Re: guacamole - recording

2019-02-20 Thread Peter Ludikovsky 
¡Saludos!

Esta lista es para correos enviados en inglés. Si necesita ayuda en
español, escriba a la lista debian-users-spanish en
https://lists.debian.org/debian-user-spanish/.

Saludos,
Peter

On 19.02.19 21:53, Eriel Perez wrote:
> Saludos amigos de la lista. 
> 
> Tengo guacamole instalado en debían con RDP a 1 pc en windows 10. Y funciona 
> bien. Aunque quisiera hacerle algunas mejoras. Por ejemplo, en la config con 
> el cliente de windows tengo que especificar el usuario y psw del usuario en 
> windows para que pueda funcionar. o sea no me llega a la pantalla de login de 
> windows para que pueda entrar por cualquier usuario local de windows. 
> 
> Y bueno lo mas importante, tengo entendido que guacamole hace recording de 
> las sesiones que se hagan. No logro hacer que esto me funcione. Cualquier 
> persona por aquí que tenga experiencia en el tema y me pueda ayudar se lo 
> agradecería.
> 
> Gracias.
> 



signature.asc
Description: OpenPGP digital signature

Re: Get the external IP address from a Linux box

2018-05-24 Thread Peter Ludikovsky 

curl https://icanhazip.com

Regards,
/peter

On 2018-05-24 08:22, André Rodier wrote:

Hello,

I am looking for a native package on Debian, that can give me the
external IP address of the machine.

So far, I used internet sites, but I am sure there is a package that do
that properly, especially if one site is unreachable.

Something I can run from the command line, and that would return the
external IP address.

Thanks.

Re: Download Manager

2017-05-08 Thread Peter Ludikovsky 
On 05/08/2017 10:19 AM, Thomas Schmitt wrote:
> The image 2.png says "91.2 MB (9,11,79,280 bytes)". Ignoring the strange
> commas in the byte number one can compute

That's probably due to the Indian numbering system[0] being used, which
groups digits above 9,999 in twos.

Regards,
/peter

[0] https://en.wikipedia.org/wiki/Indian_numbering_system



signature.asc
Description: OpenPGP digital signature

Re: Segmentation fault in top -b1 -hc

2017-05-08 Thread Peter Ludikovsky 
On 05/08/2017 11:19 AM, Valentin Bajrami wrote:
> Hi,
> 
> There is a segmentation fault when top is used as follow
> 
> top -b1 -hc
> 
> I think the args are not parsed properly.  The version used is:
> procps-ng version 3.3.10
> 
> -- 
> Met vriendelijke groet,
> 
> Valentin Bajrami

There's no package procps-ng [0].

procps is version 3.3.9 in Stable, and 3.3.12 in Testing/Unstable [1].
Update to the current version, and if the problem persists please report
the issue via the reportbug [2][3] utility.

Regards
/peter

[0] https://packages.debian.org/search?keywords=procps-ng
[1] https://packages.debian.org/search?keywords=procps
[2] https://wiki.debian.org/reportbug
[3] https://www.debian.org/Bugs/Reporting



signature.asc
Description: OpenPGP digital signature

Re: fcgiwrap systemd

2017-04-21 Thread Peter Ludikovsky 
On 04/21/2017 10:46 AM, Basti wrote:
> Hello,
> I try to use fcgiwrap on debian jessie (systemd). Now i need it as
> socket (fcgiwrap.socket) and also as tcp (fcgiwrap.service).
> As I can see it only start one of then or in other words only one is
> available .
> 
> Is there a way to start socket and service at same time?
> 
> Best Regards,
> Basti
> 

Hi!

You're mixing something up here, the Socket and the Service don't
exclude each other. Instead, the service requires the socket. systemd
can create a listening socket (defined by the fcgiwrap.socket unit) and
listen for connections to it. As soon as that happens it will spawn the
accompanying service (fcgiwrap.service) and connect the socket to it.

For more information look at the definition files in
/lib/systemd/system/fcgiwrap.{socket,service}

Regards
/peter



signature.asc
Description: OpenPGP digital signature

Re: pdf file editieren mit dicken Pinsel

2017-04-20 Thread Peter Ludikovsky 


Am 20.04.2017 um 11:17 schrieb Thomas:
> Hallo,
> ich suche ein Programm um einfach eine Zeile oder ein paar Wörter unkenntlich 
> zu machen. Bei Windows hatte ich da ein Programm und konnte einfach mit einem 
> dicken Pinsel drüber gehen.
> Hier drucke ich das aus, gehe mit einem eding drüber und scanne das wieder 
> ein. Da leidet natürlich die Bildqualität.
> Gibt es so was bei debian auch?
> Gruss Thomas
> 
inkscape sollte das können wenn einfach übermalen reicht.

Nachdem du das aber wieder einscannst nehme ich an dass die Datei dann
weiter versendet wird. Da wird einfaches übermalen nicht reichen, da
damit der Text darunter nicht gelöscht/überschrieben wird, und per
Markieren + Copy/Paste herausgeholt werden kann. Wenn du das auch
verhindern willst weiß ich keine Alternative zum analogen
Bearbeitungsschritt.

Lg
/peter



signature.asc
Description: OpenPGP digital signature

Re: Debian man pages - mechanics of creation/publication?

2017-04-19 Thread Peter Ludikovsky 
On 04/19/2017 01:40 PM, Richard Owlett wrote:
> I've an idea for something to be added to some man pages.
> It has not risen even the "wishlist bug" stage yet.
> To rise that far I have to convince myself that the modification of so
> many existing man pages could be automated.
> 
> A web search turned up very low level details but not the need overview.
> Suggestions?
> TIA

1) What do you want to do? I'm asking this because it decides whether
this change could be interesting for others or not.
2) Does it affect only Debian-specific man pages, or man pages in
general? This answer decides if the change is a relatively small one (1
or 2 packages), or if you'll have to contact every upstream project to
get the changes included.
3) For any change you want to do & submit an patch for you should read
up on groff/troff, as that syntax is the base for man.

Regards
/peter



signature.asc
Description: OpenPGP digital signature

Re: When specifying path to file - confused about ./ and ~/

2017-03-27 Thread Peter Ludikovsky 
./ - the current director, usually used when running a script from it
and it not being in the search path for executables
~/ - the current users home directory

Trying to get through an interview?

Regards,
/peter

On 03/27/2017 01:14 PM, Richard Owlett wrote:
> Please avoid trying to briefly explain.
> Please refer me to a good web page.
> I *KNOW* I'm missing something fundamental.
> A web page will either have links to whatever my underlying problem is.
> Or it will inherently use keywords for which I can search.
> Thank you.
> 
> 



signature.asc
Description: OpenPGP digital signature

Re: tor -- way OT

2017-03-18 Thread Peter Ludikovsky 
Hello,

First things first: AFAIK, just installing privoxy doesn't make it use
Tor, it just acts as a regular proxy. Visit [1] to see if you're using
Tor or not. In order to enable chaining through Tor you'll have to have
a line like
  forward-socks5/   :
An example line, as well as a documentation for it, is in
/etc/privoxy/config, starting at or around line 1238. Also there, you'll
find examples on how to exempt your local network(s), as Tor will never
be able to reach them.

Or, you could install the torbrowser-launcher[2] package, which contains
everything preconfigured for browsing.

Regards,
/peter

[1] https://check.torproject.org/
[2] https://packages.debian.org/jessie/torbrowser-launcher

Am 17.03.2017 um 19:28 schrieb Glenn English:
> I'm trying to use the Tor Browser. They don't seem to have any support
> (beyond an FAQ) on their site, so I'm asking here.
> 
> Jessie and XFCE on a Supermicro workstation connected through a T1.
> 
> I installed Tor a few days ago and it was working fine -- Gmail said
> it was having authentication problems and that I was using Firefox on
> Winders in Paris. Just what I'd hoped for.
> 
> Then I installed privoxy and set the regular browser (Firefox) to use
> it. Tor started saying it couldn't find the proxy it'd been configured
> to use. Tor hadn't been configured to do any such thing, but I looked
> at the config to make sure.
> 
> Firefox is the same -- no proxy. It used to use privoxy, but I turned it off
> 
> I removed Tor (Aptitude purge) and reinstalled (with Aptitude), and it
> connected to DuckDuckGo, Amazon, and Newegg (maybe others, I haven't
> tried). But it couldn't find the proxy when I pointed at local sites
> and the virtuals on my server (again, maybe others).
> 
> So I removed privoxy, and now Tor can't even connect to its own network.
> 
> Anybody seen this, have an idea, know a fix?? Is there some kind of
> (defective) interaction between the Tor and Firefox configs?
> 
> --
> Glenn English
> 



signature.asc
Description: OpenPGP digital signature

Re: Cepstral swift and Debian Stretch

2017-02-28 Thread Peter Ludikovsky 
Am 28.02.2017 um 13:00 schrieb Chuck Hallenbeck:
> On Tue, Feb 28, 2017 at 12:47:35PM +0100, Peter Ludikovsky wrote:
>> Am 28.02.2017 um 01:03 schrieb Chuck Hallenbeck:
>>> Hi everyone, 
>>>
>>> I'm attempting to install a tommercial TTS from Cepstral on my Debian
>>> Stretch system, and get the following when running swift:
>>>
>>> /usr/local/bin/swift: 12: exec: /opt/swift/bin/swift.bin: Exec format
>>> error
>>>
>>> My system dual-boots Debian Stretch and Arch Linux, and the same
>>> Cepstral executable, swift, runs without error on Arch, but fails with
>>> the above error on Debian, same hardware for both of course.
>>>
>>> Cepstral support was unable to help, except to say other users run it
>>> on Debian, Ubuntu, and even (gasp) Raspberry Pie. 
>>>
>>> Anybody seen this? or have a suggestion? or use it successfully?
>>>
>>> Chuck
>>
>> Can you run & post the output of
>>   ldd -r /opt/swift/bin/swift.bin
>>   uname -a
>> for both Arch and Debian?
>>
>> Regards
>> /peter
>>
> 
> Here it is:
> 
> not a dynamic executable
> 
> So, I did an ls -l and it said,
> 
> -rwxr-xr-x 1 root root 94946 Feb 28 06:41 /opt/swift/bin/swift.bin
> 
> So it's not a permission issue.
> 
> Chuck

Maybe not an permission issue. But I assume that somewhere down the line
there's a missing library on Debian, that's present on Arch. Which is
why I'd like to see the output for both.

But it's strange that file says it's an dynamically linked executable,
but ldd disputes that.

Regards
/peter



signature.asc
Description: OpenPGP digital signature

Re: Cepstral swift and Debian Stretch

2017-02-28 Thread Peter Ludikovsky 
Am 28.02.2017 um 01:03 schrieb Chuck Hallenbeck:
> Hi everyone, 
> 
> I'm attempting to install a tommercial TTS from Cepstral on my Debian
> Stretch system, and get the following when running swift:
> 
> /usr/local/bin/swift: 12: exec: /opt/swift/bin/swift.bin: Exec format
> error
> 
> My system dual-boots Debian Stretch and Arch Linux, and the same
> Cepstral executable, swift, runs without error on Arch, but fails with
> the above error on Debian, same hardware for both of course.
> 
> Cepstral support was unable to help, except to say other users run it
> on Debian, Ubuntu, and even (gasp) Raspberry Pie. 
> 
> Anybody seen this? or have a suggestion? or use it successfully?
> 
> Chuck

Can you run & post the output of
  ldd -r /opt/swift/bin/swift.bin
  uname -a
for both Arch and Debian?

Regards
/peter



signature.asc
Description: OpenPGP digital signature

Re: xfce

2017-02-03 Thread Peter Ludikovsky 
Am 03.02.2017 um 21:58 schrieb John Culleton:
> Some OS like Slackware come with an optional screen manager called
> xfce. Does Debian? If not has anyone installed anyhow with success? 

Complete description here: https://wiki.debian.org/Xfce



signature.asc
Description: OpenPGP digital signature

Re: deborphan

2016-12-01 Thread Peter Ludikovsky 
What was the output from aptitude purge? The reason I'm asking is that
aptitude usually auto-removes packages where the one removed was the
only one with dependencies.

Regards.
/peter

On 12/01/2016 12:26 PM, Rodolfo Medina wrote:
> I did a little experiment with deborphan: first I did: `aptitude install
> ', and along with it a certain number of other packages were
> installed.  Then I did: `aptitude purge ' followed by `deborphan' but
> in the output of `deborphan' none of those packages that were installed along
> with  was present.  Is that normal?
> 
> Thanks for any help,
> 
> Rodolfo
> 



signature.asc
Description: OpenPGP digital signature

Re: A full /var partition destroyed 3 hours of my life!

2016-11-14 Thread Peter Ludikovsky 
Am 15.11.2016 um 06:00 schrieb Borden Rhodes:
> I start blindly casting whatever btrfs spells I can find on the
> Internet to fix 'no space left on device' errors. One of them
> eventually works and df -h correctly reports the free space in my /var
> partition and Debian boots normally again.
> 
> My question, therefore, is whether this is a btrfs bug that got
> triggered by the full /var partition or whether Debian is designed to
> break irrecoverably when /var fills up. Any ideas of what happened?
> 

Does anything on the Debian Wiki on Btrfs [1] seem familiar? Other than
that I can only guess, but maybe check the SMART information of your
disk(s) for excessive errors, as it _could_ be that defective sectors
prevent Btrfs from doing it's COW magic.


[1] https://wiki.debian.org/Btrfs#WARNINGS



signature.asc
Description: OpenPGP digital signature

Re: mws vs metar data, nsw 1, metar 0

2016-10-18 Thread Peter Ludikovsky 
When you visit the URL it's fetching there's a notice that the service
is no longer available:
"In Accordance with NWS Service Change Notice 16-16 this service has
been discontinued."

Regards,
/peter

Am 19.10.2016 um 05:32 schrieb Gene Heskett:
> METAR is a std data format that has been used for many years. I've been 
> using a gkrellm, with its plugin gk-weather for about a decade, but I've 
> just become aware that the last time I got valid METAR data from the 
> airport about 20 miles northeast of me was on July 28th.
> 
> So as a double-chk, I installed the metar program from the wheezy repo.
> It reports:
> 
> gene@sheldon:~$ metar -v KCKB
> Retrieving URL 
> http://weather.noaa.gov/pub/data/observations/metar/stations/KCKB.TXT
> METAR pattern not found in NOAA data.
> 
> So I switched to a slightly closer airport in Buchannon wv, and get the 
> same response.
> 
> gene@sheldon:~$ metar -v KW22
> Retrieving URL 
> http://weather.noaa.gov/pub/data/observations/metar/stations/KW22.TXT
> METAR pattern not found in NOAA data.
> 
> Poking around on the NOAA.gov main site, there is no mention of it being 
> discontinued that is easily searched for.
> 
> Anybody have a light to shine on this?
> 
> Thanks everybody.
> 
> Cheers, Gene Heskett
> 



signature.asc
Description: OpenPGP digital signature

Re: Jessie (8.0) - Unexpected behavior of "MATE Terminal" after reboot

2016-09-21 Thread Peter Ludikovsky 
Hello,

Not a bug, but a feature since the first C shell release in 1978 [1],
which was copied to pretty much every shell created since (Korn
shell/ksh, Bourne again shell/bash, Z shell/zsh, …). The reason behind
it is that – since Unix predates most graphical user interfaces, and
most of the time the computers were accessed over slow modem lines – in
case of a disconnect you might want to know which commands you entered
last, and maybe re-run them with different parameters.

But really, this shouldn't influence your learning. After all, the shell
only remembers the history of entered commands, it does neither replay
those commands, nor save the state of the shell upon exit. Think of it
as kind of the URL history a browser saves. Just because the URL is
saved, it doesn't automatically load the page on startup. Depending on
the shell you're actually using, it might even be possible to
temporarily disable the shell history, akin to “Incognito Mode”.

Regards
/peter

[1] https://en.wikipedia.org/wiki/C_shell#History

On 09/21/2016 01:59 PM, Richard Owlett wrote:
> I'm learning the shell.
> I experiment with test cases in "MATE Terminal"
> The "up arrow" key is useful to recall previous command for editing.
> I hadn't expected it when I found all instances of "MATE Terminal" share
> same history.
> 
> *HOWEVER* I found that history remains after a "power off", "boot" cycle.
> That is *UNACCEPTABLE* for my purposes.
> To start FRESH was the purpose of "power off", "boot" cycle.
> 
> BUG?
> Workaround?
> 
> TIA
> 



signature.asc
Description: OpenPGP digital signature

Re: Hot swapping failed disk /dev/sda in RAID 1 array

2016-07-19 Thread Peter Ludikovsky 
Ad 1: Yes, the SATA controller has to support Hot-Swap. You _can_ remove
the device nodes by running
# echo 1 > /sys/block//device/delete

Ad 2: Depends on the controller, see 1. It might recognize the new
drive, or not. It might see the correct device, or not.

Ad 3: As long as the second HDD is within the BIOS boot order, that
should work.

Regards,
/peter

Am 19.07.2016 um 16:01 schrieb Urs Thuermann:
> In my RAID 1 array /dev/md0 consisting of two SATA drives /dev/sda1
> and /dev/sdb1 the first drive /dev/sda has failed.  I have called
> mdadm --fail and mdadm --remove on that drive and then pulled the
> cables and removed the drive.  The RAID array continues to work fine
> but in degraded mode.
> 
> I have some questions:
> 
> 1. The block device nodes /dev/sda and /dev/sda1 still exist and the
>partitions are still listed in /proc/partitions.
> 
>That causes I/O errors when running LVM tools or fdisk -l or other
>tools that try to access/scan all block devices.
> 
>Shouldn't the device nodes and entries in /proc/partitions
>disappear when the drive is pulled?  Or does the BIOS or the SATA
>controller have to support this?
> 
> 2. Can I hotplug the new drive and rebuild the RAID array?  Since
>removal of the old drive seems not to be detected I wonder if the
>new drive will be detected correctly.  Will the kernel continue
>with the old drive's size and partitioning, as is still found in
>/proc/partitions?  Will a call
> 
> blockdev --rereadpt /dev/sda
> 
>help?
> 
> 3. Alternativley, I could reboot the system.  I have called
> 
> grub-install /dev/sdb
> 
>and hope this suffices to make the system bootable again.
>Would that be safer?
> 
> Any other suggestions?
> 
> 
> urs
> 



signature.asc
Description: OpenPGP digital signature

Re: Debian Server (NAT Gateway) Periodically Crashing

2016-07-07 Thread Peter Ludikovsky 
Hi,

I don't know much about kernel debugging myself, but this looks like
something to report. Take a look at [0] on how to do that.

Regards
/peter

[0] https://www.debian.org/Bugs/Reporting

Am 07.07.2016 um 08:38 schrieb Christian Harris:
> Hello All,
> 
> I am hoping to get some help with one of my virtual machines. I am
> running a KVM host with several virtual machines provide internet
> services to a small network. The gateway machine is a Debian 8 minimum
> install that was updated to 8.5.
> 
> user1@gateway:~# sudo lsb_release -da
> No LSB modules are available.
> Distributor ID: Debian
> Description:Debian GNU/Linux 8.5 (jessie)
> Release:8.5
> Codename:   jessie
> user1@gateway:~# sudo uname -a
> Linux gateway 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08)
> x86_64 GNU/Linux
> 
> Minimal additional packages are installed, only enough to support a NAT
> gateway.
> 
> Periodically, the vm experiences a kernel Oops and crashes, taking down
> internet access for the network. This is the only vm that is crashing,
> the other VMs (based off the same minimal install, updated to 8.5,
> minimum software installs) have uptimes of 100+ days. This VM seems to
> crash every few weeks.
> 
> I managed to somewhat stabilize the internet connection by enabling
> crash dumps and automatic reboots with instructions from here:
> https://www.bentasker.co.uk/documentation/linux/312-installing-and-configuring-kdump-on-debian-jessie
> 
> All is well as mostly. The machines reboots after a crash dump, so there
> is minimum impact to the network. But occasionally, the PPPOE fails to
> redial after a reboot :-<  Aside from the PPPOE issue, I figured I would
> try to get to the root of why the vm is crashing to begin with. However,
> I am not developer and have no idea how to interpret the crash dump. As
> much as I can tell, there swapper/0  process caused the dump with
> instruction put_page+5. I have no idea what that means.
> 
> Any assistance as to why this host is crashing would be helpful. The
> only thing this host is doing is serving as a NAT gateway. I have having
> no problems with any other VMs with the same basic OS load.
> 
> As a start, I at least got the log and bt from the crash dump. I can
> provide additional crash info if needed (and givent he commands).
> 
> user1@gateway:/var/crash/201607040851# sudo crash kernel_link
> dump.201607040851
> ...version info removed...
>   KERNEL: kernel_link 
> DUMPFILE: dump.201607040851  [PARTIAL DUMP]
> CPUS: 1
> DATE: Mon Jul  4 08:51:23 2016
>   UPTIME: 4 days, 13:17:27
> LOAD AVERAGE: 0.00, 0.01, 0.05
>TASKS: 67
> NODENAME: gateway
>  RELEASE: 3.16.0-4-amd64
>  VERSION: #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08)
>  MACHINE: x86_64  (1596 Mhz)
>   MEMORY: 2 GB
>PANIC: "Oops:  [#1] SMP " (check log for details)
>  PID: 0
>  COMMAND: "swapper/0"
> TASK: 8181a460  [THREAD_INFO: 8180]
>  CPU: 0
>STATE: TASK_RUNNING (PANIC)
> 
> crash> bt
> PID: 0  TASK: 8181a460  CPU: 0   COMMAND: "swapper/0"
>  #0 [88007fc039c8] machine_kexec at 8104c0a2
>  #1 [88007fc03a18] crash_kexec at 810df7da
>  #2 [88007fc03ad8] oops_end at 81016228
>  #3 [88007fc03af8] no_context at 8150b172
>  #4 [88007fc03b38] __do_page_fault at 810571c0
>  #5 [88007fc03c30] async_page_fault at 81516a58
> [exception RIP: put_page+5]
> RIP: 8114a935  RSP: 88007fc03ce8  RFLAGS: 00010206
> RAX: 0030  RBX: 88007974f4c0  RCX: 7974f400
> RDX:   RSI: fe01  RDI: 
> RBP: 0001   R8: 8000   R9: 880036c500b0
> R10: 6db6db6db6db6db7  R11: 1600  R12: 880079a35d00
> R13: 0049  R14: 88007974f220  R15: 88007971bb00
> ORIG_RAX:   CS: 0010  SS: 0018
>  #6 [88007fc03ce0] ip_finish_output2 at 81459756
>  #7 [88007fc03d20] ip_fragment at 8145a1c8
>  #8 [88007fc03d98] ip_finish_output at 8145a9d4
>  #9 [88007fc03dd8] __netif_receive_skb_core at 8141f1a3
> #10 [88007fc03e28] netif_receive_skb_internal at 8141f42f
> #11 [88007fc03e48] virtnet_poll at a00375aa [virtio_net]
> #12 [88007fc03ed0] net_rx_action at 8141f7b0
> #13 [88007fc03f20] __do_softirq at 8106c6a1
> #14 [88007fc03f78] irq_exit at 8106ca75
> #15 [88007fc03f80] do_IRQ at 81517822
> ---  ---
> #16 [81803e48] ret_from_intr at 8151566d
> [exception RIP: native_safe_halt+2]
> RIP: 81051c12  RSP: 81803ef0  RFLAGS: 0246
> RAX: 8101c8b0  RBX: 0086  RCX: 81855220
> RDX:   RSI:   RDI: 
> RBP:

Re: Bash command completion

2016-07-06 Thread Peter Ludikovsky 
No, chsh changes the login shell for the user within /etc/passwd. It
won't affect any currently active shells.

What happens when you do an
  /bin/bash --login
That should start a login shell. If you still only get the tab
character, check if you've got the line
  set -o vi
in /etc/profile, /etc/bash*, ~/.profile, or ~/.bash* anywhere.

Am 07.07.2016 um 07:14 schrieb Glenn English:
> 
>> On Jul 6, 2016, at 10:38 PM, Peter Ludikovsky <pe...@ludikovsky.name> wrote:
>>
>> After an chsh, you have to log out & in again.
> 
> I thought of that -- I logged out and back in, no joy. I rebooted, same thing.
> 
> I wasn't too surprised. I assumed that rebooting the machine would just put 
> stuff back the way it was. And that the problem was with the scripts in the 
> user directories.
> 
> That wasn't it, and I was working on the wrong things. Lisi's insight led me 
> to this afternoon's solution. And deloptes came up with another very 
> interesting thought (which I haven't investigated yet).
> 
> Does chsh change things for good -- in passwd or in a shell var or a link? I 
> thought it just started a shell, as if it was just starting a new program.
> 



signature.asc
Description: OpenPGP digital signature

Re: Bash command completion

2016-07-06 Thread Peter Ludikovsky 
After an chsh, you have to log out & in again.

Am 07.07.2016 um 00:17 schrieb Glenn English:
> 
>> On Jul 6, 2016, at 4:06 PM, Lisi Reisz  wrote:
>>
>> So have you followed the suggestion to test whether it is in fact bash that 
>> you are in fact using?
> 
> Yes. And I wasn't -- it was dash.
> 
> So I:
> 
> 'chsh -s /bin/bash'
> 'ls Do\t'
> 
> and got a tab.
> 
>> lisi@Tux-II:~$ echo $SHELL
>> /bin/bash
>> lisi@Tux-II:~$
> 
> I'll try your codelet. Before and after chsh...
> 



signature.asc
Description: OpenPGP digital signature

Re: proper way to handle NFS for laptop ?

2016-05-18 Thread Peter Ludikovsky 
autofs will handle both issues just fine.
1. autofs disconnects a mount if there hasn't been any activity for a
certain amount of time (default 5 minutes).
2. see above

A distributed filesystem might create even more problems, as you'll have
to re-sync with the other nodes on reconnect, which -- in the worst case
-- might mean syncing almost everything.

Regards,
/peter

Am 18.05.2016 um 17:24 schrieb bri...@aracnet.com:
> The obvious issues:
> 
> 1 after sleeping the NFS connection is lost and takes a very long time to 
> re-establish.  I was under the impression that systemd or 
> -whatever-handles-sleeping- would unmount/remount the filesystem to avoid 
> this , but apparently that's not the case.  Potentially  I can fix this with 
> some sort of sleep-wake script hackery.
> 
> 2 disconnecting the laptop from the network will obviously cause problems.
> 
> The standard suggestion is to use autofs,but I'm unclear as to whether that 
> will handle case 2.  I'm actually not clear on whether or not it will handle 
> case 1, and in fact have found some discussions that it does NOT.
> 
> The other possibility is to use a distributed filesystem on the laptop.  I 
> actually like that idea the best, but I'm unsure what is available on Debian.
> 
> I looking for some suggestions/recommendations.
> 
> Thank you.
> 



signature.asc
Description: OpenPGP digital signature

Re: /etc/init.d/networking does not start everything in /etc/network/interfaces

2016-05-17 Thread Peter Ludikovsky 
In /etc/network/interfaces change
allow-hotplug eth1
to
auto eth1

Regards,
/peter

Am 17.05.2016 um 14:05 schrieb Gene Heskett:
> Greetings all;
> 
> 32 bit Debian wheezy, updated at least daily.
> 
> This fact was brought to my attention because I needed a path to a router 
> I needed to do a hard reset on, and reconfigure to do my stuff, but my 
> normal home network isn't on the usual 192.168.1.1 class C, and a hard 
> reset puts the router back to the 1.1 address.
> 
> So in order to use eth1 as a path to this router, I have to do a separate
> 
> sudo ifconfig eth1 up
> 
> as a sudo service networking restart will not restart the second eth1 
> stanza in my interfaces file, starting only eth0.
> 
> Normally the interface is not even graced with a cat5 in the socket, and 
> ATM it is but the far end of 5 feet of cat5 is laying on the floor.
> 
> Is it possible to make this init.d/networking script start everything it 
> finds in the interfaces file?
> 
> Cheers, Gene Heskett
> 



signature.asc
Description: OpenPGP digital signature

Re: Creating a home network

2016-05-11 Thread Peter Ludikovsky 
Not really broke. Eg. the BananaPi Router board comes in at about €75,
with 5 Gb interfaces (4 switched) and a 2.5" SATA connector, and runs a
minimally adapted Debian called Bananian. Add to that a small powered
USB hub, starting at about €10, and some cables, and your total should
be at around €100.

As for required reading:
* Samba
* autofs and/or udev to automagically export USB devices via Samba
Can't tell you what to do about the USB Hotspot, never used one of those.

Regards
/peter

Am 11.05.2016 um 16:32 schrieb Richard Owlett:
> Underlying question: What should I be reading?
> 
> I wish a blackbox which:
> 
> 1. Connects 4 local machines via Ethernet [WiFi shall *NOT* be considered]
> A. A desktop with WinXP and multiple versions of Debian
> B. A laptop with WinXP Pro SP3 whose reason for existence is running
> SeaMonkey.
>Historically it is/was my primary machine. Its future is as a
> portable.
> C. A laptop dedicated to Linux experiments. I have erased the HDD as
> many as
>ten times in one week ;/
> D. Misc temporarily connected laptops.
> 2. It shall provide multiple USB ports in order that a selection of
> flash dives
> and a 1 TB HDD can be accessed by any machine.
> 3. It *SHALL* connect to the internet via a T-Mobile 4G Hotspot Z915
> connected
> via USB. The WiFi features have been disabled. I really wanted a USB
> cell network
> modem. The local T-Mobile outlet was only vendor that didn't try
> assaulting me with
> their 'smartphone-du-jour' with an atrociously large data plan. this
> connection
> shall be protected by a firewall.
> 
> How broke will I be?
> TIA
> 
> 



signature.asc
Description: OpenPGP digital signature

Re: Zero filling my HDD before installation

2016-05-02 Thread Peter Ludikovsky 
Hi,

1) You might want to use "Reply to list", so that all readers can see
your answer.
2) Unneeded files are gone, as soon as you format the disk. Same for any
malware, aside from the fact that Windows malware won't run on Linux
anyway. The only thing possible would be people recovering date from
unused blocks, and that is easily mitigated by encrypting the disk if
you're concerned enough. At least with dm-crypt and luks _all_ sectors
are encrypted, no matter if used or not.

Regards,
/peter

Am 02.05.2016 um 17:50 schrieb Ralph Sanchez:
> Heqamilus --- Not an expert, but I've worked with Kali and Backtrack
> for quite a while from USB live boot and figure, if I didn't kill
> myself virtually while perm logged in as a root user, I should be okay
> switching to debian. Plus it's more secure, to me, and better as far
> as apt-get programs and what not, imho from research.
> 
> My laptop is two years old, an ASUS model with 280 gig HDD, 4 g ram,
> intel I forget processor lol
> 
> NO DVD OR CD DRIVE
> 
> and your saying it will allow me an option for encryption and random
> fill before, during or after install??
> 
> 
> Peter _ I have multiple reasons to want to sanitize and zero or random
> fill my hdd. Multiple copies of unneeded files, things I don't want
> people accessing if they would get through my sec, possibilities of
> malware/viruses/keyboard logging, etc that will continue to effect my
> system. I want a fresh start. And I know you can't be 100% sure,
> unless you initiate multiple passes and try to recover your disk using
> another system to check, still not 100% sure but better then blind
> trust.
> 
> On Mon, May 2, 2016 at 11:41 AM, Peter Ludikovsky <pe...@ludikovsky.name> 
> wrote:
>> Hello & welcome to Linux!
>>
>> To be honest, I haven't found a good reason to zero any media, unless I
>> was decommissioning it and/or selling it. When you create a new file
>> system on installation, any new information will overwrite the old one.
>> And as soon as it's created, the old file system won't be able to
>> interfere with the system anymore.
>>
>> Besides, with SSDs and some newer HDDs, you can't be sure that there
>> won't be something left over in a block that was marked defect and isn't
>> accessed anymore.
>>
>> Regards,
>> /peter
>>
>> Am 02.05.2016 um 17:00 schrieb CD Lexi:
>>> Hey everyone. I'm currently looking to switch to Debian from Windows. I
>>> used to love windows, but with every upgrade it seems I lose privacy,
>>> control and honestly functionality. Sure, there's a lot more I can, if
>>> that wasn't mitigated by what windows wants me to do at the time. I
>>> should have never even moved on to 10...constantly interrupting or
>>> flogging my system to ask me to upgrade in the middle of sensitive work
>>> should have been my tip offI digress...
>>>
>>> My question is this: I know what Zero and Random fills do to a drive, I
>>> run them on every USB and Sd/MSD card I buy or retrieve, and everytime I
>>> repurpose them. But I've never done this to a HDD and my laptop is my
>>> only accessible PC aside from my Galaxy S6. I've backed up all my
>>> important documents to multiple cloud locations, so I'm not worried
>>> about losing user data. I'm just wandering, is it safe to Zero Fill an
>>> HDD before installing Debian from a USB ISO? I know I can boot to the
>>> ISO and Zero or Random Fill, or other sani methods from the USB Booted
>>> Debian, but will doing this to my hard drive stop me from being able to
>>> install from the USB to the HDD? I guess because I've never really
>>> messed with the BIOS in windows, aside from neccisity, I'm just worried
>>> if I zero fill and for some reason my laptop reboots before the new
>>> install, it won't boot from the USB anymore and thus make me have to
>>> find another computer from which to install DB. This is probably a
>>> rookie question, but better safe then sorry with my first full HDD
>>> sanitzation. Thanks!!!
>>>
>>



signature.asc
Description: OpenPGP digital signature

Re: Zero filling my HDD before installation

2016-05-02 Thread Peter Ludikovsky 
Hello & welcome to Linux!

To be honest, I haven't found a good reason to zero any media, unless I
was decommissioning it and/or selling it. When you create a new file
system on installation, any new information will overwrite the old one.
And as soon as it's created, the old file system won't be able to
interfere with the system anymore.

Besides, with SSDs and some newer HDDs, you can't be sure that there
won't be something left over in a block that was marked defect and isn't
accessed anymore.

Regards,
/peter

Am 02.05.2016 um 17:00 schrieb CD Lexi:
> Hey everyone. I'm currently looking to switch to Debian from Windows. I
> used to love windows, but with every upgrade it seems I lose privacy,
> control and honestly functionality. Sure, there's a lot more I can, if
> that wasn't mitigated by what windows wants me to do at the time. I
> should have never even moved on to 10...constantly interrupting or
> flogging my system to ask me to upgrade in the middle of sensitive work
> should have been my tip offI digress...
> 
> My question is this: I know what Zero and Random fills do to a drive, I
> run them on every USB and Sd/MSD card I buy or retrieve, and everytime I
> repurpose them. But I've never done this to a HDD and my laptop is my
> only accessible PC aside from my Galaxy S6. I've backed up all my
> important documents to multiple cloud locations, so I'm not worried
> about losing user data. I'm just wandering, is it safe to Zero Fill an
> HDD before installing Debian from a USB ISO? I know I can boot to the
> ISO and Zero or Random Fill, or other sani methods from the USB Booted
> Debian, but will doing this to my hard drive stop me from being able to
> install from the USB to the HDD? I guess because I've never really
> messed with the BIOS in windows, aside from neccisity, I'm just worried
> if I zero fill and for some reason my laptop reboots before the new
> install, it won't boot from the USB anymore and thus make me have to
> find another computer from which to install DB. This is probably a
> rookie question, but better safe then sorry with my first full HDD
> sanitzation. Thanks!!!
> 



signature.asc
Description: OpenPGP digital signature

Re: [ A little off topic] Best e-mail client for Android

2016-04-12 Thread Peter Ludikovsky 
Reference: https://en.wikipedia.org/wiki/K-9_%28Doctor_Who%29

Am 12.04.2016 um 02:40 schrieb li...@rickv.com:
> On Mon, Apr 11, 2016 at 04:44:50PM +0200, Siard wrote:
>> Byung-Hee HWANG:
>> I really hate K9-Mail's logo.
>> Looks like a severely battered blind dog.
>> That's why I go for Kaiten.
> 
> Glad you said that -- I don't like the dog either. I don't get the
> reference, so Kaiten's postbox makes more sense.
> I bought Kaiten too, but after it stopped getting updates and support, I
> switched back to K-9. You know in a lot of ROMs and I think even
> launchers, you can change an app's icon? That's what I do; install both
> apps; change K-9's app icon to use Kaiten's icon; uninstall Kaiten but
> keep the icon with K-9. 100% cosmetic stupidity, but it makes me
> slightly happier.
> 



signature.asc
Description: OpenPGP digital signature

Possible bug, unsure of where to report against

2016-03-29 Thread Peter Ludikovsky 
Hello,

I'm currently experimenting with a VM running Debian 8 on top of a ZFS
root, and noticed a kernel panic occurring on shutdown. The bug happens
only when
* /boot (ext3) is mounted
* the machine is shutting down
It does not happen when
* /boot is unmounted OR
* the machine is rebooting

My question is: against which package should I report this bug?
linux-image? e2fslibs/e2fsprogs? systemd? Something else?

Regards,
/peter



signature.asc
Description: OpenPGP digital signature

Re: iceape availability

2016-02-25 Thread Peter Ludikovsky 
That is more than risky.
1) Iceape is EOL since 2013: https://www.debian.org/security/2013/dsa-2819
2) While Ubuntu is based on Debian, there's (sometimes) a huge
difference in the software releases shipped:
  * libc6: 2.11 (Debian 6) vs. 2.21 (Ubuntu 15.10)
  * libssl: 0.9.8o vs. 1.0.2d
  * libgtk: 2.20.1 vs 2.24.28
  So there's a good chance iceape won't even install, and if it does,
you might experience strange behaviour, or nothing at all.

Regards,
/peter

Am 25.02.2016 um 16:27 schrieb Bret Busby:
> On 25/02/2016, Peter Ludikovsky <pe...@ludikovsky.name> wrote:
>> Hello,
>>
>> Yes, and no. You can run `apt-get -d install iceape`, and it will
>> download the package, and the missing dependencies, to
>> /var/cache/apt/archives/. However, if you want to install something on a
>> machine without internet access you might be better off with apt-medium
>> [1], although I never used that.
>>
>> And I'm sorry, but I don't understand your second question. I assume
>> that you think that the security repository is independent of the
>> others, but that's not so. A Debian installation usually uses 3
>> repositories together:
>> * A "base" repo, containing the release packages
>> * A "security" repo, containing security fixes for those packages
>> * An "updates" repo that serves updates for non-security relevant bugs
>>
>> As always, we might be able to better help you if you can give us a
>> description of what you want to do.
>>
>> Regards,
>> /peter
>>
>> Am 25.02.2016 um 09:32 schrieb Bret Busby:
>>> On 25/02/2016, Peter Ludikovsky <pe...@ludikovsky.name> wrote:
>>>> Hello,
>>>>
>>>> Searching for a single .deb & trying to install that is the way
>>>> proprietary systems handle it. With Debian, and most other Linux
>>>> distros, there's repositories, and tools to handle dependencies. Open a
>>>> command line / terminal and enter
>>>> sudo apt-get install iceape
>>>>
>>>> It will pull iceape, and all dependencies, from the Debian repos, and
>>>> install them.
>>>>
>>>> Updates are handled similarily.
>>>>
>>>> Regards,
>>>> /peter
>>>>
>>>> Am 25.02.2016 um 07:08 schrieb Bret Busby:
>>>>> Hello.
>>>>>
>>>>> I searched for a .deb package, for iceape, so that I could download
>>>>> the package for the iceape suite, to try to install it.
>>>>>
>>>>> Ahat I found, is apparently submerged in a "security pool".
>>>>>
>>>>> I found that what is apparently provided as the iceape suite .deb
>>>>> package, is just something that has endless unsatisfiable
>>>>> dependencies.
>>>>>
>>>>> Is an installable .deb package for the iceape suite, available?
>>>>>
>>>>
>>>>
>>>
>>> Is there a way (a switch for the apt-get command?) to download all of
>>> the dependencies? I have looked at man apt-get, and, that has an
>>> option "download" (as opposed to install or find), but I could not
>>> find, from the man entry for apt-get, how to download the package and
>>> all of its dependencies; that is, to download the particular package,
>>> and, its dependency packages, so that they can be stored, and,
>>> installed (or, tried to be installed) on different systems as wanted.
>>>
>>> Also, does a means exist, for specifying a particular repository for
>>> only the particular instantiation of the command, so that, for
>>> example, as iceape is only in the security pool repository, to specify
>>> only for the installation of iceape (or, if it can be done, for the
>>> download of iceape and its dependencies, to a directory on the
>>> computer), the particular repository path?
>>>
>>>
>>
>>
> 
> Okay.
> 
> Explicitly, what I want to try to do, and, the reason that I want to
> know whether the repository can be specified for only, and, limited
> to, a single instantiation of a download or install command,  is to
> try to install iceape on a Ubuntu installation.
> 
> iceape has functionality that seamonkey does not have, and, the
> specific functionality that I want, is the primary reason for me
> wanting to try this.
> 
> I do not know whether iceape and seamonkey can be concurrently
> installed on the same system.
> 
> With the LTS for Debian 6 (which I believe to be the latest version
> operating system for which iceape is an available package), due to end
> on Monday, I want to try an installation on a system, to install
> iceape on a new installation of UbuntuMATE 15.10, so that I would
> install UbuntuMATE on the system, and then try to install iceape.
> 



signature.asc
Description: OpenPGP digital signature

Re: iceape availability

2016-02-25 Thread Peter Ludikovsky 
Hello,

Yes, and no. You can run `apt-get -d install iceape`, and it will
download the package, and the missing dependencies, to
/var/cache/apt/archives/. However, if you want to install something on a
machine without internet access you might be better off with apt-medium
[1], although I never used that.

And I'm sorry, but I don't understand your second question. I assume
that you think that the security repository is independent of the
others, but that's not so. A Debian installation usually uses 3
repositories together:
* A "base" repo, containing the release packages
* A "security" repo, containing security fixes for those packages
* An "updates" repo that serves updates for non-security relevant bugs

As always, we might be able to better help you if you can give us a
description of what you want to do.

Regards,
/peter

Am 25.02.2016 um 09:32 schrieb Bret Busby:
> On 25/02/2016, Peter Ludikovsky <pe...@ludikovsky.name> wrote:
>> Hello,
>>
>> Searching for a single .deb & trying to install that is the way
>> proprietary systems handle it. With Debian, and most other Linux
>> distros, there's repositories, and tools to handle dependencies. Open a
>> command line / terminal and enter
>> sudo apt-get install iceape
>>
>> It will pull iceape, and all dependencies, from the Debian repos, and
>> install them.
>>
>> Updates are handled similarily.
>>
>> Regards,
>> /peter
>>
>> Am 25.02.2016 um 07:08 schrieb Bret Busby:
>>> Hello.
>>>
>>> I searched for a .deb package, for iceape, so that I could download
>>> the package for the iceape suite, to try to install it.
>>>
>>> Ahat I found, is apparently submerged in a "security pool".
>>>
>>> I found that what is apparently provided as the iceape suite .deb
>>> package, is just something that has endless unsatisfiable
>>> dependencies.
>>>
>>> Is an installable .deb package for the iceape suite, available?
>>>
>>
>>
> 
> Is there a way (a switch for the apt-get command?) to download all of
> the dependencies? I have looked at man apt-get, and, that has an
> option "download" (as opposed to install or find), but I could not
> find, from the man entry for apt-get, how to download the package and
> all of its dependencies; that is, to download the particular package,
> and, its dependency packages, so that they can be stored, and,
> installed (or, tried to be installed) on different systems as wanted.
> 
> Also, does a means exist, for specifying a particular repository for
> only the particular instantiation of the command, so that, for
> example, as iceape is only in the security pool repository, to specify
> only for the installation of iceape (or, if it can be done, for the
> download of iceape and its dependencies, to a directory on the
> computer), the particular repository path?
> 
> 



signature.asc
Description: OpenPGP digital signature

Re: iceape availability

2016-02-24 Thread Peter Ludikovsky 
Hello,

Searching for a single .deb & trying to install that is the way
proprietary systems handle it. With Debian, and most other Linux
distros, there's repositories, and tools to handle dependencies. Open a
command line / terminal and enter
sudo apt-get install iceape

It will pull iceape, and all dependencies, from the Debian repos, and
install them.

Updates are handled similarily.

Regards,
/peter

Am 25.02.2016 um 07:08 schrieb Bret Busby:
> Hello.
> 
> I searched for a .deb package, for iceape, so that I could download
> the package for the iceape suite, to try to install it.
> 
> Ahat I found, is apparently submerged in a "security pool".
> 
> I found that what is apparently provided as the iceape suite .deb
> package, is just something that has endless unsatisfiable
> dependencies.
> 
> Is an installable .deb package for the iceape suite, available?
> 



signature.asc
Description: OpenPGP digital signature

Re: Cannot install Mono Develop on Debian

2016-02-21 Thread Peter Ludikovsky 
Hello,

Does it work using the standard way for Debian?
# apt-get install monodevelop

Since with the first way you already verified it's in the
repositories, why go the proprietary way of things, instead of using
the power of Linux distributions?

Regards
/peter

Am 21.02.2016 um 20:49 schrieb johny jj2:
> Hello,
> 
> I cannot install Mono Develop on Debian.
> 
> * First way
> 
> Package downloaded from here 
> (https://packages.debian.org/jessie/all/monodevelop/download) does
> not work because of this error:
> 
> Cannot install 'libglade2.0-cil'.
> 
> The details (Lintian output) were as follows:
> 
> W: monodevelop: debian-news-entry-has-unknown-version 0.18.1-1 E:
> monodevelop: debian-copyright-file-uses-obsolete-national-encoding
> at line 23 W: monodevelop: manpage-has-errors-from-man 
> usr/share/man/man1/mdtool.1.gz 104: warning: macro `/'' not
> defined E: monodevelop: menu-icon-not-in-xpm-format 
> usr/share/icons/hicolor/scalable/apps/monodevelop.svg W:
> monodevelop: script-not-executable 
> usr/lib/monodevelop/AddIns/MonoDevelop.Autotools/templates/autogen.sh.template
>
> 
W: monodevelop: script-not-executable
> usr/lib/monodevelop/AddIns/MonoDevelop.Autotools/templates/configure.template
>
> 
W: monodevelop: script-not-executable
> usr/lib/monodevelop/AddIns/MonoDevelop.Autotools/templates/exe.wrapper.in.template
>
> 
W: monodevelop: executable-not-elf-or-script
> usr/lib/monodevelop/AddIns/MonoDevelop.XmlEditor/schemas/appconfig.xsd
>
> 
W: monodevelop: executable-not-elf-or-script
> usr/lib/monodevelop/AddIns/MonoDevelop.XmlEditor/schemas/XMLSchema.xsd
>
> 
W: monodevelop: executable-not-elf-or-script
> usr/lib/monodevelop/AddIns/MonoDevelop.XmlEditor/schemas/W3C-License.html
>
> 
W: monodevelop: executable-not-elf-or-script
> usr/lib/monodevelop/AddIns/MonoDevelop.XmlEditor/schemas/xslt.xsd 
> W: monodevelop: executable-not-elf-or-script 
> usr/lib/monodevelop/AddIns/MonoDevelop.XmlEditor/schemas/nant.xsd 
> W: monodevelop: executable-not-elf-or-script 
> usr/lib/monodevelop/AddIns/MonoDevelop.AspNet/Schemas/readme.txt W:
> monodevelop: executable-not-elf-or-script 
> usr/lib/monodevelop/AddIns/MonoDevelop.XmlEditor/schemas/manifest.xsd
>
> 
W: monodevelop: executable-not-elf-or-script
> usr/lib/monodevelop/AddIns/MonoDevelop.XmlEditor/schemas/readme.txt
>
> 
W: monodevelop: executable-not-elf-or-script
> usr/lib/monodevelop/AddIns/MonoDevelop.AspNet/Schemas/W3C-License.html
>
>  Lintian finished with exit status 1
> 
> * Second way
> 
> These three commands 
> (http://www.mono-project.com/docs/getting-started/install/linux/#debian-ubuntu-and-derivatives)
>
> 
worked so my package repository was updated. But then thing described in
> 'Usage' section did not:
> 
> root@myusername:~# sudo apt-get install mono-devel Reading package
> lists... Done Building dependency tree Reading state information...
> Done Some packages could not be installed. This may mean that you
> have requested an impossible situation or if you are using the
> unstable distribution that some required packages have not yet been
> created or been moved out of Incoming. The following information
> may help to resolve the situation:
> 
> The following packages have unmet dependencies: mono-devel :
> Depends: libgdiplus (>= 2.6.7) but it is not going to be installed 
> Depends: libmono-system-design4.0-cil (>= 1.0) but it is not going
> to be installed Depends: libmono-system-drawing4.0-cil (>= 3.0.6)
> but it is not going to be installed Depends:
> libmono-system-messaging4.0-cil (>= 2.10.1) but it is not going to
> be installed Depends: libmono-system-runtime4.0-cil (>= 2.10.1) but
> it is not going to be installed Depends:
> libmono-system-servicemodel-activation4.0-cil (>= 1.0) but it is
> not going to be installed Depends:
> libmono-system-servicemodel-web4.0-cil (>= 3.2.1) but it is not
> going to be installed Depends: libmono-system-servicemodel4.0a-cil
> (>= 3.2.3) but it is not going to be installed Depends:
> libmono-system-web-extensions4.0-cil (>= 2.10.3) but it is not
> going to be installed Depends: libmono-system-web-services4.0-cil
> (>= 1.0) but it is not going to be installed Depends:
> libmono-system-web4.0-cil (>= 2.10.3) but it is not going to be
> installed Depends: libmono-system-windows-forms4.0-cil (>= 1.0)
> but it is not going to be installed Depends: libmono-cil-dev (=
> 4.2.2.30-0xamarin2) but it is not going to be installed E: Unable
> to correct problems, you have held broken packages.
> 
> Similar thing for the second package in 'Usage'.
> 
> How to install Mono Develop (for C# development of Android apps)
> on Debian Linux?
> 
> Thank you!



signature.asc
Description: OpenPGP digital signature

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

2016-02-17 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

More or less. What I wouldn't agree with is locking the root account
completely, because, like Thomas said, you'll be locked out should you
ever be dropped to a rescue shell due to an hardware error.

Regards,
/peter

Am 17.02.2016 um 15:56 schrieb Tom Browder:
> On Wed, Feb 17, 2016 at 8:23 AM, Peter Ludikovsky
> <pe...@ludikovsky.name> wrote:
>> -BEGIN PGP SIGNED MESSAGE-
> ...
> 
> Thanks, Peter.  Do you agree with Darac's solution?
> 
> Best,
> 
> -Tom
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWxJEkAAoJEM+6Ng5pbtyZgCAP/2a9hxEmLEFwaMTdR4+EwTso
ZAMjRtrVGGMg/scVy5OFit5VLgsyAlv3bOvG2xoyOCN2C7b8TGQ0I5KIC4ycA3fI
hK1tKCiifm3hsJHjhFAy0QghlykxKuaBqY1/k2cDC4ZtfOdFlvPe15ngaL5JqCP2
PEbCgYU5hDeG0IdMw+t979DizWmPb/YtrJwB7r5o6cDUdxcApANVgLle5sI+FdUs
+kVy7OELKT+vNFwXupwL8AvuIT/igE2irHm8OvChHXg8BUQ3tbmVqGGIaU6KjZuE
UYEK2R75X4XgrewF4PpQPMy+WbKzjBi7ezOp6bXzZ3U0JN8VdIuZ9WSMTE7kTdQB
gMHVCQzch/VsRHbZ4DvHtL/rOhPl0JC40xDwcci8I+ua1jcoRJ1doyRNxu5nzdlV
itA1qcojPpj/50RsLELzsL140pg6y9Ne1KCV2jw+bJ9WrXZm2Ak7aJ8oYa5UcRUS
YJGW85SiKINmFq3Y05AHkQYU/fSqb2EkGkJBUKwVTchZe57h2vkggH3HlpS63cMr
zUKQEo2JfrenvvvkJdXKuA2MOks9xITlSbApKV/vkhgdjx6xPYv6+OuRvhZg/QhJ
8cuCSukwOpAKVhElXEIpRs5/yZFxyZ/B07yWRmjBT0PEpBFtfkH4FnSc5m6X78SQ
F9zUUMtJ/QWehfi6l3p8
=i2K+
-END PGP SIGNATURE-

Re: Debian security: need recipe for blocking root ssh access AND all ssh password access

2016-02-17 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

The first requirement is simple. Add the line
  PermitRootLogin no
or change it accordingly, and reload the SSH daemon.

For the second: do you want to disallow any logins via passwords, or
are the to be allowed once to set up the keys? The first is easy, with
the line
  PasswordAuthentication no
The latter isn't possible, as far as I know, with the vanilla OpenSSH
daemon.

Regards,
/peter

Am 17.02.2016 um 15:08 schrieb Tom Browder:
> I have several remote Debian 7 servers and would like to secure it
> in the following manner:
> 
> 1. root will not be allowed any external access (access is only via
> a user becoming root while logged in)
> 
> 2. after initial setup, no ssh access will be allowed via a
> password
> 
> I have seen much documentation on securing such a host, but I
> don't want to be an expert--I just need a recipe.
> 
> Many thanks.
> 
> Best regards,
> 
> -Tom
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWxIJrAAoJEM+6Ng5pbtyZc1gP/jjPfucXz7DvaGuAOmiSeKof
rBcS+oTU4znY57+whr0cNW+douaH/f7d7Vwcun5b3IUA1EUFHC9G74/CR4bU3XbD
aEKeBGIF6eUVw6jE0Sh5aFs6D+AoFePZKurs173azjfgFcveynYv3eSbzWk/e60U
KgRwtoSRLQu3wKZLJh/lR4/Ukx+spEvGzGvtc3PdkioT79u3OxdSw/FFm8r0N4qH
ifcX2R6hE4HsoVM3QMbEIxhiwbs63+j8Mu0ASfagLsPi1MqKBfLg5Iy1JeV5d1ND
plrDFaSRrzfJqNqO8nxwtUxji9ruQ1XkBo3DvdmXc/ZwOiJzNSCM/wvHuTupCq1x
gn3WfCEKryAZEmUx092CYFtbTLZ2Bu3A0vOHeFdiC2qGNqB85dicmhpMoouAnzq4
NaWDLJHXB8zdkvUL+zRIkoqACH8sBohogrqbnQAXCtJ+9LRqANdlvKs+F2Dp0eGE
GNIU3cscy6RtXYUDVFRFFgwp4oLOx3fE7Lv8EEV8o38KE7v712aNqzsCn8VuirWq
KHSoeUPTtD9o/0z4EOXRbMtwEPDgQjsUOHNPR73YNO/EJluNRA7JJ6E2aIkNTF8f
RwoWD9GhSi1CKzATn9GuaikejrpVGIFfSvdirVDgTOcuW82wfPiL1yyBhw6Kr2Y4
alA2W8K9y7InpEC1I/Ik
=S5IF
-END PGP SIGNATURE-

Re: L7 filter and iptables Problem

2015-12-01 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

According to to project site [0] there hasn't been any real
development since 2013, which was a patch against the 2.6 kernel line.
That kernel line is out of support since mid-2015.

I'm afraid the string matching module would be your best bet for now.

Regards,
/peter

[0] http://l7-filter.clearos.com/

Am 01.12.2015 um 08:56 schrieb Muhammad Yousuf Khan:
> Hello,
> 
> i am using  Debian jessie and I have been trying to work with L7
> filter to block p2p but its not working
> 
> iptables -I FORWARD -m layer7 --l7proto bittorrent -j DROP iptables
> v1.4.21: Couldn't load match `layer7':No such file or directory
> 
> Try `iptables -h' or 'iptables --help' for more information.
> 
> can you guys Please help.  string match with ip tables is easy but
> i am looking to use L7 filter on jessie. all the how-tos are out
> dated. example kernel patch etc.
> 
> Please help.
> 
> Thanks, Yousuf
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWXd4OAAoJEM+6Ng5pbtyZAd8P/3vM3gVfiaUcVVdxsNPkRIzb
NddWvxnWwYp4DNCHRj5sKAJ4X5DhdqClEysT8eLMBfG+IXLW44mF/M3NBeVsbMAk
5ugH4hlyaIK2Pxh1yIHOCz1uP7yRnj8X6ASp5PxbzBTowmHLynjyka0OnEdg0pR4
hsNvw9RyxPKPuqBTXy37SXGbp8mBmuFbQucaX7G80e8n5reCL9CvLTHKLiQ3BGdc
KanmYQjZ7K1/FISuBpl653iiR/Kpb4bfY2x2Nl54Pxs2ueFMwskIqsfGyxU6nSPb
Hk9OpDpJlQ14PTxZ2Tw/tvPJIhFqvQshrVD57OvQhgXrda+7o/sz1DbL5djLSAPj
b05luaVW9U+88XgAkcNPNZfrohy3JY1EnXPY5n3M83yZZ7QPPlwxc66Nu2PBS/rM
B0erP4t0c2tqxpMoewSmlX3Q0qm83IRET9ozSMqoEWbFYho499MR+uyTCkw1YO05
JfHS/4o/t+z9PzHo1h2r0tqij52WcgeD4TSZ8W4MdZxMmwk6w+XOsJYDpY7eX2gt
a6IRr5/pgzv6PLWjpXSwj1XCtQUxoZkWS7GPF5qfbBh1/t3hjRe6Hv8MwQPP0oSw
LelvMIhii2NVvlPueuSWH46XencEQId66wTkAx02YxP84FMctw7jJl7oljb/JrQ7
EXo9Iaaohz1ZjLSH3+Ht
=rHnt
-END PGP SIGNATURE-

Re: System craches when browsing a web site

2015-10-28 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thanks for the corrections. To be honest, the install to test this was
the first install using tasks I've done in a very, very long time.

/peter

Am 27.10.2015 um 22:51 schrieb Lisi Reisz:
> On Tuesday 27 October 2015 13:30:02 Peter Ludikovsky wrote:
>> (Iceweasel is the default for Debian for example)
> 
> It's not.  It's desktop dependant.
> 
> Lisi
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWMG4YAAoJEM+6Ng5pbtyZWDQP/inM6hdsX2FDlP7ENpD4t6LD
bW5VCk4C4tP/rssXvLamxHKhXR0/s5kFvkU/G8MYita0cfG8+/T5lbrC/PPMX+i2
jU80yuR9VANh2rm8A6poxY100+tMBkzEigxm8jhWGvmCgxzcz1EkfkoUvKy8ueRE
zUBa3lLlu1vXcmphWbv4u3xdR10Vo7J5l3qDjhfDvYPZ+3XCI/RbqNQF9CtjSXPL
riqelvYJtiq2g6LE1pmojwaBnbws9HlWz/iM7xsn7QNxpJxJnvkASWtfQWZol2tD
drpVfKlnXv4WhWu6x9CyXhGREsN/+j2+pjZYg5hLgJ6vZx196ffAfyGKnQo44zRm
EocfuIOh1q1lO0srCfs8EFZoZMMSm0f5Q/7vabH53RZSwlJwn7b+QhbwKYTLln3N
WbAWh7lgdZGOONDtztEpTohxSGUuSjPYAoSDM3yHihPe8p+6WhMkR1mqsHV+VZWS
XqcEQcRiQk+fo0FhyfJnVMsgWcVdU56RKQBhqp0kQE/wowZ2sxAMJai5ZZFkXY8O
SOmvOOaFMBPtYrzcqVJGO4Ptl0rmIMw0wmSc5JdC2N47pZmx5TReJGPfKxxTkJkk
AVHD/cfPxd2kEXXUbpE/kAPtXDai4Ndk4IFMTuDvH9kLJmxT2jWbg6glS5Qx0Yga
IEwdoJMZrG6VWM1we3qD
=CdTo
-END PGP SIGNATURE-

Re: System craches when browsing a web site

2015-10-27 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,

This is not a bug with Debian in particular, but with Epiphany in
general. I could reproduce a similar behaviour, but managed to kill
the browser process before the system became completely unresponsive.

I suggest you file a bug report with the Gnome team:
https://bugzilla.gnome.org/enter_bug.cgi?product=epiphany

Regards,
/peter

Am 26.10.2015 um 16:40 schrieb Abou Al Montacir:
> Dear All,
> 
> I tried to browse the following site multiple times using epiphany 
> browser, and each time it makes my hole system crash. Only 
> poweroff/poweron can recover. https://www.blinq.com/
> 
> While I can understand that epiphany does not support some features
> and craches, I don't understand that the system itself craches. I
> was not even bean able to user ctrl+alt+F1 to kill the process. I'm
> using 16GiB ram + 32MiB swap, so I don't think this is memory
> issue.
> 
> Can you please advise if I need to fill a bug against general?
> 
> PS: Please copy me as I'm not subscribed.
> 
> -- Cheers, Abou Al Montacir
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWLzfzAAoJEM+6Ng5pbtyZGo8P/Aq5Bnb730q4g6/3bxnHbt1z
gTLgl2lxKZNVS4awjhZfbLskAAIN+WZcLQtQNZPSaCVZrGEZxYDavo8QCztMr9mT
t1IZYXgw7aPozKeTm+tuEHIKtS4U5nsbF9Yylg1txyBjRpwgry322VN5fKSNcJJS
bIoVVzlZ8EGG0x8tggzgFwkUWoyj0Ry4/Nc2qohwiKaom+1gxBir92etpIqlqXD9
3wB84c/ZxvgD5puAH4o2Y1dojJckyZomHihvojmD532aQE3u0aIshbFIeQipmb6+
BPyiKHFceL4Lj2pWVJoTLKe+XqJZCQc7WJFsFF1S25XIirKMP6caRyzB9APyeN4G
xX1aOipDQ1f/aPzItBhM+KAlxQZsXR+C2MWiXzP3eqCiX4SVfspM7v2CkY26K++s
Qtk10r48FSDp64iW5XT/q8YLu+VQ400huv6Dy52S1gT9AchdTKZmQMFDaGIY9mxh
dCGUUDkUws2o8EAcFHUp2Qmq6YQnNTdHNaQ8zzcYuBCJkmcNfhjT0KgIu9HbesOL
oBvaCo3b+e0KAF88do5c8npE64qQKXa2g7STQGKP9gAIvtrwKPWhD2ee+7mi5UPK
vSgfHeeHzdn8qzTFJee21KGcQTIv0Xttf0T1imH2cFBVg6Jvd89+ztgZhhaxVgQZ
g+h44ZkquZzW/Ywm7Mlk
=HvPV
-END PGP SIGNATURE-

Re: System craches when browsing a web site

2015-10-27 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,

I've looked into that issue a bit futher, and as far as I can test
within the confines of a VM I can say that
1) I can still access the TTYs and
2) the OOM killer removes the offending process as soon as both RAM
and Swap is full. Since your Swap is rather large it takes a long time
to fill up, during which time the system constantly has to swap in and
out programs you might be using.

Aside from the obvious issue here you've apparently made a conscious
effort to switch the system browser, as Debian by default installs
Iceweasel, not Epiphany. That means it's not a combination that the
Debian QA team had high on their list of priorities.

Why is that important? You lament that you switched to Debian from
another OS because you wanted stability. Given the high number of
different DEs, browsers, mail clients, chat programs, ... in any given
distribution the QA team can only test certain combinations, and make
those as stable as possible. Since the browser from the GNOME project
isn't included with the GNOME default install I'd wager it was
exchanged because of bugs like this.

But the system stability didn't suffer. The OOM killer removes the
offending browser process once the memory is used up, and the system
doesn't die. Once that happens, everything else is back to normal.
Even a bug in the GUI can't (usually) kill the whole system.

If you really want to protect yourself from issues like that in the
future, either switch to a better maintained browser (Iceweasel is the
default for Debian for example) and/or set a hard memory limit through
limits.conf or control groups.

Regards,
/peter


Am 27.10.2015 um 10:05 schrieb Abou Al Montacir:
> On Tue, 2015-10-27 at 09:38 +0100, Peter Ludikovsky wrote:
>> Hello,
>> 
>> This is not a bug with Debian in particular, but with Epiphany
>> in general. I could reproduce a similar behaviour, but managed to
>> kill the browser process before the system became completely
>> unresponsive.
>> 
>> I suggest you file a bug report with the Gnome team: 
>> https://bugzilla.gnome.org/enter_bug.cgi?product=epiphany
>> 
>>> 
> Thank Peter for you answer and you test.
> 
> I fully understand that there is a bug in epiphany browser and that
> one shall be reported both against the package as I consider this
> serious and against the upstream bugzilla.
> 
> That is not the point I want to discuss, but rather shall I open a
> bug against general as the system is supposed to be robust enough
> against any buggy user program. This particular capability of
> Unixes system that make it possible for multiple users to share the
> same computer, but also for the same user to ensure no program is
> jeopardizing the others.
> 
> Isn't Linux kernel supposed to care about this kind of issues? In
> the past I knew that if a program was trying to allocate too much
> memory, more that what the system could, it used to get a
> segmentation fault, or similar signals, if a program enters an
> infinite while loop it get anyway preempted to let other thread
> run... All the nice features that make one migrate from a popular
> OS to a nice one!
>>> Can you please advise if I need to fill a bug against general?
>>> PS: Please copy me as I'm not subscribed.
> 
> -- Cheers, Abou Al Montacir
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWL3xZAAoJEM+6Ng5pbtyZLsgQAJK4J8/J1QQWGpeuKLOLIMLU
z/mIszPnIuX5Ouo3vUM7YAcSW07D5cIg/6tuIhu3MiruSAgFNGzeXPergb8m1Tkp
nJDOrxrNbhRxBYTmvqZ5mM/JoiErzVmRAw/JHjrpVvOxiJMu0XmAVo3tIre4QUsB
MP6hhvu/5yfomP+aad83bhfh75m+zzXLoT3oAw7C9Qh85WfBWHwoC/SCAm5HydKt
OImaIAN7eakdsJvprUtZHyM4PNYAT7RUviAlxER6PbaJS3XVOruy46vcUYCuOtxf
449BI2ifwMpHgTzcvgXhYd6qhS51UdSESw+Buo8YBdnGntuDA7nM19Lif+wYI6Qc
F37NnfTxKu43L8DpnlFXQOzZ6N5WweNSF96ylMFJn1LxQywPKClMip1dk8uojw0H
lr4lDix3JATcenzVWlLzrRfFdHq2yjM47euZ5elZjQI0wAcGdIsGABnBifO7Y6gI
AdguQHDojGeCNzYnZCTpksyIIanXfoc3ip7pKEq2ZXPuiIWVlGlAq8cetNT1mXk+
RQPDgTdKlbjqdNf+fwWO9E9vuwKEz8qf40yETztm1Z586FU33EsOZZ3xiY+HNu6N
1gILihmXduF/i2x99Xg0oUPv132H/NmG21lJ+4tWGlTtV+Kc6Z8XaZZ+/gd2poq+
lkykv2JKh2Ap20Vu18F8
=AjMN
-END PGP SIGNATURE-

Re: Isn't this a security compromise?

2015-10-13 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

As a general rule: If someone with malicious intent has had access to
your box it ain't yours anymore.

But there are some things you can do in order to keep all but the most
determined attackers out:
* Set a boot password, either in BIOS or (U)EFI
* Set another boot password in GRUB2
* Encrypt your disk with LUKS and yet another password

In the end it's your decision where on the line between security and
comfort you want your box.

Regards,
/peter

Am 14.10.2015 um 06:37 schrieb Himanshu Shekhar:
> I searched today about what to do if one forgets his/her linux
> password. The following links described the process: 
> https://pve.proxmox.com/wiki/Debian_reset_root_password 
> http://xmodulo.com/how-to-reset-root-password-in-debian-ubuntu.html
>
>  These tutorials assume that a person has the possession of
> his/her machine which is true for non-mobile devices. But how can
> one make sure that the security of laptop/tablet having any distro
> of linux is not compromised?
> 
> -- Himanshu Shekhar IIIT-Allahabad IRM2015006
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWHeQkAAoJEM+6Ng5pbtyZGXYP/06tXQIlSNyf31DimDaqJt3l
nKpJDSexH0cDK6ziHWHWnCB2IcW6eBIuuOeB2nM1unw0mkaS8s84ORse5Mvt54rF
J6RGs+3Z4fUdX+QPTzP4qsUItkoaYUrH603JYMkECP54oghitrfOrzMBQCWOje0i
Q0Ic7NdAe25OxZj+HdlMwxNpXF5ac3m58CrWgbZrnurXG1i1I3o96p0qpA+KrxC1
cKNkiGmIlzsHNYyYNKXdwZTJb91sgSV9aZZEPAEO6/SEnnCkHzEoPOyqOabaOJJw
c0XGh8mL+weF7BOrBgpGDGFiaFNRsmsc+VPYpp1dbqMMRq81/e+IOhzG/yRyynKp
wZbjAOkVa3SLsuHFBHRR4sDasg6OolBZZ/ePyexJ91a79cs9CSpw4/azTyvENxup
ZsiBIqVFu3aC9thxVFHZRIiRrnVdAvADgGytBf4oINOsPZhwYOtpfLOGmuVfvXBg
YOejVFjlpxOIplLrd1Gf8y+IcFvKqcI1JfbKQF5h7pxp9gcy5AK5AovfGa9Su9dk
nStYk40A6v4wssbbyLOQ4chNj1930Iezh0B06AgM2r0rnUHoBb7cK9WV6aDDGDoI
EhK3WC4Amu8nnj6UkW9uqLlpGeLP9JSpmMiTctYpyz5mBy0X42vp4WQPGYx6UETm
pS4d4sNtElhQsfrWyZWL
=Q+zn
-END PGP SIGNATURE-

Re: Advertising and commercial services in free software

2015-10-05 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

> Lately, I feel that this trust has been violated. Most notably, by
> the addition of advertisements to iceweasel's new tab page. 
> http://timothy.hobbs.cz/iceweasel-ads.png See the "Booking.com" 
> sponsored link.

Apparently, that's a bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787174

> I would like to see an in-depth discussion of where Debian draws
> the line when it comes to interaction of packaged software with
> commercial services. Iceweasel has, for years now, used google.com
> as the default search engine. I doubt few would disagree with that
> choice, despite the fact that Mozilla gets paid by Google to make
> it that way.

As I can speak only for myself as a user: I draw the line at closed
source for which there is an open-source alternative with the features
I need.

> Another interesting example is that of the open source Atom text
> editor: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747824
> Atom is, as far as I can tell, mostly a front end to github's
> closed source services. Should the DFSG allow open source software
> that is merely a thin front end to something closed source?

As long as it doesn't require non-free software to work? Why not.
After all, someone could integrate it with some open-source front-end,
like GitLab or RoundCube.

In the case of Atom cited:
* The ticket is about the "issue" that not all files contain a license
header, which isn't required anyway.
* It's an editor/IDE. You could just as well complain that it's
possible to create closed source software with it.

> Another example is docker.io, which is almost inseparably
> integrated with Docker Inc's comercial Docker hub.

You said it yourself: "almost". As long as it's possible to create
your own images without resorting to closed source repositories I
don't see an issue.

If you want to completely detach your private cloud from Docker Inc
they have release the Registry software as open source:
https://docs.docker.com/registry/

Also, would you complain about RedHat for their business model? After
all, they too require you to buy a subscription to their open source
repositories. Or is it alright if a company wants compensation for
their work of curating, testing, and integrating of software?

Regards,
/peter
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWE1NnAAoJEM+6Ng5pbtyZeWQQALGi9hronXdP6CZoMTZi8no+
2tWPFMF8/4ysa/1y8TBNvNZonJOF12MM6wUb8lU6B9raOLZfu2sq+Y6DdIotnmAH
rnkGxVK8BZCKUmHV6BqFr+98UO/J1ak/tnXZs0vXkf0ZuVfrJGSM5W1HwupsGnfs
+HsVw7nLlw6oGLtCU2ml1Ar3UHJZXLrldVghYk3fgqgmygavOJdPt6RLlM5C+0CM
umJ1X3PG05MGoTCeHYRaxWHEG9cc3aaLd/lQ0agJHS7ZMZ7xuwEs1zRNH8nzjO4C
TgeZxAdgigZ46ZiEPfAJopRckYZLL1QiHoa9iF5ui2FtRelK69tYWZp/LWBIcAqI
JSyvalMXJGjr2qHZq55gi4OiLv5W6eSsmGHYnOSjF0f7XLhv9vqgk4UUvnr0kD0V
Rk59DcuT8DKd+uF7DycoSmBgTLOIlgdVuQqLR7Su47qpzhw5h6Cd1v3AGSXxeEPu
sHy1ADRz6bNIF6u2Iq5K0maG7/1l+JZdJibsdoCKu4BUHOKr3OeGTkp7XfE2FG+8
4HQwZ5+5dBN75/5tEp8jBRpqYHQQGLMa+X7nxVsNVSbhSQEKI5zwspRJr9dxsvZr
BGu2aBqCb3vUpHvyiWVrLHV2WCfPMS7bjkoF0pQnh+mhs89NCJ24PcyC2e+wK48W
wl0cpwSLk2UtJHAn8a8I
=zlOr
-END PGP SIGNATURE-

Re: NFS rename sometimes hangs for 15 seconds after upgrade to Debian 8

2015-09-28 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



Am 28.09.2015 um 18:59 schrieb Mike Kupfer:
> Peter Ludikovsky wrote:
> 
>> The big difference happens at packets 58/54 (Deb7/Deb8). For
>> Deb7, the RENAME call is immediately answered by an NFS4_OK,
>> whereas for Deb8 as the client it's an NFS4ERR_DELAY. I haven't
>> seen any reason on the client communication that would explain
>> that, however this is far beyond my knowledge of the NFS
>> internals.
> 
> The DELAY response in the deb8 trace is likely so that the server
> can ask the .3 client to return its delegation, which it does at
> packets 56-57.  (The .3 client obtained its delegation at packet 39
> as part of the reply to the OPEN op.)
> 
> In the deb7 trace, the other client is .4, not .3.  It does not get
> a delegation when it opens file2 (see packet 39), so the server
> can process the RENAME immediately.
> 
> mike
> 

Hang on, the two traces haven't been made at the same time, but rather
separate. As in:

* mount the share on 2 machines
* create the files on one
* cat it on the other
* time mv again on the first
* umount the share

However, the captures omit the mount/umount part, since that doesn't
appear to affect the outcome.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWCXahAAoJEM+6Ng5pbtyZJ1IP/3QJi8sJPPfGvLBxwKK8h2lx
ywnVGRzZhM90ILND6JjIBXmlgKEdGf6fHxdu9cjLDYri3CzfL/oM2T/X3CPmCn3s
23T8x2P6Yp3jGhR8HgxV/HWlUAt3wKpzfkYiQFGHVmjR78nEE61Do027p/Z2M31E
nBy8yNUoINjY0RGfiHVm0zzU+CrPG/CVUmWNFTB+Z9xkz96svqdudttoa5HMEON+
QHzNYtyw2dsg9EI2VxxDe/Uv1MJz7CIy41cTsQCZYaQOhBw+ywExNRww6IZcDg4R
QpLNv2Vo2NvQpuENQyqgEgx22opTuKbNLFoCN2DUDWPXhjRN1sqVuWgjWvX3+7X7
et3EqddZRZosjSOSI1sTMfWixQUIvimg9qnlovBh4qzZXmsyPUKC6852qhoHk/IN
JyHggEff/u3TeMmJqnyHgI1Gys08kXyCql3DGMyhIii4xJ2bLK//JvyhuGe6JzOn
Zo5UQt1nr+M5t0xwCKX0HvpnSbKhC04HDYxaTZ/DAgT9t3yOMFstM0vn8m0M4z2C
W3ry8itJf5PP9bWCeI3XbgsZkwrcg57oK4VfXE3hGQjzZQ+Bkina1vLQcDRywcrx
7ENbUQH7QbzmheM/ezzw6Vz+AdRvWwus1CSJ0fqeBTdSU+lDGUKQpLVbtY1yQfvL
XK5RL1TmemDp5VkrRDPT
=+m/o
-END PGP SIGNATURE-

Re: NFS rename sometimes hangs for 15 seconds after upgrade to Debian 8

2015-09-28 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



Am 25.09.2015 um 14:04 schrieb Vincent Lefevre:
> On 2015-09-25 10:11:10 +0200, Peter Ludikovsky wrote:
>> My guess is: Due to the rather large wsize/rsize, the clients
>> create a rather large attribute cache. As a result, when you cat
>> a file on the second machine it updates the atime in the cache,
>> but doesn't yet transfer that information to the server. When you
>> do the mv on the first machine, the client tries to get the
>> current attributes on the files involved, which prompts the
>> server to wait until the second client runs into some kind of
>> timeout and updates the attributes. Only then is the second file
>> "unlocked" to be overwritten.
>> 
>> Further proof of that: when setting noatime as a mount option,
>> instead of noac, there's also no delay on the mv.
> 
> Thanks for the explanations. But the second client, though it
> doesn't update the attributes immediately, seems to do it quickly
> when asked by the server, otherwise the problem would also be
> visible on Debian 7 machines. I think that on Debian 8, when the
> rename cannot be done immediately, the client retries after 15
> seconds instead of retrying earlier.
> 
> Is this related to the following patch?
> 
> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8478eaa16e701ecfe054b62ec764bc1291b79e19
>
> 
Can't say if it's related. I have, however, managed to capture the
related network traffic (see attachments).

The big difference happens at packets 58/54 (Deb7/Deb8). For Deb7, the
RENAME call is immediately answered by an NFS4_OK, whereas for Deb8 as
the client it's an NFS4ERR_DELAY. I haven't seen any reason on the
client communication that would explain that, however this is far
beyond my knowledge of the NFS internals.

Maybe attach that information to your bug report as a point for
investigation.

Regards
/peter
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWCQizAAoJEM+6Ng5pbtyZxBUQAIp/OIHN4SM1N6DnS1GjN31Q
8i0eDFw3PNd/LoFBuQ8CUPK7U1ts8II2z0hBqCSFVj8VGGnxOVgkqYPEh2+Ovz4G
1SkeDmlo79POIwfXIhL8ORG/0svr2bbZ81L4ciFAQyF2xiRLq8Y+fNTgS5qNAjm2
xSFwnno7rXyKkT/U1oufjoCD65u263UpBCYgDeNs/pgbay+q3CEmYJOerd10cue7
fkgzysdRTYKQ9G9LqPsWPspMo+TMxzr415ln0bYcBmN/R0mQx4+lPzZsacSX4Hjh
FO5y8j0xyJKUE9BS3dCDW7me9SMQl2fbCoS9eDTs5LocwnvhggVVbtVc1iAHL8te
S06Fq8c2Pj5WNQlCP1cY42drJnqYOZdTirk2aAGAdklbRP1CBAvecld2r0vdAHFv
2tvSeyIYNVR5eGDT4tbpx94Dzy/MOM66d1Cxlu5lBk/pPOw1/gHwgxCIeHAXXV1d
5i1OYenFN988JQbr8kpyBwBVBuCK4IiGnOkZRECIdTS1VV6YzlpMH8LeRvKs8OiO
t09O8LBoHvA9Zgy7Fz8c3mDlHhcRqJXRH7ArspMM519eFaXaxIzA0o1vQfHUzDB/
yPfVsnX0oCRF9VwfpIMOCg0RJBb/XZB3Iiotou+Uj8QOrcyY0Hw3NBOy1kQjtvUh
bGysI2qLKAcggJ3P7k4n
=3edq
-END PGP SIGNATURE-


nfs_deb7.pcap
Description: Binary data


nfs_deb8.pcap
Description: Binary data

Re: NFS rename sometimes hangs for 15 seconds after upgrade to Debian 8

2015-09-25 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



Am 25.09.2015 um 09:32 schrieb Vincent Lefevre:
> On 2015-09-24 14:38:01 +0200, Peter Ludikovsky wrote:
>> Other than that, what mount command did you use? Are you mounting
>> the share yourself, or is this an fstab or autofs mount?
> 
> autofs
> 
> The only option used in /etc/auto.master is the obvious -o nosuid.
> 
> But the options seem to be the same on Debian 7 clients.
> 
>> Do you have any control over the NFS server, and if so what are
>> its settings?
> 
> I could ask the admin, if they are useful for the bug.
> 
>> I did manage to replicate your issue. However, it disappears as
>> soon as I sync before the mv, as well as when both the rsize and
>> wsize parameters are reduced to 65536, suggesting this has
>> something to do with a local cache and/or lock.
>> 
>> Apparently the issue also disappears as soon as both sides have
>> noac added to the mount options.
> 
> Did you have to change the server settings to replicate the
> problem?
> 
> Note that if I do a "touch" on the target before the mv, the
> problem doesn't occur.
> 

No, I didn't have to change anything on the server side. noac is a
mount setting for NFS, which basically tells the client not to cache
any file/directory attributes, but to ask the server each time.

My guess is:
Due to the rather large wsize/rsize, the clients create a rather large
attribute cache. As a result, when you cat a file on the second
machine it updates the atime in the cache, but doesn't yet transfer
that information to the server. When you do the mv on the first
machine, the client tries to get the current attributes on the files
involved, which prompts the server to wait until the second client
runs into some kind of timeout and updates the attributes. Only then
is the second file "unlocked" to be overwritten.

Further proof of that: when setting noatime as a mount option, instead
of noac, there's also no delay on the mv.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWBQGeAAoJEM+6Ng5pbtyZel8QAItKpN7wTP527aF06YGYymwQ
Ema5V6cQ8dfYHT6dr2YKqCdG+I9TZeg4xeX5i6b8jtrbKqTHuOFK95SfN/dt3FTb
6clEgXndEZP022Mko7C7IGVBsQQIgnc57POywsglcBW3Vkq7FhBualg10S+KnhUw
XFeHhW9SFNwY6sjM+r77rvzilMjEnbry/ik8gSzEB9Y/Zak92DzHFVB/mQshgZKG
uDuwI3ZY9pRsW8QfxfX4/Ueo6IwtrP3K9eBObifbpiuFzfj8h13+hA4rCp+JYfhb
+2lvlngzQH6pArk/cXt/7RkIi7Rr4Baxyn4ZR5viO2HcDBtFszsvWJkwHMl6JO5v
7YeNL0ZuVQiHXZ5XjNKiVnMuyu0cBuzgYA/vOqwkMDbJj5GRZ9g2Mu3BIxHjCI5l
xqGJ2Lj3RJpzk5K0y0BYurxxEA2Fr4L2r3OqrChHXzYdU/+sCJ1FRvU+tHK++Vdn
CgGxnrWn7nzBo3l1MCmj1KeZgEVzCkBJhJ66AWlNL4EUYEDYowolaNOur1dsT9Ci
dxYxWru8YyifEW3zNlBkBJXqu4s2YkTY5J7pS4apYX4jvhrKpFkqtlu/gvTYzLrc
PU9W/12VsmBQqLhfIo/1We0iRX/wHNyMSHgI/vvWsuwtlgjcM4ECwNK/M96WLncr
0CuIVjGKpxXxn6FOC4Ey
=DNAx
-END PGP SIGNATURE-

Re: NFS rename sometimes hangs for 15 seconds after upgrade to Debian 8

2015-09-24 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Am 24.09.2015 um 11:46 schrieb Vincent Lefevre:
> On 2015-09-23 17:56:30 +0200, Peter Ludikovsky wrote:
>> When mounted as NFS3 over UDP: -  root@lab1# echo foo >
>> file1 root@lab1# cp file1 file2
>> 
>> root@lab2# cat file2 foo
>> 
>> root@lab1# time mv file1 file2 real  0m0.004s user   0m0.000s sys 
>> 0m0.000s - 
>> 
>> Same with NFS4 over TCP: root@lab1# time mv file1 file2 real 
>> 0m0.005s user0m0.000s sys0m0.000s
>> 
>> Any special mount options or export options you might be using?
> 
> Here this is NFS4 over TCP:
> 
> filer.lip.ens-lyon.fr:/export/home/vlefevre on /home/vlefevre type
>  nfs4 
> (rw,nosuid,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=140.77.14.11,local_lock=none,addr=140.77.14.5)
>
>
>
> 
Is there any other information I could get?
> 

The most obvious thing: remove the public visible IPs and DNS names.

Other than that, what mount command did you use? Are you mounting the
share yourself, or is this an fstab or autofs mount? Do you have any
control over the NFS server, and if so what are its settings?

I did manage to replicate your issue. However, it disappears as soon
as I sync before the mv, as well as when both the rsize and wsize
parameters are reduced to 65536, suggesting this has something to do
with a local cache and/or lock.

Apparently the issue also disappears as soon as both sides have noac
added to the mount options.

Regards,
/peter
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWA+6pAAoJEM+6Ng5pbtyZvjEQALFrhCJHmF/JYmAvXncmbBdz
PYvSHTbAN9vNzCc4vqzkf4CmhgIVNSrP0WsPE/AHo2BNgpQQIQzfiiTgLGRBJnqT
jDctQE/bJYMhk1aw08b/c2l6a7Ykc9R1rXu516ftrBKe9f5fcxFLndjIrtgGP01K
3Tah6v8epDd2t3MDzhABZdn4QB5oWesgcnISJOBsrds8+vfYOKjEYiCNGm7wlduV
8968HXrCWJxNrkyhMmHTpPopFxzk1LZD270zxkUiidA4kDxjcADSCJhP6+Bivv1H
h+QhzNZ8NUEYBam+PuL3LhlBFalgvEZGfRF8gULEbjX7umA4b2tLWhgQAraYmiDO
arfCrUPkcqv4oB9mldrL1PfhKLzMtz4bQfg3/8u7gBBWnpkFq7JhE9CMQ7oddBBQ
rosT9sXsCRneYXfINJ57czof2kca3+5p/nZB7wgANKwD0nFWhFObduZJRnxqNXes
jdKNRrGg4oy0HJAMWXUvr/0Oy5iqoWwtGNhx4FHr2W4Lgie8g+YOciLsInsdytCu
x5x2EHcIOpVUBkya+xHxD02kk2loWKNh/sIV0RdgKabJ9YhY7srxh6uiPm/SNnvJ
67mpH7ekg5FOFc6njndeq1nXBzp/CX29GM8AnC5no5/Zmqf1qLiXxlTJFvYzZpNS
g4oRynIeq5Zd7sD2JoaW
=FojV
-END PGP SIGNATURE-

Re: NFS rename sometimes hangs for 15 seconds after upgrade to Debian 8

2015-09-23 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,

I tried to replicate your problem, but couldn't.

When mounted as NFS3 over UDP:
- 
root@lab1# echo foo > file1
root@lab1# cp file1 file2

root@lab2# cat file2
foo

root@lab1# time mv file1 file2
real0m0.004s
user0m0.000s
sys 0m0.000s
- 

Same with NFS4 over TCP:
root@lab1# time mv file1 file2
real0m0.005s
user0m0.000s
sys 0m0.000s

Any special mount options or export options you might be using?

Regards,
/peter

Am 22.09.2015 um 15:19 schrieb Vincent Lefevre:
> At my lab, with NFS accounts, some machines have been upgraded to 
> Debian 8, and I get regular hangs on these machines, while they 
> never occurred before on the same machine and still never occur on 
> a machine that is still under Debian 7.
> 
> This happens with one of my scripts, which does a lot of "mv", and 
> more often when the target has just been modified from another 
> machine.
> 
> A strace showed that it is the "rename" system call that hangs:
> 
> 52026  0.000208 execve("/bin/mv", ["mv", "-v", 
> "ssh/ssh-reconfigure", "/home/vlefevre/bin/ssh-reconfigu"...], [/* 
> 112 vars */]) = 0 [...] 52026  0.97 
> rename("ssh/ssh-reconfigure",
> "/home/vlefevre/bin/ssh-reconfigure") = 0 52026 15.057725
> lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) 52026
> 0.000189 close(0)= 0 52026 0.000175 close(1)
> = 0 52026  0.93 munmap(0x7fd5a610b000, 4096) = 0 52026
> 0.79 close(2) = 0 52026  0.000106 exit_group(0)   = ?
> 52026  0.000307 +++ exited with 0 +++
> 
> The NFS server isn't particularly loaded.
> 
> Has anyone seen a problem like that? Where does it come from? And 
> why does it affect only Debian 8 machines? A new bug?
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJWAsuuAAoJEM+6Ng5pbtyZGhMP/2yC/CgWhb5+yvA5jb/pd3sW
FwNw1mvH+FQikKVvvPgy5AMO3d2rQafh/fXQlfZRnC0Hu3jXn99K60mV//88KqGm
N+axMi5octq8s2zhF/K0/axsiPHAhgo9ggdlcdXE0ekQvgw5gzXJ6hDutnaFTaun
gay6HK6Ujp0JuvCxUQzq8uiv5VTPJiT0ftyBAF02dFqO0yBgGhDAt80NUtMGRwZB
nuya8pD7EhZH7x0vabnv3935+X0V1bpQhyKHWAbzCMY4Uce2wt0wtR9FEJVOyj4v
gQ7WHULo53fYOLdKw5REhgtEDqIFDz6MRsOup28gv7sZBW7/Ps3IbOi06/ovuR3W
WWZhYys+F/5Nmt8tKD7XWZfYQ7TnUN35Z1PS0xCK8+cEUWxSbI2OftyVBfI+iRCn
W3n0N2cvxyaRfWGwLs5ROO7/g+5xeNH5WiziaNZa5QfFae8j2J8lUIyG8aSZ/Axe
n0/HfwfA5vp9IIPVSOgsw+xmjkzCtIOtL+2cWBu5nTixD301hFRSuZCbUsz5f0Sq
tDUDzyYKYsUXJ5+YvBktgZ1dKD6nR3TuJdRl70gPJo6RuCxhvfRqHy47qrSOw6qL
HfKUZYnlgOMV1ufXLTI9sTq/YcDmJzKD+LDJUlumF88le58w5bq8KeR8uusGySSF
wQjgvRlwVkzvDsxm9b0z
=CCwk
-END PGP SIGNATURE-

Re: upgrading debian 8.1 to 8.2

2015-09-10 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,

Updating between point releases is the same as any other update:
apt-get update
apt-get upgrade

Regards,
/peter

Am 10.09.2015 um 10:17 schrieb Himanshu Shekhar:
> i have debian jessie 8.1 on my laptop and wish to upgrade it to
> 8.2 without messing with the much configuration i have done and
> without losing any of the packages installed. please don't give any
> suggestion or method you are not confident of.
> 
> -- Himanshu Shekhar IIIT-Allahabad IRM2015006
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJV8UiqAAoJEM+6Ng5pbtyZaYAP/30dMEmlHLhzkHsaRWYy3YON
y6c7AfCeFA9OOseJPQB+ZWpgJYUduh9ek8gQaZQO2lx9dQPIIHD9wAmTrFo7vv4D
2RN23yRLoSBGOEha81fcCGkXRjpmXIVFahgH5XtXJubqSbbEZqwgpMWrcW39O8F+
sDFANjmsw5oymZQeRQQRptW/tsbXW629OIItH5oNutY7eVWcaI/wQ1ziL8OzSYfy
XKuUStWDf1rSGaNr09/PDwYmBCyZZM85RTYkgBzXqmonYMWH0keVDCg/TTNWlO4L
9Jw4Kqq5UXtuIyBum0L3nYg2yPOMVjZgbDnztAamjtVAesq0+4SouYz6VipL20w+
J6/BhpY8BqBQeZOjYeyLSv3LZcDrFuryRlNjS0I7vHHPG6mn0lDubNI1EJdHUwlv
FzLA53Uw7sXGNTbtPuETlymtVKVtRspBEUtbHZTJuM4xc7W4FeCmVQVX8s5HArax
2ksih1XCQR1JKWhE/1f1f9xeJFolZ5MIM/dcn1W84ckuyK38QySqlR7rFUJOO8Vq
PPfeuguSpGszKf+w9dGlLhKmTgZU3IJSBJbPBhwtGn1aK3IETpNb/jzKKAOinzEA
lJRCiw7in7xcusogvp/g3wOb581UARV3tWJlSFK5mOhGCOMwFOalRvCLY3xAeEeC
Y1yp7SjySUFDEL6j8vAx
=OzCm
-END PGP SIGNATURE-

Re: Redirecing root emails to a gmail account

2015-09-08 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

First of all, use -v -s instead of -sv, as the latter says to set the
subject to 'v', and adds an additional recipient Testing.

Other than that, can you post your /etc/postfix/main.cf, and/or the
relevant parts from /var/log/mail.log?

Regards,
/peter

Am 08.09.2015 um 09:03 schrieb James Allsopp:
> Hello, I want to have the root e-mails sent to my gmail account if
> possible. I can send email here via commandline
> 
> echo "This is a test." | mail -s Test 
> 
> but despite editing /etc/aliases so that root points to the
> external address I can't get this to work.
> 
> echo "This is a test.(root)" | mail -sv Testing root
> 
> adding a verbose to the mail command doesn't give any more
> details. I tried running newaliases, but that didn't make any
> difference.
> 
> Any help would be greatly appreciated.
> 
> James
> 
> 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJV7t5/AAoJEM+6Ng5pbtyZsBQQAJuXnS0qZ5qonTpEiXvAynFx
5ierTpmuLiIez2mlfc52bz0gmQWKBbkPcQBFCuOehkAYB3+56HT4HyIjw2ID/luF
eFudNhTSUPd83e5SSEgry1BgpJZltJ6dW65tTrqwJQLdk2Rie0dDwVXSmrhmWXj/
RUUQVXGxEiS8gO4vpmoyZ3INXKuqwh9kn+mGIdk0zTnq5e6GLVtMP3gpD3WHU5JV
QFRd0y4cFbYTt1GDuT5BpeiBoQxXZv3jZXL9/Hh+ll6DLAhBpnG6GEIn9uobX8Wv
wNoXYyfOefLIDOC7IV2jbHZ2rteA+q8rwQcWq0W67t7Zg46bO/hsNxXpOVUhdGUD
9UOVW3Y28UiW1VplT9imJaI+DWl6WUN233QgxqUB0eorvQR5nK+pOSPvUYb0/IyO
6TSMB0xGmi4MSVm01dU5CipJkQHWVU0XXLOlgAX7ceGnAvNiOSP1Ubm/ldiR5PgD
caGq8EXHStQlngwV74lorKS04KfIG8AcRthmjgRT7Bww5H+Z1mWWBGIx8aNWlEDL
nuSD43HeKRAb8IHCvtQuWnvygxElp9ZX4i1JYW4yg8hg/qBg9hWoevrJbmh4r/Uw
JC8iFmhx9398HxCJ0bMW5Hm0U1l/Up9juZks/OyWDNOvPd8Xry6QrOTRrZ4pBffi
lFF9IDxtZZ+3VmsN6K70
=SLx9
-END PGP SIGNATURE-

Re: Problems with php5-fpm/nginx/ownCloud after upgrade

2015-08-20 Thread Peter Ludikovsky 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,

For documentation purposes, if someone might stumple on this.

On debian-user-german it was suggested [1] that a new snippet has been
added to nginx for FastCGI [0]. Using that snippet solved my issue.

Regards,
Peter Ludikovsky

[0] Bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762491
[1] https://lists.debian.org/debian-user-german/2015/08/msg00307.html

Am 17.08.2015 um 14:31 schrieb Peter Ludikovsky:
 Hello,
 
 Recently, I upgraded my home server from Wheezy to Jessie. Ever
 since my PHP web stack doesn't work anymore, mostly affecting the
 ownCloud installation. The problem manifests itself as an empty
 page served.
 
 Software/Versions: * ownCloud 8.1.1, installed from their Debian
 repo * nginx 1.6.2-5 * php5(-fpm) 5.6.9+dfsg-0+deb8u1 * postgresql
 9.4+165
 
 So far I've attempted to enable FPM logging, but the log files
 remain suspiciously absent or empty. nginx doesn't see an error
 coming back. If I run ownClouds index.php on the command line I get
 the source for the login page just fine. Listening in on the FPM
 port I see that only an empty response is returned.
 
 I have attached the scrubbed configuration files for nginx and
 php5-fpm.
 
 Any help is much appreciated.
 
 Regards, Peter Ludikovsky
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJV1cZWAAoJEM+6Ng5pbtyZp7QP/2Bw3QLmJwFaNoUwvEp0ar8G
ERB66mSNB5pJFQ1+w6RPoV/0s2LpIlDReXuW7diZZrnfw5ozHbLKfB8cxiY1IlRU
23ndx9WBPJjjxjZ1fyxmcxC97WnEUjcF9WrOTRJPK82Ik1H2sYD/4o+wkuB22tYx
kkSrCo+GcC64L/BaK1VSetJioLmjNFPQmgexAaUaESIOJSpqMC4RhKvTT47t+142
P8O3floyphFns8y6Mxcr38iDT6reNMOniTlWqxY3WLIFGpjASAJLxJDdSGitcEMU
THSq3Mzygx3efYpQhSW0ZPIPgc7Awh5Ye8LbKjsQMVnJib4rBQtFBQpORFE9Gi4g
ukFpKHoCNgmboCYyBpCnf8zvjQFjACxZO83DstaTy9vbUzRkycrw2lSD0c4Ir3MH
aHI0GYmz9+d99F8uyr+Xg1Bj8ywckL6LU2VP2xg9awTaeJWJ91yltT/dTiR+Y9zX
FogD5VrHNt9y9z+dYmY3lYEjvf7p6imLhq0RHzjmLX6eT6kw62/0AcGsQowHL0cb
ugXluj8S6dQ/yF38uNvPg53lMGDQAhNPP+p28JAt2xFsBz2iM/irYX6rqPhMLPvw
foLtOIJE1bYWkNPSz+vjmYZ/40fvXrnKiU+8bmVnIpU5RmijNNeOouPyHYVFr0cX
lVDmmtZ2eQ0x5t6BqJW0
=ianl
-END PGP SIGNATURE-

Problems with php5-fpm/nginx/ownCloud after upgrade

2015-08-17 Thread Peter Ludikovsky 
Hello,

Recently, I upgraded my home server from Wheezy to Jessie. Ever since my
PHP web stack doesn't work anymore, mostly affecting the ownCloud
installation. The problem manifests itself as an empty page served.

Software/Versions:
* ownCloud 8.1.1, installed from their Debian repo
* nginx 1.6.2-5
* php5(-fpm) 5.6.9+dfsg-0+deb8u1
* postgresql 9.4+165

So far I've attempted to enable FPM logging, but the log files remain
suspiciously absent or empty. nginx doesn't see an error coming back. If
I run ownClouds index.php on the command line I get the source for the
login page just fine. Listening in on the FPM port I see that only an
empty response is returned.

I have attached the scrubbed configuration files for nginx and php5-fpm.

Any help is much appreciated.

Regards,
Peter Ludikovsky
[global]
pid = /run/php5-fpm.pid
error_log = /var/log/php5-fpm.log
 
 
include=/etc/php5/fpm/pool.d/*.conf
[www]
user = www-data
group = www-data
listen = 127.0.0.1:9000
listen.owner = www-data
listen.group = www-data
 
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
 
 
 
 
 
 
 
 
 
chdir = /
 
catch_workers_output = yes
 
php_flag[display_errors] = on
php_admin_value[error_log] = /var/log/fpm-php.www.log
php_admin_flag[log_errors] = on
upstream php-handler {
#server unix:/var/run/php5-fpm.sock;
server 127.0.0.1:9000;
}

server {
listen *:443;
server_name name1.local;
server_name name2.local;

access_log /var/log/nginx/name1.local/access.ssl.log combined;
error_log /var/log/nginx/name1.local/error.ssl.log;
root /srv/www/external/;
index index.html index.htm;

client_max_body_size 1024M;
fastcgi_buffers 64 4K;

add_header Strict-Transport-Security max-age=31536000; 
includeSubDomains;

if ($request_uri ~  ) {
return 444;
}

location ~ ^/owncloud/core/(js|css|img)(/.*)?$ {
alias /srv/www/owncloud/core/$1$2;
}

rewrite ^/owncloud/caldav(.*)$ /owncloud/remote.php/caldav$1 redirect;
rewrite ^/owncloud/carddav(.*)$ /owncloud/remote.php/caldav$1 redirect;
rewrite ^/owncloud/webdav(.*)$ /owncloud/remote.php/caldav$1 redirect;
location ~ ^/owncloud/(?:data|config|\.ht|db_structure\.xml|README) {
deny all;
}

location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta 
/owncloud/public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json 
/owncloud/public.php?service=host-meta-json last;

rewrite ^/.well-known/carddav /owncloud/remote.php/carddav/ 
redirect;
rewrite ^/.well-known/caldav /owncloud/remote.php/caldav/ 
redirect;

rewrite ^/owncloud/(/core/doc/[^\/]+/)$ /owncloud/$1/index.html;

try_files $uri $uri/ index.php;
}

location ~ ^(/owncloud/.+?\.php)(/.*)?$ {
try_files $1 = 404;

include fastcgi_params;
fastcgi_param SCRIPT_FILEPATH $document_root$1;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
fastcgi_pass php-handler;
}
location /srv/www/external/owncloud/data {
internal;
root /srv/www/external/;
}
location ~ ^/tmp/oc-noclean/.+$ {
internal;
root /tmp/;
}

ssl on;
ssl_certificate /etc/ssl/certs/name1.local.pem;
ssl_certificate_key /etc/ssl/certs/name1.local.pem;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH 
EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS;
ssl_prefer_server_ciphers on;

ssl_session_cache shared:name1.local:2M;
add_header X-Frame-Options DENY;
#   ssl_stapling on;
#   ssl_stapling_verify on;
resolver 127.0.0.1 8.8.4.4 valid=300s;
resolver_timeout 5s;
}


signature.asc
Description: OpenPGP digital signature