Re: Ghost cronjob

[Mart van de Wege]

David Wright  writes:

> On Tue 04 May 2021 at 17:06:50 (+0200), Mart van de Wege wrote:
>> Sven Hartge writes:
>> > Mart van de Wege wrote:
>> >
>> >> Nope, not ephemeral at all, it's PID 1. Since I don't have timers
>> >> running this job, apparently there's a zombie process somewhere?
>> >
>> > PID 1 hints at a systemd.timer, even if you have dismissed this
>> > previously. Also the start time of just after midnight hints at this.
>> >
>> > And when I look at the current btrbk package in Sid/Testing I do indeed
>> > see it ships a timer in /usr/lib/systtemd/
>> >
>> > So, there is your answer then.
>> 
>> Well whaddayaknow. I hadn't checked the system timers under
>> /usr/lib/systemd/
>> 
>> And that is the bastard running the ghost job.
>> 
>> Surely packaging a system timer file like that should not be done? It
>> should be at the discretion of the admin to create one if they want to
>> run btrbk on a schedule.
>
> I think this has been discussed in the past, and that installing a
> package is generally seen as meaning that you want it to run: Debian
> therefore tries to supply a reasonable and secure configuration.
>
But that's not applicable in this case. btrbk can be run standalone or
from a cronjob/timer, but the exact time someone wants to run their
backups, or even if they want them run periodically at all, is not a
decision you can make for them.

Of course an argument can be made that without edits to the default
btrbk.conf file btrbk won't run anyway, so configuring the timer is part
of configuring your backup strategy. I still think that supplying a
system timer is wrong here.

> But I can't help wondering what was the result of both systemd *and*
> your cron job running btrbk at the same time. Do you have backups of
> the logs?
>
I have backups. What happened is that for about 1.5 months I ran double
backups. Thankfully these are incremental snapshots, so not much
diskspace is lost on my server.

Regards,

Mart
-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Ghost cronjob

[Mart van de Wege]

Sven Hartge  writes:

> Mart van de Wege  wrote:
>
>> Nope, not ephemeral at all, it's PID 1. Since I don't have timers
>> running this job, apparently there's a zombie process somewhere?
>
> PID 1 hints at a systemd.timer, even if you have dismissed this
> previously. Also the start time of just after midnight hints at this.
>
> And when I look at the current btrbk package in Sid/Testing I do indeed
> see it ships a timer in /usr/lib/systtemd/
>
> So, there is your answer then.

Well whaddayaknow. I hadn't checked the system timers under
/usr/lib/systemd/

And that is the bastard running the ghost job.

Surely packaging a system timer file like that should not be done? It
should be at the discretion of the admin to create one if they want to
run btrbk on a schedule.

Regards,

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Ghost cronjob

[Mart van de Wege]

Mart van de Wege  writes:

> Stefan Monnier  writes:
>
>> Mart van de Wege [2021-05-03 20:11:25] wrote:
>>> Stefan Monnier  writes:
>>>>> root@galahad:~# grep btrbk /etc/ -rl
>>>>
>>>> Have you `grep`d in `/var/` as well?
>>>> [ E.g. `/var/spool/crontabs` ]
>>>>
>>> Yep, nothing there, aside from the usual suspects (apt & dpkg files).
>>>
>>>>> And yet I find this in /var/log/btrbk.log:
>>>>>
>>>>> 2017-03-12T20:16:28+0100 startup v0.24.0 - - - - # btrbk command
>>>>> line client, version 0.24.0
>>>>
>>>> Any other mention of activity around that time in some other log file?
>>>>
>>>>
>>> Not that I can see. I am going to see what patching btrbk to log PPID
>>> shows up tonight.
>>
>> My usual "trick" is to log a full `ps --forest -ef`.
>
> Hmmm. If the PPID turns out to be ephemeral, then that is a good second
> option.
>
Nope, not ephemeral at all, it's PID 1. Since I don't have timers
running this job, apparently there's a zombie process somewhere?

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Ghost cronjob

[Mart van de Wege]

Stefan Monnier  writes:

> Mart van de Wege [2021-05-03 20:11:25] wrote:
>> Stefan Monnier  writes:
>>>> root@galahad:~# grep btrbk /etc/ -rl
>>>
>>> Have you `grep`d in `/var/` as well?
>>> [ E.g. `/var/spool/crontabs` ]
>>>
>> Yep, nothing there, aside from the usual suspects (apt & dpkg files).
>>
>>>> And yet I find this in /var/log/btrbk.log:
>>>>
>>>> 2017-03-12T20:16:28+0100 startup v0.24.0 - - - - # btrbk command line 
>>>> client, version 0.24.0
>>>
>>> Any other mention of activity around that time in some other log file?
>>>
>>>
>> Not that I can see. I am going to see what patching btrbk to log PPID
>> shows up tonight.
>
> My usual "trick" is to log a full `ps --forest -ef`.

Hmmm. If the PPID turns out to be ephemeral, then that is a good second
option.

> [ Instead of patching, you can rename it and replace it with a script
>   that runs the "real" btrbk.  ]
>
It's a Perl script, I automatically started editing it as I am pretty
fluent in Perl. Wrapper scripts are almost always my second thought.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Ghost cronjob

[Mart van de Wege]

Stefan Monnier  writes:

>> root@galahad:~# grep btrbk /etc/ -rl
>
> Have you `grep`d in `/var/` as well?
> [ E.g. `/var/spool/crontabs` ]
>
Yep, nothing there, aside from the usual suspects (apt & dpkg files).

>> And yet I find this in /var/log/btrbk.log:
>>
>> 2017-03-12T20:16:28+0100 startup v0.24.0 - - - - # btrbk command line 
>> client, version 0.24.0
>
> Any other mention of activity around that time in some other log file?
>
>
Not that I can see. I am going to see what patching btrbk to log PPID
shows up tonight.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Ghost cronjob

[Mart van de Wege]

David Wright  writes:

>
> Just guessing. You set the cron job to initiate a backup at 04:00.
> Perhaps there's something configured in your /etc/btrbk/btrbk.conf
> that says check for retention by day/week/month/year rather than
> 04:00/day/week/month/year. The former check has to made at midnight.
>
Nope. btrbk is very simple, it just checks what snapshots are already
there, and if there is already a snapshot in your snapshot directory of
the form . it just adds a snapshot
._.

Otherwise it just completes its entire run, creating snapshots, and
sending the diffs between snapshots to a backup destination at whatever
time you run it.

And the logs show a full run at 00:00, when there is nothing configured
to kick that off.

And if I activate that 04:00 cronjob, I get two full runs in my logs,
with the attendant _1 snapshots in my snapshot directory.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Ghost cronjob

[Mart van de Wege]

 writes:

> Now I do :)
>
> Well, no clue. But it's a script, so you could just insert some
> debugging stuff (like, for example, reporting its parent PID
> when it's started again)? So you might catch the ghosts parent?
>
> Cheers
>  - t
>
Neat idea. btrbk is pure Perl, in which I happened to be fluent. I added
the relevant log messages, let's see what happens tonight.

Regards,

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Ghost cronjob

[Mart van de Wege]

 writes:

> On Mon, May 03, 2021 at 09:07:26AM +0200, Mart van de Wege wrote:
>> I have the following configured to back up my laptop to my file server:
>> 
>> root@galahad:~# cat /etc/cron.d/backup 
>> MAILTO=m...@vdwege.eu
>> #00 04 * * * root /usr/sbin/btrbk --verbose --format=long run
>> 
>> Note: it is currently disabled.
>
> [...]
>
>> And yet I find this in /var/log/btrbk.log:
>> 
>> 2017-03-12T20:16:28+0100 startup v0.24.0 - - - - # btrbk command line 
>> client, version 0.24.0
>
> Another place to check is in /var/spool/cron/crontabs. Perhaps the
> entry slipped in via some `crontab -e' or similar.
>
Assume I checked those :)

root@galahad:/var/spool/cron/crontabs# grep btrbk . -r
root@galahad:/var/spool/cron/crontabs# 

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Ghost cronjob

[Mart van de Wege]

Mart van de Wege  writes:

> And yet I find this in /var/log/btrbk.log:
>
> 2017-03-12T20:16:28+0100 startup v0.24.0 - - - - # btrbk command line client, 
> version 0.24.0
>
Wrong logline copy/pasted, it should be this one:

2021-05-03T00:00:03+0200 startup v0.27.1 - - - # btrbk command line client, 
version 0.27.1

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Ghost cronjob

[Mart van de Wege]

I have the following configured to back up my laptop to my file server:

root@galahad:~# cat /etc/cron.d/backup 
MAILTO=m...@vdwege.eu
#00 04 * * * root /usr/sbin/btrbk --verbose --format=long run

Note: it is currently disabled.

The only other places I have anything mentioning btrbk in /etc is in
btrbk's config files:

root@galahad:~# grep btrbk /etc/ -rl
/etc/btrbk/btrbk.conf.example
/etc/btrbk/btrbk.conf.old
/etc/btrbk/btrbk.conf.local
/etc/btrbk/btrbk.conf~
/etc/btrbk/btrbk.conf
/etc/cron.d/backup

And yet I find this in /var/log/btrbk.log:

2017-03-12T20:16:28+0100 startup v0.24.0 - - - - # btrbk command line client, 
version 0.24.0

There are no systemd timers related to btrbk either.

This started about 1.5 months ago when I changed the backup time from
midnight to 04:00; it took me some time to notice in the status mails
that btrbk was creating duplicate snapshots, and checking the logs
showed that at ran both at midnight and at 04:00. Disabling the 04:00
cronjob left the ghost cronjob at 00:00 intact.

How do I find out why a periodic job is running with nothing obviously
configured for it?

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: ping gateway ok, ping any other local network address fails

[Mart van de Wege]

rudu  writes:
>
> To configure the printer, I first have to be able to ping it on the
> local network, which every over computer can do.

So all other peers on the LAN can get to the printer.

> And they can print all right, so this desktop must have some network
> misconfiguration of some sort, I guess ...
> It seems like trapped into a tunnel toward the gateway/router to get
> out, but can't shake hands with a pal next door.

If your netmask on both sides of the connection is OK, then the problem
is at the Ethernet level. Your previous output showed a /24 on the
desktop. Can you verify that all the other peers are also in
192.168.1.0/24?

If so, next step should be trying to plug the misbehaving desktop into a
different switch port, assuming 1. you have one free, 2. you can get
someone to do that for you, as you have no physical access yourself (did
I understand that correctly?), and 3. this is a dumb switch that just
forwards between all ports, so any port is fine.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Systemd leaves uninterruptible processes

[Mart van de Wege]

On Sun, 2 Aug 2020 11:27:47 -0400
Celejar  wrote:

> On Sun, 2 Aug 2020 17:06:22 +0200
>  wrote:
> 
> > On Sun, Aug 02, 2020 at 04:27:25PM +0200, Mart van de Wege wrote:  
> > > Andrei POPESCU  writes:
> > > >
> > > > What else besides XFCE and "common" desktop software (e.g. mail
> > > > client, LibreOffice, etc.)?
> > > >  
> > > And instead of being a condescending arse you might want to ask
> > > for information that's actually relevant.  
> > 
> > I may be wrong, but I think you're over-interpreting Andrei here.
> > I've the feeling he's genuinely trying to help. Blame the channel.  
> 
> +1
> 
> Andrei is one of the most helpful and gracious people on this list.
> There's probably nuance that isn't correctly coming across via email.
> 
Look, I point out an issue with a normal systemd service, which I found
because my laptop was slow and running a load average of 15+, with lots
of systemd-user-runtime-dir processes in D state causing that load.

I traced it down to user-runtime-dir@UID.service crashing on cleaning
up a /run/user/UID directory. I gave relevant information, and Andrei
is asking if I have LibreOffice installed, and points me to ESR's FAQ.

I'm very sorry, but that feels extremely condescending. I'm *not* some
newbie just in from Ubuntu. When I provide information, I expect to be
queried on relevant points.

As it turns out I found some more information: the kernel oopses when
it audits the unlink call when SELinux is enabled. Since that looks
like a bug in kernel/systemd interaction, I'm filing a bug report with
full information (including the oops output). Since this laptop is the
only one running SELinux in permissive mode (because I'm still working
out its policy), I'm not losing much to disable it for now.

Mart

Re: Systemd leaves uninterruptible processes

[Mart van de Wege]

Andrei POPESCU  writes:

>> (Oh, and ODD 9 is the 'news' user on this system, which is used by
>> leafnode's nightly 'texpire' run)
>
> So you are running leafnode on it, not necessarily the most common 
> software to run on a desktop.
>
> What else besides XFCE and "common" desktop software (e.g. mail client, 
> LibreOffice, etc.)?
>
And instead of being a condescending arse you might want to ask for
information that's actually relevant.

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Systemd leaves uninterruptible processes

[Mart van de Wege]

Andrei POPESCU  writes:

> On Sb, 01 aug 20, 21:38:50, Mart van de Wege wrote:
>> Andrei POPESCU  writes:
>> 
>> >> I tried googling, but unfortunately the terms I can come up with only
>> >> give generic information. How can I find out why these processes keep
>> >> hanging?
>> >
>> > Which processes would that be?
>> 
>> Ah, those would be '/lib/systemd/systemd-user-runtime-dir stop '
>
> There still very little information to even try to guess what's going 
> on.
>
> It would help if you explained exactly what this system is doing / meant 
> for, how did you install it, what changes you did to the default 
> configuration, what commands are you running, as well as copy-pasting 
> the output, etc. 
>
Really?!

This is just a personal laptop running Sid with XFCE4 as
desktop. Nothing special at all.

Just that in the past month systemd has had trouble closing user
sessions after running periodic tasks under that UID; in detail: it
hangs in D state when trying to clean up the user runtime dir
(/run/user/) using the user-runtime-dir@.service.

I mentioned all that in my previous post. If you have anything useful to
add that I could use to debug this instead of making me jump through
hoops I'd appreciate it.

You want copy/paste? Here:

root  121323  0.0  0.0  6 23932 ?Ds   07:37   0:00 
/lib/systemd/systemd-user-runtime-dir stop 9

systemctl status user-runtime-dir@9.service 
● user-runtime-dir@9.service - User Runtime Directory /run/user/9
 Loaded: loaded (/lib/systemd/system/user-runtime-dir@.service; static; 
vendor preset: enab>
 Active: failed (Result: timeout) since Sun 2020-08-02 07:43:12 CEST; 5h 
41min ago
   Docs: man:user@.service(5)
Process: 121276 ExecStart=/lib/systemd/systemd-user-runtime-dir start 9 
(code=exited, statu>
   Main PID: 121276 (code=exited, status=0/SUCCESS)

I *have* no more useful information. That's why I am asking for help to
get more useful information.

(Oh, and ODD 9 is the 'news' user on this system, which is used by
leafnode's nightly 'texpire' run)

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Systemd leaves uninterruptible processes

[Mart van de Wege]

Andrei POPESCU  writes:

>> I tried googling, but unfortunately the terms I can come up with only
>> give generic information. How can I find out why these processes keep
>> hanging?
>
> Which processes would that be?

Ah, those would be '/lib/systemd/systemd-user-runtime-dir stop '

Regards,

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Systemd leaves uninterruptible processes

[Mart van de Wege]

On Wed, 2020-07-29 at 13:53 +0300, Andrei POPESCU wrote:
> On Ma, 28 iul 20, 17:32:55, Mart van de Wege wrote:
> > Hi,
> > 
> > Since the past month or so, systemd leaves systemd-user-runtime-dir
> > processes in an uninterruptible state, apparently after cleaning up
> > after a user sessions exits; I'm running XFCE4 with Lightdm, and
> > thus I
> > get at least a hanging process trying to stop
> > user-runtime-dir@117.service, but they also appear after scheduled
> > cleanups for the 'news' user.
> 
> What package / software is using uid 117 (it's not in the default 
> /etc/passwd)?
> 
That's lightdm

Mart

Systemd leaves uninterruptible processes

[Mart van de Wege]

Hi,

Since the past month or so, systemd leaves systemd-user-runtime-dir
processes in an uninterruptible state, apparently after cleaning up
after a user sessions exits; I'm running XFCE4 with Lightdm, and thus I
get at least a hanging process trying to stop
user-runtime-dir@117.service, but they also appear after scheduled
cleanups for the 'news' user.

Consequently, my system load increases every day after reboot.

I tried googling, but unfortunately the terms I can come up with only
give generic information. How can I find out why these processes keep
hanging?

(Weirdly, my own user session cleans up perfectly fine)

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Systemd start that won't stop

[Mart van de Wege]

 writes:

> On Sun, Aug 11, 2019 at 07:11:19PM +0200, Mart van de Wege wrote:
>> Felix Miata  writes:
>> 
>> > Curt Howland composed on 2019-08-09 13:53 (UTC-0400):
>> >
>> >> plymouth-quit-wait.service 
>> > ...
>> >> I have no idea what a "plymouth" is.
>> >
>> > Several things it brings to the table:
>> > 1-avoids /dastardly/ "flicker" on mode switching during startup
>> > 2-bling/eye candy during startup
>> > 3-bloats initrd
>> > 4-encryption handling
>> > 5-yet another tool for systemd to disrupt startup/shutdown
>> >
>> And beyond the FUD:
>> 
>> 6. Make sure that the console is sane when you try to provide things
>> like LUKS passphrases; the default bootup console will happily overwrite
>> the prompt [...]
>
> Huh? Under what conditions does this happen?
>
Look it up. Plymouth was only introduced in wheezy. I'm not going to do
your homework for you.

Regards,

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Systemd start that won't stop

[Mart van de Wege]

Felix Miata  writes:

> Curt Howland composed on 2019-08-09 13:53 (UTC-0400):
>
>> plymouth-quit-wait.service 
> ...
>> I have no idea what a "plymouth" is.
>
> Several things it brings to the table:
> 1-avoids /dastardly/ "flicker" on mode switching during startup
> 2-bling/eye candy during startup
> 3-bloats initrd
> 4-encryption handling
> 5-yet another tool for systemd to disrupt startup/shutdown
>
And beyond the FUD:

6. Make sure that the console is sane when you try to provide things
like LUKS passphrases; the default bootup console will happily overwrite
the prompt, making it completely unclear why your boot is
hanging. Plymouth will make sure that when you are prompted, nothing
else will muck up your console. This is why it does not even have to run
as a graphical bootloader, but can handle a text console as well.

Plymouth provides a pretty bootscreen as a side effect. It actually
provides a useful service.

On the other hand, it should die when booting is done, if the
plymouth-quit-wait.service hangs, something *else* is wrong.

Regards,

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Debian Buster: Is it safe to use on autodefrag on a Btrfs filesystem that is used for (Restic) backup only with no Btrfs snapshots or subvolumes?

[Mart van de Wege]

Stefan Monnier  writes:

>> Is it safe to use autodefrag for my use case?
>
> It sounds like it might be "safe" (the text doesn't actually say it's
> unsafe, but just that it has downsides).
>
> I do wonder why you'd want to do that, tho.  Fragmentation is typically
> something that clueless Windows users worry about

No. Fragmentation is an issue with all copy-on-write filesystems
(including ZFS, which avoids periodic defrag by keeping an enormous
amount of information in memory and doing defrag on the fly on that).

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: lightweight wifi UI

[Mart van de Wege]

bw  writes:

> In-Reply-To: <20190527090258.213ecf5a@debian9>
>
>>From: Patrick Bartek 
>>My post WAS initially a report of anamolous behavior during
>>an install.  I had read of other systemd quirks.  (If no one knows, how
>>can it be fixed?)  The last paragraph asking for network manager
>>recommendations other than wicd was an afterthought.  You are correct:
>>I should have made it two posts.
>
> Not so much a report of anomolous behavior by your computer, but an 
> anomolous setup, since you have "converted" stretch in a way that you 
> don't explain.  You also still haven't shown the apt output that made you 
> believe installing wicd tempts systemd to behave insidiuously...
>
Are we sure it's not libsystemd0 that Patrick is objecting against?
Because that is the only systemd related Depends: in wicd's dependency
chain (pulled in via wicd-daemon -> dbus).

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: No Books in print on Systemd?

[Mart van de Wege]

Nicholas Geovanis  writes:
>
> That webpage is unfortunately the best doc I have found on
> SystemD. Its not unfortunate because it's bad doc, it's good but some
> is a little out of date. It's that there is nothing better from the
> makers of SystemD. In the ideal world only "us" system administrators
> would care about SystemD and it wouldn't be an issue for others. But
> SystemD is highly pervasive while being difficult to administer. Last
> I saw, the Amazon AWS linux images had removed it, using SysV-style
> init like the old days.
>
man systemd, follow the links in the SEE ALSO section. Really, is that
so hard?

I can manage to teach this to complete newbies. An experienced sysadmin
should have no excuse to complain about a shortage of documentation.

(Although like OP I would *love* to have a dead tree version; but then
again I *like* books)

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Discussion? New names of betwork devices

[Mart van de Wege]

Hans  writes:

> Am Freitag, 22. März 2019, 17:15:29 CET schrieb Reco:
>> Or, for instance, en0p2gibberish. They call them Unpredictable Device
>> Named for a reason.
>> 
>
> Yes, thsis is another thing, which I am thinking of: The names could change 
> (in case, when there are more than one network devices are active or the 
> order 
> of activing changed).

No. Changes in the activation order or the number of devices do not
matter. The naming scheme is based on what bus the devices are on and
what position on that bus they hold[1]. Once a name is assigned, unless
you plug the card into a different slot, you will get the same name
(note that this may not apply on hotplug architectures that don't assume
fixed slot positions, like USB).

It is the *old* way that lead to unpredictable renames unless you
implemented udev rules to hardcode names to e.g. MAC addresses.

> In the past, I forced the order with persistent- net.rules. Dunno, if
> normal users can deal with it. Can it your Mom or your Dad? Grandpa?
> Grandma?
>  
Is it any worse than expecting them to write a udev rule?

In the end it is a hard problem to solve because the Linux kernel does
dynamic enumeration of devices, so you either need a deterministic
algorithm to assign a name (ask the firmware) or a userspace workaround
in identifying the device (e.g. using udev rules, or using UUIDs in
/etc/fstab, etc).

Mart

[1] OK, not *entirely* true, it's based on what the firmware reports as
the device position (it used to be called 'biosdevname'. Don't know if
that still is the name in these (U)EFI times).

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

[Mart van de Wege]

Stefan Monnier  writes:

>> OP has a point though. The real world happens to have a huge amount of
>> heterogeneous networks, and asking for tools to keep those systems safe
>> is legitimate.
>
> I did not perceive the OP's request to be about the case where you
> administer lots of machines and you want to use a Debian machine as
> a virus-filter for all those other machines running Windows or whatnot.
>
> So I assumed he meant "I do want to run A/V" to mean that he wants to
> run an A/V just like all random Windows users feel the need to run some
> A/V software on their machine to feel safer.
>
I tend to make assumptions that the asker of a question knows what they
are talking about. In this case that meant assuming OP had a
heterogeneous environment they wanted to secure.

Sure, this is not always true, but assuming 'just a random Windows user'
is a tad...uncharitable, to say the least. Again proving OP's
disappointment to be correct, alas.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Mart -- [Solved] [Well, not solved,. but sickened by] Re: Group thoughts on: Anti-virus tools

[Mart van de Wege]

Stefan Monnier  writes:

>> re: apt solving all? I understand it recently had a long-time vulnerability
>> itself...
>> Linux will get hit more as it gets more popular.
>
> My point is not that APT and/or Debian is bullet-proof (I live under no
> delusion in this respect).  Just that instead of keeping your A/V
> up-to-date, the GNU/Linux approach to protecting oneself from attacks is
> to keep your OS up-to-date.
>
>
> Stefan
>
>
> PS: I guess that means I should have pointed to `unattended-upgrades`
> rather than to `apt` as the solution that corresponds to an anti-virus.

OP has a point though. The real world happens to have a huge amount of
heterogeneous networks, and asking for tools to keep those systems safe
is legitimate. Acting like purity ponies and basically going "Here's a
nickel kid, buy yourself a real OS" is immature at best.

I share OP's disappointment in the level of the replies they got.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Group thoughts on: Anti-virus tools

[Mart van de Wege]

deb  writes:

> Starting assumption: I do want to run A/V.
>
>  * I get that it may actually INCREASE attack surface.
>
>  * But I have Windows & Mac stuff going back and forth to Debian 9.8
> and just want to check.

When you say going back and forth, do you mean over the network?

On Linux the best solution right now is clamav, which is not 100%. Is it
an option for you to run a network based solution, like an IDS?

Mart
-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Why /usr/sbin is not in my root $PATH ?

[Mart van de Wege]

John Hasler  writes:

>> But it's not Joe Random User, it's Joe Sysadmin
>
> Worse.  Who is most likely to have put weird stuff in his environment?

And it's not as if sysadmins never log in as other users. Oh no.

Really, not using a clean, known environment as root is plain good
practice, and has been for years, if not actually decades.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Why /usr/sbin is not in my root $PATH ?

[Mart van de Wege]

Greg Wooledge  writes:

>
> The problem with "su -" is that it strips out *all* of your environment,

That's a feature, not a bug. You *don't* want to import Joe Random
User's environment into root's.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Very light "private" cloud

[Mart van de Wege]

Stefan Monnier  writes:

>> I used it at my previous job, and it works fine. Bonus: it has Debian
>> packages, and it is Free Software.
>
> I only see packages for the client side.

Eh. You're right.

The Seafile site has a download for the server though.

Regards,

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Very light "private" cloud

[Mart van de Wege]

"Michelle Konzack"  writes:

> Good day,
>
> I am searching vor a OwnCloud/NextCloud replacement, because I use
> exclusively and can not use MySQL.  Also the updates drive me nuts
> and its resurce conumption.
>
> Is there something MUCH MORE simplier and lighter?
>
> Preferable without ANY databases and written in PHP5 for possibel
> extensions?
>
> I need only access for maybe 10 (active) users and a bunch of users
> which have to get read access zu certain files/directories
>
> I want to use a seperated host like 
>
> Any suggestions?

Seafile.

I used it at my previous job, and it works fine. Bonus: it has Debian
packages, and it is Free Software.

Mart
-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Debian 9 rocks, really

[Mart van de Wege]

Andre Rodier  writes:

> Hello all,
>
> I have been using Linux since more than 20 years, and Debian Linux
> since Potato.

Same here. I started out on Red Hat 6.2, and discovered Debian when it
was on potato. I've been using some flavour of Debian personally since,
and some flavour of it or RH professionally.

I love it. It's been great consistently, and 9 really shines. I even
like systemd although I have some reservations about its design (I think
it's a bit over-engineered).

Debian 9 give me dev tools, and tools to manage service resources better
than ever. It's a lovely base system.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Origin of /var/run contents

[Mart van de Wege]

Sven Hartge <s...@svenhartge.de> writes:

> Mart van de Wege <mvdw...@gmail.com> wrote:
>
>> Eh. It's in the docs. /run is for runtime generated, ephemeral units
>> and other files.
>
>> What stumped me at first is that /etc has priority over /run
>
> This is because /etc is designed to override (or amend) anything from
> the system, either static from (/usr)/lib/systemd or generated from /run.
>
I realise that *now*. Originally I likened the systemd config to the
usual defaults compiled in, then sysadmin overrides in /etc/, then user
overrides in ~/

That was the wrong mental model, as it turned out.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Origin of /var/run contents

[Mart van de Wege]

"Martin S. Weber"  writes:

> On 2018-02-27 12:46:46, Gene Heskett wrote:
>> On Tuesday 27 February 2018 06:46:50 Martin S. Weber wrote:
>> 
>> > On 2018-02-27 05:03:15, Dave Sherohman wrote:
>> > > (...)
>> > > So, is there somewhere that /run is initially populated from,
>> > > (...)
>> >
>> > man 5 tmpfiles.d, see also its SEE ALSO.
>> >
>> > Regards,
>> > -Martin
>> 
>> Apparently new with jessie. But neither the lone jessie install, or the 
>> only stretch install actually have files in that directory. 
>
> In which of the three, /{etc,run,usr/lib}/tmpfiles.d ? According to 
> systemdese,
> the distribution files belong in /usr/lib/ (check the directory, I believe you
> won't find it empty), administrator adjustments in /etc (so no surprise a
> vanilla install doesn't have those) and /run, uhmm.. Ask a systemd disciple.

Eh. It's in the docs. /run is for runtime generated, ephemeral units and
other files.

What stumped me at first is that /etc has priority over /run

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Why does resolv.conf keep changing?

[Mart van de Wege]

Roberto C. Sánchez <robe...@debian.org> writes:

> On Fri, Oct 27, 2017 at 11:46:53PM +0200, Mart van de Wege wrote:
>> Roberto C. Sánchez <robe...@debian.org> writes:
>> 
>> > Think about that for a minute.  The mere action of an interface (any
>> > interface on the system) obtaining a DHCP lease is sufficient to have
>> > dhclient think it needs to obliterate my manual networking configuration
>> > with settings from the DHCP server.
>> 
>> Well, yes. That's what DHCP *does*.
>> 
> The problem I have with it is that in my case there are other *static*
> interfaces on the system and DHCP's assumption that it is operating in a
> vacuum is terribly annoying.

You are not. Hence resolvconf. And yes, having to muck about with
dhclient settings or resolvconf when you have a mixed dynamic/static
setup can be aggravating.

> I cannot be the only person who has encountered this particular issue
> with these circumstances and been frustrated by how difficult it is
> to, 1) find out what exactly is happening,

Actually my first thought was 'hmm, sounds like a DHCP client is
running".

> and 2) make it stop.
>
I remember how much time it took me to get used to resolvconf +
NetworkManager + dnsmasq on my laptop, to convince that combo to always
use my internal DNS servers so that my Kerberos realm would keep working
over VPN.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Why does resolv.conf keep changing?

[Mart van de Wege]

David Wright  writes:

> Am I the only person surprised that there wasn't more advocacy for
> systemd-resolved.service as well.
>
So far all that's stopping me experimenting with it is that I don't
understand the interaction between openvpn, systemd-networkd and
systemd-resolved yet.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Why does resolv.conf keep changing?

[Mart van de Wege]

Roberto C. Sánchez  writes:

> Think about that for a minute.  The mere action of an interface (any
> interface on the system) obtaining a DHCP lease is sufficient to have
> dhclient think it needs to obliterate my manual networking configuration
> with settings from the DHCP server.

Well, yes. That's what DHCP *does*.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Why does resolv.conf keep changing?

[Mart van de Wege]

Darac Marjal  writes:

>
> Who's saying it must be installed? Maybe I've missed something, but I
> think the consensus in this discussion was that if you want your
> resolv.conf to be unmanaged/static/administrator-controlled, then
> don't have resolvconf installed. If you have resolvconf installed,
> then what's the point of neutering it with a command?
>
Because in this case OP is running a DHCP client, which *will* overwrite
resolv.conf unless something stops it.

And you can then either try all kinds of workarounds, or install the
tool that's meant to manage resolv.conf in the presence of programs that
want to change it.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Why does resolv.conf keep changing?

[Mart van de Wege]

Roberto C. Sánchez  writes:

> On Thu, Oct 26, 2017 at 12:24:32PM +0100, Darac Marjal wrote:
>> 
>> Actually, there's no need to duplicate the effort. As I understand it,
>> resolvconf is basically an optional helper program. Software that
>> automatically modifies /etc/resolv.conf should first test for the presence
>> of resolvconf (whether that be checking for the configuration directory of
>> resolvconf or checking that resolvconf is running or... however resolvconf
>> desires to be detected). If resolvconf is available, the changes are
>> co-ordinated through resolvconf, otherwise, /etc/resolv.conf is modified
>> directly.
>> 
> In my case resolvconf is not installed/available and I want resolv.conf
> to be left alone.  I want any other package that thinks it needs to
> modify resolv.conf to leave it along.

But there *is* a way to do that: install resolvconf.

Granted, it might be nice if resolvconf had an easier way to configure a
static setup, but as it is now packages that need to access resolv.conf
should do this through resolvconf if it is available, so installing and
configuring it *is* the right way to handle this.

Mart
-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: If Linux Is About Choice, Why Then ...

[Mart van de Wege]

GiaThnYgeia  writes:

> Am I wrong?

You have at least nothing but opinion supporting the assertion that you
are right. So the jury is out on that one.

> I don't hear newbies single machine users having much of an issue with
> systemd, but people whose work for many years was based in fine-tuning
> other init systems seem to be having issues in adopting to this new
> status-quo whether they like it or not.

Here's a data point: having dealt with the vagaries and shortcomings of
SysV init professionally, I *like* systemd, even if it has a few warts.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: If Linux Is About Choice, Why Then ...

[Mart van de Wege]

David Wright  writes:

> On Mon 10 Apr 2017 at 21:21:00 (+), GiaThnYgeia wrote:
>> For a second month under freeze not much
>> development can take place in unstable, as it is really tomorrow's
>> testing.
>
> What do you mean? Sid (unstable) is always sid. It doesn't suddenly
> become buster (the next testing) when stretch is released.
>
To be fair, as someone running Sid and doing almost daily updates, it is
noticeable when there is a testing freeze, as Sid comes to an almost
complete standstill while developers concentrate on the freeze.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: System broken after yesterday's upgrade

[Mart van de Wege]

solitone  writes:

> On Wednesday, 12 April 2017 19:55:12 CEST Jochen Spieker wrote:
>> I'd write a bug report. Your e-mail is a pretty good start.
>
> To Debian BTS? Related to the kernel package? I have no clues as to what 
> component might be actually involved.
>
It's USB-related, so I'd say either the kernel package or udev.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: If Linux Is About Choice, Why Then ...

[Mart van de Wege]

 writes:

>
> What systemd brings (mainly[1]) to the table is the decoupling of
> different "parts" of init: just imagine you have one service (let's
> say a web server) which depends on some other thing (say a file
> system being present via ummm... NFS, but it could be a RAID or a
> memory stick, you get the idea). With a SysV init you can't express
> that: you would have to script it explicitly. With systemd you
> can express that the web server is only to be started once that
> file system appears.
>
> So I'd rather say systemd is an adaptation to a much more volatile
> hardware landscape (which previously was only known in big iron)
> comming to the masses these days (just think USB). It corresponds
> to a more "dynamic" configuration.
>
> There are, of course alternative ways to skin the cat.
>
> Note that I'm a decided systemd opponent, and that might shine
> through the above. Feel free to correct any misrepresentation.
>
You've been perfectly fair. Would that all opponents did so.

As Nicolas said, systemd's main advantage is that it keeps better track
of what exactly it launches. Not only can it keep track of subprocesses
launched by the main process, it can also use that knowledge to manage
their resources, giving the sysadmin the power to constrain a service so
that it never eats up all system resources.

Or, by putting it in a separate scope, it can separate processes from
the user session that started them, making clear the difference between a
rogue process that should have died on logout, and a user service that
should persist across sessions.

The bad news on that last one is that it triggered another flamewar, as
the default chosen (kill all processes on user session end) was rather
unfriendly to programs like tmux and screen.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: If Linux Is About Choice, Why Then ...

[Mart van de Wege]

Rick Thomas  writes:

> On Apr 3, 2017, at 7:36 AM, Tom Browder  wrote:
>
>> But I kind of understand why systemd, but I wish I could find a good
>> cookbook description of how to add or modify a new process.
>
> +1
>
> Indeed: 
> The main thing I personally have a problem with in systemd that I did
> not have a problem with in sysvinit is that the documentation for how
> to do things “the systemd way” is hard to find and opaque once you do
> find it.

'man systemd' gives a good overview and points you to the other
manpages, which all are explicit, expansive, and full of examples.

I never got the feeling that systemd was underdocumented. In fact, I
sometimes wish it were a bit more concise.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: installer defaults for desktops (was Re: Suggested edit)

[Mart van de Wege]

Jonathan Dowland  writes:

> On Wed, Mar 22, 2017 at 08:06:46AM -0400, Greg Wooledge wrote:
>> On Tue, Mar 21, 2017 at 08:52:46PM -0400, Catherine Gramze wrote:
>> > Do you prefer that people move on to other distros after a base system only
>> > installation because the Debian installer let them inadvertently get there?
>> 
>> If they're like you, yes.  Good riddance.
>
> This thread is a great example of why I really despise debian-user sometimes.
> There's no reason to be so hostile, you simply disagree with each other. This
> list is too toxic a lot of the time. Please either post friendly and
> constructively or not at all.

I disagree. Sometimes there is no disagreement, someone is just plain
wrong. Catherine has been given the use cases that disprove her thesis,
and has been contradicting herself.

Continuing to be nice in some misguided attempt at false balance *does*
*not* *help*. If someone is wrong, they should be told; if they insist
on not wanting to be educated, at a certain point you must simply wash
your hands of them. It's not nice, but it *is* constructive.

"Cuiusvis hominis est errare, nullius nisi insipientis in errore"
  - Cicero

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: How do you disable / enable services from starting in systemd

[Mart van de Wege]

Jiangsu Kumquat  writes:

> How do you disable / enable services from starting in systemd?
>
man systemd

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Why gets unattended-upgrades installed after Debian jessie -> Debian stretch upgrade?

[Mart van de Wege]

Lisi Reisz <lisi.re...@gmail.com> writes:

> On Monday 06 February 2017 18:24:38 Mart van de Wege wrote:
>> Lisi Reisz <lisi.re...@gmail.com> writes:
>> > On Monday 06 February 2017 13:54:11 Brian wrote:
>> >> On Mon 06 Feb 2017 at 13:19:00 +, Patrick Schleizer wrote:
>> >> > The unattended-upgrades was not installed on my Debian jessie system.
>> >> > After upgrading to Debian stretch, the package unattended-upgrades got
>> >> > installed. 'reverse-depends unattended-upgrades' [1] did not make me
>> >> > any wiser. There must be a gap of my apt knowledge. Can anyone shed
>> >> > light on this please?
>> >>
>> >> https://lists.debian.org/debian-devel/2016/11/msg00117.html
>> >
>> > Can it cope with a back-log?  Has anyone tried?
>>
>> We use it in production at work. Yes, it can, *provided* you don't have
>> any config file changes. That, it can't handle.
>
> That is very reassuring.  Do you feel like sharing your config file?
>
It's not different from the default, so that's good.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Why gets unattended-upgrades installed after Debian jessie -> Debian stretch upgrade?

[Mart van de Wege]

Lisi Reisz  writes:

> On Monday 06 February 2017 13:54:11 Brian wrote:
>> On Mon 06 Feb 2017 at 13:19:00 +, Patrick Schleizer wrote:
>> > The unattended-upgrades was not installed on my Debian jessie system.
>> > After upgrading to Debian stretch, the package unattended-upgrades got
>> > installed. 'reverse-depends unattended-upgrades' [1] did not make me any
>> > wiser. There must be a gap of my apt knowledge. Can anyone shed light on
>> > this please?
>>
>> https://lists.debian.org/debian-devel/2016/11/msg00117.html
>
> Can it cope with a back-log?  Has anyone tried?

We use it in production at work. Yes, it can, *provided* you don't have
any config file changes. That, it can't handle.

And forgive me a bit of a rant: it's a stereotypical Ubuntu hack job:
inefficient, chokes on fairly standard deviations from the norm and
badly documented.

I agree with the developers' sentiment that automatic upgrades are a
good thing, but I really think Debian could have cooked up a better
script than !@#$% 'unattended-upgrades'.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: MTP device mount gnome 3

[Mart van de Wege]

Tony Baldwin  writes:

> My experience has been that this whole "MTP" thing, instead of just
> mounting phones like they used to, as a storage device, has been a
> real horror show, I've given up on getting it to work consistently and
> have installed dropbox on my phone and desktop to move stuff back and
> forth, which also has its headaches and limitations, but is
> consistent, and works.. for a while I was just using an ftp client,
> ANDFTP, to move stuff back and forth to a directory on my rented VPS
> in Germany that I had sshfs mounted here at home, which also worked,
> but was a little more klunky, as they say (bit of a kludge?)
>
> Tony
>
The best option I found is to install FX Explorer and upgrade it to the
plus version, which gives me an SMB/FTP/SSH client to directly read my
PCs' filesystems (and direct access to my home fileserver).

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: systemd requires "plymouth" on server?

[Mart van de Wege]

Steffen Dettmer  writes:

> 2) "Failed at step exec spawning /bin/plymouth: no such file or directory"
> Google suggest this is some graphical whatever, so I think it would be
> a bug if found on a server
>
No, plymouth is not *just* graphical. It is needed for the cases where
you need to provide a password on boot, such as when you have encrypted
volumes or a KDC with no master password stashed.

As I understand it, because systemd starts everything in parallel as
much as possible, it is possible that the password prompt is no longer
available by the time systemd has stopped firing off startup jobs.

A better explanation here:

http://web.dodds.net/~vorlon/wiki/blog/Plymouth_is_not_a_bootsplash/

And finally, can you please tone down the hostility to systemd a bit?
The flamewars have quietened down, and the tone of your posts is likely
to fire them up again.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: NTP insecure defaults

[Mart van de Wege]

Henrique de Moraes Holschuh  writes:

>
> For client-only, openntpd is likely a better choice, yes.  Better yet,
> use "chrony", which is optimized for desktop/laptops (which get
> disconnected/powered off/suspended often).
>
> ntp - time servers, high-precision time clients.
> opentpd - always-on medium-precision time clients.
> chrony - everything else.
>
This is good to know. I fixed the open configuration myself, but next
time I know to install a different package if I want only to sync my
local time and not provide time service myself.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: NTP insecure defaults

[Mart van de Wege]

Michael Luecke <mich...@m-luecke.de> writes:

> On 01/07/2017 09:33 AM, Mart van de Wege wrote:
>> Turns out the Debian default is indeed to provide time service if you
>> install NTP. Shouldn't that be limited to localhost only, so that an
>> admin must deliberately open up the service if they want to provide NTP
>> service to the outside world?
>
> Did you install any package that suggested or depended on the ntp
> package? Because on my system, the ntp package is not installed. ntp
> is handled by systemd-timesyncd. So the current Debian installer does
> not install the ntp by default in my opinion.
>
While I like systemd and its related projects, I have not yet switched
to systemd-timesyncd.

And I was not implying Debian installs ntp by default, merely that the
package comes with IMO insecure defaults.

> I downloaded the ntp_4.2.6.p5+dfsg-7+deb8u2_amd64 package and looked
> into the /etc/ntp.conf and it is restricted to 127.0.0.1 and ::1 by
> default.
>
>> I thought of opening a bug, but I'd like a second opinion
>> first. Thoughts anyone?
>
> I think you should give us a little more details before filing a bug
> report (what did you install, which files did you change, ...).
>
See, that's why I asked for a second opinion.

I explicitly installed the ntp package, and mine came with this as
default:

# By default, exchange time with everybody, but don't allow configuration.
restrict -4 default kod notrap nomodify nopeer noquery limited
restrict -6 default kod notrap nomodify nopeer noquery limited

I commented these out, and left the next stanza, which *is* a
restriction to localhost.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

NTP insecure defaults

[Mart van de Wege]

My hosting provider recently pointed my attention to the fact that my
Jessie installation was running NTP and listening and responding to the
outside world, which is considered a security risk due to the
possibility of amplification attack DDoSes.

Turns out the Debian default is indeed to provide time service if you
install NTP. Shouldn't that be limited to localhost only, so that an
admin must deliberately open up the service if they want to provide NTP
service to the outside world?

I thought of opening a bug, but I'd like a second opinion
first. Thoughts anyone?

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Where are WiFi passwords (WPA keys) stored?

[Mart van de Wege]

Robert Latest  writes:

> Not in /etc/wpa_supplicant/wpa_supplicant.conf, despite suggestions in
> every bit of documentation that I got my hands on. In fact, that file
> doesn't even exist on my jessie system. Nevertheless, when I
> configured the WiFi network using some GUI tool in the XFCE desktop,
> it worked. Even after a reboot, with no desktop running, I could ssh
> into the system via WiFi.
>
> So there must be a place, somewhere, where the WiFi passowrd ist
> stored, outside the realm of some specific user. Where is it?
>
Assuming you're running Network-Manager, you can find the individual
connections defined in /etc/NetworkManager/system-connections, with each
connection having a psk= attribute line with the psk.

Note that these files are only root-accessible.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Jessie upgrade without systemd [was: Debian *not very good]

[Mart van de Wege]

Joe  writes:

> Sorry, I may not have been clear, I was saying that reinstalling to
> jump the 32/64 bit barrier has been the only significant upheaval in
> the progress of my server since sarge, and that reinstallation was like
> for like and therefore quite simple.
>
> If I have to reinstall the server with systemd from the beginning,
> because the upgrade is too difficult, then restoring its current
> functionality is likely to be significantly harder than the 32/64 bit
> change was. I will be migrating configurations between different Debian
> versions manually, at the same time as dealing with any systemd issues.
> I hope very much to avoid the need for that.
>

It really is hard to say. The upgrade can be painless, but there are
some services that have changed startup behaviour under systemd, and
they can get into some painful issues when reconfiguring. Mostly because
systemd handles dependencies differently from SysV init, and especially
because it does not blithely ignore failed dependencies.

You really are going to have to bite the bullet and build a test server.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: A full /var partition destroyed 3 hours of my life!

[Mart van de Wege]

Borden Rhodes  writes:

> Since there's almost no documentation as to what can be safely rm'd in
> /var without breaking your system, I decide the least risky choice is
> to sudo rm -rf the offending 3-gig syslog file from single-user mode
> and the systemd debug shell. But *THIS* command failed because there
> was 'no space left on the device'. Is this right? Does rm need space
> on a drive to free other space?

Yes, this is right. The problem is not 'rm', the problem is that you use
sudo without understanding why it is set up like that: sudo logs the
command it executes to /var/log/auth.log


-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: resolvconf troubles

[Mart van de Wege]

Glenn English  writes:

> Does anyone know how to get rid of resolvconf?
>
> I'm putting a server together, and resovlconf keeps wiping my
> /etc/resolv.conf file and replacing the nameserver IP with "# Created
> by resolvconf" (approx). No nameserver, no anything.
>
> I removed it with Aptitude, and the file started talking about being
> built with dhcpd. Nameserver still wiped, and Aptitude says there's no
> package called dhcpd.

Have you tried 'apt-cache search dhcpd'?

And if you are installing a server, why didn't you pick manual (static)
configuration during the install?

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: imapsync and Debian

[Mart van de Wege]

Florian Pelgrim  writes:
>
> I wanted to start now a rant against Cyrus but holy shit... They have
> got a new website and it all looks modern... Maybe I should take a look
> on it again.
>
I don't care if it *looks* modern, as long as it has more information
than the old site(s); I quite like Cyrus, but until recently the
documentation was spread over multiple sites and the mailing list.

I am in fact still wrestling with getting the CalDAV component up and
running; apparently it didn't support GSSAPI authentication as of 2.4,
time for me to see if 2.5 now in Sid is better.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: /etc/fstab and systemd

[Mart van de Wege]

Pol Hallen  writes:

> hi all :-)
>
> I migrated my pc to systemd (!), in /etc/fstab I've
>
> /dev/sdb1 /test   ext4x-systemd.automount 0   0
> (I use UUID but to semplify I wrote /dev/sdb1)
>
> this line works but only on some pc
>
> what is the correct way to mount a disk automatically at start up of system?
>
> thanks!
>
Just remove the x-systemd.automount. Replace it with 'defaults' or
whatever other options you like.

Unless a volume is marked with specific systemd options to *not* mount
it automatically, systemd will mount everything in fstab at boot.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: open - resource temporarily unavailable

[Mart van de Wege]

Andrey  writes:

>   tuxteam.de> writes:
>
>> Other things to check: does that happen on any files? On a
>> specific file system? If yes: how is that one mounted?
>> 
>
> It happens to any file on any ext4 partition which are locally mounted.
>
> Is there a way to find out at least which part of the system is responsible
> for 'resource temporarily unavailable'.
>
>
What's the output of 'df -i'? If you create lots of files, maybe you ran
out of inodes?

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Linux startup, Wheezy -- a required script won't run on startup, but can run manually without any trouble

[Mart van de Wege]

Christian Seiler  writes:

>
> No, in the contrary. When I first saw Gentoo's system in the mid 2000s,
> which was based exclusively on dependencies (but still used scripts on
> top of sysvinit), I thought: wow, this is SO much better than all the
> other distros at that time.
>
> To me, anything that doesn't allow me to have dependencies is not worth
> my consideration. I've often had to write own services that hook into
> the system startup at certain points. And being able to specify
> dependencies is something absolutely essential here. Because then I
> actually semantically describe why I want a service in a given position
> in the boot sequence. Doing it in any other way is madness to me.
>
> There's a reason why _every_ modern init system supports dependencies
> (systemd, Solaris's SMF, nosh, OpenRC, ...), because in the modern
> world, where so many things need to be taken care of at boot, it's
> absolutely essential to be able to express the relations betwen all
> the services that need to be started explicitly in form of
> dependencies, otherwise you'd never be able to really tackle the
> complexity.
>

To use an analogy: there is a reason why programming languages switched
from line numbers to named subprograms.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Shell - escapes

[Mart van de Wege]

Mark Fletcher  writes:

> On Tue, May 10, 2016 at 9:20 PM  wrote:
>
> If you are embedding longer scripts in your shell, consider using
> "here documents", which are more flexible wrt. embedded quotes.
> For one-liners, Thomas' solution works nicely.
> 
> 
>
> Except that it does what the OP clearly said he does NOT want to do --
> it uses double quotes.
>
"Doctor, it hurts when I do this."

"Well, don't do that, then!"

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

gvfs mount issues ('not authorized to perform operation')

[Mart van de Wege]

Hi,

It appears something is broken in my xfce install, as Thunar can't mount
removable volumes anymore.

I've managed to narrow down the issue as happening somewhere between
gvfs and udisks2. Mounting a USB Flash drive with 'udisksctl mount -b
/dev/sdb1' works, but 'gvfs-mount -d /dev/sdb1' gives the 'Not
authorized to perform operation' error.

According to the actions defined in 
/usr/share/polkit-1/actions/org.freedesktop.udisks2.policy I should be
able to mount removable volumes as an active user. loginctl shows my
session as Active.

Anyone have any idea what the next step is I could check?

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

mailman: no outgoing mail, no mail accepted for lists

[Mart van de Wege]

Hi,

I just installed mailman+postfix, and followed the instructions in
/etc/mailman/postfix-to-mailman.py to what I think was the letter.

And yet, when I create a list and add myself as a member, I get no
mail.

When I try to send mail to the test list, I get a 'User unknown in relay
recipient table' error.

And when I run the genaliases command as instructed in the above file, I
get an error about MTA being set to 'None' (despite the instructions
explicitly saying it should be):

"genaliases can't do anything useful with mm_cfg.MTA = None."

Am I doing something wrong, or did I run into a documentation bug?

/etc/postfix/main.cf snippet:

relay_recipient_maps = hash:/var/lib/mailman/data/virtual-mailman
relay_domains = lists.amek.amsterdam
transport_maps = hash:/etc/postfix/transport
mailman_destination_recipient_limit = 1

/etc/postfix/master.cf snippet:

mailman   unix  -   n   n   -   -   pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

/etc/postfix/transport snippet:

lists.amek.amsterdammailman:

/etc/mailman/mm-cfg.py snippet:

MTA=None   # Misnomer, suppresses alias output on newlist
POSTFIX_STYLE_VIRTUAL_DOMAINS = ['lists.amek.amsterdam']
DEB_LISTMASTER = 'postmaster@amek.amsterdam'

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Latest NVIDIA driver (346.96) issue

[Mart van de Wege]

Pascal Obry  writes:

> Since yesterday update of NVIDIA 346.96-1 I get an error about uvm
> module:
>
> The module is compiled (dkms):
>
> $ ls -la /lib/modules/4.3.0-1-amd64/updates/dkms/nv*
> -rw-r--r-- 1 root root 11730792 Jan 20 09:08
> /lib/modules/4.3.0-1-amd64/updates/dkms/nvidia-current.ko
> -rw-r--r-- 1 root root   111776 Jan 20 09:08
> /lib/modules/4.3.0-1-amd64/updates/dkms/nvidia-current-uvm.ko
>
> But cannot be loaded:
>
> $ sudo modprobe nvidia-current-uvm
> modprobe: ERROR: could not insert 'nvidia_current_uvm': Invalid argument
>
Check the documentation to see if your chipset is still supported. I had
this problem with the upgrade, as the Quadro in my laptop is no longer
supported by the mainline driver.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: sexist content in the package openclipart2-png

[Mart van de Wege]

Anders Andersson  writes:

> On Tue, Jan 5, 2016 at 2:21 AM, Joel Rees  wrote:
>> Others? You and I seem to have different ideas about what we want
>> children to find when they reach up on the family/school bookshelf.
>
> Please leave your children's upbringing out of our operating system.
> I'm not sure why you would have Debian's packages printed and on
> display in your bookshelf without scrutiny. As a parent, you know that
> it's your responsibility to limit their access to whatever your
> culture might find offensive, if you don't wish them to be exposed to
> that. On the school bookshelf I expect to find a good encyclopedia
> containing a lot more interesting images than what is available in the
> clip-art package, and if not, they can always turn to Wikipedia
> (https://en.wikipedia.org/wiki/Breast comes to mind).
>
> Hopefully no one will have to determine if a package is "child-safe"
> before accepting it into Debian. That would be a big can of worms to
> open.

But we already do so. The fortunes package has the sexually-oriented
jokes and the atheism aphorisms split out into the fortunes-off package,
because it is (rightly IMO) considered that people might take offense at
getting these randomly.

There is nothing wrong with trying to reach a reasonable accommodation
with people to make them feel more comfortable. The only argument
against OP is simply that you feel that they are not asking for a
*reasonable* accommodation. That can be debated, but a dismissive tone
like above does not come over like you're interested in actually
debating it.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: sexist content in the package openclipart2-png

[Mart van de Wege]

John Hasler  writes:

> peter write:
>> I'm confused what specifically is meriting censorship?
>
> Political incorrectness.

So when do we see your bugreport asking to merge fortunes-off into
fortunes?

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

[Mart van de Wege]

Sven Arvidsson  writes:

> On Tue, 2015-12-01 at 16:39 -0500, Felix Miata wrote:
>> "Now", as in Stretch and/or Sid? I searched in Jessie and failed to
>> discover
>> any available firmware-amd-graphics. Is another repo besides main and
>> updates
>> required? I booted same machine to Stretch, and neither package was
>> found.
>> And, Stretch is also using FBDEV, like OP here, and stuck in
>> 1280x1024 on a
>> 1680x1050 display, with libdrm-radeon1, xserver-xorg-video-ati and
>> xserver-xorg-video-radeon installed. ???
>> 
>
> Sid and/or stretch, I don't recall exactly when the split was made.
>
> The clue is in the name, nonfree ;)

Ah yes. I knew I fixed it by installing firmware-linux-nonfree, as I
knew that pulled in the radeon firmware; I was unaware that it was split
in sid, and since I run sid on this laptop, I assumed that the split
that I found dated back to Jessie.

And you know what they say about assuming things... ;)

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: OT: reply styles, family matters

[Mart van de Wege]

Bob Bernstein  writes:

> On Wed, 2 Dec 2015, Chris Bannister wrote:
>
>>> "Please don't respond line by line. It is patronizing and
>>> annoying."
>
>> What did he say when you asked what he meant by this? I mean, how on
>> earth could it possibly be patronising?
>
> I haven't asked him yet, in the interest of not muddying still
> waters. I've been thinking about his "patronizing" response and I
> believe it is an objection to the obvious clarity and precision that
> inline responses afford.

It may be that inline replies are associated with the practice of
'fisking', which in conservative circles is interleaving derogative
comments with the target of derision's original content (usually a blog
post).

If the only time you see interleaved comments is in 'fisked' pieces,
then I could understand not feeling comfortable when someone does that
in an email reply.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: OT: reply styles, family matters

[Mart van de Wege]

Bob Bernstein  writes:

> "Please don't respond line by line. It is patronizing and
> annoying."
>
> I have acquired over the years a habit of carefully quoting and
> replying to those quoted snippets. But it rubs some in my family the
> wrong way. They don't see it as part and parcel of effective
> communication, or as, at bottom, simply good netiquette. They feel
> talked down to. My nephew's father had the same problem with me years
> ago but I think I have brought him around over time so that he no
> longer "takes it personal."
>
> With that as background, here is my question/request: is anyone aware
> of a spirited defence of our ideal method of "selective quoting," (for
> lack of a better label) one, say, that perhaps has achieved the status
> of a "net classic?" Surely some 'net genius has dealt these
> nay-sayers, who seem to LIKE top-posting, a solid uppercut?
>
Why not do your correspondents the courtesy of replying in the style
*they* want?

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Upgrade to Jessie lost all monitor resolutions except 1024x768

[Mart van de Wege]

Felix Miata  writes:

> Another possibility is that Jessie provides firmware your ATI gfxcard
> requires in a separate firmware package that is not installed, or
> maybe the ATI driver package didn't get installed at all.

I manage a bunch of workstations with exactly this issue. I had to
install firmware-linux-nonfree to get X to recognise the Radeon cards in
these machines. Since firmware-linux-nonfree pulls in
firmware-amd-graphics, I suspect installing the latter will be
sufficient for OP.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: two pulseaudio processes

[Mart van de Wege]

Chris Bannister <cbannis...@slingshot.co.nz> writes:

> On Sat, Nov 28, 2015 at 12:33:33PM +0100, Mart van de Wege wrote:
>> Chris Bannister <cbannis...@slingshot.co.nz> writes:
>> 
>> > On Thu, Nov 26, 2015 at 01:22:25PM +0100, rgfoiugztfgvbhjk wrote:
>> >> Does anybody know who Debian-+ is, why he is starting pulseaudio and
>> >> using my headsets, and if this is a bug that should be reported
>> >> against pulseaudio or something else?
>> >
>> > If you purge pulseaudio, does everything work as you want?
>> >
>> 
>> Look, either there is a bug in play here or a misconfiguration. Purging
>> pulseaudio is merely papering over a problem, it's not a solution.
>
> Listen, sound was working fine for me but after an upgrade sound stopped
> working. I found pulseaudio installed so I purged it and sound worked
> again, so sorry but it is a solution.
>

And OP has no problem with sound under pulseaudio, as long as there is
only one instance running. Since there is supposed to be only one
instance, blindly purging pulseaudio is cargo-cult troubleshooting.

>> > If you actually need pulseaudio, then I'd report the bug against the
>> > pulseaudio package.
>> 
>> Given that parent apparently wants to be able to switch between normal
>> sound output and a headset, I'd say it is fairly obvious there is a need
>> for pulseaudio, as that is one of its use cases.
>
> *sigh* I can listen to audio via a headset or the internal speakers
> without pulseaudio so I don't know what you are implying.

With a bluetooth headset like OP? I doubt it.

I am not implying, I am stating right out you are projecting an
irrational dislike of pulseaudio on OPs problem, which is *NOT* helpful.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: two pulseaudio processes

[Mart van de Wege]

Chris Bannister  writes:

> On Thu, Nov 26, 2015 at 01:22:25PM +0100, rgfoiugztfgvbhjk wrote:
>> Does anybody know who Debian-+ is, why he is starting pulseaudio and
>> using my headsets, and if this is a bug that should be reported
>> against pulseaudio or something else?
>
> If you purge pulseaudio, does everything work as you want?
>

Look, either there is a bug in play here or a misconfiguration. Purging
pulseaudio is merely papering over a problem, it's not a solution.

> If you actually need pulseaudio, then I'd report the bug against the
> pulseaudio package.

Given that parent apparently wants to be able to switch between normal
sound output and a headset, I'd say it is fairly obvious there is a need
for pulseaudio, as that is one of its use cases.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: two pulseaudio processes

[Mart van de Wege]

rgfoiugztfgvbhjk  writes:

> Hi, 
>
> I am using Pulseaudio in testing. 
>
> Playing sound through the laptop built-in sound card is working fine.
> But I also have a Bluetooth Headset (Phillips SHB9100), This is where the 
> Problems occur. 
>
> root@schenker:/home/ich# ps aux | grep pulse
> Debian-+ 1266 0.0 0.0 590568 1652 ?  S /usr/bin/pulseaudio --start --log-target=syslog
> Debian-+ 1273 0.0 0.0 122664 0 ?  S Nov24 0:00
> /usr/lib/pulseaudio/pulse/gconf-helper
> ich 1456 0.1 0.1 589100 4960 ?  S --start --log-target=syslog
> ich 1479 0.0 0.0 122664 0 ?  S Nov24 0:00
> /usr/lib/pulseaudio/pulse/gconf-helper
> root 10111  0.0  0.0  11132   880 pts/0S+   13:09   0:00 grep pulse
>
> There are two pulseaudio processes, one for me, and one for
> "Debian-+", a user I couldnt find any notice of anywhere, neither in
> /etc/passwd, nor on the Internet. (Did you know you can't Google for
> "Debian-+"?).
>
Here's a tip to find usernames that ps truncates:

getent passwd | grep 

If I do that on my box, I find Debian-exim and Debian-gdm.

Can you do the same on your box and see what you get? If you get the
same, then I suspect that Debian-gdm is starting your pulse process for
you. I wonder if that is not a bug, as pulse should run as a user,
AFAIK.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: Starting systemd user services on boot on a Debian server [SOLVED]

[Mart van de Wege]

Michael Biebl  writes:

> Am 17.10.2015 um 10:20 schrieb Fredrik Jonson:
>> In  Lisi Reisz wrote:
>>>  On Saturday 17 October 2015 06:24:10 Fredrik Jonson wrote:
 Michael Biebl wrote:
>  Am 16.10.2015 um 19:05 schrieb Fredrik Jonson:
>>  If in doubt, do install this package.
>
>   Did you maybe misread that as
>  "If in doubt, do *not* install this package".

 Yes I did. I don't know how many times I've read that sentence, and clearly
 saw a _not_ in there. Interesting.
>>>
>>>  The structure foreshadows a "not".
>> 
>> Maybe the presence of the entire sentence indicates that the package really
>> should be installed by default on systems where systemd is installed?
>> 
>
> I'm not a native speaker, so I'm happy to rephrase the message to make
> it more obvious. Suggestions?

The use of 'do' in that way suggests emphasis. If you wanted that
emphasis, a more unambiguous way is

  If in doubt, *install* this package

If the emphasis is unnecessary, just leave out the the 'do'.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: systemd alternative for Jessie?

[Mart van de Wege]

Alex Moonshine  writes:

> On Wed, 14 Oct 2015 07:49:08 -0500
> Richard Owlett  wrote:
>
>> What has the end-user, with a single machine, gained today from 
>> the adoption of systemd?
>
> Speaking for myself:
> 1. It took me an hour of googling to write my own working init script.
> It takes me 10 minutes to write my own systemd unit.
> 2. Boot times improved.
>
Autostarting programs on login is a lot simpler now, and unified across
desktop environments; I'm no longer dependent on the capabilities of the
session manager, and I can even autostart programs I need when logging in
on the console.

In my case, having a running emacs server is indispensable, so I wrote a
systemd user service unit.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: a little jessie whinage

[Mart van de Wege]

Seeker  writes:

> On 10/12/2015 12:31 AM, Glenn English wrote:
>>
>> On my laptop, there's a static nameserver address used by
>> eth0. wlan0 uses that too, when it can. But, IIRC, it's smart enough
>> to go looking around if the local network is gone.
>>
>>
> If you set up your network interface in '/etc/network/interfaces'
> resolvconf should pick up the nameserver
>  settings from the 'dns-nameservers' line of the config and you can
> stop worrying about ham-fisted software
> scribbling over your settings.
>
> That *is* the reason resolvconf was created. :-)
>
> By default network manager should see that an interface is set up in
> the interfaces file and not mess with it.

And it does behave that way. The NM/resolvconf combo ought to work fine,
and only overwrite resolv.conf because you ask it to (for example, when
switching networks). I've been running it for several years now, and the
only trouble I've had is with the interface between resolvconf and the
local bind instance I run as caching nameserver and authoritative slave
for my VPN.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: What software can I use to remind me of daily tasks?

[Mart van de Wege]

Mario Castelán Castro   writes:

> Thanks too. I use Emacs, but I don't have it always open because I
> only use it for editing notes and software. A stand-alone program is
> therefore more suitable for me. I have tried KAlarm and it seems to do
> the job fine.
>
You can run emacs in server-mode of course. If you drop a service unit
in .config/systemd/user you can start it at login.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: a little jessie whinage

[Mart van de Wege]

Glenn English  writes:

>
> This is what we're supposed to use for servers on the Internet?

No, for servers we don't install NetworkManager and resolvconf, and we
do static configuration.

Really, you should know better if you're going do whine.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: What software can I use to remind me of daily tasks?

[Mart van de Wege]

Mario Castelán Castro   writes:

> Hello.
>
> I'm looking for a free (as in freedom) software that will remind me of
> daily tasks. That is it: one in which I can program reminders to be
> shown daily at a certain hour as a window to catch my attention or as
> a sound. I have searched in the web, but I have only found
> unmaintained software that doesn't do this.
>
Emacs Org-mode will work, if you install the org-alert package from elpa.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: a little jessie whinage

[Mart van de Wege]

Glenn English  writes:

> 'hostname -f' isn't rocket science -- it's just a small lookup. I
> suspect it goes to ifconfig for the IP then in hosts for the FQDN that
> matches the IP, or, apparently, resolv.conf and hostname.

You shouldn't suspect, it's in the Fine Manual. It calls into the C
library name/address resolution functions, so it uses whatever is
configured in nsswitch.conf; that means /etc/hosts first on a default
install. No need to call in an external resolver for that.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: a little jessie whinage

[Mart van de Wege]

Glenn English <g...@slsware.net> writes:

> On Oct 11, 2015, at 1:58 PM, Mart van de Wege <mvdw...@gmail.com> wrote:
>
>> No, for servers we don't install NetworkManager and resolvconf, and we
>> do static configuration.
>
> I didn't install NM, the installer did. I didn't know there was such a thing.
>
> I did know enough, though, to toss resolvconf and hand write
> resolv.conf, in the past. resolvconf is straightforward enough to know
> what it does. It does one thing, but not too well.
>
Obviously your experiences differ from mine. I run both on my laptop,
and it is resolvconf that is the horror for me, as I keep having to
occasionally purge the config because it once again is persistently
adding a name server to resolv.conf that is not available.

On the other hand, NM has run fine on my laptops ever since the 0.8
version.

Mart

-- 
"We will need a longer wall when the revolution comes."
--- AJS, quoting an uncertain source.

Re: should I get rid of pulse audio ?

[Mart van de Wege]

Arno Schuring aelschur...@hotmail.com writes:

 Date: Mon, 17 Aug 2015 23:16:55 +0200
 To: debian-user@lists.debian.org
 [..]

 You can't install gnome without the pulseaudio libraries, but it runs
 perfectly fine without the daemon.


 On Debian?

 $ aptitude why gnome-core pulseaudio
 p   gnome-core Depends pulseaudio

 This to me suggests that it doesn't even install without the daemon.


And if you were to pull in pulseaudio through that package and disable
the daemon, Gnome would run just fine.

Why are you so invested in not simply admitting you were wrong?

Mart

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.

Re: should I get rid of pulse audio ?

[Mart van de Wege]

Arno Schuring aelschur...@hotmail.com writes:

 Date: Sun, 16 Aug 2015 13:37:37 -0700
 From: bri...@aracnet.com

 [..snip list of PA inadequacies..]

 so soliciting opinions on whether or not getting rid of pulse audio is a 
 good idea.

 It's a good thing you're asking for opinions, because that's what
 you're gonna get. A lot of it, probably ;)

 It can be a good idea, or it may cause your hair to fall out or turn
 gray. When I ditched pulseaudio, my idle system load average (as
 reported through uptime) dropped from 0.7 to 0.03, which was
 vindication enough for me.

 If you're running Gnome, ditchting pulseaudio is simply not possible.

Bull.

You can't install gnome without the pulseaudio libraries, but it runs
perfectly fine without the daemon.

Mart

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.

Re: VLAN config on Jessie

[Mart van de Wege]

Andrew Wood and...@perpetualmotion.co.uk writes:

 On 08/08/15 21:25, Mart van de Wege wrote:
 That's just avahi trying to work with an interface it thinks still
 exists. 

 what does the output of cat /proc/net/vlan/config show?
 It seems that the old settings are persisted somewhere and I suspect
 either avahi or systemd.
 I don't know if it is particularly systemd that's persisting VLAn
 ids. VLAN interfaces are meant to persist until you issue a vconfig rem
 command, but I don't know if systemd persists the interfaces across
 reboots.

 As far as I know, it shouldn't. VLANs require an explicit .netdev
 service file.

 cat /proc/net/vlan/config gives no such file

That would mean that the 8021q module is not loaded.

So your interfaces don't have VLANs at all, as the VLAN driver isn't
even loaded.

So somehow there is some configuration left that refers to non-existent
interfaces.

Mart

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86k2t1oacy@gaheris.avalon.lan

Re: VLAN config on Jessie

[Mart van de Wege]

Andrew Wood and...@perpetualmotion.co.uk writes:

 On 07/08/15 21:03, Mart van de Wege wrote:

 Why do you think that? Avahi does multicast DNS, which, as far as I
 know, has nothing to do with VLANs.

 So what makes you think Avahi is the culprit?

 That said, if you want to disable it completely:

 systemctl stop avahi-daemon.service
 systemctl disable avahi-daemon.service

 systemctl stop avahi-daemon.socket
 systemctl disable avahi-daemon.socket

 Then edit /etc/nsswitch.conf and remove all references to mdns4

 Mart

 Because even with nothing in /etc/network/interfaces dhcpd is seeing
 eth1.1 and eth1.2 and there are entries like this in syslog:

snip logging

That's just avahi trying to work with an interface it thinks still
exists.

what does the output of cat /proc/net/vlan/config show?


 It seems that the old settings are persisted somewhere and I suspect
 either avahi or systemd.

I don't know if it is particularly systemd that's persisting VLAn
ids. VLAN interfaces are meant to persist until you issue a vconfig rem
command, but I don't know if systemd persists the interfaces across
reboots.

As far as I know, it shouldn't. VLANs require an explicit .netdev
service file.

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86d1yxil2x@gaheris.avalon.lan

Re: VLAN config on Jessie

[Mart van de Wege]

Andrew Wood and...@perpetualmotion.co.uk writes:


 On 04/08/15 07:11, Bonno Bloksma wrote:


 If you have the option, as in this case, it might make sense to use
 the same number for the VLAN and for the address range. It does not
 NEED to be so, and most cases it will not be so. But if it is a
 simple situation like this, one can take advantage of it.
 Remember to set the VLANs correctly on the ports to the Debian
 router / firewall / dhcp server and on the ports to the WiFi
 APs. In this case untagged VLAN 1, tagged VLAN 10 and 11.


 Bonno Bloksma


 I think avahi is causing some problems how do I disable it completely?

Why do you think that? Avahi does multicast DNS, which, as far as I
know, has nothing to do with VLANs.

So what makes you think Avahi is the culprit?

That said, if you want to disable it completely:

systemctl stop avahi-daemon.service
systemctl disable avahi-daemon.service

systemctl stop avahi-daemon.socket
systemctl disable avahi-daemon.socket

Then edit /etc/nsswitch.conf and remove all references to mdns4

Mart

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86wpx6j26s@gaheris.avalon.lan

Re: What package contains the time daemon?

[Mart van de Wege]

Dennis Wicks w...@mgssub.com writes:

 Mart van de Wege wrote on 07/27/2015 12:49 AM:
 Gary Dale garyd...@torfree.net writes:

 On 26/07/15 02:44 PM, Mart van de Wege wrote:
 Gary Dale garyd...@torfree.net writes:

 Upgrading to sid is asking for trouble. Sid isn't called unstable for
 nothing.

 I know. I really do. I only have been running Debian since potato. On
 the other hand, someone's gotta run Sid, or it'll never get debugged.

 Yeah, well that ain't me. I have enough trouble with releases labeled
 stable!

And to pour more oil on the fire, I built a VM to try and reproduce the
problem, and it booted right up, DHCP+NFS and all. Gr.

Mart

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86bnew8zge@gaheris.avalon.lan

Re: What package contains the time daemon?

[Mart van de Wege]

Gary Dale garyd...@torfree.net writes:

 On 26/07/15 02:44 PM, Mart van de Wege wrote:
 Gary Dale garyd...@torfree.net writes:

 Upgrading to sid is asking for trouble. Sid isn't called unstable for
 nothing.

I know. I really do. I only have been running Debian since potato. On
the other hand, someone's gotta run Sid, or it'll never get debugged.

Mart

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86si8a880w@gaheris.avalon.lan

Re: What package contains the time daemon?

[Mart van de Wege]

Gary Dale garyd...@torfree.net writes:

 I haven't had any significant problems with systemd but then I waited
 several months before upgrading my servers to jessie and before
 upgrading my workstation to stretch. Maybe it's because of MS-DO but
 I've learned to wait for the .1 release before upgrading. :)

I actually ran into my first problem in ages when I reinstalled a
computer here.

It was supposed to run DHCP, and get a static assignment from the DHCP
server based on MAC, but when I booted it it hung on trying to start
rpcbind because the network wasn't up yet.

Only when I replaced the DHCP with a static IP assignment in
/etc/network/interfaces did things work.

Funny thing was that Jessie did just fine, it was upgrading to Sid from
a clean network install that broke things.

And on the gripping hand: I used to have this issue with SysV init, and
it went away when switching to systemd, I don't know why it returned
yet.

I was so stressed out that I didn't feel like troubleshooting it
further, hence no bug report. If someone wants me to file one, I can
troubleshoot next weekend.

Mart

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/866156ahdl@gaheris.avalon.lan

Re: the State of Linux Audio

[Mart van de Wege]

Nicolas George geo...@nsup.org writes:

 Le septidi 27 messidor, an CCXXIII, Martin G. McCormick a écrit :
  The only reason I put pulseaudio on here was way back
 when I was running lenny and had no /dev/dsp. Someone suggested
 installing pulseaudio. I did. /dev/dsp came back and life
 marched on.

 This was a bad suggestion.

 /dev/dsp is obsolete on Linux, has been for years. Not having is perfectly
 normal, having it back is possibly a sign that you are on the path of
 breaking things.

 In my opinion, PulseAudio is only good for messing things up. The features
 it brings are of doubtful usefulness for most users

As you said, that's your opinion. I like being able to easily switch my
sound from speakers to a USB or Bluetooth device, for example.

 and the brittleness

I haven't seen Pulse-only issues in two years or so. Really, most of the
problems have been worked out. Only if you have a corner case (like a
rare device with a badly-maintained ALSA driver) will you have problems.

Then again, using a badly maintained driver is a recipe for disaster
anyway, that's not Pulse-specific.

 and complexity it introduces are very real.

Use cases have gotten more complex. For the simplest-most use case (one
user, static I/O config), Pulse is indeed overkill, and can be
removed. I'd argue that the complexity it brings when installed is not
*unneeded* complexity though.

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86615kpf77@gaheris.avalon.lan

Re: pam_shield is blocking allowed networks

[Mart van de Wege]

Louis Wust louisw...@fastmail.fm writes:

 On Tue, Jul 7, 2015, at 06:42, Mart van de Wege wrote:
 I have set up pam_shield to allow my IP; when I test it by generating
 5 bad logins (threshold is 5 per 10m), I see pam_shield print
 'allowing from my ip/255.255.255.255' in the logs; and yet after 5
 login attempts it blocks my ip.

 This is due to a bug in the code which matches IP addresses. I
 investigated the cause and will file a bug report.

Ah nice.

 In the meantime, try using a hostname instead of an IP address. If the
 system you want to allow does not have a hostname, make one up and add
 it to /etc/hosts.

Thankfully at least two machines that *need* to be whitelisted do have a
stable rDNS mapping and can be added by name.

Unfortunately, for the rest I need a network match, so setting up
/etc/hosts for that is a bit impractical.

On the gripping hand, as long as I can reach the server from at least
one machine, I can always manually unblock.

Thanks for looking at it.

Mart
-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86615tqygg@gaheris.avalon.lan

pam_shield is blocking allowed networks

[Mart van de Wege]

Anyone know the answer to this conundrum?

I have set up pam_shield to allow my IP; when I test it by generating 5
bad logins (threshold is 5 per 10m), I see pam_shield print 'allowing
from my ip/255.255.255.255' in the logs; and yet after 5 login
attempts it blocks my ip.


-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86a8v8qme6@gaheris.avalon.lan

Re: NFSv4 first read/write takes 1 minute to start

[Mart van de Wege]

Jonas Meurer jo...@freesources.org writes:

 Hi Mart,

 Am 28.06.2015 um 21:40 schrieb Mart van de Wege:
 I run a fileserver and am trying to switch over from NFSv3 to NFSv4 with
 RPC-GSS. My exports work, and my clients nicely authenticate to the
 Kerberos server and the NFS server, I can mount the exported filesystems
 and cd into them.
 
 But as soon as I try to read or write anything on the mounted
 filesystem, I get a timeout of 1 minute. After that, all other reads and
 writes on the mounted filesystem proceed normally.

 I cannot help you with a comprehensive explanation, but at least I
 discovered similar timeouts while fiddling around with my new
 NFSv4+Kerberos setup. The first operation on a fresh mounted NFS share
 took ages (one minute is quite possible). I don't remember whether it
 timeouted or succeeded in the end.

 Now that everything is in place and working as expected, I no longer
 discover these timeouts. Every operation (read+write) to the NFS share,
 starting with the first one, finishs within milliseconds.

Well, it gets worse. After a day I tried it again, but from work over a
VPN. This time the first write operation (touching a test file) finished
within the bounds of the speed of the VPN connection.

So apparently some old information got cached somewhere and invalidated
by the passing of time. 

On Thursday I am back on location, I will check again to see if the
problem persists at local network speeds.

 I tested it with sec=sys, and that shows no difference. Mounting goes
 fine, cd goes fine, first operation hangs.

 Do you have your PTR records set correctly? Not sure whether it is
 related, but apart from fixing Kerberos principal mapping and ticket
 cache handling, the missing PTR record for my Kerberos/NFS server was
 one of the last things I fixed.

It's my home/development server; it runs on an entirely internal zone,
with full and correct PTR records. It's been running Kerberos for years
now for other services, and incorrect DNS has already bitten me in the
past.

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86vbe5kasz@gaheris.avalon.lan

NFSv4 first read/write takes 1 minute to start

[Mart van de Wege]

Hi,

I run a fileserver and am trying to switch over from NFSv3 to NFSv4 with
RPC-GSS. My exports work, and my clients nicely authenticate to the
Kerberos server and the NFS server, I can mount the exported filesystems
and cd into them.

But as soon as I try to read or write anything on the mounted
filesystem, I get a timeout of 1 minute. After that, all other reads and
writes on the mounted filesystem proceed normally.

I used to get a 'Unable to create client record on stable storage: -110'
error in dmesg, but that went away after I created the missing
'/var/lib/nfs/v4recovery' directory. Otherwise I am not getting any NFS
related errors in the logs, just a horrid timeout on the first
filesystem operation.

I tested it with sec=sys, and that shows no difference. Mounting goes
fine, cd goes fine, first operation hangs.

Anyone have any clue what is going on here?

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86zj3jk4f7@gaheris.avalon.lan

Re: [OT] Is Devuan a hoax?

[Mart van de Wege]

Francis Gerund ranr...@gmail.com writes:

 Does anyone here have any inside information on what is happening (or
 not happening) with the Devuan project? 

 It seems to be dead, or at least dying. 

 I am (more than) starting to think the whole thing was just a sick,
 sleazy hoax/disinformation campaign by you-know-who to confuse and
 disillusion any remaining heroic opposition to the systemd takeover of
 (at least) all of GNU/Linux. 

The other conclusion might just be that there was just not enough
support for the project to be viable.

Mart

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/861thmiuva@gaheris.avalon.lan

Re: weird problem with one mail account in Thunderbird....ISP or what ?

[Mart van de Wege]

Frank debianl...@videotron.ca writes:

 On 05/29/2015 06:52 AM, Mart van de Wege wrote:

 It might be possible that someone got hold of your password and is using
 your ISPs relay to send out spam. I've seen that happen more than once
 in real life.

   They'd need more than my password---Videotron uses an 8-letter
 customer identifier and a password to logon via IMAP/POP3/SMTP. Unless
 they managed to get a hold of both it wouldn't work although I guess
 it's possible (Murphy's Law).

All that is necessary is one login using a wireless network where
someone is running a sniffer, or having a keylogger on your Windows
install (I read you dual-boot?)

I *have* seen this happen; customers who had no idea how their login
credentials got into spammers' hands, yet their account was being used
to relay spam. I'm not saying it is what happened, just that your ISP
might not be entirely wrong.

Have you tried asking them for logging?

Mart

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86a8wmtnde@gaheris.avalon.lan

Re: weird problem with one mail account in Thunderbird....ISP or what ?

[Mart van de Wege]

Frank debianl...@videotron.ca writes:

 On 05/28/2015 02:44 AM, Emil Payne wrote:
 On 05/27/2015 10:16 PM, Charlie wrote:
 On Wed, 27 May 2015 21:06:10 -0400 Frank sent:

 When I went into Thunderbird at mid-day one of my accounts with my
 ISP Videotron.ca registered a logon failure..despite the fact nothing
 had changed.

 I have no answer. However, with my ISP I periodically have the same
 problem. I attempt to log on with claws-mail, without changing anything,
 no update, no upgrade to the system. No tinkering, nothing at all and of
 the two accounts one gives me this error message:


 Charlie

 That's odd. I have 6 gmail and 8 yahoo accounts. Yesterday all six gmail
 accounts wanted the passwords reentered. I have thunderbird set to
 remember passwords. At first I couldn't even get anything to enter into
 the password box, although the checkbox and buttons worked fine. I
 restarted my computer and it immediately stopped, saying no keyboard
 found, even though pushing F1 continued booting and ENTER worked at the
 grub menu. Once booted in I restarted thunderbird and re-entered the
 passwords as saved. Everything works fine now. At the time I had put it
 down to intermittent power outages due to t-storms, but now I wonder.

 Emil


The logon failure doesn't bother me as much as what the security
 department  at my ISP is claimingthat my system and that account
 have been compromised. I can't see how...but that's what they claim.

It might be possible that someone got hold of your password and is using
your ISPs relay to send out spam. I've seen that happen more than once
in real life.

Mart

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86h9qvzmdy@gaheris.avalon.lan

Re: Add a 3rd drive to a existing raid1 (not as spare)

[Mart van de Wege]

basti black.flederm...@arcor.de writes:

If I do this it works:

# mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/loop0 /dev/loop1

Creates a two disk RAID1 array.

Adding a third disk:

# mdadm --grow /dev/md0 --level=1 --raid-devices=3 --add /dev/loop2

And:

# mdadm --detail /dev/md0
/dev/md0:
Version : 1.2
  Creation Time : Tue Apr 14 14:27:00 2015
 Raid Level : raid1
 Array Size : 1047552 (1023.17 MiB 1072.69 MB)
  Used Dev Size : 1047552 (1023.17 MiB 1072.69 MB)
   Raid Devices : 3
  Total Devices : 3
Persistence : Superblock is persistent

Update Time : Tue Apr 14 14:28:39 2015
  State : clean 
 Active Devices : 3
Working Devices : 3
 Failed Devices : 0
  Spare Devices : 0

   Name : gaheris:0  (local to host gaheris)
   UUID : f330ab72:fe728ef6:23d3ab0f:5a6c67ff
 Events : 40

Number   Major   Minor   RaidDevice State
   0   700  active sync   /dev/loop0
   1   711  active sync   /dev/loop1
   2   722  active sync   /dev/loop2


Removing it:

# mdadm /dev/md0 --fail /dev/loop2 --remove /dev/loop2
mdadm: set /dev/loop2 faulty in /dev/md0
mdadm: hot removed /dev/loop2 from /dev/md0

And set the array back to 2:

# mdadm --grow /dev/md0 --raid-devices=2
raid_disks for /dev/md0 set to 2



 thanks but


 # mdadm --add /dev/md1 --raid-devices=3 --spare-devices=0 /dev/sde1
 mdadm:option --raid-devices not valid in manage mode

 # mdadm --add /dev/md1 --spare-devices=0 /dev/sde1
 mdadm:option --spare-devices not valid in manage mode

 # mdadm --grow /dev/md1 --raid-devices=3 --spare-devices=0
 mdadm:option --spare-devices not valid in grow mode

 Am 14.04.2015 12:07, schrieb Darac Marjal:
 On Tue, Apr 14, 2015 at 11:42:22AM +0200, basti wrote:
 Hello
 I want to add a 3rd drive to a raid 1 array (for disaster backup, the
 drive will be connectet once a week).
 I dry:

 mdadm --add /dev/md1 /dev/sde1

 when I fail the drive there is a message

 FailSpare event detected on md device /dev/md/1, component device /dev/sde1

 How can I add the 3rd drive as real drive and not as spare?
 Looking at the mdadm manpage (i.e. I've not tried this myself), you
 could try being moew explicit about things:

 mdadm --add /dev/md1 --raid-devices=3 --spare-devices=0 /dev/sde1

 (Note however that the manpage I'm reading - the one in Wheezy - seems a
 little unsure whether the option is --raid-devices or --raid-disks).

 I think, also, you can convert /dev/sde1 from spare to live by
 issuing:

 mdadm --grow /dev/md1 --raid-devices=3 --spare-devices=0

 One last thing to be aware of. If you DO set up your three-disk RAID1
 and then take the backup drive out of the set, be aware that that will
 mark the RAID as degraded and expect to get warnings to that effect.

 There doesn't appear to be a way to re-mark a device as spare so, to
 cleanly remove it, you will need to mark it as faulty (mdadm /dev/md1 -f
 /dev/sde1). I don't know, off-hand, if this will affect the backup,
 though.

 Best Regards


 -- 
 To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
 with a subject of unsubscribe. Trouble? Contact 
 listmas...@lists.debian.org
 Archive: https://lists.debian.org/552ce0fe.2030...@arcor.de


-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86k2xeevph@gaheris.avalon.lan

Re: GHOST, Am I ok?

[Mart van de Wege]

Jochen Spieker m...@well-adjusted.de writes:

 Sven Hartge:
 Darac Marjal mailingl...@darac.org.uk wrote:
 On Wed, Jan 28, 2015 at 05:52:49PM -0600, John Hasler wrote:
 
 Look at checkrestart in the debian-goodies package.
 
 Or alternatively, if you're on testing or newer (or can accept a
 backport), try needrestart (in its own package) which will inform you
 after a dpkg run which services need restarting.
 
 needrestart is also available in the official backports.

 Thanks for that hint! This should really be installed by default. I
 wonder how many systems regularly stay vulnerable even after installing
 security patches, just because admins don't realize they may have to
 restart some services manually.

And this is why simply rebooting after significant patches is a good
idea.

Mart
-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86fvasu2ii@gaheris.avalon.lan

Re: Was: Ric Moore

[Mart van de Wege]

Gene Heskett ghesk...@wdtv.com writes:

 On Sunday 18 January 2015 18:21:02 Mart van de Wege did opine
 And Gene did reply:
 Gene Heskett ghesk...@wdtv.com writes:
  On Sunday 18 January 2015 14:12:03 Joe did opine
  
  I don't have Gnome on the workstation either, but
  I do have various Gnome bits such as Nautilus. It really should be
  possible to avoid NM, but probably not without some effort.
  
  Using information that it seems to me, is deliberately withheld from
  the user.  Or I have not learned in 80 years, how to ask the right
  question..
 
 apt-get remove network-manager seems to work just fine for me.
 
 Mart

 I have attempted that, several times in the past 5 or 6 years.  The list 
 of stuff it will also remove is usually several printed pages, IF you 
 could actually get a printout.

Eh, no?

mvdwege@gaheris:~$ apt-cache rdepends network-manager | wc -l
40

And that includes all packages for which nm is a dependency, not just
a hard Depends: *and* i386 packages (I run multi-arch).

And note that that this is an rdepends search. I have only 4 of those 40
packages installed (and 2 of those only by accident).

And taking a look at the list, there's a lot of non-essential stuff on
there. About the only thing I'd consider anything near 'essential' is
evolution, and that is only a Suggests: dependency.


 Unfortunately, you can't even copy/paste for a record from that screen
 by any method but a screen snapshot series.

What is so difficult about 'select text, middle button paste'?

I really wanted to cut you some slack, but I am forced to conclude that
your problem is between the chair and the keyboard.

Mart

-- 
We will need a longer wall when the revolution comes.
--- AJS, quoting an uncertain source.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/86r3urb84c@gaheris.avalon.lan