date:20230209

On Thu, Feb 09, 2023 at 03:16:49PM -0500, Dan Ritter wrote:
> gene heskett wrote: 
> > 
> > Chuckle... I might, but there also several switches in this lashup, the main
> > one claims to be managed but the other 2 are just glorified hubs. There's
> > even another router out in the shed but its running as a hub, radio turned
> > off just as are all the others here. They either come in on the cable modem
> > thru the NAT to get to my web page, or they don't get in. Nice cozy
> > feeling
> 
> The good news here is that your switches and hubs operate on
> the ethernet level, not the IP level, so they don't care whether
> they are passing IPv4 or IPv6 or something stranger.

I'll believe they aren't switches when I see they are not generating
layer three traffic ;-)

> A management interface on a switch might be IPv4 only, if it's
> particularly old.

The question would be if such a switch can "do" v6 nevertheless...

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: ipv6 maybe has arrived.

On Thu, Feb 09, 2023 at 02:46:51PM -0500, gene heskett wrote:
> On 2/9/23 04:13, Anssi Saari wrote:

[...]

> > I don't know why though. The other IPv6 access I have is through a VPN
> > and there, for privacy, of course my connection is NATted to the same
> > exit IPv6 address as everyone else's. IPv6 defines the range fc00::/7 as
> > unique local addresses which are similar to IPv4 private network ranges
> > and I get a local IPv6 address from that range from the VPN server.
> > 
> > .
> And where is that info published? Up till now I was not aware of an ipv6 equ
> to 192.168.xx.xx addresses.  That could make the cheese quite a bit less
> binding. :o)>

Not "equ" but just "similar". They are called "unique local addresses",
and, as always, Wikipedia [1] is your friend. You can go from there to
the relevant RFCs if you want *all* the gories. Wikipedia's IPv6 entry
[2] is highly recommended.

Yes, that info is published.

Cheers

[1] https://en.wikipedia.org/wiki/Unique_local_address
[2] https://en.wikipedia.org/wiki/IPv6
-- 
t


signature.asc
Description: PGP signature

Re: ipv6 maybe has arrived.

On Thu, Feb 09, 2023 at 04:22:52PM -0500, Stefan Monnier wrote:
> > has worked very well since redhat 5.0 in 1998.  The only thing I do is
> > a chattr +i on resolv.conf so network mangler can't putz with it. And
> 
> That kind of quick&dirty hack is fairly dangerous in the long run: as
> they accumulate, they increase the risk that one of them will lead to
> a completely unexpected behavior that nobody can predict/understand.

I have used that as a debugging device though: do the chattr and watch
the culprit screaming bloody murder in the logs.

Gives some amount of evil satisfaction ;-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: ipv6 maybe has arrived.

On Thu, Feb 09, 2023 at 05:17:42PM -0500, gene heskett wrote:
> On 2/9/23 15:57, Greg Wooledge wrote:

[...]

> Maybe I am the last on the planet still using hosts files [...]

Nonsense. I do use /etc/hosts profusely. If you have the right
incantation in /etc/nsswitch.conf (as Greg has said a couple
of times here) it should Just Work (TM).

Cheers
-- 
t

signature.asc
Description: PGP signature

Re: ipv6 maybe has arrived.

On Thu, Feb 09, 2023 at 03:32:46PM -0500, gene heskett wrote:
> On 2/9/23 07:53, to...@tuxteam.de wrote:
> > On Thu, Feb 09, 2023 at 07:32:18AM -0500, Greg Wooledge wrote:
> > 
> > [...]
> > 
> > > (I have no idea what mdns4_minimal is, but Debian put it there, and it
> > > hasn't caused a problem yet so I left it alone.)
> > 
> > This is a zeroconf thingy. My box hasn't that, because I banned Avahi
> > and its ilk long ago.
> > 
> > Just out of curiosity: does your box have one of those funny link-local
> > IPv4 169.254.xxx.yyy addresses?
> > 
> > Cheers
> 
> rant on:
> 
> Same here Tomas, anytime I see one of those  addresses, avahi is another
> NSFW word, and it goes out by way of rm [...]

Dunno. Debian here. I just don't install it. Works :-)

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: WiFi firmware issue in Bookworm


On 2023-02-09 22:09, The Wanderer wrote:

On 2023-02-09 at 21:39, Gary Dale wrote:


I'm trying to use a Linksys AE1200 wifi usb dongle as a second network
connection for my Bookworm workstation. The device shows up in lsusb but
not in ip link.

According to what I've found, it needs the brcmfmac driver module, which
seems to be in the 6.1 kernel and loaded:

$ lsmod | grep brcmfmac
brcmfmac  360448  0
brcmutil   20480  1 brcmfmac
cfg80211 1122304  1 brcmfmac
mmc_core  208896  1 brcmfmac
usbcore   344064  10
xhci_hcd,snd_usb_audio,usbhid,snd_usbmidi_lib,usblp,usb_storage,uvcvideo,brcmfmac,xhci_pci,uas

I'm using KDE/Plasma as my desktop and plasma-nm is loaded. However it
too doesn't seem to think that there is a wifi network.

Interestingly the device works in Bullseye as I installed Bullseye on
the computer that used to use it. That really only required downloading
the correct firmware package that contained the brcmfmac module. That
package no longer exists in Bookworm.

Would that be firmware-brcm80211?

That still exists in bookworm; it's just been moved to the new
non-free-firmware component, so it won't be showing up if your
sources.list doesn't reference that component (in addition to e.g. main,
contrib, and/or non-free).

There was another thread on this mailing list just within the past day
that asked a similar question regarding another firmware package, and
the replies to that question include links to the announcements about
the new component.


Thanks. That points then to a problem with the package.debian.org page - 
it doesn't seem to search the new section. I found the announcement when 
I searched for debian non-free firmware. Right now if you don't know it 
exists, you can't find it.  :(

Re: WiFi firmware issue in Bookworm


On 2023-02-09 22:07, piorunz wrote:

On 10/02/2023 02:39, Gary Dale wrote:
Interestingly the device works in Bullseye as I installed Bullseye on 
the computer that used to use it. That really only required 
downloading the correct firmware package that contained the brcmfmac 
module. That package no longer exists in Bookworm.


All you need to do, is to search for package, it may have different 
name under Bookworm. dmesg give you file name you want:


[  176.573530] usb 1-3.1: firmware: failed to load 
brcm/brcmfmac43236b.bin (-2)


apt-file search brcmfmac43236b.bin
firmware-brcm80211: /lib/firmware/brcm/brcmfmac43236b.bin

Install package firmware-brcm80211.


As I identified, that package doesn't exist in Bookworm:

# apt install firmware-brcm80211
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package firmware-brcm80211

Re: New Dell Inspiron 15 3000 Series 3511 sound problem on Debian 11 Stable

2023-02-09 Thread Timothy M Butterworth

On Thu, Feb 9, 2023 at 7:55 PM Default User 
wrote:

> Hello to all!
>
> I just got a brand new Dell Inspiron 15 3000 Series 3511 laptop.  Came
> with Windows (ugh!) preinstalled.
> My old Dell Inspiron 15 3000 Series 3542 laptop (made in 2014) just died.
> So this one should work, right?
>
> No.
>
> Unfortunately the new 3511 is quite different from the old 3542.  It
> mostly "sort of" works.
> But the sound will not work at all on Debian.
>
> Not wanting to immediately remove Windows and thus make it unreturnable, I
> have been trying to run it using a
> Debian 11 "Live" install USB thumb drive (Cinnamon desktop).  No sound at
> all.
>
> But . . .  it DOES work when running the computer from a USB thumb drive
> of the most recent version of
> SystemRescue!  So, it CAN work (somehow) on (some) Linux setups.
>
> Note: System Rescue is now based upon Arch Linux.
>
> Using the Debian 11 USB thumb drive, I was not able to do a complete
> update and upgrade - not enough room on the
> USB thumb drive.  I was able to install the pavucontrol package, which I
> recall has sometimes helped in the past.
> But still no sound.
>
> The dumbed-down make-believe BIOS on the new computer lists the Audio
> Controller as:
> "Cirrus Logic CS8409".
>
> SystemRescue reports under PCI devices:
> Intel Tiger Lake-LP Smart Sound Technology Audio Controller.
> "Driver in Use: snd_hda_intel Kernel modules: snd_hda_intel,
> snd_sof_pci_intel_tgl".
>
> In Debian 11 "Live", lspci -nn reports:
> "00:1f.3 Audio device [0403]: Intel Tiger Lake-LP Smart Sound Technology
> Audio Controller [8086:a0c8] (rev 20)".
>
> I poked around in the Debian wiki about fixing sound problems, but to be
> honest, much of it is over my head.
>
> So . . .  any advice on how to get sound to work on this computer?
> Or, failing that, any suggestions for a good (preferable affordable)
> laptop that plays nice with Debian?
>
> I guess I could try to use Arch or some other Linux distribution, but I
> have used Debian for many years, and would
> really hate changing to something else.
>

Debian 11 is showing its age. Try installing Bookworm!
https://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/weekly-builds/amd64/iso-dvd/

-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

Re: WiFi firmware issue in Bookworm

2023-02-09 Thread The Wanderer

On 2023-02-09 at 21:39, Gary Dale wrote:

> I'm trying to use a Linksys AE1200 wifi usb dongle as a second network 
> connection for my Bookworm workstation. The device shows up in lsusb but 
> not in ip link.
> 
> According to what I've found, it needs the brcmfmac driver module, which 
> seems to be in the 6.1 kernel and loaded:
> 
> $ lsmod | grep brcmfmac
> brcmfmac  360448  0
> brcmutil   20480  1 brcmfmac
> cfg80211 1122304  1 brcmfmac
> mmc_core  208896  1 brcmfmac
> usbcore   344064  10 
> xhci_hcd,snd_usb_audio,usbhid,snd_usbmidi_lib,usblp,usb_storage,uvcvideo,brcmfmac,xhci_pci,uas
> 
> I'm using KDE/Plasma as my desktop and plasma-nm is loaded. However it 
> too doesn't seem to think that there is a wifi network.
> 
> Interestingly the device works in Bullseye as I installed Bullseye on 
> the computer that used to use it. That really only required downloading 
> the correct firmware package that contained the brcmfmac module. That 
> package no longer exists in Bookworm.

Would that be firmware-brcm80211?

That still exists in bookworm; it's just been moved to the new
non-free-firmware component, so it won't be showing up if your
sources.list doesn't reference that component (in addition to e.g. main,
contrib, and/or non-free).

There was another thread on this mailing list just within the past day
that asked a similar question regarding another firmware package, and
the replies to that question include links to the announcements about
the new component.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw

signature.asc
Description: OpenPGP digital signature

Re: WiFi firmware issue in Bookworm

2023-02-09 Thread piorunz


On 10/02/2023 02:39, Gary Dale wrote:
Interestingly the device works in Bullseye as I installed Bullseye on 
the computer that used to use it. That really only required downloading 
the correct firmware package that contained the brcmfmac module. That 
package no longer exists in Bookworm.


All you need to do, is to search for package, it may have different name 
under Bookworm. dmesg give you file name you want:


[  176.573530] usb 1-3.1: firmware: failed to load 
brcm/brcmfmac43236b.bin (-2)


apt-file search brcmfmac43236b.bin
firmware-brcm80211: /lib/firmware/brcm/brcmfmac43236b.bin

Install package firmware-brcm80211.

--
With kindest regards, Piotr.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄

WiFi firmware issue in Bookworm

I'm trying to use a Linksys AE1200 wifi usb dongle as a second network 
connection for my Bookworm workstation. The device shows up in lsusb but 
not in ip link.


According to what I've found, it needs the brcmfmac driver module, which 
seems to be in the 6.1 kernel and loaded:


$ lsmod | grep brcmfmac
brcmfmac  360448  0
brcmutil   20480  1 brcmfmac
cfg80211 1122304  1 brcmfmac
mmc_core  208896  1 brcmfmac
usbcore   344064  10 
xhci_hcd,snd_usb_audio,usbhid,snd_usbmidi_lib,usblp,usb_storage,uvcvideo,brcmfmac,xhci_pci,uas


I'm using KDE/Plasma as my desktop and plasma-nm is loaded. However it 
too doesn't seem to think that there is a wifi network.


Interestingly the device works in Bullseye as I installed Bullseye on 
the computer that used to use it. That really only required downloading 
the correct firmware package that contained the brcmfmac module. That 
package no longer exists in Bookworm.


Dmesg reveals the problem:

[  176.393749] usb 1-3.1: new high-speed USB device number 6 using xhci_hcd
[  176.546464] usb 1-3.1: New USB device found, idVendor=13b1, 
idProduct=0039, bcdDevice= 0.01
[  176.546467] usb 1-3.1: New USB device strings: Mfr=1, Product=2, 
SerialNumber=3

[  176.546469] usb 1-3.1: Product: Linksys AE1200
[  176.546470] usb 1-3.1: Manufacturer: Cisco
[  176.546470] usb 1-3.1: SerialNumber: 0001
[  176.573466] brcmfmac: brcmf_fw_alloc_request: using 
brcm/brcmfmac43236b for chip BCM43235/3
[  176.573530] usb 1-3.1: firmware: failed to load 
brcm/brcmfmac43236b.bin (-2)
[  176.573535] usb 1-3.1: firmware: failed to load 
brcm/brcmfmac43236b.bin (-2)
[  176.573537] usb 1-3.1: Direct firmware load for 
brcm/brcmfmac43236b.bin failed with error -2

[  458.854083] usb 1-3.1: USB disconnect, device number 6
[  464.232185] usb 1-3.1: new high-speed USB device number 7 using xhci_hcd
[  464.392635] usb 1-3.1: New USB device found, idVendor=13b1, 
idProduct=0039, bcdDevice= 0.01
[  464.392642] usb 1-3.1: New USB device strings: Mfr=1, Product=2, 
SerialNumber=3

[  464.392644] usb 1-3.1: Product: Linksys AE1200
[  464.392645] usb 1-3.1: Manufacturer: Cisco
[  464.392646] usb 1-3.1: SerialNumber: 0001
[  464.422271] brcmfmac: brcmf_fw_alloc_request: using 
brcm/brcmfmac43236b for chip BCM43235/3
[  464.422449] usb 1-3.1: firmware: failed to load 
brcm/brcmfmac43236b.bin (-2)
[  464.422462] usb 1-3.1: firmware: failed to load 
brcm/brcmfmac43236b.bin (-2)
[  464.422465] usb 1-3.1: Direct firmware load for 
brcm/brcmfmac43236b.bin failed with error -2


Apparently the firmware isn't loading.

Any ideas on how to fix this?

Re: support for ASUS AC1200 USB-AC53 Nano wifi dongle

On 2023-02-08 10:55, Gary Dale wrote:

On 2023-02-08 09:07, Gary Dale wrote:

On 2023-02-08 00:55, Alexander V. Makartsev wrote:

On 08.02.2023 09:07, Gary Dale wrote:

I thought this would be easier than it's turned out to be. There
are Internet posts going back years about support for this device
but nothing recent - including a 5 year old Ubuntu post saying it
works. Other wifi devices seem to be recognized out of the box or
with a simple install of non-free firmware but not this one - at
least not in Bullseye or Bookworm.

The adapter itself seems to be quite popular so I'm hoping someone
can provide some clues on how to make it work

Thanks.

Your device should be based on "RTL8822B" chip from Realtek, so you
need to install "firmware-realtek" package.
If after doing that you still didn't get a functioning network wifi
adapter you might need to build driver kernel module. [1]
This is what I had to do to get USB Bluetooth adapter from Asus to
work without issues, even though it is supported by kernel in
"bullseye".

It is always the best to include extra information about your setup
when you asking for help.

At least output from these commands would be a start:
$ uname -a
$ lsusb -v -t
# journalctl -b 0 --no-pager | grep -iE "rtl|rtk_|firmware"

If the output is long you can use "paste" service [2] and send us a
link.

[1]
https://www.asus.com/ca-en/networking-iot-servers/adapters/all-series/usb-ac53-nano/helpdesk_download/?model2Name=USB-AC53-Nano

[2] https://paste.debian.net/
--
Thanks Alexander, but installing firmware-realtek doesn't work. It
was the first thing I tried. Secondly, the ASUS driver fails to
compile under Bullseye & later. It throws an error:

1.5_33902.20190604_COEX20180928-6a6a/include/rtw_security.h:255:8:
error: redefinition of ‘struct sha256_state’

255 | struct sha256_state {
| ^~~~

This is the same error I find in various drivers from GitHub. They
all seem to be for older kernels and no longer compile. The fact that
drivers have existed for so long was one reason I thought the device
should be reasonably supported by now.

I had considered posting the output of lsusb but it simply shows that
the device is recognized. Making it verbose returns a lot of
capabilities information but not much else. Here it is:

/: Bus 06.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/4p, 5000M
ID 1d6b:0003 Linux Foundation 3.0 root hub
/: Bus 05.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/4p, 480M
ID 1d6b:0002 Linux Foundation 2.0 root hub
|__ Port 1: Dev 3, If 0, Class=Vendor Specific Class, Driver=, 480M
ID 0b05:184c ASUSTek Computer, Inc.
/: Bus 04.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 1M
ID 1d6b:0003 Linux Foundation 3.0 root hub
|__ Port 2: Dev 2, If 0, Class=Mass Storage, Driver=uas, 5000M
ID 0080:a001 Unknown JMS578 based SATA bridge
/: Bus 03.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/2p, 480M
ID 1d6b:0002 Linux Foundation 2.0 root hub
/: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/8p, 1M
ID 1d6b:0003 Linux Foundation 3.0 root hub
/: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/14p, 480M
ID 1d6b:0002 Linux Foundation 2.0 root hub
|__ Port 13: Dev 2, If 0, Class=Mass Storage, Driver=usb-storage,
480M

ID 058f:6366 Alcor Micro Corp. Multi Flash Reader

The journalctl command returns nothing.

Found a github repository that compiles on Bullseye at
https://github.com/morrownr/88x2bu. Then it's a matter of doing the
following as root

git clone https://github.com/morrownr/88x2bu-20210702## date string
may different

cd 88x2bu-20210702
make clean
make
make install

then rebooting. The wifi dongle now shows in "ip addr".

Had the wrong git command - now corrected above.

Ended up having another issue after I got it installed (on a friend's
machine that had been running Windows 7 badly but is now running
Bullseye nicely). Their residence doesn't use a WiFi password, so I
thought the device should just connect. Turns out there was a device
fingerprinting system in place that worked with an annual voucher number
you had to enter to connect to the Internet. Once I got the number,
things worked perfectly.

Re: support for ASUS AC1200 USB-AC53 Nano wifi dongle


On 2023-02-09 03:30, Anssi Saari wrote:

Gary Dale  writes:


I thought this would be easier than it's turned out to be. There are Internet 
posts going back years about support for this device but nothing recent -
including a 5 year old Ubuntu post saying it works. Other wifi devices seem to 
be recognized out of the box or with a simple install of non-free firmware but
not this one - at least not in Bullseye or Bookworm.

Hm. What I found was the driver has been integrated in kernel 6.2 and if
you need to build it for an older kernel, then they're supported too.
Versions 5.12-6.2 have community support and 4.19-5.11 are supported by
Realtek. I don't know what that means exactly though.

Source: https://github.com/morrownr/88x2bu-20210702

I can try to build this with Debian's stable 5.10 kernel at some point
but I don't have the hardware.

Thanks. Found that github repo myself. I hope you are right about 6.2 
integration, but I'm not sure we'll get there with Bookworm...

New Dell Inspiron 15 3000 Series 3511 sound problem on Debian 11 Stable

2023-02-09 Thread Default User

Hello to all!

I just got a brand new Dell Inspiron 15 3000 Series 3511 laptop.  Came with
Windows (ugh!) preinstalled.
My old Dell Inspiron 15 3000 Series 3542 laptop (made in 2014) just died.
So this one should work, right?

No.

Unfortunately the new 3511 is quite different from the old 3542.  It mostly
"sort of" works.
But the sound will not work at all on Debian.

Not wanting to immediately remove Windows and thus make it unreturnable, I
have been trying to run it using a
Debian 11 "Live" install USB thumb drive (Cinnamon desktop).  No sound at
all.

But . . .  it DOES work when running the computer from a USB thumb drive of
the most recent version of
SystemRescue!  So, it CAN work (somehow) on (some) Linux setups.

Note: System Rescue is now based upon Arch Linux.

Using the Debian 11 USB thumb drive, I was not able to do a complete update
and upgrade - not enough room on the
USB thumb drive.  I was able to install the pavucontrol package, which I
recall has sometimes helped in the past.
But still no sound.

The dumbed-down make-believe BIOS on the new computer lists the Audio
Controller as:
"Cirrus Logic CS8409".

SystemRescue reports under PCI devices:
Intel Tiger Lake-LP Smart Sound Technology Audio Controller.
"Driver in Use: snd_hda_intel Kernel modules: snd_hda_intel,
snd_sof_pci_intel_tgl".

In Debian 11 "Live", lspci -nn reports:
"00:1f.3 Audio device [0403]: Intel Tiger Lake-LP Smart Sound Technology
Audio Controller [8086:a0c8] (rev 20)".

I poked around in the Debian wiki about fixing sound problems, but to be
honest, much of it is over my head.

So . . .  any advice on how to get sound to work on this computer?
Or, failing that, any suggestions for a good (preferable affordable) laptop
that plays nice with Debian?

I guess I could try to use Arch or some other Linux distribution, but I
have used Debian for many years, and would
really hate changing to something else.

Re: ipv6 maybe has arrived.

On Thu, Feb 09, 2023 at 05:17:42PM -0500, gene heskett wrote:
> Maybe I am the last on the planet still using hosts files, but I doubt that

You are not.  Some of my systems at work use them.  Technically, they
*all* do if you count the mandatory entries for the NIS servers.

> I also think it would be foolhardy to publish all that on a public list.

All you need to do is find ONE computer which can't ping one OTHER
computer, due to name lookup failure.

This gives us two hostnames.  The one you're typing the commands on,
and the one you're trying to ping.  Let's call them "source" and "dest".

We don't care ANYTHING about how dest is configured.  It's totally
irrelevant.  "dest" doesn't even have to exist.  It could be entirely
imaginary.  All that matters is "source" THINKS it exists.

What we care about is how "source" is configured.  So, we'll want the
version of Debian that it's running, and then the following:

1) A paste of you running "ping dest" and the resulting output.

2) A paste of you running "getent hosts dest" and the resulting output.

3) A paste of "grep hosts: /etc/nsswitch.conf".

4) A paste of "grep -i dest /etc/hosts".

5) A paste of "cat /etc/host.conf".

6) A paste of "cat /etc/resolv.conf".

Just now, on my own system, I did an "strace getent hosts gene" to see
what files it looks at.  The results were surprising.

The first file it looks at (besides libraries and locale stuff) is
/etc/host.conf.  The second file it looks at is /etc/resolv.conf.  The
third is /etc/nsswitch.conf.  The fourth is /etc/hosts.  (It actually
opens this one twice, and I have no idea why.)

This tells me that my knowledge of Linux name resolution is incomplete.
Clearly there're some things I still need to learn, and I'm happy to
do that.

If you'd like us to help you solve your name resolution problem while
we're learning, we're going to need all of the relevant details.

Re: ipv6 maybe has arrived.


On 2/9/23 17:41, jeremy ardley wrote:


On 10/2/23 05:32, Michel Verdier wrote:

Le 9 février 2023 gene heskett a écrit :

And where is that info published? Up till now I was not aware of an 
ipv6 equ

to 192.168.xx.xx addresses.  That could make the cheese quite a bit less
binding. :o)>

You could find a nice list here:
https://www.apnic.net/get-ip/faqs/what-is-an-ip-address/ipv6-address-types/

Every IPv6 aware interface will generate a fixed IP address in addition 
to any configured by DHCP or DNS or configuration file.


It's of the form fe80:

If you use command

ip a

You will see the fe80 addresses assigned to the interfaces.

you can ping them as in

ping fe80::87d:c6ff:fea4:a6fc

you can ssh to them

ssh username@fe80::87d:c6ff:fea4:a6fc

you can add them to /etc/hosts

fe80::87d:c6ff:fea4:a6fc my_file_server_1

and then ssh to them as

ssh username@my_file_server_1

or ping my_file_server_1

So without any infrastructure at all you too can be using ipv6

Jeremy

Possibly enlightening experience, AFTER I remove the # comments in front 
of the ipv6 stuff the installer put there and reboot.


Thank you Jeremy.

.


Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page

Re: ipv6 maybe has arrived.


On 2/9/23 16:33, Michel Verdier wrote:

Le 9 février 2023 gene heskett a écrit :


And where is that info published? Up till now I was not aware of an ipv6 equ
to 192.168.xx.xx addresses.  That could make the cheese quite a bit less
binding. :o)>


You could find a nice list here:
https://www.apnic.net/get-ip/faqs/what-is-an-ip-address/ipv6-address-types/

.

Interesting, bookmarked FFS.   Thank you Michel.

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page

Re: ipv6 maybe has arrived.

2023-02-09 Thread jeremy ardley




On 10/2/23 05:32, Michel Verdier wrote:

Le 9 février 2023 gene heskett a écrit :


And where is that info published? Up till now I was not aware of an ipv6 equ
to 192.168.xx.xx addresses.  That could make the cheese quite a bit less
binding. :o)>

You could find a nice list here:
https://www.apnic.net/get-ip/faqs/what-is-an-ip-address/ipv6-address-types/

Every IPv6 aware interface will generate a fixed IP address in addition 
to any configured by DHCP or DNS or configuration file.


It's of the form fe80:

If you use command

ip a

You will see the fe80 addresses assigned to the interfaces.

you can ping them as in

ping fe80::87d:c6ff:fea4:a6fc

you can ssh to them

ssh username@fe80::87d:c6ff:fea4:a6fc

you can add them to /etc/hosts

fe80::87d:c6ff:fea4:a6fc my_file_server_1

and then ssh to them as

ssh username@my_file_server_1

or ping my_file_server_1

So without any infrastructure at all you too can be using ipv6

Jeremy

Re: ipv6 maybe has arrived.


On 2/9/23 15:57, Greg Wooledge wrote:

On Thu, Feb 09, 2023 at 03:47:37PM -0500, gene heskett wrote:

you refuse to answer the question asked. from that machine to any other
machine on my net "ssh -Y othermachines' alias as shown in the hosts file..
response was not found.  Ditto for a ping unless I gave ping the actual ipv4
address.


ping and ssh are both dynamically linked against libc6 on Debian, and
have been for a very long time.  They should therefore be using the libc6
resolver code.  They should be following the DOCUMENTED rules for name
resolution, beginning with nsswitch.conf.

If you believe you've found a bug in the libc6 name resolver, that
would be a very important bug to get fixed.  Therefore, it would be
extremely helpful if you could describe how to reproduce your results.
We need ALL the details.  Every single piece of the puzzle, please.

I have showno that on my Debian 11 system, without any of your
/etc/host.conf style configuration in /etc/resolv.conf, everything works
as I expect, and as the documentation describes.

You have not shown anything similar on your computer, which is (so far
as we're aware) the ONLY Debian computer in the whole world having this
problem.

.
Maybe I am the last on the planet still using hosts files, but I doubt 
that as I know of a business with a block of 16 addresses still using 
hosts files. Has for nearly 30 years as we were the first tv station in 
the country to setup a web page, letting folks dial it up and read the 
news about 5 minutes after it aired. On a dialup circuit with an amiga 
2000.  So I am not new to this networking thing.


I also think it would be foolhardy to publish all that on a public list.
nuff said. I also think its a waste of resources to run a dns server on 
everything here, when a perfectly functional dns is 22 milliseconds away 
at my isp. /etc/nsswitch.conf has 10 active lines. probably unmodified 
since the bullseye install. And none of it makes any sense to me.  There 
is absolutely nothing in any of the man pages that could actually be 
used to fix a problem. My way Just Works provided avahi is rm'd. 
Security by obscurity is not an answer.  Rewrite the man pages to 
explain exactly what is going on if you want to teach us how to fix our 
own problems. What works for me make sense, which is a hell of a lot 
more than I can say for the man pages on this stuff. And with that, I'm 
out of here.


Take care and stay well Greg.

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page

Re: ipv6 maybe has arrived.

2023-02-09 Thread Michel Verdier

Le 9 février 2023 gene heskett a écrit :

> And where is that info published? Up till now I was not aware of an ipv6 equ
> to 192.168.xx.xx addresses.  That could make the cheese quite a bit less
> binding. :o)>

You could find a nice list here:
https://www.apnic.net/get-ip/faqs/what-is-an-ip-address/ipv6-address-types/

Re: ipv6 maybe has arrived.

On Thu, Feb 09, 2023 at 04:22:52PM -0500, Stefan Monnier wrote:
> > has worked very well since redhat 5.0 in 1998.  The only thing I do is
> > a chattr +i on resolv.conf so network mangler can't putz with it. And
> 
> That kind of quick&dirty hack is fairly dangerous in the long run: as
> they accumulate, they increase the risk that one of them will lead to
> a completely unexpected behavior that nobody can predict/understand.
> 
> Quick&dirty hacks are very handy, and I use them on a regular basis, but
> if experience has taught me anything its that they have to be short term
> and hence accompanied with a parallel effort to try&fix the origin of
> the problem.

More to the point, it's not causing Gene's problem with ping and ssh
name resolution.

unicorn:~$ lsattr /etc/resolv.conf
i-e--- /etc/resolv.conf

I have the same setup.  Whatever is different about Gene's system to
cause the issues he's seeing is something else.

Re: ipv6 maybe has arrived.

2023-02-09 Thread Stefan Monnier

> has worked very well since redhat 5.0 in 1998.  The only thing I do is
> a chattr +i on resolv.conf so network mangler can't putz with it. And

That kind of quick&dirty hack is fairly dangerous in the long run: as
they accumulate, they increase the risk that one of them will lead to
a completely unexpected behavior that nobody can predict/understand.

Quick&dirty hacks are very handy, and I use them on a regular basis, but
if experience has taught me anything its that they have to be short term
and hence accompanied with a parallel effort to try&fix the origin of
the problem.


Stefan

Re: ipv6 maybe has arrived.

On Thu, Feb 09, 2023 at 03:47:37PM -0500, gene heskett wrote:
> you refuse to answer the question asked. from that machine to any other
> machine on my net "ssh -Y othermachines' alias as shown in the hosts file..
> response was not found.  Ditto for a ping unless I gave ping the actual ipv4
> address.

ping and ssh are both dynamically linked against libc6 on Debian, and
have been for a very long time.  They should therefore be using the libc6
resolver code.  They should be following the DOCUMENTED rules for name
resolution, beginning with nsswitch.conf.

If you believe you've found a bug in the libc6 name resolver, that
would be a very important bug to get fixed.  Therefore, it would be
extremely helpful if you could describe how to reproduce your results.
We need ALL the details.  Every single piece of the puzzle, please.

I have showno that on my Debian 11 system, without any of your
/etc/host.conf style configuration in /etc/resolv.conf, everything works
as I expect, and as the documentation describes.

You have not shown anything similar on your computer, which is (so far
as we're aware) the ONLY Debian computer in the whole world having this
problem.

Re: ipv6 maybe has arrived.


On 2/9/23 15:19, Greg Wooledge wrote:

On Thu, Feb 09, 2023 at 03:02:22PM -0500, gene heskett wrote:

Just last week I added another bpi5, copied the /etc/hosts file and
restarted networking. It could NOT find the other machines on my net UNTIL I
added that search directive to resolv.conf.  This net is about 50/50 buster
and bullseye.


Define "find".  What command did you run?  What was the result?  What
were all of the relevant pieces of the name lookup configuration at
that moment?

unicorn:~$ grep hosts: /etc/nsswitch.conf
hosts:  files mdns4_minimal [NOTFOUND=return] dns
unicorn:~$ cat /etc/resolv.conf
search wooledge.org
nameserver 127.0.0.1
nameserver 10.0.0.1
nameserver 8.8.8.8
unicorn:~$ grep gene /etc/hosts
11.12.13.14 hi.gene
unicorn:~$ getent hosts hi.gene
11.12.13.14 hi.gene
unicorn:~$ ping hi.gene
PING hi.gene (11.12.13.14) 56(84) bytes of data.
^C
--- hi.gene ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1002ms

If "find" for you means "I ran a CnC program that was written in 1995
and is a statically linked binary" then it's conceivable that it would
be looking for /etc/host.conf definitions, because it was statically
linked with libc5 resolver code.  In that case, I would expect that
adding the proper libc5 setup in /etc/host.conf would cause it to start
working.

Is it POSSIBLE that the libc5 resolver code from the mid 1990s would
also look for host.conf stuff in resolv.conf?  Uh... maybe, I don't know.
Who the hell knows.  We would have to have your program (or something
from that age) to test with.  Maybe strace it and see what it does.

But I can't imagine why you would go against all of the documented
practices of the time, and put the configuration in the wrong file.
Even in this incredibly hypothetical case.

There was also a libc4, but I don't remember how it worked.  It was
much, much too long ago.  Early 1990s.  If what you're doing is from
the libc4 days, then I will apologize.  But you've gotta find a single
piece of documentation that supports what you're doing.

.
you refuse to answer the question asked. from that machine to any other 
machine on my net "ssh -Y othermachines' alias as shown in the hosts 
file.. response was not found.  Ditto for a ping unless I gave ping the 
actual ipv4 address.


This is all faily modern 64 bit hardware, all boxes are running an ssh 
server and are accessible via an sshfs mount.

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page

Re: ipv6 maybe has arrived.

2023-02-09 Thread Dan Ritter

gene heskett wrote: 
> 
> Chuckle... I might, but there also several switches in this lashup, the main
> one claims to be managed but the other 2 are just glorified hubs. There's
> even another router out in the shed but its running as a hub, radio turned
> off just as are all the others here. They either come in on the cable modem
> thru the NAT to get to my web page, or they don't get in. Nice cozy
> feeling

The good news here is that your switches and hubs operate on
the ethernet level, not the IP level, so they don't care whether
they are passing IPv4 or IPv6 or something stranger.

A management interface on a switch might be IPv4 only, if it's
particularly old.

-dsr-

Re: ipv6 maybe has arrived.


On 2/9/23 07:53, to...@tuxteam.de wrote:

On Thu, Feb 09, 2023 at 07:32:18AM -0500, Greg Wooledge wrote:

[...]


(I have no idea what mdns4_minimal is, but Debian put it there, and it
hasn't caused a problem yet so I left it alone.)


This is a zeroconf thingy. My box hasn't that, because I banned Avahi
and its ilk long ago.

Just out of curiosity: does your box have one of those funny link-local
IPv4 169.254.xxx.yyy addresses?

Cheers


rant on:

Same here Tomas, anytime I see one of those  addresses, avahi is another 
NSFW word, and it goes out by way of rm. That thing has caused me enough 
trouble to last a lifetime, insisting on making that 169.xx.xx.xx  the 
default route. And regardless of the magic you put in 
/etc/network/interfaces, it cannot be removed by anything but rm. When 
its there, you can't even post a message asking how to get rid of it 
legally. I'll not name names here because it would trigger another war. 
BETTER YET GET RID OF ITS DEPENDENCY'S so the package manager won't tear 
the system out by its roots removing in it. Better yet, nuke the 
repository that holds its master copy.


/rant off.

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page

Re: ipv6 maybe has arrived.

On Thu, Feb 09, 2023 at 03:02:22PM -0500, gene heskett wrote:
> Just last week I added another bpi5, copied the /etc/hosts file and
> restarted networking. It could NOT find the other machines on my net UNTIL I
> added that search directive to resolv.conf.  This net is about 50/50 buster
> and bullseye.

Define "find".  What command did you run?  What was the result?  What
were all of the relevant pieces of the name lookup configuration at
that moment?

unicorn:~$ grep hosts: /etc/nsswitch.conf 
hosts:  files mdns4_minimal [NOTFOUND=return] dns
unicorn:~$ cat /etc/resolv.conf
search wooledge.org
nameserver 127.0.0.1
nameserver 10.0.0.1
nameserver 8.8.8.8
unicorn:~$ grep gene /etc/hosts
11.12.13.14 hi.gene
unicorn:~$ getent hosts hi.gene
11.12.13.14 hi.gene
unicorn:~$ ping hi.gene
PING hi.gene (11.12.13.14) 56(84) bytes of data.
^C
--- hi.gene ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1002ms

If "find" for you means "I ran a CnC program that was written in 1995
and is a statically linked binary" then it's conceivable that it would
be looking for /etc/host.conf definitions, because it was statically
linked with libc5 resolver code.  In that case, I would expect that
adding the proper libc5 setup in /etc/host.conf would cause it to start
working.

Is it POSSIBLE that the libc5 resolver code from the mid 1990s would
also look for host.conf stuff in resolv.conf?  Uh... maybe, I don't know.
Who the hell knows.  We would have to have your program (or something
from that age) to test with.  Maybe strace it and see what it does.

But I can't imagine why you would go against all of the documented
practices of the time, and put the configuration in the wrong file.
Even in this incredibly hypothetical case.

There was also a libc4, but I don't remember how it worked.  It was
much, much too long ago.  Early 1990s.  If what you're doing is from
the libc4 days, then I will apologize.  But you've gotta find a single
piece of documentation that supports what you're doing.

Re: ipv6 maybe has arrived.


On 2/9/23 07:32, Greg Wooledge wrote:

On Thu, Feb 09, 2023 at 02:54:01AM -0500, gene heskett wrote:

Where you run a dns of sorts, I don't, resolv.conf says check host first,
then query the router which forwards it to the nameserver at my isp.


Gene, we've been over this MANY times in the last several years.  I'll
repeat it once more here:

Whatever you think you've done in resolv.conf to change the name service
order has NO EFFECT in reality.  You are conflating things from the old
libc5 days with their modern equivalents, and you've got them all mixed
together in a nonsense configuration.

And every time I tell you this, it just slides right off.  Nevertheless,
I'm trying again.

Name service switch configuration in the modern libc6 days is contained
in the /etc/nsswitch.conf file.  This is where your system defines
"local files first, then DNS" or whatever other order you want.

It USED TO BE in the /etc/host.conf file.  See for example
, last updated in 1996.

Somehow, you have taken configuration that would have been in the
/etc/host.conf file in 1996, and moved it to /etc/resolv.conf on
your system, and you have convinced yourself that this actually does
something.

Name service order is defined by the "hosts:" line in /etc/nsswitch.conf.
Mine says this:

unicorn:~$ grep hosts /etc/nsswitch.conf
hosts:  files mdns4_minimal [NOTFOUND=return] dns

which means "local files first, then this mdns4_minimal thing, and if
that says notfound, then stop and use that result, but if it doesn't
work at all, then use DNS".

(I have no idea what mdns4_minimal is, but Debian put it there, and it
hasn't caused a problem yet so I left it alone.)

The /etc/resolv.conf file is used by the DNS resolver, to decide what
nameserver(s) to use (their IP addresses must be listed), and in some
cases, what domain names to append to the input, and when to append
them (or not append them).

unicorn:~$ cat /etc/resolv.conf
search wooledge.org
nameserver 127.0.0.1
nameserver 10.0.0.1
nameserver 8.8.8.8

Mine says "append .wooledge.org to any name without any dots in it, and
try the nameserver at 127.0.0.1 first, then the nameserver at 10.0.0.1,
and finally the nameserver at 8.8.8.8".

I use this nameserver configuration because I run a dnscache locally
(127.0.0.1) which should be the primary and preferred source of DNS
information.  But if for some reason that's not available, it should
try the router's forwarding nameserver (10.0.0.1), which is configured
by my ISP's DHCP server, and forwards to my ISP.  And if *that's* not
available or not working, then fall back to Google's 8.8.8.8 nameserver
as the last resort.

I also go out of my way to ensure that this file is never modified
by anything other than me.  This is not a laptop or a phone.  It
doesn't move around to various networks, so I don't want a dynamic
nameserver configuration.  I want THIS configuration, at all times,
period.  If anyone else wants help doing that, see
.

.
Yes Greg, you keep telling me that. But I'm in the process of bringing 
up a 3dprinter farm, each printer with a bpi5 to manage octoprint. Joing 
the other 4 on this net running buster and linuxcnc.


Just last week I added another bpi5, copied the /etc/hosts file and 
restarted networking. It could NOT find the other machines on my net 
UNTIL I added that search directive to resolv.conf.  This net is about 
50/50 buster and bullseye.


If what you say is true, that should not have been the fix, so explain 
again why its not working, cuz it is.



Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page

Re: ipv6 maybe has arrived.


On 2/9/23 04:13, Anssi Saari wrote:

jeremy ardley  writes:


In the case of adding IPv6 without NAT, then without a firewall, external 
baddies can connect unsolicited to your internal devices. Some of your devices 
will
have their own personal firewalls already, e.g. any windows machine. Some 
won't, e.g. a printer. In the printer case it would be unfortunate if your 
printer
suddenly started printing out obscenites.. You get the picture.


One point about the IPv6 without NAT: for external connectivity, you
still need to explicitly allow IP forwarding in the *router* and also in
the router's firewall. In Linux terms of course, but Gene said he has
dd-wrt in his router.

If forwarding is not enabled, then the LAN IPv6 hosts are just as
isolated from incoming traffic from the internet as hosts behind NAT.

This was a happy revelation when I started playing with IPv6 last
year. Mostly because systemd-networkd grew built in 6rd support and
that's all my extremely backward ISP does for IPv6 so it was super easy
to try.


The other option of NAT for your IPv6 is frowned on


I don't know why though. The other IPv6 access I have is through a VPN
and there, for privacy, of course my connection is NATted to the same
exit IPv6 address as everyone else's. IPv6 defines the range fc00::/7 as
unique local addresses which are similar to IPv4 private network ranges
and I get a local IPv6 address from that range from the VPN server.

.
And where is that info published? Up till now I was not aware of an ipv6 
equ to 192.168.xx.xx addresses.  That could make the cheese quite a bit 
less binding. :o)>


Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page

Re: ipv6 maybe has arrived.


On 2/9/23 03:33, to...@tuxteam.de wrote:

On Thu, Feb 09, 2023 at 03:00:24AM -0500, gene heskett wrote:


This would suggest that the  record for yahoo is available, but the
v6 connectivity is not.

Show us the result of 'ip addr list'  on your box...

Cheers

  ip addr list.{Munged}

1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1:  mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
 link/ether munged brd ff:ff:ff:ff:ff:ff
 altname enp0s31f6
 inet munged brd munged scope global noprefixroute eno1
valid_lft forever preferred_lft forever
 inet6 fe80::42b0:76ff:fe5b:113c/64 scope link noprefixroute
valid_lft forever preferred_lft forever


Thanks. What I see is that the only ipv6 addresses you have are the
"::1/128" on lo (this is the v6 equivalent to the v4 127.0.0.1) and
that "fe80:...", which is a v6 link local address [1]. Your computer
won't get as far as your Ethernet cable with that, so that'd explain
the "no route to host".

This means that your computer isn't getting a viable IPv6 address.

This may sound paradoxical, since "v6 host resolution" is working,
but is not, because both are decoupled: the DNS request/reply is
giving you the A (aka v4) and  (v6) records over ipv4. The
higher layer protocol (DNS) doesn't care what kind the lower layer
(IP) was over which it was transported.

If you care about v6 (or are just curious), you might try to debug
your v6 setup until you get it working or find out that your provider
isn't playing along after all.

You'd start with your local network: that should always be possible.
Then work your way upstream to your router.

Cheers

[1] https://en.wikipedia.org/wiki/Link-local_address#IPv6


Chuckle... I might, but there also several switches in this lashup, the 
main one claims to be managed but the other 2 are just glorified hubs. 
There's even another router out in the shed but its running as a hub, 
radio turned off just as are all the others here. They either come in on 
the cable modem thru the NAT to get to my web page, or they don't get 
in. Nice cozy feeling


Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page

Re: bookworm

2023-02-09 Thread David

On Thu, 9 Feb 2023 at 23:32, Tixy  wrote:
> On Thu, 2023-02-09 at 11:38 +0100, Dariusz wrote:

> > Hi, is there any chance for WiFi firmware-atheros for Bookworm in the
> > estimated time?

> If you mean firmware-atheros appears to be missing, it could be that
> it's moved from the 'non-free' section of the archive, to the new
> section 'non-free-firmware'. See...
> https://lists.debian.org/debian-user/2023/01/msg00706.html

More info available here:
  
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-whats-new.en.html#archive-areas
  
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.en.html#non-free-split

Re: No USB with qemu+macOS+USB+iPads

2023-02-09 Thread Max Nikulin


On 09/02/2023 01:23, Charles Curley wrote:

On Wed, 8 Feb 2023 22:07:37 +0700
Max Nikulin wrote:


Does it work if you pass a USB device to a Linux
guest (e.g. boot some live image)?


Yes. I can hand a USB memory stick to a Debian guest, Debian installer,
bullseye and bookworm. Host is bullseye. One must still mount it on the
guest.


My question was addressed to stand...@gmx.net with hope to determine if 
the problem is related to qemu configuration or to missing drivers in 
macOSX. Unsure if qemu allows to change the kind of USB bridges (similar 
to e.g. ethernet adapters).


Concerning USB configuration, devices are specified in different ways.
stand...@gmx.net:

 -device usb-host,vendorid=0x8086,productid=0x0808

Charles Curley:

-device usb-host,hostdevice=/dev/bus/usb/002/006,id=hostdev0,bus=usb.0,port=4

Re: ipv6 maybe has arrived.

On Thu, Feb 09, 2023 at 08:11:15AM -0500, Greg Wooledge wrote:
> On Thu, Feb 09, 2023 at 01:52:42PM +0100, to...@tuxteam.de wrote:

[...]

> > Just out of curiosity: does your box have one of those funny link-local
> > IPv4 169.254.xxx.yyy addresses?
> 
> Nope.

[...]

> inet6 fe80::1a60:24ff:fe77:5cec/64 scope link 
>valid_lft forever preferred_lft forever

...only the v6 link local. Thanks :)

Cheers
.. 
t


signature.asc
Description: PGP signature

Re: ipv6 maybe has arrived.

On Thu, Feb 09, 2023 at 01:52:42PM +0100, to...@tuxteam.de wrote:
> On Thu, Feb 09, 2023 at 07:32:18AM -0500, Greg Wooledge wrote:
> 
> [...]
> 
> > (I have no idea what mdns4_minimal is, but Debian put it there, and it
> > hasn't caused a problem yet so I left it alone.)
> 
> This is a zeroconf thingy. My box hasn't that, because I banned Avahi
> and its ilk long ago.
> 
> Just out of curiosity: does your box have one of those funny link-local
> IPv4 169.254.xxx.yyy addresses?

Nope.

unicorn:~$ ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host 
   valid_lft forever preferred_lft forever
2: lan0:  mtu 1500 qdisc pfifo_fast state UP 
group default qlen 1000
link/ether 18:60:24:77:5c:ec brd ff:ff:ff:ff:ff:ff
inet 10.0.0.7/24 brd 10.0.0.255 scope global dynamic lan0
   valid_lft 74846sec preferred_lft 74846sec
inet6 fe80::1a60:24ff:fe77:5cec/64 scope link 
   valid_lft forever preferred_lft forever

Re: support for ASUS AC1200 USB-AC53 Nano wifi dongle

"Alexander V. Makartsev"  writes:

> Good to hear you've made it working.
> You might want to walk an extra mile and setup DKMS [1][2] for it, so it will 
> automatically re-compile and re-install itself after every kernel image 
> update.
>  
>
> [1] https://manpages.debian.org/bullseye/dkms/dkms.8.en.html
> [2] https://www.xmodulo.com/build-kernel-module-dkms-linux.html

The source actually even includes a dkms.conf file which sets
AUTOINSTALL="yes" and an install script which does dkms add/build/install.

Re: ipv6 maybe has arrived.

On Thu, Feb 09, 2023 at 07:32:18AM -0500, Greg Wooledge wrote:

[...]

> (I have no idea what mdns4_minimal is, but Debian put it there, and it
> hasn't caused a problem yet so I left it alone.)

This is a zeroconf thingy. My box hasn't that, because I banned Avahi
and its ilk long ago.

Just out of curiosity: does your box have one of those funny link-local
IPv4 169.254.xxx.yyy addresses?

Cheers
-- 
t

signature.asc
Description: PGP signature

Re: ipv6 maybe has arrived.

jeremy ardley  writes:

> On 9/2/23 17:13, Anssi Saari wrote:
>> If forwarding is not enabled, then the LAN IPv6 hosts are just as
>> isolated from incoming traffic from the internet as hosts behind NAT.
>>
> If you don't have IPv6 forwarding on the router then none of your
> internal hosts will be able to communicate on IPv6 beyond your
> router.

> with ip6tables it's dead easy to block unsolicited connections yet
> still allow outgoing and incoming related/established traffic.

Which is exactly what I mean. Those rules go in the forward chain hence
I call it forwarding. I know there's the other forwarding too on the
kernel level but it's not really relevant for the reason you gave.

Re: bookworm

2023-02-09 Thread Tixy

On Thu, 2023-02-09 at 11:38 +0100, Dariusz wrote:
> Hi, is there any chance for WiFi firmware-atheros for Bookworm in the 
> estimated time?

If you mean firmware-atheros appears to be missing, it could be that
it's moved from the 'non-free' section of the archive, to the new
section 'non-free-firmware'. See...
https://lists.debian.org/debian-user/2023/01/msg00706.html

-- 
Tixy

Re: ipv6 maybe has arrived.

On Thu, Feb 09, 2023 at 02:54:01AM -0500, gene heskett wrote:
> Where you run a dns of sorts, I don't, resolv.conf says check host first,
> then query the router which forwards it to the nameserver at my isp.

Gene, we've been over this MANY times in the last several years.  I'll
repeat it once more here:

Whatever you think you've done in resolv.conf to change the name service
order has NO EFFECT in reality.  You are conflating things from the old
libc5 days with their modern equivalents, and you've got them all mixed
together in a nonsense configuration.

And every time I tell you this, it just slides right off.  Nevertheless,
I'm trying again.

Name service switch configuration in the modern libc6 days is contained
in the /etc/nsswitch.conf file.  This is where your system defines
"local files first, then DNS" or whatever other order you want.

It USED TO BE in the /etc/host.conf file.  See for example
, last updated in 1996.

Somehow, you have taken configuration that would have been in the
/etc/host.conf file in 1996, and moved it to /etc/resolv.conf on
your system, and you have convinced yourself that this actually does
something.

Name service order is defined by the "hosts:" line in /etc/nsswitch.conf.
Mine says this:

unicorn:~$ grep hosts /etc/nsswitch.conf 
hosts:  files mdns4_minimal [NOTFOUND=return] dns

which means "local files first, then this mdns4_minimal thing, and if
that says notfound, then stop and use that result, but if it doesn't
work at all, then use DNS".

(I have no idea what mdns4_minimal is, but Debian put it there, and it
hasn't caused a problem yet so I left it alone.)

The /etc/resolv.conf file is used by the DNS resolver, to decide what
nameserver(s) to use (their IP addresses must be listed), and in some
cases, what domain names to append to the input, and when to append
them (or not append them).

unicorn:~$ cat /etc/resolv.conf
search wooledge.org
nameserver 127.0.0.1
nameserver 10.0.0.1
nameserver 8.8.8.8

Mine says "append .wooledge.org to any name without any dots in it, and
try the nameserver at 127.0.0.1 first, then the nameserver at 10.0.0.1,
and finally the nameserver at 8.8.8.8".

I use this nameserver configuration because I run a dnscache locally
(127.0.0.1) which should be the primary and preferred source of DNS
information.  But if for some reason that's not available, it should
try the router's forwarding nameserver (10.0.0.1), which is configured
by my ISP's DHCP server, and forwards to my ISP.  And if *that's* not
available or not working, then fall back to Google's 8.8.8.8 nameserver
as the last resort.

I also go out of my way to ensure that this file is never modified
by anything other than me.  This is not a laptop or a phone.  It
doesn't move around to various networks, so I don't want a dynamic
nameserver configuration.  I want THIS configuration, at all times,
period.  If anyone else wants help doing that, see
.

bookworm

2023-02-09 Thread Dariusz

Hi, is there any chance for WiFi firmware-atheros for Bookworm in the 
estimated time?


regards

--
Pozdrawiam
Dariusz Kaminski
tel. +48 22 783 3956

Re: support for ASUS AC1200 USB-AC53 Nano wifi dongle

2023-02-09 Thread Alexander V. Makartsev


On 08.02.2023 20:55, Gary Dale wrote:

On 2023-02-08 09:07, Gary Dale wrote:


The journalctl command returns nothing.

That's strange. Is it possible you've forgot that pound ("#") sign means 
"run as root"?


Found a github repository that compiles on Bullseye at 
https://github.com/morrownr/88x2bu. Then it's a matter of doing the 
following as root


git clone https://github.com/morrownr/88x2bu
cd 88x2bu-20210702 ## date string may different
make clean
make
make install

then rebooting. The wifi dongle now shows in "ip addr".


Good to hear you've made it working.
You might want to walk an extra mile and setup DKMS [1][2] for it, so it 
will automatically re-compile and re-install itself after every kernel 
image update.



[1] https://manpages.debian.org/bullseye/dkms/dkms.8.en.html
[2] https://www.xmodulo.com/build-kernel-module-dkms-linux.html
--
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: ipv6 maybe has arrived.

On Thu, Feb 09, 2023 at 11:13:04AM +0200, Anssi Saari wrote:
> jeremy ardley  writes:

[...]

> > The other option of NAT for your IPv6 is frowned on
> 
> I don't know why though. The other IPv6 access I have is through a VPN
> and there, for privacy, of course my connection is NATted to the same
> exit IPv6 address as everyone else's [...]

Because NAT is falsely perceived as a security device. For privacy,
IPv6 has much nicer options than "hiding" behind a NAT (on top of
that, your biggest enemy these days is your browser anyway).

And NAT seduces providers to perpetuate bad habits from v4 times
(like giving you less than a /64).

Cheers
-- 
t

signature.asc
Description: PGP signature

Re: ipv6 maybe has arrived.

2023-02-09 Thread jeremy ardley




On 9/2/23 17:13, Anssi Saari wrote:

If forwarding is not enabled, then the LAN IPv6 hosts are just as
isolated from incoming traffic from the internet as hosts behind NAT.

If you don't have IPv6 forwarding on the router then none of your 
internal hosts will be able to communicate on IPv6 beyond your router. 
Unless you use NAT of course, or in certain circumstances a protocol proxy.


with ip6tables it's dead easy to block unsolicited connections yet still 
allow outgoing and incoming related/established traffic.


Off topic I noticed my IPv4 SIP phone wasn't receiving incoming calls 
all the time. After investigation I found the (IPv4 NAT) iptables setup 
had a short timeout for related/established traffic. In my case the 
phone was registering every 2 hours which was too long. I dropped that 
to 2 minutes and my incoming call problems went away


Jeremy

Re: ipv6 maybe has arrived.

jeremy ardley  writes:

> In the case of adding IPv6 without NAT, then without a firewall, external 
> baddies can connect unsolicited to your internal devices. Some of your 
> devices will
> have their own personal firewalls already, e.g. any windows machine. Some 
> won't, e.g. a printer. In the printer case it would be unfortunate if your 
> printer
> suddenly started printing out obscenites.. You get the picture.

One point about the IPv6 without NAT: for external connectivity, you
still need to explicitly allow IP forwarding in the *router* and also in
the router's firewall. In Linux terms of course, but Gene said he has
dd-wrt in his router.

If forwarding is not enabled, then the LAN IPv6 hosts are just as
isolated from incoming traffic from the internet as hosts behind NAT.

This was a happy revelation when I started playing with IPv6 last
year. Mostly because systemd-networkd grew built in 6rd support and
that's all my extremely backward ISP does for IPv6 so it was super easy
to try.

> The other option of NAT for your IPv6 is frowned on

I don't know why though. The other IPv6 access I have is through a VPN
and there, for privacy, of course my connection is NATted to the same
exit IPv6 address as everyone else's. IPv6 defines the range fc00::/7 as
unique local addresses which are similar to IPv4 private network ranges
and I get a local IPv6 address from that range from the VPN server.

Re: ipv6 maybe has arrived.

On Thu, Feb 09, 2023 at 03:00:24AM -0500, gene heskett wrote:

> > This would suggest that the  record for yahoo is available, but the
> > v6 connectivity is not.
> > 
> > Show us the result of 'ip addr list'  on your box...
> > 
> > Cheers
>  ip addr list.{Munged}
> 
> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
>valid_lft forever preferred_lft forever
> 2: eno1:  mtu 1500 qdisc pfifo_fast state
> UP group default qlen 1000
> link/ether munged brd ff:ff:ff:ff:ff:ff
> altname enp0s31f6
> inet munged brd munged scope global noprefixroute eno1
>valid_lft forever preferred_lft forever
> inet6 fe80::42b0:76ff:fe5b:113c/64 scope link noprefixroute
>valid_lft forever preferred_lft forever

Thanks. What I see is that the only ipv6 addresses you have are the
"::1/128" on lo (this is the v6 equivalent to the v4 127.0.0.1) and
that "fe80:...", which is a v6 link local address [1]. Your computer
won't get as far as your Ethernet cable with that, so that'd explain
the "no route to host".

This means that your computer isn't getting a viable IPv6 address.

This may sound paradoxical, since "v6 host resolution" is working,
but is not, because both are decoupled: the DNS request/reply is
giving you the A (aka v4) and  (v6) records over ipv4. The
higher layer protocol (DNS) doesn't care what kind the lower layer
(IP) was over which it was transported.

If you care about v6 (or are just curious), you might try to debug
your v6 setup until you get it working or find out that your provider
isn't playing along after all.

You'd start with your local network: that should always be possible.
Then work your way upstream to your router.

Cheers

[1] https://en.wikipedia.org/wiki/Link-local_address#IPv6
-- 
t

signature.asc
Description: PGP signature

Re: support for ASUS AC1200 USB-AC53 Nano wifi dongle

Gary Dale  writes:

> I thought this would be easier than it's turned out to be. There are Internet 
> posts going back years about support for this device but nothing recent -
> including a 5 year old Ubuntu post saying it works. Other wifi devices seem 
> to be recognized out of the box or with a simple install of non-free firmware 
> but
> not this one - at least not in Bullseye or Bookworm.

Hm. What I found was the driver has been integrated in kernel 6.2 and if
you need to build it for an older kernel, then they're supported too.
Versions 5.12-6.2 have community support and 4.19-5.11 are supported by
Realtek. I don't know what that means exactly though.

Source: https://github.com/morrownr/88x2bu-20210702

I can try to build this with Debian's stable 5.10 kernel at some point
but I don't have the hardware.

Re: ipv6 maybe has arrived.