Re: Verison IPv6 -- I want to stick with IPv4 (was Re: ipv6: static ipv6 address with dynamic network address possible?)

[Marco]

Am 13. Aug 2022, um 23:42:17 Uhr schrieb David Wright:

> AFAICT the rest of your post is concerned with global IPv6 addresses
> rather than local (ULA) ones, which is why the prefix for the home
> LAN has to be given to you rather than generated/assigned by yourself.

It is possible to use an additional ULA at home to address computers.
This ULA can be taken to a new provider because it is only valid inside
your network - not on the internet.
Then the GUA prefix is being used to connect to other computers
on the internet outside your network. Your computer can have multiple
IPv6 addresses, it already has at least 2 (link-local and GUA).

Re: auth log full with

[Reco]

Hi.

On Sat, Aug 13, 2022 at 07:42:28PM +0200, Maurizio Caloro wrote:
> how I can disable this?, I try solution with failban, but this want be
> help!?
> 
> [sshd]
> Enable  = true
> Mode   = normal

As /etc/fail2ban/filter.d/sshd.conf shows, "no matching host key type"
messages are specifically ignored by Mode=normal.
Try setting Mode=aggressive, it should catch those.

Of course, DROPping ssh connections from AS28594 would work too. Unless
you're from Brazil, that is.

Reco

Re: How could "they" get into your BIOS? ...

[David Wright]

On Sat 13 Aug 2022 at 16:09:13 (-0500), Albretch Mueller wrote:
> On 8/12/22, David Wright  wrote:
> > I typed the text at
> > the top of the screen in your first image, and got plenty of
> > suggestions from Dell, reddit, and some Scottish Uni gamers.
> 
>  Basically, what I distilled out of many of those posts is that you
> should disable "Secure Boot", but I had already disabled it.

These are the sorts of things I've read but can't evaluate:

  Turn on or restart your computer.
  Press F2 to enter System Setup. …
  In the left pane, expand SupportAssist System Resolution,
  and then select SupportAssist OS Recovery.
  In the right pane, select or clear the SupportAssist OS Recovery
  check box to enable or disable the automatic start of
  SupportAssist OS Recovery.

>  I will keep fighting this matter and if/when I find a solution I will
> post it here. There are many people using those DELL laptops some of
> which use Debian.

On Sat 13 Aug 2022 at 11:57:21 (-0500), Albretch Mueller wrote:
>  The wireless card I removed day 1 I got that laptop since this is my
> work computer. All of that started happening afterwards. I am curious
> to know why would DL care about a wireless card in a temperamental
> way?

The way I read your OP, you haven't reached any involvement with
Debian Live yet. I assumed you were at some sort of POST, or
post-POST stage, though my Dells are probably much older than
yours, and lack anything like SupportAssist.

My old Dell laptop (BIOS) would perform some sort of POST scan.
Any change to BIOS settings would make this scan much more thorough.
It obviously remembered whether the previous scan was successful,
because just turning off the power during a quick scan would force
it into making a long, tedious one next time.

Cheers,
David.

Re: netperf / MIT License is not open source?

[David Wright]

On Sat 13 Aug 2022 at 19:23:46 (+0100), piorunz wrote:
> On 13/08/2022 18:30, Lee wrote:
> > I just noticed that the netperf package is in the [non-free] repository
> >https://packages.debian.org/bullseye/netperf
> > which seems wrong.
> > 
> > Is the MIT license really not compatible with open source or is the
> > netperf package using outdated licensing info or .. what?
> 
> Very interesting. I don't know about this specific package, but MIT in
> general is allowed in DSFG.
> 
> For example, this package is full MIT and its in Debian:
> https://packages.debian.org/sid/kraptor
> 
> netperf license, as seen on
> https://metadata.ftp-master.debian.org/changelogs//non-free/n/netperf/netperf_2.7.0-0.1_copyright,
> still reads:
> 
> Copyright (C) 1993 Hewlett-Packard Company
> ALL RIGHTS RESERVED.
> 
> It must have been recently this package changed from Copyright (C) 1993
> Hewlett-Packard Company to MIT license, and Debian didn't catched up to
> this fact yet?
> 
> Also their github README states:
> "This version of netperf has been opensourced by Hewlett Packard
> Enterprise using the MIT license."
> And also
> "Licenses updated."
> 
> Maybe older versions indeed were not under MIT.
> 
> EDIT: Ok I think I found it.
> https://github.com/HewlettPackard/netperf/commit/2d88bcc75d97f462eafe8605f8da0c1f875b7dad
> 
> It seems that this package license has changed from full HP copyright to
> MIT, on 20 January 2021.

The version in bullseye looks as if it was built on 15 November 2020 …

> Perhaps package needs updating in Debian repository :)

… and has not yet needed upgrading for bookworm AFAICT (amd64).

> > The debian package copyright file link points to
> >
> > https://metadata.ftp-master.debian.org/changelogs//non-free/n/netperf/netperf_2.7.0-0.1_copyright
> > which has
> >Upstream Authors:
> >Copyright 1993-2007 Hewlett-Packard Company
> > 
> > but the homepage link points to
> >https://github.com/HewlettPackard/netperf
> > which has a COPYING file pointing to
> >https://github.com/HewlettPackard/netperf/blob/master/COPYING
> > which has
> > HewlettPackard/netperf is licensed under the
> >MIT License
> >#  Copyright 2021 Hewlett Packard Enterprise Development LP

Cheers,
David.

Re: Verison IPv6 -- I want to stick with IPv4 (was Re: ipv6: static ipv6 address with dynamic network address possible?)

[David Wright]

On Sat 13 Aug 2022 at 09:37:02 (-), Curt wrote:
> On 2022-08-13, David Wright  wrote:
> > On Wed 10 Aug 2022 at 08:12:11 (-), Curt wrote:
> >> I never realized that local addresses were fundamentally identical in all
> >> local networks because there weren't enough addresses in the first place,
> >
> > Don't you need them to be identical because otherwise everybody
> > would have to configure their border equipment (like routers)
> > to recognise /their/ choice as local.
> 
> I guess they've got it all figured out.
> 
> > It's not clear, either, how you would select your own local
> > range without accidentally choosing addresses that are in use
> > somewhere on the globe, unless the choice was a fixed, well-
> > known set of possible values (as it is: 10, 172.16–31, 192.168).
> 
>  The IETF RFC 7084 (formerly RFC 6204), Basic Requirements for IPv6
>  Customer Edge Routers, [ … … … … ]

AFAICT the rest of your post is concerned with global IPv6 addresses
rather than local (ULA) ones, which is why the prefix for the home
LAN has to be given to you rather than generated/assigned by yourself.

AIUI IPv6 local addresses are designed to be not fundamentally
identical, by having a 40-bit pseudorandom global ID embedded
within them. So were they to leak out onto the Internet, the
chances are that you wouldn't get a collision. (Mind you,
I don't know just what that chance would be.)

OTOH the betting is that the IPv4 address of a home internet's router,
for example, is going to be either 192.168.1.1 or 192.168.0.1, with a
scattering of 192.168.1.254 (like British Telecom users, YMMV). And
not forgetting Gene's choice of 71.

Cheers,
David.

Re: How could "they" get into your BIOS? ...

[David Christensen]

On 8/13/22 14:09, Albretch Mueller wrote:

On 8/12/22, David Wright  wrote:

I typed the text at
the top of the screen in your first image, and got plenty of
suggestions from Dell, reddit, and some Scottish Uni gamers.


  Basically, what I distilled out of many of those posts is that you
should disable "Secure Boot", but I had already disabled it.

  I will keep fighting this matter and if/when I find a solution I will
post it here. There are many people using those DELL laptops some of
which use Debian.

  lbrtchx



I have a 16 GB USB flash drive with Debian 11 that was installed using a 
UEFI machine.   AIUI it uses GPT partitioning and the appropriate Debian 
bootloader(s) are cryptographically signed and compatible with Secure Boot.



I have a Dell Latitude 5400 with Windows 10 Pro, which defaults to UEFI 
and Secure Boot.



To boot the Dell using the Debian 11 UEFI USB stick, I found that I 
needed to change one firmware setting:


  CMOS Setup
  -> System Configuration
 -> SATA Operation
-> AHCI


To boot Windows, I must reset it:

  CMOS Setup
  -> System Configuration
 -> SATA Operation
-> RAID On


David

Re: Verison IPv6 -- I want to stick with IPv4 (was Re: ipv6: static ipv6 address with dynamic network address possible?)

[Tim Woodall]

On Sat, 13 Aug 2022, mick.crane wrote:


On 2022-08-13 10:37, Curt wrote:


 Getting Your IPv6 Addresses


with 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses you'd 
think everything could have it's own permanently but it would likely be too 
slow to find it without being able to narrow it down a bit and it would be a 
nightmare allocating numbers of scrapped devices?

mick



part of the reason ipv6 prefix are not ported is to keep the routing
tables sane. People should think about having to remap from time to
time when they implement IPv6. For most home setups it will be a
no-brainer. Services on public ips  will need dns updating.

Re: How could "they" get into your BIOS? ...

[Albretch Mueller]

On 8/12/22, David Wright  wrote:
> I typed the text at
> the top of the screen in your first image, and got plenty of
> suggestions from Dell, reddit, and some Scottish Uni gamers.

 Basically, what I distilled out of many of those posts is that you
should disable "Secure Boot", but I had already disabled it.

 I will keep fighting this matter and if/when I find a solution I will
post it here. There are many people using those DELL laptops some of
which use Debian.

 lbrtchx

Re: Verison IPv6 -- I want to stick with IPv4 (was Re: ipv6: static ipv6 address with dynamic network address possible?)

[mick.crane]

On 2022-08-13 10:37, Curt wrote:


 Getting Your IPv6 Addresses


with 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses you'd 
think everything could have it's own permanently but it would likely be 
too slow to find it without being able to narrow it down a bit and it 
would be a nightmare allocating numbers of scrapped devices?

mick

Re: netperf / MIT License is not open source?

[piorunz]

On 13/08/2022 18:30, Lee wrote:

I just noticed that the netperf package is in the [non-free] repository
   https://packages.debian.org/bullseye/netperf
which seems wrong.

Is the MIT license really not compatible with open source or is the
netperf package using outdated licensing info or .. what?


Very interesting. I don't know about this specific package, but MIT in
general is allowed in DSFG.

For example, this package is full MIT and its in Debian:
https://packages.debian.org/sid/kraptor

netperf license, as seen on
https://metadata.ftp-master.debian.org/changelogs//non-free/n/netperf/netperf_2.7.0-0.1_copyright,
still reads:

Copyright (C) 1993 Hewlett-Packard Company
ALL RIGHTS RESERVED.

It must have been recently this package changed from Copyright (C) 1993
Hewlett-Packard Company to MIT license, and Debian didn't catched up to
this fact yet?

Also their github README states:
"This version of netperf has been opensourced by Hewlett Packard
Enterprise using the MIT license."
And also
"Licenses updated."

Maybe older versions indeed were not under MIT.

EDIT: Ok I think I found it.
https://github.com/HewlettPackard/netperf/commit/2d88bcc75d97f462eafe8605f8da0c1f875b7dad

It seems that this package license has changed from full HP copyright to
MIT, on 20 January 2021.

Perhaps package needs updating in Debian repository :)



The debian package copyright file link points to
   
https://metadata.ftp-master.debian.org/changelogs//non-free/n/netperf/netperf_2.7.0-0.1_copyright
which has
   Upstream Authors:
   Copyright 1993-2007 Hewlett-Packard Company

but the homepage link points to
   https://github.com/HewlettPackard/netperf
which has a COPYING file pointing to
   https://github.com/HewlettPackard/netperf/blob/master/COPYING
which has
HewlettPackard/netperf is licensed under the
   MIT License
   #  Copyright 2021 Hewlett Packard Enterprise Development LP

Thanks
Lee



--
With kindest regards, Piotr.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄

auth log full with

[Maurizio Caloro]

 

every 2-3 second this log will by appair inside auth log, and i cant place
this correctly from where this come?

 

Aug 13 19:25:26 Cruscotto sshd[257257]: Unable to negotiate with
200.218.251.153 port 34480: no matching host key type found. Their offer:

ecdsa-sha2-nistp256,ecdsa-sha2->nistp384,ecdsa-sha2-nistp521,ecdsa-sha2-nist
p256-cert-...@openssh.com,

ecdsa-sha2-nistp384-cert-...@openssh.com
 ,
ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-rsa,ssh->dss [preauth]

 

how I can disable this?, I try solution with failban, but this want be
help!?

[sshd]

Enable  = true

Mode   = normal

Port   = ssh

Filter = sshd

Logpath = %(sshd_log)s

Backend = %(sshd_backend)s

 

Thanks

 

netperf / MIT License is not open source?

[Lee]

I just noticed that the netperf package is in the [non-free] repository
  https://packages.debian.org/bullseye/netperf
which seems wrong.

Is the MIT license really not compatible with open source or is the
netperf package using outdated licensing info or .. what?

The debian package copyright file link points to
  
https://metadata.ftp-master.debian.org/changelogs//non-free/n/netperf/netperf_2.7.0-0.1_copyright
which has
  Upstream Authors:
  Copyright 1993-2007 Hewlett-Packard Company

but the homepage link points to
  https://github.com/HewlettPackard/netperf
which has a COPYING file pointing to
  https://github.com/HewlettPackard/netperf/blob/master/COPYING
which has
   HewlettPackard/netperf is licensed under the
  MIT License
  #  Copyright 2021 Hewlett Packard Enterprise Development LP

Thanks
Lee

Re: Dell UltraSharp WB7022 4K UHD HDR USB Webcam

[David]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sat, 13 Aug 2022 17:59:22 +0800
Paul Wise  wrote:

> David asks:
> 
> > Anybody got this camera working on Debian.
> 
> I don't have this camera, but according to the Linux Hardware website,
> it supports the generic USB video camera protocol, so should work fine.
> There is one probe on the site that says the camera works fine too and
> that the submitter of the probe tested the camera and it works:
> 
> https://linux-hardware.org/?id=usb:413c-c015
> https://linux-hardware.org/?probe=b7efa7907b
> 
> Of course, there could be features only supported in the Windows
> software, but it sounds like the basic functionality should work.

Thanks for this.
Kind regards,

- -- 
David Crosswell
P.O. Box 477
100 Edward Street,
Charleville 4470
Queensland
Australia

david_crossw...@telaman.net.au

https://www.telaman.net.au/
-BEGIN PGP SIGNATURE-

iHUEARYIAB0WIQQCOO6PcEP/yHDNgpRhSrNaDCN/PwUCYvfa6AAKCRBhSrNaDCN/
P9NLAP9PhPkDfsYNG3HYPreTDGTZlqIlOPXcIeAkYd9WsCfQawD+Noal9b6rIzzL
ZxZP8iSzYm3JmD3H4yab3ZioNeKD4wk=
=zbld
-END PGP SIGNATURE-

Re: How could "they" get into your BIOS? ...

[Albretch Mueller]

On 8/12/22, David Christensen  wrote:
> When the laptop is off, insert the Debian Live media into a suitable
> port.  Power up the laptop and press the F12 key repeatedly until a boot
> menu is displayed.  Select the Debian Live media and boot.  If this does
> not work, post the messages displayed on the screen, the key(s) you
> pressed, and what happened.

 this is what I have been doing

> I am curious if removing the wireless card is related to the System Scan
> screenshots you posted (?).

 The wireless card I removed day 1 I got that laptop since this is my
work computer. All of that started happening afterwards. I am curious
to know why would DL care about a wireless card in a temperamental
way?

 lbrtchx

Re: replace corrupted emacs aspell dictionary

[Gregor Zattler]

Hi Thomas, Russel,
*  [2022-08-13; 06:37]:
> On Fri, Aug 12, 2022 at 07:38:31PM +, Russell L. Harris wrote:
>> I managed to approve incorrect spellings for several words in the
>> Emacs aspell dictionary.
>>
>> How can I replace the corrupted dictionary with a pristine copy?
>
> Caveat: not a regular user of aspell here: all what I know I do from
> asking aspell's man page.
>
> I assume that the changes have been done to your "personal dictionary
> file", not to the global one. According to the output of "aspell config",
> the former is supposed to live in my home directory, under the name
> ".aspell..pws", where  is the language cookie of interest
> (i.e. "en_US", "it_IT" or whatever).

these files (in my case ~/.aspell.de.pws and
~/.aspell.en.pws) contain (besides a header line) a list of
hopefully correct words, each word on it's own line.  It's
in chronological order of your additions, meaning the last
added word is on the last line.

If you have many correct words and only few not correct words
in it, it might be worthwhile to rescue the correct words.
You may simply open the file in any editor, delete the
words which are not correct and save the file.


Ciao; Gregor
--
 -... --- .-. . -.. ..--.. ...-.-

Re: Dell UltraSharp WB7022 4K UHD HDR USB Webcam

[Paul Wise]

David asks:

> Anybody got this camera working on Debian.

I don't have this camera, but according to the Linux Hardware website,
it supports the generic USB video camera protocol, so should work fine.
There is one probe on the site that says the camera works fine too and
that the submitter of the probe tested the camera and it works:

https://linux-hardware.org/?id=usb:413c-c015
https://linux-hardware.org/?probe=b7efa7907b

Of course, there could be features only supported in the Windows
software, but it sounds like the basic functionality should work.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: Low disk space warning in plasma5

[piorunz]

On 12/08/2022 11:24, Hans wrote:

Sorry, that is it not. You can only configure, HOW you are notified, but not
when. This is not the window, I am looking at.


Hans, I can see that no one was able to help, I suggest to ask on 
debian-kde group instead.


--
With kindest regards, Piotr.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄

Re: VMD in Debian?

[Paul Wise]

Boyan Penkov asked:

> Is https://salsa.debian.org/debichem-team/vmd maintained?
> Is there a recommended way to get [vmd] installed in Debian?

Looks like that hasn't been touched since 2013. It seems that vmd
cannot be included in Debian due to license reasons. Probably you could
build a Debian package using the packaging provided by the Debichem
team, please contact them if you want to improve the package.

https://salsa.debian.org/debichem-team/vmd/-/blob/wnpp/debian/README.source
https://salsa.debian.org/debichem-team/vmd/-/blob/wnpp/debian/README.Debian
https://wiki.debian.org/Debichem
https://blends.debian.org/debichem/tasks/

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part

Re: Verison IPv6 -- I want to stick with IPv4 (was Re: ipv6: static ipv6 address with dynamic network address possible?)

[Curt]

On 2022-08-13, David Wright  wrote:
> On Wed 10 Aug 2022 at 08:12:11 (-), Curt wrote:
>> I never realized that local addresses were fundamentally identical in all
>> local networks because there weren't enough addresses in the first place,
>
> Don't you need them to be identical because otherwise everybody
> would have to configure their border equipment (like routers)
> to recognise /their/ choice as local.

I guess they've got it all figured out.

> It's not clear, either, how you would select your own local
> range without accidentally choosing addresses that are in use
> somewhere on the globe, unless the choice was a fixed, well-
> known set of possible values (as it is: 10, 172.16–31, 192.168).

 The IETF RFC 7084 (formerly RFC 6204), Basic Requirements for IPv6
 Customer Edge Routers, provides a list of features that are desirable in
 a residential CPE device.  The University of New Hampshire
 InterOperability Laboratory (UNH-IOL) provides IPv6 Customer Edge (CE)
 interoperability testing.  The products that they test and certify are
 good examples of products that would be ideal for building a
 dual-protocol home lab. The Consumer Electronics Association (CEA) IPv6
 Transition Working Group (formed in 2011) has also concentrated their
 efforts on ensuring that consumer-electronics manufacturers are creating
 dual-protocol devices for home use.  Their CEA-2048, Host and Router
 Profiles for IPv6, effort provides guidance for home router vendors.

...

 Getting Your IPv6 Addresses
 Now that you have your network equipment upgraded and you are assured
 that your upstream connectivity support IPv6, you can connect it all
 together, power it on, and discovery if you have obtained a global IPv6
 address.  Your home router will receive an ICMPv6 Router Advertisement
 (RA) message from the upstream ISP network indicating that your CPE
 should proceed to use DHCPv6 to obtain its single external IPv6 address.
 The ISP likely operates a high-availability DHCPv6 service that receives
 the DHCPv6 Solicit messages from subscribers CPE and then determines the
 IPv6 addresses to allocate.  After that step is complete, your CPE will
 also send a subsequent DHCPv6 Prefix Delegation (PD) (RFC 3633) request
 to obtain an IPv6 prefix (typically a /64) to be used for the internal
 home LAN.  It is important to remember that this IPv6 address block is
 Provider Assigned (PA) and not Provider Independent (PI) and thus,
 non-portable between ISPs.  If you switch ISPs, then you will need to
 renumber any statically-assigned systems.  However, the new ISP will
 provide you a new IPv6 prefix from their block and the
 dynamically-assigned systems in your house should transition smoothly to
 the new address space.

https://blogs.infoblox.com/ipv6-coe/home-networking-with-ipv6/


> Cheers,
> David.
>
>


-- 

Re: Can I install Debian operating systems for money?

[Paul Wise]

Roman asked:

> Can I install Debian operating systems for money for my clients?

Yes. You can also get Debian to advertise your services.

Register here if you are selling Debian CD/DVD/USB media:

https://www.debian.org/CD/vendors/

Register here if you are selling devices with Debian preinstalled:

https://www.debian.org/distrib/pre-installed

Register here if you are selling consulting for Debian installation:

https://www.debian.org/consultants/

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


signature.asc
Description: This is a digitally signed message part