Re: Misremembered

[Andrei POPESCU]

On Ma, 15 feb 22, 12:41:28, John Hasler wrote:
>  Andrei POPESCU writes:
> > When it loads a kernel or chain-loads another boot-loader it basically
> > hands over control completely,
> 
> Which is what DOS does.

That was possibly not the best choice of words from my side.

DOS was both very limited in capabilities and didn't implement any kind 
of access control or similar. Each application could basically take full 
control over the hardware[1], and any slightly advanced application did, 
because DOS didn't provide much for them to use[2].

But at any point the *same* instance of DOS was still in the RAM, and 
when exiting the application one would typically be back to the *same* 
DOS shell from where the application was started (unless it all crashed, 
of course).

When GRUB is chain-loading another boot-loader or loads an OS it's also 
being completely evicted from RAM. The only way I can think of to "go 
back" without rebooting is for another boot-loader to chain-load the 
"initial" GRUB (which is a new instance of GRUB and in practice is not 
much different then rebooting).

[1] This was probably the best breeding ground for computer viruses the 
bad guys could ever hope for, as they could "infect" (append themselves 
to) any file on the system and install themselves in the MBR.

[2] Apparently this also made applications much harder to port to other 
OSes, which in practice worked as a sort of platform lock-in.

Hope this explains,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Stupid question

[Andrei POPESCU]

On Ma, 15 feb 22, 11:59:59, David wrote:
> On Tue, 15 Feb 2022 at 07:57, Andrei POPESCU  wrote:
> > On Lu, 14 feb 22, 10:41:52, Chuck Zmudzinski wrote:
> 
> > > How does it decide which partition to boot from? I think this is what
> > > the OP is asking.
> 
> > As far as I understand the path to search for the second stage, modules
> > and grub.cfg is defined when installing the first stage in the MBR.
> 
> > By default it should be /boot/grub of the OS used to run grub-install
> > from, but I think the --root-directory parameter can be used to change
> > that.
> 
> A minor typo correction for the avoidance of doubt for any readers ...
> 
> To "change that" you would use the --boot-directory
> parameter of 'grub-install' command, see 'man 8 grub-install'.
> 
> ie "--boot-directory" not "--root-directory"
 
Ugh, I used manpages.debian.org to look it up and didn't notice it 
opened grub-install(8) from grub-legacy instead of grub2-common.

Apologies for any confusion.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Misremembered (was: Re: Stupid question)

[Andrei POPESCU]

On Lu, 14 feb 22, 17:23:52, David Wright wrote:
> > On 2/14/2022 10:19 AM, Bijan Soleymani wrote:
> > > 
> > > Not sure about the Debian installer (except that it does boot and
> > > run Linux, but not sure it ever switches to another kernel
> > > midway), but the Grub bootloader is kind of a mini-OS, in that it
> > > can read files from filesystems (rather than some other
> > > bootloaders that read from specific sectors/blocks of a disk).
> 
> I think that confuses the issue. Grub is just a program, not an OS.
> It can run commands from a shell, and it can load lots of drivers,
> but that doesn't even qualify it as a single-user OS.
 
Well, without digging too much into it GRUB seems to be almost as 
capable as DOS ;)

> It's technically correct to say that Grub is designed with a "kernel"
> and modules, but that's mainly a way of saving space in the final
> product, by having as little excess code included as possible.

As far as I recall there is a very strict limit for the first stage, 
because it has to fit in the MBR.

> There's no concept of kernel- and user-space. They could have as
> easily named the kernel.img "trunk.img", and core.img "body.img",
> to illustrate how Grub is agglomerated.

However, GRUB's capabilities are heavily influenced by what modules are 
available and loaded (as you mention below with the 'normal' module), 
and anyway, an OS isn't defined by having kernel- and user-space.

On the other hand it can't run *other* programs within it's environment 
(scripts in it's own scripting language don't count). When it loads a 
kernel or chain-loads another boot-loader it basically hands over 
control completely, so maybe this is the distinguishing limitation 
compared to a "real" OS.

(this is all as far as I know, and I might be very mistaken about it)
  
> Effectively, Grub has two shells, Grub> and Grub rescue>, depending on
> whether the "normal" module has been loaded, and about the only thing
> you can sensibly do without normal is to find it and insmod it.
> 
> But most people will never see rescue, and with patience it's usually
> fairly straightforward to stumble your way round the system with ls,
> and find something to boot or chainload.
> 
> BTW a very useful command to kick off with in Grub is:
> 
> Grub> set pager=1
> 
> without which it can be hard to use:
> 
> Grub> help

[:facepalm:]

Never bothered to search for something like this, I just assumed it's 
the kind of limitation one has to put up with in such a restricted 
environment (but then why would they write such long help texts, duh).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: 5.15 kernel just won't do on Intel Rocket Lake...

[Andrei POPESCU]

On Mi, 16 feb 22, 00:50:21, David wrote:
> 
> I just wrote about two places where Debian kernel packages with
> "trunk" in their names are visible. But I do not know what those
> packages are. If you can explain what those packages are,
> what their life cycle is, and why they are named "trunk", that
> would be helpful.
 
As far as I recall these are packages that don't have an ABI version 
*yet*. These are superseded by the RCx packages (both available in 
experimental only) and later by the packages with an ABI version (in 
unstable).

Or something like that ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Stupid question

[Andrei POPESCU]

On Lu, 14 feb 22, 10:41:52, Chuck Zmudzinski wrote:
> 
> That's a good clarification that the active partition is a Microsoft thing
> implemented by the bootcode Microsoft installs in the MBR of the device
> chosen to boot from. Now for an unanswered question: What
> does bootcode installed by Debian Linux in the MBR do? 

Typically that would be the first stage of GRUB (other boot loaders 
exist). In very broad terms the first stage will then load the rest of 
GRUB from a partition and run grub.cfg if one exists.

> How does it decide which partition to boot from? I think this is what 
> the OP is asking.

I'm guessing by "boot" here you mean GRUB itself, because once it's 
fully loaded it can boot OSes from any partition it can find / support.

As far as I understand the path to search for the second stage, modules 
and grub.cfg is defined when installing the first stage in the MBR.

By default it should be /boot/grub of the OS used to run grub-install 
from, but I think the --root-directory parameter can be used to change 
that.

Changes to the path are typically done by reinstalling GRUB to the MBR.


Hope this explains,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: dual booting, was Re: Stupid question

[Andrei POPESCU]

On Du, 13 feb 22, 11:01:48, David Wright wrote:
> 
> Typically, one would have a primary, "master" linux system which would
> be used to write an MBR pointing to itself. The other, legacy system
> would have its grub.cfg kept up-to-date, but would never touch the
> MBR by running grub-install.

Another option (at least with MBR, didn't try this with GPT) is to tell 
the Installer to install GRUB in the partition instead of the MBR, and 
then manually install another GRUB instance to the MBR with a 
handcrafted config that is chain-loading the GRUBs in the partitions.

This way each system's GRUB config is nicely following kernel upgrades 
automatically.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Stupid question

[Andrei POPESCU]

On Du, 13 feb 22, 02:40:27, Chuck Zmudzinski wrote:
> 
> This is my understanding of how grub works.
> 
> It looks you are using the old MBR partitioning scheme. The logical
> partition indicates that.
> So I also assume you are using the legacy booting (not UEFI). So the first
> thing that
> happens is that you will have an active partition set that your BIOS will
> boot (if you have
> standard bootcode installed in the first sector of the disk). 

Legacy BIOS doesn't have an understanding of partitions, it will just 
look for a bootloader in the MBR of the mass storage device chosen to 
boot from.

The active / bootable flag was (still is?) a Microsoft thing[1], Linux 
bootloaders never cared about it and can load operating systems 
regardless if the corresponding partition is marked active or not.

[1] as far as I recall it was used in DOS times to let the bootloader 
know which is the system partition, but it could be (ab)used for 
multi-booting ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Memory leak

[Andrei POPESCU]

On Du, 13 feb 22, 08:03:39, Tixy wrote:
> On Sun, 2022-02-13 at 07:30 +0100, to...@tuxteam.de wrote:
> > On Sat, Feb 12, 2022 at 11:45:05PM +0100, Felmon Davis wrote:
> > > On Sat, 12 Feb 2022, Curt wrote:
> > > 
> > > > https://support.mozilla.org/en-US/kb/firefox-uses-too-much-memory-or-cpu-resources
> > > > 
> > > > Firefox may use more system resources if it's left open for long periods
> > > > of time [...]
> > 
> > > what this quote doesn´t mention is tabs opened as ´private browser´ tabs
> > > won´t preserved.
> > 
> > You don't want to have them preserved.
> 
> You may for the case in question, i.e. where you're only restarting
> Firefox work around a memory leak, not because you're finished doing
> the 'private browsing' thing.
> 
> Personally, I'm more paranoid about browser security and tab isolation.
> I have the 'always use private browsing' mode set so, in theory,
> nothing should remain after I close Firefox. Then for the cases where
> I'm doing sensitive stuff (online banking, shopping, etc) I close
> Firefox, re-open it to do that one task, then close it again.

You might (also) be interested in Multi-Account Containers, though they 
are incompatible with Private Browsing.

https://support.mozilla.org/en-US/kb/containers

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Installation on a Lenovo IdeaPad Yoga 13

[Andrei POPESCU]

On Vi, 11 feb 22, 15:24:55, Charles Curley wrote:
> 
> 1) The graphics are terrible. Both graphical and text mode are
> scrunched into the top third or so of the screen, with two copies
> across the top. They are damn near unreadable.

That's likely because your graphic chip is not properly recognized and 
the OS is using some low resolution. That image is displayed by the 
hardware 1:1 on the physical pixels of the screen.

There should be a setting in the BIOS / UEFI Firmware to stretch the 
image over the entire screen. The image quality will likely be poor, but 
it should be readable.
 
> 2) How do I tell it how to pre-seed? In booting I never get access to
> the boot command line.

Sorry, can't imagine what you mean here. Pre-seeding is a function of 
the Debian Installer, which (as far as I recall) is always waiting for 
some input at the first menu. There should be an option to get to a 
command line by pressing some key.
 
> Thinkwiki doesn't seem to mention this beast.

Maybe because it's not a *Think*pad?

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Stalled system shutdown

[Andrei POPESCU]

On Vi, 11 feb 22, 13:36:09, José Luis González wrote:
> 
> I wonder if the package ntopng is necessary for something. If I remove
> it nothing else complains. I didn't know this package before.

At least on buster/arm64 nothing depends on it.

Was the package manually installed or does the description ring any 
bells?

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Request free live CD

[Andrei POPESCU]

On Jo, 10 feb 22, 20:05:32, Celejar wrote:
> On Thu, 10 Feb 2022 16:47:18 +0100
>  wrote:
> 
> > On Thu, Feb 10, 2022 at 03:05:26PM +0100, Dozzyjean Dozie wrote:
> > > Please I will be very much interested to get a live CD from you, please
> > > what are the prerequisites that are needed to be archived this request 
> > > free
> > > cd for free from you.
> > 
> > See here:
> > 
> >   https://www.debian.org/CD/free-linux-cd
> > 
> > Since burning a CD and putting into the mail costs money, you can't
> > expect someone doing it for you. In the above page it is explained
> 
> I'm genuinely curious about this: time and money are both scarce and
> precious resources. Why is there an assumption that people will gladly
> donate of their time to help others, but not their money? Is it because
> the assumption is that the person asking for help should just spend
> his own money, but may not be able to solve his problem by spending his
> own time?

Assuming I might have a decent internet connection, a disc burner and 
spare blank media I might consider helping out.

However, this particular request feels too much like someone just 
wanting to take advantage of some freebie ("hey, I heard you give out 
stuff for free so I want some"), as opposed to someone in real need 
(hey, internet here is slow and/or metered, media burners are nowhere to 
be found, etc., could someone help out?").

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: 5.15 kernel just won't do on Intel Rocket Lake...

[Andrei POPESCU]

On Jo, 10 feb 22, 09:27:26, David Wright wrote:
> On Thu 10 Feb 2022 at 03:39:26 (-0500), Felix Miata wrote:
> > ...if you have a bad BIOS, and wish to boot with more than one connected 
> > display.
> > https://gitlab.freedesktop.org/drm/intel/-/issues/4762 explains the issue, 
> > which
> > has just been announced fixed. But, it appears the fix may only be landing 
> > in
> > kernel 5.17rc3.
> > 
> > I tried to get the latest available kernel that is packaged by Debian 
> > people by
> > reading on
> > 
> > https://wiki.debian.org/HowToUpgradeKernel
> > https://wiki.debian.org/DebianExperimental
> > 
> > I put
> > 
> > Package: linux-image
> 
> Don't you need to glob this?
> 
>   Package: linux-image*

According to apt_preferences(5) it can also be a POSIX extended regular 
expression if surrounded by slashes, but in this case the glob seems 
more appropriate ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: One-user system. Was "One user system."

[Andrei POPESCU]

On Jo, 10 feb 22, 11:11:01, rhkra...@gmail.com wrote:
> On Wednesday, February 09, 2022 06:08:16 AM Andrei POPESCU wrote:
> > I've switched to using sudo because it encourages me to use root only
> > when strictly required.
> 
> That's a good idea, but I'll mention what I do -- I may have started before 
> sudo existed (or, at least, before I knew about it).
> 
> I use kde and keep several konsole (terminals) open, at on one, I open it as 
> root and set the background to be a different color than the non-root konsole 
> (a shade of yello).  
> 
> (Once you pick a color for the background (or any of variety of other user 
> preferences), you can save those so, for example, every time I open a konsole 
> as root, it gets those preferences.
 
I did use to have a root window constantly open and "Ctrl-a r" is still 
opening a 'sudo -i' window in tmux.

The trouble with that is that I would tend to use the root console for 
non-root things. Besides, it's annoying to 'cd' in the non-root terminal 
in some deep directory structure only to find out you need root 
permissions to do what you actually needed to do when you got there.

With sudo I'm incentivized to use non-root as much as possible, even if 
only because I'm too lazy to switch terminals or type 4 letters and a 
space ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Installation "Bullseye"

[Andrei POPESCU]

On Mi, 09 feb 22, 15:51:13, piorunz wrote:
> On 09/02/2022 15:13, Dynosaw wrote:
> > 2. Is it possible to install Debian-11 on an external,
> >      pluggable, medium  such as a USB-pendrive or
> >      a USB-harddisk?
> >      Please note: I'm NOT talking about making a
> >      "live USB" with dd. I mean a full, upgradable,
> >      installation.
> >      If so, can anybody point me at a how-2 or othe dox.
> 
> Of course. Any Linux can do that, and I've been doing it for years.
> Install from one USB stick, and select USB second stick as your target
> hard drive. Then, boot from your second stick which will become your
> main hard drive from this point.
> Be aware of UEFI limitations though, your USB stick may not be bootable
> under UEFI mode, but under BIOS/Legacy mode it certainly will.

For buggy UEFI Firmware it might help to install GRUB to the removable 
media path:

https://wiki.debian.org/UEFI#Force_grub-efi_installation_to_the_removable_media_path

(this is probably a good idea anyway if the USB stick is meant to be 
used on several different computers)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Autostart command after network is available (usbip)

[Andrei POPESCU]

On Ma, 08 feb 22, 17:49:16, Christian Britz wrote:
> 
> 
> On 2022-02-08 17:44 UTC+0100, Christian Britz wrote:
> 
> > [Install]
> > WantedBy=multiuser.target
> 
> Changed that to
> 
> [Install]
> WantedBy=network-online.target

That's like putting the carriage before the horse ;)

(and it probably works only by chance)

You need Wants=network-online.target in addition to After=, see
'man systemd.special' for details.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Wrong libvirt version in bullseye installation

[Andrei POPESCU]

On Lu, 07 feb 22, 14:34:20, Gary L. Roach wrote:
> I have been trying to get a cleen copy of qemu/kvm installed but when I try
> to install qemu-system I get:
> 
>     libvirt-clients : Depends: libvirt0 (= 7.0.0-3) but 8.0.0-1~bpo11+1 is
> to be installed.
> 
>  The same for libvirt-daemon and some others. Version 7.0.0.3 is listed as
> the version used in Bullseye. The 8.0.0-1 version is used in the testing
> version. I have gone through my sources.list files and can not find the
> reason libvirt is trying to be loaded from the testing depository. Could
> anyone help? I have tried clearing the /var/cache files. That didn't help.

In addition to what others wrote, it's very useful to check the output 
of 'apt policy' and 'apt policy ', because they are a better 
indicator of how APT is configured (e.g. did you remember to check for 
other files under /etc/apt/sources.list.d/ and any pins?).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Mini server hardware for home use NAS purposes

[Andrei POPESCU]

On Jo, 03 feb 22, 06:35:40, Jeremy Ardley wrote:
> 
> On 3/2/22 5:42 am, Henning Follmann wrote:
> > 
> > > I'd suggest a Raspberry Pi 4B. The requirements you listed elsewhere
> > > would make this a cheap and workable alternative. The only issue is
> > > that any SATA disks would have to be run through a USB 3 port. Using an
> > > SSD might mitigate any lag. I use one of these with a laptop drive in a
> > > Geekworm case to be the web server on my LAN. My wife an I have NFS
> > > and Samba access to the drive as well. You can run Raspberry Pi OS (a
> > > Debian derivative) on it. Matter of fact, I think you can run the
> > > various media server packages on such a rig as well.
> > > 
> > And we can do one better:
> > the raspi compute module and the cm IO board.
> > here you will get a PCIe socket which then can take up
> > a SATA controller.
> 
> My home server is a nanopi M4V2 with an NVME drive main drive. The boot
> partition is on an SD card but everything else is on an NVME drive.
> 
> It has a fan but never gets hot enough to turn it on. Instead the CNC case
> acts as a large heatsink. In summer the room temperature is over 30C but
> there are no thermal problems.
> 
> O/S is straight Armbian with no tweaks. This makes it more compatible with
> mainline Debian than Raspberry Pi OS is.
> 
> Another advantage of the M4V2 over a Pi 4 is four USB-3 ports. With the
> USB-3 it would be very easy to implement a fast RAID array.

The RockPro64 from PINE64 runs pure Debian, has a PCIe slot that takes a 
SATA adapter and should run fine with just passive cooling. Availability 
might be an issue though...

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: One-user system. Was "One user system."

[Andrei POPESCU]

On Vi, 04 feb 22, 10:34:38, pe...@easthope.ca wrote:
> 
> root@joule:/root# df | grep sd
> /dev/sda27159288  6635136140768  98% /
> /dev/sda4  131124764 12951820 111512132  11% /home
> /dev/sdb13658244  2026200   1446196  59% /home/root/MY
> 
> Note that / is 98% full whereas /home is 11% full. The intention in 
> moving the root home directory from / to /home is just to have space 
> for my data. 

It's unclear what you mean by "data" here, but typically the things that 
are expected to reside in a (super)user's home directory are mostly 
small, i.e. dotfiles and the likes.

Everything else can just be stored elsewhere, no need to relocate the 
home directory itself.

> Yes, 98% needs attention.
> 
> Rather than link /root to /home/root probably better to edit 
> /etc/passwd to have root homed at /home/root. Can try that.
> 
> > You may hit snags. Some programs might refuse to run, or do
> > strange things because they're written to distinguish between
> > root and an ordinary user.
> 
> Used it since yesterday with no significant problem.

It wouldn't surprise me to find out some application is explicitly hard 
coding '/root' as the home directory for the root user, regardless of 
what is specified in /etc/passwd.

> > But hey, it could be quite exciting, like carrying a cocked
> > revolver tucked into your waistband. One casual typo, one
> > misplaced space, and you can blow away a whole disk.
> 
> I view this as an experiment.  If I destroy the system, I reinstall.  
> The debian installer is moderately easy to use.  =8~)
> 
> Also I have the spare machine ready to go as described in the smartd 
> thread.
> 
> Did you use DOS decades ago?  Have you clobbered a DOS system?

More than once :)

I've switched to using sudo because it encourages me to use root only 
when strictly required.

Many admin tools work fine without root permissions when used only to 
retrieve information (e.g. 'apt', 'systemctl') as opposed to do changes 
to the system. It might help to add your user to group 'adm' 
('journalctl') or add [/usr]/sbin to your $PATH ('zpool', 'zfs').

If something really needs root (e.g. 'dmesg') it's just a simple Ctrl-a 
and type 'sudo', especially if sudo is configured to allow 
that specific command without providing a password ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Mounting NFS share from Synology NAS

[Andrei POPESCU]

On Mi, 02 feb 22, 13:49:38, Anssi Saari wrote:
> Greg Wooledge  writes:
> 
> > I'm unclear on how NFS v4 works.  Everything I've read about it in the
> > past says that you have to set up a user mapping, which is shared by
> > the client and the server.  And that this is *not* optional, and *is*
> > exactly as much of a pain as it sounds.
> 
> I've never done that, as far as I remember. NFS (NFSv4, these days)
> mounts in my home network use autofs but I haven't done anything there
> either specifically for NFS of any verstion. I remember there was some
> weirdness at some point with NFSv4 and I didn't bother with it much. I
> had maybe two computers back then so not much of network. But over the
> years my NFS mounts just became NFSv4.

Are you sure you're actually using NFSv4? (check 'mount | grep nfs').

In my experience in order to make NFSv4 work it's necessary to configure 
a "root" share with fsid=0 or something like that and mount
the actual shares using a path relative to it (my NFS "server" is 
currently down, so I can't check exactly what I did).

> Access for me is by UID. Service is by the kernel driver or in the case
> of zfs, the NFS service it provides. I've thought about setting up
> Kerberos but haven't gotten around to it. One thing is, I don't know if
> Kerberos would work with the NFS service zfs provides? No big deal
> either way though.

As far as I know ZFS is using the kernel NFS server, it's just providing 
a convenient method to share / unshare so it's not necessary to mess 
with /etc/exports if all your shares are ZFS data sets.

(zfs-utils Suggests: nfs-kernel-server and 
https://wiki.debian.org/ZFS#NFS_shares implies the same)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Security

[Andrei POPESCU]

On Du, 30 ian 22, 19:27:56, Reco wrote:
> 
> > 
> > How does "people installing without recommends" translate to "GNOME 
> > users" is beyond me,
> 
> Easy. Look closely at two graphical frontends to libvirt they provide in
> main archive.
> Now ask yourself - would I need these on a server? Who would need to use
> these?
 
Those who want a graphical tool to manage their VMs? Installing some 
-gnome packages still doesn't make me a GNOME user ;)

(e.g. I'm using network-manager-gnome with LXDE)
 
Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Security

[Andrei POPESCU]

On Du, 30 ian 22, 15:54:17, Reco wrote:
>   Hi.
> 
> On Mon, Jan 31, 2022 at 01:36:06AM +1300, Richard Hector wrote:
> > On 29/01/22 04:17, Vincent Lefevre wrote:
> > 
> > > Servers shouldn't have pkexec installed in the first place, anyway.
> > > 
> > 
> > libvirt-daemon-system depends on policykit-1.
> > 
> > Should that not be on my (kvm) server either?
> 
> Many years ago exactly this was disputed in #768376.
> Long story short - the only reason libvirt-daemon-system depends on
> policykit-1 is because GNOME users could be confused if it does not.

As far as I can tell the Maintainer's stance (in 2014) was:

Having polkit installed and doing nothing (for people switching to
socke based permission checks) is IMHO a better service to our users
than having all the bugs for people installing without recommends (and
there are many of those)
 

How does "people installing without recommends" translate to "GNOME 
users" is beyond me, considering that GNOME users would have policykit-1 
installed anyway (as a dependency of GNOME) and they are much less 
likely to disable installation of Recommends in the first place.

As written in message #80 circumstances have changed, maybe the 
Maintainer will reconsider.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: USB sound device present but NOT visible in ‘alsamixer’

[Andrei POPESCU]

On Du, 30 ian 22, 14:58:29, Pankaj Jangid wrote:
> Andrei POPESCU  writes:
> 
> > Something is keeping the module busy, but according to lsmod it's not 
> > another module.
> >
> > In case you get any output from
> >
> > lsof | grep /dev/snd
> >
> > (this needs root or sudo)
> >
> > try stopping the applications listed in the first column (the second 
> > column is the process number).
> 
> Thanks Andrei. I followed the following steps:
> 
> 1. Found that it is pulseaudio that is blocking the module unload.
> 2. systemctl --user stop pulseaudio.socket
> 3. systemctl --user stop pulseaudio.service
> 4. Verified that now nothing is blocking snd_usb_audio (using lsof)
> 5. Unloaded module using "modprobe -r"
> 6. Loaded again using "modeprob"
> 7. Started pulseaudio again
> 
> Still the device is not listed in alsamixer and hence cannot play.
> 
> "alsactl init" also producing same errors as before.

Try also unplugging the device after removing the module.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: USB sound device present but NOT visible in ‘alsamixer’

[Andrei POPESCU]

On Du, 30 ian 22, 12:47:27, Pankaj Jangid wrote:
> Andrei POPESCU  writes:
> 
> >> During the boot process, the system detects everything. So there must be
> >> something in the init sequence that I can trigger manually.
> >
> > You can try to unload and reload the corresponding kernel module. Check 
> > the output of
> >
> > lsmod | grep snd
> >
> > (it's probably snd-usb-audio)
> >
> > If it works it might be possible to add the module to some list so that 
> > it is removed on suspend and loaded on resume.
> 
> Thanks Andrei.
> 
> "lsmod|grep snd" results in,
> 
> --8<---cut here---start->8---
> pankaj@anant:~$ sudo lsmod |grep snd
> snd_usb_audio 315392  3
> snd_usbmidi_lib40960  1 snd_usb_audio
> snd_rawmidi45056  1 snd_usbmidi_lib
> snd_seq_device 16384  1 snd_rawmidi
> mc 61440  1 snd_usb_audio
> snd_hda_codec_hdmi 73728  2
> snd_hda_intel  57344  3
> snd_intel_dspcfg   28672  1 snd_hda_intel
> soundwire_intel45056  1 snd_intel_dspcfg
> snd_soc_core  315392  1 soundwire_intel
> snd_compress   32768  1 snd_soc_core
> snd_hda_codec 172032  2 snd_hda_codec_hdmi,snd_hda_intel
> snd_hda_core  110592  3 snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec
> snd_hwdep  16384  2 snd_usb_audio,snd_hda_codec
> snd_pcm   135168  8 
> snd_hda_codec_hdmi,snd_hda_intel,snd_usb_audio,snd_hda_codec,soundwire_intel,snd_compress,snd_soc_core,snd_hda_core
> snd_timer  49152  1 snd_pcm
> snd   110592  24 
> snd_seq_device,snd_hda_codec_hdmi,snd_hwdep,snd_hda_intel,snd_usb_audio,snd_usbmidi_lib,snd_hda_codec,snd_timer,snd_compress,snd_soc_core,snd_pcm,snd_rawmidi
> soundcore  16384  1 snd
> usbcore   323584  6 
> xhci_hcd,snd_usb_audio,usbhid,snd_usbmidi_lib,btusb,xhci_pci
> --8<---cut here---end--->8---
> 
> when I say "modprobe -r snd_usb_audio". It says "Module snd_usb_audio is
> in use". I tried with "-f" option as well. Still cannot unload. Then I
> tried to it again after "alsactl kill quit"; but still cannot unload.

Something is keeping the module busy, but according to lsmod it's not 
another module.

In case you get any output from

lsof | grep /dev/snd

(this needs root or sudo)

try stopping the applications listed in the first column (the second 
column is the process number).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: USB sound device present but NOT visible in ‘alsamixer’

[Andrei POPESCU]

On Du, 30 ian 22, 11:02:34, Pankaj Jangid wrote:
> Jude DaShiell  writes:
> 
> > alsactl --init
> > may help.
> > However alsa makes .lock files in /var/lock/alsa and you may find it
> > helpful to delete the lock file first then once card is set run alsactl
> > store.  Those lock files sometimes prevent alsa from doing a proper
> > detection and change.
> >
> Thanks Jude, for the reply.
> 
> On my installation there is no ‘--init’ option. But it has ‘init’
> command. I just tried that ‘alsactl init’. And there is no
> ‘/var/lock/alsa’ directory. But there is
> ‘/var/lock/asound.state.lock’. I removed this and tried with ‘alsactl
> init’ again. But no positive results in both cases.
> 
> During the boot process, the system detects everything. So there must be
> something in the init sequence that I can trigger manually.

You can try to unload and reload the corresponding kernel module. Check 
the output of

lsmod | grep snd

(it's probably snd-usb-audio)

If it works it might be possible to add the module to some list so that 
it is removed on suspend and loaded on resume.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: SD Memory Card (was The Raspberry Pi that Took a Day Off.)

[Andrei POPESCU]

On Sb, 29 ian 22, 16:39:31, Martin McCormick wrote:
> 
>   Many of the raspbian distributions have a #1 partition
> that is a small fat32 lba partition for Windows users to be able
> to activate debian from Windows.  Is this even necessary once one
> is using unix tools on the disk?

At least for the first Raspberry Pi that partition contains the firmware 
necessary to boot and it has to be FAT because this is what the 
processor understands.

It's probably the same also with newer Raspberry Pi devices.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Android apps on Debian

[Andrei POPESCU]

On Sb, 29 ian 22, 14:38:50, John Hasler wrote:
> local10 writes:
> > First, identify the app you want to install, then download it from
> > apkpure ( https://apkpure.com/ ) or similar sites.
> 
> Apkpure has the Starlink app but as I had never heard of them (No reason
> to, not having an Android phone) I didn't download it immediately.  Are
> they reliable?

The only source I trust is f-droid.org, but I have used apkmirror.com 
for one app that I really needed and couldn't find a FLOSS replacement 
for.

So far I didn't notice anything bad going on, but that doesn't really 
prove anything ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Fwd: Debian 11: Tuning kernel parameters swappiness and watermark_boost_factor to stop SWAP Storm

[Andrei POPESCU]

On Vi, 28 ian 22, 10:15:58, Steven J. West wrote:
> Dear all,
> 
> TL;DR/summary:
> 
>- Tuning vm.watermark_boost_factor to 0 (disable) on Debian
>significantly improves performance on memory-intensive tasks that utilise
>SWAP space, by stopping preemptive kswapd freeing of memory, and
>subsequent page thrashing.
>- I suggest that Debian should tune vm-watermark_boost_fact=0 by default
>to prevent this problem.

Hello,

This list is mostly for Debian users.

While some Debian Developers are reading and even actively engaging with 
the community (thanks!) you should probably send this either to 
debian-kernel or file it as a bug against the source package 'linux'.

(reportbug should do this by default if you point it to any linux-image 
package you have installed)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: btfs disk compatibility between i386 and amd64

[Andrei POPESCU]

On Vi, 28 ian 22, 17:44:59, Joseph Brenner wrote:
> > Careful, unlink in the *nix world typically means delete (a file), while
> you probably meant unmount / mount.
> 
> Yes, precisely.
> 
> 
> > In general there shouldn't be a problem for newer kernels to read older
> versions of a particular file system[1], but the other way around can be
> a problem.
> 
> That's interesting in itself.  Makes some sense.
> 
> On 1/28/22, Andrei POPESCU  wrote:
> > On Mi, 26 ian 22, 17:33:04, Joseph Brenner wrote:
> >> I was wondering if the on-disk data format for btrfs is
> >> compatible between the i386 and amd64 code bases--
> >> e.g. would you expect to be able to swap data drives
> >> between machines running either?
> >
> > In general yes.
> >
> >> I've got an old i386 installation with /home in it's
> >> own partition, and I'm wondering if I can expect to just
> >> unlink /home and install a new amd64 version, and then link
> >> in the home parition again.

Later I realised my answer doesn't directly address your query regarding 
i386 (32 bits) -> amd64 (64 bits).

In general I would expect a 64 bit kernel (could also be arm64) to be 
able to deal with a file system created by a 32 bit kernel. In case 
there are any limitations they are likely to appear the other way 
around, e.g. a file system created on a 64 bit system *might* have some 
internals that can't be dealt with by a 32 bit kernel. Again, such 
limitations should be thoroughly documented.

In any case, just trying to mount the file system (read-only if you want 
to be extra careful) with an eye on 'dmesg -w' should be enough. If 
there are problems the kernel should simply refuse to mount it.

As with anything dealing with possibly irreplaceable data, you should 
have good backups. Could you recover your data if you format and 
overwrite the partition by mistake?

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: "mount -t ntfs" vs "mount.ntfs" ?

[Andrei POPESCU]

On Vi, 28 ian 22, 11:34:44, Yvan Masson wrote:
> 
> Could it be because `mount` uses kernel driver and `mount.ntfs` uses
> ntfs-3g, and that the latter has better "quality" even for read-only? (Note
> that this sentence is a complete guess)

Try 'ls -l /sbin/mount.ntfs' ;)


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: btfs disk compatibility between i386 and amd64

[Andrei POPESCU]

On Mi, 26 ian 22, 17:33:04, Joseph Brenner wrote:
> I was wondering if the on-disk data format for btrfs is
> compatible between the i386 and amd64 code bases--
> e.g. would you expect to be able to swap data drives
> between machines running either?
 
In general yes.

> I've got an old i386 installation with /home in it's
> own partition, and I'm wondering if I can expect to just
> unlink /home and install a new amd64 version, and then link
> in the home parition again.

Careful, unlink in the *nix world typically means delete (a file), while 
you probably meant unmount / mount.


In general there shouldn't be a problem for newer kernels to read older 
versions of a particular file system[1], but the other way around can be 
a problem.

More than that, as far as I recall some newer kernels would 
automatically enable some new features thus rendering the particular 
file system unreadable for older kernels[2].

In any case, this should be very well documented for every file system, 
so you should check the btrfs documentation for that.


[1] In this context I consider the various ext file systems to be 
different file systems, not different versions of the same file system, 
although they do have much more in common between them then with xfs or 
so.

[2] I believe this was with ext4, but it could have been ext3

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Security

[Andrei POPESCU]

On Jo, 27 ian 22, 21:44:07, Nicholas Geovanis wrote:
> On Wed, Jan 26, 2022, 12:39 PM Andrei POPESCU 
> >
> > And please don't bother to reply with "there are no other users on this
> > system I should worry about", the bad guys could still find ways to get
> > in, e.g. via a compromised browser, regardless if you are behind a
> > firewall or not[1].
> 
> Servers don't have browsers installed on them, for exactly this reason.

(already addressed by Vincent)
 
> I think your argument above that is a red herring. Because file attribute
> modification detection should be running regularly. On home machines as
> well as servers. Without that, "keeping the system up-to-date" will not
> prevent intrusion.

I'm missing the connection between this vulnerability and file attribute 
modification detection, please elaborate.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: gnu screen and resizing terminal window

[Andrei POPESCU]

On Mi, 26 ian 22, 18:45:41, Tim Woodall wrote:
> I have to use PuTTY to connect to a debian server. For reasons that are
> outwith my control the ssh session disconnects every 24 hrs.
> 
> Therefore I run screen so after reconnecting I can recover to whereever
> I was at.
> 
> However, the PuTTY window does not resize to whatever it was previously.
> I can find lots of questions asking how to turn this feature off but
> nothing on why it doesn't work for me.
> 
> I'm not wedded to screen - about the only feature I'm using is the
> scrollback buffer - so a change change to tmux is possible if that will
> help but I'd really like the resizing to work. Does this work for
> anyone?

As far as I recall the screen window size is limited to the smallest 
terminal that is connected to the particular session.

Maybe screen thinks there are other connections still present?

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Security

[Andrei POPESCU]

On Ma, 25 ian 22, 16:13:23, Nate Bargmann wrote:
> I am subscribed to that list and get them too.
> 
> I just see that three more messages popped in since this morning from
> the security list.
> 
> The complaints seem to be only about browsers.  The inference seems to
> be that the latest release always fixes security bugs.  While this is
> true to an extent, what is seldom acknowledged is that new releases also
> bring new and as yet undisclosed bugs that will be fixed next time or
> the time after or the time after that or...  I figure it's a gamble
> either way and stick with the Debian packages.

I'll use the opportunity to draw attention to DSA-5059-1, see e.g. this 
article for details:

https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/

And please don't bother to reply with "there are no other users on this 
system I should worry about", the bad guys could still find ways to get 
in, e.g. via a compromised browser, regardless if you are behind a 
firewall or not[1].

Any system connecting to the internet should be kept up-to-date.

Even if you don't care about your data, privacy, etc., your system will 
probably become part of some botnet and be used to spread malware and 
spam to others.


[1] Of course, the risk level is significantly lower for the typical 
home user, but still not negligible in my opinion - we just can't know 
what unknown browser vulnerabilities there might be lurking, which the 
bad guys could actively exploit via malicious websites (vs. targeted 
attacks for high value targets).

In today's world once your browser is compromised https://xkcd.com/1200/ 
applies.


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: hostname is being reset, killing net on reboot

[Andrei POPESCU]

On Ma, 25 ian 22, 21:27:17, gene heskett wrote:
> 
> It works fine with no complaints.
> 
> Here is the bottom of /etc/dhcpcd.conf:
> 
> # Example static IP configuration:
> #interface eth0
> #static ip_address=192.168.0.10/24
> #static ip6_address=fd51:42f8:caae:d92e::ff/64
> #static routers=192.168.0.1
> #static domain_name_servers=192.168.0.1 8.8.8.8 fd51:42f8:caae:d92e::1
> 
> # It is possible to fall back to a static IP if DHCP fails:
> # define static profile
> profile static_eth0
> static ip_address=192.168.71.13/24
> static routers=192.168.71.1
> static domain_name_servers=192.168.71.1
> 
> # fallback to static profile on eth0
> interface eth0
> fallback static_eth0
> 
> So if dhcpd fails, it uses the above, and it Just Works.
> And I've not found any reference to it in the man page. So I've no clue 
> why it seems to be such a huge, no one knows about it secret.

This must be the most complicated, round-about, inefficient method I've 
ever seen to configure a static IP :)

Is it so difficult to find out what is the canonical method to configure 
a static IP on a Raspberry Pi OS? This is such a basic task it should be 
somewhere in their documentation, wiki, whatever.

Even if they don't officially support static IPs (which I seriously 
doubt), you could still find out what is starting dhcpcd and disable it.

Then it should be possible to configure a static IP with any of Debian's 
network management tools you like. You might need to install it first 
though, preferably while the network connection is still up ;).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: hostname is being reset, killing net on reboot

[Andrei POPESCU]

On Mi, 26 ian 22, 11:55:36, Greg Wooledge wrote:
> On Wed, Jan 26, 2022 at 10:42:23AM -0600, David Wright wrote:
> > And the first word in "CONTENTS/usr/share/man/man5/dhcpcd.conf.5.gz"
> > should tell you that I don't have that file either, but I downloaded
> > dhcpcd5_7.1.0-2+b1_amd64.deb just as I did last time you raised this.
> > And if I type "man" into google, I get a list of previously sought
> > man pages as the response, rather than "camera tv".
> 
> Why not just use
> ?

+1 for manpages.debian.org, it's even possible to have it as an 
additional search engine in browsers that support it.

> Is it too new?  You can replace "bullseye" with "buster" in the URL.
> Or "stretch", etc.
 
I should close #931992 then ;)


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: hostname is being reset, killing net on reboot

[Andrei POPESCU]

On Ma, 25 ian 22, 11:18:21, Brian wrote:
> On Tue 25 Jan 2022 at 09:31:57 +0100, Andrei POPESCU wrote:
> > 
> > Could you point to any (reasonably up-to-date) documentation or is it 
> > sufficient to just install avahi-daemon and libnss-mdns?
> 
> 'apt install avahi-daemon' is sufficient. libnnss-mdns is a recommended
> package of avahi-daemon. Machines with cups installed will already have
> both packages. Documentation is at
> 
>   https://www.avahi.org/
>   https://github.com/lathiat/nss-mdns
> 
> and in /usr/share/doc.
>  
> > Can mDNS resolve only hostnames or is it necessary to always mention the 
> > '.local' domain?
> 
> .local is required.

Less than optimal (yes, I'm lazy), but I might be able to live with it ;)

Is there a way to have "generic" names, e.g. something like "mpd.local", 
independent of the system's hostname?

I like to name systems based on their hardware, not based on the 
service(s) they provide.

If for some reason I want to move the mpd service from one system to 
another, how can I do that without having to reconfigure all clients?

My current solution is to point something like mpd.(mylocaldomain) to 
the correct IP address in the router (OpenWrt) and use that in all 
clients[1]. If I need to move the service to another system I only need 
to adjust the configuration in one place.


(I'm aware mpd might not be the best example here, since as far as I 
know it has native zeroconf support, but let's just assume clients are 
either buggy or lack zeroconf support completely. Besides, this would 
apply also to services without zeroconf support.)


[1] shared /etc/hosts doesn't work for this, because some clients are 
running on systems where deploying a custom /etc/hosts would be too 
complicated (assuming /etc/hosts or something like it is even 
supported).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Bullseye - who and users return nothing

[Andrei POPESCU]

On Ma, 25 ian 22, 04:03:17, Gareth Evans wrote:
> 
> Googling "Detected unsafe path transition during canonicalization" led me to 
> 
> https://bbs.archlinux.org/viewtopic.php?id=260924
> 
> where a user sees this error because / is owned by the user rather than root.
> 
> Lo and behold
> 
> $ stat /
> 
> shows this is what has somehow happened.
> 
> $ sudo chown root:root /
> 
> solves the disappearing /var/run/utmp problem (and fixes who/users) 
> 
> There is nothing in bash history to suggest I did this - can/should it happen 
> any other way?

Occam's Razor would suggest this was done when setting up your / on ZFS.


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: USB UEFI recovery stick

[Andrei POPESCU]

On Lu, 24 ian 22, 03:39:47, deloptes wrote:
> 
> Hi all,
> is there a way to have a USB UEFI stick that works similar to the Debian
> installer - for example to boot into UEFI and recover the boot loader.
> One machine here seems a bit older and refuses to boot into UEFI from the
> USB - rendering USB obsolete as recovery option. In BIOS USB says AUTO
> (other option is Legacy) however if I disable Legacy keyboard does not
> work.

The USB AUTO / Legacy options would suggest to me[1] they are about the 
USB itself, i.e. support for older USB standards (1.1 and/or 2.0), which 
might explain why your keyboard stops working.

As David mentioned, some USB ports might not support booting at all, you 
should try all available USB ports.

[1] Hard to tell without looking at the menus, but the system's / 
motherboard's user manual should explain what each option actually does. 
Admittedly the explanation is often incomplete and/or badly worded.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: trying to get bookworm net going on an rpi4

[Andrei POPESCU]

On Du, 23 ian 22, 22:43:49, Andy Smith wrote:
> Hi,
> 
> On Sun, Jan 23, 2022 at 04:08:34PM -0500, gene heskett wrote:
> > So what is the official, works in bookworm every time, way to totally 
> > kill ipv6, making it use ipv4 for everything?
> 
> You don't need to; having IPv6 active doesn't cause any problem even
> if you don't have a default route that supports IPv6. If it does
> cause a problem then there is a misconfiguration to be solved. You are
> wasting your time and introducing more places where you can make a
> configuration error resulting in yet another of your megathreads¹.

To be 100% fair, there *were* some issues with DNS and IPv6.

It's 10 years or more since, but as far as I remember it was due to 
crappy DNS servers (mostly in proprietary firmwares of home routers), 
that claimed to support IPv6, but failed to do so properly.

The quick fix was indeed disabling IPv6 support on the Linux side, but I 
believe the issues were soon worked around in the Linux kernel[1].

This is very unlikely to affect Gene as he is running (hopefully 
updated) DD-WRT on the router.

[1] Not sure if any Debian stable release was even affected by this, and 
even if it did, it was one release at most.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Why is systemd starting Firefox?

[Andrei POPESCU]

On Lu, 24 ian 22, 00:50:01, local10 wrote:
> Jan 23, 2022, 23:24 by avbe...@gmail.com:
> 
> > Does this command show anything useful when 'firefox-esr' is running?
> >     $ systemctl --user status
> >
> 
> There's a few entries like the following:
> 
> ├─app-firefox\x2desr-dc24162ec3664da890a78fe619b4b1e4.scope 
>    │ │ ├─51854 /usr/lib/firefox-esr/firefox-esr -ProfileManager
>    │ │ ├─54031 /usr/lib/firefox-esr/firefox-esr -contentproc -childID 
> 3 -isForBrowser -prefsLen 5019 -prefMapSize 291459 -jsInit 285716 
> -parentBuildID 20220105212146 -appdir /usr/lib/firefox-esr/browser 51854 true 
> tab
>    │ │ ├─54109 /usr/lib/firefox-esr/firefox-esr -contentproc -childID 
> 4 -isForBrowser -prefsLen 5743 -prefMapSize 291459 -jsInit 285716 
> -parentBuildID 20220105212146 -appdir /usr/lib/firefox-esr/browser 51854 true 
> tab
>    │ │ ├─55941 /usr/lib/firefox-esr/firefox-esr -contentproc 
> -parentBuildID 20220105212146 -prefsLen 5876 -prefMapSize 291459 -appdir 
> /usr/lib/firefox-esr/browser 51854 true rdd

The full output is a tree, so you should be able to tell what is 
starting it.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: trying to get bookworm net going on an rpi4

[Andrei POPESCU]

On Lu, 24 ian 22, 00:27:23, deloptes wrote:
> 
> Don't know but I have following there (in /etc/sysctl.conf)
> 
> net.ipv6.conf.all.disable_ipv6 = 1
> net.ipv6.conf.default.disable_ipv6 = 1
> net.ipv6.conf.lo.disable_ipv6 = 1
> 
> and it does not disable ipv6
> 
> # lsmod | grep ipv
> ipv6  458752  80 bridge,udp_diag

Why should disabling the IPv6 support in the kernel prevent the module 
from loading?

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: smartd

[Andrei POPESCU]

On Du, 23 ian 22, 19:09:48, Linux-Fan wrote:
> pe...@easthope.ca writes:
> > 
> > I knew nothing of RAID.  Therefore read here.
> > https://en.wikipedia.org/wiki/RAID
> > 
> > Reliability is more valuable to me than speed.  RAID 0 won't help.
> > For reliability I need a mirrored 2nd drive in the host; RAID 1 or
> > higher.
> > 
> > Google of "site:wiki.debian.org raid" returned ten pages, each quite
> > specialized and jargonified.  A few tips to establish mirroring can
> > help.
> 
> Here, it returns a few results, too. I think the most straight-forward is
> this one:
> 
> https://wiki.debian.org/SoftwareRAID
> 
> For most purposes, I recommend RAID1. If you have four HDDs of identical
> size, RAID10 might be tempting, too, but I'd still consider and possibly
> prefer just creating two independent RAID1 arrays.
> 
> If you want to configure it from the installer, these step-by-step
> instructions show all the relevant installer screens:
> 
> https://sleeplessbeastie.eu/2013/10/04/how-to-configure-software-raid1-during-installation-process/
> 
> Also, keep in mind that establishing the mirroring is not all you need to
> do. To really profit from the enhanced reliability, you need to play through
> the recovery scenario, too. I recommend doing this in a VM unless you have
> some dedicated machine with at least two HDDs to play with.

Another thing to consider is that Linux Software RAID (also known as 
"md" or "mdadm" RAID) by itself doesn't have any integrity checking.

In case one of the drives returns bad data[1] it may end up overwriting 
the good data on the other drives[2][3].

It's possible to add an integrity checking layer, but in my opinion at 
that point the whole setup becomes so complex one might as well be using 
btrfs or ZFS instead.

Both have built in integrity checking and can recover the data provided 
there is at least one good copy available[4], in addition to the many 
other features they bring (logical volume management, snapshots, 
copy-on-write, etc.).


For the avoidance of doubt, neither is a replacement for backups[5].


[1] Cosmic rays flipped a bit, bad drive, bad cable, bad controller, 
etc.

[2] https://unixsheikh.com/articles/battle-testing-zfs-btrfs-and-mdadm-dm.html

[3] A RAID 1 can have more than just 2 drives, it's just uncommon in 
home setups because of cost reasons.

[4] It's possible to use both btrfs and ZFS without redundancy. They 
will be able to tell your data is corrupted, but won't be able to 
recover it, of course.

[5] http://taobackup.com/

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Why is Debian not telling the truth about its security fixes?

[Andrei POPESCU]

On Lu, 24 ian 22, 07:47:01, max wrote:
> January 22, 2022 2:23:48 PM CET max  wrote:
> 
> > https://medium.com/@maxwillb/why-is-debian-not-telling-the-truth-about-its-security-fixes-85f0f85f19a0
> 
> I've updated the post taking into account the feedback so far (There 
> weren't any corrections, but there were misunderstandings, and I try 
> to avoid those). Please don't share (on reddit or HN) until it's 
> perfect. Let me know if there is anything else that can be improved. 
 
If your intention is to troll (Debian? d-u subscribers?), or demonstrate 
basic misunderstanding of disclaimers, then it's too "in your face".

Really good trolling requires more subtlety ;)


If neither was your intention the article only reflects badly on you, 
without helping in any way improve the matter you're upset about[1].


In any case, it's probably better to just take it down completely.


[1] Debian's security support is imperfect - what a surprise. If you're 
unhappy with that please do contact Debian's Customer Relations 
department for a full refund of the license fee you paid[2].

[2] Yes, the above is intended as humorous, but Poe's law...


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: hostname is being reset, killing net on reboot

[Andrei POPESCU]

On Lu, 24 ian 22, 23:54:41, Brian wrote:
> 
> Resolving hostnames on the local network is simple and reliable when
> avahi-daemon and linnss-mdns are available.
> 
>   brian@desktop:~$ getent hosts envy4500.local
>   192.168.7.235   envy4500.local
> 
> Continually and nanually maintain /etc/hosts? Not in 2022!

Ok, I'll bite :)

Could you point to any (reasonably up-to-date) documentation or is it 
sufficient to just install avahi-daemon and libnss-mdns?

Can mDNS resolve only hostnames or is it necessary to always mention the 
'.local' domain?

Thanks,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Why did Norbert Preining (having maintained KDE) left Debian?

[Andrei POPESCU]

On Lu, 24 ian 22, 01:37:55, max wrote:
> January 22, 2022 1:52:16 PM CET "Marco Möller" 
>  wrote:
> 
> > Without transparency the Debian project does not present itself as  
> > community driven, but as a closer circle of directing minds hiding the  
> > reasoning for their decisions. 
> 
> Indeed. In the US, one can demand to read the archived emails of 
> public officials (not just mailing lists)

Does a foreign citizen enjoy the same right?

The various delegated teams (including DAM) ultimately answer only to 
Debian Project Members, all of which do have access to debian-private.

(see the Debian Project's Constitution for details)

As users we "only" get to enjoy the results of their labour, for free.
 
> Why does Debian need "private" mailing lists? What is it hiding from the 
> public?

There's this thing called "privacy", especially of the person directly 
affected.

In some countries there are even laws regulating that (e.g. the EU GDPR) 
and publicly sharing sensitive information about other persons is 
illegal.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Why did Norbert Preining (having maintained KDE) left Debian?

[Andrei POPESCU]

On Du, 23 ian 22, 10:52:48, deloptes wrote:
> 
> I will be not surprised if I replace debian with something else in the
> future. Not because I care that much about the  CoC, but because the
> ideologically motivated organization will not be able to deliver the
> expected quality.

Typically such (mostly off-topic) threads on d-u happen right before a 
major Debian release, when everybody is waiting for the new stable and 
there aren't many technical questions.

For this thread to happen so shortly *after* a major release, to me this 
indicates there aren't many problems with bullseye \o/.


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Kodi (SID)

[Andrei POPESCU]

On Sb, 22 ian 22, 15:41:37, SDA wrote:
> Greetings!
> 
> The past week or so, up until today Kodi has been segfaulting on me - Anyone 
> else?
> Starting from a term:
> 
> failed to open zone.tab
> libva info: VA-API version 1.13.0
> libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/r600_drv_video.so
> libva info: Found init function __vaDriverInit_1_13
> libva info: va_openDriver() returns 0
> Segmentation fault
> 
> So, appears to be a video driver issue ...
> file via reportbug. Haven't rec'd bug# yet. Will update when rec'd.
 
Do you have the firmware for your video card installed?

dmesg | grep -i firmware

(needs sudo or root)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Can't switch to different wifi network after switching users

[Andrei POPESCU]

On Sb, 22 ian 22, 13:45:50, Luiz Romário Santana Rios wrote:
> Hello,
> 
> I'm running Debian 11 with KDE and I can't switch to a different
> network if I switch to a different user. The first noticeable problem
> is that every single listed network appears with the "Disconnect"
> button, as if all of them are simultaneously connected (which they're
> obviously not). If I then try to switch to any network from the applet
> I get this:
> 
> "Private connection already active on the device: uid 1000 has no
> permission to perform this operation"

It might help to mark the connection(s) as usable by others.

In the Gnome applet for Network Manager this is done by checking a box 
named "All users may connect to this network", don't know how it's in 
KDE.

Hope this helps,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: hostname is being reset, killing net on reboot

[Andrei POPESCU]

On Sb, 22 ian 22, 07:13:18, gene heskett wrote:
> 
> its for its own eth0 on the rpi4b. And I guess it is raspi specific. It 
> doesn't exist on this x86-64 bullseye install.

Likely the source of your problems is that Raspberry Pi OS has DHCP 
enabled by default.

It might have been done using Debian specific tools (ifupdown, i.e. 
/etc/network/interfaces or files under /etc/network/interfaces.d/), some 
other known tools (systemd-networkd, Network Manager, etc.), or their 
own concoction.

If you intend on keeping the Raspberry Pi OS you have to learn how it's 
configured and deal with that.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: hostname is being reset, killing net on reboot

[Andrei POPESCU]

On Sb, 22 ian 22, 20:07:45, David Wright wrote:
> 
> Because the basic /etc/hosts file looks something like:
> 
>   127.0.0.1   localhost
>   192.168.1.1 router.corp router
>   192.168.1.2 cascade.corpcascade
>   127.0.1.1   acer.corp   acer# 192.168.1.10
>   # The following lines are desirable for IPv6 capable hosts
>   ::1 localhost ip6-localhost ip6-loopback
>   ff02::1 ip6-allnodes
>   ff02::2 ip6-allrouters
> 
> and the hostname, acer, will be different on each host.

Instead of listing the machine's name with 127.0.1.1 I'm using it's 
actual IP (like the one you have in the comment). 

Any potential issues I should be aware of?

As far as I can tell (with my limited understanding of DNS) it only 
makes it easier to share /etc/hosts with no obvious downside.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: firejail: changing Ethernet network adapter name is breaking Firefox profile

[Andrei POPESCU]

On Sb, 22 ian 22, 10:00:34, to...@tuxteam.de wrote:
> 
> *Poof*, your Ethernet device name changes, since, by default [1] it's
> named after the path in the USB device tree leading to your device.
> Don't forget to stick your Ethernet dongle into the same port
> afterwards. Else... *poof*.

I thought USB dongles are supposed to be using the MAC based naming 
scheme by default.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: firejail: changing Ethernet network adapter name is breaking Firefox profile

[Andrei POPESCU]

On Sb, 22 ian 22, 09:52:45, David Wright wrote:
> On Sat 22 Jan 2022 at 11:32:17 (+), piorunz wrote:
> > On 22/01/2022 07:28, Andrei POPESCU wrote:
> > > On Lu, 17 ian 22, 22:43:49, piorunz wrote:
> > > > 
> > > > Problem is, every now and then, Ethernet adapter name changes, from
> > > > enp5s0 to enp6s0 for example.
> > > 
> > > Those names are supposed to be stable.
> > > 
> > > Are you doing any changes to the hardware when that happens?
> > 
> > No, I just reboot or turn off & on again my computer.
> 
> Presumably that has to be caused by the hardware or the firmware,
> which sounds decidedly flaky, and something the OS can do nothing
> about, except work around it.

A BIOS / UEFI Firmware update might fix it.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: is it possible to install bullseye by copy whole disk?

[Andrei POPESCU]

On Sb, 22 ian 22, 09:40:39, David Christensen wrote:
> 
> A simple case is to image the entire device.  Boot the Debian Installer
> (d-i) (or a live Linux distribution) and use dd(1) to copy the entire USB
> drive to the entire HDD:
> 
> # dd bs=1M if=/dev/disk/by-id/usb-... of=/dev/disk/by-id/ata-...
> 
> 
> When done, shut down the computer, disconnect the USB drive, boot the
> computer, enter the CMOS setup utility, adjust the settings, save the
> settings, exit Setup, and boot the HDD.
> 
> 
> Of course, the number of sectors on the target device must be equal to or
> larger than the number of allocated sectors on the source device. And, if
> the device uses GPT partitioning, you must deal with the backup partition
> table at the end.

It seems one can avoid such issues simply by cloning only the file 
system instead.

At least e2image (with the -a switch) seems to be able to do that, other 
file systems might have their own tools for that.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: is it possible to install bullseye by copy whole disk?

[Andrei POPESCU]

On Sb, 22 ian 22, 02:36:27, lou wrote:
> i've installed bullseye on usb disk
> 
> can i copy it to hard disk (sda2) and make necessary change in /etc/fstab
> and
> 
> then update grub of usb disk to boot sda2?

Something like that should be possible, yes.

For more visibility you might want to re-send your question in a new 
mail to this list instead of a reply with changed Subject.

https://www.urbandictionary.com/define.php?term=Thread%20Hijacking

(yes, your e-mail shows up as "attached" to the original thread, see 
https://lists.debian.org/debian-user/2022/01/thrd2.html)

To provide useful hints you should provide exact details about the USB 
disk and the hard disk you want to move the installation to (ideally 
output of 'fdisk -l'), as well as the computer(s) involved, in 
particular whether they are booting via BIOS or UEFI, what other 
operating systems are installed (if any) and what other disk drives are 
installed (if any).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: hostname is being reset, killing net on reboot

[Andrei POPESCU]

On Vi, 21 ian 22, 23:51:20, gene heskett wrote:
> On Friday, January 21, 2022 10:46:35 PM EST Greg Wooledge wrote:

[lots of good stuff]

> This is all well and good, Greg, but it still does NOT give a clue what 
> todo when the system picks a fictitious route out of its rear.

In order to even try guessing you must tell us how did you ever 
configure the network on this machine.

Non-exhaustive list of possibilities:

1. It was done automatically during installation
2. It was configured manually by you during installation

(if any of these please specify if you installed a Desktop 
Environment at the same time)

3. You edited some file after installation

(please provide the full contents of it, preferably as attachment)

4. You installed and configured some software (which one?)

etc.


In any case, please provide:

A. The full contents of /etc/network/interfaces) and any file under 
/etc/network/interfaces.d/ (preferably attached)

B. The full outputs of 'networkctl' and 'nmcli'.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Authentication required message window after nvidia drivers installation.

[Andrei POPESCU]

On Vi, 21 ian 22, 15:24:29, Thanos Katsiolis wrote:
> Hello,
> 
> the title of the post says pretty much everything.
> I have the NVIDIA Quadro P400 graphics card and installed the NVIDIA
> drivers as described in Debian wiki NVIDIA Proprietary Driver
>  for Debian 11.2.
> 
> The message appears when an Application starts or when a window from an
> application opens. Some applications were left with a blank screen
> when launching, but after a restart, when I press escape on the message,
> the application starts normally.
> Any ideas on how to fix it?

This is likely completely unrelated to installing the NVIDIA drivers.

Please provide more information about your Desktop Environment and the 
applications that exhibit this behaviour.

Any other non-Debian software on the system?

The output of 'id' in a terminal might provide some hints as well (feel 
free to obscure your user and group name, the interesting part is what 
other groups, if any, your user is a member of).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: firejail: changing Ethernet network adapter name is breaking Firefox profile

[Andrei POPESCU]

On Lu, 17 ian 22, 22:43:49, piorunz wrote:
> 
> Problem is, every now and then, Ethernet adapter name changes, from
> enp5s0 to enp6s0 for example. 

Those names are supposed to be stable.

Are you doing any changes to the hardware when that happens?


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: AMD EPYC throttled to 400 mhz

[Andrei POPESCU]

On Lu, 17 ian 22, 22:08:43, Alexander V. Makartsev wrote:
> On 17.01.2022 18:40, Simon Kainz wrote:
> > 
> > I did not set/change governor/driver settings, this is a stock debian
> > kernel.
> Is the server platform runs latest BIOS and firmware?
> Things I'd try first if I was in your place.
> I always flash latest firmware available as a pre-sale procedure, or during
> server installation.

Installing amd64-microcode (from nonfree) might be a good idea as well.
 
Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Chromium security updates

[Andrei POPESCU]

On Jo, 20 ian 22, 00:08:52, Richmond wrote:
> I see debian 10's chromium is currently on version 90.0.4430.212
> (Developer Build), whereas google-chrome is on Version 97.0.4692.99
> (Official Build) (64-bit). Does that mean it is out of date and has
> security vulnerabilities?
> 
> https://chromereleases.googleblog.com/search/label/Stable%20updates

The plan was:

https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#browser-security

Unfortunately both Firefox and Chromium proved to be much more of a 
challenge then expected at the time of releasing Debian 10 "buster" (now 
oldstable).

Firefox appears to be in slightly better shape (updated version 
available in bullseye/stable, still pending for buster/oldstable).

Updated Chromium for bullseye/stable appears to be imminent, hopefully 
buster/oldstable will follow.
 
> Debian 10 is supported until 2024.
>
> https://wiki.debian.org/LTS

As per https://wiki.debian.org/LTS/Using not all packages are supported 
by LTS.


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: strange file query

[Andrei POPESCU]

On Lu, 17 ian 22, 17:00:48, ghe2001 wrote:
> 
> (I grew up, computer-wise, in the days of the 7" floppy disk -- a 
> megaByte still feels like a lot of disk space.)

You generated more data than that with your first post sent to the 3000+ 
d-u subscribers, not counting replies ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: User group "users"

[Andrei POPESCU]

On Vi, 21 ian 22, 14:49:09, Steve Keller wrote:
> I see that on my Debian systems there is a user group "users" with GID 100,
> but by default no user gets added to it.  So what is the purpose or reason
> to have it?
> 
> >From old Unix installations I know the group "users" which every user was
> a member of, by default.
 
According to /usr/share/doc/base-passwd/users-and-groups.txt.gz

   users
  While Debian systems use the user-group system by
  default (each user has their own group), some prefer to
  use a more traditional group system. In that system,
  each user is a member of the 'users' group.


It's probably there to "reserve" GID 100 and preserve compatibility with 
other systems using this system.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Please take this as constructive

[Andrei POPESCU]

On Ma, 18 ian 22, 22:06:33, The Wanderer wrote:
> 
> Unless you mean "e.g., using a wired connection"? It's not clear that
> that's an available option in this case, either, although there are
> probably a lot of cases where it will be. (I've had the misfortune
> recently, in my workplace, of having to image and set up a lot of
> laptops which don't come with a wired Ethernet adapter, and most
> recently with ones that don't come with an external USB-or-similar
> wired-Ethernet adapter dongle either.)

Dongles might require firmware as well :(

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Firefox PDF download - strange behaviour.

[Andrei POPESCU]

On Ma, 18 ian 22, 11:35:04, The Wanderer wrote:
> 
> Looking at that example, I note that it starts with the variable name
> "currentDirHandle". I think it's intended, although not explicitly
> stated, that the directory path specified in that function call is
> *relative*; that would let the API be used to create subdirectory trees
> underneath the user-chosen directory, but not outside of there.
> 
> So this could potentially be dangerous if the user chooses a directory
> location that's high enough in the directory tree to have important
> files already underneath it, but not if the user chooses e.g. a
> dedicated Downloads directory.
> 
> I can still envision scenarios in which this could be dangerous, but
> unless there are ways to get access to a file-handle variable that don't
> rely on something directly user-interactive (the ones described in that
> page are file-picker dialogs and "drag and drop a file into (a specific
> area of?) the browser window"), I don't think it can plausibly do so in
> a way that's invisible to the user.

This reminds me of 

https://arstechnica.com/gadgets/2021/07/separate-eop-flaws-let-hackers-gain-full-control-of-windows-and-linux-systems/

(the second part, with the Linux vulnerability)

Letting some random site have access to local storage seems like a Very 
Bad Idea.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Hyper-typematic and Firefox responsiveness in Weston.

[Andrei POPESCU]

On Ma, 18 ian 22, 08:10:30, pe...@easthope.ca wrote:
> 
> Thanks.  Revised version.
> 
> fire () { case "$#" in
>   0) firefox-esr --display=:0 file:///home/peter/MY/Peter.html#Links & ;;
>   1) firefox-esr --display=:0 "$1" & ;;
>   *) echo "Too many arguments." ;; esac
> }

According to the manpage '--display' is an X11 option.

Could it be that it actually forces Firefox to run via XWayland or so?

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Just curious if there's anybody out there still using LXDE?

[Andrei POPESCU]

On Sb, 15 ian 22, 17:13:55, pa...@quillandmouse.com wrote:
> 
> There are probably a lot more packages like this out there. I use MOC
> for playing music, and I don't think it's been updated (upstream) in
> years.

The versions in Debian seem to confirm this (just a few commits between 
oldoldstable, oldstable and stable), however the libraries doing the 
heavy lifting were (hopefully) updated, as they are meant to deal with 
potentially untrusted input files.

$ rmadison moc
moc| 1:2.5.0-1   | oldoldoldstable | source, amd64, armel, 
armhf, i386
moc| 1:2.6.0~svn-r2935-1 | oldoldstable| source, amd64, arm64, 
armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
moc| 1:2.6.0~svn-r2994-3 | oldstable   | source, amd64, arm64, 
armel, armhf, i386, mips, mips64el, mipsel, ppc64el, s390x
moc| 1:2.6.0~svn-r3005-1 | stable  | source, amd64, arm64, 
armel, armhf, i386, mips64el, mipsel, ppc64el, s390x
moc| 1:2.6.0~svn-r3005-1 | testing | source, amd64, arm64, 
armel, armhf, i386, mips64el, mipsel, ppc64el, s390x
moc| 1:2.6.0~svn-r3005-1 | unstable| source, amd64, arm64, 
armel, armhf, i386, mips64el, mipsel, ppc64el, s390x
moc| 1:2.6.0~svn-r3005-1 | unstable-debug  | source

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Multiple 7zip extract

[Andrei POPESCU]

On Du, 16 ian 22, 20:44:12, Gokan Atmaca wrote:
> Hello
> 
> > $ cd destination-directory-for-extracted-files
> > $ find top-directory-of-tree-containing-archive-files -type f -name \*7z 
> > -exec 7z e {} \;
> 
> I'm already able to import into a single folder with the following. My
> problem is extracting 7z files, which are in thousands of folders with
> a size of close to 100GB, into their own directories.
>  # find /home/z0/ob7z/ -name "*.7z" -type f| xargs -I {} 7z x -p*
> -oextract7z {};

And -execdir is not suitable because... ?

By the way, using '{} +' instead of '{} ;' is the same as using xargs. 


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Multiple 7zip extract

[Andrei POPESCU]

On Du, 16 ian 22, 18:59:49, Gokan Atmaca wrote:
> Hello
> 
> I have hundreds of 7z compressed files in different folders. I want to
> open them. Every extracted file must be in the same directory. How can
> we do this?

If I understand your question correctly `find` with the `-execdir` 
action should do what you want.

See the manpage for details.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Just curious if there's anybody out there still using LXDE?

[Andrei POPESCU]

On Sb, 15 ian 22, 14:45:04, c. marlow wrote:
> Are there any LXDE users STILL out there?

Yes, I'm using it on my current daily driver at home.
 
> Today, I have been having this discussion on Debian's Reddit about LXDE
> and it's future. 
> 
> Even though LXDE is DEAD when it comes to development and adding new
> features, I just learned today that LXDE just got a update for
> LXterminal just a month or so ago. So LXDE is still getting small bug
> fixes from time to time. 

Sadly I'm not aware of an OpenBox equivalent for Wayland, so it's still 
fully dependent on X11.

Any developments on this front?

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: How do I change disk ?

[Andrei POPESCU]

On Ma, 11 ian 22, 17:22:08, Pierre Couderc wrote:
> Thank you. I am surprised;  update-grub is enough to install grub correctly
> on all drives...??
 
No, 'update-grub' is only used to update /boot/grub/grub.cfg.
 
> > - install grub on the new harddrive (grub --install /dev/sdb or
> > update-grub might do it)

You will need 'grub-install /dev/sdb' or something like that, though you 
might need to run 'update-grub' afterwards.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Bullseye default swap partition size?

[Andrei POPESCU]

On Du, 09 ian 22, 08:58:35, John Conover wrote:
> Andrew M.A. Cater writes:
> > On Sat, Jan 08, 2022 at 08:54:43AM -0800, John Conover wrote:
> > > 
> > > I just installed Bullseye, using default "use entire disk" as the HD
> > > configuration from the Graphical Install option on a Live USB SD.
> > > 
> > > The swap partition size installed on the HD is 1 GB.
> > > 
> > > Buster, etc., used to be about the size of memory, (8 GB in my case,)
> > > for the swap partition size.
> > > 
> > 
> > Changed with Bullesye as the default. Rarely, if ever,will a system with
> > a significant amount of memory hit swap so 2x memory is probably overkill
> > Hibernation on a laptop is  the only thing that might be affected, I think,
> > and even then,m that's generally to a file rather than generic swap.
> 
> What I was concerned about is the caching pushing the machine into
> memory overflow. Is the caching LRU gets replaced? What about mmap(2)
> used by many encryption/signature programs for file access pushing the
> the machine into memory overflow when cached, etc.?

I'd reword Andy's "a system with a significant amount of memory" to 
something like "unless the system is seriously RAM constrained".

$ free -m
  totalusedfree  shared  buff/cache   available
Mem:   39381481 984 27714722150
Swap:  2047   02047


$ /sbin/swapon -s
FilenameTypeSizeUsedPriority
/dev/zram0  partition   524284  0   100
/dev/zram1  partition   524284  0   100
/dev/zram2  partition   524284  0   100
/dev/zram3  partition   524284  0   100


This is an ARM64 laptop running LXDE with two instances of 
xfce4-terminal each with its own tmux (one of them running two instances 
of neomutt), plus Firefox with lots of tabs (admittedly most of them 
inactive -- 20 or so active tabs is the usability limit) everything 
running from a 32GB USB stick.

The electricity consumption is probably minimal, so I never bothered 
with hibernating, I only let lightdm turn of the screen when it's not in 
use.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Defaulting sound output to HDMI port

[Andrei POPESCU]

On Vi, 07 ian 22, 11:43:34, Charlie Gibbs wrote:
> I have a computer in the living room which is hooked up to our TV
> via an HDMI cable.  I use it to play MP3s, videos, and games.
> Our TV is hooked to our stereo system to get good-quality sound.
> However, audio isn't passing through the HDMI connection from the
> computer; to get sound I've run a separate cable from the computer's
> headphone jack to an auxiliary input on the stereo system, and I have
> to switch the stereo to this input to get sound.  It's not the end of
> the world, but it would be nice to send the audio via HDMI so I can
> just switch the TV's input and leave the stereo set to the TV.
> 
> I'm running Buster with xfce.  Here's some system information:
> 
> cjg@dragon:~$ uname -a
> Linux dragon 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u1 (2019-09-20)
> x86_64 GNU/Linux
> cjg@dragon:~$ cat /proc/asound/cards
>  0 [Intel  ]: HDA-Intel - HDA Intel
>   HDA Intel at 0xe532 irq 27
>  1 [NVidia ]: HDA-Intel - HDA NVidia
>   HDA NVidia at 0xe500 irq 17
>  2 [IVTV1  ]: CX2341[56] - IVTV-1
>   CX2341[56] #1 WinTV PVR 500 (unit #2) TV/FM
> Radio/Line-In Capture
>  3 [IVTV0  ]: CX2341[56] - IVTV-0
>   CX2341[56] #0 WinTV PVR 500 (unit #1) TV/FM
> Radio/Line-In Capture
> cjg@dragon:~$ aplay -l
>  List of PLAYBACK Hardware Devices 
> card 0: Intel [HDA Intel], device 0: STAC9271D Analog [STAC9271D Analog]
>   Subdevices: 1/1
>   Subdevice #0: subdevice #0
> card 0: Intel [HDA Intel], device 1: STAC9271D Digital [STAC9271D Digital]
>   Subdevices: 1/1
>   Subdevice #0: subdevice #0
> card 1: NVidia [HDA NVidia], device 3: HDMI 0 [HDMI 0]
>   Subdevices: 1/1
>   Subdevice #0: subdevice #0
> card 1: NVidia [HDA NVidia], device 7: HDMI 1 [HDMI 1]
>   Subdevices: 1/1
>   Subdevice #0: subdevice #0
> 
> After searching the web and mpv's man page, I found that the following
> command would play sound through the computer's HDMI port:
> 
> cjg@dragon:~$ mpv --audio-device=alsa/hdmi:CARD=NVidia,DEV=0 foo.mp3
> 
> Obviously there's nothing wrong with my hardware.  Is there any
> setting that will make audio output default to the HDMI port?

From memory, there are actually several ways to do this.

My preferred method is via kernel module options. E.g. for a system 
where I had the opposite problem (sound would default to HDMI instead of 
the on-board sound, both handled by the snd-hda-intel module) I have 
this:

$ cat /etc/modprobe.d/snd-hda-intel-index.conf 
# change order of devices
options snd-hda-intel index=1,0

(a rebuild of the initramfs and a reboot is required as far as I recall)

There are various other values possible, including negative (e.g. if a 
specific device should always have lower priority).


The same should be possible by (re-)defining the 'default' output in 
ALSA, usually with some /etc/asound.conf or ~/.asoundrc magic (a quick 
search points to the same entries you already tried), though I'm not 
sure how that will interact with PulseAudio and/or various applications 
using ALSA directly.


Hope this helps,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: still fixing stuff the upgrade broke...

[Andrei POPESCU]

On Vi, 07 ian 22, 20:50:20, Polyna-Maude Racicot-Summerside wrote:
> 
> What you do on your host machine doesn't affect what goes on inside the
> virtual system (machine inside virtual box). In case this wasn't obvious.

I'd bet that e.g. upgrading the virtualization software can (and 
probably often does) affect the guest system.

BIOS/UEFI settings/upgrades and kernel upgrades might have an effect as 
well for virtualization supported by hardware.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Default sound level always zero for externally plugged usb sound system

[Andrei POPESCU]

On Sb, 15 ian 22, 10:30:50, Stefan Monnier wrote:
> > Try `alsactl store`
> 
> Didn't know that one, thanks.  Do you happen to know if they deliver to 
> Canada?
> 
> > (might need root).
> 
> Hmm... I only have dollars and francs :-(

As far as I know it takes only altairian dollars, but you might get away 
with reciting some Vogon poetry instead (if you're not thrown out 
first).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: python-apt create_pin question

[Andrei POPESCU]

On Vi, 14 ian 22, 08:09:30, Antonio Russo wrote:
> 
> Hello!
> 
> I'm trying to use apt_pkg to get a "best candidate" for a package, but with
> slightly different constraints than I have set up in /etc/apt/preferences.d.
> 
> I am trying to use Policy.create_pin to do so, but cannot seem to get it 
> working:
> 
> import apt_pkg
> 
> apt_pkg.init()
> cache = apt_pkg.Cache(progress=None)
> policy = apt_pkg.Policy(cache)
> #policy.create_pin('origin', '', 'Debian', -1)
> policy.create_pin('origin', 'apt', 'Debian', -1)
> policy.init_defaults()
> 
> print([ (v, policy.get_priority(v)) for v in cache['apt'].version_list ])
> 
> 
> All calls to get_priority return 500---not -1, as I am trying to get here.
> 
> I must be doing something silly.  I'd appreciate any help.

If you don't get an answer in a few more days you should probably try 
asking on https://lists.debian.org/deity instead.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Why do experimental packages (e.g. clang-13) get in unstable?

[Andrei POPESCU]

On Vi, 14 ian 22, 15:37:21, Jonathan Dowland wrote:
> On Fri, Jan 14, 2022 at 10:56:19AM +0100, Vincent Lefevre wrote:
> > So clang-13 1:13.0.1~+rc1-1~exp4 testing is in testing/unstable,
> > but the changelog says:
> > 
> > llvm-toolchain-13 (1:13.0.1~+rc1-1~exp4) experimental; urgency=medium
> 
> Because despite what the changelog or the version string say, the
> maintainer uploaded that version to unstable:
> 
> https://tracker.debian.org/news/1293514/accepted-llvm-toolchain-13-11301rc1-1exp4-source-into-unstable/

In this particular case yes, though as far as I know it's possible that 
a Maintainer re-uploads the same package to unstable after it's been 
uploaded to experimental first.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Instalacja Debian8 błąd w Release

[Andrei POPESCU]

On Sb, 15 ian 22, 13:48:39, piorunz wrote:
> 
> And lastly, Debian archive nowhere says and/or guarantees that files
> will be kept there forever.

"forever" is a very, very, very long time ;)

Who can guarantee something like this, and if anyone would, why would 
you believe them?

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: OT: anybody uses eero 6 WiFi router?

[Andrei POPESCU]

On Mi, 12 ian 22, 21:56:47, Juan R.D. Silva wrote:
> Hi folks,
> 
> Shopping for a new ISP came across company that uses exclusively eero 6
> router. Anyone to share your experience/opinion about the thing?
> 
> 2 concerns of mine are:
> - cloud based private network management
> - Amazon owned

Is that just a router or a modem / media converter / whatever[1]?

A router should be optional and in most cases it's probably best to 
avoid it completely and use something with OpenWrt instead.

In case it's a modem or media converter check if it is possible *and* 
allowed to put it in bridge mode, then use your own router connected to 
it.

If bridge mode is not possible (for whatever reason) it's still possible 
to use your own router, but for some specific use cases (e.g. port 
forwarding) you will be stuck with whatever the modem's firmware 
supports.

[1] regardless if including a wireless AP or not

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: OT: Recommendation for a new Debian laptop

[Andrei POPESCU]

On Mi, 12 ian 22, 08:54:50, john doe wrote:
> Debians,
> 
> i've been using a laptop for a fiew years now and before this laptop
> dies on me I would like to buy a new laptop.
> 
> I'm thinking about two options:
> - Buying something of the shelph and installing Debian on it
> - Buying a pine64 or alike
> - Any other alternative?
> 
> The only requirement is to have virtualisation available.
> 
> Basically, I'm looking for some feedback to have a laptop with Debian on it.
> 
> Any suggestion is appreciated.

Since you didn't mention any kind of budget constraints, you might want 
to consider Thinkpads (previously IBM, now Lenovo).

The build quality is generally high (especially for the more expensive 
series, like T) and you get detailed manuals on how to take it apart for 
upgrades or repairs.

Compatibility with Linux is also generally very good and there are even 
some models that come with Linux pre-installed.

Many Linux developers like them as well (not least because of the very 
good keyboards) which only helps with compatibility.

If price is a concern, even second-hand / refurbished Thinkpads usually 
provide good value for the money.


Hope this helps,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: freeing up some space

[Andrei POPESCU]

On Ma, 11 ian 22, 16:32:20, Roy J. Tellason, Sr. wrote:
> On Tuesday 11 January 2022 02:25:47 pm Cindy Sue Causey wrote:
> > On 1/11/22, Roy J. Tellason, Sr.  wrote:
> > > So I'm poking around with mc,  and happened across /var/cache/apt/archives
> > > which has a LOT of *.deb files in it, and which seems to include many
> > > versions of the same package,  some of them many years old,  going all the
> > > way back to 2013.  I guess I've been running debian a little longer than 
> > > I'd
> > > thought...
> > >
> > > Is it okay to just delete older versions of these files?  Or should I be
> > > doing something using one of the package management tools?  
> 
> Apparently the info about what's in this directory is also stored in 
> some database somewhere,  so just going in there and deleting a bunch 
> of stuff will probably break something...

[citation needed]
 
> Somebody (maybe more than one somebody) suggested a "clean" option,  
> but apparently that will get rid of *ALL* of those files.  I'd kinda 
> prefer to keep the most recent of any of them that are still being 
> used.  In perusing the docs for aptitude,  I see that there's an 
> option in there to "clean obsolete files",  which sounds like it'll do 
> just that.  I don't see such an option in apt-get,  or elsewhere (so 
> far).

The manpage for apt-get just doesn't refere to them as "obsolete" but 
"largely useless"[1].

Regarding aptitude, you might want to take note of the difference 
between "obsolete files" and "obsolete packages". Both are interesting 
for your needs, especially after a dist/full-upgrade.

[1] just because a package can't be downloaded anymore from any 
/configured/ repository doesn't actually mean it's useless or obsolete.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Replace line in file based on pattern

[Andrei POPESCU]

On Du, 02 ian 22, 21:22:33, Paul M. Foster wrote:
> 
> I'm not interested in hacking a bunch of servers. Just one. The whole
> purpose here is to restore a system to more or less its original
> configuration when a reinstall must occur. A reinstall must occur when there
> is a severe hardware failure, or when Debian (or any other operating system)
> comes up with a major revision (in Debian's case, every couple of years).
> The problem I've seen with just copying an old config file over the top of
> the one installed by default is that in some cases, syntax changes or
> options are added or deleted in the config files from one version to
> another. Thus, my idea of "surgical" alteration of the config files.

If I understand correctly you mean:

1. System is installed with package foo version 1.0

2. You customize configuration of package foo

3. At some point in the future a reinstall might be required and you 
want to restore the system to the state at point 2.

If you are still on the same stable release a simple overwrite of the 
configuration should do it as, by definition, stable shouldn't introduce 
major changes (like syntax changes in the configuration file[1]).

If you want to reinstall the system with a newer release of Debian you 
are probably better of just going through each and every changed 
configuration file with something like vimdiff[2].


There are at least two reasons to this:

A. As you already noted above, configuration file syntax may change.

Any automated method you can think of involves a risk of doing a change 
that will simply be wrong for the newer version. While examining the 
situation to tell whether it's safe to do automatically or not you might 
as well just do the change manually.

Tools like vimdiff make it very easy to apply changes selectively.


B. On (typically major) upgrades a package might consider your 
customizations and adapt accordingly, however installing a fresh new 
version might not.

This is because both upstreams and Debian are doing their best to enable 
in-place upgrades whenever possible, even between major releases. Such 
mechanisms typically involve having the old configuration already in 
place, either during the upgrade (if done by package scripts) or at 
first start of the new software version (if done by the software 
itself).

While it may work if you make sure you replace / edit / whatever the 
configuration before the first start of the software it can't possibly 
work if the changes are managed via package scripts (for hopefully 
obvious reasons).


[1] exceptions to this rule might happen, e.g. if the change of 
configuration (syntax) is required to fix a security issue or in cases 
where fixing security issues is done by upgrading to newer major 
versions of the software (as for Firefox, Chrome, etc.).

[2] going through the Release Notes and NEWS.Debian first is highly 
recommended, as these are the places where the need for manual changes 
are documented.

Hope this helps,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Default sound level always zero for externally plugged usb sound system

[Andrei POPESCU]

On Jo, 30 dec 21, 19:48:41, Pankaj Jangid wrote:
> 
> Is there a way to tell Debian to save the previous volume level of
> externally plugged-in device?

Try `alsactl store` (might need root).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Hyper-typematic and Firefox responsiveness in Weston.

[Andrei POPESCU]

Slightly late to the party ;)

On Jo, 30 dec 21, 19:48:05, pe...@easthope.ca wrote:
> Hi,
> 
> Debian 11 is easily arranged so that "startx" or "weston" can be 
> issued at the console command line.  That allows simple qualitative 
> comparisons.
> 
> In weston, keyboard response can be hyper-typematic.  The briefest 
> keypress can give at least two instances of the key action; sometimes a 
> half dozen.  That includes backspace.  Consequently keyboard input is 
> impossible. This happens not in every instance of weston but often 
> enough to be a nuisance. Has anyone else observed this?

Works fine here, out of the box, on a pretty bare bones installation (no 
X or Desktop Environment).

> According to documentation, Firefox works natively in Weston.  Ie. 
> Firefox doesn't work through Xwayland. With Wayland intended to be 
> more efficient than X11 I expect Firefox to be more responsive on 
> Weston than on X11.  Nevertheless Firefox is noticeably slower on 
> Weston. Anyone else observed this?

Are you passing any special parameters to Firefox? 

Currently I'm setting 'MOZ_ENABLE_WAYLAND=1', but don't remember if this 
was necessary to get Firefox to even start or I just wanted to make 
really sure Firefox is running natively on Wayland (i.e. without some X 
compatibility layer or something).

Hope this helps,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: 8 -> 9 update changing things

[Andrei POPESCU]

On Lu, 03 ian 22, 14:02:05, Roy J. Tellason, Sr. wrote:
> 
> Running pulseaudio --start fixed that problem,  but now I show two instances 
> of it runninng.
> 
> In the one that was running to start with,  the command line shown to 
> me in system monitor includes "daemonize=no".  I would guess that to 
> be the problem,  but why is that in there?  And where do I fix it?  I 
> also see "parent systemd" and after a bit of poking around in there 
> I'm rather thoroughly confused,  not at all sure where I'd have to fix 
> this.  Although /usr/lib/systemd/user/pulseaudioi.service seems 
> pertinent.  Why would that have "daemonize=no" in there?

In general it's recommended programs rely on systemd for running in 
background instead of implementing their own code for that (re-inventing 
the wheel and all that).

Of course, some programs (including PulseAudio) predate systemd and/or 
need to run on systems / platforms where systemd (or something 
compatible) is not even available, so they will continue to support both 
methods.

Hope this explains,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Need Support on Debian10 Kernel Upgrade

[Andrei POPESCU]

On Du, 02 ian 22, 20:59:45, David Wright wrote:
> On Sat 18 Dec 2021 at 12:36:49 (+0100), Andrei POPESCU wrote:
> > On Jo, 16 dec 21, 09:53:33, David Wright wrote:
> > > 
> > > Anyone think it ironic that a multinational IT company with a
> > > market capitalisation of $50 billion as of September 2021 comes
> > > here for help on upgrading the kernel on an old Debian system?
> > 
> > Many questions on this list originate from businesses using Debian 
> > internally.
> > 
> > Are you suggesting this shouldn't be allowed and/or that support should 
> > only be provided for businesses below a certain size?
> 
> No, neither was suggested by me, but I'm guessing by this reply
> that you don't see any irony.

Indeed, at first I probably completely misinterpreted your message. 

Having worked in big / bigger companies for the past 18 years it's 
possible some of the absurdities of big organisations have 
(unfortunately) become too "normal" for me.

Rule nr. 6 probably applies here as well ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: How to secure access to SD cards a la USBGuard?

[Andrei POPESCU]

On Du, 02 ian 22, 20:52:25, David Wright wrote:
> On Fri 10 Dec 2021 at 17:20:52 (+0100), Andrei POPESCU wrote:
> > On Lu, 06 dec 21, 10:18:49, David Wright wrote:
> > > On Sun 05 Dec 2021 at 13:33:41 (+0100), Andrei POPESCU wrote:
> > > > On Vi, 12 nov 21, 12:27:59, Stefan Monnier wrote:
> > > > > 
> > > > > As mentioned, the way to control it will depend on the specific tool
> > > > > used to mount.  E.g. if it's mounted by hand via a rule in /etc/fstab,
> > > > > then you can rules that specify the device via /etc/disk/by-uuid.
> > > > > 
> > > > > Do note that partition UUIDs are not designed to be reliable w.r.t
> > > > > malicious uses (it's easy to create a partition with the same UUID as
> > > > > some other).
> > > > 
> > > > /dev/disk/by-id/ should be device specific.
> > > 
> > > It certainly is, but specific to the card reader reading it,
> > > not the card. And that's whether the card is plugged into a
> > > slot on the computer, or into a discrete SD/USB adapter.
> > 
> > At least with the built-in reader on an Acer Chromebook R13 the ID 
> > changes with every card I tested, but you are indeed right about USB 
> > adapters (at least for the two I could test).
> 
> I did some comparisons between machines, and it would appear that
> when the link starts with /dev/disk/by-id/mmc- then the ID is
> that of the card, whereas when it starts with /dev/disk/by-id/usb-
> then the ID is that of the card reader. Note that I did all the
> comparisons using fullsize SD cards pushed into slots in the PCs,
> so there were no separate adapters involved, neither SD→USB, nor µSD→SD.

My guess is micro-SD to SD adapters are passive only (i.e. just 
connecting pin-to-pin as needed), so it shouldn't matter.

For the OP's issue, it seems a possible solution would be to disallow 
any USB-to-SD adapters, and for the (hopefully few) users that really 
need to use SD cards to use MMC-style slots only.

A less secure option would be to allow USB adapters only for a few 
select *trusted* users, with the understanding that they use "safe" SD 
cards only.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: linux-image-amd64 (5.10.84-1)

[Andrei POPESCU]

On Ma, 21 dec 21, 15:01:27, phil995511 - wrote:
> 
> I had to force the installation of the  5.10.84-1 kernel with this command :
> 
> apt update && apt install linux-image-amd64 -y && apt install
> linux-headers-amd64 -y && apt install firmware-linux firmware-linux-nonfree
> 
> I'm afraid I will have the same problem in the future...

Check the output of

apt list -a linux-image-amd64


You should have the version in stable(-security) installed, in which 
case the next upgrade should work automatically.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Identity Theft

[Andrei POPESCU]

On Ma, 21 dec 21, 10:13:07, Jeremy Ardley wrote:
> On 21/12/21 10:09 am, Jeremy Ardley wrote:s.
> > There is a type of attack called cross-site scripting (XSS). It's mostly
> > been eliminated by latest version browsers, but there are always
> > zero-day vulnerabilities.
> > 
> > The effect is that if you are vulnerable and have two tabs open, one to
> > the legitimate site, and one to a bad guy site, the bad guy can alter
> > your trusted site and for instance change a valid link into something
> > malicious, or change a displayed phone number.
> > 
> > More at https://owasp.org/www-community/attacks/xss/
> > 
> 
> You can mitigate XSS by having a single browser that is used solely to
> access high value sites. e.g. if you routinely run Firefox, have a copy of
> Vivaldi that you use to access your banks - one at a time.

Hopefully Multi-Account Containers helps with this as well, point 4. in 
the "What you can do with Multi-Account Containers" seems to imply it.

https://support.mozilla.org/en-US/kb/containers


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: BUG: Debian 11 version of bibletime

[Andrei POPESCU]

On Ma, 21 dec 21, 05:31:31, Richard Owlett wrote:
> On 12/18/2021 08:55 AM, Andrei POPESCU wrote:
> > On Sb, 18 dec 21, 07:00:56, Richard Owlett wrote:
> > > > 
> > > > Please demonstrate this by showing us the actual run of apt-file as well
> > > > as the output of
> > > > 
> > > >   dpkg -L bibletime-data
> 
> At ~100 kB and > 1300 lines, too big for a news group.

Compressed it would probably be fine.

Anyway, this would point to all files being there, possibly not where 
you expected them, though. On a bullseye system the output of
`apt-file show bibletime-data | wc -l` gives 1296.

> > Care to provide these as well?
> 
> What sub-command of apt-file?

The ones you used to determine that something is missing for you ;)

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Firefox ESR EOL

[Andrei POPESCU]

On Lu, 20 dec 21, 06:42:47, gene heskett wrote:
> 
> The first arm board builder to give us two pcie slots or two net ports. or 
> even 2 parports WILL OWN this market if the MSRP is under $100 with 2 gigs of 
> ram. Ideal would be one pci-e, and one net port. SSD's can be put on the 
> pi4's 
> on either or both, usb-3 ports.

https://pine64.com/product/rockpro64-2gb-single-board-computer/

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Risc-V [OT: Firefox ESR EOL]

[Andrei POPESCU]

On Lu, 20 dec 21, 09:53:54, to...@tuxteam.de wrote:
> On Sun, Dec 19, 2021 at 01:44:35PM -0500, Polyna-Maude Racicot-Summerside 
> wrote:
> 
> [...]
> 
> > Would you have some suggestion if I'd like to try out a Risc-V board ?
> 
> Feeding your fave search engine with, e.g. single board computer +"Risc-V"
> yields some hits. A couple of examples:
> 
>   
> https://liliputing.com/2021/05/nezha-is-a-99-single-board-pc-with-a-risc-v-processor.html
>   
> https://www.cnx-software.com/2021/04/13/allwinner-d1-linux-risc-v-sbc-processor/
>   
> https://marketresearchtelecast.com/tried-risc-v-single-board-computer-rvboards-nezha-with-debian-linux/98055/
>   
> https://www.reddit.com/r/RISCV/comments/kwgcx2/beaglev_the_first_affordable_riscv_computer/
 
https://www.pine64.org/2021/12/15/december-update-a-year-in-review/

> Don't expect laptop-like or desktop-like performance yet -- rather
> embedded-like performance. Those things haven't got the economy of scale
> to justify vast caching architectures and other luxuries. That would
> make them unaffordable. But things might change...

Agreed. This is something to keep an eye on as a potential future 
competitor for ARM, which is starting to challenge x86 in various areas.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Broken libc6 running Sid (multiarch sytem)

[Andrei POPESCU]

On Du, 19 dec 21, 07:24:56, Tim Woodall wrote:
> On Sat, 18 Dec 2021, Mark Allums wrote:
> 
> 
> > Preparing to unpack .../libc6_2.33-1_amd64.deb ...
> > Unpacking libc6:amd64 (2.33-1) over (2.34-0experimental1) ...
> > dpkg: error processing archive
> > /var/cache/apt/archives/libc6_2.33-1_amd64.deb (--unpack):
> > trying to overwrite shared '/usr/share/doc/libc6/NEWS.gz', which is
> > different from other instances of package libc6:amd64
> 
> I'd delete that file and try again. (move it to the side if it's
> something you might want to consult)

According to my understanding of the manpage it should work with an 
added '--force-overwrite'. 
 
Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: 8 -> 9 update changing things

[Andrei POPESCU]

On Sb, 18 dec 21, 11:24:34, Roy J. Tellason, Sr. wrote:
> 
> There remains the sound issue in the virtualbox.  Could it be that 
> Debian isn't running PulseAudio but something else?  That would 
> account for the guest OS not being able to talk to it...

As far as I'm aware there is no default sound server in Debian, it's 
whatever the corresponding Desktop Environment depends on. Usually this 
is PulseAudio, but it seems PipeWire is becoming more popular.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Firefox ESR EOL

[Andrei POPESCU]

On Sb, 18 dec 21, 14:22:58, David Newman wrote:
> On Dec 18, 2021, at 12:44, Nicholas Geovanis  wrote:
> > 
> > 
> >>> On Fri, Dec 10, 2021, 3:56 AM Andrei POPESCU  
> >>> wrote:
> >>> On Jo, 09 dec 21, 23:24:11, Marco Möller wrote:
> >>> > 
> >>> > It's a pity that Debian cannot be flexible to offer more secure and 
> >>> > already
> >>> > available binary versions of software for the assumed many users only 
> >>> > caring
> >>> > for installing a binary from the official Debian repository on some very
> >>> 
> >> ARM64 is likely to see *more* (not less) use in desktops and laptops, 
> >> and RISC V might also be an option in the future.
> > 
> > 
> > Maybe I missed something. Why RISC V?
> 
> RISC V is open-source hardware, free of encumbrances from commercial licenses 
> and fees. 

As well as free from embargoes, so it might be very interesting for chip 
makers in countries affected by such.

It's also quite promising in the performance per watt area and 
performance per square mm, even compared to ARM (which is already better 
than x86 chips).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: BUG: Debian 11 version of bibletime

[Andrei POPESCU]

On Sb, 18 dec 21, 07:00:56, Richard Owlett wrote:
> > 
> > Please demonstrate this by showing us the actual run of apt-file as well
> > as the output of
> > 
> >  dpkg -L bibletime-data
 
Care to provide these as well?
 
> richard@debian-11:~$ su
> Password:
> root@debian-11:/home/richard# dpkg -l bibletime\*
> Desired=Unknown/Install/Remove/Purge/Hold
> |
> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> ||/ Name   Version  Architecture Description
> +++-==---==>
> ii  bibletime  3.0-5amd64bible study tool for Qt
> ii  bibletime-data 3.0-5all  Documentation and data for
> bibleti>
> un  bibletime-i18n   (no description available)
> lines 1-8/8 (END)
> 
> I see the same on Sid. In both cases Synaptic states the repository is
>http://deb.debian.org/debian
> 
> I've also found https://deb.debian.org/ which states:
> > The server deb.debian.org does not have packages itself, but the name has
> > SRV records in DNS that let apt in stretch and later find places.
> 
> The *LAST* package installed by Synaptic was bibletime. In which log-file do
> I look to find the *EXACT* URL bibletime was retrieved from.
> 
> IIRC there is some load sharing going on in the background which would
> account for me retrieving different files than others.

See https://packages.debian.org/bullseye/all/bibletime-data/download for 
the MD5 checksum (if you worry about integrity) and the SHA256 checksum 
(if you worry about tampering) of the .deb file.

You can compare these against the .deb file in /var/cache/apt/archives.

My money is on a match and this is a blind alley.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Need Support on Debian10 Kernel Upgrade

[Andrei POPESCU]

On Jo, 16 dec 21, 09:53:33, David Wright wrote:
> 
> Anyone think it ironic that a multinational IT company with a
> market capitalisation of $50 billion as of September 2021 comes
> here for help on upgrading the kernel on an old Debian system?

Many questions on this list originate from businesses using Debian 
internally.

Are you suggesting this shouldn't be allowed and/or that support should 
only be provided for businesses below a certain size?

(ignoring for a moment that this would be impossible to implement with 
open posting / subscribing / list archives)


Free(dom) Software was never meant to exclude comercial use or 
developers earning a living (or a fortune) from it.

In fact a non-commercial clause in the license would make a software 
non-free according to Debian's DFSG and other similar Free Software 
definitions.

As far as I can tell the Debian Project is actually quite proud of Pixar 
having used Debian internally, so much so that all the code names are 
still inspired by Toy Story characters.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: realtek bluetooth puzzle

[Andrei POPESCU]

On Jo, 16 dec 21, 23:30:37, Thomas Schmitt wrote:
> Hi,
> 
> Jude DaShiell wrote:
> > [10200.545324] usb 3-1: Product: DISK
> > [10200.545329] usb 3-1: Manufacturer: Realtek
> > [10200.545637] usb-storage 3-1:1.0: USB Mass Storage device detected
> > [10200.546006] scsi host6: usb-storage 3-1:1.0
> > [10201.560487] scsi 6:0:0:0: CD-ROMRealtek  Driver Storage 1.00 
> > PQ: 0 ANSI: 0 CCS
> > [10201.566607] sr 6:0:0:0: [sr1] scsi3-mmc drive: 0x/0x caddy
> > [10201.588298] sr 6:0:0:0: Attached scsi CD-ROM sr1
> 
> Looks like the device is emulating a CD-ROM which offers driver files
> to MS-Windows for automatic installation. The web says that this happens
> when the device does not get the right answers from the operating system
> which indicate that the drivers are already installed.

Indeed it does look like it.
 
> An Archlinux thread proposes to use a program named usb_modeswitch to get
> the device out of this mode
>   https://bbs.archlinux.org/viewtopic.php?id=228195
> Debian has it in a package
>   https://tracker.debian.org/pkg/usb-modeswitch
> 
> I find its home page somehow confusing
>   https://www.draisberghof.de/usb_modeswitch/
> But the web says that it is supposed to work automagically for known
> devices.

In most cases a simple 'eject' command is sufficient, so based on the 
above something like this might do it:

eject /dev/sr1


The command `eject` is in the package with the same name.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Need Support on Debian10 Kernel Upgrade

[Andrei POPESCU]

On Jo, 16 dec 21, 16:12:37, to...@tuxteam.de wrote:
> On Thu, Dec 16, 2021 at 12:28:17PM +, Balasubramanian Ravuthan wrote:
> > Hi Team,
> > 
> >   We are looking support from you on the Linux Kernel upgrade on  Debian 
> > 10. Please help on this.
> 
> This is a user's list, not a support channel.

Debian's website specifically mentions it as such ;)

From https://www.debian.org/support

For user support in English, please contact the debian-user mailing 
list. 

(it also clearly specifies at the top of the page that it's run by 
volunteers and there are other - including paid - options).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: How to get linux headers or source code for debian 8.0 kernel 3.16.0-4-amd64 ?

[Andrei POPESCU]

On Mi, 15 dec 21, 10:33:05, David wrote:
> On Wed, 15 Dec 2021 at 03:18, Kiyanovski, Arthur  wrote:
> 
> > TL;DR - How do I get the Linux headers or source code for kernel 
> > 3.16.0-4-amd64 Debian 8.0?
> 
> The version number of a Debian kernel package is not the same
> thing as the version number of the kernel that it contains.
> 
> For example, here is what I see on the system I am running
> here today:
> 
> $ dpkg -l | grep linux-image
> ii  linux-image-5.10.0-8-amd64   5.10.46-5
>  amd64Linux 5.10 for 64-bit PCs (signed)
> $ uname -r
> 5.10.0-8-amd64
> $ uname -v
> #1 SMP Debian 5.10.46-5 (2021-09-23)
> 
> So, to know your kernel version, you need to ask
> the system for 'uname -v'.

The same information is already provided by `dpkg -l` above ;)


When looking for Debian packages the version number provided by
`dpkg -l` or `apt list`, etc. should be used as it often doesn't match 
the software's internal version.


$ neomutt -v | head -1
NeoMutt 20180716

$ apt list --installed neomutt
Listing... Done
neomutt/oldstable,now 20180716+dfsg.1-1+deb10u2 arm64 [installed]
N: There is 1 additional version. Please use the '-a' switch to see it


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: BUG: Debian 11 version of bibletime

[Andrei POPESCU]

On Ma, 14 dec 21, 04:20:00, Richard Owlett wrote:
> On 12/13/2021 08:10 PM, Felix Miata wrote:
> > Richard Owlett composed on 2021-12-13 12:18 (UTC-0600):
> > 
> > > I reinstalled bibletime and xiphos.
> > > Using bibletime I installed Bible, concordance, etc.
> > > F1 and F2 do NOT display the appropriate help files.  
> > > 
> > Are you sure you installed everything bibletime /wants/?
> 
> I might be phrased as "I ordered it all but the the repository (i.e URL)
> contacted did not contain all that is evidently residing at other URL's".
> 
> I.E. I used Synaptic to install
>  bibletime  -- bible study tool for Qt
>AND
>  bibletime-data -- Documentation and data for bibletime

Please demonstrate this with the output of

dpkg -l bibletime\*

 
> When Erwan David (in Europe) performed "apt-file search bibletime" the
> handbook files were displayed.
> 
> When I (in Missouri USA) run it against Debian 11 I do not see handbook
> files. I *DO* see the handbook files when running it against Debian 10.
> 
> IOW I am convinced I am observing a repository problem, *NOT* operator
> error.

Please demonstrate this by showing us the actual run of apt-file as well 
as the output of

dpkg -L bibletime-data


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Problems upgrading from Debian 10 to 11

[Andrei POPESCU]

On Ma, 14 dec 21, 21:27:28, James Dutton wrote:
>
> I tried the newer xrdp/xorgxrdp .deb from the debian repo, but they
> did not install (dependent on different libs not in Bullseye.
> I then compiled xrdp and xorgxrdp from git sources, and they compiled
> and ran ok in Bullseye.
> That is what I am currently using, as a work around, for the Bullseye
> problem I am having with xrdp.
> So, yes, a newer version of xrdp/xorgxrdp does compile and work in Bullseye.
> 
> Are there any specific commands you would like me to run, to maybe
> test or compile a different version?
> I am happy to test anything that might help get a working xrdp, sooner
> rather than later in the debian bullseye repo.

My first suggestion would be to try to recompile the package in testing 
on stable, e.g. as per https://wiki.debian.org/SimpleBackportCreation. 
This could be easier for you to maintain instead of compiling from 
source.

You could also try asking for a backport on -backports, preferably with 
a Cc to the maintainer *and* mentioning the additional features of the 
version in testing (if any).

The backports archive isn't supposed to be used to fix bugs in stable 
(see the archives, this is constantly brought up), though I acknowledge 
this may leave users in a bad situation if the bug isn't fixed in stable 
either (regardless of the reason).

An offer for assistance in fixing the bug in stable, like identifying 
the relevant upstream commit(s) fixing the issue and helping with 
backporting them to the older versions could also help get things 
moving.

Hope this helps,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature