Re: Email bodies not show anymore in Evolution Email
On May 4, 2023 6:13:04 PM UTC, Cindy Sue Causey wrote: > >The security involvement appears to be that one current fix is to >downgrade which "leaves the user with an unpatched version of WebKit". > >Cindy :) While that wasn't my intention when I wrote it, I'm happy to see the rush of attention that got this issue resolved for everyone. Excellent job Debian team! -Jim P.
Re: LF (was Re: CR/LF)
On Sun, 2022-12-11 at 22:29 +, debian-u...@howorth.org.uk wrote: > > > The important bit of my email was actually the bit you've omitted :) Apologies, I believe it's proper netiquette to trim email posts to the most relevant of parts. It makes it much better for the archive. Here is what the "important bit" of your email stated: >>> Also very odd how yours works. Strange how different people's minds >>> work in somewhat different ways, and usually wise to take account of >>> that, especially when you're the one asking for help. -Jim P.
Re: LF (was Re: CR/LF)
On Sun, 2022-12-11 at 21:22 +, debian-u...@howorth.org.uk wrote: > > > You're misunderstanding what Greg's saying, again. He's not saying you > were given working solutions three times, he's saying you were told at > least three times that echo without -n will always produce a newline. I believe that I have made it very clear, yesterday[1], that using or not using -n was not an option for my use-case because it produced inconsistent results depending on the cmd output. To claim that I did not, and do not, know that is disingenuous. 1. https://lists.debian.org/debian-user/2022/12/msg00277.html
Re: CR/LF
On Sun, 2022-12-11 at 11:46 -0700, Charles Curley wrote: > On Sun, 11 Dec 2022 11:48:36 -0500 > Jim Popovitch wrote: > > > Ahh, sorry for using a descriptive acronym that I have used for > > decades to define an end-of-line. Whether it's in-fact a CR/LF, or > > just a LF, doesn't really change the original question about the > > addition of a end- of-line being inserted into the $TEST variable. > > The fact that it affected someone so much is quite impressive. > > Actually, it does change the meaning — for someone who did not know > that you meant it as a symbol, and took it as a literal. Precision > helps in technical communications. Unfortunately, one cannot always > correctly anticipate how others will take one's words. > I agree. For my original question "Why does this produce a CR/LF", it makes sense, to me, for the feedback to be "Tt doesn't produce a CR/LF it only produces a LF". Note: only 1 person got hung-up on the CR/LF vs LF, everyone else knew exactly what I was looking for. Fortunately/Unfortunately, Greg eventually saw this and did respond with a well detailed and great answer (to use a temp file). -Jim P.
Re: CR/LF
On Sun, 2022-12-11 at 18:53 +0100, to...@tuxteam.de wrote: > On Sun, Dec 11, 2022 at 11:48:36AM -0500, Jim Popovitch wrote: > > [...] > > > Ahh, sorry for using a descriptive acronym that I have used for decades > > to define an end-of-line. Whether it's in-fact a CR/LF, or just a LF, > > doesn't really change the original question [...] > > No, but it confuses the hell out of potential helpers. I went "what, a > CR? I'll have to think more about that", which might close the window > I can set aside to field questions. > > It's difficult to explain, but asking questions also involves some > pedagogical skills: you want to express your problem as concisely, but > still as precisely as possible: you "owe" that to the folks who take > the time to (a) try to understand your question and (b) try to formulate > an answer in a way that you (hopefully) can understand it. > > Communications, protocols. Sure, of course, all of that makes sense. But lets be honest, how many perfectly asked questions are there, esp on a user support list? Don't get me wrong, everyone should strive for perfection, but to demand it of others is just off the mark. -Jim P.
Re: LF (was Re: CR/LF)
On Sun, 2022-12-11 at 12:48 -0500, Greg Wooledge wrote:
> On Sun, Dec 11, 2022 at 11:48:23AM -0500, Jim Popovitch wrote:
> > On Sun, 2022-12-11 at 08:54 -0500, Greg Wooledge wrote:
> > > On Sun, Dec 11, 2022 at 08:16:35AM +0100, to...@tuxteam.de wrote:
> > > > That said. Greg, I was also shaken by your roaring tone.
> > >
> > > Yeah, well, he was told the same thing, repeatedly, by multiple people,
> > > and somehow he managed to ignore every single instance of it.
> >
> > That is not true at all.
>
> <https://lists.debian.org/debian-user/2022/12/msg00274.html>:
>
> Try echo -n ${TEST} at the end.
My reply, from yesterday, to that is here:
https://lists.debian.org/debian-user/2022/12/msg00277.html
>
> <https://lists.debian.org/debian-user/2022/12/msg00275.html>:
>
> The second echo command (the local one) produces a newline. Since you
> did not give it any parameters, that's all it produces.
In that same email you stated "It does not produce a carriage return,
unless you're on Windows." and I knew I wasn't on Windows so that
couldn't be the issue. At that time I did not know that it was
impossible for you to incorrectly assume that someone else was doing
someone different than what you knew them to be doing. :)
>
> <https://lists.debian.org/debian-user/2022/12/msg00279.html>:
>
> Because the second echo in the first line does not have a -n.
>
> All the ssh stuff is superfluous.
>
I did read that email yesterday, and as with the earlier one, the -n was
not a workable solution. Nit: It is quite telling that Charles
mentioned the superfluous text, which you quoted above, Greg, yet you
were also bemoaning around the same time saying "I'm waiting for the
question to change, and then that one will be relevant". It's like no
question is good enough for some folks on debian-user@. I'll note that
my question remains unchanged, and a workable answer has been provided.
>
> Those are the direct responses to your initial message. I didn't even
> have to go beyond the first layer of replies to get THREE instances of
> people telling you the SAME thing -- that your "extra newline" was being
> produced by your echo command.
As you can see above, I had already read and responded appropriately,
yesterday. Read on for details of the solution that does work.
>
> I'm fairly sure there are more instances in the next layers of replies.
Please do share if you are certain they exist.
>
> All of them are telling you the SAME THING. You just can't hear it.
>
Nice, more snark. I'll say it the final time, so that you can see it,
-n will not work (and I know you know this).
The thing that does work is dumping the output to a TXT file and reading
the TXT file elsewhere (instead of using a variable). You, Greg,
introduced that possible use-case in the very same email where you
berated me for not reading the answers yet. Very odd how your head
works. ;)
All the best,
-Jim P.
Re: CR/LF
On Sun, 2022-12-11 at 07:04 -0700, Charles Curley wrote: > On Sat, 10 Dec 2022 23:16:12 -0500 > Jim Popovitch wrote: > > > > There is still no CR. At all. Ever. This is not Microsoft > > > Windows. > > > > Why would you assume Windows is involved? This is about running cmds > > from Debian 11 to Debian 11. > > Because you originally asked about a CR/LF (carriage return, and line > feed) sequence. That is a Windows end-of-line indicator. Linux indicates > end of line with LF only. Macs, I believe, use CR only. So you brought > in the Windows-ism, not Greg Wooledge. Ahh, sorry for using a descriptive acronym that I have used for decades to define an end-of-line. Whether it's in-fact a CR/LF, or just a LF, doesn't really change the original question about the addition of a end- of-line being inserted into the $TEST variable. The fact that it affected someone so much is quite impressive. -Jim P.
Re: LF (was Re: CR/LF)
On Sun, 2022-12-11 at 08:54 -0500, Greg Wooledge wrote: > On Sun, Dec 11, 2022 at 08:16:35AM +0100, to...@tuxteam.de wrote: > > That said. Greg, I was also shaken by your roaring tone. > > Yeah, well, he was told the same thing, repeatedly, by multiple people, > and somehow he managed to ignore every single instance of it. That is not true at all. The closest truth to that is your reply to David Wright[1]. The other email[2], from that same time frame, was about using '-n', the third, unrelated, email[3] was general pontification (e.g. WOW, THAT WAS FAST!) by some guy who got tripped up by the nuanced differences between LF and CR/LF. Still, the best info did came from you Greg, eventually, but it's the same email that Tomas is questioning your roaring tone. So was your roaring toned email, where you provided the helpful answer, the cause of your own frustration? Or do you know of any other relevant emails that exist from that time frame that I don't link below? > It's rather frustrating. Indeed, indeed it is. -Jim P. 1. https://lists.debian.org/msgid-search/y5vjboee9z7nz...@wooledge.org 2. https://lists.debian.org/msgid-search/y5vcdyoejroqk...@axis.corp 3. https://lists.debian.org/msgid-search/y5vkkhxhqgt8e...@wooledge.org
Re: CR/LF
On Sat, 2022-12-10 at 23:44 -0500, Greg Wooledge wrote:
> On Sat, Dec 10, 2022 at 11:16:12PM -0500, Jim Popovitch wrote:
> > On Sat, 2022-12-10 at 22:10 -0500, Greg Wooledge wrote:
> > > On Sat, Dec 10, 2022 at 10:07:48PM -0500, Jim Popovitch wrote:
>
> > > > > > Why does this produce a CR/LF
>
> > > There is still no CR. At all. Ever. This is not Microsoft Windows.
> >
> > Why would you assume Windows is involved? This is about running cmds
> > from Debian 11 to Debian 11.
>
> Then there is no CR/LF. There is only LF.
>
> > > So... what are you actually trying to do?
> >
> > Run cmds on a remote system, that is captured locally in a variable,
> > where said cmds may or may not produce output.
>
> OK. You have a few choices:
>
> 1) Throw away the notion that you can store the output in a variable, and
> store it in a file instead. This is the simplest and safest thing to
> do. If the command produces binary data (including NUL bytes), it's
> not possible to store it directly in a shell variable. But it can
> always be stored in a file.
>
> Redirection to a file also dodges all the insane issues of data
> modification that you get with the other choices.
>
> 2) Use a command substitution. This has two issues:
>
> a) It cannot handle binary data -- only text.
> b) All trailing newlines will be stripped by the command substitution.
>
> If you're certain the output will be text, but you need to preserve
> the correct number of newlines in the output, then the standard
> workaround is to append a fixed character to the stream, and remove
> it afterward:
>
> myvar=$(ssh whatever; printf x)
> myvar=${myvar%x}
>
> That preserves the output stream in its original form.
>
> 3) Pipe the command through something like base64, and use a command
> substitution to store the base64 encoded data stream in the shell
> variable.
>
> Then use base64 -d (or whatever inverts your choice of encoding) when
> you need to use the data.
>
Thanks, all of that is very informative and certainly nothing like the
rants and ravings of a senile old man. :)
> > Taking $() out of the equation doesn't change the result. The following
> > will add a CR/LF:
>
> THERE IS NO CR!
>
> > TEST=`ssh -o LogLevel=QUIET -t user@server "echo -n ''"`; echo ${TEST}
>
> COMMAND SUBSTITUTION REMOVES ALL TRAILING NEWLINES.
>
> IT DOES NOT MATTER WHETHER YOU USE THE MODERN $() OR THE ANCIENT AND
> DEPRECATED BACKTICKS.
>
> YOU ARE **STILL** FAILING TO QUOTE CORRECTLY!
>
> YOU ARE **STILL** USING echo WHICH ADDS A NEWLINE AND THEN WONDERING WHY
> A NEWLINE IS ADDED.
>
> I'm done. Continuing the self-abuse of attempting to help you
> is going to be pointless, so please read the answers you've already
> been given. I won't give you any more.
>
welp.
Hope you have a good day tomorrow,
-Jim P.
Re: CR/LF
On Sat, 2022-12-10 at 22:10 -0500, Greg Wooledge wrote:
> On Sat, Dec 10, 2022 at 10:07:48PM -0500, Jim Popovitch wrote:
> > On Sat, 2022-12-10 at 20:35 -0600, David Wright wrote:
> > > On Sat 10 Dec 2022 at 21:01:29 (-0500), Jim Popovitch wrote:
> > > > Why does this produce a CR/LF
> > > >
> > > > ~$ TEST=$(ssh -o LogLevel=QUIET -t user@server "echo -n ''"); echo
> > > > ${TEST}
> > >
> > > Try echo -n ${TEST} at the end.
> >
> > Thanks, that works if the remote cmd produces no output, but if the
> > remote cmd produces output than the -n strips the intentional CR/LF.
>
> WOW, THAT WAS FAST!
There's really no need for snark.
>
> We have now reached the point where the question has changed,
No, it's still the same question, perhaps the reader is reading the
question differently now?
> so that the newline-stripping behavior of the $() command substitution is
> relevant.
Thanks, that's been the relevant part all along.
> There is still no CR. At all. Ever. This is not Microsoft Windows.
Why would you assume Windows is involved? This is about running cmds
from Debian 11 to Debian 11.
>
> So... what are you actually trying to do?
>
Run cmds on a remote system, that is captured locally in a variable,
where said cmds may or may not produce output. If the remote cmd does
not produce any output then there shouldn't be any output, e.g. CR/LF,
returned.
Taking $() out of the equation doesn't change the result. The following
will add a CR/LF:
TEST=`ssh -o LogLevel=QUIET -t user@server "echo -n ''"`; echo ${TEST}
Using -n on the 2nd echo would remove a necessary CR/LF on any remote
cmd that did produce output.
-Jim P.
Re: CR/LF
On Sat, 2022-12-10 at 20:35 -0600, David Wright wrote:
> On Sat 10 Dec 2022 at 21:01:29 (-0500), Jim Popovitch wrote:
> > Why does this produce a CR/LF
> >
> > ~$ TEST=$(ssh -o LogLevel=QUIET -t user@server "echo -n ''"); echo ${TEST}
>
> Try echo -n ${TEST} at the end.
Thanks, that works if the remote cmd produces no output, but if the
remote cmd produces output than the -n strips the intentional CR/LF.
-Jim P.
CR/LF
Why does this produce a CR/LF
~$ TEST=$(ssh -o LogLevel=QUIET -t user@server "echo -n ''"); echo ${TEST}
whilst this same command does not:
~$ ssh -o LogLevel=QUIET -t user@server "echo -n ''"
tia,
-Jim P.
Re: Changes in the syslog date format?
On Sat, 2022-11-05 at 11:34 +0100, local10 wrote: > Nov 5, 2022, 09:55 by scdbac...@gmx.net: > > > Hi, > > > > local10 wrote: > > > > > Any ideas as to get the old syslog date format back? > > > > > > > The internet points to /etc/rsyslog.conf and in there: > > > > # > > # Use traditional timestamp format. > > # To enable high precision timestamps, comment out the following line. > > # > > $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat > > > > > Doesn't seem to work for me. Didn't work for me earlier. To fix this I had to add $template normal,"<%PRI%>%TIMESTAMP% %syslogtag%%msg%" Who thought of adding "[localhost]" in the middle of all new syslog lines, and why didn't they coordinate with the logcheck team? -Jim P.
Re: TCP: tcp_parse_options: Illegal window scaling value 15 > 14 received
On Wed, 2022-09-07 at 12:37 -0600, Casey Deccio wrote: > > > On Sep 7, 2022, at 11:46 AM, Jim Popovitch wrote: > > > > I saw some much of the verbose '15 > 14' logs that I just decided to > > net.ipv4.tcp_window_scaling=0 and be done with it. Cleared up the > > noise, haven't noticed any problems since. ymmv. > > Sounds like you've seen a non-trivial amount of this? > > Disabling window scaling with net.ipv4.tcp_window_scaling=0 will "fix" > the logs, but of course, it will also disable window scaling, which > means that you are limiting the size of your congestion window to > 64KB. This effectively limits the throughput of TCP sessions over > "long, fat pipes". Yep. I don't own/run/maintain anything on fat pipes, just destinations such as webservers, email servers, and dns servers for mailinglists. If the bandwidth for them is now capped at 2MBs, that's ok in my book. The notion that everything needs to support 10Gb interfaces and terabyte sized hardware is just not realistic. -Jim P.
Re: TCP: tcp_parse_options: Illegal window scaling value 15 > 14 received
On Wed, 2022-09-07 at 11:09 -0600, Casey Deccio wrote: > Hi Michael, > > > On Sep 7, 2022, at 5:49 AM, Michael Grant wrote: > > > > I'm seeing this error over and over in /var/log/messages: > > > > Sep 6 05:02:42 hostname kernel: [408794.655182] TCP: tcp_parse_options: > > Illegal window scaling value 15 > 14 received > > Sep 6 05:02:43 hostname kernel: [408794.830639] TCP: tcp_parse_options: > > Illegal window scaling value 15 > 14 received > > Sep 6 05:02:43 hostname kernel: [408794.960811] TCP: tcp_parse_options: > > Illegal window scaling value 15 > 14 received > > Sep 6 05:02:43 hostname kernel: [408795.180464] TCP: tcp_parse_options: > > Illegal window scaling value 15 > 14 received > > > > I've not been able to find much about these messages by searching, > > nothing useful is coming up. Is anyone else seeing something like > > this? > > This is consistent with RFC 7323, Section 2.3 [1], which states: > > "If a > Window Scale option is received with a shift.cnt value larger than > 14, the TCP SHOULD log the error but MUST use 14 instead of the > specified value." > > > Is this some sort of attack? > > I am not sure. But the purpose of keeping the window scale below 15 is to > "insure that new data is never mistakenly considered old and vice versa" [1]. > In any case, it seems to me that 1) your kernel appears to be handling it > properly (hence the logs) and 2) even if it weren't, it doesn't *seem* like a > problem for the server as much as for the entity that wanted the data. Just > my $0.02. > > Interestingly, I happen to have some software using different window scale > values in its interactions with Internet servers. I just yesterday > discovered a bug which was occasionally allowing 15 to be used as a window > scale value, and I have corrected that. I don't know if my software was > responsible for the log messages that Michael observed, but I have reached > out off-list to investigate. > I saw some much of the verbose '15 > 14' logs that I just decided to net.ipv4.tcp_window_scaling=0 and be done with it. Cleared up the noise, haven't noticed any problems since. ymmv. -Jim P.
Re: where does `hostname -f` derive the domainname from?
On Tue, 2022-06-28 at 10:10 -0400, Michael Stone wrote: > On Sun, Jun 26, 2022 at 04:59:26PM -0400, Jim Popovitch wrote: > > That was the problem. The bullseye-only system had an /etc/hosts entry > > without a FQDN. I removed that and it uses the one in DNS. > > It's generally better to add the FQDN to /etc/hosts instead, to cut down > on DNS queries for the local hostname. In one scenario, sure. There are plenty of other scenarios where doing that doesn't make sense. For example, that bullseye system was one of 20 containers that are spun up from one or more templates with a set of stock config files (one of which is /etc/hosts). -Jim P.
Re: where does `hostname -f` derive the domainname from?
On Sun, 2022-06-26 at 16:52 -0400, Greg Wooledge wrote: > Both sections are vague and murky about what happens if you *don't* have > an entry for your hostname in /etc/hosts. > > Fortunately, Debian adds a line exactly like this in /etc/hosts, for > your hostname with your "DNS domain name" (the one you specified during > installation) attached. So you rarely ever have to worry about what > happens if this entry is missing. That was the problem. The bullseye-only system had an /etc/hosts entry without a FQDN. I removed that and it uses the one in DNS. Thanks for the very thoughtful and detailed insight Greg. -Jim P.
where does `hostname -f` derive the domainname from?
where does `hostname -f` derive the domainname from? I have 2 systems, the first was buster --> bullseye with /etc/hostname containing "oscar" and `hostname -f` returning "oscar.domain.tld". The second system is a clean install of bullseye with /etc/hostname containing "felix". On this system `hostname -f` returns "felix". DNS for both systems have FQDN entries. Where should the domainname be set in a clean fresh install of bullseye? tia, -Jim P.
Re: grep: show matching line from pattern file
On Sat, 2022-05-28 at 17:11 -0400, Greg Wooledge wrote:
> On Sat, May 28, 2022 at 04:02:39PM -0400, The Wanderer wrote:
> > On 2022-05-28 at 15:40, Jim Popovitch wrote:
> > > I have a file of regex patterns and I use grep like so:
> > >
> > > ~$ grep -f patterns.txt /var/log/syslog
> > >
> > > What I'd like to get is a listing of all lines, specifically the line
> > > numbers of the regexps in patterns.txt, that match entries in
> > > /var/log/syslog. Is there a way to do this?
> >
> > I don't know of a standardized way to do that (if anyone else wants to
> > suggest one, I'm open to learn), but of course it *can* be done, via
> > scripting. Off the top of my head, I came up with the following
> >
> > for line in $(seq 1 $(wc -l patterns.txt | cut -d ' ' -f 1)) ; do
> > if grep $(head -n $line patterns.txt | tail -n 1) /var/log/syslog >
> > /dev/null ; then
> > echo $line ;
> > fi
> > done
>
> The quoting here is... completely absent (and that's extremely bad), but
> also importantly, one would ideally like to avoid running grep a thousand
> times, especially if the target logfile is large.
>
> I believe this is the kind of job for which perl is well-suited. I'm not
> great at perl, but I'll give it a shot.
>
> Here's a version with some extra information as output, so I can verify
> that it's doing something reasonably close to correct:
>
>
> #!/usr/bin/perl
> use strict; use warnings;
>
> my @patlist;
> open PATS, " chomp(@patlist = );
> close PATS;
>
> while (<>) {
> chomp;
> for (my $i = 0; $i <= $#patlist; $i++) {
> print "$i|$patlist[$i]|$_\n" if /$patlist[$i]/;
> }
> }
>
>
> Now, to test it, we need a patterns.txt file:
>
>
> unicorn:~$ cat patterns.txt
> PATH
> HOME|~
> a...e
>
>
> And an input (log) file:
>
>
> unicorn:~$ cat file
> zebra
> Home, home on the range.
> Oops, I meant HOME on the range.
>
> applesauce
>
>
> And here's what it does:
>
>
> unicorn:~$ ./foo file
> 1|HOME|~|Oops, I meant HOME on the range.
> 2|a...e|applesauce
>
>
> Pattern numbers 1 and 2 (the second and third, since it starts at 0) were
> matched, so we have a line for each of those.
>
> If that's kinda what you wanted, then you can adjust this to do precisely
> what you wanted. It shouldn't take a lot of work, I hope. Well, I guess
> that depends on what you really want.
>
> Bash is not well-suited to this task, and even if we were to take The
> Wanderer's script and fix all the issues in it, it would still be a
> vastly inferior solution. Some tools are just not meant for some jobs.
>
Thanks Greg, that is exactly what I needed, and double thanks for the
details in explaining it, etc.
-Jim P.
grep: show matching line from pattern file
Not exactly Debian specific, but hoping that someone here can help. I have a file of regex patterns and I use grep like so: ~$ grep -f patterns.txt /var/log/syslog What I'd like to get is a listing of all lines, specifically the line numbers of the regexps in patterns.txt, that match entries in /var/log/syslog. Is there a way to do this? -Jim P.
Re: email lacks sender address
On Mon, 2022-04-25 at 10:16 +0900, 황병희 wrote: > Haines Brown writes: > > > (... thanks ...) > > 521 5.5.1 Protocol error (154.24 ms) > > Unverified address > > > > I reconfigured exim4 and it has no problem. > > > > Or you try with sSMTP, very easy! sSMTP doesn't support or retry multiple servers, and it doesn't respect nsswitch.conf settings. -Jim P.
Re: OT EU-based Cloud Service
On Fri, 2022-03-18 at 09:27 -0300, Eduardo M KALINOWSKI wrote: > On 18/03/2022 04:37, Byung-Hee HWANG wrote: > > Very long time i did googling for searching EU-based Cloud Service. But > > i did fail. So i ask here Debian users. Because here Debian users looks > > like to know good place, EU-based Cloud. > > Both Linode (https://www.linode.com) and Digital Ocean > (https://www.digitalocean.com) have EU datacenters. > YSK, Hertzner, Linode and Digital Ocean all have had and may continue to have issues with sending emails from their networks. Discussion of that is not on-point for this list, but if want to learn more checkout the MailOP list at: https://list.mailop.org/listinfo/mailop -Jim P.
Re: [SUMMARY STATEMENT] Was: Re: Why did Norbert Preining (having maintained KDE) left Debian?
On Sun, 2022-01-23 at 21:34 +0100, local10 wrote: > Jan 23, 2022, 20:12 by deb...@polynamaude.com: > > > You'd leave because you have to be held responsible for your actions ? > > > > What actions? Based on the message ( > https://lists.debian.org/debian-project/2019/01/msg00186.html ) it looks like > they came up with the verdict first and then started to look for > "evidence/actions" to justify the verdict. Pretty pathetic if you ask me but > whatever. > > Regards, > You're reading it wrong. Ian was not part of the decision. -Jim P.
Re: Why is Debian not telling the truth about its security fixes?
On Sat, 2022-01-22 at 14:23 +0100, max wrote: > > WHY IS DEBIAN NOT TELLING THE TRUTH ABOUT ITS SECURITY FIXES? > I was interested, until I realized your Medium post is that Google Chrome is not updated fast enough by Debian. -Jim P.
Re: How to rotate then save a PDF document?
On Tue, 2022-01-11 at 08:37 -0600, Richard Owlett wrote: > I use MATE and thus use Atril as viewer. > Typically I have no need to modify PDF documents. > I received a reading a long reading list which needs to be rotated left > to be read. Atril rotates it but does not save it as rotated. > > What's the simplest tool to permanently rotate that specific document? > TIA > PDF Arranger https://packages.debian.org/search?keywords=pdfarranger -Jim P.
Re: Privacy and defamation of character on Debian public forums
On Fri, 2021-09-24 at 13:37 -0400, Chuck Zmudzinski wrote: > Who would hire me if they read what is now being said about me by Andy Smith, > et. al. on Debian's web pages. Lots of people. Anyone who would not hire you based on your bug report, or what others have said about you and your but report, are not worth being employed by. -Jim P.
Re: How to improve my question in stackoverflow?
On Thu, 2021-09-09 at 16:27 -0600, William Torrez Corea wrote: > Book.cpp:1:10: fatal error: Set: No existe el fichero o el directorio > [closed] First, most folks on tech mailinglists despise HTML email. Second, let me help you help yourself. Go to https://www.debian.org/distrib/packages and near the bottom of the page you can "Search the contents of packages". Select for "packages that contain files named like this" and enter "set.h". You will see a results page with a list of packages that contain that file. Now, if you tell us which version of Debian you are running than someone here can tell you which version of libstdc++ you will need for set.h. hth, -Jim P.
Re: sources.list 's security line
On September 6, 2021 5:05:45 PM UTC, Steve Dondley wrote: > On 2021-09-06 05:53 AM, riveravaldez wrote: > > Hi, > > > > after reading the various sources of documentation (handbook, > > wiki, FAQs, Release Notes, etc.) I think I'm finding myself with > > kinda four options for the security line in /etc/apt/sources.list > > Those being: > > > > deb http://security.debian.org/debian-security bullseye-security main > > > > deb http://security.debian.org bullseye-security main > > > > deb https://deb.debian.org/debian-security bullseye-security main > > > > deb http://security.debian.org testing/updates main > > > > Which would be the right one(s)? > > > > Thanks a lot! > > I can't say for sure whether this is "right" or not but this is what I > have in my sources.list: > > deb http://security.debian.org/debian-security bullseye-security main > deb-src http://security.debian.org/debian-security bullseye-security > main > security.d.o and deb.d.o are both hosted on fastly servers, albeit different sets of servers. What is interesting to me is that the DNS for security.d.o is operated by Debian whereas the DNS for deb.d.o is run by fastly. I'm not sure that it matters but it is a significant difference between the two. -Jim P.
Re: apt-upgrade (Bullseye) shows 1 pkg not upgraded
On Mon, 2021-08-30 at 21:53 +0300, Andrei POPESCU wrote: > On Ma, 10 aug 21, 13:32:09, Jim Popovitch wrote: > > How can I determine what the "1 not upgraded" package might be? > > > > > > ~$ apt-get update > > Hit:1 http://ftp.us.debian.org/debian bullseye InRelease > > Hit:2 http://security.debian.org bullseye-security InRelease > > Hit:3 http://ftp.us.debian.org/debian bullseye-updates InRelease > > Reading package lists... Done > > > > ~$ apt-get upgrade > > Reading package lists... Done > > Building dependency tree... Done > > Calculating upgrade... Done > > 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. > > > > > > ~$ apt-get dist-upgrade > > Reading package lists... Done > > Building dependency tree... Done > > Calculating upgrade... Done > > 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. > > A bit late to the party... > > If pinning is the issue, the definitive place to check that is always > the output of 'apt policy' (with no package)[1]. > > > If that doesn't provide any new information you could ask deity ;) > > https://lists.debian.org/deity/ > > > [1] It's also a very good way to check your pinning actually works There was nothing pinned, but the issue did go away sometime in the week before Bullseye was released. I'm convinced it was a mirror/cache issue. -Jim P.
Re: zoom client for bullseye
On Sun, 2021-08-22 at 14:47 -0400, Greg Wooledge wrote: > On Sun, Aug 22, 2021 at 02:37:30PM -0400, Jim Popovitch wrote: > > On Sun, 2021-08-22 at 14:17 -0400, Thomas George wrote: > > > The zoom client downloaded from the zoom web page seems to have been > > > written for Debian 8 > > > > > > Installing it in bullseye fails, dependency problems > > > > > > > Works for me (Deb11 + Cinnamon). IIRC, after running dpkg -i zoom.deb > > you need to run "apt-get -f install" to fix the dependencies. > > If that's true, then you could simply use "apt install ./zoom*.deb" in > the first place. It's undocumented, but it has been a thing for several > years now. ntk, Thanks! -Jim P.
Re: zoom client for bullseye
On Sun, 2021-08-22 at 14:17 -0400, Thomas George wrote: > The zoom client downloaded from the zoom web page seems to have been > written for Debian 8 > > Installing it in bullseye fails, dependency problems > Works for me (Deb11 + Cinnamon). IIRC, after running dpkg -i zoom.deb you need to run "apt-get -f install" to fix the dependencies. hth, -Jim P.
Re: Wishing for an off-topic mail list with debian-user participants (or most of them) (was: Re: On improving mailing list [was: How to Boot Linux ISO Images Directly From Your Hard Drive Debian])
On Thu, 2021-08-19 at 07:23 +0100, Jonathan Dowland wrote: > I've been subscribed to this list for a long time and I've seen a > change in how it is being used, which I think is harmful to its core > purpose 100% agree. I'm another long time subscriber here and this is just bonkers lately. The noise has surpassed the signal for at least the last 6 months. Trying times perhaps, but geeze this is not a good image to present to new Debian users. -Jim P.
Re: apt-upgrade (Bullseye) shows 1 pkg not upgraded
On Tue, 2021-08-10 at 18:59 -0400, Greg Wooledge wrote: > On Wed, Aug 11, 2021 at 08:27:03AM +1000, David wrote: > > On Wed, 11 Aug 2021 at 03:32, Jim Popovitch wrote: > > > > > apt-upgrade (Bullseye) shows 1 pkg not upgraded > > > > > How can I determine what the "1 not upgraded" package might be? > > > > Hi, I dunno if this message will be of any use, because other > > suggestions indicate that this might be due to pinning or other > > issues that I have no knowledge of. > > The OP claimed they have nothing pinned, but presented no evidence to > support this claim. Perhaps they thought that because they didn't > explicitly *pin* anything themselves, there must not be anything > pinned on their system. So why bother looking? > > They should at least look. I did. > > grep -ri pin /etc/apt That's exactly how I did look. > > would be a reasonable starting point. > > (Also, catting /etc/apt/sources.list is not sufficient to show the > absence of third-party repositories. There's also a sources.list.d > directory.) If there was anything in sources.list.d I would have showed it. Absence of absence is something no one should ponder. -Jim P.
Re: apt-upgrade (Bullseye) shows 1 pkg not upgraded
On Tue, 2021-08-10 at 20:03 +0200, john doe wrote: > On 8/10/2021 7:57 PM, Jim Popovitch wrote: > > On Tue, 2021-08-10 at 19:49 +0200, john doe wrote: > > > On 8/10/2021 7:32 PM, Jim Popovitch wrote: > > > > How can I determine what the "1 not upgraded" package might be? > > > > > > > > > > > > ~$ apt-get update > > > > Hit:1 http://ftp.us.debian.org/debian bullseye InRelease > > > > Hit:2 http://security.debian.org bullseye-security InRelease > > > > Hit:3 http://ftp.us.debian.org/debian bullseye-updates InRelease > > > > Reading package lists... Done > > > > > > > > ~$ apt-get upgrade > > > > Reading package lists... Done > > > > Building dependency tree... Done > > > > Calculating upgrade... Done > > > > 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. > > > > > > > > > > > > ~$ apt-get dist-upgrade > > > > Reading package lists... Done > > > > Building dependency tree... Done > > > > Calculating upgrade... Done > > > > 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. > > > > > > > > > > $ apt-get -sV full-upgrade > > > > > > > > > -s = simulate > > > -V = verbose > > > > Thanks, unfortunately still nothing. :( > > > > ~$ apt-get -sV full-upgrade > > Reading package lists... Done > > Building dependency tree... Done > > Calculating upgrade... Done > > 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. > > > > > > I'm beginning to wonder if this is just a bug in apt-get, I know of > > nothing on this small server that has a pending upgrade. > > > > As the cmd works for me I'm not sure this is a bug in 'apt-get' but > maybe a pkg on 'hold'. No pining, nothing on hold that I can see, no custom config, etc. apt- get works for me, i can install and --purge remove, etc, just that one dangling "not upgraded" status that befuddles me. Thanks, -Jim P.
Re: apt-upgrade (Bullseye) shows 1 pkg not upgraded
On Tue, 2021-08-10 at 14:00 -0400, Greg Wooledge wrote: > On Tue, Aug 10, 2021 at 01:57:13PM -0400, Jim Popovitch wrote: > > ~$ apt-get -sV full-upgrade > > Reading package lists... Done > > Building dependency tree... Done > > Calculating upgrade... Done > > 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. > > Have you tried Google yet? > > https://unix.stackexchange.com/questions/615676/0-upgraded-0-newly-installed-0-to-remove-and-1-not-upgraded-how-can-i-upgrade > > https://www.linuxquestions.org/questions/debian-26/%271-package-not-upgraded%27-conundrum-4175620661/ > > Perhaps one of those will point the way. (What do you have pinned, > and what third-party repositories do you have configured?) > Nothing pinned. I did see the first link you posted, but not the 2nd one, although neither seems to apply to what I'm experiencing. No pinning, no custom apt settings, etc. $ cat /etc/apt/sources.list deb [trusted=yes] http://ftp.us.debian.org/debian bullseye main deb [trusted=yes] http://ftp.us.debian.org/debian bullseye-updates main deb [trusted=yes] http://security.debian.org bullseye-security main $ apt-get clean && apt-get update && apt-get upgrade && apt-get -sV full-upgrade Hit:1 http://security.debian.org bullseye-security InRelease Hit:2 http://ftp.us.debian.org/debian bullseye InRelease Hit:3 http://ftp.us.debian.org/debian bullseye-updates InRelease Reading package lists... Done Reading package lists... Done Building dependency tree... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. Reading package lists... Done Building dependency tree... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. Thanks for at least offering suggestings, etc. -Jim P.
Re: apt-upgrade (Bullseye) shows 1 pkg not upgraded
On Tue, 2021-08-10 at 19:49 +0200, john doe wrote: > On 8/10/2021 7:32 PM, Jim Popovitch wrote: > > How can I determine what the "1 not upgraded" package might be? > > > > > > ~$ apt-get update > > Hit:1 http://ftp.us.debian.org/debian bullseye InRelease > > Hit:2 http://security.debian.org bullseye-security InRelease > > Hit:3 http://ftp.us.debian.org/debian bullseye-updates InRelease > > Reading package lists... Done > > > > ~$ apt-get upgrade > > Reading package lists... Done > > Building dependency tree... Done > > Calculating upgrade... Done > > 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. > > > > > > ~$ apt-get dist-upgrade > > Reading package lists... Done > > Building dependency tree... Done > > Calculating upgrade... Done > > 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. > > > > $ apt-get -sV full-upgrade > > > -s = simulate > -V = verbose Thanks, unfortunately still nothing. :( ~$ apt-get -sV full-upgrade Reading package lists... Done Building dependency tree... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. I'm beginning to wonder if this is just a bug in apt-get, I know of nothing on this small server that has a pending upgrade. -Jim P.
Re: apt-upgrade (Bullseye) shows 1 pkg not upgraded
On Tue, 2021-08-10 at 12:37 -0500, Lance Simmons wrote: > apt list --upgradeable :( ~$ apt list --upgradeable Listing... Done Thanks for suggesting that though. -Jim P.
apt-upgrade (Bullseye) shows 1 pkg not upgraded
How can I determine what the "1 not upgraded" package might be? ~$ apt-get update Hit:1 http://ftp.us.debian.org/debian bullseye InRelease Hit:2 http://security.debian.org bullseye-security InRelease Hit:3 http://ftp.us.debian.org/debian bullseye-updates InRelease Reading package lists... Done ~$ apt-get upgrade Reading package lists... Done Building dependency tree... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. ~$ apt-get dist-upgrade Reading package lists... Done Building dependency tree... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. -Jim P.
Re: suppress interactive messages at upgrade
On Thu, 2021-07-29 at 20:25 +0300, IL Ka wrote: > > > > is there a more clever way than running aptitude/apt-get with the > > tags "-yq", > > when I want to suppress interactive messages at upgrade? > > > > > > try > sudo DEBIAN_FRONTEND=noninteractive apt-get -yq install [packagename] > I use: export LANG=C; export DEBIAN_FRONTEND=noninteractive; apt-get -qq update && apt-get -qq -y upgrade -o=Dpkg::Use-Pty=0 hth, -Jim P.
Re: Please help to test latest Debian 11 release candidate on real hardware
On Sat, 2021-07-24 at 23:14 +0300, Andrey Ponomarenko wrote: > Hello! > > Let's help developers to test upcoming Debian version 11 by filling > out the community-driven list of tested hardware configurations: > https://github.com/linuxhw/TestCoverage/tree/master/Dist/Debian_11 > > The development team only has a limited set of hardware for tests, but > I'm sure we can find almost any configuration in the community. Anyone > can easily add their computers / laptops or servers info to the list > using the package https://packages.debian.org/bullseye/hw-probe. > > You can download Debian 11 release candidate on the page > https://www.debian.org/devel/debian-installer/. > > Andrey > Why isn't this on Salsa instead of a Microsoft site? -Jim P.
Re: Best remote client+server setup for ~10 users?
On Thu, 2021-06-03 at 07:14 -0400, Dan Ritter wrote: > Jim Popovitch wrote: > > On June 2, 2021 11:06:29 PM UTC, Dan Ritter wrote: > > > Jim Popovitch wrote: > > > > I need a FOSS remote desktop solution for around 10 users, back to a > > > > central server. The client connections will be broadband over OpenVPN > > > > with an avg latency of 45ms (WFH). > > > > > > > > > > I'm going to assume you have a reasonably powerful Debian server > > > as the host for these 10 remote desktops. > > > > > > What can you tell us about the client machines? > > > > > > Also, are you locked into OpenVPN for some reason? > > > > > > -dsr- > > > > > > > Clients are the mostly Ubuntu, Debian, but 2 are Win10. Server is a beefy > > Debian VDS, this is shared dev environment. I thougt about using SSH > > tunnels, what other options are there? > > You could, should, consider Wireguard. > > - It's faster (less overhead) than OpenVPN > - Config requirements are similar to SSH, rather than OpenVPN > - Easier to add/drop clients than OpenVPN > - Available for all the OSs you mention, and will be in-kernel > in the next major revisions > > You can use any of the remote desktop protocols over the > pseudo-ethernet interface that Wireguard creates. X11, VNC, > Spice, RDP... > > xserver-xspice might be the right choice here. Debian and Ubuntu > have virt-viewer clients for spice, Windows and other OS have > clients here: https://www.spice-space.org/download.html Thanks for that Dan, that experienced feedback is exactly what I was looking for. -Jim P.
Re: Best remote client+server setup for ~10 users?
On Wed, 2021-06-02 at 21:51 -0400, Polyna-Maude Racicot-Summerside wrote: > Hi, > > On 2021-06-02 7:49 p.m., Jim Popovitch wrote: > > On June 2, 2021 11:06:29 PM UTC, Dan Ritter > > wrote: > > > Jim Popovitch wrote: > > > > I need a FOSS remote desktop solution for around 10 users, back > > > > to a central server. The client connections will be broadband > > > > over OpenVPN with an avg latency of 45ms (WFH). > > > > > > > > > > I'm going to assume you have a reasonably powerful Debian server > > > as the host for these 10 remote desktops. > > > > > > What can you tell us about the client machines? > > > > > > Also, are you locked into OpenVPN for some reason? > > > > > > -dsr- > > > > > > > Clients are the mostly Ubuntu, Debian, but 2 are Win10. Server is a > > beefy Debian VDS, this is shared dev environment. I thougt about > > using SSH tunnels, what other options are there? > > > Looking at all you are writing here... As all this seem to be for a > professional environment. I'd suggest you get someone to do it for you > and give you support. I am the support guy, sort of. It's a stretch to say it's for professionals. :) > You seem pretty lost with what you have to get done. It's one thing to > get the solution working but to get it serviced on the long run is > something else. Heh, I've been running internet sites and services since the late 90s, even ran a Debian mirror for a spell back in the Volatile days. Thanks everyone else for your software recommendations, I plan to test some of them soon. -Jim P.
Re: Best remote client+server setup for ~10 users?
On June 2, 2021 11:06:29 PM UTC, Dan Ritter wrote: >Jim Popovitch wrote: >> I need a FOSS remote desktop solution for around 10 users, back to a central >> server. The client connections will be broadband over OpenVPN with an avg >> latency of 45ms (WFH). >> > >I'm going to assume you have a reasonably powerful Debian server >as the host for these 10 remote desktops. > >What can you tell us about the client machines? > >Also, are you locked into OpenVPN for some reason? > >-dsr- > Clients are the mostly Ubuntu, Debian, but 2 are Win10. Server is a beefy Debian VDS, this is shared dev environment. I thougt about using SSH tunnels, what other options are there? -Jim P.
Best remote client+server setup for ~10 users?
I need a FOSS remote desktop solution for around 10 users, back to a central server. The client connections will be broadband over OpenVPN with an avg latency of 45ms (WFH). tia, -Jim P.
Re: Modern best practice for putting a contact email on the web
On Mon, 2021-04-05 at 20:18 -0400, Dan Ritter wrote: > Jim Popovitch wrote: > > On Mon, 2021-04-05 at 19:39 -0400, Dan Ritter wrote: > > With experiences like that, you should be already well on your way to > > taking care of this: > > > > https://www.spamhaus.org/css/removal/record/2600:3c03::f03c:91ff:fe25:c4ae > > > > Your emails keep going into Spam/Bulk folders. :) > > They do that every so often. Spamhaus doesn't like Linode, and I > have a VM there that occasionally forwards mail for me. > > I ask them to unban it, they do, then a few weeks or months > later they blanket-ban Linode again. > > If it were more of an issue for me, I might consider switching. Try sending via ipv4 only to lists.d.o, etc. -Jim P.
Re: Modern best practice for putting a contact email on the web
On Mon, 2021-04-05 at 19:39 -0400, Dan Ritter wrote: > Celejar wrote: > > On Mon, 5 Apr 2021 15:51:28 -0400 > > Dan Ritter wrote: > > > > > > Okay, but why isn't trying to limit spammers getting hold of an address > > > > a logical part of a defense in depth strategy? > > > > > > Because it doesn't work. If it worked as well as, say, moving > > > your SSH port*, I would encourage it. It does not. > > > > Source? Is this your personal experience, or do you have some other > > basis for this? Cloudflare, for example, asserts that: > > > > "Cloudflare Email Address Obfuscation helps in spam prevention by > > hiding email addresses appearing in your pages from email harvesters > > and other bots, while remaining visible to your site visitors." > > Source: experience from being actively involved in the Internet > for 25 years, including time on anti-spam initiatives at BBN and > Akamai, various mail anti-abuse working groups (now > https://www.m3aawg.org/ which I'm not currently involved with > particularly) and running personal and corporate mail servers > for most of that time. With experiences like that, you should be already well on your way to taking care of this: https://www.spamhaus.org/css/removal/record/2600:3c03::f03c:91ff:fe25:c4ae Your emails keep going into Spam/Bulk folders. :) Best wishes, -Jim P.
Re: user unit file
On Fri, 2021-03-05 at 22:45 +0200, Andrei POPESCU wrote: > On Vi, 05 mar 21, 12:53:24, Jim Popovitch wrote: > > Right now I can't get this to work: > > > > ~$ systemctl --user enable Test.service > > Failed to connect to bus: No such file or directory > > To save you some head banging after you fix this... > > > ~$ cat ~/.config/systemd/user/Test.service > > [Unit] > > Description = Test Service > > After = network.target > > > > [Service] > > WorkingDirectory=/home/bob/Test/ > > ExecStart = bash Test.sh > > TimeoutSec=15 > > > > [Install] > > WantedBy=multi-user.target > > ... user units and system units are completely isolated from each other, > so your After= and WantedBy= won't have the expected effect. > > > For WantedBy= you probably want (no pun intended) default.target > instead. > > > This is a hack I'm using to order a user unite after a system unit is > started: > > ExecStartPre=/usr/bin/sh -c 'until systemctl --quiet is-active > network-online.target ; do sleep 1 ; done' > > > Note: you should read on network-online.target in systemd.special(7) if > you intend to follow my example. > > Kind regards, > Andrei Thanks Andrei! -Jim P.
Re: user unit file
On Fri, 2021-03-05 at 14:29 -0500, Greg Wooledge wrote: > Jim Popovitch (j...@k4vqc.com) wrote: > > On Fri, 2021-03-05 at 14:21 -0500, Greg Wooledge wrote: > > > Jim Popovitch (j...@k4vqc.com) wrote: > > > > Ugh. So the solution seems to be to add UsePAM to sshd just to make > > > > systemd work. Not sure that I can get that approved, but I will see. > > > > > > This sounds like an X-Y problem. What are you actually trying to do? > > > > That sounds like an X-Y question. :) > > > > Obviously I'm trying to run a systemd unit file from within a non-root > > env. I apologize if that wasn't obvious. > > Why? What does it do? Why do you need to invoke it this way? What > results are you expecting to achieve? Thanks Greg. -Jim P.
Re: user unit file
On Fri, 2021-03-05 at 14:16 -0500, Jim Popovitch wrote: > On Fri, 2021-03-05 at 13:35 -0500, Greg Wooledge wrote: > > Jim Popovitch (j...@k4vqc.com) wrote: > > > It's a VPS server, I ssh'ed in. No GUI, minimal install to test systemd > > > user unit files. > > > > Apparently you need to configure sshd to use PAM. > > > > > bob@sbc:~$ ps -ef|grep dbus > > > message+ 520 1 0 13:08 ?00:00:00 /usr/bin/dbus-daemon > > > --system --address=systemd: --nofork --nopidfile --systemd-activation -- > > > syslog-only > > > bob 24222413 0 18:14 pts/000:00:00 grep --color=auto dbus > > > bob@sbc:~$ env|grep XDG > > > bob@sbc:~$ systemctl --user status > > > Failed to connect to bus: No such file or directory > > > bob@sbc:~$ > > > > https://bbs.archlinux.org/viewtopic.php?id=234813 > > > > It was my first Google result. > > Ugh. So the solution seems to be to add UsePAM to sshd just to make > systemd work. Not sure that I can get that approved, but I will see. Further data: One also needs dbus-user-session which pulls in libpam- systemd -Jim P.
Re: user unit file
On Fri, 2021-03-05 at 14:21 -0500, Greg Wooledge wrote: > Jim Popovitch (j...@k4vqc.com) wrote: > > Ugh. So the solution seems to be to add UsePAM to sshd just to make > > systemd work. Not sure that I can get that approved, but I will see. > > This sounds like an X-Y problem. What are you actually trying to do? That sounds like an X-Y question. :) Obviously I'm trying to run a systemd unit file from within a non-root env. I apologize if that wasn't obvious. -Jim P.
Re: user unit file
On Fri, 2021-03-05 at 13:35 -0500, Greg Wooledge wrote: > Jim Popovitch (j...@k4vqc.com) wrote: > > It's a VPS server, I ssh'ed in. No GUI, minimal install to test systemd > > user unit files. > > Apparently you need to configure sshd to use PAM. > > > bob@sbc:~$ ps -ef|grep dbus > > message+ 520 1 0 13:08 ?00:00:00 /usr/bin/dbus-daemon > > --system --address=systemd: --nofork --nopidfile --systemd-activation -- > > syslog-only > > bob 24222413 0 18:14 pts/000:00:00 grep --color=auto dbus > > bob@sbc:~$ env|grep XDG > > bob@sbc:~$ systemctl --user status > > Failed to connect to bus: No such file or directory > > bob@sbc:~$ > > https://bbs.archlinux.org/viewtopic.php?id=234813 > > It was my first Google result. Ugh. So the solution seems to be to add UsePAM to sshd just to make systemd work. Not sure that I can get that approved, but I will see. Thx Greg. -Jim P.
Re: user unit file
On Fri, 2021-03-05 at 13:11 -0500, Greg Wooledge wrote: > Jim Popovitch (j...@k4vqc.com) wrote: > > Right now I can't get this to work: > > > > ~$ systemctl --user enable Test.service > > Failed to connect to bus: No such file or directory > > After Googling this error, I suspect that you're either operating in > an environment where the XDG variables are not being set properly, > or else dbus is actually not running. > > How did you get to THAT specific shell, the one where you typed that > command and got that error? Give details. > > In that same shell, what does env | grep XDG give you? > > How about systemctl --user status ? > It's a VPS server, I ssh'ed in. No GUI, minimal install to test systemd user unit files. bob@sbc:~$ ps -ef|grep dbus message+ 520 1 0 13:08 ?00:00:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation -- syslog-only bob 24222413 0 18:14 pts/000:00:00 grep --color=auto dbus bob@sbc:~$ env|grep XDG bob@sbc:~$ systemctl --user status Failed to connect to bus: No such file or directory bob@sbc:~$ Thanks! Any advice/help is much appreciated. -Jim P.
Re: user unit file
On Fri, 2021-03-05 at 18:36 +0100, Sven Hartge wrote: > Jim Popovitch wrote: > > Please be gentle. Searching for this is proving futile. > > How do I enable systemd user (--user) unit files that are maintained in > > a user's home directory at /home/bob/.config/systemd/user/*.service ? > > What do you mean with "enable"? > > "Enable" as in "enable support"? Then everything is enabled. > > Or "enable" as in "enable the unit"? Then "systemctl --user enable > unitname.service" does what you want. > > Or "enable" as in "start at boot"? Then you to enable lingering for the > user via loginctl as root. > Why not, All of the above! :) Right now I can't get this to work: ~$ systemctl --user enable Test.service Failed to connect to bus: No such file or directory ~$ cat ~/.config/systemd/user/Test.service [Unit] Description = Test Service After = network.target [Service] WorkingDirectory=/home/bob/Test/ ExecStart = bash Test.sh TimeoutSec=15 [Install] WantedBy=multi-user.target tia, -Jim P.
user unit file
Please be gentle. Searching for this is proving futile. How do I enable systemd user (--user) unit files that are maintained in a user's home directory at /home/bob/.config/systemd/user/*.service ? tia, -Jim P.
list package version if installed (scriptable)
Hello! What is a script'able way to list a pkg version (or nothing if it is not installed)? +1 for POSIX compatibility. tia, -Jim P.
Re: SSD and HDD
On Sun, 2020-10-11 at 20:25 +0200, Sven Joachim wrote: > On 2020-10-11 13:48 -0400, Jim Popovitch wrote: > > > On Sun, 2020-10-11 at 19:47 +0200, Sven Joachim wrote: > > > "Percentage Used Endurance Indicator" > > > > Where do you see that? > > For a SATA SSD: > > # smartctl -l devstat $SSD > +1 Thanks Sven. -Jim P.
Re: SSD and HDD
On Sun, 2020-10-11 at 19:47 +0200, Sven Joachim wrote: > "Percentage Used Endurance Indicator" Where do you see that? -Jim P.
Re: reset/change hwaddr/mac in a lxc?
On Wed, 2020-09-02 at 11:17 +1200, Richard Hector wrote: > On 1/09/20 11:49 pm, Jim Popovitch wrote: > > On Tue, 2020-09-01 at 17:45 +1200, Richard Hector wrote: > > > On 1/09/20 4:23 am, Jim Popovitch wrote: > > > > Hello! > > > > > > > > lxc-create (Debian Buster) assigns MAC addresses to new containers. > > > > Somehow, 2 new containers (Ubuntu Focal) both got created with the same > > > > MAC/hwaddr. What are my options to change one of them without > > > > hardcoding a hwaddr in a lxc config file? > > > > > > My containers (test system, admittedly stretch on stretch) get new MAC > > > addresses with each boot. Does rebooting (shutdown followed by start) > > > (the container) solve it? > > > > Sadly no. Thanks for suggesting it though. > > > > > It does seem odd that you're getting duplicates though. > > On my system, the container-specific configs 'include' > > /usr/share/lxc/config/debian.common.conf > > (probably ubuntu in your case), which includes > > /usr/share/lxc/config/common.conf > > Has an explicit MAC address config snuck into one of those, or some > other included file, somehow? > > I'd try grepping for the MAC address in places like /usr/share/lxc and > /etc to see if you can figure out where it's coming from or stored. > > Maybe /var/cache/lxc/focal as well? None found. :( It's not a big deal, i ended up rebuilding one of the lxc's that had the dup hwaddr address. I'm still interested in learning how/why the mac/hwaddr is stored in an lxc instance just in case I run into this again. On a physical system it's part of the nic, but on a virtual nic it's got to be stored somewhere. Thx for the info Richard. -Jim P.
Re: reset/change hwaddr/mac in a lxc?
On Tue, 2020-09-01 at 17:45 +1200, Richard Hector wrote: > On 1/09/20 4:23 am, Jim Popovitch wrote: > > Hello! > > > > lxc-create (Debian Buster) assigns MAC addresses to new containers. > > Somehow, 2 new containers (Ubuntu Focal) both got created with the same > > MAC/hwaddr. What are my options to change one of them without > > hardcoding a hwaddr in a lxc config file? > > My containers (test system, admittedly stretch on stretch) get new MAC > addresses with each boot. Does rebooting (shutdown followed by start) > (the container) solve it? Sadly no. Thanks for suggesting it though. > > It does seem odd that you're getting duplicates though. I think, but am not 100% certain, that the hwaddr is assigned when running lxc-create. -Jim P.
reset/change hwaddr/mac in a lxc?
Hello! lxc-create (Debian Buster) assigns MAC addresses to new containers. Somehow, 2 new containers (Ubuntu Focal) both got created with the same MAC/hwaddr. What are my options to change one of them without hardcoding a hwaddr in a lxc config file? tia, -Jim P.
Re: Default vim colorscheme?
On Mon, 2020-06-22 at 12:22 +0100, Liam O'Toole wrote: > On Mon, 22 Jun, 2020 at 10:53:46 +0200, Lucio wrote: > > Il 22/06/20 10:05, elvis ha scritto: > > > Somewhere on your system maybe /usr/share/vim or in /etc that default > > > colour scheme is defined or linked to a real colour scheme. Find it. > > > > I couldn't find the link, but I found /usr/share/vim/vim81/colors directory, > > that contains only 19 colorschemes: not that hard to bruteforce after all. > > I've tried all of them one after the other and I finally found "ron" to be > > the real default one, despite "colorscheme default" not loading "ron"... > > > > Why "colorscheme default" doesn't load the real default, or why the real > > default goes by the name of "ron" and "default" is a non-default choice, is > > beyond me: maybe Debian exhausted the symlinks pool, so renaming the > > "default" file as "classic" or something and symlinking "default" to "ron" > > would have broken the whole system, but it doesn't really matter anymore... > > problem solved, thanks for your help. > > > > I think what happened is that when you set the default colour scheme > interactively a light background was assumed. That's why you get less > contrast in your second screenshot. If you subsequently do ':set > bg=dark' it should look like the first screenshot. H, I (Debian Buster) ran bg=dark, and then 'colorscheme ron' and now I have no colors. er, Thanks! -Jim P.
Re: LXC container update fail
On Sun, 2020-06-14 at 22:40 +0300, Gokan Atmaca wrote: > > Are you able to ping 151.101.12.204 or deb.debian.org from the same lxc? > yes; > > root@nginx2:~# ping deb.debian.org > PING debian.map.fastly.net (151.101.14.133) 56(84) bytes of data. > 64 bytes from 151.101.14.133 (151.101.14.133): icmp_seq=1 ttl=58 time=5.21 ms > 64 bytes from 151.101.14.133 (151.101.14.133): icmp_seq=2 ttl=58 time=5.41 ms > Ok, now try using wget to get the debian archive welcome message on that specific mirror: wget --header="Host: deb.debian.org" http://151.101.14.133 -Jim P.
Re: LXC container update fail
On Sun, 2020-06-14 at 11:15 +0300, Gokan Atmaca wrote: > > Does internet access work properly from the container? > yes. domain name resolution, Ping etc. It works. > > root@nginx2:~# ping -c 2 google.com > PING google.com (172.217.18.14) 56(84) bytes of data. > 64 bytes from fra15s28-in-f14.1e100.net (172.217.18.14): icmp_seq=1 > ttl=118 time=5.28 ms > 64 bytes from fra15s28-in-f14.1e100.net (172.217.18.14): icmp_seq=2 > ttl=118 time=5.38 ms > Are you able to ping 151.101.12.204 or deb.debian.org from the same lxc? -Jim P.
Re: [OT] Regular DKIM issues on this ML (was: Re: why !oh why Debian and application list)
On Sat, 2020-06-13 at 07:56 +, Andy Smith wrote: > On Sat, Jun 13, 2020 at 07:52:55AM +, Andy Smith wrote: > > Looking at the email concerned, it had a line starting with "From" > > quoted with a ">". > > > > Mailing lists often do things like that, breaking DKIM. > > I will add that I recall that Debian postmasters have been asked > before about making changes to accommodate receiving sites that are > strict about DKIM, and they explicitly declined to do so. I think > that was more in the context of rewriting the mail's From header > though (not preventing body changes as is the case here). > > So I would not expect the DKIM situation to change any time soon with > regard to Debian mailing lists. DKIM and Mailinglists has never changed, it's never been advised to mix the two, and it won't be. What you should be aspiring for is ARC. -Jim P.
Re: ipv6 loopback
On Wed, 2020-06-10 at 12:01 -0500, David Wright wrote: > On Wed 10 Jun 2020 at 12:05:57 (-0400), Jim Popovitch wrote: > > Something that has always bugged me (and #debian hasn't yet answered) > > > > What establishes the IPv6 loopback ::1 address, and why is there no need > > for "iface lo inet6 loopback" in /etc/network/interfaces? > > AFAICT there's code in linux-source-4.19/net/ipv6/addrconf.c to make > sure that the loopback gets set up early enough. The comments are: > > /* The addrconf netdev notifier requires that loopback_dev > * has it's ipv6 private information allocated and setup > * before it can bring up and give link-local addresses > * to other devices which are up. > * > * Unfortunately, loopback_dev is not necessarily the first > * entry in the global dev_base list of net devices. In fact, > * it is likely to be the very last entry on that list. > * So this causes the notifier registry below to try and > * give link-local addresses to all devices besides loopback_dev > * first, then loopback_dev, which cases all the non-loopback_dev > * devices to fail to get a link-local address. > * > * So, as a temporary fix, allocate the ipv6 structure for > * loopback_dev first by hand. > * Longer term, all of the dependencies ipv6 has upon the loopback > * device and it being up should be removed. > > Cheers, > David. > Ahh, thanks for that. -Jim P.
ipv6 loopback
Something that has always bugged me (and #debian hasn't yet answered) What establishes the IPv6 loopback ::1 address, and why is there no need for "iface lo inet6 loopback" in /etc/network/interfaces? -Jim P.
Re: Reporting bugs in Stable
On Sun, 2020-04-19 at 10:27 -0400, Carl Fink wrote: > On Sun, Apr 19, 2020 at 09:51:02AM -0400, Jim Popovitch wrote: > > > What applications do you feel aren't up-to-date enough for your liking? > > I'm genuinely curious. > > Mr. Heskett's comments made me want to tell him how to lower the CPU usage > of BOINC. However, boinc-manager in Stable, at least on my system, has a bug > resulting in a blank Computing Preferences dialog. > > (Options >> Computing preferences) > > > > So, actual question: how usable is the current Testing? Because Stable is > > > ... not so much, and decreasing. (It's fine as a server OS, it's just as a > > > client box that it effectively degrades over time as software upgrades > > > don't > > > happen.) > > > > I run stable on a work laptop, it's quite stable (which is what I want > > out of it) > > This is, of course, not actually an answer to my question. It wasn't meant to be. It was a comment on how stable, for me, is certainly not degrading over time. Best wishes, -Jim P.
Re: Reporting bugs in Stable
On Sun, 2020-04-19 at 09:43 -0400, Carl Fink wrote: > Why is reportbug even in Stable? Why not just replace it with a script that > says "Sorry, bugs in Stable are never fixed. Try Testing." Seriously, that's > literally the Debian policy, that only security fixes are done in Stable. I agree with your sentiments, but need to point out that some applications are updated regularly in stable (Firefox-ESR is one that comes to mind), and there are regular point-releases that contain updates. What applications do you feel aren't up-to-date enough for your liking? I'm genuinely curious. > So, actual question: how usable is the current Testing? Because Stable is > ... not so much, and decreasing. (It's fine as a server OS, it's just as a > client box that it effectively degrades over time as software upgrades don't > happen.) I run stable on a work laptop, it's quite stable (which is what I want out of it) -Jim P.
[SOLVED] Re: Delay evolution-*-factory startup
On Mon, 2020-02-03 at 10:24 -0500, Jim Popovitch wrote: > On Mon, 2020-02-03 at 15:19 +, Nektarios Katakis wrote: > > Στις 2020-02-03 14:59, Jim Popovitch έγραψε: > > > On Mon, 2020-02-03 at 14:49 +, Nektarios Katakis wrote: > > > > Στις 2020-02-03 14:24, Jim Popovitch έγραψε: > > > > > On Mon, 2020-02-03 at 14:07 +, Nektarios Katakis wrote: > > > > > > Στις 2020-02-03 12:59, Jim Popovitch έγραψε: > > > > > > > Hello! > > > > > > > > > > > > > > Is there a way in Buster+Cinnamon to disable evolution- > > > > > > > (calendar|addressbook)-factory until after a VPN has connected? > > > > > > > > > > > > > > Everytime I login and start Evolution I have a handful of blue > > > > > > > warnings, > > > > > > > that I must clear, because Evolution was unable to connect to > > > > > > > services > > > > > > > only available over a VPN. By the time I clear the blue warnings > > > > > > > the > > > > > > > VPN > > > > > > > is active, the warning just accrue after login and before network > > > > > > > manager activates the VPN. > > > > > > > > > > > > > > -Jim P. > > > > > > > > > > > > You can run the VPN as a systemd user service as the Evolution is > > > > > > now. > > > > > > And put VPN service to run before the evolution one. > > > > > > > > > > The NetworkManager-OVPN depends on user configuration, therefore the > > > > > VPN won't start until after user login. > > > > > > > > The calendar service should be the same. Since it s a user service it > > > > starts after you login. > > > > > > It does, but I don't want it started until after it can reach the > > > calendar server (which is only available on the VPN). > > > > > > > > > Alternatively you can disable evolution from starting automatically > > > > > > and > > > > > > do it once you have connected manually in your VPN. > > > > > > > > To disable it you can try: `systemctl --user disable > > > > evolution-calendar-factory.service` > > > > Alternatively you can remove the WantedBy block from the unit file. > > > > > > Thanks again, unfortunately that doesn't seem to survive a reboot. :-( > > > > > > I tried disabling all evolution related services, but they still > > > startup > > > after a normal reboot > > > > If no one else is using evolution on that PC you can do `rm > > /usr/lib/systemd/user/evolution-*` > > > > When you reinstall the package you ll have the service files back > > anyway. > > Thanks, I'd rather not do it that way. > > I guess I'll open a bug with Gnome to see if they can suppress the blue > connectivity warnings at startup as there is no need to report an error > that resolves itself once the user has started the application. While messing around with some Evolution settings I resolved this problem by setting: Evolution -> Preferences -> Network Preferences -> Method to detect online state = Network Manager. Bam! Problem solved. -Jim P.
Re: Delay evolution-*-factory startup
On Mon, 2020-02-03 at 15:19 +, Nektarios Katakis wrote: > Στις 2020-02-03 14:59, Jim Popovitch έγραψε: > > On Mon, 2020-02-03 at 14:49 +, Nektarios Katakis wrote: > > > Στις 2020-02-03 14:24, Jim Popovitch έγραψε: > > > > On Mon, 2020-02-03 at 14:07 +, Nektarios Katakis wrote: > > > > > Στις 2020-02-03 12:59, Jim Popovitch έγραψε: > > > > > > Hello! > > > > > > > > > > > > Is there a way in Buster+Cinnamon to disable evolution- > > > > > > (calendar|addressbook)-factory until after a VPN has connected? > > > > > > > > > > > > Everytime I login and start Evolution I have a handful of blue > > > > > > warnings, > > > > > > that I must clear, because Evolution was unable to connect to > > > > > > services > > > > > > only available over a VPN. By the time I clear the blue warnings the > > > > > > VPN > > > > > > is active, the warning just accrue after login and before network > > > > > > manager activates the VPN. > > > > > > > > > > > > -Jim P. > > > > > > > > > > You can run the VPN as a systemd user service as the Evolution is now. > > > > > And put VPN service to run before the evolution one. > > > > > > > > The NetworkManager-OVPN depends on user configuration, therefore the > > > > VPN won't start until after user login. > > > > > > The calendar service should be the same. Since it s a user service it > > > starts after you login. > > > > It does, but I don't want it started until after it can reach the > > calendar server (which is only available on the VPN). > > > > > > > Alternatively you can disable evolution from starting automatically > > > > > and > > > > > do it once you have connected manually in your VPN. > > > > > > To disable it you can try: `systemctl --user disable > > > evolution-calendar-factory.service` > > > Alternatively you can remove the WantedBy block from the unit file. > > > > Thanks again, unfortunately that doesn't seem to survive a reboot. :-( > > > > I tried disabling all evolution related services, but they still > > startup > > after a normal reboot > > If no one else is using evolution on that PC you can do `rm > /usr/lib/systemd/user/evolution-*` > > When you reinstall the package you ll have the service files back > anyway. Thanks, I'd rather not do it that way. I guess I'll open a bug with Gnome to see if they can suppress the blue connectivity warnings at startup as there is no need to report an error that resolves itself once the user has started the application. -Jim P.
Re: Delay evolution-*-factory startup
On Mon, 2020-02-03 at 14:49 +, Nektarios Katakis wrote: > Στις 2020-02-03 14:24, Jim Popovitch έγραψε: > > On Mon, 2020-02-03 at 14:07 +, Nektarios Katakis wrote: > > > Στις 2020-02-03 12:59, Jim Popovitch έγραψε: > > > > Hello! > > > > > > > > Is there a way in Buster+Cinnamon to disable evolution- > > > > (calendar|addressbook)-factory until after a VPN has connected? > > > > > > > > Everytime I login and start Evolution I have a handful of blue > > > > warnings, > > > > that I must clear, because Evolution was unable to connect to services > > > > only available over a VPN. By the time I clear the blue warnings the > > > > VPN > > > > is active, the warning just accrue after login and before network > > > > manager activates the VPN. > > > > > > > > -Jim P. > > > > > > You can run the VPN as a systemd user service as the Evolution is now. > > > And put VPN service to run before the evolution one. > > > > The NetworkManager-OVPN depends on user configuration, therefore the > > VPN won't start until after user login. > > The calendar service should be the same. Since it s a user service it > starts after you login. It does, but I don't want it started until after it can reach the calendar server (which is only available on the VPN). > > > Alternatively you can disable evolution from starting automatically > > > and > > > do it once you have connected manually in your VPN. > > To disable it you can try: `systemctl --user disable > evolution-calendar-factory.service` > Alternatively you can remove the WantedBy block from the unit file. Thanks again, unfortunately that doesn't seem to survive a reboot. :-( I tried disabling all evolution related services, but they still startup after a normal reboot -Jim P.
Re: Delay evolution-*-factory startup
On Mon, 2020-02-03 at 14:07 +, Nektarios Katakis wrote: > Στις 2020-02-03 12:59, Jim Popovitch έγραψε: > > Hello! > > > > Is there a way in Buster+Cinnamon to disable evolution- > > (calendar|addressbook)-factory until after a VPN has connected? > > > > Everytime I login and start Evolution I have a handful of blue > > warnings, > > that I must clear, because Evolution was unable to connect to services > > only available over a VPN. By the time I clear the blue warnings the > > VPN > > is active, the warning just accrue after login and before network > > manager activates the VPN. > > > > -Jim P. > > You can run the VPN as a systemd user service as the Evolution is now. > And put VPN service to run before the evolution one. The NetworkManager-OVPN depends on user configuration, therefore the VPN won't start until after user login. > Alternatively you can disable evolution from starting automatically and > do it once you have connected manually in your VPN. Thanks, any thoughts on how to do that? -Jim P.
Delay evolution-*-factory startup
Hello! Is there a way in Buster+Cinnamon to disable evolution- (calendar|addressbook)-factory until after a VPN has connected? Everytime I login and start Evolution I have a handful of blue warnings, that I must clear, because Evolution was unable to connect to services only available over a VPN. By the time I clear the blue warnings the VPN is active, the warning just accrue after login and before network manager activates the VPN. -Jim P.
Re: iptables DROP before PREROUTING
On Fri, 2020-01-10 at 01:52 +0500, Alexander V. Makartsev wrote: > > The answer to your question, I believe, should look like this: > "iptables -I FORWARD -s 23.132.208.0/24 -j DROP" Thanks! That is what I am looking for. To be clear, I'm doing something much more complex, but the underlying issue is that blocked IPs (via ipsets and text file lists) were properly DROPped by INPUT rules but were circumventing via the FORWARD and NAT rules. -Jim P.
iptables DROP before PREROUTING
Hello! Is there a way to have iptables DROP before PREROUTING. Consider this bit of rules on a home firewall, where 24.126.xx.yy is my home external IP address. - iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -s 23.132.208.0/24 -j DROP # DNAT inbound SSH to home PC iptables -A FORWARD -i eth0 -d 192.168.1.10 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A PREROUTING -p tcp -d 24.126.xx.yy --dport 12345 -j DNAT --to-destination 192.168.1.10 iptables -t nat -A POSTROUTING -s 192.168.1.10 ! -d 192.168.1.0/24 -j SNAT --to 24.126.xx.yy iptables -A INPUT -j DROP What I want to do is prevent 23.132.208.0/24 from accessing a service (port 12345) on my home PC. The problem is, the REROUTING rules preceed the DROP rule, so the connections get through. Thanks for any suggestions/help. -Jim P.
Re: Is there any tool in debian which helps us find what cdn does a website use ?
On Sat, 2020-01-04 at 10:50 +, shirish शिरीष wrote: > it seems bind [5] will replace bind9-host at some point > in the future. How do you reach the above conclusion after reading the SE article you linked earlier? -Jim P.
Re: VPN client for CheckPoint VPN
On Mon, 2019-05-20 at 16:45 +0200, Alexandre GRIVEAUX wrote: > Le 2019-05-20 16:16, Jim Popovitch a écrit : > > Is there a VPN endpoint client that works with "CheckPoint EndPoint > > Security VPN". I have been assigned an IP address of the VPN server, a > > username, and a password. Vpnc seems to think I need a Group name and > > password, and won't accept leaving them blank. Halp! > > > > tia, > > > > -Jim P. > > Hello, > > Maybe the openvpn client ? > Some (almost all, i think) rebadge openvpn with theirs name. Hello! Do you have reason to believe that CheckPoint EndPoint Security VPN is really rebadged OpenVPN? Further, I am subscribed to this list, so please don't TO/CC me AND this list. Thanks! -Jim P.
VPN client for CheckPoint VPN
Is there a VPN endpoint client that works with "CheckPoint EndPoint Security VPN". I have been assigned an IP address of the VPN server, a username, and a password. Vpnc seems to think I need a Group name and password, and won't accept leaving them blank. Halp! tia, -Jim P.
Re: which mutt?
On Fri, 2019-05-03 at 08:43 -0300, Francisco M Neto wrote: > AFAIK in Stretch Mutt actually means Neomutt. There was a flamewar between the > package maintainer and the Mutt guy a while ago about that. It wasn't > pretty[1,2]. > > > In Buster, Mutt means Mutt, and Neomutt means Neomutt. Is there a formal policy or plan for how issues like this are handled in the future *before* flamewars begin? There was a similar issue with mailx (bsd-mailx, heirloom-mailx, s-nail) where decisions were made by one group and offences were taken by others. It just seems like a clear policy could prevent a lot of these "name takeover" issues. -Jim P.
Re: (Paul) Re: Other lists? Fire support for new users
On Fri, 2019-03-22 at 13:46 -0400, deb wrote: > On 3/22/19 1:36 PM, Jim Popovitch wrote: > > On Fri, 2019-03-22 at 13:14 -0400, deb wrote: > > > I guess I found that some folks here (not many, but vocal) can be gruff > > > and insensitive; and I just wanted to see if there were more "yielding" > > > lists. > > > > > > > > > The last thing I want to do is have new users rebuffed in the spot I > > > send them to for help. > > > > One of the sure ways to do that is to unnecessarily modify the Subject line > > of > > emails you send.. > > > > -Jim P. > > > > > > Like that ^ I have no way to know what ^ is pointing to from your perspective. > > I was told before to do that if I was talking (or thanking) one person > BUT also sharing the data with all. > > I personally would want the name in the subject so that I can see if > someone is asking me something directly. > Some days, there are a lot of emails. > > So --- from the gruff perspective -- which way is it? It's not a gruff issue, it's a courtesy and common sense issue, Look at the ways everyone else sends email, which way do you think it should be? -Jim P.
Re: (Paul) Re: Other lists? Fire support for new users
On Fri, 2019-03-22 at 13:14 -0400, deb wrote: > > I guess I found that some folks here (not many, but vocal) can be gruff > and insensitive; and I just wanted to see if there were more "yielding" > lists. > > > The last thing I want to do is have new users rebuffed in the spot I > send them to for help. One of the sure ways to do that is to unnecessarily modify the Subject line of emails you send.. -Jim P.
Re: dirmngr, can't live with it, can't live without it
On Thu, 2019-02-28 at 09:12 -0500, Jim Popovitch wrote: > On Thu, 2019-02-28 at 12:56 +, Curt wrote: > > On 2019-02-28, Jim Popovitch wrote: > > > > > > > > I don't have the protocol (hkp) - but the point was to remove > > > > the > > > > keyserver > > > > from dirmngr.conf - not sure if it is right for your DE though. > > > > > > Thanks for that, testing that now! > > > > Perhaps unrelated to your plight, but have you tried another pool? > > ping times to the North American pool from here (outside Lutèce) > > are > > significantly higher (if that even means anything) than those to > > the > > other pools I tried (primary, European, Oceania). > > > > https://sks-keyservers.net/overview-of-pools.php > > I originally switched from the default SKS pool to the NA pool (I > live in Atlanta, GA, USA) because I thought that the NA pool might > reduce/eliminate any latency issues for me. I do plan to test > further with with a custom pool of just 1 or 2 well-known key > servers in the closest proximity (net'wise) to me. ha! it turns out that at least half of na.pool.sks-keyservers.net are IPs in Europe. /sigh -Jim P.
Re: dirmngr, can't live with it, can't live without it
On Thu, 2019-02-28 at 12:56 +, Curt wrote: > On 2019-02-28, Jim Popovitch wrote: > > > > > > I don't have the protocol (hkp) - but the point was to remove the > > > keyserver > > > from dirmngr.conf - not sure if it is right for your DE though. > > > > Thanks for that, testing that now! > > Perhaps unrelated to your plight, but have you tried another pool? > ping times to the North American pool from here (outside Lutèce) are > significantly higher (if that even means anything) than those to the > other pools I tried (primary, European, Oceania). > > https://sks-keyservers.net/overview-of-pools.php I originally switched from the default SKS pool to the NA pool (I live in Atlanta, GA, USA) because I thought that the NA pool might reduce/eliminate any latency issues for me. I do plan to test further with with a custom pool of just 1 or 2 well-known key servers in the closest proximity (net'wise) to me. -Jim P.
Re: dirmngr, can't live with it, can't live without it
On Wed, 2019-02-27 at 08:03 +0100, deloptes wrote: > by all the time I mean each time Evolution opens a signed mail. I use > Trinity Desktop and there - I only see that signature could not be > verified. Ah, i see. For me (Stretch/Cinnamon) dirmngr is started when Evolution encounters the first sig, and dirmngr remains running until system shutdown. > BTW if you are advanced Linux user as it seems to be ... you may try > Trinity - saves a lot of troubles - but depends what you expect from it. Thanks, I'll certainly look into that more. On a related note I highly recommend Cinnamon for it's clean looks and ease of use. :-) > > > I even do not see any evidence that it is dirmngr that is blocking. > > > When I start the gpg client and search for a key I see dirmngr is > > > started > > > > > > $ while true; do ps -A | grep dir; sleep 1; done > > > > > > > But more to the point, It's not an easy program to debug > > > > > > > > Following man page, I created ~/.gnupg/dirmngr.conf and populated > > > > it > > > > with: > > > > verbose > > > > debug-level expert > > > > keyserver na.pool.sks-keyservers.net > > > > disable-ipv6 > > > > disable-ldap > > > > log-file ~/dirmngr.log > > > > allow-ocsp > > > > > > > > > > interesting but on my end I use pool.sks-keyservers.net and there > > > were no issues - well how often you download or upload a key to the > > > server? > > > > I hardly ever upload, but reading this list results in 2 or 3 key > > downloads every few hours. > > > > So it might be a configuration to automatically search and download keys not > present - what if you configure to manually do so (this might be in > Evolution or at system level for the user) I can't find anywhere in .gnupg/* or Evolution config where that would be setup. :-( > > > If I search for a key it takes like 3sec - and yes I think it goes > > > via dirmngr - but sorry no time to bother setting up a config. > > > > > > The config I find here is the default > > > cat ~/.gnupg/dirmngr.conf > > > > > > ###+++--- GPGConf ---+++### > > > disable-ldap > > > debug-level basic > > > log-file socket:///home/pizza/.gnupg/log-socket > > > ###+++--- GPGConf ---+++### Thu 06 Dec 2018 01:45:13 AM CET > > > # GPGConf edited this configuration file. > > > # It will disable options before this marked block, but it will > > > # never change anything below these lines. > > > > Interesting. My 2 Stretch systems did not have that file by default, I > > had to create it. > > > > Yes it is created by the Trinity Kgpg app AFAIR. > > > > > and then I fired up Evolution and opened emails with gpg sigs, but > > > > still no data in the file ~/dirmngr.log. :-( > > > > > > > > What I suspect the problem to be, and what is alluded to on the > > > > sks-keyservers status page, is that there is a big > > > > inconsistency/availability with their servers (they have more off- > > > > pool servers listed than in-pool). Obviously it's a freebie so > > > > complaints seem childish, but it is an important service.. just > > > > like pool.ntp.org (which ironically Debian has taken responsibility > > > > for at least sanitizing that with debian.pool.ntp.org) > > > > > > > > -Jim P. > > > > > > Some time ago keyservers got consolidated - so now we have > > > pool.sks-keyservers.net. I am not sure if you are taking this with > > > prejudices - might be only your setup. > > > > :-) I do run a clean, simple, tighten-down, secure setup. One of those > > things is a DNSSEC validating recursor which I now see that dnsviz > > reports DNSSEC errors in... wait for it... sks-keyservers.net > > > > http://dnsviz.net/d/pool.sks-keyservers.net/dnssec/ > > > > Now, imagine if pool.ntp.org had those DNSSEC problems and the impact > > it would have on the world. > > > > I am sure not only sks-keyservers.net reports back, but I agree this might > be part of the issue you report. > > > > I know dirmngr is somehow coupled with gpg, but never bothered to > > > look into that as it was always working properly. > > > The keyserver is not configured in ~/.gnupg/dirmngr.conf but in > > > ~/.gnupg/gpg.conf > > > > > > Show your ~/.gnupg/gpg.conf (or at least the relevant parts) > > > > ~$ cat .gnupg/gpa.conf > > default-key 3F1C1EF2E6019EAC646CE45227155EB4C45A2705 > > keyserver hkp://na.pool.sks-keyservers.net > > advanced-ui > > > > I don't have the protocol (hkp) - but the point was to remove the keyserver > from dirmngr.conf - not sure if it is right for your DE though. Thanks for that, testing that now! -Jim P.
Re: dirmngr, can't live with it, can't live without it
On Tue, 2019-02-26 at 21:01 +, Tixy wrote: > On Tue, 2019-02-26 at 15:21 -0500, Jim Popovitch wrote: > > But more to the point, It's not an easy program to debug > > > > Following man page, I created ~/.gnupg/dirmngr.conf and populated > > it > > with: > > verbose > > debug-level expert > > keyserver na.pool.sks-keyservers.net > > disable-ipv6 > > disable-ldap > > log-file ~/dirmngr.log > > allow-ocsp > > > > and then I fired up Evolution and opened emails with gpg sigs, but > > still no data in the file ~/dirmngr.log. :-( > > I've no idea what dirmngr is, but have you tried specifying a proper > path for 'log-file' rather than using a tilde (~)? Perhaps whatever > parses dirmngr.conf doesn't treat a tilde as special like shells do. dirmngr (Directory Manager?) is an agent produced by the GnuPGP folks who also have something called gpg-agent. Why one is called an agent and the other a mngr (manager) is unknown to me. The log file eventually started dumping some stuff. Here it is for those interested: http://paste.debian.net/plainh/16c494c3 -Jim P.
Re: dirmngr, can't live with it, can't live without it
On Wed, 2019-02-27 at 00:45 +0100, deloptes wrote: > Jim Popovitch wrote: > > > On Tue, 2019-02-26 at 20:31 +0100, deloptes wrote: > > > Jim Popovitch wrote: > > > > > > > What's up with dirmngr? If dirmngr is installed Evolution > > > > often takes ages to open signed emails. If dirmngr is not > > > > installed then (according to p.d.o/buster/dirmngr) "the parts > > > > of the GnuPG suite that try to interact with the network will > > > > fail" > > > > > > > > How can dirmngr be so tightly integrated but work so poorly > > > > querying services? /r > > > > > > why should it be dirmngrs fault? perhaps it is a kind of buster > > > or other issue. > > > > > > Try to find out where the waiting is coming from and post back. > > > For example waiting for keyserver to respond or similar or > > > waiting for something to time out. > > > > Glad you asked! > > > > dirmngr uses sks-keyservers.net which has at least one NS with > > issues: > > https://ednscomp.isc.org/ednscomp/0f65feeaa7 > > > > Hmm, I just wonder why you would need to run dirmngr all the time, or > each time you have to read encrypted mail. you should have imported > the keys locally. I don't choose to run dirmngr all the time, something within Evolution or gpg-agent makes that choice, and there's no way for me to know who on the d-u@l.d.o is going to sign their emails therefore I can't pre- import their keys. > I even do not see any evidence that it is dirmngr that is blocking. > When I start the gpg client and search for a key I see dirmngr is > started > > $ while true; do ps -A | grep dir; sleep 1; done > > > But more to the point, It's not an easy program to debug > > > > Following man page, I created ~/.gnupg/dirmngr.conf and populated > > it > > with: > > verbose > > debug-level expert > > keyserver na.pool.sks-keyservers.net > > disable-ipv6 > > disable-ldap > > log-file ~/dirmngr.log > > allow-ocsp > > > > interesting but on my end I use pool.sks-keyservers.net and there > were no issues - well how often you download or upload a key to the > server? I hardly ever upload, but reading this list results in 2 or 3 key downloads every few hours. > If I search for a key it takes like 3sec - and yes I think it goes > via dirmngr - but sorry no time to bother setting up a config. > > The config I find here is the default > cat ~/.gnupg/dirmngr.conf > > ###+++--- GPGConf ---+++### > disable-ldap > debug-level basic > log-file socket:///home/pizza/.gnupg/log-socket > ###+++--- GPGConf ---+++### Thu 06 Dec 2018 01:45:13 AM CET > # GPGConf edited this configuration file. > # It will disable options before this marked block, but it will > # never change anything below these lines. Interesting. My 2 Stretch systems did not have that file by default, I had to create it. > > and then I fired up Evolution and opened emails with gpg sigs, but > > still no data in the file ~/dirmngr.log. :-( > > > > What I suspect the problem to be, and what is alluded to on the > > sks-keyservers status page, is that there is a big > > inconsistency/availability with their servers (they have more off- > > pool servers listed than in-pool). Obviously it's a freebie so > > complaints seem childish, but it is an important service.. just > > like pool.ntp.org (which ironically Debian has taken responsibility > > for at least sanitizing that with debian.pool.ntp.org) > > > > -Jim P. > > Some time ago keyservers got consolidated - so now we have > pool.sks-keyservers.net. I am not sure if you are taking this with > prejudices - might be only your setup. :-) I do run a clean, simple, tighten-down, secure setup. One of those things is a DNSSEC validating recursor which I now see that dnsviz reports DNSSEC errors in... wait for it... sks-keyservers.net http://dnsviz.net/d/pool.sks-keyservers.net/dnssec/ Now, imagine if pool.ntp.org had those DNSSEC problems and the impact it would have on the world. > I know dirmngr is somehow coupled with gpg, but never bothered to > look into that as it was always working properly. > The keyserver is not configured in ~/.gnupg/dirmngr.conf but in > ~/.gnupg/gpg.conf > > Show your ~/.gnupg/gpg.conf (or at least the relevant parts) ~$ cat .gnupg/gpa.conf default-key 3F1C1EF2E6019EAC646CE45227155EB4C45A2705 keyserver hkp://na.pool.sks-keyservers.net advanced-ui -Jim P.
Re: dirmngr, can't live with it, can't live without it
On Tue, 2019-02-26 at 20:31 +0100, deloptes wrote: > Jim Popovitch wrote: > > > What's up with dirmngr? If dirmngr is installed Evolution often > > takes > > ages to open signed emails. If dirmngr is not installed then > > (according > > to p.d.o/buster/dirmngr) "the parts of the GnuPG suite that try to > > interact with the network will fail" > > > > How can dirmngr be so tightly integrated but work so poorly > > querying > > services? /r > > why should it be dirmngrs fault? perhaps it is a kind of buster or > other issue. > > Try to find out where the waiting is coming from and post back. For > example waiting for keyserver to respond or similar or waiting for > something to time out. Glad you asked! dirmngr uses sks-keyservers.net which has at least one NS with issues: https://ednscomp.isc.org/ednscomp/0f65feeaa7 But more to the point, It's not an easy program to debug Following man page, I created ~/.gnupg/dirmngr.conf and populated it with: verbose debug-level expert keyserver na.pool.sks-keyservers.net disable-ipv6 disable-ldap log-file ~/dirmngr.log allow-ocsp and then I fired up Evolution and opened emails with gpg sigs, but still no data in the file ~/dirmngr.log. :-( What I suspect the problem to be, and what is alluded to on the sks-keyservers status page, is that there is a big inconsistency/availability with their servers (they have more off-pool servers listed than in-pool). Obviously it's a freebie so complaints seem childish, but it is an important service.. just like pool.ntp.org (which ironically Debian has taken responsibility for at least sanitizing that with debian.pool.ntp.org) -Jim P.
dirmngr, can't live with it, can't live without it
OK d-u@l.d.o, What's up with dirmngr? If dirmngr is installed Evolution often takes ages to open signed emails. If dirmngr is not installed then (according to p.d.o/buster/dirmngr) "the parts of the GnuPG suite that try to interact with the network will fail" How can dirmngr be so tightly integrated but work so poorly querying services? /r -Jim P.
Re: certbot options
On Fri, 2018-12-07 at 11:35 +, Michael Grant wrote: > > The renewal/*.conf files seem to be created automatically, I certainly > didn’t create those by hand, so modifying them looks like a bad > idea. The renewal/*.conf files do get created automatically (one for each certificate) when 1) you first use certbot to configure and fetch a cert, and 2) when certbot updates a cert via the script in /etc/cron.d/certbot. Legitimate changes that you make to the renewal/*.conf files, are preserved and used by "certbot renew" AFAIK there is no "hook.d" concept with certbot (it would be a nice thing to have), the only concept of renewal hooks are manually adding "renew_hook" in the *.conf files OR modifying /etc/cron.d/certbot. -Jim P. signature.asc Description: This is a digitally signed message part
Re: certbot options
On Wed, 2018-11-28 at 13:29 +, Michael Grant wrote: > In /lib/systemd/system/certbot.service > > The line to start certbot is: > ExecStart=/usr/bin/certbot -q renew > > If I modify this file by hand: > > ExecStart=/usr/bin/certbot -q --pre-hook /usr/local/bin/certbot- > prehook.sh renew > > The next time certbot is updated by apt, this file gets overwritten > and my change goes away. > > Could someone please tell me the proper place to modify certbot’s > default arg list or is there some systemctl command I should be doing > instead of modifying this file directly? Or is this a bug and > apt-get should warn me before overwriting this file on update? Is there a reason why you don't put "pre-hook /usr/local/bin/certbot-prehook.sh" in /etc/letsencrypt/renewal/*.conf ? -Jim P.
Re: ssh
On Mon, 2018-11-19 at 12:12 -0500, Michael Stone wrote: > On Mon, Nov 19, 2018 at 09:43:29AM -0500, Jim Popovitch wrote: > > On Mon, 2018-11-19 at 08:38 -0500, Michael Stone wrote: > > > On Mon, Nov 19, 2018 at 08:32:09AM -0500, Greg Wooledge wrote: > > > > If you're only going to login to the account using ssh keys, you > > > > don't need to give it a valid password hash at all. Just put a > > > > string of rubbish (English words qualify) in the hash field of > > > > /etc/shadow. > > > > > > Don't do that. Just use a *. > > > > Something that's always bugged me... is there any difference between > > using * or ! (both are valid)? > > ! locks the account, * is a convention that means "no password". > Ack! Thanks! -Jim P. signature.asc Description: This is a digitally signed message part
Re: ssh
On Mon, 2018-11-19 at 08:38 -0500, Michael Stone wrote: > On Mon, Nov 19, 2018 at 08:32:09AM -0500, Greg Wooledge wrote: > > If you're only going to login to the account using ssh keys, you > > don't need to give it a valid password hash at all. Just put a > > string of rubbish (English words qualify) in the hash field of > > /etc/shadow. > > Don't do that. Just use a *. Something that's always bugged me... is there any difference between using * or ! (both are valid)? -Jim P.
screen issues
Hello, I'm seeing some new'ish issues with using screen. In the past, I could ssh into a remote server, restore a running screen (screen -r) and paste something I had previously copied. What seems to be happening, and it started some time in the past 3 months, is that resuming screen clears the paste buffer. Even tabbing into another term, and re-copying the text, I am unable to paste the text into the screen running in the second term. Any thoughts/ideas/input on what could be going on? Thanks! Debian Stretch, Cinnamon desktop. -Jim P.
Re: Syncing GnuPG between 2 system
On Sat, 2018-09-29 at 09:50 -0400, Roberto C. Sánchez wrote: > If all you care about is the public keys for verifying signatures, > then I say don't bother trying to proactively sync. Just let each > system get keys and key updates from the public keyservers as needed. OK, that makes sense, and seems to be the popular opinion. > Your original message seemed to inidicate that you wanted to both > verify signatures and also produce signatures on multiple > machines. That was why I provided the link to the article on subkeys, > as I consider that to be the only sensible way to have signing > capabilities on multitple devices related to a single GnuPG > key. Perhaps I misread your email in that regard. You read my email correctly. I did quickly read and have bookmarked your link. Thank you for that. -Jim P. signature.asc Description: This is a digitally signed message part
Re: Syncing GnuPG between 2 system
On Sat, 2018-09-29 at 09:16 +0200, deloptes wrote: > Jim Popovitch wrote: > > > Copying .gnupg is simple and easy, but not quite what I'm looking > > for. Imagine having to copy your email folders or address book from > > system to system, instead of using something like IMAP. I suppose I > > could build something that uses WebDav to sync .gnupg... I was just > > hoping somethinglike that existed. > > you definitely do not want to upload your secret key anywhere. Well of course not, and that is not what this question is about. ;-) You certainly don't want to sync your email account password either, nor your mothers maiden name. ;-) > Keep your private key secret and use a keyserver for the public keys. > When you have this setup IMAP is not an issue. I get the secret key part. Are you saying to forget about syncing public keys (from other's emails) and just let each client download those from a public keyserver? If so, I may be over thinking the need to sync GnuPG between devices. H. > and BTW no one said that you should copyyour mail folder. I'm the one who brought that up, as an example, because someone (you?) was saying to copy files around from box to box. I mentioned IMAP as an alternative to copying email files/folders, and that I was looking for a similar technique for GnuPG. -Jim P. signature.asc Description: This is a digitally signed message part
Re: Syncing GnuPG between 2 system
On Sat, 2018-09-29 at 01:45 +0200, deloptes wrote: > Roberto C. Sánchez wrote: > > > You may find this article helpful: > > > > http://www.connexer.com/articles/openpgp-subkeys > > I think that a copy of .gnupg directory would mostly work. > If OP wants to be able to sign or encrypt with same key from more > machines, I agree the link is useful, but overcomplicated > > Copy of the .gnupg will give the base and each intervention should be > synced with the key server, so that the clients are subsequently in > sync Copying .gnupg is simple and easy, but not quite what I'm looking for. Imagine having to copy your email folders or address book from system to system, instead of using something like IMAP. I suppose I could build something that uses WebDav to sync .gnupg... I was just hoping something like that existed. -Jim P. signature.asc Description: This is a digitally signed message part
Syncing GnuPG between 2 system
Hello! What is the best way to maintain consistency of a user's gnupg signing/verifying capabilities between 2 or more desktop systems? tia, -Jim P. signature.asc Description: This is a digitally signed message part
Re: Gnome flooding syslog
On Sat, 2018-09-08 at 19:18 +0300, Reco wrote: > Hi. > > On Sat, Sep 08, 2018 at 12:10:26PM -0400, Jim Popovitch wrote: > > How do I prevent/stop Gnome trivial errors from flooding syslog? > > By configuring your journald and syslog correctly. > For instance, this little snippet: > > $ cat /etc/systemd/journald.conf.d/lessspam.conf > [Journal] > MaxLevelSyslog=info My system didn't have a journal.conf.d directory, nor a reference to it in journal.conf, but I did uncomment and modify MaxLevelSyslog= in journal.conf. Thanks for that! > decreases the amount of journald entries by an order of magnitude. > > This one: > > $ cat /etc/rsyslog.d/systemd-spam.conf > :syslogtag, startswith, "gnome-" stop > > sends all GNOME-related syslog entries to where they belong, i.e. > /dev/null. Ack. > > Simply resizing gnome-terminal yields dozens (hundreds?) of log entries > > like: > > > >gnome-terminal-[1849]: Allocating size to GtkScrollbar 0x5616bb780720 > > without > >calling gtk_widget_get_preferred_width/height(). How does the code know > > the > >size to allocate? > > Of course, fixing the offending program would be right way of doing > this, but it's a GNOME program we're talking about. And GNOME programs > are known for this kind of spam. > :-) You're my hero today, Much thanks!! -Jim P. signature.asc Description: This is a digitally signed message part
Gnome flooding syslog
How do I prevent/stop Gnome trivial errors from flooding syslog? Simply resizing gnome-terminal yields dozens (hundreds?) of log entries like: gnome-terminal-[1849]: Allocating size to GtkScrollbar 0x5616bb780720 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate? Debian/Stretch, Gnome-Terminal v3.22.2-1 -Jim P.
Re: yabasic problem
On August 20, 2018 7:35:35 AM UTC, Thomas Schmitt wrote: >Hi, > >i wrote: >> > (Found the booklet. It's HP BASIC 3.0, not 2.0. Newest techology of >1985.) > >David Wright wrote: >> I thought we were up to version 4.0¹ by 1985, > >Indeed, the booklet says "June 1984 ... First Edition". > >I think i did not get to BASIC 4.0 because in 1986 i wrote a BASIC >program >which translated our other BASIC programs to C (with some handwork >being >left to do). > > >> Would you agree, though, that "BASIC" is the language that must >> have the biggest contrast between its well-endowed versions and >> the most dire cr*p. > >Well, back then i perceived HP BASIC as the best language of all. It >made >me boss on all those expensive HP machines (from 9845B to 9000/320). >But C ran on all Unix workstations. And as soon as i became >ambidextrous >enough, i fell in love with the display manager of the Apollo Domain >DN3000. > >Microsoft's Visual Basic is said to have surpassed HP BASIC in the years later. > Before VB (early 1990s) there was Microsoft Basic (Professional Development System) which iirc became quite popular in the late 80s. -Jim P.
