5 machines.
> 
> "adding myself to /etc/group in the appropriate places" sounds just
> like the sort of thing that might have caused /etc/passwd to become
> screwed up in installation #31.
> 

adduser gene  

would be the way to do it and have adduser write the file appropriately,
in my experience.

Manually editing /etc/passwd /etc/group or whatever is error-prone, yes.

In the days when Raspbian defaulted to setting a pi user and default group
I'd use the groups command to check whcich groups were set and then
set them by using adduser for my own user, add my own user to the appropriate
group for sudo then, at that point, logout, login as my own user and

 userdel -r pi

> > And my working environment is getting close to completed, something
> > that only been workable occasionally since that last Seagate 2T drive
> > went tits down in the night last Dec 8th.
> > 
> > Kmail5 is buggier than road kill in June, but t-bird is more like
> > August, so
> > I'm looking for a mailer that actually works. tbirds sort filters
> > don't, and
> > they think everybody uses only html, so word wrap doesn't work So I'm
> > doing this by hand..
> > 

Thunderbird and the like do have options to set what they accept and
what they display.

Here, I'm using mutt - but I will admit that I had someone more knowledgeable
help me set up mail forwarding and so on.

Glad to hear you've finally got an environment that more or less works - 
maybe leave it working for more than a week if you possibly can 

All the very best to all on the list, as ever

Andy Cater

Re: Re: [OT] Error de autenticación en cuentas @gmail.com en Clientes de Correo que no son el de Gmail.

[Ramses]

El 14 de junio de 2022 19:28:48 CEST, "Camaleón"  escribió:
>El 2022-06-14 a las 13:56 -0300, Gonzalo Rivero escribió:
>
>> El mar, 14 jun 2022 a la(s) 13:47, Gonzalo Rivero (fishfromsa...@gmail.com)
>> escribió:
>
>(...)
>
>> > > > holas, tampoco se si habrá algún límite (no creo, son menos
>> > > > dispositivos donde podría meter su publicidad (en los clientes de
>> > > > mail
>> > > > de verdad no hay, punto para lo que no sea webmail muajajaja)) pero
>> > > > si
>> > > > que lleva la cuenta de los inicios de sesión, por ejemplo ver la
>> > > > captura de mi propia cuenta
>> > >
>> > > A mi no me aparecen las sesiones que usan la contraseña de aplicación
>> > > (Mutt con IMAP), sólo veo los inicios de sesión desde el webmail.
>> > >
>> > > ¿Usas OAuth2 en Thunderbird o lo tienes configurado omo cuenta POP3?
>> > >
>> > oauth y con imap. También en evolution. Y uso imap porque tengo
>> > demasiado correo repartido en demasiadas carpetas y con las etiquetas
>> > no termino de aclararme.
>> > Eso si, para buscar aglo muy antiguo que no se en que carpeta lo tiré
>> > si voy al webmail.
>> > De todas maneras, había un listado mas detallado que no pude encontrar
>> > ahora y al que podía llegar desde el propio webmail.
>> > La captura de mi correo anterior la obtuve navegando las opciones de la
>> > cuenta de google, no específico del correo. Si llego a encontrarlo
>> > mando en un siguiente mensaje una muestra y como llegar hasta ahí ;)
>> >
>> sabía que estaba en algún lugar: en la pantalla principa de gmail hay que
>> ir hasta abajo a la derecha, donde pone "Última actividad de la cuenta:
>> hace 1 minuto. Detalles" ese 'detalles' es un enlace, que por la hoja de
>> estilo no es obvio hasta que uno pasa por allí con el mouse. Entonces se
>> despliega algo como esto:
>
>Ahí sí veo las sesiones que usan una contraseña de aplicación. Indica 
>el tipo de sesión (KMAP/POP3/Atom/esconocido), la IP y la fecha/hora del
>acceso. Veo los accesos desde Mutt y también desde el complemento XFCE 
>Mailwatch.
>
>Saludos,
>

¿En qué enlace aparece esa información?


Saludos

Re: Re: [OT] Error de autenticación en cuentas @gmail.com en Clientes de Correo que no son el de Gmail.

[Camaleón]

El 2022-06-14 a las 13:56 -0300, Gonzalo Rivero escribió:

> El mar, 14 jun 2022 a la(s) 13:47, Gonzalo Rivero (fishfromsa...@gmail.com)
> escribió:

(...)

> > > > holas, tampoco se si habrá algún límite (no creo, son menos
> > > > dispositivos donde podría meter su publicidad (en los clientes de
> > > > mail
> > > > de verdad no hay, punto para lo que no sea webmail muajajaja)) pero
> > > > si
> > > > que lleva la cuenta de los inicios de sesión, por ejemplo ver la
> > > > captura de mi propia cuenta
> > >
> > > A mi no me aparecen las sesiones que usan la contraseña de aplicación
> > > (Mutt con IMAP), sólo veo los inicios de sesión desde el webmail.
> > >
> > > ¿Usas OAuth2 en Thunderbird o lo tienes configurado omo cuenta POP3?
> > >
> > oauth y con imap. También en evolution. Y uso imap porque tengo
> > demasiado correo repartido en demasiadas carpetas y con las etiquetas
> > no termino de aclararme.
> > Eso si, para buscar aglo muy antiguo que no se en que carpeta lo tiré
> > si voy al webmail.
> > De todas maneras, había un listado mas detallado que no pude encontrar
> > ahora y al que podía llegar desde el propio webmail.
> > La captura de mi correo anterior la obtuve navegando las opciones de la
> > cuenta de google, no específico del correo. Si llego a encontrarlo
> > mando en un siguiente mensaje una muestra y como llegar hasta ahí ;)
> >
> sabía que estaba en algún lugar: en la pantalla principa de gmail hay que
> ir hasta abajo a la derecha, donde pone "Última actividad de la cuenta:
> hace 1 minuto. Detalles" ese 'detalles' es un enlace, que por la hoja de
> estilo no es obvio hasta que uno pasa por allí con el mouse. Entonces se
> despliega algo como esto:

Ahí sí veo las sesiones que usan una contraseña de aplicación. Indica 
el tipo de sesión (KMAP/POP3/Atom/esconocido), la IP y la fecha/hora del
acceso. Veo los accesos desde Mutt y también desde el complemento XFCE 
Mailwatch.

Saludos,

-- 
Camaleón 

[OT] Thunderbird + K-9 Mail (era: [OT] Error de autenticación en cuentas @gmail.com en Clientes de Correo que no son el de Gmail.)

[Camaleón]

El 2022-06-14 a las 19:06 +0200, Ramses escribió:

> El 14 de junio de 2022 17:06:34 CEST, "Camaleón"  
> escribió:

(...)

> >Por cierto, para los que usamos Thunderbird y K-9 Mail, una buena 
> >noticia:
> >
> >K-9 Mail joins the Thunderbird family
> >https://k9mail.app/2022/06/13/K-9-Mail-and-Thunderbird.html
> >
> >Aunque preferiría lo inverso: K-9 Mail en Linux :-P
> 
> Buenas.
> 
> Pues lo que no me simpatiza es esto:
> 
> "The app on Google Play will be moved to a different publisher account."
> 
> Quiero entender que lo que cambian es la cuenta de publicación en Google 
> Play, pero que lo seguirán publicando en Google Play...

No creo que la quiten de Google Play, quizá se refieran a esto:

Transfer apps to a different developer account
https://support.google.com/googleplay/android-developer/answer/6230247?hl=en

Saludos,

-- 
Camaleón 

Re: user perms

[David Wright]

On Mon 13 Jun 2022 at 19:03:47 (-0400), gene heskett wrote:
> On 6/13/22 14:36, Greg Wooledge wrote:
> > On Mon, Jun 13, 2022 at 01:56:12PM -0400, gene heskett wrote:  >>
> > I appear as user 1000 seem to be stuck behind some sort of a >>
> permissions wall. > > SHOW. US.
> 
> I got tired of fighting with it Greg, so I did install #32 and installed
> gnome_desktop (that was new) and xfce4 during the install, and
> now things including the screen colors are back to normal,
> 
> I've installed the brother printers and scanner drivers and I can modify t
> them by the usual rules. I also set a root pw in addition to adding myself
> to /etc/group in the appropriate places. I created an /sshnet tree with the
> other 5 machines here, did a root chown -R me:me on that path and just now
> mounted all of them as me, so I own the path to me on the other 5 machines.

"adding myself to /etc/group in the appropriate places" sounds just
like the sort of thing that might have caused /etc/passwd to become
screwed up in installation #31.

> And my working environment is getting close to completed, something
> that only been workable occasionally since that last Seagate 2T drive
> went tits down in the night last Dec 8th.
> 
> Kmail5 is buggier than road kill in June, but t-bird is more like
> August, so
> I'm looking for a mailer that actually works. tbirds sort filters
> don't, and
> they think everybody uses only html, so word wrap doesn't work So I'm
> doing this by hand..
> 
> So my only instant question is when will the developers understand that
> stuff that runs as a $USER, needs one of two changes, either a .conf file
> someplace readable by the $USER that tells things like t-bird, running as
> the user, can have write privs to /var/log, /or/ an entry in that *.conf so
> logging can be done instead of just gobbling up the denial w/o bothering
> to tell the user it can't open the log. Its trivial to fix logrotate
> to service
> the logs in /home/$USER/logs where there's no perms problem because
> the $USER owns the whole path.  

No idea what this is all about, sorry.

> Same perms story for heyu and nut,
> but some somebody, thinking security as opposed to usability, insists
> on building /dev/ttyUSB*, with 0600 perms. Neither nut, nor heyu can
> get past that to get their job done. And IF I reset those two devices
> to 0777,
> re reboot fixes that.
> 
> I must have asked 15 or 20 times in the last decade, how to fix this in
> permanently in /lib/udev, and have been ignored when I ask that for
> several years. Usability, letting a computer actually DO its job simply
> isn't on the menu. With a record like that, can you blame me for being
> frustrated? Frustrated by asking for advice so I do do it right, and being
> ignored.

The trouble with writing this is that people can look back.

There was a thread in May 2020 on this topic, where all your posts
have followups except for the two that sign out just like this one
does below; ie "Now I know how but my editing foo is burned out for
today", and "I'll see about it tomorrow, having used up my creative
juices on another project today".

In that thread, there is a working set of rules showing how udev
runs a script when a USB stick is inserted or removed, the scripts
themselves, and the data files that the scripts read¹. The scripts
have no problem performing mkdir and rmdir in the /media directory:

$ ls -ld /media
drwxr-xr-x 3 root root 4096 Jun 14 08:30 /media
$ 

> [...]
> 
> > You're a goddamned 20+ year Linux veteran.  You should be able to
> > handle something as ridiculously simple as this.
> 
> I just did,

As usual, we don't know what you actually did to handle it.

> but haven't changed the perms of /dev/ttyUSB* yet.

Of course, the idea was that /you/ don't have to do that: udev should
do it when you boot up the machine or plug in the items. That's what
makes it permanent. And by reading their distinctive serial numbers,
FTDHG45D and FTOOS09N, it also prevents the names of the two devices
being swapped around by a race, or the order of insertion.

> Only so
> much time in one 24 hour day.  Up since 4:40 my time, by 20:00 I'm burned
> out for the day.

¹
https://lists.debian.org/debian-user/2020/05/msg00510.html

Unlike the email posts, the web version doesn't show that
"usgs1g" (the mount point) is the contents of an attached file
called "2017-0403" (the USB stick's UUID), and likewise "cdrom3"
in file "KZ3E2DH0440" (the portable DVD Writer's serial number).

Cheers,
David.

Re: Re: [OT] Error de autenticación en cuentas @gmail.com en Clientes de Correo que no son el de Gmail.

[Ramses]

El 14 de junio de 2022 17:06:34 CEST, "Camaleón"  escribió:
>El 2022-06-14 a las 11:21 -0300, Gonzalo Rivero escribió:
>> El lun, 13-06-2022 a las 19:23 +0200, Camaleón escribió:
>> > El 2022-06-13 a las 19:00 +0200, Ramses escribió:
>> > 
>> > > El 13 de junio de 2022 18:28:12 CEST, "Camaleón"
>> > >  escribió:
>> > > > El 2022-06-13 a las 11:19 -0500, Aristobulo Pinzon escribió:
>> > > > 
>> > > > > Buenos días...
>> > > > > Y una pregunta: ¿Cómo configurar todas las cuentas de Gmail con
>> > > > > 2FA?
>> > > > > Gracias por facilitar ayuda.
>> > > > 
>> > > > Sigue estos pasos:
>> > > > 
>> > > > Activar la verificación en dos pasos
>> > > > https://support.google.com/accounts/answer/185839?hl=es=GENIE.Platform%3DDesktop=0
>> > > > 
>> > > > Ojo, activar este sistema va bien para quienes NO usamos el
>> > > > webmail y 
>> > > > mantenemos cuentas configuradas «a la antigua usanza», esto es,
>> > > > con 
>> > > > clientes IMAP/POP3 que requieren usuario y contraseña.
>> > > > 
>> > > > Cuando activas el 2FA cada vez que accedes a tu cuenta de
>> > > > Google/Gmail 
>> > > > a través del webmail te manda un código SMS o te llama para
>> > > > permitr el 
>> > > > acceso, lo cual no e s nada práctico si el webmail es el sistema
>> > > > de 
>> > > > acceso más utilizado.
>> > > > 
>> > > > Luego sólo tendrías que generar una contraseña de aplicación para
>> > > > que 
>> > > > Google te cree una contraseña automáticamente, que es la que
>> > > > pones en 
>> > > > la aplicación de correo o donde la vayas a usar.
>> > > > 
>> > > 
>> > > Una duda: ¿Puedes crear una única Contraseña de Aplicación en una
>> > > cuenta y usarla en todas las aplicaciones / clieide correo en las
>> > > que uses esa cuenta?.
>> > 
>> > Sí, al menos yo lo tengo así (una contraseña para gobernarlos a 
>> > todos...) y de momento no me ha dado problemas.
>> > 
>> > Desconozco si hay algún límite o si Google lleva la cuenta los
>> > inicios
>> >  de sesión desde las distintas aplicaciones... yo me creo todo ya :-(
>> > 
>> 
>> holas, tampoco se si habrá algún límite (no creo, son menos
>> dispositivos donde podría meter su publicidad (en los clientes de mail
>> de verdad no hay, punto para lo que no sea webmail muajajaja)) pero si
>> que lleva la cuenta de los inicios de sesión, por ejemplo ver la
>> captura de mi propia cuenta
>
>A mi no me aparecen las sesiones que usan la contraseña de aplicación 
>(Mutt con IMAP), sólo veo los inicios de sesión desde el webmail.
>
>¿Usas OAuth2 en Thunderbird o lo tienes configurado omo cuenta POP3?
>
>Por cierto, para los que usamos Thunderbird y K-9 Mail, una buena 
>noticia:
>
>K-9 Mail joins the Thunderbird family
>https://k9mail.app/2022/06/13/K-9-Mail-and-Thunderbird.html
>
>Aunque preferiría lo inverso: K-9 Mail en Linux :-P
>
>Saludos,
>

Buenas.

Pues lo que no me simpatiza es esto:

"The app on Google Play will be moved to a different publisher account."

Quiero entender que lo que cambian es la cuenta de publicación en Google Play, 
pero que lo seguirán publicando en Google Play...


Saludos

Re: Re: [OT] Error de autenticación en cuentas @gmail.com en Clientes de Correo que no son el de Gmail.

[Gonzalo Rivero]

El mar, 14 jun 2022 a la(s) 13:47, Gonzalo Rivero (fishfromsa...@gmail.com)
escribió:

> El mar, 14-06-2022 a las 17:06 +0200, Camaleón escribió:
> > El 2022-06-14 a las 11:21 -0300, Gonzalo Rivero escribió:
> > > El lun, 13-06-2022 a las 19:23 +0200, Camaleón escribió:
> > > > El 2022-06-13 a las 19:00 +0200, Ramses escribió:
> > > >
> > > > > El 13 de junio de 2022 18:28:12 CEST, "Camaleón"
> > > > >  escribió:
> > > > > > El 2022-06-13 a las 11:19 -0500, Aristobulo Pinzon escribió:
> > > > > >
> > > > > > > Buenos días...
> > > > > > > Y una pregunta: ¿Cómo configurar todas las cuentas de Gmail
> > > > > > > con
> > > > > > > 2FA?
> > > > > > > Gracias por facilitar ayuda.
> > > > > >
> > > > > > Sigue estos pasos:
> > > > > >
> > > > > > Activar la verificación en dos pasos
> > > > > >
> https://support.google.com/accounts/answer/185839?hl=es=GENIE.Platform%3DDesktop=0
> > > > > >
> > > > > > Ojo, activar este sistema va bien para quienes NO usamos el
> > > > > > webmail y
> > > > > > mantenemos cuentas configuradas «a la antigua usanza», esto
> > > > > > es,
> > > > > > con
> > > > > > clientes IMAP/POP3 que requieren usuario y contraseña.
> > > > > >
> > > > > > Cuando activas el 2FA cada vez que accedes a tu cuenta de
> > > > > > Google/Gmail
> > > > > > a través del webmail te manda un código SMS o te llama para
> > > > > > permitr el
> > > > > > acceso, lo cual no e s nada práctico si el webmail es el
> > > > > > sistema
> > > > > > de
> > > > > > acceso más utilizado.
> > > > > >
> > > > > > Luego sólo tendrías que generar una contraseña de aplicación
> > > > > > para
> > > > > > que
> > > > > > Google te cree una contraseña automáticamente, que es la que
> > > > > > pones en
> > > > > > la aplicación de correo o donde la vayas a usar.
> > > > > >
> > > > >
> > > > > Una duda: ¿Puedes crear una única Contraseña de Aplicación en
> > > > > una
> > > > > cuenta y usarla en todas las aplicaciones / clieide correo en
> > > > > las
> > > > > que uses esa cuenta?.
> > > >
> > > > Sí, al menos yo lo tengo así (una contraseña para gobernarlos a
> > > > todos...) y de momento no me ha dado problemas.
> > > >
> > > > Desconozco si hay algún límite o si Google lleva la cuenta los
> > > > inicios
> > > >  de sesión desde las distintas aplicaciones... yo me creo todo ya
> > > > :-(
> > > >
> > >
> > > holas, tampoco se si habrá algún límite (no creo, son menos
> > > dispositivos donde podría meter su publicidad (en los clientes de
> > > mail
> > > de verdad no hay, punto para lo que no sea webmail muajajaja)) pero
> > > si
> > > que lleva la cuenta de los inicios de sesión, por ejemplo ver la
> > > captura de mi propia cuenta
> >
> > A mi no me aparecen las sesiones que usan la contraseña de aplicación
> > (Mutt con IMAP), sólo veo los inicios de sesión desde el webmail.
> >
> > ¿Usas OAuth2 en Thunderbird o lo tienes configurado omo cuenta POP3?
> >
> oauth y con imap. También en evolution. Y uso imap porque tengo
> demasiado correo repartido en demasiadas carpetas y con las etiquetas
> no termino de aclararme.
> Eso si, para buscar aglo muy antiguo que no se en que carpeta lo tiré
> si voy al webmail.
> De todas maneras, había un listado mas detallado que no pude encontrar
> ahora y al que podía llegar desde el propio webmail.
> La captura de mi correo anterior la obtuve navegando las opciones de la
> cuenta de google, no específico del correo. Si llego a encontrarlo
> mando en un siguiente mensaje una muestra y como llegar hasta ahí ;)
>
> sabía que estaba en algún lugar: en la pantalla principa de gmail hay que
ir hasta abajo a la derecha, donde pone "Última actividad de la cuenta:
hace 1 minuto. Detalles" ese 'detalles' es un enlace, que por la hoja de
estilo no es obvio hasta que uno pasa por allí con el mouse. Entonces se
despliega algo como esto:

Re: Re: [OT] Error de autenticación en cuentas @gmail.com en Clientes de Correo que no son el de Gmail.

[Gonzalo Rivero]

El mar, 14-06-2022 a las 17:06 +0200, Camaleón escribió:
> El 2022-06-14 a las 11:21 -0300, Gonzalo Rivero escribió:
> > El lun, 13-06-2022 a las 19:23 +0200, Camaleón escribió:
> > > El 2022-06-13 a las 19:00 +0200, Ramses escribió:
> > > 
> > > > El 13 de junio de 2022 18:28:12 CEST, "Camaleón"
> > > >  escribió:
> > > > > El 2022-06-13 a las 11:19 -0500, Aristobulo Pinzon escribió:
> > > > > 
> > > > > > Buenos días...
> > > > > > Y una pregunta: ¿Cómo configurar todas las cuentas de Gmail
> > > > > > con
> > > > > > 2FA?
> > > > > > Gracias por facilitar ayuda.
> > > > > 
> > > > > Sigue estos pasos:
> > > > > 
> > > > > Activar la verificación en dos pasos
> > > > > https://support.google.com/accounts/answer/185839?hl=es=GENIE.Platform%3DDesktop=0
> > > > > 
> > > > > Ojo, activar este sistema va bien para quienes NO usamos el
> > > > > webmail y 
> > > > > mantenemos cuentas configuradas «a la antigua usanza», esto
> > > > > es,
> > > > > con 
> > > > > clientes IMAP/POP3 que requieren usuario y contraseña.
> > > > > 
> > > > > Cuando activas el 2FA cada vez que accedes a tu cuenta de
> > > > > Google/Gmail 
> > > > > a través del webmail te manda un código SMS o te llama para
> > > > > permitr el 
> > > > > acceso, lo cual no e s nada práctico si el webmail es el
> > > > > sistema
> > > > > de 
> > > > > acceso más utilizado.
> > > > > 
> > > > > Luego sólo tendrías que generar una contraseña de aplicación
> > > > > para
> > > > > que 
> > > > > Google te cree una contraseña automáticamente, que es la que
> > > > > pones en 
> > > > > la aplicación de correo o donde la vayas a usar.
> > > > > 
> > > > 
> > > > Una duda: ¿Puedes crear una única Contraseña de Aplicación en
> > > > una
> > > > cuenta y usarla en todas las aplicaciones / clieide correo en
> > > > las
> > > > que uses esa cuenta?.
> > > 
> > > Sí, al menos yo lo tengo así (una contraseña para gobernarlos a 
> > > todos...) y de momento no me ha dado problemas.
> > > 
> > > Desconozco si hay algún límite o si Google lleva la cuenta los
> > > inicios
> > >  de sesión desde las distintas aplicaciones... yo me creo todo ya
> > > :-(
> > > 
> > 
> > holas, tampoco se si habrá algún límite (no creo, son menos
> > dispositivos donde podría meter su publicidad (en los clientes de
> > mail
> > de verdad no hay, punto para lo que no sea webmail muajajaja)) pero
> > si
> > que lleva la cuenta de los inicios de sesión, por ejemplo ver la
> > captura de mi propia cuenta
> 
> A mi no me aparecen las sesiones que usan la contraseña de aplicación
> (Mutt con IMAP), sólo veo los inicios de sesión desde el webmail.
> 
> ¿Usas OAuth2 en Thunderbird o lo tienes configurado omo cuenta POP3?
> 
oauth y con imap. También en evolution. Y uso imap porque tengo
demasiado correo repartido en demasiadas carpetas y con las etiquetas
no termino de aclararme.
Eso si, para buscar aglo muy antiguo que no se en que carpeta lo tiré
si voy al webmail.
De todas maneras, había un listado mas detallado que no pude encontrar
ahora y al que podía llegar desde el propio webmail. 
La captura de mi correo anterior la obtuve navegando las opciones de la
cuenta de google, no específico del correo. Si llego a encontrarlo
mando en un siguiente mensaje una muestra y como llegar hasta ahí ;)

> Por cierto, para los que usamos Thunderbird y K-9 Mail, una buena 
> noticia:
> 
> K-9 Mail joins the Thunderbird family
> https://k9mail.app/2022/06/13/K-9-Mail-and-Thunderbird.html
> 
> Aunque preferiría lo inverso: K-9 Mail en Linux :-P

Comment activer la virtualisation imbriquée sur un hôte AMD

[Olivier]

Bonjour,

Je souhaite créer une VM qui puisse elle-meme héberger une autre VM
(nested virt).
J'ai lu les étapes décrites dans [1].

L'hôte est une machine Bullseye AMD qui semble supporter la fonction voulue:
# cat /sys/module/kvm_amd/parameters/nested
1

J'arrive à créer une nouvelle VM en cochant la case Copier la
configuration du processeur de l'hôte dans la page de conf du CPU de
VirtManager mais dès le démarrage, je vois que la machine oublie mon
paramètre et adopte le processeur  Opteron_G3.

Dans la VM créée, l'instruction kvm-ok du paquet cpu-checker indique
la virtualisation n'est pas supportée.

Une idée ?

[1] https://ostechnix.com/how-to-enable-nested-virtualization-in-kvm-in-linux/

Slts

Re: Re: [OT] Error de autenticación en cuentas @gmail.com en Clientes de Correo que no son el de Gmail.

[Camaleón]

El 2022-06-14 a las 11:21 -0300, Gonzalo Rivero escribió:
> El lun, 13-06-2022 a las 19:23 +0200, Camaleón escribió:
> > El 2022-06-13 a las 19:00 +0200, Ramses escribió:
> > 
> > > El 13 de junio de 2022 18:28:12 CEST, "Camaleón"
> > >  escribió:
> > > > El 2022-06-13 a las 11:19 -0500, Aristobulo Pinzon escribió:
> > > > 
> > > > > Buenos días...
> > > > > Y una pregunta: ¿Cómo configurar todas las cuentas de Gmail con
> > > > > 2FA?
> > > > > Gracias por facilitar ayuda.
> > > > 
> > > > Sigue estos pasos:
> > > > 
> > > > Activar la verificación en dos pasos
> > > > https://support.google.com/accounts/answer/185839?hl=es=GENIE.Platform%3DDesktop=0
> > > > 
> > > > Ojo, activar este sistema va bien para quienes NO usamos el
> > > > webmail y 
> > > > mantenemos cuentas configuradas «a la antigua usanza», esto es,
> > > > con 
> > > > clientes IMAP/POP3 que requieren usuario y contraseña.
> > > > 
> > > > Cuando activas el 2FA cada vez que accedes a tu cuenta de
> > > > Google/Gmail 
> > > > a través del webmail te manda un código SMS o te llama para
> > > > permitr el 
> > > > acceso, lo cual no e s nada práctico si el webmail es el sistema
> > > > de 
> > > > acceso más utilizado.
> > > > 
> > > > Luego sólo tendrías que generar una contraseña de aplicación para
> > > > que 
> > > > Google te cree una contraseña automáticamente, que es la que
> > > > pones en 
> > > > la aplicación de correo o donde la vayas a usar.
> > > > 
> > > 
> > > Una duda: ¿Puedes crear una única Contraseña de Aplicación en una
> > > cuenta y usarla en todas las aplicaciones / clieide correo en las
> > > que uses esa cuenta?.
> > 
> > Sí, al menos yo lo tengo así (una contraseña para gobernarlos a 
> > todos...) y de momento no me ha dado problemas.
> > 
> > Desconozco si hay algún límite o si Google lleva la cuenta los
> > inicios
> >  de sesión desde las distintas aplicaciones... yo me creo todo ya :-(
> > 
> 
> holas, tampoco se si habrá algún límite (no creo, son menos
> dispositivos donde podría meter su publicidad (en los clientes de mail
> de verdad no hay, punto para lo que no sea webmail muajajaja)) pero si
> que lleva la cuenta de los inicios de sesión, por ejemplo ver la
> captura de mi propia cuenta

A mi no me aparecen las sesiones que usan la contraseña de aplicación 
(Mutt con IMAP), sólo veo los inicios de sesión desde el webmail.

¿Usas OAuth2 en Thunderbird o lo tienes configurado omo cuenta POP3?

Por cierto, para los que usamos Thunderbird y K-9 Mail, una buena 
noticia:

K-9 Mail joins the Thunderbird family
https://k9mail.app/2022/06/13/K-9-Mail-and-Thunderbird.html

Aunque preferiría lo inverso: K-9 Mail en Linux :-P

Saludos,

-- 
Camaleón 

Re: which X11 app can show wifi info

[Brian]

On Tue 14 Jun 2022 at 13:15:56 +0200, Vincent Lefevre wrote:

> On 2022-06-11 19:10:09 +0800, lou wrote:
> > On 6/11/22 7:00 PM, Brian wrote:
> > > 
> > > You are associating with a wireless access point. You must be using
> > > wpasupplicant. Have you tried installing wpagui?
> > 
> > Thanks, wpagui seems to work for me.
> 
> wpagui doesn't work at all for me. It doesn't show any adapter.
> But wpa_cli doesn't work either:
> 
> Could not connect to wpa_supplicant: (nil) - re-trying
> 
> while "systemctl status wpa_supplicant.service" says that the service
> is running.
> 
> No issues with iwlist and nmcli.

/usr/sbin/wpa_gui and /sbin/wpa_cli should both give sensible outputs
when run as root.

-- 
Brian.

Re: Re: [OT] Error de autenticación en cuentas @gmail.com en Clientes de Correo que no son el de Gmail.

[Gonzalo Rivero]

El lun, 13-06-2022 a las 19:23 +0200, Camaleón escribió:
> El 2022-06-13 a las 19:00 +0200, Ramses escribió:
> 
> > El 13 de junio de 2022 18:28:12 CEST, "Camaleón"
> >  escribió:
> > > El 2022-06-13 a las 11:19 -0500, Aristobulo Pinzon escribió:
> > > 
> > > > Buenos días...
> > > > Y una pregunta: ¿Cómo configurar todas las cuentas de Gmail con
> > > > 2FA?
> > > > Gracias por facilitar ayuda.
> > > 
> > > Sigue estos pasos:
> > > 
> > > Activar la verificación en dos pasos
> > > https://support.google.com/accounts/answer/185839?hl=es=GENIE.Platform%3DDesktop=0
> > > 
> > > Ojo, activar este sistema va bien para quienes NO usamos el
> > > webmail y 
> > > mantenemos cuentas configuradas «a la antigua usanza», esto es,
> > > con 
> > > clientes IMAP/POP3 que requieren usuario y contraseña.
> > > 
> > > Cuando activas el 2FA cada vez que accedes a tu cuenta de
> > > Google/Gmail 
> > > a través del webmail te manda un código SMS o te llama para
> > > permitr el 
> > > acceso, lo cual no e s nada práctico si el webmail es el sistema
> > > de 
> > > acceso más utilizado.
> > > 
> > > Luego sólo tendrías que generar una contraseña de aplicación para
> > > que 
> > > Google te cree una contraseña automáticamente, que es la que
> > > pones en 
> > > la aplicación de correo o donde la vayas a usar.
> > > 
> > 
> > Una duda: ¿Puedes crear una única Contraseña de Aplicación en una
> > cuenta y usarla en todas las aplicaciones / clieide correo en las
> > que uses esa cuenta?.
> 
> Sí, al menos yo lo tengo así (una contraseña para gobernarlos a 
> todos...) y de momento no me ha dado problemas.
> 
> Desconozco si hay algún límite o si Google lleva la cuenta los
> inicios
>  de sesión desde las distintas aplicaciones... yo me creo todo ya :-(
> 

holas, tampoco se si habrá algún límite (no creo, son menos
dispositivos donde podría meter su publicidad (en los clientes de mail
de verdad no hay, punto para lo que no sea webmail muajajaja)) pero si
que lleva la cuenta de los inicios de sesión, por ejemplo ver la
captura de mi propia cuenta

Re: Needless DNS queries

[Dieter Rohlfing]

Thanks to everybody, who replied.

After some more reading and tinkering I've made the following
observations:

The response code NXDOMAIN means: domain name did not resolve. In
this case the search option becomes important. Whenever a domain name
does not resolve, the client's resolver (at least in Linux) suffixes the
original domain name with each item in the search list until the new
domain name resolves.

So this is regular behaviour and it explains the needless DNS queries.

AdguardHome uses the response code NXDOMAIN to signal the client "this
is a forbidden domain". For this signal "this is a forbidden domain"
you can configure AdguardHome to use the IPv4 0.0.0.0 and the response
code NOERROR. Now the (forbidden) domain is resolved without an error
and the IPv4 of 0.0.0.0. So there's no need to use the search list and
the needless DNS queries vanish.

Thanks for reading and have a nice day.

Dieter

Re: which X11 app can show wifi info

[Vincent Lefevre]

On 2022-06-11 19:10:09 +0800, lou wrote:
> On 6/11/22 7:00 PM, Brian wrote:
> > 
> > You are associating with a wireless access point. You must be using
> > wpasupplicant. Have you tried installing wpagui?
> 
> Thanks, wpagui seems to work for me.

wpagui doesn't work at all for me. It doesn't show any adapter.
But wpa_cli doesn't work either:

Could not connect to wpa_supplicant: (nil) - re-trying

while "systemctl status wpa_supplicant.service" says that the service
is running.

No issues with iwlist and nmcli.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: OpenSSH: cause of random kex_exchange_identification errors?

[Vincent Lefevre]

On 2022-06-07 17:19:12 +0100, Tim Woodall wrote:
> On Tue, 7 Jun 2022, Vincent Lefevre wrote:
> > I eventually did a packet capture on the client side as I was able to
> > reproduce the problem. When it occurs, I get the following sequence:
> > 
> > Client ? Server: [SYN] Seq=0
> > Server ? Client: [SYN, ACK] Seq=0
> > Client ? Server: [ACK] Seq=1
> > Server ? Client: [FIN, ACK] Seq=1
> > Client ? Server: Client: Protocol (SSH-2.0-OpenSSH_9.0p1 Debian-1)
> > Server ? Client: [RST] Seq=2
> > Client ? Server: [FIN, ACK] Seq=33
> > Server ? Client: [RST] Seq=2
> > 
> > So the issue comes from the server, which sends [FIN, ACK] to terminate
> > the connection. In OpenSSH's sshd.c, this could be due to
> > 
> >if (unset_nonblock(*newsock) == -1 ||
> >drop_connection(*newsock, startups) ||
> >pipe(startup_p) == -1) {
> >close(*newsock);
> >continue;
> >}
> > 
> > At least 2 kinds of errors are not logged:
> > 
> > * In unset_nonblock(), a "fcntl(fd, F_SETFL, val) == -1" condition.
> > 
> > * the "pipe(startup_p) == -1" condition.
> > 
> > I'm not sure about drop_connection(), which is related to MaxStartups.
> > 
> 
> I've not seen the start of this thread but is this occasional or always?

Occasional. Someone else at my lab could reproduce the issue.
But the admins can't.

> If occasional, how many concurrent connections do you have starting all
> at once.

I'm not sure what you mean by "concurrent connections". The server
is a SSH gateway, so that many users connect to it. But for the
client host above (my personal machine at my lab), this was the
only connection from this machine; note I did this connection only
for testing, as there is no need to connect to this SSH gateway
from the lab.

> The default ssh config has a super-annoying default that
> randomly kills sessions if too many are handshaking at once.
> 
> It's the MaxStartups setting you allude to. I've been bitten by this
> where cron jobs all start at the same time and ssh to the same host.

MaxStartups was increased in February, after I initially reported
the problem.

Since this is a Debian 10 machine with OpenSSH_7.9p1 Debian-10+deb10u2,
I should have quoted the code from this sshd.c version. Thus the
connection close issue should occur in

if (unset_nonblock(*newsock) == -1) {
close(*newsock);
continue;
}
if (drop_connection(startups) == 1) {
char *laddr = get_local_ipaddr(*newsock);
char *raddr = get_peer_ipaddr(*newsock);

verbose("drop connection #%d from [%s]:%d "
"on [%s]:%d past MaxStartups", startups,
raddr, get_peer_port(*newsock),
laddr, get_local_port(*newsock));
free(laddr);
free(raddr);
close(*newsock);
continue;
}
if (pipe(startup_p) == -1) {
close(*newsock);
continue;
}

Now, it appears that verbose() logs at SYSLOG_LEVEL_VERBOSE, and it
is just below the default SYSLOG_LEVEL_INFO, so that nothing would be
logged by default concerning MaxStartups, if I understand correctly.

But the admins changed the log level to some debug one a few days ago,
and debug messages effectively appear, but nothing concerning my case
(I had sent the exact time of the failures to the admins).

BTW, the issue also occurs at night, while there should be very few
connections at handshaking status.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: error using synaptic UPGRADE/INSTALL

[Brad Rogers]

On Tue, 14 Jun 2022 02:55:04 +
"Russell L. Harris"  wrote:

Hello Russell,

>I've gotten lazy because I seldom have a problem with Synaptic.

IKWYM.  Despite Synaptic being looked down on in some quarters, I find
it very capable.  Especially when it comes to dependency issue
resolution.

>enough to close files before starting the download+install,
>particularly if it involves a kernel upgrade.

Kernel upgrades won't affect the system until a reboot is performed.
Too much is at risk to change kernel 'on the fly' like that.

-- 
 Regards  _
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
You're not so safe in the safety of your room
Nasty - The Damned


pgpS4ENZa9u0L.pgp
Description: OpenPGP digital signature

[OT] Entrevista a Richard Stallman (en español)

[Camaleón]

Hola,

No es habitual leer entrevistas de contenido original (no simplemente 
traducidas) en español relacionadas con el mundo de la informática en 
general, y con el software libre en particular.

Os dejo esta¹ de Chema Alonso a Richard Stallman, donde hablan sobre los 
grandes repositorios para desarrolladores de software (GitHub et al) y los 
problemas con las licencias propietarias.

No sé por qué, pero leer a Richard Stallman siempre me deja una buena 
sensación, quizá porque dice verdades como puños, sin aspavientos y de 
manera sencilla y clara... sus palabras tienen algo de místico, o quizá 
sea por la inherente universalidad del concepto de softare libre que se 
expande más allá de los bits y transciende cuestiones vitales.

¹https://unaaldia.hispasec.com/2022/06/chema-alonso-entrevista-a-richard-stallman-parte-i.html

Saludos,

-- 
Camaleón 

Re: error using synaptic UPGRADE/INSTALL

[Brad Rogers]

On Mon, 13 Jun 2022 18:46:02 -0500
David Wright  wrote:

Hello David,

>While I would generally concur, I would not advise, for example,
>performing the monthly firefox upgrade while the browser is running.

I've never had issues doing that (admittedly, not with ff, but other
browsers);  The browser I use (Librewolf) reports it's noticed the
update and requires a restart.

>Not being a synaptic user, I don't know whether it informs users of
>what it is doing (other than through the logs), but I would have
>thought it ought to.

It does.  To see the reporting, one has to either click a button on the
progress bar window for further information or set in the prefs "Apply
changes in terminal window", which is what I do.  That way, you can see
what's happening immediately because as soon as the download completes a
terminal window opens and reports everything that's happening;
unpacking, writing to disk, updating default prefs, removing, updating
initrd, updating manpage db, etc, etc.

-- 
 Regards  _
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
Gary don't need his eyes to see, Gary and his eyes have parted company
Gary Gilmore's Eyes - The Adverts


pgpcYphs5zdXm.pgp
Description: OpenPGP digital signature

Re: user perms

[mick crane]

On 2022-06-14 00:03, gene heskett wrote:

I'm looking for a mailer that actually works. tbirds sort filters 
don't, and


they think everybody uses only html, so word wrap doesn't work So I'm

doing this by hand..


I'd have thought if you've got PCs in different buildings Dovecot, 
Roundcube, Seive on the PC with Apache on it would work for you. Think 
it uses postfix which seems automagically installed.

I like it but really should upgrade.
getmail from https://pyropus.ca./software/getmail/ for getting the mail

mick