suscribe
suscribe
Re: audacity export wma format[1 more question]
Hi. On Thu, Oct 24, 2013 at 11:56:01PM +1100, Scott Ferguson wrote: should have been:- $ echo alias s='su -c' ~/.bash_aliases;. .bashrc This works better as: function s() { su -l root -c $* } export -f s Saves an extra Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131024132720.GA23106@x101h
Re: audacity export wma format[1 more question]
On Fri, Oct 25, 2013 at 12:35:49AM +1100, Scott Ferguson wrote: On 25/10/13 00:27, Reco wrote: Hi. On Thu, Oct 24, 2013 at 11:56:01PM +1100, Scott Ferguson wrote: should have been:- $ echo alias s='su -c' ~/.bash_aliases;. .bashrc This works better as: function s() { su -l root -c $* } export -f s Saves an extra Reco Nice. Thanks. (I was too lazy to process $1, alias won't. Guess I don't find becoming su to run specific commands exceedingly onerous). I presume that function would added to .bashrc (??) Yes, add it to .bashrc. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131024145324.GA26957@x101h
Re: audacity export wma format[1 more question]
Hi. On Fri, Oct 25, 2013 at 02:11:51PM +1100, Scott Ferguson wrote: I don't understand how a user whithout the root password, and only his own password could use sudo, which seems to be how Debian is set up. Not just Debian. And it's by using the NOPASSWD option (with, as Bob has clarified) in the first user created's sudoers profile No, NOPASSWD only allows user to use sudo without any password at all. If NOPASSWD is not set, sudo decides whenever to ask user's or root's password by looking for rootpw variable in sudoers(5). Btw, rootpw is off by default. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131025074617.GA24652@x101h
Re: another dependency question
Hi. On Fri, 25 Oct 2013 19:06:22 +0100 Brian a...@cityscape.co.uk wrote: Yes! I use evince too, BUT evince is not (yet) able to display/use all the capabilities of a pdf file, so I need to test some pdf file created by TeX/LaTeX Which capabilities do you have in mind which evince (or another PDF reader) is unable to display or use? Six things at least: 1) Javascript support in PDF forms. 2) Embedded movies (Yes, in PDF. Yes, Adobe is crazy). 3) All kinds of 3D embedded stuff. 4) That 'wonderful' PDF lexem that commands PDF reader to execute an arbitrary binary in user's OS (not a joke, this is a real part of PDF 1.4 specs). 5) Apparently, there are some problems with audio playback in libpoppler (yes, audio can be embedded in PDFs too). 6) Older libpoppler versions ignored DRM restrictions in PDF files (a feature for me, but upstream thinks differently). How exactly does one need to use LaTeX to produce such PDF is a mystery to me. But the more mystery is - why produce PDF with such capabilities. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131025235550.2efed207b7b2e745d4e9a...@gmail.com
Re: another dependency question
On Fri, 25 Oct 2013 22:14:56 +0200 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: On Fri, 2013-10-25 at 23:55 +0400, Reco wrote: 2) Embedded movies I hope they require Adobe's original flash player and a DRM registration on the Adobe homepage. Please, please I want this. Nah, that's so 1990. Currently they should require an account at a Adobe Cloud and one's first-born child :) I don't know how this 'feature' is implemented in Adobe Reader (it's been awhile since I used it), but in libpoppler's sources it is called POPPLER_ANNOT_MOVIE. Last time I've checked evince sources it had TODO status. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026002423.bd843aaaf80e48f0f377e...@gmail.com
Re: sudo and UNIXes (was: audacity export wma format[1 more question])
On Fri, 25 Oct 2013 14:21:37 -0600 Bob Proulx b...@proulx.com wrote: recovery...@gmail.com wrote: Bob Proulx wrote: This is not entirely correct. Sudo is considered third-party software in HP-UX (HP merely builds it and doesn't install by default), AIX (not provided by IBM and therefore not supported) and Solaris (third-party software without any support in versions = 10). About the only exception is Solaris 11 which provides sudo in default install (and it is configured the same way as in Ubuntu by default). It is certainly fair that you would take exception to my words (since I often do that to others!) but I said on those not distributed by them. ;-) I didn't say the vendor distributed it. Indeed you didn't. My sincere apologies just in case. Most of those systems ship very little by their vendors. I have used them for many years and almost all of the software that you will use on those systems will have been compiled and installed by the local admin. IMNHO they are mainly a good solid base upon which you as the local admin build the working system upon. And for me if we are talking about what we compile locally from source I would need to look but the list is several hundred packages long! Oh. You mean that HP suddenly transformed to good fairies and stopped charging extra for aCC? Or IBM received an encrypted signal from their supervisors from Mars and did the same to vacc? And don't even mention Sun, those guys managed to build their base system with two different C compilers at once (gcc and that thing they put in Sun Studio instead of C compiler). As for 'solid base'… C'mon, treating openssh as a third-party tool? No meaningful firewall in default install? Telnet and FTP (root is allowed by default) enabled by default and are listening 0.0.0.0? Mandatory access control as a paid feature? Clearly our definitions of 'solid base' are different. Considering that primary usage of sudo is to provide controlled privilege escalation to uid=0, using unsupported (therefore - not updated unless local sysadmins care about security) sudo on these OSes is basically equivalent to giving everyone uid=0. You left the large unless local sysadmins care about security escape clause there. But what about if the local admin *does* care about security? In that case you can have a system with _better_ security than that provided by the vendor. If local sysadmin cares about security then that site is truly blessed. No irony. See, I earn my salary for solving problems with certain proprietary cross-platform software. As a part of job, I visit may different places, and what do I see there? Outdated (like, 10 years outdated) SSH clients. Passwords stored in a plain text files in a recyclebin (or on a sheet of paper under the keyboard). Telnet as a primary administration tool (because 'terminal looks funny in a SecureCRT if I use SSH'). Cargo cult as the main method of configuring servers. Advices such as 'disable encryption in SSH, our server's CPUs cannot handle encryption' (copying files with scp from one Superdome to another). Complete inability to grasp even basic concepts of TCP/IP (we have network guys, they handle it). 'We're using VLANs so we don't need to encrypt anything'. 'We've installed antivirus everywhere = we're secure'. And last, but not least - 'security is complex, security bores me, security breaks our system'. And they are not Joe and Jane the Average End Users. They are sysadmins :( Not that UNIXes are that bad. It happens for any OS, GNU/Linux included. And even in the case of an overworked and somewhat slack admin the system security with source sudo installed but old is probably about the same as the provided by the vendor. Vendors don't update their software that often and usually not without something pushing them to do so. Sudo had vulnerabilities that lead to gaining root access by exploiting them. And people will use is as vendors won't provide them any meaninful way to update all installed software at once. Therefore - using outdated sudo is an equivalent to wearing T-shirt with a root password written on it as an end result will be the same. For improved security a system with many eyes upon the code such as Debian is much better. Anyone using a traditional legacy Unix system today is most likely not using it for the security of the system but for other aspects of it. That's true, but. I didn't implied that proprietary software is insecure (although, honestly, it is :) given what kind of people actually writing it today) a priori, I meant that using outdated tool for gaining security actually lowers it. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026010704.c520162a574e2d5d01ccf...@gmail.com
Re: sudo and UNIXes (was: audacity export wma format[1 more question])
On Fri, 25 Oct 2013 20:28:57 + Tom H tomh0...@gmail.com wrote: On Fri, Oct 25, 2013 at 7:41 PM, recovery...@gmail.com wrote: On Fri, 25 Oct 2013 12:31:55 -0600 Bob Proulx b...@proulx.com wrote: Sudo has been on HP-UX, SunOS, Solaris, IBM AIX and others for many years. It isn't anything new. It is a good worthy tool. This is not entirely correct. Sudo is considered third-party software in HP-UX (HP merely builds it and doesn't install by default), AIX (not provided by IBM and therefore not supported) and Solaris (third-party software without any support in versions = 10). About the only exception is Solaris 11 which provides sudo in default install (and it is configured the same way as in Ubuntu by default). Solaris has had pfexec since Solaris 8. Yes, but pfexec is not sudo. And privilege-aware Solaris shells are definitely not sudo too. Considering that primary usage of sudo is to provide controlled privilege escalation to uid=0, using unsupported (therefore - not updated unless local sysadmins care about security) sudo on these OSes is basically equivalent to giving everyone uid=0. Somewhat exaggerated :) No offense meant, but probably you're living in a some kind of IT paradise ;) 'Nobody does no evil, nobody does any mistakes' kind of paradise. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026011611.f2a1e103756681a7d0e85...@gmail.com
Re: sudo and UNIXes (was: audacity export wma format[1 more question])
On Fri, 25 Oct 2013 22:10:35 +0200 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: In the past I was against sudo, but nowadays I set up a root account (su) and sudo for my Linux and if I use Ubuntu I usually keep it as is, IOW just sudo, no root account. Security doesn't suffer from sudo, OTOH ich bin schmerzfrei as we say in German, somebody on this list called it a sledgehammer: #!/bin/sh xhost + gksudo -u chuser $* xhost - exit Indeed it does have some qualities of a sledgehammer. 'xhost +si:localuser:chuser' will do the same with less side effects. Copying right part of .Xauthority will remove the need to do xhost. C'mon, not all machines are multi-user top security environments. Sure. Also you don't mind providing your credit card number and CCV to the rest of the world. And in no circumstances you won't store any files on any of those machines you don't want to show to anyone. And you have no objections to help some poor kind soul to mine some bitcoins. And you have to objections to participating in botnets or send spam. If you talk about pros and cons sudo, first clarify for what task. Better add sudo, even without asking for a password, than have people running X sessions as root. I never implied that sudo is a bad thing. It is Ubuntu-style sudo (ability to run arbitrary command as a root) is a bad thing IMO. Without PAM we likely would run X audio sessions as superuser ;). http://jackaudio.org/linux_rt_config Please tell that to that Lennart Poeterring guy who invented his own RealTimeGizmo for his beloved PulseAudio ;) Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026013423.1aef56a50728fa4e4c261...@gmail.com
Re: sudo and UNIXes (was: audacity export wma format[1 more question])
On Fri, 25 Oct 2013 23:17:06 +0200 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: On Sat, 2013-10-26 at 01:07 +0400, Reco wrote: Passwords stored in a plain text files in a recyclebin (or on a sheet of paper under the keyboard). Female sysadmins wearing slips of paper on the forehead with passphrases: http://www.kingmatz.com/Bilder%202007/2009/mk/RIMG0206.JPG Not secure enough. Everyone knows that good passwords are made of asterisks only. They use big dots instead :) Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026014556.75f34f5eeddf48d795157...@gmail.com
Re: out to get out of an apt-get problem...[solved]
Hi. On Sat, 26 Oct 2013 11:02:38 +0200 François Patte francois.pa...@mi.parisdescartes.fr wrote: Le 24/10/2013 23:42, Scott Ferguson a écrit : Unpacking libmpeg2encpp-2.1-0:amd64 (from .../libmpeg2encpp-2.1-0_2%3a2.1.0-dmo2_amd64.deb) ... dpkg: error processing /var/cache/apt/archives/libmpeg2encpp-2.1-0_2%3a2.1.0-dmo2_amd64.deb (--unpack): trying to overwrite '/usr/lib/x86_64-linux-gnu/libmpeg2encpp-2.1.so.0.0.0', which is also in package libmpeg2encpp-2.0-0 1:2.1.0+debian-1 ^^ I savagely killed these packages, and everything went fine... I don't know why apt-get is unable to do the job by itself (ie. upgrade a package) though. Judging from the packages' names, libmpeg2encpp-2.1-0 and libmpeg2encpp-2.0-0 - those are different packages to apt. And apparently person who built them didn't include 'Replaces' and 'Conflicts' stanzas to the packages' metadata. So, apt tried to do what it's told to do - i.e. install second package, keep first. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026132658.05cdf62504e960984757a...@gmail.com
Re: another dependency question
Hi. On Sat, 26 Oct 2013 11:41:57 +0200 berenger.mo...@neutralite.org wrote: No free alternative can allow me to use things the way I want: firefox lacks lot of features opera have, gnash is just useless in practice for streaming, nouveau does not give me full 3D acceleration, and there are simply no free wifi drivers. Why do you consider, say, ath9k drivers non-free? What are those wonderful features that opera has, and firefox doesn't (inability to render pages correctly, which is the case of opera doesn't count)? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026140126.f6e568a7073780adf64a5...@gmail.com
Re: another dependency question
On Sat, 26 Oct 2013 12:18:44 +0200 berenger.mo...@neutralite.org wrote: At the time I switched, there was a far better support for SVG in opera. 3 years ago. It was the only browser able to render html into svg, which is standard. Hmm. Probably you have a valid point here. While usecase of transforming html to svg is unclear to me, I can not find a way to do it in Firefox. Svg embedded in html worked OK in firefox back in 2006 and is still here. I do not know about what inability to render correctly you are speaking: I have seen that statement several times, but never noticed the problem myself. SunFire X-series ILOM web-interface, for example. Unusable in opera. IBM's HMC web-interface. Unusable in opera. Anything based on Oracle's ADF will get you one big 'you're not welcome here, boo' if you use opera. Sadly, some of us need to use browsers to do work, not to surf Internets. And I do not think it is because webdev try opera, those who does are probably minority, since opera is not a mainstream browser, at least for desktop. Ok, but. This implies that opera's implementation of HTML standard is flawed somehow, as webpages require additional testing. Also, you can disable JS/plugins/cookies and other stuff on a per-site basis, unlike Firefox. I mean, without plug-ins, of course. This is very useful nowadays, with all those sites using JS for everything and nothing. True for JS, false for cookies. Right-clicking on the page in firefox and choosing 'View Page Info' will lead one to a fancy per-site control for cookies and other stuff. Works out of the box. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026144355.b10fcfe712fc481726b3b...@gmail.com
Re: another dependency question[solved]
Hi. On Sat, 26 Oct 2013 11:25:43 +0200 berenger.mo...@neutralite.org wrote: I wonder if you can edit the executable to change the path, with tools like ldconfig. Never used them, but maybe someone here will know. Have you tried to do it like this? export LD_LIBRARY_PATH=/usr/lib/mesa-diverted/i386-linux-gnu/: $LD_LIBRARY_PATH # Should be one line acroread What does show: ldd $(which acroread) Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026150823.1ec15658105d1527d4a39...@gmail.com
Re: firmware installation
Hi. On Sat, 26 Oct 2013 14:11:40 +0700 Diogene Laerce me_buss...@yahoo.fr wrote: Hi, I'd like to know if it is possible to install some firmware in the 3.2 kernel but from the 2.6 session ? I need to install some firmwares to make the 3.2 kernel works on my machine but I can only access the computer when the 2.6.35 is loaded : when the 3.2 is loaded my mouse and keyboard are freezed, and network is out. I'd do it this way: Download the needed package(s). Disable Display Manager from starting on boot. Reboot into 3.2 kernel. Install the needed stuff from console. Enable Display Manager to start on boot. Reboot to make sure firmware is loaded. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026151842.490de8b479a04126680f3...@gmail.com
Re: another dependency question
On Sat, 26 Oct 2013 14:16:47 +0300 Georgi Naplatanov go...@oles.biz wrote: On 10/26/2013 01:01 PM, Reco wrote: Hi. On Sat, 26 Oct 2013 11:41:57 +0200 berenger.mo...@neutralite.org wrote: No free alternative can allow me to use things the way I want: firefox lacks lot of features opera have, gnash is just useless in practice for streaming, nouveau does not give me full 3D acceleration, and there are simply no free wifi drivers. Why do you consider, say, ath9k drivers non-free? What are those wonderful features that opera has, and firefox doesn't (inability to render pages correctly, which is the case of opera doesn't count)? WebP and some other features http://beta.html5test.com/compare/browser/firefox-24/opera-17.html By the way FireFox supports H.264, AAC and MP3 on Windows, but it doesn't on Linux. Assuming to disable gstreamer support in Firefox - yes. If you enable it (24 seems to be fresh enough to allow it) - no. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026152122.a569147d496968c108a71...@gmail.com
Re: another dependency question[solved]
On Sat, 26 Oct 2013 13:19:43 +0200 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: On Sat, 2013-10-26 at 15:08 +0400, Reco wrote: export LD_LIBRARY_PATH=/usr/lib/mesa-diverted/i386-linux-gnu/: $LD_LIBRARY_PATH # Should be one line The mailing list policy allows to make code one line, even if it should be to much chars :). export LD_LIBRARY_PATH=/usr/lib/mesa-diverted/i386-linux-gnu/:$LD_LIBRARY_PATH Alternatively export LD_LIBRARY_PATH=\ /usr/lib/mesa-diverted/i386-linux-gnu/\ :$LD_LIBRARY_PATH :) I use 132x36 terminals usually. This 'use 72 chars linewrap in your mails please' stuff on this list is simply killing me at times like this. Thanks for the idea btw. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026152405.ae3fcb47c8bd3325c2047...@gmail.com
Re: another dependency question[solved]
On Sat, 26 Oct 2013 13:31:27 +0200 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: Wrap your lines at 80 characters or less for ordinary discussion. Lines longer than 80 characters are acceptable for computer-generated output (e.g., ls -l). - http://www.debian.org/MailingLists/ I suspect most MUAs wrap at 72 chars, but the policy allows 80 chars. If I write something to the list, I expect other people will read it. And if most MUAs linewrap on 72 chars - that's what I will do. I mean, what's the point writing to the list if nobody read your replies? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026162226.f5a021a9a9d727994aebe...@gmail.com
Re: another dependency question
SunFire X-series ILOM web-interface, for example. Unusable in opera. IBM's HMC web-interface. Unusable in opera. Anything based on Oracle's ADF will get you one big 'you're not welcome here, boo' if you use opera. Sadly, some of us need to use browsers to do work, not to surf Internets. Indeed. I do not have access to those pages, but by curiosity, how do they pass the w3c validator? I know that not so many stuff pass it without errors/warnings, but I am curious. Could it be a site's bug? ( no trolling here, real question ) You don't need w3c validator if you have browser compatibility list. This is the way this industry work - you don't have browser they like - you don't use their product. Ok, but. This implies that opera's implementation of HTML standard is flawed somehow, as webpages require additional testing. According to what I have read, they usually test their work for IE, firefox and chrome. For old IE, it is well known fact that standard is not respected. But FF and chrome do claim respecting it well, so why testing in both? If you did browser, did you claim that it doesn't support standards? They need to claim it, or they'll loose users. Heck, even MSFT claim that their browser parody complies with standards. In reality - today HTML5 is a 'moving standard' (meaning, W3C Consortium shove new features in it every day, and they won't stop doin' that). Claiming compliance to HTML standard is simply marketing. I think ( only supposition here, web dev is not my field at all ) it's because HTML standard is a little like C++ standard: it does not say how things have to be implemented, only a general description, if you see what I mean. So it is needed to test on more than one implementation, because behaviors and performances are not same everywhere. http://harmful.cat-v.org/software/c++/ says: 'If C++ has taught me one thing, it’s this: Just because the system is consistent doesn’t mean it’s not the work of Satan. — Andrew Plotkin' Applies to HTML too IMO. I think plugins too can be, am I wrong? You can definitely do it without Firefox restart with a couple of mouseclicks. The point was that I feel like I have more control on how behaves my browser with opera than with firefox. But, to be honest, that JS option is not very nice to use in opera, since you have to: right clic on site, edit website's preferences, select script tab, check or uncheck the first checkbox enable JS, validate, and finally reload. NoScript, just use it. Author has questionable morality, but luckily it doesn't creep into his product. Free (as in libre) software too. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026163719.4645fc3189a0bc185df6c...@gmail.com
Re: another dependency question
Hi. On Sat, 26 Oct 2013 19:15:28 +0530 Kailash listskail...@gmail.com wrote: To convert a PowerPoint presentation with embedded multimedia to PDF would be one example. Thank you for the idea. Such presentation is an invaluable tool for dissolving audience attention completely. There's just thing I can not get yet - for what purpose one can use such converted PDF. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131026181611.a511e02119dfc3e987245...@gmail.com
Re: another dependency question
On Sun, 27 Oct 2013 02:58:39 +0100 berenger.mo...@neutralite.org wrote: Le 26.10.2013 13:37, Reco a écrit : You don't need w3c validator if you have browser compatibility list. This is the way this industry work - you don't have browser they like - you don't use their product. Fine for me. It's exactly what I'm doing. But, saying that opera does not respect standards, without checking if the targets you try to use with it are themselves respecting standards seems a bit partial, to me. No, just incomplete. Other browsers aren't that better in that regard - something is always broken for them too. If I consider your statement, then, IE is a standard, since it is used by a lot of internal applications. It sure is a standard for people developing those applications, but, not a real standard imo. Of course IE is not a real standard. And at least Oracle's ADF looks and behaves wrong in IE too (I have to believe users on that part, as I refuse to use this thing). And even if something works in IE then speed is suboptimal, and security looks like a Swiss cheese. Ok, but. This implies that opera's implementation of HTML standard is flawed somehow, as webpages require additional testing. According to what I have read, they usually test their work for IE, firefox and chrome. For old IE, it is well known fact that standard is not respected. But FF and chrome do claim respecting it well, so why testing in both? If you did browser, did you claim that it doesn't support standards? They need to claim it, or they'll loose users. Heck, even MSFT claim that their browser parody complies with standards. Indeed. That's why I can not even trust mozilla, even if they are maintaining (I won't say making) an open source browser. There are bad things about Mozilla imo: Agile development of their Firefox (meaning - something is always broken), designers making the decisions instead of developers (meaning - huge feature creep), strong desire to do anything in javascript. Still, their product works most of the time, and then it doesn't (or end result is way too ugly) - there's always a Greasemonkey (they call it userscripts in opera, I beleive). Firefox is mostly free software, which counts for me. In reality - today HTML5 is a 'moving standard' (meaning, W3C Consortium shove new features in it every day, and they won't stop doin' that). Wrong. It is a non finished standard. Which means it is not a standard currently. http://www.w3.org/TR/html5-diff/ Please read chapter '1.5 Development Model'. Those people consider that even HTML4 is not implemented anywhere. Hence, Claiming compliance to HTML standard is simply marketing. That's why I do not mind about people using HTML compliance to advertise a browser against others. I simply look at my personal uses of Internet. Opera was better, on a point that Firefox was worse. So I switched. Then, other details here and there avoided me to go back to firefox, and things becomes worse by the time. You have a point here. It sounds like a more imaged way to say the same thing as me. Excepted the fact that I do no claim to know if Satan is really so bad. I simply prefer to make my own opinion myself, instead of trusting religious mafias. I refuse to open that can of worms :) Let's keep this list PG-13 clean. Author has questionable morality, but luckily it doesn't creep into his product. Free (as in libre) software too. Reco Morality is always questionable. Problems comes when people stop to question morality. In every domains. Questioning is the key for progressing. One could argue that people who makes or use advertisements have questionable morality, too. ( note that I am simply using the same vague phrase in the other direction. I do not specially argue for a point of view here. ) I was talking about this story: https://adblockplus.org/blog/attention-noscript-users -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131027110400.281153c6ea3b0cfdcb3e7...@gmail.com
Re: sudo and UNIXes (was: audacity export wma format[1 more question])
Hi. On Sat, 26 Oct 2013 21:50:23 + Tom H tomh0...@gmail.com wrote: On Fri, Oct 25, 2013 at 9:16 PM, Reco recovery...@gmail.com wrote: Yes, but pfexec is not sudo. And privilege-aware Solaris shells are definitely not sudo too. It might not be sudo but it's the same principle of privilege escalation. sudo's simpler to set up so I've yet to work at any Solaris shop where it hasn't been installed (it's not necessarily used though; I moonlight at two companies where telnetting as root is the norm...). I agree that sudo is simpler to setup. I disagree that sudo is installed everywhere where Solaris is. Because - it's third-party software. And people don't like to install third-party software ('vendor didn't included it - we don't use it'). As for telnet as a root - the very setup of Solaris (before 10u4 iirc), pushed one to do exactly this (ssh required manual generation of host keys, telnet was already there and worked, root is the only working user after install). Considering that primary usage of sudo is to provide controlled privilege escalation to uid=0, using unsupported (therefore - not updated unless local sysadmins care about security) sudo on these OSes is basically equivalent to giving everyone uid=0. Somewhat exaggerated :) No offense meant, but probably you're living in a some kind of IT paradise ;) 'Nobody does no evil, nobody does any mistakes' kind of paradise. Not updating/patching sudo isn't equivalent to giving everyone root access! It's a BIG leap! True, you need to add to the picture that curious user who just read on Bugtraq or Full Disclosure about fresh vulnerability in sudo. Or that disgruntled user who needs /etc/system changed right here and now. Or that developer who needs to do this 'small change, nobody will notice' on a production server. And if you don't have such people there - good for you, as here we can always find such person here. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131027113150.5d165f99e540507a98921...@gmail.com
Re: sysctl.conf
Hi. On Sun, 27 Oct 2013 11:25:15 +0400 Dmitrii Kashin free...@freehck.ru wrote: Sysctl is used in order to give kernel some default parameters to work. The most common cases to use it: - to allow packets redirection - to enable/disable ipv6 support - to change console behavior and printk output. ..and so on, so on... Do you really need some of this? Don't forget restricting mmap from userspace to kernelspace (such mmap lead to NULL-pointer dereferences in kernel in past) with vm.mmap_min_addr. Or, restricted privileges of perf kernel subsystem (local privilege escalation to root) with kernel.perf_event_paranoid. Or, bringing some sanity in virtual memory kernel subsystem with vm.swappiness and vm.dirty_bytes. User may need some of this. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131027114024.f47ab436c3e54f16314e8...@gmail.com
Re: sudo and UNIXes
On Sun, Oct 27, 2013 at 09:28:51PM -0600, Joe Pfeiffer wrote: Reco recovery...@gmail.com writes: True, you need to add to the picture that curious user who just read on Bugtraq or Full Disclosure about fresh vulnerability in sudo. Or that disgruntled user who needs /etc/system changed right here and now. Or that developer who needs to do this 'small change, nobody will notice' on a production server. And if you don't have such people there - good for you, as here we can always find such person here. You also have to add to the picture such a vulnerability, and I haven't noticed any. If we're speaking of public vulnerabilities: CVE-2010-0427. CVE-2013-1775 (allows bypass sudoders modification to retain root privileges). I have no knowledge about private 0days. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131028134702.GA23316@x101h
Re: sudo and UNIXes (was: audacity export wma format[1 more question])
On Mon, Oct 28, 2013 at 09:37:02AM -0400, Tom H wrote: On Sun, Oct 27, 2013 at 3:31 AM, Reco recovery...@gmail.com wrote: On Sat, 26 Oct 2013 21:50:23 + Tom H tomh0...@gmail.com wrote: On Fri, Oct 25, 2013 at 9:16 PM, Reco recovery...@gmail.com wrote: Yes, but pfexec is not sudo. And privilege-aware Solaris shells are definitely not sudo too. It might not be sudo but it's the same principle of privilege escalation. sudo's simpler to set up so I've yet to work at any Solaris shop where it hasn't been installed (it's not necessarily used though; I moonlight at two companies where telnetting as root is the norm...). I agree that sudo is simpler to setup. I disagree that sudo is installed everywhere where Solaris is. Because - it's third-party software. And people don't like to install third-party software ('vendor didn't included it - we don't use it'). Your experience may be different but you can't disagree with what's been my experience over many years in many different companies! Of course I agree with you. You've seen what you have seen, I have no doubts about that. Of course there are people who use sudo on Solaris, but - there are people who are not, and who are won't do it. Third-party status is one of the reasons for it. Reco. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131028135129.GB23316@x101h
Re: sudo and UNIXes (was: audacity export wma format[1 more question])
On Sun, Oct 27, 2013 at 08:15:43PM -0600, Bob Proulx wrote: Reco wrote: Oh. You mean that HP suddenly transformed to good fairies and stopped charging extra for aCC? Or IBM received an encrypted signal from their supervisors from Mars and did the same to vacc? And don't even mention Sun, those guys managed to build their base system with two different C compilers at once (gcc and that thing they put in Sun Studio instead of C compiler). Wait. You mean the first thing you compile on a new system isn't gcc? Sometimes it would be 'make' first. Then gcc, binutils, and the rest of the support chain. The make again using gcc. Then a hundred others! Yep. On Solaris I use vendor packages with gcc, gmake and GNU toolchain. On AIX I use Linux Compatibility toolkit, and it provides me GNU toolchain too. Luckily I don't have to compile anything for HP-UX. Heard someone built gcc for it, didn't needed it so far. Once I've bootstrapped GNU toolchain on Solaris (it was x86 so it was relatively fast), and I have no desire to repeat this process on, say, T2000. As for 'solid base'... C'mon, treating openssh as a third-party tool? No meaningful firewall in default install? Telnet and FTP (root is allowed by default) enabled by default and are listening 0.0.0.0? Mandatory access control as a paid feature? Clearly our definitions of 'solid base' are different. By solid base I mean the Unix kernel. Have you ever needed to rescue a system suffering under a fork-bomb? Well, there was that incident with Solaris projects and limiting LWPs with them, and I thought it was a good idea to test it with Perl fork bomb. That particular project was configured wrong way :( Bugger ate all memory just as fine as it'd did on Linux. Forking any process wasn't possible as a result. So, server was bounced. Under the Linux kernel with defaults you will need to power cycle it. Even if you were already logged into it at best you would rather quickly get Connection closed by foreign host. But I have been able to log into HP-UX systems while under such stress and was able to kill the offending processes. That is what I meant by a solid base. It has a solid kernel. That is the base of the operating system. I didn't test fork bombs on HP-UX (that's something I'll probably do in the future). If they use optimistic memory allocation, it'll be an interesting experience. The other things you mention I place in another layer above it. Most are policy decisions about telnet, ftp, and others wide open you can affect and change when it is your system to maintain. There isn't any reason not to turn off telnet and ftp entirely for example. That's a legitimate point of view. But I prefer the systems in which I don't have to turn off anything unneeded (ideally, I don't have to install anything I don't need). But I agree about the security aspect. When I have needed to put one of those legacy systems on the net I usually protected it by putting it behind a separate firewall box. Because of some of the problems you mention. Using a separate proxy box for just the task needed made the security easier. But that doesn't make the machine less reliable for running large loads with an uptime of years. There's nothing you wrote here I'd disagree with. And one must be careful of throwing stones. For example Debian does not provide a firewall by default. And it is debatable if it needs one. Many people don't configure one. Many people do. It all depends upon many things about the use case. I don't put one on internal machines. But I do put one on front facing machines. That's Debian fault indeed. But at least they don't include any network services worth speaking of (should we count NFS portmapper, or not?) in an installation produced by netboot. You left the large unless local sysadmins care about security escape clause there. But what about if the local admin *does* care about security? In that case you can have a system with _better_ security than that provided by the vendor. If local sysadmin cares about security then that site is truly blessed. No irony. See, I earn my salary for solving problems with certain proprietary cross-platform software. As a part of job, I visit may different places, and what do I see there? No need to try to convince me. I have seen many horrors. But I don't think this problem is specific to the legacy Unix vendors. Of course not, that's something I've admitted in the same mail. UNIXes just make managing useful third-party software harder, that's all. Not that UNIXes are that bad. It happens for any OS, GNU/Linux included. And that is exactly my point. The biggest place I see problems today are companies that have full paid support for RHEL. But they are running very old and outdated software. I ask them why they are running RHEL and the answer is invariably because that was a commercially supported
Re: sudo and UNIXes
On Mon, Oct 28, 2013 at 03:56:32PM +0200, Lars Noodén wrote: On 10/28/2013 03:47 PM, Reco wrote: On Sun, Oct 27, 2013 at 09:28:51PM -0600, Joe Pfeiffer wrote: [snip] You also have to add to the picture such a vulnerability, and I haven't noticed any. If we're speaking of public vulnerabilities: CVE-2010-0427. CVE-2013-1775 (allows bypass sudoders modification to retain root privileges). CVE-2010-0427 may be the better example of the two, though it relies on a special configuration. CVE-2013-1775 is a rather contrived case and needs physical access. The general perception is that the game is over anyway when there is physical access. Still, they are (hopefully fully fixed) vulnerabilities, and they allow escalation to root, aren't they? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131028143416.GD23316@x101h
Re: sudo and UNIXes (was: audacity export wma format[1 more question])
On Mon, Oct 28, 2013 at 11:45:03AM -0600, Bob Proulx wrote: Reco wrote: Bob Proulx wrote: And one must be careful of throwing stones. For example Debian does not provide a firewall by default. And it is debatable if it needs one. Many people don't configure one. Many people do. It all depends upon many things about the use case. I don't put one on internal machines. But I do put one on front facing machines. That's Debian fault indeed. But at least they don't include any network services worth speaking of (should we count NFS portmapper, or not?) in an installation produced by netboot. Is 'rpcbind' installed by default? I will need to look. I wonder why it would be there? Part of a NFS client, I guess. Package is not marked as an essential one, though. Running a diskless client over NFS would be a curious trick without NFS support enabled. That is an exaggeration. For one it would need to be a local exploit for sudo to come in play. Ok, let's say … CVE-2010-0427. Somewhat old, but possible. CVE-2010-0427 is a local only exploit. (Failure to reset group permissions properly.) So it would need to be a locally known user in order to exploit it. Not the same as having written the password on a T-shirt and wearing it around. I fail to see how one could be given an SSH access to the host, be able to use sudo (and do so successfully), and still not be a local user. I must miss something here, can you please enlighten me? SSH or telnet which is given such user for any legitimate purpose will do just fine. Yes. But as described on these old Unix systems they are almost certainly part of the company, part of the family. There are different levels of security needed to get jobs done. Not every system needs to have ultimate security applied to it. And again it isn't the same as putting it on a T-shirt and wearing it around. Servers are usually differentiated by their lifecycle status indeed. Purpose of testing and development servers that don't even try to mimic production environment always eluded me. The password on a t-shirt would require simply require someone who could walk by the admin and see it to gain remote access. Hmm. Usually they keep developers, end users and sysadmins separated here. So it's basically the same access complexity. Goodness forbid that developers would ever talk with users or sysadmins! :-( Not funny. That's exactly what goes on here usually. About the only people who can (and will) speak to everybody are helpdesk and HRs. Old 'divide and rule' principle applied at a shop level. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131028180553.GA29376@x101h
Re: sudo and UNIXes
On Mon, Oct 28, 2013 at 10:19:43AM -0600, Joe Pfeiffer wrote: Reco recovery...@gmail.com writes: You also have to add to the picture such a vulnerability, and I haven't noticed any. If we're speaking of public vulnerabilities: CVE-2010-0427. Does not permit users outside of those in the sudoers file (or with the root password) to escalate privileges. Lessens attack surface, but doesn't void the existence of vulnerability. CVE-2013-1775 (allows bypass sudoders modification to retain root privileges). Again -- isn't basically equivalent to giving everyone uid=0. Permits someone who *has* sudo access to avoid retyping a password. Not only that. Permits someone who already has sudo access to continue having such access indefinitely, ignoring being excluded from sudoers altogether. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131028181130.GB29376@x101h
Re: sudo and UNIXes (was: audacity export wma format[1 more question])
On Mon, Oct 28, 2013 at 01:14:33PM -0600, Bob Proulx wrote: Reco wrote: Bob Proulx wrote: Is 'rpcbind' installed by default? I will need to look. I wonder why it would be there? Part of a NFS client, I guess. Package is not marked as an essential one, though. Running a diskless client over NFS would be a curious trick without NFS support enabled. NFS client is not enabled by default. So that wouldn't be it. I just tried a minimum installation of Debian Wheezy in a VM and rpcbind was not installed. Are you sure it is installed by default? No, I'm unsure. May be it was minimum install + recommended server install (whatever it is called now actually). Did minimum install had any network services activated? CVE-2010-0427 is a local only exploit. (Failure to reset group permissions properly.) So it would need to be a locally known user in order to exploit it. Not the same as having written the password on a T-shirt and wearing it around. I fail to see how one could be given an SSH access to the host, be able to use sudo (and do so successfully), and still not be a local user. I must miss something here, can you please enlighten me? You said using outdated sudo is an equivalent to wearing T-shirt with a root password written on it as an end result will be the same. I was refuting that statement. It isn't even close to being the same. Using sudo would require a local user exploit. You seem to agree that it would require a local user to exploit it. Having the root password publicly known does not require a local user. They are not the same class of issue at all. Not even close. Point taken. And what about the end result ('user will get root privs')? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131028201600.GA8940@x101h
Re: sudo and UNIXes (was: audacity export wma format[1 more question])
On Mon, Oct 28, 2013 at 03:38:12PM -0600, Bob Proulx wrote: Reco wrote: And what about the end result ('user will get root privs')? They are different users. A remote user could be anyone. A local user is someone who is already known and has an account on the system and who has an established relationship and trust. Now I got it, thanks. Such meaning of 'local' and 'remote' applied to users didn't came to my mind. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131029060442.GA13545@x101h
Re: ANDROID
Hi. On Tue, Oct 29, 2013 at 10:25:06PM -0400, Doug wrote: I think these FSF guys are nuts! May be. But they are right kind of nuts in today's crazy world. They are definitely /not/ for freedom--they would, if they could, prohibit people and Linux distros from including software that people want, and in many, if not most, cases, need. Was not the case so far. Creating their own free software distros based on what they consider non-free distors - yes. Disallowing others to violate GNU-approved licenses - yes. Forbidding someone to use certain software - no. Of all the distros they mention, it seems that Mint has got it mostly /right/! No meaningful security updates, no independent codebase, no possibility to upgrade between releases, questionable design decisions - these are actually qualities of Mint distribution. Thanks, I'll take Debian over it every time I have to choose. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131030055900.GA21670@x101h
Re: ANDROID
On Wed, Oct 30, 2013 at 07:17:41PM +0100, berenger.mo...@neutralite.org wrote: Le 30.10.2013 18:44, Curt a écrit : Good. You did not forgot the GNU before make. It simply means that there are a lot of make tools. And you know what? Wikipedia POSIX includes standardization of the basic features and operation of the Make utility Yes! It is part of POSIX standard! It happens that GNU implemented one. That's all. You're welcome to try to replace GNU Make with inferior BSD Make and use it to build Linux kernel. See, GNU Make not only implements POSIX, it extends it. And surely, Linux kernel project is using such extensions. * GNU Compiler Collection (GCC): Suite of compilers for several programming languages; Linux is written in C. C has a lot of compilers, and GCC currently is not really the best compiler suite I know. It is a gigantic memory eater. Use clang instead, and you will understand what I mean. You can argue that clang is a new compiler, and it's true. But C is far older than GNU, too. Yet, Linux kernel is not written in pure KR C. Linux kernel is written with GCC in mind, and actively uses GCC's extensions to C89 (or C99, memory fails me) standard. LLVM (surprise!) doesn't implements all GCC-isms fully and correctly (if such word can be applied to a custom extension of a standard). Using clang to build Linux kernel will lead you to non-building kernel modules (best case), or FTBS the kernel itself (usual case). Same goes for ICC. * GNU Binutils: Suite of tools including linker, assembler and other tools; Well, as for GCC, that suite is quite a standard, when you use C. There are plenty of them. Without them, you can not use things you made in C. Yet, using anything other than GNU Binutils may produce segfaulting binaries and panicking kernels. Again, you're welcome to replace GNU Binutils with anything else and try to build working Linux kernel. * GNU build system (autotools): o Autoconf o Autoheader o Automake o Libtool Do not make me laugh. Those tools are just dirty. Every time I have to compile something with autotools, it gave me problems and problems and yet another problems! They are slow, produces unreadable logs, are hard to maintain... (I mean, it is hard to maintain the scripts they need to work) That's only shows that you do not want or able to use these tools properly. Because, you see, Linux kernel uses them just fine. Amongst others, apparently (list taken from wikipedia). Is it possible (feasible) to bypass these vital tools with another set of tools, that you'll be writing shortly after responding to this post? Linux kernel is written in C. C owns nothing to GNU. Nothing. It may happen that Linux's developers used some GNU implementations for a C compiler, an assembler, a debugger, etc... but it could have be made with other tools too. Given that: a) Linux kernel has to function on multiple processor architectures. b) Maintaining and developing is easier if you test for one compiler only. c) Nothing beats GCC in being cross-platform. d) Linus motto was (and is) 'use that works'. no, it can not been done with tools other than GNU provides. GNU means Gnu is Not Unix, and it is because it was meant to be a complete OS ( I have never seen a working hurd ) different than Unix, but keeping the same behavior. In other word: the goal have never be to invent something, only to copy what exists somewhere else, but with the interest of being open-source, and that stuff depending on (linked with) their tools would stay open-source. Nope. The goal was to enhance low quality userland ATT and Berkley gave the user. That goal was reached successfully. Copying functionality is a byproduct of that goal. Next goal was to make GNU OS. That goal wasn't reached yet. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131030185317.GA29408@x101h
Re: ANDROID
On Wed, Oct 30, 2013 at 07:40:27AM -0400, Celejar wrote: On Wed, 30 Oct 2013 17:17:32 +1100 Charlie aries...@skymesh.com.au wrote: On Wed, 30 Oct 2013 09:59:10 +0400 Reco recovery...@gmail.com sent this: On Tue, Oct 29, 2013 at 10:25:06PM -0400, Doug wrote: I think these FSF guys are nuts! May be. But they are right kind of nuts in today's crazy world. ... I agree with Reco. FSF: The right kind of nuts. What kind of software do people want? The kind that puts them on the drip feed even after they pay the first time? They can have that if they want. Linux people use Linux because they don't want that. They are not forbidden to use it, much of it is not in Linux, but the choice to use it is there in other operating systems. I've never tried mint because Debian does what I want/need/desire. The grass is green enough here, I have no need to journey to the fence. The point here is that the FSF, who you consider the right kind of nuts, *discourages* you from using Debian. GNU are free to express their option about 'freeness' of Debian. GNU are free to make their distribution based on Debian suited to their taste. Note, that GNU approach to the software worked for 30 years, and did so successfully. Debian project is free to express their option about GNU. Debian project may take GNU position into a consideration (removal of firmware blobs from Linux kernel is a fine example of that), or ignore it (invariants in GNU documentation are non-compliant with DFSG). Note, that Debian approach to the software worked for 20 years, and did so successfully. Debian uses GNU software, GNU uses Debian as a base for one of their Linux distribution and a primary development platform for GNU/Hurd. Both are more or less happy with this situation. You, for some strange reason - is not. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131030191931.GA1512@x101h
Re: ANDROID
On Wed, Oct 30, 2013 at 07:21:26PM -0400, Celejar wrote: GNU are free to express their option about 'freeness' of Debian. GNU are free to make their distribution based on Debian suited to their Okay, and I am free to express my opinion about FSF's stance on freeness and Debian. taste. Note, that GNU approach to the software worked for 30 years, and did so successfully. I freely concede that I owe the GNU / FSF a great debt. Sure, you do. Debian project is free to express their option about GNU. Debian project may take GNU position into a consideration (removal of firmware blobs from Linux kernel is a fine example of that), or ignore it (invariants in GNU documentation are non-compliant with DFSG). Note, that Debian approach to the software worked for 20 years, and did so successfully. Debian uses GNU software, GNU uses Debian as a base for one of their Linux distribution and a primary development platform for GNU/Hurd. Both are more or less happy with this situation. You, for some strange reason - is not. FSF is clearly not happy about Debian's policies, and I am not happy about their unhappiness. Not sure why you, for some strange reason, are unhappy with my unhappiness. No, I'm merely curios about your unhappiness. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131031080540.GA14235@x101h
Re: Init system deba{te|cle}
Hi. On Fri, 01 Nov 2013 15:35:40 +0100 berenger.mo...@neutralite.org wrote: Le 01.11.2013 10:23, Reco a écrit : On Thu, Oct 31, 2013 at 09:58:26PM +0100, berenger.mo...@neutralite.org wrote: That's not gnome which changes the boot process. It's systemd. It simply happens that gnome depends on systemd in Debian build. Since AFAIK gnome is still available on platforms not based on linux kernel, unlike systemd, I really think that it's gnome maintainer's choice to have this hard dependency. One of GNOME developers says that: http://blogs.gnome.org/ovitters/2013/09/25/gnome-and-logindsystemd-thoughts/ Apparently GDM 3.8 assumes that an init system will also clean up any processes it started. This is what systemd does, but OpenRC didn’t support that. Which means that GDM under OpenRC would leave lingering processes around, making it impossible to restart/shutdown GDM properly. Debian GNOME packagers are planning the same AFAIK; they rather just rely on systemd … So, Debian maintainers had a choice: make systemd an dependency to GDM. Or, ship GDM that behaves funny. So the problem is that only systemd which is able to manage daemon's lives? I mean, if another tools was able (maybe upstart or any other, I have no idea if one does the same thing) to control daemons' lives, it could be used instead of systemd without any problem? For this specific daemon - yes, it's can be managed correctly by systemd only. At least, the man says so. The reason is (the way I see it) - GDM is now designed with systemd in mind, it does nothing to cleanup after itself. You use anything other than systemd to start GDM, try to stop GDM - it leaves gdm* processes. No other daemon known to me behaves like that. PS: was it intended to send that reply only to me and not to the list? OOPS. No, it was intended for the list. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131101200725.fb57b47135652659a072a...@gmail.com
Re: Init system deba{te|cle}
Hi. On Sat, 2 Nov 2013 12:09:51 + Tom H tomh0...@gmail.com wrote: As I said up-thread, it's a question of decoupling logind from systemd. The Gentoo GNOME developers decided that it was simpler for them not to do so. Given its attachment to upstart, Ubuntu must be planning to keep on doing so; but Lennart and co might make it increasingly difficult (not necessarily - and most likely not - through malice!) so it may not be the best long-term strategy. According to this man pulling out logind from systemd is not valid strategy. Writing independent logind is not a valid strategy too: http://gentooexperimental.org/~patrick/weblog/archives/2013-10.html#e2013-10-29T13_39_32.txt Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131102181657.fbb0428ef863d39604fd9...@gmail.com
Re: sudo and UNIXes
Hi. On Sat, 2 Nov 2013 11:46:48 -0500 Cybe R. Wizard cybe_r_wiz...@earthlink.net wrote: How about this bug: http://www.sudo.ws/sudo/alerts/sudo_debug.html Impact: Successful exploitation of the bug will allow a user to run arbitrary commands as root. Exploitation of the bug does not require that the attacker be listed in the sudoers file. As such, we strongly suggest that affected sites upgrade from affected sudo versions as soon as possible. How valid is that considering that Wheezy is using sudo version 1.8.5p2-1+nmu1 ? Perfectly valid, considering that this part of thread is about using sudo in the UNIX environment, not Linux one. May I assume that there are still a lot of non-upgraded machines out there? Depends. For example, AIX 5, 6 and 7 all have sudo-1.6.7p5-3 (the only version built officially by IBM). Unless you build sudo from the source - no upgrades for you. Solaris 11.1 has sudo-1.8.6.7 out of the box. Maybe best advice would be to upgrade their whole Debian. That's neat idea (I sure view transition from HP-UX to Debian as an upgrade, same for AIX), but most of the time if people bought that hardware - they intend to use it with stock OS, not Linux. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131102220500.049af9c284e6295963b50...@gmail.com
Re: Init system deba{te|cle}
On Sat, 2 Nov 2013 21:23:01 + Tom H tomh0...@gmail.com wrote: On Sat, Nov 2, 2013 at 2:16 PM, Reco recovery...@gmail.com wrote: I don't trust this guy. He's generally very abrasive and very aggressive. He joined or started a debian-devel thread on init systems and tried to convince people that openrc was the solution to Debian's prayers. It was the sales pitch from hell! He's especially unreliable when it comes to systemd. Well, whoever he is, he raises some valid questions. Such as - what logind are supposed to do? Why bother keeping unrelated projects in systemd git? If the Ubuntu developers who've already split logind from systemd up to v204 throw up their hands and say it can't be done for v205+, then I'll believe it... Not that I'm in hurry too :) Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131103014538.0db7c798e736077f2adc2...@gmail.com
Re: Init system deba{te|cle}
On Sat, 2 Nov 2013 21:08:29 + Tom H tomh0...@gmail.com wrote: Misrepresenting what systemd is and the reasons for its existence doesn't make sense: http://0pointer.de/blog/projects/systemd.html OS X and Solaris switched to launchd and smf respectively in 2005 and, to borrow an expression from Asterix and Obelix, the sky didn't fall on their heads. Modern nix systems need a more sophisticated /sbin/init and associated executables and they need (and have needed for a long time) something more reliable and maintainable than a bunch of dash/bash scripts to bring the system up. I've never seen (nor intend to) launchd, but I'm familiar with smf. And while in Solaris the sky didn't fall on their heads indeed, smf uses ksh scripts for actual launch, check and re-start services like no tomorrow. And Solaris's svc.startd is actually started by /sbin/init. Whenever the result is more reliable ('forgetting' to start sshd on a failed local non-root filesystem mount is one of 'features' of new Solaris), or maintainable (yes, I always wanted to describe service dependencies in xml) is subjective, of course. And smf doesn't provide 'one true API' for service launch nor requires services to be written in a specific way. Linux is playing catch-up in this field and I'm glad that upstart and systemd are dragging it out of the dark ages, even if it's kicking and screaming irrationally. Linux is way ahead of AIX, FreeBSD and HP-UX in this regard even if using good ol' sysvinit. So, Lennart fixed what wasn't broken in the first place. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131103020606.0e3c3157645ebc412abe5...@gmail.com
Re: Why syslog is not rotating?
Hi. On Sun, 3 Nov 2013 09:04:36 +0200 (IST) Itay deb...@itayf.fastmail.fm wrote: On Sat, 2 Nov 2013, Sven Hartge wrote: Thank you for your reply. My system was continuously on except for very short random periods and 3 weeks on Aug 2013. In contrast, the listing below shows (I believe) that syslog stopped rotating at 2010. # ls -gh /var/log/syslog* -rw-r- 1 adm 219M Nov 2 21:50 syslog -rw-r- 1 adm 2.5K Jun 5 2010 syslog.1 -rw-r- 1 adm0 Nov 1 07:50 syslog.1.gz -rw-r- 1 adm 661 Jun 5 2010 syslog.2.gz However: I checked /etc/cron.daily and did not find entry for rsyslog. Maybe that's the cause? On a stock Debian system logrotate is used to rotate rsyslog logfiles. This is configured in /etc/logrotate.d/rsyslog. Logrotate is invoked at /etc/cron.daily/logrotate. Now, that listing shows that someone (possibly logrotate) DID create an empty syslog.1.gz file (on 1st Nov 2013), and that suggests that logrotate is misconfigured somehow. Can you please post a contents of /etc/logrotate.d/rsyslog? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131103132051.55ecd84a7125af3e59633...@gmail.com
Re: Multiple dpkg warning (non-empty directories) during upgrade to wheezy
On Sun, 3 Nov 2013 11:20:55 +0200 (IST) Itay deb...@itayf.fastmail.fm wrote: Hi, After upgrading squeeze -- wheezy I examined the session transcript and found multiple warnings like this: dpkg: warning: unable to delete old directory '/some/path': Directory not empty In few cases the said directory was deleted after all. But in most cases the directory is indeed still there. The residing files were not edited by me, or dropped by me. I feel uncomfortable having such debris in the file-system but am not sure if this is really something to be concerned about. To clean up I thought of doing for each 'leftover' (= file, directory) $ apt-file search 'leftover' # and assuming no package claims ownership of 'leftover' $ rm 'leftover' # or rmdir 'leftover' Does it make sense? Or did I miss something? Short of using 'apt-file search' instead of 'dpkg -S' this is correct. The difference is apt-file will find you some package even it's not installed currently. And just for curiousity: what could be the cause for the failure of dpkg to clean-up those directories? Good scenario: Package 1 created directory, put some files into it. Package 2 created some files in this directory too. You remove package 1, keep package 2. Bad scenario: Package was installed and its' post-install script created some files which do not belong to any package. You remove this package. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131103132937.c04878b2acfc0ed269c1a...@gmail.com
Re: Why syslog is not rotating?
On Sun, 3 Nov 2013 11:29:58 +0200 (IST) Itay deb...@itayf.fastmail.fm wrote: --[Begin: /etc/logrotate.d/rsyslog]-- /var/log/syslog { rotate 7 daily missingok notifempty delaycompress compress postrotate invoke-rc.d rsyslog rotate /dev/null endscript } /var/log/mail.info /var/log/mail.warn /var/log/mail.err /var/log/mail.log /var/log/daemon.log /var/log/kern.log /var/log/auth.log /var/log/user.log /var/log/lpr.log /var/log/cron.log /var/log/debug /var/log/messages { rotate 4 weekly missingok notifempty compress delaycompress sharedscripts postrotate invoke-rc.d rsyslog rotate /dev/null endscript } --[End: /etc/logrotate.d/rsyslog]-- I appreciate the help. Looks that's a stock one. Try it like this: 1) Invoke as a root: /usr/sbin/logrotate /etc/logrotate.conf 2) If it doesn't help, add 'size' stanza to the /etc/logrotate.d/rsyslog like this: /var/log/syslog { rotate 7 daily missingok notifempty delaycompress compress size 1024k postrotate invoke-rc.d rsyslog rotate /dev/null endscript } and invoke logrotate once more: /usr/sbin/logrotate /etc/logrotate.conf Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131103134842.12cee2c8fb0322a97c614...@gmail.com
Re: Why syslog is not rotating?
On Sun, 3 Nov 2013 14:25:38 +0200 (IST) Itay deb...@itayf.fastmail.fm wrote: On Sun, 3 Nov 2013, Reco wrote: Not yet, but we have some progress... Trial 1: # /usr/sbin/logrotate /etc/logrotate.conf error: error creating output file /var/log/syslog.1.gz: File exists Trial 2: # rm /var/log/syslog.1.gz # /usr/sbin/logrotate /etc/logrotate.conf gzip: stdin: Input/output error error: failed to compress log /var/log/syslog.1 Should I backup syslog, delete it, and watch how things evolve? Now that's interesting. Is there anything similar to this messages in /var/log/cron.log? Does, say, 'md5sum /var/log/syslog' runs to the completion? What about 'cat /var/log/syslog /dev/null'? Can you run fsck on the filesystem containing /var/log/syslog? What does smartctl --all shows on the partition with this filesystem? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131103173017.4122b438341e11584195e...@gmail.com
Re: Why syslog is not rotating?
On Sun, 3 Nov 2013 17:16:02 +0200 (IST) Itay deb...@itayf.fastmail.fm wrote: On Sun, 3 Nov 2013, Reco wrote: Now that's interesting. Is there anything similar to this messages in /var/log/cron.log? H... there is no /var/log/cron.log !! Sorry, my mistake. I have an old installation, /var/log/cron.log is a leftover of etch's setup in my case. Do you have any MTA (exim, sendmail or postfix) installed? Anytime cron job puts anything to the stderr cron should send mail to the local root (default settings). Is there anything suspicious in the root mailbox? And, is there anything unusual in /var/log/kern.log at the time you had this error? Does, say, 'md5sum /var/log/syslog' runs to the completion? Yes. Without warnings/errors. What about 'cat /var/log/syslog /dev/null'? Yes. Without warnings/errors. Ok. What about 'cat /var/log/syslog | gzip -c /dev/null'? And, while we're at that, what about: cat /var/log/syslog | gzip -c /var/log/syslog.test.gz If error shows early, can you also post contents of (/tmp/gzip): strace -fo /tmp/gzip cat /var/log/syslog | gzip -c /dev/null Can you run fsck on the filesystem containing /var/log/syslog? I have to unmount /var for that; right? Yes. So I need to use Live CD for that; right? Sure, that's possible to do with livecd. But, you can also do it from a single-user (i.e. init 1; unmount /var; run fsck on a logical volume; reboot). What does smartctl --all shows on the partition with this filesystem? I never used smartctl (installed it now following-up your question). In my system /var resides on a logical volume. So I am not sure how to proceed. Find a physical volume corresponding to the /var logical volume. Run smartctl --all on the disk that's containing that physical volume. In case you have RAID (be it mdadm or dm-mirror) - run smartctl on all disks that are part of said RAID. While we're on it, also run smartctl -t long on said disk, wait for a while (smartctl should say you, how much), and run smartctl --all on the same disk again. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131103202659.268f2920f0f82bcdc569e...@gmail.com
Re: Init system deba{te|cle}
On Sun, 3 Nov 2013 14:21:40 + Jonathan Dowland j...@debian.org wrote: On Sun, Nov 03, 2013 at 02:06:06AM +0400, Reco wrote: Linux is way ahead of AIX, FreeBSD and HP-UX in this regard even if using good ol' sysvinit. So, Lennart fixed what wasn't broken in the first place. If that were so, why are people adopting it? I don't know why people adopting it. I only have an option about why distributions adapting systemd. IMO: Fedora - because RedHat needs something enterprisey for their RHEL, and apparently upstart in RHEL6 doesn't cut it (being pet Canonical project and all that). OpenSUSE - because Novell (assuming, of course, there's anybody left to make decisions after their sellover) needs something enterprisey for SLES, and their homegrown sysvinit doesn't cut it for some reason. ArchLinux - because they like to ship upstream projects unmodified and like to change things frequently. They ship GNOME - GNOME says 'use systemd' - they ship systemd. Did I miss some more-or-less important distribution that already moved to systemd? PS Not that I have anything against systemd. By the time I'll get my hands on it (be it next Debian stable, or RHEL7) they'll sure stabilize it somehow, write distribution-specific documentation and all that. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131103204113.8b66aaf8740e7fc6127cc...@gmail.com
Re: Multiple dpkg warning (non-empty directories) during upgrade to wheezy
On Mon, 4 Nov 2013 11:27:57 +0200 (IST) Itay deb...@itayf.fastmail.fm wrote: Thanks for helping me out on this, too. Using your advice I was able to further clean-up. I was left with two puzzling cases in which an orphan directory contains dpkg'ed files. 1. /etc/openoffice # dpkg -S /etc/openoffice dpkg-query: no path found matching pattern /etc/openoffice # for f in /etc/openoffice/*; do dpkg -S $f; done openoffice.org-common: /etc/openoffice/psprint.conf openoffice.org-common: /etc/openoffice/soffice.sh openoffice.org-common: /etc/openoffice/sofficerc (There was an orphan file /etc/openoffice/dictionary.lst.old, which I removed.) aptitude search '~o' will show you all packages that were in squeeze, but are removed from Debian repository in wheezy. Everything in that list can be removed more or less safely. Given that openoffice was replaced with libreoffice in wheezy that's probably the case. 2. /etc/texmf/tex/latex/contour # ddir=/etc/texmf/tex/latex/contour # dpkg -S $ddir; for f in $ddir/*; do dpkg -S $f; done; unset f dpkg-query: no path found matching pattern /etc/texmf/tex/latex/contour texlive-latex-extra: /etc/texmf/tex/latex/contour/contour.cfg Questions: A. Is this an acceptable state? B. Is this a bug? Maybe. I'm not that familiar with LaTeX. Still, if file belongs to the package, and directory in which the file resides is not, that's probably ok. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131104141743.190da6e58e665030f6774...@gmail.com
Re: Why syslog is not rotating?
Well, I have good news and bad news. On Mon, 4 Nov 2013 10:57:18 +0200 (IST) Itay deb...@itayf.fastmail.fm wrote: [...] Is there anything suspicious in the root mailbox? root mail box has daily messages like this starting at june 2010 (yes, I know, bad me) /etc/cron.daily/logrotate: gzip: stdin: Input/output error error: failed to compress log /var/log/syslog.1 run-parts: /etc/cron.daily/logrotate exited with return code 1 The good news are - both cron and logrotate are working as intended on your system. At least, they try their best. And, is there anything unusual in /var/log/kern.log at the time you had this error? Multiple messages like those two: ... Oct 31 07:59:35 gandalf kernel: [4627180.407176] sd 2:0:0:0: [sda] Add. Sense: Unrecovered read error - auto reallocate failed And the bad news are - your drive is failing. And you've already lost some data (best scenario - some contents of /var/log/syslog). Output of 'smartctl --all' (after running 'smartctl -t long'): skip 9 Power_On_Hours 0x0032 060 060 000Old_age Always - 29269 That's an old WD harddrive, and it run for about 3 years continuously. These things aren't get better with age. skip 197 Current_Pending_Sector 0x0032 200 200 000Old_age Always - 1 198 Offline_Uncorrectable 0x0030 200 200 000Old_age Offline - 1 And these show that you've already lost one 512 byte sector on that disk irrecoverably. SMART Error Log Version: 1 No Errors Logged SMART Self-test log structure revision number 1 Num Test_DescriptionStatus Remaining LifeTime(hours) LBA_of_first_error # 1 Extended offlineCompleted: read failure 90% 29267 94963149 This shows the same, with an address of first failing sector. Shawn already suggested you to replace your harddrive ASAP, I second this suggestion. In fact, buy two harddrives and do a RAID1 then forget about the thing for a next few years. Considering that fsck showed you no errors that means that /var filesystem metadata is consistent. That's good as it means you can just copy all files to the new harddrive and filesystem state won't prevent you to do so. That, sadly, speaks nothing about an integrity of data itself. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131104143226.1407409853db3fc0e98cb...@gmail.com
Re: spam when I reply to debian mailing list : Festival Shutdown : Re: ....
On Mon, 04 Nov 2013 11:27:32 +0100 berenger.mo...@neutralite.org wrote: Hi. I have what seems an automated spam when I send a mail to the ml. It takes back the subject but adds it Festival Shutdown : . Am I the only one with this issue, please? No, I get that too. Given the e-mail headers, I believe it's just an auto-response, not an evil spammer. My reasons are - e-mail 'DomainKey-Signature' is consistent with the sender's e-mail, they have a valid MX record pointing to a valid A record. No PTR record, but that doesn't surprise me as they use qmail instead of the real MTA. Their whois record shows that 'slscorp.com' is an old domain (registered in '99), main e-mail seems to be paresh_95...@yahoo.com, registrar abuse e-mail is d...@aplus.net. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131104144514.66db6ca61c729d524b694...@gmail.com
Re: Init system deba{te|cle}
On Mon, 4 Nov 2013 15:43:36 + Tom H tomh0...@gmail.com wrote: smf uses manifests to manage the ksh scripts, which are far more simple that the pre-smf rc scripts; often just a case,start/stop/... mini-script. Solaris 11.1, more or less default non-X install. There're 17 scripts exceeding 10k in /lib/svc/method. Smallest script is 248 bytes, largest one is 41627 bytes. They must've put entire Shakespeare poetry in Solaris 9 in init scripts if they reduced them in Solaris 10. RHEL 5.9, non-X install. There're 2 scripts exceeding 10k in /etc/rc.d/init.d. Smallest script is 128 bytes, largest one is 14793 bytes. Debian 7.1, X install. There're 2 scripts exceeding 10k in /etc/init.d. Smallest script is 117 bytes, largest one is 18483 bytes. So the entire management and supervision of the scripts is done through the manifests, which are new to smf. The fact that these manifests are in xml sucks. This is where I agree with you. This is where Scott and Lennart have improved on both launchd and smf (by not using xml) and on smf (by combining the control of the scripts and the scripts themselves with exec or script,end script in an upstart config file and with ExecStart=... in a service file. Ok, good. But there's noticeable difference between ksh scripts smf uses and forking and execing binaries like system does. That difference is troubleshooting. Furthermore, the fact that Solaris uses /sbin/init doesn't mean that it's using that of sysvinit. On Ubuntu, upstart uses its very own /sbin/init. Smf respects /etc/inittab, systemd does not. If it takes to write /sbin/init replacement for such compatibility - I'm fine with that. If certain init does not respect this configuration file - that's bad. Linux is way ahead of AIX, FreeBSD and HP-UX in this regard even if using good ol' sysvinit. So, Lennart fixed what wasn't broken in the first place. How can you say that sysvinit isn't broken? Let me think… Because it's works most of the time? You know, it allows booting, starting and stopping services. It may be broken, but it's good enough. Did Scott and Lennart both think sysvinit is perfect but I'm nonetheless going to develop upstart/systemd; my employer won't mind my wasting my time on such a project my distro in a more constructive way? Yet their corresponding employers could view such 'time wasting' as an excellent opportunity to play a little vendor lock-in game. Both upstart and systemd were developed in order to improve on sysvinit. Their developers surely say so. I would be surprised if they'd say otherwise. Still, they must be correct in the case of RHEL sysvinit. That thing is a real mess imo. From a user perspective: with sysvinit, you can't be sure when you stop a daemon that it actually stops. True. But tell me, can systemd kill processes in the 'uninterruptable sleep' state (aka D-state)? Or, quickly unmount NFS filesystem mounted with 'hard' option even if NFS server is down? Can upstart do these wonders? From a developer (and to a certain extent user/admin) perspective: the following is taken from [1]. begin skipped rant about 'writing a script is hard' /end [1] http://lists.debian.org/debian-devel/2013/10/msg01099.html If that's the only problem, they could adopt, say, [2] without breaking anything else. [2] http://thomas.goirand.fr/blog/?p=147 Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131104205633.4488e176412ab96b3e823...@gmail.com
Re: Init system deba{te|cle}
end up spending most your post-install time writing your own units for it as the distro might not have any (Or much.). Systemd is also large and complex. And some people also view the fact that Lennart Poettering is the guy behind it as a real negative (Not fans of Pulseaudio and Avahi, usually.). I disagree. Poettering wrote at least one working thing, ifplugd. All the problems with avahi usually boil down to inability to read and understand RFC 6762. Now, the fact that Poettering doesn't like to support stuff he wrote - now that's really disturbing. As I mentioned before, the journal is not readable outside of its tools which I don't like (The admin in me would rather things like configuration and logs be in plain text, which is one reason why I hate Windows.) Lots and lots of people were less than thrilled also with the udev merge (Gentoo developers seemed downright angry about it and are, last I checked (Though a while ago.) they were making their own udev fork.). Neat. Let me guess: and the tool to read this journal comes with systemd, there's no backward compatibility with older journal versions, and you cannot read this journal unless you manage to start couple of obscure services via dbus. Maybe one major downside is systemd uses very Linux kernel-specific features, which is what this thread was about, I think. systemd isn't really portable which to a lot of Linux fans is almost sacrilege. Hardly. Un-portability is a byproduct of vendor lock-in. RedHat one in this case. I personally don't have a problem with it since there are so few projects I know of that actually make specific use of Linux-exclusive functionality. Maybe they do so indirectly through libc, I don't know. Simple. Use Linux-only syscalls. Depend on a specific files in /proc and /sys which only Linux provides. There're many ways to write non-portable software. But this does mean most anythign that wants to use systemd to its fullest might end up being Linux-exclusive when kept vanilla. There's other scenario. Either you use RHEL, or some systemd feature misbehave. I dunno if Debian will ever adopt it as its official init. At least as long as there's the Hurd and kfreebsd projects. Though that's another debate (I think Debian's resources are wasted on those two projects: Hurd will never amount to anything worthwhile (It took them well over a decade just to get SATA and USB support.) and BSD is slowly, painfully, dying (I personally think the only thing sustaining it is Apple. Building software on a different processor architecture or with different kernel helps to find bugs in such software. Helps with quick support of new architectures too. The fact Debian provides non-Linux kernels is a strength, not a weakness. I know I'll catch flak for this opinion, but I can't look at usage statistics for BSD and really think it's doing anything but losing users and developers.). In my opinion neither are really worthy of much attention.) It's the userland that is killing BSDs, not a kernel. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131105005947.ee1d229d1e5463218795b...@gmail.com
Re: Init system deba{te|cle}
On Mon, 4 Nov 2013 17:21:48 + Tom H tomh0...@gmail.com wrote: RHEL 6 (as well as Fedora 9-14) use upstart's /sbin/init and a few upstart jobs. AFAIR, there are native jobs for setting up the ttys, launching plymouth, and parsing /proc/cmdline in order to run telinit runlevel and that's about it. sysvinit scripts launch everything else, via upstart. And that's a good thing. Changing things way too much scares customers. Lennart gave a talk at this summer's DebConf. Two reasons for systemd stand out from that talk. 1) He described systemd as completely open source more than once, in a clear dig at Canonical's copyright-assignment-come-contributor-agreement for upstart. Meaning 'you can watch, but you cannot touch'? Thanks, I prefer free software to opensource one. 2) He said (not his exact words) that we spoke to upstart upstream about some changes and they were rejected. This can mean anything. Unless said changes were described, of course. ArchLinux - because they like to ship upstream projects unmodified and like to change things frequently. They ship GNOME - GNOME says 'use systemd' - they ship systemd. Arch decided that systemd was better than its implementation of sysvinit and rc. True. And what was the reason for this 'better'? PS Not that I have anything against systemd. By the time I'll get my hands on it (be it next Debian stable, or RHEL7) they'll sure stabilize it somehow, write distribution-specific documentation and all that. There's no need for distribution-specific documentation. One of the goals of systemd is distribution-neutral system and service manager, with service files shipped by the various upstreams providing daemons. He even got some stick from some Red-Hatters/Fedorans for adopting Debian's /etc/hostname. :) OOPS. Wrong. I use ifupdown. How exactly transition to systemd affects me? I have these nice entries in /etc/fstab. How exactly transition to systemd affects me? I have these tested-and-verified values in /etc/sysctl.conf. How exactly transition to systemd affects me? I have this rsyslog that sends syslog messages to the central server. How exactly transition to systemd affects me? Now, of course, it can be done Fedora-style: we break things twice a year and cannot hear your screams. It can be done ArchLinux-style: we change things every day, don't update unless you've read our wiki. But in Debian stable they usually write release notes and document all things that changed since the last stable release. The only documentation that you need are the man pages and Lennart's systemd for administrators blog series. Man pages describe intended behaviour usually, not implementation restrictions. How many systemd releases came since this 'Lennart's systemd for administrators blog series' was published? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131105011548.8f1a1e35736d06415099b...@gmail.com
Re: Init system deba{te|cle}
On Mon, 4 Nov 2013 15:06:50 + Tom H tomh0...@gmail.com wrote: Well, whoever he is, he raises some valid questions. Such as - what logind are supposed to do? Why bother keeping unrelated projects in systemd git? He's a Gentoo developer who might be involved in OpenRC development (he's not its Gentoo maintainer). logind is a replacement of ConsoleKit, which is now dead upstream (and has been for one or two years). OK. And why does one needed to use ConsoleKit? Seriously, I've never installed it and may miss something. On my (Ubuntu) laptop: [root@lenovo15]# loginctl list-sessions SESSIONUID USER SEAT c1124 dirmngr seat0 c2 1000 th seat0 2 sessions listed. [root@lenovo15]# loginctl list-users UID USER 124 dirmngr 1000 th 2 users listed. [root@lenovo15]# loginctl list-seats SEAT seat0 1 seats listed. Neat, but I can do the same and more with good old 'w'. Its role is the tracking and management of user sessions. Now it gets better. How do I, say, kill a user session with systemd? Or logind tools for that matter? What about ssh logins? That somehow extends into power management and the first dependency of GNOME on systemd (that I know of) was of the power module of gnome-settings-daemon in GNOME 3.8. And what does that 'power module' do? Does it changes CPU frequency (that's kernel job btw, no userspace required)? Does it put a laptop to sleep (handled by acpid without external assistance usually)? If the Ubuntu developers who've already split logind from systemd up to v204 throw up their hands and say it can't be done for v205+, then I'll believe it... Not that I'm in hurry too :) You might not be in a hurry but I'm sure that there are Debian users and developers who'd like to see GNOME depend on logind rather than on systemd. If that's means there will be less dependencies for GNOME, count me in. But I meant something different: I'm just a Debian user, not a DM or DD. I can replace init with anything they put in Debian archive, but on my hosts only. I cannot decide what will be put in the Debian archive, or what users will get by default. So, I wait till next Debian stable comes out, and then I'll see what they put there. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131105013206.22f2bca4798da1f108312...@gmail.com
Re: No space left on device (28) but device is NOT full!
Hi. On Tue, Nov 05, 2013 at 09:41:58AM +, Jonathan Dowland wrote: On Tue, Nov 05, 2013 at 05:28:16AM +0100, Tazman Deville wrote: find . -name 'popularity-*' | xargs rm -rf Sorry, opportunity for a bit of golf. Find has a built-in for deleting files: find . -type f -name 'popularity-*' -delete I'd also be rather wary of invoking rm -rf with the results of find output. If you're unsure (and you should!) if filenames contain spaces, that should more appopriate. find . -type f -name 'popularity-*' -print0 | xargs -0rn 20 rm -f Arguably the fastest way to delete all this mess should be perl -e 'for(popularity-*){((stat)[9](unlink))}' Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131105111310.GA11995@x101h
Re: No space left on device (28) but device is NOT full!
On Tue, Nov 05, 2013 at 02:29:10PM +, Jonathan Dowland wrote: On Tue, Nov 05, 2013 at 03:13:10PM +0400, Reco wrote: find . -type f -name 'popularity-*' -print0 | xargs -0rn 20 rm -f I idly wonder (don't know) to what extend find might parallelize the unlinks with -delete. A cursory scan of the semantics would suggest it could potentially do so: it's not clear that a single unlink failing should stop future unlinks (merely spew errors and consider the -delete operation as a whole to have failed) xargs parallelism is optional. The point is that you have one process which finds files, and another one (or another group of) who are deleting files. Helps utilizing multiple cpus. Arguably the fastest way to delete all this mess should be perl -e 'for(popularity-*){((stat)[9](unlink))}' Not sure why loading perl (1.6M) should be faster than find (~300K) and I think '-delete' behaviour is essentially unlink under the hood. It's not the binary size which matters, it's the algorithm: $ for x in $(seq 1 50); do echo somefile $x; done $ time perl -e 'for(*){(stat)[9](unlink))}' real0m24.047s user0m4.785s sys 0m16.926s $ for x in $(seq 1 50); do echo somefile $x; done $ time find -type f -delete real4m27.799s user0m0.831s sys 0m17.961s Basically, the difference is in the fact that find uses fstatat64 syscall for each file, and this perl one-liner uses lstat64 and stat64 syscalls. Use strace to check it in your environment. On another OS results could be different. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131105151518.GA19598@x101h
Re: No space left on device (28) but device is NOT full!
Hi. On Tue, Nov 05, 2013 at 04:25:13PM +0200, Lars Noodén wrote: On Tue, Nov 05, 2013 at 03:13:10PM +0400, Reco wrote: perl -e 'for(popularity-*){((stat)[9](unlink))}' I have two questions. Why before unlink and why stat[9] there? You have to pass unlink something to delete. Stat is called without an argument, hence $_ is used for stat too. '' is used to give unlink something to work with. Try it like this: perl -e 'for(*){((stat)[9])(printf)}' stat[9] is mtime. Files are sorted in directory inode by mtime. That saves you sorting all the file list in directory. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131105153315.GB19598@x101h
Re: No space left on device (28) but device is NOT full!
On Tue, Nov 05, 2013 at 04:54:19PM +, Jonathan Dowland wrote: The binary size effects the initial load-up time which, for small numbers of files/short execution times, may be the lions share of the total execution time. However as you point out, for orders of magnitute like 500,000; it's dwarfed by the algorithm. I agree with you. I assumed if OP needed to remove all that popcon logs - there would be large amount of those files. I'm quite amazed how much faster your perl implementation was. I can only imagine that nobody has ever been troubled by find's performance enough to work on it. This points to find not taking advantage of parallelism (and also to potential improvements in speed even for your perl implementation). Well, the primary usage of find is to find files, not to delete them. And find shows reasonable speed if you need to delete medium amount of files. Besides, deleting that amount of files is a rare unusual task, so using custom tools to do it is only fitting. Half-million is a small amount. Once I had to purge ~200m files - now that was slow. Basically, the difference is in the fact that find uses fstatat64 syscall for each file, and this perl one-liner uses lstat64 and stat64 syscalls. Use strace to check it in your environment. On another OS results could be different. So you believe the discrepancy is entirely down to the difference between fstat64 and lstat/stat64? I find that hard to believe. I suspect find is just not very efficient. I never bothered to see find source to check how they do it. Or kernel source for the implementation of these syscalls. Still, the fact stands - both find and one-liner use unlink (find uses unlink64, but that should not be relevant), one-liner does double amount of stat syscalls compared to the find, yet it's faster. Probably C implementation would be even more faster, but I'm to lazy to do it. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131105184625.GA28050@x101h
Re: Disable gjs-console
Hi. On Wed, 6 Nov 2013 15:16:55 +0100 Dan ganc...@gmail.com wrote: Hi, Some times the program gjs-console from gnome3 takes 100% of my CPU. That is quite annoying. I have no idea what gjs-console does. I have disabled the gnome tracker from the start-up applications. This seems to be a variation of http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674497 Does anybody have an idea of how to disable gjs-console? This is a dirty hack, but should work: dpkg-statoverride --update --add root root 0644 /usr/bin/gjs-console pkill -9 -f gjs-console To revert this change, use: dpkg-statoverride --update --remove /usr/bin/gjs-console What is the purpose of that program/daemon? Please read an output of 'apt-cache show gjs'. My guess is - some kind of debugging tool. Personally, I don't trust nor use any DE written in javascript. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131106204330.f4279e84b3de0e305c879...@gmail.com
Re: Disable gjs-console
On Wed, 6 Nov 2013 18:41:46 +0100 Dan ganc...@gmail.com wrote: On Wed, Nov 6, 2013 at 5:43 PM, Reco recovery...@gmail.com wrote: Thanks a lot, I do not understand your command dpkg-statoverride --update --remove /usr/bin/gjs-console This asks ask dpkg to do two things: a) Remove executable bit from /usr/bin/gjs-console for now. b) Remove executable bit from /usr/bin/gjs-console for future updates. Please run 'man dpkg-statoverride' for more details. This is the process that takes 100% of the CPU /usr/bin/gjs-console -I /usr/share/gnome-documents/js -c const SearchProvider = imports.shellSearchProvider; SearchProvider.start(); And if gnome-shell can not execute it, there will be no process. No process = no CPU consumption. The problem is related to gnome-documents which I think is a kind of crawler: GNOME Documents is a standalone application to find, organize and view your documents. I tried to remove gnome-documents but gnome depends on gnome-documents. 'gnome' is just a metapackage. Purge gnome-documents, keep everything else. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131107001259.01158348fb8b3298586e5...@gmail.com
Re: Wheezy/XFCE: difficulties trying to provide remote desktop service with VNC server
Hi On Sun, 17 Nov 2013 15:57:14 + Ron Leach ronle...@tesco.net wrote: xauth: /home/ward/.Xauthority not writable, changes will be ignored Your .Xauthority seems to be misconfigured (probably owned by root). Please ensure that this file is owned by regular user and has 0600 permissions. The vnc4server log file for this attempt shows: xsetroot: unable to open display 'D7box:1' /home/ward/.vnc/xstartup: 15: exec: gnome-session: not found Your xstartup script tries to execute non-installed 'gnome-session'. Try replacing 'gnome-session' with '/etc/X11/Xsession', like this: === cut === #!/bin/sh xrdb $HOME/.Xresources xsetroot -solid grey /etc/X11/Xsession === cut === And you'll probably want to replace vnc4server with something modern, like tightvncserver. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131117220105.8ab59a6f12d35c5cbc542...@gmail.com
Re: Wheezy/XFCE: remote desktop service difficulties with VNC server
On Sun, 17 Nov 2013 20:15:02 + Ron Leach ronle...@tesco.net wrote: X could not detect the attached screen because its cable is switched across a KVM which seems to destroy the EDID information; I'd already manually configured a Modeline for 1440x900. (This works fine on the attached screen even through the KVM.) The remote desktop appears to be 4x3 shape, and something closer to 800x600, I would guess. Vnc4server doesn't (and should not) take into account any EDID. The entire point of VNC is to be able run even if video card(s) is physically absent at the host. Try experimenting with '-screen' and '-dpi' VNC options. Though XFCE 'settings' does allow the display resolution to be checked/changed using the keyboard and attached screen, on the remote desktop XFCE - instead - does not and complains that RandR is version 1.1, not v1.2 . AFAIK changing display resolution is not implemented in vnc4server (and tightvnc, for that matter, too). No such complaint on the physical desktop. Very odd; I wonder if this means that the Xsession being used for the remote is not the same as the Xsession being used for the physical user session? Unlikely. /etc/X11/Xsession should be used by any display manager they put into Debian. I'll look deeper into logs; it might also explain why applications that the user is running do not show up on the remote desktop. It's like this: 1) You need to be able to run some X app over network - you use vnc4server or tightvnc. You run it over VNC - any local user won't notice anything. 2) You need to be able to control X display of a local user - you use x11vnc, which attaches to a local X display. You run something over VNC - local user immediately sees that someone's moving windows on their desktop. I've left vnc4server installed. If I don't get anywhere with logs I'll try replacing it with tightvnc. Reco, much obliged, that was a helpful post. You're welcome. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131118005314.a1d4c6b6a22254b3f5bb5...@gmail.com
Re: colord Warning during upgrade to wheezy
Hi. On Sun, 24 Nov 2013 17:05:15 +0200 (IST) Itay deb...@itayf.fastmail.fm wrote: Hi, During upgrade squeeze - wheezy the following warning came up: Setting up colord (0.1.21-1) ... adduser: Warning: The home directory `/var/lib/colord' does not belong to the user you are currently creating. At present '/var/lib/colord' belongs to user and group 'colord'. I guess that this means that colord installation is correct after all. _However_, I would appreciate a confirmation from a knowledgeable user. The contents of /var/lib/dpkg/info/colord.postinst explain this behavior. Basically, they create the needed directory first, add the colord user then and finally change permissions for the dir. IMO, this is the usual thing, not a bug. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131124192050.aecc3c29cb356a340794a...@gmail.com
Re: colord Warning during upgrade to wheezy
Hi. On Mon, Nov 25, 2013 at 12:13:41AM -0700, Bob Proulx wrote: I just looked at that script. I agree that as written now that it is expected behavior by that script. But I think the script is not written well. It should create the user first. It is using adduser to create the user. It should let it create the home directory. Then the spurious message that is printed out during the installation would be avoided. That would be much nicer. I don't have the time but I think it would be a good bug to fail against the package. Because the message is truly a spurious one that need not be there if the package were perfect. The adduser executable cannot make user's home directory if such directory is nested and upper-level directories aren't exist. Just tested this, and got: # adduser -d /var/a/b/c test adduser: cannot create directory /var/a/b/c I'm unsure whenever the existance of /var/lib is assumed by Debian Policy, or Debian's current interpretation of FHS. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131125084842.GA9839@x101h
Re: colord Warning during upgrade to wheezy
On Mon, Nov 25, 2013 at 09:05:12AM +, Tom H wrote: What does -d mean? Compatibility with useradd, which has '-d'. To my surprise manpage doesn't mention it. [root@lenovo15]# adduser --home /var/a/b/c test Adding user `test' ... Adding new group `test' (1001) ... Adding new user `test' (1001) with group `test' ... Creating home directory `/var/a/b/c' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for test Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] [root@lenovo15]# I stand corrected. Useradd can create directories recursively, if invoked with '--home option'. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131125101543.GA13718@x101h
Re: colord Warning during upgrade to wheezy
On Tue, Nov 26, 2013 at 12:00:32PM +, Tom H wrote: I'm not an adduser user so that's why I checked the manpage for -d. If your assumption that useradd short options should be understood adduser, isn't this a bug? I don't know. But the behaviour of adduser and useradd is consistent in this regard: # userdel test # useradd -d /var/a/b/c test Creating mailbox file: File exists useradd: cannot create directory /var/a/b/c # userdel test # adduser -d /var/a/b/c test Creating mailbox file: File exists adduser: cannot create directory /var/a/b/c If that's a bug, it's sure a longstanding one - I've reproduced it on RHEL5 (which has userland from 2006). Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131126155459.GA32303@x101h
Re: debian xfce network tethering an SGS2
Hi. On Fri, 29 Nov 2013 19:45:50 + Ron Leach ronle...@tesco.net wrote: After further testing, this would never be possible in wicd. Why bother yourself with an inferior network configurator (wicd), then you have superior one (ifupdown) already? # ifup usb0 replies with Ignoring unknown interface usb0=usb0. That's only means that you lack usb0 definition in /etc/network/interfaces. #ifconfig usb0 replies with usb0 and a table of [Ethernet type, a MAC address, MTU 1500, and several lines of tx and rx parameters, all zero.] And that means you've done the easy part of configuration of tethering. You plug the phone - kernel provides you an unconfigured network interface. The hard part is to setup an appropriate routing to the outside world on your phone. In my experience, it would seem that USB tethering, at least for the first time, is not possible just by plugging it in to Wheezy/XFCE, and doing ifup usb0 Something else perhaps must also be needed. Maybe something else needs setting up. You need to configure /etc/network/interfaces. Something along the lines of (assuming you've already setup DHCP server on your phone): allow-hotplug usb0 iface usb0 inet dhcp or something along the lines of (if you don't): allow-hotplug usb0 iface usb0 inet static address x.x.x.x netmask x.x.x.x gateway x.x.x.x dns-nameservers x.x.x.x or, if you're really need it (ipv6): allow-hotplug usb0 iface usb0 inet6 static address x:x:x:x:x:x:x:x netmask x 'allow-hotplug' stanza should tell udev to configure usb0 interface once you've plugged your phone, and deconfigure it once you'll unplug it. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131130001035.e9524ea929357f8cbc71e...@gmail.com
Re: Goodbye GNOME, Hello XFCE
Hi. On Fri, Dec 06, 2013 at 09:39:03AM +0100, François Patte wrote: It could a nice choice, but there are many things to fix! I made the choice of xfce at my wheezy install and as I use terminals and cli to launch my stuff, there are a lot of warnings, for instance: when I quit evince: (evince:30376): Gtk-WARNING **: Calling Inhibit failed: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.gnome.SessionManager was not provided by any .service files Try installing evince-gtk instead of evince. with acroread (on start): (acroread:30504): Gtk-WARNING **: Unable to locate theme engine in module_path: xfce, The acroread needs i386 libraries from gtk2-engines-xfce package. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131206085138.GA9298@x101h
Re: Goodbye GNOME, Hello XFCE
On Fri, Dec 06, 2013 at 10:35:30AM +0100, François Patte wrote: with acroread (on start): (acroread:30504): Gtk-WARNING **: Unable to locate theme engine in module_path: xfce, The acroread needs i386 libraries from gtk2-engines-xfce package. If I try to install this package (i386), I get: What's normal. gtk2-engines-xfce doesn't contain Multi-Arch stanza in it's description. Hence - you cannot install more than one architecture of this package at the same time. Please note that I wrote 'libraries from the package', not the package. Quick and dirty way to fix the issue is to download gtk2-engines-xfce, then invoke (as root): dpkg -x gtk2-engines-xfce_3.0.1-2_amd64.deb /usr/local/ mv /usr/local/usr/* /usr/local rm -rf /usr/local/usr This setup WILL break once Jessie's gtk2-engines-xfce package will be updated. Probably (I can not test it right now) more-or-less correct way to fix the issue is to launch acroread with GTK theme that does not require xfce engine (for example): GTK2_RC_FILES=/usr/share/themes/Raleigh/gtk-2.0/gtkrc acroread Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131206095614.GA13851@x101h
Re: Goodbye GNOME, Hello XFCE
On Fri, Dec 06, 2013 at 10:09:02AM +0100, Ralf Mardorf wrote: GTK is a PITA and will always cause similar warnings, I disagree. My .xsession-errors does not contain similar warnings. but GTK also does cause really serious issues, if you e.g. launch a GNOME editor with root privileges, the Microsoft like config thingy's privileges change to root and GNOME apps don't work for the user anymore. That's bad for the unfortunate user indeed. But that's not the GTK+-2 problem, that's gconf problem (probably combined with misconfigured sudo - i.e. without sudo always_set_home). This are not Xfce, KDE etc. bugs and they are also not Debian related, this is caused by GTK/GNOME upstream's ignorance. GTK and GNOME are crap. Very likely that even GNOME doesn't continue using GTK, LXDE for good reasons switches from GTK to Qt. GNOME project plans to ditch GTK+-3? That's interesting, to say the least. Have you got any proof of that? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131206100222.GB13851@x101h
Re: Goodbye GNOME, Hello XFCE
On Fri, Dec 06, 2013 at 11:12:37AM +0100, Ralf Mardorf wrote: On Fr, 2013-12-06 at 14:02 +0400, Reco wrote: I disagree. My .xsession-errors does not contain similar warnings. What DE do you use? It's new to me that there aren't those issues outside GNOME. There's nothing the other DEs have to fix, the bad design is from GTK/GNOME. Xfce, Debian stable. I just stay clear of anything that's linked against libgconf.so. Been using the thing since etch days. About the only thing I've changed in my setup is xfwm4 → compiz → openbox replacement that I did between squeeze and wheezy. but GTK also does cause really serious issues, if you e.g. launch a GNOME editor with root privileges, the Microsoft like config thingy's privileges change to root and GNOME apps don't work for the user anymore. That's bad for the unfortunate user indeed. But that's not the GTK+-2 problem, that's gconf problem (probably combined with misconfigured sudo - i.e. without sudo always_set_home). Issues happen not with Non-Gnome apps, but also when using su for GNOME apps, so sudo is completely irrelevant. Also completely independent from the used distro. So, to reproduce it, I need to do something like: $ gnome-terminal $ su - Password: # gnome-terminal Right? But that sequence does not break anything here. Now, if I'd used 'su' instead of 'su -' - now that could break the things indeed. This are not Xfce, KDE etc. bugs and they are also not Debian related, this is caused by GTK/GNOME upstream's ignorance. GTK and GNOME are crap. Very likely that even GNOME doesn't continue using GTK, LXDE for good reasons switches from GTK to Qt. GNOME project plans to ditch GTK+-3? That's interesting, to say the least. Have you got any proof of that? No transparency, no official statements, no evidence for it, but if you run the releases from upstream and not outdated versions from Debian, you'll notice the evolution of GTK and that it's at a dead end. Or, they just implemented the stuff in GTK they want, got rid of anything they don't need, and are merely fixing current bugs. They did the same in the past, back it was called GTK+-2.8. Didn't hurt anyone. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131206102335.GA17638@x101h
Re: Goodbye GNOME, Hello XFCE
On Fri, Dec 06, 2013 at 12:17:20PM +0200, Andrei POPESCU wrote: On Vi, 06 dec 13, 11:12:37, Ralf Mardorf wrote: On Fr, 2013-12-06 at 14:02 +0400, Reco wrote: On Fri, Dec 06, 2013 at 10:09:02AM +0100, Ralf Mardorf wrote: This are not Xfce, KDE etc. bugs and they are also not Debian related, this is caused by GTK/GNOME upstream's ignorance. GTK and GNOME are crap. Very likely that even GNOME doesn't continue using GTK, LXDE for good reasons switches from GTK to Qt. GNOME project plans to ditch GTK+-3? That's interesting, to say the least. Have you got any proof of that? No transparency, no official statements, no evidence for it, but if you run the releases from upstream and not outdated versions from Debian, you'll notice the evolution of GTK and that it's at a dead end. Come on Ralf, this is one of your worst trolls ever. You can do much better :p Please, don't be harsh on him. It's Friday night here, and a little flamewar on the Debian maillist is a fine ending of a long boring week :) Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131206102652.GB17638@x101h
Re: Goodbye GNOME, Hello XFCE
On Fri, Dec 06, 2013 at 11:54:43AM +0100, Gian Uberto Lauri wrote: Ralf Mardorf writes: On Fr, 2013-12-06 at 14:02 +0400, Reco wrote: On Fri, Dec 06, 2013 at 10:09:02AM +0100, Ralf Mardorf wrote: GTK is a PITA and will always cause similar warnings, I disagree. My .xsession-errors does not contain similar warnings. What DE do you use? Still using a graphic DE? Mine is called /bin/bash ... BTW, my .xession-errors timestamp was freezed to this year march, when I learned to use xrandr to configure the dual heading. Pleading guilty, your honor ;) Worse, I use this pointing thingy called mouse at least twice per day. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131206110445.GA20428@x101h
Re: Does any OS (e.g. Debian) support ZFS on MIPS?
Hi. On Fri, 6 Dec 2013 18:11:22 + Sam Kuper sam.ku...@uclmail.net wrote: Does Debian ZFS under the MIPS architecture? Judging from this list, it's not: http://packages.debian.org/search?searchon=namessuite=allsection=allsourceid=mozilla-searchkeywords=zfs ZFS is supported on i386 and amd64 via FreeBSD kernel, and on i386, amd64, powerpc and sparc via zfs-fuse. If not, do you know of an OS that does? FreeBSD on mips is probably your best hope. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131206230518.d7f09c2476352173d6d85...@gmail.com
Re: compose:menu in xfce
Hi. On Mon, 9 Dec 2013 01:06:25 -0600 Paul Johnson ba...@ursamundi.org wrote: I've used setxkbmap -option compose:menu multiple times in XFCE, but for some reason, something keeps kicking it back over to the same useless functionality that the menu key has in Windows. What's the real way to bind compose to the menu key and make it stick? In no particular order, that 'something' could be: 1) Settings in /etc/default/keyboard. Applies at every boot and every X session start. Just add you preferences to XKBOPTIONS like this: XKBOPTIONS=compose:menu 2) XFCE xkb-plugin applet (~/.config/xfce4/panel/xkb-plugin-[0-9].rc). Edit this configuration file like this: never_modify_config=true compose_key_position=compose:menu 3) Some custom Input Method (be it XIM, SCIM or whatever). The solution is to deinstall it unless you really need it. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131209203202.34a6ac542dddb875da05b...@gmail.com
Re: Debianly Correct place to add ~/bin to $PATH ?
Hi. On Mon, 9 Dec 2013 12:15:53 -0700 Paul E Condon pecon...@mesanetworks.net wrote: I see the file ~/.profile . It contains code that tests for the existence of ~/bin/ and adds it to $PATH , if it exists. But it doesn't 'work'. After I have created my ~/bin/. and filled it with some scripts, and rebooted, there is still no mention of ~/bin/ in $PATH . Why? When does ~/.profile actually get invoked? I assume you're using bash as a shell. According to bash(1) (INVOCATION part): When bash is invoked as an interactive login shell, or as a non-interactive shell with the --login option, it first reads and executes commands from the file /etc/profile, if that file exists. After reading that file, it looks for ~/.bash_profile, ~/.bash_login, and ~/.profile, in that order, and reads and executes commands from the first one that exists and is readable. So, the most possible reason of your modifications of ~/.profile are ignored because you have ~/.bash_profile or ~/.bash_login. Does invoking '. ~/.profile' fix things? Is there some part of the boot process that must be configured in order to invoke it? Hardly, IMO. Shell configuration files are independent of boot process. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131210003428.8de15823adecd8cd164a8...@gmail.com
Re: Growing number of packages not being upgraded
Hi. On Tue, 10 Dec 2013 10:12:31 -0500 Frank McCormick debianl...@videotron.ca wrote: How can I find out what is holding these packages ? Have you tried to run 'apt-get dist-upgrade'? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131210201055.dfb8f83940f774e00398c...@gmail.com
Re: Growing number of packages not being upgraded
On Tue, 10 Dec 2013 11:22:37 -0500 Frank McCormick debianl...@videotron.ca wrote: On 10/12/13 11:10 AM, Reco wrote: Well that solves most of the problem...but 2 are still being held root@frank-debian:/home/frank# apt-get dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following package was automatically installed and is no longer required: libtiffxx0c2 Use 'apt-get autoremove' to remove it. The following packages will be REMOVED: foomatic-filters libharfbuzz0a The following NEW packages will be installed: libamd2.3.1 libcamd2.3.1 libccolamd2.8.0 libcholmod2.1.2 libcolamd2.8.0 libharfbuzz-gobject0 libharfbuzz0b libicu52 liblzma-dev libtiff5-dev libtiffxx5 libumfpack5.6.2 The following packages have been kept back: libmateweather-common libmatewnck-common The following packages will be upgraded: cups-filters gir1.2-pango-1.0 libcdr-0.0-0 libdee-1.0-4 libgegl-0.2-0 libharfbuzz-dev libharfbuzz-icu0 libjavascriptcoregtk-1.0-0 libjavascriptcoregtk-3.0-0 libmspub-0.0-0 libpango-1.0-0 libpango1.0-0 libpango1.0-dev libpangocairo-1.0-0 libpangoft2-1.0-0 libpangoxft-1.0-0 libtiff4 libtiff4-dev libtiffxx0c2 libwebkitgtk-1.0-0 libwebkitgtk-3.0-0 21 upgraded, 12 newly installed, 2 to remove and 2 not upgraded. Need to get 29.1 MB of archives. After this operation, 30.1 MB of additional disk space will be used. Do you want to continue? [Y/n] Anyway to find out what's holding them ? Try it like this: apt-get install libmateweather-common=1.6.2-1 libmatewnck-common=1.6.2-1 That should not upgrade these packages, but it should show why apt refuses to do anything about them. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131210202900.326b20f0f5541e70e118c...@gmail.com
Re: No Sources for Backported Kernels?
Hi. On Wed, 11 Dec 2013 11:33:08 -0600 Kent West we...@acu.edu wrote: I have a new Dell Precision T1700 that has a network adapter which is not recognized by wheezy's kernel (3.2). So I've installed the backported 3.11 kernel, which does work with my NIC. However, now my virtualbox modules won't compile, complaining that the source for this kernel is not installed: Setting up virtualbox-dkms (4.1.18-dfsg-2+deb7u1) ... Loading new virtualbox-4.1.18 DKMS files... First Installation: checking all kernels... Building only for 3.11-0.bpo.2-amd64 Module build for the currently running kernel was skipped since the kernel source for this kernel does not seem to be installed. Don't believe VirtualBox. It lies. It does not need kernel sources. What it does need is kernel headers. Specifically, you need to install linux-headers-3.11-0.bpo.2-amd64 from wheezy-backports. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131211214601.9199fc45b086eccdefdb5...@gmail.com
Re: VirtualBox kernel mod compile fails
Hi again. On Wed, 11 Dec 2013 14:31:54 -0600 Kent West we...@acu.edu wrote: Setting up virtualbox-dkms (4.1.18-dfsg-2+deb7u1) ... … Building only for 3.11-0.bpo.2-amd64 You use backported kernel, but stock VirtualBox kernel module source. This won't fly. To make it work, you should upgrade virtualbox and its' dependents to wheezy-backports' versions. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131212003708.bbb771ef57fdea0340439...@gmail.com
Re: VirtualBox kernel mod compile fails
Hi. On Wed, 11 Dec 2013 21:54:39 +0100 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: On Thu, 2013-12-12 at 00:37 +0400, Reco wrote: DKMS should be able to build the modules for more or less every version of virtual box with more or less every kernel headers, as long as they are not years apart and as long as there should be no obscure Debian patches. I'm doing this for different distros even with rt patched kernels. Given the general quality of VirtualBox upstream developers (currently - Oracle), there is a huge difference between 'DKMS should build' and 'DKMS can actually build something that works'. Kernel developers put it simple: https://lkml.org/lkml/2011/10/6/317 But, rants aside - this particular problem is described at Debian Bug 696011. Long story short - out-of-tree kernel modules break from time to time, and for Virtualbox 4.1 that happened for kernels 3.7. Solution 1: Apply patch to virtualbox kernel module source. Solution 2: Install backported Virtualbox, where the problem is solved. Which one is simplier in your option? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131212012427.9bd130f8b0fc0f742dc8a...@gmail.com
Re: VirtualBox kernel mod compile fails
Hi. On Wed, 11 Dec 2013 21:54:39 +0100 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: On Thu, 2013-12-12 at 00:37 +0400, Reco wrote: DKMS should be able to build the modules for more or less every version of virtual box with more or less every kernel headers, as long as they are not years apart and as long as there should be no obscure Debian patches. I'm doing this for different distros even with rt patched kernels. Given the general quality of VirtualBox upstream developers (currently - Oracle), there is a huge difference between 'DKMS should build' and 'DKMS can actually build something that works'. Kernel developers put it simple: https://lkml.org/lkml/2011/10/6/317 But, rants aside - this particular problem is described at Debian Bug 696011. Long story short - out-of-tree kernel modules break from time to time, and for Virtualbox 4.1 that happened for kernels 3.7. Solution 1: Apply patch to virtualbox kernel module source. Solution 2: Install backported Virtualbox, where the problem is solved. Which one is simplier in your option? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131212012432.0b512aea115995afb6cac...@gmail.com
Re: Shutdown computer after a specific command has been executed
Hi. On Thu, 12 Dec 2013 14:58:35 +0100 Gian Uberto Lauri sa...@eng.it wrote: Osamu Aoki writes: But I want one line solution :-) sudo sh -c apt-get update apt-get upgrade; shutdown -h now But there is the case where apt-get want a reply for the user and that is 'N' :) !! Baka!!! :) sudo sh -c apt-get update apt-get upgrade -y poweroff That's more like it. Depending on a hardware, 'shutdown -h now' can leave the power on. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131212185745.23235a8cb651c7d9cced0...@gmail.com
Re: Reporting missing package during install
On Thu, 12 Dec 2013 22:14:50 +0900 Osamu Aoki osamu_aoki_h...@nifty.com wrote: On Sun, Dec 08, 2013 at 09:09:53PM -0500, Neal Murphy wrote: On Sunday, December 08, 2013 07:27:41 PM Andrei POPESCU wrote: On Du, 08 dec 13, 19:14:49, Neal Murphy wrote: For me, I usually set up 'sudo su' sudo has the '-s' and '-i' switches, why mix with 'su'? Kind regards, Andrei 'sudo su' rolls off the fingers easier. 'sudo sh' is as easy on finger (no shift) and do not feel as bad. Sure, if you don't mind using dash instead of bash, 'sudo sh' and 'sudo su' are the same. Also, 'sudo su -' and 'sudo -i' set up all root environment variables (specifically, $HOME). 'sudo sh' keeps $HOME, which can lead to not-so-funny things. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131212190251.1d56020860f2c01e42127...@gmail.com
Re: Shutdown computer after a specific command has been executed
On Thu, 12 Dec 2013 16:10:44 +0100 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: On Thu, 2013-12-12 at 18:57 +0400, Reco wrote: sudo sh -c apt-get update apt-get upgrade -y poweroff That's more like it. Depending on a hardware, 'shutdown -h now' can leave the power on. :D We are close to solve it :D. apt-get upgrade -y poweroff if the upgrade fails, it won't shutdown, then it won't go off-line and be a big issue for the OP. That's intentional. Failed upgrade needs human intervention, and that trick is hard to accomplish if the box goes down. Still, if one has desire to blow legs off: sudo sh -c apt-get update apt-get upgrade -y ; poweroff Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131212191705.e9b01b72dd06919e5302f...@gmail.com
Re: Shutdown computer after a specific command has been executed
On Thu, 12 Dec 2013 16:21:34 +0100 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: On Thu, 2013-12-12 at 19:17 +0400, Reco wrote: Still, if one has desire to blow legs off: :D sudo sh -c apt-get update apt-get upgrade -y ; poweroff but I would recommend sudo sh -c apt-get update apt-get dist-upgrade -y ; poweroff And I'd don't. 'dist-upgrade' can install new packages (and _usually_ nothing breaks from installing new packages), but more important - it can _remove_ existing ones (and that _surely_ can break things). 'apt-get upgrade' on the other hand is usually considered safe enough. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131212193112.2734b3fb98bbe5b3fb4e1...@gmail.com
Re: Backported Kernel - install question
Hi. On Fri, 13 Dec 2013 00:17:02 +0530 Kailash Kalyani listskail...@gmail.com wrote: My understanding is that it should be possible to install backports without breaking a stable install. What am I missing? Sure, it is possible. You're just using wrong tool for the task. Try: apt-get install -t wheezy-backports linux-image-3.11-0.bpo.2-686-pae Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131212230317.0c983c58b8cc0e7d2eb38...@gmail.com
Re: Backported Kernel - install question
Hi. On Thu, 12 Dec 2013 21:33:45 +0100 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: On Thu, 2013-12-12 at 21:32 +0100, Ralf Mardorf wrote: I experienced that synaptic for *buntu Saucy is broken, perhaps it's for Debian broken too. Sometimes nothing is inconsistent, but Synaptic claims that a dependency should be broken. After closing and opening Synaptic everything is ok. If apt-get does work, than a not buggy Synaptic must work too ;). apt, aptitude and synaptic handle package install conflicts differently. These tools do the same in trivial situations like installing or removing package from the main archive. But, put a number of packages with the same name and different versions (add versioned dependencies to the picture) - and these 3 tools start behaving differently. Add the fact that any package in backports archive has special version that is _lower_ that any version in main archive - and sometimes these tools may produce funny results. Basically, apt provides you with the most dumb solution possible (works most of the time) - install what you want, upgrade dependencies. Aptitude gives you multiple ways of installing package (and one has to choose carefully) - install what you want, upgrade/downgrade dependencies (and may remove something just for fun :). Synaptic assumes that you are not lazy, and will use Ctrl+E (IIRC, may be wrong) to force particular versions for needed packages. So, it's possible to use Synaptic for the task, it just will violate the great IBM principle - 'People should think, machine should work'. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131213010245.46f9feb53fc50bafd5390...@gmail.com
Re: gdm3 issue
Hi. On Fri, 13 Dec 2013 19:08:07 +0100 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: Except that single doesn't make GDM fail, it doesn't even launch it. It's not the same thing. The result is the same, you won't end up with the option to launch Iceweasel by a launcher on the GNOME desktop ;). It was just an ironical explanation what a single boot option could cause and it's too funny, since the option is called single. You're wrong here: - Nobody forbids the user to start GDM from single-user. - User can press Ctrl+D to escape single-user and proceed to runlevel 2, where GDM will try to start. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131213221655.eca7e61a7c2cffba550ea...@gmail.com
Re: (SOLVED) Re: Backported Kernel - install question
Hi. On Sat, 14 Dec 2013 12:06:15 +0530 Kailash Kalyani listskail...@gmail.com wrote: Apt-get gave me the following error: The following packages have unmet dependencies: linux-image-3.11-0.bpo.2-686-pae : Breaks: initramfs-tools ( 0.110~) but 0.109.1 is to be installed E: Unable to correct problems, you have held broken packages. And so I installed initramfs-tools from wheezy-backports first and then the linux-image-3.11-0.bpo.2-686-pae However, was apt-get correct in not attempting to upgrade initramfs-tools as well? Yes, it was. Compare this: # apt-get install linux-image-3.11-0.bpo.2-amd64 The following information may help to resolve the situation: The following packages have unmet dependencies: linux-image-3.11-0.bpo.2-amd64 : Breaks: initramfs-tools ( 0.110~) but 0.109.1 is to be installed E: Unable to correct problems, you have held broken packages To this: apt-get install -t wheezy-backports linux-image-3.11-0.bpo.2-amd64 The following extra packages will be installed: initramfs-tools Suggested packages: linux-doc-3.11 debian-kernel-handbook The following NEW packages will be installed: linux-image-3.11-0.bpo.2-amd64 The following packages will be upgraded: initramfs-tools Unless you allow apt to search dependencies outside of preferred release (wheezy) - it will try to install from backports only the package you've told it to install (i.e. linux-image). Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131214125254.1cfd76cc50fd9cdf2c4fb...@gmail.com
Re: Changing Hostname?
Hi. On Sat, 21 Dec 2013 22:32:06 -0500 Jon N jdnandr...@gmail.com wrote: It does return the new hostname. But, I started wondering about legal characters. If you remember my old one was 'localhost-01' but in my new one I used an underscore (_). According to netregister.biz/faqit.htm no symbols are usable except the hyphen (-). No accented characters either. So I changed the name again and rebooted once more. This time everything started just fine. You're citing wrong page. Right one is RFC 952, ASSUMPTIONS chapter. http://tools.ietf.org/search/rfc952 Not empty, but if it contains illegal characters it won't make any difference. I didn't find any error messages that would clue me in to the problem (like: Warning, you have illegal characters in your hostname :-)). I did notice on one boot an error message that 'hostname.sh' (in /etc/init.d) had failed, but I searched all my log files and could not find any reference to it at all. I guess not everything you see on screen during boot makes it into one of the log files. Should be there. # echo FOO_BAR /etc/hostname # /etc/init.d/hostname.sh start hostname: the specified hostname is invalid Still, the kernel itself allows one to shoot in the foot: # sysctl -w kernel.hostname=FOO_BAR kernel.hostname = FOO_BAR # hostname FOO_BAR Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131222145525.f03d080cd095463512d51...@gmail.com
Re: bumblebee on laptop
Hi On Mon, 23 Dec 2013 18:09:33 +0200 andrey.ry...@bilkent.edu.tr wrote: hi community! i have asus x550v laptop and two videocard on it: $ lspci|egrep -i 'vga|3d' 00:02.0 VGA compatible controller: Intel Corporation 3rd Gen Core processor Graphics Controller (rev 09) 01:00.0 3D controller: NVIDIA Corporation GK208M [GeForce GT 740M] (rev ff) so i need to install bumblebee for using both videocards. I had done it with debian wiki suggestion: #apt-get install bumblebee primus everything is ok. I can run $optirun glxgears but FPS value is the same as if i used glxgears without optiran! What does it mean? Speed of running of any application should be more high under optiran. Thats output after glxgear finished: 300 frames in 5.0 seconds = 59.952 FPS glxgears should print (it does that here), that: Running synchronized to the vertical refresh. The framerate should be approximately the same as the monitor refresh rate. Try running it like this: vblank_mode=0 glxgears Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131223201644.2e9ae30a61ee05ad01752...@gmail.com
Re: bumblebee on laptop
Hi. On Mon, 23 Dec 2013 20:05:12 +0100 Slavko li...@slavino.sk wrote: Hi, Dňa Mon, 23 Dec 2013 20:16:44 +0400 Reco recovery...@gmail.com napísal: Running synchronized to the vertical refresh. The framerate should be approximately the same as the monitor refresh rate. Try running it like this: vblank_mode=0 glxgears I tried this at my desktop PC (only one VGA - GeForce GT 220). The numbers are with vblank_mode are the same as without this variable and both are cca 60 fps. Which probably means that you're using nvidia-glx, not mesa-glx. And in case of nvidia-glx it is done differently, like this: echo 0/SyncToVBlank=0 ~/.nvidia-settings-rc Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131224100234.29afe23acedfc7bb7f8a2...@gmail.com
Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Hi. On Tue, 24 Dec 2013 08:47:17 +0100 Raffaele Morelli raffaele.more...@gmail.com wrote: I think you should read man pages on shells and privileges first and what a user can do. Can you elaborate please how exactly serving root-owned file with apache is a bad thing for security? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131224115409.10889818aead08a56e8f3...@gmail.com
Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Hi. On Tue, 24 Dec 2013 08:57:36 +0100 Raffaele Morelli raffaele.more...@gmail.com wrote: Keep in mind that if a php script is owned by root user and there's a security hole in it, an attacker can easily access every block of your file system. Executing root-owned php script by www-data user will give you a process which is owned by www-data. Executing root-owned SUID php script by www-data user will give you a process (surprise!) which is owned by www-data. You should try it yourself sometimes. Now, if disks' block devices are owned by www-data too that really can be a problem. Or if disks' block devices had permissions that allowed www-data to read from them. Since in stock Debian configuration there are no such block or char devices - there is no problem. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131224120653.9b50357fb5cab3c9742a7...@gmail.com
Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Hi. On Tue, 24 Dec 2013 09:00:59 +0100 Raffaele Morelli raffaele.more...@gmail.com wrote: php script is owned by root - full system access now, try `su - www-data` and have a look at the shell you are in. there you are if you can get it. # apt-get install apache2 php5-cli … # cat /var/www/test.php EOF ?php sleep(120); ? EOF # ls -al /var/www/test.php -rw-r--r-- 1 root root 146 Dec 24 12:10 /var/www/test.php # su - www-data $ php5 /var/www/test.php $ ps -ef | grep php www-data 5197 5194 0 12:11 pts/000:00:00 php5 /var/www/test.php www-data 5199 5194 0 12:12 pts/000:00:00 grep php I'm still missing your point, I'm afraid. How exactly a process running as a www-data is able to perform full filesystem access? PS Resending to the list, just in case. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131224122548.49c37973293757af349e3...@gmail.com
Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Hi. On Tue, 24 Dec 2013 10:03:15 +0100 Hans-J. Ullrich hans.ullr...@loop.de wrote: Hi Paul, I do not intend to hijack this discussion but I think I have got the same problem! Fist thank you for your explanation. I am following this discussion and I have a similar problem. I made a script, which is calling an application (/usr/bin/cpufreq-set) with additional tags. But I cannot get this script running with root privileges, although I set the setuid bit to root at my scriipt and cpufreq-set is set to owner root:root. I'm not Paul, but that's simple. Setuid bit is ignored for scripts. The reason for it is - the only thing that's able to spawn a process is an executable, which has certain format (ELF for Linux, possibly a.out - that depends on a kernel configuration). Every time you execute a script, you, in fact, are invoking script interpreter (probably /bin/sh in this case), which, in turn, executes your script. So, to make your script work you can: a) Bad idea. Set suid bit on an appropriate script interpreter. b) So-so idea. Write your own BINARY executable and set suid bit on it. c) Good idea. Use sudo(1). Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131224133428.5b2d85b7e0e0ebd1ef053...@gmail.com
Re: Debian Wheezy Compromised - www-data user is sending 1000 emails an hour
Hi. On Tue, 24 Dec 2013 09:59:39 +0100 Raffaele Morelli raffaele.more...@gmail.com wrote: Yes, I missed this point. BTW, as I don't want to rewrite someone else system security rules, let's say that: MY best practice is to have www-data or any other NON-root user as the scripts owner. So, basically you're allowing any php script to rewrite any php script with an arbitrary contents. An interesting policy, to say the least. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131224133752.9a8f118c07350cc0bf756...@gmail.com
Re: bumblebee on laptop
On Tue, 24 Dec 2013 11:37:45 +0100 Slavko li...@slavino.sk wrote: Hi, Thanks, i will try it. But i see, that you know more than I about this. Please, can you describe me in short, what are differences between usage the mesa-glx and the nvidia-glx? The way I see it - nvidia-glx and mesa-glx are different implementations of libGL.so (and friends). Mesa-glx is a free software. Nvidia-glx is not a free software. Mesa-glx can work with any xorg video module they put into Debian main archive. Nvidia-glx can work with 'nvidia' xorg video module only, and they put it into non-free Debian archive along with nvidia-glx. From the user's point of view, the difference between mesa-glx and nvidia-glx lies in the number of OpenGL extensions supported. Are there some disadvantages or so? It is possible and not dangerous to mix the nvidia driver and mesa-glx? Simple mixing won't work, in my experience. For example, trying to run 'glxgears' linked against nvidia-glx on the X server running 'intel' xorg module ends with: Xlib: extension NV-GLX missing on display xxx. In Debian, at least, they provide 'glx-alternative-*' packages which allows the user to switch between different implementations of GL.so. Now, they say there's that 'bumblebee' project, which allows to run an X client on a NVIDIA video card while drawing on the Intel video card, but: a) The way I undestand it, their 'optirun' wrapper is preloading nvidia-glx GL.so to an executable, while everything is linked against mesa's GL.so. b) Luckily I don't have the hardware for which 'bumblebee' is necessary. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131224145629.8d02926170286a2e6850e...@gmail.com
Re: Default Desktop Environment in Jessie
Hi. On Tue, 24 Dec 2013 17:37:37 +0600 Muntasim-Ul-Haque tranjees...@inventati.org wrote: Hi, Recently I've noticed hype regarding XFCE as the probable default desktop environment in Debian Jeesie. It's going to replace GNOME. But does it matter that much? Never underestimate the power of default settings. XFCE by default means that more Debian users will use XFCE. I mean, GNOME would be a desktop environment option, if not default. What's the big deal about being the default DE? Most of the users are too lazy (or unable to) to choose their DE. So, if someone (Debian project in this case) made this choice for them - they'll use whatever was chosen for them. How much it differ being the default DE and being one of the DE? Given that other DE is one 'apt-get' from you? Not that much. Given that gdm3 requires (in Debian testing, at least) systemd - that may mean many things. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131224160219.cf415e9b2c4e3a952725c...@gmail.com
Re: Off-topic: Gmail Grrrr.
Hi. On Tue, 24 Dec 2013 12:55:23 +0100 Ralf Mardorf ralf.mard...@alice-dsl.net wrote: I want to have different profiles on Linux machines to have different settings, different histories without changing the user. A classic example of a 'XY problem', Ralf. What problem are you trying to solve with this approach? Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131224160515.1a7721e645c97fd6062f4...@gmail.com