AW: Debugging initramfs, server hangs during boot process

[thah...@t-online.de]

I have booted on 6.3 and 6.4, both with the same result.
If I boot with 6.1 the prompt for entering the luks passphrase is there and 
I can use the machine.
Getting 6.3 using snapshot.debian.org is possible, but also needs some changes 
on 
the packages config. I managed, but this needs additional work to get it right.


I have filed a bug against udev and later vs. nvidia-driver.
Purging nvidia stuff and using nouveau I could also run with 6.3 o 6.4.
After 6.5 came into debian I have tried again with nvidia and it works again.
So for 6.3 and 6.4 I basically couldn't use nvidia. Not sure about 6.2 as this 
is
not available on debian.

To diagnose the issue I always booted into debian live.
Mounted the encrypted luks partition and modified the initramfs-tools, generated
new initrd-Images and try again and again.
Getting early netconsole to work and fiddling with the initramfs stuff was not 
so easy for me.
I know that there can be issues running sid, but this was a lot harder than 
expected.
You have a working system, do an upgrade and boom this system cannot even boot 
up.

Using debug=x (or whatever value, it doesn't matter) and netconsole=... helped 
to remedy
this problem.

Sigh, Thomas
 


-Original-Nachricht-
Betreff: Re: AW: Debugging initramfs, server hangs during boot process
Datum: 2023-08-30T12:00:56+0200
Von: "Michel Verdier" 
An: "debian-user@lists.debian.org" 

On 2023-08-30, thah...@t-online.de wrote:

> The last USB device in this list is a bluetooth card. I have blacklisted 
> btusb, 
> but this didn't help, still hangs.
> At 182 seconds I pressed CRTL_ALT_DEL and the times without sleep statements 
> come down to like 11 seconds when it hangs.

You should blacklist usb devices not found during boot and still listed
with udevadm. You can also try to unplug all usb devices and plug them
one by one to find which hangs.
Do you try to boot on another kernel or a debian live ?



AW: Debugging initramfs, server hangs during boot process

[thah...@t-online.de]

3] input: SINOWEALTH GXT 144 Gaming Mouse Keyboard as 
/devices/pci:00/:00:14.0/usb1/1-4/1-4:1.1/0003:145F:026D.0004/input/input7
[   68.977606] hid-generic 0003:145F:026D.0004: input,hiddev0,hidraw3: USB HID 
v1.11 Keyboard [SINOWEALTH GXT 144 Gaming Mouse] on usb-:00:14.0-4/input1
[   69.105124] usb 1-9: new high-speed USB device number 4 using xhci_hcd
[   69.254887] usb 1-9: New USB device found, idVendor=05e3, idProduct=0608, 
bcdDevice=60.90
[   69.254915] usb 1-9: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[   69.254929] usb 1-9: Product: USB2.0 Hub
[   69.256630] hub 1-9:1.0: USB hub found
[   69.256981] hub 1-9:1.0: 4 ports detected
[   69.258124] usb: port power management may be unreliable
[   69.389128] usb 1-11: new full-speed USB device number 5 using xhci_hcd
[   69.538356] usb 1-11: New USB device found, idVendor=1462, idProduct=7d18, 
bcdDevice= 0.01
[   69.538385] usb 1-11: New USB device strings: Mfr=1, Product=2, 
SerialNumber=3
[   69.538400] usb 1-11: Product: MYSTIC LIGHT 
[   69.538410] usb 1-11: Manufacturer: MSI
[   69.538420] usb 1-11: SerialNumber: A02021081805
[   69.541808] input: MSI MYSTIC LIGHT  as 
/devices/pci:00/:00:14.0/usb1/1-11/1-11:1.0/0003:1462:7D18.0005/input/input9
[   69.542258] hid-generic 0003:1462:7D18.0005: input,hiddev1,hidraw4: USB HID 
v1.10 Device [MSI MYSTIC LIGHT ] on usb-:00:14.0-11/input0
[   69.669124] usb 1-14: new full-speed USB device number 6 using xhci_hcd
[   69.819394] usb 1-14: New USB device found, idVendor=8087, idProduct=0026, 
bcdDevice= 0.02
[   69.819423] usb 1-14: New USB device strings: Mfr=0, Product=0, 
SerialNumber=0
[  182.141933] sd 5:0:0:0: [sda] Synchronizing SCSI cache
[  182.142749] sd 4:0:0:0: [sdb] Synchronizing SCSI cache

The last USB device in this list is a bluetooth card. I have blacklisted btusb, 
but this didn't help, still hangs.
At 182 seconds I pressed CRTL_ALT_DEL and the times without sleep statements 
come down to like 11 seconds when it hangs.



-Original-Nachricht-
Betreff: Re: AW: Debugging initramfs, server hangs during boot process
Datum: 2023-08-28T11:42:19+0200
Von: "Michel Verdier" 
An: "debian-user@lists.debian.org" 

On 2023-08-28, thah...@t-online.de wrote:

> It hangs in /usr/share/initramfs-tools/scripts/init-top/udev
>
> The 2nd last udev call hangs my box
> udevadm trigger --type=devices --action=add

Perhaps add before
udevadm trigger --verbose --dry-run --type=devices --action=add



AW: Debugging initramfs, server hangs during boot process

[thah...@t-online.de]

The udev script is from the udev package


-Original-Nachricht-
Betreff: AW: Debugging initramfs, server hangs during boot process
Datum: 2023-08-28T00:20:33+0200
Von: "thah...@t-online.de" 
An: "debian user" 

It hangs in /usr/share/initramfs-tools/scripts/init-top/udev

The 2nd last udev call hangs my box
udevadm trigger --type=devices --action=add

This initramfs stuff hasn't changed since July 2022, so the real problem must 
be inside udev
To narrow it down  I have added echo and sleep statements

If I print out the contents of the initramfs-tools-core package, than the udev 
script is not present

But it is just a first step, as the commented "udevadm trigger --type=devices 
--action=add"
does not hang the system, but without it I cannot use the keyboard to unlock 
the crypted root.

Sigh!


-Original-Nachricht-
Betreff: Re: AW: Debugging initramfs, server hangs during boot process
Datum: 2023-08-26T13:45:19+0200
Von: "Michel Verdier" 
An: "debian-user@lists.debian.org" 

On 2023-08-26, thah...@t-online.de wrote:

> Tried with clocksourche=hpet
> Now the Switched to clocksouce tsc is missing and the last line is
> clocksource: tsc: mask .
> like before the 2nd last line (as to be expected)

On my kernel I always have those 3 lines during boot :

clocksource: tsc: mask: 0x max_cycles: 0x255cb6cc5db, 
max_idle_ns: 440795203504 ns
clocksource: Switched to clocksource tsc
Freeing initrd memory: 26804K

So you appears to freeze when freeing initrd memory





AW: Debugging initramfs, server hangs during boot process

[thah...@t-online.de]

It hangs in /usr/share/initramfs-tools/scripts/init-top/udev

The 2nd last udev call hangs my box
udevadm trigger --type=devices --action=add

This initramfs stuff hasn't changed since July 2022, so the real problem must 
be inside udev
To narrow it down  I have added echo and sleep statements

If I print out the contents of the initramfs-tools-core package, than the udev 
script is not present

But it is just a first step, as the commented "udevadm trigger --type=devices 
--action=add"
does not hang the system, but without it I cannot use the keyboard to unlock 
the crypted root.

Sigh!


-Original-Nachricht-
Betreff: Re: AW: Debugging initramfs, server hangs during boot process
Datum: 2023-08-26T13:45:19+0200
Von: "Michel Verdier" 
An: "debian-user@lists.debian.org" 

On 2023-08-26, thah...@t-online.de wrote:

> Tried with clocksourche=hpet
> Now the Switched to clocksouce tsc is missing and the last line is
> clocksource: tsc: mask .
> like before the 2nd last line (as to be expected)

On my kernel I always have those 3 lines during boot :

clocksource: tsc: mask: 0x max_cycles: 0x255cb6cc5db, 
max_idle_ns: 440795203504 ns
clocksource: Switched to clocksource tsc
Freeing initrd memory: 26804K

So you appears to freeze when freeing initrd memory



AW: Debugging initramfs, server hangs during boot process

[thah...@t-online.de]

Tried with clocksourche=hpet
Now the Switched to clocksouce tsc is missing and the last line is
clocksource: tsc: mask .
like before the 2nd last line (as to be expected)
It still hangs.

It is not hard locked, can do CTRL-ALT-DEL to boot again, booting Windows works.



-Original-Nachricht-
Betreff: Re: AW: Debugging initramfs, server hangs during boot process
Datum: 2023-08-26T12:04:46+0200
Von: "Tixy" 
An: "debian-user@lists.debian.org" 

On Sat, 2023-08-26 at 11:07 +0200, thah...@t-online.de wrote:
> I had debug on the command line before, just didn't know of debug=vc
> However the output on the screen is the same with either one.
> 
> Last line is clocksource: Switched to clocksource tsc

I notice two 1 second delays during boot on my new PC which occurred
when TSC related stuff was the last line on the screen. I did fiddle
around with some settings (can't remember what) in order to try and
remove this delay, but decided to leave things at default in the end.

Now googling for "clocksource TSC" gets me a Redhat page about hardware
clocks. [1] Maybe you could try changing the clock with
"clocksource=hpet" or something else, in case the kernel is having
problems with TSC? It's ominous that some search results reveal the
commandline option "tsc=reliable" implying the opposite may true
sometimes.

[1] 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_for_real_time/7/html/reference_guide/chap-timestamping

-- 
Tixy



AW: Debugging initramfs, server hangs during boot process

[thah...@t-online.de]

I had debug on the command line before, just didn't know of debug=vc
However the output on the screen is the same with either one.

Last line is clocksource: Switched to clocksource tsc

Looking at the stuff in /usr/share/initramfs-tools/scripts
I think I would need to mess the shell scripts with debug prints just to find
where it is stuck 

uaaah!

-Original-Nachricht-
Betreff: Re: Debugging initramfs, server hangs during boot process
Datum: 2023-08-26T10:20:54+0200
Von: "Michel Verdier" 
An: "debian-user@lists.debian.org" 

On 2023-08-26, Tixy wrote:

>> I thought of that, too, but debug writes to a tmpfs (it has to, at this
>> point). If the machine locks up, the log is lost...
>
> Logs will appear on the screen so long as you don't have the 'quiet'
> parameter on the Linux commandline.

I think it always writes to tmpfs which is moved to /run/initramfs, but
only if the boot succeded. So thahn01 should use debug=vc to get debug
logs on screen during boot.



Debugging initramfs, server hangs during boot process

[thah...@t-online.de]

Hi all,
being on sid, I know that there can be problems.
However, this seems to be a bit hard for me to solve without proper help.
The machine hangs during boot.
Looking at the initramfs manpages i found that I can get into the busybox 
during
the boot process with break=... on the linux command line.
break=top
works, but
break=modules
is not reached. It hangs before that.
I have compared the initrd image of that broken box with the image of this 
box
I am writing this mail on.
There are smaller differences, but it doesn't ring a bell with me
 
I have used debian live to chroot into the system and did updates twice.
However that didn't help, boot process still hangs.
 
Any advice?
 
Tnx Thomas


Re: segurança em diretório (pasta)

[Tiago T. Barrionuevo]

Na verdade o Veracrypt não encripta diretório.
Ele encripta partição ou então cria um volume encriptado (um arquivo no
seu sistema) onde você pode colocar seus diretórios/arquivos.
A desvantagem disso é que você tem que prealocar o espaço em disco
enquanto que encriptação de diretório não.

debian.jb...@simplelogin.co wrote on 5/30/22 11:51 AM:
> Também tens o veracrypt. Eu uso-o com um pendrive encriptado mais
> também pode fazer diretórios e está disponível em windows e mac alén
> do Linux.
>
> Cá tens um video sob dele (em inglês):
> https://www.youtube.com/watch?v=C25VWAGl7Tw
>
>
>
> Roberto Mallo
> Audio Engineer & Musician
>
>
>
>
>
>
>  Mensagem original 
> On 30/05/2022, 15:32, Tiago T. Barrionuevo - tiago.bar at gmail.com <
> dcjpwexhwlccicjvbjtoszfu...@simplelogin.co> wrote:
>
>
> Conheço o cryptomator. Leonardo S. S. da Rocha wrote on 5/30/22
> 10:32 AM: > Olá meus amig@s, bom dia! > > Encontrei algumas coisas
> com pesquisa mas resolvi consultar a > comunidade. Quero encriptar
> (colocar senha) um diretório (pasta) no > debian. Utilizo o gnome
> e encontrei coisas como: > > Gnome Encfs Manager > > encontrei
> também sobre o Cryptkeeper. > > Alguém conhece as ferramentas que
> mencionei aqui ou tem uma outra para > recomendar? A ideia é ter
> um diretório local para guardar coisas como > Chaves SSH, GPG e
> códigos de recuperação de contas como google, mega e > Twitter. >
> > Agradeço as sugestões, > > Forte abraço e ótima semana à tod@s.
> > > Leonardo Rocha. > > 
>

Re: segurança em diretório (pasta)

[Tiago T. Barrionuevo]

Conheço o cryptomator.

Leonardo S. S. da Rocha wrote on 5/30/22 10:32 AM:
> Olá meus amig@s, bom dia!
>
> Encontrei algumas coisas com pesquisa mas resolvi consultar a
> comunidade. Quero encriptar (colocar senha) um diretório (pasta) no
> debian. Utilizo o gnome e encontrei coisas como:
>
> Gnome Encfs Manager
>
> encontrei também sobre o Cryptkeeper.
>
> Alguém conhece as ferramentas que mencionei aqui ou tem uma outra para
> recomendar? A ideia é ter um diretório local para guardar coisas como
> Chaves SSH, GPG e códigos de recuperação de contas como google, mega e
> Twitter.
>
> Agradeço as sugestões,
>
> Forte abraço e ótima semana à tod@s.
>
> Leonardo Rocha.
>
>

Re: USB sticks & Debian

[T. J. du Chene]

On Friday, September 24, 2021 7:11:26 PM CDT Bob Bernstein wrote:
> On Fri, 24 Sep 2021, T. J. du Chene wrote:
> > Bob, I don't want you to think I am writing you off.
> 
> No worries.
> 
> My concern is not with Windows.
> 
> All best,
While I don't endorse the idea of a wiki, which is it? I might actually be 
able to help you personally.  As a programmer, I have had to make a lot of 
boot usbs.

Re: USB sticks & Debian

[T. J. du Chene]

My apologies for the duplicated post.  I think one of my Kmail settings isn't 
quite right.

Bob, I don't want you to think I am writing you off.  

If you are referring to Windows, you can make a Windows 10 USB by formatting 
it NTFS.  Then mount the Windows ISO, and then copy the files from the ISO 
over to it.   Be sure to eject the USB so it completes all writes.

It's pretty straight forward.

What I can't guarantee is that it will work with your firmware.  I know it 
works on my Gigabyte mainboard.

If it is Mac, FreeBSD or something else, I can't be much help, as I haven't 
really dabbled with them.

T.J.

Re: USB sticks & Debian

[T. J. du Chene]

My apologies for the duplicated post.  I think one of my Kmail settings isn't 
quite right.

Bob, I don't want you to think I am writing you off.  

If you are referring to Windows, you can make a Windows 10 USB by formatting 
it NTFS.  Then mount the Windows ISO, and then copying the files from the ISO 
over to it.   Be sure to eject the USB so it completes all writes.

It's pretty straight forward.

What I can't guarantee is that it will work with your firmware.  I know it 
works on my Gigabyte mainboard.

If it is Mac, FreeBSD or something else, I can't be much help, as I haven't 
really dabbled with them.

T.J.

Re: USB sticks & Debian

[T. J. du Chene]

On Friday, September 24, 2021 4:38:38 PM CDT Bob Bernstein wrote:
> Is there a favored HOW-To or wiki page describing the care and
> feeding of USB sticks intended to boot a linux system into some
> other OS?
> 
> Thanks,


I haven't seen an official HOWTO.

There are vastly different methods of formatting a bootable USB for different 
operating systems, especially Windows, that can change with each release.

Windows 10 in particular, is an annoyance.  The archive files on the ISOs are 
often larger than 4GB, which is larger than what standard USB exFat filesystem 
can handle.  They have to be split using the Windows DISM utility, or placed 
on an NTFS formatted drive.  The problem is that not every UEFI BIOS can boot 
from NTFS.

A lot depends entirely on the state of the OS in question, and on what your 
computer's firmware can recognise, so writing a definitive Debian document 
would 
be extremely time consuming to maintain.

I do not speak for the Debian Project, but I have always felt that dealing 
with Windows or other OS minutae is outside of the Project's purvue.   
 

I do sympathise with your needs, but Debian has limited resources, and if 
users want to host multiple OSs, then they should do the appropriate reasearch 
for themselves.  

Otherwise, I think it is quite possible it would open a flood of support 
issues, and Debian would end up expending more and more resources to resolve 
problems and maintain documentation for other OSs.

T.J.

Re: USB sticks & Debian

[T. J. du Chene]

On Friday, September 24, 2021 4:38:38 PM CDT Bob Bernstein wrote:
> Is there a favored HOW-To or wiki page describing the care and
> feeding of USB sticks intended to boot a linux system into some
> other OS?
> 
> Thanks,


I haven't seen an official HOWTO.

There are vastly different methods of formatting a bootable USB for different 
operating systems, especially Windows, that can change with each release.

Windows 10 in particular, is an annoyance.  The archive files on the ISOs are 
often larger than 4GB, which is larger than what standard USB exFat filesystem 
can handle.  They have to be split using the Windows DISM utility, or placed 
on an NTFS formatted drive.  The problem is that not every UEFI BIOS can boot 
from NTFS.

A lot depends entirely on the state of the OS in question, and on what your 
computer's firmware can recognise, so writing a definitive Debian document 
would 
be extremely time consuming to maintain.

I do not speak for the Debian Project, but I have always felt that dealing 
with Windows or other OS minutae is outside of the Project's purvue.   
 

I do sympathise with your needs, but Debian has limited resources, and if 
users want to host multiple OSs, then they should do the appropriate reasearch 
for themselves.  

Otherwise, I think it is quite possible it would open a flood of support 
issues, and Debian would end up expending more and more resources to resolve 
problems and maintain documentation for other OSs.

T.J.

Wifi QCA9377 disconnects when bluetooth is active and transmit, wifi under heavy load

[E T]

I have a laptop Dell Inspiron 5770 with wifi QCA9377 and bluetooth Qualcomm
Atheros.
Some details:

# lsusb
Bus 001 Device 004: ID 0cf3:e009 Qualcomm Atheros Communications

# lshw -class network
  *-network
   description: Wireless interface
   product: QCA9377 802.11ac Wireless Network Adapter
   vendor: Qualcomm Atheros
   physical id: 0
   bus info: pci@:03:00.0
   logical name: wlan0
   version: 31
   serial: 5c:ea:1d:xx:xx:xx
   width: 64 bits
   clock: 33MHz
   capabilities: pm msi pciexpress bus_master cap_list ethernet
physical wireless
   configuration: broadcast=yes driver=ath10k_pci
driverversion=4.19.0-17-amd64 firmware=WLAN.TF.2.1-00021-QCARMSWP-1
ip=192.168.0.2 latency=0 link=yes multicast=yes wireless=IEEE 802.11
   resources: irq:131 memory:d200-d21f

When wifi work alone without blueetooth I can stay connected also 20 hours
without problem, but when bluetooth is active and transmit data with
headphones, sometimes wifi disconnects, this happens also 3 or 4 times in 3
hours.
For intel wireless module and for ath9 I see parameter btcoexist, but this
parameter doesn't exit for ath10k_pci or ath10k_core.
Is there a solution? If I need to open a bugreport, I'm unable to determine
which package my bug report should be filed against, could you help me?

Thank you
Giovanni

AW: dist-upgrade from buster fails badly

[thah...@t-online.de]

# deb cdrom:[Debian GNU/Linux 10.7.0 _Buster_ - Unofficial amd64 DVD Binary-1 
with firmware 20201205-11:17]/ buster contrib main non-free

#deb cdrom:[Debian GNU/Linux 10.7.0 _Buster_ - Unofficial amd64 DVD Binary-1 
with firmware 20201205-11:17]/ buster contrib main non-free

deb http://ftp2.de.debian.org/debian/ sid main non-free contrib
deb-src http://ftp2.de.debian.org/debian/ sid main non-free contrib

deb http://security.debian.org/debian-security sid/updates main contrib non-free
deb-src http://security.debian.org/debian-security sid/updates main contrib 
non-free

# buster-updates, previously known as 'volatile'
deb http://ftp2.de.debian.org/debian/ buster-updates main contrib non-free
deb-src http://ftp2.de.debian.org/debian/ buster-updates main contrib non-free


list.d director is empty.
The orgiinal sources.list has been edited (and with some errors, as 
debian-security for sid probably doesn't exist.



-Original-Nachricht-
Betreff: Re: dist-upgrade from buster fails badly
Datum: 2021-02-12T12:33:40+0100
Von: "Dan Ritter" 
An: "thah...@t-online.de" 

thah...@t-online.de wrote: 
> Hello,
> I have installed 10.7 and then
> apt upgrade
> without any problems.
> However the following
> apt dist-upgrade
> failed badly and cannot be repaired with
> apt --fix-broken install
>  
> Correcting dependencies... failed.
> The following packages have unmet dependencies:
> ffmpeg : Depends: libavcodec58 (= 7:4.1.6-1~deb10u1)
> Depends: libavformat58 (= 7:4.1.6-1~deb10u1) but 7:4.3.1-8 is installed
> Depends: libavutil56 (= 7:4.1.6-1~deb10u1) but 7:4.3.1-8 is installed
> Depends: libswresample3 (= 7:4.1.6-1~deb10u1) but 7:4.3.1-8 is installed
> gimp : Depends: libc6 (>= 2.29) but 2.28-10 is installed
> libaa1 : Depends: libc6 (>= 2.29) but 2.28-10 is installed
> ...
>  
> Any advice?

Show us the contents of

/etc/apt/sources.list
/etc/apt/sources.list.d/*

-dsr-



dist-upgrade from buster fails badly

[thah...@t-online.de]

Hello,
I have installed 10.7 and then
apt upgrade
without any problems.
However the following
apt dist-upgrade
failed badly and cannot be repaired with
apt --fix-broken install
 
Correcting dependencies... failed.
The following packages have unmet dependencies:
ffmpeg : Depends: libavcodec58 (= 7:4.1.6-1~deb10u1)
Depends: libavformat58 (= 7:4.1.6-1~deb10u1) but 7:4.3.1-8 is installed
Depends: libavutil56 (= 7:4.1.6-1~deb10u1) but 7:4.3.1-8 is installed
Depends: libswresample3 (= 7:4.1.6-1~deb10u1) but 7:4.3.1-8 is installed
gimp : Depends: libc6 (>= 2.29) but 2.28-10 is installed
libaa1 : Depends: libc6 (>= 2.29) but 2.28-10 is installed
...
 
Any advice?
Tnx Thomas


Re: Re: The nightmare of Intel Integrated GPUs under Linux in general and Debian in particular

[T]

Have you monitored your CPU temperatures?

Re: No sound with Pulseaudio

[Selim T . Erdoğan]

On Sun, Jan 05, 2020 at 09:18:53PM +0100, Yoann LE BARS wrote:
> 
> > As someone else mentioned, possibly some other process is keeping the 
> > audio device busy. 'lsof | grep /dev/snd/' (as root) should help.
> 
>   Yes, why have I not done this before?
> 
> # lsof | grep /dev/snd/
> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
>   Output information may be incomplete.
> alsactl573   root4r  CHR
> 116,7   0t0  16293 /dev/snd/controlC0
> timidity   861   timidity  mem   CHR
> 116,216230 /dev/snd/pcmC0D0p
> timidity   861   timidity3r  CHR
> 116,33   0t0  12983 /dev/snd/timer
> timidity   861   timidity4u  CHR
> 116,2   0t0  16230 /dev/snd/pcmC0D0p
> timidity   861   timidity5u  CHR
> 116,7   0t0  16293 /dev/snd/controlC0
> timidity   861   timidity6u  CHR
> 116,1   0t0  12984 /dev/snd/seq
> 
>   Now, this is interesting, as some reported troubles between Timidity
> and Pulseaudio (e.g. https://bbs.archlinux.org/viewtopic.php?id=154002).
> I have no problem with Timidity and Pulseaudio on other Debian 10
> systems, as well on Fedora or Ubuntu. Anyway, I should investigate this.

Try "systemctl stop timidity.service"

After upgrading to buster my sound stopped working as usual and then 
based on stuff I read on this list, I tried the above command, which 
solves it, until a reboot.  (I didn't investigate further.)

Re: why won't ff look at this url?

[Selim T . Erdoğan]

On Sat, Aug 24, 2019 at 01:10:36PM -0400, Gene Heskett wrote:
> On Saturday 24 August 2019 12:43:39 Tixy wrote:
> 
> > On Sat, 2019-08-24 at 12:22 -0400, Gene Heskett wrote:
> > > On Saturday 24 August 2019 10:33:20 Tixy wrote:
> > > > On Sat, 2019-08-24 at 10:21 -0400, Gene Heskett wrote:
> > >
> > > https://abcnews4.com/news/nation-world/w-va-ambulance-ems-director-a
> > >
> > > > >rrested-accused-of-missing-and-tampering-with-narcotics
> > > > >
> > > > > All I get for clicking on it is a blank screen.
> > > >
> > > > Looks like abcnews4.com does everything with javascript. You got
> > >
> > > that
> > >
> > > > disabled or blocked with a plugin?
> > >
> > > IDK, how do I check?
> >
> > Well, you'd know if you'd installed a specific plugin like NoScript,
> 
> Stuff like noscript is installed but all that is disabled

Noscript might have become active again if you updated to 
Debian 10 buster recently.  

I installed noscript many years ago and tried it out but I guess back 
then it felt a little annoying to have to explicitly allow all the 
various pages so I allowed javascript by default.  (i.e. noscript stayed 
installed but wasn't doing anything.)  A few weeks ago I finally 
updated to buster and I noticed that it had gone back to blocking 
javascript by default.  Since then I've been trying the block-by-default 
setup and I like it so I've kept it like that.

So with noscript active, when I try the site you mention, all I get is 
also a blank page.

On the same line with my address bar, to the right, there is an icon for 
noscript, showing that it is blocking some sites.  By clicking on that 
icon, I can try to temporarily or permanently allow code from any of those
sites.  Then I reload the page.

For your blank site, I had to allow abc4news.com and 
sinclairstoryline.com.  Those two were enough for the story to appear
(though I allow some sites by default, so I am not sure if there is 
something else you need to allow).

Of course, when selectively allowing only an incomplete subset of the 
javascript, one can never be sure if there is more "meaningful/useful 
content" on the page that you don't see but are not aware of missing.  
But in this case the story looks like it's there and even has a picture, 
so I assume the rest of the javascript will not add content to this news 
item.

Re: How to disable automatic core dumps in Debian 9?

[Martin T]

Reco,

thanks for reply!

> rgrep core /etc/security/limits*
> Would be more correct. Files at /etc/security/limits.d/ can override 
> limits.conf.

Indeed. Output of "rgrep core /etc/security/limits*" is following:

$ rgrep core /etc/security/limits*
/etc/security/limits.conf:#- core - limits the core file size (KB)
/etc/security/limits.conf:*   hardcore0
/etc/security/limits.conf:roothardcore0
/etc/security/limits.conf:#roothardcore10
$

So in short, the configuration in my initial e-mail was enough to
disable core dumps? After reading the "man 5 core", I also set the
"kernel.core_uses_pid" to 0.


thanks,
Martin

How to disable automatic core dumps in Debian 9?

[Martin T]

Hi,

how to disable all automatic core dumps upon the process termination
in Debian 9? As Debian does not seem to use systemd-coredump, then I
set the "kernel.core_pattern=|/bin/false" kernel configuration in
sysctl.conf and following pam_limits.so module configuration:

$ grep -w core /etc/security/limits.conf
#- core - limits the core file size (KB)
*   hardcore0
roothardcore0
#roothardcore10
$

When I execute a program, which crashes, then while the "core dumped"
is printed:

$ ./testprogram
Floating point exception (core dumped)
$

..then no actual core dump does not seem to be created.

Is the configuration above enough to disable core dumps or am I
missing something?

thanks,
Martin

Re: surum -- cihaz

[Selim T . Erdoğan]

On Mon, Jun 10, 2019 at 10:03:02AM +, Semih Özlem wrote:
> hangi surumlerin hangi cihazlarla calistigi ile ilgili bir sayfa ya da
> veritabani var mi

https://wiki.debian.org/Hardware
https://wiki.debian.org/InstallingDebianOn

Re: unattended-upgrades downloaded package information only from the sources in sources.list.d directory ignoring sources.list file

[Martin T]

Hi,

looks like the culprit is a /etc/cron.daily/do-agent cron-job which
executes the /opt/digitalocean/do-agent/scripts/update.sh script which
includes following if statement:

if command -v apt-get 2&>/dev/null; then
apt-get -qq update -o
Dir::Etc::sourcelist="sources.list.d/digitalocean-agent.list" -o
Dir::Etc::sourceparts="-" -o APT::Get::List-Cleanup="1"
apt-get -qq install -y --only-upgrade do-agent
/* output removed for brevity */

'-o APT::Get::List-Cleanup="1"' flushes other repositories..


Martin

Re: unattended-upgrades downloaded package information only from the sources in sources.list.d directory ignoring sources.list file

[Martin T]

> I did some further debugging and it is the
> /usr/lib/apt/apt.systemd.daily script executed by apt-daily systemd
> service unit which updates the package index from the sources:

I configured cron with one minute interval to log the output of "apt
policy" with a timestamp into a log file in order to understand when
exactly the repository list is messed up. Turns out, that
/usr/lib/apt/apt.systemd.daily script executed by apt-daily systemd
service unit does not mess up the repository list. It happened between
"Sat Jun  8 06:25:01 UTC 2019" and "Sat Jun  8 06:26:01 UTC 2019".
When I check the logs for 06:00 to 06:30 time-period, then following
was logged:

$ sudo journalctl --since "2019-06-08 06:00:00" --until "2019-06-08 06:30:00"
-- Logs begin at Mon 2019-05-13 19:38:07 UTC, end at Sat 2019-06-08
08:11:24 UTC. --
Jun 08 06:25:04 vps systemd[1]: Reloading The Apache HTTP Server.
Jun 08 06:25:05 vps systemd[1]: Reloaded The Apache HTTP Server.
Jun 08 06:25:05 vps liblogging-stdlog[556]:  [origin
software="rsyslogd" swVersion="8.24.0" x-pid="556"
x-info="http://www.rsyslog.com;] rsyslogd was HUPed
$

What and why is sending those signals to processes? Could it somehow
affect the repository list..?


thanks,
Martin

Re: unattended-upgrades downloaded package information only from the sources in sources.list.d directory ignoring sources.list file

[Martin T]

> Looks like the "apt update" or equivalent ran by unattended-upgrades
> ignored the /etc/apt/sources.list file and used only
> /etc/apt/sources.list.d/digitalocean-agent.list as a source for
> repositories.
> What might cause this behavior?

I did some further debugging and it is the
/usr/lib/apt/apt.systemd.daily script executed by apt-daily systemd
service unit which updates the package index from the sources:

# update package lists
UPDATED=0
UPDATE_STAMP=/var/lib/apt/periodic/update-stamp
if check_stamp $UPDATE_STAMP $UpdateInterval; then
if eval apt-get $XAPTOPT -y update $XSTDERR; then
/* output removed fro brevity */


Now I set the APT::Periodic::Verbose value to "2":

$ apt-config dump APT::Periodic::Verbose
APT::Periodic::Verbose "2";
$

..and actually the entries in /etc/apt/sources.list file are not ignored:

$ sudo journalctl --since today --no-pager -u apt-daily
-- Logs begin at Mon 2019-05-13 19:38:07 UTC, end at Thu 2019-06-06
08:40:31 UTC. --
Jun 06 00:49:10 vps systemd[1]: Starting Daily apt download activities...
Jun 06 00:49:10 vps apt.systemd.daily[31062]: verbose level 2
Jun 06 00:49:10 vps apt.systemd.daily[31062]: Reading package lists...
Jun 06 00:49:10 vps apt.systemd.daily[31062]: Building dependency tree...
Jun 06 00:49:10 vps apt.systemd.daily[31062]: Reading state information...
Jun 06 00:49:10 vps apt.systemd.daily[31062]: check_stamp:
interval=86400, now=1559779200, stamp=1559692800, delta=86400 (sec)
Jun 06 00:49:10 vps apt.systemd.daily[31062]: Get:1
http://security.debian.org stretch/updates InRelease [94.3 kB]
Jun 06 00:49:10 vps apt.systemd.daily[31062]: Ign:2
http://mirrors.digitalocean.com/debian stretch InRelease
Jun 06 00:49:10 vps apt.systemd.daily[31062]: Get:3
http://mirrors.digitalocean.com/debian stretch-updates InRelease [91.0
kB]
Jun 06 00:49:10 vps apt.systemd.daily[31062]: Hit:4
http://mirrors.digitalocean.com/debian stretch Release
Jun 06 00:49:10 vps apt.systemd.daily[31062]: Get:5
http://security.debian.org stretch/updates/main Sources [205 kB]
Jun 06 00:49:10 vps apt.systemd.daily[31062]: Get:6
http://security.debian.org stretch/updates/main amd64 Packages [492
kB]
Jun 06 00:49:10 vps apt.systemd.daily[31062]: Get:7
https://repos.insights.digitalocean.com/apt/do-agent main InRelease
[5,132 B]
Jun 06 00:49:10 vps apt.systemd.daily[31062]: Fetched 888 kB in 0s (1,643 kB/s)
Jun 06 00:49:11 vps apt.systemd.daily[31062]: Reading package lists...
Jun 06 00:49:11 vps apt.systemd.daily[31062]: download updated
metadata (success).
Jun 06 00:49:11 vps apt.systemd.daily[31062]: send dbus signal (success)
Jun 06 00:49:11 vps apt.systemd.daily[31062]: check_stamp: interval=0
Jun 06 00:49:11 vps apt.systemd.daily[31062]: download upgradable (not run)
Jun 06 00:49:11 vps apt.systemd.daily[31062]: unattended-upgrade -d (not run)
Jun 06 00:49:11 vps systemd[1]: Started Daily apt download activities.
$

However, again, at the morning "apt policy" listed only the repository
in /etc/apt/sources.list.d/digitalocean-agent.list file:

$ apt policy
Package files:
 100 /var/lib/dpkg/status
 release a=now
 500 https://repos.insights.digitalocean.com/apt/do-agent main/main
amd64 Packages
 release o=. main,a=main,n=main,l=. main,c=main,b=amd64
 origin repos.insights.digitalocean.com
Pinned packages:
$

After running manually the "sudo apt update" command, the apt
downloaded >50MiB of packages data and output of "apt policy" listed
all the repositories.
Log files in /var/log/apt/ directory have not been updated.

What could cause such behavior? How to debug this further?


thanks,
Martin

unattended-upgrades downloaded package information only from the sources in sources.list.d directory ignoring sources.list file

[Martin T]

Hi,

in order to test unattended-upgrades I downgraded yesterday(4.06)
packages iceweasel, qemu-utils and thunderbird:

# # "apt list --upgradable" command below was executed on 4.06
# apt list --upgradable
Listing... Done
iceweasel/stable 60.7.0esr-1~deb9u1 all [upgradable from: 52.9.0esr-1~deb9u1]
qemu-utils/stable 1:2.8+dfsg-6+deb9u6 amd64 [upgradable from:
1:2.8+dfsg-6+deb9u5]
thunderbird/stable 1:60.7.0-1~deb9u1 amd64 [upgradable from: 1:60.6.1-1~deb9u1]
#

As expected, the unattended-upgrades ran today(5.06) morning, but it
reported, that "No packages found that can be upgraded unattended and
no pending auto-removals". Indeed, when I checked for example "apt
policy iceweasel", then the apt saw the installed version as the
latest one:

$ sudo apt policy iceweasel
iceweasel:
  Installed: 52.9.0esr-1~deb9u1
  Candidate: 52.9.0esr-1~deb9u1
  Version table:
 *** 52.9.0esr-1~deb9u1 100
100 /var/lib/dpkg/status
$

"apt policy" listed only the repository configured in
/etc/apt/sources.list.d/digitalocean-agent.list while ignoring the
ones in sources.list:

# apt policy
Package files:
 100 /var/lib/dpkg/status
 release a=now
 500 https://repos.insights.digitalocean.com/apt/do-agent main/main
amd64 Packages
 release o=. main,a=main,n=main,l=. main,c=main,b=amd64
 origin repos.insights.digitalocean.com
Pinned packages:
#

After executing "apt update", the rest of the repositories were again
seen in the output of "apt policy" and for example, the iceweasel was
again upgradable to 60.7.0esr-1~deb9u1:

$ sudo apt policy iceweasel
iceweasel:
  Installed: 52.9.0esr-1~deb9u1
  Candidate: 60.7.0esr-1~deb9u1
/* output removed for brevity */
$

Looks like the "apt update" or equivalent ran by unattended-upgrades
ignored the /etc/apt/sources.list file and used only
/etc/apt/sources.list.d/digitalocean-agent.list as a source for
repositories.
What might cause this behavior?


thanks,
Martin

Re: use mailx instead of sendmail in apt-listchanges

[Martin T]

Dan,

> You could do the wrapper, or you could install nullmailer, which
> is an extremely simple MTA that always hands off mail to a
> relayhost (i.e. somebody else's problem).

I ended up with a following wrapper:

$ cat /usr/sbin/sendmail
#!/usr/bin/env bash

# As header fields are at the top of the message, then following substitutions
# should work reliably.
sed '0,/^Subject: =?utf-8?q?apt-listchanges=3A_changelogs_for_vps?=$/
s//Subject: apt-listchanges: changelogs for vps/' | \
sed '0,/^From: root$/ s//From: nore...@example.com (VPS)/' | \
recode -f /qp | \
/usr/bin/mailx -t
$


Andrew,

I guess it works for you because bsd-mailx depends on virtual packet
mail-transport-agent.


regards,
Martin

use mailx instead of sendmail in apt-listchanges

[Martin T]

Hi,

I have apt-listchanges installed and registered in apt system:

# apt-config dump | grep apt-listchanges
DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -lt 10";
DPkg::Tools::Options::/usr/bin/apt-listchanges "";
DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";
DPkg::Tools::Options::/usr/bin/apt-listchanges::InfoFD "20";
#

"frontend" in /etc/apt/listchanges.conf is set to "mail" and valid
e-mail address is set with "email_address" configuration option. Now
when I upgrade a package which has NEWS/changelog present, then I get
the "apt-listchanges: The mail frontend needs an installed 'sendmail',
using pager" error message. This is because I don't have
/usr/sbin/sendmail binary installed. I prefer to use mail/mailx and an
external MTA.

What could be the most elegant workaround in this situation? Create a
/usr/sbin/sendmail wrapper script which processes the
"/usr/sbin/sendmail -oi -t" command called by apt_listchanges.py and
sends the mail using mailx? Modify the apt_listchanges.py? Something
else?


thanks,
Martin

Re: How to make networking dependent on firewall configuration?

[Martin T]

Hi Reco!

Thanks for reply! I changed from
/lib/systemd/system/networking.service.d/networking.service.conf to
/etc/systemd/system/networking.service.d/networking.service.conf.

> One can specify hostnames in netfilter rules. Trying to load such rules 
> without a working resolver can lead to weird results.

Yes, I thought about this. However, I use strictly IP addresses or
prefixes in my firewall rules.


Martin

How to make networking dependent on firewall configuration?

[Martin T]

Hi,

I have a /lib/systemd/system/networking.service.d/networking.service.conf
configuration file which specifies, that my custom iptables.service is
a requirement for networking.service:

# systemctl show networking -p Requires
Requires=system.slice iptables.service
#

Is there a better or more correct way to do this? Are there any
general disadvantages of such approach?


thanks,
Martin

Re: Disable left-ctrl?

[Selim T . Erdoğan]

On Mon, Jan 28, 2019 at 06:16:32PM -0500, Boyan Penkov wrote:
> 
> I am now writing my thesis, and have the genesis of some pretty 
> significant EMACs pinky.  (I use my left pinky for the left ctrl most 
> of the time, which is setting me up for failure.).
> 
> To this end, I’d like to disable the left ctrl key only, and force 
> my brain to use the right one.  Better yet, I’d like the screen to 
> flash or something then I inadvertently hit left-ctrl.
> 
> Any thoughts?

Have you tried making the Caps Lock key function as a Ctrl key?
It makes things much easier on pinkies.

Re: How to file a proper bug report

[t . j . duchene]

Thank you, David and Felix.  Your comments have been very helpful. 
I'll look into those as soon as I get some free time!

T.J. 

Re: How to file a proper bug report

[t . j . duchene]

On Fri, 2019-02-15 at 11:20 +1100, Ben Finney wrote:
> t.j.duch...@gmail.com writes:
> 
> > I have a user question on how to file a proper Debian bug report
> > under
> > certain circumstances.
> 
> Thank you for taking the care to find out what information is needed
> for
> a good bug report.
> 
> Your specific use cases seem to involve non-free software (Steam
> games
> are, I assume, non-free in general, though there may be some
> exceptions)
> so that makes it particularly difficult to diagnose problems.
> 
> If there are reproducible behaviours, it can be helpful to run the
> program under ‘strace’ and reproduce the behaviour, to get an
> extremely
> verbose log of system calls being made at the time when the behaviour
> occurs.
> 
> When that is reproducible, it might be helpful to have two separate
> ‘strace’ log outputs: one from the environment where you don't get
> the
> buggy behaviour, one where you do.
> 
Thank you for the suggestion, Ben.  I really do appreciate it, and will
try that as soon as I have some free time.  I have seen videos of a
similar effect in other Steam games ported to Linux, so I am actually
concerned that this may be a regression in Mesa (which is free
software) as Debian Stable's older version does not have the issue.  

I spend most of my time working on Windows, so debugging Linux will be
something new.  Thanks for helping me on that!  If you don't mind, I'll
post back on what I find so I can do this the right way.

Thanks again.

T.J.

  

How to file a proper bug report

[t . j . duchene]

I have a user question on how to file a proper Debian bug report under
certain circumstances.

I've been testing Debian Buster off and on with Steam games. I have
noted that using the AMD open driver and Buster with Alien Isolation
seems to suffer some graphics regressions, specifically "blinking black
squares."  This does not happen under Debian Stable with the kernel
from stretch-backports (needed for my AMD Radeon 580RX on a Ryzen 5
2600X). I'd like to file a proper bug report, but I can't be confident
that it Buster's Mesa library that is the issue.  I have no real
experience debugging the graphics stack, unfortunately.

I've noted that this remains unaddressed in Ubuntu 18.04 LTS  as well
(if that is actually helpful).

What is the best/most productive way to proceed?  

Thank you! 
T.J.

isc-dhcp-client sends DHCPDISCOVER *before* wpa_supplicant authenticates/associates/connects.

[Jaime T]

Hi all. I'm running a freshly-installed minimal stretch box. It
connects wirelessly to my lan and it's a dhcp client, so
/etc/network/interfaces contains:

iface myInterface inet dhcp
  wpa-ssid mySsid
  wpa-psk myPsk

It works (almost) perfectly! For ages I've been baffled by why my dhcp
server never responds to clients' first DHCPDISCOVER messages, but a
quick look at the log shows why:

22:58:04 wpa_supplicant[2819]: Successfully initialized wpa_supplicant
22:58:04 kernel: iwlwifi :24:00.0: L1 Enabled - LTR Disabled
22:58:04 kernel: iwlwifi :24:00.0: L1 Enabled - LTR Disabled
22:58:04 kernel: iwlwifi :24:00.0: Radio type=0x0-0x3-0x1
22:58:04 kernel: iwlwifi :24:00.0: L1 Enabled - LTR Disabled
22:58:04 kernel: iwlwifi :24:00.0: L1 Enabled - LTR Disabled
22:58:04 kernel: iwlwifi :24:00.0: Radio type=0x0-0x3-0x1
22:58:04 dhclient[2830]: Internet Systems Consortium DHCP Client 4.3.5
22:58:04 dhclient[2830]: Copyright 2004-2016 Internet Systems Consortium.
22:58:04 dhclient[2830]: All rights reserved.
22:58:04 dhclient[2830]: For info, please visit
https://www.isc.org/software/dhcp/
22:58:04 dhclient[2830]:
22:58:05 dhclient[2830]: Listening on LPF/wlo1/
22:58:05 dhclient[2830]: Sending on   LPF/wlo1/
22:58:05 dhclient[2830]: Sending on   Socket/fallback
22:58:05 dhclient[2830]: DHCPDISCOVER on wlo1 to 255.255.255.255 port
67 interval 4
22:58:08 wpa_supplicant[2820]: wlo1: SME: Trying to authenticate with
 (SSID='' freq=5180 MHz)
22:58:08 kernel: wlo1: authenticate with 
22:58:08 kernel: wlo1: send auth to  (try 1/3)
22:58:08 wpa_supplicant[2820]: wlo1: Trying to associate with 
(SSID='' freq=5180 MHz)
22:58:08 kernel: wlo1: authenticated
22:58:08 kernel: wlo1: associate with  (try 1/3)
22:58:08 kernel: wlo1: RX AssocResp from  (capab=0x11 status=0 aid=1)
22:58:08 wpa_supplicant[2820]: wlo1: Associated with 
22:58:08 kernel: wlo1: associated
22:58:08 wpa_supplicant[2820]: wlo1: WPA: Key negotiation completed
with  [PTK=CCMP GTK=CCMP]
22:58:08 kernel: IPv6: ADDRCONF(NETDEV_CHANGE): wlo1: link becomes ready
22:58:08 wpa_supplicant[2820]: wlo1: CTRL-EVENT-CONNECTED - Connection
to  completed [id=0 id_str=]
22:58:09 dhclient[2830]: DHCPDISCOVER on wlo1 to 255.255.255.255 port
67 interval 7
22:58:09 dhclient[2830]: DHCPREQUEST of 192.168.0.15 on wlo1 to
255.255.255.255 port 67
22:58:09 dhclient[2830]: DHCPOFFER of 192.168.0.15 from 192.168.0.1
22:58:09 dhclient[2830]: DHCPACK of 192.168.0.15 from 192.168.0.1

As you can see, *after* wpa_supplicant has successfully authenticated,
associated and connected (all of which it does perfectly on the first
attempt), the following DHCPDISCOVER is "processed" correctly. Which
then begs the question: why send a DHCPDISCOVER at 22:58:05 given that
it's guaranteed to fail?

Questions:
1) Is this a bug?
2) If it's a bug, in which package?
3) Are there any quick-and-dirty workarounds until it's fixed? Is
there a hack to serialize dhclient so that it waits until after the
CTRL-EVENT-CONNECTED (perhaps based on systemd)?

With kind regards...

Question about changed logout behavior.

[Johan T-Katiska]

Hi there, since starting using testing a month or so ago my xsession
behavior (I pressume) seem to have changed. I get logged out
automatically after exiting 'X'. I actually read that one person
experienced the same thing about a week ago. Debian user, used testing
and within the same time-frame as me.

I can't remember where but first-hand guesses: reddit, stackoverflow or
something like it. I've looked for it again, but can't find it. Sorry.

I'm not really sure where to go next and I'm I suspect that it's an
intentional change in some package. I guess next in line would be that I
need to configure something and lastly a bug. I still have no idea what
package is involved however.

I've scraped the bottom of the barrel regarding search engines,
conf-files, etc. I've guessed and read any leads I could find. Initial
culprits I suspected: xsession, bash as login shell, systemd-logind and
my login scripts. I stopped when I reached threads and the like over a
decade old.

My scripts are basic and I don't do anything fancy. See bottom for an
edited outline of my '.xinitrc' file. My dot-files sets system editor
and a few basic standard things. 'shopt' rules. Right from the
documentation.

I use 'dwm', my routine is to start 'X', from the command-line after
login with the supplied 'startx' script. I don't use any scripts to
start 'X' automatically and the reason is that I tend to do a little
manual housekeeping at logout. Sometimes before I start 'X'. Definitely
if I'm troubleshooting. Sometimes I want to start 'X' briefly and
logout again. So I want the previous behaviour.

The 'unclutter'-part refers to this, not the repo one:
https://github.com/Airblader/unclutter-xfixes.

My scripts contain program options, output redirections and things that
would clutter '.xinitrc'. If they don't execute they fork to the
background or get killed off. Basic stuff. Nothing that deals with the
'xsession' itself that I can deduce by myself.


```
/* Display settings */
xrdb ~/.Xresources 

xset r rate 350 40
slstatus &
~/.fehbg &
nm-applet &

/* Needed to do automatic backups, also stopped working btw */
/usr/lib/deja-dup/deja-dup-monitor & 

numlockx &
~/uptime.sh 
~/touchpad-conf &

/* One thing I think might be related to session itself, starts
redshift at night if conditions are met */
~/redshift.sh

/* 'unclutter' maaay be be dealing with the session in some way */
unclutter -b --timeout=6 --jitter=350 --ignore-scrolling
xscreensaver -no-splash &

```

---
 
Med vänlig hälsning,
Johan T-Katiska.


pgpygFnSa7Pa6.pgp
Description: OpenPGP digital signature

Question about changed logout behavior.

[Johan T-Katiska]

Hi there, since starting using testing a month or so ago my xsession
behavior (I pressume) seem to have changed. I get logged out
automatically after exiting 'X'. I actually read that one person
experienced the same thing about a week ago. Debian user, used testing
and within the same time-frame as me.

I can't remember where but first-hand guesses: reddit, stackoverflow or
something like it. I've looked for it again, but can't find it. Sorry.

I'm not really sure where to go next and I'm I suspect that it's an
intentional change in some package. I guess next in line would be that I
need to configure something and lastly a bug. I still have no idea what
package is involved however.

I've scraped the bottom of the barrel regarding search engines,
conf-files, etc. I've guessed and read any leads I could find. Initial
culprits I suspected: xsession, bash as login shell, systemd-logind and
my login scripts. I stopped when I reached threads and the like over a
decade old.

My scripts are basic and I don't do anything fancy. See bottom for an
edited outline of my '.xinitrc' file. My dot-files sets system editor
and a few basic standard things. 'shopt' rules. Right from the
documentation.

I use 'dwm', my routine is to start 'X', from the command-line after
login with the supplied 'startx' script. I don't use any scripts to
start 'X' automatically and the reason is that I tend to do a little
manual housekeeping at logout. Sometimes before I start 'X'. Definitely
if I'm troubleshooting. Sometimes I want to start 'X' briefly and
logout again. So I want the previous behaviour.

The 'unclutter'-part refers to this, not the repo one:
https://github.com/Airblader/unclutter-xfixes.

My scripts contain program options, output redirections and things that
would clutter '.xinitrc'. If they don't execute they fork to the
background or get killed off. Basic stuff. Nothing that deals with the
'xsession' itself that I can deduce by myself.


```
/* Display settings */
xrdb ~/.Xresources 

xset r rate 350 40
slstatus &
~/.fehbg &
nm-applet &

/* Needed to do automatic backups, also stopped working btw */
/usr/lib/deja-dup/deja-dup-monitor & 

numlockx &
~/uptime.sh 
~/touchpad-conf &

/* One thing I think might be related to session itself, starts
redshift at night if conditions are met */
~/redshift.sh

/* 'unclutter' maaay be be dealing with the session in some way */
unclutter -b --timeout=6 --jitter=350 --ignore-scrolling
xscreensaver -no-splash &

```

---
 
Med vänlig hälsning,
Johan T-Katiska.


pgpezXam4pxgT.pgp
Description: OpenPGP digital signature

Re: Debugging mysterious freeze / crash

[Selim T . Erdoğan]

On Sat, Sep 22, 2018 at 10:51:27PM -0400, Celejar wrote:
> 
> I've been experiencing a great deal of frustration recently with
> intermittent freezes / crashes on my Debian Sid system (a Lenovo
> W550s). The symptoms are that the screen totally freezes and the system
> becomes completely unresponsive (even ssh attempts from another machine
> fail), and the only thing that seems to have any effect is a hard
> reboot (holding down the power button until the system restarts).
> 
> Upon reboot, I can't find anything at all interesting in 'journalctl -b
> -1', or /var/log/syslog - the former just shows everything looking
> normal until the moment of the crash, at which point the log just ends,
> and the latter also just shows everything seeming to be fine until the
> moment of the crash, and then shows the boot messages from the reboot.
> 
> Any ideas of what could be causing this, or how I could go about
> debugging it? I've been using this machine for years without
> experiencing anything like this, and I'm not sure for how long this has
> been a problem. I did recently upgrade from stable to unstable, but I'm
> not sure whether or not the problem's initial occurences coincide with
> the upgrade.


How long have you waited before you reboot?  I occasionally (pretty 
rarely, thankfully) get freezes on my Lenovo T400 running Debian 9
Stretch (stable) and I used to think I would have to hard reboot it 
like you do, but I noticed that they actually get fixed if I wait up to 
a few minutes.  Never timed them but the longest probably lasted more 
than five minutes.  Usually they're less than a minute.  

When these freezes happen, it seems it is relatively soon after starting 
to use the laptop after it's been suspended overnight or so.  They're 
rare, though.  I didn't try ssh'ing at the time but everything is 
completely frozen.  And finally, these freezes didn't use to happen a 
year ago or earlier but it's been at least a few months that this has 
been going on.

Your machine and Debian version seem much newer but I thought I'd share 
my experience.

Re: mariadb ldap auth

[Selim T . Erdoğan]

On Thu, Sep 06, 2018 at 12:20:22PM +0200, mj wrote:
> 
> But this seems to work only from the localhost mariadb is running on. Trying
> this from a remote mysql client gives:
> 
> > user@e7470 ~ $ mysql -udomain_user -p -h mysqlserver.full.address
> > Enter password: ERROR 2059 (HY000): Authentication plugin 'dialog'
> > cannot be loaded: /usr/lib/mysql/plugin/dialog.so: cannot open shared
> > object file: No such file or directory
> 
> and searching for /usr/lib/mysql/plugin/dialog.so gives no results:
> 
> > user@e7470 ~ $ dpkg --search /usr/lib/mysql/plugin/dialog.so
> > dpkg-query: no path found matching pattern /usr/lib/mysql/plugin/dialog.so
> > user@e7470 ~ $
> 
> Anyone here with a good suggestion how to achieve this from a remote mysql
> client?

I tried apt-file (on Debian 9.5 Stretch):

$ apt-file search dialog.so
...
libmariadb2: /usr/lib/x86_64-linux-gnu/mariadb/plugin/dialog.so
libmariadbclient18: /usr/lib/x86_64-linux-gnu/mariadb18/plugin/dialog.so
...

(No mysql in that list.)

If you don't have those two packages installed on your remote client, 
try to install them.  (You probably only need the client one, but I 
don't really know.)

If they're already installed, you should try to figure out why your 
system is trying to find the mysql version of the plugin, but as a 
temporary solution, you can try to create a symlink from 
/usr/lib/mysql/plugin/dialog.so to one of those files and see if it works.

Re: processing order for configuration files in /etc/network/interfaces.d

[Martin T]

Hi David,

> You need to post your evidence, starting with your /etc/network/interfaces
> file. You say you're using ifup, so we can perhaps discount this paragraph:
>
>Currently, "source-directory" isn't supported by
>network-manager and guessnet.
>
> but we don't know whether you're using "source-directory" or "source",
> for example.

I'm using "source":

# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*
#

> If you care about the order in which these files are sourced,
> for the time being I would source them individually in the order you
> want.

Yes, this is probably a good idea. However, ideally, "man interfaces"
should state in which order files in /etc/network/interfaces.d/ are
processed.


Martin

Re: "accept_ra 1" vs "accept_ra 2" in interfaces configuration-file

[Martin T]

On Wed, Aug 22, 2018 at 2:02 AM Andy Smith  wrote:
>
> Hi Martin,
>
> On Wed, Aug 22, 2018 at 01:06:32AM +0300, Martin T wrote:
> > In addition, "accept_ra" with a value of 2 should ensure that RA
> > messages are accepted even if forwarding for that interface is
> > enabled, shouldn't it?
>
> Yes, it should.
>
> That's the way it's documented and our use case is what it's meant
> to serve, so if it's not behaving that way for you then I think it
> is a bug and should be reported upstream in the kernel bugzilla.
>
> Cheers,
> Andy
>

Hi Andy,

I did some additional tests and made following observations:

1) For IPv6 one can't enable/disable routing for specific
interface(s). It is either off(/proc/sys/net/ipv6/conf/all/forwarding
is 0) or on(/proc/sys/net/ipv6/conf/all/forwarding is 1).
2) /proc/sys/net/ipv6/conf//forwarding controls simply
if interface sends out RS messages and accepts RA messages

Also, I found a post from David Miller in 2001(!) where he told pretty
much the same: https://bugzilla.redhat.com/show_bug.cgi?id=38533

This means that I set the accept_ra in interfaces file to 1 for
eth0(ISP-facing interface) and added those two lines to sysctl.conf:

net.ipv6.conf.all.forwarding=1
net.ipv6.conf.eth0.forwarding=0


Martin

Re: processing order for configuration files in /etc/network/interfaces.d

[Martin T]

On Thu, Aug 23, 2018 at 6:04 PM  wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Thu, Aug 23, 2018 at 05:31:57PM +0300, Martin T wrote:
> > Hi!
> >
> > According to "man interfaces", the ifup brings the named interfaces up
> > in the order listed in /etc/network/interfaces file. However, what is
> > the order for files in /etc/network/interfaces.d/? Alphabetical, i.e
> > same as "ls -l /etc/network/interfaces.d/"?
>
> I assume the files there are invoked by run-parts (man interfaces(5) at
> least hints at that). In that case yes, they are run in lexical order.
>
> But I'd double-check the run-parts part (heh). I've been caught spewing
> nonsense here ;-)
>
> Cheers
> - -- tomás
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.12 (GNU/Linux)
>
> iEYEARECAAYFAlt+zN8ACgkQBcgs9XrR2kbV9wCeKwl3eILQA2d5rA6QgDKIIwQy
> 5scAn1NM68w35jLdQxrcD6F1dqCNpRpI
> =JRHj
> -END PGP SIGNATURE-
>

Tomas,

I added "pre-up echo $IFACE >> /tmp/interfaces_test" line to each
interface configuratio file in /etc/network/interfaces.d/ and looks
like the invoke order is not lexical. I have four files in
/etc/network/interfaces.d/:

# ls -l /etc/network/interfaces.d/
total 16
-rw-r--r-- 1 root root 338 Aug 26 14:10 br0
-rw-r--r-- 1 root root 555 Aug 26 14:10 eth0
-rw-r--r-- 1 root root  96 Aug 26 14:09 eth0.100
-rw-r--r-- 1 root root 109 Aug 26 14:09 lo
#

However, the content of the /tmp/interfaces_test is alwayse(I rebooted
the machine 5 times) following:

# cat /tmp/interfaces_test
br0
lo
eth0
eth0.100
#

I thought that ifup processes those files in order which they appear
in /etc/network/interfaces.d/*, but this does not seem to be true. Any
other ideas?


thanks,
Martin

processing order for configuration files in /etc/network/interfaces.d

[Martin T]

Hi!

According to "man interfaces", the ifup brings the named interfaces up
in the order listed in /etc/network/interfaces file. However, what is
the order for files in /etc/network/interfaces.d/? Alphabetical, i.e
same as "ls -l /etc/network/interfaces.d/"?


thanks,
Martin

Re: "accept_ra 1" vs "accept_ra 2" in interfaces configuration-file

[Martin T]

On Tue, Aug 21, 2018 at 1:23 AM Andy Smith  wrote:
>
> Hi Martin,
>
> On Mon, Aug 20, 2018 at 03:58:36PM +0300, Martin T wrote:
> > On Mon, Aug 20, 2018 at 7:55 AM Andy Smith  wrote:
> > > Back in 2011 this was a hard-won battle:
> > >
> > > 
> > > http://strugglers.net/~andy/blog/2011/09/04/linux-ipv6-router-advertisements-and-forwarding/
>
> […]
>
> > Thanks for this very informative blog post! However, setting the
> > "net.ipv6.conf.all.forwarding" to 1 in /etc/sysctl.conf and
> > "accept_ra" to 2 in /etc/network/interfaces for ISP facing
> > interface(eth0) didn't work for me. I expected SLAAC to work, but it
> > didn't. I'm running kernel version 4.9.0.
>
> Strange. I've had a look and it seems I continued to use the
> workaround mentioned in the blog post even though supposedly I no
> longer need to. If you use that workaround, does it (SLAAC) start
> working for you?
>
> Also, is it just address assignment that doesn't work or is it also
> default router assignment that doesn't work? On my servers that
> forward v6 I don't use dynamic assignment of addresses, I statically
> assign them, but I do use dynamic assignment of default route.
>
> Cheers,
> Andy
>

Hi Andy,


Thanks for your reply!

> If you use that workaround, does it (SLAAC) start working for you?

Do you mean the pre-up statements in /etc/network/interfaces? If yes,
then with those workarounds the SLAAC works, i.e I get the default
route. My ISP-facing interface is eth0 and it has forwarding disabled:

# cat /proc/sys/net/ipv6/conf/eth0/forwarding
0
#


Rest of the options are set:

# cd /proc/sys/net/ipv6/conf/
# cat default/forwarding
1
# cat all/forwarding
1
# cat eth0/accept_ra
2
# cat all/accept_ra
1
# cat default/accept_ra
1
#


However, I quite do not understand how returned IPv6 traffic(ingress
traffic to eth0) is routed to my LAN-facing interface when I have
disabled it in /proc/sys/net/ipv6/conf/eth0/forwarding? If I do the
same for IPv4 traffic(echo 0 >
/proc/sys/net/ipv4/conf/eth0/forwarding), then returned traffic is
dropped because forwarding for eth0 is disabled. In addition,
"accept_ra" with a value of 2 should ensure that RA messages are
accepted even if forwarding for that interface is enabled, shouldn't
it?

> Also, is it just address assignment that doesn't work or is it also
> default router assignment that doesn't work? On my servers that
> forward v6 I don't use dynamic assignment of addresses, I statically
> assign them, but I do use dynamic assignment of default route.

I have exactly the same case. I use dynamic assignment only for
default route and this doesn't work even if "accept_ra" has a value of
2.


thanks,
Martin

Re: "accept_ra 1" vs "accept_ra 2" in interfaces configuration-file

[Martin T]

On Mon, Aug 20, 2018 at 7:55 AM Andy Smith  wrote:
>
> Hi Martin,
>
> On Mon, Aug 20, 2018 at 05:12:56AM +0300, Martin T wrote:
> > According to "man interfaces" "accept_ra 1" makes interface to accept
> > IPv6 RA messages. "accept_ra 2" does the same and in addition, it also
> > enables forwarding. What does the forwarding mean in this context? One
> > could think, that it modifies the /proc/sys/net/ipv6/conf/*/forwarding
> > file(s), but this does not seem to be the case.
>
> If forwarding = 1 then by default RAs will not be accepted. Setting
> accept_ra to 2 allows RAs to be accepted even when forwarding = 1.
>
> Changing the values of either forwarding or accept_ra does not alter
> the values of the other. Only the behaviour of the system.
>
> Back in 2011 this was a hard-won battle:
>
> 
> http://strugglers.net/~andy/blog/2011/09/04/linux-ipv6-router-advertisements-and-forwarding/
>
> Cheers,
> Andy
>

Hi Andy!

Thanks for this very informative blog post! However, setting the
"net.ipv6.conf.all.forwarding" to 1 in /etc/sysctl.conf and
"accept_ra" to 2 in /etc/network/interfaces for ISP facing
interface(eth0) didn't work for me. I expected SLAAC to work, but it
didn't. I'm running kernel version 4.9.0. Settings can be seen below:

# sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 1
#
# sysctl net.ipv6.conf.eth0.accept_ra
net.ipv6.conf.eth0.accept_ra = 2
#

When I set the "net.ipv6.conf.all.forwarding" to 0 and reboot the
router, then SLAAC works. What might cause this?


thanks,
Martin

"accept_ra 1" vs "accept_ra 2" in interfaces configuration-file

[Martin T]

Hi!

According to "man interfaces" "accept_ra 1" makes interface to accept
IPv6 RA messages. "accept_ra 2" does the same and in addition, it also
enables forwarding. What does the forwarding mean in this context? One
could think, that it modifies the /proc/sys/net/ipv6/conf/*/forwarding
file(s), but this does not seem to be the case.


thanks,
Martin

Re: which program/command can show wireless connection quality?

[T BkRl]

Try wavemon! I used to use it on a laptop without graphics installed it 
requires ncurses but who doesn't love ncurses?

Get Outlook for iOS

From: Long Wind 
Sent: Wednesday, August 8, 2018 8:29:31 PM
To: Debian-user List Debian
Subject: which program/command can show wireless connection quality?

i have a USB wireless card, it doesn't seem stable, sometimes it's slow
i even suspect changing USB connector can affect network speed

which program can show connection quality?
i use twm, those that depend on big software (KDE/GNOME) are not preferred

Re: question about sound

[T BkRl]

It sounds like a limiter is what you need?



From: mick crane 
Sent: Monday, August 6, 2018 3:24 PM
To: Debian Users
Subject: question about sound

hello,
sorry is this is not on-topic
I'm not very good at sound.
Sometimes if I watch an mp4 film the volume in parts is low but then
there will become some sound event that is very loud.
It is true that my hearing is not as it was but I don't think that is
it.
I'm not exactly sure what controls "volume" but is there software that
will cut off the noisier bits at a level without affecting the rest.

mick

--
Key ID 4BFEBB31

Re: (solved)Re: can't install jmtpfs of stretch(i386)

[T BkRl]

Sorry Nicolas, I didn’t realize the location of my posting was such a grave 
offense. I formally apologize for sending my advice to Long on top.



From: Nicolas George 
Sent: Sunday, August 5, 2018 9:16 AM
To: T BkRl
Cc: debian-user@lists.debian.org
Subject: Re: (solved)Re: can't install jmtpfs of stretch(i386)

T BkRl (2018-08-05):
> Long, it’s much safer to generate a new sources.list without security

"Safer without security". Please refrain from spreading misinformation.

> Pascal, top reply is the default on many clients and web mail

The *default* is just that: whatever happens if you do not do anything.
It is where the cursor is positioned at beginning, but you can move the
cursor. It is what is initially hidden, but you can reveal it.

If you have any respect for the persons on this list, you will make the
tiny little effort necessary to make your mails readable.

And if you do not have respect for the persons on this list, then you do
not deserve respect in return.

Regards,

--
Nicolas George

Re: (solved)Re: can't install jmtpfs of stretch(i386)

[T BkRl]

Long, it’s much safer to generate a new sources.list without security, please 
give it a try. I recommend leaving Fast Server Select on.
https://debgen.simplylinux.ch

Pascal, top reply is the default on many clients and web mail. I’m on my iPhone 
using MS Outlook and it doesn’t let you choose where to put the cursor relative 
to the reply text.



From: Pascal Hambourg 
Sent: Sunday, August 5, 2018 8:50 AM
To: debian-user@lists.debian.org
Subject: Re: (solved)Re: can't install jmtpfs of stretch(i386)

Le 05/08/2018 à 14:24, Long Wind a écrit :
> Sorry, it seems that default behavior of yahoo mail is top post

Can't you move the cursor below the quoted text ?

> yes, i've comment out all sources in sources.list except
> http://ftp.se.debian.org/debian stretch main

Why ? You don't get security updates any more, and since you already got
some security updates, you may face the dependency problem again until
all installed security updates eventually get included in the main
archive (at the next point release).

> On Sunday, August 5, 2018, 8:05:45 PM GMT+8, Pascal Hambourg 
>  wrote:
>
> Please don't top post, it makes it harder to read and reply.
>
> Le 05/08/2018 à 13:52, Long Wind a écrit :
>>   fuse:
>> Installed: 2.9.7-1
>> Candidate: 2.9.7-1
>> Version table:
>>*** 2.9.7-1 500
>>   500 http://ftp.se.debian.org/debian stretch/main i386 Packages
>>   100 /var/lib/dpkg/status
>> libfuse2:
>> Installed: 2.9.7-1
>> Candidate: 2.9.7-1
>> Version table:
>>*** 2.9.7-1 500
>>   500 http://ftp.se.debian.org/debian stretch/main i386 Packages
>>   100 /var/lib/dpkg/status
>
> As expected, you actually downgraded fuse to the version affected by the
> vulnerability exposed in DSA-4257-1.
> The reason is probably that there is no more security mirror declared in
> your sources.list. Otherwise apt-cache would show the versions available
> on this mirror. So you do not get security updates any more.

Re: Cross-Platform Assembly Language Compilers?

[T BkRl]

I use Debian amd64 to develop for 68k and have been for some time now! It works 
great. If anyone needs assistance with this kind of setup let me know. I also 
used to compile for PowerPC but no longer have any PowerPC machines running. (I 
love em but they eat up too much dang electricity)



From: Erik Christiansen 
Sent: Sunday, August 5, 2018 5:00 AM
To: debian-user@lists.debian.org
Subject: Re: Cross-Platform Assembly Language Compilers?

On 30.07.18 08:11, cyaiplexys wrote:
> On 07/27/2018 12:31 AM, Erik Christiansen wrote:
> > On 26.07.18 08:29, cyaiplexys wrote:
> > > I'd like to try a native compiler but also I would like to have something 
> > > I
> > > could compile for Arduino (here we go again) and ARM and other CPUs as 
> > > well.
> >
> > $ apt-cache search avr | more
> > arduino - AVR development board IDE and built-in libraries
> > libavresample-dev - FFmpeg compatibility library for resampling -
> > development files
> > libavresample4 - FFmpeg compatibility library for resampling - runtime
> > files
> > gcc-avr - The GNU C compiler (cross compiler for avr)
> > avrdude-doc - documentation for avrdude
> > avr-libc - Standard C library for Atmel AVR development
> > gdb-avr - The GNU Debugger for avr
> > avrdude - software for programming Atmel AVR microcontrollers
> > binutils-avr - Binary utilities supporting Atmel's AVR targets
>
> Awesome! I also will hope that there is an x86 assembler and maybe even an
> ARM assembler in there as well (I just want to tinker with assembly language
> for different types of systems).

If your desktop/laptop has an Intel chip, then the native toolchain will
be x86. What I tend to do for that is:

# apt-get install gcc
# apt-get install build-essential linux-headers-$(uname -r)
# apt-get install gcc-4.1-doc glibc-doc manpages-dev binutils-doc

Where the "4.1" will be a higher number now. (See what apt-cache search
finds.)


And for arm:

$ apt-cache search gcc-arm
gcc-arm-linux-gnueabi - GNU C compiler for the armel architecture
gcc-arm-linux-gnueabihf - GNU C compiler for the armhf architecture

You'll be able to get yourself into no end of interesting (not to
mention challenging) situations if you tackle those two and AVR at the
same time.

If you make it as far as tweaking linker scripts, then the info page is
infinitely more informative than the manpage.

Good luck!

Erik

Re: monitor problem with stretch

[T BkRl]

Long are you using vga, dvi, hdmi? Something else? And what graphics card?

It seems strange the colors are off but because you say the screen sometime 
goes black I wonder if there is a problem within the video driver.



From: Long Wind 
Sent: Saturday, August 4, 2018 8:12 AM
To: Debian-user List Debian
Subject: monitor problem with stretch

if my monitor isn't properly plugged to back of computer
color of screen is slightly different from correct color
i can see grub menu and booting stretch
but after a while screen become blank
i have to press power button to shutdown

this is stretch problem, because Windows on the same disk can boot and run
even if monitor isn't properly plugged

solution is to plug it properly so that screen color is 100% correct
i don't think linux is so fragile, or is it?

Re: [RESEND] lxde error

[T BkRl]

Please tell us how you installed Debian. Network or minimal install? Any other 
desktop environment like Gnome or KDE?

Basically I’m curious how you installed lxde. Did you install it as a group of 
packages or individual components?



From: Reco 
Sent: Friday, August 3, 2018 2:23 AM
To: debian-user@lists.debian.org
Subject: Re: [RESEND] lxde error

Hi.

On Thu, Aug 02, 2018 at 11:04:37PM +0900, Byung-Hee HWANG (황병희) wrote:
> i'm new to debian. yesterday i did install debian on chromebook. i get
> some error when i start lxde. attached file with error [1]. how can i
> resolve it?
>
> [1] 
> https://gitlab.com/soyeomul/stuff/raw/master/jessie-birch/20180802_214248.jpg

This seems very similar to Debian bug #864402 - [2]. Can you test the
workaround proposed at message 10 please?

Reco

[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864402

Bug #862397 (thunar freezing) is closed, but I'm still hit. What to do?

[Jaime T]

HI all.

I run a stretch (stable) xfce desktop, and I'm regularly hit by thunar
(v1.6.11-1) freezing. I've found:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862397
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868704

but these have been closed since (apparently) the bug is fixed in
later versions. My question is:

Given that I'm still running v1.6.11-1 (I'm on stable, right!), what's
the best/easiest/least-system-changing way to stop being hit by the
bug? I understand that "sudo apt update ; sudo apt upgrade" won't help
until buster is released, so that's off the cards. I'd love the ease
of downloading and installing a non-broken-package from backports, but
it's not there. :-( Is my *only* option really to download the source
package, apply the fix and re-compile the package myself? Is there no
easier way?

More generally, what do people "normally" do when they're hit by a bug
in a package (in a "stable" distribution) that won't receive a fix (in
that stable distribution)?

Thanks for your help.

Re: listeye

[Selim T . Erdoğan]

On Wed, Jul 11, 2018 at 07:32:03PM +0300, mehmet turk wrote:
> listeye nasil abone olabilirim

[Levent Genç de benzer bir talep ile Mart'ta yazdığı için CC'de.]

Merhaba,

https://lists.debian.org/debian-user-turkish/

adresine gidip oradaki "Your e-mail address:" kutusuna e-posta 
adresinizi girdikten sonra "Subscribe" düğmesine tıklarsanız abonelik 
girişimi başlatılacaktır.  Yanlış hatırlamıyorsam, size abonelikle 
ilgili bir e-posta gelecek, sizin de konu başlığını değiştirmeden o 
e-postaya yanıt vermeniz abonelik işleminizi tamamlayacak.

Selim

Re: Inexplicable memory usage after move to Debian9

[Selim T . Erdoğan]

On Thu, Apr 26, 2018 at 03:09:15PM +0200, Simon Beirnaert wrote:
> Hi Recently I've started moving a fleet of Debian 7, 32-bit machines over to
> Debian 9, 64-bit. This migration is done by creating a fresh Debian 9 image
> with the necessary services, moving over user data (some wars and the
> content of /home) and rebooting into the new OS.
> 
> Relevant services (ones we manage and use) are:
> 
> - Jetty- Puppet - SSH - AutoSSH - NewRelic Infrastructure Through Puppet, we
> enforce system configuration is pretty much identical, save for stuff like
> host names and SSH keys. Now, we notice that on some systems, the RAM usage
> is way higher than expected, to the point where system memory is exhausted
> and processes (are) terminate(d). Investigation into what is causing this,
> leaves me at a dead end. I can't figure out where the memory is being
> consumed. Even after quitting all services we manage (leaving a "clean"
> installation), RAM usage on the system hovers just over 600MB, half a gig
> over what the same exact image consumes just after boot. The only fix I
> found so far is to reboot the system. The systems have ~1.8GB of system
> memory available. We don't use swap. Enabling swap gives the system some
> breathing room. On one system I enabled a swap volume of 512MB, which the
> kernel fills up and leaves filled up indefinitely. This points me to unused
> memory being allocated by mistake. A memory leak in the kernel, maybe? Below
> I've posted the output of some of the things I checked (with all services
> online). I also searched the internet and reached a topic about slab
> allocation (1). However, that didn't seem to solve anything. Can anyone here
> point me to some more stuff I can check out or try to debug this? Thanks!
> Simon root@mysystem:~# uname -a Linux mysystem 4.9.0-6-amd64 #1 SMP Debian
> 4.9.82-1+deb9u2 (2018-02-21) x86_64 GNU/Linux root@mysystem:~# free -m total
> used free shared buff/cache available Mem: 1831 1091 238 16 501 520 Swap:
> 511 511 0 root@mysystem:~# vmstat 1 procs ---memory--
> ---swap-- -io -system-- --cpu- r b swpd free buff cache si
> so bi bo in cs us sy id wa st 2 0 524268 244480 46044 467248 1 2 2137 36 97
> 35 9 3 85 3 0 0 0 524268 244092 46052 467244 0 0 0 16 1125 2406 3 3 94 1 0 0
> 0 524268 244092 46060 467284 0 0 4 208 1230 3906 4 3 93 0 0 0 0 524268
> 244084 46068 467256 0 0 0 32 1003 1990 1 2 97 0 0 0 0 524268 244180 46068
> 467256 0 0 0 0 1099 2121 4 1 95 0 0 0 0 524268 244204 46076 467272 0 0 0 20
> 1000 1978 1 2 97 1 0 0 0 524268 244080 46076 467272 0 0 0 0 1135 2315 2 2 96
> 0 0 0 0 524268 244080 46084 467264 0 0 0 16 1079 2103 1 3 96 1 0 0 0 524268
> 244080 46092 467272 0 0 0 56 1002 1973 2 2 96 0 0 1 0 524268 244080 46100
> 467264 0 0 0 16 997 1979 1 2 97 1 0 0 0 524268 244144 46100 467268 0 0 0 0
> 988 1957 1 2 97 0 0 0 1 524268 244228 46108 467260 0 0 0 980 1292 2700 4 5
> 81 9 0 root@mysystem:~# smem PID User Command Swap USS PSS RSS 528 root
> /sbin/agetty -f /etc/issue. 148 4 4 8 554 myuser /usr/lib/autossh/autossh -o
> 80 24 40 184 220 root /lib/systemd/systemd-udevd 552 108 140 688 10665 root
> /usr/lib/autossh/autossh -o 0 104 143 648 432 root /usr/sbin/cron -f 164 120
> 147 500 434 root /usr/sbin/irqbalance --fore 252 156 172 508 12042 mail
> /usr/sbin/nullmailer-send - 120 144 219 1228 382 systemd-timesync
> /lib/systemd/systemd-timesy 456 152 301 1060 439 messagebus
> /usr/bin/dbus-daemon --syst 272 280 348 1116 430 root
> /lib/systemd/systemd-logind 380 192 448 1224 557 myuser /usr/bin/ssh -o
> StrictHostK 564 360 515 1472 216 root /sbin/lvmetad -f 188 484 517 1028
> 10668 root /usr/bin/ssh -o StrictHostK 0 736 825 1112 14225 ntp
> /usr/sbin/ntpd -p /var/run/ 0 808 849 1404 435 root /usr/sbin/rsyslogd -n
> 716 896 980 2036 11612 root /usr/sbin/sshd -D 0 856 991 1560 500 root
> /sbin/dhclient -4 -v -pf /r 840 928 1010 2068 1330 root sudo -i 0 920 1375
> 3548 1234 myuser -bash 0 600 1407 3684 1331 root -bash 0 640 1447 3712 1233
> myuser sshd: myuser@pts/0 0 300 1697 4568 1 root /sbin/init 524 1568 1935
> 3524 1227 root sshd: posios [priv] 0 1372 2984 6380 193 root
> /lib/systemd/systemd-journa 312 4304 4521 5828 8885 root /usr/bin/python
> /usr/bin/sm 0 9100 9452 11292 14574 root /usr/bin/newrelic-infra 1440 17348
> 17378 17828 520 root /opt/puppetlabs/puppet/bin/ 20636 40140 40168 40592 566
> jetty /usr/lib/jvm/java-8-openjdk 493896 958124 958381 959804 [1] 
> https://unix.stackexchange.com/questions/244735/why-are-slab-objects-not-reclaimed-automatically

Hi,

The last line from smem sticks out with high usage figures:
566 jetty /usr/lib/jvm/java-8-openjdk 493896 958124 958381 959804

I don't use jetty (or java) so don't know if this normal but
googling "openjdk memory usage for jetty" (or "openjdk 8 jetty memory")
suggests a few ideas.  

In particular, some people wrote about "an issue in Java8/9 that 
manifests itself in Jetty due to the annotations module that scans the 
jars and has a memory 

Re: Completely disable Hibernation

[coco...@t-online.de]

Hi,

@Felix Miata:
It was the unfamiliar phrase, "bootloader stanza" that threw me.  Once I
realised that what you were suggesting was adding "noresume" as a kernel
parameter at boot time, I had a look here:
https://www.kernel.org/doc/Documentation/admin-guide/kernel-parameters.txt

"noresume" is described as so:  "Disables resume and restores original
swap space."
However, the "nohibernate" option also exists: "Disable hibernation and
resume."

I applied the latter and found that not only was hibernate now absent
from the DE shutdown dialog, but it was also greyed-out in the login
screen's shutdown menu.  I'm going to suggest that this kernel parameter
is the best practice method I've been looking for.  

I haven't yet checked to see whether it modifies available options in
power management settings, but suspect it probably does.

My opinion is that "noresume" doesn't prevent the creation of
hibernation images, just the use of them when booting.  I suspect it
also discards any existing image.

Thank you for pointing me in the right direction.

Re: Completely disable Hibernation

[coco...@t-online.de]

Hi,

I've been kicked off the debian-user list (again) because my mail
provider keeps bouncing debian-user emails (and _only_ debian-user
emails, for some reason). Please respond _to the list_ and I'll catch
replies in the archives.  Thanks.

Felix Miata wrote:
> Remove resume= and include 
> noresume in all bootloader stanza(s) is how
> I do it.

I'm afraid I don't know what any of that means, I'm afraid.  Could you
expand?

Stefan wrote:
> a hackish way you can do it is by adding
>
>touch /var/run/do-not-hibernate
>
> to your /etc/rc.local.

I'll try this, thanks.

I've come across the following potential answer:

> sudo systemctl mask sleep.target suspend.target hibernate.target
hybrid-sleep.target

However, I'm concerned that may disable normal suspend as well as
hibernate.  Anyone know for sure?

Also, how do I remove Hibernate from the Shut Down… dialogue/applet? 
All I could find was this:

https://www.linuxquestions.org/questions/debian-26/remove-suspend-and-hibernate-from-the-shut-down-applet-877889/

It suggests modifying
/usr/share/polkit-1/actions/org.freedesktop.upower.policy, but I don't
have this file.

Thanks.

Re-mapping AltGr and PrtSc keys globally

[coco...@t-online.de]

Hi.

Debian MATE 9.2.1.

My laptop's keyboard has Alt Gr followed by PrtSc to the immediate right of 
the Space bar. I'd like to globally remap those keys to Super and Right Alt 
respectively.

I've tried various things with my laptop's BIOS, xmodmap and the MATE 
settings without success. Does anyone know how to accomplish this?

Thanks.


 
Gesendet mit Telekom Mail <https://t-online.de/email-kostenlos> - kostenlos 
und sicher für alle!

Completely disable Hibernation

[coco...@t-online.de]

Hi.

Debian MATE 9.2.1.

I don't want to be able to initiate Hibernate manually or for Hibernate
ever to be automatically initiated by the system.

Can someone advise me of the best-practice way to completely disable
Hibernation system-wide?

Thanks.

"Show Applications" management in Debian Desktop

[OECT T]

Hi all:


I'm using Debian Stretch 9.3 an I'm very glad to find that when activating 
"Show Applications" from the Dash there is a Utilities kind of folder grouping 
several applications like the Calculator and the Document Viewer.


I've been reading through the documentation but can't find how to create 
another group or move applications from and into this already created Utilities 
group without sources.


I'll appreciate any hints in order to find out how to do that.


Regards

Aptitude package manager "package" Solved

[OECT T]

Hi all:

I appreciate everyone’s answer, now I’m clear that “aptitude” is still one of 
the main tool for package managing.

I installed from a CD Rom created by jigdo and I verified myself the iso image 
with md5sum and sha1sums.

The only different thing I did from previous installations is that this time I 
choose Graphic Installation.

# apt-cache policy aptitude (shows the next result):
aptitude:
  Installed: (none)
  Candidate: 0.8.7-1
  Version table:
 0.8.7-1 500
500 cdrom://[Debian GNU/Linux 9.3.0 _Stretch_ - Official amd64 DVD 
Binary-1 20171209-12:11] stretch/main amd64 Packages
500 http://ftp.mx.debian.org/debian stretch/main amd64 Packages

Regards to everyone and thanks again


Oscar Corte

Aptitude package manager "package"

[OECT T]

Hi all:


I just installed Debian Stretch 9.3.0 and noticed that the Aptitude package was 
not installed by default.

I searched into Synaptics package manager and noticed that the package is not 
marked with the Debian icon indicating that the package is not supported.

I would appreciate any comments about it.

What other command line packages are recommended instead of Aptitude?

Is Aptitude or will be soon a deprecated package ? (Debian Reference still 
contains a good deal of information about Aptitude)

Regards

Oscar Corte

Re: Debian, FF & NavyFed

[Selim T . Erdoğan]

On Mon, Dec 18, 2017 at 06:10:28PM -0800, Mike McClain wrote:
> I signed up with Navy Federal Credit Union online banking last week.
> I can login, I get the banner in color , it says getting your info.
> As soon they come back with and display my balance all the text turnes
> to grey and a twiddler pops up and it stays like that forever.
> NFCU's tech support will not admit to knowing who's waiting for
> what just we don't support Linux.
> Suggestions on how to fix this or how to approach it are most
> welcome.

Try pressing ESC, or clicking on various points in the window.

I sometimes see such overlaid stuff on websites and, on some, I can get 
it to go away, and see the underlying "real stuff", by such a press/click.

Re: p laptop with stretch/xfce: screen blanks but won't "wake up"

[Jaime T]

On 24 November 2017 at 17:33, John Cunningham  wrote:
> FWIW, I have buster/xfce on a laptop and have the same problem. Backlight is
> fine. I thought about the external monitor trick, too, but I haven't tried
> it yet.
> --John

Well I didn't manage to wake the screen (in the end, I just did a
"systemctl reboot" from a different virtual terminal on the same
machine).

I *have*, however, worked out what the cause is:

Firstly, I should explain that I prefer to work by logging-in on a
virtual terminal and then, *if* I want x, I run startx myself. In
order for this to work, I had changed systemd's default from
graphical.target to multi-user.target by running:

sudo systemctl set-default multi-user.target

I've discovered that if, on the xfce power manager applet, I set
"Automatically lock the session" to "Never" and I uncheck the "Lock
screen when system is going for sleep", then the problem does *not*
occur i.e. I can always wake up the screen by moving the mouse
whenever the screen sleeps etc.

Success! (Of sorts!)

:-)

hp laptop with stretch/xfce: screen blanks but won't "wake up"

[Jaime T]

Hi all.

I'm running stable (stretch)/xfce on an hp/compaq nx6110 laptop, and
when the screen blanks, I can't get it to wake up again (nothing
appears on the screen when I press the keys on the keyboard and move
the mouse).

The closest debian bug report that I've seen is:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787241

although these other (non-debian) bug reports seem closer:
https://bugzilla.xfce.org/show_bug.cgi?id=11627
https://bugzilla.xfce.org/show_bug.cgi?id=12480
https://bbs.archlinux.org/viewtopic.php?id=194313

The laptop is currently sitting there, powered on with a blank screen,
but I have a load of unsaved work on the desktop. I can ssh into it
and run commands on it. Does anyone know if there's anything that I
can do to wake the screen up so that I can save my work?

Thank you, Jaime

Re: Ik ben er klaar voor helemaal de jouwe te zijn! Alexandra

[Philippe T privé]

  

poaerjkpgorekgperf 

On Mon, 02 Oct 2017 12:11:33 -,
miror...@netcabo.pt wrote: 

> Ben mijn furieuse chat gozer!
http://bit.ly/2x9RUcV [1]
 

Links:
--
[1] http://bit.ly/2x9RUcV

Re: O SquidGuard ou alternativas?

[Thiago T. Faioli]

 SQUID + SQUIDGUARD ainda é uma combinação funcional

 Se sua dupla já funfa a 10 anos! Você só precisa atualizar.

 Se não lhe atende mais! Uma pesquisa, tendo como guia, os requisitos para
o novo modelo ... Vai ajudar na troca da implementação atual ou se só
complementando com uma solução de DNS na LAN vai ser necessário

  Att

Em 22 de ago de 2017 2:09 PM, "Bruno Lessa"  escreveu:

> Um que ouço falar muito bem é o NxFilter. Inclusive por ser eficiente em
> filtrar HTTPS.
>
> 2017-08-22 12:52 GMT-03:00 Fagner Patricio :
>
>> Na verdade ele é util só em casos como onde trabalho, ele serve para
>> controlar quem pode acessar o que na internet e em que horário, por exemplo
>> existem aqui onde eu trabalho um grupo que não pode acessar rede social
>> durante o expediente de trabalho então configuro o squidguard baseado no
>> login do usuário a bloquear sites de rede social das 06:00h até as  18:00h.
>>
>> Mas existem poucas alternativas ao SquidGuard, na verdade não sei nem se
>> tem alternativas livres a ele mais.
>>
>> Em 22 de agosto de 2017 12:48, Leandro  escreveu:
>>
>>> Tambem gostaria de saber alias nunca entendi bem como ele pode ser tao
>>> util... Desconhecimento mesmo
>>>
>>> Em 22 de ago de 2017 12:47 PM, "Fagner Patricio" <
>>> fagner.patri...@gmail.com> escreveu:
>>>
 Olá Pessoal!

 Eu uso em minha rede a combinação suqid + squidguard para filtragem de
 internet, a instalação atual já está em produção a 10 anos e temos que
 fazer uma atualização.

 Minha pergunta é se o SquidGuard ainda é o melhor software ou já
 existem alguma alternativa mais moderna?

 O que vocês usam?

 Obrigado.

 --
 Fagner Patrício
 João Pessoa - PB
 Brasil

>>>
>>
>>
>> --
>> Fagner Patrício
>> João Pessoa - PB
>> Brasil
>>
>
>
>
> --
> *Atenciosamente,*
>
> *google.com/+BrunoLessa *
>

kmail gmail integration

[T. P. Van Dae]

I’m trying to transition myself back to Linux (been a long time though… sorry!) 
and am working on phasing myself off of Windows. Is it possible to integrate 
gmail (currently using 2-step verification) with kmail?  Google says “enable 
less secure apps”, but it’s a NO with 2 STEP ON. Is there or will there be a 
work around for this or is “DISABLE” 2 Step Verification the answer?


r/
T. "Pete" VanDae

Re: "libstdc++6:i386" package breaks "libstdc++6"

[Martin T]

Hi,

sorry, my mistake. I had installed libstdc++6:amd64 version 6.3.0-16
from Debian testing.


regards,
Martin

On Thu, May 11, 2017 at 5:19 PM, Henrique de Moraes Holschuh
<h...@debian.org> wrote:
> On Thu, 11 May 2017, Martin T wrote:
>> I need to install "openjdk-7-jre-headless:i386" package in my amd64
>> Debian 8 system. However, it depends on "libstdc++6:i386" package
>
> Check the full binary package versions of libstdc++6 for i386 and amd64.
> They must match.
>
> apt-cache policy libstdc++6:i386 libstdc++6:amd64
>
> If they don't match, wait 24 hours, do an apt update, and check again.
>
> Also, ensure you did not install a rogue libstdc++6 from some random
> place, and that whatever mirror you are using _is_ getting properly
> updated.
>
>> Is there a way to install "libstdc++6:i386" package without breaking
>> "libstdc++6"?
>
> Yes, it should just work.
>
> However, it is possible for a temporary version synchronization issue to
> exist when one arch is updated, and another is delayed for some reason.
> When that happens, it is typically automatically fixed in one or two
> mirror pulses (there are several mirror pulses per day), plus whatever
> time it takes for *your* mirror to get the update (so I typically tell
> people to wait for 24 hours).
>
> --
>   Henrique Holschuh
>

"libstdc++6:i386" package breaks "libstdc++6"

[Martin T]

Hi,

I need to install "openjdk-7-jre-headless:i386" package in my amd64
Debian 8 system. However, it depends on "libstdc++6:i386" package
which seems to break my system:

# apt-cache depends libstdc++6:i386
libstdc++6:i386
  Depends: gcc-4.9-base:i386
  Depends: libc6:i386
  Depends: libgcc1:i386
  PreDepends: multiarch-support:i386
multiarch-support
  Conflicts: scim
  Conflicts: scim:i386
  Breaks: 
  Breaks: 
  Breaks: 
  Breaks: 
  Breaks: 
  Breaks: 
  Replaces: libstdc++6-4.9-dbg
  Replaces: libstdc++6-4.9-dbg:i386
  Replaces: libstdc++6
  Breaks: libstdc++6
#
# apt-get install libstdc++6:i386
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  efibootmgr gimp-data ipxe-qemu libaa1 libaio1 libamd2.3.1
libasyncns0 libavresample2 libavutil54 libbabl-0.1-0 libbiniou-ocaml
libbluetooth3 libbrlapi0.6 libbz2-dev libbz2-ocaml libcacard0
libcamd2.3.1 libccolamd2.8.0
  libcholmod2.1.2 libcolamd2.8.0 libconfig-file-perl libcupsfilters1
libcupsimage2 libdirectfb-1.2-9 libdjvulibre-text libeasy-format-ocaml
libefivar0 libfdt1 libfindlib-ocaml libflac8 libfuse2 libgimp2.0
libgs9
  libgs9-common libgsm1 libgudev-1.0-0 libijs-0.35 libjbig2dec0
liblist-moreutils-perl libmng1 libmp3lame0 libogg0 libopencore-amrnb0
libopencore-amrwb0 liborc-0.4-0 libpaper1 libpulse0
libregexp-assemble-perl libseccomp2
  libsndfile1 libspeex1 libspice-server1 libtheora0 libumfpack5.6.2
libusbredirparser1 libva1 libvdeplug2 libvo-aacenc0 libvo-amrwbenc0
libvorbis0a libvorbisenc2 libvpx1 libwmf0.2-7 libx264-142 libxen-4.4
libxenstore3.0
  libxvidcore4 libyajl2 libyojson-ocaml libzip-ocaml
linux-headers-3.16.0-4-common linux-kbuild-3.16 ocaml-findlib
openbios-ppc openbios-sparc openhackware os-prober qemu-slof
qemu-system-common qemu-utils seabios
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
  adwaita-icon-theme apt apt-file apt-show-versions apt-utils apvlv
build-essential chromium debhelper firefox-esr g++ g++-4.9 gcc gcc-4.8
gcc-4.9 gdisk gettext gettext-base gimp glib-networking
glib-networking-services
  groff-base grub-common grub-efi-amd64 grub-efi-amd64-bin
grub2-common iceweasel intltool-debian iperf libapt-inst1.5
libapt-pkg-perl libapt-pkg4.12 libasan0 libasan1 libasprintf0c2
libavcodec56 libavformat56
  libbiniou-ocaml-dev libboost-iostreams1.55.0 libbz2-ocaml-dev
libcaca0 libcilkrts5 libdjvulibre21 libeasy-format-ocaml-dev
libegl1-mesa libgbm1 libgcc-4.8-dev libgcc-4.9-dev libgegl-0.2-0
libgtk-3-0 libgtk-3-bin
  libgtk-3-common libhunspell-1.3-0 libicu52 libilmbase6
libjack-jackd2-0 liblinear1 libllvm3.5 liblsan0 libopenexr6
libopenraw1 libpoppler-glib8 libpoppler46 libportaudio2 libproxy1
libpsl0 librest-0.7-0
  libschroedinger-1.0-0 libsdl1.2debian libsoup-gnome2.4-1
libsoup2.4-1 libstdc++-4.9-dev libstdc++6 libtool libtsan0 libubsan0
libxatracker2 libyojson-ocaml-dev libzip-ocaml-dev
linux-compiler-gcc-4.8-x86
  linux-headers-3.16.0-4-amd64 man-db nmap ocaml-compiler-libs
ocaml-interp ocaml-nox po-debconf poppler-utils qemu qemu-system
qemu-system-arm qemu-system-mips qemu-system-misc qemu-system-ppc
qemu-system-sparc
  qemu-system-x86 qemu-user snmp-mibs-downloader tasksel tasksel-data
telnet unrar wget wireshark xpdf xserver-xorg xserver-xorg-core
xserver-xorg-input-all xserver-xorg-input-evdev
xserver-xorg-input-mouse
  xserver-xorg-input-synaptics xserver-xorg-input-vmmouse
xserver-xorg-video-all xserver-xorg-video-ati
xserver-xorg-video-cirrus xserver-xorg-video-fbdev
xserver-xorg-video-intel xserver-xorg-video-mach64
  xserver-xorg-video-mga xserver-xorg-video-modesetting
xserver-xorg-video-neomagic xserver-xorg-video-nouveau
xserver-xorg-video-openchrome xserver-xorg-video-r128
xserver-xorg-video-radeon xserver-xorg-video-savage
  xserver-xorg-video-siliconmotion xserver-xorg-video-sisusb
xserver-xorg-video-tdfx xserver-xorg-video-trident
xserver-xorg-video-vesa xserver-xorg-video-vmware xvnc4viewer
The following NEW packages will be installed:
  libstdc++6:i386
WARNING: The following essential packages will be removed.
This should NOT be done unless you know exactly what you are doing!
  apt libapt-pkg4.12 (due to apt) libstdc++6 (due to apt)
0 upgraded, 1 newly installed, 133 to remove and 0 not upgraded.
Need to get 288 kB of archives.
After this operation, 971 MB disk space will be freed.
You are about to do something potentially harmful.
To continue type in the phrase 'Yes, do as I say!'
 ?] n
Abort.
#


Is there a way to install "libstdc++6:i386" package without breaking
"libstdc++6"?

thanks,
Martin

Re: Keys management (SSH, GPG)

[Jeremy T. Bouse]

On 2/9/2017 11:59 AM, Shin Ice wrote:
> Hi,
>
> Am 09.02.17 um 01:20 schrieb commentsab...@riseup.net:
>> Hello,
>>
>> I am a Debian 8.7 user.
>>
>>
>> # SSH
>>
>> I would like to know if there is an efficient way to manage SSH keys?
>>
>> I have multiple SSH keys (rsa, ed25519) that I use all day long to
>> either connect to servers via ssh or to work with on remote servers.
>>
>> I would like to know if there it is possible to unlock my keys (being
>> prompted once for their passwords) when the my session starts and keep
>> them unlocked until the session is closed.
>>
>> I have found information about ssh-agent and ssh-add but it doesn't
>> provide the behavior that I would like to reach in the sense that I have
>> to manually...
>>
>>> eval `ssh-agent -s`
>>> ssh-add /path/to/my-key1
>>> ssh-add /path/to/my-key2
>>> ssh-add /path/to/my-key3
>>> ssh-add /path/to/my-key4
>> ... every time I open/close my session (while I would like to just have
>> to provide my passwords). Furthermore, it seems that my ed25519 keys do
>> not remain cached for more than a couple of minutes (while the rsa4096
>> ones remain without problem).
>>
> I'm using "keychain" on my system and it works as desired.
> You can add it to your .bashrc or create a short script to invoke with
> all your keys.
>
> Greetings
> Shin
>
I may, or may not, have been accused of going the route of overkill
and paranoid, but personally my SSH authentication key is actually on an
OpenPGP v2 smartcard and I use the GnuPG 2.x gpg-agent with ssh-agent
support.



smime.p7s
Description: S/MIME Cryptographic Signature

Re: Some x-terminals do not compose unicode characters

[Alessandro T.]

On 05/02/2017 23:18, deloptes wrote:
> [...]
> now check for tty
>
> cat /etc/default/console-setup
> # CONFIGURATION FILE FOR SETUPCON
>
> # Consult the console-setup(5) manual page.
>
> ACTIVE_CONSOLES="/dev/tty[1-6]"
>
> CHARMAP="UTF-8"
>
> CODESET="guess"
> FONTFACE="Fixed"
> FONTSIZE="8x16"
>
> VIDEOMODE=
>
> # The following is an example how to use a braille font
> # FONT='lat9w-08.psf.gz brl-8x8.psf'

I have the same

>
> [...]
>
> Markus Kuhn's UTF-8 and Unicode FAQ for Unix/Linux is invaluable.
> http://superuser.com/questions/556993/how-to-display-unicode-in-a-linux-virtual-terminal

I'll take a look

BTW I installed a VM (testing), I checked the test `echo -e '1\u03362'`
and I got the same return: simple 1 and strikethrough 2 :-(


Regards

-- 
Alessandro T.

R: Perché leggiamo dall'alto al basso e da sinistra a destra.
D: Perché dovrei iniziare la risposta all'e-mail dopo il testo citato? 

Re: Locales

[Alessandro T.]

On 06/02/2017 07:53, Teemu Likonen wrote:
> Alessandro T. [2017-02-05 22:10:55+01] wrote:
>
>> Isn't localization set by locale?
> I have not followed this thread closely but will just point that
> nowadays it's probably good idea to set locales with "localectl". That
> command will write the changes to the right files. Examples from my
> system:
>
> localectl set-locale LANG=fi_FI.UTF-8 LC_MESSAGES=C
>
> localectl set-x11-keymap fi pc105 "" compose:rwin,ctrl:swapcaps
>

Thanks for this info


-- 
Alessandro T.

R: Perché leggiamo dall'alto al basso e da sinistra a destra.
D: Perché dovrei iniziare la risposta all'e-mail dopo il testo citato? 

Re: Some x-terminals do not compose unicode characters

[Alessandro T.]

On 05/02/2017 18:45, deloptes wrote:
>
> there are two basic things - localization and fonts. 
> Localization is set via LC variables so
> export | grep LC
> would tell your settings.
> Fonts are provided via console package, but they should be utf8 anyway.

Thanks for reply.

Isn't localization set by locale?

Anyway I did:
$ export | grep LC


$ locale
LANG=it_IT.UTF-8
LANGUAGE=
LC_CTYPE="it_IT.UTF-8"
LC_NUMERIC="it_IT.UTF-8"
LC_TIME="it_IT.UTF-8"
LC_COLLATE="it_IT.UTF-8"
LC_MONETARY="it_IT.UTF-8"
LC_MESSAGES="it_IT.UTF-8"
LC_PAPER="it_IT.UTF-8"
LC_NAME="it_IT.UTF-8"
LC_ADDRESS="it_IT.UTF-8"
LC_TELEPHONE="it_IT.UTF-8"
LC_MEASUREMENT="it_IT.UTF-8"
LC_IDENTIFICATION="it_IT.UTF-8"
LC_ALL=

and then I exported all LC-*, so:
$ export | grep LC
declare -x LC_ADDRESS="it_IT.UTF-8"
declare -x LC_COLLATE="it_IT.UTF-8"
declare -x LC_CTYPE="it_IT.UTF-8"
declare -x LC_IDENTIFICATION="it_IT.UTF-8"
declare -x LC_MEASUREMENT="it_IT.UTF-8"
declare -x LC_MESSAGES="it_IT.UTF-8"
declare -x LC_MONETARY="it_IT.UTF-8"
declare -x LC_NAME="it_IT.UTF-8"
declare -x LC_NUMERIC="it_IT.UTF-8"
declare -x LC_PAPER="it_IT.UTF-8"
declare -x LC_TELEPHONE="it_IT.UTF-8"
declare -x LC_TIME="it_IT.UTF-8"

but nothing happened, same representation.

Regards

-- 
Alessandro T.

R: Perché leggiamo dall'alto al basso e da sinistra a destra.
D: Perché dovrei iniziare la risposta all'e-mail dopo il testo citato? 

Re: Some x-terminals do not compose unicode characters

[Alessandro T.]

On 04/02/2017 23:45, Jonathan Dowland wrote:
> On Fri, Feb 03, 2017 at 11:07:39AM +0100, Alessandro T. wrote:
>> echo -e '1\u0336'
>>
>> and with mlterm, pterm, rxvt and xterm I got, rightly, strikethrough 1.
>> Instead with evilvte, gnome-terminal, lilyterm, lxterminal, sakura,
>> terminator, terminix, termit, vala-terminal and xfce4-terminal (my
>> default) I got 1-.
>>
>> This is caused by incorrect configuration? So where should I intervene?
>> Or is it a bug? So what package should I report?

Hello and thanks for the reply.


> Are you using the same shell in each terminal? 

Yes: bash 4.4.11(1)-release

> Do you have TERM set to
> something unusual by mistake?

In xfce4-terminal I have TERM=xterm-256color and in xterm I have
TERM=xterm, but also if I change, with the export, nothing changes.

Regards

-- 
Alessandro T.

R: Perché leggiamo dall'alto al basso e da sinistra a destra.
D: Perché dovrei iniziare la risposta all'e-mail dopo il testo citato? 

Re: Some x-terminals do not compose unicode characters

[Alessandro T.]

On 04/02/2017 18:07, Darac Marjal wrote:
>
> Just to note, I have tried this same command in xfce-terminal 0.8.3
> (which is in testing and unstable and depends on libvte-2.91-1 version
> 0.46.1-1) and I /do/ get a struckthrough 1.
>

Hello and thanks for the reply.
I am in Sid. ( I have your same version, without a typo libvte-2.91-0 ;-) )

> So, if you're using stable (you don't actually say which versions of
> the packages you tries), then the bug may already be fixed. If you're
> on testing or newer, then it might be a configuration issue.
>

Maybe, but I created a new user to be sure of the configuration and with
this I have the same representation.

Where can I find the configuration error?
I looked in
~/.config/xfce4/terminal/terminalrc
but I did not see anything strange. This is where should I look?

Regards

-- 
Alessandro T.

R: Perché leggiamo dall'alto al basso e da sinistra a destra.
D: Perché dovrei iniziare la risposta all'e-mail dopo il testo citato? 

real interface MTU different than seen in the output of "ip link show" command

[Martin T]

Hi,

today I noticed an interesting behavior where the PC NIC does not
discard a received Ethernet frame, although it is larger than MTU on
this NIC. For example, I made PC1[eth0] <-> [eth0]PC2 and PC1[eth0]
<-> [eth0]PC3 connections and set the MTU on PC1 eth0 interface to
9000 bytes and MTU on PC2 and PC3 eth0 interfaces to 1500
bytes(confirmed with "ip link show" command). I expected PC2 and PC3
to drop frames >1500 bytes, but instead PC2 processed frames up to
4210 bytes and PC3 up to 8166 bytes. eth0 in PC2 uses e1000e driver
and eth0 in PC3 uses r8169 driver included with jessie.
On the other hand, Cisco switch works as expected. For example, if its
port Fa0/30 MTU is 1998 bytes and I send >1998 byte frames, then those
are dropped and counted as giants:

c2960#sh int Fa0/30 counters errors

PortAlign-Err FCS-ErrXmit-Err Rcv-Err  UnderSize
OutDiscards
Fa0/30  0   0   0   0  0
 0

Port  Single-Col  Multi-Col   Late-Col  Excess-Col  Carri-Sen
Runts Giants
Fa0/30 0  0  0   0  0
0  4
c2960#


How to explain this behavior?


thanks,
Martin

Some x-terminals do not compose unicode characters

[Alessandro T.]

Hi,
I would get the strikethrough text in x-terminal-emulator. So I tried

echo -e '1\u0336'

and with mlterm, pterm, rxvt and xterm I got, rightly, strikethrough 1.
Instead with evilvte, gnome-terminal, lilyterm, lxterminal, sakura,
terminator, terminix, termit, vala-terminal and xfce4-terminal (my
default) I got 1-.

This is caused by incorrect configuration? So where should I intervene?
Or is it a bug? So what package should I report?

Thanks

-- 
Alessandro T.

R: Perché leggiamo dall'alto al basso e da sinistra a destra.
D: Perché dovrei iniziare la risposta all'e-mail dopo il testo citato? 

Customer

[pytplshlt...@t-online.de]

Hey Customer  , 
 http://tinyurl.com/zkhbnak=9e8c15fdba1c112=ghoucqu 
 International Discount Online 
 Quickly and easily from the comfort of your home or office.


Gesendet mit Telekom Mail <https://t-online.de/email-kostenlos> - kostenlos und 
sicher für alle!

Customer

[oohcyzfla...@t-online.de]

Dear Customer  , 
 http://tinyurl.com/z9hfqfj=80813e6f8c40deb=aojhkdb 
 International Discount Online 
 Quickly and easily from the comfort of your home or office.


Gesendet mit Telekom Mail <https://t-online.de/email-kostenlos> - kostenlos und 
sicher für alle!

Re: understanding how localization works in Debian

[Martin T]

On Mon, Dec 12, 2016 at 3:47 PM, Greg Wooledge <wool...@eeg.ccf.org> wrote:
> On Mon, Dec 12, 2016 at 01:58:12PM +0200, Martin T wrote:
>> 1) pam_env.so sets the environmental variables seen in the output of
>> locale command based on configuration files(for example
>> /etc/default/locale) when user logs in
>
> Maybe, maybe not.  The LC_* and LANG variables can come from many
> different places.  I think, however, that you are focusing on the
> libc/application level that uses these variables, and not their
> origin.  So for your purposes, "LC_* and LANG are set somehow".
>
>> 2) nl_langinfo(), setlocale() and (some) other glibc functions used in
>> programs ask environment variables seen in the output of locale
>> command
>>
>> 3) based on those environment variables nl_langinfo(), setlocale(),
>> etc functions check the locale information in
>> /usr/lib/locale/locale-archive database and change their output
>> accordingly
>>
>> 4) /usr/lib/locale/locale-archive database is generated with
>> locale-gen utility based on entries in /etc/locale.gen file and locale
>> template/configuration files in /usr/share/i18n/locales/
>>
>> Did I understand this correctly?
>
> I am confused.  There are basically three interaction points between
> you and the locale system, and you don't seem to have focused on any
> of them.
>
> 1) LC_* and LANG are set somehow by the end user or by the local OS.
>
> 2) The local system admin runs "dpkg-reconfigure locales" to determine
>which locales are "generated".  End users can only receive translations
>from locales that are generated on the local system.
>
> 3) Applications are written with localization (l10n) support using the
>features of whichever language they're written in, e.g. _("...").
>
> For a more detailed look at #1, see https://wiki.debian.org/Locale
> (And even that is woefully incomplete thanks to the proliferation
> of Desktop Environments, and the ridiculous inadequacy of the PAM
> environment variable system.)
>
> For a more detailed look at #3, see
> https://www.gnu.org/software/gettext/manual/gettext.html
>

Greg,

thank you for reply! I do understand that LC_* and LANG variables can
come from various places. For example even pushed by SSH client.
However, were my other three points incorrect? As I understand it,
some glibc functions(for example nl_langinfo(), setlocale()) use those
LC_* and LANG variables to change the program output(for example first
day of the week in cal command) based on locale data in
/usr/lib/locale/locale-archive database.



thanks,
Martin

understanding how localization works in Debian

[Martin T]

Hi,

I read the "Configuring the System for Another Language" paragraph in
"The Debian Administrator's Handbook" and am I correct that
localization works in a way that:

1) pam_env.so sets the environmental variables seen in the output of
locale command based on configuration files(for example
/etc/default/locale) when user logs in

2) nl_langinfo(), setlocale() and (some) other glibc functions used in
programs ask environment variables seen in the output of locale
command

3) based on those environment variables nl_langinfo(), setlocale(),
etc functions check the locale information in
/usr/lib/locale/locale-archive database and change their output
accordingly

4) /usr/lib/locale/locale-archive database is generated with
locale-gen utility based on entries in /etc/locale.gen file and locale
template/configuration files in /usr/share/i18n/locales/

Did I understand this correctly?



thanks,
Martin

potential damage to Debian "stable" when installing packages from "testing"

[Martin T]

Hi,

let's say that I need a package named "weechat"(version 1.6-1) from
Debian "testing":

# apt-get install -t testing weechat
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  binutils libc-bin libc-dev-bin libc-l10n libc6 libc6-dev libgcrypt20
libgnutls30 libhogweed4 libncurses5 libn
  weechat-curses
Suggested packages:
  binutils-doc glibc-doc rng-tools gnutls-bin weechat-doc
Recommended packages:
  manpages-dev weechat-plugins
The following NEW packages will be installed:
  libc-l10n libgnutls30 libhogweed4 libnettle6
The following packages will be upgraded:
  binutils libc-bin libc-dev-bin libc6 libc6-dev libgcrypt20
libncurses5 libncursesw5 libp11-kit0 libtasn1-6 li
16 upgraded, 4 newly installed, 0 to remove and 511 not upgraded.
Need to get 18.7 MB of archives.
After this operation, 8,111 kB of additional disk space will be used.
Do you want to continue? [Y/n] n
Abort.
#

I guess one should not worry about new packages? However, as seen
above, such operation would upgrade some packages which are
dependencies for many other packages. For example libc6, libgcrypt20
or libncurses5. What are the consequences with that? I would guess it
shouldn't cause problems because (usually) dependencies require
version x OR higher. For example libc6 (>= 2.14) or libgcrypt20 (>=
1.6.1).



thanks,
Martin

Re: Advantages of Debian "backports" over "testing"?

[Martin T]

Ok, understood. Thank you!


Martin

On Thu, Dec 8, 2016 at 1:30 PM, Lisi Reisz <lisi.re...@gmail.com> wrote:
> On Thursday 08 December 2016 11:06:55 Martin T wrote:
>> One more question regarding Debian backports- is it a good practice to
>> prefer latest versions from backports(jessie-backports) by default
>> while using stable(jessie) distribution?
>
> Definitely not.
>
> [snip]
>> Or is it a better practice to cherry-pick packages from "jessie-backports"?
>
> Yes.
>
> Lisi
>>
>>
>> thanks,
>> Martin
>>
>> On Wed, Dec 7, 2016 at 4:25 PM, maderios <mader...@gmail.com> wrote:
>> > On 12/07/2016 12:45 AM, Martin T wrote:
>> >> Hi,
>> >>
>> >> what are advantages of using Debian "backports"("jessie-backports" in
>> >> sources.list file) over "testing"("testing" in sources.list file)? As
>> >
>> > Hi
>> > You can't compare, they are completely different. Backport packages have
>> > stable/Jessie compatibility. Testing/Stretch and Sid are very close to
>> > each other. Very far from stable/jessie-backports/Jessie.
>> >
>> > --
>> > Maderios
>

Re: Advantages of Debian "backports" over "testing"?

[Martin T]

One more question regarding Debian backports- is it a good practice to
prefer latest versions from backports(jessie-backports) by default
while using stable(jessie) distribution? I mean something like this:

# cat /etc/apt/preferences.d/00_jessie-backports
Explanation: Change pin-priority to
Explanation: 500 for all backported
Explanation: packages.
Package: *
Pin: release n=jessie-backports
Pin-Priority: 500
#

Configuration above would change the priority of "jessie-backports"
from 100 to 500 and thus versions from jessie-backports would be
installed because those are newer than the versions in stable(jessie).
Or is it a better practice to cherry-pick packages from "jessie-backports"?


thanks,
Martin

On Wed, Dec 7, 2016 at 4:25 PM, maderios <mader...@gmail.com> wrote:
> On 12/07/2016 12:45 AM, Martin T wrote:
>>
>> Hi,
>>
>> what are advantages of using Debian "backports"("jessie-backports" in
>> sources.list file) over "testing"("testing" in sources.list file)? As
>
>
> Hi
> You can't compare, they are completely different. Backport packages have
> stable/Jessie compatibility. Testing/Stretch and Sid are very close to each
> other. Very far from stable/jessie-backports/Jessie.
>
> --
> Maderios
>

Re: default "Default-Release" for APT

[Martin T]

This makes sense, thanks! A good example would be libapparmor1:

# apt-cache policy libapparmor1
libapparmor1:
  Installed: 2.9.0-3
  Candidate: 2.10.95-7
  Version table:
 2.10.95-7 0
500 http://ftp.se.debian.org/debian/ unstable/main amd64 Packages
 2.10.95-6 0
500 http://ftp.se.debian.org/debian/ testing/main amd64 Packages
 2.10.95-4~bpo8+2 0
100 http://ftp.se.debian.org/debian/ jessie-backports/main
amd64 Packages
 *** 2.9.0-3 0
500 http://ftp.se.debian.org/debian/ jessie/main amd64 Packages
100 /var/lib/dpkg/status
#

As seen above, version 2.10.95-7 from "unstable" would get installed
because it is the highest version(checked with "dpkg
--compare-versions") from all three sources with priority 500.


Martin

On Thu, Dec 8, 2016 at 1:35 AM, Mark Fletcher <mark2...@gmail.com> wrote:
>
> On Thu, 8 Dec 2016 at 08:11, Martin T <m4rtn...@gmail.com> wrote:
>>
>> Hi,
>>
>> as I showed in my initial post, I don't have that file:
>>
>> # ls -l /etc/apt/apt.conf
>> ls: cannot access /etc/apt/apt.conf: No such file or directory
>> #
>>
>> That's what made me wondering what is the default release if
>> "APT::Default-Release" is not configured and based on what this
>> default release is determined.
>>
>>
>> thanks,
>> Martin
>>
>> On Thu, Dec 8, 2016 at 12:03 AM, maderios <mader...@gmail.com> wrote:
>> > On 12/07/2016 07:26 PM, Martin T wrote:
>> >>
>> >> Hi,
>> >>
>> >> I read the apt_preferences man page and it says that "To configure the
>> >> default release in the configuration file, use: APT::Default-Release
>> >> "stable";". While I have multiple distributions in sources.list
>> >> file(stable, testing, unstable, jessie-backports), then I don't have
>> >> the "Default-Release" configured:
>> >>
>> >> # grep -R Default-Release /etc/apt/
>> >> #
>> >>
>> >> What is the default "Default-Release"? How is this determined?
>> >>
>> > Hi
>> > Look at your /etc/apt/apt.conf
>> >
>> > My apt.conf for testing:
>> >
>> > APT::Install-Recommends "false";
>> > APT::Install-Suggests "false";
>> > APT::Default-Release "testing";
>> >
>> > --
>> > Maderios
>> >
>>
>
> It's using all of them, in that case. Then, newest versions of packages
> supersede older ones. Net effect -- you get sid.
>
> Mark

Re: default "Default-Release" for APT

[Martin T]

Hi,

as I showed in my initial post, I don't have that file:

# ls -l /etc/apt/apt.conf
ls: cannot access /etc/apt/apt.conf: No such file or directory
#

That's what made me wondering what is the default release if
"APT::Default-Release" is not configured and based on what this
default release is determined.


thanks,
Martin

On Thu, Dec 8, 2016 at 12:03 AM, maderios <mader...@gmail.com> wrote:
> On 12/07/2016 07:26 PM, Martin T wrote:
>>
>> Hi,
>>
>> I read the apt_preferences man page and it says that "To configure the
>> default release in the configuration file, use: APT::Default-Release
>> "stable";". While I have multiple distributions in sources.list
>> file(stable, testing, unstable, jessie-backports), then I don't have
>> the "Default-Release" configured:
>>
>> # grep -R Default-Release /etc/apt/
>> #
>>
>> What is the default "Default-Release"? How is this determined?
>>
> Hi
> Look at your /etc/apt/apt.conf
>
> My apt.conf for testing:
>
> APT::Install-Recommends "false";
> APT::Install-Suggests "false";
> APT::Default-Release "testing";
>
> --
> Maderios
>

default "Default-Release" for APT

[Martin T]

Hi,

I read the apt_preferences man page and it says that "To configure the
default release in the configuration file, use: APT::Default-Release
"stable";". While I have multiple distributions in sources.list
file(stable, testing, unstable, jessie-backports), then I don't have
the "Default-Release" configured:

# grep -R Default-Release /etc/apt/
#

What is the default "Default-Release"? How is this determined?


thanks,
Martin

Re: Advantages of Debian "backports" over "testing"?

[Martin T]

Understood. Thanks!


Martin

On Wed, Dec 7, 2016 at 4:07 PM, Mark Fletcher <mark2...@gmail.com> wrote:
> On Wed, Dec 07, 2016 at 03:25:17PM +0200, Martin T wrote:
>> Dan,
>>
>> > On the other hand, upgrade your webserver to a backports version,
>> > and the webserver has been compiled against the libs you already have.
>>
>> thanks! Is this also one of the reasons why not all packages in
>> testing are available via backports? I mean I could imagine that there
>> are packages which require some features which are provided only by
>> libraries available for "testing" and thus the package can not be
>> available via backports.
>>
>>
>
> That, and the fact that it takes effort to backport things, it can
> sometimes be quite hard, and the people doing it aren't getting paid to.
> So the things that get backported tend to be the things that either the
> package maintainer wants, or that there is a lot of demand (and hence a
> high chance of appreciation) for.
>
> Mark
>

Re: Advantages of Debian "backports" over "testing"?

[Martin T]

Dan,

> On the other hand, upgrade your webserver to a backports version,
> and the webserver has been compiled against the libs you already have.

thanks! Is this also one of the reasons why not all packages in
testing are available via backports? I mean I could imagine that there
are packages which require some features which are provided only by
libraries available for "testing" and thus the package can not be
available via backports.


thanks,
Martin

On Wed, Dec 7, 2016 at 2:37 AM, Dan Ritter <d...@randomstring.org> wrote:
> On Wed, Dec 07, 2016 at 01:45:45AM +0200, Martin T wrote:
>>
>> what are advantages of using Debian "backports"("jessie-backports" in
>> sources.list file) over "testing"("testing" in sources.list file)? As
>> I understand, "backports" does not have all the packages from
>> "testing". On the other hand, packages in "backports" are specially
>> recompiled for "stable" so I guess they might provide better
>> stability(?).
>>
>
> Suppose that you have a webserver that depends on OpenSSL, libc,
> and, oh, libasn1.
>
> All of those libraries are likely to get new versions in
> testing. If you upgrade your webserver to testing, they all come
> along for the ride.
>
> On the other hand, upgrade your webserver to a backports
> version, and the webserver has been compiled against the libs
> you already have.
>
> Meanwhile, your mail server also needs OpenSSL and libc, and
> you don't want to push that to new versions yet...
>
> -dsr-

Advantages of Debian "backports" over "testing"?

[Martin T]

Hi,

what are advantages of using Debian "backports"("jessie-backports" in
sources.list file) over "testing"("testing" in sources.list file)? As
I understand, "backports" does not have all the packages from
"testing". On the other hand, packages in "backports" are specially
recompiled for "stable" so I guess they might provide better
stability(?).


thanks,
Martin

Detect upgradable packages in shell script ran as a non-root user

[Martin T]

Hi,

I would like to run a cron job which periodically checks if I have
upgradable packages. One way to do it is probably like this:

$ apt-get upgrade -s | grep -q "^0 upgraded"

In case exit code is >0, then there are upgradable packages. The
second solution I came up with is:

$ for package in $(dpkg-query -f '${binary:Package}\n' -W); do\
  apt-show-versions -u "$package" &>/dev/null && break;\
done

Again, if exit code is >0, then there is at least one upgradable
package. Of course, a solution like "apt-show-versions | grep -q
"upgradeable"" would also work.

For me the "apt-get upgrade -s | grep -q "^0 upgraded"" seems to be
the most reasonable solution, but maybe there is even a better way?


thanks,
Martin

Re: USB mouse and keyboard disconnected

[Martin T]

Mark,

thank you for your reply!

> Random thought -- if ehci_pci is already loaded for some other device
> early in the boot process, in a way that doesn't require the ehci_hcd
> module, and then udev detects the keyboard and mouse, determines it
> needs ehci_pci... and concludes all is well because that module is
> already loaded... But the ehci_hcd piece isn't And then removing it
> and re-loading it looks at the dependencies again in the light of all
> the hardware udev is aware of by that stage, and so loads the
> sub-module, and the keyboard and mouse start working...

Maybe I misunderstood you, but at the time of the issue when I SSH
into the machine, I can see that "ehci_hcd" is loaded.


> OR, perhaps less far-fetched, could your running kernel somehow have
> access to 2 versions of the ehci_pci module, one with a dependency on
> ehci_hcd and one not? And at boot it is picking up the wrong one and
> when you run modprobe from the command line it is picking up the other?

As far as I can tell, there is only one ehci-pci module:

# find / ! -type d -iname "ehci*pci*"
/sys/module/ehci_hcd/holders/ehci_pci
/sys/module/usbcore/holders/ehci_pci
/lib/modules/3.16.0-4-amd64/kernel/drivers/usb/host/ehci-pci.ko
#


Any other ideas?


thanks,
Martin

On Fri, Nov 4, 2016 at 12:48 AM, Mark Fletcher <mark2...@gmail.com> wrote:
> On Thu, Nov 03, 2016 at 06:18:59PM +0200, Martin T wrote:
>> Hi,
>>
>> looks like the problem is either with ehci_pci or ehci_hcd because if
>> I do "modprobe -rv ehci_pci" and "modprobe -v ehci_pci", then both
>> keyboard and mouse start to work. "ehci_hcd" is used by "ehci_pci":
>>
>> ehci_pci   12512  0
>> ehci_hcd   69837  1 ehci_pci
>>
>>
> Random thought -- if ehci_pci is already loaded for some other device
> early in the boot process, in a way that doesn't require the ehci_hcd
> module, and then udev detects the keyboard and mouse, determines it
> needs ehci_pci... and concludes all is well because that module is
> already loaded... But the ehci_hcd piece isn't And then removing it
> and re-loading it looks at the dependencies again in the light of all
> the hardware udev is aware of by that stage, and so loads the
> sub-module, and the keyboard and mouse start working...
>
> OR, perhaps less far-fetched, could your running kernel somehow have
> access to 2 versions of the ehci_pci module, one with a dependency on
> ehci_hcd and one not? And at boot it is picking up the wrong one and
> when you run modprobe from the command line it is picking up the other?
>
> Mark
>

Re: USB mouse and keyboard disconnected

[Martin T]

Hi,

looks like the problem is either with ehci_pci or ehci_hcd because if
I do "modprobe -rv ehci_pci" and "modprobe -v ehci_pci", then both
keyboard and mouse start to work. "ehci_hcd" is used by "ehci_pci":

ehci_pci   12512  0
ehci_hcd   69837  1 ehci_pci


Modinfo output for above-mentioned modules can be seen below:

# modinfo ehci_pci
filename:   /lib/modules/3.16.0-4-amd64/kernel/drivers/usb/host/ehci-pci.ko
license:GPL
author: Alan Stern
author: David Brownell
description:EHCI PCI platform driver
alias:  pci:v104AdCC00sv*sd*bc*sc*i*
alias:  pci:v*d*sv*sd*bc0Csc03i20*
depends:usbcore,ehci-hcd
intree: Y
vermagic:   3.16.0-4-amd64 SMP mod_unload modversions
#
# modinfo ehci_hcd
filename:   /lib/modules/3.16.0-4-amd64/kernel/drivers/usb/host/ehci-hcd.ko
license:GPL
author: David Brownell
description:USB 2.0 'Enhanced' Host Controller (EHCI) Driver
depends:usbcore
intree: Y
vermagic:   3.16.0-4-amd64 SMP mod_unload modversions
parm:   log2_irq_thresh:log2 IRQ latency, 1-64 microframes (int)
parm:   park:park setting; 1-3 back-to-back async packets (uint)
parm:   ignore_oc:ignore bogus hardware overcurrent indications (bool)
#


Any ideas what might cause this issue?


thanks,
Martin


On Mon, Sep 19, 2016 at 4:47 PM, Martin T <m4rtn...@gmail.com> wrote:
> Hi,
>
> I made a fresh minimal(no desktop environment, open-source "radeon"
> driver, CEDAR firmware, X and dwm) Debian 8.5 installation few days
> ago. Since that I have had two occasions where all of the sudden USB
> devices(USB keyboard and mouse) no longer work. I'm able to access my
> PC over SSH(or use PS/2 keyboard) and at the time of the issue nothing
> is logged(I checked kernel ring buffer, X log files, etc). When I
> remove(modprobe -r) USB related modules(ehci_hcd, ehci_pci, usbhid,
> usbcore, usb_common, hid) and then again load those modules, the USB
> mouse and keyboard start to work. At the time of the issue power to
> the USB ports is present, because mouse LED is lit and for example
> magic SysRq key-combinations work. Kernel version is 3.16.0-4-amd64. I
> also noticed that for example around three days and then again 5 hours
> ago, since this issue, USB mouse was disconnected for a second:
>
>
> [11206.404325] usb 1-1.1: USB disconnect, device number 3
> [11206.629417] usb 1-1.1: new low-speed USB device number 5 using ehci-pci
> [11206.727526] usb 1-1.1: New USB device found, idVendor=046d, idProduct=c03e
> [11206.727539] usb 1-1.1: New USB device strings: Mfr=1, Product=2,
> SerialNumber=0
> [11206.727542] usb 1-1.1: Product: USB-PS/2 Optical Mouse
> [11206.727544] usb 1-1.1: Manufacturer: Logitech
> [11206.731189] input: Logitech USB-PS/2 Optical Mouse as
> /devices/pci:00/:00:1a.0/usb1/1-1/1-1.1/1-1.1:1.0/0003:046D:C03E.0004/input/input14
> [11206.731608] hid-generic 0003:046D:C03E.0004: input,hidraw0: USB HID
> v1.10 Mouse [Logitech USB-PS/2 Optical Mouse] on
> usb-:00:1a.0-1.1/input0
> [18378.452226] ip_tables: (C) 2000-2006 Netfilter Core Team
> [110547.411844] perf interrupt took too long (2565 > 2500), lowering
> kernel.perf_event_max_sample_rate to 5
> [241801.649235] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
> [243524.775521] usb 1-1.1: USB disconnect, device number 5
> [243525.022937] usb 1-1.1: new low-speed USB device number 6 using ehci-pci
> [243525.120715] usb 1-1.1: New USB device found, idVendor=046d, idProduct=c03e
> [243525.120719] usb 1-1.1: New USB device strings: Mfr=1, Product=2,
> SerialNumber=0
> [243525.120722] usb 1-1.1: Product: USB-PS/2 Optical Mouse
> [243525.120724] usb 1-1.1: Manufacturer: Logitech
> [243525.124970] input: Logitech USB-PS/2 Optical Mouse as
> /devices/pci:00/:00:1a.0/usb1/1-1/1-1.1/1-1.1:1.0/0003:046D:C03E.0005/input/input15
> [243525.125355] hid-generic 0003:046D:C03E.0005: input,hidraw0: USB
> HID v1.10 Mouse [Logitech USB-PS/2 Optical Mouse] on
> usb-:00:1a.0-1.1/input0
>
>
> I didn't physically unplug the mouse. However, I'm not sure if those
> are related to this issue. As I told, at the time of this issue
> nothing is logged.
>
> Last but not least, output of "lsusb" can be seen below:
>
> # lsusb
> Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
> Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
> Bus 001 Device 005: ID 046d:c03e Logitech, Inc. Premium Optical Wheel
> Mouse (M-BT58)
> Bus 001 Device 003: ID 046d:c313 Logitech, Inc. Internet 350 Keyboard
> Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
> Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
> #
>
>
> Please let me know if anything was unclear or additional information is 
> needed.
>
>
> thanks,
> Martin

Re: Duvida OpenVpn

[Thiago T. Faioli]

Boa tarde Marcelo


O projeto FreeRADIUS já disponibiliza as DDL's pra criação das tabelas no
banco de dados MySQL. Em algum lugar da estrutura de diretório está esse
arquivo db_mysql.sql que contem todos os arquivos pra configuração do banco
mysql...

Portanto utilize esse cara pra te ajudar nas criações das tabelas
necessárias ...

Crie o banco do radiu

# mysqladmin -psenha create nomebanco

E crie as tabelas com o comando:

# mysql -psenha radius < db_mysql.sql


No  arquivo radiusd.conf  configure-o para autenticar os dados no MySQL.
Modifique as seções "authorize" e "accounting" insira "sql"

dessa forma:

authorise {
sql
}



accounting {
sql
}

Isso fará com que os usuários sejam procurados na tabela radcheck e fará
com que os dados das conexões sejam armazenadas na tabela radacct do banco
de dados que criou para o radius no MySQL


Depois edite o sql.conf e descomente as linhas:

simul_count_query
simul_verify_query

Agora é criar o usuario no DB

# mysql -psenha bancoradius

Criar usuário:

INSERT INTO radcheck (username, attribute, op, value)  VALUES (''usuario',
'Password', '==', 'senha');

Criar grupo com direito a uma conexão chamado 'sessaounic':

INSERT INTO radgroupcheck (groupname, attribute, op, value) VALUES
('sessaounic', 'Simultaneous-Use', ':=', 1);

Inserir 'usuario' no grupo:

mysql> INSERT INTO usergroup (username, groupname) VALUES ('usuario',
'sessaounic');



Cara... é bem por aí...



*Thiago Torres Faioli*

+55 (31) 98449-4065
+55 3003-5410 ramal: 0011
+1 800 990 8273 ext: 0011
*Skype/Hangouts:* thiago.fai...@gmail.com

Em 3 de outubro de 2016 15:52, Marcelo  escreveu:

> Olá,
>
> Instalei um server openvpn, tudo funcionando... e autenticando no Radius.
>
> Gostaria de limitar a quantidade de logins simultaneos, é possível?
>
> Abraços,
> Marcelo
>
>

USB mouse and keyboard disconnected

[Martin T]

Hi,

I made a fresh minimal(no desktop environment, open-source "radeon"
driver, CEDAR firmware, X and dwm) Debian 8.5 installation few days
ago. Since that I have had two occasions where all of the sudden USB
devices(USB keyboard and mouse) no longer work. I'm able to access my
PC over SSH(or use PS/2 keyboard) and at the time of the issue nothing
is logged(I checked kernel ring buffer, X log files, etc). When I
remove(modprobe -r) USB related modules(ehci_hcd, ehci_pci, usbhid,
usbcore, usb_common, hid) and then again load those modules, the USB
mouse and keyboard start to work. At the time of the issue power to
the USB ports is present, because mouse LED is lit and for example
magic SysRq key-combinations work. Kernel version is 3.16.0-4-amd64. I
also noticed that for example around three days and then again 5 hours
ago, since this issue, USB mouse was disconnected for a second:


[11206.404325] usb 1-1.1: USB disconnect, device number 3
[11206.629417] usb 1-1.1: new low-speed USB device number 5 using ehci-pci
[11206.727526] usb 1-1.1: New USB device found, idVendor=046d, idProduct=c03e
[11206.727539] usb 1-1.1: New USB device strings: Mfr=1, Product=2,
SerialNumber=0
[11206.727542] usb 1-1.1: Product: USB-PS/2 Optical Mouse
[11206.727544] usb 1-1.1: Manufacturer: Logitech
[11206.731189] input: Logitech USB-PS/2 Optical Mouse as
/devices/pci:00/:00:1a.0/usb1/1-1/1-1.1/1-1.1:1.0/0003:046D:C03E.0004/input/input14
[11206.731608] hid-generic 0003:046D:C03E.0004: input,hidraw0: USB HID
v1.10 Mouse [Logitech USB-PS/2 Optical Mouse] on
usb-:00:1a.0-1.1/input0
[18378.452226] ip_tables: (C) 2000-2006 Netfilter Core Team
[110547.411844] perf interrupt took too long (2565 > 2500), lowering
kernel.perf_event_max_sample_rate to 5
[241801.649235] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[243524.775521] usb 1-1.1: USB disconnect, device number 5
[243525.022937] usb 1-1.1: new low-speed USB device number 6 using ehci-pci
[243525.120715] usb 1-1.1: New USB device found, idVendor=046d, idProduct=c03e
[243525.120719] usb 1-1.1: New USB device strings: Mfr=1, Product=2,
SerialNumber=0
[243525.120722] usb 1-1.1: Product: USB-PS/2 Optical Mouse
[243525.120724] usb 1-1.1: Manufacturer: Logitech
[243525.124970] input: Logitech USB-PS/2 Optical Mouse as
/devices/pci:00/:00:1a.0/usb1/1-1/1-1.1/1-1.1:1.0/0003:046D:C03E.0005/input/input15
[243525.125355] hid-generic 0003:046D:C03E.0005: input,hidraw0: USB
HID v1.10 Mouse [Logitech USB-PS/2 Optical Mouse] on
usb-:00:1a.0-1.1/input0


I didn't physically unplug the mouse. However, I'm not sure if those
are related to this issue. As I told, at the time of this issue
nothing is logged.

Last but not least, output of "lsusb" can be seen below:

# lsusb
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 005: ID 046d:c03e Logitech, Inc. Premium Optical Wheel
Mouse (M-BT58)
Bus 001 Device 003: ID 046d:c313 Logitech, Inc. Internet 350 Keyboard
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
#


Please let me know if anything was unclear or additional information is needed.


thanks,
Martin

Re: Any idea when CVE-2016-5696 is going to get fixed?

[John T. Haggerty]

On Fri, Aug 26, 2016 at 9:11 PM, Perry E. Metzger 
wrote:

> On Fri, 26 Aug 2016 21:06:15 +0200 Frederic Marchal
>  wrote:
> > On Friday 26 August 2016 11:04:04 Perry E. Metzger wrote:
> > > According to:
> > >
> > > https://security-tracker.debian.org/tracker/CVE-2016-5696
> > >
> > > Wheezy and Jessie are still vulnerable. The attack in question is
> > > kind of bad (it allows blind injection of arbitrary data into
> > > things like http downloads) and has been known for a few weeks
> > > now to the general public.
> >
> > I don't think the issue is that bad.
> >
> > It allows an attacker to find out if you are connected to a
> > particular web site and makes it easier to interrupt the transfer
> > by sending a RST or SYN packet or inject junk data to corrupt the
> > flow. It's simple denial of service.
>
> You are completely wrong. This attack allows you to inject
> *meaningful* things into the data flow. It isn't denial of service,
> it is one of the most flexible data injection attacks in years.
>
> At the security conference where the attack was presented, as a show
> of force, the presenters demonstrated that they could hijack arbitrary
> http: connections from several US newspapers and inject whatever
> traffic they like using this.
>
> Indeed, as a bit of comedy, they used this to do their presentation!
> They had a web browser to go to a newspaper's site and injected their
> slides for the talk into the newspaper's web page return and
> presented their talk that way! You will be able watch the video
> yourself online when Usenix posts it soon.
>
> This means, for example, that you can inject javascript into the pages
> coming off of (say) a newspaper's unencrypted web site, and this
> lets you do untold mischief. With this attack, you could, for
> example, have weaponized the attacks described against iOS yesterday
> (resulting in an iOS emergency update) without getting a user to
> click on a malicious page, simply by injecting malicious javascript
> into a real page of a site hosted on a debian server. (I link to the
> report of that particular incident below, to give one a taste of the
> modern threat environment.)
>
> This is a horribly bad attack. Thinking this is nothing but denial of
> service could not be more incorrect.
>
> > But to achieve that, you must be downloading something from a web
> > site the attacker is actually targeting. The attacker must know you
> > are doing so or find out by sheer luck.
>
> "Sheer luck" isn't hard at all. There are a half dozen good ways
> understood to people in the field where you can figure out what
> sites someone is looking at regularly if you are targeting them
> without needing to listen in on their connection directly.
>
>
Having read several texts on internet security, I'd be interested in what
you are referring to. You mean compromise the physical machine they are on
to view their browser history? Break into their home? Packet sniffing?



> > The download must be long
> > enough (more than one minute) for the attacker to discover the set
> > of parameters that will make the attack successful.
>
> You've forgotten how the modern web works. People have http:
> connections live for very long periods of time, with dynamic content
> flittering back and forth over the channel. It isn't like 1996 any
> more where someone downloaded some static HTML and closed the TCP
> connection until the next page was downloaded when they clicked
> again. It hasn't been like that in a very long time.
>
>
So you are referring to the "netstat" output from the system itself? So
physically redraw the page they are on even if they haven't refreshed the
page?


> > That's unlikely to succeed on a massive scale if you ask me!
>
> You clearly didn't watch the presentation of people
> doing this attack successfully against real web pages while people
> were using them. This isn't theoretical. You should also remember
> that we're no longer in the "but who would do *that*" world. If you
> want to understand the threat model people live under now, read
>
> https://citizenlab.org/2016/08/million-dollar-dissident-
> iphone-zero-day-nso-group-uae/
>
>
Seems to be the NSA from reading about that.


> > Beside, the attacker can't possibly know what you are downloading
> > and how much data has already been downloaded. There is no way he
> > can inject anything useful into the downloaded data.
>
> Watch the real world demos. As I said, the videos are online. What
> you say is wrong.
>
> Perry
> --
> Perry E. Metzgerpe...@piermont.com
>
>

I'd love to see that as well. I don't keep up with many conferences that I
don't personally attend. Is there a cost?

-- 
"The death of one man is a tragedy, the death of 10 million is a statistic"
-- Joseph Stalin

"Omnia mutantur, nihil interit"
(Translation:
Everything changes, nothing is lost.)
-- Ovid, _Metamorphoses_

Re: Getting fqdn, postfix, Comcast to all play nice together

[John T. Haggerty]

On Fri, Aug 26, 2016 at 7:08 PM, Mark Fletcher <mark2...@gmail.com> wrote:

>
>
> On Sat, Aug 27, 2016 at 8:38 AM John T. Haggerty <jpcoo...@gmail.com>
> wrote:
>
>> Any thoughts for or against Amazon?
>>
>>
> Please don't top post on this list, it breaks up the flow of the thread
> for people who read the thread after it's finished. The primary purpose of
> the list is to get your questions answered, but the secondary purpose is to
> help those who come after, and top posting impedes that.
>

So I need to reply to the comment block in this manner then to avoid that?
I've not heard much about that term, and it's been a while that I've used
mailing lists. I can understand however, if that's the case.


>
> Anyway, I'm a fairly heavy Amazon web services user, using multiple
> Workspaces instances (remote desktops), EC2 instances (servers), RDS
> instances (database, in my case MySQL), and Elastic Beanstalk (self-scaling
> web site). I find it performant and highly reliable. I can't vouch for the
> tech support as I haven't really had to use them. They have a user forum
> which is not terrible but not great. The documentation can be a bit
> frustrating but if you are willing to devote the time to wading through the
> adverto-babble the information is there.
>
> Interesting so, the "Workspace" is basically like a vnc into the computer
you could access from ec2 but entirely separate and used for
desktop/non-server use? If so that would be theoretically awesome for some
interesting cases. It could help me not to have to pony up the dough to
Microsoft et all directly for a piece of software I may not use all the
time, not to mention doing interesting interactive things.

Beanstalk sounds interesting as well but almost overlapping ec2, almost
like ec2 on demand just for apache I would guess.



> All that sets me back about $250 a month. No doubt not the cheapest but
> you have to decide if what you want is cheap or good -- you don't typically
> get both, except sometimes temporarily by luck.
>
> Mark
>


Nice, but I guess you must get some sort of residual income from that
otherwise it wouldn't be important? Good to know that would show a real
world use case to give me an idea.


-- 
"The death of one man is a tragedy, the death of 10 million is a statistic"
-- Joseph Stalin

"Omnia mutantur, nihil interit"
(Translation:
Everything changes, nothing is lost.)
-- Ovid, _Metamorphoses_