Copie de fichiers dans un point de montage SSH

[Patrick ZAJDA]

Bonjour,


Sous Debian Buster avec Mate, j'aimerais copier des fichiers entre deux 
répertoires situés sur le même serveur SSH.


Si je fais un point de montage SSHFS, Est-ce que les fichiers passeront 
par ma machine pour revenir sur le serveur ou est-ce que ça sera 
directement copié d'un répertoire à l'autre du serveur.



Même question en faisant "Se connecter à un serveur", est-ce que la 
copie sera "directe" ?



Et dans le cas ou ces deux questions auraient une réponse négative, 
quelqu'un pourrait-il me conseiller un bon explorateur de fichier en 
mode console que je pourrais exécuter directement sur le serveur s'il 
vous plaît ?


J'ai bien essayé VIFM mais pour le moment, un peu de mal à comprendre 
comment l'utiliser ;)



En espérant avoir fourni suffisamment de détails.


Bonne journée,

--
Patrick ZAJDA

Re: PAM Configuration

[Jonas Smedegaard]

Hi Christoph.

Quoting Christoph Pleger (2020-02-14 13:25:24)
> I created a PAM configuration with the goal to make it possible that a 
> user can either login by inserting a smartcard into a card reader and 
> entering the correct PIN, or by entering the traditional UNIX 
> password. This is what my /etc/pam.d/common-auth looks like:

[...]

> auth[success=2 default=ignore]  pam_p11.so 
> /usr/local/lib/libcvP11.so

[...]

> This works nearly exactly as desired, "nearly" because though the 
> login with unix password works, the application shows "Login failed" 
> for a short time. Is there something I can change in the above file to 
> avoid this message?

I don't know what local library it is you used, but I encourage you to 
consider the use of Debian packages libpam-p11 libpam-pkcs11 and 
libpam-poldi - or if you already considered those then share why you 
rejected them.

...and then I suggest check their documentation - perhaps they already 
cover the combination use case that you are exploring.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

PAM Configuration

[Christoph Pleger]

Hello,

I created a PAM configuration with the goal to make it possible that a 
user can either login by inserting a smartcard into a card reader and 
entering the correct PIN, or by entering the traditional UNIX password. 
This is what my /etc/pam.d/common-auth looks like:


#
# /etc/pam.d/common-auth - authentication settings common to all 
services

#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

auth[success=2 default=ignore]  pam_p11.so 
/usr/local/lib/libcvP11.so


# here are the per-package modules (the "Primary" block)
auth[success=1 default=ignore]  pam_unix.so nullok_secure
# here's the fallback if no module succeeds
authrequisite   pam_deny.so
# prime the stack with a positive return value if there isn't one 
already;
# this avoids us returning an error just because nothing sets a success 
code

# since the modules above will each just jump around
authrequiredpam_permit.so
# and here are more per-package modules (the "Additional" block)
authoptionalpam_group.so
authoptionalpam_cap.so
# end of pam-auth-update config


This works nearly exactly as desired, "nearly" because though the login 
with unix password works, the application shows "Login failed" for a 
short time. Is there something I can change in the above file to avoid 
this message?


Regards
  Christoph

Do one thing. Do it right.

[Richard Owlett]

Youngsters have two foibles:
  More is always better.
  Glitz for its own sake.

For perspective:
  1. although only in mid-70's, my parents would be in their 12th
 decade.
  2. my father took a M.E. degree rather than E.E. as it gave him
 more of what today would be considered a minimal BSEE degree.
  3. my first computers ran on 1 MHz 6502's. 2nd even had 8k ram.

On 02/13/2020 09:17 PM, David Wright wrote in another thread:
[ https://lists.debian.org/debian-user/2020/02/msg00611.html ]


If a device is small, it has to appeal to a mass market.


*NO*! It's only required that engineering appeal to market.
E.G. In the last year there have been multiple amazing prosthetics for 
children and small animals in the news. They were possible due to 
advances in 3D printing.



To do that, it has to be packed with features, whether
or not these are "detrimental" to *your* intended use.


No! The inclusion of cell modem and WiFi would drive per unit cost of 
FCC approval through the roof.




I was surprised how much of the pinephone's functionality
could be switched off, once I'd decoded the jargon in
their specifications (with help). But I don't see how you
can avoid having to compromise over the inclusion of those
(redundant to you) functions, particularly in view of the
extra cost of providing the flexibility to turn them off.


If not there then *NO* need to turn off. ROFL

Re: Mac El Capitan Dual Boot

[Kenneth Parker]

On Thu, Feb 13, 2020 at 2:19 PM Charles Curley <
charlescur...@charlescurley.com> wrote:

> On Thu, 13 Feb 2020 12:03:20 -0500
> Kenneth Parker  wrote:
>
> > I am helping a friend install Debian on an older MacBook, running OS X
> > 10.11 (El Capitan).
>
> How old? The current version of Mac OS is Catalina, 10.15.3. This on a
> Macbook Air made in mid-2012. ( -> About this Mac)
>

I have not eyeballed this machine.  He told me that it had Mountain Lion on
it when he got it and was upgraded to El Capitan.  Suffice it to say that
it's old enough to have a Spinning Hard Drive and DVD Drive on it.  I told
him to investigate a Catalina Upgrade.

Anyway, consider this "situation" closed, because a Followup Question by me
was about what other Hardware he has?  He responded that he has an old Dell
in a Closet with XP on it.  We agreed that we leave alone the Mac, and make
the Dell a "pure Debian Laptop".

Thank you and best regards,

Kenneth Parker

Re: PAM Configuration

[Christoph Pleger]

Hello,


auth[success=2 default=ignore]  pam_p11.so
/usr/local/lib/libcvP11.so


[...]


This works nearly exactly as desired, "nearly" because though the
login with unix password works, the application shows "Login failed"
for a short time. Is there something I can change in the above file to
avoid this message?


I don't know what local library it is you used, but I encourage you to
consider the use of Debian packages libpam-p11 libpam-pkcs11 and
libpam-poldi - or if you already considered those then share why you
rejected them.


I am using libpam-p11, the local library given as an option of 
pam_p11.so is just for support of the specific format of how data is 
stored on our organization's smartcards.


Regards
  Christoph

Re: Do one thing. Do it right.

[David Wright]

On Fri 14 Feb 2020 at 08:55:41 (-0600), Richard Owlett wrote:
> On 02/14/2020 07:35 AM, Gene Heskett wrote:
> > On Friday 14 February 2020 07:50:01 Richard Owlett wrote:
> > 
> > > Youngsters have two foibles:
> > > More is always better.
> > > Glitz for its own sake.
> > > 
> > > For perspective:
> > > 1. although only in mid-70's, my parents would be in their 12th
> > >decade.
> > > 2. my father took a M.E. degree rather than E.E. as it gave him
> > >more of what today would be considered a minimal BSEE degree.
> > > 3. my first computers ran on 1 MHz 6502's. 2nd even had 8k ram.
> > 
> > Whereas my first was a
[… snipped all the stuff about TV control rooms …]
> > 
> > Do one job, do it right. I needed a clock for frame code, so I wrote one,
> > more accurate that either std frame or drop frame.
> > 
> > > On 02/13/2020 09:17 PM, David Wright wrote in another thread:
> > > [ https://lists.debian.org/debian-user/2020/02/msg00611.html ]
> > > 
> > > > If a device is small, it has to appeal to a mass market.
> > > 
> > > *NO*! It's only required that engineering appeal to market.
> > > E.G. In the last year there have been multiple amazing prosthetics for
> > > children and small animals in the news. They were possible due to
> > > advances in 3D printing.
> > 
> > Agreed.

Sorry, I didn't realise that when you were talking about a Personal
Digital Assistant you meant a plastic finger.

> > > > To do that, it has to be packed with features, whether
> > > > or not these are "detrimental" to *your* intended use.
> > > 
> > > No! The inclusion of cell modem and WiFi would drive per unit cost of
> > > FCC approval through the roof.
> > 
> > Agreed again. Folks have zero clue about the complexity of dealing with
> > the regulatory agencies.

Is this why virtually every electronic device nowadays has some form
of connectivity, either phone, wifi or BT.

> Been there, done it. Back in the 70's [as a SR Eng tech] I was
> involved in the measurement of RF radiated to free space and conducted
> to the power line for PDP11's.
> > 
> > > > I was surprised how much of the pinephone's functionality
> > > > could be switched off, once I'd decoded the jargon in
> > > > their specifications (with help). But I don't see how you
> > > > can avoid having to compromise over the inclusion of those
> > > > (redundant to you) functions, particularly in view of the
> > > > extra cost of providing the flexibility to turn them off.
> > > 
> > > If not there then *NO* need to turn off. ROFL
> > 
> > Chuckle.
> 
> We old fogies need to teach these youngsters.

Laugh all you like, but that doesn't sell devices that still
require wired connections to be able to use them.

I think the subject line of this thread is confusing software tools
and hardware. People are no longer happy to walk round with their
pockets (if they have them) filled with a phone, a camera, a diary,
a memo pad, a photo album, an MP3 player, a dictaphone, a calculator,
a transistor radio, a street map, a paperback, a pocket chess set,
not forgetting a newspaper tucked under their arm.

Cheers,
David.

Re: The nightmare of Intel Integrated GPUs under Linux in general and Debian in particular

[James Daldry]

I have a Lenovo Z570 Ideapad with GMA3000 graphics (Sandy Bridge). I
had gone through all the tricks - /etc/X11/xorg.conf.d,
etc/default/grub, grub command line, firmware-nonfree, Ubuntu graphics
PPA. Had it mostly OK, usable. Since I was using testing, did apt
update apt upgrade. Lost all 7 virtual terminals. Since I have /home
on a separate partition, I nuked and paved /dev/sda2 and left /home
alone. Fixed. Almost perfect. No moving / blinking text in the
terminal or in Thunderbird, package scrolling works fine in Synaptic,
Firefox doesn't crash when you clear out the address bar, old Motif
"card games" (Aisleriot, xpat2, Penguin Solitaire, etc working with no
glitches. Only 1 small white stripe when flipping to another virtual
desktop (running Compiz with the cube) which disappeared when I
returned to the vd. Back when I worked in the TV repair shop that was
sometimes referred to as an FM repair. The M stands for Magic. Anyhow,
so far, 2 days without a reboot and just about no glitches. Hope it
keeps up.
Jim Daldry

On 2/14/20, Miguel A. Vallejo  wrote:
> Jörg-Volker Peetz wrote:
>
>> Do you also use the skylake GPU firmware which should be located in
>> /lib/firmware/i915/
>> (from package firmware-linux-nonfree, I think; file names beginning with
>> "skl_")?
>
> Of course. I even installed the missing files in current testing / unstable
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931930
>
> But no difference. Once you start to use 3D accelerated graphics, the
> bomb starts ticking to explode when you least expect it.
>
>

Re: Do one thing. Do it right.

[Gene Heskett]

On Friday 14 February 2020 07:50:01 Richard Owlett wrote:

> Youngsters have two foibles:
>More is always better.
>Glitz for its own sake.
> 
> For perspective:
>1. although only in mid-70's, my parents would be in their 12th
>   decade.
>2. my father took a M.E. degree rather than E.E. as it gave him
>   more of what today would be considered a minimal BSEE degree.
>3. my first computers ran on 1 MHz 6502's. 2nd even had 8k ram.

Whereas my first was a cosmac super elf. With 256 bytes of ram. 
Eventually expanded to 4k of static ram for $400 plus an s-100 
backplane. By then I had an interface to Sony 2850 u-matic machines, and 
a vision of doing a production job with it at the tv station where I was 
the A.C.E. at the time. For all I know its still being used, that was 
1980 and the last time I checked, in '97, it was still used many times a 
day. In a tv station control room that eons.  And in writing that system 
to make it all fit in 4k of ram, I did something that today would be 
highly frowned upon, because so much if it was repetitious, I made 
liberal use of self-modifying code, so the last thing I did was to 
restore all the locations I had modified to their default values. Solid 
as a rock, I was at that station for another year, and had added an old 
burglar alarm battery, a 6 volt pb right across the 5 volt line as a 
backup, and while I had borrowed forever an audio cart machine and made 
several tape backups, and we had the usually undependable CA power, I 
never had to reload it.

Do one job, do it right. I needed a clock for frame code, so I wrote one, 
more accurate that either std frame or drop frame.

> On 02/13/2020 09:17 PM, David Wright wrote in another thread:
> [ https://lists.debian.org/debian-user/2020/02/msg00611.html ]
>
> > If a device is small, it has to appeal to a mass market.
>
> *NO*! It's only required that engineering appeal to market.
> E.G. In the last year there have been multiple amazing prosthetics for
> children and small animals in the news. They were possible due to
> advances in 3D printing.

Agreed.

> > To do that, it has to be packed with features, whether
> > or not these are "detrimental" to *your* intended use.
>
> No! The inclusion of cell modem and WiFi would drive per unit cost of
> FCC approval through the roof.

Agreed again. Folks have zero clue about the complexity of dealing with 
the regulatory agencies.

> > I was surprised how much of the pinephone's functionality
> > could be switched off, once I'd decoded the jargon in
> > their specifications (with help). But I don't see how you
> > can avoid having to compromise over the inclusion of those
> > (redundant to you) functions, particularly in view of the
> > extra cost of providing the flexibility to turn them off.
>
> If not there then *NO* need to turn off. ROFL

Chuckle.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

reiniciar em um determinado tempo

[Vitor Hugo]

Bom dia;

Quais são as alternativas para reinicar o Linux depois de um determinado 
tempo?


Estou utilizando o comando shutdown -r 5 para reiniciar o sistema após 5 
minutos.


Existem outras alternativas?

Re: Mac El Capitan Dual Boot

[Kenneth Parker]

On Thu, Feb 13, 2020 at 12:35 PM Jonas Smedegaard  wrote:

> Quoting Kenneth Parker (2020-02-13 18:03:20)
> > I am helping a friend install Debian on an older MacBook, running OS X
> > 10.11 (El Capitan).  It currently has a single 300G HFS Plus (Journaled)
> > Partition, with lots of free space.
> >
> > He wants to keep OS X, and use Buster (or Sid, leading to the next Stable
> > Release).
> >
> > He wants to shrink the Mac Partition, create a couple more for this.  (I
> > explained the need for two, including a Swap Partition to him).
> >
> > He thinks that Debian should be able to work on the same HFS Plus Disk
> > format.  Has anyone tried this?
> >
> > This is all preliminary now, as I am trying to talk him into ext4 for the
> > Debian Partition and, if he needs a place to share files, put a small,
> > fourth vfat Partition in for that.
>
> Debian (and Linux in general) supports read-write access to HFS+
> partitions, but it is unreliable.  I would expect it to be difficult to
> setup and the result would be unreliable (either because you would end
> up depending on the unreliable HFS+ write access, or because you would
> end up having a too complex to reliably maintain stack of hacks to work
> around the unreliable HFS+ write access).
>

I have read up on this HFS+ file system and concur completely.  My friend
didn't like my answer (don't use HFS+ for Linux) at all, putting the whole
"project" in question.  More on another reply.

 Thanks!  Kenneth Parker

Re: Comment interdire la consultation de son serveur web sur son IP directe et le port 443?

[G2PC]

Merci de vos retours, c'est sympa de tenter de m'aider à avancer ça.
Magré tout, je crois qu'on est sur un autre type de problème.

Encore une fois, je n'ai pas de difficulté pour mettre en place une
redirection HTTP, dès lors ou l'adresse ip de mon serveur est consultée
sur le port 80.

C'est bien la redirection IP:443 qui me fait m'interroger, sur la façon
de la gérer, puisque pour commencer, je n'ai pas de certificat let's
encrypt pour mon ip, mais bien uniquement pour mes domaines.
Est ce que le problème ne vient pas tout simplement de la ?



# Rediriger l'adresse IP vers le domaine par défaut en https.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^139.99.173.195$
RewriteRule ^(.*)$ https://www.visionduweb.fr$1 [QSA,L,R=301]





Par exemple, actuellement (Sans aucune règle VHost pour IP:443), si je
tente d'accéder à IP:443 j'ai le message suivant sur Firefox :

http://139.99.173.195:443/


  Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

En même temps, je n'ai aucune règle actuellement, pour 
Si je tente de mettre la règle précédente pour le port 80, en place pour
le port 443, alors 139.99.173.195:443 ne va pas me rediriger vers
https://www.visionduweb.fr mais vers mon premier site https://ethernium.fun
De plus, ma politique de no-hotlinking va faire en sorte que le site
ethernium.fun va afficher l'image de sécurité anti hotlink.

Qui plus est, à ce moment la, le site visionduweb.fr ne sera plus ( il
me semble ) navigable !

Donc :
1- Je ne sais pas comment traiter IP:443 ( La redirection par HTML ne me
semble pas répondre au problème rencontré. ) ( La VHost proposée est
équivalente à ce que j'ai déjà tenté de mettre en place. )
2- Je ne comprend pas pourquoi c'est le premier site de ma liste de
sites qui va être affiché, lorsque je tente une redirection de IP:443
vers http://www.visionduweb.fr
3- Je ne comprend pas pourquoi le site visionduweb.fr ne sera plus
navigable.


Avec ma configuration actuelle :

  * 1.1 Les VirtualHosts suivants ont été ajoutés sur le serveur VPS


  * 1.2 000-default.conf



  o 1.2.1 Recharger la configuration de Apache2


  * 1.3 127.0.0.1.conf



  o 1.3.1 Capturer les requêtes locales


  * 1.4 139.99.173.195.conf



  o 1.4.1 139.99.173.195 écoute du port HTTP 80


  o 1.4.2 139.99.173.195 écoute du port HTTP 443 ( Si une règle
équivalente à IP:80 est mise en place pour rediriger vers
https://www.visionduweb.fr, alors ...


  * 1.5 ethernium.fun



  o 1.5.1 ethernium.fun écoute du port HTTP 80 .


  o 1.5.2 ethernium.fun écoute du port SSL 443 .. c'est
ethernium.fun qui va être affiché, mais, les images seront
interdites et remplacée par l'image anti hotlinking du fait de
la protection, en bas du VHost ...


  * 1.6 ftp.visionduweb.fr



  o 1.6.1 ftp.visionduweb.fr écoute du port HTTP 80


  o 1.6.2 ftp.visionduweb.fr écoute du port SSL 443



... ... ...

1.19 visionduweb.fr

Re: Comment interdire la consultation de son serveur web sur son IP directe et le port 443?

[Maxime G.]

Comme expliqué par Apache, le port 443 est dedié à TLS, tu fais porter à ton 
virtualhost un certificat, quel qu'il soit, soit le signé de letsencrypt soit 
un autosigné, dans tous les cas ça ne matchera pas et il y aura une erreur côté 
client, après bypass de l'erreur le client se prendra soit le redirect en HTTP 
soit le redirect HTML comme proposé précédemment.

Je ne reçois aucun redirect http sur mes tests de ton IP.
Par contre il sert bien ta page d'erreur personnalisée, c'est que t'as du 
spécifier inutilement un root document quelque part en doublon de conf.

Pour ton rewrite en 80, essayes ça:

RewriteCond %{HTTP_HOST} ^139.99.173.195$
RewriteRule ^(.*)$ https://www.visionduweb.fr/$1 [L,R=301]
14 février 2020 14:02 "G2PC" mailto:g...@visionduweb.com?to=%22G2PC%22%20)> a écrit:
Merci de vos retours, c'est sympa de tenter de m'aider à avancer ça.
Magré tout, je crois qu'on est sur un autre type de problème.

Encore une fois, je n'ai pas de difficulté pour mettre en place une redirection 
HTTP, dès lors ou l'adresse ip de mon serveur est consultée sur le port 80.

C'est bien la redirection IP:443 qui me fait m'interroger, sur la façon de la 
gérer, puisque pour commencer, je n'ai pas de certificat let's encrypt pour mon 
ip, mais bien uniquement pour mes domaines.
Est ce que le problème ne vient pas tout simplement de la ?
 # Rediriger l'adresse IP vers le 
domaine par défaut en https.  RewriteEngine On 
RewriteCond %{HTTP_HOST} ^139.99.173.195$ RewriteRule ^(.*)$ 
https://www.visionduweb.fr$1 (https://www.visionduweb.fr%241) [QSA,L,R=301] 
 
Par exemple, actuellement (Sans aucune règle VHost pour IP:443), si je tente 
d'accéder à IP:443 j'ai le message suivant sur Firefox :

http://139.99.173.195:443/ (http://139.99.173.195:443/)

Bad Request

 Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

En même temps, je n'ai aucune règle actuellement, pour 
Si je tente de mettre la règle précédente pour le port 80, en place pour le 
port 443, alors 139.99.173.195:443 ne va pas me rediriger vers 
https://www.visionduweb.fr (https://www.visionduweb.fr) mais vers mon premier 
site https://ethernium.fun (https://ethernium.fun)
De plus, ma politique de no-hotlinking va faire en sorte que le site 
ethernium.fun va afficher l'image de sécurité anti hotlink.

Qui plus est, à ce moment la, le site visionduweb.fr ne sera plus ( il me 
semble ) navigable !

Donc :
1- Je ne sais pas comment traiter IP:443 ( La redirection par HTML ne me semble 
pas répondre au problème rencontré. ) ( La VHost proposée est équivalente à ce 
que j'ai déjà tenté de mettre en place. )
2- Je ne comprend pas pourquoi c'est le premier site de ma liste de sites qui 
va être affiché, lorsque je tente une redirection de IP:443 vers 
http://www.visionduweb.fr (http://www.visionduweb.fr)
3- Je ne comprend pas pourquoi le site visionduweb.fr ne sera plus navigable.
Avec ma configuration actuelle :
* 1.1 Les VirtualHosts suivants ont été ajoutés sur le serveur VPS 
(https://wiki.visionduweb.fr/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s#Les_VirtualHosts_suivants_ont_.C3.A9t.C3.A9_ajout.C3.A9s_sur_le_serveur_VPS)
* 1.2 000-default.conf 
(https://wiki.visionduweb.fr/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s#000-default.conf)
* 1.2.1 Recharger la configuration de Apache2 
(https://wiki.visionduweb.fr/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s#Recharger_la_configuration_de_Apache2)
* 1.3 127.0.0.1.conf 
(https://wiki.visionduweb.fr/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s#127.0.0.1.conf)
* 1.3.1 Capturer les requêtes locales 
(https://wiki.visionduweb.fr/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s#Capturer_les_requ.C3.AAtes_locales)
* 1.4 139.99.173.195.conf 
(https://wiki.visionduweb.fr/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s#139.99.173.195.conf)
* 1.4.1 139.99.173.195 écoute du port HTTP 80 
(https://wiki.visionduweb.fr/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s#139.99.173.195_.C3.A9coute_du_port_HTTP_80)
* 1.4.2 139.99.173.195 écoute du port HTTP 443 ( Si une règle 
équivalente à IP:80 est mise en place pour rediriger vers 
https://www.visionduweb.fr, alors ... 
(https://wiki.visionduweb.fr/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s#139.99.173.195_.C3.A9coute_du_port_HTTP_443)
* 1.5 ethernium.fun 
(https://wiki.visionduweb.fr/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s#ethernium.fun)
* 1.5.1 ethernium.fun écoute du port HTTP 80 . 
(https://wiki.visionduweb.fr/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s#ethernium.fun_.C3.A9coute_du_port_HTTP_80)
* 1.5.2 ethernium.fun écoute du port SSL 443 .. c'est 
ethernium.fun qui va être affiché, mais, les 

Re: Comment interdire la consultation de son serveur web sur son IP directe et le port 443?

[G2PC]

> Par contre, je viens de constater quelque chose avec ma configuration
> actuelle :
> https://139.99.173.195/ renvoie actuellement, sur
> https://ethernium.fun ( + les images du site sont remplacées par la
> protection anti hotlinking, ça n'a pas trop de sens pour moi, puisque
> l'on est bien sur ethernium.fun, hors, si on appel directement
> ethernium.fun, les images s'affichent. Il y a donc un probleme de
> redirection ! )
>

Oups, non.
https://139.99.173.195/ ne renvoie pas sur le domaine
https://ethernium.fun mais uniquement sur le contenu du domaine
ethernium.fun

C'est toujours https://139.99.173.195/ qui est affichée dans la barre
URL. Cela explique le problème de hotlinking. Cela n'explique pas
pourquoi, par défaut, https://139.99.173.195/ pointe vers le contenu de
ethernium.fun


> alors que
> (http://) 139.99.173.195:443/ renvoie sur Bad Request
>
> Le 14/02/2020 à 14:23, Maxime G. a écrit :
>> Comme expliqué par Apache, le port 443 est dedié à TLS, tu fais
>> porter à ton virtualhost un certificat, quel qu'il soit, soit le
>> signé de letsencrypt soit un autosigné, dans tous les cas ça ne
>> matchera pas et il y aura une erreur côté client, après bypass de
>> l'erreur le client se prendra soit le redirect en HTTP soit le
>> redirect HTML comme proposé précédemment.

Re: Do one thing. Do it right.

[Richard Owlett]

On 02/14/2020 07:35 AM, Gene Heskett wrote:

On Friday 14 February 2020 07:50:01 Richard Owlett wrote:


Youngsters have two foibles:
More is always better.
Glitz for its own sake.

For perspective:
1. although only in mid-70's, my parents would be in their 12th
   decade.
2. my father took a M.E. degree rather than E.E. as it gave him
   more of what today would be considered a minimal BSEE degree.
3. my first computers ran on 1 MHz 6502's. 2nd even had 8k ram.


Whereas my first was a cosmac super elf. With 256 bytes of ram.
Eventually expanded to 4k of static ram for $400 plus an s-100
backplane. By then I had an interface to Sony 2850 u-matic machines, and
a vision of doing a production job with it at the tv station where I was
the A.C.E. at the time. For all I know its still being used, that was
1980 and the last time I checked, in '97, it was still used many times a
day. In a tv station control room that eons.  And in writing that system
to make it all fit in 4k of ram, I did something that today would be
highly frowned upon, because so much if it was repetitious, I made
liberal use of self-modifying code, so the last thing I did was to
restore all the locations I had modified to their default values. Solid
as a rock, I was at that station for another year, and had added an old
burglar alarm battery, a 6 volt pb right across the 5 volt line as a
backup, and while I had borrowed forever an audio cart machine and made
several tape backups, and we had the usually undependable CA power, I
never had to reload it.

Do one job, do it right. I needed a clock for frame code, so I wrote one,
more accurate that either std frame or drop frame.


On 02/13/2020 09:17 PM, David Wright wrote in another thread:
[ https://lists.debian.org/debian-user/2020/02/msg00611.html ]


If a device is small, it has to appeal to a mass market.


*NO*! It's only required that engineering appeal to market.
E.G. In the last year there have been multiple amazing prosthetics for
children and small animals in the news. They were possible due to
advances in 3D printing.


Agreed.


To do that, it has to be packed with features, whether
or not these are "detrimental" to *your* intended use.


No! The inclusion of cell modem and WiFi would drive per unit cost of
FCC approval through the roof.


Agreed again. Folks have zero clue about the complexity of dealing with
the regulatory agencies.


Been there, done it. Back in the 70's [as a SR Eng tech] I was involved 
in the measurement of RF radiated to free space and conducted to the 
power line for PDP11's.





I was surprised how much of the pinephone's functionality
could be switched off, once I'd decoded the jargon in
their specifications (with help). But I don't see how you
can avoid having to compromise over the inclusion of those
(redundant to you) functions, particularly in view of the
extra cost of providing the flexibility to turn them off.


If not there then *NO* need to turn off. ROFL


Chuckle.

Cheers, Gene Heskett



We old fogies need to teach these youngsters.

Re: Comment interdire la consultation de son serveur web sur son IP directe et le port 443?

[G2PC]

Désolé, je n'ai pas du être assez précis et ma demande prête peut être à
confusion.

Actuellement, j'ai verrouillé la redirection IP:80 qui renvoie bien
effectivement vers une page 403.

Alors, effectivement, j'ai bien ici un DocumentRoot de renseigné.
Est ce que c'est nécessaire ? Je suppose que ça l'est, pour renseigner
le dossier qui contient le fichier 403-forbidden.php, l'image
403-forbidden.jpg et le favicon.ico ( 3 fichiers donc, qui eux ont été
autorisés. )

Voilà bien la configuration appliquée actuellement :



DocumentRoot /var/www/139.99.173.195

# Erreur 403 - Forbidden. FICHIERS AUTORISES POUR LA PAGE 403-FORBIDDEN.PHP

Require all granted


Require all granted


 # INTERDICTION POUR LA RACINE
Require all denied

 # INTERDICTION POUR TOUT LE SITE ( L'ip :80 
)
Require all denied


# Rediriger l'adresse IP vers le domaine par défaut en https. # REDIRECTION 
vers le site principale désactivée actuellement.
#
#RewriteEngine On
#RewriteCond %{HTTP_HOST} ^139.99.173.195$
#RewriteRule ^(.*)$ https://www.visionduweb.fr$1 [QSA,L,R=301]
#

ErrorDocument 403 /403-forbidden.php # ERRORDOCUMENT QUI POINTE VERS 
403-FORBIDDEN.PHP




Par contre, je viens de constater quelque chose avec ma configuration
actuelle :
https://139.99.173.195/ renvoie actuellement, sur https://ethernium.fun
( + les images du site sont remplacées par la protection anti
hotlinking, ça n'a pas trop de sens pour moi, puisque l'on est bien sur
ethernium.fun, hors, si on appel directement ethernium.fun, les images
s'affichent. Il y a donc un probleme de redirection ! )
alors que
(http://) 139.99.173.195:443/ renvoie sur Bad Request

Le 14/02/2020 à 14:23, Maxime G. a écrit :
> Comme expliqué par Apache, le port 443 est dedié à TLS, tu fais porter
> à ton virtualhost un certificat, quel qu'il soit, soit le signé de
> letsencrypt soit un autosigné, dans tous les cas ça ne matchera pas et
> il y aura une erreur côté client, après bypass de l'erreur le client
> se prendra soit le redirect en HTTP soit le redirect HTML comme
> proposé précédemment.


Je n'ai pas bien compris ton approche.
Pourquoi " ça ne matchera pas " ?

Déjà, concernant mon IP, je ne pense pas pouvoir lui créer un certificat
let's encrypt, qui est je crois, réservé pour les noms de domaines, je
me trompe ?

Tu dis que le client va prendre la redirection HTTP, soit, HTML, ok,
c'est donc la situation que j'avais déjà pu réalisée.

Je suis toujours désireux de comprendre comment traiter une redirection
pour :
https://139.99.173.195 -> https://www.visionduweb.fr
(http://) 139.99.173.195:443/ -> https://www.visionduweb.fr

>
> Je ne reçois aucun redirect http sur mes tests de ton IP.
> Par contre il sert bien ta page d'erreur personnalisée, c'est que t'as
> du spécifier inutilement un root document quelque part en doublon de conf.
>
> Pour ton rewrite en 80, essayes ça:
>
> RewriteCond %{HTTP_HOST} ^139\.99\.173\.195$
> RewriteRule ^(.*)$ https://www.visionduweb.fr/$1 [L,R=301]
>
>
>
>
> 14 février 2020 14:02 "G2PC"  >
> a écrit:
>
> Merci de vos retours, c'est sympa de tenter de m'aider à avancer ça.
> Magré tout, je crois qu'on est sur un autre type de problème.
>
> Encore une fois, je n'ai pas de difficulté pour mettre en place
> une redirection HTTP, dès lors ou l'adresse ip de mon serveur est
> consultée sur le port 80.
>
> C'est bien la redirection IP:443 qui me fait m'interroger, sur la
> façon de la gérer, puisque pour commencer, je n'ai pas de
> certificat let's encrypt pour mon ip, mais bien uniquement pour
> mes domaines.
> Est ce que le problème ne vient pas tout simplement de la ?
>
>  # Rediriger l'adresse IP vers le domaine 
> par défaut en https.  RewriteEngine On RewriteCond 
> %{HTTP_HOST} ^139.99.173.195$ RewriteRule ^(.*)$ https://www.visionduweb.fr$1 
>  [QSA,L,R=301]  
>
>
> Par exemple, actuellement (Sans aucune règle VHost pour IP:443),
> si je tente d'accéder à IP:443 j'ai le message suivant sur Firefox :
>
> http://139.99.173.195:443/
>
>
>   Bad Request
>
> Your browser sent a request that this server could not understand.
> Reason: You're speaking plain HTTP to an SSL-enabled server port.
> Instead use the HTTPS scheme to access this URL, please.
>
> En même temps, je n'ai aucune règle actuellement, pour
> 
> Si je tente de mettre la règle précédente pour le port 80, en
> place pour le port 443, alors 139.99.173.195:443 ne va pas me
> rediriger vers https://www.visionduweb.fr mais vers mon premier
> site https://ethernium.fun
> De plus, ma politique de no-hotlinking va faire en sorte que le
> site ethernium.fun va afficher l'image de sécurité anti hotlink.
>
> Qui plus est, à ce moment la, le site visionduweb.fr ne sera plus
> ( il me semble ) navigable !
>
> Donc :
> 1- Je ne sais pas comment traiter IP:443 ( La redirection par HTML
> ne me semble 

Re: PAM Configuration

[Christoph Pleger]

Hello,

On 2020-02-14 13:25, Christoph Pleger wrote:

auth[success=2 default=ignore]  pam_p11.so 
/usr/local/lib/libcvP11.so


# here are the per-package modules (the "Primary" block)
auth[success=1 default=ignore]  pam_unix.so nullok_secure
# here's the fallback if no module succeeds
authrequisite   pam_deny.so
# prime the stack with a positive return value if there isn't one 
already;
# this avoids us returning an error just because nothing sets a success 
code

# since the modules above will each just jump around
authrequiredpam_permit.so
# and here are more per-package modules (the "Additional" block)
authoptionalpam_group.so
authoptionalpam_cap.so
# end of pam-auth-update config



The question here is, why the application at all gets knowledge about 
some failed PAM module, should it not just get the final result from the 
complete PAM stack, which is PAM_SUCCESS in this case?


Regards
  Christoph

Re: help with gitlab on buster

[deloptes]

john doe wrote:

> First off, backup your data! :)

also no one upgrades production stuff without testing the procedure -
right?!

Re: reiniciar em um determinado tempo

[Paulino Kenji Sato]

On Fri, Feb 14, 2020 at 12:17 PM Vitor Hugo  wrote:

> Bom dia;
>
> Quais são as alternativas para reinicar o Linux depois de um determinado
> tempo?
>
> Estou utilizando o comando shutdown -r 5 para reiniciar o sistema após 5
> minutos.
>
> Existem outras alternativas?
>
>
apt install at
echo "shutdown -r now" | at now+5min

Mas, para que reiniciar depois de um tempo?


-- 
Paulino Kenji Sato

Re: Copie de fichiers dans un point de montage SSH

[hamster]

Le 14/02/2020 à 16:19, Patrick ZAJDA a écrit :
> Sous Debian Buster avec Mate, j'aimerais copier des fichiers entre
> deux répertoires situés sur le même serveur SSH.
>
> Si je fais un point de montage SSHFS, Est-ce que les fichiers
> passeront par ma machine pour revenir sur le serveur
>

Je le pense

> Même question en faisant "Se connecter à un serveur"

Probablement aussi.

> Et dans le cas ou ces deux questions auraient une réponse négative,
> quelqu'un pourrait-il me conseiller un bon explorateur de fichier en
> mode console que je pourrais exécuter directement sur le serveur s'il
> vous plaît ?

Pourquoi un explorateur de fichiers ? La commande cp fait très bien
l'affaire. Tu peux utiliser l'interface graphique de ton ordi pour
explorer les dossiers du serveur (en faisant "se connecter a un serveur"
ou grace a un montage SSHFS) puis lancer ensuite la copie des fichiers
que tu aura choisi avec la commande cp.

cp /chemin/vers/le/fichier.txt /chemin/vers/la/destination

Tu peux aussi copier un dossier entier et tout ce qu'il contient avec
l'option -r

cp -r /chemin/vers/le/dossier /chemin/vers/la/destination

Si tu veux que le truc copié conserve son propriétaire et ses
permissions, c'est l'option -a

cp -a /chemin/vers/le/dossier /chemin/vers/la/destination
cp -a /chemin/vers/le/fichier.txt /chemin/vers/la/destination

Re: Comment interdire la consultation de son serveur web sur son IP directe et le port 443?

[Florian Blanc]

Iptables
Tu cron un script (20min par exemple) qui vide et reinsert tes règles
"--src ton.noip.ddns.net" ACCEPT sur ta table "INDYNAMIC" par exemple.
Le reste est DROP

Le ven. 14 févr. 2020 à 17:47, Maxime G.  a écrit :

> Incompréhensible bazar !
>
> De plus http://139.99.173.195/ ou https://139.99.173.195/ ne donnent plus
> aucun résultats à présent, l'host ferme le port immédiatement sans que le
> client puisse envoyer d'instructions et sans raison...
>
>
> Expliques-nous simplement ce que tu veux faire, rediriger ton IP vers un
> domaine ou l'envoyer sur une page d'erreur personnalisée ou répondre un 403
> ??
>
> Un truc simple.
>
>
>
>
>
> 14 février 2020 15:11 "G2PC"  > a
> écrit:
>
> Par contre, je viens de constater quelque chose avec ma configuration
> actuelle :
> https://139.99.173.195/ renvoie actuellement, sur https://ethernium.fun (
> + les images du site sont remplacées par la protection anti hotlinking, ça
> n'a pas trop de sens pour moi, puisque l'on est bien sur ethernium.fun,
> hors, si on appel directement ethernium.fun, les images s'affichent. Il y a
> donc un probleme de redirection ! )
>
> Oups, non.
> https://139.99.173.195/ ne renvoie pas sur le domaine
> https://ethernium.fun mais uniquement sur le contenu du domaine
> ethernium.fun
>
> C'est toujours https://139.99.173.195/ qui est affichée dans la barre
> URL. Cela explique le problème de hotlinking. Cela n'explique pas pourquoi,
> par défaut, https://139.99.173.195/ pointe vers le contenu de
> ethernium.fun
>
> alors que
> (http://) 139.99.173.195:443/ renvoie sur Bad Request
> Le 14/02/2020 à 14:23, Maxime G. a écrit :
>
> Comme expliqué par Apache, le port 443 est dedié à TLS, tu fais porter à
> ton virtualhost un certificat, quel qu'il soit, soit le signé de
> letsencrypt soit un autosigné, dans tous les cas ça ne matchera pas et il y
> aura une erreur côté client, après bypass de l'erreur le client se prendra
> soit le redirect en HTTP soit le redirect HTML comme proposé précédemment.
>
>
>
>

help with gitlab on buster

[Graham Seaman]

I run a debian house server for firewall, routing etc. The last few 
years I've also run gitlab on it, which I use to manage text files I 
work on from an assortment of laptops/PCs; I have a lot of these files 
(currently around 12 Gb) and really don't want to lose them. After the 
initial setup I didn't do anything with the gitlab code and don't even 
remember what version it was.


So this week, without thinking particularly about gitlab, I upgraded 
from stretch to buster. No complaints during the upgrade, but gitlab no 
longer worked (now dependent on a directory called 'embedded' which I 
don't have). So I followed the recommendation on 
https://wiki.debian.org/gitlab to update gitlab using buster-fastrack. 
This installed an alarmingly huge number of ruby and node dependencies, 
then failed informing me that I the database changes were too big to go 
straight from my old version to the current debian one, and that I need 
to transition through version 11.11.0 first.


There is no debian package for this, and 11.11.0 is only available from 
gitlab.com as a docker install, but I'm running directly on my host.


Can anyone suggest how to get myself a working gitlab again. without 
losing the current data? I could live with a command-line only version, 
if I couldn't get the web side working again.


Thanks for any advice

Graham

Re: reiniciar em um determinado tempo

[Helio Loureiro]

sleep `expr 5 * 60` && shutdown -r now

On Fri, Feb 14, 2020, 16:17 Vitor Hugo  wrote:

> Bom dia;
>
> Quais são as alternativas para reinicar o Linux depois de um determinado
> tempo?
>
> Estou utilizando o comando shutdown -r 5 para reiniciar o sistema após 5
> minutos.
>
> Existem outras alternativas?
>
>

Re: Do one thing. Do it right.

[Gene Heskett]

On Friday 14 February 2020 09:55:41 Richard Owlett wrote:

> We old fogies need to teach these youngsters.

But its awful hard to get them to listen when that particular thing has 
never left toothprints in the vicinity of their wallets. ;-)

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Copie de fichiers dans un point de montage SSH

[Marc Siegwald]

Le 14/02/2020 à 16:19, Patrick ZAJDA a écrit :


Bonjour,


Sous Debian Buster avec Mate, j'aimerais copier des fichiers entre 
deux répertoires situés sur le même serveur SSH.


Si je fais un point de montage SSHFS, Est-ce que les fichiers 
passeront par ma machine pour revenir sur le serveur ou est-ce que ça 
sera directement copié d'un répertoire à l'autre du serveur.



Même question en faisant "Se connecter à un serveur", est-ce que la 
copie sera "directe" ?



Et dans le cas ou ces deux questions auraient une réponse négative, 
quelqu'un pourrait-il me conseiller un bon explorateur de fichier en 
mode console que je pourrais exécuter directement sur le serveur s'il 
vous plaît ?


J'ai bien essayé VIFM mais pour le moment, un peu de mal à comprendre 
comment l'utiliser ;)



En espérant avoir fourni suffisamment de détails.


Bonne journée,

--
Patrick ZAJDA


Midnight commander ?

(aptitude install mc)

Bonne journée,

Marc

Re: Comment interdire la consultation de son serveur web sur son IP directe et le port 443?

[Maxime G.]

Incompréhensible bazar !

De plus http://139.99.173.195/ (http://139.99.173.195/) ou 
https://139.99.173.195/ (https://139.99.173.195/) ne donnent plus aucun 
résultats à présent, l'host ferme le port immédiatement sans que le client 
puisse envoyer d'instructions et sans raison...
Expliques-nous simplement ce que tu veux faire, rediriger ton IP vers un 
domaine ou l'envoyer sur une page d'erreur personnalisée ou répondre un 403 ??

Un truc simple.
14 février 2020 15:11 "G2PC" mailto:g...@visionduweb.com?to=%22G2PC%22%20)> a écrit:
Par contre, je viens de constater quelque chose avec ma configuration 
actuelle :
https://139.99.173.195/ (https://139.99.173.195/) renvoie actuellement, sur 
https://ethernium.fun (https://ethernium.fun) ( + les images du site sont 
remplacées par la protection anti hotlinking, ça n'a pas trop de sens pour moi, 
puisque l'on est bien sur ethernium.fun, hors, si on appel directement 
ethernium.fun, les images s'affichent. Il y a donc un probleme de redirection ! 
)

Oups, non.
https://139.99.173.195/ (https://139.99.173.195/) ne renvoie pas sur le domaine 
https://ethernium.fun (https://ethernium.fun) mais uniquement sur le contenu du 
domaine ethernium.fun (https://ethernium.fun)

C'est toujours https://139.99.173.195/ (https://139.99.173.195/) qui 
est affichée dans la barre URL. Cela explique le problème de hotlinking. Cela 
n'explique pas pourquoi, par défaut, https://139.99.173.195/ 
(https://139.99.173.195/) pointe vers le contenu de ethernium.fun 

alors que
(http://) 139.99.173.195:443/ renvoie sur Bad Request
Le 14/02/2020 à 14:23, Maxime G. a écrit :Comme expliqué par Apache, le port 
443 est dedié à TLS, tu fais porter à ton virtualhost un certificat, quel qu'il 
soit, soit le signé de letsencrypt soit un autosigné, dans tous les cas ça ne 
matchera pas et il y aura une erreur côté client, après bypass de l'erreur le 
client se prendra soit le redirect en HTTP soit le redirect HTML comme proposé 
précédemment.

Re: help with gitlab on buster

[john doe]

On 2/14/2020 5:42 PM, Graham Seaman wrote:
> I run a debian house server for firewall, routing etc. The last few
> years I've also run gitlab on it, which I use to manage text files I
> work on from an assortment of laptops/PCs; I have a lot of these files
> (currently around 12 Gb) and really don't want to lose them. After the
> initial setup I didn't do anything with the gitlab code and don't even
> remember what version it was.
>
> So this week, without thinking particularly about gitlab, I upgraded
> from stretch to buster. No complaints during the upgrade, but gitlab no
> longer worked (now dependent on a directory called 'embedded' which I
> don't have). So I followed the recommendation on
> https://wiki.debian.org/gitlab to update gitlab using buster-fastrack.
> This installed an alarmingly huge number of ruby and node dependencies,
> then failed informing me that I the database changes were too big to go
> straight from my old version to the current debian one, and that I need
> to transition through version 11.11.0 first.
>
> There is no debian package for this, and 11.11.0 is only available from
> gitlab.com as a docker install, but I'm running directly on my host.
>

Cant' you use docker on an other host, for example, in a VM?

> Can anyone suggest how to get myself a working gitlab again. without
> losing the current data? I could live with a command-line only version,
> if I couldn't get the web side working again.
>

First off, backup your data! :)

Basically, my idea would be to find a way to follow the correct upgrade
procedure.

--
John Doe

Re: Do one thing. Do it right.

[Gene Heskett]

On Friday 14 February 2020 10:29:26 David Wright wrote:

> On Fri 14 Feb 2020 at 08:55:41 (-0600), Richard Owlett wrote:
> > On 02/14/2020 07:35 AM, Gene Heskett wrote:
> > > On Friday 14 February 2020 07:50:01 Richard Owlett wrote:
> > > > Youngsters have two foibles:
> > > > More is always better.
> > > > Glitz for its own sake.
> > > > 
> > > > For perspective:
> > > > 1. although only in mid-70's, my parents would be in their
> > > > 12th decade.
> > > > 2. my father took a M.E. degree rather than E.E. as it gave
> > > > him more of what today would be considered a minimal BSEE
> > > > degree. 3. my first computers ran on 1 MHz 6502's. 2nd even had
> > > > 8k ram.
> > >
> > > Whereas my first was a
>
> [… snipped all the stuff about TV control rooms …]
>
> > > Do one job, do it right. I needed a clock for frame code, so I
> > > wrote one, more accurate that either std frame or drop frame.
> > >
> > > > On 02/13/2020 09:17 PM, David Wright wrote in another thread:
> > > > [ https://lists.debian.org/debian-user/2020/02/msg00611.html ]
> > > >
> > > > > If a device is small, it has to appeal to a mass market.
> > > >
> > > > *NO*! It's only required that engineering appeal to market.
> > > > E.G. In the last year there have been multiple amazing
> > > > prosthetics for children and small animals in the news. They
> > > > were possible due to advances in 3D printing.
> > >
> > > Agreed.
>
> Sorry, I didn't realise that when you were talking about a Personal
> Digital Assistant you meant a plastic finger.
>
> > > > > To do that, it has to be packed with features, whether
> > > > > or not these are "detrimental" to *your* intended use.
> > > >
> > > > No! The inclusion of cell modem and WiFi would drive per unit
> > > > cost of FCC approval through the roof.
> > >
> > > Agreed again. Folks have zero clue about the complexity of dealing
> > > with the regulatory agencies.
>
> Is this why virtually every electronic device nowadays has some form
> of connectivity, either phone, wifi or BT.
Only because it won't even be picked up and considered for purchase if it 
has a power or connectivity cord supplied with it.

> > Been there, done it. Back in the 70's [as a SR Eng tech] I was
> > involved in the measurement of RF radiated to free space and
> > conducted to the power line for PDP11's.

I expect they never did get past the limits for commercial products. But 
then the only pdp-11 I was responsible for was a multiple times a day 
crasher that their field service engineers literally changed everything 
in it but the frame rail that carried its serial number without 
lengthening it uptime.  Its crashing was costing us pretty good money 
because it was crashed and didn't switch sat channels, so we air a 
diaper commercial we didn't get paid for when we should have been 
selling dog food. It was a CBS purchased product that came with a 180k$ 
7 meter C band dish we had to pay for.  My mewling about its lack of 
dependency finally got the computer guy at CBS to fix the serial number 
vs location in DEC's records and traded me his machine. He couldn't get 
it to run long enough to troubleshoot a card from another affiliate, so 
it was time to globally replace it, with an industrial rated IBM whose 
only job was to tell an artic card how to do it. When that system was 
online and working I bought a bottle of black jack to celebrate. Offered 
to send Hugh a copy but he said he didn't do anything stronger than 
green tea.

And argueing with you, let me ignore a pan of corn bread in the oven my 
invalid wife requested for dinner, which got a bit darker than golden 
brown. Still edible I think although I won't take more than a bite to 
check as I'm a DM-II and corn bread is instant sugar overload for me.

> > > > > I was surprised how much of the pinephone's functionality
> > > > > could be switched off, once I'd decoded the jargon in
> > > > > their specifications (with help). But I don't see how you
> > > > > can avoid having to compromise over the inclusion of those
> > > > > (redundant to you) functions, particularly in view of the
> > > > > extra cost of providing the flexibility to turn them off.
> > > >
> > > > If not there then *NO* need to turn off. ROFL
> > >
> > > Chuckle.
> >
> > We old fogies need to teach these youngsters.
>
> Laugh all you like, but that doesn't sell devices that still
> require wired connections to be able to use them.
>
> I think the subject line of this thread is confusing software tools
> and hardware. People are no longer happy to walk round with their
> pockets (if they have them) filled with a phone, a camera, a diary,
> a memo pad, a photo album, an MP3 player, a dictaphone, a calculator,
> a transistor radio, a street map, a paperback, a pocket chess set,
> not forgetting a newspaper tucked under their arm.
>
> Cheers,

> David.

This is also true which is why these thing are all crammed to the last 
byte of their roms with functionality that as a retired old fart 

iwlwifi problem with Debian kernel 5.4.0-4-amd64

[Stefan Pietsch]

Hi list,

iwlwifi has a problem with the latest Debian unstable kernel package 
(5.4.0-4-amd64).
The wifi interface is not usable.

5.4.0-3-amd64 works fine instead.

Is anyone experiencing the same problem?


##


dmesg at boot:

[   10.318868] iwlwifi :03:00.0: enabling device ( -> 0002)
[   10.327050] iwlwifi :03:00.0: firmware: direct-loading firmware 
iwlwifi-8265-36.ucode
[   10.327563] iwlwifi :03:00.0: loaded firmware version 36.8fd77bb3.0 
op_mode iwlmvm
[   10.584758] iwlwifi :03:00.0: Detected Intel(R) Dual Band Wireless AC 
8265, REV=0x230
[   11.627285] iwlwifi :03:00.0: Collecting data: trigger 15 fired.
[   11.875699] iwlwifi :03:00.0: Not valid error log pointer 0x for 
Init uCode
[   11.876711] iwlwifi :03:00.0: Fseq Registers:
[   11.877509] iwlwifi :03:00.0: 0x8158ABCE | FSEQ_ERROR_CODE
[   11.878360] iwlwifi :03:00.0: 0x65F35815 | FSEQ_TOP_INIT_VERSION
[   11.879164] iwlwifi :03:00.0: 0x1C244110 | FSEQ_CNVIO_INIT_VERSION
[   11.880011] iwlwifi :03:00.0: 0xA10B | FSEQ_OTP_VERSION
[   11.880829] iwlwifi :03:00.0: 0xD41F2A3F | FSEQ_TOP_CONTENT_VERSION
[   11.881648] iwlwifi :03:00.0: 0x005F770E | FSEQ_ALIVE_TOKEN
[   11.882449] iwlwifi :03:00.0: 0x133EBA56 | FSEQ_CNVI_ID
[   11.883292] iwlwifi :03:00.0: 0x641CF11F | FSEQ_CNVR_ID
[   11.884338] iwlwifi :03:00.0: 0x0010 | CNVI_AUX_MISC_CHIP
[   11.885281] iwlwifi :03:00.0: 0x0BADCAFE | CNVR_AUX_MISC_CHIP
[   11.886275] iwlwifi :03:00.0: 0x0BADCAFE | 
CNVR_SCU_SD_REGS_SD_REG_DIG_DCDC_VTRIM
[   11.887242] iwlwifi :03:00.0: 0x0BADCAFE | 
CNVR_SCU_SD_REGS_SD_REG_ACTIVE_VDIG_MIRROR
[   11.888450] iwlwifi :03:00.0: SecBoot CPU1 Status: 0x3040001, CPU2 
Status: 0x0
[   11.889360] iwlwifi :03:00.0: Failed to start INIT ucode: -110
[   11.890088] iwlwifi :03:00.0: Firmware not running - cannot dump error
[   11.903535] iwlwifi :03:00.0: Failed to run INIT ucode: -110


/proc/version:

Linux version 5.4.0-4-amd64 (debian-ker...@lists.debian.org) (gcc version 9.2.1 
20200203 (Debian 9.2.1-28)) #1 SMP Debian 5.4.19-1 (2020-02-13)

Ajuda com Fail2Ban no PhpMyAdmin

[Henrique Fagundes]

Prezados Colegas,

Estou com uma dificuldade para fazer o Fail2Ban funcionar no phpmyadmin.

Estou utilizando CentOS 8.1.1911 e o fail2ban 0.10.5-2.
O meu PhpMyAdmin está versão 4.9.0.1.

Percebi que o PhpMyAdmin loga as falhas de login no arquivo “/var/log/secure”.

E ele tem uma saída assim:

Feb 14 21:40:37 www phpMyAdmin[3982]: user denied: root (mysql-denied) from 
177.122.254.10
Feb 14 21:42:07 www phpMyAdmin[3978]: user denied: root (mysql-denied) from 
177.122.254.10
Feb 14 21:42:09 www phpMyAdmin[3982]: user denied: root (mysql-denied) from 
177.122.254.10
Feb 14 21:48:06 www phpMyAdmin[3981]: user denied: root (mysql-denied) from 
177.122.254.10

Então, configurei meu “/etc/fail2ban/jail.conf” dessa maneira:

[phpmyadmin]
enabled = true
port = http,https
filter = phpmyadmin
action = iptables-multiport[name=phpmyadmin, port="http,https", protocol=tcp]
 sendmail-whois[name=PHPMYADMIN, dest=supo...@syspack.net.br]
logpath = /var/log/secure
maxretry = 3

E o arquivo de configuração do filtro (/etc/fail2ban/filter.d/phpmyadmin.conf), 
as expressões etão assim:
  
[Definition]
denied = mysql-denied|allow-denied|root-denied|empty-denied
failregex = ^ -.*(?:%(denied)s)$
ignoreregex =

Eu acredito que não esteja sabendo formar corretamente a expressão, pois o 
Fail2Ban não está bloqueando de maneira nenhuma.

Será que alguém poderia me ajudar nessa questão?

Ficarei muito grato.

Atenciosamente, 

Henrique Fagundes 
Analista de Suporte Linux 
supo...@aprendendolinux.com 
Skype: magnata-br-rj 
Linux User: 475399 

https://www.aprendendolinux.com 
https://www.facebook.com/AprendendoLinux 
https://youtube.com/AprendendoLinux 
https://twitter.com/AprendendoLinux 
https://t.me/AprendendoLinux 
https://t.me/GrupoAprendendoLinux 
__ 
Participe do Grupo Aprendendo Linux 
https://listas.aprendendolinux.com/listinfo/aprendendolinux 

Ou envie um e-mail para: 
aprendendolinux-subscr...@listas.aprendendolinux.com 

BRASIL acima de tudo, DEUS acima de todos!

Re: iwlwifi problem with Debian kernel 5.4.0-4-amd64

[Jonas Smedegaard]

Quoting Stefan Pietsch (2020-02-14 22:36:39)
> iwlwifi has a problem with the latest Debian unstable kernel package 
> (5.4.0-4-amd64).
> The wifi interface is not usable.
> 
> 5.4.0-3-amd64 works fine instead.
> 
> Is anyone experiencing the same problem?

Best way to find out is to check if anyone has filed a bugreport.

...and to file a bugreport if noone has done so already, so that others 
can find _your_ experience same way.

In short: Please file bugreports when you experience regressions!


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Re: Do one thing. Do it right

[Stefan Monnier]

> The OP might be better off buying old stuff from ebay.

Indeed, tho craigslist seems ethically superior.

I suspect that "we"'ve built enough gadgets over the last 20 years that
there really shouldn't be any need for me to buy some new electronic
device for the rest my lifetime ;-)

> Surely any cellphone can/must be tracked if you're able to receive
> calls, otherwise they wouldn't know from which tower to transmit to you.

Indeed, it seems that old dumb phones are just as problematic in this respect.

Tho, there is the problem of convincing oneself that the "smartphone"'s
cell connection is really disabled (and can't be surreptitiously re-enabled).
I think it was easier with the old dumb phones since you only had to
convince yourself that it was completely off.

> What I don't know is whether they bother (from a technical standpoint
> rather than espionage) to track a SIM-less phone. Making contact in

Same question for a phone with an old SIM card.
Same question for a phone in "airplane mode".


Stefan

Re: Do one thing. Do it right.

[Dan Purgert]

On Feb 14, 2020, Richard Owlett wrote:
> Youngsters have two foibles:
>   More is always better.

"less is more"

>   Glitz for its own sake.
> 
> For perspective:
>   1. although only in mid-70's, my parents would be in their 12th
>  decade.
>   2. my father took a M.E. degree rather than E.E. as it gave him
>  more of what today would be considered a minimal BSEE degree.
>   3. my first computers ran on 1 MHz 6502's. 2nd even had 8k ram

Well, guess I'm a "youngster" then.  :(
I don't want to be lumped in with that group though. They sound
terrible.

-- 
|_|O|_| 
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281


signature.asc
Description: PGP signature

Re: Do one thing. Do it right.

[David Wright]

On Fri 14 Feb 2020 at 14:33:54 (-0500), Gene Heskett wrote:
> On Friday 14 February 2020 10:29:26 David Wright wrote:
> > On Fri 14 Feb 2020 at 08:55:41 (-0600), Richard Owlett wrote:
> > > On 02/14/2020 07:35 AM, Gene Heskett wrote:
> > > > On Friday 14 February 2020 07:50:01 Richard Owlett wrote:
> > > > > Youngsters have two foibles:
> > > > > More is always better.
> > > > > Glitz for its own sake.
> > > > > 
> > > > > For perspective:
> > > > > 1. although only in mid-70's, my parents would be in their
> > > > > 12th decade.
> > > > > 2. my father took a M.E. degree rather than E.E. as it gave
> > > > > him more of what today would be considered a minimal BSEE
> > > > > degree. 3. my first computers ran on 1 MHz 6502's. 2nd even had
> > > > > 8k ram.
> > > >
> > > > Whereas my first was a
> >
> > [… snipped all the stuff about TV control rooms …]
> >
> > > > Do one job, do it right. I needed a clock for frame code, so I
> > > > wrote one, more accurate that either std frame or drop frame.
> > > >
> > > > > On 02/13/2020 09:17 PM, David Wright wrote in another thread:
> > > > > [ https://lists.debian.org/debian-user/2020/02/msg00611.html ]
> > > > >
> > > > > > If a device is small, it has to appeal to a mass market.
> > > > >
> > > > > *NO*! It's only required that engineering appeal to market.
> > > > > E.G. In the last year there have been multiple amazing
> > > > > prosthetics for children and small animals in the news. They
> > > > > were possible due to advances in 3D printing.
> > > >
> > > > Agreed.
> >
> > Sorry, I didn't realise that when you were talking about a Personal
> > Digital Assistant you meant a plastic finger.
> >
> > > > > > To do that, it has to be packed with features, whether
> > > > > > or not these are "detrimental" to *your* intended use.
> > > > >
> > > > > No! The inclusion of cell modem and WiFi would drive per unit
> > > > > cost of FCC approval through the roof.
> > > >
> > > > Agreed again. Folks have zero clue about the complexity of dealing
> > > > with the regulatory agencies.
> >
> > Is this why virtually every electronic device nowadays has some form
> > of connectivity, either phone, wifi or BT.
> Only because it won't even be picked up and considered for purchase if it 
> has a power or connectivity cord supplied with it.

I agree, and that's what's causing the OP consternation. The Noughties
are long gone. My MP3 player is obsolete. So are most of the components
in the computers I run, all of which are either obsolete or obsolescent.
The OP might be better off buying old stuff from ebay.

[…]

> > > > > > I was surprised how much of the pinephone's functionality
> > > > > > could be switched off, once I'd decoded the jargon in
> > > > > > their specifications (with help). But I don't see how you
> > > > > > can avoid having to compromise over the inclusion of those
> > > > > > (redundant to you) functions, particularly in view of the
> > > > > > extra cost of providing the flexibility to turn them off.
> > > > >
> > > > > If not there then *NO* need to turn off. ROFL
> > > >
> > > > Chuckle.
> > >
> > > We old fogies need to teach these youngsters.
> >
> > Laugh all you like, but that doesn't sell devices that still
> > require wired connections to be able to use them.
> >
> > I think the subject line of this thread is confusing software tools
> > and hardware. People are no longer happy to walk round with their
> > pockets (if they have them) filled with a phone, a camera, a diary,
> > a memo pad, a photo album, an MP3 player, a dictaphone, a calculator,
> > a transistor radio, a street map, a paperback, a pocket chess set,
> > not forgetting a newspaper tucked under their arm.
> 
> This is also true which is why these thing are all crammed to the last 
> byte of their roms with functionality that as a retired old fart don't 
> need. I think its my business where I buy my grocery's, don't you?  
> 
> Carrying that fawncy cellphone guarantees you will be tracked, including 
> that stop on a quiet road to water a thirsty weed. So I buy annual time 
> on a dumb track phone when I'm out of pocket  I've done w/o that crap 
> for 85 years and I don't intend to give up my privacy without first 
> exchanging some lead. But in the event of an accident or mechanical 
> failure, I can call for help.

Surely any cellphone can/must be tracked if you're able to receive
calls, otherwise they wouldn't know from which tower to transmit to you.
What I don't know is whether they bother (from a technical standpoint
rather than espionage) to track a SIM-less phone. Making contact in
that case could be left until you actually try to place a call. I've
forgotten which electronic items I used to hear the interference on.

Cheers,
David.

Re: reiniciar em um determinado tempo

[Vitor Hugo]

Boa tarde;

Rodo alguns scripts e depois de um determinado tempo que eles terminam 
de serem executados o servidor precisa ser reiniciado.


Em 14/02/2020 16:01, Paulino Kenji Sato escreveu:
On Fri, Feb 14, 2020 at 12:17 PM Vitor Hugo > wrote:


Bom dia;

Quais são as alternativas para reinicar o Linux depois de um
determinado
tempo?

Estou utilizando o comando shutdown -r 5 para reiniciar o sistema
após 5
minutos.

Existem outras alternativas?


apt install at
echo "shutdown -r now" | at now+5min

Mas, para que reiniciar depois de um tempo?


--
Paulino Kenji Sato

Debian Bug Squashing Party (BSP) in Gothenburg, Sweden - 29 March 2020

[Guilhem Moulin]

Hi folks,

We'll have a Bug Squashing Party in Gothenburg (Sweden) on Sunday March
29, organized as part of Foss-North's Community Day [0].  The event will
be held at Viktoriahuset [1] (courtesy of the Inbyggd Frihet project),
close to the old town.  Please use the wiki for registration and further
information about the venue:

https://wiki.debian.org/BSP/2020/03/se/Gothenburg

Even if you're not a Debian Developer or Maintainer yet (but are
otherwise interested in fixing bugs and helping Debian) please don't
hesitate to attend; there will be enough people around to sponsor
uploads and/or offer advice.

See you there!
-- 
Andreas & Guilhem.

[0] https://foss-north.se/2020/communityday.html
[1] http://www.viktoriahuset.se/


signature.asc
Description: PGP signature

Debian Bug Squashing Party (BSP) in Gothenburg, Sweden - 29 March 2020

[Guilhem Moulin]

Hi folks,

We'll have a Bug Squashing Party in Gothenburg (Sweden) on Sunday March
29, organized as part of Foss-North's Community Day [0].  The event will
be held at Viktoriahuset [1] (courtesy of the Inbyggd Frihet project),
close to the old town.  Please use the wiki for registration and further
information about the venue:

https://wiki.debian.org/BSP/2020/03/se/Gothenburg

Even if you're not a Debian Developer or Maintainer yet (but are
otherwise interested in fixing bugs and helping Debian) please don't
hesitate to attend; there will be enough people around to sponsor
uploads and/or offer advice.

See you there!
-- 
Andreas & Guilhem.

[0] https://foss-north.se/2020/communityday.html
[1] http://www.viktoriahuset.se/


signature.asc
Description: PGP signature

Re: Comment interdire la consultation de son serveur web sur son IP directe et le port 443?

[G2PC]

Le 14/02/2020 à 15:19, Maxime G. a écrit :
> Incompréhensible bazar !
>
> De plus http://139.99.173.195/ ou https://139.99.173.195/ ne donnent
> plus aucun résultats à présent, l'host ferme le port immédiatement
> sans que le client puisse envoyer d'instructions et sans raison...
>
>

Bah, normal, tu t'es fais ban, après 3 tentatives ;)
C'est la règle apache-auth de fail2ban qui identifie l'erreur 403.


> Expliques-nous simplement ce que tu veux faire, rediriger ton IP vers
> un domaine ou l'envoyer sur une page d'erreur personnalisée ou
> répondre un 403 ??
>
> Un truc simple.

J'ai bien rééxpliqué précédemment.

Re: Comment interdire la consultation de son serveur web sur son IP directe et le port 443?

[G2PC]

> Iptables
> Tu cron un script (20min par exemple) qui vide et reinsert tes règles
> "--src ton.noip.ddns.net " ACCEPT sur ta
> table "INDYNAMIC" par exemple.
> Le reste est DROP

Alors la, j'ai pas compris ton langage.
A quel moment il est question d’empêcher la consultation de IP:443 ? Et,
comment je met ça en place.

Re: Do one thing. Do it right

[Gene Heskett]

On Friday 14 February 2020 16:29:10 Stefan Monnier wrote:

> > The OP might be better off buying old stuff from ebay.
>
> Indeed, tho craigslist seems ethically superior.
>
> I suspect that "we"'ve built enough gadgets over the last 20 years
> that there really shouldn't be any need for me to buy some new
> electronic device for the rest my lifetime ;-)
>
> > Surely any cellphone can/must be tracked if you're able to receive
> > calls, otherwise they wouldn't know from which tower to transmit to
> > you.
>
> Indeed, it seems that old dumb phones are just as problematic in this
> respect.
>
> Tho, there is the problem of convincing oneself that the
> "smartphone"'s cell connection is really disabled (and can't be
> surreptitiously re-enabled). I think it was easier with the old dumb
> phones since you only had to convince yourself that it was completely
> off.

I've had this trackfone turn itself on in the night 3 or 4 times and run 
the battery flatter than a pancake. So I now keep only the wifes phone 
on the charger near the wifes recliner in the other end of the house, 
she can't even get close enough to reach it should some scammer call it, 
about 3" from the pure excrement speakers in her tv she never shuts off. 
They could learn a lot from the program length commercials she uses for 
a lullaby. Shes actually at the short end of dying from copd, and still 
smoking about 2 packs a day. An oxygen hose leads to her chair and has 
for around 4 years now, wore out 2 of them already. 

> > What I don't know is whether they bother (from a technical
> > standpoint rather than espionage) to track a SIM-less phone. Making
> > contact in
>
> Same question for a phone with an old SIM card.
> Same question for a phone in "airplane mode".
>
>
> Stefan

Good question for a survey. Off topic of course. As is my testimony 
above, the legal types would call it heresay.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Do one thing. Do it right

[Mark Allums]

On 2/14/2020 3:29 PM, Stefan Monnier wrote:

What I don't know is whether they bother (from a technical standpoint
rather than espionage) to track a SIM-less phone. Making contact in

Same question for a phone with an old SIM card.
Same question for a phone in "airplane mode".


 Stefan


Old SIM:  yes, they bother.  Definitely.
Airplane mode: in theory, no (no RF output)

Mark

Re: Do one thing. Do it right.

[Gene Heskett]

On Friday 14 February 2020 22:56:11 Richard Owlett wrote:

> On 02/14/2020 12:52 PM, Gene Heskett wrote:
> > On Friday 14 February 2020 09:55:41 Richard Owlett wrote:
> >> We old fogies need to teach these youngsters.
> >
> > But its awful hard to get them to listen when that particular thing
> > has never left toothprints in the vicinity of their wallets. ;-)
>
> Or if *they* explicitly want the "feature" someone else wishes to
> avoid at all costs.
>
Sadly this is also true.

> > Cheers, Gene Heskett


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

No display power management: Intel i915 display

[Charles Curley]

Running Buster as updated. I recently had occasion to reboot my Lenovo
T520, and now the power management will not shut the display off. I
conjecture that some update in the last two months broke things
(again!).

I tried both the power management in xscreensaver (5.42+dfsg1-1) and
xfce4-power-manager (1.6.1-1).

root@jhegaala:~# lspci -vs 00:02.0
00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core 
Processor Family Integrated Graphics Controller (rev 09) (prog-if 00 [VGA 
controller])
Subsystem: Lenovo 2nd Generation Core Processor Family Integrated 
Graphics Controller (ThinkPad T520)
Flags: bus master, fast devsel, latency 0, IRQ 27
Memory at f000 (64-bit, non-prefetchable) [size=4M]
Memory at e000 (64-bit, prefetchable) [size=256M]
I/O ports at 6000 [size=64]
[virtual] Expansion ROM at 000c [disabled] [size=128K]
Capabilities: [90] MSI: Enable+ Count=1/1 Maskable- 64bit-
Capabilities: [d0] Power Management version 2
Capabilities: [a4] PCI Advanced Features
Kernel driver in use: i915
Kernel modules: i915

root@jhegaala:~# cat /etc/debian_version 
10.3
root@jhegaala:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:Debian GNU/Linux 10 (buster)
Release:10
Codename:   buster
root@jhegaala:~# 


-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Do one thing. Do it right.

[Richard Owlett]

On 02/14/2020 12:52 PM, Gene Heskett wrote:

On Friday 14 February 2020 09:55:41 Richard Owlett wrote:


We old fogies need to teach these youngsters.


But its awful hard to get them to listen when that particular thing has
never left toothprints in the vicinity of their wallets. ;-)


Or if *they* explicitly want the "feature" someone else wishes to avoid 
at all costs.




Cheers, Gene Heskett

There is no mk_MK locale in KDE Plasma

[Barney G]

In plasma KDE in system configuration->Personalization->Regional 
Settings->Formats->Detailed Settings you cannot chose mk_MK. This is a 
bug or it is feature?


Barney G.

Re: Copie de fichiers dans un point de montage SSH

[Marc Siegwald]

Le 14/02/2020 à 16:19, Patrick ZAJDA a écrit :


Bonjour,


Sous Debian Buster avec Mate, j'aimerais copier des fichiers entre 
deux répertoires situés sur le même serveur SSH.


Si je fais un point de montage SSHFS, Est-ce que les fichiers 
passeront par ma machine pour revenir sur le serveur ou est-ce que ça 
sera directement copié d'un répertoire à l'autre du serveur.



Même question en faisant "Se connecter à un serveur", est-ce que la 
copie sera "directe" ?



Et dans le cas ou ces deux questions auraient une réponse négative, 
quelqu'un pourrait-il me conseiller un bon explorateur de fichier en 
mode console que je pourrais exécuter directement sur le serveur s'il 
vous plaît ?


J'ai bien essayé VIFM mais pour le moment, un peu de mal à comprendre 
comment l'utiliser ;)



En espérant avoir fourni suffisamment de détails.


Bonne journée,

--
Patrick ZAJDA


Midnight commander ?

(aptitude install mc)

Ça règlerait aussi le problème de la copie entre répertoires...

Bonne journée,

Marc

Re: No display power management: Intel i915 display

[Charles Curley]

On Fri, 14 Feb 2020 16:20:48 -0700
Charles Curley  wrote:

> Running Buster as updated. I recently had occasion to reboot my Lenovo
> T520, and now the power management will not shut the display off. I
> conjecture that some update in the last two months broke things
> (again!).
> 
> I tried both the power management in xscreensaver (5.42+dfsg1-1) and
> xfce4-power-manager (1.6.1-1).

However, running "xset dpms force off" works quite well.

Also, another Buster machine is doing the same thing.

root@hawk:~# lspci -vs 00:02.0
00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v3/4th Gen 
Core Processor Integrated Graphics Controller (rev 06) (prog-if 00 [VGA 
controller])
Subsystem: ASUSTeK Computer Inc. Xeon E3-1200 v3/4th Gen Core Processor 
Integrated Graphics Controller
Flags: bus master, fast devsel, latency 0, IRQ 27
Memory at f780 (64-bit, non-prefetchable) [size=4M]
Memory at e000 (64-bit, prefetchable) [size=256M]
I/O ports at f000 [size=64]
[virtual] Expansion ROM at 000c [disabled] [size=128K]
Capabilities: [90] MSI: Enable+ Count=1/1 Maskable- 64bit-
Capabilities: [d0] Power Management version 2
Capabilities: [a4] PCI Advanced Features
Kernel driver in use: i915
Kernel modules: i915

root@hawk:~# 



-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: The nightmare of Intel Integrated GPUs under Linux in general and Debian in particular

[Miguel A. Vallejo]

Jörg-Volker Peetz wrote:

> Do you also use the skylake GPU firmware which should be located in
> /lib/firmware/i915/
> (from package firmware-linux-nonfree, I think; file names beginning with 
> "skl_")?

Of course. I even installed the missing files in current testing / unstable

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931930

But no difference. Once you start to use 3D accelerated graphics, the
bomb starts ticking to explode when you least expect it.

Re: buster: low audio level

[Andrei POPESCU]

On Mi, 12 feb 20, 10:34:27, D. R. Evans wrote:
> I just installed buster on a new (to me) machine, and the audio level is very
> low. With all the mixer controls and the physical volume control on the
> speakers turned up, I can hear audio, but even then it is unpleasantly quiet,
> certainly nothing one would want to listen to.
> 
> Any suggestions as to how to fix this, or even how to go about investigating
> it sensibly, would be gratefully received.

Could it be the source (application, whatever) also has volume controls? 

You could try running 'speaker-test' (package alsa-utils) to rule out a 
problem with the audio source.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: buster: low audio level

[Andrei POPESCU]

On Mi, 12 feb 20, 19:15:57, Doug McGarrett wrote:
> 
> What on earth is bikeshedding? That's a new one on me!

http://bikeshed.org/

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Best file system to use?

[Andrei POPESCU]

On Mi, 12 feb 20, 17:55:52, Dennis Wicks wrote:
> Greetings;
> 
> I have 4TB running on an AMD Ryzen under Buster. What is the current
> consensus of the best file system to use for general data usage? I have been
> using xfs but that is based on info from many years ago.

If you must ask, use ext4: it is actively developed, general purpose and 
has a huge user base (that means it is tested, well supported, etc.), 
well supported at the lowest level (e.g. by bootloaders).

In order to get better recommendations for your use case you have to 
provide more information: what kind and of data, hardware, redundancy, 
etc.

And whatever you end up using, remember to backup you data.
http://taobackup.com/

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Wifi USB dongle

[didier . gaumet]

The Netgear A6210 (mt76 driver) would do.
Readily available in France at Darty.