Re: ICMP router advertisement (ipv4)

[Jeremy Ardley]

On 10/4/23 12:49, Tim Woodall wrote:


And it doesn't forward packets from new ips either, it just silently
drops them.

I don't know how the router learns ips but I suspect it's something to
do with DAD,

I don't know about your router specifically, but here in Australia the 
Network Termination Device (in my case a cable interface) has a gig 
ethernet port that a conventional 'router' connects to (e.g. the typical 
wifi device usually with some ethernet ports). On the NTD side the 
router sees an ethernet style interface that it can broadcast discovery 
packets onto. The NTD then routes the packets to the ISP via some cable 
protocol.


You can simply plug your computer ethernet direct into the NTD and do 
all the link negotiations you want. No extra hardware required.


In my case I have a dual port armbian device connected to the Network 
Termination Device to act as router to my network.


--
Jeremy
(Lists)

Re: ICMP router advertisement (ipv4)

[Tim Woodall]

On Mon, 10 Apr 2023, Tim Woodall wrote:


On Mon, 10 Apr 2023, Jeremy Ardley wrote:



On 10/4/23 11:02, Tim Woodall wrote:

My firewall has a single /128 acquired via SLAAC and the RA from the
router. My entire network is masqueraded through that single IP.


What does the RA contain? Typically on connection to an IPv6 capable ISP 
you will get assigned a single /128 from their range and granted a complete 
routable range at least /64 for you to use.


The interface between the router and the ISP will typically use the router 
fe80 to connect upstream but it will also have the /128 to use. The router 
should be able to route the /64 without NAT. If it can't then time for a 
new router.





I want to be able to put a firewall in front of the router. But there's
no way to get any traffic out of the router and into my network other
than that addressed to my firewalls /128

The router doesn't even attempt to see if a host exists if a packet to a
new ip arrives.


And it doesn't forward packets from new ips either, it just silently
drops them.

I don't know how the router learns ips but I suspect it's something to
do with DAD,

Re: ICMP router advertisement (ipv4)

[Tim Woodall]

On Mon, 10 Apr 2023, Jeremy Ardley wrote:



On 10/4/23 11:02, Tim Woodall wrote:

My firewall has a single /128 acquired via SLAAC and the RA from the
router. My entire network is masqueraded through that single IP.


What does the RA contain? Typically on connection to an IPv6 capable ISP you 
will get assigned a single /128 from their range and granted a complete 
routable range at least /64 for you to use.


The interface between the router and the ISP will typically use the router 
fe80 to connect upstream but it will also have the /128 to use. The router 
should be able to route the /64 without NAT. If it can't then time for a new 
router.





I want to be able to put a firewall in front of the router. But there's
no way to get any traffic out of the router and into my network other
than that addressed to my firewalls /128

The router doesn't even attempt to see if a host exists if a packet to a
new ip arrives.

I suspect that 'silent' hosts would 'disappear' as far as the router is
concerned.

#
# radvd configuration generated by radvdump 2.18
# based on Router Advertisement from fe80::c6eb:39ff:fe4e:c771
# received by interface isp
#

interface isp
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag off;
AdvOtherConfigFlag on;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 64;
AdvDefaultLifetime 1800;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvSourceLLAddress on;

RDNSS 2001:730:3ec2::10 2001:730:3ec2::11
{
AdvRDNSSLifetime 300;
}; # End of RDNSS definition


prefix :::**00::/64
{
AdvValidLifetime 604800;
AdvPreferredLifetime 604800;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition


route :::**00::/57
{
AdvRoutePreference medium;
AdvRouteLifetime 1800;
}; # End of route definition

}; # End of interface definition

It's sort of bizarre that the prefix is good for 5 days but the route
for 30 minutes.

Re: apt temporary failure resolving deb.debian.org

[Tim Woodall]

On Sun, 9 Apr 2023, Andy Smith wrote:


Hi Badli,

On Sun, Apr 09, 2023 at 07:59:32AM +, Badli Al Rashid wrote:

I got a temporary failure resolving deb.debian.org and
www.debian.org since last week thursday. I can resolve other sites
like www.kernel.org and others.


Broke last monday for me.


When I switch to other DNS servers I can resolve www.debian.org.


Any clue in the logs of your bind9 resolver?

If you are able to install "delv", what does that say?

$ delv -t cname deb.debian.org
; fully validated
deb.debian.org. 3567IN  CNAME   debian.map.fastlydns.net.
deb.debian.org. 3567IN  RRSIG   CNAME 8 3 3600 20230512040858 
20230402034640 32728 debian.org. 
rFqk+TkAJPOXTbQl8irQJyMGjsL8yXMxFgxglzGC+7GaydpbQGEYaiOE 
FLHKy4dPshKq0pq5O8l+hw/gG3dgWg+fYkskltkGJyk8VNBnbgTM3Szm 
M2QjRR7x7hKitr61YrUkVCpZCroiKtZfat/0l42EWV24FewvatX9mBge 
VYzlUSrOchLHC7TjBOpxyA7Ta6ll4YIDDgMSZi4HxMMhjPdzGs2H/o8D 
CrKUmSE9VBhRoclczsBbMENUftKR0XOl

It does seem like your ;local resolver is at fault when it comes to
DNSSEC.

Cheers,
Andy




I suspect some weird pmtu issue or something like that

root@bind17:/etc/bind# delv -t cname www.microsoft.com  +rtrace
;; fetch: www.microsoft.com/CNAME
;; fetch: com/DS
;; fetch: ./DNSKEY
;; fetch: microsoft.com/DS
;; fetch: com/DNSKEY
; unsigned answer
www.microsoft.com.  2858IN  CNAME
www.microsoft.com-c-3.edgekey.net.
root@bind17:/etc/bind# delv -t cname deb.debian.org +rtrace
;; fetch: deb.debian.org/CNAME
;; fetch: debian.org/DNSKEY
;; resolution failed: timed out
root@bind17:/etc/bind#

And here's the really weird bit: that was with bind using google as
forwarders but...

root@bind17:/etc/bind# delv -6 -t cname deb.debian.org +rtrace 
@2001:4860:4860::
;; fetch: deb.debian.org/CNAME
;; fetch: debian.org/DNSKEY
;; fetch: debian.org/DS
;; fetch: org/DNSKEY
;; fetch: org/DS
;; fetch: ./DNSKEY
; fully validated
deb.debian.org. 3284IN  CNAME
debian.map.fastlydns.net.
deb.debian.org. 3284IN  RRSIG   CNAME 8 3 3600
20230512040858 20230402034640 32728 debian.org.
rFqk+TkAJPOXTbQl8irQJyMGjsL8yXMxFgxglzGC+7GaydpbQGEYaiOE
FLHKy4dPshKq0pq5O8l+hw/gG3dgWg+fYkskltkGJyk8VNBnbgTM3Szm
M2QjRR7x7hKitr61YrUkVCpZCroiKtZfat/0l42EWV24FewvatX9mBge
VYzlUSrOchLHC7TjBOpxyA7Ta6ll4YIDDgMSZi4HxMMhjPdzGs2H/o8D
CrKUmSE9VBhRoclczsBbMENUftKR0XOl
root@bind17:/etc/bind#


firewall17:~# tcpdump -n -i isp port 53
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on isp, link-type EN10MB (Ethernet), snapshot length 262144 bytes
03:24:02.676837 IP6 :::**00::1.50280 > 2001:4860:4860::.53: 
27939+% [1au] DNSKEY? debian.org. (51)
03:24:02.686347 IP6 2001:4860:4860::.53 > :::**00::1.50280: 
27939| 0/0/1 (39)
03:24:02.687485 IP6 :::**00::1.59395 > 2001:4860:4860::.53: 
Flags [S], seq 2532653124, win 64660, options [mss 1220,sackOK,TS val 1661813206 
ecr 0,nop,wscale 5], length 0
03:24:02.697849 IP6 2001:4860:4860::.53 > :::**00::1.59395: 
Flags [S.], seq 2779959628, ack 2532653125, win 65535, options [mss 1440,sackOK,TS 
val 1178061358 ecr 1661813206,nop,wscale 8], length 0
03:24:02.698472 IP6 :::**00::1.59395 > 2001:4860:4860::.53: 
Flags [.], ack 1, win 2021, options [nop,nop,TS val 1661813217 ecr 1178061358], 
length 0
03:24:02.698840 IP6 :::**00::1.59395 > 2001:4860:4860::.53: 
Flags [P.], seq 1:54, ack 1, win 2021, options [nop,nop,TS val 1661813217 ecr 
1178061358], length 53 16359+% [1au] DNSKEY? debian.org. (51)
03:24:02.708023 IP6 2001:4860:4860::.53 > :::**00::1.59395: 
Flags [.], ack 54, win 256, options [nop,nop,TS val 1178061368 ecr 1661813217], 
length 0
03:24:04.707378 IP6 2001:4860:4860::.53 > :::**00::1.59395: 
Flags [F.], seq 1636, ack 54, win 256, options [nop,nop,TS val 1178063367 ecr 
1661813217], length 0
03:24:04.708333 IP6 :::**00::1.59395 > 2001:4860:4860::.53: 
Flags [.], ack 1, win 2021, options [nop,nop,TS val 1661815227 ecr 
1178061368,nop,nop,sack 1 {1636:1637}], length 0
03:24:07.698316 IP6 :::**00::1.59395 > 2001:4860:4860::.53: 
Flags [F.], seq 54, ack 1, win 2021, options [nop,nop,TS val 1661818217 ecr 
1178061368,nop,nop,sack 1 {1636:1637}], length 0
03:24:07.708269 IP6 2001:4860:4860::.53 > :::**00::1.59395: 
Flags [.], ack 55, win 256, options [nop,nop,TS val 1178066368 ecr 1661818217], 
length 0

The result isn't getting back to me. Google shuts down the connection after 2 
seconds.


And here's talking to google directly

firewall17:/etc/firewall# tcpdump -n -i isp port 53
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on isp, link-type EN10MB (Ethernet), snapshot length 262144 bytes
03:56:29.290782 IP6 :::**00::1.48805 > 2001:4860:4860::.53: 
Flags [S], seq 3069515386, win 64660, options [mss 1220,sackOK,TS val 1663759806 
ecr 0,nop,wscale 5], length 0

Re: ICMP router advertisement (ipv4)

[Jeremy Ardley]

On 10/4/23 11:02, Tim Woodall wrote:

My firewall has a single /128 acquired via SLAAC and the RA from the
router. My entire network is masqueraded through that single IP.


What does the RA contain? Typically on connection to an IPv6 capable ISP 
you will get assigned a single /128 from their range and granted a 
complete routable range at least /64 for you to use.


The interface between the router and the ISP will typically use the 
router fe80 to connect upstream but it will also have the /128 to use. 
The router should be able to route the /64 without NAT. If it can't then 
time for a new router.


--
Jeremy
(Lists)

Re: ICMP router advertisement (ipv4)

[Tim Woodall]

On Sun, 9 Apr 2023, Michel Verdier wrote:


Le 9 avril 2023 Tim Woodall a ?crit :


Apr  9 06:27:48 ... IN=isp OUT= MAC=... SRC=1.0.168.192 DST=224.0.0.1 ... 
PROTO=ICMP TYPE=9 CODE=0


This log is generated on your host? It comes directly from syslog or from
a reporting tool?


I don't get a routable IPv4 address at all. My router is doing DS-lite
to emulate IPv4 connectivity.


your host have ipv6 and ipv4 addresses or only ipv4 ?

Both. It has a global ipv6 address and a 1918 ipv4 address.


on your host can you give
ip route
ip -6 route
ip address


This isn't going to be particularly useful on its own as I'm using
policy based routing and iptables marking.

But on the firewall the (a) default route points at 192.168.0.1 which is
acquired via dhcp and one points at the routers link-local address
acquired using SLAAC

default via 192.168.0.1 dev isp
default via fe80::c6eb:39ff:fe4e:c771 dev isp proto ra metric 1024
expires 1713sec hoplimit 64 pref medium

The router itself has a public WAN side IPv6 address (displayed on the
router info page but discoverable by doing a traceroute inbound too) but
no ipv4 address at all other than the internal 192.168.0.1



obfuscate if you want but let internal addresses, it's not a security
hole


More annoyingly, there doesn't seem to be any way to tell the router
what the next hop router is for IPv6 and it doesn't forward packets for
any IP it doesn't know about - even with the firewall turned off.


this is correct, it needs to know where you are to send you packets
icmp type 9 are for that


I'm not using them as I acquire my ipv4 address and next hop via dhcp.

And I'm not trying to get ipv4 working. That is going via CGNAT. It's
ipv6 that I'm trying to make vaguely sane. I have 2**71 addresses that
reach my router, but only one that will cross it.


So, even though it advertises a /57 on its internal interface, I'm being
forced to do NAT in order to have a firewall.


I don't understand : if it don't forward, where do you do NAT ?


My firewall has a single /128 acquired via SLAAC and the RA from the
router. My entire network is masqueraded through that single IP.

I'm also doing the same for ipv4 - but the router is then using DS-lite
to tunnel to the isp where there's CGNAT to a routable address.


I cannot see packets for any address other than those in one /64
although a traceroute shows they're getting to the router.


You mean you have addresses on the /57 but you can't contact other /64 ?
it seems like a subnet restriction set on the router, and rather common
only a configuration point


The router drops everything except the /128s that it knows about. It
does not even try to do neighbour discovery.

Re: questions about cron.daily

[davidson]

On Sun, 9 Apr 2023 David Wright wrote:

On Sun 09 Apr 2023 at 21:48:22 (+0200), zithro wrote:

[Previously David "Between-the-Lines" Wright wrote:]

IOW, while I run crontab -e on bookworm, inside my emacs session,
I want a subshell to run crontab -l, but the latter has to run on
bullseye in order to pick up the old crontab. I'm not sure how I
would do that.


"So it's a good thing I don't need to, since I've got all the
materials I need in my home directory, under ~/.cron"


Try running :
ssh user@bullseye crontab -l

It will locally list the crontab from remote user "user".

Note I've never used emacs, so dunno if ssh is allowed !


I too saw a plea for halp at first. At first I was derping out a reply
"Well David, since the bullseye system isn't running, you just
mount..."

But nope. Mirage!

Just rhetorical puzzlement implying an unspoken conclusion: "And
*that's* why we keep all the cron things on our home partition."

--
Hackers are free people. They are like artists. If they are in a good
mood, they get up in the morning and begin painting their pictures.
-- Vladimir Putin

Re: how to limit a CPU temperature?

[David Christensen]

On 4/8/23 07:17, songbird wrote:

   i have a program that has changed it's behavior to suddenly
become a CPU hog (while doing something simple like uploading
files for my website).  probably a bug, but it got me to
wondering how i could limit the CPU temperature to a range
well below the maximum that kicks in by the CPU itself.

   i have an intel processor and it has the MAX which does
prevent it from going higher (100C), but i'd like to keep it
at 70C or lower.

   i've been trying to find anything that will let me set this
but no luck yet in my searches.

   thanks!  :)


   songbird



I previous posted some Perl one-liners to load one processor core for 
thermal testing:


https://lists.debian.org/debian-user/2021/08/msg01346.html


Here is an updated Perl script that will exercise all cores to a given 
percentage for a given duration:


2023-04-09 19:06:43 dpchrist@taz ~
$ cat /usr/local/bin/exercise-cpu
#!/usr/bin/env perl
# $Id: exercise-cpu,v 1.1 2023/04/10 02:05:22 dpchrist Exp $
# by David Paul Christensen dpchr...@holgerdanske.com
# Public Domain
#
# Exercise central processing unit

use threads;
use strict;
use warnings;

use File::Basename;
use Time::HiRes qw( sleep time );

die sprintf "Usage: %s PERCENT DURATION\n", basename($0)
unless @ARGV == 2;

my  $a  = 0.01 * shift; # periodic exercise duration
my  $b  = 1 - $a;   # periodic sleep duration

$_  = qx/lscpu/;# Debian GNU/Linux
my ($c) = /CPU.s.:\s+(\d+)/;# number of virtual cores

my  $e  = time + shift; # time to end

my @thr;# threads

push @thr, async {
while (time < $e) {
my $d = time + $a / 10;
1 while time < $d;
sleep $b/10;
}
} for 1..$c;

$_->join for @thr;

2023-04-09 19:06:49 dpchrist@taz ~
$ exercise-cpu 50 10


David

Re: questions about cron.daily

[David Wright]

On Sun 09 Apr 2023 at 21:48:22 (+0200), zithro wrote:
> > IOW, while I run crontab -e on bookworm, inside my emacs session,
> > I want a subshell to run crontab -l, but the latter has to run on
> > bullseye in order to pick up the old crontab. I'm not sure how
> > I would do that.
> 
> Try running :
> ssh user@bullseye crontab -l
> 
> It will locally list the crontab from remote user "user".
> 
> Note I've never used emacs, so dunno if ssh is allowed !

In case it's not clear, bullseye and bookworm are Debian distribution
codenames, not hostnames. I can't edit my crontab on a newly installed
bookworm system while simultaneously listing my old crontab on the old
bullseye system on the same computer.

The machine is set up to dual boot (currently bullseye and buster),
but not simultaneously!

Even for the same username, the crontab on one computer differs from
that on another, as the machines have different roles.

Cheers,
David.

Re: how to limit a CPU temperature?

[David Christensen]

On 4/8/23 20:11, Mark Allums wrote:

On 4/8/2023 8:01 PM, David Christensen wrote:

On 4/8/23 07:17, songbird wrote:

   i have a program that has changed it's behavior to suddenly
become a CPU hog (while doing something simple like uploading
files for my website).  probably a bug, but it got me to
wondering how i could limit the CPU temperature to a range
well below the maximum that kicks in by the CPU itself.

   i have an intel processor and it has the MAX which does
prevent it from going higher (100C), but i'd like to keep it
at 70C or lower.

   i've been trying to find anything that will let me set this
but no luck yet in my searches.

   thanks!  :)


   songbird



Assuming the computer had a proper thermal solution when assembled, 
the 100 C processor temperature indicates that the thermal paste 
between the processor and its heat sink has gone bad.  I suggest 
replacing it with silver-based thermal paste.


New paste yes, silver no.  That's out-of-date.  Silver is conductive. 
Silver paste is not superior to Thermal Grizzly Kryonaut or Arctic 
(maker of the most popular silver paste) MX-6. You want non-conductive, 
non-capacitive paste.



Mark Allums



Thank you for pointing out advances in thermal paste since the last time 
I used such.  STFW the two brands you mention do seem to be the current 
"top of the charts":


https://en.wikipedia.org/wiki/Thermal_paste

https://www.tomshardware.com/best-picks/best-thermal-paste

https://www.tomshardware.com/news/artic-mx6-thermal-paste

https://www.thermal-grizzly.com/en/products/16-kryonaut-en

https://www.arctic.de/us/MX-6/ACTCP00079A


I agree that getting paste where it does not belong during installation 
is a problem; thermally, electrically, and chemically.  "non-conductive, 
non-capacitive paste" should mitigate damage should this risk occur. 
Thankfully, I have not created such a mess; and the ones I have cleaned 
did no apparent damage.



The last time I installed (silver-based) thermal paste, I seem to recall 
that the manufacturer's directions were to apply a bead the size of a 
grain of long-grain rice to the center of the processor case and then 
seat the heat sink straight down.  I believe I took one such joint apart 
shortly after installation, and the paste had spread into a circular 
area with a diameter of ~80% of the processor top.  I will be curious to 
see the pattern after a long period of use, if and when I take one of 
those joints apart again.



I do not want paste oozing out of the sides of the joint, so I have 
resisted the urge to use more paste or enlarge the application pattern.



I do not want air bubbles, so I have resisted the urge to spread the 
paste.  However, Thermal Grizzly recommends this technique in their 
application guide:


https://www.thermal-grizzly.com/images/downloads/TG-ApplicationShortGuide.pdf


I have installed a few Intel "boxed" processor kits that included heat 
sinks and fans.  The heat sinks had a fine pattern of thermal paste in 
rows with empty furrows in between.  The pattern covered the entire 
mating surface.  The paste was nearly solid and was silver in color.



Looking beyond spillage, putting a insulator (non-conductive thermal 
paste) between two conductors (metal heat sink and metal processor case) 
is how you form a capacitor:


https://en.wikipedia.org/wiki/Capacitor#Parallel-plate_capacitor

The simplest model of a capacitor consists of two thin parallel
conductive plates each with an area of A separated by a uniform gap
of thickness d filled with a dielectric with permittivity ε . It is
assumed the gap d is much smaller than the dimensions of the plates.
...
... the highest capacitance is achieved with a high permittivity
dielectric material, large plate area, and small separation between
the plates.
...
The maximum energy is a function of dielectric volume, permittivity,
and dielectric strength.


Following the link "permitttivity":

https://en.wikipedia.org/wiki/Permittivity

In electromagnetism, the absolute permittivity, often simply called
permittivity and denoted by the Greek letter ε (epsilon), is a
measure of the electric polarizability of a dielectric. A material
with high permittivity polarizes more in response to an applied
electric field than a material with low permittivity, thereby
storing more energy in the material. In electrostatics, the
permittivity plays an important role in determining the capacitance
of a capacitor.


So, it would seem that "non-capacitive" thermal paste is thermal paste 
with low electromagnetic absolute permittivity.



Does anyone have any ideas or explanations regarding forming a capacitor 
out of the processor heat sink and the processor case by using a 
non-conductive paste versus forming an electrical connection by using an 
electrically conductive thermal paste?  Or, a "real world" joint using a 
thermal compound with electromagnetic impedance 

Re: how to change default nameserver?

[zithro]

On 09 Apr 2023 17:20, Greg Wooledge wrote:

Welcome to the Gene Heskett show, starring Gene Heskett.

We've told Gene that his configuration is wrong *so* many times, over
*so* many years.  There are very many, very long, threads dedicated to
trying to help Gene get his network configuration to a sane state.

I recommend not trying again, but it's up to you.  Maybe you'll succeed
where everyone else has failed... I doubt it, but I can't rule it out.



Ahah ^^
As confucius said : "Experience is a lantern that you carry on your back 
and that only lights up the path you have traveled", but thanks for the 
advice !

Re: questions about cron.daily

[zithro]

IOW, while I run crontab -e on bookworm, inside my emacs session,
I want a subshell to run crontab -l, but the latter has to run on
bullseye in order to pick up the old crontab. I'm not sure how
I would do that.


Try running :
ssh user@bullseye crontab -l

It will locally list the crontab from remote user "user".

Note I've never used emacs, so dunno if ssh is allowed !

Re: how to change default nameserver?

[gene heskett]

On 4/9/23 11:04, Greg Wooledge wrote:

On Sun, Apr 09, 2023 at 04:53:17PM +0200, zithro wrote:

- Either you use DHCP, and the DNS will be provided by the DHCP server, so
don't touch resolv.conf (the DHCP server CAN provide 127.0.0.1 as DNS
server)
- or you use static addressing, and you can simply remove the dhcp-client
package, so resolv.conf will be left alone.


That's not always true.  Sometimes you want the IP address from DHCP,
but you want to provide your own DNS.  There are LOTS of scenarios where
this is desirable.

That's why this is such an important topic, and why it keeps coming up
over and over again.

That's why we have a wiki page which describes several different solutions,
so that each sysadmin who runs into this problem can find a suitable one.

https://wiki.debian.org/resolv.conf

.

Thank you for that link Greg.

This explains it better than I do, but if history is any indicator, it 
will be made useless by bookworm.  Thanks Greg, it may contain some clue 
as to why printers on this machine, all marked shared, cannot be used by 
other bullseye installs, Other buster installs however can use them just 
fine. My logs claim the client is not sending any authorization. Yet all 
clients claim DefaultAuthorization is Basic.


Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: ICMP router advertisement (ipv4)

[Michel Verdier]

Le 9 avril 2023 Tim Woodall a écrit :

>>> Apr  9 06:27:48 ... IN=isp OUT= MAC=... SRC=1.0.168.192 DST=224.0.0.1 ... 
>>> PROTO=ICMP TYPE=9 CODE=0

This log is generated on your host? It comes directly from syslog or from
a reporting tool?

> I don't get a routable IPv4 address at all. My router is doing DS-lite
> to emulate IPv4 connectivity.

your host have ipv6 and ipv4 addresses or only ipv4 ?
on your host can you give
ip route
ip -6 route
ip address

obfuscate if you want but let internal addresses, it's not a security
hole

> More annoyingly, there doesn't seem to be any way to tell the router
> what the next hop router is for IPv6 and it doesn't forward packets for
> any IP it doesn't know about - even with the firewall turned off.

this is correct, it needs to know where you are to send you packets
icmp type 9 are for that

> So, even though it advertises a /57 on its internal interface, I'm being
> forced to do NAT in order to have a firewall.

I don't understand : if it don't forward, where do you do NAT ?

> I cannot see packets for any address other than those in one /64
> although a traceroute shows they're getting to the router.

You mean you have addresses on the /57 but you can't contact other /64 ?
it seems like a subnet restriction set on the router, and rather common
only a configuration point

Re: apt temporary failure resolving deb.debian.org

[Lee]

On 4/9/23, Tim Woodall  wrote:
> On Sun, 9 Apr 2023, Badli Al Rashid wrote:
>
>> Hi All,
>>
>> Gooday everybody. Anyone having temporary failure when running apt update
>> with own bind local resolver ? I got a temporary failure resolving
>> deb.debian.org and www.debian.org since last week thursday. I can resolve
>> other sites like www.kernel.org and others.
>>
>> When I switch to other DNS servers I can resolve www.debian.org.
>>
>> The command dig with +cd option I was able to resolve dwb.debian.org and
>> www.debian.org.
>>
>> I am using bullseye bind packages and then upgraded to bind to sury to
>> test. It is still the same.
>>
>
> I've also been having severe problems resolving debian.org domains.
>
> I've now turned off dnssec validation on my bind server.
>
>
> //
>  // If BIND logs error messages about the root key being expired,
>  // you will need to update your keys.  See
>  // https://www.isc.org/bind-keys
>
> //
>  dnssec-validation no;

If it was "yes" that might be the problem.

  dnssec-validation auto;
 # If dnssec-validation is set to auto, then a default trust
anchor for the DNS root zone will be used.
 # If it is set to yes, however, then at least one trust anchor
must be configured with a trusted-keys
 #or managed-keys statement in named.conf, or DNSSEC
validation will not occur.
 # The default setting is yes.

The only DNS issues I've noticed are NTP starting before BIND at boot
time and all the
  N.debian.pool.ntp.org
queries failing until bind is up and running.

Regards
Lee

Re: apt temporary failure resolving deb.debian.org

[Andy Smith]

Hi Badli,

On Sun, Apr 09, 2023 at 07:59:32AM +, Badli Al Rashid wrote:
> I got a temporary failure resolving deb.debian.org and
> www.debian.org since last week thursday. I can resolve other sites
> like www.kernel.org and others.
> 
> When I switch to other DNS servers I can resolve www.debian.org.

Any clue in the logs of your bind9 resolver?

If you are able to install "delv", what does that say?

$ delv -t cname deb.debian.org
; fully validated
deb.debian.org. 3567IN  CNAME   debian.map.fastlydns.net.
deb.debian.org. 3567IN  RRSIG   CNAME 8 3 3600 20230512040858 
20230402034640 32728 debian.org. 
rFqk+TkAJPOXTbQl8irQJyMGjsL8yXMxFgxglzGC+7GaydpbQGEYaiOE 
FLHKy4dPshKq0pq5O8l+hw/gG3dgWg+fYkskltkGJyk8VNBnbgTM3Szm 
M2QjRR7x7hKitr61YrUkVCpZCroiKtZfat/0l42EWV24FewvatX9mBge 
VYzlUSrOchLHC7TjBOpxyA7Ta6ll4YIDDgMSZi4HxMMhjPdzGs2H/o8D 
CrKUmSE9VBhRoclczsBbMENUftKR0XOl

It does seem like your ;local resolver is at fault when it comes to
DNSSEC.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

[Solved] Which Diff tool could I use for visually comparing two text files where Word Wrap is possible?

[Susmita/Rajib]

As mentioned in the following email:

To: debian-user@lists.debian.org
Subject: Re: Which Diff tool could I use for visually comparing two
text files where Word Wrap is possible?
From: "Susmita/Rajib" 
Date: Sat, 8 Apr 2023 23:12:57 +0530
Message-id: <[]
CAEG4cZWR7jFCnPXqdq29qSq=okxpuaduzzum4uufk48tp_p...@mail.gmail.com>

[   ...   ]

Thank you, Mr. Davidson, Mr. Sascha Steinbiss, Mr. Jeff Kaufman, Mr.
l0f4r0 and my senior members and leaders of the Debian Universe who
interacted with me in this thread to help me fulfil my needs with
diff. I apologise that I didn't thank you by name.

Thank you all once again.

Best wishes,
Rajib
Etc.

Re: questions about cron.daily

[David Wright]

On Thu 06 Apr 2023 at 18:54:31 (-0400), Greg Wooledge wrote:
> On Thu, Apr 06, 2023 at 05:45:08PM -0500, David Wright wrote:
> > Users (including root) write their crontabs anywhere they like,
> > typically in a directory like ~/.cron/.
> 
> Is that... normal?  I can't say I've ever seen anyone keep a private
> copy of their crontab in their home directory like that.

Well, it's pretty normal if you use the first form of the command,
though there's no special need for it to be either in the home
directory or private.

> Most people just use "crontab -e" to edit the system's copy of their
> personal crontab...
> 
> > They then have to be installed
> > with crontab, which copies them into /var/spool/cron/crontabs/.
> 
> ... which lives there.

That's the workflow I might have used thirty years ago when I was
a plain old user of a university unix system with likely zero to
one lines of crontab and no need to think about backups. But that's
the old normal, which I'd find rather inflexible now. For example,
if you're busy editing crontab and it's time to go home, then you
either save it and it immediately becomes the active copy, or you
abandon editing, or you save it to some file before abandoning.
Say what? Isn't that a private copy?

Next month, or whenever, I'll be installing bookworm into the other
root partition on this machine. I'll want to copy (and preen, maybe)
my personal crontab from bullseye into bookworm.

IOW, while I run crontab -e on bookworm, inside my emacs session,
I want a subshell to run crontab -l, but the latter has to run on
bullseye in order to pick up the old crontab. I'm not sure how
I would do that.

Before very long, I'll be travelling again, taking one of my
laptops with me. It's roles at home and away are completely
different, so I switch crontabs for the duration, not with
crontab -e but with crontab ~/.cron/.
And that command is in a script that takes care of other
changes that need to be made for its travelling role.

I populate my ~/.cron directory with anything to do with cron,
like the scripts¹ that some crontab entries run, the crontabs
that I push to my other machines, and a copy of root's crontab
for when the occasion might arise to migrate a personal job to
being a systemwide one. And as it's all under my home directory,
it gets backed up too. (I don't backup /var/spool/.)

I also keep there the ephemeral files that control unattended
recording of live radio (via LineInput), because that system is
driven by a cron job running each minute. So an empty file like
.cron/2023-04-09-06-55-rk2wav-190 would record three hours on
Sunday morning. (I've been running this for over two decades,
though it doesn't get a fraction of the use that it did in the
days before BBC iplayer.)

¹ ISTR you had misgivings about that a couple of years ago.

Cheers,
David.

Re: Debian Bookworm RC 1 installer- a Bug?

[David Wright]

On Wed 05 Apr 2023 at 07:03:41 (-0700), Peter Ehlert wrote:
> Debian Bookworm RC 1 installer
> Damned nice, the improvements are appreciated.

I ran rc1 in my usual manner, and the only difference I noticed was
the one extra question about non-free firmware, to which I replied
yes. (There may well be improvements under the hood, so to speak.)
Oh, and the initrd is somewhat larger, as per usual.

> using the new debian-bookworm-DI-rc1-amd64-netinst.iso
> Legacy install, GPT partition

I assume Legacy means BIOS booting. Same here, but only one disk.

> graphic install, manual partitioning
> Mate Desktop (others were deselected)

Non-graphical here, a suitable partition existed, and only
standard and SSH server software was installed.

> WiFi firmware:

Untested as this machine is a 2006-vintage mini-tower lacking wifi.

[ snipped narrative of later network-switching ]

> Boot Loader:
> all disk drives were detected, however the one with the bios_grub
> partition was highlighted

I can't recall seeing anything other than the first item highlighted,
ie "Enter device manually", at least with the non-graphical installer
in expert mode. I selected the (sole) hard drive, item 2. The only
remaining item was the USB stick containing the installer ISO.

As expected nowadays, when the machine rebooted, the Grub menu
had only two lines, both pointing to the newly installed system.
(I hadn't made any attempt to counteract GRUB_DISABLE_OS_PROBER
during my installation.) So Grub was correctly installed in the
MBR, and the rest of Grub occupied d400 bytes of /dev/sda1 (the
3MB BIOS boot partition on the single disk).

> =
> second try, using the debian-live-bkworm-DI-rc1-amd64-mate.iso
> same machine and again Legacy install, GPT partition
> however I did NOT install from the live session:
> I chose to go directly to install rather than the Calamares installer
> then manual partitioning
> 
> Boot Loader:
> all drives were detected, however the one with the bios_grub partition
> was NOT highlighted, but I did select it.
> GRUB was Not properly installed, my former grub menu was still active.

How did you determine that it was the previous menu. Wouldn't it look
just the same?

> *** I tried a second time, same as above being super careful, same result.
> 
> I then booted with my default system, ran grub-install /dev/sde &&
> update-grub
> then "new" system was on my boot menu.
> then booted and it ran as expected.

Which method did you use to boot the "default" system (which I assume
is bullseye, in a different partition on one or other of the disks),
in view of the rather sparse menu from grub.cfg on the new system?

> back to the WiFi dongle, again the obscure firmware was properly installed
> 
> Is this a Bug or a user/hardware issue?

Presumably we are now back to talking about Grub.

If you still have access to the bookworm system, you can check whether
it claimed to have completed installing Grub successfully. You should
see lines like:

  grub-installer: info: Installing grub on '/dev/sda'
  grub-installer: info: grub-install does not support --no-floppy
  grub-installer: info: Running chroot /target grub-install  --force "/dev/sda"
  grub-installer: Installing for i386-pc platform.
  grub-installer: Installation finished. No error reported.
  grub-installer: info: grub-install ran successfully

in /var/log/installer/syslog.

You could install and run boot-info-script, which provides details of
how the system boots, particularly where the MBR code looks for the
BIOS boot partition (ie core.img). BTW do any other disks in this
machine have BIOS boot partitions? (I've one on all my internal disks.)

But as far as we're concerned, I think more information is needed,
like what disks there are on the system, which disk the BIOS is
reading the MBR from, the final listing from the partitioner,
particularly any BIOS boot partitions, and so on. Without all that
in the narrative, there's no telling whether it's a bug or not.

Cheers,
David.

Re: USB-slot for to play MP3

[Emanuel Berg]

Stefan Monnier wrote:

>> Matter is that radio has USB-slot for to play MP3 files but
>> when I plug a stick (which played on computer) in radio
>> just something are clicking and does not play nothing.
>
> I think the main issues that can show up are: - the format
> of the fileystem (VFAT is probably the safest bet) - the
> format of the music files (MP3 is the safest bet) - the
> location of those files (AFAIK there is no agreed standard
> here, so you'll have to check the radio's manual; but maybe
> a good first try is to just put all the files in the main
> directory).

Check out this list,

  https://dataswamp.org/~incal/data/MM

[ it is to have stuff without having it, which is much more
  difficult - well, obviously - still, some knowledge can be
  acquired that way for those who look, and compile text
  files. ]

*secret*

-- 
underground experts united
https://dataswamp.org/~incal

Re: my immature thoughts on perl

[Emanuel Berg]

Andrew M.A. Cater wrote:

> You don't want to believe that - Epimenides the Cretan
> asserts that "all Cretans are liars"

Face it, the Greek invented it, the Italians (Romans)
perfected/spread it ...

All honor to diplomacy, you are not going to expect me to say
anything else, I think our advantages to the game - let's just
say part of the game is getting the advantages.

-- 
underground experts united
https://dataswamp.org/~incal

Re: my immature thoughts on perl

[Emanuel Berg]

Stefan Monnier wrote:

 I usually taunt people with "All generalizations suck".
>>>
>>> Can't it be the exception to confirm the rule?
>>
>> There is a barber in Crete who shaves all men who don't
>> shave themselves
>
> You're just pointing out that *impredicative*
> generalizations suck even more than the rest.

While - and quite obvious to most observers - or I should say
"clear", not obvious - still, it's enough to function as an
example to the opposite.

[ Note: This is assuming an inclusive superset. And to be
  honest, I stayed att that assumption since - indeed - how
  would that work - inheritance would be one the transparent
  or multiple interface allowed but in practice you tend to
  use, I don't know, two or three hundreds, tops? ]

-- 
underground experts united
https://dataswamp.org/~incal

Re: cups not sharing printers with other bullseye machines

[Gareth Evans]

On Sat  8 Apr 2023, at 22:12, gene heskett  wrote:
> On 4/8/23 02:40, Gareth Evans wrote:
>> On Sat  8 Apr 2023, at 03:20, gene heskett  wrote:
>>> Greetings all;
>>>
>>> Where do I turn on cups debugging so I'll see every bit of traffic
>>> addressed to cups from my local 192.168/xx.yy network?
>>>
>>> The problem is: other buster machines on this local network can see and
>>> use the two brother printers just as if the printer was local to that
>>> buster machine.
>>>
>>> But no bullseye, debian or armbian can see anything at
>>> localhost:631/printers except the search screen when there are no printers.
>>>
>>> These printers are marked as shared in this bullseye machines /etc/cups
>>> files.
>>>
>>> There's a new roadblock someplace, I've asked about before. I'd like to
>>> find it.
>>>
>>> Buster machines can, other bullseye machines can't.
>>>
>>> Thank you.
>>>
>>> Cheers, Gene Heskett.
>>> -- 
>>> "There are four boxes to be used in defense of liberty:
>>>soap, ballot, jury, and ammo. Please use in that order."
>>> -Ed Howdershelt (Author, 1940)
>>> If we desire respect for the law, we must first make the law respectable.
>>>- Louis D. Brandeis
>>> Genes Web page 
>> 
>> Hi Gene,
>> 
>> Not sure if CUPS debugging may be helpful, see eg.
>> 
>> https://sysadminera.com/2020/09/10/linux-how-to-enable-and-capture-cups-debugging-logs/
>> 
> The most intelligent output I can get from the error_log on one of the 
> armbian bullseye machines is a garbled attempt to open a pipe (I think)
> from that log a snippet is attached. Tail end of a cups restart. Looks 
> like something in the name resolution is totally fubar to me.
>
> But, I can send ff to the exact entry in client.conf, and it can see all 
> the shared printers here on this machine. But cups on that machine can't.
>
>> But first, I seem to recall you removed avahi and cups-browsed from Bullseye 
>> machines.  Is that correct?  Do the Buster machines have either or both of 
>> those installed?
>
> avahi and cups-browsed have both been re-installed on that armbian machine.
> And its networking continues to work thru a reboot, something I could 
> not do at the original install.
> Then I check this machines error_log which is flooded with thousands of 
> lines of this from my attempts to get a printer list on the armbian machine:
>
> E [08/Apr/2023:12:25:16 -0400] [Client 18] Returning IPP 
> server-error-version-not-supported for CUPS-Get-Printers (no URI) from 
> 192.168.71.12.
> E [08/Apr/2023:12:25:16 -0400] [Client 18] Returning IPP 
> server-error-version-not-supported for CUPS-Get-Default (no URI) from 
> 192.168.71.12.
> E [08/Apr/2023:12:25:16 -0400] [Client 18] Returning IPP 
> server-error-version-not-supported for CUPS-Get-Printers (no URI) from 
> 192.168.71.12.
> E [08/Apr/2023:12:25:16 -0400] [Client 18] Returning IPP 
> server-error-version-not-supported for CUPS-Get-Default (no URI) from 
> 192.168.71.12.
> E [08/Apr/2023:12:25:16 -0400] [Client 18] Returning IPP 
> server-error-version-not-supported for CUPS-Get-Printers (no URI) from 
> 192.168.71.12.
>
> So the armbian machine is trying, and its this machine that is rejecting 
> its attempts.  That's progress ;o)>
>
> Whats next?
>
> Thanks Gareth, take care and stay well.
>
> Cheers, Gene Heskett.
> -- 
> "There are four boxes to be used in defense of liberty:
>   soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author, 1940)
> If we desire respect for the law, we must first make the law respectable.
>   - Louis D. Brandeis
> Genes Web page 
>
> Attachments:
> * cups-error-log

> server-error-version-not-supported for CUPS-Get-Printers (no URI) from 
> 192.168.71.12.

The only reference to this error I could find was this

https://bbs.archlinux.org/viewtopic.php?id=168485

which (a long time ago) seems to have been resolved by using matching cups 
versions.

I find my Brother MFC-L2740DW is only detected on Bullseye if both devices use 
the same wifi band (the printer supports only 2.4GHz).  I'm sure this was never 
a thing in Buster, but I may have switched bands at some point and forgotten 
about having done that.  I imagine it could conceivably be due to a dodgy ISP 
router firmware update too.  

Are either of the printers you want access to from Bullseye currently shared 
via Buster CUPS, or Bullseye CUPS, or just via own wifi?  

HL-L2320D seems to be USB-only.  MFCJ6920DW seems to support both airprint but 
this may be susceptible to the wifi band thing.

If shared via Buster CUPS, does Bullseye (with cups-browsed installed) fail to 
detect these queues?  

Is one or more firewalls involved?  Does it make any difference if this/these 
are temporarily disabled?

cups-browsed here doesn't interfere with Brother drivers, but only "applies" 
them to printers specifically added with those drivers selected.  As I can't 
reproduce the behaviour you report, are you by any chance 

Re: apt temporary failure resolving deb.debian.org

[Tim Woodall]

On Sun, 9 Apr 2023, Badli Al Rashid wrote:


Hi All,

Gooday everybody. Anyone having temporary failure when running apt update with 
own bind local resolver ? I got a temporary failure resolving deb.debian.org 
and www.debian.org since last week thursday. I can resolve other sites like 
www.kernel.org and others.

When I switch to other DNS servers I can resolve www.debian.org.

The command dig with +cd option I was able to resolve dwb.debian.org and 
www.debian.org.

I am using bullseye bind packages and then upgraded to bind to sury to test. It 
is still the same.



I've also been having severe problems resolving debian.org domains.

I've now turned off dnssec validation on my bind server.


//
// If BIND logs error messages about the root key being expired,
// you will need to update your keys.  See
// https://www.isc.org/bind-keys

//
dnssec-validation no;


Tim.

Re: USB-slot for to play MP3

[Stefan Monnier]

fuf [2023-04-09 11:47:21] wrote:
> Matter is that radio has USB-slot for to play MP3 files but when I plug a
> stick (which played on computer) in radio just something are clicking and
> does not play nothing.

I think the main issues that can show up are:
- the format of the fileystem (VFAT is probably the safest bet)
- the format of the music files (MP3 is the safest bet)
- the location of those files (AFAIK there is no agreed standard here,
  so you'll have to check the radio's manual; but maybe a good first try
  is to just put all the files in the main directory).


-- Stefan

Re: ICMP router advertisement (ipv4)

[Tim Woodall]

On Sun, 9 Apr 2023, Michel Verdier wrote:


Le 9 avril 2023 Tim Woodall a ?crit :


They're not causing me any issues but is it expected that the IP address
is reversed in these messages?

Apr  9 06:27:48 ... IN=isp OUT= MAC=... SRC=1.0.168.192 DST=224.0.0.1 ... 
PROTO=ICMP TYPE=9 CODE=0


No IP are never reversed in iptables/nftables logs as effectively it
seems to be in your log. But :

$ host 1.0.168.192
192.168.0.1.in-addr.arpa domain name pointer 
node-81s.pool-1-0.dynamic.totinternet.net.
$ whois 1.0.168.192
% [whois.apnic.net]
% Whois data copyright termshttp://www.apnic.net/db/dbcopyright.html

% Information related to '1.0.128.0 - 1.0.191.255'

% Abuse contact for '1.0.128.0 - 1.0.191.255' is 'ab...@totisp.net'

inetnum:1.0.128.0 - 1.0.191.255
netname:TOTNET
descr:  Dynamic IP Address for residential Broadband Customers

Is this your ISP ?




No. I'm in Ireland. My router's IP is 192.168.0.1. I suspect an
endianness bug.

I don't get a routable IPv4 address at all. My router is doing DS-lite
to emulate IPv4 connectivity.

More annoyingly, there doesn't seem to be any way to tell the router
what the next hop router is for IPv6 and it doesn't forward packets for
any IP it doesn't know about - even with the firewall turned off.

So, even though it advertises a /57 on its internal interface, I'm being
forced to do NAT in order to have a firewall.

I cannot see packets for any address other than those in one /64
although a traceroute shows they're getting to the router.

I even tried advertising a /58 in the hopes that the a shorter prefix
might work but that was to no avail.

Tim.

Re: my immature thoughts on perl

[Andrew M.A. Cater]

On Sun, Apr 09, 2023 at 11:18:14AM -0400, Stefan Monnier wrote:
> >> > I usually taunt people with "All generalizations suck".
> >> Can't it be the exception to confirm the rule?
> > There is a barber in Crete who shaves all men who don't
> > shave themselves [1].
> 

You don't want to believe that - Epimenides the Cretan asserts that "all
Cretans are liars"

> You're just pointing out that *impredicative* generalizations suck even
> more than the rest.
> 
> 
> Stefan
>

All best, as ever,

Andy 

Re: how to change default nameserver?

[Greg Wooledge]

On Sun, Apr 09, 2023 at 04:53:17PM +0200, zithro wrote:
> Also, the line "search hosts, nameserver" is wrong. The place to put such
> settings is "/etc/nsswitch.conf".
> "search" is used to resolve hostnames to FQDN.
> So if you put "search example.com", and you try to connect to a machine with
> for example "ssh hostname", the DNS client will try to append example.com to
> hostname, and try to resolve "hostname.example.com".

Welcome to the Gene Heskett show, starring Gene Heskett.

We've told Gene that his configuration is wrong *so* many times, over
*so* many years.  There are very many, very long, threads dedicated to
trying to help Gene get his network configuration to a sane state.

I recommend not trying again, but it's up to you.  Maybe you'll succeed
where everyone else has failed... I doubt it, but I can't rule it out.

Re: my immature thoughts on perl

[Stefan Monnier]

>> > I usually taunt people with "All generalizations suck".
>> Can't it be the exception to confirm the rule?
> There is a barber in Crete who shaves all men who don't
> shave themselves [1].

You're just pointing out that *impredicative* generalizations suck even
more than the rest.


Stefan

Re: how to change default nameserver?

[Greg Wooledge]

On Sun, Apr 09, 2023 at 04:53:17PM +0200, zithro wrote:
> - Either you use DHCP, and the DNS will be provided by the DHCP server, so
> don't touch resolv.conf (the DHCP server CAN provide 127.0.0.1 as DNS
> server)
> - or you use static addressing, and you can simply remove the dhcp-client
> package, so resolv.conf will be left alone.

That's not always true.  Sometimes you want the IP address from DHCP,
but you want to provide your own DNS.  There are LOTS of scenarios where
this is desirable.

That's why this is such an important topic, and why it keeps coming up
over and over again.

That's why we have a wiki page which describes several different solutions,
so that each sysadmin who runs into this problem can find a suitable one.

https://wiki.debian.org/resolv.conf

Re: how to change default nameserver?

[zithro]

On 09 Apr 2023 14:14, gene heskett wrote:

I'm not sure, and my methods have been heavily denegrated by the dhcp 
fans, but in my case with a many machine local net, and no dhcpd running 
on the system, and the changes with each new release, I find the one 
repeatable method to solve dns problem, is to compose an 
/etc/resolv.conf with 2 lines:


mameserver ipv4 address of router
search hosts, nameserver

And sudo chattr +i /etc/resolv.conf

quickly so NM can't change it. It will remove the search line, killing 
your local network, in which case you can ping yahoo.com, but not 
another machine on your local net. Your ISP's dns has no knowledge of 
your local net which is as it should be.


My router runs something like dnsmasq as its running dd-wrt, and 
theoretically a dns request then searchs the host file for a matching 
name, failing that my whole local system then query's the router, which 
if not cached by dnsmasq, sends the query on to my ISP's dns server, and 
I get answers in around 30 milliseconds. And it all just works. With the 
router NAT-ing, all machines here can browse the whole planet, as 
transparently as border facilities allow.


It seems you misconfigured a few things.
- Either you use DHCP, and the DNS will be provided by the DHCP server, 
so don't touch resolv.conf (the DHCP server CAN provide 127.0.0.1 as DNS 
server)
- or you use static addressing, and you can simply remove the 
dhcp-client package, so resolv.conf will be left alone.


Also, the line "search hosts, nameserver" is wrong. The place to put 
such settings is "/etc/nsswitch.conf".

"search" is used to resolve hostnames to FQDN.
So if you put "search example.com", and you try to connect to a machine 
with for example "ssh hostname", the DNS client will try to append 
example.com to hostname, and try to resolve "hostname.example.com".


Finally, if using static addressing, I can't see why NetworkManager is 
useful.


So to recap, if your LOCAL domain is example.com, and your DNS server is 
192.168.1.1, a resolv.conf would look like:

# /etc/resolv.conf
nameserver 192.168.1.1
search example.com
#

Man pages:
man resolv.conf
man nsswitch.conf

Re: Getting Admin Rights

[debian-user]

Aren Vardhan  wrote:
> It worked, thanks a lot for your help.
> 
> Can you also help me in installing the Damask software in My debian
> OS. I am not able locate the package through the sudoers.

If you mean https://damask.mpie.de/ then a quick look at
https://damask.mpie.de/installation/index.html leads to
https://damask.mpie.de/installation/package_manager.html#debian and
thence to https://build.opensuse.org/package/show/home:MarDieh/damask
and between them they give details of what's available.

> On Sun, Apr 9, 2023, 16:19 Timothy M Butterworth <
> timothy.m.butterwo...@gmail.com> wrote:  
> 
> >
> >
> > On Sun, Apr 9, 2023 at 6:39 AM Aren Vardhan
> >  wrote:
> >  
> >> Hello, I am Aren Vardhan, a Graduate Student. I am reaching out to
> >> you to help me with the User Access. I recently installed the
> >> Debian 11 Operating System for a project purpose. I want to get
> >> permitted the Admin Rights to my system so that I can install the
> >> Damask software using Sudo commands. Please do the needful and let
> >> me know how to proceed.
> >>
> >> Thanks & Regards,
> >> Aren Vardhan Pilli
> >>  
> >
> > As root run:
> >
> > usermod -a -G sudo 
> >
> > Log off and log back in and you should be able to run sudo.
> >
> > Tim
> > --
> > ⢀⣴⠾⠻⢶⣦⠀
> > ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
> > ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
> > ⠈⠳⣄⠀⠀
> >  

Re: Getting Admin Rights

[Aren Vardhan]

It worked, thanks a lot for your help.

Can you also help me in installing the Damask software in My debian OS. I
am not able locate the package through the sudoers.

On Sun, Apr 9, 2023, 16:19 Timothy M Butterworth <
timothy.m.butterwo...@gmail.com> wrote:

>
>
> On Sun, Apr 9, 2023 at 6:39 AM Aren Vardhan 
> wrote:
>
>> Hello, I am Aren Vardhan, a Graduate Student. I am reaching out to you to
>> help me with the User Access. I recently installed the Debian 11 Operating
>> System for a project purpose. I want to get permitted the Admin Rights to
>> my system so that I can install the Damask software using Sudo commands.
>> Please do the needful and let me know how to proceed.
>>
>> Thanks & Regards,
>> Aren Vardhan Pilli
>>
>
> As root run:
>
> usermod -a -G sudo 
>
> Log off and log back in and you should be able to run sudo.
>
> Tim
> --
> ⢀⣴⠾⠻⢶⣦⠀
> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
> ⠈⠳⣄⠀⠀
>

Re: how to change default nameserver?

[Dan Ritter]

gene heskett wrote: 
> I should have qualified that advice as this machine will never be moved
> beyond its quasi annual trip to the back porch for an air hose D Not a
> lappy, but a huge tower.


I think you'll be fine, Gene.

-dsr-

Re: Re : Re: Debian et clients legers

[Hugues Larrive]

Bonjour,

Comme nous sommes sur des listes francophones, j'ai pensé qu'il serait utile de 
donner le lien vers la traduction française de la documentation :
https:/https://jenkins.debian.net/userContent/debian-edu-doc/debian-edu-doc-fr/debian-edu-bookworm-manual.html


@+
Hugues

--- Original Message ---
Le dimanche 9 avril 2023 à 07:40, Alex PADOLY  a 
écrit :


> Bonjour à tous,
> 

> 

> 

> Je reviens vers vous pour avoir des conseils.
> 

> À partir du schéma de réseau type que vous pouvez voir en cliquant sur le 
> lien ci-dessous:
> 

> https://wiki.debian.org/DebianEdu/Documentation/Bookworm/AllInOne
> 

> Est-il possible dans un but de formation de supprimer la gateway 10.0.0.1 et 
> le swxitch 10.0.0.0/8
> 

> N'hésitez pas à me donner des conseils, j'ai déjà récupéré de vieux PC, et je 
> vais commencer à me former au second semestre.
> 

> Merci à tous!
> 

> 

> 

> Bon dimanche!
> 

> 

> 

> 

> 

> 

> 

> 

> 

> 

> 

> Le 2023-03-18 23:15, Hugues Larrive a écrit :
> 

> > Bonjour,
> > 

> > --- Original Message ---
> > Le samedi 18 mars 2023 à 18:06, Jean-Pierre Giraud 
> >  a écrit :
> > 

> > 

> > 

> > 

> > 

> > > Bonjour,
> > > Le samedi 18 mars 2023 à 15:59 +0300, Alex PADOLY a écrit :
> > 

> > 

> > 

> > > > Bonjour à tous,
> > 

> > 

> > 

> > > > Que faudrait-il en termes de matériel pour faire fonctionner 3 clients
> > > > légers sous Debian GNU/Linux dans un logement.
> > > > Les 3 postes clients seront utilisés pour faire des taches
> > > > bureautiques, de l'Internet classique, écouter de la musique, regarder
> > > > des vidéos, éventuellement des films.
> > > > Occasionnellement, ces clients légers pourront faire du petit montage
> > > > vidéo et du graphisme (Blender).
> > 

> > 

> > 

> > > > En terme système d'exploitation, existe-t-il des paquets Debian
> > > > spécifiques pour faire cela, connaissez-vous une ressource détaillée
> > > > sur le sujet.
> > 

> > 

> > 

> > > > MERCI BEAUCOUP!
> > 

> > 

> > 

> > > Il existe une solution de réseau complet avec des services réseau
> > > préconfiguré, c'est le mélange (blend) debianedu/skolelinux. C'est une
> > > solution consacré au milieu scolaire (donc avec des logiciels éducatifs)
> > > mais le versant réseau est conçu pour être mis en œuvre facilement. Le
> > > système dispose d'une documentation détaillée (traduite en français qui
> > > plus est ...)
> > > voir la page d'accueil : https://blends.debian.org/edu/
> > > Amicalement
> > > jipege
> > 

> > 

> > +1 pour debianedu/skolelinux qui intègre tout ce qu'il faut et est bien
> > documentée. Elle inclut un utilitaire web (gosa2) pour gérer les machines
> > et les utilisateurs dans un annuaire ldap ainsi que des scripts pour
> > générer des images système pour les clients léger. Elle gère aussi les
> > services PXE et TFTP pour les clients (lourd) "diskless" et/ou légers
> > (x2go). C'est un peu "overkill" d'utiliser ldap pour 3 clients mais c'est
> > un bon point de départ pour comprendre les technologies sous-jacentes.
> > 

> > @+
> > Hugues
> 

> 


publickey - hlarrive@pm.me - 0xE9429B87.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: how to change default nameserver?

[gene heskett]

On 4/9/23 06:59, Dan Ritter wrote:

Timothy Butterworth wrote:

After you edit resolv.conf make the file immutable with chattr. Chattr +i makes 
immutable chattr -i removes immmutable.



This works, but you should also leave yourself a comment in the
file to prevent later confusion.

It's also unsuitable for most laptops, or other situations where you
ever want an automatic process to change the resolv.conf file

-dsr-

.
I should have qualified that advice as this machine will never be moved 
beyond its quasi annual trip to the back porch for an air hose D Not 
a lappy, but a huge tower.


Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: how to change default nameserver?

[gene heskett]

On 4/9/23 06:51, Nicolas George wrote:

Timothy Butterworth wrote:

After you edit resolv.conf make the file immutable with chattr. Chattr

+i makes immutable chattr -i removes immmutable.


This should be an immediate ban!

Timothy M Butterworth (12023-04-09):

I have Google DNS hardcoded on my laptop. Few networks block outbound DNS
traffic. I have never had any issues with it.


I understand why Windows and Mac users would sell their privacy to
Google to avoid the bugs on their systems.

But Debian user just have to apt-get install unbound to have the best of
it.

Regards,


Please tell us more, Nicolas.

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: how to change default nameserver?

[gene heskett]

On 4/9/23 05:05, Timothy Butterworth wrote:

After you edit resolv.conf make the file immutable with chattr. Chattr +i makes 
immutable chattr -i removes immmutable.

On April 9, 2023, at 4:51 AM, Christoph Brinkhaus  
wrote:

Am Sun, Apr 09, 2023 at 04:20:49PM +0800 schrieb cor...@free.fr:

greetings,

I know I can edit the entries in /etc/resolv.conf, but it will be
overwritten by DHCP server.
I searched the internet and got one of the answers:

apt install resolvconf
echo "nameserver 127.0.0.1" >> /etc/resolvconf/resolv.conf.d/head

what's the difference for /etc/resolv.conf and the method above?
  
There is a thrid method I use. I have add the following lines to

/etc/dhcp/dhclient.conf:

interface "bond0" {
supersede domain-name-servers 127.0.0.1;
}

My interface is bond0. Yours might be different.



That got changed in my install of bullseye. It might work to add that as 
a final stanza by copy/pasting the buster version, but its not been 
tried with bullseye, by me.



Kind regards,
Christoph


Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: how to change default nameserver?

[Greg Wooledge]

On Sun, Apr 09, 2023 at 04:20:49PM +0800, cor...@free.fr wrote:
> I know I can edit the entries in /etc/resolv.conf, but it will be
> overwritten by DHCP server.

https://wiki.debian.org/resolv.conf

Re: Which Diff tool could I use for visually comparing two text files where Word Wrap is possible?

[Greg Wooledge]

On Sun, Apr 09, 2023 at 03:13:22PM +0530, Susmita/Rajib wrote:
> I apologise I didn't get you. Do you not want me to quote the following 
> portion?



Perhaps you don't understand what your own messages look like.  Therefore,
the best advice I can give you is to look at them through an external
lens.

Here's a message from this thread which is written in a "normal" way,
conforming to the standards and expectations of Internet email:

https://lists.debian.org/debian-user/2023/04/msg00339.html

And here's one of yours:

https://lists.debian.org/debian-user/2023/04/msg00350.html

Compare and contrast.

Re: how to limit a CPU temperature?

[Emanuel Berg]

Darac Marjal wrote:

> As an alternative, you could try writing a small shell
> script that works like the following (pseudocode):
>
>  STOP_TEMP=70
>  START_TEMP=65
>  JOB_RUNNING=1
>
>  while true:
>cpu_temp=$(cat /sys/something/temperature)
>
>if JOB_RUNNING and cpu_temp > STOP_TEMP:
>  systemctl stop something.service
>  JOB_RUNNING=0
>elif not JOB_RUNNING and cpu_temp < START_TEMP:
>  systemctl start something.service
>  JOB_RUNNING=1
>endif
>
>sleep 1
> wend

Maybe the software scheduler should already schedule
optimally, be it preemptive SJF or whatever, anyway so only
possibility to reduce CPU temperature that way is to schedule
less anyway - also backwards, since computing is like the
"king" here it means if heat is a problem, it's not on our
side of it really.

-- 
underground experts united
https://dataswamp.org/~incal

Re: how to limit a CPU temperature?

[Darac Marjal]

On 08/04/2023 15:17, songbird wrote:

   i have a program that has changed it's behavior to suddenly
become a CPU hog (while doing something simple like uploading
files for my website).  probably a bug, but it got me to
wondering how i could limit the CPU temperature to a range
well below the maximum that kicks in by the CPU itself.

   i have an intel processor and it has the MAX which does
prevent it from going higher (100C), but i'd like to keep it
at 70C or lower.

   i've been trying to find anything that will let me set this
but no luck yet in my searches.


You might try combining your queries with terms for various 
CPU-intensive activities such as BOINC, Folding@Home or Bitcoin mining. 
I'm not suggesting your task is related to any of these, but the people 
who do use these programs face similar issues.


For example, there is the TThrottle program for windows which will pause 
BOINC calculations when the CPU temperature goes too high. I don't 
believe that's available for linux, though.


As an alternative, you could try writing a small shell script that works 
like the following (pseudocode):


 STOP_TEMP=70
 START_TEMP=65
 JOB_RUNNING=1

 while true:
   cpu_temp=$(cat /sys/something/temperature)

   if JOB_RUNNING and cpu_temp > STOP_TEMP:
 systemctl stop something.service
 JOB_RUNNING=0
   elif not JOB_RUNNING and cpu_temp < START_TEMP:
 systemctl start something.service
 JOB_RUNNING=1
   endif

   sleep 1
wend




   thanks!  :)


   songbird



OpenPGP_signature
Description: OpenPGP digital signature

Re: how to change default nameserver?

[gene heskett]

On 4/9/23 04:20, cor...@free.fr wrote:

greetings,

I know I can edit the entries in /etc/resolv.conf, but it will be 
overwritten by DHCP server.

I searched the internet and got one of the answers:

apt install resolvconf
echo "nameserver 127.0.0.1" >> /etc/resolvconf/resolv.conf.d/head

what's the difference for /etc/resolv.conf and the method above?


I'm not sure, and my methods have been heavily denegrated by the dhcp 
fans, but in my case with a many machine local net, and no dhcpd running 
on the system, and the changes with each new release, I find the one 
repeatable method to solve dns problem, is to compose an 
/etc/resolv.conf with 2 lines:


mameserver ipv4 address of router
search hosts, nameserver

And sudo chattr +i /etc/resolv.conf

quickly so NM can't change it. It will remove the search line, killing 
your local network, in which case you can ping yahoo.com, but not 
another machine on your local net. Your ISP's dns has no knowledge of 
your local net which is as it should be.


My router runs something like dnsmasq as its running dd-wrt, and 
theoretically a dns request then searchs the host file for a matching 
name, failing that my whole local system then query's the router, which 
if not cached by dnsmasq, sends the query on to my ISP's dns server, and 
I get answers in around 30 milliseconds. And it all just works. With the 
router NAT-ing, all machines here can browse the whole planet, as 
transparently as border facilities allow.


My main problem with each new release is the ever changing methods of 
establishing each machines repeatable, permanent, name and local address 
on a completely static system described in the /etc/hosts file. Reliably 
setting a domainname used to be once and done, but since bullseye its 
only for this reboot, but I've not found a place to make it permanent 
across reboots, yet...


If anyone knows how to do that on bullseye, I'm all ears. Hopefully it 
will continue to work with bookworm but I'm not a betting man. I'm still 
looking for a way to re-establish cups printer sharing, which Just 
Worked with buster, but is now blocked on bullseye from other bullseye 
machines, but still works with buster machines to this bullseye machine. 
WTH???


Thanks for reading, take care and stay well, all.


Thanks & Happy weekend.
corey hickman

.


Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: USB-slot for to play MP3

[tomas]

On Sun, Apr 09, 2023 at 11:47:21AM +, fuf wrote:

[...]

> Maybe whoever suggests what better to format USB-stick for playing
> MP3-files by 'fdisk'?
> I would want to try this way and ask you how to format USB-stick, e.g.
> which file system better, etc.
> I used 'fdisk' for formatting  USB  two years ago and thereat was
> consulting on that site.

Fdisk is for partitioning the disk. Then you have to put a file
system on the partition(s) -- that's what mkfs is for.

Your best chances are if you have a MSDOS partition table with
one primary partition, and put a VFAT file system on that.

Here [1] a thread with the same question and some answers. Don't
hesitate to come back if anything is unclear.

Cheers

[1] https://lists.debian.org/debian-user/2010/09/msg00216.html
-- 
t


signature.asc
Description: PGP signature

Re: how to change default nameserver?

[Dan Ritter]

Timothy M Butterworth wrote: 
> On Sun, Apr 9, 2023 at 6:43 AM Dan Ritter  wrote:
> 
> > Timothy Butterworth wrote:
> > > After you edit resolv.conf make the file immutable with chattr. Chattr
> > +i makes immutable chattr -i removes immmutable.
> >
> >
> > This works, but you should also leave yourself a comment in the
> > file to prevent later confusion.
> >
> > It's also unsuitable for most laptops, or other situations where you
> > ever want an automatic process to change the resolv.conf file
> >
> > -dsr-
> >
> 
> I have Google DNS hardcoded on my laptop. Few networks block outbound DNS
> traffic. I have never had any issues with it.


Mine do. Only the DNS servers are allowed to ask the rest of the
world for DNS.

If you have "smart" devices in your network, it's a good thing
to do. If nothing else, you can block most ads.

-dsr-

USB-slot for to play MP3

[fuf]

Good day.
Matter is that radio has USB-slot for to play MP3 files but when I plug a
stick (which played on computer) in radio just something are clicking and
does not play nothing.
I think the problem is that this my stick consists of separate albums and
radio does not find MP3 files, i.e. name albums interfere.
Perhaps, it need doing that MP3-files begin at once and going without stop,
yet wished file will be selected with buttons on radio, they are there.
Maybe whoever suggests what better to format USB-stick for playing
MP3-files by 'fdisk'?
I would want to try this way and ask you how to format USB-stick, e.g.
which file system better, etc.
I used 'fdisk' for formatting  USB  two years ago and thereat was
consulting on that site.
Alas, almost all is forgotten and there was different purpose of
formatting, but 'fdisk' was used.
Excuse me for my impudence, I hope on help now too.
Thanks all.

apt temporary failure resolving deb.debian.org

[Badli Al Rashid]

Hi All,

Gooday everybody. Anyone having temporary failure when running apt update with 
own bind local resolver ? I got a temporary failure resolving deb.debian.org 
and www.debian.org since last week thursday. I can resolve other sites like 
www.kernel.org and others.

When I switch to other DNS servers I can resolve www.debian.org.

The command dig with +cd option I was able to resolve dwb.debian.org and 
www.debian.org.

I am using bullseye bind packages and then upgraded to bind to sury to test. It 
is still the same.

Below is what happens when I run the commands.

root@www:~# apt update
Hit:1 https://atl.mirrors.knownhost.com/ma
riadb/repo/10.11/debian bullseye InRelease
Hit:2 https://packages.sury.org/bind-dev b
ullseye InRelease
Hit:3 https://repo.dovecot.org/ce-2.3-late
st/debian/bullseye bullseye InRelease
Err:4 http://deb.debian.org/debian bullsey
e InRelease
  Temporary failure resolving 'deb.debian.
org'
Err:5 http://security.debian.org/debian-se
curity bullseye-security InRelease
  Temporary failure resolving 'security.de
bian.org'
Err:6 http://deb.debian.org/debian bullsey
e-updates InRelease
  Temporary failure resolving 'deb.debian.
org'
Err:7 http://deb.debian.org/debian bullsey
e-backports InRelease
  Temporary failure resolving 'deb.debian.
org'
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://deb.debian.org/d
ebian/dists/bullseye/InRelease Temporary
failure resolving 'deb.debian.org'
W: Failed to fetch http://security.debian.
org/debian-security/dists/bullseye-securit
y/InRelease Temporary failure resolving '
security.debian.org'
W: Failed to fetch http://deb.debian.org/d
ebian/dists/bullseye-updates/InRelease Te
mporary failure resolving 'deb.debian.org'
W: Failed to fetch http://deb.debian.org/d
ebian/dists/bullseye-backports/InRelease
Temporary failure resolving 'deb.debian.or
g'
W: Some index files failed to download. Th
ey have been ignored, or old ones used ins
tead.

root@www:~# dig deb.debian.org
;; communications error to 127.0.0.1#53: t
imed out
;; communications error to 127.0.0.1#53: t
imed out

; <<>> DiG 9.19.11-1+0~20230315.91+debian1
1~1.gbp74bfb7-Debian <<>> deb.debian.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SER
VFAIL, id: 8128
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, A
UTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 97b4bde94cfe0c670100643267f8
8fdacbcf84c56d00 (good)
;; QUESTION SECTION:
;deb.debian.org. IN
A

;; Query time: 16 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sun Apr 09 07:23:36 UTC 2023
;; MSG SIZE rcvd: 71

root@www:~#

dig deb.debian.org +cd

; <<>> DiG 9.19.11-1+0~20230315.91+debian1
1~1.gbp74bfb7-Debian <<>> deb.debian.org +
cd
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOE
RROR, id: 65012
;; flags: qr rd ra cd; QUERY: 1, ANSWER: 2
, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: fa4297d4fcd9196101006432682a
84e163acdaca11e0 (good)
;; QUESTION SECTION:
;deb.debian.org. IN
A

;; ANSWER SECTION:
deb.debian.org. 3550 IN CN
AME debian.map.fastlydns.net.
debian.map.fastlydns.net. 30 IN A
199.232.122.132

;; Query time: 20 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Sun Apr 09 07:24:26 UTC 2023
;; MSG SIZE rcvd: 125

dig @8.8.8.8 deb.debian.org

; <<>> DiG 9.19.11-1+0~20230315.91+debian1
1~1.gbp74bfb7-Debian <<>> @8.8.8.8 deb.deb
ian.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOE
RROR, id: 61410
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, A
UTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;deb.debian.org. IN
A

;; ANSWER SECTION:
deb.debian.org. 3471 IN CN
AME debian.map.fastlydns.net.
debian.map.fastlydns.net. 21 IN A
199.232.34.132

;; Query time: 0 msec
;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
;; WHEN: Sun Apr 09 07:25:33 UTC 2023
;; MSG SIZE rcvd: 97


Regards,
-badli

Re: Getting Admin Rights

[Emanuel Berg]

Aren Vardhan wrote:

> Hello, I am Aren Vardhan, a Graduate Student. I am reaching
> out to you to help me with the User Access. I recently
> installed the Debian 11 Operating System for a project
> purpose. I want to get permitted the Admin Rights to my
> system so that I can install the Damask software using Sudo
> commands. Please do the needful and let me know how
> to proceed.

Are the ghost programs to shadow "sudo" in place?

Because if so should work as-if.

-- 
underground experts united
https://dataswamp.org/~incal

Re: Which Diff tool could I use for visually comparing two text files where Word Wrap is possible?

[Brad Rogers]

On Sun, 9 Apr 2023 15:13:22 +0530
"Susmita/Rajib"  wrote:

Hello Susmita/Rajib,

>Sometimes I have difficulties understanding some emails.

That's understandable if, as I'm assuming, English is not your first
language.

>Could you please elaborate a little further please?

Use a quote style like everybody else does.  Do not add all the
references in the body. Doing so serves no purpose.

>My need is fulfilled. So I requested Mr. Davidson's permission to
>close this thread.

You don't need permission, you just thank those that assisted you for
their help, and move on.  You may, also add something like [SOLVED] to
the subject line in that message to make it clear to others that your
needs have been satisfied.

-- 
 Regards  _   "Valid sig separator is {dash}{dash}{space}"
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
But they didn't tell him the first two didn't count
Tin Soldiers - Stiff Little Fingers


pgp_bfGvnJ_Sx.pgp
Description: OpenPGP digital signature

Re: how to change default nameserver?

[Dan Ritter]

Timothy Butterworth wrote: 
> After you edit resolv.conf make the file immutable with chattr. Chattr +i 
> makes immutable chattr -i removes immmutable.


This works, but you should also leave yourself a comment in the
file to prevent later confusion.

It's also unsuitable for most laptops, or other situations where you
ever want an automatic process to change the resolv.conf file

-dsr-

Re: how to change default nameserver?

[Nicolas George]

> > Timothy Butterworth wrote:
> > > After you edit resolv.conf make the file immutable with chattr. Chattr
> > +i makes immutable chattr -i removes immmutable.

This should be an immediate ban!

Timothy M Butterworth (12023-04-09):
> I have Google DNS hardcoded on my laptop. Few networks block outbound DNS
> traffic. I have never had any issues with it.

I understand why Windows and Mac users would sell their privacy to
Google to avoid the bugs on their systems.

But Debian user just have to apt-get install unbound to have the best of
it.

Regards,

-- 
  Nicolas George


signature.asc
Description: PGP signature

Re: Getting Admin Rights

[Timothy M Butterworth]

On Sun, Apr 9, 2023 at 6:39 AM Aren Vardhan 
wrote:

> Hello, I am Aren Vardhan, a Graduate Student. I am reaching out to you to
> help me with the User Access. I recently installed the Debian 11 Operating
> System for a project purpose. I want to get permitted the Admin Rights to
> my system so that I can install the Damask software using Sudo commands.
> Please do the needful and let me know how to proceed.
>
> Thanks & Regards,
> Aren Vardhan Pilli
>

As root run:

usermod -a -G sudo 

Log off and log back in and you should be able to run sudo.

Tim
-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

Re: how to change default nameserver?

[Timothy M Butterworth]

On Sun, Apr 9, 2023 at 6:43 AM Dan Ritter  wrote:

> Timothy Butterworth wrote:
> > After you edit resolv.conf make the file immutable with chattr. Chattr
> +i makes immutable chattr -i removes immmutable.
>
>
> This works, but you should also leave yourself a comment in the
> file to prevent later confusion.
>
> It's also unsuitable for most laptops, or other situations where you
> ever want an automatic process to change the resolv.conf file
>
> -dsr-
>

I have Google DNS hardcoded on my laptop. Few networks block outbound DNS
traffic. I have never had any issues with it.

Tim
-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄⠀⠀

Re: Getting Admin Rights

[Nicolas George]

Aren Vardhan (12023-04-09):
> Hello, I am Aren Vardhan, a Graduate Student. I am reaching out to you to
> help me with the User Access. I recently installed the Debian 11 Operating
> System for a project purpose. I want to get permitted the Admin Rights to
> my system so that I can install the Damask software using Sudo commands.
> Please do the needful and let me know how to proceed.

https://lmgtfy.app/?q=Debian+sudo=1

-- 
  Nicolas George


signature.asc
Description: PGP signature

Getting Admin Rights

[Aren Vardhan]

Hello, I am Aren Vardhan, a Graduate Student. I am reaching out to you to
help me with the User Access. I recently installed the Debian 11 Operating
System for a project purpose. I want to get permitted the Admin Rights to
my system so that I can install the Damask software using Sudo commands.
Please do the needful and let me know how to proceed.

Thanks & Regards,
Aren Vardhan Pilli

Re: Which Diff tool could I use for visually comparing two text files where Word Wrap is possible?

[davidson]

On Sun, 9 Apr 2023 Susmita/Rajib wrote:
[trim]

I just received an email from Mr. Sascha Steinbiss, the maintainer
for icdiff, and tried implementing his advice on columns. I have
received messages from Mr. Jeff Kaufman, the original creator.
Copies of my emails have been sent you too.

My system's screen accommodated upto 170 columns.

icdiff --cols=170 file1.txt file2.txt | less -R


I am glad to learn that the column width switch solved your problem.


So this should rest the case, with your permission.


You are the judge that decides the matter.

Good luck completing your work.

--
Hackers are free people. They are like artists. If they are in a good
mood, they get up in the morning and begin painting their pictures.
-- Vladimir Putin

Re: Which Diff tool could I use for visually comparing two text files where Word Wrap is possible?

[Susmita/Rajib]

To: Debian Users ML 
Subject: Re: Which Diff tool could I use for visually comparing two
text files where Word Wrap is possible?
From: Brad Rogers 
Date: Sun, 9 Apr 2023 08:46:18 +0100
Message-id: <[] 20230409084618.1807a...@earth.stargate.org.uk>

Mr. Brad Rogers said:
[   ...   ]
Please be are that people here are volunteering their time, and time is
a precious commodity.  Would you therefore, make life easy for them by
using a convention quoting style in your messages to the list.

Persist with the style you currently employ and you will find that
people's desire to help wanes.

In short;  Help us to help you.
[   ...   ]

I apologise I didn't get you. Do you not want me to quote the following portion?

-
To: Debian Users ML 
Subject: Re: Which Diff tool could I use for visually comparing
two text files where Word Wrap is possible?
From: Brad Rogers 
Date: Sun, 9 Apr 2023 08:46:18 +0100
Message-id: <[] 20230409084618.1807a...@earth.stargate.org.uk>
Reply-to: Debian Users ML 
In-reply-to: <[]
caeg4czu12ltmr8k3tuzhyujrkp1vzzcaxrhcjywhjttwec3...@mail.gmail.com>
References:

<[] CAEG4cZUXaUAxG=0zlwpxuy44x9rtf7tnewvgfuddmzq7ile...@mail.gmail.com>
<[] caeg4czvce+49-mkwgw7le3l1t6ztsak7jd3kchkevfgh303...@mail.gmail.com>
<[] CAEG4cZWKu1LVJY_Js+VtXA00tVEDPR_JuPaCJ=jrqerae44...@mail.gmail.com>
<[] caeg4czu4zccbkc9fff66nwwr2ubd_1p_z1bdnhrh_sjp3ik...@mail.gmail.com>
<[] CAEG4cZXvzBMjbsRRih6Ku1wSJN0oWP_=y_tlfbuoobgplio...@mail.gmail.com>
<[] caeg4czubt-mfzn4rn1odmyema0tmufauwzch1s3pbc+z7w2...@mail.gmail.com>
<[] caeg4czvocyzux5gjxbdv5uyt1mxhmfdxglz_asbppmkjch2...@mail.gmail.com>
<[] CAEG4cZX0DogxF=8-rjc_TzqgL8=evmorep8bq3zv8wycnt2...@mail.gmail.com>
<[] CAEG4cZUHrTGhpv2XswpW0XhFwO+udKk-bsFJWT1UDr6iRO=z...@mail.gmail.com>
<[] caeg4czvut9br_7acyuk-pyljkatxlxgvxoszupugpiugh6k...@mail.gmail.com>
<[] CAEG4cZWR7jFCnPXqdq29qSq=okxpuaduzzum4uufk48tp_p...@mail.gmail.com>

<[] caeg4czu12ltmr8k3tuzhyujrkp1vzzcaxrhcjywhjttwec3...@mail.gmail.com>
-

Sometimes I have difficulties understanding some emails.

Could you please elaborate a little further please?

My need is fulfilled. So I requested Mr. Davidson's permission to
close this thread.

Best,
Rajib
Etc.

Re: Missing Input Source - which package to file bug against?

[Pankaj Jangid]

Pankaj Jangid  writes:

> I just discovered that there is no "input source" for Hindi (language)
> or Devanagari Script. Which package should I file the bug against?
>
> In Debian 11.6, the input source was present and switching with
> Super+Space was working just fine.

I tried "dpkg-reconfigure locales" and added "hi_IN". And it brought
back the input-source related to Indian langauges in GNOME keyboard
settings.

Missing Input Source - which package to file bug against?

[Pankaj Jangid]

I just discovered that there is no "input source" for Hindi (language)
or Devanagari Script. Which package should I file the bug against?

In Debian 11.6, the input source was present and switching with
Super+Space was working just fine.

I have upgraded to "bookworm" 3 days back. Overall experience is very
refreshing after (approx.) two years. Above small problem is the only
glitch that I encountered.

Rather I should say, it has solved a very critical problems, that I
encountered frequently in 11.6.

Re: Re : Re: Debian et clients legers

[David Prévot]

Salut,

Le 09/04/2023 à 07:40, Alex PADOLY a écrit :

À partir du schéma de réseau type que vous pouvez voir en cliquant sur 
le lien ci-dessous:


https://wiki.debian.org/DebianEdu/Documentation/Bookworm/AllInOne


J’imagine que tu parles de l’image suivante, qui présente l’architecture 
réseau.


https://wiki.debian.org/DebianEdu/Documentation/Bookworm/Architecture?action=AttachFile=get=Debian_Edu_Network.png

https://wiki.debian.org/DebianEdu/Documentation/Bookworm/AllInOne#DebianEdu.2FDocumentation.2FBookworm.2FArchitecture.Network

Est-il possible dans un but de formation de supprimer la gateway 
10.0.0.1 et le swxitch 10.0.0.0/8


Pas qu’en formation au passage : j’ai déjà configuré une seconde 
interface locale sur le serveur principal (tjener) avec l’adresse 
attendue sur le réseau « principal » (10.0.2.2). Ça m’a permis 
d’intégrer le réseau « Debian Edu » à l’intérieur d’un réseau existant, 
non seulement pour tester (machines virtuelles) mais aussi en 
« production » pour gérer une partie seulement du parc informatique avec 
Debian Edu.


L’avantage d’ajouter une IP supplémentaire locale, plutôt que de 
modifier la configuration, c’est que l’existence de ce réseau en 
10.0.0.0/8 est assumé depuis plusieurs endroits, donc le rendre 
effectivement présent (même virtuel), simplifie grandement la 
configuration.


D’après mes (vielles) notes, ajouter ce qui suit à 
/etc/network/interfaces est suffisant (évidemment, ce n’était pas sous 
Bookworm).


auto dummy0

iface dummy0 inet static
address 10.0.2.2
netmask 255.255.255.255
pre-up rmmod dummy; modprobe dummy numdummies=4

https://salsa.debian.org/taffit/CheatSheets/-/blob/debian/latest/debianedu.rst?plain=1#L17

Cordialement,

taffit


OpenPGP_signature
Description: OpenPGP digital signature

Re: how to change default nameserver?

[Timothy Butterworth]

After you edit resolv.conf make the file immutable with chattr. Chattr +i makes 
immutable chattr -i removes immmutable.

On April 9, 2023, at 4:51 AM, Christoph Brinkhaus  
wrote:

Am Sun, Apr 09, 2023 at 04:20:49PM +0800 schrieb cor...@free.fr:
> greetings,
> 
> I know I can edit the entries in /etc/resolv.conf, but it will be
> overwritten by DHCP server.
> I searched the internet and got one of the answers:
> 
> apt install resolvconf
> echo "nameserver 127.0.0.1" >> /etc/resolvconf/resolv.conf.d/head
> 
> what's the difference for /etc/resolv.conf and the method above?
 
There is a thrid method I use. I have add the following lines to
/etc/dhcp/dhclient.conf:

interface "bond0" {
supersede domain-name-servers 127.0.0.1;
}

My interface is bond0. Yours might be different.

Kind regards,
Christoph
-- 
Ist die Katze gesund
schmeckt sie dem Hund.

Re: pregunta opcions arrencada kernel

[Alex Muntada]

Hola, Alex:

> La pregunta és: sabeu alguns paràmetres d'arrencada per intentar
> arrencar aquests portàtils amb el nucli 6.1 de Debian 12, que no
> siguin tan molestos com "acpi=off" ?

L'únic que se m'acut que podria estar relacionat és que fa poc es
va decidir moure (o copiar) els blobs privatius de firmware de
non-free a non-free-firmware. Pots comprovar si tens la referència
a non-free-firmware al teu sources.list? Entenc que amb una ISO
recent com la que esmentaves, ja s'hauria d'incloure aquest canvi
però t'ho volia comentar per si de cas.

Salut,
Alex

--
  ⢀⣴⠾⠻⢶⣦⠀
  ⣾⠁⢠⠒⠀⣿⡁   Alex Muntada 
  ⢿⡄⠘⠷⠚⠋   Debian Developer  log.alexm.org
  ⠈⠳⣄



signature.asc
Description: PGP signature

Re: how to change default nameserver?

[Christoph Brinkhaus]

Am Sun, Apr 09, 2023 at 04:20:49PM +0800 schrieb cor...@free.fr:
> greetings,
> 
> I know I can edit the entries in /etc/resolv.conf, but it will be
> overwritten by DHCP server.
> I searched the internet and got one of the answers:
> 
> apt install resolvconf
> echo "nameserver 127.0.0.1" >> /etc/resolvconf/resolv.conf.d/head
> 
> what's the difference for /etc/resolv.conf and the method above?
 
There is a thrid method I use. I have add the following lines to
/etc/dhcp/dhclient.conf:

interface "bond0" {
supersede domain-name-servers 127.0.0.1;
}

My interface is bond0. Yours might be different.

Kind regards,
Christoph
-- 
Ist die Katze gesund
schmeckt sie dem Hund.

Re: error: out of memory

[Alex Muntada]

Hola, Narcis:

> La única curiositat que observo és que al llistat de
> DEBIAN/md5sums no consten tots els fitxers del paquet, però
> això també ho veig així a d'altres paquets .deb de la mateixa
> distribució.

Només es calculen els md5sums dels fitxers continguts en el
paquet, sense incloure els directoris, symlinks, fitxers que
es creen en el moment de la instal·lació, etc.

Salut,
Alex

--
  ⢀⣴⠾⠻⢶⣦⠀
  ⣾⠁⢠⠒⠀⣿⡁   Alex Muntada 
  ⢿⡄⠘⠷⠚⠋   Debian Developer  log.alexm.org
  ⠈⠳⣄



signature.asc
Description: PGP signature

Re: ICMP router advertisement (ipv4)

[Michel Verdier]

Le 9 avril 2023 Tim Woodall a écrit :

> They're not causing me any issues but is it expected that the IP address
> is reversed in these messages?
>
> Apr  9 06:27:48 ... IN=isp OUT= MAC=... SRC=1.0.168.192 DST=224.0.0.1 ... 
> PROTO=ICMP TYPE=9 CODE=0

No IP are never reversed in iptables/nftables logs as effectively it
seems to be in your log. But :

$ host 1.0.168.192
192.168.0.1.in-addr.arpa domain name pointer 
node-81s.pool-1-0.dynamic.totinternet.net.
$ whois 1.0.168.192
% [whois.apnic.net]
% Whois data copyright termshttp://www.apnic.net/db/dbcopyright.html

% Information related to '1.0.128.0 - 1.0.191.255'

% Abuse contact for '1.0.128.0 - 1.0.191.255' is 'ab...@totisp.net'

inetnum:1.0.128.0 - 1.0.191.255
netname:TOTNET
descr:  Dynamic IP Address for residential Broadband Customers

Is this your ISP ?

how to change default nameserver?

[coreyh]

greetings,

I know I can edit the entries in /etc/resolv.conf, but it will be 
overwritten by DHCP server.

I searched the internet and got one of the answers:

apt install resolvconf
echo "nameserver 127.0.0.1" >> /etc/resolvconf/resolv.conf.d/head

what's the difference for /etc/resolv.conf and the method above?

Thanks & Happy weekend.
corey hickman

Re: questions about cron.daily

[Michel Verdier]

Le 8 avril 2023 Max Nikulin a écrit :

> On 08/04/2023 22:17, Kushal Kumaran wrote:
>>> Have you ever actually *made* a systemd --user unit file?  If so, for
>>> what purpose?
>> I have one.  It starts emacs server for me when I login.
>
> There is ready to use one: /usr/lib/systemd/user/emacs.service Perhaps there
> is no such file in buster.

/usr/lib/systemd/user is for global system running. If you want to change
something in the service you copy it in ~/.config/systemd to supersede
global one.

Re: questions about cron.daily

[Michel Verdier]

Le 8 avril 2023 Greg Wooledge a écrit :

>> systemd user files can be put in ~/.config/systemd/user/ where you can
>> use git directly
>
> Have you ever actually *made* a systemd --user unit file?  If so, for
> what purpose?

$ find .config/systemd/
.config/systemd/
.config/systemd/user
.config/systemd/user/xsession.target.requires
.config/systemd/user/xsession.target.requires/dwm.service
.config/systemd/user/dwm.service
.config/systemd/user/xsession.target
.config/systemd/user/default.target.wants
.config/systemd/user/default.target.wants/pipewire.service
.config/systemd/user/default.target.wants/pipewire-pulse.service
.config/systemd/user/sockets.target.wants
.config/systemd/user/sockets.target.wants/pipewire.socket
.config/systemd/user/sockets.target.wants/pipewire-pulse.socket
.config/systemd/user/pulseaudio.service
.config/systemd/user/pipewire.service.wants
.config/systemd/user/pipewire.service.wants/wireplumber.service
.config/systemd/user/fetchmail.service

Re: Debian et clients legers

[Michel Verdier]

Le 9 avril 2023 Alex PADOLY a écrit :

> À partir du schéma de réseau type que vous pouvez voir en cliquant sur le lien
> ci-dessous:
>
> https://wiki.debian.org/DebianEdu/Documentation/Bookworm/AllInOne
>
> Est-il possible dans un but de formation de supprimer la gateway 10.0.0.1 et
> le swxitch 10.0.0.0/8

Les switch sont là pour les branchements et séparer les réseaux. Si sur
la gateway tu as assez de branchements, ou si c'est du wifi par exemple,
tu peux globaliser le réseau et supprimer les switch. Quand à la gateway
si tu as une box internet, c'est elle la gateway.

Re: Which Diff tool could I use for visually comparing two text files where Word Wrap is possible?

[Brad Rogers]

Please be are that people here are volunteering their time, and time is
a precious commodity.  Would you therefore, make life easy for them by
using a convention quoting style in your messages to the list.

Persist with the style you currently employ and you will find that
people's desire to help wanes.

In short;  Help us to help you.

-- 
 Regards  _   "Valid sig separator is {dash}{dash}{space}"
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
Early morning when I wake up, I look like Kiss but without the make up
Strong - Robbie Williams


pgpuW9De9JdxP.pgp
Description: OpenPGP digital signature

Re: my immature thoughts on perl

[Emanuel Berg]

tomas wrote:

> There is a barber in Crete who shaves all men who don't
> shave themselves [1]
> https://en.wikipedia.org/wiki/Barber_paradox

Yeah, but that isn't really a paradox, is it?

It's like all the programs that will increase inflation :)

-- 
underground experts united
https://dataswamp.org/~incal

ICMP router advertisement (ipv4)

[Tim Woodall]

They're not causing me any issues but is it expected that the IP address
is reversed in these messages?

Apr  9 06:27:48 ... IN=isp OUT= MAC=... SRC=1.0.168.192 DST=224.0.0.1 ... 
PROTO=ICMP TYPE=9 CODE=0

These are coming from my ISPs router - there's no obvious way to turn
them off (or to change router or ISP)

Tim.