Re: Any idea when CVE-2016-5696 is going to get fixed?
On Friday 26 August 2016 23:11:23 Perry E. Metzger wrote: > On Fri, 26 Aug 2016 21:06:15 +0200 Frederic Marchal > > <frederic.marc...@wowtechnology.com> wrote: > > On Friday 26 August 2016 11:04:04 Perry E. Metzger wrote: > > > According to: > > > > > > https://security-tracker.debian.org/tracker/CVE-2016-5696 > > > > > > Wheezy and Jessie are still vulnerable. The attack in question is > > > kind of bad (it allows blind injection of arbitrary data into > > > things like http downloads) and has been known for a few weeks > > > now to the general public. > > > > I don't think the issue is that bad. > > > > It allows an attacker to find out if you are connected to a > > particular web site and makes it easier to interrupt the transfer > > by sending a RST or SYN packet or inject junk data to corrupt the > > flow. It's simple denial of service. > > You are completely wrong. This attack allows you to inject > *meaningful* things into the data flow. It isn't denial of service, > it is one of the most flexible data injection attacks in years. You are referring to this paper by Yue Cao and al: http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf The paper explains how a patch described in RFC5961 makes it even easier to guess the correct TCP sequence number. The paper states that it is trivial to inject legitimate looking packets into a long-lived, unencrypted, TCP connection with few packets exchanged between the client and server. The requirements are: * TCP connection, * long-lived, * unencrypted, * long silences. I'll add that the protocol must allow the server to initiate data sending with only one packet (such as news pushed from the server to the client). Any protocol relying on an exchange is ruled out as the attacker won't see the victim's response. The authors found www.usatoday.com meets the requirements. Even if the requirements are met, the attack fails if the client is protected by a stateful firewall (either on a NAT router, modem or computer). The attacker needs a direct connection to an open port to probe the target system. If the attack is made against the server: I expect any decent server accepting data from a client to use https (I may be presuming too much here :-) ). The attack is also useless if the attacker can't spoof the source IP address. Routers in corporate environments usually block this by design or due to VLAN. For that reason, the attack can't come from the same LAN to bypass the border firewall. This rules out an unhappy coworker, infected computer or a student with too much time on his hands. I bet the authors demonstrated the exploit in a very hacker friendly environment by disabling the target computer firewall and using a switch to connect the attacker and the victim on the same LAN. Now, I wonder if many sites or protocols do meet the requirements. Except for the above requirements, I can't see many cases where legitimate packets injection is possible without visible side effects giving the attack away. It is not as simple as randomly injecting alert("hello") into any given open connection and expect it to land nicely in an HTML stream without breaking something visible to the end user (assuming the client is downloading html and not css, js, png, json,…). Yet, it is what attackers have to deal with on most sites. > > But to achieve that, you must be downloading something from a web > > site the attacker is actually targeting. The attacker must know you > > are doing so or find out by sheer luck. > > "Sheer luck" isn't hard at all. There are a half dozen good ways > understood to people in the field where you can figure out what > sites someone is looking at regularly if you are targeting them > without needing to listen in on their connection directly. Knowing someone is connected to a particular web site is only the first and easier step (just watch when someone post a message for instance). The attacker must then find (without looking at the actual connection) the following data: * the actual server IP address when multiple servers serves the web site (load balancing), * the client IP address (not as easy as it sound except when targeting an individual for which data have been collected by other channels); * the TCP source port; * a valid TCP sequence number. In the best case, it takes some time (around one minute according to the paper). The connection must last that long. AJAX is not a candidate as AJAX goes like this: Client connects to server. Client to server: is there something new? Server to client: no. Close connection. Wait some time... Client connects to server. Client to server: is there something new? Server to client: yes, display X. Close connection. Due to the keep-alive timeout, spars
Re: Any idea when CVE-2016-5696 is going to get fixed?
On Friday 26 August 2016 11:04:04 Perry E. Metzger wrote: > According to: > > https://security-tracker.debian.org/tracker/CVE-2016-5696 > > Wheezy and Jessie are still vulnerable. The attack in question is > kind of bad (it allows blind injection of arbitrary data into > things like http downloads) and has been known for a few weeks now to > the general public. I don't think the issue is that bad. It allows an attacker to find out if you are connected to a particular web site and makes it easier to interrupt the transfer by sending a RST or SYN packet or inject junk data to corrupt the flow. It's simple denial of service. But to achieve that, you must be downloading something from a web site the attacker is actually targeting. The attacker must know you are doing so or find out by sheer luck. The download must be long enough (more than one minute) for the attacker to discover the set of parameters that will make the attack successful. That's unlikely to succeed on a massive scale if you ask me! Beside, the attacker can't possibly know what you are downloading and how much data has already been downloaded. There is no way he can inject anything useful into the downloaded data. You would end up with a corrupted file in the worst case. A worm can't propagate that way. Frederic
Re: How to VNC to active screen on remote system.
On Wednesday 24 February 2016 12:12:54 Javier Vasquez wrote: > > On Wed, Feb 24, 2016 at 11:50 AM, Dennis Wickswrote: > > ... > > What is the program that will connect to the current session on the remote > > system? I have used it before but I can't remember what it was. > > Are you looking for x11vnc [1][2] on the host you want to see? If so, > tigervnc and others can be the vnc xlients... And the exact command to run is x11vnc -display :0 Run it as the user with the open X11 session. Type the command in a ssh session for instance. x11vnc exits when the last vnc client is closed. Frederic
Re: URGENTLY need help on using VPN
On Friday 11 September 2015 14:52:19 Li Wei wrote: > Thank Georgi Naplatanov and all those who reply! > > The Chinese firewall is sophisticated > and I have not been able to download > http://openvpn.net/howto.html > sent in attachment by kind users. I can encrypt the file and send it to you. I would encrypt it with this command: openssl des3 -nosalt -in openvpn-howto.tar.bz2 -out Sample-random-file -pass pass:"root...@yahoo.com" You would then have to decrypt it like this: openssl des3 -d -nosalt -in Sample-random-file -out openvpn- howto.tar.bz2 -pass pass:"root...@yahoo.com" This encryption method is not secure at all. Its purpose is to hide the nature of the file thus preventing any automatic tool from scanning its content. It is still possible that the firewall would block any file it can't understand. Do you think it is worth trying it? Does anybody knows of a better way and is allowed to share it? Frederic
Re: wired network connection has stopped working
On Friday 21 August 2015 22:07:27 tom arnall wrote: Greetings! About a year ago my wired modem connection stopped working. I can find nothing on google which helps. In dmesg there is: eth0: link is not ready Here is ifconfig output, in case it is useful for people trying to help me with the problem: eth0 Link encap:Ethernet HWaddr 00:24:7e:6a:c3:93 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:20 Memory:fc60-fc62 Can you check that the ethernet cable is detected with ethtool eth0 It should report something like this: Settings for eth0: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Half 1000baseT/Full Supported pause frame use: No Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Half 1000baseT/Full Advertised pause frame use: Symmetric Advertised auto-negotiation: Yes Link partner advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full Link partner advertised pause frame use: Symmetric Link partner advertised auto-negotiation: Yes
Re: Changing the terminal character set
On Saturday 18 July 2015 10:52:33 Alex Naysmith wrote: I'm writing python scripts with the curses GUI and I need the CP437 character set. How can I change the character encoding in the XFCE terminal [v0.4.8] from UTF-8 to CP437 or IBM437? Alternatively, I did attempt to change the system locale from en_GB.UTF-8 to one that contained CP437/IBM437. However, no CP437 character sets appeared as an option in 'dpkg-configure locales' command [although 'IBM437 does appear as an available character set in 'locales -m'.] Changing the system locale from UTF-8 probably isn't a good idea anyway, so it would be ideal if the character set changed was confined to the XFCE terminal for the purposes of the curses python script. I don't expect it to be easy to change the terminal encoding. There is really no reason to do it. UTF-8 is so ubiquitous… The best solution to your problem depends on why you need to change the character encoding of the terminal. I expect both the python engine and the curse library to read UTF-8 files just fine and do it even better than CP437 if UTF-8 is the system encoding. If they don't, they are probably not correctly configured or compiled. You should be able to write and test your script using UTF-8. If you really need to write your script using CP437, there are a number of text editors that can read and write files using whatever encoding you want. Vim and kwrite can both do it. There is no need to change the terminal encoding just to write a script with CP437. If you need to send the script to someone that specifically requested CP437 encoded files, you should write and test the script using UTF-8 (taking care of only using characters available in CP437) and then, when you are ready to give it away, convert it using iconv: iconv -f utf8 -t cp437 source -o source_in_cp437 Note that there are a number of text editors on Windows that can read UTF-8 files if that's your concern. Similarly, if your python script must produce CP437 output, you can convert the output on the fly using iconv python script | iconv -f utf8 -t cp437 | other_command That's admittedly not very convenient. So, does the python encode command (http://www.tutorialspoint.com/python/string_encode.htm) help you? Frederic
Re: Google Chrome and Open-Source derivative listening to me without my approval
On Wednesday 24 June 2015 18:51:24 Jose Martinez wrote: NaCL -- Sodium Chloride -- common table salt. That just means you have to add your own!!:-D Actually, it stands for Native Client (https://en.wikipedia.org/wiki/Google_Native_Client). It is Google's attempt to re-invent javascript :-) Frederic On 06/22/2015 11:18 PM, Tim Beelen wrote: Wow, thanks! An actual thing I can try. I also found out in the mean time that Chromium does not come with/is not compiled with NaCl enabled (whatever that is) and that would prevent actual execution of the plugin.
Re: Moving from 56k modem
On Friday 19 June 2015 09:24:34 Reco wrote: Hi. On Thu, 18 Jun 2015 18:20:25 -0500 Richard Owlett rowl...@cloud85.net wrote: Mike McClain wrote: On Thu, Jun 18, 2015 at 03:22:37PM -0500, Richard Owlett wrote: Scarletdown wrote: How about a portable wireless hotspot device and service? I was leaning away from that solution - unsure of security implications when using personal hotspot. The way I understand how those work, you will have your Internet service with you no matter where you are, as long as you can get a signal from your provider. When CBS 60 Minutes (or was it Sunday Morning?) did an article on security on airlines, trains, etc. They suggested setting up a VPN on your system. Mike A pointer to an appropriate how-to and .deb in Jessie repository? A *very* simplistic howto follows: autossh -ND1080 ur_home_here set iceweasel's proxy to socks4 proxy localhost:1080 With iceweasel/firefox, don't forget to change network.proxy.socks_remote_dns to true in about:config or the DNS requests will be issued to the local DNS server. See http://kb.mozillazine.org/Network.proxy.socks_remote_dns If the DNS requests are sent to the local DNS server provided by the DHCP of an access point, the AP administrator can get an exhaustive list of every single web site you visit simply by looking at the DNS requests comming from your computer. The data are still secure thanks to the vpn but it is very easy to get a good idea about the kind of activity you are having at the moment (I'm adopting the employer's point of view here :-) ). When network.proxy.socks_remote_dns is set to true, the DNS requests are sent through the SOCKS connection and delivered to your computer at home (which ultimately is sent to your ISP but you already thrust it with that information any way, don't you?) Frederic
Re: Moving from 56k modem
On Friday 19 June 2015 11:01:25 Reco wrote: Hi. On Fri, Jun 19, 2015 at 09:13:42AM +0200, Frederic Marchal wrote: On Friday 19 June 2015 09:24:34 Reco wrote: On Thu, 18 Jun 2015 18:20:25 -0500 Richard Owlett rowl...@cloud85.net wrote: Mike McClain wrote: On Thu, Jun 18, 2015 at 03:22:37PM -0500, Richard Owlett wrote: When CBS 60 Minutes (or was it Sunday Morning?) did an article on security on airlines, trains, etc. They suggested setting up a VPN on your system. Mike A pointer to an appropriate how-to and .deb in Jessie repository? A *very* simplistic howto follows: autossh -ND1080 ur_home_here set iceweasel's proxy to socks4 proxy localhost:1080 With iceweasel/firefox, don't forget to change network.proxy.socks_remote_dns to true in about:config or the DNS requests will be issued to the local DNS server. See http://kb.mozillazine.org/Network.proxy.socks_remote_dns Please don't do so. Ssh only provides SOCKS4 proxy, and SOCKS4 can not tunnel DNS requests (or any UDP traffic for that matter). According to ssh(1) manpage (see http://unixhelp.ed.ac.uk/CGI/man-cgi?ssh+1 or your local man 1 ssh), ssh -D supports SOCKS4 and SOCKS5. I have been using that trick since Debian Squeeze. Locally run, for instance: ssh -N -D8880 u...@remote.host.example.com Set the proxy in firefox to socks=127.0.0.1:8880, enable network.proxy.socks_remote_dns and surf while watching with wireshark or tcpdump the DNS requests sent on the network interface. I had no DNS requests going to the local DNS server. I was completely stealthy except for the amount of data exchanged with only one server :-). I have been using http://www.proxy-offline-browser.com/ProxySwitch/ to easily switch between a direct connection and a ssh tunnel in iceweasel. The ssh server must allow TCP forwarding (AllowTcpForwarding in sshd_config, globally or on a per user basis) but, due to -N, you don't even need a login shell on the remote server and your tunnel won't register in /var/log/auth.log on the server. BTW, if AllowTCPForwarding is enabled on a server where mysql is installed without a root password because it is only listening on 127.0.0.1, then anyone with a valid account (for sftp for instance) can open a ssh tunnel to access mysql running on the server: ssh -L12000:localhost:3360 u...@remote.server.example.com Then it is easy to open a mysql client to local port 12000 as root and connect to the remote mysql server. Keep that in check when enabling TCP forwarding on a ssh server! Frederic
Re: systemd equivalent
On Saturday 13 June 2015 22:52:22 Bob Bernstein wrote: On Sat, 13 Jun 2015, Brian wrote: You don't mean that, do you? After all, you do use its functionality for booting. :) Thanks for that. You may be right. BUT...hrrrmmm...just to show that I can be as reasonable as the next fellow, allow me to ask if perhaps there was something actually helpful you wanted to mention here. I know how under the pressure of composing a post to a list things can slip one's mind. I'm thinking the same thing as Brian when I read your posts. I may be able to formulate his point of view differently. Why do you thing systemd has a way of doing everything other tools are designed for? In that instance, ps is designed to report active tasks. And that's just what your ssh tunnel is. It is a child process started by the ssh service started by systemd. Even if the top ssh service was started by systemd, it doesn't mean systemd has to provide every possible tool to keep track of everything the service might do (thankfully for that I would add!). You may be lured by the fact that systemd is responsible for the system journal. As a consequence, it does provide the tool to show the system log but every child process isn't registered in the log (or it might with the proper output level if the service support it but that's not the point here). Hope it helps, Frederic
Re: udev rule for my usb stick
On Wednesday 10 June 2015 18:39:11 Michael Soulier wrote: On 2015-06-09 4:22 PM, deloptes wrote: ls -a /dev/disk/by-id/ or uuid is an option if you want predictable name, no? I suppose, but I'd like to know why working through udev isn't working. Not every subsystem works. You use SUBSYSTEM==scsi, ATTRS{model}==JD FireFly , SYMLINK+=Lexar%n I never had any luck with the scsi subsystem. I have been using the following rules depending, mostly, on my mood at the moment. A good karma may help too :-) ACTION==add,SUBSYSTEMS==usb,ENV{ID_TYPE}==disk,ENV{ID_FS_T YPE}==vfat,SYMLINK+=usbfat ACTION==add,SUBSYSTEM==block,ATTRS{model}==eTrexHCx microSD,SYMLINK+=gps ACTION==add,ATTRS{manufacturer}==JMicron,ATTRS{product}==USB to ATA/ATAPI Bridge,SYMLINK+=usbext ACTION==add,SUBSYSTEM==block,ATTRS{idVendor}==2237,ATTRS{id Product}==4173,SYMLINK+=kobo Notice the use of SUBSYSTEM and SUBSYSTEMS. It was important to use the correct one. Don't forget to reload the rules. I remember I had to run udevadm control --reload-rules but it isn't in the man page any more so things may have changed since then. Frederic
Re: Pining for Qt 5.4
On Friday 01 May 2015 08:28:26 Markus-Hermann Koch wrote: Hi folks! I would like to use Qt 5.4 for its QOpenGLWidget. However, Qt 5.4 is still stuck in experimental. Being a user I now seem to have several options: 2.) Grant root privileges to ./qt-opensource-linux-x64-1.6.0-8-online.run (the linux installer from www.qt.io) and see what happens. Is that dangerous? I only ever installed the offline version and the last I installed on Debian Wheezy was qt 5.2 but it went smoothly. I don't remember I had to be root to install it but I may be wrong on this. The installer creates a Qt directory in your $HOME directory and copies the libraries, binaries, examples, documentation and QtCreator into it (for instance, the current version would be in $HOME/Qt/Qt5.4.1). You can install several versions of the Qt librairies and binaries. They all use distinct subdirectories in $HOME/Qt. As a consequence, you must not forget to manually unintall older versions when you don't need them any more. QtCreator is configured to detect existing Qt librairies on the system and in your home directory. You just select the library version you want to use to build your project. If you build your project against the Qt librairies installed in your home directory, you can still release your application you include a copy of every required so file within the application directory. Don't forget to distribute your application with the platform directory (I don't remember where it is). Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/3847460.s6yi7ti...@fmarchal.edpnet.be
Re: Jessie and screensaver on lid-close
On Wednesday 29 April 2015 09:08:41 Gary Roach wrote: On 04/28/2015 05:27 AM, Francesco Ariis wrote: Hello, I recently upgraded my laptop from wheezy to jessie, and everything is going smoothly. I run a very simple system, with X but no DE. I would like to lock the screen when the lid of my laptop is closed (by running xscreensaver, which I currently have installed, if possible, but any other method will do). How to do it? After searching a bit I suspect I have to mess with systemd configuration files, but I am not sure which one to edit. This doesn't answer you question exactly but I would like to point out that screen savers are useless with lcd / led screens. They were originally meant to protect CRT's from burn in when the electron beam stayed in the same place too long. I don't use them anymore. So unless you just like the pretty pictures, turn them off. Not quite right. I have seen LCD screens where the login screen was burned in the screen leaving a clearly visible and annoying shadow at all time. So, it isn't a good idea to leave the same display on the screen for a long period of time even if LCD screens are more robust than CRT monitors and some people claim it is possible to get rid of the shadow. Moreover, it makes sense to have a screen saver to turn the display and backlight off. It saves a lot of energy on a laptop. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/3380127.lei9z36...@fmarchal.edpnet.be
Re: Cheap way to track disk usage?
Sorry for the very very late answer. That mail showed up as a new mail in my mail client! Frederic On Saturday 11 April 2015 11:19:02 Frederic Marchal wrote: On Tuesday 03 March 2015 20:29:53 Richard Hector wrote: Hi all, I have an issue with a (client's) large (13T) filesystem, that fills up every now and then and nobody's quite sure what's doing it. I can run du, but that takes ages, and has a performance impact. df only gives the total for the filesystem, of course. Currently I'm running find occasionally, with fprintf to record filename, mtime and size, then analysing it (by importing it into postgres, fwiw) for new large files - but ideally I'd like to zero in by frequently checking sizes of whole directories. Is there any way to do that, perhaps by triggering off write calls, cheaply? I know that inotify/incron have their limitations when working with deep directory structures; I'd be interested to know of anything that can trigger on any writes to a particular filesystem. If I could start again, I'd put LVM on the array and use multiple LVs to allow du to work at lower levels, but that's not really practical at this stage. Any tips? Have a look at agedu: http://www.chiark.greenend.org.uk/~sgtatham/agedu/ It computes disk usage like du. The produced HTML report can be viewed interactively like ncdu. But, in addition, you can view the HTML report from another machine (using the agedu webserver) or on another computer if you copy the agedu.dat file to another computer and start the web server there. As the report distinguishes new from old files, you can spot were the most recently written big files are. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/2256452.aofhqvr...@fmarchal.edpnet.be
Re: Cheap way to track disk usage?
On Tuesday 03 March 2015 20:29:53 Richard Hector wrote: Hi all, I have an issue with a (client's) large (13T) filesystem, that fills up every now and then and nobody's quite sure what's doing it. I can run du, but that takes ages, and has a performance impact. df only gives the total for the filesystem, of course. Currently I'm running find occasionally, with fprintf to record filename, mtime and size, then analysing it (by importing it into postgres, fwiw) for new large files - but ideally I'd like to zero in by frequently checking sizes of whole directories. Is there any way to do that, perhaps by triggering off write calls, cheaply? I know that inotify/incron have their limitations when working with deep directory structures; I'd be interested to know of anything that can trigger on any writes to a particular filesystem. If I could start again, I'd put LVM on the array and use multiple LVs to allow du to work at lower levels, but that's not really practical at this stage. Any tips? Have a look at agedu: http://www.chiark.greenend.org.uk/~sgtatham/agedu/ It computes disk usage like du. The produced HTML report can be viewed interactively like ncdu. But, in addition, you can view the HTML report from another machine (using the agedu webserver) or on another computer if you copy the agedu.dat file to another computer and start the web server there. As the report distinguishes new from old files, you can spot were the most recently written big files are. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/2983027.ioe2yqq...@fmarchal.edpnet.be
Re: Machine hangs at boot
On Monday 15 December 2014 14:37:10 German wrote: My machine hangs at boot, so i'd like someone to take a look at my log. Thanks http://pastebin.com/3crkJgnE Let's try another wild guess. sdb looks corrupted or not initialized [2.147780] sdb: unknown partition table Can you unplug that 500GB disk to see if the kernel isn't chocking on a hardware error? Beware that it will shift sdc to sdb. Depending on the system configuration, it might be necessary to boot in single user/rescue mode. You may also want to unplug sdc to prevent it from being accessed as sdb. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1601304.9eq4r7q...@fmarchal.edpnet.be
Re: Machine hangs at boot
On Monday 15 December 2014 15:40:23 German wrote: Do you refer to SDB as 500GB disk? It looks so: [2.128658] scsi 1:0:0:0: Direct-Access ATA ST500LM021-1KJ15 0001 PQ: 0 ANSI: 5 [2.130695] sd 1:0:0:0: [sdb] 976773168 512-byte logical blocks: (500 GB/465 GiB) Frederic Frederic Marchal frederic.marc...@wowtechnology.com wrote: On Monday 15 December 2014 14:37:10 German wrote: My machine hangs at boot, so i'd like someone to take a look at my log. Thanks http://pastebin.com/3crkJgnE Let's try another wild guess. sdb looks corrupted or not initialized [2.147780] sdb: unknown partition table Can you unplug that 500GB disk to see if the kernel isn't chocking on a hardware error? Beware that it will shift sdc to sdb. Depending on the system configuration, it might be necessary to boot in single user/rescue mode. You may also want to unplug sdc to prevent it from being accessed as sdb. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/709327382.yorfe8e...@fmarchal.edpnet.be
Re: Machine hangs at boot
On Monday 15 December 2014 15:48:40 German wrote: Oh OK, there really is such a disk. Unfortunately I can't remove it. My machine was running smoothly for about two months and after kernel update this thing happened. Is sdb supposed to contain a valid partition? If it is supposed to be a valid disk, then, I would say it is now corrupted… How frequently do you reboot your computer? If you reboot it infrequently and just rebooted it after the kernel update, then the disk failure may have been noticed only then. As the kernel driver handling that disk is a generic scsi, I doubt a kernel bug affects your system. The ata driver can't be blamed here either as it is recognizing sda just fine. Now, something else may be holding the boot sequence for 26 seconds just before mounting the swap partition on sda3 but you ruled out a corruption on sda2. And we lack evidences that any other peripheral is behaving strangely. Frederic Frederic Marchal frederic.marc...@wowtechnology.com wrote: On Monday 15 December 2014 15:40:23 German wrote: Do you refer to SDB as 500GB disk? It looks so: [2.128658] scsi 1:0:0:0: Direct-Access ATA ST500LM021-1KJ15 0001 PQ: 0 ANSI: 5 [2.130695] sd 1:0:0:0: [sdb] 976773168 512-byte logical blocks: (500 GB/465 GiB) Frederic Frederic Marchal frederic.marc...@wowtechnology.com wrote: On Monday 15 December 2014 14:37:10 German wrote: My machine hangs at boot, so i'd like someone to take a look at my log. Thanks http://pastebin.com/3crkJgnE Let's try another wild guess. sdb looks corrupted or not initialized [2.147780] sdb: unknown partition table Can you unplug that 500GB disk to see if the kernel isn't chocking on a hardware error? Beware that it will shift sdc to sdb. Depending on the system configuration, it might be necessary to boot in single user/rescue mode. You may also want to unplug sdc to prevent it from being accessed as sdb. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/8251684.iwjy9h4...@fmarchal.edpnet.be
Re: Machine hangs at boot
On Monday 15 December 2014 16:14:09 German wrote: SDB is ext4. It is just a disk I use for data. Under normal circumstances, when system operating normally it isn't mounted for some reason and it gets mounted when I just click on it in LXDE. I guess that's why it's not initialized LXDE can't mount a ext4 partition if the disk partition table is unknown. Could the partition table be in an unusual format and the new kernel doesn't support that format anymore? I doubt it. It is more likely that it got corrupted but you didn't notice until the system was rebooted. Can you check that disk with a live cd, rescue mode or whatever you have at hand? PS: I just saw your other mail where you write that catalyst is working fine. I expected that much. So sdb is again the most suspicious line reported by dmesg. Frederic -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1634361.thzh7cf...@fmarchal.edpnet.be