Re: Anyone know what this means when running aptitude update?

[Frank]

Op 27-03-17 om 01:23 schreef Mark Fletcher:

On Sun, Mar 26, 2017 at 08:51:55PM +0200, Sven Hartge wrote:

Frank  wrote:


The hash sum mismatch is usually a passing issue: updating while the
repository/mirror itself is in the process of updating. If it keeps
showing up, that mirror is probably borked. Try deb.debian.org instead
of http.debian.net.


deb.debian.org, http.debian.net and httpredir.debian.org are the same.
The old service behind http.debian.net and httpredir.debian.org were
switched off in February and the hostnames now point to the same system
backing deb.debian.org



This has been going on for weeks now, I have been hoping in vain that
the issue would clear itself, as Frank suggested, before I posted here.
It doesn't look like it is going to. So, are we saying that
deb.debian.org, http.debian.net and httpredir.debian.org, being the
same, are all "borked"? Doesn't feel right, more people would be up on
their hind legs yelling for footnotes if so, no?


Apparently the mirror that comes up is bad. Kind of disappointing the 
deb.debian.org mechanism doesn't seem to work much better than the 
httpredir. I used to use that until I noticed it wasn't always up to the 
task, so I switched to ftp.nl.debian.org, which just works. For you, 
ftp.jp.debian.org probably will as well.



The fix for the key ID issue looks straightforward though, thanks Frank
and others for that. I'll try out this
download-and-put-in-the-right-place approach, that's new to me. Should I
make efforts to remove the old key Google were previously using?


No need. That one is still in the key file you are going to download. To 
be honest, I suggested what I did because those are a simple one-liners 
and they work. I use /etc/apt/trusted.gpg.d myself, but my system is on 
stretch and I wasn't sure about jessie.


Regards,
Frank

Re: DD bs=4M option on USB mem-stick creates false format

[David Christensen]

On 03/26/2017 10:18 AM, kAt wrote:

dd if=/media/--/image.iso of=/dev/sdb bs=4M; sync

the image works but the format of the drive seems false gparted when
starting says that linux thinks it is a 256k block and not the 4m it
indicates.  It shows on an 8G drive an empty space of 28G

Is it the option of bs=4M that creates this problem. The free space
can not be formatted and partitioned.  As Gparted tried to claim and
format this space as a 6.7G which seemed right it crashed.

Any advise would greatly be appreciated


On 03/26/2017 10:41 AM, kAt wrote:

Correction to the error message, it is this: The driver descriptor
says the physical block size is 2048 bytes, but Linux says it is 512
bytes.

or at least that is what I get without using the bs=4M option

I am wondering whether it is a fault of the iso image (recent
download of the Rescatux 4.0beta) which I am trying to use without
luck on an old 32bit Celeron?? .. with Win XP to repair its admin
pass and booting which seems to take for ever.

I am trying to use the empty part of the stick to copy and store
temporatily some important files before I mess with it or install
debian


Please post console sessions -- prompt, command, and full output. 
Paraphrasing and omitting information wastes everybody's time.



Always start a new thread with these:

2017-03-26 19:50:42 dpchrist@jesse ~
$ cat /etc/debian_version
8.7

2017-03-26 19:50:46 dpchrist@jesse ~
$ uname -a
Linux jesse 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07)
x86_64 GNU/Linux


Also, please post the URL for image.iso/Rescatux 4.0beta.


Did you checksum your download?  If not, checksum it.  If the download 
checksum is bad, download and checksum again until you get a good 
checksum.  For example:


2017-03-18 12:40:50 root@cd2533
/var/local/data/dpchrist/iso/debian/8.7.1/i386
# grep debian-8.7.1-i386-xfce-CD-1.iso SHA256SUMS
a258af89540a64e6d16d6a546ec554a07ef0d46168d74bfc2073cc60d6a9ecde
debian-8.7.1-i386-xfce-CD-1.iso

2017-03-18 12:41:30 root@cd2533
/var/local/data/dpchrist/iso/debian/8.7.1/i386
# sha256sum debian-8.7.1-i386-xfce-CD-1.iso
a258af89540a64e6d16d6a546ec554a07ef0d46168d74bfc2073cc60d6a9ecde
debian-8.7.1-i386-xfce-CD-1.iso


Did you checksum the image on your USB flash drive immediately after 
burning?  Use a calculator to find the largest power of 2 that divides 
evenly into the image size:


2017-03-18 12:41:06 root@cd2533
/var/local/data/dpchrist/iso/debian/8.7.1/i386
# ll debian-8.7.1-i386-xfce-CD-1.iso
-rw-r--r-- 1 dpchrist dpchrist 678428672 2017/03/04 17:02:57
debian-8.7.1-i386-xfce-CD-1.iso


In this case, it's 2^20.  Do the burn with 'bs=1M'.  Also, run 'sync' 
after 'dd' to ensure that the command prompt is not returned until all 
the bytes have been written:


2017-03-18 12:41:54 root@cd2533
/var/local/data/dpchrist/iso/debian/8.7.1/i386
# time dd if=debian-8.7.1-i386-xfce-CD-1.iso of=/dev/sdc bs=1M; sync
647+0 records in
647+0 records out
678428672 bytes (678 MB) copied, 161.132 s, 4.2 MB/s

real2m41.135s>
user0m0.012s
sys0m1.640s


Note '647+0 records in' and '647+0 records out'.  The '647' part must 
match and both must have '+0', or something is wrong.  Use 'dd' with 
'bs=1M' and 'count=647' to do the checksum:


2017-03-18 12:51:52 root@cd2533
/var/local/data/dpchrist/iso/debian/8.7.1/i386
# time dd if=/dev/sdc bs=1M count=647 | sha256sum
647+0 records in
647+0 records out
a258af89540a64e6d16d6a546ec554a07ef0d46168d74bfc2073cc60d6a9ecde  -
678428672 bytes (678 MB) copied, 33.1367 s, 20.5 MB/s

real0m33.141s
user0m5.992s
sys0m1.948s


Understand that many memstick images change once they have been booted, 
so you must checksum them immediately after burning.  (Thankfully, 
debian-8.7.1-i386-xfce-CD-1.iso doesn't, so I can verify my USB flash 
drive at any time.)



Once you are confident your USB flash drive has a good image, try 
booting it in your newest x86 computer.  If that fails, try other x86 
computers.  If none of them boot, contact your vendor.



If the USB flash drive boots correctly in newer computers, it is 
probably in "isohybrid" format -- meaning, it's supposed to boot when 
burned to optical media (CD-R, DVD-R, BD-R) and it's supposed to boot 
when burned to a USB drive.  I have found that this "one size fits most" 
approach doesn't boot on all computers, especially older computers.  If 
this is the case, possible solutions include:


1.  Burn the ISO image to optical media and boot that.

2.  Download a memstick.img file that is meant to be burned to a USB
drive, burn it to a USB drive, and boot that.  (If your vendor doesn't 
offer such, you might need to find a different tool.)



David

Re: Issue with notebook (maybe the battery?)

[Stefan Monnier]

> Maybe it's a problem with the battery?

Sounds very much like it.
Try another battery in the same laptop (or the same battery in another
laptop) to confirm.


Stefan

Re: Issue with notebook (maybe the battery?)

[David Wright]

On Sun 26 Mar 2017 at 17:09:01 (-0300), Daniel Bareiro wrote:
> Hi, Tomás and Joe.
> 
> On 26/03/17 07:49, Joe wrote:
> 
>  [snip]
> 
>  Checking the purchase invoices, I bought the notebook on September
>  19, 2013, and then changed the battery on November 2, 2015. So
>  less than two years ago I have this battery.
> 
>  The notebook I use it practically every day and I leave it
>  sleeping from one day to the next so I do not have to open every
>  application every time. I'm not sure if that impacts so much on
>  the battery life.  
> 
> >>> If it was a long term degradation, possibly. With some battery
> >>> technology/technologies(?) there is a "memory" effect. If there is a
> >>> repeated "shallow discharge"/recharge cycle ( sleep overnight
> >>> followed by running during day with charger plugged in) the
> >>> effective battery capacity will decrease. IIRC that applies to only
> >>> one technology but can't remember which.  
> 
> >> That would be the nickel family (NiMH and its predecessors). Laptops
> >> changed long ago (I'd venture somewhere in the 90-ies) to Li-whatever.
> 
> > Lithium isn't particularly sensitive to state and depth of charge,
> > apparently the optimal long-term storage state is about half-charge.
> 
> >> Those have other weak spots: overcharging shortens their lives,
> >> especially being overcharged *and* higher temps. More overcharging
> >> leads to fireworks. They *need* some electronics to take care of
> >> that. Deep discharge is also fatal to their lifetimes.
> 
> > Complete discharge is instantly fatal, they can never wake up again.
> > All lithium cells have rudimentary electronics to cut off discharge
> > earlier than this, typically 2.8-3.0V per cell. Charging is relatively
> > complex, constant current of about half capacity to around 4.1V, then
> > constant voltage to fairly precise 4.2V, then when the current drops
> > below a certain level, cutoff.
> > 
> > It should be possible to leave a lithium battery permanently connected
> > to the charger. No 'trickle charge' will occur, no additional current
> > will flow until the cell voltage drops by a certain amount. But full
> > charge is not recommended for long-term storage.
> > 
> > Yes, I had to build a lithium battery into something a few years ago,
> > I had to learn how to charge it. 
> 
> Thank you for sharing these interesting comments. I think some time I've
> inadvertently consumed the entire battery charge (although this was
> something that happened a long time ago, I think). Perhaps the
> recommendation to avoid this is to check the "Enable Power Management"
> option in KDE.

I didn't know you could. I thought the battery would stop supplying
current before that happened. I was under the impression that to get
any lower, you had to leave it empty so it could self-discharge.

I ran a laptop on a faulty battery for 17 months. Throughout that
period, the charge indicator flashed four yellows and a green. Apart
from running down quite quickly, there were no other signs of
distress. About a week before it finally gave up the ghost, I had the
same behaviour as yours: removing the power cable would kill the laptop.

The battery itself had a charge indicator when you pressed a button,
lighting a steady line of one to five LEDs. When it died, just the
2nd and 4th LEDs flashed on and off instead, and the laptop wouldn't
run at all.

Fortunately, I had a spare (smaller) battery of the same vintage which
is still going. (I won't say still going strong.) The laptop is also
showing its age: the display gives problems most of the time so I run
it hooked up to a monitor.

> Do you think that of the information I showed in
> /sys/class/power_supply/BAT0/uevent or
> /org/freedesktop/UPower/devices/battery_BAT0 can be detected any
> electrical problem with the battery?

The only obvious oddity I can see is POWER_SUPPLY_STATUS=Unknown but
I'm not sure I haven't seen that myself in the past, though probably
only momentarily. But the voltages you see are a bit suspicious.

I just ran this same laptop down to 7% capacity (takes about 20 minutes)
and it was down at 10.797 volts. On reconnecting the power, it rose to
11.7 volts within, say, 15 seconds (but still reading 7% of course).
So the low voltage you see with the charger attached might suggest
that the battery is loading the charger somewhat. (Unfortunately you
don't appear to get current amps, which may be related to Unknown above.)

So if I were you I'd be buying a new battery in case the machine won't
run when this old one completely fails. (I don't know about the wisdom
of running with no battery; anyway this laptop looks as if the underside
of the touchpad is very vulnerable when the battery is removed, and
you lose two feet.)

Cheers,
David.

Re: UID mismatch across systems

[Joshua Schaeffer]

On 03/26/2017 06:27 PM, Ross Boylan wrote:


The main practical problem is with backups, restores and copies that
use numeric ids instead of names.  This includes taking a disk that
was used on one system and using it in another.

Beyond that, I had a general sense that the mismatched ids could cause
trouble.  You're right, I'm not likely to be doing things like ssh'ing
after having assumed a system account id or sharing files owned by
system ids over NFS.  So it may be just the backup/copying that's an
issue.

Yes, I hadn't thought about backing up a system and then restoring on another 
system. Just a suggestion, but in the case of backups that are restored on 
another system you would probably *not* want backup the numeric ids. Rsync 
actually behaves like this by default and falls back to numeric ids. You have 
to specify the --numeric-ids flag in order for it to preserve all IDs. From 
rsync(1) man page:

 --numeric-ids
With this option rsync will transfer numeric group and user IDs rather than 
using user and group names and mapping them at both ends.

  By default rsync will use the username and groupname to determine 
what ownership to give files. The special uid 0 and the special group  0
are never mapped via user/group names even if the --numeric-ids option is not 
specified.

  If  a user or group has no name on the source system or it has no 
match on the destination system, then the numeric ID from the source sys‐
tem is used instead.

Rsync also has capabilities to map users and groups with the --usermap and 
--groupmap options. See the man page for details of these options as well. So 
by default rsync may be doing what you are looking for (or at least map the ids 
for you so that you don't have to go through the hassle of synchronizing all 
your systems) by backing up the system and attempting to restore it to the 
correct user by name first then by ID. Of course this assumes you are using 
rsync. Other backup programs (and there are aplenty) may do the opposite by 
default.


I was planning  on using kerberos.  Partly that's because I thought
NFSv4 needed it anyway.

It is required if you use sec=krb5, krb5i, or krb5p. sec=sys doesn't do any 
integrity checking, authentication, or encryption and Kerberos is not required 
for these exports. Right now I use LDAP and Kerberos for authentication and 
authorization (authn/authz). Kerberos handles the authn portion and actually 
uses LDAP as its backend. LDAP handles authz portion. I'm also in the process 
of setting up my NFSv4 server with krb5p security. Let me know if you have any 
questions on that.


I mean ids < 1000.  1000+ seems to be for users on my systems.  On my
systems it's 100-124 that have the problems.

Sorry, typo, I did in fact mean ids less than 1000.

Are you saying there is a way to change the uid/gid of a process that
is already running from the outside?  Does usermod do that if you
change the uid?

My concern is that if I change file uids existing processes will gag
and, worst case, the system becomes  non-functional even on reboot.*
This seems particularly acute with systemd.  I know I can shutdown
most services, change ids, and restart them.  But I have the
impression that the ones associated with systemd, and maybe some
others like messagebus, are essential and have to be left running.
And I am accessing the systems via ssh, and so changing the ssh u/gid
seems especially dicey.

*It just occurred to me I could temporarily make permissions more
permissive, or add group permissions, to avoid getting locked out.

Ross

No, I was just saying to create a new account in LDAP (this would be the new 
synchronized account) and then just change ownership of the files owned by the 
old account with chown. Your concerns are valid for accounts like systemd and 
daemon, and unfortunately I don't have any experience with this as I don't 
synchronize these types of accounts.

Thanks,
Joshua Schaeffer

Re: Re: Compartir internet por wi-fi

[Erickson Ramirrez]

Enviado desde mi iPhone

Re: Una de hostapd en debian 7...

[luisededios]

On Fri, 24 Mar 2017 21:27:24 -0400, JavierDebian  
 wrote:




Pregunta básica: ¿tu ISP bloque de algún modo la conexión de otros  
equipos?

Me explico.
Si tiene su máquina conectada a la red, y debes darla de alta en un  
dominio con restricciones.


Hago la pregunta de otra forma.
Traes un máquina cualquiera, ¿te puedes conectar a la red sin tener que  
decirle al administrador "Deme de alta la máquina con nombre "luis",  
cuya dirección MAC de la placa de red es xx-xx-xx-xx-xx-xx-xx?


Si NO necesitas hacer eso, es porque la red está abierta, por lo que  
debes usar un punte (bridging), y sacar cualquier cosa de IPTables.


Si DEBES darte de alta, entonces ahí deberás enmascarar el tráfico.


He hecho esta[*] otra configuración, la que me sugieres con el bridge pero  
te digo una cosa, no es la primera vez que intento crear un puente y el  
sistema siempre se queja y no me deja unir una de las interfaces a la otra  
en un puente. Qué estaré haciendo mal?


Me da pena decirlo, pero llevo mucho tiempo tratando de implementar el AP  
y no he tenido resultados ni con una tarjeta wifi ni ahora que tengo dos,  
y todas las veces que trato de crear un puente el sistema se queja y no me  
lo permite  :(


[*]
NOTA. Tengo dos interfaces wifi físicas: wlan0 para implementar el AP y  
wlan2 para conectar a internet.


/etc/default/hostapd
DAEMON_CONF="/etc/hostapd/hostapd.conf"

/etc/hostapd/hostapd.conf
interface=wlan0
bridge=br0
driver=nl80211
ssid=test
country_code=US
hw_mode=g
channel=1
macaddr_acl=0
auth_algs=1
wpa=2
wpa_passphrase=secret123
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

/etc/network/interfaces
auto lo br0
iface lo inet loopback

#wireless wlan0
allow-hotplug wlan0
iface wlan0 inet manual

#wlan2 connected to INTERNET(en mi caso un móvil con zona wifi y datos  
móviles activados brindando acceso a email internacional)

allow-hotplug wlan2
iface wlan2 inet manual

#set bridge
iface br0 inet static
  bridge_ports wlan0 wlan2
  address 192.168.43.150
  netmask 255.255.255.0
  network 192.168.43.0
  gateway 192.168.43.156<-- IP QUE RECIBE DEL MOVIL CON  
ZONA WIFI
  dns-nameservers 192.168.43.150  <-- IP DE LA PROPIA LAPTOP PUES TIENE  
SERVER DHCP CONFIGURADO


root@samaria:~# service networking restart

[warn] Running /etc/init.d/networking restart is deprecated because it may  
not re-enable some interfaces ... (warning).
[] Reconfiguring network interfaces...can't add wlan2 to bridge br0:  
Operation not supported


Waiting for br0 to get ready (MAXWAIT is 32 seconds).
Failed to bring up br0.
done.

--
Saludos,
Luis

Re: SSH Access Issue

[Philippe LeCavalier]

On Sun, Mar 26, 2017 at 6:04 PM Joshua Schaeffer 
wrote:

>
> On 03/26/2017 08:30 AM, Cindy-Sue Causey wrote:
>
>
> In the case I'm thinking, it's about manually adding multiple lines to
> a file that I'm not completely remembering just now. Gut is saying
> it's /etc/network/interfaces. Mine's almost empty so I don't have an
> example to confirm that.
>
> Typically user's put a second gateway option in the /etc/network/interface
> file (which you talk about in the next paragraph). This usually results in
> not understanding what the gateway does.
>
> What I encountered wasn't about declaring different values for
> gateway, either. For whatever reasons due to innate [functionality],
> it becomes a fail even if you declare the same gateway value for that
> line within each new, separate block of declarations. Success is found
> by declaring it once then omitting that line within any other new
> blocks added over time.
>
> While I've never put duplicate gateway information in
> /etc/network/interfaces I, at one point when learning about networking and
> setting it up in Debian, had put a gateway for each subnet in the
> interfaces file (which is incorrect and resulted in an error). A gateway,
> often called a "gateway of last resort" tells the system how to reach
> subnets that it is not attached to. That is the point of the gateway; it is
> the one place the system can send packets to when it doesn't know where to
> go. If you defined two gateways (meaning if this was allowed) you would be
> back to square one, the system wouldn't know which gateway to send the
> packet to. Defining two gateways could be an incorrect way of saying you
> are defining two routes (most likely static routes).
>
> Between my setup and cognition, I've never had anything stable enough
> to test if it matters which block that gateway is declared. I've
> wondered if it matters that it be in the first block, or if it just
> needs to show up somewhere in that file. I was consciously putting it
> in the first block because that seemed to be the *logical* thing to do
> k/t having touched on programming 20 years ago at a local tech school.
>
> I hadn't really thought about this myself. I've always defined the gateway
> under the interface that is attached to the subnet where the gateway
> resides. A.K.A. if I have two networks:
>
> auto eth0
> iface inet eth0 static
>   address 192.168.0.2/24
>
> auto eth1
> iface inet eth1 static
>   address 10.1.10.2/24
>
> And my gateway of last resort was on the 192.168.0 subnet then I would
> define the gateway under that interface
>
> auto eth0
> iface inet eth0 static
>   address 192.168.0.2/24
>   gateway 192.168.0.1
>
> It never occurred to me to see if it could be put anywhere in the file. My
> hunch is it can and I guess I could take the 60 seconds to test it, but
> I'll leave that to more adventurous people.
>
>
> Thanks,
> Joshua Schaeffer
>

I had simply done a route add so I reversed it with a route del.
-- 
Regards,
Phil

Re: UID mismatch across systems

[Ross Boylan]

On Sun, Mar 26, 2017 at 2:47 PM, Joshua Schaeffer
 wrote:
>
> On 03/25/2017 03:03 PM, Boylan, Ross wrote:
>
> The problem is that I can't convert to using a shared directory when
> different systems assign different uids to the same named user.  In other
> words, to get to the shared accounts solution I must already have solved the
> problem of mismatching ids.
>
> Not entirely true, NFSv4 has the ability to map uid/gid between systems with
> the rpc.idmapd program, which uses the idmapd.conf configuration files.
>
> The problems are mostly with system users, and I've seen some advice
> indicating such users don't normally go in LDAP.  So excluding would reduce
> the problem, for LDAP, but also leave lots of unsynchronized ids.
>
> What is the issue of unsynchronized system ids? Are you allowing login of
> these system ids? Are they also sharing a filesystem (NFS, CIFS, etc) for
> these system ids? My assumption is that when you say shared directory you
> are talking about $HOME for a normal user. If that's not the case then it
> sounds like you are using an old technique where many systems mount shared
> filesystems to /usr, /usr/share, /opt, etc. I haven't seen that in years as
> disks are quite large enough to handle the space needed for these
> directories.

The main practical problem is with backups, restores and copies that
use numeric ids instead of names.  This includes taking a disk that
was used on one system and using it in another.

Beyond that, I had a general sense that the mismatched ids could cause
trouble.  You're right, I'm not likely to be doing things like ssh'ing
after having assumed a system account id or sharing files owned by
system ids over NFS.  So it may be just the backup/copying that's an
issue.
>
> I'm not sure how much a problem it the mismatches are for NFSv4; I believe
> it allows user/kerberos based authentication, but I'm not sure what that
> means for the uids of the files.
>
> Mismatched ids in NFSv4 will result in a uid/gid of -1, which translates to
> something like 4294967295 (I don't think that's the exact number but it's
> close to 2^32) when you run an ls -l on the NFS mount point.
>
> LDAP is my go to solution for synchronized authorization and central account
> management (I do not use it for authentication, but that is my own personal

I was planning  on using kerberos.  Partly that's because I thought
NFSv4 needed it anyway.

> preference). I advocate it, but I know some people prefer simpler solutions
> depending on the situation. A company of 10 systems can easily avoid all of
> the management, hardware, upkeep, etc of LDAP and use something like NIS,
> Puppet, etc or use no central management at all.
>
> I guess I'm not understanding the core problem. I never put system ids
> (including root) into LDAP, only user's ids. Typing this out, it occurred to
> me that I am assuming you mean a system id is an id of >1000 (in Debian). If

I mean ids < 1000.  1000+ seems to be for users on my systems.  On my
systems it's 100-124 that have the problems.

> you are talking about some generic account that is not an actual system ID,
> but is not used by a specific user, then yes you have to find a way to
> synchronize and/or transfer the account. I would simply create the account
> in LDAP and then transfer all ownership of processes and files to that new
> account (as you already stated).
Are you saying there is a way to change the uid/gid of a process that
is already running from the outside?  Does usermod do that if you
change the uid?

My concern is that if I change file uids existing processes will gag
and, worst case, the system becomes  non-functional even on reboot.*
This seems particularly acute with systemd.  I know I can shutdown
most services, change ids, and restart them.  But I have the
impression that the ones associated with systemd, and maybe some
others like messagebus, are essential and have to be left running.
And I am accessing the systems via ssh, and so changing the ssh u/gid
seems especially dicey.

*It just occurred to me I could temporarily make permissions more
permissive, or add group permissions, to avoid getting locked out.

Ross

Re: ftp client's "ls" is "!ls"

[Kent West]

On Sun, Mar 26, 2017 at 4:35 AM,  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Sat, Mar 25, 2017 at 05:05:43PM -0500, Kent West wrote:
> > On Sat, Mar 25, 2017 at 2:02 AM,  wrote:
> >
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA1
> > >
> > > On Fri, Mar 24, 2017 at 04:44:17PM -0500, Kent West wrote:
> > > > I'm ftp'ing to a Dell/Quest K1000 System Management appliance, from a
> > > > Debian 9.0 box, and when I execute the command "ls" or "del" or do a
> > > > tab-completion, the commands act on the local directory instead of
> the
> > > > remote, so that "ls" acts like "!ls".
> > >
> > > This is not how it's supposed to work. At least not ls (dir and ls
> should
> > > both list the remote's system directory contents).
> > >
> > > Which ftp client are you using?
> > >
> >
> >
> > westk@westkent:~$ aptitude show ftp
> > Package: ftp
> > Version: 0.17-34
>
>
Thanks for your responses, Tomas! They spurred me to think about the ftp
client I was using, and in doing a quick "aptitude search ftp" I found a
few other clients to try. The "ftp" client appears to be flakey, but the
tnftp client seems to work well, with tab-completion and other commands
performing as expected. (The ncftp client *almost* works, but
tab-completion doesn't see the blah.tgz.manifest file whereas it does see
the blah.tgz file, so it gives misleading info on tab-completion.)

Thanks!

-- 
Kent West<")))><
Westing Peacefully - http://kentwest.blogspot.com

Re: Encrypted flash drives

[Mark Fletcher]

On Sun, Mar 26, 2017 at 12:28:33PM +0200, Nicolas George wrote:
> 
> Well, I am sorry to say that the extents of the advice I can give on
> handling troubles with Gnome or other desktop environments is "apt-get
> purge gnome nautilus; apt-get install fvwm zsh". I can still suggest two
> basic generic things to test: first, look carefully at the differences,
> in ownership, permissions, etc., of the mounted filesystems. Second, try
> with a clean account to see if the keys still show different behaviours
> (and if that fails, try with a brand new install).
> 
Thanks, I appreciate the advice. I will check those things. But I feel 
that still leaves the question of why there is no reaction to the 
initial insert of the drive in the "semi-broken" case, whereas with the 
other there is an immediate reaction in that the screen pops up asking 
me to enter the passphrase. Obviously this moment is before there is a 
mounted filesystem to look at.

Tomas has tried to give me pointers on that but I'm afraid I don't 
understand where to take that. Is there any chance someone who isn't a 
self-proclaimed "desktop luddite" could comment?

At this point this is a "interesting, wonder what is wrong with this" as 
opposed to "oh god I'm dying" thing, but I'd appreciate pointers in 
figuring out how to resolve it. I think it boils down to differences 
between the commands I executed on the command line and what Files is 
doing in the background if you use the GUI. It doesn't sit well with me, 
as it may with many others, that the GUI does a better job that I can't 
replicate on the command line -- means there is something happening that 
I don't understand.

Thanks

Mark

Re: Anyone know what this means when running aptitude update?

[Mark Fletcher]

On Sun, Mar 26, 2017 at 08:51:55PM +0200, Sven Hartge wrote:
> Frank  wrote:
> 
> > The hash sum mismatch is usually a passing issue: updating while the 
> > repository/mirror itself is in the process of updating. If it keeps 
> > showing up, that mirror is probably borked. Try deb.debian.org instead 
> > of http.debian.net.
> 
> deb.debian.org, http.debian.net and httpredir.debian.org are the same.
> The old service behind http.debian.net and httpredir.debian.org were
> switched off in February and the hostnames now point to the same system
> backing deb.debian.org
> 

This has been going on for weeks now, I have been hoping in vain that 
the issue would clear itself, as Frank suggested, before I posted here. 
It doesn't look like it is going to. So, are we saying that 
deb.debian.org, http.debian.net and httpredir.debian.org, being the 
same, are all "borked"? Doesn't feel right, more people would be up on 
their hind legs yelling for footnotes if so, no?

The fix for the key ID issue looks straightforward though, thanks Frank 
and others for that. I'll try out this 
download-and-put-in-the-right-place approach, that's new to me. Should I 
make efforts to remove the old key Google were previously using?

Mark

Re: `Filter failed' no print error message

[Brian]

On Sun 26 Mar 2017 at 22:02:44 +0100, Rodolfo Medina wrote:

> Brian  writes:
> 
> > On Sun 26 Mar 2017 at 17:58:28 +0100, Rodolfo Medina wrote:
> >
> >> Brian  writes:
> >> 
> >> >  > From where did you get the necessary drivers?
> >> >  > Is there any sign of "gstoraster" in your error_log?
> >> 
> >> No, no gstoraster in error_log.  From UnifiedLinuxDriver_1.02.tar.gz I
> >> extracted ML-191xspl2.ppd and copied it in a subdirectory of my home
> >> directory, and the file rastertosamsungspl that I copied into
> >> /usr/lib/cups/filter.
> >
> > No gstoraster. You aren't going anywhere. You will not be able to print.
> >
> > [...]
> >
> > "UnifiedLinuxDriver" indicates a package downloaded from
> >
> >  http://www.bchemnet.com/suldr/
> >
> > But there is no version 1.02 offered by this site, See here
> >
> >  http://www.bchemnet.com/suldr/suld.html
> >
> > Copying the PPD and filter is ok. But what file did you copy them from?
> > UnifiedLinuxDriver_1.02.tar.gz is not offered by the bchemnet.com site.
> >
> > Have you got that, too. The file you say you downloaded does not exist
> > at bchemnet.com as far as I can see.
> 
> 
> I downloaded - years ago, when I bought the printer - from:
> 
>  http://www.samsung.com

You were asked from where you got the package a couple of mails ago. I
should have insisted you answer rather than guessing from a file name.

Your best strategy is to download the latest package from Samsung
instead of using something ancient.

Alternatively, changing

 *cupsFilter:  "application/vnd.cups-postscript 0 rastertosamsungspl"

to

 *cupsFilter:  "application/vnd.cups-raster 0 rastertosamsungspl"

just might work.


> .  With those two files, the printer had always worked fine with Debian.  Now 
> I
> installed Debian on a new machine, and the printer won't print.  Strange
> because the old machine, where the printer still does work, *also* has Debian
> Sid, the same operating system I have on my new Lenovo AMD A6 Desktop.
> 
> 
> >> > You have rastertosamsungspl as a filter. It needs to be given raster
> >> > data. It looks like it is being given PostScript - so the filter stops.
> >> >
> >> > Also provide the outputs of
> >> >
> >> >  cat /etc/cups/ppd/ppd_for_the printer | grep NickName
> >> 
> >> Here it is:
> >> 
> >> # cat Samsung_ML-191x_252x_Series.ppd | grep NickName
> >> *ShortNickName: "ML-191x 252x"
> >> *NickName:  "Samsung ML-191x 252x Series"
> >
> > Now - that looks ok
> >
> >> > and 
> >> >
> >> >  cat /etc/cups/ppd/ppd_for_the printer | grep cupsFilter
> >> >
> >> > You will probably have to be root to get these.
> >> 
> >> and:
> >> 
> >> # cat Samsung_ML-191x_252x_Series.ppd | grep cupsFilter
> >> *cupsFilter:  "application/vnd.cups-postscript 0 rastertosamsungspl"
> >> 
> >> What now?  Thanks...
> >
> > What now?
> >
> > Whatever package you are using is expecting rastertosamsungspl to process
> > PostScript. As its name implies, it will only process raster data. CUPS
> > will not like this line.
> >
> > Please post
> >
> >  cat Samsung_ML-191x_252x_Series.ppd | grep cupsFilter
> >
> > for the machine which prints for you. Check the PPD file name in
> > /etc/cups.ppd first.
> 
> 
> Here it is:
> 
> *cupsFilter:  "application/vnd.cups-postscript 0 rastertosamsungspl"
> 
> , but exactly the same output also comes from Lenovo machine, where the 
> printer
> won't work...  So I think there must be some other different special reason
> because one is ok and the other is not although the system is the same on 
> both.

I very much doubt the filtering on both machines is identical. The
error_log you posted for the non-working machine had

 D [07/Mar/2017:14:35:23 +] [Job 1] Started filter 
/usr/lib/cups/filter/pdftopdf (PID 4741)
 D [07/Mar/2017:14:35:23 +] [Job 1] Started filter 
/usr/lib/cups/filter/pdftops (PID 4742)
 D [07/Mar/2017:14:35:23 +] [Job 1] Started filter 
/usr/lib/cups/filter/rastertosamsungspl

PostScript is being produced. There is no pstoraster filter in unstable's
cups-filters package to give raster data to rastertosamsungspl.

Please run

 cupsfilter --list-filters -p /etc/cups/ppd/ -m printer/foo 
 -e > out.prn 2> log

on both machines. A PDF or a text file would do for . Post the
two logs you get.

-- 
Brian.

Re: DD bs=4M option on USB mem-stick creates false format

[Thomas Schmitt]

Hi,

kAt wrote:
> > /sbin/fdisk -l /dev/sdb
> Disk /dev/sdb: 7.2 GiB, 7751073792 bytes, 15138816 sectors

Is this about the correct size of the stick ?


> Units: sectors of 1 * 512 = 512 bytes
> Sector size (logical/physical): 512 bytes / 512 bytes
> I/O size (minimum/optimal): 512 bytes / 512 bytes

Looks like a normal block size for USB sticks and conventional disks.


> Device Boot   Start End Sectors  Size Id Type
> /dev/sdb1  * 64 1374207 1374144  671M  0 Empty
> /dev/sdb2   1297212 12986191408  704K ef EFI (FAT-12/16/32)

This is the MBR partition table. You may use fdisk to add a partition.
(Let's hope it will not hate that sdb2 is located inside sdb1.)


> echo 2 | sudo /sbin/gdisk -l /dev/sdb
> Warning! Main partition table overlaps the first partition by 64 blocks!
> You will need to delete this partition or resize it in another utility.

gdisk definitively hates the start of the outer partition.
But starting at block 64 would mean that it would not be mountable.

> Number  Start (sector)End (sector)  Size   Code  Name
>   2 1297212 1298619   704.0 KiB   0700  ISOHybrid1

The EFI partition is more to its taste.

As said, the GPT of an ISO with "mjg" layout is quite useless
and i'd zeroize its header block at block address 1.


Have a nice day :)

Thomas

Re: Thin Client

[Joshua Schaeffer]

On 03/26/2017 12:29 PM, Brian wrote:


Off of Ebay. Doesn't everyone? :)

I think the statement has been changed or is changing to: "Off of Amazon. Doesn't 
everyone?" :> (no wars please just a joke).

Re: SSH Access Issue

[Joshua Schaeffer]

On 03/26/2017 08:30 AM, Cindy-Sue Causey wrote:



In the case I'm thinking, it's about manually adding multiple lines to
a file that I'm not completely remembering just now. Gut is saying
it's /etc/network/interfaces. Mine's almost empty so I don't have an
example to confirm that.

Typically user's put a second gateway option in the /etc/network/interface file 
(which you talk about in the next paragraph). This usually results in not 
understanding what the gateway does.


What I encountered wasn't about declaring different values for
gateway, either. For whatever reasons due to innate [functionality],
it becomes a fail even if you declare the same gateway value for that
line within each new, separate block of declarations. Success is found
by declaring it once then omitting that line within any other new
blocks added over time.

While I've never put duplicate gateway information in /etc/network/interfaces I, at one 
point when learning about networking and setting it up in Debian, had put a gateway for 
each subnet in the interfaces file (which is incorrect and resulted in an error). A 
gateway, often called a "gateway of last resort" tells the system how to reach 
subnets that it is not attached to. That is the point of the gateway; it is the one place 
the system can send packets to when it doesn't know where to go. If you defined two 
gateways (meaning if this was allowed) you would be back to square one, the system 
wouldn't know which gateway to send the packet to. Defining two gateways could be an 
incorrect way of saying you are defining two routes (most likely static routes).


Between my setup and cognition, I've never had anything stable enough
to test if it matters which block that gateway is declared. I've
wondered if it matters that it be in the first block, or if it just
needs to show up somewhere in that file. I was consciously putting it
in the first block because that seemed to be the *logical* thing to do
k/t having touched on programming 20 years ago at a local tech school.

I hadn't really thought about this myself. I've always defined the gateway 
under the interface that is attached to the subnet where the gateway resides. 
A.K.A. if I have two networks:

auto eth0
iface inet eth0 static
  address 192.168.0.2/24

auto eth1
iface inet eth1 static
  address 10.1.10.2/24

And my gateway of last resort was on the 192.168.0 subnet then I would define 
the gateway under that interface

auto eth0
iface inet eth0 static
  address 192.168.0.2/24
  gateway 192.168.0.1

It never occurred to me to see if it could be put anywhere in the file. My 
hunch is it can and I guess I could take the 60 seconds to test it, but I'll 
leave that to more adventurous people.

Thanks,
Joshua Schaeffer

Messages d'avertissements à chaque démarrage de Chromium

[Bernard]

Bonjour à tous,

Le Chromium v 34.0 que j'ai installé récemment sur mon portable sous 
Ubuntu 16.04, affiche, au démarrage, la boîte de dialogue suivante :


"Saisissez votre mot de passe pour déverrouiller le trousseau de 
connexion. Le mot de passe que vous utilisez pour ouvrir une session sur 
cet ordinateur, ne correspond plus à celui de votre trousseau de connexion.


Si je ressaisis mon mot de passe dans la fenêtre, il n'est pas reconnu, 
ne le sont pas davantages les autres mots de passe possiblement 
pertinents que j'ai essayés. Aucune autre application sur mon système ne 
réagit de la sorte, tout fonctionne bien. Et d'ailleurs, Chromium aussi 
fonctionne apparemment bien, dès que j'ai cliqué deux fois sur "annuler" 
sur la boîte de dialogue, opération qu'il faut recommencer à chaque 
lancement de l'outil. Par ailleurs, un autre encart s'affiche en même 
temps que celui que je viens de décrire : "Impossible de lire vos 
préférences. Certaines fonctionnalités ne seront peut-être pas 
disponibles, et les modifications à vos préférences ne seront pas 
sauvegardées". Ceci étant dit, mes bookmarks ajoutés réapparaissent à 
chaque lancement de chromium, idem pour la taille des caractères et les 
paswords sauvegardés pour les sites


Merci d'avance pour vos diagnostics

Bernard

Re: UID mismatch across systems

[Joshua Schaeffer]

On 03/25/2017 03:03 PM, Boylan, Ross wrote:

The problem is that I can't convert to using a shared directory when different 
systems assign different uids to the same named user.  In other words, to get 
to the shared accounts solution I must already have solved the problem of 
mismatching ids.

Not entirely true, NFSv4 has the ability to map uid/gid between systems with 
the rpc.idmapd program, which uses the idmapd.conf configuration files.

The problems are mostly with system users, and I've seen some advice indicating 
such users don't normally go in LDAP.  So excluding would reduce the problem, 
for LDAP, but also leave lots of unsynchronized ids.

What is the issue of unsynchronized system ids? Are you allowing login of these 
system ids? Are they also sharing a filesystem (NFS, CIFS, etc) for these 
system ids? My assumption is that when you say shared directory you are talking 
about $HOME for a normal user. If that's not the case then it sounds like you 
are using an old technique where many systems mount shared filesystems to /usr, 
/usr/share, /opt, etc. I haven't seen that in years as disks are quite large 
enough to handle the space needed for these directories.

I'm not sure how much a problem it the mismatches are for NFSv4; I believe it 
allows user/kerberos based authentication, but I'm not sure what that means for 
the uids of the files.

Mismatched ids in NFSv4 will result in a uid/gid of -1, which translates to 
something like 4294967295 (I don't think that's the exact number but it's close 
to 2^32) when you run an ls -l on the NFS mount point.
LDAP is my go to solution for synchronized authorization and central account 
management (I do not use it for authentication, but that is my own personal 
preference). I advocate it, but I know some people prefer simpler solutions 
depending on the situation. A company of 10 systems can easily avoid all of the 
management, hardware, upkeep, etc of LDAP and use something like NIS, Puppet, 
etc or use no central management at all.

I guess I'm not understanding the core problem. I never put system ids (including 
root) into LDAP, only user's ids. Typing this out, it occurred to me that I am 
assuming you mean a system id is an id of >1000 (in Debian). If you are talking 
about some generic account that is not an actual system ID, but is not used by a 
specific user, then yes you have to find a way to synchronize and/or transfer the 
account. I would simply create the account in LDAP and then transfer all ownership 
of processes and files to that new account (as you already stated).

Thanks,
Joshua Schaeffer

Re: UID mismatch across systems

[deloptes]

Ross Boylan wrote:

> To solicit advice about how to deal with the mismatch, including the
> options I mentioned originally:
> 1) manually change the uids/gids  so  they match--and how to do that
> safely, esp on a live system
> 2) live with the the mismatches, at least for system accounts.
> 
> I was also wondering how systems could be set up to have matching ids,
> given that the initial install doesn't use a shared identity database.
> For example, my newer systems have uid 101 = input, while pre-jessie
> ones have 101 = libuuid.  The new ones have systemd-* users at
> 102-105, while the older ones have other users there.
>>
>> There is no magic wand for that - debian has default numbering for system
>> accounts, so only user and custom accounts need to be moved to some user
>> management system like mysql or ldap. Of course OP will need to chown on
>> each machine to make it work.
> 
> I am the OP!  Thanks  for your responses.

Ah, sorry I did not notice you are the OP.
I was once told debian uses same uid/gid for the system accounts, but it
looks like it is not true. However I am sure there is somewhere
documentation/discussion about this.

In general you don't mess up with the system accounts.
Only your user accounts would be managed in LDAP (or MySQL). This is what
you want. So answer to your 1) is yes only for user accounts and this would
imply 2) as yes unless you have some good reason to manage system accounts
via  LDAP (or MySQL), but I have never heard of such.
The tricky part here is if users are in some system groups and they differ
between hosts. In this case you could distribute same passwd/group and
shadow files to all machines and need to update (chown) all related
files/dirs same as step 5.

you need to
1. create a list of all users on each host and uid/gid on that host. 
2. assign a unique uid/gid to each user
3. create/migrate the users to LDAP (or MySQL) to those uid/gid
4. update each host to use LDAP (or MySQL) as pam service
5. chown all files/dirs belonging to each of the user (I think find is good
at that
6. remove the local users (but leave one user account for admin tasks)

There are some good docs around about how this is done.

I hope that helps

regards

Chromium dépend il de Google Chrome ?

[Bernard]

L'inverse, oui, on le sait: Google a réutilisé le programme de Chromium 
pour faire son navigateur commercial. Ma question est donc: quelles sont 
les relations, dépendances etc... de Chromium avec Google ?  Plus 
concrêtement: le Chromium que je viens d'installer sur le Ubuntu de mon 
portable, non seulement utilise par défaut le moteur de recherche de 
Google, mais encore, si vous souhaitez conserver en mémoire un password 
afin de ne pas avoir à le rétaper à chaque connexion sur un site, il est 
précisé que c'est sur Google que cela sera sauvegardé... Il y a sans 
doute d'autres choses, mais je n'ai pas encore beaucoup exploré l'outil 
et ses possibilités. Que penser de Chromium en comparaison de Firefox / 
Iceweasel en ce qui concerne la confidentialité, l'aptitude à générer 
plus ou moins de spams publicitaires et autres ?


Au départ, je pensais que l'utilisation que Google avait faite du code 
de Chromium, pour légale soit elle, était fort indélicate voire 
outrecuidante... mais je me demande si, au final, il n'y a pas eu une 
espèce d'entente et de collaboration entre les développeurs bénévoles de 
Chromium et les commerciaux de Google...


Merci d'avance pour vos réponses et avis

Bernard

Re: Postfix Dovecot et SSL : SSL23: unknown protocol

[andre_debian]

On Sunday 26 March 2017 22:27:06 you wrote:
> J'ai fait un test avec le serveur SMTP de gmail :
> openssl s_client -connect smtp.gmail.com:995 -debug
> et ça a fonctionné. Il y aura une quantité importante d'informations :

Depuis mon serveur :
openssl s_client -connect localhost:995 -debug :
les d'infos...
+OK Dovecot ready.

openssl s_client -connect :995 -debug :
aucune réponse... ou
gethostbyname failure
connect:errno=0

Depuis un poste client :
openssl s_client -connect :995 -debug :
les d'infos...
+OK Dovecot ready.

tail /var/log/mail.err :
ssl3_get_client_hello:no shared cipher
SSL23_GET_CLIENT_HELLO:unknown protocol

Voilà le topo,

bonne fin de soirée,

André

> > > Le 26 mars 2017 19:45:28 GMT+02:00, andré a écrit :
> > > >J'ai un serveur postfix + dovecot + ssl.
> > > >Il marche parfaitement avec le port POP 110,
> > > >mais pas du tout en mode SSL port 995.
> > > >Voici ce que me dit "tail /var/log/mail.err" :
> > > >dovecot: pop3-login: Error: SSL: Stacked error:
> > error:140760FC:SSL 
> > > >routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> > > >Mes certifs crt et key semblent bons.
> > > >J'en ai créés d'autres mais idem.
> > > >J'ai fouillé via Google, ce message m'apporte des centaines
> > > >de liens mais aucun ne m'aide.
> > > >Merci d'une piste...  André

Re: [1/2 HS] syntaxe qui ne va plus depuis upgrade MySQL

[Christian Quentin]

le nombre de logos distincts ? si oui, la taille du résultat de la
requête ci-dessus te fournira l'info
le nombre de fois où chaque logo distinct a été rencontré lors du
regroupement ? Là, il faudra utiliser
SELECT images, logos, COUNT(logos) FROM tablelogo GROUP BY images, logos :

Ce script marchait avant l'upgrade de mysql... :
Erreur de la requête SELECT images, logos, COUNT(logos) FROM tablelogos
GROUP BY images, logos

Oui mais cette requête est un peu différente : regarde la clause GROUP BY
elle contient les 2 champs que tu veux afficher dans ta clause SELECT
ce n'était pas le cas dans la requête initiale.

Ceci correspond à un vote pour un logo, nombreux logos et images,
au fur et à mesure des votes, le nombre de lignes augmentent :
logosimages
32  logo32.jpg  
25logo25.jpg
15logo15.jpg
32logo32.jpg
8  logo8.jpg
25logo25.jpg

Bonne soirée,

André



OK. Donc tu veux obtenir un cumul des votes pour chaque logo.
Tu souhaites également les trier pour avoir les logos les plus 
populaires en tête de liste

La requête est donc :

SELECT images, logos, COUNT(logos) AS total
FROM tablelogo
GROUP BY images, logos
ORDER BY total DESC

(quasi identique à ta requête initiale sauf pour le GROUP BY)

Bonne soirée
Christian

Re: `Filter failed' no print error message

[Rodolfo Medina]

Brian  writes:

> On Sun 26 Mar 2017 at 17:58:28 +0100, Rodolfo Medina wrote:
>
>> Brian  writes:
>> 
>> >  > From where did you get the necessary drivers?
>> >  > Is there any sign of "gstoraster" in your error_log?
>> 
>> No, no gstoraster in error_log.  From UnifiedLinuxDriver_1.02.tar.gz I
>> extracted ML-191xspl2.ppd and copied it in a subdirectory of my home
>> directory, and the file rastertosamsungspl that I copied into
>> /usr/lib/cups/filter.
>
> No gstoraster. You aren't going anywhere. You will not be able to print.
>
> [...]
>
> "UnifiedLinuxDriver" indicates a package downloaded from
>
>  http://www.bchemnet.com/suldr/
>
> But there is no version 1.02 offered by this site, See here
>
>  http://www.bchemnet.com/suldr/suld.html
>
> Copying the PPD and filter is ok. But what file did you copy them from?
> UnifiedLinuxDriver_1.02.tar.gz is not offered by the bchemnet.com site.
>
> Have you got that, too. The file you say you downloaded does not exist
> at bchemnet.com as far as I can see.


I downloaded - years ago, when I bought the printer - from:

 http://www.samsung.com

.  With those two files, the printer had always worked fine with Debian.  Now I
installed Debian on a new machine, and the printer won't print.  Strange
because the old machine, where the printer still does work, *also* has Debian
Sid, the same operating system I have on my new Lenovo AMD A6 Desktop.


>> > You have rastertosamsungspl as a filter. It needs to be given raster
>> > data. It looks like it is being given PostScript - so the filter stops.
>> >
>> > Also provide the outputs of
>> >
>> >  cat /etc/cups/ppd/ppd_for_the printer | grep NickName
>> 
>> Here it is:
>> 
>> # cat Samsung_ML-191x_252x_Series.ppd | grep NickName
>> *ShortNickName: "ML-191x 252x"
>> *NickName:  "Samsung ML-191x 252x Series"
>
> Now - that looks ok
>
>> > and 
>> >
>> >  cat /etc/cups/ppd/ppd_for_the printer | grep cupsFilter
>> >
>> > You will probably have to be root to get these.
>> 
>> and:
>> 
>> # cat Samsung_ML-191x_252x_Series.ppd | grep cupsFilter
>> *cupsFilter:  "application/vnd.cups-postscript 0 rastertosamsungspl"
>> 
>> What now?  Thanks...
>
> What now?
>
> Whatever package you are using is expecting rastertosamsungspl to process
> PostScript. As its name implies, it will only process raster data. CUPS
> will not like this line.
>
> Please post
>
>  cat Samsung_ML-191x_252x_Series.ppd | grep cupsFilter
>
> for the machine which prints for you. Check the PPD file name in
> /etc/cups.ppd first.


Here it is:

*cupsFilter:  "application/vnd.cups-postscript 0 rastertosamsungspl"

, but exactly the same output also comes from Lenovo machine, where the printer
won't work...  So I think there must be some other different special reason
because one is ok and the other is not although the system is the same on both.

Thanks,

Rodolfo

Re: Issue with notebook (maybe the battery?)

[Joe]

On Sun, 26 Mar 2017 16:38:29 -0300
Daniel Bareiro  wrote:

> Hi, Richard.
> 
> On 26/03/17 06:46, Richard Owlett wrote:
> 
> >> [snip]
> >>
> >> Checking the purchase invoices, I bought the notebook on September
> >> 19, 2013, and then changed the battery on November 2, 2015. So
> >> less than two years ago I have this battery.
> >>
> >> The notebook I use it practically every day and I leave it
> >> sleeping from one day to the next so I do not have to open every
> >> application every time. I'm not sure if that impacts so much on
> >> the battery life.  
> 
> > If it was a long term degradation, possibly. With some battery
> > technology/technologies(?) there is a "memory" effect. If there is a
> > repeated "shallow discharge"/recharge cycle ( sleep overnight
> > followed by running during day with charger plugged in) the
> > effective battery capacity will decrease. IIRC that applies to only
> > one technology but can't remember which.  
> 
> I remember that when I bought this battery, I was advised to leave the
> charger plugged in for a little more than an hour after the charging
> level reaches 100%. And for the subsequent times, try to avoid having
> the charger plugged in when the battery charge level reaches 100%. So
> I was following that criteria. What do you think about that?

I would hesitate to contradict a supplier, but a lithium battery
charger should not permit overcharging. It *must* not, as there is a
serious risk of fire or explosion, not just a reduction of life as
will occur with other types. The maximum charge voltage must be a fairly
precise 4.20V per cell, and really the only practical way to charge
these batteries is to use one of many specialised integrated circuits
designed to do just that.

There's a time sequence: first, with a completely discharged battery,
which will have been disconnected by its own internal electronics, a
significant current charge is given and the cell voltage monitored
(calculated for a multi-cell battery). If it does not exceed 3.0V
within a few minutes, the charger gives up and produce an error signal,
the battery is faulty. If all is well, the recommended charge current
for the cells, normally about half the capacity i.e. about a two-hour
charge, is applied until the voltage reaches about 4.1V/cell, when the
charger switches to a third mode to bring the output voltage to
precisely 4.2V. During this mode, as the cell reaches full charge, the
current drops away and when a particular value is reached, the charger
cuts off. No further charge will be applied until usage or
self-discharge of the cell reduces the voltage to below about 4.1V. If
a charger is connected to a battery that is already charged to between
3.0V and 4.1V per cell, phase two is immediately started, and if the
cell voltage is already between 4.1V and 4.2V, nothing will happen.
There is no continuous trickle-charge mode. Assuming, of course, the
charger is designed properly, and with a specialised IC, this is pretty
much guaranteed.

So a lot of warnings about overcharging, memory effect, about removing
the battery when external power is used, and suchlike, are hangovers
from the days of nickel battery technologies, and don't apply to
lithium. Conversely, the charger has to be matched to the battery
capacity, and there's no way to charge lithium batteries with any kind
of general-purpose charger, you need the supplier's own charger, which
may be built-in to the appliance.

> 
> >> But in any case, in all this time, whenever the battery was
> >> charged, the charge level was up to 100%. So just since yesterday
> >> I suddenly saw that the load stayed at 38% and I started to
> >> experience this issue.  
> 
> > That makes me think of a component failure. Likely the battery, but
> > conceivably something in the laptop.

Yes. The problem is that it's not possible to rig up a quick charging
test for lithium, or a dummy battery load to check the charger. With
other technologies, a current source powered from a higher voltage,
with a voltmeter, would give some idea of the battery state. 
> 
> Perhaps the ultimate test is going to a business where they have
> original Lenovo components, ask them for a new battery to test it at
> the moment with the notebook and, if all goes well, then buy it.
> 
Sadly, that's the only real test.

Something worth trying if you have access to a voltmeter: the battery
pack will have at least three terminals, maybe more, and a voltage
should be measurable across two of them. The voltage value may show a
missing (shorted) cell. Discharged as far as possible, a lithium cell
should be around 3.0V, and fully charged, 4.2V. The battery should be
marked as to how many cells it contains. If you get a reading of less
than 3.0V per cell, there is almost certainly a dead cell. Probably you
won't get a conclusive reading, if the charger thinks there's 38%
charge, then the volts per cell is probably higher than 3.0, which it
can be if one cell is missing 

Re: Postfix Dovecot et SSL : SSL23: unknown protocol

[Thierry Bugier Pineau]

J'ai fait un test avec le serveur SMTP de gmail :
openssl s_client -connect smtp.gmail.com:995 -debug
et ç a fonctionné. Il y aura une quantité importante d'informations, y
compris des dumps d'échanges entre le serveur et le client; l'argument
-debug est probablement exagéré pour l'instant. 
Ce qui est intéressant avec cette commande est qu'une fois la liaison
chiffrée établie, vous aurez l'équivalent d'un telnet sur une liaison
"en clair", vous permettant de tester manuellement votre serveur.
En ce qui concerne la désactivation de SSLv3 TLSv1.0 et TLSv1.1, j'ai
trouvé cecihttp://www.postfix.org/announcements/postfix-2.9.2.htmlhttps
://www.skyminds.net/serveur-dedie-configurer-postfix-et-courier-pour-
utiliser-tls-ssl-en-perfect-forward-secrecy/
Attention : le second lien date de 2014 et ne déconseille pas TLS 1.0
et 1.1, il faut adapter les exemples. Je garde ces liens pour mes
propres notes, car j'ai moi aussi dégrossi postfix + dovecot il y a
quelques temps. J'ai encore mes notes de brouillon d'ailleurs, que je
pourrais ressortir pour l'occasion :).
La raison de cette restriction est d'empêcher un client un peu trop
vieux de se connecter en négociant un protocole de chiffrement devenu
vulnérable, par incapacité à utiliser un protocole encore fiable. Cela
dit, c'est un peu hors du sujet. Je pense qu'il faut garder cela pour
la touche finale du chiffrement. La openssl s_client aidera de nouveau,
pour vérifier l'échec de connection avec des protocoles bannis.
Le dimanche 26 mars 2017 à 20:38 +0200, andre_deb...@numericable.fr a
écrit :
> On Sunday 26 March 2017 19:58:05 Thierry Bugier Pineau wrote:
> 
> Merci de me répondre.
> 
> > Essayez de diagnostiquer avec openssl
> > openssl s_client -connect serveur.org -debug :
> 
> La commande me renvoie sur le help de openssl...
> 
> > Plus de détail ici à propos de la commande; car il vous faudra peut
> être 
> ajouter quelques arguments selon votre cas :
> > https://wiki.openssl.org/index.php/Manual:S_client(1) :
> 
> Pas trop d'infos pour la syntaxe de la commande proposée... :-)
> 
> > En passant, veillez à bien interdire sslv3 et tls < 1.2 côté
> serveur :
> 
> Comment interdire sslv3 ?
> Sinon, j'ai adopté TLS (STARTTLS) et idem, comment interdire  tls <
> 1.2 ?
> 
> Merci,
> 
> André
>  
> > Le 26 mars 2017 19:45:28 GMT+02:00, andre_deb...@numericable.fr a
> écrit :
> > >J'ai un serveur postfix + dovecot + ssl.
> > >Il marche parfaitement avec le port POP 110,
> > >mais pas du tout en mode SSL port 995.
> > >Voici ce que me dit "tail /var/log/mail.err" :
> > >dovecot: pop3-login: Error: SSL: Stacked error:
> error:140760FC:SSL 
> > >routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> > >Mes certifs crt et key semblent bons.
> > >J'en ai créés d'autres mais idem.
> > >J'ai fouillé via Google, ce message m'apporte des centaines
> > >de liens mais aucun ne m'aide.
> > >Merci d'une piste...  André
> > 
> 
> 

Re: zenity --text-info autoscrolling?

[Floris]

Op Fri, 24 Mar 2017 23:33:06 +0100 schreef Jason :

In interactive shell scripts I like piping output into zenity  
--text-info for display. If
the output is more than fits in the zenity window, any additional lines  
will be too far
down to display unless the user manually scrolls down to the bottom of  
the text.


Does anyone know if there is a way to tell zenity to automatically  
scroll down as lines
are added so that the last lines are always visible? This way the output  
of the current
action would be displaying at the bottom of the zenity dialog box,  
instead of not being

visible.

Using zenity 3.4.0-2 on Debian 8.1.

--
Thanks.
Jason



perhaps you can use yad, a fork of zenity, with the tail option:
https://packages.debian.org/sid/yad

$ yad --help-text
Usage:
  yad [OPTION...] - Yet another dialoging program

Text information options
  --text-infoDisplay text information  
dialog
  --fore=COLOR   Use specified color for  
text
  --back=COLOR   Use specified color for  
background

  --wrap Enable text wrapping
  --justify=TYPE Set justification (left,  
right, center or fill)

  --margins=SIZE Set text margins
  --tail Autoscroll to end of text
  --show-cursor  Show cursor in read-only  
mode

  --show-uri Make URI clickable
  --uri-color=COLOR  Use specified color for  
links



success,

floris

Re: Anyone know what this means when running aptitude update?

[Sven Hartge]

Nicholas Geovanis  wrote:
> On Sun, Mar 26, 2017 at 2:11 PM, Sven Hartge  wrote:
>> Nicholas Geovanis  wrote:
>> > On Sun, Mar 26, 2017 at 1:51 PM, Sven Hartge  wrote:

 No, please do NOT use "apt-key add" but instead download the key and
 put it as a file with the suffix ".gpg" into the directory
 /etc/apt/trusted.gpg.d/

>> Just curious why you recommend this instead of "apt-key add"?
>>
>> Because the man-page for apt-key says so:
>>
>> ,
>> |  add filename
>> |  [...]
>> |  Note: Instead of using this command a keyring should be
>> |  placed directly in the /etc/apt/trusted.gpg.d/
>> |  directory with a descriptive name and either "gpg" or
>> |  "asc" as file extension.
>> `


> Thanks. FYI my Debian 8.4 apt-key man page does not contain that text.
> ii  apt   1.0.9.8.3
>amd64commandline package manager

But it works. I converted all my systems two weeks ago from putting
everything into /etc/apt/trusted.gpg via "apt-key add -" to single files
in /etc/apt/trusted.gpg.d/, which allows me to handle the keys, addition
*and* removal, very easily via puppet.

Doing this with the one file is much more complicated, with the new
approach I just need to add or remove the GPG pubkey files to the
directory and everything works.

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: Issue with notebook (maybe the battery?)

[Daniel Bareiro]

Hi, Tomás and Joe.

On 26/03/17 07:49, Joe wrote:

 [snip]

 Checking the purchase invoices, I bought the notebook on September
 19, 2013, and then changed the battery on November 2, 2015. So
 less than two years ago I have this battery.

 The notebook I use it practically every day and I leave it
 sleeping from one day to the next so I do not have to open every
 application every time. I'm not sure if that impacts so much on
 the battery life.  

>>> If it was a long term degradation, possibly. With some battery
>>> technology/technologies(?) there is a "memory" effect. If there is a
>>> repeated "shallow discharge"/recharge cycle ( sleep overnight
>>> followed by running during day with charger plugged in) the
>>> effective battery capacity will decrease. IIRC that applies to only
>>> one technology but can't remember which.  

>> That would be the nickel family (NiMH and its predecessors). Laptops
>> changed long ago (I'd venture somewhere in the 90-ies) to Li-whatever.

> Lithium isn't particularly sensitive to state and depth of charge,
> apparently the optimal long-term storage state is about half-charge.

>> Those have other weak spots: overcharging shortens their lives,
>> especially being overcharged *and* higher temps. More overcharging
>> leads to fireworks. They *need* some electronics to take care of
>> that. Deep discharge is also fatal to their lifetimes.

> Complete discharge is instantly fatal, they can never wake up again.
> All lithium cells have rudimentary electronics to cut off discharge
> earlier than this, typically 2.8-3.0V per cell. Charging is relatively
> complex, constant current of about half capacity to around 4.1V, then
> constant voltage to fairly precise 4.2V, then when the current drops
> below a certain level, cutoff.
> 
> It should be possible to leave a lithium battery permanently connected
> to the charger. No 'trickle charge' will occur, no additional current
> will flow until the cell voltage drops by a certain amount. But full
> charge is not recommended for long-term storage.
> 
> Yes, I had to build a lithium battery into something a few years ago,
> I had to learn how to charge it. 

Thank you for sharing these interesting comments. I think some time I've
inadvertently consumed the entire battery charge (although this was
something that happened a long time ago, I think). Perhaps the
recommendation to avoid this is to check the "Enable Power Management"
option in KDE.

Do you think that of the information I showed in
/sys/class/power_supply/BAT0/uevent or
/org/freedesktop/UPower/devices/battery_BAT0 can be detected any
electrical problem with the battery?


Kind regards,
Daniel



signature.asc
Description: OpenPGP digital signature

Re: UID mismatch across systems

[Ross Boylan]

On Sun, Mar 26, 2017 at 11:21 AM, deloptes  wrote:
> Ross Boylan wrote:
>
>> The problem is that none of those will work if the existing uids/gids
>> on the systems are not already consistent, and they aren't.
>
> And the goal of your statement was what exactly?

To solicit advice about how to deal with the mismatch, including the
options I mentioned originally:
1) manually change the uids/gids  so  they match--and how to do that
safely, esp on a live system
2) live with the the mismatches, at least for system accounts.

I was also wondering how systems could be set up to have matching ids,
given that the initial install doesn't use a shared identity database.
For example, my newer systems have uid 101 = input, while pre-jessie
ones have 101 = libuuid.  The new ones have systemd-* users at
102-105, while the older ones have other users there.
>
> There is no magic wand for that - debian has default numbering for system
> accounts, so only user and custom accounts need to be moved to some user
> management system like mysql or ldap. Of course OP will need to chown on
> each machine to make it work.

I am the OP!  Thanks  for your responses.
Ross

Re: duda sobre vpn

[Cristian Mitchell]

El 26 mar. 2017 3:23 PM, "juan carlos rebate"  escribió:

El día 26 de marzo de 2017, 19:08, Cristian Mitchell
 escribió:
>
>
> El 26 mar. 2017 11:27 AM, "juan carlos rebate" 
> escribió:
>
> El día 26 de marzo de 2017, 4:13, Cristian Mitchell
>  escribió:
>>
>>
>> El 25 de marzo de 2017, 19:49, juan carlos rebate
>> escribió:
>>>
>>> El día 25 de marzo de 2017, 14:45, Cristian Mitchell
>>>  escribió:
>>> >
>>> >
>>> > El 24 de marzo de 2017, 19:56, juan carlos rebate
>>> > escribió:
>>> >>
>>> >> El día 24 de marzo de 2017, 22:24, Cristian Mitchell
>>> >>  escribió:
>>> >> >
>>> >> >
>>> >> > El 24 de marzo de 2017, 17:34, juan carlos
>>> >> > rebate
>>> >> > escribió:
>>> >> >>
>>> >> >> hola he encotrado dispositivos que crean vpns por su cuenta, osea
>>> >> >> puntos de acceso wifi y routers, lo raro esque estos dispositivos
>>> >> >> dicen tener una sola tarjeta de red, eso no es nada seguro no? es
>>> >> >> como
>>> >> >> si yo monto un debian con una sola tarjeta y hago que el trafico
>>> >> >> vpn
>>> >> >> entre y salga por la misma tarjeta, eso no la sobrecargaria?
>>> >> >>
>>> >> >
>>> >> > Preguntas por seguridad o performan?
>>> >> >
>>> >> > --
>>> >> > pregunto por seguridad, no me entra que sea seguro, es como si
>>> >> > intentases usar programacion en hilos en un procesador que no
>>> >> > soporta
>>> >
>>> >
>>> > Juan Carlos
>>> >
>>> > por favor no respondas al mail personal
>>> > asi queda registrado para el resto de los usuarios
>>> >
>>> > no hay problema de seguridad, por el lado de la vpn
>>> > si no que uno de los datos va sin encriptar,
>>> > lo mas lógico es generar la encriptacion en la misma maquina o en una
>>> > red
>>> > segura.
>>> > para luego transmitir los datos
>>> > ahora algo que no aclaraste es si la misma placa de red tiene la misma
>>> > configuración para la entrada y salida
>>> >
>>> >
>>> > --
>>> ami no me entra que eso sea seguro porque por ejemplo, los routers que
>>> tienen vpn tienen 2 interfaces, la propia wifi y la ethernet, se
>>> supone que la vpn se monta por la ethernet que va a 1gbps, pero lo que
>>> no me entra esque los routers manejan trafico vpn y no vpn, es decir
>>> el router te da opcion de configurarla por cualquier cosa entrar a tu
>>> pc desde fuera o lo que sea, pero tambien te deja tener trafico
>>> normal, todo eso con una unica tarjeta ethernet, osea el router
>>> manejando trafico encriptado y no encriptado a la vez? m, no
>>> digo que no se pueda solo que no me entra que eso sea seguro, es como
>>> si yo tengo un server con una unica ethernet y le cargo una vpn, yo
>>> puedo configurarlo para que solo atienda trafico vpn de entrada y todo
>>> de salida, eso ya alivia algo a la red pero en estos routers no se
>>> puede, aunque tampoco seria seguro el ejemplo del servidor no?
>>>
>>
>> Justamente el problema lo planteaste en tu pregunta
>> la VPN es un trafico encriptado
>> en la red no sabe que lleva,por eso se arma una vPN para enviar datos
>> sensibles
>> mientras los datos sin interés van por la red común.
>> Ahora si mandas los mismos datos por la VPN y sin encriptar en paralelo
>> lo inseguro es lo que va como plano
>>
>>
>> --
> entonces un punto de acceso o server puede operar tanto una vpn como
> trafico normal con una sola tarjeta de red sin problemas de seguridad?
> basta con encriptarlo no? ok gracias, y como podria poner en estres a
> una tarjeta para ver cuanto trafico aguanta?
>
>
>
> Es que justamente la VPN es una red virtual encriptada, lo que viaje por
> esta va en forma segura.
> Y con respecto al estrés la red no falla solo se conjestiona
pero no hay forma de prevenir congestion? por ejemplo mi isp cuando
esta congestionado me baja la velocidad de forma automatica, es decir
yo tengo 20 megas pues cuando la red va mal voy al router y veo que me
lo bajan a 10 y cuando todo va bien lo vuelven a subir a 20

No hay forma de prevenirlo
Pero si de administrarlo
Con calidad de servicio

Re: `Filter failed' no print error message

[Brian]

On Sun 26 Mar 2017 at 17:58:28 +0100, Rodolfo Medina wrote:

> Brian  writes:
> 
> > There are two other questions in the mail you are responding to. You 
> > have not dealt with them. I'll repeat them for reference:
> >
> >  > From where did you get the necessary drivers?
> >  > Is there any sign of "gstoraster" in your error_log?
> 
> Sorry...  No, no gstoraster in error_log.  From UnifiedLinuxDriver_1.02.tar.gz
> I extracted ML-191xspl2.ppd and copied it in a subdirectory of my home
> directory, and the file rastertosamsungspl that I copied into
> /usr/lib/cups/filter.

No gstoraster. You aren't going anywhere. You will not be able to print.

Read that again. Say it to yourself a hundred times. Got it?

"UnifiedLinuxDriver" indicates a package downloaded from

 http://www.bchemnet.com/suldr/

But there is no version 1.02 offered by this site, See here

 http://www.bchemnet.com/suldr/suld.html

Copying the PPD and filter is ok. But what file did you copy them from?
UnifiedLinuxDriver_1.02.tar.gz is not offered by the bchemnet.com site.

Have you got that, too. The file you say you downloaded does not exist
at bchemnet.com as far as I can see.

> > You have rastertosamsungspl as a filter. It needs to be given raster
> > data. It looks like it is being given PostScript - so the filter stops.
> >
> > Also provide the outputs of
> >
> >  cat /etc/cups/ppd/ppd_for_the printer | grep NickName
> 
> Here it is:
> 
> # cat Samsung_ML-191x_252x_Series.ppd | grep NickName
> *ShortNickName: "ML-191x 252x"
> *NickName:  "Samsung ML-191x 252x Series"

Now - that looks ok

> > and 
> >
> >  cat /etc/cups/ppd/ppd_for_the printer | grep cupsFilter
> >
> > You will probably have to be root to get these.
> 
> and:
> 
> # cat Samsung_ML-191x_252x_Series.ppd | grep cupsFilter
> *cupsFilter:  "application/vnd.cups-postscript 0 rastertosamsungspl"
> 
> What now?  Thanks...

What now?

Whatever package you are using is expecting rastertosamsungspl to process
PostScript. As its name implies, it will only process raster data. CUPS
will not like this line.

Please post

 cat Samsung_ML-191x_252x_Series.ppd | grep cupsFilter

for the machine which prints for you. Check the PPD file name in
/etc/cups.ppd first.

-- 
Brian.

Re: Anyone know what this means when running aptitude update?

[Nicholas Geovanis]

On Sun, Mar 26, 2017 at 2:11 PM, Sven Hartge  wrote:

> Nicholas Geovanis  wrote:
> > On Sun, Mar 26, 2017 at 1:51 PM, Sven Hartge  wrote:
> >> No, please do NOT use "apt-key add" but instead download the key and
> >> put it as a file with the suffix ".gpg" into the directory
> >> /etc/apt/trusted.gpg.d/
>
> > Just curious why you recommend this instead of "apt-key add"?
>
> Because the man-page for apt-key says so:
>
> ,
> |  add filename
> |  [...]
> |  Note: Instead of using this command a keyring should be
> |  placed directly in the /etc/apt/trusted.gpg.d/
> |  directory with a descriptive name and either "gpg" or
> |  "asc" as file extension.
> `


Thanks. FYI my Debian 8.4 apt-key man page does not contain that text.
ii  apt   1.0.9.8.3
   amd64commandline package manager



> Grüße,
> Sven.
>

Re: Issue with notebook (maybe the battery?)

[Daniel Bareiro]

Hi, Richard.

On 26/03/17 06:46, Richard Owlett wrote:

>> [snip]
>>
>> Checking the purchase invoices, I bought the notebook on September 19,
>> 2013, and then changed the battery on November 2, 2015. So less than two
>> years ago I have this battery.
>>
>> The notebook I use it practically every day and I leave it sleeping from
>> one day to the next so I do not have to open every application every
>> time. I'm not sure if that impacts so much on the battery life.

> If it was a long term degradation, possibly. With some battery
> technology/technologies(?) there is a "memory" effect. If there is a
> repeated "shallow discharge"/recharge cycle ( sleep overnight followed
> by running during day with charger plugged in) the effective battery
> capacity will decrease. IIRC that applies to only one technology but
> can't remember which.

I remember that when I bought this battery, I was advised to leave the
charger plugged in for a little more than an hour after the charging
level reaches 100%. And for the subsequent times, try to avoid having
the charger plugged in when the battery charge level reaches 100%. So I
was following that criteria. What do you think about that?

>> But in any case, in all this time, whenever the battery was charged, the
>> charge level was up to 100%. So just since yesterday I suddenly saw that
>> the load stayed at 38% and I started to experience this issue.

> That makes me think of a component failure. Likely the battery, but
> conceivably something in the laptop.

Perhaps the ultimate test is going to a business where they have
original Lenovo components, ask them for a new battery to test it at the
moment with the notebook and, if all goes well, then buy it.

Thanks for your reply.

Kind regards,
Daniel



signature.asc
Description: OpenPGP digital signature

Re: Anyone know what this means when running aptitude update?

[Sven Hartge]

Nicholas Geovanis  wrote:
> On Sun, Mar 26, 2017 at 1:51 PM, Sven Hartge  wrote:
>> Frank  wrote:

>> No, please do NOT use "apt-key add" but instead download the key and
>> put it as a file with the suffix ".gpg" into the directory
>> /etc/apt/trusted.gpg.d/

> Just curious why you recommend this instead of "apt-key add"?

Because the man-page for apt-key says so:

,
|  add filename
|  [...]
|  Note: Instead of using this command a keyring should be
|  placed directly in the /etc/apt/trusted.gpg.d/
|  directory with a descriptive name and either "gpg" or
|  "asc" as file extension.
`

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: SSH Access Issue

[David Christensen]

On 03/26/2017 05:21 AM, Philippe LeCavalier wrote:

Turns out the box had a second default gateway by mistake, mine of course.
I guess I forgot I manually added the default gateway when the box was in
my lab. As it turns out the clue was irrelevant but talking things out here
did somehow lead my the the right clue.


Years ago, I developed two habits that have proven very useful for 
troubleshooting:


1.  I keep a plain text system administration log file for every 
computer with personal notes, console sessions, contents of key files, 
e-mails, web pages, etc., etc..  I put this under version control.


2.  I put all manually-created and modified-default system configuration 
files under version control.



Lately, I have started keeping administration logs for individual drives 
and motherboards.



I have also tried putting the entire /etc tree under version control 
right after installation.  Because I use CVS, this gets messy when 
adding and removing packages.  Also, CVS has limited support for 
meta-data.  I supposed I could add automation and/or switch to a better 
version control system; but, then again, that is etckeeper:


http://joeyh.name/code/etckeeper/


David

Re: Anyone know what this means when running aptitude update?

[Reco]

Hi.

On Sun, 26 Mar 2017 13:56:54 -0500
Nicholas Geovanis  wrote:

> On Sun, Mar 26, 2017 at 1:51 PM, Sven Hartge  wrote:
> 
> > Frank  wrote:
> >
> > > wget -qO- https://dl.google.com/linux/linux_signing_key.pub | sudo
> > > apt-key add -
> >
> > No, please do NOT use "apt-key add" but instead download the key and put
> > it as a file with the suffix ".gpg" into the directory
> > /etc/apt/trusted.gpg.d/
> >
> 
> Hi -
> Just curious why you recommend this instead of "apt-key add"?

Because 'apt-key add' can add multiple keys with such invocation.
Downloading a public key to a file *and* reading it can prevent this.

Reco

Re: Anyone know what this means when running aptitude update?

[Nicholas Geovanis]

On Sun, Mar 26, 2017 at 1:51 PM, Sven Hartge  wrote:

> Frank  wrote:
>
> > wget -qO- https://dl.google.com/linux/linux_signing_key.pub | sudo
> > apt-key add -
>
> No, please do NOT use "apt-key add" but instead download the key and put
> it as a file with the suffix ".gpg" into the directory
> /etc/apt/trusted.gpg.d/
>

Hi -
Just curious why you recommend this instead of "apt-key add"?
Thanks.Nick


> Grüße,
> Sven.
>

Re: Anyone know what this means when running aptitude update?

[Sven Hartge]

Frank  wrote:

> The hash sum mismatch is usually a passing issue: updating while the 
> repository/mirror itself is in the process of updating. If it keeps 
> showing up, that mirror is probably borked. Try deb.debian.org instead 
> of http.debian.net.

deb.debian.org, http.debian.net and httpredir.debian.org are the same.
The old service behind http.debian.net and httpredir.debian.org were
switched off in February and the hostnames now point to the same system
backing deb.debian.org

> wget -qO- https://dl.google.com/linux/linux_signing_key.pub | sudo 
> apt-key add -

No, please do NOT use "apt-key add" but instead download the key and put
it as a file with the suffix ".gpg" into the directory
/etc/apt/trusted.gpg.d/

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.

Re: Samsung ML-1915 printer

[Doug]

On 03/26/2017 10:55 AM, Rodolfo Medina wrote:

I'm still stuck with my problem, so I'm posting it again hoping for some help:
I alone don't manage to have my printer work, a Samsung ML-1915.  I installed
cups but the printer does not respond.  Printing jobs are stopped because of
"Filter failed" issue.  I also got no answer from cups mailing list.

Thanks for any help,

Rodolfo


Have you downloaded the ppd file from Samsung? I assume it's available 
on the Internet from Samsung.
Here is an install routine for an Epson printer on my PCLOS system. The 
red colors are for the printer,
the blue colors are for me. You should replace them with your own. And 
of course, the colors are not

part of the install! From a root command prompt:

lpadmin -p WP4530 -E -D "linux1" -L RPNY -v socket://192.168.1.26:9100 
-P 
/opt/epson-inkjet-printer-201113w/ppds/Epson/Epson-WP-4530_Series-epson-driver.ppd.gz 
-E


linux1 is the name of my computer
RPNY is an abbreviation of my location
192.168.1.26 is the static IP of my printer
/opt is a directory in /
/epson-inkjet-printer-201113w is a subdirectory in /opt
/ppds is the next subdirectory
/Epson is the next subdirectory
Epson-WP-4530, etc is the actual driver found in the /Epson subdirectory

I don't know what you put for the socket if your printer doesn't have a 
static ip; all of my devices have static ips. I find that otherwise I 
don't know what's where!
After you do that  open cups (http://localhost:631) and turn off 
sharing, unless you want all your computers to use the same printer all 
the time. If you have two
printers, things might get confusing. I have each of my two printers 
installed separately in each of my computers, and sharing turned off in 
each. Strange things happen
if you don't do it this way. Be very careful of CASE when you put in the 
command, and watch spaces, underlines, etc.


When you modify cups, you may have to put in name and password. For 
name, the answer is root and for password, the answer is your own root 
password.


Thanks to a Tasmanian  fellow who goes by the name "wedgetail" for 
teaching me this. via the PCLOS Forum.


--doug

Re: Postfix Dovecot et SSL : SSL23: unknown protocol

[andre_debian]

On Sunday 26 March 2017 19:58:05 Thierry Bugier Pineau wrote:

Merci de me répondre.

> Essayez de diagnostiquer avec openssl
> openssl s_client -connect serveur.org -debug :

La commande me renvoie sur le help de openssl...

> Plus de détail ici à propos de la commande; car il vous faudra peut être 
ajouter quelques arguments selon votre cas :
> https://wiki.openssl.org/index.php/Manual:S_client(1) :

Pas trop d'infos pour la syntaxe de la commande proposée... :-)

> En passant, veillez à bien interdire sslv3 et tls < 1.2 côté serveur :

Comment interdire sslv3 ?
Sinon, j'ai adopté TLS (STARTTLS) et idem, comment interdire  tls < 1.2 ?

Merci,

André
 
> Le 26 mars 2017 19:45:28 GMT+02:00, andre_deb...@numericable.fr a écrit :
> >J'ai un serveur postfix + dovecot + ssl.
> >Il marche parfaitement avec le port POP 110,
> >mais pas du tout en mode SSL port 995.
> >Voici ce que me dit "tail /var/log/mail.err" :
> >dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL 
> >routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> >Mes certifs crt et key semblent bons.
> >J'en ai créés d'autres mais idem.
> >J'ai fouillé via Google, ce message m'apporte des centaines
> >de liens mais aucun ne m'aide.
> >Merci d'une piste...  André
> 

Re: Thin Client

[Brian]

On Sun 26 Mar 2017 at 18:55:08 +0100, David wrote:

> On Sun, 2017-03-26 at 18:25 +0100, Brian wrote:
> > 
> > Although a Raspberry Pi is not particularly expensive, the 15 GBP
> > I paid for a brand new thin client was an attraction. It acts as
> > a print server. Do you want a list of printer manufacturers who do
> > not support Linux on the ARM architecture?
> > 
> Brian, can you let me know where you buy your thin clients from?
> The source I've found is 20 GBP for second hand.

Off of Ebay. Doesn't everyone? :)

The one I mentioned is a Fujitsu A250. I think my purchase was a good
one but how can anyone work out how and why Ebay sellers pitch their
wares. The device works well for me, so I am satisfied.

Dan Ritter has a point though. If I were to buy anything similar now,
I'd consider the Raspberry - although it would mean leaving my comfort
zone of Debian.

Ebay (UK) has the HP T5730 for about 20 GBP. A 1GHz CPU. Not quite up to
processing HD video but a smart machine.

-- 
Brian.

Re: duda sobre vpn

[juan carlos rebate]

El día 26 de marzo de 2017, 19:08, Cristian Mitchell
 escribió:
>
>
> El 26 mar. 2017 11:27 AM, "juan carlos rebate" 
> escribió:
>
> El día 26 de marzo de 2017, 4:13, Cristian Mitchell
>  escribió:
>>
>>
>> El 25 de marzo de 2017, 19:49, juan carlos rebate
>> escribió:
>>>
>>> El día 25 de marzo de 2017, 14:45, Cristian Mitchell
>>>  escribió:
>>> >
>>> >
>>> > El 24 de marzo de 2017, 19:56, juan carlos rebate
>>> > escribió:
>>> >>
>>> >> El día 24 de marzo de 2017, 22:24, Cristian Mitchell
>>> >>  escribió:
>>> >> >
>>> >> >
>>> >> > El 24 de marzo de 2017, 17:34, juan carlos
>>> >> > rebate
>>> >> > escribió:
>>> >> >>
>>> >> >> hola he encotrado dispositivos que crean vpns por su cuenta, osea
>>> >> >> puntos de acceso wifi y routers, lo raro esque estos dispositivos
>>> >> >> dicen tener una sola tarjeta de red, eso no es nada seguro no? es
>>> >> >> como
>>> >> >> si yo monto un debian con una sola tarjeta y hago que el trafico
>>> >> >> vpn
>>> >> >> entre y salga por la misma tarjeta, eso no la sobrecargaria?
>>> >> >>
>>> >> >
>>> >> > Preguntas por seguridad o performan?
>>> >> >
>>> >> > --
>>> >> > pregunto por seguridad, no me entra que sea seguro, es como si
>>> >> > intentases usar programacion en hilos en un procesador que no
>>> >> > soporta
>>> >
>>> >
>>> > Juan Carlos
>>> >
>>> > por favor no respondas al mail personal
>>> > asi queda registrado para el resto de los usuarios
>>> >
>>> > no hay problema de seguridad, por el lado de la vpn
>>> > si no que uno de los datos va sin encriptar,
>>> > lo mas lógico es generar la encriptacion en la misma maquina o en una
>>> > red
>>> > segura.
>>> > para luego transmitir los datos
>>> > ahora algo que no aclaraste es si la misma placa de red tiene la misma
>>> > configuración para la entrada y salida
>>> >
>>> >
>>> > --
>>> ami no me entra que eso sea seguro porque por ejemplo, los routers que
>>> tienen vpn tienen 2 interfaces, la propia wifi y la ethernet, se
>>> supone que la vpn se monta por la ethernet que va a 1gbps, pero lo que
>>> no me entra esque los routers manejan trafico vpn y no vpn, es decir
>>> el router te da opcion de configurarla por cualquier cosa entrar a tu
>>> pc desde fuera o lo que sea, pero tambien te deja tener trafico
>>> normal, todo eso con una unica tarjeta ethernet, osea el router
>>> manejando trafico encriptado y no encriptado a la vez? m, no
>>> digo que no se pueda solo que no me entra que eso sea seguro, es como
>>> si yo tengo un server con una unica ethernet y le cargo una vpn, yo
>>> puedo configurarlo para que solo atienda trafico vpn de entrada y todo
>>> de salida, eso ya alivia algo a la red pero en estos routers no se
>>> puede, aunque tampoco seria seguro el ejemplo del servidor no?
>>>
>>
>> Justamente el problema lo planteaste en tu pregunta
>> la VPN es un trafico encriptado
>> en la red no sabe que lleva,por eso se arma una vPN para enviar datos
>> sensibles
>> mientras los datos sin interés van por la red común.
>> Ahora si mandas los mismos datos por la VPN y sin encriptar en paralelo
>> lo inseguro es lo que va como plano
>>
>>
>> --
> entonces un punto de acceso o server puede operar tanto una vpn como
> trafico normal con una sola tarjeta de red sin problemas de seguridad?
> basta con encriptarlo no? ok gracias, y como podria poner en estres a
> una tarjeta para ver cuanto trafico aguanta?
>
>
>
> Es que justamente la VPN es una red virtual encriptada, lo que viaje por
> esta va en forma segura.
> Y con respecto al estrés la red no falla solo se conjestiona
pero no hay forma de prevenir congestion? por ejemplo mi isp cuando
esta congestionado me baja la velocidad de forma automatica, es decir
yo tengo 20 megas pues cuando la red va mal voy al router y veo que me
lo bajan a 10 y cuando todo va bien lo vuelven a subir a 20

Re: UID mismatch across systems

[deloptes]

Ross Boylan wrote:

> The problem is that none of those will work if the existing uids/gids
> on the systems are not already consistent, and they aren't.

And the goal of your statement was what exactly?

There is no magic wand for that - debian has default numbering for system
accounts, so only user and custom accounts need to be moved to some user
management system like mysql or ldap. Of course OP will need to chown on
each machine to make it work.

regards

Re: DD bs=4M option on USB mem-stick creates false format

[Thomas Schmitt]

Hi,

kAt wrote:
> dd if=/media/--/image.iso of=/dev/sdb bs=4M; sync
> the image works but the format of the drive seems false

The dd option "bs=" has no influence on the block size or other
drive properties as perceived by a partition editor.


> gparted when starting says that linux thinks it is a 256k block and not
> the 4m it indicates.

Normally a USB stick has a block size of 512 bytes.
Are you sure you use the term "block" in the appropriate way ?

>  It shows on an 8G drive an empty space of 28G

Very syspicious.


Which Debian ISO exactly do you use ?
What exactly does it report ?
What do these two commands report:

  /sbin/fdisk -l /dev/sdb

  echo 2 | /sbin/gdisk -l /dev/sdb


> As Gparted tried to claim and format
> this space as a 6.7G which seemed right it crashed.

Even more suspicious.


> Any advise would greatly be appreciated

The GPT in Debian ISOs is of few use.
I would erase its header block by:

  dd if=/dev/zero bs=512 seek=1 count=1 of=/dev/sdb

and then try again with a partition editor.


Have a nice day :)

Thomas

Re: Postfix Dovecot et SSL : SSL23: unknown protocol

[Thierry Bugier Pineau]

Bonjour

Essayez de diagnostiquer avec openssl

openssl s_client -connect serveur.org -debug

Plus de détail ici à propos de la commande; car il vous faudra peut être 
ajouter quelques arguments selon votre cas :
https://wiki.openssl.org/index.php/Manual:S_client(1)

En passant, veillez à bien interdire sslv3 et tls < 1.2 côté serveur.

Le 26 mars 2017 19:45:28 GMT+02:00, andre_deb...@numericable.fr a écrit :
>Encore moi, désolé :-)
>
>J'ai un serveur postfix + dovecot + ssl.
>
>Il marche parfaitement avec le port POP 110,
>mais pas du tout en mode SSL port 995.
>
>Voici ce que me dit "tail /var/log/mail.err" :
>dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL 
>routines:SSL23_GET_CLIENT_HELLO:unknown protocol
>
>Mes certifs crt et key semblent bons.
>J'en ai créés d'autres mais idem.
>
>J'ai fouillé via Google, ce message m'apporte des centaines
>de liens mais aucun ne m'aide.
>
>Merci d'une piste...
>
>André

-- 
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma 
brièveté.

Re: UID mismatch across systems

[Ross Boylan]

The problem is that none of those will work if the existing uids/gids
on the systems are not already consistent, and they aren't.

Ross

On Sun, Mar 26, 2017 at 1:57 AM, deloptes  wrote:
> Boylan, Ross wrote:
>
>> What can I do about this?
>
> I had samequestion at one point of time.
> There are perhaps at least two ways solving this.
>
> 1. use LDAP - this is more complicated but also more professional
> 2. use Mysql PAM plugin
> 3. distribute passwd and group files to slave machines
>
> https://dev.mysql.com/doc/refman/5.5/en/pam-authentication-plugin.html
> https://wiki.debian.org/LDAP/PAM
>
>

RE: Samsung ML-1915 printer

[David Martens]

http://www.bchemnet.com/suldr/



-Original Message-
From: Rodolfo Medina [mailto:rodolfo.med...@gmail.com]
Sent: Sunday, March 26, 2017 4:55 PM
To: debian-user@lists.debian.org
Subject: Samsung ML-1915 printer



I'm still stuck with my problem, so I'm posting it again hoping for some help:

I alone don't manage to have my printer work, a Samsung ML-1915.  I installed 
cups but the printer does not respond.  Printing jobs are stopped because of 
"Filter failed" issue.  I also got no answer from cups mailing list.



Thanks for any help,



Rodolfo







This communication is 
intended for the addressee only. It is confidential. If you have received this 
communication in error, please notify us immediately and destroy the original 
message. You may not copy or disseminate this communication without the 
permission of the University. Only authorised signatories are competent to 
enter into agreements on behalf of the University and recipients are thus 
advised that the content of this message may not be legally binding on the 
University and may contain the personal views and opinions of the author, which 
are not necessarily the views and opinions of The University of the 
Witwatersrand, Johannesburg. All agreements between the University and 
outsiders are subject to South African Law unless the University agrees in 
writing to the contrary. 

Re: DD bs=4M option on USB mem-stick creates false format

[kAt]

kAt:
> dd if=/media/--/image.iso of=/dev/sdb bs=4M; sync
> 
> the image works but the format of the drive seems false
> gparted when starting says that linux thinks it is a 256k block and not
> the 4m it indicates.  It shows on an 8G drive an empty space of 28G
> 
> Is it the option of bs=4M that creates this problem. The free space can
> not be formatted and partitioned.  As Gparted tried to claim and format
> this space as a 6.7G which seemed right it crashed.
> 
> Any advise would greatly be appreciated
> kAt-rin

Correction to the error message, it is this:
The driver descriptor says the physical block size is 2048 bytes, but
Linux says it is 512 bytes.

or at least that is what I get without using the bs=4M option

I am wondering whether it is a fault of the iso image (recent download
of the Rescatux 4.0beta) which I am trying to use without luck on an old
32bit Celeron?? .. with Win XP to repair its admin pass and booting
which seems to take for ever.

I am trying to use the empty part of the stick to copy and store
temporatily some important files before I mess with it or install debian

kAt

Re: DD bs=4M option on USB mem-stick creates false format

[Richard Owlett]

On 03/26/2017 12:18 PM, kAt wrote:

dd if=/media/--/image.iso of=/dev/sdb bs=4M; sync

the image works but the format of the drive seems false
gparted when starting says that linux thinks it is a 256k block and not
the 4m it indicates.  It shows on an 8G drive an empty space of 28G

Is it the option of bs=4M that creates this problem. The free space can
not be formatted and partitioned.  As Gparted tried to claim and format
this space as a 6.7G which seemed right it crashed.

Any advise would greatly be appreciated
kAt-rin


I don't know anything about "why", but I regularly see it with Jessie.
Can't recall if it was present with Squeeze {I skipped Wheezy for OT 
reasons}.

Re: Thin Client

[David]

On Sun, 2017-03-26 at 18:25 +0100, Brian wrote:
> On Sun 26 Mar 2017 at 12:23:04 -0400, Dan Ritter wrote:
> 
> > On Sun, Mar 26, 2017 at 04:22:47PM +0100, David wrote:
> > > > It looks like a 256MB RAM 400 MHz Pentium. Performance will be 
> > > > absolutely terrible compared to a $200 Chromebook converted
> > > > over
> > > > to Linux.
> > > > 
> > > > That said, there's nothing preventing you from trying. Set up
> > > > a 
> > > > standard PXE netboot and look for problems.
> > > > 
> > > > -dsr-
> > > 
> > > Thank you for the replies.
> > > 
> > > Brian, the URL's give useful information.
> > > 
> > > Dan, I'm not looking for desktop performance, I need a small and
> > > economical to run 'box' where I need to leave a machine running
> > > 24
> > > hours a day.
> > > 
> > > I currently have 4 Raspberry Pi's, 2 as DNS servers and 2 as
> > > Syslog
> > > servers, I plan to try a thin client for this type of
> > > application.
> > 
> > I don't see why you wouldn't use another Raspberry for this,
> > given their reasonable power draw and the fact that you already
> > have experience with them.
> 
> Although a Raspberry Pi is not particularly expensive, the 15 GBP
> I paid for a brand new thin client was an attraction. It acts as
> a print server. Do you want a list of printer manufacturers who do
> not support Linux on the ARM architecture?
> 
Brian, can you let me know where you buy your thin clients from?
The source I've found is 20 GBP for second hand.

David.

Re: Thin Client

[David]

On Sun, 2017-03-26 at 12:23 -0400, Dan Ritter wrote:
> On Sun, Mar 26, 2017 at 04:22:47PM +0100, David wrote:
> > > It looks like a 256MB RAM 400 MHz Pentium. Performance will be 
> > > absolutely terrible compared to a $200 Chromebook converted over
> > > to Linux.
> > > 
> > > That said, there's nothing preventing you from trying. Set up a 
> > > standard PXE netboot and look for problems.
> > > 
> > > -dsr-
> > 
> > Thank you for the replies.
> > 
> > Brian, the URL's give useful information.
> > 
> > Dan, I'm not looking for desktop performance, I need a small and
> > economical to run 'box' where I need to leave a machine running 24
> > hours a day.
> > 
> > I currently have 4 Raspberry Pi's, 2 as DNS servers and 2 as Syslog
> > servers, I plan to try a thin client for this type of application.
> 
> I don't see why you wouldn't use another Raspberry for this,
> given their reasonable power draw and the fact that you already
> have experience with them.
> 
> -dsr-
> 
Dan, that's perfectly true, but Raspbian and the Pi architecture does
have it's drawbacks, running true Debian could be an advantage.

David.

Re: `Filter failed' no print error message

[Rodolfo Medina]

Teemu Likonen  writes:

> Rodolfo Medina [2017-03-07 15:41:54Z] wrote:
>
>> Thanks, `cups' alone was enough. Now the printer seems to be
>> configured. But it does not print, and, when I get into `jobs', I see
>> they are stopped with "Filter failed" claim. What can I do? Please
>> help. Thanks.
>
> I had a "filter failed" problem too in Debian 8 and solved it by
> installing newer ghostscript package from Debian testing. This bug
> report looks familiar:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848876
>
> In case you want to try that and you are using Debian 8 you could
> proceed with this:
>
>  1. Add Debian testing repository to /etc/apt/sources.list file:
>
> deb http://ftp.debian.org/debian/ testing main
>
>  2. Run: apt update
>
>  3. Run: apt install ghostscript/testing
>
>  4. Remove the "deb" line from sources.list file.
>
>  5. Run: apt update

Thanks for your suggestion, but ghostscript is already installed in
my system, which is Sid...  So I don't think testing woul do do any better...

Rodolfo

Postfix Dovecot et SSL : SSL23: unknown protocol

[andre_debian]

Encore moi, désolé :-)

J'ai un serveur postfix + dovecot + ssl.

Il marche parfaitement avec le port POP 110,
mais pas du tout en mode SSL port 995.

Voici ce que me dit "tail /var/log/mail.err" :
dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL 
routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Mes certifs crt et key semblent bons.
J'en ai créés d'autres mais idem.

J'ai fouillé via Google, ce message m'apporte des centaines
de liens mais aucun ne m'aide.

Merci d'une piste...

André

Re: DD bs=4M option on USB mem-stick creates false format

[Darac Marjal]

"dd ... bs=4M" doesn't change the block size of the underlying device.
All it does is say that dd should copy in chunks of 4Mb. If the buffer
size is bigger, then dd spends more time copying and less time telling
the kernel to copy.


On 26/03/17 18:18, kAt wrote:
> dd if=/media/--/image.iso of=/dev/sdb bs=4M; sync
>
> the image works but the format of the drive seems false
> gparted when starting says that linux thinks it is a 256k block and not
> the 4m it indicates.  It shows on an 8G drive an empty space of 28G
>
> Is it the option of bs=4M that creates this problem. The free space can
> not be formatted and partitioned.  As Gparted tried to claim and format
> this space as a 6.7G which seemed right it crashed.
>
> Any advise would greatly be appreciated
> kAt-rin
>

Re: [1/2 HS] syntaxe qui ne va plus depuis upgrade MySQL

[andre_debian]

On Friday 24 March 2017 22:52:18 Christian Quentin wrote:
> Je ne suis pas sûr de comprendre ce que tu veux obtenir :
>   * les logos distincts avec leurs images associées ? Si oui,

Non,
Le nombre de lignes (champ) "logos" et le contenu correspondant du 
champ "images", p. ex "logo12.jpg".
 
>SELECT DISTINCT images, logos FROM tablelogo devrait faire l'affaire

>le nombre de logos distincts ? si oui, la taille du résultat de la
>requête ci-dessus te fournira l'info
>le nombre de fois où chaque logo distinct a été rencontré lors du
>regroupement ? Là, il faudra utiliser
>SELECT images, logos, COUNT(logos) FROM tablelogo GROUP BY images, logos :

Ce script marchait avant l'upgrade de mysql... :
Erreur de la requête SELECT images, logos, COUNT(logos) FROM tablelogos 
GROUP BY images, logos

> A part ça, c'est un peu curieux d'utiliser images (au pluriel) pour 
> désigner un champ qui ne contient qu'une seule image. Idem pour le champ 
> logos. Mais tu n'as peut-être pas la main là-dessus.

Ceci correspond à un vote pour un logo, nombreux logos et images,
au fur et à mesure des votes, le nombre de lignes augmentent :
logosimages
32  logo32.jpg  
25logo25.jpg
15logo15.jpg
32logo32.jpg
8  logo8.jpg
25logo25.jpg

Bonne soirée,

André

DD bs=4M option on USB mem-stick creates false format

[kAt]

dd if=/media/--/image.iso of=/dev/sdb bs=4M; sync

the image works but the format of the drive seems false
gparted when starting says that linux thinks it is a 256k block and not
the 4m it indicates.  It shows on an 8G drive an empty space of 28G

Is it the option of bs=4M that creates this problem. The free space can
not be formatted and partitioned.  As Gparted tried to claim and format
this space as a 6.7G which seemed right it crashed.

Any advise would greatly be appreciated
kAt-rin

Re: Thin Client

[Brian]

On Sun 26 Mar 2017 at 12:23:04 -0400, Dan Ritter wrote:

> On Sun, Mar 26, 2017 at 04:22:47PM +0100, David wrote:
> > > It looks like a 256MB RAM 400 MHz Pentium. Performance will be 
> > > absolutely terrible compared to a $200 Chromebook converted over
> > > to Linux.
> > > 
> > > That said, there's nothing preventing you from trying. Set up a 
> > > standard PXE netboot and look for problems.
> > > 
> > > -dsr-
> > Thank you for the replies.
> > 
> > Brian, the URL's give useful information.
> > 
> > Dan, I'm not looking for desktop performance, I need a small and
> > economical to run 'box' where I need to leave a machine running 24
> > hours a day.
> > 
> > I currently have 4 Raspberry Pi's, 2 as DNS servers and 2 as Syslog
> > servers, I plan to try a thin client for this type of application.
> 
> I don't see why you wouldn't use another Raspberry for this,
> given their reasonable power draw and the fact that you already
> have experience with them.

Although a Raspberry Pi is not particularly expensive, the 15 GBP
I paid for a brand new thin client was an attraction. It acts as
a print server. Do you want a list of printer manufacturers who do
not support Linux on the ARM architecture?

-- 
Brian.

Re: Samsung ML-1915 printer

[Brian]

On Sun 26 Mar 2017 at 18:08:17 +0100, Rodolfo Medina wrote:

> Brian  writes:
> 
> > On Sun 26 Mar 2017 at 16:47:33 +0100, Rodolfo Medina wrote:
> >
> >> Rodolfo Medina  writes:
> >> 
> >> > I'm still stuck with my problem, so I'm posting it again hoping for some
> >> > help: I alone don't manage to have my printer work, a Samsung ML-1915.  I
> >> > installed cups but the printer does not respond.  Printing jobs are
> >> > stopped because of "Filter failed" issue.  I also got no answer from cups
> >> > mailing list.
> >
> > You had *two* replies yesterday in the thread "'filter failed' no print
> > error message". Care to read the other one. 
> >  
> >> ...Strange enough, the same printer works fine on another machine of mine,
> >> where Debian Sid is *also* installed...
> >
> > Very useful. You can now compare the error_logs on both machines,
> > looking in particular at the filters used.
> 
> Yes, please indicate me...

Indicate what?

-- 
Brian.

Re: duda sobre vpn

[Cristian Mitchell]

El 26 mar. 2017 11:27 AM, "juan carlos rebate" 
escribió:

El día 26 de marzo de 2017, 4:13, Cristian Mitchell
 escribió:
>
>
> El 25 de marzo de 2017, 19:49, juan carlos rebate
> escribió:
>>
>> El día 25 de marzo de 2017, 14:45, Cristian Mitchell
>>  escribió:
>> >
>> >
>> > El 24 de marzo de 2017, 19:56, juan carlos rebate
>> > escribió:
>> >>
>> >> El día 24 de marzo de 2017, 22:24, Cristian Mitchell
>> >>  escribió:
>> >> >
>> >> >
>> >> > El 24 de marzo de 2017, 17:34, juan carlos rebate
>> >> > escribió:
>> >> >>
>> >> >> hola he encotrado dispositivos que crean vpns por su cuenta, osea
>> >> >> puntos de acceso wifi y routers, lo raro esque estos dispositivos
>> >> >> dicen tener una sola tarjeta de red, eso no es nada seguro no? es
>> >> >> como
>> >> >> si yo monto un debian con una sola tarjeta y hago que el trafico
vpn
>> >> >> entre y salga por la misma tarjeta, eso no la sobrecargaria?
>> >> >>
>> >> >
>> >> > Preguntas por seguridad o performan?
>> >> >
>> >> > --
>> >> > pregunto por seguridad, no me entra que sea seguro, es como si
>> >> > intentases usar programacion en hilos en un procesador que no
soporta
>> >
>> >
>> > Juan Carlos
>> >
>> > por favor no respondas al mail personal
>> > asi queda registrado para el resto de los usuarios
>> >
>> > no hay problema de seguridad, por el lado de la vpn
>> > si no que uno de los datos va sin encriptar,
>> > lo mas lógico es generar la encriptacion en la misma maquina o en una
>> > red
>> > segura.
>> > para luego transmitir los datos
>> > ahora algo que no aclaraste es si la misma placa de red tiene la misma
>> > configuración para la entrada y salida
>> >
>> >
>> > --
>> ami no me entra que eso sea seguro porque por ejemplo, los routers que
>> tienen vpn tienen 2 interfaces, la propia wifi y la ethernet, se
>> supone que la vpn se monta por la ethernet que va a 1gbps, pero lo que
>> no me entra esque los routers manejan trafico vpn y no vpn, es decir
>> el router te da opcion de configurarla por cualquier cosa entrar a tu
>> pc desde fuera o lo que sea, pero tambien te deja tener trafico
>> normal, todo eso con una unica tarjeta ethernet, osea el router
>> manejando trafico encriptado y no encriptado a la vez? m, no
>> digo que no se pueda solo que no me entra que eso sea seguro, es como
>> si yo tengo un server con una unica ethernet y le cargo una vpn, yo
>> puedo configurarlo para que solo atienda trafico vpn de entrada y todo
>> de salida, eso ya alivia algo a la red pero en estos routers no se
>> puede, aunque tampoco seria seguro el ejemplo del servidor no?
>>
>
> Justamente el problema lo planteaste en tu pregunta
> la VPN es un trafico encriptado
> en la red no sabe que lleva,por eso se arma una vPN para enviar datos
> sensibles
> mientras los datos sin interés van por la red común.
> Ahora si mandas los mismos datos por la VPN y sin encriptar en paralelo
> lo inseguro es lo que va como plano
>
>
> --
entonces un punto de acceso o server puede operar tanto una vpn como
trafico normal con una sola tarjeta de red sin problemas de seguridad?
basta con encriptarlo no? ok gracias, y como podria poner en estres a
una tarjeta para ver cuanto trafico aguanta?



Es que justamente la VPN es una red virtual encriptada, lo que viaje por
esta va en forma segura.
Y con respecto al estrés la red no falla solo se conjestiona

Re: Samsung ML-1915 printer

[Rodolfo Medina]

Brian  writes:

> On Sun 26 Mar 2017 at 16:47:33 +0100, Rodolfo Medina wrote:
>
>> Rodolfo Medina  writes:
>> 
>> > I'm still stuck with my problem, so I'm posting it again hoping for some
>> > help: I alone don't manage to have my printer work, a Samsung ML-1915.  I
>> > installed cups but the printer does not respond.  Printing jobs are
>> > stopped because of "Filter failed" issue.  I also got no answer from cups
>> > mailing list.
>
> You had *two* replies yesterday in the thread "'filter failed' no print
> error message". Care to read the other one. 
>  
>> ...Strange enough, the same printer works fine on another machine of mine,
>> where Debian Sid is *also* installed...
>
> Very useful. You can now compare the error_logs on both machines,
> looking in particular at the filters used.

Yes, please indicate me...

Thanks

Rodolfo

Re: `Filter failed' no print error message

[Rodolfo Medina]

Brian  writes:

> There are two other questions in the mail you are responding to. You 
> have not dealt with them. I'll repeat them for reference:
>
>  > From where did you get the necessary drivers?
>  > Is there any sign of "gstoraster" in your error_log?

Sorry...  No, no gstoraster in error_log.  From UnifiedLinuxDriver_1.02.tar.gz
I extracted ML-191xspl2.ppd and copied it in a subdirectory of my home
directory, and the file rastertosamsungspl that I copied into
/usr/lib/cups/filter.


> You have rastertosamsungspl as a filter. It needs to be given raster
> data. It looks like it is being given PostScript - so the filter stops.
>
> Also provide the outputs of
>
>  cat /etc/cups/ppd/ppd_for_the printer | grep NickName

Here it is:

# cat Samsung_ML-191x_252x_Series.ppd | grep NickName
*ShortNickName: "ML-191x 252x"
*NickName:  "Samsung ML-191x 252x Series"


> and 
>
>  cat /etc/cups/ppd/ppd_for_the printer | grep cupsFilter
>
> You will probably have to be root to get these.


and:

# cat Samsung_ML-191x_252x_Series.ppd | grep cupsFilter
*cupsFilter:  "application/vnd.cups-postscript 0 rastertosamsungspl"

What now?  Thanks...

Rodolfo

Re: Anyone know what this means when running aptitude update?

[Frank]

Op 26-03-17 om 18:01 schreef Mark Fletcher:

Hello

When I run aptitude update I get, amongst the successful update reports,
the following error messages:

W: There is no public key available for the following key IDs:
1397BC53640DB551
W: Failed to fetch 
http://http.debian.net/debian/dists/jessie-backports/main/i18n/Translation-enIndex:
 Hash Sum mismatch
E: Some index files failed to download. They have been ignored, or old ones 
used instead.
E: Couldn't rebuild package cache

I'm not sure if the warning about the key and the second warning are
related or not, I've got my doubts.


They're not. The key ID is a very well known issue (at least on the 
forums), to do with google's repository. They started using a new key 
last April and didn't tell anyone.
The hash sum mismatch is usually a passing issue: updating while the 
repository/mirror itself is in the process of updating. If it keeps 
showing up, that mirror is probably borked. Try deb.debian.org instead 
of http.debian.net.


The key ID can be fixed in several ways. I usually suggest:

wget -qO- https://dl.google.com/linux/linux_signing_key.pub | sudo 
apt-key add -


Alternatively:

sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 1397BC53640DB551

Regards,
Frank

Re: openvpn - Não consigo acessar maquinas clientes

[Mauricio Neto]

Leandro boa tarde.

Vou tentar explicar melhor

Servidor na matriz com openvpn IP x.y.z.219/24
Rede vpn 10.a.b.0/24
lojas IP da vpn fixo configurado via o arquivo /etc/openvpn/ccd no 
servidor. (10.a.b.1,10.a.b.2,10.a.b.3,...)


Matriz um servidor openvpn (x.y.z.219/24) utilizando ip 
publico<---vpn> Lojas - Cliente openvpn instalado conexão internet 
Velox - Acesso sem problemas todas as lojas.


Minha maquina na matriz com uma rota para o servidor openvpn x.y.z.219 
(/add route  <10.a.b.0> 255.255.255.0 x.y.z.219/) acesso o x.y.z.219 mas 
não as maquinas nas lojas (via vpn rede 10.a.b.0)
Se efetuo um traceroute da minha maquina para um ip da rede vpn (exemplo 
10.a.b.1)  o primeiro salto é o servidor openvpn (x.y.z.219) como 
esperado mas não roteia para as maquinas na loja rede.


Minha casa com um cliente openvpn internet Virtua <--> matriz. 
Acesso todas as lojas (rede vpn 10.a.b.0), a maquina x.y.z.219 na 
matriz, mas não a rede interna, "atrás" da vpn (x.y.z.200, x.y.z.201, 
x.y.z.202, etc)


Ficou claro?
O que mais me intriga é que estava funcionando, depois que tive que 
reiniciar o servidor openvpn (x.y.z.219) parou de funcionar.

Acredito que eu esteja esquecendo de alguma rota estática  ou nat.
OBS: neste cenário ainda não tenho firewall configurado.

Obrigado
Mauricio Neto




Em 24/03/2017 08:31, Leandro de Lima Camargo escreveu:

Mauricio,

Eu não entendi muito bem a parte da sua máquina estar na mesma rede do 
servidor.

Teria algum diagrama da rede?




Atenciosamente,
*Leandro de Lima Camargo*


On Mar 232017, at 3:25 PM, Mauricio Neto > wrote:


Leandro boa tarde.

Qualquer maquina onde tenha instalado o openvpn eu consigo acessar 
sem problemas. Como teste tenho um notebook aqui na matriz via wifi 
para ficar em uma rede diferente e acesso qualquer maquina clientes 
nas loja inclusive uso o vnc para acesso remoto.


Meu problema esta na minha maquina na própria rede do servidor vpn 
que não consigo acessar as maquinas clientes.


Eu sei que é um problema de rota estática, ou nat (ou ambos) mas 
estou perdido.


Atenciosamente
Mauricio Neto

Em 23-03-2017 13:32, Leandro de Lima Camargo escreveu:

E um traceroute reverso? A partir de uma máquina nas lojas?
O traceroute aparenta faltar gateway nas máquinas das lojas. O 
pacote chega no servidor e vai pra máquina, mas não tem rota pra 
retornar.




Atenciosamente,
*Leandro de Lima Camargo*


On Mar 232017, at 11:58 AM, Mauricio Neto > wrote:


Amigos bom dia.
Estou com um problema que sei que estou esquecendo de algo, mas não 
consigo identificar a bobagem.


Instalei o openvpn em um servidor na matriz e openvpn nas lojas e 
tudo funciona sem problema, ou seja como instalei client-to-client 
e ip fixo usando o diretório ccd as maquinas que tem o openvpn 
instalado se comunicam sem problemas.


Na minha maquina na matriz (dentro da rede onde esta instalado o 
servidor openvpn) crio a rota para o servidor (route add -net 

Re: Thin Client

[Dan Ritter]

On Sun, Mar 26, 2017 at 04:22:47PM +0100, David wrote:
> > It looks like a 256MB RAM 400 MHz Pentium. Performance will be 
> > absolutely terrible compared to a $200 Chromebook converted over
> > to Linux.
> > 
> > That said, there's nothing preventing you from trying. Set up a 
> > standard PXE netboot and look for problems.
> > 
> > -dsr-
> Thank you for the replies.
> 
> Brian, the URL's give useful information.
> 
> Dan, I'm not looking for desktop performance, I need a small and
> economical to run 'box' where I need to leave a machine running 24
> hours a day.
> 
> I currently have 4 Raspberry Pi's, 2 as DNS servers and 2 as Syslog
> servers, I plan to try a thin client for this type of application.

I don't see why you wouldn't use another Raspberry for this,
given their reasonable power draw and the fact that you already
have experience with them.

-dsr-

Re: Samsung ML-1915 printer

[Brian]

On Sun 26 Mar 2017 at 16:47:33 +0100, Rodolfo Medina wrote:

> Rodolfo Medina  writes:
> 
> > I'm still stuck with my problem, so I'm posting it again hoping for some
> > help: I alone don't manage to have my printer work, a Samsung ML-1915.  I
> > installed cups but the printer does not respond.  Printing jobs are stopped
> > because of "Filter failed" issue.  I also got no answer from cups mailing
> > list.

You had *two* replies yesterday in the thread "'filter failed' no print
error message". Care to read the other one. 
 
> ...Strange enough, the same printer works fine on another machine of mine,
> where Debian Sid is *also* installed...

Very useful. You can now compare the error_logs on both machines,
looking in particular at the filters used.

-- 
Brian.

Anyone know what this means when running aptitude update?

[Mark Fletcher]

Hello 

When I run aptitude update I get, amongst the successful update reports, 
the following error messages:

W: There is no public key available for the following key IDs:
1397BC53640DB551
W: Failed to fetch 
http://http.debian.net/debian/dists/jessie-backports/main/i18n/Translation-enIndex:
 Hash Sum mismatch
E: Some index files failed to download. They have been ignored, or old ones 
used instead.
E: Couldn't rebuild package cache

I'm not sure if the warning about the key and the second warning are 
related or not, I've got my doubts.

My sources.list looks like this:

# 

# deb cdrom:[Debian GNU/Linux wheezy-DI-a1 _Wheezy_ - Official Snapshot amd64 
NETINST Binary-1 20120512-00:39]/ wheezy main

# deb cdrom:[Debian GNU/Linux wheezy-DI-a1 _Wheezy_ - Official Snapshot amd64 
NETINST Binary-1 20120512-00:39]/ wheezy main

deb http://ftp.jp.debian.org/debian/ jessie main contrib non-free
deb-src http://ftp.jp.debian.org/debian/ jessie main contrib non-free

deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free

deb http://ftp.jp.debian.org/debian/ jessie-updates main contrib non-free

deb http://www.deb-multimedia.org jessie main non-free


and files in sources.list.d add the following:

deb http://dl.google.com/linux/talkplugin/deb/ stable main

deb http://http.debian.net/debian/ jessie-backports main


I'm located in Japan, hence my (long-standing) use of the Japan Debian 
mirror ftp.jp.debian.org for the mainstream stuff, but I came late to 
the party of automatic mirror selection, hence my more-recently-added 
jessie-backports using http.debian.net. Which seems to be having some 
sort of problem...

I imagine jessie-backports is available on ftp.jp.debian.org, but rather 
than camouflage the problem I'd like to understand and solve it.

Googling around the missing key ID, most of the solutions are for Ubuntu 
and mention PPAs which are not a Debian thing. I am not sure where to go 
to find the public key with that key ID, for the first warning, and I 
really don't know how to interpret the second, if it is not caused by 
the first (instinctively, I suspect not).

Any idea what is causing the warnings I consistently get on aptitude 
update, and can anyone confirm that the errors that follow those 
warnings are caused by the warnings and not indicative of something ELSE 
being wrong?

Thanks

Mark

Re: DPKG install fails with read only filesystem on non read-only filesystem

[Felix Winterhalter]

Hello again,

this is a wonderful case where rubberduck-debugging might have made
sense. Right after submitting this mail I found the error.

The webserver that runs the install script has a systemd unit with
ProtectSystem=full
set.

This prevents writes to /usr even though its not specifically read only.
Since with sudo its a subprocess of the parent this restriction also
applies to the install script.

Sorry for the spam, I hope this entry might help future people with a
similar problem,
Felix

On 26/03/2017 17:46, Felix Winterhalter wrote:
> Hello,
> 
> for various reasons I am currently writing a script to install packages
> by calling dpkg -i package.deb.
> 
> This mechanism has worked fine for a while. Now I need to call said
> script using sudo noninteractively from a webserver.
> 
> This leads me to my error:
> 
> Mar 26 11:36:42 debbuilder package-updater[32246]: (Reading database ...
> 124404 files and directories currently installed.)
> Mar 26 11:36:42 debbuilder package-updater[32246]: Preparing to unpack
> .../package_0.2_all.deb ...
> Mar 26 11:36:42 debbuilder package-updater[32246]: Unpacking package
> (0.2) over (0.2) ...
> Mar 26 11:36:42 debbuilder package-updater[32246]: dpkg: error
> processing archive /tmp/package-update-unpack/unpack/package_0.2_all.deb
> (--install):
> Mar 26 11:36:42 debbuilder package-updater[32246]: unable to clean up
> mess surrounding `./usr/share/doc/package' before installing another
> version: Read-only file system
> Mar 26 11:36:42 debbuilder package-updater[32246]: Errors were
> encountered while processing:
> Mar 26 11:36:42 debbuilder package-updater[32246]:
> /tmp/package-update-unpack/unpack/package_0.2_all.deb
> 
> Neither /tmp nor /usr is non writeable.
> 
> Calling the package install script manually via sudo from a normal user
> runs everything as normal without any error. So the package itself is
> not a problem ( apparently ).
> 
> I've been trying to find the source of this error since a couple of
> hours now. I haven't been able to make any real progress and was
> wondering whether anyone here would have an idea whats going wrong.
> 
> This error is happening on two independent debian systems.
> 
> / is mounted
> 
> /dev/sda1 on / type ext4 (rw,relatime,data=ordered)
> 
> tmp is a normal folder not another mountpoint
> 
> The packages are uploaded via a python webserver. However the package
> integrity is checked before applying the install. The packages
> themselves are intact.
> 
> Best regards,
> Felix
> 

Re: Samsung ML-1915 printer

[Rodolfo Medina]

Rodolfo Medina  writes:

> I'm still stuck with my problem, so I'm posting it again hoping for some
> help: I alone don't manage to have my printer work, a Samsung ML-1915.  I
> installed cups but the printer does not respond.  Printing jobs are stopped
> because of "Filter failed" issue.  I also got no answer from cups mailing
> list.


...Strange enough, the same printer works fine on another machine of mine,
where Debian Sid is *also* installed...

Rodolfo

DPKG install fails with read only filesystem on non read-only filesystem

[Felix Winterhalter]

Hello,

for various reasons I am currently writing a script to install packages
by calling dpkg -i package.deb.

This mechanism has worked fine for a while. Now I need to call said
script using sudo noninteractively from a webserver.

This leads me to my error:

Mar 26 11:36:42 debbuilder package-updater[32246]: (Reading database ...
124404 files and directories currently installed.)
Mar 26 11:36:42 debbuilder package-updater[32246]: Preparing to unpack
.../package_0.2_all.deb ...
Mar 26 11:36:42 debbuilder package-updater[32246]: Unpacking package
(0.2) over (0.2) ...
Mar 26 11:36:42 debbuilder package-updater[32246]: dpkg: error
processing archive /tmp/package-update-unpack/unpack/package_0.2_all.deb
(--install):
Mar 26 11:36:42 debbuilder package-updater[32246]: unable to clean up
mess surrounding `./usr/share/doc/package' before installing another
version: Read-only file system
Mar 26 11:36:42 debbuilder package-updater[32246]: Errors were
encountered while processing:
Mar 26 11:36:42 debbuilder package-updater[32246]:
/tmp/package-update-unpack/unpack/package_0.2_all.deb

Neither /tmp nor /usr is non writeable.

Calling the package install script manually via sudo from a normal user
runs everything as normal without any error. So the package itself is
not a problem ( apparently ).

I've been trying to find the source of this error since a couple of
hours now. I haven't been able to make any real progress and was
wondering whether anyone here would have an idea whats going wrong.

This error is happening on two independent debian systems.

/ is mounted

/dev/sda1 on / type ext4 (rw,relatime,data=ordered)

tmp is a normal folder not another mountpoint

The packages are uploaded via a python webserver. However the package
integrity is checked before applying the install. The packages
themselves are intact.

Best regards,
Felix

Console temps de mise en veille

[Hilaire]

Hello,

Sur une Jessie fraîchement installée avec uniquement l'environnement
console, je souhaite raccourcir le temps de mise en veille de l'écran.

Celui par défaut est un peu long pour mes besoins, et j'ai donc modifié
dans le fichier /etc/kbd/config:

BLANK_TIME=1
 et
POWERDOWN_TIME=2

Cela n'a malheureusement aucun effet.

Une idée ?

Merci

Hilaire

-- 
Dr. Geo
http://drgeo.eu

Re: Samsung ML-1915 printer

[Rodolfo Medina]

Teemu Likonen  writes:

> Rodolfo Medina [2017-03-26 15:55:15+01] wrote:
>
>> I'm still stuck with my problem, so I'm posting it again hoping for
>> some help: I alone don't manage to have my printer work, a Samsung
>> ML-1915. I installed cups but the printer does not respond. Printing
>> jobs are stopped because of "Filter failed" issue. I also got no
>> answer from cups mailing list.
>
> It also seems that you don't read all the answers you get from this list
> (I'll Cc to you). Here's what I wrote quite recently:
>
> https://lists.debian.org/debian-user/2017/03/msg01005.html


Sorry...  Thanks for your suggestion, but ghostscript is already installed in
my system, which is Sid...  So I don't think testing woul do do any better...

Rodolfo

Re: Thin Client

[David]

On Sun, 2017-03-26 at 10:42 -0400, Dan Ritter wrote:
> On Sat, Mar 25, 2017 at 05:08:34AM +, David wrote:
> > On Fri, 2017-03-24 at 19:48 +, Brian wrote:
> > > On Fri 24 Mar 2017 at 19:20:54 +, David wrote:
> > > 
> > > > Dear Group,
> > > > 
> > > > Has anybody put Debian onto a thin client?
> > > > 
> > > > If so what version?
> > > > 
> > > > I'm going to try soon, so if there's any guidance I'd
> > > > appreciate
> > > > it.
> > > 
> > > Much, much, much too wide a question. Please narrow it down to
> > > some
> > > specfic client.
> > > 
> > 
> > The unit I am looking at is a 10ZiG RBT-470, seems to have a good
> > specification and is cheap.
> 
> 
> It looks like a 256MB RAM 400 MHz Pentium. Performance will be 
> absolutely terrible compared to a $200 Chromebook converted over
> to Linux.
> 
> That said, there's nothing preventing you from trying. Set up a 
> standard PXE netboot and look for problems.
> 
> -dsr-
Thank you for the replies.

Brian, the URL's give useful information.

Dan, I'm not looking for desktop performance, I need a small and
economical to run 'box' where I need to leave a machine running 24
hours a day.

I currently have 4 Raspberry Pi's, 2 as DNS servers and 2 as Syslog
servers, I plan to try a thin client for this type of application.

David.

Re: Samsung ML-1915 printer

[Teemu Likonen]

Rodolfo Medina [2017-03-26 15:55:15+01] wrote:

> I'm still stuck with my problem, so I'm posting it again hoping for
> some help: I alone don't manage to have my printer work, a Samsung
> ML-1915. I installed cups but the printer does not respond. Printing
> jobs are stopped because of "Filter failed" issue. I also got no
> answer from cups mailing list.

It also seems that you don't read all the answers you get from this list
(I'll Cc to you). Here's what I wrote quite recently:

https://lists.debian.org/debian-user/2017/03/msg01005.html


-- 
/// Teemu Likonen   - .-..    //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///


signature.asc
Description: PGP signature

Samsung ML-1915 printer

[Rodolfo Medina]

I'm still stuck with my problem, so I'm posting it again hoping for some help:
I alone don't manage to have my printer work, a Samsung ML-1915.  I installed
cups but the printer does not respond.  Printing jobs are stopped because of
"Filter failed" issue.  I also got no answer from cups mailing list.

Thanks for any help,

Rodolfo

Re: Thin Client

[Dan Ritter]

On Sat, Mar 25, 2017 at 05:08:34AM +, David wrote:
> On Fri, 2017-03-24 at 19:48 +, Brian wrote:
> > On Fri 24 Mar 2017 at 19:20:54 +, David wrote:
> > 
> > > Dear Group,
> > > 
> > > Has anybody put Debian onto a thin client?
> > > 
> > > If so what version?
> > > 
> > > I'm going to try soon, so if there's any guidance I'd appreciate
> > > it.
> > 
> > Much, much, much too wide a question. Please narrow it down to some
> > specfic client.
> > 
> The unit I am looking at is a 10ZiG RBT-470, seems to have a good
> specification and is cheap.


It looks like a 256MB RAM 400 MHz Pentium. Performance will be 
absolutely terrible compared to a $200 Chromebook converted over
to Linux.

That said, there's nothing preventing you from trying. Set up a 
standard PXE netboot and look for problems.

-dsr-

Re: SSH Access Issue

[Cindy-Sue Causey]

On 3/26/17, Cindy-Sue Causey  wrote:
> On 3/26/17, Philippe LeCavalier  wrote:
>> On Sat, Mar 25, 2017, 17:52  wrote:
>>
>>> On Sat, Mar 25, 2017 at 06:56:03PM +, Philippe LeCavalier wrote:
>>>
>>> > Nevermind. I changed the forward to another box and can't get to it
>>> either
>>> > so it has to be something in the firewall capturing the connection
>>> despite
>>> > it showing a clean passthru.
>>>
>>> I see you found a clue to follow. One very helpful tool in those cases
>>> is the option -v (verbose) on the client:
>>>
>>>   ssh -v user@host.domain
>>>
>>> It shows you details of the handshake as it proceeds (try first on a
>>> working connection, to get an idea of what to expect). More "-v"
>>> increase the verbosity.
>>>
>>>
>> Turns out the box had a second default gateway by mistake, mine of
>> course.
>> I guess I forgot I manually added the default gateway when the box was in
>> my lab. As it turns out the clue was irrelevant but talking things out
>> here
>> did somehow lead my the the right clue.
>
>
> This sounds like it *might* be something that I've mentioned at least
> once, possibly twice, within seeming appropriate threads.
>
> In the case I'm thinking, it's about manually adding multiple lines to
> a file that I'm not completely remembering just now. Gut is saying
> it's /etc/network/interfaces. Mine's almost empty so I don't have an
> example to confirm that.
>
> What I encountered wasn't about declaring different values for
> gateway, either. For whatever reasons due to innate [functionality],
> it becomes a fail even if you declare the same gateway value for that
> line within each new, separate block of declarations. Success is found
> by declaring it once then omitting that line within any other new
> blocks added over time.
>
> Between my setup and cognition, I've never had anything stable enough
> to test if it matters which block that gateway is declared. I've
> wondered if it matters that it be in the first block, or if it just
> needs to show up somewhere in that file. I was consciously putting it
> in the first block because that seemed to be the *logical* thing to do
> k/t having touched on programming 20 years ago at a local tech school.


I literally HATE when this happens. Forgot something then remembered
as the first email was blipping off the screen. I also wanted to
wonder out loud if it's possible to teach programs that touch on that
to complain specifically about that duplication being the cause of
failure.

That error would save users a lot of hair pulling. I only ever
stumbled on that tidbit completely by accident because I had hit up a
BUNCH of different website help lists while trying to get my setup to
function here. My guess is that I would/will not likely recall that
being a potential check point during potential future moments of
failure, too. It only ever comes to mind now when someone writes the
right keywords that trigger the memory of that tip. :)

Cindy :)

-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Re: duda sobre vpn

[juan carlos rebate]

El día 26 de marzo de 2017, 4:13, Cristian Mitchell
 escribió:
>
>
> El 25 de marzo de 2017, 19:49, juan carlos rebate
> escribió:
>>
>> El día 25 de marzo de 2017, 14:45, Cristian Mitchell
>>  escribió:
>> >
>> >
>> > El 24 de marzo de 2017, 19:56, juan carlos rebate
>> > escribió:
>> >>
>> >> El día 24 de marzo de 2017, 22:24, Cristian Mitchell
>> >>  escribió:
>> >> >
>> >> >
>> >> > El 24 de marzo de 2017, 17:34, juan carlos rebate
>> >> > escribió:
>> >> >>
>> >> >> hola he encotrado dispositivos que crean vpns por su cuenta, osea
>> >> >> puntos de acceso wifi y routers, lo raro esque estos dispositivos
>> >> >> dicen tener una sola tarjeta de red, eso no es nada seguro no? es
>> >> >> como
>> >> >> si yo monto un debian con una sola tarjeta y hago que el trafico vpn
>> >> >> entre y salga por la misma tarjeta, eso no la sobrecargaria?
>> >> >>
>> >> >
>> >> > Preguntas por seguridad o performan?
>> >> >
>> >> > --
>> >> > pregunto por seguridad, no me entra que sea seguro, es como si
>> >> > intentases usar programacion en hilos en un procesador que no soporta
>> >
>> >
>> > Juan Carlos
>> >
>> > por favor no respondas al mail personal
>> > asi queda registrado para el resto de los usuarios
>> >
>> > no hay problema de seguridad, por el lado de la vpn
>> > si no que uno de los datos va sin encriptar,
>> > lo mas lógico es generar la encriptacion en la misma maquina o en una
>> > red
>> > segura.
>> > para luego transmitir los datos
>> > ahora algo que no aclaraste es si la misma placa de red tiene la misma
>> > configuración para la entrada y salida
>> >
>> >
>> > --
>> ami no me entra que eso sea seguro porque por ejemplo, los routers que
>> tienen vpn tienen 2 interfaces, la propia wifi y la ethernet, se
>> supone que la vpn se monta por la ethernet que va a 1gbps, pero lo que
>> no me entra esque los routers manejan trafico vpn y no vpn, es decir
>> el router te da opcion de configurarla por cualquier cosa entrar a tu
>> pc desde fuera o lo que sea, pero tambien te deja tener trafico
>> normal, todo eso con una unica tarjeta ethernet, osea el router
>> manejando trafico encriptado y no encriptado a la vez? m, no
>> digo que no se pueda solo que no me entra que eso sea seguro, es como
>> si yo tengo un server con una unica ethernet y le cargo una vpn, yo
>> puedo configurarlo para que solo atienda trafico vpn de entrada y todo
>> de salida, eso ya alivia algo a la red pero en estos routers no se
>> puede, aunque tampoco seria seguro el ejemplo del servidor no?
>>
>
> Justamente el problema lo planteaste en tu pregunta
> la VPN es un trafico encriptado
> en la red no sabe que lleva,por eso se arma una vPN para enviar datos
> sensibles
> mientras los datos sin interés van por la red común.
> Ahora si mandas los mismos datos por la VPN y sin encriptar en paralelo
> lo inseguro es lo que va como plano
>
>
> --
entonces un punto de acceso o server puede operar tanto una vpn como
trafico normal con una sola tarjeta de red sin problemas de seguridad?
basta con encriptarlo no? ok gracias, y como podria poner en estres a
una tarjeta para ver cuanto trafico aguanta?

Re: SSH Access Issue

[Cindy-Sue Causey]

On 3/26/17, Philippe LeCavalier  wrote:
> On Sat, Mar 25, 2017, 17:52  wrote:
>
>> On Sat, Mar 25, 2017 at 06:56:03PM +, Philippe LeCavalier wrote:
>>
>> > Nevermind. I changed the forward to another box and can't get to it
>> either
>> > so it has to be something in the firewall capturing the connection
>> despite
>> > it showing a clean passthru.
>>
>> I see you found a clue to follow. One very helpful tool in those cases
>> is the option -v (verbose) on the client:
>>
>>   ssh -v user@host.domain
>>
>> It shows you details of the handshake as it proceeds (try first on a
>> working connection, to get an idea of what to expect). More "-v"
>> increase the verbosity.
>>
>>
> Turns out the box had a second default gateway by mistake, mine of course.
> I guess I forgot I manually added the default gateway when the box was in
> my lab. As it turns out the clue was irrelevant but talking things out here
> did somehow lead my the the right clue.


This sounds like it *might* be something that I've mentioned at least
once, possibly twice, within seeming appropriate threads.

In the case I'm thinking, it's about manually adding multiple lines to
a file that I'm not completely remembering just now. Gut is saying
it's /etc/network/interfaces. Mine's almost empty so I don't have an
example to confirm that.

What I encountered wasn't about declaring different values for
gateway, either. For whatever reasons due to innate [functionality],
it becomes a fail even if you declare the same gateway value for that
line within each new, separate block of declarations. Success is found
by declaring it once then omitting that line within any other new
blocks added over time.

Between my setup and cognition, I've never had anything stable enough
to test if it matters which block that gateway is declared. I've
wondered if it matters that it be in the first block, or if it just
needs to show up somewhere in that file. I was consciously putting it
in the first block because that seemed to be the *logical* thing to do
k/t having touched on programming 20 years ago at a local tech school.
:)

Just thinking out loud...

Cindy :)

-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Re: Thunderbird (OK, "Icedove") has no icon in task-switching panel in Xfce

[Cindy-Sue Causey]

On 3/26/17, Carl Fink  wrote:
> My, that's a small, specific question I'm asking.
>
> I'm running Icedove 1:45.8.0-2 (which is really Thunderbird 1:45.8.0-2)
> under Debian testing, with
> Xfce 4.12.3 as my desktop environment. It works fine (modulo the fact
> that I don't like every tbird
> design decision, but it works as designed), except for one very small
> thing: when I task-switch
> using alt-tab, the icon for Thunderbird is the
> empty-white-window-with-blue-title-bar icon, which
> I'm presuming is the default for "this program has not defined an icon".
> That's also the icon that
> appears in the workspace indicator in the Xfce4 panel.
>
> Is this a bug? Are others seeing this? It is not a huge deal, but it's
> annoying because I always
> task-switch with alt-tab and finding Thunderbird is harder when it has a
> nondistinctive icon that
> does not match the one in its button on the main Xfce panel.


Definitely an annoyance. At some point, I had a setup that had a BUNCH
of that, several different programs, going on. Within a couple
updates, it appeared to be addressed by developers.

Speaking firsthand: Accessibility wise, it's cognitively related to a
program's usability.

If this was me, I'd track down where the icons should be, and see if
there's some way to send in a patch so the developers don't have to do
this in addition to the serious coding.

No, I don't know where to look just this second. I started to try to
do the same back when I encountered it, but never got through the
process to be able to suggest where to start and finish..

Good luck if you try to help with it..

Cindy :)

-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Re: Apt trusted.gpg file problems

[Cindy-Sue Causey]

On 3/26/17, Miltiades Vasiliades  wrote:
> I tried switching the mirrors through synaptic then synaptic as usual asked
> to refresh however the refresh ended with the following errors
>
> W: http://repo.steampowered.com/steam/dists/precise/InRelease: The key(s) in
> the keyring /etc/apt/trusted.gpg are ignored as the file is not readable by
> user '_apt' executing apt-key.
> W:
> http://security.debian.org/…/dists/stretch/updates/InRelease:
> The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is
> not readable by user '_apt' executing apt-key.
> W: http://ftp.de.debian.org/debian/dists/stretch/InRelease: The key(s) in
> the keyring /etc/apt/trusted.gpg are ignored as the file is not readable by
> user '_apt' executing apt-key.
>
>
> Any ideas how to resolve that issue?


DISCLAIMER: This may be apples and oranges thus not even close, but am
writing anyway because I've seen something similar to that "not
readable by user '_apt'" part.

That said...

*heh!* That's the message I've had before. I referenced it somewhere
on here a while back. Do you have anything symlinked?

In my case, I had /var/cache/apt/archives symlinked because it's
massive k/t being on dialup yada-yada. I went through and looked at
permissions in my case. They didn't seem to change, but that
symlinking definitely borked/broked it somehow.

I thought maybe there was a permissions disintegration because my
symlinking traveled a few levels into a non-standard (homegrown
personalized) directory tree on an external hard drive.

As a test, I tried rsync copying over the directory tree from the
primary one that worked. Rsync very nicely properly preserves
permissions. I then symlinked to that new directory, but at that
moment it still did not work..

One thing I don't know is if it has always been like that, or if it is
something that became a new bug somehow. The error is new for me in
the last six months to a year or so.

An important detail that I can't remember is if I was symlinking in
this manner prior to that time. That would have shown if things used
to work and now don't... or not.

This is the deal that turned out to be the culprit in my MANY failed
debootstrap efforts. There would be an error message about _apt and
permissions before debootstrap finished. I'd run debootstrap again
because that works for apt-get (yeah, I know, apples, oranges, former
bleached blonde, but anyway).

There'd be no error message on that second run, and it missed my
consciousness that things didn't go all the way through to the normal
successful install message. I'd chroot in, and that's when root's "I
Have No Name!" identity crisis slash eventual debootstrap install fail
came into play.

Just thinking out loud. :)

Cindy :)

-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Re: Desactivar montaje automatico discos externos

[Yasniel López Argüez]

On 03/26/2017 05:38 AM, R Calleja wrote:

Buenos dias, alguien puede ayudarme.
1.- como desactivar el montaje automatico de discos externos, memorias 
usb,... en debian 8 .
He probado varias cosas, editar gconf, cambiar permisos a /media/ pero 
no he podido hacerlo con exito.
Hay un grupo que administra eso, si la memoria no me falla creo que se 
llama plugdev, si quitas el usuario de ese grupo, en teoría no debería 
funcionar el montaje automático.




2.- como se puede acceder al login que sale en el arranque del sistema
Mmm... que te refieres exactamente?? contraseña del grub?? del BIOS?? se 
un poco mas específico.


3.- que es y para que sirve el modo Failsafe de los Livecd de debian.
Segun parece tiene varios modos de arranque, alquien sabe para que sirven.
El modo failsafe es exactamente como lo dice el nombre, vendría siendo 
como un modo seguro de Windows, te facilita mucho la vida cuando pierdes 
contraseñas y errores muy comunes como problemas a la hora de montar HDD 
o mantenimiento del sistema.


Muchas gracias, Roberto.


Salu2

Re: Apt trusted.gpg file problems

[Frank]

Op 26-03-17 om 11:03 schreef Miltiades Vasiliades:

I tried switching the mirrors through synaptic then synaptic as usual
asked to refresh however the refresh ended with the following errors

W: http://repo.steampowered.com/steam/dists/precise/InRelease: The
key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is
not readable by user '_apt' executing apt-key.
W: http://security.debian.org/…/dists/stretch/updates/InRelease
:
The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file
is not readable by user '_apt' executing apt-key.
W: http://ftp.de.debian.org/debian/dists/stretch/InRelease: The key(s)
in the keyring /etc/apt/trusted.gpg are ignored as the file is not
readable by user '_apt' executing apt-key.


Any ideas how to resolve that issue?


On my stretch system, the permissions for that file are 0644 rather than 
0600. Check what they are on your system and change them if necessary. I 
assume you know how to do that as you're apparently using 
stretch/testing (the _apt user only exists since apt version 
1.1~exp, which isn't available for jessie).


Regards,
Frank

Re: Apt trusted.gpg file problems

[SDA]

On Sun, Mar 26, 2017 at 09:03:31AM +, Miltiades Vasiliades wrote:
> I tried switching the mirrors through synaptic then synaptic as usual asked 
> to refresh however the refresh ended with the following errors
> 
> W: http://repo.steampowered.com/steam/dists/precise/InRelease: The key(s) in 
> the keyring /etc/apt/trusted.gpg are ignored as the file is not readable by 
> user '_apt' executing apt-key.
> W: 
> http://security.debian.org/…/dists/stretch/updates/InRelease:
>  The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is 
> not readable by user '_apt' executing apt-key.
> W: http://ftp.de.debian.org/debian/dists/stretch/InRelease: The key(s) in the 
> keyring /etc/apt/trusted.gpg are ignored as the file is not readable by user 
> '_apt' executing apt-key.
> 
> 
> Any ideas how to resolve that issue?

Have noticed the exact same problem on a clients desktop too, after installing 
via the Stretch RC2 installer & subsequent upgrade via synaptic.

Re: An INCOMPLETE solution - was [Re: Where is data stored when Synaptic scans DVDs?]

[Richard Owlett]

On 03/25/2017 04:05 PM, David Wright wrote:

[snip]

So my parting suggestion is running synaptic under strace and
examining the output at the time it becomes disgruntled and wants
those DVDs to be scanned (which is what the OP wants to avoid having
to do). If that fails, the source of apt/apt-cdrom can be downloaded
and read, which should settle the OP's waters.



The higher priority project to which I referred to in my last post has 
calmed down. It will likely proceed faster if I take some breaks from it.


The utility that someone had referred to a couple of years ago was 
indeed "find". I had not previously heard of "strace". I'm sketching out 
a script to use those in combination with "apt-cdrom" and "script".


I expect to review tutorials on "find" and "strace" this afternoon to 
decide which options for each would be useful. Tomorrow's weather will 
encourage indoor activities ;/

Thunderbird (OK, "Icedove") has no icon in task-switching panel in Xfce

[Carl Fink]

My, that's a small, specific question I'm asking.

I'm running Icedove 1:45.8.0-2 (which is really Thunderbird 1:45.8.0-2) 
under Debian testing, with
Xfce 4.12.3 as my desktop environment. It works fine (modulo the fact 
that I don't like every tbird
design decision, but it works as designed), except for one very small 
thing: when I task-switch
using alt-tab, the icon for Thunderbird is the 
empty-white-window-with-blue-title-bar icon, which
I'm presuming is the default for "this program has not defined an icon". 
That's also the icon that

appears in the workspace indicator in the Xfce4 panel.

Is this a bug? Are others seeing this? It is not a huge deal, but it's 
annoying because I always
task-switch with alt-tab and finding Thunderbird is harder when it has a 
nondistinctive icon that

does not match the one in its button on the main Xfce panel.

Thanks.
--
Carl Fink  c...@finknetwork.com
Writing about thinking and logic and stuff at Reasonably Literate
http://reasonablyliterate.com

Re: SSH Access Issue

[Philippe LeCavalier]

On Sat, Mar 25, 2017, 17:52  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Sat, Mar 25, 2017 at 06:56:03PM +, Philippe LeCavalier wrote:
>
> [...]
>
> > Nevermind. I changed the forward to another box and can't get to it
> either
> > so it has to be something in the firewall capturing the connection
> despite
> > it showing a clean passthru.
>
> I see you found a clue to follow. One very helpful tool in those cases
> is the option -v (verbose) on the client:
>
>   ssh -v user@host.domain
>
> It shows you details of the handshake as it proceeds (try first on a
> working connection, to get an idea of what to expect). More "-v"
> increase the verbosity.
>
> Regards
> - -- tomás
>
Turns out the box had a second default gateway by mistake, mine of course.
I guess I forgot I manually added the default gateway when the box was in
my lab. As it turns out the clue was irrelevant but talking things out here
did somehow lead my the the right clue.

> --
Regards,
Phil

Re: zenity --text-info autoscrolling?

[rhkramer]

On Sunday, March 26, 2017 06:10:02 AM to...@tuxteam.de wrote:
> On Sat, Mar 25, 2017 at 06:51:06PM -0500, Jason wrote:
> > Okay, if no one knows how to make zenity --text-info auto-scroll, what
> > other suggestions would you have for displaying output of a shell script
> > that is able to show the output of the current operation but with the
> > option to scroll up to see previous lines?
> > 
> > As an example of what I have in mind, I use rsync to make file backups
> > and pipe the output into zenity (--text-info) to show what is being
> > done. The only problem is that you have to keep scrolling down manually
> > to see the last entry, which is not very convenient.
> 
> I gave up zenity since long, and whenever I've to cobble up a small
> GUI I went back to... Tcl/Tk.
> 
> If you are interested, I could improvise something to get you started,
> but perhaps it leads you too far away from your comfort zone.

Jason,

I don't know what you're doing exactly, but I'm tempted to suggest you simply 
use the non-GUI command line within something like a KDE konsole with tools 
like tail -f.  Yoiu could open (at least) two tabs, one to display the output 
(with tail -f or not--you can scroll within a konsole tab) and the 2nd to 
enter commands.

If that sounds interesting, tell us more about what you're trying to do and 
I'm sure I or someone else can give you useful (that might come from someone 
else ;-) advice.

Re: An INCOMPLETE solution - was [Re: Where is data stored when Synaptic scans DVDs?]

[Curt]

On 2017-03-25, David Wright  wrote:
> On Sat 25 Mar 2017 at 10:50:50 (+), Curt wrote:
>> Actually, srcpkgcache.bin includes the information contained in the files
>> in /var/lib/apt/lists; that is, all the info you obtain from the internet
>> via your deb and deb-src lines -- this information changes only on
>> apt-get update.
>> 
>> pkgcache.bin caches the information in srcpkgcache.bin + the information
>> extracted from the apt and dpkg status files. This info changes on every
>> install/remove done by apt or directly by dpkg.
>> 
>> The above scandalously pilfered from David Kalnischkies here:
>> 
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566275
>
> Thanks for the useful reference. Whether it ties in to what apt-cdrom
> does, I don't know and have no way of testing.

It ties in to the context that you snipped; i.e. "the two .bin files in
/var/cache/apt" and how you found it "tricky to check what's actually
in them."

Well, maybe it is tricky to "check" but not to know what's in those two
files (if we can depend on the other David), a distinction that may not
be of much use or significance.

>> You can run 'strings' on pkgcache.bin BTW.
>> 
>> curty@einstein:/var/cache/apt$ strings pkgcache.bin | less
>> 
>> Standard .deb
>> amd64
>> /var/lib/apt/lists/httpredir.debian.org_debian_dists_wheezy_main_binary-amd64_Packages
>> httpredir.debian.org
>> Debian Package Index
>> 0~r11863-2
>> games
>> 0ad-data
>> 0~r11863
>> 0~r11863-2
>> gamin
>> libboost-signals1.49.0
>> 1.49.0-1
>> libc6
>> 2.11
>> libcurl3-gnutls
>> 
>> 
>> It doesn't appear that tricky.
>
> What doesn't?
>
> Getting a ¼million-line output file is straightforward, but
> have you tried to interpret it? What do you think it shows?
>

Package names, versions, 'Description-md5' as far as I can tell is what
is "actually" and obviously contained in the file, verifiable with very
little effort via 'strings', beyond that I ain't gonna go because I have
other things to do. Sorry I'm writing the story of my life and there are
many many chapters.


-- 
"It might be a vision--of a shell, of a wheelbarrow, of a fairy kingdom on the
far side of the hedge; or it might be the glory of speed; no one knew." --Mrs.
Ramsay, speculating on why her little daughter might be dashing about, in "To
the Lighthouse," by Virginia Woolf.

Re: Issue with notebook (maybe the battery?)

[Joe]

On Sun, 26 Mar 2017 12:07:46 +0200
 wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Sun, Mar 26, 2017 at 04:46:37AM -0500, Richard Owlett wrote:
> > On 03/25/2017 05:29 PM, Daniel Bareiro wrote:  
> > >Hi, Joe.
> > >
> > >[snip]
> > >
> > >Checking the purchase invoices, I bought the notebook on September
> > >19, 2013, and then changed the battery on November 2, 2015. So
> > >less than two years ago I have this battery.
> > >
> > >The notebook I use it practically every day and I leave it
> > >sleeping from one day to the next so I do not have to open every
> > >application every time. I'm not sure if that impacts so much on
> > >the battery life.  
> > 
> > If it was a long term degradation, possibly. With some battery
> > technology/technologies(?) there is a "memory" effect. If there is a
> > repeated "shallow discharge"/recharge cycle ( sleep overnight
> > followed by running during day with charger plugged in) the
> > effective battery capacity will decrease. IIRC that applies to only
> > one technology but can't remember which.  
> 
> That would be the nickel family (NiMH and its predecessors). Laptops
> changed long ago (I'd venture somewhere in the 90-ies) to Li-whatever.

Lithium isn't particularly sensitive to state and depth of charge,
apparently the optimal long-term storage state is about half-charge.
> 
> Those have other weak spots: overcharging shortens their lives,
> especially being overcharged *and* higher temps. More overcharging
> leads to fireworks. They *need* some electronics to take care of
> that. Deep discharge is also fatal to their lifetimes.

Complete discharge is instantly fatal, they can never wake up again.
All lithium cells have rudimentary electronics to cut off discharge
earlier than this, typically 2.8-3.0V per cell. Charging is relatively
complex, constant current of about half capacity to around 4.1V, then
constant voltage to fairly precise 4.2V, then when the current drops
below a certain level, cutoff.

It should be possible to leave a lithium battery permanently connected
to the charger. No 'trickle charge' will occur, no additional current
will flow until the cell voltage drops by a certain amount. But full
charge is not recommended for long-term storage.

Yes, I had to build a lithium battery into something a few years ago,
I had to learn how to charge it. 

-- 
Joe

Desactivar montaje automatico discos externos

[R Calleja]

Buenos dias, alguien puede ayudarme.
1.- como desactivar el montaje automatico de discos externos, memorias
usb,... en debian 8 .
He probado varias cosas, editar gconf, cambiar permisos a /media/ pero no
he podido hacerlo con exito.

2.- como se puede acceder al login que sale en el arranque del sistema

3.- que es y para que sirve el modo Failsafe de los Livecd de debian.
Segun parece tiene varios modos de arranque, alquien sabe para que sirven.

Muchas gracias, Roberto.

Re: Encrypted flash drives

[Nicolas George]

Le sextidi 6 germinal, an CCXXV, Mark Fletcher a écrit :
> That directory in /media/mark was owned by... mark this time! BUT, Files 
> has the New Folder command greyed out, indicating it does NOT think it 
> can write to this device. And I cannot paste anything into the device's 
> pane in Files. BUT AGAIN, at the command line, as mark, I went into 
> /media/mark/138b9d59-b0cd-49cc-a738-8fecea5f0035 and typed touch 
> test.txt and lo and behold the file was created. So now I have a 
> confused Files / Nautilus on top of everything else...

Well, I am sorry to say that the extents of the advice I can give on
handling troubles with Gnome or other desktop environments is "apt-get
purge gnome nautilus; apt-get install fvwm zsh". I can still suggest two
basic generic things to test: first, look carefully at the differences,
in ownership, permissions, etc., of the mounted filesystems. Second, try
with a clean account to see if the keys still show different behaviours
(and if that fails, try with a brand new install).

Hope this helps.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Re: zenity --text-info autoscrolling?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, Mar 25, 2017 at 06:51:06PM -0500, Jason wrote:
> Okay, if no one knows how to make zenity --text-info auto-scroll, what other 
> suggestions
> would you have for displaying output of a shell script that is able to show 
> the output of
> the current operation but with the option to scroll up to see previous lines?
> 
> As an example of what I have in mind, I use rsync to make file backups and 
> pipe the output
> into zenity (--text-info) to show what is being done. The only problem is 
> that you have
> to keep scrolling down manually to see the last entry, which is not very 
> convenient.

I gave up zenity since long, and whenever I've to cobble up a small
GUI I went back to... Tcl/Tk.

If you are interested, I could improvise something to get you started,
but perhaps it leads you too far away from your comfort zone.

Let me know.

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAljXk3oACgkQBcgs9XrR2kZIdQCePE4sFmCLNqjM73wI+76tTvCG
4ScAnRg4je5XkeDXHJsh+QSLlQ39CTil
=4Fmv
-END PGP SIGNATURE-

Re: Issue with notebook (maybe the battery?)

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Mar 26, 2017 at 04:46:37AM -0500, Richard Owlett wrote:
> On 03/25/2017 05:29 PM, Daniel Bareiro wrote:
> >Hi, Joe.
> >
> >[snip]
> >
> >Checking the purchase invoices, I bought the notebook on September 19,
> >2013, and then changed the battery on November 2, 2015. So less than two
> >years ago I have this battery.
> >
> >The notebook I use it practically every day and I leave it sleeping from
> >one day to the next so I do not have to open every application every
> >time. I'm not sure if that impacts so much on the battery life.
> 
> If it was a long term degradation, possibly. With some battery
> technology/technologies(?) there is a "memory" effect. If there is a
> repeated "shallow discharge"/recharge cycle ( sleep overnight
> followed by running during day with charger plugged in) the
> effective battery capacity will decrease. IIRC that applies to only
> one technology but can't remember which.

That would be the nickel family (NiMH and its predecessors). Laptops
changed long ago (I'd venture somewhere in the 90-ies) to Li-whatever.

Those have other weak spots: overcharging shortens their lives,
especially being overcharged *and* higher temps. More overcharging
leads to fireworks. They *need* some electronics to take care of
that. Deep discharge is also fatal to their lifetimes.

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAljXkvIACgkQBcgs9XrR2ka6nACfYIP8GZ6hs786FHg/7z171K04
F5sAnRYYqxNo/mFknchTcrSg+KmuyoTi
=LIio
-END PGP SIGNATURE-

Re: Encrypted flash drives

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Mar 26, 2017 at 06:53:15PM +0900, Mark Fletcher wrote:

[...]

> So perms are fixed in fact but not according to the Files application. 
> And detection and auto-prompting for the passphrase on connect is not 
> working for this device but is working for the identical one I formatted 
> properly with Files. I'd like to un-confuse Files and get autodetection 
> working.

I think the ghost working in the background is udev: it gets notified
by the kernel of something happening (in this case of the just decrypted
volume "appearing", after you successfully entered your passphrase) and
arranges for the rest to happen.

In your case, having a desktop-heavy environment, I'd guess [1] that
udisks is the part actually concerned with managing disks, wrapping
things thickly in DBus and other "amenities". So I'd look for some
place where udisks is configured.

[1] I'm a desktop Luddite, as many might know around here :-)

regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAljXkc8ACgkQBcgs9XrR2kYOBACfdYPHmn9NysYzdfkOorHFcJqU
tDYAnA/ksFD7LUpuXy+fbL1AMhowWMiT
=BiGp
-END PGP SIGNATURE-

Re: Encrypted flash drives

[Mark Fletcher]

On Sun, Mar 26, 2017 at 11:31:19AM +0200, Nicolas George wrote:
> Le sextidi 6 germinal, an CCXXV, Mark Fletcher a écrit :
> > Yeah I guess so, but chmod or chown of WHAT, though?
> 
> Of the root directory of the drive, i.e. the directory where it is
> mounted: chown you /media/mark/drive while it is mounted.
> 
Thanks for the quick reply. I've got mixed success to report from that.

When I plug in the device, open Files manually, click on "8.1GB 
Encrypted" and supply the passphrase, it mounts the drive at 
/media/mark/really-long-string-of-letters-and-numbers

That was owned by root. I did chown mark:mark  and verified the ownership had changed. 
Everything inside that directory, ie on the drive, is already owned by 
user mark. And to confirm, I am logged into Gnome as mark.

After executing that chown command and before ejecting the drive, the 
"New Folder" etc commands on the Files right-click menu were enabled, 
where previously they had been disabled, suggesting Files now felt it 
could write to the disk.

I ejected the volume. The really long string of letters and numbers in 
/media/mark disappeared, as expected.

I removed the drive and re-inserted it. No response from Gnome. I fired 
up Files again manually, and saw "8.1GB Encryted" as before. Clicking on 
that and supplying the passphrase mounted the device, as before. Again 
it is mounted in /media/mark/blahdiblahdiblah (this time it was 
/media/mark/138b9d59-b0cd-49cc-a738-8fecea5f0035 to be precise, I am not 
sure if that is identical to before but suspect so).

That directory in /media/mark was owned by... mark this time! BUT, Files 
has the New Folder command greyed out, indicating it does NOT think it 
can write to this device. And I cannot paste anything into the device's 
pane in Files. BUT AGAIN, at the command line, as mark, I went into 
/media/mark/138b9d59-b0cd-49cc-a738-8fecea5f0035 and typed touch 
test.txt and lo and behold the file was created. So now I have a 
confused Files / Nautilus on top of everything else...

So perms are fixed in fact but not according to the Files application. 
And detection and auto-prompting for the passphrase on connect is not 
working for this device but is working for the identical one I formatted 
properly with Files. I'd like to un-confuse Files and get autodetection 
working.

Mark

Re: Apt trusted.gpg file problems

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Mar 26, 2017 at 09:03:31AM +, Miltiades Vasiliades wrote:
> I tried switching the mirrors through synaptic then synaptic as usual asked 
> to refresh however the refresh ended with the following errors
> 
> W: http://repo.steampowered.com/steam/dists/precise/InRelease: The key(s) in 
> the keyring /etc/apt/trusted.gpg are ignored as the file is not readable by 
> user '_apt' executing apt-key.
> W: 
> http://security.debian.org/…/dists/stretch/updates/InRelease:
>  The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is 
> not readable by user '_apt' executing apt-key.
> W: http://ftp.de.debian.org/debian/dists/stretch/InRelease: The key(s) in the 
> keyring /etc/apt/trusted.gpg are ignored as the file is not readable by user 
> '_apt' executing apt-key.
> 
> 
> Any ideas how to resolve that issue?

Hm. Some newfangled sandboxing stuff, it seems. On my system (no synaptic,
no desktop environment), the trusted keys are just readable by root:

  tomas@rasputin:~$ ls -l /etc/apt/trusted.gpg
  -rw--- 1 root root 0 Aug  7  2012 /etc/apt/trusted.gpg

I *gues* this _apt thing is to allow running synaptic as non-root (which
in itself is a Good Thing, one might guess).

Can you do the following, on a console:

  grep "_apt" /etc/passwd

(this is to see whether, and how an user named _apt is known to your
system) and

  ls -l /etc/apt/trusted.gpg

(this is to see the file's permissions, etc.), and then perhaps

  getfacl /etc/apt/trusted.gpg

(more info about the access controls to that file) and post your
results here?

Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAljXjtYACgkQBcgs9XrR2kbKowCfXaHGW1yy4nJgc5v84893a6yg
lv8Anj2/q5fq5pm5S9GIVUhuvc7+87VL
=uVEh
-END PGP SIGNATURE-

Re: Issue with notebook (maybe the battery?)

[Richard Owlett]

On 03/25/2017 05:29 PM, Daniel Bareiro wrote:

Hi, Joe.

[snip]

Checking the purchase invoices, I bought the notebook on September 19,
2013, and then changed the battery on November 2, 2015. So less than two
years ago I have this battery.

The notebook I use it practically every day and I leave it sleeping from
one day to the next so I do not have to open every application every
time. I'm not sure if that impacts so much on the battery life.


If it was a long term degradation, possibly. With some battery 
technology/technologies(?) there is a "memory" effect. If there is a 
repeated "shallow discharge"/recharge cycle ( sleep overnight followed 
by running during day with charger plugged in) the effective battery 
capacity will decrease. IIRC that applies to only one technology but 
can't remember which.





But in any case, in all this time, whenever the battery was charged, the
charge level was up to 100%. So just since yesterday I suddenly saw that
the load stayed at 38% and I started to experience this issue.


That makes me think of a component failure. Likely the battery, but 
conceivably something in the laptop.




Kind regards,
Daniel

Re: ftp client's "ls" is "!ls"

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, Mar 25, 2017 at 05:05:43PM -0500, Kent West wrote:
> On Sat, Mar 25, 2017 at 2:02 AM,  wrote:
> 
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On Fri, Mar 24, 2017 at 04:44:17PM -0500, Kent West wrote:
> > > I'm ftp'ing to a Dell/Quest K1000 System Management appliance, from a
> > > Debian 9.0 box, and when I execute the command "ls" or "del" or do a
> > > tab-completion, the commands act on the local directory instead of the
> > > remote, so that "ls" acts like "!ls".
> >
> > This is not how it's supposed to work. At least not ls (dir and ls should
> > both list the remote's system directory contents).
> >
> > Which ftp client are you using?
> >
> 
> 
> westk@westkent:~$ aptitude show ftp
> Package: ftp
> Version: 0.17-34
> 
> I should make a correction to my description of the problem.
> 
> "ls" by itself shows the remote directory files
> 
> "ls  looks to the local directory

(1) I can not confirm this one (see below).

> (as does "ls [tab-completion]" or "del  | [tab-completion]").
> Weird stuff.

(2) Tab completion, OTOH, picks *local* and not remote names for the
   completion list (this was somewhat expected, since it's probably
   readline-based and the authors just went an "easy" path). This is
   definitely confusing.

As to (1), I installed an ftp server (ftpd 0.17-34+b1, but that shouldn't
matter) and gave it a try. (my ftp client is ftp 0.17-31, so not very far
away from yours). Here's an extract from the session, my comments prefixed
with '#'':

  tomas@rasputin:~$ ftp localhost
  Connected to localhost.
  220 rasputin.flughafenstrasse.home FTP server (Version 
6.4/OpenBSD/Linux-ftpd-0.17) ready.
  Name (localhost:tomas): 
  331 Password required for tomas.
  Password:
  230- 
  230- The programs included with the Debian GNU/Linux system are free software;
  230- the exact distribution terms for each program are described in the
  230- individual files in /usr/share/doc/*/copyright.
  230- 
  230- Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
  230- permitted by applicable law.
  230 User tomas logged in.
  # Now in my home directory (locally and remotely)
  Remote system type is UNIX.
  Using binary mode to transfer files.
  ftp> ls workbook
  # There is a file workbook in my home
  200 PORT command successful.
  150 Opening ASCII mode data connection for '/bin/ls'.
  -rw-r--r-- 1 tomas tomas 1436472 Mar 25 08:33 workbook
  # ftp can "see" it. Note the 'ls' output format -- a bit like "ls -l"
  226 Transfer complete.
  ftp> cd tmp
  250 CWD command successful.
  # changed (remotely) to ~/tmp (note: NO leading slash, relative)
  ftp> ls workbook
  200 PORT command successful.
  150 Opening ASCII mode data connection for '/bin/ls'.
  /bin/ls: cannot access workbook: No such file or directory
  # No 'workbook' in ~/tmp. This is correct.
  226 Transfer complete.
  ftp> !ls workbook
  workbook
  # ...but locally, it's still there. Note the 'simple' format,
  # as opposed to 'ls'.
  ftp>  

As already said, tab completion's behaviour is, to put it mildly,
confusing. But I'm not seeing what you see wrt. ls vs. !ls.

(now quickly purge the ftp server, before the haxxorz come :)
Regards
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAljXi18ACgkQBcgs9XrR2kYoPACfT74hXRuQmDVBk0wSH9sJaFuw
kUgAnjWxaMuu2N2sMF9YJCE2oXOpjQS/
=aU7R
-END PGP SIGNATURE-

Re: Encrypted flash drives

[Nicolas George]

Le sextidi 6 germinal, an CCXXV, Mark Fletcher a écrit :
> Yeah I guess so, but chmod or chown of WHAT, though?

Of the root directory of the drive, i.e. the directory where it is
mounted: chown you /media/mark/drive while it is mounted.

> Also, for some reason I can't reply-list to your mails, so I'm afraid 
> you are going to get a direct copy of this message whether you want it 
> or not. Apologies in advance, not sure what I can do about that. You've 
> got something unusual in your mail headers that is confusing mutt...

No apologies required, you did the right thing automatically.
"reply-list" is a stupid design that requires human attention for
something that can, and therefore should, be automated. For some reason
that I will not hazard to discuss here, this mailing-list is not
configured to set the headers that would actually automate it for
everybody. Instead, I have configured my own client to set it.

Regards,

-- 
  Nicolas George


signature.asc
Description: Digital signature

Apt trusted.gpg file problems

[Miltiades Vasiliades]

I tried switching the mirrors through synaptic then synaptic as usual asked to 
refresh however the refresh ended with the following errors

W: http://repo.steampowered.com/steam/dists/precise/InRelease: The key(s) in 
the keyring /etc/apt/trusted.gpg are ignored as the file is not readable by 
user '_apt' executing apt-key.
W: 
http://security.debian.org/…/dists/stretch/updates/InRelease:
 The key(s) in the keyring /etc/apt/trusted.gpg are ignored as the file is not 
readable by user '_apt' executing apt-key.
W: http://ftp.de.debian.org/debian/dists/stretch/InRelease: The key(s) in the 
keyring /etc/apt/trusted.gpg are ignored as the file is not readable by user 
'_apt' executing apt-key.


Any ideas how to resolve that issue?


Thank you!