Re: [OT] replacement for SystemRescueCD

[Thomas D Dial]

On Tue, 2019-10-22 at 22:02 -0400, John Covici wrote:
> On Tue, 22 Oct 2019 21:30:25 -0400,
> Nicholas Geovanis wrote:
> > [1  ]
> > [2  ]
> > On Tue, Oct 22, 2019, 6:29 PM Default User <
> > hunguponcont...@gmail.com> wrote:
> > 
> >  Guys, it seems like SystemRescueCD could be on the way out. Over 6
> > months since a release, and a quick glance at GitLab did not seem to
> > show any commits since then either (but I could be wrong). 
> > 
> >  I have looked for a replacement utility distribution, but just
> > can't seem to find anything good. 
> > 
> > You don't like knoppix? Or a derivative of it? I won't claim they
> > are feature equivalent, but can be made so IB.
> > 
> >  If it is going to be abandonware, what then? Ideas?
> 
> I need something with zfs capabilities, I don't think knoppix has
> that.]
> 
I made one by installing buster on a USB key, then adding to that
buster-backports to that, generally following the instructions at

https://github.com/zfsonlinux/zfs/wiki/Debian-Buster-Root-on-ZFS

stopping at the point where you would create zpools on the target. That
image is usable to do ZFS offline maintenance in case of problems as
well as to do additional installs, and can be kept up to date in the
usual Debian way. Given a large enough USB key, it should be
straightforward to install additional packages to make up a general
purpose recovery image, although I haven't done that as yet.

Tom Dial
> 

Re: Top 7 Programming Languages That Employers Really Want

[Thomas D Dial]

On Sat, 2019-10-19 at 09:46 -0500, John Hasler wrote:
> deloptes writes:
> > SQL comes everywhere handy...
> 
> SQL is certainly handy, but I don't consider it a programming language
> (likewise HTML).

About 20 years ago I wrote and tested a match-merge update program with
(as I remember) the then current version of Oracle SQL. It ran to about
a screen full of text, but depended on all input validatation having
been done and no data item transformations during execution. Couldn't
persuade the users to take it on, though, as they were committed to
using C.

> 
> If you *do* consider HTML a programming language the crawling horrors
> that most Web sites send out make the worst BASIC spaghetti balls look
> like something out of IBM Federal Systems.

Tom Dial

Re: Top 7 Programming Languages That Employers Really Want

[Thomas D Dial]

On Sat, 2019-10-19 at 09:48 +0200, deloptes wrote:
> James H. H. Lampert wrote:
> 
> > The OP wanted this treated as a survey, and so . . .
> > 
> > Many dialects and derivatives of BASIC, including (but not limited
> > to)
> > IBM VS-BASIC (ran on 370 and compatible mainframes), TRS-80 Level 1,
> > Level 2, and Mod I Disk BASIC, GWBASIC, and the various QBASICs
> > (QuickBASIC and QBX). (I took one look at VisualBASIC, and swore off
> > any
> > further M$ development tools.)
> > 
> > FORTRAN (mainly FORTRAN IV: IBM G1, WATFIV, and TRS-80 FORTRAN).
> > 
> > Pascal (CDC Cyber Pascal).
> > 
> > COBOL (also on a CDC Cyber).
> > 
> > PL/I (CDC Cyber PL/I; CDC ANSI PL/I; IBM AS/400 PL/I).
> > 
> > Assemblers (DEC Macro-11, 8086).
> > 
> > (LISP)   <-- the parentheses are an inside joke.
> > 
> > C (mainly on AS/400s). I must go down to the 'C' again, to the loony
> > 'C,' and cry.
> > 
> > Modula-2
> > 
> > MI (it's the closest you are allowed to get to a true assembler
> > language
> > on an AS/400)
> > 
> > RPG/400 (both OPM and ILE)
> > 
> > CL (on AS/400s; it's like a shell script, only compiled).
> > 
> > Java
> > 
> > I've forgotten just about all the SmallTalk I ever learned.
> > 
> > I can get by in SQL.
> > 
> > The more programming languages you know, the easier it is to pick up
> > additional programming languages. And the less likely you are to
> > treat
> > your favorite language (or the only one you know) as a panacea. And
> > if
> > you have good linkage capabilities, mixed-language work is not
> > difficult
> > at all.
> > 
> > Not much that's on the published list. But then again, when I leave
> > my
> > present employment, I'm probably never going to write a single line
> > of
> > code professionally again.
> > 
> > --
> > JHHL
> 
> But James ... this is like a walk through the museum. Are these indeed
> languages that "Employers Really Want"?

There is a lot of existing code written in SQL, Java, COBOL, C (and
C++), FORTRAN, and I expect by now Python. That code needs or will need
occasional maintenance or even further development.

COBOL, in particular, is well established in some large and important
core business systems, especially in financial organizations; a
programmer with decent skills in COBOL, along with the applicable host
OS (mostly z/OS) and development tools and facilities is used is likely
to be able to earn a decent living for some time to come. It may be a
language in decline, but it is likely to take quite a while.

FORTRAN is somewhat similar, but has a smaller, more stable, and mors
specialized application space and often, I think, is maintained by the
successors of the program users who wrote it originally. A good deal of
it may, by now, have been replaced by C, C++, Python, or some other
newer language. I have been retired for a few years, but wonder if
development and maintenance by end user technical subject specialists is
not common with Python as well.

I suspect most of the others listed here are niche languages by now that
might offer occasional employment but more likely would occur
occasionally and be handled as an additional duty by programmers who
primarily uses other languages.

Various on-line quasi-technical publications present lists from time to
time that suggest a number of other languages that may be in demand. A
few that come readily to mind are Javascript, R, and Go, but there are
others.

Tom Dial

Re: confused, seems to be my normal state

[Thomas D Dial]

On Wed, 2019-09-18 at 09:04 -0400, Gene Heskett wrote:
> On Wednesday 18 September 2019 07:46:38 Gene Heskett wrote:
> 
> > On Tuesday 17 September 2019 22:05:28 David wrote:
> > > On Wed, 18 Sep 2019 at 08:17, Gene Heskett 
> >
> > wrote:
> > > > On Tuesday 17 September 2019 15:07:30 ghe wrote:
> > > > > On 9/17/19 11:01 AM, Gene Heskett wrote:
> > > > > > And that results in exactly the same effect, partitiuon 1 is
> > > > > > an iso9660 image, and I don't believe the rpi-3b supports
> that
> > > > > > for a boot medium. dos/fat32 only I believe. Obviously I got
> > > > > > those images from the wrong place in the debian file
> system. 
> > > > > > So I need to remove these, but where do I get the correct
> > > > > > versions?
> > > > >
> > > > > From https://www.raspberrypi.org/downloads/ ?
> > > > >
> > > > > Use the damn NOOBS and quit fighting with your Pi(s)! NOOBS
> > > > > takes a while, and it doesn't install things the way you want
> > > > > them to be, but it does work -- you end up looking at a
> working
> > > > > Buster desktop. No confusion or cardio stress involved.
> > > > >
> > > > > There are a lot of recipes on the web to make things all
> better.
> > > > > And 'rm' works pretty well, too.
> > > >
> > > > I'd luv to give it a try, since I've never tried it, but
> unpacking
> > > > the NOOBS to an sd card seems to be a secret, so what linux
> > > > command will unpack the .zip and put it on the card?
> > >
> > > Hi Gene,
> > >
> > > I suggest a first step is just get your Pi 4 running
> > > the simplest way possible. Just to see it working first
> > > before starting to customising it in any way.
> > >
> > > You don't need NOOBS, just Raspbian.
> > > Note: Raspbian is not Debian.
> > >
> > > Just do this:
> > >
> > > 1) get the zipped image
> > > $ curl -L -o raspbian_latest.zip
> > > downloads.raspberrypi.org/raspbian_latest
> > >
> > > 2) verify the download
> > > $ sha256sum raspbian_latest.zip
> > > 6a1a5f20329e580d5161a0255b3d4163db6f56c3997e1c3b36bdd51140bd768e
> > >
> > > 3) write the SD card
> > > (replace my /dev/sd_ with your SD card device,
> > > without any partition number):
> > >
> > > # unzip -p raspbian_latest.zip | dd bs=4M of=/dev/sd_
> > > status=progress conv=fsync
> >
> > This last is what I was looking for, thank you, and I'll give it all
> a
> > shot later today. In fact, card is written.
> >
> > > and that will produce a SD card that
> > > will boot a Raspberry Pi 4 hardware into a Raspbian desktop.
> >
> > If I can get video out of it, I am about convinced that the only
> > micro-hdmi adapter I have is a $16 dud I got from Wallmart.
> >
> > Banggood says 2 more adapters and the big, whole top heat sink won't
> > be here till around the 3rd.
> >
> > So if this doesn't work, I'll just shelve it till then.  Maybe
> > forever, I'm about burned out on this. I've written several cards,
> > without ever seeing a single byte of video on a monitor that works
> > fine when driven by a pi-3b.
> >
> > 2 possible differences. Its not powered correctly when powered from
> > gpio pin 6=gnd, and 2=5.11 volts. A pi3b has been running that way
> for
> > 2+ years and the gpio is said to be 100% pi3b compatible.  Argue
> with
> > me on that, this rp-4 came with no docs.
> >
> > I do not have a psu with an OTG connector.  Or this $16 wallmart
> > adapter is duff.
> >
> > Does anyone have some typical scope waveforms pix that would show
> what
> > a working hdmi socket has for signals?
> >
> > Now its morning locally, time go see about some caffiene for me and
> > the missus. Thanks all.
> >
> Now I have a puzzle, that rpi-4 is powered and is on my local net, was
> at 
> a duplicate address because the card was at one time in the rpi-3, but
> a 
> login from here didn't look like I was looking at the same machine,
> so 
> from here I went trolling thru proc and discovered it was an rpi-4!!!
> 
> So I changed its ipv4 address, hostname, domainname, added itself at
> its 
> new address to its /etc/hosts file and rebooted it. Added it to my
> hosts 
> file and ssh -Y pi@rpi4, fixed my known_hosts file, and I am now
> logged 
> into it at its new address.  A cat /etc/issue says its running a 
> raspbian 9 (stretch).
> 
> And there's still no video on the monitor its feeding. So I am 
> encouraged, but where the heck is the video?

The instructions that came with mine insisted that the HDMI cable be
attached using the HDMI0 port, on the left looking at them with the
board top up. The IDs are stenciled on the top of the board but the
letters are about 1/32" high.

If that's the way you have it, I would suspect a defective cable or rpi
board.


Tom Dial

> 
> I've a C.E.T.'s typical test gear here, including a gigahertz
> sampling 
> scope, so test ideas welcomed from folks more rpi4 knowledgable than
> I.
> 
> And time to make more coffee.  Like Calahan's Bar, elixer of the
> gods, 
> but without the alcohol.
> 
> > Cheers, Gene Heskett
> 
> 
> Cheers, Gene Heskett
> -- 
> "There are four 

Re: Installation problem

[Thomas D Dial]

On Sat, 2019-09-14 at 08:46 +0200, john doe wrote:
> On 9/14/2019 7:36 AM, David Christensen wrote:
> > On 9/13/19 4:45 PM, Anne wrote:
> > > Hi, I am new to debian and I can not seem to get the OS installed
> > > properly.
> > > 
> > > What I have done so far is to
> > > 
> > > Make a free space partition of 100GB on drive D and then
> > > 
> > > 1. download the first DVD of 10.1.0
> > > 2. used rufus to put it on a thumb drive
> > > 3. Booted from the thumb drive and selected "graphical Install"
> > > 4. followed the prompts
> > > 5. Program said OS was installed and to reboot the system
> > > 6. reboot
> > > 7. Debian page showed up and I selected the first selection.
> > > 8. after a bit of doing things I get a black screen with a small
> > > cursor in the upper left of the screen
> > > 9. a power off or ctrl alt del is required to go further.
> > > 10. after reboot I get the Debian screen and select windows and I
> > > am
> > > up and running again.
> > > 
> > > I have done this three times
> > > 
> > > Twice with the DVD debian-10.1.0-amd64-DVD-1.iso
> > > and once with the DVD firmware-10.1.0-amd64-DVD-1.iso
> > > 
> > > results were the same each time...
> > > 
> > > What am I doing wrong???
> > 
> > You are headed down the path of "dual boot", which is unnecessarily
> > difficult and risks damaging your Windows installation.
> > 
> > 
> > If you have a Windows computer and you want to experiment with GNU/
> > Linux , you are better off installing virtual machine hosting
> > software
> > and downloading a pre-built virtual machine.  Obvious choices
> > include
> > Microsoft Hyper-V, Oracle VirtualBox, and VMware Workstation Player:
> > 
> > https://docs.microsoft.com/en-us/virtualization/
> > 
> > https://www.virtualbox.org/
> > 
> > https://www.vmware.com/
> > 
> 
> https://qemu.org
> 
> Given that you didn't crash your system with multiboot and that you
> see
> the prompt to select which OS to choose, I would keep the multiboot
> going.
> 
> Have you turned off fastboot on windows?
> 
> You shouldn't see D on Windows but somespace that Windows can't use.

Welcome to Debian. I suspect your installation, from either of the
sources you mention, is salvageable. And I think the advice here from
john doe is a good continuation point; it appears you have succeeded in
building a very nearly successful Windows/Linux dual boot setup.

As a first "next step" I suggest the following:

When you see the "Debian page" - that is the Grub boot menu - press the
'e' key. This will present the boot control instructions for the default
boot into your Linux in a form you can edit using the arrow keys to move
the cursor, backspace to erase, and normal keys to add things.

Locate the line beginning "linux." This probably has the word "quiet" at
or near the end, which prevents display of normal boot messages that do
not report serious problems; erase it and press control-x or the F10 key
to continue the boot.

You should see messages as the system boots and initializes Linux. The
last of them are likely to provide information about the reason the
system initialization does not complete. They may be self explanatory,
but if not, you can post them here and they may help others to provide
additional assistance.

Regards,
Tom Dial
 
> 
> --
> John Doe

Re: Is Linux a single-user system ? was: When/how/why to use "sudo", "su" or "su -"

[Thomas D Dial]

On Fri, 2019-09-13 at 16:56 +0200, Thomas Schmitt wrote:
> Hi,
> 
> Richard Owlett wrote:
> > Do you have any problem with my statement:
> > > Today Linux is being used by an individual who is the _only_
> > > user of a standalone system (e.g. laptop).
> 
> What about the really big iron ?
>   "Linux Runs on All of the Top 500 Supercomputers, Again!"
>   (June 2019)
>   https://itsfoss.com/linux-runs-top-supercomputers/

Not to mention hundreds or thousands of those same mainframes that run
the descendants of OS/360 and now also run Linux, either natively or in
VMs.

As an aside: Somewhat contrary to the origina post, the Linux man page
for su may be a bit above average, but covers su pretty well, including
the use of the '-' or '-l' or '--login' options.

regards,
Tom Dial
> 
> Have a nice day :)
> 
> Thomas

Re: attempted install of buster arm64 net-install on rp4 fails instantly

[Thomas D Dial]

On Tue, 2019-09-10 at 07:18 -0400, Gene Heskett wrote:
> On Monday 09 September 2019 23:06:27 Thomas D Dial wrote:
> 
> > On Mon, 2019-09-09 at 12:21 -0400, Gene Heskett wrote:
(unrelated material omitted)
> > > $PITA problem, raspian insists the first, usr 1000 is
> > > "pi".  Is there a foolproof way to convert that to "gene", or am I
> > > stuck
> > > logging into it as "pi"?
> >
> > I do not know if it is foolproof, but I would try
> >
> > usermod -l gene pi
> >
> > as root (or maybe with sudo; I am not sure that it would work while
> pi
> > is logged in, though).
> >
> > I have used it occasionally, and the only issue is with (mostly
> gnome-
> > related) dotfiles in the login directory that contain the old login
> as
> > a string and after the change need to have that replaced by the new
> > login. An unfortunate number of them are in sqlite files and unless
> > the details are important it probably is easiest to delete them and
> > start over.
> >
> That sounds like its fraught with all sorts of login cockups. 
> Inconvenient at best, so I'll probably skip it.

I would not expect it to be a significant on a fairly fresh install (for
instance, if you haven't used the GUI or, maybe, the web browser), where
those dotfiles are few and often empty.

My recollection was that files under .config were the most trouble, that
on a system where the renamed account had been used extensively and had
absolute paths containing the former username in various configuration
files.
 
Tom Dial.

> (more omissions)

> Question posted on their forum.
> 
> Cheers, Gene Heskett
> -- 
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> If we desire respect for the law, we must first make the law
> respectable.
>  - Louis D. Brandeis
> Genes Web page <http://geneslinuxbox.net:6309/gene>

Re: attempted install of buster arm64 net-install on rp4 fails instantly

[Thomas D Dial]

On Mon, 2019-09-09 at 12:21 -0400, Gene Heskett wrote:
> On Monday 09 September 2019 11:50:12 ghe wrote:
> 
> > On 9/9/19 8:26 AM, Gene Heskett wrote:
> > > On Monday 09 September 2019 08:58:10 Greg Wooledge wrote:
> > >> On Sun, Sep 08, 2019 at 03:04:40AM -0400, Gene Heskett wrote:
> > >>> sudo dd if=debian-10.0.0-armhf-netinst.iso bs=4096 of=/dev/sdf1
> > >>>
> > >>> /dev/sdf1 is an unmounted 64GB PNY u-sd card. Original format
> > >>> NTFS.
> > >
> > > That was one of /my/ screwups, fixed to /dev/sdf later. Now
> rapbian
> > > does something but only a magician knows what as I can't get any
> > > video out of it.  The debian-arm net-installs still stop dead
> after
> > > one flash of the green led. Then I start finding rumors that
> > > debian-arm isn't ready for pi4's, no device tree, and they became
> a
> > > mob in a few hours.  So now I'm trying to get video out of
> raspbian,
> > > failing miserably. In the meantime I'm trying to put together
> > > another working stretch on my pi3 so I can bring my lathe back to
> > > life.
> > >
> > > I had it working before the heart attack, but have come to the
> > > conclusion I may have over-wrote that card.  Damned hard to put
> > > identifying marks on a card that physical size. They should have
> > > something like a MAC address imprinted so that one could keep an
> > > index list of what each card does.
> >
> > Label them with a Sharpie -- 1, 2, 3, 4... And make notes in a
> > 'database' (aka 'a piece of paper and a pencil').
> >
> > > So I've given up on the pi4 till the heat sink cover and more of
> the
> > > micro to normal sized hdmi adapters arrive.
> >
> > Amazon. Single connector on both ends. Lots of choices, IIRC. Mine
> > does good video with the ASUS VE228 monitor over on the table.
> >
> > There was a little backAndForth between the connectors to find the
> > video, though, IIRC.
> >
> > > Might be a couple weeks
> > > yet, coming from banggood.  All I have for that adapter now is
> some
> > > sort of a 3 headed contraption I paid $16 for at wallies, and I've
> > > no clue if it works. I've never seen video come out of it.
> > >
> > > I even took the new 22" ONN monitor to the pi3 on the lathe, makes
> a
> > > decent pix on the pi3 at just noticeably lower contrast.
> > >
> > > Cheers, Gene Heskett
> >
> > Try the Buster NOOBS from the RPi website.
> >
> > Painless and works good here -- eventually. I'm using a 32G Samsung
> SD
> > 'card'. And a USB3 external twirling rust disk.
> >
> > 4 is a little persnickety, and the RPi Buster Raspian has been
> futzed
> > with. Last I heard, the Debian ARM software wasn't ready for 4 yet.
> 
> That seems to be the general opinion, darnit.
> 
> So lets go this way:
> I'm building a RealtimePi buster-lite on the pi3 right now. Just one 
> $PITA problem, raspian insists the first, usr 1000 is 
> "pi".  Is there a foolproof way to convert that to "gene", or am I
> stuck 
> logging into it as "pi"? 

I do not know if it is foolproof, but I would try

usermod -l gene pi

as root (or maybe with sudo; I am not sure that it would work while pi
is logged in, though).

I have used it occasionally, and the only issue is with (mostly gnome-
related) dotfiles in the login directory that contain the old login as a
string and after the change need to have that replaced by the new login.
An unfortunate number of them are in sqlite files and unless the details
are important it probably is easiest to delete them and start over.


> 
> debian-arm makes that easy by registering usr 1000 at install time,
> so 
> the name is arbitrary. Secondary problem will be slow video, about 
> 1/20th speed of new stuff because its all framebuffer. But it runs
> the 
> machine pretty good.  BTDT.
> 
> I've copied some stuff to SSD that will make setting up the new
> realtime 
> card a heck of a lot easier, like fstab and the hosts file, and I
> have 
> already stashed all the linuxcnc configs and gcodes to an SSD that
> will 
> be mounted after overwriting the fsatab and rebooting, including 10G
> of 
> swap on an SSD. Might have to pull a new git of linuxcnc since my
> local 
> copy is now a month old, and that will pull in a boatload of dev
> stuff 
> as builddeb works, but thats expected. A pi3b is not that fast at
> this 
> stuff, but at least with enough swap it doesn't OOM trying at build
> the 
> rs-274-d interpreter, it just keeps on chugging along.
> 
> Have I forgot something? Probably...
> 
> 
> Cheers, Gene Heskett
> -- 
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> If we desire respect for the law, we must first make the law
> respectable.
>  - Louis D. Brandeis
> Genes Web page 

- Tom Dial

Re: attempted install of buster arm64 net-install on rp4 fails instantly

[Thomas D Dial]

On Mon, 2019-09-09 at 14:24 -0400, Gene Heskett wrote:
> On Monday 09 September 2019 13:58:03 Greg Wooledge wrote:
> 
> > On Mon, Sep 09, 2019 at 01:47:30PM -0400, Gene Heskett wrote:
> > > Tell that to pam. Even after editing sudoers, pam won't allow yoou
> > > to do squawt as sudo root. BTDT.
> >
> > If you have a serious complaint or question, you must provide
> details.
> 
> Also true, but those details are close to a year old, and my chances
> of 
> remembering it ala copy/paste accuracy are slim and none, so at this 
> late date, I'll not inflict my typo's on you.
> 
> > Your continued pattern of just ranting "it didn't work" for EVERY
> > issue you encounter makes it impossible to help you.
> >
> > In Debian, universal sudo access is granted to any user in the sudo
> > group.  If you want to be able to use sudo to run any command as any
> > user, add your user account to the sudo group.  Either by running
> > "adduser $LOGNAME sudo", or by editing the file with "vigr".
> 
> I should paint that on the wall. :) I've been trying by adding me to 
> sudoers, but that seems to not work as expected.
> 
> > Then, log out and back in to get your new group memberships.
> 
> A detail I forgot, my bad.
> >
> > If that doesn't work in Raspbian, well, too damned bad.  This is a
> > Debian mailing list.  All we know is Debian.
> 
> Touche` However, debian is in effect the broodstock for a lot of
> these 
> variations, so what works for debian has a middling high chance of 
> working with the *pians.
> 
> > > > For safety, you should use "vipw", "vipw -s" and "vigr" to
> perform
> > > > those edits, but it's not actually required on Debian.
> > >
> > > Screwed up already, I used vipw to put me in front of pi, but now
> it
> > > wants genes passwd, which has not been set. So I'll have to bring
> > > that chip to a reader and edit it.
> > >
> > > Is there an order to make all this just work? But I'll have to
> wait
> > > till realtimepi is done. Estimated another couple hours.
> >
> > If you duplicate the lines in both /etc/passwd AND /etc/shadow, your
> > password for "gene" will be the same as the password for "pi". 
> > Because they both use the same salted hash in the shadow file.  You
> > know, the big-ass $1$abcdefgh$crapola string that you saw when you
> > edited the file? It's kinda hard to miss.
> 
> Yup, big sore thumb. But I'll have to fix it in a card reader now. 

You might try (from the pi account):

sudo -l
  (or)
sudo bash --login
passwd

I just did it on a brand new fresh raspbian-buster-lite; it worked fine
and let me su - (with the newly established password) and presumably
would let me log in directly. The approach is a bit old-school and
eventually I will set the image up to allow ssh as the only network
access, ssh to root from the local host only, and no passwords allowed,
as on other systems here.

> When 
> RealtimePi has finished. 
> 
> Thanks Greg.
> 
> Cheers, Gene Heskett
> -- 
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> If we desire respect for the law, we must first make the law
> respectable.
>  - Louis D. Brandeis
> Genes Web page 

Buster questions

[Thomas D Dial]

After upgrading several systems from Stretch to Buster during the last
few weeks, I have had problems with several of them and seek advice.

First, after the upgrade (and in one case of a fresh install), systems
mostly intended as servers - long uptime and reboots only as necessary
for maintenance - appeared to enter a suspend state without approval or
intentional configuration change. All are Intel-based, and except for
the fresh (Intel) install, had run without issue on Stretch for periods
ranging from weeks to months rather than suspending after about 15 idle
minutes. All have Gnome DE (which, for convenience and because I am used
to it, I prefer to keep), either gdm3 or lightdm, and Xorg. All use
systemd for init.

Initially, I told the Gnome power manager not to suspend for idleness,
and that seems to have worked for all but one of them. For that, I
consulted https: //wiki.debian.org/Suspend which, although written for
Jessie, made sense. Masking sleep.target suspend.target hibernate.target
hybrid-sleep.target seems to have cured that one.

My question here is first, is there an explanation for the apparent
behavior change, and second, is there a preferred way to forbid
suspension of servers?


The second oddity is that on one system /etc/resolv.conf is empty after
each reboot after upgrading from Stretch (except for the warning to not
edit the file). It previously was made correctly by resolvconf, and the
This server runs a handful of virtual machines and is rebooted only for
good cause, so I have no particular problem deploying my own, but it is
an annoyance and I will be grateful for suggestions to. Probably
relevant installed packages include

bridge-utils   1.6-2
network-manager1.14.6-2
network-manager-gnome  1.8.20-1.1
resolvconf 1.79

and maybe others.

What I think is the relevant part of /etc/network/interfaces is

#
# Network interface #1: enp2s0 - NAS2 (Gray cable)

auto eth2
iface eth2 inet static
mtu 9000
address 192.168.33.10/24

# Network interface #2: enp3s0 - LAN (Blue cable)

auto br0
iface br0 inet static
address 192.168.1.10
network 192.168.1.0
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1
bridge_ports eth0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off
dns-nameservers 192.168.1.8 192.168.1.60
dns-search .xxx  # EDITED #

auto br0.222
iface br0.222 inet static
address 10.10.10.10/24
vlan-raw-device br0

auto eth0
iface eth0 inet manual
mtu 9000
#


For brevity I cut out specifications for the other interfaces, all of
which are similar to that for eth2 above. I'll post the entire file if
anyone thinks it would be useful to resolve the issue.

Thanks in advance for help with either of these.

Tom Dial
td...@acm.org

Re: HTML mail

[Thomas D Dial]

On Thu, 2019-07-11 at 14:46 +0200, to...@tuxteam.de wrote:
> On Thu, Jul 11, 2019 at 07:26:00AM -0500, John Hasler wrote:
> > Brad Rogers writes:
> > > Except that the worst offenders are commercial entities such
> > > google,
> > > ebay(1), all banks, amazon, etc, etc. ad nauseam.  *None* of them
> > > are
> > > going to remove HTML and/or CSS from their emails until something
> > > 'better'(2) comes along.
> > 
> > Some banks have found something "better".  Their emails contain a
> > link
> > which automatically opens a page on their site in your browser (they
> > assume that everyone reads email in a browser, of course).  They
> > claim
> > this is more secure.
> 
> Horrifying.
> 
> [...]
> 
> > There is no point in complaining.  99% of users object to anything
> > *but*
> > html mail.  Most don't know that anything else exists.
> 
> For me, that would be a reason to change the bank.
> 
> My bank offers a standardized protocol based on public key
> cryptography.
> I can initiate a transaction (or fetch records) with a simple shell
> script.
> 
> No browser involved.

Can you name the bank? It has annoyed me for between 20 and 30 years
that banks, generally, have avoided this obvious way to conduct business
with their customers in favor of more vulnerable methods pushed by their
enterprise IT suppliers.

Regards,
Tom Dial
> 
> Cheers
> -- t

Re: Synaptic error message -- how to respond

[Thomas D Dial]

On Wed, 2019-04-24 at 10:42 -0500, Richard Owlett wrote:
> I have repeatedly received the following error message:
> > E: galternatives: package is in a very bad inconsistent state;
> > you should  reinstall it before attempting configuration
> 
> I don't recall what triggered it last week. Today I wanted to install 
> "apt-rdepends" which displayed the above error message. I closed the 
> message window. The box next to apt-rdepends was colored green 
> indicating it had been successfully installed. I did a test run of it 
> and got reasonably looking output.
> 
> I attempt to reinstall "galternatives" and receive:
> > E: /var/cache/apt/archives/galternatives_0.13.5+nmu4+deb9u1_all.deb:
> > subprocess new pre-removal script returned error exit status 1
> > galternatives
> 
> What should I do next?

Look carefully at everything from the 

"apt install --reinstall galternatives"

command to the end of the output from it. It shouldn't be all that long
but is likely to have diagnostic information you can use to identify and
correct the problem. If that doesn't clarify it enough, post the output,
 all of it. Many of us have seen install failures from time to time and
given enough output might have suggestions. Exit code from a script
bundled in the .deb file is too generic to be useful by itself.

Regards,
Tom Dial

> TIA
> 
> 
> 
> 

Re: Cannot re-install synaptic on Buster.

[Thomas D Dial]

On Mon, 2019-04-15 at 13:10 -0400, Kieran Smyth wrote:
> Thanks everyone for all the responses. The package gnome-packagekit
> seems like a good alternative for now, but ultimately I think
> reverting to stable rather than testing may be the way forward for me.
> 
> Although i'm going to explore other desktop environments, too. Not
> sure i'll be able to move away from MATE, though.
> 
> Lesson here is to pay attention when installing updates. Using
> synaptic, i missed that synaptic itself was going to be uninstalled
> after updating haha.

I know I'm pretty late to this party, but it took a little time to run
down my quite different experience with Buster, Wayland, and Synaptic,
which on this system seems to me to work just fine.
The original install was on 2018/06/27, from the Stretch 9.3.0 DVD-1
image. It was pretty much a vanilla installation, with Gnome (now mostly
3.30.1)  and, it appears, Wayland (now mostly 1.16.0-1, but xwayland is
1.20.3-1).
All repository references were changed to Buster and and the system
upgraded on 2018/07/08.
Sid repositories were added on 2018/10/02 to upgrade Firefox ESR to the
later version. Buster was kept as the default target by specifying
'APT::Default-Release "buster";' in /etc/apt/apt.conf.d/15preferences. I
also installed the Sid version of Chromium several months later.
It appears Synaptic was installed from the beginning and at some point
upgraded to the Sid version (presently 0.84.6, upgraded at 20:03 UDT
today from 0.84.5). 
With this configuration, synaptic works either when accessed directly
from the DE (by uprivileged user, but won't install) and from an ssh
session, started using "ssh -X -l root." I don't use things like gksu,
so can't comment on that.
Now, hearing about the correction underway, I worry a bit that what I
see as a highly workable solution will be undone and replaced by an
error message. I always have leaned strongly toward accepting
installation defaults and so learned to get along reasonably with Gnome,
several network managers that mostly work (and when they do, make setup
fairly painless), and even systemd, although I do not love it and think
sysv-init was quite ok.
Regards,Tom Dial
>  
> On Mon, Apr 15, 2019 at 2:04 AM Reco  wrote:
> > Hi.
> > 
> > 
> > 
> > On Mon, Apr 15, 2019 at 01:24:32AM -0400, Kieran Smyth wrote:
> > 
> > > For reasons unknown to me, synaptic uninstalled itself about three
> > weeks
> > 
> > > ago. I am using Buster on the desktop, with MATE as my desktop
> > environment.
> > 
> > 
> > 
> > Synaptic was removed from testing two weeks ago, see #818366.
> > 
> > 
> > 
> > > I like using a GUI frontend to apt, and if anyone can help me get
> > it back
> > 
> > > on my system i'd really appreciate it.
> > 
> > 
> > 
> > You're not supposed to use synaptic in Wayland session anymore.
> > Consider
> > 
> > using gnome-packagekit instead.
> > 
> > 
> > 
> > Reco
> > 
> > 
> > 

Re: New dual-boot laptop with two SSD drives: should I use LVM (and I have no experience with it)?

[Thomas D Dial]

On Sat, 2019-04-13 at 08:18 +0200, Pascal Hambourg wrote:
> Le 12/04/2019 à 22:46, Thomas D Dial a écrit :
> > In terms of management, it is a major advance over physical
> > partitioning
> > for the file systems and, depending on particular file system
> > characteristics, allows you to get out of space problems without
> > down
> > time in many cases (online resizing is available for jfs, xfs, I
> > think
> > for ext2/3/4, and possibly others).
> 
> XFS and ext* can be grown online. Ext* can be reduced offline only.
> XFS 
> cannot be reduced. Btrfs can be grown and reduced online. I don't t
> know 
> about JFS.

I ought to have specified "increase" or "growth" rather than "resizing,"
never having had occasion to reduce a volume. I also was unaware of the
situation with Btrfs.

JFS can be grown while mounted and in use, but as far as I know cannot
be reduced in size except offline.

Regards,
Tom Dial

Re: New dual boot laptop: Best file system for a USB live image for installation?

[Thomas D Dial]

On Sat, 2019-04-13 at 08:26 +0200, Pascal Hambourg wrote:
> Le 12/04/2019 à 22:25, Thomas D Dial a écrit :
> > I let the installer partition the USB key that was the install
> > target
> > and picked LVM, but specified distinct /, /usr/, /var, /home, and
> > swap
> 
> Why did you create a distinct volume for /usr ?

A (now) bad habit brought forward from 20+ year old HP-UX admin
experience.
> 
> > partitions and left some empty space within the LVM volume group.
> > The
> > installer offers a number of other options.
> 
> The guided partitioning options do not offer to leave some empty
> space 
> for future use in the volume group, making them mostly useless IMO.

This is an excellent point. An LVM volume group without free space isn't
a lot better than a full physical disk. I don't use guided partitioning
at install because it fills the disk and the volume group and because I
don't think I need the several hundred GB /home that I recall it will
set up on the large disk or SSDs we have now.

Regards,
Tom Dial

Re: New laptop: need advice on choice of file system types

[Thomas D Dial]

On Fri, 2019-04-12 at 12:43 -0400, Dan Ritter wrote:
> Tom Browder wrote: 
> > I have used ext4 for many years while I have been watching zfs and
> > btrfs being developed. I am now considering using one or both on at
> > least one partion during my upcoming new Debian installation.
> > 
> > Can anyone recommend either one for a normal (non-developer,
> > non-hobbyiest) user who does backups and values his data and wants
> > reasonable reliability?
> 
> If you want to experiment, having root on ext4 and /home on ZFS
> is pretty easy to accomplish.
> 
> ZFS for root is too difficult to recommend to a casual user
> today, but I expect that to change in a version or two.

I'll second this recommendation, with two additional comments. First,
there is a good set of instructions for installing with root on ZFS at

https://github.com/zfsonlinux/zfs/wiki/Debian-Stretch-Root-on-ZFS

that, if followed carefully and accurately, is very likely to result in
a successful install, including LUKS encryption and root on ZFS. I have
been testing one such on a VM for several months and plan shortly
install on an old (2011) Apple Macbook. My only deviations were to omit
encryption and to use Buster, rather than Stretch, as the target. I
think at the time I did it that may have given me a later version of
ZFS, and it was clear that Buster would become the new stable version
around the time I wanted to use ZFS for real.

The install process described there is straightforward, and it includes
the steps needed if you want to encrypt the file systemsbut very much
hands on. I don't think I would call it difficult as much as requiring
careful attention to detail while carrying out a fairly lengthy
procedure. It is possible to cut and paste many of the commands, but
they must be edited carefully for the target environment.

If you have a new and untouched machine, it would be an excellent
opportunity to try this without really risking anything but time and
maybe frustration.

Second, ZFS comes with a significant learning curve and differs a bit
from more traditional and common file systems used in Linuxland,
including those used with LVM. LVM adds a layer to management; ZFS
changes management quite a bit, although generally for the better. The
Oracle documentation for their commercial ZFS, though, is available on
their web site and generally usable with openzfs, although incompletely
because the later features of Oracle ZFS are not available.

ZFS for /home makes sense, especially for anyone not already somewhat
familiar with ZFS.

Regards,
Tom Dial

> 
> -dsr-

Re: New dual-boot laptop with two SSD drives: should I use LVM (and I have no experience with it)?

[Thomas D Dial]

On Fri, 2019-04-12 at 09:41 -0500, Tom Browder wrote:
> I've been using Linux for over 20 years, and Debian for over 10, but
> I've always used conventonal partitions and /etc/fstab definitions.
> 
> Now that I'm getting a virgin, up-to-date laptop, I am considering
> ising LVM but want to get the option of expert users: Should I go that
> route?

I would strongly recommend LVM as an option. I have used LVM on Linux -
and Debian - for as long as it has been available, and for some years
earlier on HP-UX.

As far as I know, it is no more likely to have failures than any other
disk layout, data recovery after failure is no harder. The only real
additional consideration is the need for the recovery machine and
software to understand enough about LVM, and any other Linux based
system can easily be used for that even if it does not intrinsically use
LVM.

In terms of management, it is a major advance over physical partitioning
for the file systems and, depending on particular file system
characteristics, allows you to get out of space problems without down
time in many cases (online resizing is available for jfs, xfs, I think
for ext2/3/4, and possibly others).

My recommendation is to use it unless you choose to use ZFS.

Regards,
Tom Dial

> 
> Every thing I read says I should, but my reluctance in the the past
> has always been my comfort level with handling disk failures (I've had
> my share) and recovery of lost data. Note that most of my disk
> failures have been the computer interface and I have been able to read
> the "bad" disk from another computer via a USB inteface.
> 
> I'm leaning toward using LVM but would appreciate any advice from LVM
> users.
> 
> Thanks.
> 
> Best regards,
> 
> -Tom

Re: New dual boot laptop: Best file system for a USB live image for installation?

[Thomas D Dial]

On Thu, 2019-04-11 at 20:01 -0700, David Christensen wrote:
> On 4/11/19 5:02 AM, Tom Browder wrote:
> > I'm preparing to install Win 10 and Deb 9 on a new ZaReason laptop
> > which
> > has no installed OS on it.
> > 
> > It comes with one 120 Gb SSD as its primary drive and has an empty
> > bay
> > where I will install a Samsung evo 860 1 Tb SSD.
Detailed instructions for installation media are at

https://www.debian.org/releases/stretch/amd64/ch04s03.html.en#usb-copy-isohybrid

They also apply to live-cd/live-dvd .iso media per

https://www.debian.org/CD/live/

The process (using the cp command on linux or functionally similar
commands on Windows) creates a file system that you do not have reason
to know or care about. The last one I used had a small EFI partition
(type ef) and 2.4 GB marked empty that actually contained all the data
and mount recognizes as an iso9660 file system.

Other parts of the Debian Installation Guide are likely to be useful as
well.

I can offer the following dual boot installation as a suggestive
example. This was to a HP Pavilion laptop dating from about 2011 that
has a traditional BIOS rather than EFI with the original HP setup and
Windows 10 (upgrade from Windows 7). I can't claim the procedure will
work on other equipment or EFI, but it seems reasonably likely that it
would.

In this case, I did not touch the internal disk because the HP factory
installation of Windows and various HP utilities used all four available
partitions. Instead, I installed Debian (Buster, but Stretch should not
be different in any significant way) on a 128 GB USB key, using either
the Live image mentioned above or a Netinstall .iso image put on the USB
key as described in the installation guide.

I let the installer partition the USB key that was the install target
and picked LVM, but specified distinct /, /usr/, /var, /home, and swap
partitions and left some empty space within the LVM volume group. The
installer offers a number of other options. Once partitioning was
complete, the installation was like any other Debian install, including
grub installation, which automatically found both the USB "disk" and the
internal disk with Windows.

I left the BIOS boot sequence with the USB device ahead of the internal
disk in the boot sequence, resulting in:

1. With the USB key in place, the Grub menu allowed choice of either
Debian (default) or Windows from the internal disk;

2. With the USB key removed, Windows booted normally.

There were no issues except that I seem to remember having to restore
the BIOS boot sequence after a Windows Patch Tuesday.

Regards,
Tom Dial

> 
> Which model zareason laptop?
> 
> 
> Which make, model, form factor, and interface 120 GB SSD?
> 
> 
> Which form factor and interface Samsung EVO 860 1 TB SSD?
> 
> 
> How much RAM?
> 
> 
> Make and model WiFi interface?
> 
> 
> David

Re: (Thank you Tom) Re: David --- Re: WRITING to NTFS drives

[Thomas D Dial]

On Wed, 2019-03-13 at 21:57 +0100, Linux-Fan wrote:
> > On 3/13/19 3:43 PM, Thomas D Dial wrote:
> 
> [...]
> 
> > > I contacted a relative who does this routinely. Windows
> > > alternately, I
> > > contacted a relative who does this routinely about the initial
> > > queston
> > > about writing to NTFS file systems from Linux and Windows
> > > alternately.
> > > Although he does this in a dual boot environment, and with either
> > > Ubuntu
> > > or Mint, they should be similar enough to Debian and the proposed
> > > use to
> > > be meaningful.
> > > 
> > > He did not report problems with NTFS as such, but mentioned
> > > possible
> > > OneDrive sync issues and inability of Linux to write to a Windows
> > > drive
> > > if it was closed down in a locked state. I knew nothing of such a
> > > "locked state" and Google search for it indicated only issues that
> > > suggest prior file system corruption that needed chkdsk or SFC
> > > (and
> > > possibly bootrec, or even Windows refresh or reinstall), so
> > > probably not
> > > a meaningful barrier.
> > > 
> > > Prior testing would be appropriate, with verification of the 90%
> > > or more
> > > most common use cases, maybe with help of a relatively
> > > knowledgable user
> > > or a few of them.
> 
> [...]
> 
> The locked state might be from a feature introduced in Windows 8:
> Windows
> does not shut down by default but rather goes into suspend-to-disk. If
> the
> data is accessed from another OS while Windows is suspended, Windows'
> and
> the other OS' view on the data may be inconsistent and cause file
> system
> corruption.
> 
> https://answers.microsoft.com/en-us/windows/forum/windows_10-performance-
> winpc/win10-fast-start-up-quick-boot-warning-suggestion/5fec376c-
> d876-4033-85f6-32c2d2cb5e03
> 
> So for external drives there should not be an issue as long as they
> are
> unmounted/disconnected properly prior to a Windows shutdown or
> alternatively
> one can disable "Fast Startup" completely to avoid its risks.
> 
Thank you for the explanation, and reference, which makes sense and
persuades me to make sure fast startup/quick boot is disabled on the
small number of Windows things on my network. The floundering fix I
mentioned in an earlier post may well have been made necessary by this
"feature." Most of the systems here are on all the time, and I rarely am
in such a hurry that a minute or so to boot from cold would be a
problem.

Tom

> HTH
> Linux-Fan
> 
> OT: Last time I e-mailed the list, my mail's signature could not be
> verified
> successfuly in (at least not in my e-mail client)... I am not sure how
> to
> debug this so it might again be signed incorrectly? :(

Re: David --- Re: WRITING to NTFS drives

[Thomas D Dial]

On Wed, 2019-03-13 at 11:12 -0400, deb wrote:
> On 3/12/19 9:50 PM, David Christensen wrote:
> > On 3/11/19 11:13 AM, deb wrote:
> > > 
> > > I saw this question come up
> > > 
> > > and it set off bells.
> > > 
> > > 
> > > Someone asked what the status of WRITING to NTFS drives was.
> > > 
> > > That it was not yet supported (?) .
> > > 
> > > 
> > > 
> > > *MY* Assumptions:
> > > 
> > >   * MIXED NETWORK, with Win, Mac, Linux (EXT4 formatted).
> > > 
> > >   * many portable 1-5TB drives making the rounds, formatted with
> > > NTFS.
> > > 
> > >   * data loss is unacceptable [to the highest degree that is
> > > possible].
> > > 
> > > 
> > > 
> > > I know that I can read (and verify) files just fine from NTFS on 
> > > Debian 9.8
> > > 
> > > but [if you have direct experience with this]
> > > 
> > > is writing to these drives from debian actually safe?
> > > 
> > > 
> > > [if you have direct experience with this]
> > > 
> > > what process/tool(s) do you use to validate the writes?
> > > 
> > > 
> > > What are other places to ask this?
> > > 
> > > 
> > > Thank you!
> > 
> > On 3/12/19 4:40 PM, deb wrote:
> > > I'm faced with people running everywhere with these things, and 
> > > dozens of drives.
> > 
> > Writing to NTFS file systems using Debian has worked for me for the 
> > current and past few releases of Debian Stable.  It is not a common 
> > use-case for me any more, so I'll refrain from making comments.
> > 
> > 
> > However, it seems like you have a large sneaker net with many
> > sneakers 
> > and even more feet.  My experiences with a few sneakers and two
> > feet 
> > prompted me to pursue better solutions (Ethernet network, file
> > server, 
> > version control server, backups, archives, images, etc.).  I am 
> > curious why you don't do the same?
> > 
> > 
> > David
> > 
> > 
> 
> Brace yourself.
> 
> They take the drives back and forth *Home*.
> 
> (As well as back & forth to clients)..
> 
> There is equal volume pumping around the LAN as well.

It appears you have a problem that is more managerial in nature than
technical, that the best technical measures can do no more than
mitigate.

Scary. My employment was in a US DoD agency that was pretty careful
about information assurance generally, where such activity was forbidden
and punished if found. I do not like to think about having to make it
work.

I contacted a relative who does this routinely. Windows alternately, I
contacted a relative who does this routinely about the initial queston
about writing to NTFS file systems from Linux and Windows alternately.
Although he does this in a dual boot environment, and with either Ubuntu
or Mint, they should be similar enough to Debian and the proposed use to
be meaningful.

He did not report problems with NTFS as such, but mentioned possible
OneDrive sync issues and inability of Linux to write to a Windows drive
if it was closed down in a locked state. I knew nothing of such a
"locked state" and Google search for it indicated only issues that
suggest prior file system corruption that needed chkdsk or SFC (and
possibly bootrec, or even Windows refresh or reinstall), so probably not
a meaningful barrier.

Prior testing would be appropriate, with verification of the 90% or more
most common use cases, maybe with help of a relatively knowledgable user
or a few of them.

Tom Dial

Re: WRITING to NTFS drives

[Thomas D Dial]

On Mon, 2019-03-11 at 14:13 -0400, deb wrote:
> I saw this question come up
> 
> and it set off bells.
> 
> 
> Someone asked what the status of WRITING to NTFS drives was.
> 
> That it was not yet supported (?) .
> 
> 
> 
> *MY* Assumptions:
> 
>   * MIXED NETWORK, with Win, Mac, Linux (EXT4 formatted).
> 
>   * many portable 1-5TB drives making the rounds, formatted with NTFS.
> 
>   * data loss is unacceptable [to the highest degree that is
> possible].
> 
> 
> 
> I know that I can read (and verify) files just fine from NTFS on
> Debian 9.8
> 
> but [if you have direct experience with this]
> 
> is writing to these drives from debian actually safe?
> 
> 
> [if you have direct experience with this]
> 
> what process/tool(s) do you use to validate the writes?
> 
One data point, clearly in need of additional support (or refutation).

I will lay claim to having, in a small number of cases, written to NTFS
file systems using recent (jessie, stretch, buster) Debian versions.

Validation was that the files subsequently were readable, modifiable,
and rewritable by Windows 10 or Windows 7 applications. Some of them
later were readable, modifiable, and rewritable on the originating Linux
system.

This is a somewhat weak claim, since it involved only a small (but
double digit) number of files, and only a few applications (mostly
OpenOffice or LibreOffice Calc and MS-Office Excel).

On one occasion I managed, largely by trial and error, to repair an NTFS
file system using tools available on Debian (buster, I think, but maybe
stretch).

Tom Dial
> 
> What are other places to ask this?
> 
> 
> Thank you!

Re: Adding/modifying users under MATE DE

[Thomas D Dial]

On Mon, 2019-02-04 at 10:34 -0600, Richard Owlett wrote:
> I'm creating a Tcl script [to be run as user] which calls dumpe2fs , 
> requiring root privileges. On comp.lang.tcl I was pointed to 
> [
> https://www.cyberciti.biz/faq/linux-unix-running-sudo-command-without-a-password/
> ] 
> which pointed out that a user could be authorized to run specific 
> executables.
> 
> Although I'm the only person with any access to my machine, I have 
> avoided using sudo in the past. That article dampened my qualms.
> 
> Back in 2015, when wanting to modify users, I was pointed to
> "mate-system-tools". According to 
> [https://tracker.debian.org/pkg/mate-system-tools] it has been
> removed 
> from the repository.
> 
> Is there a user friendly alternative?
> 
> Following a series of links suggests using visudo. It doesn't look 
> friendly. I'm not sure yet if it can create new users from scratch. 
> There are references to adduser (and relatives) but 
> [https://packages.debian.org/stretch/adduser] gives its home page as 
> [http://alioth.debian.org/projects/adduser/] which seems to be
> defunct.
> 
Visudo edits the sudoers file, which describes who may use the sudo
command, and for what. Paraphrasing the visudo man page, it does so
safely, so that (a) the file /etc/sudoers is locked to prevent
concurrent edit operations from messing it up, and (b) it is checked
before saving for syntax errors and not saved if there are.

As Tomas noted in an earlier response, the environment variable EDITOR
can be set to determine the editor to be used, although I also do not
know whether GUI editors can be used successfully: I had no success
using LibreOffice Writer in the simplest way, but that alone is not
proof.

When in doubt about questions like this it often is helpful to consult
man pages, which often are available on the Web if you don't want to
install the necessary packages that includes them. In this case, if sudo
is installed, the man page for sudo also will be there, probably along
with those for sudoers and visudo, although I could be wrong about the
last.

Tom Dial

> Where is a first time user to go for appropriate guidance?

Re: Thunderbird + Enigmail + saving draft with encryption

[Thomas D Dial]

On Fri, 2019-02-01 at 18:26 +, Paul Sutton wrote:
> Hi
> 
> Thunderbird + Enigmail has an option in "account settings" OpenPGP
> Security to save a draft of a message with encryption, as expected
> this
> saves the draft but with a new subject as "Encrypted message" and it
> appears in drafts as this.
> 
> If you save the message,  close the compose window,  then go to
> Drafts, 
> then reopen the message for more editing before sending the subject
> remains as "Encrypted message" and you lose the original subject
> header.
> 
> I just wondered if this is what is meant to happen ? or is the
> original
> subject header supposed to be restored.  Has anyone else noticed this.

I noticed this a few weeks or a month ago and took it to be a somewhat
inelegant, maybe incompletely implemented, feature intended to improve
metadata security. I believe "Encrypted message" also becomes the
subject of the transmitted message. 

Exposure of the  metadata showing who is in contact with whom, and when,
is pretty much inescapable, but the subject line, which is not
encrypted, also can  provide useful information to an eavesdropper, even
if she cannot decrypt the message body. This is noted in some PGP or GPG
documentation I have seen, accompanied by recommendations to obscure the
Subject: line and put the true subject within the body.

Tom Dial
> 
> System information
> 
> Thunderbird 60.4.0 (64-bit)
> 
> Enigmail 2.0.9
> 
> Distributor ID:Debian
> Description:Debian GNU/Linux 9.7 (stretch)
> Release:9.7
> Codename:stretch
> psutton@zleap:~$
> 
> Linux zleap 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64
> GNU/Linux
> 
> 
> Paul Sutton
> 
> 
> 
> 

Re: trying to install Debian encrypted in an existed partition, keeping the rest as it is ...

[Thomas D Dial]

On Wed, 2019-01-30 at 06:42 -0800, David Christensen wrote:
> On 1/29/19 9:30 PM, Albretch Mueller wrote:
> >   use case:
> > 
> >   Say, you have a computer preinstalled with Windows, on which you
> > would like to install a Debian Linux base. You would:
> > 
> >   1) resize the larger, Windows proper (/dev/sda3) partition
> >   2) install Linux encrypted in the created space, with
> >   3) what you need to start it up (the /root partition) on a pen
> > drive
> > 
> >   So, other people may be able to use that box just fine under
> > Windows
> > and you would do your thing.
> > 
> >   If for whatever reason you disown that computer, you would just
> > delete that partition. Your own data you will keep on a USB pen or
> > microdrive.
> 
> If you want a portable Debian installation, install Debian on a USB 
> flash drive.  To avoid confusion, install (and update/upgrade) on a 
> computer with no other drives connected (so that GRUB does not create 
> boot menu entries for other operating systems).  Use the motherboard 
> firmware (BIOS/UEFI) boot device hot key and/or setup program to boot 
> Debian.
> 
I see no reason to take the original drive out for the install. If you
don't, grub will find the OS(s) on it and generally provide correctly
for booting them if you wish to do so. If the machine is booted without
the USB key, it still will boot normally for the old OS(s). I have found
this arrangement quite convenient.

Tom Dial 
> 
> >   Any step by step procedures?
> 
> See the Debian stretch -- Installation Guide:
> 
> https://www.debian.org/releases/stable/installmanual
> 
> 
> Use a camera or phone to take photographs of the screen as
> needed.  Use 
> a second computer to take detailed notes.  Put everything into your 
> favorite version control system.
> 
> 
> David

Re: i386 version for chrome

[Thomas D Dial]

On Sat, 2018-10-27 at 13:13 -0400, Gene Heskett wrote:
> On Saturday 27 October 2018 11:09:48 Steve McIntyre wrote:
> 
> > Gene Heskett wrote:
> > >On Saturday 27 October 2018 09:58:45 Curt wrote:
> > >
> > >root@coyote:/home/gene/Downloads# dpkg -i
> > >vivaldi-stable_2.1.1337.36-1_i386.deb
> > >Selecting previously unselected package vivaldi-stable.
> > >(Reading database ... 517038 files and directories currently
> > > installed.) Unpacking vivaldi-stable (from
> > > vivaldi-stable_2.1.1337.36-1_i386.deb) ...
> > >
> > >dpkg: dependency problems prevent configuration of vivaldi-stable:
> > > vivaldi-stable depends on libappindicator3-1; however:
> > >  Package libappindicator3-1 is not installed.
> > >
> > > vivaldi-stable depends on libc6 (>= 2.16); however:
> > >  Version of libc6:i386 on system is 2.13-38+deb7u12.
> > >
> > > vivaldi-stable depends on libgtk-3-0 (>= 3.9.10); however:
> > >  Version of libgtk-3-0:i386 on system is 3.4.2-7+deb7u1.
> > >
> > > vivaldi-stable depends on libpango-1.0-0 (>= 1.14.0); however:
> > >  Package libpango-1.0-0 is not installed.
> > >
> > > vivaldi-stable depends on libpangocairo-1.0-0 (>= 1.14.0);
> however:
> > >  Package libpangocairo-1.0-0 is not installed.
> > >
> > >dpkg: error processing vivaldi-stable (--install):
> > > dependency problems - leaving unconfigured
> > >Processing triggers for menu ...
> > >Processing triggers for desktop-file-utils ...
> > >Errors were encountered while processing:
> > > vivaldi-stable
> > >
> > >So its not going to work on a 32 bit wheezy, ever.
> >
> > That's hardly a surprise. Wheezy was released over 5 years ago, and
> > isn't even in LTS any more.
> >
> > >I'll update this machine to a 64 bit stretch if and when the
> network
> > >works again. Armbian is now working on a rock64, but thats the only
> > >variety of nix for arm64 that will accept and use a gateway
> statement
> > >in its net config
> >
> > You keep on asserting this, but it's patently not true. That's a
> > standard feature of Debian on all architectures. I understand you've
> > seen problems, but it just needs debugging to see how things were
> > broken in your case. :-(
> 
> Then give me an install that can be made to work in a hosts file
> defined 
> local network that can accept a gateway statement in its e/n/i file.
> The 
> default install does NOT accept it until the network has been brought 
> up.  And the syntax for the deprecated route command is too complex
> to 
> remember, then everybody wants me to use ip-(mumble) for that without 
> anything that resembles a man page to tell me how to use it for
> that.  
> Thats the singular most obtuse man pages group I've tried to make
> sense 
> of in 35+ years of making networks work starting even before Hayes 
> modems were the default.
> 
> The arm64 stretch install has, as e/n/i.d/eth0:
> 
> auto eth0
> iface eth0 inet static
> address 192.168.NN.2/24
> gateway 192.168.NN.1
> dns-nameserver 192.168.NN.1
> dns-search hosts dns
> 
> And that works, I just got it from that machine with an ssh login.
> 
> So all the stuff that used to be in e/resolv.conf is now in that
> file, 
> but no one in 2 damned years of my asking questions has ever
> mentioned 
> that its been moved or why. To add to the confusion, /etc/resolv.conf
> is 
> now a link that returns a list of nameservers only. But is there any 
> documentation for all the shuffling? Not thats been converted to a
> utf8 
> file I can peruse and learn from.

#===
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug enp0s18
iface enp0s18 inet static
  address 192.168.1.60/24
  gateway 192.168.1.1
  dns-nameserver 192.168.1.60
  dns-nameserver 192.168.1.4
  dns-search xx.org
#===
This /etc/network/interfaces file has been in use for 2+ years through
several upgrades without issues, so it might not be a really bad pattern
to look at. The nameservers at .60 and .4 are authoritative for
xx.org and refer other requests to opendns.

> 
> Sorry Steve, but your claim that its simply not true, pulls my
> trigger, 
> best to duck. And maybe fix a few man pages. Please. ;-)
> 
> -- 
> Cheers, Gene Heskett
> --
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> Genes Web page 

Best wishes

Tom Dial

Re: update hell

[Thomas D Dial]

On Thu, 2018-08-02 at 13:32 +1200, Ben Caradoc-Davies wrote:
> On 02/08/18 13:05, Default User wrote:
> > So, if apt-get is for non-trivial upgrades, then why not for daily
> > use?

In my experience, major upgrades using aptitude sometimes get seriously
bogged down resolving dependencies, whereas apt-get and apt generally
run smoothly.

I also have found it generally works better to do apt-get upgrade
followed by apt-get dist-upgrade rather than trying to do it all in one
step, and that with rare exceptions, it all comes out right in the end,
although there occasionally are oopses that require a bit of additional
effort. If there are difference between apt-get and apt other than some
of the command names, I have not noticed them, and now generally use
apt.

Tom Dial

> I use it daily and for trivial upgrades.
> 
> > Not efficient to have multiple choices. Debian, please choose one
> > and
> > deprecate the others.
> 
> Debian is all about multiple choices. Debian tries to include
> everything 
> that meets the DFSG, from choice of init system, filesystems,
> servers, 
> to desktop. Debian is inclusive.
> 
> Choice reduces happiness:
> https://www.ted.com/talks/dan_gilbert_asks_why_are_we_happy
> 
> For enhanced new-user happiness, other distributions provide more 
> curated selections. Once users have become accustomed to a curated 
> subset, the breadth and flexibility of Debian makes it easy to
> reproduce 
> a selection found in a more limited distribution.
> 
> > I patiently await your hate mail.
> 
> You did not mention systemd; no hate mail for you!  ;-)
> 
> Kind regards,
> 

Re: Undesired ssh login attempts

[Thomas D Dial]

On Sun, 2018-06-10 at 11:09 +, Dan Purgert wrote:
> deloptes wrote:
> > Hi,
> > I recently get many of those, which means someone found out that
> > ssh
> > external is on port 2 and is trying to do some evil work there.
> > Should I worry or do something?
> 
> Use key-based auth only
> Ensure root ssh login is not allowed
> Perhaps fail2ban (or equivalent)
> Perhaps forget about funny ports (as they're "security by obscurity"
> at
> best).

I've generally used the following on machines that allow ssh login:

AllowUsers root@ ...
# may be impractical for systems that have many logins, but mine don't)
PermitRootLogin prohibit-password (OpenSSH default)
PasswordAuthentication no
ChallengeResponseAuthentication no (Debian default)

The private key for root access on a machine is owned by a dedicated
administration account on the system, is unique to the machine, and is
passphrase protected. On some machines the admin account is only
accessible to access from the machine. On most systems the root
password is a random string that was discarded after being set.

SSH runs on port 22, since the attempt volume has not been high
recently. The firewall denies port 22 access.

These seemed to me a reasonable compromise between security and
convenience. 

Tom Dial
td...@acm.org

> 


> 

Re: Re: debian-user-digest Digest V2016 #417

[Thomas D Dial]

It's been quite a while since I did an install from scratch and either
the prior overwrite option is new since, or I forgot it; the random
pattern overwrite choice would be better. The US DoD requires (or did
some time ago) multiple overwrites with specified patterns, beginning
and ending in zeroes, that resulted in changing each bit three or more
times. That requirement was for devices with no classified or personally
identity information; those had to be degaussed and shredded physically.

The BIOS would not boot a completely overwritten disk, but the fdisk or
cfdisk program, possibly available on a live CD, or maybe whatever disk
format program the Debian installer uses would install the necessary
boot block. Unless there is a reason for extreme care, the random byte
option in the installer s/b quite adequate.

Tom

On 05/03/2016 04:12 AM, debian-user-digest-requ...@lists.debian.org wrote:

On 05/02/2016 05:38 PM, Ralph Sanchez wrote:
> Tom-That's what I thought too, but I thought someone said earlier that
> during the install w/ encryption, Debian would also zero the disk, or
> maybe I'm mistaken. As far as the process if I did what your
> suggesting and I was going to do, would it work like this...
> 
> Boot from USB Live ISO
> 
> Run choice zero/random pattern overwrite program
> 
> Install from USB Live
> 
> lol I know it seems simple and like I should know the answer, but I've
> never even fully formatted a HDD myself, never had a reason too
> (degaussed one, the only other one I ever used haha had that Compaq
> Presario tower for yers) so I guess I was worried if something
> happened to make the system reboot with the HDD completely gone the
> BIOS system wouldn't boot from the USB either then. I guess this comes
> down to not knowing much about the Bios itself, where it's located and
> how it works. It's funny how we pass over the simple things when
> learning the bigger things we think are more important haha
> 
> On Mon, May 2, 2016 at 7:03 PM, Tom Dial  wrote:
>> Although encryption of the disk (as offered during installation) is a
>> good idea, it protects against loss of the system or disk while powered
>> down. It does not protect against unauthorized access to the running
>> system, and if the threat model includes that, zeroing (or better yet,
>> multiply overwriting with varying patterns and then zeroing) offers
>> protection that disk encryption does not.
>>
>> Neither action protects against determined state equivalent actors or
>> malware implanted in the drive controller.
>>
>> Tom Dial
>>
>> On 05/02/2016 11:17 AM, debian-user-digest-requ...@lists.debian.org wrote:
>>

Re: Zero filling my HDD before installation

[Thomas D Dial]

Yes, from my experience it is safe. You may have to add a partition
table before formatting it. If I recall correctly, cfdisk will complain
mildly and ask you to do that. The Linux installer might take it in
stride, or you might have to run fdisk or cfdisk from the USB ISO.

Tom Dial


On 05/02/2016 09:00 AM, CD Lexi wrote:
> Hey everyone. I'm currently looking to switch to Debian from Windows. I
> used to love windows, but with every upgrade it seems I lose privacy,
> control and honestly functionality. Sure, there's a lot more I can, if
> that wasn't mitigated by what windows wants me to do at the time. I
> should have never even moved on to 10...constantly interrupting or
> flogging my system to ask me to upgrade in the middle of sensitive work
> should have been my tip offI digress...
> 
> My question is this: I know what Zero and Random fills do to a drive, I
> run them on every USB and Sd/MSD card I buy or retrieve, and everytime I
> repurpose them. But I've never done this to a HDD and my laptop is my
> only accessible PC aside from my Galaxy S6. I've backed up all my
> important documents to multiple cloud locations, so I'm not worried
> about losing user data. I'm just wandering, is it safe to Zero Fill an
> HDD before installing Debian from a USB ISO? I know I can boot to the
> ISO and Zero or Random Fill, or other sani methods from the USB Booted
> Debian, but will doing this to my hard drive stop me from being able to
> install from the USB to the HDD? I guess because I've never really
> messed with the BIOS in windows, aside from neccisity, I'm just worried
> if I zero fill and for some reason my laptop reboots before the new
> install, it won't boot from the USB anymore and thus make me have to
> find another computer from which to install DB. This is probably a
> rookie question, but better safe then sorry with my first full HDD
> sanitzation. Thanks!!!
> 

Re: Sudo

[Thomas D Dial]

On 03/20/2016 10:30 PM, Michael Milliman wrote:
> On 03/20/2016 03:26 AM, Adam Wilson wrote:
>> On Sat, 19 Mar 2016 19:30:57 +
>> Joe  wrote:
>>
>>> On Sat, 19 Mar 2016 19:57:56 +0100
>>> Sven Arvidsson  wrote:
>>>
 On Sat, 2016-03-19 at 18:38 +, Joe wrote:
> I've never seen sudo installed by default in any Debian, and I
> begin with expert minimal netinstalls of stable, and I've never
> seen it offered as an option there. My first two actions on
> reboot are to install sudo and mc.
  By default you are asked to provide a password for the “root”
  (administrator) account and information necessary to create one
  regular user account. If you do not specify a password for the
  “root” user this account will be disabled but the sudo package
 will be installed later to enable administrative tasks to be carried
 out on the new system.

 From https://www.debian.org/releases/stable/amd64/apas03.html.en

   
>>> OK, I didn't know that.
>>>
>> When you carry out a net install (or any installation, in fact) if you
>> decline to provide a root password then sudo is automatically installed
>> and configured for you, with the first user you create able to become
>> root with sudo.
>>
>> This is all explained in the installer at the root password stage-
>> there is no need to install sudo manually post-installation.
>>
>> If you want sudo, just don't provide a root password in the
>> installation.
> On the other hand, I use both su and sudo.  If I have a protracted
> session with several different tasks that I need to complete all
> requiring root access I su to the root user.  If on the other hand, I
> only need to perform a single command, or so, I use sudo.  Both have
> their uses, though as already noted, Debian generally does one or the
> other as a default.  I install with a root password, and then bring in
> the sudo package post-installation.
> 

Or simply "sudo bash --login"

I haven't needed to use root login for years, including on Ubuntu
systems on which, as far as I can tell, no direct root login is available.

Tom Dial

Re: connect Ethernet to WiFi?

[Thomas D Dial]

A quick way to get a compatible USB WiFi would be to order one for a
Raspberry Pi from a store that sells the latter.  In the US I would use
Newark.com.

Tom

On 02/18/2016 01:49 AM, Staszek wrote:
> Hi
> 
> How do I connect an old laptop without WiFi (but with free USB ports and
> working wired Ethernet card) running Debian stable to a WiFi network,
> without installing non-free software on the laptop? What devices would
> you recommend?
>