MariaDB Server is not installing on Debian 12

[Timothy M Butterworth]

I am unable to install MariaDB on debian 12. apt show says the
mariadb-server is Version: 1:10.11.2-1.

apt upgrade
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
default-mysql-server : Depends: mariadb-server but it is not installed
mariadb-plugin-provider-bzip2 : Depends: mariadb-server (>= 1:10.11.1-1)
but it is not installed
mariadb-plugin-provider-lz4 : Depends: mariadb-server (>= 1:10.11.1-1) but
it is not installed
mariadb-plugin-provider-lzma : Depends: mariadb-server (>= 1:10.11.1-1) but
it is not installed
mariadb-plugin-provider-lzo : Depends: mariadb-server (>= 1:10.11.1-1) but
it is not installed
mariadb-plugin-provider-snappy : Depends: mariadb-server (>= 1:10.11.1-1)
but it is not installed
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or
specify a solution).

apt install mariadb-server
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
 mailx mariadb-test netcat-openbsd
The following NEW packages will be installed:
 mariadb-server
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
120 not fully installed or removed.
Need to get 0 B/3,581 kB of archives.
After this operation, 54.5 MB of additional disk space will be used.
Preconfiguring packages ...
(Reading database ... 327299 files and directories currently installed.)
Preparing to unpack .../mariadb-server_1%3a10.11.2-1_amd64.deb ...
Failed to stop mariadb.service: Unit mariadb.service not loaded.
invoke-rc.d: initscript mariadb, action "stop" failed.
Failed to stop mysql.service: Unit mysql.service not loaded.
invoke-rc.d: initscript mysql, action "stop" failed.
Attempt to stop MariaDB/MySQL server returned exitcode 5
There is a MariaDB/MySQL server running, but we failed in our attempts to
stop it.
Stop it yourself and try again!
dpkg: error processing archive
/var/cache/apt/archives/mariadb-server_1%3a10.11.2-1_amd64.deb (--unpack):
new mariadb-server package pre-installation script subprocess returned
error exit status 1
Errors were encountered while processing:
/var/cache/apt/archives/mariadb-server_1%3a10.11.2-1_amd64.deb


-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

Re: question about net address

[fh]

On 2023-03-20 07:36, Jeremy Ardley wrote:

As for the RFC? It's precise and definitive. My only concern is that 
some mail system implementer may 'improve' the RFC and restrict the 
acceptable address range to a /32 when they see a non zero final qnum 
in a /24


me second. 192.168.1.1/24 just makes me confused with 192.168.1.1/32 
which is a real host address. for block address it should be clearly 
192.168.1.0/24.


Thanks
Corey H

Re: question about net address

[Jeremy Ardley]

On 20/3/23 02:48, David Wright wrote:

O

Checking the RFC. To my reading the final stanza is not checked
" The  is compared to the given network. If CIDR prefix length

high-order bits match, the mechanism matches."

https://datatracker.ietf.org/doc/html/rfc7208#section-5.6

So in this case AI got it right.

I don't follow. What's your "final stanza" referring to, and
what's wrong with the RFC in connection with it?


I should have used the term 'final qnum' but I think that would be obscure.

I meant the fourth number in the IPv4 dotted-quad notation.

As for the RFC? It's precise and definitive. My only concern is that 
some mail system implementer may 'improve' the RFC and restrict the 
acceptable address range to a /32 when they see a non zero final qnum in 
a /24


--
Jeremy
(Lists)

Re: question about net address

[David Christensen]

On 3/19/23 03:28, cor...@free.fr wrote:

On 19/03/2023 18:00, David Christensen wrote:

On 3/18/23 16:31, cor...@free.fr wrote:

On 19/03/2023 06:17, Kushal Kumaran wrote:

On Sat, Mar 18 2023 at 07:28:23 PM, cor...@free.fr wrote:

Hello

I know 192.168.1.0/24 is a valid C range for network address.

but what does 192.168.1.1/24 mean?

I ask this just for a setting in the SPF:

spf.pinoad.se.    300    IN    TXT    "v=spf1 
ip4:188.66.63.1/24 -all"




It means the same thing.  192.168.1.1/24 is the same range as
192.168.1.0/24, but written by someone not paying too much attention.



That's correct. Thanks.



AIUI:

* 192.168.1.0/24 identifies an IPv4 network with an address of
192.168.1.0 and a network prefix of 24 bits.  The address is within
the reserved private block 192.168.0.0/16.  The prefix corresponds to
a class C network.

* 192.168.1.1/24 identifies an IPv4 network interface with an address
of 192.168.1.1 and a network prefix of 24.  The interface is
configured to communicate over the 192.168.1.0/24 network.





So for Inleed (a local ISP)'s SPF:

spf.pinoad.se.    300    IN    TXT    "v=spf1 ip4:188.66.63.1/24 -all"


They specify only 188.66.63.1 to send email?

But as far as I know their mailserver is 188.66.63.2:

mail.inleed.xyz.    300    IN    A    188.66.63.2


Then this mail server should have problems in messages delivery.

Thanks
Corey




If I correctly understand Sender Policy Framework SPF Record Syntax:

http://www.open-spf.org/SPF_Record_Syntax/


The phrase "ip4:188.66.63.1/24" in the above DNS SPF record states that 
outgoing mail will come from hosts in the address block 188.66.63.1/24.



The address 188.66.63.2 is within the published address block, so the 
ISP is stating that mail sent by that host is legitimate.



On 3/19/23 03:38, cor...@free.fr wrote:
> So,
>
> * 188.66.63.1/24 is a range, not a single host in SPF
> * why it's not written as 188.66.63.0/24 which is more clear?
>
> Thanks


I agree that "188.66.63.0/24" would be a more conventional way to 
specify a network address block.  Perhaps you should ask the ISP why 
they used "188.66.63.1/24".



David

Re: Microcode bug problem?

[Jesper Dybdal]

On 2023-03-19 19:30, Linux-Fan wrote:

Jesper Dybdal writes:

I have no idea whether my old processor is a "CoffeeLake" or a 
"Skylake" or something else.  It is a pc that I bought in 2008, I 
think (and still working just fine).



model name  : Intel(R) Core(TM)2 Duo CPU E8400  @ 3.00GHz


The way to find out is to query the database at ark.intel.com. For 
your processor it leads me to


https://ark.intel.com/content/www/us/en/ark/products/33910/intel-core2-duo-processor-e8400-6m-cache-3-00-ghz-1333-mhz-fsb.html 



The "CoffeeLake" and "Skylake" are processor code names. For the Core 
2 Duo E8400 this is "Wolfdale" according to ark.intel.com



Do I need to worry about those microcode bugs?


Your CPU us far older than the ones affected by the microcode bug. It 
does not have a code name matching one of the listed ones. I'd 
conclude that your CPU is not affected.


That sounds like a very sound conclusion.  And the next time I have a 
similar question, I now know that ark.intel.com is the place to go.


Thanks a lot, to you and to the others who answered,
Jesper

--
Jesper Dybdal
https://www.dybdal.dk

Re: Microcode bug problem?

[Stefan Monnier]

> I have no idea whether my old processor is a "CoffeeLake" or a "Skylake" or
> something else.  It is a pc that I bought in 2008, I think (and still
> working just fine).

For those kinds of questions, I find Wikipedia to be the most helpful
source of info.


Stefan

Re: Microcode bug problem?

[Felix Miata]

Jesper Dybdal composed on 2023-03-19 19:00 (UTC+0100):

> /proc/cpuinfo says:
>> vendor_id   : GenuineIntel
>> cpu family  : 6
>> model   : 23
>> model name  : Intel(R) Core(TM)2 Duo CPU E8400  @ 3.00GHz
> Do I need to worry about those microcode bugs?
 
IIRC, I have 3 E8400s running Bullseye and Bookworm. No worries. That CPU
appeared in multiple popular Dell business model PCs.

-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: question about net address

[David Wright]

On Sun 19 Mar 2023 at 17:16:47 (-), Curt wrote:
> On 2023-03-19, Greg Wooledge  wrote:
> > On Sun, Mar 19, 2023 at 06:38:41PM +0800, cor...@free.fr wrote:
> >> So,
> >> 
> >> * 188.66.63.1/24 is a range, not a single host in SPF
> >> * why it's not written as 188.66.63.0/24 which is more clear?
> >
> > Because it was written by a human being who made a tiny error.  One that
> > makes no difference in practice.

I'm not sure we can call it a mistake without knowing the intent of
the person who wrote it. For example, it would be perfectly possible
to cut and paste that string from, say, a machine's /e/n/i, and not
bother to change 1→0 because it's not necessary in this location.

> The question is: once our AI is out of beta and connected to the web,
> will it produce or more or less errors than the archetypal human
> being to whom you refer.

That depends what you mean by "our AI". Chatgpt? or properly
trained AIs operating in particular subject areas?

Am I an archetypal human being? How do you know?

Cheers,
David.

Re: question about net address

[David Wright]

On Sun 19 Mar 2023 at 19:36:47 (+0800), Jeremy Ardley wrote:
> On 19/3/23 19:29, Jeremy Ardley wrote:
> > 
> > In this case of the /24 it gave an answer I expected. I imagine it
> > will take a trawl of the RFC and then of actual implementations to
> > find out for sure.
> > 
> > The best description of the AI is it is informative but not authorative.
> > 
> Checking the RFC. To my reading the final stanza is not checked
> 
> " The  is compared to the given network. If CIDR prefix length
> 
>high-order bits match, the mechanism matches."
> 
> https://datatracker.ietf.org/doc/html/rfc7208#section-5.6
> 
> So in this case AI got it right.

I don't follow. What's your "final stanza" referring to, and
what's wrong with the RFC in connection with it?

Cheers,
David.

Re: Mailinglist problemen door SPF

[Geert Stappers]

On Sun, Mar 19, 2023 at 03:38:57PM +0100, Paul van der Vlis wrote:
> Hallo,
> 
> Ik heb de indruk dat sommige mensen mijn berichten niet krijgen doordat ik
> stricte SPF regels heb. Via DMARC kun je hier rapporten over opvragen, en
> dan krijg ik berichten zoals onderstaand.  Iemand een idee wat ik kan doen?

Heb contact met de betrokken partijen.

 
> Tja, de debian list-servers staat niet in mijn SPF, maar dat lijkt me toch
> ook niet te hoeven.
> 
> SPF zou toch moeten kijken naar de "Sender:" header, en niet naar de
> "From:"?  De Debian mailinglists gebruiken echter geen "Sender" maar
> "Resent-Sender" header.
> 
> Deze website vond ik interessant: https://dmarc-tester.com/ die gespoofde
> mailtjes verstuurd die toch aankomen ondanks SPF. Je vraagt je dan ook wel
> af wat de waarde van SPF precies is.
> 
> Iemand die tips heeft?


Maak een overzichtstekening.


 
> Groeten,
> Paul



Groeten
Geert Stappers
-- 
Silence is hard to parse

Re: Microcode bug problem?

[The Wanderer]

On 2023-03-19 at 14:00, Jesper Dybdal wrote:

> I am planning to upgrade from Buster to Bullseye, and trying to prepare 
> for any problems.
> 
> The release notes say
>> The intel-microcode package currently in bullseye and buster-security 
>> (see DSA-4934-1 (https:
>> //www.debian.org/security/2021/dsa-4934)) is known to contain two 
>> significant bugs. For
>> some CoffeeLake CPUs this update may break network interfaces 
>> (https://github.com/intel/
>> Intel-Linux-Processor-Microcode-Data-Files/issues/56) that use 
>> firmware-iwlwifi,
>> and for some Skylake R0/D0 CPUs on systems using a very outdated 
>> firmware/BIOS, the system may
>> hang on boot 
>> (https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/
>> issues/31).
> 
> I have no idea whether my old processor is a "CoffeeLake" or a "Skylake" 
> or something else.  It is a pc that I bought in 2008, I think (and still 
> working just fine).
> 
> /proc/cpuinfo says:
>> vendor_id   : GenuineIntel
>> cpu family  : 6
>> model   : 23
>> model name  : Intel(R) Core(TM)2 Duo CPU E8400  @ 3.00GHz

According to a bit of Googling, the Core 2 Duo E8400 is from the
microarchitecture codenamed Wolfdale.

According to
https://en.wikipedia.org/wiki/List_of_Intel_CPU_microarchitectures,
Wolfdale is the codename for the desktop version of what might be
considered "generation 0", prior to the "Core i" series of CPU product
names, and was released in 2007.

According to that same page, Skylake was generation 6, and was released
in 2015.

According to that same page, Coffee Lake was part of generations 8 and
9, and was released in 2017.

> Do I need to worry about those microcode bugs?

Based on the above: no.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: Microcode bug problem?

[Linux-Fan]

Jesper Dybdal writes:

I am planning to upgrade from Buster to Bullseye, and trying to prepare for  
any problems.


The release notes say
The intel-microcode package currently in bullseye and buster-security (see  
DSA-4934-1 (https:
//www.debian.org/security/2021/dsa-4934)) is known to contain two  
significant bugs. For
some CoffeeLake CPUs this update may break network interfaces  
(https://github.com/intel/
Intel-Linux-Processor-Microcode-Data-Files/issues/56) that use firmware- 
iwlwifi,
and for some Skylake R0/D0 CPUs on systems using a very outdated  
firmware/BIOS, the system may
hang on boot (https://github.com/intel/Intel-Linux-Processor-Microcode-Data- 
Files/

issues/31).


I have no idea whether my old processor is a "CoffeeLake" or a "Skylake" or  
something else.  It is a pc that I bought in 2008, I think (and still  
working just fine).


/proc/cpuinfo says:

vendor_id   : GenuineIntel
cpu family  : 6
model   : 23
model name  : Intel(R) Core(TM)2 Duo CPU E8400  @ 3.00GHz


The way to find out is to query the database at ark.intel.com. For your  
processor it leads me to


https://ark.intel.com/content/www/us/en/ark/products/33910/intel-core2-duo-processor-e8400-6m-cache-3-00-ghz-1333-mhz-fsb.html

The "CoffeeLake" and "Skylake" are processor code names. For the Core 2 Duo  
E8400 this is "Wolfdale" according to ark.intel.com



Do I need to worry about those microcode bugs?


Your CPU us far older than the ones affected by the microcode bug. It does  
not have a code name matching one of the listed ones. I'd conclude that your  
CPU is not affected.


HTH
Linux-Fan

öö


pgpVU7E3j6RtC.pgp
Description: PGP signature

Re: Graphics Cards: Radeon RX 6000 Series on Debian-11 (Bullseye):

[piorunz]

On 19/03/2023 11:01, b...@iinet.net.au wrote:


Please accept my sincerest apologies ... I have been offline/out of
range for the last 19 weeks and have only just now read your response.

Your information and advice is most helpful and deeply appreciated.

Many thanks and cheers,
BRN.


No problem at all. Since our last posts, I continued to run Debian 
Testing, which is now frozen in approach to become stable in a few 
weeks. Everything is great since then, bugs have been polished. If you 
want great stability and functionality without excess bugs, I suggest to 
use Debian Bookworm once it is released as Stable, and stay with it. 
Peace of mind for few years.


--
With kindest regards, Piotr.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄

Re: Debian et clients legers

[Alex PADOLY]

Bonsoir,

Je vous remercie pour votre réponse détaillée. J'ai envi de me lancer 
afin d'améliorer ma formation.


Quel serveur actuel ou ancien pourriez-vous me conseiller?

MERCI BEAUCOUP!

Le 2023-03-18 20:06, Jean-Pierre Giraud a écrit :


Bonjour,
Le samedi 18 mars 2023 à 15:59 +0300, Alex PADOLY a écrit :


Bonjour à tous,

Que faudrait-il en termes de matériel pour faire fonctionner 3 clients
légers sous Debian GNU/Linux dans un logement.
Les 3 postes clients seront utilisés pour faire des taches
bureautiques, de l'Internet classique, écouter de la musique, regarder
des vidéos, éventuellement des films.
Occasionnellement, ces clients légers pourront faire du petit montage
vidéo et du graphisme (Blender).

En terme système d'exploitation, existe-t-il des paquets Debian
spécifiques pour faire cela, connaissez-vous une ressource détaillée
sur le sujet.

MERCI BEAUCOUP!

Il existe une solution de réseau complet avec des services réseau
préconfiguré, c'est le mélange (blend) debianedu/skolelinux. C'est une
solution consacré au milieu scolaire (donc avec des logiciels 
éducatifs)

mais le versant réseau est conçu pour être mis en œuvre facilement. Le
système dispose d'une documentation détaillée (traduite en français qui
plus est ...)
voir la page d'accueil : https://blends.debian.org/edu/
Amicalement
jipege

How to install virtual keyboard for KDE

[Yvan Masson]

Hi,

Using Debian testing with KDE, can someone tell me which package 
provides a virtual keyboard for KDE ? I installed 
qtvirtualkeyboard-plugin but it does not appear in KDE preferences 
(although it works on SDDM).


I already tried Onboard, but it has blocking issues for me.

Regards,
Yvan


OpenPGP_signature
Description: OpenPGP digital signature

Microcode bug problem?

[Jesper Dybdal]

I am planning to upgrade from Buster to Bullseye, and trying to prepare 
for any problems.


The release notes say
The intel-microcode package currently in bullseye and buster-security 
(see DSA-4934-1 (https:
//www.debian.org/security/2021/dsa-4934)) is known to contain two 
significant bugs. For
some CoffeeLake CPUs this update may break network interfaces 
(https://github.com/intel/
Intel-Linux-Processor-Microcode-Data-Files/issues/56) that use 
firmware-iwlwifi,
and for some Skylake R0/D0 CPUs on systems using a very outdated 
firmware/BIOS, the system may
hang on boot 
(https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/

issues/31).


I have no idea whether my old processor is a "CoffeeLake" or a "Skylake" 
or something else.  It is a pc that I bought in 2008, I think (and still 
working just fine).


/proc/cpuinfo says:

vendor_id   : GenuineIntel
cpu family  : 6
model   : 23
model name  : Intel(R) Core(TM)2 Duo CPU E8400  @ 3.00GHz

Do I need to worry about those microcode bugs?

Thanks,
Jesper Dybdal

--
Jesper Dybdal
https://www.dybdal.dk

artifiial intelligence (was: Re: question about net address)

[DdB]

Wow!
Great hint there!
I just tested it in a couple of areas and found it to be quite useful,
by far more up-to-date and i did enjoy the experience.
Thank you for sharing it.

Am 19.03.2023 um 12:01 schrieb Yassine Chaouche:
> In contrast,
> a tool like perplexity.ai is an answer-questionning tool.
> Is is a search engine.
> It cites its sources,
> so you can check for yourself whether it's talking crap,
> or if it's backed by facts.

Re: question about net address

[David Wright]

On Sun 19 Mar 2023 at 08:25:28 (-0400), Greg Wooledge wrote:
> On Sun, Mar 19, 2023 at 12:45:06PM +0100, Nicolas George wrote:
> > #!/bin/sh
> > eval "$(recode b64..data < > H4sIACv1FmQAAzXMPQrCQBAG0H5O8TFEMII/BA3BVF7AXoLFsI5kCdl1d5JC8PCSIuVrnro+gm82
> > QPBVO4aINKtNPoYrU1Z5YZ+RyIkpuNh+sg/TG7wxRpHwg/VSXWqbx5LhA6E7Vee6EafPXQld9ofa
> > oW0Jq+9xoZo4+gNQ3NCSfg==
> > EOF
> > )"
> 
> Using recode instead of base64 to do a base64 decoding is... a choice.
> I wonder how many people have recode installed.

Here, yes, but I always used an alias written so long ago (for
ISO-8859-1..UTF-8) that I hadn't ever thought about using it
for base64. (My alias's name is a reminder that it overwrites
whenever filenames are given.)

> Within the "script" itself, you have:
> 
> case "$(printf "%s" $q | sha256sum)" in
> 
> This line is fascinating because you've used quotes twice where they
> aren't needed and failed to use them in the one place they're required.

I'd be surprised if people ran the above without first cutting/pasting
and line-editing it to something like:

 $ recode b64..data <

Re: question about net address

[Curt]

On 2023-03-19, Greg Wooledge  wrote:
> On Sun, Mar 19, 2023 at 06:38:41PM +0800, cor...@free.fr wrote:
>> So,
>> 
>> * 188.66.63.1/24 is a range, not a single host in SPF
>> * why it's not written as 188.66.63.0/24 which is more clear?
>
> Because it was written by a human being who made a tiny error.  One that
> makes no difference in practice.
>

The question is: once our AI is out of beta and connected to the web,
will it produce or more or less errors than the archetypal human
being to whom you refer.

Re: question about net address

[Curt]

On 2023-03-19,   wrote:
>
> Yes, it is just a simulation of knowledge (it can be pretty
> convincing at that,though).
>
> In other words: if you want an answer from it, you have to
> know the answer beforehand.

So the specific answer it gave cited above is wrong? Or did you already know
the answer?

> Cheers

Re: question about net address

[debian-user]

Yassine Chaouche  wrote:
> Le 3/18/23 à 12:28, cor...@free.fr a écrit :
> > Hello
> > 
> > I know 192.168.1.0/24 is a valid C range for network address.
> > 
> > but what does 192.168.1.1/24 mean?
> > 
> > I ask this just for a setting in the SPF:
> > 
> > spf.pinoad.se.    300    IN    TXT    "v=spf1
> > ip4:188.66.63.1/24 -all"
> > 
> > 
> > Thanks.
> >   
> 
> The A.B.C.D/24 notation can be used to either :
>   - specify an IP address along with its netmask
>   - specify a network address when D=0.

Except in an SPF record when its meaning is defined somewhat differently
by RFC 7208 as already noted upthread.

Re : Lenovo IdeaPad 3 Chromebook [HS]

[k6dedijon]

Bonjour,
Avec la tablette Leonovo TB-X606F tu obtiendras ce que tu souhaites.

C'est ce que j'ai.
Bonne découverte
Cassis



- Mail d'origine -
De: Klaus Becker 
À: Liste Debian 
Envoyé: Fri, 17 Mar 2023 18:29:44 +0100 (CET)
Objet: Lenovo IdeaPad 3 Chromebook [HS]

Salut,

je cherche un portable, uniquement pour regarder des films et vidéos 
dans mon jardin où je n'ai qu'un groupe électrogène pour avoir de 
l'électricité.

En ce moment, le Lenovo IdeaPad 3 Chromebook est à 230 € à 
https://www.amazon.fr/Lenovo-IdeaPad-Chromebook-Ordinateur-Portable/dp/B09S62T3ZH/ref=sr_1_3?__mk_fr_FR=%C3%85M%C3%85%C5%BD%C3%95%C3%91=2JN7COZX3UQZ4=chromebook+lenovo+ideapad+3=1679073659=computers=chromebook+lenovo+ideapd+3%2Ccomputers%2C89=1-3.

Ce qui compte pour moi, c'est la possibilité de regarder des films et 
l'autonomie de la batterie qui ici, est annoncée à 10h.

Est-ce que qn a de l'expérience avec un chromebook?

Si possible, je préfère installer Debian bien sûr, mais sinon je me 
contenterais de chromeOS.

merci

Klaus

Re: question about net address

[Stefan Monnier]

> * 188.66.63.1/24 is a range, not a single host in SPF
> * why it's not written as 188.66.63.0/24 which is more clear?

Which is more likely:

- someone erroneously added `/24` when they really meant to specify just
  one host.
- someone wrote `1` instead of the more conventional `0` at the spot
  that contains no relevant info for a `/24` network.

?


Stefan

Mailinglist problemen door SPF

[Paul van der Vlis]

Hallo,

Ik heb de indruk dat sommige mensen mijn berichten niet krijgen doordat 
ik stricte SPF regels heb. Via DMARC kun je hier rapporten over 
opvragen, en dan krijg ik berichten zoals onderstaand.  Iemand een idee 
wat ik kan doen?


Tja, de debian list-servers staat niet in mijn SPF, maar dat lijkt me 
toch ook niet te hoeven.


SPF zou toch moeten kijken naar de "Sender:" header, en niet naar de 
"From:"?  De Debian mailinglists gebruiken echter geen "Sender" maar 
"Resent-Sender" header.


Deze website vond ik interessant: https://dmarc-tester.com/ die 
gespoofde mailtjes verstuurd die toch aankomen ondanks SPF. Je vraagt je 
dan ook wel af wat de waarde van SPF precies is.


Iemand die tips heeft?

Groeten,
Paul

-
   

 
Yahoo  
weggeha...@yahooinc.com  
1679101851.909633
  
  1679011200 
  1679097599 
 


vandervlis.nl  
r
r  
reject   
100  
   
  
 
  82.195.75.100  
  1  

none 
pass   
fail 
   

 
  vandervlis.nl  



vandervlis.nl  
default
pass   
   
 
lists.debian.org   
none   

   
 
   
---

nog een andere:
---


  
google.com
noreply-dmarc-supp...@google.com

https://support.google.com/a/answer/2466580
6333444760113420086

  1679011200
  1679097599

  
  
vandervlis.nl
r
r
reject
none
100
  
  

  82.195.75.100
  25
  
none
pass
fail
  


  vandervlis.nl


  
vandervlis.nl
pass
default
  
  
lists.debian.org
none
  

  
  

  2001:41b8:202:deb:216:36ff:fe40:4002
  30
  
none
pass
fail
  


  vandervlis.nl


  
vandervlis.nl
pass
default
  
  
lists.debian.org
none
  

  
  

  2600:1901:101::15
  1
  
none
pass
fail
  


  vandervlis.nl


  
vandervlis.nl
pass
default
  
  
lists.debian.org
none
  

  

--


--
Paul van der Vlis Linux systeembeheer Groningen
https://vandervlis.nl/

Re: question about net address

[Greg Wooledge]

On Sun, Mar 19, 2023 at 12:45:06PM +0100, Nicolas George wrote:
> #!/bin/sh
> eval "$(recode b64..data < H4sIACv1FmQAAzXMPQrCQBAG0H5O8TFEMII/BA3BVF7AXoLFsI5kCdl1d5JC8PCSIuVrnro+gm82
> QPBVO4aINKtNPoYrU1Z5YZ+RyIkpuNh+sg/TG7wxRpHwg/VSXWqbx5LhA6E7Vee6EafPXQld9ofa
> oW0Jq+9xoZo4+gNQ3NCSfg==
> EOF
> )"

Using recode instead of base64 to do a base64 decoding is... a choice.
I wonder how many people have recode installed.

Within the "script" itself, you have:

case "$(printf "%s" $q | sha256sum)" in

This line is fascinating because you've used quotes twice where they
aren't needed and failed to use them in the one place they're required.

Re: question about net address

[Greg Wooledge]

On Sun, Mar 19, 2023 at 06:38:41PM +0800, cor...@free.fr wrote:
> So,
> 
> * 188.66.63.1/24 is a range, not a single host in SPF
> * why it's not written as 188.66.63.0/24 which is more clear?

Because it was written by a human being who made a tiny error.  One that
makes no difference in practice.

Re: question about net address

[tomas]

On Sun, Mar 19, 2023 at 07:07:06PM +0800, f...@dnsbed.com wrote:

[...]

> For this kind of definition with clear rules (SPF), I think chatGPT is more
> precise than person.

Sometimes. But you won't know which times beforehand. Of course,
you could order ChatGPT to give you the right answer ;-D

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: question about net address

[Nicolas George]

Jeremy Ardley (12023-03-19):
> So in this case AI got it right.

Try the following AI:

#!/bin/sh
eval "$(recode b64..data <

signature.asc
Description: PGP signature

Re: question about net address

[Jeremy Ardley]

On 19/3/23 19:29, Jeremy Ardley wrote:


In this case of the /24 it gave an answer I expected. I imagine it 
will take a trawl of the RFC and then of actual implementations to 
find out for sure.


The best description of the AI is it is informative but not authorative.


Checking the RFC. To my reading the final stanza is not checked

" The  is compared to the given network. If CIDR prefix length

   high-order bits match, the mechanism matches."

https://datatracker.ietf.org/doc/html/rfc7208#section-5.6

So in this case AI got it right.

--
Jeremy
(Lists)

Re: question about net address

[fh]

On 2023-03-19 19:01, Yassine Chaouche wrote:


It only knows about saying things that sound plausible,
not necessarily true.
It doesn't fetch info from the internet,
process it,
then give it you.
It rather generates text,
using statisics.

Don't get mislead by it.
It often gives wrong answers.



For this kind of definition with clear rules (SPF), I think chatGPT is 
more precise than person.


regards
FengHe

Re: question about net address

[Jeremy Ardley]

On 19/3/23 19:10, to...@tuxteam.de wrote:

[...]
Yes, it is just a simulation of knowledge (it can be pretty
convincing at that,though).

In other words: if you want an answer from it, you have to
know the answer beforehand.

I have actually paid for a subscription and have used it for a month now 
in generating bash scripts and nginx configs. It's mostly pretty good at 
that.


The V4 is better than the V3.5

But I usually know what the general answer should be in most cases. The 
problem is often it will not quite understand my question and give a 
response to a question I didn't ask.


In this case of the /24 it gave an answer I expected. I imagine it will 
take a trawl of the RFC and then of actual implementations to find out 
for sure.


The best description of the AI is it is informative but not authorative.



-
Jeremy
(Lists)

Re: question about net address

[tomas]

On Sun, Mar 19, 2023 at 12:12:15PM +0100, Nicolas George wrote:
> to...@tuxteam.de (12023-03-19):
> > Yes, it is just a simulation of knowledge (it can be pretty
> > convincing at that,though).
> > 
> > In other words: if you want an answer from it, you have to
> > know the answer beforehand.
> 
> Ted Chiang described it very accurately as a blurry JPEG of the web:

This is a good metaphor, thanks for it.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: question about net address

[Nicolas George]

to...@tuxteam.de (12023-03-19):
> Yes, it is just a simulation of knowledge (it can be pretty
> convincing at that,though).
> 
> In other words: if you want an answer from it, you have to
> know the answer beforehand.

Ted Chiang described it very accurately as a blurry JPEG of the web:

https://www.newyorker.com/tech/annals-of-technology/chatgpt-is-a-blurry-jpeg-of-the-web
https://web.archive.org/web/20230218181747/https://www.newyorker.com/tech/annals-of-technology/chatgpt-is-a-blurry-jpeg-of-the-web

Regards,

-- 
  Nicolas George


signature.asc
Description: PGP signature

Re: Graphics Cards: Radeon RX 6000 Series on Debian-11 (Bullseye):

[brn]

piorunz  writes:

> On 28/07/2022 15:01, b...@iinet.net.au wrote:
>> Hi to all of you on the debian-user list.
>>
>> Is anyone out there successfully running any of the Radeon RX 6000
>> Series graphics cards on Debian-11 (Bullseye) installations with *no*
>> backports?
>>
>> I ask the above question because I can't see the required versions of
>> "Navi" firmware; namely "Navi 21" to "Navi 24", available in the package
>> "firmware-amd-graphics".  Probably a silly question, however I'm asking
>> anyhow.
>>
>> Cheers in hope,
>> BRN.
>>
> I think you'll need backports, if I remember correctly. I have 6800
> XT, been running stable with backports since I bought it, it's working
> very well. Card will work without backports but you may have no 3D
> acceleration. Adding backports repo and upgrading kernel + drivers is
> very easy.
>
> Since then I've upgraded to Testing out of curiosity, but it was not
> necessary, it works just as well as before. Once Debian Bookworm is
> released, I most likely will stay with it during stable cycle, I
> prefer stability of the software over freshness (with extra bugs).
Hi Piotr (and the rest of the list),
Please accept my sincerest apologies ... I have been offline/out of
range for the last 19 weeks and have only just now read your response.

Your information and advice is most helpful and deeply appreciated.

Many thanks and cheers,
BRN.

Re: question about net address

[tomas]

On Sun, Mar 19, 2023 at 12:01:19PM +0100, Yassine Chaouche wrote:
> Le 3/19/23 à 11:32, Jeremy Ardley a écrit :
> > 
> > On 19/3/23 18:28, cor...@free.fr wrote:
> > > "v=spf1 ip4:188.66.63.1/24 -all"
> > 
> > According to an AI version 4 that cannot be named:
> > 
> 
> I'm new to the list,
> thus,
> I don't know how many people have told you this before
> (or not)
> but that AI is a speech generator,
> not a general problem solving
> or
> question answering AI.

[...]

Yes, it is just a simulation of knowledge (it can be pretty
convincing at that,though).

In other words: if you want an answer from it, you have to
know the answer beforehand.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: question about net address

[tomas]

On Sun, Mar 19, 2023 at 06:38:41PM +0800, cor...@free.fr wrote:

[...]

> * 188.66.63.1/24 is a range, not a single host in SPF
> * why it's not written as 188.66.63.0/24 which is more clear?

My hunch is that they are meant to be equivalent, as, for
example 192.168.63.42/24, or actually any 192.168.63.x for
x in [0..255].

The problem with this notation is that its semantics are
context dependent: it can denote a host address cum network
mask (as in a CIDR interface spec) or a CIDR network range.

The "context" is provided by the application trying to grok
the notation, so it will vary :-)

The canonical way to express the network part would be to
set the host part to zero, which in this case would be,
as you stated, 192.168.63.0/24. This goes along nicely with
the convention [1] that the bottom address in CIDR is
reserved for the network address, and the top for the
broadcast address. But the non-canonical ways can be seen
just as equivalent -- or erroneous. The software seems to
prefer the former, and silently masks out the network part
(I'd do that, too).

Cheers

[1] AFAIK this is just a convention. I think you can have
   IPv4 subnets where the bottom and the top addresses are
   actual host addresses; this is particularly useful when
   the subnet has just two addresses (i.e. /31), for
   example in a "transfer net".

-- 
t


signature.asc
Description: PGP signature

Re: question about net address

[Yassine Chaouche]

Le 3/19/23 à 11:32, Jeremy Ardley a écrit :


On 19/3/23 18:28, cor...@free.fr wrote:
"v=spf1 ip4:188.66.63.1/24 -all" 


According to an AI version 4 that cannot be named:



I'm new to the list,
thus,
I don't know how many people have told you this before
(or not)
but that AI is a speech generator,
not a general problem solving
or
question answering AI.

It only knows about saying things that sound plausible,
not necessarily true.
It doesn't fetch info from the internet,
process it,
then give it you.
It rather generates text,
using statisics.

Don't get mislead by it.
It often gives wrong answers.

In contrast,
a tool like perplexity.ai is an answer-questionning tool.
Is is a search engine.
It cites its sources,
so you can check for yourself whether it's talking crap,
or if it's backed by facts.


Best,

--
yassine -- sysadm
+213-779 06 06 23
http://about.me/ychaouche
Looking for side gigs.

Re: question about net address

[jeremy ardley]

On 19/3/23 18:38, cor...@free.fr wrote:



So,

* 188.66.63.1/24 is a range, not a single host in SPF
* why it's not written as 188.66.63.0/24 which is more clear?


In the very specific case of an SPF there will be a rule. I assume given 
the AI response that the rule is to use the net definition /24 rather 
than the host defined in the the last stanza of a /24


Jeremy

Re: question about net address

[coreyh]

On 19/03/2023 18:32, Jeremy Ardley wrote:

On 19/3/23 18:28, cor...@free.fr wrote:

"v=spf1 ip4:188.66.63.1/24 -all"


According to an AI version 4 that cannot be named:

This is an SPF (Sender Policy Framework) record, which is a TXT record
in a domain's DNS settings. SPF records are used to help prevent email
spoofing by specifying which mail servers are authorized to send email
on behalf of a domain.

In this SPF record:

 * |v=spf1|: This indicates the SPF version used is SPF1.
 * |ip4:188.66.63.1/24|: This specifies that the IPv4 address range
   188.66.63.1 to 188.66.63.254 (a /24 range) is authorized to send
   email on behalf of the domain.
 * |-all|: This means that any host not listed in the SPF record (or
   not within the authorized IP range) is not allowed to send email on
   behalf of the domain.

To answer your question, this SPF record specifies a /24 range
(188.66.63.1 to 188.66.63.254) rather than a single host. Any mail
server with an IP address within that range is authorized to send
email for the domain, while other mail servers are not allowed.



So,

* 188.66.63.1/24 is a range, not a single host in SPF
* why it's not written as 188.66.63.0/24 which is more clear?

Thanks

Re: question about net address

[Jeremy Ardley]

On 19/3/23 18:28, cor...@free.fr wrote:
"v=spf1 ip4:188.66.63.1/24 -all" 


According to an AI version 4 that cannot be named:

This is an SPF (Sender Policy Framework) record, which is a TXT record 
in a domain's DNS settings. SPF records are used to help prevent email 
spoofing by specifying which mail servers are authorized to send email 
on behalf of a domain.


In this SPF record:

 * |v=spf1|: This indicates the SPF version used is SPF1.
 * |ip4:188.66.63.1/24|: This specifies that the IPv4 address range
   188.66.63.1 to 188.66.63.254 (a /24 range) is authorized to send
   email on behalf of the domain.
 * |-all|: This means that any host not listed in the SPF record (or
   not within the authorized IP range) is not allowed to send email on
   behalf of the domain.

To answer your question, this SPF record specifies a /24 range 
(188.66.63.1 to 188.66.63.254) rather than a single host. Any mail 
server with an IP address within that range is authorized to send email 
for the domain, while other mail servers are not allowed.



--
Jeremy
(Lists)

Re: question about net address

[coreyh]

On 19/03/2023 18:00, David Christensen wrote:

On 3/18/23 16:31, cor...@free.fr wrote:

On 19/03/2023 06:17, Kushal Kumaran wrote:

On Sat, Mar 18 2023 at 07:28:23 PM, cor...@free.fr wrote:

Hello

I know 192.168.1.0/24 is a valid C range for network address.

but what does 192.168.1.1/24 mean?

I ask this just for a setting in the SPF:

spf.pinoad.se.    300    IN    TXT    "v=spf1 ip4:188.66.63.1/24 
-all"




It means the same thing.  192.168.1.1/24 is the same range as
192.168.1.0/24, but written by someone not paying too much attention.



That's correct. Thanks.



AIUI:

* 192.168.1.0/24 identifies an IPv4 network with an address of
192.168.1.0 and a network prefix of 24 bits.  The address is within
the reserved private block 192.168.0.0/16.  The prefix corresponds to
a class C network.

* 192.168.1.1/24 identifies an IPv4 network interface with an address
of 192.168.1.1 and a network prefix of 24.  The interface is
configured to communicate over the 192.168.1.0/24 network.





So for Inleed (a local ISP)'s SPF:

spf.pinoad.se.  300 IN  TXT "v=spf1 ip4:188.66.63.1/24 -all"


They specify only 188.66.63.1 to send email?

But as far as I know their mailserver is 188.66.63.2:

mail.inleed.xyz.300 IN  A   188.66.63.2


Then this mail server should have problems in messages delivery.

Thanks
Corey

Re: question about net address

[David Christensen]

On 3/18/23 16:31, cor...@free.fr wrote:

On 19/03/2023 06:17, Kushal Kumaran wrote:

On Sat, Mar 18 2023 at 07:28:23 PM, cor...@free.fr wrote:

Hello

I know 192.168.1.0/24 is a valid C range for network address.

but what does 192.168.1.1/24 mean?

I ask this just for a setting in the SPF:

spf.pinoad.se.    300    IN    TXT    "v=spf1 ip4:188.66.63.1/24 
-all"




It means the same thing.  192.168.1.1/24 is the same range as
192.168.1.0/24, but written by someone not paying too much attention.



That's correct. Thanks.



AIUI:

* 192.168.1.0/24 identifies an IPv4 network with an address of 
192.168.1.0 and a network prefix of 24 bits.  The address is within the 
reserved private block 192.168.0.0/16.  The prefix corresponds to a 
class C network.


* 192.168.1.1/24 identifies an IPv4 network interface with an address of 
192.168.1.1 and a network prefix of 24.  The interface is configured to 
communicate over the 192.168.1.0/24 network.



See:

https://en.wikipedia.org/wiki/IPv4_address

https://en.wikipedia.org/wiki/CIDR_notation


David

Re: question about net address

[Yassine Chaouche]

Le 3/19/23 à 09:53, Yassine Chaouche a écrit :


The A.B.C.D/24 notation can be used to either :
  - specify an IP address along with its netmask



See for example this snippet from the output of the ip command:

10:02:21 /usr/share/man -1- $ ip -4 address show eth4 | grep inet
inet 192.168.211.112/24 brd 192.168.211.255 scope global eth4
10:02:29 /usr/share/man -1- $



Best,
--
yassine -- sysadm
+213-779 06 06 23
http://about.me/ychaouche
Looking for side gigs.

Re: question about net address

[Yassine Chaouche]

Le 3/18/23 à 12:28, cor...@free.fr a écrit :

Hello

I know 192.168.1.0/24 is a valid C range for network address.

but what does 192.168.1.1/24 mean?

I ask this just for a setting in the SPF:

spf.pinoad.se.    300    IN    TXT    "v=spf1 ip4:188.66.63.1/24 -all"


Thanks.



The A.B.C.D/24 notation can be used to either :
 - specify an IP address along with its netmask
 - specify a network address when D=0.


Best,

--
yassine -- sysadm
+213-779 06 06 23
http://about.me/ychaouche
Looking for side gigs.