Re: Using serial console as a poor mans IP kvm?

[Lars Noodén]

On 09/08/2016 10:26 PM, Jarle Aase wrote:
>...
> So I'm thinking about serial consoles. My gateway router will reboot
> after an outage, and it can act as a VPN endpoint. So I can access IP
> devices. With a rasberry pi and some relays, I can probably trigger a
> cold reboot whenever I need to. If I could log on to the grub console on
> the servers over a serial link, that's all I need, really.
> 
> Does anyone here have any experience with remote control with Debian
> boxes over serial? Will it work reliable?

Quite a while back (Etch) I had some Debian machines running via serial
console.  As far as I know everything should still work just as nicely
over serial console.  From what I recall, you'll have to set console
settings several places in the system to cover all contingencies for
booting and recovery.

I've used USB-to-serial adapters with the Prolific chipset.  They've
worked fine for me, in various models.  (I haven't tried FTDI and am
suspicious of them.)  There are also specialized PCI and PCIe serial
console servers which add 4 or 8 extra serial ports to a machine.  But
if you're going to run everything off of a single rpi then a
USB-to-serial adapter is the way to go.  There are ones that go USB to 4
or 8 serial ports, but they are hard to find affordably any more.

About the power relays, I did that before and had a lot of help to make
some custom ones, nothing being on the market back then.  I found
someone with skill to build a custom setup that worked over GPIO.
However, nowadays there are several devices that look interesting.  One
pre-made series that caught my eye a few weeks ago was this one:

https://unipi.technology/shop/

However, I have not evaluated any units so that is just to point to
what's on the market and not any endorsement.  You'll need to wire plugs
and such, too, and I can't see any fuses on those units.

Regards,
Lars

Re: Flash para Linux...

[Thiago Zoroastro]

> Pra que Flash? Estamos na era do HTML5  nem o YouTube usa mais.
É surpreendente que a minha impressão é que há pouca gente saiba do HTML5 
Everywhere no Firefox. É excelente e eu fiquei surpreso quando descobri.
 

Em Quinta-feira, 8 de Setembro de 2016 15:02, Sinval Júnior 
 escreveu:
 

 Yuri, 
Na realidade o Flash fazia uso de um recurso chamando NPAP. Este recurso que os 
navegadores vão abandonar. 
Ao encaminhar esta mensagem, por favor:
1 - Apague meu endereço eletrônico;
2 - Encaminhe como Cópia Oculta (Cco ou BCc) aos seus destinatários. Dificulte 
assim a disseminação de vírus, spams e banners.

#=+
#!/usr/bin/env python
nome = 'Sinval Júnior'
email = 'sinvalju arroba gmail ponto com'
print nome
print email
#==+
Em 8 de setembro de 2016 14:13, Yuri Somacal  escreveu:

Isso significa que o suporte para Flash nos navegadores irá voltar?

Att,
Yuri Sganzerla Somacal 



   

Re: Flash para Linux...

[Thiago Zoroastro]

Instalem o plugin no Firefox HTML5 Everywhere. O Gnu Flash ou Fnash também era 
útil.
 

Em Quinta-feira, 8 de Setembro de 2016 9:39, Nélio Macedo 
 escreveu:
 

 Olá! Bom dia
Depois da má notícia acerca do projeto OpenOffice, recebi a notícia que a ADOBE 
voltou com o flash para linux Show...
Eis o link:
http://www.edivaldobrito.com.br/flash-para-linux-como-instalar/?utm_source=feedburner_medium=email_campaign=Feed%3A+edivaldobrito+%28Blog+do+Edivaldo%29

Boa leitura!
Nélio MacedoUsuário comum UBUNTU.

   

Re: Squid3 y Dominios https

[OddieX]

No creas Paynalton, yo lo tengo funcionando con listas de control de acceso
y chequeo de usuarios y grupos contra LDAP y squidGuard, y anda de pelos!
No requeri meterle un certificado intermedio!

Saludos


El 8 de septiembre de 2016, 16:59, Paynalton 
escribió:

> Así es, los navegadores no permiten el uso de proxy transparente con
> https debido a que puede ser usado para ataques Men-in-midle, por tanto
> rechazan las conexiones.
>
> Por eso el cliente debe estar notificado de que su gateway para https
> está en X puerto y servidor, ya sea configurandolo manualmente en el
> navegador o distribuido a través de un wpad.
>
> Además Squid deberá tener un certificado intermedio para validar el
> encriptado entre el cliente y el sitio web.
>
> Por eso lo más sencillo es un periódico enrollado con el cual golpear a
> los usuarios que ingresen a páginas prohibidas jajajja.
>
> --
> 
>  _
> / Amor se llama el juego en el que un par \
> | de ciegos juegan a hacerse daño.|
> | |
> \ -- Joaquin Sabina. Cantautor español.   /
>  -
> \   ^__^
>  \  (oo)\___
> (__)\   )\/\
> ||w |
> || ||
>
>
> El jue, 08-09-2016 a las 15:27 -0300, OddieX escribió:
> > Oswaldo, fijate la documentacion de Squid... Por ahi lei que no lo
> > configuras en los clientes no podes manejar https...
> >
> >
> > El 8 de septiembre de 2016, 10:52, Matias Mucciolo
> >  escribió:
> >
> > claro si denegas el dominio con un acl
> > deberia bloquearlo el squid ya sea http o
> > https(si es que el https pasa por el squid).
> >
> > ejemplo del log que deberias encontrar:
> >
> > TCP_DENIED/403 1454 CONNECT webmessenger.msn.com:443 - NONE/-
> > text/html
> >
> > ese dominio(que ya no existe mas en si) lo tengo bloqueado en
> > una acl.
> >
> > saludos
> >
> >
> > --
> >
> > Matias Mucciolo
> >
> > Area de Infraestructura.
> > Piedras 737 C.A.B.A
> > SUTEBA
> >
> > On Thursday 08 September 2016 08:55:12 Oswaldo Franco wrote:
> > > No lo tengo transparente por ese mismo caso.
> > > Osea mientras no deniego el dominio de la página https
> > siempre podrán
> > > acceder a ella?
> > > Porque si la deniego no pueden abrirla.
> > >
> > >
> > >
> > >
> > > El 8 de septiembre de 2016, 8:48, Matias Mucciolo
> > 
> > > escribió:
> > >
> > > >
> > > > No hay problema
> > > > creo que lo que esta pasando(o me imagino)
> > > > es que el https sale directamente sin pasar
> > > > por el proxy por eso no lo filtra.
> > > >
> > > > no se si usas un proxy trasparente pero
> > > > https no funciona con proxy transparete,
> > > >
> > > > suerte
> > > >
> > > >
> > > > --
> > > >
> > > > Matias Mucciolo
> > > >
> > > > Area de Infraestructura.
> > > > Piedras 737 C.A.B.A
> > > > SUTEBA
> > > >
> > > > On Thursday 08 September 2016 08:43:13 Oswaldo Franco
> > wrote:
> > > > > Gracias por tu recomendación Matias Mucciolo, pero tengo
> > configurado un
> > > > > firewall sencillo con Firestarter y los servicios de
> > DHCP y DNS en
> > > > Windows.
> > > > > Estoy migrando poco a poco los servicios
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > El 8 de septiembre de 2016, 8:13, Matias Mucciolo <
> > > > mmucci...@suteba.org.ar>
> > > > > escribió:
> > > > >
> > > > > >
> > > > > > Buenas
> > > > > >
> > > > > > lo que yo haría en este caso
> > > > > > es bloquear el puerto 443 en el firewall
> > > > > > y configurar el proxy en cada maquina.
> > > > > > Tambien te recomiendo el "auto-detect proxy"(wpad)
> > > > > >
> > > > > > saludos
> > > > > >
> > > > > >
> > > > > > --
> > > > > >
> > > > > > Matias Mucciolo
> > > > > >
> > > > > > Area de Infraestructura.
> > > > > > Piedras 737 C.A.B.A
> > > > > > SUTEBA
> > > > > >
> > > > > > On Thursday 08 September 2016 07:33:22 Oswaldo Franco
> > wrote:
> > > > > > > Hola listeros, saludos.
> > > > > > >
> > > > > > > Utilizo squid3 (3.1.6-1.2+squeeze3) en una máquina
> > con Debian
> > > > GNU/Linux
> > > > > > > 6.0.8 (squeeze).
> > > > > > >
> > > > > > > Tengo el squid configurado para bloquear TODO y
> > permitir 

Re: SSH Connection Behind A Router/Firewall

[Tim McDonough]

On 9/8/2016 1:42 PM, Joe wrote:

On Thu, 8 Sep 2016 12:49:56 -0500
Tim McDonough  wrote:


I have a very straightforward Debian Jessie machine on my network.
For SSH it uses the standard/default Port 22 and accessing it via ssh
works just fine from anywhere on the local network.

I also have a NetGear router configured so that a connection from the
outside world using Port 1024 gets forwarded to the local IP and Port
22 on the LAN. My problem is when I attempt a connection from the
outside world the connection is refused.

Is there another setting on the Debian Jessie system I need to
configure or do you believe this is a router configuration problem?
If I just allow the forwarding (externally) to forward on Port 22
things work as expected.


No, that should work. As far as the server is concerned, it's a
standard port 22 job.

That was my thought as well.

If a router has the option of setting the destination port in a
forwarding rule, that really ought to work. I've done it in two stages,
forwarding port A on the public IP, to port B on my firewall/server,
then to port 22 on an internal machine, no trouble.
I have a NetGear WNDR3800. I have the port forwarding setup as you 
describe.

Sorry to ask this, but... your ssh client does know it's using 1024,
doesn't it? Not just the software client, but is there an outgoing
firewall that also needs to know this? On a modern Windows machine, you
need to explicitly set up an outgoing rule, it's not just a simple
stateful firewall any more.
Don't apologize for asking, I'd be perfectly happy if I'd overlooked 
something simple. I'm using a Windows 10 machine to access it and even 
with the firewall in the Win10 box turned off I get the same results.

Quick check from your network: use Shields Up!! on https://grc.com and
ask for a check on your specific external port. If the router isn't
forwarding, or the server isn't responding, the port will show as
closed. If it shows open, and Mr Gibson lectures you about security,
then you have a problem at the client end.

The port shows as open.

I initially used PuTTY to test and when I first got the error I also 
tried making an sftp connection with Filezilla. A forwarded port is a 
no-go with either of them.


Thanks for the suggestions,

Tim

Problems communicating with and between servers after upgrade

[Clive Menzies]

Hi

We've suffered a series of seemingly disconnect problems on 4 machines 
since upgrading jessie on Monday:


apt/log:

Start-Date: 2016-09-05  12:17:10
Commandline: apt-get upgrade
Upgrade: libgcrypt20:i386 (1.6.3-2+deb8u1, 1.6.3-2+deb8u2), gnupg:i386 
(1.4.18-7+deb8u1, 1.4.18-7+deb8u2), linux-libc-dev:i386 
(3.16.7-ckt25-2+deb8u3, 3.16.36-1+deb8u1), 
linux-image-3.16.0-4-686-pae:i386 (3.16.7-ckt25-2+deb8u3, 
3.16.36-1+deb8u1), gpgv:i386 (1.4.18-7+deb8u1, 1.4.18-7+deb8u2), 
libidn11:i386 (1.29-1+deb8u1, 1.29-1+deb8u2)

End-Date: 2016-09-05  12:19:22

First there was a DMA error on bootup on file and mail server_U, we were 
alerted to by no email being delivered from dovecot on the server. We 
fsck'd the disk offline and no errors were reported. Although the system 
would boot, dovecot wouldn't work. We've been through so many 
permutations and combinations since that I can't remember each step we 
took after that, some of which we repeated. Eventually, in spite of the 
fsck result, we replaced the disk and reinstalled. The samba 
installation worked out of the box but dovecot and rsync (for automated 
remote backups) didn't. It turned out to be a certification problem 
which required creating the certs while making sure dovecot knows where 
to look (not straightforward). I can't remember the specifics of the 
rsync issue; it may have been self-inflicted. Eventually, all was well 
and everything was working, including the remote backup.


Tuesday: we'd lost ssh connection to the two remote backup servers via 
the VPN; I've no idea of their state other than getting someone onsite 
to reboot them using the power button - they appear to be working.


We then found that laptop_T can access smb shares (using both windows 
and debian systems) on file and mail server_M but two other linux 
machines couldn't, nor could a remote windows laptop via VPN, (but that 
may be because the user's machine is "broken" but the timing is 
suspicious). Nor can he get to dovecot with his Thunderbird email client 
which may be related to the same upgrade.


We've compared /etc/fstab on laptop_T which mounts the shares with no 
problem to that on laptop_D which doesn't. Same user, same share and 
they are identical in respect of mounting the shares but one works, one 
doesn't.


As server_U is working after reinstallation, following much exploration, 
we reinstalled jessie 8.3 on server_M and committed to systemd to avoid 
potential progressive sysv-init problems we'd learned of during our 
investigation. After a reinstall of the system and subsequently samba 
(twice), we resorted to the maintainer's version of /etc/smb.conf and 
customised it for our setup. We tried to keep the configuration as 
vanilla as possible but there was no improvement in terms of access from 
the two debian machines.


In comparing the /etc/smb.conf with that on server_U, we noticed that 
the winserver IP address on U was uncommented and gave its LAN IP (it is 
acting as the winserver for the workgroup). We edited server_M 
/etc/fstab to include the winserver IP and debian workstation_E saw the 
shares in file manager but the share didn't show up in df -h. The shares 
appeared to be unmounted but were accessible through Thunar(FM). We 
commented it out and access broke, uncommented it and it worked again. 
On laptop_D the IP "fix" didn't have any effect - won't mount and can't 
be seen.


At this point we're stuck which gives pause for reflection. These 4 
servers have been running stable debian for over 10 years and apart from 
the odd hardware issue have been rock solid. Two of the machines have 
been replaced more than once over the years but the other two are the 
original boxes. Most upgrades were pretty seamless and if there were 
problems, a short burst of intensive exploration, trial and error, 
quickly resolved them.


This nightmare of expanding problems has been going on for three days, 
since Monday afternoon. Never before have I questioned the decision to 
base our business (and our lives) on Debian and I remain a firm 
advocate. I also recognise that over successive releases, accommodating 
a plethora of configurations becomes harder and that at some point a 
step changes in the foundations of the system are required. I'm 
presuming that the transition to systemd from sysv-init was an essential 
step and understand that backwards compatibility becomes more 
challenging as time goes on.


Whether this systemd transition is related to the remote connectivity 
with the servers and the samba issue, I don't know but this number of 
seemingly random but mission critical series of problems has shaken our 
confidence.


Apologies if this sounds like a complaint, it's not. It is a concern, 
which someone may be able to allay, that Debian is not as rock solid as 
it was.


You guys have done brilliant work and I'm aware that my contribution to 
the project has been very small and pretty non-existent for the last few 
years - other priorities. So 

Re: Problema teclat USB

[Marcos]

Hola de nou,

espero que el monòleg pugui servir a algú més... :)

A 2016-09-09 00:49, Marcos escrigué:


Miraré com el puc tornar a fer servir però evitant que posi
a dormir els USB i poder fer ús de les altres configuracions
que proveeix.


Doncs fàcilment amb la configuració següent:

/etc/laptop-mode/conf.d/runtime-pm.conf:
  ...
  AUTOSUSPEND_USE_WHITELIST=0
  AUTOSUSPEND_RUNTIME_DEVTYPE_BLACKLIST="usbhid usb-storage"
  ...

D'aquesta manera, els dispositius USB d'interacció humana
(teclats, ratolins, ...) i els d'emmagatzematge, no seran
suspesos mai.

Salut i bona nit!
--
Marcos

Re: libnss3, currently in testing

[Henrique de Moraes Holschuh]

On Thu, 08 Sep 2016, Gene Heskett wrote:
> Has anyone an idea of a schedule of when that will put this security 
> update into the wheezy repo's?

https://wiki.debian.org/LTS

Please contact the Debian LTS people, and if this fix is not already in
the priority queue, you could offer to sponsor the work required or
something.

> I believe this is why I cannot use the paypal account I just opened.

Gene, may I humbly suggest you should get a new box for non-Linux-CNC
work, and keep that wheezy box you use for Linux-CNC off the grid so
that it doesn't become a liability in the future?

You will be happier in the medium/long term after the investment in the
new box pays itself off, Debian jessie should work much better overall
for you for desktopish things (i.e. not Linux-CNC), and the rest of us
will be happier even sooner because we will have less support requests
related to oldstable to attend to[1] ;-)

Paypal works just fine with firefox in a standard Debian 8.6 install.

[1] Any work done for stable and unstable/testing _usually_ helps a lot
more people than work done for oldstable.

-- 
  Henrique Holschuh

Re: Problems communicating with and between servers after upgrade - correction

[Clive Menzies]

On 08/09/16 23:07, Clive Menzies wrote:

Hi

We've suffered a series of seemingly disconnect problems on 4 machines 
since upgrading jessie on Monday:


apt/log:

Start-Date: 2016-09-05  12:17:10
Commandline: apt-get upgrade
Upgrade: libgcrypt20:i386 (1.6.3-2+deb8u1, 1.6.3-2+deb8u2), gnupg:i386 
(1.4.18-7+deb8u1, 1.4.18-7+deb8u2), linux-libc-dev:i386 
(3.16.7-ckt25-2+deb8u3, 3.16.36-1+deb8u1), 
linux-image-3.16.0-4-686-pae:i386 (3.16.7-ckt25-2+deb8u3, 
3.16.36-1+deb8u1), gpgv:i386 (1.4.18-7+deb8u1, 1.4.18-7+deb8u2), 
libidn11:i386 (1.29-1+deb8u1, 1.29-1+deb8u2)

End-Date: 2016-09-05  12:19:22

First there was a DMA error on bootup on file and mail server_U, we 
were alerted to by no email being delivered from dovecot on the 
server. We fsck'd the disk offline and no errors were reported. 
Although the system would boot, dovecot wouldn't work. We've been 
through so many permutations and combinations since that I can't 
remember each step we took after that, some of which we repeated. 
Eventually, in spite of the fsck result, we replaced the disk and 
reinstalled. The samba installation worked out of the box but dovecot 
and rsync (for automated remote backups) didn't. It turned out to be a 
certification problem which required creating the certs while making 
sure dovecot knows where to look (not straightforward). I can't 
remember the specifics of the rsync issue; it may have been 
self-inflicted. Eventually, all was well and everything was working, 
including the remote backup.


Tuesday: we'd lost ssh connection to the two remote backup servers via 
the VPN; I've no idea of their state other than getting someone onsite 
to reboot them using the power button - they appear to be working.


We then found that laptop_T can access smb shares (using both windows 
and debian systems) on file and mail server_M but two other linux 
machines couldn't, nor could a remote windows laptop via VPN, (but 
that may be because the user's machine is "broken" but the timing is 
suspicious). Nor can he get to dovecot with his Thunderbird email 
client which may be related to the same upgrade.


We've compared /etc/fstab on laptop_T which mounts the shares with no 
problem to that on laptop_D which doesn't. Same user, same share and 
they are identical in respect of mounting the shares but one works, 
one doesn't.


As server_U is working after reinstallation, following much 
exploration, we reinstalled jessie 8.3 on server_M and committed to 
systemd to avoid potential progressive sysv-init problems we'd learned 
of during our investigation. After a reinstall of the system and 
subsequently samba (twice), we resorted to the maintainer's version of 
/etc/smb.conf and customised it for our setup. We tried to keep the 
configuration as vanilla as possible but there was no improvement in 
terms of access from the two debian machines.


In comparing the /etc/smb.conf with that on server_U, we noticed that 
the winserver IP address on U was uncommented and gave its LAN IP (it 
is acting as the winserver for the workgroup). We edited server_M 
/etc/fstab to include the winserver IP and debian workstation_E saw 
the shares in file manager but the share didn't show up in df -h. The 
shares appeared to be unmounted but were accessible through 
Thunar(FM). We commented it out and access broke, uncommented it and 
it worked again. On laptop_D the IP "fix" didn't have any effect - 
won't mount and can't be seen.
Sorry, brain disengaged. We edited server_M /etc/smb.conf to include the 
winserver IP NOT /etc/fstab


At this point we're stuck which gives pause for reflection. These 4 
servers have been running stable debian for over 10 years and apart 
from the odd hardware issue have been rock solid. Two of the machines 
have been replaced more than once over the years but the other two are 
the original boxes. Most upgrades were pretty seamless and if there 
were problems, a short burst of intensive exploration, trial and 
error, quickly resolved them.


This nightmare of expanding problems has been going on for three days, 
since Monday afternoon. Never before have I questioned the decision to 
base our business (and our lives) on Debian and I remain a firm 
advocate. I also recognise that over successive releases, 
accommodating a plethora of configurations becomes harder and that at 
some point a step changes in the foundations of the system are 
required. I'm presuming that the transition to systemd from sysv-init 
was an essential step and understand that backwards compatibility 
becomes more challenging as time goes on.


Whether this systemd transition is related to the remote connectivity 
with the servers and the samba issue, I don't know but this number of 
seemingly random but mission critical series of problems has shaken 
our confidence.


Apologies if this sounds like a complaint, it's not. It is a concern, 
which someone may be able to allay, that Debian is not as rock solid 
as it was.


You guys have done brilliant 

Re: Problema teclat USB

[Marcos]

Hola,

A 2016-09-08 16:36, Marcos escrigué:


Alguna idea de per on començar a mirar?


Resulta que el problema era la gestió d'energia dels ports
USB.  En el meu cas, eliminant `laptop-mode-tools` s'ha
sol·lucionat el problema.

Miraré com el puc tornar a fer servir però evitant que posi
a dormir els USB i poder fer ús de les altres configuracions
que proveeix.

Salut,
--
Marcos

Re: Using serial console as a poor mans IP kvm?

[Don Armstrong]

On Thu, 08 Sep 2016, Jarle Aase wrote:
> Does anyone here have any experience with remote control with Debian boxes
> over serial? Will it work reliable?

It's fairly reliable; I actually prefer it to using KVM in almost all
cases. You just need to get it configured properly in grub, the bios,
and the kernel, and you should be fine.

That said, providing LUKS input over the wire is always going to be
problematic unless you have known secured links to the terminal. [But
maybe you'll know if the government has done this to you.]


-- 
Don Armstrong  https://www.donarmstrong.com

Whatever you do will be insignificant, but it is very important that
you do it.
 -- Mohandas Karamchand Gandhi

Re: libnss3, currently in testing

[Gene Heskett]

On Thursday 08 September 2016 17:51:43 Michael Lange wrote:

> Hi,
>
> On Thu, 8 Sep 2016 09:28:33 -0400
>
> Gene Heskett  wrote:
> > Greetings all;
> >
> > Has anyone an idea of a schedule of when that will put this security
> > update into the wheezy repo's?
> >
> > I believe this is why I cannot use the paypal account I just opened.
>
> Maybe you could try the version from jessie, if dependencies let you
> do so. At least the chance might be better than with the
> unstable-version. Since the problem you described looked somewhat
> different from Mark's, I am not so sure that it's the same package
> that causes the problem, though.
>
> Regards
>
> Michael

Well, I could be talked out of it, but when I called paypal, their tech 
help told me to use a different browser, but google chomium, years older 
that FF-ESR, will not even log in. Chrome I don't have, google wants to 
know way more about me than I feel like sharing with such a high profile 
hacking target as google.  Taini't gonna happen while I am still looking 
at the green side of the grass.

FF-ESR will log in, but when I select send money, it goes to a screen 
where I enter the PP account name of the person I want to send $25 to, 
and click the "next" button, FF sends exactly 0 bytes of data back to 
paypal. All paypal can tell me is that they are about to wash their 
hands and just blacklist FF.  Claims all the winders browsers work just 
fine.

And the only thing I can do is buy a whole nother unit, and the one click 
pay for that works just fine, I've already done it.

Bottom line is, what good is a paypal account if a linux user cannot use 
it?

Rant off. thanks.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Fim do OpenOffice?

[Thiago Canuto Ferreira]

Sim... vi nas ultimas respostas. Me desculpe responder atrasado.

Em Qui, 2016-09-08 às 18:18 -0300, Guimarães Faria Corcete DUTRA,
Leandro escreveu:
> 2016-09-08 18:15 GMT-03:00 Thiago Canuto Ferreira :
> > Também concordo.
> 
> Já parou, relaxemos e toquemos o barco.  Só evitemos responder no topo…
> 
> 

Re: Using serial console as a poor mans IP kvm?

[Neal P. Murphy]

On Thu, 8 Sep 2016 15:43:31 -0600
Glenn English  wrote:

> For remote access, the RPi sounds like a good idea to me. I've had one on the 
> 'Net for several years, doing things not requiring major CPU power. It's on 
> my UPS, and it's had no reliability problems.
> 
> A relatively small dedicated UPS would likely keep your border router and an 
> RPi going for quite a while.
> 
> An RPi is just a small Debian box, so you could reliably get to it over a 
> VPN. Then, with a little innovative routing, you could look around the net(s) 
> and see what's going on. 
> 
> With a relay board on the RPi's GPIO connector, you could turn things back 
> on, if necessary. No RS-232, new motherboards, or KVM anythings required.

Except for entering the encryption keys, and seeing when to enter them

Re: libnss3, currently in testing

[Michael Lange]

Hi,

On Thu, 8 Sep 2016 09:28:33 -0400
Gene Heskett  wrote:

> Greetings all;
> 
> Has anyone an idea of a schedule of when that will put this security 
> update into the wheezy repo's?
> 
> I believe this is why I cannot use the paypal account I just opened.

Maybe you could try the version from jessie, if dependencies let you do
so. At least the chance might be better than with the unstable-version.
Since the problem you described looked somewhat different from Mark's, I
am not so sure that it's the same package that causes the problem, though.

Regards

Michael

.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

He's dead, Jim.
-- McCoy, "The Devil in the Dark", stardate 3196.1

Re: [resolved] FireFox broken,

[Michael Lange]

On Thu, 8 Sep 2016 19:54:55 +0100
Brian  wrote:

> Maybe you could post the URLs of two or three web sites which are now
> available to you without security-related error messages which you had
> trouble with before. Jessie users would be interested whether they too
> have to install libnss3 from unstable.

It works with jessie as it used to work with stretch before apparently
some update in stretch messed things up.
One "broken" address that was mentioned on debian-user-german is
mail.google.com .

Regards

Michael


.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

The idea of male and female are universal constants.
-- Kirk, "Metamorphosis", stardate 3219.8

Re: [OT] Flash Player para linux "strikes back"

[Miguel Matos]

El 6 de septiembre de 2016, 17:13, Eduardo Rios 
escribió:

> El 05/09/16 a las 17:26, Camaleón escribió:
>
>> El Mon, 05 Sep 2016 16:08:46 +0200, Altair Linux escribió:
>>
>> Creo que te voy a decir una cosa que NO es nada nueva. Mientras ciertas
>>> paginas web (correcto, me refiero a ESAS paginas web) usen flash para
>>> los temas de videos, flash va a seguir existiendo en el mundo de Linux.
>>>
>>> ¿O me va alguien a decir que flash se usa actuamente en Linux como
>>> opcion principal para algo diferente a lo indicado antes?.
>>>
>>
>> Pues mira, te cuento una anécdota de ayer mismo.
>>
>> Yo siempre tengo flash actualizado PERO desactivado. Siempre. Sólo lo
>> habilito momentáneamente para ver series y películas online de ciertas
>> fuentes de (ejem) dudosa procedencia ;-) y ayer fue uno de esos días en
>> los que me puse a ver una película de animación (Mascotas, 2016) y se me
>> olvidó activar Flash Player pero... ¡ondiá! funcionó sin problemas.
>>
>
> A mi me pasó algo parecido. Desinstalé flashplugin-nonfree... y probé
> ciertas páginas... Y al ver que me funcionaban sin él (ya usaban HTML5),
> pues lo dejé desinstalado :-)
>
> A ver si pronto con el Java puedo hacer lo mismo. :)
>
>
> --
> www.LinuxCounter.net
>
> Registered user #369215
>
>
> Pues mucho temo decir que con Java no podrán "hacer lo mismo". Puesto que
Flash es mantenido por una sola empresa (y aunque Java también), la
diferencia es que la segunda lo necesitan empresas multivariantes: desde
negocios medianos hasta hospitales, bancos, empresas del gobierno, y más. Y
si ven un sitio que termina en .jsp cuando realizan una operación con su
usuario, ya sabrán de lo que hablo.

P.D.: Camaleón, no temas decir que haces eso para poder buscar un rato de
ocio. Yo hace 2 años y medio que no voy al cine. La última vez que fui al
cine fue a ver Monsters University, ¡y la peli lleva tiempo que salió! Y de
ahí me he perdido un montón. Por ello es una bendición tener estos sitios
de "dudosa procedencia" presentes.


-- 
Ayuda para hacer preguntas inteligentes: http://is.gd/NJIwRz

Re: Problema teclat USB

[Marcos]

Bona nit,

A 2016-09-08 21:21, Narcis Garcia escrigué:

Crec recordar que es resolia canviant la compatibilitat amb «legacy 
USB»

de la BIOS de l'ordinador.


Em sona la opció que comentes, però no hi és disponible a la BIOS del
portàtil en qüestió, així que no ho he pogut provar.

Gràcies,
--
Marcos

Re: Using serial console as a poor mans IP kvm?

[Glenn English]

For remote access, the RPi sounds like a good idea to me. I've had one on the 
'Net for several years, doing things not requiring major CPU power. It's on my 
UPS, and it's had no reliability problems.

A relatively small dedicated UPS would likely keep your border router and an 
RPi going for quite a while.

An RPi is just a small Debian box, so you could reliably get to it over a VPN. 
Then, with a little innovative routing, you could look around the net(s) and 
see what's going on. 

With a relay board on the RPi's GPIO connector, you could turn things back on, 
if necessary. No RS-232, new motherboards, or KVM anythings required.

Assuming you can write a little Python...

No?

-- 
Glenn English

Re: Fim do OpenOffice?

[Guimarães Faria Corcete DUTRA , Leandro]

2016-09-08 18:15 GMT-03:00 Thiago Canuto Ferreira :
> Também concordo.

Já parou, relaxemos e toquemos o barco.  Só evitemos responder no topo…


-- 
skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
+55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
+55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803
BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm

Re: Fim do OpenOffice?

[Thiago Canuto Ferreira]

Também concordo.

Thiago

Em Qui, 2016-09-08 às 15:38 -0300, Guimarães Faria Corcete DUTRA,
Leandro escreveu:
> 2016-09-08 15:18 GMT-03:00 Felipe Duque :
> > Teoria da Evolução de Darwin posta em prática - com sucesso:
> 
> Queria sugerir que este debate parasse por aqui, visto já ter desviado
> do assunto.
> 
> 

Re: Flash para Linux...

[Yuri Somacal]

Entendi.
Agradeço os esclarecimentos.

Att,
Yuri Sganzerla Somacal

Re: Flash para Linux...

[Thiago Canuto Ferreira]

Boa tarde. E eu que desde que instalei o Debian em meu notebook (faz
alguns meses), usando o Firefox e Chrome nem sei o que é instalar ou
usar flash. Pelo menos ainda não precisei.

Thiago

Em Qui, 2016-09-08 às 15:02 -0300, Sinval Júnior escreveu:
> Yuri, 
> 
> 
> Na realidade o Flash fazia uso de um recurso chamando NPAP. Este
> recurso que os navegadores vão abandonar. 
> 
> Ao encaminhar esta mensagem, por favor:
> 1 - Apague meu endereço eletrônico;
> 2 - Encaminhe como Cópia Oculta (Cco ou BCc) aos seus destinatários.
> Dificulte assim a disseminação de vírus, spams e banners.
> 
> #=+
> #!/usr/bin/env python
> nome = 'Sinval Júnior'
> email = 'sinvalju arroba gmail ponto com'
> print nome
> print email
> #==+
> 
> Em 8 de setembro de 2016 14:13, Yuri Somacal 
> escreveu:
> Isso significa que o suporte para Flash nos navegadores irá
> voltar?
> 
> Att,
> Yuri Sganzerla Somacal 
> 
> 

Re: Using serial console as a poor mans IP kvm?

[Neal P. Murphy]

On Thu, 8 Sep 2016 22:26:59 +0300
Jarle Aase  wrote:

> I want to set up a few servers at home. Unfortunately, as I live in 
> Bulgaria at the moment, the electric power is gone pretty often for 
> longer periods than my UPS'es can deal with. So my servers will have to 
> be started at least a few times every quarter.
> 
> Another challenge with living in Bulgaria is that there is no law or 
> order. The Police is just a branch of the Mafia. I need to protect the 
> data on the servers with full disk encryption in case they are stolen.
> 
> That means that I need to reboot the servers relatively often, and 
> provide the luks passwords every time. Some times I am far away when 
> this happens. I have been considering Supermicro motherboards with built 
> in support for remote management - or old KVM IP switches from Ebay. The 
> problem with Supermicro is that it's expensive and difficult to get the 
> RAM required for their recent Skylake boards. The problem with Ebay is 
> that few suppliers ships to Bulgaria, and getting anything trough the 
> custom's here takes a whole day. Then there is the question if the 
> device works at all...
> 
> So I'm thinking about serial consoles. My gateway router will reboot 
> after an outage, and it can act as a VPN endpoint. So I can access IP 
> devices. With a rasberry pi and some relays, I can probably trigger a 
> cold reboot whenever I need to. If I could log on to the grub console on 
> the servers over a serial link, that's all I need, really.
> 
> Does anyone here have any experience with remote control with Debian 
> boxes over serial? Will it work reliable?

Generally speaking

I haven't used a serial console on Debian in particular. I do it on a 
Linux-based system I maintain; serial console works very well, provided you 
remember the main differences: it's not a VESA console, it doesn't know about 
CTRL-ALT-DEL, and you may see no output until grub starts (unless the 
BIOS/firmware can do serial console). The system's terminal type may not match 
the emulator's type and the display may be somewhat garbled; the use of serial 
ports for interactive use has declined greatly over the years, as has 
conformance to serial terminal protocols. Also, a  starts SysRq.

I suspect grub should work with a serial console; I've never tried it with the 
new grub. I wrote a 6-line patch for grub legacy (which I use for my system) 
that allows one to use either VESA or serial console, or choose one with a 
keystroke. I've been using it for 3-4 years now without trouble.

To tell linux to use a serial console, connect a terminal (or emulator) to 
ttyS0 (COMa) on the server and set it to 115200-8-N-1, let grub start, then 
edit the boot entry and add the option "console=ttys0,115200" to the kernel 
command line, and boot. 

Your main problem will be operating the servers' reset switches should it be 
necessary. I think this is usually done by having the DCD, DSR, RI, or CTS line 
of the TIA-232 port close-then-open a relay that acts as the reset switch. (But 
your idea of using an rPI would work, too.)

Of course, the encryption key reader has to work on a serial port as well.

What would be interesting is if there were a 'VGA scanner' for the rPI so it 
could send you the screen changes, say, ten times a second. (And there are some 
USB devices that may work.) And if the rPI had a client USB port (so it could 
act like a keyboard) you would be able to see the 'monitor' and type on the 
'keyboard'.

Re: Using serial console as a poor mans IP kvm?

[Miles Fidelman]

On 9/8/16 3:26 PM, Jarle Aase wrote:

I want to set up a few servers at home. Unfortunately, as I live in 
Bulgaria at the moment, the electric power is gone pretty often for 
longer periods than my UPS'es can deal with. So my servers will have 
to be started at least a few times every quarter.


Another challenge with living in Bulgaria is that there is no law or 
order. The Police is just a branch of the Mafia. I need to protect the 
data on the servers with full disk encryption in case they are stolen.


That means that I need to reboot the servers relatively often, and 
provide the luks passwords every time. Some times I am far away when 
this happens. I have been considering Supermicro motherboards with 
built in support for remote management - or old KVM IP switches from 
Ebay. The problem with Supermicro is that it's expensive and difficult 
to get the RAM required for their recent Skylake boards. The problem 
with Ebay is that few suppliers ships to Bulgaria, and getting 
anything trough the custom's here takes a whole day. Then there is the 
question if the device works at all...


So I'm thinking about serial consoles. My gateway router will reboot 
after an outage, and it can act as a VPN endpoint. So I can access IP 
devices. With a rasberry pi and some relays, I can probably trigger a 
cold reboot whenever I need to. If I could log on to the grub console 
on the servers over a serial link, that's all I need, really.


Does anyone here have any experience with remote control with Debian 
boxes over serial? Will it work reliable?




It sort of works.

I've done this two ways:

1.  External serial-to-ethernet box.  The external box turns out to be 
somewhat flakey, and a security hole (unpatched embedded linux with some 
vulnerabilities, and it needs to be rekeyed annually, but that doesn't 
actually work very smoothly).


2. Supermicro IPMI board:  Sometimes works, sometimes simply doesn't 
respond - usually when one needs it most.


In both cases, unless you layer a VPN on top of them, they are really 
nasty security holes.  I've ended up resorting to the old "call the data 
center and have a human push the button" - but that doesn't sound like 
it applies to your situation.


Good luck finding a solution.

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra

Re: Hoge resolutie scherm

[Vincent Zweije]

On Thu, Sep 08, 2016 at 09:19:50PM +0200, Paul van der Vlis wrote:

||  Op 08-09-16 om 20:50 schreef Vincent Zweije:
||  > On Thu, Sep 08, 2016 at 04:28:19PM +0200, Paul van der Vlis wrote:
||  >
||  > ||  Een klant wil graag een desktop met groot scherm met hoge resolutie.
||  > ||  Bijvoorbeeld 2500x1600 of zelfs 3800x2160.
||  > ||
||  > ||  Hebben jullie hier actuele ervaring mee? Eerder waren de browsers een
||  > ||  probleem, maar daar zijn nu nieuwe versies van.
||  > ||
||  > ||  Of wellicht dat het met testing gaat?
||  >
||  > Ik heb thuis een 2560x1440 staan, en ondervind geen problemen. Debian
||  > testing, dat wel.
||
||  Zijn de letters niet erg klein?
||  Welke desktop draai je?
||  Heb je het ook weleens met Debian stable geprobeerd?

Er zit een passend formaat scherm aan. De letters zijn aan de kleine
kant, maar dat vind ik eigenlijk wel prettig. Ik mag aannemen dat firefox
eventueel is in te stellen op een groter font?

Mijn desktop is kdm/openbox, geen flashy omgeving.

Stable draai ik daar niet; ik houd absoluut niet van herinstalleren,
daarom draai ik ook Debian (testing). :-)

Vincent.
-- 
Vincent Zweije    | "If you're flamed in a group you
  | don't read, does anybody get burnt?"
[Xhost should be taken out and shot] |-- Paul Tomblin on a.s.r.


signature.asc
Description: PGP signature

Re: Squid3 y Dominios https

[Paynalton]

Así es, los navegadores no permiten el uso de proxy transparente con
https debido a que puede ser usado para ataques Men-in-midle, por tanto
rechazan las conexiones.

Por eso el cliente debe estar notificado de que su gateway para https
está en X puerto y servidor, ya sea configurandolo manualmente en el
navegador o distribuido a través de un wpad.

Además Squid deberá tener un certificado intermedio para validar el
encriptado entre el cliente y el sitio web.

Por eso lo más sencillo es un periódico enrollado con el cual golpear a
los usuarios que ingresen a páginas prohibidas jajajja.

-- 

 _
/ Amor se llama el juego en el que un par \
| de ciegos juegan a hacerse daño.|
| |
\ -- Joaquin Sabina. Cantautor español.   /
 -
\   ^__^
 \  (oo)\___
(__)\   )\/\
||w |
|| ||


El jue, 08-09-2016 a las 15:27 -0300, OddieX escribió:
> Oswaldo, fijate la documentacion de Squid... Por ahi lei que no lo
> configuras en los clientes no podes manejar https...
> 
> 
> El 8 de septiembre de 2016, 10:52, Matias Mucciolo
>  escribió:
> 
> claro si denegas el dominio con un acl
> deberia bloquearlo el squid ya sea http o
> https(si es que el https pasa por el squid).
> 
> ejemplo del log que deberias encontrar:
> 
> TCP_DENIED/403 1454 CONNECT webmessenger.msn.com:443 - NONE/-
> text/html
> 
> ese dominio(que ya no existe mas en si) lo tengo bloqueado en
> una acl.
> 
> saludos
> 
> 
> --
> 
> Matias Mucciolo
> 
> Area de Infraestructura.
> Piedras 737 C.A.B.A
> SUTEBA
> 
> On Thursday 08 September 2016 08:55:12 Oswaldo Franco wrote:
> > No lo tengo transparente por ese mismo caso.
> > Osea mientras no deniego el dominio de la página https
> siempre podrán
> > acceder a ella?
> > Porque si la deniego no pueden abrirla.
> >
> >
> >
> >
> > El 8 de septiembre de 2016, 8:48, Matias Mucciolo
> 
> > escribió:
> >
> > >
> > > No hay problema
> > > creo que lo que esta pasando(o me imagino)
> > > es que el https sale directamente sin pasar
> > > por el proxy por eso no lo filtra.
> > >
> > > no se si usas un proxy trasparente pero
> > > https no funciona con proxy transparete,
> > >
> > > suerte
> > >
> > >
> > > --
> > >
> > > Matias Mucciolo
> > >
> > > Area de Infraestructura.
> > > Piedras 737 C.A.B.A
> > > SUTEBA
> > >
> > > On Thursday 08 September 2016 08:43:13 Oswaldo Franco
> wrote:
> > > > Gracias por tu recomendación Matias Mucciolo, pero tengo
> configurado un
> > > > firewall sencillo con Firestarter y los servicios de
> DHCP y DNS en
> > > Windows.
> > > > Estoy migrando poco a poco los servicios
> > > >
> > > >
> > > >
> > > >
> > > > El 8 de septiembre de 2016, 8:13, Matias Mucciolo <
> > > mmucci...@suteba.org.ar>
> > > > escribió:
> > > >
> > > > >
> > > > > Buenas
> > > > >
> > > > > lo que yo haría en este caso
> > > > > es bloquear el puerto 443 en el firewall
> > > > > y configurar el proxy en cada maquina.
> > > > > Tambien te recomiendo el "auto-detect proxy"(wpad)
> > > > >
> > > > > saludos
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > Matias Mucciolo
> > > > >
> > > > > Area de Infraestructura.
> > > > > Piedras 737 C.A.B.A
> > > > > SUTEBA
> > > > >
> > > > > On Thursday 08 September 2016 07:33:22 Oswaldo Franco
> wrote:
> > > > > > Hola listeros, saludos.
> > > > > >
> > > > > > Utilizo squid3 (3.1.6-1.2+squeeze3) en una máquina
> con Debian
> > > GNU/Linux
> > > > > > 6.0.8 (squeeze).
> > > > > >
> > > > > > Tengo el squid configurado para bloquear TODO y
> permitir lo que le
> > > diga
> > > > > > mediante las ACL. Pero los dominios con https se
> pueden abrir
> > > > > normalmente a
> > > > > > menos que las deniegue específicamente.
> > > > > >
> > > > > > Quiero saber si podrían darme una ayuda para que
> esto no suceda.
> > > > > >
> > > > > > Qué es lo que quiero, que deniegue todo (inclyendo
> https) y yo poder
> > > > > > 

Re: Re: Re: Re: [xfce] - power management

[Herbert Fortes]

Hi,


I do not have 'qdbus' command installed.




Regards,

Herbert

Re: Using serial console as a poor mans IP kvm?

[Dan Ritter]

On Thu, Sep 08, 2016 at 10:26:59PM +0300, Jarle Aase wrote:
> I want to set up a few servers at home. Unfortunately, as I live in Bulgaria
> at the moment, the electric power is gone pretty often for longer periods
> than my UPS'es can deal with. So my servers will have to be started at least
> a few times every quarter.
> 
> Another challenge with living in Bulgaria is that there is no law or order.
> The Police is just a branch of the Mafia. I need to protect the data on the
> servers with full disk encryption in case they are stolen.
> 
> That means that I need to reboot the servers relatively often, and provide
> the luks passwords every time. Some times I am far away when this happens. I
> have been considering Supermicro motherboards with built in support for
> remote management - or old KVM IP switches from Ebay. The problem with
> Supermicro is that it's expensive and difficult to get the RAM required for
> their recent Skylake boards. The problem with Ebay is that few suppliers
> ships to Bulgaria, and getting anything trough the custom's here takes a
> whole day. Then there is the question if the device works at all...
> 
> So I'm thinking about serial consoles. My gateway router will reboot after
> an outage, and it can act as a VPN endpoint. So I can access IP devices.
> With a rasberry pi and some relays, I can probably trigger a cold reboot
> whenever I need to. If I could log on to the grub console on the servers
> over a serial link, that's all I need, really.
> 
> Does anyone here have any experience with remote control with Debian boxes
> over serial? Will it work reliable?

We use serial consoles on Debian and Oracle Linux boxes all the
time, and have done so for more than a decade. They are more
dependable than anything else -- once you have set them up and
tested them through a full reboot cycle.

There are relatively expensive, but compact, devices that will
do both serial access and power switching. 8 of each is a common
configuration, as is 16. We like WTI boxes.

I am somewhat suspicious of USB-to-serial adapters in general,
but they are cheap and you can hook up lots at once through a
USB hub. You will probably want to test several brands in order
to find something reliable.

Incidentally, there are very few applications in which a Skylake
processor will be notably faster than the previous generation of 
Broadwells -- and Broadwells can use DDR3. You might save a lot 
of money and get built-in KVMs that way.

-dsr-

Using serial console as a poor mans IP kvm?

[Jarle Aase]

I want to set up a few servers at home. Unfortunately, as I live in 
Bulgaria at the moment, the electric power is gone pretty often for 
longer periods than my UPS'es can deal with. So my servers will have to 
be started at least a few times every quarter.


Another challenge with living in Bulgaria is that there is no law or 
order. The Police is just a branch of the Mafia. I need to protect the 
data on the servers with full disk encryption in case they are stolen.


That means that I need to reboot the servers relatively often, and 
provide the luks passwords every time. Some times I am far away when 
this happens. I have been considering Supermicro motherboards with built 
in support for remote management - or old KVM IP switches from Ebay. The 
problem with Supermicro is that it's expensive and difficult to get the 
RAM required for their recent Skylake boards. The problem with Ebay is 
that few suppliers ships to Bulgaria, and getting anything trough the 
custom's here takes a whole day. Then there is the question if the 
device works at all...


So I'm thinking about serial consoles. My gateway router will reboot 
after an outage, and it can act as a VPN endpoint. So I can access IP 
devices. With a rasberry pi and some relays, I can probably trigger a 
cold reboot whenever I need to. If I could log on to the grub console on 
the servers over a serial link, that's all I need, really.


Does anyone here have any experience with remote control with Debian 
boxes over serial? Will it work reliable?


Thanks in advance.

Jarle

Re: Problema teclat USB

[Narcis Garcia]

Jo també m'havia trobat amb alguna cosa així fa anys, i també amb la
distinció del GRUB.
Crec recordar que es resolia canviant la compatibilitat amb «legacy USB»
de la BIOS de l'ordinador.






__
I'm using this express-made address because personal addresses aren't
masked enough at lists.debian.org archives.
El 08/09/16 a les 16:36, Marcos ha escrit:
> Bona tarda,
> 
> des de fa un temps que em trobo amb el següent problema amb el meu teclat
> USB.  No és greu, però és empipador :)
> 
> Quan estic a la tty de login (sense X) no es troba actiu el teclat i no
> puc escriure-hi.  No obstant, tant al GRUB com al prompt de la
> contrassenya del xifrat de disc durant l'engegada sí funciona.  Si el
> desconnecto i el torno a connectar funciona perfectament.  El mateix passa
> amb el ratolí, després de fer login i carregar les X, aquest no funciona
> fins que el trec i el torno a posar.
> 
> Alguna idea de per on començar a mirar?
> 
> El sistema és una Debian testing, actualitzada fa uns dies; però ja dic
> que passa fa alguns mesos, però no he tingut temps de mirar-m'ho fins ara.
> 
> Gràcies!

Re: Hoge resolutie scherm

[Paul van der Vlis]

Op 08-09-16 om 20:50 schreef Vincent Zweije:
> On Thu, Sep 08, 2016 at 04:28:19PM +0200, Paul van der Vlis wrote:
> 
> ||  Een klant wil graag een desktop met groot scherm met hoge resolutie.
> ||  Bijvoorbeeld 2500x1600 of zelfs 3800x2160.
> ||
> ||  Hebben jullie hier actuele ervaring mee? Eerder waren de browsers een
> ||  probleem, maar daar zijn nu nieuwe versies van.
> ||
> ||  Of wellicht dat het met testing gaat?
> 
> Ik heb thuis een 2560x1440 staan, en ondervind geen problemen. Debian
> testing, dat wel.

Zijn de letters niet erg klein?
Welke desktop draai je?
Heb je het ook weleens met Debian stable geprobeerd?

Groeten,
Paul.


-- 
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/



signature.asc
Description: OpenPGP digital signature

Re: Jessie & Fixed IP Address

[Brian]

On Thu 08 Sep 2016 at 18:08:04 +0100, David wrote:

> I am working with a Raspberry PI running Jessie and I'm not happy about
> the solutions I found to change it from DHCP to a fixed IP address.

That's a shame.
 
> Editing the file /etc/dhcpcd.conf does not seem to work correctly.

Nobody in their right mind would be editing /etc/dhcpcd.conf to get a
fixed IP address.

> Can I go back to the old method of editing /etc/network/interfaces

You can go back to whatever works for you.

> Or is there a better way of setting a fixed IP on Jessie?

Better? That's a matter of opinion. A suitable /e/n/i is good enough.
You have advice on this.

But you could use connman if it keeps your Raspberry PI happy. That
might be a step too far, though.

Re: Hoge resolutie scherm

[Vincent Zweije]

On Thu, Sep 08, 2016 at 04:28:19PM +0200, Paul van der Vlis wrote:

||  Een klant wil graag een desktop met groot scherm met hoge resolutie.
||  Bijvoorbeeld 2500x1600 of zelfs 3800x2160.
||
||  Hebben jullie hier actuele ervaring mee? Eerder waren de browsers een
||  probleem, maar daar zijn nu nieuwe versies van.
||
||  Of wellicht dat het met testing gaat?

Ik heb thuis een 2560x1440 staan, en ondervind geen problemen. Debian
testing, dat wel.

Vincent.
-- 
Vincent Zweije    | "If you're flamed in a group you
  | don't read, does anybody get burnt?"
[Xhost should be taken out and shot] |-- Paul Tomblin on a.s.r.


signature.asc
Description: PGP signature

Re: [resolved] FireFox broken,

[Brian]

On Thu 08 Sep 2016 at 09:30:54 -0500, Mark Allums wrote:

> On 09/07/2016 05:23 PM, Gene Heskett wrote:
> >
> >Maybe this is related to libns3 that someone mention, but we have to get
> >it from unstable? On wheezy, how?
> >
> >Thanks.
> >
> >Cheers, Gene Heskett
> >
> 
> Installing libnss3 from sid/unstable solved the problem of web sites
> unavailable with a security-related error message for me.

As you say "My problem is not YouTube, that was just an example."

An example of what? A relationship between a "next" button not working
with PayPal and video viewing? Have we left the world of Flash?

Maybe you could post the URLs of two or three web sites which are now
available to you without security-related error messages which you had
trouble with before. Jessie users would be interested whether they too
have to install libnss3 from unstable.


[Good technical advice snipped].

Re: SSH Connection Behind A Router/Firewall

[Joe]

On Thu, 8 Sep 2016 12:49:56 -0500
Tim McDonough  wrote:

> I have a very straightforward Debian Jessie machine on my network.
> For SSH it uses the standard/default Port 22 and accessing it via ssh
> works just fine from anywhere on the local network.
> 
> I also have a NetGear router configured so that a connection from the 
> outside world using Port 1024 gets forwarded to the local IP and Port
> 22 on the LAN. My problem is when I attempt a connection from the
> outside world the connection is refused.
> 
> Is there another setting on the Debian Jessie system I need to
> configure or do you believe this is a router configuration problem?
> If I just allow the forwarding (externally) to forward on Port 22
> things work as expected.
> 

No, that should work. As far as the server is concerned, it's a
standard port 22 job.

If a router has the option of setting the destination port in a
forwarding rule, that really ought to work. I've done it in two stages,
forwarding port A on the public IP, to port B on my firewall/server,
then to port 22 on an internal machine, no trouble.

Sorry to ask this, but... your ssh client does know it's using 1024,
doesn't it? Not just the software client, but is there an outgoing
firewall that also needs to know this? On a modern Windows machine, you
need to explicitly set up an outgoing rule, it's not just a simple
stateful firewall any more.

Quick check from your network: use Shields Up!! on https://grc.com and
ask for a check on your specific external port. If the router isn't
forwarding, or the server isn't responding, the port will show as
closed. If it shows open, and Mr Gibson lectures you about security,
then you have a problem at the client end.

-- 
Joe

Re: Fim do OpenOffice?

[Guimarães Faria Corcete DUTRA , Leandro]

2016-09-08 15:41 GMT-03:00 Rodolfo :
> Sugestão aceita

Obrigado!


> me desculpem

Por mim, desculpado.


> me empolguei.

Compreensível.


-- 
skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
+55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
+55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803
BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm

Re: Fim do OpenOffice?

[Rodolfo]

Sugestão aceita, me desculpem, me empolguei.

Abraços.

Em 8 de setembro de 2016 14:38, Guimarães Faria Corcete DUTRA, Leandro <
l...@dutras.org> escreveu:

> 2016-09-08 15:18 GMT-03:00 Felipe Duque :
> > Teoria da Evolução de Darwin posta em prática - com sucesso:
>
> Queria sugerir que este debate parasse por aqui, visto já ter desviado
> do assunto.
>
>
> --
> skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
> +55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
> +55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803
> BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm
>

Re: Fim do OpenOffice?

[Guimarães Faria Corcete DUTRA , Leandro]

2016-09-08 15:18 GMT-03:00 Felipe Duque :
> Teoria da Evolução de Darwin posta em prática - com sucesso:

Queria sugerir que este debate parasse por aqui, visto já ter desviado
do assunto.


-- 
skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
+55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
+55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803
BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm

Re: Fim do OpenOffice?

[Rodolfo]

Isso é um experimento baseado na Teoria do Darwin, você realmente leu o que
esse texto diz ?

Se for pra mostrar fontes, tenho fontes suficientes que provam que a teoria
de Darwin estão erradas, fontes não cristãs, fontes cristãs, fontes atéias
e de tudo que se possa imaginar, logo, Darwin não explica, e continua sendo
uma Teoria.

E quem define se é teoria não sou eu, são as próprias instituições e
periódicos, segue alguns:

http://scientific.thomson.com/products/sci/

e no Brasil

http://qualis.capes.gov.br/webqualis/


Sugiro você estudar sobre o significado de teoria, pois lhe dará uma boa
clareza.


Abraços  :).

Em 8 de setembro de 2016 14:18, Felipe Duque 
escreveu:

> Teoria da Evolução de Darwin posta em prática - com sucesso:
>
> https://en.wikipedia.org/wiki/E._coli_long-term_evolution_experiment
>
> Então Darwin explica :)
>
> On 09/08/2016 08:45 AM, Rodolfo wrote:
>
> Se Charles Darwin explica, e se você está falando da Teoria do
> Evolucionismo, então que você falou pode ou não ser normal, visto que a
> Teoria do Evolucionismo não saiu do status de "Teoria", e continua até hoje.
>
> Em 8 de setembro de 2016 07:38, Fred Maranhão 
> escreveu:
>
>> 2016-09-08 0:31 GMT-03:00 Rodrigo Cunha :
>> > Srs. essa ideia de fim de um projeto opensource é quase impossivel, uma
>> vez
>> > que o código é livre, qualquer um pode reiniciar, pegar o código e
>> colocar
>> > outro nome, etc, etc...
>>
>> poder, pode. mas na prática existem milhões de projetos abandonados
>> cujos produtos não servem para nada na prática.
>>
>> o que chega a ser empacotado numa distro é só a ponta do iceberg, uma
>> minoria que deu certo.
>>
>> mas isto é normal. charles darwin explica.
>>
>>
>> >
>> > Em 7 de setembro de 2016 16:07, Gilberto F da Silva <
>> gfs1...@mandic.com.br>
>> > escreveu:
>> >>
>> >> -BEGIN PGP SIGNED MESSAGE-
>> >> Hash: SHA1
>> >>
>> >> On Tue, Sep 06, 2016 at 09:52:18AM -0300, jaitony souza wrote:
>> >> > Bom dia
>> >> > Era de se esperar com o surgimento do libre office e adoção de quase
>> >> > todas
>> >> > as distribuições Linux por ele o OpenOffice até demorou muito pra
>> morre
>> >> >
>> >> > Enviada por um dispositivo móvel
>> >> >
>> >> > Em 06/09/2016 09:46, "Nélio Macedo" 
>> escreveu:
>> >>
>> >>   Melhor que haja somente uma suite forte para o Linux.
>> >>
>> >> - --
>> >>
>> >> Gilberto F da Silva - gfs1...@gmx.net - ICQ 136.782.571
>> >> Stela dato:2.457.639,295  Loka tempo:2016-09-07 16:05:14 Merkredo
>> >> - -==-
>> >> Faz o que tu queres..  há de ser tudo da lei!
>> >>  -- Raul Seixas
>> >> -BEGIN PGP SIGNATURE-
>> >> Version: GnuPG v2
>> >>
>> >> iEYEARECAAYFAlfQZXgACgkQJxugWtMhGw4ACQCfevEDGlnBSfVt72IBErPSoIjd
>> >> 8VYAoNMrK92jDpAAvDdo5BnTJJGas098
>> >> =055Q
>> >> -END PGP SIGNATURE-
>> >>
>> >
>> >
>> >
>> > --
>> > Atenciosamente,
>> > Rodrigo da Silva Cunha
>> >
>>
>>
>
> --
> *Felipe Duque Belfort*
> *Mestrando em ciência da computação, UFPE*
> _
> "*It is a man's own mind, not his enemy or foe, that lures him to evil
> ways*" (The Buddha)
> "*Quando a educação não é libertadora, o sonho do oprimido é ser o
> opressor*" (Paulo Freire)
>

Re: Fim do OpenOffice?

[Felipe Duque]

Teoria da Evolução de Darwin posta em prática - com sucesso:

https://en.wikipedia.org/wiki/E._coli_long-term_evolution_experiment

Então Darwin explica :)

On 09/08/2016 08:45 AM, Rodolfo wrote:
Se Charles Darwin explica, e se você está falando da Teoria do 
Evolucionismo, então que você falou pode ou não ser normal, visto que 
a Teoria do Evolucionismo não saiu do status de "Teoria", e continua 
até hoje.


Em 8 de setembro de 2016 07:38, Fred Maranhão > escreveu:


2016-09-08 0:31 GMT-03:00 Rodrigo Cunha >:
> Srs. essa ideia de fim de um projeto opensource é quase
impossivel, uma vez
> que o código é livre, qualquer um pode reiniciar, pegar o código
e colocar
> outro nome, etc, etc...

poder, pode. mas na prática existem milhões de projetos abandonados
cujos produtos não servem para nada na prática.

o que chega a ser empacotado numa distro é só a ponta do iceberg, uma
minoria que deu certo.

mas isto é normal. charles darwin explica.


>
> Em 7 de setembro de 2016 16:07, Gilberto F da Silva
>
> escreveu:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On Tue, Sep 06, 2016 at 09:52:18AM -0300, jaitony souza wrote:
>> > Bom dia
>> > Era de se esperar com o surgimento do libre office e adoção
de quase
>> > todas
>> > as distribuições Linux por ele o OpenOffice até demorou muito
pra morre
>> >
>> > Enviada por um dispositivo móvel
>> >
>> > Em 06/09/2016 09:46, "Nélio Macedo" > escreveu:
>>
>>   Melhor que haja somente uma suite forte para o Linux.
>>
>> - --
>>
>> Gilberto F da Silva - gfs1...@gmx.net 
- ICQ 136.782.571
>> Stela dato:2.457.639,295  Loka tempo:2016-09-07 16:05:14 Merkredo
>> - -==-
>> Faz o que tu queres..  há de ser tudo da lei!
>>  -- Raul Seixas
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v2
>>
>> iEYEARECAAYFAlfQZXgACgkQJxugWtMhGw4ACQCfevEDGlnBSfVt72IBErPSoIjd
>> 8VYAoNMrK92jDpAAvDdo5BnTJJGas098
>> =055Q
>> -END PGP SIGNATURE-
>>
>
>
>
> --
> Atenciosamente,
> Rodrigo da Silva Cunha
>




--
/Felipe Duque Belfort/
/Mestrando em ciência da computação, UFPE/
_
"/It is a man's own mind, not his enemy or foe, that lures him to evil 
ways/" (The Buddha)
"/Quando a educação não é libertadora, o sonho do oprimido é ser o 
opressor/" (Paulo Freire)

Re: Squid3 y Dominios https

[OddieX]

Oswaldo, fijate la documentacion de Squid... Por ahi lei que no lo
configuras en los clientes no podes manejar https...

El 8 de septiembre de 2016, 10:52, Matias Mucciolo 
escribió:

>
> claro si denegas el dominio con un acl
> deberia bloquearlo el squid ya sea http o
> https(si es que el https pasa por el squid).
>
> ejemplo del log que deberias encontrar:
>
> TCP_DENIED/403 1454 CONNECT webmessenger.msn.com:443 - NONE/- text/html
>
> ese dominio(que ya no existe mas en si) lo tengo bloqueado en una acl.
>
> saludos
>
>
> --
>
> Matias Mucciolo
>
> Area de Infraestructura.
> Piedras 737 C.A.B.A
> SUTEBA
>
> On Thursday 08 September 2016 08:55:12 Oswaldo Franco wrote:
> > No lo tengo transparente por ese mismo caso.
> > Osea mientras no deniego el dominio de la página https siempre podrán
> > acceder a ella?
> > Porque si la deniego no pueden abrirla.
> >
> >
> >
> >
> > El 8 de septiembre de 2016, 8:48, Matias Mucciolo <
> mmucci...@suteba.org.ar>
> > escribió:
> >
> > >
> > > No hay problema
> > > creo que lo que esta pasando(o me imagino)
> > > es que el https sale directamente sin pasar
> > > por el proxy por eso no lo filtra.
> > >
> > > no se si usas un proxy trasparente pero
> > > https no funciona con proxy transparete,
> > >
> > > suerte
> > >
> > >
> > > --
> > >
> > > Matias Mucciolo
> > >
> > > Area de Infraestructura.
> > > Piedras 737 C.A.B.A
> > > SUTEBA
> > >
> > > On Thursday 08 September 2016 08:43:13 Oswaldo Franco wrote:
> > > > Gracias por tu recomendación Matias Mucciolo, pero tengo configurado
> un
> > > > firewall sencillo con Firestarter y los servicios de DHCP y DNS en
> > > Windows.
> > > > Estoy migrando poco a poco los servicios
> > > >
> > > >
> > > >
> > > >
> > > > El 8 de septiembre de 2016, 8:13, Matias Mucciolo <
> > > mmucci...@suteba.org.ar>
> > > > escribió:
> > > >
> > > > >
> > > > > Buenas
> > > > >
> > > > > lo que yo haría en este caso
> > > > > es bloquear el puerto 443 en el firewall
> > > > > y configurar el proxy en cada maquina.
> > > > > Tambien te recomiendo el "auto-detect proxy"(wpad)
> > > > >
> > > > > saludos
> > > > >
> > > > >
> > > > > --
> > > > >
> > > > > Matias Mucciolo
> > > > >
> > > > > Area de Infraestructura.
> > > > > Piedras 737 C.A.B.A
> > > > > SUTEBA
> > > > >
> > > > > On Thursday 08 September 2016 07:33:22 Oswaldo Franco wrote:
> > > > > > Hola listeros, saludos.
> > > > > >
> > > > > > Utilizo squid3 (3.1.6-1.2+squeeze3) en una máquina con Debian
> > > GNU/Linux
> > > > > > 6.0.8 (squeeze).
> > > > > >
> > > > > > Tengo el squid configurado para bloquear TODO y permitir lo que
> le
> > > diga
> > > > > > mediante las ACL. Pero los dominios con https se pueden abrir
> > > > > normalmente a
> > > > > > menos que las deniegue específicamente.
> > > > > >
> > > > > > Quiero saber si podrían darme una ayuda para que esto no suceda.
> > > > > >
> > > > > > Qué es lo que quiero, que deniegue todo (inclyendo https) y yo
> poder
> > > > > > permitir mediante ACL's los dominios que desee.
> > > > > >
> > > > > > Gracias de antemano.
> > > > > >
> > > > > >
> > > > > > --
> > > > > > OSWALDO FRANCO
> > > > > > Cumaná, Sucre -Venezuela
> > > > > > GNU/Linux User # 508524
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > OSWALDO FRANCO
> > > > Cumaná, Sucre -Venezuela
> > > > GNU/Linux User # 508524
> > > >
> > > >
> > > >
> > > > Enviado con Mailtrack
> > > >  > > referral=franco.oswa...@gmail.com=23>
> > >
> >
> >
> >
> > --
> > OSWALDO FRANCO
> > Cumaná, Sucre -Venezuela
> > GNU/Linux User # 508524
>
>

Re: Flash para Linux...

[Sinval Júnior]

Yuri,

Na realidade o Flash fazia uso de um recurso chamando NPAP. Este recurso
que os navegadores vão abandonar.

Ao encaminhar esta mensagem, por favor:
1 - Apague meu endereço eletrônico;
2 - Encaminhe como Cópia Oculta (Cco ou BCc) aos seus destinatários.
Dificulte assim a disseminação de vírus, spams e banners.

#=+
#!/usr/bin/env python
nome = 'Sinval Júnior'
email = 'sinvalju arroba gmail ponto com'
print nome
print email
#==+

Em 8 de setembro de 2016 14:13, Yuri Somacal 
escreveu:

> Isso significa que o suporte para Flash nos navegadores irá voltar?
>
> Att,
> Yuri Sganzerla Somacal
>

Re: Flash para Linux...

[Guimarães Faria Corcete DUTRA , Leandro]

2016-09-08 14:13 GMT-03:00 Yuri Somacal :
> Isso significa que o suporte para Flash nos navegadores irá voltar?

Nada tem a ver.  Os navegadores querem acabar com todos esses módulos
que violam a padronização W3C HTML, inclusive o Java.

Provavelmente a Adobe só quis resolver algum problema urgente, sem
novos desenvolvimentos.


-- 
skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
+55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
+55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803
BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm

SSH Connection Behind A Router/Firewall

[Tim McDonough]

I have a very straightforward Debian Jessie machine on my network. For 
SSH it uses the standard/default Port 22 and accessing it via ssh works 
just fine from anywhere on the local network.


I also have a NetGear router configured so that a connection from the 
outside world using Port 1024 gets forwarded to the local IP and Port 22 
on the LAN. My problem is when I attempt a connection from the outside 
world the connection is refused.


Is there another setting on the Debian Jessie system I need to configure 
or do you believe this is a router configuration problem? If I just 
allow the forwarding (externally) to forward on Port 22 things work as 
expected.


Thanks,

Tim

Re: Jessie & Fixed IP Address

[Tim McDonough]

On 9/8/2016 12:08 PM, David wrote:

I am working with a Raspberry PI running Jessie and I'm not happy about
the solutions I found to change it from DHCP to a fixed IP address.

Editing the file /etc/dhcpcd.conf does not seem to work correctly.

Can I go back to the old method of editing /etc/network/interfaces

Or is there a better way of setting a fixed IP on Jessie?


Raspbian Jessie (not Debian Jessie) uses systemd by default. I found the 
following instructions worked well on my R-Pi 3 board:




I too found it really confusing that many of the files we formerly used 
to configure networking are still present but have no effect. I do not 
know what all is involved in re-configuring to not use this newer method.


Tim

Re: SMTP relay issue with emails to specific domain

[Daniel Bareiro]

On 08/09/16 13:56, Daniel Bareiro wrote:

> I recently set up an relay SMTP server on a host of Digital Ocean, using
> Debian and Postfix.
> 
> The main reason for setting up this relay is that the cPanel VPS is
> hosted at Godaddy, and they force everyone to send email through their
> shared SMTP relay. As expected, that shared relay is continually being
> flagged for spam.
> 
> So the outgoing emails are routed through this server. Usually
> everything worked smoothly. Mails to accounts on Google, Yahoo, Hotmail
> and other servers are delivered. But I found a problem with a specific
> domain:
> 
> ---
> Sep  7 14:36:11 smtp postfix/smtp[8036]: 5EAA520AAD:
> to=, relay=lkeusa.com[50.87.144.56]:25], delay=13,
> delays=0.91/0.06/6.1/5.9, dsn=5.0.0, status=bounced (host
> lkeusa.com[50.87.144.56] said: 550-Please turn on SMTP Authentication in
> your mail client, or login to the 550-IMAP/POP3 server before sending
> your message.  smtp.server.com 550-[x.y.z.t]:41988 is not permitted to
> relay through this server 550 without authentication. (in reply to RCPT
> TO command))
> ---
> 
> I'm not sure why this specific domain is complaining in this way.
> 
> Another thing that is strange to me is that apparently a dig query is
> not returning nothing:
> 
> ---
> $ dig -t mx lkeusa.com
> 
> ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -t mx lkeusa.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31796
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;lkeusa.com.IN  MX
> 
> ;; Query time: 531 msec
> ;; SERVER: 10.1.0.6#53(10.1.0.6)
> ;; WHEN: Thu Sep 08 13:48:38 ART 2016
> ;; MSG SIZE  rcvd: 39
> ---
> 
> But Postfix was trying to deliver the mail in 50.87.144.56.
> 
> Maybe they were making changes to the remote server?

Well, it seems that in the absence of an MX record, Postfix uses the A
record that it find by querying that domain and in that IP address an
Exim server responds:

---
# telnet lkeusa.com 25
Trying 50.87.144.56...
Connected to lkeusa.com.
Escape character is '^]'.
220-gator3037.hostgator.com ESMTP Exim 4.86_1 #1 Thu, 08 Sep 2016
12:15:19 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
---

But I have not yet determined what the cause of that error 550 which is
not present with other SMTP servers like Gmail.

I will continue investigating. Any comments that shed some more light on
this will be appreciated.


Kind regards,
Daniel



signature.asc
Description: OpenPGP digital signature

Re: Jessie & Fixed IP Address

[Greg Wooledge]

On Thu, Sep 08, 2016 at 06:08:04PM +0100, David wrote:
> I am working with a Raspberry PI running Jessie and I'm not happy about
> the solutions I found to change it from DHCP to a fixed IP address.
> 
> Can I go back to the old method of editing /etc/network/interfaces

If it's Debian Jessie, then yes, you can edit /etc/network/interfaces.
Change the line that says something like "iface eth0 inet dhcp" to
"iface eth0 inet static", and add indented lines below that for the
address, netmask and gateway.  Then configure your /etc/resolv.conf
file to point to some valid nameservers.

If it's Raspbian Jessie, which is not the same as Debian Jessie, then
all bets are off.

Re: Flash para Linux...

[Yuri Somacal]

Isso significa que o suporte para Flash nos navegadores irá voltar?

Att,
Yuri Sganzerla Somacal

Jessie & Fixed IP Address

[David]

Hi Everybody,

I am working with a Raspberry PI running Jessie and I'm not happy about
the solutions I found to change it from DHCP to a fixed IP address.

Editing the file /etc/dhcpcd.conf does not seem to work correctly.

Can I go back to the old method of editing /etc/network/interfaces

Or is there a better way of setting a fixed IP on Jessie?

Thank you,

David.

SMTP relay issue with emails to specific domain

[Daniel Bareiro]

Hi all!

I recently set up an relay SMTP server on a host of Digital Ocean, using
Debian and Postfix.

The main reason for setting up this relay is that the cPanel VPS is
hosted at Godaddy, and they force everyone to send email through their
shared SMTP relay. As expected, that shared relay is continually being
flagged for spam.

So the outgoing emails are routed through this server. Usually
everything worked smoothly. Mails to accounts on Google, Yahoo, Hotmail
and other servers are delivered. But I found a problem with a specific
domain:

---
Sep  7 14:36:11 smtp postfix/smtp[8036]: 5EAA520AAD:
to=, relay=lkeusa.com[50.87.144.56]:25], delay=13,
delays=0.91/0.06/6.1/5.9, dsn=5.0.0, status=bounced (host
lkeusa.com[50.87.144.56] said: 550-Please turn on SMTP Authentication in
your mail client, or login to the 550-IMAP/POP3 server before sending
your message.  smtp.server.com 550-[x.y.z.t]:41988 is not permitted to
relay through this server 550 without authentication. (in reply to RCPT
TO command))
---

I'm not sure why this specific domain is complaining in this way.

Another thing that is strange to me is that apparently a dig query is
not returning nothing:

---
$ dig -t mx lkeusa.com

; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> -t mx lkeusa.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31796
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;lkeusa.com.IN  MX

;; Query time: 531 msec
;; SERVER: 10.1.0.6#53(10.1.0.6)
;; WHEN: Thu Sep 08 13:48:38 ART 2016
;; MSG SIZE  rcvd: 39
---

But Postfix was trying to deliver the mail in 50.87.144.56.

Maybe they were making changes to the remote server?


Thanks in advance.

Kind regards,
Daniel



signature.asc
Description: OpenPGP digital signature

Re: Debian Jessie : regular console instead of a hi-res one!

[Felix Miata]

David Wright composed on 2016-09-08 09:08 (UTC-0500):


On Thu 08 Sep 2016 at 04:36:42 (-0400), Felix Miata wrote:



Nicolas George composed on 2016-09-08 10:07 (UTC+0200):



>Felix Miata composed:



>>The simplest way is to direct KMS's framebuffer to use a lower resolution
>>than the native hi-res one by including a video= parameter on the kernel
>>cmdline. The lower the resolution, the larger the standard (usually 16x9)
>>framebuffer font becomes. On a 1920x1200 display I typically use
>>video=1440x900@60; on a 1920x1080, 1280x720@60; depending on size of display
>>and actual resolutions it supports. Using video=1920x1080 on a 2560x1440
>>display should produce a font 177% of the physical size of the one used
>>natively.



>It may be ONE OF THE simplest ways, but it a very bad one: screen have a
>native resolution, operating at a different one requires scaling: the
>resulting text will be much less readable than with the better solution of
>using a larger font.



Have you ever tried it? Default framebuffer fonts are quite
adaptable to different resolutions, as they are generally produced
with many more pix than typical GUI fonts. All that extra size
enhances readability, compensating rather nicely for the loss in
apparent resolution.



You can play with framebuffers and kernel drivers all you like.
What you cannot do is alter the layout of pixels on the screen.


Absolutely true.


If you don't use a resolution that matches those pixels exactly,
nothing you do can compensate.


False. The difference from one resolution to the next is easily lost if the 
screen resolution is beyond the resolving power of the eyes.



You are deluding yourself if you think you can.


Been doing it for years. One factor is called natural optical deterioration. 
There's a limit to resolving power that typically gets worse with age. It's a 
primary reason why complaints are ever made about tiny fonts accompanying 
increased pixel density.


Another factor has to do with screen size and distance, not necessarily 
caused by deterioration, but because of eyes never that good to begin with, 
and corrective lenses that do a better job at particular focal lengths. Too 
close and pixels can become apparent and bothersome. More distance can work 
better.


IOW:

1-Don't knock it if you haven't tried it. By this I don't mean tried only on 
Debian installations either. The default framebuffer font of Debian and its 
derivatives is very commonly different from non-Debian distros, represented 
by the spindly ugly thing used by Ubuntu. Without Plymouth, one can typically 
see the initial font during post is much bolder, changing somewhere along the 
way to the desktop or login prompt to a much lighter stroked variety. If all 
you've ever seen is the lightweight, try a (Debian) Knoppix CD or DVD and 
you'll see what Fedora and openSUSE users see by default (TerminusBold?) on 
their framebuffers, a font that's nicely bold and forgiving of non-optimal 
screen resolution.


2-Don't expect just because you decide it's not for you that it can't be for 
anyone else.


3-Lowered resolution for the framebuffers does not necessarily dictate 
resolution for Xorg. For the past couple of years or so, if using the Intel 
Xorg driver, Xorg will default to the cmdline video= directive, in contrast 
to nouveau and radeon sticking to native by default, but this can be overcome 
via xrandr or xorg.con* or the DE. I normally configure them differently, 
native for Xorg, reduced for framebuffer.


4-I'm not suggesting font reconfiguration can't be appropriate, only that 
there may be an easier way that is quite suitable, particularly for a machine 
that is shared among people with diverse visual acuity.

--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: [OT-Mint] Re: problema con acentos

[Sebastián]

El 08/09/16 a las 12:57, Camaleón escribió:

[...]


En Debian he encontrado un bug que se podría aplicar a tu caso y es que
ese archivo se corrompe, de ahí que no se almacenen los valores/ajustes
que hagas en el entorno gráfico, en este caso con el teclado.

[dconf-tools] File: ~/.config/dconf/user becomes corrupted and breaks
account
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692991


... y por consiguiente no habría equivocado la lista entonces ;)

Mil gracias,

--
Seb

Re: [OT-Mint] Re: problema con acentos

[Camaleón]

El Thu, 08 Sep 2016 12:37:05 -0300, Sebastián escribió:

> El 08/09/16 a las 11:20, Camaleón escribió:
>> Lista de Debian, todo sea dicho... ;-)
> 
> Ninguna respuesta en Linux Mint ;)
> https://forums.linuxmint.com/viewtopic.php?
f=236=229000=206ce2c93e7b30403507647a95558834

Eso no te exime del "delito" :-)

>>> Es un Linux Mint, una Debian Edition, usa Mate como gestor de
>>> ventanas,
>>> fork de Gnome2 hasta donde recuerdo.
>> Bueno, en GNOME2 eso se controlaba desde la configuración del teclado
>> (menú → preferencias → teclado) además de comprobar que el tipo de
>> teclado sea el correcto y las opciones para el tipo de mapa de teclado
>> seleccionado estén bien. TAmbién puedes probar con otros mapas como la
>> variante internacional o el español (España).
> 
> Todo eso chequeado innumerable cantidad de veces.

(...)

> Creé un usuario nuevo, logueé con él y todo funciona. Así que busqué la
> palabra "keyboard" en modo recursivo en el perfil de este nuevo usuario
> y encontré un archivo binario que parecía guardar configuración al
> respecto: /home/miusuario/.config/dconf/user
> 
> Reemplacé el archivo en mi perfil y todo funciona de maravillas
> nuevamente :)

(...)

En Debian he encontrado un bug que se podría aplicar a tu caso y es que 
ese archivo se corrompe, de ahí que no se almacenen los valores/ajustes 
que hagas en el entorno gráfico, en este caso con el teclado.

[dconf-tools] File: ~/.config/dconf/user becomes corrupted and breaks 
account
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692991

Saludos,

-- 
Camaleón

Re: [OT-Mint] Re: problema con acentos

[Sebastián]

El 08/09/16 a las 11:20, Camaleón escribió:

Lista de Debian, todo sea dicho... ;-)


Ninguna respuesta en Linux Mint ;)
https://forums.linuxmint.com/viewtopic.php?f=236=229000=206ce2c93e7b30403507647a95558834


Es un Linux Mint, una Debian Edition, usa Mate como gestor de ventanas,
fork de Gnome2 hasta donde recuerdo.

Bueno, en GNOME2 eso se controlaba desde la configuración del teclado
(menú → preferencias → teclado) además de comprobar que el tipo de
teclado sea el correcto y las opciones para el tipo de mapa de teclado
seleccionado estén bien. TAmbién puedes probar con otros mapas como la
variante internacional o el español (España).


Todo eso chequeado innumerable cantidad de veces.

Debo haber tocado algo de la configuración en modo brain hybernate, 
acabo de solucionarlo de forma pragmática pero sin terminar de entender 
el motivo.


Creé un usuario nuevo, logueé con él y todo funciona. Así que busqué la 
palabra "keyboard" en modo recursivo en el perfil de este nuevo usuario 
y encontré un archivo binario que parecía guardar configuración al 
respecto: /home/miusuario/.config/dconf/user


Reemplacé el archivo en mi perfil y todo funciona de maravillas 
nuevamente :)


Lamentablemente no guardé copia del original porque hubiera sido 
interesante descifrar dónde estaba la diferencia en la configuración, 
pero no era ninguno de los parámetros referidos a idioma o distribución 
del teclado, tal vez sí que tuviera que ver con teclas muertas, que son 
las que esperan que se presione una tecla específica para combinar 
caracteres. Pero no puedo confirmarlo.


Gracias por sus aportes,

--
Seb

Re: [resolved] FireFox broken,

[Mark Allums]

No, I have installed Flash, and I keep it up to date.  My problem
is not YouTube, that was just an example.  I get error messages
telling me that the web sites are not secure, coincidentally after
updating crypto packages and Firefox.  I don't believe that YouTube
is insecure, hence the problem.  Not sending money through PayPal
could be a crypto problem, too.

Mark Allums


Maybe this is related to libns3 that someone mention, but we have to
get it from unstable? On wheezy, how?

Thanks.

Cheers, Gene Heskett


Installing libnss3 from sid/unstable solved the problem of web sites
unavailable with a security-related error message for me.

Enable Jessie, stretch, and/or Sid on your system by putting the
appropriate line in your /etc/apt/sources.list, such as:

deb http://ftp.us.debian.org/debian/ sid main non-free contrib

and do apt-get update

(Remove the line -- or comment it out -- after you are satisfied you
are done.  Otherwise, all your updates will come from Sid--probably
not what you want.)

Mark Allums


That doesn't float unforch:

Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libdbus-1-3 : Breaks: dbus (< 1.9.16-1~) but 1.6.8-1+deb7u6 is to be
installed
 libfontconfig1 : Breaks: xpdf (<= 3.03-11) but 3.03-10 is to be
installed
 libglib2.0-0 : Breaks: glib-networking (< 2.33.12) but 2.32.3-1 is to be
installed
E: Error, pkgProblemResolver::Resolve generated breaks, this may be
caused by held packages.

So I've now commented that line back out of /etc/apt/sources.list.


Your attempt ran into some requirements that are prerequisites for 
libnss3.  For instance, dbus needs to be a certain minimum version, and 
wheezy is too old.  You will have to install another browser (i suggest 
opera for linux.  google chrome is another option, unless you prefer a 
free software option.)


An alternative is to try upgrading to Jessie, and then trying to install 
libnss3.


Good luck

Mark Allums

Re: Flash para Linux...

[Guimarães Faria Corcete DUTRA , Leandro]

2016-09-08 12:16 GMT-03:00 Isaac Ferreira Filho :
> Péssima notícia.

A longo prazo, sim, porque perpetua um produto ruim e um conceito péssimo.


> Depois dar morte... virará um zumbi?

Certamente.  Mas a curto prazo, é uma ressurreição que resolve alguns
problemas imediatos.


-- 
skype:leandro.gfc.dutra?chat  Yahoo!: ymsgr:sendIM?lgcdutra
+55 (61) 3546 7191  gTalk: xmpp:leand...@jabber.org
+55 (61) 9302 2691ICQ/AIM: aim:GoIM?screenname=61287803
BRAZIL GMT−3  MSN: msnim:chat?contact=lean...@dutra.fastmail.fm

Re: Flash para Linux...

[Isaac Ferreira Filho]

Péssima notícia.

Depois dar morte... virará um zumbi?

-- 
Isaac Ferreira Filho
Key fingerprint = DA22 20DE 519D A32E 59A0  1158 678A 3A2C E577 1896
http://yzakius.eu
Jabber: isaacmob arroba riseup.net
@yzakius

Re: [resolved] FireFox broken,

[Gene Heskett]

On Thursday 08 September 2016 10:30:54 Mark Allums wrote:

> On 09/07/2016 05:23 PM, Gene Heskett wrote:
> > On Wednesday 07 September 2016 16:43:40 Mark Allums wrote:
> >> On 09/07/2016 03:01 PM, Gary Dale wrote:
> >>> On 07/09/16 03:03 PM, Mark Allums wrote:
>  On 09/07/2016 01:39 PM, Gene Heskett wrote:
> > Greetings all;
> >
> > Online business seems to have hit a roadblock.
> >
> > Is there anything I can change in the about:config that will
> > allow the "next" button to work on the https paypal pages?
> >
> > I have even tried it a couple time after restarting in the safe
> > mode, with all plugins disabled.  Dead in water, not a single
> > packet seems to be issued when, after entering the paypal
> > address of the recipient, I click on the Next button adjacent to
> > the right.
> >
> > FWIW, the old, hasn't ever been updated google chromium also
> > behaves the same, when I can get it to login, which is about 10%
> > of the time.  After rebooting, it will not login at all.
> >
> > Cheers, Gene Heskett
> 
>  Firefox is definitely broken.  I can't view YouTube videos or
>  visit many common web sites.  I get a security warning.  I blame
>  a crypto update for this, as well as a Firefox update.
> 
>  Mark Allums
> >>>
> >>> I think your problem is that Debian doesn't install a Flash viewer
> >>> by default. This leads to sites that check for such things to
> >>> report that your browser doesn't have one.  Read
> >>> http://www.pcworld.com/article/2993902/browsers/how-to-get-the-lat
> >>>es
> >>> t-version-of-flash-on-firefox-for-linux-after-adobes-abandonment.h
> >>>tml for how to get around this.
> >
> > In case everybody missed it, adobe is back to supporting linux, and
> > that notice included a link, but when I clicked on the link, it
> > offered me the 4 year old flash.  Since some movies do play, I
> > declined. ISTR the notice was on /. a day or so back.
> >
> >> No, I have installed Flash, and I keep it up to date.  My problem
> >> is not YouTube, that was just an example.  I get error messages
> >> telling me that the web sites are not secure, coincidentally after
> >> updating crypto packages and Firefox.  I don't believe that YouTube
> >> is insecure, hence the problem.  Not sending money through PayPal
> >> could be a crypto problem, too.
> >>
> >> Mark Allums
> >
> > Maybe this is related to libns3 that someone mention, but we have to
> > get it from unstable? On wheezy, how?
> >
> > Thanks.
> >
> > Cheers, Gene Heskett
>
> Installing libnss3 from sid/unstable solved the problem of web sites
> unavailable with a security-related error message for me.
>
> Enable Jessie, stretch, and/or Sid on your system by putting the
> appropriate line in your /etc/apt/sources.list, such as:
>
> deb http://ftp.us.debian.org/debian/ sid main non-free contrib
>
> and do apt-get update
>
> (Remove the line -- or comment it out -- after you are satisfied you
> are done.  Otherwise, all your updates will come from Sid--probably
> not what you want.)
>
> Mark Allums

That doesn't float unforch:

Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libdbus-1-3 : Breaks: dbus (< 1.9.16-1~) but 1.6.8-1+deb7u6 is to be 
installed
 libfontconfig1 : Breaks: xpdf (<= 3.03-11) but 3.03-10 is to be 
installed
 libglib2.0-0 : Breaks: glib-networking (< 2.33.12) but 2.32.3-1 is to be 
installed
E: Error, pkgProblemResolver::Resolve generated breaks, this may be 
caused by held packages.

So I've now commented that line back out of /etc/apt/sources.list.

Thank you for trying to help, Mark

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Problema teclat USB

[Marcos]

Bona tarda,

des de fa un temps que em trobo amb el següent problema amb el meu 
teclat

USB.  No és greu, però és empipador :)

Quan estic a la tty de login (sense X) no es troba actiu el teclat i no
puc escriure-hi.  No obstant, tant al GRUB com al prompt de la
contrassenya del xifrat de disc durant l'engegada sí funciona.  Si el
desconnecto i el torno a connectar funciona perfectament.  El mateix 
passa

amb el ratolí, després de fer login i carregar les X, aquest no funciona
fins que el trec i el torno a posar.

Alguna idea de per on començar a mirar?

El sistema és una Debian testing, actualitzada fa uns dies; però ja dic
que passa fa alguns mesos, però no he tingut temps de mirar-m'ho fins 
ara.


Gràcies!
--
Marcos

[resolved] FireFox broken,

[Mark Allums]

On 09/07/2016 05:23 PM, Gene Heskett wrote:

On Wednesday 07 September 2016 16:43:40 Mark Allums wrote:


On 09/07/2016 03:01 PM, Gary Dale wrote:

On 07/09/16 03:03 PM, Mark Allums wrote:

On 09/07/2016 01:39 PM, Gene Heskett wrote:

Greetings all;

Online business seems to have hit a roadblock.

Is there anything I can change in the about:config that will allow
the "next" button to work on the https paypal pages?

I have even tried it a couple time after restarting in the safe
mode, with all plugins disabled.  Dead in water, not a single
packet seems to be issued when, after entering the paypal address
of the recipient, I click on the Next button adjacent to the
right.

FWIW, the old, hasn't ever been updated google chromium also
behaves the same, when I can get it to login, which is about 10%
of the time.  After rebooting, it will not login at all.

Cheers, Gene Heskett


Firefox is definitely broken.  I can't view YouTube videos or visit
many common web sites.  I get a security warning.  I blame a crypto
update for this, as well as a Firefox update.

Mark Allums


I think your problem is that Debian doesn't install a Flash viewer
by default. This leads to sites that check for such things to report
that your browser doesn't have one.  Read
http://www.pcworld.com/article/2993902/browsers/how-to-get-the-lates
t-version-of-flash-on-firefox-for-linux-after-adobes-abandonment.html
for how to get around this.


In case everybody missed it, adobe is back to supporting linux, and that
notice included a link, but when I clicked on the link, it offered me
the 4 year old flash.  Since some movies do play, I declined. ISTR the
notice was on /. a day or so back.


No, I have installed Flash, and I keep it up to date.  My problem is
not YouTube, that was just an example.  I get error messages telling
me that the web sites are not secure, coincidentally after updating
crypto packages and Firefox.  I don't believe that YouTube is
insecure, hence the problem.  Not sending money through PayPal could
be a crypto problem, too.

Mark Allums


Maybe this is related to libns3 that someone mention, but we have to get
it from unstable? On wheezy, how?

Thanks.

Cheers, Gene Heskett



Installing libnss3 from sid/unstable solved the problem of web sites 
unavailable with a security-related error message for me.


Enable Jessie, stretch, and/or Sid on your system by putting the 
appropriate line in your /etc/apt/sources.list, such as:


deb http://ftp.us.debian.org/debian/ sid main non-free contrib

and do apt-get update

(Remove the line -- or comment it out -- after you are satisfied you are 
done.  Otherwise, all your updates will come from Sid--probably not what 
you want.)


Mark Allums

Hoge resolutie scherm

[Paul van der Vlis]

Hallo,

Een klant wil graag een desktop met groot scherm met hoge resolutie.
Bijvoorbeeld 2500x1600 of zelfs 3800x2160.

Hebben jullie hier actuele ervaring mee? Eerder waren de browsers een
probleem, maar daar zijn nu nieuwe versies van.

Of wellicht dat het met testing gaat?

Klant wil vooral browsen, LibreOffice, en PDF's bewerken.

Met vriendelijke groet,
Paul van der Vlis.


-- 
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/

Re: GNU

[Thomas Schmitt]

Hi,

(i maintain GNU xorriso but do not speak for GNU or FSF)

Cindy-Sue Causey wrote:
> their objection to some of Debian might be easily fixable

The Debian position is that one should help people to install on
hardware of which the manufacturer imposed unsurpassable obstacles
for pure FSF-compliant systems.

Classic is the wireless hardware which you need to connect to the
internet in order to get the bulk of Debian packages. If Debian does
not provide the free-as-in-beer software blobs to drive the hardware,
or if Linux would not offer opportunities to attach such a software
blob, then the laptops in question would be reserved to proprietary
OSes.

It is a matter of policy priorities. So it can only be settled if one
side gives in despite believing to be right - or if the need for
free-beer-only blobs vanishes.

(The model is "free as in free beer" versus "free as in free speech".
 The owner may at any time close the beer tap, but nobody is entitled
 to forbid the continuation of chatter.)


> if Debian became more stringent in order to get off GNU's
> gnaughty list page there

Not really likely, i'd say.
We will stay on the grey list and will have to feel bad conscience
when making use of Debian's offer to help installing non-free software.

Ubuntu is one step further towards the beer tap. It aims at the
mindset of M$ and iMac users. Things have to "just work".
For that goal they are accused to sell little pieces of their souls.
(Only SteamOS will get a place nearer to the infernal fire.)


> firmware-iwlwifi package [...] remembering feeling really guilty

It's forgiven, now that you confessed publicly.

I hereby confess to still use xv.


Have a nice day :)

Thomas

Re: Debian Jessie : regular console instead of a hi-res one!

[David Wright]

On Thu 08 Sep 2016 at 04:36:42 (-0400), Felix Miata wrote:
> Nicolas George composed on 2016-09-08 10:07 (UTC+0200):
> 
> >Felix Miata composed:
> 
> >>The simplest way is to direct KMS's framebuffer to use a lower resolution
> >>than the native hi-res one by including a video= parameter on the kernel
> >>cmdline. The lower the resolution, the larger the standard (usually 16x9)
> >>framebuffer font becomes. On a 1920x1200 display I typically use
> >>video=1440x900@60; on a 1920x1080, 1280x720@60; depending on size of display
> >>and actual resolutions it supports. Using video=1920x1080 on a 2560x1440
> >>display should produce a font 177% of the physical size of the one used
> >>natively.
> 
> >It may be ONE OF THE simplest ways, but it a very bad one: screen have a
> >native resolution, operating at a different one requires scaling: the
> >resulting text will be much less readable than with the better solution of
> >using a larger font.
> 
> Have you ever tried it? Default framebuffer fonts are quite
> adaptable to different resolutions, as they are generally produced
> with many more pix than typical GUI fonts. All that extra size
> enhances readability, compensating rather nicely for the loss in
> apparent resolution.

You can play with framebuffers and kernel drivers all you like.
What you cannot do is alter the layout of pixels on the screen.
If you don't use a resolution that matches those pixels exactly,
nothing you do can compensate. You are deluding yourself if you
think you can.

Now, I will apologise if you're still using a monochrome CRT. None
of the paragraph above applies in that case as the screen has a
uniform coating of phosphor. If you're still using a colour CRT,
then you get the worst of both worlds: the screen is pixelated
(you can see the dots or stripes with a handlens) but there's
no way of precisely lining up the grid of pixels from the video
card with the grid of holes in the shadow mask because the
mechanism linking them is analogue (shooting electrons through
a vacuum).

Terminal fonts are then designed to be displayed as a raster of
those pixels, rather than as a series of strokes coerced into
a raster of pixels. One might have a different opinion of the
clarity of any individual font displayed at different sizes.
One of the benefits of using setfont is that you can use a
different font for each size if you wish, and you can select
them on the fly according to circumstances: the type of work,
the ambient lighting etc. I use a much smaller font in bed
than outdoors, for example.

Another compromise that can be compensated for by having an
instant choice of fonts is their ability to handle unusual
glyphs in Unicode. Some of the clearest fonts are lacking in
coverage for obvious reasons.

Cheers,
David.

[OT-Mint] Re: problema con acentos

[Camaleón]

El Wed, 07 Sep 2016 12:26:05 -0300, Sebastián escribió:

> Hola lista,

Lista de Debian, todo sea dicho... ;-)

> Problema: no funcionan los acentos. Quiero tipear í y obtengo ´i
> 
> 
> Lo raro es que en consola los acentos aparecen perfectamente, asi que
> supongo que es todo problema del entorno grafico.
> 
> 
> El teclado esta configurado con distribucion latinoamericana y demas
> esta decir que todas las letras, numeros y simbolos estan perfectamente
> ubicados.
> 
> 
> Es un Linux Mint, una Debian Edition, usa Mate como gestor de ventanas,
> fork de Gnome2 hasta donde recuerdo.

Bueno, en GNOME2 eso se controlaba desde la configuración del teclado 
(menú → preferencias → teclado) además de comprobar que el tipo de 
teclado sea el correcto y las opciones para el tipo de mapa de teclado 
seleccionado estén bien. TAmbién puedes probar con otros mapas como la 
variante internacional o el español (España).

Saludos,

-- 
Camaleón

Re: [OT] consola de solaris

[Camaleón]

El Wed, 07 Sep 2016 15:08:48 -0300, Luis Enrique Araneda escribió:

> Amigos,
> mi memoria ha fallado...

¿Y Google no te la refresca? >:-)

> cuando ingreso por consola a un solaris 10, me muestra el prompt de la
> siguiente manera:
> 
> #
> prompt con el cual no me permite tabular para autocompletar comandos.
> 
> Basta con poner el comando bash para que el prompt sea más amigable:
> #bash bash-3.2#
> 
> Con esto, si me permite el tabulado, pero se que existe otro comando que
> me muestra el nombre de mi host eje:
> pepe#
> 
> Cual será?

Changing Your Command Prompt
http://docs.oracle.com/cd/E19253-01/806-7612/customize-36889/index.html

Saludos,

-- 
Camaleón

Re: [OT] Recuperar Datos de disco con Windows 10 y UEFI desde Linux.

[Camaleón]

El Wed, 07 Sep 2016 21:33:58 +0200, Ramses escribió:

> Me estoy peleando con un portátil con Windows 10 y UEFI, que no me
> arranca, para sacarle los Datos antes de cambiar disco o formatear.

Recuerda que siempre puedes sacar el disco, conectarlo a una caja USB y 
copiar los datos a otro lugar. O clonarlo con Clonezilla a otro disco del 
mismo tamaño. Lo digo porque a veces es mejor que no se cargue el sistema 
del disco dañado para que no dé guerra y puedas sacar los datos.

> He intentado arrancar con distintos discos LiveCD Windows XP y Windows 7
> que vienen en el Hiren Boot CD y no llegan a arrancar, se quedan en la
> pantalla de arranque de estos Windows...
> 
> He intentado arrancar con un disco de Windows 10 e ídem de lo mismo.
> 
> Estas pruebas las he hecho tanto activando el modo Legacy como en modo
> UEFI.
> 
> Hasta ahora sólo he podido arrancar con un LiveCD de GParted y, a duras
> penas, parece que detecta el disco y reconoce las "tropecientas"
> particiones que trae el disco.
> 
> Como quiero que el dueño del equipo se siente y saque todos sus datos,
> para evitar que a mi se me pase sacar alguno de alguna ubicación, he
> pensado arrancar con algún entorno Linux que monte todas las particiones
> y mediante el Explorador de Ficheros el usuario vaya sacando los datos a
> un PEN.
> 
> ¿Creen que sería una buena opción arrancar con un LiveCD de Puppy Linux?

Sí, cualquiera te valdrá. Yo suelo tener siempre un CD con SystemRescueCD 
para esas cosas.

> ¿Montaría todas las particiones del "tirón"?

Depende de lo dañada que estén pero sí, al menos si las detecta las 
intentará montar.
 
> ¿Creen que hay alguna alternativa mejor a la de Puppy?

Si sólo quieres montar las particiones sin realizar ninguna otra tarea de 
rescate/recuperación, cualquier livecd te vale.

Saludos,

-- 
Camaleón

Re: acerca de java

[Camaleón]

El Wed, 07 Sep 2016 17:00:32 -0400, merlinverdecia escribió:

> Buenas,
> al descargar java 1.8 

Hum... ¿qué versión y de dónde lo has descargado, exactamente?

> obtuve una carpeta que no tiene el instalador por
> ninguna parte, pero tiene los binarios y todo lo necesario para que esta
> versión de java corra. ¿Cómo hago para que debian me reconozca esta
> versión nueva de java y no el openjdk que tiene actualmente instalado?

Si ya lo has instalado, para elegir la versión predeterminada usa "update-
alternatives --config java" y apunta a la que prefieras.

Saludos,

-- 
Camaleón

Re: [OT] Errores 400 en Squid3

[Camaleón]

El Thu, 08 Sep 2016 09:33:02 +0200, Laura Marzà Porcar escribió:

> Buenos días,
> Monte un squid/3.4.8 en una Debian Jessie, en general funciona
> correctamente, pero hay algo que se me escapa, ya que en algunas páginas
> me dice "Bad Request", creo que están todos relacionados con el mismo
> problema y con algo referente a seguridad, por el tipo de contenido de
> las paginas que me dan errores.
> 
> en ocasiones el error es:
> 
> "Your browser sent a request that this server could not understand.
> Request header field is missing ':' separator."
> 
> p.e.:
> http://www.sri.gob.ec/
> TCP_MISS/400 747 GET http://www.sri.gob.ec/ lmarza
> HIER_DIRECT/201.234.223.197 text/html

Este error podría no tener relación con el otro, más que nada por el 
"TCP_MISS/400" que se corresponde con el mensaje que recibes en el 
navegador. Podría ser un problema con el servidor remoto, que tenga 
alguna configuración concreta de cookies que no sabe gestionar squid y 
registra ese hecho pero si la página carga bien y se puede acceder al 
sitio, no le daría importancia. 

> En otras:
> 
> "Bad Request - Invalid Header
> 
> HTTP Error 400. The request has an invalid header name."
> 
> Cuando me aparece este tipo de error, busco a donde lleva la pagina y
> accedo directamente al https (en el ejemplo se ve mejor lo que quiero
> decir)

(...)

Normalmente los proxys no cachean el tráfico cifrado y squid no es una 
excepción. Asegúrate de que lo tienes bien configurado para esa 
configuración y si además se trata de un proxy transparente (los clientes 
no saben que salen a través de proxy) tendrás que hacer pasos adicionales 
(instalación de paquetes de certificados, redirecciones de iptables...).

> He leído muchos posts de gente, pero no he conseguido localizar una
> solución que me valga, algunos datos que creo que puedan interesar:
> 
> Debian:
> #lsb_release -a No LSB modules are available.
> Distributor ID: Debian Description:Debian GNU/Linux 8.4 (jessie)
> Release:8.4 Codename:   jessie
> 
> Apache (lei algo relacionado con este problema sobre apache y los
> certificados, pero yo no tengo paginas alojadas en mi servidor)
> # apache2ctl -v Server version: Apache/2.4.10 (Debian)
> Server built:   Jul 20 2016 07:07:13

Supongo que lo que dicen esos artículos es que necesitas los paquetes y 
bibliotecas de certificados si quieres que Squid gestione tráfico cifrado.

Saludos,

-- 
Camaleón

Re: Squid3 y Dominios https

[Matias Mucciolo]

claro si denegas el dominio con un acl
deberia bloquearlo el squid ya sea http o 
https(si es que el https pasa por el squid).

ejemplo del log que deberias encontrar:

TCP_DENIED/403 1454 CONNECT webmessenger.msn.com:443 - NONE/- text/html

ese dominio(que ya no existe mas en si) lo tengo bloqueado en una acl.

saludos


-- 

Matias Mucciolo

Area de Infraestructura.
Piedras 737 C.A.B.A 
SUTEBA 

On Thursday 08 September 2016 08:55:12 Oswaldo Franco wrote:
> No lo tengo transparente por ese mismo caso.
> Osea mientras no deniego el dominio de la página https siempre podrán
> acceder a ella?
> Porque si la deniego no pueden abrirla.
> 
> 
> 
> 
> El 8 de septiembre de 2016, 8:48, Matias Mucciolo 
> escribió:
> 
> >
> > No hay problema
> > creo que lo que esta pasando(o me imagino)
> > es que el https sale directamente sin pasar
> > por el proxy por eso no lo filtra.
> >
> > no se si usas un proxy trasparente pero
> > https no funciona con proxy transparete,
> >
> > suerte
> >
> >
> > --
> >
> > Matias Mucciolo
> >
> > Area de Infraestructura.
> > Piedras 737 C.A.B.A
> > SUTEBA
> >
> > On Thursday 08 September 2016 08:43:13 Oswaldo Franco wrote:
> > > Gracias por tu recomendación Matias Mucciolo, pero tengo configurado un
> > > firewall sencillo con Firestarter y los servicios de DHCP y DNS en
> > Windows.
> > > Estoy migrando poco a poco los servicios
> > >
> > >
> > >
> > >
> > > El 8 de septiembre de 2016, 8:13, Matias Mucciolo <
> > mmucci...@suteba.org.ar>
> > > escribió:
> > >
> > > >
> > > > Buenas
> > > >
> > > > lo que yo haría en este caso
> > > > es bloquear el puerto 443 en el firewall
> > > > y configurar el proxy en cada maquina.
> > > > Tambien te recomiendo el "auto-detect proxy"(wpad)
> > > >
> > > > saludos
> > > >
> > > >
> > > > --
> > > >
> > > > Matias Mucciolo
> > > >
> > > > Area de Infraestructura.
> > > > Piedras 737 C.A.B.A
> > > > SUTEBA
> > > >
> > > > On Thursday 08 September 2016 07:33:22 Oswaldo Franco wrote:
> > > > > Hola listeros, saludos.
> > > > >
> > > > > Utilizo squid3 (3.1.6-1.2+squeeze3) en una máquina con Debian
> > GNU/Linux
> > > > > 6.0.8 (squeeze).
> > > > >
> > > > > Tengo el squid configurado para bloquear TODO y permitir lo que le
> > diga
> > > > > mediante las ACL. Pero los dominios con https se pueden abrir
> > > > normalmente a
> > > > > menos que las deniegue específicamente.
> > > > >
> > > > > Quiero saber si podrían darme una ayuda para que esto no suceda.
> > > > >
> > > > > Qué es lo que quiero, que deniegue todo (inclyendo https) y yo poder
> > > > > permitir mediante ACL's los dominios que desee.
> > > > >
> > > > > Gracias de antemano.
> > > > >
> > > > >
> > > > > --
> > > > > OSWALDO FRANCO
> > > > > Cumaná, Sucre -Venezuela
> > > > > GNU/Linux User # 508524
> > > >
> > >
> > >
> > >
> > > --
> > > OSWALDO FRANCO
> > > Cumaná, Sucre -Venezuela
> > > GNU/Linux User # 508524
> > >
> > >
> > >
> > > Enviado con Mailtrack
> > >  > referral=franco.oswa...@gmail.com=23>
> >
> 
> 
> 
> -- 
> OSWALDO FRANCO
> Cumaná, Sucre -Venezuela
> GNU/Linux User # 508524

Re: Debian Stretch/Sid : bug dans gnome-control-center

[Jean-Marc]

Thu, 8 Sep 2016 07:55:39 +0200
Jean-Marc  écrivait :

> salut la liste,
> 
> Hier, après sa mise à jour, gnome-control-center ne parvient plus à obtenir 
> les infos sur mon écran.
> 
> Donc, quand on le démarre et qu'on choisit l'option "Displays", on a un écran 
> gris aves le message "Impossible d'obtenir les informations concernant 
> l'écran".
> 
> Cf. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836972
> 
> Merci de me dire si le phénomène est identique chez vous.

Le problème est résolu.
Il venait d'un soucis de dépendance manquante entre g-c-c et mutter.
Les deux doivent être en 3.21.

mutter 3.21 vient de migrer vers testing.

Pour résoudre le bug tout de suite, il suffit d'installer mutter depuis 
unstable.

> 
> Jean-Marc 


Jean-Marc 


pgprzN74i2yTB.pgp
Description: PGP signature

Re: GNU (was Re: Decentralized reliable instant messaging?)

[Cindy-Sue Causey]

On 9/8/16, Thomas Schmitt  wrote:
>
> If GNU can get people into using GNU software without giving up its
> core values, then it normally does.
> E.g. there is absolutely no ban on offering GNU software for proprietary
> OSes.
>
> The FSF does not force GNU programs to fully follow the political goals
> of FSF. The programs shall, however, not work against those goals.
>   https://www.gnu.org/help/evaluation.html
>
> Distributing, advising, or easing installation of non-free software
> is considered to be against the goals. On the other hand if GNU was
> still waiting for The Hurd to become a usable kernel, then we all would
> sit at M$ PCs and iMac polycarbonate sculptures.
> So the FSF as a compromise promotes GNU/Linuxes which are a bit more
> dogmatic than Debian:
>   https://www.gnu.org/distros/free-distros.en.html
>
> The criticism against Debian is in
>   https://www.gnu.org/distros/common-distros.en.html
> Nevertheless there are several Debian people active in GNU packages.
>
> General reasoning for FSF positions is collected in
>   https://www.gnu.org/philosophy/philosophy.html


THANK YOU! Good, quick, cognitively friendly read. Nice to be able to
note the other recognizable, popular distros likewise highlighted by
GNU.

Am surely showing my ignorance by saying this, but the appearance is
their objection to some of Debian might be easily fixable. Maybe.
It taking additional monies, related resources to maintain comes first
to mind.

? :)

A potential user objection I was reading into in the last couple days
here.. Things could be "worse" to that end (depending on one's
viewpoint) if Debian became more stringent in order to get off GNU's
gnaughty list page there.

This is timely since I'm now battling both wifi and Bluetooth so I
just minutes ago tripped over the firmware-iwlwifi package in the
process. It's readily available in spite of my one-liner
/etc/apt/sources.list file.

That's compared to my remembering feeling really guilty installing the
same when I still had to track it down for a fully manual install
outside of a larger, much busier sources.list file a couple years ago.
Maybe that wasn't for Debian, though, or maybe I'm forgetting some
minor, very important detail from then. *grin*

Cindy :)

-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with plastic sporks *

libnss3, currently in testing

[Gene Heskett]

Greetings all;

Has anyone an idea of a schedule of when that will put this security 
update into the wheezy repo's?

I believe this is why I cannot use the paypal account I just opened.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Decentralized reliable instant messaging?

[Byung-Hee HWANG (황병희)]

Hellow Darac!

Darac Marjal  께서 쓰시길,
 《記事 全文 <20160908114300.k4ss4l63okr62...@darac.org.uk> 에서》:

> [...snip long lines...]
> This is where Debian differs from the "ideals" of the Free Software
> Foundation. (...)

So i prefer Debian to FSF, thanks!

-- 
^고맙습니다 _地平天成_ 감사합니다_^))//

GNU (was Re: Decentralized reliable instant messaging?)

[Thomas Schmitt]

Hi,

Darac Marjal wrote:
> I'm surprised that Grub (A GNU program) deigns to load Windows :)

If GNU can get people into using GNU software without giving up its
core values, then it normally does.
E.g. there is absolutely no ban on offering GNU software for proprietary
OSes.

The FSF does not force GNU programs to fully follow the political goals
of FSF. The programs shall, however, not work against those goals.
  https://www.gnu.org/help/evaluation.html

Distributing, advising, or easing installation of non-free software
is considered to be against the goals. On the other hand if GNU was
still waiting for The Hurd to become a usable kernel, then we all would
sit at M$ PCs and iMac polycarbonate sculptures.
So the FSF as a compromise promotes GNU/Linuxes which are a bit more
dogmatic than Debian:
  https://www.gnu.org/distros/free-distros.en.html

The criticism against Debian is in
  https://www.gnu.org/distros/common-distros.en.html
Nevertheless there are several Debian people active in GNU packages.

General reasoning for FSF positions is collected in
  https://www.gnu.org/philosophy/philosophy.html


Have a nice day :)

Thomas

Re: Squid3 y Dominios https

[Oswaldo Franco]

No lo tengo transparente por ese mismo caso.
Osea mientras no deniego el dominio de la página https siempre podrán
acceder a ella?
Porque si la deniego no pueden abrirla.




El 8 de septiembre de 2016, 8:48, Matias Mucciolo 
escribió:

>
> No hay problema
> creo que lo que esta pasando(o me imagino)
> es que el https sale directamente sin pasar
> por el proxy por eso no lo filtra.
>
> no se si usas un proxy trasparente pero
> https no funciona con proxy transparete,
>
> suerte
>
>
> --
>
> Matias Mucciolo
>
> Area de Infraestructura.
> Piedras 737 C.A.B.A
> SUTEBA
>
> On Thursday 08 September 2016 08:43:13 Oswaldo Franco wrote:
> > Gracias por tu recomendación Matias Mucciolo, pero tengo configurado un
> > firewall sencillo con Firestarter y los servicios de DHCP y DNS en
> Windows.
> > Estoy migrando poco a poco los servicios
> >
> >
> >
> >
> > El 8 de septiembre de 2016, 8:13, Matias Mucciolo <
> mmucci...@suteba.org.ar>
> > escribió:
> >
> > >
> > > Buenas
> > >
> > > lo que yo haría en este caso
> > > es bloquear el puerto 443 en el firewall
> > > y configurar el proxy en cada maquina.
> > > Tambien te recomiendo el "auto-detect proxy"(wpad)
> > >
> > > saludos
> > >
> > >
> > > --
> > >
> > > Matias Mucciolo
> > >
> > > Area de Infraestructura.
> > > Piedras 737 C.A.B.A
> > > SUTEBA
> > >
> > > On Thursday 08 September 2016 07:33:22 Oswaldo Franco wrote:
> > > > Hola listeros, saludos.
> > > >
> > > > Utilizo squid3 (3.1.6-1.2+squeeze3) en una máquina con Debian
> GNU/Linux
> > > > 6.0.8 (squeeze).
> > > >
> > > > Tengo el squid configurado para bloquear TODO y permitir lo que le
> diga
> > > > mediante las ACL. Pero los dominios con https se pueden abrir
> > > normalmente a
> > > > menos que las deniegue específicamente.
> > > >
> > > > Quiero saber si podrían darme una ayuda para que esto no suceda.
> > > >
> > > > Qué es lo que quiero, que deniegue todo (inclyendo https) y yo poder
> > > > permitir mediante ACL's los dominios que desee.
> > > >
> > > > Gracias de antemano.
> > > >
> > > >
> > > > --
> > > > OSWALDO FRANCO
> > > > Cumaná, Sucre -Venezuela
> > > > GNU/Linux User # 508524
> > >
> >
> >
> >
> > --
> > OSWALDO FRANCO
> > Cumaná, Sucre -Venezuela
> > GNU/Linux User # 508524
> >
> >
> >
> > Enviado con Mailtrack
> >  referral=franco.oswa...@gmail.com=23>
>



-- 
OSWALDO FRANCO
Cumaná, Sucre -Venezuela
GNU/Linux User # 508524

Re: Flash para Linux...

[Sinval Júnior]

Flash já morreu!

Tirando os governos que exploram as 1000 flash de segurança e os sites de
publicidade. Não conheço mais nenhum site grande que faça uso deste
tecnologia.

Ao encaminhar esta mensagem, por favor:
1 - Apague meu endereço eletrônico;
2 - Encaminhe como Cópia Oculta (Cco ou BCc) aos seus destinatários.
Dificulte assim a disseminação de vírus, spams e banners.

#=+
#!/usr/bin/env python
nome = 'Sinval Júnior'
email = 'sinvalju arroba gmail ponto com'
print nome
print email
#==+

Em 8 de setembro de 2016 09:49, carne_de_passaro 
escreveu:

> Então na verdade temos uma notícia boa e uma ruim: A boa é que o
> OpenOffice morreu e os esforços poderão ser concentrado no LibreOffice; a
> ruim é que o flash não vai morrer tão cedo...
>
> Em 8 de setembro de 2016 09:39, Nélio Macedo 
> escreveu:
>
>> Olá! Bom dia
>>
>> Depois da má notícia acerca do projeto OpenOffice, recebi a notícia que a
>> ADOBE voltou com o flash para linux Show...
>>
>> Eis o link:
>>
>> http://www.edivaldobrito.com.br/flash-para-linux-como-instal
>> ar/?utm_source=feedburner_medium=email_campaign=
>> Feed%3A+edivaldobrito+%28Blog+do+Edivaldo%29
>>
>> Boa leitura!
>>
>> Nélio Macedo
>> Usuário comum UBUNTU.
>>
>
>

Re: Flash para Linux...

[Rodolfo]

Voltar com o Flash é um retrocesso, quem usou o flash sabe que era muito
chato ficar atualizando semanalmente o plugin nos browsers.

Em 8 de setembro de 2016 08:52, Sinval Júnior  escreveu:

> Pra que Flash? Estamos na era do HTML5  nem o YouTube usa mais. Casa você
> realmente necessite utilizar algo em Flash, pode usar o PepperFlash que vem
> no Chrome.
>
> Ao encaminhar esta mensagem, por favor:
> 1 - Apague meu endereço eletrônico;
> 2 - Encaminhe como Cópia Oculta (Cco ou BCc) aos seus destinatários.
> Dificulte assim a disseminação de vírus, spams e banners.
>
> #=+
> #!/usr/bin/env python
> nome = 'Sinval Júnior'
> email = 'sinvalju arroba gmail ponto com'
> print nome
> print email
> #==+
>
> Em 8 de setembro de 2016 09:39, Nélio Macedo 
> escreveu:
>
>> Olá! Bom dia
>>
>> Depois da má notícia acerca do projeto OpenOffice, recebi a notícia que a
>> ADOBE voltou com o flash para linux Show...
>>
>> Eis o link:
>>
>> http://www.edivaldobrito.com.br/flash-para-linux-como-instal
>> ar/?utm_source=feedburner_medium=email_campaign=
>> Feed%3A+edivaldobrito+%28Blog+do+Edivaldo%29
>>
>> Boa leitura!
>>
>> Nélio Macedo
>> Usuário comum UBUNTU.
>>
>
>

Re: Flash para Linux...

[Sinval Júnior]

Pra que Flash? Estamos na era do HTML5  nem o YouTube usa mais. Casa você
realmente necessite utilizar algo em Flash, pode usar o PepperFlash que vem
no Chrome.

Ao encaminhar esta mensagem, por favor:
1 - Apague meu endereço eletrônico;
2 - Encaminhe como Cópia Oculta (Cco ou BCc) aos seus destinatários.
Dificulte assim a disseminação de vírus, spams e banners.

#=+
#!/usr/bin/env python
nome = 'Sinval Júnior'
email = 'sinvalju arroba gmail ponto com'
print nome
print email
#==+

Em 8 de setembro de 2016 09:39, Nélio Macedo 
escreveu:

> Olá! Bom dia
>
> Depois da má notícia acerca do projeto OpenOffice, recebi a notícia que a
> ADOBE voltou com o flash para linux Show...
>
> Eis o link:
>
> http://www.edivaldobrito.com.br/flash-para-linux-como-
> instalar/?utm_source=feedburner_medium=email_campaign=Feed%3A+
> edivaldobrito+%28Blog+do+Edivaldo%29
>
> Boa leitura!
>
> Nélio Macedo
> Usuário comum UBUNTU.
>

Re: Flash para Linux...

[carne_de_passaro]

Então na verdade temos uma notícia boa e uma ruim: A boa é que o OpenOffice
morreu e os esforços poderão ser concentrado no LibreOffice; a ruim é que o
flash não vai morrer tão cedo...

Em 8 de setembro de 2016 09:39, Nélio Macedo 
escreveu:

> Olá! Bom dia
>
> Depois da má notícia acerca do projeto OpenOffice, recebi a notícia que a
> ADOBE voltou com o flash para linux Show...
>
> Eis o link:
>
> http://www.edivaldobrito.com.br/flash-para-linux-como-
> instalar/?utm_source=feedburner_medium=email_campaign=Feed%3A+
> edivaldobrito+%28Blog+do+Edivaldo%29
>
> Boa leitura!
>
> Nélio Macedo
> Usuário comum UBUNTU.
>

Re: Squid3 y Dominios https

[Matias Mucciolo]

No hay problema
creo que lo que esta pasando(o me imagino)
es que el https sale directamente sin pasar
por el proxy por eso no lo filtra.

no se si usas un proxy trasparente pero
https no funciona con proxy transparete,

suerte


-- 

Matias Mucciolo

Area de Infraestructura.
Piedras 737 C.A.B.A 
SUTEBA 

On Thursday 08 September 2016 08:43:13 Oswaldo Franco wrote:
> Gracias por tu recomendación Matias Mucciolo, pero tengo configurado un
> firewall sencillo con Firestarter y los servicios de DHCP y DNS en Windows.
> Estoy migrando poco a poco los servicios
> 
> 
> 
> 
> El 8 de septiembre de 2016, 8:13, Matias Mucciolo 
> escribió:
> 
> >
> > Buenas
> >
> > lo que yo haría en este caso
> > es bloquear el puerto 443 en el firewall
> > y configurar el proxy en cada maquina.
> > Tambien te recomiendo el "auto-detect proxy"(wpad)
> >
> > saludos
> >
> >
> > --
> >
> > Matias Mucciolo
> >
> > Area de Infraestructura.
> > Piedras 737 C.A.B.A
> > SUTEBA
> >
> > On Thursday 08 September 2016 07:33:22 Oswaldo Franco wrote:
> > > Hola listeros, saludos.
> > >
> > > Utilizo squid3 (3.1.6-1.2+squeeze3) en una máquina con Debian GNU/Linux
> > > 6.0.8 (squeeze).
> > >
> > > Tengo el squid configurado para bloquear TODO y permitir lo que le diga
> > > mediante las ACL. Pero los dominios con https se pueden abrir
> > normalmente a
> > > menos que las deniegue específicamente.
> > >
> > > Quiero saber si podrían darme una ayuda para que esto no suceda.
> > >
> > > Qué es lo que quiero, que deniegue todo (inclyendo https) y yo poder
> > > permitir mediante ACL's los dominios que desee.
> > >
> > > Gracias de antemano.
> > >
> > >
> > > --
> > > OSWALDO FRANCO
> > > Cumaná, Sucre -Venezuela
> > > GNU/Linux User # 508524
> >
> 
> 
> 
> -- 
> OSWALDO FRANCO
> Cumaná, Sucre -Venezuela
> GNU/Linux User # 508524
> 
> 
> 
> Enviado con Mailtrack
> 

Re: Squid3 y Dominios https

[Oswaldo Franco]

Gracias por tu recomendación Matias Mucciolo, pero tengo configurado un
firewall sencillo con Firestarter y los servicios de DHCP y DNS en Windows.
Estoy migrando poco a poco los servicios




El 8 de septiembre de 2016, 8:13, Matias Mucciolo 
escribió:

>
> Buenas
>
> lo que yo haría en este caso
> es bloquear el puerto 443 en el firewall
> y configurar el proxy en cada maquina.
> Tambien te recomiendo el "auto-detect proxy"(wpad)
>
> saludos
>
>
> --
>
> Matias Mucciolo
>
> Area de Infraestructura.
> Piedras 737 C.A.B.A
> SUTEBA
>
> On Thursday 08 September 2016 07:33:22 Oswaldo Franco wrote:
> > Hola listeros, saludos.
> >
> > Utilizo squid3 (3.1.6-1.2+squeeze3) en una máquina con Debian GNU/Linux
> > 6.0.8 (squeeze).
> >
> > Tengo el squid configurado para bloquear TODO y permitir lo que le diga
> > mediante las ACL. Pero los dominios con https se pueden abrir
> normalmente a
> > menos que las deniegue específicamente.
> >
> > Quiero saber si podrían darme una ayuda para que esto no suceda.
> >
> > Qué es lo que quiero, que deniegue todo (inclyendo https) y yo poder
> > permitir mediante ACL's los dominios que desee.
> >
> > Gracias de antemano.
> >
> >
> > --
> > OSWALDO FRANCO
> > Cumaná, Sucre -Venezuela
> > GNU/Linux User # 508524
>



-- 
OSWALDO FRANCO
Cumaná, Sucre -Venezuela
GNU/Linux User # 508524



Enviado con Mailtrack

Flash para Linux...

[Nélio Macedo]

Olá! Bom dia

Depois da má notícia acerca do projeto OpenOffice, recebi a notícia que a
ADOBE voltou com o flash para linux Show...

Eis o link:

http://www.edivaldobrito.com.br/flash-para-linux-como-instalar/?utm_source=feedburner_medium=email_campaign=Feed%3A+edivaldobrito+%28Blog+do+Edivaldo%29

Boa leitura!

Nélio Macedo
Usuário comum UBUNTU.

Re: Squid3 y Dominios https

[Matias Mucciolo]

Buenas

lo que yo haría en este caso
es bloquear el puerto 443 en el firewall
y configurar el proxy en cada maquina.
Tambien te recomiendo el "auto-detect proxy"(wpad)

saludos


-- 

Matias Mucciolo

Area de Infraestructura.
Piedras 737 C.A.B.A 
SUTEBA 

On Thursday 08 September 2016 07:33:22 Oswaldo Franco wrote:
> Hola listeros, saludos.
> 
> Utilizo squid3 (3.1.6-1.2+squeeze3) en una máquina con Debian GNU/Linux
> 6.0.8 (squeeze).
> 
> Tengo el squid configurado para bloquear TODO y permitir lo que le diga
> mediante las ACL. Pero los dominios con https se pueden abrir normalmente a
> menos que las deniegue específicamente.
> 
> Quiero saber si podrían darme una ayuda para que esto no suceda.
> 
> Qué es lo que quiero, que deniegue todo (inclyendo https) y yo poder
> permitir mediante ACL's los dominios que desee.
> 
> Gracias de antemano.
> 
> 
> -- 
> OSWALDO FRANCO
> Cumaná, Sucre -Venezuela
> GNU/Linux User # 508524

Re: Squid3 y Dominios https

[Oswaldo Franco]

# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

##
 MODIFICACIONES PERSONALES
###
##
acl milan src IP_DE_MI_RED/MASK
acl gmail dstdomain "/etc/squid3/listas/gmail.acl"
acl googleearth dstdomain "/etc/squid3/listas/googleearth.acl"
acl redessoc dstdomain "/etc/squid3/listas/redessoc.acl"
acl listablanca dstdomain "/etc/squid3/listas/listablanca.acl"
acl dropbox dstdomain "/etc/squid3/listas/dropbox.acl"
acl urlmercadolibre dstdomain "/etc/squid3/listas/mercadolibre.acl"
acl urlsolicitadas dstdomain "/etc/squid3/listas/urlsolicitadas.acl"
acl palabrasno url_regex -i "/etc/squid3/listas/palabrasno.acl"
acl ipsjefes src "/etc/squid3/listas/ipsjefes.acl"
acl ipstecnologia src "/etc/squid3/listas/ipstecnologia.acl"
acl yahoo dstdomain "/etc/squid3/listas/yahoo.acl"
acl ipsdropbox src "/etc/squid3/listas/ipsdropbox.acl"
acl gestired src "/etc/squid3/listas/gestired.acl"
acl dominiosno dstdomain "/etc/squid3/listas/dominiosno.acl"
acl twitter dstdomain "/etc/squid3/listas/twitter.acl"
acl youtube dstdomain .youtube.com
acl administrativo dstdomain .hidrocaribe.com.ve
acl amazon dstdomain .amazon.com
acl facebook dstdomain .facebook.com


##
 FIN MODIFICACIONES PERSONALES
###
##
acl SSL_ports port 443 21 56667
acl SSL_ports port 2083
acl SSL_ports port 21
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

http_access allow localhost
###
## MODIFICACIONES PERSONALES ##
###
http_access allow milan administrativo
http_access allow milan googleearth
http_access allow ipstecnologia youtube
http_access allow pcmante youtube
http_access allow ipstecnologia
http_access deny dominiosno
http_access allow pcpersonas twitter
http_access deny redessoc
http_access deny yahoo
http_access allow ipsjefes
http_access deny palabrasno
http_access allow milan listablanca
http_access allow milan gmail
http_access allow milan urlsolicitadas
http_access allow milan gestired
http_access allow ipsdropbox dropbox
http_access allow SSL_ports
http_access allow pcfrancisca yahoo


###
## FIN MODIFICACIONES PERSONALES ##
###
# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port IP_PC:PORT

sslproxy_cert_error allow all

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ? hotmail gmail yahoo
#hierarchy_stoplist cgi-bin ? cum codallos
cache_mem 256 MB
maximum_object_size_in_memory 10 MB
cache_replacement_policy heap LFUDA
cache_dir aufs /var/spool/squid3 4096 16 256
maximum_object_size 48 MB
cache_swap_low 90
cache_swap_high 95
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs % escribió:

> Hola Oswaldo, puedes pasar la configuración del squid para echarle un ojo?
> saludos
>
>
> De: Oswaldo Franco [mailto:franco.oswa...@gmail.com]
> Enviado el: jueves, 08 de septiembre de 2016 13:33
> Para: debian-user-spanish@lists.debian.org
> Asunto: Squid3 y Dominios https
>
> Hola listeros, saludos.
>
> Utilizo squid3 (3.1.6-1.2+squeeze3) en una máquina con Debian GNU/Linux
> 6.0.8 (squeeze).
>
> Tengo el squid configurado para bloquear TODO y permitir lo que le diga
> mediante las ACL. Pero los dominios con https se pueden abrir normalmente a
> menos que las deniegue específicamente.
>
> Quiero saber si podrían darme una ayuda para que esto no suceda.
>
> Qué es lo que quiero, que deniegue todo (inclyendo https) y yo poder
> permitir mediante ACL's los dominios que desee.
>
> Gracias de antemano.
>
>
>
> --
> OSWALDO FRANCO
> Cumaná, Sucre -Venezuela
> GNU/Linux User # 508524
>
>
>


-- 
OSWALDO FRANCO
Cumaná, Sucre -Venezuela

Re: Fim do OpenOffice?

[Rodolfo]

Se Charles Darwin explica, e se você está falando da Teoria do
Evolucionismo, então que você falou pode ou não ser normal, visto que a
Teoria do Evolucionismo não saiu do status de "Teoria", e continua até hoje.

Em 8 de setembro de 2016 07:38, Fred Maranhão 
escreveu:

> 2016-09-08 0:31 GMT-03:00 Rodrigo Cunha :
> > Srs. essa ideia de fim de um projeto opensource é quase impossivel, uma
> vez
> > que o código é livre, qualquer um pode reiniciar, pegar o código e
> colocar
> > outro nome, etc, etc...
>
> poder, pode. mas na prática existem milhões de projetos abandonados
> cujos produtos não servem para nada na prática.
>
> o que chega a ser empacotado numa distro é só a ponta do iceberg, uma
> minoria que deu certo.
>
> mas isto é normal. charles darwin explica.
>
>
> >
> > Em 7 de setembro de 2016 16:07, Gilberto F da Silva <
> gfs1...@mandic.com.br>
> > escreveu:
> >>
> >> -BEGIN PGP SIGNED MESSAGE-
> >> Hash: SHA1
> >>
> >> On Tue, Sep 06, 2016 at 09:52:18AM -0300, jaitony souza wrote:
> >> > Bom dia
> >> > Era de se esperar com o surgimento do libre office e adoção de quase
> >> > todas
> >> > as distribuições Linux por ele o OpenOffice até demorou muito pra
> morre
> >> >
> >> > Enviada por um dispositivo móvel
> >> >
> >> > Em 06/09/2016 09:46, "Nélio Macedo" 
> escreveu:
> >>
> >>   Melhor que haja somente uma suite forte para o Linux.
> >>
> >> - --
> >>
> >> Gilberto F da Silva - gfs1...@gmx.net - ICQ 136.782.571
> >> Stela dato:2.457.639,295  Loka tempo:2016-09-07 16:05:14 Merkredo
> >> - -==-
> >> Faz o que tu queres..  há de ser tudo da lei!
> >>  -- Raul Seixas
> >> -BEGIN PGP SIGNATURE-
> >> Version: GnuPG v2
> >>
> >> iEYEARECAAYFAlfQZXgACgkQJxugWtMhGw4ACQCfevEDGlnBSfVt72IBErPSoIjd
> >> 8VYAoNMrK92jDpAAvDdo5BnTJJGas098
> >> =055Q
> >> -END PGP SIGNATURE-
> >>
> >
> >
> >
> > --
> > Atenciosamente,
> > Rodrigo da Silva Cunha
> >
>
>

Re: Decentralized reliable instant messaging?

[Darac Marjal]

On Thu, Sep 08, 2016 at 11:29:21AM -, Dan Purgert wrote:

Ben Finney wrote:

Byung-Hee HWANG  writes:


My meant is that 100% rules/policy is not easy to keep for FSF-like
Free Software by the definition.

[snip]

Do you believe “keep 100% rules/policy” is necessary for a person using
free software? What does that mean?


I think he means he doesn't see the "you must use free software"
approach as the best for the general users.  This is at odds (AFAICT)
with Debian's stance on the matter.


Debian's stance isn't "you must use free software" but rather "we can 
only distribute software we are allowed to". Debian does not forbid
people from installing software which they (the user) have permission to 
use but which they (Debian) does not have permission to distribute. The 
best-known example is Adobe's Flash Player. Debian does not have 
permission to distribute this. Users DO have permission to download and 
install it, though, so Debian provides a downloader/installer package 
which automates the user's actions.


This is where Debian differs from the "ideals" of the Free Software 
Foundation. If the FSF had their way, such tacit approval of Non-Free 
software would be banned. I'm surprised that Grub (A GNU program) deigns 
to load Windows :)




--
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O|



--
For more information, please reread.


signature.asc
Description: PGP signature

Re: Fim do OpenOffice?

[Fred Maranhão]

2016-09-08 0:31 GMT-03:00 Rodrigo Cunha :
> Srs. essa ideia de fim de um projeto opensource é quase impossivel, uma vez
> que o código é livre, qualquer um pode reiniciar, pegar o código e colocar
> outro nome, etc, etc...

poder, pode. mas na prática existem milhões de projetos abandonados
cujos produtos não servem para nada na prática.

o que chega a ser empacotado numa distro é só a ponta do iceberg, uma
minoria que deu certo.

mas isto é normal. charles darwin explica.


>
> Em 7 de setembro de 2016 16:07, Gilberto F da Silva 
> escreveu:
>>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On Tue, Sep 06, 2016 at 09:52:18AM -0300, jaitony souza wrote:
>> > Bom dia
>> > Era de se esperar com o surgimento do libre office e adoção de quase
>> > todas
>> > as distribuições Linux por ele o OpenOffice até demorou muito pra morre
>> >
>> > Enviada por um dispositivo móvel
>> >
>> > Em 06/09/2016 09:46, "Nélio Macedo"  escreveu:
>>
>>   Melhor que haja somente uma suite forte para o Linux.
>>
>> - --
>>
>> Gilberto F da Silva - gfs1...@gmx.net - ICQ 136.782.571
>> Stela dato:2.457.639,295  Loka tempo:2016-09-07 16:05:14 Merkredo
>> - -==-
>> Faz o que tu queres..  há de ser tudo da lei!
>>  -- Raul Seixas
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v2
>>
>> iEYEARECAAYFAlfQZXgACgkQJxugWtMhGw4ACQCfevEDGlnBSfVt72IBErPSoIjd
>> 8VYAoNMrK92jDpAAvDdo5BnTJJGas098
>> =055Q
>> -END PGP SIGNATURE-
>>
>
>
>
> --
> Atenciosamente,
> Rodrigo da Silva Cunha
>

RE: Squid3 y Dominios https

[Laura Marzà Porcar]

Hola Oswaldo, puedes pasar la configuración del squid para echarle un ojo?
saludos


De: Oswaldo Franco [mailto:franco.oswa...@gmail.com] 
Enviado el: jueves, 08 de septiembre de 2016 13:33
Para: debian-user-spanish@lists.debian.org
Asunto: Squid3 y Dominios https

Hola listeros, saludos.

Utilizo squid3 (3.1.6-1.2+squeeze3) en una máquina con Debian GNU/Linux 6.0.8 
(squeeze).

Tengo el squid configurado para bloquear TODO y permitir lo que le diga 
mediante las ACL. Pero los dominios con https se pueden abrir normalmente a 
menos que las deniegue específicamente.

Quiero saber si podrían darme una ayuda para que esto no suceda.

Qué es lo que quiero, que deniegue todo (inclyendo https) y yo poder permitir 
mediante ACL's los dominios que desee.

Gracias de antemano.



-- 
OSWALDO FRANCO
Cumaná, Sucre -Venezuela
GNU/Linux User # 508524

Squid3 y Dominios https

[Oswaldo Franco]

Hola listeros, saludos.

Utilizo squid3 (3.1.6-1.2+squeeze3) en una máquina con Debian GNU/Linux
6.0.8 (squeeze).

Tengo el squid configurado para bloquear TODO y permitir lo que le diga
mediante las ACL. Pero los dominios con https se pueden abrir normalmente a
menos que las deniegue específicamente.

Quiero saber si podrían darme una ayuda para que esto no suceda.

Qué es lo que quiero, que deniegue todo (inclyendo https) y yo poder
permitir mediante ACL's los dominios que desee.

Gracias de antemano.


-- 
OSWALDO FRANCO
Cumaná, Sucre -Venezuela
GNU/Linux User # 508524

Re: Decentralized reliable instant messaging?

[Dan Purgert]

Ben Finney wrote:
> Byung-Hee HWANG  writes:
>
>> My meant is that 100% rules/policy is not easy to keep for FSF-like
>> Free Software by the definition.
> [snip]
>
> Do you believe “keep 100% rules/policy” is necessary for a person using
> free software? What does that mean?

I think he means he doesn't see the "you must use free software"
approach as the best for the general users.  This is at odds (AFAICT)
with Debian's stance on the matter.

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| 

Re: Fim do OpenOffice?

[Anacleto Júnior]

Sendo sincero, eu pensei que o projeto já havia acabado há tempos.

Em 8 de setembro de 2016 00:31, Rodrigo Cunha 
escreveu:

> Srs. essa ideia de fim de um projeto opensource é quase impossivel, uma
> vez que o código é livre, qualquer um pode reiniciar, pegar o código e
> colocar outro nome, etc, etc...
>
> Em 7 de setembro de 2016 16:07, Gilberto F da Silva  > escreveu:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On Tue, Sep 06, 2016 at 09:52:18AM -0300, jaitony souza wrote:
>> > Bom dia
>> > Era de se esperar com o surgimento do libre office e adoção de quase
>> todas
>> > as distribuições Linux por ele o OpenOffice até demorou muito pra morre
>> >
>> > Enviada por um dispositivo móvel
>> >
>> > Em 06/09/2016 09:46, "Nélio Macedo"  escreveu:
>>
>>   Melhor que haja somente uma suite forte para o Linux.
>>
>> - --
>>
>> Gilberto F da Silva - gfs1...@gmx.net - ICQ 136.782.571
>> Stela dato:2.457.639,295  Loka tempo:2016-09-07 16:05:14 Merkredo
>> - -==-
>> Faz o que tu queres..  há de ser tudo da lei!
>>  -- Raul Seixas
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v2
>>
>> iEYEARECAAYFAlfQZXgACgkQJxugWtMhGw4ACQCfevEDGlnBSfVt72IBErPSoIjd
>> 8VYAoNMrK92jDpAAvDdo5BnTJJGas098
>> =055Q
>> -END PGP SIGNATURE-
>>
>>
>
>
> --
> Atenciosamente,
> Rodrigo da Silva Cunha
>
>


-- 
*Anacleto Júnior | Analista de TI e Redes*
CompTIA Linux+ Certified Professional | LPI ID LPI000319449
(12) 99149-4890

Re: Roundcube avec les paquets Debian

[Ph. Gras]

Merci Christophe,

> Ah, et j'ai oublié
> 

pour toutes ces informations !

Entre temps j'ai réussi à atteindre l'installer de façon correcte en changeant :
# Default server configuration
#
server {
# listen 80 default_server;
# listen [::]:80 default_server;

#   root /var/lib/roundcube;
root /usr/share/roundcube;
# Add index.php to the list if you are using PHP
# index index.html index.htm index.nginx-debian.html;
index index.php index.html;

}

la racine globale vers l'endroit où pointent le plus de liens symboliques…

Je vais reprendre le truc ce week-end et vous tiendrai au courant de la suite.

Bonne journée,

Ph. Gras

problème de route avec un aille phone

[Bernard Schoenacker]

bonjour,

j'arrive à me connecter à un Iphone mais je n'arrive pas à torouver la
route pour le navigateur (firefox 50) ...

comment y arriver ?


pour info : sudo idevicepair pair || unpair fonctionnent et l'ordiphone
trouve la connection qui est authorisée ...

slt
bernard

Re: Debian Jessie : regular console instead of a hi-res one!

[Nicolas George]

Le tridi 23 fructidor, an CCXXIV, Felix Miata a écrit :
>as they are generally produced with many more pix
> than typical GUI fonts.

You said, quite rightly, "usually 16x9". That does not make many more
pixels, that is rather typical of what is used with GUI fonts too.

> All that extra size enhances readability,
> compensating rather nicely for the loss in apparent resolution.

Yes, it enhances it compared to tiny glyphs, but it worsens it compared to
larger glyphs at native resolution.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: Debian Jessie : regular console instead of a hi-res one!

[Felix Miata]

Nicolas George composed on 2016-09-08 10:07 (UTC+0200):


Felix Miata composed:



The simplest way is to direct KMS's framebuffer to use a lower resolution
than the native hi-res one by including a video= parameter on the kernel
cmdline. The lower the resolution, the larger the standard (usually 16x9)
framebuffer font becomes. On a 1920x1200 display I typically use
video=1440x900@60; on a 1920x1080, 1280x720@60; depending on size of display
and actual resolutions it supports. Using video=1920x1080 on a 2560x1440
display should produce a font 177% of the physical size of the one used
natively.



It may be ONE OF THE simplest ways, but it a very bad one: screen have a
native resolution, operating at a different one requires scaling: the
resulting text will be much less readable than with the better solution of
using a larger font.


Have you ever tried it? Default framebuffer fonts are quite adaptable to 
different resolutions, as they are generally produced with many more pix than 
typical GUI fonts. All that extra size enhances readability, compensating 
rather nicely for the loss in apparent resolution.

--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: Debian Jessie : regular console instead of a hi-res one!

[Nicolas George]

Le tridi 23 fructidor, an CCXXIV, Felix Miata a écrit :
> The simplest way is to direct KMS's framebuffer to use a lower resolution
> than the native hi-res one by including a video= parameter on the kernel
> cmdline. The lower the resolution, the larger the standard (usually 16x9)
> framebuffer font becomes. On a 1920x1200 display I typically use
> video=1440x900@60; on a 1920x1080, 1280x720@60; depending on size of display
> and actual resolutions it supports. Using video=1920x1080 on a 2560x1440
> display should produce a font 177% of the physical size of the one used
> natively.

It may be ONE OF THE simplest ways, but it a very bad one: screen have a
native resolution, operating at a different one requires scaling: the
resulting text will be much less readable than with the better solution of
using a larger font.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: Debian Jessie : regular console instead of a hi-res one!

[Felix Miata]

The simplest way is to direct KMS's framebuffer to use a lower resolution 
than the native hi-res one by including a video= parameter on the kernel 
cmdline. The lower the resolution, the larger the standard (usually 16x9) 
framebuffer font becomes. On a 1920x1200 display I typically use 
video=1440x900@60; on a 1920x1080, 1280x720@60; depending on size of display 
and actual resolutions it supports. Using video=1920x1080 on a 2560x1440 
display should produce a font 177% of the physical size of the one used natively.

--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: Testing/Unstable Synaptic broken again.

[Brad Rogers]

On Wed, 7 Sep 2016 23:58:56 -0700
Jimmy Johnson  wrote:

Hello Jimmy,

>okay.  It looks like "gtk-3" is the culprit.  When the other 4 systems 

Indeed.  I've upgraded everything other than those myself.  Again,
without ill effect.

Just have to keep a weather eye out for upgraded, bugfixed (natch),
versions arriving in testing.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
I'll tell you something, I think that you should know
Rich Kids - Rich Kids


pgpfVNhbCvAkm.pgp
Description: OpenPGP digital signature

[OT] Errores 400 en Squid3

[Laura Marzà Porcar]

Buenos días, 
Monte un squid/3.4.8 en una Debian Jessie, en general funciona correctamente, 
pero hay algo que se me escapa, ya que en algunas páginas me dice "Bad 
Request", creo que están todos relacionados con el mismo problema y con algo 
referente a seguridad, por el tipo de contenido de las paginas que me dan 
errores.

en ocasiones el error es: 

"Your browser sent a request that this server could not understand.
Request header field is missing ':' separator."

p.e.:
http://www.sri.gob.ec/
TCP_MISS/400 747 GET http://www.sri.gob.ec/ lmarza HIER_DIRECT/201.234.223.197 
text/html


En otras:

"Bad Request - Invalid Header

HTTP Error 400. The request has an invalid header name."

Cuando me aparece este tipo de error, busco a donde lleva la pagina y accedo 
directamente al https (en el ejemplo se ve mejor lo que quiero decir)

p.e:
http://bancopopular.es/  --> pero aquí accedo correctamente: 
https://www2.bancopopular.es/empresasN o 
https://www2.bancopopular.es/particularesN
TCP_MISS/400 731 GET http://bancopopular.es/favicon.ico lmarza 
HIER_DIRECT/195.55.131.69 text/html

Tambien:
"400 - Bad Request"

p.e.
http://portal.lacaixa.es/ --> pero así accedo perfectamente: 
https://portal.lacaixa.es/
TCP_MISS/400 811 GET http://portal.lacaixa.es/ lmarza 
HIER_DIRECT/192.229.182.219 text/html,application/xhtml+xml,application/xml

Otro:
"Bad request
Your browser sent a query this server could not understand. "

p.e:
http://www.ruralvia.com/
TCP_MISS/400 728 GET http://www.ruralvia.com/ lmarza HIER_DIRECT/195.53.82.136 
text/html


La configuración de SQUID3 es la siguiente le he eliminado los comentarios y 
algunas restricciones de acceso que no afectan en este caso para resumir 
líneas):

##

http_port 3128
tcp_outgoing_address [IP_SQUID]
auth_param negotiate program /usr/local/bin/negotiate_wrapper -d --ntlm 
/usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp 
--domain=MARINA --kerberos /usr/local/bin/squid_kerb_auth -d -s GSS_C_NO_NAME
auth_param ntlm children 30
auth_param ntlm keep_alive off
auth_param basic children 30
auth_param basic realm Servidor Proxy Dominio MARINA.LOCAL
auth_param basic credentialsttl 2 hours
acl SSL_ports port 443
acl SSL_ports port 8100
acl Safe_ports port 80  # http
acl Safe_ports port 20 21   # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70  # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 9010# cofraweb
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
hierarchy_stoplist cgi-bin ?
acl css urlpath_regex cgi-bin \? \.css
acl js urlpath_regex cgi-bin \? \.js
acl no_cachear dstdomain "/etc/squid3/no_cachear.conf"
no_cache deny no_cachear css js
always_direct allow no_cachear
acl msn req_mime_type -i ^application/x-msn-messenger$
acl estilos req_mime_type -i ^text/css$
debug_options ALL,1 33,2
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT RPC_IN_DATA RPC_OUT_DATA
acl descargas urlpath_regex -i \.deb$
http_access allow descargas
external_acl_type wbinfo_group_helper %LOGIN /usr/lib/squid3/wbinfo_group.pl
acl Autorizados proxy_auth REQUIRED
http_access deny !Autorizados

acl HorarioLabDw time 00:00-08:00
acl HorarioLabUp time 21:30-23:59   
acl sabado time A
acl domingo time S   

acl buscadores url_regex -i "/etc/squid3/Buscadores"
acl denegados url_regex "/etc/squid3/SitiosDenegados"
acl juegos url_regex "/etc/squid3/SitiosJuegos"
acl inocentes url_regex "/etc/squid3/SitiosInocentes"
acl redsocial url_regex -i "/etc/squid3/RedesSociales"
acl stream url_regex "/etc/squid3/Streaming"
acl webmails url_regex -i "/etc/squid3/Webmails"
acl youtube url_regex -i "/etc/squid3/Youtube"
acl cloud url_regex -i "/etc/squid3/Almacenamiento"
acl administ url_regex -i "/etc/squid3/Administracion"
acl auditint url_regex -i "/etc/squid3/AuditInt"
acl banca url_regex -i "/etc/squid3/Banca"
acl cams url_regex -i "/etc/squid3/Camaras"
acl general url_regex -i "/etc/squid3/General"
acl juridic url_regex -i "/etc/squid3/Juridico"
acl pers url_regex -i "/etc/squid3/Personal"
acl prensa url_regex "/etc/squid3/Prensa"
acl servidor url_regex -i "/etc/squid3/Servidor"
acl telem url_regex -i "/etc/squid3/Telemarketing"
acl aIP4 src "/etc/squid3/aIP4"

acl UsuariosLibre external wbinfo_group_helper squidcs_usuarioslibre
acl UsuariosPrensa external wbinfo_group_helper squidcs_usuariosprensa
acl UsuariosStream external wbinfo_group_helper squidcs_usuariosstream
acl