Re: Bluetooth sound problems playing from a web browser

[Jan Krapivin]

Have you tried a LIVE-version of another Linux distribution? It will be
interesting to compare.

вс, 7 апр. 2024 г. в 22:30, Richmond :

> Richmond  writes:
>
> > Richmond  writes:
> >
> >> When playing videos in a web browser, and sending the sound to a
> >> bluetooth speaker (amazon echo) I get playback problems; stuttering,
> >> sound quality reduction to AM radio level or lower). These things can
> >> clear up after a minute or two, or be reduced.
> >>
> >> When playing from nvlc however I get no such problems. (I haven't
> >> tried vlc so I am not sure if it is just that it is a command line).
> >>
> >> I have tried google-chrome and firefox-esr.
> >>
> >> Perhaps there is some other browser which will work? Maybe I need to
> >> isolate the process from the browser? I tried pop-out picture on you
> >> tube and it improved but there was still stuttering.
> >
> > I installed Falkon and Konqueror. I tried Falkon and it worked fine, no
> > sound problems. But then I tried Google-chrome again and that was
> > working fine too, and so was Firefox-esr. The problems have gone away
> > and even rebooting doesn't bring them back. Maybe one of those browsers
> > brought a better library with it.
>
> These problems have come back again. I have tried rebooting. I tried
> sending the same audio from an android phone and it works fine. How do I
> find out what the problems is? I cannot see errors in journalctl
>
>

Re: Root password strength

[Jan Krapivin]

чт, 21 мар. 2024 г. в 22:34, Alexander V. Makartsev :

> This conclusion seems less than optimal to me.
> By condemning yourself to type 12+ character password every time you
> 'sudo' would really hurt accessibility and usability of your home computer
> and for no good reason.
>
> If we focus solely on your use case: a login security of a PC at home,
> without remote access, then password of your sudo user could be as short and
> simple as four numbers, of course unrelated to your date of birth, phone
> number, or any other easily guessable sequence of numbers, like '1234'.
>

Are you speaking only about sudo or root password also?

The thing that bothers me are words: "*any* computer (and a fortiori any
server) connected to the Internet

* is regularly targeted by automated connection attempts"*
I am not tech-savvy. Can you say with 100% (90%?) confidence that there is
no such thing? That home PC without SSH and whatever complicated is safe
(rather safe) from "

*automated connection attempts"?*
This thread reminded of that topic -
https://forums.debian.net/viewtopic.php?t=154002

Re: Root password strength

[Jan Krapivin]

I must mention that "32 characters" is only my guess.

In the Handbook it is said: "The root user's password should be long (12
characters or more) and impossible to guess."

Also, i must again say that in my case we speak just about a humble home
desktop, without a ""ssh" access"" or whatever complicated.

Thank you for your answers and tips. I will make a very strong password for
root and a strong one for  a user in the sudo group.

Re: Root password strength

[Jan Krapivin]

> The threats are different for:
>
> - a laptop that travels and can be stolen
> - a desktop that does not leave your residence
> - a server that accepts connections from the outside world
>
>
> Check whether you are running ssh:
>

It is a simple home desktop PC

*@deb:~$ /sbin/service ssh status*

*Unit ssh.service could not be found.*

*@deb:~$ sudo /sbin/service ssh status*


*[sudo] password for ***: *

*Unit ssh.service could not be found.*

Re: Root password strength

[Jan Krapivin]

> Do you have some kind of remote access enabled or do you intend to in
> the near future?
>

No and no. Its just a simple home PC.

>
> If not, then you do not need to worry. Even less if you have a firewall
> to block any service that might appear by mistake.
>

I have UFW (gufw) enabled.

 Thank you.

Root password strength

[Jan Krapivin]

I read Debian Administrator's handbook now. And there are such words:

The root user's password should be long (12 characters or more) and
impossible to guess. Indeed, any computer (and a fortiori any server)
connected to the Internet is regularly targeted by automated connection
attempts with the most obvious passwords. Sometimes it may even be subject
to dictionary attacks, in which many combinations of words and numbers are
tested as password. Avoid using the names of children or parents, dates of
birth, etc.: many of your co-workers might know them, and you rarely want
to give them free access to the computer in question.

The thing is my password is very easy now, and i haven't thought about
*"automated
connection attempts"*, that sounds rather... scary? My password is easy
because i am not afraid of direct physical access to the computer.

But... if there is a serious network danger, then i should change my
password of course. But how strong it should be? If we speak about network
attacks... it should be like 32 symbols with special symbols? Or this
paragraph in a handbook is rather paranoid?

I have activated sudo now for my regular user. Can it (password of regular
user) be less sophisticated than root password? Because it would be rather
difficult to enter 32 symbols every time i wake my PC after suspend.

Re: Bluetooth sound problems Debian 12 GNOME

[Jan Krapivin]

Good news. Looks like I have solved the problem. As a last resort I have
bought another one wi-fi receiver, third one. It has *Realtek RTL8763BW*
chip
<https://www.realtek.com/en/products/communications-network-ics/item/rtl8763b>
and *two antennas*. And finally all works fine. I have spent some hours,
using Bluetooth headphones, waiting for problems, but they hadn’t occur.
Small problem is that LTS Kernel 6.1 doesn’t support this device, so I have
used Liquorix kernel, which I have installed earlier. Though, I don’t need
this kernel, as it haven’t helped me with sound interrupts, which was my
hope at first. So… I bought more old Wi-fi receiver with *Realtek
RTL8761BUV* chip with antenna and it also works fine, and also works with
stable 6.1 kernel.

I am glad that situation found its resolution, though it is strange for me
that USB-dongle Bluetooth receiver (I don’t know the exact model) and
receiver on an internal wi-fi adapter (AX 210) have worked so poorly both.
Though I was in the distance not more than 2 meters from receiver.

Thanks for help

пт, 15 мар. 2024 г. в 05:21, Max Nikulin :

> On 14/03/2024 19:06, Jan Krapivin wrote:
> >
> > What do you think about QUANT parameter in */pw-top/*? Can it influence
> > sound quality? I wasn't able to change it with
> >
> > pw-metadata -n settings 0 clock.force-quantum 2048
>
> Sorry, my experience with tuning PipeWire is limited to switching audio
> profiles (A2DP codecs, HSF) from UI.
>
> I think in you case it would be more productive to enable debug logs
> either in bluetoothd or PipeWire to find either the host or the device
> drops or lost connections causing pauses till reconnect.
>
>
>

Re: Bluetooth sound problems Debian 12 GNOME

[Jan Krapivin]

> You may try to discriminate hardware/software issues when you comparing
> different laptops by booting various live images (GNOME, xfce, etc.).
>

 I will try... Thank you.

What do you think about QUANT parameter in *pw-top*? Can it influence sound
quality? I wasn't able to change it with

*pw-metadata -n settings 0 clock.force-quantum 2048*

Re: Bluetooth sound problems Debian 12 GNOME

[Jan Krapivin]

> Run the command as root, but you already have enough keywords to search
> in bug reports and discussions related to PipeWire and pulseaudio. The
> latter may have some workarounds for specific models of headphones.


Thanks, i will try to research this topic.


> PipeWire mailing list or forum may be a better place to discuss the issue.
>

OK

While watching *pactl subscribe *command output, i have noticed that there
was a change from sink 414 to sink 213 when sound interrupt occurred

"Event 'change' on sink-input #414
Event 'change' on sink-input #414
Event 'change' on sink-input #414
Event 'change' on sink-input #213
Event 'change' on sink-input #213
Event 'change' on sink-input #213"

Can this information be of any help?

Re: Bluetooth sound problems Debian 12 GNOME

[Jan Krapivin]

It is strange. I can see in a Debian mailing list an answer

- *From*: Ottavio Caruso 
- *Date*: Mon, 11 Mar 2024 16:50:45 +

"Not sure if this is your case, I had the same problem but I upgraded from
11 to 12. The transition from pulse to pipewire was not smooth. So I nuked
anything *pulse* and *bluetooth* and reinstalled from scratch using the
Debian guide:

https://wiki.debian.org/PipeWire

Is this a brand new installation or an upgrade?"

But i can't see it in my mailbox


*ANSWER*


No, this is a clean new installation. And it looks like i have the
same problem on another laptop with Debian 12 XFCE (Pulseaudio).

But the problem is with *TWO* headsets, so i am in question whats
happening with Debian, because Linux Mint and Android works fine...





пн, 11 мар. 2024 г. в 23:48, Jan Krapivin :

> Hello again. I have used *pactl subscribe *command and i think that in
> the moment of sound interrupt there are the corresponding lines:
>
> "Event 'remove' on sink-input #353
> Event 'new' on sink-input #358
> Event 'change' on sink-input #358"
>
> As for journald i have a lot of such errors, but they don't influence the
> audio quality:
>
> "Mar 11 22:20:13 deb wireplumber[1357]: RFCOMM receive command but modem
> not available: AT+XIAOMI=1,1,102,85,88,27,174"
>
> There are some other mentions of the bluetooth/headphones, but they don't
> meet the moment of sound issues. Full journald -f log is in an attachment.
>
> I must say that i had an opportunity today to test a laptop with Debian 12
> XFCE laptop with Pulseaudio and the problem is the same there. But, as i
> said, on a laptop with Linux Mint XFCE everything is fine. That's strange.
> What is the main difference between Linux Mint and Debian here..?
>
> I also tried Liquorix 6.7 kernel but it didn't help.
>
> Thanks.
>

Re: Bluetooth sound problems Debian 12 GNOME

[Jan Krapivin]

Hello again. I have used *pactl subscribe *command and i think that in the
moment of sound interrupt there are the corresponding lines:

"Event 'remove' on sink-input #353
Event 'new' on sink-input #358
Event 'change' on sink-input #358"

As for journald i have a lot of such errors, but they don't influence the
audio quality:

"Mar 11 22:20:13 deb wireplumber[1357]: RFCOMM receive command but modem
not available: AT+XIAOMI=1,1,102,85,88,27,174"

There are some other mentions of the bluetooth/headphones, but they don't
meet the moment of sound issues. Full journald -f log is in an attachment.

I must say that i had an opportunity today to test a laptop with Debian 12
XFCE laptop with Pulseaudio and the problem is the same there. But, as i
said, on a laptop with Linux Mint XFCE everything is fine. That's strange.
What is the main difference between Linux Mint and Debian here..?

I also tried Liquorix 6.7 kernel but it didn't help.

Thanks.
journalctl -f
Hint: You are currently not seeing messages from other users and the system.
  Users in groups 'adm', 'systemd-journal' can see all messages.
  Pass -q to turn off this notice.
Mar 11 21:28:16 deb wireplumber[1357]: RFCOMM receive command but modem not 
available: AT+BTRH?
Mar 11 21:28:16 deb wireplumber[1357]: RFCOMM receive command but modem not 
available: AT+XIAOMI=1,1,102,100,100,27,174
Mar 11 21:29:21 deb systemd[1331]: Started 
app-gnome-gnome\x2dterminal-6829.scope - Application launched by gsd-media-keys.
Mar 11 21:29:21 deb dbus-daemon[1367]: [session uid=1000 pid=1367] Activating 
via systemd: service name='org.gnome.Terminal' 
unit='gnome-terminal-server.service' requested by ':1.131' (uid=1000 pid=6829 
comm="gnome-terminal")
Mar 11 21:29:21 deb systemd[1331]: Starting gnome-terminal-server.service - 
GNOME Terminal Server...
Mar 11 21:29:22 deb dbus-daemon[1367]: [session uid=1000 pid=1367] Successfully 
activated service 'org.gnome.Terminal'
Mar 11 21:29:22 deb systemd[1331]: Started gnome-terminal-server.service - 
GNOME Terminal Server.
Mar 11 21:29:22 deb systemd[1331]: Started 
vte-spawn-82cf01f4-467e-44e1-b0e3-19af9cb02a2a.scope - VTE child process 6864 
launched by gnome-terminal-server process 6834.
Mar 11 21:30:27 deb systemd[1331]: Started 
app-gnome-gnome\x2dterminal-7042.scope - Application launched by gsd-media-keys.
Mar 11 21:30:27 deb systemd[1331]: Started 
vte-spawn-6e59a663-467e-40c5-9553-ad6b513aeecb.scope - VTE child process 7048 
launched by gnome-terminal-server process 6834.
Mar 11 21:33:03 deb gnome-shell[1624]: Wallpaper Slideshow: Changing 
wallpaper...
Mar 11 21:33:03 deb gnome-shell[1624]: Wallpaper Slideshow: Current wallpaper 
"a2.jpg"
Mar 11 21:33:03 deb gnome-shell[1624]: Wallpaper Slideshow: Wallpapers in 
queue: 8
Mar 11 21:33:03 deb gnome-shell[1624]: Wallpaper Slideshow: Next slide in 600 
seconds.
Mar 11 21:41:51 deb gnome-shell[1624]: JS ERROR: Gio.DBusError: 
GDBus.Error:org.freedesktop.DBus.Error.InvalidArgs: No such property 
“IconAccessibleDesc”
   
_promisify/proto[asyncFunc]/

Re: Bluetooth sound problems Debian 12 GNOME

[Jan Krapivin]

пн, 11 мар. 2024 г. в 07:50, Max Nikulin :

>
> Are there anything in journalctl output (executed as root) around these
> events?
>

I guess that no, but i will recheck.


> Is XFCE configured to use pulseaudio or PipeWire as GNOME?
>

Pulseaudio


> Another option might be LC3 codec from Bluetooth LE (5.2 Basic Audio
> Profile) if it is supported by the headphones.
>

Unfortunately it's not supported.


> Either a software/hardware bug or some piece of software disables power
> saving for handsfree/headset profiles to achieve low latency, but for
> A2DP device tries to sleep after some period of time.
>

 Hm, i will try to research that, thank you.

Arch Linux wiki pages have long troubleshooting sections.
>

Yes, I saw but found nothing relatable to my view.

Last resort might be dumping bluetooth traffic, but perhaps it is better
> to ask in some mailing list or forum more close to Bluetooth stack
> developers.
>

I have installed Wireshark, but somehow i can't find bluetooth connection
to capture
(https://forums.debian.net/viewtopic.php?p=795020#p795020)

Bluetooth sound problems Debian 12 GNOME

[Jan Krapivin]

Hello! I have a problem with sound quality when using bluetooth headphones
on Debian 12 GNOME.

Every ~20 minutes, sometimes less, sometimes more, sound interrupts for a
1-5 seconds with complete silence.

At first I thought that problem can be in the headphones, though it have
worked fine with Android phone and Linux Mint XFCE on a other laptop.

So I bought another headphones with support of different codecs: SBC, AAC,
and AptX.

And I have the same problem, but now I hear not only silence but also a
crackling, when sound interrupts.

I tried different codecs, including AAC (
https://forums.debian.net/viewtopic.php?p=777598#p777598). But the problem
prevails.

Yes, I must of course mention that there is absolutely no problems, when
using non-bluetooth devices like speakers, headphones etc.

The only workaround is to use HSP mSBC codec in Heandsfree mode, but the
sound is awful.

Though in mSBC there are no interruptions. I wonder why mSBC works fine and
SBC no..?


My system is (inxi)

Bluetooth:

Device-1: Intel AX210 Bluetooth type: USB driver: btusb v: 0.8

bus-ID: 1-10:3 chip-ID: 8087:0032 class-ID: e001

Report: hciconfig ID: hci0 rfk-id: 0 state: up address: 

Info: acl-mtu: 1021:4 sco-mtu: 96:6 link-policy: rswitch sniff

link-mode: peripheral accept service-classes: rendering, capturing, object

transfer, audio, telephony


Audio:

Device-1: Intel Cannon Lake PCH cAVS driver: snd_hda_intel

Device-2: NVIDIA GP107GL High Definition Audio driver: snd_hda_intel

Device-3: Creative Sound Blaster Play! 3 type: USB

driver: hid-generic,snd-usb-audio,usbhid

API: ALSA v: k6.1.0-18-amd64 status: kernel-api

Server-1: PipeWire v: 0.3.65 status: active


What have i tried?

Creating choppy-under-load.conf file in
/home/ja/.config/pipewire/pipewire-pulse.conf.d/ with


“context.properties = {

default.clock.quantum = 8192

default.clock.min-quantum = 8192

}”


Creating switch-on-connect.conf file with


pulse.cmd = [

{ cmd = "load-module" args = "module-always-sink" flags = [ ] }

{ cmd = "load-module" args = "module-switch-on-connect" }

]


Unfortunately I have no ideas what to try further as I am not a
power-user/techy.

I have tried to use PulseAudio, pipe-wire media session and not
Wireplumber, backported version of PipeWire, but all these attempts left me
with GDM/Gnome removed from the system! As Gnome now have
Pipewire/Wireplumber as dependency.

I want to try all options possible (if any) before I ditch Gnome in favour
of DE, that supports Pulseaudio.

P.S. I have tried two different bluetooth hardware modules, one on a Wi-fi
chip and one USB-stick, with no difference.

Re: Bookworm and ZFS (zfs-dkms 2.1.11) data corruption bug

[Jan Ingvoldstad]

On Wed, Jan 10, 2024 at 10:48 PM Xiyue Deng  wrote:

>
> You can check the developer page of zfs-linux[1] on which the "action
> needed" section has information about security issues (along with
> version info as Gareth posted).  The one you mentioned was being tracked
> in [2] and the corresponding Debian bug is [3].  My guess is that as
> zfs-linux is not in "main" but "contrib", and the issue is marked
> "no-dsa" (see [4]), there may be no urgency to provide a stable update.
> But you may send a follow up in the tracking bug and ask for
> clarification from the maintainers on whether an (old)stable-update is
> desired.
>

Thanks, so it *was* my searching skills that failed me:

"The fix will land in bookworm-backports and bullseye-backports-sloppy
shortly after 2.1.14-1 migrates to testing, which will take about 2
days hopefully. Fixes to 2.0.3-9+deb11u1 (bullseye) and 2.1.11-1
(bookworm) are planned but will likely take more time."

I think the bug is mislabeled as "security" and "important", as this is
primarily a severe data corruption bug, but with *possible* security
implications.

It is far more concerning that one cannot trust that cp actually copies a
file, and this is a blocker for installing the ZFS packages in Debian.

-- 
Jan

Bookworm and ZFS (zfs-dkms 2.1.11) data corruption bug

[Jan Ingvoldstad]

Hi,

It seems that Bookworm's zfs-dkms package (from contrib) has the data
corruption bug that was fixed with OpenZFS 2.1.14 (and 2.2.2) on 2023-11-30.

https://github.com/openzfs/zfs/releases/tag/zfs-2.1.14

However, I see no relevant bug report in the bug tracker - have my
searching skills failed?

-- 
Jan

Debian 11 on Raspberry Pi3 Can't login

[Jan-Erik Schröder]

Good Morning,

yesterday we installed Debian 11 on our raspberry pi3's as part of our
Youth Programming Course and cannot login. Thank you in advance

Greetings,
Schröder

Good tutorial on how to setup Gnome and KDE on the same machine?

[Jan Girke]

Hi

I am searching for a good tutorial for setting up Gnome and KDE as my
desktops with a screen at the start to choose which one I want today /
this start.
Can anybody give me the link to a good one?

Best, Jan

Re: Please be respectful

[Jan Foniok]

> On 18 Oct 2020, at 04:06, Weaver  wrote:
> 
> On 18-10-2020 11:42, Pierre-Elliott Bécue wrote:
>> Le 17 octobre 2020 23:03:22 GMT+02:00, Weaver  a
>> écrit :
> 
> And now we go another step further: with double postings into my inbox.
> Why don't you massage your petit ego requirements on somebody else's
> time.?
> I'm quite sure everybody here is as sick of it as I am.

Just for the record, I'm actually sick of you and Leslie Rhorer.

Boot script

[Jan Wilmans]

I've created a bootable USB stick that boot debian 10 (buster), and i would
like to customize my rc.local to do and apt-get update and install icecc
then start iceccd  finally run top.

Its a simple script, but how can I insert it into the USB sticks read only
filesystem?


On Sun, May 10, 2020, 11:23 Jan Wilmans  wrote:

> If you look carefully of the last page, the radio button for writing the
> boot record to disk is by default is to ,NOT write the boot record. You
> have to change it to 'yes' before you continue!
>
> If you dont, then ofcourse it reboots and since nothing changed in the
> boot sequence it boots the iso again...
>
> On Sun, May 10, 2020, 07:54 Keith Bainbridge  wrote:
>
>> On 10/5/20 1:24 pm, Harry Brown wrote:
>> > Hey guys,
>> >
>> > I'm having a bit of an issue here while installing KaliLinux and I was
>> > wondering if you guys can help out.
>> >
>> > I installed *Oracle VirtualBox* on my *Windows 10* and downloaded *Kali
>> > Linux 64bit ISO file*, Then I created a new virtual machine *(Debian
>> > 64bit)*and started installing KaliLinux.
>> > Everything was great and almost 5GB of packages were downloaded and
>> > installed, the final step is to reboot so KaliLinux can run.
>> > I clicked on Finish Installation (after all packages and files were
>> > installed ) and it showed me a message saying that Kali will run after
>> > the machine reboot.
>> >
>> > Guess what! *The machine rebooted and it took me back to the first
>> > installation page again*, I didn't know what happened or if I did
>> > something wrong so I clicked "Install" again and followed the steps.
>> > And I had to wait **again for the 5GB of packages to be downloaded and
>> > installed ( which was frustrating ).
>> > Installation was finished and the machine rebooted and nothing
>> happened.
>> > *it took me back to the first installation page once again.*
>> > *
>> > *
>> > I know it's a long email (sorry about that), But I needed to make sure
>> > that you guys are fully aware of what's the issue so you can help.
>> >
>> > Thanks in advance,
>> >
>> > HB.
>> >
>>
>>
>> Good afternoon Harry
>>
>> I sometimes have to go into the settings for the virtual device and
>> untick the other boot options - CD and floppy from memory.
>>
>> --
>> Keith Bainbridge
>>
>> ke1th3...@zoho.com
>> +61 (0)447 667 468
>>
>>

Re: Kali Linux installation failure on VirtualBox

[Jan Wilmans]

If you look carefully of the last page, the radio button for writing the
boot record to disk is by default is to ,NOT write the boot record. You
have to change it to 'yes' before you continue!

If you dont, then ofcourse it reboots and since nothing changed in the boot
sequence it boots the iso again...

On Sun, May 10, 2020, 07:54 Keith Bainbridge  wrote:

> On 10/5/20 1:24 pm, Harry Brown wrote:
> > Hey guys,
> >
> > I'm having a bit of an issue here while installing KaliLinux and I was
> > wondering if you guys can help out.
> >
> > I installed *Oracle VirtualBox* on my *Windows 10* and downloaded *Kali
> > Linux 64bit ISO file*, Then I created a new virtual machine *(Debian
> > 64bit)*and started installing KaliLinux.
> > Everything was great and almost 5GB of packages were downloaded and
> > installed, the final step is to reboot so KaliLinux can run.
> > I clicked on Finish Installation (after all packages and files were
> > installed ) and it showed me a message saying that Kali will run after
> > the machine reboot.
> >
> > Guess what! *The machine rebooted and it took me back to the first
> > installation page again*, I didn't know what happened or if I did
> > something wrong so I clicked "Install" again and followed the steps.
> > And I had to wait **again for the 5GB of packages to be downloaded and
> > installed ( which was frustrating ).
> > Installation was finished and the machine rebooted and nothing happened.
> > *it took me back to the first installation page once again.*
> > *
> > *
> > I know it's a long email (sorry about that), But I needed to make sure
> > that you guys are fully aware of what's the issue so you can help.
> >
> > Thanks in advance,
> >
> > HB.
> >
>
>
> Good afternoon Harry
>
> I sometimes have to go into the settings for the virtual device and
> untick the other boot options - CD and floppy from memory.
>
> --
> Keith Bainbridge
>
> ke1th3...@zoho.com
> +61 (0)447 667 468
>
>

Re: Is this ALL good advise

[Jan Bakuwel]

On 7/12/19 12:55 pm, Keith Bainbridge wrote:

On 3/12/19 8:42 pm, Keith Bainbridge wrote:



Just wondering if this is ALL good advice?

Should I use it for ALL my mail, or just sensitive stuff, like 
lobbying politicians.


I'm still here.   Have had a couple of questions that have gotten me 
thinking deeply, primarily about whose/what safety I am really trying 
to protect. Mu best answer is personal, physical safety of my family.


That has started me thinking that I should be hiding my location more 
than what I am saying.


I'll be back.

Companies like G$ attempt to suck in every minute detail of our lives to 
tune their AI to create a detailed profile of everyone one the planet, 
which in turn is used to create the perfect personal echo chamber 
especially for you. It won't take long before that AI is able to present 
you with what you'd like to hear on virtually any topic with the aim of 
manipulating to move your opinion about  in the desired 
direction using real news, half real news, fake news, absent news (news 
you should hear but don't), you name it.


I'll hear a subtly or less subtly different message than you, each 
message carefully crafted for each individual, for example to nudge you 
to vote for one candidate or another or to buy more stuff you don't 
need. This is very bad news for democracy, if that still exists, and the 
planet.


Although I'd sometimes like to think I can, I am under no illusion that 
I'll be able to outsmart that AI.


And yes, this message comes to you via G$. I use G$ primarily for email 
lists, private stuff lives on a private email server. But hey, as 
someone already mentioned, most people I'm emailing with use G$, M$, Y$ 
, F$ etc, so most of my email still ends up being processed.


A big problem if you ask me, that's virtually without solutions. That's 
why all that G$, M$, Y$, F$ stuff is "so convenient" and "free". They 
employ whole armies of psychologists studying the human mind hunting for 
any and all human weaknesses.


Now back to the topic: does it make sense to encrypt anything? Surely 
for communication between two individuals who'd like to keep their 
conversation private. Otherwise IMHO only if we encrypt everything, to 
make it sufficiently hard for their AI to do this work. But how much 
additional energy would we consume doing that? Can we afford all that 
extra energy? The consequences of runaway climate change might be even 
worse.


As with most other relevant or urgent matters, humanity will not 
voluntarily change course.


Am I just a cynical old bastard? If so, that would be good news!

:-)

J.

Re: Gezocht: Domain Registar

[Jan Claeys]

On Sun, 2019-12-01 at 12:17 +0100, Geert Stappers wrote:
> Previous-Subject: Re: Gezocht: Domain Registar welke *geen* gebruik
> maakt van Google ((Re-)CAPTCHA) services
> On Sun, Dec 01, 2019 at 11:32:36AM +0100, mai...@posteo.org wrote:
> > inclusief ™ Prachtig! (die TM doet het en/maar het zijn Fransen!?)

Wat is er fout met Fransen?
We leven toch allemaal in de EU, en gebruiken allemaal de euro...


> Ook ik heb niet zo op met kletskoek, stierenpoep en echte bullshit.
> Laat je echter niet paaien door "Wij hebben de beste CLI tool".
> Vraag naar de standaard in de API. Dan wel de beschrijving van de
> API.

https://doc.rpc.gandi.net/


> Heb ook weet van
> van https://en.wikipedia.org/wiki/Extensible_Provisioning_Protocol

Dat is meer een API om te communiceren met de centrale registries, iets
wat de registrar (domeinagent) voor jou doet.



-- 
Jan Claeys

(please don't CC me when replying to the list)

Re: Gezocht: Domain Registar welke *geen* gebruik maakt van Google ((Re-)CAPTCHA) services

[Jan Claeys]

On Thu, 2019-11-28 at 14:13 +0100, mai...@posteo.org wrote:
> Ben op zoek naar een Domain Registar welke *geen* gebruikt maakt van
> Google ((Re-)CAPTCHA) services en daarnaast Open Source, niet alleen
> in woord maar ook in daad, een warm hart toe draagt.
> 
> Gaarne uw ervaringen, afwegingen en suggesties. Waarvoor dank!

gandi.net ?


-- 
Jan Claeys

(please don't CC me when replying to the list)

Nie masz pomysłu na nowy post? Poprowadzimy Twój FanPage.

[Jan Żak . Twój Skuteczny FanPage .]

Szanowni Państwo,

skuteczne administrowanieFanPage na Facebook’uto nasza specjalność.

W związku z tym, chcemy zaproponować Państwu przesłanie więcej informacji w tym 
zakresie aby zwiększyć zysk Państwa firmy oraz ilość fanów.

Przesłanie odpowiedzi o treściTAK, umożliwi nam kontakt z Państwem.

Ponieważ sami prowadzimy biznes, jesteśmy świadomi, że podstawą każdej firmy są 
klienci.

Zadbamy o przypływ nowych klientów dla Państwa firmy .

.
Z poważaniem,
Administrowanie Facebook’iem

Re: Display resolution 3840x2160@24rb stopped working after Upgrade from Stretch to Buster

[Jan Michael Greiner]

Thanks to everybody, for all the hints.

I think the way to search in, is to create an edid file and load it at boot.
I searched in this direction before, I just abandoned that way because it did 
not work.

Now the question I have is: How to create that edid file.
The tool I found creates a file in a format, that is not accepted by the 
kernel. 

https://github.com/akatrevorjay/edid-generator/issues/11#issuecomment-531120166

I am using latest Debian (Buster 10.1) and put the generated .bin file in 
/lib/firmware/edid/.

 I added at boot: drm_kms_helper.edid_firmware=edid/3840x2160_24.00_rb.bin

 $ ls -trl 3840x2160*
-rw-r--r-- 1 xxx xxx 492 Aug 24 20:57 3840x2160_24.00_rb.S
-rw-r--r-- 1 xxx xxx 134 Aug 24 20:58 3840x2160_24.00_rb.bin
-rw-r--r-- 1 xxx xxx 388 Aug 24 20:59 3840x2160_24.00_rb.bin.ihex
-rw-r--r-- 1 xxx xxx 838 Aug 24 20:59 3840x2160_24.00_rb.c

Output of dmesg contains - Missing trailing ) on purpose

[drm:drm_load_edid_firmware [drm]] *ERROR* Size of EDID firmware 
"edid/3840x2160_24.00_rb.bin" is invalid (expected 6272, got 134

Re: Display resolution 3840x2160@24rb stopped working after Upgrade from Stretch to Buster

[Jan Michael Greiner]

Dear Charles,

On Monday, September 9, 2019, 1:55:06 PM GMT+2, Charles Curley wrote:

>> On Mon, 9 Sep 2019 10:20:37+ (UTC) Jan Michael Greiner wrote:
>> With Debian Stretch (9.8) I had the display running with 3840x2160
>> resolution at 24Hz reduced blank.


>> [What worked with Debian Stretch (9.9)]
>> export modename="3840x2160_24.00_rb"
 >> xrandr --newmode $modename 209.75 3840 3888 3920 4000 2160 2163 2168 2185 
 >> +HSync -Vsync
 >> xrandr --addmode HDMI-1 $modename
 >> xrandr --output HDMI-1 --mode $modename

 >> [Problem with Debian Buster (10.1)]
 >> xrandr --output XWAYLAND1 --mode $modename
 >> xrandr: Configure crtc0 failed

 >And I take it you want to reproduce that on Debian 10 (buster). I
 > suggest you:
 > * Install arandr.
 >[...]

 Thank you for making me aware of arandr. However, from what I learned:

- arandr is merely a graphical tool for xrandr, so if something does not work 
with xrandr, arandr will not be able to help 

- I did not see any option in the arandr gui to add a non yet existing 
resolution (and I would like to add a 24Hz reduced blank resolution)

 To rephrase my question: How can I enable a custom screen resolution and 
refresh rate (with my specific modeline) with Debian Buster (Wayland)?


 Thank you and best regards

 JM 

Re: Afspelen audio CD's

[Jan Claeys]

On Fri, 2019-05-10 at 08:01 +0200, Cecil Westerhof wrote:
> Wat is de beste manier om ze af te spelen? Mijn eerste zoektocht gaf
> een commandline voor mplayer. Hoewel ik een grote fan ban van de
> commandline, vind ik dat voor het afspelen van audio CD's niet echt
> een optie.

Maak gewoon een launcher die automatisch mplayer (of een andere
mediaspeler) start met de opdracht om audio-cds af te spelen?


-- 
Jan Claeys

Re: Help tracking down a random beep

[Jan Claeys]

On Thu, 2019-05-09 at 09:56 +, Curt wrote:
> In the event there is no functional motherboard speaker, I guess it
> cannot be a BIOS alarm of any kind.

Some on-board audio chips are wired up so that they can emulate old
school IBM PC compatible motherboard speakers/buzzers.


-- 
Jan Claeys

(please don't CC me when replying to the list)

Re: next amd64 stretch problem

[Jan Claeys]

On Mon, 2019-05-06 at 13:13 -0400, Gene Heskett wrote:
> Well, I've uprooted pulse and pulled in the rest of alsa. No sound
> before or after a reboot now. But I just ran alsamixergui, and found
> the front speakers tunred off.  So I have audio again, about 4x
> louder than before. So take that Leonart P.  Now get lost, go code
> for a winderz startup.  And a big thank you to all the alsa
> developers.

This was your system having a bad ALSA setting, so most likely you
could have solved it without touching PulseAudio at all (let alone
blame it on someone who hasn't been involved with the PulseAudio
project for almost 10 years).


-- 
Jan Claeys

(please don't CC me when replying to the list)

Re: Simple Linux to Linux(Debian) email

[Jan Claeys]

On Fri, 2019-04-12 at 00:42 +0900, Mark Fletcher wrote:
> On Tue, Apr 09, 2019 at 02:34:30AM +0200, Jan Claeys wrote:
> > Why not use a dynamic DNS provider?
> > 
> > 
> Primarily because it wouldn't solve my problem. IIUC it would allow
> me to map a domain name to the IP address assigned to my home
> internet connection. That means that when the IP address assigned to
> my internet connection changes, I can simply alter the mapping and my
> VPN clients start working again, without any configuration change on
> them.
> Great, but that isn't the problem. The problem is how I know that the
> IP address has changed and hence the DNS mapping needs updating. I
> don't see any way that a dynamic DNS service is going to know when my
> ISP arbitrarily re-assigns my IP. I need the machine that is being
> assigned the IP address to be able to tell me when it changes, and
> that is what  this thread was about (specifically the "how it would
> be able to tell me" -- I'd figured out the "how it would know" for
> myself).

Many routers know how to update popular dynamic DNS providers when the
WAN IP address changes.  If your router can't do this, or your computer
is connected to the internet directly, then there are also several
utilities which can do this in the Debian repositories.


-- 
Jan Claeys

(please don't CC me when replying to the list)

Re: Simple Linux to Linux(Debian) email

[Jan Claeys]

On Mon, 2019-04-08 at 21:33 +0900, Mark Fletcher wrote:
> I've created a very simple script that is capable of parsing the
> output of "ip addr" and comparing the returned ip address for the
> relevant interface to a stored ip address, and thus being able to
> tell if the IP address has changed. What I'd like to do now is make a
> means for the LFS box to be able to notify me of the fact that the
> external-facing IP address has changed. 

Why not use a dynamic DNS provider?


-- 
Jan Claeys

(please don't CC me when replying to the list)

Re: 'synaptic' removed from buster

[Jan Claeys]

On Fri, 2019-04-05 at 15:30 -0500, David Wright wrote:
> On Fri 05 Apr 2019 at 21:34:15 (+0200), Jan Claeys wrote:
> > Another well-known one is GParted, which doesn't really have an
> > alternative for people to use instead...
> 
> Does parted not do the same things?

No, it can do some things GParted does (in fact, GParted uses libparted
for those), but GParted has additional features that parted doesn't,
like moving partitions including the filesystems on them.

> I must admit that in 24 years of linux, I've never run a GUI
> application as root. And I would have thought there's a case for
> using a TUI rather than a GUI if the need was pressing.

Obviously it would be better if GParted didn't run as root, but used a
model where a unprivileged process calls a privileged process to do the
actual "hard work" that needs those privileges. Unfortunately none of
the GParted developers have had the combination of time & skills to
rewrite GParted for that yet (help welcome).


-- 
Jan Claeys

(please don't CC me when replying to the list)

Re: 'synaptic' removed from buster

[Jan Claeys]

On Fri, 2019-04-05 at 17:01 -0400, Lee wrote:
> That's what I don't understand.  Why remove the package if it's only
> a problem with some desktops?

In fact, it's not even a problem on Gnome + Wayland, as you should be
able to run Synaptic as root with XWayland and the “right” xhost
setting (requires a small shell script to start Synaptic that way).


-- 
Jan Claeys

(please don't CC me when replying to the list)

Re: 'synaptic' removed from buster

[Jan Claeys]

On Thu, 2019-04-04 at 16:22 -0400, Greg Wooledge wrote:
> How many graphical programs does Debian actually have that are
> intended to be run as root on a desktop?  It's certainly not "half
> the os's utilities".  I'd be surprised if there are as many as ten.

Another well-known one is GParted, which doesn't really have an
alternative for people to use instead...


-- 
Jan Claeys

Re: free software to paid work

[Jan Claeys]

On Thu, 2019-03-28 at 09:25 +, Paul Sutton wrote:
> In an effort to reach out to people and recruit much needed help for
> contributors to free software,  I just wondered if there were any
> examples of where  people have gained either full time work or full
> time education places as a result of contributing to free software.

There are many thousands of examples of people who got certain jobs
because of their open source and free software contributions (maybe
Linus Torvalds is one of the best-known examples), but of course it is
never a guarantee.  This obviously applies to companies that have their
own open source projects, but some other companies & organisations
(including some that are non-IT in some cases) will also value the
experience you gained.

For full time education places, do you mean something like a
scholarship?  That would be useful in places where university
educations are expensive, of course, but I don't know if there exist
any such scholarships right now.  Maybe someone else knows more about
this?


-- 
Jan Claeys

Re: Widevine werkt niet meer in Firefox-esr

[Jan van Gemert]

Op 07-02-19 om 19:17 schreef Paul van der Vlis:

Op 07-02-19 om 17:07 schreef Jan van Gemert:

Op 06-02-19 om 09:46 schreef Paul van der Vlis:

Hoi,

Onlangs melde ik dat npostart.nl niet meer functioneerde.

In de tussentijd is er een nieuwe versie van Firefox-esr gekomen in
Debian, en er is wat veranderd. Nu wordt er een poging gedaan Widevine
te installeren (gele balk boven), maar dit duurt eindeloos en lukt niet.

Ik heb de .mozilla directory hernoemd en het op die manier nog een keer
"schoon" geprobeerd, maar het ook dat werkt niet.

Deze site geeft hetzelfde probleem, het probleem is dus niet NPO
specifiek:https://bitmovin.com/demos/drm

Ik had nog antwoord gekregen van npostart.nl, ze vertelden dat voor de
tijd dat de problemen begonnen, er niets gewijzigd is bij hen. Er was
toen ook geen update van de browser in Debian.

Groeten,
Paul

Twee computers met debian 9.7 , firefox 60.5.0esr geven de hierboven
verschijnselen met npostart. 't Werkte voorheen prima. Idem op deze
computers met Chromium en Opera. Merkwaardig.
Op 2 andere pc's met Ubuntu respectievelijk Lubunu, en Firefox 65.0
werkte en werkt npostart probleemloos.

Met Firefox 65.0 van mozilla.org werkt het bij mij ook probleemloos
onder Debian. En wat interessant is, daarna werkt firefox-esr ook weer.

Firefox-esr 60.5.0esr-1~deb9u1 probeert een oude versie van Widevine te
installeren, namelijk versie 1.4.8.1008, dit gaat niet goed.

Firefox 65 installeert een nieuwere versie van Widevine, namelijk versie
4.10.1196.0,  in ~/.mozilla, en daarna doet ook firefox-esr het.
Want dat gebruikt ook die ~/.mozilla.

De enige manier waarop ik dit tot nu toe kan realiseren is door toch
Firefox 65 van mozilla.org eenmalig op te starten...

Dit dan ook maar gedaan. En firefox-esr werkt weer met npostart.nl

Groet,
Paul

Groeten en bedankt, Jan van Gemert

Re: Widevine werkt niet meer in Firefox-esr

[Jan van Gemert]

Op 06-02-19 om 09:46 schreef Paul van der Vlis:

Hoi,

Onlangs melde ik dat npostart.nl niet meer functioneerde.

In de tussentijd is er een nieuwe versie van Firefox-esr gekomen in
Debian, en er is wat veranderd. Nu wordt er een poging gedaan Widevine
te installeren (gele balk boven), maar dit duurt eindeloos en lukt niet.

Ik heb de .mozilla directory hernoemd en het op die manier nog een keer
"schoon" geprobeerd, maar het ook dat werkt niet.

Deze site geeft hetzelfde probleem, het probleem is dus niet NPO
specifiek:https://bitmovin.com/demos/drm

Ik had nog antwoord gekregen van npostart.nl, ze vertelden dat voor de
tijd dat de problemen begonnen, er niets gewijzigd is bij hen. Er was
toen ook geen update van de browser in Debian.

Groeten,
Paul
Twee computers met debian 9.7 , firefox 60.5.0esr geven de hierboven 
verschijnselen met npostart. 't Werkte voorheen prima. Idem op deze 
computers met Chromium en Opera. Merkwaardig.
Op 2 andere pc's met Ubuntu respectievelijk Lubunu, en Firefox 65.0 
werkte en werkt npostart probleemloos.

--
Groeten, Jan van Gemert

RE: Broadcasting Industry

[Jan Obadiah]

Did you get a chance to review my previous email? Let me know if we can 
schedule a call to discuss further.

Look forward to hearing back

Regards,

Jan

From: Jan Obadiah
Sent: Thursday, January 24, 2019 9:15 AM
To: 'debian-user@lists.debian.org'
Subject: Broadcasting Industry


Hi,


Would you be interested in an email Contact list of Broadcasting Industry? We 
can help you reach out to:

Industry:
?  Film/Video Production & Services
?  Radio Stations
?  Television Stations
?  Music & Music Related Services

Job Titles:
?  Owner
?  President
?  Managing Director
?  Broadcaster
?  IT Decision Makers

I'd be happy to send over few sample records on your request, and set up a time 
to discuss in detail.

Have a great day!

Regards,


Jan Obadiah / Pro Solutions

On the off chance that you don't wish to get messages from us answer back with 
"Pull back".

Re: dovecot, openssl, TLS1.0

[Jan Foniok]

Hello,

> On 5 Nov 2018, at 21:19, Brad Rogers  wrote:

>> In spite of some effort I haven't found this sysadmin. Can you please
>> give me some pointers...
> 
> Important information regarding an update, such as a change in default
> behaviour of a package, is emailed to the sysadmin user.  This is usually
> root, IIRC, but can be reconfigured to be anybody.

Is there a package that needs to be installed for that to happen?

On my postfix installation there is no sysadmin alias (there is system, admin, 
and many others). Nor is there any sign of undelivered emails to sysadmin in 
the mail logs.

>  Changing back the defaults in /etc/ssl/openssl.cnf to previous system
>  wide defaults can be done using:
>  MinProtocol = None
>  CipherString = DEFAULT

This helps indeed, even though I recognise that there is a security issue.

I hope either Apple will fix OS X El Capitan to fully support TLSv1.2, or users 
will stop using 9-year-old laptops that cannot be upgraded any further than 
that OS X version. (But why chuck a perfectly working computer??)

Thanks again for your help,
Jan



signature.asc
Description: Message signed with OpenPGP using GPGMail

dovecot, openssl, TLS1.0

[Jan Foniok]

Hi,

Apple Mail on El Capitan doesn't seem to support protocols TLS higher than 1.0 
or 1.1.
Older hardware (9 years) is not supported by newer MacOS versions.

A recent update of debian seems to have disabled these protocols for dovecot 
imap.

What is the best way out? Can TLS1.0 and 1.1 be enabled?

Thanks,
Jan

dovecot, openssl, TLS1.0

[Jan Foniok]

Hi,

Apple Mail on El Capitan doesn't seem to support protocols TLS higher than 1.0 
or 1.1.
Older hardware (9 years) is not supported by newer MacOS versions.

A recent update of debian seems to have disabled these protocols for dovecot 
imap.

What is the best way out? Can TLS1.0 and 1.1 be enabled?

Thanks,
Jan

Re: SSH

[Jan Claeys]

On Sun, 2018-10-21 at 14:16 +0200, Paul van der Vlis wrote:
> Maar wat als de gebruiker nu ook de admin van zijn machine is?
> Dan lijkt me er niks mis mee.

Juist.

En je kan dat allemaal per gebruiker of groep gebruikers instellen.


-- 
Jan Claeys

Re: voorvoegsel apt WAS: SSH

[Jan Claeys]

On Sat, 2018-10-20 at 12:19 +0200, Geert Stappers wrote:
> Mijn inschatting is iets als
> 
>su - root -C "apt update"
> 
> maar dan moet je wel het root wachtwoord weten.  Bij
> 
>sudo apt update
> 
> moet je je eigen w.w. weten.

Fout.

Het hangt van je sudo-configuratie af of je je eigen dan wel het root
wachtwoord moet geven (of zelfs helemaal geen wachtwoord, als je wil).


-- 
Jan Claeys

Re: SSH

[Jan Claeys]

On Thu, 2018-10-18 at 02:34 +0200, Bas Neve wrote:
> Daar heb ik geen speciale reden voor. De ene keer gebruik ik riit de
> andere keer een user met minder rechten.
> Denk dat het komt omdat ik de niet superuser nog niet aan de sudoers
> groep heb toegevoegd. Wnaar ik dan verhoogde rechten gebruik zet ik
> ze niet terug. 

Dat lijkt me niet zo'n goed idee; werken als root is altijd een risico,
en dus werk je best zo weinig mogelijk als root.  En zeker als je
dingen op het netwerk/internet gaat doen.


-- 
Jan Claeys

Re: SSH

[Jan Claeys]

On Wed, 2018-10-17 at 11:01 +0200, Bas Neve wrote:
> Als ik echter in /etc/ssh/ssh_config  IdentityFile ~/.ssh/id_rsa
> meegeef
> dan zie ik bij het connecten:
> 
> debug1: Offering RSA public key: /root/.ssh/id_rsa
> Dit lijkt me onjuist.

Waarom denk je dat dat onjuist is?

-- 
Jan Claeys

Re: SSH

[Jan Claeys]

On Wed, 2018-10-17 at 11:01 +0200, Bas Neve wrote:
> Als ik echter in /etc/ssh/ssh_config  IdentityFile ~/.ssh/id_rsa
> meegeef
> dan zie ik bij het connecten:
> 
> debug1: Offering RSA public key: /root/.ssh/id_rsa
> Dit lijkt me onjuist.

Waarom werk je als user 'root' om via ssh in te loggen op een andere
server?

-- 
Jan Claeys

Re: Hoe temperatuur informatie van sensors te intepreteren

[Jan Claeys]

On Tue, 2018-09-11 at 08:26 +0200, Cecil Westerhof wrote:
> Wanneer ik sensors draai dan krijg ik o.a.:
> CPU_TEMP:   +53.5°C  (high = +80.0°C, hyst = +75.0°C)  sensor = 
> thermistor
> 
> Ik heb een grafisch tooltje geschreven dat in een grafiek de
> temperatuur van het afgelopen uur laat zien. Normaal is deze groen,
> maar bij een temperatuur boven warning wordt hij oranje en boven
> critical wordt hij rood. Ik heb nu ingesteld:
> set critical  85
> set warning   75
> 
> of kan ik daar beter van maken:
> set critical  80
> set warning   70

Welke temperaturen kritisch zijn of niet hangt af van wat (CPU, andere
chip, lucht in de kast, ...) & waar (vb. buitenkant vs. binnenkant) er
gemeten wordt, en kan bij elke CPU (etc.) anders zijn...

Voor de meeste CPUs kan je de kritische temperatuur vinden op de
website van de fabrikant bij de CPU-specificaties.


-- 
Jan Claeys

Re: Samba, client ziet server niet

[Jan Claeys]

On Mon, 2018-09-03 at 12:01 +0200, Paul van der Vlis wrote:
> Ik dacht altijd dat WINS de Microsoft implementatie van NetBIOS was.

WINS (“Windows Internet Name Service”, waarbij “Internet” verwijst naar
het transport over TCP/IP) is een name server voor NetBIOS namen, min
of meer zoals DNS een name server is voor (o.a.) internet domeinnamen.


-- 
Jan Claeys

Re: Xfce met xdm

[Jan Claeys]

On Fri, 2018-06-15 at 23:40 +0200, Cecil Westerhof wrote:
> Op een Ubuntu systeem waar ik ook xfce en lightdm gebruik heb ik dit
> niet, maar ik zie geen verschil in de configuratie bestanden. :'-(

Er zijn verschillende LightDM "greeters", en voor sommige greeters ook
verschillende "themes", dus vermoedelijk zit het verschil daar ergens
in?  (Of eventueel een verschillende versie?)


-- 
Jan Claeys

Re: Probleem tussen DNS en spamassassin

[Jan Claeys]

On Fri, 2018-06-15 at 17:12 +0200, Cecil Westerhof wrote:
> Ik zag dit vlak na een reboot. Als mijn systeem een poosje loopt krijg
> ik:
> spamd[21625]: spamd: connection from localhost [::1]:47664 to port 783, 
> fd 5
> spamd[21625]: spamd: setuid to imaps succeeded
> spamd[21625]: spamd: processing message 
>  aka 
> <2S1ESKLQh1D.A.UNH.FP9IbB@bendel> for imaps:1001
> 
> Dus het lijkt erop dat spamassassin in eerste instantie op poort 53
> kijkt en naar verloop van tijd op een andere poort.

Die connectie op poort 783 is een connectie naar Spammassassin (vb. van
je mail server), niet een connectie vanuit Spamassassin.


-- 
Jan Claeys

Re: installer met kernel van backports

[Jan Claeys]

On Tue, 2018-06-05 at 12:02 +0200, Paul van der Vlis wrote:
> Bedenk overigens dat er op de meeste pakketten in Ubuntu geen
> security support zit. Het "universe repository". Theoretisch is er
> "community support", maar in de praktijk niet.

Meer correct is: sommige pakketten in Universe krijgen wel support (vb.
MariaDB), veel andere niet/nauwelijks.


-- 
Jan Claeys

Re: Bug melden vanaf ander systeem

[Jan Claeys]

On Sat, 2018-03-24 at 11:50 +0100, Paul van der Vlis wrote:
> Op 24-03-18 om 04:48 schreef Diederik de Haas:
> > On vrijdag 23 maart 2018 14:13:11 CET Paul van der Vlis wrote:
> > > Mijn bug gaat er over, dat de Debian installer de firmware voor
> > > een wifi-stick uit firmware-linux-free niet laadt.
> > 
> > $ reportbug installation-report --print
> 
> Ik denk dat busybox het commando reportbug niet kent.

Dat werkt na de installatie.

(Als je helemaal niet kan installeren is dat natuurlijk niet zo
nuttig.)


-- 
Jan Claeys

Re: Bug melden vanaf ander systeem

[Jan Claeys]

On Thu, 2018-03-22 at 16:25 +0100, Paul van der Vlis wrote:
> Ik heb net een bug gemeld via reportbug, maar reportbug wou perse de
> gegevens van mijn systeem erbij vermelden. Echter, ik meld een
> probleem over een heel ander systeem, deze gegevens zijn dus
> waardeloos en scheppen verwarring.
> 
> Eerder kon ik de gegevens van mijn systeem verwijderen door het bug
> report te editten. Echter nu niet.
> 
> Is het nu echt de bedoeling om fouten altijd te melden vanaf het
> systeem wat het probleem heeft?

Je zou de optie --print ook kunnen gebruiken (eventueel op het andere
systeem waar de bug zich voordoet, als dat kan, dan heb je meteen de
juiste systeeminfo), en de uitvoer daarvan opslaan in een bestand om
als basis te dienen.


-- 
Jan Claeys

Re: Mijndomein Websites die niet werken met Firefox-esr

[Jan Claeys]

On Sun, 2018-02-11 at 17:54 +0100, Sjoerd Hiemstra wrote:
> Wij blokkeren inderdaad een aantal user-agent`s, dit komt doordat wij
> vaak met deze user-agent aangevallen worden en om onze klanten en
> onze veiligheid te waarborgen blokkeren wij dit tijdelijk.

Lijkt me een beetje kort door de bocht om enkel de "user agent" als
criterium voor een blokkade te gebruiken, zeker als dat een nog steeds
ondersteunde browser-versie is.  Over het algemeen zullen er wel
meer/andere dingen zijn waarop je (bijkomend) kan filteren in zo'n
geval...


-- 
Jan Claeys

Re: New USB device found, idVendor=1004, idProduct=633e MTP succes

[Jan Claeys]

On Sat, 2018-01-27 at 16:44 +0100, Geert Stappers wrote:
> In mijn grafische omgeving ( XFCE ) is het android device zichtbaar.
> Hoefde ik niets extra te doen. Alleen maar op het icon van een
> archiefkast klikken, iets wat ik normaal niet doe  :-/

Het MTP-protocol wordt via Gvfs ondersteund, dus het zou moeten werken
in de meeste Gtk-toepassingen.  (En KDE ondersteunt het vziw ook via
hun alternatief voor Gvfs.)


NB: Ik veronderstel dat telefoons/tablets/etc. liever MTP gebruiken dan
USB Mass Storage, omdat bij die laatste de computer het bestandssysteem
(correct) moet ondersteunen, en dat is uiteraard niet evident...  (Niet
iedereen gebruikt linux op de desktop ;) )


-- 
Jan Claeys

Re: Experiences with BTRFS -- is it mature enough for enterprise use?

[Jan Vales]

On 12/30/17 01:26, Matthew Crews wrote:
>>  Original Message 
>> Subject: Re: Experiences with BTRFS -- is it mature enough for enterprise 
>> use?
>> Local Time: December 29, 2017 4:48 PM
>> UTC Time: December 29, 2017 11:48 PM
>> From: j...@jvales.net
> 
>> You still can go md-raid + btrfs, if you want some btrfs features.
> 
> If you're using Raid1 or Raid10, md-raid + btrfs is probably worse than 
> native btrfs Raid1 + Raid10.
> 

The problem with btrfs-raid10 (with 6 disks): it self-destructed itself
on our soon to be production server twice in december.

So no way btrfs-raid is going to see production on our machines anytime
soon.
It seems to work without issues on md-raid6 + luks + btrfs so far...
So hopefully we will at least have snaphots <3

Its just a file/backup-server and nothing that would need best disk
performance - if we wanted that, we would have gone for ssd's. :)

br,
Jan Vales
--
I only read plaintext emails.



signature.asc
Description: OpenPGP digital signature

Re: Experiences with BTRFS -- is it mature enough for enterprise use?

[Jan Vales]

On 12/29/17 00:55, Andy Smith wrote:
> The killer feature of ZFS is its checksumming of all data and
> metadata to protect against bitrot and other forms of data
> corruption. The only other filesystem offering this on Linux is
> btrfs, hence the many mentions of ZFS in this thread. Putting the
> filesystem under MD RAID (or hardware RAID) and scrubbing it will
> detect corruption but cannot fix it.
> 

md-raid6 can fix most few-byte issues online.

# dd if=/dev/zero of=/dev/sdb1 bs=1 count=1 seek=1234
md-raid6 scrub will fix that byte.
Remember to always flush disc caches when testing!

But unlike btrfs-raid10, md-raid6 cannot recover a whole disk or
partition getting fully zero-dd'd - with or without a reboot.

I didnt actually test how much of a disk must be zeroed or random'ed
before md-raid6 scrub starts to fail. A few calls to the above dd with
diffrent seek= and then scrubbing will fix the corrupted bytes every time.
A full zero-dd will not.
-> drive will be "failed" and you need to re-add it.

Which was the reason why we initially gave btrfs-raid10 a try...
... it would be a really cool FS, if it was as stable as it is on my
laptop (and I really dislike btrfs-raid definitions)

You still can go md-raid + btrfs, if you want some btrfs features.
Snapshots (and send/receive) are what I really love on my laptop and
could not live without anymore.
(fulldisk encryption may be mandatory, as btrfs at least some time ago,
had the tendency to brick itself, if it sees its uuid on multiple disks
at the same time (md-raid1))

br,
Jan Vales
--
I only read plaintext emails.




signature.asc
Description: OpenPGP digital signature

Re: Experiences with BTRFS -- is it mature enough for enterprise use?

[Jan Vales]

tl;dr:
save yourself the hassle and dont. go for md-raid5/6 + (luks +) XFS.

long version:

Just last week we migrated our soon to be production server (6 disks)
btrfs-raid10 to md-raid6+XFS, after btrfs managed to die twice in december.

So cool btrfs-raid/filesystem-level-raid sounds, so broken it seems atm :(
Not only did they not manage to use "common" definitions of raid - as
in: md-raid being de-facto-standard, they get to define certain aspects
of raid and others have to live by that ...

READ THEIR DOCS + MAILING LIST!

For example: when people talk about raid1 with say 4 disks, they expect
that all disks have the same contents... Therefore expecting that losing
3 disks means no data loss.
Well... btrfs decided to stick with some ancient definition of raid1
which is imho more like md-raid10, than md-raid1, as there are only 2
copies of data and you cant make btrfs to store more than 2 copies.
Therefore losing 2/4 disks -> btrfs irrecoverably broken.

btrfs-raid1 and btrfs-raid10 seem to be basically the same thing, with
some imho performance optimizations (not striping vs striping), which
should imho not even be user-settable as it makes no sense to go for
suboptimal performance, but then again, maybe i missed some of their
nearly inexistent documentation pointing out the good part of
btrfs-raid1 ...

Also btrfs-raid5/6 are broken and didnt even survive our in-vm-testing,
before getting a chance on bare-metal.


Also it seems way easier to go "full-raid-encryption" with luks + md-raid.
(Our intention is to be able to send in disks to get them replaced
without having to worry, that data could be easily extracted; there is
an usb-stick with the luks key sticking out of every machine...)

If you need some btrfs-features (snapshots <3), consider going
md-raid+luks+btrfs.
* Unsure if it still holds that btrfs will fail horribly if it sees its
uuid on more than one disk, possibly making the
full-disk-encryption-layer mandatory.

br,
Jan


On 12/26/17 20:37, Rick Thomas wrote:
> 
> Is btrfs mature enough to use in enterprise applications?
> 
> If you are using it, I’d like to hear from you about your experiences — good 
> or bad.
> 
> My proposed application is for a small community radio station music library.
> We currently have about 5TB of data in a RAID10 using four 3TB drives, with 
> ext4 over the RAID.  So we’re about 75% full, growing at the rate of about 
> 1TB/year, so we’ll run out of space by the end of 2018.
> 
> I’m proposing to go to three 6TB drives in a btrfs/RAID5 configuration.  This 
> would give us 12TB of usable data space and hold off til the end of 2024 
> before needing the next upgrade.
> 
> Will it work?  Would I be safer with ext4 over RAID5?
> 
> Thanks in advance!
> Rick
> 


-- 
lg
Jan Vales
--
I only read plaintext emails.

Someone @ irc://irc.fsinf.at:6667/tuwien
webIRC: https://frost.fsinf.at/iris/



signature.asc
Description: OpenPGP digital signature

[stretch] RAID + LUKS + PATCHed cryptoroot script to use USB-stick keyfile via passdev with fallback to askpass + silenced systemd

[Jan Vales]

Hi List!

I spent sereval hours today figuring out how to do an useful RAID with
full-disk encryption for headless servers that will use an usb stick to
read the keyfile from and falling back to askpass to enter the pw from
console if no stick is found and also managed to silence systemd.

This post has the intention of being a reference post of the type "Im
finally done after a day of doing stuff in a vm and hopefully this will
save someone a few hours to get a similar setup set-up."

Also included: a patch for cryptoroot to make it fall back to askpass,
if no keyfile can be found on usb-sticks.

There are many outdated and incomplete guides, mostly written for
oldoldold-stable, which will make you do more than necessary. :P
The fewer changes to a system, the better, IMO.


So...

I ran the default netinstall iso and partitioned the VM as follows:
/dev/sda1: /boot
/dev/sda2: RAID0: md0
/dev/md0: crypto_LUKS: md0_crypt (defaults + passphrase)
/dev/mapper/md0_crypt: ext4: /

Ill test a more useful raid level on the live setup, once the hardware
is assembled, but I expect it to behave identically.

After the installer finished, and rebooted the VM, I got to enter the
passphrase for the first time, it booted fine. An encrypted root-fs on a
raid seems to work out of the box by now - no need to fiddle with grub
as some guides suggest!


The next step was to get the passwordless usb-stick (/dev/sdb)
auto-decryption working.
(Again: it works nearly out of the boy by now, there are MANY outdated
guides out there suggesting you to download some unnecessary scripts)

It all boiled down to:

# mkfs.ext4 -L keys /dev/sdb
# mount LABEL=keys /mnt
# echo -n "asdf" > /mnt/root.keys
# cryptsetup luksAddKey /dev/md0 /mnt/root.key
# umount /mnt

Seting the following line in /etc/crypttab
---
md0_crypt UUID=[...] /dev/disk/by-label/keys:/root.key:5
luks,initramfs,keyscript=/lib/cryptsetup/scripts/passdev,tries=2
---

# update-initramfs -tuck all
# update-grub
# reboot

Now we are in a state that debian will boot automatically, unlocking the
encrypted root filesystem on a raid without any user-interaction.
Sweet?
Somehow... systemd has a tendency to complain and slow down the boot
process by 1:30 min because it fails to handle the new crypttab entry,
but after the timeout, you get presented with a login.

To silence systemd:
# touch "/etc/systemd/system/systemd-cryptsetup@md0_crypt.service"
# reboot

This will override the generated systemd-cryptsetup services.

After the reboot, we get booted instantly, without systemd complaining
about anything.

Now what happens, if you dont have your usb-stick connected to the
machine when rebooting?
Well... passdev will wait for 5 sec, then fail, retry, fail again, ...
There doesnt seem to be any kind of fallback to console-pw-entry.
This should not really matter, but what if for some reason the usb
controller or usb-stick fails and renders the machine unbootable,
because you dont have a replacement at hand?
That would suck, wouldnt it?

Therefore I extended/hacked the original
/usr/share/initramfs-tools/scripts/local-top/cryptroot script a little bit.

# cp /usr/share/initramfs-tools/scripts/local-top/cryptroot
/etc/initramfs-tools/scripts/local-top/cryptroot

*edit stuff* The patch is attached.

The intention was to try to use the usb stick and if passdev times out,
fall back to passphrase-entry in the console via askpass.

I added the option "cryptaskpassfallback" that should have been settable
via /etc/crypttab as another option, but for some reason it was not
passed from /etc/crypttab and by that time, my motivation wasnt really
that high anyomre to investigate it further, and i simply hardcoded the
default to ="yes" instead of ="".

The actual fallback feels a little hacky too and im not really happy
about it, as Im not really sure, if I didnt create any unwanted
side-effects, by calling setup_mapping() once more.

It would be awesome, if some maintainer of the corresponding packages
would consider including this functionality, maybe a little less hacky. :)

Anyway. After applying the patch, all seems done.

# update-initramfs -tuck all
# reboot

Will either insta-boot with the usb stick accessible, or ask for a
passphrase, and systemd wont complain.
Thats what I wanted for myself and it seems to work as expected...

Just wanted to share this. Maybe this will help someone in the future. :)

br,
Jan
--
I only read plaintext emails.
#!/bin/sh

PREREQ="cryptroot-prepare"

#
# Standard initramfs preamble
#
prereqs()
{
# Make sure that cryptroot is run last in local-top
for req in $(dirname $0)/*; do
script=${req##*/}
if [ $script != cryptroot ]; then
echo $script
fi
done
}

case $1 in
prereqs)
prereqs
exit 0
;;
esac

# source for log_*_msg() functions, see LP: #272301
. /scripts/functions

Re: Upgrading from very-old Debian

[Jan]

On 28.11.2017 17:58, The Wanderer wrote:

On 2017-11-28 at 11:53, Patrick Bartek wrote:


On Tue, 28 Nov 2017 10:28:57 -0500 The Wanderer
 wrote:


I've run across someone who says her machine is running Debian
oldoldoldstable or maybe even oldoldoldoldstable, and who
consequently can't upgrade to newer Debian.

I seem to recall that there *is* a way to do step-wise upgrades of
such old systems, i.e. upgrading from oldoldoldoldstable to
oldoldoldstable, then to oldoldstable, then to oldstable, then to
stable. However, I'm stumped as to how to actually get started on
doing that.

The last few steps of this are straightforward; oldoldstable is
still available in the repos, as far as I'm aware. The first ones
are more of a problem; if I understand matters correctly, anything
prior to oldoldstable is removed from the live repos, although its
.deb files are still maintained on e.g. snapshot.debian.org. (Which
doesn't really suffice for the equivalent of a dist-upgrade,
because you'd have to manually download all the correct .debs by
hand and then install them with dpkg.)

Is there in fact a way to manage the first steps of this stepwise
upgrade, from one aged-out-of-the-repos release to another?

If so, any pointers to information on how to go about it?


Save yourself time and lots of problems, back up your data and do a
clean install of the current Debian release.


A: This isn't me, this is someone I encountered.

B: That's not always a viable option, depending on the circumstances.
It's probably the easier option when it is viable, but that doesn't mean
it should be the only option considered, for cases when something else
may be more viable.


To do what you want requires dist-upgrading each release, in order,
one-at-a-time, then troubleshooting each dist-upgrade once done with
no guarantees it will work.


Yes, of course. That's established procedure, and it's entirely
reasonable to expect people to follow it. (Is there any reason it
shouldn't work, when it worked for people at the time when those
releases were made?)


Be sure to read and explicitly follow the dist-upgrade instructions
in the Release Notes for each release. Many times there are special
things that must be done. Just dist-upgrading from your current old
install to Stretch, skipping all those inbetween is "not
recommended," meaning it won't work.


Of course. That's exactly why accessible repositories containing those
older releases are needed; my question was about how / where to manage
those, and that was answered in the first reply.



As a friendly recommendation:
If it was about me, I would encourage to backup the home directories as 
well as mail or similar, depending what other kind of services running 
under the particular system.


Backup the data to an external usb drive or the whole source drive if 
you are keen on that, for example. Then do a "clean" install of a new 
system on the original drive. Otherwise you might run into issues, where 
you might miss out on an important package, if you snapshot upgrade one 
by one.


Running such a old and obsolete system is not only a security risk, but 
also in other areas where improvements has been made, you miss out on a 
lot. This was not the question of course, but it simply doesn't make 
much sense to keep such an old operating system around which is not even 
actively supported by documentation or people likewise anymore.


And it might not simply be worth the hassle to upgrade step by step, 
possible breaking something in the process and troubleshoot why one 
package depends on another or crippling other services, having obsolete 
folders or even configuration files and settings laying around, which 
are not needed anymore. As stated by other people here, it might and 
perhaps will, take much longer time to troubleshoot everything or simply 
end up to be impossible to do correctly.


Better clean and start from scratch install with a known supported 
installation.
Ensure just to backup mail(dirs), mail, .ssh, .config or similar folders 
in "home" (or better the whole home folders" or "var" or other locations 
which might contain data you need. Or "etc" for configuration settings - 
but "etc" content, might and will most likely have changed dramatically 
depending on what was installed previously.


To backup the software list of what was installed on the system, I would 
use something like an "apt list | grep installed" and pipe the output 
into a file. But for "apt-get" this does not seem to be an option, so 
perhaps theres another way to get a list of installed packages using 
dpkg or such, I'm just not aware of that.
This way, you can then, after some cleanup in an editor for example, 
pipe the output of listed installed packages into the new system 
apt/apt-get and reinstall as available in the repository everything that 
was installed earlier, most likely.


Of course, after the home directories have been created accordingly 
using add user and copy 

Re: http://detectportal.firefox.com/success.txt

[Jan Claeys]

On Wed, 2017-11-15 at 12:03 +0100, Geert Stappers wrote:
> Het is http://detectportal.firefox.com/success.txt waar ik tegenaan
> liep. Anderen waarschijnlijk ook wel.
> 
> Heel het "detect portal gebeuren" zal met de beste bedoeling gemaakt
> zijn.

Elke publieke WiFi moet tegenwoordig verplicht je registreren zodat je
niet anoniem kan surfen; zonder "captive portal" is dat zo goed als
onmogelijk, maar die portals zorgen voor problemen waardoor workarounds
zoals deze nodig zijn, workarounds die niet altijd werken en op zich
ook weer problemen veroorzaken.   ☹

RFC-7710 zou dat moeten helpen oplossen (via DHCP), maar heel wat
publieke WiFi gebruiken dat nog niet, en heel wat apparaten,
besturingssystemen & clients ondersteunen het ook nog niet...


-- 
Jan Claeys

NFS4 timeouts with multiple clients

[Jan-Martin Raemer]

Hi,

when multiple clients (about 70-80) access our NFS servers, we start
encountering timeouts. All servers are running jessie (on VMware) 
and we use NFSv4 via IPv6. If only a small number of servers is
accessing the server, everything works fine, on higher load random
servers get a timeout on mount. While the timeouts occur, the load
on the NFS server stays low (<0.5), as does the IO load. There are
no limits on file handlers etc.
tcpdump to the affected hosts gives these hints:
...reply ok 96 getattr ERROR: Request couldn't be completed in time
I also tried increasing timeo at mount without any success.
Does anyone have any ideas on this?

best regards,
Jan-Martin

-- 
Dr. Jan-Martin Rämer
Systemtechnik
Zentrum für Hochschul-IT Rheinland-Pfalz
Moselweißer Straße 4, 56073 Koblenz
Telefon +49(0)261 9528-906
rae...@zit-rlp.de


smime.p7s
Description: S/MIME cryptographic signature

Re: Debian 9.2 Release

[jan]

Tack för snabbt svar.

mvh
/Janne


On Thu, 19 Oct 2017 13:08:03 +0200
Jonathan Sélea  wrote:

> Stämmer, där laddar du ner Raspbian stretch
> 
> Annars kan du uppdatera dig till det i befintlig raspbian
> 
> 
> On 2017-10-19 10:30, j...@lillahusetiskogen.se wrote:
> > Var hittar man Raspbian 9.2? Jag kollade på debian.org men hittade
> > bara en länk till en version från 2012.
> > Är det den här som gäller (2017-09-07)?
> > https://www.raspberrypi.org/downloads/raspbian/
> >
> > mvh
> > /Janne
> >
> >
> > On Thu, 19 Oct 2017 00:52:19 +0200
> > Luna Jernberg  wrote:
> >
> >> Debian 9.2 är nu släppt för allt
> >>
> >> On 10/10/17, Luna Jernberg  wrote:
> >>> Debian 9.2 är nu släppt: https://www.debian.org/News/2017/20171007
> >>> Uppdaterade precis lite burkar här på jobbet Tibble Gymnasium /
> >>> Täby Friskola och hemma har funkat fint :) och images för
> >>> Raspberry Pi och Raspbian dyker upp om 1 vecka till
> >>>
> >>> Trevlig höst alla GNU/Linux människor :)
> >>>
> 
> 

Re: Debian 9.2 Release

[jan]

Var hittar man Raspbian 9.2? Jag kollade på debian.org men hittade bara
en länk till en version från 2012.
Är det den här som gäller (2017-09-07)?
https://www.raspberrypi.org/downloads/raspbian/

mvh
/Janne


On Thu, 19 Oct 2017 00:52:19 +0200
Luna Jernberg  wrote:

> Debian 9.2 är nu släppt för allt
> 
> On 10/10/17, Luna Jernberg  wrote:
> > Debian 9.2 är nu släppt: https://www.debian.org/News/2017/20171007
> > Uppdaterade precis lite burkar här på jobbet Tibble Gymnasium / Täby
> > Friskola och hemma har funkat fint :) och images för Raspberry Pi
> > och Raspbian dyker upp om 1 vecka till
> >
> > Trevlig höst alla GNU/Linux människor :)
> >
> 

Re: OT: Re: Suitable text ed

[Jan-Peter Rühmann]

Hello

Am 07.09.2017 um 07:50 schrieb Mike McClain:
> On Wed, Sep 06, 2017 at 02:31:08AM -0400, Gene Heskett wrote:
>>
>> The total configuration generally is not a single file, usually broken up
>> according to its order in the programs bootup, first being the basic
>> config, then the first of what could be 2 or 3 .hal files, some of which
>> can't be run until the gui is started, then once the gui is drawn, more
>> gui for accessory tally's, spindle speed/direction, and dials to replace
>> the cranks that no longer exist, usually written in xml or pyvcp, or
>> gladevcp is done, which adds the "hal pins" that connect the machine gui
>> to the machine. It can get complex.  This most recent lathe has over
>> 1200 lines of code just in the configuration files.  And I still do not
>> have any coolant or lube facilities under control.  Stuff I have yet to
>> build or buy. :)
> 
> Damn, that sounds like fun.
> Mike
> --
> Go to heaven for the climate, hell for the company.
> - Mark Twain
> 
I prefer vi on the Console and Atom in the UI.
before I found Atom I loved Kate very much and I still like mcedit in the 
Console and via ssh.

Good Luck,
-- 

-=== Jan-Peter Rühmann & Kuma 
===-
 Gubkower Str.7   [ Tel.:  +49 (38205) 65484 (Privat) ] Mail: 
jan-pe...@ruehmann.name
 18195 Cammin [ Tel.:  +49 (38205) 65215 (Firma)  ] Web: 
http://www.ruehmann.name
 Deutschland  [ FAX:   +49 (38205) 65212  ]
  [ Mobil: +49 (162) 1316054  ] Beruf:
IT-Servicetechniker
 ICQ: 288192920 Ring: JPRuehmann  WhatsApp: 491621316054 Twitter: 
@JPRuehmann
--
  Die Verwendung der Daten zu Werbezwecken ist verboten.

--

Re: how to automatically reload a firefox page

[Jan]

Hi Steve

The add-on Tab Mix Plus has an option under Menu to add "Reload every ..." to 
the tab's context menu. The add-on may be overkill if you just want that reload 
option, but I do know it works.

Kind regards

Jan

24.07.2017, 14:56, "Steve Kleene" <sk...@syrano.acb.uc.edu>:
> I'm looking for an automated way to have firefox-esr reload its window at
> regular intervals. There's a site to which I like to stay connected that
> logs me off if the window is inactive for long.
>
> For the past few years I've been using the ReloadEvery plugin for this. With
> the upgrade to firefox-esr 52, though, this stopped working, probably as
> explained here:
>
>   https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/
>
> I tried the newest ReloadEvery (v45) available online, but it still doesn't
> work. Before ReloadEvery, I used to set up a shell command that would
> periodically do this:
>
>   /usr/bin/iceweasel -remote openurl\([URL]\)
>
> The -remote call also no longer works. Any other ideas on how to do this?
> Thanks.

Re: Peculiar problem with root login

[Jan-Peter Rühmann]

Normally you can´t login via Root, because there is no entry in the passwd file.
That is because it is no good Idea to work as root.
the best way for SSH is by public key, without the need for Passwords.
There are a lot of Howto´s in the net.
Hope that helps a little.

Am 12.06.2017 um 15:50 schrieb Harry Putnam:
> Running debian jesse in a vbox vm on a Solaris host
>
> I have what seems like an unusual problem with root login on this
> host.
>
> I've done the normal things one does to allow root login; that is, add
>
>PermitRootLogin yes
>
> to /etc/ssh/sshd_config
>
> Restart ssh, and in fact this host has been rebooted a few times since
> adding that Permit line.
>
> I set sudo up to work with no passwd for a certain user long ago and
> so I was able to redo root passwd just to make sure there wasn't some
> error there.
>
> Still, I cannot login as root user  I don't mean at the main login
> screen one gets on bootup, but from an xterm in a running session.
>
> Of course, checked to see if Caps lock was on... 
>
> I've checked output of ssh -vvv root@localhost, and see nothing very
> exciting.. just asking for password and rejecting it repeatedly:
>
> debug1: Next authentication method: password
>   root@localhost's password: 
>   debug2: we sent a password packet, wait for reply
>   debug1: Authentications that can continue: publickey,password
>   Permission denied, please try again.
>
> This password has been in use for many years on vm hosts behind
> firewall etc etc. So, there is literally NO chance I'm just getting it
> wrong.  Not to mention as I said above that I redid the passwd in this
> most recent attempt to get it working.
>
> I'm fresh out of ideas as to what else to do here.
>
> The auth log shows:
>
>   Jun 11 14:50:55 d2 sshd[2830]: pam_unix(sshd:auth): authentication
>   failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=d.local.lan
>   user=root
>
>   Jun 11 14:50:57 d2 sshd[2830]: Failed password for root from
>   127.0.0.1 port 54522 ssh2
Good luck,
-- 
Signatur
--
FOTO <http://www.ruehmann.name> 
Jan-Peter Rühmann & Kuma

QR-Code (ME-Card) <http://www.ruehmann.name>
Gubkower Str. 7 
TELEFON:   +49 (38205) 65484
18195 Prangendorf   
FAX:   +49 (38205) 65212
Deutschland / MVP   
MOBILE:   +49 (162) 1316054
PIRATENPARTEI <http://piratenpartei-mv.de/> VER.DI <http://rostock.verdi.de/> 
EUROPA
DEUTSCHLAND MECKLENBURG-VORPOMMERN ROSTOCK
EMAIL:   jan-pe...@ruehmann.name <mailto:jan-pe...@ruehmann.name>
  ICQ:   <http://www.icq.com> 288192920
<http://www.icq.com/people/about_me.php?uin=288192920>   Sprechen
<http://www.icq.com/people/cmd.php?uin=288192920=message>   Hinzuf�gen
<http://www.icq.com/people/cmd.php?uin=288192920=add>
  Twitter Profil @JPRuehmann   <http://twitter.com/?q=JPRuehmann#>
  WhatsApp 491621316054   <https://www.whatsapp.com>
WEB:   http://www.ruehmann.name <http://www.ruehmann.name>

--
Die Verwendung der Daten zu Werbezwecken ist verboten.

Re: Printer Setup Problem

[Jan-Peter Rühmann]

Did the same command work with the Debian PC?
Nonetheless have you choose the right driver?
It is possible that your printer can´t emulate the old Matrix Printers and so 
it can´t
Print Text directly the same goes for GDI Printers.
Hope that helps a little pointing out the Problem.

Am 12.06.2017 um 16:50 schrieb Thomas George:
> Two computers, an old pc with Debian Stretch and a new Raspberry Pi with the 
> raspbian
> jessie operating system.
>
> The old pc prints to a lan printer with no problem. The lpstat -t shows the 
> identical
> set up on the Raspberry Pi but a command lp test.txt results in no printer 
> output
> although the cups log shows the job as completed.
>
> I have attached a script of the output of lpstat -t on the Raspberry Pi. The 
> output of
> this command on the old pc is absolutely identical except for the dates and 
> times.
>
> Where should I look to fix this?
>
>
> PrinterPrintsNothing.txt
>
>
> Script started on Sun 11 Jun 2017 11:36:43 AM EDT
> raspberrypi:/home/pi# lpstat -t
> scheduler is running
> system default destination: Samsung_CLP-320_Series
> device for Samsung_CLP-320_Series: socket://192.168.1.139
> Samsung_CLP-320_Series accepting requests since Fri 09 Jun 2017 04:21:01 PM 
> EDT
> printer Samsung_CLP-320_Series is idle.  enabled since Fri 09 Jun 2017 
> 04:21:01 PM EDT
> raspberrypi:/home/pi# systemcytl enable cups
> Synchronizing state for cups.service with sysvinit using update-rc.d...
> Executing /usr/sbin/update-rc.d cups defaults
> Executing /usr/sbin/update-rc.d cups enable
> raspberrypi:/home/pi# exit
>
> Script done on Sun 11 Jun 2017 11:37:49 AM EDT
Good luck,
-- 

-=== Jan-Peter Rühmann & Kuma 
===-
 Gubkower Str.7   [  Tel.:  +49 (38205) 65484  ]   
jan-pe...@ruehmann.name
 18195 Prangendorf[  FAX:   +49 (38205) 65212  ]  
http://www.ruehmann.name
  [  Tel.:  +49 (38205) 65215  ]
  [  Mobil: +49 (162) 1316054  ]   
IT-Servicetechniker
ICQ: 288192920WhatsApp: 491621316054  Twitter: 
@JPRuehmann
--
  Die Verwendung der Daten zu Werbezwecken ist verboten.

Difference Wheezy / Jessie TCP offloading

[Jan Bakuwel]

Hi all,

I'm looking after a XenServer (ie. from Citrix, not Xen Open Source)
that's running a couple of VMs. Those VMs are being migrated to a DMZ
behind a UTM appliance (which is also a VM running on the same
XenServer). The virtual hardware configuration of those VMs is virtually
(pun intended ;-) ) the same. They're all using the same virtualization
method (HVM).

It was necessary to disable TCP offloading to make this work for the
first couple of VMs that were migrated. These are all Debian Wheezy
(kernel  3.2.0-4-amd64). I did that at the VM level:

# ethtool --offload eth0 tx off rx off
Cannot change rx-checksumming
# ethtool -K eth0 rx off tx off sg off tso off ufo off gso off gro off
lro off
Cannot change rx-checksumming
Cannot change udp-fragmentation-offload
Cannot change large-receive-offload
#

and even though some of the ofload/checksumming could not be disabled,
it all works fine.

The next VM is a Debian Jessie VM (kernel 3.16.0-4-amd64). When I try to
disable TCP offloading at the VM level I get:

# ethtool --offload eth0 tx off rx off
Cannot change rx-checksumming
Could not change any device features
# ethtool -K eth0 rx off tx off sg off tso off ufo off gso off gro off
lro off
Cannot change rx-checksumming
Cannot change udp-fragmentation-offload
Cannot change large-receive-offload
Actual changes:
scatter-gather: off
tx-scatter-gather: off
tcp-segmentation-offload: off
tx-tcp-segmentation: off


However, a tcpdump on the virtualisation host shows checksum errors when
I try to access the Debian Jessie VM via the UTM appliance. No checksum
errors when accessing the Debian Wheezy VM.

[root@xenserver ~]# tcpdump -i eth0 -v -nn | grep incorrect
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
65535 bytes
[IPremoved].22 > [IPremoved].41641: Flags [P.], cksum 0x1dd3
(incorrect -> 0x63d2), seq 228221313:228222304, ack 1348773693, win 227,
options [nop,nop,TS val 457298 ecr 3317501], length 991
[IPremoved].22 > [IPremoved].41641: Flags [F.], cksum 0xc80f
(incorrect -> 0x0e0f), seq 991, ack 2, win 227, options [nop,nop,TS val
457672 ecr 3319672], length 0
[IPremoved].22 > [IPremoved].41655: Flags [S.], cksum 0xfdff
(incorrect -> 0x43ff), seq 2663738003, ack 750476535, win 28960, options
[mss 1460,sackOK,TS val 457996 ecr 33199


I've also tried disabling TCP offloading on the virtualisation host (as
per https://support.citrix.com/article/CTX212540) but so far I've not
been successful in making it work for the Debian Jessie VMs.

Everything else being the same, it seems a VM that runs Debian Wheezy
works, while a VM that runs Debian Jessie does not.

Hence I'm sending this email to the debian-users list...

Suggestions much appreciated.

kind regards,

Jan

Re: If Linux Is About Choice, Why Then ...

[Jan-Peter Rühmann]

I can´t understand this Discussion, as Normal user I even had not known that 
there are
more than one Init System (SystemV) and I don´t think that this should be 
chooseable. The
Installation is complicated enough dont make it more complex by adding choices 
which no
one understands.

By the way I am using Linux since 20Years. For me personally there is no 
Problem in
Installing another Init after Installation Therefore I don´t think it is needed 
as long
everything is running fine. I am using systemd and beeing perfectly happy with 
it had only
to do with it one time as I configured on access scan with clamd what is  not 
the most
important thing too I think.

Please end this Diskussion and get on with important things.

Am 13.03.2017 um 20:40 schrieb Patrick Bartek:
> The Linux mantra has always been "choice," plethoras of choices. So why
> at install time, is there no choice for the init system?  You get what
> the developers decide. Yes, you can install a new one -- I've done it
> and it works -- but only after the install.  It'd be a lot easier, if
> there were a choice to begin with just like whether you want a GUI and
> which one.
>
> Now, I know with LFS, you get to choose everything, etc.  But is a
> choice of init at install time so outrageous that no one ever
> considered it or is it technically unfeasible or something else.
>
> Just curious.
>
> B
Till then,

-- 

-=== Jan-Peter Rühmann & Kuma 
===-
 Gubkower Str.7   [  Tel.:  +49 (38205) 65484  ]   
jan-pe...@ruehmann.name
 18195 Prangendorf[  FAX:   +49 (38205) 65212  ]  
http://www.ruehmann.name
  [  Tel.:  +49 (38205) 65215  ]
  [  Mobil: +49 (162) 1316054  ]   
IT-Servicetechniker
Skype: jan-peter_ruehmann / ICQ: 288192920 / WhatsApp: 491621316054 / Twitter: 
@JPRuehmann
--
  Die Verwendung der Daten zu Werbezwecken ist verboten.

Re: root@localhost mail not forwarding in Exim

[Jan-Peter Rühmann]

Have you tried sudo dpkg-reconfigure exim4-config

Which Settings you have there?

Am 01.03.2017 um 21:40 schrieb Jiangsu Kumquat:
> I changed my server name and fqdn and now the mail to root@localhost is 
> bouncing.
>
> I went into every file that had the old name and changed it to the new name 
> but it still
> doesn't work. I did "grep -r something.else /etc" to find all the files.
>
> so, if I want to use mail.example.com <http://mail.example.com> as my fqdn, 
> and the old
> fqdn was something.else and r...@something.else was redirecting mail to
> m...@something.else ... then what do I need to change in Exim to make this 
> happen?
>
> root@localhost is bouncing
> r...@mail.example.com <mailto:r...@mail.example.com> is bouncing
> m...@mail.example.com <mailto:m...@mail.example.com> is working
>
> /etc/mailname is this line:
> mail.example.com <http://mail.example.com>
>
> I would also like to be able to send mail to me@mail instead of 
> m...@mail.example.com
> <mailto:m...@mail.example.com> ... if this is possible.
>
> I did "grep -r something.else /etc" and changed all the files to the 
> mail.example.com
> <http://mail.example.com> name and then ran the "update-exim4.conf"
>
> if you reply, please CC me directly because it is hard to find messages in 
> this list
> because of the high volume.
>
> Thanks
Good Luck,
-- 

-=== Jan-Peter Rühmann & Kuma 
===-
 Gubkower Str.7   [  Tel.:  +49 (38205) 65484  ]   
jan-pe...@ruehmann.name
 18195 Prangendorf[  FAX:   +49 (38205) 65212  ]  
http://www.ruehmann.name
  [  Tel.:  +49 (38205) 65215  ]
  [  Mobil: +49 (162) 1316054  ]   
IT-Servicetechniker
Skype: jan-peter_ruehmann / ICQ: 288192920 / WhatsApp: 491621316054 / Twitter: 
@JPRuehmann
--
  Die Verwendung der Daten zu Werbezwecken ist verboten.

Re: Stretch als desktop

[Jan van Gemert]

Op 14-02-17 om 11:18 schreef Paul van der Vlis:

Hallo,

Sinds een update vorig jaar, hebben ik en veel van de mensen die ik
ondersteun last van een Icedove die regelmatig crashed onder Debian
stable en oldstable. Nu ben ik aan het zoeken naar (nood)oplossingen en
workarrounds. Een van die noodoplossingen zou kunnen zijn snel upgraden
naar Stretch.

Nu ken ik niet veel mensen die Stretch of Sid dagelijks gebruiken. Twee
zeggen me geen last te hebben van crashes. Wat is jullie ervaring? Bij
mij crashed Icedove regelmatig en het is niet reproduceerbaar.

Kennen jullie verder andere problemen met Stretch als desktop?

Groeten,
Paul

p.s. Men denkt dat het aan een andere versie van GCC ligt, bij Mozilla
gebruiken ze een oude versie van GCC. Daar speelt het probleem niet.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828069#120


Ik gebruik dagelijks Icedove zonder problemen. Naast de mail-, ook de 
agendafunctie. De laatste gekoppeld met google-agenda.

Betreft: Debian Jessie, Icedove  1:45.6.0-1~deb8u1

Strech en Sit gebruiken zo te zien Icedove 1.45.6.0-2, gezien het 
versienummer zou het verschil met Jessie klein moeten zijn, maar ja


--
Groeten
Jan van Gemert

Re: how to config wireless card

[Jan-Peter Rühmann]

wpa_suplicant installed?

Am 14.01.2017 um 08:40 schrieb Long Wind:
> https://wiki.ubuntuusers.de/WLAN/  isn't in English, I can't understand
>
> I have installed wicd, it's great, it needn't kde/gnome
> it nearly succeed, but during authentication, it stop
> maybe i should try other encryption methods of router
>
> Thank those who reply!
ca.
-- 

-======= Jan-Peter Rühmann & Kuma 
===-
 Gubkower Str.7   [  Tel.:  +49 (38205) 65484  ]   
jan-pe...@ruehmann.name
 18195 Prangendorf[  FAX:   +49 (38205) 65212  ]  
http://www.ruehmann.name
  [  Tel.:  +49 (38205) 65215  ]
  [  Mobil: +49 (162) 1316054  ]   
IT-Servicetechniker
Skype: jan-peter_ruehmann / ICQ: 288192920 / WhatsApp: 491621316054 / Twitter: 
@JPRuehmann
--
  Die Verwendung der Daten zu Werbezwecken ist verboten.

Re: how to config wireless card

[Jan-Peter Rühmann]

You shouldn´t compare apples and Donuts here, at least compare cli 
configurations.
But that is not the Point.

I´ve used the Descriptions here https://wiki.ubuntuusers.de/WLAN/ to make my 
wlan work in
Herbstluftwm.

Have you installed iw?
Have you installed some Desktop Environment,  if yes which?
Try start the respective Tool from Command Line?

Why do you use Windows Desktop Tools without complaints and in Linux not?
Have you tried to setup Wifi in DOS? ;-)

Am 13.01.2017 um 10:30 schrieb Long Wind:
> Thank Johan DS!
>
> I enter a command from a
> link(https://wiki.archlinux.org/index.php/Wireless_network_configuration)
> you offer:
>
> iw dev
sudo apt-get install iw
> the screen display nothing, where something go wrong?
>
> In XP, wireless config is easy
> connecting cell phone to router is easy too, just enter password
> why it's so hard in Linux?
> I don't have kde or gnome, is there any GUI tool that make it easy and
> not rely on kde/gnome?
> the installer may have some nice program that config wireless?
> should i reinstall debian??
Good luck,
-- 

-=== Jan-Peter Rühmann & Kuma 
===-
 Gubkower Str.7       [  Tel.:  +49 (38205) 65484  ]   
jan-pe...@ruehmann.name
 18195 Prangendorf[  FAX:   +49 (38205) 65212  ]  
http://www.ruehmann.name
  [  Tel.:  +49 (38205) 65215  ]
  [  Mobil: +49 (162) 1316054  ]   
IT-Servicetechniker
Skype: jan-peter_ruehmann / ICQ: 288192920 / WhatsApp: 491621316054 / Twitter: 
@JPRuehmann
--
  Die Verwendung der Daten zu Werbezwecken ist verboten.

A Linux ebook quick launcher - looking for testers and feedback

[Jan]

Hello,

I wrote a piece of software for Linux and or Debian and I am looking for 
testers and of course feedback.


In particular, it is about a ebook quick launcher application called 
"KISS Ebook" or kisslib in short, which is right now in development.


Its not a viewer of any kind, its simply purpose is, to quickly navigate 
through ebooks in a table view and launch any application connected to 
the ebook format - which can be set up on demand.


Supported ebook file types are:
- PDF
- EPUB
- MOBI
- CHM

The original problem, why I wrote this application:
Most ebook viewers dont care much about organizing your ebooks, you can 
view then just fine or start reading at the place where you left of - 
like "evince" in example.


But they dont support organizing your ebooks in a KISS (keep it simple 
and stupid) way.


Thats where kisslib comes into place.

kisslib let you define starting applications and lauch the ebook format, 
like .pdf, with a particular viewer of choice.


Like middle ware, but with some ability to label and search your ebooks.

The project is under development, but I thought it might be of interest 
as it is already in a usable state.


Its using GTK3 as a UI framework, sqlite3 as database storage and libzip 
for handling the EPUB format.

And its written in pure C.

Screenshots and further information can be found at:
Gallery: https://www.picflash.org/gallery.php?id=9RGDIIE7K8 (latest 
screenshots first)


Github: https://github.com/jrie/kisslib (Usage, Features, Compilation)


I would love to get your feedback about KISS Ebook.


Jan

Re: Dual Boot

[Jan Bakuwel]

Hi Pascal,

On 28/11/16 12:48, Pascal Hambourg wrote:
> Le 27/11/2016 à 21:02, Jan Bakuwel a écrit :
>>
>> On 26/11/16 11:01, Pascal Hambourg wrote:
>>>
>>> When embedding is not possible, the core image is stored as a regular
>>> file in /boot/grub. Then /boot/grub must be on the same drive as the
>>> boot image. However blocklists are not reliable with files, because
>>> the filesystem may move blocks containing a file around.
>>
>> I find it extremely useful (to the point where it once literally saved
>> me from disaster which is a story beyond the context of this thread) to
>> have multiple OS-es installed on any machine. I've been doing that for
>> years and even with grub it has - so far - always worked fine. But I
>> hear you that that's not a guarantee, and thus I started using extlinux.
>
> I think that I experienced that problem once (but not sure), and
> needed to reinstall GRUB. To be honest, the chances that the blocs
> containing the core image may be moved around are very thin if you
> have a separate ext2 /boot partition, which is rarely modified.
>
>> Which brings me to the following question: what is the recommended way
>> to boot multiple OSes with grub, for example with a partition layout as
>> below. Or is there simply no sane way to do this with grub?
>
> I would not pretend to know "the recommended way".
> However I would recommend a few layouts for some configurations.
>
> If EFI boot is an option, then install all systems for EFI boot (for
> Windows this implies a GPT partition table on the boot disk). This way
> all bootloaders can be installed in separate directories in the EFI
> system partition without overwriting one another. You can define one
> of them as the primary boot loader with higher boot priority in the
> EFI boot list.

One day I'll have to bite that bullet but that day has not come yet :-)

>
> For BIOS boot, without Windows I would recommend to install a primary
> GRUB in the MBR with embedding. Install secondary GRUBs in partitions
> boot records, without embedding. Then you have several options :
>
> - add all entries for Windows and other Linux system kernels in the
> main GRUB menu, which can be done automatically with os-prober called
> by update-grub. The drawback is that the main boot menu must be
> updated everytime a secondary boot loader is updated.
>
> - add entries to chainload the secondary boot loaders in the main GRUB
> menu, so that the main boot menu does not have to be updated when a
> secondary boot loader is updated. The "multiboot" command can be used
> to load a secondary GRUB core image file, so the embedding requirement
> does not apply here.
>
> - include or load secondary GRUB config files in the main boot menu.
> This does not work well with different versions of GRUB, so I do not
> recommend it.
>
> One must also decide whether to use the GRUB belonging to one of the
> Linux systems or an independent GRUB as the main boot loader. Of
> course there is less risk to damage an independent boot loader.
>
> So my advice for a safe setup would be to :
> - install the main GRUB in the MBR and its own partition for /boot/grub
> - install each secondary GRUB in its OS partition
> - chainload secondary GRUBs in the main GRUB's boot menu

This is how I've done it (before using extlinux). I still have a few
servers on grub using this method.

>
> Unfortunately with Windows the MBR is not a safe place because Windows
> overwrites the MBR at installation and sometimes when updating, so be
> prepared to restore a backup or reinstall GRUB. 

Yep. Haven't seen Windows mucking up the MBR with an update though - yet.

> The boot record of the main GRUB's partition is a safer place, but it
> prevents embedding, so the risk of moving blocks comes back. However
> this partition should not be mounted and modified often, so the risk
> is low.

Only keeping Windows on my workstation for video editing with Windows
running on the bare metal.
Never on the servers though.

>
>> /dev/sda1: boot/rescue system
>>
>> /dev/sda2: Windows 7
>> /dev/sda3: Windows 10
>>
>> /dev/sda5: /boot - Linux system 1
>> /dev/sda6: / - Linux system 1
>> /dev/sda7: /var - Linux system 1
>> /dev/sda8: /var/log - Linux system 1
>>
>> /dev/sda9: /boot - Linux system 2
>> /dev/sda10: / - Linux system 2
>> /dev/sda11: /var - Linux system 2
>> /dev/sda12: /var/log - Linux system 2
>>
>> /dev/sda13: swap
>> /dev/sda14: LVM
>
> From the missing /dev/sda4, I guess it is an extended partition and
> /dev/sda{5..14} are logical partitions in a DOS/MBR scheme. 10 logical
> partition is quite

Re: Dual Boot

[Jan Bakuwel]

Hi Pascal,

Thanks for responding.

On 26/11/16 11:01, Pascal Hambourg wrote:
> Le 25/11/2016 à 19:31, Jan Bakuwel a écrit :
>>
>> For reasons beyond my understanding grub complains about being
>> installed in a partition instead of the MBR ("embedding is not
>> supported and a BAD idea", yet it works fine).
>
> The GRUB BIOS boot loader is split off in three main parts :
> - the boot image stored in the MBR or in a partition boot sector (PBR)
> - the core image stored in a special area outside a filesystem (called
> "embedding") or as a regular file in a filesystem
> - modules, config files and so on stored in /boot/grub/
>
> The only purpose of the boot image is to load the core image. The boot
> image is a very small program which must fit into a single sector, so
> it does not understand any partition table or filesystem format. It
> reads a hardcoded list of physical sectors ranges ("blocklists") which
> contain the core image.
>
> Embedding of the core image is only (but not always) possible when the
> boot image is in the MBR and there is a big enough "embedded area"
> between the MBR and the first partition on a DOS/MBR partition table
> or a "BIOS boot" partition on a GPT partition table, or when the boot
> image is in a partition boot sector and the partition format contains
> a suitable area for embedding.
>
> I have yet to find such a partition format, so when installing the
> boot image in the PBR of a partition with any usual contents type
> (ext4, LVM physical volume, RAID member...), embedding is not possible.
>
> When embedding is not possible, the core image is stored as a regular
> file in /boot/grub. Then /boot/grub must be on the same drive as the
> boot image. However blocklists are not reliable with files, because
> the filesystem may move blocks containing a file around.

I find it extremely useful (to the point where it once literally saved
me from disaster which is a story beyond the context of this thread) to
have multiple OS-es installed on any machine. I've been doing that for
years and even with grub it has - so far - always worked fine. But I
hear you that that's not a guarantee, and thus I started using extlinux.

Which brings me to the following question: what is the recommended way
to boot multiple OSes with grub, for example with a partition layout as
below. Or is there simply no sane way to do this with grub?

/dev/sda1: boot/rescue system

/dev/sda2: Windows 7
/dev/sda3: Windows 10

/dev/sda5: /boot - Linux system 1
/dev/sda6: / - Linux system 1
/dev/sda7: /var - Linux system 1
/dev/sda8: /var/log - Linux system 1

/dev/sda9: /boot - Linux system 2
/dev/sda10: / - Linux system 2
/dev/sda11: /var - Linux system 2
/dev/sda12: /var/log - Linux system 2

/dev/sda13: swap
/dev/sda14: LVM

best regards,
Jan

Re: Dual Boot

[Jan Bakuwel]

Hi Dan, Hans,

> On 26/11/2016, at 04:51, Hans <hans.ullr...@loop.de> wrote:
> 
> Am Freitag, 25. November 2016, 10:15:09 CET schrieb Dan Norton:
> 
> Hi Dan, 
> 
> I have a similar problem with Kali-Linux and Debian. Everytime I upgrade a 
> kernel in kali-linux (which is on second drive), it overwrites grub on the 
> first drive.
> 
> My solution: I am booting "super-grub-disk-2" (google for it), and from this 
> I 
> can boot the old grub configuration.
> 
> When booted into debian (by using super-grub-disk-2), I am able to reinstall 
> grub on the first drive again. 
> 
> You can either use "dpkg-reconfigure grub-pc" or "update-grub" or even just 
> reinstall the package "grub-pc".
> 
> I also tried to use the debian installation cd in rescue mode, but I never 
> get 
> success. At all, I am really not very happy with debian installation cd in 
> rescue mode. My favourites are special live rescue  cd's like Trinity-Rescue-
> Kit, RIP, Knoppix and GRML.

What I do is have a small "boot/rescue" OS installed in the first partition (in 
my case Debian). It's boot loader is installed in the MBR. The only function of 
this OS is to chain load another OS (and perhaps for rescue purposes if 
something bad happens). In my case there's two flavors of Windows (although I 
never use those: using Windows in Virtualbox when I need it is more convenient) 
and three flavors of Linux: I don"t like throwing my old shoes away until I 
know I can walk on the new.

All these OSes of course need there own partitions. For reasons beyond my 
understanding grub complains about being installed in a partition instead of 
the MBR ("embedding is not supported and a BAD idea", yet it works fine). But 
since there likely is a logical reason for that warning, I'm moving away from 
grub and use extlinux instead.

The point of this is that each Linux OS can do whatever it likes (ie upgrades) 
with it's boot partition and boot loader: new kernel versions, new boot loader 
without affecting the "master boot loader".

Hopefully update-grub as Alexandre suggested will add Windows to the grub menu.

hope this helps,
Jan

Re: router solutions based on Debian?

[Jan Bakuwel]

Hi Daniel,

> On 24/11/2016, at 04:26, Bernhard Schmidt <be...@birkenwald.de> wrote:
> 
> Daniel Pocock <dan...@pocock.pro> wrote:
> 
> Hi Daniel,
> 
>> My ISP is upgrading my connection to gigabit on Friday and I suspect my
>> current router may struggle with it.
>> 
>> My existing router runs OpenWRT but I've found the firewall and IPsec
>> setup is a little bit constrained in that environment and it is tempting
>> to move to a router running a full OS.
>> 
>> I've seen a lot of discussions about making DIY routers running a free
>> OS like Debian, FreeBSD or OpenBSD and I was tempted to go with
>> something like that running Shorewall, strongSwan, DHCP and DNS.  Maybe
>> it will also do wifi or maybe the existing router will be a bridge to wifi.
>> 
>> Can anybody share any comments or links about this topic?
>> 
>> - quiet (fanless), low-power and low cost hardware suitable for Gigabit
>> routing and maybe use as a NAS too.  It would also be useful to have
>> fibre support in the router and avoid using a media convertor.
>> 
>> - are there any live builds or other out-of-the-box solutions that
>> address this use case particularly well?
> 
> My recommendation if you basically want a fanless mini PC is the PC
> Engines APU (2C4 for example). Quadcore 1GHz amd64 with AES-NI, 4 GB
> RAM, 3 GE ports, USB 3.0 external. I recommend using a M2 SSD for boot
> media. With PSU and case it starts around 220 EUR. Debian works out of
> the box.
> 
> You can also have a look at the Ubiquiti EdgeRouter line. There are
> models with SFP slot available, even the small models are supposed to be
> able to support GE throughput and are < 100 EUR. They are MIPS Cavium
> boards with a custom kernel, but you can get a rootshell and there is a
> Debian (I think Wheezy at the moment) userland on it. I don't think you
> can get the hardware to be fully-free running a vanilla Debian, so YMMV.

+1 for PCenigines APU boards. Used the predecessors (Alix) for years, now using 
APU's where higher speeds are required, all running Debian out of the box. 
These never missed a beat. They also have a SATA port if you'd like to use it 
as a NAS as well.

SSD is great if you can afford them. They also work with cheaper SD cards.

regards,
Jan

Re: Disabling transmission of beacon frames

[Jan Bakuwel]

Hi Henrique,

On 23/10/16 02:40, Henrique de Moraes Holschuh wrote:
> On Sat, 22 Oct 2016, Jan Bakuwel wrote:
>> Does anyone know if it's possible to disable passive mode on an AP? It
>> is possible to set the SSID to hidden but this does not stop the
>> broadcasts, it just broadcasts frames with a null SSID. Stopping the
>> broadcasts altogether (and as a consequence the client must use active
>> mode, ie. needs to send probes) will result in no EMR when wifi is not
>> in use, in other words AP will only listen not transmit in that case,
>> yet wifi is available when needed.
> The AP would have to switch to standard beaconning while *any* station
> is associated, otherwise it could have nefarious effects on network
> performance.

Just out of curiosity why is that? I thought beacons were only used
while AP and client get associated?
If wifi is in use, we can accept EMR including beacons. Just not when
it's not (for example during the night).

> Also, beacon-less infrasctructure mode CANNOT work on a number of bands
> where the stations are forced to operate in passive mode (i.e. they
> cannot issue a probe request to a channel where they did not receive an
> AP beacon).  It is also likely forbidden in any channels where DSS
> (weather radar detection) must be performed, as this is only performed
> by APs.
>
> So, in theory this would work provided the adapter firmware allows for
> it in the first place, and it is restricted to channels where clients
> are allowed to actively probe for APs -- which is information readly
> available on the regdb (regulatory database).  However, I see no way to
> control this in /sbin/iw for infrastructure mode (but I find iw terribly
> confusing, so I might have failed to notice it).

I'll need to study that a bit more. My question only concerns the 2.4GHz
band ... as far as i know DFS only applies to the 5GHZ band, correct?

> Please ask in the linux-wireless mailinglist at vger.kernel.org.

Thanks for the suggestion, I'll do that.

Jan

Disabling transmission of beacon frames

[Jan Bakuwel]

Hi all,

As far as I'm aware, IEEE802.11 defines the two modes a wifi AP and
client can establish communication, passive (AP broadcasts SSID, clients
connects to SSID) and active (AP doesn't broadcast SSID, client
broadcasts SSID probe and AP then sends a probe response).

Does anyone know if it's possible to disable passive mode on an AP? It
is possible to set the SSID to hidden but this does not stop the
broadcasts, it just broadcasts frames with a null SSID. Stopping the
broadcasts altogether (and as a consequence the client must use active
mode, ie. needs to send probes) will result in no EMR when wifi is not
in use, in other words AP will only listen not transmit in that case,
yet wifi is available when needed.

Jan

Jessie - PHP 5.6 update?

[Jan Ingvoldstad]

Hi,

I was wondering if the security updates in 5.6.25 and 5.6.26 might make it
into Jessie soon, does anyone know why there is a delay?

It's of course possible to use dotdeb's packages, but I prefer the official
update path.

-- 
Jan

Insight?

[jan]

För ett par år sedan försökte jag kompilera Insight med ganska
deprimerande resultat. Det var något om att syntaxen hade ändrats och
att jag alltså skulle vara tvungen att verkligen sätta mig in i hur man
bygger Insight. Lat som jag är duckade jag.

Nu har jag uslats med diverse Eclipse (förmörkelse) och det känns inte
speciellt bra. Många timmar...

Någon som har något tips om ett trevligt GUI för GDB? Historiskt har
jag kört Insight och Emacs (GUD). Och med viss vånda en del Eclipse.

Kanske borde tillägga att det handlar om arm-none-eabi-xxx.

Med hopp om vägledning från debianvännerna.

/Janne

Re: een enkel package uit unstable of non-free

[Jan Claeys]

On zo, 2016-07-17 at 18:14 +0200, Geert Stappers wrote:
> Het is me te vaak gebeuren dat ik een enkel package
> uit non-free of unstable nodig had.
> 
> Voor firmware uit non-free paste ik apt-sources aan, "apt-get update"
> installeerde het ene package met de WIFI driver
> en dan de apt-sources wijzigingen weer ongedaan maken.
> 
> Voor nieuwe versie van een package ging ik met een webbrowser naar
> bijvoorbeeld http://ftp.nl.debian.org/debian/pool/main/a/ansible/
> zocht met de hand de gewenste versie, "copy" URL op "clipboard"
> en dan in een ander scherm `wget` "paste" URL van "clipbord".
> Daar nog een dpkg install achter aan.

Wat met https://packages.debian.org/debget ?


-- 
Jan Claeys

Re: Blocked en tainted, het tainted deel.

[Jan Claeys]

On za, 2016-07-23 at 19:51 +0200, Paul van der Vlis wrote:
> Op 22-07-16 om 21:05 schreef Geert Stappers:
> > 
> > On Fri, Jul 22, 2016 at 08:24:40PM +0200, Paul van der Vlis wrote:
> > > Jul 20 11:04:12 laptopp kernel: [1871785.825808] INFO: task 
> > > jbd2/dm-1-8:212 blocked for more than 120 seconds.
> > > Jul 20 11:04:12 laptopp kernel: [1871785.825815]   Tainted: G W 
> > > 3.16.0-4-amd64 #1

Om de één of andere reden kan die kernel-taak zijn werk niet afmaken
binnen een "normale" tijd.

Omdat dit een SSD is, mogelijk een garbage collection cycle waar die op
moet wachten, tot er weer vrije sectoren beschikbaar zijn?  Is die SSD
erg vol?


> >   1: 'G' if all modules loaded have a GPL or compatible license, 'P' if
> >  any proprietary module has been loaded.
> > 
> >  10: 'W' if a warning has previously been issued by the kernel.
> >  (Though some warnings may set more specific taint flags.)
> > 

> Ik gebruik welliswaar closed source firmware, maar nooit closed
> source drivers. En mijn hardware heeft ook geen onderdelen die dat
> nodig hebben. Ik begrijp het dus nog niet.

Die W betekent dat dit niet de eerste waarschuwing/foutmelding was,
zodat een kernel-developer die dit onderzoekt weet dat het mogelijk is
dat dat eerdere probleem de eigenlijke oorzaak is.


-- 
Jan Claeys

Re: RFID-läsare dyker upp som tangentbord.

[jan]

On Tue, 05 Jul 2016 16:13:23 +0200
Sven Arvidsson  wrote:

> On Tue, 2016-07-05 at 15:34 +0200, j...@lillahusetiskogen.se wrote:
> > Det kom en RFID-läsare med posten idag. Fungerar fint.
> > 
> > Problemet är att den dyker upp som ett USB-tangentbord och att alla
> > "taggarna" dyker upp i det fönster som har fokus.
> > 
> > Hur gör man för att förhindra detta? Jag har sökt på nätet men inte
> > hittat något som gör det uppenbart för mig.
> 
> Du får nog göra nåt i den här stilen:
> http://unix.stackexchange.com/questions/77756/can-i-stop-linux-from-listening-to-a-usb-input-device-as-a-keyboard-but-still-c
> 

Tack Sven, det verkar lovande. Men det kommer nog att kosta en del
tandagnisslan.

/Janne

RFID-läsare dyker upp som tangentbord.

[jan]

Det kom en RFID-läsare med posten idag. Fungerar fint.

Problemet är att den dyker upp som ett USB-tangentbord och att alla
"taggarna" dyker upp i det fönster som har fokus.

Hur gör man för att förhindra detta? Jag har sökt på nätet men inte
hittat något som gör det uppenbart för mig.

/Janne

Re: jessie won't install/boot on a Dell Poweredge R815

[Jan Bakuwel]

Hi Jeffrey,

On 20/06/16 06:49, Jeffrey Mark Siskind wrote:
> I am attempting to install jessie on a Dell Poweredge R815. It has been
> running wheezy reliably for years. And running squeeze reliably for years
> before that. But no matter what I try it won't install or boot.
>
> I have tried two ways.
>
>  1. I attempt a fresh install from a USB dongle. It gets all the way to
> installing grub and then fails.
>
>  2. I do a fresh install of wheezy from a USB dongle. It boots wheezy just 
> fine.
> I do nothing but
>
>   nano /etc/apt/sources.list
>   (change all instances of wheezy to jessie, save, and exit)
>   apt-get update
>   apt-get dist-upgrade
>   (It upgrades without error. I answer the default to all questions.)
>   /sbin/reboot
>
> Then it fails to reboot and goes into the initramfs. I have a picture of
> the screen if anybody wishes.
>
> I can reliably install and run wheezy over and over. I have not been able to
> install or boot jessie despite numerous attempts.
>
> Any suggestions?
>
> Jeff (http://engineering.purdue.edu/~qobi)


Two things come to mind, one being potential lack of disc space. I think
Jessie needs more than Wheezy if you selected the "standard utilities"
or whatever it's called (bottom line) when you're asked what to install.
I use a "rescue/boot manager" partition for many of my systems, which
only function is to chainload one of a few other operating systems. That
way I don't have to throw away my old boots before I try the new.
Installing Jessie on that 1G partition is only possible if the only
thing I select during install is the SSH server.

The other thing you may want to have a look at is the output on tty4
(Alt F4), perhaps that reveals why grub is not able to finish.

cheers,
Jan

Re: installera utan internet

[jan]

On Wed, 8 Jun 2016 15:37:14 +0200
Kristoffer Gustafsson  wrote:

> Hej.
> Vill installera utan internet.
> detta på grund av att min dator(msi gt72s) inte har ett nätverk som
> stöds av linux utan konfiguration.
> Men har problem o starta. får igång en enda liten nätinstallation, o
> det är en version för testing, med tilllägg för firmware.
> laddade ner en mindre cd från testing, men det går inte alls o starta
> den. windows bara ignorerar den.
> bränner jag en dvd o väljer installera där så låser sig datorn.
> Nån som har en lösning?
> det enda jag får igång är alltså den där lilla nätinstallationen från
> testing. /Kristoffer
> 

Något speciellt skäl att du vill använda testing?

Jag brukar använda stable och boota från CD/USB och allt bara rullar
på. Vad har windows med det hela att göra?

/Janne

Debian installer (netboot)

[Jan Bakuwel]

Hi,

Does anyone know via which mailing list I can reach the makers of the
Xen netboot images?

thanks,
Jan

Re: make ping executable by normal users?

[Jan Bakuwel]

Hi Britton,

On 03/06/16 09:56, Britton Kerin wrote:
> On my old debian system I could ping as a normal user.  The ping
> binary had the suid bit set.  Now I get:
>
> $ ping www.google.com
> ping: icmp open socket: Operation not permitted
> 2 $
>
> presumably because the bit isn't set.
>
> What's the right fix?  I could setuid it but then if I understand
> correctly it might get changed back by an upgrade.  Does it use
> capabilites or something?

This is not you not being able to execute ping but ping not being able
to ping.

Check your firewall rules.

cheers,
Jan

Verification of (xen) netboot images

[Jan Bakuwel]

Hi all,

I'd like to use netboot images to install Debian VMs on a (Debian) Xen host.

The copies on

http://ftp.nl.debian.org/debian/dists/jessie/main/installer-amd64/current/images/netboot/xen/

differ from those on

http://ftp.nz.debian.org/debian/dists/jessie/main/installer-amd64/current/images/netboot/xen/

and I've not been able to find a way to verify these images. No signed
checksum files for example such as those available for ISO images.

Why would these two mirrors not have the same files?

How can I verify these images before using them?

I am mistaken to think these netboot images are part of the official
debian installer?

kind regards,
Jan

Keyboard frozen after changing screen brightness

[Jan Niggemann]

Hi all,

since upgrading Wheezy -> Jessie, I have areproducible issue. I'll try
my best to describe my setup, should anything be missing please ask for
clarification.

Environment
Lenovo T400
Jessie (i686)
GNOME 3.14.1

I boot normally and log in. When pressing Fn+Home to increase brightness
or Fn+End to decrease brightness, I observe a very sluggish behaviour of
the on screen brightness display (i.e. the "indicator icon" with the bar
beneath, not the brightness itself which changes instantly): It takes
almost one second before the icon comes up and the change in brightness
is reflected on the osd.
Secondly, when repeating keypresses to change to brightness, the
indicator kind of "locks up", flickers (not the whole monitor, only the
brightness indicator) and then the following message comes up:
"Could not grab your keyboard. A malicious client may be evesdropping on
your session or [...]".

After this, my keyboard is "gone" in X, i.e. no single keypress has any
effect in any X application. The mouse functions normally, as do
applications. Changing to a virtual console via Ctrl-Alt-F1 works, and
the keyboard is functioning normally there.

Nothing strange in Xorg.0.log or Xorg.0.log.old.
I think brightness is managed through standard ACPI control:
thinkpad_acpi: detected a 16-level brightness capable ThinkPad
thinkpad_acpi: This ThinkPad has standard ACPI backlight brightness
control, supported by the ACPI video driver
thinkpad_acpi: Disabling thinkpad-acpi brightness events by default...
thinkpad_acpi: Standard ACPI backlight interface available, not loading
native one

Any ideas why the indicator may show this sluggish behaviour (which I
expect to be the reason for the keyboard malfunction)?

jan

-- 
gpg --keyserver pgp.mit.edu --recv-keys 0x514FCA9C
F013 93C0 306C 1E31 4E00  09FA 21EC A2F6 514F CA9C

blu ray pseudo-overwrite

[Jan Gregor]

Hello,
  I found that two files on formatted bd-r media cannot be read. Since few
hundred megabytes are left on medium and spare area is also not full, is it
possible to correct the files via pseudo-overwrite or new session ?  First
method seems to me more natural, same is used when data written to
formatted cannot be read and should be written to spare area. So far I
found only -M option for growisofs that should add data to existing session.


Thanks,
Jan

Re: blu ray burning with samsung se506cb in debian jessie

[Jan Gregor]

Hello,

  I tried to burn data to rest of  the blu ray disc, that failed and use
speed=2.
At first it failed with original 25GB image, it was solved by excluding
some files and burn only 24GB.

Executing 'builtin_dd if=mybluray-disc.udf of=/dev/sr0 obs=32k seek=0'

:-( /dev/sr0: 12088320 blocks are free, 12207031 to be written!

 Output with speed=2 was at first same as in my original try with specified
speed, zero data written, zero speed unknown remaining time
 ... but after some seconds the burner started to write the image. Until
8GB the speed varied between 1.0 and 1.5x, between 8GB and 24GB
it significantly dropped so average speed was 0.2x. Next try with new media
and maybe different speed is needed to deduce some conclusion.

Executing 'builtin_dd if=mybluray-disc2.udf of=/dev/sr0 obs=32k seek=0'
/dev/sr0: "Current Write Speed" is 2.0x4390KBps.
  0/240 ( 0.0%) @0x, remaining ??:?? RBU 100.0% UBU   0.0%
  0/240 ( 0.0%) @0x, remaining ??:?? RBU 100.0% UBU   0.0%
  0/240 ( 0.0%) @0x, remaining ??:?? RBU 100.0% UBU   0.0%
  0/240 ( 0.0%) @0x, remaining ??:?? RBU 100.0% UBU   0.0%
  0/240 ( 0.0%) @0x, remaining ??:?? RBU 100.0% UBU   0.0%
  0/240 ( 0.0%) @0x, remaining ??:?? RBU 100.0% UBU   0.0%
  0/240 ( 0.0%) @0x, remaining ??:?? RBU 100.0% UBU   0.0%
  0/240 ( 0.0%) @0x, remaining ??:?? RBU 100.0% UBU   0.0%
  0/240 ( 0.0%) @0x, remaining ??:?? RBU 100.0% UBU   0.0%
  0/240 ( 0.0%) @0x, remaining ??:?? RBU 100.0% UBU   0.0%
  0/240 ( 0.0%) @0x, remaining ??:?? RBU 100.0% UBU   0.0%
  0/240 ( 0.0%) @0x, remaining ??:?? RBU 100.0% UBU   0.0%
1769472/240 ( 0.0%) @0.1x, remaining 10397:48 RBU 100.0% UBU  17.2%
1769472/240 ( 0.0%) @0.0x, remaining 11301:58 RBU 100.0% UBU 100.0%
1769472/240 ( 0.0%) @0.0x, remaining 11980:05 RBU 100.0% UBU 100.0%
2031616/240 ( 0.0%) @0.0x, remaining 11024:46 RBU 100.0% UBU 100.0%
2031616/240 ( 0.0%) @0.0x, remaining 11812:15 RBU 100.0% UBU 100.0%
2097152/240 ( 0.0%) @0.0x, remaining 12015:14 RBU 100.0% UBU 100.0%
   14286848/240 ( 0.1%) @0.8x, remaining 1846:45 RBU 100.0% UBU  35.9%
   30539776/240 ( 0.1%) @1.1x, remaining 915:40 RBU 100.0% UBU  42.2%
   46792704/240 ( 0.2%) @1.1x, remaining 622:48 RBU 100.0% UBU  51.6%

Re: blu ray burning with samsung se506cb in debian jessie

[Jan Gregor]

Did you experienced same also on other OS or you can write reliably at
higher speed outside linux ?

Thanks,
Jan

On Tue, Mar 15, 2016 at 8:31 AM Dominique Dumont <d...@debian.org> wrote:

> On Tuesday 15 March 2016 06:56:11 Jan Gregor wrote:
> > For burning I used growisofs with -Z /dev/sr0=image argument only. Can
> you
> > recommend arguments to growisofs or some configuration to the drive to
> > minimize number of wasted bd-r media ?
>
> try with -speed=1
>
> This option is the only way for me to burn reliably with my old BR drive
> (~ 5
> years)
>
> HTH
>
> --
>  https://github.com/dod38fr/   -o- http://search.cpan.org/~ddumont/
> http://ddumont.wordpress.com/  -o-   irc: dod at irc.debian.org
>
>

Re: blu ray burning with samsung se506cb in debian jessie

[Jan Gregor]

On Tue, Mar 15, 2016 at 8:25 AM Thomas Schmitt <scdbac...@gmx.net> wrote:

> Hi,
>
> Jan Gregor wrote:
> > does anybody uses this burner in debian jessie ?
>
> I don't have this burner, but i am interested in such problems in general.
>
>
> > So far I was succesful with burning to bd-re medium
>
> This means its blue laser lens is not blind.
>
> > failed with bd-r medium with i/o error after start of burning
>
> Did it show three hex numbers in "SK=.../ASC=.../ACQ=..." ?
> If so, please share these numbers. They are the SCSI error code
> received from the burner.
>

I think no, but I will check it and in future I'll care of it.
After message about formatting of the media I saw about 10 lines of write
buffer with very high estimate followed by error message
WRITE@LBA Input/output error


> > the drive should have buffer underrun protection.
>
> Buffer underrun is not an issue with BD-R. Only with CD-R[W] and DVD-R[W].
>

Well, I'm not sure. In my case is default write speed is 6x and my burner
uses USB2 port. I found some posts about recommended speed.


> > Can you recommend arguments to growisofs or some configuration to the
> > drive to minimize number of wasted bd-r media ?
>
> You may reduce speed by option.
>   -speed=1
>

I'll definitely check it.


>
> But depending on the SCSI error code your problem might have other
> reasons.
>
>
> Have a nice day :)
>
> Thomas
>
>

blu ray burning with samsung se506cb in debian jessie

[Jan Gregor]

Hello,

  does anybody uses this burner in debian jessie ?  So far I was succesful
with burning to bd-re medium and failed with bd-r medium with i/o error
after start of burning - probably caused by default 6x speed compared to 1x
speed of bd-re but the drive should have buffer underrun protection.

For burning I used growisofs with -Z /dev/sr0=image argument only. Can you
recommend arguments to growisofs or some configuration to the drive to
minimize number of wasted bd-r media ?

Thanks,
Jan

(OT?) Någon som känner till någon "smartphone" med Debian eller åtminstone Linux?

[jan]

Min halvsmarta telefon dog drunkningsdöden i veckan så jag behöver en
ny telefon och skulle gärna se att det var Debian i den. Det får gärna
kosta.

/Janne

Re: sshuttle & 192.0.2.0

[Jan Claeys]

Richard Lucassen schreef op wo 17-02-2016 om 08:10 [+0100]:
> Verschil is dat ik met m'n 192.0.2.0/24 geen slachtoffers maak. Ik 
> zit er zelfs niemand mee in de weg.

Er is een kans dat bepaalde toestellen/software/routers/firewalls dat
(eventueel na een upgrade) automatisch blokkeren natuurlijk:

> Network operators should add these address blocks to the list of non
> -routable address space, and if packet filters are deployed, then
> these address blocks should be added to packet filters.  These blocks
> are not for local use, and the filters may be used in both local and
> public contexts.



-- 
Jan Claeys