Re: Créer boot Grub avec super grub disk sur clé usb
On Wednesday 25 March 2015 01:01:57 mireero wrote: Chais pas mais ubuntu (live) aussi monte sa partition racine sur /cow. Ca m'a rappelé un souci que j'avais eu une fois et pour installer grub j'avais du faire: sudo mount /dev/sda6 /mnt sudo grub-install --root-directory=/mnt /dev/sda sda6 étant la partition racine de wheezy et /dev/sda pour installer le boot loader sur le mbr du disque 1 (cas classique). - quel disque a le flag boot (vois dans gparted ou autre) ? : /dev/sda2 = boot (vfat) (contient bien le boot de Windows-8). - C'est du gpt ou mbr (pareil ou vois ce que fdisk et gdisk renvoient)? - Quand tu as rsync debian, es-tu sûre avoir bien rapatrié l'arborescence /boot : OUI. Le mode opératoire que tu conseilles semble être celui d'un partitionnement du disque dur en MBR. Mon disque dur est en partitions GPT + boot UEFI, ce qui change l'installation de Grub et l'utilisation de grub-efi à la place. Je me demande si une partition GPT ne peut contenir que des systèmes 64 bits ? Or, la Wheezy installé via rsync est une 32 bits... @+ André -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/201503261009.10292.andre_deb...@numericable.fr
Re: create /etc/udev/rules.d/70-persistent-net.rules
On Wed, Mar 25, 2015 at 04:46:44PM +0100, Christoph Pleger wrote: Hello, I want to boot a computer from network by PXE, with an NFS filesystem as root fs, install a basic system on the local disk and then boot the computer from the disk. After booting from disk, the names of the network interfaces should be the same as before with the NFS root. So, I thought that I can simply copy /etc/udev/rules.d/70-persistent-net.rules from my NFS root into the directory ${TARGET}//etc/udev/rules.d/, where $TARGET becomes / later on the local disk. But unfortunately, that file is not created when booting from network, so it cannot be copied. Therefore, I wanted the file to be created later and found the following solution, which worked on a computer where I had deleted /etc/udev/rules.d/70-persistent-net.rules before, for that: for file in /sys/class/net/*/uevent; do echo add $file done But on the computer with NFS as root fs, this also did not work. Does somebody have a suggestion how I can still let the file be created? Not quite what you're asking for, but on my own diskless client, I switched to dracat for the initrd (because it supports NFSv4). With that, I can add interface names to the kernel command line like: BOOT_IMAGE=vmlinuz initrd=initrd.img rw root=nfs4:hostname:/nfsroot ifname=bootnet:00:01:02:03:04:05 ifname=dmz:00:01:02:03:04:06 ip=bootnet:dhcp (So you add ifname=, then the name you want to give the interface, then a colon and then the MAC address of that interface) Regards Christoph -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/361ca026a3dbdea4addf29d9856b2f8b.squir...@postweb.cs.tu-dortmund.de signature.asc Description: Digital signature
Re: [OT] Inicializarme en el mundo de openstack
El 26 de marzo de 2015, 0:19, Erick Ocrospoma zipper1...@gmail.com escribió: 2015-03-24 12:26 GMT-05:00 Maykel Franco maykeldeb...@gmail.com: Hola buenas, la verdad es que cada vez me llama más la atención este proyecto opensource, igual que el de Cloud Stack de Apache. Tengo una pequeña duda, porque yo entiendo la nube como tener el dashboard en una máquina, engancharlo a un KVM de otra máquina, también conectarlo a un VMware, conectar un NFS para backups, otra máquina para BBDD... y entre todas las máquinas formar la nube. Mi duda es, para poder realizar pruebas de openstack, es decir, montarlo y trastear un poco, me vale una máquina anfitriona potente que tenga KVM para meter máquinas virtuales? Si O para realizar pruebas de virtualización, snapshots de volúmenes y demás necesito necesariamente máquinas físicas con KVM, VMware? Pues a la fecha soporta bastantse hypervisores http://docs.openstack.org/trunk/config-reference/content/section_compute-hypervisors.html LXC ... Y no tiene soporte para Openvz... Juuu Si tu fin es testearlo lo puedes hacer en una sola maquina (single node/all-in-one node), lo ideal es tener la gestión de CPUs (nova compute node) y la red (neutron node) en maquinas separadas, para aislar cuellos de botella debido a carga o problemas de red. Obviamente tu storage también debería ir separado. Puedes instalarlo en máquinas virtuales sobre VirtualBox/VMware. Existen varias isos con Openstack en la red, una de ellas es Mirantis Fuel https://software.mirantis.com/quick-start/ Si te inclinas a probar este, te ofrece un ambiente de 4 nodos (4 maquinas virtuales), los scripts de VirtualBox ayudan en la configuración de las interfaces de red necesarias. http://samuraiincloud.com/2014/08/13/building-openstack-icehouse-in-virtualbox-in-60-minutes-using-mirantis-fuel-2/ Personalmente prefiero RDO dado que me permite instalar todo el stack de servicios que necesita Openstack (y su configuración) aunque lastimosamente solo este disponible para Fedora/RedHat/CentOS y no para Debian. https://www.rdoproject.org/Quickstart Devstack vendría a ser algo lejanamente parecido a RDO, soportado para Ubuntu (por ende debería serlo con Debian). Dada la popularidad de OpenStack han aumentado las maneras de poder montarlo como podrás notar. Si cierto. Esto es justo la respuesta que buscaba, andaba un poco perdido entre tantas cosas... Al principio no te aclaras. Es que me gustaría probarlo y no sé si necesariamente necesito unas cuantas máquinas para probar por ejemplo... la virtualización. Muchas gracias Erick, me ayudado mucho tu respuesta. Gracias de antemano. Saludos. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/caj2aoa96ejxesauk7p6bwpuyt36uufm9dm_gd8lnd+2t0n...@mail.gmail.com -- ~ Happy install ! Erick. --- IRC : zerick About : http://about.me/zerick Linux User ID : 549567
Celeron quad-core (was: NUC ervaringsverhaal)
On 03/20/2015 10:07 AM, Paul van der Vlis wrote: Hoi, Ik heb een paar dagen geleden een NUC gekocht, oftewel een klein Intel computertje ter grootte van een pak suikerklontjes, waarin ook nog een SSD past. Leuk, HTPC's en NUC's met WiDi schijnen de laatste tijd populair te worden als portable workstation. Een werknemer met een NUC op zak heeft, naast een beeldscherm met WiDi, op zijn werkplek alleen nog een toetsenbord en een muis nodig. De processor heet Celeron maar is best krachtig. Het viel me op dat hij virtualisatie ondersteund en uiteraard 64-bit. Hij is goed bruikbaar voor het weergeven van full-screen video in HD resolutie via HDMI en uiteraard voor kantoorwerk. Hij heeft voor video alleen HDMI, geen VGA. De goedkoopste NUC heeft een Celeron N2820 dual-core. Er zijn inmiddels een aantal HTPC's en laptops met Celeron quad-cores. Tot nu toe: N2910, N2920, N2930, N2940, J1850, J1900. (HTPC's zijn o.a. Shuttle XS36V4, Gigabyte BRIX GB-BXBT-1900 en Zotac ZBOX CI320 nano, maar ik betwijfel of de laatste direct werkt met Jessie.) Groeten, Jan-Rens. -- To UNSUBSCRIBE, email to debian-user-dutch-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5513dbc9.2090...@gmail.com
Re: Avisering: Gnome 3.16 release ! - Tor 2015-03-26 10:00 - 11:00
Den 2015-03-26 09:49, Google Kalender skrev: Gnome 3.16 release ! Idag sl�pps Gnome 3.16. Vilket betyder att snart s� finns den �ven hos Debian repon f�r nerladdning. Mystiskt! Det här fick jag från Google Kalender idag. Med i mejlet stod även min gatuadress. Någon mer som fått ett sånt mejl ? -- /Rolf -- To UNSUBSCRIBE, email to debian-user-swedish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5513cfb9.7080...@gmail.com
Vitesse de transfert depuis/vers un répertoire monté avec sshfs
Bonjour, je suis en Debian Sid à jour, avec Xfce. Je monte un répertoire d'une machine distante avec sshfs et fuse. sshfs monlo...@sshfs.machine.tld:/repdist /point de montage -o idmap=user -o uid=1000 -o gid=1000 Il apparait bien dans la liste des périphériques dans le gestionnaire de fichier Thunar. Le problème : - si je fais un glisser/déposer d'un fichier de 15 Mo vers ce périphérique, le transfert va durer environ 15 min ! - si je transfère le même fichier par sftp vers la machine distante, ça dure moins de 5 secondes ! En gros : en graphique, ça rame, en console, ça passe. Le plus amusant, c'est que sshfs est basé sur sftp... Déjà 2 jours que je cherche et je n'ai toujours rien trouvé. Si vous avez des idées de pistes à explorer, je suis preneur... -- Cordialement, Bernardo. L'ennemi est bête, il croit que l'ennemi c'est nous, alors que c'est lui. -+- Pierre Desproges -+- -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/5513ea60.3050...@siorat.net
Re: Redirect HTTPS with Squid3+Squidguard
Hello it's me again, thanks for the hint with wget, this was very useful. The problem with not redirect https to an errorpage is not solved but this is okay. It's only a nice to have feature to redirect to an errorpage. But I have a new problem, I want to have a transparent proxy for http this works fine but when I add the iptables rule for https the loading won't work. With the config now you can bypass the blocking with using https, this is not so good. I think it's the same as the other problem I had, squid3 is not able to read and understand the https traffic unless I break the https protocol. But when I use the CONNECT method to tunneling the https traffic I thought I can block the https sites with the transparent proxy. Here is my iptables rule for https: iptables -t nat -A PREROUTING -p TCP --dport 443 -j REDIRECT --to-port 3128 Here is my squid3 config file: http_port 3128 intercept url_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf url_rewrite_children 2 cache_mem 32 MB maximum_object_size 1 KB maximum_object_size_in_memory 32 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_dir aufs /var/spool/squid3 2048 128 1024 acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl net1 src 172.16.1.0/24 acl net2 src 172.16.2.0/24 acl net3 src 172.16.3.0/24 acl SSL_PORTS port 443 acl SAFE_PORTS port 21 acl SAFE_PORTS port 80 acl SAFE_PORTS port 443 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !SAFE_PORTS http_access deny CONNECT !SSL_PORTS http_access allow localhost http_access allow net1 http_access allow net2 http_access allow net3 http_access deny all Thanks for help! best regards, Michael Bob Proulx b...@proulx.com wrote: Sven Hartge wrote: Michael I. wrote: I tested around a bit with squid3+squidguard and I found out that the redirect works with the Internet Explorer (IE 11). Then I tested some other browser (firefox, chrome, ..) and with all the other browser the redirect didn't work. Be careful using browsers to test redirects because browsers strongly cache results. It causes endless confusion with people. The network wisdom is to test using tools such as wget and curl which don't cache and look at the headers for verification. wget -S -O/dev/null https://somesite.example.com/ The command line is preferred because it is a zillion times faster than exiting the browser and flushing the browser cache manually before every browser test. It avoids the possibility of a monkey testing mistake. Is there a bug in the Internet Explorer or is this because the IE handle https on an other way? Hard to guess since you never told us exactly what your configuration in squid3, squidguard and the browser is, what exactly you do to get a specific result (error page, redirected page, etc.). I immediately suspect browser caching a previous redirect since that has been a problem so many times before. Bob -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5513ee85.5060...@abwesend.de
Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs
Le Thu, 26 Mar 2015 12:15:44 +0100, Bernardo bernardo.s...@siorat.net a écrit : sftp bonjour, est il possible de faire un essai au travers de filezilla et de communiquer le résultat ? slt bernard -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/20150326123258.44b2af11.bernard.schoenac...@free.fr
Re: (FUERA DE TEMA) Lo del admin despedido
En lo de los abogados tienes parte de razon, cuando se meten los abogados la pregunta es quien tiene mas pillado al otro bando, porque sera quien ponga las condiciones. Esto ha pasado varias veces, creo que donde mas es en Estados Unidos, donde ha habido empresas relativamente grandes que han tenido que aceptar chantajes. Generalmente lo que piden es dinero, una cantidad elevada pero que la empresa se puede permitir. Pero en otras ocasiones han pedido trabajo poniendo ellos las condiciones, y la empresa ha tenido que aceptar. No es informacion que sea conocida de manera abierta porque a ninguna empresa le interesa que sus clientes o el publico en general sean ciertas cosas. El día 25 de marzo de 2015, 22:45, Angel Claudio Alvarez an...@angel-alvarez.com.ar escribió: El Wed, 25 Mar 2015 10:59:16 +0100 Altair Linux altairli...@gmail.com escribió: No se de que pais eres, yo estoy en Valencia (España). Buenos Aires, Argentina Yo creo que puede ser cierto, en españa las cosas estan como estan y depende de lo que tenga el tipo puede ser que a la subcontrata no le quede mas remedio que pasar por el aro. yo creo que no, porque las empresas no funcionan asi, no hacen beneficencia y no pagan costos tan altos como un infeliz admin que los amenace Si la empresa es chica , no va a incrementar sus costos de esta manera, porque con la crisis que hay en España dura 2 meses y tiene que cerrar Y si la empresa es grande, tiene un buen estudio de abogados que por las buenas o por las malas te hace desistir. Ademas tene en cuenta que el tipo es un admin, no es alguien especializado en manipular gente y aguantarse lo que venga, o alguien que no le tenga miedo a cosas pesadas Insisto es una leyenda urbana Tambien me encaja bastante con el modo de operar de cierto tipo de empresas. Si quieres ascender en la empresa debes demostrar que piensas como ellos, que apruebas lo que hacen, que haces las cosas como ellos quieren que se hagan, etc. Cuanta mas gente hay en una empresa, y sobretodo cuantos mas niveles de jerarquia hay, mas facil es que haya corrupcion en algun sitio. Ahi tenes el principal problema, la vida no es el trabajo, un ascenso se da , no se pide o se pelea por el. Hay mil cosas mas importantes que un ascenso. Jamas cambiaria mi forma de pensar por un ascenso, llevo mas de 30 años trabajando y lo que tengo me lo gane por mi capacidad, no por pensar igual que la empresa. He cambiado varias veces de trabajo y he tenido epocas duras,y muchas veces no trabaje de lo que me gustaba, incluso muchas veces trabaje en cualquier cosa. No hay excusas para entregar tus banderas. Un trabaj es solo un medio, la vida es otra cosa En españa eso de los sicarios no suele hacerse, es muy raro. Se suele decir que la mafia española es mas peligrosa que la mafia italiana, porque la española no necesita matar. Funciona a base de sobornos, chantajes, trafico de influencias, etc. Esto se ve mucho a niveles de empresas, cuando son mas o menos grandes, y sobretodo a niveles politicos Lo del sicario es un decir, pero te ponen un estudio de abogados (que son peores que los sicarios) que te peguen un buen susto, y si vos no tenes un sindicato que te proteja o simplemente no tenes calle enseguida te convencen para que te dejes de molestar Mira que en mi pais hemos pasado por epocas peores que las que Uds. estan pasando, pero lo importante en no doblegarse, ni dejarse llevar. saludos -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/ca+hdpf+ac83j2dh1svcoemkz_h_g65+zyvkpjjyjzmc+c...@mail.gmail.com -- Angel Claudio Alvarez an...@angel-alvarez.com.ar -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150325184506.4783482b311bb56a4a37c...@angel-alvarez.com.ar -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CA+HdPfK7RhU3o=APGtr2ksGPk=nklwk-qb_s24ho_0xcp_n...@mail.gmail.com
Re: Redirect HTTPS with Squid3+Squidguard
Michael I. linux-michae...@abwesend.de wrote: But I have a new problem, I want to have a transparent proxy for http this works fine but when I add the iptables rule for https the loading won't work. Of course not. That this is not working is the _whole point_ of any end-to-end encrypted connection. What you are effectivly trying to do is an Man-in-the-Middle attack. You cannot transparently proxy *any* encrypted connection without major trickery, like I wrote in my first mail. You would need a fake CA certificate (why this is a _very_ bad idea you just have to look at the latest CNNIC and MSC debacle: (sorry, German URL) https://www.psw-group.de/blog/cnnic-signiert-falsche-google-zertifikate/2112 or http://www.heise.de/security/meldung/Google-deckt-erneut-Missbrauch-im-SSL-Zertifizierungssystem-auf-2583414.html), and have your proxy terminate the end-to-end encryption by issuing a fake certificate on the fly, so that the client is satisfied and then create another new encrypted connection to the intended end-point. There _are_ security appliances out there which work in that way but they are considered _very_ *very* bad practice and should be avoided at all costs. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/11bg3gmtro...@mids.svenhartge.de
contribution possible ?
Bonjour, Je ne suis pas nouvel utilisateur de Debian mais je ne suis pas non plus un débutant. Là où je pourrais sans doute apporter pierre à l'édifice, ce serait au niveau des traductions. Je travaille et mon parc informatique fonctionne plutôt pas mal donc plutôt que de m'abrutir sur des tâches qui n'apporteront rien à personne, j'aimerais plutôt utiliser du temps pour des choses concrètes et qui serviront à des utilisateurs désireux d'utiliser des applications efficaces. A qui dois-je m'adresser et quand commencer ? Merci pour votre réponse. Hervé CHEDOT.
Re: contribution possible ?
Le Thu, Mar 26, 2015 at 01:03:23PM +0100, Hervé Chedot a écrit : Je ne suis pas nouvel utilisateur de Debian mais je ne suis pas non plus un débutant. Là où je pourrais sans doute apporter pierre à l'édifice, ce serait au niveau des traductions. [...] A qui dois-je m'adresser et quand commencer ? Bonjour Hervé il faut s'adresser à debian-l10n-fre...@lists.debian.org. Il y a aussi une documentation assez complète sur le site Debian à la page https://www.debian.org/international/french/. Amicalement, -- Charles Plessy Tsurumi, Kanagawa, Japon -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/20150326121908.ga8...@falafel.plessy.net
Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs
Bonjour, Bernardo bernardo.s...@siorat.net writes: - si je transfère le même fichier par sftp vers la machine distante, ça dure moins de 5 secondes ! c’est-à-dire, que fais-tu ? Si tu fais un cp ça réagit comment ? -- Raphaël Hypra S.A.S. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/87bnjfq4n3.fsf@mozart.musiciens
AW: Redirect HTTPS with Squid3+Squidguard
I agree 100% with Reco. Don't use technical Stuff to protect your children. Learn them to use their Brain, to protect their self. It's the most important thing, when u sit in front of a Computer. When u want to block adult content u have to block 80% of the entire visible web. And you will spend your evenings to make your blacklists up2date. Greetings Sascha -Ursprüngliche Nachricht- Von: Reco [mailto:recovery...@gmail.com] Gesendet: Donnerstag, 26. März 2015 13:52 An: debian-user@lists.debian.org Betreff: Re: Redirect HTTPS with Squid3+Squidguard Hi. On Thu, 26 Mar 2015 13:21:57 +0100 Peter Viskup skupko...@gmail.com wrote: Hi, just jumped into SSLBump/Split features some months ago. I don't find these features harmful. Especially when protecting your children from access of YouTube or other possibly harmful sites. Once you are logged with Google account they redirect your communication to https which makes the inspection not possible. The Squid's SSLBump/Split (whose name in latest version SslPeekAndSplice) is the only feature which will make the inspection happen. This means there are still some cases where this feature is very helpful and the only one freely available. If you're considering that spying on your own children is a good idea - I don't even know what to say. They solve such problems here by educating children, not limiting their internet access. Besides, if a child would really want to bypass such access control - he or she will find a way sooner or later (hint - a cellphone, for instance). The only good usage of SSL Bump in my book is reverse-engineering certain proprietary applications. Recp -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150326155150.246957029666332067526...@gmail.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/f6da57c02758bb41bf462233ad62bf9265836...@ex10mbox1e.hosting.inetserver.de
Re: Redirect HTTPS with Squid3+Squidguard
Without the SSL splitting the only option is to install some software on the client side. Some endpoint security software doing the inspection of the web data transfers on the fly before they pass the TLS tunnel. It's the same like SSL split on Squid, but let's say more transparent. Unfortunately I don't know any such software for Linux - all of those I know are for Windows as this OS has API for that spying. Can mention two for all of them: - Kaspersky Internet Security - Eset Endpoint Security These are my favorites, but there are other SWs available. The open source and best way to protect children is the proxy with SSLBump. Have a look on Untangle [1] for complete FW solution with the SSLBump feature. [1] www.untangle.com On Thu, Mar 26, 2015 at 2:04 PM, Michael I. linux-michae...@abwesend.de wrote: Sven Hartge s...@svenhartge.de wrote: Michael I. linux-michae...@abwesend.de wrote: But I have a new problem, I want to have a transparent proxy for http this works fine but when I add the iptables rule for https the loading won't work. Of course not. That this is not working is the _whole point_ of any end-to-end encrypted connection. What you are effectivly trying to do is an Man-in-the-Middle attack. All I want is to protect children of harmful content (adult content). You cannot transparently proxy *any* encrypted connection without major trickery, like I wrote in my first mail. You would need a fake CA certificate (why this is a _very_ bad idea you just have to look at the latest CNNIC and MSC debacle: (sorry, German URL) https://www.psw-group.de/blog/cnnic-signiert-falsche- google-zertifikate/2112 or http://www.heise.de/security/meldung/Google-deckt-erneut- Missbrauch-im-SSL-Zertifizierungssystem-auf-2583414.html), and have your proxy terminate the end-to-end encryption by issuing a fake certificate on the fly, so that the client is satisfied and then create another new encrypted connection to the intended end-point. There _are_ security appliances out there which work in that way but they are considered _very_ *very* bad practice and should be avoided at all costs. I don't want to fake a CA certificate because the danger. Is there any other way to block those sites? Maybe block the IPs in the firewall, but I think this is a big hassle? Grüße, Sven. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/551403f7.7080...@abwesend.de
Re: [OT] Tomcat SSL con geotrust EV multidomain
Ahora si, solucionado Me faltaba el paso de ha enviado Camaleón: https://www.geocerts.com/install/tomcat Mil gracias y un saludo. El día 23 de marzo de 2015, 19:19, Camaleón noela...@gmail.com escribió: El Mon, 23 Mar 2015 18:15:18 +0100, Sergio Villalba escribió: Voy avanzando.. (...) Cuando carga el https no dice típico mensaje Error de certificado...he seguido los pasos de la Web de Geotrust: https://www.geotrust.com/resources/extended-validation-ssl/installation- instructions.html#03 pero nada... Comprueba que no te hayas saltado ningún paso y que la generación del CSR y las claves es correcta, además de configurar el certificado intermedio: Install SSL Certificate Tomcat https://www.geocerts.com/install/tomcat Certificate Signing Request (CSR) Generation Instructions - Tomcat https://knowledge.geotrust.com/support/knowledge-base/index?page=contentid=AR897 Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.03.23.18.19...@gmail.com -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/ca+ylrtdx4bg8p9-+27c9a-wkvsgmnhdjlaud9gxhq+7tvyc...@mail.gmail.com
Re: Redirect HTTPS with Squid3+Squidguard
It's the way you look at. For me it's about prevention...your child can click on some link somewhere and see some pictures/videos which will remain in his/her mind (let's say) forever and can harm even if it was only seconds they were seen...I am speaking about children less than 15 years old...and even older children needs protection. On Thu, Mar 26, 2015 at 2:19 PM, Sascha Steinmann (adremes GmbH Co KG) steinm...@adremes.com wrote: I agree 100% with Reco. Don't use technical Stuff to protect your children. Learn them to use their Brain, to protect their self. It's the most important thing, when u sit in front of a Computer. When u want to block adult content u have to block 80% of the entire visible web. And you will spend your evenings to make your blacklists up2date. Greetings Sascha -Ursprüngliche Nachricht- Von: Reco [mailto:recovery...@gmail.com] Gesendet: Donnerstag, 26. März 2015 13:52 An: debian-user@lists.debian.org Betreff: Re: Redirect HTTPS with Squid3+Squidguard Hi. On Thu, 26 Mar 2015 13:21:57 +0100 Peter Viskup skupko...@gmail.com wrote: Hi, just jumped into SSLBump/Split features some months ago. I don't find these features harmful. Especially when protecting your children from access of YouTube or other possibly harmful sites. Once you are logged with Google account they redirect your communication to https which makes the inspection not possible. The Squid's SSLBump/Split (whose name in latest version SslPeekAndSplice) is the only feature which will make the inspection happen. This means there are still some cases where this feature is very helpful and the only one freely available. If you're considering that spying on your own children is a good idea - I don't even know what to say. They solve such problems here by educating children, not limiting their internet access. Besides, if a child would really want to bypass such access control - he or she will find a way sooner or later (hint - a cellphone, for instance). The only good usage of SSL Bump in my book is reverse-engineering certain proprietary applications. Recp -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150326155150.246957029666332067526...@gmail.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/f6da57c02758bb41bf462233ad62bf9265836...@ex10mbox1e.hosting.inetserver.de
Re: Redirect HTTPS with Squid3+Squidguard
Michael I. linux-michae...@abwesend.de wrote: Sven Hartge s...@svenhartge.de wrote: Michael I. linux-michae...@abwesend.de wrote: But I have a new problem, I want to have a transparent proxy for http this works fine but when I add the iptables rule for https the loading won't work. Of course not. That this is not working is the _whole point_ of any end-to-end encrypted connection. What you are effectivly trying to do is an Man-in-the-Middle attack. All I want is to protect children of harmful content (adult content). You have already lost. If you build walls around content you don't like, your children _will_ find ways of accessing it some other way. Besides, all younger children (younger than 12/14 years) I observed surfing the web don't have any direct interest in nudity anyway. And if they stumble upon such an image the reaction was eww, gross and a quick click on the Back-button. And older children, after starting puberty, already had several access methods for recreational pictures, mostly through friends. There is no way of protecting your children by technical means without going down a rabbit hole of problems and inconveniences. Educate them, supervise them. There is no other way. By building a STOP sign in front of things you only heighten the curiosity. If your children are too young, they shouldn't use the Internet without a parent (or other trusted person) present anyway. If they are old enough, you have to learn to trust them and exersice other disciplinary consequences if they do things they should not do. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/12bg3m53ro...@mids.svenhartge.de
Re: Redirect HTTPS with Squid3+Squidguard
Hi, just jumped into SSLBump/Split features some months ago. I don't find these features harmful. Especially when protecting your children from access of YouTube or other possibly harmful sites. Once you are logged with Google account they redirect your communication to https which makes the inspection not possible. The Squid's SSLBump/Split (whose name in latest version SslPeekAndSplice) is the only feature which will make the inspection happen. This means there are still some cases where this feature is very helpful and the only one freely available. -- Peter Viskup On Thu, Mar 26, 2015 at 12:58 PM, Sven Hartge s...@svenhartge.de wrote: Michael I. linux-michae...@abwesend.de wrote: But I have a new problem, I want to have a transparent proxy for http this works fine but when I add the iptables rule for https the loading won't work. Of course not. That this is not working is the _whole point_ of any end-to-end encrypted connection. What you are effectivly trying to do is an Man-in-the-Middle attack. You cannot transparently proxy *any* encrypted connection without major trickery, like I wrote in my first mail. You would need a fake CA certificate (why this is a _very_ bad idea you just have to look at the latest CNNIC and MSC debacle: (sorry, German URL) https://www.psw-group.de/blog/cnnic-signiert-falsche-google-zertifikate/2112 or http://www.heise.de/security/meldung/Google-deckt-erneut-Missbrauch-im-SSL-Zertifizierungssystem-auf-2583414.html), and have your proxy terminate the end-to-end encryption by issuing a fake certificate on the fly, so that the client is satisfied and then create another new encrypted connection to the intended end-point. There _are_ security appliances out there which work in that way but they are considered _very_ *very* bad practice and should be avoided at all costs. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/11bg3gmtro...@mids.svenhartge.de
Re: Redirect HTTPS with Squid3+Squidguard
Hi. On Thu, 26 Mar 2015 13:21:57 +0100 Peter Viskup skupko...@gmail.com wrote: Hi, just jumped into SSLBump/Split features some months ago. I don't find these features harmful. Especially when protecting your children from access of YouTube or other possibly harmful sites. Once you are logged with Google account they redirect your communication to https which makes the inspection not possible. The Squid's SSLBump/Split (whose name in latest version SslPeekAndSplice) is the only feature which will make the inspection happen. This means there are still some cases where this feature is very helpful and the only one freely available. If you're considering that spying on your own children is a good idea - I don't even know what to say. They solve such problems here by educating children, not limiting their internet access. Besides, if a child would really want to bypass such access control - he or she will find a way sooner or later (hint - a cellphone, for instance). The only good usage of SSL Bump in my book is reverse-engineering certain proprietary applications. Recp -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150326155150.246957029666332067526...@gmail.com
Re: SmartList's contact info
Title: Join Brewster Current City debian-user-catalan@lists.debian.org Mobile Number Confirm/Update for Robert Garrigos For your safety, this link expires in 48 hours Featured on: Your Contacts, Synced Anywhere Why did you receive this email? 11 East 4th St. #2F New York, NY 10003 Unsubscribe -- To UNSUBSCRIBE, email to debian-user-catalan-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5513f836d6a93_596d5049f5c387...@prod-rs-r10.ihost.brewster.com.mail
Re: Redirect HTTPS with Squid3+Squidguard
Sven Hartge s...@svenhartge.de wrote: Michael I. linux-michae...@abwesend.de wrote: But I have a new problem, I want to have a transparent proxy for http this works fine but when I add the iptables rule for https the loading won't work. Of course not. That this is not working is the _whole point_ of any end-to-end encrypted connection. What you are effectivly trying to do is an Man-in-the-Middle attack. All I want is to protect children of harmful content (adult content). You cannot transparently proxy *any* encrypted connection without major trickery, like I wrote in my first mail. You would need a fake CA certificate (why this is a _very_ bad idea you just have to look at the latest CNNIC and MSC debacle: (sorry, German URL) https://www.psw-group.de/blog/cnnic-signiert-falsche-google-zertifikate/2112 or http://www.heise.de/security/meldung/Google-deckt-erneut-Missbrauch-im-SSL-Zertifizierungssystem-auf-2583414.html), and have your proxy terminate the end-to-end encryption by issuing a fake certificate on the fly, so that the client is satisfied and then create another new encrypted connection to the intended end-point. There _are_ security appliances out there which work in that way but they are considered _very_ *very* bad practice and should be avoided at all costs. I don't want to fake a CA certificate because the danger. Is there any other way to block those sites? Maybe block the IPs in the firewall, but I think this is a big hassle? Grüße, Sven. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/551403f7.7080...@abwesend.de
Gnome troubleshooting after upgrading to stable
I recently upgraded, but my users are not able to log in. They get the ‘Oh no, something went wrong’ message. .xsession_errors of a new, clean user: /etc/gdm3/Xsession: Beginning session setup... localuser:t being added to access control list openConnection: connect: Arquivo ou diretório não encontrado cannot connect to brltty at :0 GNOME_KEYRING_CONTROL=/home/t/.cache/keyring-S4ZPso GPG_AGENT_INFO=/home/t/.cache/keyring-S4ZPso/gpg:0:1 GNOME_KEYRING_PID=436 GNOME_KEYRING_CONTROL=/home/t/.cache/keyring-S4ZPso GPG_AGENT_INFO=/home/t/.cache/keyring-S4ZPso/gpg:0:1 SSH_AUTH_SOCK=/home/t/.cache/keyring-S4ZPso/ssh GNOME_KEYRING_CONTROL=/home/t/.cache/keyring-S4ZPso GPG_AGENT_INFO=/home/t/.cache/keyring-S4ZPso/gpg:0:1 SSH_AUTH_SOCK=/home/t/.cache/keyring-S4ZPso/ssh GNOME_KEYRING_CONTROL=/home/t/.cache/keyring-S4ZPso GPG_AGENT_INFO=/home/t/.cache/keyring-S4ZPso/gpg:0:1 SSH_AUTH_SOCK=/home/t/.cache/keyring-S4ZPso/ssh Initializing tracker-store... Creating config directory:'/home/t/.config/tracker' Tracker-Message: Setting up monitor for changes to config file:'/home/t/.config/tracker/tracker-store.cfg' Tracker-Message: Setting up monitor for changes to config file:'/home/t/.config/tracker/tracker-store.cfg' Could not open log:'/home/t/.local/share/tracker/tracker-store.log', Arquivo ou diretório não encontrado All logging will go to stderr Starting log: File:'/home/t/.local/share/tracker/tracker-store.log' x-session-manager[377]: WARNING: Failed to start app: Unable to start application: Falha ao executar processo filho gcm-apply (Arquivo ou diretório não encontrado) Initializing tracker-miner-fs... Tracker-Message: Setting up monitor for changes to config file:'/home/t/.config/tracker/tracker-miner-fs.cfg' Starting log: File:'/home/t/.local/share/tracker/tracker-miner-fs.log' Failed to play sound: File or data not found ** Message: applet now removed from the notification area ** Message: applet now embedded in the notification area Aviso do gerenciador de janelas: CurrentTime used to choose focus window; focus window may not be correct. Aviso do gerenciador de janelas: Got a request to focus the no_focus_window with a timestamp of 0. This shouldn't happen! (gnome-shell:473): Cogl-WARNING **: X Error received while making drawable 0x00E0001B current Aviso do gerenciador de janelas: Log level 8: _shell_embedded_window_unrealize: assertion `SHELL_IS_EMBEDDED_WINDOW (window)' failed ** Message: Stopping applet secret agent because GNOME Shell appeared (gnome-settings-daemon:435): PackageKit-WARNING **: couldn't parse execption 'GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._pk_5ftransaction_5ferror.Code4: GetDistroUpgrades not supported by backend', please report (gnome-settings-daemon:435): updates-plugin-WARNING **: failed to get upgrades: GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._pk_5ftransaction_5ferror.Code4: GetDistroUpgrades not supported by backend (gnome-settings-daemon:435): PackageKit-WARNING **: couldn't parse execption 'GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._pk_5ftransaction_5ferror.Code4: GetDistroUpgrades not supported by backend', please report (gnome-settings-daemon:435): updates-plugin-WARNING **: failed to get upgrades: GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._pk_5ftransaction_5ferror.Code4: GetDistroUpgrades not supported by backend Aviso do gerenciador de janelas: Log level 8: _shell_embedded_window_unrealize: assertion `SHELL_IS_EMBEDDED_WINDOW (window)' failed .xsession-errors (END) How can I troubleshoot it? Thanks in advance! -- skype:leandro.gfc.dutra?chat Yahoo!: ymsgr:sendIM?lgcdutra +55 (61) 3546 7191 gTalk: xmpp:leand...@jabber.org +55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803 BRAZIL GMT−3 MSN: msnim:chat?contact=lean...@dutra.fastmail.fm -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cafqwws7dh1_l-qsfzajr8zk46b35r5u3sw-okp5eu2eupoe...@mail.gmail.com
Re: trouble installing Debian testing/jessie
On 20150325_1530-0400, mizuki wrote: Hi, Since Mar 10th, I seem to have trouble installing Debian testing on a virtual machine or a physical machine, always fails at step 'Partition disk' with partman, it complains: The attempt to mount a file system with type ext4 in SCSI1(0,0,0), partition #1 (sda) at / failed. You may resume partitioning from the partitioning menu. This happens during a netboot through a manual installation or preseed, using 'regular' or 'raid' method with partman-auto, and doesn't matter what recipe I'm using, 'atomic' or expert-recipe, always hit this error, Does anyone have the same experince, can anyone advice? Thanks! Mizuki HI, Mizuki, I also have experienced this problem, but in a different environment. The most recent version of netinst that I have used successfully is: debian-jessie-DI-b1-i386-netinst.iso CDs since then have allowed me to go through the motions of setting up partitions, but fail repeatedly to actually write the new stuff onto the physical HD, for me. My research of this problem has not been exhaustive, and I couldn't believe I hadn't done something wrong, and I intended to go back and check on the more recent CD after I fixed the problem that forced me to try installing from scratch. Until reading your email, I was pretty sure I would discover some mistake that I had been making with the newer CDs. I haven't completed rebuild of my system, yet, So all I can say is 'I feel your pain.' Kind regards, -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150327021643.gb15...@big.lan.gnu
Re: Planning a new Debian box!
On Thu, Mar 26, 2015 at 09:09:28PM -0600, Paul E Condon wrote: ...some BIOS code that blocks copying a backup copy of Win7 in a hidden partition on HD... Now, see? That's some hardcore M$ crap right there! Thas what I'm talkin 'bout! To get rid of this hidden partition, you will have to use dd to overwrite it with zero bytes. I don't see (yet) that I must get rid of it. I don't care a fig about pure Debian. Am I wrong? BUT, if it (said nefarious hidden partition) is going to come back and bite me my grubs later, then I might begin to feel differently about that crummy old no-good M$ hidden partition. Will it do that? After that, you have a pure Debian box or...if you don't succeed in getting Debian installed you have a oddly shaped boat anchor. I am already well stocked with odd boat anchors thank you very much. It takes a small act of congress for me to convince my local town recycling mafiosi to actually pick them up if I manage to heave them onto the sidewalk. IMHO, it is definitely *not* a no-brainer. If there's anything that can be said about this Friday night's debian-user crowd, it is that there are very few no-brainers among us. I detect rather a few big brains out there. You know who you are! You might, instead, investigate buy a new SATA drive, maybe larger than the one containing Win7 and install the new SATA. How soon can you get a check to me? I may be wrong in all these points... Now, sir, you are clearly an honest man for saying that. Mencken was reputed to sign off on letters in which he had no particular interest (nor in their authors) like so: You may be right, (Thanks *all*) -- Bob Bernstein -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150327035526.ga28...@sixtiessurvivor.org
Re: Planning a new Debian box!
On 20150326_1551-0400, Bob Bernstein wrote: Shortly I will become the owner of a refurbished Dell with Win7 already on its 160g sata hard drive. I have no need or use for a multi-OS multi-boot machine. I only want wheezy on this for now. Question: can I entrust to the Debian installer the task of repartitioning and formatting the HD with all that Windoze cruft already on it? Or, are there steps I ought to take prior to launching the installer, perhaps involving other disk tools? I don't trust what M$ puts on hard drives! TIA Debian peeps! -- These are not the droids you are looking for. Others have already advised making a restore disk of Win7. My experience is that refurb Dells with Win7 installed come with a restore disk. *BUT a big caveat: The supplied 'restore disk' does not actually contain a copy of the system. What it does is bypass some BIOS code that blocks copying a backup copy of Win7 in a hidden partition on HD and also patch into the newly restored Win7 certain things that are looked for by code in the boot RAM that let a normal, to the Microsoft world, boot. To get rid of this hidden partition, you will have to use dd to overwrite it with zero bytes. After that, you have a pure Debian box, or as a friend of mine who told me about this, it you don't succeed in getting Debian installed you have a oddly shaped boat anchor. IMHO, it is definitely *not* a no-brainer. You might, instead, investigate buy a new SATA drive, maybe larger than the one containing Win7 and install the new SATA. Check the facts, as best you can. Low price larger SATA drives that I have seen on the web seem all to be refurb HDD. I may be wrong in all these points: Caveat Emptor. -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150327030928.gc15...@big.lan.gnu
Re: Redirect HTTPS with Squid3+Squidguard
Sven Hartge s...@svenhartge.de wrote: Michael I. linux-michae...@abwesend.de wrote: Sven Hartge s...@svenhartge.de wrote: Michael I. linux-michae...@abwesend.de wrote: But I have a new problem, I want to have a transparent proxy for http this works fine but when I add the iptables rule for https the loading won't work. Of course not. That this is not working is the _whole point_ of any end-to-end encrypted connection. What you are effectivly trying to do is an Man-in-the-Middle attack. All I want is to protect children of harmful content (adult content). You have already lost. If you build walls around content you don't like, your children _will_ find ways of accessing it some other way. Besides, all younger children (younger than 12/14 years) I observed surfing the web don't have any direct interest in nudity anyway. And if they stumble upon such an image the reaction was eww, gross and a quick click on the Back-button. And older children, after starting puberty, already had several access methods for recreational pictures, mostly through friends. This are not my children, the filter is used for a school. The filter is used for prevention. I am totally on your side, children at home need trust but in school the teacher can't look on all computers. So I need a filter, the filter mustn't block all adult content, but when I block 70% of all the adult content this is better as nothing. There is no way of protecting your children by technical means without going down a rabbit hole of problems and inconveniences. Educate them, supervise them. There is no other way. By building a STOP sign in front of things you only heighten the curiosity. If your children are too young, they shouldn't use the Internet without a parent (or other trusted person) present anyway. In school the computer is getting more and more used. If they are old enough, you have to learn to trust them and exersice other disciplinary consequences if they do things they should not do. As I said, in private usage I am totally on your said. Grüße, Sven. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55143c62.5010...@abwesend.de
Re: Redirect HTTPS with Squid3+Squidguard
On Thu, 26 Mar 2015 08:49:37 -0500, John Hasler wrote: Why don't you just get rid of the computers? I tried that route one time ... got looked at like I had 7 heads for even suggesting that the kids go back to textbooks and paper. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/mf1f4o$qp1$1...@ger.gmane.org
Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs
Le Thu, 26 Mar 2015 18:33:07 +0100, Bernardo bernardo.s...@siorat.net a écrit : Le 26/03/2015 17:46, Bernard Schoenacker a écrit : Le Thu, 26 Mar 2015 15:12:23 +0100, Bernardo bernardo.s...@siorat.net a écrit : bonjour, essaye de faire un rsync à travers ssh : http://archive.oreilly.com/pub/h/38 slt bernard Ça fonctionne : 25 s pour le transfert... Mais qu'en conclure ? Quand ça ne passe pas par le gestionnaire de fichiers ça fonctionne, mais que si le gestionnaire est thunar ça rame ? bonjour, pour thunar essayes de voir ce qui est installé ? je pense à gvfs xfce4-goodies et autres : apt-cache search thunar thunar-dropbox-plugin - context-menu items from dropbox for Thunar gtkhash-common - common files for gtkhash extensions thunar-gtkhash - thunar extension for computing checksums and more using gtkhash libthunarx-2-0 - extension library for thunar libthunarx-2-dev - Development files for libthunarx thunar-data - Provides thunar documentation, icons and translations thunar-dbg - debugging information for thunar thunar-archive-plugin - Archive plugin for Thunar file manager thunar-vcs-plugin - VCS plugin for Thunar file manager xfce4-places-plugin - quick access to folders, documents and removable media thunar - Gestionnaire de fichiers pour Xfce thunar-media-tags-plugin - greffon de gestion d'étiquettes de média pour le gestionnaire de fichiers Thunar thunar-volman - extension de Thunar pour la gestion des volumes xfce4-goodies - extensions pour l'environnement de bureau Xfce4 slt bernard -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/20150326184635.053c38d0.bernard.schoenac...@free.fr
Re: Proxy en Google Earth
El Thu, 26 Mar 2015 14:29:09 -0300, Javier ArgentinaBBAR escribió: El día 26 de marzo de 2015, 14:18, Camaleón noela...@gmail.com escribió: El Thu, 26 Mar 2015 13:33:49 -0300, Javier ArgentinaBBAR escribió: (...) Por lo que la pregunta es: ¿Alguno sabe cómo configurar a googleearth para adicionarle en algún lugar las variables de proxy? La configuración del programa no tienen ninguna opción al respecto. He buscado en la red, y la solución que presentan es la de cargar variables de proxy al entorno de consola y ejecutarlo desde allí, cosa que ya tengo resuelta. (...) Prueba a configurar el proxy desde las opciones del entorno gráfico que uses (KDE). Ya está hecho, no funciona para googleearth, sí para todos los navegadores. Si GE no respeta la variable de entorno de KDE, mal asunto... intenta añadir al comando que lanza el archivo .desktop la opción que te funciona cuando lo ejecutas desde línea de comandos, p. ej.: env HTTP_PROXY=http://localhost:3128 /ruta/a/googleearth Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.03.26.17.46...@gmail.com
Re: Redirect HTTPS with Squid3+Squidguard
Hi. On Thu, 26 Mar 2015 16:48:00 +0100 Peter Viskup skupko...@gmail.com wrote: Hello Reco, On Thu, Mar 26, 2015 at 4:13 PM, Reco recovery...@gmail.com wrote: Hi. And just as well child can see a naughty picture on TV. Or a phone ad. Or a magazine/newspaper. Anywhere, once you start thinking about it. And that's just sad, disturbingly and one of the main reasons of so many people facing porn addiction. No. The only possibly depressing thing about it are the ones who abuse basic human instincts to sell goods. Or rather the fact that said ones do not face consequences of their actions. Whenever an arbitrary picture is a 'porn' or not is in the eye of the beholder. Whatever damage is done depends on child's state of mind, which is influenced by his/her prior education. Which, for the most part, should be (IMO) provided by parents first, and society (friends, school, whatever) - second. First would recommend you to read something about the psychology of children. I have two children, so I speak from my own experience with them. Now, how many children do you have? And internet censorship is not a substitute of education. The only thing that censorship can teach is how to workaround it. Or that one's parents are complete insert_some_profanity_here. Is that how you want your children to perceive you? From this point of view all aspects of parenting are censorship. It's not about the government internet censorship - differentiate between parenting and freedom protection and well - I didn't tell the education is not needed. No, this is there you've got it wrong. It's one thing if parent explicitly forbids child to do something as it implies human interaction. It's another thing if parent relies on some inanimate object (say, Squid proxy server) to force an arbitrary restriction. And forcing the child to accept surveillance or censorship in such early age may cause an actual damage as in turn it may cause child to accept surveillance or censorship (provided by government or employer) as a normal thing in the future. Of course, there're worse things that can be done with children, such as introducing them to the social networks ;) Besides, what's up with this 15 years mark? Just as an example - no other meaning, everybody can choose its own number. ;-) Last time they choose a number in China - they build The Great Chineese Firewall for everyone. Every time they choose a number on a Middle East - they usually ban everything short of a couple of 'approved' sites. Last time they choose a number in England they effectively banned 3/4 of Internet. Unless you opt out and mark yourself as a CP consumer, or so I heard. On a bright side of things, last time they choose a number in Russia - a number had choosen them :) So, careful with the numbers, as they carry power. My last sentence to this thread - read The Little Prince a lot and once you will understand what's all this about probably and then you will be ready for reading Citadelle. Yes - I know - too much pathetic for somebody... Read first one about 20 years ago as a part of my school education actually. I don't feel the need to re-read it yet. I don't recall reading a second one though. But, in return I'd like to recommend reading '1984' novel by George Orwell. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150326194704.0e5b8dcf4690b42a010a5...@gmail.com
Re: Proxy en Google Earth
El día 26 de marzo de 2015, 13:49, fernando sainz fernandojose.sa...@gmail.com escribió: El día 26 de marzo de 2015, 17:33, Javier ArgentinaBBAR javier.debian.bb...@gmail.com escribió: Buenas tardes a todos: Éste es uno de esos tantos ejercicios para pensar que me regala Debian día a día. Tengo acceso a internet detrás de un proxy corporativo. He adicionado a mi archivo ~/.bashrc las siguientes líneas: #Exportando el Proxy CNTLM escuchando en puerto 3128. export http_proxy=http://localhost:3128 export https_proxy=${http_proxy} export ftp_proxy=${http_proxy} para que acceda al proxy que es controlado a su vez por CNTLM. A resultas de esto, tengo $ env|grep prox http_proxy=http://localhost:3128 ftp_proxy=http://localhost:3128 https_proxy=http://localhost:3128 Todo anda muy bien... hasta que no anda alguna cosa. Si desde una consola en escritorio gráfico ejecuto la orden $ googleearth el programa inicia sin problemas. Ahora bien, si a googleearth lo invoco desde el menú desplegable o del inicio rápido (Alt+F2), no accede al proxy, a pesar que las variables del sistema KDE apuntan al servidor CNTLM. Todo otro programa que usa internet, hasta ahora funciona sin inconvenientes. CREO que el problema es que, invocando a googleearth por el menú, hace que no lea las variables de proxy, las cuales sí son leídas cuando es a través de consola gráfica. Por lo que la pregunta es: ¿Alguno sabe cómo configurar a googleearth para adicionarle en algún lugar las variables de proxy? La configuración del programa no tienen ninguna opción al respecto. He buscado en la red, y la solución que presentan es la de cargar variables de proxy al entorno de consola y ejecutarlo desde allí, cosa que ya tengo resuelta. Muchas gracias JAP El proxy eres tu mismo? localhost ? Si exportas una variable en el .bashrc solo es visible desde donde se ejecuta ese script, antiguamente para que una variable afectara a los entornos gráficos se exportaba en el /etc/environment S2. Fernando: Lo bueno de los viejos es que nos acordamos de las cosas que se hacían a pulmón He creado un archivo /etc/environment, sobre el que he cargado las siguientes líneas: # /etc/environment # Variables de entorno disponible para todos los usuarios #Exportando el Proxy CNTLM escuchando en puerto 3128. export http_proxy=http://localhost:3128 export https_proxy=${http_proxy} export ftp_proxy=${http_proxy} Y la cosa funciona de perlas. GoogleEarth ahora no tiene inconvenientes para funcionar, no importa de dónde se lo invoque. Me sirvió mucho esta página: https://help.ubuntu.com/community/EnvironmentVariables específicamente la parte que dice System-wide environment variables A suitable file for environment variable settings that affect the system as a whole (rather than just a particular user) is/etc/environment. An alternative is to create a file for the purpose in the /etc/profile.d directory. /etc/environment This file is specifically meant for system-wide environment variable settings. It is not a script file, but rather consists of assignment expressions, one per line. Muchas gracias. JAP P.D.: No sé cómo agregarle SOLUCIONADO al Asunto desde el cliente web de GMail. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAG0od5dZ3_KP=_4jqodmhp8rha6i3trupphfp1yp17oxpko...@mail.gmail.com
Re: Proxy en Google Earth
El jueves, 26 mar 2015, a las 17:33 UTC+1 horas, Javier ArgentinaBBAR escribió: Buenas tardes a todos: Éste es uno de esos tantos ejercicios para pensar que me regala Debian día a día. Tengo acceso a internet detrás de un proxy corporativo. He adicionado a mi archivo ~/.bashrc las siguientes líneas: #Exportando el Proxy CNTLM escuchando en puerto 3128. export http_proxy=http://localhost:3128 export https_proxy=${http_proxy} export ftp_proxy=${http_proxy} para que acceda al proxy que es controlado a su vez por CNTLM. A resultas de esto, tengo $ env|grep prox http_proxy=http://localhost:3128 ftp_proxy=http://localhost:3128 https_proxy=http://localhost:3128 Todo anda muy bien... hasta que no anda alguna cosa. Si desde una consola en escritorio gráfico ejecuto la orden $ googleearth el programa inicia sin problemas. Ahora bien, si a googleearth lo invoco desde el menú desplegable o del inicio rápido (Alt+F2), no accede al proxy, a pesar que las variables del sistema KDE apuntan al servidor CNTLM. Todo otro programa que usa internet, hasta ahora funciona sin inconvenientes. .bashrc es leído por bash cuando inicia un intérprete _interactivo_, así que dudo que KDE lo lea. Consulta el manual de bash en lo referente a profile para ver dónde puedes colocar esas variables de ambiente para que sea accesible a toda la sesión de usuario sin fastidiar a bash. Saludos. -- Manolo Díaz -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150326175053.62574...@gmail.com
Re: Proxy en Google Earth
El día 26 de marzo de 2015, 18:05, Javier ArgentinaBBAR javier.debian.bb...@gmail.com escribió: El día 26 de marzo de 2015, 13:49, fernando sainz fernandojose.sa...@gmail.com escribió: El día 26 de marzo de 2015, 17:33, Javier ArgentinaBBAR El proxy eres tu mismo? localhost ? Sí, porque la autenticación la maneja http://cntlm.sourceforge.net/ Me ahorra dolores de cabeza. Si exportas una variable en el .bashrc solo es visible desde donde se ejecuta ese script, antiguamente para que una variable afectara a los entornos gráficos se exportaba en el /etc/environment Ése es el problema. No sé dónde meter una configuración de proxy que afecte a programas de entorno gráfico cuyo origen no estén integrados al escritorio, como este caso KDE. S2. Como te digo, en mis tiempos eso se hacía en el /etc/environment Prueba a exportar ahí las variables y reiniciar el escritorio. S2. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAGw=rhia3ae_qwddp-9wqcrmrbgpwouwrn_tbxzobhwbu1h...@mail.gmail.com
Re: Proxy en Google Earth
El día 26 de marzo de 2015, 17:33, Javier ArgentinaBBAR javier.debian.bb...@gmail.com escribió: Buenas tardes a todos: Éste es uno de esos tantos ejercicios para pensar que me regala Debian día a día. Tengo acceso a internet detrás de un proxy corporativo. He adicionado a mi archivo ~/.bashrc las siguientes líneas: #Exportando el Proxy CNTLM escuchando en puerto 3128. export http_proxy=http://localhost:3128 export https_proxy=${http_proxy} export ftp_proxy=${http_proxy} para que acceda al proxy que es controlado a su vez por CNTLM. A resultas de esto, tengo $ env|grep prox http_proxy=http://localhost:3128 ftp_proxy=http://localhost:3128 https_proxy=http://localhost:3128 Todo anda muy bien... hasta que no anda alguna cosa. Si desde una consola en escritorio gráfico ejecuto la orden $ googleearth el programa inicia sin problemas. Ahora bien, si a googleearth lo invoco desde el menú desplegable o del inicio rápido (Alt+F2), no accede al proxy, a pesar que las variables del sistema KDE apuntan al servidor CNTLM. Todo otro programa que usa internet, hasta ahora funciona sin inconvenientes. CREO que el problema es que, invocando a googleearth por el menú, hace que no lea las variables de proxy, las cuales sí son leídas cuando es a través de consola gráfica. Por lo que la pregunta es: ¿Alguno sabe cómo configurar a googleearth para adicionarle en algún lugar las variables de proxy? La configuración del programa no tienen ninguna opción al respecto. He buscado en la red, y la solución que presentan es la de cargar variables de proxy al entorno de consola y ejecutarlo desde allí, cosa que ya tengo resuelta. Muchas gracias JAP El proxy eres tu mismo? localhost ? Si exportas una variable en el .bashrc solo es visible desde donde se ejecuta ese script, antiguamente para que una variable afectara a los entornos gráficos se exportaba en el /etc/environment S2. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAGw=rhgj-2rk0izskny-gacl8ar5uvis-y45wffhmrayojq...@mail.gmail.com
Re: Proxy en Google Earth
El día 26 de marzo de 2015, 13:49, fernando sainz fernandojose.sa...@gmail.com escribió: El día 26 de marzo de 2015, 17:33, Javier ArgentinaBBAR El proxy eres tu mismo? localhost ? Sí, porque la autenticación la maneja http://cntlm.sourceforge.net/ Me ahorra dolores de cabeza. Si exportas una variable en el .bashrc solo es visible desde donde se ejecuta ese script, antiguamente para que una variable afectara a los entornos gráficos se exportaba en el /etc/environment Ése es el problema. No sé dónde meter una configuración de proxy que afecte a programas de entorno gráfico cuyo origen no estén integrados al escritorio, como este caso KDE. S2. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAG0od5cqgPyXAS4Sqc44H3ncR98PviWF929=qod2rkm2kgt...@mail.gmail.com
Re: Proxy en Google Earth
El día 26 de marzo de 2015, 18:12, fernando sainz fernandojose.sa...@gmail.com escribió: El día 26 de marzo de 2015, 18:05, Javier ArgentinaBBAR javier.debian.bb...@gmail.com escribió: El día 26 de marzo de 2015, 13:49, fernando sainz fernandojose.sa...@gmail.com escribió: El día 26 de marzo de 2015, 17:33, Javier ArgentinaBBAR El proxy eres tu mismo? localhost ? Sí, porque la autenticación la maneja http://cntlm.sourceforge.net/ Me ahorra dolores de cabeza. Si exportas una variable en el .bashrc solo es visible desde donde se ejecuta ese script, antiguamente para que una variable afectara a los entornos gráficos se exportaba en el /etc/environment Ése es el problema. No sé dónde meter una configuración de proxy que afecte a programas de entorno gráfico cuyo origen no estén integrados al escritorio, como este caso KDE. S2. Como te digo, en mis tiempos eso se hacía en el /etc/environment Prueba a exportar ahí las variables y reiniciar el escritorio. S2. Perdón pero la sintaxis no es export variable en este fichero, es simplemente: http_proxy=http://localhost:3128 S2. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAGw=rHjVQFBYvmRHEZ+UryJY7HD=bxkpn3btad5jcva0kdv...@mail.gmail.com
Proxy en Google Earth
Buenas tardes a todos: Éste es uno de esos tantos ejercicios para pensar que me regala Debian día a día. Tengo acceso a internet detrás de un proxy corporativo. He adicionado a mi archivo ~/.bashrc las siguientes líneas: #Exportando el Proxy CNTLM escuchando en puerto 3128. export http_proxy=http://localhost:3128 export https_proxy=${http_proxy} export ftp_proxy=${http_proxy} para que acceda al proxy que es controlado a su vez por CNTLM. A resultas de esto, tengo $ env|grep prox http_proxy=http://localhost:3128 ftp_proxy=http://localhost:3128 https_proxy=http://localhost:3128 Todo anda muy bien... hasta que no anda alguna cosa. Si desde una consola en escritorio gráfico ejecuto la orden $ googleearth el programa inicia sin problemas. Ahora bien, si a googleearth lo invoco desde el menú desplegable o del inicio rápido (Alt+F2), no accede al proxy, a pesar que las variables del sistema KDE apuntan al servidor CNTLM. Todo otro programa que usa internet, hasta ahora funciona sin inconvenientes. CREO que el problema es que, invocando a googleearth por el menú, hace que no lea las variables de proxy, las cuales sí son leídas cuando es a través de consola gráfica. Por lo que la pregunta es: ¿Alguno sabe cómo configurar a googleearth para adicionarle en algún lugar las variables de proxy? La configuración del programa no tienen ninguna opción al respecto. He buscado en la red, y la solución que presentan es la de cargar variables de proxy al entorno de consola y ejecutarlo desde allí, cosa que ya tengo resuelta. Muchas gracias JAP -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAG0od5cqdBic=BjyWgiBvhepfgR=9zvF6=zuhodxcdan+du...@mail.gmail.com
Re: Redirect HTTPS with Squid3+Squidguard
Michael I. linux-michae...@abwesend.de wrote: This are not my children, the filter is used for a school. Aha, important information. Do not proceed any further with breaking encrypted connections or, for the matter, transparently proxiing _any_ connections until you had a talk with a) the Justitiar and b) the Datenschutz- und Datensicherheitsbeauftragten responsible for your school. You may already be in trouble if you did not announce what you are doing. You really really need to talk to those two people before taking any further steps. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/14bg43uqro...@mids.svenhartge.de
Re: Proxy en Google Earth
El día 26 de marzo de 2015, 14:18, Camaleón noela...@gmail.com escribió: El Thu, 26 Mar 2015 13:33:49 -0300, Javier ArgentinaBBAR escribió: (...) Por lo que la pregunta es: ¿Alguno sabe cómo configurar a googleearth para adicionarle en algún lugar las variables de proxy? La configuración del programa no tienen ninguna opción al respecto. He buscado en la red, y la solución que presentan es la de cargar variables de proxy al entorno de consola y ejecutarlo desde allí, cosa que ya tengo resuelta. (...) Prueba a configurar el proxy desde las opciones del entorno gráfico que uses (KDE). Saludos, -- Camaleón Ya está hecho, no funciona para googleearth, sí para todos los navegadores. -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAG0od5eTNp=to-2gzcmdmbsd+05dzyzclww-hddje2ocqb-...@mail.gmail.com
Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs
Le Thu, 26 Mar 2015 15:12:23 +0100, Bernardo bernardo.s...@siorat.net a écrit : Le 26/03/2015 14:17, Raphaël POITEVIN a écrit : Bonjour, Bernardo bernardo.s...@siorat.net writes: - si je transfère le même fichier par sftp vers la machine distante, ça dure moins de 5 secondes ! c’est-à-dire, que fais-tu ? je tape une commande : sftp monlo...@machine.tld:/repdist monfichier J'ai aussi essayé, sur le conseil de Bernard avec filezilla, toujours en sftp bien sûr, et ça fonctionne correctement. À noter pour l'histoire que tous les clients ne sont pas pareils : gftp met aussi 15 min pour transférer le fichier... Si tu fais un cp ça réagit comment ? le fichier passe en une grosse minute bonjour, essaye de faire un rsync à travers ssh : http://archive.oreilly.com/pub/h/38 slt bernard -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/20150326174631.556d37da.bernard.schoenac...@free.fr
Re: Redirect HTTPS with Squid3+Squidguard
Hello, for private usage I am think a filter isn't good, children need trust and a filter is the opposite of trust. But in usage for a school I think a filter is better, a teacher can't look on all computers. The kids are trying out thinks in school which is good but when nobody is there to explain the things that they are see, this isn't good. My target isn't to block all adult content, but when I block 60% of all adult content this is still better as nothing. Greetings, Michael Reco recovery...@gmail.com wrote: Hi. On Thu, 26 Mar 2015 16:48:00 +0100 Peter Viskup skupko...@gmail.com wrote: Hello Reco, On Thu, Mar 26, 2015 at 4:13 PM, Reco recovery...@gmail.com wrote: Hi. And just as well child can see a naughty picture on TV. Or a phone ad. Or a magazine/newspaper. Anywhere, once you start thinking about it. And that's just sad, disturbingly and one of the main reasons of so many people facing porn addiction. No. The only possibly depressing thing about it are the ones who abuse basic human instincts to sell goods. Or rather the fact that said ones do not face consequences of their actions. Whenever an arbitrary picture is a 'porn' or not is in the eye of the beholder. Whatever damage is done depends on child's state of mind, which is influenced by his/her prior education. Which, for the most part, should be (IMO) provided by parents first, and society (friends, school, whatever) - second. First would recommend you to read something about the psychology of children. I have two children, so I speak from my own experience with them. Now, how many children do you have? And internet censorship is not a substitute of education. The only thing that censorship can teach is how to workaround it. Or that one's parents are complete insert_some_profanity_here. Is that how you want your children to perceive you? From this point of view all aspects of parenting are censorship. It's not about the government internet censorship - differentiate between parenting and freedom protection and well - I didn't tell the education is not needed. No, this is there you've got it wrong. It's one thing if parent explicitly forbids child to do something as it implies human interaction. It's another thing if parent relies on some inanimate object (say, Squid proxy server) to force an arbitrary restriction. And forcing the child to accept surveillance or censorship in such early age may cause an actual damage as in turn it may cause child to accept surveillance or censorship (provided by government or employer) as a normal thing in the future. Of course, there're worse things that can be done with children, such as introducing them to the social networks ;) Besides, what's up with this 15 years mark? Just as an example - no other meaning, everybody can choose its own number. ;-) Last time they choose a number in China - they build The Great Chineese Firewall for everyone. Every time they choose a number on a Middle East - they usually ban everything short of a couple of 'approved' sites. Last time they choose a number in England they effectively banned 3/4 of Internet. Unless you opt out and mark yourself as a CP consumer, or so I heard. On a bright side of things, last time they choose a number in Russia - a number had choosen them :) So, careful with the numbers, as they carry power. My last sentence to this thread - read The Little Prince a lot and once you will understand what's all this about probably and then you will be ready for reading Citadelle. Yes - I know - too much pathetic for somebody... Read first one about 20 years ago as a part of my school education actually. I don't feel the need to re-read it yet. I don't recall reading a second one though. But, in return I'd like to recommend reading '1984' novel by George Orwell. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55143f60.3060...@abwesend.de
Re: Proxy en Google Earth
El Thu, 26 Mar 2015 13:33:49 -0300, Javier ArgentinaBBAR escribió: (...) Por lo que la pregunta es: ¿Alguno sabe cómo configurar a googleearth para adicionarle en algún lugar las variables de proxy? La configuración del programa no tienen ninguna opción al respecto. He buscado en la red, y la solución que presentan es la de cargar variables de proxy al entorno de consola y ejecutarlo desde allí, cosa que ya tengo resuelta. (...) Prueba a configurar el proxy desde las opciones del entorno gráfico que uses (KDE). Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.03.26.17.18...@gmail.com
Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs
Le 26/03/2015 17:46, Bernard Schoenacker a écrit : Le Thu, 26 Mar 2015 15:12:23 +0100, Bernardo bernardo.s...@siorat.net a écrit : bonjour, essaye de faire un rsync à travers ssh : http://archive.oreilly.com/pub/h/38 slt bernard Ça fonctionne : 25 s pour le transfert... Mais qu'en conclure ? Quand ça ne passe pas par le gestionnaire de fichiers ça fonctionne, mais que si le gestionnaire est thunar ça rame ? -- Cordialement, Bernardo. Cet après-midi, j'ai décadé ferme. En faisant du sténopé avec du papier baryté comme surface sensible. On fait un concours de décadence? -+- Jean-Marc, sur fr.rec.photo -+- -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/551442d3.9090...@siorat.net
Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs
Salut à tous, La question qu'il faut se poser c'est le type de cipher, la compression built-in du serveur ssh etc forcement liés au travail du CPU. Il faudrait voir certaines RFC et ce qu'il y a dans le coeur des moteurs graphiques (poser la question sur les forums de ces projets peut-etre ?) Par exemple, un tar over ssh ou rsync est plus performant qu'un transfert sftp (dans mes environnements de dev) J'ai eu ces questionnements dans des environnements pro c'est plutot ces points qu'il faut explorer @+ On 03/26/2015 06:33 PM, Bernardo wrote: Le 26/03/2015 17:46, Bernard Schoenacker a écrit : Le Thu, 26 Mar 2015 15:12:23 +0100, Bernardo bernardo.s...@siorat.net a écrit : bonjour, essaye de faire un rsync à travers ssh : http://archive.oreilly.com/pub/h/38 slt bernard Ça fonctionne : 25 s pour le transfert... Mais qu'en conclure ? Quand ça ne passe pas par le gestionnaire de fichiers ça fonctionne, mais que si le gestionnaire est thunar ça rame ? -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/5514450b.9070...@gmail.com
Re: contribution possible ?
Le Thu, 26 Mar 2015 13:20:01 +0100, Charles Plessy a écrit : Je ne suis pas nouvel utilisateur de Debian mais je ne suis pas non plus un débutant. Là où je pourrais sans doute apporter pierre à l'édifice, ce serait au niveau des traductions. [...] A qui dois-je m'adresser et quand commencer ? moi ce ne serait pas pour traduire mais aider à mettre à jour un paquet qui n'a plus de contributeur (lyx date de 2012). Pas de trouvaille cohérente sur le canard. Surtout comment faire pour voir si c'est de mon niveau. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/551441e1$0$3009$426a7...@news.free.fr
Re: Redirect HTTPS with Squid3+Squidguard
On 26 March 2015 at 14:18, Reco recovery...@gmail.com wrote: Then it's even worse that I thought. I don't know about Germany, but where I live tampering with public communications is considered a criminal offense. I strongly suggest you to seek a legal advice before doing anything like SSL bump. Just out of curiosity where do you live? As MITM proxies in school/business seem to be pretty common in the US and the UK. Cheers, -- Michael Graham ooberm...@gmail.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cac2svhxmebn0utn0h+nv2xw4ad5t4mr-6qovlv4aes7wyqs...@mail.gmail.com
Planning a new Debian box!
Shortly I will become the owner of a refurbished Dell with Win7 already on its 160g sata hard drive. I have no need or use for a multi-OS multi-boot machine. I only want wheezy on this for now. Question: can I entrust to the Debian installer the task of repartitioning and formatting the HD with all that Windoze cruft already on it? Or, are there steps I ought to take prior to launching the installer, perhaps involving other disk tools? I don't trust what M$ puts on hard drives! TIA Debian peeps! -- These are not the droids you are looking for. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/alpine.NEB.2.20.3.1503261546260.13675@cbbonu.ybpnyqbznva
Re: Planning a new Debian box!
Yes, all tools you need to formatting is included in the iso. /M On 26 Mar 2015 21:03, Bob Bernstein poo...@ruptured-duck.com wrote: Shortly I will become the owner of a refurbished Dell with Win7 already on its 160g sata hard drive. I have no need or use for a multi-OS multi-boot machine. I only want wheezy on this for now. Question: can I entrust to the Debian installer the task of repartitioning and formatting the HD with all that Windoze cruft already on it? Or, are there steps I ought to take prior to launching the installer, perhaps involving other disk tools? I don't trust what M$ puts on hard drives! TIA Debian peeps! -- These are not the droids you are looking for. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/alpine.NEB.2.20.3. 1503261546260.13675@cbbonu.ybpnyqbznva
Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs
Hello, Le 26/03/2015 12:15, Bernardo a écrit : Bonjour, je suis en Debian Sid à jour, avec Xfce. Je monte un répertoire d'une machine distante avec sshfs et fuse. sshfs monlo...@sshfs.machine.tld:/repdist /point de montage -o idmap=user -o uid=1000 -o gid=1000 Il apparait bien dans la liste des périphériques dans le gestionnaire de fichier Thunar. Le problème : - si je fais un glisser/déposer d'un fichier de 15 Mo vers ce périphérique, le transfert va durer environ 15 min ! - si je transfère le même fichier par sftp vers la machine distante, ça dure moins de 5 secondes ! En gros : en graphique, ça rame, en console, ça passe. Sans aucune certitude, mais est-ce que tu peux tester avec l'outil Gigolo pour effectuer ton montage SSH/SFTP ? (me semble t'il qu'il a été spécialement prévu pour XFCE/Thunar) J'effectue quotidiennement des transferts de fichiers via SSH avec et je suis pleine bourre sur le débit. @+ Christophe. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/55146147.5090...@stuxnet.org
Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs
Hello, Le 26/03/2015 20:22, Erwan David a écrit : Il est possible de faire du ssh sans chiffrement (juste pour l'authentification, multiplexage, etc) Mais il faut recompiler client et serveur pour ajouter le cipher NONE. Ça perd pas un peu de son intérêt du coup ? @+ Christophe. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/55146151.50...@stuxnet.org
Re: Redirect HTTPS with Squid3+Squidguard
On 3/26/15 12:42 PM, Michael Graham wrote: On 26 March 2015 at 14:18, Reco recovery...@gmail.com wrote: Then it's even worse that I thought. I don't know about Germany, but where I live tampering with public communications is considered a criminal offense. I strongly suggest you to seek a legal advice before doing anything like SSL bump. Just out of curiosity where do you live? As MITM proxies in school/business seem to be pretty common in the US and the UK. I bet your proxy firewall does it too. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5514618b.2070...@queernet.org
Re: Debian et autonomie...
Bonjour, 6h30 d'autonomie, oui, mais dans quelle condition ? Avec quelle OS ? Quel type de profil de gestion d'énergie, etc..., etc... Après il faut aussi voir les réglages (possibles ?) dans le bios. Pour mon Thinkpad X201 j'ai des paramètres pour la gestion de l'énergie sur batterie ou secteur dans le bios, c'est utile pour définir des règles simples d'économie d'énergie. Ensuite, étant un adepte d'Openbox et XFCE, je recommande ce genre d'environnement ultra léger pour une économie d'énergie maximale. (+ désactiver le compositer) Enfin, comme il a été cité plutôt il faut aussi voir ce qui tourne comme services et démons sur ta machine. Voir ce qui est utile ou pas. Éventuellement désactiver des périphériques pas toujours utiles comme les adaptateurs bluetooth et wifi. Personnellement sans wifi, bluetooth et les services minimum je peux travailler sur batterie environ 3 heures sur un portable qui a déjà quelques années. Les applications telles que Icedove ou Evolution consomment pas mal d'énergie ne serait-ce que pour, par exemple, mettre à jour les boîtes mail et flux rss tous les x minutes. (Préférer mutt et newsbeuter avec une synchro manuelle peut-être ?) Les gros navigateurs tels que Icedove, Opera, Chrome Co sont gourmands aussi, par exemple avec du java, flash co... (Pour des recherches sur duckduckgo.com, préférer w3m peut-être ?) Toutes les pistes sont bonnes à explorer, mais en soit Debian est un OS très peu gourmand en ressources (certainement moins gourmand qu'une solution Microsoft). Mais encore une fois tout dépend de l'environnement et des applications utilisés... Pour finir je dirais qu'une autonomie de 2-3 heures avec du VLC qui lit de la vidéo durant tout ce temps, ça me paraît assez raisonnable. Salutations Grégory Reinbold Le 26/03/2015 18:16, Olivier a écrit : Il aurait été intéressant de mesurer l'autonomie réelle du PC, dans des conditions analogues, avec son OS d'origine. Elle est peut-être très comparable. Il existe peut-être des logiciels multi-plateformes spécialisés sur la mesure de l'autonomie. Cela faciliterai les comparaisons. Le 23 mars 2015 14:16, David BERCOT deb...@bercot.org a écrit : Bonjour, J'ai récemment changé d'ordinateur portable et, sur la fiche de celui-ci, l'autonomie annoncée était d'environ 6h30. Sitôt reçu, j'ai supprimé le système installé pour y mettre Debian. Or, mes premiers essais montrent une autonomie tournant plutôt aux alentours de 2h... Certes, avec VLC pour regarder des vidéos, mais avec le wifi désactivé. Maintenant, il me manque peut-être certains choix qui pourraient augmenter mon autonomie. Auriez-vous des idées ? Ou alors, de process particuliers que je devrais supprimer quand mon portable n'est pas branché sur secteur... Tant que j'y suis, j'ai un comportement bizarre avec VLC (mais c'est la même chose avec Totem) : mes vidéos (HD ou pas) sont saccadées... Or, je suis passé d'une ancienne génération de Core i7 à un tout nouveau Core i5 Broadcom... C'est ma carte Intel qui fait le travail car j'ai des soucis avec l'AMD... Bref, merci d'avance pour les pistes à explorer... David. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/20150323141638.673a8bab@debian-david -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/5514665c.7020...@nosheep.fr
Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs
On 03/26/2015 12:15 PM, Bernardo wrote: Je monte un répertoire d'une machine distante avec sshfs et fuse. sshfs monlo...@sshfs.machine.tld:/repdist /point de montage -o idmap=user -o uid=1000 -o gid=1000 - si je fais un glisser/déposer d'un fichier de 15 Mo vers ce périphérique, le transfert va durer environ 15 min ! Bonjour Normal que cela prenne plus de temps, sshfs crypte les données et c'est même pour cela qu'on l'utilise. NFS est plus rapide. -- Maderios -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/55145a62.1010...@gmail.com
Re: Why no security update of apache2 concerning SSLv3?
On 2015-03-20 12:13:12 -0400, Gene Heskett wrote: On Friday 20 March 2015 08:45:13 Vincent Lefevre wrote: No, it is not commented out. ./etc/apache2/mods-available/ssl.conf in apache2.2-common_2.2.22-13+deb7u4_amd64.deb contains: ^^ SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 Call me confused. And I do run my own web page from this machine. URL in sig. First, there is no ~./etc/apache2/mods-available/ssl.conf, but there is a /etc/apache2/mods-available/ssl.conf I was mentioning the file in the .deb package. It is ./etc/apache2/mods-available/ssl.conf (no tilde). But since it is normally installed as relative to / you obtain: /etc/apache2/mods-available/ssl.conf -- Vincent Lefèvre vinc...@vinc17.net - Web: https://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: https://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150326162102.ga23...@ypig.lip.ens-lyon.fr
Re: ayuda: Por erro formatee home
El jueves, 26 mar 2015, a las 19:45 UTC+1 horas, Carlos Carcamo escribió: Saludos, necesito ayuda urgente :/ Ahora sin querer instale una nueva distro y queria compartir el /home, una vez lo hice y fue facil, pero ahora no se que paso y manjaro me formateo la particion /home borrandome mi carpeta de usuario de debian, a pesar que le puse un usuario diferente a manjaro, creo que fue por seleccionar el punto de montaje en /home a la hora de particionar e instalar. En fin ahora perdi mis datos, ya no puedo iniciar session en debian con mi usuario, que puedo hacer? puedo recuperar los datos? o al menos puedo montar el nuevo /home y crear la carpeta para que debian configure de nuevo mi cuenta de usuario? saludos y gracias de antemano. Compartir /home puede que no sea una buena idea. Ahí van también los ficheros de configuración para cada usuario de las aplicaciones. A veces esos ficheros cambian con la versión de la aplicación, y empiezan los problemas. Si no has cambiado nada en Debian, la partición seguirá montándose. Solo necesitas crear (tendrás que usar root) la carpeta home de usuario y poner a este como su propietario. Saludos. -- Manolo Díaz -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150326195845.05a2c...@gmail.com
Re: ayuda: Por erro formatee home
El jueves, 26 mar 2015, a las 19:58 UTC+1 horas, Manolo Díaz escribió: Solo necesitas crear (tendrás que usar root) la carpeta home de usuario y poner a este como su propietario. Bueno, y copiar los ficheros de /etc/skel/ como si se creara un nuevo usuario. Son ficheros ocultos: comienzan por punto. Si vas a intentar la recuperación de datos, no hagas nada de esto y sigue los consejos de Gonzalo. -- Manolo Díaz -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150326201157.7fdc3...@gmail.com
ayuda: Por erro formatee home
Saludos, necesito ayuda urgente :/ Ahora sin querer instale una nueva distro y queria compartir el /home, una vez lo hice y fue facil, pero ahora no se que paso y manjaro me formateo la particion /home borrandome mi carpeta de usuario de debian, a pesar que le puse un usuario diferente a manjaro, creo que fue por seleccionar el punto de montaje en /home a la hora de particionar e instalar. En fin ahora perdi mis datos, ya no puedo iniciar session en debian con mi usuario, que puedo hacer? puedo recuperar los datos? o al menos puedo montar el nuevo /home y crear la carpeta para que debian configure de nuevo mi cuenta de usuario? saludos y gracias de antemano. -- El desarrollo no es material es un estado de conciencia mental -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cadptsta8npf-uha7qcu+z5w3xyz4q0qqlbwe8rzez+hjmez...@mail.gmail.com
Re: ayuda: Por erro formatee home
El 26 de marzo de 2015, 15:45, Carlos Carcamo eazyd...@gmail.com escribió: Saludos, necesito ayuda urgente :/ Ahora sin querer instale una nueva distro y queria compartir el /home, una vez lo hice y fue facil, pero ahora no se que paso y manjaro me formateo la particion /home borrandome mi carpeta de usuario de debian, a pesar que le puse un usuario diferente a manjaro, creo que fue por seleccionar el punto de montaje en /home a la hora de particionar e instalar. En fin ahora perdi mis datos, ya no puedo iniciar session en debian con mi usuario, que puedo hacer? puedo recuperar los datos? o al menos puedo montar el nuevo /home y crear la carpeta para que debian configure de nuevo mi cuenta de usuario? antes de seguir rompiendo cosas dd if=/dev/particion rota of=/ruta/a/otro/disco/que/tendra/la/imagen photorec (o testdisk, siempre los confundo) y trabajar sobre esa copia saludos y gracias de antemano. -- El desarrollo no es material es un estado de conciencia mental -- enviado desde el webmail de gmail sin hacer top-posting y en texto plano. Porque puedo. (O eso creo :þ) -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/capqjqdtw_nbk7rcdxrwgaa4gxqbdhkel5je+vbnrlj5vpri...@mail.gmail.com
Re: Redirect HTTPS with Squid3+Squidguard
Michael Graham wrote: Reco wrote: Ow. Exactly which kind of consumer-grade hardware comes with SSL bump preinstalled? That's very interesting to me as I like know which hardware to avoid in the future. It's way more common than you seem to think. CERT recently did a blog post about it and it contains a list of both hardware vendors (like Bloxx and bluecoat) as well as commercial and free software. http://www.cert.org/blogs/certcc/post.cfm?EntryID=221 Basically if you're selling a web filter or similar security device, you let admins bump SSL. There are certainly many products that one can buy that do SSL inspection. No one is saying otherwise. That wasn't the question. But are any of those commonly used consumer devices? If someone walks into Fries or Best Buy and spends less than $100 for a home firewall router such as a Linksys, Netgear, D-Link then I doubt it is going to crack open SSL. I doubt they do because doing so would require additional CAs to be installed on user's tablets and other systems downstream and that requires too much support and hand-holding. Most users would be immediately confused, would consider the device broken, would return it without ever knowing that were making the right decision of avoiding it but without ever understanding the details. Therefore consumer devices aren't going to go there. Given how easy it is for those same admins to push the fake SSL CAs out over active directory group policy it's pretty much transparent to most naive users who don't understand the difference between https and http never mind trying to explain a MITM proxy with a fake root CA! Agreed in the corporate environments. They have control over the users equipment. They often require and issue employees with company laptops. For that type of environment they can do anything. The warning is clear. Don't use your company laptop for your non-work anything. It isn't secure. Use your own computer, laptop, tablet, phone for your banking and anything that needs security. Bob signature.asc Description: Digital signature
Re: Planning a new Debian box!
On 03/26/2015 04:38 PM, Patrick Bartek wrote: Shortly I will become the owner of a refurbished Dell with Win7 already on its 160g sata hard drive. I have no need or use for a multi-OS multi-boot machine. I only want wheezy on this for now. I hated dual-boot -- getting it working was painful enough. But constantly rebooting and switching OS's to get something useful done was a PITA. Hot-swap bays and multiple drives eliminates the first problem (and simplifies imaging, backups, restores, and other administrative chores; I recommend it). Multiple computers with one O/S each is best. On Thu, 26 Mar 2015, Bob Bernstein wrote: Make a Restore disk of W7 anyway. Get the codes, etc. You never know: You may need to put W7 back on it. +1 -- photograph the COA sticker, write down the code, create an archival copy of the installation disc, verify the copy boots, and store copies off-site. On 03/26/2015 04:38 PM, Patrick Bartek wrote: Or, are there steps I ought to take prior to launching the installer, Write down all the BIOS settings. Take a binary image of the raw HDD and store a copy off-site. Buy a power supply tester and test the power supply. Download memtest86+, burn it to media, and run it for 24 hours: http://www.memtest.org/ Download your disk drive manufacturer's diagnostic tool set, burn it to media, and run all available tests. For example: http://www.seagate.com/support/downloads/item/seatools-dos-master/ On 03/26/2015 04:38 PM, Patrick Bartek wrote: Question: can I entrust to the Debian installer the task of repartitioning and formatting the HD with all that Windoze cruft already on it? The Debian installer is a powerful tool and can do many things (partitioning, RAID, volume management, encryption, file systems, etc.), but not all (notably ZFS). The noob approach is to let the installer do things automatically. On Thu, 26 Mar 2015, Bob Bernstein wrote: Do it right, the first time. 1. Doing it right is a matter of experience. 2. Experience is a matter of doing it wrong. Assuming this is a hobbyist machine, I'd say go for it. I've discovered that the Debian installer can install Debian onto SanDisk Ultra Fit USB 3.0 flash drives and that they work as bootable system drives. A 16 GB model runs for ~$11. I suggest that you disconnect the HDD, get one of those flash drives, and play with that. Once things stabilize and you start using the machine for real work, you'll want to take a binary image of the system drive, implement a backup system for your data, and store copies off-site. David -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5514aa48.2050...@holgerdanske.com
Re: Redirect HTTPS with Squid3+Squidguard
Peter Viskup skupko...@gmail.com wrote: It's the way you look at. For me it's about prevention...your child can click on some link somewhere and see some pictures/videos which will remain in his/her mind (let's say) forever and can harm even if it was only seconds they were seen...I am speaking about children less than 15 years old...and even older children needs protection. [citation needed]. I don't know where this came from, but this is a phrase I hear and read very often: Oh, a picture of a nude woman will cause harm to my child. Younger children don't understand nudity and the badness, associated with it by the adult world and its social norms. Older children, after hitting puberty, are of course interested in such stuff, because this belongs to the process of growing up. But there is no technical way of shielding a curious 15-year old from finding nude pictures on the web without switching network access off as a whole. Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/13bg3mppro...@mids.svenhartge.de
Re: Redirect HTTPS with Squid3+Squidguard
Why don't you just get rid of the computers? -- John Hasler jhas...@newsguy.com Elmwood, WI USA -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87y4mjswb2@thumper.dhh.gt.org
Bug lubuntu
Fala pessoal, olha o que eu peguei no lubuntu. operador@lab:/var/www/www.loja.meudominio.intranet$ pwd /var/www/www.loja.meudominio.intranet operador@lab:/var/www/www.loja.meudominio.intranet$ ls -l ../ total 16 drwxr-xr-x 2 www-data www-data 4096 Mar 18 16:46 html drwxrwxr-x 2 www-data www-data 4096 Mar 26 10:33 www.loja.meudominio.intranet drwxrwxr-x 3 www-data www-data 4096 Mar 18 23:45 www.phpmyadmin.meudominio.intranet drwxrwxr-x 3 www-data www-data 4096 Mar 16 15:50 www.wiki.meudominio.intranet operador@lab:/var/www/www.loja.meudominio.intranet$ whoami operador operador@lab:/var/www/www.loja.meudominio.intranet$ !mkdir mkdir public_html mkdir: é impossível criar o diretório “public_html”: Permissão negada operador@lab:/var/www/www.loja.meudominio.intranet$ cat /etc/passwd |grep -i data www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin operador@lab:/var/www/www.loja.meudominio.intranet$ cat /etc/group |grep -i data www-data:x:33:operador operador@lab:/var/www/www.loja.meudominio.intranet$ -- Atenciosamente, Rodrigo da Silva Cunha
Re: Redirect HTTPS with Squid3+Squidguard
rog...@queernet.org wrote: Michael Graham wrote: As MITM proxies in school/business seem to be pretty common in the US and the UK. I bet your proxy firewall does it too. I bet not! I think you are confusing https with http. We are talking about https here not http. And even then I don't know of any consumer grade firewalls that configure an http proxy by default. Those tend to only be in industrial grade systems for larger sites for bigger companies and campuses. I bet you are thinking of those http proxies. In regards to this when I am setting up a web form I always set up the form using https now. I have too many times had to deal with broken company proxies that mangled http POST data. I could name names but I would be violating confidentiality agreements. I saw one that was so broken with mangled POST data that I couldn't believe it was working for anyone for anything. Wow it was bad. Not to mention the normal mundane problems routinely seen of stale cached pages and so forth that everyone runs into sometime. Having been hurt before I now only use https for any web form entry even trivial stuff not needing security or privacy. I now use https specifically to avoid broken http proxies in between user and server. So far I haven't yet run into anyone with a fake CA MITM proxy in between yet. But I am sure it will happen eventually. Bob signature.asc Description: Digital signature
Re: hola como puedo conseguir documentacion kali linux
Hola. El 26 de marzo de 2015, 13:34, Juan Carlos Betancourt ju...@disaic.cu escribió: saludos amigos necesito conseguir algun documento pequeno pero factible para este software que me dicen reemplaza a backtrack pues me dicen que es la version moderna saben cuales son sus mejoras y caracteristicas en pc . https://www.kali.org/official-documentation/ Si no tienes acceso a internet avísame qué necesitas y te lo envío. Saludos gracias -- Juan Lavieri Errar es de humanos, pero es mas humano culpar a los demás.
Wifi compatibility
Hi there. I have a Toshiba Satellite S50-B-131. Is my wifi driver supported? Thanks in advance.
Re: Wifi compatibility
On Thu 26 Mar 2015 at 19:45:27 +, Ricardo Cardante wrote: Hi there. I have a Toshiba Satellite S50-B-131. Is my wifi driver supported? Thanks in advance. Definitely. Get back to us when you have set it up successfully. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/26032015195312.c7add9f87...@desktop.copernicus.demon.co.uk
Re: Wifi compatibility
Ricardo Cardante ricardocarda...@gmail.com writes: Hi there. I have a Toshiba Satellite S50-B-131. Is my wifi driver supported? Thanks in advance. I don't have one but some looking online suggests that it has the Intel AC 3160 which should work if you install firmware-iwlwifi from non-free, and a newer kernel like jessie's. -- Mark -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87twx7k002@ixod.org
magazine printing
Hi, good day! We are Candidus Printing from Shenzhen, China specialized in book, magazine, catalog printing, good qua1ity and ha1f c0st. For a quick inquiry please reply with size, how many pages, color, stock, quantity, will send quotation at first time.:) Sorry for the disturb. Best regards! :-) -- HE Yong (Leo) cost-effective considerate printing service, all at: SHENZHEN CANDIDUS PRINTING www.candidusprint.com TEL: +86-755-33073344 Cell: +86-13510244214 Skype: rainbowprinting QQ:446504458
Re: create /etc/udev/rules.d/70-persistent-net.rules
Christoph Pleger wrote: I want to boot a computer from network by PXE, with an NFS filesystem as root fs, install a basic system on the local disk and then boot the computer from the disk. After booting from disk, the names of the network interfaces should be the same as before with the NFS root. So, I thought that I can simply copy /etc/udev/rules.d/70-persistent-net.rules from my NFS root into the directory ${TARGET}//etc/udev/rules.d/, where $TARGET becomes / later on the local disk. But unfortunately, that file is not created when booting from network, so it cannot be copied. On my NFS diskless client the 70-persistent-net.rules *is* created and updated when booting. Therefore your strategy would work in my environment. In my diskless boot environment my 70-persistent-net.rules file would grow and grow and grow as I booted different hardware if I didn't actively prune it. Therefore I ask, why doesn't it get created in your NFS boot environment? Are you actively preventing it from being created? (Note that Raspbian for the pi actively prevents it.) Other related ideas: After you have PXE booted your NFS diskless client you will know the ethernet address of your network device. That would allow you to differentiate the different NICs from each other later. Read through the /lib/udev/write_net_rules script and see how you can drive it as you desire. Bob signature.asc Description: Digital signature
Re: Problem with accessing external USB HDD
Bret Busby wrote: I have an external USB HDD connected to a system running Debian 6 LTS. I don't really have any great contribution. But since no one else seems to have any good response I will contribute what I know. I have never had good luck with USB connected hard drives. They work for a while. But then invariably they get dropped offline. It might be 3-6 months between events. But for me they just are not reliable. In the past I have tried very hard to use them as system disks. Now I consider that something to avoid. I still use USB disks as large floppies. They are still great for being large temporary data stores for holding and moving data between machines. But only when connected for short term use. Reading your problems just reinforces this belief. [On the other hand USB network devices have been rock solid for me. Meaning that while I avoid USB disks I actively use USB networking on several machines to add additional NICs. I am planning another site using additional USB NICs. It is probably hardware dependent but they have been working great for me regardless of the opposite for disks. And I have three sites using USB sound cards very robustly.] I have tried to transfer data from the desktop intenal HDD, to the external USB HDD. The file manager shows as being Nautilus 2.30.1. I read by your message that you are a graphical desktop user. That's fine. But for transfering large amounds of data the command line tools such as rsync are the best in class. I wouldn't even consider trying to use nautilus or other graphical file managers for this type of task. I would highly recommend using rsync. Even if for you it means a stretch to get off of the mouse and over to the keyboard. The best advantage of tools such as rsync is that it is interruptable and restartable with a minimum of lost effort. I may be 1G into a 3G transfer and want to stop it, change something, and restart it again. With a normal copy that would mean copying the original data again. With rsync it means it will examine what needs to be done and be able to continue the copy using the already transfered data as done and moving forward. rsync -avP /from/here/dir-or-file /to/there/dir/ From time to time, as in this instance, I forget (until too late) that Debian 6 can not cope with transferring data more than about 1GB at a time; in this instance, I had tried to transfer about 3GB, to make room in my /home partition. Knowing how flaky USB disks interfaces tend to be I think this is most likely a hardware problem. Doesn't change your situation. But I think it blames the right thing to blame. In any case I have definitely copied gigs and gigs of data to and from USB disks. It can be very good to make large data sets portable on a portable USB drive. My complaints usually happen after the disk has been in active use as a system device for a month and then it goes offline. The transfer had seized up, after transferring about 1.1GB of the 3.2GB that I had tried to ransfer, so, after a couple of days of it apparently doing nothing, I stopped it, and, as the system monitor showed a system load of around 43 (whatever that means - if it was as a percentage of system capacity, it could be more meaningful, to me). The system monitor currently shows a system load average of about 35. Let me give a short explanation of system load. Which is almost impossible to say briefly so forgive me in advance for leaving out important parts, saying half of it wrong, and still saying too much. The concept is the important part here. First there is no set capacity. There isn't a cap such as 5 or 10 or 100. Therefore there isn't a way to say what percentage of your system is being used by any particular system load. But it is an important indicator of system status and health. A load of 35 or 43 are both very high system loads! The operating system process scheduler schedules processes to run. A process ready to run is queued into the run queue. If the process is calculating PI to a zillion decimal places then it is going to use 100% of the cpu until it has consumed its time slice and suspended to give the next process time to run. If there are no other proceses then the cpu will be given back to this process and the cpu will continue to be 100% utilized forever. But what about processes reading and writing to the disk drive or network? In computer speed spinning disk drives are slow. In computer speeds networks are slow. Web servers are slow. Say that your web browser sends an http GET request to a web site. It then must wait for the response. Your web browser is ready to run. But it can't. It is waiting for external events return. It is blocked waiting for I/O. While it is waiting the OS will schedule another process to run. If there is another process ready it will get cpu. It may also be waiting for the disk drive to spin and return data. Or spin and complete a data write. The OS will
Re: Redirect HTTPS with Squid3+Squidguard
Hi. On Thu, 26 Mar 2015 12:44:11 -0700 rog...@queernet.org wrote: On 3/26/15 12:42 PM, Michael Graham wrote: On 26 March 2015 at 14:18, Reco recovery...@gmail.com wrote: Then it's even worse that I thought. I don't know about Germany, but where I live tampering with public communications is considered a criminal offense. I strongly suggest you to seek a legal advice before doing anything like SSL bump. Just out of curiosity where do you live? As MITM proxies in school/business seem to be pretty common in the US and the UK. I bet your proxy firewall does it too. Ow. Exactly which kind of consumer-grade hardware comes with SSL bump preinstalled? That's very interesting to me as I like know which hardware to avoid in the future. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150327001748.eaa74ebe2f99c62bd4623...@gmail.com
Re: Redirect HTTPS with Squid3+Squidguard
Hi. On Thu, 26 Mar 2015 18:18:24 +0100 Michael I. linux-michae...@abwesend.de wrote: Hello, for private usage I am think a filter isn't good, children need trust and a filter is the opposite of trust. But in usage for a school I think a filter is better, a teacher can't look on all computers. The kids are trying out thinks in school which is good but when nobody is there to explain the things that they are see, this isn't good. My target isn't to block all adult content, but when I block 60% of all adult content this is still better as nothing. Then it's even worse that I thought. I don't know about Germany, but where I live tampering with public communications is considered a criminal offense. I strongly suggest you to seek a legal advice before doing anything like SSL bump. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150326211809.aad7927f50fb15745e446...@gmail.com
Re: Redirect HTTPS with Squid3+Squidguard
Reco recovery...@gmail.com wrote: On Thu, 26 Mar 2015 18:18:24 +0100 Michael I. linux-michae...@abwesend.de wrote: for private usage I am think a filter isn't good, children need trust and a filter is the opposite of trust. But in usage for a school I think a filter is better, a teacher can't look on all computers. The kids are trying out thinks in school which is good but when nobody is there to explain the things that they are see, this isn't good. My target isn't to block all adult content, but when I block 60% of all adult content this is still better as nothing. Then it's even worse that I thought. I don't know about Germany, but where I live tampering with public communications is considered a criminal offense. I strongly suggest you to seek a legal advice before doing anything like SSL bump. It is not very different for Germany either. I moved the lawyery bits to private mail because I don't want to bore the list to death with it and talking about rules and regulations is easier in the native tongue ;) Grüße, Sven. -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/15bg47m3ro...@mids.svenhartge.de
hola como puedo conseguir documentacion kali linux
saludos amigos necesito conseguir algun documento pequeno pero factible para este software que me dicen reemplaza a backtrack pues me dicen que es la version moderna saben cuales son sus mejoras y caracteristicas en pc . gracias
Re: trouble installing Debian testing/jessie
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/25/2015 12:30 PM, mizuki wrote: The attempt to mount a file system with type ext4 in SCSI1(0,0,0), partition #1 (sda) at / failed. You may resume partitioning from the partitioning menu. I've never had this problem and honestly have no idea what would cause it. Try manually formatting/clearing the entire harddisk first (using a live cd or something) or maybe run fdisk to make sure you dont have any hardware issues. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJVFJNiAAoJEORnMHMHY2FrQbwP/A6udZTsgcFBEj51uu2q27Wo PioCgLRAuRkm/6OxkiPkyrHdmlwpdiQEbQQEW3vkmB1yXDKetX54jyZHwPpokAyw Qth3aR47JmWeii/e4jrs5HLFJemBw34zIrUELnpE91w8fOtcJGB1GNCkMSQdA6LL WiLKDkRA5iIGXUBC0LTqWJMt0ihnz21uM7Mkp4NBKRd6DB0nKakLKRkjvJlSOyGo aNN6/coI9RYvkOJH6VbUz8Ce48Ccd9rKvZYRl05qABxyIc1v0ZQivMsEw3HklW+3 sIGOhHt+JeFiC3flrWzKWMfKhKaaNTbHP812160sVj9zEbOpSeiziQloHu9or2LY BmroxFIYXOKs4KkDTfpXSGKoG5DxoNDDpEZBmIP1oluhjS8vPbRJmv2/PRFfeaxc CREAidTThcuFyDf3Jf24te0L9guwWxkgju5NW1vT+MczSBYYst1gmEM1ijyGAXhO 7jvtsl0G+YXuPrvkMnu4vV6EzgHFgBTSDggMCvMWmGpD6rn9WRghth4sSNEIaDok V07eSttNJG57+IJPlnwwkujTealdSI1tHahSDezNH+MFxu/1krJEZxhLw5YQhKfN 0g/ew5OoG6dBsMh/gpnYwTPhPD4/OhQkLbrMqjAu8SVePmwWvEJMJrjnqO+hmSrq SiTMcuu3m5dd7x9w6U4W =+Qkh -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55149362.8050...@gmail.com
Re: Redirect HTTPS with Squid3+Squidguard
On Thu, 26 Mar 2015 17:18 Reco recovery...@gmail.com wrote: Hi. On Thu, 26 Mar 2015 12:44:11 -0700 rog...@queernet.org rog...@queernet.org wrote: On 3/26/15 12:42 PM, Michael Graham wrote: On 26 March 2015 at 14:18, Reco recovery...@gmail.com wrote: Then it's even worse that I thought. I don't know about Germany, but where I live tampering with public communications is considered a criminal offense. I strongly suggest you to seek a legal advice before doing anything like SSL bump. Just out of curiosity where do you live? As MITM proxies in school/business seem to be pretty common in the US and the UK. I bet your proxy firewall does it too. Ow. Exactly which kind of consumer-grade hardware comes with SSL bump preinstalled? That's very interesting to me as I like know which hardware to avoid in the future. It's way more common than you seem to think. CERT recently did a blog post about it and it contains a list of both hardware vendors (like Bloxx and bluecoat) as well as commercial and free software. http://www.cert.org/blogs/certcc/post.cfm?EntryID=221 Basically if you're selling a web filter or similar security device, you let admins bump SSL. Given how easy it is for those same admins to push the fake SSL CAs out over active directory group policy it's pretty much transparent to most naive users who don't understand the difference between https and http never mind trying to explain a MITM proxy with a fake root CA! Cheers,
Re: Planning a new Debian box!
On Thu, 26 Mar 2015, Bob Bernstein wrote: Shortly I will become the owner of a refurbished Dell with Win7 already on its 160g sata hard drive. I have no need or use for a multi-OS multi-boot machine. I only want wheezy on this for now. Make a Restore disk of W7 anyway. Get the codes, etc. You never know: You may need to put W7 back on it. Question: can I entrust to the Debian installer the task of repartitioning and formatting the HD with all that Windoze cruft already on it? Depends. Special partitioning scheme? LVM? RAID? Encryption? Etc. The options the installer gives you might not be what you want. For basic partitioning, though, the installer's partitioning tool works fine. Or, are there steps I ought to take prior to launching the installer, perhaps involving other disk tools? I don't trust what M$ puts on hard drives! Yes, yes, YES! RTFMs before doing anything. Why do so many skip this VERY important step? And they do. Constantly. And screw up the install. And then blame Debian for it. https://www.debian.org/doc/ Do it right, the first time. B -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150326163824.56d79...@debian7.boseck208.net
Need help with CUPS printing
I'm running Jessie, as close to plain vanilla as my hardware allows. I have a HP Laserjet 5MP. This is an ancient device. It has built-in firmware for Level 2 Postscript printing and a special socket for Apple Localtalk connection, but no USB. It is a sturdy old beast and was running nicely until quite recently. But in a special configuration that needs to be understood in order to give help: My main desktop computer on which I receive email, and create my own documents has *only* USB. I bought a special cable that has a USB to Centronics conversion dongle at one end. But I can't use it because the socket for Centronics on the printer is in recessed place in the printer where the dongle won't fit and I can't enlarge the place without sawing away parts of the printer framework that are necessary for the paper feed system to work. So, instead, I put into service an old micro-mini Dell (now running Jessie) and put CUPS on it, and configured it to be a print server. But all this was well before I had any idea that there would ever be anything like Jessie in my future. At first, after some fiddling, the print server worked under Jessie, but now it has stopped working. The printer continues to produce test pages when requesting them from the old Dell keyboard and in self-test mode by pushing buttons on the printer itself, not by typing at the computer keyboard. After installing the most recent upgrades to Jessie on both computers this morning, I tried to print a few pages from iceweasel and printing worked. But I also want to be able to print from Emacs, which I use to compose my emails, such as this one. Emacs told be that there was no default printer even though I had just selected the printer on the old Dell from a pick-list presented to be by the print user interface presented to me by the Emacs user interface. I think I should configure the Cups server on my desktop computer to indicate that that printer over on the old Dell is the one for Emacs. But how do I do that? I can't trust my own investigations to determine if there have been any recent changes in the Jessie CUPS packages in the recent past. I know there was a new version of CUPS at the time that Jessie entered pre-release freeze, and I pretty sure my system was working then and not something that I lost in my transition from Wheezy. And, of course, I'd like a more foreword looking suggestion than to re-install Wheezy. I'd like this fixed before Jessie release because I have a bad feeling that the longer I wait the further from the main-stream I will be. I need, with my old hardware, to be as close to the middle of the herd of users as I can be. The print driver for the HPLj-5MP that I have been using in recent years is the one with (recommended) in its listing in the pick-list of all HP print drivers in the localhost:631 web site on both computers. Beyond that I can't think of anything people might need to know about my set-up. I'd be glad to answer any questions about things that I haven't realized might be important. Please help -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150326233800.ga15...@big.lan.gnu
Re: ifupdown en jessie, iproute2 e interfaces bridge
El Wed, 25 de Mar de 2015, a las 02:36:09PM +, Camaleón dijo: lo ejecuta ifupdown él solito, sin doparse con scripts externos, en cuanto ve que una interfaz se llama XXX.NUMERO. Es lo mismo :-) No, no es lo mismo. Bueno, no es lo mismo lo que yo digo. Lo que tú dices sí es lo mismo, pero es que *estamos hablando de aspectos totalmente diferentes*. Un script puede ser una simple línea que ejecute un comando (ip) o ser más elaborado (brtcl) pero en ambos casos se pretende la misma función: crear una interfaz puente o crear una vlan que se pueda gestionar a través de ifupdown, N-M o cualquier otro sistema encargado de la gestión de la red. Sí, pero no es a eso a lo que yo me refiero. Vuelvo otra vez a explicarlo, porque ya me he propuesto que me acabes entendiendo. Que la gestión al final se reduce a que ifupdown ejecute los comandos que yo mismo podría ejecutar a mano con iproute2, brctl, vconfig, openvpn, tunctl, dhclient o la herramienta que sea, no es algo que yo desmienta en ningún momento: lo tengo claro y lo tenía claro antes de iniciar el hilo. Eso es machaconamente en lo que tú insistes, pero es que no hace falta que insistas en ello, porque yo lo sé. La diferencia a la que yo me refiero está en el cómo lo hace ifupdown: a) Algunas configuraciones simples (normalmente las que no requieren crear ninguna interfaz) iface eth0 inet static address 192,.168.1.10 por supuesto que necesitan por debajo que ifupdown ejecute comandos (ip en este caso particular), pero no requieren que se le dicte a ifupdown cuáles son, porque él ya los sabe: la forma de gestionar esta declaración para eth0 ya está implementada en el core de la herramienta. O dicho de otro modo, si me paseo por los directorios /etc/network/if-*.d/, no veré ningún script que le diga a ifupdown cómo tiene que configurar esto. b) Otras configuraciones más complejas (normalmente las que requieren crear antes la interfaz) como: iface tun0 inet manual openvpn hostremoto Sí que requieren que se le dicte a ifupdown cómo manejar esa opción de openvpn hostremoto y, de hecho, si miro dentro de if-up.d y de if-down.d veré dos scripts llamados ambos openvpn que se instalan junto al paquete homónimo. Pues bien, si analizamos el caso de gestionar una interfaz vlan, resulta que hasta hace dos o tres años, nos encontrábamos en el caso b) e ifupdown requería de scripts externos (if-pre-up.d/vlan e if-post-down.d/vlan) que se instalaban con el paquete vlan, porque de hecho esos scripts usan el comando vconfig que se encuentra en dicho paquete. Ahora bien, eso cambió hace un tiempo y ahora ifupdown es capaz de gestionar esas interfaces sin requerir ningún script externo. Como, además, usa iproute2 que es una dependencia suya, no es necesario instalar ningún paquete adicional. Resumiendo: 1. Modo antiguo: requiere scripts externos que usan la opción vlan_raw_device (caso b) iface eth0.10 inet static address 192.168.10.1 vlan_raw_device eth0 2. Modo moderno: no requiere nada adicional y la funcionalidad está en el core de ifupdown (caso a) iface eth0.10 inet static address 192.168.10.1 Expuesto esto, mi pregunta original fue: la gestión de una interfaz bridge con ifupdown, sigue requiriendo la instalación de bridge-utils y los scripts que instala (caso b) o ya no requiere ningún script adicional y usa iproute2 (caso a) tal como pasa con las vlan? En el segundo caso, ¿cuál es su sintaxis? Motivo de la pregunta: no encuentro nada en internet, pero es que me costó mucho encontrar la solución a) para vlan y fue por casualidad. La mayor parte de la documentación que encuentro sobre debian al respecto no me parece fiable por obsoleta. Espero haberme explicado con claridad. Si no lo he hecho, no puedo hacerlo mejor y doy por cerrado el hilo. Gracias por tu tiempo. -- Parezco en mi fortuna al Manzanares, que con agua o sin ella siempre es río. --- Tomé de Burguillos --- -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150326072805.ga3...@cubo.casa
Re: Bug lubuntu
Traduzindo, o usuário operador adicionado ao grupo www-data nao consegue criar subdiretorios de um diretorio do grupo www-data com permissão rwx. Em 26 de março de 2015 10:54, Rodrigo Cunha rodrigo.root...@gmail.com escreveu: Fala pessoal, olha o que eu peguei no lubuntu. operador@lab:/var/www/www.loja.meudominio.intranet$ pwd /var/www/www.loja.meudominio.intranet operador@lab:/var/www/www.loja.meudominio.intranet$ ls -l ../ total 16 drwxr-xr-x 2 www-data www-data 4096 Mar 18 16:46 html drwxrwxr-x 2 www-data www-data 4096 Mar 26 10:33 www.loja.meudominio.intranet drwxrwxr-x 3 www-data www-data 4096 Mar 18 23:45 www.phpmyadmin.meudominio.intranet drwxrwxr-x 3 www-data www-data 4096 Mar 16 15:50 www.wiki.meudominio.intranet operador@lab:/var/www/www.loja.meudominio.intranet$ whoami operador operador@lab:/var/www/www.loja.meudominio.intranet$ !mkdir mkdir public_html mkdir: é impossível criar o diretório “public_html”: Permissão negada operador@lab:/var/www/www.loja.meudominio.intranet$ cat /etc/passwd |grep -i data www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin operador@lab:/var/www/www.loja.meudominio.intranet$ cat /etc/group |grep -i data www-data:x:33:operador operador@lab:/var/www/www.loja.meudominio.intranet$ -- Atenciosamente, Rodrigo da Silva Cunha -- Atenciosamente, Rodrigo da Silva Cunha
Re: Bug lubuntu
http://ubuntuforum-br.org/ Em 26/03/15, Rodrigo Cunharodrigo.root...@gmail.com escreveu: Fala pessoal, olha o que eu peguei no lubuntu. operador@lab:/var/www/www.loja.meudominio.intranet$ pwd /var/www/www.loja.meudominio.intranet operador@lab:/var/www/www.loja.meudominio.intranet$ ls -l ../ total 16 drwxr-xr-x 2 www-data www-data 4096 Mar 18 16:46 html drwxrwxr-x 2 www-data www-data 4096 Mar 26 10:33 www.loja.meudominio.intranet drwxrwxr-x 3 www-data www-data 4096 Mar 18 23:45 www.phpmyadmin.meudominio.intranet drwxrwxr-x 3 www-data www-data 4096 Mar 16 15:50 www.wiki.meudominio.intranet operador@lab:/var/www/www.loja.meudominio.intranet$ whoami operador operador@lab:/var/www/www.loja.meudominio.intranet$ !mkdir mkdir public_html mkdir: é impossível criar o diretório public_html: Permissão negada operador@lab:/var/www/www.loja.meudominio.intranet$ cat /etc/passwd |grep -i data www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin operador@lab:/var/www/www.loja.meudominio.intranet$ cat /etc/group |grep -i data www-data:x:33:operador operador@lab:/var/www/www.loja.meudominio.intranet$ -- Atenciosamente, Rodrigo da Silva Cunha -- | .''`. A fé não dá respostas. Só impede perguntas. | : :' : | `. `'` | `- Je vois tout -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cacnf0pid2+wwn6d+gdwzzp2bvyknrj4u927huqxcj3-u_l_...@mail.gmail.com
Re: Redirect HTTPS with Squid3+Squidguard
Hello Reco, On Thu, Mar 26, 2015 at 4:13 PM, Reco recovery...@gmail.com wrote: Hi. And just as well child can see a naughty picture on TV. Or a phone ad. Or a magazine/newspaper. Anywhere, once you start thinking about it. And that's just sad, disturbingly and one of the main reasons of so many people facing porn addiction. Whatever damage is done depends on child's state of mind, which is influenced by his/her prior education. Which, for the most part, should be (IMO) provided by parents first, and society (friends, school, whatever) - second. First would recommend you to read something about the psychology of children. And internet censorship is not a substitute of education. The only thing that censorship can teach is how to workaround it. Or that one's parents are complete insert_some_profanity_here. Is that how you want your children to perceive you? From this point of view all aspects of parenting are censorship. It's not about the government internet censorship - differentiate between parenting and freedom protection and well - I didn't tell the education is not needed. Besides, what's up with this 15 years mark? Just as an example - no other meaning, everybody can choose its own number. ;-) My last sentence to this thread - read The Little Prince a lot and once you will understand what's all this about probably and then you will be ready for reading Citadelle. Yes - I know - too much pathetic for somebody...
Re: Vitesse de transfert depuis/vers un répertoire monté avec sshfs
Le 26/03/2015 14:17, Raphaël POITEVIN a écrit : Bonjour, Bernardo bernardo.s...@siorat.net writes: - si je transfère le même fichier par sftp vers la machine distante, ça dure moins de 5 secondes ! c’est-à-dire, que fais-tu ? je tape une commande : sftp monlo...@machine.tld:/repdist monfichier J'ai aussi essayé, sur le conseil de Bernard avec filezilla, toujours en sftp bien sûr, et ça fonctionne correctement. À noter pour l'histoire que tous les clients ne sont pas pareils : gftp met aussi 15 min pour transférer le fichier... Si tu fais un cp ça réagit comment ? le fichier passe en une grosse minute -- Cordialement, Bernardo. C'est nous qui faisons des femmes ce qu'elles valent et voila pourquoi elles ne valent rien. -+- Gabriel Honoré Riquetti, Compte de Mirabeau (1749-1791) -+- -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: https://lists.debian.org/551413c7.4010...@siorat.net
Re: Política de ficheros externos en Debian
El Wed, 25 Mar 2015 19:53:47 +0100, Manolo Díaz escribió: El miércoles, 25 mar 2015, a las 19:43 UTC+1 horas, Camaleón escribió: (...) Pero ya debería estar corregido (wheezy lleva la versión 1.15-1), hum... mira: veusz-helpers: fails to upgrade from wheezy - trying to overwrite /usr/ lib/python2.7/dist-packages/veusz/resources https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714891 Pues no, corregido está en la 1.20. Y archivado. Pues les he enviado otro informe, no he visto el que apuntas. Me van a odiar por distraerlos mientras faenan para sacar adelante a Jessie :'( Ya sabes que suelen hacer poco caso, vamos, que puedes mandar un informe de fallo y hasta dentro de un año no recibir respuesta. Por cierto, el bug creo que es para el paquete veusz-helpers. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.03.26.14.29...@gmail.com
Re: ifupdown en jessie, iproute2 e interfaces bridge
El Thu, 26 Mar 2015 08:28:05 +0100, José Miguel (sio2) escribió: El Wed, 25 de Mar de 2015, a las 02:36:09PM +, Camaleón dijo: lo ejecuta ifupdown él solito, sin doparse con scripts externos, en cuanto ve que una interfaz se llama XXX.NUMERO. Es lo mismo :-) No, no es lo mismo. Bueno, no es lo mismo lo que yo digo. Lo que tú dices sí es lo mismo, pero es que *estamos hablando de aspectos totalmente diferentes*. Un script puede ser una simple línea que ejecute un comando (ip) o ser más elaborado (brtcl) pero en ambos casos se pretende la misma función: crear una interfaz puente o crear una vlan que se pueda gestionar a través de ifupdown, N-M o cualquier otro sistema encargado de la gestión de la red. Sí, pero no es a eso a lo que yo me refiero. Vuelvo otra vez a explicarlo, porque ya me he propuesto que me acabes entendiendo. (...) José Miguel, lo entiendo perfectamente. Simplemente a tu pregunta de si es necesario el paquete bridge-utils para crear una interfaz puente la respuesta es que puedes usar varias herramientas, entre ellas la que te proporciona bridge-utils, por lo tanto, la respuesta es que NO, no es necesario, que puedes crearla con la herramienta que prefieras o manualmente con iproute2 y una vez creada la puedes declarar o usar o gestionar o como prefieras llamarlo directamente desde el archivo /etc/network/interfaces. Por otra parte, grosso modo a ojos del kernel no hay ninguna diferencia entre eth0 y br0, no hay un sistema core en el ifupdown como dices para crear una u otra, simplemente se trata de dos interfaces distintas que se gestionan a través de módulos distintos, nada más. En cuanto a la sintaxis para gestionar los puentes lo tienes especificado en la página del manual de la herramienta que uses para crearlos (man brctl, man ip, etc...). Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pan.2015.03.26.14.46...@gmail.com
Re: Redirect HTTPS with Squid3+Squidguard
Hi. On Thu, 26 Mar 2015 14:29:08 +0100 Peter Viskup skupko...@gmail.com wrote: It's the way you look at. For me it's about prevention...your child can click on some link somewhere and see some pictures/videos which will remain in his/her mind (let's say) forever and can harm even if it was only seconds they were seen...I am speaking about children less than 15 years old...and even older children needs protection. And just as well child can see a naughty picture on TV. Or a phone ad. Or a magazine/newspaper. Anywhere, once you start thinking about it. Whatever damage is done depends on child's state of mind, which is influenced by his/her prior education. Which, for the most part, should be (IMO) provided by parents first, and society (friends, school, whatever) - second. And internet censorship is not a substitute of education. The only thing that censorship can teach is how to workaround it. Or that one's parents are complete insert_some_profanity_here. Is that how you want your children to perceive you? Besides, what's up with this 15 years mark? Why 14 is too early, and 16 is too old? For example, puberty is considered starting at 12 where I live, full civil rights are granted at 18. Reco -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150326181312.f08aaed0a70439a2c935d...@gmail.com