Re: Suspicious "invoice" email?
On Fri, May 17, 2024 at 03:28:35PM -0400, PMA wrote: > I received the following today from (Jerry Henley at) Ella White > . > > I suspect fraud here, so have not opened the invoice he/she attached. > > Can you possibly tell me whether the message is legitimate? I did not spend much time on it. Some, ill informed or naive people would have just paid it, or it could have been an attempt to infect a (MS Windows) PC, or it could have been an attempt to get bank a/c details. Anyway: things like that I forward to the address below and they are looked at by people in GCHQ or similar -- you can help them to combat these reprobates by forwarding suspicious emails: rep...@phishing.gov.uk -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Dovecot correct ownership for logs
On Tue, May 14, 2024 at 03:11:16PM +0200, Richard wrote: >"Top posting" (writing the answer above the text that's being replied >to) is literally industry standard behavior. Many do top post, but many do not. Places where it is often frowned on are technical mail lists such as this one. This is because only quoting to the parts of the mail that you reply to and putting you comment underneath can greatly help understanding. Read the Netiquette Guidelines (1995): https://www.ietf.org/rfc/rfc1855.txt Other discussions here: https://idallen.com/topposting.html https://www.caliburn.nl/topposting.html PS: check the dictionary definition of "literally". -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Inclusive terminology (instead of master/slave) for network bonding/LACP
On Fri, Mar 15, 2024 at 01:42:25AM +0100, Emanuel Berg wrote: > Mike Castle wrote: > > >> It is "fixing" an issue for today's English speakers. > >> Should we scour our systems looking for similar issues in > >> other languages? Then in, say, 20 years time when different > >> words will then be considered offensive, by some, do this > >> all again? > > > > Yes. > > Remember, there are A LOT of words and expressions we don't > use anymore, and that's good, as they are offensive and > disrespectful. But once they were perfectly normal. Still, one > by one, they have disappeared from active use. That is the big difference. Not use words *currently* deemed offensive in *new* publications (books, newspaper articles, ...) - this is not hard to do. What we are faced with is something very different: a call to locate and modify use in programs that might have been written a long time ago. The effort needed to do this is large and will doubtless cause failures in systems that have been working well for years. It is not just a matter of modifying Debian (+ RedHat + ...) sources but the sources on private systems. We seem to be told that this must be done by those who will not be doing the work. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Postel's Law (Was Re: Inclusive terminology (instead of master/slave) for network bonding/LACP)
On Sat, Feb 24, 2024 at 07:44:44PM -0500, Jeffrey Walton wrote: > On Sat, Feb 24, 2024 at 7:37 PM Andy Smith wrote: > > > > [...] > > Turning back more to protocol design, we have spent decades walking > > back Postel's Law as we find more and more ways that being liberal > > in what our software accepts is untenable in the face of a hostile > > Internet. > > ++. Postel's Law is a disaster nowadays. It was fine back in the > 1980's, but it is dangerous in the toxic environments of today. > > Here's what we teach our developers: Look for any reason you can to > reject the data. If you can't find a reason, then begrudgingly perform > the processing or transformation. There is a difference between not doing validation (eg a field being numeric) and flexibility (eg a line length being 100 bytes which is more than the specified 80 bytes). This is what Postel is talking about. Otherwise I completely agree: validate, validate, validate - if I accept your bad data then it becomes my problem, if I reject it then you have to fix it. Unfortunately people will complain if you do this "everyone accepts the data", to which I reply "please tell me exactly what it means" - which should shut them up. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Inclusive terminology (instead of master/slave) for network bonding/LACP
On Sat, Feb 24, 2024 at 09:03:45AM -0500, The Wanderer wrote: > > It was a BLM thing, not sure if it matters the etymology of such > > words. > > The etymology certainly *should* matter, insofar as that is the origin > of the *meaning* of the word(s). +1 However that is not the way that the world works, or prolly more accurately how some people think. They see a word/phrase that they have decided that they "own" or somehow relates to them and so view it entirely from their perspective; they make no attempt to understand how the speaker/writer viewed the word/phrase as they *know* what the only meaning can be - everything else is a wrong interpretation. There is little point in trying to argue against someone who has decided to think this way, arguing will just confirm, to them, that you are racist/xxxist and are against them. I sometimes think that something similar to Postel's Law but applied to human interactions would be useful. However that is wishful thinking https://devopedia.org/postel-s-law -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Inclusive terminology (instead of master/slave) for network bonding/LACP
On Fri, Feb 23, 2024 at 10:33:08AM +0100, Mariusz Gronczewski wrote: > On 22.02.2024 11:19, Ralph Aichinger wrote: > > Hello! > > > > I know this is a loaded topic. I really don't want to discuss the > > political aspects of the "why", but just want to know the facts, i.e. > > how far this has been progressed in Debian. > > There is no good reason *why*. It's entirely US political feel-good activism > that doesn't change anything but wastes people's time. Do you actually think > pressing on brake pedal oppresses anybody ? Because it also has master and > slave > cylinder. > > All it does is wastes tens of thousands of people's time once the have to fix > every script, tool and doc piece related to it, for absolutely no benefit > aside from making some twitter activist happy "they did something". > It would *literally* break every single script that checks the status > of bonding config in system, as it is all just plain text. +1 It is "fixing" an issue for today's English speakers. Should we scour our systems looking for similar issues in other languages ? Then in, say, 20 years time when different words will then be considered offensive, by some, do this all again ? -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: hexchat being discontinued?
On Sun, Feb 11, 2024 at 07:42:24PM +, Richmond wrote: > You could try Pidgin. It's in the Debian repo. It has various protocols > of which irc is just one. It's a bit confusing because you have to go to > the 'buddy' menu to join an irc channel. Yes: Pidgin UI is dreadful. Lots that is non intuitive. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Resizing LVM partitions
On Mon, Jan 22, 2024 at 10:29:55AM -0500, Stefan Monnier wrote: > > lvextend --size +1G --resizefs /dev/mapper/localhost-home > > > > Ie get lvextend to do the maths & work it out for me. > > > > Those who are cleverer than me might be able to tell you how to get it right > > first time! > > lvreduce --size -50G --resizefs /dev/mapper/localhost-home Oh, even better. It is a long time since I looked at than man page. Does this still need to be done with the file system unmounted or can it be done with an active file system these days ? -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Resizing LVM partitions
On Mon, Jan 22, 2024 at 03:32:30PM +0100, sko...@uns.ac.rs wrote: > I am getting the following message at any boot: > > "The volume "Filesystem root" has only 221.1 MB disk space remaining." > > df -h says: > > Filesystem Size Used Avail Use% Mounted on > udev1.5G 0 1.5G 0% /dev > tmpfs 297M 9.0M 288M 4% /run > /dev/mapper/localhost-root 5.2G 4.7G 211M 96% / > /dev/mapper/localhost-usr14G 12G 948M 93% /usr > tmpfs 1.5G 0 1.5G 0% /dev/shm > tmpfs 5.0M 4.0K 5.0M 1% /run/lock > tmpfs 1.5G 0 1.5G 0% /sys/fs/cgroup > /dev/sda1 228M 133M 84M 62% /boot > /dev/mapper/localhost-tmp 2.3G 57K 2.2G 1% /tmp > /dev/mapper/localhost-var 2.7G 2.5G 55M 98% /var > /dev/mapper/localhost-home 257G 73G 172G 30% /home > tmpfs 297M 40K 297M 1% /run/user/1000 > > As my system has encrypted LVM, I suppose that I shall reduce some space > used for /home, and then use it to extend /, /usr, and /var logical > partitions. I think I did (or tried to do) something similar several years > ago, but forgot the proper procedure. Any link for a good tutorial is > welcomed. Thanks. The shrinking of /home is the hard part. You MUST first unmount /home, then resize the file system, then resize the logical volume. umount /home Find out how big it is: resize2fs /dev/mapper/localhost-home Change the filesystem size: resize2fs /dev/mapper/localhost-home NEW-SIZE Change the partition size: lvextend --size 200G /dev/mapper/localhost-home The hard bit is working out what NEW-SIZE should be and having it such that you use all of the partition but without making the file system size greater than the partition size - ie getting the last few megabytes right. What I do is make NEW-SIZE 2GB smaller than I want (assuming that it still fits), the size I give to lvextend 1GB smaller - so it all works, but there is wasted space & it is not quite big enough. I then do: lvextend --size +1G --resizefs /dev/mapper/localhost-home Ie get lvextend to do the maths & work it out for me. Those who are cleverer than me might be able to tell you how to get it right first time! mount /home Extending the others is easy and can be done when the system is running & active, something like: lvextend --size +1G --resizefs /dev/mapper/localhost-var Finally: ensure that you have a good backup of /home before you start. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Help: network abuse
On Thu, Dec 21, 2023 at 11:39:40AM -0500, Pocket wrote: > > On 12/21/23 10:50, Alain D D Williams wrote: > > It is NOT a firewall issue. > > > If I am correct you don't want any thing from the outside to hit your web > server? The words "web server" is ambiguous. It can mean my machine, ie can me the Apache process. The packets are hitting the machine (evidence tcpdump) but not the process (as the TCP startup does not complete). > If so your firewall is not configured correctly. You have failed to understand what is happening. I shall stop after this. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Help: network abuse
On Thu, Dec 21, 2023 at 10:31:06AM -0500, Pocket wrote: > All you should be seeing is scans which you can not prevent. I am looking at incoming packets with tcpdump. This sees packets *before* they are filtered by iptables. > What are you using for a firewall? Something hand rolled. Reasonably complicated (over 300 rules) as it deals with: internet, VPN, DMZ, internal network for virtual machines. It is NOT a firewall issue. > It is my belief that your firewall is NOT setup correctly and that is why > you are seeing the traffic. My firewall *cannot* deal with packets before they hit my machine. They only hit my machine after they have arrived over broadband. The only thing that I might be able to do is to somehow prevent discovery that my machine is listening on port 80 -- that would mean somehow distinguishing between a genuine visitor and one that is mapping the Internet to later pass that map somewhere else which generates the unwanted traffic that I see. > Amazon AWS system. should not be able to hit your http server, unless you > want it to. How do I distinguish between wanted & unwanted connections. The only thing that I can think of is to DROP incoming packets if the source port is 80 or 443 - which would disrupt the mapping process. However: if the mapping process uses normal TCP (ie high/random port number) this would do little. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Help: network abuse
On Thu, Dec 21, 2023 at 10:11:08AM -0500, Pocket wrote: > Use a firewall and set it up correctly. That I have done. The issue is broadband usage - ie before it hits the firewall. > Assuming a residential environment. > > Firewall the router and server(s) as well as all the client machines. > > I have nginx, dovecot and exim4 and other daemons running on my network > servers. > > Most, (includes many of the ones here) don't have a firewall properly > configured. Nor do they understand how to properly configure a firewall. > > You will still get scanned but there is little you can do about that. > > -- > > Hindi madali ang maging ako > -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Help: network abuse
On Thu, Dec 21, 2023 at 01:39:53PM +, Andy Smith wrote: > Okay well 30KiB/s is only about 78GiB/month which isn't really a > lot. I think we're both in UK and it's been hard to find a domestic > Internet connection that you'd run a web server on that can't cope > with 78G/mo. So ignoring it seems okay. I have been with my ISP for 14 years (moved to get IPv6), for various reasons I cannot change to a tariff that will give me anything like that (their support has also fallen through the floor) - I need to change (& the landline) and then I prolly would not care. Andrews & Arnold and Zen seem recommended. > You say these never complete a TCP handshake even though you do run > Apache on port 80? If so, it does make me wonder what they are > trying to do. They might be trying to hijack an existing TCP connection or, even simpler, cause my machine problems by having many, many 1/2 set up TCP connections (which uses memory until they expire). -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Help: network abuse
On Thu, Dec 21, 2023 at 07:50:42AM -0500, Greg Wooledge wrote: > If your home Internet service has an "allowance", you probably shouldn't > run a web server on it. Yes: I do run a web server at home, but there is only a little/personal stuff, it does not receive much real traffic, I do not want it to. Most of my web presence is hosted elsewhere. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Help: network abuse
My home PC is receiving, for hours at a time, 12-30 kB/s input traffic. This is unsolicited. I do not know what it is trying to achieve but suspect no good. It is also eating my broadband allowance. This does not show up in the Apache log files - the TCP connection does not succeed. Sometimes my machine does send a packet in reply, there are 2 examples at the foot of this email. Questions: • What is going on ? • What can I do about it ? I do manually add some of the IPs to the f2b chain which will stop replies but that is about it. My ISP refuses to do anything about it - I admit that I cannot see what they could do, maybe filter packets with a source port of 80 or 443. I also get attempts to break into ssh (port 22) - I am not worried about that. I append a few lines of output of "tcpdump -n -i enp3s0" done today. 192.168.108.2 is the address of my desktop PC. The connecting IPs below all belong to Amazon but this changes with time, China is another common source of similar packets. 11:08:56.354303 IP 34.217.144.104.80 > 192.168.108.2.80: Flags [S], seq 19070976, win 51894, options [mss 1401,sackOK,TS val 1182532729 ecr 0,nop,wscale 7], length 0 11:08:56.354700 IP 34.217.144.104.80 > 192.168.108.2.80: Flags [S], seq 3665362944, win 51894, options [mss 1402,sackOK,TS val 4179952761 ecr 0,nop,wscale 7], length 0 11:08:56.360527 IP 52.195.179.12.80 > 192.168.108.2.80: Flags [S], seq 479395840, win 51894, options [mss 1412,sackOK,TS val 3391683448 ecr 0,nop,wscale 7], length 0 11:08:56.360696 IP 52.195.179.12.80 > 192.168.108.2.80: Flags [S], seq 1622147072, win 51894, options [mss 1410,sackOK,TS val 2887711608 ecr 0,nop,wscale 7], length 0 11:08:56.360950 IP 54.184.78.87.80 > 192.168.108.2.80: Flags [S], seq 3168796672, win 51894, options [mss 1404,sackOK,TS val 535364985 ecr 0,nop,wscale 7], length 0 11:08:56.364565 IP 52.195.179.12.80 > 192.168.108.2.80: Flags [S], seq 132317184, win 51894, options [mss 1407,sackOK,TS val 2350122105 ecr 0,nop,wscale 7], length 0 11:08:56.364708 IP 34.217.144.104.80 > 192.168.108.2.80: Flags [S], seq 1098776576, win 51894, options [mss 1405,sackOK,TS val 3426157689 ecr 0,nop,wscale 7], length 0 11:08:56.367975 IP 13.231.232.88.80 > 192.168.108.2.80: Flags [S], seq 3272540160, win 51894, options [mss 1413,sackOK,TS val 979961209 ecr 0,nop,wscale 7], length 0 2 days ago a similar capture. Note that the source port is 443 not 80: 09:47:31.416452 IP 5.45.73.147.443 > 192.168.108.2.80: Flags [S], seq 2724200448, win 51894, options [mss 1401,sackOK,TS val 862439534 ecr 0,nop,wscale 7], length 0 09:47:31.417861 IP 27.124.10.200.443 > 192.168.108.2.80: Flags [S], seq 925237248, win 51894, options [mss 1407,sackOK,TS val 756418658 ecr 0,nop,wscale 7], length 0 09:47:31.440892 IP 27.124.10.197.443 > 192.168.108.2.80: Flags [S], seq 3474063360, win 51894, options [mss 1404,sackOK,TS val 3970828642 ecr 0,nop,wscale 7], length 0 09:47:31.449393 IP 27.124.10.200.443 > 192.168.108.2.80: Flags [S], seq 2844721152, win 51894, options [mss 1407,sackOK,TS val 1831471202 ecr 0,nop,wscale 7], length 0 09:47:31.451430 IP 154.39.104.67.443 > 192.168.108.2.80: Flags [S], seq 2336358400, win 51894, options [mss 1415,sackOK,TS val 395513698 ecr 0,nop,wscale 7], length 0 09:47:31.451610 IP 27.124.10.225.443 > 192.168.108.2.80: Flags [S], seq 808976384, win 51894, options [mss 1414,sackOK,TS val 1960250978 ecr 0,nop,wscale 7], length 0 09:47:31.453372 IP 143.92.60.30.443 > 192.168.108.2.80: Flags [S], seq 3177512960, win 51894, options [mss 1408,sackOK,TS val 4033677410 ecr 0,nop,wscale 7], length 0 09:47:31.456937 IP 27.124.10.225.443 > 192.168.108.2.80: Flags [S], seq 1042087936, win 51894, options [mss 1415,sackOK,TS val 2011106914 ecr 0,nop,wscale 7], length 0 09:47:31.461961 IP 27.124.10.226.443 > 192.168.108.2.80: Flags [S], seq 3200516096, win 51894, options [mss 1403,sackOK,TS val 2314013026 ecr 0,nop,wscale 7], length 0 Examples where my machine sends a reply: 09:47:31.658790 IP 27.124.10.225.443 > 192.168.108.2.80: Flags [S], seq 612564992, win 51894, options [mss 1415,sackOK,TS val 2011106914 ecr 0,nop,wscale 7], length 0 09:47:31.659442 IP 192.168.108.2.80 > 154.39.104.67.443: Flags [S.], seq 3770299450, ack 1858732033, win 65160, options [mss 1460,sackOK,TS val 164888251 ecr 395513698,nop,wscale 7], length 0 09:47:31.756220 IP 5.45.73.147.443 > 192.168.108.2.80: Flags [S], seq 2992898048, win 51894, options [mss 1401,sackOK,TS val 862439534 ecr 0,nop,wscale 7], length 0 09:47:31.756272 IP 192.168.108.2.80 > 5.45.73.147.443: Flags [.], ack 1226309633, win 509, options [nop,nop,TS val 2085784149 ecr 994101358], length 0 -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Trojan
On Sun, Aug 27, 2023 at 10:23:06AM +0100, Brad Rogers wrote: > On Sun, 27 Aug 2023 09:36:02 +0100 > Alain D D Williams wrote: > > Hello Alain, > > >They will look at it and do something - or so they claim, > > Most likely that 'something' will be to compile statistics about > phishing attacks. Maybe produce a leaflet, or update the advice given > on a web page somewhere. Sorry if I came across as overly cynical. It would be nice if they also went after the perps/crims behind phishing emails‡‡ - which I think they have done a bit of, but could do much more to protect the gullible. Still: it is worth reporting to them, which I do several times/week. ‡‡ and similar 'phone calls. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Trojan
On Sun, Aug 27, 2023 at 10:31:55AM +0200, to...@tuxteam.de wrote: > If you feel like you'd like to learn a bit, study the mail > headers. Ponder about which ones the sender could have faked > and which ones not. Things like that. If you live in the UK you can forward it to here: rep...@phishing.gov.uk They will look at it and do something - or so they claim, this is part of government! -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Using the bash shell: determine if the root user used 'sudo -i'
On Sat, Aug 26, 2023 at 09:25:10AM -0500, Tom Browder wrote: > In a previous thread it was shown how to detect a SUDO_USER in a bash shell. > > Is there a way to distinguish whether 'sudo -i' was used or not? I have not tested this but if bash was interactive you will find a .bash_history file in their $HOME. That assumes that they have not logged in - ie only ever sudo. > Thanks. > > -Tom -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
bash $MAIL bug in Bookworm
I have recently upgraded to Bookworm. I have set: MAIL=/var/spool/mail/addw MAILCHECK=60 I find that when doing filename expansion, by pressing TAB, that the 'You have mail' message appears when it should not. In the example below I pressed TAB after the letter 'T' (which gave me expansion 'TODO'). I am running bash. $ me TYou have mail in /var/spool/mail/addw ODO Should I report this elsewhere ? Regards -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: How do I remotely access the computer in the next room?
On Sun, Jul 02, 2023 at 06:49:07PM -0400, hobie of RMN wrote: > Hi, All - > > I need the best way currently available to operate my brother's computer > in the next room through my computer. I think we're both running Debian > 11, the stable version for me, the testing version for him. I've tried > ssh -X. It does work but only for a short time, then the connection > crumbles - his computer has often locked up on him and we have no idea > why, so the 'short time' aspect of the -X approach may relate to that. > > The point is, he's been away from home for awhile now and we're not sure > when he'll return. Chiefly I'm looking for the most convenient way to keep > an eye on his incoming e-mail for him. Mostly I use Mutt; he uses > claws-mail exclusively, so I'll need to remotely launch claws-mail and > have it retrieve latest e-mails. Claws-mail stores mail in the MH mailbox format. Mutt can handle MH mailboxes. Why not use mutt via ssh on his machine, for most messages you do not need to use X (ie graphics), this might mean that the connection is more robust. You would only use graphics for displaying some attachments, eg images. > Thanks in advance for any help on this. > > --hobie > -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Qemu Numeric Lock problem
On Wed, Jun 21, 2023 at 05:42:30PM +0100, Alain Williams wrote: > I have an issue with virtual machines under qemu. Caps Lock is also affected the same way. > Sequence as follows: > > I press Numeric Lock (or Num Lock) so that the keyboard indicator lights up. > > I then switch to the workspace that contains a running virtual machine. The > virtualised OS does not seem to be important, this happens with Debian and > Rocky Linux. > > When I press keys on the numeric keypad I do not get numbers. What gets sent > are the sequences that do Home, Page Up, ... > > I press Num Lock so that the keyboard indicator goes out. > > I press keys on the numeric keypad and get numbers. > > So: it seems that the state of the Num Lock key is not picked up by qemu. > > > Is this is qemu bug or can I tweak the configuration ? > > Thanks in advance. > > > I am running Debian 10 - Buster. I use the Mate desktop. > > -- > Alain Williams > Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT > Lecturer. > +44 (0) 787 668 0256 https://www.phcomp.co.uk/ > Parliament Hill Computers. Registration Information: > https://www.phcomp.co.uk/Contact.html > #include > -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Qemu Numeric Lock problem
I have an issue with virtual machines under qemu. Sequence as follows: I press Numeric Lock (or Num Lock) so that the keyboard indicator lights up. I then switch to the workspace that contains a running virtual machine. The virtualised OS does not seem to be important, this happens with Debian and Rocky Linux. When I press keys on the numeric keypad I do not get numbers. What gets sent are the sequences that do Home, Page Up, ... I press Num Lock so that the keyboard indicator goes out. I press keys on the numeric keypad and get numbers. So: it seems that the state of the Num Lock key is not picked up by qemu. Is this is qemu bug or can I tweak the configuration ? Thanks in advance. I am running Debian 10 - Buster. I use the Mate desktop. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Apt sources.list
On Sat, Apr 15, 2023 at 11:00:52AM -0400, pa...@quillandmouse.com wrote:
> Okay. Let's open this can of worms. The ONLY reason https is used on
> most sites is because Google *mandated* it years ago. ("Mandate" means
> we'll downgrade your search ranking if you don't use https.) There is
> otherwise no earthly reason to have an encrypted connection to a web
> server unless there is some exchange of private information between you
> and the server.
Where I live (England) I do not care if "the authorities" see what I have
installed on my machine. If I lived in a totalitarian state†† there are some
packages that might raise my profile on some "radar".
†† There are several - I will not mention names as I wish to keep politics out
of this list.
> Reading through all of Google's explanations, I've never seen a
> satisfactory explanation for this change. With that in mind, I believe
> the Debian gods did the right thing in leaving their web connections
> "insecure". Though, in truth, the integrity of Debian server contents
> wouldn't be changed in the slightest whether the connection was
> encrypted or not.
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT
Lecturer.
+44 (0) 787 668 0256 https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information:
https://www.phcomp.co.uk/Contact.html
#include
Re: Apt sources.list
On Sat, Apr 15, 2023 at 03:48:31PM +0200, to...@tuxteam.de wrote: > On Sat, Apr 15, 2023 at 02:01:27PM +0100, Alain D D Williams wrote: > > [...] > > > While we are talking about this, is there any reason why all the http: > > should > > not be https: ? > > It's just unnecessary CPU on the server, that's all. That used to be the case many years ago. Modern CPUs have instructions that make it much quicker. "On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10 KB of memory per connection and less than 2% of network overhead." https://istlsfastyet.com/ -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Apt sources.list
On Sat, Apr 15, 2023 at 08:52:06AM -0400, Greg Wooledge wrote: > On Sat, Apr 15, 2023 at 01:23:05PM +0100, Brian wrote: > > On Sat 15 Apr 2023 at 08:11:17 -0400, pa...@quillandmouse.com wrote: > > > --- > > > > > > deb http://debian.uchicago.edu/debian/ bookworm main contrib non-free > > > deb-src http://debian.uchicago.edu/debian/ bookworm main contrib non-free > > > > > > deb http://security.debian.org/debian-security bookworm-security main > > > contrib non-free deb-src http://security.debian.org/debian-security > > > bookworm-security main contrib non-free > > > > > > --- While we are talking about this, is there any reason why all the http: should not be https: ? I have done this on my own machine without ill effect. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: No /
On Tue, Mar 07, 2023 at 05:33:45PM +0100, Michael Lee wrote: > Is it possible to reinstall the system and still retain the settings, > logins, etc.? This is what backups are for. I assume that you have something. > Michael Lee -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: GPG problems
On Sun, Dec 04, 2022 at 04:28:00PM +0200, Teemu Likonen wrote: > * 2022-12-04 12:05:56+0000, Alain D. D. Williams wrote: > > > Part of the problem is the hopeless message "Server indicated a > > failure" which says little. Any idea how I could get something more > > informative ? > > You can change debug logging level. Edit ~/.gnupg/dirmngr.conf file and > write something like this: > > debug-level expert #or: guru > log-file /tmp/dirmngr-log.txt > > Then kill dirmngr > > $ gpgconf --kill dirmngr > > and try key servers again. See the log file mentioned above. Thanks ... it does not really help (I attach it). The message is: command 'KS_PUT' failed: Server indicated a failure I ran it with debugging on the Debian 11 machine where it works. I put the PIv4 address for keys.openpgp.org into /etc/hosts - the Debian 10 machine has IPv6 that works, the Debian 11 machine is IPv4 only. No change. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include 2022-12-04 17:44:27 dirmngr[18851.0] permanently loaded certificates: 138 2022-12-04 17:44:27 dirmngr[18851.0] runtime cached certificates: 0 2022-12-04 17:44:27 dirmngr[18851.0]trusted certificates: 138 (137,0,0,1) 2022-12-04 17:44:27 dirmngr[18851.6] handler for fd 6 started 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> # Home: /home/addw/.gnupg 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> # Config: /home/addw/.gnupg/dirmngr.conf 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> OK Dirmngr 2.2.27 at your service 2022-12-04 17:44:27 dirmngr[18851.6] connection from process 18850 (1000:1000) 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- GETINFO version 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> D 2.2.27 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> OK 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- KEYSERVER 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> S KEYSERVER hkps://keys.openpgp.org 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> OK 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- KS_PUT 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> INQUIRE KEYBLOCK 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- [ 44 20 98 33 04 60 ec 50 1f 16 09 2b 06 01 04 01 ...(626 byte(s) skipped) ] 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- END 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> INQUIRE KEYBLOCK_INFO 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- D pub::256:22:BA366B977C06BAF7:1626099743:::%0Afpr:4D48D5BAF3736D50214AFC3FBA366B977C06BAF7:%0Auid:1626099743Alain D D Williams :::%0Auid:1670002234Alain D D Williams :::%0Asub::256:18:0315E84A964E21C9:1626099743:::%0Afpr:75F7570849B82972171A762C0315E84A964E21C9:%0A 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- END 2022-12-04 17:44:27 dirmngr[18851.6] command 'KS_PUT' failed: Server indicated a failure 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> ERR 219 Server indicated a failure 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 <- BYE 2022-12-04 17:44:27 dirmngr[18851.6] DBG: chan_6 -> OK closing connection 2022-12-04 17:44:27 dirmngr[18851.6] handler for fd 6 terminated 2022-12-04 17:55:27 dirmngr[18851.0] running scheduled tasks 2022-12-04 18:05:28 dirmngr[18851.0] running scheduled tasks 2022-12-04 18:15:28 dirmngr[18851.0] running scheduled tasks 2022-12-04 18:25:29 dirmngr[18851.0] running scheduled tasks 2022-12-04 18:33:58 dirmngr[18851.6] handler for fd 6 started 2022-12-04 18:33:58 dirmngr[18851.6] DBG: chan_6 -> # Home: /home/addw/.gnupg 2022-12-04 18:33:58 dirmngr[18851.6] DBG: chan_6 -> # Config: /home/addw/.gnupg/dirmngr.conf 2022-12-04 18:33:58 dirmngr[18851.6] DBG: chan_6 -> OK Dirmngr 2.2.27 at your service 2022-12-04 18:33:58 dirmngr[18851.6] connection from process 22347 (1000:1000) 2022-12-04 18:33:58 dirmngr[18851.6] DBG: chan_6 <- KILLDIRMNGR 2022-12-04 18:33:58 dirmngr[18851.6] DBG: chan_6 -> OK closing connection 2022-12-04 18:36:18 dirmngr[22361.0] permanently loaded certificates: 138 2022-12-04 18:36:18 dirmngr[22361.0] runtime cached certificates: 0 2022-12-04 18:36:18 dirmngr[22361.0]trusted certificates: 138 (137,0,0,1) 2022-12-04 18:36:18 dirmngr[22361.6] handler for fd 6 started 2022-12-04 18:36:18 dirmngr[22361.6] DBG: chan_6 -> # Home: /home/addw/.gnupg 2022-12-04 18:36:18 dirmngr[22361.6] DBG: chan_6 -> # Config: /home/addw/.gnupg/dirmngr.conf 2022-12-04 18:36:18 dirmngr[22361.6] DBG: chan_6 -> OK Dirmngr 2.2.27 at your service 2022-12-04 18:36:18 dirmngr[22361.6] connection from process 22360 (1000:1000) 2022-12-04 18
Re: GPG problems
On Sat, Dec 03, 2022 at 02:59:41PM -0500, Jeffrey Walton wrote: > keys.openpgp.org should be operational. It responds to ping. > > Also have a look at > https://lists.gnupg.org/pipermail/gnupg-users/2021-June/065261.html . No, that is not the issue. It works on Debian 11 but not Debian 10, both attempts within a few minutes of each other, both connect to hkps://keys.openpgp.org Both run the same version of gpg (GnuPG) 2.2.27 (I installed from backports on Debian 10) gpg reports the version of libgcrypt On Debian 10 it is 1.8.4 on Debian 11 it is 1.8.8 Could that be an issue ? I am reluctant to speculatively upgrade for fear of breaking something else. Part of the problem is the hopeless message "Server indicated a failure" which says little. Any idea how I could get something more informative ? -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
GPG problems
I am running Debian 10 (buster). I generated a new key that I wanted to upload, but it fails: $ gpg --send-keys 0xBA366B977C06BAF7 gpg: sending key 0xBA366B977C06BAF7 to hkps://keys.openpgp.org gpg: keyserver send failed: Server indicated a failure gpg: keyserver send failed: Server indicated a failure I copied my ~/.gnupg to a Debian 11 (bullesys) machine, it works: $ gpg --send-keys 0xBA366B977C06BAF7 gpg: sending key 0xBA366B977C06BAF7 to hkps://keys.openpgp.org $ Back on buster I grabbed the latest version: /etc/apt/sources.list: deb http://deb.debian.org/debian/ buster-backports main contrib non-free # apt -V -t=buster-backports install gpg I killed the dirmngr daemon: # killall dirmngr I tried the send-keys again and got the same result, ie failure. Please: what should I do to fix this. Thanks in advance -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: just saying
On Thu, Nov 24, 2022 at 10:43:19PM +, Peter von Kaehne wrote: > > > > > Even if you have it can be very hard to find carefully constructed back > > doors. > > Shrug.. as opposed to installing closed source programmes where you know you > are spied upon ? Which may of course have back doors but thanks tk being > closed you I’ll not even learn about? OK - I agree with you. FLOSS is much better from that point of view; my point was that FLOSS is not a guarantee. The OP was talking about spooks, these guys are well funded and capable of producing hard to detect back doors. FLOSS is also more resistant to a government bribing or strong arming a closed source company to include a spook produced back door. "much better" != "perfect" - ie vigilance is still needed. > > Some code has been carefully looked at but most has not. > > > >>> On Thu, Nov 24, 2022 at 4:03 PM mick.crane wrote: > >>> > >>> I love open source, more than you might think, but I have a niggling > >>> feeling it's been infiltrated to make user control difficult. > >>> If I was a spook it's what I'd do. > >>> Please prove me wrong. > >>> mick -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: just saying
On Thu, Nov 24, 2022 at 04:05:31PM -0500, Jeremy Hendricks wrote: > I have no idea what you mean. It’s open source and you can analyze the code > line by line. Very true ... but how much code have you analyzed line by line ? Even if you have it can be very hard to find carefully constructed back doors. Some code has been carefully looked at but most has not. > On Thu, Nov 24, 2022 at 4:03 PM mick.crane wrote: > > > I love open source, more than you might think, but I have a niggling > > feeling it's been infiltrated to make user control difficult. > > If I was a spook it's what I'd do. > > Please prove me wrong. > > mick > > > > -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
How to use hw vendor EFI diagnostics ?
I just got myself a new laptop - the old one broke. It is an HP stream, I wiped MS Windows and installed Linux Mint 21. The machine came with some nice hardware diagnostics, written by/for HP. These could be run without booting MS Windows. I would like to have the ability to run these as they know more about the laptop's hardware than what is installed from Mint -- just some generic memory test. I did copy the EFI before it was overwritten by the Linux installation. How do I integrate the HP diagnostics into the current EFI ? Thanks in advance. This is what there is now: /boot/efi/ /boot/efi/EFI /boot/efi/EFI/ubuntu /boot/efi/EFI/ubuntu/grubx64.efi /boot/efi/EFI/ubuntu/shimx64.efi /boot/efi/EFI/ubuntu/mmx64.efi /boot/efi/EFI/ubuntu/BOOTX64.CSV /boot/efi/EFI/ubuntu/grub.cfg /boot/efi/EFI/BOOT /boot/efi/EFI/BOOT/BOOTX64.EFI /boot/efi/EFI/BOOT/fbx64.efi /boot/efi/EFI/BOOT/mmx64.efi This is what I have preserved from before Linux install: System Volume Information EFI EFI/HP EFI/HP/BIOS EFI/HP/BIOS/Current EFI/HP/BIOS/Current/085B5.bin EFI/HP/BIOS/Current/085B5.s12 EFI/HP/BIOS/Current/085B5.sig EFI/HP/BIOS/Previous EFI/HP/BIOS/New EFI/HP/HP Support Framework EFI/HP/HP Support Framework/Logs EFI/HP/HP Support Framework/Logs/1275192963.xml EFI/HP/dip.zip EFI/HP/SystemDiags EFI/HP/SystemDiags/EADB.json EFI/HP/SystemDiags/SystemDiags.ini EFI/HP/SystemDiags/HpHwDiagsSnapshot.cee EFI/HP/SystemDiags/LICENCE.txt EFI/HP/SystemDiags/CryptRSA.efi EFI/HP/SystemDiags/SysDiags.s09 EFI/HP/SystemDiags/SystemDiags-5CD2301RGW.html EFI/HP/SystemDiags/SysDiags.efi EFI/HP/SystemDiags/TestCoverage.json EFI/HP/SystemDiags/SysDiags.s14 EFI/HP/SystemDiags/DI.efi EFI/HP/SystemDiags/SysDiags.s12 EFI/HP/SystemDiags/SystemDiags.log EFI/HP/SystemDiags/SystemDiagsCeeHistory.log EFI/HP/DI.efi EFI/HP/BIOSUpdate EFI/HP/BIOSUpdate/BiosMgmt.s12 EFI/HP/BIOSUpdate/CryptRSA.efi EFI/HP/BIOSUpdate/BiosMgmt.s14 EFI/HP/BIOSUpdate/BiosMgmt.efi EFI/HP/BIOSUpdate/BiosMgmt.s09 EFI/Boot EFI/Boot/bootx64.efi There is also some MS stuff (I'm just listing top level directories, 185 in total): EFI/Microsoft EFI/Microsoft/Recovery EFI/Microsoft/Boot -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: google account say it will no longer deliver email
On Sat, Jun 04, 2022 at 10:02:05PM +0200, sp...@caiway.net wrote: > Hi, > > My first mail provider (in Oslo) promised free mailadress for life. > > Then it was sold to a kapitalist and they started to ask money. > > I do not like that. > > I know it is possible to run a free host. > > By volunteers running the server for example. Oh - great ... please do us all a favour and set up a free host and give us free addresses for life. Thanks! -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Firewall POSTROUTING problem
On Thu, Aug 12, 2021 at 01:28:57AM +0300, IL Ka wrote: > > > > > > > > > > iptables -A FORWARD -j ACCEPT > > > > Are you sure your packets are forwarded via netfilter? > Try to disable forwarding (with sysctl) or change rulte to -j DROP and > check traffic with sniffer (no packet should be forwarded from virt machine > to the Internet) It now works all of a sudden I am scratching my head to see what I have changed. The only thing is rebooting the virtual machine that I was testing from. I cannot see that that should have made a difference. I was changing the firewall ... Anyway: thanks for now, I am sorry if I have wasted anyone's time :-( -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Firewall POSTROUTING problem
On Wed, Aug 11, 2021 at 11:50:30PM +0200, deloptes wrote: > Alain D D Williams wrote: > > > iptables -A FORWARD -j ACCEPT > > > > and the OUTPUT? OUTOUT is also ACCEPT, however this is not, I think, important as the packets come from 10.239.239.23 (via br0) and go to the Internet - thus FORWARD is what is important. Anyway: I see (on the modem) the packets with source 10.239.239.23 > > and this is not a problem ... evidence is outgoing packets with source > > address 10.239.239.23 > > ah, ok, I misinterpreted it. The important stuff from ifconfig is: br0: flags=4163 mtu 1500 inet 10.239.239.254 netmask 255.255.255.0 broadcast 10.239.239.255 inet6 fe80::7ca1:36ff:fe12:7402 prefixlen 64 scopeid 0x20 ether ee:3c:27:eb:c0:4f txqueuelen 1000 (Ethernet) RX packets 31632 bytes 2596968 (2.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2065 bytes 374487 (365.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 enp3s0: flags=4163 mtu 1500 inet 192.168.108.2 netmask 255.255.255.0 broadcast 192.168.108.255 inet6 2001:4d48:ad51:2f00::2:2 prefixlen 112 scopeid 0x0 inet6 fe80::922b:34ff:fe12:6470 prefixlen 64 scopeid 0x20 ether 90:2b:34:12:64:70 txqueuelen 1000 (Ethernet) RX packets 922014 bytes 240006341 (228.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 562616 bytes 80027668 (76.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Firewall POSTROUTING problem
On Wed, Aug 11, 2021 at 11:32:51PM +0200, deloptes wrote: > I remember it was not only the POSTROUTING. May be I am wrong, but I think > FORWARD and OUTPUT is important. > I also wonder why you are mixing up the -s and --to-source. You should be > using the local address for -s and --to-source the translation (the > outgoing addresses 10.239.239.23) This says that anything with a source address 10.239.239.0/24 (ie virtual machine) will have the source address changed to 192.168.108.2; this is so that the BB modem does another NAT setting the source address to my external IP address. While I am debugging this, to avoid complication, I have set: iptables -A FORWARD -j ACCEPT and this is not a problem ... evidence is outgoing packets with source address 10.239.239.23 -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Firewall POSTROUTING problem
Hi, I have problems getting POSTROUTING to work on a Debian 10 box. Setup: INTERNET ... Broadband modem 192.168.108.1 Network internal to the Debian box for virtual machines 10.239.239.0/24 Debian has address 192.168.108.2 (interface enp3s0) and 10.239.239.254 (interface br0) Processes on Debian 10 can talk to the Internet Processes on virtual machines (eg 10.239.239.23) can talk to the Debian machine (ie 192.168.108.2) on which they are hosted. If on 10.239.239.23 I ping the BBC (212.58.249.145) and look with a packet sniffer on the BB modem I see outgoing addresses 10.239.239.23 This should not happen. I am running an iptables firewall that should fix this with the rule below: iptables -t nat -A POSTROUTING -s 10.239.239.0/24 -j SNAT --to-source 192.168.108.2 I have tried variations like: iptables -t nat -A POSTROUTING -o enp3s0 -j SNAT --to-source 192.168.108.2 It is as if the POSTROUTING rule is being ignored. This seems to be confirmed by the output below which shows that 0 packets have been through POSTROUTING. Can anyone shed any light on this ? Thanks in advance # iptables -L -n -t nat -v Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 SNAT all -- * * 10.239.239.0/24 0.0.0.0/0 to:192.168.108.2 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: How to view a troff formatted file?
On Mon, Feb 22, 2021 at 07:59:13AM -0800, Will Mengarini wrote: > Your groff command references $o but your script sets no value > for it, so $o is either empty or inherited from your environment. Oh, that comes from the ps_print script that I hacked this out of. $o was options, empty string for this script. Thanks, fixed. Also use of $0 which should have been $progname Me: just updated a script last changed 19 years ago. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: How to view a troff formatted file?
On Mon, Feb 22, 2021 at 06:04:15AM -0600, Richard Owlett wrote:
> I have downloaded a program with a man-page in troff format.
> How do I view it?
> I installed troffcvt but its man-page is non-informative.
> TIA
Feel free to use my script to do that, below.
ps_print is another script that send to my printer.
#!/bin/ksh
# Format up a man page, the file name is the argument
# ADDW, July 1999
progname=$0
Usage() {
cat <<-!
Process a file with the man macros.
Usage: $0 [opts] [file]
-p generate (Postscript) output to current printer
-x eXplain
!
exit $1
}
Postscript=0
while getopts px arg
do case "$arg" in
p) Postscript=1;;
x) Usage 0;;
esac
done
shift $((OPTIND - 1))
if [ $# -eq 0 ]
thenecho "Usage: $0 filename" >&2
exit 2
fi
if [ $Postscript = 1 ]
thengroff -man -etpsR -rO0.75i -rW6.5i -rL11i $o $1 | ps_print
elsetbl $1 | nroff -man | col | less
fi
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT
Lecturer.
+44 (0) 787 668 0256 https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information:
https://www.phcomp.co.uk/Contact.html
#include
Re: Recommendation for a netbook
On Mon, Feb 08, 2021 at 12:47:41PM +0100, Hans wrote: > Am Montag, 8. Februar 2021, 12:29:25 CET schrieb Joe: > Hi, > > well IMHO it depends, what you are going to do with it. > > As you might know, those netbooks are not the fastest ones, but maybe boot > time is not so important, as you can use suspend-to-ram. I have had an HP stream for several years - works well for me. I run Linux Mint on it so it should run Debian. 11.6" screen, I can get 6+ hours out of a full charge. It only has 2 GB RAM that is not upgradable, pity: https://www.argos.co.uk/product/7463248 -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: Add a hard drive to existing system??
On Sun, Jan 17, 2021 at 01:52:06PM -0500, Jerry Mellon wrote: > Hello, > New to Debian, but have gotten Debian 10.7 loaded on to my system. I > have an ASUS gaming laptop(dont use it for gaming) with 12gb of memory > and intel corei7 and a 500gb hard drive. > > My question is what is the best(use dummy for linus statements please) > way to add a second hard drive with 2T of space. I wiil use this to > store photos and documents etc. It is often hard to change the hardware on a laptop. Probably the easiest way is to get an external disk with a USB interface, then plug the disk in when you need to get/put files to the disk. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: How to restore BIOS-based backup on a UEFI machine
On Thu, Jan 14, 2021 at 04:41:50PM +0100, Jesper Dybdal wrote: > I backup my Buster server simply as a (compressed, encrypted) cpio archive. > > Restoring it to a BIOS-based machine is simple: boot a rescue cd, partition > the disk, restore all files, fix fstab if necessary, run update-grub and > grub-install in a chroot environment. That works. > > But if the machine should some day die and I can only find/buy a UEFI-only > machine to restore it to, how do I do that? And are there any precautions I > should take in advance (on the BIOS system, before creating backups that may > be needed on a future UEFI system) in order to make it easier to restore to > a UEFI machine? > > (My knowledge of UEFI is almost non-existent, and my knowledge of grub is > very limited.) If/when your machine dies I would suggest that the simplest thing is for you to do a completely fresh Debian install (which will get EUFI, etc, right) and then import your data from backups. So what you need to do now is to ensure that your backups make it easy for you to do that: * most of non system data is prob in /home So make that a separate cpio file * ditto for other places where you have files that do not come from .deb * keep a copy of /etc where it is easy to get hold of (maybe /home/etc.tar.gz) * ensure that you know what has been installed: dpkg --list > -- > Jesper Dybdal > https://www.dybdal.dk > -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Re: recommendations for supported, affordable hardware raid controller.
On Sat, Jan 02, 2021 at 09:23:02AM -0600, Nicholas Geovanis wrote: > Im afraid I have to agree with this advice. In the presence of software > like ZFS (from Sun) and LVM (from IBM's AIX), with easy availability of > NAS, SAN and cloud storage, the arguments in favor of hardware RAID local > to a server become much thinner. What drives that change is the evolution > of hardware and networking, not so much the software. Both ZFS and LVM are > now 20 years old, very mature software. If you have H/W raid and the controller breaks (it will do if you use it long enough) then you need to replace it by the same/similar controller. A few years down the line this might be hard and may take some time. When you use S/W raid then you do not have this problem. Replace the broken controller or move the disks to a new machine, do a bit of config and you are back in action. You sound like an individual: the compatible H/W controller might be a problem. If you were a business then keeping a few replacement controllers is affordable so the balance is different. My 2 pence. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
Help: br0 brings down ethernet
I'm upgrading my desktop from CentOS-6 to Debian -- CentOS-8 has Gnome 3 that I can't abide, Debian has Mate. Most of it works nicely; one problem is starting a network bridge takes down the ethernet connection. Can anyone please offer any clues: /etc/network/interfaces.d/br0 contains: iface br0 inet static bridge_ports enp3s0 address 10.239.239.254 broadcast 10.239.239.255 netmask 255.255.255.0 # Without this: when a VM starts the rest of the machine loses Internet connectivity - dunno why bridge_stp off bridge_maxwait 0 bridge_fd 0 /etc/network/interfaces.d/enp3s0 contains: auto enp3s0 iface enp3s0 inet static address 192.188.145.2 broadcast 192.188.145.255 netmask 255.255.255.0 gateway 192.188.145.1 (It is a wired [utp] ethernet) (Loopback is also defined somewhere) Note that br0 is NOT brought up automatically (although I will want that eventually.) I bring it all up and then: ifup br0 And some time later enp3s0 will stop. 'Some time' varies, I have seen 5 minutes and 45 minutes. Without br0 it has been stable - ie about a day. It failed just now (after I brought up br0), there was little network activity: a bit of web browsing; SMTP in/out; idle openvpn; a ping to news.bbc.co.uk Relevant lines from /var/log/messages: When I typed: ifup br0 Nov 14 12:30:51 mint kernel: [96153.146266] br0: port 1(enp3s0) entered blocking state Nov 14 12:30:51 mint kernel: [96153.146269] br0: port 1(enp3s0) entered disabled state Nov 14 12:30:51 mint kernel: [96153.146396] device enp3s0 entered promiscuous mode Nov 14 12:30:51 mint kernel: [96153.190042] br0: port 1(enp3s0) entered blocking state Nov 14 12:30:51 mint kernel: [96153.190046] br0: port 1(enp3s0) entered forwarding state Nov 14 12:30:51 mint kernel: [96153.190140] IPv6: ADDRCONF(NETDEV_UP): br0: link is not ready Nov 14 12:30:52 mint kernel: [96154.16] IPv6: ADDRCONF(NETDEV_CHANGE): br0: link becomes ready A few minutes after it failed when I typed: ifdown br0 ifdown enp3s0 ifup enp3s0 Nov 14 13:19:36 mint kernel: [99078.474136] br0: port 1(enp3s0) entered disabled state Nov 14 13:19:36 mint kernel: [99078.554460] device enp3s0 left promiscuous mode Nov 14 13:19:36 mint kernel: [99078.554492] br0: port 1(enp3s0) entered disabled state Nov 14 13:19:59 mint kernel: [99101.806231] RTL8211E Gigabit Ethernet r8169-300:00: attached PHY driver [RTL8211E Gigabit Ethernet] (mii_bus:phy_addr=r8169-300:00, irq=IGNORE) Nov 14 13:20:02 mint kernel: [99104.114206] r8169 :03:00.0 enp3s0: Link is Up - 1Gbps/Full - flow control off /var/log/syslog tells me that it failed a few minutes before I noticed: Nov 14 13:14:24 mint openvpn[3435]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Nov 14 13:14:24 mint openvpn[3435]: TLS Error: TLS handshake failed Why to I want br0 ? *** The reason that I want a bridge is so that virtual machines (under kvm) can connect to the host machine and to the Internet. This problem happens even if VMs are not running. My machine has: enp3s0 192.168.145.2 - connected to broadband router I want: br0 10.239.239.254 Virtual machines with addresses like 10.239.239.12 that they can see the outside world. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/Contact.html #include
