Re: google account say it will no longer deliver email

2022-05-16 Thread Celejar
On Sat, 14 May 2022 07:25:36 +0200
 wrote:

> On Sat, May 14, 2022 at 03:05:11PM +1200, Ash Joubert wrote:
> > On 14/05/2022 00:42, Michael Stone wrote:
> > > On Fri, May 13, 2022 at 07:16:11AM +0200, to...@tuxteam.de wrote:
> > > > A loong password is not "equivalent" to 2FA, that's right. Good
> > > > password management (of which length is but a part) is as secure
> > > > as 2FA.
> > > 
> > > No, it really isn't.
> > 
> > A good password will not protect you from password reset via a weak channel
> > such as email on an insecure server.
> > 
> > 2FA will not protect you if the second factor is weak or resolves to the
> > same device. Hint: if you store your password and TOTP key in the same
> > manager then you have only one factor.
> 
> Not to speak of SIM spoofing or social engineering of your mobile phone
> provider (yes, it has been observed in the wild). There goes your SMS
> second factor.

Once again, it is well understood (although, bafflingly, often not by
those who should care, such as financial institutions) that SMS is a
terrible choice for 2FA. Hardware tokens, or at least authenticator
apps, are far better. (Although as others have pointed out in this
thread, if your auth app is stored together with your password, that
can eliminate some (but not all) of the benefits of 2FA.)

-- 
Celejar



Re: google account say it will no longer deliver email

2022-05-16 Thread Celejar
On Sat, 14 May 2022 15:05:11 +1200
Ash Joubert  wrote:

> On 14/05/2022 00:42, Michael Stone wrote:
> > On Fri, May 13, 2022 at 07:16:11AM +0200, to...@tuxteam.de wrote:
> >> A loong password is not "equivalent" to 2FA, that's right. Good
> >> password management (of which length is but a part) is as secure
> >> as 2FA.
> > 
> > No, it really isn't.
> 
> A good password will not protect you from password reset via a weak 
> channel such as email on an insecure server.
> 
> 2FA will not protect you if the second factor is weak or resolves to the 
> same device. Hint: if you store your password and TOTP key in the same 
> manager then you have only one factor.

But as you concede below, this is an argument against poorly
implemented 2FA, not against well-implemented 2FA.

> 2FA often smells to me like security theatre, a band-aid over a sucking 
> chest wound of weak security practices, much like forced password 
> expiry. Done well, in addition to good security practices, including 
> strong unique random passwords, 2FA enhances security, but the cost is 
> high. Note however that the cost of a compromise can be devastating.

Is the cost really that high? U2F hardware keys are readily available
for as little as $15 USD (perhaps less - I just took a very quick look
on Amazon), and they can secure all your accounts (that support U2F
2FA).

> If you use 2FA, you must include it in your disaster recovery plans. 
> Imagine all your on-site devices including your phone are destroyed. Now 
> recover.

A very good point. For that, well-implemented 2FA systems typically
encourage the printing out / saving of a handful of OTP passcodes
(which you should backup / print out and save offsite). But of course,
the same is true for passwords as well (assuming you're using (as you
should) long, random ones that are difficult or impossible to remember).

But I agree that it's complicated:

https://dmitryfrank.com/articles/backup_u2f_token

-- 
Celejar



Re: Networking book recommendation

2022-05-05 Thread Celejar
On Thu, 5 May 2022 17:36:14 -0500
Tom Browder  wrote:

> On Thu, May 5, 2022 at 16:07 David Christensen 
> wrote:
> 
> > On 5/5/22 12:31, john doe wrote:
> >
> > > At the time I set up this, I googled this subject and came to the
> > > conclusion that SSH through VPN was a better fit (flexibility, two
> > > layers of security, VPN advantages when connecting on public wifi) for
> > me.
> 
> 
> The only experience with VPN I've had was when I was working from home back
> in 2010 running Debian on a company laptop and a kludge Cisco VPN program
> that somehow "just worked."
> 
> If I go the pfsense/Netgate route (it has a VPN capability) what client do
> I use on my Debian hosts both internal and external?

Depends on what VPN technology you're using. If you have no technical
debt, Wireguard is definitely the way to go. On both ends, just install
the Debian wireguard package (and its dependencies), edit the
appropriate configuration files, and you're good to go.

-- 
Celejar



Re: Crucial SSDs and Debian Bullseye

2022-05-04 Thread Celejar
On Wed, 27 Apr 2022 17:08:04 +0500
"Alexander V. Makartsev"  wrote:

> On 27.04.2022 16:06, Tom Browder wrote:
> > I am trying to replace the original hard drive on an old Toshiba 
> > laptop with a 1 TB SSD from Crucial. (I had recently successfully done 
> > that in an old Dell Latitude and had no problems.)
> >
> > I first did a clean install of Debian 11 on the old drive to ensure 
> > the laptop works okay. Then I installed the new SSD and it can't find 
> > the drive. From what I can find at Crucial, I need to install their 
> > Storage Executive program on a Windows host, look up the SSD to a 
> > USB/SATA connector on that host, and configure or install the firmware 
> > onto the SSD.
> >
> I've never heard anything like that and I've worked with many 
> consumer-grade SSDs.
> Usually all SSDs "just work". They may come pre-partitioned and 
> pre-formatted, but this could be reconfigured with any standard utility 
> programs.
> The only thing I can think of, is that it could require usage of some 
> vendor-specific proprietary software to setup hardware encryption and/or
> to update currently flashed firmware to newer versions.

There's OPAL. Presumably uncommon on consumer-grade drives, but it does
require special software to configure (although not necessarily vendor
specific software) and can be a pain to work with (at least if one isn't
familiar with them, as I wasn't when I encountered it in the wild, in a
second-hand machine ;))

https://en.wikipedia.org/wiki/Opal_Storage_Specification
https://wiki.archlinux.org/title/Self-encrypting_drives

-- 
Celejar



Re: apt-cacher-ng and CNAMEs

2022-05-03 Thread Celejar
On Tue, 3 May 2022 21:24:11 +0200
Nito  wrote:

> On Tue, May 03, 2022 at 15:16:47 -0400, Celejar wrote:
> > [...], and I'm consequently somehow getting bitten by
> > this issue:
> > 
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986356
> > 
> > But that (as described by the maintainer) mess was supposedly resolved,
> > and the bug was closed. Am I missing something, or does that bug need
> > to be reopened?
> 
> Are you using stable? The bug has been closed with version 
> 3.7.1-1 of apt-cacher-ng. Stable currently has 3.6.4-1 with
> no indication of a patch being applied for this bug.
> Bullseye-backoprts offers 3.7.4-1~bpo11+1 though, so you could
> likely use this to get a fix for #986356.

I'm using Sid, apt-cacher-ng version 3.7.4-1.

-- 
Celejar



apt-cacher-ng and CNAMEs

2022-05-03 Thread Celejar
I'm trying to use the Tor upstream repositories:

https://support.torproject.org/apt/tor-deb-repo/

Direct access works correctly, but proxying through apt-cacher-ng
(using SSL passthrough, as per the apt-cacher-ng documentation) does
not:

Err:1 https://deb.torproject.org/torproject.org sid InRelease
  Certificate verification failed: The certificate is NOT trusted. The 
certificate issuer is unknown.  Could not handshake: Error in the certificate 
verification. [IP: xx.xx.xx.xx 3142]

I've been beating my head over this for a while, and I have arrived at
the tentative conclusion that the problem has something to do with the
fact that deb.torproject.org is a CNAME alias for
static.torproject.org., and I'm consequently somehow getting bitten by
this issue:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986356

But that (as described by the maintainer) mess was supposedly resolved,
and the bug was closed. Am I missing something, or does that bug need
to be reopened?

-- 
Celejar



Re: email lacks sender address

2022-04-27 Thread Celejar
On Wed, 27 Apr 2022 10:04:06 +0900
Byung-Hee HWANG   wrote:

> Dear Celejar,
> 
> Celejar  writes:
> 
> > On Tue, 26 Apr 2022 09:42:38 +0900
> > 황병희  wrote:
> >
> >> Dear Greg,
> >> 
> >> Greg Wooledge  writes:
> >> 
> >> > (... thanks ...)
> >> > unicorn:~$ apt-cache show ssmtp

...

> >> Really i love sSMTP so much!!!
> >
> > FWIW, there's an outstanding ten year old bug against sSMTP pointing
> > out that it doesn't bother to validate server TLS certificates. You'll
> > have to decide whether this bothers you or not:
> >
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662960
> 
> That seems some technical issue. However i have no skills to repair that
> C level program.
> 
> Actually i have no trouble with current sSMTP. Both Gmail and yw-1204
> does not break about this matter (verify certificate). So for a while
> i'll keep this state. It means that i will continue to use the sSMTP.


[From another email by Byung-Hee:]

> Correction: Exactly, i did't see any problems. Because i have been using 
> always
> self-signed certficate with sSMTP.
> 
> Sorry for confusing statement. 

I'm not sure what you are saying here - are you possibly confusing
client and server certificates? - but the problem is not that sSMTP
doesn't work with Gmail - the problem is that it doesn't verify the
server's SSL certificate, so it's susceptible to a MITM attack by
someone impersonating Gmail. Again, you'll have to judge for yourself
whether this is something to worry about.

-- 
Celejar



Re: email lacks sender address

2022-04-26 Thread Celejar
On Tue, 26 Apr 2022 09:42:38 +0900
황병희  wrote:

> Dear Greg,
> 
> Greg Wooledge  writes:
> 
> > (... thanks ...)
> > unicorn:~$ apt-cache show ssmtp
> > [...]
> > Description-en: extremely simple MTA to get mail off the system to a mail 
> > hub
> >  A secure, effective and simple way of getting mail off a system to your
> >  mail hub. It contains no suid-binaries or other dangerous things - no mail
> >  spool to poke around in, and no daemons running in the background. Mail is
> >  simply forwarded to the configured mailhost. Extremely easy configuration.
> >
> > The entire point of this package is that it's meant to be used on a
> > "dumb client" which does not wish to have its own outgoing mail queue.
> > Instead, it forwards all of your mail to your "smart host" -- the MTA
> > that has been set up for your organization's dumb clients to use.
> >
> > So, the single piece of information you need in order to use ssmtp is
> > the hostname of your smart host.  Also known as your mail relay.  Or many
> > other names.  It's where you want your outgoing mail to be handled.
> >
> 
> Thanks for your time and your life!
> 
> Really i love sSMTP so much!!!

FWIW, there's an outstanding ten year old bug against sSMTP pointing
out that it doesn't bother to validate server TLS certificates. You'll
have to decide whether this bothers you or not:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662960

-- 
Celejar



Re: exim4 and oAuth

2022-04-26 Thread Celejar
On Mon, 25 Apr 2022 19:41:29 + (UTC)
mike.junk...@att.net wrote:

> I recently switch ISPs to Frontier.com and find that my emails aren't
> going out due to Frontier's insistence on using oAuth which as far as
> I can tell is beyond Exim4's capabilities.
> Feel free to contradict me if you know otherwise.
> I've seen one note suggesting that Mutt can do oAuth but find
> nothing in the docs confirming this nor how to make it so.
> Any pointers would be appreciated.

I haven't tried this myself, but one potential approach is to use
email-oauth2-proxy, which allows non-OAuth-aware applications to talk
to services that require OAuth:

https://github.com/simonrob/email-oauth2-proxy

-- 
Celejar



Re: AW: AW: AW: Here Newbie---Amateur in Linux...Problem: Debian LXDE cannot boot.. Is it destroyed?//Second try Hotmail bug Sorry

2022-04-26 Thread Celejar
On Tue, 26 Apr 2022 09:32:23 -0400
Greg Wooledge  wrote:

...

> Firmware is executable code that runs inside of a device (such as a
> network interface) rather than in your CPU.
> 
> Many modern devices require some non-free firmware in order to perform
> their duties correctly.  This is *especially* the case with wireless
> network interfaces, but also applies to video chipsets and other things.
> 
> If your devices are old enough, you may not need any.  If your devices
> are newer, you probably need some.

Just FTR, some rather old wired ethernet adaptors, such as the Broadcom
NetXtreme II (BCM5716) in my Dell R210 II, also require non-free
firmware to function:

https://packages.debian.org/buster/firmware-bnx2

-- 
Celejar



Re: Desktop environment and VNC

2022-04-24 Thread Celejar
On Fri, 22 Apr 2022 07:49:08 -0400
Greg Wooledge  wrote:

> On Fri, Apr 22, 2022 at 08:57:36AM +0200, Julius Hamilton wrote:
> > There are many VNC servers that can be installed from apt, but you also
> > need a desktop environment, which can be installed from tasksel.
> > 
> > I see in tasksel that I already have Debian Desktop Environment and GNOME
> > installed.
> > 
> > I am pretty sure my VNC server is running and fine as it is except a DE is
> > not running so that’s why I can’t connect.
> > 
> > Is it enough to launch the DE, open a new screen with Screen, then launch
> > the VNC?
> 
> There are two kinds of VNC servers.
> 
> The first kind runs a VNC session which is totally independent of what's
> running on the physical display (if anything).
> 
> The second kind runs inside an existing X11 session, and replicates that
> X11 session as a VNC session.  I only know of *one* VNC server which does
> this, and its name is "x11vnc".

IIUC, TigerVNC can do this as well:

https://packages.debian.org/sid/tigervnc-xorg-extension

Getting it to work properly, though, may not be trivial.

-- 
Celejar



Re: 2FA

2022-04-24 Thread Celejar
On Thu, 21 Apr 2022 17:27:48 +0200
steef  wrote:

> Hi folks, after long time back home. with a question.
> Is 2FA installable on my OS debian11 and, if yes, how do I do that?
> 
> Thank you,

https://wiki.debian.org/Security/U2F

[I am one of the editors of this page.]

-- 
Celejar



Re: What do folks use to mirror repositories

2022-04-19 Thread Celejar
On Tue, 19 Apr 2022 10:57:38 -0600
Charles Curley  wrote:

> On Tue, 19 Apr 2022 11:02:26 -0500
> David Wright  wrote:
> 
> > As for laptops,
> 
> I handle laptops a bit differently (that's Linux for you). My proxy
> statement is in its own file in /etc/apt. When the laptop is home,
> there's a symlink in /etc/apt/apt.conf.d. The symlink gets removed or
> made by a script NetworkManager executes at various times:
> /etc/NetworkManager/dispatcher.d/50ifupdown
> 
> Non-laptops get the same file and symlink. The just don't get
> NetworkManager or that script.

I just bring up a wireguard tunnel to my LAN before updating /
upgrading.

-- 
Celejar



Re: What do folks use to mirror repositories

2022-04-18 Thread Celejar
On Fri, 15 Apr 2022 22:15:36 -0600
Charles Curley  wrote:

...

> Apt-cacher-ng (hereafter acng) also requires a change in client apt
> configurations. Put one line into apt.conf or a one-liner in
> apt.conf.d. I use the latter, 02proxy:
> 
> Acquire::http::Proxy "http://aptcacherdeb.localdomain:3142;;
> 
> There are further wrinkles for laptops and other traveling computers,
> and for https only repos, which I will leave as an exercise for the
> student.

Yes. I use apt-cacher-ng, but having to manually add a workaround for
every SSL-only repository I use is getting rather annoying:

https://wiki.debian.org/AptCacherNg#HTTPS_repositories
https://blog.packagecloud.io/using-apt-cacher-ng-with-ssl-tls/

One ends up with an ugly and not-very readable line like this:

PassThroughPattern: (winehq\.org|xpra\.org|vscodium\.com|packagecloud\.io):443$

-- 
Celejar



Re: Can't create a password successfully.

2022-04-04 Thread Celejar
On Mon, 4 Apr 2022 10:20:09 -0400
Patrick Wiseman  wrote:

> Chrome does that.

As does Firefox:

https://support.mozilla.org/en-US/kb/how-generate-secure-password-firefox

> On Mon, Apr 4, 2022 at 10:04 AM Curt  wrote:
> 
> > On 2022-04-03, Brian  wrote:
> > >
> > >> One of the bits of advice is to use long passwords made up of three
> > >> random words and to use a different password per website / to use
> > >> your web browser to generate an appropriate random password.
> > >> Forcing passwords to change regularly may not be a good way to
> > >> maintain security - it can mean that people use password01, password02
> > >> and things like that.
> > >
> > > Changing passwords at frequent intervals? Total nonsensense as far as
> > > advice goes.
> > >
> >
> > What web browser generates 'random' passwords? Am I missing something?
> >
> >
> >
> >
> >


-- 
Celejar



Re: libvirt tools and keyfiles

2022-04-03 Thread Celejar
On Sun, 03 Apr 2022 10:45:06 +0200
didier gaumet  wrote:

> 
> 
> Hello,
> 
> - Yes, I was suggesting both running VMs as an ordinary user instead of
> root and running VMs as session instead of system
> - But myself not running any VM as a server, I was not aware of the
> limitations inherent to the use of "session" compared to "system"

Got it. Some of my VMs are servers and some are not, so I suppose I
could run some as "session," but right now I'm just running everything
under a single "system" libvirt.

> - SSH tunnel: I was just saying it is possible to use a SSH tunnel or a
> direct SSH connection ("--direct")

Got it. I haven't really looked into the distinction, although I did
notice it in the documentation, but I'll keep it in mind for the future.

> Glad your problem is solved :-)

Thanks for providing me with the solution!

-- 
Celejar



Re: libvirt tools and keyfiles

2022-04-02 Thread Celejar
On Sat, 02 Apr 2022 09:53:18 +0200
didier gaumet  wrote:

...

> - double authentication: "When using a SSH tunnel to connect to a SPICE
> console, it's recommended to have ssh-agent running to avoid getting
> multiple authentication prompts."
> 
> (take a look at virtsh, virt-manager, virt-viewer manpages)

Thank you - this works! Specifically, starting an agent on the client
machine, and then running virt-manager under the agent avoids the
second prompt.

I still think that the failure of virt-manager to use the provided
keyfile for the console access should count as a bug: after all, if
I've provided a keyfile, the location of which virt-manager has stored
in its configuration, then why isn't it using it for console access? I
understand that I can get around this by using an agent, but why should
I have to?

Celejar



Re: libvirt tools and keyfiles

2022-04-02 Thread Celejar
On Sat, 02 Apr 2022 22:40:30 +0200
Linux-Fan  wrote:

> Celejar writes:
> 
> > Hi,
> >
> > I'm trying to use virt-manager / virt-viewer to access the console of
> > some qemu / kvm virtual machines on a remote system over ssh. I have
> > public key access to root@remote_system. When I do:
> >
> > virt-manager -c 'qemu+ssh://root@remote_system/system?
> > keyfile=path_to_private_key'
> >
> > the connection to libvirt on the remote system comes up fine, and I can
> > see the various VMs running there, but when I try to access a VM
> > console (via the "Open" button or "Edit / Virtual Machine Details"), I
> > get prompted for the password for "root@remote_system" (which doesn't
> > even work, since password access is disabled in the ssh server
> > configuration).
> 
> What do you insert for `remote_system`? A hostname or an IP?

A hostname (resolved via /etc/hosts on the client machine).

> IIRC I once tried to use an IP address directly  
> (qemu+ssh://u...@192.168.yyy.yyy), and while it would perform the initial  
> connection successfully, subsequent actions would query me for  
> the password of (user@masysma-...) i.e. change from IP-address-based (which  
> was configured to use a key in .config/ssh) to hostname based (for which the  
> key was not specified in the config. I solved this by adding the hostname to  
> /etc/hosts and configuring SSH and my virt-manager connection to use the  
> hostnames rather than IP addresses.
> 
> I also remember that I had to add the connection to my GUI user's .ssh/config 
>  
> AND my root user's .ssh/config. In my case, I am not specifying the keyfile  
> as part of the connection, though.

Thanks.

Celejar



Re: libvirt tools and keyfiles

2022-04-02 Thread Celejar
On Sun, 3 Apr 2022 03:43:10 +1200
Richard Hector  wrote:

> 
> > On 2022-04-01, Celejar  wrote:
> >>
> >>
> >> What is going on here? Since I'm specifying a keyfile on the command
> >> line, and it's being used - otherwise I wouldn't even get the list of
> >> VMs - why am I being prompted for the password?
> >>
> >> Celejar
> 
> Apologies for replying to the wrong message - I've deleted the original.
> 
> Are you really getting prompted for the password for the host system? 
> You're not talking about the login prompt on the console of the VM?

Yes - I'm not getting into the console of the VM at all, and the prompt
is for "root@remote_system", not the VM hostname / IP.

> Also, by adding my normal user on the host system to the libvirt group, 
> it's not necessary to ssh as root - I can just use my normal user. In 
> fact I don't allow root logins, so I can't directly test your commands.

Good to know. I was following the examples from the documentation, such
as:

virsh --connect qemu+ssh://r...@example.com/system

from https://wiki.libvirt.org/page/FAQ

virt-viewer --direct --connect qemu+ssh://r...@example.org/ guest-name

from

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/chap-graphic_user_interface_tools_for_guest_virtual_machine_management

But I'll have to look into just adding a user to the libvirt group on
the host and logging in as that user.

> Oh, and I assume the doubled '-c' is a typo :-)

Yes, sorry.

> Cheers,
> Richard

Celejar



Re: libvirt tools and keyfiles

2022-04-02 Thread Celejar
On Sat, 2 Apr 2022 08:05:52 - (UTC)
Curt  wrote:

> On 2022-04-01, Celejar  wrote:
> >
> >
> > What is going on here? Since I'm specifying a keyfile on the command
> > line, and it's being used - otherwise I wouldn't even get the list of
> > VMs - why am I being prompted for the password?
> >
> > Celejar
> >
> >
> 
> Aren't you required to copy the key over to the remote machine
> ('ssh-copy-id')?

The key in question is already present in the authorized_keys file on
the remote machine - that's why the initial login works. Perhaps I'm
missing something, but what would ssh-copy-id accomplish?

Celejar



Re: libvirt tools and keyfiles

2022-04-02 Thread Celejar
On Sat, 02 Apr 2022 09:53:18 +0200
didier gaumet  wrote:

> 
> 
> Hello,
> 
> Disclaimer: I do not use ssh, nor remote virtual machines, so this is
> far from an expert answer :-)

Thanks for the suggestions!

> You could be confronted to several possible problems:
> - root access: you could try using an ordinary user instead

I'm not sure if I understand what you're saying, but I am using an
ordinary user on the client side. The VMs are running on the remote
machine using qemu:///system.

> - "system" problem: virt-manager/virt-viewer propose "system" and
> "session" options and in this case, trying an ordinary user "session"
> instead of a root "system" could be beneficial

Not sure if I understand what you're saying - as above, the VMs are
running on the remote machine using qemu:///system - are you
suggesting that I try reconfiguring them to run as qemu:///session?
According to the documentation:

> You will definitely want to use qemu:///system if your VMs are acting
> as servers. VM autostart on host boot only works for 'system', and the
> root libvirtd instance has necessary permissions to use proper
> networkings via bridges or virtual networks. qemu:///system is
> generally what tools like virt-manager default to.
> 
> qemu:///session has a serious drawback: since the libvirtd instance
> does not have sufficient privileges, the only out of the box network
> option is qemu's usermode networking, which has nonobvious limitations,
> so its usage is discouraged. More info on qemu networking options:
> http://people.gnome.org/~markmc/qemu-networking.html 

https://wiki.libvirt.org/page/FAQ#What_is_the_difference_between_qemu:.2F.2F.2Fsystem_and_qemu:.2F.2F.2Fsession.3F_Which_one_should_I_use.3F

> - ssh tunnel or not (virt-manager/virt-viewer have different options
> for that)

I don't understand this point.

> - double authentication: "When using a SSH tunnel to connect to a SPICE
> console, it's recommended to have ssh-agent running to avoid getting
> multiple authentication prompts."

Thanks - this might be the solution. I'll have to look into this
further.

> (take a look at virtsh, virt-manager, virt-viewer manpages)

-- 
Celejar



libvirt tools and keyfiles

2022-04-01 Thread Celejar
Hi,

I'm trying to use virt-manager / virt-viewer to access the console of
some qemu / kvm virtual machines on a remote system over ssh. I have
public key access to root@remote_system. When I do:

virt-manager -c 'qemu+ssh://root@remote_system/system?
keyfile=path_to_private_key'

the connection to libvirt on the remote system comes up fine, and I can
see the various VMs running there, but when I try to access a VM
console (via the "Open" button or "Edit / Virtual Machine Details"), I
get prompted for the password for "root@remote_system" (which doesn't
even work, since password access is disabled in the ssh server
configuration).

The same thing happens when I run:

virt-viewer -c -c 'qemu+ssh://root@remote_system/system?
keyfile=path_to_private_key'

a list of VMs on the remote system pops up, but when I select one, I
get the password prompt.

What is going on here? Since I'm specifying a keyfile on the command
line, and it's being used - otherwise I wouldn't even get the list of
VMs - why am I being prompted for the password?

Celejar



Potential DNS leak with Wireguard + iwd + resolvconf

2022-03-30 Thread Celejar
Hi,

My wireless interface is controlled via iwd
(EnableNetworkConfiguration=true, NameResolvingService=resolvconf), and
I have a wireguard VPN used to remotely access my private network,
managed via e/n/i / ifupdown (using wg-quick).
In /etc/wireguard/wg0.conf, I have a "DNS=xxx.xxx.xxx.xxx" line,
pointing to a nameserver I run within my private network (reachable
through the wireguard tunnel).

When I connect to a wireless network (using DHCP,
handled by iwd, as above), /etc/resolv.conf gets populated with the
standard:

nameserver nnn.nnn.nnn.nnn
search a.b.c

When I then do "ifup wg0", my specified nameserver xxx.xxx.xxx.xxx is
*prepended* to the above lines, so I end up with the following
in /etc/resolv.conf:

nameserver xxx.xxx.xxx.xxx
nameserver nnn.nnn.nnn.nnn
search a.b.c

This seems wrong, and a potentially serious DNS leak: if my nameserver
xxx.xxx.xxx.xxx ever goes down, then nameserver nnn.nnn.nnn.nnn will be
automatically queried, which may be undesirable.

My understanding is that the VPN configuration should be *replacing* the
pre-VPN /etc/resolv.conf, rather then *prepending* the new nameserver to
it. Am I misunderstanding things, have I misconfigured things, or is
this indeed a (serious) bug?

-- 
Celejar



Re: installing on Lenovo Ideapad 3

2022-03-29 Thread Celejar
On Tue, 29 Mar 2022 19:28:32 +0200
Christian Britz  wrote:

> 
> On 2022-03-29 19:20 UTC+0200, Paul Scott wrote:
> 
> >> Which ISO?
> > debian-11.2.0-amd64-netinst.iso
> 
> This could be the root cause for the networking problems. Try the
> "unofficial" ISO which supports binary blobs.
> 
> If this seems unethical to you, buy an ethernet adapter which does not
> need a proprietary binary blob. For WiFi, there is probably no such
> solution available.

There actually are such solutions available, e.g.:

https://wiki.debian.org/ath9k_htc
https://tracker.debian.org/pkg/open-ath9k-htc-firmware
https://directory.fsf.org/wiki/Firmware-ath9k-htc
https://github.com/qca/open-ath9k-htc-firmware

No idea how well this hardware works, or how readily available it is.

-- 
Celejar



Re: Can't use mc's editor

2022-03-20 Thread Celejar
On Sun, 20 Mar 2022 13:53:52 -0400
gene heskett  wrote:

> Greetings all;
> 
> The colors used by mc's editor are making the editor impossible to use as 
> they can't be used by someone with good color vision even, they are all 
> so alike.
> 
> Where can I change mc's default editor to something as clear and easy to 
> use as geany? Seems to me that used to be a menu choice, but thats not 
> findable when the menus except for the click on it character are all 
> solid 100% bright blue and cannot be read by human eyes.

There are two questions here:

1) How can mc's colors be changed?

Answer: via environment variables or the configuration file
(~/.config/mc/ini) - see the "Colors" section of the mc manpage.

2) How can mc's default editor be changed?

Answer: via mc.ext (copy /etc/mc/mc.ext to ~/.config/mc/mc.ext and edit
the copied version)

Celejar



Re: OT EU-based Cloud Service

2022-03-18 Thread Celejar
On Fri, 18 Mar 2022 15:37:09 +0100
Nicolas George  wrote:

...

> In France, the three major host providers are:
> 
> https://www.scaleway.com/

FWIW, I use Scaleway's S3-compatible Object Storage (via rclone, from
the U.S.) to store borg backups online, and it works very well. The
first 75GB of storage (and transfer) are currently free:

https://www.scaleway.com/en/object-storage/

Celejar



Re: Xfce4: screen visible upon resume before xscreensaver locks it

2022-02-23 Thread Celejar
On Wed, 23 Feb 2022 11:50:54 +0900
John Crawley  wrote:

> On 22/02/2022 23:12, Celejar wrote:
> > Hello,
> > 
> > I'm running Xfce4 on a recent install of Sid. I have configured Xfce4
> > to "Lock screen before sleep" (in Session and Startup / General), but
> > when I use xscreensaver, when resuming from suspend the screen is often
> > visible for a brief period before xscreensaver kicks in. I have not
> > seen this problem when using light-locker. 
> >...
> > I can't make out whether I have misconfigured something here, or
> > whether this is a serious security bug in the current Xfce4 -
> > xscreensaver integration.
> 
> I can't shed any light on the cause, but can report I see the same
> thing on a non-xfce system. I'm using lightdm and light-locker, then
> openbox, although am using some xfce utilities.
> 
> Usually when booting up a flash of the previous user desktop is shown
> before the login window. Agreed, this is not desirable at all. The only
> possible culprit I can think of is xfdesktop4 - can you try booting to
> a session with that disabled?

Thanks for the suggestions - if I manage to do that, I'll report back
with the results.

Celejar



Re: [OT] Online CPU configuration tool

2022-02-22 Thread Celejar
On Tue, 22 Feb 2022 21:12:26 +0100
Tom  wrote:

> 
> 
> On 2/22/22 20:59, Grzesiek wrote:
> > Hi there,
> > 
> > I'm looking for a tool listing CPUs by different criteria like the 
> > number of cores, number of memory channels clock speed etc. Is there any 
> > web page capable of that? I tried to google, no luck.
> > 
> > Regards
> > Greg
> > 
> 
> Certain webshops will surely offer this? For my locale 
> https://tweakers.net/processors/vergelijken/ comes to mind.

The popular site PCPartPicker allows searching on at least some, if not
necessarily all, of the criteria in which the OP is interested:

https://pcpartpicker.com/products/cpu/

Celejar



Xfce4: screen visible upon resume before xscreensaver locks it

2022-02-22 Thread Celejar
Hello,

I'm running Xfce4 on a recent install of Sid. I have configured Xfce4
to "Lock screen before sleep" (in Session and Startup / General), but
when I use xscreensaver, when resuming from suspend the screen is often
visible for a brief period before xscreensaver kicks in. I have not
seen this problem when using light-locker. I also tried briefly with
xfce4-screensaver and did not see the problem, but I have not done
extensive testing with xfce4-screensaver.

This is obviously a serious problem: I see that this has been a
commonly reported Xfce issue, with various distros / screensavers, etc.,
over the years, e.g.:

https://bugs.mageia.org/show_bug.cgi?id=28286
https://bugzilla.xfce.org/show_bug.cgi?id=14782
https://bugzilla.xfce.org/show_bug.cgi?id=15929
https://askubuntu.com/questions/1383379/xubuntu-desktop-visible-after-suspend-before-lock-screen

but I can't make out whether I have misconfigured something here, or
whether this is a serious security bug in the current Xfce4 -
xscreensaver integration.

Celejar



Re: Request free live CD

2022-02-14 Thread Celejar
On Sat, 12 Feb 2022 14:09:29 +0100
Andrei POPESCU  wrote:

> On Jo, 10 feb 22, 20:05:32, Celejar wrote:
> > On Thu, 10 Feb 2022 16:47:18 +0100
> >  wrote:
> > 
> > > On Thu, Feb 10, 2022 at 03:05:26PM +0100, Dozzyjean Dozie wrote:
> > > > Please I will be very much interested to get a live CD from you, please
> > > > what are the prerequisites that are needed to be archived this request 
> > > > free
> > > > cd for free from you.
> > > 
> > > See here:
> > > 
> > >   https://www.debian.org/CD/free-linux-cd
> > > 
> > > Since burning a CD and putting into the mail costs money, you can't
> > > expect someone doing it for you. In the above page it is explained
> > 
> > I'm genuinely curious about this: time and money are both scarce and
> > precious resources. Why is there an assumption that people will gladly
> > donate of their time to help others, but not their money? Is it because
> > the assumption is that the person asking for help should just spend
> > his own money, but may not be able to solve his problem by spending his
> > own time?
> 
> Assuming I might have a decent internet connection, a disc burner and 
> spare blank media I might consider helping out.
> 
> However, this particular request feels too much like someone just 
> wanting to take advantage of some freebie ("hey, I heard you give out 
> stuff for free so I want some"), as opposed to someone in real need 
> (hey, internet here is slow and/or metered, media burners are nowhere to 
> be found, etc., could someone help out?").

Totally understandable. Just to be clear, I did not mean to criticize
or accuse anyone of irrationality or hypocrisy - I was just curious
about the mindsets of open source devotees.

Celejar



Re: Memory leak

2022-02-14 Thread Celejar
On Sat, 12 Feb 2022 12:49:15 -0500
Stefan Monnier  wrote:

> > As I mentioned (briefly) in my original post, yes, I experience concrete
> > problems: the system either grinds to a halt or becomes unresponsive,
> > or hits swap and becomes intolerably slow.
> 
> Sorry I missed that part.
> I think that's what you should focus on: try and run some background
> collection of timestamped system state (CPU use and memory use) and then
> try and investigate to see what it is that was eating all the resources
> during those times where the system grinds to a halt.

Thank you. I actually just did a complete rebuild of my system from
scratch: the old SSD was almost full and I installed a new one, so I
decided to rebuild from scratch to get rid of accumulated cruft. So far
things have been much better, but I'll see if problems return.

Celejar



Re: Request free live CD

2022-02-14 Thread Celejar
On Sun, 13 Feb 2022 12:36:04 - (UTC)
Curt  wrote:

> On 2022-02-11, Celejar  wrote:
> >> 
> >>   https://www.debian.org/CD/free-linux-cd
> >> 
> >> Since burning a CD and putting into the mail costs money, you can't
> >> expect someone doing it for you. In the above page it is explained
> >
> > I'm genuinely curious about this: time and money are both scarce and
> > precious resources. Why is there an assumption that people will gladly
> > donate of their time to help others, but not their money? Is it because
> > the assumption is that the person asking for help should just spend
> > his own money, but may not be able to solve his problem by spending his
> > own time?
> 
> Because your premise is false, and there is no equivalence between time
> and money.

I have no premise of an "equivalence" between time and money; the
question of why people distinguish between them is nevertheless a
legitimate one, since they are both scarce resources which people have
to prioritize and allocate between their own personal needs and those of
others.

Celejar



Re: Request free live CD

2022-02-14 Thread Celejar
On Fri, 11 Feb 2022 19:10:58 -0500
rhkra...@gmail.com wrote:

> On Friday, February 11, 2022 02:44:26 PM Celejar wrote:
> > Fair enough, although the question then is why we enjoy giving of our
> > time but not our money. I assume that a primary motive of many (I can't
> > speak for anyone in particular, of course) who give of their time is a
> > desire to help others, and the act of helping others is what provides
> > enjoyment to them, so then the question is why they would not enjoy
> > helping others with financial contributions.
> 
> For me, it is easier (emotionally) to give time rather than money.  Although 
> I'm not too bad off re money, I don't get my supply renewed everyday (well, 
> for 
> the most part, I do now get SS (in the US).

True. On the other hand, one's time on this earth is limited, while
money is, at least for some, less of a rigid constraint.

Celejar



Re: Memory leak

2022-02-11 Thread Celejar
On Fri, 11 Feb 2022 15:57:58 -0500
Bijan Soleymani  wrote:

> On 2022-02-11 14:52, Celejar wrote:
> > As I mentioned in another post, I do this occasionally, but I'm not
> > sure how to interpret the results. I just killed firefox; I got back
> > about 3.5 GB, but the system is still using about 4.8, and Xorg's usage
> > hasn't changed: ~ 4436M / 3081M / 105M.
> 
> Closing Firefox returns 100% of Firefox memory to OS (as long as all the 
> processes are killed). I don't know that it would affect Xorg's usage 
> though.

I understand, but apparently sometimes application memory leaks show up
as increased Xorg memory usage:

https://unix.stackexchange.com/questions/6538/xorg-memory-leaks

This is admittedly old, and xrestop doesn't show anything too
suspicious.

> A lot of memory in Linux (and other OS's) is allocated to cache/buffers 
> to speed things up. As programs use more memory the amount for that goes 
> down.
> 
> For example on my system now with 16GB I have:
> MiB Mem :  16007.9 total,   4564.8 free,
> 6306.2 used,   5136.9 buff/cache
> 
> (with thunderbird, chrome, etc. open).
> 
> So 5GB is used for cache and 6GB is used for programs and about 4GB is free.

I understand this, but as I've been saying, I have the impression that
too much memory is being actually used outside buffers and cache.

Celejar



Re: Memory leak

2022-02-11 Thread Celejar
On Fri, 11 Feb 2022 11:40:15 -0700
Charles Curley  wrote:

> On Fri, 11 Feb 2022 12:01:59 -0500
> Celejar  wrote:
> 
> > So I've heard. So is this something I just have to live with? Does
> > everyone have this problem?
> 
> It is widely rumored, backed by experiments I've done here. I've not
> seen anything official from the Mozilla folks, but then I don't pay
> close attention to them.
> 
> My solution is simple: I switched to Vivaldi over a year ago, and
> haven't looked back. https://vivaldi.com. They have packages for
> Debian, and run a roughly two week release cycle. It's based on
> Chromium, but with better privacy settings for the defaults.

There are several reasons I'm not ready to do that:

1) Vivaldi is not open source.

2) It's based on Chrome, which empowers Google and its ability to
control web standards.

3) I am worried about a web monoculture.

Celejar



Re: Memory leak

2022-02-11 Thread Celejar
On Fri, 11 Feb 2022 09:58:40 -0800
Charlie Gibbs  wrote:

> On Fri Feb 11 09:43:03 2022 Celejar  wrote:
> 
>  > On Fri, 11 Feb 2022 09:53:17 -0700
>  > Charles Curley  wrote:
>  >
>  >> On Fri, 11 Feb 2022 11:06:01 -0500
>  >> Celejar  wrote:
>  >>
>  >>> I seem to have a serious memory leak on my system (Lenovo W550s) -
>  >>> the memory usage seems to slowly but more or less steadily keep
>  >>> increasing.
>  >>>
>  >>> This is a more or less normal (I think) desktop installation of Sid,
>  >>> running Xfce4. Typical applications used are Firefox (currently with
>  >>> just one extension: uBlock Origin), LibreOffice Writer, Sylpheed,
>  >>> Xfce4 Terminal, and Liferea, all from the official repos.
>  >>
>  >> Firefox left running for days on end is a possible culprit.
>  >
>  > So I've heard. So is this something I just have to live with? Does
>  > everyone have this problem? I actually did used to kill firefox
>  > when I was experiencing memory pressure - it certainly relieved
>  > the immediate problem, but I think I found that not all the memory
>  > used was returned, and when I restarted firefox, the problem of
>  > running out of memory often returned before long (i.e., in much
>  > less time than after a fresh install).
> 
> You can quickly test this by taking Firefox down.  If the problem is
> indeed with Firefox (as opposed to Debian), this isn't the place to
> discuss it.

As I mentioned in another post, I do this occasionally, but I'm not
sure how to interpret the results. I just killed firefox; I got back
about 3.5 GB, but the system is still using about 4.8, and Xorg's usage
hasn't changed: ~ 4436M / 3081M / 105M.

Celejar



Re: Memory leak

2022-02-11 Thread Celejar
On Fri, 11 Feb 2022 18:06:52 +
piorunz  wrote:

> On 11/02/2022 17:01, Celejar wrote:
> > So I've heard. So is this something I just have to live with? Does
> > everyone have this problem? I actually did used to kill firefox when I
> > was experiencing memory pressure - it certainly relieved the immediate
> > problem, but I think I found that not all the memory used was returned,
> > and when I restarted firefox, the problem of running out of memory
> > often returned before long (i.e., in much less time than after a fresh
> > install).
> 
> Yes that's typical for today's browsers. I never close browsers/reboot
> my home-work computer, right now I have 2 days uptime and 17 GB memory
> allocated between my normal day to day tools.
> 
> 
> Go to Firefox Settings / Performance
> Untick Recommended settings and change Content process limit to 1. Like
> in the screenshot.
> That will decrease memory usage.

Thanks - I'll look into this.

Celejar



Re: Memory leak

2022-02-11 Thread Celejar
On Fri, 11 Feb 2022 13:43:55 -0500
Stefan Monnier  wrote:

> > I used to have 8 GB on the system, and it would start to thrash at
> > about 7+ GB usage. I recently ugrade to 16 GB; memory usage is
> > currently over 8 GB, and it seems to be slowly but steadily increasing.
> 
> Presumably you bought 16GB to make use of it, right?

Yes, and so I can do things like development, with IDEs and emulators
that consume additional GBs of RAM, while leaving my usual applications
running.

> So it's only natural for your OS to try and put that memory to use.
> Any "free memory" is memory that could potentially be used for something
> more useful (IOW "free" = "wasted" in some sense).
> 
> It's normal for memory use to increase over time, as your OS finds more
> things to put into it.
> 
> Of course, that doesn't mean that the concept of excessive memory use
> doesn't exist.  Just that it's hard to characterize.

I understand all this, at least in general terms.

> Do you actually experience a concrete problem (like your system getting
> sluggish and making too many disk accesses to swap things in of the
> RAM)?

As I mentioned (briefly) in my original post, yes, I experience concrete
problems: the system either grinds to a halt or becomes unresponsive,
or hits swap and becomes intolerably slow.

Since upgrading to 16 GB a couple of days ago, I haven't had problems
yet, but I used to see the problems I mentioned when I had "only" 8
GB ;/

Celejar



Re: Request free live CD

2022-02-11 Thread Celejar
On Fri, 11 Feb 2022 20:33:45 +0100
"Thomas Schmitt"  wrote:

> Hi,
> 
> i wrote:
> > >   Clara Oswald: "You're not my boss, you're my hobby."
> 
> Celejar wrote:
> > I think I'm missing your point. Explain, please?
> 
> I contribute time because i like to do so.
> Less entertaining would be to give away an optical medium,
> to buy post stamps, and to reveil my real world postal address.

Fair enough, although the question then is why we enjoy giving of our
time but not our money. I assume that a primary motive of many (I can't
speak for anyone in particular, of course) who give of their time is a
desire to help others, and the act of helping others is what provides
enjoyment to them, so then the question is why they would not enjoy
helping others with financial contributions.

Celejar



Re: Memory leak

2022-02-11 Thread Celejar
On Fri, 11 Feb 2022 09:53:17 -0700
Charles Curley  wrote:

> On Fri, 11 Feb 2022 11:06:01 -0500
> Celejar  wrote:
> 
> > I seem to have a serious memory leak on my system (Lenovo W550s) - the
> > memory usage seems to slowly but more or less steadily keep
> > increasing.
> > 
> > This is a more or less normal (I think) desktop installation of Sid,
> > running Xfce4. Typical applications used are Firefox (currently with
> > just one extension: uBlock Origin), LibreOffice Writer, Sylpheed,
> > Xfce4 Terminal, and Liferea, all from the official repos.
> 
> Firefox left running for days on end is a possible culprit.

So I've heard. So is this something I just have to live with? Does
everyone have this problem? I actually did used to kill firefox when I
was experiencing memory pressure - it certainly relieved the immediate
problem, but I think I found that not all the memory used was returned,
and when I restarted firefox, the problem of running out of memory
often returned before long (i.e., in much less time than after a fresh
install).

Celejar



Memory leak

2022-02-11 Thread Celejar
Hello,

I seem to have a serious memory leak on my system (Lenovo W550s) - the
memory usage seems to slowly but more or less steadily keep increasing.

This is a more or less normal (I think) desktop installation of Sid,
running Xfce4. Typical applications used are Firefox (currently with
just one extension: uBlock Origin), LibreOffice Writer, Sylpheed, Xfce4
Terminal, and Liferea, all from the official repos.

I used to have 8 GB on the system, and it would start to thrash at
about 7+ GB usage. I recently ugrade to 16 GB; memory usage is
currently over 8 GB, and it seems to be slowly but steadily increasing.

I have never been able to wrap my head around linux memory usage
reporting. htop currently reports about 8.13 GB used (up from about
8.03 when I began this email). I sorted the processes by PERCENT_MEM,
and here are the leaders (VIRT / RES / SHR):

A half dozen or so Xorg processes: 4340M / 2947M / 90948

Numerous 'firefox' processes: 5102M / 1068M / 369M.

Some soffice.bin processes: 1096M / 301M / 128M.

A bunch more '/usr/lib/firefox/firefox' processes: 27.2G / 213M / 88620.

Some webkit processes: 100G / 212M / 143M.

Some liferea processes: 84.3G / 198M / 112M

A bunch *more* '/usr/lib/firefox/firefox' processes: 2835M / 186M / 127M

And a bunch *more* '/usr/lib/firefox/firefox' processes: 2456M / 180M /
150M

And then several more bunches of '/usr/lib/firefox/firefox' processes,
with values of the same orders of magnitude to the preceeding ones.

My understanding is that it's the RES and SHR values that are
important, not the VIRT ones. I have the impression that the Xorg
values are high. I saw recommendations to use xrestop to check things
like pixmap usage. I don't really know much about this, but currently
the total pixmap usage is about 360M, mostly used by a Writer process,
and about 40M for Xfwm4 and 30M by Firefox.

Any ideas?

Celejar



Re: Request free live CD

2022-02-11 Thread Celejar
On Fri, 11 Feb 2022 09:00:22 -0500
Dan Ritter  wrote:

> Celejar wrote: 
> > 
> > I do understand and agree with this, but my point was that we (at least
> > the more helpful of us) on this list are perfectly willing to freely
> > give of our time to help others, so why would we (at least those of us
> > fortunate enough to have disposable income to spare) not be willing to
> > give of our money as well to help others who need it?
> 
> That's easy: time is much more effective than money in this
> context.
> 
> If you answer a question on this mailing list, it is recorded
> and can be searched; hundreds or thousands of people can be
> helped.
> 
> If you fix a bug in a major package, millions of people will be
> helped.

Fair points, certainly, although many people spend much time even on
very minor packages, and on helping people with very niche questions,
where their answers are really unlikely to help hundreds or thousands
of people.

> If you donate the money that you make in an hour to postage and
> media for DVDs or USB sticks, somewhere between a fraction of a
> person and a couple of hundred will be helped -- for an average
> US income, about 2 USB sticks.
> 
> Money is great, but it is needed in business-sized quantities.
> Any individual person with skills makes the community better off by
> answering questions and fixing bugs than they would by donating
> the equivalent time in money.
> 
> As a corollary, if you can spend a couple of hours convincing a
> business that runs Debian to donate some money, that's probably
> an excellent use of your time.

Indeed.

Celejar



Re: Request free live CD

2022-02-11 Thread Celejar
On Fri, 11 Feb 2022 08:58:51 +0100
"Thomas Schmitt"  wrote:

> Hi,
> 
> Celejar wrote:
> > Why is there an assumption that people will gladly
> > donate of their time to help others, but not their money?
> 
> Let me quote from a classic british play:
> 
>   The Doctor:   "Do i pay you ? I should give you a raise."
>   Clara Oswald: "You're not my boss, you're my hobby."

I found the quote:

https://www.tvfanatic.com/quotes/youre-not-my-boss-youre-my-hobby/

But I think I'm missing your point. Explain, please?

Celejar



Re: Request free live CD

2022-02-10 Thread Celejar
On Thu, 10 Feb 2022 20:51:42 -0500
Bijan Soleymani  wrote:

> On 2022-02-10 20:05, Celejar wrote:
> > I'm genuinely curious about this: time and money are both scarce and
> > precious resources. Why is there an assumption that people will gladly
> > donate of their time to help others, but not their money? Is it because
> > the assumption is that the person asking for help should just spend
> > his own money, but may not be able to solve his problem by spending his
> > own time?
> 
> I think this is the distinction between free speech and free beer (two 
> different meanings of the word free in English).
> 
> That is the difference between freedom (no restrictions), and something 
> being gratis (no cost).
> 
> Debian is committed to free software, as in users are free to modify the 
> software, and they have access to the source code.
> 
> Debian is not a charity that provides free hardware to people who need 
> computers.
> 
> Since there is not much cost to distributing software online Debian does 
> so for free (on their servers and through mirrors), but the important 
> goal is that the users who get the software have the freedom to modify it.
> See:
> https://www.debian.org/social_contract#guidelines
> 
> and
> 
> https://www.gnu.org/philosophy/free-sw.en.html
> 
> (the related point in the Debian Free Software Guidelines that there 
> cannot be a fee required to distribute the software, doesn't mean that 
> one can't charge a fee (for either a CD or download), but rather that 
> one can't put requirements on further redistribution after that)

I do understand and agree with this, but my point was that we (at least
the more helpful of us) on this list are perfectly willing to freely
give of our time to help others, so why would we (at least those of us
fortunate enough to have disposable income to spare) not be willing to
give of our money as well to help others who need it?

Celejar



Re: Request free live CD

2022-02-10 Thread Celejar
On Thu, 10 Feb 2022 16:47:18 +0100
 wrote:

> On Thu, Feb 10, 2022 at 03:05:26PM +0100, Dozzyjean Dozie wrote:
> > Please I will be very much interested to get a live CD from you, please
> > what are the prerequisites that are needed to be archived this request free
> > cd for free from you.
> 
> See here:
> 
>   https://www.debian.org/CD/free-linux-cd
> 
> Since burning a CD and putting into the mail costs money, you can't
> expect someone doing it for you. In the above page it is explained

I'm genuinely curious about this: time and money are both scarce and
precious resources. Why is there an assumption that people will gladly
donate of their time to help others, but not their money? Is it because
the assumption is that the person asking for help should just spend
his own money, but may not be able to solve his problem by spending his
own time?

Celejar



Re: Please take this as constructive

2022-01-18 Thread Celejar
On Tue, 18 Jan 2022 13:47:09 +
Brian  wrote:

> On Tue 18 Jan 2022 at 14:30:45 +0100, Loïc Grenié wrote:
> 
> > Hi,
> > 
> > On Tue 18 Jan 2022 at 07:48, R. Toby Richards wrote:
> > 
> > > Every time that I search for solutions to my wifi drivers, the solution is
> > > to apt-get install a bunch of drivers. Why does nobody realize that 
> > > apt'ing
> > > anything is a non-solution: How can I apt-get install  if
> > > I don't have network drivers? There are DOZENS of responses to questions

...

> >  I've been hit several time with this same problem, or variants thereof,
> >   and my solution has always been to have a separate computer with
> >   network access and use sneakernet between the two computers.
> >   I've always wondered how to do it better.
> 
> Wonder no longer :). Acquaint yourself with netcat.

How is netcat going to help if there's no networking on one machine?
And if there is (e.g., using a wired connection), then netcat isn't
really necessary, since the machine connected to the internet can be
configured to route packets to the other one.

Celejar



Re: odd question re man pages

2022-01-07 Thread Celejar
On Fri, 07 Jan 2022 05:59:36 -0500
gene heskett  wrote:

...

> That is installed, but I can't find a configurator for it.  And I am a heavy 
> user of mc but the file menu popup steals the F10 key, also a pita. But 
> there is not an F10 checked in the settings for xfce or konsole that I can 
> find.

If you're using xfce4-terminal, look at xfce4-terminal's Edit /
Preferences / Advanced / Shortcuts / Disable menu shortcut key (F10 by
default)

Celejar



Re: Thunderbird not allowing local accounts

2022-01-06 Thread Celejar
On Thu, 06 Jan 2022 10:40:10 +
Eric S Fraga  wrote:

> On Wednesday,  5 Jan 2022 at 11:26, Charles Curley wrote:
> > Or, if you want to stick with your investment in Thunderbird, use
> > dovecot to set up a local imap server.
> 
> dovecot is also quite useful for letting those MUAs that do not support
> oauth2 access services which require it.

And there's also this, although I have not used it and don't know how
well it works:

https://github.com/simonrob/email-oauth2-proxy

Celejar



Re: Thunderbird not allowing local accounts

2022-01-06 Thread Celejar
On Thu, 06 Jan 2022 09:26:16 +0100
didier gaumet  wrote:

> 
> 
> Le mercredi 05 janvier 2022 à 11:58 -0500, Celejar a écrit :
> > On Wed, 5 Jan 2022 09:44:24 -0500
> > "Paul M. Foster"  wrote:
> > 
> > ...
> > 
> > > Thanks for the info. Mozilla Foundation is seriously annoying me
> > > lately.
> > > 
> > > Can anyone recommend another MUA which uses mbox format and is 
> > > relatively easy to configure?
> > 
> > Sylpheed?
> > 
> > Celejar
> > 
> > 
> 
> Hello Celejar,
> 
> 
> Sylpheed does not manage Mbox mailboxes, only MH mailboxes

Sorry, my mistake. I conflated its support for importing from and
exporting to mbox with actual use of mbox.

Celejar



Re: Thunderbird not allowing local accounts

2022-01-05 Thread Celejar
On Wed, 5 Jan 2022 12:33:36 -0800
cono...@rahul.net (John Conover) wrote:

> pa...@quillandmouse.com writes:
> > On Wed, 5 Jan 2022 11:58:09 -0500
> > Celejar  wrote:
> > 
> > > On Wed, 5 Jan 2022 09:44:24 -0500
> > > "Paul M. Foster"  wrote:
> > > 
> > > ...
> > > 
> > > > Thanks for the info. Mozilla Foundation is seriously annoying me
> > > > lately.
> > > > 
> > > > Can anyone recommend another MUA which uses mbox format and is 
> > > > relatively easy to configure?
> > > 
> > > Sylpheed?
> > > 
> > > Celejar
> > > 
> > 
> > It's starting to look that way. Actually, I'm looking at claws-mail.
> >
> 
> Yea, and claws-mail is not compatible with Gmail's oauth2, which is
> now required by Google, (as of this month,) and Thunderbird is

? I'm still downloading my Gmail email via POP3 with getmail, without
OAuth2. For a couple of years now, Google has been pushing OAuth2, but
has still allowed ordinary POP3 / IMAP access to email using "app
specific passwords." Has something changed recently?

https://support.google.com/mail/thread/23019816/how-can-i-continue-to-use-pop-based-email-after-oauth-is-required-next-year

> compatible, but no longer supports local mbox delivery for a LAN.

FWIW, BTW, getmail (which does support mbox delivery) does have support
for Gmail's OAuth2 (in case you want / need to use it) via its
getmail-gmail-xoauth-tokens script:

https://www.bytereef.org/howto/oauth2/getmail.html

You can also find detailed instructions in the file
"getmailrc-examples.gz", in Debian's getmail6 package.

Celejar



Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

2022-01-05 Thread Celejar
On Wed, 5 Jan 2022 19:42:33 +0100
 wrote:

> On Wed, Jan 05, 2022 at 12:41:23PM -0500, Celejar wrote:
> 
> [...]
> 
> > The configuration I'm talking about is as follows: the browser makes
> > ordinary, unencrypted DNS requests to the Pi-hole, over a trusted
> > network
> 
> If the browser decides to make the DNS requests over HTTPS (DoH [1],
> that's what we are talking about), the DNS server in your Pi-hole doesn't
> even get to see those requests.

So tell the browser not to use DoH! Am I really being so unclear? My
point is that it's a straightforward matter to get the DNS requests of
your applications - browsers, and all other applications as well -
checked against blocklists, and then sent over DoH if they aren't
blocked by the lists.

> > (your LAN, or a VPN). HTTPS isn't necessary here insofar as you
> > trust your own network to be secure. (And if you're really worried about
> > intruders [...]
> 
> No, no. I'm not worried about those things. I'm worried that the
> browsers do their own thing to do name lookup so they escape my control
> (be it via /etc/hosts, be it via an own DNS server, local or Pi-hole).

I'm not sure why you're worried about browsers doing their own things
despite your telling them not to, or where anyone mentioned such a
concern in this thread, but if you are worried about that sort of
thing, then I agree that it's pretty much game over. Even if you block
known DoH servers at the firewall, I suppose you can always worry about
browsers contacting some unknown DoH server. And why stop there? Maybe
the browser will do some nefarious phoning home, using some homegrown
protocol, encapsulated inside HTTPS so you'll never know about it! The
bottom line is that yes, if you don't trust your browser and you allow it to
contact arbitrary sites over HTTPS, then it's game over.

> > https://www.reddit.com/r/pihole/comments/ku0i8k/configuring_dnsoverhttps_on_pihole/
> 
> Again: I'm not that much concerned about my lookup's privacy. The
> Pi-hole having an option to do DoH lookups is fine. But do I trust my
> browser to not do direct DoH lookups all by itself, bypassing my Pi-hole
> (or whatever I've set up as a controlled DNS)? What about its next
> version?

Celejar



Re: Thunderbird not allowing local accounts

2022-01-05 Thread Celejar
On Wed, 5 Jan 2022 13:28:55 -0500
 wrote:

> On Wed, 5 Jan 2022 11:58:09 -0500
> Celejar  wrote:
> 
> > On Wed, 5 Jan 2022 09:44:24 -0500
> > "Paul M. Foster"  wrote:
> > 
> > ...
> > 
> > > Thanks for the info. Mozilla Foundation is seriously annoying me
> > > lately.
> > > 
> > > Can anyone recommend another MUA which uses mbox format and is 
> > > relatively easy to configure?
> > 
> > Sylpheed?
> > 
> > Celejar
> > 
> 
> It's starting to look that way. Actually, I'm looking at claws-mail.

Claws started out as a fork of Sylph, but eventually evolved into a
distinct application. Sylph is very good, if not the newest and
shiniest thing. Claws is probably very good, too, although I've never
used it.

Celejar



Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

2022-01-05 Thread Celejar
On Wed, 5 Jan 2022 18:20:23 +0100
 wrote:

> On Wed, Jan 05, 2022 at 08:43:23AM -0500, Celejar wrote:
> > On Wed, 5 Jan 2022 06:10:48 +0100
> >  wrote:
> > 
> > > On Tue, Jan 04, 2022 at 04:05:11PM -0500, Celejar wrote:
> > > 
> > > [...]
> > > 
> > > > One way "to combine DoH with resolving 14,000 addresses to 127.0.0.1"
> > > > is by using Pi-hole. Some people have *millions* of domains blacklisted
> > > > in Pi-hole:
> > > 
> > > Pi-hole won't help unles it also does HTTPS proxying (that means it
> > > would have to play MITM). As far as I know it "just" does conventional
> > > DNS proxying (which is a great thing to do, mind you).
> > 
> > Why won't it help? What won't it help with?
> 
> (See also Dan's response: it seems that a compliant DoH client first
> sends a local DNS request first, so you might have a handle through
> this)
> 
> With this caveat: how would you intercept a DNS request over HTTPS if
> not by proxying HTTPS traffic? And that is exactly what MITM means.

The configuration I'm talking about is as follows: the browser makes
ordinary, unencrypted DNS requests to the Pi-hole, over a trusted
network (your LAN, or a VPN). HTTPS isn't necessary here insofar as you
trust your own network to be secure. (And if you're really worried about
intruders and sniffers inside your network, you can always run Pi-hole
on the same system as the browser itself (possibly in a container or
VM), although that'll require dedicating some resources to the Pi-hole
installation.)

The Pi-hole then either blocks the request (if the address is on its
blocklists), or looks it up via DoH.

See, e.g., here:

https://www.reddit.com/r/pihole/comments/ku0i8k/configuring_dnsoverhttps_on_pihole/

Celejar



Re: Thunderbird not allowing local accounts

2022-01-05 Thread Celejar
On Wed, 5 Jan 2022 09:44:24 -0500
"Paul M. Foster"  wrote:

...

> Thanks for the info. Mozilla Foundation is seriously annoying me lately.
> 
> Can anyone recommend another MUA which uses mbox format and is 
> relatively easy to configure?

Sylpheed?

Celejar



Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

2022-01-05 Thread Celejar
On Wed, 5 Jan 2022 06:10:48 +0100
 wrote:

> On Tue, Jan 04, 2022 at 04:05:11PM -0500, Celejar wrote:
> 
> [...]
> 
> > One way "to combine DoH with resolving 14,000 addresses to 127.0.0.1"
> > is by using Pi-hole. Some people have *millions* of domains blacklisted
> > in Pi-hole:
> 
> Pi-hole won't help unles it also does HTTPS proxying (that means it
> would have to play MITM). As far as I know it "just" does conventional
> DNS proxying (which is a great thing to do, mind you).

Why won't it help? What won't it help with? If you mean that the
queries won't be secure during the leg between the client and
the Pi-hole, we're talking about running Pi-hole within one's trusted
network (or connecting to it over a VPN, etc.)
> 
> But hey, full HTTP(S) proxying would be a great thing to do. Still,
> you'd have to munge your browser's trusted certs for that trick to work.

Celejar



Re: [SOLVED] Re: Firefox: Warning: Potential Security Risk Ahead for the USPS.com

2022-01-04 Thread Celejar
On Tue, 4 Jan 2022 20:58:27 +0100
 wrote:

> On Tue, Jan 04, 2022 at 01:33:18PM -0600, David Wright wrote:
> > On Tue 04 Jan 2022 at 19:37:34 (+0100), to...@tuxteam.de wrote:
> > > On Tue, Jan 04, 2022 at 01:19:37PM -0500, Michael Stone wrote:
> > > 
> > > [...]
> > > 
> > > > And this is why putting stuff into /etc/hosts is basically never the 
> > > > right
> > > > answer. :)
> > > 
> > > Eye, beholder and things. I've got a couple of them like so:
> > > 
> > >   # Pest:
> > >   127.0.0.1 www.google-analytics.com
> > >   127.0.0.1 ajax.google.com
> > >   127.0.0.1 ad.doublecklick.net
> > >   127.0.0.1 www.gstatic.com
> > >   ...
> > > 
> > > Yeah, some things stop working then. I want them to :)
> > 
> > Agreed. I append a list of close to 14,000 addresses (including
> > comments) to the end of my own local /etc/hosts. I see very
> > few adverts. In fact, I was quite shocked when I just tried
> > DNS over HTTPS for a couple of minutes. The 10-day weather
> > profile that I screenshoot every day was plastered in popups.
> > 
> > Anyone know how to combine DoH with resolving 14,000 addresses
> > to 127.0.0.1? Also, does that mean that DoH attempts to resolve
> > my local hosts before consulting /etc/hosts? I didn't stick
> > around DoH long enough to find out.
> 
> No idea. I'd hope for it to be overridable, but I've been disappointed
> by browsers (yes, firefox, I'm looking at you!) before.

One way "to combine DoH with resolving 14,000 addresses to 127.0.0.1"
is by using Pi-hole. Some people have *millions* of domains blacklisted
in Pi-hole:

https://www.reddit.com/r/pihole/comments/rrcmfk/why_am_i_making_a_personal_commitment_to_donating/
https://www.reddit.com/r/pihole/comments/7rzdzj/how_many_domains_do_you_have_on_your_setup/
https://www.reddit.com/r/pihole/comments/hkfyu4/domains_on_blocklist/

etc.

and using DoH with Pi-hole is well documented:

https://docs.pi-hole.net/guides/dns/cloudflared/
https://medium.com/codex/pi-hole-and-doh-f1a9f8acd0f7
https://github.com/devopsleigh/pihole

Celejar



Re: [OT] sending command to multiple SSH sessions, like in mRemoteNG

2021-12-30 Thread Celejar
On Thu, 30 Dec 2021 14:54:40 +0100
Marco Möller  wrote:

> 
> In search for a software recommendation:
> The remote session management app "mRemoteNG" for MS Windows comes with 
> a functionality by which a command can be entered to its "Multi SSH" 
> input field, and this command is then sent to all SSH connected remote 
> systems at once as if the command would have been typed in at each 
> single of the SSH connected remote systems CLI individually.
> Do you know about such feature to be implemented in some Linux tool? 
> Maybe it even exists as a plugin for tmux?

I'm not sure about tools that send commands to multiple hosts already
connected over SSH, but there are some that are designed to execute the
same command on multiple hosts by initiating SSH connections to them,
such as pssh and clusterssh:

https://code.google.com/archive/p/parallel-ssh/
https://linux.die.net/man/1/pssh

https://github.com/duncs/clusterssh

https://unix.stackexchange.com/questions/505159/how-to-run-the-same-command-on-multiple-servers
https://www.tecmint.com/run-commands-on-multiple-linux-servers/
https://unix.stackexchange.com/questions/19008/automatically-run-commands-over-ssh-on-many-servers

Celejar



Re: Identity Theft

2021-12-21 Thread Celejar
On Tue, 21 Dec 2021 10:34:49 -0500
The Wanderer  wrote:

> On 2021-12-21 at 09:10, Tim Woodall wrote:
> 
> > On Tue, 21 Dec 2021, tv.deb...@googlemail.com wrote:
> > 
> >> Le 21/12/2021 ? 14:24, Eike Lantzsch ZP6CGE a ?crit?:
> >> 
> >> It is the second one, "Noscript" in one word [1]. Several
> >> look-alike have spawn over the years. I also use Umatrix [2], but
> >> it is more complex.
> >>
> >> For Firefox:
> >> [1] https://addons.mozilla.org/fr/firefox/addon/noscript/
> >> [2] https://addons.mozilla.org/fr/firefox/addon/umatrix/
> >>
> >> At least one of those is packaged in Debian.
> > 
> > Will umatrix still work in firefox 91?
> > 
> > Certainly didn't work for me in android v92.
> 
> Is uMatrix on the whitelist of extensions that are allowed on the mobile
> version of Firefox?
> 
> Some good number of releases ago, Mozilla completely redid the mobile
> version of Firefox, and in the process dropped support for most of the
> extension base - as in, they restricted the allowed extensions to only
> those in a defined list, and started that list out with a grand total of
> *nine* items. (See [1] for some at-the-time commentary on this.)
> 
> I understand that in the time since then they've gradually expanded the
> list of allowed extensions, but at nothing like a rapid pace, and with
> no sign that they even intend to ever let the broad scope of extensions
> be installable (much less usable) for mobile-device Firefox again.
> 
> It's always possible that uMatrix is one of the whitelisted extensions,
> but I wouldn't be even slightly surprised if it weren't.
> 
> [1]
> https://palant.info/2020/08/31/a-grim-outlook-on-the-future-of-browser-add-ons/

1) The author of uBlock and uMatrix, Raymond Hill, has abandoned the
latter:

https://github.com/uBlockOrigin/uMatrix-issues/issues/291#issuecomment-694988696
https://www.ghacks.net/2020/09/20/umatrix-development-has-ended/

2) Android uBlock is indeed on the official list of Firefox Recommended
Extensions:

https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
https://addons.mozilla.org/en-US/firefox/collections/4757633/7dfae8669acc4312a65e8ba5553036/

Celejar



Re: Emoji fonts in Debian [WAS:] Re: How to NOT automatically mount a specific partition of an external device?

2021-11-28 Thread Celejar
On Sun, 28 Nov 2021 14:11:27 -0600
John Hasler  wrote:

> Celejar writes:
> > ...or even "recommends" that one...
> 
> I wrote:
> > How do you know?
> 
> Celejar writes:
> > $ apt-cache rdepends fonts-recommended 
> > fonts-recommended
> > Reverse Depends:
> 
> That doesn't show recommends.

Yes, it does. From the man page:

--no-pre-depends, --no-depends, --no-recommends, --no-suggests, --no-conflicts, 
--no-breaks, --no-replaces, --no-enhances
   Per default the depends and rdepends print all dependencies. This 
can be tweaked with these flags which will omit the specified
   dependency type. Configuration Item: APT::Cache::ShowDependencyType 
e.g.  APT::Cache::ShowRecommends.

Celejar



Re: Emoji fonts in Debian [WAS:] Re: How to NOT automatically mount a specific partition of an external device?

2021-11-28 Thread Celejar
On Sun, 28 Nov 2021 12:38:19 -0600
John Hasler  wrote:

> I wrote:
> > Do you have the "fonts-recommended" package installed?
> 
> Celejar writes:
> > No, I had never heard of it. Do you?
> 
> Yes.
> 
> > No, I had never heard of it. Do you? No package depends on [it]...
> 
> True.
> 
> > ...or even "recommends" that one...
> 
> How do you know?

$ apt-cache rdepends fonts-recommended 
fonts-recommended
Reverse Depends:

Celejar



Re: Emoji fonts in Debian [WAS:] Re: How to NOT automatically mount a specific partition of an external device?

2021-11-28 Thread Celejar
On Sat, 27 Nov 2021 22:58:58 -0600
David Wright  wrote:

> On Sat 27 Nov 2021 at 07:22:45 (-0600), John Hasler wrote:
> > Celejar writes:
> > > I'm curious: do most users of Debian on the desktop (who use MUA
> > > software, as opposed to webmail via a browser) have such a font
> > > installed, or do they see tofu?
> > 
> > I use Gnus.  I've never manually installed any emoji fonts (or any other
> > fonts) but I see the glyphs, not the tofu.
> 
> Questions like this remind me how little I understand font handling.
> I read mail in mutt in xterm in fvwm in X, currently in buster, and
> I see four glyphs. If I save the email in a file, then I see the

...

> I wrote /four/ glyphs, but it sounds as if Celejar sees three,
> the first one being coloured with some sort of skin tone. My
> second glyph, , is a half-tone box with three lines of dots
> inside, of 3, 4 and 3 dots.

I assume that the reason I see three and you see four is that the first
one (of my three) consists of a combination of the basic "blond haired
person" glyph plus a "light skin tone" modifier glyph, which are
presumably ideally supposed to be displayed together:

https://emojiterra.com/blond-haired-person-light-skin-tone/

Celejar



Re: Emoji fonts in Debian [WAS:] Re: How to NOT automatically mount a specific partition of an external device?

2021-11-28 Thread Celejar
On Sat, 27 Nov 2021 21:50:22 -0600
John Hasler  wrote:

> Do you have the "fonts-recommended" package installed?

No, I had never heard of it. Do you? No package depends on or even
"recommends" that one, so I'm not sure how you would have ended up with
it insofar as you "never manually installed any emoji fonts (or any
other fonts)."

Celejar



Re: Emoji fonts in Debian [WAS:] Re: How to NOT automatically mount a specific partition of an external device?

2021-11-27 Thread Celejar
On Sat, 27 Nov 2021 21:00:35 -0600
John Hasler  wrote:

> Celejar writes:
> > What does fc-list | grep noto return?
> 
> 272 lines.

Sorry - see my other message in this thread. So you clearly have the
Noto fonts installed. They're not essential packages, so something you
installed must have brought them in, if you didn't do so manually.

> (No need to cc me)

Sorry, Sylpheed's reply-to-list puts your email address in the CC field
- perhaps because you set an explicit reply-to header? I'll take it out
in the future.

Celejar



Re: Emoji fonts in Debian [WAS:] Re: How to NOT automatically mount a specific partition of an external device?

2021-11-27 Thread Celejar
On Sat, 27 Nov 2021 21:28:05 -0500
The Wanderer  wrote:

> On 2021-11-27 at 21:08, Celejar wrote:
> 
> > On Fri, 26 Nov 2021 18:50:29 -0600
> > Nate Bargmann  wrote:
> > 
> >> * On 2021 26 Nov 11:36 -0600, Celejar wrote:
> 
> >>> I finally got tired of seeing tofu for some of the glyphs in your sig,
> >>> so I looked up their Unicode codepoints:
> >> 
> >> Interestingly, I see the glyphs in Mutt running in Gnome Terminal and in
> >> Vim as I edit this in the same Gnome Terminal.  My font is one
> >> installed locally, Droid Sans Mono Slashed which provides the zero
> >> character with a slash.
> >> 
> >> I know that there is keyboard sequence in Gnome Terminal (Ctl-Shift-E
> >> then Space) to bring up a menu to select Unicode glyphs.
> >> 
> >> 
> > 
> > I'm pretty sure Droid Sans Mono Slashed doesn't have the glyphs in
> > question, and that you must actually have the noto or similar fonts
> > installed, with some part of the Gnome infrastructure finding them when
> > you select the glyphs. What does "fc-list | grep noto" show?
> 
> If my own system is any guide, that may be an overly broad sort of
> question.
> 
> $ fc-list | wc -l
>2479

Well, I didn't ask for that one.

> $ fc-list | grep noto | wc -l
>1847

Huh. Our systems must be very different:

~$ fc-list | grep noto | wc -l
1

~$ fc-list | grep noto
/usr/share/fonts/truetype/noto/NotoColorEmoji.ttf: Noto Color 
Emoji:style=Regular

> $ fc-list | grep -v noto | wc -l
> 632
> 
> Asking for the output of something that produces potentially thousands
> of lines may be slightly ill-advised (although asking the user to check
> that output and report back might be another story, and now that I look
> back it's not entirely clear which of the two you were intending).

I confess that it simply didn't occur to me that some systems would be
so different from mine. I concede that that may have been a naive
assumption ;)

> The above is with the following installed package set:
> 
> dpkg -l "fonts-noto*" | grep ^ii
> ii  fonts-noto-core 20201225-1   all  "No Tofu" font
> families with large Unicode coverage (core)
> ii  fonts-noto-extra20201225-1   all  "No Tofu" font
> families with large Unicode coverage (extra)
> ii  fonts-noto-mono 20201225-1   all  "No Tofu" monospaced
> font family with large Unicode coverage
> ii  fonts-noto-ui-core  20201225-1   all  "No Tofu" font
> families with large Unicode coverage (UI core)
> 
> I don't think I was aware that there are color versions, and I certainly
> don't think I'd want them.
> 
> (FWIW, with this set installed, I see actual glyphs rather than the
> "tofu' for each of the four in Jonathan Dowland's .sig - although I
> can't actually quite tell what the second one is, even at full
> enlargement.)

Celejar



Re: Emoji fonts in Debian [WAS:] Re: How to NOT automatically mount a specific partition of an external device?

2021-11-27 Thread Celejar
On Fri, 26 Nov 2021 18:50:29 -0600
Nate Bargmann  wrote:

> * On 2021 26 Nov 11:36 -0600, Celejar wrote:
> > On Thu, 25 Nov 2021 10:43:16 +
> > Jonathan Dowland  wrote:
> > 
> > ...
> > 
> > > Jonathan Dowland
> > > ✎  j...@debian.org
> > >  https://jmtd.net
> > 
> > I finally got tired of seeing tofu for some of the glyphs in your sig,
> > so I looked up their Unicode codepoints:
> 
> Interestingly, I see the glyphs in Mutt running in Gnome Terminal and in
> Vim as I edit this in the same Gnome Terminal.  My font is one
> installed locally, Droid Sans Mono Slashed which provides the zero
> character with a slash.
> 
> I know that there is keyboard sequence in Gnome Terminal (Ctl-Shift-E
> then Space) to bring up a menu to select Unicode glyphs.
> 
> 

I'm pretty sure Droid Sans Mono Slashed doesn't have the glyphs in
question, and that you must actually have the noto or similar fonts
installed, with some part of the Gnome infrastructure finding them when
you select the glyphs. What does "fc-list | grep noto" show? If you
have the noto fonts installed, try uninstalling them and then see if
your system can still display the glyphs.

Celejar



Re: Emoji fonts in Debian [WAS:] Re: How to NOT automatically mount a specific partition of an external device?

2021-11-27 Thread Celejar
On Sat, 27 Nov 2021 01:32:51 +0100
Michael Lange  wrote:

> Hi,
> 
> On Fri, 26 Nov 2021 12:36:04 -0500
> Celejar  wrote:
> 
> (...)
> > I'm curious: do most users of Debian on the desktop (who use MUA
> > software, as opposed to webmail via a browser) have such a font
> > installed, or do they see tofu?
> 
> no idea what "most users" do; I am actually using sylpheed too, and I too
> have these "emoji fonts" installed. Makes life easier sometimes, when
> people use emoijis as a means of communication and just assume that you
> are able to have them displayed.

Makes sense. And my emails are now certainly more colorful ;)

> Have a nice day :-)

Celejar



Re: Emoji fonts in Debian [WAS:] Re: How to NOT automatically mount a specific partition of an external device?

2021-11-27 Thread Celejar
On Sat, 27 Nov 2021 07:22:45 -0600
John Hasler  wrote:

> Celejar writes:
> > I'm curious: do most users of Debian on the desktop (who use MUA
> > software, as opposed to webmail via a browser) have such a font
> > installed, or do they see tofu?
> 
> I use Gnus.  I've never manually installed any emoji fonts (or any other
> fonts) but I see the glyphs, not the tofu.

What does

$ fc-list | grep noto

return?

Celejar



Re: Emoji fonts in Debian [WAS:] Re: How to NOT automatically mount a specific partition of an external device?

2021-11-27 Thread Celejar
On Sat, 27 Nov 2021 23:41:37 +0100
Linux-Fan  wrote:

> Nate Bargmann writes:
> 
> > * On 2021 26 Nov 11:36 -0600, Celejar wrote:
> > > On Thu, 25 Nov 2021 10:43:16 +
> > > Jonathan Dowland  wrote:
> > >
> > > ...
> > >
> > > >   Jonathan Dowland
> > > > ✎j...@debian.org
> > > >    https://jmtd.net
> > >
> > > I finally got tired of seeing tofu for some of the glyphs in your sig,
> > > so I looked up their Unicode codepoints:
> >
> > Interestingly, I see the glyphs in Mutt running in Gnome Terminal and in
> > Vim as I edit this in the same Gnome Terminal.  My font is one
> > installed locally, Droid Sans Mono Slashed which provides the zero
> > character with a slash.
> >
> > I know that there is keyboard sequence in Gnome Terminal (Ctl-Shift-E
> > then Space) to bring up a menu to select Unicode glyphs.
> >
> > 
> >
> > - Nate
> 
> I use the cone e-mail client in rxvt-unicode with the Terminus bitmap font  
> and I see only the icon next to `j...@debian.org`. Apart from that, the  

Yes, that one seems to be included in "normal" system fonts - I, too,
saw it before I installed the noto fonts.

> first line of the signature has two squares, the third line one and the post  

The two squares is apparently because the "person with blond hair" has
a "light skin tone" modifier:

https://emojipedia.org/person-light-skin-tone-blond-hair/

> by Nate has a single square, too.
> 
> I can view the glyphs correctly by saving the mail as text file and opening  
> it with mousepad. `aptitude search ~inoto` returns the following here:
> 
> | idA fonts-noto-color-emoji- color emoji font from Google
> | i A fonts-noto-core   - "No Tofu" font families with large
> | i A fonts-noto-extra  - "No Tofu" font families with large
> | i A fonts-noto-mono   - "No Tofu" monospaced font family wi
> | i A fonts-noto-ui-core

Okay, so when mousepad is showing the glyphs, it's presumably using the
noto fonts.

> I am pretty fine with _not_ seeing the correct glyphs by default given that  
> I do not want fancy colorful icons in my terminals anyway :)

:/

Celejar



Re: Emoji fonts in Debian [WAS:] Re: How to NOT automatically mount a specific partition of an external device?

2021-11-27 Thread Celejar
On Sat, 27 Nov 2021 12:29:33 +0100
"Sijmen J. Mulder"  wrote:

> Celejar :
> > I'm curious: do most users of Debian on the desktop (who use MUA
> > software, as opposed to webmail via a browser) have such a font
> > installed, or do they see tofu?
> 
> I too use Sylpheed and get tofu. I must have mistakenly assumed emoji
> fonts would be installed by default hence this being a Sylpheed
> limitation. Thanks for enlightening!

:)

> Same issue with Sylpheed on Windows by the way, wonder if the same
> solution would work...

You can report back once you try it ;)

> Sijmen

Celejar



Re: tofu - was -Re: Emoji fonts in Debian [WAS:] Re: How to NOT automatically mount a specific partition of an external device?

2021-11-26 Thread Celejar
On Sat, 27 Nov 2021 03:06:01 +0800
Bret Busby  wrote:

> On 27/11/21 2:11 am, Tixy wrote:
> > On Fri, 2021-11-26 at 12:36 -0500, Celejar wrote:
> >> On Thu, 25 Nov 2021 10:43:16 +
> >> Jonathan Dowland  wrote:
> >>
> >> ...
> >>
> >>> Jonathan Dowland
> >>> ✎  j...@debian.org
> >>>  https://jmtd.net
> >>
> > [...]
> >>
> >> I'm curious: do most users of Debian on the desktop (who use MUA
> >> software, as opposed to webmail via a browser) have such a font
> >> installed, or do they see tofu?
> > 
> > I see the rectangle which is used for missing glyphs, I'm guess that's
> > what you mean by tofu (had to google the term).
> > 
> 
> I understood that tofu is rotten soy beans.
> 
> Is it something else?

https://en.wikipedia.org/wiki/Noto_fonts#Etymology

Celejar



Emoji fonts in Debian [WAS:] Re: How to NOT automatically mount a specific partition of an external device?

2021-11-26 Thread Celejar
On Thu, 25 Nov 2021 10:43:16 +
Jonathan Dowland  wrote:

...

> Jonathan Dowland
> ✎  j...@debian.org
>  https://jmtd.net

I finally got tired of seeing tofu for some of the glyphs in your sig,
so I looked up their Unicode codepoints:

https://www.unicodepedia.com/unicode/miscellaneous-symbols-and-pictographs/1f471/person-with-blond-hair/
https://www.unicodepedia.com/unicode/miscellaneous-symbols-and-pictographs/1f517/link-symbol/

My MUA is Sylpheed, and it would not display those glyphs, regardless
of which of my system fonts I selected as the Sylpheed display font.
After some more hunting on the web, I installed "Noto Color
Emoji" (fonts-noto-color-emoji), and presto, now I see the person with
blond hair and the link symbol! I see them even when I don't select that
font as the application display font - I guess Sylpheed, or some
component of its underlying infrastructure, looks throughout the
installed system fonts when there's no glyph for a particular codepoint
in the currently selected font?

I'm curious: do most users of Debian on the desktop (who use MUA
software, as opposed to webmail via a browser) have such a font
installed, or do they see tofu?

Anyway, TIL something fascinating. Now that I have Noto Color Emoji
installed, my email is much more colorful and cuter - Sylph apparently
wasn't displaying tofu for emojis in email subject lines, and was just
ignoring them, and I had no idea what I was missing ;) ...

Celejar



Re: Use one of many second factors authentication on PAM

2021-11-14 Thread Celejar
On Sun, 14 Nov 2021 17:57:53 +
André Rodier  wrote:

> Hello all,
> 
> I have been able to configure pam on Linux, to add two factors 
> authentication for session, sudo, etc...
> 
> First, I tried Google authenticator and a code from my phone, and it is 
> working like a charm.
> 
> Then, I commented out the google-authenticator entry, and tried a U2F 
> key. Again, this is working very well, and the light blink after I type 
> the password.
> 
> Same for a Yubikey, working like a charm, and I even have a clue message 
> on GDM "Please touch your device".
> 
> Now, I would like to achieve the following:
> 
> - Having my password as the first authentication, of course mandatory.
> - Then, being able to use one of my second authentication device.
> 
> This is basically what we have on Google, for instance.
> 
> Any idea ?

I think you need to look into the details of PAM stacking. See here:

https://unix.stackexchange.com/a/638466

for a discussion of something similar to what you want to do (although you'll 
have to adapt it
to your specific preferences), and here for more information:

https://developer.ibm.com/tutorials/l-pam/

Celejar



Re: PAM two factors authentication

2021-11-14 Thread Celejar
On Sun, 14 Nov 2021 07:19:21 + (UTC)
André Rodier  wrote:

> 
> 14 Nov 2021 00:55:25 Celejar :
> 
> > On Sat, 13 Nov 2021 19:13:27 +0100
> > Kamil Jońca  wrote:
> > 
> >> André Rodier  writes:
> >> 
> >>> Hello all,
> >>> 
> >>> I can use various second factors authentications on Debian:
> >>> 
> >>> - google authenticator
> >>> - u2f key
> >>> - yubikey
> >>> 
> >>> I would like to configure pam sessions to have 1) password
> >>> authentication, and then 2) one of the second factor described above.
> >>> 
> >>> How this can be achieved, please ?
> >>> 
> >>> Thanks for your answers.
> >>> 
> >>> André Rodier.
> >>> 
> >> 
> >> Well.
> >> I can say that I follow:
> >> https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F
> >> and I can use my ubikey (I believe its u2f application) to login/unlock.
> > 
> > And see:
> > 
> > https://wiki.debian.org/Security/U2F
> > 
> > (I've written bits of that page.)
> > 
> >> KJ
> > 
> > Celejar
> Thanks for the link, but I don't think this is answering my question.
> 
> Could you double check what I asked, please and confirm ?

Back at you: could you please double check that your question is clear
and easily understandable?

> Thanks,

Celejar



Re: PAM two factors authentication

2021-11-13 Thread Celejar
On Sat, 13 Nov 2021 19:13:27 +0100
Kamil Jońca  wrote:

> André Rodier  writes:
> 
> > Hello all,
> >
> > I can use various second factors authentications on Debian:
> >
> > - google authenticator
> > - u2f key
> > - yubikey
> >
> > I would like to configure pam sessions to have 1) password
> > authentication, and then 2) one of the second factor described above.
> >
> > How this can be achieved, please ?
> >
> > Thanks for your answers.
> >
> > André Rodier.
> >
> 
> Well.
> I can say that I follow:
> https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F
> and I can use my ubikey (I believe its u2f application) to login/unlock.

And see:

https://wiki.debian.org/Security/U2F

(I've written bits of that page.)

> KJ

Celejar



Re: Recs for new Linux laptop? (to replace Zareason)

2021-11-09 Thread Celejar
On Tue, 9 Nov 2021 17:47:16 +
"Andrew M.A. Cater"  wrote:

> On Tue, Nov 09, 2021 at 06:20:38PM +0100, Christian Britz wrote:
> > My cheap Lenovo Ideapad S145 was not supported by the stable kernel in
> > Debian Buster (especially SSD and WiFi) when I bought it in April 2020,
> > but very soon got supported better and better by the testing
> > distribution. When Bullseye got released, it was fully supported.
> > 
> 
> Results may vary: cheap Lenovo may be a very different experience to 
> Thinkpad. There is a quality difference which depends on original price,
> I think.

To clarify: the difference is not necessarily between price points but
between the various series, i.e., between the highly regarded ones such
as the T, X, and W ThinkPad lines, and the lesser ones such as the
IdeaPad and ThinkPad E lines. The L series ThinkPad is apparently
in-between.

See, e.g.: 
https://www.reddit.com/r/thinkpad/comments/5662i5/how_much_worse_is_the_lseries/

> All the very best, as ever,
> 
> Andy Cater
> 
> 
> > I would assume that Lenovo machines generally are supported well by
> > Testing in a short time frame and can grow into a stable system. ;-)
> > 
> > Christian
> > 
> > Am 09.11.21 um 16:17 schrieb Tom Browder:
> > > My Zareason laptop (13-in screen, very lightweight and thin) is running
> > > Debian 10 natively and wonderfully (with Win10 as a dual boot option),
> > > but the company has gone out of business and I want to start preparing a
> > > standby replacement.
> > > 
> > > I would appreciate any recommendations for that. I have looked at both
> > > Emperor Linux and System 76 over the years. They always seem a bit
> > > pricey, but I'm willing to bite the bullet now if I have to--I'm getting
> > > too old to waste time on problem installations now.
> > > 
> > > Thanks,
> > > 
> > > -Tom
> > 
> 


Celejar



Re: [Sid] Firefox problem

2021-10-18 Thread Celejar
On Sun, 17 Oct 2021 10:55:45 +0200
Grzesiek  wrote:

> Hi there,
> 
> On some of machines I use, after opening of Firefox I get empty browser 
> window (with menus, decorations etc) but nothing else is displayed. Its 
> impossible to open menu, type address, etc. The only thing you can do is 
> to close the window. After changing display configuration (rotate to 
> portrait, adding external monitor..) it starts to work as expected. You 
> do not even need to reopen. Moreover, it looks that Firefox was running 
> ok all the time but nothing was displayed.
> After recent updates on some machines I get the same problem using 
> firefox-esr.
> The only error mesg I get is:
> ###!!! [Parent][RunMessage] Error: Channel closing: too late to 
> send/recv, messages will be lost

I don't know what that message means, but I frequently get a similar
message from Firefox, despite the fact that the program is (mostly)
functional.

###!!! [Child][RunMessage] Error: Channel closing: too late to send/recv, 
messages will be lost

Celejar



Re: iTunesSetup.exe in wine?

2021-10-06 Thread Celejar
On Wed, 6 Oct 2021 17:02:05 +1100
Keith Bainbridge  wrote:

> 
> On 6/10/21 07:48, pe...@easthope.ca wrote:
> > A bricked iPhone directs "connect to iTunes".
> > 
> > Attempting to run iTunesSetup.exe on wine yields the following.
> > Ideas?
> > 
> > Thx,   ... P.
> > 
> > peter@joule:~$ wine iTunesSetup.exe
> > 0104:fixme:file:NtLockFile I/O completion on lock not implemented yet
> > 0104:fixme:ntdll:NtQuerySystemInformation info_class 
> > SYSTEM_PERFORMANCE_INFORMATION
> > 0104:err:mscoree:LoadLibraryShim error reading registry key for installroot
> > 0104:err:mscoree:LoadLibraryShim error reading registry key for installroot
> > 0104:err:mscoree:LoadLibraryShim error reading registry key for installroot
> > 0104:err:mscoree:LoadLibraryShim error reading registry key for installroot
> > 0128:fixme:wbemprox:client_security_SetBlanket 62EA17A8, 0013B3A8, 10, 0, 
> > (null), 3, 3, , 0x
> > 0128:fixme:wbemprox:client_security_Release 62EA17A8
> > 0128:fixme:ntdll:NtQuerySystemInformation info_class 
> > SYSTEM_PERFORMANCE_INFORMATION
> > 0104:err:msi:ITERATE_Actions Execution halted, action L"LaunchConditions" 
> > returned 1603
> > 0024:fixme:kernelbase:AppPolicyGetProcessTerminationMethod FFFA, 
> > 0031FEAC
> > peter@joule:~$
> > 
> > 
> 
> 
> Option one: play-on-linux
> 
> Option 2: CrossOver a commercial app, based on wine but with 
> non-open-source and paid for content. Its main claim to fame was that it 
> would run MSOffice better.   There is a trial period.

The OP can also consider Lutris:

https://lutris.net/games/itunes/

I've used it for other things, not iTunes, but it has worked quite well
for me, and it can be simpler and less intimidating than straight Wine.

> This link lists a few more options which I'd not heard of until I went 
> looking for the name of Crossover:
> 
> https://alternativeto.net/software/wine/?platform=linux

Celejar



Re: Privacy and defamation of character on Debian public forums

2021-09-29 Thread Celejar
On Tue, 28 Sep 2021 16:34:43 +0100
Jonathan Dowland  wrote:

> On Tue, Sep 28, 2021 at 07:10:08AM -0400, Chuck Zmudzinski wrote:

...

> > or at least consider it 
> >and have the courtesy to tell me why they can't or won't accept the
> >patch.
> 
> I'm sorry, neither the Xen maintainers nor any other contributors, be
> they volunteers or otherwise, owe you *anything*.

Do you really mean that in the open source world, there is - and should
be - no expectation that a contributor who supplies a patch to a
prominent public project that is rejected should receive at least some
sort of explanation for the decision to reject it? I respect your
opinion, but I would have assumed that basic courtesy and civility, and
the open source ethos in general, suggest otherwise.

Celejar



Re: Relatively boring bullseye upgrade reports

2021-08-18 Thread Celejar
On Mon, 16 Aug 2021 21:37:13 -0400
Dan Ritter  wrote:

> 
> rock: ASRock DeskMini 300 with a 3400G, 32GB RAM, NVMe disk.
> Used as an XFCE4 desktop.
> 
> No issues at all.
> 
> 
> shield: Asus AM1I-A with AMD 5150 quad0core, 4GB RAM, SATA SSD,
> lots of gigabit ethernet nics.
> Used as router, firewall, and infrastructure server.
> 
> No issues at all.
> 
> 
> tao: ASRock X570 motherboard, 3600, 64GB RAM, SSD root, SSD ZFS
> mirror pair, spinning ZFS RAID10.
> Runs all the server stuff for randomstring.org, including a
> Postgresql database, many web services, wiki, mail, and so forth
> and so on.
> 
> No serious issues. Upgrading from php7.3 to php7.4 wasn't
> automatic and several packages needed to be installed by hand.
> ZFS went perfectly transparently. Postgresql 11 to 13 wasn't
> done automatically, but pg_upgradecluster makes it very very
> easy.

Another relatively boring one:

alice: a Dell R210 II rackmount server, Xeon E3-1240 v2, 16GB RAM, 3TB
Hitachi/HGST Ultrastar 7K4000 HDD, used as a bare metal server + VM /
docker / LXC host (some "production" and some hobbyist stuff)

No issues at all; the only hassle was dealing with the questions about
whether or not to install new configuration files (and manually copy
over any changes I've made to the old ones).

Celejar



Re: Disk for a small server

2021-08-11 Thread Celejar
On Wed, 11 Aug 2021 02:53:13 -0700
David Christensen  wrote:

> On 8/10/21 7:51 PM, Celejar wrote:
> > On Tue, 10 Aug 2021 17:35:32 -0700
> > David Christensen  wrote:
> > 
> >> On 8/10/21 12:56 PM, Dan Ritter wrote:
> >>> David Christensen wrote:
> >>>> On 8/10/21 8:04 AM, Leandro Noferini wrote:
> >>>>
> >>>> https://wiki.debian.org/ZFS
> > 
> > ...
> > 
> >>>> - ECC memory is safer than non-ECC memory.
> >>>
> >>> This is true, but there is nothing that makes ZFS more dangerous
> >>> than another filesystem using non-ECC memory.
> >>
> >>
> >> I think the amount of danger depends upon how you do your risk
> >> assessment math.  I find used entry-level server hardware with ECC
> >> memory to be desirable for additional reasons.
> > 
> > Dan's point is that while ECC memory is indeed safer than non-ECC
> > memory, this is true whether one is using ZFS or some other filesystem;
> > furthermore, with or without ECC memory, there's no reason to believe
> > that ZFS is less safe than the alternative.
> > 
> > See:
> > 
> > https://arstechnica.com/information-technology/2020/05/zfs-101-understanding-zfs-storage-and-performance/?comments=1=38877683
> > https://jrs-s.net/2015/02/03/will-zfs-and-non-ecc-ram-kill-your-data/
> > 
> > So while ECC memory is always good, it's not a consideration when
> > trying to choose between ZFS and other filesystems.
> 
> 
> I see two sets of choices:
> 
> 1.  Memory integrity:
> 
>  a.  No error checking or correcting -- non-ECC.
> 
>  b.  Error checking and correcting -- ECC.
> 
> 2.  Operating system storage stack data integrity:
> 
>  a.  No data integrity -- md, LVM, ext*, FAT, NTFS.
> 
>  b.  Data integrity -- dm-integrity, btrfs, ZFS.
> 
> 
> There are four combinations of the above.  I order them from highest 
> risk (A) to lowest risk (D) as follows:
> 
> A.  Non-ECC memory (1a) and data integrity (2b)
> 
> B.  Non-ECC memory (1a) and no data integrity (2a)
> 
> C.  ECC memory (1b) and no data integrity (2a)
> 
> D.  ECC memory (1b) and data integrity (2b)
> 
> 
> I have seen a few computers with failing non-ECC memory and no OS 
> storage stack data integrity (case B).  It might take weeks or months to 
> identify the problem.  If those computers had had OS storage stack data 
> integrity with automatic correction (case A), the "scrub of death" is 
> the logical outcome (failure modes and effects analysis); it's just a 
> question of time.  Given the eventual catastrophic outcome (fault hazard 
> analysis), I see a significant difference in risk between A and B.

I myself have no personal experience or deep understanding of the
issues, but the experts do not accept your position that A is higher
risk than B due to the possibility of the "scrub of death." Here's Jim
Salter (from the second link I gave above):

> Is ZFS and non-ECC worse than not-ZFS and non-ECC? What about the Scrub
> of Death?
> 
> OK, it’s pretty easy to demonstrate that a flipped bit in RAM means
> data corruption: if you write that flipped bit back out to disk,
> congrats, you just wrote bad data. There’s no arguing that. The real
> issue here isn’t whether ECC is good to have, it’s whether non-ECC is
> particularly problematic with ZFS. The scenario usually thrown out is
> the the much-dreaded Scrub Of Death.
> 
> TL;DR version of the scenario: ZFS is on a system with non-ECC RAM that
> has a stuck bit, its user initiates a scrub, and as a result of
> in-memory corruption good blocks fail checksum tests and are
> overwritten with corrupt data, thus instantly murdering an entire pool.
> As far as I can tell, this idea originates with a very prolific user on
> the FreeNAS forums named Cyberjock, and he lays it out in this thread
> here. It’s a scary idea – what if the very thing that’s supposed to
> keep your system safe kills it? A scrub gone mad! Nooo!
> 
> The problem is, the scenario as written doesn’t actually make sense.
> For one thing, even if you have a particular address in RAM with a
> stuck bit, you aren’t going to have your entire filesystem run through
> that address. That’s not how memory management works, and if it were
> how memory management works, you wouldn’t even have managed to boot the
> system: it would have crashed and burned horribly when it failed to
> load the operating system in the first place. So no, you might corrupt
> a block here and there, but you’re not going to wring the entire
> filesystem through a shredder block by precious block.
> 
> But we’re being 

Re: Disk for a small server

2021-08-10 Thread Celejar
On Tue, 10 Aug 2021 17:35:32 -0700
David Christensen  wrote:

> On 8/10/21 12:56 PM, Dan Ritter wrote:
> > David Christensen wrote:
> >> On 8/10/21 8:04 AM, Leandro Noferini wrote:
> >>
> >> https://wiki.debian.org/ZFS

...

> >> - ECC memory is safer than non-ECC memory.
> > 
> > This is true, but there is nothing that makes ZFS more dangerous
> > than another filesystem using non-ECC memory.
> 
> 
> I think the amount of danger depends upon how you do your risk 
> assessment math.  I find used entry-level server hardware with ECC 
> memory to be desirable for additional reasons.

Dan's point is that while ECC memory is indeed safer than non-ECC
memory, this is true whether one is using ZFS or some other filesystem;
furthermore, with or without ECC memory, there's no reason to believe
that ZFS is less safe than the alternative.

See:

https://arstechnica.com/information-technology/2020/05/zfs-101-understanding-zfs-storage-and-performance/?comments=1=38877683
https://jrs-s.net/2015/02/03/will-zfs-and-non-ecc-ram-kill-your-data/

So while ECC memory is always good, it's not a consideration when
trying to choose between ZFS and other filesystems.

Celejar



Re: [OT] Why I don't like github [was: Please help to test latest Debian 11 release candidate on real] hardware

2021-07-26 Thread Celejar
On Mon, 26 Jul 2021 18:53:13 +0200
 wrote:

> On Mon, Jul 26, 2021 at 12:49:19PM -0400, Celejar wrote:
> 
> [...]
> 
> > Anyone can "borrow" open source code, regardless of where it's hosted,
> > pretty much by definition.
> 
> License restrictions apply.

Of course, but I didn't think that hosting the code on Github gives
Microsoft more rights over it than if it were hosted somewhere else. Is
there anything in the Github terms of service that grants Microsoft
more rights over my code than the terms of the applicable license? And
if you're assuming that Microsoft won't respect license terms, then
once again, it won't matter where the code is hosted.

Celejar



Re: [OT] Why I don't like github [was: Please help to test latest Debian 11 release candidate on real] hardware

2021-07-26 Thread Celejar
On Sun, 25 Jul 2021 19:48:03 -0400
Gene Heskett  wrote:

> On Sunday 25 July 2021 15:36:26 to...@tuxteam.de wrote:
> 
> > On Sun, Jul 25, 2021 at 07:43:10PM +0100, Brian wrote:
> > > On Sun 25 Jul 2021 at 09:34:42 +0200, to...@tuxteam.de wrote:
> > > > On Sat, Jul 24, 2021 at 04:27:23PM -0400, Jim Popovitch wrote:
> > > > > Why isn't this on Salsa instead of a Microsoft site?
> > > >
> > > > ...you're right. I won't touch github unless I'm forced to :-(
> > >
> > > I went to
> > >
> > >   https://github.com/alexpevzner/sane-airscan
> > >
> > > and found it full of very useful information. You will explain why
> > > Microsoft's involvement in the site should make me wary of advising
> > > users to go there?
> >
> > It is subtle, and you might disagree.
> >
> > I always wondered why github was worth 7.5 billion to Microsoft [1].
> > Surely it seemed a bit steep for "just" generating good will in the
> > "open source" (as they choose to call it) community?
> >
> > Of course, github succeeded in one thing: they managed to centralise
> > git, which is inherently decentral. Many people these days see github
> > as a synonym to git and can't bother to use git without github's
> > shiny web interface.
> >
> > This was, even before the acquisition, enough reason for me to keep
> > as much distance as possible between github and myself.
> >
> > But still, 7.5B?
> >
> > Now, with github copilot [2], things start making sense: github users
> > get support from an AI (GPT-3) for which Microsoft has an exclusive
> > license (only the service is available for mere mortals).
> >
> > They now have a strategic position on how code is written "out there",
> > at least, they hope to have it.
> >
> > Personally, I very much dislike the situation. It very much reminds
> > me of "The Evitable Conflict" [3] from Isaac Asimov, with the little
> > wart that Microsoft isn't bound by the Three Laws of Robotics, but
> > just by their shareholder value :-)
> >
> > Cheers
> >
> > [1] https://en.wikipedia.org/wiki/Github#Acquisition_by_Microsoft
> > [2] https://en.wikipedia.org/wiki/GitHub_Copilot
> > [3] https://en.wikipedia.org/wiki/The_Evitable_Conflict
> >
> >  - t
> 
> +100 Tomas, as it gives them free access to "borrow" some of the best 
> code out there. So the comparison to the underhanded compuserve and 

Anyone can "borrow" open source code, regardless of where it's hosted,
pretty much by definition.

Celejar



Re: MDs & Dentists

2021-07-21 Thread Celejar
On Wed, 21 Jul 2021 22:00:04 +0300
Reco  wrote:

> On Wed, Jul 21, 2021 at 02:38:50PM -0400, Celejar wrote:

...

> > Most, yes. But the pwn2own hackers, for example, seem to pretty
> > routinely get RCE on the major browsers, so I wouldn't bet my data that
> > ransomware authors won't as well:
> > 
> > https://www.zerodayinitiative.com/blog/2019/3/21/pwn2own-vancouver-2019-day-two-results
> > https://www.bleepingcomputer.com/news/security/researchers-earn-1-2-million-for-exploits-demoed-at-pwn2own-2021/
> 
> Given the amount of money and the publicity these people earn - I'd be
> surprised if they did not find anything. Still, it's one (ok, several)
> RCE per year, and due to the nature of pwn2own - it's unlikely that such
> vulnerabilities are common knowledge before the actual pwn2own event,
> and they're patched afterwards.

Oh, I don't mean those specific vulns, just that the money ransomware
authors can hope to make might be a pretty powerful incentive for them
to find similar ones.

Celejar



Re: MDs & Dentists

2021-07-21 Thread Celejar
On Wed, 21 Jul 2021 18:38:30 +0300
Reco  wrote:

> On Wed, Jul 21, 2021 at 10:51:40AM -0400, Celejar wrote:
> > On Wed, 21 Jul 2021 11:16:46 +0300
> > Reco  wrote:
> > 
> > >   Hi.
> > > 
> > > On Tue, Jul 20, 2021 at 11:32:26AM -0400, Celejar wrote:
> > > > On Thu, 15 Jul 2021 09:46:59 +0300
> > > > Reco  wrote:

...

> > > > https://hacked.com/linux-ransomware-notorious-cases-and-ways-to-protect/
> > > 
> > > Requires Java to be installed. A rare case on a Linux *desktop*.
> > 
> > Rare? I don't have statistics, but on one of my Linux desktops, I do
> > some development work for Android, using IntelliJ IDEA / Android Studio,
> > which depend on at least some Java components.
> 
> Numbers show that I was incorrect. Let's call it "unlikely" instead of
> "rare". Let the popcon graphs speak for themselves:
> 
> https://qa.debian.org/popcon.php?package=firefox-esr
> vs
> https://qa.debian.org/popcon.php?package=openjdk-11

I'm not sure I'm reading the numbers correctly, but the openjdk-11-jre
figures are 26-29% (as opposed to firefox-esr's 42%) - hardly "unlikely."

> I agree with you that one should uninstall Java unless it's needed.
> After all, they at Oracle always find something to fix in Java security
> every three months, and this goes on for last ten years.
> 
> > I don't know if I have
> > enough Java installed to be susceptible to the malware in question ;)
> 
> Famous Java's slogan "you write it once and run it everywhere" is an
> exaggeration, to put it lightly. Chances are, you don't have that exact
> minor update of Oracle JRE that this malware actually needs.

Well, I suppose that's a relief ;)

> > Fair enough - but I see no reason why in principle desktop Linux will
> > remain immune from ransomware.
> 
> It won't by itself, of course. One sure way to beat ransomware is to
> take immutable backups (i.e. unmodifiable by host during and after the
> backup is taken), and as recent history shows us - ransomware victims
> apparently do not use this approach.
> 
> Another sure way is to forbid running executables downloaded from random
> Internet sites, but no thanks to appimage, flatpak, snap, and Go Linux
> desktop goes straight into Windows desktop direction.
> And again, as recent history shows us - ransomware victims apparently do
> not use this approach too.

Good points.

> Currently a Linux desktop is better in this regard, but I agree that it
> may not remain the same.
> 
> 
> > Even if Linux word processors are safer than their Windows counterparts,
> 
> Last time I ran Libreoffice I had that distinct feeling I'm running a
> Java program. You know - long startup, eating memory like no tomorrow,
> trying to write useless junk at least to four different places at my
> filesystems, and eating the unhealthy amounts of CPU time in the
> process.

Funny - I always have that feeling and most of those experiences with
Firefox, (even) these days ;)

> I know that Libreoffice is written in C++, but the code quality of it is
> definitely left to be desired. At least then the thing crashes (it did,
> several times) it produces a standard core dump, not some unreadable
> stack trace and a heapdump.
> 
> In retrospect, maybe feeding Libreoffice Draw that 800-pages PDF was not
> the best of ideas, but no free software tool comes close to the
> capabilities of Libreoffice in editing PDFs, and I really needed that
> PDF to be modified (mass-replacing embedded fonts, to be specific).
> 
> 
> On the other hand, Windows counterparts are typical enterprisey software
> written by generations of overseas workers with the code quality (or
> rather the lack of) that's expected from enterprisey software.
> 
> My opinion on this - both are bad. Lireoffice is better being free
> software, of course, but that does not make it secure by definition.
> 
> 
> > browsers are just full of vulnerabilities,
> 
> True. Every version of Chromium and Firefox fixes at least one.
> Most of said vulnerabilities do cannot be used to get Remote Code
> Execution (RCE) though. Which leaves us with "random download" scenario,
> which I've discussed above.

Most, yes. But the pwn2own hackers, for example, seem to pretty
routinely get RCE on the major browsers, so I wouldn't bet my data that
ransomware authors won't as well:

https://www.zerodayinitiative.com/blog/2019/3/21/pwn2own-vancouver-2019-day-two-results
https://www.bleepingcomputer.com/news/security/researchers-earn-1-2-million-for-exploits-demoed-at-pwn2own-2021/

> > so why couldn't ransomware get in that way?

> It could. In a lack of a proper execution environment (be it JRE,
> flatpak, snap or whatever) - what should it do next? Wait for a user to
> execute it?

> Reco

Celejar



Re: MDs & Dentists

2021-07-21 Thread Celejar
On Wed, 21 Jul 2021 11:16:46 +0300
Reco  wrote:

>   Hi.
> 
> On Tue, Jul 20, 2021 at 11:32:26AM -0400, Celejar wrote:
> > On Thu, 15 Jul 2021 09:46:59 +0300
> > Reco  wrote:
> > 
> > ...
> > 
> > > You cannot catch a ransomware cryptolocker using Linux on a desktop,
> > 
> > Of course you can, although it's certainly much less likely than when
> > using Windows.
> > 
> > > it's definitely Windows-only kind of software. In fact, any FOSS OS has
> > > this advantage, unless you're using Wine (software).
> > 
> > It's definitely not Windows-only, although it is (at this point) still
> > mostly Windows:
> 
> I'm not arguing with that, but links you're providing fail to illustrate
> your point.
> 
> > https://hacked.com/linux-ransomware-notorious-cases-and-ways-to-protect/
> 
> Requires Java to be installed. A rare case on a Linux *desktop*.

Rare? I don't have statistics, but on one of my Linux desktops, I do
some development work for Android, using IntelliJ IDEA / Android Studio,
which depend on at least some Java components. I don't know if I have
enough Java installed to be susceptible to the malware in question ;)

> > https://phoenixnap.com/blog/linux-ransomware
> 
> Quote:
> The ransomware is human-operated, so threat actors need time to
> compromise a network, steal credentials, and spread across devices.
> 
> > https://linuxsecurity.com/features/anatomy-of-a-linux-ransomware-attack
> 
> Quote 1:
> Unlike Windows ransomware variants which spread via email or
> maladvertising, Linux ransomware infection relies on vulnerability
> exploitation.
> 
> Quote 2:
> Linux ransomware exploits either unpatched system vulnerabilities or
> flaws in a service, such as a web server or email server, to obtain
> access to a target system and compromise files. For instance, the
> infamous Lilocked ransomware exploits out-of-date versions of the Exim
> message transfer agent to gain a foothold in a target environment. Rex,
> another dangerous strain of Linux ransomware, uses vulnerability
> scanners specific to Drupal, WordPress, Magento, Kerner, Airos, Exagrid,
> and Jetspeed to detect SQL injection vulnerabilities that can be
> exploited to gain admin credentials.
> 
> > https://www.zdnet.com/article/linux-version-of-ransomexx-ransomware-discovered/
> 
> Quote:
> RansomEXX is what security researchers call a "big-game hunter" or
> "human-operated ransomware."
> 
> 
> Conclusion:
> So, unless your Linux *desktop* is a target of an "attack" - your
> desktop is safe. Third link also shows us that if one runs an
> Internet-facing website or MTA - one should better know what they're
> doing. It's true that the security history of Exim, Wordpress and Drupal
> is far from being flawless (I'm not familiar with other CMSes mentioned
> at that article, I assume they're no better in this regard).
> 
> 
> And now, let's compare the scenario above to the usual "a user opens a
> specially crafted M$ Word document" and "user clicks on an
> innocent-looking link".
> 
> To me, the difference is obvious, especially considering the original
> point of this topic.

Fair enough - but I see no reason why in principle desktop Linux will
remain immune from ransomware. Even if Linux word processors are safer
than their Windows counterparts, browsers are just full of
vulnerabilities, so why couldn't ransomware get in that way?

Celejar



Re: MDs & Dentists

2021-07-20 Thread Celejar
On Thu, 15 Jul 2021 09:46:59 +0300
Reco  wrote:

...

> You cannot catch a ransomware cryptolocker using Linux on a desktop,

Of course you can, although it's certainly much less likely than when
using Windows.

> it's definitely Windows-only kind of software. In fact, any FOSS OS has
> this advantage, unless you're using Wine (software).

It's definitely not Windows-only, although it is (at this point) still
mostly Windows:

https://hacked.com/linux-ransomware-notorious-cases-and-ways-to-protect/
https://phoenixnap.com/blog/linux-ransomware
https://linuxsecurity.com/features/anatomy-of-a-linux-ransomware-attack
https://www.zdnet.com/article/linux-version-of-ransomexx-ransomware-discovered/

Celejar



Re: Working for free [was: Offensive variable names]

2021-07-14 Thread Celejar
On Wed, 14 Jul 2021 07:45:08 +0100
Joe  wrote:

> On Tue, 13 Jul 2021 19:17:37 -0400
> Celejar  wrote:
> 
> > On Tue, 13 Jul 2021 21:09:32 +0200
> > Alexandre Garreau  wrote:
> > 
>  
> > > 
> > > No, they’re not submitted to network effect, Debian is not a social 
> > > network.  Moreover, Debian is non-lucrative.  Currently nobody can
> > > get *power* from it.  
> > 
> > I'm not sure what you mean by non-lucrative, but even though
> > there's no money involved, that does not mean that there's no power.
> > The power to decide what software to include in the distribution and
> > what to exclude is certainly power. Debian has an elaborate
> > constitution, with all kinds of rules, and the organization has
> > considerable power over the distribution. This is similar, in my mind,
> > to the power that an organization like Facebook has over its network.
> > 
> 
> I think in this context that 'power' means power over the real world,
> not just within a medium. It is unlikely that Debian can swing an
> election result. Debian has rules, but not over what people are
> permitted to discuss.

I concur completely with your distinction, and I agree that it's an
important one. The original topic of the conversation, however, was
Github and friends, and I doubt that Github can swing an election
result, either.

Celejar



Re: Boot usb

2021-07-13 Thread Celejar
On Wed, 14 Jul 2021 04:14:41 +0300
Gunnar Gervin  wrote:

> Hi.
> I have burned iso image to usb but it is unmounted.
> Thus can probably not be booted(?)

No - whether or not it is currently mounted (or mountable at all,
in /etc/fstab, etc.) makes no difference as to whether it will
successfully boot. 

> Tried mount sdb; sudo mount /dev/sdb & also sudo mount /dev/sdb1
> But Terminal said "Cannot find in /etc/fstab" in both tries.

Did you try just booting from the device (first making sure, of course,
that the system BIOS / UEFI is configured to boot from the USB device
in question)?

Celejar



Re: Working for free [was: Offensive variable names]

2021-07-13 Thread Celejar
On Tue, 13 Jul 2021 21:31:33 +0200
Alexandre Garreau  wrote:

> Le mardi 13 juillet 2021, 16:09:50 CEST Celejar a écrit :
> > On Tue, 13 Jul 2021 16:08:53 +0300
> > 
> > Reco  wrote:
> > > On Tue, Jul 13, 2021 at 08:01:58AM -0400, Celejar wrote:
> > > > > Github (Gitlab, Sourceforge, etc) were and are non-free (as in -
> > > > > non-gratis) services, so it's only reasonable to stay away from
> > > > > them
> > > > > regardless of whom is controlling them.
> > > > 
> > > > What do you mean by calling them non-gratis services? I know that
> > > > some
> > > > of their services are non-gratis, but basic code hosting certainly
> > > > is
> > > > gratis.
> > > 
> > > You do not pay for these services, yet they provide them to you and
> > > everyone else (with certain exclusions).
> > > Guess who is the product here? The answer is - you are the product.
> > > Payment involving money is not the only kind of payment that you can
> > > make today.
> > 
> > I think that's an unreasonable definition of gratis and non-gratis. If
> > a FLOSS dev gets an ego boost, or even some sort of spiritual
> > satisfaction, from people using his software, does that mean it's
> > non-gratis?
> 
> An ego-boost doesn’t grant power, that is, possibility of action of your 
> will on the actions of others.

Payment is not the same thing as power.
 
> But github as a platform provides a great deal of power to microsoft.  
> They litterally own your data.  Maybe not your programs, but maybe all 
> your metadata + what was listed later (bugreports, etc.).

As does Signal, etc.

> The mail you answer to sadly didn’t explain concretely what is the 
> payement, and how you can make money from it.  The answer is: selling 
> personal data.  Both what you output, what comes from you, and what is 
> inputted to you, what to see.  Knowing what you say, what you see, what 
> you like to see, and deciding it sells very profitably nowadays, agueably 
> more than oil.

Celejar



Re: Working for free [was: Offensive variable names]

2021-07-13 Thread Celejar
On Tue, 13 Jul 2021 21:09:32 +0200
Alexandre Garreau  wrote:

> Le mardi 13 juillet 2021, 20:00:44 CEST Celejar a écrit :
> > On Tue, 13 Jul 2021 19:28:39 +0200
> > Alexandre Garreau  wrote:
> > > Le mardi 13 juillet 2021, 14:01:58 CEST Celejar a écrit :
> > > > On Tue, 13 Jul 2021 11:54:43 +0300
> > > > Reco  wrote:
> > > > > Github (Gitlab, Sourceforge, etc) were and are non-free (as in -
> > > > > non-gratis) services, so it's only reasonable to stay away from
> > > > > them
> > > > > regardless of whom is controlling them.
> > > > 
> > > > What do you mean by calling them non-gratis services? I know that
> > > > some
> > > > of their services are non-gratis, but basic code hosting certainly
> > > > is
> > > > gratis.
> > > 
> > > Maybe we could say that you pay with your personal data, or with the,
> > > per network effect, power you give to microsoft to organize a social
> > > networking platform that’s very important for finding work, a lot
> > > more than their shitty linkedin
> > 
> > Fair enough. But by the same logic, things like Matrix and Signal are
> > not gratis, since by using them, you empower their controlling
> > foundations via the network effect.
> 
> Signal is not a lucrative company (yet… who knows, looking at their bad 
> faith), but you’re right there, because since they’re centralized and 
> depending on proprietary OSes, you indeed grant power by using them.  But 
> Signal is not so powerful, so it’s not a so big problem, it’s only sad 
> given their stated goal, and its ideological proximity with software 
> freedom and net decentralization…
> 
> Matrix is meant to be decentralized, so network effect shouldn’t apply.  

Network effect applies since the more people use it, the more valuable
and useful the network becomes, and the more difficult and inconvenient
it is for everyone to move to another network.

Please note that none of this is a criticism of Signal or Matrix - I'm
just making a reductio ad absurdum argument against the idea that
systems that involve a network effect should not be considered "gratis."

> But maybe your message is a critic of good faith of matrix people and 
> their network, because of instability (hence unstandardness) of their 
> protocol, asymetry in their gateways (remembering a bit discord…), big 
> asymetries in development of their clients, official non-free client, and 
> total (wilingful?) blindness about existing implementations such as xmpp 
> u.u

As above, I am making no criticism of Matrix or Signal (here, although
I've criticized Signal elsewhere, on other grounds).

> Same can be argued about Twitter, Facebook, etc.  One one hand, they’re 
> gratis of charges, no money is required to enter, on the other hand “if 
> it’s gratis, you are the product”, and indeed these are companies that 
> make actual money. Big money, GAFAM are among the richest in the world u.u  
> And Twitter is pretty powerful (even and especially politically) after 
> all.
> 
> > Hey, for that matter, Debian is not gratis, since by using it, we grant
> > considerable power to the DDs, their committees, and the DPL!
> 
> No, they’re not submitted to network effect, Debian is not a social 
> network.  Moreover, Debian is non-lucrative.  Currently nobody can get 
> *power* from it.

I'm not sure what you mean by non-lucrative, but even though
there's no money involved, that does not mean that there's no power.
The power to decide what software to include in the distribution and
what to exclude is certainly power. Debian has an elaborate
constitution, with all kinds of rules, and the organization has
considerable power over the distribution. This is similar, in my mind,
to the power that an organization like Facebook has over its network.

In theory Facebook users can go somewhere else, but in practice, this
can be quite difficult. Similarly, if I don't like decisions Debian
takes, I'm free to find a different distribution. In practice, this is a
non-trivial step.

Of course, the power of Debian concerns me much less than Facebook's
power, since I am much (vastly) happier with the ideals and transparency
of Debian than that of Facebook.

Again, I am certainly not claiming that Debian and Facebook (for
example) are remotely equivalent institutions. I am merely making the
reductio ad absurdum argument that defining terms like "gratis" as
broadly as some in this thread seem to do implies that Debian's
offerings aren't gratis.

Celejar



Re: Working for free [was: Offensive variable names]

2021-07-13 Thread Celejar
On Tue, 13 Jul 2021 19:28:39 +0200
Alexandre Garreau  wrote:

> Le mardi 13 juillet 2021, 14:01:58 CEST Celejar a écrit :
> > On Tue, 13 Jul 2021 11:54:43 +0300
> > 
> > Reco  wrote:
> > >   Hi.
> > > 
> > > On Tue, Jul 13, 2021 at 09:20:12AM +0200, to...@tuxteam.de wrote:
> > > > > > Working for free.
> > > > > 
> > > > > Yes. This aspect was always annoying to Microsoft and alike.
> > > > 
> > > > Times have changed. Now Microsoft *loves* free work... done for
> > > > them [1].
> > > 
> > > Nothing had changed in this regard. Every software corporation always
> > > adored enthusiasts doing their job for them. No exceptions.
> > > 
> > > > Not that this enhances my love for Microsoft, mind you. It rather
> > > > confirms my initial gut feeling to stay out of Githubs way wherever
> > > > I can.
> > > 
> > > Github (Gitlab, Sourceforge, etc) were and are non-free (as in -
> > > non-gratis) services, so it's only reasonable to stay away from them
> > > regardless of whom is controlling them.
> > 
> > What do you mean by calling them non-gratis services? I know that some
> > of their services are non-gratis, but basic code hosting certainly is
> > gratis.
> 
> Maybe we could say that you pay with your personal data, or with the, per 
> network effect, power you give to microsoft to organize a social networking 
> platform that’s very important for finding work, a lot more than their 
> shitty linkedin

Fair enough. But by the same logic, things like Matrix and Signal are
not gratis, since by using them, you empower their controlling
foundations via the network effect.

Hey, for that matter, Debian is not gratis, since by using it, we grant
considerable power to the DDs, their committees, and the DPL!

Celejar



Re: Working for free [was: Offensive variable names]

2021-07-13 Thread Celejar
On Tue, 13 Jul 2021 11:27:03 -0400
Stefan Monnier  wrote:

> > We are in basic agreement. I'm not really a "developer" - I just host
> > some relatively simple projects on Github. I agree that a deeper use of
> > something like Github is something I'd have to carefully consider.
> 
> BTW, for those who don't want to run their own server, there are still
> other reasons to avoid Github: my rule is to try and opt for the
> underdog so as to foster competition.

I agree. I may reconsider using Github going forward.

Celejar



Re: Working for free [was: Offensive variable names]

2021-07-13 Thread Celejar
On Tue, 13 Jul 2021 16:08:53 +0300
Reco  wrote:

> On Tue, Jul 13, 2021 at 08:01:58AM -0400, Celejar wrote:
> > > Github (Gitlab, Sourceforge, etc) were and are non-free (as in -
> > > non-gratis) services, so it's only reasonable to stay away from them
> > > regardless of whom is controlling them.
> > 
> > What do you mean by calling them non-gratis services? I know that some
> > of their services are non-gratis, but basic code hosting certainly is
> > gratis.
> 
> You do not pay for these services, yet they provide them to you and
> everyone else (with certain exclusions).
> Guess who is the product here? The answer is - you are the product.
> Payment involving money is not the only kind of payment that you can
> make today.

I think that's an unreasonable definition of gratis and non-gratis. If
a FLOSS dev gets an ego boost, or even some sort of spiritual
satisfaction, from people using his software, does that mean it's
non-gratis?

> > > You need to be in control of your code - *you* host it. Always was,
> > > always is. It's not that hard anyway.
> > 
> > If you maintain a local copy of your code and just push it to Github
> > for serving it publicly (which is what I do, and what I assume most
> > developers do), you haven't lost control of your code
> 
> And then you take out your Github repository in compliance with DMCA
> claim (bonus points for false DMCA claim).
> Whoops - suddenly you've lost a chunk of your userbase, possibly
> - some of your contributors, bug reports, CI/CD pipeline, and that's a
>   non-exhaustive list.

Those are certainly legitimate concerns, although none of that really
means that you're "not in control of your code." I see that you
yourself acknowledge this below.

> > - if / when the host does anything you don't like, you take the
> > existing code and make it available elsewhere, and stop posting future
> > code to the offending service. (It'll still have a copy of any
> > existing code, of course - but that's inevitable with FLOSS software
> > regardless of where you host it.)
> 
> But the "code" aka git repository is not the only thing that's provided
> by such companies, and the temptation to use these other services (that
> are also provided "free" of charge) is way too great for the most.
> 
> You've kept your code in the scenario above, but what good did it gave
> you?
> 
> 
> I don't argue that there are "safe" ways of using these services
> (aforementioned "code dump" is one of them). Problem is - if the risks
> of using these services need to be explained to the participants of
> debian-user - it's not possible to explain the same to the happy GitHub
> crowd.

We are in basic agreement. I'm not really a "developer" - I just host
some relatively simple projects on Github. I agree that a deeper use of
something like Github is something I'd have to carefully consider.

Celejar



Re: Working for free [was: Offensive variable names]

2021-07-13 Thread Celejar
On Tue, 13 Jul 2021 11:54:43 +0300
Reco  wrote:

>   Hi.
> 
> On Tue, Jul 13, 2021 at 09:20:12AM +0200, to...@tuxteam.de wrote:
> > > > Working for free.
> > > 
> > > Yes. This aspect was always annoying to Microsoft and alike.
> > 
> > Times have changed. Now Microsoft *loves* free work... done for
> > them [1].
> 
> Nothing had changed in this regard. Every software corporation always
> adored enthusiasts doing their job for them. No exceptions.
> 
> 
> > Not that this enhances my love for Microsoft, mind you. It rather
> > confirms my initial gut feeling to stay out of Githubs way wherever
> > I can.
> 
> Github (Gitlab, Sourceforge, etc) were and are non-free (as in -
> non-gratis) services, so it's only reasonable to stay away from them
> regardless of whom is controlling them.

What do you mean by calling them non-gratis services? I know that some
of their services are non-gratis, but basic code hosting certainly is
gratis.

> You need to be in control of your code - *you* host it. Always was,
> always is. It's not that hard anyway.

If you maintain a local copy of your code and just push it to Github
for serving it publicly (which is what I do, and what I assume most
developers do), you haven't lost control of your code - if / when the
host does anything you don't like, you take the existing code and make
it available elsewhere, and stop posting future code to the offending
service. (It'll still have a copy of any existing code, of course - but
that's inevitable with FLOSS software regardless of where you host it.)

Celejar



Re: Messed up Email

2021-06-27 Thread Celejar
On Sat, 26 Jun 2021 16:51:21 +0300
Andrei POPESCU  wrote:

...

> Well, apparently lots of people[1] seem very upset about and hell bent 
> to change Signal's (the service) policies on federation, third-party 
> clients, etc.
> 
> Why? There's Matrix, that already has all that. Why insist that 
> everybody else has to do that as well? Live and let live, anyone?
> 
> [1] not referring to anyone in particular

Should we not criticize software and services that we find problematic
just because alternatives exist? Moreover, I suspect that Signal's
dominance plays a role in hindering the growth of things like Matrix -
when all the privacy and security Big Names rave over Signal and push
it so strongly, then due to network effects (within the privacy and
security conscious community), it becomes more and more necessary to
use it.

This is similar to what I assume many Signal users feel about WhatsApp
- frustration that they have an altogether far superior solution, that
they are severely hampered in their ability to use because everyone
else is using the inferior solution ;)

(Please don't get me wrong - I agree that Signal is a far, far,
superior alternative to WhatsApp, and that the difference between them
is much greater than the difference between Signal and Matrix - I just
mean that people always criticize the shortcomings of dominant software
systems in order to promote the ones they consider preferable and to
increase their usage, which renders them much more useful due to
network effects.)

Celejar



Re: Messed up Email

2021-06-27 Thread Celejar
On Sat, 26 Jun 2021 07:41:51 -0400
Dan Ritter  wrote:

...

> Not enough for what? The primary issue I have with Matrix is that
> there's too much concentration of servers under the control of
> matrix.org - but I think that they believe that too, and that
> this will be rectified over the next few years. 

They explicitly state this:

> It’s also fair that in a multi-server federated model, users naturally
> tend to sign up on the most prominent server(s) (e.g. the matrix.org
> homeserver in the case of Matrix). In practice, the matrix.org
> homeserver currently makes up about 35% of the visible Matrix network
> by active users. It’s also true that Matrix servers currently store
> metadata about who’s talking to who, and when, as a side-effect of
> storing and relaying messages on behalf of their users. And without an
> adequate protocol governance system in place, a large server could
> start pushing around smaller ones in terms of protocol behaviour. In
> practice, we’re looking into solving metadata protection in Matrix by
> experimenting with hybrid P2P / Client Server models - letting users
> store their metadata purely clientside if they so desire, and
> potentially obfuscating who’s talking to who via mixnets of blinded
> store & forward servers (more about this coming up at FOSDEM). Combined
> with nomadic accounts, this would let us eventually turn off the
> matrix.org server entirely and eliminate the pseudo-centralisation
> effect - the default ‘server’ would be the one running on your client.

https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom

Celejar



Re: Messed up Email

2021-06-27 Thread Celejar
On Sat, 26 Jun 2021 17:02:10 +0300
Andrei POPESCU  wrote:

> On Sb, 26 iun 21, 14:05:04, Brian wrote:
> > On Sat 26 Jun 2021 at 14:14:13 +0300, Andrei POPESCU wrote:
> > 
> > 
> > An interesting read. Countered at
> > 
> > https://matrix.org/blog/2020/01/02/on-privacy-versus-freedom
> 
> Looking forward for them to prove Moxie wrong, really!

I certainly have a much less profound understanding of the issues, both
philosophical and technical, than the experts on both sides of this
debate, but my sympathies lie strongly with the Matrix people. From
their blog post (thanks, Brian) - I think this is worth posting here:

> It’s true that if you’re writing a messaging app optimised for privacy
> at any cost, Moxie’s approach is one way to do it. However, this ends
> up being a perversely closed world - a closed network, where unofficial
> clients are banned, with no platform to build on, no open standards,
> and you end up thoroughly putting all your eggs in one basket, trusting
> past, present & future Signal to retain its values, stay up and somehow
> dodge compromise & censorship… despite probably being the single
> highest value attack target on the ‘net.
> 
> Quite simply, that isn’t a world I want to live in.
> 
> We owe the entire success of the Internet (let alone the Web) to
> openness, interoperability and decentralisation. To declare that
> openness, interoperability and decentralisation is ‘too hard’ and not
> worth the effort when building a messaging solution is to throw away
> all the potential of the vibrancy, creativity and innovation that comes
> from an open network. Sure, you may end up with a super-private
> messaging app - but one that starts to smell alarmingly like a walled
> garden like Facebook’s Internet.org initiative, or an AOL keyword, or
> Google’s AMP.

Celejar



Re: Messed up Email

2021-06-27 Thread Celejar
On Sat, 26 Jun 2021 13:31:33 +0300
Andrei POPESCU  wrote:

> On Jo, 24 iun 21, 14:13:42, Dan Ritter wrote:
> > 
> > At the other end is anything where you can't use a client or a
> > server that isn't produced/managed by the central authority.
> > Despite Signal making some of their source available, you can't
> > write your own Signal client and have it talk to their official
> > servers.
> 
> Sure, and I don't remember disputing this.
> 
> But let's not conflate the Signal software (client, server, etc.), the 
> Signal protocol and the Signal *service*.
> 
> Could you elaborate on why in your opinion an entity providing a service 
> should automatically accept connections from third-party clients and/or 
> federate with other service providers?

Well, would you have no problem with a website that requires the site's
own browser to function, and won't work with standard browsers? I agree
that the site has the legal and even moral right to implement such a
thing, but I wouldn't be happy about it.

Celejar



Re: Messed up Email

2021-06-27 Thread Celejar
On Sat, 26 Jun 2021 13:14:37 +0300
Andrei POPESCU  wrote:

> On Jo, 24 iun 21, 14:04:13, Celejar wrote:
> > On Thu, 24 Jun 2021 01:25:37 +0300
> > Andrei POPESCU  wrote:
> > 
> > > On Mi, 23 iun 21, 17:12:07, Michael Grant wrote:
> > > > > Apparently the lines are blurry enough for you to include Signal in 
> > > > > that 
> > > > > list.
> > > > 
> > > > Why?  Not blurry at all.  Signal is just as closed a system as
> > > > WhatsApp.  Maybe more private, but unless you know something I don't,
> > > > Signal doesn't talk to anything other than other Signal.  Puppeted
> > > > bridges are not interoperability, as far as I am aware, all users
> > > > still need to be on Signal.
> > > 
> > > You seem to be using a completely different meaning of 'proprietary' (no 
> > > federation) than I do (closed source software, proprietary protocol that 
> > > must be reversed engineered, patents, etc.).
> > 
> > Well, Michael's original post that you challenged contrasted:
> > 
> > > a standards based system such as mail or the web and a proprietary
> > > system such as facebook, WhatsApp, Signal, Telegram, etc etc.
> > 
> > Would you call Signal "a standards based system?" I understand that the
> > software itself is open source, and the project does publish various
> > "Signal Protocal" libraries, but I'm not sure that's quite enough to
> > call it "standards based."
> 
> In the strict definition that would imply there is an RFC or so for the 
> Signal Protocol. Still the protocol is published and open for anyone to 
> re-implement[1].
> 
> https://en.wikipedia.org/wiki/Signal_Protocol
> 
> How is that proprietary?

I'm not arguing that it's proprietary, but that it's not "standards
based." I agree that the one is not the negation of the other.

> The trouble with actually making something a standard is that if later 
> it turns out something is a really bad idea it is basically impossible 
> to remove, because now it's part of the standard, and several 
> implementations have come to rely on that.

Fair - but standards have advantages, as well. We can debate whether
Signal is better off not using a real standard, but my point remains
that it's somewhat dubious to call Signal "standards based."

> [1] several other apps claim to have implemented the Signal Protocol. 

Celejar



  1   2   3   4   5   6   7   8   9   10   >