Re: Encrypt files on Linux, decrypt on Windows

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 22/8/20 3:46 am, local10 wrote: > What would be a reasonably secure and simple way to encrypt files on Linux > and then send them to a non-technical Windows user so she would be able > decrypt and read them? > > Any ideas? Thanks Lots of

Re: Suggestion for systemd and /usr on seperate partition

On 8/7/20 3:35 pm, Andrei POPESCU wrote: > On Mi, 08 iul 20, 02:35:09, Andrew McGlashan wrote: >> On 8/7/20 2:11 am, Michael Stone wrote: >>> >>> The short answer is that there simply isn't a good reason to do this >>> on a modern system, and there is

Re: Suggestion for systemd and /usr on seperate partition

Hi, On 8/7/20 2:11 am, Michael Stone wrote: > On Tue, Jul 07, 2020 at 10:45:17AM -0500, David Wright wrote: >> On Wed 08 Jul 2020 at 00:41:12 (+1000), Andrew McGlashan wrote: >>> On 2/11/14 8:58 am, Elimar Riesebieter wrote: >>> > * David Baron [2014-11-01 19:

Re: Suggestion for systemd and /usr on seperate partition

On 2/11/14 8:58 am, Elimar Riesebieter wrote: > * David Baron [2014-11-01 19:13 +0200]: > >> On Friday 31 October 2014 13:08:27 Elimar Riesebieter wrote: > > [...] > >>> It's your decision. MODULES=most should be okay. BUSYBOX=y is >>> essential. >> >> This is what the install gave me. I

Re: firefox 75 pulseaudio sound suddenly stopped working

Hi, On 25/4/20 6:40 am, 0...@caiway.net wrote: > On my debian stable firefox 75 the sound stopped working. Personally, I always use direct downloads for browsers. I've also started to use apulse with Firefox and other browsers with alsa sound only. /usr/bin/apulse

Re: looking for a replacement for debian since systemd

On 15/12/19 7:53 am, ghe wrote: >> On Fri, Dec 13, 2019, 17:12 Britton Kerin wrote: >> >>> I see from below vote that we're working on dumping other init systems >>> now as expected. Luckily I've given up on debian since systemd in the >>> first place and am in long process of finding a

Re: Reply-default etiquette (was Re: KISS gpg)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 1/11/19 3:10 am, Nicolas George wrote: > Possible with Mutt: > > send-hook . "unmy_hdr Reply-To:" send-hook > ~cdebian-u...@lists.debian.org my_hdr "Reply-To: > debian-user@lists.debian.org" Do you also have "ignore list-post:" in your muttrc

Re: KISS gpg

On 1/11/19 2:51 am, Nicolas George wrote: > Andrew McGlashan (12019-11-01): >> reply-list works perfectly this end > > reply-list requires paying attention to whether it is a list or a > private e-mail. That would be acceptable, but since there is a solution > that does n

Re: KISS gpg

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 1/11/19 2:36 am, Nicolas George wrote: > Andrew McGlashan (12019-11-01): >> btw doesn't "reply list" work for you? I get all list messages >> okay. > > If you do not want to be on copy, use the standard reply-

Re: KISS gpg

On 1/11/19 2:34 am, Nicolas George wrote: > At the very least, to trust gpg with its agent, I would require options > to explicitly set the path of the agent's socket and to print the path > of the socket that was used. reply-list works perfectly this end, forget what's in the headers for

Re: KISS gpg

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 1/11/19 2:26 am, Nicolas George wrote: > Andrew McGlashan (12019-11-01): >> So, perhaps the agent is restarted by systemd -- perhaps you can >> disable it using systemctl commands to stop it restarting ... >> then the

Re: KISS gpg

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 1/11/19 2:26 am, Nicolas George wrote: > Andrew McGlashan (12019-11-01): >> So, perhaps the agent is restarted by systemd -- perhaps you can >> disable it using systemctl commands to stop it restarting ... >> then the

Re: KISS gpg

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 1/11/19 2:22 am, The Wanderer wrote: > On 2019-10-31 at 11:18, Greg Wooledge wrote: > >> On Fri, Nov 01, 2019 at 02:12:54AM +1100, Andrew McGlashan >> wrote: >> >>> If you kill all agents to stop them interfer

Re: KISS gpg

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 1/11/19 2:21 am, Nicolas George wrote: > Andrew McGlashan (12019-11-01): >> If I understand correctly, the agent is getting in your way. >> >> Killing the agent /might/ be your answer: > > Unfortunately no: u

Re: KISS gpg

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 31/10/19 5:58 am, Nicolas George wrote: > Is there somewhere in Debian a KISS version of GnuPG or something > compatible? > > The current default version of GnuPG, since 2015, necessarily uses > a client-server agent to access the private

Re: What every programmer should know about memory, in 2019?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 25/10/19 1:22 am, Boyan Penkov wrote: > Hello, > > Ulrich Drepper's piece on on-chip memory architectures is a > fantastic read, and I recently had the chance to revisit it -- > https://people.freebsd.org/~lstewart/articles/cpumemory.pdf >

Re: Adobe Flash Player on Debian Buster

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 21/10/19 2:36 am, Berkhan Berkdemir wrote: > Yesterday I was looking away to install Flash Player for Firefox on > Debian Buster and followed a Debian Wiki page [0]; however, I > didn't make Flash Player work. I also found this script [1],

Re: DMARC reports after emails sent to list

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 14/10/19 9:42 pm, 황병희 wrote: > Andrew McGlashan writes: >> I have DMARC with DKIM and SPF setup for my domain name. > > There was related discussion: it's very seriosus... > https://bugs.debian.org/cgi-bin/bugreport.cg

Re: DMARC reports after emails sent to list

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Thanks Reco. On 13/10/19 9:59 pm, Reco wrote: > On Sun, Oct 13, 2019 at 04:20:17PM +1100, Andrew McGlashan wrote: >> Is this due to email forwarding by Debian servers or is it for >> some other reason

DMARC reports after emails sent to list

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I have DMARC with DKIM and SPF setup for my domain name. When I sent emails to Debian lists, I tend to get a bunch of DMARC reports as a result. The reports of concern are ones that show a sending IP for my domain that is the IP of the Debian

Re: hp 3762

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 13/10/19 2:34 am, steef wrote: > Is HPDeskjet 3762 a good (simple) replacement? Is somebody out > there who has some experience with HP-printers?? Not listed here [1], but it could be out of date: Also not listed here [2], again, it could

Re: Email based attack on University

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 4/10/19 6:17 am, Joe wrote: > On Thu, 3 Oct 2019 20:54:10 +0100 Brian > wrote: > > >> >> Opening an email causes no problem to the system on Debian. We >> would be in deep trouble if it did. > > That has been my experience, but I did

Re: Email based attack on University

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 3/10/19 10:28 am, Keith Bainbridge wrote: ... Well, given the fact that too many emails these days are HTML type; ala web based they are suspect to email programs running javascript and/or other scripting languages due to default

Re: Email based attack on University

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 3/10/19 3:32 am, Brad Rogers wrote: > On Wed, 2 Oct 2019 10:38:44 -0400 Lee wrote: > > Hello Lee, > >> Thanks for the link! >> >>> But the email program used by Client 0 is unspecified. >> >> As is the operating system - or did I miss

Re: DKIM, multiple domains, same server -- want to always sign, not just for remote delivery

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 24/8/19 7:51 pm, Andrew McGlashan wrote: > but most already email users won't have a clue. ... but most *ordinary* email users ... And an Enigmail setting gives me the confirmation before sending (not TB itself). A. -BEGIN

Re: DKIM, multiple domains, same server -- want to always sign, not just for remote delivery

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 24/8/19 7:24 pm, Reco wrote: > On Sat, Aug 24, 2019 at 03:27:09PM +1000, Andrew McGlashan wrote: >> Okay, I've changed the the DKIM_SIGN_HEADERS ... let's see if >> this is good, thanks > > This e-mail passed DKIM check

Re: DKIM, multiple domains, same server -- want to always sign, not just for remote delivery

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 22/8/19 7:52 pm, Reco wrote: > On Thu, Aug 22, 2019 at 07:27:23PM +1000, Andrew McGlashan wrote: >> I have > DKIM setup, however, it only signs messages that are being >> delivered via SMTP to another server. &g

DKIM, multiple domains, same server -- want to always sign, not just for remote delivery

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I have DKIM setup, however, it only signs messages that are being delivered via SMTP to another server. Why is it not valid to sign to the same domain name and/or other domain names served by the same mail server and NOT having to make an SMTP

Re: history/history.db files appearing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 10/8/19 1:32 pm, David wrote: > I don't know the answer, but you might find some clues here: > https://codesearch.debian.net/search?q=history.db=1 Note > the list of package names at the top of the page. Why is it not accessible via the

Re: How free is Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 9/8/19 6:59 am, John Hasler wrote: > Shahryar Afifi wrote: >> Currently I have X61 with Middleton BIOS that claims to be free. >> Is that also not the case? > > We are talking about the microcode that is stored inside the cpu, > not the

Re: How free is Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 8/8/19 11:06 pm, Shahryar Afifi wrote: > Thank you for this acknowledgment. Currently I have X61 with > Middleton BIOS that claims to be free. Is that also not the case? You can have a free BIOS, "Core boot, or similar?" ... but the CPU itself

Re: How free is Debian

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 8/8/19 2:27 pm, Shahryar Afifi wrote: > Very well said. If debian free is not using amd64 microcode, so > what kernel module runs my cpu as 64bit? Here's part of the problem. The CPU has it's own microcode, when you buy it; the

Re: gnupg / enigmail excessive processing times

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, > On 24/6/19 12:14 am, The Wanderer wrote: >> The short version of this is that I think I need to clear out a >> lot of irrelevant keys / signatures, et cetera, from my gnupg >> configuration - but I don't want to do anything which risks losing

Re: gnupg / enigmail excessive processing times

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 24/6/19 12:14 am, The Wanderer wrote: > The short version of this is that I think I need to clear out a > lot of irrelevant keys / signatures, et cetera, from my gnupg > configuration - but I don't want to do anything which risks losing >

Re: blocking 465 connections to mail server for specific IP address without using fail2ban

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The script needs more work it is not exim4-exploiters, it is for repeated failed logins. As it is now, it will treat any single failure as one to ban and that is only going to cause trouble. Although users should be logged in normally and will

Re: blocking 465 connections to mail server for specific IP address without using fail2ban

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Slightly improved shell script, uses iprange once and conflates both lists together. #!/bin/bash declare -a tcp25_set tcp465_set tcp_25_465_set banned_ports_list=25,465,993,995 logwatch_file=/var/log/exim4/logwatch-email-20190622a.eml # NB

Re: blocking 465 connections to mail server for specific IP address without using fail2ban

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 22/6/19 6:24 pm, john doe wrote: >> I've blacklisted quite a number of IP addresses and CIDR blocks >> from delivering email to my server with entries in the >> /etc/exim4/local_host_blacklist file. >> >> Is there any config file that I

blocking 465 connections to mail server for specific IP address without using fail2ban

. - -- Kind Regards AndrewM Andrew McGlashan -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXQ3XpwAKCRCoFmvLt+/i +1m2AQC3UI8NrRBM/Z1zoRWA4i6zQbyLbt0dGRsILlPHTTQp+wEAjN4S3rSewR3G BdfMh0Uzir8r4IRtMuLKPAQ42mAEAHc= =T3vu -END PGP SIGNATURE-

Re: Does 32-bit x86 support (aka [multilib] ) have a future with Debian after Buster

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 21/6/19 11:44 pm, Felix Miata wrote: > Andrew McGlashan composed on 2019-06-21 20:03 (UTC+1000): > >> Most, if not all 32 bit arch machines are probably going to >> consume far more energy than newer machines of far gre

Re: Exim latest update reports to world as 4.89, which the world thinks is vulnerable.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 21/6/19 4:08 pm, Reco wrote: > What I'm most interested is here is the time distribution. I.e. has > the number of exploitation attempts lowered after the Exim banner > change? Stayed the same? Not a single one since, so far. Although I

Re: Does 32-bit x86 support (aka [multilib] ) have a future with Debian after Buster

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 20/6/19 4:28 pm, Reco wrote: > Hi. > > On Thu, Jun 20, 2019 at 01:03:50AM +0200, Matthew Crews wrote: >> On 6/19/19 3:30 PM, Lazar Tadić wrote: >>> Don't worry Mathew, 32-bit arch is currently 2nd most popular >>> arch on Debian. There's no

Re: Exim latest update reports to world as 4.89, which the world thinks is vulnerable.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 21/6/19 4:49 am, Reco wrote: >> Thank you, I've changed the banner for now let's hope that >> lessens the problem. > > Please share the results if possible. > > On this particular MTA I've counted whopping 4 attempts to exploit >

Re: Exim latest update reports to world as 4.89, which the world thinks is vulnerable.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 20/6/19 11:45 pm, Reco wrote: > Hi. > > On Thu, Jun 20, 2019 at 11:26:08PM +1000, Andrew McGlashan wrote: >> Is there a way to provide version of "4.92" easily or some other >> text to stop the likeliho

Re: Exim latest update reports to world as 4.89, which the world thinks is vulnerable.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 20/6/19 11:57 pm, Brian wrote: > On Thu 20 Jun 2019 at 23:26:08 +1000, Andrew McGlashan wrote: > >> # dpkg-query -l|grep \ exim|awk '{print $2,$3}'|column -t exim4 >> 4.89-2+deb9u4 exim4-base 4.89-2+deb9u4 exim

Exim latest update reports to world as 4.89, which the world thinks is vulnerable.

't be able to do successfully due to up to date patch status. [1] This Showdan query needs a login: https://www.shodan.io/search?query=product%3Aexim+-4.92 [2] https://www.bleepingcomputer.com/news/security/millions-of-exim-mail-ser vers-exposed-to-local-remote-attacks/ - -- Kind Regards Andre

Re: paste.debian.net discontinued ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 3/6/19 7:40 pm, Jérôme BATAILLE wrote: > Hi dear debian users. > > Does someone knows if paste.debian.net is discontinued ? It's back so it must have been a temp issue. Cheers A. -BEGIN PGP SIGNATURE-

Re: use mailx instead of sendmail in apt-listchanges

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 3/6/19 5:40 am, Martin T wrote: > What could be the most elegant workaround in this situation? Create > a /usr/sbin/sendmail wrapper script which processes the > "/usr/sbin/sendmail -oi -t" command called by apt_listchanges.py > and sends

Re: Systemd files on a Raspberry Pi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 13/2/19 3:14 am, Jonathan Dowland wrote: > On Sun, Feb 10, 2019 at 09:24:39AM +0100, to...@tuxteam.de wrote: >> On Tue, Jun 23, 2015 at 01:47:20AM +1000, Andrew McGlashan >> wrote: > > Did I miss 4 years of posts or

Re: Systemd files on a Raspberry Pi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 11/2/19 4:40 am, Reco wrote: > On Mon, Feb 11, 2019 at 03:55:04AM +1100, Andrew McGlashan wrote: > Which, in turn, has xml, central database, socket activation and > very rudimentary dependency resolution. I don't remember off-han

Re: Systemd files on a Raspberry Pi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 10/2/19 11:17 pm, Reco wrote: >> Okay, I've watched it now. I am not convinced that his idea of >> "create this or that yourself" is a fair retort. > > There are historical precedents. AIX's init inspired Solaris' SMF > which in turn

Re: Systemd files on a Raspberry Pi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 10/2/19 6:44 pm, Andrew McGlashan wrote: > On 10/2/19 10:28 am, chris wrote: >> so relevant https://www.youtube.com/watch?v=o_AIw9bGogo > > I've seen references to that video and have not yet watched it. > > I also u

Re: Systemd files on a Raspberry Pi

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 10/2/19 10:28 am, chris wrote: > so relevant https://www.youtube.com/watch?v=o_AIw9bGogo I've seen references to that video and have not yet watched it. I also understand that people have differing views on what the presenter concludes or

Re: after Stretch VLC is ugly

On 8/12/18 8:24 pm, Felmon Davis wrote: > Greets! > > I decided to upgrade from Jessie to Stretch last night. it seems to have > worked though there are some oddities. High DPI changes perhaps? A.

Re: how to backup to an encrypted usb drive?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 15/11/18 2:01 am, Lee wrote: > What are you using to backup your files to an encrypted usb drive? In an ideal world: 1. Don't use TrueCrypt any longer, VeraCrypt is the natural replacement in the Winblows world. TrueCrypt hasn't been

Re: Password policy.

On 15/11/18 2:51 am, Brian wrote: > And what is the value to an attacker in having /etc/shadow, assuming it > can be decrypted in a sensible time frame? Remotely logging in? Surely > not in these days of ssh keys? Well re-use of passwords. We all know that if you have a username (often

Re: Password policy.

On 14/11/18 10:19 pm, Brian wrote: > There are two situations I can think of which could lead to /etc/shadow > becoming vulnerable: > > 1. The machine's administrator causes it to happen. > 2. There is a flaw in one the OS's components. > > The least said about cause 1, the better. There is

Re: Password policy.

On 14/11/18 11:09 pm, Corey Manshack wrote: > It may be that the Debian team is more in tune with their users. I’ve caught > hell trying to convince old timers that their password of mark1 was > incredibly horrible. People even tried to get me fired over my “strict” > password policy. There

Re: Password policy.

On 14/11/18 10:25 pm, Corey Manshack wrote: > So using the file uploader tool we can inject many more dangerous scripts and > codes to gain higher access than just “reading” /etc/shadow if the uploader > tool is running as privileged user or we gained privilege escalation another > way.

Re: Password policy.

On 14/11/18 9:28 pm, Corey Manshack wrote: > If they have /etc/shadow why would they need to brute force :) I can’t think > of a vuln that would give that up without them already having root. A website file uploader tool, apparantly there has been one there for about 10 years using jquery.

Re: Password policy.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 14/11/18 8:44 pm, Brian wrote: > On Tue 13 Nov 2018 at 18:50:35 -0800, pe...@easthope.ca wrote: >> https://en.wikipedia.org/wiki/Brute-force_attack > > Security is already breached if a password database can be attacked > in that way. A six

Re: ssh

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Okay, show us the user's home directory permissions and that of their own .ssh directory please. Also, the permissions of the authorized_keys file. And there are no typos in /etc/group for the users allowed by "AllowUsers" ? Nothing in the

Re: ssh

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 13/11/18 12:49 am, Alan Taylor wrote: > Greetings, > > I have an ssh problem - one user can use it successfully, another > cannot. I have checked and rechecked permissions until I am blue in > the face … At the moment just trying to ssh into

Re: An appropriate directory search tool?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 21/10/18 06:05, Brian wrote: > On Sat 20 Oct 2018 at 07:19:50 -0500, Richard Owlett wrote: >> Had never heard of 'zenity'. I browsed the text of the page. To >> read it as intended I'll have to use an alternate profile -- it >> expects

Re: firefox palemoon waterfox baselisk problem, not on chromium

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 20/10/18 11:16, arne wrote: > While browsing on stock updated Debian stretch I get several times > a day: > > Secure Connection Failed > > The connection to www.google.com was interrupted while the page was > loading. > > The page you are

Re: any program that search for same files?

Hi, On 15/10/18 09:06, Long Wind wrote: > given two directories, the program can print files that are in both > directories > > to make it easy, if file name and size are same, then they are same > > i've to admit my memory is poor, if good, who need such program? > > i'm about to write it in

Re: "passwd username" asks for current password of user even tho I'm root

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 11/10/18 00:17, Mariusz Gronczewski wrote: > On previous releases, and on our CentOS systems I could change > password of user by just sudo-ing to root and typing "passwd > testuser" > > In current Debian release, doing that asks me to

Re: Where is xfce.org?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 30/09/18 11:06, Dennis Wicks wrote: > What has happened to xfce.org? It seems to have disappeared and > left no tracks. If there is something you need from archive, you might find it here: https://web.archive.org/web/*/https://xfce.org

Re: Where is xfce.org?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 30/09/18 11:06, Dennis Wicks wrote: > What has happened to xfce.org? It seems to have disappeared and > left no tracks. # whois xfce.org Domain Name: XFCE.ORG Registry Domain ID: D2054147-LROR Registrar WHOIS Server: whois.networksolutions.com

Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 30/09/18 16:44, deloptes wrote: > Celejar wrote: > >> But grub itself and its configuration can't be encrypted, so an >> attacker could still compromise that code / data. IIUC, your >> solution basically just implies moving some of the

Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 27/09/18 03:17, Jonathan Dowland wrote: > On Wed, Sep 26, 2018 at 06:14:42PM +0200, deloptes wrote: >> so how can we do it with initram and without some external key >> server? Imagine I have only boot not encrypted on the server. I >> want to

Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/19/2018 02:57 AM, Andy Smith wrote: > For sophisticated attackers who could do the clever thing, and had > physical access to the server for enough time, it would be simpler > to get a key for an encrypted file system by using hardware

Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 18/09/18 04:15, deloptes wrote: > I wanted to have a look at this link, that someone mentioned: > https://hamy.io/post/0009/how-to-install-luks-encrypted-ubuntu-18.04.x - -server-and-enable-remote-unlocking/ > > It seems to address the

Re: ext2 for /boot ???

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 15/09/18 16:48, Pascal Hambourg wrote: > Le 15/09/2018 à 00:45, Matthew Crews a écrit : >> On Friday, September 14, 2018 10:58 AM, Pascal Hambourg >> wrote: >> >>> Actually you can have / including /boot on LUKS with GRUB. It >>> is just not

ext2 for /boot ??? -- WAS: Re: root on ZFS

Hi, On 11/09/18 22:48, Matthew Crews wrote: > My recommendation is to use a separate /boot partition and make it EXT2. Why not at least ext3? I don't baulk at ext4 btw for /boot -- I can never understand why ext2 is recommended when ext4 gives no trouble and has other advantages, even ext3 has

Re: painted into a corner

On 20/08/18 05:40, Gene Heskett wrote: > Whats the recommended way to do these mounts so I can maintain as much > continuity as possible? Those other areas, are they logical volumes perhaps? lvms. Cheers A.

Re: trusting .deb packages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 25/07/18 23:52, Darac Marjal wrote: >> I'm not sure you understand how Debian works, then. Debian is a >> political animal as much as it is technical. There was a >> technical requirement for a better init system, so there was a >> political

Re: trusting .deb packages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 25/07/18 07:41, Matthew Crews wrote: > In addition to this, be sure not to break Debian: > > https://wiki.debian.org/DontBreakDebian > https://wiki.debian.org/DebianSoftware#Footnotes "Broken" many of us strongly believe that once

Re: trusting .deb packages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 25/07/18 12:17, Rick Thomas wrote: > On Jul 24, 2018, at 2:41 PM, Matthew Crews > wrote: >> Personally, I have a low degree of trust for Mega.nz, so caveat >> emptor. > Why do you say that? (serious question!) Have there been reports > of

Re: trusting .deb packages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 25/07/18 04:31, john doe wrote: > Also verifying signature using gnupg and checksum is a must > (sha512). Such verification is suspect, anyone can create gpg keys for anyone (so trust in the keys used is essential, but more difficult to

Re: Thunderbird always launching 2 copies.

Hi, On 15/07/18 14:54, Octopus Octopus wrote: > I'm having this confusing bug where I launch thunderbird and it instead > launches 2 copies of it, I originally had an extra .desktop file for the > thunderbird-beta deleting it had no effect. No, it's not launching two copies; it is doing what

Re: Get the external IP address from a Linux box

Hi, On 27/05/18 22:14, André Rodier wrote: >> My script also does the Google DNS lookup. > I have four IP addresses, and Goodle DNS returns the first one, > although I query from the second one. Are you sure that isn't a problem at your end? How your firewall is identifying and routing the

Get the external IP address from a Linux box

Hi, On 26/05/18 20:53, André Rodier wrote: > The code is on github, as part of my small homebox project. I am not > sure it deserves a dedicated repository ;-). > > https://github.com/progmaticltd/homebox/blob/dev-arodier/install/playbo > oks/roles/system-prepare/files/external-ip My take from

Re: pointless systemd dependencies

On 08/05/18 04:52, songbird wrote: > David Griffith wrote: > ... >> I found someone who has already done most if not all of this analysis and = >> has set up a repo containing non-systemd-using packages=2E Perhaps this ca= >> n be used as a foundation for something official=2E > > devuan is

Re: Question about Running rsnapshot

Hi, On 05/05/18 07:45, Martin McCormick wrote: > I just realized that I goofed when I wrote the name of > the application that combines multiple drives in to one large > drive. I meant > mhddfs for example: > mhddfs /rsnapshot1,/rsnapshot2 /var/cache/rsnapshot -o mlimit=100M >

Re: Question about Running rsnapshot

On 05/05/18 05:52, Martin McCormick wrote: > Andrew McGlashan <andrew.mcglas...@affinityvision.com.au> writes: >> Have you got your backup areas on different file systems? > > I do. The backup file system resides on a pair of 256 GB usb > drives which are ganged toge

Re: Question about Running rsnapshot

Hi, On 05/05/18 03:40, Martin McCormick wrote: > rsnapshot hard-links files that haven't changed to save space. I > am doing two half-day backups and a daily each day. Shouldn't > the inode number as in ls -i filename stay the same for all the > backups? There is a daily.0 file plus a

Re: encryption

Hi, On 23/04/18 15:52, Richard Hector wrote: > BTW, if you're still interested in the original question, did you find > 'shc'? It encrypts your script and creates a binary executable. I don't > know how current/good the encryption is, though. It's in debian. I would say, "not safe enough"

Re: Password Manager opinions and recommendations

On 31/03/18 05:57, der.hans wrote: > Captcha is still annoying and needs an "I am a cyborg" option. Cloudfare is an issue, I'm growing to hate it as much as Google, perhaps more. CF relies upon Google for captcha, why can't they use and create their own? I would prefer a captcha from DDG, at

Re: boot problem after updating dropbear [solved -- MANUAL initrd works required]

Hi, Okay, it turns out that the only files that were missing were ones that I had in the /etc/initramfs-tools/root/ directory. The only files in the faulty initrd image were from the /etc/initramfs-tools/root/.ssh/ directory, so missing .profile and other required files. I modified the

boot problem after updating dropbear

Hi, After dropbear update as follows: < ii dropbear 2012.55-1.3 amd64lightweight SSH2 server and client --- > ii dropbear 2012.55-1.3+deb7u1 amd64lightweight SSH2 server and client Debian Version 7.11 (Wheezy) Before

Re: My iso may have been hacked, too!

On 10/08/2016 2:38 PM, Andrew F Comly 康大成 wrote: > $ gpg --verify SHA512SUMS.sign SHA512SUMS > gpg: Signature made 2016年06月05日 (週日) 23時59分09秒 CST using RSA key > ID 6294BE9B > gpg: Good signature from "Debian CD signing key > >" >

Re: ssh again

Also consider making an ssh group and limit access in the sshd_config to that group. And /etc/hosts.allow /etc/hosts.deny (tcpwrappers). Not everything in this reference is good for Debian, but most of it is: http://www.ibm.com/developerworks/aix/library/au-ssh_restrict/index.html lsgroups?

Re: ssh again

On 15/06/2016 12:32 AM, Lisi Reisz wrote: > scp /path/to/file username@a:/path/to/destination use: scp -p source destination Without -p, you get a new date/timestamp at the very least. Always a good idea(tm) to use -p when copying, even locally. Cheers A. signature.asc Description:

Re: Mailing-list configuration

On 14/06/2016 3:09 AM, Nicolas George wrote: > The lack of reply-to header. If you see no reply-to header, then only do reply to list as already instructed with L for mutt, which I don't use. Always do reply to list, it's simple. IF someone says they are not subscribed, please CC me, then

Re: Linux startup, Wheezy -- a required script won't run on startup, but can run manually without any trouble

/system_filter and #it's related log file. ### END INIT INFO # Author: Andrew McGlashan <andrew.mcglas...@affinityvision.com.au> # set -x # PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin DESC="Save exim4 system_filter archive" NAME=archive-sy

Re: Linux startup, Wheezy -- a required script won't run on startup, but can run manually without any trouble

:46 PM, Andrew McGlashan wrote: >> The order of the scripts alone allowed for everything to be very, very >> simple and no script relied upon any other; they were self dependent. >> If you wanted something to be available before your script, you made >> sure your

Re: Linux startup, Wheezy -- a required script won't run on startup, but can run manually without any trouble

On 10/06/2016 6:17 AM, Dan Purgert wrote: >> Perhaps, but why? I'm not asking it to log anything to syslog; just to >> create it's own log file in the /var/log directory. > > Just going off the comments at the top -- states "required-start: > $syslog". Although, I suppose that you could've

Re: Linux startup, Wheezy -- a required script won't run on startup, but can run manually without any trouble

On 10/06/2016 6:02 AM, Brian wrote: > Your premable was enough: > > In the Solaris world and most SYSV systems like it, there was a very > simple startup system; it was not systemd, nor is it the "modern day > sysvinit. It was much simpler and worked very, very well and extremely >

Re: Linux startup, Wheezy -- a required script won't run on startup, but can run manually without any trouble

On 10/06/2016 5:24 AM, Brian wrote: > Otherwise, hobby-horses probably require a different venue. If you do > not have a problem please try to find somewhere which does not require > Debian support). As per the subject, required script will NOT run and in my message: My script is meant to

Re: Linux startup, Wheezy -- a required script won't run on startup, but can run manually without any trouble

Hi, Thanks for your reply. On 10/06/2016 5:06 AM, Dan Purgert wrote: > Andrew McGlashan wrote: >> In the Solaris world and most SYSV systems like it, there was a very >> simple startup system; it was not systemd, nor is it the "modern day" >> sysvinit. It was muc

  1   2   3   4   5   6   7   >