Re: no rsync in the German installation? (Kommando nicht gefunden.)

[Gene Heskett]

On Thursday 30 January 2020 10:10:41 Linux-Fan wrote:
[...]
> I am still genuinely curious about the answers to the questions above
> especially wrt. being hacked, the exact restoration conditions and the
> reason for being offline to restore data?
>
> YMMV
> Linux-Fan

20 + years ago I first heard of dd-wrt, and I ran it on an old machine 
for several years as an isolator between my local network in the 
192.168.xx.xx range for several years. But the old box died, and I 
looked for a router that could be reflashed, finding at the time a 
buffalo netfinity which could be reset, actually came with it but they 
covered a piece of the menu with their blurb so I had to reflash it 
right away with the real thing. Then, because that was so inconvenient, 
I found a netgear I could reflash, but I had to clone the buffalo's mac 
into it to get my ipv4 address back.  So I now have 2 routers available 
in case one gets bumped by whatever.  I used to watch its logs to see 
the attackers that never get past it, but they never have.

So I eventually got rid of verizon's 70 yo copper in favor of a slow 
connection from the local cable folks about 7 years back which meant I 
had to register a new net address, but I've now renewed that fixed 
address for another 5 years.  In all that time I've had the web page you 
can access at the link in my sig and only one person, a friend of mine 
and a linux net guru now working as the linux guy at a 3 letter guv 
agency that I had to give credentials to, has come thru it.

I'd say that's pretty darned good security, yet I can go anyplace on the 
net I want to from here or one of the other 4 or 5 machines on my local 
net except for several dozen iptables rules of the xx.xx.xx.xx/24 
variety because they are web spiders that don't play by the robots.txt 
rules, instead of indexing my pages, they insist on mirroring it, 
burning up what little upload bandwidth I have.  Because at the moment I 
am supplying an armhf build of LinuxCNC and the preempt-rt kernel that 
runs on a raspberry-pi4b to run cnc machinery with.  And its doing it as 
well as 3 other LCNC installs on x86 machines can.

Lesson? junk your router and get one that can be reflashed, dd-wrt has 
some competition. Router reflash files are downloadable for free from 
the dd-wrt site. And sleep well with your stuff up 24/7/365.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: no rsync in the German installation? (Kommando nicht gefunden.)

[David Wright]

On Thu 30 Jan 2020 at 13:12:10 (+0100), Albretch Mueller wrote:
> On 1/30/20, Stephan Seitz  wrote:
> > On Do, Jan 30, 2020 at 12:14:19 +0100, Albretch Mueller wrote:
> >> Hmm! I thought and would expect for rsync to be installed by default!
> >
> > No, rsync is Priority: optional.
> 
>  The first line of the DESCRIPTION of the rsync package goes: "rsync
> is a fast and extraordinarily versatile file copying tool . . ."

AIUI the reason rsync is fast is because it takes short-cuts, only
transferring what's different rather than the entire tree of files.

> […]

>  Way more often and "structured" than I could possibly attribute to
> normal, random issues (well, I have more than enough reasons to
> believe that it cannot possibly be "random" at all ;-)), I notice my
> computer being hacked. What I do is:
> 
>  1) save all my data

That might be too late if the hacker has already corrupted it.

>  2) reinstall the baseline
>  3) transfer all my data back to the new installation
> 
>  for §3 you would need rsync and, of course, you must do §1, §2 et §3
> off line.

If you're copying *all* your data to a blanked installation, then you
might as well use, say, cp -a. Your speed is being controlled by the
devices and their connection which rsync cannot accelerate.

> Then, I:
> 
>  4) baseline all my data (getting a snapshot of all files metadata and
> signatures of their content)
>  5)  connect to the Internet without javascript enabled from a
> (possibly random) public place
>  6) run a custom script to apt-get the rest
>  7) baseline all my data again

This is strange. We agree that you are paranoid, so why aren't you
running your system from an immutable device like an optical disk?
Debian and linux have worked hard to achieve a separation between
variable files (on /var) and everything else in the OS, let alone
the users' data.

>  You could always install the deb via dpkg, but rsync has quite a few
> dependencies:
> 
>  https://packages.debian.org/stretch/rsync
> 
>  The thing is that once you connect your computer to the Internet you
> are effectively relinquishing all functional illusions about "privacy"
> and all those silly, ambiguous and antiquated French words.
> 
>  In fact, it would be really nice to have as an added feature at the
> end of an Installation offline the option to transfer files from
> backpus once the installation is finished.

Isn't that why sysadmins write scripts? For example, the first script
I run after installation installs git and etckeeper, runs both, then
installs a list of *my* essential packages (with -y).

As for my own data, that's a separate issue, and on a separate
/home partition, so it's unaffected by upgrades or installations.

>  Just mentioning that one can go: "sudo apt" seems very easy but there
> is always more than meets "easiness"
> 
>  It would be extra nice if wireshark included by default, too. Then
> "paranoid" people like me would feel a bit more releaved. I think it
> is important to own your base, or at least manage it the best you can.

I can't see why you want to effectively force your defaults on other
people. Everyone's idea of what's necessary or essential differs,
and the Debian Priorities reflect that.

Cheers,
David.

Re: no rsync in the German installation? (Kommando nicht gefunden.)

[Linux-Fan]

Albretch Mueller writes:


On 1/30/20, Stephan Seitz  wrote:
> On Do, Jan 30, 2020 at 12:14:19 +0100, Albretch Mueller wrote:
>> Hmm! I thought and would expect for rsync to be installed by default!
>
> No, rsync is Priority: optional.

 The first line of the DESCRIPTION of the rsync package goes: "rsync
is a fast and extraordinarily versatile file copying tool . . ."

 https://manpages.debian.org/stretch/rsync/rsync.1.en.html

 and here is a use case that (in my view, but I am sure "I am not the
only one" as Lennon sang) would be enough to raise the priority of
rsync.

 Way more often and "structured" than I could possibly attribute to
normal, random issues (well, I have more than enough reasons to
believe that it cannot possibly be "random" at all ;-)), I notice my
computer being hacked. What I do is:


Please, if it happens so often, then either
(a) I am totally ignorant about it, because I have never noticed such a  
thing or
(b) you are doing something different. Would you mind on elaborating the  
setup that gets you "hacked" frequently? How do you detect being hacked?  
Have you thought about measures to prevent the hacking altogether rather  
than focusing on how to restore in a most streamlined fashion?



 1) save all my data
 2) reinstall the baseline
 3) transfer all my data back to the new installation

 for §3 you would need rsync and, of course, you must do §1, §2 et §3
off line. Then, I:


I do not get it: Why do I need rsync if I want to copy my data back,  
exactly? Is good old `cp` insufficient for the task? Have you considered  
using `tar` instead of rsync. I would think that transferring my data (which  
is ~400k files, YMMV) is much faster if I copy it back from fewer files i.e.  
archives than via rsync? And tar can act as a cp-replacement if you do not  
like cp, the basic idea is this:


tar -C SRC -c . | tar -C DEST -x

Why do you need to be offline for the data copying?
Why is a netinstall followed by a simple `apt-get install rsync` not an option?

It might also be interesting to consider the “backup side” of things:  
Independently of your backup solution (I have heard, borg does a good job  
btw.), you might consider storing a copy of your backup program with your  
data s.t. you can restore without installing anything from the Internet on  
a freshly installed Debian? I even go as far as storing a bootable (at least  
for legacy BIOS) live-system on my backup media s.t. I can restore the data  
in the most OS-indepdentent manner imaginabile (works offline, if needed).



 4) baseline all my data (getting a snapshot of all files metadata and
signatures of their content)
 5)  connect to the Internet without javascript enabled from a
(possibly random) public place
 6) run a custom script to apt-get the rest
 7) baseline all my data again


So you are saying that you are being hacked, then need to backup the  
full system from a “(possibly random) public place”? It sounds like a horror- 
scenario to me... would it make more sense to avoid this scenario altogehter  
or at least make it the most rare of exceptions?



 You could always install the deb via dpkg, but rsync has quite a few
dependencies:

 https://packages.debian.org/stretch/rsync


Less questions here, possible some constructive commentary:

* rsync is part of DVD 1 IIUC. Replace whatever you are using for installing
  with Debian DVD 1 and have `rsync` installable from DVD without worrying
  about network connectivity.

* In case that does not work for you, I suggest investigating preparing a
  statically compiled binary for rsync. Of course, this also has some
  security implications (updates might be missing).


 The thing is that once you connect your computer to the Internet you
are effectively relinquishing all functional illusions about "privacy"
and all those silly, ambiguous and antiquated French words.


I thought the point (at least: one of the points) of using a free  
distribution like Debian is that you can safely connect to the Internet  
without having to worry. Unless, of course, you are starting to “surf” non- 
free websites? But just connecting and using apt afterwards should be safe,  
shouldn't it?



 In fact, it would be really nice to have as an added feature at the
end of an Installation offline the option to transfer files from
backpus once the installation is finished.


The problem with this is certainly: There are too many backup systems  
available. How would the choice about which restoration programs be included  
be made? The other thing is, that from my experience (having done maybe  
20--30 Debian installations in the past years), the restoration of backups  
after installation is very rare (occurred only once, but planned in  
advance). The reason being: Most of my installs are to new (virtual) systems  
for which no data is to be restored. I would thus conclude that your use  
case is (unless there be more data) rather uncommon?



 Just mentioning that one can go: "sudo 

Re: no rsync in the German installation? (Kommando nicht gefunden.)

[Albretch Mueller]

>  I notice my computer being hacked

 JavaScript and browsers are the #1 vectors they use to hack, own your
computers and cell phones in automated ways

 lbrtchx

Re: no rsync in the German installation? (Kommando nicht gefunden.)

[Albretch Mueller]

On 1/30/20, Stephan Seitz  wrote:
> On Do, Jan 30, 2020 at 12:14:19 +0100, Albretch Mueller wrote:
>> Hmm! I thought and would expect for rsync to be installed by default!
>
> No, rsync is Priority: optional.

 The first line of the DESCRIPTION of the rsync package goes: "rsync
is a fast and extraordinarily versatile file copying tool . . ."

 https://manpages.debian.org/stretch/rsync/rsync.1.en.html

 and here is a use case that (in my view, but I am sure "I am not the
only one" as Lennon sang) would be enough to raise the priority of
rsync.

 Way more often and "structured" than I could possibly attribute to
normal, random issues (well, I have more than enough reasons to
believe that it cannot possibly be "random" at all ;-)), I notice my
computer being hacked. What I do is:

 1) save all my data
 2) reinstall the baseline
 3) transfer all my data back to the new installation

 for §3 you would need rsync and, of course, you must do §1, §2 et §3
off line. Then, I:

 4) baseline all my data (getting a snapshot of all files metadata and
signatures of their content)
 5)  connect to the Internet without javascript enabled from a
(possibly random) public place
 6) run a custom script to apt-get the rest
 7) baseline all my data again

 You could always install the deb via dpkg, but rsync has quite a few
dependencies:

 https://packages.debian.org/stretch/rsync

 The thing is that once you connect your computer to the Internet you
are effectively relinquishing all functional illusions about "privacy"
and all those silly, ambiguous and antiquated French words.

 In fact, it would be really nice to have as an added feature at the
end of an Installation offline the option to transfer files from
backpus once the installation is finished.

 Just mentioning that one can go: "sudo apt" seems very easy but there
is always more than meets "easiness"


 It would be extra nice if wireshark included by default, too. Then
"paranoid" people like me would feel a bit more releaved. I think it
is important to own your base, or at least manage it the best you can.

 lbrtchx

Re: no rsync in the German installation? (Kommando nicht gefunden.)

[Stephan Seitz]

On Do, Jan 30, 2020 at 12:14:19 +0100, Albretch Mueller wrote:

Hmm! I thought and would expect for rsync to be installed by default!


No, rsync is Priority: optional.

Stephan

--
|If your life was a horse, you'd have to shoot it.|

Re: no rsync in the German installation? (Kommando nicht gefunden.)

[Albretch Mueller]

 Hmm! I thought and would expect for rsync to be installed by default!

Re: no rsync in the German installation? (Kommando nicht gefunden.)

[tomas]

On Thu, Jan 30, 2020 at 11:43:57AM +0100, Albretch Mueller wrote:
> $ date
> Do 30. Jan 08:46:51 CET 2020
> 
> $ uname -a
> Linux lbrtchx 4.9.0-6-amd64 #1 SMP Debian 4.9.82-1+deb9u3 (2018-03-02)
> x86_64 GNU/Linux
> 
> $ which rsync
> $
> 
>  right after the installation when I tried to transfer files I got:
> 
> // __ bash: rsync: Kommando nicht gefunden.
> 
> $ date; time rsync --archive --verbose "${_SRC}"  "${_DST}"
> Do 30. Jan 08:19:22 CET 2020
> bash: rsync: Kommando nicht gefunden.
> 
> real0m0,002s
> user0m0,004s
> sys 0m0,000s
> $
> 
>  what is this about?

  sudo apt install rsync

(or perhaps I didn't understand your problem?)

Cheers
-- t


signature.asc
Description: Digital signature

no rsync in the German installation? (Kommando nicht gefunden.)

[Albretch Mueller]

$ date
Do 30. Jan 08:46:51 CET 2020

$ uname -a
Linux lbrtchx 4.9.0-6-amd64 #1 SMP Debian 4.9.82-1+deb9u3 (2018-03-02)
x86_64 GNU/Linux

$ which rsync
$

 right after the installation when I tried to transfer files I got:

// __ bash: rsync: Kommando nicht gefunden.

$ date; time rsync --archive --verbose "${_SRC}"  "${_DST}"
Do 30. Jan 08:19:22 CET 2020
bash: rsync: Kommando nicht gefunden.

real0m0,002s
user0m0,004s
sys 0m0,000s
$

 what is this about?

 lbrtchx