date:20150326


Hello it's me again,

thanks for the hint with wget, this was very useful.

The problem with not redirect https to an errorpage is not solved but 
this is okay. It's only a nice to have feature to redirect to an errorpage.


But I have a new problem, I want to have a transparent proxy for http 
this works fine but when I add the iptables rule for https the loading 
won't work.


With the config now you can bypass the blocking with using https, this 
is not so good.


I think it's the same as the other problem I had, squid3 is not able to 
read and understand the https traffic unless I break the https protocol.


But when I use the CONNECT method to tunneling the https traffic I 
thought I can block the https sites with the transparent proxy.


Here is my iptables rule for https:


iptables -t nat -A PREROUTING -p TCP --dport 443 -j REDIRECT --to-port 3128


Here is my squid3 config file:


http_port 3128 intercept

url_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf
url_rewrite_children 2

cache_mem 32 MB
maximum_object_size 1 KB
maximum_object_size_in_memory 32 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

cache_dir aufs /var/spool/squid3 2048 128 1024

acl manager proto cache_object

acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8

acl net1 src 172.16.1.0/24
acl net2 src 172.16.2.0/24
acl net3 src 172.16.3.0/24

acl SSL_PORTS port 443

acl SAFE_PORTS port 21
acl SAFE_PORTS port 80
acl SAFE_PORTS port 443

acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager

http_access deny !SAFE_PORTS
http_access deny CONNECT !SSL_PORTS

http_access allow localhost
http_access allow net1
http_access allow net2
http_access allow net3
http_access deny all


Thanks for help!

best regards,
Michael

Bob Proulx b...@proulx.com wrote:

Sven Hartge wrote:

Michael I. wrote:

I tested around a bit with squid3+squidguard and I found out that the
redirect works with the Internet Explorer (IE 11).



Then I tested some other browser (firefox, chrome, ..) and with all
the other browser the redirect didn't work.


Be careful using browsers to test redirects because browsers strongly
cache results.  It causes endless confusion with people.  The network
wisdom is to test using tools such as wget and curl which don't cache
and look at the headers for verification.

   wget -S -O/dev/null https://somesite.example.com/

The command line is preferred because it is a zillion times faster
than exiting the browser and flushing the browser cache manually
before every browser test.  It avoids the possibility of a monkey
testing mistake.


Is there a bug in the Internet Explorer or is this because the IE
handle https on an other way?


Hard to guess since you never told us exactly what your configuration in
squid3, squidguard and the browser is, what exactly you do to get a
specific result (error page, redirected page, etc.).


I immediately suspect browser caching a previous redirect since that
has been a problem so many times before.

Bob




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5513ee85.5060...@abwesend.de

Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs

2015-03-26 Thread Bernard Schoenacker

Le Thu, 26 Mar 2015 12:15:44 +0100,
Bernardo bernardo.s...@siorat.net a écrit :

 sftp

bonjour,

est il possible de faire un essai au travers de filezilla et de
communiquer le résultat ?

slt
bernard

-- 
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150326123258.44b2af11.bernard.schoenac...@free.fr

Re: (FUERA DE TEMA) Lo del admin despedido

2015-03-26 Thread Altair Linux

En lo de los abogados tienes parte de razon, cuando se meten los
abogados la pregunta es quien tiene mas pillado al otro bando,
porque sera quien ponga las condiciones. Esto ha pasado varias veces,
creo que donde mas es en Estados Unidos, donde ha habido empresas
relativamente grandes que han tenido que aceptar chantajes.
Generalmente lo que piden es dinero, una cantidad elevada pero que la
empresa se puede permitir. Pero en otras ocasiones han pedido trabajo
poniendo ellos las condiciones, y la empresa ha tenido que aceptar.

No es informacion que sea conocida de manera abierta porque a ninguna
empresa le interesa que sus clientes o el publico en general sean
ciertas cosas.

El día 25 de marzo de 2015, 22:45, Angel Claudio Alvarez
an...@angel-alvarez.com.ar escribió:
El Wed, 25 Mar 2015 10:59:16 +0100
Altair Linux altairli...@gmail.com escribió:

No se de que pais eres, yo estoy en Valencia (España).

Buenos Aires, Argentina

Yo creo que puede ser cierto, en españa las cosas estan como estan y
depende de lo que tenga el tipo puede ser que a la subcontrata no le
quede mas remedio que pasar por el aro.

yo creo que no, porque las empresas no funcionan asi, no hacen beneficencia
y no pagan costos tan altos como un infeliz admin que los amenace
Si la empresa es chica , no va a incrementar sus costos de esta manera,
porque con la crisis que hay en España dura 2 meses y tiene que cerrar
Y si la empresa es grande, tiene un buen estudio de abogados que por las
buenas o por las malas te hace desistir. Ademas tene en cuenta que el tipo es
un admin, no es alguien especializado en manipular gente y aguantarse lo que
venga, o alguien que no le tenga miedo a cosas pesadas

Insisto es una leyenda urbana

Tambien me encaja bastante con el modo de operar de cierto tipo de
empresas. Si quieres ascender en la empresa debes demostrar que
piensas como ellos, que apruebas lo que hacen, que haces las cosas
como ellos quieren que se hagan, etc. Cuanta mas gente hay en una
empresa, y sobretodo cuantos mas niveles de jerarquia hay, mas facil
es que haya corrupcion en algun sitio.

Ahi tenes el principal problema, la vida no es el trabajo, un ascenso se da ,
no se pide o se pelea por el. Hay mil cosas mas importantes que un ascenso.
Jamas cambiaria mi forma de pensar por un ascenso, llevo mas de 30 años
trabajando y lo que tengo me lo gane por mi capacidad, no por pensar igual
que la empresa. He cambiado varias veces de trabajo y he tenido epocas
duras,y muchas veces no trabaje de lo que me gustaba, incluso muchas veces
trabaje en cualquier cosa. No hay excusas para entregar tus banderas. Un
trabaj es solo un medio, la vida es otra cosa

En españa eso de los sicarios no suele hacerse, es muy raro. Se suele
decir que la mafia española es mas peligrosa que la mafia italiana,
porque la española no necesita matar. Funciona a base de sobornos,
chantajes, trafico de influencias, etc. Esto se ve mucho a niveles de
empresas, cuando son mas o menos grandes, y sobretodo a niveles
politicos

Lo del sicario es un decir, pero te ponen un estudio de abogados (que son
peores que los sicarios)
que te peguen un buen susto, y si vos no tenes un sindicato que te proteja o
simplemente no tenes calle enseguida te convencen para que te dejes de
molestar

Mira que en mi pais hemos pasado por epocas peores que las que Uds. estan
pasando, pero lo importante en no doblegarse, ni dejarse llevar.
saludos

--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/ca+hdpf+ac83j2dh1svcoemkz_h_g65+zyvkpjjyjzmc+c...@mail.gmail.com

--
Angel Claudio Alvarez an...@angel-alvarez.com.ar

--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/20150325184506.4783482b311bb56a4a37c...@angel-alvarez.com.ar

--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/CA+HdPfK7RhU3o=APGtr2ksGPk=nklwk-qb_s24ho_0xcp_n...@mail.gmail.com

Re: Redirect HTTPS with Squid3+Squidguard

2015-03-26 Thread Sascha Steinmann (adremes GmbH Co KG)

Michael I. linux-michae...@abwesend.de wrote:

 But I have a new problem, I want to have a transparent proxy for http 
 this works fine but when I add the iptables rule for https the loading 
 won't work.

Of course not. That this is not working is the _whole point_ of any
end-to-end encrypted connection.

What you are effectivly trying to do is an Man-in-the-Middle attack.

You cannot transparently proxy *any* encrypted connection without major
trickery, like I wrote in my first mail. You would need a fake CA
certificate (why this is a _very_ bad idea you just have to look at the
latest CNNIC and MSC debacle: (sorry, German URL)
https://www.psw-group.de/blog/cnnic-signiert-falsche-google-zertifikate/2112
or
http://www.heise.de/security/meldung/Google-deckt-erneut-Missbrauch-im-SSL-Zertifizierungssystem-auf-2583414.html),
 and have your proxy terminate the end-to-end encryption by issuing a fake 
certificate on the fly, so that the client is satisfied and then create another 
new encrypted connection to the intended end-point.

There _are_ security appliances out there which work in that way but
they are considered _very_ *very* bad practice and should be avoided at
all costs.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/11bg3gmtro...@mids.svenhartge.de

contribution possible ?

2015-03-26 Thread Hervé Chedot

Bonjour,

Je ne suis pas nouvel utilisateur de Debian mais je ne suis pas non plus un
débutant. Là où je pourrais sans doute apporter pierre à l'édifice, ce
serait au niveau des traductions.

Je travaille et mon parc informatique fonctionne plutôt pas mal donc plutôt
que de m'abrutir sur des tâches qui n'apporteront rien à personne,
j'aimerais plutôt utiliser du temps pour des choses concrètes et qui
serviront à des utilisateurs désireux d'utiliser des applications efficaces.

A qui dois-je m'adresser et quand commencer ?

Merci pour votre réponse.

Hervé CHEDOT.

Re: contribution possible ?

2015-03-26 Thread Charles Plessy

Le Thu, Mar 26, 2015 at 01:03:23PM +0100, Hervé Chedot a écrit :
 
 Je ne suis pas nouvel utilisateur de Debian mais je ne suis pas non plus un
 débutant. Là où je pourrais sans doute apporter pierre à l'édifice, ce
 serait au niveau des traductions.
[...]
 A qui dois-je m'adresser et quand commencer ?

Bonjour Hervé

il faut s'adresser à debian-l10n-fre...@lists.debian.org.

Il y a aussi une documentation assez complète sur le site Debian
à la page https://www.debian.org/international/french/.

Amicalement,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japon

-- 
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: https://lists.debian.org/20150326121908.ga8...@falafel.plessy.net

Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs

2015-03-26 Thread Raphaël POITEVIN

Bonjour,
Bernardo bernardo.s...@siorat.net writes:
 - si je transfère le même fichier par sftp vers la machine distante, ça dure
 moins de 5 secondes !

c’est-à-dire, que fais-tu ?

Si tu fais un cp ça réagit comment ?
-- 
Raphaël
Hypra S.A.S.

--
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: https://lists.debian.org/87bnjfq4n3.fsf@mozart.musiciens

AW: Redirect HTTPS with Squid3+Squidguard

I agree 100% with Reco.
Don't use technical Stuff to protect your children.
Learn them to use their Brain, to protect their self.
It's the most important thing, when u sit in front of a Computer.
When u want to block adult content u have to block 80% of the entire visible
web.
And you will spend your evenings to make your blacklists up2date.
Greetings
Sascha

-Ursprüngliche Nachricht-
Von: Reco [mailto:recovery...@gmail.com]
Gesendet: Donnerstag, 26. März 2015 13:52
An: debian-user@lists.debian.org
Betreff: Re: Redirect HTTPS with Squid3+Squidguard

Hi.

On Thu, 26 Mar 2015 13:21:57 +0100
Peter Viskup skupko...@gmail.com wrote:

Hi,
just jumped into SSLBump/Split features some months ago. I don't find
these features harmful. Especially when protecting your children from
access of YouTube or other possibly harmful sites. Once you are logged
with Google account they redirect your communication to https which
makes the inspection not possible. The Squid's SSLBump/Split (whose
name in latest version SslPeekAndSplice) is the only feature which
will make the inspection happen. This means there are still some cases
where this feature is very helpful and the only one freely available.

If you're considering that spying on your own children is a good idea - I don't
even know what to say. They solve such problems here by educating children, not
limiting their internet access. Besides, if a child would really want to bypass
such access control - he or she will find a way sooner or later (hint - a
cellphone, for instance).

The only good usage of SSL Bump in my book is reverse-engineering certain
proprietary applications.

Recp

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/20150326155150.246957029666332067526...@gmail.com

Re: Redirect HTTPS with Squid3+Squidguard

Without the SSL splitting the only option is to install some software on
the client side. Some endpoint security software doing the inspection of
the web data transfers on the fly before they pass the TLS tunnel. It's the
same like SSL split on Squid, but let's say more transparent. Unfortunately
I don't know any such software for Linux - all of those I know are for
Windows as this OS has API for that spying.
Can mention two for all of them:
 - Kaspersky Internet Security
 - Eset Endpoint Security
These are my favorites, but there are other SWs available.
The open source and best way to protect children is the proxy with SSLBump.
Have a look on Untangle [1] for complete FW solution with the SSLBump
feature.

[1] www.untangle.com


On Thu, Mar 26, 2015 at 2:04 PM, Michael I. linux-michae...@abwesend.de
wrote:

 Sven Hartge s...@svenhartge.de wrote:

 Michael I. linux-michae...@abwesend.de wrote:

  But I have a new problem, I want to have a transparent proxy for http
 this works fine but when I add the iptables rule for https the loading
 won't work.


 Of course not. That this is not working is the _whole point_ of any
 end-to-end encrypted connection.

 What you are effectivly trying to do is an Man-in-the-Middle attack.


 All I want is to protect children of harmful content (adult content).

  You cannot transparently proxy *any* encrypted connection without major
 trickery, like I wrote in my first mail. You would need a fake CA
 certificate (why this is a _very_ bad idea you just have to look at the
 latest CNNIC and MSC debacle: (sorry, German URL)
 https://www.psw-group.de/blog/cnnic-signiert-falsche-
 google-zertifikate/2112
 or
 http://www.heise.de/security/meldung/Google-deckt-erneut-
 Missbrauch-im-SSL-Zertifizierungssystem-auf-2583414.html), and have
 your proxy terminate the end-to-end encryption by issuing a fake
 certificate on the fly, so that the client is satisfied and then create
 another new encrypted connection to the intended end-point.

 There _are_ security appliances out there which work in that way but
 they are considered _very_ *very* bad practice and should be avoided at
 all costs.


 I don't want to fake a CA certificate because the danger.

 Is there any other way to block those sites? Maybe block the IPs in the
 firewall, but I think this is a big hassle?

  Grüße,
 Sven.



 --
 To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a
 subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
 Archive: https://lists.debian.org/551403f7.7080...@abwesend.de

Re: [OT] Tomcat SSL con geotrust EV multidomain

2015-03-26 Thread Sergio Villalba

Ahora si, solucionado

Me faltaba el paso de ha enviado Camaleón:
https://www.geocerts.com/install/tomcat

Mil gracias y un saludo.



El día 23 de marzo de 2015, 19:19, Camaleón noela...@gmail.com escribió:
 El Mon, 23 Mar 2015 18:15:18 +0100, Sergio Villalba escribió:

 Voy avanzando..

 (...)

 Cuando carga el https no dice típico mensaje Error de certificado...he
 seguido los pasos de la Web de Geotrust:
 https://www.geotrust.com/resources/extended-validation-ssl/installation-
 instructions.html#03
 pero nada...

 Comprueba que no te hayas saltado ningún paso y que la generación del CSR
 y las claves es correcta, además de configurar el certificado intermedio:

 Install SSL Certificate Tomcat
 https://www.geocerts.com/install/tomcat

 Certificate Signing Request (CSR) Generation Instructions - Tomcat
 https://knowledge.geotrust.com/support/knowledge-base/index?page=contentid=AR897

 Saludos,

 --
 Camaleón


 --
 To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
 with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
 Archive: https://lists.debian.org/pan.2015.03.23.18.19...@gmail.com



--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/ca+ylrtdx4bg8p9-+27c9a-wkvsgmnhdjlaud9gxhq+7tvyc...@mail.gmail.com

Re: Redirect HTTPS with Squid3+Squidguard

It's the way you look at.
For me it's about prevention...your child can click on some link somewhere
and see some pictures/videos which will remain in his/her mind (let's say)
forever and can harm even if it was only seconds they were seen...I am
speaking about children less than 15 years old...and even older children
needs protection.

On Thu, Mar 26, 2015 at 2:19 PM, Sascha Steinmann (adremes GmbH Co KG)
steinm...@adremes.com wrote:

I agree 100% with Reco.
Don't use technical Stuff to protect your children.
Learn them to use their Brain, to protect their self.
It's the most important thing, when u sit in front of a Computer.
When u want to block adult content u have to block 80% of the entire
visible web.
And you will spend your evenings to make your blacklists up2date.
Greetings
Sascha

-Ursprüngliche Nachricht-
Von: Reco [mailto:recovery...@gmail.com]
Gesendet: Donnerstag, 26. März 2015 13:52
An: debian-user@lists.debian.org
Betreff: Re: Redirect HTTPS with Squid3+Squidguard

Hi.

On Thu, 26 Mar 2015 13:21:57 +0100
Peter Viskup skupko...@gmail.com wrote:

If you're considering that spying on your own children is a good idea - I
don't even know what to say. They solve such problems here by educating
children, not limiting their internet access. Besides, if a child would
really want to bypass such access control - he or she will find a way
sooner or later (hint - a cellphone, for instance).

The only good usage of SSL Bump in my book is reverse-engineering certain
proprietary applications.

Recp

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
listmas...@lists.debian.org
Archive:
https://lists.debian.org/20150326155150.246957029666332067526...@gmail.com

--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
listmas...@lists.debian.org
Archive:
https://lists.debian.org/f6da57c02758bb41bf462233ad62bf9265836...@ex10mbox1e.hosting.inetserver.de

Re: Redirect HTTPS with Squid3+Squidguard

Michael I. linux-michae...@abwesend.de wrote:
 Sven Hartge s...@svenhartge.de wrote:
 Michael I. linux-michae...@abwesend.de wrote:

 But I have a new problem, I want to have a transparent proxy for
 http this works fine but when I add the iptables rule for https the
 loading won't work.

 Of course not. That this is not working is the _whole point_ of any
 end-to-end encrypted connection.

 What you are effectivly trying to do is an Man-in-the-Middle
 attack.

 All I want is to protect children of harmful content (adult content).

You have already lost. If you build walls around content you don't like,
your children _will_ find ways of accessing it some other way. Besides,
all younger children (younger than 12/14 years) I observed surfing the web
don't have any direct interest in nudity anyway. And if they stumble
upon such an image the reaction was eww, gross and a quick click on
the Back-button. And older children, after starting puberty, already
had several access methods for recreational pictures, mostly through
friends.

There is no way of protecting your children by technical means without
going down a rabbit hole of problems and inconveniences.

Educate them, supervise them. There is no other way.

By building a STOP sign in front of things you only heighten the
curiosity.

If your children are too young, they shouldn't use the Internet without
a parent (or other trusted person) present anyway.

If they are old enough, you have to learn to trust them and exersice
other disciplinary consequences if they do things they should not do.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/12bg3m53ro...@mids.svenhartge.de

Re: Redirect HTTPS with Squid3+Squidguard

Hi,
just jumped into SSLBump/Split features some months ago. I don't find these
features harmful. Especially when protecting your children from access of
YouTube or other possibly harmful sites. Once you are logged with Google
account they redirect your communication to https which makes the
inspection not possible. The Squid's SSLBump/Split (whose name in latest
version SslPeekAndSplice) is the only feature which will make the
inspection happen. This means there are still some cases where this feature
is very helpful and the only one freely available.

-- 
Peter Viskup

On Thu, Mar 26, 2015 at 12:58 PM, Sven Hartge s...@svenhartge.de wrote:

 Michael I. linux-michae...@abwesend.de wrote:

  But I have a new problem, I want to have a transparent proxy for http
  this works fine but when I add the iptables rule for https the loading
  won't work.

 Of course not. That this is not working is the _whole point_ of any
 end-to-end encrypted connection.

 What you are effectivly trying to do is an Man-in-the-Middle attack.

 You cannot transparently proxy *any* encrypted connection without major
 trickery, like I wrote in my first mail. You would need a fake CA
 certificate (why this is a _very_ bad idea you just have to look at the
 latest CNNIC and MSC debacle: (sorry, German URL)
 
 https://www.psw-group.de/blog/cnnic-signiert-falsche-google-zertifikate/2112
 
 or
 
 http://www.heise.de/security/meldung/Google-deckt-erneut-Missbrauch-im-SSL-Zertifizierungssystem-auf-2583414.html),
 and have your proxy terminate the end-to-end encryption by issuing a fake
 certificate on the fly, so that the client is satisfied and then create
 another new encrypted connection to the intended end-point.

 There _are_ security appliances out there which work in that way but
 they are considered _very_ *very* bad practice and should be avoided at
 all costs.

 Grüße,
 Sven.

 --
 Sigmentation fault. Core dumped.


 --
 To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
 with a subject of unsubscribe. Trouble? Contact
 listmas...@lists.debian.org
 Archive: https://lists.debian.org/11bg3gmtro...@mids.svenhartge.de

Re: Redirect HTTPS with Squid3+Squidguard

 Hi.

On Thu, 26 Mar 2015 13:21:57 +0100
Peter Viskup skupko...@gmail.com wrote:

 Hi,
 just jumped into SSLBump/Split features some months ago. I don't find these
 features harmful. Especially when protecting your children from access of
 YouTube or other possibly harmful sites. Once you are logged with Google
 account they redirect your communication to https which makes the
 inspection not possible. The Squid's SSLBump/Split (whose name in latest
 version SslPeekAndSplice) is the only feature which will make the
 inspection happen. This means there are still some cases where this feature
 is very helpful and the only one freely available.

If you're considering that spying on your own children is a good idea -
I don't even know what to say. They solve such problems here by
educating children, not limiting their internet access. Besides, if a
child would really want to bypass such access control - he or she will
find a way sooner or later (hint - a cellphone, for instance).

The only good usage of SSL Bump in my book is reverse-engineering
certain proprietary applications.

Recp


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150326155150.246957029666332067526...@gmail.com

Re: SmartList's contact info

2015-03-26 Thread via Brewster

Title: Join Brewster











Current City










debian-user-catalan@lists.debian.org











Mobile Number







		
		
			
		
		
			
		
		
		
			
			Confirm/Update for Robert Garrigos 
			
		
		
		
			For your safety, this link expires in 48 hours
		
		
			
		
	



			
		
	
	



	
	
		
			

			
			
Featured on:
			
			


	
		
			
			
			
		
		
			
			

	
		
		
		
		
		
	

			
			
		
		
			
			

	
		
		
		
		
		
	

			
			
		
		
			
		
	


			
			

			
		
	
	


			
		
		
	
	
	
		
		
			

	


	


	Your Contacts, Synced Anywhere


	


	Why did you receive this email?


	11 East 4th St. #2F New York, NY 10003


	Unsubscribe 

			
		
		
	
	
	
		
	

			
			
		
	







--
To UNSUBSCRIBE, email to debian-user-catalan-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/5513f836d6a93_596d5049f5c387...@prod-rs-r10.ihost.brewster.com.mail

Re: Redirect HTTPS with Squid3+Squidguard

2015-03-26 Thread Guimarães Faria Corcete DUTRA , Leandro


Sven Hartge s...@svenhartge.de wrote:

Michael I. linux-michae...@abwesend.de wrote:


But I have a new problem, I want to have a transparent proxy for http
this works fine but when I add the iptables rule for https the loading
won't work.


Of course not. That this is not working is the _whole point_ of any
end-to-end encrypted connection.

What you are effectivly trying to do is an Man-in-the-Middle attack.



All I want is to protect children of harmful content (adult content).


You cannot transparently proxy *any* encrypted connection without major
trickery, like I wrote in my first mail. You would need a fake CA
certificate (why this is a _very_ bad idea you just have to look at the
latest CNNIC and MSC debacle: (sorry, German URL)
https://www.psw-group.de/blog/cnnic-signiert-falsche-google-zertifikate/2112
or
http://www.heise.de/security/meldung/Google-deckt-erneut-Missbrauch-im-SSL-Zertifizierungssystem-auf-2583414.html),
 and have your proxy terminate the end-to-end encryption by issuing a fake 
certificate on the fly, so that the client is satisfied and then create another new 
encrypted connection to the intended end-point.

There _are_ security appliances out there which work in that way but
they are considered _very_ *very* bad practice and should be avoided at
all costs.



I don't want to fake a CA certificate because the danger.

Is there any other way to block those sites? Maybe block the IPs in the 
firewall, but I think this is a big hassle?



Grüße,
Sven.




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/551403f7.7080...@abwesend.de

Gnome troubleshooting after upgrading to stable

I recently upgraded, but my users are not able to log in.

They get the ‘Oh no, something went wrong’ message.

.xsession_errors of a new, clean user:
/etc/gdm3/Xsession: Beginning session setup...
localuser:t being added to access control list
openConnection: connect: Arquivo ou diretório não encontrado
cannot connect to brltty at :0
GNOME_KEYRING_CONTROL=/home/t/.cache/keyring-S4ZPso
GPG_AGENT_INFO=/home/t/.cache/keyring-S4ZPso/gpg:0:1
GNOME_KEYRING_PID=436
GNOME_KEYRING_CONTROL=/home/t/.cache/keyring-S4ZPso
GPG_AGENT_INFO=/home/t/.cache/keyring-S4ZPso/gpg:0:1
SSH_AUTH_SOCK=/home/t/.cache/keyring-S4ZPso/ssh
GNOME_KEYRING_CONTROL=/home/t/.cache/keyring-S4ZPso
GPG_AGENT_INFO=/home/t/.cache/keyring-S4ZPso/gpg:0:1
SSH_AUTH_SOCK=/home/t/.cache/keyring-S4ZPso/ssh
GNOME_KEYRING_CONTROL=/home/t/.cache/keyring-S4ZPso
GPG_AGENT_INFO=/home/t/.cache/keyring-S4ZPso/gpg:0:1
SSH_AUTH_SOCK=/home/t/.cache/keyring-S4ZPso/ssh
Initializing tracker-store...
Creating config directory:'/home/t/.config/tracker'
Tracker-Message: Setting up monitor for changes to config
file:'/home/t/.config/tracker/tracker-store.cfg'
Tracker-Message: Setting up monitor for changes to config
file:'/home/t/.config/tracker/tracker-store.cfg'
Could not open log:'/home/t/.local/share/tracker/tracker-store.log',
Arquivo ou diretório não encontrado
All logging will go to stderr
Starting log:
  File:'/home/t/.local/share/tracker/tracker-store.log'
x-session-manager[377]: WARNING: Failed to start app: Unable to start
application: Falha ao executar processo filho gcm-apply (Arquivo ou
diretório não encontrado)
Initializing tracker-miner-fs...
Tracker-Message: Setting up monitor for changes to config
file:'/home/t/.config/tracker/tracker-miner-fs.cfg'
Starting log:
  File:'/home/t/.local/share/tracker/tracker-miner-fs.log'
Failed to play sound: File or data not found
** Message: applet now removed from the notification area
** Message: applet now embedded in the notification area
Aviso do gerenciador de janelas: CurrentTime used to choose focus
window; focus window may not be correct.
Aviso do gerenciador de janelas: Got a request to focus the
no_focus_window with a timestamp of 0.  This shouldn't happen!

(gnome-shell:473): Cogl-WARNING **: X Error received while making
drawable 0x00E0001B current
Aviso do gerenciador de janelas: Log level 8:
_shell_embedded_window_unrealize: assertion `SHELL_IS_EMBEDDED_WINDOW
(window)' failed
** Message: Stopping applet secret agent because GNOME Shell appeared

(gnome-settings-daemon:435): PackageKit-WARNING **: couldn't parse
execption 
'GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._pk_5ftransaction_5ferror.Code4:
GetDistroUpgrades not supported by backend', please report

(gnome-settings-daemon:435): updates-plugin-WARNING **: failed to get
upgrades: 
GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._pk_5ftransaction_5ferror.Code4:
GetDistroUpgrades not supported by backend

(gnome-settings-daemon:435): PackageKit-WARNING **: couldn't parse
execption 
'GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._pk_5ftransaction_5ferror.Code4:
GetDistroUpgrades not supported by backend', please report

(gnome-settings-daemon:435): updates-plugin-WARNING **: failed to get
upgrades: 
GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._pk_5ftransaction_5ferror.Code4:
GetDistroUpgrades not supported by backend
Aviso do gerenciador de janelas: Log level 8:
_shell_embedded_window_unrealize: assertion `SHELL_IS_EMBEDDED_WINDOW
(window)' failed
.xsession-errors (END)

How can I troubleshoot it?

Thanks in advance!


-- 
skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
+55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
+55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803
BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/cafqwws7dh1_l-qsfzajr8zk46b35r5u3sw-okp5eu2eupoe...@mail.gmail.com

Re: trouble installing Debian testing/jessie

2015-03-26 Thread Paul E Condon

On 20150325_1530-0400, mizuki wrote:
 Hi,
 
 Since Mar 10th, I seem to have trouble installing Debian testing on a
 virtual machine or a physical machine, always fails at step 'Partition
 disk' with partman, it complains:
 
 The attempt to mount a file system with type ext4 in SCSI1(0,0,0),
 partition #1 (sda) at / failed.
 You may resume partitioning from the partitioning menu.
 
 This happens during a netboot through a manual installation or preseed,
 using 'regular' or 'raid' method with partman-auto, and doesn't matter what
 recipe I'm using, 'atomic' or expert-recipe, always hit this error,
 
 Does anyone have the same experince, can anyone advice?
 Thanks!
 
 Mizuki

HI, Mizuki,

I also have experienced this problem, but in a different environment.
The most recent version of netinst that I have used successfully is:
debian-jessie-DI-b1-i386-netinst.iso

CDs since then have allowed me to go through the motions of setting up
partitions, but fail repeatedly to actually write the new stuff onto
the physical HD, for me. My research of this problem has not been
exhaustive, and I couldn't believe I hadn't done something wrong, and
I intended to go back and check on the more recent CD after I fixed
the problem that forced me to try installing from scratch.  Until
reading your email, I was pretty sure I would discover some mistake
that I had been making with the newer CDs. I haven't completed rebuild
of my system, yet, So all I can say is 'I feel your pain.'

Kind regards,
-- 
Paul E Condon   
pecon...@mesanetworks.net


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150327021643.gb15...@big.lan.gnu

Re: Planning a new Debian box!

2015-03-26 Thread Bob Bernstein

On Thu, Mar 26, 2015 at 09:09:28PM -0600, Paul E Condon wrote:


 ...some BIOS code that blocks copying a backup copy of Win7 in 
 a hidden partition on HD...

Now, see? That's some hardcore M$ crap right there! Thas what
I'm talkin 'bout!

 To get rid of this hidden partition, you will have to use dd 
 to overwrite it with zero bytes.

I don't see (yet) that I must get rid of it. I don't care a fig 
about pure Debian. Am I wrong? BUT, if it (said nefarious 
hidden partition) is going to come back and bite me my grubs
later, then I might begin to feel differently about that crummy 
old no-good M$ hidden partition. Will it do that?
 
 After that, you have a pure Debian box or...if you don't 
 succeed in getting Debian installed you have a oddly shaped 
 boat anchor.

I am already well stocked with odd boat anchors thank you very 
much. It takes a small act of congress for me to convince my 
local town recycling mafiosi to actually pick them up if I 
manage to heave them onto the sidewalk.

 IMHO, it is definitely *not* a no-brainer.

If there's anything that can be said about this Friday night's 
debian-user crowd, it is that there are very few no-brainers 
among us. I detect rather a few big brains out there. You know 
who you are!

 You might, instead, investigate buy a new SATA drive, maybe 
 larger than the one containing Win7 and install the new SATA.

How soon can you get a check to me?

 I may be wrong in all these points...

Now, sir, you are clearly an honest man for saying that. Mencken 
was reputed to sign off on letters in which he had no particular 
interest (nor in their authors) like so:

You may be right,

(Thanks *all*)
-- 
Bob Bernstein

 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150327035526.ga28...@sixtiessurvivor.org

Re: Planning a new Debian box!

2015-03-26 Thread Paul E Condon

On 20150326_1551-0400, Bob Bernstein wrote:
 Shortly I will become the owner of a refurbished Dell with Win7 already on
 its 160g sata hard drive.
 
 I have no need or use for a multi-OS multi-boot machine. I only want wheezy
 on this for now.
 
 Question: can I entrust to the Debian installer the task of repartitioning
 and formatting the HD with all that Windoze cruft already on it?
 
 Or, are there steps I ought to take prior to launching the installer,
 perhaps involving other disk tools? I don't trust what M$ puts on hard
 drives!
 
 TIA Debian peeps!
 
 -- 
 These are not the droids you are looking for.

Others have already advised making a restore disk of Win7. My
experience is that refurb Dells with Win7 installed come with a
restore disk. *BUT  a big caveat: The supplied 'restore disk' does
not actually contain a copy of the system. What it does is bypass some
BIOS code that blocks copying a backup copy of Win7 in a hidden
partition on HD and also patch into the newly restored Win7 certain
things that are looked for by code in the boot RAM that let a normal,
to the Microsoft world, boot. To get rid of this hidden partition, you
will have to use dd to overwrite it with zero bytes. After that, you
have a pure Debian box, or as a friend of mine who told me about this,
it you don't succeed in getting Debian installed you have a oddly
shaped boat anchor.

IMHO, it is definitely *not* a no-brainer.

You might, instead, investigate buy a new SATA drive, maybe larger
than the one containing Win7 and install the new SATA. Check the
facts, as best you can. Low price larger SATA drives that I have seen
on the web seem all to be refurb HDD. I may be wrong in all these
points:

Caveat Emptor.
-- 
Paul E Condon   
pecon...@mesanetworks.net


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150327030928.gc15...@big.lan.gnu

Re: Redirect HTTPS with Squid3+Squidguard

Sven Hartge s...@svenhartge.de wrote: Michael I. 
linux-michae...@abwesend.de wrote:

Sven Hartge s...@svenhartge.de wrote:

Michael I. linux-michae...@abwesend.de wrote:



But I have a new problem, I want to have a transparent proxy for
http this works fine but when I add the iptables rule for https the
loading won't work.


Of course not. That this is not working is the _whole point_ of any
end-to-end encrypted connection.

What you are effectivly trying to do is an Man-in-the-Middle
attack.



All I want is to protect children of harmful content (adult content).


You have already lost. If you build walls around content you don't like,
your children _will_ find ways of accessing it some other way. Besides,
all younger children (younger than 12/14 years) I observed surfing the web
don't have any direct interest in nudity anyway. And if they stumble
upon such an image the reaction was eww, gross and a quick click on
the Back-button. And older children, after starting puberty, already
had several access methods for recreational pictures, mostly through
friends.



This are not my children, the filter is used for a school.

The filter is used for prevention. I am totally on your side, children 
at home need trust but in school the teacher can't look on all computers.


So I need a filter, the filter mustn't block all adult content, but when 
I block 70% of all the adult content this is better as nothing.



There is no way of protecting your children by technical means without
going down a rabbit hole of problems and inconveniences.

Educate them, supervise them. There is no other way.

By building a STOP sign in front of things you only heighten the
curiosity.

If your children are too young, they shouldn't use the Internet without
a parent (or other trusted person) present anyway.



In school the computer is getting more and more used.


If they are old enough, you have to learn to trust them and exersice
other disciplinary consequences if they do things they should not do.



As I said, in private usage I am totally on your said.


Grüße,
Sven.




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/55143c62.5010...@abwesend.de

Re: Redirect HTTPS with Squid3+Squidguard

2015-03-26 Thread Dan Purgert

On Thu, 26 Mar 2015 08:49:37 -0500, John Hasler wrote:

 Why don't you just get rid of the computers?

I tried that route one time ... got looked at like I had 7 heads for even 
suggesting that the kids go back to textbooks and paper.



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/mf1f4o$qp1$1...@ger.gmane.org

Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs

2015-03-26 Thread Bernard Schoenacker

Le Thu, 26 Mar 2015 18:33:07 +0100,
Bernardo bernardo.s...@siorat.net a écrit :

 Le 26/03/2015 17:46, Bernard Schoenacker a écrit :
  Le Thu, 26 Mar 2015 15:12:23 +0100, Bernardo
  bernardo.s...@siorat.net a écrit :
  
  bonjour,
  
  essaye de faire un rsync à travers ssh :
  
  http://archive.oreilly.com/pub/h/38
  
  slt bernard
  
 Ça fonctionne : 25 s pour le transfert...
 
 Mais qu'en conclure ? Quand ça ne passe pas par le gestionnaire de
 fichiers ça fonctionne, mais que si le gestionnaire est thunar ça
 rame ?
 

bonjour,

pour thunar essayes de voir ce qui est installé ?

je pense à gvfs xfce4-goodies  et autres :



 apt-cache search  thunar
thunar-dropbox-plugin - context-menu items from dropbox for Thunar
gtkhash-common - common files for gtkhash extensions
thunar-gtkhash - thunar extension for computing checksums and more
 using gtkhash libthunarx-2-0 - extension library for thunar
libthunarx-2-dev - Development files for libthunarx
thunar-data - Provides thunar documentation, icons and translations
thunar-dbg - debugging information for thunar
thunar-archive-plugin - Archive plugin for Thunar file manager
thunar-vcs-plugin - VCS plugin for Thunar file manager
xfce4-places-plugin - quick access to folders, documents and removable
 media thunar - Gestionnaire de fichiers pour Xfce
thunar-media-tags-plugin - greffon de gestion d'étiquettes de média
 pour le gestionnaire de fichiers Thunar thunar-volman - extension de
 Thunar pour la gestion des volumes xfce4-goodies - extensions pour
 l'environnement de bureau Xfce4

slt
bernard

-- 
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150326184635.053c38d0.bernard.schoenac...@free.fr

Re: Proxy en Google Earth

El Thu, 26 Mar 2015 14:29:09 -0300, Javier ArgentinaBBAR escribió:

 El día 26 de marzo de 2015, 14:18, Camaleón noela...@gmail.com
 escribió:
 El Thu, 26 Mar 2015 13:33:49 -0300, Javier ArgentinaBBAR escribió:

 (...)

 Por lo que la pregunta es:
 ¿Alguno sabe cómo configurar a googleearth para adicionarle en algún
 lugar las variables de proxy?
 La configuración del programa no tienen ninguna opción al respecto.

 He buscado en la red, y la solución que presentan es la de cargar
 variables de proxy al entorno de consola y ejecutarlo desde allí, cosa
 que ya tengo resuelta.

 (...)

 Prueba a configurar el proxy desde las opciones del entorno gráfico que
 uses (KDE).

 Ya está hecho, no funciona para googleearth, sí para todos los
 navegadores.

Si GE no respeta la variable de entorno de KDE, mal asunto... intenta 
añadir al comando que lanza el archivo .desktop la opción que te funciona 
cuando lo ejecutas desde línea de comandos, p. ej.:

env HTTP_PROXY=http://localhost:3128 /ruta/a/googleearth

Saludos,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/pan.2015.03.26.17.46...@gmail.com

Re: Redirect HTTPS with Squid3+Squidguard

 Hi.

On Thu, 26 Mar 2015 16:48:00 +0100
Peter Viskup skupko...@gmail.com wrote:

 Hello Reco,
 
 On Thu, Mar 26, 2015 at 4:13 PM, Reco recovery...@gmail.com wrote:
 
   Hi.
  And just as well child can see a naughty picture on TV. Or a phone ad.
  Or a magazine/newspaper. Anywhere, once you start thinking about it.
 
 
 And that's just sad, disturbingly and one of the main reasons of so many
 people facing porn addiction.

No. The only possibly depressing thing about it are the ones who abuse
basic human instincts to sell goods. Or rather the fact that said ones
do not face consequences of their actions. Whenever an arbitrary picture
is a 'porn' or not is in the eye of the beholder.


 Whatever damage is done depends on child's state of mind, which is
  influenced by his/her prior education. Which, for the most part, should
  be (IMO) provided by parents first, and society (friends, school,
  whatever) - second.
 
 
 First would recommend you to read something about the psychology of
 children.

I have two children, so I speak from my own experience with them. Now,
how many children do you have?


 And internet censorship is not a substitute of education. The only
  thing that censorship can teach is how to workaround it. Or that one's
  parents are complete insert_some_profanity_here. Is that how you want
  your children to perceive you?
 
 
 From this point of view all aspects of parenting are censorship. It's not
 about the government internet censorship - differentiate between parenting
 and freedom protection and well - I didn't tell the education is not needed.

No, this is there you've got it wrong. It's one thing if parent
explicitly forbids child to do something as it implies human
interaction. It's another thing if parent relies on some inanimate
object (say, Squid proxy server) to force an arbitrary restriction.

And forcing the child to accept surveillance or censorship in such
early age may cause an actual damage as in turn it may cause child to
accept surveillance or censorship (provided by government or
employer) as a normal thing in the future.

Of course, there're worse things that can be done with children, such as
introducing them to the social networks ;)


  Besides, what's up with this 15 years mark?
 
 
 Just as an example - no other meaning, everybody can choose its own number.
 ;-)

Last time they choose a number in China - they build The Great Chineese
Firewall for everyone.

Every time they choose a number on a Middle East - they usually ban
everything short of a couple of 'approved' sites.

Last time they choose a number in England they effectively banned 3/4
of Internet. Unless you opt out and mark yourself as a CP consumer, or
so I heard.

On a bright side of things, last time they choose a number in Russia -
a number had choosen them :)

So, careful with the numbers, as they carry power.


 My last sentence to this thread - read The Little Prince a lot and once
 you will understand what's all this about probably and then you will be
 ready for reading Citadelle. Yes - I know - too much pathetic for
 somebody...

Read first one about 20 years ago as a part of my school education
actually. I don't feel the need to re-read it yet.
I don't recall reading a second one though.

But, in return I'd like to recommend reading '1984' novel by George
Orwell.

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150326194704.0e5b8dcf4690b42a010a5...@gmail.com

Re: Proxy en Google Earth

El día 26 de marzo de 2015, 13:49, fernando sainz
fernandojose.sa...@gmail.com escribió:
El día 26 de marzo de 2015, 17:33, Javier ArgentinaBBAR
javier.debian.bb...@gmail.com escribió:
Buenas tardes a todos:

Éste es uno de esos tantos ejercicios para pensar que me regala
Debian día a día.

Tengo acceso a internet detrás de un proxy corporativo.
He adicionado a mi archivo ~/.bashrc las siguientes líneas:

#Exportando el Proxy CNTLM escuchando en puerto 3128.
export http_proxy=http://localhost:3128
export https_proxy=${http_proxy}
export ftp_proxy=${http_proxy}

para que acceda al proxy que es controlado a su vez por CNTLM.
A resultas de esto, tengo
$ env|grep prox
http_proxy=http://localhost:3128
ftp_proxy=http://localhost:3128
https_proxy=http://localhost:3128

Todo anda muy bien... hasta que no anda alguna cosa.

Si desde una consola en escritorio gráfico ejecuto la orden
$ googleearth
el programa inicia sin problemas.

Ahora bien, si a googleearth lo invoco desde el menú desplegable o del
inicio rápido (Alt+F2), no accede al proxy, a pesar que las variables
del sistema KDE apuntan al servidor CNTLM.
Todo otro programa que usa internet, hasta ahora funciona sin inconvenientes.

CREO que el problema es que, invocando a googleearth por el menú, hace
que no lea las variables de proxy, las cuales sí son leídas cuando es
a través de consola gráfica.

Por lo que la pregunta es:
¿Alguno sabe cómo configurar a googleearth para adicionarle en algún
lugar las variables de proxy?
La configuración del programa no tienen ninguna opción al respecto.

He buscado en la red, y la solución que presentan es la de cargar
variables de proxy al entorno de consola y ejecutarlo desde allí, cosa
que ya tengo resuelta.

Muchas gracias

JAP

El proxy eres tu mismo? localhost ?

Si exportas una variable en el .bashrc solo es visible desde donde se
ejecuta ese script,
antiguamente para que una variable afectara a los entornos gráficos se
exportaba en el /etc/environment

S2.

Fernando:
Lo bueno de los viejos es que nos acordamos de las cosas que se hacían
a pulmón

He creado un archivo /etc/environment, sobre el que he cargado las
siguientes líneas:

# /etc/environment
# Variables de entorno disponible para todos los usuarios

#Exportando el Proxy CNTLM escuchando en puerto 3128.
export http_proxy=http://localhost:3128
export https_proxy=${http_proxy}
export ftp_proxy=${http_proxy}

Y la cosa funciona de perlas.
GoogleEarth ahora no tiene inconvenientes para funcionar, no importa
de dónde se lo invoque.

Me sirvió mucho esta página:
https://help.ubuntu.com/community/EnvironmentVariables
específicamente la parte que dice

System-wide environment variables
A suitable file for environment variable settings that affect the
system as a whole (rather than just a particular user)
is/etc/environment. An alternative is to create a file for the purpose
in the /etc/profile.d directory.
/etc/environment
This file is specifically meant for system-wide environment variable
settings. It is not a script file, but rather consists of assignment
expressions, one per line.

Muchas gracias.

JAP

P.D.: No sé cómo agregarle SOLUCIONADO al Asunto desde el cliente
web de GMail.

--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/CAG0od5dZ3_KP=_4jqodmhp8rha6i3trupphfp1yp17oxpko...@mail.gmail.com

Re: Proxy en Google Earth

2015-03-26 Thread Manolo Díaz

El jueves, 26 mar 2015, a las 17:33 UTC+1 horas,
Javier ArgentinaBBAR escribió:

Buenas tardes a todos:

Éste es uno de esos tantos ejercicios para pensar que me regala
Debian día a día.

Tengo acceso a internet detrás de un proxy corporativo.
He adicionado a mi archivo ~/.bashrc las siguientes líneas:

#Exportando el Proxy CNTLM escuchando en puerto 3128.
export http_proxy=http://localhost:3128
export https_proxy=${http_proxy}
export ftp_proxy=${http_proxy}

para que acceda al proxy que es controlado a su vez por CNTLM.
A resultas de esto, tengo
$ env|grep prox
http_proxy=http://localhost:3128
ftp_proxy=http://localhost:3128
https_proxy=http://localhost:3128

Todo anda muy bien... hasta que no anda alguna cosa.

Si desde una consola en escritorio gráfico ejecuto la orden
$ googleearth
el programa inicia sin problemas.

Ahora bien, si a googleearth lo invoco desde el menú desplegable o del
inicio rápido (Alt+F2), no accede al proxy, a pesar que las variables
del sistema KDE apuntan al servidor CNTLM.
Todo otro programa que usa internet, hasta ahora funciona sin inconvenientes.

.bashrc es leído por bash cuando inicia un intérprete _interactivo_,
así que dudo que KDE lo lea. Consulta el manual de bash en lo referente
a profile para ver dónde puedes colocar esas variables de ambiente para
que sea accesible a toda la sesión de usuario sin fastidiar a bash.

Saludos.
-- 
Manolo Díaz


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150326175053.62574...@gmail.com

Re: Proxy en Google Earth

2015-03-26 Thread fernando sainz

El día 26 de marzo de 2015, 18:05, Javier ArgentinaBBAR
javier.debian.bb...@gmail.com escribió:
 El día 26 de marzo de 2015, 13:49, fernando sainz
 fernandojose.sa...@gmail.com escribió:
 El día 26 de marzo de 2015, 17:33, Javier ArgentinaBBAR


 El proxy eres tu mismo? localhost ?
 Sí, porque la autenticación la maneja http://cntlm.sourceforge.net/
 Me ahorra dolores de cabeza.

 Si exportas una variable en el .bashrc solo es visible desde donde se
 ejecuta ese script,
 antiguamente para que una variable afectara a los entornos gráficos se
 exportaba en el /etc/environment
 Ése es el problema. No sé dónde meter una configuración de proxy que
 afecte a programas de entorno gráfico cuyo origen no estén integrados
 al escritorio, como este caso KDE.


 S2.

Como te digo, en mis tiempos eso se hacía en el

  /etc/environment

Prueba a exportar ahí las variables y reiniciar el escritorio.

S2.


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAGw=rhia3ae_qwddp-9wqcrmrbgpwouwrn_tbxzobhwbu1h...@mail.gmail.com

Re: Proxy en Google Earth

2015-03-26 Thread fernando sainz

El día 26 de marzo de 2015, 17:33, Javier ArgentinaBBAR
javier.debian.bb...@gmail.com escribió:
Buenas tardes a todos:

Éste es uno de esos tantos ejercicios para pensar que me regala
Debian día a día.

Tengo acceso a internet detrás de un proxy corporativo.
He adicionado a mi archivo ~/.bashrc las siguientes líneas:

#Exportando el Proxy CNTLM escuchando en puerto 3128.
export http_proxy=http://localhost:3128
export https_proxy=${http_proxy}
export ftp_proxy=${http_proxy}

Todo anda muy bien... hasta que no anda alguna cosa.

Si desde una consola en escritorio gráfico ejecuto la orden
$ googleearth
el programa inicia sin problemas.

CREO que el problema es que, invocando a googleearth por el menú, hace
que no lea las variables de proxy, las cuales sí son leídas cuando es
a través de consola gráfica.

Por lo que la pregunta es:
¿Alguno sabe cómo configurar a googleearth para adicionarle en algún
lugar las variables de proxy?
La configuración del programa no tienen ninguna opción al respecto.

He buscado en la red, y la solución que presentan es la de cargar
variables de proxy al entorno de consola y ejecutarlo desde allí, cosa
que ya tengo resuelta.

Muchas gracias

JAP

El proxy eres tu mismo? localhost ?

Si exportas una variable en el .bashrc solo es visible desde donde se
ejecuta ese script,
antiguamente para que una variable afectara a los entornos gráficos se
exportaba en el /etc/environment

S2.

--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/CAGw=rhgj-2rk0izskny-gacl8ar5uvis-y45wffhmrayojq...@mail.gmail.com

Re: Proxy en Google Earth

El día 26 de marzo de 2015, 13:49, fernando sainz
fernandojose.sa...@gmail.com escribió:
 El día 26 de marzo de 2015, 17:33, Javier ArgentinaBBAR


 El proxy eres tu mismo? localhost ?
Sí, porque la autenticación la maneja http://cntlm.sourceforge.net/
Me ahorra dolores de cabeza.

 Si exportas una variable en el .bashrc solo es visible desde donde se
 ejecuta ese script,
 antiguamente para que una variable afectara a los entornos gráficos se
 exportaba en el /etc/environment
Ése es el problema. No sé dónde meter una configuración de proxy que
afecte a programas de entorno gráfico cuyo origen no estén integrados
al escritorio, como este caso KDE.


 S2.


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAG0od5cqgPyXAS4Sqc44H3ncR98PviWF929=qod2rkm2kgt...@mail.gmail.com

Re: Proxy en Google Earth

2015-03-26 Thread fernando sainz

El día 26 de marzo de 2015, 18:12, fernando sainz
fernandojose.sa...@gmail.com escribió:
 El día 26 de marzo de 2015, 18:05, Javier ArgentinaBBAR
 javier.debian.bb...@gmail.com escribió:
 El día 26 de marzo de 2015, 13:49, fernando sainz
 fernandojose.sa...@gmail.com escribió:
 El día 26 de marzo de 2015, 17:33, Javier ArgentinaBBAR


 El proxy eres tu mismo? localhost ?
 Sí, porque la autenticación la maneja http://cntlm.sourceforge.net/
 Me ahorra dolores de cabeza.

 Si exportas una variable en el .bashrc solo es visible desde donde se
 ejecuta ese script,
 antiguamente para que una variable afectara a los entornos gráficos se
 exportaba en el /etc/environment
 Ése es el problema. No sé dónde meter una configuración de proxy que
 afecte a programas de entorno gráfico cuyo origen no estén integrados
 al escritorio, como este caso KDE.


 S2.

 Como te digo, en mis tiempos eso se hacía en el

   /etc/environment

 Prueba a exportar ahí las variables y reiniciar el escritorio.

 S2.

Perdón pero la sintaxis no es export variable en este fichero, es simplemente:

   http_proxy=http://localhost:3128


S2.


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAGw=rHjVQFBYvmRHEZ+UryJY7HD=bxkpn3btad5jcva0kdv...@mail.gmail.com

Proxy en Google Earth

Buenas tardes a todos:

Éste es uno de esos tantos ejercicios para pensar que me regala
Debian día a día.

Tengo acceso a internet detrás de un proxy corporativo.
He adicionado a mi archivo ~/.bashrc las siguientes líneas:

#Exportando el Proxy CNTLM escuchando en puerto 3128.
export http_proxy=http://localhost:3128
export https_proxy=${http_proxy}
export ftp_proxy=${http_proxy}

Todo anda muy bien... hasta que no anda alguna cosa.

Si desde una consola en escritorio gráfico ejecuto la orden
$ googleearth
el programa inicia sin problemas.

CREO que el problema es que, invocando a googleearth por el menú, hace
que no lea las variables de proxy, las cuales sí son leídas cuando es
a través de consola gráfica.

Por lo que la pregunta es:
¿Alguno sabe cómo configurar a googleearth para adicionarle en algún
lugar las variables de proxy?
La configuración del programa no tienen ninguna opción al respecto.

He buscado en la red, y la solución que presentan es la de cargar
variables de proxy al entorno de consola y ejecutarlo desde allí, cosa
que ya tengo resuelta.

Muchas gracias

JAP

--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/CAG0od5cqdBic=BjyWgiBvhepfgR=9zvF6=zuhodxcdan+du...@mail.gmail.com

Re: Redirect HTTPS with Squid3+Squidguard

Michael I. linux-michae...@abwesend.de wrote:

 This are not my children, the filter is used for a school.

Aha, important information.

Do not proceed any further with breaking encrypted connections or, for
the matter, transparently proxiing _any_ connections until you had a
talk with a) the Justitiar and b) the Datenschutz- und
Datensicherheitsbeauftragten responsible for your school. 

You may already be in trouble if you did not announce what you are
doing. You really really need to talk to those two people before taking
any further steps.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/14bg43uqro...@mids.svenhartge.de

Re: Proxy en Google Earth

El día 26 de marzo de 2015, 14:18, Camaleón noela...@gmail.com escribió:
 El Thu, 26 Mar 2015 13:33:49 -0300, Javier ArgentinaBBAR escribió:

 (...)

 Por lo que la pregunta es:
 ¿Alguno sabe cómo configurar a googleearth para adicionarle en algún
 lugar las variables de proxy?
 La configuración del programa no tienen ninguna opción al respecto.

 He buscado en la red, y la solución que presentan es la de cargar
 variables de proxy al entorno de consola y ejecutarlo desde allí, cosa
 que ya tengo resuelta.

 (...)

 Prueba a configurar el proxy desde las opciones del entorno gráfico que
 uses (KDE).

 Saludos,

 --
 Camaleón


Ya está hecho, no funciona para googleearth, sí para todos los navegadores.


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAG0od5eTNp=to-2gzcmdmbsd+05dzyzclww-hddje2ocqb-...@mail.gmail.com

Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs

2015-03-26 Thread Bernard Schoenacker

Le Thu, 26 Mar 2015 15:12:23 +0100,
Bernardo bernardo.s...@siorat.net a écrit :

 Le 26/03/2015 14:17, Raphaël POITEVIN a écrit :
  Bonjour, Bernardo bernardo.s...@siorat.net writes:
  - si je transfère le même fichier par sftp vers la machine
  distante, ça dure moins de 5 secondes !
  
  c’est-à-dire, que fais-tu ?
 
 je tape une commande : sftp monlo...@machine.tld:/repdist monfichier
 
 J'ai aussi essayé, sur le conseil de Bernard avec filezilla, toujours
 en sftp bien sûr, et ça fonctionne correctement.
 
 À noter pour l'histoire que tous les clients ne sont pas pareils :
 gftp met aussi 15 min pour transférer le fichier...
 
  
  Si tu fais un cp ça réagit comment ?
  
 le fichier passe en une grosse minute
 

bonjour,

essaye de faire un rsync à travers ssh :

http://archive.oreilly.com/pub/h/38

slt
bernard

-- 
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150326174631.556d37da.bernard.schoenac...@free.fr

Re: Redirect HTTPS with Squid3+Squidguard


Hello,

for private usage I am think a filter isn't good, children need trust 
and a filter is the opposite of trust.


But in usage for a school I think a filter is better, a teacher can't 
look on all computers. The kids are trying out thinks in school which is 
good but when nobody is there to explain the things that they are see, 
this isn't good. My target isn't to block all adult content, but when I 
block 60% of all adult content this is still better as nothing.


Greetings,
Michael

Reco recovery...@gmail.com wrote:

  Hi.

On Thu, 26 Mar 2015 16:48:00 +0100
Peter Viskup skupko...@gmail.com wrote:


Hello Reco,

On Thu, Mar 26, 2015 at 4:13 PM, Reco recovery...@gmail.com wrote:


  Hi.
And just as well child can see a naughty picture on TV. Or a phone ad.
Or a magazine/newspaper. Anywhere, once you start thinking about it.



And that's just sad, disturbingly and one of the main reasons of so many
people facing porn addiction.


No. The only possibly depressing thing about it are the ones who abuse
basic human instincts to sell goods. Or rather the fact that said ones
do not face consequences of their actions. Whenever an arbitrary picture
is a 'porn' or not is in the eye of the beholder.



Whatever damage is done depends on child's state of mind, which is

influenced by his/her prior education. Which, for the most part, should
be (IMO) provided by parents first, and society (friends, school,
whatever) - second.



First would recommend you to read something about the psychology of
children.


I have two children, so I speak from my own experience with them. Now,
how many children do you have?



And internet censorship is not a substitute of education. The only

thing that censorship can teach is how to workaround it. Or that one's
parents are complete insert_some_profanity_here. Is that how you want
your children to perceive you?



 From this point of view all aspects of parenting are censorship. It's not
about the government internet censorship - differentiate between parenting
and freedom protection and well - I didn't tell the education is not needed.


No, this is there you've got it wrong. It's one thing if parent
explicitly forbids child to do something as it implies human
interaction. It's another thing if parent relies on some inanimate
object (say, Squid proxy server) to force an arbitrary restriction.

And forcing the child to accept surveillance or censorship in such
early age may cause an actual damage as in turn it may cause child to
accept surveillance or censorship (provided by government or
employer) as a normal thing in the future.

Of course, there're worse things that can be done with children, such as
introducing them to the social networks ;)



Besides, what's up with this 15 years mark?



Just as an example - no other meaning, everybody can choose its own number.
;-)


Last time they choose a number in China - they build The Great Chineese
Firewall for everyone.

Every time they choose a number on a Middle East - they usually ban
everything short of a couple of 'approved' sites.

Last time they choose a number in England they effectively banned 3/4
of Internet. Unless you opt out and mark yourself as a CP consumer, or
so I heard.

On a bright side of things, last time they choose a number in Russia -
a number had choosen them :)

So, careful with the numbers, as they carry power.



My last sentence to this thread - read The Little Prince a lot and once
you will understand what's all this about probably and then you will be
ready for reading Citadelle. Yes - I know - too much pathetic for
somebody...


Read first one about 20 years ago as a part of my school education
actually. I don't feel the need to re-read it yet.
I don't recall reading a second one though.

But, in return I'd like to recommend reading '1984' novel by George
Orwell.

Reco





--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/55143f60.3060...@abwesend.de

Re: Proxy en Google Earth

El Thu, 26 Mar 2015 13:33:49 -0300, Javier ArgentinaBBAR escribió:

(...)

 Por lo que la pregunta es:
 ¿Alguno sabe cómo configurar a googleearth para adicionarle en algún
 lugar las variables de proxy?
 La configuración del programa no tienen ninguna opción al respecto.
 
 He buscado en la red, y la solución que presentan es la de cargar
 variables de proxy al entorno de consola y ejecutarlo desde allí, cosa
 que ya tengo resuelta.

(...)

Prueba a configurar el proxy desde las opciones del entorno gráfico que 
uses (KDE).

Saludos,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/pan.2015.03.26.17.18...@gmail.com

Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs

2015-03-26 Thread Bernardo

Le 26/03/2015 17:46, Bernard Schoenacker a écrit :
 Le Thu, 26 Mar 2015 15:12:23 +0100, Bernardo bernardo.s...@siorat.net a
 écrit :
 
 bonjour,
 
 essaye de faire un rsync à travers ssh :
 
 http://archive.oreilly.com/pub/h/38
 
 slt bernard
 
Ça fonctionne : 25 s pour le transfert...

Mais qu'en conclure ? Quand ça ne passe pas par le gestionnaire de fichiers ça
fonctionne, mais que si le gestionnaire est thunar ça rame ?

-- 
Cordialement,
Bernardo.

Cet après-midi, j'ai décadé ferme. En faisant du  sténopé avec du papier
baryté comme surface sensible.
On fait un concours de décadence?
-+- Jean-Marc, sur fr.rec.photo -+-

--
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: https://lists.debian.org/551442d3.9090...@siorat.net

Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs

2015-03-26 Thread Johnny B


Salut à tous,

La question qu'il faut se poser c'est le type de cipher, la compression 
built-in du serveur ssh etc forcement liés au travail du CPU.


Il faudrait voir certaines RFC et ce qu'il y a dans le coeur des moteurs 
graphiques (poser la question sur les forums de ces projets peut-etre ?)


Par exemple, un tar over ssh ou rsync est plus performant qu'un 
transfert sftp (dans mes environnements de dev)


J'ai eu ces questionnements dans des environnements pro c'est plutot ces 
points qu'il faut explorer


@+

On 03/26/2015 06:33 PM, Bernardo wrote:

Le 26/03/2015 17:46, Bernard Schoenacker a écrit :

Le Thu, 26 Mar 2015 15:12:23 +0100, Bernardo bernardo.s...@siorat.net a
écrit :

bonjour,

essaye de faire un rsync à travers ssh :

http://archive.oreilly.com/pub/h/38

slt bernard


Ça fonctionne : 25 s pour le transfert...

Mais qu'en conclure ? Quand ça ne passe pas par le gestionnaire de fichiers ça
fonctionne, mais que si le gestionnaire est thunar ça rame ?



--
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: https://lists.debian.org/5514450b.9070...@gmail.com

Re: contribution possible ?

2015-03-26 Thread moi-meme

Le Thu, 26 Mar 2015 13:20:01 +0100, Charles Plessy a écrit :

 Je ne suis pas nouvel utilisateur de Debian mais je ne suis pas non
 plus un débutant. Là où je pourrais sans doute apporter pierre à
 l'édifice, ce serait au niveau des traductions.
 [...]
 A qui dois-je m'adresser et quand commencer ?

moi ce ne serait pas pour traduire mais aider à mettre à jour un paquet 
qui n'a plus de contributeur (lyx date de 2012).

Pas de trouvaille cohérente sur le canard.

Surtout comment faire pour voir si c'est de mon niveau.

-- 
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: https://lists.debian.org/551441e1$0$3009$426a7...@news.free.fr

Re: Redirect HTTPS with Squid3+Squidguard

2015-03-26 Thread Michael Graham

On 26 March 2015 at 14:18, Reco recovery...@gmail.com wrote:
 Then it's even worse that I thought. I don't know about Germany, but
 where I live tampering with public communications is considered a
 criminal offense. I strongly suggest you to seek a legal advice before
 doing anything like SSL bump.

Just out of curiosity where do you live?  As MITM proxies in school/business
seem to be pretty common in the US and the UK.

Cheers,
-- 
Michael Graham ooberm...@gmail.com


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/cac2svhxmebn0utn0h+nv2xw4ad5t4mr-6qovlv4aes7wyqs...@mail.gmail.com

Planning a new Debian box!

2015-03-26 Thread Bob Bernstein

Shortly I will become the owner of a refurbished Dell 
with Win7 already on its 160g sata hard drive.


I have no need or use for a multi-OS multi-boot 
machine. I only want wheezy on this for now.


Question: can I entrust to the Debian installer the 
task of repartitioning and formatting the HD with all 
that Windoze cruft already on it?


Or, are there steps I ought to take prior to launching 
the installer, perhaps involving other disk tools? I 
don't trust what M$ puts on hard drives!


TIA Debian peeps!

--
These are not the droids you are looking for.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: 
https://lists.debian.org/alpine.NEB.2.20.3.1503261546260.13675@cbbonu.ybpnyqbznva

Re: Planning a new Debian box!

2015-03-26 Thread Magnus Svensson

Yes, all tools you need to formatting is included in the iso.

/M
On 26 Mar 2015 21:03, Bob Bernstein poo...@ruptured-duck.com wrote:

 Shortly I will become the owner of a refurbished Dell with Win7 already on
 its 160g sata hard drive.

 I have no need or use for a multi-OS multi-boot machine. I only want
 wheezy on this for now.

 Question: can I entrust to the Debian installer the task of repartitioning
 and formatting the HD with all that Windoze cruft already on it?

 Or, are there steps I ought to take prior to launching the installer,
 perhaps involving other disk tools? I don't trust what M$ puts on hard
 drives!

 TIA Debian peeps!

 --
 These are not the droids you are looking for.


 --
 To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a
 subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
 Archive: https://lists.debian.org/alpine.NEB.2.20.3.
 1503261546260.13675@cbbonu.ybpnyqbznva

Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs

2015-03-26 Thread Christophe


Hello,

Le 26/03/2015 12:15, Bernardo a écrit :

Bonjour,

je suis en Debian Sid à jour, avec Xfce.

Je monte un répertoire d'une machine distante avec sshfs et fuse.


sshfs monlo...@sshfs.machine.tld:/repdist /point de montage -o idmap=user -o 
uid=1000 -o gid=1000



Il apparait bien dans la liste des périphériques dans le gestionnaire de
fichier Thunar.

Le problème :

- si je fais un glisser/déposer d'un fichier de 15 Mo vers ce périphérique, le
transfert va durer environ 15 min !

- si je transfère le même fichier par sftp vers la machine distante, ça dure
moins de 5 secondes !

En gros : en graphique, ça rame, en console, ça passe.



Sans aucune certitude, mais est-ce que tu peux tester avec l'outil 
Gigolo pour effectuer ton montage SSH/SFTP ? (me semble t'il qu'il a été 
spécialement prévu pour XFCE/Thunar)


J'effectue quotidiennement des transferts de fichiers via SSH avec et je 
suis pleine bourre sur le débit.


@+
Christophe.

--
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: https://lists.debian.org/55146147.5090...@stuxnet.org

Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs

2015-03-26 Thread Christophe


Hello,

Le 26/03/2015 20:22, Erwan David a écrit :

Il est possible de faire du ssh sans chiffrement (juste pour
l'authentification, multiplexage, etc) Mais il faut recompiler client et
serveur pour ajouter le cipher NONE.


Ça perd pas un peu de son intérêt du coup ?

@+
Christophe.

--
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: https://lists.debian.org/55146151.50...@stuxnet.org

Re: Redirect HTTPS with Squid3+Squidguard

2015-03-26 Thread rogerk


On 3/26/15 12:42 PM, Michael Graham wrote:

On 26 March 2015 at 14:18, Reco recovery...@gmail.com wrote:

Then it's even worse that I thought. I don't know about Germany, but
where I live tampering with public communications is considered a
criminal offense. I strongly suggest you to seek a legal advice before
doing anything like SSL bump.

Just out of curiosity where do you live?  As MITM proxies in school/business
seem to be pretty common in the US and the UK.



I bet your proxy firewall does it too.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5514618b.2070...@queernet.org

Re: Debian et autonomie...

2015-03-26 Thread Grégory Reinbold


Bonjour,

6h30 d'autonomie, oui, mais dans quelle condition ? Avec quelle OS ? 
Quel type de profil de gestion d'énergie, etc..., etc...


Après il faut aussi voir les réglages (possibles ?) dans le bios.
Pour mon Thinkpad X201 j'ai des paramètres pour la gestion de l'énergie 
sur batterie ou secteur dans le bios, c'est utile pour définir des 
règles simples d'économie d'énergie.


Ensuite, étant un adepte d'Openbox et XFCE, je recommande ce genre 
d'environnement ultra léger pour une économie d'énergie maximale. (+ 
désactiver le compositer)


Enfin, comme il a été cité plutôt il faut aussi voir ce qui tourne comme 
services et démons sur ta machine. Voir ce qui est utile ou pas.


Éventuellement désactiver des périphériques pas toujours utiles comme 
les adaptateurs bluetooth et wifi.


Personnellement sans wifi, bluetooth et les services minimum je peux 
travailler sur batterie environ 3 heures sur un portable qui a déjà 
quelques années.


Les applications telles que Icedove ou Evolution consomment pas mal 
d'énergie ne serait-ce que pour, par exemple, mettre à jour les boîtes 
mail et flux rss tous les x minutes. (Préférer mutt et newsbeuter avec 
une synchro manuelle peut-être ?)


Les gros navigateurs tels que Icedove, Opera, Chrome  Co sont 
gourmands aussi, par exemple avec du java, flash  co... (Pour des 
recherches sur duckduckgo.com, préférer w3m peut-être ?)


Toutes les pistes sont bonnes à explorer, mais en soit Debian est un OS 
très peu gourmand en ressources (certainement moins gourmand qu'une 
solution Microsoft). Mais encore une fois tout dépend de l'environnement 
et des applications utilisés...


Pour finir je dirais qu'une autonomie de 2-3 heures avec du VLC qui lit 
de la vidéo durant tout ce temps, ça me paraît assez raisonnable.


Salutations

Grégory Reinbold



Le 26/03/2015 18:16, Olivier a écrit :

Il aurait été intéressant de mesurer l'autonomie réelle du PC, dans
des conditions analogues, avec son OS d'origine.
Elle est peut-être très comparable.

Il existe peut-être des logiciels multi-plateformes spécialisés sur la
mesure de l'autonomie.
Cela faciliterai les comparaisons.



Le 23 mars 2015 14:16, David BERCOT deb...@bercot.org a écrit :

Bonjour,

J'ai récemment changé d'ordinateur portable et, sur la fiche de
celui-ci, l'autonomie annoncée était d'environ 6h30.
Sitôt reçu, j'ai supprimé le système installé pour y mettre Debian.

Or, mes premiers essais montrent une autonomie tournant plutôt aux
alentours de 2h... Certes, avec VLC pour regarder des vidéos, mais avec
le wifi désactivé.

Maintenant, il me manque peut-être certains choix qui pourraient
augmenter mon autonomie. Auriez-vous des idées ?
Ou alors, de process particuliers que je devrais supprimer quand mon
portable n'est pas branché sur secteur...

Tant que j'y suis, j'ai un comportement bizarre avec VLC (mais c'est la
même chose avec Totem) : mes vidéos (HD ou pas) sont saccadées...
Or, je suis passé d'une ancienne génération de Core i7 à un tout
nouveau Core i5 Broadcom... C'est ma carte Intel qui fait le travail
car j'ai des soucis avec l'AMD...

Bref, merci d'avance pour les pistes à explorer...

David.

--
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: https://lists.debian.org/20150323141638.673a8bab@debian-david



--
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: https://lists.debian.org/5514665c.7020...@nosheep.fr

Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs

2015-03-26 Thread maderios


On 03/26/2015 12:15 PM, Bernardo wrote:


Je monte un répertoire d'une machine distante avec sshfs et fuse.


sshfs monlo...@sshfs.machine.tld:/repdist /point de montage -o idmap=user -o 
uid=1000 -o gid=1000



- si je fais un glisser/déposer d'un fichier de 15 Mo vers ce périphérique, le
transfert va durer environ 15 min !

Bonjour
Normal que cela prenne plus de temps, sshfs crypte les données et c'est 
même pour cela qu'on l'utilise.

NFS est plus rapide.

--
Maderios

--
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: https://lists.debian.org/55145a62.1010...@gmail.com

Re: Why no security update of apache2 concerning SSLv3?

2015-03-26 Thread Vincent Lefevre

On 2015-03-20 12:13:12 -0400, Gene Heskett wrote:
 On Friday 20 March 2015 08:45:13 Vincent Lefevre wrote:
  No, it is not commented out. ./etc/apache2/mods-available/ssl.conf
  in apache2.2-common_2.2.22-13+deb7u4_amd64.deb contains:
^^
 
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
 
 Call me confused.  And I do run my own web page from this machine.  URL 
 in sig.
 
 First, there is no ~./etc/apache2/mods-available/ssl.conf, but there is a
 /etc/apache2/mods-available/ssl.conf

I was mentioning the file in the .deb package. It is

  ./etc/apache2/mods-available/ssl.conf

(no tilde). But since it is normally installed as relative to /
you obtain: /etc/apache2/mods-available/ssl.conf

-- 
Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/
100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150326162102.ga23...@ypig.lip.ens-lyon.fr

Re: ayuda: Por erro formatee home

2015-03-26 Thread Manolo Díaz

El jueves, 26 mar 2015, a las 19:45 UTC+1 horas,
Carlos Carcamo escribió:

Saludos, necesito ayuda urgente :/

Ahora sin querer instale una nueva distro y queria compartir el /home,
una vez lo hice y fue facil, pero ahora no se que paso y manjaro me
formateo la particion /home borrandome mi carpeta de usuario de
debian, a pesar que le puse un usuario diferente a manjaro, creo que
fue por seleccionar el punto de montaje en /home a la hora de
particionar e instalar.

En fin ahora perdi mis datos, ya no puedo iniciar session en debian
con mi usuario, que puedo hacer? puedo recuperar los datos? o al menos
puedo montar el nuevo /home y crear la carpeta para que debian
configure de nuevo mi cuenta de usuario?

saludos y gracias de antemano.


Compartir /home puede que no sea una buena idea. Ahí van también los
ficheros de configuración para cada usuario de las aplicaciones. A
veces esos ficheros cambian con la versión de la aplicación, y
empiezan los problemas.

Si no has cambiado nada en Debian, la partición seguirá montándose.
Solo necesitas crear (tendrás que usar root) la carpeta home de usuario
y poner a este como su propietario.

Saludos.
-- 
Manolo Díaz


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150326195845.05a2c...@gmail.com

Re: ayuda: Por erro formatee home

2015-03-26 Thread Manolo Díaz

El jueves, 26 mar 2015, a las 19:58 UTC+1 horas,
Manolo Díaz escribió:

Solo necesitas crear (tendrás que usar root) la carpeta home de usuario
y poner a este como su propietario.

Bueno, y copiar los ficheros de /etc/skel/ como si se creara un nuevo
usuario. Son ficheros ocultos: comienzan por punto.

Si vas a intentar la recuperación de datos, no hagas nada de esto y
sigue los consejos de Gonzalo.

-- 
Manolo Díaz


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150326201157.7fdc3...@gmail.com

ayuda: Por erro formatee home

2015-03-26 Thread Carlos Carcamo

Saludos, necesito ayuda urgente :/

Ahora sin querer instale una nueva distro y queria compartir el /home,
una vez lo hice y fue facil, pero ahora no se que paso y manjaro me
formateo la particion /home borrandome mi carpeta de usuario de
debian, a pesar que le puse un usuario diferente a manjaro, creo que
fue por seleccionar el punto de montaje en /home a la hora de
particionar e instalar.

En fin ahora perdi mis datos, ya no puedo iniciar session en debian
con mi usuario, que puedo hacer? puedo recuperar los datos? o al menos
puedo montar el nuevo /home y crear la carpeta para que debian
configure de nuevo mi cuenta de usuario?

saludos y gracias de antemano.

-- 
El desarrollo no es material es un estado de conciencia mental


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/cadptsta8npf-uha7qcu+z5w3xyz4q0qqlbwe8rzez+hjmez...@mail.gmail.com

Re: ayuda: Por erro formatee home

2015-03-26 Thread Gonzalo Rivero

El 26 de marzo de 2015, 15:45, Carlos Carcamo eazyd...@gmail.com escribió:

 Saludos, necesito ayuda urgente :/

 Ahora sin querer instale una nueva distro y queria compartir el /home,
 una vez lo hice y fue facil, pero ahora no se que paso y manjaro me
 formateo la particion /home borrandome mi carpeta de usuario de
 debian, a pesar que le puse un usuario diferente a manjaro, creo que
 fue por seleccionar el punto de montaje en /home a la hora de
 particionar e instalar.

 En fin ahora perdi mis datos, ya no puedo iniciar session en debian
 con mi usuario, que puedo hacer? puedo recuperar los datos? o al menos
 puedo montar el nuevo /home y crear la carpeta para que debian
 configure de nuevo mi cuenta de usuario?

antes de seguir rompiendo cosas
dd if=/dev/particion rota of=/ruta/a/otro/disco/que/tendra/la/imagen

photorec (o testdisk, siempre los confundo) y trabajar sobre esa copia

 saludos y gracias de antemano.

 --
 El desarrollo no es material es un estado de conciencia mental



-- 
enviado desde el webmail de gmail sin hacer top-posting y en texto
plano. Porque puedo. (O eso creo :þ)


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/capqjqdtw_nbk7rcdxrwgaa4gxqbdhkel5je+vbnrlj5vpri...@mail.gmail.com

Re: Redirect HTTPS with Squid3+Squidguard

Michael Graham wrote:
 Reco wrote:
  Ow. Exactly which kind of consumer-grade hardware comes with SSL bump
  preinstalled? That's very interesting to me as I like know which
  hardware to avoid in the future.
 
 It's way more common than you seem to think. CERT recently did a blog post
 about it and it contains a list of both hardware vendors (like Bloxx and
 bluecoat) as well as commercial and free software.
 
 http://www.cert.org/blogs/certcc/post.cfm?EntryID=221
 
 Basically if you're selling a web filter or similar security device, you
 let admins bump SSL.

There are certainly many products that one can buy that do SSL
inspection.  No one is saying otherwise.  That wasn't the question.
But are any of those commonly used consumer devices?

If someone walks into Fries or Best Buy and spends less than $100 for
a home firewall router such as a Linksys, Netgear, D-Link then I doubt
it is going to crack open SSL.  I doubt they do because doing so would
require additional CAs to be installed on user's tablets and other
systems downstream and that requires too much support and
hand-holding.

Most users would be immediately confused, would consider the device
broken, would return it without ever knowing that were making the
right decision of avoiding it but without ever understanding the
details.  Therefore consumer devices aren't going to go there.

 Given how easy it is for those same admins to push the fake SSL CAs out
 over active directory group policy it's pretty much transparent to most
 naive users who don't understand the difference between https and http
 never mind trying to explain a MITM proxy with a fake root CA!

Agreed in the corporate environments.  They have control over the
users equipment.  They often require and issue employees with company
laptops.  For that type of environment they can do anything.

The warning is clear.  Don't use your company laptop for your non-work
anything.  It isn't secure.  Use your own computer, laptop, tablet,
phone for your banking and anything that needs security.

Bob


signature.asc
Description: Digital signature

Re: Planning a new Debian box!

2015-03-26 Thread David Christensen


On 03/26/2015 04:38 PM, Patrick Bartek wrote:

Shortly I will become the owner of a refurbished Dell
with Win7 already on its 160g sata hard drive.
I have no need or use for a multi-OS multi-boot
machine. I only want wheezy on this for now.


I hated dual-boot -- getting it working was painful enough.  But 
constantly rebooting and switching OS's to get something useful done was 
a PITA.  Hot-swap bays and multiple drives eliminates the first problem 
(and simplifies imaging, backups, restores, and other administrative 
chores; I recommend it).  Multiple computers with one O/S each is best.



On Thu, 26 Mar 2015, Bob Bernstein wrote:

Make a Restore disk of W7 anyway.  Get the codes, etc.  You never know:
You may need to put W7 back on it.


+1 -- photograph the COA sticker, write down the code, create an 
archival copy of the installation disc, verify the copy boots, and store 
copies off-site.



On 03/26/2015 04:38 PM, Patrick Bartek wrote:

Or, are there steps I ought to take prior to launching
the installer,


Write down all the BIOS settings.


Take a binary image of the raw HDD and store a copy off-site.


Buy a power supply tester and test the power supply.


Download memtest86+, burn it to media, and run it for 24 hours:

http://www.memtest.org/


Download your disk drive manufacturer's diagnostic tool set, burn it to 
media, and run all available tests.  For example:


http://www.seagate.com/support/downloads/item/seatools-dos-master/


On 03/26/2015 04:38 PM, Patrick Bartek wrote:

Question: can I entrust to the Debian installer the
task of repartitioning and formatting the HD with all
that Windoze cruft already on it?


The Debian installer is a powerful tool and can do many things 
(partitioning, RAID, volume management, encryption, file systems, etc.), 
but not all (notably ZFS).  The noob approach is to let the installer do 
things automatically.



On Thu, 26 Mar 2015, Bob Bernstein wrote:

Do it right, the first time.


1.  Doing it right is a matter of experience.

2.  Experience is a matter of doing it wrong.

Assuming this is a hobbyist machine, I'd say go for it.


I've discovered that the Debian installer can install Debian onto 
SanDisk Ultra Fit USB 3.0 flash drives and that they work as bootable 
system drives.  A 16 GB model runs for ~$11.  I suggest that you 
disconnect the HDD, get one of those flash drives, and play with that.



Once things stabilize and you start using the machine for real work, 
you'll want to take a binary image of the system drive, implement a 
backup system for your data, and store copies off-site.



David


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/5514aa48.2050...@holgerdanske.com

Re: Redirect HTTPS with Squid3+Squidguard

Peter Viskup skupko...@gmail.com wrote:

 It's the way you look at.  For me it's about prevention...your child
 can click on some link somewhere and see some pictures/videos which
 will remain in his/her mind (let's say) forever and can harm even if
 it was only seconds they were seen...I am speaking about children less
 than 15 years old...and even older children needs protection.

[citation needed]. I don't know where this came from, but this is a
phrase I hear and read very often: Oh, a picture of a nude woman will
cause harm to my child. 

Younger children don't understand nudity and the badness, associated
with it by the adult world and its social norms. 

Older children, after hitting puberty, are of course interested in such
stuff, because this belongs to the process of growing up. But there is
no technical way of shielding a curious 15-year old from finding nude
pictures on the web without switching network access off as a whole.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/13bg3mppro...@mids.svenhartge.de

Re: Redirect HTTPS with Squid3+Squidguard

2015-03-26 Thread John Hasler

Why don't you just get rid of the computers?
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87y4mjswb2@thumper.dhh.gt.org

Bug lubuntu

2015-03-26 Thread Rodrigo Cunha

Fala pessoal, olha o que eu peguei no lubuntu.


operador@lab:/var/www/www.loja.meudominio.intranet$ pwd
/var/www/www.loja.meudominio.intranet
operador@lab:/var/www/www.loja.meudominio.intranet$ ls -l ../
total 16
drwxr-xr-x 2 www-data www-data 4096 Mar 18 16:46 html
drwxrwxr-x 2 www-data www-data 4096 Mar 26 10:33
www.loja.meudominio.intranet
drwxrwxr-x 3 www-data www-data 4096 Mar 18 23:45
www.phpmyadmin.meudominio.intranet
drwxrwxr-x 3 www-data www-data 4096 Mar 16 15:50
www.wiki.meudominio.intranet
operador@lab:/var/www/www.loja.meudominio.intranet$ whoami
operador
operador@lab:/var/www/www.loja.meudominio.intranet$ !mkdir
mkdir public_html
mkdir: é impossível criar o diretório “public_html”: Permissão negada
operador@lab:/var/www/www.loja.meudominio.intranet$ cat /etc/passwd |grep
-i data
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
operador@lab:/var/www/www.loja.meudominio.intranet$ cat /etc/group |grep -i
data
www-data:x:33:operador
operador@lab:/var/www/www.loja.meudominio.intranet$


-- 
Atenciosamente,
Rodrigo da Silva Cunha

Re: Redirect HTTPS with Squid3+Squidguard

rog...@queernet.org wrote:
 Michael Graham wrote:
  As MITM proxies in school/business seem to be pretty common in the
  US and the UK.
 
 I bet your proxy firewall does it too.

I bet not!  I think you are confusing https with http.  We are talking
about https here not http.  And even then I don't know of any consumer
grade firewalls that configure an http proxy by default.  Those tend
to only be in industrial grade systems for larger sites for bigger
companies and campuses.  I bet you are thinking of those http proxies.

In regards to this when I am setting up a web form I always set up the
form using https now.  I have too many times had to deal with broken
company proxies that mangled http POST data.  I could name names but I
would be violating confidentiality agreements.  I saw one that was so
broken with mangled POST data that I couldn't believe it was working
for anyone for anything.  Wow it was bad.  Not to mention the normal
mundane problems routinely seen of stale cached pages and so forth
that everyone runs into sometime.

Having been hurt before I now only use https for any web form entry
even trivial stuff not needing security or privacy.  I now use https
specifically to avoid broken http proxies in between user and server.
So far I haven't yet run into anyone with a fake CA MITM proxy in
between yet.  But I am sure it will happen eventually.

Bob


signature.asc
Description: Digital signature

Re: hola como puedo conseguir documentacion kali linux

2015-03-26 Thread Juan Lavieri

Hola.

El 26 de marzo de 2015, 13:34, Juan Carlos Betancourt ju...@disaic.cu
escribió:

  saludos  amigos  necesito  conseguir  algun documento  pequeno pero
 factible para   este  software que me dicen reemplaza  a backtrack pues me
 dicen que es la  version  moderna   saben  cuales  son  sus  mejoras  y
 caracteristicas en  pc .



https://www.kali.org/official-documentation/

Si no tienes acceso a internet avísame qué necesitas y te lo envío.

Saludos




 gracias




-- 

Juan Lavieri

Errar es de humanos, pero es mas humano culpar a los demás.

Wifi compatibility

2015-03-26 Thread Ricardo Cardante

Hi there. I have a Toshiba Satellite S50-B-131. Is my wifi driver supported?
Thanks in advance.

Re: Wifi compatibility

2015-03-26 Thread Brian

On Thu 26 Mar 2015 at 19:45:27 +, Ricardo Cardante wrote:

 Hi there. I have a Toshiba Satellite S50-B-131. Is my wifi driver supported?
 Thanks in advance.

Definitely.

Get back to us when you have set it up successfully.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/26032015195312.c7add9f87...@desktop.copernicus.demon.co.uk

Re: Wifi compatibility

2015-03-26 Thread Mark Carroll

Ricardo Cardante ricardocarda...@gmail.com writes:

 Hi there. I have a Toshiba Satellite S50-B-131. Is my wifi driver supported?
 Thanks in advance.

I don't have one but some looking online suggests that it has the Intel
AC 3160 which should work if you install firmware-iwlwifi from non-free,
and a newer kernel like jessie's.

-- Mark


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87twx7k002@ixod.org

magazine printing

2015-03-26 Thread hey...@candidusprint.com

Hi, good day!

We are Candidus Printing from Shenzhen, China specialized in book, magazine, 
catalog printing, good qua1ity and ha1f c0st. 

For a quick inquiry please reply with size, how many pages, color, stock, 
quantity, will send quotation at first time.:) 


Sorry for the disturb.

Best regards! :-)
--
HE Yong (Leo)

cost-effective  considerate printing service, all at:
SHENZHEN CANDIDUS PRINTING
www.candidusprint.com 
TEL: +86-755-33073344  Cell: +86-13510244214
Skype: rainbowprinting
QQ：446504458

Re: create /etc/udev/rules.d/70-persistent-net.rules

Christoph Pleger wrote:
 I want to boot a computer from network by PXE, with an NFS filesystem as
 root fs, install a basic system on the local disk and then boot the
 computer from the disk. After booting from disk, the names of the network
 interfaces should be the same as before with the NFS root.

 So, I thought that I can simply copy
 /etc/udev/rules.d/70-persistent-net.rules from my NFS root into the
 directory ${TARGET}//etc/udev/rules.d/, where $TARGET becomes /
 later on the local disk. But unfortunately, that file is not created
 when booting from network, so it cannot be copied.

On my NFS diskless client the 70-persistent-net.rules *is* created and
updated when booting.  Therefore your strategy would work in my
environment.  In my diskless boot environment my
70-persistent-net.rules file would grow and grow and grow as I booted
different hardware if I didn't actively prune it.

Therefore I ask, why doesn't it get created in your NFS boot environment?
Are you actively preventing it from being created?  (Note that
Raspbian for the pi actively prevents it.)

Other related ideas: After you have PXE booted your NFS diskless
client you will know the ethernet address of your network device.
That would allow you to differentiate the different NICs from each
other later.  Read through the /lib/udev/write_net_rules script and
see how you can drive it as you desire.

Bob


signature.asc
Description: Digital signature

Re: Problem with accessing external USB HDD

Bret Busby wrote:
 I have an external USB HDD connected to a system running Debian 6 LTS.

I don't really have any great contribution.  But since no one else
seems to have any good response I will contribute what I know.

I have never had good luck with USB connected hard drives.  They work
for a while.  But then invariably they get dropped offline.  It might
be 3-6 months between events.  But for me they just are not reliable.
In the past I have tried very hard to use them as system disks.  Now I
consider that something to avoid.

I still use USB disks as large floppies.  They are still great for
being large temporary data stores for holding and moving data between
machines.  But only when connected for short term use.  Reading your
problems just reinforces this belief.

[On the other hand USB network devices have been rock solid for me.
Meaning that while I avoid USB disks I actively use USB networking on
several machines to add additional NICs.  I am planning another site
using additional USB NICs.  It is probably hardware dependent but they
have been working great for me regardless of the opposite for disks.
And I have three sites using USB sound cards very robustly.]

 I have tried to transfer data from the desktop intenal HDD, to the
 external USB HDD.

 The file manager shows as being Nautilus 2.30.1.

I read by your message that you are a graphical desktop user.  That's
fine.  But for transfering large amounds of data the command line
tools such as rsync are the best in class.  I wouldn't even consider
trying to use nautilus or other graphical file managers for this type
of task.  I would highly recommend using rsync.  Even if for you it
means a stretch to get off of the mouse and over to the keyboard.

The best advantage of tools such as rsync is that it is
interruptable and restartable with a minimum of lost effort.  I may be
1G into a 3G transfer and want to stop it, change something, and
restart it again.  With a normal copy that would mean copying the
original data again.  With rsync it means it will examine what needs
to be done and be able to continue the copy using the already
transfered data as done and moving forward.

  rsync -avP /from/here/dir-or-file /to/there/dir/

 From time to time, as in this instance, I forget (until too late) that
 Debian 6 can not cope with transferring data more than about 1GB at a
 time; in this instance, I had tried to transfer about 3GB, to make
 room in my /home partition.

Knowing how flaky USB disks interfaces tend to be I think this is most
likely a hardware problem.  Doesn't change your situation.  But I
think it blames the right thing to blame.

In any case I have definitely copied gigs and gigs of data to and from
USB disks.  It can be very good to make large data sets portable on a
portable USB drive.  My complaints usually happen after the disk has
been in active use as a system device for a month and then it goes
offline.

 The transfer had seized up, after transferring about 1.1GB of the
 3.2GB that I had tried to ransfer, so, after a couple of days of it
 apparently doing nothing, I stopped it, and, as the system monitor
 showed a system load of around 43 (whatever that means - if it was as
 a percentage of system capacity, it could be more meaningful, to me).
 The system monitor currently shows a system load average of about 35.

Let me give a short explanation of system load.  Which is almost
impossible to say briefly so forgive me in advance for leaving out
important parts, saying half of it wrong, and still saying too much.
The concept is the important part here.

First there is no set capacity.  There isn't a cap such as 5 or 10 or
100.  Therefore there isn't a way to say what percentage of your
system is being used by any particular system load.  But it is an
important indicator of system status and health.  A load of 35 or 43
are both very high system loads!

The operating system process scheduler schedules processes to run.
A process ready to run is queued into the run queue.  If the process
is calculating PI to a zillion decimal places then it is going to use
100% of the cpu until it has consumed its time slice and suspended to
give the next process time to run.  If there are no other proceses
then the cpu will be given back to this process and the cpu will
continue to be 100% utilized forever.

But what about processes reading and writing to the disk drive or
network?  In computer speed spinning disk drives are slow.  In
computer speeds networks are slow.  Web servers are slow.  Say that
your web browser sends an http GET request to a web site.  It then
must wait for the response.  Your web browser is ready to run.  But it
can't.  It is waiting for external events return.  It is blocked
waiting for I/O.  While it is waiting the OS will schedule another
process to run.  If there is another process ready it will get cpu.
It may also be waiting for the disk drive to spin and return data.  Or
spin and complete a data write.

The OS will

Re: Redirect HTTPS with Squid3+Squidguard

 Hi.

On Thu, 26 Mar 2015 12:44:11 -0700
rog...@queernet.org wrote:

 On 3/26/15 12:42 PM, Michael Graham wrote:
  On 26 March 2015 at 14:18, Reco recovery...@gmail.com wrote:
  Then it's even worse that I thought. I don't know about Germany, but
  where I live tampering with public communications is considered a
  criminal offense. I strongly suggest you to seek a legal advice before
  doing anything like SSL bump.
  Just out of curiosity where do you live?  As MITM proxies in school/business
  seem to be pretty common in the US and the UK.
 
 
 I bet your proxy firewall does it too.

Ow. Exactly which kind of consumer-grade hardware comes with SSL bump
preinstalled? That's very interesting to me as I like know which
hardware to avoid in the future.

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150327001748.eaa74ebe2f99c62bd4623...@gmail.com

Re: Redirect HTTPS with Squid3+Squidguard

 Hi.

On Thu, 26 Mar 2015 18:18:24 +0100
Michael I. linux-michae...@abwesend.de wrote:

 Hello,
 
 for private usage I am think a filter isn't good, children need trust 
 and a filter is the opposite of trust.
 
 But in usage for a school I think a filter is better, a teacher can't 
 look on all computers. The kids are trying out thinks in school which is 
 good but when nobody is there to explain the things that they are see, 
 this isn't good. My target isn't to block all adult content, but when I 
 block 60% of all adult content this is still better as nothing.

Then it's even worse that I thought. I don't know about Germany, but
where I live tampering with public communications is considered a
criminal offense. I strongly suggest you to seek a legal advice before
doing anything like SSL bump.

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20150326211809.aad7927f50fb15745e446...@gmail.com

Re: Redirect HTTPS with Squid3+Squidguard

Reco recovery...@gmail.com wrote:
 On Thu, 26 Mar 2015 18:18:24 +0100 Michael I. linux-michae...@abwesend.de 
 wrote:

 for private usage I am think a filter isn't good, children need trust
 and a filter is the opposite of trust.
 
 But in usage for a school I think a filter is better, a teacher can't
 look on all computers. The kids are trying out thinks in school which
 is good but when nobody is there to explain the things that they are
 see, this isn't good. My target isn't to block all adult content, but
 when I block 60% of all adult content this is still better as
 nothing.

 Then it's even worse that I thought. I don't know about Germany, but
 where I live tampering with public communications is considered a
 criminal offense. I strongly suggest you to seek a legal advice before
 doing anything like SSL bump.

It is not very different for Germany either.

I moved the lawyery bits to private mail because I don't want to bore
the list to death with it and talking about rules and regulations is
easier in the native tongue ;)

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/15bg47m3ro...@mids.svenhartge.de

hola como puedo conseguir documentacion kali linux

2015-03-26 Thread Juan Carlos Betancourt

saludos  amigos  necesito  conseguir  algun documento  pequeno pero  factible 
para   este  software que me dicen reemplaza  a backtrack pues me dicen que es 
la  version  moderna   saben  cuales  son  sus  mejoras  y caracteristicas en  
pc .

gracias

Re: trouble installing Debian testing/jessie

2015-03-26 Thread Joris Bolsens

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 03/25/2015 12:30 PM, mizuki wrote:

 The attempt to mount a file system with type ext4 in SCSI1(0,0,0), 
 partition #1 (sda) at / failed. You may resume partitioning from
 the partitioning menu.
 

I've never had this problem and honestly have no idea what would cause
it. Try manually formatting/clearing the entire harddisk first (using
a live cd or something) or maybe run fdisk to make sure you dont have
any hardware issues.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJVFJNiAAoJEORnMHMHY2FrQbwP/A6udZTsgcFBEj51uu2q27Wo
PioCgLRAuRkm/6OxkiPkyrHdmlwpdiQEbQQEW3vkmB1yXDKetX54jyZHwPpokAyw
Qth3aR47JmWeii/e4jrs5HLFJemBw34zIrUELnpE91w8fOtcJGB1GNCkMSQdA6LL
WiLKDkRA5iIGXUBC0LTqWJMt0ihnz21uM7Mkp4NBKRd6DB0nKakLKRkjvJlSOyGo
aNN6/coI9RYvkOJH6VbUz8Ce48Ccd9rKvZYRl05qABxyIc1v0ZQivMsEw3HklW+3
sIGOhHt+JeFiC3flrWzKWMfKhKaaNTbHP812160sVj9zEbOpSeiziQloHu9or2LY
BmroxFIYXOKs4KkDTfpXSGKoG5DxoNDDpEZBmIP1oluhjS8vPbRJmv2/PRFfeaxc
CREAidTThcuFyDf3Jf24te0L9guwWxkgju5NW1vT+MczSBYYst1gmEM1ijyGAXhO
7jvtsl0G+YXuPrvkMnu4vV6EzgHFgBTSDggMCvMWmGpD6rn9WRghth4sSNEIaDok
V07eSttNJG57+IJPlnwwkujTealdSI1tHahSDezNH+MFxu/1krJEZxhLw5YQhKfN
0g/ew5OoG6dBsMh/gpnYwTPhPD4/OhQkLbrMqjAu8SVePmwWvEJMJrjnqO+hmSrq
SiTMcuu3m5dd7x9w6U4W
=+Qkh
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/55149362.8050...@gmail.com

Re: Redirect HTTPS with Squid3+Squidguard

2015-03-26 Thread Michael Graham

On Thu, 26 Mar 2015 17:18 Reco recovery...@gmail.com wrote:



  Hi.

 On Thu, 26 Mar 2015 12:44:11 -0700
 rog...@queernet.org rog...@queernet.org wrote:

  On 3/26/15 12:42 PM, Michael Graham wrote:
   On 26 March 2015 at 14:18, Reco recovery...@gmail.com wrote:
   Then it's even worse that I thought. I don't know about Germany, but
   where I live tampering with public communications is considered a
   criminal offense. I strongly suggest you to seek a legal advice
before
   doing anything like SSL bump.
   Just out of curiosity where do you live?  As MITM proxies in
school/business
   seem to be pretty common in the US and the UK.
  
 
  I bet your proxy firewall does it too.

 Ow. Exactly which kind of consumer-grade hardware comes with SSL bump
 preinstalled? That's very interesting to me as I like know which
 hardware to avoid in the future.

 It's way more common than you seem to think. CERT recently did a blog post
about it and it contains a list of both hardware vendors (like Bloxx and
bluecoat) as well as commercial and free software.

http://www.cert.org/blogs/certcc/post.cfm?EntryID=221

Basically if you're selling a web filter or similar security device, you
let admins bump SSL.

Given how easy it is for those same admins to push the fake SSL CAs out
over active directory group policy it's pretty much transparent to most
naive users who don't understand the difference between https and http
never mind trying to explain a MITM proxy with a fake root CA!

Cheers,

Re: Planning a new Debian box!

2015-03-26 Thread Patrick Bartek

On Thu, 26 Mar 2015, Bob Bernstein wrote:

 Shortly I will become the owner of a refurbished Dell 
 with Win7 already on its 160g sata hard drive.
 
 I have no need or use for a multi-OS multi-boot 
 machine. I only want wheezy on this for now.

Make a Restore disk of W7 anyway.  Get the codes, etc.  You never know:
You may need to put W7 back on it.

 Question: can I entrust to the Debian installer the 
 task of repartitioning and formatting the HD with all 
 that Windoze cruft already on it?

Depends.  Special partitioning scheme?  LVM?  RAID?  Encryption?  Etc.
The options the installer gives you might not be what you want.  For
basic partitioning, though, the installer's partitioning tool works
fine.

 Or, are there steps I ought to take prior to launching 
 the installer, perhaps involving other disk tools? I 
 don't trust what M$ puts on hard drives!

Yes, yes, YES!  RTFMs before doing anything.  Why do so many skip this
VERY important step?  And they do.  Constantly.  And screw up the
install. And then blame Debian for it.

   https://www.debian.org/doc/

Do it right, the first time.


B


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150326163824.56d79...@debian7.boseck208.net

Need help with CUPS printing

2015-03-26 Thread Paul E Condon

I'm running Jessie, as close to plain vanilla as my hardware allows.
I have a HP Laserjet 5MP. This is an ancient device. It has built-in
firmware for Level 2 Postscript printing and a special socket for
Apple Localtalk connection, but no USB. It is a sturdy old beast and
was running nicely until quite recently. But in a special configuration
that needs to be understood in order to give help:

My main desktop computer on which I receive email, and create my own
documents has *only* USB. I bought a special cable that has a USB to
Centronics conversion dongle at one end. But I can't use it because the
socket for Centronics on the printer is in recessed place in the
printer where the dongle won't fit and I can't enlarge the place
without sawing away parts of the printer framework that are necessary
for the paper feed system to work. So, instead, I put into service an
old micro-mini Dell (now running Jessie) and put CUPS on it, and
configured it to be a print server. But all this was well before I had
any idea that there would ever be anything like Jessie in my
future. At first, after some fiddling, the print server worked under
Jessie, but now it has stopped working. The printer continues to
produce test pages when requesting them from the old Dell keyboard and
in self-test mode by pushing buttons on the printer itself, not by
typing at the computer keyboard.

After installing the most recent upgrades to Jessie on both computers
this morning, I tried to print a few pages from iceweasel and printing
worked. But I also want to be able to print from Emacs, which I use to
compose my emails, such as this one. Emacs told be that there was no
default printer even though I had just selected the printer on the old
Dell from a pick-list presented to be by the print user interface
presented to me by the Emacs user interface. I think I should configure
the Cups server on my desktop computer to indicate that that printer
over on the old Dell is the one for Emacs. But how do I do that?

I can't trust my own investigations to determine if there have been any
recent changes in the Jessie CUPS packages in the recent past. I know
there was a new version of CUPS at the time that Jessie entered pre-release
freeze, and I pretty sure my system was working then and not something
that I lost in my transition from Wheezy. And, of course, I'd like a
more foreword looking suggestion than to re-install Wheezy. I'd like this
fixed before Jessie release because I have a bad feeling that the longer
I wait the further from the main-stream I will be. I need, with my old
hardware, to be as close to the middle of the herd of users as I can be.

The print driver for the HPLj-5MP that I have been using in recent years
is the one with (recommended) in its listing in the pick-list of all HP
print drivers in the localhost:631 web site on both computers. Beyond that
I can't think of anything people might need to know about my set-up. I'd
be glad to answer any questions about things that I haven't realized might
be important.

Please help

-- 
Paul E Condon   
pecon...@mesanetworks.net


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150326233800.ga15...@big.lan.gnu

Re: ifupdown en jessie, iproute2 e interfaces bridge

2015-03-26 Thread sio2

El Wed, 25 de Mar de 2015, a las 02:36:09PM +, Camaleón dijo:

  lo ejecuta ifupdown él solito, sin doparse con scripts externos, en
  cuanto ve que una interfaz se llama XXX.NUMERO.
 
 Es lo mismo :-)

No, no es lo mismo. Bueno, no es lo mismo lo que yo digo. Lo que tú
dices sí es lo mismo, pero es que *estamos hablando de aspectos totalmente
diferentes*.

 Un script puede ser una simple línea que ejecute un comando (ip) o ser 
 más elaborado (brtcl) pero en ambos casos se pretende la misma función: 
 crear una interfaz puente o crear una vlan que se pueda gestionar a 
 través de ifupdown, N-M o cualquier otro sistema encargado de la gestión 
 de la red.

Sí, pero no es a eso a lo que yo me refiero. Vuelvo otra vez a
explicarlo, porque ya me he propuesto que me acabes entendiendo.

Que la gestión al final se reduce a que ifupdown ejecute los comandos
que yo mismo podría ejecutar a mano con iproute2, brctl, vconfig,
openvpn, tunctl, dhclient o la herramienta que sea, no es algo que yo
desmienta en ningún momento: lo tengo claro y lo tenía claro antes de
iniciar el hilo. Eso es machaconamente en lo que tú insistes, pero es
que no hace falta que insistas en ello, porque yo lo sé.

La diferencia a la que yo me refiero está en el cómo lo hace ifupdown:

a) Algunas configuraciones simples (normalmente las que no requieren
   crear ninguna interfaz)

   iface eth0 inet static
  address 192,.168.1.10

   por supuesto que necesitan por debajo que ifupdown ejecute comandos
   (ip en este caso particular), pero no requieren que se le dicte a
   ifupdown cuáles son, porque él ya los sabe: la forma de gestionar
   esta declaración para eth0 ya está implementada en el core de la
   herramienta. O dicho de otro modo, si me paseo por los directorios
   /etc/network/if-*.d/, no veré ningún script que le diga a ifupdown
   cómo tiene que configurar esto.

b) Otras configuraciones más complejas (normalmente las que requieren
   crear antes la interfaz) como:

   iface tun0 inet manual
  openvpn hostremoto

   Sí que requieren que se le dicte a ifupdown cómo manejar esa opción
   de openvpn hostremoto y, de hecho, si miro dentro de if-up.d y de
   if-down.d veré dos scripts llamados ambos openvpn que se instalan
   junto al paquete homónimo.

Pues bien, si analizamos el caso de gestionar una interfaz vlan, resulta
que hasta hace dos o tres años, nos encontrábamos en el caso b) e
ifupdown requería de scripts externos (if-pre-up.d/vlan e
if-post-down.d/vlan) que se instalaban con el paquete vlan, porque de
hecho esos scripts usan el comando vconfig que se encuentra en dicho
paquete. Ahora bien, eso cambió hace un tiempo y ahora ifupdown es capaz
de gestionar esas interfaces sin requerir ningún script externo. Como,
además, usa iproute2 que es una dependencia suya, no es necesario
instalar ningún paquete adicional. Resumiendo:

1. Modo antiguo: requiere scripts externos que usan la opción
   vlan_raw_device (caso b)

iface eth0.10 inet static
   address 192.168.10.1
   vlan_raw_device eth0
   
2. Modo moderno: no requiere nada adicional y la funcionalidad está en
   el core de ifupdown (caso a)

iface eth0.10 inet static
   address 192.168.10.1

Expuesto esto, mi pregunta original fue: la gestión de una interfaz
bridge con ifupdown, sigue requiriendo la instalación de bridge-utils y
los scripts que instala (caso b) o ya no requiere ningún script
adicional y usa iproute2 (caso a) tal como pasa con las vlan?  En el
segundo caso, ¿cuál es su sintaxis?

Motivo de la pregunta: no encuentro nada en internet, pero es que
me costó mucho encontrar la solución a) para vlan y fue por casualidad.
La mayor parte de la documentación que encuentro sobre debian al
respecto no me parece fiable por obsoleta.

Espero haberme explicado con claridad. Si no lo he hecho, no puedo
hacerlo mejor y doy por cerrado el hilo.

Gracias por tu tiempo.

-- 
   Parezco en mi fortuna al Manzanares,
que con agua o sin ella siempre es río.
  --- Tomé de Burguillos ---


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150326072805.ga3...@cubo.casa

Re: Bug lubuntu

2015-03-26 Thread Rodrigo Cunha

Traduzindo, o usuário operador adicionado ao grupo www-data nao
consegue criar subdiretorios de um diretorio do grupo www-data com
permissão rwx.


Em 26 de março de 2015 10:54, Rodrigo Cunha rodrigo.root...@gmail.com
escreveu:

 Fala pessoal, olha o que eu peguei no lubuntu.


 operador@lab:/var/www/www.loja.meudominio.intranet$ pwd
 /var/www/www.loja.meudominio.intranet
 operador@lab:/var/www/www.loja.meudominio.intranet$ ls -l ../
 total 16
 drwxr-xr-x 2 www-data www-data 4096 Mar 18 16:46 html
 drwxrwxr-x 2 www-data www-data 4096 Mar 26 10:33
 www.loja.meudominio.intranet
 drwxrwxr-x 3 www-data www-data 4096 Mar 18 23:45
 www.phpmyadmin.meudominio.intranet
 drwxrwxr-x 3 www-data www-data 4096 Mar 16 15:50
 www.wiki.meudominio.intranet
 operador@lab:/var/www/www.loja.meudominio.intranet$ whoami
 operador
 operador@lab:/var/www/www.loja.meudominio.intranet$ !mkdir
 mkdir public_html
 mkdir: é impossível criar o diretório “public_html”: Permissão negada
 operador@lab:/var/www/www.loja.meudominio.intranet$ cat /etc/passwd |grep
 -i data
 www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
 operador@lab:/var/www/www.loja.meudominio.intranet$ cat /etc/group |grep
 -i data
 www-data:x:33:operador
 operador@lab:/var/www/www.loja.meudominio.intranet$


 --
 Atenciosamente,
 Rodrigo da Silva Cunha




-- 
Atenciosamente,
Rodrigo da Silva Cunha

Re: Bug lubuntu

2015-03-26 Thread P. J.

http://ubuntuforum-br.org/

Em 26/03/15, Rodrigo Cunharodrigo.root...@gmail.com escreveu:
 Fala pessoal, olha o que eu peguei no lubuntu.


 operador@lab:/var/www/www.loja.meudominio.intranet$ pwd
 /var/www/www.loja.meudominio.intranet
 operador@lab:/var/www/www.loja.meudominio.intranet$ ls -l ../
 total 16
 drwxr-xr-x 2 www-data www-data 4096 Mar 18 16:46 html
 drwxrwxr-x 2 www-data www-data 4096 Mar 26 10:33
 www.loja.meudominio.intranet
 drwxrwxr-x 3 www-data www-data 4096 Mar 18 23:45
 www.phpmyadmin.meudominio.intranet
 drwxrwxr-x 3 www-data www-data 4096 Mar 16 15:50
 www.wiki.meudominio.intranet
 operador@lab:/var/www/www.loja.meudominio.intranet$ whoami
 operador
 operador@lab:/var/www/www.loja.meudominio.intranet$ !mkdir
 mkdir public_html
 mkdir: é impossível criar o diretório public_html: Permissão negada
 operador@lab:/var/www/www.loja.meudominio.intranet$ cat /etc/passwd |grep
 -i data
 www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
 operador@lab:/var/www/www.loja.meudominio.intranet$ cat /etc/group |grep -i
 data
 www-data:x:33:operador
 operador@lab:/var/www/www.loja.meudominio.intranet$


 --
 Atenciosamente,
 Rodrigo da Silva Cunha



-- 
|  .''`.   A fé não dá respostas. Só impede perguntas.
| : :'  :
| `. `'`
|   `-   Je vois tout


--
To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/cacnf0pid2+wwn6d+gdwzzp2bvyknrj4u927huqxcj3-u_l_...@mail.gmail.com

Re: Redirect HTTPS with Squid3+Squidguard

Hello Reco,

On Thu, Mar 26, 2015 at 4:13 PM, Reco recovery...@gmail.com wrote:

  Hi.
 And just as well child can see a naughty picture on TV. Or a phone ad.
 Or a magazine/newspaper. Anywhere, once you start thinking about it.


And that's just sad, disturbingly and one of the main reasons of so many
people facing porn addiction.

Whatever damage is done depends on child's state of mind, which is
 influenced by his/her prior education. Which, for the most part, should
 be (IMO) provided by parents first, and society (friends, school,
 whatever) - second.


First would recommend you to read something about the psychology of
children.

And internet censorship is not a substitute of education. The only
 thing that censorship can teach is how to workaround it. Or that one's
 parents are complete insert_some_profanity_here. Is that how you want
 your children to perceive you?


From this point of view all aspects of parenting are censorship. It's not
about the government internet censorship - differentiate between parenting
and freedom protection and well - I didn't tell the education is not needed.


 Besides, what's up with this 15 years mark?


Just as an example - no other meaning, everybody can choose its own number.
;-)

My last sentence to this thread - read The Little Prince a lot and once
you will understand what's all this about probably and then you will be
ready for reading Citadelle. Yes - I know - too much pathetic for
somebody...

Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs

2015-03-26 Thread Bernardo

Le 26/03/2015 14:17, Raphaël POITEVIN a écrit :
 Bonjour, Bernardo bernardo.s...@siorat.net writes:
 - si je transfère le même fichier par sftp vers la machine distante, ça
 dure moins de 5 secondes !
 
 c’est-à-dire, que fais-tu ?

je tape une commande : sftp monlo...@machine.tld:/repdist monfichier

J'ai aussi essayé, sur le conseil de Bernard avec filezilla, toujours en sftp
bien sûr, et ça fonctionne correctement.

À noter pour l'histoire que tous les clients ne sont pas pareils : gftp met
aussi 15 min pour transférer le fichier...

 
 Si tu fais un cp ça réagit comment ?
 
le fichier passe en une grosse minute

-- 
Cordialement,
Bernardo.

C'est nous qui faisons des femmes ce qu'elles valent et voila pourquoi
elles ne valent rien.
-+- Gabriel Honoré Riquetti, Compte de Mirabeau (1749-1791) -+-

--
Lisez la FAQ de la liste avant de poser une question :
http://wiki.debian.org/fr/FrenchLists

Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe
vers debian-user-french-requ...@lists.debian.org
En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org
Archive: https://lists.debian.org/551413c7.4010...@siorat.net

Re: Política de ficheros externos en Debian

El Wed, 25 Mar 2015 19:53:47 +0100, Manolo Díaz escribió:

 El miércoles, 25 mar 2015, a las 19:43 UTC+1 horas,
 Camaleón escribió:

(...)

Pero ya debería estar corregido (wheezy lleva la versión 1.15-1), hum...
mira:

veusz-helpers: fails to upgrade from wheezy - trying to overwrite /usr/
lib/python2.7/dist-packages/veusz/resources
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714891

Pues no, corregido está en la 1.20.
 
 Y archivado. Pues les he enviado otro informe, no he visto el que
 apuntas. Me van a odiar por distraerlos mientras faenan para sacar
 adelante a Jessie :'(

Ya sabes que suelen hacer poco caso, vamos, que puedes mandar un informe 
de fallo y hasta dentro de un año no recibir respuesta.

Por cierto, el bug creo que es para el paquete veusz-helpers.

Saludos,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/pan.2015.03.26.14.29...@gmail.com

Re: ifupdown en jessie, iproute2 e interfaces bridge

El Thu, 26 Mar 2015 08:28:05 +0100, José Miguel (sio2) escribió:

 El Wed, 25 de Mar de 2015, a las 02:36:09PM +, Camaleón dijo:
 
  lo ejecuta ifupdown él solito, sin doparse con scripts externos, en
  cuanto ve que una interfaz se llama XXX.NUMERO.
 
 Es lo mismo :-)
 
 No, no es lo mismo. Bueno, no es lo mismo lo que yo digo. Lo que tú
 dices sí es lo mismo, pero es que *estamos hablando de aspectos
 totalmente diferentes*.
 
 Un script puede ser una simple línea que ejecute un comando (ip) o ser
 más elaborado (brtcl) pero en ambos casos se pretende la misma función:
 crear una interfaz puente o crear una vlan que se pueda gestionar a
 través de ifupdown, N-M o cualquier otro sistema encargado de la
 gestión de la red.
 
 Sí, pero no es a eso a lo que yo me refiero. Vuelvo otra vez a
 explicarlo, porque ya me he propuesto que me acabes entendiendo.

(...)

José Miguel, lo entiendo perfectamente.

Simplemente a tu pregunta de si es necesario el paquete bridge-utils 
para crear una interfaz puente la respuesta es que puedes usar varias 
herramientas, entre ellas la que te proporciona bridge-utils, por lo 
tanto, la respuesta es que NO, no es necesario, que puedes crearla con la 
herramienta que prefieras o manualmente con iproute2 y una vez creada la 
puedes declarar o usar o gestionar o como prefieras llamarlo directamente 
desde el archivo /etc/network/interfaces.

Por otra parte, grosso modo a ojos del kernel no hay ninguna diferencia 
entre eth0 y br0, no hay un sistema core en el ifupdown como dices para 
crear una u otra, simplemente se trata de dos interfaces distintas que se 
gestionan a través de módulos distintos, nada más.

En cuanto a la sintaxis para gestionar los puentes lo tienes especificado 
en la página del manual de la herramienta que uses para crearlos (man 
brctl, man ip, etc...).

Saludos,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/pan.2015.03.26.14.46...@gmail.com

Re: Redirect HTTPS with Squid3+Squidguard