Re: Re: GTK applications displaying emojis in monochrome rather than color
Ash Joubert wrote: > On 2024-03-01 04:19, Celejar wrote: > > About two years ago [0], I installed the package > "fonts-noto-color-emoji" on my Sid (Xfce4) system, and from then until > several weeks ago, emojis have been displayed throughout the system in > glorious color. Recently (several weeks ago?), however, a number of > applications have started displaying emojis in (unattractive) > monochrome. > > > This is caused by a fontconfig upgrade. My workaround was to delete > /etc/fonts/conf.d/70-no-bitmaps.conf (as root) and run "fc-cache -f" (as > user): > > https://lists.debian.org/debian-user/2024/02/msg00765.html > > See the reply from Floris Renaud for the bug report link. Thanks - your workaround worked for me. -- Celejar
Re: Re: GTK applications displaying emojis in monochrome rather than color
Floris Renaud wrote: > On donderdag 29 februari 2024 16:19:57 (+01:00), Celejar wrote: ... > > glorious color. Recently (several weeks ago?), however, a number of > > applications have started displaying emojis in (unattractive) > > monochrome. The applications that I have seen doing this have all been > I had the same problem. This is a known bug in fontconfig: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064267#10 Thank you! I had searched the web, but did not find that report. It may have been filed after my searching :) -- Celejar
GTK applications displaying emojis in monochrome rather than color
Hi, About two years ago [0], I installed the package "fonts-noto-color-emoji" on my Sid (Xfce4) system, and from then until several weeks ago, emojis have been displayed throughout the system in glorious color. Recently (several weeks ago?), however, a number of applications have started displaying emojis in (unattractive) monochrome. The applications that I have seen doing this have all been GTK based (Sylpheed, Geany, Gedit); Firefox and Chromium seem to be correctly using color. Can anyone help me figure out what changed and how to diagnose and fix the problem? I have spent a while searching the web, and I can't find a simple and straightforward way to deal with this. Font configuration on Linux seems to be an extraordinarily complicated and poorly documented mess. [0] https://lists.debian.org/debian-user/2021/11/msg00619.html -- Celejar (not currently subscried to the list)
Re: Chromium under Xfce/bookworm anyone?
On Thu, 14 Sep 2023 07:04:50 + Michael Kjörling <2695bd53d...@ewoof.net> wrote: > On 13 Sep 2023 13:14 -0400, from cele...@gmail.com (Celejar): > > The truth is, however, that although I thought I had fully investigated > > the problem, I was wrong. Upon further investigation, it seems that it's > > my uBlock Origin settings that are causing the problem - disabling it > > entirely (as opposed to just for the pages mentioned above) solves the > > problem. Now I just have to dive into the logger and try to figure out > > what I need to adjust to get things working. > > For those times when I just want something to work _once_ and don't > foresee a need to do the thing repeatedly, I have written a script to > start Firefox with a brand new profile, then delete it on exit. > > It's not a great solution, admittedly, and the script itself is a bit > of a hack; but it works. That's what I just did manually to troubleshoot: create a fresh profile, verify that the site works with it, then delete it. -- Celejar
Re: Chromium under Xfce/bookworm anyone?
On Wed, 13 Sep 2023 09:16:15 -0500 David Wright wrote: > On Wed 13 Sep 2023 at 08:24:27 (-0400), Celejar wrote: > > > I have no choice - there's at least one important site (of a major > > financial institution) that I need that simply doesn't work with > > Firefox. > > Usual question: what does "doesn't work" mean? The site frequently goes into some kind of redirect loop - it keeps jumping back and forth between "logon.example.com" and "some.page.example.com", preventing me from accessing the site. I can get around this, at least sometimes, by simply going to the URL bar and typing in some other example.com url, but this behavior is really annoying. The truth is, however, that although I thought I had fully investigated the problem, I was wrong. Upon further investigation, it seems that it's my uBlock Origin settings that are causing the problem - disabling it entirely (as opposed to just for the pages mentioned above) solves the problem. Now I just have to dive into the logger and try to figure out what I need to adjust to get things working. -- Celejar
Re: Chromium under Xfce/bookworm anyone?
On Wed, 13 Sep 2023 06:35:12 +0200 wrote: > On Tue, Sep 12, 2023 at 08:09:48PM -0400, Celejar wrote: > > [...] > > > The OP was on Stable; with Sid, we're hitting this: > > Yes. > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051355 > > In the OP's case, Curt's proposal > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039037 > > fits things better (#1051355 mentions a segfault, in #1039037 the > processes just hang around) > > > One solution until the problem is resolved is to downgrade the Chromium > > packages, as per here: > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051355#10 > > > > (The older Chromium packages are available at snapshot.debian.org.) > > ...but downgrading might be an idea. Alas, I might not get rhe > chance to try. $DAYJOB $BOSS wants to have (eek) Windoze on the > machine (I won't even think of Chromium on my private laptop ;-) I have no choice - there's at least one important site (of a major financial institution) that I need that simply doesn't work with Firefox. -- Celejar
Re: Chromium under Xfce/bookworm anyone?
On Wed, 13 Sep 2023 06:55:40 +1000 David wrote: > Similar situation to mine, although specifics vary. > The situation here is with Chromium on a SID laptop, while Chromium on > a Stable desktop is just fine. > Starting from a terminal gives: > > Gtk-Message: 06:46:36.954: Failed to load module "appmenu-gtk-module" > libva error: /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so init failed > [12968:12968:0913/064637.144984:ERROR:chrome_browser_cloud_management_c > ontroller.cc(163)] Cloud management controller initialization aborted > as CBCM is not enabled. > [12968:12999:0913/064637.896873:ERROR:nss_util.cc(357)] After loading > Root Certs, loaded==false: NSS error code: -8018 > [0913/064638.283625:ERROR:elf_dynamic_array_reader.h(64)] tag not found > [13049:1:0100/00.316639:ERROR:broker_posix.cc(41)] Recvmsg error: > Connection reset by peer (104) > Segmentation fault > > It just looked like something that needed the developers to wake up in > the morning, so I've left it for now. > I do get a flash of Chromium on the screen before it dies, so it's > classic seg fault. It just looks like the latest development phase > hasn't been married up too well with the context. > Cheers! The OP was on Stable; with Sid, we're hitting this: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051355 One solution until the problem is resolved is to downgrade the Chromium packages, as per here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051355#10 (The older Chromium packages are available at snapshot.debian.org.) -- Celejar
Re: Debian on Ubiquiti Edgerouter Lite?
On Tue, 12 Sep 2023 10:48:13 -0400 Dan Purgert wrote: > On Sep 12, 2023, Christian Groessler wrote: > > Hello Group, > > > > is there a Debian version which could be installed on mentioned > > Edgerouter? > > Yes, sort of -- their firmware is (was) a custom Debian (iirc, stretch). https://help.ui.com/hc/en-us/articles/205202560-EdgeRouter-Add-Debian-Packages-to-EdgeOS > Quick check of their site https://ui.com/download/software/erlite3 shows > that they most recently released firmware on 31 July 2023. > Unfortunately there are no release notes. -- Celejar
Re: bookworm and network connections
On Fri, 1 Sep 2023 18:33:51 -0400 Greg Wooledge wrote: ... > Standard installation. But as you noted, it's optional. Debian *also* > allows the use of Network Manager, systemd-networkd, and probably several > other systems for configuring one's network(s). Yes - I use iwd for basic (wireless) network configuration. -- Celejar
Re: syncthing, rsync for git; was: git setup
On Tue, 22 Aug 2023 19:27:57 + Michael Kjörling <2695bd53d...@ewoof.net> wrote: > On 22 Aug 2023 14:33 -0400, from cele...@gmail.com (Celejar): > >> Git tends to be very rsync-friendly. > > > > I do something similar - I use syncthing to automatically keep the git > > repositories on two of my machines in sync. rsync may be better, but > > syncthing has more or less worked for me. > > I'm not really familiar with syncthing, but it looks like it and rsync > solve somewhat different problems; rsync being primarily intended to > update one location (the destination) to match another (the source), > whereas syncthing is primarily intended to update both locations such > that they match (but can be run in one-way mode if desired). > > Therefore syncthing would seem to be more analogous to unison than to > rsync. Correct. My use case is two systems both used for development (I work sometimes on a laptop and sometimes on a desktop). I understand that this is not the OP's case and the subject of the thread, and I apologize for the confusion. > I know of rsync's shortcomings in the bidirectional-sync use case > because I looked for a good while for a way to get it to do that > safely, before coming across unison which being designed for that > solved that problem with for all intents and purposes no fuss at all. -- Celejar
Re: git setup
On Tue, 22 Aug 2023 16:31:58 +0200 wrote: > On Tue, Aug 22, 2023 at 09:16:47AM -0500, John Hasler wrote: > > Christoph writes: > > > I have almost the same setup and use local git repositories. Instead > > > of syncing them by the git tools I use rsync to update the backup from > > > time to time. This is a dumb method but it works. > > > > This is what I do as well. > > Actually... not that dumb. Git tends to be very rsync-friendly. In some > weird way, this is no coincidence. I do something similar - I use syncthing to automatically keep the git repositories on two of my machines in sync. rsync may be better, but syncthing has more or less worked for me. -- Celejar
Re: ipv6 maybe has arrived.
On Fri, 10 Feb 2023 16:20:00 +0300 Reco wrote: > Hi. > > On Fri, Feb 10, 2023 at 08:04:38AM -0500, Greg Wooledge wrote: > > On Fri, Feb 10, 2023 at 05:58:07AM -0500, gene heskett wrote: > > > hosts: files mymachines dns myhostname > > > > This is wrong. > > You're correct, but for the wrong reason. > > > I don't know where you got it from, but "mymachines" > > and "myhostname" are not valid entries in this file. > > On the contrary. > > apt show libnss-myhostname libnss-mymachines > > Why would anyone in their sane mind willingly install those is another > question :) libnss-mymachines is marked as automatically installed on my (Debian Sid) system: $ aptitude why libnss-mymachines i libvirt-daemon-system Dependslibvirt-daemon-system-systemd (= 9.6.0-1) | libvirt-daemon-system-sysv (= 9.6.0-1) i A libvirt-daemon-system-systemd Dependssystemd-container i A systemd-container Recommends libnss-mymachines So if one wants to run libvirt as a system service on a systemd system, and "Recommends" are installed by default (which I would assume is a not uncommon scenario), then one will end up with libnss-mymachines installed. -- Celejar
Re: Feeds aren't yet dead (Was: Re: perl module listgarden)
On Thu, 03 Aug 2023 21:33:24 +0100 Steve McIntyre wrote: > Andy Smith wrote: > >On Thu, Aug 03, 2023 at 06:23:15PM +, Russell L. Harris wrote: > >> On Thu, Aug 03, 2023 at 05:29:33PM +, Andy Smith wrote: > >> > On Thu, Aug 03, 2023 at 03:07:47AM +, Russell L. Harris wrote: > >> > > For that matter, is RSS still in use? > >> > > >> > $ r2e list | wc -l > >> > 72 > >> > >> Andy, I don't understand; kindly explain. > > > >I am notified about new posts to feeds that I follow by rss2email. I > >have 72 feeds that I actively follow. > > > >> But I am a dinosaur, and I am not sure that RSS still is vital or even > >> helpful to a web site; therefore my query. > > > >It is niche but very appreciated by those of us that use it. > >Basically if I like a blog or similar service then I like to follow > >it. But I will never see new postings unless they have a feed, or if > >I follow them on Fediverse. I'm not going to sit there reloading 72 > >web sites every day. > > > >(Doesn't have to be RSS; any feed tech like Atom is fine also) > > Similar here. I'm using FreshRSS daily to pick up on RSS/atom feeds > from all over the place... Ditto - Liferea for all kinds of blogs and other sites that regularly / semi-regularly publish new content, including tech and Linux / FLOSS sites such as Ars Technica, LWN.net, etc. -- Celejar
Re: AMD GPU hard lockups
On Thu, 3 Aug 2023 02:08:27 +0200 zithro wrote: > On 03 Aug 2023 01:25, Celejar wrote: > > I'm not sure I understand your point: if we assume that the fact that > > my adapter burned indicates that my particular adapter must have been of > > very poor quality, than this implies that such adapters in general are > > not dangerous (which, as I've noted, is supported by the fact that > > reputable companies sell them, with no warnings that they're dangerous). > > You will never find in a car owner's manual that driving on pedestrians > may be dangerous ;) But you certainly will find warnings regarding safe vs. unsafe use of the product. > Joke aside those companies just wanna sell products. > Do the products fit you ? Read my previous email: YOU must check. > > To remove the confusion : your graphic card is rated at 150W, but it's > the MAX power it can use, not the power it uses all the time. > So, until you don't stress the GPU, those adapters will be perfectly fine. > Example from a Win domU, GPU-Z reports ~40W in idle (browsing, videos, > ...) for a Polaris20 GPU (AMD RX580), with a TDP of 185W. > That's why you only had problems when REALLY using the GPU. > > For instance, let's say you built a server, but only have a RX6600 as > video card, a 6 pins connector and a 6-to-8 adapter. > THIS will be perfectly fine : your GPU will never exceed limits, as it > will at most display a framebuffer. > > (To go even further : AFAIK, most graphic cards won't boot without the > external PCI-E power connector plugged, but if there wasn't such > "protection", as the x16 PCIe slot provides 75W, in my example above it > would be perfectly fine to use the card w/o the external plug). Thanks for the explanation. -- Celejar
Re: Follow the specs :) (was Re: AMD GPU hard lockups)
On Thu, 3 Aug 2023 01:29:42 +0200 zithro wrote: > On 02 Aug 2023 23:29, Celejar wrote: > > But reputable companies do produce 6-8 pin adapters, e.g.: > [...] > > (I just ordered the Cable Matters one.) > > Out of curiosity, I checked the links. > Funny that "reputable companies" (I'm not attacking you, but them) don't > even specify the max power rating as product specs, and when specified, > it's only in users Q ... > You also have to dig deep to get the wires size in AWG (ie: zoom on > pictures ...) ! > Compare that to the information you get for the PSU and the GPU ! > > Anyways : > 1st link: "The maximum power rating for the PCIEX68ADAP is 75W" > 2nd link: "Max Power Rating 150W" > 3rd link: (nowhere to be found, at least quickly) > > 1 and 2 use AWG18 wires, and on 3 they look even thinner (can't really > tell as the pic is s***). > I'd eliminate the 3 from the start. No specs, no money. > And either 1 or 2 is lying : same AWG, different power rating (ok, the > wire style is precised nowhere : single core, threaded, etc). But we can > safely assume that 150W @12V is not possible : 12.5A is out of specs. > (Try "https://www.engineeringtoolbox.com/wire-gauges-d_419.html; for > more info on AWG, and use the formula Watts = Volts x Amperes). > > On 02 Aug 2023 23:37, piorunz wrote: > > Your GPU max TDP is 150W, meaning it will draw 75W from PCI-E slot and > > 75W from 8-pin cable. > > So the wires will work around their limits. > One little power spike and kaboom. > Fire, exclamation mark ; fire, exclamation mark. > Joke aside, the fire hazard is real. Especially exceeding limits with > low-end products, when you don't know if the materials are fire-proofed. > > > Your 8-pin adapter must have been very poor quality. I don't know what > > kind of adapter it was, but adapters which make 8-pin from 6-pin, are > > dangerous. Better to use 2x 6-pin -> 1x 8-pin adapter to correctly > > assign wires to each corresponding pin. > > I agree, so that each wire (or group of wires) does not exceed the max > current it can draw. > > I found two pages cleanly explaining this, both were worth a read. > But don't quickly jump to conclusions, follow the flow ! > > https://www.cgdirector.com/gpu-power-cable-guide/ > https://www.pcworld.com/article/395059/one-cable-or-two-for-powering-a-graphics-card-heres-the-answer.html Thanks for the information and explanations! > zithro / Cyril Celejar
Re: AMD GPU hard lockups
On Wed, 2 Aug 2023 22:37:50 +0100 piorunz wrote: > On 02/08/2023 22:29, Celejar wrote: > > The Z440 officially supports up to an NVIDIA Quadro K6000 12GB, which > > draws 234 watts, so it ought to be able to handle my Red Devil RX-570. > > The Red Devil specifies a minimum system power of 450 watts, and my > > Z440's PSU is 700 watts: > > More detailed info: > https://www.techpowerup.com/gpu-specs/powercolor-red-devil-rx-570-oc.b4455 > > Your GPU max TDP is 150W, meaning it will draw 75W from PCI-E slot and > 75W from 8-pin cable. > Your 8-pin adapter must have been very poor quality. I don't know what > kind of adapter it was, but adapters which make 8-pin from 6-pin, are > dangerous. Better to use 2x 6-pin -> 1x 8-pin adapter to correctly > assign wires to each corresponding pin. I'm not sure I understand your point: if we assume that the fact that my adapter burned indicates that my particular adapter must have been of very poor quality, than this implies that such adapters in general are not dangerous (which, as I've noted, is supported by the fact that reputable companies sell them, with no warnings that they're dangerous). -- Celejar
Re: AMD GPU hard lockups
On Wed, 2 Aug 2023 23:12:02 +0200 zithro wrote: > On 02 Aug 2023 03:21, Celejar wrote: > > when I opened the case, sure enough, the > > cable feeding the GPU had burned and broken. > > > > Fortunately, I don't see damage to the system's power cable or to the > > GPU itself, just to the 6 pin to 8 pin PCIE adapter cable (the HP PSU > > has only 6 pin cables, and the GPU needs an 8 pin connection). I > [...] > > > > I'm going to order another one, from a reputable company this time, and > > hope that it was just the cheapo implementation that was flawed, and > > not the whole concept of 6 pin to 8 pin adapter cables ... > > > > Cables can burn because too much current (Amps) is flowing through them. > As problems only happen when gaming (or heavily using the GPU), this may > be the case. > > I think your GPU is drawing too much current from the 6 pins PSU rail. > (Are any other peripherals connected on the GPU rail ?). I don't think so. > I'd also compare the power requirements of the GPU to the total Amps the > GPU PSU rail can provide (each rail and voltage has specific specs). The Z440 officially supports up to an NVIDIA Quadro K6000 12GB, which draws 234 watts, so it ought to be able to handle my Red Devil RX-570. The Red Devil specifies a minimum system power of 450 watts, and my Z440's PSU is 700 watts: https://support.hp.com/us-en/document/c04506309#AbT3 https://www.powercolor.com/product?id=1493267392#spe > The difference between 6 and 8 pins can be seen like the difference of > cable section between a small lamp and a computer (or a microwave). > Power your computer or microwave with a lamp cable, and you'll see a > nice fire. > > If the designers used 8 pins, my wild guess is that it has a reason ;) But reputable companies do produce 6-8 pin adapters, e.g.: https://www.startech.com/en-us/where-to-buy/PCIEX68ADAP https://www.microcenter.com/product/615426/micro-connectors-6-pin-to-8-pin-pcie-adapter-power-cable-black-yellow https://www.walmart.com/ip/Cable-Matters-2-Pack-6-Pin-PCIe-to-8-Pin-PCIe-Adapter-Power-Cable-4-Inches/944325506 (I just ordered the Cable Matters one.) -- Celejar
Re: AMD GPU hard lockups
On Tue, 1 Aug 2023 19:13:42 +0100 piorunz wrote: > On 01/08/2023 19:09, Celejar wrote: > > Okay, thanks for the clarification. It seems, however, that I'm dealing > > with a hardware issue (as Dan Ritter suggested): I did some more > > testing, and after the latest crash, the system won't boot at all, and > > the power LED blinks red six times, which according to the > > manufacturer "indicates a pre-video graphic card error." > > > > "To resolve the issue, complete the following steps: > > > > 1) Reseat the graphics card. > > > > 2) Replace the graphic card. > > > > 3) Replace the system board." > > > > https://support.hp.com/gb-en/document/c03599666 > > > > I suppose I'll begin by trying the first and see if it helps ... > > Oh, that's more serious then. Could be power supply as well. Good luck > troubleshooting it. So, while troubleshooting today I thought I smelled an ominously acrid odor of burning plastic. I wasn't sure whether it was real or a figment of my stressed imagination, but when I opened the case, sure enough, the cable feeding the GPU had burned and broken. Fortunately, I don't see damage to the system's power cable or to the GPU itself, just to the 6 pin to 8 pin PCIE adapter cable (the HP PSU has only 6 pin cables, and the GPU needs an 8 pin connection). I remember debating at the time (3 years ago) whether to buy the cheapest one I could find, or to invest a few dollars more to buy a brand name unit from a reputable company. I rolled the dice on the former, and it did last three years - and hopefully didn't take out anything else with it. I'm going to order another one, from a reputable company this time, and hope that it was just the cheapo implementation that was flawed, and not the whole concept of 6 pin to 8 pin adapter cables ... -- Celejar
Re: AMD GPU hard lockups
On Tue, 1 Aug 2023 18:25:39 +0100 piorunz wrote: > On 01/08/2023 18:16, Celejar wrote: > > On Tue, 1 Aug 2023 16:56:37 +0100 > > piorunz wrote: > > > >> On 01/08/2023 16:44, Celejar wrote: > >> > >>> Any ideas? > >>> > >> Revert to Debian Stable and check there. I have AMD Radeon card and it's > >> 100% stable on Stable, and it had issues last year back when bookworm > >> was in Testing. > > > > I'm confused - current stable *is* bookworm, so if you had issues with > > bookworm, why would reverting to (current) stable help? Do you mean > > oldstable / bullseye? I actually did test using kernel 6.1.0-10-amd64 > > from stable / bookworm, but the problem remained. > > > > I had problems with Testing when it was maturing to become Stable / > Bookworm. Meaning, pre-release Bookworm, it has problems. So there is that. > You are using Sid, so problems are to be expected. > > Revert to Stable / Bookworm, which is very stable for me, all problems > which it has last year (while Bookworm was Testing) have been fixed. I > did not have single crash or freeze for months. Okay, thanks for the clarification. It seems, however, that I'm dealing with a hardware issue (as Dan Ritter suggested): I did some more testing, and after the latest crash, the system won't boot at all, and the power LED blinks red six times, which according to the manufacturer "indicates a pre-video graphic card error." "To resolve the issue, complete the following steps: 1) Reseat the graphics card. 2) Replace the graphic card. 3) Replace the system board." https://support.hp.com/gb-en/document/c03599666 I suppose I'll begin by trying the first and see if it helps ... -- Celejar
Re: AMD GPU hard lockups
On Tue, 1 Aug 2023 12:12:01 -0400 Dan Ritter wrote: > piorunz wrote: > > On 01/08/2023 16:44, Celejar wrote: > > > > > Any ideas? > > > > > Revert to Debian Stable and check there. I have AMD Radeon card and it's > > 100% stable on Stable, and it had issues last year back when bookworm was in > > Testing. > > If that doesn't work, try a new power supply. Video cards and > CPUs are typically the #1 and #2 draw on power, so power > problems show up there first. Thanks, but I can't easily / conveniently do that. I don't have one handy, and the machine is an HP Z440, which I think may have trouble using standard power supplies anyway. -- Celejar
Re: AMD GPU hard lockups
On Tue, 1 Aug 2023 16:56:37 +0100 piorunz wrote: > On 01/08/2023 16:44, Celejar wrote: > > > Any ideas? > > > Revert to Debian Stable and check there. I have AMD Radeon card and it's > 100% stable on Stable, and it had issues last year back when bookworm > was in Testing. I'm confused - current stable *is* bookworm, so if you had issues with bookworm, why would reverting to (current) stable help? Do you mean oldstable / bullseye? I actually did test using kernel 6.1.0-10-amd64 from stable / bookworm, but the problem remained. -- Celejar
AMD GPU hard lockups
Hello, I have a system running Debian unstable with an AMD RX-570. It has been working fine for a while, but recently, anything that uses the more advanced features of the GPU causes the system to hard lockup: black screen, no response to keyboard, no network connectivity. I'm not sure exactly which functionality of the GPU causes this: ordinary web browsing, development work, etc. never cause problems, but games, the Unigine Heaven benchmark, and even glmark2 invariably do, sometimes immediately, sometimes after a few seconds or minutes. I'm not sure exactly when this began: I hadn't been using the system for any of the problematic tasks for a while. I've tried looking in the logs. Running 'journalctl -b -1' after a lockup generally shows nothing. I've tried to catch the error with 'tail -F /var/log/syslog', and most of the time I see nothing (just the hang, with no warning in the log), but once I caught this: 2023-08-01T10:41:23.531381-04:00 lucy kernel: [38532.241396] gmc_v8_0_process_interrupt: 15 callbacks suppressed 2023-08-01T10:41:23.531394-04:00 lucy kernel: [38532.241401] amdgpu :02:00.0: amdgpu: GPU fault detected: 147 0x06508401 for process heaven_x64 pid 14771 thread heaven_x64:cs0 pid 14792 2023-08-01T10:41:23.531395-04:00 lucy kernel: [38532.241407] amdgpu :02:00.0: amdgpu: VM_CONTEXT1_PROTECTION_FAULT_ADDR 0x060004CA 2023-08-01T10:41:23.531396-04:00 lucy kernel: [38532.241408] amdgpu :02:00.0: amdgpu: VM_CONTEXT1_PROTECTION_FAULT_STATUS 0x02084001 2023-08-01T10:41:23.531396-04:00 lucy kernel: [38532.241409] amdgpu :02:00.0: amdgpu: VM fault (0x01, vmid 1, pasid 32778) at page 100664522, read from 'TC7' (0x54433700) (132) 2023-08-01T10:41:23.531397-04:00 lucy kernel: [38532.241429] DMAR: DRHD: handling fault status reg 2 2023-08-01T10:41:23.531398-04:00 lucy kernel: [38532.241433] DMAR: [DMA Write NO_PASID] Request device [02:00.0] fault addr 0xfbff5000 [fault reason 0x05] PTE Write access is not set 2023-08-01T10:41:23.531399-04:00 lucy kernel: [38532.241438] DMAR: [DMA Write NO_PASID] Request device [02:00.0] fault addr 0xfbfd1000 [fault reason 0x05] PTE Write access is not set 2023-08-01T10:41:23.531400-04:00 lucy kernel: [38532.241442] DMAR: [DMA Write NO_PASID] Request device [02:00.0] fault addr 0xfbffd000 [fault reason 0x05] PTE Write access is not set 2023-08-01T10:41:23.531409-04:00 lucy kernel: [38532.241445] DMAR: [DMA Write NO_PASID] Request device [02:00.0] fault addr 0xfffe [fault reason 0x05] PTE Write access is not set 2023-08-01T10:41:23.531409-04:00 lucy kernel: [38532.241449] DMAR: [DMA Write NO_PASID] Request device [02:00.0] fault addr 0xfbffd000 [fault reason 0x05] PTE Write access is not set 2023-08-01T10:41:23.531410-04:00 lucy kernel: [38532.241453] DMAR: [DMA Write NO_PASID] Request device [02:00.0] fault addr 0x8000 [fault reason 0x05] PTE Write access is not set 2023-08-01T10:41:23.531411-04:00 lucy kernel: [38532.241456] DMAR: [DMA Write NO_PASID] Request device [02:00.0] fault addr 0xfffd8000 [fault reason 0x05] PTE Write access is not set 2023-08-01T10:41:23.531412-04:00 lucy kernel: [38532.241460] DMAR: [DMA Write NO_PASID] Request device [02:00.0] fault addr 0xfbbc1000 [fault reason 0x05] PTE Write access is not set 2023-08-01T10:41:23.531412-04:00 lucy kernel: [38532.241460] pcieport :00:02.0: AER: Uncorrected (Fatal) error received: :00:02.0 2023-08-01T10:41:23.531413-04:00 lucy kernel: [38532.241464] DMAR: [DMA Write NO_PASID] Request device [02:00.0] fault addr 0xeffc [fault reason 0x05] PTE Write access is not set 2023-08-01T10:41:23.531414-04:00 lucy kernel: [38532.241477] pcieport :00:02.0: PCIe Bus Error: severity=Uncorrected (Fatal), type=Transaction Layer, (Receiver ID) 2023-08-01T10:41:23.531415-04:00 lucy kernel: [38532.241482] pcieport :00:02.0: device [8086:6f04] error status/mask=0004/ 2023-08-01T10:41:23.531415-04:00 lucy kernel: [38532.241487] pcieport :00:02.0:[18] MalfTLP(First) 2023-08-01T10:41:23.531416-04:00 lucy kernel: [38532.241492] pcieport :00:02.0: AER: TLP Header: 1000 020024ff aaa800c0 2023-08-01T10:41:23.531417-04:00 lucy kernel: [38532.241500] [drm] PCI error: detected callback, state(2)!! I've found similar reports online, e.g.: https://unix.stackexchange.com/questions/327730/what-causes-this-pcieport-0003-0-pcie-bus-error-aer-bad-tlp https://forums.linuxmint.com/viewtopic.php?t=380748 https://gitlab.freedesktop.org/drm/amd/-/issues/2358 But I'm really not clear whether these represent the same problem, or are just different variations of a more general driver / firmware problem. (I'm assuming it's software / firmware, since everything worked fine previously, although I suppose it's possible that something physical has broken in the hardware.) Any ideas? -- Celejar
Re: file server
On Wed, 12 Jul 2023 16:57:34 + "Andrew M.A. Cater" wrote: ... > Something like a second hand HP tower server - say a Z440 - and 7 x 18TB > drives I'm just curious, since I have a Z440 and it's a workstation, not a server, and I'm pretty sure it doesn't have 7 drive bays: did you perhaps mean something else? -- Celejar
Re: Follow recent stable Python versions
On Thu, 22 Jun 2023 19:34:54 -0400 Greg Wooledge wrote: > On Fri, Jun 23, 2023 at 01:06:05AM +0200, Yoann LE BARS wrote: > > As far as I know, Python is not part of backports. Is there any way > > other > > than pinning to install the last stable version of Python on a stable > > version of Debian? > > Drop the idea that you have only one version of python3 installed, and > that this version comes from Debian repositories. > > Keep the python3 that's provided by Debian, for Debian's use. It's > part of package management and so on, and you really can't mess with > it without breaking something. > > Install *additional* versions of python3 as you need them, for your own > development work. > > I'll let the Python experts describe how to do this, if you don't already > know how. Last I heard, you're supposed to set up one python venv > (virtual environment) for each version, but that information might be > outdated. You are, of course, entirely correct, but here's the obligatory xkcd: https://xkcd.com/1987/ -- Celejar
Re: bookworm upgrade report: boring
On Tue, 13 Jun 2023 16:46:36 +0200 Vincent Lefevre wrote: > On 2023-06-12 13:33:02 -0400, Celejar wrote: > > Often, but apparently not always. For example, on one of my upgrades, > > the old sshd_config had: > > > > ** > > # Change to yes to enable challenge-response passwords (beware issues with > > # some PAM modules and threads) > > ChallengeResponseAuthentication no > > ** > > > > whereas the new one had: > > > > ** > > # Change to yes to enable challenge-response passwords (beware issues with > > # some PAM modules and threads) > > KbdInteractiveAuthentication no > > ** > > In the /usr/share/doc/openssh-server/changelog.Debian.gz file: > > openssh (1:8.7p1-1) unstable; urgency=medium > [...] > - ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication > in favour of KbdInteractiveAuthentication. The former is what was in > SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated > as somewhat but not entirely equivalent. We retain the old name as a > deprecated alias so configuration files continue to work as well as a > reference in the man page for people looking for it. Thanks. > > Is this important? > > If the alias is still there, this is not important. Otherwise, either > the option could be ignored (so you get the default), possibly with a > warning, or there could be a fatal error (but you would have noticed > it); I don't know how sshd behaves in case of an unknown option. > > But in any case, I would recommend to update the config. That's indeed what I did. > > What would have happened had I left the old version, > > as opposed to switching to the new version? Presumably nothing, since > > I'm using the safer default setting in either case, and I suppose I > > could have taken the time to track down the change and its > > implications, but running into these types of situations while > > upgrading can be disconcerting. > > > > > and reject the package version offered. Less stressful and speeds up > > > the installation. If necessary, I investigate afterwards. > > > > This is probably the logical thing to do, but I'm always worried that > > there may be new settings that should be set, and so on. > > I always look at the diffs (I track all the config files I modify), > and sometimes at the logs too. In general, I do some kind of merge. This is of course the responsible thing to do - my point was that these types of situations can make upgrading not quite as boring as the OP's experience :) -- Celejar
Re: bookworm upgrade report: boring
On Sun, 11 Jun 2023 21:05:32 +0200 CL wrote: ... > Only topic was the restart of the Nextcloud. They don't wanted the > standard PHP 8.2. > Solution was a downgrade to PHP8.0 That's unusual - Debian Stable having too *recent* software :| FWIW, I upgraded my Debian Stable Nextcloud (26.02 via Docker) server to Bookworm without trouble. Nextcloud is using PHP 8.2.6, but the Docker containers seem to be providing their own PHP, since I haven't installed any native PHP packages. This is one reason it can be nice to run software not in the repositories via Docker. -- Celejar
Re: bookworm upgrade report: boring
On Mon, 12 Jun 2023 18:02:13 +0100 Brian wrote: > On Mon 12 Jun 2023 at 08:50:54 -0400, Celejar wrote: > > > On Sun, 11 Jun 2023 12:31:31 -0400 > > Dan Ritter wrote: > > > > > > > > The machine I am typing on has been upgraded from bullseye to > > > bookworm. TL;DR: boring, which is good. > > > > ... > > > > > I read the release notes. > > > > > > Changed sources.list entries. > > > > > > Ran apt update. > > > > > > I ran apt upgrade --without-new-pkgs before apt full-upgrade. > > > Then I rebooted. > > > > > > Everything's working. In the end, I didn't make any config > > > changes (left everything as "keep current config"). > > > > This is the part that always stresses me out; I often have changes in > > the default config files that I don't want to lose, but I'm also > > worried about not getting the latest versions of the config files. I > > usually try to accept the new files and manually bring in any important > > changes I've made to the old ones, but this takes time and patience to > > do right, and things can break if not done right :) > > I have taken to assuming that detected changes are due to my efforts Often, but apparently not always. For example, on one of my upgrades, the old sshd_config had: ** # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no ** whereas the new one had: ** # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) KbdInteractiveAuthentication no ** Is this important? What would have happened had I left the old version, as opposed to switching to the new version? Presumably nothing, since I'm using the safer default setting in either case, and I suppose I could have taken the time to track down the change and its implications, but running into these types of situations while upgrading can be disconcerting. > and reject the package version offered. Less stressful and speeds up > the installation. If necessary, I investigate afterwards. This is probably the logical thing to do, but I'm always worried that there may be new settings that should be set, and so on. -- Celejar
Re: bookworm upgrade report: boring
On Sun, 11 Jun 2023 12:31:31 -0400 Dan Ritter wrote: > > The machine I am typing on has been upgraded from bullseye to > bookworm. TL;DR: boring, which is good. ... > I read the release notes. > > Changed sources.list entries. > > Ran apt update. > > I ran apt upgrade --without-new-pkgs before apt full-upgrade. > Then I rebooted. > > Everything's working. In the end, I didn't make any config > changes (left everything as "keep current config"). This is the part that always stresses me out; I often have changes in the default config files that I don't want to lose, but I'm also worried about not getting the latest versions of the config files. I usually try to accept the new files and manually bring in any important changes I've made to the old ones, but this takes time and patience to do right, and things can break if not done right :) So far I've upgraded two Stable systems: * A bare metal install, with a somewhat robust set of packages and configuration. I mostly kept the the current configs like Dan did. * A more minimal cloud VM, which pretty much just runs Nextloud through Docker. I accepted the new sshd_config, but I manually switched PermitRootLogin back on. (Pretty much everything I do on this machine is done is root, so I don't bother logging in as a user and switching to root.) Both upgrades went quite smoothly. -- Celejar
Re: Debian USB Wifi
On Tue, 06 Jun 2023 09:46:53 +0200 daven...@tuxfamily.org wrote: > Hello > > On 2023-06-05 22:49, Stefan Monnier wrote: > >> I believe that there are at least some 11ac cards supported by the > >> vanilla kernel and open source firmware: > >> > >> https://wireless.wiki.kernel.org/en/users/Drivers/ath10k > >> https://wireless.wiki.kernel.org/en/users/Drivers/ath10k/firmware > > > > Oh so the Free ath10k firmwares have now grown support for 11ac? > > Someone should tell Purism, because they still sell their Librem mini > > with an ath9k 11n card and the reason is/was that it's the best > > they could find without resorting to a proprietary blob :-( > > > I don't see any info supporting that ath10k firmware is free. The repo Mea culpa. I had inferred from the fact that the firmware was available from kernel.org and GitHub that it was free software, but that was apparently an unwarranted assumption and I seem to have been mistaken. Debian packages ath10k firmware in the package "firmware-atheros", under "firmware-nonfree". I apologize for the misinformation. > mentionned in the ath10k wiki.kernel.org page¹, contains mainly (only? > I didn't clone it to automatically check filetype of every single file > in each (sub)directory) proprietary blobs, You're right - I can't find any source files. > And the licence² is cleanly a proprietary licence. The licence even > prohibits reverse engineering, while in Europe, reverse-engineering > **for interoperability purposes only** is **legally permitted**. ³. > > 1. https://github.com/kvalo/ath10k-firmware/ > 2. > https://github.com/kvalo/ath10k-firmware/blob/master/LICENSE.qca_firmware > 3. Article 6 of Directive 2009/24/EC of the European Parliament and of > the Council of 23 April 2009 on the legal protection of computer > programs : > https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32009L0024 > > Stefan -- Celejar
Re: Debian USB Wifi
On Tue, 6 Jun 2023 14:52:24 +0200 wrote: > On Tue, Jun 06, 2023 at 07:57:38AM -0400, Celejar wrote: > > [...] > > > I know that the subject mentions USB, but I was responding to Stefan's > > statement regarding "USB or otherwise." He's basically correct, of > > course, that there are *virtually* no modern WiFi cards of any sort > > that are supported by totally free drivers / firmware, but there are > > apparently at least a few that do support 11ac (I'm not sure if there > > are any at all that support 11ax). > > No first hand experience, mind you -- but this is what my trusty > search engine finds: > > https://www.phoronix.com/news/Realtek-802.11ax-rtw89 > > TL;DR Realtek contributed a free software driver for the kernel, rtw89, > which was supposed to support Realtek's 11ax line. and aimed at kernel > 5.16. > > This was 2021, no idea how that turned out :) My trusty search engine finds that it did indeed make it into 5.16 - but it does need non-free firmware: https://www.thinkwiki.org/wiki/Rtw89 https://www.thinkwiki.org/wiki/Rtw89#Firmware -- Celejar
Re: Debian USB Wifi
On Tue, 6 Jun 2023 12:14:50 +0100 debian-u...@howorth.org.uk wrote: > Celejar wrote: > > On Mon, 05 Jun 2023 13:51:21 -0400 > > Stefan Monnier wrote: > > > > > > ... > > > > > The best option is to buy one that says clearly that it works with > > > the vanilla kernel and without requiring proprietary firmware blobs. > > > These are hard to come by and will usually be sold by companies > > > specializing in this market like tehnoetic.com, > > > thinkpenguin.com, ... > > > > ... > > > > > Be aware that there is simply no wifi card (USB or otherwise) that > > > satisfies this requirement beyond the 11n spec: beyond 11n you > > > currently have to accept the use of a proprietary binary blob :-( > > > > I believe that there are at least some 11ac cards supported by the > > vanilla kernel and open source firmware: > > > > https://wireless.wiki.kernel.org/en/users/Drivers/ath10k > > https://wireless.wiki.kernel.org/en/users/Drivers/ath10k/firmware > > I know nothing about the topic but I note that the subject says USB and > that the first link says "Any SDIO or USB devices are not supported, > but work is ongoing to add that." I know that the subject mentions USB, but I was responding to Stefan's statement regarding "USB or otherwise." He's basically correct, of course, that there are *virtually* no modern WiFi cards of any sort that are supported by totally free drivers / firmware, but there are apparently at least a few that do support 11ac (I'm not sure if there are any at all that support 11ax). -- Celejar
Re: Firefox resource utilization (was Re: A case for supporting antiquated hardware, was Re: A hypervisor for a headless server?)
On Sun, 4 Jun 2023 16:17:47 +0800 Bret Busby wrote: > On 4/6/23 14:32, Max Nikulin wrote: > > > > > I believe, web site creators should be blamed more aggressively than > > browser developers for RAM requirements of contemporary web applications. > > > > That was the point that I was making - I had not, as a twisted response > indicated, criticised Firefox regarding the misuse of resources - I > explicitly referred to malignant web application developers (for those > that do not understand the term, a web application is the application, > on the web application hosting server, that the user accesses, using a > web browser, not the web browser itself) that steal users' resources > using client-side processing (by using malware such as javascript using > client side processing), rather than properly and ethically using > server-side processing, such as .jsp or Perl .cgi applications. > > The problem is that some web developers (and, especially, their > employers) offload the processing that should be done on the business > web application hosting server, to the victim users' personal computers. > It is a malignant exploitation, like the "gig economy". I am quite puzzled by your perspective: you repeatedly express moral indignation at the offloading of processing to users' machines, calling this "malignant exploitation" and "steal[ing]" and implying that it is unethical. Why? What duty does the website owe you to do any processing at all for you? The only case I can see in which such offloading would be unethical is where the website operator is somehow engaging in deceptive behavior, but assuming it is not, why do you feel that there is an ethical problem here? What right does a user have to demand that someone else perform some processing for him? -- Celejar
Re: Debian USB Wifi
On Mon, 05 Jun 2023 13:51:21 -0400 Stefan Monnier wrote: ... > The best option is to buy one that says clearly that it works with the > vanilla kernel and without requiring proprietary firmware blobs. > These are hard to come by and will usually be sold by companies > specializing in this market like tehnoetic.com, thinkpenguin.com, ... ... > Be aware that there is simply no wifi card (USB or otherwise) that > satisfies this requirement beyond the 11n spec: beyond 11n you currently > have to accept the use of a proprietary binary blob :-( I believe that there are at least some 11ac cards supported by the vanilla kernel and open source firmware: https://wireless.wiki.kernel.org/en/users/Drivers/ath10k https://wireless.wiki.kernel.org/en/users/Drivers/ath10k/firmware -- Celejar
Re: Ok so Now which backup should I use
On Thu, 18 May 2023 15:13:46 +0800 Jeremy Ardley wrote: ... > This may not be an issue for entry level Debian users, but anyone who does > anything serious will want to compile from package source. They will? -- Celejar
Re: Ok so Now which backup should I use
On Tue, 16 May 2023 09:52:07 +0800 Jeremy Ardley wrote: > > On 16/5/23 09:11, pa...@quillandmouse.com wrote: > > I'd suggest backing up /etc, since that's where your system settings > > are. I also back up /var, since that's typically where your logs and > > mail are. > > There is a lot relevant of stuff in /usr/local > > For instance some programs use /usr/local/etc rather than /etc They do? I see that my /usr/local/etc is empty. What programs use this directory -- Celejar
Re: how to find out regdomain/country of wifi network
On Sat, 13 May 2023 20:29:11 +0200 wrote: > On Sat, May 13, 2023 at 01:01:27PM -0500, Nicholas Geovanis wrote: > > On Sat, May 13, 2023, 5:23 AM Jeremy Ardley wrote: > > > > > > > > On 13/5/23 18:17, Nicolas George wrote: > > > > This is your interpretation, not an official stance. It might as well be > > > > that they considered polluting the completion namespace of users with a > > > > command they rarely need was less convenient. > > > > > > The actual reason is they have deprecated it in favour of the ip command > > > but left it available for now with a bit of searching. > > > > > > > Ifconfig has been deprecated in Debian for some years. > > It is *not* deprecated. It is just optional, not essential. As is the > Gnu C compiler or Lua or... you name it. If you need it, you install > it. It is in stable (version 1.60), coming in testing (v 2.10) and is > in unstable. It is not going away, folks! We can quibble about the term "deprecated," but the official Debian Reference Manual repeatedly calls it "obsolete": https://www.debian.org/doc/manuals/debian-reference/ch05.en.html -- Celejar
Re: tmp on tmpfs
On Mon, 24 Apr 2023 19:02:30 +0200 wrote: > On Mon, Apr 24, 2023 at 12:16:36PM -0400, Celejar wrote: > > On Wed, 19 Apr 2023 09:52:23 +0200 > > to...@tuxteam.de wrote: > > [...] > > > "Mounting /tmp to tmpfs may be a good thing in some rare cases, but it's > > a bad default. It breaks a lot of things and, which is more important, > > brings nothing good." > > "A lot of things" means here: it can run out of space. That's it. > > Any other downsides? No. What the author means is that lots of different applications and use cases can break badly with /tmp on tmpfs - see the '"/tmp on tmpfs is bad" quotes' section of the post: https://lists.debian.org/debian-devel/2012/06/msg00311.html (BTW, I really think that you should avoid snipping the link to the post that we're discussing from your replies.) -- Celejar
Re: /etc/fstab question (problem)?
On Sun, 23 Apr 2023 01:14:05 -0700 David Christensen wrote: > On 4/22/23 21:11, David Wright wrote: > > On Sat 22 Apr 2023 at 18:51:26 (-0700), David Christensen wrote: ... > >> "Back in the day", people running Linux had computers with limited > >> amounts of storage and memory. I imagine an initial ramdisk seemed > >> like an good trade-off/ work-around at that time. > >> > >> But today, this is my Linux daily driver: > > > >> Total online memory: 32G > > > > That must be nice. I don't know what it might have cost. I'm afraid > > I only use cast-offs. The oldest has ½GB memory. > > > https://www.ebay.com/itm/393918586141 I have something similar - an HP Z440 with 32GB of RAM. It's not quite as "modern" as the Precision at that link, but it can currently be readily found for as little as $250 USD (doubtless less if one scrounges around): https://www.ebay.com/itm/225546840287 -- Celejar
Re: tmp on tmpfs
On Wed, 19 Apr 2023 09:52:23 +0200 to...@tuxteam.de wrote: ... > One case where tmpfs for /tmp makes a ton of sense is when you want > to have most things read only (or read mostly), because your devices > die from too much writes (the Raspi/SD pattern, for example -- note > that I wrote SD, not SSD: no monster thread on that, please ;-) To be fair to the post [0] mentioned earlier, while the subject line was provocative, the post itself explicitly acknowledges that tmpfs for /tmp does make sense in some cases, although you may disagree that they're as "rare" as it claims :) "Mounting /tmp to tmpfs may be a good thing in some rare cases, but it's a bad default. It breaks a lot of things and, which is more important, brings nothing good." [0] https://lists.debian.org/debian-devel/2012/06/msg00311.html -- Celejar
Re: tmp on tmpfs
On Wed, 19 Apr 2023 08:55:25 +0200 Nicolas George wrote: ... > (I do not know if Debian has provisions to format a /tmp partition with > an ephemeral encryption key on boot, like it has for the swap.) It apparently does not, and apparently other distributions do not as well. Here's a post on the CentOS Wiki describing how to do it, but it involves a (small) unofficial, homegrown script: https://wiki.centos.org/HowTos/EncryptTmpSwapHome I wonder why this is not a standard option provided by distributions? -- Celejar
Re: Is perl still the No.1 language for sysadmin?
On Mon, 03 Apr 2023 02:15:10 +0200 Emanuel Berg wrote: ... > I agree but I think maybe the success of Python, and its > development speed, is actually because of some of that > rigidness, yes, including the whitespace lack of freedom. I'm no great programmer, and many posters in this thread are certainly far more proficient than I, but one of the things that ultimately drove me from Perl to Python is the striking contrast between Perl's TIMTOWTDI with Python's "There should be one -- and preferably only one -- obvious way to do it." Maybe good programmers like TIMTOWTDI, but for me, the paradox of choice is strong; programming is hard enough as it is, and I vastly prefer not having to exert mental energy to decide on the best way to do something when that's unnecessary. -- Celejar
Re: Debian Server
On Mon, 13 Mar 2023 11:53:32 -0700 Fred wrote: > On 3/13/23 08:55, Dan Ritter wrote: > > malpaso wrote: > >> *Hello!!!Please, I'm looking for guidance to set up a Server, it will not > >> be public, to host a flight simulator called Falcon BMS, about 12 people > >> flying online, the machine would be an I5 with 16 GB of RAM, Video Card GTX > >> 1050 TI and a 480 GB SSD, please what would you guide me in this assembly, > >> I intend not to install Windows on the PC.I've been researching on the > >> internet and I got to Debian, please, I'm looking for guidance because I > >> don't understand this subject!Thanks in advance for any helpmalpaso* > > > >>>From looking at the wiki, it appears that Falcon BMS requires > > Falcon 4.0, which is only available on Windows. > > > > If that is the case, this will not work. > > > > -dsr- > > > Hi, > > The flight simulator might run under wine which is available for Debian > or the reasonably priced commercial version, Crossover. The wine and > crossover web sites probably still have a list of Windows programs that > are known to run. https://appdb.winehq.org/objectManager.php?sClass=application=14685 https://appdb.winehq.org/objectManager.php?sClass=version=37255=103954 -- Celejar
Re: what method do you prefer for data transfer between nodes?
On Sun, 5 Mar 2023 14:05:37 +0100 to...@tuxteam.de wrote: > On Sun, Mar 05, 2023 at 07:23:49PM +0800, Ken Young wrote: > > What provider do you recommend then? > > Around here (West Europe), for example, mailbox.org [1]. But they > are far from the only one (I'm not a customer, nor associated with > them, but I do know a few happy customers). €3 / month for 5 GB, €9 / month for 50 GB - that's rather overpriced for cloud storage: https://mailbox.org/en/services#tariffs > Whenever they don't cost any money you'll have to ask yourself > what their business model is. The big cloud providers (e.g. Backblaze) - whose business model does indeed involve charging money - charge as little as $5 / month per *terabyte* (plus egress), in addition to giving a few or few dozen GB free: https://www.backblaze.com/b2/cloud-storage-pricing.html I'm personally using Scaleway with rclone, which offers 75 GB free (but €12 / month per terabyte beyond that). Other prominent vendors (besides the obvious ones) include Wasabi and rsync.net. Pricing is tricky, as they break the fees into different categories (hot and cold storage, egress, etc.) -- Celejar
Re: hplip : looking for a workaround
On Wed, 22 Feb 2023 17:49:13 +0100 Erwan David wrote: > Hi, > > hplip seems to need a dependency, many commands end with > > File "/usr/share/hplip/base/password.py", line 119, in __readAuthType > distro_name = get_distro_std_name(os_name) > ^^^ > NameError: name 'get_distro_std_name' is not defined. Did you mean: > 'get_distro_name'? > > I opend a bug for a missing dependency, but do someone know of a > workaround ? I cannot use my scanner anymore because it needs a binary > plugin installed by hplip This is your bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031784 but this earlier bug discussion contains a workaround (I haven't tried it): https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029459 FTR, here's the upstream bug: https://bugs.launchpad.net/hplip/+bug/2003739 -- Celejar
Re: xscreensaver fails to activate via "Preview" button or via "Blank after" setting
On Fri, 17 Feb 2023 17:13:09 -0800 Mike Kupfer wrote: > Celejar wrote: > > > The logs show regular deactivate events like the following every 20 > > seconds: > > > > ClientMessage DEACTIVATE: already inactive, resetting activity time > > > > I saw this: > > > > https://www.jwz.org/xscreensaver/faq.html#no-blank > > > > I guess I have to figure out what application is sending these messages? > > Firefox? I do tend to keep a lot of tabs open. > > I recall seeing something several months ago about the Xfce power > manager fighting with xscreensaver, though I'm not able to find it right > now. If you have the Xfce power manager configured to manage the > display, you could try disabling that. Bingo - the problem was that Xfce Power Manager's Presentation Mode was on. I'm not sure I was even aware of that mode's existence, but it apparently has a long history of becoming turned on without the conscious intention or awareness of the user :) https://bugzilla.xfce.org/show_bug.cgi?id=14210 I turned Presentation Mode off, and xscreensaver seems to be working correctly now. Thank you very much! -- Celejar
Re: xscreensaver fails to activate via "Preview" button or via "Blank after" setting
On Mon, 13 Feb 2023 09:28:23 -0800 Mike Kupfer wrote: > Celejar wrote: > > > I'm running Debian Sid with XFCE. Xscreensaver used to work, but a > > number of months ago, it broke badly: it now fails to fails to activate > > via the "Preview" button or (more importantly) via the "Blank after" > > setting. > > Thank you for bringing this up. I just noticed yesterday that > XScreensaver was not working with Xfce in my Bookworm VM, but I was too > busy to look into it. I could start it by hand after logging in, but > there was an autostart entry for it, so I expected it to already be > running. > > Have you verified that the daemon is running? (Does "pgrep > xscreensaver" produce anything?) It's running: ~$ ps ax | grep screensaver 2727 ?S 0:07 xscreensaver -no-splash 2813 ?S 0:00 xscreensaver-systemd 31876 pts/6S+ 0:00 grep screensaver > Prompted by your email, I added an Xfce autostart command to run > xscreensaver in verbose mode and with logging enabled. The log says > > xscreensaver: 09:09:49: running in process 4072 > xscreensaver: 09:09:49: "cinnamon-screensaver" is already running on > display :0.0 (window 0x121) > > By the time I could look at the log file, though, cinnamon-screensaver > was no longer running. > > The xscreensaver man page does say something about uninstalling other > screensavers. It's in the section "INSTALLING XSCREENSAVER ON GNOME OR > UNITY", but maybe it applies to other DEs? It does seem odd that > cinnamon-screensaver would get started in Xfce. Maybe this is some No cinnamon-screensaver here, as per the output shown above. > side-effect related to using systemd to start screensavers? > > Anyway, if you don't have any other screensavers installed in your VM, > try enabling logging and see if it tells you anything interesting. Thanks for the suggestion. The logs show regular deactivate events like the following every 20 seconds: ClientMessage DEACTIVATE: already inactive, resetting activity time I saw this: https://www.jwz.org/xscreensaver/faq.html#no-blank I guess I have to figure out what application is sending these messages? Firefox? I do tend to keep a lot of tabs open. Anyway, I've updated the bug log with this information: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014782#77 Thank you. -- Celejar
Re: xscreensaver fails to activate via "Preview" button or via "Blank after" setting
On Mon, 13 Feb 2023 08:12:19 -0500 Celejar wrote: > Hi, > > I'm running Debian Sid with XFCE. Xscreensaver used to work, but a > number of months ago, it broke badly: it now fails to fails to activate > via the "Preview" button or (more importantly) via the "Blank after" > setting. It does still work via direct activation via > "xscreensaver-command" (and it is successfully activated by the system upon > suspend-to-ram). > > I filed a bug about this, but subsequent to an interesting discussion > of the architecture of the software and its Debian packaging, the > maintainer closed the bug as unreproducible. The issues raised in the > bug discussion do not seem to apply to my system, but xscreensaver > nevertheless remains broken here. Can anyone help me figure this out? Sorry, forgot to cite the bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014782 -- Celejar
xscreensaver fails to activate via "Preview" button or via "Blank after" setting
Hi, I'm running Debian Sid with XFCE. Xscreensaver used to work, but a number of months ago, it broke badly: it now fails to fails to activate via the "Preview" button or (more importantly) via the "Blank after" setting. It does still work via direct activation via "xscreensaver-command" (and it is successfully activated by the system upon suspend-to-ram). I filed a bug about this, but subsequent to an interesting discussion of the architecture of the software and its Debian packaging, the maintainer closed the bug as unreproducible. The issues raised in the bug discussion do not seem to apply to my system, but xscreensaver nevertheless remains broken here. Can anyone help me figure this out? -- Celejar
Re: locating blocked port
On Tue, 31 Jan 2023 10:05:12 -0500 Haines Brown wrote: > I have an application that refuses to start because its port is > blocked. But I have difficulty knowing what port it is > >$ java -jar /usr/local/share/JabRef/JabRef-3.2.jar & > [1] 4831 > haines@lenin:~$ Jan 31, 2023 8:36:39 AM > net.sf.jabref.logic.remote.server.Remote > ListenerServerLifecycle open > WARNING: Port is blocked > java.net.BindException: Address already in use > at java.base/sun.nio.ch.Net.bind0(Native Method) > at java.base/sun.nio.ch.Net.bind(Net.java:555) > at java.base/sun.nio.ch.Net.bind(Net.java:544) > at java.base/sun.nio.ch.NioSocketImpl.bind(NioSocketImpl.java:643) > at java.base/java.net.ServerSocket.bind(ServerSocket.java:388) > at java.base/java.net.ServerSocket.(ServerSocket.java:274) > at > net.sf.jabref.logic.remote.server.RemoteListenerServer.(RemoteListenerServer.java:40) > at > net.sf.jabref.logic.remote.server.RemoteListenerServerThread.(RemoteListenerServerThread.java:33) > at > net.sf.jabref.logic.remote.server.RemoteListenerServerLifecycle.open(RemoteListenerServerLifecycle.java:41) > at net.sf.jabref.JabRef.start(JabRef.java:137) > at net.sf.jabref.JabRefMain.main(JabRefMain.java:8) > > Arguments passed on to running JabRef instance. Shutting down. > > How do I know from this what port the java application tried to use? The documentation is surprisingly poor, but it looks like 6050 is the default: https://github.com/JabRef/jabref/issues/2698 https://github.com/JabRef/jabref/issues/8653 -- Celejar
Re: Web page management. Was: Re: Debian release criteria.
On Fri, 20 Jan 2023 14:14:22 -0500 Dan Ritter wrote: > pe...@easthope.ca wrote: > > Unwieldly References list truncated. > > > > From: Stefan Monnier > > Date: Sat, 07 Jan 2023 12:45:52 -0500 > > > I use uMatrix, which I find strikes a fairly good balance between > > > keeping sites working and letting me control how much crap is loaded. > > > > Another helpful add-on. Thanks! > > > > A feature (gingerbread) I'd rather not have in Wikipedia is the popup > > article preview from hovering the pointer on a link. Can uMatrix > > block that? How? > > Yes, because uBlock Origin is the less capable sibling and uBO > can do that. Just block JavaScript on the wikipedia.org domain. > The site remains largely functional but does not do previews. For those who may not be aware, the developer of uBlock Origin and uMatrix, Raymond Hill, has ceased work on uMatrix: https://github.com/uBlockOrigin/uMatrix-issues/issues/291#issuecomment-694988696 https://github.com/gorhill/uMatrix https://www.ghacks.net/2020/09/20/umatrix-development-has-ended/ -- Celejar
Re: Broken IPv6 / IPv4 configuration, or Gmail brokenness?
On Sat, 28 Jan 2023 20:55:18 + Andy Smith wrote: > Hi, > > On Sun, Jan 22, 2023 at 11:42:18PM -0500, Celejar wrote: > > Shouldn't this be included somewhere prominently in the Debian > > documentation, in the form of a Big Fat Warning that the standard > > dual-stack condiguration used by Debian can cause serious breakage if > > one's ISP doesn't support IPv6? > > Not having IPv6 is not the problem. As you discovered later in this > thread, your ISP is providing just enough IPv6 for your router to > think it has a v6 block to hand out, but not enough that it actually > works. It's a misconfiguration by your ISP and not something that > any operating system's documentation needs to point out. They could > also let you connect to them but make IPv4 not work, it's just that > you'd notice that very quickly! Understood. There's apparently even a quasi-official name for this: "IPv6 brokenness": https://en.wikipedia.org/wiki/IPv6_brokenness_and_DNS_whitelisting > In the field of IPv6 deployment, IPv6 brokenness was bad behavior seen > in early tunneled or dual stack IPv6 deployments where unreliable or > bogus IPv6 connectivity is chosen in preference to working IPv4 > connectivity. This often resulted in long delays in web page loading, > where the user had to wait for each attempted IPv6 connection to time > out before the IPv4 connection was tried. These timeouts ranged from > being near-instantaneous in the best cases, to taking anywhere between > four seconds to three minutes. The article proceeds to assure the reader that: > IPv6 brokenness is now generally regarded as a solved problem for > almost all practical purposes, following improvements at both the > transport and application layers. But I guess I've managed to encounter a "practical" instance of current IPv6 brokenness :| ... > Anyway, if the ISP can't fix the IPv6 and can't be convinced to stop > advertising it even when it doesn't work, I think you'd be best Makes sense - I think I've seen other users of my ISP stating in online forums that that's what they had to do at some point. > off trying to disable radvd on the router. Failing that, disabling > IPv6 on all your clients (check your phones too, as they will try Thank you. -- Celejar
Re: Broken IPv6 / IPv4 configuration, or Gmail brokenness?
On Tue, 24 Jan 2023 18:41:56 + (GMT) Tim Woodall wrote: > On Mon, 23 Jan 2023, Celejar wrote: > > > Thank you - the plot thickens. I tried radvdump, and I was indeed > > receiving IPv6 advertisements. I inspected my router (an OpenWrt box) > > more carefully, and lo and behold, the router *thinks* that it has IPv6 > > connectivity: it reports that it has configured its WAN interface via > > DHCPv6, that it has an IPv6 prefix delegation (a /56), and that it has > > accordingly handed out an IPv6 address via DHCPv6 to my Debian system > > (which indeed shows having its network interface configured with that > > address). The problem is that IPv6 is not actually working at all: > > ping6 to IPv6 hosts, even from the router itself, get no response, and > > traceroute to IPv6 hosts show replies from only the first two hops, and > > just asterisks afterward. > > > > My ISP is notoriously cagey about the details of its (slow and > > incremental) IPv6 rollout. I suppose I can try customer service, but in > > the meantime, I just don't know whether I have a misconfiguration on the > > router, or whether the ISP is not actually providing working IPv6. > > > > Does ping/traceroute work in ipv4? Yes - pinging the same hosts that don't work using IPv6 works with ping -4, and traceroute works with IPv4 addresses as well (I get some asterisks, but many / most of the hops, including the destinations, respond). > It's depressingly common to find people who block icmp for 'security > reasons'. While you can mostly get away with that in ipv4, ipv6 breaks > catastrophically without at least some working icmp. > > Also try tcptraceroute - although if some router is configured to drop > all icmp then I don't think ipv6 can work at all tcptraceroute work fine. tcptraceroute6 gives the same problem as regular traceroute6 - all asterisks after the first couple of hops. -- Celejar
Re: Broken IPv6 / IPv4 configuration, or Gmail brokenness?
On Mon, 23 Jan 2023 18:32:41 + (GMT) Tim Woodall wrote: > On Sun, 22 Jan 2023, Celejar wrote: > > > On Sun, 22 Jan 2023 16:28:55 -0500 > > Dan Ritter wrote: > > > >> Celejar wrote: > >>> Hello, > >>> > >>> My Debian Sid system, including its networking system, has been > >>> working fine for a while. Recently, Gmail has not been working properly > >>> on the system: sending (via SMTP with SSL) times out, and receiving > >>> (via POP3 and IMAP) takes abnormally long. Today I finally made some > >>> efforts to understand what's going on. Here's what I know / > >>> understand / have been able to establish: > >>> > >>> 1) My ISP provides me with only IPv4, not IPv6. > >>> > >>> 2) Trying to send email through Gmail using "smtp.gmail.com", via > >>> Sylpheed and Swaks, times out without getting anywhere. For example: > >>> > >>> $ swaks -t cele...@gmail.com -s smtp.gmail.com:587 -tls -a LOGIN > >>> Username: celejar > >>> Password: > >>> === Trying smtp.gmail.com:587... > >>> *** Error connecting to smtp.gmail.com:587: > >>> *** IO::Socket::INET6: connect: timeout > >>> > >> Your system expects to be able to use IPv4 and IPv6. Google > >> handles both. Your ISP does not. DNS returns both IPv4 A records > >> and IPv6 records for smtp.gmail.com. > >> > >> In this particular case, you should change your system > >> preference to IPv4 first. > >> > > > > Shouldn't this be included somewhere prominently in the Debian > > documentation, in the form of a Big Fat Warning that the standard > > dual-stack condiguration used by Debian can cause serious breakage if > > one's ISP doesn't support IPv6? (I'd be happy to add a warning to, say, > > https://wiki.debian.org/DebianIPv6, if I thought I understood the > > issues well enough to get it right.) > > > I think, although I'm not 100% sure as I now have fully working IPv6 > everywhere, that your problem might be that something is providing a > default route. > > If the box trying to connect to gmail knows there's no route then it > will use IPv4. If it thinks there's a route it will use it. > > At a guess, your router is sending out RA messages that say the router > is a default route and then dropping packets when you actually try to > send. > > radvdump will let you see who is broadcasting advertisements. Thank you - the plot thickens. I tried radvdump, and I was indeed receiving IPv6 advertisements. I inspected my router (an OpenWrt box) more carefully, and lo and behold, the router *thinks* that it has IPv6 connectivity: it reports that it has configured its WAN interface via DHCPv6, that it has an IPv6 prefix delegation (a /56), and that it has accordingly handed out an IPv6 address via DHCPv6 to my Debian system (which indeed shows having its network interface configured with that address). The problem is that IPv6 is not actually working at all: ping6 to IPv6 hosts, even from the router itself, get no response, and traceroute to IPv6 hosts show replies from only the first two hops, and just asterisks afterward. My ISP is notoriously cagey about the details of its (slow and incremental) IPv6 rollout. I suppose I can try customer service, but in the meantime, I just don't know whether I have a misconfiguration on the router, or whether the ISP is not actually providing working IPv6. -- Celejar
Re: Broken IPv6 / IPv4 configuration, or Gmail brokenness?
On Sun, 22 Jan 2023 16:28:55 -0500 Dan Ritter wrote: > Celejar wrote: > > Hello, > > > > My Debian Sid system, including its networking system, has been > > working fine for a while. Recently, Gmail has not been working properly > > on the system: sending (via SMTP with SSL) times out, and receiving > > (via POP3 and IMAP) takes abnormally long. Today I finally made some > > efforts to understand what's going on. Here's what I know / > > understand / have been able to establish: > > > > 1) My ISP provides me with only IPv4, not IPv6. > > > > 2) Trying to send email through Gmail using "smtp.gmail.com", via > > Sylpheed and Swaks, times out without getting anywhere. For example: > > > > $ swaks -t cele...@gmail.com -s smtp.gmail.com:587 -tls -a LOGIN > > Username: celejar > > Password: > > === Trying smtp.gmail.com:587... > > *** Error connecting to smtp.gmail.com:587: > > *** IO::Socket::INET6: connect: timeout > > > > 3) Forcing the use of IPv4 fixes the timeout problem. In particular, > > both of the following work (in the second command, the IPv4 address is > > the one returned by "dig" and "host" for "smtp.gmail.com"): > > > > $ swaks -t cele...@gmail.com -4 -s smtp.gmail.com:587 -tls -a LOGIN > > $ swaks -t cele...@gmail.com -s 142.251.163.109:587 -tls -a LOGIN > > > > So, what's going on here? I suppose I don't really need IPv6 on my > > system, but everything I've read says that it should be left enabled and > > not disabled. Is something misconfigured on my system, is this a Gmail > > problem, or am I missing something else? > > Your system expects to be able to use IPv4 and IPv6. Google > handles both. Your ISP does not. DNS returns both IPv4 A records > and IPv6 records for smtp.gmail.com. > > In this particular case, you should change your system > preference to IPv4 first. > > In /etc/gai.conf: > > UNcomment > > precedence :::0:0/96 100 > > and that should solve the issue immediately, at the cost of > making IPv6 unusable until you re-comment that. Thank you very much - this seems to have worked! I understand now that the reason I only had the problem with Gmail and not with the other major commercial email provider I use, GMX, is that "smtp.gmx.com" has only an IPv4 address record and no IPv6 address record. And I suppose the reason I wasn't seeing this problem with web browsing is that web browsers (on their default settings?) try both IPv4 and IPv6 simultaneously, and use whatever responses they get without waiting. Shouldn't this be included somewhere prominently in the Debian documentation, in the form of a Big Fat Warning that the standard dual-stack condiguration used by Debian can cause serious breakage if one's ISP doesn't support IPv6? (I'd be happy to add a warning to, say, https://wiki.debian.org/DebianIPv6, if I thought I understood the issues well enough to get it right.) -- Celejar
Broken IPv6 / IPv4 configuration, or Gmail brokenness?
Hello, My Debian Sid system, including its networking system, has been working fine for a while. Recently, Gmail has not been working properly on the system: sending (via SMTP with SSL) times out, and receiving (via POP3 and IMAP) takes abnormally long. Today I finally made some efforts to understand what's going on. Here's what I know / understand / have been able to establish: 1) My ISP provides me with only IPv4, not IPv6. 2) Trying to send email through Gmail using "smtp.gmail.com", via Sylpheed and Swaks, times out without getting anywhere. For example: $ swaks -t cele...@gmail.com -s smtp.gmail.com:587 -tls -a LOGIN Username: celejar Password: === Trying smtp.gmail.com:587... *** Error connecting to smtp.gmail.com:587: *** IO::Socket::INET6: connect: timeout 3) Forcing the use of IPv4 fixes the timeout problem. In particular, both of the following work (in the second command, the IPv4 address is the one returned by "dig" and "host" for "smtp.gmail.com"): $ swaks -t cele...@gmail.com -4 -s smtp.gmail.com:587 -tls -a LOGIN $ swaks -t cele...@gmail.com -s 142.251.163.109:587 -tls -a LOGIN So, what's going on here? I suppose I don't really need IPv6 on my system, but everything I've read says that it should be left enabled and not disabled. Is something misconfigured on my system, is this a Gmail problem, or am I missing something else? -- Celejar
Re: Syncing Firefox tabs without a Mozilla account
On Sun, 22 Jan 2023 11:52:45 -0600 John Hasler wrote: > Alex writes: > > I think you may be looking for something like xBrowserSync > > https://github.com/xbrowsersync/app > > Thank you. This appears to only do bookmarks. There's this one, although it apparently requires a Google account: https://github.com/sienori/Tab-Session-Manager -- Celejar
Re: Why Debian packaging structure is so difficult
On Mon, 9 Jan 2023 07:35:18 -0700 Charles Curley wrote: > On Mon, 9 Jan 2023 07:18:53 -0500 > Roberto C. Sánchez wrote: > > > The best solution, IMHO, is to mirror using a tool that is aware of > > the specific structure of apt repositories. Personally, I have had > > excellent success with apt-cacher-ng, which functions much like a > > squid proxy. You configure apt-cacher-ng with the sources you like, > > then you configure the clients on your network with the same sources > > but tell them to use the apt-cacher-ng proxy. > > I second using apt-cacher-ng (acng). I've never configured acng itself, > just the clients, and that is simple and easily scripted. > > The only thing it doesn't do is cache https only repositories. Those are > few and far between, and the reason it doesn't is inherent in https, so > I doubt any similar program will cache them. There are ways for clients > to deal with that limitation. In my limited experience, HTTPS-only repositories are actually fairly common: I've had to enable, at one point or another, apt-cacher-ng workarounds (such as adding them to a PassThroughPattern) for a bunch of repositories, including those of WineHQ, Xpra, VScodium, and the Tor Project. -- Celejar
Re: MacOS VM on Debian: is it reasonably possible?
On Tue, 22 Nov 2022 18:12:28 +0800 Bret Busby wrote: > On 22/11/2022 17:35, Peter von Kaehne wrote: > > > >>> > >>> Has anyone been able to run a recent version of MacOS as a VM? > >> > >> Apart technical issues, there is licence which AFAIK forbids run MacOS > >> on non-Apple hardware (regardless if it is bare metal or VM). > > > > Which, while it might not stop anyone doing what they like in the privacy > > of their own home, should be ample reason not to take it to a public > > mailing list. Postings just as the OP reflect badly not only upon > > themselves but on others and the project at large. > > > > Peter > I am wondering, in the context of the content at > https://opensource.apple.com/releases/ > whether licence restrictions apply. > > Whilst I had mistakenly believed that CentOS was a freeware, open source > kind of MacOS clone, and found that it is not, when I searched for it, I > had understood that a freeware, open source kind of MacOS kind of clone, > is available, and, when I searched on the three word combination - open > source macos - I found, in the results, the above URL. > > So, as an observer, I wonder whether licencing restrictions apply, to > running MacOS on Linux, as a virtual machine. If you click through the links on that page, it looks like Apple is just linking to the source code for open source components used in their operating systems (things like awk, bash, bind, bzip, etc.), but the operating systems themselves are certainly not open source, and cannot be legally used except in accordance with Apple's license terms and / or applicable law. -- Celejar
Re: Problems with gv after upgrade
On Mon, 21 Nov 2022 09:06:16 + Rodolfo Medina wrote: > Hi all. > > After upgrading to Unstable, gv does not read my PS files any more. I > couldn't > find any help in Internet. Please help, thanks in advance. You can do better than this - what command did you use? What error did you get? > Rodolfo -- Celejar
Re: How to can make a partition in my hard disk ?
On Fri, 21 Oct 2022 16:01:17 + Andy Smith wrote: ... > I know multiple people who describe the main enclosure that contains > all the innards of the computer as "the CPU" and do not know whether It's even standard terminology in the standing desk community, e.g.: https://www.upliftdesk.com/desk-accessories/cpu-holders/ -- Celejar
Re: Debian 11, Chrome and .asp pages
On Sun, 28 Aug 2022 08:24:31 -0400 Greg Wooledge wrote: ... > Not too long ago, I had to buy a new router. The one I bought was a > Netgear. As is typical, the router also acts as a DHCP server, and > has a web-based control panel. The instructions that came with the > router said to visit a certain URL (which I do not recall right now), > which did not contain an IP address, but instead, contained a "hostname". > > If you're a completely naive user, who sets up the PC to use DHCP, using > every piece of information from the router (IP, netmask, nameserver, > DNS search domain), then this would work. The special "hostname" in > the URL would be resolved by the router's internal mostly-forwarding > nameserver, to the router's IP address. > > If, however, your PC is set up to use its *own* DNS nameserver and search > domain, then the special "hostname" in the router's URL is resolved by > the global DNS infrastructure, to a *real* IP address. > > The real IP address in this case turns out to be a phishing site, set up > specifically to capture passwords and personal information from users who > are just trying to set up their router, which comes with *horribly* poor > instructions. This is wild. But according to official, publicly available Netgear documentation, the company uses www.routerlogin.net or www.routerlogin.com for router configuration, both of which seem to resolve / redirect to a legitimate Netgear site when not using a Netgear router: https://kb.netgear.com/27199/I-can-t-access-my-router-what-do-I-do https://www.netgear.com/home/services/routerlogincom/ If Netgear actually used an url that it didn't control, that would indeed be incredibly reckless and irresponsible. -- Celejar
Re: Verison IPv6 -- I want to stick with IPv4 (was Re: ipv6: static ipv6 address with dynamic network address possible?)
On Tue, 2 Aug 2022 15:04:13 + Andy Smith wrote: > Hello, > > On Tue, Aug 02, 2022 at 10:44:54AM -0400, rhkra...@gmail.com wrote: > > On Monday, August 01, 2022 12:08:47 PM Lee wrote: > > > Verizon FIOS finally rolled out IPv6 in my area. yay! > > > > I guess if I read that right, Verizon still supports IPv4 and has not > > announced any plans to discontinue it? > > That would be commercial suicide. At present you have to go out of > your way to buy IPv6-only services. I may be misunderstanding what you're saying here, but T-Mobile wireless is IPv6 only (and uses its own (now standardized as RFC 6877) 464XLAT protocol to talk to IPv4 only networks: https://www.rfc-editor.org/rfc/rfc6877 https://lists.debian.org/debian-user/2019/12/msg00564.html -- Celejar
Re: NFC security key on a desktop
On Sun, 10 Jul 2022 01:23:27 + "Kleene, Steven (kleenesj)" wrote: > My employer uses Duo for two-factor authentication and offers three > options: cellphone, landline, or security key. I go to the desired app > (e.g. Outlook) in Firefox. I select the landline I want, Duo calls it, > and I hit any key to authenticate. So far so good. But as of January > 1st, my employer will drop support for landlines. I do not have or > want a cellphone (long story). > > That leaves one option: a security key that plugs into USB. I had a > Yubico Security Key NFC made to work with Duo, and it succeeds when I > test it from a Windows laptop. But I use a desktop running Buster > (v10, oldstable). I understand there are NFC (near-field > communication) readers that can support a security key. Has anyone > managed to get an NFC reader working with a security key on a Debian > desktop? If so, I'd like to know how to set that up. No actual experience with NFC (I use a HyperSecu HyperFIDO via USB), but see here: https://www.reddit.com/r/yubikey/comments/j1225h/yubikey_with_nfc_reader_on_linux/ -- Celejar
Re: Need advice on known work with linux graphics card.
On Thu, 23 Jun 2022 19:40:22 + hput wrote: > I've done one of those "build it yourself" online setups and built up > an HP Z840. The host has no built in graphics capability. So > requires a card right off the real. My graphics usage will be some > sort of semi-extensive image editing and Animation. > > Its been many years since I had to research a graphics card. Things > have changed to the point where I'm really lost. > > I'm an ubuntu user but spent several yrs as a straight Debian user. > > I know there is a level of sophisticated knowledge here and hope to > find people who know which cards play well with linux (especially > Debian derivatives like ubuntu.) > > I don't want to have to scrape around for drivers or find that the > card is just not compatible. > > So anyone who has something to say, especially from experience on this > please consider responding. I'm no graphics card expert, but FWIW, a year and a half ago I found myself in a similar situation: I bought an HP Z440 on eBay, which included the motherboard, processor, and memory, but needed a graphics card. I wound up purchasing an AMD RX-570 (also on eBay), and it works almost perfectl with linux (although it does require non-free firmware). (The one problem I initially experienced was a failure by the monitor to go to sleep properly: https://gitlab.freedesktop.org/drm/amd/-/issues/662 This is an open, three year old bug, but I personally haven't experienced the problem in a while.) A few caveats: 1) I don't know about your Z840, but many HP workstations have Trusted Boot settings which will prevent them from booting if there's non-trusted (i.e., non-whitelisted) hardware, such as a graphics card, present. I got bitten by this when, while playing with the firmware settings, enabled Trusted Boot - and then found that the system absolutely refused to boot. I eventually solved the problem by purchasing (once again on eBay) just about the cheapest whitelisted card the machine supported (an Nvidia NVS 315), swapped it with the RX-570 just to get the machine to boot, turned off Trusted Boot, then swapped the cards back :| (BTW, it turns out that my cheap 315 only has the rather unusual (at least today) DMS-59 output port, so it was back to eBay again for a DMS-59 to HDMI adaptor.) 2) My RX-570 needed an 8 pin power connector, which the Z440 does not have, so I had to resort once again to eBay, for a 6 to 8 pin Molex adaptor. 3) You obviously have to make sure that whatever card you buy will physically fit in the case, but that's true for any build. -- Celejar
Re: which X11 app can show wifi info
On Sat, 11 Jun 2022 12:00:35 +0100 Brian wrote: > On Sat 11 Jun 2022 at 18:08:24 +0800, lou wrote: > > > On 6/11/22 4:57 PM, Brian wrote: > > > > > You may want wpagui, a graphical frontend for wpasupplicant. > > > > > Use of Qt apps does not involve installing KDE. > > > > > > Thanks, but i use ifup/ifdown (not wpasupplicant) to manage network > > connection. > > You are associating with a wireless access point. You must be using > wpasupplicant. Have you tried installing wpagui? JFTR, wpasupplicant is no longer required for WiFi - I use iwd. -- Celejar
Re: google account say it will no longer deliver email
On Sat, 14 May 2022 07:25:36 +0200 wrote: > On Sat, May 14, 2022 at 03:05:11PM +1200, Ash Joubert wrote: > > On 14/05/2022 00:42, Michael Stone wrote: > > > On Fri, May 13, 2022 at 07:16:11AM +0200, to...@tuxteam.de wrote: > > > > A loong password is not "equivalent" to 2FA, that's right. Good > > > > password management (of which length is but a part) is as secure > > > > as 2FA. > > > > > > No, it really isn't. > > > > A good password will not protect you from password reset via a weak channel > > such as email on an insecure server. > > > > 2FA will not protect you if the second factor is weak or resolves to the > > same device. Hint: if you store your password and TOTP key in the same > > manager then you have only one factor. > > Not to speak of SIM spoofing or social engineering of your mobile phone > provider (yes, it has been observed in the wild). There goes your SMS > second factor. Once again, it is well understood (although, bafflingly, often not by those who should care, such as financial institutions) that SMS is a terrible choice for 2FA. Hardware tokens, or at least authenticator apps, are far better. (Although as others have pointed out in this thread, if your auth app is stored together with your password, that can eliminate some (but not all) of the benefits of 2FA.) -- Celejar
Re: google account say it will no longer deliver email
On Sat, 14 May 2022 15:05:11 +1200 Ash Joubert wrote: > On 14/05/2022 00:42, Michael Stone wrote: > > On Fri, May 13, 2022 at 07:16:11AM +0200, to...@tuxteam.de wrote: > >> A loong password is not "equivalent" to 2FA, that's right. Good > >> password management (of which length is but a part) is as secure > >> as 2FA. > > > > No, it really isn't. > > A good password will not protect you from password reset via a weak > channel such as email on an insecure server. > > 2FA will not protect you if the second factor is weak or resolves to the > same device. Hint: if you store your password and TOTP key in the same > manager then you have only one factor. But as you concede below, this is an argument against poorly implemented 2FA, not against well-implemented 2FA. > 2FA often smells to me like security theatre, a band-aid over a sucking > chest wound of weak security practices, much like forced password > expiry. Done well, in addition to good security practices, including > strong unique random passwords, 2FA enhances security, but the cost is > high. Note however that the cost of a compromise can be devastating. Is the cost really that high? U2F hardware keys are readily available for as little as $15 USD (perhaps less - I just took a very quick look on Amazon), and they can secure all your accounts (that support U2F 2FA). > If you use 2FA, you must include it in your disaster recovery plans. > Imagine all your on-site devices including your phone are destroyed. Now > recover. A very good point. For that, well-implemented 2FA systems typically encourage the printing out / saving of a handful of OTP passcodes (which you should backup / print out and save offsite). But of course, the same is true for passwords as well (assuming you're using (as you should) long, random ones that are difficult or impossible to remember). But I agree that it's complicated: https://dmitryfrank.com/articles/backup_u2f_token -- Celejar
Re: Networking book recommendation
On Thu, 5 May 2022 17:36:14 -0500 Tom Browder wrote: > On Thu, May 5, 2022 at 16:07 David Christensen > wrote: > > > On 5/5/22 12:31, john doe wrote: > > > > > At the time I set up this, I googled this subject and came to the > > > conclusion that SSH through VPN was a better fit (flexibility, two > > > layers of security, VPN advantages when connecting on public wifi) for > > me. > > > The only experience with VPN I've had was when I was working from home back > in 2010 running Debian on a company laptop and a kludge Cisco VPN program > that somehow "just worked." > > If I go the pfsense/Netgate route (it has a VPN capability) what client do > I use on my Debian hosts both internal and external? Depends on what VPN technology you're using. If you have no technical debt, Wireguard is definitely the way to go. On both ends, just install the Debian wireguard package (and its dependencies), edit the appropriate configuration files, and you're good to go. -- Celejar
Re: Crucial SSDs and Debian Bullseye
On Wed, 27 Apr 2022 17:08:04 +0500 "Alexander V. Makartsev" wrote: > On 27.04.2022 16:06, Tom Browder wrote: > > I am trying to replace the original hard drive on an old Toshiba > > laptop with a 1 TB SSD from Crucial. (I had recently successfully done > > that in an old Dell Latitude and had no problems.) > > > > I first did a clean install of Debian 11 on the old drive to ensure > > the laptop works okay. Then I installed the new SSD and it can't find > > the drive. From what I can find at Crucial, I need to install their > > Storage Executive program on a Windows host, look up the SSD to a > > USB/SATA connector on that host, and configure or install the firmware > > onto the SSD. > > > I've never heard anything like that and I've worked with many > consumer-grade SSDs. > Usually all SSDs "just work". They may come pre-partitioned and > pre-formatted, but this could be reconfigured with any standard utility > programs. > The only thing I can think of, is that it could require usage of some > vendor-specific proprietary software to setup hardware encryption and/or > to update currently flashed firmware to newer versions. There's OPAL. Presumably uncommon on consumer-grade drives, but it does require special software to configure (although not necessarily vendor specific software) and can be a pain to work with (at least if one isn't familiar with them, as I wasn't when I encountered it in the wild, in a second-hand machine ;)) https://en.wikipedia.org/wiki/Opal_Storage_Specification https://wiki.archlinux.org/title/Self-encrypting_drives -- Celejar
Re: apt-cacher-ng and CNAMEs
On Tue, 3 May 2022 21:24:11 +0200 Nito wrote: > On Tue, May 03, 2022 at 15:16:47 -0400, Celejar wrote: > > [...], and I'm consequently somehow getting bitten by > > this issue: > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986356 > > > > But that (as described by the maintainer) mess was supposedly resolved, > > and the bug was closed. Am I missing something, or does that bug need > > to be reopened? > > Are you using stable? The bug has been closed with version > 3.7.1-1 of apt-cacher-ng. Stable currently has 3.6.4-1 with > no indication of a patch being applied for this bug. > Bullseye-backoprts offers 3.7.4-1~bpo11+1 though, so you could > likely use this to get a fix for #986356. I'm using Sid, apt-cacher-ng version 3.7.4-1. -- Celejar
apt-cacher-ng and CNAMEs
I'm trying to use the Tor upstream repositories: https://support.torproject.org/apt/tor-deb-repo/ Direct access works correctly, but proxying through apt-cacher-ng (using SSL passthrough, as per the apt-cacher-ng documentation) does not: Err:1 https://deb.torproject.org/torproject.org sid InRelease Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: xx.xx.xx.xx 3142] I've been beating my head over this for a while, and I have arrived at the tentative conclusion that the problem has something to do with the fact that deb.torproject.org is a CNAME alias for static.torproject.org., and I'm consequently somehow getting bitten by this issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986356 But that (as described by the maintainer) mess was supposedly resolved, and the bug was closed. Am I missing something, or does that bug need to be reopened? -- Celejar
Re: email lacks sender address
On Wed, 27 Apr 2022 10:04:06 +0900 Byung-Hee HWANG wrote: > Dear Celejar, > > Celejar writes: > > > On Tue, 26 Apr 2022 09:42:38 +0900 > > 황병희 wrote: > > > >> Dear Greg, > >> > >> Greg Wooledge writes: > >> > >> > (... thanks ...) > >> > unicorn:~$ apt-cache show ssmtp ... > >> Really i love sSMTP so much!!! > > > > FWIW, there's an outstanding ten year old bug against sSMTP pointing > > out that it doesn't bother to validate server TLS certificates. You'll > > have to decide whether this bothers you or not: > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662960 > > That seems some technical issue. However i have no skills to repair that > C level program. > > Actually i have no trouble with current sSMTP. Both Gmail and yw-1204 > does not break about this matter (verify certificate). So for a while > i'll keep this state. It means that i will continue to use the sSMTP. [From another email by Byung-Hee:] > Correction: Exactly, i did't see any problems. Because i have been using > always > self-signed certficate with sSMTP. > > Sorry for confusing statement. I'm not sure what you are saying here - are you possibly confusing client and server certificates? - but the problem is not that sSMTP doesn't work with Gmail - the problem is that it doesn't verify the server's SSL certificate, so it's susceptible to a MITM attack by someone impersonating Gmail. Again, you'll have to judge for yourself whether this is something to worry about. -- Celejar
Re: email lacks sender address
On Tue, 26 Apr 2022 09:42:38 +0900 황병희 wrote: > Dear Greg, > > Greg Wooledge writes: > > > (... thanks ...) > > unicorn:~$ apt-cache show ssmtp > > [...] > > Description-en: extremely simple MTA to get mail off the system to a mail > > hub > > A secure, effective and simple way of getting mail off a system to your > > mail hub. It contains no suid-binaries or other dangerous things - no mail > > spool to poke around in, and no daemons running in the background. Mail is > > simply forwarded to the configured mailhost. Extremely easy configuration. > > > > The entire point of this package is that it's meant to be used on a > > "dumb client" which does not wish to have its own outgoing mail queue. > > Instead, it forwards all of your mail to your "smart host" -- the MTA > > that has been set up for your organization's dumb clients to use. > > > > So, the single piece of information you need in order to use ssmtp is > > the hostname of your smart host. Also known as your mail relay. Or many > > other names. It's where you want your outgoing mail to be handled. > > > > Thanks for your time and your life! > > Really i love sSMTP so much!!! FWIW, there's an outstanding ten year old bug against sSMTP pointing out that it doesn't bother to validate server TLS certificates. You'll have to decide whether this bothers you or not: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662960 -- Celejar
Re: exim4 and oAuth
On Mon, 25 Apr 2022 19:41:29 + (UTC) mike.junk...@att.net wrote: > I recently switch ISPs to Frontier.com and find that my emails aren't > going out due to Frontier's insistence on using oAuth which as far as > I can tell is beyond Exim4's capabilities. > Feel free to contradict me if you know otherwise. > I've seen one note suggesting that Mutt can do oAuth but find > nothing in the docs confirming this nor how to make it so. > Any pointers would be appreciated. I haven't tried this myself, but one potential approach is to use email-oauth2-proxy, which allows non-OAuth-aware applications to talk to services that require OAuth: https://github.com/simonrob/email-oauth2-proxy -- Celejar
Re: AW: AW: AW: Here Newbie---Amateur in Linux...Problem: Debian LXDE cannot boot.. Is it destroyed?//Second try Hotmail bug Sorry
On Tue, 26 Apr 2022 09:32:23 -0400 Greg Wooledge wrote: ... > Firmware is executable code that runs inside of a device (such as a > network interface) rather than in your CPU. > > Many modern devices require some non-free firmware in order to perform > their duties correctly. This is *especially* the case with wireless > network interfaces, but also applies to video chipsets and other things. > > If your devices are old enough, you may not need any. If your devices > are newer, you probably need some. Just FTR, some rather old wired ethernet adaptors, such as the Broadcom NetXtreme II (BCM5716) in my Dell R210 II, also require non-free firmware to function: https://packages.debian.org/buster/firmware-bnx2 -- Celejar
Re: Desktop environment and VNC
On Fri, 22 Apr 2022 07:49:08 -0400 Greg Wooledge wrote: > On Fri, Apr 22, 2022 at 08:57:36AM +0200, Julius Hamilton wrote: > > There are many VNC servers that can be installed from apt, but you also > > need a desktop environment, which can be installed from tasksel. > > > > I see in tasksel that I already have Debian Desktop Environment and GNOME > > installed. > > > > I am pretty sure my VNC server is running and fine as it is except a DE is > > not running so that’s why I can’t connect. > > > > Is it enough to launch the DE, open a new screen with Screen, then launch > > the VNC? > > There are two kinds of VNC servers. > > The first kind runs a VNC session which is totally independent of what's > running on the physical display (if anything). > > The second kind runs inside an existing X11 session, and replicates that > X11 session as a VNC session. I only know of *one* VNC server which does > this, and its name is "x11vnc". IIUC, TigerVNC can do this as well: https://packages.debian.org/sid/tigervnc-xorg-extension Getting it to work properly, though, may not be trivial. -- Celejar
Re: 2FA
On Thu, 21 Apr 2022 17:27:48 +0200 steef wrote: > Hi folks, after long time back home. with a question. > Is 2FA installable on my OS debian11 and, if yes, how do I do that? > > Thank you, https://wiki.debian.org/Security/U2F [I am one of the editors of this page.] -- Celejar
Re: What do folks use to mirror repositories
On Tue, 19 Apr 2022 10:57:38 -0600 Charles Curley wrote: > On Tue, 19 Apr 2022 11:02:26 -0500 > David Wright wrote: > > > As for laptops, > > I handle laptops a bit differently (that's Linux for you). My proxy > statement is in its own file in /etc/apt. When the laptop is home, > there's a symlink in /etc/apt/apt.conf.d. The symlink gets removed or > made by a script NetworkManager executes at various times: > /etc/NetworkManager/dispatcher.d/50ifupdown > > Non-laptops get the same file and symlink. The just don't get > NetworkManager or that script. I just bring up a wireguard tunnel to my LAN before updating / upgrading. -- Celejar
Re: What do folks use to mirror repositories
On Fri, 15 Apr 2022 22:15:36 -0600 Charles Curley wrote: ... > Apt-cacher-ng (hereafter acng) also requires a change in client apt > configurations. Put one line into apt.conf or a one-liner in > apt.conf.d. I use the latter, 02proxy: > > Acquire::http::Proxy "http://aptcacherdeb.localdomain:3142;; > > There are further wrinkles for laptops and other traveling computers, > and for https only repos, which I will leave as an exercise for the > student. Yes. I use apt-cacher-ng, but having to manually add a workaround for every SSL-only repository I use is getting rather annoying: https://wiki.debian.org/AptCacherNg#HTTPS_repositories https://blog.packagecloud.io/using-apt-cacher-ng-with-ssl-tls/ One ends up with an ugly and not-very readable line like this: PassThroughPattern: (winehq\.org|xpra\.org|vscodium\.com|packagecloud\.io):443$ -- Celejar
Re: Can't create a password successfully.
On Mon, 4 Apr 2022 10:20:09 -0400 Patrick Wiseman wrote: > Chrome does that. As does Firefox: https://support.mozilla.org/en-US/kb/how-generate-secure-password-firefox > On Mon, Apr 4, 2022 at 10:04 AM Curt wrote: > > > On 2022-04-03, Brian wrote: > > > > > >> One of the bits of advice is to use long passwords made up of three > > >> random words and to use a different password per website / to use > > >> your web browser to generate an appropriate random password. > > >> Forcing passwords to change regularly may not be a good way to > > >> maintain security - it can mean that people use password01, password02 > > >> and things like that. > > > > > > Changing passwords at frequent intervals? Total nonsensense as far as > > > advice goes. > > > > > > > What web browser generates 'random' passwords? Am I missing something? > > > > > > > > > > -- Celejar
Re: libvirt tools and keyfiles
On Sun, 03 Apr 2022 10:45:06 +0200
didier gaumet wrote:
>
>
> Hello,
>
> - Yes, I was suggesting both running VMs as an ordinary user instead of
> root and running VMs as session instead of system
> - But myself not running any VM as a server, I was not aware of the
> limitations inherent to the use of "session" compared to "system"
Got it. Some of my VMs are servers and some are not, so I suppose I
could run some as "session," but right now I'm just running everything
under a single "system" libvirt.
> - SSH tunnel: I was just saying it is possible to use a SSH tunnel or a
> direct SSH connection ("--direct")
Got it. I haven't really looked into the distinction, although I did
notice it in the documentation, but I'll keep it in mind for the future.
> Glad your problem is solved :-)
Thanks for providing me with the solution!
--
Celejar
Re: libvirt tools and keyfiles
On Sat, 02 Apr 2022 09:53:18 +0200 didier gaumet wrote: ... > - double authentication: "When using a SSH tunnel to connect to a SPICE > console, it's recommended to have ssh-agent running to avoid getting > multiple authentication prompts." > > (take a look at virtsh, virt-manager, virt-viewer manpages) Thank you - this works! Specifically, starting an agent on the client machine, and then running virt-manager under the agent avoids the second prompt. I still think that the failure of virt-manager to use the provided keyfile for the console access should count as a bug: after all, if I've provided a keyfile, the location of which virt-manager has stored in its configuration, then why isn't it using it for console access? I understand that I can get around this by using an agent, but why should I have to? Celejar
Re: libvirt tools and keyfiles
On Sat, 02 Apr 2022 22:40:30 +0200 Linux-Fan wrote: > Celejar writes: > > > Hi, > > > > I'm trying to use virt-manager / virt-viewer to access the console of > > some qemu / kvm virtual machines on a remote system over ssh. I have > > public key access to root@remote_system. When I do: > > > > virt-manager -c 'qemu+ssh://root@remote_system/system? > > keyfile=path_to_private_key' > > > > the connection to libvirt on the remote system comes up fine, and I can > > see the various VMs running there, but when I try to access a VM > > console (via the "Open" button or "Edit / Virtual Machine Details"), I > > get prompted for the password for "root@remote_system" (which doesn't > > even work, since password access is disabled in the ssh server > > configuration). > > What do you insert for `remote_system`? A hostname or an IP? A hostname (resolved via /etc/hosts on the client machine). > IIRC I once tried to use an IP address directly > (qemu+ssh://u...@192.168.yyy.yyy), and while it would perform the initial > connection successfully, subsequent actions would query me for > the password of (user@masysma-...) i.e. change from IP-address-based (which > was configured to use a key in .config/ssh) to hostname based (for which the > key was not specified in the config. I solved this by adding the hostname to > /etc/hosts and configuring SSH and my virt-manager connection to use the > hostnames rather than IP addresses. > > I also remember that I had to add the connection to my GUI user's .ssh/config > > AND my root user's .ssh/config. In my case, I am not specifying the keyfile > as part of the connection, though. Thanks. Celejar
Re: libvirt tools and keyfiles
On Sun, 3 Apr 2022 03:43:10 +1200 Richard Hector wrote: > > > On 2022-04-01, Celejar wrote: > >> > >> > >> What is going on here? Since I'm specifying a keyfile on the command > >> line, and it's being used - otherwise I wouldn't even get the list of > >> VMs - why am I being prompted for the password? > >> > >> Celejar > > Apologies for replying to the wrong message - I've deleted the original. > > Are you really getting prompted for the password for the host system? > You're not talking about the login prompt on the console of the VM? Yes - I'm not getting into the console of the VM at all, and the prompt is for "root@remote_system", not the VM hostname / IP. > Also, by adding my normal user on the host system to the libvirt group, > it's not necessary to ssh as root - I can just use my normal user. In > fact I don't allow root logins, so I can't directly test your commands. Good to know. I was following the examples from the documentation, such as: virsh --connect qemu+ssh://r...@example.com/system from https://wiki.libvirt.org/page/FAQ virt-viewer --direct --connect qemu+ssh://r...@example.org/ guest-name from https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/chap-graphic_user_interface_tools_for_guest_virtual_machine_management But I'll have to look into just adding a user to the libvirt group on the host and logging in as that user. > Oh, and I assume the doubled '-c' is a typo :-) Yes, sorry. > Cheers, > Richard Celejar
Re: libvirt tools and keyfiles
On Sat, 2 Apr 2022 08:05:52 - (UTC)
Curt wrote:
> On 2022-04-01, Celejar wrote:
> >
> >
> > What is going on here? Since I'm specifying a keyfile on the command
> > line, and it's being used - otherwise I wouldn't even get the list of
> > VMs - why am I being prompted for the password?
> >
> > Celejar
> >
> >
>
> Aren't you required to copy the key over to the remote machine
> ('ssh-copy-id')?
The key in question is already present in the authorized_keys file on
the remote machine - that's why the initial login works. Perhaps I'm
missing something, but what would ssh-copy-id accomplish?
Celejar
Re: libvirt tools and keyfiles
On Sat, 02 Apr 2022 09:53:18 +0200 didier gaumet wrote: > > > Hello, > > Disclaimer: I do not use ssh, nor remote virtual machines, so this is > far from an expert answer :-) Thanks for the suggestions! > You could be confronted to several possible problems: > - root access: you could try using an ordinary user instead I'm not sure if I understand what you're saying, but I am using an ordinary user on the client side. The VMs are running on the remote machine using qemu:///system. > - "system" problem: virt-manager/virt-viewer propose "system" and > "session" options and in this case, trying an ordinary user "session" > instead of a root "system" could be beneficial Not sure if I understand what you're saying - as above, the VMs are running on the remote machine using qemu:///system - are you suggesting that I try reconfiguring them to run as qemu:///session? According to the documentation: > You will definitely want to use qemu:///system if your VMs are acting > as servers. VM autostart on host boot only works for 'system', and the > root libvirtd instance has necessary permissions to use proper > networkings via bridges or virtual networks. qemu:///system is > generally what tools like virt-manager default to. > > qemu:///session has a serious drawback: since the libvirtd instance > does not have sufficient privileges, the only out of the box network > option is qemu's usermode networking, which has nonobvious limitations, > so its usage is discouraged. More info on qemu networking options: > http://people.gnome.org/~markmc/qemu-networking.html https://wiki.libvirt.org/page/FAQ#What_is_the_difference_between_qemu:.2F.2F.2Fsystem_and_qemu:.2F.2F.2Fsession.3F_Which_one_should_I_use.3F > - ssh tunnel or not (virt-manager/virt-viewer have different options > for that) I don't understand this point. > - double authentication: "When using a SSH tunnel to connect to a SPICE > console, it's recommended to have ssh-agent running to avoid getting > multiple authentication prompts." Thanks - this might be the solution. I'll have to look into this further. > (take a look at virtsh, virt-manager, virt-viewer manpages) -- Celejar
libvirt tools and keyfiles
Hi, I'm trying to use virt-manager / virt-viewer to access the console of some qemu / kvm virtual machines on a remote system over ssh. I have public key access to root@remote_system. When I do: virt-manager -c 'qemu+ssh://root@remote_system/system? keyfile=path_to_private_key' the connection to libvirt on the remote system comes up fine, and I can see the various VMs running there, but when I try to access a VM console (via the "Open" button or "Edit / Virtual Machine Details"), I get prompted for the password for "root@remote_system" (which doesn't even work, since password access is disabled in the ssh server configuration). The same thing happens when I run: virt-viewer -c -c 'qemu+ssh://root@remote_system/system? keyfile=path_to_private_key' a list of VMs on the remote system pops up, but when I select one, I get the password prompt. What is going on here? Since I'm specifying a keyfile on the command line, and it's being used - otherwise I wouldn't even get the list of VMs - why am I being prompted for the password? Celejar
Potential DNS leak with Wireguard + iwd + resolvconf
Hi, My wireless interface is controlled via iwd (EnableNetworkConfiguration=true, NameResolvingService=resolvconf), and I have a wireguard VPN used to remotely access my private network, managed via e/n/i / ifupdown (using wg-quick). In /etc/wireguard/wg0.conf, I have a "DNS=xxx.xxx.xxx.xxx" line, pointing to a nameserver I run within my private network (reachable through the wireguard tunnel). When I connect to a wireless network (using DHCP, handled by iwd, as above), /etc/resolv.conf gets populated with the standard: nameserver nnn.nnn.nnn.nnn search a.b.c When I then do "ifup wg0", my specified nameserver xxx.xxx.xxx.xxx is *prepended* to the above lines, so I end up with the following in /etc/resolv.conf: nameserver xxx.xxx.xxx.xxx nameserver nnn.nnn.nnn.nnn search a.b.c This seems wrong, and a potentially serious DNS leak: if my nameserver xxx.xxx.xxx.xxx ever goes down, then nameserver nnn.nnn.nnn.nnn will be automatically queried, which may be undesirable. My understanding is that the VPN configuration should be *replacing* the pre-VPN /etc/resolv.conf, rather then *prepending* the new nameserver to it. Am I misunderstanding things, have I misconfigured things, or is this indeed a (serious) bug? -- Celejar
Re: installing on Lenovo Ideapad 3
On Tue, 29 Mar 2022 19:28:32 +0200 Christian Britz wrote: > > On 2022-03-29 19:20 UTC+0200, Paul Scott wrote: > > >> Which ISO? > > debian-11.2.0-amd64-netinst.iso > > This could be the root cause for the networking problems. Try the > "unofficial" ISO which supports binary blobs. > > If this seems unethical to you, buy an ethernet adapter which does not > need a proprietary binary blob. For WiFi, there is probably no such > solution available. There actually are such solutions available, e.g.: https://wiki.debian.org/ath9k_htc https://tracker.debian.org/pkg/open-ath9k-htc-firmware https://directory.fsf.org/wiki/Firmware-ath9k-htc https://github.com/qca/open-ath9k-htc-firmware No idea how well this hardware works, or how readily available it is. -- Celejar
Re: Can't use mc's editor
On Sun, 20 Mar 2022 13:53:52 -0400 gene heskett wrote: > Greetings all; > > The colors used by mc's editor are making the editor impossible to use as > they can't be used by someone with good color vision even, they are all > so alike. > > Where can I change mc's default editor to something as clear and easy to > use as geany? Seems to me that used to be a menu choice, but thats not > findable when the menus except for the click on it character are all > solid 100% bright blue and cannot be read by human eyes. There are two questions here: 1) How can mc's colors be changed? Answer: via environment variables or the configuration file (~/.config/mc/ini) - see the "Colors" section of the mc manpage. 2) How can mc's default editor be changed? Answer: via mc.ext (copy /etc/mc/mc.ext to ~/.config/mc/mc.ext and edit the copied version) Celejar
Re: OT EU-based Cloud Service
On Fri, 18 Mar 2022 15:37:09 +0100 Nicolas George wrote: ... > In France, the three major host providers are: > > https://www.scaleway.com/ FWIW, I use Scaleway's S3-compatible Object Storage (via rclone, from the U.S.) to store borg backups online, and it works very well. The first 75GB of storage (and transfer) are currently free: https://www.scaleway.com/en/object-storage/ Celejar
Re: Xfce4: screen visible upon resume before xscreensaver locks it
On Wed, 23 Feb 2022 11:50:54 +0900 John Crawley wrote: > On 22/02/2022 23:12, Celejar wrote: > > Hello, > > > > I'm running Xfce4 on a recent install of Sid. I have configured Xfce4 > > to "Lock screen before sleep" (in Session and Startup / General), but > > when I use xscreensaver, when resuming from suspend the screen is often > > visible for a brief period before xscreensaver kicks in. I have not > > seen this problem when using light-locker. > >... > > I can't make out whether I have misconfigured something here, or > > whether this is a serious security bug in the current Xfce4 - > > xscreensaver integration. > > I can't shed any light on the cause, but can report I see the same > thing on a non-xfce system. I'm using lightdm and light-locker, then > openbox, although am using some xfce utilities. > > Usually when booting up a flash of the previous user desktop is shown > before the login window. Agreed, this is not desirable at all. The only > possible culprit I can think of is xfdesktop4 - can you try booting to > a session with that disabled? Thanks for the suggestions - if I manage to do that, I'll report back with the results. Celejar
Re: [OT] Online CPU configuration tool
On Tue, 22 Feb 2022 21:12:26 +0100 Tom wrote: > > > On 2/22/22 20:59, Grzesiek wrote: > > Hi there, > > > > I'm looking for a tool listing CPUs by different criteria like the > > number of cores, number of memory channels clock speed etc. Is there any > > web page capable of that? I tried to google, no luck. > > > > Regards > > Greg > > > > Certain webshops will surely offer this? For my locale > https://tweakers.net/processors/vergelijken/ comes to mind. The popular site PCPartPicker allows searching on at least some, if not necessarily all, of the criteria in which the OP is interested: https://pcpartpicker.com/products/cpu/ Celejar
Xfce4: screen visible upon resume before xscreensaver locks it
Hello, I'm running Xfce4 on a recent install of Sid. I have configured Xfce4 to "Lock screen before sleep" (in Session and Startup / General), but when I use xscreensaver, when resuming from suspend the screen is often visible for a brief period before xscreensaver kicks in. I have not seen this problem when using light-locker. I also tried briefly with xfce4-screensaver and did not see the problem, but I have not done extensive testing with xfce4-screensaver. This is obviously a serious problem: I see that this has been a commonly reported Xfce issue, with various distros / screensavers, etc., over the years, e.g.: https://bugs.mageia.org/show_bug.cgi?id=28286 https://bugzilla.xfce.org/show_bug.cgi?id=14782 https://bugzilla.xfce.org/show_bug.cgi?id=15929 https://askubuntu.com/questions/1383379/xubuntu-desktop-visible-after-suspend-before-lock-screen but I can't make out whether I have misconfigured something here, or whether this is a serious security bug in the current Xfce4 - xscreensaver integration. Celejar
Re: Request free live CD
On Sat, 12 Feb 2022 14:09:29 +0100
Andrei POPESCU wrote:
> On Jo, 10 feb 22, 20:05:32, Celejar wrote:
> > On Thu, 10 Feb 2022 16:47:18 +0100
> > wrote:
> >
> > > On Thu, Feb 10, 2022 at 03:05:26PM +0100, Dozzyjean Dozie wrote:
> > > > Please I will be very much interested to get a live CD from you, please
> > > > what are the prerequisites that are needed to be archived this request
> > > > free
> > > > cd for free from you.
> > >
> > > See here:
> > >
> > > https://www.debian.org/CD/free-linux-cd
> > >
> > > Since burning a CD and putting into the mail costs money, you can't
> > > expect someone doing it for you. In the above page it is explained
> >
> > I'm genuinely curious about this: time and money are both scarce and
> > precious resources. Why is there an assumption that people will gladly
> > donate of their time to help others, but not their money? Is it because
> > the assumption is that the person asking for help should just spend
> > his own money, but may not be able to solve his problem by spending his
> > own time?
>
> Assuming I might have a decent internet connection, a disc burner and
> spare blank media I might consider helping out.
>
> However, this particular request feels too much like someone just
> wanting to take advantage of some freebie ("hey, I heard you give out
> stuff for free so I want some"), as opposed to someone in real need
> (hey, internet here is slow and/or metered, media burners are nowhere to
> be found, etc., could someone help out?").
Totally understandable. Just to be clear, I did not mean to criticize
or accuse anyone of irrationality or hypocrisy - I was just curious
about the mindsets of open source devotees.
Celejar
Re: Memory leak
On Sat, 12 Feb 2022 12:49:15 -0500 Stefan Monnier wrote: > > As I mentioned (briefly) in my original post, yes, I experience concrete > > problems: the system either grinds to a halt or becomes unresponsive, > > or hits swap and becomes intolerably slow. > > Sorry I missed that part. > I think that's what you should focus on: try and run some background > collection of timestamped system state (CPU use and memory use) and then > try and investigate to see what it is that was eating all the resources > during those times where the system grinds to a halt. Thank you. I actually just did a complete rebuild of my system from scratch: the old SSD was almost full and I installed a new one, so I decided to rebuild from scratch to get rid of accumulated cruft. So far things have been much better, but I'll see if problems return. Celejar
Re: Request free live CD
On Sun, 13 Feb 2022 12:36:04 - (UTC) Curt wrote: > On 2022-02-11, Celejar wrote: > >> > >> https://www.debian.org/CD/free-linux-cd > >> > >> Since burning a CD and putting into the mail costs money, you can't > >> expect someone doing it for you. In the above page it is explained > > > > I'm genuinely curious about this: time and money are both scarce and > > precious resources. Why is there an assumption that people will gladly > > donate of their time to help others, but not their money? Is it because > > the assumption is that the person asking for help should just spend > > his own money, but may not be able to solve his problem by spending his > > own time? > > Because your premise is false, and there is no equivalence between time > and money. I have no premise of an "equivalence" between time and money; the question of why people distinguish between them is nevertheless a legitimate one, since they are both scarce resources which people have to prioritize and allocate between their own personal needs and those of others. Celejar
Re: Request free live CD
On Fri, 11 Feb 2022 19:10:58 -0500 rhkra...@gmail.com wrote: > On Friday, February 11, 2022 02:44:26 PM Celejar wrote: > > Fair enough, although the question then is why we enjoy giving of our > > time but not our money. I assume that a primary motive of many (I can't > > speak for anyone in particular, of course) who give of their time is a > > desire to help others, and the act of helping others is what provides > > enjoyment to them, so then the question is why they would not enjoy > > helping others with financial contributions. > > For me, it is easier (emotionally) to give time rather than money. Although > I'm not too bad off re money, I don't get my supply renewed everyday (well, > for > the most part, I do now get SS (in the US). True. On the other hand, one's time on this earth is limited, while money is, at least for some, less of a rigid constraint. Celejar
Re: Memory leak
On Fri, 11 Feb 2022 15:57:58 -0500 Bijan Soleymani wrote: > On 2022-02-11 14:52, Celejar wrote: > > As I mentioned in another post, I do this occasionally, but I'm not > > sure how to interpret the results. I just killed firefox; I got back > > about 3.5 GB, but the system is still using about 4.8, and Xorg's usage > > hasn't changed: ~ 4436M / 3081M / 105M. > > Closing Firefox returns 100% of Firefox memory to OS (as long as all the > processes are killed). I don't know that it would affect Xorg's usage > though. I understand, but apparently sometimes application memory leaks show up as increased Xorg memory usage: https://unix.stackexchange.com/questions/6538/xorg-memory-leaks This is admittedly old, and xrestop doesn't show anything too suspicious. > A lot of memory in Linux (and other OS's) is allocated to cache/buffers > to speed things up. As programs use more memory the amount for that goes > down. > > For example on my system now with 16GB I have: > MiB Mem : 16007.9 total, 4564.8 free, > 6306.2 used, 5136.9 buff/cache > > (with thunderbird, chrome, etc. open). > > So 5GB is used for cache and 6GB is used for programs and about 4GB is free. I understand this, but as I've been saying, I have the impression that too much memory is being actually used outside buffers and cache. Celejar
Re: Memory leak
On Fri, 11 Feb 2022 11:40:15 -0700 Charles Curley wrote: > On Fri, 11 Feb 2022 12:01:59 -0500 > Celejar wrote: > > > So I've heard. So is this something I just have to live with? Does > > everyone have this problem? > > It is widely rumored, backed by experiments I've done here. I've not > seen anything official from the Mozilla folks, but then I don't pay > close attention to them. > > My solution is simple: I switched to Vivaldi over a year ago, and > haven't looked back. https://vivaldi.com. They have packages for > Debian, and run a roughly two week release cycle. It's based on > Chromium, but with better privacy settings for the defaults. There are several reasons I'm not ready to do that: 1) Vivaldi is not open source. 2) It's based on Chrome, which empowers Google and its ability to control web standards. 3) I am worried about a web monoculture. Celejar
