Re: Bullseye - TacacsPlus - Configure ?

[Maurizio Caloro]

On 13/02/2022 23:14, Linux-Fan wrote:


See https://metacpan.org/pod/Authen::TacacsPlus.

The package is a Perl module. I.e. it is useful inside Perl scripts. 
If you do not want to create or use a perl script with that module, it 
seems unlikely that you would benefit from the package at all?


HTH
Linux-Fan

öö


thanks for your answer, installing now and compiled
    "tacacs+_4.0.4.27a.orig.tar.gz"
Hope this will be handling and supported little simpler,
but this fail about missing LIBSKEY support, please in
which packet i will found this LIBSKEY support?

apt search libskey will find alot possibilitis.

thanks
Mauri

Re: 5.15 kernel just won't do on Intel Rocket Lake...

[Felix Miata]

Felix Miata composed on 2022-02-13 23:53 (UTC-0500):

> David Wright composed on 2022-02-10 09:27 (UTC-0600):
 
>> On Thu 10 Feb 2022 at 03:39:26 (-0500), Felix Miata wrote:
 
>>> ...if you have a bad BIOS, and wish to boot with more than one connected 
>>> display.
>>> https://gitlab.freedesktop.org/drm/intel/-/issues/4762 explains the issue, 
>>> which
>>> has just been announced fixed. But, it appears the fix may only be landing 
>>> in
>>> kernel 5.17rc3.
...
> # aptitude search linux-image
...
> p   linux-image-5.17.0-rc3-amd64-unsigned - Linux 5.17-rc3 for 64-bit PCs

Installing this one didn't help:
# uname -a
Linux ab560 5.17.0-rc3-amd64 #1 SMP PREEMPT Debian 5.17~rc3-1~exp1 (2022-02-11)

What search will return enough information to know when this has been replaced
with a newer rc3 build or rc4 or newer, like the following does:?
# zypper se -s nel-def | egrep -v 'devel|debug|base|src|586'
Loading repository data...
Reading installed packages...

S  | Name   | Type   | Version  | Arch   | Repository
---+++--++---
il | kernel-default | package| 5.16.7-1.1.g0503f69  | x86_64 | (System 
Packages)
il | kernel-default | package| 5.16.3-4.1.gc7377e3  | x86_64 | (System 
Packages)
vl | kernel-default | package| 5.16.9-4.1.g704dc30  | x86_64 | 
homeTiwaiSimpledrm
vl | kernel-default | package| 5.16.8-1.1   | x86_64 | OSS
# inxi -S
System:
  Host: ab560 Kernel: 5.16.7-1.g0503f69-default x86_64 bits: 64
Console: pty pts/0 Distro: openSUSE Tumbleweed 20220130
#
The homeTiwaiSimpledrm 5.16.7 kernel includes the fix for the thread subject
problem.

The apt*/dpkg system generally seems rather resistant to showing uninstalled
package versions, except for the aptitude "extension".
-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: Captive Portal Alternatives (Was: Re: miracle of Firefox in the hotel)

[tomas]

On Sun, Feb 13, 2022 at 08:47:54PM +, Brian wrote:

[...]

> Interesting.
> 
> Captive portals provide free connectivity. What's the problem?

No. They provide captive connectivity. Did you look at the example
I provided? *This* is free connectivity. Open WLAN, DHCP, done.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: 5.15 kernel just won't do on Intel Rocket Lake...

[Felix Miata]

David Wright composed on 2022-02-10 09:27 (UTC-0600):

> On Thu 10 Feb 2022 at 03:39:26 (-0500), Felix Miata wrote:

>> ...if you have a bad BIOS, and wish to boot with more than one connected 
>> display.
>> https://gitlab.freedesktop.org/drm/intel/-/issues/4762 explains the issue, 
>> which
>> has just been announced fixed. But, it appears the fix may only be landing in
>> kernel 5.17rc3.

>> I tried to get the latest available kernel that is packaged by Debian people 
>> by
>> reading on

>>  https://wiki.debian.org/HowToUpgradeKernel
>>  https://wiki.debian.org/DebianExperimental

>> I put

>>  Package: linux-image

> Don't you need to glob this?

>   Package: linux-image*

It added 5.17rc kernels, but no 5.16, except the one I installed:
# aptitude search linux-image
c   linux-image-5.10.0-9-amd64-
c   linux-image-5.14.0-0.bpo.2-am -
i A linux-image-5.15.0-2-amd64- Linux 5.15 for 64-bit PCs (signed)
i A linux-image-5.15.0-3-amd64- Linux 5.15 for 64-bit PCs (signed)
p   linux-image-5.15.0-3-amd64-db - Debug symbols for linux-image-5.15.0-3-
p   linux-image-5.15.0-3-amd64-un - Linux 5.15 for 64-bit PCs
p   linux-image-5.15.0-3-cloud-am - Linux 5.15 for x86-64 cloud (signed)
p   linux-image-5.15.0-3-cloud-am - Debug symbols for linux-image-5.15.0-3-
p   linux-image-5.15.0-3-cloud-am - Linux 5.15 for x86-64 cloud
p   linux-image-5.15.0-3-rt-amd64 - Linux 5.15 for 64-bit PCs, PREEMPT_RT (
p   linux-image-5.15.0-3-rt-amd64 - Debug symbols for linux-image-5.15.0-3-
p   linux-image-5.15.0-3-rt-amd64 - Linux 5.15 for 64-bit PCs, PREEMPT_RT
i   linux-image-5.16.0-trunk-amd6 - Linux 5.16 for 64-bit PCs
p   linux-image-5.17.0-rc3-amd64- - Debug symbols for linux-image-5.17.0-rc
p   linux-image-5.17.0-rc3-amd64- - Linux 5.17-rc3 for 64-bit PCs
p   linux-image-5.17.0-rc3-cloud- - Debug symbols for linux-image-5.17.0-rc
p   linux-image-5.17.0-rc3-cloud- - Linux 5.17-rc3 for x86-64 cloud
p   linux-image-5.17.0-rc3-rt-amd - Debug symbols for linux-image-5.17.0-rc
p   linux-image-5.17.0-rc3-rt-amd - Linux 5.17-rc3 for 64-bit PCs, PREEMPT_
i   linux-image-amd64 - Linux for 64-bit PCs (meta-package)
p   linux-image-amd64-dbg - Debugging symbols for Linux amd64 confi
p   linux-image-amd64-signed-temp - Template for signed linux-image package
p   linux-image-cloud-amd64   - Linux for x86-64 cloud (meta-package)
p   linux-image-cloud-amd64-dbg   - Debugging symbols for Linux cloud-amd64
v   linux-image-generic   -
p   linux-image-rt-amd64  - Linux for 64-bit PCs (meta-package)
p   linux-image-rt-amd64-dbg  - Debugging symbols for Linux rt-amd64 co

>>  Pin: release a=experimental
>>  Pin-Priority: 800

>> in /etc/apt/preferences.d/linux-kernel

>> and

>>  deb http://deb.debian.org/debian experimental main

>> in /etc/apt/sources.list, but apt-cache and aptitude don't seem to know that

>> 

>> exists.

>> (# aptitude search linux-image
>> c   linux-image-5.10.0-9-amd64 -
>> c   linux-image-5.14.0-0.bpo.2-amd -
>> i A linux-image-5.15.0-2-amd64 - Linux 5.15 for 64-bit PCs (signed)
>> i A linux-image-5.15.0-3-amd64 - Linux 5.15 for 64-bit PCs (signed)
>> p   linux-image-5.15.0-3-amd64-dbg - Debug symbols for linux-image-5.15.0-3-
>> p   linux-image-5.15.0-3-amd64-uns - Linux 5.15 for 64-bit PCs
>> p   linux-image-5.15.0-3-cloud-amd - Linux 5.15 for x86-64 cloud (signed)
>> p   linux-image-5.15.0-3-cloud-amd - Debug symbols for linux-image-5.15.0-3-
>> p   linux-image-5.15.0-3-cloud-amd - Linux 5.15 for x86-64 cloud
>> p   linux-image-5.15.0-3-rt-amd64  - Linux 5.15 for 64-bit PCs, PREEMPT_RT (
>> p   linux-image-5.15.0-3-rt-amd64- - Debug symbols for linux-image-5.15.0-3-
>> p   linux-image-5.15.0-3-rt-amd64- - Linux 5.15 for 64-bit PCs, PREEMPT_RT
>> i   linux-image-amd64  - Linux for 64-bit PCs (meta-package)
>> p   linux-image-amd64-dbg  - Debugging symbols for Linux amd64 confi
>> p   linux-image-amd64-signed-templ - Template for signed linux-image package
>> p   linux-image-cloud-amd64- Linux for x86-64 cloud (meta-package)
>> p   linux-image-cloud-amd64-dbg- Debugging symbols for Linux cloud-amd64
>> v   linux-image-generic-
>> p   linux-image-rt-amd64   - Linux for 64-bit PCs (meta-package)
>> p   linux-image-rt-amd64-dbg   - Debugging symbols for Linux rt-amd64 co)
>> 
>> which is what I found and installed using dpkg -i, resulting in this 
>> addition to
>> the search list:
>> i   linux-image-5.16.0-trunk-amd64 - Linux 5.16 for 64-bit PCs
>> 
>> # inxi -S
>> System:
>>   Host: ab560 Kernel: 5.16.0-trunk-amd64 x86_64 bits: 64 Console: pty pts/0
>> Distro: Debian GNU/Linux bookworm/sid
>> #
>> 
>> What have I missed that prevents finding a recent kernel using package 
>> management
>> instead of relying on a web browser and wget?
-- 
Evolution as taught 

Re: Bulseye - TacacsPlus - Configure ?

[Geoff]

Maurizio Caloro wrote:


Found and install this package, TacacsPlus on Bullseye. Please asking for short 
adivce to configure this.

root@HPT610:# apt search tacacs
*libauthen-tacacsplus-perl*/stable,now 0.28-1+b1 amd64 [*installed*]
   Perl module for authentication using TACACS+ server

thanks
Mauri



I always use apt-cache as it also searches on description:

$ apt-cache search tacacs
libauthen-tacacsplus-perl - Perl module for authentication using TACACS+ server
libpam-tacplus - PAM module for using TACACS+ as an authentication service

Re: miracle of Firefox in the hotel.

[Jeremy Ardley]

On 14/2/22 9:21 am, Felmon Davis wrote:

On Sat, 12 Feb 2022, Dan Ritter wrote:


The portal works by intercepting any web page request at all and
answering with its own sign-up page.

So, go to a page which you know will be served via plain HTTP.

If you can't think of one, try http://www.plainwebsite.com



(c) go to a simple ´http:´ webpage, not ´https:´; some suggestions were:
http://www.plainwebsite.com/
http://neverssl.com/




http://www.plainwebsite.com/ is now https

http://neverssl.com/is as advertised.



--
Jeremy



OpenPGP_signature
Description: OpenPGP digital signature

Re: Memory leak

[piorunz]

On 12/02/2022 12:43, Curt wrote:

On 2022-02-12, piorunz  wrote:

On 11/02/2022 22:16, Roy J. Tellason, Sr. wrote:

Somewhere in their help or documentation they even say that you shouldn't leave 
it running for extended periods of time.


Never heard such a thing. Do you have source?




See my other post in this thread.


Yes, see that, thanks.

--
With kindest regards, Piotr.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄

Re: miracle of Firefox in the hotel.

[Felmon Davis]

On Sat, 12 Feb 2022, Dan Ritter wrote:


The portal works by intercepting any web page request at all and
answering with its own sign-up page.

So, go to a page which you know will be served via plain HTTP.

If you can't think of one, try http://www.plainwebsite.com


So, in sum, there are at least the following methods for getting 
through to a hotel portal via the browser of one´s choice; the trick 
is to get the network gateway address.


The ways include:

(a) at the command line do ´ip --oneline route get 1.1.1.1´

(b) the above is a variant on the solution described at 
 which directs you to use the 
following URL in your browser:


xdg-open http://$(ip --oneline route get 1.1.1.1 | awk '{print $3}'

(c) go to a simple ´http:´ webpage, not ´https:´; some suggestions 
were:

http://www.plainwebsite.com/
http://neverssl.com/

I have only tried (a) and it worked fine. I am well armed for the next 
time I have the pleasure of a hotel.


thanks to all contributors.

f.


--
Felmon Davis

Verbum sat sapienti.

Re: Memory leak

[rhkramer]

On Sunday, February 13, 2022 02:58:46 PM Roy J. Tellason, Sr. wrote:
> On Saturday 12 February 2022 09:21:00 am rhkra...@gmail.com wrote:
> > The version of Firefox used in Jessie (and presumably later versions)
> > creates (typically mutlitple) files named "Web Content".  I don't know
> > how Firefox decides what to put in each of those (e.g., content from how
> > many tabs), but ...
> > 
> > I keep top running in a VT and check it every once in a while, and when
> > too much memory is used, I kill one or more of those files, usually the
> > largest first.
> > 
> > My tabs remain as tabs (with the associated URL), but the content is
> > gone, but I can get it back by reloading the tab.
> 
> Interesting!  I see a few of files named "web" in the process table, 
> probably a slight version difference there. I'll have to keep that in mind
> next time things reach that point.  Right now each one is using 2-3% of
> CPU and a nontrivial amount of space.

Just to make sure you spotted it, I mistakenly mentioned files but they are 
actually processes (as tomas pointed out).  Still, I think you have the 
idea...n

Re: dual booting, was Re: Stupid question

[David]

On Mon, 14 Feb 2022 at 05:27, Andrei POPESCU  wrote:
> On Du, 13 feb 22, 11:01:48, David Wright wrote:

TLDR:
On the topic of grub automatic configuration
1) suggestions how to avoid it
2) why I prefer to do that

Disclaimer: contains generalisations and lacks full justifications of
points made. This is just a brain dump of some thoughts that some
people might find useful alternative options. I don't have time to
polish it into a nice piece of considered writing. If you disagree
with something, that's fine. I'm just offering an alternative
perspective, not trying to change your mind :)

> > Typically, one would have a primary, "master" linux system which would
> > be used to write an MBR pointing to itself. The other, legacy system
> > would have its grub.cfg kept up-to-date, but would never touch the
> > MBR by running grub-install.

> Another option (at least with MBR, didn't try this with GPT) is to tell
> the Installer to install GRUB in the partition instead of the MBR, and
> then manually install another GRUB instance to the MBR with a
> handcrafted config that is chain-loading the GRUBs in the partitions.

And yet another option for avoiding bootloader conflicts in multiboot
setups (at least with MBR, didn't try this with GPT) is to avoid
installing the os-prober and/or grub-update machinery on all but one
of the linux installs. This can be done (in the installer expert mode,
and maybe the others) by skipping the "install grub" step and choosing
"install without a boot loader". It's provided for a good reason :)

The installed OS will run fine without grub, provided that you ensure
that there is a bootloader somewhere else that can start it. That's
your job now! After booting, if you want to you can even install a
constrained version of grub that lacks the grub-update machinery, by
installing the package 'grub-pc-bin' instead of 'grub-pc'.

It too is provided for a good reason :)
As the maintainer says:

$ apt show grub-pc-bin
  [...]
It can be installed in parallel with other flavours, but will not
automatically install GRUB as the active boot loader nor automatically
update grub.cfg on upgrade unless grub-pc is also installed.
$

When grub2 first was released I avoided it for years! I do not like
the automation that generates the grub.cfg file so full of
human-unfriendly content, compared to grub version 1.

The automation is fine if it works and gives results you like, so you
can ignore it. It is a heroic programming effort and I'm sure it
handles all sorts of situations that I've never considered.

However I was/am multibooting various OS, and I didn't like
to watch helplessly while os-prober made all kinds of inappropriate
decisions on my systems and update-grub mangled my boot menus.

The idea of automation is worthy, but it seems to me with grub2 that
years later one downside is that we have moved to a situation of
learned helplessness. Now we have people in the situation like Hans,
where we have to explain the grub automation as if it is the only
possible way to do things.

And no-one dares to touch their grub.cfg anymore because it's
overwheming. Even though most of that overwhelming content is very
much not necessary, it is a primary deterrent causing people to avoid
configuring the bootloader menu themselves. People ask about how to
tinker with the tiny bit of configuration that grub exposes [1], and we
don't dare to recommend that they throw it all away because we've all
become reliant on the automation. And explaining the alternative is
too hard.

And if that automation breaks for some reason, like Stella had a while
back, then in general everyone is helpless because it's too hard to
give instruction on how to write their own grub.cfg and recover. I
suppose I could write something for the wiki but I'm too lazy or too
busy, and therefore part of the problem.

Plus multiboot is quite unfashionable, other people like to advocate
more modern methods with VM and such. I prefer not to become reliant
on infrastructure that I can avoid (I do use VM for throwaway tasks).
And these days I'm not multibooting disk partitions, I'm multibooting
logical volumes inside one huge LUKS container that I only need to
create once and provide one password for at boot. I like having
all my multiboot filesystems easily mountable from everywhere,
it helps me manage them collectively with scripts.

Eventually I dug a little bit deeper with grub2. I experimented by writing
my own simple grub.cfg. When that worked, the next step was to learn
ways to prevent that effort being blown away by the automation at
every update, as described above. Thee are other ways to do this too [2].

I persevered and I eventually learned to love grub2. It has some
amazing features. Once you can get it to stop imposing its default
behaviour on you, it's a powerful ally.

For instance, it contains a full scripting language [3]. The authors
wanted a control language, so they built a shell-like parser into it.

Do you know that you can 

Re: Bulseye - TacacsPlus - Configure ?

[Linux-Fan]

Maurizio Caloro writes:

Found and install this package, TacacsPlus on Bullseye. Please asking for  
short adivce to configure this.


root@HPT610:# apt search tacacs
libauthen-tacacsplus-perl/stable,now 0.28-1+b1 amd64 [installed]
  Perl module for authentication using TACACS+ server


See https://metacpan.org/pod/Authen::TacacsPlus.

The package is a Perl module. I.e. it is useful inside Perl scripts. If you  
do not want to create or use a perl script with that module, it seems  
unlikely that you would benefit from the package at all?


HTH
Linux-Fan

öö


pgpfodrMpgRO5.pgp
Description: PGP signature

Re: Captive Portal Alternatives (Was: Re: miracle of Firefox in the hotel)

[Linux-Fan]

Cindy Sue Causey writes:


On 2/13/22, Brian  wrote:
> On Sun 13 Feb 2022 at 16:02:53 +0100, to...@tuxteam.de wrote:
>> > > On Sat 12 Feb 2022 at 21:07:10 +0100, to...@tuxteam.de wrote:


[...]


>> > > > [1] Had I a say in it, I'd reserve a very special place in Hell
>> > > >for those.


[...]


> Interesting.
>
> Captive portals provide free connectivity. What's the problem?

I almost responded to this thread yesterday to say, "Shudder!"

My thought process was that it seems like it might be pretty easy for
perps hovering out in a parking lot or maybe a nearby building to
create a fake captive portal that resembles what users would be
expecting to see from the, yes, FREE Internet provider.

That would only be possible if this is working like I'm imagining is
being described here. That imagination involves a webpage such as what
I once encountered popping up unexpectedly while trying to access WIFI
through a local grocery store a few years ago.


[...]

Yes, it works pretty much as you describe with exactly the problematic  
aspects (see my other post and the RFC linked before).


It is not _that_ bad for security because of two key points:

- Captive portals cannot bypass protection by TLS certificates.
  Users will instead be unable to access the respective pages and either
  get a certificate error or no useful error message at all.

- In case of unencrypted/unprotected traffic, adversaries can
  manipulate that even _without_ captive portals if they setup their
  own (malicious) “free” WiFi service.

HTH
Linux-Fan

öö


pgpm03BfoCPio.pgp
Description: PGP signature

Re: Captive Portal Alternatives (Was: Re: miracle of Firefox in the hotel)

[Linux-Fan]

Brian writes:


On Sun 13 Feb 2022 at 16:02:53 +0100, to...@tuxteam.de wrote:
> On Sun, Feb 13, 2022 at 02:41:31PM +0100, Linux-Fan wrote:
> > Brian writes:


[...]

> > > Could the process to replace them on, say, public transport be  
> > > outlined?


[...]


> > * RFC8910 - Captive-Portal Identification in DHCP and Router
> >   Advertisements (RAs). I never never heard of it before searching
> >   for “Alternatives to captive portals wifi” online :)
>
> * Joining a local initiative providing free connectivity (and, of
>   course, lobbying your local policy makers that this be legal;
>   the very idea of providing free stuff tends to be suspect).
>
> Freifunk [...] is one successful example.

Interesting.

Captive portals provide free connectivity. What's the problem?


[...]

I do not use Wifi with captive portals very often so I have only experienced  
a limited subset of problems, but I can think of at least the following  
issues:


- Security: Intercepting requests to arbitrary pages and replying with
  some other content is quite similar to a MITM adversary. Hence,
  users following the recommended “prefer HTTPS” usage will get
  certificate errors instead.
  The RFC explains this much better than I could do under section
  “5. Security Considerations”.

  Also, I think the OP's problem is caused exactly by this.

  For captive portals to work in a HTTPS-preferring browser quirks
  like those implemented by Firefox are needed i.e. try to detect
  the Internet connectivity by connecting to the vendor's URL...
  not good for privacy and only a heursitics.

- Browser requirements: Captive portals often require a JS-capable
  browser to accept their terms etc. This is probably acceptable for
  Notebooks and “Smartphones”, but any other type of device will often
  be unable to access a captive-portal-protected Wifi. I have not tested
  it but I would imagine that it be tough to join such a network for the
  purpose of playing with a handheld console (e.g. Nintendo 2DS or such)
  on a train given that the device's webbrowser is very limited.

- Acutally, not all captive portals provide ”free” connectivity. At least
  not in the freedom sense. IIRC in Italy, they request your tax number
  before allowing you to use the Wifi on the trains? You pay with your
  data... According to [1] I seem to misremember this: They want your
  phone number or credit card number instead. It seems that on some lines
  they have eliminated this need for registration (not sure if that means
  there is no longer any captive portal at all).

It might only be anecdotical but here is another counter-intuitive problem  
caused by captive portals [2].


[1] 
https://www.trenitalia.com/it/offerte_e_servizi/portale-frecce/come-accedere-al-portale-frecce.html
[2] 
https://ttboj.wordpress.com/2014/11/27/captive-web-portals-are-considered-harmful/

HTH and YMMV
Linux-Fan

öö


pgpOD2dzeuOMS.pgp
Description: PGP signature

Bulseye - TacacsPlus - Configure ?

[Maurizio Caloro]

Found and install this package, TacacsPlus on Bullseye. Please asking 
for short adivce to configure this.


root@HPT610:# apt search tacacs
*libauthen-tacacsplus-perl*/stable,now 0.28-1+b1 amd64 [*installed*]
  Perl module for authentication using TACACS+ server

thanks
Mauri

Re: Captive Portal Alternatives (Was: Re: miracle of Firefox in the hotel)

[Cindy Sue Causey]

On 2/13/22, Brian  wrote:
> On Sun 13 Feb 2022 at 16:02:53 +0100, to...@tuxteam.de wrote:
>
>> On Sun, Feb 13, 2022 at 02:41:31PM +0100, Linux-Fan wrote:
>> > Brian writes:
>> >
>> > > On Sat 12 Feb 2022 at 21:07:10 +0100, to...@tuxteam.de wrote:
>> >
>> > [...]
>> >
>> > > > This is Firefox's captive portal [1] detection [2].
>> > > >
>> > > > Cheers
>> > > >
>> > > > [1] Had I a say in it, I'd reserve a very special place in Hell
>> > > >for those.
>> > >
>> > > Could the process to replace them on, say, public transport be
>> > > outlined?
>> >
>> > [...]
>> >
>> > It highly depends on your jurisdiction and other regulatory
>> > requirements
>> > thus I gather there is no comprehensive answer to this question.
>> >
>> > Alternatives could be any of the following:
>> >
>> > * Not using a captive portal at all i.e. having just a free WiFi
>> >   for everyone near enough to receive the radio signal.
>> >
>> > * Using WPA Enterprise (RADIUS) to have users login without any
>> >   website but directly as part of joining the network. This works
>> >   for very large networks, too. E.g. the `eduroam` common in some
>> >   universities can be accessed from any of the participating
>> >   universities' accounts by just entering their campus e-mail address
>> >   for login.
>> >
>> > * RFC8910 - Captive-Portal Identification in DHCP and Router
>> >   Advertisements (RAs). I never never heard of it before searching
>> >   for “Alternatives to captive portals wifi” online :)
>>
>> * Joining a local initiative providing free connectivity (and, of
>>   course, lobbying your local policy makers that this be legal;
>>   the very idea of providing free stuff tends to be suspect).
>>
>> Freifunk [1] is one successful example.
>
> Interesting.
>
> Captive portals provide free connectivity. What's the problem?


I almost responded to this thread yesterday to say, "Shudder!"

My thought process was that it seems like it might be pretty easy for
perps hovering out in a parking lot or maybe a nearby building to
create a fake captive portal that resembles what users would be
expecting to see from the, yes, FREE Internet provider.

That would only be possible if this is working like I'm imagining is
being described here. That imagination involves a webpage such as what
I once encountered popping up unexpectedly while trying to access WIFI
through a local grocery store a few years ago.

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA
* runs with birdseed *

Setting Thunderbird to be the default mailto?

[John Conover]

Which is the correct command used to set Thunderbird to be the default
mailto with a ~/.local/share/applications/Thunderbird.desktop file?

xdg-mime default Thunderbird.desktop x-scheme-handler/mailto

or:

xdg-settings set default-url-scheme-handler mailto Thunderbird.desktop

Thanks,

John

-- 

John Conover, cono...@panix.com, http://www.johncon.com/

Re: Captive Portal Alternatives (Was: Re: miracle of Firefox in the hotel)

[Brian]

On Sun 13 Feb 2022 at 16:02:53 +0100, to...@tuxteam.de wrote:

> On Sun, Feb 13, 2022 at 02:41:31PM +0100, Linux-Fan wrote:
> > Brian writes:
> > 
> > > On Sat 12 Feb 2022 at 21:07:10 +0100, to...@tuxteam.de wrote:
> > 
> > [...]
> > 
> > > > This is Firefox's captive portal [1] detection [2].
> > > >
> > > > Cheers
> > > >
> > > > [1] Had I a say in it, I'd reserve a very special place in Hell
> > > >for those.
> > > 
> > > Could the process to replace them on, say, public transport be outlined?
> > 
> > [...]
> > 
> > It highly depends on your jurisdiction and other regulatory requirements
> > thus I gather there is no comprehensive answer to this question.
> > 
> > Alternatives could be any of the following:
> > 
> > * Not using a captive portal at all i.e. having just a free WiFi
> >   for everyone near enough to receive the radio signal.
> > 
> > * Using WPA Enterprise (RADIUS) to have users login without any
> >   website but directly as part of joining the network. This works
> >   for very large networks, too. E.g. the `eduroam` common in some
> >   universities can be accessed from any of the participating
> >   universities' accounts by just entering their campus e-mail address
> >   for login.
> > 
> > * RFC8910 - Captive-Portal Identification in DHCP and Router
> >   Advertisements (RAs). I never never heard of it before searching
> >   for “Alternatives to captive portals wifi” online :)
> 
> * Joining a local initiative providing free connectivity (and, of
>   course, lobbying your local policy makers that this be legal;
>   the very idea of providing free stuff tends to be suspect).
> 
> Freifunk [1] is one successful example.

Interesting.

Captive portals provide free connectivity. What's the problem?

-- 
Brian.

Re : Re : Environnement de bureau léger pour personnes venant de Windows

[nicolas . patrois]

Le 13/02/2022 20:38:30, hamster a écrit :

> Et oui, mais voila bien le problème : la demande de benoit a l'origine
> c'était de pas trop dépayser quelqu'un qui viens de windows. Si ta 
> réponse c'est un truc a la mac, alors on a pas le meme sens du mot 
> "dépayser" ! C'est pour cette raison que j'ai répondu MATE plutot que 
> XFCE. C'est possible de faire ca avec XFCE mais il faut prendre un peu
> de temps pour le configurer d'une facon qui ressemble a windows.

Wabon.
Une barre d’outils en bas, un menu en bas à gauche, des bidules en bas à 
droite, même si ça ne reproduit pas pile poil la trombine à Windows, ça ne 
devrait pas trop le changer.

nicolas patrois : pts noir asocial
-- 
RÉALISME

M : Qu'est-ce qu'il nous faudrait pour qu'on nous considère comme des humains ? 
Un cerveau plus gros ?
P : Non... Une carte bleue suffirait...

Re: Memory leak

[Roy J. Tellason, Sr.]

On Saturday 12 February 2022 09:21:00 am rhkra...@gmail.com wrote:
> The version of Firefox used in Jessie (and presumably later versions) creates 
> (typically mutlitple) files named "Web Content".  I don't know how Firefox 
> decides what to put in each of those (e.g., content from how many tabs), but 
> ...
> 
> I keep top running in a VT and check it every once in a while, and when too 
> much memory is used, I kill one or more of those files, usually the largest 
> first.
> 
> My tabs remain as tabs (with the associated URL), but the content is gone, 
> but 
> I can get it back by reloading the tab.
 
Interesting!  I see a few of files named "web" in the process table,  probably 
a slight version difference there. I'll have to keep that in mind next time 
things reach that point.  Right now each one is using 2-3% of CPU and a 
nontrivial amount of space.


-- 
Member of the toughest, meanest, deadliest, most unrelenting -- and
ablest -- form of life in this section of space,  a critter that can
be killed but can't be tamed.  --Robert A. Heinlein, "The Puppet Masters"
-
Information is more dangerous than cannon to a society ruled by lies. --James 
M Dakin

Re: Installation on a Lenovo IdeaPad Yoga 13

[Charles Curley]

On Sat, 12 Feb 2022 22:29:05 +
"Andrew M.A. Cater"  wrote:

> On Sat, Feb 12, 2022 at 12:05:54PM -0700, Charles Curley wrote:
> > On Sat, 12 Feb 2022 14:42:27 +0100
> > Andrei POPESCU  wrote:
> >   
> > > On Vi, 11 feb 22, 15:24:55, Charles Curley wrote:  
> > > > 
> > > > 1) The graphics are terrible. Both graphical and text mode are
> > > > scrunched into the top third or so of the screen, with two
> > > > copies across the top. They are damn near unreadable.
> > > 
> > > That's likely because your graphic chip is not properly recognized
> > > and the OS is using some low resolution. That image is displayed
> > > by the hardware 1:1 on the physical pixels of the screen.  
> >   
> 
> I would not have done it this way, myself. As ever, other people,
> other requirements and ways of thinking.
> 
> Looking quickly, it looks as if the Yoga has 1600 x 900 so something
> might have got confused.
> 
> I'd have plugged in an external display and done it that way, expert
> text mode only and used the unofficial non-free firmware .iso.
> Definitely text mode only to start with. It's an Intel chipset, so
> Intel firmware likely needed.

I thought about that, but didn't want to steal a monitor from my
desktop.


> > 
> > Yes, there should be an option. It wasn't present when I booted to
> > UEFI. D-i went directly to a GUI menu, not the text mode to which I
> > am accustomed.
> >  
> 
> Hit advanced options and you get the option for text mode install /
> expert etc. It may occasionally come up initially as almost a box
> within a box in UEFI mode but that's normal. 

I did check the advanced options menu. Indeed, that is where one goes
to use expert text mode, which I prefer unless I have a preseed file.

It could be due to the wonky graphics, though.

As for the network issue, I have ordered a USB Ethernet adapter. I will
wait until that arrives (late February) before continuing. That is
probably something I should have in my kit anyway.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Re : Environnement de bureau léger pour personnes venant de Windows

[hamster]

Le 13/02/2022 à 20:05, Klaus Becker a écrit :



Am 13/02/2022 um 18:49 schrieb yamo':

Salut,
nicolas.patr...@gmail.com a tapoté le 13/02/2022 15:20:

XFCE ?


Oui, très bon compromis.
Je n'utilise plus que XFCE depuis que je connais cet environnement de
bureau.



Moi itou. Je l'utilise avec cairo-dock, ça donne un beau panneau de 
menus à la Mac.


Et oui, mais voila bien le problème : la demande de benoit a l'origine 
c'était de pas trop dépayser quelqu'un qui viens de windows. Si ta 
réponse c'est un truc a la mac, alors on a pas le meme sens du mot 
"dépayser" ! C'est pour cette raison que j'ai répondu MATE plutot que 
XFCE. C'est possible de faire ca avec XFCE mais il faut prendre un peu 
de temps pour le configurer d'une facon qui ressemble a windows.

Re: Re : Environnement de bureau léger pour personnes venant de Windows

[Klaus Becker]

Am 13/02/2022 um 18:49 schrieb yamo':

Salut,
nicolas.patr...@gmail.com a tapoté le 13/02/2022 15:20:

XFCE ?


Oui, très bon compromis.
Je n'utilise plus que XFCE depuis que je connais cet environnement de
bureau.



Moi itou. Je l'utilise avec cairo-dock, ça donne un beau panneau de 
menus à la Mac.


Il y a aussi qc de ce genre en plus simple et moins gourmand, mais j'ai 
oublié le nom.


Klaus

Re: dual booting, was Re: Stupid question

[Andrei POPESCU]

On Du, 13 feb 22, 11:01:48, David Wright wrote:
> 
> Typically, one would have a primary, "master" linux system which would
> be used to write an MBR pointing to itself. The other, legacy system
> would have its grub.cfg kept up-to-date, but would never touch the
> MBR by running grub-install.

Another option (at least with MBR, didn't try this with GPT) is to tell 
the Installer to install GRUB in the partition instead of the MBR, and 
then manually install another GRUB instance to the MBR with a 
handcrafted config that is chain-loading the GRUBs in the partitions.

This way each system's GRUB config is nicely following kernel upgrades 
automatically.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Re : Environnement de bureau léger pour personnes venant de Windows

[yamo']

Salut,
nicolas.patr...@gmail.com a tapoté le 13/02/2022 15:20:
> XFCE ?

Oui, très bon compromis.
Je n'utilise plus que XFCE depuis que je connais cet environnement de
bureau.

-- 
Stéphane

Re: dual booting, was Re: Stupid question

[Hans]

Hi David,
yes, that is what I thought, would be working. But sadly did not.

I expected, after using update-grub, that os-prober would detect both 
partitions with the menu.lst or grub.cfg inside and create two entries in the 
boot menu.

However, this did not work, only one (the last installation, which was kali), 
was seen.

Maybe I did something wrong! 

I had had Windows-7 and Debian on the hardddrive. Then I deleted the Windows-7 
partition (good choice, eh?) and installed kali on this partition. 

With installing grub during the installation process, I expected grub to see 
both, kali and debian. But, it only recognized kali.

So my idea was, to edit kali's grub.cfg manually, so that I got two entries, 
but did not succeed (becauuse I did not know, how exactly to do).


Meanwhile I am using the whole harddrive for kali, because I discovered that 
the partition was to small for kali (34GB, but I needed 50GB).

But I think, this problem will appear in some time, when I am buying a bigger 
harddrive, where I intend to put several different operating systems on one 
harddrive. 

Thanks for the feedback, and all your help. 

If I got a solution, I will tell you.

Best regards

Hans 
> If you want to boot A, just select it from the menu presented by B's
> grub.
> 
> When you boot and run A, you can update-grub¹ and that will scan
> and see both systems, writing A's grub.cfg with A as the default
> system to boot /in its grub.cfg/. However, A's grub.cfg will never
> be consulted, because the MBR points to B's grub.cfg. (Think of
> B as the "master system".)
> 
> (Only if you run grub-install on system A will the MBR be overwritten
> so that it points to A's grub.cfg, and from then on, booting would
> use A's grub.cfg.)

Re: Stupid question

[Thomas Schmitt]

Hi,

Chuck Zmudzinski wrote:
> > It looks you are using the old MBR partitioning scheme. The logical
> > partition indicates that.
> > So I also assume you are using the legacy booting (not UEFI).

Not necessarily. It is specified that the EFI System Partition may
be marked by a MBR partition table entry of type 0xEF.
In practice many EFI implementations look into any partition which
contains a FAT filesystem with the CPU-specific boot program in
directory \EFI\BOOT.

There have been seen some younger Lenovo laptops which won't consider
an MBR partition of type 0xEF unless a GPT header block is present on
the storage device.


> > So the first thing that
> > happens is that you will have an active partition set that your BIOS will
> > boot (if you have standard bootcode installed in the first sector of the
> > disk).

Andrei POPESCU wrote:

> Legacy BIOS doesn't have an understanding of partitions, it will just
> look for a bootloader in the MBR of the mass storage device chosen to
> boot from.

In theory, yes. In practice there have been seen old HP laptops which
don't consider a device if it does not have an MBR partition table with
the active/boot flag set to some of the partitions.


Have a nice day :)

Thomas

Re: One-user system. Was "One user system."

[David Wright]

On Thu 10 Feb 2022 at 20:26:57 (+), Joe wrote:
> On Thu, 10 Feb 2022 11:11:01 -0500 rhkra...@gmail.com wrote:
> > On Wednesday, February 09, 2022 06:08:16 AM Andrei POPESCU wrote:
> > > I've switched to using sudo because it encourages me to use root
> > > only when strictly required.  
> > 
> > That's a good idea, but I'll mention what I do -- I may have started
> > before sudo existed (or, at least, before I knew about it).
> > 
> > I use kde and keep several konsole (terminals) open, at on one, I
> > open it as root and set the background to be a different color than
> > the non-root konsole (a shade of yello).  
> > 
> > (Once you pick a color for the background (or any of variety of other
> > user preferences), you can save those so, for example, every time I
> > open a konsole as root, it gets those preferences.
> > 
> 
> Just an additional note if you use mc: you can change the colours of the
> mc window and save the changes, but when you close mc the previous
> config file will overwrite the new one. What you have to do is to save
> the config, then rename it from outside mc with mc still running. Close
> mc, rename the new config file back to the original name, then it will
> be used next time you start mc. 
> 
> A bit of a faff, which is why I don't change things often. But my
> server is console-only, and I found mc to be an excellent file manager
> and simple text editor for it. I also have different background colours
> depending on whether it is opened with sudo or not.

Why not just set these five file permissions to readonly?
.config/mc/{ini,panels.ini} .cache/mc/Tree{,.tmp} .local/share/mc/history
The last might need to be owned by root (for normal users), or
chattr +i   if you run mc as root. (I don't.)

> Yes, it's a dangerous beast as root, but what are you doing on a server
> if not admin work (carefully)?

Cheers,
David.

Re: Memory leak

[David Wright]

On Fri 11 Feb 2022 at 20:04:35 (+0100), Linux-Fan wrote:
> Stefan Monnier writes:
> 
> > > I used to have 8 GB on the system, and it would start to thrash at
> > > about 7+ GB usage. I recently ugrade to 16 GB; memory usage is
> > > currently over 8 GB, and it seems to be slowly but steadily increasing.
> > 
> > Presumably you bought 16GB to make use of it, right?
> > So it's only natural for your OS to try and put that memory to use.
> > Any "free memory" is memory that could potentially be used for something
> > more useful (IOW "free" = "wasted" in some sense).
> > 
> > It's normal for memory use to increase over time, as your OS finds more
> > things to put into it.
> 
> That was my first intuition, too. There is even a classic website
> about this very topic: https://www.linuxatemyram.com/
> 
> HOWEVER, given that the OP mentions looking at the RSS sizes I think
> the classic "all memory used" issue is already ruled-out. The issue
> seems to be modern webbrowsers which could be considered OSes on their
> own already hence they also claim more resources whenever it is useful
> for them.
> 
> Firefox takes just above 1600 MiB here with only six tabs open for
> four hours. Yet I am pretty sure it would take less were this a
> "lower-end" system e.g. fewer CPU cores would cause fewer processes to
> be spawned and hence the memory efficiency might be better in such
> cases.

Very slow, but I can run FF (≤3 tabs) and mpv in bullseye on a 2004-era
laptop: Pentium M i386 1.5GHz 512MB with 1GB swap (encrypted, as is /home).
I don't run it for hours on end¹. Compared with buster, it's slower to
start FF, but no slowdown with loading pages. (Of course, buster was
running FF 6X.X rather than the new 91.6.)

¹ It's a non-portable laptop. Remove the power cable and it's dead.

Cheers,
David.

Re: Uninstalling a package removes other essential packages: What is the best course of action?

[David Wright]

On Sun 13 Feb 2022 at 07:36:55 (+0100), Stella Ashburne wrote:
> Hello Dearie
> 
> > Sent: Sunday, February 13, 2022 at 8:34 AM
> > From: "David Wright" 
> > To: debian-user@lists.debian.org
> > Subject: Re: Uninstalling a package removes other essential packages: What 
> > is the best course of action?
> >
> > Installing those two would add 170 more packages to my system, so
> 
> OMG
> 
> > > What is the best course of action?
> >
> > Leave it. Worry about bigger issues than the odd library.
> >
> For all you know, the odd library which is this Thai file in question may 
> contain poorly designed code, ill-intentioned designed code or backdoors that 
> enable(s) root privileges without a user's direct intervention.

Tee-hee. We Brits can sneak our code into Debian without arousing
suspicion — we just label it "english". That's when we bother to
label it at all — Most of it just slips in as the default language
of Debian. And Linux. And computing in general. And the world.

Cheers,
David.

Re: dual booting, was Re: Stupid question

[David Wright]

On Sat 12 Feb 2022 at 10:04:43 (+0100), Hans wrote:
> 
> I am thinking of a solution of a problem. But I have an understanding 
> problem, 
> maybe you can give some background knowledge.
> 
> The problem: I have one harddrive, there are two linuces installed.
> 
> The partitions are as followed:
> 
> kali-linux: 1st primary -> /boot
>  2nd > /

I have to assume that this is a complete linux installation here, with
the possible exception that you could unlock the /home partition (below)
and mount it with either of the systems. That's my standard practice
with two Debians on one drive. (I share swap too.)

> debian3rd primary -> /boot
>4th logical > /
>> swap
> > /home (encrypted)
> > /usr (encrypted)
> > /var (encrypted)

It's not generally useful to encrypt /usr if it only consists of
free software, because it's public knowledge. It would be more
useful to encrypt swap.

Sharing /usr between two almost identical /Debian/ systems could
be made to work with care and expertise. OTOH I don't see how you
could sensibly share /var/lib in any way, because it's used to
maintain the state of a system — /one/ system.

But the level of your questions here would indicate that you're
going to struggle to do anything resembling that. I don't know
anything about kali (except the coloured sherbet of my childhood).
So your layout, above, worries me as it seems to imply more than
you're actually saying here. (Not the layout of the partitions
on the disk, but the text's alignment in the layout above.)

> This is the structure, and as said before, only ONE drive.
> 
> Now my question: Is it possible to configure grub that way, that I can choose 
> either kali or debian to boot?

I'm assuming that you're booting an MBR disk in a BIOS system,
seeing that your disk looks like something that DOS or Windows
would have created years ago (three primary partitions, and an
extended partition containing five logical partitions).

So, yes. You just install the systems as normal. Each installer
should install its own grub packages, and they should configure
its own /boot/grub/ directory (a process you can repeat at any
time by running update-grub¹ on that system). Each installer
should also install Grub's boot code in the disk's MBR (which
will overwrite any previous code).

> What I might to know, please correct me:
> Both are running different kernels.

This is irrelevant, as long as the systems defined by partitions
1, 2 ± /home are not being comingled with that defined by 3, 4
± /home, and that /usr and /var are "owned" entirely by either
one system or the other.

> As far as I understood grub, I can set the 
> root partition ( / ) with the UUID. This is an entry in grub.cfg

For Debian, that is the default. It's done for you: you don't have
to transcribe any UUIDs by typing them in.

> and maybe in 
> /etc/default/grub.

In that file, one can /prevent/ the use of UUIDs by Grub, but it
makes no sense for you to do so.

> But how can I tell grub, to use the kernel of the second /boot? 

If/when you install a system "A" on the disk, its Grub configuration
will only know about that system, and boot it by default. When you
install system B, B's Grub will scan² and see both systems, adding
menu entries for both in its own grub.cfg. Grub on the MBR will
be made to point to B's grub.cfg, and that will have B listed as
the default system to boot (first in the menu).

If you want to boot A, just select it from the menu presented by B's
grub.

When you boot and run A, you can update-grub¹ and that will scan
and see both systems, writing A's grub.cfg with A as the default
system to boot /in its grub.cfg/. However, A's grub.cfg will never
be consulted, because the MBR points to B's grub.cfg. (Think of
B as the "master system".)

(Only if you run grub-install on system A will the MBR be overwritten
so that it points to A's grub.cfg, and from then on, booting would
use A's grub.cfg.)

None of this matters until you upgrade one of the systems with
a new kernel (pretty common) or a new grub (fairly uncommon).
When you upgrade, say, A (the non-master system), A's updated
grub.cfg will be brought up-to-date. But typically, upgrades
will not touch the MBR as there's no need. So, if your MBR was
pointing to B's grub.cfg, the menu items in B for booting A
will be out of date and pointing to the wrong kernel version.

You have to either:

. In A, after the upgrade, run grub-install to make the MBR point
  here, to A's grub.cfg. (A is now the "master system".)

or

. Reboot (which will still use B's grub.cfg) and select B. When
  B is running, run update-grub¹ to freshen its grub.cfg. Now,
  B's grub.cfg will have up-to-date entries for A's kernel.
  (B remains the "master system".)

Typically, one would have a primary, "master" linux system which would
be used to write an MBR pointing to itself. The 

Re: Environnement de bureau léger pour personnes venant de Windows

[hamster]

Le 13/02/2022 à 14:31, benoit a écrit :
Quel serait l’environnement de bureau *léger* disponible en paquet 
Debian qui dépayserait le moins des personnes venant du monde Windows ?


Pas trop depayser, ca veut pas uniquement dire sexy, ca veut aussi dire 
que certains points de repères se retrouvent.


Mon conseil c'est MATE, mais LXDE ou XFCE si il est configuré de la 
bonne manière peut aussi faire l'affaire. Coté place consommée dans la 
RAM, j'ai pas fait de test très poussé mais avec les tests que j'ai 
faits ils sont tous les 3 très proches.


Il faudrait que ça reste fluide sur un Intel Core i3-3110M @ 2.40GHz 
4Go de RAM.


Ah bon, pour toi c'est ca un vieil ordi ??? J'ai mis debian/MATE sur bon 
nombre d'ordis de mes amis qui n'arrivent pas a la cheville du tiens. La 
plus grande limitation c'est les pages WEB : debian/mate tourne bien 
avec 1 Go de RAM, mais si t'a le malheur d'ouvrir plusieurs onglets dans 
firefox avec des pages un peu lourdes (genre youtube ou facebook…) tu 
fais très vite swapper meme si y'a 2 Go de RAM.


Je te conseille aussi d'installer zram.

Re: Stupid question

[Andrei POPESCU]

On Du, 13 feb 22, 02:40:27, Chuck Zmudzinski wrote:
> 
> This is my understanding of how grub works.
> 
> It looks you are using the old MBR partitioning scheme. The logical
> partition indicates that.
> So I also assume you are using the legacy booting (not UEFI). So the first
> thing that
> happens is that you will have an active partition set that your BIOS will
> boot (if you have
> standard bootcode installed in the first sector of the disk). 

Legacy BIOS doesn't have an understanding of partitions, it will just 
look for a bootloader in the MBR of the mass storage device chosen to 
boot from.

The active / bootable flag was (still is?) a Microsoft thing[1], Linux 
bootloaders never cared about it and can load operating systems 
regardless if the corresponding partition is marked active or not.

[1] as far as I recall it was used in DOS times to let the bootloader 
know which is the system partition, but it could be (ab)used for 
multi-booting ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Memory leak

[Andrew M.A. Cater]

On Sun, Feb 13, 2022 at 10:05:27AM -0500, rhkra...@gmail.com wrote:
> On Sunday, February 13, 2022 01:29:09 AM to...@tuxteam.de wrote:
> > On Sat, Feb 12, 2022 at 09:21:00AM -0500, rhkra...@gmail.com wrote:
> > 
> 
> I'm sure they are not one from each tab -- I often have 100 tabs open (in 
> Jessie's Firfox, upto 3000 in Wheezy's Firefox), and typically see between 3 
> and maybe 8 Web Content pages.
> 

Everybody has their own preferences but:

Wheezy is very well out of any support as is Jessie - Jessie is still
just about in support until June 30th 2022 as ELTS.
[Wheezy left ELTS on 2020-06-30]

It's probably not safe to connect these to the Internet with almost
no security support - perhaps consider upgrading to something a few
years more modern?

> Typically they use about 3 to 3.5 GiB VIRT and much less RES (like less than 
> 0.5 GiB), but occasionally I see RES hit figures like 1+ GiB  --n when I see 
> those I try to finish what I'm doing on a given web page and then kill that 
> process (I try to finish because it is likely that killing that process will 
> "wipe out" the content of the page I am currently viewing (although I can 
> reload the page).
> 
> > Cheers
> > 
> > [1] https://blog.mozilla.org/addons/2016/04/11/the-why-of-electrolysis/
> > [2] https://en.wikipedia.org/wiki/Features_of_Firefox#Firefox_57_and_above
>

All the very best, as ever,

Andy Cater 

Re: Memory leak

[Andrei POPESCU]

On Du, 13 feb 22, 08:03:39, Tixy wrote:
> On Sun, 2022-02-13 at 07:30 +0100, to...@tuxteam.de wrote:
> > On Sat, Feb 12, 2022 at 11:45:05PM +0100, Felmon Davis wrote:
> > > On Sat, 12 Feb 2022, Curt wrote:
> > > 
> > > > https://support.mozilla.org/en-US/kb/firefox-uses-too-much-memory-or-cpu-resources
> > > > 
> > > > Firefox may use more system resources if it's left open for long periods
> > > > of time [...]
> > 
> > > what this quote doesn´t mention is tabs opened as ´private browser´ tabs
> > > won´t preserved.
> > 
> > You don't want to have them preserved.
> 
> You may for the case in question, i.e. where you're only restarting
> Firefox work around a memory leak, not because you're finished doing
> the 'private browsing' thing.
> 
> Personally, I'm more paranoid about browser security and tab isolation.
> I have the 'always use private browsing' mode set so, in theory,
> nothing should remain after I close Firefox. Then for the cases where
> I'm doing sensitive stuff (online banking, shopping, etc) I close
> Firefox, re-open it to do that one task, then close it again.

You might (also) be interested in Multi-Account Containers, though they 
are incompatible with Private Browsing.

https://support.mozilla.org/en-US/kb/containers

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: netfilter on bullseye: matching executable name or pid with nftables

[Dan Ritter]

André Rodier wrote: 
> Hi,
> 
> With iptables, I was able to use the match extension, and create rules per
> program or pid, for isntance:
> 
> iptables -A OUTPUT --match owner -p tcp --cmd-owner tinyproxy -j ACCEPT
> iptables -A OUTPUT --match owner -p tcp --pid-owner 4554 -j ACCEPT
> 
> How can I achieve the same, on Linux, using nftables, please ?

https://wiki.nftables.org/wiki-nftables/index.php/Matching_packet_metainformation#Matching_by_socket_UID_.2F_GID

  You can use your user name to match traffic, eg.

  % nft add rule filter output meta skuid pablo counter

  Or the 32-bits unsigned integer (UID) in case there is no entry
  in /etc/passwd for a given user.

  % nft add rule filter output meta skuid 1000 counter

It doesn't look like there's direct support for matching on
process-ids, but cgroups can be matched.

-dsr-

Re: Environnement de bureau léger pour personnes venant de Windows

[Marc Chantreux]

Le Sun, Feb 13, 2022 at 03:04:15PM +0100, Michel - Ekimia a écrit :
> Salut , je pense que Gnome a beaucoup évolué et reste un bon compromis entre
> simplicité/fonctionnalité et legereté

apres qqchose comme 6 ans sous gnome:
* je confirme que ca a bien évolué
* même en évoluant encore énormement, on est loin d'un truc léger ou
  simple.

cordialement,
marc

Re: Environnement de bureau léger pour personnes venant de Windows

[Marc Chantreux]

> Il faut aussi arrêter de faire croire que MS Windows, c'est de la daube et
> que sous Minux, tout va plus vite...

je crois plutôt que l'idée est de dire: sous linux t'as toute une game
de choix qui va de dwm a gnome.

perso je retourne sous dwm apres avoir testé pendant des années des
gnomish-desktop (gnome, cinamon, ...).

> Un PC est un PC. Un vieux PC avec un microprocesseur lent est lent vis-à-vis
> des machines d'aujourd'hui.

et les machines d'aujourd'hui sont dispendieuses d'un point de vue
empreinte écologique! personne ne devrait avoir a acheter plus puissant
qu'un pi1 pour nombre d'usages.

> Je dis cela, car on veut un environnement joli avec des supers dégradés et
> des super effets sous GNU/Linux sans rien consommer.

et ben du coup c'est ca qu'il faut expliquer: l'écologie se fait entre
autres au détriment de bords ronds et franchement: vous les aurez vite
oublié.

> -- 
> Gabriel Moreau - IR CNRShttp://www.legi.grenoble-inp.fr
> LEGI (UMR 5519) Laboratoire des Ecoulements Geophysiques et Industriels
> Domaine Universitaire, CS 40700, 38041 Grenoble Cedex 9, France
> mailto:gabriel.mor...@legi.grenoble-inp.fr  tel:+33.476.825.015

-- 
Marc Chantreux
Direction du numérique de l'Université de Strasbourg
Pôle de Calcul et Services Avancés à la Recherche (CESAR)
http://annuaire.unistra.fr/p/20200

Re: Environnement de bureau léger pour personnes venant de Windows

[Marc Chantreux]

salut,

> Quel serait l’environnement de bureau léger disponible en paquet
> Debian qui dépayserait le moins des personnes venant du monde Windows ?

Je ne suis pas très au fait de l'actualité des desktops mais si tu
veut un truc très léger qui ressemble à windows, j'ai tendance pour ma
part a claquer du slim+icewm.

> Il faudrait que ça reste fluide sur un [Intel Core i3-3110M @
> 2.40GHz](https://www.cpubenchmark.net/cpu.php?cpu=Intel+Core+i3-3110M+%40+2.40GHz=763)
> 4Go de RAM.

C'est preque obscene pour faire tourner icewm :)

a+

Re: Memory leak

[tomas]

On Sun, Feb 13, 2022 at 10:05:27AM -0500, rhkra...@gmail.com wrote:

[Firefox Web Content processes]

> > Those are, basically, one for each tab, yes. 
> 
> I'm sure they are not one from each tab -- I often have 100 tabs open (in 
> Jessie's Firfox, upto 3000 in Wheezy's Firefox), and typically see between 3 
> and maybe 8 Web Content pages.

Ah, thanks for the data point. Perhaps they do some optimisation and only
"active" tabs (for some value of "active") get their own process.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re : Re: Environnement de bureau léger pour personnes venant de Windows

[benoit]

Le dimanche 13 février 2022 à 15:41, Frederic Zulian  a 
écrit :

> Sous Ubuntu, je dirai plutôt Lubuntu.

Je préfère rester sous Debian et ne changer que l'environnement de bureau.

Re: Environnement de bureau léger pour personnes venant de Windows

[Pierre Couderc]

J'utilise enlightenment ... C'est sûrement le meilleur rapport 
sexy/performances...


On 2/13/22 14:31, benoit wrote:

Bonjour à toutes et tous,

J’ai été invité à participer à une démonstration de logiciels libre, 
mais je n’utilise qu’openbox et ce n’est pas très sexy pour personne 
qui découvre GNU/Linux.


Quel serait l’environnement de bureau *léger* disponible en paquet 
Debian qui dépayserait le moins des personnes venant du monde Windows ?


Il faudrait que ça reste fluide sur un Intel Core i3-3110M @ 2.40GHz 
 
4Go de RAM.


Un des thèmes c’est aussi de démontrer l’emprunte du numérique et donc 
de faire une démo de réutilisation d’un vieux PC grâce à GNU/Linux.




Sent with ProtonMail  Secure Email.

Re: Memory leak

[rhkramer]

On Sunday, February 13, 2022 01:29:09 AM to...@tuxteam.de wrote:
> On Sat, Feb 12, 2022 at 09:21:00AM -0500, rhkra...@gmail.com wrote:
> 
> [...]
> 
> > The version of Firefox used in Jessie (and presumably later versions)
> > creates (typically mutlitple) files
> 
> ...you mean "processes", not files, right?

Yes -- sorry about that -- wasn't thinking ;-)


> 
> > named "Web Content".  I don't know how
> > Firefox
> > 
> > decides what to put in each of those (e.g., content from how many tabs),
> > but
> 
> Those are, basically, one for each tab, yes. 

I'm sure they are not one from each tab -- I often have 100 tabs open (in 
Jessie's Firfox, upto 3000 in Wheezy's Firefox), and typically see between 3 
and maybe 8 Web Content pages.

Typically they use about 3 to 3.5 GiB VIRT and much less RES (like less than 
0.5 GiB), but occasionally I see RES hit figures like 1+ GiB  --n when I see 
those I try to finish what I'm doing on a given web page and then kill that 
process (I try to finish because it is likely that killing that process will 
"wipe out" the content of the page I am currently viewing (although I can 
reload the page).

> This is "electrolysis", see
> here [1] or perhaps here [2] for a rough overview and rationale. 

OK, thanks, I'll do that.

> Plugins,
> media players and those things also get their own process..
> 
> Now I could be snarky (I've been caught red-handed bashing browsers around
> here before ;-) but given the kind of usage browsers get, this design
> decision actually seems to make sense.
> 
> Cheers
> 
> [1] https://blog.mozilla.org/addons/2016/04/11/the-why-of-electrolysis/
> [2] https://en.wikipedia.org/wiki/Features_of_Firefox#Firefox_57_and_above

Re : Re: Environnement de bureau léger pour personnes venant de Windows

[benoit]

Quand même, je voudrais nuancer, ce vieux pc est incapable de faire tourner 
Windows 10.
Enfin si, je l'ai testé, tu lances une application et tu vas prendre un café le 
temps qu'elle finisse de se charger...
Là Cinnamon démarre au quart de tour et les applis (LibreOffice et Firefox) se 
lancent raisonnablement vite.

Sent with [ProtonMail](https://protonmail.com/) Secure Email.

--- Original Message ---

Le dimanche 13 février 2022 à 14:53, Gabriel Moreau 
gabriel.mor...@legi.grenoble-inp.fr a écrit :

> Un des thèmes c’est aussi de démontrer l’emprunte du numérique et donc
>
> de faire une démo de réutilisation d’un vieux PC grâce à GNU/Linux.

Il faut aussi arrêter de faire croire que MS Windows, c'est de la daube

et que sous Minux, tout va plus vite...

Un PC est un PC. Un vieux PC avec un microprocesseur lent est lent

vis-à-vis des machines d'aujourd'hui.

Je dis cela, car on veut un environnement joli avec des supers dégradés

et des super effets sous GNU/Linux sans rien consommer. On trouve des

bons environnements sous Linux, mais sur un PC lent, on ne va pas faire

du super sexy...

Les ingénieurs de chez Microsoft ne sont pas des manches non plus ;-)

Quand la machine ne peut pas, elle ne peut pas ;-)

gaby

En tant que chargé de la sécurité informatique, je suis parfois amené à

envoyer des courriels en dehors des heures de bureau. Ceux-ci

n’appellent pas de réponses immédiates (la déconnexion est un droit).

Gabriel Moreau - IR CNRShttp://www.legi.grenoble-inp.fr

LEGI (UMR 5519) Laboratoire des Ecoulements Geophysiques et Industriels

Domaine Universitaire, CS 40700, 38041 Grenoble Cedex 9, France

mailto:gabriel.mor...@legi.grenoble-inp.fr tel:+33.476.825.015

Re: Captive Portal Alternatives (Was: Re: miracle of Firefox in the hotel)

[tomas]

On Sun, Feb 13, 2022 at 02:41:31PM +0100, Linux-Fan wrote:
> Brian writes:
> 
> > On Sat 12 Feb 2022 at 21:07:10 +0100, to...@tuxteam.de wrote:
> 
> [...]
> 
> > > This is Firefox's captive portal [1] detection [2].
> > >
> > > Cheers
> > >
> > > [1] Had I a say in it, I'd reserve a very special place in Hell
> > >for those.
> > 
> > Could the process to replace them on, say, public transport be outlined?
> 
> [...]
> 
> It highly depends on your jurisdiction and other regulatory requirements
> thus I gather there is no comprehensive answer to this question.
> 
> Alternatives could be any of the following:
> 
> * Not using a captive portal at all i.e. having just a free WiFi
>   for everyone near enough to receive the radio signal.
> 
> * Using WPA Enterprise (RADIUS) to have users login without any
>   website but directly as part of joining the network. This works
>   for very large networks, too. E.g. the `eduroam` common in some
>   universities can be accessed from any of the participating
>   universities' accounts by just entering their campus e-mail address
>   for login.
> 
> * RFC8910 - Captive-Portal Identification in DHCP and Router
>   Advertisements (RAs). I never never heard of it before searching
>   for “Alternatives to captive portals wifi” online :)

* Joining a local initiative providing free connectivity (and, of
  course, lobbying your local policy makers that this be legal;
  the very idea of providing free stuff tends to be suspect).

Freifunk [1] is one successful example.

Cheers
-- 
tomás


signature.asc
Description: PGP signature

Re: Environnement de bureau léger pour personnes venant de Windows

[Frederic Zulian]

Euh,  Gnome léger ??

Sous Ubuntu, je dirai plutôt  Lubuntu.

La, j'ai un core I3 8ieme génération, 8 Go RAM, DD SSD sous Debian XFCE4.
Si j'ouvre quelques onglets avec Firefox + LibreOffice Calc,  je peux
commencer à sortir les rames :-)

Frédéric ZULIAN
--
Pour la santé de votre ordinateur, préférez les logiciels libres.
https://www.april.org/



Le dim. 13 févr. 2022 à 15:16, ajh-valmer  a écrit :

> On Sunday 13 February 2022 14:31:24 benoit wrote:
> > J’ai été invité à participer à une démonstration de logiciels libre,
> mais je n’utilise
> > qu’openbox et ce n’est pas très sexy pour personne qui découvre
> GNU/Linux.
> > Quel serait l’environnement de bureau léger disponible en paquet Debian
> > qui dépayserait le moins des personnes venant du monde Windows ?
> > Il faudrait que ça reste fluide sur un [Intel Core i3-3110M @ 2.40GHz]
> > Un des thèmes c’est aussi de démontrer l’emprunte du numérique et donc
> > de faire une démo de réutilisation d’un vieux PC grâce à GNU/Linux.
>
> Un bureau léger, intuitif, bien fourni, qui ressemble à Androïd,
> est TDE-Trinity (ex-KDE-3 remanié).
> KDE-4 devenant trop lourd, une équipe a repris le bureau KDE-3
> et qui est très bien tenu à jour.
> Cependant, il ne faudrait pas que TDE-Trinity devienne aussi lourd
> que KDE...
> Avec un Intel-i3, 4Go de  RAM, TDE-Trinity est parfaitement fluide.
>
>

Re: Environnement de bureau léger pour personnes venant de Windows

[didier gaumet]

Le dimanche 13 février 2022 à 14:40:03 UTC+1, benoit a écrit :
> Bonjour à toutes et tous,
> J’ai été invité à participer à une démonstration de logiciels libre, mais je 
> n’utilise qu’openbox et ce n’est pas très sexy pour personne qui découvre 
> GNU/Linux.
> Quel serait l’environnement de bureau léger disponible en paquet Debian qui 
> dépayserait le moins des personnes venant du monde Windows ?
> Il faudrait que ça reste fluide sur un Intel Core i3-3110M @ 2.40GHz 4Go de 
> RAM.
> Un des thèmes c’est aussi de démontrer l’emprunte du numérique et donc de 
> faire une démo de réutilisation d’un vieux PC grâce à GNU/Linux.
> 
> 
> Sent with ProtonMail Secure Email.

ça fait un petit moment que je n'ai aps regardé Cinnamon ou Mate mais je trouve 
qu'étant largement basé sur Gnome3 ou Gnome2 porté vers gtk3, ce n'est pas 
énormément plus léger que Gnome (opinion perso). 
Je ne sais pas si on peut régler aux petits oignons un KDE/Plasma récent: à 
l'époque de KDE3 c'est vrai qu'on pouvait aggner pas mal de réactivité en 
réglant finement. 
Enlightenement est plus lourd qu'un WM mais pas tellement plus léger qu'un DE 
léger et je trouve que l'intégration Debian n'est pas parfaite.
Il me reste un vieux netbook (Atom 64 bits, BIOS, 2Go de RAM): ce que j'ai 
trouvé de plus réactif mais assez complet, personnellementy, c'est LXQt 
(bibiliothèques QT pas KDE, en gros)
(LXDE il me semble que c'est un peu plus léger mais c'est du gtk2 quine migrera 
pas, donc condamné à disparaître. Et en plus si tu veux optimiser, je trouve 
que les réglages ne sont pas très accessibles au débutant)  

Mais bon, sur ce genre de sujet, chacun peut avoir une appréciation différente 
:-)

Re : Environnement de bureau léger pour personnes venant de Windows

[nicolas . patrois]

Le 13/02/2022 14:31:24, benoit a écrit :
> Bonjour à toutes et tous,

> J’ai été invité à participer à une démonstration de logiciels libre,
> mais je n’utilise qu’openbox et ce n’est pas très sexy pour personne
> qui découvre GNU/Linux.

> Quel serait l’environnement de bureau léger disponible en paquet
> Debian qui dépayserait le moins des personnes venant du monde Windows
> ?

> Il faudrait que ça reste fluide sur un [Intel Core i3-3110M @
> 2.40GHz](https://www.cpubenchmark.net/cpu.php?cpu=Intel+Core+i3-3110M+%40+2.40GHz=763)
> 4Go de RAM.

> Un des thèmes c’est aussi de démontrer l’emprunte du numérique et donc
> de faire une démo de réutilisation d’un vieux PC grâce à GNU/Linux.

XFCE ?

nicolas patrois : pts noir asocial
-- 
RÉALISME

M : Qu'est-ce qu'il nous faudrait pour qu'on nous considère comme des humains ? 
Un cerveau plus gros ?
P : Non... Une carte bleue suffirait...

Re : Re: Environnement de bureau léger pour personnes venant de Windows

[benoit]

Salut,

Là je viens de tester cinnamon (dans .xinitrc) et quand je lance x ça démarre 
au quart de tours sur ce vieux CPU.
C hallucinant cet environnement de bureau hyper sexy est aussi rapide au 
démarrage que openbox.

Sent with ProtonMail Secure Email.

--- Original Message ---

Le dimanche 13 février 2022 à 15:04, Michel - Ekimia  a écrit :

> Le 2022-02-13 14:31, benoit a écrit :
>
> > Quel serait l’environnement de bureau léger disponible en paquet
> >
> > Debian qui dépayserait le moins des personnes venant du monde Windows
> >
> > ?
> >
> > Il faudrait que ça reste fluide sur un Intel Core i3-3110M @ 2.40GHz
> >
> > [1] 4Go de RAM.
>
> Salut , je pense que Gnome a beaucoup évolué et reste un bon compromis
>
> entre simplicité/fonctionnalité et legereté
>
> Il a aussi l'avantage d'etre le plus répandu notamment par défaut sur
>
> ubuntu afin qu'un débutant en cherchant de l'aide sur "Linux" trouve
>
> facilement des infos liées a Gnome3
>
>
> -
>
> Ekimia https://shop.ekimia.fr

Re: Environnement de bureau léger pour personnes venant de Windows

[ajh-valmer]

On Sunday 13 February 2022 14:31:24 benoit wrote:
> J’ai été invité à participer à une démonstration de logiciels libre, mais je 
> n’utilise 
> qu’openbox et ce n’est pas très sexy pour personne qui découvre GNU/Linux. 
> Quel serait l’environnement de bureau léger disponible en paquet Debian 
> qui dépayserait le moins des personnes venant du monde Windows ? 
> Il faudrait que ça reste fluide sur un [Intel Core i3-3110M @ 2.40GHz]
> Un des thèmes c’est aussi de démontrer l’emprunte du numérique et donc 
> de faire une démo de réutilisation d’un vieux PC grâce à GNU/Linux. 

Un bureau léger, intuitif, bien fourni, qui ressemble à Androïd,
est TDE-Trinity (ex-KDE-3 remanié).
KDE-4 devenant trop lourd, une équipe a repris le bureau KDE-3
et qui est très bien tenu à jour.
Cependant, il ne faudrait pas que TDE-Trinity devienne aussi lourd
que KDE...
Avec un Intel-i3, 4Go de  RAM, TDE-Trinity est parfaitement fluide.

Re: Environnement de bureau léger pour personnes venant de Windows

[Michel - Ekimia]

Le 2022-02-13 14:31, benoit a écrit :


Quel serait l’environnement de bureau léger disponible en paquet
Debian qui dépayserait le moins des personnes venant du monde Windows
?
Il faudrait que ça reste fluide sur un Intel Core i3-3110M @ 2.40GHz
[1] 4Go de RAM.


Salut , je pense que Gnome a beaucoup évolué et reste un bon compromis 
entre simplicité/fonctionnalité et legereté


Il a aussi l'avantage d'etre le plus répandu notamment par défaut sur 
ubuntu afin qu'un débutant en cherchant de l'aide sur "Linux" trouve 
facilement des infos liées a Gnome3




--
--
Ekimia https://shop.ekimia.fr

Re: Environnement de bureau léger pour personnes venant de Windows

[Gabriel Moreau]

Un des thèmes c’est aussi de démontrer l’emprunte du numérique et donc 
de faire une démo de réutilisation d’un vieux PC grâce à GNU/Linux.


Il faut aussi arrêter de faire croire que MS Windows, c'est de la daube 
et que sous Minux, tout va plus vite...


Un PC est un PC. Un vieux PC avec un microprocesseur lent est lent 
vis-à-vis des machines d'aujourd'hui.


Je dis cela, car on veut un environnement joli avec des supers dégradés 
et des super effets sous GNU/Linux sans rien consommer. On trouve des 
bons environnements sous Linux, mais sur un PC lent, on ne va pas faire 
du super sexy...


Les ingénieurs de chez Microsoft ne sont pas des manches non plus ;-) 
Quand la machine ne peut pas, elle ne peut pas ;-)


gaby

En tant que chargé de la sécurité informatique, je suis parfois amené à
envoyer des courriels en dehors des heures de bureau. Ceux-ci
n’appellent pas de réponses immédiates (la déconnexion est un droit).
--
Gabriel Moreau - IR CNRShttp://www.legi.grenoble-inp.fr
LEGI (UMR 5519) Laboratoire des Ecoulements Geophysiques et Industriels
Domaine Universitaire, CS 40700, 38041 Grenoble Cedex 9, France
mailto:gabriel.mor...@legi.grenoble-inp.fr  tel:+33.476.825.015


smime.p7s
Description: Signature cryptographique S/MIME

Captive Portal Alternatives (Was: Re: miracle of Firefox in the hotel)

[Linux-Fan]

Brian writes:


On Sat 12 Feb 2022 at 21:07:10 +0100, to...@tuxteam.de wrote:


[...]


> This is Firefox's captive portal [1] detection [2].
>
> Cheers
>
> [1] Had I a say in it, I'd reserve a very special place in Hell
>for those.

Could the process to replace them on, say, public transport be outlined?


[...]

It highly depends on your jurisdiction and other regulatory requirements  
thus I gather there is no comprehensive answer to this question.


Alternatives could be any of the following:

* Not using a captive portal at all i.e. having just a free WiFi
  for everyone near enough to receive the radio signal.

* Using WPA Enterprise (RADIUS) to have users login without any
  website but directly as part of joining the network. This works
  for very large networks, too. E.g. the `eduroam` common in some
  universities can be accessed from any of the participating
  universities' accounts by just entering their campus e-mail address
  for login.

* RFC8910 - Captive-Portal Identification in DHCP and Router
  Advertisements (RAs). I never never heard of it before searching
  for “Alternatives to captive portals wifi” online :)

See also:

* https://radavis.github.io/captive-portal-is-dead/
* 
https://old.reddit.com/r/HomeNetworking/comments/lrebw5/alternatives_to_a_captive_portal_for_open_networks/
* https://www.rfc-editor.org/rfc/rfc8910.txt

HTH
Linux-Fan

öö


pgpevR0soRT0q.pgp
Description: PGP signature

Environnement de bureau léger pour personnes venant de Windows

[benoit]

Bonjour à toutes et tous,

J’ai été invité à participer à une démonstration de logiciels libre, mais je 
n’utilise qu’openbox et ce n’est pas très sexy pour personne qui découvre 
GNU/Linux.

Quel serait l’environnement de bureau léger disponible en paquet Debian qui 
dépayserait le moins des personnes venant du monde Windows ?

Il faudrait que ça reste fluide sur un [Intel Core i3-3110M @ 
2.40GHz](https://www.cpubenchmark.net/cpu.php?cpu=Intel+Core+i3-3110M+%40+2.40GHz=763)
 4Go de RAM.

Un des thèmes c’est aussi de démontrer l’emprunte du numérique et donc de faire 
une démo de réutilisation d’un vieux PC grâce à GNU/Linux.

Sent with [ProtonMail](https://protonmail.com/) Secure Email.

Re: Uninstalling a package removes other essential packages: What is the best course of action?

[Andrew M.A. Cater]

Stella (and others)

This is apparently a long standing bug from pango1.0 

Debian bug #565500

and has been outstanding for a decade or so. Thai poses interesting font,
formatting and display properties - if you're not Thai, it doesn't matter
to you, but, as you can see it's fairly well embedded into various
libraries.

It's about as relevant to you as the fact that the Debian installer supports
several languages: if you don't use them in install and set up the locales
they're essentially irrelevant but are there for the convenience of people
who need them.

Hope this helps.

With every good wish, as ever,

Andy Cater

Re: Request free live CD

[Curt]

On 2022-02-11, Celejar  wrote:
>> 
>>   https://www.debian.org/CD/free-linux-cd
>> 
>> Since burning a CD and putting into the mail costs money, you can't
>> expect someone doing it for you. In the above page it is explained
>
> I'm genuinely curious about this: time and money are both scarce and
> precious resources. Why is there an assumption that people will gladly
> donate of their time to help others, but not their money? Is it because
> the assumption is that the person asking for help should just spend
> his own money, but may not be able to solve his problem by spending his
> own time?

Because your premise is false, and there is no equivalence between time
and money.

netfilter on bullseye: matching executable name or pid with nftables

[André Rodier]

Hi,

With iptables, I was able to use the match extension, and create rules 
per program or pid, for isntance:


iptables -A OUTPUT --match owner -p tcp --cmd-owner tinyproxy -j ACCEPT
iptables -A OUTPUT --match owner -p tcp --pid-owner 4554 -j ACCEPT

How can I achieve the same, on Linux, using nftables, please ?

I am using Debian Bullseye

Thanks.

--
퓐퓡 - 퐴푛푑푟푒 푅표푑푖푒푟

Re: Uninstalling a package removes other essential packages: What is the best course of action?

[Andy Smith]

Hello,

On Sun, Feb 13, 2022 at 07:36:55AM +0100, Stella Ashburne wrote:
> > From: "David Wright" 
> > Leave it. Worry about bigger issues than the odd library.
> >
> For all you know, the odd library which is this Thai file in
> question may contain poorly designed code, ill-intentioned
> designed code or backdoors that enable(s) root privileges without
> a user's direct intervention.

Wait until you find out that every single Intel CPU in the world has
a full install of Minix OS running inside of it.

General computing - it'll be the death of us!

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Uninstalling a package removes other essential packages: What is the best course of action?

[Andy Smith]

On Sun, Feb 13, 2022 at 07:31:58AM +0100, Stella Ashburne wrote:
> Hello Dearie
> 
> I am happy to hear from you again and hope that everything's fine with you 
> and your family.
> 
> > Sent: Sunday, February 13, 2022 at 6:23 AM
> > From: "David" 
> > To: "debian-user" 
> > Subject: Re: Uninstalling a package removes other essential packages: What 
> > is the best course of action?
> >
> >
> > But, why do you care? There may be many packages installed
> > that you will never notice that you will never use.
> > Why pick on this one?
> >
> > libthai appears to not occupy much disk space:
> >
> >
> > So there's hardly any win for the effort.
> >
> 
> Indeed, you asked a very pertinent question.
> 
> "Why pick on this one?", you asked.
> 
> It just happens that this file was in my installed Debian. I have checked for 
> other non-English files and found none other than Thai files.
> 
> "But, why do you care?" you wondered.
> 
> I care because I am worried that it may contain poorly designed code or 
> backdoors that enable root privileges without my explicit intervention. 
> Nobody has bothered to audit the Thai files that I mentioned for integrity 
> and probable malicious activity.
> 
> > Alternatively, don't install lxqt-core. Only install what you want.
> > Some ideas here:
> >   https://wiki.debian.org/ReduceDebian
> >
> > Naturally this kind of thing takes time and effort which you may
> > or may not find is worthwhile depending on your goals, and
> > what you choose to spend productive time doing.
> >
> You're right. I don't have the time nor the intellectual capacity
> to customize my Debian setup. I'll just have to look for other
> ways to install a custom Debian without foreign-language files.

I think there is a more fundamental issue here, that may call in to
question whether Debian is suitable for you at all.

You focus on "foreign-language files" perhaps because with limited
experience these stand out to you as being worthless to you, so a
prime candidate for removal in the goal of having the most
slimmed-down and therefore secure operating system.

The problem is that this is antithetical to the entire way that
Debian is designed. Since Debian distributes binary packages,
someone at some point has to decide what optional features each
package will have baked into it, and everyone gets those (and all
their dependencies) whether they use those features or not.

Now in some cases the programs themselves can detect at runtime what
features are present and disable those that aren't. This enables the
package maintainer to split up the package into a core package and
several optional packages (might be "Recommends" rather than
"Depends" in Debian parlance). So in that case there is some degree
of control over what features are present.

Also there are some packages that can be compiled in such different
ways that they warrant having different variants with different
compile-time options. For example, there is exim-daemon-light which
does the basic job, but for a more feature-rich experience you'd
want exim-daemon-heavy, which is the same application but with many
extras compiled in and a much bigger dependency list as a result.

But these examples are outliers and most moderately complex packages
in Debian have just one variant and no modularity, so the maintainer
has erred on the side of features and enabled pretty much
everything.

Therefore what I am saying is, Debian starts from a position of
enabling and installing a lot of dependencies that you may never
use, so if you don't like that, you don't like Debian. I am
suggesting that the only reason why this isn't more obvious to you
is that you probably don't notice what (the fictional example)
libfoobarbaz3 might be, but you DO notice libthai and wonder why you
have Thai things on your system. Yet both things have the
possibility to include buggy code that an attacker might leverage.

The task you seem to want to set yourself, that of auditing what is
the minimal software requirement and only installing that, is a big
one. I am not convinced that it's a good use of time and on the
whole the risk proposition of having unused and unaudited code
sitting on your storage isn't that bad especially if you take other
steps to improve security ("defence in depth"). However, it is your
time to use as you please. I am suggesting that if you want to do
this, Debian may not be a great place to start from.

If you want an operating system where you have high levels of
customisation over how each and every package is compiled, such that
you can disable every feature that you don't need, I think you want
a source-based operating system like Gentoo, NixOS or Guix. Or you
could go for one like Arch where the core operating system is quite
small but you can build additional software to your whim:

https://wiki.archlinux.org/title/Arch_Build_System

If that "ports" style of system appeals, then you may even consider
going for something BSD-based like OpenBSD 

Re: Stalled system shutdown

[José Luis González]

On Sat, 12 Feb 2022 19:13:28 -0600
Flacusbigotis  wrote:

> > I wonder if the package ntopng is necessary for something.
> 
> See manpage gor ntopng it's for monitoring network resources/activity.
> 
> So if you aren't interested in doing that  then you don't need it installed.

Yes, I have removed it.

Thanks all for your help.

Re: telegram package upgrade

[Luna Jernberg]

There is a new package in Backports:
https://packages.debian.org/search?keywords=telegram-desktop=names=all=buster-backports

On Sun, Feb 13, 2022 at 10:48 AM Kilo Byte  wrote:

> hi debian team,
> the telegram-desktop is outdated in the repo.
> pls try to update it asap
> regards
>

telegram package upgrade

[Kilo Byte]

hi debian team,
the telegram-desktop is outdated in the repo.
pls try to update it asap
regards

Re: Memory leak

[Tixy]

On Sun, 2022-02-13 at 07:30 +0100, to...@tuxteam.de wrote:
> On Sat, Feb 12, 2022 at 11:45:05PM +0100, Felmon Davis wrote:
> > On Sat, 12 Feb 2022, Curt wrote:
> > 
> > > https://support.mozilla.org/en-US/kb/firefox-uses-too-much-memory-or-cpu-resources
> > > 
> > > Firefox may use more system resources if it's left open for long periods
> > > of time [...]
> 
> > what this quote doesn´t mention is tabs opened as ´private browser´ tabs
> > won´t preserved.
> 
> You don't want to have them preserved.

You may for the case in question, i.e. where you're only restarting
Firefox work around a memory leak, not because you're finished doing
the 'private browsing' thing.

Personally, I'm more paranoid about browser security and tab isolation.
I have the 'always use private browsing' mode set so, in theory,
nothing should remain after I close Firefox. Then for the cases where
I'm doing sensitive stuff (online banking, shopping, etc) I close
Firefox, re-open it to do that one task, then close it again.

-- 
Tixy