Re: Any idea when CVE-2016-5696 is going to get fixed?

[Frederic Marchal]

On Friday 26 August 2016 23:11:23 Perry E. Metzger wrote:
> On Fri, 26 Aug 2016 21:06:15 +0200 Frederic Marchal
> 
> <frederic.marc...@wowtechnology.com> wrote:
> > On Friday 26 August 2016 11:04:04 Perry E. Metzger wrote:
> > > According to:
> > > 
> > > https://security-tracker.debian.org/tracker/CVE-2016-5696
> > > 
> > > Wheezy and Jessie are still vulnerable. The attack in question is
> > > kind of bad (it allows blind injection of arbitrary data into
> > > things like http downloads) and has been known for a few weeks
> > > now to the general public.
> > 
> > I don't think the issue is that bad.
> > 
> > It allows an attacker to find out if you are connected to a
> > particular web site and makes it easier to interrupt the transfer
> > by sending a RST or SYN packet or inject junk data to corrupt the
> > flow. It's simple denial of service.
> 
> You are completely wrong. This attack allows you to inject
> *meaningful* things into the data flow. It isn't denial of service,
> it is one of the most flexible data injection attacks in years.

You are referring to this paper by Yue Cao and al:

http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf

The paper explains how a patch described in RFC5961 makes it even 
easier to guess the correct TCP sequence number. The paper states that 
it is trivial to inject legitimate looking packets into a long-lived, 
unencrypted, TCP connection with few packets exchanged between the 
client and server.

The requirements are:

* TCP connection,
* long-lived,
* unencrypted,
* long silences.

I'll add that the protocol must allow the server to initiate data sending with 
only one packet (such as news pushed from the server to the client). Any 
protocol relying on an exchange is ruled out as the attacker won't see the 
victim's response.

The authors found www.usatoday.com meets the requirements.

Even if the requirements are met, the attack fails if the client is protected 
by a stateful firewall (either on a NAT router, modem or computer). The 
attacker needs a direct connection to an open port to probe the target 
system.

If the attack is made against the server: I expect any decent server 
accepting data from a client to use https (I may be presuming too much 
here :-) ).

The attack is also useless if the attacker can't spoof the source IP 
address. Routers in corporate environments usually block this by design or 
due to VLAN. For that reason, the attack can't come from the same LAN to 
bypass the border firewall. This rules out an unhappy coworker, infected 
computer or a student with too much time on his hands.

I bet the authors demonstrated the exploit in a very hacker friendly 
environment by disabling the target computer firewall and using a switch 
to connect the attacker and the victim on the same LAN.

Now, I wonder if many sites or protocols do meet the requirements.

Except for the above requirements, I can't see many cases where 
legitimate packets injection is possible without visible side effects giving 
the attack away.

It is not as simple as randomly injecting alert("hello") into 
any given open connection and expect it to land nicely in an HTML stream 
without breaking something visible to the end user (assuming the client is 
downloading html and not css, js, png, json,…). Yet, it is what attackers 
have to deal with on most sites.


> > But to achieve that, you must be downloading something from a web
> > site the attacker is actually targeting. The attacker must know you
> > are doing so or find out by sheer luck.
> 
> "Sheer luck" isn't hard at all. There are a half dozen good ways
> understood to people in the field where you can figure out what
> sites someone is looking at regularly if you are targeting them
> without needing to listen in on their connection directly.

Knowing someone is connected to a particular web site is only the first and 
easier step (just watch when someone post a message for instance).

The attacker must then find (without looking at the actual connection) the 
following data:

* the actual server IP address when multiple servers serves the web site 
(load balancing),
* the client IP address (not as easy as it sound except when targeting an 
individual for which data have been collected by other channels);
* the TCP source port;
* a valid TCP sequence number.

In the best case, it takes some time (around one minute according to the 
paper). The connection must last that long.

AJAX is not a candidate as AJAX goes like this:

Client connects to server.
Client to server: is there something new?
Server to client: no.
Close connection.
Wait some time...
Client connects to server.
Client to server: is there something new?
Server to client: yes, display X.
Close connection.

Due to the keep-alive timeout, spars

Re: Any idea when CVE-2016-5696 is going to get fixed?

[Frederic Marchal]

On Friday 26 August 2016 11:04:04 Perry E. Metzger wrote:
> According to:
> 
> https://security-tracker.debian.org/tracker/CVE-2016-5696
> 
> Wheezy and Jessie are still vulnerable. The attack in question is
> kind of bad (it allows blind injection of arbitrary data into
> things like http downloads) and has been known for a few weeks now to
> the general public.

I don't think the issue is that bad.

It allows an attacker to find out if you are connected to a particular web 
site and makes it easier to interrupt the transfer by sending a RST or SYN 
packet or inject junk data to corrupt the flow. It's simple denial of service.

But to achieve that, you must be downloading something from a web site 
the attacker is actually targeting. The attacker must know you are doing 
so or find out by sheer luck. The download must be long enough (more 
than one minute) for the attacker to discover the set of parameters that 
will make the attack successful. That's unlikely to succeed on a massive 
scale if you ask me!

Beside, the attacker can't possibly know what you are downloading and 
how much data has already been downloaded. There is no way he can 
inject anything useful into the downloaded data. You would end up with a 
corrupted file in the worst case. A worm can't propagate that way.

Frederic

Re: How to VNC to active screen on remote system.

[Frederic Marchal]

On Wednesday 24 February 2016 12:12:54 Javier Vasquez wrote:
> > On Wed, Feb 24, 2016 at 11:50 AM, Dennis Wicks  
wrote:
> > ...
> > What is the program that will connect to the current session on the 
remote
> > system? I have used it before but I can't remember what it was.
> 
> Are you looking for x11vnc [1][2] on the host you want to see?  If so,
> tigervnc and others can be the vnc xlients...

And the exact command to run is

x11vnc -display :0

Run it as the user with the open X11 session. Type the command in a ssh 
session for instance.

x11vnc exits when the last vnc client is closed.

Frederic

Re: URGENTLY need help on using VPN

[Frederic Marchal]

On Friday 11 September 2015 14:52:19 Li Wei wrote:
> Thank Georgi Naplatanov and all those who reply!
> 
> The Chinese firewall is sophisticated
> and I have not been able to download
> http://openvpn.net/howto.html
> sent in attachment by kind users.

I can encrypt the file and send it to you. I would encrypt it with this 
command:

openssl des3 -nosalt -in openvpn-howto.tar.bz2 -out Sample-random-file  
-pass pass:"root...@yahoo.com"

You would then have to decrypt it like this:

openssl des3 -d -nosalt -in Sample-random-file -out openvpn-
howto.tar.bz2  -pass pass:"root...@yahoo.com"

This encryption method is not secure at all. Its purpose is to hide the 
nature of the file thus preventing any automatic tool from scanning its 
content.

It is still possible that the firewall would block any file it can't understand.

Do you think it is worth trying it?

Does anybody knows of a better way and is allowed to share it?

Frederic

Re: wired network connection has stopped working

[Frederic Marchal]

On Friday 21 August 2015 22:07:27 tom arnall wrote:
 Greetings!
 
 About a year ago my wired modem connection stopped working. I can 
find
 nothing on google which helps.
 
 In dmesg there is:
 
 eth0: link is not ready
 
 Here is ifconfig output, in case it is useful for people trying to
 help me with the problem:
 
 eth0  Link encap:Ethernet  HWaddr 00:24:7e:6a:c3:93
   UP BROADCAST MULTICAST  MTU:1500  Metric:1
   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
   collisions:0 txqueuelen:1000
   RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
   Interrupt:20 Memory:fc60-fc62

Can you check that the ethernet cable is detected with

ethtool eth0

It should report something like this:

Settings for eth0:  


   
Supported ports: [ TP ] 


   
Supported link modes:   10baseT/Half 10baseT/Full   


   
100baseT/Half 100baseT/Full 


   
1000baseT/Half 1000baseT/Full   


   
Supported pause frame use: No   


   
Supports auto-negotiation: Yes  


   
Advertised link modes:  10baseT/Half 10baseT/Full   


   
100baseT/Half 100baseT/Full 


   
1000baseT/Half 1000baseT/Full   


   
Advertised pause frame use: Symmetric   


   
Advertised auto-negotiation: Yes


   
Link partner advertised link modes:  10baseT/Half 10baseT/Full  


   
 100baseT/Half 100baseT/Full


   
Link partner advertised pause frame use: Symmetric  


   
Link partner advertised auto-negotiation: Yes

Re: Changing the terminal character set

[Frederic Marchal]

On Saturday 18 July 2015 10:52:33 Alex Naysmith wrote:
 I'm writing python scripts with the curses GUI and I need the CP437
 character set.
 
 How can I change the character encoding in the XFCE terminal [v0.4.8] 
from
 UTF-8 to CP437 or IBM437?
 
 Alternatively, I did attempt to change the system locale from 
en_GB.UTF-8
 to one that contained CP437/IBM437. However, no CP437 character sets
 appeared as an option in 'dpkg-configure locales' command [although 
'IBM437
 does appear as an available character set in 'locales -m'.]
 
 Changing the system locale from UTF-8 probably isn't a good idea 
anyway, so
 it would be ideal if the character set changed was confined to the XFCE
 terminal for the purposes of the curses python script.

I don't expect it to be easy to change the terminal encoding. There is 
really no reason to do it. UTF-8 is so ubiquitous…

The best solution to your problem depends on why you need to change 
the character encoding of the terminal.

I expect both the python engine and the curse library to read UTF-8 files 
just fine and do it even better than CP437 if UTF-8 is the system encoding. 
If they don't, they are probably not correctly configured or compiled. You 
should be able to write and test your script using UTF-8.

If you really need to write your script using CP437, there are a number of 
text editors that can read and write files using whatever encoding you 
want. Vim and kwrite can both do it. There is no need to change the 
terminal encoding just to write a script with CP437.

If you need to send the script to someone that specifically requested 
CP437 encoded files, you should write and test the script using UTF-8 
(taking care of only using characters available in CP437) and then, when 
you are ready to give it away, convert it using iconv:

iconv -f utf8 -t cp437 source -o source_in_cp437

Note that there are a number of text editors on Windows that can read 
UTF-8 files if that's your concern.

Similarly, if your python script must produce CP437 output, you can convert 
the output on the fly using iconv

   python script | iconv -f utf8 -t cp437 | other_command

That's admittedly not very convenient. So, does the python encode 
command (http://www.tutorialspoint.com/python/string_encode.htm) help 
you?

Frederic

Re: Google Chrome and Open-Source derivative listening to me without my approval

[Frederic Marchal]

On Wednesday 24 June 2015 18:51:24 Jose Martinez wrote:
 NaCL -- Sodium Chloride -- common table salt.   That just means you have
 to add your own!!:-D

Actually, it stands for Native Client 
(https://en.wikipedia.org/wiki/Google_Native_Client).

It is Google's attempt to re-invent javascript :-)

Frederic

 
 On 06/22/2015 11:18 PM, Tim Beelen wrote:
  Wow, thanks! An actual thing I can try.
  
  I also found out in the mean time that Chromium does not come 
with/is
  not compiled with NaCl enabled (whatever that is) and that would
  prevent actual execution of the plugin.

Re: Moving from 56k modem

[Frederic Marchal]

On Friday 19 June 2015 09:24:34 Reco wrote:
  Hi.
 
 On Thu, 18 Jun 2015 18:20:25 -0500
 
 Richard Owlett rowl...@cloud85.net wrote:
  Mike McClain wrote:
   On Thu, Jun 18, 2015 at 03:22:37PM -0500, Richard Owlett wrote:
   Scarletdown wrote:
   How about a portable wireless hotspot device and service?
   
   I was leaning away from that solution - unsure of security
   implications when using personal hotspot.
   
   The
   way I understand how those work, you will have your Internet
   service with you no matter where you are, as long as you can get
   a signal from your provider.
   
   When CBS 60 Minutes (or was it Sunday Morning?) did an article on
   security on airlines, trains, etc. They suggested setting up a VPN on
   your system.
   Mike
  
  A pointer to an appropriate how-to and .deb in Jessie repository?
 
 A *very* simplistic howto follows:
 
 autossh -ND1080 ur_home_here
 
 set iceweasel's proxy to socks4 proxy localhost:1080

With iceweasel/firefox, don't forget to change 
network.proxy.socks_remote_dns to true in about:config or the DNS 
requests will be issued to the local DNS server.

See http://kb.mozillazine.org/Network.proxy.socks_remote_dns

If the DNS requests are sent to the local DNS server provided by the DHCP 
of an access point, the AP administrator can get an exhaustive list of 
every single web site you visit simply by looking at the DNS requests 
comming from your computer. The data are still secure thanks to the vpn 
but it is very easy to get a good idea about the kind of activity you are 
having at the moment (I'm adopting the employer's point of view here :-) ).

When network.proxy.socks_remote_dns is set to true, the DNS requests 
are sent through the SOCKS connection and delivered to your computer at 
home (which ultimately is sent to your ISP but you already thrust it with 
that information any way, don't you?)

Frederic

Re: Moving from 56k modem

[Frederic Marchal]

On Friday 19 June 2015 11:01:25 Reco wrote:
  Hi.
 
 On Fri, Jun 19, 2015 at 09:13:42AM +0200, Frederic Marchal wrote:
  On Friday 19 June 2015 09:24:34 Reco wrote:
   On Thu, 18 Jun 2015 18:20:25 -0500
   Richard Owlett rowl...@cloud85.net wrote:
Mike McClain wrote:
 On Thu, Jun 18, 2015 at 03:22:37PM -0500, Richard Owlett 
wrote:
 
 When CBS 60 Minutes (or was it Sunday Morning?) did an article 
on
 security on airlines, trains, etc. They suggested setting up a 
VPN
 on your system.
 
 Mike

A pointer to an appropriate how-to and .deb in Jessie repository?
   
   A *very* simplistic howto follows:
   
   autossh -ND1080 ur_home_here
   
   set iceweasel's proxy to socks4 proxy localhost:1080
  
  With iceweasel/firefox, don't forget to change
  network.proxy.socks_remote_dns to true in about:config or the DNS
  requests will be issued to the local DNS server.
  
  See http://kb.mozillazine.org/Network.proxy.socks_remote_dns
 
 Please don't do so. Ssh only provides SOCKS4 proxy, and SOCKS4 can 
not
 tunnel DNS requests (or any UDP traffic for that matter).

According to ssh(1) manpage (see http://unixhelp.ed.ac.uk/CGI/man-cgi?ssh+1 or 
your local man 1 ssh), ssh -D supports SOCKS4 and SOCKS5.

I have been using that trick since Debian Squeeze.

Locally run, for instance:

   ssh -N -D8880 u...@remote.host.example.com

Set the proxy in firefox to socks=127.0.0.1:8880, enable 
network.proxy.socks_remote_dns and surf while watching with wireshark or 
tcpdump the DNS requests sent on the network interface. I had no DNS 
requests going to the local DNS server. I was completely stealthy except 
for the amount of data exchanged with only one server :-).

I have been using http://www.proxy-offline-browser.com/ProxySwitch/ to 
easily switch between a direct connection and a ssh tunnel in iceweasel.

The ssh server must allow TCP forwarding (AllowTcpForwarding in 
sshd_config, globally or on a per user basis) but, due to -N, you don't even 
need a login shell on the remote server and your tunnel won't register in 
/var/log/auth.log on the server.

BTW, if AllowTCPForwarding is enabled on a server where mysql is installed 
without a root password because it is only listening on 127.0.0.1, then 
anyone with a valid account (for sftp for instance) can open a ssh tunnel 
to access mysql running on the server:

ssh -L12000:localhost:3360 u...@remote.server.example.com

Then it is easy to open a mysql client to local port 12000 as root and 
connect to the remote mysql server. Keep that in check when enabling TCP 
forwarding on a ssh server!

Frederic

Re: systemd equivalent

[Frederic Marchal]

On Saturday 13 June 2015 22:52:22 Bob Bernstein wrote:
 On Sat, 13 Jun 2015, Brian wrote:
  You don't mean that, do you? After all, you do use
  its functionality for booting. :)
 
 Thanks for that. You may be right.
 
 BUT...hrrrmmm...just to show that I can be as
 reasonable as the next fellow, allow me to ask if
 perhaps there was something actually helpful you
 wanted to mention here. I know how under the pressure
 of composing a post to a list things can slip one's
 mind.

I'm thinking the same thing as Brian when I read your posts. I may be able 
to formulate his point of view differently.

Why do you thing systemd has a way of doing everything other tools are 
designed for?

In that instance, ps is designed to report active tasks. And that's just what 
your ssh tunnel is. It is a child process started by the ssh service started 
by systemd.

Even if the top ssh service was started by systemd, it doesn't mean 
systemd has to provide every possible tool to keep track of everything the 
service might do (thankfully for that I would add!).

You may be lured by the fact that systemd is responsible for the system 
journal. As a consequence, it does provide the tool to show the system log 
but every child process isn't registered in the log (or it might with the 
proper output level if the service support it but that's not the point here).

Hope it helps,

Frederic

Re: udev rule for my usb stick

[Frederic Marchal]

On Wednesday 10 June 2015 18:39:11 Michael Soulier wrote:
 On 2015-06-09 4:22 PM, deloptes wrote:
  ls -a /dev/disk/by-id/ or uuid is an option if you want predictable name,
  no?
 
 I suppose, but I'd like to know why working through udev isn't working.

Not every subsystem works.

You use

SUBSYSTEM==scsi, ATTRS{model}==JD FireFly  , 
SYMLINK+=Lexar%n

I never had any luck with the scsi subsystem.

I have been using the following rules depending, mostly, on my mood at 
the moment. A good karma may help too :-)

ACTION==add,SUBSYSTEMS==usb,ENV{ID_TYPE}==disk,ENV{ID_FS_T
YPE}==vfat,SYMLINK+=usbfat

ACTION==add,SUBSYSTEM==block,ATTRS{model}==eTrexHCx 
microSD,SYMLINK+=gps

ACTION==add,ATTRS{manufacturer}==JMicron,ATTRS{product}==USB 
to ATA/ATAPI Bridge,SYMLINK+=usbext

ACTION==add,SUBSYSTEM==block,ATTRS{idVendor}==2237,ATTRS{id
Product}==4173,SYMLINK+=kobo

Notice the use of SUBSYSTEM and SUBSYSTEMS. It was important to use 
the correct one.

Don't forget to reload the rules. I remember I had to run udevadm control 
--reload-rules but it isn't in the man page any more so things may have 
changed since then.

Frederic

Re: Pining for Qt 5.4

[Frederic Marchal]

On Friday 01 May 2015 08:28:26 Markus-Hermann Koch wrote:
 Hi folks!
 I would like to use Qt 5.4 for its QOpenGLWidget. However,
 Qt 5.4 is still stuck in experimental. Being a user I now seem to have
 several options:
 
 2.) Grant root privileges to
 ./qt-opensource-linux-x64-1.6.0-8-online.run (the linux installer from
 www.qt.io) and see what happens.
 Is that dangerous?

I only ever installed the offline version and the last I installed on Debian 
Wheezy was qt 5.2 but it went smoothly.

I don't remember I had to be root to install it but I may be wrong on this.

The installer creates a Qt directory in your $HOME directory and copies the 
libraries, binaries, examples, documentation and QtCreator into it (for 
instance, the current version would be in $HOME/Qt/Qt5.4.1).

You can install several versions of the Qt librairies and binaries. They all 
use distinct subdirectories in $HOME/Qt. As a consequence, you must not forget 
to manually unintall older versions when you don't need them any more.

QtCreator is configured to detect existing Qt librairies on the system and in 
your home directory. You just select the library version you want to use to 
build your project.

If you build your project against the Qt librairies installed in your home 
directory, you can still release your application you include a copy of every 
required so file within the application directory. Don't forget to distribute 
your application with the platform directory (I don't remember where it is).

Frederic


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/3847460.s6yi7ti...@fmarchal.edpnet.be

Re: Jessie and screensaver on lid-close

[Frederic Marchal]

On Wednesday 29 April 2015 09:08:41 Gary Roach wrote:
 On 04/28/2015 05:27 AM, Francesco Ariis wrote:
  Hello,
  
   I recently upgraded my laptop from wheezy to jessie, and everything
  
  is going smoothly. I run a very simple system, with X but no DE.
  
  I would like to lock the screen when the lid of my laptop is closed
  (by running xscreensaver, which I currently have installed, if possible,
  but any other method will do).
  
  How to do it? After searching a bit I suspect I have to mess with systemd
  configuration files, but I am not sure which one to edit.
 
 This doesn't answer you question exactly but I would like to point out
 that screen savers are useless with lcd / led screens. They were
 originally meant to protect CRT's from burn in when the electron beam
 stayed in the same place too long. I don't use them anymore. So unless
 you just like the pretty pictures, turn them off.

Not quite right. I have seen LCD screens where the login screen was burned in 
the screen leaving a clearly visible and annoying shadow at all time.

So, it isn't a good idea to leave the same display on the screen for a long 
period of time even if LCD screens are more robust than CRT monitors and some 
people claim it is possible to get rid of the shadow.

Moreover, it makes sense to have a screen saver to turn the display and 
backlight off. It saves a lot of energy on a laptop.

Frederic


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/3380127.lei9z36...@fmarchal.edpnet.be

Re: Cheap way to track disk usage?

[Frederic Marchal]

Sorry for the very very late answer. That mail showed up as a new mail in my 
mail client!

Frederic

On Saturday 11 April 2015 11:19:02 Frederic Marchal wrote:
 On Tuesday 03 March 2015 20:29:53 Richard Hector wrote:
  Hi all,
  
  I have an issue with a (client's) large (13T) filesystem, that fills
  up every now and then and nobody's quite sure what's doing it.
  
  I can run du, but that takes ages, and has a performance impact. df
  only gives the total for the filesystem, of course.
  
  Currently I'm running find occasionally, with fprintf to record
  filename, mtime and size, then analysing it (by importing it into
  postgres, fwiw) for new large files - but ideally I'd like to zero in
  by frequently checking sizes of whole directories. Is there any way to
  do that, perhaps by triggering off write calls, cheaply?
  
  I know that inotify/incron have their limitations when working with
  deep directory structures; I'd be interested to know of anything that
  can trigger on any writes to a particular filesystem.
  
  If I could start again, I'd put LVM on the array and use multiple LVs
  to allow du to work at lower levels, but that's not really practical
  at this stage.
  
  Any tips?
 
 Have a look at agedu:
 
 http://www.chiark.greenend.org.uk/~sgtatham/agedu/
 
 It computes disk usage like du.
 
 The produced HTML report can be viewed interactively like ncdu.
 
 But, in addition, you can view the HTML report from another machine (using
 the agedu webserver) or on another computer if you copy the agedu.dat file
 to another computer and start the web server there.
 
 As the report distinguishes new from old files, you can spot were the most
 recently written big files are.
 
 Frederic


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/2256452.aofhqvr...@fmarchal.edpnet.be

Re: Cheap way to track disk usage?

[Frederic Marchal]

On Tuesday 03 March 2015 20:29:53 Richard Hector wrote:
 Hi all,
 
 I have an issue with a (client's) large (13T) filesystem, that fills
 up every now and then and nobody's quite sure what's doing it.
 
 I can run du, but that takes ages, and has a performance impact. df
 only gives the total for the filesystem, of course.
 
 Currently I'm running find occasionally, with fprintf to record
 filename, mtime and size, then analysing it (by importing it into
 postgres, fwiw) for new large files - but ideally I'd like to zero in
 by frequently checking sizes of whole directories. Is there any way to
 do that, perhaps by triggering off write calls, cheaply?
 
 I know that inotify/incron have their limitations when working with
 deep directory structures; I'd be interested to know of anything that
 can trigger on any writes to a particular filesystem.
 
 If I could start again, I'd put LVM on the array and use multiple LVs
 to allow du to work at lower levels, but that's not really practical
 at this stage.
 
 Any tips?

Have a look at agedu:

http://www.chiark.greenend.org.uk/~sgtatham/agedu/

It computes disk usage like du.

The produced HTML report can be viewed interactively like ncdu.

But, in addition, you can view the HTML report from another machine (using the 
agedu webserver) or on another computer if you copy the agedu.dat file to 
another computer and start the web server there.

As the report distinguishes new from old files, you can spot were the most 
recently written big files are.

Frederic


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/2983027.ioe2yqq...@fmarchal.edpnet.be

Re: Machine hangs at boot

[Frederic Marchal]

On Monday 15 December 2014 14:37:10 German wrote:
 My machine hangs at boot, so i'd like someone to take a look at my log.
 Thanks
 
 http://pastebin.com/3crkJgnE

Let's try another wild guess.

sdb looks corrupted or not initialized

[2.147780]  sdb: unknown partition table

Can you unplug that 500GB disk to see if the kernel isn't chocking on a 
hardware error?

Beware that it will shift sdc to sdb. Depending on the system configuration, it 
might be necessary to boot in single user/rescue mode. You may also want to 
unplug sdc to prevent it from being accessed as sdb.

Frederic


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1601304.9eq4r7q...@fmarchal.edpnet.be

Re: Machine hangs at boot

[Frederic Marchal]

On Monday 15 December 2014 15:40:23 German wrote:
 Do you refer to SDB as 500GB disk?

It looks so:

[2.128658] scsi 1:0:0:0: Direct-Access ATA  ST500LM021-1KJ15 0001 
PQ: 0 ANSI: 5
[2.130695] sd 1:0:0:0: [sdb] 976773168 512-byte logical blocks: (500 
GB/465 GiB)


Frederic

 Frederic Marchal frederic.marc...@wowtechnology.com wrote:
 On Monday 15 December 2014 14:37:10 German wrote:
  My machine hangs at boot, so i'd like someone to take a look at my log.
  Thanks
  
  http://pastebin.com/3crkJgnE
 
 Let's try another wild guess.
 
 sdb looks corrupted or not initialized
 
 [2.147780]  sdb: unknown partition table
 
 Can you unplug that 500GB disk to see if the kernel isn't chocking on a
 hardware error?
 
 Beware that it will shift sdc to sdb. Depending on the system
 configuration, it might be necessary to boot in single user/rescue mode.
 You may also want to unplug sdc to prevent it from being accessed as sdb.
 
 Frederic


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/709327382.yorfe8e...@fmarchal.edpnet.be

Re: Machine hangs at boot

[Frederic Marchal]

On Monday 15 December 2014 15:48:40 German wrote:
 Oh OK, there really is such a disk. Unfortunately I can't remove it. My
 machine was running smoothly for about two months and after kernel update
 this thing happened.

Is sdb supposed to contain a valid partition?

If it is supposed to be a valid disk, then, I would say it is now corrupted…

How frequently do you reboot your computer? If you reboot it infrequently and 
just rebooted it after the kernel update, then the disk failure may have been 
noticed only then.

As the kernel driver handling that disk is a generic scsi, I doubt a kernel 
bug affects your system.

The ata driver can't be blamed here either as it is recognizing sda just fine.

Now, something else may be holding the boot sequence for 26 seconds just 
before mounting the swap partition on sda3 but you ruled out a corruption on 
sda2. And we lack evidences that any other peripheral is behaving strangely.

Frederic


 Frederic Marchal frederic.marc...@wowtechnology.com wrote:
 On Monday 15 December 2014 15:40:23 German wrote:
  Do you refer to SDB as 500GB disk?
 
 It looks so:
 
 [2.128658] scsi 1:0:0:0: Direct-Access ATA  ST500LM021-1KJ15
 0001 PQ: 0 ANSI: 5
 [2.130695] sd 1:0:0:0: [sdb] 976773168 512-byte logical blocks: (500
 GB/465 GiB)
 
 
 Frederic
 
  Frederic Marchal frederic.marc...@wowtechnology.com wrote:
  On Monday 15 December 2014 14:37:10 German wrote:
   My machine hangs at boot, so i'd like someone to take a look at my
   log.
   Thanks
   
   http://pastebin.com/3crkJgnE
  
  Let's try another wild guess.
  
  sdb looks corrupted or not initialized
  
  [2.147780]  sdb: unknown partition table
  
  Can you unplug that 500GB disk to see if the kernel isn't chocking on a
  hardware error?
  
  Beware that it will shift sdc to sdb. Depending on the system
  configuration, it might be necessary to boot in single user/rescue mode.
  You may also want to unplug sdc to prevent it from being accessed as
  sdb.
  
  Frederic


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/8251684.iwjy9h4...@fmarchal.edpnet.be

Re: Machine hangs at boot

[Frederic Marchal]

On Monday 15 December 2014 16:14:09 German wrote:
 SDB is ext4. It is just a disk I use for data. Under normal circumstances,
 when system operating normally it isn't mounted for some reason and it gets
 mounted when I just click on it in LXDE. I guess that's why it's not
 initialized

LXDE can't mount a ext4 partition if the disk partition table is unknown.

Could the partition table be in an unusual format and the new kernel doesn't 
support that format anymore? I doubt it. It is more likely that it got 
corrupted but you didn't notice until the system was rebooted.

Can you check that disk with a live cd, rescue mode or whatever you have at 
hand?

PS: I just saw your other mail where you write that catalyst is working fine. I 
expected that much. So sdb is again the most suspicious line reported by 
dmesg.

Frederic


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1634361.thzh7cf...@fmarchal.edpnet.be