Re: a couple rpi problems
On Mon, Mar 04, 2024 at 11:41:07PM +, ghe2001 wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > rpi5 and 4, standard Debian clone OS > > 1) The 5, pi5.slsware.lan, keeps sending me email saying, > "*** SECURITY information for pi5 ***" > and > "pi5 : Mar 4 15:40:14 : root : unable to resolve host pi5: Name or service > not known" > I have no idea why it's complaining or what's bent. mike@DevuanPI4b:~> cat /etc/hostname MikesDevuanPI mike@DevuanPI4b:~> cat /etc/hosts 127.0.0.1 MikesDevuanPI > 2) On both the 4 and 5, 'needrestart' says I'm running on an old kernel and > tells me that a reboot will start the newer version. But it's just kidding > -- I reboot and I get the same message again. The 4's been doing that for a > long time, and I've just let it keep running the old kernel because I'm > afraid I might break something if I try to delete the old kernel. But I just > got the 5 a few days ago, it's doing the same thing, and I'd like to get this > dealt with. I've never seen that either and have 2 RPI4bs running Devuan daedalus on this one, Rasbian bookworm on the other. I assume you ran apt update & apt upgrade before reboot. One thing I have noticed is that reboot and 'shutdown -h now' then toggling the power, don't always give the same results. > -- > Glenn English Be well, Mike -- For more information, please reread.
Re: keyboard buttons
David Wright wrote: > You could try running: > > $ xmodmap -e 'keycode 124=' # to override XF86PowerOff > > $ xmodmap -e 'keycode 150=' # to override XF86Sleep > > $ xmodmap -e 'keycode 151=' # to override XF86WakeUp perhaps. Thank you Mr. Wright for trying to help. Given your input I read the xmodmap man page. I ran 'xmodmap -pk' and saw the keycode to function mapping as you stated. I ran the commands you suggested then ran 'xmodmap -pk' again and saw that the assignments were cleared. Just to be safe I checked the two files I normally keep open were saved then hit the XF86PowerOff button and watched my computer shutdown. I've heard more that once not to believe all you read. With all the disinformation on the net by enemies of democracy, both foreign and domestic, I take most of the news I read with a grain of salt. I guess I need to apply that to Linux man pages too. In spite of the outcome I appreciate your willingness to try to help and wish you good fortune this year. Be well, Mike -- "A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty." - Sir Winston Churchill (1874-1965)
keyboard buttons
On my keyboard there are some buttons in the top right corner above the number pad. one marked with circle with an x over it, one with a moon the third with analarm clock ringing. Wondering what they were and how they were handled I typed 'Control v' in bash on the command line then the button with the Xed out circle. Much to my chagrin my computer shutdown while I had files open for editing. OOPs. I think I now know what those buttons do but am wondering if there is a way to disable them short of dismantling the keyboard. mike@DevuanPI4b:~> uname -a Linux MikesDevuanPI 6.1.70 #1 SMP PREEMPT Sun Jan 7 04:13:59 CET 2024 aarch64 GNU/Linux I'm now on a Raspberry PI running Devuan but also run Debian on a different PI and MS Windows 2000 on a Pentium based tower. Bumping one of those buttons and inadvertently killing the system while in the midst of a task is something I'd like to avoid, Be well and Thanks for any suggestions, Mike -- Keep in mind ... stressed spelled backwards is desserts.
visudo, /etc/sudo.conf, probe_interfaces
mike@RPI4b3:~> uname -a Linux MikesPI 6.1.0-rpi7-rpi-v8 #1 SMP PREEMPT Debian 1:6.1.63-1+rpt1 (2023-11-24) aarch64 GNU/Linux Yes I'm on Raspberry Debian now but my Devuan system still isn't working well enough to post here and I ran into this first on my daedalus system. visud0 complains that my hostname can't be found via DNS, which I don't find surprising since I'm a single user system serving no ports. It's been like that for years and never caused a problem until I installed Devuan. 'visudo /etc/sudo.conf' shows a line '# Set probe_interfaces false' which should tell sudo not to worry whether hostname returns an FQDN. Unfortunalely, visudo sees that as a syntax error and sudo ignores that line. If I leave the line uncommented sudo still complains if mike takes eth0 up or down. I just checked and the same thing happens on this system. Both are Debian based systems and I'm wondering if anyone here can say if the problem comes from Debian or upstream. Thanks for listening. Be well, Mike -- Remember, success is ninety-nine percent the refusal to accept failure. - Charles Sheffield, _The_Cyborg_From_Earth_
Re: kbrequest as in older /etc/inittab
On Mon, Jan 01, 2024 at 10:36:41AM -0600, David Wright wrote: > Is the history of this issue relevant? > https://forums.raspberrypi.com/viewtopic.php?t=282768 David the most relevant part of that old post is the last line. > On Mon, 1 Jan 2024 13:53:44 -0500 Greg Wooledge wrote: > Oh, it's the same *name*. Huh. So, Mike, whatever you figured out in > 2020, you entirely forgot, and now you're starting over in a new forum? Yes, Greg, my name is still Mike. Have you always been Greg? If you think I figured it out in 2020 you clearly didn't read that post. I suggest you go back and read the last line at least. > What are you actually trying to do? If all you want are a bunch of > additional text consoles, you can simply increase the number of gettys > by editing the /etc/systemd/logind.conf file: I don't think I can state any more clearly what I'm trying to do than 'to tie a call to openvt to Alt Up'. I'm assuming you don't know how to do that either. You're quite right you can increase the number of gettys and you can log into every one of them before you can use them. I'd like to thank you for the reference to logind.conf. I've been looking for a while where the login on tty6 was coming from having set ACTIVE_CONSOLES="/dev/tty[1,3]" in /etc/default/console-setup. You are often helpful. One of these days I'll find a solution, I thought triggerhappy might do but so far haven't made that work either. Be well fellas, Still Mike -- 1984 was not meant as a blueprint for democratic governments.
kbrequest as in older /etc/inittab
Prior to the introduction of systemd /etc/inittab had this line in it: kb::kbrequest:/bin/echo "Keyboard Request--edit /etc/inittab to let this work." and I found it useful to tie a call to openvt to Alt Up which went well with ALT Right or Left arrow to move between VTs. . Has anyone knowledge of how to do this under systemd? Thanks, Mike -- ... what I was born does not matter, only what I will make of myself, only what I will become.
Re: single quote "'" in bash xterm or lxterminal
Mr. Wooledge, Long before I realized I could put /home/mike on a separate partition I started putting my stuff on a separate partition and just called it /mc. A couple of tomes I had different OS versions on the same hard drive so it made sense to keep the portions of my stuff that weren't OS specific in a place I could reach from both OS installs. Since my tower died and I replaced it with a Raspberry PI, home is on the uSD. Having /mc on a flash drive means I have it available whether I'm running debian, devuan or raspbian and if home were on that flash since those OSs are only similar things could get even more confusing than they are with my setup. A problem I've not run into but considered is how to deal with thngs if that flash drive dies. I suspect logging into a system where you have no home for your primary user might get interesting. Mr. Nikulin, I shouldn't be surprised if xterm-256color is just enough different from xterm and lxterminal that that is why you don't see a problem with the '"...": ...' syntax. If you have xterm-256color you likely have xterm too. Have you tried it? Thanks for showing me different ways of looking at my challenges. Happy New Year fellas Mike -- Happiness is not so much in having but in sharing.
Re: single quote "'" in bash xterm or lxterminal
In response to Greg Wooledge's message of Wed, 27 Dec. As it turns out every line in /mc/bin/xterm_bindings that was not a comment was problematic.From man readline or info readline I saw this: bind '"\C-x\C-r": re-read-init-file' and that is the syntax I used in xterm_bindings, as '"\e[1;5H": backward-kill-line'. Looking as you suggested for the problematic line, I deleted each line until none were left, only then did the "'" problem go away. When I compared .inputrc to xterm_bindings I then saw the problem. You wondered what /mc/implied, my name is McClain so /mc is where my stuff goes to separate it from system stuff making it easier to move my stuff from distribution to distribution. I started with DosLinux back around 1997-8 and have used redhat, slakware, solaris, freebsd and settled on Debian early this century. Since some of these use a spinoff of xterm [ -n $DISPLAY ] is a little more generic than [ $TERM == xterm ], RaspberryPI has chosen lxterminal as their default which would would fail that test but still runs bash. In spite of having used linux for years I'm still a 'luser' compared to you and often fumble as this case demonstrates. I do appreciate your input, bothe here and on the bash list. Thanks for the help and I wish you a happy new year. Mike -- Happiness is not so much in having but in sharing.
Re: Firefox Warning [SOLVED]
You are correct Tixy and my apologies. Raspberry Pi advertises itself as Debian and I hadn't noticed that the sources.list only has raspberrypi,com in it. It was designed as a children's teaching aid which probably explains the auto update. Again my apologies for raising what turns out to be a false alarm for regular Debian users. Happy Holidays, Mike -- The universe is made of stories, not atoms. - Muriel Rukeyser
Re: Firefox Warning [SOLVED]
Mr. Martinez, I tried every thing I could think of with little success: apt-get update; apt-get upgrade apt update && apt -y full-upgrade apt-get reinstall firefox None of these restores firefox's black menus Mr. Walton, I'm pleased to hear that you have not had the problems I've run into, however I had not initiated an update and though bookworm on the desktop occasionally pops up a window telling me of updates available and suggests I click the button on the taskbar to start the download, I've not seen evidence that the updates are done without my initiating same. If I recall correctly, Firefox used to have a checkbox in the preferences to permit or deny auto updates. In this version 121.0 for the Raspberry PI, that's no longer so and I'm quite sure that FF updated itself without asking. When it restarted the top three lines, menu, tabs and address plus associated buttons were black with grey text and bacically unreadable/unusable. Faced with that I'd suggest you might get a bit dramatic too. The good news is that kerry_s on the Raspberry Pi forum showed me where to change the screen theme. >From the taskbar popup menu/Preferences/Appearance Settings/Defaults choose: For medium screens: Set Defaults kerry_s also said there was a theme selector there that I didn't see. He's under wayland while I'm running X11 and that caused some confusion. I can't imagine why FF would choose to change desktop theme with their update but that theme change also made LibreOffice, Draw, Calc and Writer unusable. I hope you don't have this problem but at least if you do get stung you may remember the fix. Happy Holidays, Mike -- What lies behind us and what lies before us are tiny matters compared to what lies within us. - Ralph Waldo Emerson
Re: single quote "'" in bash xterm or lxterminal
You guys were rigt all along, I just couldn't see it. Greg's suggestion to try dash showed me the error of my ways. I moved .inputrc to no.inputrc, commented out the line in bash.environment that pulled in xterm_bindings, killed and restarted X and sure enough I had '"' in an lxterminal window. I moved no.inputrc back to .inputrc, killed and restarted X and still had '"' in an lxterminal window. I deleted half of the entries in xterm_bindings, reenabled the statement in bash.environment, killed and restarted X and lost '"' in an lxterminal window. I deleted another half of the entries in xterm_bindings, killed and restarted X and still no '"' in an lxterminal window. Only when xterm_bindings has no executable lines in it does it not kill '"' in an X terminal window. The line that pulled it in was ; [ -n "$DISPLAY" ] && [ -f /mc/bin/xterm_bindings ] && bind -f /mc/bin/xterm_bindings; Greg I have no idea when this happened xterm_bindings was started in 2011 and either I didn't notice it or it wasn't a big enough problem to deal with. I keep tty{1-10} open all the time and X only on tty11 so seldom use a terminal window in X. Thanks for your help fellows and Happy Holidays, May the new year be good for you, Mike -- Never ascribe to stupidity what can be explained as ignorance.
Re: single quote "'" in bash xterm or lxterminal
root@RPI4b3:~> tty; echo $SHELL; echo "' " | hd /dev/tty1 /bin/bash 27 20 0a |' .| 0003 mike@RPI4b3:~> tty; echo $SHELL; echo "' " | hd /dev/tty6 /bin/bash 27 20 0a |' .| 0003 mike@RPI4b3:~> tty; echo $SHELL; echo " " | hd /dev/pts/1 /bin/bash 20 0a | .| 0002 The above in a lxterminal window. mike@RPI4b3:~> tty; echo $SHELL; echo " " | hd /dev/pts/6 /bin/bash 20 0a | .| 0002 The above in an term window. As this demonstrates, I get single quotes in bash in a VT but not in X. I see the same whether beforre or after executing 'setxkbmap -layout us'. Suggestions for further exploration? Merry Christmas, Mike -- Under capitalism man exploits man; under socialism the reverse is true' - Polish Proverb.
Re: single quote "'" in bash xterm or lxterminal
This is reported by "xev" in response to the "'" key: KeyPress event, serial 48, synthetic NO, window 0x1e1, root 0x3af, subw 0x0, time 1860575, (170,-87), root:(1005,201), state 0x10, keycode 48 (keysym 0x27, apostrophe), same_screen YES, XLookupString gives 1 bytes: (27) "'" XmbLookupString gives 1 bytes: (27) "'" XFilterEvent returns: False In lxterminal control v displays "'" though lxterminal doesn't. "''" shows nothing and "'a" shows "a", likewise "'e" = "e", "'o" = "o", etc. I've examined /etc/inputrc, .inputrc, /etc/bash.bashrc, ~/.bashrc, /etc/profile, /etc/profile.d/*, ~/.profile, ~/.bash_profile, both of the latter two just pull in ~/.bashrc which pulls in bash.{aliases,environment,functions} which are just stuff that started out in ~/.bashrc but got split out when it got unwieldy. The only things I've got that tweek the keyboard are /mc/bin/setkeys which is run by /etc/rc.local and /mc/bin/xterm_bindings pulled in by bash.environment. Both of these contain keyboard assignments for bash/readline editing functions or jed editing functions and don't change how a single quote is handled. They have been around so long they probably predate my awareness of inputrc. 98% of what is /mc/bin I wrote plus a few things I ran across and kept for the ideas/lessons they taught. mike@RPI4b3:~> cat /etc/default/keyboard # KEYBOARD CONFIGURATION FILE # Consult the keyboard(5) manual page. XKBMODEL="pc105" XKBLAYOUT="us" XKBVARIANT="" XKBOPTIONS="compose:lwin" BACKSPACE="guess" Durring the hours I've spent exploring this problem it has occured to me to wonder why I would see this problem only in a desktop terminal window but not on tty(1-10)? That suggests to me that it is not a readline problem but I don't know much about keyboard mapping in X or wayland as I'm under now. Suggestions on where to look next? Thanks for your ideas and Merry Christmas, Mike -- No one's life, liberty, or property is safe while the legislature is in session. - Mel Greene's _The_Greatest_Joke_Book_Ever_
single quote "'" in bash xterm or lxterminal
I seldom use the command line while on the desk top since I keep 10 VTs open for day to day tasks so only recently noticed that when I type a single quote "'" in bash xterm or lxterminal nothing shows. If I open a file for editing with jed, my favorite editor, I can type a single quote but back on the CL again no "'". Suggestions on where to look for a solution? Thanks and Merry Christmas, Mike -- Silence & smile are two powerful tools. Smile is the way to solve many problems & Silence is the way to avoid many problems.
Firefox Warning
On my RPI4b bookworm system as I was browsing, Firefox stopped me demanding to update and I couldn't continue to use FF until I accepted its demand and let it update. It did so then restarted FF at which point it became almost totally unusable the menu bars had come to black background with very dark grey text. I have tried 'apt-get update; apt-get upgrade' hoping restore FF to usability also 'apt-get reinstall firefox' with no luck. FF was very difficult to read and it took hours and going back to my buster install on another PI before I figured out how to get it back to a usable state. When I loaded LibreOffice calc to record stock quotes I found that calc had, too, inherited the same problem with the top menu bars, as well as the side bars and bottom status bars are black with nearly illegible text. I've not yet gotten calc straightened out. If anyone can point me to what in the system Firefox update could have changed to affect other programs I'd appreciate the help. Frankly I'm aghast at the arrogance of the FF group to force an update on their users and quite peeved that they would do so and screw up my system as well. Merry Christmas everyone, Mike -- Silence & smile are two powerful tools. Smile is the way to solve many problems & Silence is the way to avoid many problems.
used vs. unused packages installed
Is there any way to determine which packages are used of the many that come with an install? My Raspberry Pi install of bookworm has some 1800 packages installed many of which I know I don't use, many others I suspect I don't use but don't know if some program I do use depends on them at some point in its life. $ apropos editor | wc reports 23 hits Six of which are various versions of VI which I don't use but pico, nano, mcedit, mousepad and mu-editor are also included. I only use jed but don't know what would break if I purged the others and am loathe to break a working system. There are 259 packages whose name starts with 'python', admittedly I could purge one a week and see if anything breaks, that would only take 5 years but I'm not quite that patient. Suggestions? Thanks, Mike McClain -- Every problem has a gift for you in its hands. - Richard Bach
Re: IMAP vs POP was Thunderbird vs Claws Mail
Seeing several messages complaining about fetching messages from gmail.com I'd like to point out that gmail can be set to forward all messages to a gmail account to another account on a different server. I saw a message making that point several years ago, probably here, and seldom log into gmail but get all messages sent to my gmail accounts by others. A second item that's slightly off topic, I've had no luck setting up claws-mail to send out through frontier.net and if anyone knows how to do that I'd appreciate the claws-mail setup for it. Thanks, Mike -- Telling pious lies to trusting children is a form of abuse, plain and simple. - Daniel Dennett, 2010-01-12
masqmail
If anyone on the list is using masqmail I'd be interested in hearing how well it works and how easy it is to set up for a single user system that's not online 24/7. Thank, Mike -- Spirit is an invisible force made visible in all life. - Maya Angelou
Re: Re: midnight commander
Re: Re: midnight commander
who is tracking me?
My old PIII died and I replaced it with a Raspberry PI running the Raspbian derivative of Debian. It's clear just from the cookies that PaleMoon browser and Chromium call home every time they are used. The number of other apps that are keeping history of my usage/transactions that I see no need for is many. What tools need I use to see what sites on the Inet are contacted? Thanks, Mike -- "Most people are about as happy as they make up their minds to be." - Abraham Lincoln
Re: SanDisk USB stick problem
On Tue, Dec 08, 2020 at 10:53:16AM -0500, Stefan Monnier wrote: > > I bought a SanDisk Cruzer Glide USB stick. The fine print on the package > > says it has SecureAccess software. It is so secure it prevents me from > > writing to it without running the included Bill Gates cancerous, virus > > infested, scourge of the Earth software. > > Is there any way to disable or remove the SecureAccess software? > rm *worked for me as root > Others have suggested reformatting, but maybe a more constructive path > forward is to return the bugger, complaining that it doesn't work. > Be sure they have a replacement before returning it. I sent back 2 of their flash drives, different model, that were running too hot to touch. They replaced 1 then said no more available and that was a couple of months ago. Be well, Mike -- Your talent is God's gift to you. What you do with it is your gift back to God.
Re: 780 files in /usr/share/zoneinfo/
On Tue, Nov 24, 2020 at 02:48:12PM +0100, Kamil Jo?ca wrote: > Mike McClain writes: > > [...] > > Locale is another area where there is a lot of data that the > > average user, I suspect, has no use for and localepurge in Debian, at > > least, is hamstrung by the packagers, hooking it to dpkg and > I disagree. > Even quite small enterprises work internationally now. > And it is important to me if my coworker from Bangalore has working > time or is in bed before calling him :) > So "TZ=Asia/Kolkata date" is your friend :) > > > KJ > -- > http://stopstopnop.pl/stop_stopnop.pl_o_nas.html I'm quite sure you're right for businesses. I wonder if there is any way to tell how many Linux installations are being used by businesses versus are used by people like me who use it as a home computer with no business in mind? Be well, Mike -- Telling pious lies to trusting children is a form of abuse, plain and simple. - Daniel Dennett, 2010-01-12
Re: Re: 780 files in /usr/share/zoneinfo/
On Mon, Nov 23, 2020 at 07:51:09AM -0500, Greg Wooledge wrote: > On Sat, Nov 21, 2020 at 01:20:39PM -0600, Martin McCormick wrote: > > I just cd'd to that directory and it looks like there's > > about 1 GB there. > > unicorn:~$ du -sh /usr/share/zoneinfo > 3.5M /usr/share/zoneinfo > unicorn:~$ find /usr/share/zoneinfo -type f | wc -l > 780 > > Either something's wrong on your system -- in which case you should try > to figure out what it is -- or something's wrong with your interpretation > of what you're seeing. > > (And yes, I know find | wc -l isn't an accurate way to count files if > their names are unrestricted. Here I'm assuming there aren't a huge > number of filenames in /usr/share/zoneinfo/ with newlines.) Since I'm the one that started this discussion, I'd like to say "Thank You" to all that offered their insight. I guess I'm just a little old fashioned. My first computer had no storage and my first hard drive was 20M so having a directory taking up 3.5MB when all I'm using there is less than 10KB just doesn't sit well with me. In over 20 years running Linux I've never found a use for that extra 3.5MB data and I wonder how many do. I'm curious Greg, how often have you used that data? Locale is another area where there is a lot of data that the average user, I suspect, has no use for and localepurge in Debian, at least, is hamstrung by the packagers, hooking it to dpkg and disableing it for any other use. Running localepurge on the CL is a noop but doesn't tell you so, look at the code. Sorry I didn't mean to rant. Thanks again for the input. Be well, Mike -- "At birth, men are by nature of good heart." - _Young_Fu_Elizabeth F. Lewis
Re: rsync --delete
On Mon, Oct 19, 2020 at 07:55:27AM -0400, Greg Wooledge wrote: > > > I use 'set -e' > > NOOO While interesting this response is not very informative. I can only tell that you have a problem with it. I spent a while searching your wiki trying to find your objections without luck, so would you plaese tell this poor heathen what your objection to 'set -e' is? On a different subject, my guess is that your insistence on quoting variables and using arrays for multi-part parameters is that doing so as a habit covers the times when a string variable will not expand as expected while an array will. Please correct me if I'm mis-reading things. Thanks, Mike -- "God answers prayer on His own way, not ours." - Ghandi
Re: rsync --delete
On Sat, Oct 17, 2020 at 03:01:13PM -0700, David Christensen wrote: > > Is /sda the mount point for your backup media? If so, that is confusing -- > 'sda' implies '/dev/sda', which should be your system drive (e.g. root). I > would label the backup filesystem 'backup-rpi4b' and mount it at > '/mnt/backup-rpi4b' or '/media/backup-rpi4b' (your desktop might be able to > do this for you). I'm a lousy/lazy typist so mount a USB flash drive at /dev/sda1 on /sda. > If the script must change the working directory, I would display that -- > 'set -x', 'cd ...', and 'set +x'. I did adopt this suggestion. > I would do an old-school 'if' block and display that a directory is being > created -- 'set -x', 'mkdir ...', 'set +x'. > What is /mc? /mc is simply a directory I put docs/scripts I create and/ or collect that are not part of any installation. There is an /mc/docs/, an /mc/bin/ and a couple of others, sometimes. > mk_rsync_exclude.sh creates '.rsync_exclude' in the current working > directory? Yes. > > echo /usr/bin/rsync $Params --exclude-from=/home/mike/.rsync_exclude . > > $Flash/mike > > /usr/bin/rsync $Params --exclude-from=/home/mike/.rsync_exclude . > > $Flash/mike || > > echo rsync $Params --exclude-from=/home/mike/.rsync_exclude . > > $Flash/mikeFailed $? ; > You cut and pasted the following code three times: > >/usr/bin/rsync $Params --exclude-from=/home/mike/.rsync_exclude . > $Flash/mike > > DRY: https://en.wikipedia.org/wiki/Don%27t_repeat_yourself I've seen this just haven't it ingrained yet. > I prefer 'set -x', 'command ...', and 'set +x' when I want to see what the > shell is actually doing (which might not be the same output as 'echo ..'). and this one. > > I use 'set -e' at the top of my scripts so that the shell will stop and > display an error message if a script command fails. > > > /usr/bin/rsync -- I also use absolute paths for tools. But, I put them into > upper-case variables at the top of my script. > > --exclude-from -- It is too easy to screw up exclude specifications and > exclude a file you need. Therefore, I backup entire filesystems. We have different needs. > When invoking rsync(1), I make sure that SRC and DEST are directories, that > their paths are absolute, and that their paths end with '/'. This prevents > confusion and works as I expect. > David I've taken several of your suggestions. Thanks for the feedback. Be well, Mike -- If everything seems to be going well, you have obviously overlooked something
Re: rsync --delete
On Sat, Oct 17, 2020 at 10:30:04AM +0200, to...@tuxteam.de wrote: > On Fri, Oct 16, 2020 at 05:09:42PM -0500, Mike McClain wrote: > > I've been using rsync to backup to a flash drive but it's not > > performing exactly as I expected. > > I think Will nailed it. Your problem is not an rsync problem, > but a shell (presumably bash) problem: > > Simply do: > Params="-a --inplace --delete" > > then > /usr/bin/rsync $Params [...] > > There is one thing I still don't understand about this script. Why does > it invoke /usr/bin/rsync? Does the script writer know better where the > "right" rsync lives? Or the sysadmin/user, who is in control of $PATH? > > Cheers > - t Tom & Will, You hit right on the head. I realized it when seeing Klaus post "Params=-a --inplace --delete". I know better but write bash scripts so seldom that I forget the intricacies and switching back and forth between bash, perl and ruby fogs my mind. As for your last question, the script is called from cron and I'm never sure whether cron is going to be able to find things so have just gotten into the habit of putting the path in. Thanks for the help, Mike -- If a Communist mole got elected as President of the United States, how would he act?- MM
rsync --delete
I've been using rsync to backup to a flash drive but it's not performing exactly as I expected. The man page says: --deletedelete extraneous files from dest dirs A section of the backup script is so: Params=(-a --inplace --delete); Flash=/sda/rpi4b cd /home/mike [ ! -d $Flash/mike ] && mkdir $Flash/mike; # exclude compressed files and the contents of most of the .* directories /mc/bin/mk_rsync_exclude.sh echo /usr/bin/rsync $Params --exclude-from=/home/mike/.rsync_exclude . $Flash/mike /usr/bin/rsync $Params --exclude-from=/home/mike/.rsync_exclude . $Flash/mike || echo rsync $Params --exclude-from=/home/mike/.rsync_exclude . $Flash/mike Failed $? ; If I delete a file from my home directory then backup over last week's copy the deleted file stays in the backup directory and these build up over time. Am I misusing rsync or am I just not understanding how it works? Thanks, Mike -- "First say to yourself what you would be; and then do what you have to do." - Epictetus
Re: needed: a way to eliminate wasted disk space due to unneeded locale files
On Tue, Oct 13, 2020 at 04:46:56PM -0400, Cindy Sue Causey wrote: > On 10/13/20, L Godioleskky wrote: > > App localepurge eliminates some, but far from all of these un-needed files > > What's it leaving behind that you would like to see additionally > purged? If there's not a known tweak, flag, or something for > localepurge, perhaps your needs could become a reportbug wish list > item sent to Developers. > Try this Cindy, find / -iname '*zh*' I get 136 hits after running localepurge and each points to a directory with lots of other languages. Be Well, Mike -- During the Afghan war the American news reported how many Americans had died over there. It seems to me that a good newsman would have also reported the Afghani death count but I never heard one.- MM
passwords + bad memory - Was (Re: how to test disk for bad sector)
On Mon, Aug 31, 2020 at 09:41:06PM +, Long Wind wrote: > my memory is poor, i can't remember many accounts and passwords The more experience you have the harder it is to find the memory you're searching for. That's my story and I'm sticking to it. Mnemonics can make passwords relatively easy to remember and can be very secure if chosen carefully. Mom's birthday is 5 May 1919, a secure password is *M05o05m19m19a? I have an AT account and an address I haven't lived at in 50 years is 5535 El Campo, Ft. Worth, Texas 75107, so :A5535t75107t;. That should give you the idea, a mix of upper and lower case, numerals and punctuation selected from things no longer current can make good passwords easy to remember. GRC.com has a password checker HTH, Mike -- It seems to me a little shallow that the Creator of the universes would care whether He was called Yahweh, Allah, Jehovah, The Great Spirit, Vishnu or any of many other names rather than caring about how we carry out His commands. - MM
recently-used.xbel
I took a look at ~/.local/share/.recently-used.xbel and see that not only is it tracking what I do but claims to be the property of freedesktop.org. Is there any way to see if this is being sent to them and who might they be selling this info to? It's bad enough that Google and so many others care to spy on us but it's really uncomfortable to think my own computer is doing it. This is worse than Big Brother. Thanks, Mike -- Life isn't a matter of milestones but of moments. - Rose Kennedy
Re: ot: hack me
GRC.com On Mon, Aug 17, 2020 at 07:59:19PM +0200, gru...@mailfence.com wrote: > does anyone know of a reliable site that can stress test my firewall -- 'Personal view' is a Buddhist term signifying an individual view based on the erroneous idea that the ego, or personal self, is reality and can perceive things realistically. - _The_Unfettered_Mind_ Takuan Soho
Re: Need commands
On Sat, Jun 13, 2020 at 02:01:06PM +0300, Teemu Likonen wrote: > ROHIT SONI [2020-06-13T10:12:06+05:30] wrote: > > > I need full commands for 2020.2 gnu/linux rolling kali tty1 > > List all commands in a terminal program and Bash shell: > > ls -l {/usr,}/{s,}bin/; help > > -- > /// Teemu Likonen - .-.. http://www.iki.fi/tlikonen/ > // OpenPGP: 4E1055DC84E9DFF613D78557719D69D324539450 Way to go, Mr. Likonen. Thumbs up. Mike -- Always remember: It is a mathematical certainty that half the people in this country are below average in intelligence!
gpm messages
Is there a way to get gpm to quit issuing these messages? Jul 9 08:10:00 playground /usr/sbin/gpm[2929]: *** info [daemon/processrequest.c(42)]: Jul 9 08:10:00 playground /usr/sbin/gpm[2929]: Request on 12 (console 6) Thanks, Mike -- Diplomats are nothing but high-class lawyers - and some ain't even high class. - Will Rogers
Re: USB digital microscope from Walmart
Thank you Mr. Weber. I installed guvcview and now can see the scope's output. Much obliged, Mike On Wed, Jun 05, 2019 at 05:04:53PM -0400, Bob Weber wrote: > On 6/5/19 3:09 PM, Mike McClain wrote: > > I Have something that may be similar.?? Its Jiusion Digital > Microscope.?? It works with the viewer guvcview.?? Its in Debian so > it should be safe.?? I had to plug it in several times to get the > kernel to recognize it ... use lsusb.?? First run lsusb then plug it > in and see if there is any difference.?? Mine just showed up as Bus > 001 Device 015: ID a16f:0304 with no name.?? Yoursd will be > different so just look for the change. > > I got the idea from Kris Occhipinti.?? Link: > https://www.youtube.com/watch?v=xxUPCV3gbqw is where he runs the > microscope with cheese. > > Hope this helps. > > -- > > > *...Bob* -- Toward a happier life, always hang up immediately you've found you've been called by a machine. - MM
USB digital microscope from Walmart
I bought a USB digital microscope from Walmart that the ads claimed would work under Win2K and Linux. So far the supplier has failed to back up that claim with meaningful info. Has anyone had any luck getting one of these working under Debian? This one claims 1000x magnification and the supplier is E4. They don't answer the phone and email correspondence has so far prove useless. Thanks, Mike -- If all the CHP drove the speed limit, perforce, so would the rest of us. How many lives a year would that save? - MM
Re: lost dig
On Tue, Feb 19, 2019 at 12:10:15PM +0100, tony wrote: > In my fiddling with DNS, I installed (as su) a python package from pypi > called 'dig'. It turned out to not be what I expected, so I abandoned it. > > However, now when I enter 'dig' on the command line, it runs this python > thing. So I uninstalled dig from python, using 'pip3 uninstall dig'. > That seemed to work fine, but now when I type 'dig' at the terminal, I > get bash: /usr/local/bin/dig: No such file or directory. Well, that's OK > because dig - the proper one - is at /usr/bin/dig. > > 'which dig' gives me '/usr/bin/dig/ > > So, how do I now get the alias (if that's what it is) to point at the > right file? > > Thanks, Tony Try hash -d dig. Bash keeps a list of where executed commands are so it doesn't have to look them every time. Cheers, Mike -- Be Here now, just breathe.
Re: A "Where am I" routine
On Fri, Jul 06, 2018 at 06:25:43AM -0500, Richard Owlett wrote: > I multi-boot several configurations &/or releases of Debian. > I will run identical test scripts on each. > I want to store the results in a common logging file. > > I can set up an appropriate environment with a custom fstab containing: > > > > # create a common area > > LABEL=owlcommon /home/richard/Documents/tst_common vfat user,rw,umask=000 0 > > 0 > > # a dummy mount labeled to show which instance > > LABEL=dummy /home/richard/Documents/where/sda14 ext4 user,ro 0 0 > > > > > The first statement gives me a directory usable by all. > The second tells me where I am by using: >ls /home/richard/Documents/where > in any test script. Facing a similar problem of several distributions on one machine I took a different approach. I use a separate partition for data '/mc' accessable from all distributions. This little script tells me where I'm running from: #!/bin/bash # /mc/bin/set_distset the variable DIST 071512 Mc # source this file and DIST will transfer to the calling file # which distribution (based on partition label) if [ $(grep -c UUID /proc/cmdline) -gt 0 ]; then bid=$(cut -d'=' -f4 /proc/cmdline | cut -d' ' -f1); rline=$(blkid | grep $bid) ; rstr=${rline#*\"}; DIST=${rstr%%\"*}; unset bid rline rstr; else DIST=$( e2label $(mount | grep " / " | cut -d" " -f1 ) ); fi The various partitions are labeled for the Debian version. This may or may not help you but works for me. Have fun, Mike -- "Beauty without grace is a hook without a bait." - Ninon de Lenclos
Re: Outgoing email with exim, was Re: Strange LAN IP Address.
On Tue, Jul 03, 2018 at 05:42:15PM -0500, David Wright wrote: > On Tue 03 Jul 2018 at 08:52:22 (-0700), Mike McClain wrote: > > On Mon, Jul 02, 2018 at 03:17:27PM -0400, Stephen P. Molnar wrote: > > > > Should anyone reading this know hjow to get exim4 to connect to > > outbound.att.net I'd love to hear about it. > > Curt got the wiki, and my googling landed on > https://www.att.com/esupport/article.html#!/dsl-high-speed/KM1010523 > and > https://www.att.com/esupport/article.html#!/email-support/KM1240308 > It looks as though these are more up to date than the wiki. > > In the first, I assume that the table rows are labelled wrongly, > but it seems to show SMTP on smtp.mail.att.net ports 465 or 587 > as well as the hostname you gave. I would also try port 587 on > both hostnames: it won't be the first to give the wrong one. > > The second shows how to get a suitable password for your userID. > (I would use this approach merely because I don't know anything > about oath.) > > Anyway, what doesn't work for you and what response do you get > from exim? What doesn't work? Can't send mail. Long before Verizon and Oath were involved with Yahoo. When I switched from dialup AT had me using port 465 and at that time I was getting some kind of authorization error but couldn't find out what. # /etc/exim4/update-exim4.conf.conf dc_eximconfig_configtype='smarthost' dc_local_interfaces='127.0.0.1' dc_smarthost='outbound.att.net::465' Here's an excerpt from current exim's log: 2018-07-03 19:51:29 1faXd0-0008Gb-JB Remote host smtp.att.mail.fy4.b.yahoo.com [67.195.228.97] closed connection in response to initial connection 2018-07-03 19:51:59 1faXd0-0008Gb-JB == nialccm.e...@gmail.com R=smarthost T=remote_smtp_smarthost defer (-18): Remote host smtp.att.mail.fy4.b.yahoo.com [98.136.96.82] closed connection in response to initial connection Switching update-exim4.conf.conf to read: dc_smarthost='outbound.att.net::587' exim's log now shows: 2018-07-03 20:15:24 1faYFl-6U-4d ** mikemcclain...@att.net R=smarthost T=remote_smtp_smarthost: SMTP error from remote mail server after MAIL FROM:<> SIZE=2464: host smtp.att.mail.fy4.b.yahoo.com [67.195.228.97]: 550 Request failed; Mailbox unavailable This last message shows a further complication. I have a primary email account with ATT as well as several aliases,. I also have a Yahoo account, likewise gmail and am likely to use any of them as the source (From:, ReplyTo: headers) in outgoing mail depending on where it's going. I only have one, the primary, in /etc/exim4/passwd.client for ATT. My dialup doesn't care what I call myself when I send email but perhaps ATT/Yahoo does. No I haven't tried to get that special password. What I've got works, I guess I'll leave it rather than jump through hoops for Verizon. Thanks for the references. Mike -- Where man is there will be trouble to the end of time, if not of one sort, then of another." - Louis L'Amour
Re: Strange LAN IP Address.
On Mon, Jul 02, 2018 at 03:17:27PM -0400, Stephen P. Molnar wrote: > When I ran ifconfig on the Linux platform it showed the unet > connection to be 162.237.98.238!!? The LAN modem employs DCHP > set with allowed IP range as 192.168.1.64 through 192.168.1.253, > which was set by the T installer when we switched to a fiber optic > network. > > Further examination of the modem settings showed IP Passthrough > status as on (Public IP Address), which was, in fact the IP. ATT tech support demonstrated to me that they can change the settings remotely. If they can so can some one else. > I spent 40 minutes, on hold for 28 of those minutes, with an AT > UVVerse technical () person without hearing any reasons why the > IP was what it was. When I signed up with ATT Uverse I accumulated hours on the phone trying to get email out through their server. I gave up and used my dialup account. Their tech support -- isn't. Many of those people didn't grow up with computers and have no idea what goes on under the hood. Even when you get someone in Dallas rather than Manila answers and understanding can be lacking. Should anyone reading this know hjow to get exim4 to connect to outbound.att.net I'd love to hear about it. Mike -- Where man is there will be trouble to the end of time, if not of one sort, then of another." - Louis L'Amour
Re: Dead computer after system shutdown. - Resolved for Now
On Sun, May 06, 2018 at 02:36:50PM -0400, Thomas George wrote: > Box is between two tables but managed to remove side cover and with > mirror confirmed green light on motherboard. Unplugged power cord, > green light goes out, reconnected power, green light on and power > switch works, BIOS message Asus surge protection shut system down > because of unstable power supply.. > > My records show I assembled this box from components in 2008. Should > I be worried? Expected lifetimes of cpu, mb, power supply? > > > On 05/06/2018 12:14 PM, Thomas George wrote: > >Selected shutdown from the window manager and the operating system > >turned off the computer as usual. Tried to restart the computer > >from the switch on the desktop box but it was totally dead. > > > >Where to look for the failure? CPU, motherboard, power supply or > >mechanical switch? > > > >I never thought before about how the operating system shuts down > >the computer. I know there are two wires from the power supply > >which the desktop switch connects to turn on the power supply. How > >does the operating system turn it off? Dirt, dust will greatly affect a computer's life expectancy. I try to clean my old PIII twice a year. Open it up, take outside and blow all the dust out. Then pop the cover off the PS and give it the same treatment. Clean all the fan blades with Qtips and alcohol as well as the CPU heat sink. ESD procedures are called for but all that really amounts to is putting a hand on the chassis before touching anything inside so any charge you have built up is disappated through the chassis rather than through a chip's gate. Best of luck, Mike -- "Computers have enabled people to make more mistakes faster than almost any invention in history, with the possible exception of tequila and hand guns." - Mitch Ratcliffe
Re: quick scripting 'is /P/Q mounted'
Thank you Richard. I suspect $(grep /south40/docs/ /proc/mounts) would be faster than $( mount | grep 'south40/docs'). And I'm sure [ -f /south40/docs/.flag ] would be. Much obliged. Mike On Tue, Mar 13, 2018 at 05:37:07PM +1300, Richard Hector wrote: > On 13/03/18 16:40, Mike McClain wrote: > > If my other computer is South40 and I want to mount South40's /docs > > on my /south40/docs/ directory I can do that. As one script calls > > another I want to know if I need to mount South40 without > > $( mount | grep 'south40/docs'). > > You could look at /proc/mounts, but that's similar to the output of mount. > > Or if it's for a specific directory, and you can put something in it, > you can test for the existence of a special file in the directory. > > Something like > > [ -f /south40/docs/.flag ] > > Richard > -- "Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction." - Albert Einstein
Re: quick scripting 'is /P/Q mounted'
Thank you David. As it happens I have util-linux installed but as with most of Gnu/Linux there are hundreds of programs I've never used and don't know what do. Appreciate the heads-up. Mike On Tue, Mar 13, 2018 at 08:49:58PM +1100, David wrote: > On 13 March 2018 at 14:40, Mike McClain <mike.junk...@att.net> wrote: > > > > If my other computer is South40 and I want to mount South40's /docs > > on my /south40/docs/ directory I can do that. As one script calls > > another I want to know if I need to mount South40 without > > $( mount | grep 'south40/docs'). > > > > Suggestions? > > Installing the package util-linux will provide the mountpoint command > which exits true=0 if its argument is in use as a mountpoint. Example: > > $ if mountpoint / ; then echo "exit status is $?" ; fi > / is a mountpoint > exit status is 0 -- "Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction." - Albert Einstein
quick scripting 'is /P/Q mounted'
A while back, Pierre Gaston posted this little tidbit to quickly determine if my network is up: [ "$(
Re: Debian, FF & NavyFed
On Wed, Dec 20, 2017 at 04:02:01PM +0300, Selim T. Erdo??an wrote: > > Try pressing ESC, or clicking on various points in the window. > > I sometimes see such overlaid stuff on websites and, on some, I can get > it to go away, and see the underlying "real stuff", by such a press/click. Thanks Selim. Didn't work but was worth a try. Hookem Horns. Happy Holidays, Mike -- 1984 was not meant as a blueprint for democratic governments.
Re: Debian, FF & NavyFed
On Tue, Dec 19, 2017 at 03:06:10PM -0500, Matthew Crews wrote: > > Well there is the fourth option, though its not ideal and doesn't really fix > the problem: > > Use some version of Windows in a VM (ideally Windows 7, but Windows 10 will > be easier to acquire), or access your bank on a modern mobile device. I > pretty much keep a Windows VM on standby specifically for the rare app that I > must use that I cannot use on Linux (even via Wine). This is a really interesting proposition. Do you really think I can run Windows in a VM under Linux with only 250M ram? I've still got my Win2K CDs if so. Thanks and happy holidays, Mike -- We make a living by what we get, but we make a life by what we give. - Winston Churchill
Debian, FF & NavyFed
I signed up with Navy Federal Credit Union online banking last week. I can login, I get the banner in color , it says getting your info. As soon they come back with and display my balance all the text turnes to grey and a twiddler pops up and it stays like that forever. NFCU's tech support will not admit to knowing who's waiting for what just we don't support Linux. Suggestions on how to fix this or how to approach it are most welcome. What I've done: Having added Dan Pollock's hosts to my /etc/hosts recently I went back to the bare bones version that only mentions my local hardware. My /etc/hosts.deny says: ALL: PARANOID ALL: ALL: rfc931: spawn(netstat -tup | mail -s "%d DENIED\: %c" root) & as it has for years. I've a small homegrown firewall that's worked for years and allows me to login to other credit unions and several stock brokers. I've saved and studied the page source and nothing sticks out except that it's written for IE and has several *.css at the top I can't see and lots of *.js scripts called. Over the years I've programmed in Fortran, Basic, Forth, Awk, 'C', Dos, Unix and Linux scripting and Perl. My html doesn't extend much further than anchors, lists and list items and and I've never picked up Java or js. As said above all pointers welcome. Oh, Yeah, Linux playground 3.2.0-4-686-pae #1 SMP Debian 3.2.89-2 i686 GNU/Linux I know Wheezy is old but it's old hardware, PIII, 250M memory, my video card hasn't been supported in years. Does what I want most times. FF ESR 52.3.0 (32 bit) Thanks, Mike -- Where man is there will be trouble to the end of time, if not of one sort, then of another." - Louis L'Amour
Re: Re: Iceweasel woes
I went to the message you linked and then the site mentioned and downloaded a large /etc/hosts file that seems to send most of what was eating up cpu & memory to the bit bucket. Huge difference in FF response time, no hard drive grinding. Top now shows around 10% cpu usage and 80% memory. Thank you very much,Mike
Re: Re: Iceweasel woes
Iceweasel woes
I run an older PC, Pentium3 w/ 512M memory which does everything I need but Iceweasel is killing me since the last couple of upgrades. It's become such a memory hog that it ties up the system for minutes at a time. How can I backup to the version of a couple of months ago? Thanks, Mike McClain -- "It is the duty of the patriot to protect his country from its government." - Thomas Paine
OT: Re: Suitable text ed
On Wed, Sep 06, 2017 at 02:31:08AM -0400, Gene Heskett wrote: > > The total configuration generally is not a single file, usually broken up > according to its order in the programs bootup, first being the basic > config, then the first of what could be 2 or 3 .hal files, some of which > can't be run until the gui is started, then once the gui is drawn, more > gui for accessory tally's, spindle speed/direction, and dials to replace > the cranks that no longer exist, usually written in xml or pyvcp, or > gladevcp is done, which adds the "hal pins" that connect the machine gui > to the machine. It can get complex. This most recent lathe has over > 1200 lines of code just in the configuration files. And I still do not > have any coolant or lube facilities under control. Stuff I have yet to > build or buy. :) Damn, that sounds like fun. Mike -- Go to heaven for the climate, hell for the company. - Mark Twain
Re: security issues
On Sat, Aug 26, 2017 at 04:35:21PM -0400, Gene Heskett wrote: > > I have had the ultimate revenge on those who were enemies at one time, > I've outlived the turkeys without doing anything to hasten their > demise. ;-) > I thought that was worthy of being a tagline. Hope you don't mind. Mike -- You can't say that civilization don't advance, for in every war they kill you in a new way. - Will Rogers
Re: One-line password generator
On Tue, Aug 22, 2017 at 08:46:24PM +0100, Brian wrote: > Wow! Can you suggest something which gives one teensy-weensy bit of > memorability? Here's a solution I like. Scramble some letters and numbers you know by heart to create your password, like so: My mother's nickname is Ginny. She was born 5 May, 1920. The password 'G05i05n19n20y' is harder to crack not being suseptible to dictionary lookup. Add a dot/bang (./!) or a hash/query (#/?) and it becomes '.G05i05n19n20y!' or '#G05i05n19n20y?' and it's 15 characters. Run your selected password across some of the on'line password checkers, there are many. Best of luck, Mike -- If you lend someone $20 and never see that person again, it was probably a wise investment.
Re: apt-get upgrade problem
On Wed, Jun 21, 2017 at 07:40:59PM -0400, Carl Fink wrote: > On 06/21/2017 04:56 PM, Mike McClain wrote: > >Can someone point me at where to look to see why I can't upgrade iceweasel? > > > Have you tried typing "apt-get install firefox-esr"? It should tell > you why it's held back. Duh, I'm an idiot. Carl you hit the nail on the head. I'm so used to using 'update/upgrade' that I didn't think to try install. Rather than telling me why FF was held back it just went ahead and installed it. Thanks a lot, Mike -- Lord, the money we do spend on government. And it's not a bit better government than we got for one-third the money twenty years ago. - Will Rogers
apt-get upgrade problem
When I do 'apt-get upgrade', I get the following: The following packages have been kept back: firefox-esr and firefox/iceweasel is what I was hoping to upgrade. Can someone point me at where to look to see why I can't upgrade iceweasel? Thanks, Mike -- As Andy Capp's wife said, "You're only young once, but you can be childish all your life."
Re: hacker tracking
On Sun, Jun 18, 2017 at 07:26:01PM -0700, John Conover wrote: > Hi Mike. You are running stateful NAT, (stateful Network Address > Translation on your modem/router,) right? Also, your modem/router > should not be responding to ping(1)/icmp/ident packets since you do > not allow remote/external access. Might try: I'm not up on the term but my firewall drops packets from anyone with whom I didn't initiate the connection. Is that 'stateful NAT'? > https://www.grc.com/x/ne.dll?bh0bkyd2 I've been checking my firewall with grc.com ever since I felt the need for a firewall and grc.com says I'm fully stealthed. > for starters to find out, (or better, nmap(1) if you have access to an > external shell account.) Nope no such account but thanks for sharing your ideas. > John > -- > John Conover, cono...@rahul.net, http://www.johncon.com/ Mike -- "Why fit in when you can stand out?" - Dr. Seuss
Re: hacker tracking
On Sun, Jun 18, 2017 at 08:05:41PM -0500, John Hasler wrote: > The hits are coming from bots running on cracked computers. The botnet > operators control them through several layers of indirection. > > I suspect that a majority of the Windows boxes in the world may be under > the control of botnets. > -- > John Hasler > jhas...@newsguy.com > Elmwood, WI USA Hi John, If I understand correctly you're saying that for someone with my limited knowledge and abilities, this is an exercise in futility since most IP addresses I collect will not be those of hackers but rather of those already hacked. Since you've brought that idea to my attention it makes sense to me but is somewhat depressing. Oh well, knowledge is power. Thank you for enlightening me. Mike -- "Why fit in when you can stand out?" - Dr. Seuss
hacker tracking
First let me say that according to my IDS I haven't been hacked. I don't have a website or run any servers for off site access. Just an individual with an ATT internet connection. All the flack in the news lately about Russian hacking and Putin's denials got me curious and I enabled my firewall to start logging dropped incoming packets. I must admit to being surprised at the quantity of attempts to hack into my computer. It only took a couple of days before I started rotating those logs to keep the size down. I'm getting from 20,000 to over a million hits a day on a computer that's only online 3-4 hours a day and often much less. By doing 'whois' lookups on the source IP of the dropped packets I've built a database of the IP, country, inetnum/route and hit count. Now as I go through yesterday's log most hits fall into previously seen routes greatly reducing the number of 'whois' lookups. Using the same program to read the logs, compile the database and pull various relations from the data I've seen some surprising things. These are the countries most often showing up in the logs: mike@/deb73:~> perl/hackers.pl -s | awk '$1>100' hitcount, country, numIPs 646 US 373 636 CN 513 562 IE 6 153 RU 107 143 FR 40 108 IN 83 In order, the 2 letter codes detailed in ISO-3166 equate to: the United States, China, Ireland, Russia, France and India. Notice that Ireland which has third highest hits has only 6 unique IPs. mike@/deb73:~> perl/hackers.pl -c IE CountryRoutes(IE), numHits 86.40.0.0/15, 1 87.198.0.0/16, 1 91.230.47.0/24, 560 The most hits from Ireland come from a single route. mike@/deb73:~> perl/hackers.pl -r 91.230.47.0/24 routeIPs(91.230.47.0/24), numHits 91.230.47.3,13 91.230.47.37, 24 91.230.47.38, 522 91.230.47.4,1 It would seem likely that all of these are from the same person and in fact the packet info logged includes the MAC address which verifies that this is all one hacker. Browsing the logs has shown be that the MAC address can be spoofed. One day I was getting hit every 6 seconds by IP address that spread across the range of the IP block while the MAC address varied by a character or 2. I'd appreciate a pointer to an algorythm that would compare 2 strings (MAC addresses) and give a congruity percentage. I've gotten hit by one source address that the RIR in Brasil is unassigned. I'm totally bewildered by this as I can see no way any hacker could ever ger a response. Perhaps there was something in the rest of the packet that could have given them access? Only the header of the packet gets logged so I'll never know. There are several IPs from Japan that 'whois' doesn't return a inetnum/route for. I suspect I'm not the only one who is interested in this exploration and hope some of you can share tips to carry it further. Thanks, Mike -- Your talent is God's gift to you. What you do with it is your gift back to God.
Re: mutt & maillist digests
On Tue, Apr 25, 2017 at 11:29:18AM -0500, David Wright wrote: > On Tue 25 Apr 2017 at 17:22:28 (+0200), Vincent Lefevre wrote: > > On 2017-04-24 15:57:17 -0700, Mike McClain wrote: > > > I'm running Debian Wheeze on a P3 1/2M memory. Mostly CL. > > > Mutt 1.5.21 is the culprit ( or am I? ) > > > I subscribe to mailing lists in digest form. > > > Mutt recognizes the fact when I'm viewing a Debian User digest but not > > > when I'm reading a 'help-bash' digest from gnu.org. The difference > > > that's got me is that when I open a DebUser digest I can enter 'v' and > > > mutt separates the messages so I can respond on list to a particular > > > message. The help-bash digest doesn't get split like that by mutt so > > > if I want to reply to a particular message mutt will put the whole > > > digest into the reply for me to delete all that doesn't apply to the > > > message I want to send. > > > > Perhaps the 'help-bash' digest does not use MIME. > > Or perhaps you didn't subscribe to the MIME version if it exists. On > https://lists.gnu.org/mailman/listinfo/help-bash > IIRC the digest "radio button" selects only the non-MIME version. > To get the MIME one you have to go down to the section ridiculously > labelled: > > Help-bash Subscribers > (The subscribers list is only available to the list administrator.) > > and press: > > Unsubscribe or edit options > > Some non-MIME list digests scrub the attachments and give links to > see them, which don't work. BTW I've never received a reply to any > email sent to webmast...@gnu.org about any of their lists/problems. > > Cheers, > David. Thanks David. Your directions were clear, concise and accurate. 'help-bash' traffic goes in spurts and though I made the changes in my subscription the day you posted I only today got confirmation. Blessings, Mike -- "A pessimist sees the difficulty in every opportunity; an optimist sees the opportunity in every difficulty." - Sir Winston Churchill (1874-1965)
mutt & maillist digests
I'm running Debian Wheeze on a P3 1/2M memory. Mostly CL. Mutt 1.5.21 is the culprit ( or am I? ) I subscribe to mailing lists in digest form. Mutt recognizes the fact when I'm viewing a Debian User digest but not when I'm reading a 'help-bash' digest from gnu.org. The difference that's got me is that when I open a DebUser digest I can enter 'v' and mutt separates the messages so I can respond on list to a particular message. The help-bash digest doesn't get split like that by mutt so if I want to reply to a particular message mutt will put the whole digest into the reply for me to delete all that doesn't apply to the message I want to send. Is there a configuration I'm missing? Is there anything I can do to tell mutt that the messages from help-bash are to be treated as a mailing list digest? Thanks, Mike -- Go to heaven for the climate, hell for the company. - Mark Twain
Re: Wan/Lan problem [SOLVED]
On Thu, Mar 30, 2017 at 09:40:29PM -0400, Henning Follmann wrote: > On March 30, 2017 8:27:54 PM EDT, Mike McClain <mike.junk...@copper.net> > wrote: > >On Thu, Mar 30, 2017 at 07:25:52AM -0400, Henning Follmann wrote: > >> On March 28, 2017 7:46:02 PM EDT, Mike McClain > ><mike.junk...@copper.net> wrote: > > > >If I'm understanding you you're saying that ATT's router having an > >address of 192.168.1.254 on eth0 while the Linux box(play), Win2k(s40) > >and my router have addresses 192.168.1.1,2&3 on eth1 is the root of > >the problem. Since ATT's router's address is immutable I either need > >to reconfigure 2 computers and a router to a different net, > >192.168.2.0 or 10.0.0.0, for instance or learn to build bridges. > > > >Is my understanding correct? > > > >Thanks, > >Mike > > > Yes, > with your configuration both eth0 and eth1 are in 192.168.1.0/24. There is no > way tobfigure out which to use. > > However you have to provide more than just diferent subnets. The network > behind the firewall now needs dns and most likely also dhcp. > You could install dnsmasq. It provides just this. > > However based on your initial understanding of networking I wonder if > something like pfsense makes more sense for you. > > Another way to set this up would be a transparent firewall. In that case you > bridge eth0 and eth1 without assigning an ip address at all. You might want > to have athird network interface for maintenance tho. > Pfsense also privides that functionality. > My thanks to Mr. Follmann and all you others that helped. As it turned out ATT's router having an address of 192.168.1.254 is not immutable but subject to change by the user(me). Setting ATT's router to 192.168.2.254 solved all my problems. With eth0 and eth1 both up, the Linux box and the Win2K box can both browse the i'net passing GRC.com's all ports scan and I can still mount the Win2K shared partitions from Linux. An extra thanks to you, Henning for pointing out the trouble spot. Mike -- People ain't any more interested in politics than they are in long underwear. Both sides have lied to 'em so often that we don't look on any candidate with admiration or with hate; we just pity 'em. - Will Rogers
Re: Wan/Lan problem
On Thu, Mar 30, 2017 at 07:25:52AM -0400, Henning Follmann wrote: > On March 28, 2017 7:46:02 PM EDT, Mike McClain <mike.junk...@copper.net> > wrote: > >The situation is this: > > > > phoneeth0 eth1 > >AT| || || |---| | > >AT modem/ Linux my Win2K > >router box router box > > > > > ># /etc/hosts > >192.168.1.254ATTrouter > >#192.168.1.64outbound.att.netatt > >127.0.0.1 localhost > >192.168.1.2 playground play > >192.168.1.3 south40 s40 > >192.168.1.1 router > ># --- end hosts > > You put eth0 and eth1 into the same network segment. > That most likely is your problem > Either you bridge eth0 and eth1 or if you want your linux box as a firewall > you pick a different ntwork for eth1 > > -- > Henning Follmann If I'm understanding you you're saying that ATT's router having an address of 192.168.1.254 on eth0 while the Linux box(play), Win2k(s40) and my router have addresses 192.168.1.1,2&3 on eth1 is the root of the problem. Since ATT's router's address is immutable I either need to reconfigure 2 computers and a router to a different net, 192.168.2.0 or 10.0.0.0, for instance or learn to build bridges. Is my understanding correct? Thanks, Mike -- Goodness will be rewarded with goodness. - Chinese proverb
Re: Wan/Lan problem
On Wed, Mar 29, 2017 at 08:50:15AM -0400, rhkra...@gmail.com wrote: > On Wednesday, March 29, 2017 03:17:37 AM David Christensen wrote: > > On 03/28/2017 04:46 PM, Mike McClain wrote: > > > phoneeth0 eth1 > > > > > > AT| || || |---| | > > > > > > AT modem/ Linux my Win2K > > > > > > router box router box > > Put your router immediately after the AT modem, then (assuming there are > multiple ethernet ports on the router), put your Linux box on one eth port and > the Windows box on another. (That would require 3 ports on the router.) The problem I have with your solution is that the Win2K box is not behind the firewall I have running on the Linux box. Thank you for your thoughts. Mike -- You buy the votes you need. Political power flows from money, it always has; the concept of society is about money. - Nancy Kress in 'Beggers in Spain'
Re: Wan/Lan problem
On Tue, Mar 28, 2017 at 10:14:50PM -0400, Dan Ritter wrote: > On Tue, Mar 28, 2017 at 04:46:02PM -0700, Mike McClain wrote: > > The situation is this: > > > > phoneeth0 eth1 > > AT| || || |---| | > > AT modem/ Linux my Win2K > > router box router box > > > > When eth0 is up and eth1 down, > > the Linux box can access the web. > > 'ping ATTrouter' works. > > When eth0 is up and eth1 up, > > the Linux box can not access the web. > > the Win2K box can access the web. > > the Linux box can not access the Win2K shares. > > 'ping ATTrouter' fails. > > 'ping -Ieth0 ATTrouter' works. > > When eth0 is down and eth1 up, > > the Linux box can access the Win2K shares. > > When eth0 is down and eth1 down, > > it's quiet. > > > > The ATT router is set to 'Pass Through' giving the Linux box the ATT > > router's IP address. > > The Linux box is set to use DHCP. > > This might explain why I loose the LAN connection when eth0 up. > > > > Why can the Linux box not see the web while the Win2K box can? > > You're going to end up discovering that this is a problem in IP > assignment, routing, forwarding, or something very similar. > > What masquerading are you doing? What IP forwarding? What > routing entries are present? > > -dsr- Here are the statements from the firewall on the Linux box that deal with the LAN: INET=eth0; LAN=eth1; S40='192.168.1.3'; # static IP of Win2K box # for masqallow forwarding fwd=1; echo $fwd > /proc/sys/net/ipv4/ip_forward echo $fwd > /proc/sys/net/ipv4/conf/all/forwarding echo $fwd > /proc/sys/net/ipv4/conf/default/forwarding echo $fwd > /proc/sys/net/ipv4/conf/lo/forwarding echo $fwd > /proc/sys/net/ipv4/conf/eth0/forwarding echo $fwd > /proc/sys/net/ipv4/conf/eth1/forwarding iptables -A INPUT -i $LAN -j ACCEPT iptables -A OUTPUT -f -d $S40 -j DROP iptables -A FORWARD -i $LAN -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o $INET -j MASQUERADE eth0 up, eth1 down root@/deb73:~> route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 99.188.244.10.0.0.0 UG0 00 eth0 99.188.244.00.0.0.0 255.255.252.0 U 0 00 eth0 eth0 up, eth1 up root@/deb73:~> route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 99.188.244.10.0.0.0 UG0 00 eth0 99.188.244.00.0.0.0 255.255.252.0 U 0 00 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth1 eth0 down, eth1 up root@/deb73:~> route -n Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth1 The Linux box is my main computer, it's just a computer but runs my firewall. My router is NetGear RP614 and all connections to the router are on the lan side, nothing in the i'net port. Just the 2 computers and the printer. The Win2K box is just a computer but has my music and financials. Each box serves as backup storage for the other. No Wi-Fi, pods, phones, tablets, game consoles, laptops, etc. Any other thoughts/suggestions? Thanks to Dan, David & Tomas for the help. Mike -- You buy the votes you need. Political power flows from money, it always has; the concept of society is about money. - Nancy Kress in 'Beggers in Spain'
Wan/Lan problem
Howdy, I have a WAN/LAN challenge I'm hoping for help with. I'm runniing Debian 7.11 on a Pentium 3 with 250MB ram. mike@/deb7:~> uname -a Linux playground 3.2.0-4-686-pae #1 SMP Debian 3.2.84-2 i686 GNU/Linux The situation is this: phoneeth0 eth1 AT| || || |---| | AT modem/ Linux my Win2K router box router box When eth0 is up and eth1 down, the Linux box can access the web. 'ping ATTrouter' works. When eth0 is up and eth1 up, the Linux box can not access the web. the Win2K box can access the web. the Linux box can not access the Win2K shares. 'ping ATTrouter' fails. 'ping -Ieth0 ATTrouter' works. When eth0 is down and eth1 up, the Linux box can access the Win2K shares. When eth0 is down and eth1 down, it's quiet. The ATT router is set to 'Pass Through' giving the Linux box the ATT router's IP address. The Linux box is set to use DHCP. This might explain why I loose the LAN connection when eth0 up. Why can the Linux box not see the web while the Win2K box can? I've not found or at least recognized the problem in the HowTo's. Pointer's or suggestions? Thanks, Mike # /etc/hosts 192.168.1.254ATTrouter #192.168.1.64outbound.att.netatt 127.0.0.1 localhost 192.168.1.2 playground play 192.168.1.3 south40 s40 192.168.1.1 router # --- end hosts # /etc/networks default 0.0.0.0 loopback127.0.0.0 link-local 169.254.0.0 localnet192.168.1.0 # --- end networks # /etc/resolv.conf domain attlocal.net search attlocal.net nameserver 192.168.1.254 # --- end resolv.conf # /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth1 # eth0 = onboard eth port iface eth0 inet dhcp # eth1 = 3Com PCI 3c905C card iface eth1 inet static address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 208.67.222.222 208.67.220.220 # --- end interfaces -- "I reckon some folks figure it a compliment to be called 'broad-minded.' Back home, broad-minded is just another way of saying a feller is too lazy to form an opinion."- Will Rogers
Re: downloading mail
My .fetchmailrc has this: poll mail.copper.net protocol pop3 user "mike..."with pass "" is "root" here forcecr smtpaddress localhost fetchall mda "/usr/sbin/sendmail -i -f %F -- %T" HTH, Mike On Sun, Nov 27, 2016 at 02:37:23PM -0700, Bob Holtzman wrote: > fetchmail > fetchmail: no mailservers have been specified. > > which is pretty strange since > > less fetchmail > poll "pop.west.cox.net" > protocol pop3 > username "holtzm" > #password "4vr4mz4v3l" > password "" > mimedecode > mda "/usr/bin/procmail -f -" > > Tried a few other cominations including .fetchmail and .fetchmairc with > no better results. > > I'mmissing something obvious, but what? > > -- > Bob Holtzman > "Bother", said Pooh, as he chambered another round... -- "He who has never made a mistake has not made anything"
Re: A minimalist network
Don't know if this will help but... I have a 2 box network, Wheezy and Win2K, cable connected and able to access directories on the Win2K box from Debian. Never needed to go the other way. The Linux box is named playground, the Win2K box South40. There is a router between them but it's not necessary (belt). On the Linux side: These packages installed: cifs-utils libfilesys-smbclient-perl libsmbclient samba-common samba-common-bin smbclient /etc/hosts has these entries. 192.168.1.1 router 192.168.1.2 playground play 192.168.1.3 south40 s40 /etc/hostname contains: playground /etc/network/interfaces has these lines: # The primary network interface allow-hotplug eth1 iface eth1 inet static address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 /etc/fstab has these entries: //south40/H$/docs /south40/docs cifs noauto,rw,user,credentials=/home/mike/smb.psswd,uid=1000,file_mode=0755,dir_mode=0755,nounix,noserverino 0 0 //south40/I$/MP3s /south40/MP3s cifs noauto,rw,user,credentials=/home/mike/smb.psswd,uid=1000,file_mode=0755,dir_mode=0755,nounix,noserverino 0 0 # docs & MP3s on different partitions /home/mike/smb.psswd has 600 permissions and contains: username=Win2K_user password=Win2K_password I have a small iptables firewall that must allow traffic to/from Win2K. To access the Win2K files: root@/deb73:/> mount /south40/docs On the Win2K side: StartMenu/ControlPanel/System/NetworkID/Properties: Computer Name = south40 Member of workgroup = WORKGROUP StartMenu/ControlPanel/System/NetworkID/NetworkID: launches wizard Home use, Users must enter user name and password StartMenu/Control Panel/Internet Options/Internet Properties/Security/Local Intranet/Sites/Advanced/: 192.168.1.1 192.168.1.2 StartMenu/Settings/Network and Dial-up Connections/Local Area Connection right click Properties check: Client for Microsoft Networks File and Printer sharing Internet Protocol(TCP/IP) select Internet Protocol(TCP/IP)/Properties: Use the following IP address: IP Addr:192.168.1.3 Subnet mask:255.255.255.0 Default Gateway:192.168.1.2 Use the following DNS server addresses: Prefered DSN: 208.67.222.222 Alternate: 208.67.220.220 select Advanced/WINS/Enable NETBIOS over TCP/IP create C:\shared & shared it (only used with smbclient to pass files back & forth). C:\WINNT\system32\drivers\etc\hosts: 192.168.1.2playground HTH, Mike -- Seven deadly sins: Anger, gluttony, envy, sloth, avarice, lust and pride. I practice most of these so guess I'll die one day.
determine /dev/pts/1 in .xsession
I open several aps in .xsession, a couple of xterms, clock, iceweasel. The first in .xsession is an xterm I use for command line stuff. This xterm is seldom at any one pts but rather moves around. Is there a way to tell X to always open that xterm on /dev/pts/1? Thanks, Mike -- During the month of August 2014 it was reported that 7 Israelis died in combat while 2100 residents in Gaza died. With a 300::1 kill ratio who are the terrorists?
Re: Moving from 56k modem
On Thu, Jun 18, 2015 at 03:22:37PM -0500, Richard Owlett wrote: Scarletdown wrote: How about a portable wireless hotspot device and service? I was leaning away from that solution - unsure of security implications when using personal hotspot. The way I understand how those work, you will have your Internet service with you no matter where you are, as long as you can get a signal from your provider. When CBS 60 Minutes (or was it Sunday Morning?) did an article on security on airlines, trains, etc. They suggested setting up a VPN on your system. Mike -- You may not control all the events that happen to you, but you can decide not to be reduced by them. - Maya Angelou -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150618223351.GA7807@playground
Re: Moving from 56k modem
On Wed, Jun 17, 2015 at 11:03:47AM -0500, Richard Owlett wrote: My connectivity for ~3 decades has been at = 56k. Current ISP abandoning that market ;/ I do not wish DSL, cable, nor satellite as they restrict me to one physical location. I was assuming that meant connecting via cell network. Is that correct? What questions should I be asking? Please note that I am strongly text, rather than graphics, oriented. Comments /or questions I should be asking. Thank you. My little brother has been going cross country in a motor home using his T-mobile cell phone as a hotspot to hook up his Mac (not Linux) to the web. When he has a lot to DL he drops into the nearest library which doesn't run up his phone bill. YMMV, Mike -- During the month of August 2014 it was reported that 7 Israelis died in combat while 2100 residents in Gaza died. With a 300::1 kill ratio who are the terrorists? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150617225437.GA19471@playground
Re: Old Computers
On Tue, Jun 02, 2015 at 07:04:13PM -0500, Jose Martinez wrote: And I will probably not use these system(s) on line much if any at all. So most of the security issues will fixed or not will not really be a problem in this situation. I see I've sparked a pretty good discussion on the list. I sure appreciate all the advice/information it will come in very handy when I actually have the systems in hand. -- JM If you need linux on a 386 that's where I started with DosLinux. I still have a copy if you're interested. As I recall no Xwindows just command line. Mike -- Why fit in when you can stand out? - Dr. Seuss -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150603145539.GA19315@playground
Re: pc version of yahoo.com
On Mon, Sep 22, 2014 at 11:41:18AM -0400, Scott Lair wrote: Anyone having trouble getting to yahoo.com pc version in wheezy? I keep getting the mobile version. I have tried updating iceweasel to the backported version, cleared the cache, but still get the mobile version. Even when I click on the pc version on yahoo's site it brings up the mobile version. Chromium works ok, but not iceweasel. I have been having the same problem with mu.yahoo.com and iceweasel. A google search pointed me to https://my.yahoo.com/?m=1 which gave me my regular mu.yahoo page back. From my viewpoint most of yahoo's 'improvements' aren't. HTH, Mike -- Is life so dear, or peace so sweet, as to be purchased at the price of chain and slavery? - Patrick Henry -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/2014090939.GA28960@playground
Re: IP Forwarding to Windows machine
I adopted Mr. Gyorgy's suggested iptables rules with only a couple of additions based on nmap's report that port 411 was open because it passed with flying colors nmaps tcp and udp scan of the first 1056 ports, grc.com tests and pcflank.com tests. For a single user system running no services to the web is there anything I ought to look at? I'm not asking for guarantees, just suggestions. Thanks, Mike -- Humor is an affirmation of dignity, a declaration of man's superiority to all that befalls him. - Romain Gary -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140813035216.GB3802@playground
Re: IP Forwarding to Windows machine [SOLVED]
On Mon, Aug 11, 2014 at 02:06:28PM +0200, Pascal Hambourg wrote: Mike McClain a ?crit : Clearly DNS lookup is working and I have a problem with the configuration of IE. Check in its network settings whether a proxy is defined, and remove it. Hi Pascal, Nope, no proxy. Though I had told Windows via the 'Local Area Connection' properties that the Linux box (192.168.1.2) was the gateway for the Win2K box I had failed to tell Internet Explorer that the Linux box was on the LAN. Silly me. After fixing that IE could find Google, GRC.com and many other sites on the web but curiously failed to find Mozilla hence wouldn't DL Firefox. After I put the router back between the two boxes IE couldn't even find Google but tracert assured me DNS lookup was still there. I DL'd the last version of Firefox that would work with Win2k from the Debian box and used smbclient to move it to the Win2K box. After install I have no trouble accessing the web from the Win2K box with FF. I want to say thank you to all that helped. I learned quite a bit from you guys. Sincerely, Mike McClain -- Your assumptions are your windows on the world. Scrub them off every once in a while or the light won't come in. - Alan Alda, Connecticut College 62nd Commencement Speech, 1980 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140812053823.GA20606@playground
Re: IP Forwarding to Windows machine
On Sat, Aug 09, 2014 at 10:30:53PM -0600, Bob Proulx wrote: Mike McClain wrote: Pascal Hambourg wrote: Please describe your network topology. Where's the Win2k box ? __ | Debian| LAN| Windows 2000 | Inet|Linux|-| S40 | (ppp) | 192.168.1.2 | cross-over| 192.168.1.3 | |_| |___| It isn't 100% clear so I will ask. What IP address is the Debian box getting on the ppp connection? You only list one IP address for it but of course it must have another one for the upstream connection. And you left that one out leaving us guessing about it. snip Hi Bob, Sorry I left that out, I should have shown ISP between Inet and the Debian box. my external IP address I get via dhcp from the ISP and it varies but is in the 69.19.x.x range. Mike -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140810162441.GA32267@playground
Re: IP Forwarding to Windows machine
On Sun, Aug 10, 2014 at 11:33:27AM +0200, Pascal Hambourg wrote: Nemeth Gyorgy's ruleset is too complicated. Use the bare minimum : sysctl -w net.ipv4.ip_forward=1 iptables -t nat -P ACCEPT iptables -t filter -P ACCEPT iptables -t mangle -P ACCEPT iptables -t nat -F iptables -t filter -F iptables -t mangle -F iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE Then test the following commands from Windows in order : tracert -d 130.89.148.12 tracert ftp.debian.org telnet ftp.debian.org 21 (if you get the server banner then type quit to exit) Hi Pascal, Thank you very much I didn't know about 'tracert' and running it as you suggested shows that I've been barking up the wrong tree. Here's the results of running tracert from Windows: Mike@Win2K:~ tracert -d 130.89.142.12 Tracing route to 130.89.142.12 over a maximum of 30 hops 1 10 ms 10 ms 10 ms 192.168.1.2 2 110 ms 110 ms 120 ms 69.19.219.6 3 110 ms 111 ms 120 ms 69.19.219.19 4 100 ms 110 ms 101 ms 69.19.223.17 5 100 ms 110 ms 110 ms 66.220.13.33 6 110 ms 100 ms 110 ms 72.52.92.121 7 161 ms 180 ms 170 ms 72.52.92.225 8 241 ms 240 ms 240 ms 72.52.92.165 9 231 ms 240 ms 270 ms 195.66.225.122 10 241 ms 240 ms 251 ms 145.145.4.46 11 *** Request timed out. . . snipped . 30 *** Request timed out. Trace complete. Mike@Win2K:~ tracert ftp.debian.org Tracing route to ftp.debian.org [130.89.148.12] over a maximum of 30 hops: 1 10 ms 10 ms 10 ms 192.168.1.2 2 100 ms 120 ms 110 ms laxapx05.o1.com [69.19.219.6] 3 101 ms 100 ms 110 ms o1-69-19-219-19.static.o1.com [69.19.219.19] 4 100 ms90 ms 111 ms o1-69-19-223-17.static.o1.com [69.19.223.17] 5 100 ms 100 ms 100 ms ge2-4.core1.lax2.he.net [64.62.142.157] 6 110 ms 110 ms 120 ms 10ge10-2.core1.lax1.he.net [72.52.92.121] 7 171 ms 160 ms 180 ms 10ge10-8.core1.nyc4.he.net [72.52.92.225] 8 231 ms 240 ms 240 ms 100ge7-2.core1.lon2.he.net [72.52.92.165] 9 231 ms 240 ms 240 ms jnr01.asd002a.surf.net [195.66.225.122] 10 240 ms 240 ms 251 ms UTwente-router.Customer.surf.net [145.145.4.46] 11 240 ms 240 ms 251 ms klecker2.snt.utwente.nl [130.89.148.12] Trace complete. Clearly DNS lookup is working and I have a problem with the configuration of IE. Again thanks, Mike -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140810181558.GB32267@playground
Re: IP Forwarding to Windows machine
On Fri, Aug 08, 2014 at 07:05:28PM -0700, David Christensen wrote: On 08/08/2014 12:04 AM, Mike McClain wrote: I've been trying to get my hand rolled iptables firewall to masquerade traffic on the LAN to/from a Win2K box. I used to write my own firewall/ router rules, but then discovered purpose-built firewall/ router FOSS distributions. I used IPCop for many years, and was very pleased: http://www.ipcop.org/ Hi David, I learn best by studying and doing. Maybe what I'll learn is that it's beyond me and give ipcop a try but not yet. Thanks for the idea, Mike -- Imagination is looking at a dot in the sky and seeing it as another world is looking at the world and seeing it as as just a dot in the sky. is seeing a garden in the galaxy Is seeing a galaxy in the garden. - Jon Lomberg, space artist and journalist.. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140809225547.GA11824@playground
Re: IP Forwarding to Windows machine
On Fri, Aug 08, 2014 at 09:16:05PM -0700, Matt Ventura wrote: On 8/8/2014 12:04 AM, Mike McClain wrote: I've been trying to get my hand rolled iptables firewall to masquerade traffic on the LAN to/from a Win2K box. I've gotten it to the point that I can ping from the boxes both ways, smbclient can move files both ways and the Win2K box can ping Google's IP address but DNS lookup fails even though I've used the same DNS server in the Win2K box as on my Debian box which access the Inet via dialup. IE says Cannot find server or DNS error. I've read every HOWTO and the iptables man pages several times but am at a loss. Suggestions? Thanks, Mike Can you post the exact output of the nslookup attempt from the win2k box? Thanks, Matt Ventura from a zsh prompt: Mike zsh:~ nslookup Default Server: resolver1.opendns.com Address: 208.67.222.222 Didn't return. from a cmd.exe prompt: C:\WINNT\system32nslookup DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 208.67.222.222: Timed out Default Server: resolver2.opendns.com Address: 208.67.220.220 Didn't return. from a bash prompt: Mike@Win2k:~ nslookup Default Server: resolver1.opendns.com Address: 208.67.222.222 Didn't return. I'm quite sure I didn't enter 'resolver1' or 'resolver2' in anything in Windows so the DNS lookup must have worked to some degree. Mike -- Imagination is looking at a dot in the sky and seeing it as another world is looking at the world and seeing it as as just a dot in the sky. is seeing a garden in the galaxy Is seeing a galaxy in the garden. - Jon Lomberg, space artist and journalist.. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140809230007.GB11824@playground
Re: IP Forwarding to Windows machine
On Fri, Aug 08, 2014 at 08:24:11PM +0200, Nemeth Gyorgy wrote: 2014-08-08 09:04 keltez?ssel, Mike McClain ?rta: I've been trying to get my hand rolled iptables firewall to masquerade traffic on the LAN to/from a Win2K box. I've gotten it to the point that I can ping from the boxes both ways, smbclient can move files both ways and the Win2K box can ping Google's IP address but DNS lookup fails even though I've used the same DNS server in the Win2K box as on my Debian box which access the Inet via dialup. IE says Cannot find server or DNS error. snip It's a rather complicated, sometimes overcomplicated script. But some rules are missing and/or not in the correct order. I've little doubt you are correct, admittedly I'm flailing a bit. Trying this and that with little luck. I'd appreciate it if you'ld be a little more explicit as to what's missing and out of order. I'm running no external services. To keep things more simple I suggest to do a minimal script and you can make it more complicated later. snip I did exactly as you suggested, implimenting a minimalist set of rules, only the 5 you mentioned and saw improvement. now the Win2K box can ping google.com and get a reply but IE still can't connect to Google.com nor several other sites I tried, still reporting, Cannot find server or DNS error. Thanks for your help. Any further suggestions? Mike -- Imagination is looking at a dot in the sky and seeing it as another world is looking at the world and seeing it as as just a dot in the sky. is seeing a garden in the galaxy Is seeing a galaxy in the garden. - Jon Lomberg, space artist and journalist.. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140809234918.GD11824@playground
Re: IP Forwarding to Windows machine
On Fri, Aug 08, 2014 at 09:13:23PM +0200, Pascal Hambourg wrote: Hello, Mike McClain a ?crit : I've been trying to get my hand rolled iptables firewall to masquerade traffic on the LAN to/from a Win2K box. Please describe your network topology. Where's the Win2k box ? __ | Debian| LAN| Windows 2000 | Inet|Linux|-| S40 | (ppp) | 192.168.1.2 | cross-over| 192.168.1.3 | |_| |___| What's S40 ? S40 short for south40 the name of the Win2K box. I've gotten it to the point that I can ping from the boxes both ways, Which boxes ? smbclient can move files both ways Smbclient run on which box ? Smbclient run on the Linux box. and the Win2K box can ping Google's IP address but DNS lookup fails even though I've used the same DNS server in the Win2K box as on my Debian box which access the Inet via dialup. IE says Cannot find server or DNS error. I've read every HOWTO and the iptables man pages several times but am at a loss. Suggestions? Same as Nemeth Gyorgy : restart without any filtering, just the IP forwarding and masquerading. If it does not work, it's not due to filtering. Then when everything works add the filtering. All suggestions appreciated. Thanks, Mike -- Imagination is looking at a dot in the sky and seeing it as another world is looking at the world and seeing it as as just a dot in the sky. is seeing a garden in the galaxy Is seeing a galaxy in the garden. - Jon Lomberg, space artist and journalist.. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/2014081633.GE11824@playground
IP Forwarding to Windows machine
I've been trying to get my hand rolled iptables firewall to masquerade traffic on the LAN to/from a Win2K box. I've gotten it to the point that I can ping from the boxes both ways, smbclient can move files both ways and the Win2K box can ping Google's IP address but DNS lookup fails even though I've used the same DNS server in the Win2K box as on my Debian box which access the Inet via dialup. IE says Cannot find server or DNS error. I've read every HOWTO and the iptables man pages several times but am at a loss. Suggestions? Thanks, Mike Here's the firewall code: #!/bin/sh # /mc/bin/my_iptables_fw_lan.sh July 29, 2014 Mc # install fowarding to south40 # from /mc/bin/my_iptables_fw.sh July 25, 2014 Mc # from ~/nixSecurity/LFS_firewall.txt # which copied from packet-filtering-HOWTO.html # and attributed to Rusty Russell # resources: docs/nixSecurity/IPtables_Basics.html # You can send test packets using # Code: telnet ip 445 # and listen incoming packets on 445 port this way # Code: tcpdump -i eth0 dst port 445 # scan from this side # Code: nmap -vv --reason -p 1-1056 192.168.1.2 INET=ppp0 LAN=eth1 router='192.168.1.1' S40='192.168.1.3' # Insert connection-tracking modules # (not needed if built into the kernel) modprobe ip_tables modprobe iptable_filter modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ipt_state modprobe ipt_LOG # for masq modprobe ipt_MASQUERADE # for masqallow forwarding echo 1 /proc/sys/net/ipv4/ip_forward echo 1 /proc/sys/net/ipv4/conf/all/forwarding echo 1 /proc/sys/net/ipv4/conf/default/forwarding echo 1 /proc/sys/net/ipv4/conf/lo/forwarding echo 1 /proc/sys/net/ipv4/conf/eth0/forwarding echo 1 /proc/sys/net/ipv4/conf/eth1/forwarding # Set a known state - iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # remove all rules and pre-existing user defined chains before we implement new rules. iptables -F # delete all rules in all chains iptables -t nat -F iptables -t filter -F iptables -t mangle -F iptables -X # all chains but those built (INPUT,OUTPUT,FORWARD) will be deleted. iptables -Z # zero all counters in all chains. # - # iptables [-t table(nat,mangle,filter,raw)] command(-AIRD [INPUT,OUTPUT,FORWARD]) [match] [target/jump] # INPUT -- # accept GRC.com for testing # iptables -A INPUT -s 4.79.142.206 -j ACCEPT # GRC scan: 411 open, # most blocked, 88:93,113:114,138:138,210,211,213,215:220,267:271,273,275:280,398 stealth # second run different stealth iptables -A INPUT -p tcp --dport 411 -j DROP iptables -A INPUT -p udp --dport 411 -j DROP # without SYN packets other computers cannot open communications iptables -A INPUT -i $INET -p tcp --syn -j DROP # ICMP echo from south40 conflicts with sysctl # echo 0 /proc/sys/net/ipv4/icmp_echo_ignore_all prevents ping router # echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_all prevents s40:ping play # Disallow NEW and INVALID incoming or forwarded packets from ppp0. iptables -A INPUT -i $INET -m state --state NEW,INVALID -j DROP iptables -A FORWARD -i $INET -m state --state NEW,INVALID -j DROP # deny ping from Inet iptables -A INPUT -i $INET -p icmp --icmp-type echo-request -j DROP # Allow local-only connections iptables -A INPUT -i $LAN -j ACCEPT # allow mail to get through127.0.0.1:25exim4 loopback iptables -A INPUT -i lo -j ACCEPT # for masq # iptables -A INPUT -m state --state NEW -i $LAN -j ACCEPT iptables -A INPUT -m state --state NEW ! -i $INET -j ACCEPT # Permit answers on already established connections # and permit new connections related to established ones # (e.g. port mode ftp) iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Log everything else. What's Windows' latest exploitable vulnerability? iptables -A INPUT -j LOG --log-prefix FIREWALL:INPUT --log-level 4 # OUTPUT -- ACCEPT # drop fragments to south40 iptables -A OUTPUT -f -d $S40 -j DROP # port 411 showing as open even though DROPed on INPUT iptables -A OUTPUT -p tcp --dport 411 -j DROP iptables -A OUTPUT -p udp --dport 411 -j DROP # MASQ- # from Masquerading-Simple-HOWTO # Masquerade out ppp0 iptables -t nat -A POSTROUTING -o $INET -j MASQUERADE iptables -A FORWARD -i $INET -p tcp --syn -j DROP # not sure why but this keeps south40 from pinging Inet # iptables -A FORWARD -i $INET -o $INET -j DROP -- You may not control all the events that happen to you, but you can decide not to be reduced by them. - Maya Angelou -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive:
Re: iptables firewall
On Wed, Jul 30, 2014 at 08:33:56PM +0200, Nemeth Gyorgy wrote: 2014-07-30 09:18 keltez?ssel, Joe ?rta: Something else you might do now is to place temporary logging rules before your 'DROP' rules, to confirm whether it is indeed iptables which is blocking those packets. No logs, it's somebody or something else. Perhaps it is not needed. iptables -L -v command shows the ruleset with packet counter. You can see whether the rule was used or not. snip Thank you that's useful to know. Mike -- It's not always polite to speak your mind. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140731161158.GA3644@playground
Re: iptables firewall
On Tue, Jul 29, 2014 at 11:19:18PM +0200, Sven Hartge wrote: Maybe your ISP already filters those ports? Now that's a thought I hadn't considered. If the ISP is REJECTing those ports that would explain the responces I'm seeing. Thanks I'll look into it. Mike -- Who knows what evil lurks in the hearts of men? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140730145828.GB14982@playground
Re: iptables firewall
On Tue, Jul 29, 2014 at 10:20:57PM +0100, Mark Carroll wrote: Use iptables --list-rules to check what rules are actually in force, applying in what order. -- Mark I've been using iptables-save which gives nearly the same output but fails to explain why 2 online scanners show those ports blocked. nmap reports the first 1024 ports filtered which is the same as stealthed. Thanks for the thought, Mike -- Who knows what evil lurks in the hearts of men? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140730150546.GC14982@playground
Re: iptables firewall
On Wed, Jul 30, 2014 at 01:09:24AM +0200, Pascal Hambourg wrote: snip You can safely ignore that stealth FUD. block:REJECT::Stealth:DROP Why do you say it can be ignored? snip Use iptables-save instead. I do. Thanks for your thoughts, Mike -- Who knows what evil lurks in the hearts of men? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140730151532.GD14982@playground
Re: iptables firewall
On Wed, Jul 30, 2014 at 08:18:51AM +0100, Joe wrote: snip Something else you might do now is to place temporary logging rules before your 'DROP' rules, to confirm whether it is indeed iptables which is blocking those packets. No logs, it's somebody or something else. And if you have anything other than just a bare modem between you and the outside world, which is not really best practice, then the first place to look is the Net router. The temporary logging rules is a good idea, I'll do that. And as someone else asked, why are you worried about this 'stealth'? As long as the bad packets don't get in, what does it matter? Why is there a DROP instruction in iptables as well as REJECT? If a hacker gets no response he's less likely to dig further. Thanks for your thoughts. Mike -- Who knows what evil lurks in the hearts of men? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140730153335.GE14982@playground
iptables firewall
I've run into a difficulty with iptables in that both GRC.com and PCFlank.com's firewall scans show ports 137-139 and 445 as blocked but not stealthed in spite of the fact that I have these statements in my firewall script: iptables -A INPUT -p udp --dport 137:138 -j DROP iptables -A INPUT -p tcp --dport 137:138 -j DROP iptables -A INPUT -p tcp --dport 139 -j DROP iptables -A INPUT -p tcp --dport 445 -j DROP iptables -A OUTPUT -p udp --dport 137:138 -j DROP iptables -A OUTPUT -p tcp --dport 137:138 -j DROP iptables -A OUTPUT -p tcp --dport 139 -j DROP iptables -A OUTPUT -p tcp --dport 445 -j DROP Both scans report all else stealthed. Suggestions? THX, Mike -- No electrons were harmed in sending this message, some were inconvenienced. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140729210423.GA25852@playground
Howtos and Faqs
Howdy, When I started to setup my Linux computer to forward IP packets to my Windows computer I realized my copies for the HOWTOs are dated so tried to update them with 'apt-get install doc-linux-text' which failed. After fumbling a bit I went searching at debian.org only to find there is no such package in english only french, japanese and a couple of other languages. Nor is it to be found in the orphaned packages list. Where did it go or what is the package now called that holds the LDP HOWTOs and FAQs? Thanks, Mike -- Goodness will be rewarded with goodness. - Chinese proverb -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140724000114.GA31234@playground
overcoming apt's resistance to broken packages
I don't need xserver-xorg-video-mach64 or xserver-xorg-video-r128 to run X on my machine but xserver-xorg-video-radeon comes bundled with them and xserver-xorg-video-ati. A little experimentation established that X works fine without xserver-xorg-video-{mach64,r128} but apt-get complains about the broken ...-ati package and refuses to do anything else. I've read the manpages and while dpkg seems to have '--force-depends' and '--ignore-depends' options I can't see anything in the apt-get or apt.conf manpages that really helps and putting each of those two options in the DPkg section of /etc/apt/apt.conf did no good. Google results tell how to recover from missing dependancies but I didn't see any discussion about getting apt to ignore them. Thanks, Mike -- The only way that problems get solved in real life is with a lot of hard work on getting the details right. - Linus Torvalds -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140627193138.GA16748@playground
Re: upgrade? broke exim4 [SOLVED] Addendum
On Wed, Jun 04, 2014 at 05:13:59PM -0700, Mike McClain wrote: Back in February I ran across a note on the Debian Wiki that turning off ipv6 would speed up Iceweasel which is a real dog on dialup. With that in mind I put this 'net/ipv6/conf/all/disable_ipv6 = 1' in /etc/sysctl.conf. Setting it to 0 and rerunning 'sysctl -p' got my fetchmail/exim4 connection working again. Now I guess I need to figure out if I can tell exim not to use ipv6 and if so how. root@/deb73:~ ed /etc/exim4/update-exim4.conf.conf #dc_local_interfaces='127.0.0.1 ; ::1' dc_local_interfaces='127.0.0.1' root@/deb73:~ update-exim4.conf root@/deb73:~ service exim4 restart now exim4 NOT listening on ::1:25 only 127.0.0.1:25 root@/deb73:~ ed /etc/sysctl.conf net/ipv6/conf/all/disable_ipv6 = 1 root@/deb73:~ sysctl -p Sent myself emails through my ISP both as root and mike. Rebooted just to double check and am able to retrieve mail so I think the problem is really solved and Iceweasel won't be slowed down by checking for nonexistant ipv6 traffic. Thanks again to you friendly helpers, Mike -- Secrecy is the beginning of tyranny. A government exists to serve its citizens, not to control them. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140605231030.GA3708@playground
Re: upgrade? broke exim4 [SOLVED]
On Wed, Jun 04, 2014 at 02:34:23PM +0200, Filip wrote: It tries to bind to the ipv6 adress of the local interface. Maybe ipv6 is disabled in your system. Do you see the ::1 address when you run 'ip addr' ? Hi Filip, You hit the nail on the head. I didn't understand that in the message: 'socket bind() to port 25 for address ::1 failed' '::1' implied ipv6. Back in February I ran across a note on the Debian Wiki that turning off ipv6 would speed up Iceweasel which is a real dog on dialup. With that in mind I put this 'net/ipv6/conf/all/disable_ipv6 = 1' in /etc/sysctl.conf. Setting it to 0 and rerunning 'sysctl -p' got my fetchmail/exim4 connection working again. Now I guess I need to figure out if I can tell exim not to use ipv6 and if so how. Many thanks to all who replied, Mike -- Humor is an affirmation of dignity, a declaration of man's superiority to all that befalls him. - Romain Gary -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140605001359.GA14023@playground
upgrade? broke exim4
Howdy, I hadn't rebooted since dist-upgrade last January then something caused a lockup, no video, no keyboard such that I did a hard power off. That was 2 days ago and since I've rebooted exim4 can't connect to 127.0.0.1:25 hence fetchmail can't transfer inbound mail. I've not found any solution on Google that works for me. Exim and fetchmail has worked for me for years, since Potato I believe, Debian 2 something. When I run '/etc/init.d/exim4 restart' exim4 writes to /var/log/exim4/paniclog, socket bind() to port 25 for address ::1 failed: Cannot assign requested address: waiting 30s before trying again (9 more tries) and finally: daemon abandoned When I try to fetch mail mike@/deb73:~ /usr/bin/fetchmail -v -i ''; 1 message for mdmcclain at pop3.nethere.net (4211 octets). fetchmail: POP3 LIST 1 fetchmail: POP3 +OK 1 4211 fetchmail: POP3 TOP 1 fetchmail: POP3 +OK headers follow. reading message mdmccl...@mail.nethere.net:1 of 1 (4211 octets) Trying to connect to 127.0.0.1/25...connected. fetchmail: smtp listener protocol error Trying to connect to 127.0.0.1/25...connection failed. fetchmail: connection to localhost:smtp [127.0.0.1/25] failed: Connection refused. fetchmail: Connection errors for this poll: name 0: connection to localhost:smtp [127.0.0.1/25] failed: Connection refused. fetchmail: SMTP connect to localhost failed fetchmail: POP3 QUIT fetchmail: POP3 This is a multi-part message in MIME format. fetchmail: SMTP transaction error while fetching from mdmccl...@pop3.nethere.net and delivering to SMTP host localhost fetchmail: 6.3.21 querying pop3.nethere.net (protocol POP3) at Mon Jun 2 12:39:46 2014: poll completed fetchmail: Query status=10 (SMTP) this stopped exim4 again I don't see anything suspicious in /etc/ exim4 or fetchmail configs so rebooted into older kernel and to see if problems went away, no joy. In one of the messages I read online someone's problems went away with an upgrade, so I did an update, upgrade, still no joy. I'll readily admit most of what I've tried is flailing. I don't even know what a port is that exim4 can't connect to, though I suspect it's software since the hardware allows me to connect to the internet. I'm on dialup if that matters. One of the messages online suggested running, 'while true; do netstat -tlpn | grep :25 ; sleep 10 ; done'. This shows nothing unless done right after restarting exim4 which dies after about 2.5 minutes. I'm open to suggestions as I don't know where to go from here, but please keep the suggestions focused on what the problem with exim4 is. It's way too early to change MTAs which will have a whole other batch of problems. Thanks, Mike -- So the universe is not quite as you thought it was. You'd better rearrange your beliefs, then. Because you certainly can't rearrange the universe. - Nightfall by Asimov/Silverberg -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140603050042.GA3768@playground
Re: upgrade? broke exim4
Mihamina Rakotomandimby mihamina.rakotomandi...@rktmb.org wrote: Does your Exim listen on IPv4 localhost? I think so. At leastwhen I run 'do netstat -tlpn | grep :25', I see: tcp0 0 127.0.0.1:250.0.0.0:* LISTEN 22669/exim4 until exim4 quits since it can't connect to port 25 leaving this: socket bind() to port 25 for address ::1 failed: Cannot assign requested address: daemon abandoned in /var/log/exim4/paniclog. Can anyone suggest what's necessary to connect to port 25? I've compared a month old backups copy of /etc/* to what's there today but see no differences that would account for losing the ability to grab email. Thanks, Mike PS: I suspect I'm breaking the mail chain but see no choice. I'm subscribed to the digest and don't know how to get Webmail to reply to the list so am replying to my first message that is in mutt's sent mail. Sorry, Mike -- Life is a suicide mission - Orson Scott Card -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140603211922.GA24315@playground
split an html file
Hi, My brother Rick, a windrider, put together a webpage, http://www.photographers1.com/Sailing/NauticalTermsNomenclature.html about sailing and wind surfing that has grown too large and should be split into smaller sections to reduce load time. Can anyone point me to any tools that would automate the process of fixing all the links? Thanks, Mike -- In theory, there is no difference between theory and practice. In practice, there is. - Yogi Berra -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140421170844.GD18235@playground
Re: /var/cache/man/...
On Fri, Apr 11, 2014 at 11:16:11AM +1000, Scott Ferguson wrote: snip Unless you specifically don't ask for them, that's what you get - it's a result of the one-size-fits-all metapackage system designed to mostly work in most situations. Specifically *not* asking for them takes a bit of work, e.g. installing debconf-english instead of debconf-i18n, starting with a very minimal system and installing (and configuring) localepurge before installing additional packages. # apt-get install debconf-english localepurge will help, but it's easier to do before most packages are installed. Thank you, I suspect that was the info I needed. Mike -- If you think you can. Or you think you can't. You are right. - Mark Twain -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140411154438.GA23929@playground
Re: /var/cache/man/...
On Thu, Apr 10, 2014 at 09:14:39AM +1000, Scott Ferguson wrote: On 10/04/14 01:44, Mike McClain wrote: The other day I noticed my computer clutteres up with many directories in /var/cache/man/ for languages I don't speak so I deleted them. That was a mistake. You're new to this sysadmin stuff right? ;) Yeah, I've only been maintaining my own *nix system for 16 years. Today they're back but I can't tell how they got there. That's good, it means your delete what I don't like or understand didn't create a huge problem. I've never created such a problem that I had to re-install, anything else is not a 'huge' problem. From your response I suspect you don't know what triggers the re-creation of those unneeded directories. Nothing in /etc/cron/* says anything about recreating them. I assume mandb did it but can't tell what initiated the recreation of all these directories. Nor can I see any need, I don't imagine very many people speak all of those 23 languages. What is the purpose of having all of them installed? Um, didn't *you* install them? Wouldn't that make it a rhetorical question? :) I installed the whole system so in that manner you are correct but I did not ask for all those other languages. The answer of course is that most people use characters and words from a number of languages. Those extra man pages don't take up a lot of space. The fact that I like enchiladas doesn't mean I need spanish man pages. You have several options:- ;don't install all languages to start with (be selective during installs - don't install i18n packages if you don't want internationalization) I didn't, the only packages installed that mention 'i18n' are: debconf-i18n 1.5.49 libtext-wrapi18n-perl 0.06-7 and I certainly didn't ask that debconf be international. ;don't install man Get real. ;install localpurge, select only the locales you are interested in, use it to purge other locales Installed it years ago. Is there a config file I can edit to limit which directories are created? locales does that. Install localepurge to limit the locales supported by installed packages. Not in this case. /etc/locale.nopurge containsen en_US.UTF-8 /etc/locale.gen containsen_US.UTF-8 UTF-8 localepurge is triggered by dpkg, has no cron job and makes no mention of /var/cache/ in it's documentation. Since you brought it up I ran localepurge from the CL where it mentions that it looks for /var/cache/localepurge/localelist which I edited removing all but en_US*. I ran localepurge again but it still doesn't touch /var/cache/man/{cs,da,es,fr,... If you know of a way to tell mandb not to recreate these unnecessary directories I'd like to know about it. Thanks, Mike -- Education is a man's going from cocksure ignorance to thoughtful uncertainty. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140410161533.GB21529@playground
mandb
What are the advantages of mandb? Thanks, Mike -- Education is a man's going from cocksure ignorance to thoughtful uncertainty. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140410162210.GC21529@playground
/var/cache/man/...
The other day I noticed my computer clutteres up with many directories in /var/cache/man/ for languages I don't speak so I deleted them. Today they're back but I can't tell how they got there. Nothing in /etc/cron/* says anything about recreating them. I assume mandb did it but can't tell what initiated the recreation of all these directories. Nor can I see any need, I don't imagine very many people speak all of those 23 languages. What is the purpose of having all of them installed? Is there a config file I can edit to limit which directories are created? Thanks, Mike -- The optimist proclaims that we live in the best of all possible worlds. The pessimist fears this is true. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140409154412.GA1301@playground
Re: modem hangup problems continue
On Sat, Mar 22, 2014 at 06:04:48PM +, Ron Leach wrote: On 21/03/2014 23:10, Mike McClain wrote: I'm running Squeeze on a P3 board and dialup. My modem gets hungup after 2.5 minutes about 30% - 40% of the time I connect. Being idle, in the middle of fetching email or loading a webpage seems to make no difference. Is there any way to log all transactions going to the modem which is on ttyS2? Something like script but for a serial port? I don't know about *all* the transactions going to the modem, nor whether that (yet) has been narrowed to the cause of the problem. I've had similar problems with dial-up on another linux distro, caused by LCP negotiation/connections failures. My dial-up PPP process was not receiving the correct state of the connection, even though the connection was transmitting/receiving user data perfectly. So, a minute or two after connection, LCP (I think, though it may have been PPP that commanded it) would disconnect, due to a timeout for something expiring. snip Hi Ron, In /etc/ppp/options lcp-echo-interval 30 and lcp-echo-failure is unset. I've got ppp error logging going to tty12 and /var/log/debug and often see entries such as this: Mar 22 16:03:23 playground pppd[20465]: sent [LCP EchoReq id=0x2 magic=0x84f3fde5] Mar 22 16:03:23 playground pppd[20465]: rcvd [LCP EchoRep id=0x2 magic=0x0] Mar 22 16:03:53 playground pppd[20465]: sent [LCP EchoReq id=0x3 magic=0x84f3fde5] Mar 22 16:03:53 playground pppd[20465]: rcvd [LCP EchoRep id=0x3 magic=0x0] Mar 22 16:04:23 playground pppd[20465]: sent [LCP EchoReq id=0x4 magic=0x84f3fde5] Mar 22 16:04:49 playground pppd[20465]: Modem hangup Mar 22 16:04:49 playground pppd[20465]: Connect time 2.5 minutes. Mar 22 16:04:49 playground pppd[20465]: Sent 124 bytes, received 261 bytes. In this case the hangup occurred 26 Seconds after the EchoReq was sent but I've seen it hangup as little as 2 seconds after sending EchoReq or receiving EchoRep. When I intentionally disconnect (poff) I see this in the logs: Mar 22 17:27:33 playground pppd[20546]: Script /etc/ppp/ip-down started (pid 20641) Mar 22 17:27:33 playground pppd[20546]: sent [LCP TermReq id=0x2 User request] Mar 22 17:27:33 playground pppd[20546]: rcvd [LCP TermAck id=0x2] Mar 22 17:27:33 playground pppd[20546]: Script /etc/ppp/ip-down finished (pid 20641), status = 0x0 I've seen times in the logs where the ISP quit sending EchoReq for several minutes at a time but my system didn't disconnect until I told it to. I don't know what's causing the hangup either that's why I want to log all traffic to the modem to see if I can spot what's happening. If you have other ideas that might help troubleshoot this problem I'm all ears. I've been dealing with this for months and am stumped. Let me say again this doesn't happen every time. If I get past the 2.5 minute mark I may stay online all night. Thanks, Mike -- It's not always polite to speak your mind. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140323004315.GD20400@playground
Re: modem hangup problems continue
On Sun, Mar 23, 2014 at 12:00:55PM +1300, Chris Bannister wrote: snip Are you sure the line is OK? Check the Carrier Detect( CD) LED on the modem. If it's off, it can't see the modem at the other end. Thanks for the thought Chris I'll check the light next time it happens. Mike -- When is it appropriate to call a Linux user a Linutic? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140324002016.GA7618@playground