Re: recommend music player?

2022-03-17 Thread Byung-Hee HWANG 
Dear Emanuel,

Emanuel Berg  writes:

> 황병희 wrote:
>
>> Personally my computer is chromebook. I installed Debian 11
>> Bullseye inside chromebook. In that case, YouTube is very
>> useful music player. Ok man sorry for off-topic music
>> player. Though YouTube is so awesome, at least, to me ...
>
> Uhm ... YouTube?!
>
> While YouTube is a great _database_ for multimedia, the
> interface is usually what people dislike about it.
>
> Compared to mpv ... yeah, it is a toy.
>
> But: Here [last] are a bunch of commands that can help you get
> the material, or a bunch of material actually, from a single
> search string ...
>
> This will give you, hopefully, what is good about YouTube so
> you can then combine it with that is awesome about mpv and get
> the best of both worlds.

Thanks, i will try these stuff later. In whole stroy, two things come to
my mind -- mpv and yt-dlp.

> Test with, e.g. this awesome video:
>
>   https://www.youtube.com/watch?v=SdL55HWNPRM
>
> #! /dev/zsh
> #
> # this file:
> #   https://dataswamp.org/~incal/conf/.zsh/dl
>
> dl_resume=".dl"
>
> dl-resume () {
> if [[ -f $dl_resume ]]; then
> rtorrent $(cat $dl_resume)
> else
> echo "Cannot resume, no $dl_resume file" >&2
> fi
> }
>
> dl () {
> local urls=${1:-$(<$DL_FILE)}
>
> if [[ $urls == magnet* ]]; then
> echo $urls > $dl_resume
> rtorrent ${=urls}
> elif [[ $urls == http* ]]; then
> dl-both $urls
> fi
> }
>
> dlp_opts=(-i -q --no-colors --no-warnings)
>
> dl-both () {
> local urls=${1:-$(<$DL_FILE)}
> yt-dlp $dlp_opts ${=urls}
> }
>
> dl-video () {
> local urls=${1:-$(<$DL_FILE)}
> yt-dlp $dlp_opts -f 'bestvideo' ${=urls}
> }
>
> dl-audio () {
> local urls=${1:-$(<$DL_FILE)}
> yt-dlp $dlp_opts -f 'bestaudio' ${=urls}
> }
>
> dl-1080-up () {
> local urls=${1:-$(<$DL_FILE)}
> yt-dlp $dlp_opts -f 'bestvideo[height>=1080]+bestaudio' ${=urls}
> }
>
> dl-720-up () {
> local urls=${1:-$(<$DL_FILE)}
> yt-dlp $dlp_opts -f 'bestvideo[height>=720]+bestaudio' ${=urls}
> }
>
> dl-2160 () {
> local urls=${1:-$(<$DL_FILE)}
> yt-dlp $dlp_opts -f 'bestvideo[height=2160]+bestaudio' ${=urls}
> }
>
> dl-1080 () {
> local urls=${1:-$(<$DL_FILE)}
> yt-dlp $dlp_opts -f 'bestvideo[height=1080]+bestaudio' ${=urls}
> }
>
> dl-720 () {
> local urls=${1:-$(<$DL_FILE)}
> yt-dlp $dlp_opts -f 'bestvideo[height=720]+bestaudio' ${=urls}
> }
>
> dl-2160-video () {
> local urls=${1:-$(<$DL_FILE)}
> yt-dlp $dlp_opts -f 'bestvideo[height=2160]' ${=urls}
> }
>
> dl-1080-up-video () {
> local urls=${1:-$(<$DL_FILE)}
> yt-dlp $dlp_opts -f 'bestvideo[height>=1080]' ${=urls}
> }
>
> dl-720-up-video () {
> local urls=${1:-$(<$DL_FILE)}
> yt-dlp $dlp_opts -f 'bestvideo[height>=720]' ${=urls}
> }
>
> dl-all () {
> local fun=$1
> shift
> local search=$@
>
> local name=$funcstack[1]
> local file=.${name}-str.txt
>
> if [[ $fun == 'cat' ]]; then
> cat $file
> else
> echo $search >> $file
>
> local hits=$(printf '%s\t%s\r\n' /youtube.cgi $search |
>  nc git.codemadness.org 70|
>  awk -F '\t' '/^h.*embed/ { sub("URL:", "", $2); print $2 
> }')
> $fun $hits
> fi
> }
> alias dac='dl-all cat'
>
> dl-all-1080-up () {
> local search=$@
> dl-all dl-1080-up $search
> }
> alias da=dl-all-1080-up
>
> dl-all-720-up () {
> local search=$@
> dl-all dl-720-up $search
> }
>
> dl-all-both () {
> local search=$@
> dl-all dl-both $search
> }
>
> dl-all-2160-video () {
> local search=$@
> dl-all dl-2160-video $search
> }
> alias dl-all-4k-video=dl-all-2160-video
>
> dl-all-2160 () {
> local search=$@
> dl-all dl-2160 $search
> }
> alias dl-all-4k=dl-all-2160
>
> dl-all-1080 () {
> local search=$@
> dl-all dl-1080 $search
> }
>
> dl-all-720 () {
> local search=$@
> dl-all dl-720 $search
> }
>
> dl-all-1080-up-video () {
> local search=$@
> dl-all dl-1080-up-video $search
> }
>
> dl-all-720-up-video () {
> local search=$@
> dl-all dl-720-up-video $search
> }
>
> dl-up-down () {
> local search=$@
> dl-all dl-2160 $search
> dl-all dl-1080 $search
> dl-all dl-720  $search
> }
>
> dl-all-video () {
> local search=$@
> dl-all dl-video $search
> }
>
> dl-all-audio () {
> local search=$@
> dl-all dl-audio $search
> }
> alias daa=dl-all-audio
>
> dl-music () {
> local songs=($@)
>
> local s
> local hit
> for s in $songs; do
> hit=$(printf '%s\t%s\r\n' /youtube.cgi $s |
>   nc git.codemadness.org 70   |
>   head -n 1   |
>   awk -F '\t' '/^h.*embed/ { sub("URL:", "", $2); print $2 }')
> dl-audio $hit
> done
> }
>

The zsh script looks like python script ...

Thanks again ^^^

Sincerely, Linux fan Byung-Hee from South Korea

-- 
^고맙습니다

Re: recommend music player?

2022-03-17 Thread Byung-Hee HWANG 
(... sorry for off-topic ...)

#+begins_src text
X-Amavis-Spam-Status: No, score=-2.715 tagged_above=-1 required=5.3
tests=[BAYES_00=-2, BODY_8BITS=1.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_SUSPICIOUS_NTLD=0.498,
LDO_WHITELIST=-5, MONEY=0.5, PDS_OTHER_BAD_TLD=1.997,
RCVD_IN_DNSWL_NONE=-0.0001, T_SCC_BODY_TEXT_LINE=-0.01]
#+end_src

Above is before my message <87k0csyj6o.fsf@penguin> header. For first
time in my life, i got it 'MONEY=0.5' tag. That (MONEY tag) seems from
the zsh script?! There were many '$' sign.

INDEED, i like money in real life ^^^

(sorry for again off-topic)

Sincerely, Linux fan Byung-Hee 

-- 
^고맙습니다 _地平天成_ 감사합니다_^))//

Re: Thunderbird / Dovecot TLS Problem

2022-03-17 Thread Dan Ritter 
Jeremy Ardley wrote: 
> I've been using Thunderbird for years now but made some minor tweaks as
> I'm setting up an imap proxy for remote access to my
> debian/dovecot/postfix server.


Out of curiousity, why are you using a proxy rather than opening
the firewall for ports 25 and 993 and routing those to the
mail server?

-dsr-

Re: iwd + systemd-networkd + resolvconf wrinkles

2022-03-17 Thread Thomas Pircher 

David Wright wrote:

As I said, I tried that.


Ack. I must have glossed over that. Sorry. The rest of my mail stands,
though.


You can configure various settings for the DNS resolver in your
systemd-networkd setting and in /etc/systemd/resolved.conf.


Like what?


Full description here:
https://www.freedesktop.org/software/systemd/man/systemd.network.html#%5BDHCPv4%5D%20Section%20Options
https://www.freedesktop.org/software/systemd/man/resolved.conf.html

But what I find useful is to be able to select per interface if DNS
should be used from the DHCP server, if there is a clash.
I also ended up disabling DNSSEC on some machines due to a broken
server.


On bookworm you also have the resolvectl tool, which helps debugging DNS
issues.


And bullseye has that too. I don't really know how to use it.


Cool. If you just type resolvectl, it will show you which information it
got on each interface.
You can also debug your slow queries by using "resolvectl query
google.com". It will show you which interface the query goes out on and
how long it took to get the response.


There seem to be timeouts involved in most cases, so   time ping -c 1 foo
will typically take 15sec, and host lookups will take 10 or 20sec.


That is far too long. A wild guess: you may have received a bunch of
unresponsive DNS servers from your DHCP reply, and your machine is
trying to use them in turn, until it finds a working server?
DNSSEC problem? Or do you get IPv6 addresses for the DNS server, but
they are not reachable?

You can try debugging this with the resolvectl tool, to find out the
list of the servers. Then query them with the dig tool from the
bind9-dnsutils package:

dig google.com @8.8.8.8

Replace the IP address in @8.8.8.8 with the an IP from the output of
resolvectl.


# resolvectl query smtp.lionunicorn.co.uk   answered in 57.6 secs.
# resolvectl query lionunicorn.co.uk   failed with:
lionunicorn.co.uk: resolve call failed: Query timed out


On my machine I get:

# resolvectl query smtp.lionunicorn.co.uk
smtp.lionunicorn.co.uk: 149.255.60.149 -- link: vlan3512

-- Information acquired via protocol DNS in 31.0ms.
-- Data is authenticated: no

Try running the queries with dig, as described above.


The debug output is difficult to interpret, though I did notice that
it was reporting "cache misses" repeatedly on the same address (but
there must be some caching going on, because there was an occasional
hit being reported).


It really sounds like some of the DNS servers are not reachable.


The idea of "debugging DNS issues" doesn't exactly thrill me. I'm
imagining a scenario where I'm sitting in an airport or motel room,
having managed to make a connection with iwd and negotiate their
captive portal or whatever, and then run into /this/ problem.


Ack, fully understand. I do think there is something broken in your
network setup or the server that gives you the list of DNS server is not
configured correctly.

If you have found a way to fix the problem, or work around it, by using
another tool, and this works for you, all the power to you. :-)

Cheers
Thomas

Re: cups/avahi-daemon - worrying logs

2022-03-17 Thread Richard Hector 

On 17/03/22 19:37, mick crane wrote:

On 2022-03-17 05:09, Richard Hector wrote:

On 8/03/22 13:25, Richard Hector wrote:

Hi all,

I've recently set up a small box to run cups, to provide network 
access to a USB-only printer. It's a 32-bit machine running bullseye.


I'm seeing log messages like these:

Mar  7 15:47:47 whio avahi-daemon[310]: Record 
[Brother\032HL-2140\032\064\032whio._ipps._tcp.local#011IN#011SRV 0 
0 631 whio.local ; ttl=120] not fitting in legacy unicast packet, 
dropping.
Mar  7 15:47:47 whio avahi-daemon[310]: Record 
[whio.local#011IN#011 fe80::3e4a:92ff:fed3:9e16 ; ttl=120] not 
fitting in legacy unicast packet, dropping.
Mar  7 15:47:48 whio avahi-daemon[310]: Record 
[Brother\032HL-2140\032\064\032whio._ipp._tcp.local#011IN#011SRV 0 0 
631 whio.local ; ttl=120] not fitting in legacy unicast packet, 
dropping.
Mar  7 15:47:48 whio avahi-daemon[310]: Record 
[whio.local#011IN#011 fe80::3e4a:92ff:fed3:9e16 ; ttl=120] not 
fitting in legacy unicast packet, dropping.


Those link-local IPv6 addresses belong to the machine itself. It 
currently has no other IPv6 address(es) (other than loopback), but I 
should probably set that up.


Any hints as to what's going on?

Most of the hits I get from a web search are full of 'me too' with no 
answers.


Nobody? Not even another 'me too'? :-)

Any suggestions for further/better questions to ask, or info to provide?


I have no idea. Could it be something to do with this old report ?
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683


I don't think so - that seems to relate to too many packets, rather than 
packets being too big.



I would probably fiddle about to get rid of the IPV6 thing.


I don't want to get rid of IPv6 - I use it. It could be connected with 
IPv6 due to IPv6 (IIRC) not allowing fragmentation of packets.


Cheers,
Richard

Re: cups/avahi-daemon - worrying logs

2022-03-17 Thread mick crane 

On 2022-03-17 05:09, Richard Hector wrote:

On 8/03/22 13:25, Richard Hector wrote:

Hi all,

I've recently set up a small box to run cups, to provide network 
access to a USB-only printer. It's a 32-bit machine running bullseye.


I'm seeing log messages like these:

Mar  7 15:47:47 whio avahi-daemon[310]: Record 
[Brother\032HL-2140\032\064\032whio._ipps._tcp.local#011IN#011SRV 0 0 
631 whio.local ; ttl=120] not fitting in legacy unicast packet, 
dropping.
Mar  7 15:47:47 whio avahi-daemon[310]: Record 
[whio.local#011IN#011 fe80::3e4a:92ff:fed3:9e16 ; ttl=120] not 
fitting in legacy unicast packet, dropping.
Mar  7 15:47:48 whio avahi-daemon[310]: Record 
[Brother\032HL-2140\032\064\032whio._ipp._tcp.local#011IN#011SRV 0 0 
631 whio.local ; ttl=120] not fitting in legacy unicast packet, 
dropping.
Mar  7 15:47:48 whio avahi-daemon[310]: Record 
[whio.local#011IN#011 fe80::3e4a:92ff:fed3:9e16 ; ttl=120] not 
fitting in legacy unicast packet, dropping.


Those link-local IPv6 addresses belong to the machine itself. It 
currently has no other IPv6 address(es) (other than loopback), but I 
should probably set that up.


Any hints as to what's going on?

Most of the hits I get from a web search are full of 'me too' with no 
answers.


Nobody? Not even another 'me too'? :-)

Any suggestions for further/better questions to ask, or info to 
provide?


I have no idea. Could it be something to do with this old report ?
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683
I would probably fiddle about to get rid of the IPV6 thing.

mick



--
Key ID4BFEBB31

Thunderbird / Dovecot TLS Problem

2022-03-17 Thread Jeremy Ardley 
I've been using Thunderbird for years now but made some minor tweaks as
I'm setting up an imap proxy for remote access to my
debian/dovecot/postfix server.

The issue is I changed the account settings in thunderbird to use
STARTTLS and port 993. It now doesn't work. I see a connection in
wireshark, but then nothing happens and dovecot logs no attempt to
authenticate and it just times out.

I also installed claws email (which I'm using for this email) It has
the same settings and works flawlessly from the same client machine I
use for thunderbird. I conclude there are no routing issues or firewall
issues.

So the question is what do I need to do to thunderbird to get it to
work with dovecot TLS / 993 ?

Thunderbird: 78.14.0(64 bit)

dovecot --version
2.3.13 (89f716dc2)

cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/;
SUPPORT_URL="https://www.debian.org/support;
BUG_REPORT_URL="https://bugs.debian.org/;

The only other perhaps relevant thing is I did a distro upgrade from 10
to 11 yesterday.

Thanks in advance

Jeremy

P.S. claws is very snappy!

Re: Tarjeta de sonido USB

2022-03-17 Thread Camaleón 
El 2022-03-17 a las 08:45 +0100, Josu Lazkano escribió:

> El mié, 16 mar 2022 a las 16:07, Camaleón () escribió:
> 
> > El 2022-03-16 a las 11:32 +0100, Josu Lazkano escribió:
> >
> > > He probado el dispositivo en un Ubuntu de escritorio y funciona perfecto,
> > > lo he conectado y funciona sin reiniciar ni nada:
> > >
> > > https://i.imgur.com/p4QzE4A.png
> > >
> > > No se que mas probar la verdad.
> > >
> > > Cualquier cosa os digo por aqui.
> >
> > Mira a ver qué versión del kernel tiene el Ubuntu donde te funciona y
> > qué módulos/firmware carga para ese dispositivo, y compáralo con la
> > versión que tienes en Debian del kernel y los módulos/firmware.
> Gracias Camaleón,
> 
> Lo del kernel lo tengo claro como mirar, ¿pero como veo los
> módulos/firmware que carga para el dispositivo? ¿Con un lsmod?

Sí, y también con "lspci -k" te debería decir qué módulo carga el 
dispositivo.

Si es un aparatejo usb, tendrás la información en bruto bajo el árbol 
/sys/bus/usb/devices/.

Saludos,

-- 
Camaleón

Re: Tarjeta de sonido USB

2022-03-17 Thread Josu Lazkano 
El mié, 16 mar 2022 a las 16:07, Camaleón () escribió:

> El 2022-03-16 a las 11:32 +0100, Josu Lazkano escribió:
>
> > He probado el dispositivo en un Ubuntu de escritorio y funciona perfecto,
> > lo he conectado y funciona sin reiniciar ni nada:
> >
> > https://i.imgur.com/p4QzE4A.png
> >
> > No se que mas probar la verdad.
> >
> > Cualquier cosa os digo por aqui.
>
> Mira a ver qué versión del kernel tiene el Ubuntu donde te funciona y
> qué módulos/firmware carga para ese dispositivo, y compáralo con la
> versión que tienes en Debian del kernel y los módulos/firmware.
>
> Saludos,
>
> --
> Camaleón
>
>
Gracias Camaleón,

Lo del kernel lo tengo claro como mirar, ¿pero como veo los
módulos/firmware que carga para el dispositivo? ¿Con un lsmod?

Un saludo.

-- 
Josu Lazkano

Re: Thunderbird / Dovecot TLS Problem

2022-03-17 Thread Jeremy Ardley 
On Thu, 17 Mar 2022 15:05:42 +0800
Jeremy Ardley  wrote:

> I've been using Thunderbird for years now but made some minor tweaks
> as I'm setting up an imap proxy for remote access to my
> debian/dovecot/postfix server.
> 
> The issue is I changed the account settings in thunderbird to use
> STARTTLS and port 993. It now doesn't work. I see a connection in
> wireshark, but then nothing happens and dovecot logs no attempt to
> authenticate and it just times out.
> 
> I also installed claws email (which I'm using for this email) It has
> the same settings and works flawlessly from the same client machine I
> use for thunderbird. I conclude there are no routing issues or
> firewall issues.
> 
> So the question is what do I need to do to thunderbird to get it to
> work with dovecot TLS / 993 ?
> 
> Thunderbird: 78.14.0(64 bit)
> 
> dovecot --version
> 2.3.13 (89f716dc2)
> 
> cat /etc/os-release 
> PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
> NAME="Debian GNU/Linux"
> VERSION_ID="11"
> VERSION="11 (bullseye)"
> VERSION_CODENAME=bullseye
> ID=debian
> HOME_URL="https://www.debian.org/;
> SUPPORT_URL="https://www.debian.org/support;
> BUG_REPORT_URL="https://bugs.debian.org/;
> 
> The only other perhaps relevant thing is I did a distro upgrade from
> 10 to 11 yesterday.
> 
> Thanks in advance
> 
> Jeremy
> 
> P.S. claws is very snappy!
> 

One further snippet is that I was using port 143 before, using STARTTLS
and it worked fine. I reverted the thunderbird connection and
thunderbird works again on port 143.

Claws works on both port 993 and 143 using STARTTLS.

Jeremy

Re: Thunderbird / Dovecot TLS Problem

2022-03-17 Thread Tixy 
On Thu, 2022-03-17 at 15:05 +0800, Jeremy Ardley wrote:
> I've been using Thunderbird for years now but made some minor tweaks as
> I'm setting up an imap proxy for remote access to my
> debian/dovecot/postfix server.
> 
> The issue is I changed the account settings in thunderbird to use
> STARTTLS and port 993. It now doesn't work. I see a connection in
> wireshark, but then nothing happens and dovecot logs no attempt to
> authenticate and it just times out.
> 
> I also installed claws email (which I'm using for this email) It has
> the same settings and works flawlessly from the same client machine I
> use for thunderbird. I conclude there are no routing issues or firewall
> issues.

Isn't port 993 for IMAP over TLS? And STARTTLS is a protocol for
upgrading a non-TLS connection to TLS (as you would use on IMAP port
143)

Perhaps you should not be using STARTTLS but just connecting initially
as TLS. My MUA (Evolution) has three options for connections...

- No Encryption.
- STARTTLS after connection.
- TLS on dedicated port.

I use the latter to connect to my Dovecot server, on port 993.

-- 
Tixy

Re: Thunderbird / Dovecot TLS Problem

2022-03-17 Thread Markus Schönhaber 

17.03.22, 08:05 +0100, Jeremy Ardley:


I've been using Thunderbird for years now but made some minor tweaks as
I'm setting up an imap proxy for remote access to my
debian/dovecot/postfix server.

The issue is I changed the account settings in thunderbird to use
STARTTLS and port 993. It now doesn't work. I see a connection in
wireshark, but then nothing happens and dovecot logs no attempt to
authenticate and it just times out.


By default, Dovecot listens on port 993 in TLS wrappermode, i. e. the 
encrypted connection has to be established before any user data can be 
transmitted (nothing will be sent unecrypted).
OTOH, by telling Thunderbird to use STARTTLS you told it to try to 
establish an unencrypted network connection first, and afterwards issue 
the STARTTLS command over this plaintext connection to start the encryption.

This won't work. Change the connection security in TB to SSL/TLS.

--
Regards
  mks

Re: Debian DSA-5095-1 : linux - security update

2022-03-17 Thread Greg Wooledge 
On Thu, Mar 17, 2022 at 07:32:27PM +0530, Sona Das wrote:
> But whenever I tried to upgrade my linux-header it still remains on 
> linux-headers-5.10.0-10 version, it doesn’t gets upgraded to the latest one.
> 
> As per the below url the security vulnerability for Debian 11 is resolved in 
> version 5.10.103-1, but my "apt-get upgrade”  doesn’t upgrade the 
> linux-headers to the latest fixed version

First, you need to run "apt-get update" to refresh your cached copy
of the available package lists.

Second, you need to run "apt-get --with-new-pkgs upgrade" (or simply
"apt-get dist-upgrade" if you prefer that) in order to download new
packages that are dependencies of existing packages.

If you only use "apt-get upgrade", you will never bring in any new
kernels or kernel headers, because each ABI bump creates a whole new
package with a whole new name.  Similarly, any security update that
has new library dependencies will be blocked.  The packages that are
built from the BIND source tend to fall into that group quite often.

Another alternative, if you don't like the two I've already given, would
be to use "apt upgrade".  This uses the --with-new-pkgs option by default.
However, it also has some REALLY negative behaviors (deletes package files
from /var/cache/apt/archives/ afterward, and uses yellow text that is
extremely hard to read on a white background, and cannot be changed), so
you might not want this one.

Re: Debian DSA-5095-1 : linux - security update

2022-03-17 Thread Peter Wienemann 

Hi Sona,

On 17.03.22 15:02, Sona Das wrote:
But whenever I tried to upgrade my linux-header it still remains on 
linux-headers-5.10.0-10 version, it doesn’t gets upgraded to the latest one.


have you verified that the metapackage linux-headers-amd64 is installed 
on your system - as suggested by Ben (see below)?


On 17-Mar-2022, at 5:38 AM, Ben Hutchings > wrote:

So long as you
install the metapackage linux-headers-amd64, replacements like this
should be upgraded automatically.


You can check its status using

dpkg -l linux-headers-amd64

Best regards,

Peter

Re: Debian DSA-5095-1 : linux - security update

2022-03-17 Thread Sona Das 
But whenever I tried to upgrade my linux-header it still remains on 
linux-headers-5.10.0-10 version, it doesn’t gets upgraded to the latest one.

As per the below url the security vulnerability for Debian 11 is resolved in 
version 5.10.103-1, but my "apt-get upgrade”  doesn’t upgrade the linux-headers 
to the latest fixed version

https://security-tracker.debian.org/tracker/CVE-2022-23222 


Im using the below repository urls in my sources.list to update my Debian system

deb http://deb.debian.org/debian/ bullseye main
deb-src http://deb.debian.org/debian/ bullseye main
deb http://deb.debian.org/debian/ bullseye-updates main contrib
deb-src http://deb.debian.org/debian/ bullseye-updates main contrib
deb http://security.debian.org/debian-security bullseye-security main contrib
deb-src http://security.debian.org/debian-security bullseye-security main 
contrib

> On 17-Mar-2022, at 5:38 AM, Ben Hutchings  wrote:
> 
> On Wed, 2022-03-16 at 23:46 +0530, Sona Das wrote:
>> Hi Team,
>> 
>> We are having High level threat in our Debian systems detected by our 
>> vulnerability scanners 
>> Debian DSA-5095-1 : linux - security update
>> 
>> Debian DSA-4994-1 : bind9 - security update
>> 
>> We tried to upgrade our Debian systems using the Debian repo but the 
>> affected packages didn’t received the package upgrade which takes care of 
>> the vulnerability. Below packages are affected and are not getting upgraded:
>> linux-headers-5.10.0-10-amd64_5.10.84-1
> 
> This was replaced by linux-headers-5.10.0-11-amd64.  So long as you
> install the metapackage linux-headers-amd64, replacements like this
> should be upgraded automatically.
> 
>> libirs-export161_1:9.11.19+dfsg-2.1
> 
> This is the only version available in Debian.  It is built separately
> from bind9 and is only used by the ISC DHCP server.
> 
> Ben.
> 
> -- 
> Ben Hutchings
> Make three consecutive correct guesses and you will be considered
> an expert.


Best regards,
Sona Das
--- 
+91 7021926734 / 9768458639


CONFIDENTIALITY. This email and any attachments are confidential to Alef Edge, 
and may also be privileged, except where the email states it can be disclosed. 
If this email is received in error, please do not disclose the contents to 
anyone, notify the sender by return email, and delete this email (and any 
attachments) from your system.


-- 


CONFIDENTIALITY. This email and any attachments are confidential to Alef 
Edge Inc., and may also be privileged, except where the email states it can 
be disclosed. If this email is received in error, please do not disclose 
the contents to anyone, notify the sender by return email, and delete this 
email (and any attachments) from your system.

Re: iwd + systemd-networkd + resolvconf wrinkles

2022-03-17 Thread Brian 
On Sun 13 Mar 2022 at 20:04:06 -0500, David Wright wrote:

[...]

> By the end of all this, the link should be working, and a file
> like this will have been written (that only root can see):
> 
> # cat /var/lib/iwd/YourSSID.psk 
> [Security]
> PreSharedKey=abdcef0123456789…abdcef0123456789…abdcef0123456789
> Passphrase=yoursecretpassphrase
> #

However, brian (who is not in the netdev group) can do

  iwctl known-networks YourSSID forget

and /var/lib/iwd/YourSSID.psk is deleted.

This user can also successfully execute

  iwctl station wlan0 connect YourSSID

to bring about association with a WAP. Neither should be possible.

-- 
Brian.

Re: mpd, clementine, lxmusic, qmmp, quodlibet not playing!

2022-03-17 Thread 황병희 
Dear Sharon,

Sharon Kimble  writes:
 
> After downloading and installing the new kernels yesterday I rebooted.
>
> And now I cannot get mpd to play any sound at all! Juk can play, as can
> mpv, but neither can clementine, lxmusic, qmmp, nor quodlibet play!
>
> So how can I get them all playing please? Has there been some changes
> resulting from the new kernels that affect audio output please? This is
> on a straight debian 11 install, with no debian 10 packages.

It would be to go back before kernel?! Or bug report please? 

Sincerely, Linux fan Byung-Hee

-- 
^고맙습니다 _地平天成_ 감사합니다_^))//

Re: iwd + systemd-networkd + resolvconf wrinkles

2022-03-17 Thread Brian 
On Thu 17 Mar 2022 at 09:33:30 -0400, Stefan Monnier wrote:

> > However, your post inspired me. The installed size of iwd is a fifth
> > that of wpasuppicant.
> 
> I'm curious what is the explanation for that size difference, since from
> a casual look it appears that iwd provides pretty much a superset of the
> functionality of wpa-supplicant (more specifically the extra feature is
> DHCP client).

Specifically, I do not know. The executables are 3,272,960 and
448,364 (iwd).

-- 
Brian.

mpd, clementine, lxmusic, qmmp, quodlibet not playing!

2022-03-17 Thread Sharon Kimble 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512


After downloading and installing the new kernels yesterday I rebooted.

And now I cannot get mpd to play any sound at all! Juk can play, as can
mpv, but neither can clementine, lxmusic, qmmp, nor quodlibet play!

So how can I get them all playing please? Has there been some changes
resulting from the new kernels that affect audio output please? This is
on a straight debian 11 install, with no debian 10 packages.

Thanks
Sharon.
- -- 
Debian 11, fluxbox 1.3.7, emacs 29.0.50, org 9.5.2
-BEGIN PGP SIGNATURE-

iQJRBAEBCgA7FiEELSc/6QwVBIYugJDbNoGAGQr4g1sFAmIzHF0dHGJvdWRpY2Nh
c0Bza2ltYmxlMDkucGx1cy5jb20ACgkQNoGAGQr4g1vJ0Q/5ARwjZkx2IrRe3Kax
57KIpcuQnBGNFGjo8Jt9ISfiNGu5k2CpoqlQ6uvS/Q5pNX1YCc5BTSCEvuv+WNq6
j2a0L49zurLD47UQT8kjw7x5pFOY8JnjOA2KO2N9bgWxD2xxW7OgS7iE9l3YpkaW
s2ITNs6Y2zLFPBZOdUILmxu3xCgXzb6BGEzEozQfbAg7zDmlzS0nRHRX8Y9q1KWS
LWhaWawxvdBmVZQo5YAxXFpw268A5w0Ng7A9g6bPrrYHe5RxR5WoRKX4VZq6pk05
mDADgXkgS6V7ZYkABCLGf8Hjwy05GwcY9bC2qVaFMu2NR1vfvjN948QTtxI15plM
UDLiopC0tcrvd7zRwyJYBSlRIkQN7RLArBqwYEIpFEzD7EhQBeqFypjMncPtUZQv
GgLKmy5Oc5Xti3fTYAKd/ljBzmZhfx36lNRzanv7OLTRipUvKoRcXBXxJ211qQef
w+WLkXkQfch29a0ND+wUB0YRvwZCjoWt319rUXhOxkGku+EdRQx6pdHWVXyUjQej
THmvan+uVlgshURjMI6nnppDBuC7qYc1RHIEO1XuU1MEcGVV2d9VHrysQ4Mu47zv
QeAK/Tz7DL/lQbTpQEtn0WDVMn7G8XaqvnyvKNzJ/zwc8xx13LxsN0V0jNUq24yx
ABr2JpvvaJxQZ5vWcTSCkBZpxug=
=OXCD
-END PGP SIGNATURE-

Re: recommend music player?

2022-03-17 Thread Chris Mitchell 
On Wed, 16 Mar 2022 19:41:58 -0400
Dan Ritter  wrote:

> kaye n wrote: 
> > Hello Friends!
> > 
> > I am currently using Debian GNU/Linux 11 (bullseye)
> > 
> > Can anyone recommend a good music player with an equalizer where I
> > can choose Pop, Rock, etc.  
> 
> 
> I recommend that you separate the two.
> 
> For equalization, look to your sound subsystem. If that's
> pulseaudio, install pulseaudio-equalizer and use the qpaeq
> interface.
> 
> If that's pipewire, stable doesn't have a good equalizer yet but
> pulseaudio-equalizer may work and you can easily compile 
> https://github.com/Audio4Linux/JDSP4Linux

...with projectm-pulseaudio thrown in for fun! (Or projectm-jack is an
option if you're on pipewire.)

As for the music player itself, I use Quod Libet. The UI takes a
bit of getting used to, but it's remarkably powerful and flexible. If
you're the kind of nerd who takes pride in their meticulously tagged
music collection, it might be worth a look.

Cheers!
 -Chris

Re: Archiving content of a directory on a DVD-R.

2022-03-17 Thread peter 
From: "Thomas Schmitt" 
Date: Wed, 16 Mar 2022 08:52:24 +0100
> Now it depends on how much it was used in the last 18 years.

Unused since the lab which donated it closed 2016 or 2017.  Likely it 
was unused there for several years.  Could be a decade or more since 
it last operated.

> It will be interesting to learn which of the commercially available media
> are still willing to work.

Old blanks marked "TDK DVD-R 1-16x 4.7 GB". 

This is the shell function from your advice years ago.

FilesToDVD ()
{
printf "Insert open or new DVD-R.";
read t;
cd ~/MY0.Bak/;
xorriso -for_backup -dev /dev/sr0 -update_r . / -commit -toc -check_md5 
failure -- -eject all;
echo "xorriso -dev /dev/sr0 -toc";
echo "sudo mount -o sbsector=nn /dev/sr0 /mnt/iso"
}

Excerpts from the log.

root@joule:/home/root# FilesToDVD
Insert open or new DVD-R.
xorriso 1.5.2 : RockRidge filesystem manipulator, libburnia project.

Drive current: -dev '/dev/sr0'
Media current: DVD-R sequential recording
Media status : is blank
Media summary: 0 sessions, 0 data blocks, 0 data, 4489m free
Updating '/home/root/MY0.Bak' to '/'
xorriso : UPDATE : Adjusted attributes of '/'
xorriso : UPDATE : Added/overwrote '/packages.imager'  (209k)
xorriso : UPDATE : Added/overwrote '/HamamatsuG3367.png'  (987k)
...
xorriso : UPDATE : Added/overwrote '/hosts.carnot'  (536)
Differences detected and updated. (runtime 11.4 s)
xorriso : UPDATE : Writing: 16s0.0%   fifo   8%  buf   0%
xorriso : UPDATE : Writing: 16s0.0%   fifo  17%  buf   0%
xorriso : UPDATE : Writing: 16s0.0%   fifo 100%  buf   0%0.0xD 
...
xorriso : UPDATE : Writing: 624717s  100.0%   fifo   0%  buf  88%0.0xD 
xorriso : UPDATE : Writing: 624717s  100.0%   fifo   0%  buf  88%0.0xD 
xorriso : UPDATE : Closing track/session. Working since 246 seconds
xorriso : UPDATE : Closing track/session. Working since 247 seconds
...
xorriso : UPDATE : Closing track/session. Working since 289 seconds
xorriso : UPDATE : Thank you for being patient. Working since 290 seconds.
ISO image produced: 624567 sectors
Written to medium : 624720 sectors at LBA 0
Writing to '/dev/sr0' completed successfully.

xorriso : NOTE : Re-assessing -outdev '/dev/sr0'
xorriso : NOTE : Loading ISO image tree from LBA 0
xorriso : UPDATE :  10 nodes read in 2 seconds
xorriso : UPDATE :3210 nodes read in 2 seconds
Drive current: -dev '/dev/sr0'
Media current: DVD-R sequential recording
Media status : is written , is appendable
Media summary: 1 session, 624720 data blocks, 1220m data, 3194m free
Volume id: 'ISOIMAGE'
Drive current: -dev '/dev/sr0'
Drive access : exclusive:unrestricted
Drive type   : vendor 'PLEXTOR' product 'DVDR PX-708A' revision '1.06'
Drive id : '148925  '
Media current: DVD-R sequential recording
Media product: CMC_MAG._AM3 , CMC Magnetics Corporation
Media status : is written , is appendable
Media blocks : 624720 readable , 1635264 writable , 2297888 overall
TOC layout   : Idx ,  sbsector ,   Size , Volume Id
ISO session  :   1 , 0 ,624567s , ISOIMAGE
Media summary: 1 session, 624720 data blocks, 1220m data, 3194m free
Media nwa: 662624s
Checking loaded session by its recorded MD5.
Session MD5 8d6f545135195508327eacdc1f1c365b , LBA 0 , 624540 blocks
xorriso : UPDATE :  23232k content bytes read in 5 seconds , 3.4xD
...
xorriso : UPDATE : 1213.6m content bytes read in 215 seconds , 5.1xD
xorriso : UPDATE : 1219.8m content bytes read in 216 seconds = 4.3xD
Ok, session data match recorded md5.
xorriso -dev /dev/sr0 -toc
sudo mount -o sbsector=nn /dev/sr0 /mnt/iso
root@joule:/home/root/MY0.Bak# 

Thanks,   ... P.

-- 
mobile: +1 778 951 5147
  VoIP: +1 604 670 0140
   48.7693 N 123.3053 W

Re: PCIe 3.0 8 port SATA 6 Gbps HBA for SOHO network

2022-03-17 Thread David Christensen 

On 3/17/22 18:47, Alexander V. Makartsev wrote:

On 18.03.2022 04:59, David Christensen wrote:

debian-user:

I have a SOHO network with various x86_64 servers/ workstations/ 
desktops (FreeBSD, Debian, Windows) and an assortment of phones/ pads/ 
pods/ televisions/ game consoles, etc..  I would like to add more SATA 
6 Gbps HDD's and/or SSD's to the x86_64 machines and am looking for a 
suitable PCIe 3.0 8 port SATA 6 Gbps host bus adapter (non-RAID).



The LSI® SAS 9207-8i PCI Express® to 6Gb/s Serial Attached SCSI (SAS)
Host Bus Adapter looks appealing:

https://docs.broadcom.com/doc/12353331
In my opinion Broadcom\LSI\Avago is one of the best hardware storage 
solutions you can get.

But, this model is EOL.
I mean if it works it works, but in case of any problems with it in the 
future, there will be no official support, no updates to firmware, no 
updates/fixes for drivers.



Thank you for the reply.  :-)


Most of my hardware is EOL, Broadcom still makes the latest firmware 
available, and I assume the FreeBSD mps(4) device driver won't be EOL'd 
anytime soon, so the 9207-8i being EOL is not a problem.



David

Re: PCIe 3.0 8 port SATA 6 Gbps HBA for SOHO network

2022-03-17 Thread Alexander V. Makartsev 

On 18.03.2022 08:18, David Christensen wrote:


STFW I am unable to determine if the LSI 9207-8i HBA (SAS 2308 I/O 
controller) is supported by Linux and Debian (?).  Suggestions?

This adapter has VEN_ID 1000 & DEV_ID 0087.¹
Output from "$ sudo modinfo mpt3sas" suggests that devices based on this 
controller should be supported.



¹ https://pci-ids.ucw.cz/read/PC/1000/0087

--
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: PCIe 3.0 8 port SATA 6 Gbps HBA for SOHO network

2022-03-17 Thread Dan Ritter 
David Christensen wrote: 
> debian-user:
> 
> I have a SOHO network with various x86_64 servers/ workstations/ desktops
> (FreeBSD, Debian, Windows) and an assortment of phones/ pads/ pods/
> televisions/ game consoles, etc..  I would like to add more SATA 6 Gbps
> HDD's and/or SSD's to the x86_64 machines and am looking for a suitable PCIe
> 3.0 8 port SATA 6 Gbps host bus adapter (non-RAID).
> 
> 
> The LSI® SAS 9207-8i PCI Express® to 6Gb/s Serial Attached SCSI (SAS)
> Host Bus Adapter looks appealing:

We have a bunch of LSI 2008 and 3008 based cards in various
machines. They work exceedingly well. This is a 2308 card; in IT
mode (all separate disks, manage with mdadm or ZFS or whatever),
you will probably be quite happy.

-dsr-

Re: PCIe 3.0 8 port SATA 6 Gbps HBA for SOHO network

2022-03-17 Thread David Christensen 

On 3/17/22 19:07, Dan Ritter wrote:

David Christensen wrote:

debian-user:

I have a SOHO network with various x86_64 servers/ workstations/ desktops
(FreeBSD, Debian, Windows) and an assortment of phones/ pads/ pods/
televisions/ game consoles, etc..  I would like to add more SATA 6 Gbps
HDD's and/or SSD's to the x86_64 machines and am looking for a suitable PCIe
3.0 8 port SATA 6 Gbps host bus adapter (non-RAID).


The LSI® SAS 9207-8i PCI Express® to 6Gb/s Serial Attached SCSI (SAS)
Host Bus Adapter looks appealing:


We have a bunch of LSI 2008 and 3008 based cards in various
machines. They work exceedingly well. This is a 2308 card; in IT
mode (all separate disks, manage with mdadm or ZFS or whatever),
you will probably be quite happy.

-dsr-



Thank you for the reply.  :-)


STFW I see the LSI 9211-8i:

https://docs.broadcom.com/doc/1235

"Implements one LSI SAS 2008 eight-port 6Gb/s to PCIe 2.0 controller"

I want PCIe 3.0.



STFW I see the LSI 9300-8i:

https://docs.broadcom.com/doc/12354877

12 Gbps SAS is more than I need, and the price is about four times 
higher than the LSI 9207-8i.



David

PCIe 3.0 8 port SATA 6 Gbps HBA for SOHO network

2022-03-17 Thread David Christensen 

debian-user:

I have a SOHO network with various x86_64 servers/ workstations/ 
desktops (FreeBSD, Debian, Windows) and an assortment of phones/ pads/ 
pods/ televisions/ game consoles, etc..  I would like to add more SATA 6 
Gbps HDD's and/or SSD's to the x86_64 machines and am looking for a 
suitable PCIe 3.0 8 port SATA 6 Gbps host bus adapter (non-RAID).



The LSI® SAS 9207-8i PCI Express® to 6Gb/s Serial Attached SCSI (SAS)
Host Bus Adapter looks appealing:

https://docs.broadcom.com/doc/12353331


Comments or suggestions?


David

Re: PCIe 3.0 8 port SATA 6 Gbps HBA for SOHO network

2022-03-17 Thread Alexander V. Makartsev 

On 18.03.2022 04:59, David Christensen wrote:

debian-user:

I have a SOHO network with various x86_64 servers/ workstations/ 
desktops (FreeBSD, Debian, Windows) and an assortment of phones/ pads/ 
pods/ televisions/ game consoles, etc..  I would like to add more SATA 
6 Gbps HDD's and/or SSD's to the x86_64 machines and am looking for a 
suitable PCIe 3.0 8 port SATA 6 Gbps host bus adapter (non-RAID).



The LSI® SAS 9207-8i PCI Express® to 6Gb/s Serial Attached SCSI (SAS)
Host Bus Adapter looks appealing:

https://docs.broadcom.com/doc/12353331
In my opinion Broadcom\LSI\Avago is one of the best hardware storage 
solutions you can get.

But, this model is EOL.
I mean if it works it works, but in case of any problems with it in the 
future, there will be no official support, no updates to firmware, no 
updates/fixes for drivers.



--
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: PCIe 3.0 8 port SATA 6 Gbps HBA for SOHO network

2022-03-17 Thread David Christensen 

On 3/17/22 19:38, David Christensen wrote:

On 3/17/22 18:47, Alexander V. Makartsev wrote:

On 18.03.2022 04:59, David Christensen wrote:

debian-user:

I have a SOHO network with various x86_64 servers/ workstations/ 
desktops (FreeBSD, Debian, Windows) and an assortment of phones/ 
pads/ pods/ televisions/ game consoles, etc..  I would like to add 
more SATA 6 Gbps HDD's and/or SSD's to the x86_64 machines and am 
looking for a suitable PCIe 3.0 8 port SATA 6 Gbps host bus adapter 
(non-RAID).



The LSI® SAS 9207-8i PCI Express® to 6Gb/s Serial Attached SCSI (SAS)
Host Bus Adapter looks appealing:

https://docs.broadcom.com/doc/12353331
In my opinion Broadcom\LSI\Avago is one of the best hardware storage 
solutions you can get.

But, this model is EOL.
I mean if it works it works, but in case of any problems with it in 
the future, there will be no official support, no updates to firmware, 
no updates/fixes for drivers.



Thank you for the reply.  :-)


Most of my hardware is EOL, Broadcom still makes the latest firmware 
available, and I assume the FreeBSD mps(4) device driver won't be EOL'd 
anytime soon, so the 9207-8i being EOL is not a problem.



Sorry -- this message is also posted to freebsd-questions and I got 
confused.  :-/



STFW I am unable to determine if the LSI 9207-8i HBA (SAS 2308 I/O 
controller) is supported by Linux and Debian (?).  Suggestions?



David

Re: iwd + systemd-networkd + resolvconf wrinkles

2022-03-17 Thread David Wright 
On Thu 17 Mar 2022 at 12:12:28 (+), Thomas Pircher wrote:
> David Wright wrote:
> > As I said, I tried that.
> 
> Ack. I must have glossed over that. Sorry. The rest of my mail stands,
> though.
> 
> > > You can configure various settings for the DNS resolver in your
> > > systemd-networkd setting and in /etc/systemd/resolved.conf.
> > 
> > Like what?
> 
> Full description here:
> https://www.freedesktop.org/software/systemd/man/systemd.network.html#%5BDHCPv4%5D%20Section%20Options
> https://www.freedesktop.org/software/systemd/man/resolved.conf.html

Yes, I read those, but I can see nothing to profitably change.

> But what I find useful is to be able to select per interface if DNS
> should be used from the DHCP server, if there is a clash.
> I also ended up disabling DNSSEC on some machines due to a broken
> server.

I am assuming that I don't have that problem at home. As for
on-the-road, I'm not sure I'd be capable of diagnosing such problems.

> > > On bookworm you also have the resolvectl tool, which helps debugging DNS
> > > issues.
> > 
> > And bullseye has that too. I don't really know how to use it.
> 
> Cool. If you just type resolvectl, it will show you which information it
> got on each interface.

This is machine F, where /etc/resolv.conf is a file, containing 192.168.1.1 :

$ resolvectl 
Global
 Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: foreign
Current DNS Server: 192.168.1.1
   DNS Servers: 192.168.1.1

Link 2 (enp2s2)
Current Scopes: none
 Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 5 (wlp2s4)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
 Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
$ host www.google.com
www.google.com has address 142.250.138.105
www.google.com has address 142.250.138.103
www.google.com has address 142.250.138.106
www.google.com has address 142.250.138.99
www.google.com has address 142.250.138.104
www.google.com has address 142.250.138.147
www.google.com has IPv6 address 2607:f8b0:4000:80e::2004
$ host www.lionunicorn.co.uk
www.lionunicorn.co.uk has address 149.255.60.149
$ 

Those responses were instantaneous. (I don't think I should expect
resolvectl query   to work here.)

And this is machine R, with systemd-resolved running:

$ ls -l /etc/resolv.conf 
lrwxrwxrwx [ … ] /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
$ resolvectl
Global
   Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (enp1s0)
Current Scopes: none
 Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 4 (wlan0)
Current Scopes: DNS LLMNR/IPv4
 Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.1
   DNS Servers: 192.168.1.1
$ host www.google.com
www.google.com has address 142.251.32.196
www.google.com has IPv6 address 2607:f8b0:4023:1002::63
www.google.com has IPv6 address 2607:f8b0:4023:1002::67
www.google.com has IPv6 address 2607:f8b0:4023:1002::93
www.google.com has IPv6 address 2607:f8b0:4023:1002::69
;; connection timed out; no servers could be reached

$ resolvectl query www.google.com
www.google.com: 2607:f8b0:4000:805::2004   -- link: wlan0
142.251.46.132 -- link: wlan0

-- Information acquired via protocol DNS in 33.6ms.
-- Data is authenticated: no
$ resolvectl query www.lionunicorn.co.uk
www.lionunicorn.co.uk: resolve call failed: Connection timed out
$ 

Here, host's substantive response was immediate, but I had to wait for
the prompt to return.

> You can also debug your slow queries by using "resolvectl query
> google.com". It will show you which interface the query goes out on and
> how long it took to get the response.

The attached file has the date, hour, hostname, systemd-resolved and
PID removed, and it pertains to the www.lionunicorn.co.uk query above.
Perhaps this would pinpoint a problem.

> > There seem to be timeouts involved in most cases, so   time ping -c 1 foo
> > will typically take 15sec, and host lookups will take 10 or 20sec.
> 
> That is far too long. A wild guess: you may have received a bunch of
> unresponsive DNS servers from your DHCP reply, and your machine is
> trying to use them in turn, until it finds a working server?
> DNSSEC problem? Or do you get IPv6 addresses for the DNS server, but
> they are not reachable?
> 
> You can try debugging this with the resolvectl tool, to find out the
> list of the servers. Then query them with the dig tool from the
> bind9-dnsutils package:
> 
> dig google.com @8.8.8.8
> 
> Replace the IP address in @8.8.8.8 with the an IP from the output of
> resolvectl.

This response is immediate on R:

$ dig www.lionunicorn.co.uk @192.168.1.1

; <<>> DiG 9.16.22-Debian <<>> www.lionunicorn.co.uk @192.168.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30004
;; flags: qr rd ra; QUERY: 1, ANSWER:

Re: iwd + systemd-networkd + resolvconf wrinkles

2022-03-17 Thread David Wright 
On Wed 16 Mar 2022 at 22:40:07 (+), Brian wrote:
> >   iwd   Highly functional & low resource & DHCP client.
> 
> Thank you for your informative and useful account of iwd. Apologies
> if my snipping is too brutal :).
> 
> It is almost a no-brainer to eastablish a wireless link with iwd. I
> think the single command
> 
>   iwctl station wlan0 connect YourSSI
> 
> should do it.

Yes, assuming you know your SSID (and everything has worked along the way).

> Having said that, it is interesting that a user of a
> presently defunct graphical GUI would choose to take this path.

Me? A GUI? To set up a network? Never have done yet.

Besides, I've set up wicd on low-resource  machines in the past that
never had X running on them. That's the beauty of having a TUI.

> The projected demise of wpasupplicant is premature. For my my use it
> perfecactly fits my needs. The main advantage ove iwd is that it
> integrates very nicely with ifupdown with staticc and roaming setups.
> wpsgui is also a very assistive utility.

I've not had to tell wpasupplicant anything before, because I only ran
ifupdown+wpasupplicant under the original d-i configuration, and then
just until I installed wicd.

The GUI looks as though it's simple to use, but I prefer to be able
to set up networking in the absence of X. The CLI has completion, like
iwd does, which is as well, because the help command is difficult to
use unless you already have some idea of the command vocabulary.
I'm not sure why I could run the GUI as a user, but not the CLI:

  Could not connect to wpa_supplicant: (nil) - re-trying

Perhaps there's something I'm meant to set somewhere.

> OTOH, the Debian iwd package
> does not provide any integration with ifupdown

Does iwd need ifupdown at all? It seems to be able to configure the
interface itself.

> and no one as get has
> published a GUI frontend for it.

I get the impression that that would be seen as bloat.

> However, your post inspired me. The installed size of iwd is a fifth
> that of wpasuppicant. I have machines with only 1 GB of disk space.
> That is a significant saving. So I have ended up with iwd on one of
> them and, with a static stanza in /en/i, can integrate with ifupdown
> to some degree. Happy camping, as they say :).
> 
> Thanks again for giving me some incentive and a bit of fun.

Cheers,
David.

Re: iwd + systemd-networkd + resolvconf wrinkles

2022-03-17 Thread David Wright 
On Thu 17 Mar 2022 at 14:50:06 (+), Brian wrote:
> On Sun 13 Mar 2022 at 20:04:06 -0500, David Wright wrote:
> 
> [...]
> 
> > By the end of all this, the link should be working, and a file
> > like this will have been written (that only root can see):
> > 
> > # cat /var/lib/iwd/YourSSID.psk 
> > [Security]
> > PreSharedKey=abdcef0123456789…abdcef0123456789…abdcef0123456789
> > Passphrase=yoursecretpassphrase
> > #
> 
> However, brian (who is not in the netdev group) can do
> 
>   iwctl known-networks YourSSID forget
> 
> and /var/lib/iwd/YourSSID.psk is deleted.
> 
> This user can also successfully execute
> 
>   iwctl station wlan0 connect YourSSID
> 
> to bring about association with a WAP. Neither should be possible.

I have /read/ that security is handled through D-Bus, but I haven't
followed this up because the above doesn't present a problem here.

For example, /etc/dbus-1/system.d/org.freedesktop.ModemManager1.conf
seems to be aimed at controlling a modem, where a user might otherwise
be able to spend real money at someone else's expense. I guess Debian
might provide something like that.

I /imagine/ that such a facility could be quite fine-grained, unlike
plain netdev permissions. For example, allowing "connect"ions like the
above, but only to pre-defined SSIDs, and disallowing reconfigurations
like the "forget" above.

Then an /etc/default/iwd might define the privileged usernames for
each operation, or point to a file defining such.

Cheers,
David.

Re: iwd + systemd-networkd + resolvconf wrinkles

2022-03-17 Thread David Wright 
On Thu 17 Mar 2022 at 09:33:30 (-0400), Stefan Monnier wrote:
> > However, your post inspired me. The installed size of iwd is a fifth
> > that of wpasuppicant.
> 
> I'm curious what is the explanation for that size difference, since from
> a casual look it appears that iwd provides pretty much a superset of the
> functionality of wpa-supplicant (more specifically the extra feature is
> DHCP client).

Perhaps because wpasupplicant, accoring to wikipedia, supports Linux,
FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2
(including ArcaOS and eComStation) and Haiku. […] it also implements
WPA and older wireless LAN security protocols.

OTOH iwd supports Linux.

And that's ignoring the "core goal of the project […] to optimize
resource utilization: storage, runtime memory and link-time costs.

Cheers,
David.

Re: Debian DSA-5095-1 : linux - security update

2022-03-17 Thread Cindy Sue Causey 
On 3/17/22, Peter Wienemann  wrote:
>
> You can check its status using
>
> dpkg -l linux-headers-amd64


That has interesting feedback. I've been using the following for a
slightly different trek toward a similar end (includes what mine says
right now):

$ apt-cache policy linux-headers-amd64
linux-headers-amd64:
  Installed: 5.16.12-1
  Candidate: 5.16.12-1
  Version table:
 5.17~rc8-1~exp1 1
  1 http://deb.debian.org/debian experimental/main amd64 Packages
 *** 5.16.12-1 500
500 http://deb.debian.org/debian bookworm/main amd64 Packages
100 /var/lib/dpkg/status

Being able to compare the Installed versus Candidate fields has been
cognitively friendly as a checkpoint for my style of user generated...
issues. :D

For newer users, the various versions under "Version table" reflect
that I use "bookworm bookworm-updates experimental" as the "Suites" in
my debian.sources** file. Version table's nice to see because that
data is a constant reminder to think ahead about developing toward the
Future.

IMPORTANT: It's highly recommended that we avoid experimental. It's
just that that's the only place I can find wicd-curses. Thank you for
wicd-curses still being there, Developers! That's a priceless package.
:)

** debian-sources goes under sources.list.d as an alternative to
sources.list. It was a momentarily seen talking point under something
like "man sources.list" at some point in my own personal Debian
adventures.

Cindy :)
-- 
Talking Rock, Pickens County, Georgia, USA
* runs with birdseed *

Re: iwd + systemd-networkd + resolvconf wrinkles

2022-03-17 Thread RP 
I just wanted to say thanks for the post and instructions. I've been 
using IWD on a different distro and wish that Debian will someday adopt 
it as its default.