Re: Intel - Sky Lake Processor?

2018-04-21 Thread Ben Caradoc-Davies 

On 22/04/18 12:24, HP Garcia wrote:

Does any else have a Debian installed on a pc with a Intel Sky Lake
processor? Has anyone got it configured properly without any boot
errors?
Just curious.
HP Garcia


Skylake is now well-supported. I am using unstable on a Kaby Lake i7 
7700, one release later than Skylake. I installed stretch shortly before 
it was released and immediately upgraded to unstable. I think the 
stretch kernel was 4.9 something (and still is). I had no problems with 
the kernel (just problems with early motherboard UEFI setting incorrect 
turbo frequencies, all fixed now). Anyone using 3.x or early 4.x kernels 
on Skylake is going to have a bad time i.e. wheezy or jessie without 
jessie-backports). 4.9 should be fine. There is a 4.15 kernel on 
unstable and stretch-backports.


Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Re: Network-related Chicken and Egg Issue, attempting Install of Debian 9.4

2018-04-21 Thread tomas 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, Apr 21, 2018 at 03:13:09PM -0700, David Christensen wrote:

[...]

> AFAIK ifconfig was superseded by some component of systemd.

No. It's just not installed by default. It is part of package
net-tools, which you may install separately...

> If enough people install net-tools and popularity-contest,
> ifconfig(8) will make it to CD 1.

... as you yourself explain later.

> Alternatively, try Devuan:
> 
> https://devuan.org/

Devuan is nice: does it install net-tools by default?

As Dan says: there are valid reasons to not like systemd (and
there are valid reasons to like it), but spreading FUD about it
just fires backwards, and shouldn't be the style here...

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlrcHRMACgkQBcgs9XrR2kbueACeIDW1AZGMB5WncfsSRpkYPGWF
HYIAnAmSuPC7GNeZL6CL9SixYO9uXVhp
=6btr
-END PGP SIGNATURE-

Re: Debian for wide-world, yes we can!

2018-04-21 Thread Ben Finney 
MENGUAL Jean-Philippe  writes:

> Hypra developed […] a service to provide a free software based
> computer, as nice as typical PCs, with a better uman support (better
> privacy, including search engine, etc)
> - 200 blind and old people now use Debian GNU/Linux, Libreoffice and
> Firefox thanks to our system and human support.

That is a great service, thank you for maintaining it!

> Three years later, I am afraid with two things. 1. Most free software
> companies drop the desktop. It has consequences on privacy, and usae of
> computers with a low Internet connection.

This is not special to free-software companies. The desktop platforms
are in sharp decline generally, as most software is provided either as
Service as a Software Substitute, which strips autonomy from users
,
or mobile apps, where the computing platform is tightly controlled by
the monopolists (Apple, Google, Amazon) instead of the user community.

> Free software has not yet had success due to lack of human support
> with the free software based products.

Yes, free software certainly has gone backward in mind share, because
the desktop platform shrank in importance and we do not yet have a
decent foothold on the mobile and SaaSS platforms. The gains from the
1980s and 1990s need to be won all over again, and this time the
monopolists are more prepared :-/



> 2. Free software has less and less forces for accessibility and
> universal design. Only 5 persons work on the accessibility stac.

Kudos to those who do, and I agree with your implication that more
people need to work on accessibility in free software.

> Thanks in advance to anyone supporting tis initiative.

Thank you for raising attention to this, and viva Hypra!

-- 
 \  “Those who write software only for pay should go hurt some |
  `\ other field.” —Erik Naggum, in _gnu.misc.discuss_ |
_o__)  |
Ben Finney

Re: X does not work in Debian 9.4

2018-04-21 Thread David Wright 
On Sat 21 Apr 2018 at 22:01:23 (+), Long Wind wrote:
>  i copy those freq from monitor's manual
> and they work in 9.3 and early distro
> 
> i remove xorg.conf, error seems same
> see attachment

I don't understand the (EE) line below: do you normally see this with 9.3?
And incidentally do you normally run X on VC2?

--✄

[   110.450] (II) Module ABI versions:
[   110.450]X.Org ANSI C Emulation: 0.4
[   110.450]X.Org Video Driver: 23.0
[   110.450]X.Org XInput driver : 24.1
[   110.450]X.Org Server Extension : 10.0
[   110.450] (EE) dbus-core: error connecting to system bus:
 org.freedesktop.DBus.Error.FileNotFound
 (Failed to connect to socket
 /var/run/dbus/system_bus_socket:
 No such file or directory)
[   110.450] (++) using VT number 2

[   110.451] (II) xfree86: Adding drm device (/dev/dri/card0)

--✄

Here's what I get at the same point:

--✄

(II) Module ABI versions:
X.Org ANSI C Emulation: 0.4
X.Org Video Driver: 23.0
X.Org XInput driver : 24.1
X.Org Server Extension : 10.0
(++) using VT number 1

(II) systemd-logind: took control of session /org/freedesktop/login1/session/_31
(II) xfree86: Adding drm device (/dev/dri/card0)
(II) systemd-logind: got fd for /dev/dri/card0 226:0 fd 11 paused 0

--✄

Cheers,
David.

Re: encryption

2018-04-21 Thread David Wright 
On Sat 21 Apr 2018 at 20:10:27 (+0100), Brian wrote:
> On Sat 21 Apr 2018 at 13:54:03 -0500, David Wright wrote:
> 
> > On Sat 21 Apr 2018 at 19:14:06 (+0100), Brian wrote:

> > > Is it possible that ps output does not show parameters to switches?
> > 
> > Not AFAIK. Here, I can see lines in the list such as:
> 
> Then I do not understand why paramters are not shown. Maybe they come
> later in the output? I can forsee a few sleepness nights trying to
> figure this out. :)
> 
> At this juncture it appears I should have no worries about ps revealing
> the secret.

As well as David C's mention of "ps -f" (which was news to me), I should
point out that I use "ps ax" as a matter of course, and "ps wwax" when
when interesting bits fall off the right margin; ie the BSD flavour of ps
gives this information by default.

> >  1247 ?Ss 0:00 wpa_supplicant -B -i wlp2s0 -c 
> > /var/lib/wicd/configurations/44xxfcxx -Dwext
> >  1706 tty1 S  0:00 xterm -geometry 110x38+0+0 -fn neep-iso10646-1-18 -xrm 
> > *Page: 3 1
> > 
> > As you can see, I've mangled the MAC of my router that would be revealed 
> > otherwise.
> > 
> > And I wouldn't like to rely on winning a race with ps to avoid capture
> > of information exposed in my command lines.
> 
> I am not after winning any races but (seeing as you brought the issue
> up) knowing whether ps sees my secret and how to go about finding that
> out.

ps might not be the best tool for deliberately finding the info above.
The obvious place to look is /proc//cmdline (where NULs separate
the items). One can imagine a scenario where one tries to keep up with
the PID incrementation and hoover up all the cmdlines on the system as
they fly by.

Cheers,
David.

Re: encryption

2018-04-21 Thread David Wright 
On Sat 21 Apr 2018 at 13:04:20 (-0700), David Christensen wrote:
> On 04/20/18 12:38, Brian wrote:
> >DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT"
> 
> On 04/21/18 09:36, David Wright wrote:
> >If so, then won't the password be revealed by ps while eval is
> >evaluating it?
> 
> Apparently, not:
> 
> 2018-04-21 13:02:16 dpchrist@vstretch ~/sandbox/sh
> $ cat environment-var-ps
> CMD="echo hello" && eval "$CMD" && sleep 3 && echo world! &
> ps -f
> 
> 2018-04-21 13:02:18 dpchrist@vstretch ~/sandbox/sh
> $ dash environment-var-ps
> hello
> UIDPID  PPID  C STIME TTY  TIME CMD
> dpchrist  1681  1268  0 11:42 pts/100:00:00 -bash
> dpchrist  2541  1681  0 13:02 pts/100:00:00 dash environment-var-ps
> dpchrist  2542  2541  0 13:02 pts/100:00:00 dash environment-var-ps
> dpchrist  2543  2541  0 13:02 pts/100:00:00 ps -f
> dpchrist  2544  2542  0 13:02 pts/100:00:00 sleep 3
> 
> 2018-04-21 13:02:21 dpchrist@vstretch ~/sandbox/sh
> $ world!
> 
> 
> 2018-04-21 13:03:03 dpchrist@vstretch ~/sandbox/sh
> $ bash environment-var-ps
> hello
> UIDPID  PPID  C STIME TTY  TIME CMD
> dpchrist  1681  1268  0 11:42 pts/100:00:00 -bash
> dpchrist  2556  1681  0 13:03 pts/100:00:00 bash environment-var-ps
> dpchrist  2557  2556  0 13:03 pts/100:00:00 bash environment-var-ps
> dpchrist  2558  2556  0 13:03 pts/100:00:00 ps -f
> dpchrist  2559  2557  0 13:03 pts/100:00:00 sleep 3
> 
> 2018-04-21 13:03:05 dpchrist@vstretch ~/sandbox/sh
> $ world!

That just demonstrates a race between "echo hello" and ps.
Echo won, so all ps saw was the sleep command. What you need in $CMD
is a command that's slow to execute and loses the race:

wren!david 20:52:56 /tmp $ cat testing.sh 
CMD="echo hello && dd bs=1M if=/dev/urandom of=/dev/null count=100" && eval 
"$CMD" && echo world! &
ps -f
wren!david 20:53:01 /tmp $ bash testing.sh 
hello
UIDPID  PPID  C STIME TTY  TIME CMD
david 1591  1587  0 08:54 pts/400:00:00 bash
david11553  1591  0 20:53 pts/400:00:00 bash testing.sh
david11554 11553  0 20:53 pts/400:00:00 bash testing.sh
david11555 11553  0 20:53 pts/400:00:00 ps -f
david11556 11554  0 20:53 pts/400:00:00 dd bs=1M if=/dev/urandom 
of=/dev/null count=100
wren!david 20:53:04 /tmp $ 100+0 records in
100+0 records out
104857600 bytes (105 MB, 100 MiB) copied, 0.582277 s, 180 MB/s
world!

wren!david 20:53:07 /tmp $ dash testing.sh 
hello
UIDPID  PPID  C STIME TTY  TIME CMD
david 1591  1587  0 08:54 pts/400:00:00 bash
david11562  1591  0 20:53 pts/400:00:00 dash testing.sh
david11563 11562  0 20:53 pts/400:00:00 dash testing.sh
david11564 11562  0 20:53 pts/400:00:00 ps -f
david11565 11563  0 20:53 pts/400:00:00 dd bs=1M if=/dev/urandom 
of=/dev/null count=100
wren!david 20:53:11 /tmp $ 100+0 records in
100+0 records out
104857600 bytes (105 MB, 100 MiB) copied, 0.564181 s, 186 MB/s
world!

wren!david 20:53:12 /tmp $ 

Cheers,
David.

Re: X does not work in Debian 9.4

2018-04-21 Thread fmneto 
Hello Ennio,

this usually happens when you are using a graphics driver that
depends on a kernel module that is not shipped with the standard
kernel, like nvidia-driver for example. You need to reinstall the
module, linking it against the new kernel (boot into 4.15 and reinstall
the driver).

-Francisco

On Sat, 2018-04-21 at 20:17 +0200, Ennio-Sr wrote:
> * Long Wind  [210418, 10:26]:
> >  Thanks, my card is old, but it should work and it work in 9.3
> > i don't think changing resolution/depth will help
> > the setting is same as in stretch 9.3
> > resolution/freq are recommended by monitor's manual
> > [...]
> 
> Hi Francisco,
> yesterday I had a similar problem: during an 'apt-get upgrade' a new
> *linux-image-4.15.0-0.bpo.2-amd64_4.15.11-1~bpo9+1_amd64.deb*
> was installed. After a reboot I wasn't able to get X and could not
> detect why that was happening as xorg.log showed no errors! 
> Going back to the previous:
> Linux mcmini-4_1-deb 4.14.0-0.bpo.3-amd64 #1 SMP Debian 4.14.13-
> 1~bpo9+1 \
>(2018-01-14) x86_64 GNU/Linux
> solved the empasse.
> 
> Hope this helps.
> Regards, Ennio
> --
> [using:
> Distributor ID:   Debian
> Description:  Debian GNU/Linux 9.4 (stretch)
> Release:  9.4
> Codename: stretch]
> 
>

Re: X does not work in Debian 9.4

2018-04-21 Thread Felix Miata 
Long Wind composed on 2018-04-22 00:32 (UTC):

>  i think my monitor comply with those standards and can support default 
> setting used by X
> and your freq range have little chance of solving my problem

You don't know that if you didn't try. Something in the driver could have
changed to cause a rounding difference that differs in 9.4 from 9.3 that puts
your narrow specification out of range. You didn't provide much detail about
what the problem is, that is, what you do or did beside replacing 9.3 with 9.4
that causes it:

1-Is 9.4 an upgrade from 9.3, or a fresh installation?

2-Is it a standard systemd installation, or one that's using sysvinit?

3-Is there a displaymanager installed and running? If so, which one?

4-Are you running startx as root, or as normal user?

5-Are you including any command line options to startx? If so, which one(s)?

6-Do you get the same failure on all vttys?

7-Do you get the same failure booted to the previous kernel?

> and i'm in poor health and not energetic enough to test your solution

Anyone who has enough energy to write an email has enough energy to edit
xorg.conf and restart a PC or startx. I'm not in good health or energetic
either, but that doesn't stop me from typing an email or editing config files.

> i have a look at legacy package you mention, i'm afraid it won't help

What does that mean? Did you try? Comments near the end of
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801605 suggest it very well
might. (permissions on /usr/bin/Xorg or content of /etc/X11/Xwrapper.config
needs needs_root_rights=yes)
-- 
"Wisdom is supreme; therefore get wisdom. Whatever else you
get, get wisdom." Proverbs 4:7 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Intel - Sky Lake Processor?

2018-04-21 Thread HP Garcia 
Does any else have a Debian installed on a pc with a Intel Sky Lake
processor? Has anyone got it configured properly without any boot
errors?

Just curious.

HP Garcia

Re: Network-related Chicken and Egg Issue, attempting Install of Debian 9.4

2018-04-21 Thread Kenneth Parker 
On Sat, Apr 21, 2018 at 6:38 PM, Dan Ritter  wrote:

On Sat, Apr 21, 2018 at 03:13:09PM -0700, David Christensen wrote:
>


> > On 04/21/18 14:24, Kenneth Parker wrote:
> >
> > > One more thing:  Because of some changes, from 8 to 9, I am being
> asked to
> > > do Network Administration, with both Hands behind my Back:  Debian CD1
> > > does  *NOT*  install the ifconfig command, which I might have been
> able to
> > > use, to troubleshoot, even *FINDING* the WiFi Adapter.  Ouch!
> >
> > AFAIK ifconfig was superseded by some component of systemd.
>
> systemd may be to blame for a myriad of woes, but this is not
> one of them.
>

Speaking of SystemD, do you recommend a good book on it?  I couldn't find
one at my local Barnes & Noble.

Thank you and best regards,

Kenneth Parker
--  Conversant, but not Fluent in SystemD.

Re: X does not work in Debian 9.4

2018-04-21 Thread Felix Miata 
Felix Miata composed on 2018-04-21 16:10 (UTC-0400):

> ...If you insist on using an xorg.conf file, then express  HorizSync
> and VertRefresh as ranges instead of values. e.g. instead of

>   HorizSync   47.71
>   VertRefresh 59.79

> use

>   HorizSync   45-49
>   VertRefresh 58-62

> or

>   HorizSync   30-72
>   VertRefresh 56-80

Did you try either of the above xorg.conf changes?

Is xserver-xorg-legacy installed? If not, see if installing it helps.
-- 
"Wisdom is supreme; therefore get wisdom. Whatever else you
get, get wisdom." Proverbs 4:7 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: Network-related Chicken and Egg Issue, attempting Install of Debian 9.4

2018-04-21 Thread Kenneth Parker 
Hello David,

On Sat, Apr 21, 2018 at 6:13 PM, David Christensen <
dpchr...@holgerdanske.com> wrote:

> On 04/21/18 14:24, Kenneth Parker wrote:
>
>> ... wireless.kernel.org to download Firmware for this B43 Device.
>>
>
> My decommissioned Dell Inspiron E1505 required the same firmware.  I
> bought a replacement WiFi card in the hopes it would be better supported by
> GNU/Linux and *BSD, but can't remember if that idea worked...
>
> This is a Laptop.

>
> But how do I download something, when I have no Internet, due to this
>> "Non-Free Chipset"?
>>
>
> You need another device that can access the Internet, download the file,
> and put it onto a USB flash drive in the 'firmware' directory:
>

I went partway through that, even using Broadcom's Site and bringing a
DRIVER in.  But I'm in a Learning Curve, regarding Firmware Updates.

>
> https://www.debian.org/releases/stable/installmanual
>
> https://www.debian.org/releases/stable/amd64/ch06s04.html.en
>
> Thanks! I will read those.

>
> In other words, a long-term Linux Geek, all the way back to Debian 2.1
>> (Command Line Only, back in 2000) is stymied with something that, back
>> then
>> could easily have been fixed, by copying files from a different System,
>> via
>> Floppy Disks!   Oh well...
>>
>
> Vote with your dollars -- buy FOSS-friendly hardware.
>
> This isn't my Computer.  But Point well taken!

>
> One more thing:  Because of some changes, from 8 to 9, I am being asked to
>> do Network Administration, with both Hands behind my Back:  Debian CD1
>> does  *NOT*  install the ifconfig command, which I might have been able to
>> use, to troubleshoot, even *FINDING* the WiFi Adapter.  Ouch!
>>
>
> AFAIK ifconfig was superseded by some component of systemd.
>

It's still, temporarily available in a "deprecated package"  Net-Tools.
Since it's now marked "Optional", it's not on CD-1.  Here at home, where
I'm "Mirroring" the MacBook on Virtualbox, I will study the new "ip"
Command, and see if it can show me the  WiFi Adapter, even though it's down.

>
>
> If enough people install net-tools and popularity-contest, ifconfig(8)
> will make it to CD 1.
>

See, that was the problem:  When I needed them most, Command Line Options,
that have been around FOREVER, weren't there.  I looked like a Doofus!

Incidentally, I was unable to find a book titled "SystemD for Dummies".  I
absolutely feel like a Dummy, around *THAT*!


>
> Alternatively, try Devuan:
>
> https://devuan.org/


Thanks!  I'll install it under Virtualbox.

Alternatively, I could have used Debian 8, which is, likely still being
supported.

>
> David
>
> Kenneth Parker
--  Still feeling like a Dinosaur!

Re: Network-related Chicken and Egg Issue, attempting Install of Debian 9.4

2018-04-21 Thread Dan Ritter 
On Sat, Apr 21, 2018 at 03:13:09PM -0700, David Christensen wrote:
> On 04/21/18 14:24, Kenneth Parker wrote:
> 
> > One more thing:  Because of some changes, from 8 to 9, I am being asked to
> > do Network Administration, with both Hands behind my Back:  Debian CD1
> > does  *NOT*  install the ifconfig command, which I might have been able to
> > use, to troubleshoot, even *FINDING* the WiFi Adapter.  Ouch!
> 
> AFAIK ifconfig was superseded by some component of systemd.

systemd may be to blame for a myriad of woes, but this is not
one of them.

iproute2 showed up in wheezy-backports and was standard in
jessie. It has a more consistent syntax and offers the power of
several tools wrapped up in one executable... plus it's closer
to the syntax of several other UNIXes.

And, as you pointed out, ifconfig and route and friends are
still installable.

-dsr-

Re: Network-related Chicken and Egg Issue, attempting Install of Debian 9.4

2018-04-21 Thread Dan Ritter 
On Sat, Apr 21, 2018 at 06:07:28PM -0400, Kenneth Parker wrote:
> Thanks!  Between you and Abdullah, I believe I have, what I need, next
> window with my Friend.
> 
> Consider this "Provisionally Solved".

And now for the other thing:
 
> > > One more thing:  Because of some changes, from 8 to 9, I am being asked
> > to do Network Administration, with both Hands behind my Back:  Debian CD1
> > does  *NOT*  install the ifconfig command, which I might have been able to
> > use, to troubleshoot, even *FINDING* the WiFi Adapter.  Ouch!

Here's the basics of using the ip command:

ip link
shows and can manipulate the link-layer devices, including
wifi and ethernet NICs

ip addr
shows and can manipulate IP addressing

ip route
shows and can manipulate IP routing

ip neigh
shows and can manipulate your ARP table (or IPv6 equivalent)

Each of these can be abbreviated: "ip l", "ip a"... and each of
them has a basic help available via "ip l help" and similar.

ip l
ip a add 192.168.0.2/24 dev wlan0
ip r add default via 192.168.0.1

for example.

-dsr-

Re: Network-related Chicken and Egg Issue, attempting Install of Debian 9.4

2018-04-21 Thread David Christensen 

On 04/21/18 14:24, Kenneth Parker wrote:

... wireless.kernel.org to download Firmware for this B43 Device.


My decommissioned Dell Inspiron E1505 required the same firmware.  I 
bought a replacement WiFi card in the hopes it would be better supported 
by GNU/Linux and *BSD, but can't remember if that idea worked...




But how do I download something, when I have no Internet, due to this
"Non-Free Chipset"?


You need another device that can access the Internet, download the file, 
and put it onto a USB flash drive in the 'firmware' directory:


https://www.debian.org/releases/stable/installmanual

https://www.debian.org/releases/stable/amd64/ch06s04.html.en



In other words, a long-term Linux Geek, all the way back to Debian 2.1
(Command Line Only, back in 2000) is stymied with something that, back then
could easily have been fixed, by copying files from a different System, via
Floppy Disks!   Oh well...


Vote with your dollars -- buy FOSS-friendly hardware.



One more thing:  Because of some changes, from 8 to 9, I am being asked to
do Network Administration, with both Hands behind my Back:  Debian CD1
does  *NOT*  install the ifconfig command, which I might have been able to
use, to troubleshoot, even *FINDING* the WiFi Adapter.  Ouch!


AFAIK ifconfig was superseded by some component of systemd.


If enough people install net-tools and popularity-contest, ifconfig(8) 
will make it to CD 1.



Alternatively, try Devuan:

https://devuan.org/


David

Re: Network-related Chicken and Egg Issue, attempting Install of Debian 9.4

2018-04-21 Thread Kenneth Parker 
Thanks!  Between you and Abdullah, I believe I have, what I need, next
window with my Friend.

Consider this "Provisionally Solved".

Best Regards,

Kenneth Parker

On Sat, Apr 21, 2018 at 5:49 PM, Rick Thomas  wrote:

> Hi Kenneth,
>
> Have a look at
> http://cdimage.debian.org/cdimage/unofficial/non-free/
> cd-including-firmware/
> You may find something there that will fit your situation…
>
> Enjoy!
> Rick
>
> On Apr 21, 2018, at 2:24 PM, Kenneth Parker  wrote:
>
> > Hello,
> >
> > I am helping a Friend install Debian 9.4 to an old, Intel Macbook, where
> the only Internet access is through a Broadcom BCM4322 Wifi Chip.  I got as
> far as installing the Debian 9.4 CD-1, but couldn't get the Network up.
> >
> > It seems that Debian doesn't wish to support "Non-Free" hardware, and
> wants me to visit wireless.kernel.org to download Firmware for this B43
> Device.
> >
> > But how do I download something, when I have no Internet, due to this
> "Non-Free Chipset"?
> >
> > In other words, a long-term Linux Geek, all the way back to Debian 2.1
> (Command Line Only, back in 2000) is stymied with something that, back then
> could easily have been fixed, by copying files from a different System, via
> Floppy Disks!   Oh well...
> >
> > 
> >
> > One more thing:  Because of some changes, from 8 to 9, I am being asked
> to do Network Administration, with both Hands behind my Back:  Debian CD1
> does  *NOT*  install the ifconfig command, which I might have been able to
> use, to troubleshoot, even *FINDING* the WiFi Adapter.  Ouch!
> >
> > 
> >
> > Has anybody else been able to get the Non-Free WiFi Drivers and Firmware
> to work, using "Sneaker Net" (manually carrying stuff between two
> computers)?
> >
> > 
> >
> > Thank You and Best Regards,
> >
> > Kenneth Parker
> > ---  Linux Dinosaur, since Yggdrasil Plug and Play Linux
>
>

Re: Network-related Chicken and Egg Issue, attempting Install of Debian 9.4

2018-04-21 Thread Rick Thomas 
Hi Kenneth,

Have a look at
http://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/
You may find something there that will fit your situation…

Enjoy!
Rick

On Apr 21, 2018, at 2:24 PM, Kenneth Parker  wrote:

> Hello,
> 
> I am helping a Friend install Debian 9.4 to an old, Intel Macbook, where the 
> only Internet access is through a Broadcom BCM4322 Wifi Chip.  I got as far 
> as installing the Debian 9.4 CD-1, but couldn't get the Network up.
> 
> It seems that Debian doesn't wish to support "Non-Free" hardware, and wants 
> me to visit wireless.kernel.org to download Firmware for this B43 Device.
> 
> But how do I download something, when I have no Internet, due to this 
> "Non-Free Chipset"?
> 
> In other words, a long-term Linux Geek, all the way back to Debian 2.1 
> (Command Line Only, back in 2000) is stymied with something that, back then 
> could easily have been fixed, by copying files from a different System, via 
> Floppy Disks!   Oh well...
> 
> 
> 
> One more thing:  Because of some changes, from 8 to 9, I am being asked to do 
> Network Administration, with both Hands behind my Back:  Debian CD1 does  
> *NOT*  install the ifconfig command, which I might have been able to use, to 
> troubleshoot, even *FINDING* the WiFi Adapter.  Ouch!
> 
> 
> 
> Has anybody else been able to get the Non-Free WiFi Drivers and Firmware to 
> work, using "Sneaker Net" (manually carrying stuff between two computers)?  
> 
> 
> 
> Thank You and Best Regards,
> 
> Kenneth Parker
> ---  Linux Dinosaur, since Yggdrasil Plug and Play Linux

Re: encryption

2018-04-21 Thread David Christensen 

On 04/21/18 12:10, Brian wrote:

On Sat 21 Apr 2018 at 13:54:03 -0500, David Wright wrote:


On Sat 21 Apr 2018 at 19:14:06 (+0100), Brian wrote:

On Sat 21 Apr 2018 at 11:36:05 -0500, David Wright wrote:


On Fri 20 Apr 2018 at 20:38:48 (+0100), Brian wrote:

T have a script. It contains an important password.


If you   cat /usr/local/bin/myscript   do you see your important
password on the screen?


With the unencrypted file - yes. With the encrypted file -no.



I have encrypted the script with

   scrypt [enc] -t 10 /usr/local/bin/myscript

I can, of course, decrypt it with

   scrypt dec /usr/local/bin/myscript

and then execute the script.

The two last steps have been combined into

   DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT"

Should I have any more concerns with this command than I have with the
two-step process?


If so, then won't the password be revealed by ps while eval is
evaluating it?


I do not know the most efficacious way to see the ps output in real time
as eval runs. With a bit of trial and error (scrypt is slow enough to
switch to another console and use ps) I captured

23266 pts/7R+ 0:00 mpw -q -F -M 
  -t railcard

in its output. mpw is the basic command executed by myscript. Switches
are shown but not parameters. -M is the very important one. The gap
would be occupied by the passphrase.

Is it possible that ps output does not show parameters to switches?


Not AFAIK. Here, I can see lines in the list such as:


Then I do not understand why paramters are not shown. 


Probably because you did not provide the -f option to ps(1).


When discussing console commands, it is best to cut and paste complete 
console sessions into your post -- prompts, commands entered, and all 
output produced.  Redact sensitive information as needed.




Maybe they come
later in the output? I can forsee a few sleepness nights trying to
figure this out. :)


Type:

$ man ps


See the section 'OUTPUT FORMAT CONTROL'



At this juncture it appears I should have no worries about ps revealing
the secret.


Incorrect.  If a password is passed via a command-line option, 'ps -f' 
will reveal the password.



ccrypt(1) provides the -E (--envvar) option for providing the name of an 
environment variable containing the keyword to prevent this vulnerability:


https://manpages.debian.org/stretch/ccrypt/ccrypt.1.en.html

https://packages.debian.org/search?suite=all=all=any=names=ccrypt


David

Network-related Chicken and Egg Issue, attempting Install of Debian 9.4

2018-04-21 Thread Kenneth Parker 
Hello,

I am helping a Friend install Debian 9.4 to an old, Intel Macbook, where
the only Internet access is through a Broadcom BCM4322 Wifi Chip.  I got as
far as installing the Debian 9.4 CD-1, but couldn't get the Network up.

It seems that Debian doesn't wish to support "Non-Free" hardware, and wants
me to visit wireless.kernel.org to download Firmware for this B43 Device.

But how do I download something, when I have no Internet, due to this
"Non-Free Chipset"?

In other words, a long-term Linux Geek, all the way back to Debian 2.1
(Command Line Only, back in 2000) is stymied with something that, back then
could easily have been fixed, by copying files from a different System, via
Floppy Disks!   Oh well...



One more thing:  Because of some changes, from 8 to 9, I am being asked to
do Network Administration, with both Hands behind my Back:  Debian CD1
does  *NOT*  install the ifconfig command, which I might have been able to
use, to troubleshoot, even *FINDING* the WiFi Adapter.  Ouch!



Has anybody else been able to get the Non-Free WiFi Drivers and Firmware to
work, using "Sneaker Net" (manually carrying stuff between two computers)?



Thank You and Best Regards,

Kenneth Parker
---  Linux Dinosaur, since Yggdrasil Plug and Play Linux

Re: encryption

2018-04-21 Thread David Christensen 

On 04/21/18 11:14, Brian wrote:

On Sat 21 Apr 2018 at 11:36:05 -0500, David Wright wrote:

If so, then won't the password be revealed by ps while eval is
evaluating it?


I do not know the most efficacious way to see the ps output in real time
as eval runs. With a bit of trial and error (scrypt is slow enough to
switch to another console and use ps) I captured

23266 pts/7R+ 0:00 mpw -q -F -M 
  -t railcard

in its output. mpw is the basic command executed by myscript. Switches
are shown but not parameters. -M is the very important one. The gap
would be occupied by the passphrase.

Is it possible that ps output does not show parameters to switches?


The -f option for ps(1) appears to display options and option values:

2018-04-21 13:47:04 dpchrist@vstretch ~/sandbox/sh
$ cat /etc/debian_version
9.4

2018-04-21 13:47:06 dpchrist@vstretch ~/sandbox/sh
$ uname -a
Linux vstretch 4.9.0-6-amd64 #1 SMP Debian 4.9.82-1+deb9u3 (2018-03-02) 
x86_64 GNU/Linux


2018-04-21 13:47:09 dpchrist@vstretch ~/sandbox/sh
$ cat ps-option-values
perl -e '$| = 1; print "hello\n"; sleep 3; print "world!\n"' &
ps $@

2018-04-21 13:47:11 dpchrist@vstretch ~/sandbox/sh
$ dash ps-option-values -f
hello
UIDPID  PPID  C STIME TTY  TIME CMD
dpchrist  1681  1268  0 11:42 pts/100:00:00 -bash
dpchrist  3276  1681  0 13:47 pts/100:00:00 dash ps-option-values -f
dpchrist  3277  3276  0 13:47 pts/100:00:00 perl -e $| = 1; print 
"hello\n"; sleep 3; print "world!\n"

dpchrist  3278  3276  0 13:47 pts/100:00:00 ps -f

2018-04-21 13:47:13 dpchrist@vstretch ~/sandbox/sh
$ world!


2018-04-21 13:47:17 dpchrist@vstretch ~/sandbox/sh
$ bash ps-option-values -f
hello
UIDPID  PPID  C STIME TTY  TIME CMD
dpchrist  1681  1268  0 11:42 pts/100:00:00 -bash
dpchrist  3285  1681  0 13:47 pts/100:00:00 bash ps-option-values -f
dpchrist  3286  3285  0 13:47 pts/100:00:00 perl -e $| = 1; print 
"hello\n"; sleep 3; print "world!\n"

dpchrist  3287  3285  0 13:47 pts/100:00:00 ps -f

2018-04-21 13:47:20 dpchrist@vstretch ~/sandbox/sh
$ world!


David

Re: encryption

2018-04-21 Thread David Christensen 

On 04/21/18 09:51, Glenn English wrote:

That's two recommendations for putting the secret in a separate file;


Or how about creating that file, copying it to a CD or USB stick,
hanging it on the wall, clearing out the directory, then mounting it
when you want to use it.


Moving the encrypted file a removable media reduces the amount of time 
an adversary can potentially access the file.



zerofree can eliminate the leftover bytes of the original plaintext file 
and the original encrypted file:


https://manpages.debian.org/stretch/zerofree/zerofree.8.en.html

https://packages.debian.org/search?keywords=zerofree=names=all=all


encfs does both mounting and encryption.  It is very convenient to use 
with a USB flash drive:


https://manpages.debian.org/stretch/encfs/encfs.1.en.html

https://packages.debian.org/search?suite=all=all=any=names=encfs


Plus, encfs uses FUSE.  FUSE file systems can only be access by the user 
who mounted them; even root is blocked.  (But, you must consider 
attackers who can log in to your UID and/or install daemons running 
under your UID.)



David

Re: A Question about a supposedly missing file

2018-04-21 Thread Roberto C . Sánchez 
On Sat, Apr 21, 2018 at 12:46:37PM -0400, Stephen P. Molnar wrote:
> I have installed a GUI for some of my modeling programs
> (http://www.quimica.urv.cat/~pujadas/BDT) on my Debian Stretch platform.
> 
> While there were no warning or error messages during the installation when I
> attempt execution I get the following:
> 
> comp@AbNormal:~/Apps/BDT$ ./bdt
> /usr/local/gromacs/lib:/opt/mopac
> ./bdt.exec: error while loading shared libraries: libtcl8.4.so.0: cannot
> open shared object file: No such file or directory
> comp@AbNormal:~/Apps/BDT$
> 
> The supposedly missing file is in /home/comp/Apps/BDT/tools/tcl-tk8.4/lib.
> How do I go about solving this problem?
> 
I'll bet that bdt is a shell script and it does some trickery with
setting LD_LIBRARY_PATH. Can you post the contents of bdt (assuming it
is a shell script and not too long)? Further, I suspect that bdt.exec is
the actual binary. If that is the case, can you post the output of
`ldd ./bdt.exec`?

Since tcl8.4 was last available in jessie [0], you most likely have an
incomplete application distribution. Or it depends on you installing
tcl8.4 from system packages and you will need to grab a jessie package
and install it on your system, or possibly rebuild it (in case the
dependencies don't work out exactly correct).

Regards,

-Roberto

[0] 
https://packages.debian.org/search?suite=jessie=contents=libtcl8.4.so.0

-- 
Roberto C. Sánchez

Re: X does not work in Debian 9.4

2018-04-21 Thread Felix Miata 
Long Wind composed on 2018-04-21 19:42 (UTC):

> i don't think deleting xorg.conf will help

I think it could and probably would.

> the xorg.conf works in stretch 9.3
> i created it to set resolution/freq of monitor
> it's quite simple, do you see any option in xorg.conf that might cause 
> trouble?

Yes I do think yours might. I think you should read about HorizSync &
VertRefresh in the xorg.conf man page again. While you are there, read about
PreferredMode. If you insist on using an xorg.conf file, then express  HorizSync
and VertRefresh as ranges instead of values. e.g. instead of

HorizSync   47.71
VertRefresh 59.79

use

HorizSync   45-49
VertRefresh 58-62

or

HorizSync   30-72
VertRefresh 56-80

I have ATI Radeon 7500, which is about a year older than your Radeon XPRESS 200,
at least a full generation older. It works just fine @1680x1050 on Debian
Stretch 9.4 without any xorg.conf file:

$ xrandr
Screen 0: minimum 320 x 200, current 1680 x 1050, maximum 4096 x 4096
VGA-0 connected primary 1680x1050+0+0 (normal left inverted right x axis y axis)
474mm x 296mm
   1680x1050 59.97*+  74.89
   1600x1000 60.01
   1280x1024 75.0272.0560.02
   1440x900  74.9859.89
   1152x864  75.00
   1024x768  75.0370.0760.00
   800x600   72.1975.0060.32
   640x480   75.0072.8166.6759.94
   720x400   70.08
S-video disconnected (normal left inverted right x axis y axis)
$ cat /etc/X11/xorg.conf
cat: /etc/X11/xorg.conf: No such file or directory
$ cat /etc/debian_version
9.4
-- 
"Wisdom is supreme; therefore get wisdom. Whatever else you
get, get wisdom." Proverbs 4:7 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: encryption

2018-04-21 Thread David Christensen 

On 04/20/18 12:38, Brian wrote:

DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT"


On 04/21/18 09:36, David Wright wrote:
If so, then won't the password be revealed by ps while eval is 
evaluating it?


Apparently, not:

2018-04-21 13:02:16 dpchrist@vstretch ~/sandbox/sh
$ cat environment-var-ps
CMD="echo hello" && eval "$CMD" && sleep 3 && echo world! &
ps -f

2018-04-21 13:02:18 dpchrist@vstretch ~/sandbox/sh
$ dash environment-var-ps
hello
UIDPID  PPID  C STIME TTY  TIME CMD
dpchrist  1681  1268  0 11:42 pts/100:00:00 -bash
dpchrist  2541  1681  0 13:02 pts/100:00:00 dash environment-var-ps
dpchrist  2542  2541  0 13:02 pts/100:00:00 dash environment-var-ps
dpchrist  2543  2541  0 13:02 pts/100:00:00 ps -f
dpchrist  2544  2542  0 13:02 pts/100:00:00 sleep 3

2018-04-21 13:02:21 dpchrist@vstretch ~/sandbox/sh
$ world!


2018-04-21 13:03:03 dpchrist@vstretch ~/sandbox/sh
$ bash environment-var-ps
hello
UIDPID  PPID  C STIME TTY  TIME CMD
dpchrist  1681  1268  0 11:42 pts/100:00:00 -bash
dpchrist  2556  1681  0 13:03 pts/100:00:00 bash environment-var-ps
dpchrist  2557  2556  0 13:03 pts/100:00:00 bash environment-var-ps
dpchrist  2558  2556  0 13:03 pts/100:00:00 ps -f
dpchrist  2559  2557  0 13:03 pts/100:00:00 sleep 3

2018-04-21 13:03:05 dpchrist@vstretch ~/sandbox/sh
$ world!


David

Re: encryption

2018-04-21 Thread David Christensen 

On 04/21/18 08:38, john doe wrote:

Here's the code I used to let a script prompt for a password:

read -s -p "Enter password: "
[ $? -ne 0 ] && exit 1


Note that the above 'read' command will operate differently on Dash and 
on Bash:


2018-04-21 12:53:27 dpchrist@vstretch ~/sandbox/sh
$ cat read
read -s -p "Enter password: "
[ $? -ne 0 ] && exit 1
echo
echo $REPLY

2018-04-21 12:54:03 dpchrist@vstretch ~/sandbox/sh
$ dash read
read: 1: read: Illegal option -s

2018-04-21 12:54:06 dpchrist@vstretch ~/sandbox/sh
$ bash read
Enter password:
secret


Shell scripts using lowest-common denominator Bourne shell syntax are 
the most portable.  When I start getting fancy with Bash, I switch to Perl.



David

Re: X does not work in Debian 9.4

2018-04-21 Thread Long Wind 
 Thanks!
when i install 9.4, security update is automatically installed
i suspect security update is  cause of trouble
in 9.3 i don't have security update 

On Sunday, April 22, 2018, 2:18:21 AM GMT+8, Ennio-Sr  
wrote:  
 
 * Long Wind  [210418, 10:26]:
>  Thanks, my card is old, but it should work and it work in 9.3
> i don't think changing resolution/depth will help
> the setting is same as in stretch 9.3
> resolution/freq are recommended by monitor's manual
> [...]

Hi Francisco,
yesterday I had a similar problem: during an 'apt-get upgrade' a new
*linux-image-4.15.0-0.bpo.2-amd64_4.15.11-1~bpo9+1_amd64.deb*
was installed. After a reboot I wasn't able to get X and could not
detect why that was happening as xorg.log showed no errors! 
Going back to the previous:
Linux mcmini-4_1-deb 4.14.0-0.bpo.3-amd64 #1 SMP Debian 4.14.13-1~bpo9+1 \
  (2018-01-14) x86_64 GNU/Linux
solved the empasse.

Hope this helps.
Regards, Ennio
--
[using:
Distributor ID:    Debian
Description:    Debian GNU/Linux 9.4 (stretch)
Release:    9.4
Codename:    stretch]


-- 
[Perche' usare Win$ozz (dico io) se ..."anche uno sciocco sa farlo.  \\?//
 Fa' qualche cosa di cui non sei capace!"  (diceva Henry Miller) ]    (°|°)
[Why use Win$ozz (I say) if ... "even a fool can do that.              )=(
 Do something you aren't good at!" (as Henry Miller used to say) ]

Re: encryption

2018-04-21 Thread David Christensen 


On 04/21/18 08:20, Brian wrote:

On Fri 20 Apr 2018 at 17:07:10 -0700, David Christensen wrote:

On 04/20/18 12:38, Brian wrote:

T have a script. It contains an important password.
I have encrypted the script [using scrypt] ...
I ... decrypt it ...

[and redirect the plaintext] to a file ...
The redirected file was executed with 'eval'.


In general, evaluating a script is not the same as piping a script to a 
shell program.  In the former case, I believe the script runs within the 
caller's environment.  This means the script can modify the caller's 
environment.  In the latter case, I believe the script gets its own, 
isolated environment (possibly with security enhancements, depending 
upon the shell program).  I would choose the latter.



>> As scrypt is going to prompt you for a passphrase anyway, why don't
>> you leave the script unencrypted and revise it to prompt for the
>> "important password"?

Please comment.



The two last steps have been combined into

DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT"

Should I have any more concerns with this command than I have with the
two-step process?

If the script is too big to fit in an environment variable, that would be a
problem.

That passed through my mind. The script is 73 lines and, fortunately.
does fit. Putting the secret in a separate file is, however, a good way
to avoid [the problem of exceeding the size limit of an environment variable] 
and the one of having trouble evaluating the
variable.


In general, evaluating a file and assigning the result into a variable 
is not the same as reading a file and assigning the contents into a 
variable.  I would choose the latter.



Moving the important password from an encrypted script to a plaintext 
file protected only by Unix file system permissions is more 
conventional, but provides less security.



The conventional solution is to prompt the user for passwords and to 
only store hashes on the computer (for verifying the passwords entered).




I prototyped with gpg but ended up with scrypt because it is memory-hard
and slow to decrypt. That seemed to be an advantage; the decryption
passphrase could afford to be shorter and not give users here too much
to remember or type. I'll certainly take a look at what you suggest,
though.

That's two recommendations for putting the secret in a separate file;
I'll follow the advice. My concern was missing some important security
implication but that doesn't appear to be the case. Thanks to Greg
Wooledge and yourself.



My recommendation is to prompt users for passwords.


If you have a program which requires a password to run, you want 
multiple people to be able to run that program, but you want each person 
to have a different password, the best solution would be to add 
multi-user password support to the program.



David

Re: X does not work in Debian 9.4

2018-04-21 Thread Long Wind 
Thanks! but i don't think deleting xorg.conf will help

the xorg.conf works in stretch 9.3
i created it to set resolution/freq of monitor
it's quite simple, do you see any option in xorg.conf that might cause trouble?

On Sunday, April 22, 2018, 2:28:55 AM GMT+8, David Wright 
 wrote:  
 
 On Sat 21 Apr 2018 at 01:48:15 (+), Long Wind wrote:
> X works in 9.3, it doesn't in 9.4
> i attach log and conf files

My first reaction would be to hide the xorg.conf file and see what X
can do when left to its own devices (no pun intended).

BTW what's you xorg.conf designed to achieve?

Cheers,
David.

Re: encryption

2018-04-21 Thread Brian 
On Sat 21 Apr 2018 at 13:54:03 -0500, David Wright wrote:

> On Sat 21 Apr 2018 at 19:14:06 (+0100), Brian wrote:
> > On Sat 21 Apr 2018 at 11:36:05 -0500, David Wright wrote:
> > 
> > > On Fri 20 Apr 2018 at 20:38:48 (+0100), Brian wrote:
> > > > T have a script. It contains an important password.
> > > 
> > > If you   cat /usr/local/bin/myscript   do you see your important
> > > password on the screen?
> > 
> > With the unencrypted file - yes. With the encrypted file -no.
> > > 
> > > > I have encrypted the script with
> > > > 
> > > >   scrypt [enc] -t 10 /usr/local/bin/myscript
> > > > 
> > > > I can, of course, decrypt it with
> > > > 
> > > >   scrypt dec /usr/local/bin/myscript
> > > > 
> > > > and then execute the script.
> > > > 
> > > > The two last steps have been combined into
> > > > 
> > > >   DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT"
> > > > 
> > > > Should I have any more concerns with this command than I have with the
> > > > two-step process?
> > > 
> > > If so, then won't the password be revealed by ps while eval is
> > > evaluating it?
> > 
> > I do not know the most efficacious way to see the ps output in real time
> > as eval runs. With a bit of trial and error (scrypt is slow enough to
> > switch to another console and use ps) I captured
> > 
> > 23266 pts/7R+ 0:00 mpw -q -F -M 
> >   -t railcard
> > 
> > in its output. mpw is the basic command executed by myscript. Switches
> > are shown but not parameters. -M is the very important one. The gap
> > would be occupied by the passphrase.
> > 
> > Is it possible that ps output does not show parameters to switches?
> 
> Not AFAIK. Here, I can see lines in the list such as:

Then I do not understand why paramters are not shown. Maybe they come
later in the output? I can forsee a few sleepness nights trying to
figure this out. :)

At this juncture it appears I should have no worries about ps revealing
the secret.

>  1247 ?Ss 0:00 wpa_supplicant -B -i wlp2s0 -c 
> /var/lib/wicd/configurations/44xxfcxx -Dwext
>  1706 tty1 S  0:00 xterm -geometry 110x38+0+0 -fn neep-iso10646-1-18 -xrm 
> *Page: 3 1
> 
> As you can see, I've mangled the MAC of my router that would be revealed 
> otherwise.
> 
> And I wouldn't like to rely on winning a race with ps to avoid capture
> of information exposed in my command lines.

I am not after winning any races but (seeing as you brought the issue
up) knowing whether ps sees my secret and how to go about finding that
out.

-- 
Brian.

Re: encryption

2018-04-21 Thread David Wright 
On Sat 21 Apr 2018 at 19:14:06 (+0100), Brian wrote:
> On Sat 21 Apr 2018 at 11:36:05 -0500, David Wright wrote:
> 
> > On Fri 20 Apr 2018 at 20:38:48 (+0100), Brian wrote:
> > > T have a script. It contains an important password.
> > 
> > If you   cat /usr/local/bin/myscript   do you see your important
> > password on the screen?
> 
> With the unencrypted file - yes. With the encrypted file -no.
> > 
> > > I have encrypted the script with
> > > 
> > >   scrypt [enc] -t 10 /usr/local/bin/myscript
> > > 
> > > I can, of course, decrypt it with
> > > 
> > >   scrypt dec /usr/local/bin/myscript
> > > 
> > > and then execute the script.
> > > 
> > > The two last steps have been combined into
> > > 
> > >   DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT"
> > > 
> > > Should I have any more concerns with this command than I have with the
> > > two-step process?
> > 
> > If so, then won't the password be revealed by ps while eval is
> > evaluating it?
> 
> I do not know the most efficacious way to see the ps output in real time
> as eval runs. With a bit of trial and error (scrypt is slow enough to
> switch to another console and use ps) I captured
> 
> 23266 pts/7R+ 0:00 mpw -q -F -M   
> -t railcard
> 
> in its output. mpw is the basic command executed by myscript. Switches
> are shown but not parameters. -M is the very important one. The gap
> would be occupied by the passphrase.
> 
> Is it possible that ps output does not show parameters to switches?

Not AFAIK. Here, I can see lines in the list such as:

 1247 ?Ss 0:00 wpa_supplicant -B -i wlp2s0 -c 
/var/lib/wicd/configurations/44xxfcxx -Dwext
 1706 tty1 S  0:00 xterm -geometry 110x38+0+0 -fn neep-iso10646-1-18 -xrm 
*Page: 3 1

As you can see, I've mangled the MAC of my router that would be revealed 
otherwise.

And I wouldn't like to rely on winning a race with ps to avoid capture
of information exposed in my command lines.

Cheers,
David.

Re: X does not work in Debian 9.4

2018-04-21 Thread David Wright 
On Sat 21 Apr 2018 at 01:48:15 (+), Long Wind wrote:
> X works in 9.3, it doesn't in 9.4
> i attach log and conf files

My first reaction would be to hide the xorg.conf file and see what X
can do when left to its own devices (no pun intended).

BTW what's you xorg.conf designed to achieve?

Cheers,
David.

Re: X does not work in Debian 9.4

2018-04-21 Thread Ennio-Sr 
* Long Wind  [210418, 10:26]:
>  Thanks, my card is old, but it should work and it work in 9.3
> i don't think changing resolution/depth will help
> the setting is same as in stretch 9.3
> resolution/freq are recommended by monitor's manual
> [...]

Hi Francisco,
yesterday I had a similar problem: during an 'apt-get upgrade' a new
*linux-image-4.15.0-0.bpo.2-amd64_4.15.11-1~bpo9+1_amd64.deb*
was installed. After a reboot I wasn't able to get X and could not
detect why that was happening as xorg.log showed no errors! 
Going back to the previous:
Linux mcmini-4_1-deb 4.14.0-0.bpo.3-amd64 #1 SMP Debian 4.14.13-1~bpo9+1 \
   (2018-01-14) x86_64 GNU/Linux
solved the empasse.

Hope this helps.
Regards, Ennio
--
[using:
Distributor ID: Debian
Description:Debian GNU/Linux 9.4 (stretch)
Release:9.4
Codename:   stretch]


-- 
[Perche' usare Win$ozz (dico io) se ..."anche uno sciocco sa farlo.   \\?//
 Fa' qualche cosa di cui non sei capace!"  (diceva Henry Miller) ](°|°)
[Why use Win$ozz (I say) if ... "even a fool can do that.  )=(
 Do something you aren't good at!" (as Henry Miller used to say) ]

Re: encryption

2018-04-21 Thread Brian 
On Sat 21 Apr 2018 at 11:36:05 -0500, David Wright wrote:

> On Fri 20 Apr 2018 at 20:38:48 (+0100), Brian wrote:
> > T have a script. It contains an important password.
> 
> If you   cat /usr/local/bin/myscript   do you see your important
> password on the screen?

With the unencrypted file - yes. With the encrypted file -no.
> 
> > I have encrypted the script with
> > 
> >   scrypt [enc] -t 10 /usr/local/bin/myscript
> > 
> > I can, of course, decrypt it with
> > 
> >   scrypt dec /usr/local/bin/myscript
> > 
> > and then execute the script.
> > 
> > The two last steps have been combined into
> > 
> >   DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT"
> > 
> > Should I have any more concerns with this command than I have with the
> > two-step process?
> 
> If so, then won't the password be revealed by ps while eval is
> evaluating it?

I do not know the most efficacious way to see the ps output in real time
as eval runs. With a bit of trial and error (scrypt is slow enough to
switch to another console and use ps) I captured

23266 pts/7R+ 0:00 mpw -q -F -M 
  -t railcard

in its output. mpw is the basic command executed by myscript. Switches
are shown but not parameters. -M is the very important one. The gap
would be occupied by the passphrase.

Is it possible that ps output does not show parameters to switches?

-- 
Brian.

Re: mkisofs

2018-04-21 Thread Thomas Schmitt 
Hi,

Leandro Noferini wrote:
> libisofs: WARNING : Cannot add /doc/FAQ/html/index.html to Joliet tree. 
> Symlinks can only be added to a Rock Ridge tree.

This is a justified warning. Joliet cannot represent symbolic links or
other non-data file types.
To our luck Joliet is not used during booting or when the ISO is mounted
by a Linux kernel without option "-o norock". So its not a problem.


> And the resulting image does not work.

See my previous mail
  Date: Sat, 21 Apr 2018 19:32:31 +0200
  https://lists.debian.org/debian-user/2018/04/msg00572.html
for questions and proposals around this.


> Now I will search some documentation about mkisofs trying to understand
> the options in the original command to reproduce with xorriso.

You created about what a Debian 5 ISO had as boot equipment:
  https://wiki.debian.org/RepackBootableISO#amd64_release_5.0.4
It will work only with CD, DVD, or BD media.

If you began with a Debian 9 ISO for i386 or amd64, then have a look at
  
https://wiki.debian.org/RepackBootableISO#Determine_those_options_which_need_to_be_adapted
This will work from USB stick, memory card, or hard disk, if you put it onto
them by a shell command like the "cp" or the "dd" at
  https://www.debian.org/CD/faq/#write-usb

---

If nothing works with your headless machine, then try what happens if
you use the medium with a computer that can show graphics. Maybe it
boots but the bootloader or the debian-installer still wait for some
user interaction.


Have a nice day :)

Thomas

Re: mkisofs (was: Installer image for installation via ssh)

2018-04-21 Thread Thomas Schmitt 
Hi,

Curt wrote:
> > > > http://www.sgvulcan.com/2010/01/06/installing-debian-using-only-ssh/

Leandro Noferini wrote:
> > > mkisofs -o ../custom_install.iso -r -J -no-emul-boot -boot-load-size 4
> > > -boot-info-table -b isolinux/isolinux.bin -c isolinux/boot.cat ../isonew

Steve McIntyre wrote:
> > genisoimage should be an exact drop-in replacement for mkisofs

Leandro Noferini wrote:
> genisoimage worked as mkisofs but the resulting image does not boot.

silviu writes at www.sgvulcan.com
  "Your headless machine should already be set to boot of cd if one
   is present, otherwise it will not work."
  "The image you just obtained is ready to burn."

So does your headless machine have a CD-ROM (or DVD, or Blu-ray) drive
from which it is set to boot if a bootable medium is present ?

If you try this from USB stick, hard disk, or memory card, then you need
to specially prepare the ISO before putting it onto the storage device.
In above case, a run of program "isohybrid" from package "syslinux-utils".
Just run

  isohybrid custom_install.iso


I just finished the initial text of a wiki page about the step of
packing up a Debian ISO without losing any of its boot capabilities.
  https://wiki.debian.org/RepackBootableISO


Have a nice day :)

Thomas

Re: encryption

2018-04-21 Thread Glenn English 
> That's two recommendations for putting the secret in a separate file;

Or how about creating that file, copying it to a CD or USB stick,
hanging it on the wall, clearing out the directory, then mounting it
when you want to use it.

-- 
Glenn English

A Question about a supposedly missing file

2018-04-21 Thread Stephen P. Molnar 
I have installed a GUI for some of my modeling programs 
(http://www.quimica.urv.cat/~pujadas/BDT) on my Debian Stretch platform.


While there were no warning or error messages during the installation 
when I attempt execution I get the following:


comp@AbNormal:~/Apps/BDT$ ./bdt
/usr/local/gromacs/lib:/opt/mopac
./bdt.exec: error while loading shared libraries: libtcl8.4.so.0: cannot 
open shared object file: No such file or directory

comp@AbNormal:~/Apps/BDT$

The supposedly missing file is in 
/home/comp/Apps/BDT/tools/tcl-tk8.4/lib.  How do I go about solving this 
problem?


Please advise.

Thanks in advance.

--
Stephen P. Molnar, Ph.D.
Consultant
www.molecular-modeling.net
(614)312-7528 (c)
Skype: smolnar1

Re: encryption

2018-04-21 Thread David Wright 
On Fri 20 Apr 2018 at 20:38:48 (+0100), Brian wrote:
> T have a script. It contains an important password.

If you   cat /usr/local/bin/myscript   do you see your important
password on the screen?

> I have encrypted the script with
> 
>   scrypt [enc] -t 10 /usr/local/bin/myscript
> 
> I can, of course, decrypt it with
> 
>   scrypt dec /usr/local/bin/myscript
> 
> and then execute the script.
> 
> The two last steps have been combined into
> 
>   DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT"
> 
> Should I have any more concerns with this command than I have with the
> two-step process?

If so, then won't the password be revealed by ps while eval is
evaluating it?

Cheers,
David.

Re: mkisofs

2018-04-21 Thread Leandro Noferini 
Steve McIntyre  writes:


[...]

>>mkisofs -o ../custom_install.iso -r -J -no-emul-boot -boot-load-size 4
>>-boot-info-table -b isolinux/isolinux.bin -c isolinux/boot.cat ../isonew

[...]

> genisoimage should be an exact drop-in replacement for mkisofs, or you
> can also use xorriso with the same arguments so long as you use "-as
> mkisofs" as an argument first. (That's what we do for debian-cd.)

genisoimage worked as mkisofs but the resulting image does not boot.

Further investigations, I hope to do!

-- 
Ciao
leandro
http://6xukrlqedfabdjrb.onion/blog/
Alla bellezza preferisco la verità.
E il dubbio è l'unità di misura.


signature.asc
Description: PGP signature

Re: mkisofs

2018-04-21 Thread Leandro Noferini 
Cindy-Sue Causey  writes:


[...]

>> mkisofs -o ../custom_install.iso -r -J -no-emul-boot -boot-load-size 4
>> -boot-info-table -b isolinux/isolinux.bin -c isolinux/boot.cat ../isonew

[...]

> I've had some mostly bad luck in this topic (relative to messing
> around with virtual machines), BUT... I did learn that you can do
> something like:
>
> xorriso -as mkisofs

I tried but this command

xorriso -as mkisofs -o ../custom_install.iso -r -J -no-emul-boot
-boot-load-size 4 -boot-info-table -b isolinux/isolinux.bin -c
isolinux/boot.cat ./isonew

but gives some errors about symlinks and RockRidge extensione, errors
like this:

libisofs: WARNING : Cannot add /doc/FAQ/html/index.html to Joliet
tree. Symlinks can only be added to a Rock Ridge tree.

And the resulting image does not work.

Now I will search some documentation about mkisofs trying to understand
the options in the original command to reproduce with xorriso.

> Try researching that and see if you can find something that does what
> you're trying to do. You might need to drop the hyphen (-) in searches
> because that sometimes tells search engines you do NOT want that word
> when you DO want it included in this particular search. :)

Thanks!

-- 
Ciao
leandro
http://6xukrlqedfabdjrb.onion/blog/
Alla bellezza preferisco la verità.
E il dubbio è l'unità di misura.


signature.asc
Description: PGP signature

Re: encryption

2018-04-21 Thread john doe 

On 4/21/2018 5:20 PM, Brian wrote:

On Fri 20 Apr 2018 at 17:07:10 -0700, David Christensen wrote:


On 04/20/18 12:38, Brian wrote:

T have a script. It contains an important password.

I have encrypted the script with

scrypt dec -t 10 /usr/local/bin/myscript


Looking at:

http://manpages.org/scrypt


That command decrypts /usr/local/bin/myscript (and I don't know if the -t
option is valid for decryption).


A typo. It should be "enc", not "dec".
  

I can, of course, decrypt it with

scrypt dec /usr/local/bin/myscript


Assuming /usr/local/bin/myscript is ciphertext, that command will print the
script on STDOUT.


Another bit of sloppiness. Redirection to a file should have been
mentioned.
  

As scrypt is going to prompt you for a passphrase anyway, why don't you
leave the script unencrypted and revise it to prompt for the "important
password"?


Here's the code I used to let a script prompt for a password:

read -s -p "Enter password: "
[ $? -ne 0 ] && exit 1

--
John Doe

Re: encryption

2018-04-21 Thread Brian 
On Fri 20 Apr 2018 at 17:07:10 -0700, David Christensen wrote:

> On 04/20/18 12:38, Brian wrote:
> > T have a script. It contains an important password.
> > 
> > I have encrypted the script with
> > 
> >scrypt dec -t 10 /usr/local/bin/myscript
> 
> Looking at:
> 
> http://manpages.org/scrypt
> 
> 
> That command decrypts /usr/local/bin/myscript (and I don't know if the -t
> option is valid for decryption).

A typo. It should be "enc", not "dec".
 
> > I can, of course, decrypt it with
> > 
> >scrypt dec /usr/local/bin/myscript
> 
> Assuming /usr/local/bin/myscript is ciphertext, that command will print the
> script on STDOUT.

Another bit of sloppiness. Redirection to a file should have been
mentioned.
 
> As scrypt is going to prompt you for a passphrase anyway, why don't you
> leave the script unencrypted and revise it to prompt for the "important
> password"? 
> 
> > and then execute the script.
> 
> How are you executing a script printed on STDOUT?  A pipeline?

The redirected file was executed with 'eval'. 

> > The two last steps have been combined into
> > 
> >DECRYPT=$(scrypt dec /usr/local/bin/myscript) && eval "$DECRYPT"
> > 
> > Should I have any more concerns with this command than I have with the
> > two-step process?
> 
> If the script is too big to fit in an environment variable, that would be a
> problem.

That passed through my mind. The script is 73 lines and, fortunately.
does fit. Putting the secret in a separate file is, however, a good way
to avoid that problem and the one of having trouble evaluating the
variable.
 
> Assuming the script fits into an environment variable, evaluating that
> variable in double-quoted context requires deep understanding of both your
> shell and the script (especially if the script is written for a different
> shell, and potentially a different version of the same shell).  If you're
> intent upon doing it this way, be sure to test thoroughly.
> 
> A pipeline would be more conventional-- decrypt the ciphertext and pipe the
> script to the appropriate interpreter.  Here is an example using Perl and
> the ccrypt tools:
> 
> 2018-04-20 16:59:50 dpchrist@vstretch ~/sandbox/ccrypt
> $ ll secret-script.pl
> -rwxr-xr-x 1 dpchrist dpchrist 66 2018/04/20 16:58:19 secret-script.pl*
> 
> 2018-04-20 17:00:02 dpchrist@vstretch ~/sandbox/ccrypt
> $ cat secret-script.pl
> #!/usr/bin/env perl
> print "The important password is 'secret'\n";
> 
> 2018-04-20 17:00:08 dpchrist@vstretch ~/sandbox/ccrypt
> $ ./secret-script.pl
> The important password is 'secret'
> 
> 2018-04-20 17:00:14 dpchrist@vstretch ~/sandbox/ccrypt
> $ ccencrypt --key foo secret-script.pl
> 
> 2018-04-20 17:00:26 dpchrist@vstretch ~/sandbox/ccrypt
> $ ll secret-script.pl.cpt
> -rwxr-xr-x 1 dpchrist dpchrist 98 2018/04/20 16:58:19 secret-script.pl.cpt*
> 
> 2018-04-20 17:00:30 dpchrist@vstretch ~/sandbox/ccrypt
> $ ll decrypt-run-secret.sh
> -rwxr-xr-x 1 dpchrist dpchrist 86 2018/04/20 16:57:27 decrypt-run-secret.sh*
> 
> 2018-04-20 17:00:40 dpchrist@vstretch ~/sandbox/ccrypt
> $ cat decrypt-run-secret.sh
> #!/usr/bin/env sh
> echo "The decryption key is 'foo'"
> ccat secret-script.pl.cpt | perl
> 
> 2018-04-20 17:00:51 dpchrist@vstretch ~/sandbox/ccrypt
> $ ./decrypt-run-secret.sh
> The decryption key is 'foo'
> Enter decryption key:
> The important password is 'secret'

I prototyped with gpg but ended up with scrypt because it is memory-hard
and slow to decrypt. That seemed to be an advantage; the decryption
passphrase could afford to be shorter and not give users here too much
to remember or type. I'll certainly take a look at what you suggest,
though.

That's two recommendations for putting the secret in a separate file;
I'll follow the advice. My concern was missing some important security
implication but that doesn't appear to be the case. Thanks to Greg
Wooledge and yourself.

-- 
Brian.

Re: (deb-cat) Ethernet I219-LM em deixa de funcionar

2018-04-21 Thread Narcis Garcia 
Rescato aquest fil (Vaig aconseguir compilar aplicant el pedaç de
schnick a https://sourceforge.net/p/e1000/bugs/542/)
per advertir que és a partir de les actualitzacions que mitiguen els
defectes d'Intel, que m'estic trobant amb problemes de connectivitat de
xarxa per dispositius Intel, a diversos ordinadors diferents (I219-LM,
82567LM, etc.).

Abans d'aquestes actualitzacions, la xarxa anava finíssima. El
controlador e1000e que porta Debian 9 és la versió 3.2 ; instal·lant la
darrera versió de controlador (3.4) la única cosa que passa és que el
problema es dóna menys sovint: no cada dia sinó potser cada quinze dies.


El 17/02/18 a les 20:32, Josep Lladonosa ha escrit:
> 
> 
> 2018-02-17 19:30 GMT+01:00 Josep Lladonosa  >:
> 
> 
> 
> 2018-02-17 17:11 GMT+01:00 Narcis Garcia  >:
> 
> Després d'aquest temps, considero resolt el primer problema, ja que
> aquesta interfície de xarxa no dóna el més mínim problema des de
> l'actualització del controlador.
> 
> Només falta la manera de què el controlador actualitzat
> s'apliqui a les
> noves versions de nucli que vinguin per actualitzacions.
> 
> 
> 
> Podries usar dkms. Crec que seguint això podries aconseguir alguna cosa:
> 
> 
> http://tomoconnor.eu/blogish/building-dkms-package-latest-intel-e1000e-driver/
> 
> 
> 
> 
> 
> 
> Un altre lloc on en parlen:
> 
> https://www.reddit.com/r/Ubuntu/comments/2mwzlj/newer_e1000e_driver_with_1404/
> 
> D'aquí en pots treure el dkms.conf que, juntament amb les fonts del
> controlador, pots fer que, cada cop que instal·lis una nova versió de
> nucli, el controlador es compili per a aquella versió
> i quedi afegit al nucli.
> 
> Val a dir que pot arribar a passar que en una actualització a una versió
> de nucli important (de 3.14.x a 3.15.x, per exemple), la compilació del
> controlador pugui fallar i aleshores cal cercar un pegat (patch) per tal
> d'adequar-lo a la versió de nucli més recent...
> 
> La llàstima és que en els repositoris de Debian no hi hagi el dkms per a
> aquest controlador. Per a d'altres sí que hi és (per exemple, el
> broadcom-sta que tinc en algun portàtil).
> 
> Salutacions,
> Josep
> 
> 
>  
> 
> 
>  
> 
> 
> 
> El 15/02/18 a les 10:50, Narcis Garcia ha escrit:
> > De moment, m'he apuntat aquesta recepta solventant fins i tot un
> > problema del «Makefile» del mateix projecte:
> >
> > 0. Install build/compiler tools:
> > sudo apt-get install build-essential linux-headers-amd64
> >
> > 1. Download latest stable version from:
> > https://sourceforge.net/projects/e1000/files/e1000e%20stable/
> 
> >
> > 2. Unpack:
> > tar zxf e1000e-*.tar.gz
> >
> > 3. Compile and install:
> > cd e1000e-*/src/
> > sudo make install
> >
> > 3.1. If it fails with "cc1: error: code model kernel does not
> support
> > PIC mode"
> > # Find in Makefile ( e1000e/src/Makefile , Line ~152) =>
> > EXTRA_CFLAGS += $(CFLAGS_EXTRA)
> > # Insert a new line after that => EXTRA_CFLAGS += -fno-pie
> > sudo make install
> >
> > 4. Where is the binary installed:
> > find /lib/modules | grep -e '/e1000e\.ko$'
> >
> 
> /lib/modules/4.9.0-5-amd64/updates/drivers/net/ethernet/intel/e1000e/e1000e.ko
> > /lib/modules/updates/drivers/net/ethernet/intel/e1000e/e1000e.ko
> >
> > 5. Updated boot-embedded driver:
> > sudo update-initramfs -u
> >
> >
> > Els diferents e1000e.ko generats no són iguals.
> > Com que veig que no es crea automàticament per cada nucli (com el
> > 4.9.0-4 que també hi ha instal·lat),
> > EL QUÈ EM QUEDA ARA, és trobar la manera que tot això es posi
> com cal el
> > dia que actualitzi el sistema (a Linux 4.9.0-6 per exemple)
> sense haver
> > de recordar i recuperar tot el procediment manual.
> >
> >
> >
> >
> > __
> > I'm using this express-made address because personal addresses
> aren't
> > masked enough at this mail public archive. Public archive
> administrator
> > should fix this against automated addresses collectors.
> > El 07/02/18 a les 14:29, Narcis Garcia ha escrit:
> >> He descarregat el paquet linux-image-4.14.0-0.bpo.3-amd64 del
> repositori
> >> «backports» i veig que el mòdul-controlador que conté és de
> la mateixa
> >> versió:
> >> filename:
> >>
> 
>

Re: apt-get: Error: Timeout was reached

2018-04-21 Thread tomas 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sat, Apr 21, 2018 at 10:50:47AM +0200, Rainer Dorsch wrote:
> Hi Tomás,
> 
> many thanks for your response :-)

[...]

> retry temporary address regeneration
> Apr 21 10:36:01 master kernel: [3019221.240105] IPv6: ipv6_create_tempaddr: 

[...]

> Also the output of 
> 
> root@master:~# ip addr show|wc -l
> 63614

Yikes.

> root@master:~# 
> 
> and
> 
> root@master:~# ip addr show|head -40
> 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group 
> default qlen 1
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
>valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host 
>valid_lft forever preferred_lft forever
> 2: eno1:  mtu 1500 qdisc pfifo_fast state UP 
> group default qlen 1000
> link/ether 18:66:da:20:6f:2d brd ff:ff:ff:ff:ff:ff
> inet 192.168.0.2/24 brd 192.168.0.255 scope global dynamic eno1
>valid_lft 853609sec preferred_lft 853609sec
> inet6 fd38:81d3:9dac:0:f0ef:7ae3:c2bf:3bd8/64 scope global temporary 
> dynamic 
>valid_lft 604795sec preferred_lft 86240sec
> inet6 fd38:81d3:9dac:0:80cd:9129:26ce:bee5/64 scope global temporary 

[...]

> root@master:~# 
> 
> look really strange.

Indeed. That doesn't look sane.

Alas, with Network Manager I'm out of my depth. It *might* be this privacy
enhanced thingy (generating temporary IPV6 addresses to avoid tracking
across connections), like here:

  
https://askubuntu.com/questions/764695/how-do-i-get-a-stable-ipv6-address-in-16-04

But it might be something completely different :-D

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlrbKLgACgkQBcgs9XrR2kY4EgCfV/F5FARpKsOAD/fXStOemFHB
eHMAnjh01QpBG0xQtMHZgAX5ap19ZIpn
=KVet
-END PGP SIGNATURE-

Re: X does not work in Debian 9.4

2018-04-21 Thread Francisco M Neto 
According to your Xorg log you seem to be using a rather old video card. Maybe
you should try using lower resolutions/color depths and see if it works.

-Francisco

On Sat, 2018-04-21 at 01:48 +, Long Wind wrote:
> X works in 9.3, it doesn't in 9.4
> i attach log and conf files
> 
> i'm going out and can't respond to reply for a few hours
> Thanks!
> 
-- 
--
[]'s,

Francisco M Neto

Re: apt-get: Error: Timeout was reached

2018-04-21 Thread Rainer Dorsch 
Hi Tomás,

many thanks for your response :-)

Am Samstag, 21. April 2018, 08:43:20 CEST schrieb to...@tuxteam.de:
> On Fri, Apr 20, 2018 at 10:20:12PM +0200, Rainer Dorsch wrote:
> > Am Freitag, 20. April 2018, 22:13:11 CEST schrieb to...@tuxteam.de:
> > > curl -I http://security.debian.org/debian-security/
> > 
> > root@master:~/tmp# curl -I http://ftp.de.debian.org/debian/
> > HTTP/1.1 200 OK
> > Date: Fri, 20 Apr 2018 20:19:14 GMT
> > Server: Apache/2.4.10 (Debian)
> > Content-Type: text/html;charset=UTF-8
> > 
> > root@master:~/tmp# curl -I http://security.debian.org/debian-security/
> > HTTP/1.1 200 OK
> 
> [...]
> 
> Yeah, that succeeded *once*, but you suggested that your problem
> is intermittent.
> 
> Either your network connection is sometimes down (you might see
> traces of that in your system log) or security.debian.org is
> sometimes down (somewhat less probable, since more folks would
> complain), or "something" in the path between you two is sometimes
> down.
> 
> To catch this "sometimes" you'll have to invest a bit more of
> work.
> 
> I'd start by looking into syslog, around the times your upgrade
> complains. Next, you might want to watch connectivity -- there sure
> are nice programs out there, with graphing and things, but just
> pinging your upstream router every minute might give you a rough
> impression, like so:
> 
>   ping -i 60  > /tmp/connect.log 2>&1 &
> 
> and have look at the result after a day or so.
> 
> If you're on WiFi, check for bad signal quality or too many nearby
> routers (or other sources of noise). If it's Ethernet, flakey cables
> or connectors are known for doing nasty things. And so on.
> 
> It's a bit like hunting :-)

I am on ethernet and all other debian machines in the subnet are doing 
excellent. syslog was an excellent idea, indeed there are many suspicious 
entries:

Apr 21 10:35:13 master kernel: [3019173.333566] IPv6: ipv6_create_tempaddr: 
retry temporary address regeneration
Apr 21 10:36:01 master kernel: [3019221.240105] IPv6: ipv6_create_tempaddr: 
retry temporary address regeneration
Apr 21 10:36:11 master kernel: [3019231.951162] IPv6: ipv6_create_tempaddr: 
retry temporary address regeneration
Apr 21 10:36:35 master kernel: [3019256.044369] IPv6: ipv6_create_tempaddr: 
retry temporary address regeneration
Apr 21 10:37:10 master kernel: [3019290.823572] IPv6: ipv6_create_tempaddr: 
retry temporary address regeneration
Apr 21 10:37:10 master kernel: [3019290.823932] IPv6: ipv6_create_tempaddr: 
retry temporary address regeneration
Apr 21 10:37:10 master kernel: [3019290.824625] IPv6: ipv6_create_tempaddr: 
retry temporary address regeneration
Apr 21 10:37:13 master kernel: [3019293.735943] IPv6: ipv6_create_tempaddr: 
retry temporary address regeneration
Apr 21 10:37:53 master kernel: [3019333.828612] IPv6: ipv6_create_tempaddr: 
retry temporary address regeneration

Also the output of 

root@master:~# ip addr show|wc -l
63614
root@master:~# 

and

root@master:~# ip addr show|head -40
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host 
   valid_lft forever preferred_lft forever
2: eno1:  mtu 1500 qdisc pfifo_fast state UP 
group default qlen 1000
link/ether 18:66:da:20:6f:2d brd ff:ff:ff:ff:ff:ff
inet 192.168.0.2/24 brd 192.168.0.255 scope global dynamic eno1
   valid_lft 853609sec preferred_lft 853609sec
inet6 fd38:81d3:9dac:0:f0ef:7ae3:c2bf:3bd8/64 scope global temporary 
dynamic 
   valid_lft 604795sec preferred_lft 86240sec
inet6 fd38:81d3:9dac:0:80cd:9129:26ce:bee5/64 scope global temporary 
dynamic 
   valid_lft 604794sec preferred_lft 86239sec
inet6 fd38:81d3:9dac:0:402a:7f5d:c391:9d23/64 scope global temporary 
dynamic 
   valid_lft 604793sec preferred_lft 86238sec
inet6 fd38:81d3:9dac:0:a457:e576:bdd9:84f5/64 scope global temporary 
dynamic 
   valid_lft 604786sec preferred_lft 86231sec
inet6 fd38:81d3:9dac:0:f928:5018:1834:fbc6/64 scope global temporary 
dynamic 
   valid_lft 604783sec preferred_lft 86228sec
inet6 fd38:81d3:9dac:0:8ce6:e31c:4745:e335/64 scope global temporary 
dynamic 
   valid_lft 604783sec preferred_lft 86228sec
inet6 fd38:81d3:9dac:0:818c:c093:8084:fcad/64 scope global temporary 
dynamic 
   valid_lft 604774sec preferred_lft 86219sec
inet6 fd38:81d3:9dac:0:1c74:e734:3319:2ae3/64 scope global temporary 
dynamic 
   valid_lft 604749sec preferred_lft 86194sec
inet6 fd38:81d3:9dac:0:15de:1534:8301:d55d/64 scope global temporary 
dynamic 
   valid_lft 604728sec preferred_lft 86173sec
inet6 fd38:81d3:9dac:0:b05b:c204:aa6e:4cf0/64 scope global temporary 
dynamic 
   valid_lft 604720sec preferred_lft 86165sec
inet6 fd38:81d3:9dac:0:9886:8ee9:627f:8bab/64 scope global temporary 
dynamic

Re: apt-get: Error: Timeout was reached

2018-04-21 Thread tomas 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Apr 20, 2018 at 10:20:12PM +0200, Rainer Dorsch wrote:
> Am Freitag, 20. April 2018, 22:13:11 CEST schrieb to...@tuxteam.de:
> > curl -I http://security.debian.org/debian-security/
> 
> root@master:~/tmp# curl -I http://ftp.de.debian.org/debian/
> HTTP/1.1 200 OK
> Date: Fri, 20 Apr 2018 20:19:14 GMT
> Server: Apache/2.4.10 (Debian)
> Content-Type: text/html;charset=UTF-8
> 
> root@master:~/tmp# curl -I http://security.debian.org/debian-security/
> HTTP/1.1 200 OK

[...]

Yeah, that succeeded *once*, but you suggested that your problem
is intermittent.

Either your network connection is sometimes down (you might see
traces of that in your system log) or security.debian.org is
sometimes down (somewhat less probable, since more folks would
complain), or "something" in the path between you two is sometimes
down.

To catch this "sometimes" you'll have to invest a bit more of
work.

I'd start by looking into syslog, around the times your upgrade
complains. Next, you might want to watch connectivity -- there sure
are nice programs out there, with graphing and things, but just
pinging your upstream router every minute might give you a rough
impression, like so:

  ping -i 60  > /tmp/connect.log 2>&1 &

and have look at the result after a day or so.

If you're on WiFi, check for bad signal quality or too many nearby
routers (or other sources of noise). If it's Ethernet, flakey cables
or connectors are known for doing nasty things. And so on.

It's a bit like hunting :-)

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlra3YgACgkQBcgs9XrR2kaS1wCfcfX3VDhq9X7azonwDojhjvL9
K5YAn2YyuMsIWQ535uR3L5S9ApZ2Ocmc
=nnfe
-END PGP SIGNATURE-