ess CPU
work for the kernel too. I believe that's the "route" action in
fail2ban.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
llions of servers worldwide.
Think: reverse proxies (e.g. nginx) and backend app servers.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
iled boot at next boot.
Anything that involves grub having to interact with LVM just seems
really fragile.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
o it. I just wanted to say that possibly your questions may reach
a better audience if they were sent to mailop mailing list:
https://mailop.org
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
On Tue, May 14, 2024 at 05:01:31PM +, fxkl4...@protonmail.com wrote:
> don't y'all have any thing better to do
You must be new here.
Get used to reading with a "mark thread read" key in your MUA of
choice, is my best advice.
Thanks,
Andy
--
https://bitfolk.com/ -- No
or all the distress this
matter has caused you.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ccessing-all-your-stuff-with-a-zero-trust-mesh-vpn/
I still wouldn't want to automated a config push/pull to a laptop
over a mesh VPN I think, but others have mentioned that you can do
Ansible in a pull mode.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
day in search of profit. Which is their right.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
upstream yourself, or pay them to do the
packaging work that you used to get for free.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ue, is totally
lost.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
eeds to have a good
hard look at their biases. Which is another part of this massive
social problem. It's such a distraction. And here we are in a thread
that started with a bug in a 30+ year old setgid binary.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
n some effort, and that "enough eyes make all bugs shallow"
doesn't hold true unless the process is actually providing those
eyes.
I have no answers on how to fix such a deep-rooted societal problem
but I am not going to start yelling obscenities at people on public
mailing lists because
was not safe to do so, since the
ext4 corruption bug of December 2023.
What were you thinking of?
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
that "write" and "wall" in Debian had setgid removed after this.
https://salsa.debian.org/debian/util-linux/-/commit/c4be137b4b09a855713c1f4d052dfee773c4ad3b
https://metadata.ftp-master.debian.org/changelogs//main/u/util-linux/util-linux_2.39.3-11_changelog
Thank
ect to being taught to fish, here is your fish:
https://lists.debian.org/debian-security-announce/2024/msg00057.html
Bon appetit.
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
On Fri, Mar 29, 2024 at 07:02:54PM +0100, Kamil Jońca wrote:
> Andy Smith writes:
> > https://www.openwall.com/lists/oss-security/2024/03/29/4
> >
> > (Upstream xz/lzma project compromised, hostile code inserted into
> > sshd in Debian sid and other lead
s people do bad stuff to good software".
Sounds like it'll be an interesting story though. It's going to
drive a lot of conspiracy theories.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
On Fri, Mar 29, 2024 at 05:43:22PM -, Curt wrote:
> On 2024-03-29, Andy Smith wrote:
> >>
> >> It makes no fucking difference, because your important data is elsewhere
> >> and completely out of your control.
> >
> > I WAS going to gently
her leading edge distros.)
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
op the "-systemd" if you prefer a cron job
equivalent)
apticorn is mentioned in the Debian Administrator's Handbook which
is worth a read even though it only covers up to Debian 11.
https://www.debian.org/doc/manuals/debian-handbook/sect.regular-upgrades.en.html
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
d now.
Looking at all of my sessions, the terminal file for all of them is
group writeable despite "TTYPERM 0600" being in /etc/login.defs.
$ ls -la $(tty)
crw--w 1 andy tty 136, 0 Mar 28 16:33 /dev/pts/0
$ mesg
is y
$ mesg n
$ ls -la $(tty)
crw--- 1 andy tty 136, 0 M
Hello,
On Thu, Mar 28, 2024 at 11:24:08AM -0400, Greg Wooledge wrote:
> On Thu, Mar 28, 2024 at 01:30:32PM +0000, Andy Smith wrote:
> > https://www.debian.org/doc/manuals/debian-handbook/
> >
> > This has a chapter on security, so possibly it would be appropriate
&g
On Thu, Mar 28, 2024 at 12:28:56AM -0400, Lee wrote:
> On Wed, Mar 27, 2024 at 10:07 PM Andy Smith wrote:
> >
> > Hi,
> >
> > On Wed, Mar 27, 2024 at 05:30:50PM -0400, Lee wrote:
> > > I just saw this advisory
> > > Escape sequence injection in uti
onable for most people.
It's been almost 30 years since I used it for anything useful.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
to "mesg n" into a file in /etc/profile.d so
that all users execute it.
Thanks,
Andy
¹ The next update of bsdutils will complain it can't write that file.
--
https://bitfolk.com/ -- No-nonsense VPS hosting
does actually turn
out to be Debian there might be bugs to report.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
longer possible to tell if that does
anything useful.
I most likely will not be replacing these devices when they fail.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
g packaged, other
than there being maintainers to do it.
You may like to submit a Request For Packaging bug for one or both,
though again, may not get very far unless someone is already
interested in doing it.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
and hope for the best.
Next time, please think about it.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
g the live media they installed from
and expecting it to be their installed system.
I don't know why their bootloader ends up misconfigured.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
I think it may have installed but something is wrong with the
bootloader setup.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ree weeks on and some have made essentially the same statements
three times over by now.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
check the journal.logfiles file I mentioned
above to check that it is actually set up to read from journald.
Good to know that logcheck has patterns for matching journald logs
though.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
set "backend = journald" in
/etc/fail2ban/jail.conf or its usual local override, but I have not
tested this as I still use rsyslogd.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ugh that may be a big job as I think all the sample pattern files
for logcheck are still geared towards rsyslogd's format, not
journald's.
Myself, I still use logcheck with rsyslogd on Debian 12.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
it gets back to me. One of the
> problems with dkim is that you assume it still works, it's hard to know
> what others actually see...
Adding DMARC and a reporting address gets you far more unwelcome
insight into what others do.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ree to preserve DKIM since
I know at least some of them are severely opposed to DKIM.
Your mailbox provider really should not be rejecting everything that
has a broken DKIm signature. This email from me will probably have a
broken DKIM signature.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ail, this is an indication that this
mailing list was not the correct place to send it to in the first
place.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
NSSEC. I wouldn't be surprised if there were some,
but again, I don't know what your threat model is so I'm not
suggesting this matters.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
y" operate, if the sender
> doesn't use DMARC? This idea seems to relate more to SPF than
> anything?
gmail's own policy is quarantine so if you send from somewhere that
isn't gmail, while pretending to be from a gmail property, gmail
indicates that it wishes¹ for your email to be qu
m subscribed to mailop (though don't read it as often as I
> should!) but from a mail search there doesn't seem to have been
> anything there about this recently.
This has been discussed at length on mailop since well back in 2023.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
On Wed, Feb 28, 2024 at 04:47:59PM +0100, Kamil Jońca wrote:
> Andy Smith writes:
> > Once you enable lingering for a user, that user's timers will
> > trigger all the time.
>
> IIRC lingered user cannot be "normal" with session and so on. Am I
> wr
he output (if any) is very convenient and is tricky
(but not impossible) to replicate with systemd timers.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ble
that cron soon doesn't get installed on many systems and
increasingly becomes a curiosity, but since it will have to stick
around until the last package stops shipping (only) a cron job,
arguably it still remains in the archive for a very long time yet.
Thanks,
Andy
--
https://bitfolk.
TB
sdd Samsung_SSD_870_EVO_4TB
sde ST4000LM016-1N2170
sdf ST4000LM016-1N2170
sdg SuperMicro_SSD
sdh SuperMicro_SSD
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
e near the surface. Neither method has yet proven to be
accurate, which is why they aren't certified as a medical device in
UK.
You can learn all about it by searching "non-invasive blood glucose
monitoring"
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
een so it is possible to switch to the
different terminal by the usual Screen key combinations, e.g. ctrl-a
then space. This was not obvious to me for many years.
Perhaps it is the same on the network console?
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
a
wiki article on that and perhaps a link to that from the existing
one on bonded Ethernets.
So in summary, I don't think ifenslave can actually be purged from
history, but some useful steps could possibly be taken towards its
deprecation - first involving actually documenting the new thing.
Thanks
Hi,
On Sun, Feb 25, 2024 at 09:17:15AM +1100, Zenaan Harkness wrote:
> On 2/24/24, Andy Smith wrote:
> > On Sat, Feb 24, 2024 at 01:35:14PM +1100, Zenaan Harkness wrote:
> >> I wrote:
> >> > You seem by now to have ignored multiple messages where it was m
what our software accepts is untenable in the face of a hostile
Internet.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
hough I know they are for
most as they actually are approved. So it's daily finger prick for
me for the foreseeable.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
cal
reasons!"
Meanwhile I'd just appreciate hearing from actual users of it, since
I might be one, one day.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
thing else in the
> current Debian bookworm?
What you describe is still the bonding driver, just without the use
of the "ifenslave" command. The very first reply to you in this
thread was from me pointing you at the teaming driver.
…which I have never used nor yet tried to use. But it *is* meant to
replace/succeed the bonding driver.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
pset, accusing others of
being "woke" and "activists", but somehow they are the ones making
all the noise.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
l us about, even though you
asked them not to, and very little to say on the actual technical
facts they claim to care about.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
On Fri, Feb 23, 2024 at 10:33:08AM +0100, Mariusz Gronczewski wrote:
> It would *literally* break every single script that checks the status
> of bonding config in system, as it is all just plain text.
Unless a different driver was made instead. Which is what actually
happened.
Thanks
just google for random tidbit
> of which project did waste time on that ?
Roger is responding to a statement of there being no other, with the
info that there is at least one other.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ctions and anyone who has any ideas about how they can be
improved will be expected to join in — as a volunteer — not pitch a
commercial solution.
> May I present what we can do for you?
Ask not what Debian can buy from you, Ray, but what you can freely
contribute to Debian.
Thanks,
Andy
e used the bonding
driver since before the teaming driver existed, so there's been some
inertia against me learning a new thing.
It would be good to see more use and examples for libteam to help
people like me¹ feel more confident in switching.
If you proceed with it, how about making a page on the Debian
ll be remapped. As long as the remapped sector count doesn't
keep going up I'd be fairly comfortable in continuing to use the
drive (assuming backups exist) s while longer.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
anuals/debian-handbook/sect.regular-upgrades.en.html
The configuration options are also described in the man page for
apt.conf.
https://manpages.debian.org/bookworm/apt/apt.conf.5.en.html#PERIODIC_AND_ARCHIVES_OPTIONS
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
" every day and then notifies you
about available package upgrades.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
t I don't expect to agree with 100% of
them. That's OK.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
pgrade / unattended-upgrade). You have to set things like
APT::Periodic::Update-Package-Lists to 1.
It's been there since Debian 9 (stretch) IIRC.
The handbook has stuff about it.
https://debian-handbook.info/browse/stable/sect.regular-upgrades.html
Thanks,
Andy
--
https://bitfolk.com/ -- No-no
Hi,
On Mon, Feb 19, 2024 at 10:06:23PM -0500, gene heskett wrote:
> Andy, look at that CET after my name in the sig, that stands for Certified
> Electronics Tachnician.
There isn't a polite way to say this really but unfortunately I am
unable to take you seriously as you've posted s
y.
Yeah I skipped that thread the first time around owing to its
subject line containing "urban legends".
> consider searching this very list's archives.
Moments of my life I will never get back, and no more authoritative
sources unfortunately!
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
etworkManager that your connection is metered should
stop it.
> I disable the timers, thanks
I don't think it's any of the systemd timers or unattended-upgrades.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ompletely.
I've never heard of this. I did a bit of searching around and all I
can find is assertions that cable colour doesn't matter for SATA. I
can't seem to find anything about red pigment damaging the copper.
Have you got a reference so I can learn more?
Thanks,
Andy
--
https://bi
links.
I can tell you how hardlinks work but I can't tell you how
Timeshift or Back In Time work as I have never used them. So you
might want to alter your subject line, because your email goes on
only to ask how these solutions work
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
cogent argument. So say if that's
the case and we can just move on.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
bits
manually rm'd, resolv.conf whacked with chattr +i and so on, so
it's also no surprise to me that this is difficult to debug.
David's suggestion of starting with a minimal install might be the
only way to do it.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
On Fri, Feb 16, 2024 at 02:02:59PM -0600, David Wright wrote:
> On Fri 16 Feb 2024 at 14:48:12 (+), Andy Smith wrote:
> > No, because it's a filesystem label for the ext4 fs created on
> > /dev/sdz1. If sdz1 is turned into an LVM Physical Volume, there
> > won't
Hi,
On Thu, Feb 15, 2024 at 08:44:26PM -0500, gene heskett wrote:
> On 2/15/24 15:45, Andy Smith wrote:
> > MD RAID isn't the only way to achieve redundancy. You also haven't
> > explained why you need LVM. Depending on your needs, maybe a
> > filesystem with redundancy
squeeze out all along.
You've not yet been clear about what you want, but from what little
information you have provided you've been told multiple times by
multiple people that filesystem labels won't help.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
On Fri, Feb 16, 2024 at 01:16:59AM -0500, gene heskett wrote:
> On 2/15/24 16:20, Andy Smith wrote:
> > Suppose you have the MD array /dev/md42. What are you conceptually
> > wanting to do with that in relation to labels of some kind? What
> > informatio
that since I
know you've been posting about that a lot and clearly have decided
to push ahead. I just think you haven't seen the end of the problems
with that issue.
Regards,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
On Thu, Feb 15, 2024 at 03:19:54PM -0500, gene heskett wrote:
> On 2/15/24 11:21, Andy Smith wrote:
> > You asked if "labels" would survive their associated partition being
> > put into LVM.
> >
> > I said, "yes if you mean partition names, no if y
Hello,
On Thu, Feb 15, 2024 at 05:32:34PM +, debian-u...@howorth.org.uk wrote:
> Andy Smith wrote:
> > Do remember that this mailing lists does not accept attachments (and
> > very few mailing lists in general do), so any time you are tempted
> > to send a ph
Hi,
On Wed, Feb 14, 2024 at 09:56:07PM -0500, gene heskett wrote:
> > On 2/14/24 19:48, Andy Smith wrote:
> > > I hope you are putting a level of redundancy under that LVM or are
> > > using the redundancy features of LVM (which you need to go out of
> > > your
Hi,
On Wed, Feb 14, 2024 at 08:48:31PM -0500, gene heskett wrote:
> On 2/14/24 19:48, Andy Smith wrote:
> > On Wed, Feb 14, 2024 at 05:09:02PM -0500, gene heskett wrote:
> > > I have made 1 full partiton om each one, a labeled those partitions as
> > > SiPwr_0 and SiPw
Hi,
On Wed, Feb 14, 2024 at 09:06:43PM -0500, gene heskett wrote:
> On 2/14/24 19:48, Andy Smith wrote:
> > But your chosen partition names don't make a lot of sense to me.
> > You've picked names based on the type/manufacturer of device so you
> > may as well have just use
or are
using the redundancy features of LVM (which you need to go out of
your way to do). Otherwise by default what you'll have is not
redundant and a device failure will lose at least the contents of
that device, possibly more.
Regards,
Andy
¹ and while you are there, maybe a post-it note with &quo
not enlighten us to how any particular entry
may have been added to that file.
I guess at some point something called update-locale with LC_ALL=C
or something.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
approximate
replacement for this is the package "reboot-notifier".
On the same theme there is also "needrestart" which will tell you
which daemons need to be restarted after libraries have been
upgraded.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
?
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
in the mount options of
most filesystems and then they will do online discard as they go,
but there is not usually any need to do this.
Also LVM has a discard option. It is on by default and all this does
is trigger a discard when you remove an LV. Again that is best left
on by default.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
ing.
Why can Gene not locate "iname" when it's right there in the "find"
man page? Mind boggling.
Why can Gene not type "how do I use GNU find to find a file by
name" into a web search engine and read any of the several links on
the first page of results? Mind
queries so to get any sort of meaningful answer to this you'd have
to show us what exactly you tried.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
On Thu, Feb 08, 2024 at 04:22:49PM -0500, Gremlin wrote:
> On Thu, Feb 08, 2024 at 08:43:17PM +0000, Andy Smith wrote:
> > I really do mean all forms of USB that come over a USB port.
>
> That line was meant to read
>
> I really do mean all forms of storage that
ent, I do still wish you
what I consider to be continued good fortune!
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
On Thu, Feb 08, 2024 at 03:56:19PM -0500, Gremlin wrote:
> On 2/8/24 15:43, Andy Smith wrote:
> > I wouldn't have much issue with taking a USB drive out of its caddy
> > to get the SATA drive from inside, except that it would have to be
> > an amazingly good deal to
On Thu, Feb 08, 2024 at 08:43:17PM +, Andy Smith wrote:
> I really do mean all forms of USB that come over a USB port.
That line was meant to read
I really do mean all forms of storage that come over a USB port.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
except that it would have to be
an amazingly good deal to make it worth voiding the warranty, so I
generally wouldn't bother.
If I need directly attached storage I'd much rather explore options
like SAS and eSATA, or even networked storage, before I would ever
consider USB for a permanent instal
Hello,
On Thu, Feb 08, 2024 at 05:40:54PM +0100, Ralph Aichinger wrote:
> On Thu, 2024-02-08 at 15:36 +0000, Andy Smith wrote:
> > I learned not to go there a long time ago and have seen plenty of
> > reminders along the way from others' misfortunes to not ever go
> > there a
Hello,
On Fri, Feb 09, 2024 at 12:23:45AM +0700, Max Nikulin wrote:
> On 08/02/2024 22:36, Andy Smith wrote:
> > On Wed, Feb 07, 2024 at 03:30:29PM -0500, gene heskett wrote:
> > > [629241.074187] scsi host37: usb-storage 1-2:1.0
> >
> > USB storage is for phones an
Hi,
On Thu, Feb 08, 2024 at 11:14:24AM -0500, Gremlin wrote:
> On 2/8/24 10:36, Andy Smith wrote:
> > USB storage is for phones and cameras etc, not for serious
> > computing. Many people will disagree with that statement and say
> > they use it all the time and it is fine.
d luck.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
On Sun, Jan 28, 2024 at 06:55:04PM +, Andy Smith wrote:
> So, I must admit, I am quite tempted by BX1600MI which would cost me
> about £183. The equivalent spec in the Pro range is more than twice
> this price.
[ TL;DR: While free software like apcupsd or nut support all APC
en the 4K device is
formatted to only do 4K though; most "Advanced Format" devices can
do both 512b and 4K.
If you are trying to do tiered storage you may have more luck with
dm-cache, zfs, bcache or (the only recently upstreamed) bcachefs.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
count, and that is often going to be
the flash-based device.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
1 - 100 of 2571 matches
Mail list logo