unsubscribe. > On 08/25/2020 8:12 PM debian-user-digest-requ...@lists.debian.org wrote: > > > debian-user-digest Digest Volume 2020 : Issue 849 > > Today's Topics: > Re: stretch vs iptables auto-start [ Andrew Cater <amaca...@gmail.com> ] > Re: stretch vs iptables auto-start [ Gene Heskett <ghesk...@shentel.net> > ] > Re: Homebuilt NAS: System Drive File [ David Christensen <dpchrist@holgerd > ] > Re: Continuing problem with malfunct [ David Christensen <dpchrist@holgerd > ] > Re: Cannot see a process listening o [ Victor Sudakov <v...@sibptus.ru> ] > Re: Homebuilt NAS: System Drive File [ Andrei POPESCU <andreimpopescu@gmai > ] > Re: Cannot see a process listening o [ Anssi Saari <a...@sci.fi> ] > Re: Homebuilt NAS: System Drive File [ Patrick Bartek <nemomm...@gmail.com > ] > Signal [Was:] Re: Encrypt files on L [ Celejar <cele...@gmail.com> ] > Re: Cannot see a process listening o [ Victor Sudakov <v...@sibptus.ru> ] > Start here perhaps? https://wiki.debian.org/nftables > > It should be relatively straightforward to move backward and forwards. > Working as a systemd service means that it will start automatically if you're > using systemd. > > [When in doubt, check the Debian wiki for a topic - if that's no good, have a > quick look at the Arch Linux wiki - as folk who build from source, they're > good at documenting how things work. > > All best, as ever, > > Andy C. > > On Mon, Aug 24, 2020 at 8:15 PM deloptes <delop...@gmail.com> wrote: > > Gene Heskett wrote: > > > > > At the present time I have around 80 rules, all designed to deny the > > > network spiders and bots that think they have to mirror my several > > > giga-byte site, 2 or 3 times a day. And that was eating up my bandwidth > > > allocation on a slow net connection. > > > > > > Is there a tut someplace to guide one in converting from iptables to > > this > > > newer nftables? I'm assumeing its a similar utility. > > > > Sure, but I have not looked into ... I only read there will be a couple of > > years transition period and somehow a compatibility layer is or can be > > used. > > > > Perhaps someone more in this can gives us a detail or a hint to a good > > tutorial > > > On Monday 24 August 2020 17:03:13 Andrew Cater wrote: > > > Start here perhaps? https://wiki.debian.org/nftables > > > > It should be relatively straightforward to move backward and forwards. > > Working as a systemd service means that it will start automatically if > > you're using systemd. > > > > [When in doubt, check the Debian wiki for a topic - if that's no good, > > have a quick look at the Arch Linux wiki - as folk who build from > > source, they're good at documenting how things work. > > > > All best, as ever, > > > > Andy C. > > As always. good advice, thanks Andy. > > > On Mon, Aug 24, 2020 at 8:15 PM deloptes <delop...@gmail.com> wrote: > > > Gene Heskett wrote: > > > > At the present time I have around 80 rules, all designed to deny > > > > the network spiders and bots that think they have to mirror my > > > > several giga-byte site, 2 or 3 times a day. And that was eating > > > > up my bandwidth allocation on a slow net connection. > > > > > > > > Is there a tut someplace to guide one in converting from iptables > > > > to this newer nftables? I'm assumeing its a similar utility. > > > > > > Sure, but I have not looked into ... I only read there will be a > > > couple of years transition period and somehow a compatibility layer > > > is or can be used. > > > > > > Perhaps someone more in this can gives us a detail or a hint to a > > > good tutorial > > > Cheers, Gene Heskett > -- > "There are four boxes to be used in defense of liberty: > soap, ballot, jury, and ammo. Please use in that order." > -Ed Howdershelt (Author) > If we desire respect for the law, we must first make the law respectable. > - Louis D. Brandeis > Genes Web page <http://geneslinuxbox.net:6309/gene> > On 2020-08-24 02:40, Jonathan Dowland wrote: > > On Fri, Aug 21, 2020 at 09:02:05PM -0700, Patrick Bartek wrote: > >> Opinions? Suggestions? Recommendations? > > > But I'd also avoid trying to run / on a flash drive. I just use a > > logical volume on my NAS storage for the OS. I can't see a reason not > > to. > > I find it is easier to administer computers when the operating system is > on one device/RAID and the data is on another device/RAID (or several, > one for each subgroup of data) -- e.g. "separation of concerns". > > > David > On 2020-08-24 10:49, Mick Ab wrote: > > I am still struggling to solve the problem with the malfunctioning USB 3 > > port on a desktop running Debian. > > > > I would be very grateful if someone could please give useful answers to the > > following questions :- > > > > (1) Can the desktop be safely rebooted, if needed, given the USB 3 problem? > > If your desktop cannot be safely rebooted, the USB ports are the least > of your worries. > > > > (2) Can the USB 3 problem be fixed in some way or is the port now > > permanently unavailable? > > That depends upon your hardware, your operating system, your software, > and/or your definition of "fixed". > > > > (3) If the USB 3 port is unavailable, can the new portable hard drive be > > used to do a back-up of the system from the USB 2 port currently occupied > > by a card reader or is there any risk the card reader will be messed up > > again afterwards ? > > > > (On a previous occasion, a portable hard drive was plugged into this > > USB 2 port in place of the card reader. The system issued a message > > indicating the port was busy. The card reader was plugged back into the USB > > 2 port and it was then found that a card inserted into the card reader > > could not be mounted). > > Power down the computer. Disconnect everything except the keyboard, > mouse, monitor, and network cable. Boot the computer. > > > Connect one device at a time and test it thoroughly. Repeat for all > devices. > > > Post if you have problems. Please run the following commands and post > the console session -- prompt, command entered, output obtained: > > # cat /etc/debian_version ; uname -a > > # lsusb > > # dmesg | grep usb > > > David > Andy Smith wrote: > > > > On Thu, Aug 20, 2020 at 12:09:03PM +0700, Victor Sudakov wrote: > > > There is a process listening on 127.0.0.1:8081 but for some reason > > > netstat/sockstat/ss do not show it listening on IPv4. Is this a bug or a > > > feature? > > > > I think it's listening on an IPv4-mapped IPv6 address so it can > > accept either v4 or v6. Does this answer your question? > > > > > > https://unix.stackexchange.com/questions/152612/netstat-why-are-ipv4-daemons-listening-to-ports-listed-only-in-a-inet6 > > > > Daemons that want to receive connections will do the equivalent of: > > > > bind(address, port) > > > > The address will determine the interface and whether it is v4 or v6 > > or whatever. If they instead do: > > > > bind(INADDR_ANY, port) > > > > then this will bind to every interface whether it's v4 or v6 and the > > daemon will get udp6 or tcp6 sockets that can from fromn/to a v4 address. > > Thank you, Andy, that explains it. > > It's different in *BSD which got me confused. In *BSD, even if you bind > to INADDR_ANY, you'll see something like this in sockstat output: > > root dovecot 39601 21 tcp4 *:110 *:* > root dovecot 39601 22 tcp6 *:110 *:* > root dovecot 39601 23 tcp4 *:995 *:* > root dovecot 39601 24 tcp6 *:995 *:* > > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > 2:5005/49@fidonet http://vas.tomsk.ru/ > On Lu, 24 aug 20, 09:26:57, Patrick Bartek wrote: > > > > Since F2FS is not supported directly for an install, one would have to > > convert to it after or configure the flash drive with another computer > > before the install. I don't know if it is worth the time to do so. > > EXT4 without journaling would be easier. > > The journal is written to only if the filesystem is written to as well. > > Without having any other data than my own, admittedly limited, > experience[1] it doesn't seem worth disabling the journal, it is only > written when the filesystem is written to as well anyway. > > [1] all my current systems are running from SD cards, with the only > optimisation being to not configure any swap. > > Kind regards, > Andrei > -- > http://wiki.debian.org/FAQsFromDebianUser > Victor Sudakov <v...@sibptus.ru> writes: > > > It's different in *BSD which got me confused. In *BSD, even if you bind > > to INADDR_ANY, you'll see something like this in sockstat output: > > > > root dovecot 39601 21 tcp4 *:110 *:* > > root dovecot 39601 22 tcp6 *:110 *:* > > root dovecot 39601 23 tcp4 *:995 *:* > > root dovecot 39601 24 tcp6 *:995 *:* > > Well, what about using ss instead of netstat on Linux? I don't seem to > have any daemon running that would show different with netstat or ss so > can't check. > On Tue, 25 Aug 2020 09:37:20 +0300 > Andrei POPESCU <andreimpope...@gmail.com> wrote: > > > On Lu, 24 aug 20, 09:26:57, Patrick Bartek wrote: > > > > > > Since F2FS is not supported directly for an install, one would have to > > > convert to it after or configure the flash drive with another computer > > > before the install. I don't know if it is worth the time to do so. > > > EXT4 without journaling would be easier. > > > > The journal is written to only if the filesystem is written to as well. > > Yes, and every time a log is written to, too. On my main system, > normal usage, journaling on, I'm getting hard drive activity about 2 to > 3 times a minute 24/7/365. And currently, I have firewall logging off > which was writing to log every 2 seconds or so. The two Roku devices I > have, for some reason, were trying to access this computer, but no > others. Don't know why. > > Some have suggested to remount / read-only, but since my plan is not to > have a separate /home partition, that would cause problems. Probably > will cause problems even if I do. > > However, the NAS software I plan to use (OpenMediaVault) has a > specific plugin if you're using solid state devices for the system > and/or DATA drives. Don't know exactly what it does, or whether it's a > binary or an executable script. Guess I'll have to wait until I get to > the point of installing it to see what it does. No details are given > in OMV's docs. > > > Without having any other data than my own, admittedly limited, > > experience[1] it doesn't seem worth disabling the journal, it is only > > written when the filesystem is written to as well anyway. > > At least the flash drive I'm using has wear leveling. And I'm going to > leave about 15% of it unpartitioned to be safe. Plus, clone it, so if > it goes down, I just plug in the clone and I'm up and running. > > > [1] all my current systems are running from SD cards, with the only > > optimisation being to not configure any swap. > > Thanks for your input. > > B > On Sun, 23 Aug 2020 14:03:21 +0300 > Andrei POPESCU <andreimpope...@gmail.com> wrote: > > > On Vi, 21 aug 20, 13:07:56, Charles Curley wrote: > > > On Fri, 21 Aug 2020 13:31:00 -0500 > > > Paul Johnson <ba...@ursamundi.org> wrote: > > > > > > > GnuPG. It's in Debian, there's Windows versions on its website, and > > > > it's not some mystery box like Signal. > > > > > > ++ > > > > > > It also has the advantage that the cryptext will stay encrypted on any > > > intermediate servers. WhatsApp and Signal claim their traffic is, but > > > one must take their word for it. > > > > Signal is free and open source software. > > > > Please do feel free to inspect the source code for potential back doors > > or vulnerabilities. > > I do use Signal on mobile, and I want to like it, but there are a few > things about it that just really bother me (these may not be relevant > to the OPs situation): > > 1) The requirement of associating accounts with (real, working) phone > numbers. > > 2) The (current) refusal [1] to provide an option to export messages > into a format easily accessible by the user. (I know, I can read and > try to understand Signal's code, and then write my own decryptor - > thanks, Signal). > > 3) The strong encouragement of the use of Google's Play Store to install > the mobile app, and the strong discouragement of other, FLOSS > compatible, methods of installation. [2] > > Discussion of these and many other issues with Signal: [3] > > I'm just a user, and not a very advanced one at that, but I can't get > away from the feeling that Signal is somewhat user-hostile, with an > attitude of "Trust us - Moxie is a legend, our code is great (and > FLOSS), and we really care." All true, to be sure, but still. > > [1] https://github.com/signalapp/Signal-Android/issues/7586 > [2] https://signal.org/android/apk/ > [3] https://github.com/privacytools/privacytools.io/issues/779 > > Celejar > Anssi Saari wrote: > > Victor Sudakov <v...@sibptus.ru> writes: > > > > > It's different in *BSD which got me confused. In *BSD, even if you bind > > > to INADDR_ANY, you'll see something like this in sockstat output: > > > > > > root dovecot 39601 21 tcp4 *:110 *:* > > > root dovecot 39601 22 tcp6 *:110 *:* > > > root dovecot 39601 23 tcp4 *:995 *:* > > > root dovecot 39601 24 tcp6 *:995 *:* > > > > Well, what about using ss instead of netstat on Linux? I don't seem to > > have any daemon running that would show different with netstat or ss so > > can't check. > > Basically the same: > > root@test4:~# netstat -lpn | grep 8081 > tcp6 0 0 :::8081 :::* LISTEN > 10872/node /home/ad > root@test4:~# ss -ln | grep 8081 > tcp LISTEN 0 128 :::8081 :::* > root@test4:~# > > > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > 2:5005/49@fidonet http://vas.tomsk.ru/