Re: Your Password Reset Link from CorrLinks

[Reco]

Hi.

On Thu, Feb 21, 2019 at 02:30:48AM -0500, Gene Heskett wrote:
> On Thursday 21 February 2019 01:14:03 w...@corrlinks.com wrote:
> 
> > To reset your password, please click the link below.  This link will
> > expire in 24 hours.
> >
> > 
> 
> Whats worse is that my isp is rightfully rejecting some of this bs as 
> spam, but I get the threatening msgs from the debian server, threatening 
> to unsuscribe me for the bounces.

You do not bounce to the list - [1]. Yes, even if it's spam.
They will excommunicate you if you insist on bouncing to the list.

If you want to notify listmaster team about spam, you should bounce to [2].


> debian shoulda rejected it in the first place.

And you can help this by reporting an offending e-mail as spam, see [1].

Reco

[1] https://wiki.debian.org/Teams/ListMaster/FAQ
[2] mailto:listmas...@lists.debian.org

Re: Apache2 - Certbot renew - The client lacks sufficient authorization :: Invalid response from

[Christophe Moille]

Le jeudi 21 févr. 2019 à 07:31:52 (+0100), Damien TOURDE a écrit :
> Bonjour,
> 
> Il me semble que certbot n'est plus dans les dépôts stable.
> 
> Il faut télécharger le script sur le site https://certbot.eff.org/

Salut,

Il me semble bien qu'il y soit:

$ apt policy certbot
certbot:
  Installé : (aucun)
  Candidat : 0.28.0-1~deb9u1
 Table de version :
 0.31.0-1 50
 50 tor+http://vwakviie2ienjx6t.onion/debian unstable/main amd64 
Packages
 50 tor+http://vwakviie2ienjx6t.onion/debian sid/main amd64 Packages
 0.28.0-1~deb9u1 500
500 tor+http://vwakviie2ienjx6t.onion/debian stretch/main amd64 Packages
500 tor+http://vwakviie2ienjx6t.onion/debian stretch-updates/main amd64 
Packages
 0.28.0-1~bpo9+1 100
100 tor+http://vwakviie2ienjx6t.onion/debian stretch-backports/main 
amd64 Packages
100 tor+http://deb.debian.org/debian stretch-backports/main amd64 
Packages

-- 
« _Si nous étions de la graine de voyous, comme le répétaient nos enseignants,
pourquoi nous planter là, au beau milieu du terreau fertile de la rue ?_ »
- Omar Benlaala, _Inspire_, 2015

Re: Apache2 - Certbot renew - The client lacks sufficient authorization :: Invalid response from

[Daniel Caillibaud]

Le 21/02/19 à 07:31, Damien TOURDE  a écrit :
> Il me semble que certbot n'est plus dans les dépôts stable.

Si si : 
https://packages.debian.org/stretch/certbot

-- 
Daniel

Je fais deux régimes en même temps, parce qu'avec
un seul, j'avais pas assez à manger.
Coluche

Re: Your Password Reset Link from CorrLinks

[Gene Heskett]

On Thursday 21 February 2019 01:14:03 w...@corrlinks.com wrote:

> To reset your password, please click the link below.  This link will
> expire in 24 hours.
>
> https://www.corrlinks.com/R.aspx?c=d04a199a-bd92-42c9-8654-5384a255da0
>6

Whats worse is that my isp is rightfully rejecting some of this bs as 
spam, but I get the threatening msgs from the debian server, threatening 
to unsuscribe me for the bounces. debian shoulda rejected it in the 
first place.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Your Password Reset Link from CorrLinks

[Web]

To reset your password, please click the link below.  This link will expire in 
24 hours.

https://www.corrlinks.com/R.aspx?c=d04a199a-bd92-42c9-8654-5384a255da06

Re: Apache2 - Certbot renew - The client lacks sufficient authorization :: Invalid response from

[Damien TOURDE]

Bonjour,

Il me semble que certbot n'est plus dans les dépôts stable.

Il faut télécharger le script sur le site https://certbot.eff.org/


Cordialement,
Damien



Le 21 février 2019 01:09:31 GMT+01:00, "Ph. Gras"  a 
écrit :
>Salut la liste,
>
>> Je n'arrive pas à renouveler mon certificat Certbot.
>
>les certificats des sites ci-dessous mentionnés sont valables jusqu'au
>20 mars, il est trop tôt pour les renouveler
>et sans doute est-ce pour cette raison qu'une erreur a été générée.
>
>> 
>> Merci aux spécialistes de Certbot de me conseiller dans la résolution
>de cette erreur :
>> The client lacks sufficient authorization :: Invalid response from
>
>Le ou les répertoires well-known sont mal renseignés dans ton Apache,
>les requêtes renvoient un beau 404 :-)
>
>> 
>> 0- J'ai créé le certificat de la sorte : sudo certbot certonly
>--webroot --agree-tos --email vision.du@free.fr -d green-nrj.com -d
>www.green-nrj.com -d unis-pour-le-climat.com -d
>www.unis-pour-le-climat.com -d unis-pour-la-planete.com -d
>www.unis-pour-la-planete.com -d visionduweb.fr -d www.visionduweb.fr -w
>/var/www/html --rsa-key-size 4096
>
>L'année dernière, il y a eu une faille de sécurité qui a entraîné une
>régression et des bugs récurrents sur cette
>commande à rallonge. Mais ce n'est pas le sujet aujourd'hui.
>
>> 1- J'ai tenté "certbot-auto renew" mais le paquet "certbot-auto" ne
>semble pas présent.
>> Faut t'il que je l'installe, est t'il présent sur Debian Stretch par
>défaut ?
>
>la commande "certbot renew" suffit pour effectuer toutes les opérations
>à effectuer pour un renouvellement. De
>toute façon, la lancer avant la mi-mars est prématuré.
>
>On en reparle le moment venu et d'ici là, il convient de régler
>l'emplacement du répertoire well-known :-)
>
>Bonne continuation,
>
>Ph. Gras

-- 
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma 
brièveté.

Re: IP Fixo - rede está fora de alcance

[Gabriel Lima]

Boa noite Luís,
Quando vc escreve IP Fixo, vc quer dizer que está em um ip interno da rede ou 
um ip público fixo?

Att;
Gabriel Lima

Em 20 de fev de 2019, à(s) 20:15, Luís Cláudio A. Gama  
escreveu:

> 
> Boa noite a todos.
> 
> Estou com um probleminha em uma máquina de cliente.
> 
> Essa máquina precisa funcionar com IP fixo para eu acessar como servidor PHP.
> 
> Configurei tudo em novembro e estava 100% até dia 10, pois foi o último dia 
> que subiu meu backup pro dropbox. Ou seja, estava funcionando. :(
> 
> O IP fixo está funcionando, porém a internet não acessa qualquer 
> siteacessa uol, gmail, mas o dropbox, vivaolinux e o meu site não acessa. 
> Dá como "rede fora de alcance".
> 
> Aí eu coloco IP dinâmico na máquina e acessa tudo normalmente.
> 
> Eu estava usando os DNS do Google 8.8.8.8/8.8.4.4 e tentei também o Open DNS  
> 208.67.222.222/208.67.220.220 e os resultados foram os mesmos.
> 
> Semana passada eu estava fazendo alguns experimentos com curl na linha de 
> comando e tive esse sintoma...foi resolvido com "echo ipv4 >> ~/.curlrc".
> 
> Mas agora eu não consigo acessar o www.vivaolinux.com.br pelo browser.
> 
> Alguém tem alguma dica para eu começar a procurar?
> 
> Grato
> 
> Luís Cláudio A. Gama
> Fones: TIM:  11 9 7765-1735  Res: 11-4602-3400
> Skype: luisclaudiogama   http://luisgama.googlepages.com
> 
> br.linkedin.com/in/luisclaudiogama
> 
> 
> 
> ||\|_
> |  Voto Distrital !|||"'|""\__
> |__|||_||)
> !(@)'(@)*!(@)(@)*!(@)
> 
> 
> 
> 
>   Sender notified by 
> Mailtrack 20/02/19 21:14:49   

Offender: MOSAY, CLINT

[CorrLinks]

This is a system generated message informing you that the above-named person is 
a WIDOC prisoner who seeks to add you to his/her contact list for exchanging 
electronic messages.  There is no message from the prisoner at this time.

You can ACCEPT this prisoner's request or BLOCK this individual or all WIDOC 
prisoners from contacting you via electronic messaging at www.corrlinks.com.  
To register with CorrLinks you must enter the email address that received this 
notice along with the identification code below.

Email Address: debian-user@lists.debian.org
Identification Code: 2XY5SC8D
This identification code will expire in 10 days. 

By approving electronic correspondence with WIDOC prisoners, you consent to 
have the WIDOC staff monitor the content of all electronic messages exchanged. 

Once you have registered with CorrLinks and approved the prisoner for 
correspondence, the prisoner will be notified electronically.

*

Este es un mensaje generado por el sistema que le informa que la persona 
mencionada es un prisionero WIDOC que pretende añadirlo a usted a su lista de 
contactos para intercambiar mensajes electrónicos. No hay ningún mensaje del 
preso en este momento

Usted puede ACEPTAR esta petición del preso o BLOQUEAR a esta persona o a todos 
los presos de WIDOC de contactarlo a usted a través de la mensajería 
electrónica en www.corrlinks.com. Para inscribirse en CorrLinks debe introducir 
la dirección de correo electrónico que recibió esta notificación, junto con el 
código de identificación a continuación.

Dirección de correo electrónico: debian-user@lists.debian.org
Código de identificación: 2XY5SC8D
Este código de identificación expirará en 10 días.

Re: Gnome et suppression des fichiers

[Ph. Gras]

Salut la liste !

> Quand je supprime une grosse quantité de fichiers (cet aprem quasiment 800)
> dans Gnome l'interface graphique reste bloquée pendant de longues minutes (le
> reste du système tourne normalement).
> Constatez-vous la même chose ?

Oui, par exemple quand je fais de gros copier-coller, quand bien même je n'ai 
pas
Gnome.

Il s'agit vraisemblablement d'un problème de mémoire.

Bonne nuit,

Ph. Gras

IP Fixo - rede está fora de alcance

[Luís Cláudio A . Gama]

Boa noite a todos.

Estou com um probleminha em uma máquina de cliente.

Essa máquina precisa funcionar com IP fixo para eu acessar como servidor
PHP.

Configurei tudo em novembro e estava 100% até dia 10, pois foi o último dia
que subiu meu backup pro dropbox. Ou seja, estava funcionando. :(

O IP fixo está funcionando, porém a internet não acessa qualquer
siteacessa uol, gmail, mas o dropbox, vivaolinux e o meu site não
acessa. Dá como "rede fora de alcance".

Aí eu coloco IP dinâmico na máquina e acessa tudo normalmente.

Eu estava usando os DNS do Google 8.8.8.8/8.8.4.4 e tentei também o Open
DNS  208.67.222.222/208.67.220.220 e os resultados foram os mesmos.

Semana passada eu estava fazendo alguns experimentos com curl na linha de
comando e tive esse sintoma...foi resolvido com "echo ipv4 >> ~/.curlrc".

Mas agora eu não consigo acessar o www.vivaolinux.com.br pelo browser.

Alguém tem alguma dica para eu começar a procurar?

Grato

Luís Cláudio A. Gama
Fones: TIM:  11 9 7765-1735  Res: 11-4602-3400
Skype: luisclaudiogama   http://luisgama.googlepages.com

br.linkedin.com/in/luisclaudiogama



||\|_
|  Voto Distrital !|||"'|""\__
|__|||_||)
!(@)'(@)*!(@)(@)*!(@)




[image: Mailtrack]

Sender
notified by
Mailtrack

20/02/19
21:14:49

Re: Apache2 - Certbot renew - The client lacks sufficient authorization :: Invalid response from

[Ph. Gras]

Salut la liste,

> Je n'arrive pas à renouveler mon certificat Certbot.

les certificats des sites ci-dessous mentionnés sont valables jusqu'au 20 mars, 
il est trop tôt pour les renouveler
et sans doute est-ce pour cette raison qu'une erreur a été générée.

> 
> Merci aux spécialistes de Certbot de me conseiller dans la résolution de 
> cette erreur :
> The client lacks sufficient authorization :: Invalid response from

Le ou les répertoires well-known sont mal renseignés dans ton Apache, les 
requêtes renvoient un beau 404 :-)

> 
> 0- J'ai créé le certificat de la sorte : sudo certbot certonly --webroot 
> --agree-tos --email vision.du@free.fr -d green-nrj.com -d 
> www.green-nrj.com -d unis-pour-le-climat.com -d www.unis-pour-le-climat.com 
> -d unis-pour-la-planete.com -d www.unis-pour-la-planete.com -d visionduweb.fr 
> -d www.visionduweb.fr -w /var/www/html --rsa-key-size 4096

L'année dernière, il y a eu une faille de sécurité qui a entraîné une 
régression et des bugs récurrents sur cette
commande à rallonge. Mais ce n'est pas le sujet aujourd'hui.

> 1- J'ai tenté "certbot-auto renew" mais le paquet "certbot-auto" ne semble 
> pas présent.
> Faut t'il que je l'installe, est t'il présent sur Debian Stretch par défaut ?

la commande "certbot renew" suffit pour effectuer toutes les opérations à 
effectuer pour un renouvellement. De
toute façon, la lancer avant la mi-mars est prématuré.

On en reparle le moment venu et d'ici là, il convient de régler l'emplacement 
du répertoire well-known :-)

Bonne continuation,

Ph. Gras

Gnome et suppression des fichiers

[Gaëtan Perrier]

Bonjour,

Quand je supprime une grosse quantité de fichiers (cet aprem quasiment 800)
dans Gnome l'interface graphique reste bloquée pendant de longues minutes (le
reste du système tourne normalement).
Constatez-vous la même chose ?


signature.asc
Description: This is a digitally signed message part

Configurar o Apt para acessar o proxy

[Ubiratan Campos]

Bom dia a todos

Não estou conseguindo autenticar meu apt no AD da micosofit

Já fiz todas configurações sugeridas, e nada deu certo. Alguém tem 
alguma dica?



Abraços

Apache2 - Certbot renew - The client lacks sufficient authorization :: Invalid response from

[G2PC]

Bonjour,
Je n'arrive pas à renouveler mon certificat Certbot.

Merci aux spécialistes de Certbot de me conseiller dans la résolution de
cette erreur :
The client lacks sufficient authorization :: Invalid response from

0- J'ai créé le certificat de la sorte : sudo certbot certonly --webroot
--agree-tos --email vision.du@free.fr -d green-nrj.com -d
www.green-nrj.com -d unis-pour-le-climat.com -d
www.unis-pour-le-climat.com -d unis-pour-la-planete.com -d
www.unis-pour-la-planete.com  -d
visionduweb.fr -d www.visionduweb.fr -w /var/www/html --rsa-key-size 4096

J'ai donc un dossier principale green-nrj.com qui comprend le certificat
pour l'ensemble des domaines.
Mes sites sont bien accessibles en HTTPS.

1- J'ai tenté "certbot-auto renew" mais le paquet "certbot-auto" ne
semble pas présent.
Faut t'il que je l'installe, est t'il présent sur Debian Stretch par
défaut ?

2- La commande certbot renew me renvoie une erreur : The client lacks
sufficient authorization :: Invalid response from
J'ai l'impression que l'erreur est due au protocole http:// mais sans
aucune certitude !
(
http://www.visionduweb.fr/.well-known/acme-challenge/euQstJaPGZ3QQ8wm2Akzp5sseWLKKvBvkAo-dW2Qfyk
)

- Je suis censé être en HTTPS non ?
- Surtout depuis que j'ai validé HSTS pour ce domaine visionduweb.fr
- L'appel vers http:// serait donc erroné ?! Que faire ?

Notes
Voilà les VHosts mis en place sur le serveur :
https://www.visionduweb.eu/wiki/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s
Et plus spécifiquement celui pour visionduweb.fr
https://www.visionduweb.eu/wiki/index.php?title=VirtualHosts_des_domaines_enregistr%C3%A9s#visionduweb.fr


Voilà le message d'erreur suite à la commande "certbot renew"

sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
Processing /etc/letsencrypt/renewal/green-nrj.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for visionduweb.fr
http-01 challenge for www.visionduweb.fr
Waiting for verification...
Cleaning up challenges
Attempting to renew cert (green-nrj.com) from
/etc/letsencrypt/renewal/green-nrj.com.conf produced an unexpected
error: Failed authorization procedure. www.visionduweb.fr (http-01):
urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient
authorization :: Invalid response from
http://www.visionduweb.fr/.well-known/acme-challenge/euQstJaPGZ3QQ8wm2Akzp5sseWLKKvBvkAo-dW2Qfyk:
"\nhttp://www.w3.org/1999/xhtml\;
xml:lang=\"fr-fr\" lang=\"fr-fr\" dir=\"ltr\">\n    \n   
http://visionduweb.fr/.well-known/acme-challenge/NqcCUIEySWiT4ATh_-yGJpXuqd2lEF-vFsaa5cYcL1c:
"\nhttp://www.w3.org/1999/xhtml\;
xml:lang=\"fr-fr\" lang=\"fr-fr\" dir=\"ltr\">\n    \n   
http://www.visionduweb.fr/.well-known/acme-challenge/euQstJaPGZ3QQ8wm2Akzp5sseWLKKvBvkAo-dW2Qfyk:
   "\nhttp://www.w3.org/1999/xhtml\;
   xml:lang=\"fr-fr\" lang=\"fr-fr\" dir=\"ltr\">\n    \n
   http://visionduweb.fr/.well-known/acme-challenge/NqcCUIEySWiT4ATh_-yGJpXuqd2lEF-vFsaa5cYcL1c:
   "\nhttp://www.w3.org/1999/xhtml\;
   xml:lang=\"fr-fr\" lang=\"fr-fr\" dir=\"ltr\">\n    \n
   

Re: Yubikey and LUKS on testing (Buster)

[gpdsbe]

Thanks for the reply! You are right! I was looking to older instructions that 
didnt include that info!

> 
> As you omitted the part about appending
> 'keyscript=/usr/share/yubikey-luks/ykluks-keyscript' to your
> /etc/crypttab file and subsequently running 'update-initramfs -u' in
> your description of your procedure, I'm wondering whether you
> inadvertently skipped that step.
> 
> https://github.com/cornelinux/yubikey-luks
> 
>

Re: Can't scan new disk

[Jude DaShiell]

umount /dev/sdb probably will work better.
gparted /dev/sdb also.
if those two don't throw errors, try print command inside gparted and
learn about your new hardware.


--

Re: Looking for advise to replacy Pan newsreader

[Eric S Fraga]

On Sunday, 17 Feb 2019 at 06:51, Nate Bargmann wrote:
> How can it be configured to show all headers both read and unread even
> after leaving and coming back to a group?  This is my gripe about most
> newsreaders where the default is trim the headers list aggressively.

You can use /o for showing all "old" messages.  But I doubt you really
want this for some groups.  What works well, in practice, however, is to
show all the old headers in threads for any new messages.  You can get
this behaviour by setting gnus-fetch-old-headers to t.

> The news server I used in the past was news.aioe.org and it is still
> online.

I used to use this but, these days, gmane gives me access to all the
groups I read.

-- 
Eric S Fraga via Emacs 27.0.50 & org 9.2.1 on Debian buster/sid

Re: Software para desenho de processos

[Leonardo S. S. da Rocha]

Não conheço Eder. Vou tentar essa opção então! Tô bem amarrado à essa
ferramenta. Obrigado por mais essa sugestão.

Em qua, 20 de fev de 2019 às 13:14, Eder Moraes
 escreveu:
>
> Já tentou rodar o Bizagi através do playonlinux ao invez de virtualizar eu 
> implantei em uma empresa em que o software precisava de alguns pacotes como 
> netfw da MS, rodou bem com a versão 3.0.3 do wine no playonlinux. Enquanto em 
> outras versões do wine como a 3.20 apresentavam algumas falhas.
>
>
>
> Em qua, 20 de fev de 2019 13:03, Leonardo S. S. da Rocha 
> >
>> Não procurei ainda Rodolfo. Vou verificar se existe!
>>
>> Eder, eu preciso de algo o mais compatível possível com o Bizagi.
>> Mesmo que visualmente, os diagramas precisam ser semelhantes pois eu
>> tenho que usar bizagi obrigatoriamente pelo fato dele publicar o BPMN
>> em html pra que disponibilizemos no servidor.
>>
>> O Draw.io Paulo demanda muita formação justamente pelo mesmo motivo
>> que menciono com o Eder, semelhança nos diagramas e fluxos. Perco
>> muito tempo formatando no Draw. Ele é muito útil mas bem simples. E
>> outra, preciso de internet pra trabalhar com ele. Quero algo instalado
>> pra não ficar dependente disso!
>>
>> Em qua, 20 de fev de 2019 às 11:03, Rodolfo  escreveu:
>> >
>> > Já verificou se existe uma imagem Docker para o Bizagi?
>> >
>> > Em qua, 20 de fev de 2019 às 07:35, Leonardo S. S. da Rocha 
>> >  escreveu:
>> >>
>> >> Pessoal, bom dia!
>> >>
>> >> estou utilizando uma ferramenta baseada em notação BPMN para desenho
>> >> de processos para desenvolver minha pesquisa de mestrado. Estou
>> >> utilizando o Bizagi por ter sido uma solicitação do orientador pois
>> >> ele permite publicar o desenho em HTML para que possamos
>> >> disponibilizar no site do departamento de computação. Acontece que eu
>> >> tive que virtualizar isso por e já tá começando a incomodar ter que
>> >> levantar maquina virtual todo tempo. Agora estou desenhando os
>> >> processos pra colocar na dissertação e gostaria de saber se existe
>> >> alguma ferramenta livre, baseada em notação BPMN, para desenho de
>> >> processos no linux sem ser o DIA? Alguém conhece alguma coisa?
>> >>
>> >> Agradeço e aguardo.
>> >>
>> >> Leonardo Rocha.
>> >>
>>

Re: Software para desenho de processos

[Leonardo S. S. da Rocha]

Não procurei ainda Rodolfo. Vou verificar se existe!

Eder, eu preciso de algo o mais compatível possível com o Bizagi.
Mesmo que visualmente, os diagramas precisam ser semelhantes pois eu
tenho que usar bizagi obrigatoriamente pelo fato dele publicar o BPMN
em html pra que disponibilizemos no servidor.

O Draw.io Paulo demanda muita formação justamente pelo mesmo motivo
que menciono com o Eder, semelhança nos diagramas e fluxos. Perco
muito tempo formatando no Draw. Ele é muito útil mas bem simples. E
outra, preciso de internet pra trabalhar com ele. Quero algo instalado
pra não ficar dependente disso!

Em qua, 20 de fev de 2019 às 11:03, Rodolfo  escreveu:
>
> Já verificou se existe uma imagem Docker para o Bizagi?
>
> Em qua, 20 de fev de 2019 às 07:35, Leonardo S. S. da Rocha 
>  escreveu:
>>
>> Pessoal, bom dia!
>>
>> estou utilizando uma ferramenta baseada em notação BPMN para desenho
>> de processos para desenvolver minha pesquisa de mestrado. Estou
>> utilizando o Bizagi por ter sido uma solicitação do orientador pois
>> ele permite publicar o desenho em HTML para que possamos
>> disponibilizar no site do departamento de computação. Acontece que eu
>> tive que virtualizar isso por e já tá começando a incomodar ter que
>> levantar maquina virtual todo tempo. Agora estou desenhando os
>> processos pra colocar na dissertação e gostaria de saber se existe
>> alguma ferramenta livre, baseada em notação BPMN, para desenho de
>> processos no linux sem ser o DIA? Alguém conhece alguma coisa?
>>
>> Agradeço e aguardo.
>>
>> Leonardo Rocha.
>>

Re: Cambiar parametro kernel

[Matias Mucciolo]

On Wednesday, February 20, 2019 3:47:58 PM -03 Rubén Magaña wrote:
> Buenas, alguien sabe como cambiar el parámetros del kernel? Es posible
> hacerlo sin tener que recompilar de nuevo el kernel?
> 
> SERIAL_8250_RUNTIME_UARTS
> 
> ???
> 
> Un saludo,
> Rubén Magaña Riau
> Mobile: (+34) 677 134 091

Buenas
mirate la opcion de booteo '8250.nr_uarts'

saludos.
Matias.-

Re: guacamole - recording

[Eriel Perez]

Greetings friends from the list.

I have guacamole installed in should with RDP to 1 pc in windows 10. And it 
works fine. Although I would like to make some improvements. For example, in 
the config with the windows client I have to specify the user and psw of the 
user in windows so that it can work. that is, I do not get to the windows login 
screen so you can enter by any local windows user.

And good the most important thing, I understand that guacamole makes recording 
of the sessions that are done. I can not make this work for me. Anyone around 
here who has experience in the subject and can help me would appreciate it.

Thank you.

> On Feb 20, 2019, at 10:10 AM, Peter Ludikovsky  wrote:
> 
> Saludos amigos de la lista. 
> 
> Tengo guacamole instalado en debían con RDP a 1 pc en windows 10. Y funciona 
> bien. Aunque quisiera hacerle algunas mejoras. Por ejemplo, en la config con 
> el cliente de windows tengo que especificar el usuario y psw del usuario en 
> windows para que pueda funcionar. o sea no me llega a la pantalla de login de 
> windows para que pueda entrar por cualquier usuario local de windows. 
> 
> Y bueno lo mas importante, tengo entendido que guacamole hace recording de 
> las sesiones que se hagan. No logro hacer que esto me funcione. Cualquier 
> persona por aquí que tenga experiencia en el tema y me pueda ayudar se lo 
> agradecería.
> 
> Gracias.

Re: guacamole - recording

[Peter Ludikovsky]

¡Saludos!

Esta lista es para correos enviados en inglés. Si necesita ayuda en
español, escriba a la lista debian-users-spanish en
https://lists.debian.org/debian-user-spanish/.

Saludos,
Peter

On 19.02.19 21:53, Eriel Perez wrote:
> Saludos amigos de la lista. 
> 
> Tengo guacamole instalado en debían con RDP a 1 pc en windows 10. Y funciona 
> bien. Aunque quisiera hacerle algunas mejoras. Por ejemplo, en la config con 
> el cliente de windows tengo que especificar el usuario y psw del usuario en 
> windows para que pueda funcionar. o sea no me llega a la pantalla de login de 
> windows para que pueda entrar por cualquier usuario local de windows. 
> 
> Y bueno lo mas importante, tengo entendido que guacamole hace recording de 
> las sesiones que se hagan. No logro hacer que esto me funcione. Cualquier 
> persona por aquí que tenga experiencia en el tema y me pueda ayudar se lo 
> agradecería.
> 
> Gracias.
> 



signature.asc
Description: OpenPGP digital signature

Cambiar parametro kernel

[Rubén Magaña]

Buenas, alguien sabe como cambiar el parámetros del kernel? Es posible hacerlo 
sin tener que recompilar de nuevo el kernel?

SERIAL_8250_RUNTIME_UARTS

???

Un saludo,
Rubén Magaña Riau
Mobile: (+34) 677 134 091

Re: Software para desenho de processos

[Diego Rabatone Oliveira]

Eu acho que eu faria usando Látex/Tex/Tikz ou tentaria com o mermaid.js

Em qua, 20 de fev de 2019 11:03, Rodolfo  Já verificou se existe uma imagem Docker para o Bizagi?
>
> Em qua, 20 de fev de 2019 às 07:35, Leonardo S. S. da Rocha <
> leonardo...@gmail.com> escreveu:
>
>> Pessoal, bom dia!
>>
>> estou utilizando uma ferramenta baseada em notação BPMN para desenho
>> de processos para desenvolver minha pesquisa de mestrado. Estou
>> utilizando o Bizagi por ter sido uma solicitação do orientador pois
>> ele permite publicar o desenho em HTML para que possamos
>> disponibilizar no site do departamento de computação. Acontece que eu
>> tive que virtualizar isso por e já tá começando a incomodar ter que
>> levantar maquina virtual todo tempo. Agora estou desenhando os
>> processos pra colocar na dissertação e gostaria de saber se existe
>> alguma ferramenta livre, baseada em notação BPMN, para desenho de
>> processos no linux sem ser o DIA? Alguém conhece alguma coisa?
>>
>> Agradeço e aguardo.
>>
>> Leonardo Rocha.
>>
>>

Re: Yubikey and LUKS on testing (Buster)

[Curt]

On 2019-02-20, Georgios Pediaditis  wrote:
>
>> As far as it accepting the non-yubikey password, remember that a LUKS
>> container has multiple key slots (8 or 24, I do not recall precisely at
>> the moment).  Accessing a LUKS container only requires that a single key
>> be unlocked, so any available password is sufficient to gain access.
>> Once you have the yubikey-based password working, you will need to
>> remove the other key slot if you no longer want that password to unlock
>> the container.
>
> Thanks for your reply.
>
> I know that it has multiple slots. For the time being that's the only
> reason i can open my laptop :-p
>
> It must be challenge response and not static password since i already
> use the yubikey slot 1 and i need to use yubikey slot 2 with challenge
> response on other services.
>
> Thanks again for your help
>
>

As you omitted the part about appending
'keyscript=/usr/share/yubikey-luks/ykluks-keyscript' to your
/etc/crypttab file and subsequently running 'update-initramfs -u' in
your description of your procedure, I'm wondering whether you
inadvertently skipped that step.

https://github.com/cornelinux/yubikey-luks

Re: VPN con OpenVPN no conecta.

[Me]

On Wed, 20 Feb 2019 07:00:25 -0500, Roberto C. Sánchez wrote:

> On Wed, Feb 20, 2019 at 09:18:46AM -, Me wrote:
>> 
>> Como confirmar que version estoy usando en mi ordenador, por favor?
>> 
> Así:
> 
> $ cat /etc/debian_version
> 
> O, mejor sería:
> 
> $ lsb_release -a

Me referia a:
 LTSv 1.0, 1.1, 1.2, 1.3
No encuentro el comando openssl para el cliente.

Re: Software para desenho de processos

[Rodolfo]

Já verificou se existe uma imagem Docker para o Bizagi?

Em qua, 20 de fev de 2019 às 07:35, Leonardo S. S. da Rocha <
leonardo...@gmail.com> escreveu:

> Pessoal, bom dia!
>
> estou utilizando uma ferramenta baseada em notação BPMN para desenho
> de processos para desenvolver minha pesquisa de mestrado. Estou
> utilizando o Bizagi por ter sido uma solicitação do orientador pois
> ele permite publicar o desenho em HTML para que possamos
> disponibilizar no site do departamento de computação. Acontece que eu
> tive que virtualizar isso por e já tá começando a incomodar ter que
> levantar maquina virtual todo tempo. Agora estou desenhando os
> processos pra colocar na dissertação e gostaria de saber se existe
> alguma ferramenta livre, baseada em notação BPMN, para desenho de
> processos no linux sem ser o DIA? Alguém conhece alguma coisa?
>
> Agradeço e aguardo.
>
> Leonardo Rocha.
>
>

OT: Eliminar intermedios de archivos de videos

[Ismael L. Donis Garcia]

Con que programa o como podría eliminar espacios intermedios de videos?

Uso ffmpeg para eliminar los espacios al principio y al final de los videos, 
pero no se como eliminar espacios intermedios en los mismos.


Desde ya Gracias
--
Ismael
Web Site: http://sisconge.byethost15.com/ 

Re: Yubikey and LUKS on testing (Buster)

[Georgios Pediaditis]

> As far as it accepting the non-yubikey password, remember that a LUKS
> container has multiple key slots (8 or 24, I do not recall precisely at
> the moment).  Accessing a LUKS container only requires that a single key
> be unlocked, so any available password is sufficient to gain access.
> Once you have the yubikey-based password working, you will need to
> remove the other key slot if you no longer want that password to unlock
> the container.

Thanks for your reply.

I know that it has multiple slots. For the time being that's the only reason i 
can open my laptop :-p

It must be challenge response and not static password since i already use the 
yubikey slot 1 and i need to use yubikey slot 2 with challenge response on 
other services.

Thanks again for your help

Re: Can't scan new disk

[Celejar]

On Tue, 19 Feb 2019 21:27:39 -0800
David Christensen  wrote:

> On 2/19/19 7:21 PM, Celejar wrote:
> > On Tue, 19 Feb 2019 18:48:23 -0800
> > David Christensen  wrote:
> >> AFAIK there are no commercial off the shelf (COTS) USB-SATA docks with
> >> FOSS hardware (device), firmware (device), or software (device or host).
> >>(If somebody knows of any examples, please post the URL's.)
> > 
> > I'm still not sure what you're saying - there certainly are COTS
> > devices fully supported by FOSS software. E.g., I have a Syba
> > SY-ENC50091:
> > 
> > https://www.sybausa.com/index.php?route=product/product_id=885
> > 
> > It works fine under Debian without needing any non-free stuff, as far
> > as I recall.
> 
> The Syba USB-SATA dock works with Debian because the HDD manufacturer, 
> Syba, the USB cable manufacturer, the computer manufacturer, and Debian 
> have implemented everything needed for an end-to-end connection from the 
> HDD firmware kernel to the Debian Linux kernel.  Standards facilitated 
> that result.

Exactly. So what do you mean when you say that "there are no commercial
off the shelf (COTS) USB-SATA docks with FOSS hardware (device),
firmware (device), or software (device or host)"?

> > If you're objecting to the hardware not being FOSS, my understanding
> > is that most useful hardware isn't. Is the SATA hardware itself FOSS?
> 
> I agree that, historically, hardware has often been closed-source.  But, 
> similar to software, there are open-source hardware projects:
> 
> https://en.wikipedia.org/wiki/Open-source_hardware

Of course. But unlike with software, they are relatively few and minor,
and a normal user can't hope to go FOSS hardware as he can with software

Celejar

Re: get my ip address

[tony]

On 20/02/2019 13:24, Dan Ritter wrote:
> tony wrote: 
>> This thread has now drifted from my asking whether there was any way of
>> interrogating the hardware to obtain the current IP6 address of host -
>> apparently not 
> 
> The hardware doesn't know IP addresses. The kernel knows those.
> 
> $ ip -6 a show eth0
> 2: eth0:  mtu 1500 state UP
> qlen 1000
> inet6 2001:470:1e07:ff7:d63d:7eff:fe93:e318/64 scope global
>valid_lft forever preferred_lft forever
> inet6 fe80::d63d:7eff:fe93:e318/64 scope link
>valid_lft forever preferred_lft forever
> 
> $ ip -6 r show | grep eth0
> 2001:470:1e07:ff7::/64 dev eth0 proto kernel metric 256  pref
> medium
> fe80::/64 dev eth0 proto kernel metric 256  pref medium
> 
> Tra-la.
> 
> Didn't you get this answer before?
> 
> -dsr-
> 

Many times.

Re: get my ip address

[Dan Ritter]

tony wrote: 
> This thread has now drifted from my asking whether there was any way of
> interrogating the hardware to obtain the current IP6 address of host -
> apparently not 

The hardware doesn't know IP addresses. The kernel knows those.

$ ip -6 a show eth0
2: eth0:  mtu 1500 state UP
qlen 1000
inet6 2001:470:1e07:ff7:d63d:7eff:fe93:e318/64 scope global
   valid_lft forever preferred_lft forever
inet6 fe80::d63d:7eff:fe93:e318/64 scope link
   valid_lft forever preferred_lft forever

$ ip -6 r show | grep eth0
2001:470:1e07:ff7::/64 dev eth0 proto kernel metric 256  pref
medium
fe80::/64 dev eth0 proto kernel metric 256  pref medium

Tra-la.

Didn't you get this answer before?

-dsr-

Re: Can't scan new disk

[Curt]

On 2019-02-20, Alexander V. Makartsev  wrote:
>>
> There you have it. "lsof" command should not output anything if examined
> object is not in use.

I believe you're wrong, at least according my experimentations below.

curty@einstein:~$ mount | grep /dev/sdb1
/dev/sdb1 on /media/76b40b65-5871-4e11-8ed7-64b76e1b4808 type ext2 
(rw,nosuid,nodev,noexec,relatime,block_validity,barrier,user_xattr,acl,user)
root@einstein:/home/curty# umount /dev/sdb1
root@einstein:/home/curty# mount | grep /dev/sdb1
root@einstein:/home/curty# 
root@einstein:/home/curty# lsof /dev/sdb1
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
  Output information may be incomplete.
curty@einstein:~$ lsof /dev/sdb1
curty@einstein:~$ 

Re: Yubikey and LUKS on testing (Buster)

[Roberto C . Sánchez]

On Wed, Feb 20, 2019 at 12:15:57PM +0200, gpd...@mailbox.org wrote:
> 
> Then i reboot my computer and when it asks for a password to unlock my disk 
> encryption I insert my yubikey.
> It doesn't accept the password that i programmed to use with yubikey. 
> 
> Instead it accepts the password i use without the yubikey! The prompt to 
> enter my password doesn't mention yubikey.
> 
> Any ideas?
> 
I do not know specifically about using a YubiKey with LUKS in the way
that you describe.  However, I have had good results using the static
password (3-5 second press) like I would a normal password entered from
the keyboard.

As far as it accepting the non-yubikey password, remember that a LUKS
container has multiple key slots (8 or 24, I do not recall precisely at
the moment).  Accessing a LUKS container only requires that a single key
be unlocked, so any available password is sufficient to gain access.
Once you have the yubikey-based password working, you will need to
remove the other key slot if you no longer want that password to unlock
the container.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: VPN con OpenVPN no conecta.

[Roberto C . Sánchez]

On Wed, Feb 20, 2019 at 09:18:46AM -, Me wrote:
> 
> Como confirmar que version estoy usando en mi ordenador, por favor?
> 
Así:

$ cat /etc/debian_version

O, mejor sería:

$ lsb_release -a
-- 
Roberto C. Sánchez

Software para desenho de processos

[Leonardo S. S. da Rocha]

Pessoal, bom dia!

estou utilizando uma ferramenta baseada em notação BPMN para desenho
de processos para desenvolver minha pesquisa de mestrado. Estou
utilizando o Bizagi por ter sido uma solicitação do orientador pois
ele permite publicar o desenho em HTML para que possamos
disponibilizar no site do departamento de computação. Acontece que eu
tive que virtualizar isso por e já tá começando a incomodar ter que
levantar maquina virtual todo tempo. Agora estou desenhando os
processos pra colocar na dissertação e gostaria de saber se existe
alguma ferramenta livre, baseada em notação BPMN, para desenho de
processos no linux sem ser o DIA? Alguém conhece alguma coisa?

Agradeço e aguardo.

Leonardo Rocha.

Re: get my ip address

[tony]

On 19/02/2019 17:36, Dan Ritter wrote:
> tony wrote: 
>> On 19/02/2019 16:10, Greg Wooledge wrote:
>>> On Fri, Feb 15, 2019 at 11:11:29AM +0100, tony wrote:
 Debian 9. I need to read my IPv6 address into a python script.
>>>
>>> Why?
>>>
>>>  may offer some insight.

> That sounds like a job for a dynamic dns client.
> 
> existing Debian packages:
> 
> ddclient (multiple backend services supported)
> ddupdate (also supports multiple services, more plugin-oriented)
> dyfi  (Finnish users only)
> dyndns   (multiple services)
> ez-ipupdate (multiple services)
> ipcheck (dyndns protocol specific, but many services use it)
> isc-dhcp-client-ddns  (adds dynamic dns to DHCP)
> 
> Don't reinvent the wheel, when it looks like it already has
> seven versions already.
> 

Right, I've had a (brief) look at some of those, and it seems to me that
none offer a better solution than what I've already got.

This thread has now drifted from my asking whether there was any way of
interrogating the hardware to obtain the current IP6 address of host -
apparently not - via an outburst of pedantry, to recommendations on some
off the shelf libraries to update a DNS. I have no problem; I was simply
investigating alternatives to obtaining the current IP6 address, and
thanks to an early reply came up with netifaces, which does a fine job.

As I previously mentioned, I have a well-tried program for keeping my
DNS updated - albeit for IP4 only, and all I want is to extend that for
IP6. Re-inventing the wheel? No, just a natural evolution. I'd be
re-inventing the wheel if I scrapped what I've got, simply to use a
general-purpose library.

If I were starting from scratch, I may well consider a ready-made
client. One drawback that is immediately apparent, and may well be a
misunderstanding on my part, is that any of the clients mentioned
require to be configured with a particular (proprietary) protocol, to
communicate with a (proprietary) dynamic DNS server (DynDNS seems to be
the favourite). Nowhere have I seen NSUpdate mentioned. Maybe there's a
reason for that, but I'm quite happy with NSUpdate.

So, whilst I appreciate all your attempts to help, I think I'll stick
with what I've got.

Thanks all.

Cheers, Tony

Re: Can't scan new disk

[Curt]

On 2019-02-20, Mark Allums  wrote:
> On 2/20/19 3:19 AM, Curt wrote:
>> On 2019-02-20, Mark Allums  wrote:
>
 Maybe something simple like "lsof" command can shed some light on this
 problem?
       $ sudo lsof /dev/sdb
       $ sudo lsof /dev/sdb1
>>>
>>> root@martha:~# lsof /dev/sdb
>>> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1001/gvfs
>>> Output information may be incomplete.
>>> root@martha:~# lsof /dev/sdb1
>>> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1001/gvfs
>>> Output information may be incomplete.
>>> root@martha:~#
>> 
>>>From what I'm reading you'll have to be martha for this and not root
>> (*une fois n'est pas coutume*), if martha mounted.
>
> martha is the name of the server.

I said if. Poor martha.  Whoever mounted.
>
>>>From man mount.fuse:
>> 
>>   SECURITY
>> The fusermount program is installed set-user-gid to fuse. This is done to
>> allow users from  fuse group to mount their own filesystem 
>> implementations.
>> There must however be some limitations, in order to prevent Bad User 
>> from doing
>> nasty things.  Currently those limitations are:
>> 
>> 1. The user can only mount on a mountpoint, for which it has write 
>> permission
>> 
>> 2. The mountpoint is not a sticky directory which isn't owned by the 
>> user (like /tmp usually
>>is)
>> 
>> 3. No other user (including root) can access the contents of the 
>> mounted filesystem.
>> 
>> 
>
> The disk is not mounted.

I don't think it matters (as you seem to have demonstrated).



-- 

When you have fever you are heavy and light, you are small and swollen, you
climb endlessly a ladder which turns like a wheel. 
Jean Rhys, Voyage in the Dark

Re: Can't scan new disk

[Thomas Schmitt]

Hi,

Mark Allums wrote:
> The disk is not mounted.

At least not from the perception of e2fsck, indeed, or else it would say
  "%s is mounted.\n"
instead of
  "%s is in use.\n"
See
  https://sources.debian.org/src/e2fsprogs/1.44.5-1/e2fsck/unix.c/?hl=269#L269
(found by
  https://codesearch.debian.net/search?q=package%3Ae2fsprogs+is+in+use
)

If i understand the code correctly, the program gets to that spot because
condition

  if ((!(ctx->mount_flags & (EXT2_MF_MOUNTED | EXT2_MF_BUSY))) ||

is not true. It says "is in use", because

  if (ctx->mount_flags & EXT2_MF_MOUNTED)

is not true. I.e. (ctx->mount_flags & EXT2_MF_BUSY) is true.

I bet that it is about open(2)/fcntl(2) flag O_EXCL, because of
  https://codesearch.debian.net/search?q=package%3Ae2fsprogs+EXT2_MF_BUSY
  
https://sources.debian.org/src/e2fsprogs/1.44.5-1/lib/ext2fs/ismounted.c/?hl=415#L410
where i see 

int fd = open(device, O_RDONLY | O_EXCL);

if (fd >= 0)
close(fd);
else if (errno == EBUSY)
*mount_flags |= EXT2_MF_BUSY;

O_EXCL has a special meaning with Linux device files. It works as advisory
locking with this file type only. In the context of mounting, a failure
with O_EXCL and success without that flag instructs the mounter to mount
read-only. In the context of CD burning, it tells an interested drive
groping program (except mount(8)) to leave the drive alone. Even cdrecord
joined that party.


So one should hop back to the sub-thread where open file pointers to
/dev/sdb1 were the main suspects.

fcntl(2) would be able to inquire the O_EXCL flag by command F_GETFL,
but it needs the file descriptor which is an integer number in the context
of the using process. Dunno whether it is possible to inquire this from
another process.


Have a nice day :)

Thomas

Yubikey and LUKS on testing (Buster)

[gpdsbe]

Hi! :)
Im trying to use yubikey with disk encryption.

Im running Buster and my partitions are

$ lsblk 
NAMEMAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
nvme0n1 259:00 238.5G  0 disk  
├─nvme0n1p1 259:10   512M  0 part  /boot/efi
├─nvme0n1p2 259:20   244M  0 part  /boot
└─nvme0n1p3 259:30 237.8G  0 part  
  └─nvme0n1p3_crypt 254:00 237.8G  0 crypt 
├─Laptop--vg-root   254:10   230G  0 lvm   /
└─Laptop--vg-swap_1 254:20   7.7G  0 lvm   [SWAP]


I insert yubikey with an empty slot on 2 and i execute the following commands 

$ sudo ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible

then

$ sudo yubikey-luks-enroll -d /dev/nvme0n1p3 -s 7

Then i reboot my computer and when it asks for a password to unlock my disk 
encryption I insert my yubikey.
It doesn't accept the password that i programmed to use with yubikey. 

Instead it accepts the password i use without the yubikey! The prompt to enter 
my password doesn't mention yubikey.

Any ideas?

Thanks in advance for your help!

PS.I have 2 yubikeys. I'm having the same problem with both of them.

Re: Can't scan new disk

[Mark Allums]

On 2/20/19 3:20 AM, Alexander V. Makartsev wrote:

On 20.02.2019 11:16, Mark Allums wrote:

On 2/17/19 10:59 PM, Alexander V. Makartsev wrote:

On 17.02.2019 1:21, Mark Allums wrote:

On 2/16/19 2:41 AM, Curt wrote:

On 2019-02-15, Mark Allums  wrote:
I just bought a new backup disk, and I want to check it. It's 
mounted in

a USB dock.

Running the following gives an error:

root@martha:~# umount /dev/sdb1
root@martha:~# e2fsck -c -c -C 0 -f -F -k -p /dev/sdb1
/dev/sdb1 is in use.
e2fsck: Cannot continue, aborting.

What's causing this and how do I fix it?  It's not MATE; I tried
rebooting to rescue mode, but that didn't help.

Mark


People sometimes recommend 'fuser' in cases like these in order to
identify processes that might be accessing the drive.

I mean, the message says '/dev/sdb1 is in use.' Perhaps it is indeed.

  fuser -v -m /dev/sdb1

Worth a try, maybe, as no one else seems to have suggested it.


root@martha:~# fuser -v -m /dev/sdb1
root@martha:~#

No results.  Thanks.

Mark

Maybe something simple like "lsof" command can shed some light on 
this problem?

 $ sudo lsof /dev/sdb
 $ sudo lsof /dev/sdb1


root@martha:~# lsof /dev/sdb
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system 
/run/user/1001/gvfs

  Output information may be incomplete.
root@martha:~# lsof /dev/sdb1
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system 
/run/user/1001/gvfs

  Output information may be incomplete.
root@martha:~#

There you have it. "lsof" command should not output anything if examined 
object is not in use.
I assume that "/dev/sdb1" gets auto-mounted by gvfsd [1] for user with 
UID 1001.
AFAIK GIO and company implements different mounting scheme without 
involving traditional kernel mounting and allow to restrict mounted 
devices only for user who mounted them.

So even root user can't access them if they are mounted by other user.
Try to use gio [2] utility to check status and unmount "/dev/sdb1" device.

[1] man gvfsd
[2] man gio



The disk is not mounted.

Re: Can't scan new disk

[Mark Allums]

On 2/20/19 3:19 AM, Curt wrote:

On 2019-02-20, Mark Allums  wrote:



Maybe something simple like "lsof" command can shed some light on this
problem?
      $ sudo lsof /dev/sdb
      $ sudo lsof /dev/sdb1


root@martha:~# lsof /dev/sdb
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1001/gvfs
Output information may be incomplete.
root@martha:~# lsof /dev/sdb1
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1001/gvfs
Output information may be incomplete.
root@martha:~#



From what I'm reading you'll have to be martha for this and not root

(*une fois n'est pas coutume*), if martha mounted.


martha is the name of the server.



From man mount.fuse:


  SECURITY
The fusermount program is installed set-user-gid to fuse. This is done to
allow users from  fuse group to mount their own filesystem implementations.
There must however be some limitations, in order to prevent Bad User from 
doing
nasty things.  Currently those limitations are:

1. The user can only mount on a mountpoint, for which it has write 
permission

2. The mountpoint is not a sticky directory which isn't owned by the 
user (like /tmp usually
   is)

3. No other user (including root) can access the contents of the 
mounted filesystem.




The disk is not mounted.

Re: Can't scan new disk

[Alexander V. Makartsev]

On 20.02.2019 11:16, Mark Allums wrote:
> On 2/17/19 10:59 PM, Alexander V. Makartsev wrote:
>> On 17.02.2019 1:21, Mark Allums wrote:
>>> On 2/16/19 2:41 AM, Curt wrote:
 On 2019-02-15, Mark Allums  wrote:
> I just bought a new backup disk, and I want to check it. It's
> mounted in
> a USB dock.
>
> Running the following gives an error:
>
> root@martha:~# umount /dev/sdb1
> root@martha:~# e2fsck -c -c -C 0 -f -F -k -p /dev/sdb1
> /dev/sdb1 is in use.
> e2fsck: Cannot continue, aborting.
>
> What's causing this and how do I fix it?  It's not MATE; I tried
> rebooting to rescue mode, but that didn't help.
>
> Mark

 People sometimes recommend 'fuser' in cases like these in order to
 identify processes that might be accessing the drive.

 I mean, the message says '/dev/sdb1 is in use.' Perhaps it is indeed.

   fuser -v -m /dev/sdb1

 Worth a try, maybe, as no one else seems to have suggested it.
>>>
>>> root@martha:~# fuser -v -m /dev/sdb1
>>> root@martha:~#
>>>
>>> No results.  Thanks.
>>>
>>> Mark
>>>
>> Maybe something simple like "lsof" command can shed some light on
>> this problem?
>>  $ sudo lsof /dev/sdb
>>  $ sudo lsof /dev/sdb1
>
> root@martha:~# lsof /dev/sdb
> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system
> /run/user/1001/gvfs
>   Output information may be incomplete.
> root@martha:~# lsof /dev/sdb1
> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system
> /run/user/1001/gvfs
>   Output information may be incomplete.
> root@martha:~#
>
There you have it. "lsof" command should not output anything if examined
object is not in use.
I assume that "/dev/sdb1" gets auto-mounted by gvfsd [1] for user with
UID 1001.
AFAIK GIO and company implements different mounting scheme without
involving traditional kernel mounting and allow to restrict mounted
devices only for user who mounted them.
So even root user can't access them if they are mounted by other user.
Try to use gio [2] utility to check status and unmount "/dev/sdb1" device.

[1] man gvfsd
[2] man gio

-- 
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄ 

Re: Can't scan new disk

[Curt]

On 2019-02-20, Mark Allums  wrote:
>>>
>> Maybe something simple like "lsof" command can shed some light on this 
>> problem?
>>      $ sudo lsof /dev/sdb
>>      $ sudo lsof /dev/sdb1
>
> root@martha:~# lsof /dev/sdb
> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1001/gvfs
>Output information may be incomplete.
> root@martha:~# lsof /dev/sdb1
> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1001/gvfs
>Output information may be incomplete.
> root@martha:~#

>From what I'm reading you'll have to be martha for this and not root
(*une fois n'est pas coutume*), if martha mounted.

>From man mount.fuse:

 SECURITY
   The fusermount program is installed set-user-gid to fuse. This is done to
   allow users from  fuse group to mount their own filesystem implementations.
   There must however be some limitations, in order to prevent Bad User from 
doing
   nasty things.  Currently those limitations are:

   1. The user can only mount on a mountpoint, for which it has write 
permission

   2. The mountpoint is not a sticky directory which isn't owned by the 
user (like /tmp usually
  is)

   3. No other user (including root) can access the contents of the mounted 
filesystem.

Re: VPN con OpenVPN no conecta.

[Me]

On Tue, 19 Feb 2019 19:32:44 -0500, Roberto C. Sánchez wrote:

> On Wed, Feb 20, 2019 at 12:29:01AM -, Debian wrote:
>> Hola
>> 
>> Instale Stretch en un ordenador, y cree una VPN con OpenVPN, y funciono
>> correctamente. Luego pase el SO a Buster, y la VPN no funciona. Luego
>> edite un archivo, cambiando de LTSv1.3 a LTSv1 y ya funciona.
>> 
>> Mis preguntas son:
>> Es la version 1 segura?
>> Como hacer que funcione con LTSv1.2 que trae la distro?
>> Es problema del sistema o del servidor?
>> 
>> Gracias por su atencion.
>> 
> ¿Cual lado es buster?  ¿El cliente o el servidor?  Mejor, ¿cuales
> sistemas operativos están en cada lado de le conexión?
> 
> Saludos,
> 
> -Roberto

Gracias por responder esto es del servidor:

SSL-Session:
Protocol  : TLSv1.2
Cipher: 
Session-ID: 
Session-ID-ctx: 
Master-Key: 
Key-Arg   : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1550653184
Timeout   : 300 (sec)
Verify return code: 0 (ok)

Como confirmar que version estoy usando en mi ordenador, por favor?

Re: Bug with soft raid?

[steve]

Hello Andy,

Thank you very much for your lengthy and very informative answer.

After some investigation, I discovered that it was /dev/sdc that had
some problems. So I took it out of the Rais 1 array. But this didn't
really help since I got other freeze.

grep "120 seconds" kern.log
Feb 18 16:16:38 box kernel: [30209.474017] INFO: task md1_raid1:467 blocked for 
more than 120 seconds.
Feb 18 16:16:38 box kernel: [30209.474151] INFO: task md0_raid1:470 blocked for 
more than 120 seconds.
Feb 18 16:16:38 box kernel: [30209.474250] INFO: task jbd2/md0-8:982 blocked 
for more than 120 seconds.
Feb 18 16:16:38 box kernel: [30209.474447] INFO: task jbd2/md1-8:988 blocked 
for more than 120 seconds.
Feb 18 16:16:38 box kernel: [30209.474721] INFO: task configmgrWriter:26206 
blocked for more than 120 seconds.
Feb 18 16:16:38 box kernel: [30209.474944] INFO: task kworker/u56:1:25006 
blocked for more than 120 seconds.
Feb 18 16:16:38 box kernel: [30209.475150] INFO: task kworker/u56:2:26207 
blocked for more than 120 seconds.
Feb 18 16:18:39 box kernel: [30330.307956] INFO: task md1_raid1:467 blocked for 
more than 120 seconds.
Feb 18 16:18:39 box kernel: [30330.308088] INFO: task md0_raid1:470 blocked for 
more than 120 seconds.
Feb 18 16:18:39 box kernel: [30330.308188] INFO: task jbd2/md0-8:982 blocked 
for more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.751926] INFO: task md0_raid1:412 blocked for 
more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.752059] INFO: task md1_raid1:416 blocked for 
more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.752158] INFO: task jbd2/md1-8:988 blocked 
for more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.752348] INFO: task jbd2/md0-8:993 blocked 
for more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.752513] INFO: task uptimed:1174 blocked for 
more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.752743] INFO: task fetchmail:3121 blocked 
for more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.752990] INFO: task offlineimap:4247 blocked 
for more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.753195] INFO: task kworker/u56:0:10116 
blocked for more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.753390] INFO: task kworker/u56:2:11869 
blocked for more than 120 seconds.
Feb 19 11:05:22 box kernel: [ 8338.585502] INFO: task md0_raid1:412 blocked for 
more than 120 seconds.


On Fri, Feb 15, 2019 at 09:35:27AM +0100, steve wrote:

>for i in /dev/sd{b..f}; do echo "DISK: ${i}"; smartctl -l scterc "${i}"; sleep 
3; done

I get this for sdb and sdc

SCT Error Recovery Control:
  Read: Disabled
 Write: Disabled

and this for sdf

SCT Error Recovery Control:
  Read: 70 (7.0 seconds)
 Write: 70 (7.0 seconds)

What does it tell me ?


It means that sd[bc] may support SCTERC but it's disabled (promising),
and sdf does support it and it's set to 7 seconds (good).

For disks in Linux software RAID, SCTERC with a low timeout is
essential. If it's not possible then the block layer timeout for the
device should be increased.

You should try to set SCTERC for sd[bc] like so:

# for dev in /dev/sd[cd]; do smartctl -l scterc,70,70 "$dev"; done


I tried this:

smartctl -l scterc,70,70 /dev/sdb
smartctl 6.6 2016-05-31 r4324 [x86_64-linux-4.19.0-0.bpo.1-amd64] (local build)
Copyright (C) 2002-16, Bruce Allen, Christian Franke, www.smartmontools.org

SCT Error Recovery Control set to:
  Read: 70 (7.0 seconds)
 Write: 70 (7.0 seconds)

But then

smartctl -l scterc /dev/sdb
smartctl 6.6 2016-05-31 r4324 [x86_64-linux-4.19.0-0.bpo.1-amd64] (local build)
Copyright (C) 2002-16, Bruce Allen, Christian Franke, www.smartmontools.org

Unexpected SCT status 0x0046 (action_code=3, function_code=2)
SCT (Get) Error Recovery Control command failed


Which is weird…



If that works then great - all your drives support SCTERC and have low
timeouts.

If setting it to 70 (centiseconds, so 7 seconds) doesn't work then you
will need to increase the block layer timeout like this:


cat /sys/block/sdb/device/timeout 
30



echo 180 > /sys/block/sdb/device/timeout

Let's see if it helps.


I am here in a field that I don't master at all, so just following your advices.


Will let you know.

Thank you

Best,
Steve