Re: "Repeaters", etc.

[Roger Price]

On Tue, 28 May 2024, David Christensen wrote:

On 5/28/24 00:28, Roger Price wrote:
I wired my place Cat5. A lot of work, and I regretted it.  I live in the 
hills behind Nice, an area with a lot of lightning.  The overhead line to 
my place took a hit and thanks to the Cat5 conductivity I lost equipment.


How do you know that the damage your equipment suffered was due to the Cat 5e 
wiring and not due to the electrical power conductors?


Electrical power to my computers comes through 30mA differential circuit 
breakers to Eaton Ellipse 1600 UPS units. I had no such protection for the 
telephone signal, and I saw flashes at the telephone junction box.  So I summise 
that the Cat5 wiring did the damage.


Roger

Re: "Repeaters", etc.

[Roger Price]

On Mon, 27 May 2024, Paul M Foster wrote:


... and has an RJ45 jack in it in each room. So each room would
have one of these, and the devices in it would be hooked to that device via
cat 5e.


I wired my place Cat5. A lot of work, and I regretted it.  I live in the hills 
behind Nice, an area with a lot of lightning.  The overhead line to my place 
took a hit and thanks to the Cat5 conductivity I lost equipment.  Now I have a 
Freebox 4k mini which has feeble WiFi so I run it as a bridge to a TP-link WiFi 
router, and I have a Yagi Wifi antenna for distant access.


The Yagi antenna attached to a TP-link TL-WN722N USB adapter will capture a 
domestic WiFi router at well over 200 meters.


Roger

Re: Inclusive terminology (instead of master/slave) for network bonding/LACP

[Roger Price]

On Fri, 23 Feb 2024, Marco Moock wrote:


The only package I am aware of that changed some terms is sendmail.


With the publication of RFC 9271 "UPS Management Protocol", the nut packages 
(Network UPS Tools) did a vocabulary cleanup at release 2.8.0 which included 
changing Master/Slave to Primary/Secondary.  There have been no reports in the 
mailing list of this causing any problems.


Roger

Re: what keyboard do you use?

[Roger Price]

On Sat, 3 Feb 2024, Russell L. Harris wrote:


On Fri, Feb 02, 2024 at 08:25:09PM -0500, Lee wrote:
>which keyboard do you like and why?



...  Cherry makes/uses a good keyswitch.  Buy Cherry.  RLH


I bought a Cherry MX 3000 USB.  In use permanently in a very dusty environment 
next to a wood stove.  No problems.  Roger

Re: Home UPS recommendations (Was Re: rsync --delete vs rsync --delete-after)

[Roger Price]

On Fri, 26 Jan 2024, David Wright wrote:

On Fri 26 Jan 2024 at 19:03:33 (+0100), Roger Price wrote:

I currently have two Eaton Ellipse ECO 1600's. ... The four screws are deeply 
recessed and difficult to see.  They have different heads: some are Torx 10, 
others are a star.



20/20 hindsight might suggest that you were only intended
to remove the star, if by that you mean Philips/Pozidrive.


What I called "star" is probably a Quadrex.

Roger

Re: Home UPS recommendations (Was Re: rsync --delete vs rsync --delete-after)

[Roger Price]

On Fri, 26 Jan 2024, Andy Smith wrote:


Out of interest what brand of UPS do you recommend for home use that
has easily-replaceable batteries every 3–5 years? For a load of
about 300W.


I currently have two Eaton Ellipse ECO 1600's.  I change the batteries every 4-5 
years, but this is not as easy as it should be.  It is not evident that only one 
of the four back panel screws needs to be removed.  I took me a while to learn 
this.  The four screws are deeply recessed and difficult to see.  They have 
different heads: some are Torx 10, others are a star.  Keep trying different 
screwdrivers until you feel something turning.


The battery compartment is too tight. I took me 4 attempts to get the batteries 
back in, with the cables still connected and positioned such that the rear panel 
can be put back.


If you re-assemble and the UPS doesn't respond to pressing the ON/OFF button, 
then the battery leads have detached.  Start all over again.  Good luck!


It could have been a lot easier.  Roger

Re: Debian GNU/Linux Books

[Roger Price]

On Sun, 12 Nov 2023, Marco Moock wrote:


I don't think book are a good way to teach stuff that changes. A wiki
(maybe with paid access, like RedHat does) is much more better than a
book that can't be updated and will be mostly useless with the next
release because beginner don't know which parts are still entirely
adaptable and which aren't.


Are you saying that I should stop relying on my Dr Linux 4th Ed. ©1996 ?  What's 
going on here ?  Can't trust anything these days.


Roger

PS. My copy of Harley Hahn's “Student's Guide to Unix", ©1993, has on page 206 
a picture of Heidi Stettner and Biff taken circa 1980.  Why doesn't Biff bark 
anymore?

"locate" easier to use than "find"

[Roger Price]

On Mon, 21 Aug 2023, Hans wrote:


find .mozilla -name favicons.sqlite -ls
 1512492   2144 -rw-r--r--   1 myusername myusernama  2195456 Aug 21 13:29 
.mozilla/firefox/gs0gkgv2.default/favicons.sqlite
 1515049    260 -rw-r--r--   1 myusername myusername   262144 Aug 18 22:36 
.mozilla/firefox/th3dv2jy.default-1461749950404/favicons.sqlite


For me command "locate" is easier to use than "find":

rprice@titan ~ locate favicons.sqlite
/mnt/home/rprice/.mozilla/firefox/60mahk24.default-esr/favicons.sqlite
/mnt/home/rprice/.mozilla/firefox/60mahk24.default-esr/favicons.sqlite-wal
/mnt/home/rprice/.mozilla/firefox/sehco4n9.default/favicons.sqlite
/mnt/home/rprice/.mozilla/firefox/sehco4n9.default/favicons.sqlite-shm
/mnt/home/rprice/.mozilla/firefox/sehco4n9.default/favicons.sqlite-wal
rprice@titan ~ inxi -S
System: Host: titan Kernel: 5.10.0-15-amd64 x86_64 bits: 64 Desktop: Xfce 
4.16.0 Distro: Debian GNU/Linux 11 (bullseye)

Roger

Re: Happy 30 Years Debian Project

[Roger Price]

On Wed, 16 Aug 2023, Luna Jernberg wrote:


Happy Birthday 30 years of the Debian Linux Project


I consider Debian to be a major intellectual achievement,  Collective, but still 
a major achievement.


My first Linux ran on an IBM PS/2 L40 SX laptop with a monochrome display.  I 
had to recompile part of the kernel to get the 640x480 display to work.  That 
took over 3 hours on that machine.  An excellent keyboard.


I tried Redhat and SuSE, but finally moved to Debian and never looked back.

Happy Birthday Debian !

Roger

Re: Recommendations for a UPS?

[Roger Price]

On Tue, 1 Aug 2023, Karl Vogel wrote:

  I give a solid vote to Liebert.  I had a near-miss lightning strike
  a few nights ago, and all it did was make my display go out for about
  a second.  It came right back, session intact, didn't lose a thing.


My place took a direct hit from a lightning strike.  Frightening.  Despite two 
differential circuit breakers in front of the UPS, it melted the circuit board 
in an Eaton Ellipse 1600.  The server crashed but no data was lost.  Eaton 
replaced the UPS.


Roger

Re: Recommendations for a UPS?

[Roger Price]

On Mon, 31 Jul 2023, Tom Browder wrote:


I used to use UPS units from APC back when you could replace the battery.
Any recommenndations from fellow Debian folks?


I use Eaton Ellipse ECO 1600's.  I have replaced the batteries.  The 1600 is 
big, but I live in an area with a lot of lightning, long overhead lines and 
repeated shutdowns.  I use NUT and I always shutdown after 2 minutes, whatever 
the battery charge.  For me it's the number of shutdowns that is important, not 
the total battery supported uptime.


The latest Eaton 1600 no longer seems to support automatic power on after wall 
power resumes.  Check on this if it is important to you. 
https://networkupstools.org/


Roger

Re: How could a standalone python binary executable be made from a python script, to be run on other computers that don't have python installed?

[Roger Price]

On Thu, 20 Jul 2023, Susmita/Rajib wrote:


I want to have other users run my python script on their computers,
that don't have python installer, as a standalone binary/executable.


This is the wrong list.  It's a 12 year old question.  A Google search would 
have given you 
https://stackoverflow.com/questions/5458048/how-can-i-make-a-python-script-standalone-executable-to-run-without-any-dependen


Roger

Re: Unable to ssh to Debian 9 from 9 or 11

[Roger Price]

On Mon, 17 Jul 2023, to...@tuxteam.de wrote:


On Sun, Jul 16, 2023 at 03:21:06PM -0400, Timothy M Butterworth wrote:

Do you have TCP wrappers installed and running? Please post the output

of: `less /etc/hosts.allow` `less /etc/hosts.deny`


tcpwrappers would lead to a connection refused, not a timeout.


Confirmed.  File /etc/hosts.allow contains nothing but comments, and file 
/etc/hosts.deny doesn't exist.


Roger

Re: Unable to ssh to Debian 9 from 9 or 11

[Roger Price]

On Sun, 16 Jul 2023, Anssi Saari wrote:


Roger Price  writes:

Does the style of comment give a clue to the tool used ?

Earlier you posted a list of firewall rules like this:

iptables -L -n --line-numbers reports

Chain INPUT (policy ACCEPT)
 num  targetprot opt source destination
  1ufw-before-logging-input  all  --  0.0.0.0/0  0.0.0.0/0

So I would guess ufw.


That's what I thought, but there is no ufw in this Debian 9 machine.  So I had 
to do some archaeology.


It took me a while to discover that long ago this machine ran openSuSE 12.2 and 
was directly attached to the internet, so it ran a modification of the openSuSE 
firewall.  The machine was then migrated to Debian and placed behind a box 
supplied by the internet provider, but it kept running the openSuSE firewall.


 root@kananga ~ systemctl is-enabled SuSEfirewall2
 enabled

The years have gone by. It's still running on Debian 9!. I stopped it with

 root@kananga ~ systemctl disable SuSEfirewall2
 Removed /etc/systemd/system/SuSEfirewall2_setup.service.
 Removed /etc/systemd/system/multi-user.target.wants/SuSEfirewall2.service.
 Removed /etc/systemd/system/multi-user.target.wants/SuSEfirewall2_init.service.
 root@kananga ~ systemctl stop SuSEfirewall2

 root@kananga ~ systemctl is-enabled SuSEfirewall2
 disabled

I then recycled the machine, power off, power on, and I can now ssh into this 
Debian 9 machine from Debian 11 :-) , so I have a permanent solution.


My thanks to all who participated in the discussion,  Roger

Re: Unable to ssh to Debian 9 from 9 or 11

[Roger Price]

On Sun, 16 Jul 2023, mick.crane wrote:


did you try to ssh to the ip address?
I vaguely remember something to do with the keys where I could ssh by number 
but not name.


I ssh from Debian 11 to Debian 9 :

 rprice@titan ~ ssh rprice@192.168.1.13
 ssh: connect to host 192.168.1.13 port 22: Connection timed out

Roger

Re: Unable to ssh to Debian 9 from 9 or 11

[Roger Price]

On Sun, 16 Jul 2023, to...@tuxteam.de wrote:


On Sun, Jul 16, 2023 at 09:39:35AM +0200, Roger Price wrote:


I tried to clear out the existing firewall on a Debian 9 machine with the 
commands


This would be a good time to try ssh :-)



But before chasing that culprit it'd be nice to know we are
barking up the right tree: can you ssh after flushing the
firewalls and /before/ rebooting?


On a Debian 9 machine I typed the commands

  iptables -F
  iptables -X
  iptables -P INPUT ACCEPT
  iptables -P FORWARD ACCEPT
  iptables -P OUTPUT ACCEPT

and then _immediately_ attempted to ssh from Debian 11 to that Debian 9 machine.

rprice@titan ~ ssh rprice@kananga
rprice@kananga's password:
Linux kananga 4.9.0-4-686 #1 SMP Debian 4.9.65-3+deb9u1 (2017-12-23) i686
...

Success! I can ssh 11->9 after flushing the firewall and before rebooting.

I do not know what firewall management tool is in use.  The first 4 lines shown 
by iptables -L were


 Chain INPUT (policy DROP)
 num  target  prot opt source destination
 1ACCEPT  all  --  0.0.0.0/0  0.0.0.0/0 /* 
"main[2993]-set_basic_rules[971]" */
 2ACCEPT  all  --  0.0.0.0/0  0.0.0.0/0 ctstate ESTABLISHED /* 
"set_basic_rules[1028]-allow_basic_established[878]" */
 3ACCEPT  icmp --  0.0.0.0/0  0.0.0.0/0 ctstate RELATED /* 
"set_basic_rules[1028]-allow_basic_established[892]" */

Does the style of comment give a clue to the tool used ?

Roger

Re: Unable to ssh to Debian 9 from 9 or 11

[Roger Price]

On Sun, 16 Jul 2023, mick.crane wrote:


Can you ping the problem machine by name?


 rprice@titan ~ ping -c2 kananga
 PING kananga (192.168.1.16) 56(84) bytes of data.
 64 bytes from kananga (192.168.1.16): icmp_seq=1 ttl=64 time=1.38 ms
 64 bytes from kananga (192.168.1.16): icmp_seq=2 ttl=64 time=1.37 ms

Roger

Re: Unable to ssh to Debian 9 from 9 or 11

[Roger Price]

On Sat, 15 Jul 2023, Greg Wooledge wrote:

On Sat, Jul 15, 2023 at 11:59:33AM +0200, Roger Price wrote:

rprice@kananga:~$ ssh -v rprice@maria
ssh: connect to host maria port 22: Connection timed out


A timeout is an ENTIRELY different symptom, and when combined with
"but I can ping the remote", it means a firewall is involved.  Every
time.


I tried to clear out the existing firewall on a Debian 9 machine with the 
commands


 iptables -F
 iptables -X
 iptables -P INPUT ACCEPT
 iptables -P FORWARD ACCEPT
 iptables -P OUTPUT ACCEPT

 iptables -L -n --line-numbers reports

 Chain INPUT (policy ACCEPT)
 num  targetprot opt source destination
 1ufw-before-logging-input  all  --  0.0.0.0/0  0.0.0.0/0
 2ufw-before-input  all  --  0.0.0.0/0  0.0.0.0/0
 3ufw-after-input   all  --  0.0.0.0/0  0.0.0.0/0
 4ufw-after-logging-input   all  --  0.0.0.0/0  0.0.0.0/0
 5ufw-reject-input  all  --  0.0.0.0/0  0.0.0.0/0
 6ufw-track-input   all  --  0.0.0.0/0  0.0.0.0/0

   ... and so on

I then recycled the Debian 9 machine, power off, power on, for a clean restart,
After the restart, I tried to ssh from Debian 11 to that Debian 9 machine

 rprice@titan ~ ssh -v rprice@kananga
 ssh: connect to host kananga port 22: Connection timed out

So it's something else?  Roger

Re: Unable to ssh to Debian 9 from 9 or 11

[Roger Price]

On Sun, 16 Jul 2023, Intense Red wrote:


  Are you trying to ssh into the box as the root user?


I do not ssh into remote boxes as root; I use ssh to root only within the box.


If so, remember Debian's ssh configuration stops root from logging in.


In my Debian 9 and 11 boxes I see in /etc/ssh/sshd_config "PermitRootLogin yes" 
by default, and by default local and remote root login is possible.


Roger

Re: Unable to ssh to Debian 9 from 9 or 11

[Roger Price]

On Sat, 15 Jul 2023, to...@tuxteam.de wrote:


@Roger: what does "sudo ss -antp" (or "netstat -antp") say? Is sshd
listening on 0.0.0.0:22? Then it's firewall, otherwise (not very
probable,but hey) it's sshd config.


Here is netstat -antp on one of the Debian 9 machines where I am currently 
logged in locally as root via ssh.


 Active Internet connections (servers and established)
 Proto Recv-Q Send-Q Local AddressForeign Address   State   PID/Program 
name
 tcp0  0 0.0.0.0:22   0.0.0.0:* LISTEN  521/sshd
 tcp0  0 127.0.0.1:6310.0.0.0:* LISTEN  4578/cupsd
 tcp0  0 127.0.0.1:22 127.0.0.1:50124   ESTABLISHED 2905/sshd: 
root@pts
 tcp0  0 127.0.0.1:50124  127.0.0.1:22  ESTABLISHED 2903/ssh

Roger

Re: Unable to ssh to Debian 9 from 9 or 11

[Roger Price]

On Sat, 15 Jul 2023, Timothy M Butterworth wrote:


On Sat, Jul 15, 2023 at 7:12 AM Roger Price  wrote:

  The two debian 9 machines can ssh to themselves.

Can you SSH from one Debian 9 to the other Debian 9?


No. I can ping, but I cannot ssh.  The ssh hangs after "Connecting to maria 
[192.168.1.13] port 22".  Roger

Re: Unable to ssh to Debian 9 from 9 or 11

[Roger Price]

On Sat, 15 Jul 2023, to...@tuxteam.de wrote:

To sort out the possible things:
- log in to maria
- try "ssh rprice@localhost": what happens?


The two debian 9 machines can ssh to themselves.


 - if it works, there's an ssh daemon running on maria;
   next to check would be
   - is it listening on the external IP address?
   - is there any firewall in front of it?


It looks as if I have a firewall problem.  Work needed.

RE: Unable to ssh to Debian 9 from 9 or 11

[Roger Price]

On Sat, 15 Jul 2023, Ming Kuang wrote:


Are you using any firewall rules? The phenomenon you describe is very much like 
a
firewall blocking connections to these ports (you can connect out, can't 
connect in).


Thanks for the suggestion. The two Debian 9 machines have customising firewall 
rules set that I can see with iptables -L.  Could well be the problem.  However 
I have completely forgotten how and why the rules were set.  I have more work to 
do.  Thanks again, Roger

Re: Unable to ssh to Debian 9 from 9 or 11

[Roger Price]

On Sat, 15 Jul 2023, Roger Price wrote:

Sorry, a formatting problem.  Let's hope this is clearer 
_

The debian 9 machines are listening on ports 22 and 3493:

 root@maria ~ netstat -pnlt
 Active Internet connections (only servers)
 Proto Recv-Q Send-Q Local Address   Foreign Address  StatePID/Program name
 tcp0  0 0.0.0.0:80  0.0.0.0:*LISTEN   822/apache2
 tcp0  0 0.0.0.0:22  0.0.0.0:*LISTEN   791/sshd
 tcp0  0 0.0.0.0:34930.0.0.0:*LISTEN   1919/upsd
 tcp0  0 0.0.0.0:873 0.0.0.0:*LISTEN   666/rsync

Unable to ssh to Debian 9 from 9 or 11

[Roger Price]

I have three Debian machines on a 192.168.1/24 WiFi network. One is debian 11 
and the two others are debian 9. The network is connected, I can ping from any 
machine to any other.


The problem is that I can ssh from the debian 9's to the debian 11, but not to 
any debian 9, although all the machines can ssh to themselves:


Some ascii art for people with fixed width fonts:

   .--OK--->-debian 11--<--OK--.
   | .<--FAIL titan->--FAIL--. |
   | |   | |
   | v   v |
   debian 9-FAIL--->debian 9
   maria   -<---FAILkananga

# Debian 9 to debian 11: OK
rprice@kananga:~$ ssh rprice@titan
Linux titan 5.10.0-15-amd64 #1 SMP Debian 5.10.120-1 (2022-06-09) x86_64 ...

# Debian 9 to debian 9: FAIL
rprice@kananga:~$ ssh -v rprice@maria
OpenSSH_7.4p1 Debian-10+deb9u2, OpenSSL 1.0.2l  25 May 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to maria [192.168.1.13] port 22.
debug1: connect to address 192.168.1.13 port 22: Connection timed out
ssh: connect to host maria port 22: Connection timed out

The same problem also exists for port 3493 used for UPS management, with the 
same pattern of success and failure between the three machines.


# Debian 9 to debian 11: OK
rprice@kananga:~$ upsc Eaton@titan battery.charge
100
# Debian 9 and 11 to debian 9: FAIL
rprice@kananga:~$ upsc Eaton@maria battery.charge
Error: Connection failure: Connection timed out
rprice@titan /mnt/home upsc Eaton@maria battery.charge
Error: Connection failure: Connection timed out

Any hint or suggestion as to what the problem is would be very welcome, Roger
_

The debian 9 machines are listening on ports 22 and 3493:

root@maria ~ netstat -pnlt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address   Foreign Address  StatePID/Program name 
tcp0  0 0.0.0.0:80  0.0.0.0:*LISTEN   822/apache2 
tcp0  0 0.0.0.0:22  0.0.0.0:*LISTEN   791/sshd 
tcp0  0 0.0.0.0:34930.0.0.0:*LISTEN   1919/upsd 
tcp0  0 0.0.0.0:873 0.0.0.0:*LISTEN   666/rsync


Has systemctl enabled the ssh service?

rprice@kananga:~$ systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: 
enabled)
   Active: active (running) since Fri 2023-07-14 09:35:17 CEST; 3h 45min ago
  Process: 2856 ExecReload=/bin/kill -HUP $MAINPID (code=exited, 
status=0/SUCCESS)
  Process: 2848 ExecReload=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
  Process: 438 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
 Main PID: 521 (sshd)
Tasks: 1 (limit: 4915)
   CGroup: /system.slice/ssh.service
   └─521 /usr/sbin/sshd -D

Jul 14 09:51:09 kananga sshd[521]: Received SIGHUP; restarting.
Jul 14 09:51:09 kananga systemd[1]: Reloaded OpenBSD Secure Shell server.
Jul 14 09:51:09 kananga sshd[521]: Server listening on 0.0.0.0 port 22.
Jul 14 10:10:43 kananga sshd[2905]: Accepted password for root from 127.0.0.1 
port 50124 ssh2
Jul 14 10:10:43 kananga sshd[2905]: pam_unix(sshd:session): session opened for 
user root by (uid=0)
_

What about ssh from non-Debian?  I can ssh to debian 11 from a Samsung 
Galaxy Tab S, but not to any debian 9 box.

Re: Why does Debian have code names for releases?

[Roger Price]

On Sun, 2 Jul 2023, David Wright wrote:


Perhaps more people remember the A5 is the Holyhead Road, rather than


Exactly my point that inanimate objects of which there are many examples are 
best known by numbers.  Numbers so well known that songs are written about the 
number: historic US 66 [1], and in France the historic N7 [2], a vacation 
highway.


Roger

[1] "Route 66" The Nat King Cole Trio
https://www.youtube.com/watch?v=9nuDE1SJlPo

[2] "Nationale 7" Charles Trenet
https://www.youtube.com/watch?v=5SnjC-RROG8

So far no sentimental song about Debian that I know of.

Re: Why does Debian have code names for releases?

[Roger Price]

On Sat, 1 Jul 2023, David Wright wrote:


Unlike numbers, names are memorable and unambiguous (when well-chosen).


This claim is far from evident and needs justification.  The only example I can 
think of is project number 401 which later became the product "Titanic". However 
the name is not memorable in itself: what we remember is the maritime disaster.


Roger

Re: Why does Debian have code names for releases?

[Roger Price]

On Mon, 26 Jun 2023, Darac Marjal wrote:

As you can see, the intention of code names is so that developers 
(of Debian) have a way to refer to an as-yet-unreleased collection of 
packages. Once those set of packages are released (literally, put out there 
in the wild), then they become a numbered version.


Ideally that is how it should work, but usage of code names persists in this 
user list.  I have no problem with code names in the dev list.


OK, a question back at you, then: Why do you feel the need to remember Debian 
codenames?


Because the members of this list continue to use code names.

So, I'd say that, as a user of Debian, you basically want to refer to two 
things:

* Stable/OldStable/OldOldStable to refer to the current and previous releases
* A number to refer to the released version.


Agreed.  I would always use the number to refer to a released version, but the 
problem is that it is not the general usage in this list.


Roger

Why does Debian have code names for releases?

[Roger Price]

I have difficulty remembering the Debian code names for releases Buzz Rex Bo 
Hamm Slink Potato Woody Sarge Etch Lenny Squeeze Wheezy Jessie Stretch Buster 
Bullseye Bookworm Trixie and Forky.


It's much easier to remember that release numbers are in a sequence 1.1 ... 14.

Quoting from Google's response to the question “why does Debian have code 
names?”: « Originally, part of the reason for code names was because it was not 
clear whether the next release would be considered a point release or not: " we 
didn't know whether etch would be released as Debian 3.2 or Debian 4.0 ". »


Etch was released as Debian 4.0 in May 2010.  Is there some reason why Debian 
still continues to invent and use code names?


Roger

See also https://lwn.net/Articles/792646/ “Debian and code names” July 3rd 2019.

Re: RAM

[Roger Price]

On Mon, 12 Jun 2023, Mick Ab wrote:


I have seen the dmidecode command being used, but the reliability of the 
information returned is not reliable.
Is there any command that will reliably give the required RAM information ?


According to man inxi the command "inxi -mxx" tries to improve on dmidecode.

Quoting from man inxi :  Because dmidecode data is extremely unreliable, inxi 
will try to make best guesses.  If you see (check) after the capacity number, 
you should check it with the specifications. (est) is slightly more reliable, 
but you should still check the real specifications before buying RAM. 
Unfortunately there is nothing inxi can do to get truly reliable data about the 
system RAM;  maybe one day the kernel devs will put this data into /sys, and 
make it real data, taken from the actual system, not dmi data. For most people, 
the data will be right, but a significant percentage of users will have either a 
wrong max module size, if present, or max capacity.


Roger

Re: Link to import-im6.q16 not allowed by security policy ?

[Roger Price]

On Thu, 8 Jun 2023, Greg Wooledge wrote:


Roger, what is the full command that you used?  When I tested with
"import foo.png" it worked as expected.


Previously I used to type "import foo.jpg" but got into the habit of typing 
"import /tmp/foo" which I now understand produces the error message.


So this afternoon I went back to typing "import foo.jpg" and this works 
correctly, exactly as expected.  Thanks.  Roger


PS I would have expected a PostScript file by default but now that I know that I 
must specify an acceptable image type, I don't complain. The man page says “By 
default, 'file' is written in the Postscript image format.  To specify a 
particular image format, precede the filename with an image format name and a 
colon (i.e. ps:image) or specify the image type as the filename suffix (i.e. 
image.ps).”

Re: Link to import-im6.q16 not allowed by security policy ?

[Roger Price]

On Thu, 8 Jun 2023, Greg Wooledge wrote:


Roger, what is the full command that you used?  When I tested with
"import foo.png" it worked as expected.


I used to type "import foo.jpg" but got into the habit of typing "import 
/tmp/foo" which produces the error message.


So this afternoon I went back to typing "import foo.jpg" and this works 
correctly, exactly as expected.  Thanks.  Roger


PS I would have expected a PostScript file by default but now that I know that I 
must specify an acceptable image type, I don't complain.  The man page says “By 
default, 'file' is written in the Postscript image format.  To specify a 
particular image format, precede the filename with an image format name and a 
colon (i.e. ps:image) or specify the image type as the filename suffix (i.e. 
image.ps).”

Link to import-im6.q16 not allowed by security policy ?

[Roger Price]

I use the import program provided by Debian 11 (bullseye) to grab parts of the 
screen.  This worked well but I was having difficulty remembering that "import" 
means "screen-grab".  So as root I set up the soft link


 ln -s /usr/bin/import /usr/bin/screen-grab

Now, whenever I try to run screen-grab or import or import-im6.q16 I get the 
error message:


 import-im6.q16: attempt to perform an operation not allowed by the security
 policy `PS' @ error/constitute.c/IsCoderAuthorized/421.

So I removed the link, but calls to import still produce the error message.

How can I get back to the original behaviour?  Where should I start 
looking?


Roger

Re: Isn't KDE Live ISO accompanied by an ultra-light Windows Manager, like OpenBox is with LXDE?

[Roger Price]

On Mon, 29 May 2023, Susmita/Rajib wrote:


My dear illustrious Leaders...


Certainly not me.


Finally, is there a lightweight Windows Manager...


Xfce4 ?

Roger

Re: GenesysLogic USB microscope + uvcvideo interferes with all input

[Roger Price]

On Wed, 14 Sep 2022, Roger Price wrote:


I'm trying to use a USB microscope with Debian 11.  When I plug it in
dmesg reports:

 usb 1-1.2: Manufacturer: GenesysLogic Technology Co., Ltd.
 uvcvideo: Found UVC 1.00 device USB2.0 UVC PC Camera (a16f:0304)

but when I run vlc v412:///dev/video0 , I see a black window flash every 10 
seconds, and I loose control of all mouse and keyboard input.  When I unplug 
the camera, I recover mouse and keyboard.


More testing: the USB microscope works correctly with guvcview 2.0.6 which is 
distributed with Debian 11.  I took all the default options.


Roger

GenesysLogic USB microscope + uvcvideo interferes with all input

[Roger Price]

I'm trying to use a USB microscope with Debian 11.  When I plug it in
dmesg reports:

  usb 1-1.2: Manufacturer: GenesysLogic Technology Co., Ltd.
  uvcvideo: Found UVC 1.00 device USB2.0 UVC PC Camera (a16f:0304)

but when I run vlc v412:///dev/video0 , I see a black window flash every 10 
seconds, and I loose control of all mouse and keyboard input.  When I unplug the 
camera, I recover mouse and keyboard.


I see that in 2017 someone got the camera to work with Ubuntu.
https://ubuntuforums.org/archive/index.php/t-2379144.html
Has anyone got this camera to work with Debian 11?

Roger

Re: Set timing to go into hibernation {Debian Stretch}

[Roger Price]

On Tue, 13 Sep 2022, Richard Owlett wrote:

It's been so long since I set up Debian I've forgotten how to set timing for 
going into hibernation. It's currently set for a much to large a delay.


Where do I look for instructions and descriptions?


I use Right Click on screen, and then Applications -> Settings -> Screensaver

Roger

Re: Can I install Debian operating systems for money?

[Roger Price]

On Wed, 10 Aug 2022, Andy Smith wrote:

I had a negative experience with LPI about 15 years ago where I
signed up for one of their tests at a conference (FOSDEM) just out
of interest and then in the weeks afterwards I was bombarded with
marketing emails.


My apologies for an off-topic comment, but this convinces me of the value of 
having multiple e-mail addresses, with specific addresses for people like LPI.


Roger

Re: Debian 9 cron = sounds are ok : Debian 11 cron no sound

[Roger Price]

On Thu, 21 Jul 2022, Dekks Herton wrote:

Roger Price  writes:



Command cat /sys/devices/cpu/caps/pmu_name reports: westmere


I should have said also that command inxi -Fix reports MCP arch: Nehalem, which 
is specified in more detail by the reference E5645 at 
https://en.wikipedia.org/wiki/Westmere_(microarchitecture)



Ok whats the output of inxi -Fix wrt Audio?


Audio: Device-1: Intel 82801JI HD Audio vendor: Dell driver: snd_hda_intel
 v: kernel bus ID: 00:1b.0
   Device-2: NVIDIA GP107GL High Definition Audio driver: snd_hda_intel
 v: kernel bus ID: 03:00.1
   Device-3: C-Media CMI8738/CMI8768 PCI Audio driver: snd_cmipci v:
 kernel bus ID: 23:00.0
   Device-4: Logitech Portable Webcam C905 type: USB driver:
 snd-usb-audio,uvcvideo bus ID: 2-1.2:4
   Sound Server: ALSA v: k5.10.0-15-amd64


aplay -l?


 List of PLAYBACK Hardware Devices 
card 0: Intel [HDA Intel], device 0: AD1984A Analog [AD1984A Analog]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 0: Intel [HDA Intel], device 2: AD1984A Alt Analog [AD1984A Alt Analog]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 2: NVidia [HDA NVidia], device 3: HDMI 0 [HDMI 0]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 2: NVidia [HDA NVidia], device 7: HDMI 1 [HDMI 1]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 2: NVidia [HDA NVidia], device 8: HDMI 2 [HDMI 2]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 2: NVidia [HDA NVidia], device 9: HDMI 3 [HDMI 3]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 2: NVidia [HDA NVidia], device 10: HDMI 4 [HDMI 4]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 2: NVidia [HDA NVidia], device 11: HDMI 5 [HDMI 5]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 3: CMI8738 [C-Media CMI8738], device 0: CMI8738-MC6 [C-Media PCI DAC/ADC]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 3: CMI8738 [C-Media CMI8738], device 1: CMI8738-MC6 [C-Media PCI 2nd DAC]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 3: CMI8738 [C-Media CMI8738], device 2: CMI8738-MC6 [C-Media PCI IEC958]
  Subdevices: 1/1
  Subdevice #0: subdevice #0

Roger

Re: Debian 9 cron = sounds are ok : Debian 11 cron no sound

[Roger Price]

On Mon, 18 Jul 2022, Dekks Herton wrote:

What kernel is 11 running? are you using a Haswell or Broadwell CPU?


Command inxi reports:
 System:Host: titan Kernel: 5.10.0-15-amd64 x86_64 bits: 64
Desktop: Xfce 4.16.0 Distro: Debian GNU/Linux 11 (bullseye)
 Machine:   Type: Desktop System: Dell product: Precision WorkStation T7500
Mobo: Dell model: 06FW8P v: A00 BIOS: Dell v: A16 date: 05/28/2013
 CPU:   Info: 6-Core model: Intel Xeon E5645 bits: 64 type: MCP L2 cache: 
12 MiB

Command cat /sys/devices/cpu/caps/pmu_name reports: westmere

Roger

Re: Debian 9 cron = sounds are ok : Debian 11 cron no sound [Solved]

[Roger Price]

On Sun, 17 Jul 2022, 16 Jul 2022, Lee wrote:

Nope.  Audio has always just worked; I never had to do anything
special or extra to get it working


Following https://wiki.archlinux.org/title/PulseAudio/Examples ,
I installed file ~/.config/pulse/default.pa

   .include /etc/pulse/default.pa
   set-default-sink alsa_output.pci-_00_1b.0.analog-stereo

rebooted the machine and it works correctly! I hear historic dog Biff still 
barking.


As Lee reported, it just worked, with no need to specify XDG_RUNTIME_DIR. I 
suspect that my ~/.config/pulse/default.pa is not really needed, but by 
installing it I cleaned up the default pulse mess left over by previous 
operating system installations (My user space ~rprice has been running since 
Sept 1994).


To my surprise, when cron calls the Bash script bark.sh, command "pactl list 
short sinks" reports


  Connection failure: Connection refused

and command "pacmd list-sinks" also reports:

  No PulseAudio daemon running, or not running as session daemon.

but if Biff barks, I won't worry.   Roger

Re: Debian 9 cron = sounds are ok : Debian 11 cron no sound

[Roger Price]

On Sun, 17 Jul 2022, Lee wrote:

On 7/17/22, The Wanderer  wrote:

I don't use cron to play sounds, so I can't speak to this directly,
but...

While this may turn out in the end to be pure FUD, when I hear about
things which work properly when run by hand but not when run
automatically on a modern Debian system, my first suspicion is always
that the culprit is the systemd / logind / whatever-it-is "user session"
concept.


I don't know about systemd, but cron sets just a very few environment
vars (interestingly enough, you _do_ get /etc/environment processed).
I'd guess the problem with "works when run interactively but fails
when run from cron" is because most all of the sh setup is skipped for
things started by cron.


I added some debugging commands to the bark.sh script which produces the sounds 
to try to see more clearly what is happening.


When bark.sh is called from the command line I hear the barking and command
 pactl list short sinks   reports:

 1  alsa_output.pci-_00_1b.0.analog-stereo  module-alsa-card.c  
s16le 2ch 44100Hz   RUNNING
 2  alsa_output.pci-_23_00.0.analog-stereo  module-alsa-card.c  
s16le 2ch 44100Hz   SUSPENDED
 48 alsa_output.pci-_03_00.1.hdmi-stereomodule-alsa-card.c  
s16le 2ch 44100Hz   SUSPENDED

but when bark.sh is called by a crontab entry, the same command reports:
 Connection failure: Connection refused

When bark.sh is called from cron, the command pacmd list-sinks also reports:
 No PulseAudio daemon running, or not running as session daemon.

Following https://wiki.archlinux.org/title/PulseAudio/Examples ,
I am currently looking at installing a file ~/.config/pulse/default.pa

 .include /etc/pulse/default.pa
 set-default-sink alsa_output.pci-_00_1b.0.analog-stereo

but its getting hotter in my place and I work slowly.  Roger

Re: Debian 9 cron = sounds are ok : Debian 11 cron no sound

[Roger Price]

On Sat, 16 Jul 2022, Lee wrote:


I don't have play, so I tried aplay .. and it works, even if I'm
logged out, even if someone else is logged in.

## run the script every minute

$ crontab -l | tail -3
# m h  dom mon dow   command
 * *   *   *   */home/lee/bin/neener.sh

## which plays a .wav and an .au file

$ cat ~/bin/neener.sh
#!/bin/sh
/usr/bin/aplay -q $HOME/Sounds/Old/NEENER.WAV
sleep 0.25
/usr/bin/aplay -q $HOME/Sounds/SunOS/busy.au


I get the following error message from aplay:

 ALSA lib pcm_dmix.c:1075:(snd_pcm_dmix_open) unable to open slave
 aplay: main:830: audio open error: Device or resource busy

and a different message from play:

 ALSA lib pcm_dmix.c:1075:(snd_pcm_dmix_open) unable to open slave
 /usr/bin/play FAIL sox: Sorry, there is no default audio device configured

I'm wondering what causes this. Do you have any specific environment variable 
set which defines a default audio device?


Roger

Debian 9 cron = sounds are ok : Debian 11 cron no sound

[Roger Price]

People occasionally have a cron job emit some sound each hour.  On my Debian 9 
machine I hear Biff [1] barking. In /etc/crontab I have an entry to call a 
script bark.sh which does the barking. Typically


 0,1 0,12 * * * rprice full-path-to/bark.sh 12 2>>&1

where bark.sh is a Bash script which calls /usr/bin/play to play a .au file.

This ran for years with Debian 9. I upgrade to Debian 11 and hear nothing.  The 
usual advice is

 (a) in /etc/crontab export XDG_RUNTIME_DIR=/run/user/1000
 (b) play the sound from a script.

But that doesn't work with Debian 11. Does any reader of this list have sound 
coming from a Debian 11 cron job?  If so, how is it done?


Roger

[1] Unix folklore.  There is a picture of Biff with title "Figure 14-3 Heidi 
Stettner and Biff, circa 1980" on page 206 of Harley Hahn's "A Student's Guide 
to Unix". McGraw-Hill, Inc, 1993, ISBN 0-07-025511-3.

Re: Debian 11: MTA Exim4 not listening to fetchmail

[Roger Price]

On Sun, 10 Jul 2022 17:12:18 +0100, Gareth Evans  wrote:

On Sun 10 Jul 2022, at 15:38, Roger Price  wrote:
[...]

I removed the ipv6.disable=1 and rebooted, but this made no difference.


I'm not sure if there may be other issues here too, but did you update-grub 
before rebooting?


No, I forgot. I am ashamed. I ran update-grub and command grep ipv6 
/boot/grub/grub.cfg | wc -l now returns 0.  No more mention of ipv6.


I re-booted and fetchmail now talks to exim4 correctly. Command ss -lnt | grep 
:25 now reports


   LISTEN 0   20  127.0.0.1:25 0.0.0.0:*
   LISTEN 0   20  [::1]:25[::]:*

I can now read my mail on my Debian 11 machine. Many thanks to Gareth and all 
those who commented.


Roger

Debian 11: MTA Exim4 not listening to fetchmail

[Roger Price]

I have successfully used fetchmail and the MTA exim4 to receive mail on a Debian 
9 machine for several years.  I am now trying to migrate this to Debian 11, but 
fetchmail no longer talks to exim4.


systemctl status fetchmail reports

  ● fetchmail.service - LSB: init-Script for system wide fetchmail daemon
 Loaded: loaded (/etc/init.d/fetchmail; generated)
 Active: active (running) since Sun 2022-07-10 15:08:22 CEST; 24min ago
 Process: 1113 ExecStart=/etc/init.d/fetchmail start (code=exited, 
status=0/SUCCESS)
 ...
  Jul 10 15:31:06 titan fetchmail[1127]: pop.free.fr: upgrade to TLS failed.
  Jul 10 15:31:06 titan fetchmail[1127]: Unknown login or authentication error 
on
 roger.pr...@free.fr@pop.free.fr
  Jul 10 15:31:06 titan fetchmail[1127]: socket error while fetching from
 roger.pr...@free.fr@pop.free.fr
  Jul 10 15:31:06 titan fetchmail[1127]: Query status=2 (SOCKET)
  Jul 10 15:31:06 titan fetchmail[1127]: 6 messages for mail...@rogerprice.org
 at mail.gandi.net (40156 octets).
  Jul 10 15:31:06 titan fetchmail[1127]: reading message
mail...@rogerprice.org@mail.gandi.net:1 of 6 (8954 octets)
  Jul 10 15:31:06 titan fetchmail[1127]: Connection errors for this poll:
 name 0: connection to localhost:smtp
 [127.0.0.1/25] failed: Connection 
refused.
 name 1: connection to localhost:smtp
 [127.0.0.1/25] failed: Connection 
refused.
  Jul 10 15:31:06 titan fetchmail[1127]: SMTP connect to localhost failed: 
Query status=10 (SMTP)

Is anyone listening on port 25? On Debian 9 command ss -lnt | grep :25 reports

   LISTEN   0   20   127.0.0.1:25   *:*

but on Debian 11 reports nothing.  Try again with command telnet localhost 25. 
On Debian 9 I saw:


   Trying 127.0.0.1...
   Connected to localhost.
   Escape character is '^]'.
   220 maria ESMTP Exim 4.89 Sun, 10 Jul 2022 14:21:24 +0200

but on Debian 11 I get

   Trying 127.0.0.1...
   Trying ::1...
   telnet: Unable to connect to remote host: Address family not supported by 
protocol

systemctl status exim4 reports

  ● exim4.service - LSB: exim Mail Transport Agent
Loaded: loaded (/etc/init.d/exim4; generated)
Active: active (exited) since Sun 2022-07-10 15:08:22 CEST; 25min ago
Process: 856 ExecStart=/etc/init.d/exim4 start (code=exited, 
status=0/SUCCESS)
...
Jul 10 15:08:22 titan systemd[1]: Starting LSB: exim Mail Transport Agent...
Jul 10 15:08:22 titan exim4[856]: Starting MTA: exim4.
Jul 10 15:08:22 titan exim4[856]: ALERT: exim paniclog 
/var/log/exim4/paniclog
  has non-zero size, mail system possibly 
broken
Jul 10 15:08:22 titan systemd[1]: Started LSB: exim Mail Transport Agent.

Is exim4 listening on port 25? Configuration file /etc/defaults/exim4 shows:

   # Options for the SMTP listener daemon. By default, it is listening on
   # port 25 only. To listen on more ports, it is recommended to use
   # -oX 25:587:10025 -oP /run/exim4/exim.pid
   SMTPLISTENEROPTIONS=''

so exim4 is configured to listen on default port 25. The file 
/var/log/exim4/paniclog contains multiple copies of the message


   IPv6 socket creation failed: Address family not supported by protocol

Is this my problem?  My file /etc/default/grub contained the line

   GRUB_CMDLINE_LINUX="log_buf_len=1M ipv6.disable=1 net.ifnames=0 3"

I removed the ipv6.disable=1 and rebooted, but this made no difference.

Any hint as to why fetchmail cannot talk to exim4 will be much appreciated, 
particularly since this has been running for several years on Debian 9.


Roger

Re: Debian 11: How to disable IPv6

[Roger Price]

On Sat, 9 Jul 2022, Greg Wooledge wrote:


And every single piece of this discussion is irrelevant to the OP's
issue, which is that their MTA is apparently not listening on 127.0.0.1;25.

IPv6 is a red herring.


Yes, this is my fault for choosing an inappropriate Subject line.  I will try 
again with, I hope, a better informed question and a better Subject.


Roger

Re: Debian 11: How to disable IPv6

[Roger Price]

On Sat, 9 Jul 2022, Andy Smith wrote:

On Sat, Jul 09, 2022 at 03:52:03PM +0200, Roger Price wrote:

I would like to disable IPv6 adapters in order to persuade
fetchmail to talk to exim4.


Sounds like you have a misconfiguration that should be fixed, rather
than disabling IPv6 to work around it.


Its the misconfiguration that I'm trying to fix. When I try to start fetchmail I 
get the error message


 Jul 09 10:22:57 titan fetchmail[7286]:
 reading message
 mail...@rogerprice.org@mail.gandi.net:1 of 7 (8954 octets)
 (log message incomplete)
 Jul 09 10:22:57 titan fetchmail[7286]:
 Connection errors for this poll:
 name 0: connection to localhost:smtp [127.0.0.1/25] failed:
 Connection refused.
 name 1: connection to localhost:smtp [127.0.0.1/25] failed:
 Connection refused.
 Jul 09 10:22:57 titan fetchmail[7286]: SMTP connect to localhost failed

I understand this to mean that my Debian 11 machine cannot connect to itself on 
port 25 despite the netfilter rule "iif lo accept", so I assumed it was an IPv6 
problem with fetchmail trying to use IPv6 with exim4. As a check, I tried:


 root@titan ~ telnet localhost 25
 Trying 127.0.0.1...
 Trying ::1...
 telnet: Unable to connect to remote host: Address family not supported by 
protocol

There is nothing I can find in the exim4 configuration that would inhibit IPv6.


   net.ipv6.conf.all.disable_ipv6 = 1
and run sysctl -p as root.  With Debian 11 this generates the error message
   sysctl: cannot stat /proc/sys/net/ipv6/conf/all/disable_ipv6: No such file 
or directory
because directory /proc/sys/net/ipv6 doesn't exist. What is the new way of
disabling IPv6?


That directory exists for me on all of my Debian 11 machines, so I
guess you have something else wrong. Or maybe have already disabled
IPv6 on the kernel command line (don't know if that removes the
net.ipv6 sysfs tree as well).


I have just discovered that in file /etc/default/grub I already have lines

  #  See https://nouveau.freedesktop.org/Bugs.html
  GRUB_CMDLINE_LINUX="log_buf_len=1M ipv6.disable=1 net.ifnames=0 3"

I do not remember adding the ipv6.disable=1 myself.  I do not know where it 
comes from.


Roger

Debian 11: How to disable IPv6

[Roger Price]

In a Debian 11 system, I would like to disable IPv6 adapters in order to 
persuade fetchmail to talk to exim4.  The advice generally given is to add a 
line to /etc/sysctl.conf


 net.ipv6.conf.all.disable_ipv6 = 1

and run sysctl -p as root.  With Debian 11 this generates the error message

 sysctl: cannot stat /proc/sys/net/ipv6/conf/all/disable_ipv6: No such file or 
directory

because directory /proc/sys/net/ipv6 doesn't exist. What is the new way of 
disabling IPv6?


Roger

Re: nft newbie

[Roger Price]

On Sat, 9 Jul 2022, Gareth Evans wrote:


Also for any good nft/netfilter overview articles etc.


Have you seen "Mastering Linux Security and Hardening", 2nd Edition, Donald A. 
Tevault, chapter 4.  Suitable for those of us who read this newbie thread.


Roger

Re: nft newbie

[Roger Price]

On Wed, 6 Jul 2022, Will Mengarini wrote:

* gene heskett  [22-07/06=We 18:50 -0400]:

The man page while quite voluminus is as
usual mostly bereft of useful examples.



has various examples.


May I continue this thread by asking more newbie questions?

I looked at the workstation example, but it doesn't even allow access via ssh. 
On my Debian 11 box I found /usr/share/doc/nftables/examples/workstation.nft 
which does show how to allow incoming ssh, http and https traffic.


Newbie 1: Is it normal for nftables configuration files to be executable?  As a 
newcomer, I expected something more "traditional", ie a file containing only key 
words and data values.


Newbie 2: Command ls -l /etc/nftables.conf reports

   -rwxr-xr-x 1 root root 228 Jan 17  2021 /etc/nftables.conf*

This looks as if anyone can read and execute this file.  I tried as a simple 
user and got the error message


   /etc/nftables.conf:3:1-14: Error: Could not process rule: Operation not 
permitted
   flush ruleset
   ^^

Is execution not permitted for non-root/non-file owner ?

Newbie 3: The configuration file begins with the Bash shebang #!/usr/sbin/nft -f 
but the Debian 11 man page for nftables says


  -f, --file filename Read input from filename. If filename is -, read from 
stdin.

and doesn't mention omitting the filename.  I'm guessing that -f with no file 
name means "read from the remainder of this file".  Is this correct?


My apologies for asking such trivial stuff.
Roger


 is an
HTML version of the man page, which is easier to navigate, at least.

 
may also be helpful.

Re: Debian 11: synaptic fails to fetch fetchmail

[Roger Price]

On Sun, 3 Jul 2022, to...@tuxteam.de wrote:

My hunch is that your synaptic is looking at a stale package database. Do an 
"apt-get update" or whatever you have to do to synaptic to achieve the same 
effect, perhaps the problem goes away.


Yes, I did "apt-get update" and the synaptic problem went away.  Thanks.  Roger

Debian 11: synaptic fails to fetch fetchmail

[Roger Price]

I would like to install fetchmail on Debian 11, but synaptic gives me the 
following error message:


W: Failed to fetch 
http://deb.debian.org/debian/pool/main/f/fetchmail/fetchmail_6.4.16-4_amd64.deb
  404  Not Found [IP: 199.232.178.132 80]

Is this temporary or do I need to look elsewhere for fetchmail .deb?  Roger

Re: Permanent email address?

[Roger Price]

On Sun, 15 May 2022, rhkra...@gmail.com wrote:

I would like to have an email address that will be permanent, ... (And that 
gets my email out of google's control / reach.)


Spend the money, get your own domain, it's worth it.  Roger

Re: What happened to cal?

[Roger Price]

On Sun, 26 Sep 2021, Dedeco Balaco wrote:


Em 26/09/2021 09:35, Roger Price escreveu:

Perhaps the *cal one gets depends on the desktop.


I use Mate Desktop. And i used it with Debian 9 (stretch) before upgrading 
(sequentially) to 11, a few weeks ago. But Greg Wooledge just, in a message in 
another branch of this
thread, the upgrades from previous distributions which contained cal command 
should still contain it. So, we have 2 possibilities here.


I did a fresh install of Debian 11, which explains why I do not have cal.  Roger

Re: What happened to cal?

[Roger Price]

On Sun, 26 Sep 2021, Dedeco Balaco wrote:

$  ls -l /usr/bin/cal 
0 lrwxrwxrwx 1 root root 4 mar 23  2021 /usr/bin/cal -> ncal


Not for all of us.

rprice@titan ~ inxi -S
System:Host: titan Kernel: 5.10.0-8-amd64 x86_64 bits: 64 Desktop: Xfce 
4.16.0 Distro: Debian GNU/Linux 11 (bullseye)

rprice@titan ~ ls /usr/bin/cal
ls: cannot access '/usr/bin/cal': No such file or directory
rprice@titan ~ ls /usr/bin/ncal
ls: cannot access '/usr/bin/ncal': No such file or directory
rprice@titan ~ ls /usr/bin/gcal
/usr/bin/gcal*

Perhaps the *cal one gets depends on the desktop.

Roger

Re: Debian 11: Nvidia NVS 310 with nvidia driver freezes after two days

[Roger Price]

On Tue, 21 Sep 2021, Roger Price wrote:


   Nvidia drivers
   --

Card Quadro 4000, GF100GL. 390.144.  Freezes with blank monitors after 15 
minutes. Card temperature 85C.


Card NVS 310. 390.144.  Freezes with monitors lit after 15 mins - 3 hours.

Card Quadro P400, GP107GL. 460.91.  Card temperature 46C.  Freezes with blank 
monitors before 30 mins.


   Current situation
   -

I wondered if a common feature of all the freezing was the automatic screen 
saver failing, so I installed xscreensaver and configured it to start saving 
my screen after 10 mins inactivity with the Quadro P400 card + 490.91 driver. 
This has so far held up for 22 hours.  If it holds up for a week, I will 
report it as a candidate workaround.


The workaround has held up for 5 days.  I use xscreensaver options "Only One 
Screen Saver", "SlideScreen", Blank after 10 minutes, No lock screen, No Display 
Power Management.  This keeps the monitors busy.


I tried turning on Display Power Management and ended up with frozen 
monitors.


It looks as if the nvidia driver 460.91 (and other versions) breaks when 
attempting to save energy with iiyama 2783QSU monitors.


Roger

Re: Debian 11: Nvidia NVS 310 with nvidia driver freezes after two days

[Roger Price]

On Sun, 19 Sep 2021, Andrew M.A. Cater wrote:


On Sun, Sep 19, 2021 at 01:22:30PM +0200, Roger Price wrote:

My Nvidia NVS 310 card with the nvidia 390.144 driver starts off perfectly,
but after two days freezes: no reaction to keyboard or mouse action.


This comes down, perhaps, to having both nouveau and nididia drivers
on the same system.


I use synaptic, which wants to remove far too many packages if I remove nouveau
so I didn't insist.

On Sun, 19 Sep 2021, Alexander V. Makartsev wrote:

It looks like a hardware problem to me, even if you say it takes two days to 
freeze. Can you tell us more about your system. Is it laptop or is it 
stationary workstation?


The machine is a Dell 6-Core Precision WorkStation T7500, Intel Xeon E5645, with 
Bios dated 2013. The internal temperatures are: cpu: 39.0 C mobo: 26.0 C. The 
RAM total is 47.04 GiByte. I use Xfce 4.16.0.



Was it working just fine before you upgraded to 'bullseye' (ver 5.10 kernel)?


Ran perfectly for 2 years with opensuse 42.3, a Quadro 4000 card and the nvidia 
384.69 driver.  Rock solid.  Quadro 4000 temperature typically 85C.


Have you tried to run some benchmarks to force the issue? By doing that you 
could reveal some potential problem with inadequate cooling or problems of...


Here is a short summary of my notes following my attempts to find a working 
setup on this workstation


Driver: nouveau
---

Card Quadro 4000, GF100GL.  Freezes after 11 minutes with monitors lit. 
Firmware issue: failed to load nvc0_fuc084.  After freeze, journalctl shows


 fifo: INTR 0100 : 0...05   many repetitions
 fifo: INTR 0080    once

Card NVS 310.  Freezes after 6 minutes with monitors lit. Card temperature 46C.

Card Quadro P400, GP107GL. Left monitor spontaneously rotates after 30 min. 
Other random reconfigurations.  Firmware issue: gp107/nvdec/scrubber and 
acr/DL.bin not loaded. Message: Failed to create kernel channel -22. Card 
temperature 45C.


Nvidia drivers
--

Card Quadro 4000, GF100GL. 390.144.  Freezes with blank monitors after 15 
minutes. Card temperature 85C.


Card NVS 310. 390.144.  Freezes with monitors lit after 15 mins - 3 hours.

Card Quadro P400, GP107GL. 460.91.  Card temperature 46C.  Freezes with blank 
monitors before 30 mins.


Current situation
-

I wondered if a common feature of all the freezing was the automatic screen 
saver failing, so I installed xscreensaver and configured it to start saving my 
screen after 10 mins inactivity with the Quadro P400 card + 490.91 driver. 
This has so far held up for 22 hours.  If it holds up for a week, I will report 
it as a candidate workaround.  If it doesn't, I will still be looking for a 
solution.


Roger

Debian 11: Nvidia NVS 310 with nvidia driver freezes after two days

[Roger Price]

My Nvidia NVS 310 card with the nvidia 390.144 driver starts off perfectly, but 
after two days freezes: no reaction to keyboard or mouse action.


After reboot, command journalctl -b -1 --no-pager | grep -i -E "(nvidia|NVRM)" 
reports


 Sep 17 10:43:25 titan kernel: nvidia: loading out-of-tree module taints kernel.
 Sep 17 10:43:25 titan kernel: nvidia: module license 'NVIDIA' taints kernel.
 Sep 17 10:43:25 titan kernel: nvidia: module verification failed: signature 
and/or required key missing - tainting kernel
 Sep 17 10:43:25 titan kernel: nvidia-nvlink: Nvlink Core is being initialized, 
major device number 246
 Sep 17 10:43:25 titan kernel: nvidia :03:00.0: vgaarb: changed VGA 
decodes: olddecodes=io+mem,decodes=none:owns=io+mem
 Sep 17 10:43:25 titan kernel: NVRM: loading NVIDIA UNIX x86_64 Kernel Module 
390.144  Wed Jun  2 23:02:41 UTC 2021 (using threaded interrupts)
 Sep 17 10:43:25 titan kernel: nvidia-modeset: Loading NVIDIA Kernel Mode 
Setting Driver for UNIX platforms  390.144  Wed Jun  2 22:58:46 UTC 2021
 Sep 17 10:43:25 titan kernel: [drm] [nvidia-drm] [GPU ID 0x0300] Loading 
driver
 Sep 17 10:43:25 titan kernel: [drm] Initialized nvidia-drm 0.0.0 20160202 for 
:03:00.0 on minor 0
 Sep 17 10:43:25 titan systemd-modules-load[308]: Inserted module 'nvidia_drm'
 Sep 17 10:43:25 titan kernel: input: HDA NVidia HDMI/DP,pcm=3 as 
/devices/pci:00/:00:03.0/:03:00.1/sound/card1/input4
 Sep 17 10:43:25 titan kernel: input: HDA NVidia HDMI/DP,pcm=7 as 
/devices/pci:00/:00:03.0/:03:00.1/sound/card1/input5
 Sep 17 10:44:13 titan kernel: caller _nv027867rm+0x58/0x90 [nvidia] mapping 
multiple BARs
 Sep 17 10:44:13 titan kernel: caller _nv001015rm+0x1bf/0x1f0 [nvidia] mapping 
multiple BARs
 Sep 17 10:44:13 titan kernel: caller _nv001015rm+0x1bf/0x1f0 [nvidia] mapping 
multiple BARs
 Sep 19 12:04:04 titan kernel: NVRM: GPU at PCI::03:00:  
GPU-b2e8a5f5-e5f3-195f-0aa3-869e3fc027ac
 Sep 19 12:04:04 titan kernel: NVRM: Xid (PCI::03:00): 8, Channel 0006
 Sep 19 12:14:19 titan kernel: nvidia-modeset: ERROR: GPU:0: Idling display 
engine timed out: 0x907c:1:0
 Sep 19 12:14:21 titan kernel: nvidia-modeset: ERROR: GPU:0: Idling display 
engine timed out: 0x907c:1:0
 Sep 19 12:14:23 titan kernel: nvidia-modeset: ERROR: GPU:0: Idling display 
engine timed out: 0x907c:1:0
 Sep 19 12:14:25 titan kernel: nvidia-modeset: ERROR: GPU:0: Idling display 
engine timed out: 0x907c:1:0
 Sep 19 12:14:27 titan kernel: nvidia-modeset: ERROR: GPU:0: Idling display 
engine timed out: 0x907d:0:0
 Sep 19 12:14:29 titan kernel: nvidia-modeset: ERROR: GPU:0: Idling display 
engine timed out: 0x907c:0:0
 Sep 19 12:14:31 titan kernel: nvidia-modeset: ERROR: GPU:0: Idling display 
engine timed out: 0x907c:1:0
 Sep 19 12:14:39 titan kernel: nvidia-modeset: ERROR: GPU:0: Idling display 
engine timed out: 0x907d:0:0

inxi -SxGay reports:

System:
  Host: titan Kernel: 5.10.0-8-amd64 x86_64 bits: 64 compiler: gcc v: 10.2.1
  parameters: BOOT_IMAGE=/boot/vmlinuz-5.10.0-8-amd64
  root=UUID=faab0405-0274-4392-bca4-0f6fb6635a87 ro log_buf_len=1M
  ipv6.disable=1 net.ifnames=0 3 quiet
  Desktop: Xfce 4.16.0 tk: Gtk 3.24.24 info: xfce4-panel wm: xfwm4
  dm: LightDM 1.26.0 Distro: Debian GNU/Linux 11 (bullseye) 
Graphics:

  Device-1: NVIDIA GF119 [NVS 310] vendor: Hewlett-Packard driver: nvidia
  v: 390.144 bus ID: 03:00.0 chip ID: 10de:107d class ID: 0300
  Display: server: X.Org 1.20.11 driver: loaded: nvidia
  unloaded: fbdev,modesetting,nouveau,vesa alternate: nv
  display ID: localhost:10.0 screens: 1
  Screen-1: 0 s-res: 2880x2560 s-dpi: 96 s-size: 762x677mm (30.0x26.7")
  s-diag: 1019mm (40.1")
  Monitor-1: DP-2 res: 1440x2560 hz: 60
  Monitor-2: DP-3 res: 1440x2560 hz: 60
  OpenGL: renderer: NVS 310/PCIe/SSE2 v: 4.6.0 NVIDIA 390.144
  direct render: Yes

I still have nouveau present.  dpkg-query -l | grep nouveau reports:
 ii  libdrm-nouveau2:amd64  2.4.104-1  amd64 Userspace interface to 
nouveau-specific kernel DRM services -- runtime
 ii  xserver-xorg-video-nouveau 1:1.0.17-1 amd64 X.Org X server -- Nouveau 
display driver

Any suggestion or hint for avoiding this freeze would be much appreciated.

Roger

Re: Debian 11: evince and apparmor flood kernel log

[Roger Price]

On Sat, 18 Sep 2021, Klaus Singvogel wrote:


Roger Price wrote:

In Debian 11, evince has an appamor profile which floods the kernel log with
hundreds of messages of the style:


Not only at Debian 11, even Debian 10 has it.

[...]

 (evince:2869): GVFS-WARNING **: 22:18:18.510: can't init metadata tree 
/mnt/home/rprice/.local/share/gvfs-metadata/home: open: Permission denied

[...]

Is there some way of calming evince+appamor?


The location of your home is uncommon (as on my side).

Fix: edit /etc/apparmor.d/tunables/home.d/site.local


In site.local I found

 # The following is a space-separated list of where additional user home
 # directories are stored, each must have a trailing '/'. Directories added
 # here are appended to @{HOMEDIRS}.  See tunables/home for details. Eg:
 #@{HOMEDIRS}+=/srv/nfs/home/ /mnt/home/

where curiously, the apparmor installation seems to have detected my non-common 
/home and made the necessary addition, but appended to a commented out example.


I added line /mnt/home/ and tried to restart apparmor.service.  This failed with 
error messages such as


Sep 18 12:08:33 titan apparmor.systemd[5150]: AppArmor parser error for
 /etc/apparmor.d/lsb_release in /etc/apparmor.d/tunables/multiarch at line 13:
 syntax error
Sep 18 12:08:33 titan apparmor.systemd[5154]: AppArmor parser error for
 /etc/apparmor.d/nvidia_modprobe in /etc/apparmor.d/tunables/multiarch at line
 13: syntax error

So I tried replacing @{HOMEDIRS}=/home/ with @{HOMEDIRS}=/mnt/home/ in file 
/etc/apparmor.d/tunables/home


I restarted apparmor.service and some light testing shows that the problem is 
solved.


My error in site.local was probably to have added /mnt/home and not 
@{HOMEDIRS}+=/mnt/home


Thanks to all who responded!  Roger

Debian 11: evince and apparmor flood kernel log

[Roger Price]

In Debian 11, evince has an appamor profile which floods the kernel log with 
hundreds of messages of the style:


 [24216.325764] audit: type=1400 audit(1631892398.580:255): apparmor="DENIED"
  operation="open" profile="/usr/bin/evince"
  name="/mnt/home/rprice/.local/share/gvfs-metadata/home" pid=2229
  comm="pool-evince" requested_mask="r" denied_mask="r" fsuid=2108 ouid=2108

and floods the console with messages such as

 (evince:2869): GVFS-WARNING **: 22:18:18.510: can't init metadata tree 
/mnt/home/rprice/.local/share/gvfs-metadata/home: open: Permission denied
 ** (evince:2869): WARNING **: 22:18:18.510: Error setting file metadata: can’t 
open metadata tree

Command ls -l /mnt/home/rprice/.local/share/gvfs-metadata/home reports

 -rw--- 1 rprice cs-users 800 Aug 18 10:48 
/mnt/home/rprice/.local/share/gvfs-metadata/home

Quoting file /etc/apparmor.d/usr.bin.evince:

 # evince is not written with application confinement in mind and is designed to
 # operate within a trusted desktop session where anything running within the
 # user's session is trusted.

I solved the problem by switching to mupdf, but mupdf is not as complete as 
evince.


Is there some way of calming evince+appamor?

Roger

Re: Debian 11, Nvidia Quadro P400, 2xiiyama 2560x1440, nvidia driver

[Roger Price]

On Thu, 16 Sep 2021, Andrei POPESCU wrote:

On Mi, 15 sep 21, 15:26:12, Roger Price wrote:

nouveau froze after 11 minutes.  dmesg reports;

 [  145.357954] nouveau :03:00.0: firmware: failed to load 
nouveau/nvd9_fuc084 (-2)



Where can I get the required nouveau/nvd9_fuc084 ?


A quick DDG found #990662, which suggests it's not available in a Debian
package (yet?).

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990662


Thanks for the link and thanks to ma...@debian.org for reporting it.

Roger

Re: Debian 11, Nvidia Quadro P400, 2xiiyama 2560x1440, nvidia driver

[Roger Price]

On Mon, 6 Sep 2021, Felix Miata wrote:


Roger Price composed on 2021-09-06 22:39 (UTC+0200):

Felix Miata wrote:



The in-use X/display driver:

Display: x11 server: X.Org 1.20.11 driver: loaded: modesetting


Available, but not in-use, X/display drivers:

unloaded: fbdev,vesa


Unloaded X/display could have listed also nouveau, but didn't because
xserver-xorg-video-nouveau was not installed.

Modesetting is the default X/display driver, which generally will not be used if
xserver-xorg-video-nouveau is installed. Modesetting is newer technology than 
the
reverse-engineered xserver-xorg-video-nouveau.

Which "nouveau" did you determine to be not ready for a >3 year old P400?


Sorry, I missed your message.

By "not ready" I meant an incomprehensible jumble which I didn't note in detail. 
I now suspect that the Quadro P400 card has problems, but I don't have a second 
card to substitute as a test.


Currently installed:
 xserver-xorg-video-nouveau 1:1.0.17-1
 libdrm-nouveau22.4.104-1

Roger

Re: Debian 11, Nvidia Quadro P400, 2xiiyama 2560x1440, nvidia driver

[Roger Price]

On Mon, 6 Sep 2021, Felix Miata wrote:


FOSS drivers and xrandr work for me:
# xrandr --output DP-1 --mode 2560x1440 --primary --rotate left --output DP-2 
--mode 2560x1080 --rotate left --right-of DP-1



Graphics:
 Device-1: NVIDIA GF119 [NVS 310] vendor: Hewlett-Packard driver: nouveau


I've been trying many combinations of xorg.conf variants and output connections. 
I found a setup which starts correctly with one 2880x2560 screen across two 
2560x1440 monitors in portrait mode.


  ,---,
 Left monitor   DP-4  3   |
 Right monitor  DP-0  2   Quadro P400 |
DP-2  1   |
  MMM Motherboard

But this is unstable.  Without activity on my part the screens blank, and when I 
hit a key, the setup is now 1440x2560 on the left monitor only. File 
/var/log/Xorg.0.log reports:


 [  7706.762] (WW) NVIDIA(0): MetaMode "DP-0:nvidia-auto-select" could not be 
re-validated
 [  7706.762] (WW) NVIDIA(0): against the current hardware configuration; 
removing.
 [  7706.762] (WW) NVIDIA(0): MetaMode "DP-0:2560x1440_70" could not be 
re-validated against
 [  7706.762] (WW) NVIDIA(0): the current hardware configuration; removing.
 [  7706.762] (WW) NVIDIA(0): MetaMode "DP-0:2048x1280" could not be 
re-validated against
 [  7706.762] (WW) NVIDIA(0): the current hardware configuration; removing.
 ...
 [  7706.762] (WW) NVIDIA(0): MetaMode "DP-0:640x480_60_0" could not be 
re-validated against
 [  7706.762] (WW) NVIDIA(0): the current hardware configuration; removing.

There seems to be a basic instability in Quadro P400 + Nvidia 460.91.03.  I have 
seen spontaneous changes from 1440x2560 to 2560x900 or 480x640, spontaneous 
rotations, and refusals to return from power-saving blanking.  Ctl-Alt-Keypad-+ 
has no effect


I followed your example, bought an Nvidia GF119 [NVS 310] for 41€, removed all 
the nvidia packages, removed xorg.conf, installed the NVS 310 and restarted the 
machine.


I got a perfect 2880x2560 screen across the two monitors.  I can slide windows 
from one monitor to another. but I didn't get much work done.


nouveau froze after 11 minutes.  dmesg reports;

 [  145.357954] nouveau :03:00.0: firmware: failed to load 
nouveau/nvd9_fuc084 (-2)
 [  145.357959] firmware_class: See https://wiki.debian.org/Firmware for 
information about missing firmware
 [  145.357962] nouveau :03:00.0: Direct firmware load for 
nouveau/nvd9_fuc084 failed with error -2
 [  145.357973] nouveau :03:00.0: firmware: failed to load 
nouveau/nvd9_fuc084d (-2)
 [  145.357975] nouveau :03:00.0: Direct firmware load for 
nouveau/nvd9_fuc084d failed with error -2
 [  145.357977] nouveau :03:00.0: msvld: unable to load firmware data
 [  145.357979] nouveau :03:00.0: msvld: init failed, -19

I searched at https://www.debian.org/distrib/packages#search_contents for 
nvd9_fuc084 but found nothing.


I downloaded file firmware.tar.gz from
https://cdimage.debian.org/cdimage/unofficial/non-free/firmware/bullseye/current/
but couldn't find any nvidia firmware.

Where can I get the required nouveau/nvd9_fuc084 ?

Roger

Re: Debian 11, Nvidia Quadro P400, 2xiiyama 2560x1440, nvidia driver

[Roger Price]

On Mon, 6 Sep 2021, Anssi Saari wrote:


Roger Price  writes:


Before I plunge into the details, does anyone have a working xorg.conf
for such a setup?  I would prefer to start with something that works
rather than describe in detail something that doesn't work.


Maybe just dump the xorg.conf? If you use a desktop environment then it
likely has a GUI tool to set the monitors up. Or use xrandr?


I attach a report from inxi -Gay showing incorrect DP-0 monitor resolution plus 
my xorg.conf and parts of Xorg.0.conf


When I move to run level 5 in a fresh system start, the result is not always the 
same.  Sometimes DP-0 (on the right) is receiving signal for a short time. 
After 15-30 minutes DP-2 (on the left) goes dark and I have to reboot. Sometimes 
one or the other monitor will change to 900x1600 on its own without any user 
action.


Roger


Graphics:
  Device-1: NVIDIA GP107GL [Quadro P400] driver: nvidia v: 460.91.03
  bus ID: 03:00.0 chip ID: 10de:1cb3 class ID: 0300
  Display: server: X.Org 1.20.11 driver: loaded: nvidia
  display ID: localhost:10.0 screens: 1
  Screen-1: 0 s-res: 1440x2560 s-dpi: 96 s-size: 381x677mm (15.0x26.7")
  s-diag: 777mm (30.6")
  Monitor-1: DP-0 res: 900x1600 hz: 60
  Monitor-2: DP-2 res: 1440x2560 hz: 60
  OpenGL: renderer: Quadro P400/PCIe/SSE2 v: 4.6.0 NVIDIA 460.91.03
  direct render: Yes


# nvidia-settings: X configuration file generated by nvidia-settings
# nvidia-settings:  version 460.91.03

Section "ServerLayout"
Identifier "Layout0"
Screen  0  "Screen0" 0 0
InputDevice"Keyboard0" "CoreKeyboard"
InputDevice"Mouse0" "CorePointer"
Option "Xinerama" "0"
EndSection

Section "Files"
EndSection

Section "Module"
Load   "dbe"
Load   "extmod"
Load   "type1"
Load   "freetype"
Load   "glx"
EndSection

Section "InputDevice"
# generated from default
Identifier "Mouse0"
Driver "mouse"
Option "Protocol" "auto"
Option "Device" "/dev/psaux"
Option "Emulate3Buttons" "no"
Option "ZAxisMapping" "4 5"
EndSection

Section "InputDevice"
# generated from default
Identifier "Keyboard0"
Driver "kbd"
EndSection

Section "Monitor"
# HorizSync source: edid, VertRefresh source: edid
Identifier "Monitor0"
VendorName "Unknown"
ModelName  "Idek Iiyama PL2783Q"
HorizSync   120.0 - 120.0
VertRefresh 48.0 - 70.0
Option "DPMS"
EndSection

Section "Device"
Identifier "Device0"
Driver "nvidia"
VendorName "NVIDIA Corporation"
BoardName  "Quadro P400"
EndSection

Section "Screen"
Identifier "Screen0"
Device "Device0"
Monitor"Monitor0"
DefaultDepth24
Option "Stereo" "0"
Option "nvidiaXineramaInfoOrder" "DFP-2"
Option "metamodes" "DP-2: nvidia-auto-select +0+0 {rotation=left}, DP-0: 
nvidia-auto-select +1440+0 {rotation=left}"
Option "SLI" "Off"
Option "MultiGPU" "Off"
Option "BaseMosaic" "off"
SubSection "Display"
Depth   24
EndSubSection
EndSection


Parts of Xorg.0.log :

[61.700] (==) Log file: "/var/log/Xorg.0.log", Time: Mon Sep  6 18:54:06 
2021
[61.702] (==) Using config file: "/etc/X11/xorg.conf"
[61.702] (==) Using system config directory "/usr/share/X11/xorg.conf.d"
[61.704] (==) ServerLayout "Layout0"
[61.704] (**) |-->Screen "Screen0" (0)
[61.704] (**) |   |-->Monitor "Monitor0"
[61.705] (**) |   |-->Device "Device0"
[61.705] (**) |-->Input Device "Keyboard0"
[61.705] (**) |-->Input Device "Mouse0"
[61.705] (**) Option "Xinerama" "0"

[61.755] (**) NVIDIA(0): Option "nvidiaXineramaInfoOrder" "DFP-2"
[61.755] (**) NVIDIA(0): Option "SLI" "Off"
[61.755] (**) NVIDIA(0): Option "MultiGPU" "Off"
[61.755] (**) NVIDIA(0): Option &quo

Re: Debian 11, Nvidia Quadro P400, 2xiiyama 2560x1440, nvidia driver

[Roger Price]

On Mon, 6 Sep 2021, Felix Miata wrote:


FOSS drivers and xrandr work for me:
# inxi -Gay
Graphics:
 Device-1: NVIDIA GF119 [NVS 310] vendor: Hewlett-Packard driver: nouveau


I too would prefer a FOSS driver. I tried nouveau, but it is not currently ready 
for the Quadro P400.


Roger

Debian 11, Nvidia Quadro P400, 2xiiyama 2560x1440, nvidia driver

[Roger Price]

Debian 11, Nvidia Quadro P400 card, 2xiiyama 2560x1440 monitors, and the nvidia 
driver.


I am trying to get 2 iiyama monitors rotated to portrait mode to show a single 
2880x2560 screen, but so far only the left monitor lights up with a 1440x2560 
screen.


The Quadro P400 has 3 mini-DisplayPort connectors numbered 1, 2 and 3 starting 
from the motherboard.

  ,---,
DP-4  3   |
 Right monitor  DP-0  2   Quadro P400 |
 Left monitor   DP-2  1   |
  MMM Motherboard

xrandr reports that these ports are seen as 1 -> DP-2, 2 -> DP-0, 3 -> DP-4.

I connect mini-DisplayPort 1 (DP-2) to the left side monitor and 
mini-DisplayPort 2 (DP-0) to the right monitor.  There is nothing connected to 
port 3.  I used nvidia-select to try to set up the screen.  This produces a file 
/etc/X11/xorg.conf in which I have


screen 0:
 Option"metamodes" "DP-2: nvidia-auto-select +0+0 {rotation=left}"

screen 1:
 Option"metamodes" "DP-0: nvidia-auto-select +1440+0 {rotation=left, 
AllowGSYNC=Off}"

This uses only the left monitor.  The right is not even powered on.

Before I plunge into the details, does anyone have a working xorg.conf for such 
a setup?  I would prefer to start with something that works rather than describe 
in detail something that doesn't work.


Roger

Quadro P400 data sheet:
https://www.nvidia.com/content/dam/en-zz/Solutions/design-visualization/productspage/quadro/quadro-desktop/quadro-pascal-p400-data-sheet-us-nv-704503-r1.pdf

Debian 11, nouveau, Nvidia GF100GL Quadro 4000 - monitors freeze after a few minutes

[Roger Price]

A Dell Precision 7500 with an Nvidia NVC0 (Fermi) GF100GL Quadro 4000 video card 
and two iiyama B2783QSU monitors, Xfce and nouveau: very nice indeed when it 
comes up, but after 3-30 minutes the monitors freeze and lock up. No reaction to 
any keyboard or mouse activity. I have to ssh to the box to restart it.


I tried telinit 3 followed by telinit 5, but this leaves me with two blank 
monitors, receiving a signal (monitor's blue light).


xscreensaver is not installed, neither is any other program calling itself 
"screensaver".


I tried swapping the card with an identical GF100GL card and got the same 
freeze.  I submitted Bug#992256 with dmesg, Xorg.0.log and lspci -k -vv -s 
03:00.0.


Roger

Re: Always run apt update before clicking on synaptic ?

[Roger Price]

On Sun, 15 Aug 2021, Brad Rogers wrote:


On Sun, 15 Aug 2021 20:13:55 +0200 (CEST)
Roger Price  wrote:


always run apt update manually before clicking on synaptic?

No, just hit Synaptic's reload button.


Thanks to all those who replied.  It should have seen and understood "reload".

Roger

Re: Always run apt update before clicking on synaptic ?

[Roger Price]

On Sun, 15 Aug 2021, Brian wrote:

On Sun 15 Aug 2021 at 20:13:55 +0200, Roger Price wrote:


Does this mean that synaptic does _not_ call apt update, and that I should
always run apt update manually before clicking on synaptic?

Some experiments suggest that this is the case.


You would have to describe the experiments to have anywhere near a
convincing case that merited close attention.


 1. I added "contrib non-free" to the deb lines in /etc/apt/sources.list
 2. I ran synaptic, searched for "nvidia", and saw only 4 items.
 3. I ran apt update
 4. I ran synaptic, searched for "nvidia", and saw approximately 200 items.

Roger

Always run apt update before clicking on synaptic ?

[Roger Price]

man synaptic says « It allows you to perform all actions of the command line 
tool apt-get in a graphical environemnt. »


In the help manual I read « Reload the package information to be aware of the 
latest versions available: »


Does this mean that synaptic does _not_ call apt update, and that I should 
always run apt update manually before clicking on synaptic?


Some experiments suggest that this is the case.

Roger

Re: [OFFTOPIC] Editing a file (was: percent char '%' in sudoers file)

[Roger Price]

On Tue, 10 Aug 2021, Stefan Monnier wrote:


Roger Price [2021-08-10 11:11:24] wrote:

On Tue, 10 Aug 2021, Bob Bernstein wrote:

Full disclosure: In a typical Bob fit of impulsivity I, yes, edited this
file using 'sudo nsno /etc/sudoers'.

My impulse would be to use  VISUAL=/usr/bin/emacs visudo -f /etc/sudoers


You guys have amazing impulse control.
My fingers would have typed `e /etc/suders` before I would have had
a chance to do anything about it.


 Young Stefan had fingers so fast
 No filename was safe from the blast
When emacs was "e"
It was easy to see
 sud(o)ers was not meant to last

Re: percent char '%' in sudoers file

[Roger Price]

On Tue, 10 Aug 2021, Bob Bernstein wrote:

Full disclosure: In a typical Bob fit of impulsivity I, yes, edited this file 
using 'sudo nsno /etc/sudoers'.


My impulse would be to use  VISUAL=/usr/bin/emacs visudo -f /etc/sudoers

Roger

Re: Debian 11 Xfce - Applications -> Settings -> Network Connections missing

[Roger Price]

On Mon, 9 Aug 2021, Roger Price wrote:

I'm trying to set up a Wi-Fi connection in Debian 11 with Xfce.  In previous 
Debian Xfce installations I found Applications -> Settings -> Network 
Connections which offered a useful GUI.  I can't find the Netwok Connections 
GUI in Debian 11.


To answer part of my own question: I have found /usr/bin/nm-connection-editor 
If I call it from the command line I get the GUI, but it's missing in 
Applications -> Settings.


Roger

Debian 11 Xfce - Applications -> Settings -> Network Connections missing

[Roger Price]

I'm trying to set up a Wi-Fi connection in Debian 11 with Xfce.  In previous 
Debian Xfce installations I found Applications -> Settings -> Network 
Connections which offered a useful GUI.  I can't find the Netwok Connections GUI 
in Debian 11.  Is there some additional package I need to install?


Command nmcli general reports that eth0 and wlan0 interfaces are operational, 
but I would prefer to continue using a GUI interface to set up wlan0 if this is 
possible.


Roger

Re: Only One Side Speaker is giving sound

[Roger Price]

On Mon, 9 Aug 2021, Rishi wrote:


Waiting for some guidance to resolve this. :)


While you are waiting, check alsamixer - are both channels at the same level?

Roger

Re: IANA port ups/401

[Roger Price]

On Wed, 31 Mar 2021, Dan Ritter wrote:


Roger Price wrote:

On Wed, 31 Mar 2021, to...@tuxteam.de wrote:


On Wed, Mar 31, 2021 at 04:51:55PM +0200, Roger Price wrote:

Has any reader of this list ever used IANA port ups/401
"Uninterruptible Power Supply" (other than the One Windows Trojan)?
I'm looking for protocol documentation or reports of usage. The port
was assigned in 2008 to Mr. Charles Bennett as both assignee and
contact. Mr. Bennett himself died in 2015.


Sysadmin-type since 1996ish, so: in the last 25 years, I believe
the only time I have encountered "ups/401" is in /etc/services.

SunOS
Solaris
DEC OSF/1
Harris Nighthawk something-or-another B3 (awful even for the
time)
VMS on a microVAX the size of a largish microwave oven
NetBSD and OpenBSD but somehow never FreeBSD
Linux in many distros


This is exactly what I have suspected.  ups/401 is widely known since it 
features in /etc/services, but it has no users.


In an I-D [1], I explain that I would like to use port name "ups" for UPS 
management over TLS 1.3 which is not available in the current NUT (Network UPS 
Tools) package 2.7.4.  Such a "take-over" is not evident, since for example 
direct transfers of IANA names and numbers are not allowed.  One of the hurdles 
to be overcome is demonstrating that "ups" is not being used.


Roger

[1]
https://www.ietf.org/archive/id/draft-rprice-ups-management-protocol-03.html#name-nut-project-requirement

Re: IANA port ups/401

[Roger Price]

On Wed, 31 Mar 2021, to...@tuxteam.de wrote:


On Wed, Mar 31, 2021 at 04:51:55PM +0200, Roger Price wrote:

Has any reader of this list ever used IANA port ups/401
"Uninterruptible Power Supply" (other than the One Windows Trojan)?
I'm looking for protocol documentation or reports of usage. The port
was assigned in 2008 to Mr. Charles Bennett as both assignee and
contact. Mr. Bennett himself died in 2015.


Funny. Search engine finds someone with your name:

 https://html.duckduckgo.com/html/?q=%22401%22+%22UPS%22+site:tools.ietf.org

giving:

 https://tools.ietf.org/html/draft-rprice-ups-management-protocol-00

I have the strong hunch you /know/ this person :-)


I do not confirm and I do not deny that I know that guy :-) In the discussions 
associated with the I-D, I expect IANA to ask to be shown that there are no 
current users for ups/401.  It seemed useful to tap the accumulated wisdom and 
deep memories of the debian list.


Cheers, Roger

IANA port ups/401

[Roger Price]

Has any reader of this list ever used IANA port ups/401 "Uninterruptible Power 
Supply" (other than the One Windows Trojan)?  I'm looking for protocol 
documentation or reports of usage. The port was assigned in 2008 to Mr. Charles 
Bennett as both assignee and contact. Mr. Bennett himself died in 2015.


Roger

PS: The NUT package uses port nut/3493 for UPS management.

UPS, was RTL problem

[Roger Price]

On Sun, 28 Mar 2021, Maureen L Thomas wrote:


I am on an ups box so I don't understand how this happened.


Hello Maureen, The UPS will protect your stuff from external power supply 
problems, but not from internal deterioration.


Have you checked that your UPS is doing it's job correctly?  If you pull the 
power cord from the wall does the system shutdown cleanly?  How old are your 
batteries?  They need replacing every 4 years.  We have had people in the 
nut-upsuser list telling us that the shutdown software wasn't working, when 
the battery was 12 years old.


Roger

Re: [Postfix] Rejeter les messages venant d'une IP sans reverse (ou mal formé)

[Roger Price]

On Tue, 17 Nov 2020, JUPIN Alain wrote:


Sur une installation Postfix d'une Debian 10.6 (à jour), j'ai toujours
un nombre relativement important de messages qui viennent d'adresse IP
"inconnues"
Exemple : Received: from [149.27.181.246] (unknown [149.27.181.246])

On voit que l'adresse IP n'a pas de reverse, mais comment les bloquer ?
J'ai la directive suivante dans le main.cf :
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain, permit_sasl_authenticated, permit_mynetworks

PS : La plupart de ces messages passent en SPAM mais pas tous, mais
autant tous les bloquer !


Y compris ceci ?

Received: from [IPv6:2a01:e0a:242:8fe0:54a5:f697:9115:ccdb] (unknown 
[IPv6:2a01:e0a:242:8fe0:54a5:f697:9115:ccdb])

(Authenticated sender: ajupin)
by smtp6-g21.free.fr (Postfix) with ESMTPSA id CFFA3780346
for ; Tue, 17 Nov 2020 15:53:21 + 
(UTC)

From: JUPIN Alain 

Roger

Re: wrong from field with alpine

[Roger Price]

On Wed, 21 Oct 2020, David Wright wrote:

On Wed 21 Oct 2020 at 20:25:06 (+0200), Roger Price wrote:

On Wed, 21 Oct 2020, davidson wrote:

One thing you could try is go to config settings in alpine

Main menu >> Setup >> Config

search for the setting "Customized Headers", and set it to
something like this:

 Customized Headers   = From: Pierre Frenkiel 


Thanks, I've wondered for a long time how to do this.  Is it possible
to set a second customized header?  I tried to append Cc: ... but got
an error message.


Did you separate the headers with a comma?

If it's not that, perhaps explain "append" and disclose the error message.

http://alpine.x10host.com/alpine/alpine-info/misc/headers.html


The error message was the From: field in a new email:

 From: Roger Price ,
   UNEXPECTED_DATA_AFTER_ADDRESS@".SYNTAX-ERROR."

I had forgotten the comma.  With a comma I now get

 Customized Headers  = From: Roger Price 
       Cc: Roger Price 

and the correct headers.

Roger

Re: wrong from field with alpine

[Roger Price]

On Wed, 21 Oct 2020, davidson wrote:


On Sun, 18 Oct 2020 Pierre Frenkiel wrote:
when I send a mail with alpine, the from field becomes 
"frenk...@laposte.net" instead of "p.frenk...@laposte.net"


One thing you could try is go to config settings in alpine

Main menu >> Setup >> Config

search for the setting "Customized Headers", and set it to something like 
this:


 Customized Headers   = From: Pierre Frenkiel 


Thanks, I've wondered for a long time how to do this.  Is it possible to set a 
second customized header?  I tried to append Cc: ... but got an error message.


Roger

Re: Looping Shell Scripts and System Load

[Roger Price]

On Wed, 24 Jun 2020, Greg Wooledge wrote:


MEDIADIR=`pwd`


Don't use all caps variable names.


Without getting into syntax-religious wars, what is the reasoning behind this 
recommendation?  Roger

Re: new, not nice web bots disposal

[Roger Price]

On Wed, 26 Feb 2020, Gene Heskett wrote:

This just showed up this morning, but no clue what it might be.  Blocked it 
anyway. 46th rule.


coyote.coyote.den:80 91.160.218.196 - - [25/Feb/2020:19:06:58 -0500] "-"
408 0 "-" "-"

No clue, butt dial? PROXAD.net someplace in France.


That's my ISP.  It's called "Free".  It features some real idiots who have to 
be blocked.


Roger

Re: new, not nice web bots disposal

[Roger Price]

On Wed, 26 Feb 2020, Dan Ritter wrote:

If you find yourself needing to add lots more rules, you might want to 
generate a "set" instead of individual rules:


http://ipset.netfilter.org/
https://www.linuxjournal.com/content/advanced-firewall-configurations-ipset
might be useful.


I find ipsets the natural way of setting up rules.  I run a script which blocks 
whole countries, taking the country data from 
http://ipverse.net/ipblocks/data/countries/


Simple and efficient.  I once had a set with 14 (yes, 140 thousand) ipblocks 
in an ipset with no apparent performance hit.


Roger

Re: OT: Belkin F1DS104J KVM and PCs on a UPS

[Roger Price]

On Thu, 30 Jan 2020, rhkra...@gmail.com wrote:


Anybody have experience with the Belkin F1DS10[2 4]J KVMs?
My question: Does that mean I need to put the KVM on the UPS as well?


Speaking from experience, another reason to put the KVM switch on the UPS is 
protection from power surges.  I live in a lightning prone area, and I have lost 
expensive gear because ancilliary stuff such as a KVM switch with a wired 
connection to PCs was not protected.


Roger

Re: Package conflict apcupsd and nut-client

[Roger Price]

On Fri, 4 Oct 2019, Sebastian Hofmann wrote:


I'm not sure if I get your idea completly right, but first I got only one UPS


Sorry, my mistake - I assumed wrongly that you had a mixed APC non-APC setup.

and second isn't the driver from nut I posted in my first mail already made to 
use both on one computer?


My understanding from the NUT hardware compatibility list [1] is that NUT does 
not use APC's driver directly.  NUT uses its solis, apcsmart, usbhid-ups, 
genericups and snmp-ups drivers for APC UPS's.  Maybe there is shared code - you 
would have to ask an expert.


The way I understood the manual is that I could use nut for all devices and 
put apcupsd with this driver additionally on the computer directly connected 
to the UPS. I guess apcupsd would only serve as access to the UPS while nut 
controlls the system shutdown and information distribution. Would they really 
interfere?


Is this your intention:

 UPS -> apcupsd -> NUT upsd -> upsmon -> upssched -> upssched-cmd/apccontrol ?

The apcupsd daemon and the upsd daemon are not built to work like this. If you 
use NUT, it should be


 UPS -> solis/apcsmart/usbhid-ups/genericups/snmp-ups -> upsd -> ...

Roger

[1] https://networkupstools.org/stable-hcl.html

Re: Package conflict apcupsd and nut-client

[Roger Price]

On Thu, 3 Oct 2019, Sebastian Hofmann wrote:

... Therefore I want to use both packages at the same time, but trying to 
install both results in a conflict between 'apcupsd' and 'nut-client'. Both 
provide and conflict 'ups-monitor':


This looks like a packaging problem, and an excessive use of the term 
'ups-monitor'.  It might be better to report it in the nut mailing list [1] and 
in the apcupsd mailing list [2].


If you run the apcupsd and the NUT upsd daemons at the same time, you will have 
to unify the back-end to get a reliable system shutdown.  The apcupsd shell 
script apccontrol polls the daemon directly, but with NUT, an additional daemon 
upsmon polls the upsd daemon.  To unify NUT's upsmon with apccontrol, you will 
have to use upsmon to feed NUT's upssched and then use upssched to feed the 
shell script which in NUT is often known as upssched-cmd.  Maybe you could 
substitute an enhanced apccontrol for upssched-cmd and thus pick up all the 
events.


  UPS1 -> apcupsd -> apccontrol

  UPS2 -> upsd -> upsmon -> upssched -> apccontrol

Roger

[1] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
[2] https://sourceforge.net/projects/apcupsd/lists/apcupsd-users

Re: USB wireless dongle not detected

[Roger Price]

On Thu, 18 Jul 2019, Richard Hobson wrote:

The router is on the other side of a corridor which is used by my wife in a 
power wheelchair.


I use a cable cover for this. Google for "floor cable cover".  Roger

Re: USB wireless dongle not detected

[Roger Price]

On Wed, 17 Jul 2019, Richard Hobson wrote:


usb 1-2: firmware failed to load rtlwifi/rtl8712u.bin (-2)

Does this suggest the appropriate firmware isn't available locally?


Could well be. Perhaps you need package firmware-realtek.
I take the easy route and use synaptic to search for and load packages.

Roger

Re: USB wireless dongle not detected

[Roger Price]

On Wed, 17 Jul 2019, Richard Hobson wrote:

...I use a USB dongle (StarTech) for practical reasons. I've 
previously used this in an installation of OpenSuse on the same machine and 
although it wasn't detected at install time it was on first boot and I was 
able to use the graphical configuration tool to set it up, ...


Perhaps openSUSE automatically loaded the required firmware, but Debian does 
not.  Does dmesg have anything to say about StarTech firmware?


Roger

Re: sucessor for denyhosts?

[Roger Price]

On Sat, 9 Mar 2019, mj wrote:

We are using fail2ban to do this. It offers many more options, and works by 
creating iptables rules. This gives you  much more control over what ports 
exactly are blocked.


Plus I think (correct me if Im wrong) that using /etc/hosts.deny to block 
access only works with programs that are compiled to do so, and iptables will 
always work.


/etc/hosts.deny is part of TCP Wrappers for which Wietse Venema stopped 
maintenance in 1995.  See https://en.wikipedia.org/wiki/TCP_Wrappers . See also 
October 2014 Linux Weekly News article https://lwn.net/Articles/615173/


I find that it is much easier to use an ipset with set type hash:net to define 
the IP nets and addresses that are to be rejected.  It avoids messing with the 
iptable commands.  The ipset can be initialized with the IP addresses of 
originating countries to be rejected using block lists such as those at 
http://ipverse.net/ipblocks/data/countries/ I recommend enabling the counter 
associated with each net.


I have had no problems with ipsets of over 14 sub-net entries.  I wouldn't 
like to do that with just iptables.


Roger

Re: Any directional antennas recommendations?

[Roger Price]

On Fri, 23 Nov 2018, Hubert Hauser wrote:


I need to connect to a distant Wi-Fi network. I consider buying a
parabolic antenna. I want to have 10 km range and long amplification.
Will TP-Link TL-ANT2424B be a good aerial?


Given your 10km range, it might be interesting to calculate the Fresnel Zone 
radius to identify obstructions outside the line of sight. See 
https://en.wikipedia.org/wiki/Fresnel_zone


Roger

Re: stretch: pamscale missing in Netpbm

[Roger Price]

On Tue, 9 Oct 2018, Brian wrote:

On Tue 09 Oct 2018 at 14:29:59 +0200, Roger Price wrote:
It looks as if pamscale is missing from Netpbm in stretch. 

Please read http://netpbm.sourceforge.net/getting_netpbm.php


Thanks for the link.  A strange situation. In case any other Debian user ever 
looks for "unimportant" programs in Netpbm, I attach the answer. 
Roger


« But if you use Debian or Ubuntu, note that their Netpbm package is essentially 
Netpbm 9.25 from 2002, minus a bunch of unimportant programs. Also note that the 
Debian version numbering is not consistent with Sourceforge Netpbm, so a program 
may appear to be from e.g. Sourceforge Netpbm 10.0, but is actually 9.25. In 
2002, Debian decided for various reasons not to distribute regular Netpbm and 
instead created its own variation of it. That variation was too hard to update 
with ongoing development on the main branch of Netpbm, so no one has done so. 
Ubuntu is based on Debian. There is a Debian bug report and a Ubuntu bug report 
about this. The Debian bug report was opened in 2006 and something updating the 
Debian package to current Sourceforge Netpbm was uploaded somewhere in June 
2017; it will presumably be in Debian and Ubuntu releases soon. (The foregoing 
is so as of September 2017). »

stretch: pamscale missing in Netpbm

[Roger Price]

It looks as if pamscale is missing from Netpbm in stretch.  Is there a reason 
for this ?  Roger

Sound cron job delayed while VLC running

[Roger Price]

For nearly 20 years, I have had a cron job in which a dog (yes, it's Biff) barks 
the hours.  The lines in /etc/crontab are


   0   0,12  * * *  rprice /mnt/home/rprice/bark/bark.sh 12
   ...
   0  11,23  * * *  rprice /mnt/home/rprice/bark/bark.sh 11

In the bark.sh script, the sound is produced by sox command

   /usr/bin/play -q hour12.au

I have now migrated to Debian stretch but would still like to hear Biff barking 
the hours.  The cron job works well as long as VLC is not running.  But while 
VLC runs, the cron job waits.  When VLC has finished, I hear the barking.  Is 
there some way of having the barking while VLC plays?


I can see nothing in VLC configuration file ~rprice/.config/vlc/vlcrc which 
prevents others from accessing the sound card at the same time.


Roger

openvpn client DNS security

[Roger Price]

Hi, I had a problem setting up DNS on an openvpn client.  I'll describe it here 
before submitting a bug report - I would appreciate comment on the security 
aspects.


In the stretch openvpn server (2.4.0-6+deb9u2) the configuration file 
server.conf contains the declarations:


 push "dhcp-option DNS 212.27.40.241"
 push "dhcp-option DNS 212.27.40.240"

In the stretch 32 bit client the openvpn (2.4.0-6+deb9u2) configuration file 
clent.conf contains the declarations:


 # OpenVPN DNS resolution needs extra help
 # See https://forums.openvpn.net/viewtopic.php?t=21678
 script-security 2
 up /etc/openvpn/update-resolv-conf
 down /etc/openvpn/update-resolv-conf

When the client connects, the log reports:

 Wed Apr  4 13:32:01 2018 us=398019
 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,
 dhcp-option DNS 212.27.40.241,dhcp-option DNS 212.27.40.240,
 route 10.8.0.1,topology net30,ping 10,ping-restart 120,
 ifconfig 10.8.0.6 10.8.0.5,peer-id 0'
 ...
 Wed Apr  4 13:32:01 2018 us=400146 ROUTE_GATEWAY 10.218.0.1/255.255.255.0
 IFACE=wlan0 HWADDR=74:f0:6d:02:b2:4c
 Wed Apr  4 13:32:01 2018 us=408087 TUN/TAP device tun0 opened
 Wed Apr  4 13:32:01 2018 us=408365 TUN/TAP TX queue length set to 100
 Wed Apr  4 13:32:01 2018 us=408467 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
 Wed Apr  4 13:32:01 2018 us=408551 /sbin/ip link set dev tun0 up mtu 1500
 Wed Apr  4 13:32:01 2018 us=421630 /sbin/ip addr add dev tun0 local 10.8.0.6
 peer 10.8.0.5
 Wed Apr  4 13:32:01 2018 us=461961 /etc/openvpn/update-resolv-conf tun0 1500
 1561 10.8.0.6 10.8.0.5 init

Note the absence of any DNS error message.  I tested for correct DNS setup:

 rprice@kananga ~ dig debian.org | grep SERVER
 ;; SERVER: 10.218.0.1#53(10.218.0.1)

Clearly not the required DNS server. The file /etc/resolv.conf still contains:

 # Generated by NetworkManager
 nameserver 10.218.0.1

Looking more closely at script /etc/openvpn/update-resolv-conf, it begins with 
the line


 [ -x /sbin/resolvconf ] || exit 0

File /sbin/resolvconf is not present, because package resolvconf is not a 
prerequisite for openvpn, so the script fails silently!  This looks to me like a 
serious security problem.  Joe Road-Warrior is out there, connected to the 
"free" Wifi.  He follows corporate instructions to turn on his openvpn client, 
but because of the exit 0 he is still using the local thoroughly compromised DNS 
server.


The exit 0 needs to be replaced by

 1. A notification to Joe that his openvpn setup is broken.
 2. An e-mail to his sysadmin to alert to a security problem.
 3. An exit 1 to assure that the openvpn client cannot start.

Roger

Re: Beeping after power irregularities?

[Roger Price]

On Tue, 6 Mar 2018, Dan Ritter wrote:


On Tue, Mar 06, 2018 at 10:50:52AM -0800, James H. H. Lampert wrote:

Our AC power just blinked several times.
one-second beeps, approximately every two seconds


That really sounds like a UPS. Do you have diagnostics access
for it?


Sounds to me like a UPS buck-boost in action.  What is your UPS unit?

Roger

Re: Stretch net install on EeePC - unable to resolve mirror host address

[Roger Price]

On Sat, 24 Feb 2018, Reco wrote:

On Sat, Feb 24, 2018 at 03:14:26PM +0100, Roger Price wrote:

rprice@kananga:~$ systemctl status NetworkManager
● NetworkManager.service - Network Manager
   Loaded: loaded (/lib/systemd/system/NetworkManager.service; enabled; vendor 
preset: enabled)
   Active: active (running) since Fri 2018-02-23 12:03:54 CET; 1 day 2h ago
 Docs: man:NetworkManager(8)
 Main PID: 372 (NetworkManager)
Tasks: 4 (limit: 4915)
   CGroup: /system.slice/NetworkManager.service
   ├─372 /usr/sbin/NetworkManager --no-daemon
   └─472 /sbin/dhclient -d -q -sf 
/usr/lib/NetworkManager/nm-dhcp-helper -pf /var/run/dhclient-wlan0.pid


Assuming that's reference ISC DHCP, can you please try this for me?

dhclient -6 -d wlan0

Let it run for 10 seconds or so, terminate it with Ctrl+C. I'm
interested in the output. Oh, and there's no need to disable
NetworkManager, or kill running dhclient and wpasupplicant.


Script started on Sat 24 Feb 2018 06:38:17 PM CET
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on Socket/wlan0
Sending on   Socket/wlan0
Created duid "\000\001\000\001\"$_\211t\360m\002\262L".
PRC: Soliciting for leases (INIT).
XMT: Forming Solicit, 0 ms elapsed.
XMT:  X-- IA_NA 6d:02:b2:4c
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on wlan0, interval 1080ms.
XMT: Forming Solicit, 1080 ms elapsed.
XMT:  X-- IA_NA 6d:02:b2:4c
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on wlan0, interval 2150ms.
XMT: Forming Solicit, 3230 ms elapsed.
XMT:  X-- IA_NA 6d:02:b2:4c
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on wlan0, interval 4280ms.
XMT: Forming Solicit, 7520 ms elapsed.
XMT:  X-- IA_NA 6d:02:b2:4c
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on wlan0, interval 8640ms.
XMT: Forming Solicit, 16160 ms elapsed.
XMT:  X-- IA_NA 6d:02:b2:4c
XMT:  | X-- Request renew in  +3600
XMT:  | X-- Request rebind in +5400
XMT: Solicit on wlan0, interval 17250ms.
^C
Script done on Sat 24 Feb 2018 06:38:40 PM CET

There is nothing in the router log for today.
Roger