Re: internal keyboard does not work

[Nicholas Geovanis]

On Fri, Aug 23, 2024, 12:54 PM Nicolas George  wrote:

> Nilesh Patra (12024-08-23):
> > What drives such a hostile and uncalled-for reply?
>
> It was sarcastic, but in no way hostile.
>

Either way it was unnecessary and will do nothing but alienate people from
this list. And so perhaps from Debian too.

So we might wonder which is best: no
> reply at all, or a reply with sarcasm that inattentive readers might
> take for hostility?
>

Even you have a bad day now and then, obviously you just snapped at them.
You can't dress it up any finer than that, sorry.

Regards,
>
> --
>   Nicolas George
>
>

Re: Increasing "time" command precision

[Nicholas Geovanis]

On Thu, Aug 8, 2024, 8:13 AM Greg Wooledge  wrote:

> On Thu, Aug 08, 2024 at 15:08:33 +0200, Franco Martelli wrote:
> > The Bash's shell keyword "time" it could be fine, but I don't know how to
> > redirect its output to a file (-o switch of /usr/bin/time).
>
> https://mywiki.wooledge.org/BashFAQ/032


The Bash FAQ has always amazed me with articles like that. And then I
wonder how many lives might depend on the minutiae of "time" vs.
/usr/bin/time or some equally involved (dare I say "arcane"?) detail of
bash scripting
And then I feel tired :-)

Re: nginx or apache for php?

[Nicholas Geovanis]

On Thu, Aug 1, 2024, 10:25 AM Dan Ritter  wrote:

> Walt E wrote:
> > I have been using apache2 + php for years under debian.
> > But I heard people says nginx + php has better performance.
> > Do you have experience on both of setup and share a bit with me?
>
>
> I have experience on both.
>
> Do you have a performance problem? If not, don't change.
>
> If you do have a performance problem: how much have you
> optimized already? What methods have you used? Can you define
> the gap between what you have and what you need?
>
> How much is it worth to you in terms of time, and in terms of
> money?
>

All good points which reinforce the idea that the only benchmark that
really matters is the benchmark of your specific application.

I was only once in a situation where I had nginx and apache serving the
same content from the same server. I could start whichever I wanted. Nginx
was clearly faster -for that content-. It was a simple web application,
retrieving content from a few-gig local MySQL database. YMMV.

-dsr-
>
>

Re: why reliable linux hasn't gained more market share?

[Nicholas Geovanis]

On Sun, Jul 21, 2024, 10:03 AM Joe  wrote:

> 
>
> Basically, I think that with many more users, we would see more Windows
> users and they would be less secure in their habits. We've already seen
> this to some extent with Ubuntu. I don't think it's any more difficult
> to write a virus for Linux than for Windows, but the R number for such
> a virus, as epidemiologists would put it, would be very much less than
> one, so there's no point. No propagation. I think this would change,
> but this is of course just an opinion.
>

Linux servers are running headless in data centers, not on many desktops in
comparison. So the desktop set of intrusion vectors are not present on
them. Rarely does a human log into them, they're managed and usually
installed remotely using ansible, salt, CloudFormation on AWS, etc.
Software running on them answers requests at TCP ports, that's what they
do.

-- 
> Joe
>
>

Re: why reliable linux hasn't gained more market share?

[Nicholas Geovanis]

On Sun, Jul 21, 2024, 12:40 AM  wrote:

> On Sat, Jul 20, 2024 at 03:27:17PM -0400, gene heskett wrote:
>
> [...]
>
> > And even you Hans, leave out the major, all encompassing, reason for the
> > lack of market share, which is that most business that have a
> computerized
> > system to run things also value what their MBA says.  And since there is
> no
> > one to sue to cover their personal butt in case the system goes south
> like
> > cloudflare has in the last 3 days, M$ & cloudflare are a brick and morter
> > legal target they can sic the legal team onto.
>
> First: it wasn't cloudflare -- it was CrowdStrike (a sec firm, of all
> things!)
>
> Second: nobody's going to sue them. Guess what? The big ones have lawyers,
> lots of them. And their best protected tech is "law tech". They wouldn't
> be skimping on quality if it didn't pay off.
>
> Case in point: Solarwinds. 2020, they had a row of high-level attacks
> which knocked off their customer's customers (AFAIR, one third of
> Sweden's supermarkets had to close for three to four days, among many
> other things).
> They were sued for $26 million, that's it.
>

Every time I meet or work for someone who is still running SolarWinds
products (many many :-)  I remind them of this: SolarWinds' source-code
repositories were broken into, the source-code modified by the intruders,
and their changes checked back in like good software developers :-) Then
the corporation sent you that software and you paid for it.

How do you feel? Suppose that the same thing was done to the software in
your car? Would you drive it again? Or in the aircraft you will fly-in next
month? Would you take that plane?

Cheers
>
> [1]
> https://en.wikipedia.org/wiki/SolarWinds#2019%E2%80%932020_supply_chain_attacks
>
> --
> t
>

Re: Running 32-bit static exeutable on 64-bit Debian

[Nicholas Geovanis]

On Sat, Jul 20, 2024, 8:57 AM Greg Wooledge  wrote:

> On Sat, Jul 20, 2024 at 01:15:22 -0700, Van Snyder wrote:
> > > Van Snyder wrote:
> > > > And there's still the mystery why a statically-linked executable
> > > > wants to
> > > > load a shared object library.
>
> https://manpages.debian.org/bookworm/manpages-dev/dlopen.3.en.html
>
> > Am I losing my mind?
> >
> > At first I had done "file LinuxSusser". It reported "Statically
> > linked."
> >
> > Just to be sure, I did the recommended "ldd LinuxSusser." It also
> > reported Statically linked."
>
> Then it's almost certainly using dlopen() to load this shared library.
>

If LD_LIBRARY_PATH is set to null or "" in that executable's environment
and you then invoke it, what happens?

Re: why reliable linux hasn't gained more market share?

[Nicholas Geovanis]

On Sat, Jul 20, 2024, 2:09 PM Joe  wrote:

>
> You missed one: Linux is virtually a virus-free environment, and a
> large user base would mean many more people running as root, and it
> would become worth the time of malware writers to target Linux. Linux
> would become as virus-ridden as Windows.
>

There is no reason for "many more people running as root" so I don't think
that's a valid point. Ubuntu is derived from Debian and Ubuntu eliminated
direct root login years ago. But you can do that easily with your own
Debian installation if you want to.

It would also become a target for data harvesting, from which Debian,
> at least, is refreshingly free.


Again lacking data center experience? Every server in your data center that
is outward-facing will be contacted by intruders on its open ports. That
includes your Debian servers. If your apache server or application server
running on Debian is vulnerable and open to outside, they will knock on
your door. What happens _after_ that determines how vulnerable you are.

-- 
> Joe
>
>

Re: why reliable linux hasn't gained more market share?

[Nicholas Geovanis]

On Sat, Jul 20, 2024, 12:16 AM  wrote:

> On Sat, Jul 20, 2024 at 02:45:37PM +1000, David wrote:
> > On Sat, 2024-07-20 at 11:54 +0800, hlyg wrote:
>
> [...]
>
> > > why free OS hasn't gained more share even after 30 years of
> > > development?
> >
> > Because people don't have it hammered into them via the educational
> > formats, it doesn't come preinstalled on almost every computer you buy:
> > offered as the only option, Linux isn't advertised, and probably never
> > will be.
>

Both writers are ignoring the places where the vast majority of Linux
images run:
The corporate data center.
Linux rules the corporate data center and cloud these days. Not so much
Debian there but plenty of Ubuntu and Red Hat/fedora/CentOS.

All of them good factors. I may add yet another: because in the current
> economic ideology, investing in things seems preferrable than investing
> in people --


Any "capital good" like a semi-tractor or a corporate server and the
software on it is "depreciated": We pretend that it lost 6% or more of its
value each year, and we let the corporation write that "loss" off its taxes.

But I'm not allowed to do the same with my car or with the Dell Poweredge
R710 sitting next to me that used to live in the world's largest data
center.

This isn't really ideology except where ideology permits tax cheats to
thrive. Capitalism does that for tax cheats who have power and wealth, not
so much for those who dont.

and Windows (and MacOS) were marketed as "can be administered
> by anyone". Which, of course, as often in marketing, is a lie.
>
> Cheers
> --
> t
>

Re: Kali Linux problem and support question [WAS Re: w4sp-lab]

[Nicholas Geovanis]

On Wed, Jul 17, 2024, 3:10 PM Bret Busby  wrote:

> On 18/7/24 01:43, Andrew M.A. Cater wrote:
> > On Wed, Jul 17, 2024 at 05:52:47PM +0200, Aleix Piulachs wrote:
> >> installing w4sp-lab in Kali-linux-2024.2-installer-everything-amd64.iso
> >> gives me an error when I press w4sp_webapp.py in python module error:
> >> import w4sp and error in module: from w4sp_app import * and I cannot
> change
> >> the w4sp or * how do I do it?
> >
> > Hi Aleix,
> >
> > Please go and read the FAQ that I post almost every month on this list.
> >
> > Kali is _derived_ from Debian and isn't Debian. As such, I'd respectfully
> > suggest that you go and find Kali support elsewhere.
> >
> > Thanks for reading, with every good wish as ever
> >
> > Andrew Cater
> > (amaca...@debian.org)
> >
>
> This exists;
>
> https://www.kali.org/community/
>
> Users of Kali Linux, should peruse that web page.
>
>  From that web page, unfortunately, Kali Linux, like Linux Mint, and
> some of the BSD variants, does not provide an officially supported users
> mailing list, like Debian Linux provides this one, and Ubuntu Linux,
> with its users mailing list.
>

Are you intentionally ignoring the Kali Linux support forum which is hosted
at that same website? And if you want a gateway'd email list and web-based
forum working together, as some sites do (Canonical used to...), wouldn't
the best move be to ask that very same forum about their collective
thoughts?

So, it is up to a user of software that does not have an officially
> supported users' mailing list, to create and administer a users' mailing
> list, like for some other Linux distributions and Thunderbird and
> Firefox, as has happened at groups.io  (https://groups.io -> "Find or
> Create a Group").
>
> And, remember the proverb; "Every journey of a thousand leagues, starts
> with the first step".
>
> ..
> Bret Busby
> Armadale
> West Australia
> (UTC+0800)
> ..
>
>

Re: Esteemed Gentlemen!

[Nicholas Geovanis]

On Sat, Jul 6, 2024, 9:21 AM Greg Wooledge  wrote:

> On Sat, Jul 06, 2024 at 11:01:45 +, Richard Bostrom
>
> > I've removed unattended-upgrades.
>
.

> > Tripwire is useless with automated system updates etc.
>

I don't follow your logic.
First, I don't necessarily recommend automated system updates.
Second, tripwire has nothing to do with them. You turn off tripwire right
before the upgrade. You rescan afterwards because monitored system files
may have changed. That's what tripwire is for. As stated previously:

Though, if your plan is to run "apt update" and "apt upgrade"
> by hand, at a time of your choosing, so that you can update tripwire's
> state afterward, then that's fine.
>
>

Re: System time/timezone, was Re: Maximum size .bash_aliases file

[Nicholas Geovanis]

On Sat, Jun 22, 2024, 11:02 AM Stefan Monnier 
wrote:

> > Yes, I realise that. The times are being displayed by the gettys,
> > controlled by the /etc/issue format string.  Jobs are being run
> > by cron, logs written by rsyslogd, and so on. And the term is … ?
>
> Maybe there simply isn't such a term.  The subject is sufficiently
> complex/delicate that there can't be a term for every single situation.
>

I think we are losing sight of the fact that all of timekeeping is an
abstraction and over-generalization. Time zones were created to help
regularize railroad schedules over wide areas. Timezones are an abstraction
that permit us to _pretend_ that it is (physical) noon at the same clock
time over an extended area. When in fact physical high-noon, determined by
the sun's position in the sky, cannot be at the exact same time just a few
centimeters west or east of my eyeballs.

Stefan
>
>

Re: RTC, was Re: System time/timezone

[Nicholas Geovanis]

On Tue, Jun 18, 2024, 11:05 PM David Wright 
wrote:

> On Tue 18 Jun 2024 at 04:12:07 (-0400), Jeffrey Walton wrote:
> > On Tue, Jun 18, 2024 at 4:05 AM  wrote:
> > > On Mon, Jun 17, 2024 at 11:54:03PM -0500, David Wright wrote:
> > > > [...]
> > > > I notice that   man timedatectl   says:
> > > >
> > > >set-timezone [TIMEZONE]
> > > >Set the system time zone to the specified value.
> > > >Available timezones can be listed with list-timezones.
> > > >If the RTC is configured to be in the local time, this
> > > >will also update the RTC time. This call will alter
> > > >the /etc/localtime symlink. See localtime(5) for more
> > > >information.
> > >
> > > I cringe a bit when I see that.
> >
> > Yeah.. on Linux, it is recommended to keep the RTC clock in UTC.
> > Unless Windows has contaminated the machine. See
> > .
>
> Here's your subthread for discussing the RTC, as it's a separate
> issue from the system's time zone.
>

Reading the link that Walton sent, the only case where RTC clock in UTC is
recommended is in the linux/windows dual-boot case. There's no statement
that RTC should be set to UTC besides that. And they say right there why it
isn't mentioned: your Debian machine might move around geographically. But
if it doesnt

Servers in data centers don't move around, they just sit there :-) So in my
experience servers running anything non-windows have RTC set to local time.
That's been on Red Hat/CentOS, Debian, Ubuntu.

(I believe I'm correct in saying that Windows has long been able,
> by means of a registry key setting, to run with the RTC set to UTC.)
>

That is also my understanding but Windows 95 is the last release I've been
an admin on.

Cheers,
> David.
>
>

Re: [solved] Re: No login with Debian 12 ssh client, ssh-rsa key, Debian 8 sshd

[Nicholas Geovanis]

Just to compare, when Red Hat released 9.0 maybe 2 years ago (9.2 is
current until 30 June) they disabled by default many older key-lengths and
algorithms in SSL that were known to be weak. This caused issues for
existing installations. You could either re-enable the weaker methods (easy
but a pain to figure out courtesy of RH's layers of administration) or bite
the bullet and re-key.

On Sat, Jun 1, 2024, 5:51 AM Max Nikulin  wrote:

> On 01/06/2024 16:42, Thomas Schmitt wrote:
> >debug1: Remote protocol version 2.0, remote software version
> OpenSSH_6.7p1 Debian-5
> >
> > (I wonder what the string "Debian-5" may mean. The Debian 12 machine has
> > debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
> >   So "-5" is not the Debian version.
>
> Package version in bookworm: 1:9.2p1-2+deb12u2
>
>

Re: NextGov: Linux XZ Utils Backdoor Was Long Con, Possibly With Support

[Nicholas Geovanis]

On Fri, Apr 5, 2024, 1:39 PM  wrote:

> On Fri, Apr 05, 2024 at 12:27:03PM -0400, Cindy Sue Causey wrote:
> > Hi, All..
> >
> > This just hit my emails seconds ago. It's the most info that I've
> > personally read about the XZ backdoor exploit. I've been following
> > NextGov as a friendly, plain language resource about government:
>

...

> Continues to sound like one single perp is destroying the TRUST factor
> that an
> > untold number of future programmers must meet. That's heartbreaking.
>
> No, on the contrary. First of all, it is great that it has been
> caught /before/ it could cause much harm -- I
>


> So hardly new. What's special about this case is that the contributor
> had been working for the project for two years, thus earning trust
> with the community -- the most widespread notion seems to be that
> they had been planning the thing all along. I see at least another
> possible interpretation, that they started as a genuine contributor
> and wend bad, be it by bribing, coertion, or even replacement. Secret
> services and hackers (where's the difference, anyway?) are like
> that. Opportunists.
>
> Reminds us that trust is, at the root, a human thing, and thus sometimes
> fragile. As in Real Life, we need ways to recover.
>

And to me that's the most interesting thing about this incident too. It's a
good counter-example to the open-source "trust"-based model of software
development, simply by proving what we all knew: some people can't be
trusted but also can't be detected as untrustworthy. And it also shows a
"win" of that same development model, many eyes and a persistent mind who
didn't like things that didn't make sense.

But what if next time the back-doored software _does_ build without error?

Cheers
>
> [0] https://lwn.net/Articles/773121/
> [1]
> https://en.wikipedia.org/wiki/SolarWinds#2019%E2%80%932020_supply_chain_attacks
> [2] https://arxiv.org/abs/2005.09535
>
> --
> t
>

Re: making Debian secure by default

[Nicholas Geovanis]

On Fri, Mar 29, 2024, 12:24 PM Joe  wrote:

> On Fri, 29 Mar 2024 16:53:04 +
> Andy Smith  wrote:
>
> > Hello,
> >
> > On Thu, Mar 28, 2024 at 05:47:44PM -, Curt wrote:
> > > On 2024-03-28, Greg Wooledge  wrote:
> > > >
> > > > A more proactive endeavor would be to document known best
> > > > practices
> > >
> > > It makes no fucking difference, because your important data is
> > > elsewhere and completely out of your control.
> >
> > I WAS going to gently suggest that you have a lie down in a cool,
> > shaded room, but which of us had this on our 2024 bingo card?
> >
> > https://www.openwall.com/lists/oss-security/2024/03/29/4
> >
> > (Upstream xz/lzma project compromised, hostile code inserted into
> > sshd in Debian sid and other leading edge distros.)
> >
>
> Hah! Most of us remember Heartbleed.
>
> He's actually referring to credentials stored externally being
> compromised. I'm not sure what can be done about that: maybe make some
>

I would think A Smith's comment here was directed to this interesting bit
from the report he cited:

Given the activity over several weeks, the committer is either directly
involved or there was some quite severe compromise of their
system. Unfortunately the latter looks like the less likely explanation,
given
they communicated on various lists about the "fixes" mentioned above.

End quote. The issue appears to be a bad actor masquerading as (or being)
the real maintainer. There's no software-development or identity management
solution to that, it has to be organizational. We're lucky to have software
guys as sharp the one who caught this.

kind of, you know, law, about storing sensitive data, and prosecuting
> people who are responsible for failure to keep it secure... nothing
> like accountability for discouraging negligence.
>
> --
> Joe
>
>

Re: Filsystemkorruption i ext4?

[Nicholas Geovanis]

On Wed, Mar 20, 2024, 11:28 AM Jesper Dybdal 
wrote:

> I have now done the following:
> * Checked the RAID array - no problems found.
> * Run fsck.  It found three cases of the block count being incorrect.  I
> don't know which the other two affected files are.
> * Run one pass of memtest86+.  Nothing found.
>
> So it seems not to be a problem with the disks.
> A bug in ext4?  Well, ext4 has always done its job for me wihtout problems.
> A RAM error that memtest86+ did not find?  Possible.  Once upon a time,
> when you bought an ordinary pc, its RAM had ECC as a matter of course;
> unfortunately, that is not the case nowadays.
>
> I think I'll let memtest86+ run overnight one of the coming nights.
>
> Unless it is simply a RAM error, then it is a bit scary...
>

I have seen that a couple times, unlikely but possible. Maybe review your
RAM configuration too, ensure that the sticks are on the same supported
refresh rate and distributed across the slots in an approved way.

Regards,
> Jesper
>
> On 2024-03-19 21:47, Franco Martelli wrote:
> > On 19/03/24 at 15:43, Jesper Dybdal wrote:
> >
> >>
> >> My plan is to boot a rescue disk and mount that partition read-only.
> >> Then:
> >> * If the file looks ok after reboot, then I'll strongly suspect the
> >> RAM - and run memtest.
> >> * Otherwise, I'll have to run fsck and see what happens.
> >>
> >> kernel version:
> >> root@nuser:~# uname -a
> >> Linux nuser 5.10.0-28-amd64 #1 SMP Debian 5.10.209-2 (2024-01-31)
> >> x86_64 GNU/Linux
> >>
> >> The partition in question is a RAID 1 controlled by md.
> >
> > Another check you can perform it is on the RAID array, by default it
> > runs on the first Sunday of each month at 00:57. You should have this
> > file /etc/cron.d/mdadm that takes care to run this check monthly.
> >
> > Before you reboot, does it look OK /proc/mdstat ?
> >
>
> --
> Jesper Dybdal
> https://www.dybdal.dk
>
>
>
>

Re: After installing no access to the installed system.

[Nicholas Geovanis]

On Mon, Mar 18, 2024 at 12:48 PM Thomas Schweikle 
wrote:

> Package: Debian installer
> Version: As on Debian live-CD/DVD for Debian 12.5
> Severity: critical
>
> 1. Download debian live-CD/DVD from:
> https://cdimage.debian.org/debian-cd/current/amd64/iso-hybrid/debian-live-12.5.0-amd64-xfce.iso
> or
> https://ftp.gwdg.de/debian-cd/12.5.0-live/amd64/iso-hybrid/debian-live-12.5.0-amd64-xfce.iso
> 2. Boot from this DVD
> 3. Doubble click on "Install to harddisk"
> 4. Select to erase a partitioned harddisk
> 5. Select "German"
> 6. For User and Passwort enter
> Full name: demo Demo
> Username: de-de
> Password 1st: start123
> Password 2nd: start123
> 7. Click install
> 8. Wait until the installer finishes and reboots into this newly installed
> system
> 9. Try to login with the credentials given above:
> User: de-de
> Password: start123
>
> The newly installed system just tells: unknown user or password, user or
> password wrong. You wont be able to login.
>

Did the password you typed include any non-ASCII characters? Same question
for non -en_US characters?
And: Are you using a German-language keyboard? Or a "standard" US-style?


> Having a closer look at the system installed:
> - The system language ist set to en_US, instead, as selected to de_DE.
> - The keyboard language and layout ist set to en_US, instead, as selected
> to de_DE.
> - The user given isn't created at all.
> - The password isn't entered into /etc/passwd or /etc/shadow.
> - Root is created, but does not have a password, while passwordless logins
> are prohibited
>

Is it possible that the hard-drive is not working correctly?
It seems that all of those symptoms point to an un-writable hard-drive.


> Conclusion: it is not possible to login to the system. Youl have to hack
> it to get access.
>
> --
> Thomas
>

Re: Postel's Law (Was Re: Inclusive terminology (instead of master/slave) for network bonding/LACP)

[Nicholas Geovanis]

On Sat, Feb 24, 2024, 6:37 PM Andy Smith  wrote:

> Hi,
>
> On Sat, Feb 24, 2024 at 04:54:12PM +, Alain D D Williams wrote:
> > I sometimes think that something similar to Postel's Law but applied to
> human
> > interactions would be useful. However that is wishful thinking
>
> 
> I'm not saying DON'T give people the benefit of the doubt, but just
> always be aware that when you do there will be people who take
> advantage of that.
>
> Turning back more to protocol design, we have spent decades walking
> back Postel's Law as we find more and more ways that being liberal
> in what our software accepts is untenable in the face of a hostile
> Internet.
>

Quoting Paul Vixie 30 years ago at the Usenix technical conference (author
of various RFCs: DHCP, NNTP):

"Its important to remember that the internet escaped from the lab long
before we could put it into anything like production form. It's equally
important that our masters do not learn that".

Thanks,
> Andy
>
> --
> https://bitfolk.com/ -- No-nonsense VPS hosting
>
>

Re: Journald's qualities (was: Selective rotation of journald logs)

[Nicholas Geovanis]

On Fri, Feb 23, 2024, 2:57 PM Dan Ritter  wrote:

> Stefan Monnier wrote:
> > Makes one wonder why they don't use naive append-only "plain text" logs
> > (tho with appropriate delimiters (maybe some kind of CSV) to make
> > searches more reliable than with old-style plain text logs)?
> >
> > What are the advantages of journald's representation?
> > I mean, to justify the slow search and large disk space usage, there is
> > presumably some upside for some use cases.  I can see some weak argument
> > against Sqlite based on the size of Sqlite, but what are the advantages
> > of journald's representation compared to a naive one?
>
>
> systemd's design philosophy, observed from the outside, goes
> like this:
>

bunch trimmed.

Exactly correct in my view. Systemd's use-case is the desktop, not the
server in the datacenter. They will be using log-aggregation software in
the datacenter anyway so no use for systemd logging. We don't install
desktop software on servers either, no X Windows, no gnome, etc. Network
connections are stable, no roaming :-)

Long-term logs are for servers, so systemd doesn't want them.
> systemd thinks logs are for finding out what just happened
> recently. If you wanted long-term logs, obviously you would
> configure a central repository on some other machine and ship
> them across the network.
>
>
> I have nothing but praise for the Debian maintainers of rsyslog,
> who have arranged it so that installing rsyslog immediately does
> appropriate things to pull data out of systemd.
>
> -dsr-
>
>

Re: Meeting with the Development Team

[Nicholas Geovanis]

On Thu, Feb 22, 2024, 3:04 AM  wrote:

> On Thu, Feb 22, 2024 at 08:40:32AM +, Ray Galt wrote:
> > Hello,
> >
> > I would like to reach out to the decision-maker in the IT environment
> within your company.
>
> [...]
>
> Sometimes, satire is written by marketing departments. Or by
> some LLM run in reverse posing as such -- these days, you
> just can't know. As far as I'm concerned, they all pass the
> Turing test with flying colours.
>

Proving once again that human intelligence and artificial intelligence have
nothing whatsoever in common. Can't even define the word in either context
:-)

SCNR
> --
> t
>

Re: find and it uncommon syntax - grrrrrrrrr

[Nicholas Geovanis]

On Sat, Feb 10, 2024, 2:46 PM gene heskett  wrote:

> Greetings;
>
> I have misplaced file someplace in /home/gene.
> its name is bpim5*shelf.scad
>

Assuming that you are searching in the current working directory:
 find bpim*  -print | grep 'shelf.scad'

As usual it outputs 100,000 filenames, none of which is the one I am
> looking for. How in heck do you shut this thing up so it only spits out
> /the/path/to/the/file its looking for it it even found it?
>
> And where do I put that as an alias, in my .bashrc?
>
> Cheers, Gene Heskett, CET.
> --
> "There are four boxes to be used in defense of liberty:
>   soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author, 1940)
> If we desire respect for the law, we must first make the law respectable.
>   - Louis D. Brandeis
>
>

Re: counting commas

[Nicholas Geovanis]

On Fri, Jan 19, 2024, 9:24 PM John Hasler  wrote:

> > Another SPITBOL user lives??!? :-)
>
> It's been decades since I used it.
>
> > It should all be open-source by now
> > Is it?
>
> http://www.snobol4.com/
>
> A search finds this:
>

Well thank you so much John. They are giving away for free Spitbol 360/70,
and for the past year I just so happen to have an IBM mainframe laying
around again :-)
One of my CS profs in college was Glenn Manacher who had been a maintainer
of Snobol at Bell labs in New Jersey.


https://github.com/spitbol/x64
>
> I haven't looked at it.  I'm surprised it isn't in Debian.
> --
> John Hasler
> j...@sugarbit.com
> Elmwood, WI USA
>

Re: counting commas

[Nicholas Geovanis]

On Fri, Jan 19, 2024, 6:52 PM John Hasler  wrote:

>  debian-u...@howorth.org.uk writes:
> > The
> > At the risk of being seen as old-fashioned, but as a user of both
> > languages, I think Perl is a much better choice than C for string
> > processing.
>
> Use SPITBOL.
>

Another SPITBOL user lives??!? :-)
It should all be open-source by now
Is it?

John Hasler
> j...@sugarbit.com
> Elmwood, WI USA
>
>

Re: counting commas

[Nicholas Geovanis]

On Fri, Jan 19, 2024, 2:07 PM Thomas Schmitt  wrote:

> .

(Ok, C causes scars on the programmer's self esteem. But what does not
> kill me makes me just stronger. I'm a vim user.)
>

OK I'll mention that to my psychiatrist :-)
But the C programmers I knew were either really nice guys if they wrote C
on unix, or real toads if they wrote C for DOS/Windows. YMMV

>

Have a nice day :)
>
> Thomas
>
>

Re: standardize uid:gid?

[Nicholas Geovanis]

On Thu, Jan 18, 2024, 9:15 AM Stefan Monnier 
wrote:

> > I haven't tried it but I would assume that if the user exists then the
> > package uses that.  So cresting a template /etc/passwd before
> > installing packages would fix this.
>
> That works, indeed.  Maybe Someone™ should develop a small "UGID server"
> which integrates into Debian's `adduser/addgroup` system (i.e. those
> tools would first ask the UGID server if that user has already been
> allocated an ID and if not register a new ID for it), so you can run
> such a server locally and tell Debian to use it so that all your
> machines share the same UID/GID namespace.
>

Sounds like we're going to re-implement Yellow Pages? (yp) :-)

Andy Smith mentions in his follow-on to this email that this kind of
standardization is done "locally" with configuration management software
(salt, ansible, CloudFormation). You don't need to have hundreds to
thousands of servers for configuration management software to make your
computing life easier.




> Stefan
>
>

Re: To partition or not to partition MD arrays (Was Re: smartctl cannotaccess my storage, need syntax help)

[Nicholas Geovanis]

On Wed, Jan 17, 2024, 9:35 PM gene heskett  wrote:

> On 1/17/24 19:54, Steve McIntyre wrote:
> > Andy Smith wrote:
> ...
> >> Then there will just be people going by taste.
> >>
> >> Personally I still put them directly on drives. If I ever get taken
> >> out by one of those crappy motherboards, I reserve the right to get
> >> a different religion. 😀
> >
> > I'm clearly a member of a third group of people,,, :-)
> >
> > Putting partitions on the RAID drives helps *me* identify them.
> >
> you aren't alone Steve.
> Cheers, Gene Heskett.
>

Sounds like this group has finally achieved a long overdue consensus. How
many times since LVM was ready for root/boot volumes have I been told that
using partitions was necessary good practice. Even had that in job
interviews, where half the team would grin at me saying it and the other
half scowling at my "poor practice".

Now we know it was just personal preference all along. Like somebody said
:-)

>

Re: [Lynx-dev] ANN: lynx2.9.0

[Nicholas Geovanis]

On Mon, Jan 15, 2024, 8:32 PM Karen Lewellen 
wrote:

> As of today, current edition of lynx.
> Announcement below.
> Kare
>
>
> On Tue, 16 Jan 2024, Thomas Dickey wrote:
>
> > The current version of lynx is 2.9.0
> >
> > It's available at
> >   https://lynx.invisible-island.net/
> >   https://invisible-island.net/archives/lynx/
> > Development & patches:
>


> >
> >KEYMAP:^S:UNMAPPED
> >  (report by TG) -TD
> > * repair docs/OS-390.announce and docs/README.jp -TD


Well now. I haven't used lynx in 15 or 20 years. And for the first
time ever I have the chance to try it on the IBM mainframe, z/OS
:-)


> --
> > Thomas E. Dickey 
> > https://invisible-island.net
>

Re: 512e vs 4K sector confusion

[Nicholas Geovanis]

On Mon, Jan 15, 2024, 4:58 AM Andy Smith  wrote:

> On Sun, Jan 14, 2024 at 11:32:37PM -0500, Stefan Monnier wrote:
>
> > What happens if you use diskimages that contain directly a filesystem
> > without going through the trouble of using a partition table?
> > Does `ext4` also get tripped by the different underlying block size?
>
> I believe it will also fail but I haven't directly experimented.
>
> On the target host I was able to use fdisk (or gdisk or parted or
> whatever…) to change the partition table to be "correct", which
> enabled me to then use "kpartx" to expose the partition out of the
> disk image as a loop device as usual. However, the ext4 driver and
> fsck.ext4 were still unable to find superblocks on this. This
> despite a sha256sum of the loop device coming back with the same
> hash as a sha256sum of the partition on the source.
>

In your dd commands that moved these filesystems, did you specify ibs=
and/or obs=
?
If so, what values did you use?


> Thanks,
> Andy
>

Re: VAX emulation/simulation (was Re: systemd-timesyncd)

[Nicholas Geovanis]

On Mon, Jan 8, 2024, 11:38 AM Thomas Schmitt  wrote:

> Hi,
>
> Bret Busby wrote:
> > > .;
>
> Jeremy Nicoll wrote:
> > IBM's MVS & its successors, most recently z/OS, have something
> > similar called a GDG (or Generation Data Group).
>
> The principle made it into ISO 9660 specifications.
>
> To make this thread relevant for Debian, let's assume that somebody
> asked about the peculiar filenames in the netinst ISO when mounting
> its plain ISO 9660 personality:
>
>   $ sudo mount -o norock,nojoliet,map=off debian-12.2.0-amd64-netinst.iso
> /mnt/iso
>   mount: /dev/loop0 is write-protected, mounting read-only
>   $ find /mnt/iso
>   /mnt/iso
>   /mnt/iso/BOOT
>   /mnt/iso/BOOT/GRUB
>   /mnt/iso/BOOT/GRUB/EFI.IMG;1
>   /mnt/iso/BOOT/GRUB/FONT.PF2;1
>   ...
>   /mnt/iso/_DISK/MKISOFS.;1
>   /mnt/iso/_DISK/UDEB_INC.;1
>
>
> Have a nice day :)
>

You ruined my day :-)

Something similar to IBM's kludgiest relic of the early 1960s has appeared
in linux? The idea that we need version numbers embedded in filenames
involuntarily may be "natural" to somebody. But just seems sloppy to me.
And I've been an IBM mainframe admin and developer too.


Thomas
>
>

Re: systemd-timesyncd

[Nicholas Geovanis]

On Sun, Jan 7, 2024, 4:51 PM Charles Curley 
wrote:

> On Sun, 7 Jan 2024 20:36:12 +
> "Andrew M.A. Cater"  wrote:
>
> > > Take care, stay warm, well, and unvaxed.
> > > ^^^
> >
> > Gene - no partisan opinions, please, as per Code of Conduct?
>
> Oh, come on! Just because Gene doesn't like certain ancient Digital
> Equipment products…?
>

Come on There has to be a linux-based VAX simulator somewhere out there
for Gene :-D
So he can practice getting VAXed... :-D
said the man who used to use LSI-11's :-D

-- 
> Does anybody read signatures any more?
>
> https://charlescurley.com
> https://charlescurley.com/blog/
>
>

Re: Content of /etc/ethers

[Nicholas Geovanis]

On Wed, Jan 3, 2024, 8:23 PM John Hasler  wrote:

> The man page for /etc/ethers (a file) is in net-tools.  The file does
> not exist on my Sid system.
>
> The man page:
>
>   NAME
>ethers - Ethernet address to IP number database
>

Isn't that file a somehow surviving BSD-ism?


> --
> John Hasler
> j...@sugarbit.com
> Elmwood, WI USA
>
>

Re: systemd and timezone

[Nicholas Geovanis]

On Thu, Dec 21, 2023, 10:06 AM Max Nikulin  wrote:

> On 21/12/2023 12:33, to...@tuxteam.de wrote:
> .
> >
> > Double ugh.
> >
> > UNIX got that right from the start. Now this crazy notion "the computer
> > HAS to have a timezone of its own" is creeping in.
>
> Even admins may wish to see local time, not UTC in logs. So the D-Bus
> interface is no worse than the /etc/localtime file.
>

Servers work in groups and log-aggregation and analysis software is normal
in that context. And since your web server fleet, for one example, may be
spread across multiple timezones or multiple continents to reduce latency,
you configure accordingly.

>

Re: IMPORTANT: do NOT upgrade to new stable point release

[Nicholas Geovanis]

On Sun, Dec 10, 2023, 12:47 PM Curt  wrote:

> On 2023-12-10, Gary Dale  wrote:
> >
> > On 2023-12-10 12:24, Greg Wooledge wrote:
> >> On Sun, Dec 10, 2023 at 05:09:15PM -, Curt wrote:
> >>> On 2023-12-10, Andrew M.A. Cater  wrote:
>  "Now" is almost exactly Sun 10 Dec 16:55:43 UTC 2023
> >>> You mean in the Zulu Time Zone (as I am all at sea)?
> >> Use "date -u" to see current UTC time.  That should be sufficient to
> >> let you know how long it has been since Andrew's "now".
> >>
> > You're getting too complicated. The date stamp on his e-mail will
> > display the correct local time (as you have set it) so I can see that he
> > wrote it 30 minutes ago. That relative time is universal across time
> zones.
> >
> >
>
> It is the notion of simultaneity itself (the now of now) that is
> relative rather than universal.
>

I thought metaphysics was off-topic for this group. Moderators!! :-)

>

Re: File systems mounted under `/media/root/` ?

[Nicholas Geovanis]

On Sat, Dec 9, 2023, 1:50 PM Stefan Monnier 
wrote:

> Recently I noticed some unused ext4 filesystems (i.e. filesystems that
> aren't in /etc/fstab, that I normally don't mount, typically because
> they're snapshots or backups) "magically" mounted as
> `/media/root/`.
>
> This is on a headless ARM board running Debian stable.
>
> Not sure when this happen, but I noticed t least once happening in
> response to `vgchange -ay`.
>

Were there any reboots in between?

Any idea who/what does that, and how/where I can control it?
>
> Stefan
>

Re: Local time in databases (Re: ntpsec as server questions)

[Nicholas Geovanis]

On Thu, Dec 7, 2023, 8:11 PM Max Nikulin  wrote:

> On 07/12/2023 23:08, tomas wrote:
> > On Thu, Dec 07, 2023 at 10:29:29PM +0700, Max Nikulin wrote:
> >> On 07/12/2023 21:22, John Hasler wrote:
> >>> Databases should never store local time.
> >>
> >> There are exceptions when storing UTC instead of local time leads to
> >> undesired consequences.
> >
> > Heh. There was one huge thread in Emacs user about a year ago (don't
> > ask me in which time zone).
>
> Perhaps you mean emacs-ormode.
>


> Leaving aside future timestamps that may need local time, significant
> fraction of timestamps may be reliably represented in UTC.
>


> As I said above I see nothing wrong in local time with explicit time
> offset. Mail has been using it for decades:
> > Date: Thu, 7 Dec 2023 17:08:50 +0100
>

All of these considerations are what brought Oracle to create a proprietary
"datetime" datatype and use it to store all "real" dates/times. If you need
a different format for display purposes or a human readable column, you can
extract it and do that. But the internal  representation will be driven by
other needs.
YMMV :-)

Re: Bug#1056998: cdrom: Installation media changes after booting it

[Nicholas Geovanis]

On Mon, Dec 4, 2023, 3:30 AM Thomas Schmitt  wrote:

> .
> This seems to indicate that the firmware has a stake in the problem ...
>
> > Both the Thinkpad E14 Gen 5s had the same specifications and type number,
> > differing only in that the one with corruption of the installer has 24GB
> of
> > memory (16GB installed in the slot, 8GB soldered) and the other only has
> 8GB
> > soldered. They both have the same BIOS version, R2AET32W(1.07).
>
> ... but the trigger would have to be very subtle.
>
> > This seems to be really interesting because the corruption only happened
> on
> > certain computers, and it would stay that way on repeated attempts.
>


FWIW check the BIOS L[123] cache settings and consider changing them to
more conservative "slower" values if possible. And you have different RAM
models and configurations, could there be one DIMM in the mix that is
running overclocked?

Have a nice day :)
>
> Thomas
>

Grüß Gott :-)

Re: Telnet

[Nicholas Geovanis]

On Mon, Dec 4, 2023, 2:23 AM Nicolas George  wrote:

> Charles Curley (12023-12-03):
> > True. None the less, there is at least one perfectly good use for
> > telnet: testing connections to servers.
>
> Wrong. The telnet client is not entirely transparent, as the telnet
> protocol defines an escape octet to introduce commands.
>

The show-stopper early-internet issue was that the protocol did not hash,
encrypt or secure the exchange of credentials at session start time.

If you want to test a network protocol, you should use a really
> transparent client. Traditionally people use netcat (nc), but it handles
> EOF approximatively.
>

There's a little chunk of perl in the Camel book that does what you want on
any port you want. In the 2nd edition it's pg. 349-351.


For that use, I strongly recommend socat.
>
> Regards,
>
> --
>   Nicolas George
>
>

Re: Linux supprt

[Nicholas Geovanis]

On Mon, Nov 13, 2023, 12:35 PM  wrote:

>
> But yes, in a way convenience can drown out freedom. See that other
> thread in this mailing list about mail providers. All people flocking
> to gmail although it's clear that Google would like to kill mail
> as we know it.
>

But mail as "they" know it has nothing to do with transport or networking.
They know it as a service not as anything else. Like electricity. The
"freedom" to exchange email is what matters to them.

Just about everyone in the developed countries permits and is ok with their
electric/telecom/heating service coming from a monopoly, oligoploy, or
government-owned entity. So the same situation for email is ok with them as
long as the cost is low.

Cheers
> --
> t
>

Re: Linux supprt

[Nicholas Geovanis]

On Mon, Nov 13, 2023, 2:56 PM Stefan Monnier 
wrote:

> > In my experience I get much better support from the user community of
> > an open source product then I get from paid support of a commercial
> > product. Frequently I know more about the product than the person I am
> > dealing with.
>
> Same for me.  But I suspect we're in the minority.
>

I'll echo that. And yet in those work situations where I have needed
support for licensed Linux products from Red Hat/IBM, Canonical and AWS,
the support has almost always been better than online community support.
Which of course I have also leaned on. And community support is  better
than 90% + of support for other software products, for example dealing with
BMC recently.

IOW supported Linux seems to be better supported than any other software
these days. Both by vendors and by the community.

Stefan
>
>

Re: limit on attachment in mail to list

[Nicholas Geovanis]

On Fri, Nov 10, 2023, 4:54 AM Brad Rogers  wrote:

> On Fri, 10 Nov 2023 18:10:12 +0800
> hlyg  wrote:
>
> Hello hlyg,
> 
> (sweeping generalisation coming)
> People that upload such images are lazy, arrogant, and suffer
> from a massive sense of entitlement.
>

Or maybe they are used to the more recently-devised file sharing services
which let you exchange zillions of much larger files than this list allows,
but every hour. On any given day I might listen to several hundred gigs of
industrial, goth and EBM music on YouTube and Bandcamp, for free. Not even
0.1% of what was added only that one day just in those 3 styles of music.

It's a different use-case but the thoughts are all the same: Have you ever
used, say, an S3 bucket for your Debian EC2 VM in Amazon cloud?

-- 
>  Regards  _   "Valid sig separator is {dash}{dash}{space}"
>  / )  "The blindingly obvious is never immediately apparent"
> / _)rad   "Is it only me that has a working delete key?"
> If a thought came in your head it would die of loneliness
> I Don't Like You - Stiff Little Fingers
>

Re: mailx and selinux not co-operating

[Nicholas Geovanis]

On Sun, Aug 20, 2023, 9:20 AM Bhasker C V  wrote:

> Finally i switched on the enforcing mode on my linux system
> Pretty much everything is working except
>
> ```
> $ echo hello | mail -s test x...@yyy.xyz
> 2023-08-20 14:39:30 1qXieQ-000Bpa-1P 1qXieQ-000Bpa-1P no recipients found
> in headers
> Can't send mail: sendmail process failed with error code 1
> ```
> however the same works fine when I put selinux in permissive state (no
> warnings shown in audit/dmesg)
>

Is it easy for you to get the headers that cause Sendmail to say "no
recipients found in headers"? And compare with the headers generated by the
successful mail.
It might help tell if it's a bug or working as designed ;-) or maybe a
mailx issue not sendmail.

A quick ltrace says
> ```
>  1qXia0-000BPb-0a Failed to create spool file
> /var/spool/exim4//input//1qXia0-000BPb-0a-D: Permission denied
> ```
>
> However there are no avc: messages for me to allow this through in my
> selinux module
> I even tried
>
> ```
> allow unconfined_t exim_spool_t:file { open read write create };
> allow unconfined_t exim_spool_t:dir { open read write };
> ```
>
> since /var/spool/exim4/input has exim_spool_dir set in it
>
> I cant fine any booleans either ..
>
> Please could someone tell me how to get this to work ? has anyone got
> mailx working with selinux on their system ?
>
>
>

Re: Happy 30 Years Debian Project

[Nicholas Geovanis]

On Wed, Aug 16, 2023, 9:38 AM Marco  wrote:

> Am 16.08.2023 um 15:07:35 Uhr schrieb Thomas Schmitt:
>
> > >
> https://wiki.debian.org/DebianHistory?action=AttachFile&do=get&target=Debian-announcement-1993-pic-by-Ian_Murdock.png
>
> Rather interesting that people printed out usenet posts back in these
> days.
>

Remembering Ian Murdock for a moment, I didn't know him personally. Another
innocent life taken by law enforcement here in the USA. RIP.

>

Re: /etc/resolv.conf changes every booting time

[Nicholas Geovanis]

On Sat, Aug 5, 2023, 10:27 PM Greg Wooledge  wrote:

> On Sat, Aug 05, 2023 at 10:05:31PM -0500, Nicholas Geovanis wrote:
> > On Sat, Aug 5, 2023, 9:13 PM Greg Wooledge  wrote:
> >
> > > On Sun, Aug 06, 2023 at 09:28:55AM +0800, Jon Smart wrote:
> > > > How to stop the auto-changes to /etc/resolv.conf after rebooting?
> > >
> > > https://wiki.debian.org/resolv.conf
> > >
> >
> > Contrary to what that page states, auto changes to resolv.conf are never
> > appropriate in the server environment. The statement there that it works
> > fine in a "properly configured server" is the boilerplate escape hatch
> for
> > that inconvenient fact :-)
>
> Those words do not appear on that page.  I don't know which sentence(s)
> you're actually referring to.


I'm referring to these exact words:
"It also works well for many desktop and server systems, so long as the
network infrastructure is perfect."

Its a red herring because the DNS infrastructure in a data center is static
at the IP address and host name level. And I feel certain that any network
infrastructure constructed by humans is imperfect to some degree.
There's their escape hatch.

The closest thing I see there is "so
> long as the network infrastructure is perfect", which refers to the DHCP
> server, not the Debian system.
>
> A lot of us run Debian systems on networks where we DO NOT CONTROL the
> DHCP server, and have to work around it.  That's what the introduction
> of the page is talking about.
>
> In any case, appeasing EVERY reader is impossible.  I have to use vague
> wording to try to make sure nobody is offended that their personal
> preference configuration is not snubbed.  No matter how utterly batshit
> insane such a configuration may be from my point of view.
>
> I'm also forced to relegate the chattr solution to the end of the page,
> and couch it in caveats, because some people think that it's wrong.
> They can't say WHY it's wrong, of course.  Maybe because it's too simple
> and effective.  I dunno.
>
> People are horrible sometimes.
>
> With all that in mind, and considering that this is a WIKI and you may
> edit it your damned SELF if you disagree with the content, what is your
> actual disagreement?
>
>

Re: /etc/resolv.conf changes every booting time

[Nicholas Geovanis]

On Sat, Aug 5, 2023, 9:13 PM Greg Wooledge  wrote:

> On Sun, Aug 06, 2023 at 09:28:55AM +0800, Jon Smart wrote:
> > How to stop the auto-changes to /etc/resolv.conf after rebooting?
>
> https://wiki.debian.org/resolv.conf
>

Contrary to what that page states, auto changes to resolv.conf are never
appropriate in the server environment. The statement there that it works
fine in a "properly configured server" is the boilerplate escape hatch for
that inconvenient fact :-)

Re: OT: Protecting electrical equipment; was: Recommendations for a UPS?

[Nicholas Geovanis]

On Tue, Aug 1, 2023, 1:09 PM gene heskett  wrote:

> On 8/1/23 11:03, Nicholas Geovanis wrote:
> > On Tue, Aug 1, 2023, 2:40 AM Michael Kjörling <2695bd53d...@ewoof.net
> > <mailto:2695bd53d...@ewoof.net>> wrote:
> >
> > On 31 Jul 2023 15:21 -0400, from songb...@anthive.com
> > <mailto:songb...@anthive.com> (songbird):
> >  >   i do not run things for long when the power goes out
> >  > but the capacity for my needs is plenty and then i shut
> >  > down in an orderly fashion.  most of the time i shut down
> >  > the computer system and unplug the power cord and the
> >  > network cables and antenna cables if there is a storm
> >  > coming through - just out of the idea that i don't really
> >  > want things to get fried.
> >
> I replaced the original 60 amp service in 2008 with a 200, and brought
> this grandfathered 2970 house service up to code, doing all the internal
> work myself. I have a big ups running everything but the lights and
> printers in this room, got rid of the copper telephone because the cable
> was 70 years old, 50 pair paper insulated cable they would not keep
> working for a week at a time, so after 5 months of that I voted with my
> wallet and hooked all that up to the cable system. I must have done
> something right, I have not even blown a ccfl light bulb since and it
> all runs 24/7/365.25.


In your case then, you may need to pay attention to transients in your
cabling plant. Everytime a large motor starts, revs or stops, those
transients are hitting your cabling. My recollection is that you have
machine tools in addition to electronics and climate control. Even more so
then. Also grounding for your electrical system has to be proven
over-adequate. And any possible ground-loops need to be found and
remediated.


> It's worth mentioning that with a good UPS you get power-conditioning,
> > not just filtering and over/under-voltage protection. That can extend
> > the lifetime of any electric motor or other device using the conditioned
> > power. The UPS emits a controlled waveform beyond what your utility can
> > provide.
> >
> > And numerous datacenters have begun using DC-powered racks. Less power
> > loss in the individual transformers and motors in each racked server,
> > less heat to be expelled.
>
>

Re: OT: Protecting electrical equipment; was: Recommendations for a UPS?

[Nicholas Geovanis]

On Tue, Aug 1, 2023, 2:40 AM Michael Kjörling <2695bd53d...@ewoof.net>
wrote:

> On 31 Jul 2023 15:21 -0400, from songb...@anthive.com (songbird):
> >   i do not run things for long when the power goes out
> > but the capacity for my needs is plenty and then i shut
> > down in an orderly fashion.  most of the time i shut down
> > the computer system and unplug the power cord and the
> > network cables and antenna cables if there is a storm
> > coming through - just out of the idea that i don't really
> > want things to get fried.
>
> You can have incoming-mains overvoltage protection installed to
> provide a base level of protection for everything electrical against a
> mains overvoltage (but generally not other types of power
> fluctuations). It's not even all that expensive, or at least wasn't
> some years ago. Consider asking your electrician what options would be
> available in your particular situation and for a cost estimate or
> quote.
>
> Especially if you are in an area that frequently gets lightning, it
> _might_ help the UPS last longer, too, since its protective circuitry
> then doesn't need to take the brunt of the voltage spike after that is
> already well inside your home with all the associated risks.
>

It's worth mentioning that with a good UPS you get power-conditioning, not
just filtering and over/under-voltage protection. That can extend the
lifetime of any electric motor or other device using the conditioned power.
The UPS emits a controlled waveform beyond what your utility can provide.

And numerous datacenters have begun using DC-powered racks. Less power loss
in the individual transformers and motors in each racked server, less heat
to be expelled.


Michael Kjörling 🔗 https://michael.kjorling.se
> “Remember when, on the Internet, nobody cared that you were a dog?”
>
>

unknown package causing segmentation fault

[Nicholas Quednow]

Greetings,

I have been trying to figure out why in the world I am getting a
segmentation fault on trying to restart the networking service and using
the ip command.

At this point the server has been restarted and the problem has gone away,
but I did think to dump the dmesg log to a file before restarting.

The offending parts appear only at the very end of the logs, and I was not
sure what to file the report under.

Parts of the log for the segmentation fault The jump in time was me waking
up after a power outage from this morning a few hours prior):
[   61.069997] ip[8355]: segfault at 0 ip 560cde35e530 sp
7ffcfda51c68 error 6 in ip[560cde2f4000+6d000] likely on CPU 5 (core 2,
socket 0)
[   61.070016] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 8110.663298] show_signal_msg: 5 callbacks suppressed
[ 8110.663303] ip[8642]: segfault at 0 ip 559203f34530 sp
7ffd79a02db8 error 6 in ip[559203eca000+6d000] likely on CPU 4 (core 2,
socket 1)
[ 8110.663319] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 8115.767137] ip[8643]: segfault at 0 ip 55d213aab530 sp
7ffc310e04d8 error 6 in ip[55d213a41000+6d000] likely on CPU 6 (core 8,
socket 1)
[ 8115.767154] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 8152.184701] ip[8663]: segfault at 0 ip 558356545530 sp
7fffd65a1928 error 6 in ip[5583564db000+6d000] likely on CPU 8 (core 9,
socket 1)
[ 8152.184721] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 8152.192623] ip[8668]: segfault at 0 ip 55c958855530 sp
7ffc42addbd8 error 6 in ip[55c9587eb000+6d000] likely on CPU 8 (core 9,
socket 1)
[ 8152.192640] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Thank you,
Nicholas Quednow

Re: FOSS tool to do general stats from text indata

[Nicholas Geovanis]

On Fri, Jun 30, 2023, 10:32 AM Emanuel Berg  wrote:

> Nicholas Geovanis wrote:
>
> >>>>> If you have python programming skills, you might
> >>>>> consider NLTK
> >>>>
> >>>> Unbelievable if there are no such tools anywhere already,
> >>>> but I don't have one either so maybe there aren't then?
> >>>
> >>> There's a big subject called computational linguistics.
> >>> They have some specialized tools for what they call corpus
> >>> analysis. Because you mentioned statistics you threw
> >>> everyone off :-) And I really like R.
> >>
> >> Okay, so now we are getting somewhere. The technical term
> >> and scientific field of this activity is known as
> >> computational linguistics, and the guys that do that do
> >> corpus analysis. Sweet!
> >
> > Two standard text books are Foundations of Computational
> > Linguistics by R Hausser, and Computational Linguistics: An
> > Introduction by R Grishman.
> >
> > Syntactical analysis of human and artificial (programming)
> > languages is well known. But how do you attach meaning to
> > the symbols? Semantics. How do you identify style and
> > emphasis? These are the kind of starting points for
> > computational linguistics.
>
> Okay, but do we have software in the Debian repositories, or
> anywhere else in the Unix and FOSS world for that matter, so
> we can try it out in practice?
>

Those books teach and discuss some of the software that's used. I doubt you
will find them in debian's repositories. Of course you can do plenty of
computational linguistics with perl or python which you already have.

What is a "regular expression" which is at the heart of perl and python? An
expression which conforms to a certain type of grammar. Perl and python are
used directly for analyzing text (any old language). You are learning basic
computational linguistics.

-- 
> underground experts united
> https://dataswamp.org/~incal
>
>

Re: FOSS tool to do general stats from text indata

[Nicholas Geovanis]

On Fri, Jun 30, 2023, 8:32 AM Emanuel Berg  wrote:

> Nicholas Geovanis wrote:
>
> >>> If you have python programming skills, you might consider
> >>> NLTK
> >>
> >> Unbelievable if there are no such tools anywhere already,
> >> but I don't have one either so maybe there aren't then?
> >>
> >
> > There's a big subject called computational linguistics.
> > They have some specialized tools for what they call corpus
> > analysis. Because you mentioned statistics you threw
> > everyone off :-) And I really like R.
>
> Okay, so now we are getting somewhere. The technical term and
> scientific field of this activity is known as computational
> linguistics, and the guys that do that do corpus
> analysis. Sweet!
>

Two standard text books are Foundations of Computational Linguistics by R
Hausser, and Computational Linguistics: An Introduction by R Grishman.

Syntactical analysis of human and artificial (programming) languages is
well known. But how do you attach meaning to the symbols? Semantics. How do
you identify style and emphasis? These are the kind of starting points for
computational linguistics.

-- 
> underground experts united
> https://dataswamp.org/~incal
>
>

Re: FOSS tool to do general stats from text indata

[Nicholas Geovanis]

On Sat, Jun 24, 2023, 3:04 PM Emanuel Berg  wrote:

> Cousin Stanley wrote:
>
> > If you have python programming skills, you might consider
> > NLTK
>
> Unbelievable if there are no such tools anywhere already, but
> I don't have one either so maybe there aren't then?
>

There's a big subject called computational linguistics. They have some
specialized tools for what they call corpus analysis. Because you mentioned
statistics you threw everyone off :-)
And I really like R.

-- 
> underground experts united
> https://dataswamp.org/~incal
>
>

Debian 12: errors when using Python3 venv?

[Nicholas Papadonis]

Hi,

I just cleanly installed Debian 11 and am trying to create a virtual
environment for Python.

I get the following error, does anyone know how to resolve this?  Am I
missing some packages that need to be installed?

1843 [deb12:~]$ python3 -m venv pt
Traceback (most recent call last):
  File "", line 189, in _run_module_as_main
  File "", line 148, in _get_module_details
  File "", line 112, in _get_module_details
  File "/usr/lib/python3.11/venv/__init__.py", line 7, in 
import logging
  File "/usr/lib/python3.11/logging/__init__.py", line 43, in 
import threading
  File "/home/vboxuser/threading.py", line 3, in 
sem = threading.Semaphore()
  ^^^
AttributeError: partially initialized module 'threading' has no attribute
'Semaphore' (most likely due to a circular import)

Re: A case for supporting antiquated hardware, was Re: A hypervisor for a headless server?

[Nicholas Geovanis]

On Fri, Jun 2, 2023, 6:10 PM Bret Busby  wrote:

> On 3/6/23 06:33, Nicholas Geovanis wrote:
> >
> >
> > On Fri, Jun 2, 2023, 4:49 PM Bret Busby  > <mailto:b...@busby.net>> wrote:
> >
> > On 2/6/23 23:55, James H. H. Lampert wrote:
> >
> > 
> >
> >  > Luddites of the World Unite! You have nothing to lose but your
> > upgrade
> >  > treadmills
> >
> > If, by upgrade treadmills, you mean the flatbed treadmills, that
> have a
> > belt that is turned by the human walking on it, rather than the
> > electric
> > ones with electric motors for lazy humans, the ones that have the
> belt
> >
> >
> > I'm afraid he meant the treadmill that used to be called "planned
> > obsolescence". The thought that a perfectly satisfactory machine no
> > longer suffices for you because it is "yesterday's model". Thereafter it
> > will stop working with newer machines (or software) which are intended
> > to be incompatible with it.
> > And what is the end in view?
> > Sell you a new machine.
> >
> >
>
> Interesting.
>
> Last year, I bought the computer described below, as a refurbished
> machine, and, it is far superior to the new computers that do not come
> with enough RAM to be worthwhile.
>
> This computer, with 128GB RAM, I regard as far superior to an i9
> computer with 8GB RAM.
> .
>
> Refurbished computer profile (with 128GB RAM (that runs about 200
> windows of Firefox (I have one saved session, with 229 windows, and
> about 3200 tabs), while viewing movies (I also have about 10 movies open
> at present, in Celluloid and SMPlayer), although, at present, I have
> only about 127 Firefox windows open, with 1689 tabs):


Holy cow! :-)
No wonder you have 128GB RAM. You will need that much for that much
Firefox. It's a peeve of mine how resource intensive it is for a browser
compared to the competition.

Ned Ludd had his head screwed on straight. And was apparently a legendary
lover :-)
I have read that 3 Luddite sledgehammers have survived. There's your
solution for obsolescent  machinery :-)

Some computers, like this one, perform far better, than the cheap and
> nasty new computers (which cost far more, and, far too much), with the
> new computers being best described as rubbish, produced by increasingly
> malicious manufacturers (that make freedom of choice of operating
> systems, and, performance, impossible)
>



..
> Bret Busby
> Armadale
> West Australia
> (UTC+0800)
> ..
>
>

Re: A case for supporting antiquated hardware, was Re: A hypervisor for a headless server?

[Nicholas Geovanis]

On Fri, Jun 2, 2023, 4:49 PM Bret Busby  wrote:

> On 2/6/23 23:55, James H. H. Lampert wrote:
>
> 
>
> > Luddites of the World Unite! You have nothing to lose but your upgrade
> > treadmills
>
> If, by upgrade treadmills, you mean the flatbed treadmills, that have a
> belt that is turned by the human walking on it, rather than the electric
> ones with electric motors for lazy humans, the ones that have the belt


I'm afraid he meant the treadmill that used to be called "planned
obsolescence". The thought that a perfectly satisfactory machine no longer
suffices for you because it is "yesterday's model". Thereafter it will stop
working with newer machines (or software) which are intended to be
incompatible with it.
And what is the end in view?
Sell you a new machine.


> that is turned by the human walking on it, having a slight, and,
> adjustable upward grade, then, such treadmills should definitely not be
> abandoned.
>
> The human powered (rather than electric powered) treadmills are far more
> healthy, both directly for the human powering the treadmill, and, for
> the environment, especially, given that most electricity is generated
> either by burning things, and therefore, creating atmospheric pollution,
> and, poisoning most lifeforms, or, by nuclear meltdowns, causing
> radioactive poisoning, and, even worse toxic waste, than from burning
> things.
>
> So, human powered treadmills, that involve an upward grade, should not
> be abandoned, the abandonment of which treadmills, threatens life, for
> the sake of ever-increasing laziness.
>
> ..
> Bret Busby
> Armadale
> West Australia
> (UTC+0800)
> ..
>
>

Re: A hypervisor for a headless server?

[Nicholas Geovanis]

On Thu, Jun 1, 2023, 9:58 PM Victor Sudakov  wrote:

> Dear Colleagues,
>
> There is a hypervisor called bhyve for FreeBSD. It's completely
> headless, no graphics, runs as a daemon and provides serial and VNC
> consoles.
>
> Can you please advise a similar headless and minimal hypervisor for
> Debian or Ubuntu?
>

Just don't install x-windows or anything that depends on it, like a desktop
environment. Servers in datacenters run headless more than 95% of cases.
Debian and its derivatives too.


Please don't just say "kvm". I've tried installing different
> combinations of "qemu-kvm", "virt-manager" etc and they all depend on
> dozens of GUI tools.
>
> A list of packages for the "apt install" command to install a really
> minimal hypervisor would be very much appreciated. I'm not really
> afraid of writing a couple of text or YAML configuration files to
> describe VMs if it helps me avoid the GUI configuration.
>
> --
> Victor Sudakov VAS4-RIPE
> http://vas.tomsk.ru/
> 2:5005/49@fidonet
>

Re: Settings: focus when mouse over window?

[Nicholas Papadonis]

I have the default Gnome WM installed.  Does it provide a similar option?

On Thu, Jun 1, 2023 at 12:02 AM Charles Curley <
charlescur...@charlescurley.com> wrote:

> On Wed, 31 May 2023 23:53:35 -0400
> Nicholas Papadonis  wrote:
>
> > I installed Debian 11.  Does anyone know how to get this
> > functionality?  I looked through settings however didn't see an
> > option.
>
> That would depend on which desktop you installed. In XFCE, Settings ->
> Window Manager -> Focus Model -> Focus follows mouse, and Raise on
> focus.
>
> --
> Does anybody read signatures any more?
>
> https://charlescurley.com
> https://charlescurley.com/blog/
>
>

Multi Desktop Windows?

[Nicholas Papadonis]

Searched the settings for this functionality.  Does anyone know how to
enable it?

I.e. pressing Ctrl-Arrow will switch to a new virtual desktop.

Settings: focus when mouse over window?

[Nicholas Papadonis]

I installed Debian 11.  Does anyone know how to get this functionality?  I
looked through settings however didn't see an option.

Re: Data Error Messages

[Nicholas Geovanis]

I found an interesting thread from 3 years ago that might be related. Now
don't laugh :-) Do you have a USB hub attached?

Search the archives of this list for
"EXT4-fs failed to convert unwritten extents to written extents --
potential data loss!"


On Sat, May 27, 2023, 1:51 PM Mick Ab  wrote:

> A desktop PC is running Debian 11 with an AMD Ryzen CPU.
>
> The system has been running well, but now the following error messages
> have been seen :-
>
> Message from syslogd@piglit at May 27 13:58:09 ...
>   kernel:[2083218.760570] EXT4-fs (dm-0): failed to convert unwritten
> extents to written extents -- potential data loss!  (inode 394119, error
> -30)
> [3135811:3135811:0527/135811.569191:ERROR:gpu_memory_buffer_support_x11.cc(49)]
>
> dri3 extension not supported.
>
> Message from syslogd@piglit at May 27 13:58:09 ...
>   kernel:[2083218.760570] EXT4-fs (dm-0): failed to convert unwritten
> extents to written extents -- potential data loss!  (inode 394119, error
> -30)
>
> Any thoughts about why the above is happening, please ?
>
> The Opera browser was running at the time. Subsequent to the above
> messages, it was found that neither the Opera or Chrome browser could be
> opened. Firefox has been opened but seems to run in a basic mode.
>

Re: how to find out regdomain/country of wifi network

[Nicholas Geovanis]

On Sat, May 13, 2023, 5:23 AM Jeremy Ardley  wrote:

>
> On 13/5/23 18:17, Nicolas George wrote:
> > This is your interpretation, not an official stance. It might as well be
> > that they considered polluting the completion namespace of users with a
> > command they rarely need was less convenient.
>
> The actual reason is they have deprecated it in favour of the ip command
> but left it available for now with a bit of searching.
>

Ifconfig has been deprecated in Debian for some years. IIRC the wiki tells
you that but i honestly did not know that for years after Until i took
care of ubuntu servers: no root login period; no old network tools period.

Jeremy
> (Lists)
>
>

Re: how to change default nameserver?

[Nicholas Geovanis]

On Tue, Apr 11, 2023, 12:40 PM zithro  wrote:

> 

>  There's 25 years of history to computing before Linus released his his
> linux
>
> Computer history started WAY before that.
>
> > Keeping networking working on linux has been an art, not a science.
>
..

> Follow advices.
> I guess I'm done here.
>

I guess it's overdue to point out again what should be obvious: You don't
have to run NetworkManager to make use of DHCP or anything else. So you
don't need to have your name resolution config overwritten. And you can
remain under the Debian umbrella.

I will go even further: NetworkManager is for laptops, not home setups. We
don't use it on servers in a data center, period end. It has no use-case in
that environment.

Re: Is perl still the No.1 language for sysadmin?

[Nicholas Geovanis]

On Sun, Apr 2, 2023, 3:59 AM  wrote:

> I saw many commands in /bin and /usr/bin are written by perl.
> is perl still the first choice for sysadmin on linux?
>

I first wrote perl on unix/linux in 1991. The first python I wrote was
about 10 years later. By that time the Redhat/fedora/CentOS distro had
hundreds of thousands of lines of python thruout it. I built the perl
interpreter from source on IBM mainframes by 1994.

Python is a more modern programming language than perl, and more in the
European CS tradition. Larry Wall said directly that the OO features in
perl were fake :-) because it was another fad. You can feel the difference
in python. 3 styles you could code in python: old-fashioned procedural,
functional like lisp, or modern OO.

Thanks.
>
>

Re: auto restarting in crontab

[Nicholas Geovanis]

On Wed, Mar 15, 2023, 7:56 PM  wrote:

> Greetings,
>
> My script for monitoring Node.js app as follows. I put it in crontab for
> auto-check and restart if failure.
>
> #!/bin/bash
>
> # scan the port
> nc -z 127.0.0.1 3000
>
> if [ $? -eq 0 ];then
>exit
> else
>killall node
>sleep 1
>nohup serve -s  /home/myUsername/workspace/xxx-frontend/build &
> fi
>
>
> I can run the script by manual, but in crontab it won't work. that
> means, when node.js dies, it will not get restarted by this script
> automatically.
>
> Can you give any hints?
>

Cron jobs run in a sanitized environment and may not be running with the
permissions you have as root on the command line.

Thanks
> Corey Hickman
>
>

Re: Libvirt dnsmasq oddity

[Nicholas Geovanis]

On Tue, Jan 10, 2023, 12:10 PM Charles Curley <
charlescur...@charlescurley.com> wrote:

> I seem to have hit an oddity in how dnsmasq operates for libvirt.
>
> I have two host machines each with several guests. One of those is also
> the local samba server. Guests on the non-samba server can resolve the
> samba server's host name correctly, so far without fail.
>
> Guests on the samba server sometimes get the correct IP address for the
> samba server, and other times get an IP address for the samba server of
> 127.0.1.1. That is the IP address provided in the host's /etc/hosts.
>
> I have a workaround of hard coding the IP address in the fstab entry,
> but that's tacky. Is there a better way to handle this?
>

I would first want to find out why the samba server is doing that
"sometimes" but not others.

My first guess would be that you have a hostname identified somewhere that
resolves to 2 different addresses, depending. And one or both may be
defaulted addresses. But Charles you seem to be past those kinds of
mistakes usually :-)

-- 
> Does anybody read signatures any more?
>
> https://charlescurley.com
> https://charlescurley.com/blog/
>
>

Re: stopping mass surveillance

[Nicholas Geovanis]

On Mon, Dec 26, 2022, 7:43 PM Albretch Mueller  wrote:

>
>
>  Athenians in a crucial moment of their history invented "democracy"
> as some specific social technologies in order to ensure openness and
> conscious participation of all members of society;


False. Not even half the male population in ancient Athens were citizens.
Even the "police" (from the Greek "polis", city) were slaves owned by
Athens itself, not an individual. Of course no female could be a citizen.

when they saw
> themselves imminently enslaved by the hugely more powerful Persian
> empire (the worldsonlysuperpower of those days, they were also "good
> Christians" who heard God telling them things and thought to be their
>

False. The ancient Persians worshipped Zoroaster, not the God of the
Hebrews/Christians.

 Compare that to what happened during the Snowden revelations when
> gringos realized that their own governments was spying on their
> supposedly "private" lives and keeping dossiers of everyone way more
> intrusively than the stasi, the KGB, ... all those "un-American"
>

That information was revealed in the early 1970s by the Watergate hearings
and the Church Commitee in the US congress, and by the legal actions
against the FBI and its counter intelligence program. It's nothing new, but
plenty of Americans forgot about that or never knew. And lots of Americans
like those unconstitutional government programs too.


>  lbrtchx
>
>

Re: just saying

[Nicholas Geovanis]

On Thu, Nov 24, 2022, 6:28 PM Mario Marietto  wrote:

> Everytime I say to someone That are skilled I always get the same reply.
> Im not. So what ? there arent skilled people all around anymore ? there are
> many. but likely they dont want to be called like this. Most of the times
> there isnt a large numbers of choices when the time to chose a job is came.
> Often it seems that something make the choice for you. And this choice can
> be different from what you would like to do. You cant really ignore that
> kind of calling. I think the bigger earning comes for example from the
> programmers that are close to linus,they can modify the linux source code,
> they work for big companies,they make the best earnings. A lot of linux
> users dont earn well. In theory the open source code gives an opportunity
> that the closed source does not give,but pratically this opportunity is
> reserved for a very small number of programmers that will earn few money.
>

And I think here is where you are losing the trail a bit. The business
world doesn't want to pay lots of expensive software developers. That's why
far less than 1% of the USA workforce work are  software developers.
Businesses want to solve the IT problems that they need solved. Authoring
new software to solve those problem is less necessary over time, yet more
expensive over time.

Open source did not make that situation, the evolution of technology made
it happen. Just because linux, say, may be the beneficiary of that
evolution, does not imply that linux-related employment is noticeable.

I suspect that you didnt understood what I mean with "socialyze' ; please
> read again.
>
> Il ven 25 nov 2022, 01:05 David  ha scritto:
>
>>
>>
>> On Fri, Nov 25, 2022 at 00:51, Mario Marietto 
>> wrote:
>>
>> you missed the fact that Im not Talking about you or about the users that
>> are very skilled. I use linux from the '90s and I never used one of the
>> tools you are using. But im not a total newbie. So,think About how many
>> categories of users can use linux without to have a good understanding
>> about what they are doing. Can they understand what part of the source code
>> does what ? open source code is not tailored for the majority of the linux
>> users. The real advantage is for the skilled programmers. So,this also
>> means that concepts like freedom and openess and security still sounds
>> good,but they can be implemented by the majority. This also mean that ok a
>> lot of users can use linux for free,but they have no access to the most
>> opportunities in terms of earnings. Infact I suspect that only few skilled
>> people can change the source code and commit the changes and only these
>> persons earns a lot of money. An interesting idea could be to socialize the
>> source code of linux with its applications. I mean,to create a method that
>> hellp every person with medium intellectual abilities to understand what
>> the souce code does to propose a bigger amount of changes. In this way
>> linux and the tools can grow in quality and quantity.
>>
>>
>> I'm not missing anything.
>> I am pointing out that I'm not skilled, other than a modest ability with
>> LaTeX.
>> If people want to become familiar with things on the code level, they
>> have that opportunity.
>> If they don't, they're going to have to depend on the abilities of those
>> who have, aren't they.
>> We all have our priorities, but at least with open source, the
>> opportunity is there.
>> Please show me where that facility is available with closed source code.
>> And, the vast majority of open source developers are not `earning big
>> money'.
>> They do it for the broader spectrum definition of wealth. And if you
>> don't think that the source code is socialised, I think you need to look at
>> your definitions.
>> I can't think of any other asset, off the top of my head which is
>> socialised to the same degree.
>> The code is the medium by way in which open source tools grow'.
>> It's not a paint by numbers scenario.
>> You are either prepared to learn the language or you are not.
>> No return without investment.
>> Cheers!
>>
>>
>> Il ven 25 nov 2022, 00:16 David  ha scritto:
>>
>>>
>>>
>>> On Fri, Nov 25, 2022 at 00:01, Mario Marietto 
>>> wrote:
>>>
>>> For most users it makes no real difference using closed or open source
>>> code,because yes,they can look inside the code,but to understand what the
>>> code does they need a master degree. So,for all these users,maybe it's a
>>> better idea to use the closed source OS,at least they will be able to use
>>> the OS in a more functional way. For sure someone else will work to find
>>> the backdoors,but again : a newbie will not be able to understand if a
>>> backdoor has been found or if their os is patched. They can only trust what
>>> the programmers say. At this point a psychological attitude is needed to
>>> gain the real advantage of the open source code : to believe in the
>>> good faith of the "good" programmers,but ehy,even this can be

Re: Trouble with ansible and apt. Is this a known problem?

[Nicholas Geovanis]

On Wed, Nov 23, 2022, 5:26 PM David Wright  wrote:

> On Wed 23 Nov 2022 at 20:18:43 (+0100), Nathanael Schweers wrote:
> > > It doesn't look like this exact problem is known at
> https://github.com/search?q=org%3Aansible+X509_V_FLAG_CB_ISSUER_CHECK+is%3Aissue&type=issues,
> but there are a few suggestions among the matching bugs.
> >
> > > One suggestion appears to be that your python module "cryptography" is
> too new for Ansible. You don't state how you installed Ansible, but you
> might find installing it into a virtualenv is more reliable.
> >
> > I installed ansible from apt.  I therefore wonder how the debian package
> > for `python3-cryptography` can be too new for ansible, which is also
> > installed via apt, not pip.
> >
> > I removed the pip installation from my user’s home directory and even
> > re-installed all already installed python packages on my system, but I
> > still have the same problem.  Is this actually broken on debian at the
> moment?
>
> We need to know the versions of the (relevant) packages on your system.
>
> BTW you started this thread with "I recently installed Debian Bullseye
> on my desktop machine, having previously used Debian sid." We need to
> know whether the last part of that sentence is of any relevance, or
> just an aside.
>

We also need to know what happened between the "I recently installed
Debian" statement and your "suddenly 2 days ago Ansible..." statement.

The python runtime messages probably indicate a missing variable. But have
you determined that is the actual error? And from where it is missing?

Cheers,
> David.
>

Re: Increased read IO wait times after Bullseye upgrade

[Nicholas Geovanis]

On Fri, Nov 11, 2022, 7:27 PM Gareth Evans  wrote:

>
>
> On 11 Nov 2022, at 16:59, Vukovics Mihály  wrote:
>
> 
>
> Hi Gareth,
>
> dmesg is "clean", there disks are not shared in any way and there is no
> virtualization layer installed.
>
> Hello, but the message was from Nicholas :)
>
> Looking at your first graph, I noticed the upgrade seems to introduce a
> broad correlation between read and write iowait.  Write wait before the
> uptick is fairly consistent and apparently unrelated to read wait.
>
> Does that suggest anything to anyone?
>


What I see in the first graph that's odd is that only read latency really
increased. The other wait times remained pretty stable, just a small uptick
with greater variance.That graph is only the sda drive apparently.

What could bring about a jump in only read latency? Yet not in write
latency or device wait time. Seems to me it must be some buffer, filesystem
parameter or device queue changed size at the upgrade.

In your atop stats, one drive (sdc) is ~50% more "busy" than the others,
> has double the number of writes, a higher avq value and lower avio time.
> Is it normal for raid devices to vary this much?
>
> Is this degree of difference consistent over time?  Might atop stats
> during some eg. fio tests be useful?
>
> Have you done any filesystem checks?
>
> Thanks,
> Gareth
>
>
>
>
>

Re: Increased read IO wait times after Bullseye upgrade

[Nicholas Geovanis]

On Fri, Nov 11, 2022, 1:58 AM Vukovics Mihály  wrote:

> Hi Gareth,
>
> I have already tried to change the queue depth for the physichal disks
> but that has almost no effect.
> There is almost no load on the filesystem, here is 10s sample from atop.
> 1-2 write requests but 30-50ms of average io.
>
> DSK |  sdc  | busy 27%  | read   0  | write  2  |
> KiB/r  0  | KiB/w  0  |   | MBr/s0.0  | MBw/s
> 0.0  | avq 1.83  | avio 38.0 ms  |
> DSK |  sdb  | busy 18%  | read   0  | write 1  |
> KiB/r  0  | KiB/w  1  |   | MBr/s 0.0  | MBw/s
> 0.0  | avq 1.63  | avio 52.0 ms  |
> DSK |  sde  | busy 18%  | read   0  | write 1  |
> KiB/r  0  | KiB/w  1  |   | MBr/s 0.0  | MBw/s
> 0.0  | avq 1.63  | avio 52.0 ms  |
> DSK |  sda  | busy 17%  | read   0  | write 1  |
> KiB/r  0  | KiB/w  1  |   | MBr/s 0.0  | MBw/s
> 0.0  | avq 1.60  | avio 48.0 ms  |
>

Those numbers for percentage busy seem very high to me for such a low rate
of IO initiation. Either the blocks being moved are very large (not
necessarily wrong, maybe just poorly configured for the load) or there are
other things going on with the drives.

Are the physical drives shared with any other systems? Are multiple VMs of
whatever type running on the same hardware host?

Another possibility: the drives and or filesystems are thrashing as they
respond to hardware and/or filesystem problems. Anything interesting there
in dmsg or logs?


On 2022. 11. 10. 14:32, Gareth Evans wrote:
> > On Thu 10 Nov 2022, at 11:36, Gareth Evans 
> wrote:
> > [...]
> >> This assumes the identification of the driver in [3] (below) is
> >> anything to go by.
> > I meant [1] not [3].
> >
> > Also potentially of interest:
> >
> > "Queue depth
> >
> > The queue depth is a number between 1 and ~128 that shows how many I/O
> requests are queued (in-flight) on average. Having a queue is beneficial as
> the requests in the queue can be submitted to the storage subsystem in an
> optimised manner and often in parallel. A queue improves performance at the
> cost of latency.
> >
> > If you have some kind of storage performance monitoring solution in
> place, a high queue depth could be an indication that the storage subsystem
> cannot handle the workload. You may also observe higher than normal latency
> figures. As long as latency figures are still within tolerable limits,
> there may be no problem."
> >
> >
> https://louwrentius.com/understanding-storage-performance-iops-and-latency.html
> >
> > See
> >
> > $ cat /sys/block/sdX/device/queue_depth
> >
> --
> --
> Köszönettel:
> Vukovics Mihály
>
>

Re: Fwd: [SECURITY] [DLA 3173-1] linux-5.10 security update

[Nicholas Geovanis]

On Wed, Nov 2, 2022, 9:35 AM Anssi Saari  wrote:

> John Boxall  writes:
>
> > On 2022-11-02 03:40, Anssi Saari wrote:
> >> Looks like a linux-5.10 source package was indeed added to Buster in
> >> August and as you noted, it's getting security updates too. There's some
> >> info on the what and when at https://tracker.debian.org/pkg/linux-5.10
> >> but I don't know the why.
> >>
> >
> > Here is the information on the "why":
> >
> > https://www.debian.org/lts/security/2022/dla-3102
>
> Interesting. I thought it might be that but then as backport users are
> usually left out in the cold as far as security updates are concerned, I
> thought it couldn't be.
>

I'm just curious if this is the first time that a kernel _version_ bump
took place within the trajectory of a single Debian version? Or have kernel
_version_ changes always taken place at debian release boundaries before?

>

Re: AWS Debian AMIs

[Nicholas Geovanis]

On Wed, Oct 26, 2022, 11:45 AM Eric Stone  wrote:

> Hello Debian,
>
> I have a problem on AWS, where I have about 20 servers that I cannot
> access because I cannot re-subscribe to the AMI.
>
> The issue is the AMI - I can not re-subscribe to the marketplace image.
>

The message I receive says "this image has been removed and is no
longer available to new customers". Of course Debian 9 is now rather old.
They may be allowing existing AMIs to keep running but not new
installations.

AMI:ami-00424db9a7a4b343b
>
> PROBLEM:   In order to use this AWS Marketplace product you need to accept
> terms and subscribe. To do so please visit
> https://aws.amazon.com/marketplace/pp?sku=55q52qvgjfpdj2fpfy9mb1lo4
>
> Amazon Account ID:  412380406902
>
> I need to be subscribed, can you please help?
>
> Who runs the Amazon / AWS / Relationship??
>
>
> Sincerely,
> Eric Stone
> erictst...@gmail.com
>

Re: OT: mysql-workbench alternative

[Nicholas Geovanis]

On Sat, Sep 24, 2022, 2:47 PM Gareth Evans  wrote:

> Given what looks to be the ongoing absence of mysql-workbench in stable:
>
> https://tracker.debian.org/pkg/mysql-workbench
>
> Can anyone recommend a free (at least as in beer) alternative that creates
> ERDs automatically from MariaDB?
>

It's just an educated guess but can't doxygen do that?

I tried installing mysql-workbench-community from mysql.com on Ubuntu
> 22.04, but it wouldn't find MariaDB (which was running) to attempt to
> connect with, so not sure if that's what I really want anyway!
>
> Running under Wine is an option if necessary.
>
> Thanks,
> Gareth
>
>

Re: Bug - remote DNS monitoring

[Nicholas Geovanis]

On Tue, Aug 30, 2022, 2:13 PM Casey Deccio  wrote:

> Hi all,
>
> I am having trouble tracking down a bug in my monitoring setup.  It all
> happened when I upgraded the monitored host (host B in my example below) to
> bullseye.  Note that Host A is also running bullseye, but the problem
> didn't show itself until Host B was upgraded.
>
> Here is the setup:
>
> Host A (monitoring):
> Installed: nagios4, nrpe-ng
> IP address: 192.0.2.1
>
> Host B (monitored):
> Installed: nrpe-ng, monitoring-plugins-standard, bind9-dnsutils
> IP address: 192.0.2.2
>
> Host C (monitored through host B):
> Installed: bind9
> IP address: 192.0.2.3
> Configured to answer authoritatively for example.com on port 53.
>
>  nrpe
> over HTTPs  DNS
> Host A --> Host B -> Host C
>

When you run check_dns by hand on Host B, you don't say who you are
logged-in as. That can make a difference. Nagios runs its scripts in a
known environment which may be different than you expect.

On Host B, I run the following:
> sudo /usr/bin/python3 /usr/sbin/nrpe-ng --debug -f --config
> /etc/nagios/nrpe-ng.cfg
>
> While that is running, I run the following on Host A:
> /usr/lib/nagios/plugins/check_nrpe_ng -H 192.0.2.2 -c check_dns -a
> example.com 192.0.2.3 0.1 1.0
>
> The result of running the command on Host A is:
> DNS CRITICAL - '/usr/bin/nslookup -sil' msg parsing exited with no address
>
> On Host B, I see the following debug output:
> 200 POST /v1/check/check_dns (192.0.2.1) 78.05ms
> Executing: /usr/lib/nagios/plugins/check_dns -H example.com -s 192.0.2.3
> -A -w 0.1 -c 1.0
>
> When I run this exact command on Host B, I get:
> $ /usr/lib/nagios/plugins/check_dns -H example.com -s 192.0.2.3 -A -w 0.1
> -c 1.0
> DNS OK: 0.070 seconds response time. example.com returns
> 192.0.2.10,2001:db8::10|time=0.069825s;0.10;1.00;0.00
>
> Looks good!  When I run nslookup (run by check_dns), it looks good too:
> $ /usr/bin/nslookup -sil example.com 192.0.2.3
> Server: 192.0.2.3
> Address: 192.0.2.3#53
>
> Name: example.com
> Address: 192.0.2.10
> Name: example.com
> Address: 2001:db8::10
>
> After rerunning nrpe-ng with strace -f, I see something:
>
> [pid 1183842] write(2, "nslookup: ./src/unix/core.c:570:"..., 83) = 83
> ...
> [pid 1183841] read(4, "nslookup: ./src/unix/core.c:570:"..., 4096) = 83
>
> So it appears that the nslookup process is reporting an error.  But I
> cannot reproduce it outside of nrpe-ng.
>
> Any suggestions?
>
> Casey
>

Re: still blue

[Nicholas Geovanis]

On Mon, Jul 25, 2022 at 6:17 AM Thomas Schmitt  wrote:

> Hi,
>
> refining my proposal i tested this function to list about 7600 blueish
> colors:
>


>
> done
>
> All random samples from this list yielded blueish background with
>   xterm -bg "$value" &
> I hope there are not local spots of non-blue appearance.
>
> It turned out that in my eyes high values of red can unblue ignificantly
> higher values of blue to some pinkish magenta. Very low values of blue are
> perceived as black, unless real black is there ifor comparison (then it's
> midnight blue).
>

It's easy to forget that the human eye is sensitive to only a few photons
of light.
At that scale and sensitivity, perception must be dominated by individual
differences at a physical, neurological level.
So since we are all different from each other but grossly-similar at that
macro level, we do not necessarily agree on color.
And since emotional perception often guides our neurological development,
there is no hope of agreement :-)


> Have a nice day :)
>

Schoenes Abendessen :-)


> Thomas
>
>

Re: SSH timeout logoff don't work!

[Nicholas Geovanis]

On Tue, Jun 21, 2022 at 6:04 AM Greg Wooledge  wrote:

> On Tue, Jun 21, 2022 at 10:05:43AM +0200, Conti Stefano wrote:
> > Hello! In My Debian 11 SSH timeout logoff not work! I must put in
> > .bashrc of my user: TMOUT=600 to loogut after 10 minutes. Work, of
> > course, but close all bash terminal!
> >
> > This is my sshd_config with info for timeout:
> >
> > TCPKeepAlive no
> > ClientAliveInterval 600
> > ClientAliveCountMax 0
>
> Those settings *are not* supposed to close an idle ssh session.  Nothing
> in ssh is supposed to close an idle session.  There isn't any facility
> to do that, because it's entirely contrary to the design of ssh.
>
> Your TMOUT solution is the standard way to appease the managerial morons
> who are asking this of you.


Well, it's one of the standard ways. The other is to let the network admins
do it instead.


> It asks the shell to terminate if it's
> sitting idle for however many seconds you specify.  If the shell closes,
> then the ssh session is free to close as well, assuming there are no
> active tunneling connections, etc.
>
>

Re: Alan Turing given posthumous royal pardon

[Nicholas Geovanis]

On Sun, Jun 5, 2022, 4:22 AM sp...@caiway.net  wrote:

> Sources
>
> "Enigma codebreaker Alan Turing given posthumous royal pardon" —
> Channel 4 News, December 24, 2013
>

Turing's pardon was simply Britain's Tories pandering for the gay vote.
Everyone knew these things about Turing years before that, from Hodge's
biography of him.

There is no new info here. So stop posting to this list about fluff.


"Alan Turing: WWII Code-Breaker Granted Pardon" — Sky News, December
> 24, 2013
> "Royal pardon for codebreaker Alan Turing" — BBC News Online, December
> 24, 2013
> Caroline Davies. "Enigma codebreaker Alan Turing receives royal
> pardon" — The Guardian, December 24, 2013
> Steven Swinford. "Alan Turing granted Royal pardon by the Queen" — The
> Daily Telegraph, December 24, 2013
>
>

Re: System freeze until REISUB

[Nicholas Geovanis]

On Wed, Jun 1, 2022, 3:40 PM riveravaldez 
wrote:

> Hi, I have just updated a Debian Stable system and had an apparent
> full-freeze (GUI frozen, IceWM non-respondent and Ctrl+Alt+FN did
> nothing, keyboard lights also were fixed).
> Using REISUB system rebooted and everything seems normal right now.
> Only thing I remember changing was the addition of qlipper to the
> IceWM startup file, nothing else. But after the update I didn't
> rebooted, just logged-out of session and re-logged-in, through
> lightdm.
> System has some pendent hardware issues, so, just mentioning the
> freeze in case someone sees something more or less obvious in the
> near-hang section of journalctl:
>

Fingers pointing at the Nouveau graphics driver. I think other problems
have been reported with it recently but I don't know the real story.

$ sudo journalctl -exp3
> (...)
> jun 01 16:21:06 debian smartd[562]: Device: /dev/sdb [SAT], 2
> Currently unreadable (pending) sectors
> jun 01 16:21:06 debian smartd[562]: Device: /dev/sdb [SAT], 2 Offline
> uncorrectable sectors
> jun 01 16:51:05 debian smartd[562]: Device: /dev/sda [SAT], 1
> Currently unreadable (pending) sectors
> jun 01 16:51:05 debian smartd[562]: Device: /dev/sda [SAT], 1 Offline
> uncorrectable sectors
> jun 01 16:51:05 debian smartd[562]: Device: /dev/sdb [SAT], 2
> Currently unreadable (pending) sectors
> jun 01 16:51:05 debian smartd[562]: Device: /dev/sdb [SAT], 2 Offline
> uncorrectable sectors
> jun 01 17:04:13 debian kernel: nouveau :00:0d.0: bus: MMIO write
> of  FAULT at 00b010
> jun 01 17:04:13 debian kernel: nouveau :00:0d.0: bus: MMIO write
> of  FAULT at 00b020
> jun 01 17:04:13 debian kernel: nouveau :00:0d.0: bus: MMIO write
> of 00540001 FAULT at 00b000
> jun 01 17:04:21 debian pulseaudio[611714]: Unable to contact D-Bus
> session bus: org.freedesktop.DBus.Error.NotSupported: Unable to
> autolaunch a dbus-daemon wi>
> jun 01 17:04:21 debian pulseaudio[611714]: Failed to load module
> "module-jackdbus-detect" (argument: "channels=2"): initialization
> failed.
> jun 01 17:06:29 debian lightdm[612173]: gkr-pam: unable to locate
> daemon control file
> jun 01 17:06:37 debian pulseaudio[612301]: Unable to contact D-Bus
> session bus: org.freedesktop.DBus.Error.NotSupported: Unable to
> autolaunch a dbus-daemon wi>
> jun 01 17:06:37 debian pulseaudio[612301]: Failed to load module
> "module-jackdbus-detect" (argument: "channels=2"): initialization
> failed.
> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
> "libpipewire-module-protocol-native" was found
> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
> "libpipewire-module-client-node" was found
> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
> "libpipewire-module-client-device" was found
> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
> "libpipewire-module-adapter" was found
> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
> "libpipewire-module-metadata" was found
> jun 01 17:06:48 debian xdg-desktop-portal[612425]: No module
> "libpipewire-module-session-manager" was found
> jun 01 17:06:48 debian xdg-desktop-portal[612425]: core
> 0x557fa9e5fe10: can't find protocol 'PipeWire:Protocol:Native': La
> operación no está soportada
> jun 01 17:06:52 debian kernel: nouveau :00:0d.0: bus: MMIO write
> of 0121 FAULT at 00b010
> jun 01 17:06:53 debian kernel: nouveau :00:0d.0: bus: MMIO write
> of 015a0001 FAULT at 00b020
> jun 01 17:07:38 debian kernel: nouveau :00:0d.0:
> deltachat-deskt[612429]: failed to idle channel 2
> [deltachat-deskt[612429]]
> jun 01 17:07:53 debian kernel: nouveau :00:0d.0:
> deltachat-deskt[612429]: failed to idle channel 2
> [deltachat-deskt[612429]]
> -- Boot 9783f0d6715b495bba92f4ecdd28177d --
> jun 01 17:10:21 debian kernel: k10temp :00:18.3: unreliable CPU
> thermal sensor; monitoring disabled
> jun 01 17:10:39 debian smartd[570]: Device: /dev/sda [SAT], 1
> Currently unreadable (pending) sectors
> jun 01 17:10:39 debian smartd[570]: Device: /dev/sda [SAT], 1 Offline
> uncorrectable sectors
> jun 01 17:10:39 debian smartd[570]: Device: /dev/sdb [SAT], 2
> Currently unreadable (pending) sectors
> jun 01 17:10:39 debian smartd[570]: Device: /dev/sdb [SAT], 2 Offline
> uncorrectable sectors
>
> Thanks a lot in advance, kind regards!
>
>

Re: setting path for root after "sudo su" and "sudo" for Debian Bullseye (11)

[Nicholas Geovanis]

On Fri, May 20, 2022, 7:28 PM David Wright  wrote:

> On Thu 19 May 2022 at 15:42:33 (-0500), Nicholas Geovanis wrote:
> > On Thu, May 19, 2022, 3:14 AM 황병희  wrote:
> > > Tom Browder  writes:
> > >
> > > > I need a special path setting for root after both "sudo" and "sudo
> > > > su." (...)
> > >
> > > Just you try like as "sudo su -". Sometimes i use it that way.
> > >
> >
> > When I need to use sudo or su to invoke executables, I fully qualify the
> > path to sudo and the path to that specific executable by using their full
> > path from /. And I often assign values to the important environment
> > variables at the beginning of that same command line. Like...
> >
> > joe="schmoe" slap="moe" /usr/bin/sudo 
> >
> > The idea is to draw a line around that invocation by limiting what it
> > "knows".
>
> If you're running bash, then giving the full path for sudo will
> circumvent any aliases you've defined, and any other versions
> of sudo available from earlier in your $PATH, but there's not
> necessarily any security bonus. After Greg (2018):
>

Translation: There is no silver bullet that makes your system secure. There
are many steps large and small that make it incrementally more secure. Yes
that's true.

$ function /usr/bin/sudo { echo teehee; }
> $ /usr/bin/sudo whatever
> teehee
> $
>
> Cheers,
> David.
>
>

Re: setting path for root after "sudo su" and "sudo" for Debian Bullseye (11)

[Nicholas Geovanis]

On Thu, May 19, 2022, 3:14 AM 황병희  wrote:

> Tom Browder  writes:
>
> > I need a special path setting for root after both "sudo" and "sudo
> > su." (...)
>
> Just you try like as "sudo su -". Sometimes i use it that way.
>

When I need to use sudo or su to invoke executables, I fully qualify the
path to sudo and the path to that specific executable by using their full
path from /. And I often assign values to the important environment
variables at the beginning of that same command line. Like...

joe="schmoe" slap="moe" /usr/bin/sudo 

The idea is to draw a line around that invocation by limiting what it
"knows".

Sincerely, Linux fan Byung-Hee
>
> --
> ^고맙습니다 _白衣從軍_ 감사합니다_^))//
>
>

Re: Acer CMOS Setup and Ctrl+S [was Installation fails to recognize SSD]

[Nicholas Geovanis]

On Sat, May 14, 2022, 5:19 PM David Christensen 
wrote:

> On 5/14/22 09:52, Felmon Davis wrote:
> > On Fri, 13 May 2022, David Christensen wrote:
> >
> >> Does Acer document the CMOS Setup Ctrl+S key combination?
> >
> > the only 'documentation' I've seen is in the webs. I noticed if you
> > search "Acer AHCI" you get a ton of hits on something called
> > . as far as I've looked so far, that's a
> > user forum.
> >
> > ok, you made me do it. I searched for a manual but I don't see anything
> > in it about hidden options:
> > 
> >
> > so the solution comes from folklore.
> >
> > fjd
>
> Thank you for researching it.
> If I were an Acer product owner, I would complain to Acer.
>

The doc you cite tells you on pg 36 how to enter the setup CMOS interface.
It's an F2 key.
Note that Acer doesn't write the BIOS, they buy it. So you go to that BIOS
manufacturer's support site for doc usually. There are only a handful of
BIOS providers, fewer than motherboard makers or computer brands.


> David
>
>

Re: google account say it will no longer deliver email

[Nicholas Geovanis]

On Thu, May 12, 2022 at 6:06 PM Ash Joubert  wrote:
...trimmed...


> Two-factor authentication is when you need to confirm your login with an
> SMS message or one-time pad or other second way of authenticating that
> you are who you claim to be. 2FA is popular because users choose weak
> passwords and share them between services. If users generate a unique
> strong random password for every service, little is gained with 2FA, and
> 2FA is then just a massive pain in the arse. But user behaviour is
> unreliable.
>

In the last couple years many corporate and not-for-profit organizations
have implemented
2-factor authentication internally. Even in the physical office many
transactions require 2FA interaction.
Where I am now that is also the case, and 2FA is configured to prompt with
a choice between receiving
the 2nd factor by SMS text message, voice call, or email. They're using
Pulse 2FA. So your provider
can do that too if they want to. But the whole point of 2FA is that there
shall be a second response
from a previously known location for you: phone number, email address, etc.

That's the value added in exchange for Ash's "massive pain in the arse".
Just making the 1st factor be
a loong password is not equivalent to 2FA in any way. Machine reaching back
to you is the difference.

...
>
> Kind regards,
>
> --
> Ash Joubert 
> Director
> Transient Software Limited 
> New Zealand
>
>

Re: file born 30 seconds after its creation on ext4 - bug?

[Nicholas Geovanis]

On Tue, Apr 26, 2022 at 12:37 PM Nicholas Geovanis 
wrote:

> On Tue, Apr 26, 2022 at 8:45 AM Vincent Lefevre 
> wrote:
>
>> On an ext4 filesystem, I got a file born 30 seconds after its
>> actual creation. Is this a bug?
>>
>
> Only experimentation can really back me up on this, but consider the
> following:
>
> Every time you use the "|" operator or the ";" separator on a command-line,
> new processes are being spawned. Which wait to be dispatched on a core.
> But you are not serializing the dispatch of those processes, and
> especially with
> 16 fast cores, you can't predict their order of execution.
>

A couple more observations:
(1) It looks like you're trying to observe behavior in the very same
filesystem in which
the running executable is loaded from and its log files are being
written-to. That's
alot of variables in motion at once.

(2) Yes, the "|" is in a sense serializing I/O in "lt|head". But the
filesystem is syncing
buffered and disk-based content separately from that.


> I know that such issues can be observed with NFS, but here this
>> is just a local ext4 filesystem.
>>
>> Here are the details.
>>
>> I started a shell script:
>>
>> cventin:~> ps -p 667828 -o lstart,cmd
>>  STARTED CMD
>> Tue Apr 26 14:43:15 2022 /bin/sh /home/vlefevre/wd/mpfr/tests/mpfrtests.sh
>>
>> This script creates a file mpfrtests.cventin.lip.ens-lyon.fr.out
>> very early. But the first attempts to look at this file failed:
>>
>> cventin:~/software/mpfr> tail -n 30 mpfrtests.*.out; ll mpfrtests.*.out
>> zsh: no match
>> zsh: no match
>> cventin:~/software/mpfr[1]> tail -n 30 mpfrtests.*.out; ll mpfrtests.*.out
>> zsh: no match
>> zsh: no match
>> cventin:~/software/mpfr[1]> lt|head
>>  <14:43:42
>> total 7016
>> -rw-r--r--  1  188644 2022-04-26 14:43:42 config.log
>> -rw-r--r--  12861 2022-04-26 14:43:42 conftest.c
>> -rw-r--r--  1   0 2022-04-26 14:43:42 conftest.err
>> -rw-r--r--  11907 2022-04-26 14:43:42 confdefs.h
>> -rwxr-xr-x  1  632161 2022-04-26 14:43:16 configure.lineno*
>> drwxr-xr-x  24096 2022-04-26 14:43:11 doc/
>> drwxr-xr-x  34096 2022-04-26 14:43:11 tune/
>> -rwxr-xr-x  1   23568 2022-04-26 14:43:11 depcomp*
>> drwxr-xr-x  5   36864 2022-04-26 14:43:11 tests/
>> cventin:~/software/mpfr> lt|head
>> <14:43:47
>> total 6416
>> -rw-r--r--  1   19436 2022-04-26 14:43:47 config.log
>> -rw-r--r--  1 561 2022-04-26 14:43:47 conftest.c
>> -rw-r--r--  1   0 2022-04-26 14:43:47 conftest.err
>> -rw-r--r--  14138 2022-04-26 14:43:47 mpfrtests.cfgout
>> -rw-r--r--  1 500 2022-04-26 14:43:47 confdefs.h
>> -rwxr-xr-x  1  632161 2022-04-26 14:43:45 configure.lineno*
>> -rw-r--r--  1 878 2022-04-26 14:43:45
>> mpfrtests.cventin.lip.ens-lyon.fr.out
>> drwxr-xr-x  34096 2022-04-26 14:43:44 tune/
>> drwxr-xr-x  4   36864 2022-04-26 14:43:44 tests/
>>
>> According to /usr/bin/stat, the file birth is
>>
>>  Birth: 2022-04-26 14:43:45.537241731 +0200
>>
>> thus 30 seconds after the script started!
>>
>> Note that the configure.lineno file is created *after*
>> mpfrtests.cventin.lip.ens-lyon.fr.out, and one can see that
>> at 14:43:16, configure.lineno was already created.
>>
>> This is a 12-core Debian/unstable machine with
>>
>> Linux cventin 5.17.0-1-amd64 #1 SMP PREEMPT Debian 5.17.3-1 (2022-04-18)
>> x86_64 GNU/Linux
>>
>> --
>> Vincent Lefèvre  - Web: <https://www.vinc17.net/>
>> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
>> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
>>
>>

Re: file born 30 seconds after its creation on ext4 - bug?

[Nicholas Geovanis]

On Tue, Apr 26, 2022 at 8:45 AM Vincent Lefevre  wrote:

> On an ext4 filesystem, I got a file born 30 seconds after its
> actual creation. Is this a bug?
>

Only experimentation can really back me up on this, but consider the
following:

Every time you use the "|" operator or the ";" separator on a command-line,
new processes are being spawned. Which wait to be dispatched on a core.
But you are not serializing the dispatch of those processes, and especially
with
16 fast cores, you can't predict their order of execution.


> I know that such issues can be observed with NFS, but here this
> is just a local ext4 filesystem.
>
> Here are the details.
>
> I started a shell script:
>
> cventin:~> ps -p 667828 -o lstart,cmd
>  STARTED CMD
> Tue Apr 26 14:43:15 2022 /bin/sh /home/vlefevre/wd/mpfr/tests/mpfrtests.sh
>
> This script creates a file mpfrtests.cventin.lip.ens-lyon.fr.out
> very early. But the first attempts to look at this file failed:
>
> cventin:~/software/mpfr> tail -n 30 mpfrtests.*.out; ll mpfrtests.*.out
> zsh: no match
> zsh: no match
> cventin:~/software/mpfr[1]> tail -n 30 mpfrtests.*.out; ll mpfrtests.*.out
> zsh: no match
> zsh: no match
> cventin:~/software/mpfr[1]> lt|head
>  <14:43:42
> total 7016
> -rw-r--r--  1  188644 2022-04-26 14:43:42 config.log
> -rw-r--r--  12861 2022-04-26 14:43:42 conftest.c
> -rw-r--r--  1   0 2022-04-26 14:43:42 conftest.err
> -rw-r--r--  11907 2022-04-26 14:43:42 confdefs.h
> -rwxr-xr-x  1  632161 2022-04-26 14:43:16 configure.lineno*
> drwxr-xr-x  24096 2022-04-26 14:43:11 doc/
> drwxr-xr-x  34096 2022-04-26 14:43:11 tune/
> -rwxr-xr-x  1   23568 2022-04-26 14:43:11 depcomp*
> drwxr-xr-x  5   36864 2022-04-26 14:43:11 tests/
> cventin:~/software/mpfr> lt|head
> <14:43:47
> total 6416
> -rw-r--r--  1   19436 2022-04-26 14:43:47 config.log
> -rw-r--r--  1 561 2022-04-26 14:43:47 conftest.c
> -rw-r--r--  1   0 2022-04-26 14:43:47 conftest.err
> -rw-r--r--  14138 2022-04-26 14:43:47 mpfrtests.cfgout
> -rw-r--r--  1 500 2022-04-26 14:43:47 confdefs.h
> -rwxr-xr-x  1  632161 2022-04-26 14:43:45 configure.lineno*
> -rw-r--r--  1 878 2022-04-26 14:43:45
> mpfrtests.cventin.lip.ens-lyon.fr.out
> drwxr-xr-x  34096 2022-04-26 14:43:44 tune/
> drwxr-xr-x  4   36864 2022-04-26 14:43:44 tests/
>
> According to /usr/bin/stat, the file birth is
>
>  Birth: 2022-04-26 14:43:45.537241731 +0200
>
> thus 30 seconds after the script started!
>
> Note that the configure.lineno file is created *after*
> mpfrtests.cventin.lip.ens-lyon.fr.out, and one can see that
> at 14:43:16, configure.lineno was already created.
>
> This is a 12-core Debian/unstable machine with
>
> Linux cventin 5.17.0-1-amd64 #1 SMP PREEMPT Debian 5.17.3-1 (2022-04-18)
> x86_64 GNU/Linux
>
> --
> Vincent Lefèvre  - Web: 
> 100% accessible validated (X)HTML - Blog: 
> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
>
>

Re: Wifi randomly stops after upgrade

[Nicholas Geovanis]

On Mon, Apr 25, 2022 at 10:14 AM Nicholas Geovanis 
wrote:

> On Sun, Apr 24, 2022 at 10:33 AM Marcelo Laia 
> wrote:
>
>> After upgrade, I got wifi randomly stops and I need to turn off and on
>> it in order to get it back on.
>> It's very annoying!
>> Please, have you any ideia how I start to inspect this problem?
>>
>
> Nobody smarter has replied so I'll try :-)
> Searching for info on recent related problem reports there are several
> possible causes. But since you've
> just upgraded:
> First, could this be a result of MAC randomisation being active now?
> Second, is it normal to have both the NetworkManager.service and
> networking.service active at the same time?
>

The answer to my second question: That's normal on 11.3 at least in the
presence of both
cabled and wifi internet.


>  logs -
>> after wifi stopped
>>
>> # journalctl -f
>> abr 24 12:01:03 marcelo dbus-daemon[712]: [system] Successfully activated
>> service 'org.freedesktop.nm_dispatcher'
>> abr 24 12:01:03 marcelo systemd[1]: Started Network Manager Script
>> Dispatcher Service.
>> abr 24 12:01:04 marcelo NetworkManager[780]:   [1650812464.3696]
>> dhcp4 (wlp2s0): state changed new lease, address=192.168.1.175
>> abr 24 12:01:04 marcelo soffice.bin[9591]: g_object_weak_unref: couldn't
>> find weak ref 0x7fa6e7a07d10(0x7fa6c8009360)
>> abr 24 12:01:14 marcelo systemd[1]: NetworkManager-dispatcher.service:
>> Deactivated successfully.
>> abr 24 12:01:15 marcelo wpa_supplicant[781]: wlp2s0:
>> CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-37 noise=-93 txrate=72200
>> abr 24 12:03:01 marcelo wpa_supplicant[781]: wlp2s0:
>> CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-32 noise=-93 txrate=72200
>> abr 24 12:03:07 marcelo wpa_supplicant[781]: wlp2s0:
>> CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-21 noise=-95 txrate=72200
>> abr 24 12:03:09 marcelo wpa_supplicant[781]: wlp2s0:
>> CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-21 noise=-95 txrate=72200
>> abr 24 12:03:23 marcelo wpa_supplicant[781]: wlp2s0:
>> CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-13 noise=-95 txrate=72200
>>
>> after turn off and turn on wifi (I turn off and turn on in
>> Networking-manager dropdown menu)
>>
>> # journalctl -f
>> abr 24 12:07:48 marcelo PackageKit[1377]: uid 1000 obtained auth for
>> org.freedesktop.packagekit.system-sources-refresh
>> abr 24 12:07:48 marcelo PackageKit[1377]: uid 1000 obtained auth for
>> org.freedesktop.packagekit.system-sources-refresh
>> abr 24 12:07:49 marcelo goa-daemon[3378]: secret_password_lookup_sync()
>> returned NULL
>> abr 24 12:07:49 marcelo PackageKit[1377]: uid 1000 is trying to obtain
>> org.freedesktop.packagekit.system-sources-refresh auth (only_trusted:0)
>> abr 24 12:07:49 marcelo PackageKit[1377]: uid 1000 is trying to obtain
>> org.freedesktop.packagekit.system-sources-refresh auth (only_trusted:0)
>> abr 24 12:07:49 marcelo PackageKit[1377]: uid 1000 obtained auth for
>> org.freedesktop.packagekit.system-sources-refresh
>> abr 24 12:07:49 marcelo PackageKit[1377]: uid 1000 obtained auth for
>> org.freedesktop.packagekit.system-sources-refresh
>> abr 24 12:07:50 marcelo PackageKit[1377]: get-details transaction
>> /17151_bebcddce from uid 1000 finished with success after 5070ms
>> abr 24 12:07:50 marcelo goa-daemon[3378]: secret_password_lookup_sync()
>> returned NULL
>> abr 24 12:07:56 marcelo systemd[1]: NetworkManager-dispatcher.service:
>> Deactivated successfully.
>> abr 24 12:08:26 marcelo PackageKit[1377]: refresh-cache transaction
>> /17148_acddadad from uid 1000 finished with success after 36393ms
>> abr 24 12:08:26 marcelo gnome-software[3560]: failed to refresh the
>> cache: Failed to download ‘https://odrs.gnome.org/1.0/reviews/api/ratings’:
>> Cannot resolve hostname: Erro ao resolver “odrs.gnome.org”: Nome ou
>> serviço desconhecido
>> abr 24 12:08:30 marcelo PackageKit[1377]: refresh-cache transaction
>> /17149_aeddeabb from uid 1000 finished with cancelled-priority after 3887ms
>> abr 24 12:08:30 marcelo packagekitd[1377]: Falhou o download de alguns
>> ficheiros de índice. Foram ignorados ou os antigos foram usados em seu
>> lugar.
>> abr 24 12:08:30 marcelo gnome-software[3560]: failed to refresh the
>> cache: Failed to download ‘https://odrs.gnome.org/1.0/reviews/api/ratings’:
>> Cannot resolve hostname: Erro ao resolver “odrs.gnome.org”: Nome ou
>> serviço desconhecido
>> abr 24 12:08:34 marcelo PackageKit[1377]: get-updates transaction
>> /17167_edccedea from uid 1000 finished with success after 3655ms
>> abr 2

Re: Wifi randomly stops after upgrade

[Nicholas Geovanis]

On Sun, Apr 24, 2022 at 10:33 AM Marcelo Laia  wrote:

> After upgrade, I got wifi randomly stops and I need to turn off and on
> it in order to get it back on.
> It's very annoying!
> Please, have you any ideia how I start to inspect this problem?
>

Nobody smarter has replied so I'll try :-)
Searching for info on recent related problem reports there are several
possible causes. But since you've
just upgraded:
First, could this be a result of MAC randomisation being active now?
Second, is it normal to have both the NetworkManager.service and
networking.service active at the same time?

 logs -
> after wifi stopped
>
> # journalctl -f
> abr 24 12:01:03 marcelo dbus-daemon[712]: [system] Successfully activated
> service 'org.freedesktop.nm_dispatcher'
> abr 24 12:01:03 marcelo systemd[1]: Started Network Manager Script
> Dispatcher Service.
> abr 24 12:01:04 marcelo NetworkManager[780]:   [1650812464.3696]
> dhcp4 (wlp2s0): state changed new lease, address=192.168.1.175
> abr 24 12:01:04 marcelo soffice.bin[9591]: g_object_weak_unref: couldn't
> find weak ref 0x7fa6e7a07d10(0x7fa6c8009360)
> abr 24 12:01:14 marcelo systemd[1]: NetworkManager-dispatcher.service:
> Deactivated successfully.
> abr 24 12:01:15 marcelo wpa_supplicant[781]: wlp2s0:
> CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-37 noise=-93 txrate=72200
> abr 24 12:03:01 marcelo wpa_supplicant[781]: wlp2s0:
> CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-32 noise=-93 txrate=72200
> abr 24 12:03:07 marcelo wpa_supplicant[781]: wlp2s0:
> CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-21 noise=-95 txrate=72200
> abr 24 12:03:09 marcelo wpa_supplicant[781]: wlp2s0:
> CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-21 noise=-95 txrate=72200
> abr 24 12:03:23 marcelo wpa_supplicant[781]: wlp2s0:
> CTRL-EVENT-SIGNAL-CHANGE above=1 signal=-13 noise=-95 txrate=72200
>
> after turn off and turn on wifi (I turn off and turn on in
> Networking-manager dropdown menu)
>
> # journalctl -f
> abr 24 12:07:48 marcelo PackageKit[1377]: uid 1000 obtained auth for
> org.freedesktop.packagekit.system-sources-refresh
> abr 24 12:07:48 marcelo PackageKit[1377]: uid 1000 obtained auth for
> org.freedesktop.packagekit.system-sources-refresh
> abr 24 12:07:49 marcelo goa-daemon[3378]: secret_password_lookup_sync()
> returned NULL
> abr 24 12:07:49 marcelo PackageKit[1377]: uid 1000 is trying to obtain
> org.freedesktop.packagekit.system-sources-refresh auth (only_trusted:0)
> abr 24 12:07:49 marcelo PackageKit[1377]: uid 1000 is trying to obtain
> org.freedesktop.packagekit.system-sources-refresh auth (only_trusted:0)
> abr 24 12:07:49 marcelo PackageKit[1377]: uid 1000 obtained auth for
> org.freedesktop.packagekit.system-sources-refresh
> abr 24 12:07:49 marcelo PackageKit[1377]: uid 1000 obtained auth for
> org.freedesktop.packagekit.system-sources-refresh
> abr 24 12:07:50 marcelo PackageKit[1377]: get-details transaction
> /17151_bebcddce from uid 1000 finished with success after 5070ms
> abr 24 12:07:50 marcelo goa-daemon[3378]: secret_password_lookup_sync()
> returned NULL
> abr 24 12:07:56 marcelo systemd[1]: NetworkManager-dispatcher.service:
> Deactivated successfully.
> abr 24 12:08:26 marcelo PackageKit[1377]: refresh-cache transaction
> /17148_acddadad from uid 1000 finished with success after 36393ms
> abr 24 12:08:26 marcelo gnome-software[3560]: failed to refresh the cache:
> Failed to download ‘https://odrs.gnome.org/1.0/reviews/api/ratings’:
> Cannot resolve hostname: Erro ao resolver “odrs.gnome.org”: Nome ou
> serviço desconhecido
> abr 24 12:08:30 marcelo PackageKit[1377]: refresh-cache transaction
> /17149_aeddeabb from uid 1000 finished with cancelled-priority after 3887ms
> abr 24 12:08:30 marcelo packagekitd[1377]: Falhou o download de alguns
> ficheiros de índice. Foram ignorados ou os antigos foram usados em seu
> lugar.
> abr 24 12:08:30 marcelo gnome-software[3560]: failed to refresh the cache:
> Failed to download ‘https://odrs.gnome.org/1.0/reviews/api/ratings’:
> Cannot resolve hostname: Erro ao resolver “odrs.gnome.org”: Nome ou
> serviço desconhecido
> abr 24 12:08:34 marcelo PackageKit[1377]: get-updates transaction
> /17167_edccedea from uid 1000 finished with success after 3655ms
> abr 24 12:08:36 marcelo PackageKit[1377]: refresh-cache transaction
> /17152_ccdebacd from uid 1000 finished with cancelled-priority after 2014ms
> abr 24 12:08:36 marcelo packagekitd[1377]: Falhou o download de alguns
> ficheiros de índice. Foram ignorados ou os antigos foram usados em seu
> lugar.
> abr 24 12:08:36 marcelo gnome-software[3560]: failed to refresh the cache:
> failed to download file: Could not resolve host: cdn.fwupd.org
> abr 24 12:08:39 marcelo PackageKit[1377]: get-details transaction
> /17168_addbccbb from uid 1000 finished with success after 2892ms
> abr 24 12:08:39 marcelo PackageKit[1377]: refresh-cache transaction
> /17153_ccdbcddb from uid 1000 finished with cancelled-priority after 899ms
> abr 24 12:08:39 marcelo packagekitd[1377]: Falhou o down

Re: Out of memory killer misconfigured?

[Nicholas Geovanis]

On Tue, Apr 19, 2022, 11:08 AM  wrote:

> On Tue, Apr 19, 2022 at 04:44:36PM +0100, Tim Woodall wrote:
> > On Mon, 18 Apr 2022, piorunz wrote:
> >
> > >
> > > I look from desktop perspective. OS (Linux) runs my desktop and manage
> > > all programs [...]
>
> > Because not every machine that has the linux kernel installed runs a
> > desktop [...]
>
> As I already said: I think the OOM killer is the wrong tool for this
> job. Once that fires, all bets are up. Its job is to give the sys
> admin/system a chance to shut down cleanly, not much more.
>

I had not heard this before but...

cgroup awareness of OOM killer
Linux Kernel 4.19 (October 2018) introduced cgroup awareness of OOM killer
implementation which adds an ability to kill a cgroup as a single unit and
so guarantee the integrity of the workload.

That's from
https://en.m.wikipedia.org/wiki/Cgroups

Of course you still need to identify and configure your cgroups
effectively. It seems overdue to make the two tools cooperate but as others
pointed out, they have different origins. And it's another one of those
things handled differently in the data center from the desktop.

Some resource manager (ulimits, control groups [1], what have you)
> seems more appropriate. It's up to the desktop environment folks
> or to the sysadmin to set them up properly, of course.
>
> As for why the OOM killer is not triggering the was piorunz expects,
> no idea. The scores and the knobs to regulate them are well-known...
>
> @piorunz: you could start the browser with a worse score so it
> gets killed earlier if that suits better your use case.
>
> Cheers
> --
> t
>

Re: What happened?

[Nicholas Geovanis]

n Sat, Apr 16, 2022, 6:17 PM Dennis Wicks  wrote:

> When I first installed Debian 10, I installed Win 10 in a
> virtual machine using KVM/QEMU and everything just worked. I
> could copy/paste between host and vm and access host disks
> in the vm. And zfs file systems worked.
>
> The main problem was that dpkg would kill the system trying
> to setup
> linux-image-4.19.0-18-amd64.
>
> I decided to bite the bullet and upgrade to Debian 10.11.
> That process managed  to install linux-image-4.19.0-19-amd64
> and everything was fine. Then somewhere in the process of
> installing additional software apt? killed the system trying
> to setup linux-image-4.19.0-20-amd64. (I found out that I
> could do dpkg --configure for each package individually and
> skip the linux image and headers.)
>
> And, now I can't copy/paste between host and vm, can't
> access host disks from the vm, and the zfs file system
> doesn't work! And then because dpkg killed the system so
> many times the archive file is locked somehow and the
> various apt(x) programs and dpkg won't run, so I can't
> install any tools or different software to try and fix the
> problems!!
>
> ARGHHH!
>
> If anybody has any hints or tips or pointers toward any
> possible solutions I would appreciate hearing them!
>
> TIA,
> Dennis
>
> PS; dpkg says;
>
> > E: dpkg was interrupted, you must manually run 'sudo dpkg --configure
> -a' to correct the problem.
> > W: Could not lock the cache file; this usually means that dpkg or
> another apt tool is already installing packages.  Opening in read-only
> mode; any changes you make to the states of packages will NOT be preserved!
>

First: See if there are apt processes from previous attempts that are still
running. Maybe uselessly spinning thru CPU cycles, maybe pegging a CPU.
Kill those processes, you'll need to use the "-9" or KILL signal.

For your issue that brought you there: it sounds like maybe a filesystem
filled during the installation? Guessing.

Re: extract values from a string

[Nicholas Geovanis]

On Sat, Apr 16, 2022, 11:12 AM  wrote:

> On Sat, Apr 16, 2022 at 11:01:17AM -0500, Nicholas Geovanis wrote:
> > On Fri, Apr 15, 2022, 9:37 PM wilson  wrote:
> >
> > > Hello
> > >
> > > in shell script, how can I use regex to extract values from a string?
> > > maybe value types transformation should be required.
> > >
> > >
> > > for instance the string: "black berry 12".
> > > I want go get the name: black berry [String]
> > > the price: 12 [Int]
> > >
> >
> > So you have programming language skills. Look at the info-command-based
> doc
> > for bash. Read the sections about shell pattern-matching operators.
> Realize
> > that there are more than one type of that. For example the crippled
> > filename pattern matching on many commands, not really regular
> expressions.
>
> FWIW, bash has an =~ operator for regex matching whithin [[ ]]. There are
> even special variables to pick up the capturing matches.
> Not portable, but arrays (which have been warmly recommended around here)
> aren't, either.
>

I didn't want to spoil the party and say this. But now my hand is forced :-)
You Mr Original Poster may find perl to be more congenial for regular
expression use especially. You should find it on every single platform you
find bash. Regardless of OS.

Cheers
> --
> t
>

Re: extract values from a string

[Nicholas Geovanis]

On Fri, Apr 15, 2022, 9:37 PM wilson  wrote:

> Hello
>
> in shell script, how can I use regex to extract values from a string?
> maybe value types transformation should be required.
>
>
> for instance the string: "black berry 12".
> I want go get the name: black berry [String]
> the price: 12 [Int]
>

So you have programming language skills. Look at the info-command-based doc
for bash. Read the sections about shell pattern-matching operators. Realize
that there are more than one type of that. For example the crippled
filename pattern matching on many commands, not really regular expressions.

Everything you want to do can be done. The syntax is clunkier than other
mechanisms.

I did this in other language such as java/scala:
>
> scala> val regex = """(.+)\s+(\d+)""".r
> val regex: scala.util.matching.Regex = (.+)\s+(\d+)
>
> scala> str match {
>   |   case regex(name,price) => (name,price.toInt)
>   | }
> val res2: (String, Int) = (black berry,12)
>
>
> But sometimes for a simple task I won't want to write a java program.
> so what's the shell solution?
>
> Thanks
>
>

Re: What do folks use to mirror repositories

[Nicholas Geovanis]

On Fri, Apr 15, 2022 at 6:10 AM Sam  wrote:

> That's pretty much it. I want to mirror all my updates to a single server
> on
> my LAN and have everything on my LAN apt update from it. This seems more
> efficient than having everyone download their own copies.
>
> Google told me to use apt-mirror.



As Andrew mentions in his reply, rsync is a good choice for this. Or
something based on it. It's smarter about what doesn't need to be copied so
uses less aggregate bandwidth. Lots of use-cases around the data center :-)

Re: Apparmor problem.

[Nicholas Geovanis]

On Sat, Apr 9, 2022 at 5:46 AM George  wrote:

> Hi!
> Im trying to make a profile for firefox-esr.
>
> I used aa-genprof to create it and then aa-logprof to update it.
> I also use apparmor-notify to get error messages.
>
> The problem is that I get constant apparmor messages like the
> following:
>
> Apparmor Message
> Profile /usr/lib/firefox-esr/firefox-esr
> Operation: file_lock
> Name: /home/gpred/.mozilla/firefox/8i0h8b60.default-esr/-
> webappsstore.sqlite
> Denied: wk
> Logfile: /var/log/kern.log
>
> I run aa-logprof but it doesnt seem to detect the denied command. It
> doesnt show me the option to allow it,deny it, etc. I also tried to
> clear the kern.log and syslog files but after a while I have the same
> problem.
>
> Any ideas?
>

My reading is that firefox access to the file labelled as "Name:" is
failing.
It's failing because firefox wants to obtain a lock on that file but can't.

In other words:
 Name: /home/gpred/.mozilla/firefox/8i0h8b60.default-esr/-
webappsstore.sqlite

It's trying to create a lock for the file with that name, and lock creation
failed.
Could be because firefox lacks permissions to that file. Or because your
login id
lacks permissions to it. Or because another process holds a lock on it
already.

My firefox profile
>
>
> # Last Modified: Sat Apr  9 12:18:47 2022
> #include 
>
> /usr/lib/firefox-esr/firefox-esr flags=(complain) {
>   #include 
>   #include 
>   #include 
>   #include 
>   #include 
>   #include 
>   #include 
>   #include 
>   #include 
>   #include 
>   #include 
>   #include 
>
>   deny /home/*/AppData/** rw,
>
>   capability sys_admin,
>
>   signal send set=kill peer=/usr/lib/firefox-esr/firefox-esr//null-
> /usr/lib/firefox-esr/firefox-esr,
>   signal send set=term peer=/usr/lib/firefox-esr/firefox-esr//null-
> /usr/lib/firefox-esr/firefox-esr,
>   signal send set=term peer=/usr/lib/firefox-esr/firefox-esr//null-
> /usr/lib/firefox-esr/plugin-container,
>
>   /etc/firefox-esr/firefox-esr.js r,
>   /etc/mailcap r,
>   /etc/mime.types r,
>   /proc/devices r,
>   /proc/driver/nvidia/params r,
>   /proc/filesystems r,
>   /proc/modules r,
>   /sys/devices/pci:00/:00:00.0/class r,
>   /sys/devices/pci:00/:00:00.0/device r,
>   /sys/devices/pci:00/:00:00.0/vendor r,
>   /sys/devices/pci:00/:00:01.0/:02:00.0/class r,
>   /sys/devices/pci:00/:00:01.0/:02:00.0/device r,
>   /sys/devices/pci:00/:00:01.0/:02:00.0/subsystem_device r,
>   /sys/devices/pci:00/:00:01.0/:02:00.0/subsystem_vendor r,
>   /sys/devices/pci:00/:00:01.0/:02:00.0/vendor r,
>   /sys/devices/pci:00/:00:01.0/:02:00.1/class r,
>   /sys/devices/pci:00/:00:01.0/:02:00.1/device r,
>   /sys/devices/pci:00/:00:01.0/:02:00.1/vendor r,
>   /sys/devices/pci:00/:00:01.0/class r,
>   /sys/devices/pci:00/:00:01.0/device r,
>   /sys/devices/pci:00/:00:01.0/vendor r,
>   /sys/devices/pci:00/:00:02.0/class r,
>   /sys/devices/pci:00/:00:02.0/device r,
>   /sys/devices/pci:00/:00:02.0/vendor r,
>   /sys/devices/pci:00/:00:04.0/class r,
>   /sys/devices/pci:00/:00:04.0/device r,
>   /sys/devices/pci:00/:00:04.0/vendor r,
>   /sys/devices/pci:00/:00:08.0/class r,
>   /sys/devices/pci:00/:00:08.0/device r,
>   /sys/devices/pci:00/:00:08.0/vendor r,
>   /sys/devices/pci:00/:00:12.0/class r,
>   /sys/devices/pci:00/:00:12.0/device r,
>   /sys/devices/pci:00/:00:12.0/vendor r,
>   /sys/devices/pci:00/:00:14.0/class r,
>   /sys/devices/pci:00/:00:14.0/device r,
>   /sys/devices/pci:00/:00:14.0/vendor r,
>   /sys/devices/pci:00/:00:14.2/class r,
>   /sys/devices/pci:00/:00:14.2/device r,
>   /sys/devices/pci:00/:00:14.2/vendor r,
>   /sys/devices/pci:00/:00:15.0/class r,
>   /sys/devices/pci:00/:00:15.0/device r,
>   /sys/devices/pci:00/:00:15.0/vendor r,
>   /sys/devices/pci:00/:00:16.0/class r,
>   /sys/devices/pci:00/:00:16.0/device r,
>   /sys/devices/pci:00/:00:16.0/vendor r,
>   /sys/devices/pci:00/:00:17.0/class r,
>   /sys/devices/pci:00/:00:17.0/device r,
>   /sys/devices/pci:00/:00:17.0/vendor r,
>   /sys/devices/pci:00/:00:1b.0/:03:00.0/class r,
>   /sys/devices/pci:00/:00:1b.0/:03:00.0/device r,
>   /sys/devices/pci:00/:00:1b.0/:03:00.0/vendor r,
>   /sys/devices/pci:00/:00:1b.0/class r,
>   /sys/devices/pci:00/:00:1b.0/device r,
>   /sys/devices/pci:00/:00:1b.0/vendor r,
>   /sys/devices/pci:00/:00:1c.0/:04:00.0/class r,
>   /sys/devices/pci:00/:00:1c.0/:04:00.0/device r,
>   /sys/devices/pci:00/:00:1c.0/:04:00.0/vendor r,
>   /sys/devices/pci:00/:00:1c.0/class r,
>   /sys/devices/pci:00/:00:1c.0/device r,
>   /sys/devices/pci:00/:0

Re: random usernames in attempts to break in to my machine?

[Nicholas Geovanis]

On Mon, Apr 4, 2022 at 12:27 PM Joe Pfeiffer  wrote:

> Nicholas Geovanis  writes:
>
> > On Mon, Apr 4, 2022 at 9:06 AM Joe Pfeiffer 
> wrote:
> >
> >  This isn't really debian-specific, but I don't know a better place to
> >  ask...  recently, I've been having servers make a large number of
> >  attempts to access my mail host using what appear to be random strings
> >  as usernames -- it looks like this:
> >
> >  Apr  4 03:04:30 snowball saslauthd[1179]: pam_unix(:auth): check pass;
> user unknown
> >  Apr  4 03:04:30 snowball saslauthd[1179]: pam_unix(:auth):
> authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
> >  Apr  4 03:04:33 snowball saslauthd[1179]: : auth
> failure: [user=1b391vovbh@pfeifferfamily.net] [service=] [realm=]
> [mech=pam] [reason=PAM auth error]
> >
> >  They all have the same form: .f...@pfeifferfamily.net
> >
> >  I'm trying to understand the point; it's not like there's any chance any
> >  of those usernames will be valid.  This isn't they usual attempts using
> >  usernames like root, admin, test1, scan...  those I understand.
> >  So, anybody have any ideas what's up here?
> >
> > That's "normal". Just looking for a response that doesn't return "user
> unknown", then they've got a valid
> > username they can attempt password attacks on.
>
> That's the thing, and why it doesn't look like a dictionary attack.  It
> isn't reasonable words or combinations of reasonable words.  Using all
> the strings including things like "1b391vovbh" would be looking at many,
> many usernames than necessary, and ending all of them with ".fsf" pretty
> much guarantees they'll never get a hit.  The idea that these are
> message IDs that got mistaken for usernames when something got scraped
> looks more likely, but they don't really look like message IDs either
> (the message IDs I see are much longer, and include the FQDN of the
> source host).
>

It's software written by folks who sometimes know what they're doing.
There are only so many Kevin Mitnick's and Phyber Optik's in the world at
time
:-)


> > So here's the thing: What parts of the internet are you expecting logins
> from, to your mail server?
> > If the answer is none, then you should be using kernel packet filtering
> to prevent those incoming
> > messages from reaching your mail server's software.
>
> I could reasonably see an email come in from anywhere.
>

That depends on who you pay for email (SMTP) service.
I see you're at a .edu, it's probably a different use-case. It's more "I'll
accept an
incoming connection from some where". At home and in the corporate world
that's different.
You will have specific upstream mail providers and separate mail front-end
(say POP) servers.


> I've now put fail2ban on the case...  I'm still curious what's
> happening.
>

In my experience, universities tend to block all ports by default on the
subnets used by IT and administration.
On other subnets it's not necessarily blocked at the network boundary so
you'll see it.

Re: random usernames in attempts to break in to my machine?

[Nicholas Geovanis]

On Mon, Apr 4, 2022 at 9:06 AM Joe Pfeiffer  wrote:

> This isn't really debian-specific, but I don't know a better place to
> ask...  recently, I've been having servers make a large number of
> attempts to access my mail host using what appear to be random strings
> as usernames -- it looks like this:
>
> Apr  4 03:04:30 snowball saslauthd[1179]: pam_unix(:auth): check pass;
> user unknown
> Apr  4 03:04:30 snowball saslauthd[1179]: pam_unix(:auth): authentication
> failure; logname= uid=0 euid=0 tty= ruser= rhost=
> Apr  4 03:04:33 snowball saslauthd[1179]: : auth failure:
> [user=1b391vovbh@pfeifferfamily.net] [service=] [realm=] [mech=pam]
> [reason=PAM auth error]
>
> They all have the same form: .f...@pfeifferfamily.net
>
> I'm trying to understand the point; it's not like there's any chance any
> of those usernames will be valid.  This isn't they usual attempts using
> usernames like root, admin, test1, scan...  those I understand.
> So, anybody have any ideas what's up here?
>

That's "normal". Just looking for a response that doesn't return "user
unknown", then they've got a valid
username they can attempt password attacks on.

So here's the thing: What parts of the internet are you expecting logins
from, to your mail server?
If the answer is none, then you should be using kernel packet filtering to
prevent those incoming
messages from reaching your mail server's software.

Re: Can't create a password successfully.

[Nicholas Geovanis]

On Sun, Apr 3, 2022, 3:00 PM Brian  wrote:

> On Sun 03 Apr 2022 at 19:45:47 +, Andrew M.A. Cater wrote:
>
> > On Sun, Apr 03, 2022 at 08:25:46PM +0100, Brian wrote:
> > > On Sun 03 Apr 2022 at 20:10:14 +0100, Brad Rogers wrote:
> > >
> > > > On Sun, 3 Apr 2022 21:31:34 +0300
> > > > PanosGR  wrote:
> > > >
> > > > Hello PanosGR,
> > > >
> > > > >I have tried everything and still doesn't get to work.
> > > >
> > > > Very often passwords are required to contain a mix of upper and lower
> > > > case letters and one or more numerals.  Some sites require 'special'
> > > > characters (%#~$, etc) to be used, some limit their use.
> > >
> > > Indeed, all of this happens, usually without any explanation
> whatsoever.
> > > For whose benefit are such requirements constructured?
> > >
> > > --
> > > Brian.
> > >
> >
> > Some of this is to make passwords harder to guess / harder to
> brute-force.
> > Some of this is to satisfy regulatory requirements - so credit card
> > transactions have particular restrictions / two factor authentication
> > or similar.
>
> My quety related to *whose benefit* these rules are imposed? Your
> answer implies it is for the benefit of the website. I am not aware
> of any regulatory requirements placed on the user in the UK for
> devising passwords.
>

I've worked on linux-based software which is covered by overseas medical
device law as well as US HIPAA, PCI and medical IT-device standards. All
have password-strength requirements which compliant businesses and software
must meet. Including web-facing components. YMMV.

> One of the bits of advice is to use long passwords made up of three
> > random words and to use a different password per website / to use
> > your web browser to generate an appropriate random password.
> > Forcing passwords to change regularly may not be a good way to
> > maintain security - it can mean that people use password01, password02
> > and things like that.
>
> Changing passwords at frequent intervals? Total nonsensense as far as
> advice goes.
>

See above, it applies here too.

-- 
> Brian.
>
>

Re: Predictable Network Interface Names

[Nicholas Geovanis]

On Wed, Mar 30, 2022, 5:32 PM Michael Stone  wrote:

> On Wed, Mar 30, 2022 at 06:19:17PM -0400, Greg Wooledge wrote:
> >It's like you haven't even read this thread.
>
> of course I have
>
> >Predictable interface names *do* sometimes change.  And when that happens,
> >it's a huge deal, because all of the configuration files are set up for
> >the old name.  Things break, in an extremely visible way.
>
> And they also broke before the predictable name scheme! And they can
> break if you lock names to MAC addresses! There are always ways things
> can break. If they break in an extremely visible way that's actually a
> good thing--the impact of simple interface reordering can be much more
> severe. And when they do break, the fix is generally pretty
> straightforward (that is, not such a big deal as to justify the bytes
> wasted complaining about it).
>
> >This is not some theoretical issue.  This is real.
>
> It's also real that for the majority of systems it works fine. Why are
> you so invested in denying that reality?
>

Because some of us work in corporate data centers. And everything you claim
that helps us here really does the opposite. Because it was introduced in
large part to support mobile computing. Which does not and will never be
valuable on the back-end, the server end, where commerce occurs.

It's what we call a different "use-case".

>

Re: Predictable Network Interface Names

[Nicholas Geovanis]

On Wed, Mar 30, 2022, 2:15 PM Brian  wrote:

> On Wed 30 Mar 2022 at 14:39:33 -0400, Greg Wooledge wrote:
>
> > On Wed, Mar 30, 2022 at 07:18:07PM +0100, Brian wrote:
> > > On Wed 30 Mar 2022 at 13:32:53 -0400, Greg Wooledge wrote:
> > > > Yes.  You've now seen direct evidence of the lie.  I guess I won't
> need
> > > > to post links to the wiki articles that say the same thing you've
> already
> > > > observed.
> > >
> > > I would be interested in a couple of links to the same observations
> > > as given by the OP.
> >
> > <
> https://wiki.debian.org/NetworkInterfaceNames#Complications_and_corner_cases
> >
> > tries very hard to avoid mentioning the issue directly, but ultimately
> > has this paragraph down near the bottom of the section:
> >
> >   it turns out even after all this there are still reported cases of
> >   interfaces changing their name on a reboot. All that needs to happen
> >   is that some buggy BIOS (or some new, less buggy version of a driver
> >   module, or systemd's naming policy) changes its mind about some detail
> >   like whether or not your hardware counts as the kind that should have
> >   an ONBOARD name. There are even reports of devices changing their
> >   PCI-port numbering due to other hardware being installed.
> >
> > This links to
> >  which
> > goes into some detail.
>
> Thanks. Very informative. As the second link says:
>
>   The resulting reality is that your PCI based names are only
>   stable if you change no hardware in the system. The moment
>   you change any hardware all bets are off for all hardware.
>
> This, plus your advice, could point the OP to a way forward.
>
> How hardare specific the claim is is not explored.
>
> > I'm sure there are many more pages like this one.
> >
> > > Recently, we have had a mail or two about iwd. It uses the kernel
> > > interface wlan0, which broke my /e/n/i. In the end I went with the
> > > flow on the basis that wlan0 is stable enough and changed /e/n/i
> > > rather than fighting iwd.
> >
> > Wireless interfaces are not my strong suit.  I don't have any advice
> > for those.
>
> I only mentioned what I did bcause, om the whole, I am prepared to
> accept interface renaming. The vast majority of users will not notice
> that it has taken place.
>

Does anyone here know how the BSD-derived "free" unices handle this
situation?
And how about free-ish Oracle/Solaris?
And AIX running on Intel hard/firmware?

-- 
> Brian.
>
>

Re: Out of memory killer misconfigured?

[Nicholas Geovanis]

On Tue, Mar 29, 2022 at 1:59 PM piorunz  wrote:

> On 29/03/2022 10:56, Sven Hoexter wrote:
> > E.g. we now have PSI as an information source
> > https://lwn.net/Articles/759781/
> > which can be used with the Facebook oomd or systemd-oomd to
> > have userland control over which process to kill.
>
> Thanks, I've read this article. Unfortunately, this is just information
> tool which can be used by engineers and developers so design their own
> oomd. I am not a developer.
>
> Is there any config file I can edit so just simply ask oomd to kill most
> memory hugging process instead of entire system?
>

Yes. Looks like oomd came from facebook :-)
https://github.com/facebookincubator/oomd/blob/main/docs/configuration.md

That's the kind of tool that gets turned-off in backend servers.

--
> With kindest regards, Piotr.
>
> ⢀⣴⠾⠻⢶⣦⠀
> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
> ⠈⠳⣄
>
>

Re: ERROR: ld.so: object 'libfakeroot-sysv.so' from LD_PRELOAD cannot be preloaded (wrong ELF class: ELFCLASS64): ignored.

[Nicholas Geovanis]

On Sun, Mar 27, 2022, 7:31 AM Reiner Buehl  wrote:

> Hi all!
>
> I am trying to build an amd64 Debian package from sources but the
> command dpkg-buildpackage -us -uc fails with a number of the following
> error messages:
>
> ERROR: ld.so: object 'libfakeroot-sysv.so' from LD_PRELOAD cannot be
> preloaded (wrong ELF class: ELFCLASS64): ignored.
>

Is it possible that you are already setting the
LD_LIBRARY_PATH environment variable for your shell? And that its contents
are pointing the loader at the wrong libraries?

Only other thing I can think of: Were there any newer header-file packages
that needed to be installed along with? Again maybe finding an older
include file ahead of the newer confused the loader at runtime. HTH.

I have installed (and re-installed) the devscripts, fakeroot and
> build-essential packages but still get the error. The system was
> crossgraded from i386 to amd64 and still runs a mix of i386 and amd64
> but the build packages seem to be all amd64:
>
> bilbo:~# dpkg -l | grep fake
> ii  fakeroot 1.23-1amd64tool for
> simulating superuser privileges
> ii  libfakeroot:amd64 1.23-1amd64
> tool for simulating superuser privileges - shared libraries
> bilbo:~# dpkg -l | grep devscripts
> ii  devscripts 2.19.5+deb10u1amd64
> scripts to make the life of a Debian Package maintainer easier
> bilbo:~# dpkg -l | grep build-essentila
> bilbo:~# dpkg -l | grep build-essential
> ii  build-essential 12.6  amd64
> Informational list of build-essential packages
>
> Is there anything else that I need to (manually) change?
>
> Reiner
>
>

Re: swap maxed out when plenty of RAM available

[Nicholas Geovanis]

On Fri, Mar 25, 2022 at 12:27 PM Greg Wooledge  wrote:

> On Fri, Mar 25, 2022 at 04:51:51PM +, Adam Weremczuk wrote:
> > [Tue Mar 22 00:24:10 2022] Tasks state (memory values in pages):
> > [Tue Mar 22 00:24:10 2022] [  pid  ]   uid  tgid total_vm  rss
> > pgtables_bytes swapents oom_score_adj name
> > [Tue Mar 22 00:24:10 2022] [   2211] 0  221114228 228
> 159744
> > 127 0 systemd
> > [Tue Mar 22 00:24:10 2022] [   2622] 0  262293208 59485
> > 753664   73 0 systemd-journal
>
> Well, at this point systemd-journald (I assume the name is truncated)
> was using more memory than anything else.
> .

> [Tue Mar 22 00:24:10 2022] Memory cgroup out of memory: Killed process
> 11695
>
> So, next it killed dhcpd.  And it still wasn't done.
>
> > [Tue Mar 22 00:24:10 2022] [  21057] 0 21057 1069 31
> 53248
> > 0 0 apt.systemd.dai
> > [Tue Mar 22 00:24:10 2022] [  21065] 0 2106517753 2552
> > 1802240 0 apt-get
> > [Tue Mar 22 00:24:10 2022] [  21068] 0 21068 9475 110
> > 1105920 0 systemd-journal
> > [Tue Mar 22 00:24:10 2022]
> oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=ns,mems_allowed=0-1,oom_memcg=/lxc/101,task_memcg=/lxc/101/ns,task=apt-get,pid=21065,uid=0
> > [Tue Mar 22 00:24:10 2022] Memory cgroup out of memory: Killed process
> 21065
>
> At this point, it killed apt-get.
>
> Looks like this system doesn't have enough memory to perform its daily
> tasks (including what I'm guessing are unattended upgrades, triggering
> calls to apt-get from a systemd timer).  You'll either need to stop
> letting it run those daily tasks, or add more memory, or add more swap,
> or get rid of some of the other programs that are using memory.
>

If you have re-configured your apt repositories but made a mistake, or lost
contact with them for
other network reasons, you will see those automated apt-get commands
stack-up over time.
They reach a point in execution where they acquire a lock that blocks all
other updates, so just
keep piling up. Each consumes swap. If the CPU workload is the local
bottleneck you may notice
a CPU or two pegged at 100% as the first symptom.


> If you really want the unattended upgrades, adding more swap would be
> the easiest solution, but be warned that this could mean the system
> will run extremely slowly during those unattended upgrades.  That could
> be something you don't care about, or something that matters a lot.  Only
> you would know.
>

If it's a server, servers should not swap and they should not get upgraded
without purpose.

Re: "E: Package 'gs' has no installation candidate" ...

[Nicholas Geovanis]

On Fri, Mar 25, 2022 at 9:26 AM Greg Wooledge  wrote:

> On Fri, Mar 25, 2022 at 02:22:43PM +, Albretch Mueller wrote:
> >  basically I need to extract, merge, ... pages from pdf files and gs
> > was the way to go?
> >  Do you know what is going on?
>
> The program's name is gs, but the package's name is ghostscript.
>

If ghostscript is removed from Debian, then civilization is collapsing :-)
Because then folks will have to start building ghostscript from source like
we used to :-)

Re: swap maxed out when plenty of RAM available

[Nicholas Geovanis]

On Tue, Mar 22, 2022 at 12:21 PM Dan Ritter  wrote:

> Charles Curley wrote:
> > On Tue, 22 Mar 2022 14:55:34 +
> > Adam Weremczuk  wrote:
> >
> > > It has 512 MB of memory and 512 MB of swap assigned and typically
> > > needs 50-100 MB to operate.
> >
> > The rule of thumb to which I am accustomed is to have a swap space
> > double the physical RAM. If necessary, you can create a swap file and
> > add that to your /etc/fstab. That might help with your current problem.
> .
> That said, there is probably something else going on here. Logs
> on a tmpfs, maybe?
>

That's the usual issue. The /tmp filesystem is usually configured to live
in RAM,
at some point an application needed to use lots of it. It may not have
freed it properly
from dying or maybe it's still running, or just misbehaving :-)
If this happens often, consider building a larger /tmp in a real filesystem
on a real drive.


> -dsr-
>
>