Re: Saludos y consulta a la gente de la lista

[divagante]

El 30/01/18 a las 02:13, Aradenatorix Veckhôm Avecælus escribió:
Pues lo mismo, parece que andas con muchas ganas de pelear. Puedes ser 
tan tolerante o intolerante como gustes, eres libre de evitarte 
responder a un hilo que no te guste o interese. Yo lo hago con muchos. 
Me pregunto si dentro de tu inteligencia eres capaz de ahorrarte un troleo?


Por lo demás, creo que ya comenté lo suficiente respecto al video del curso.


Un troleo! y ole!!

 A ver mi querido bipedo implume (y queridos tambien.)

 Mira, que a mi me encanta la gente humilde (pues su funcion es la de 
"encantar") y me gusta la gente egoista (pues su funcion es la de 
gustar) pero cuando aquello que hacemos, que somos, que deseamos mostrar 
supera el respeto -esa convencion claramente establecida- y en pos de si 
mismo lo transgrede groseramente, no me gusta el egoismo.
 Y este muchacho -pues ya olvide su nombre y su sitio- con tan 
"grosero" autobombo, lo mimino que puede hacer, no es pedir disculpas a 
la lista.. Es darse cuenta que se esta poniendo sutil y egoistamente, 
por encima de la misma a la que todos recurrimos, y de la cual 
aprendemos tanto.

Re: Saludos y consulta a la gente de la lista

[Aradenatorix Veckhôm Avecælus]

Pues lo mismo, parece que andas con muchas ganas de pelear. Puedes ser tan
tolerante o intolerante como gustes, eres libre de evitarte responder a un
hilo que no te guste o interese. Yo lo hago con muchos. Me pregunto si
dentro de tu inteligencia eres capaz de ahorrarte un troleo?

Por lo demás, creo que ya comenté lo suficiente respecto al video del curso.

Re: Serveur bloqué par de multiples CRON -f ?

[Charles Plessy]

> Le Fri, Mar 17, 2017 at 08:30:21AM +0100, Daniel Caillibaud a écrit :
> > 
> > Tu peux installer atop sur le host, et le régler avec une mesure par minute 
> > (10 par défaut,
> > dans /etc/default/atop mettre `INTERVAL=60`), ça devrait te permettre après 
> > coup de voir à
> > chaque minute l'état complet du host, par ex atop -r 
> > /var/log/atop/atop_mmdd -b hh:mm
> > pour avoir un top amélioré de cette minute là, que tu peux trier par conso 
> > RAM, CPU, disque,
> > etc. (man atop pour les détails).

Le Mon, Sep 04, 2017 at 09:27:52AM +0900, Charles Plessy a écrit :> 
> 
> Nouveau plantage, mais cette fois-ci j'avais une fenêtre root ouverte.
> Comme d'habitude, de nombreux processus « CRON -f » et impossibilité de
> créer de nouvelles sessions (SSH, sudo, ...).  Cause ou conséquence,
> cette fois-ci un démon gitlab-ci-multi-runner (source:
> https://packages.gitlab.com/runner) accumulait des dizaines d'instances
> (car il plantait naturellement suite à une différence de compatibilité
> avec notre serveur local).  Je l'ai désinstallé, j'ai tué tous les
> processus cron, j'ai relancé le service cron avec systemctl et j'ai
> fini par un « systemctl reset-failed ».  Je peux de nouveau me connecter
> à la machine sans avoir eu besoin de la redémarrer.

Bonjour à tous,

nouveau plantage, toujours rien dans les logs ou atop.

Cette fois-ci, la machine a re-planté (pas de nouvelles identifications
possibles) peu après son redémarrage.  Voici ce que je vois avec ssh -vvv:
Tout va bien jusque:

Authenticated to  ([]:22).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessi...@openssh.com
debug3: send packet: type 80
debug1: Entering interactive session.
debug1: pledge: exec

Ensuite, plus rien pendant longtemps, et ensuite, la machine casse son
pipe.

debug3: send packet: type 1
packet_write_wait: Connection to  port 22: Broken pipe

Perplexe,

Charles

--
Charles Plessy
Tsurumi, Kanagawa, Japon

Re: Playing or Ripping UDF CDs Under jessie

[Martin McCormick]

"Thomas Schmitt"  writes:
> This is a READ(10) attempt, which a system with a clue should not try
> on tracks with CONTROL value 0.
> I get a more standards compliant Sense Code from my ASUS BW-16D1HT burner
> than Martin McCormick got from his SONY CRX140E, which seems to be quite
> aged (CD only, IDE, reviews from year 2000, ...).

Yup.  I am trying to remember if I bought that drive or if it was
part of the Dell Dimension chassis it is still running on.  I was
using it because it didn't seem to know enough to get as confused
as the newer drive which is a PLEXTOR CD-R   PX-W1210A, a
CDRW-capable device that hasn't caused any trouble yet in it's
rather long life.

I was able to play the entire book, however thanks to
this discussion.  There were 6 CD's in the book and the first 4
all had that spoiler file in track 0 and audio files the rest of
the way to LOUT.  For some reason, the last two disks had no
tracks labelled Audio and all 15 or 20 tracks were labelled as
"Control."  

I started at Track 1, skipping the short Control track
and ripped all the other "Control" tracks which had lengths that
could be audio.

cdparanoia ripped them  all as trackxx.wav and they
worked perfectly that way.  The track00 short file probably had
data in it to "tell" a player to handle the rest as audio.

I did try wodim and cdrskin to read the toc using the
newer drive and that also worked fine so I think either one would have
worked properly as long as one didn't read track0.

I am not totally sure what the manufacturers hoped to
achieve since it didn't take any real skill to crack once one
knows how.

It was a good book with a free crash course in CD obfuscation.

Thanks for the knowledge assistance.

Martin McCormick

Re: systemd et fichiers dans /etc/init.d/

[Charles Plessy]

Le Mon, Jan 29, 2018 at 05:16:32PM +0100, steve a écrit :
> 
> M'intéressant un peu (plus) à systemd (qui tourne sur ma machine
> principale), je me demandais si les fichiers placés dans /etc/init.d/
> sont encore utilisés ou s'ils ne sont là que pour une éventuelle
> compatibilité avec les systèmes utilisant SysVInit plutôt que systemd.
> 
> Dans la négative, y a-t-il un moyen propre de nettoyer le système de ces
> fichiers inutiles ? Je veux dire, sans 'rm -rf /etc/init.d', car ces
> fichiers sont présents dans les paquets Debian. Je sais qu'ils prennent
> une place plus que négligeable, mais ce serait quand même plus élégant
> de ne plus avoir de restes de l'ancien système.

Salut Steve,

la commande suivante t'indiquera quels fichiers ne sont pas installés
par un paquet.

dpkg -S /etc/init.d/* | grep "no path"

Les autres peuvent rester: le responsable du paquet s'occupe (à son
rythme) de la migration vers systemd et conserve (autant que possible)
les scripts sysvinit pour les installations utilisant ce système.

On peut voir quels services n'ont pas encore été migrés en listant
les fichiers se trouvant dans `/run/systemd/generator.late/`.

Donc grosso-modo, si tu n'as rien installé par toi-meme hors du
système de paquets, il n'y a rien à enlever.

PS: si tu veux faire un peu plus de nettoyage, regarde du coté de
systemd-network, qui permettra d'enlever des fichiers comme
/etc/network/interfaces (à moins que network-manager tourne déjà sur
la machine).

Amicalement,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japon

Re: Saludos y consulta a la gente de la lista

[divagante]

El 29/01/18 a las 18:13, Aradenatorix Veckhôm Avecælus escribió:

Hola:

Pues coincido con Felix en que esto es un OT clarísimo. Sin embargo, no 
me parece que los comentarios de Libre y divagante deban de ser tomados 
en cuenta, parecen más de un trol o en el mejor de los casos de alguien 
con muchos prejuicios y poca tolerancia.


 que bueno que tu eres tolerante! me quedo tranquilo que haya en el 
mundo, y en la lista, gente como tu.. Eres precioso, educado y genial! 
ve a por ellos campeon!


P.D.: pero me pregunto, dentro tu inteligencia y gran respeto por las 
formas diversas de la humanidad, eres capaz de bancarte tan barato 
autobombo en una lista de ayuda de debian?



Me tomé el tiempo de mirar tu curso, es verdad que a diferencia de un 
youtube, lo que haces es poner una pantalla y explicar, solamente 
escuchamos tu voz, sin personalidad ni ego... algo plana y monótona 
diría yo, pero si yo hiciera un video como ese sonaría similar.


Respecto al video siento que redundas un poco al principio, podrías ser 
más directo y decir, por ejemplo, para que sirve cada nivel de jerarquía 
a grandes rasgos y luego explicar uno a uno los directorios. Te falta 
dar ejemplos en casi todos los casos de qué tipo de información 
almacena. Jamás mencionas la diferencia entre lib y lib64 (claro, para 
prácticamente todos los miembros de esta lista es casi una obviedad) 
pero si quieres explicarle a un novato entonces valdrá la pena que lo 
digas. Tampoco es clara tu explicación de srv y es ambigua la que das de 
media y mnt sin que ahondes en porque se cuenta con dos directorios 
donde montar particiones, dispositivos y memorias. No dejas clara la 
diferencia.


Agregar un diagrama de árbol hubiera sido bastante útil para poder 
plasmar visualmente la jerarquía de la que hablabas, sobre todo porque 
se trata de un video.


Yo desconocía plenamente esa plataforma de cursos, no me parece mala, el 
poder tomar notas es bueno (si tuviera soporte de markdown seria 
estupendo), el poder hacerte preguntas y contactar a otros "alumnos" me 
parece muy bueno. Yo soy partidario más de tutoriales gratuitos y de 
contenidos en vimeo que en youtube, que cursos como este que no sé qué 
validez oficial tengan para pagar 19€, y aunque la tuvieran, creo que un 
curso más formal tendría más valor que un video como este que es más 
como de cultura general. Creo que tu esfuerzo es bueno, pero te falta 
hacer gala de más recursos pedagógicos y visuales.


Saludos

Servidor de correo | Rebote por Spamhouse

[Ariel Martín Bellio]

Holas!

Acabo de montar un servidor de correo electr�nico usando Dovecot, 
Postfix y Spamassessin...


Dicho servidor tiene una IP din�mica en internet...

Entonces uso nsupdate.info, y tengo un subdomino.nsupdate.info el cual 
actualiza con la IP que tenga si me la cambiase el ISP...


Una cuenta de email ser�a usua...@subdominio.nsupdate.info ...

El problema es que a algunos servidores de correo como Gmail, Disroot, 
(a Yahoo! si llegan) Spamhouse los rebota al querer enviar un email 
desde ej: usua...@subdominio.nsupdate.info a usua...@gmail.com o 
usua...@disroot.org


Hace tiempo hab�a averiguado y creo que no hay forma... tendr�a que 
tener una IP fija y estar limpia en las listas grises.


�Sigue sin haber forma de arreglarlo? �alguien que le halla pasado?

Atte.,

Ariel Mart�n Bellio

Re: comment and new question--when do upgrades take effect

[Boyan Penkov]

On Mon, Jan 29, 2018 at 6:18 PM, Richard Hector  wrote:
> On 30/01/18 03:35, Boyan Penkov wrote:
>> Does checkrestart (apt-get install checkrestart) prompt for application
>> restarts on library updates, or only for daemons?
>
> apt-get install debian-goodies, actually. Yes, I think so. But for
> jessie onwards, I find needrestart (package: needrestart) much nicer. It
> tells you about kernel mismatches too, which checkrestart doesn't. Fewer
> false positives, too.

Yep, Richard is absolutely correct here -- I biffed up the package
names too early in the morning.

>
> Richard
>



-- 
Boyan Penkov

Evento - Como entender el modelo amazon y sus practicas logisticas

[Operaciones de la Cadena de Suministro]

¡Conozca cómo enfrentar sus retos logísticos de una manera innovadora!  

Comuníquese al:
01 800 212 0746  

Cómo Entender el Modelo Amazon
y sus Mejores Prácticas Logísticas 
 
Sedes y Fechas para asistir: 

15 y 16 de MARZO en Monterrey, N.L. 
22 y 23 de MARZO en la Cd. de México  

Solicite más información presionando aquí 

Este evento le explicará detalladamente como llegar hasta el mercado minorista 
por medio de plataformas de proximidad que influyen en los inventarios, la 
selección y preparación de pedidos, la distribución y el transporte urbano 
(desde motos, bicicletas y transporte eléctrico). Asimismo, aprenderá como 
comercializar sus productos a través de portales online; pero sobretodo, podrá 
atender a sus clientes con mayor eficiencia. ¡Comprenda las operaciones de la 
cadena de suministro que Amazon ha revolucionado, para aplicarlas en su 
negocio!  

Más información, responda a esta invitación con la clave: "Practicas" y los 
datos:

Nombre:
Empresa:
Puesto:
Teléfono:
 
Atte: Mario Garza, Ejecutivo Comercial, con gusto le atenderá. 

Este mensaje le ha sido enviado como usuario o bien un usuario le refirió para 
recibirlo. Si no pertenece al sector y no desea recibir actualizaciones al 
respecto, debian-user-spanish@lists.debian.org responda con el asunto A4FTG5REW

Re: comment and new question--when do upgrades take effect

[Richard Hector]

On 30/01/18 03:35, Boyan Penkov wrote:
> Does checkrestart (apt-get install checkrestart) prompt for application
> restarts on library updates, or only for daemons?

apt-get install debian-goodies, actually. Yes, I think so. But for
jessie onwards, I find needrestart (package: needrestart) much nicer. It
tells you about kernel mismatches too, which checkrestart doesn't. Fewer
false positives, too.

Richard



signature.asc
Description: OpenPGP digital signature

Debian Stretch SELinux enforcing causes systemd --user unit to fail

[C J du Preez]

Good day,

I would like to report a bug, but I am not sure which package to report it 
against.

I have SELinux enabled and enforcing on Debian Stretch (commandline via SSH 
only, no GUI is installed at all). I am trying to start a systemd --user unit 
(which I know is correct, because it works without SELinux enabled). When I try 
to start the service (using systemctl --user start ssh-agent) I get:

Failed to connect to bus: No such file or directory.

With SELinux enabled, DBUS_SESSION_BUS_ADDRESS is undefined (with SELinux 
disabled it is defined as unix:path=/run/user/1000/bus). With SELinux disabled 
that path exists, with SELinux enabled, it does not.

​Please advise.

Thanks
C J du Preez


​

journal swamped with gdm3-x-session messages

[Roger Price]

I rebooted stretch and now my journald is being swamped with the following 
message:


 /usr/lib/gdm3/gdm-x-session[2684]: Promise rejected after context unloaded:
 Message manager disconnected

A new message appears every few seconds.  What is causing this?
What have I done wrong?  Any hint would be much appreciated.

Roger

Re: Saludos y consulta a la gente de la lista

[Aradenatorix Veckhôm Avecælus]

Hola:

Pues coincido con Felix en que esto es un OT clarísimo. Sin embargo, no me
parece que los comentarios de Libre y divagante deban de ser tomados en
cuenta, parecen más de un trol o en el mejor de los casos de alguien con
muchos prejuicios y poca tolerancia.

Me tomé el tiempo de mirar tu curso, es verdad que a diferencia de un
youtube, lo que haces es poner una pantalla y explicar, solamente
escuchamos tu voz, sin personalidad ni ego... algo plana y monótona diría
yo, pero si yo hiciera un video como ese sonaría similar.

Respecto al video siento que redundas un poco al principio, podrías ser más
directo y decir, por ejemplo, para que sirve cada nivel de jerarquía a
grandes rasgos y luego explicar uno a uno los directorios. Te falta dar
ejemplos en casi todos los casos de qué tipo de información almacena. Jamás
mencionas la diferencia entre lib y lib64 (claro, para prácticamente todos
los miembros de esta lista es casi una obviedad) pero si quieres explicarle
a un novato entonces valdrá la pena que lo digas. Tampoco es clara tu
explicación de srv y es ambigua la que das de media y mnt sin que ahondes
en porque se cuenta con dos directorios donde montar particiones,
dispositivos y memorias. No dejas clara la diferencia.

Agregar un diagrama de árbol hubiera sido bastante útil para poder plasmar
visualmente la jerarquía de la que hablabas, sobre todo porque se trata de
un video.

Yo desconocía plenamente esa plataforma de cursos, no me parece mala, el
poder tomar notas es bueno (si tuviera soporte de markdown seria
estupendo), el poder hacerte preguntas y contactar a otros "alumnos" me
parece muy bueno. Yo soy partidario más de tutoriales gratuitos y de
contenidos en vimeo que en youtube, que cursos como este que no sé qué
validez oficial tengan para pagar 19€, y aunque la tuvieran, creo que un
curso más formal tendría más valor que un video como este que es más como
de cultura general. Creo que tu esfuerzo es bueno, pero te falta hacer gala
de más recursos pedagógicos y visuales.

Saludos

Re: GIMP plante au démarrage

[Étienne Mollier]

Bonsoir Fabien,

On 01/28/2018 07:35 PM, F. Dubois wrote:
> gimp: symbol lookup error: /usr/lib/x86_64-linux-gnu/libgegl-0.3.so.0: 
> undefined symbol: babl_process_rows
> Ah oui, debian unstable amd64.
Debian Sid amd64 de mon côté aussi, pas de problème comparable.
Le logiciel s'exécute, modulo quelque warnings :

$ gimp
(gimp:29258): GLib-GObject-WARNING **: g_object_set_is_valid_property: 
object class 'GeglConfig' has no property named 'cache-size'

Le symbole babl_process_rows est aussi « unidentified » de mon
côté, mais n'empêche pas Gimp de démarrer :

$ objdump -T /usr/lib/x86_64-linux-gnu/libgegl-0.3.so.0 | grep 
babl_process_rows
  DF *UND*    
babl_process_rows

Peut-être que le problème est déclenché par un module, ou un
script quelconque.  Est ce que le « splash screen » a le temps
de démarrer ?  Si tel est le cas, à quelle étape est ce que
Gimp plante ?

À plus,
-- 
Étienne Mollier 

Re: Installing Debian on Chuwi Hi12 Tablet

[Michael Lange]

On Mon, 29 Jan 2018 13:08:46 -0500
Chris Dunn  wrote:

> I'm contemplating installing Debian on my beloved Chuwi Hi12 tablet.
> The machine is cheap (circa $300) and while there are certain bits of
> the hardware that do not (yet) work under Linux there is nothing that
> troubles me, and the graphics are superb - 2160x1440 on a 12" screen.
> 
> At present it is dual-booting Xubuntu and Windows (Android was removed).
> I installed Xubuntu because I could not at the time successfully burn a
> Debian live image to USB, so could not test it out before installing.
> 
> Now I have a new live Debian USB and have tested it on the Chuwi.
> Everything works as expected. No wifi (rtl8723bs chip) but that was
> expected.

Actually there is a driver for that chip in recent kernels that works
reasonably well here, unfortunately it is not yet included in
distribution kernels, so one has to compile the kernel oneself.

> 
> I'm ready to install debian-live-9.3.0-amd64-xfce from the live USB and
> would like to install it to the whole of the Chuwi solid state 64gb
> drive, binning Windows and Xubuntu in the process.
> 
> But I'm nervous about the possibility of turning the tablet into a
> brick.
> 
> It has a 32 bit UEFI system and while I've tried to research the UEFI
> complications find it difficult to grasp the full picture on UEFI
> (particularly 32 bit with a 64 bit Debian).
> 
> As best I can make out I should have no problems as the Debian
> installer will detect and handle the 32 bit UEFI. However I've been
> unable to find full instructions for using the whole of the storage for
> Debian, only guides for dual installs alongside Windows.
> 
> Does anyone have any comments or suggestions that might be useful to me
> in the installation? In particular do I need to preserve any existing
> Windows or EFI partition even though Windows will no longer be on the
> machine?

I don't know if the Debian Live system will handle the 32bit uefi issue
properly when installing, but this can , if necessary be fixed later.
I had the same problem with a similar machine. Of course I could remove
windows completely.
I am not sure if the installer's auto-partitioning works properly, I used
the manual partitioning. You must make sure that you have a small (I
think 100 MB or so is sufficient) FAT partition with the "Boot" flag set,
which will be mounted to /boot/efi . The rest of the disk can be used
as usual for "/" and swap.
If the installer actually fails to install the proper 32bit-efi-grub, that
does not mean that your device is bricked. This can be easyly fixed by
booting a live system again, doing a chroot into the installed system and
install the required grub packages manually (that's what I had to do ;)

Regards

Michael

.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

There is an order of things in this universe.
-- Apollo, "Who Mourns for Adonais?" stardate 3468.1

Re: Servidores, redundancia de servicios

[Galvatorix Torixgalva]

Creo que lo que mencionas es un cluster de alta disponibilidad. En caso
afirmativo creo que deberias estar familiarizado con el uso del sistema
tanto a nivel de usuario normal como a nivel de administracion antes de
meterte en esos temas.
​

Re: Servidor VPS

[Galvatorix Torixgalva]

Apàrte de lo que han mencionado me gustaria comentar que esto hay que
hacerlo al reves siempre que se pueda. Es decir: aprendes a usarlo como
administrador en local y luego se contrata el VPS.

Entiendase esto como una respuesta que pretende ser constructiva, aunque
pueda parecer una bronca.
​

Re: Kernel for Spectre and Meltdown

[Michael Lange]

On Mon, 29 Jan 2018 19:33:27 +0100
deloptes  wrote:

> Michael Lange wrote:
> 
> > I believe that deloptes' rather harsh comment referred to your
> > suggestion that the OP should upgrade to Sid rather than to anything
> > else you wrote.
> 
> yes indeed - thats true
> 
> in fact you can setup sid with debootstrap, chroot to it, build your
> kernel there and install on your stretch box. there are some side
> effects though. Last time I did something like this, when installing
> VMware, it told me that it needs the proper compiler, to compile the
> modules.

I never tried, but I think probably one could even start a live Sid
environment, mount one's hard drive on /mnt and then compile the kernel.

Regards

Michael


.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

Dammit Jim, I'm an actor, not a doctor.

Re: Kernel for Spectre and Meltdown

[Michael Lange]

On Mon, 29 Jan 2018 19:29:19 +0100
"Thomas Schmitt"  wrote:

> Hi,
> 
> Michael Lange wrote:
> > compiler that is "retpoline-aware" (as the
> > "checker"-script calls it, whatever that means)
> 
> The term was coined by Google engineers
> 
>   https://support.google.com/faqs/answer/7625886
>   "The name “retpoline” is a portmanteau of “return” and “trampoline.”
>It is a trampoline construct constructed using return operations
> which also figuratively ensures that any associated speculative
> execution will “bounce” endlessly.  
> 
>(If it brings you any amusement: imagine speculative execution as an
> overly energetic 7-year old that we must now build a warehouse of
> trampolines around.)"

Thanks, very well explained for technically limited people like me.
And this also explains why they made the common name of their fix sound
so similar to "Ritalin" :)

Regards

Michael


.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

Men will always be men -- no matter where they are.
-- Harry Mudd, "Mudd's Women", stardate 1329.8

Re: systemd et fichiers dans /etc/init.d/

[didier gaumet]

Le 29/01/2018 à 17:16, steve a écrit :
> 
> Salut,
> 
> 
> M'intéressant un peu (plus) à systemd (qui tourne sur ma machine
> principale), je me demandais si les fichiers placés dans /etc/init.d/
> sont encore utilisés ou s'ils ne sont là que pour une éventuelle
> compatibilité avec les systèmes utilisant SysVInit plutôt que systemd.
> 
> Dans la négative, y a-t-il un moyen propre de nettoyer le système de ces
> fichiers inutiles ? Je veux dire, sans 'rm -rf /etc/init.d', car ces
> fichiers sont présents dans les paquets Debian. Je sais qu'ils prennent
> une place plus que négligeable, mais ce serait quand même plus élégant
> de ne plus avoir de restes de l'ancien système.
> 
> 
> Merci
> 
> Steve
> 
> 
> 

d'après
https://www.freedesktop.org/wiki/Software/systemd/FrequentlyAskedQuestions/

"[...]
Q: I have a native systemd service file and a SysV init script installed
which share the same basename, e.g.
/usr/lib/systemd/system/foobar.service vs. /etc/init.d/foobar -- which
one wins?

A: If both files are available the native unit file always takes
precedence and the SysV init script is ignored, regardless whether
either is enabled or disabled. Note that a SysV service that is enabled
but overridden by a native service does not have the effect that the
native service would be enabled, too. Enabling of native and SysV
services is completely independent. Or in other words: you cannot enable
a native service by enabling a SysV service by the same name, and if a
SysV service is enabled but the respective native service is not, this
will not have the effect that the SysV script is executed.
[...]"

ce qui semble indiquer que tu peux retirer toute ce qui est présent dans
/etc/init.d/ pour lequel tu peux trouver un équivalent fonctionnel dans
/usr/lib/systemd/system/ (pas forcément avec le même nom).

Re: Kernel for Spectre and Meltdown

[deloptes]

Michael Lange wrote:

> I believe that deloptes' rather harsh comment referred to your
> suggestion that the OP should upgrade to Sid rather than to anything else
> you wrote.

yes indeed - thats true

in fact you can setup sid with debootstrap, chroot to it, build your kernel
there and install on your stretch box. there are some side effects though.
Last time I did something like this, when installing VMware, it told me
that it needs the proper compiler, to compile the modules.

I like simple things as true genius of nature is simple. (well there are
still different levels of simple)

regards

Re: Kernel for Spectre and Meltdown

[Thomas Schmitt]

Hi,

Michael Lange wrote:
> compiler that is "retpoline-aware" (as the
> "checker"-script calls it, whatever that means)

The term was coined by Google engineers

  https://support.google.com/faqs/answer/7625886
  "The name “retpoline” is a portmanteau of “return” and “trampoline.”
   It is a trampoline construct constructed using return operations which
   also figuratively ensures that any associated speculative execution
   will “bounce” endlessly.  

   (If it brings you any amusement: imagine speculative execution as an
overly energetic 7-year old that we must now build a warehouse of
trampolines around.)"

It is worthwhile to read this early description of Spectre, which they
call "Variant 2" or "CVE-2017-5715".

Retpoline is on the first view useless effort for the CPU, so i guess
a compiler must be kept from optimizing it away.
The goal is to prevent speculative execution of code at addresses
which the attacker seeded into the branch prediction table of the CPU.


Have a nice day :)

Thomas

Re: systemd et fichiers dans /etc/init.d/

[BERTRAND Joël]

steve a écrit :
> 
> Salut,

'soir

> 
> M'intéressant un peu (plus) à systemd (qui tourne sur ma machine
> principale), je me demandais si les fichiers placés dans /etc/init.d/
> sont encore utilisés ou s'ils ne sont là que pour une éventuelle
> compatibilité avec les systèmes utilisant SysVInit plutôt que systemd.
> 
> Dans la négative, y a-t-il un moyen propre de nettoyer le système de ces
> fichiers inutiles ? Je veux dire, sans 'rm -rf /etc/init.d', car ces
> fichiers sont présents dans les paquets Debian. Je sais qu'ils prennent
> une place plus que négligeable, mais ce serait quand même plus élégant
> de ne plus avoir de restes de l'ancien système.

Surtout pas, malheureux ! Le blob systemd va rechercher les modules
dans /lib/systemd mais s'il ne trouve rien, il convertit à la volée ce
qui est dans /etc/init.d dans son format pour tenter de faire
difficillement ce que l'ancien init SysV faisait très simplement. Ce qui
permet d'ailleurs des effets de bord assez rigolos entre deux versions
de la chose.

La seule chose qui peut à la rigueur être faite, c'est de virer de
/etc/init.d ce qui est explicitement transcrit dans /lib/systemd pour le
fonctionnement de l'usine à gaz avec des fuites.

Cordialement,

JKB

PS: oui, je pense que ça s'est vu que je n'aime pas cette bouse... Et
plus je rentre dedans, pire c'est.

Installing Debian on Chuwi Hi12 Tablet

[Chris Dunn]

I'm contemplating installing Debian on my beloved Chuwi Hi12 tablet.
The machine is cheap (circa $300) and while there are certain bits of
the hardware that do not (yet) work under Linux there is nothing that
troubles me, and the graphics are superb - 2160x1440 on a 12" screen.

At present it is dual-booting Xubuntu and Windows (Android was removed).
I installed Xubuntu because I could not at the time successfully burn a
Debian live image to USB, so could not test it out before installing.

Now I have a new live Debian USB and have tested it on the Chuwi.
Everything works as expected. No wifi (rtl8723bs chip) but that was
expected.

I'm ready to install debian-live-9.3.0-amd64-xfce from the live USB and
would like to install it to the whole of the Chuwi solid state 64gb
drive, binning Windows and Xubuntu in the process.

But I'm nervous about the possibility of turning the tablet into a
brick.

It has a 32 bit UEFI system and while I've tried to research the UEFI
complications find it difficult to grasp the full picture on UEFI
(particularly 32 bit with a 64 bit Debian).

As best I can make out I should have no problems as the Debian
installer will detect and handle the 32 bit UEFI. However I've been
unable to find full instructions for using the whole of the storage for
Debian, only guides for dual installs alongside Windows.

Does anyone have any comments or suggestions that might be useful to me
in the installation? In particular do I need to preserve any existing
Windows or EFI partition even though Windows will no longer be on the
machine?

Any help would be greatly appreciated. Thanks in advance.

Re: comment and new question--when do upgrades take effect (was: Re: Kernel for Spectre and Meltdown)

[Michael Lange]

On Mon, 29 Jan 2018 08:18:35 -0500
rhkra...@gmail.com wrote:

> On Monday, January 29, 2018 03:35:58 AM Michael Fothergill wrote:
> > On 29 January 2018 at 07:52, Dextin Jerafmel 
> > wrote:
> > > I tried to search for available Kernel images but there isn't any
> > > newer Kernel than 4.9.0.5
> 
> > ​Your need to upgrade to unstable (Debian Sid).  Then you need to get
> > the latest kernel from the kernel.org website.
> 
> I just want to emphasize that you don't need to upgrade to unstable
> (Debian Sid).
> 
> See the response in this thread from Bastien Durel.
> 
> Also, iiuc, the fixes for Spectre and Meltdown have been
> "backported" (probably not the right word) to Wheezy (which is my
> "everyday" machine).  If I'm wrong about that, somebody can let me know.

I think this is only true for the Meltdown fix ("page tables isolation"),
for the Spectre fix ("retpoline") work is apparently in progress.

Regards

Michael


.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

[Doctors and Bartenders], We both get the same two kinds of customers
-- the living and the dying.
-- Dr. Boyce, "The Menagerie" ("The Cage"), stardate
unknown

Re: Kernel for Spectre and Meltdown

[Michael Lange]

On Mon, 29 Jan 2018 12:49:19 +
Michael Fothergill  wrote:

> 
> ​That is pretty much what I had been led to believe already except
> for the part where you suggest that a kernel compiled in Sid could
> apparently
> be used in stable.  Again, if that would be true I should have
> mentioned it to the OP; sorry about that.
> Apart from that it makes me think that what I posted was perhaps not BS
> after all...

It works here :)
I believe that deloptes' rather harsh comment referred to your
suggestion that the OP should upgrade to Sid rather than to anything else
you wrote. 

Regards

Michael

.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

Our way is peace.
-- Septimus, the Son Worshiper, "Bread and Circuses",
   stardate 4040.7.

Re: Kernel for Spectre and Meltdown

[Michael Lange]

On Mon, 29 Jan 2018 10:47:57 -0500
rhkra...@gmail.com wrote:

> Again, checking / confirming my understanding, if you download a kernel
> image (which is normal for me), there is no need for me to have any
> version of GCC as the image is pre-compiled.

Sure.

> 
> On the other hand, if I download kernel source, I would need GCC, and a 
> version that is sufficient for the code.

That is point here, at least as far as I understood for that new "spectre
fix" one needs a compiler that is "retpoline-aware" (as the
"checker"-script calls it, whatever that means) and currently this is only
true for gcc >= 7.3. So if you compile the kernel on Stretch with gcc-6
this "retpoline" fix will not work.

Regards

Michael


.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

Earth -- mother of the most beautiful women in the universe.
-- Apollo, "Who Mourns for Adonais?" stardate 3468.1

Re: Servidor VPS

[Deltonos]

Claudio, te recomendaria las siguientes acciones:

- Montar buenas reglas de Firewall: permitir unicamente lo necesario para
administrar el server (SSH) y si tuvieras que dar servicio web (HTTPS),
cerrar la BBDD mysql al exterior. Puedes hacerlo un sencillo script con
iptables (incluso hay generadores si buscas un poco en google), o puedes
probar con arno-iptables-generator-

- Apache: instalar mod_security: para proteger tus servicios web.
https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_security-with-apache-on-debian-ubuntu

- "Hardening" de SSH: eliminar posibilidad de conectarse al root por ssh,
configurar sudo, configurar el servicio para aceptar conexiones mediante
llaves, e instalar fail2ban (en mi caso, con fail2ban, si falla el login a
la 3era vez, mete un ban de 1 hora a la IP).

Esas 3 acciones serian las mas inmediatas, una web con guias sencillas de
seguir que me ayudaron bastante (y todavia) las puedes encontrar aqui:
https://www.howtoforge.com/tutorials/debian/

Por el resto, siento no poder ayudarte con Cpanel y el otro. Yo en mi caso
cuando he tenido la necesidad de tener webmin o ispconfig, lo he cerrado
(puertos tcp) y restringido el acceso (moviendo los index de las web-apps,
con htaccess y similares) para levantarlo unicamente cuando lo hubiera
necesitado. En algun caso especial alguien me ha pedido phpmyadmin: igual,
bajado y cerrado para levantarse unicamente en el momento de uso, despues a
deshabilitarse.

Saludos





El 29 de enero de 2018, 10:33, Itzcoalt Alvarez
escribió:

> No lo se Rick, parece publicidad.
>
>
> El 29 de enero de 2018, 10:10, Claudio Gonzalez <
> claudio.gonza...@gmail.com> escribió:
>
>> Saludos a todos,
>>
>> Acabo de echar andar un servidor VPs, y no tengo idea de como
>> administrarlo, ya están funcionando todas las cuentas de hosting creadas,
>> pero no se que mas hacer, o de que me debo preocupar para que todo funcione
>> a la perfección,
>>
>> Me pueden dar unas pautas o un buen tutorial que me ayude en la
>> administracion, tengo WHM y Cpanel
>>
>> ==
>> También puedes contactarme por Whatsapp : +56963425869
>> Un Cordial Saludo
>> ==
>>
>> ===
>>
>>
>>
>>  Enviado con Mailtrack
>> 
>>
>
>
>
> --
>
>

Re: Kernel for Spectre and Meltdown

[deloptes]

Carl Fink wrote:

> Be fair: you also don't need Spectre or Meldtdown to compromise
> Linux-based computers.  Somethings as simple as going a week between
> installing security upgrades can do it.

well - at least that's not so easy as windows or android with compromised
security in mind

Re: Kernel for Spectre and Meltdown

[deloptes]

Greg Wooledge wrote:

> Hardware was also becoming more powerful, as one would expect.  More RAM
> meant less pressure to produce minimalist kernel images.
> 
> All of these things put together meant that for most users, Debian's
> kernel images were good enough that they didn't feel a need to build
> their own kernels.

+ disk space got cheeper, so one could compile all drivers, install them and
don't care and let initrd make skript pick up what is needed to load at
boot - the rest would stay there and be loaded (later triggers in udev) if
needed.

Re: OT - Microservices, Node.js, Apache Kafka...

[Edwin De La Cruz]

El día 29 de enero de 2018, 8:46, luisededios  escribió:
> Que bueno Edwin,
>
> Yo he descargado alguna info pero voy a ver ese tuto que me indicas.
>
> Pues si me gustaria compartir experiencia mientras vamos incursionando.
>
> Dices que el proyecto esta con Node.js, pregunto: es una arquitectura de
> mcroservicios?
>
>
>
> On Sun, 28 Jan 2018 12:40:07 -0500, Edwin De La Cruz 
> wrote:
>
>> El día 28 de enero de 2018, 12:09, Galvatorix Torixgalva
>>  escribió:
>>>
>>> Creo que la pregunta es sobre como usar ese software y tambien sobre
>>> comunidades de usuarios que lo usen. Es correcto?.
>>
>>
>> Justamente esta semana he estado investigando un poco sobre Apache
>> Kafka porque creo lo puedo usar dentro de un proyecto que esta hecho
>> con NodeJS.
>> Las primeras pruebas con Kafka siguiendo el tutorial funcionaron sin
>> problema, todo en mi maquina local. Lo que no he conseguido es hacer
>> que funcione usando un producer o un consumer desde una maquina
>> remota. Sigo investigando, podemos compartir por este medio algo de
>> informacion.
>>
>> Este es el tutorial que he seguido:
>>
>> https://kafka.apache.org/quickstart
>>
>>
>> Mis proyectos de software libre en:
>> Github - edwinspire
>>
>
>
>
> --
> Saludos,
> Luis

Saludos.
No son microservicios, es una solo aplicacion que realiza algunas
tareas, principalmente a recopilar datos de algunos sistemas,
principalmente logs. Por eso me pareció una buena idea adicionar
Kafka.

Mis proyectos de software libre en:
Github - edwinspire

Re: Servidor VPS

[Itzcoalt Alvarez]

No lo se Rick, parece publicidad.


El 29 de enero de 2018, 10:10, Claudio Gonzalez 
escribió:

> Saludos a todos,
>
> Acabo de echar andar un servidor VPs, y no tengo idea de como
> administrarlo, ya están funcionando todas las cuentas de hosting creadas,
> pero no se que mas hacer, o de que me debo preocupar para que todo funcione
> a la perfección,
>
> Me pueden dar unas pautas o un buen tutorial que me ayude en la
> administracion, tengo WHM y Cpanel
>
> ==
> También puedes contactarme por Whatsapp : +56963425869
> Un Cordial Saludo
> ==
>
> ===
>
>
>
>  Enviado con Mailtrack
> 
>



--

systemd et fichiers dans /etc/init.d/

[steve]

Salut,


M'intéressant un peu (plus) à systemd (qui tourne sur ma machine
principale), je me demandais si les fichiers placés dans /etc/init.d/
sont encore utilisés ou s'ils ne sont là que pour une éventuelle
compatibilité avec les systèmes utilisant SysVInit plutôt que systemd.

Dans la négative, y a-t-il un moyen propre de nettoyer le système de ces
fichiers inutiles ? Je veux dire, sans 'rm -rf /etc/init.d', car ces
fichiers sont présents dans les paquets Debian. Je sais qu'ils prennent
une place plus que négligeable, mais ce serait quand même plus élégant
de ne plus avoir de restes de l'ancien système.


Merci

Steve

Servidor VPS

[Claudio Gonzalez]

Saludos a todos,

Acabo de echar andar un servidor VPs, y no tengo idea de como
administrarlo, ya están funcionando todas las cuentas de hosting creadas,
pero no se que mas hacer, o de que me debo preocupar para que todo funcione
a la perfección,

Me pueden dar unas pautas o un buen tutorial que me ayude en la
administracion, tengo WHM y Cpanel

==
También puedes contactarme por Whatsapp : +56963425869
Un Cordial Saludo
==

===



 Enviado con Mailtrack

Re: Kernel for Spectre and Meltdown

[Greg Wooledge]

On Mon, Jan 29, 2018 at 10:47:57AM -0500, rhkra...@gmail.com wrote:
> Again, checking / confirming my understanding, if you download a kernel image 
> (which is normal for me), there is no need for me to have any version of GCC 
> as the image is pre-compiled.
> 
> On the other hand, if I download kernel source, I would need GCC, and a 
> version that is sufficient for the code.

All correct.  (Plus several additional development packages, not just gcc.)

> I have only compiled the kernel a few times, all a long time ago (12 to 15 
> years?), on the advice of members of my local LUG, and maybe as a learning 
> experience.  It is far from necessary for most of us.  (Some members of the 
> LUG seemed to think it was imperative, and maybe it is for older smaller 
> machines or maybe to squeeze the very last little bit of efficiency out of 
> the 
> system.)

Before Linux 2.6 (or thereabouts), compiling one's own kernel was a much
more common event.  Certainly it wasn't required for ordinary use, but
hardware was much less powerful back then, so a leaner kernel tuned
exactly for the target system was sometimes desirable.

With Linux 2.6, things started to change.  The Linux developers
acknowledged that the source code they were releasing wasn't really
"stable" in the sense that end users expected; the distributions (Red Hat,
Debian, et al.) were the ones doing the final stabilization and patching.

Also, the number of configuration questions one had to answer before
compiling a kernel started to balloon out of control.

This was also the time when initramfs/initrd images started to be used,
at least by Debian.  My understanding of this is only partial, but it
seems that the initrd allows some adjustments of the kernel for the
target system (installation of driver modules, firmware) which may
previously have required a reconfiguration and recompilation.

Hardware was also becoming more powerful, as one would expect.  More RAM
meant less pressure to produce minimalist kernel images.

All of these things put together meant that for most users, Debian's
kernel images were good enough that they didn't feel a need to build
their own kernels.

Re: comment and new question--when do upgrades take effect (was: Re: Kernel for Spectre and Meltdown)

[David Wright]

On Mon 29 Jan 2018 at 13:43:20 (+), Joe wrote:
> On Mon, 29 Jan 2018 08:18:35 -0500
> rhkra...@gmail.com wrote:
> 
> 
> > 
> > I regularly download "security" upgrades for Wheezy.  I assume that
> > most of those don't take effect until I restart the application.  For
> > instance, a Firefox upgrade does not take effect until I shutdown
> > Firefox and restart it.
> > 
> > Correspondingly, I assume that a Linux kernel upgrade does not take
> > effect until I reboot the machine.
> 
> Yes, but it's a little more complicated. The modules used by the kernel
> (and the kernel file itself) *are* replaced during the process of
> upgrading the kernel, but the running code is not. There is a tiny
> chance of some kind of mismatch if new modules are loaded, so rebooting
> is recommended soon, and in the past I used to see a message to that
> effect, displayed during the upgrade.

For the benefit of the OP, who is unaware of the meaning of version
numbers, it's worth pointing out that during their upgrade, they got
a new set of modules along with the kernel because the new kernel was
in a new package with a new name.

However, it's not clear that, having searched for a new kernel and
found ("only") a 4.9.0-5 one, they have installed it. If they haven't,
they need to, or else they will not receive further upgrades.
Better still, install the most generic/least specific kernel metapackage
so that upgrades will be automatic (or more obvious, depending on
the tools used).

Cheers,
David.

Re: Playing or Ripping UDF CDs Under jessie

[Thomas Schmitt]

Hi,

deloptes wrote:
> it is really a pity - as those things are just bits

Actually its pits and lands.

The bits emerge only after detecting pit-land changes, converting 14
nearly-bits to 8 quite-really-bits and then decoding them from Reed-
Solomon representation to even fewer payload bits.


Have a nice day :)

Thomas

Re: comment and new question--when do upgrades take effect (side question)

[Neo]

Sorry for the hijack, but has this also to do with this newly enabled 
default kernel options?


grep STACKPROTECTOR /boot/config-3.16.0-5-amd64
CONFIG_HAVE_CC_STACKPROTECTOR=y
CONFIG_CC_STACKPROTECTOR=y
# CONFIG_CC_STACKPROTECTOR_NONE is not set
CONFIG_CC_STACKPROTECTOR_REGULAR=y
# CONFIG_CC_STACKPROTECTOR_STRONG is not set

because dkms now fails and so my geoip support in iptables is now 
broken, as the module is missing.


BR, Spacerat

Am 29.01.2018 um 15:15 schrieb Andy Smith:

Hi,

On Mon, Jan 29, 2018 at 08:18:35AM -0500, rhkra...@gmail.com wrote:

iiuc, the fixes for Spectre and Meltdown have been "backported"
(probably not the right word) to Wheezy (which is my "everyday"
machine).  If I'm wrong about that, somebody can let me know.

The confusion here is that "Spectre and Meltdown" comprise multiple
different (but related) vulnerabilities.

The dangerous effects of Meltdown are avoided in Linux by use of the
KPTI feature which is now in Debian's supported kernels.

Fixing one of the Spectre vulnerabilities requires new CPU
microcode, possibly a new BIOS, new kernel features and kernel to be
compiled with an as-yet unreleased version of GCC. For this you
would currently need to get a few things from sid and build your own
kernel. The risk/reward calculation for these actions requires some
thought because a suitable kernel update is likely to appear soon.

As for the other known Spectre vulnerability: no one has much of an
idea how to avoid yet, but probably will in the near future.

There are likely to be further vulnerabilities in this class that
are as-yet unknown at least to the public. There are also likely to
be new mitigations developed that get around known problems in less
expensive ways. So expect a lot more kernel updates in our near
future.

Cheers,
Andy

Re: Servidores, redundancia de servicios

[Cristian Mitchell]

El 29 de enero de 2018, 12:09,  escribió:

> Buenos días a todos
>
> Tengo 2 servidores, uno de ellos como servidor de correo el otro sin
> instalarle ningún servicio aún.
>
> Mi duda yes la siguiente:
>
> Necesito saber que hacer o como hacerlo, el lograr que el segundo servidor
> sea espejo del mismo, es decir si se me rompe uno de ellos y que siga el
> otro servidor dando el servicio de correo y así no se caia este servicio.
>
> Me puedan dar una ayuda respecto al tema, no se si es cluster, no estoy
> ducho en el tema, pero es muy importate lograr eso.
>
> Agradezco toda información o ayuda, gracias  y bueno que sirva a todos
> esta duda que yo tengo.
>
>
>
Buenos dias
Ante todo, tenes que entender que la redundancia es un tema muy ambiguo
En el caso de los servidores de mail tiene un método particular
se configuran los dos servidores en forma idéntica
los declaras como dos servidores diferente nombre e IP
y en tu servidor DNS creas dos entras para servidores MTX,
en la cual cambias la prioridad  que esta definida en segundos
lo mas común para el principal es entre 5 a 10 segundo,
para el secundario unos 20 seg.
sino responde el primario en 10 segundos le reenvía al secundario



-- 
MrIX
Linux user number 412793.
http://counter.li.org/

las grandes obras,
las sueñan los santos locos,
las realizan los luchadores natos,
las aprovechan los felices cuerdo,
y las critican los inútiles crónicos,

Re: Kernel for Spectre and Meltdown

[rhkramer]

On Monday, January 29, 2018 09:06:13 AM Michael Fothergill wrote:
> On 29 January 2018 at 13:35, Michael Fothergill <
> 
> michael.fotherg...@gmail.com> wrote:
> >> what has gcc7 to do with the patches is unclear to me, but I admit I
> >> have never worried about.
> > 
> > ​I thought you had to have gcc7 because it included a backport of some
> > code used in GCC 8 that was needed to allow e.g. the spectre fix to work
> > properly.
> > 
> > If you could use any compiler to do it then earlier my post truly would
> > be BS.​
> 
> PS as I understand (correct me if I am wrong)  the compiler needs to be GCC
> 7.3.0 or greater (I believe the 7.2 rc2 also works); if you used a compiler
> earlier that you would get a kernel that works OK in very respect except
> the for spectre fix itself.

Again, checking / confirming my understanding, if you download a kernel image 
(which is normal for me), there is no need for me to have any version of GCC 
as the image is pre-compiled.

On the other hand, if I download kernel source, I would need GCC, and a 
version that is sufficient for the code.

I have only compiled the kernel a few times, all a long time ago (12 to 15 
years?), on the advice of members of my local LUG, and maybe as a learning 
experience.  It is far from necessary for most of us.  (Some members of the 
LUG seemed to think it was imperative, and maybe it is for older smaller 
machines or maybe to squeeze the very last little bit of efficiency out of the 
system.)

Re: comment and new question--when do upgrades take effect

[David Wright]

On Mon 29 Jan 2018 at 09:17:14 (-0600), Richard Owlett wrote:
> On 01/29/2018 08:52 AM, to...@tuxteam.de wrote:
> >-BEGIN PGP SIGNED MESSAGE-
> >Hash: SHA1
> >
> >On Mon, Jan 29, 2018 at 09:37:54AM -0500, Roberto C. Sánchez wrote:
> >>On Mon, Jan 29, 2018 at 08:29:33AM -0600, Richard Owlett wrote:
> >
> >[...]
> >
> >>>I've seen comments such as that before.
> >>>But I've not seen anything about "What is KPTI or how to use it".
> >>>
> >>KPTI - kernel page table isolation
> >
> >[...]
> >
> >>The Wikipedia article on the subject is much more informative, if you
> >>want to go deeper.
> >
> >Indeed -- a visit to the Internet Library of Alexandria (aka Wikipedia)
> >should be mandatory these days (quick! before someone burns it down :-)
> >
> >   https://en.wikipedia.org/wiki/KPTI
> >
> 
> Mea [not quite] culpa
> I quit reading before the last sentence as it was talking about
> implementation details without any evident interest in Joe End User.

Well, certain end users seem to be very impatient for a fix before the
true scale of the problem has been fully appreciated.

> And that last sentence was not really informative. IMHO

You never know these days. We may eventually look back at Wikipedia
with nostalgia. Remember Net Neutrality, Fairness Doctrine, …?

> There has been a similar tendency in this and related threads.

No idea of what is meant and in what.

Cheers,
David.

Re: Atividades Debian na CPBR11

[Paulo Henrique de Lima Santana]

- Mensagem original -
> De: "Atenágoras Silva" 
>
> Olá Pessoal, tudo bem?
> Como se faz para participar da Campus Party sem acampar? E quanto custa?

Você pode ver essas informações no site do evento:
http://brasil.campus-party.org/
 
Abraços,

-- 
Paulo Henrique de Lima Santana (phls)
Curitiba - Brasil
Membro da Comunidade Curitiba Livre
Site: http://www.phls.com.br
GNU/Linux user: 228719  GPG ID: 0443C450

Apoie a campanha pela igualdade de gênero #HeForShe (#ElesPorElas)  
http://www.heforshe.org/pt

Servidores, redundancia de servicios

[luis]

Buenos días a todos

Tengo 2 servidores, uno de ellos como servidor de correo el otro sin
instalarle ningún servicio aún.

Mi duda yes la siguiente:

Necesito saber que hacer o como hacerlo, el lograr que el segundo servidor
sea espejo del mismo, es decir si se me rompe uno de ellos y que siga el
otro servidor dando el servicio de correo y así no se caia este servicio.

Me puedan dar una ayuda respecto al tema, no se si es cluster, no estoy
ducho en el tema, pero es muy importate lograr eso.

Agradezco toda información o ayuda, gracias  y bueno que sirva a todos
esta duda que yo tengo.

Re: comment and new question--when do upgrades take effect

[Richard Owlett]

On 01/29/2018 08:52 AM, to...@tuxteam.de wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Jan 29, 2018 at 09:37:54AM -0500, Roberto C. Sánchez wrote:

On Mon, Jan 29, 2018 at 08:29:33AM -0600, Richard Owlett wrote:


[...]


I've seen comments such as that before.
But I've not seen anything about "What is KPTI or how to use it".


KPTI - kernel page table isolation


[...]


The Wikipedia article on the subject is much more informative, if you
want to go deeper.


Indeed -- a visit to the Internet Library of Alexandria (aka Wikipedia)
should be mandatory these days (quick! before someone burns it down :-)

   https://en.wikipedia.org/wiki/KPTI



Mea [not quite] culpa
I quit reading before the last sentence as it was talking about 
implementation details without any evident interest in Joe End User.

And that last sentence was not really informative. IMHO

There has been a similar tendency in this and related threads.

Re: comment and new question--when do upgrades take effect

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Mon, Jan 29, 2018 at 09:37:54AM -0500, Roberto C. Sánchez wrote:
> On Mon, Jan 29, 2018 at 08:29:33AM -0600, Richard Owlett wrote:

[...]

> > I've seen comments such as that before.
> > But I've not seen anything about "What is KPTI or how to use it".
> > 
> KPTI - kernel page table isolation

[...]

> The Wikipedia article on the subject is much more informative, if you
> want to go deeper.

Indeed -- a visit to the Internet Library of Alexandria (aka Wikipedia)
should be mandatory these days (quick! before someone burns it down :-)

  https://en.wikipedia.org/wiki/KPTI

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlpvNRMACgkQBcgs9XrR2kbjpgCeOlEV1rXNEtQgveZS0TChdy4W
u4MAn3V4l58N0moF6t3Rbbqip4bze2r3
=e6vk
-END PGP SIGNATURE-

Re: Kernel for Spectre and Meltdown

[Carl Fink]

On Mon, Jan 29, 2018 at 02:28:06PM +0100, deloptes wrote:

> My conclusion to this Spectre and Meltdown hysteria is, that a single
> machine in a secure environment is not exactly endangered.
> People should better take care of their mobile devices, especially phones
> and tablets, where you need neither Spectre nor Meltdown to compromise.

Be fair: you also don't need Spectre or Meldtdown to compromise Linux-based
computers.  Somethings as simple as going a week between installing security
upgrades can do it.
-- 
Carl Fink   nitpick...@nitpicking.com 

Read my blog at blog.nitpicking.com.  Reviews!  Observations!
Stupid mistakes you can correct!

Re: comment and new question--when do upgrades take effect

[Roberto C . Sánchez]

On Mon, Jan 29, 2018 at 08:29:33AM -0600, Richard Owlett wrote:
> On 01/29/2018 08:15 AM, Andy Smith wrote:
> > [snip]
> > 
> > The dangerous effects of Meltdown are avoided in Linux by use of the
> > KPTI feature which is now in Debian's supported kernels.
> > 
> 
> I've seen comments such as that before.
> But I've not seen anything about "What is KPTI or how to use it".
> 
KPTI - kernel page table isolation

It basicall puts all kernel memory addresses in a completely different
address range than those of user processes.  You don't "use" it as the
kernel handles all of that for you.  All that is needed is to boot a
kernel that has the feature and then it will work automatically.  The
reason it protects against Meltdown is because accesses to kernel memory
under the new construct will force a context switch (meaning that stale
values are not left in machine registers that are accesible to user
code).

Also, there is a parameter you can pass to the kernel at boot time to
disable KPTI if you would rather not have it.

The Wikipedia article on the subject is much more informative, if you
want to go deeper.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: comment and new question--when do upgrades take effect (was: Re: Kernel for Spectre and Meltdown)

[Boyan Penkov]

Does checkrestart (apt-get install checkrestart) prompt for application
restarts on library updates, or only for daemons?

On Jan 29, 2018 08:43, "Joe"  wrote:

> On Mon, 29 Jan 2018 08:18:35 -0500
> rhkra...@gmail.com wrote:
>
>
> >
> > I regularly download "security" upgrades for Wheezy.  I assume that
> > most of those don't take effect until I restart the application.  For
> > instance, a Firefox upgrade does not take effect until I shutdown
> > Firefox and restart it.
> >
> > Correspondingly, I assume that a Linux kernel upgrade does not take
> > effect until I reboot the machine.
>
> Yes, but it's a little more complicated. The modules used by the kernel
> (and the kernel file itself) *are* replaced during the process of
> upgrading the kernel, but the running code is not. There is a tiny
> chance of some kind of mismatch if new modules are loaded, so rebooting
> is recommended soon, and in the past I used to see a message to that
> effect, displayed during the upgrade.
>
> Generally, user applications (e.g. Firefox) will not be restarted
> automatically, but most daemons will be e.g. mysql, exim4. Some
> important daemons may request your input as to whether to restart or
> not e.g. during a major upheaval such as a libc upgrade. Pretty much
> all software on a server is in the form of daemons, and generally
> rebooting a server is only necessary after a change of kernel.
>
> --
> Joe
>
>

Re: comment and new question--when do upgrades take effect

[Richard Owlett]

On 01/29/2018 08:15 AM, Andy Smith wrote:

[snip]

The dangerous effects of Meltdown are avoided in Linux by use of the
KPTI feature which is now in Debian's supported kernels.



I've seen comments such as that before.
But I've not seen anything about "What is KPTI or how to use it".

Re: Kernel for Spectre and Meltdown

[Michael Fothergill]

On 29 January 2018 at 13:35, Michael Fothergill <
michael.fotherg...@gmail.com> wrote:

>
>
> On 29 January 2018 at 13:28, deloptes  wrote:
>
>> Michael Fothergill wrote:
>>
>> > I accept that are some kernels that you could run in stable apparently
>> > that address the security issue etc.
>> > I apologise for inaccuracy there.
>> > But perhaps not all of what I posted is BS.
>>
>> You can run any kernel in stable
>>
>> I just build 4.14
>>
>> make oldconfig
>> make -j4 deb-pkg
>>
>> what has gcc7 to do with the patches is unclear to me, but I admit I have
>> never worried about.
>>
>
> ​I thought you had to have gcc7 because it included a backport of some
> code used in GCC 8 that was needed to allow e.g. the spectre fix to work
> properly.
>
> If you could use any compiler to do it then earlier my post truly would be
> BS.​
>

PS as I understand (correct me if I am wrong)  the compiler needs to be GCC
7.3.0 or greater (I believe the 7.2 rc2 also works); if you used a compiler
earlier that you would get a kernel that works OK in very respect except
the for spectre fix itself.

The spectre-meltdown checker  if you ran it (as I did in gentoo with the
7.2.1 compiler or whatever it was) said that the compiler I used was not
capable of properly installing the spectre fix so it was not enabled.

GCC 7.3.0 is now available in Debian sid.

Cheers

MF  ​


>
>
> ​Cheers
>
> MF​
>
>>
>> My conclusion to this Spectre and Meltdown hysteria is, that a single
>> machine in a secure environment is not exactly endangered.
>> People should better take care of their mobile devices, especially phones
>> and tablets, where you need neither Spectre nor Meltdown to compromise.
>>
>> regards
>>
>>
>

Re: Comment aller dans le shell d'un conteneur Docker ?

[G2PC]

>> Comment aller dans le shell d'un conteneur Docker ?
>>
>> J'espère que déjà, dans cette première phrase, il n'y a pas de faute,
>> et, que l'on dit bien " Aller dans le shell d'un conteneur Docker ".
> « Aller » peut laisser penser que l'instance shell est déjà lancée dans
> le docker alors que ce n'est pas le cas : on _exécute_ simplement un
> shell dans le docker. Je pense que la bonne façon de dire serait donc
> plutôt : « _exécuter_ un shell _interactif_ dans un container docker. » ;)

Exécuter un shell interactif dans un container Docker

docker exec -ti  bash
docker exec -ti  /bin/sh
docker exec -ti  


>> Ici, l'id de status me sert à me connecter au shell :
>>
>> docker exec -it 8d876406448a bash
>>
>>
>> Le soucis que je rencontre, c'est que l'id de status n'est pas toujours
>> le même, si je ne me trompe pas.
>>
>> Ainsi, si je partage une machine virtuelle avec une autre personne,
>> puis, que le conteneur Docker sauvegardé est réimporté, nous n'aurons
>> pas le même id de status.
>>
>>
>> Cela ne me permet pas, de ce fait, d'écrire un script, pour me retrouver
>> directement connecté au Shell de mon conteneur.
>>
>> Comment faire pour récupérer l'id de status automatiquement, pour
>> pouvoir lancer la commande suivante depuis un script :
>>
>> docker exec -it IDSTATUS bash
> Au moment où ton docker est lancé, tu peux indiquer un nom à ton
> instance :
>
> docker run --name machintruc l-image-docker-bidul
>
> Et, sauf erreur, tu peux utiliser le nom que tu as donné à ton
> instance :
>
> docker exec -it machintruc bash
>
> J'ignore comment ton docker est lancé exactement mais si tu veux
> que l'instance soit identifiable facilement c'est de ce côté qu'il
> faut chercher à mon avis.

Après relecture de mes notes, je pense que tu as parfaitement raison.
Je vais tester au plus tôt, j'ai modifié mes notes avec ta proposition
de commande :

docker exec -it NomConteneur bash

NB : Je me rend compte que ma question n'était pas en rapport avec
Debian, mais, avec l'usage du shell.
Merci pour ton retour.

Re: comment and new question--when do upgrades take effect (was: Re: Kernel for Spectre and Meltdown)

[Andy Smith]

Hi,

On Mon, Jan 29, 2018 at 08:18:35AM -0500, rhkra...@gmail.com wrote:
> iiuc, the fixes for Spectre and Meltdown have been "backported"
> (probably not the right word) to Wheezy (which is my "everyday"
> machine).  If I'm wrong about that, somebody can let me know.

The confusion here is that "Spectre and Meltdown" comprise multiple
different (but related) vulnerabilities.

The dangerous effects of Meltdown are avoided in Linux by use of the
KPTI feature which is now in Debian's supported kernels.

Fixing one of the Spectre vulnerabilities requires new CPU
microcode, possibly a new BIOS, new kernel features and kernel to be
compiled with an as-yet unreleased version of GCC. For this you
would currently need to get a few things from sid and build your own
kernel. The risk/reward calculation for these actions requires some
thought because a suitable kernel update is likely to appear soon.

As for the other known Spectre vulnerability: no one has much of an
idea how to avoid yet, but probably will in the near future.

There are likely to be further vulnerabilities in this class that
are as-yet unknown at least to the public. There are also likely to
be new mitigations developed that get around known problems in less
expensive ways. So expect a lot more kernel updates in our near
future.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Playing or Ripping UDF CDs Under jessie

[Martin McCormick]

Charlie Gibbs  writes:
> On 28/01/18 01:04 AM, Thomas Schmitt wrote:
> 
> 
> Martin McCormick wrote:
> 
> 
> cdparanoia [...] plays but you lose the individual track 
> boundaries as
> you see in the listing above.
> 
> 
> I guess you'd need to read the tracks one by one, like
>cdparanoia -d $drivespec "1-1" track_1.wav
>cdparanoia -d $drivespec "2-2" track_2.wav
> and so on up to number 20.
> 
> 
> 
> Not at all. The -B (batch) option will automatically generate one file per
> track.

I was just in too big of a hurry to try things out and forgot the -B or
--batch flag.  When using that flag, one would never know that
anything else needed to be done to rip the disk.  It just worked.
cdparanoia -d $drivespec -B "1-"

Martin McCormick

Re: Kernel for Spectre and Meltdown

[Michael Fothergill]

On 29 January 2018 at 13:28, deloptes  wrote:

> Michael Fothergill wrote:
>
> > I accept that are some kernels that you could run in stable apparently
> > that address the security issue etc.
> > I apologise for inaccuracy there.
> > But perhaps not all of what I posted is BS.
>
> You can run any kernel in stable
>
> I just build 4.14
>
> make oldconfig
> make -j4 deb-pkg
>
> what has gcc7 to do with the patches is unclear to me, but I admit I have
> never worried about.
>

​I thought you had to have gcc7 because it included a backport of some code
used in GCC 8 that was needed to allow e.g. the spectre fix to work
properly.

If you could use any compiler to do it then earlier my post truly would be
BS.​


​Cheers

MF​

>
> My conclusion to this Spectre and Meltdown hysteria is, that a single
> machine in a secure environment is not exactly endangered.
> People should better take care of their mobile devices, especially phones
> and tablets, where you need neither Spectre nor Meltdown to compromise.
>
> regards
>
>

Re: Kernel for Spectre and Meltdown

[Michael Fothergill]

On 29 January 2018 at 13:26,  wrote:

> On Monday, January 29, 2018 06:22:50 AM Michael Fothergill wrote:
> > ​I accept that are some kernels that you could run in stable apparently
> > that address the security issue etc.
>

​Do they work on spectre as well as meltdown?
Sorry for not replying on the site by mistake.

Regards

MF​



>
> I'd go a step further--it's not some (random) kernels that you could run,
> but
> it is the updated kernels (now, and unless a regression, going forward)
> that
> will have the fix(es) and will run "automatically" (perhaps after a
> reboot).
>
>
>

Re: OT - Microservices, Node.js, Apache Kafka...

[luisededios]

Que bueno Edwin,

Yo he descargado alguna info pero voy a ver ese tuto que me indicas.

Pues si me gustaria compartir experiencia mientras vamos incursionando.

Dices que el proyecto esta con Node.js, pregunto: es una arquitectura de  
mcroservicios?



On Sun, 28 Jan 2018 12:40:07 -0500, Edwin De La Cruz  
 wrote:



El día 28 de enero de 2018, 12:09, Galvatorix Torixgalva
 escribió:

Creo que la pregunta es sobre como usar ese software y tambien sobre
comunidades de usuarios que lo usen. Es correcto?.


Justamente esta semana he estado investigando un poco sobre Apache
Kafka porque creo lo puedo usar dentro de un proyecto que esta hecho
con NodeJS.
Las primeras pruebas con Kafka siguiendo el tutorial funcionaron sin
problema, todo en mi maquina local. Lo que no he conseguido es hacer
que funcione usando un producer o un consumer desde una maquina
remota. Sigo investigando, podemos compartir por este medio algo de
informacion.

Este es el tutorial que he seguido:

https://kafka.apache.org/quickstart


Mis proyectos de software libre en:
Github - edwinspire





--
Saludos,
Luis

Re: comment and new question--when do upgrades take effect (was: Re: Kernel for Spectre and Meltdown)

[Roberto C . Sánchez]

On Mon, Jan 29, 2018 at 08:18:35AM -0500, rhkra...@gmail.com wrote:
> 
> I regularly download "security" upgrades for Wheezy.  I assume that most of 
> those don't take effect until I restart the application.  For instance, a 
> Firefox upgrade does not take effect until I shutdown Firefox and restart it.
> 
That is correct.

> Correspondingly, I assume that a Linux kernel upgrade does not take effect 
> until I reboot the machine.
> 
Also correct.

You also need to be careful of library upgrades.  Fore xample, if there
is an update to libssl, then any application that uses it (i.e.,
dynamically links it or dlopens it) needs to be restarted.  If you run
Postfix and Apache (and have their SSL features configured and active)
you would need to restart them following a libssl upgade in order to
ensure that they are using the latest version.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: comment and new question--when do upgrades take effect (was: Re: Kernel for Spectre and Meltdown)

[Joe]

On Mon, 29 Jan 2018 08:18:35 -0500
rhkra...@gmail.com wrote:


> 
> I regularly download "security" upgrades for Wheezy.  I assume that
> most of those don't take effect until I restart the application.  For
> instance, a Firefox upgrade does not take effect until I shutdown
> Firefox and restart it.
> 
> Correspondingly, I assume that a Linux kernel upgrade does not take
> effect until I reboot the machine.

Yes, but it's a little more complicated. The modules used by the kernel
(and the kernel file itself) *are* replaced during the process of
upgrading the kernel, but the running code is not. There is a tiny
chance of some kind of mismatch if new modules are loaded, so rebooting
is recommended soon, and in the past I used to see a message to that
effect, displayed during the upgrade.

Generally, user applications (e.g. Firefox) will not be restarted
automatically, but most daemons will be e.g. mysql, exim4. Some
important daemons may request your input as to whether to restart or
not e.g. during a major upheaval such as a libc upgrade. Pretty much
all software on a server is in the form of daemons, and generally
rebooting a server is only necessary after a change of kernel.

-- 
Joe

Re: Playing or Ripping UDF CDs Under jessie

[deloptes]

Jonathan Dowland wrote:

> Good luck reading audio track data from CD-ROMs with dd. Or subcode
> information. Tip: you can't.

:D you are correct - it is really a pity - as those things are just bits

Re: Kernel for Spectre and Meltdown

[deloptes]

Michael Fothergill wrote:

> I accept that are some kernels that you could run in stable apparently
> that address the security issue etc.
> I apologise for inaccuracy there.
> But perhaps not all of what I posted is BS.

You can run any kernel in stable

I just build 4.14

make oldconfig
make -j4 deb-pkg

what has gcc7 to do with the patches is unclear to me, but I admit I have
never worried about.

My conclusion to this Spectre and Meltdown hysteria is, that a single
machine in a secure environment is not exactly endangered.
People should better take care of their mobile devices, especially phones
and tablets, where you need neither Spectre nor Meltdown to compromise.

regards

Re: Kernel for Spectre and Meltdown

[rhkramer]

On Monday, January 29, 2018 06:22:50 AM Michael Fothergill wrote:
> ​I accept that are some kernels that you could run in stable apparently
> that address the security issue etc.

I'd go a step further--it's not some (random) kernels that you could run, but 
it is the updated kernels (now, and unless a regression, going forward) that 
will have the fix(es) and will run "automatically" (perhaps after a reboot).

Re: Playing or Ripping UDF CDs Under jessie

[rhkramer]

On Monday, January 29, 2018 04:51:33 AM Jonathan Dowland wrote:
> On Sun, Jan 28, 2018 at 01:27:08AM +0100, deloptes wrote:
> >in any case no one can take the power of dd away :D
> 
> Good luck reading audio track data from CD-ROMs with dd. Or subcode
> information. Tip: you can't.

I guess I'll add my $0.02, just because this thread is persisting.  K3B (from 
KDE) (in Wheezy) works fine for me--after learning how to use it, it's worked 
for everything I've tried (including music CDs).

comment and new question--when do upgrades take effect (was: Re: Kernel for Spectre and Meltdown)

[rhkramer]

On Monday, January 29, 2018 03:35:58 AM Michael Fothergill wrote:
> On 29 January 2018 at 07:52, Dextin Jerafmel  wrote:
> > I tried to search for available Kernel images but there isn't any newer
> > Kernel than 4.9.0.5

> ​Your need to upgrade to unstable (Debian Sid).  Then you need to get the
> latest kernel from the kernel.org website.

I just want to emphasize that you don't need to upgrade to unstable (Debian 
Sid).

See the response in this thread from Bastien Durel.

Also, iiuc, the fixes for Spectre and Meltdown have been "backported" (probably 
not the right word) to Wheezy (which is my "everyday" machine).  If I'm wrong 
about that, somebody can let me know.

Sort of a digression:

I regularly download "security" upgrades for Wheezy.  I assume that most of 
those don't take effect until I restart the application.  For instance, a 
Firefox upgrade does not take effect until I shutdown Firefox and restart it.

Correspondingly, I assume that a Linux kernel upgrade does not take effect 
until I reboot the machine.

I guess I can confirm by watching version numbers next time I get a kernel 
upgrade, but if someone can respond now, that would (possibly) set my mind at 
ease.

Re: OT - Microservices, Node.js, Apache Kafka...

[luisededios]

Asi mismo, ademas de conocer alguna experiencia, pues siempre ayuda  :)

On Sun, 28 Jan 2018 12:09:39 -0500, Galvatorix Torixgalva  
 wrote:



​Creo que la pregunta es sobre como usar ese software y tambien sobre
comunidades de usuarios que lo usen. Es correcto?.




--
Saludos,
Luis

Re: OT - Microservices, Node.js, Apache Kafka...

[luisededios]

Pues si,

Ya tengo alguna que he descargado pero por topicos, separadamente, pero  
quisiera saber como pincha todo junto.


--
Saludos,
Luis

On Sun, 28 Jan 2018 11:33:21 -0500, Felix Perez  
 wrote:


El 28 de enero de 2018, 13:21, luisededios   
escribió:

Hola Colegas,

Quisiera saber si alguien aca ha tenido alguna experiencia con estas
tecnologias. o al menos indicarme a donde dirigirme.

Por favor, agradezco cualquier comentario, pues no he encontrado algun
espacio donde pueda preguntar  :)



¿Qué necesitas? Una búsqueda en google arroja mucha información.

https://www.google.cl/search?source=hp=ufptWsnONYaWwQSEoq3YDg=Microservices%2C+Node.js%2C+Apache+Kafka=Microservices%2C+Node.js%2C+Apache+Kafka_l=psy-ab.3...2544.2544.0.4966.3.2.0.0.0.0.63.63.1.2.00...1c.2.64.psy-ab..1.0.0.0...44.9Jebix8ZEIE

Saludos.

Re: Kernel for Spectre and Meltdown

[Michael Fothergill]

On 29 January 2018 at 10:17, Michael Lange  wrote:

> Hi,
>
> On Mon, 29 Jan 2018 08:35:58 +
> Michael Fothergill  wrote:
>
> > ​Your need to upgrade to unstable (Debian Sid).  Then you need to get
> > the latest kernel from the kernel.org website.
> > You also need to install GCC7 in sid which will give you version 7.3.0
> > at present.  That is a new enough compiler to be able to properly
> > install the spectre and meltdown fixes.
>
> The "meltdown fix" (a.k.a. page tables isolation) is already included in
> Stretch's 4.9 kernel.
>
> > Then you need to run the spectre/meltdown checker which you can get
> > from a github site and run locally on your box to know it's really
> > installed properly.
> > AFAICT at present running a kernel with spectre and meltdown protection
> > means running debian in the opposite way it is usually billed as to the
> > outside world ie unstable for quite some time.
>
> That's not entirely true, you can run Debian Stable / Stretch with a
> kernel that was compiled on Sid with gcc-7.3, however it is true that for
> now there is no such kernel available for Stretch out-of-the-box and even
> installing the latest gcc-7 compiler packages from sid on a Stretch
> system is, if possible at all, probably not trivial.
>

​That is pretty much what I had been led to believe already except
for the part where you suggest that a kernel compiled in Sid could
apparently
be used in stable.  Again, if that would be true I should have mentioned it
to the OP; sorry about that.
Apart from that it makes me think that what I posted was perhaps not BS
after all...

Cheers

MF​



>
> I assume that most likely someone is working on an update to gcc-6 that
> will make it possible to compile the latest "spectre fix" into the kernel
> with Stretch's default compiler and we will have to wait until that is
> done.
>
> I think it is likely though, that a kernel with that fix will be
> available soon in the "experimental" suite and could be installed
> manually on Stretch.
>

​



>
> Regards
>
> Michael
>
> .-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.
>
> After a time, you may find that "having" is not so pleasing a thing,
> after all, as "wanting."  It is not logical, but it is often true.
> -- Spock, "Amok Time", stardate 3372.7
>
>

Re: Kernel for Spectre and Meltdown

[Michael Stone]

On Mon, Jan 29, 2018 at 12:20:17PM +, Michael Fothergill wrote:

So I should have mentioned it to them.  But, to be fair the OP specifically
mentioned that
they were interested in fixes to the meltdown and spectre vulnerabilities ie
both problems not just one of them.


Well, to be fair, it would have been really good to point out that the 
best strategy would be to wait for the bugs to be worked out rather than 
haring off into frantically rebuilding kernels. 


Mike Stone

Re: Kernel for Spectre and Meltdown

[Michael Fothergill]

On 29 January 2018 at 10:17, Michael Lange  wrote:

> Hi,
>
> On Mon, 29 Jan 2018 08:35:58 +
> Michael Fothergill  wrote:
>
> > ​Your need to upgrade to unstable (Debian Sid).  Then you need to get
> > the latest kernel from the kernel.org website.
> > You also need to install GCC7 in sid which will give you version 7.3.0
> > at present.  That is a new enough compiler to be able to properly
> > install the spectre and meltdown fixes.
>
> The "meltdown fix" (a.k.a. page tables isolation) is already included in
> Stretch's 4.9 kernel.
>

​Yes, that is true.  If the OP was running an Intel box than that really
would be useful to them.
So I should have mentioned it to them.  But, to be fair the OP specifically
mentioned that
they were interested in fixes to the meltdown and spectre vulnerabilities
ie both problems not just one of them.


Cheers

MF
​


>
> > Then you need to run the spectre/meltdown checker which you can get
> > from a github site and run locally on your box to know it's really
> > installed properly.
> > AFAICT at present running a kernel with spectre and meltdown protection
> > means running debian in the opposite way it is usually billed as to the
> > outside world ie unstable for quite some time.
>
> That's not entirely true, you can run Debian Stable / Stretch with a
> kernel that was compiled on Sid with gcc-7.3, however it is true that for
> now there is no such kernel available for Stretch out-of-the-box and even
> installing the latest gcc-7 compiler packages from sid on a Stretch
> system is, if possible at all, probably not trivial.
>
> I assume that most likely someone is working on an update to gcc-6 that
> will make it possible to compile the latest "spectre fix" into the kernel
> with Stretch's default compiler and we will have to wait until that is
> done.
>
> I think it is likely though, that a kernel with that fix will be
> available soon in the "experimental" suite and could be installed
> manually on Stretch.
>
> Regards
>
> Michael
>
> .-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.
>
> After a time, you may find that "having" is not so pleasing a thing,
> after all, as "wanting."  It is not logical, but it is often true.
> -- Spock, "Amok Time", stardate 3372.7
>
>

Re: Atividades Debian na CPBR11

[Atenágoras Silva]

Olá Pessoal, tudo bem?
Como se faz para participar da Campus Party sem acampar? E quanto custa?

Um grande abraço do fundo do meu coração vermelho de outubro de 1917,
Atenágoras Souza Silva.

Em 28 de janeiro de 2018 17:41, Paulo Henrique de Lima Santana <
p...@softwarelivre.org> escreveu:

>
>
> - Mensagem original -
> > De: "Éderson Almeida de Jesus" 
> > Para: "Paulo Henrique" 
> > Cc: "debian-user-portuguese" 
> > Enviadas: Domingo, 28 de janeiro de 2018 17:13:31
> > Assunto: Re: Atividades Debian na CPBR11
>
> > Ola Paulo, tudo bem?
>
> Olá, td tranquilo.
>
> > As atividades serão gravadas e disponibilizadas em algum lugar para quem
> > não puder comparecer na CPBR11?
>
> A maioria delas não. Normalmente a Campus transmite e grava apenas as
> atividades nos palcos.
>
> Abraços,
>
> --
> Paulo Henrique de Lima Santana (phls)
> Curitiba - Brasil
> Membro da Comunidade Curitiba Livre
> Site: http://www.phls.com.br
> GNU/Linux user: 228719  GPG ID: 0443C450
>
> Apoie a campanha pela igualdade de gênero #HeForShe (#ElesPorElas)
> http://www.heforshe.org/pt
>
>

Re: Kernel for Spectre and Meltdown

[arne]

> > sudo install spectre-meltdown-checker
> > sudo spectre-meltdown-checker
> > 
> > works at least in stretch.  
> 
> Seems like stretch-backports must be enabled for that, though.


You are right. I forgot to check.

Re: How to rebuild a Debian package for a foreign architecture?

[Vincent Lefevre]

On 2018-01-26 09:47:58 +, Curt wrote:
> On 2018-01-25, Vincent Lefevre  wrote:
> > On 2018-01-25 14:53:14 +, Curt wrote:
> >> On 2018-01-25,   wrote:
> >> >
> >> > It seems that you are missing the '386 (or more precisely the '686)
> >> > executables. Perhaps you need the package dpkg-cross.
> >> >
> >> >> If I need binutils-i686-linux-gnu, shouldn't dpkg-buildpackage fail
> >> >> when checking the build dependencies?
> >> >
> >> > I'll leave that question to someone more knowledgeable.
> >> 
> >> I'm much less so, but I've heard people recommending pbuilder for
> >> this (chroot).
> >> 
> >>  pbuilder --create --architecture i386
> >>  pbuilder --build mypackage.dsc
> >
> > IMHO, this is overkill, at least in my case. And I don't like to
> > require root just to build a package.
> 
> Apparently you need root to satisfy the build *dependencies* (which
> means you need to be root to install a package--but we new that
> already).

When I want to build a package for the native architecture, I don't
need to be root. If there are missing build dependencies, then the
missing packages are listed, so that I can install them as root,
then I can retry the package build as a normal user. So, the only
things I do as root is to install packages. The build is entirely
done as a normal user.

> However 
> 
>  ...most packages do not need root privilege to build, or even
>  refused to build when they are built as root. pbuilder can create a user
>  which is only used inside pbuilder and use that user id when building,
>  and use the fakeroot command when root privilege is required.
> 
> https://pbuilder.alioth.debian.org/#nonrootchroot

Or perhaps I can try pbuilder-user-mode-linux.

The issue is that all this will require a major rewrite of my
scripts...

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: Kernel for Spectre and Meltdown

[Michael Fothergill]

On 29 January 2018 at 10:10, deloptes  wrote:

> Michael Fothergill wrote:
>
> > Your need to upgrade to unstable (Debian Sid).  Then you need to get the
> > latest kernel from the kernel.org website.
>
> worst BS ever seen - DON'T LISTEN TO THIS PLEASE
>
> Michael, please stop writing such things in public
>

​I accept that are some kernels that you could run in stable apparently
that address the security issue etc.
I apologise for inaccuracy there.
But perhaps not all of what I posted is BS.

Cheers

MF​


>
> regards
>
>

Re: [Un chouilla HS] Samsung et Debian ?

[Alexandre Hoïde]

On Mon, Jan 29, 2018 at 12:27:28PM +0900, Charles Plessy wrote:
> Le Sun, Jan 28, 2018 at 01:07:27PM +0100, Alexandre Hoïde a écrit :
> > 
> >   J'espère encore l'arrivée d'une solution qui serait conçue dans le
> > respect des principes du Libre ou, au minimum, des engagements et des
> > gages sur la confidentialité. Puisse ce vœu ne pas rester pieux… et
> > m'aider à résister à cette sirène.
> 
> Dans cette catégorie, le Librem 5 semble assez prometteur:
> 
> https://puri.sm/shop/librem-5/
> 
> Amicalement
> 

  Oui ! Là on s'approche de l'idéal… si ce n'est l'incertitude et
l'impatience (Librem 5 - janvier 2019) qui mettent les nerfs à
rude épreuve !

  Bonne route à Purisme et merci pour le lien Charles.

-- 
 ___
| $ post_tenebras ↲ | waouh!
| GNU\ /|\
|  -- * --  | o
| $ who ↲/ \|_-- ~_|
| Alexandre Hoïde   |  _/| |
 ---

Re: Playing or Ripping UDF CDs Under jessie

[Thomas Schmitt]

Hi,

i wrote:
> > They saw a CD and tried UDF. Cluelessly and in vain.

Jonathan Dowland wrote:
> They did that because of the fstab line which specified udf, and the
> presence of a data track on the CD.

The "problem CD" is pure audio. No indication on Table-Of-Content level
that there would be sectors readable by READ(10).
Whatever software tries to mount a filesystem there does not take
into account the sector format of the tracks.


> I've never seen the use of "iso9660,udf" in that column of fstab before.
> (would "auto" do the same thing?) You learn something new every day!

My Debian 8 fstab has such entries for sr0 and sr1, none for sr2 to sr4.
Like:
  /dev/sr0/media/cdrom0   udf,iso9660 user,noauto 0   0

I have disabled automounting on my system. What i cannot stop is udev
groping a newly inserted medium. Workaround is to wait until all drive
blinking stops before using the medium for mounting or burning.

I tried manual mounting as superuser with a commercial audio CD:

  # mount -t udf,iso9660 /dev/sr4 /mnt/iso
  mount: /dev/sr4 is write-protected, mounting read-only
  mount: /dev/sr4: can't read superblock

dmesg reports afterwards 

  [X.698578] sr 44:0:0:0: [sr4]  
  [X.698580] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
  [X.698581] sr 44:0:0:0: [sr4]  
  [X.698582] Sense Key : Illegal Request [current] 
  [X.698584] sr 44:0:0:0: [sr4]  
  [X.698586] Add. Sense: Illegal mode for this track
  [X.698587] sr 44:0:0:0: [sr4] CDB: 
  [X.698588] Read(10): 28 00 00 00 00 10 00 00 01 00
  [X.698591] end_request: I/O error, dev sr4, sector 64

This is a READ(10) attempt, which a system with a clue should not try
on tracks with CONTROL value 0.
I get a more standards compliant Sense Code from my ASUS BW-16D1HT burner
than Martin McCormick got from his SONY CRX140E, which seems to be quite
aged (CD only, IDE, reviews from year 2000, ...).

Linux has clue of CD media by its ioctl() family CDROM_*, but obviously
this does not fully shine through with filesystems, and probably even
less with userland automounters.

The mount attempts are not done with this first failure:
  ...
  [X.703472] UDF-fs: error (device sr4): udf_read_tagged: read failed, 
block=256, location=256
  ... many more failed READ(10) and messages about UDF ...
  [X.771416] UDF-fs: warning (device sr4): udf_fill_super: No partition found 
(1)
  ...
  [X.783391] isofs_fill_super: bread failed, dev=sr4, iso_blknum=16, block=16
  ...
  [X.807885] EXT4-fs (sr4): unable to read superblock
  ... 2 retries on same address ...
  [X.853593] FAT-fs (sr4): unable to read boot sector
  ... repeating the attempts for EXT4-fs and FAT-fs ...

So it does not look like mount would take the -t list as a restriction
for trying other filesystem formats.


deloptes wrote:
> > in any case no one can take the power of dd away :D

Jonathan Dowland wrote:
> Good luck reading audio track data from CD-ROMs with dd. Or subcode
> information. Tip: you can't.

Yep. dd uses POSIX functions like read(2), which in the end emit READ(10)
commands to the drive. But as said, this generic SCSI read command works
only with pure data storage devices or with data tracks on CD.
DVD and BD offer no non-data tracks. So CD are the only media i know,
which can offer non-data data.

Reading the subchannel info of CDs is normally only of interest for cloning
identical media or for circumventing weird read protection methods.
Their normal job is to tell an audio player roughly the current read
position, the Media Catalog Number, ISRC, CD-TEXT, ... For all drives it
provides the track's CONTROL value, which tells parts of the sector format.


Have a nice day :)

Thomas

Re: Kernel for Spectre and Meltdown

[Michael Lange]

On Mon, 29 Jan 2018 10:48:27 +0100
arne  wrote:

> sudo install spectre-meltdown-checker
> sudo spectre-meltdown-checker
> 
> works at least in stretch.

Seems like stretch-backports must be enabled for that, though.

Regards

Michael


.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

You speak of courage.  Obviously you do not know the difference between
courage and foolhardiness.  Always it is the brave ones who die, the
soldiers.
-- Kor, the Klingon Commander, "Errand of Mercy",
   stardate 3201.7

Re: Kernel for Spectre and Meltdown

[Michael Lange]

Hi,

On Mon, 29 Jan 2018 08:35:58 +
Michael Fothergill  wrote:

> ​Your need to upgrade to unstable (Debian Sid).  Then you need to get
> the latest kernel from the kernel.org website.
> You also need to install GCC7 in sid which will give you version 7.3.0
> at present.  That is a new enough compiler to be able to properly
> install the spectre and meltdown fixes.

The "meltdown fix" (a.k.a. page tables isolation) is already included in
Stretch's 4.9 kernel.

> Then you need to run the spectre/meltdown checker which you can get
> from a github site and run locally on your box to know it's really
> installed properly.
> AFAICT at present running a kernel with spectre and meltdown protection
> means running debian in the opposite way it is usually billed as to the
> outside world ie unstable for quite some time.

That's not entirely true, you can run Debian Stable / Stretch with a
kernel that was compiled on Sid with gcc-7.3, however it is true that for
now there is no such kernel available for Stretch out-of-the-box and even
installing the latest gcc-7 compiler packages from sid on a Stretch
system is, if possible at all, probably not trivial.

I assume that most likely someone is working on an update to gcc-6 that
will make it possible to compile the latest "spectre fix" into the kernel
with Stretch's default compiler and we will have to wait until that is
done.

I think it is likely though, that a kernel with that fix will be
available soon in the "experimental" suite and could be installed
manually on Stretch.

Regards

Michael

.-.. .. ...- .   .-.. --- -. --.   .- -. -..   .--. .-. --- ... .--. . .-.

After a time, you may find that "having" is not so pleasing a thing,
after all, as "wanting."  It is not logical, but it is often true.
-- Spock, "Amok Time", stardate 3372.7

Re: Durée de boot

[yamo']

yamo' a écrit le 28/01/2018 à 11:40 :

> andre_deb...@numericable.fr a écrit le 22/01/2018 à 16:40 :
>> Jessie :
>> $ systemd-analyze time
>> Startup finished in 3.212s (kernel) + 27.230s (userspace) = 30.442s
>>
>> Oui, mais à partir de quand il arrête de compter ? :
>> avant le démarrage du bureau et si une fois bureau établi,
>> avec quel bureau.
>> Il faudrait rebooter en mode sans bureau (non graphique) pour voir.
>>
>> André
>>
> 
> 
> Sur ubuntu 16.04 XFCE en autologin, sur disque SSD pour la racine :
> 
> 
> $ systemd-analyze time
> Startup finished in 7.809s (kernel) + 7.426s (userspace) = 15.236s
> 
> Je rebooterai sur debian jessie pour donner le chiffre.

Sur jessie en  autologin sur LXDE :

$ systemd-analyze time
Startup finished in 2.386s (kernel) + 1.389s (userspace) = 3.775s


Sur ubuntu,  la commande «systemd-analyse blame » indiqué dans ce thread
m'a permis de voir que sur mon
ubuntu j'avais apt-daily.service qui ralentissait le démarrage.

cf




-- 
Stéphane

Re: Kernel for Spectre and Meltdown

[deloptes]

Michael Fothergill wrote:

> Your need to upgrade to unstable (Debian Sid).  Then you need to get the
> latest kernel from the kernel.org website.

worst BS ever seen - DON'T LISTEN TO THIS PLEASE

Michael, please stop writing such things in public

regards

Re: Playing or Ripping UDF CDs Under jessie

[Jonathan Dowland]

On Sun, Jan 28, 2018 at 10:04:22AM +0100, Thomas Schmitt wrote:

Martin McCormick wrote:



I thought it was udf because one of the two systems I
tried it on spewed out a reference to udffs


They saw a CD and tried UDF. Cluelessly and in vain.


They did that because of the fstab line which specified udf, and the
presence of a data track on the CD.

I've never seen the use of "iso9660,udf" in that column of fstab before.
(would "auto" do the same thing?) You learn something new every day!

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.

Re: Playing or Ripping UDF CDs Under jessie

[Jonathan Dowland]

On Sun, Jan 28, 2018 at 01:27:08AM +0100, deloptes wrote:

in any case no one can take the power of dd away :D


Good luck reading audio track data from CD-ROMs with dd. Or subcode
information. Tip: you can't.

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.

Re: Stretch stuck on boot

[Daniel Nemenyi]

Thank you for the advice,


tv.deb...@googlemail.com writes:

> On 28/01/2018 20:25, to...@tuxteam.de wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On Sun, Jan 28, 2018 at 02:04:54PM +, Daniel Nemenyi wrote:
>>> Dear all,
>>>
>>> My laptop has for the second time got stuck on boot, and a seemingly
>>> random number of hard reboots has been necessary to get it running. This
>>> obviously worries me. I'm running Debian Stretch with full disk
>>> encryption and, after grub, this is what happens:
>>>
>>>   WARNING: Failed to connect to lvmetad. Falling back to device scanning.
>>
>> FWIW, I think this one is normal: the LVM metadata daemon isn't up yet
>> at this early stage (I can observe that warning in my boot process too).
>>
>>>   Volume group "hostname-vg" not found
>>>   Cannot process volume group hostname-vg
>>
>> Normal too: they will be there after cryptsetup unlocks things down
>> there:
>>
>>> Please unlock sda3_crypt: # password inserted
>>>   WARNING: Failed to connect to lvmetad. Falling back to device scanning.
>>>   Reading all physical volumes. This may take a while...
>>>   Found volme group "hostname-vg" using metadata type lvm2
>>>   WARNING: Failed to connect to lvmetad. Falling back to device scanning.
>>>   2 logical volume(s) in volume group "hostname-vg" now active.
>>> cryptsetup (sda3_crypt): set up successfully
>>> /dev/mapper/hostname--vg-root: clean 927829/14712832, 50294056/58823680
>>> blocks.
>>
>> Up to this, things look pretty normal.
>>
>>> At that point it gets stuck. The other time this happened the numbers
>>> were different (lower)
>>>
>>> When it does eventually boot, the next lines are:
>>> [48.862647] nouveau :04:00.0: bus: MMIO write of 807f FAULTat 100c18
>>> [48.945694] nouveau :04:00.0: bus: MMIO write of 807e FAULTat 100c1c
>>> ... and then normal boot.
>>>
>>> Is this a sign of the end of my laptop or SSD or is there something I
>>> can do?
>>
>> Given the intermittent nature, I'd lean towards flaky hardware (not
>> necessarily the SSD). What happens if you try to boot from an external
>> medium (e.g. a rescue system on a stick)?

It's an intermitent problem, sometimes it boots fine, so it's difficult
to test. But that's interesting to hear it might be more than just the
SSD, as I was thinking of just replacing it. This isn't the newest
machine...

>>
>> Ah, and while you are at it (and get your box to boot once more), make
>> a backup :)

Given that it coud be an array of problems, and that I'm kneck deep in
work and can't risk a complete boot failure at the moment for time
reasons, I think I might make two, and look into buying a new box ;)

>>
>> Cheers
>> - -- tomás
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1.4.12 (GNU/Linux)
>>
>> iEYEARECAAYFAlpt5HAACgkQBcgs9XrR2kb29wCfT7l80UBcO9mMQJeJd31w2F18
>> 7OQAniAYtvGoz7FCa+zBahM/pqjMHJK9
>> =a2E1
>> -END PGP SIGNATURE-
>>
>
> Hi, looks like a Nouveau gpu driver problem, do you have a Nvidia
> graphic card in this laptop ? Do you use Nvidia frivers or the free
> Nouveau ?

Well spotted, yes I do have a Nvidia graphics card and I'm using the
Nouveau.

>  >> When it does eventually boot, the next lines are:
>  >> [48.862647] nouveau :04:00.0: bus: MMIO write of 807f
> FAULTat >>100c18
>  >> [48.945694] nouveau :04:00.0: bus: MMIO write of 807e
> FAULTat >>100c1c
>  >> ... and then normal boot.
>
> Unfortunatly I don't have a fix to offer outside of trying to switch to
> Nvidia proprietary drivers and see if it helps. If you are already using
> Nvidia drivers then you need to blacklist Nouveau, and maybe also add
> "nomodeset" to your kernel boot parameters.

Ok, at this rate I'm thinking of abandoning ship but good to know in
case that doesn't happen or in case I repurpose this machine for another use.

> As Tomás said trying a live usb system, one with different kernel and
> Nouveau versions could help you pinpoint the origin.

Thanks a lot for the advice.

> Hope it helps.

Re: Kernel for Spectre and Meltdown

[arne]

On Mon, 29 Jan 2018 08:35:58 +
Michael Fothergill  wrote:
 
> 
> ​Your need to upgrade to unstable (Debian Sid).  Then you need to get
> the latest kernel from the kernel.org website.
> You also need to install GCC7 in sid which will give you version
> 7.3.0 at present.  That is a new enough compiler to be able to
> properly install the spectre and meltdown fixes.
> Then you need to run the spectre/meltdown checker which you can get
> from a github site and run locally on your box to know it's really
> installed properly.

sudo install spectre-meltdown-checker
sudo spectre-meltdown-checker

works at least in stretch.

Re: Kernel for Spectre and Meltdown

[Jonathan Dowland]

On Mon, Jan 29, 2018 at 08:35:58AM +, Michael Fothergill wrote:

​Your need to upgrade to unstable (Debian Sid).  Then you need to get the
latest kernel from the kernel.org website.


This is not good advice to a beginner.


You also need to install GCC7 in sid which will give you version 7.3.0 at
present.  That is a new enough compiler to be able to properly install the
spectre and meltdown fixes.
Then you need to run the spectre/meltdown checker which you can get from a
github site and run locally on your box to know it's really installed
properly.


spectre-meltdown-checker is packaged (in sid), this is a better route to
get the script as it is (or will be) adjusted to work properly on a
Debian system.

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.

Re: Kernel for Spectre and Meltdown

[Bastien Durel]

Le lundi 29 janvier 2018 à 07:52 +, Dextin Jerafmel a écrit :
> Hello
> 
> I've installed Debian 9.3 about one and a half month ago . I'm newbie
> to Linux world
> My Kernel was 4.9.0.3 at the first of installation . After upgrading
> ( sudo apt upgrade ) it becomes 4.9.0.4
> But in Your site You've mentioned Kernel for Debian Stretch is 4.9.65
> and You updated it for Spectre and Meltdown bugs
> I tried to search for available Kernel images but there isn't any
> newer Kernel than 4.9.0.5
> 
> Please guide me
> 
> Thanks a lot
> 
Hello.

Debian kernel versionning doesn't match kernel version itself.
You should see it via dpkg -s:

$ dpkg -s linux-image-4.9.0-5-amd64
Package: linux-image-4.9.0-5-amd64
Status: install ok installed
Priority: optional
Section: kernel
Installed-Size: 185320
Maintainer: Debian Kernel Team 
Architecture: amd64
Source: linux
Version: 4.9.65-3+deb9u2
 ^^
Depends: kmod, linux-base (>= 4.3~), initramfs-tools (>= 0.120+deb8u2)
| linux-initramfs-tool
Recommends: firmware-linux-free, irqbalance
Suggests: linux-doc-4.9, debian-kernel-handbook, grub-pc | grub-efi-
amd64 | extlinux
Breaks: initramfs-tools (<< 0.120+deb8u2), xserver-xorg-input-vmmouse
(<< 1:13.0.99)
Description: Linux 4.9 for 64-bit PCs
 The Linux kernel 4.9 and modules for use on PCs with AMD64, Intel 64
or
 VIA Nano processors.
 .
 This kernel also runs on a Xen hypervisor.  It supports both
privileged
 (dom0) and unprivileged (domU) operation.
Homepage: https://www.kernel.org/


As you can see, linux-image-4.9.0-5-amd64 is kernel 4.9.65

-- 
Bastien Durel

win32-loader

[jim sakono]

Can it be used to install Debian from a 64-bit Windows running on a 64-bit
CPU?

I failed to do it on a machine with i7-8550 CPU running Windows 10. It
complained about file g2ldr.mbr, with status 0xc07b.

There is also this mail   https://bugs.debian.org/cgi-bin/bugrepo ...
bug=824648 
which seems  to say that it will only work for 32-bit CPU and 32-bit
Windows. Is this true?

Re: New USB device found, idVendor=1004, idProduct=633e usb-storage

[lnx]

On 26/01/18 13:34, Geert Stappers wrote:
> 
> Hoi,
> 
> Een Android device heb ik met een USB kabel aan Linux computer zitten.
> 
> Aan Android kant is ingesteld op "bestandsoverdracht".
> Aan Linux kant verwacht ik een USB-storage device te zien te krijgen.
> 
> Maar dat is niet zo.   :-(
> 
> Met `dmesg` zie ik:
> 
> [ 1406.005619] usb 2-2: new high-speed USB device number 8 using xhci_hcd
> [ 1406.154589] usb 2-2: New USB device found, idVendor=1004, idProduct=633e
> [ 1406.154595] usb 2-2: New USB device strings: Mfr=5, Product=6, 
> SerialNumber=7
> [ 1406.154598] usb 2-2: Product: LG-M250
> [ 1406.154600] usb 2-2: Manufacturer: LGE
> [ 1406.154602] usb 2-2: SerialNumber: LGM250MRW8snip
> 
> Bij een werkende Android device zie ik met `dmesg` dit:
> 
> [ 1506.266803] usb 2-2: new high-speed USB device number 9 using xhci_hcd
> [ 1506.415577] usb 2-2: New USB device found, idVendor=0bb4, idProduct=0c03
> [ 1506.415583] usb 2-2: New USB device strings: Mfr=2, Product=3, 
> SerialNumber=4
> [ 1506.415586] usb 2-2: Product: MT65xx Android Phone
> [ 1506.415588] usb 2-2: Manufacturer: MediaTek
> [ 1506.415591] usb 2-2: SerialNumber: 0123456789ABCDEF
> [ 1506.416511] usb-storage 2-2:1.0: USB Mass Storage device detected
> [ 1506.416781] scsi host4: usb-storage 2-2:1.0
> [ 1507.435662] scsi 4:0:0:0: Direct-Access LinuxFile-CD Gadget    
> PQ: 0 ANSI: 2
> [ 1507.436035] scsi 4:0:0:1: Direct-Access LinuxFile-CD Gadget    
> PQ: 0 ANSI: 2
> [ 1507.436815] sd 4:0:0:0: Attached scsi generic sg1 type 0
> [ 1507.437066] sd 4:0:0:1: Attached scsi generic sg2 type 0
> [ 1507.438181] sd 4:0:0:0: [sdb] Attached SCSI removable disk
> [ 1507.438656] sd 4:0:0:1: [sdc] Attached SCSI removable disk

Zie in de dmesg's twee verschillende idVendors en idProducts en
misschien sla ik de plank mis maar kijk hier eens naar:

http://www.draisberghof.de/usb_modeswitch/


(Bij een 3G-USB-modem en een Smartphone had ik die USB-ModeSwitch
problemen.)

Groet,
Fred

Re: Kernel for Spectre and Meltdown

[Michael Fothergill]

On 29 January 2018 at 07:52, Dextin Jerafmel  wrote:

> Hello
>
> I've installed Debian 9.3 about one and a half month ago . I'm newbie to
> Linux world
> My Kernel was 4.9.0.3 at the first of installation . After upgrading (
> sudo apt upgrade ) it becomes 4.9.0.4
> But in Your site You've mentioned Kernel for Debian Stretch is 4.9.65 and
> You updated it for Spectre and Meltdown bugs
> I tried to search for available Kernel images but there isn't any newer
> Kernel than 4.9.0.5
>
> Please guide me
>

​Your need to upgrade to unstable (Debian Sid).  Then you need to get the
latest kernel from the kernel.org website.
You also need to install GCC7 in sid which will give you version 7.3.0 at
present.  That is a new enough compiler to be able to properly install the
spectre and meltdown fixes.
Then you need to run the spectre/meltdown checker which you can get from a
github site and run locally on your box to know it's really installed
properly.
AFAICT at present running a kernel with spectre and meltdown protection
means running debian in the opposite way it is usually billed as to the
outside world ie unstable for quite some time.

Eventually gcc 7.3 could become available in buster/testing but I don't
know when.

I think gentoo is  a good distribution to try in the current security
vulnerability situation.  It is good for kernel compilations and
modifications etc.

Running gcc 7.3 is as easy in gentoo stable is it is gentoo testing.  The
ebuild is there now and the latest version binunits (2.30) is getting
readied.  I have installed
gcc 7.3 on it and soon I will uprade the kernel shortly.  New kernels are
in the pipeline that will have more spectre fixes added.

I will fire them all in to my gentoo  install soon like a deck of cards.

Cheers

Regards

Michael Fothergill



​


>
> Thanks a lot
>
>