Re: dropbox security situation

[tomas]

On Tue, Dec 10, 2019 at 09:57:14PM -0500, Celejar wrote:
> On Sun, 8 Dec 2019 06:48:12 +0100
>  wrote:
> 
> ...
> 
> > One example for the other side of the pond is riseup.net -- but they
> > don't offer nextcloud, afaik; mail, mailing lists, wikis, pastebin,
> > off the top of my head.
> 
> And they have a .. very particular ideology they're pushing:

Fine by me. If you don't like them -- just ignore them. We're all
grown-ups, ain't we?

Cheers
-- t


signature.asc
Description: Digital signature

Re: dropbox security situation

[riveravaldez]

On 12/10/19, Celejar  wrote:
> On Sun, 8 Dec 2019 06:48:12 +0100
>  wrote:
>
> ...
>
>> One example for the other side of the pond is riseup.net -- but they
>> don't offer nextcloud, afaik; mail, mailing lists, wikis, pastebin,
>> off the top of my head.
>
> And they have a .. very particular ideology they're pushing:
>
> "Our purpose is to aid in the creation of a free society, a world with
> freedom from want and freedom of expression, a world without oppression
> or hierarchy, where power is shared equally. We do this by providing
> communication and computer resources to allies engaged in struggles
> against capitalism and other forms of oppression.""
>
> Celejar
>
>

"Free society", "freedom", "freedom of expression", "without
oppression"..., seems pretty "debian ideology" to me. Not so "very
particular"...

Anyway, "ideology" is being misused, btw.

Re: dropbox security situation

[Celejar]

On Sun, 8 Dec 2019 06:48:12 +0100
 wrote:

...

> One example for the other side of the pond is riseup.net -- but they
> don't offer nextcloud, afaik; mail, mailing lists, wikis, pastebin,
> off the top of my head.

And they have a .. very particular ideology they're pushing:

"Our purpose is to aid in the creation of a free society, a world with
freedom from want and freedom of expression, a world without oppression
or hierarchy, where power is shared equally. We do this by providing
communication and computer resources to allies engaged in struggles
against capitalism and other forms of oppression.""

Celejar

Re: [OT] Google security

[John Hasler]

The Wanderer writes:
> Hmm. In my lexicon, crimes are defined by statute. How does your
> definition differ?

Crimes are acts that intentionally harm people (with a few exceptions
and special cases).  Statute violations are acts or states (e.g,
possession of certain substances or objects) that a government has
decided to punish people for.  Often they coincide.  Often they don't
(see Andrei's example of it being a "crime" to listen to certain radio
stations).
-- 
John "When I use a word it means just what I choose it to mean"  Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: dropbox security situation

[Celejar]

On Tue, 10 Dec 2019 21:43:55 +
Brian  wrote:

> On Mon 09 Dec 2019 at 18:35:46 -0500, Celejar wrote:
> 
> > On Mon, 9 Dec 2019 19:34:29 +
> > Brian  wrote:
> > 
> > > On Mon 09 Dec 2019 at 14:10:56 -0500, Celejar wrote:
> > 
> > ...
> > 
> > > > Although I almost always use it with its --secure option, since I
> > > > don't try to memorize passwords, but instead record them (in a plain
> > > > text file) - who can remember hundreds of passwords?
> > > 
> > > Indeed. Memorising is part of the password problem. I've indicated a
> > > possible solution that does not rely on the fallibility of memory in 
> > > another mail.
> > > 
> > > Your plain text storage method would benefit immensley from using the
> > > scrypt package.
> > 
> > I understand that many recommend encrypting the password store, but I
> > haven't yet done this. 'pass', recommended by Jonas in another message
> > in this thread, uses gpg to do this, and your recommendation of scrypt,
> > IIUC, would serve a similar goal.
> 
> Except is does not bring with it all the baggage of full disk encryption
> and gpg and does one thing very well.

Baggage of FDE? I'm using it anyway, so there is literally zero
additional baggage involved. There isn't really much baggage involved
to begin with - it's not too difficult to set up, and it requires no
maintenance once set up, beyond either backing up the LUKS header
material (I don't bother with that) or having good backups of your data
(which you need anyway).

If you aren't using FDE, then you have to start worrying about every
single piece of software that stores sensitive data on disk (or whose
sensitive data may get cached somewhere on disk). It seems to me that
just using FDE actually involves much less baggage than tracking down
all such cases and integrating something like scrypt on a case by case
basis.

Celejar

Re: dropbox security situation

[Brian]

On Tue 10 Dec 2019 at 22:11:33 +, Brian wrote:

> On Tue 10 Dec 2019 at 22:34:07 +0100, l0f...@tuta.io wrote:
> 
> > 9 déc. 2019 à 19:13 de a...@cityscape.co.uk:
> > 
> > > How about not having to remember (or write down) any passwords for
> > > the places you log in to?
> > >
> > > https://masterpassword.app/
> > >
> > > Not in Debian, unfortunately.
> > >
> > Interesting.
> > However, I presume that a specific password modification should not be very
> > easy because it seems you rely on a rather fixed encryption seed...
> 
> Modifying a password with the masterpassword app is simplicity
> itself. There is no fixed encryption seed.
> 
> We have had comments about the difficulty of remembering passwords,
> complex or not and writing down passwords and storing and accessing
> them has been touched on. The masterpassword app gets all of these
> issues.

"gets round". Not "gets".

-- 
Brian.

Re: dropbox security situation

[Brian]

On Tue 10 Dec 2019 at 22:34:07 +0100, l0f...@tuta.io wrote:

> 9 déc. 2019 à 19:13 de a...@cityscape.co.uk:
> 
> > How about not having to remember (or write down) any passwords for
> > the places you log in to?
> >
> > https://masterpassword.app/
> >
> > Not in Debian, unfortunately.
> >
> Interesting.
> However, I presume that a specific password modification should not be very
> easy because it seems you rely on a rather fixed encryption seed...

Modifying a password with the masterpassword app is simplicity
itself. There is no fixed encryption seed.

We have had comments about the difficulty of remembering passwords,
complex or not and writing down passwords and storing and accessing
them has been touched on. The masterpassword app gets all of these
issues.

-- 

Brian.

Re: [1/2HS] Serveur de messagerie perso, mails considérés comme spams et blacklistés

[Haricophile]

Le Fri, 6 Dec 2019 11:39:33 +0100,
Eric Degenetais  a écrit :

> Par contre ça ne fait pas tout, ces derniers mois j'ai subi des revers
> répétés en tantant d'envoyer des messages (depuis laposte.net ou
> orange, donc pas des systèmes persos ou des acteurs mineurs qui ont du
> mal à se faire entendre) avec pièces jointes vers certains
> prestataires de mail ...

Orange et bien plus encore La Poste... pas des acteurs mineurs, mais pas non
plus des acteurs qui se préoccupent beaucoup des clients qui ne font pas des
très gros chèques.

Personnellement je suis chez Ovh depuis le début (quand Octave était encore en
association et au bahut) et je n'ai été ennuyé que 2 fois : 

- La première fois quand Caramail a effondré une bonne partie de la messagerie
  mondiale avec leurs configurations moisies ! Comme c'était une première
  dans le genre attaque DoS géante mais involontaire, ils ont fait faire
  beaucoup de progrès d'un coup aux admins, après plus personne n'a présumé que
  tout le monde faisait bien son boulot ! Je présume que ça a bien servi par la
  suite contre des attaques volontaires.

- La seconde fois pour m'être fait "grey-listé" par un spameur utilisant mes
  coordonnées. Ça a duré quelques heures parce que je n'ai rien fait en
  attendant que la grey-list me débloque automatiquement. Bref, en 20 ans
  d'utilisation, je ne me plains pas.

Je ne fais pas de pub spécifiquement pour OVH, mais pour se payer un nom de
domaine et un service payant (où l'on n'est pas le produit mais un client)
avec une qualité et continuité de service meilleure qu'en auto-hébergé, au
moins pour faire le relais. Ça n'a pas un coût annuel insupportable.

Re: Disc ssd no hi és

[Teo-System Gmail]

Ho faré així a veure que passa.El meu agraïment Alex
Salut


El dt. 10 de 12 de 2019 a les 21:23 +0100, en/na Alex Muntada va
escriure:
> Hola Eugèni,
> > El primer s.o. és un disc hd que faig servir, el segon un s.o.en
> > ssd que funcionava de perles i de sobte ha desaparegut.No està a
> > bios (sata driver 0 none) i per tant quan tracte decercar i
> > reparar-lo és inútil perque no esta o al menys noapareix amb cap
> > dels comandos per veure particions.De tant en tant pel seu compte
> > fá acte de presència i arrancaper tornar a estar missing aviat
> 
> Jo apostaria perquè hi ha algun cable fluix o que el disc
> estàrealment fotut. Pots provar de treure'l i connectar-lo en unaltre
> ordinador per confirmar si en l'altre passa el mateix,cosa que
> voldria dir que el que falla és el disc.
> Salut!Alex
> --  ⢀⣴⠾⠻⢶⣦⠀  ⣾⠁⢠⠒⠀⣿⡁   Alex Muntada   ⢿⡄⠘⠷⠚⠋   Debi
> an Developer  log.alexm.org  ⠈⠳⣄

Re: dropbox security situation

[Brian]

On Mon 09 Dec 2019 at 18:35:46 -0500, Celejar wrote:

> On Mon, 9 Dec 2019 19:34:29 +
> Brian  wrote:
> 
> > On Mon 09 Dec 2019 at 14:10:56 -0500, Celejar wrote:
> 
> ...
> 
> > > Although I almost always use it with its --secure option, since I
> > > don't try to memorize passwords, but instead record them (in a plain
> > > text file) - who can remember hundreds of passwords?
> > 
> > Indeed. Memorising is part of the password problem. I've indicated a
> > possible solution that does not rely on the fallibility of memory in 
> > another mail.
> > 
> > Your plain text storage method would benefit immensley from using the
> > scrypt package.
> 
> I understand that many recommend encrypting the password store, but I
> haven't yet done this. 'pass', recommended by Jonas in another message
> in this thread, uses gpg to do this, and your recommendation of scrypt,
> IIUC, would serve a similar goal.

Except is does not bring with it all the baggage of full disk encryption
and gpg and does one thing very well.

-- 
Brian.
 
> I don't want to have to constantly enter a master password to access my
> passwords. pass recommends using gpg-agent, but then how much does one
> really gain by the encryption? I use full disk encryption (cryptsetup /
> LUKS), so the password file is secure at rest, and when I'm actually
> using the system, if gpg-agent is used, then anyone with access to the
> machine can access the password file anyway. I guess one gets some
> additional security in the case where one walks away from
> the machine and leaves it running (and an attacker doesn't get there
> before gpg-agent evicts the password from the cache), and similar cases.
> 
> I admit that I'm not that familiar with gpg-agent, and am no expert in
> the topics under discussion. Please feel free to explain / remind
> me of aspects of the issues that I'm missing.
> 
> Celejar
> 

Re: Docker-Zimbra

[Eriel Perez]

Gracias por responder.
Bueno, el problema es que no me da ni siquiera un error. lo corro en docker
y no me abre. :(

es como que los puertos estan bloqueados.

El mar., 10 dic. 2019 a las 15:50, Eduardo Visbal ()
escribió:

> Eriel, te esta dando algún error en especifico cuando lo ejecutas ?
>
>
>
>
> *Eduardo VisbalLinuxero #440451http://esdebianfritto.blogspot.com/
> *
>
>
> El mar., 10 dic. 2019 a las 15:34, Eriel Perez ()
> escribió:
>
>> Hola lista.
>>
>> Alguin aqui ha realizado con exito la instalacion de zimbra con docker?
>>
>> [https://wiki.zimbra.com/wiki/Deploy_Zimbra_Collaboration_using_docker]
>>
>> Slds.
>>
>>

Re: dropbox security situation

[l0f4r0]

Hi,

9 déc. 2019 à 15:56 de charlescur...@charlescurley.com:

> There is a handy password generator available on Debian, called APG
> (Automated Password Generator), which will generate passwords for you.
> The default settings yield a fairly strong password, but you can modify
> those to make the results even stronger.
>
Thanks, didn't know so much about CLI password managers.
Personnally, I like GUI ones, especially, I've been using KeePassXC for 1,5 
year and I'm very satisfied with it.
Previsoulsy, I used KeePassX but I changed because it wasn't maintained...
And before that it was KeePass.
=> In short, I've always been loyal to "KeePass*" family ;p

9 déc. 2019 à 19:13 de a...@cityscape.co.uk:

> How about not having to remember (or write down) any passwords for
> the places you log in to?
>
> https://masterpassword.app/
>
> Not in Debian, unfortunately.
>
Interesting.
However, I presume that a specific password modification should not be very 
easy because it seems you rely on a rather fixed encryption seed...

9 déc. 2019 à 21:17 de jhas...@newsguy.com:

> Bruce Schneier recommends writing passwords down and then keeping the
> document containing them secure.
>
I see at least one main drawback, especially in private life/context: you need 
to have your "document" with you at any time while being secure.

10 déc. 2019 à 00:35 de cele...@gmail.com:

> I don't want to have to constantly enter a master password to access my
> passwords. pass recommends using gpg-agent, but then how much does one
> really gain by the encryption? I use full disk encryption (cryptsetup /
> LUKS), so the password file is secure at rest, and when I'm actually
> using the system, if gpg-agent is used, then anyone with access to the
> machine can access the password file anyway.
>
I think it's part of defense in depth (onion model).

Best regards,
l0f4r0

Re: Docker-Zimbra

[Eduardo Visbal]

Eriel, te esta dando algún error en especifico cuando lo ejecutas ?




*Eduardo VisbalLinuxero #440451http://esdebianfritto.blogspot.com/
*


El mar., 10 dic. 2019 a las 15:34, Eriel Perez ()
escribió:

> Hola lista.
>
> Alguin aqui ha realizado con exito la instalacion de zimbra con docker?
>
> [https://wiki.zimbra.com/wiki/Deploy_Zimbra_Collaboration_using_docker]
>
> Slds.
>
>

Re: Disc ssd no hi és

[Alex Muntada]

Hola Eugèni,

> El primer s.o. és un disc hd que faig servir, el segon un s.o.
> en ssd que funcionava de perles i de sobte ha desaparegut.
> No està a bios (sata driver 0 none) i per tant quan tracte de
> cercar i reparar-lo és inútil perque no esta o al menys no
> apareix amb cap dels comandos per veure particions.
> De tant en tant pel seu compte fá acte de presència i arranca
> per tornar a estar missing aviat

Jo apostaria perquè hi ha algun cable fluix o que el disc està
realment fotut. Pots provar de treure'l i connectar-lo en un
altre ordinador per confirmar si en l'altre passa el mateix,
cosa que voldria dir que el que falla és el disc.

Salut!
Alex

--
  ⢀⣴⠾⠻⢶⣦⠀
  ⣾⠁⢠⠒⠀⣿⡁   Alex Muntada 
  ⢿⡄⠘⠷⠚⠋   Debian Developer  log.alexm.org
  ⠈⠳⣄



signature.asc
Description: PGP signature

Re: Disc ssd no hi és

[Narcis Garcia]

A mi em dóna més la impressió d'un mal contacte físic. Has provat a
canviar el cable S.ATA ?




__
I'm using this express-made address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
El 10/12/19 a les 21:09, Teo-System Gmail ha escrit:
> Hola tinc un problema amb un dels dues s.o. que tinc en debian buster .
> El primer s.o. és un disc hd que faig servir , el segon un s.o. en ssd
> que funcionava de perles i de sobte ha desaparegut.
> No està a bios (sata driver 0 none) i per tant quan tracte de cercar i
> reparar-lo és inútil perque no esta o al menys no apareix amb cap dels
> comandos per veure particions.
> De tant en tant pel seu compte fá acte de presència i arranca per tornar
> a estar missing aviat , es una verdadera pena perque funciona molt
> millor que el hd que gaste.
> Me dona que la cosa vá de firmware , alguna actualització, no se ...
> El meu pc de sobretaula Think pad de lenovo. Alguna idea?.
> 
> Moltes gràcies per adelantat 
> 
> 
> 
> PD. Eugèni

Re: Previous versions of Debian GNU/Linux

[Berkhan Berkdemir]

I think you meant to say releases. You can check Debian Releases [0], which
all
stable, and oldstables in that page.

[0]: https://www.debian.org/releases/
--
Please excuse any tpyos as it was sent from my Android.

Berkhan Berkdemir
www.berkhanberkdemir.com

On Tue, Dec 10, 2019, 12:11 PM Davide Lombardo  wrote:

> I would like to download and test the previous versions of Debian for
> historical reason, is it possible to safely download such versions
> somewhere ?
>

Re: Previous versions of Debian GNU/Linux

[Greg Wooledge]

On Tue, Dec 10, 2019 at 07:55:41PM +, Davide Lombardo wrote:
> I would like to download and test the previous versions of Debian for 
> historical reason, is it possible to safely download such versions somewhere ?

https://cdimage.debian.org/cdimage/archive/

Previous versions of Debian GNU/Linux

[Davide Lombardo]

I would like to download and test the previous versions of Debian for 
historical reason, is it possible to safely download such versions somewhere ?

Disc ssd no hi és

[Teo-System Gmail]

Hola tinc un problema amb un dels dues s.o. que tinc en debian buster .
El primer s.o. és un disc hd que faig servir , el segon un s.o. en ssd
que funcionava de perles i de sobte ha desaparegut.
No està a bios (sata driver 0 none) i per tant quan tracte de cercar i
reparar-lo és inútil perque no esta o al menys no apareix amb cap dels
comandos per veure particions.
De tant en tant pel seu compte fá acte de presència i arranca per
tornar a estar missing aviat , es una verdadera pena perque funciona
molt millor que el hd que gaste.
Me dona que la cosa vá de firmware , alguna actualització, no se ...
El meu pc de sobretaula Think pad de lenovo. Alguna idea?.

Moltes gràcies per adelantat 



PD. Eugèni

Docker-Zimbra

[Eriel Perez]

Hola lista.

Alguin aqui ha realizado con exito la instalacion de zimbra con docker?

[https://wiki.zimbra.com/wiki/Deploy_Zimbra_Collaboration_using_docker]

Slds.

Re: [Solved] iptables firewall and web sites not loading

[Pascal Hambourg]

Le 10/12/2019 à 20:13, nektarios a écrit :

Pascal Hambourg  wrote:


Maybe a "MTU black hole" issue with PPPoE.
Workarounds :
- lower the MTU on the client side to 1492
- add a "TCPMSS --clamp-to-pmtu" iptables rule on the router

(...)

The tip you gave me really did the job! I found this page in tldp.org
describing the mtu issue
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/mtu-issues.html and the I
simply ran the iptables command
```
  iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
  --clamp-mss-to-pmtu
```
and it was fixed!


Please note that
- It's a hack. It does not fix the actual issue (inbound packets bigger 
than the PMTU are silently dropped).

- It works only for TCP.
- This rule works only for IPv4. If you have IPv6 connectivity, you must 
add a similar ip6tables rule.

- It does not work inside VPNs and tunnels which hide the actual PMTU.

[Solved] iptables firewall and web sites not loading

[nektarios]

On Tue, 10 Dec 2019 09:26:46 +
Nektarios Katakis  wrote:

> On Tue, 10 Dec 2019 07:22:05 +0100
> Pascal Hambourg  wrote:
> 
> > Le 10/12/2019 à 00:01, Nektarios Katakis a écrit :  
> > > 
> > > I am running an iptables firewall on an openwrt router I ve got.
> > > Which acts as Firewall/gateway and performs NATing for my internal
> > > network - debian PCs and android phones.
> > > 
> > > All good but specific web sites are not loading for the machines
> > > that are sitting behind the home router.
> > > 
> > > When attempting on the browser (firefox but tried different ones)
> > > the browser stays at `Performing a TLS handshake to
> > > bitbucket.org`. wget has similar results:
> > > ```
> > > wget  https://bitbucket.org
> > > --2019-12-09 22:07:32--  https://bitbucket.org/
> > > Resolving bitbucket.org (bitbucket.org)... 18.205.93.0,
> > > 18.205.93.1, 18.205.93.2, ... Connecting to bitbucket.org
> > > (bitbucket.org)|18.205.93.0|:443... connected.
> > > ```
> > > When doing a tcpdump on the router side I can see some initial TCP
> > > session establishment and then nothing:
> > (...)  
> > > Of course doing a wget from the router itself works fine as it
> > > also works fine on my desktop if I do dynamic port-forwarding
> > > with eg. `ssh -D 1050 router` (and configure of course firefox to
> > > use it).
> > 
> > Maybe a "MTU black hole" issue with PPPoE.
> > Workarounds :
> > - lower the MTU on the client side to 1492
> > - add a "TCPMSS --clamp-to-pmtu" iptables rule on the router
> >   
> 
> Interesting. I m not a network engineer and actually didnt think of
> that. I ll give it a shot and update.
> 
> Thanks.
> 

The tip you gave me really did the job! I found this page in tldp.org
describing the mtu issue
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/mtu-issues.html and the I
simply ran the iptables command
```
 iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
 --clamp-mss-to-pmtu 
```
and it was fixed!

Thanks again!

---
Nektarios Katakis

Re: xdm config

[Bob Bernstein]

On Mon, 9 Dec 2019, didier.gau...@gmail.com wrote:


Perhaps wdm would be of interest for you:
https://packages.debian.org/buster/wdm


Bingo!

This is exactly what I was looking for, and more. The install 
was like butter, even offering a selection of which display 
manager was to be default.


Thanks (and an honorable mention to tomas for also chiming in).

:-)

--
These are not the droids you are looking for.

Re: Double carte graphique sur Debian

[Dethegeek]

Bonjour

On glisse un peu, mais ça m'est arrivé de récupérer du matériel pour le sauver 
de cela.

Le 10 décembre 2019 14:55:46 GMT+01:00, Haricophile  a 
écrit :
>Le Sun, 8 Dec 2019 17:18:36 +0100,
>G2PC  a écrit :
>
>> Pas les moyens, étant chômeur sous le seuil de pauvreté, après 20 ans
>de
>> veille informatique, d'investir dans une machine avec deux cartes
>> graphiques.
>
>Quand la performance n'est pas le critère, ça me fait mal au cœur de
>voir tout
>ce qui est jeté dans certaines déchetteries...

-- 
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma 
brièveté.

Re: Double carte graphique sur Debian

[Haricophile]

Le Sun, 8 Dec 2019 17:18:36 +0100,
G2PC  a écrit :

> Pas les moyens, étant chômeur sous le seuil de pauvreté, après 20 ans de
> veille informatique, d'investir dans une machine avec deux cartes
> graphiques.

Quand la performance n'est pas le critère, ça me fait mal au cœur de voir tout
ce qui est jeté dans certaines déchetteries...

Re: Exim4 Bounce rfc822 spf - Pourquoi g...@gmail.fr

[Frédéric MASSOT]

Le 10/12/2019 à 11:30, G2PC a écrit :
> Bonjour,
> 
> J'utilise Exim4, et, une configuration non aboutie ( Pas de Dkim / Dmarc / 
> SPF peut être mal configurée )
> L'envoie de mail semble fonctionner comme je le souhaite, pour récupérer mes 
> accès CMS par exemple, lors de la création d'un utilisateur.
> 
> Depuis quelques jours, j'ai des spams récurrents, du même type, sur l'un de 
> mes comptes mails, qui semble lié à une seule installation de CMS ( site ) si 
> je ne me trompe pas.
> Le domaine du site concerné semble être green-nrj.com
> 
> 
> Comment comprendre ce mail (copie plus bas) que je reçois trop régulièrement, 
> presque 10 fois par jour ?
> Au delà de la nécessité de mettre en place Dkim / Dmarc / SPF correctement, 
> je suis étonné de toujours retrouver l’adresse " for ; " dans 
> les mails reçu.
> 
> 
> S'agit t'il d'un mail forgé, qui ne serait pas émis par mon propre serveur ? 
> J'ai tenté de trouver des logs de cet envoie dans les logs de exim4, mais, je 
> n'ai pas l'impression que Exim4 ait stocké un log pour cet envoi.
> Je constate également que le mail que j'ai reçu ce jour ( le 10 décembre ) , 
> semble avoir été émis à l'origine le 4 décembre : for ; Wed,  
> 4 Dec 2019 16:10:13 + (UTC)


Regarde les formulaires sur ton site web, le formulaire "envoyer à un
ami" n'a pas de captcha.


-- 
==
|  FRÉDÉRIC MASSOT   |
| http://www.juliana-multimedia.com  |
|   mailto:frede...@juliana-multimedia.com   |
| +33.(0)2.97.54.77.94  +33.(0)6.67.19.95.69 |
===Debian=GNU/Linux===

Re: Wifi gencat ENS EDU

[Iker Bilbao]

Bones,
Sí, seguint les instruccions que vaig rebre avui m'he pogut
connectar normalment.   Diria ja havia probat així, potser avui
tenia millor cobertura.
En tot cas confirmar que les instruccions són correctes: http:/
/linkat.xtec.cat/portal_linkat/wikilinkat/index.php/Wifi_gencat_ENS_EDU
Gràcies. SAX,
Iker.
-Missatge original-
Data: Tue, 10 Dec 2019 13:42:18 +0100Assumpte: Re: Wifi gencat ENS
EDUPer a: debian-user-catalan@lists.debian.orgDe: Àlex 
  

  
  
El 9/12/19 a les 18:19, Iker Bilbao ha
  escrit:



>   
>   bones,
>   
> 
>   
>    Tinc problemes per connectar un portàtil amb Ubuntu a
> l'institut.
>    Tot i la guia: http://linkat.xtec.cat/portal_linkat/wikilinkat
> /index.php/Wifi_gencat_ENS_EDU
>   
> 
>   
>    L'únic consell que em donen és passar-me a Windows. 
>    Algú s'hi ha trobat? Cap recomanació?
>    Em diuen el login és correcte.
>   
> 
>   
>    Gràcies,
>   
> 
>   
>   Iker.
> 




Hola Iker


has d'escollir exactament el mètode d'autentificació per aquesta
  WIFI, que és PEAP, i no EAP. Concretament:



Xarxa:  gencat_ENS_EDU 





Usuari: W seguit del codi del centre





Password: el que t'hagin dit


Mètode: PEAP
Autenticació fase 2: MSCHAPv2
Certificat Ca: sense validar



Al meu centre tots els portàtils són Ubuntu 18.04 o Chromebooks i
  es connecten


  

Re: [OT] Google security

[The Wanderer]

On 2019-12-10 at 08:07, John Hasler wrote:

> Andrei writes:
> 
>> "Criminals" are what the law defines them to be. Laws can be
>> created and / or changed as needed.
> 
> In my lexicon criminals are people who commit crimes, not people who 
> violate statutes.

Hmm. In my lexicon, crimes are defined by statute. How does your
definition differ?

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: dropbox security situation

[tomas]

On Tue, Dec 10, 2019 at 06:56:15AM -0600, John Hasler wrote:
> I wrote:
> > Bruce Schneier recommends writing passwords down and then keeping the
> > document containing them secure.
> 
> Andrei writes:
> > Not everybody has the luxury of typing password without danger of
> > someone taking a peek over the shoulder.
> 
> True but the admonition isn't "Don't write down passwords if you cannot
> read them back securely".  It's "Never, ever, ever write down a password
> no matter what!"

This violates my preferred maxim: "all generalizations suck". Yeah,
I know it's self-referential and contains (kinda) a negation in it.
The most interesting advances in last century's maths and computer
science happened in this vein ;-)

Cheers
-- tomás


signature.asc
Description: Digital signature

Re: dropbox security situation

[Celejar]

On Tue, 10 Dec 2019 06:56:15 -0600
John Hasler  wrote:

> I wrote:
> > Bruce Schneier recommends writing passwords down and then keeping the
> > document containing them secure.
> 
> Andrei writes:
> > Not everybody has the luxury of typing password without danger of
> > someone taking a peek over the shoulder.
> 
> True but the admonition isn't "Don't write down passwords if you cannot
> read them back securely".  It's "Never, ever, ever write down a password
> no matter what!"  In the current environment bad passwords are a far
> greater threat than that of friends or co-workers sneakily reading them.
> Common sense applies.  Writing down passwords doesn't mean you have to
> read them aloud while sitting at a hotel bar.

Arnold Reinhold (the Diceware creator) agrees with Schneier:

Should I write down my passphrase?

This is a very important question. Much advice says never write down
your passphrase under any circumstances. I strongly disagree, as do may
other security experts.

Most people are more afraid of forgetting their own passphrase than
they are of having it stolen. As a result they tend to pick passphrases
that are far too weak. I actually did a small survey on this question
and the results support my view. See
http://world.std.com/~reinhold/passphrase.survey.asc

Also many people need dozens of passwords or passphrases for different
programs and web sites. Remembering them all can be difficult,
particularly those that are used infrequently. For most people it is
better to pick strong passphrases, write them down and keep them in a
very safe place. There may be legal advantages to memorizing your key,
however.

http://world.std.com/%7Ereinhold/dicewarefaq.html

Celejar

Re: [OT] Google security

[John Hasler]

Andrei writes:
> "Criminals" are what the law defines them to be. Laws can be created
> and / or changed as needed.

In my lexicon criminals are people who commit crimes, not people who
violate statutes.

Not restricting my emailing to sending encrypted messages to people in
my web of trust and doing all my Web surfing via trusted Tor nodes does
not imply that I approve of government data trawling.

-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: dropbox security situation

[John Hasler]

I wrote:
> Bruce Schneier recommends writing passwords down and then keeping the
> document containing them secure.

Andrei writes:
> Not everybody has the luxury of typing password without danger of
> someone taking a peek over the shoulder.

True but the admonition isn't "Don't write down passwords if you cannot
read them back securely".  It's "Never, ever, ever write down a password
no matter what!"  In the current environment bad passwords are a far
greater threat than that of friends or co-workers sneakily reading them.
Common sense applies.  Writing down passwords doesn't mean you have to
read them aloud while sitting at a hotel bar.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: Wifi gencat ENS EDU

[Àlex]

El 9/12/19 a les 18:19, Iker Bilbao ha escrit:
> bones,
>
> Tinc problemes per connectar un portàtil amb Ubuntu a l'institut.
> Tot i la guia:
> http://linkat.xtec.cat/portal_linkat/wikilinkat/index.php/Wifi_gencat_ENS_EDU
>
> L'únic consell que em donen és passar-me a Windows.
> Algú s'hi ha trobat? Cap recomanació?
> Em diuen el login és correcte.
>
> Gràcies,
>
> *Iker.*


Hola Iker

has d'escollir exactament el mètode d'autentificació per aquesta WIFI,
que és PEAP, i no EAP. Concretament:


Xarxa:  gencat_ENS_EDU

Usuari: W seguit del codi del centre

Password: el que t'hagin dit

Mètode: PEAP

Autenticació fase 2: MSCHAPv2

Certificat Ca: sense validar


Al meu centre tots els portàtils són Ubuntu 18.04 o Chromebooks i es
connecten

Re: Wifi gencat ENS EDU

[Àlex]

El 9/12/19 a les 18:19, Iker Bilbao ha escrit:
> bones,
>
> Tinc problemes per connectar un portàtil amb Ubuntu a l'institut.
> Tot i la guia:
> http://linkat.xtec.cat/portal_linkat/wikilinkat/index.php/Wifi_gencat_ENS_EDU
>
> L'únic consell que em donen és passar-me a Windows.
> Algú s'hi ha trobat? Cap recomanació?
> Em diuen el login és correcte.
>
> Gràcies,
>
> *Iker.*


Hola Iker

has d'escollir exactament el mètode d'autentificació per aquesta WIFI,
que és PEAP, i no EAP. Concretament:

Xarxa:  gencat_ENS_EDU
Usuari: W seguit del codi del centre
Password: el que t'hagin dir
Mètode: PEAP
Autenticació fase 2: MSCHAPv2

Certificat Ca: sense validar


Al meu centre tots els portàtils són Ubuntu 18.04 o Chromebooks i es
connecten

Re: CVE-2019-14899

[Juan Gomez (Txonta)]

Mas información al respecto en castellano: "Un fallo de Linux posibilita 
el secuestro de conexiones VPN cifradas"


https://unaaldia.hispasec.com/2019/12/un-fallo-de-linux-posibilita-el-secuestro-de-conexiones-vpn-cifradas.html

El 7/12/19 a las 20:46, Fabián Bonetti escribió:

Que me dicen de esto?

https://fossbytes.com/hackers-hijack-vpn-connections-new-linux-vulnerability/

--> tleo.es 

Exim4 Bounce rfc822 spf - Pourquoi g...@gmail.fr

[G2PC]

Bonjour,

J'utilise Exim4, et, une configuration non aboutie ( Pas de Dkim / Dmarc / SPF 
peut être mal configurée )
L'envoie de mail semble fonctionner comme je le souhaite, pour récupérer mes 
accès CMS par exemple, lors de la création d'un utilisateur.

Depuis quelques jours, j'ai des spams récurrents, du même type, sur l'un de mes 
comptes mails, qui semble lié à une seule installation de CMS ( site ) si je ne 
me trompe pas.
Le domaine du site concerné semble être green-nrj.com


Comment comprendre ce mail (copie plus bas) que je reçois trop régulièrement, 
presque 10 fois par jour ?
Au delà de la nécessité de mettre en place Dkim / Dmarc / SPF correctement, je 
suis étonné de toujours retrouver l’adresse " for ; " dans les 
mails reçu.


S'agit t'il d'un mail forgé, qui ne serait pas émis par mon propre serveur ? 
J'ai tenté de trouver des logs de cet envoie dans les logs de exim4, mais, je 
n'ai pas l'impression que Exim4 ait stocké un log pour cet envoi.
Je constate également que le mail que j'ai reçu ce jour ( le 10 décembre ) , 
semble avoir été émis à l'origine le 4 décembre : for ; Wed,  4 
Dec 2019 16:10:13 + (UTC)


Je lis en lecture diagonale qu'il s'agit d'un BOUNCE : X-VR-SPAMSTATE: BOUNCE


J'ai fais une recherche rapide sur rfc822 mais si j'ai bien compris, ce n'est 
pas / plus une norme d'actualité, qui a été remplacée / améliorée. Je ne sais 
pas comment prendre en compte cette information à cet instant :
X-Postfix-Sender: rfc822; alternat...@green-nrj.com
...
Final-Recipient: rfc822; g...@gmail.fr
Original-Recipient: rfc822;g...@gmail.fr
Action: failed


Je constate que les mails sont à chaque fois différents :
Ceci est un message expédié via https://www.green-nrj.com/ par :
KlBLFYODHIjaipk 


J'ai désactivé hier le formulaire d'inscription qui était accessible depuis le 
menu.
Je me demande si il s'agit d'une faille dans un formulaire, ou, dans le 
template, qui permettrait d'envoyer des mails depuis ce site.
Actuellement, il reste toujours le formulaire de récupération de mot de passe, 
ou, d'identification, en front.

Je pourrais d'ailleurs enlever le lien vers cet espace de connexion qui ne me 
sert pas pour ne laisser que celui de l'administration.
J'aimerais tout de même pouvoir mieux comprendre pourquoi je me prend ce mail 
de façon répétitive :



Return-Path: <>
Delivered-To: alternat...@green-nrj.com
Received: from localhost (HELO queue) (127.0.0.1)
by localhost with SMTP; 9 Dec 2019 18:30:47 +0200
Received: from unknown (HELO output24.mail.ovh.net) (10.108.115.77)
  by mail136.ha.ovh.net with AES256-GCM-SHA384 encrypted SMTP; 9 Dec 2019 
18:30:47 +0200
Received: from vr4.mail.ovh.net (unknown [10.101.8.4])
by out24.mail.ovh.net (Postfix) with ESMTP id 47WpbC32Wwz6XjCQZ
for ; Mon,  9 Dec 2019 16:30:47 + (UTC)
Received: from in70.mail.ovh.net (unknown [10.101.4.70])
by vr4.mail.ovh.net (Postfix) with ESMTP id 47WpbC1rxPz2CcCN
for ; Mon,  9 Dec 2019 16:30:47 + (UTC)
Received-SPF: None (no SPF record) identity=no SPF record; 
client-ip=188.165.52.203; helo=3.mo69.mail-out.ovh.net; envelope-from=<>; 
receiver=alternat...@green-nrj.com 
Authentication-Results: in70.mail.ovh.net; dkim=none; dkim-atps=neutral
Received: from 3.mo69.mail-out.ovh.net (3.mo69.mail-out.ovh.net 
[188.165.52.203])
by in70.mail.ovh.net (Postfix) with ESMTPS id 47WpbC1CKwzZ1113
for ; Mon,  9 Dec 2019 16:30:47 + (UTC)
Received: by mo69.mail-out.ovh.net (Postfix)
id 3B5EF7369E; Mon,  9 Dec 2019 17:30:41 +0100 (CET)
Date: Mon,  9 Dec 2019 17:30:41 +0100 (CET)
From: mailer-dae...@mo69.mail-out.ovh.net (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: alternat...@green-nrj.com
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="E294F744AD.1575909041/mo69.mail-out.ovh.net"
Content-Transfer-Encoding: 8bit
Message-Id: <20191209163041.3b5ef73...@mo69.mail-out.ovh.net>
X-Ovh-Remote: 188.165.52.203 (3.mo69.mail-out.ovh.net)
X-Ovh-Tracer-Id: 8554306018541371540
X-VR-SPAMSTATE: BOUNCE
X-VR-SPAMSCORE: 1
X-VR-SPAMCAUSE: 
gggruggvucftvghtrhhoucdtuddrgedufedrudeltddgkeelucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucfpohhtihhfihgtrghtihhonhculddutddttddtmdenucfjughrpeffhffuvfggtgfgsehpkedtredttddvnecuhfhrohhmpefotefknffgtfdqffetgffoqffpsehmoheiledrmhgrihhlqdhouhhtrdhovhhhrdhnvghtucdlofgrihhlucffvghlihhvvghrhicuufihshhtvghmmdenucffohhmrghinhepohhvhhdrnhgvthdrihhmnecukfhppedukeekrdduieehrdehvddrvddtfeenucfrrghrrghmpehmohguvgepshhmthhppdhhvghlohepihhnjedtrdhmrghilhdrohhvhhdrnhgvthdpihhnvghtpedukeekrdduieehrdehvddrvddtfedpmhgrihhlfhhrohhmpedprhgtphhtthhopegrlhhtvghrnhgrthhivhgvsehgrhgvvghnqdhnrhhjrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd
X-Ovh-Spam-Status: OK
X-Ovh-Spam-Reason: vr: BOUNCE; dkim: disabled; spf: disabled
X-Ovh-Message-Type: BOUNCE

This is a MIME-encapsulated message.

Re: iptables firewall and web sites not loading

[Nektarios Katakis]

On Tue, 10 Dec 2019 07:22:05 +0100
Pascal Hambourg  wrote:

> Le 10/12/2019 à 00:01, Nektarios Katakis a écrit :
> > 
> > I am running an iptables firewall on an openwrt router I ve got.
> > Which acts as Firewall/gateway and performs NATing for my internal
> > network - debian PCs and android phones.
> > 
> > All good but specific web sites are not loading for the machines
> > that are sitting behind the home router.
> > 
> > When attempting on the browser (firefox but tried different ones)
> > the browser stays at `Performing a TLS handshake to bitbucket.org`.
> > wget has similar results:
> > ```
> > wget  https://bitbucket.org
> > --2019-12-09 22:07:32--  https://bitbucket.org/
> > Resolving bitbucket.org (bitbucket.org)... 18.205.93.0, 18.205.93.1,
> > 18.205.93.2, ... Connecting to bitbucket.org
> > (bitbucket.org)|18.205.93.0|:443... connected.
> > ```
> > When doing a tcpdump on the router side I can see some initial TCP
> > session establishment and then nothing:  
> (...)
> > Of course doing a wget from the router itself works fine as it also
> > works fine on my desktop if I do dynamic port-forwarding with eg.
> > `ssh -D 1050 router` (and configure of course firefox to use it).  
> 
> Maybe a "MTU black hole" issue with PPPoE.
> Workarounds :
> - lower the MTU on the client side to 1492
> - add a "TCPMSS --clamp-to-pmtu" iptables rule on the router
> 

Interesting. I m not a network engineer and actually didnt think of
that. I ll give it a shot and update.

Thanks.

-- 
Nektarios Katakis

Re: sincronizar la hora de Debian10 a NTP en dominio Windows Server

[Antonio Trujillo Carmona]

El 6/12/19 a las 18:41, Andy Yera Fuentes escribió:
> ¡Saludos comunidad!
>
> Estoy desde hace unos días intentando autenticar mi Squid4 con
> kerberos a un dominio con Windows Server 2016, se que para esto la
> sincronización de hora tiene que estar bien fina, y he tenido
> problemas para hacerlo, pues me sincroniza, pero con unos segundos de
> atraso.
>
> He intentado unir el pc en debian al dominio pero también me ha dado error.
>
> Alguien pudiera darme un norte.
>
> Gracias de antemano
> Andy
>
Yo uso:

Para sincronizar la hora editamos el fichero
“/etc/systemd/timesyncd.conf” y añadimos el servidor de hora:
# *nano /etc/systemd/timesyncd.conf*
[Time]
NTP=ntp.junta-andalucia.es
FallbackNTP=10.104.16.223 10.104.16.78 10.104.16.223 10.104.16.224

Luego ejecutamos:
# *timedatectl set-ntp true *
# *timedatectl status*


Te enlazo un documento, e intentado anonimizarlo un poco, por lo que
puede tener incongruencias, no cortes y pegues sin comprender lo que haces.

https://www.dropbox.com/s/bdfeylfr9zl4u0q/Unir_a_Active_Directory-3.odt?dl=0




signature.asc
Description: OpenPGP digital signature