Re: Bookworm Fasttrack and Virtualbox
Hello :) Le 15/03/2024 à 00:26, Miguel A. Vallejo a écrit : Hello! This evening I tried to install virtualbox into a fresh Bookworm install. I followed the steps in Virtualbox's Debian Wiki entry. After set up fasttrack repository successfully and issue a apt install virtualbox command I get: Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: virtualbox: Depends: python3 (< 3.10) but 3.11.2-1+b1 is to be installed Depends: python3.9 but it is not installable Depends: libgsoap-2.8.104 but it is not installable Depends: libssl1.1 (>= 1.1.1) but it is not installable Depends: libvpx6 (>= 1.6.0) but it is not installable Recommends: virtualbox-qt (= 7.0 .6-dfsg-1~fto11+1) but it is not going to be installed Recommends: libqt5opengl5 (>= 5.0.2) but it is not going to be installed E: Unable to correct problems, you have held broken packages. I was surprised by the python 3.9 dependency, it leads me to think fasttrack repos are abandoned? What is the right way to install virtualbox in Debian Bookworm? why not just go to virtualbox.org and download the deb install file ? no need for a repo there. Jeff
Re: DoS protection solutions for Debian Servers ?
On Thu, Mar 14, 2024 at 10:57 AM Michel Verdier wrote: > On 2024-03-13, Jean-François Bachelet wrote: > > > what solutions (free or not) do you debian servers pros use (for pro or > > private servers) ? > > You could try suricata. Same as snort but with another community for > upgrading rules. > I use Suricata, it works well after configuring the suricata.yaml file. SNORT is no longer available in Debian Bookworm for some reason. Using nftables instead of iptables also could reduce high trafic > impact. Especially using ingress filtering. I don't remember if fail2ban > uses nftables. > I heard Fail2Ban is a pain on Bookworm due to logging only using journald. I use FirewallD, it works well. I use the drop zone to drop all inbound traffic by default and only allow specific ports. You may want to check out PSAD. psad/stable 2.4.6-3 amd64 Port Scan Attack Detector. I am not sure how well it works with JournalD. It may require RSyslog like fail2ban. -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/ ⠈⠳⣄⠀⠀
Re: "libEGL warning: DRI2: failed to authenticate"
> libEGL warning: DRI2: failed to authenticate > [vo/gpu/opengl] Suspected software renderer or indirect context. > [vo/gpu] Failed initializing any suitable GPU context! > Error opening/initializing the selected video_out (--vo) device. Problem solved. I had a package called bumblebee installed and in a file in /etc/modprobe.d from that package was a line "blacklist nouveau". -- underground experts united https://dataswamp.org/~incal
Re: Ethernet not working on a Dell notebook
On 13/03/2024 23:53, Franco Martelli wrote: On 13/03/24 at 16:06, Max Nikulin wrote: On 13/03/2024 21:52, Franco Martelli wrote: They can coexist. NetworkManager in default configuration ignores interfaces under control of ifupdown (/etc/network/interfaces). Detailed messages from NetworkManager related to carrier change events are missed in the posted log file, so the interface is configured by ifupdown. Sorry Max I always knew that they cannot, my mistake… My fault was that I tried to find NetworkManager manager messages in dmesg log. I have never tried to enable control of ifupdown interfaces in NetworkManager. In my opinion, on laptops commenting out interface in /etc/network/interfaces and so delegating it to NetworkManager has a clear advantage. Plugged in cable is detected immediately. With dhclient running by ifupdown, it may take some minutes till next DHCP request is sent. The system may have significant changes in respect to defaults. Concerning NetworkManager, the following commands might give some additional info networkctl nmcli device nmcli connection /usr/sbin/NetworkManager --print-config I am unsure if the line in /etc/network/interfaces had some effect since device name is enp19s0 and the file contained eth0. On 13/03/2024 16:52, fran...@libero.it wrote: [2.771916] r8168: module verification failed: signature and/or required key missing - tainting kernel tells that not r8169 from default kernel is used. What is the reason to install r8168 and what is its origin? r8168-dkms? From realtek site directly? I asked concerning more detailed lspci output and firmware package, but I have got no response. If firmware is installed then I would try backports kernel. If cabling issues have been ruled out then perhaps it is time to ask in a realtek-related mailing list/forum/bugtracker. https://wiki.archlinux.org/title/Talk:Network_configuration/Ethernet So after configured the interfaces, you could try to add "iommu=soft amd_iommu" to the kernel command-line Even if it might help, do not forget to disable it if it has no effect. To verify cat /proc/cmdline
Re: Bluetooth sound problems Debian 12 GNOME
On 14/03/2024 19:06, Jan Krapivin wrote: What do you think about QUANT parameter in */pw-top/*? Can it influence sound quality? I wasn't able to change it with pw-metadata -n settings 0 clock.force-quantum 2048 Sorry, my experience with tuning PipeWire is limited to switching audio profiles (A2DP codecs, HSF) from UI. I think in you case it would be more productive to enable debug logs either in bluetoothd or PipeWire to find either the host or the device drops or lost connections causing pauses till reconnect.
"libEGL warning: DRI2: failed to authenticate"
Hello, I have this problem with Debian and mpv recently after not using the computer for a while, now plugging everything in and upgrading. I asked on #mpv and got some help but still don't work, I post the whole backlog here here. TIA. But the error message is, libEGL warning: DRI2: failed to authenticate [vo/gpu/opengl] Suspected software renderer or indirect context. [vo/gpu] Failed initializing any suitable GPU context! Error opening/initializing the selected video_out (--vo) device. Here is the backlog, hi, had the computer stashed away for some time, plugged it in today, now I get the following error from mpv: libEGL warning: DRI2: failed to authenticate [vo/gpu/opengl] Suspected software renderer or indirect context. [vo/gpu] Failed initializing any suitable GPU context! Error opening/initializing the selected video_out (--vo) device. without more information, I conclude you have broken drivers okay, what do you do about that? I'm on Debian, everything is upgraded. mpv 0.37.0 how did you get mpv? paste a log file, mpv --no-config --log-file=mpv_is_broken.log got mpv with these commands, https://dataswamp.org/~incal/conf/.zsh/mpv-install LaserEyess, log file: https://dataswamp.org/~incal/error/mpv-gpu.txt mpv cannot detect your GPU, mesa only says you have software renderers if mpv cannot detect it, does it mean it is down or is it a problem with mpv? it's a problem with your system the drivers? maybe same as this? https://lists.debian.org/debian-x/2015/08/msg00243.html no, 2015 paste `eglinfo` somewhere it comes from mesa-utils or whatever https://dataswamp.org/~incal/error/eglinfo.txt yeah it just says failed so your drivers are broken no, wait, I should do it from X, https://dataswamp.org/~incal/error/eglinfo-x.txt that looks more functional but it says "libEGL warning: DRI2: failed to authenticate" when I run it in X o wait nvm says swrasty which gpu do you have msi Nvidia Geforce GT 710 ah nvidia very fun what driver should you have for that? maybe it got removed when I upgraded the system, no idea I don't have any nvidia stuff installed, a bunch of mesa tho if that is the/a alternative? but everything is upgraded, so should work unless broke from the repos. unlikely maybe incal: you have to install nouveau or the proprietary nvidia drivers you have no drivers installed at all I have xserver-xorg-video-nouveau installed, isn't that nouveau? here is a YouTube video, "DEBIAN FIX: libEGL warning: DRI2: failed to authenticate", from 2023, maybe I can watch that from a smartphone. https://www.youtube.com/watch?v=WF1yJg2vzps idk, I don't use debian yeah will post the issue at gmane.linux.debian.user, must have happened when I upgraded the system after not using it, right? -- underground experts united https://dataswamp.org/~incal
Re: Bookworm, fail2ban and sshd
On Thu, 14 Mar 2024 22:27:36 + Andy Smith wrote: > I think you want to set "backend = journald" in > /etc/fail2ban/jail.conf or its usual local override, but I have not > tested this as I still use rsyslogd. Thanks, but no cigar. I also tried setting backend to systemd (as noted in man jail.conf). Also no go. The man page also suggest specifying the path to the journal. I tried [DEFAULT] backend = systemd[journalpath=/var/log/journal/2284a3a8f11544c5a5c355d3ff3e744d/] That worked if I disabled sshd, but sshd still doesn't like it. -- Does anybody read signatures any more? https://charlescurley.com https://charlescurley.com/blog/
Re: Inclusive terminology (instead of master/slave) for network bonding/LACP
Mike Castle wrote: >> It is "fixing" an issue for today's English speakers. >> Should we scour our systems looking for similar issues in >> other languages? Then in, say, 20 years time when different >> words will then be considered offensive, by some, do this >> all again? > > Yes. Remember, there are A LOT of words and expressions we don't use anymore, and that's good, as they are offensive and disrespectful. But once they were perfectly normal. Still, one by one, they have disappeared from active use. What's to say we are right now, just because _we_ happen to live right now, suddenly done with that process? If it had to be done in the past, why not right now - and in the future as well? Now how to actually do it is another thing. Maybe one should just focus on a few words and expressions that are clearly offensive, and remove them from schools, universities, public service TV, all official state-related communication, etc. With no intention of ever creating a 100% offensive-free language, removing the worst offenders from the scene often is enough. -- underground experts united https://dataswamp.org/~incal
Bookworm Fasttrack and Virtualbox
Hello! This evening I tried to install virtualbox into a fresh Bookworm install. I followed the steps in Virtualbox's Debian Wiki entry. After set up fasttrack repository successfully and issue a apt install virtualbox command I get: Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: virtualbox: Depends: python3 (< 3.10) but 3.11.2-1+b1 is to be installed Depends: python3.9 but it is not installable Depends: libgsoap-2.8.104 but it is not installable Depends: libssl1.1 (>= 1.1.1) but it is not installable Depends: libvpx6 (>= 1.6.0) but it is not installable Recommends: virtualbox-qt (= 7.0 .6-dfsg-1~fto11+1) but it is not going to be installed Recommends: libqt5opengl5 (>= 5.0.2) but it is not going to be installed E: Unable to correct problems, you have held broken packages. I was surprised by the python 3.9 dependency, it leads me to think fasttrack repos are abandoned? What is the right way to install virtualbox in Debian Bookworm? Thanks in advance Miguel A. Vallejo
Re: logcheck(1) in bookworm 12.5 /etc/logcheck/logcheck.logfiles.d/syslog.logfiles
Hi, On Thu, Mar 14, 2024 at 04:18:26PM -0600, Charles Curley wrote: > Interesting. My logcheck instance works just fine, andmakes no such > complaints. However, my > /etc/logcheck/logcheck.logfiles.d/syslog.logfiles has them commented > out. You are probably using the journald support as configured in /etc/logcheck/logcheck.logfiles.d/journal.logfiles. > # (If your system does not use a syslog daemon you > # can comment these lines out) > # /var/log/syslog > # /var/log/auth.log > root@issola:~# > > So you might do the same. OP would also want to check the journal.logfiles file I mentioned above to check that it is actually set up to read from journald. Good to know that logcheck has patterns for matching journald logs though. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
Re: Bookworm, fail2ban and sshd
Hi, On Thu, Mar 14, 2024 at 04:01:54PM -0600, Charles Curley wrote: > I'm trying to set fail2ban up on bookworm. It refuses to run with the > default configuration (sshd only), reporting: > > Failed during configuration: Have not found any log file for sshd jail I think you want to set "backend = journald" in /etc/fail2ban/jail.conf or its usual local override, but I have not tested this as I still use rsyslogd. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
Re: logcheck(1) in bookworm 12.5 /etc/logcheck/logcheck.logfiles.d/syslog.logfiles
On Thu, 14 Mar 2024 11:25:52 -0700 cono...@panix.com (John Conover) wrote: > Email from logcheck(1) contains: > > E: File could not be read: /var/log/syslog > E: File could not be read: /var/log/auth.log > > which do not exist in bookworm 12.5. > > The offending file: > > /etc/logcheck/logcheck.logfiles.d/syslog.logfiles > > contains both filenames. Interesting. My logcheck instance works just fine, andmakes no such complaints. However, my /etc/logcheck/logcheck.logfiles.d/syslog.logfiles has them commented out. root@issola:~# cat /etc/logcheck/logcheck.logfiles.d/syslog.logfiles ## Log entries in the logs listed below will be checked by logcheck # The default is to check standard syslog files # created by rsyslog or other syslog daemons # (If your system does not use a syslog daemon you # can comment these lines out) # /var/log/syslog # /var/log/auth.log root@issola:~# So you might do the same. -- Does anybody read signatures any more? https://charlescurley.com https://charlescurley.com/blog/
Bookworm, fail2ban and sshd
I'm trying to set fail2ban up on bookworm. It refuses to run with the default configuration (sshd only), reporting: Failed during configuration: Have not found any log file for sshd jail Near as I can figure, fail2ban expects sshd's log file to be /var/log/auth.log. Which does not exist on my target machine. On a brief inspection, machines that have new installations of bookworm do not have /var/log/auth.log. Machines running bullseye or upgraded from bullseye to bookworm have it. Commenting out sshd's "enabled" line (in /etc/fail2ban/jail.d/defaults-debian.conf) allows the daemon to start, but it isn't doing anything useful. -- Does anybody read signatures any more? https://charlescurley.com https://charlescurley.com/blog/
Re: logcheck(1) in bookworm 12.5 /etc/logcheck/logcheck.logfiles.d/syslog.logfiles
Hi, On Thu, Mar 14, 2024 at 11:25:52AM -0700, John Conover wrote: > Email from logcheck(1) contains: > > E: File could not be read: /var/log/syslog > E: File could not be read: /var/log/auth.log > > which do not exist in bookworm 12.5. > > The offending file: > > /etc/logcheck/logcheck.logfiles.d/syslog.logfiles > > contains both filenames. You haven't asked a question so I shall attempt to read your mind and divine that you are wishing to know why there is a logcheck file that refers to log files that don't exist. The reason is that as of Debian 12, a syslogd is not installed by default and logging is handled by systemd-journald. There is a file in the logcheck package for reading the systemd journal: /etc/logcheck/logcheck.logfiles.d/journal.logfiles If you intend to do that you are meant to uncomment what is in that one and comment what is in /etc/logcheck/logcheck.logfiles.d/syslog.logfiles. If your intent is to have logcheck read syslog files than you first need to install a syslogd. As others have mentioned, rsyslogd is popular on Debian and was installed by default on previous releases. There are others. I don't recall what logcheck does by default as regards commenting in these files. Probably you haven't changed anything and those files come as you have presented here. If so then it may be worth a bug report since logcheck does support reading from the journal yet apparently defaults to not doing so. Though that may be a big job as I think all the sample pattern files for logcheck are still geared towards rsyslogd's format, not journald's. Myself, I still use logcheck with rsyslogd on Debian 12. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
Servidor sofrendo algum tipo de syn ataque.
Ola, Note uma atividade usual no tráfego de um servidor debian e notei uma quantidade enorme de conexões em SYN_RECV mostrado pelo comando netstat -nt, como as listadas abaixo tcp6 0 0 1__.1_.239.245:80 186.65.106.83:16607 SYN_RECV tcp6 0 0 1__.1_.239.245:80 186.65.106.224:3531 SYN_RECV tcp6 0 0 1__.1_.239.245:80 186.65.107.82:29048 SYN_RECV tcp6 0 0 1__.1_.239.245:443 186.65.106.199:32652 SYN_RECV tcp6 0 0 1__.1_.239.245:80 186.65.106.7:58189 SYN_RECV Fui verificar outros servidores, e eles também estão assim, os mesmos ips. Que tipo de ataque e esse, e perigoso? Para mitigar, fiz um script e que se a contagem desses SYN_RECV por ip for maior que 5 , dropa todo o /24. -- Paulino Kenji Sato
Re: Committing git working tree with other git repos
On Wed, 13 Mar 2024, Paul M Foster wrote:
Folks:
I have a /home/paulf/stow directory with contains subdirectories for each
of the packages whose dotfiles I want to manage, like:
/home/paulf/stow/alacritty
In each subdirectory, I have all the config files for that packages, under
git management. This means that the directory will look like this:
/home/paulf/stow/alacritty/.git
/home/paulf/stow/alacritty/.config/alacritty/alacritty.yml
This works well with stow (configs are now symlinks in $HOME).
I'd like to copy all of this to a git repo on gitlab. You would think you
could go to the ~/stow directory, "git init", then "git add" each
directory, and all is good. However, git looks inside the directories and
sees there are already .git directories there, and refuses to add the
directories and their contents to its repo. Instead, it wants you to use
"submodules", to wit:
git submodule add ./alacritty
This adds an *empty* alacritty subdirectory to the git repo, which isn't
useful.
I need a way to bring all these subdirectories and their contents under a
git repo so I can send it to gitlab. Any suggestions?
Paul
So I thought this was a rather interesting exercise and tried it on one
of my repos that contains etckeeper files, one branch per machine.
I came up with this script (beware if your branches have weird
characters in the names or something, there's limited quoting/escaping
here.)
# clone the repo (I'm assuming you've managed to merge all your repos
# into one with a separate branch for each. I started from this so I've
# not got commands to do it but it shouldn't be hard, just add a
# commonremote and push to a named branch for each existing repo)
git clone -n git@einstein:/configs.git
cd configs
# Create a new branch with a completely empty commit at the root
# This must not match any existing branch.
rbp=rebasepoint
tree=$( git hash-object -wt tree --stdin < /dev/null )
commit=$( git commit-tree -m 'root commit' $tree )
git branch $rbp $commit
git checkout $rbp
# Don't know how to stop this one getting created but we need to delete
# it to simplify the rest. I expected git clone -n to not create this!
git branch -d master
# First map all the commits in each branch on the remote into a
# subdirectory of the branch name on my (relatively low power) machine
# this maps about 30 objects per second.
# This has a very long line with subtle quoting - take care when
# cutting/pasting.
for i in $( git branch -r | grep -v HEAD ); do
echo $i
git filter-branch -f --index-filter 'git ls-files -s | sed "s:\t\"*:&'"$i"'/:" | GIT_INDEX_FILE=$GIT_INDEX_FILE.new
git update-index --index-info && if [ -e "$GIT_INDEX_FILE.new" ]; then mv "$GIT_INDEX_FILE.new"
"$GIT_INDEX_FILE"; fi' -- $i
done
# Now rebase each branch onto the previous one (Note that we're starting
# with rebasepoint that we created above)
# This gets progressively slower on my machine, not exactly sure why.
for i in $( git branch -r | grep -v HEAD ); do
git branch --track ${i#origin/} $i
git rebase $rbp ${i#origin/}
rbp=${i#origin/}
done
# The branch you are on at this point should be a branch that combines
# all of the upstream branches
# If anything goes wrong, just delete the configs directory and start
# again. You are changing nothing on the upstream unless/until you
# decide to push.
tim@dirac:~/git/flatten/configs (xen3)$ ls origin/
aptmirror17 citrix17 dirac ipmi17 ntp17wiki17
aptmirror19 cups17 einsteinipmi19 ntp19wiki19
asterisk17 debootstrap17 firewall17 ipmi2 proxy17 xen17
asterisk19 debootstrap19 firewall19 mail17 proxy19 xen19
backup17 debootstrap2 firewall2 mail19 rpi xen2
bind17 dhcp17 imap17 master rpi-flat17a xen3
bind19 dhcp19 imap19 mtd19 victoria17
HTH.
Tim.
Re: logcheck(1) in bookworm 12.5 /etc/logcheck/logcheck.logfiles.d/syslog.logfiles
John Conover wrote: > > Email from logcheck(1) contains: > > E: File could not be read: /var/log/syslog > E: File could not be read: /var/log/auth.log > > which do not exist in bookworm 12.5. They do as soon as you install rsyslog. Arguably this should be in rsyslog's package, though -- and any similar replacements. -dsr-
Re: DoS protection pour Serveurs Debian ?
On Wednesday 13 March 2024 19:39:32 Jean-François Bachelet wrote: > qu'utiliseriez vous si l'un de vos serveurs Debian était la cible > d'attaques style Denial of Service (DoS)? > vu le nombre croissant d'attaques en tous genre sur les serveurs de la > planête par tout un tas de hackers, muscler la protection de serveurs > (pros ou privés) est devenu indispensable. > des idées de solutions efficaces à partager ? Je réponds pas à la question, désolé, juste ceci, il ne faut pas dire et écrire "hackers", c'est une erreur, ces derniers sont en français des "bidouilleurs", il faut préférer le mot "pirates". On a besoin de hackers et pas de pirates.
Re: Ethernet not working on a Dell notebook
Am 14.03.2024 um 17:13:12 Uhr schrieb fran...@libero.it: > After rebooting the problem remains. What does dmesg say? -- Gruß Marco Send spam to 1710432792mu...@cartoonies.org
Re: logcheck(1) in bookworm 12.5 /etc/logcheck/logcheck.logfiles.d/syslog.logfiles
On Thu, Mar 14, 2024 at 11:25:52AM -0700, John Conover wrote: > > Email from logcheck(1) contains: > > E: File could not be read: /var/log/syslog > E: File could not be read: /var/log/auth.log > > which do not exist in bookworm 12.5. You'll want to install rsyslog, or something equivalent, to get human-readable text log files. Otherwise, there's just the systemd journal. The logcheck package has a "Suggests" for rsyslog, but not a hard dependency.
keyboard and mouse just stuck
Hi, Thanks for reading, and I need some help. Description: About 2024 Mar 14 0:0:0, I use the shortcut 'Ctrl + Alt + L', lock the screen, after several hours, I want to login the computer. Then, I click one mouse, and type one enter key, the screen light, and everything stuck and stop. The mouse and keyboard cant click, cant move, cant type. And this is [log](https://github.com/jwbda/debian/blob/main/mouse_keyboard_problem) of `sudo journalctl --since "2024-03-11" --until "2024-03-15"` command.https://github.com/jwbda/debian/blob/main/mouse_keyboard_problem And if you need anything to solve this problem, just feel free to tell me. Thank you so much Sent with [Proton Mail](https://proton.me/) secure email.
Re: cherche petit exemple de code C++ pour GTKmm4/Debian (passer des arguments au programme)
J'ai quelques exemples simples sur framagit : https://framagit.org/users/lann/projects En particulier word_search et takuzu
logcheck(1) in bookworm 12.5 /etc/logcheck/logcheck.logfiles.d/syslog.logfiles
Email from logcheck(1) contains: E: File could not be read: /var/log/syslog E: File could not be read: /var/log/auth.log which do not exist in bookworm 12.5. The offending file: /etc/logcheck/logcheck.logfiles.d/syslog.logfiles contains both filenames. Thanks, John -- John Conover, cono...@panix.com, http://www.johncon.com/
Re: Inclusive terminology (instead of master/slave) for network bonding/LACP
On Fri, Feb 23, 2024 at 2:07 AM Alain D D Williams wrote: > It is "fixing" an issue for today's English speakers. Should we scour our > systems looking for similar issues in other languages ? Then in, say, 20 years > time when different words will then be considered offensive, by some, do this > all again ? Yes.
Re: Mate: mouse too sensitive
Am Thu, Mar 14, 2024 at 04:33:56PM + schrieb Ottavio Caruso: > My Logitech wireless mouse has always been a bot over-sensitive, but now, > going into its 7th years of life, has become even more erratic. I am not > complaining about the speed, just the sensitivity. I have to be very careful > not moving the mouse too much in order not to close/open windows, > accidentally removing text, etc. > > I have configured "mate-mouse-properties" to the lowest possible sensitivity > (changing the acceleration doesn't make much difference), but it is still > too sensitive. > > This the output from xinput: > > $ xinput list-props 'Logitech Wireless Mouse' > Device 'Logitech Wireless Mouse': > Device Enabled (177): 1 > Coordinate Transformation Matrix (179): 1.00, 0.00, 0.00, > 0.00, 1.00, 0.00, 0.00, 0.00, 1.00 > libinput Natural Scrolling Enabled (316): 0 [...] > Any clue? I have slowed down a mouse by the following line in my .xinitrc: xinput set-prop "Logitech USB Optical Mouse" "Coordinate Transformation Matrix" 0.5 0 0 0 0.5 0 0 0 2 Adjusting the coordinate transformation matrix might be one way to go. Kind regards, Christoph -- Ist die Katze gesund schmeckt sie dem Hund. signature.asc Description: PGP signature
Re: Inclusive terminology (instead of master/slave) for network bonding/LACP
Alain D D Williams wrote: > However that is not the way that the world works, or prolly > more accurately how some people think. They see > a word/phrase that they have decided that they "own" or > somehow relates to them [...] I am not black so I have no idea how black people consider everything negative in language that is black. If indeed most of them have no strong feelings about it it may be a waste of time trying to change such expressions. If they do care about it one could try to reduce such use from formal and official language, especially when it really hasn't anything to do with the color black - like blacklist into blocklist, and other such examples. Maybe in fantasy novels one would still be allowed to have evil wizards all dressed in black, doing powerful incantations of black magic? -- underground experts united https://dataswamp.org/~incal
Re: Debian en una tableta con Android
Hola,A una tableta con procesador Intel si. Funcionó todo menos el sonido. No hubo forma.A una tableta con arm nunca he probado.Saludos,El 14 mar. 2024 16:50, Luis Muñoz Fuente escribió: Hola a todos/as: ¿Alguien ha instalado Debian en una tableta con Android y le funciona? Gracias
Re: Ethernet not working on a Dell notebook
On 14/03/24 at 17:03, fran...@libero.it wrote: Hello, I did as indicated, but the connection needs the command sudo mii-tool enp19s0 -F 10baseT-FD to enable. revert the change to /etc/default/grub remove -iommu=soft amd_iommu- strings: GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" run again: ~# update-grub then reboot the system. I'm not confident with NetworkManager, maybe others readers have a solution for this issue, try to ask again for help posting the output of the following command: ~# journalctl --no-pager -b -t NetworkManager -- Franco Martelli
Fwd: Re: Ethernet not working on a Dell notebook
I remove auto eth0 After rebooting the problem remains. source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback > > -- Messaggio originale -- > Da: Marco Moock > A: debian-user@lists.debian.org > Data: 14/03/2024 09:38 CET > Oggetto: Re: Ethernet not working on a Dell notebook > > > Am 14.03.2024 schrieb fran...@libero.it: > > > auto eth0 > > remove that.
Debian en una tableta con Android
Hola a todos/as: ¿Alguien ha instalado Debian en una tableta con Android y le funciona? Gracias
Re: Ethernet not working on a Dell notebook
On 14/03/24 at 09:07, fran...@libero.it wrote: Hi, good morning. This is the command: /dev/null || echo Debian` GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" iommu=soft amd_iommu GRUB_CMDLINE_LINUX=""> Nope the line: GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" iommu=soft amd_iommu ↑ must be: GRUB_CMDLINE_LINUX_DEFAULT="quiet splash iommu=soft amd_iommu" ↑ then post the output of the following command: ~# update-grub whether no error message, then reboot the system. -- Franco Martelli
Re: Bluetooth sound problems Debian 12 GNOME
> You may try to discriminate hardware/software issues when you comparing > different laptops by booting various live images (GNOME, xfce, etc.). > I will try... Thank you. What do you think about QUANT parameter in *pw-top*? Can it influence sound quality? I wasn't able to change it with *pw-metadata -n settings 0 clock.force-quantum 2048*
problem with installer (testing)
The newly released debian installer (daily build) for testing do not show the LVM logical volumes and fail when asked for LVM configuration. The problem is quite new because a installer build im mid February worked fine. So who do I have to file the bug to? Regards Angelo Pozzi
Re: printing QR-codes on labels with 300dpi label printers with LaTeX
On 14/3/24 17:47, jeremy ardley wrote: For reference on a 203 DPI (8 dots per mm) printer, a GS1-128 barcode takes up 12 modules per character. The minimum size of a module is 1 pixel so 1 character is 12 pixels wide or 1.2mm on a 203 dpi printer. Assuming a 40 character barcode at 1 pixel per module, it will span 48mm. However it is very unusual to have 1 pixel per module. Instead at 2 pixels per module the barcode is 96mm and at 3 pixels it will be 144mm My error; The character spacing is 1.5mm at 203dpi. So 40 characters is 60mm at 1 pixel per module, 120mm at 2 pixels per module, and 180mm at 3 pixels per module. This means for a 40 character barcode you can at best print at 2 pixels per module on a typical 100x150m shipping label. This allows for no errors in quantization of pixel sizes and It's really hard to do with a printing system that does not start and continue with accurate pixel registration.
Re: printing QR-codes on labels with 300dpi label printers with LaTeX
On 14/3/24 06:59, hw wrote: Manufacturers can provide CUPS drivers as well, but the barcode application is usually only windows. In my case I had to write my own CUPS driver as the manufacturer does not provide one. How did you do that? It is simply a C program that gets given some parameters and a bitmap by CUPS The program processes the bitmap and frames it with printer commands to place the bitmap on the printer page. CUPS abstracts the actual device interface (in my case USB). But in development I wrote the code to send commands directly to the USB device Getting back to pixel registration, the latex CUPS route is very unlikely to work well. It's working great here since years. Barcodes are no problem, only qr codes can't be scanned. This surprises me greatly. 2D codes have very large features compared to barcodes. They should be relatively immune to pixel quantization. For reference on a 203 DPI (8 dots per mm) printer, a GS1-128 barcode takes up 12 modules per character. The minimum size of a module is 1 pixel so 1 character is 12 pixels wide or 1.2mm on a 203 dpi printer. Assuming a 40 character barcode at 1 pixel per module, it will span 48mm. However it is very unusual to have 1 pixel per module. Instead at 2 pixels per module the barcode is 96mm and at 3 pixels it will be 144mm With the barcode you have no leeway in the pixel sizes. You must have it exact to scan. In comparison, a QR code typically will have modules 8 pixels square and typically is 26x26 or 32x32 pixels. At 26x26 the printed code is 26mm square at 203dpi. You can afford to be out by a pixel at those dimensions. If you have problems scanning QR codes at those sizes perhaps your QR codes are invalid to start with? If you print them out really large will they scan?
Re: DoS protection pour Serveurs Debian ?
Le 13 mars 2024 Jean-François Bachelet a écrit :
> qu'utiliseriez vous si l'un de vos serveurs Debian était la cible d'attaques
> style Denial of Service (DoS)?
Je t'ai répondu sur la liste debian-user mais je vais compléter ici :)
A côté de suricata et de crowdsec dont on t'a parlé, filtrer en ingress
avec nftables permet de rejeter de façon économe le gros du trafic
indésirable. Ce qui peut soulager les DoS.
Et tu trouveras sur internet de quoi réduire les DoS avec des
règles de type :
ct state new,untracked \
add @greed_v6 { ip6 saddr limit rate 10/second } \
counter add @blackhole_v6 { ip6 saddr }
ip6 saddr @blackhole_v6 counter drop
Re: DoS protection solutions for Debian Servers ?
On 2024-03-13, Jean-François Bachelet wrote: > what solutions (free or not) do you debian servers pros use (for pro or > private servers) ? You could try suricata. Same as snort but with another community for upgrading rules. Using nftables instead of iptables also could reduce high trafic impact. Especially using ingress filtering. I don't remember if fail2ban uses nftables.
Re: Ethernet not working on a Dell notebook
Am 14.03.2024 schrieb fran...@libero.it: > auto eth0 remove that.
Re: Ethernet not working on a Dell notebook
root@debian:/home/frantal# dmesg |grep r8169 root@debian:/home/frantal# sudo dmesg |grep r8169 root@debian:/home/frantal# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback auto eth0 > Il 14/03/2024 09:19 CET Marco Moock ha scritto: > > > How is /etc/network/interfaces now configured? > > Unconfigure your interface there and only use the NetworkManager. > > Then it should log about autoneg. > > What does > dmesg |grep r8169 > print?
Re: Ethernet not working on a Dell notebook
Here again the answer of journalctl: p19s0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') mar 14 09:02:25 debian NetworkManager[565]: [1710403345.7907] dhcp4 (enp19s0): activation: beginning transaction (timeout in 45 seconds) mar 14 09:02:25 debian NetworkManager[565]: [1710403345.8003] dhcp4 (enp19s0): state changed new lease, address=192.168.1.12 mar 14 09:02:25 debian NetworkManager[565]: [1710403345.8017] policy: set 'Connessione via cavo 1' (enp19s0) as default for IPv4 routing and DNS mar 14 09:02:25 debian NetworkManager[565]: [1710403345.8140] device (enp19s0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed') mar 14 09:02:25 debian NetworkManager[565]: [1710403345.8709] device (enp19s0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed') mar 14 09:02:25 debian NetworkManager[565]: [1710403345.8716] device (enp19s0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed') mar 14 09:02:25 debian NetworkManager[565]: [1710403345.8725] manager: NetworkManager state is now CONNECTED_SITE mar 14 09:02:25 debian NetworkManager[565]: [1710403345.8732] device (enp19s0): Activation: successful, device activated. mar 14 09:02:25 debian NetworkManager[565]: [1710403345.8750] manager: NetworkManager state is now CONNECTED_GLOBAL root@debian:/home/frantal# > Il 13/03/2024 21:06 CET Marco Moock ha scritto: > > > Am 13.03.2024 um 17:53:40 Uhr schrieb Franco Martelli: > > > Sadly the useful information of the command output is truncated, > > could you post it again maximizing the window before you copy? For > > the journalctl command use this synta > > Call journalctl with --no-pager and the full line will be shown and > wrapped where needed. > > -- > Gruß > Marco > > Send spam to 1710348820mu...@cartoonies.org
Re: Ethernet not working on a Dell notebook
How is /etc/network/interfaces now configured? Unconfigure your interface there and only use the NetworkManager. Then it should log about autoneg. What does dmesg |grep r8169 print?
Re: DoS protection solutions for Debian Servers ?
On 13 Mar 2024 20:20 +0100, from jfbache...@free.fr (Jean-François Bachelet): > Looking for advice for protecting debian servers from DoS attacks Denial of service (such as software crashes because of network input), or distributed denial of service (such as connection or system overload because of excessive traffic)? A good start for the former would be to have an easy way to monitor for and apply software updates quickly throughout your stack. The latter is almost impossible to defend against once the traffic has reached the host in question; however, many service providers offer DDoS protection *before* the traffic even reaches the server or maybe even the network, which allows soaking up much greater traffic volumes. So, just for clarity's sake: which is it? > needless to say that fail2ban isn't enough for this task... > > scripts for firewall too... and tiring to make as hackers responses are > damn' fast to this. I could be wrong, but to me this suggests a wrong approach to firewalling. You should run a default-drop or default-reject firewall, and only allow the traffic that is explicitly needed to provide the service that the particular host is supposed to offer. Then there should be very little need to continuously adapt to attackers' tactics on the network level. > what solutions (free or not) do you debian servers pros use (for pro or > private servers) ? Crowdsec is supposed to be quite good; used in a typical fashion, it's similar to fail2ban, but leverages data on attacks from a large number of systems. I understand it can be run either locally on your network or distributing attack data over the Internet also to other users (and benefit from those users' data as well). Another thing that might help for non-public services but certainly isn't a panacea is port knocking and running services on non-standard ports. I use both myself mostly to cut down on log noise, but it's not something that most non-technical users can be expected to be able to deal with; and of course to someone on the network path, it should be considered essentially plaintext authentication. Still, it does reduce the impact of background noise scanning. And of course, again, having a plan and process to apply updates (especially but not necessarily restricted to security-related updates) quickly as they become available. -- Michael Kjörling https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?”
