Re: guacamole - recording
¡Saludos! Esta lista es para correos enviados en inglés. Si necesita ayuda en español, escriba a la lista debian-users-spanish en https://lists.debian.org/debian-user-spanish/. Saludos, Peter On 19.02.19 21:53, Eriel Perez wrote: > Saludos amigos de la lista. > > Tengo guacamole instalado en debían con RDP a 1 pc en windows 10. Y funciona > bien. Aunque quisiera hacerle algunas mejoras. Por ejemplo, en la config con > el cliente de windows tengo que especificar el usuario y psw del usuario en > windows para que pueda funcionar. o sea no me llega a la pantalla de login de > windows para que pueda entrar por cualquier usuario local de windows. > > Y bueno lo mas importante, tengo entendido que guacamole hace recording de > las sesiones que se hagan. No logro hacer que esto me funcione. Cualquier > persona por aquí que tenga experiencia en el tema y me pueda ayudar se lo > agradecería. > > Gracias. > signature.asc Description: OpenPGP digital signature
Re: Get the external IP address from a Linux box
curl https://icanhazip.com Regards, /peter On 2018-05-24 08:22, André Rodier wrote: Hello, I am looking for a native package on Debian, that can give me the external IP address of the machine. So far, I used internet sites, but I am sure there is a package that do that properly, especially if one site is unreachable. Something I can run from the command line, and that would return the external IP address. Thanks.
Re: Download Manager
On 05/08/2017 10:19 AM, Thomas Schmitt wrote: > The image 2.png says "91.2 MB (9,11,79,280 bytes)". Ignoring the strange > commas in the byte number one can compute That's probably due to the Indian numbering system[0] being used, which groups digits above 9,999 in twos. Regards, /peter [0] https://en.wikipedia.org/wiki/Indian_numbering_system signature.asc Description: OpenPGP digital signature
Re: Segmentation fault in top -b1 -hc
On 05/08/2017 11:19 AM, Valentin Bajrami wrote: > Hi, > > There is a segmentation fault when top is used as follow > > top -b1 -hc > > I think the args are not parsed properly. The version used is: > procps-ng version 3.3.10 > > -- > Met vriendelijke groet, > > Valentin Bajrami There's no package procps-ng [0]. procps is version 3.3.9 in Stable, and 3.3.12 in Testing/Unstable [1]. Update to the current version, and if the problem persists please report the issue via the reportbug [2][3] utility. Regards /peter [0] https://packages.debian.org/search?keywords=procps-ng [1] https://packages.debian.org/search?keywords=procps [2] https://wiki.debian.org/reportbug [3] https://www.debian.org/Bugs/Reporting signature.asc Description: OpenPGP digital signature
Re: fcgiwrap systemd
On 04/21/2017 10:46 AM, Basti wrote: > Hello, > I try to use fcgiwrap on debian jessie (systemd). Now i need it as > socket (fcgiwrap.socket) and also as tcp (fcgiwrap.service). > As I can see it only start one of then or in other words only one is > available . > > Is there a way to start socket and service at same time? > > Best Regards, > Basti > Hi! You're mixing something up here, the Socket and the Service don't exclude each other. Instead, the service requires the socket. systemd can create a listening socket (defined by the fcgiwrap.socket unit) and listen for connections to it. As soon as that happens it will spawn the accompanying service (fcgiwrap.service) and connect the socket to it. For more information look at the definition files in /lib/systemd/system/fcgiwrap.{socket,service} Regards /peter signature.asc Description: OpenPGP digital signature
Re: pdf file editieren mit dicken Pinsel
Am 20.04.2017 um 11:17 schrieb Thomas: > Hallo, > ich suche ein Programm um einfach eine Zeile oder ein paar Wörter unkenntlich > zu machen. Bei Windows hatte ich da ein Programm und konnte einfach mit einem > dicken Pinsel drüber gehen. > Hier drucke ich das aus, gehe mit einem eding drüber und scanne das wieder > ein. Da leidet natürlich die Bildqualität. > Gibt es so was bei debian auch? > Gruss Thomas > inkscape sollte das können wenn einfach übermalen reicht. Nachdem du das aber wieder einscannst nehme ich an dass die Datei dann weiter versendet wird. Da wird einfaches übermalen nicht reichen, da damit der Text darunter nicht gelöscht/überschrieben wird, und per Markieren + Copy/Paste herausgeholt werden kann. Wenn du das auch verhindern willst weiß ich keine Alternative zum analogen Bearbeitungsschritt. Lg /peter signature.asc Description: OpenPGP digital signature
Re: Debian man pages - mechanics of creation/publication?
On 04/19/2017 01:40 PM, Richard Owlett wrote: > I've an idea for something to be added to some man pages. > It has not risen even the "wishlist bug" stage yet. > To rise that far I have to convince myself that the modification of so > many existing man pages could be automated. > > A web search turned up very low level details but not the need overview. > Suggestions? > TIA 1) What do you want to do? I'm asking this because it decides whether this change could be interesting for others or not. 2) Does it affect only Debian-specific man pages, or man pages in general? This answer decides if the change is a relatively small one (1 or 2 packages), or if you'll have to contact every upstream project to get the changes included. 3) For any change you want to do & submit an patch for you should read up on groff/troff, as that syntax is the base for man. Regards /peter signature.asc Description: OpenPGP digital signature
Re: When specifying path to file - confused about ./ and ~/
./ - the current director, usually used when running a script from it and it not being in the search path for executables ~/ - the current users home directory Trying to get through an interview? Regards, /peter On 03/27/2017 01:14 PM, Richard Owlett wrote: > Please avoid trying to briefly explain. > Please refer me to a good web page. > I *KNOW* I'm missing something fundamental. > A web page will either have links to whatever my underlying problem is. > Or it will inherently use keywords for which I can search. > Thank you. > > signature.asc Description: OpenPGP digital signature
Re: tor -- way OT
Hello, First things first: AFAIK, just installing privoxy doesn't make it use Tor, it just acts as a regular proxy. Visit [1] to see if you're using Tor or not. In order to enable chaining through Tor you'll have to have a line like forward-socks5/ : An example line, as well as a documentation for it, is in /etc/privoxy/config, starting at or around line 1238. Also there, you'll find examples on how to exempt your local network(s), as Tor will never be able to reach them. Or, you could install the torbrowser-launcher[2] package, which contains everything preconfigured for browsing. Regards, /peter [1] https://check.torproject.org/ [2] https://packages.debian.org/jessie/torbrowser-launcher Am 17.03.2017 um 19:28 schrieb Glenn English: > I'm trying to use the Tor Browser. They don't seem to have any support > (beyond an FAQ) on their site, so I'm asking here. > > Jessie and XFCE on a Supermicro workstation connected through a T1. > > I installed Tor a few days ago and it was working fine -- Gmail said > it was having authentication problems and that I was using Firefox on > Winders in Paris. Just what I'd hoped for. > > Then I installed privoxy and set the regular browser (Firefox) to use > it. Tor started saying it couldn't find the proxy it'd been configured > to use. Tor hadn't been configured to do any such thing, but I looked > at the config to make sure. > > Firefox is the same -- no proxy. It used to use privoxy, but I turned it off > > I removed Tor (Aptitude purge) and reinstalled (with Aptitude), and it > connected to DuckDuckGo, Amazon, and Newegg (maybe others, I haven't > tried). But it couldn't find the proxy when I pointed at local sites > and the virtuals on my server (again, maybe others). > > So I removed privoxy, and now Tor can't even connect to its own network. > > Anybody seen this, have an idea, know a fix?? Is there some kind of > (defective) interaction between the Tor and Firefox configs? > > -- > Glenn English > signature.asc Description: OpenPGP digital signature
Re: Cepstral swift and Debian Stretch
Am 28.02.2017 um 13:00 schrieb Chuck Hallenbeck: > On Tue, Feb 28, 2017 at 12:47:35PM +0100, Peter Ludikovsky wrote: >> Am 28.02.2017 um 01:03 schrieb Chuck Hallenbeck: >>> Hi everyone, >>> >>> I'm attempting to install a tommercial TTS from Cepstral on my Debian >>> Stretch system, and get the following when running swift: >>> >>> /usr/local/bin/swift: 12: exec: /opt/swift/bin/swift.bin: Exec format >>> error >>> >>> My system dual-boots Debian Stretch and Arch Linux, and the same >>> Cepstral executable, swift, runs without error on Arch, but fails with >>> the above error on Debian, same hardware for both of course. >>> >>> Cepstral support was unable to help, except to say other users run it >>> on Debian, Ubuntu, and even (gasp) Raspberry Pie. >>> >>> Anybody seen this? or have a suggestion? or use it successfully? >>> >>> Chuck >> >> Can you run & post the output of >> ldd -r /opt/swift/bin/swift.bin >> uname -a >> for both Arch and Debian? >> >> Regards >> /peter >> > > Here it is: > > not a dynamic executable > > So, I did an ls -l and it said, > > -rwxr-xr-x 1 root root 94946 Feb 28 06:41 /opt/swift/bin/swift.bin > > So it's not a permission issue. > > Chuck Maybe not an permission issue. But I assume that somewhere down the line there's a missing library on Debian, that's present on Arch. Which is why I'd like to see the output for both. But it's strange that file says it's an dynamically linked executable, but ldd disputes that. Regards /peter signature.asc Description: OpenPGP digital signature
Re: Cepstral swift and Debian Stretch
Am 28.02.2017 um 01:03 schrieb Chuck Hallenbeck: > Hi everyone, > > I'm attempting to install a tommercial TTS from Cepstral on my Debian > Stretch system, and get the following when running swift: > > /usr/local/bin/swift: 12: exec: /opt/swift/bin/swift.bin: Exec format > error > > My system dual-boots Debian Stretch and Arch Linux, and the same > Cepstral executable, swift, runs without error on Arch, but fails with > the above error on Debian, same hardware for both of course. > > Cepstral support was unable to help, except to say other users run it > on Debian, Ubuntu, and even (gasp) Raspberry Pie. > > Anybody seen this? or have a suggestion? or use it successfully? > > Chuck Can you run & post the output of ldd -r /opt/swift/bin/swift.bin uname -a for both Arch and Debian? Regards /peter signature.asc Description: OpenPGP digital signature
Re: xfce
Am 03.02.2017 um 21:58 schrieb John Culleton: > Some OS like Slackware come with an optional screen manager called > xfce. Does Debian? If not has anyone installed anyhow with success? Complete description here: https://wiki.debian.org/Xfce signature.asc Description: OpenPGP digital signature
Re: deborphan
What was the output from aptitude purge? The reason I'm asking is that aptitude usually auto-removes packages where the one removed was the only one with dependencies. Regards. /peter On 12/01/2016 12:26 PM, Rodolfo Medina wrote: > I did a little experiment with deborphan: first I did: `aptitude install > ', and along with it a certain number of other packages were > installed. Then I did: `aptitude purge ' followed by `deborphan' but > in the output of `deborphan' none of those packages that were installed along > with was present. Is that normal? > > Thanks for any help, > > Rodolfo > signature.asc Description: OpenPGP digital signature
Re: A full /var partition destroyed 3 hours of my life!
Am 15.11.2016 um 06:00 schrieb Borden Rhodes: > I start blindly casting whatever btrfs spells I can find on the > Internet to fix 'no space left on device' errors. One of them > eventually works and df -h correctly reports the free space in my /var > partition and Debian boots normally again. > > My question, therefore, is whether this is a btrfs bug that got > triggered by the full /var partition or whether Debian is designed to > break irrecoverably when /var fills up. Any ideas of what happened? > Does anything on the Debian Wiki on Btrfs [1] seem familiar? Other than that I can only guess, but maybe check the SMART information of your disk(s) for excessive errors, as it _could_ be that defective sectors prevent Btrfs from doing it's COW magic. [1] https://wiki.debian.org/Btrfs#WARNINGS signature.asc Description: OpenPGP digital signature
Re: mws vs metar data, nsw 1, metar 0
When you visit the URL it's fetching there's a notice that the service is no longer available: "In Accordance with NWS Service Change Notice 16-16 this service has been discontinued." Regards, /peter Am 19.10.2016 um 05:32 schrieb Gene Heskett: > METAR is a std data format that has been used for many years. I've been > using a gkrellm, with its plugin gk-weather for about a decade, but I've > just become aware that the last time I got valid METAR data from the > airport about 20 miles northeast of me was on July 28th. > > So as a double-chk, I installed the metar program from the wheezy repo. > It reports: > > gene@sheldon:~$ metar -v KCKB > Retrieving URL > http://weather.noaa.gov/pub/data/observations/metar/stations/KCKB.TXT > METAR pattern not found in NOAA data. > > So I switched to a slightly closer airport in Buchannon wv, and get the > same response. > > gene@sheldon:~$ metar -v KW22 > Retrieving URL > http://weather.noaa.gov/pub/data/observations/metar/stations/KW22.TXT > METAR pattern not found in NOAA data. > > Poking around on the NOAA.gov main site, there is no mention of it being > discontinued that is easily searched for. > > Anybody have a light to shine on this? > > Thanks everybody. > > Cheers, Gene Heskett > signature.asc Description: OpenPGP digital signature
Re: Jessie (8.0) - Unexpected behavior of "MATE Terminal" after reboot
Hello, Not a bug, but a feature since the first C shell release in 1978 [1], which was copied to pretty much every shell created since (Korn shell/ksh, Bourne again shell/bash, Z shell/zsh, …). The reason behind it is that – since Unix predates most graphical user interfaces, and most of the time the computers were accessed over slow modem lines – in case of a disconnect you might want to know which commands you entered last, and maybe re-run them with different parameters. But really, this shouldn't influence your learning. After all, the shell only remembers the history of entered commands, it does neither replay those commands, nor save the state of the shell upon exit. Think of it as kind of the URL history a browser saves. Just because the URL is saved, it doesn't automatically load the page on startup. Depending on the shell you're actually using, it might even be possible to temporarily disable the shell history, akin to “Incognito Mode”. Regards /peter [1] https://en.wikipedia.org/wiki/C_shell#History On 09/21/2016 01:59 PM, Richard Owlett wrote: > I'm learning the shell. > I experiment with test cases in "MATE Terminal" > The "up arrow" key is useful to recall previous command for editing. > I hadn't expected it when I found all instances of "MATE Terminal" share > same history. > > *HOWEVER* I found that history remains after a "power off", "boot" cycle. > That is *UNACCEPTABLE* for my purposes. > To start FRESH was the purpose of "power off", "boot" cycle. > > BUG? > Workaround? > > TIA > signature.asc Description: OpenPGP digital signature
Re: Hot swapping failed disk /dev/sda in RAID 1 array
Ad 1: Yes, the SATA controller has to support Hot-Swap. You _can_ remove the device nodes by running # echo 1 > /sys/block//device/delete Ad 2: Depends on the controller, see 1. It might recognize the new drive, or not. It might see the correct device, or not. Ad 3: As long as the second HDD is within the BIOS boot order, that should work. Regards, /peter Am 19.07.2016 um 16:01 schrieb Urs Thuermann: > In my RAID 1 array /dev/md0 consisting of two SATA drives /dev/sda1 > and /dev/sdb1 the first drive /dev/sda has failed. I have called > mdadm --fail and mdadm --remove on that drive and then pulled the > cables and removed the drive. The RAID array continues to work fine > but in degraded mode. > > I have some questions: > > 1. The block device nodes /dev/sda and /dev/sda1 still exist and the >partitions are still listed in /proc/partitions. > >That causes I/O errors when running LVM tools or fdisk -l or other >tools that try to access/scan all block devices. > >Shouldn't the device nodes and entries in /proc/partitions >disappear when the drive is pulled? Or does the BIOS or the SATA >controller have to support this? > > 2. Can I hotplug the new drive and rebuild the RAID array? Since >removal of the old drive seems not to be detected I wonder if the >new drive will be detected correctly. Will the kernel continue >with the old drive's size and partitioning, as is still found in >/proc/partitions? Will a call > > blockdev --rereadpt /dev/sda > >help? > > 3. Alternativley, I could reboot the system. I have called > > grub-install /dev/sdb > >and hope this suffices to make the system bootable again. >Would that be safer? > > Any other suggestions? > > > urs > signature.asc Description: OpenPGP digital signature
Re: Debian Server (NAT Gateway) Periodically Crashing
Hi, I don't know much about kernel debugging myself, but this looks like something to report. Take a look at [0] on how to do that. Regards /peter [0] https://www.debian.org/Bugs/Reporting Am 07.07.2016 um 08:38 schrieb Christian Harris: > Hello All, > > I am hoping to get some help with one of my virtual machines. I am > running a KVM host with several virtual machines provide internet > services to a small network. The gateway machine is a Debian 8 minimum > install that was updated to 8.5. > > user1@gateway:~# sudo lsb_release -da > No LSB modules are available. > Distributor ID: Debian > Description:Debian GNU/Linux 8.5 (jessie) > Release:8.5 > Codename: jessie > user1@gateway:~# sudo uname -a > Linux gateway 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08) > x86_64 GNU/Linux > > Minimal additional packages are installed, only enough to support a NAT > gateway. > > Periodically, the vm experiences a kernel Oops and crashes, taking down > internet access for the network. This is the only vm that is crashing, > the other VMs (based off the same minimal install, updated to 8.5, > minimum software installs) have uptimes of 100+ days. This VM seems to > crash every few weeks. > > I managed to somewhat stabilize the internet connection by enabling > crash dumps and automatic reboots with instructions from here: > https://www.bentasker.co.uk/documentation/linux/312-installing-and-configuring-kdump-on-debian-jessie > > All is well as mostly. The machines reboots after a crash dump, so there > is minimum impact to the network. But occasionally, the PPPOE fails to > redial after a reboot :-< Aside from the PPPOE issue, I figured I would > try to get to the root of why the vm is crashing to begin with. However, > I am not developer and have no idea how to interpret the crash dump. As > much as I can tell, there swapper/0 process caused the dump with > instruction put_page+5. I have no idea what that means. > > Any assistance as to why this host is crashing would be helpful. The > only thing this host is doing is serving as a NAT gateway. I have having > no problems with any other VMs with the same basic OS load. > > As a start, I at least got the log and bt from the crash dump. I can > provide additional crash info if needed (and givent he commands). > > user1@gateway:/var/crash/201607040851# sudo crash kernel_link > dump.201607040851 > ...version info removed... > KERNEL: kernel_link > DUMPFILE: dump.201607040851 [PARTIAL DUMP] > CPUS: 1 > DATE: Mon Jul 4 08:51:23 2016 > UPTIME: 4 days, 13:17:27 > LOAD AVERAGE: 0.00, 0.01, 0.05 >TASKS: 67 > NODENAME: gateway > RELEASE: 3.16.0-4-amd64 > VERSION: #1 SMP Debian 3.16.7-ckt25-2 (2016-04-08) > MACHINE: x86_64 (1596 Mhz) > MEMORY: 2 GB >PANIC: "Oops: [#1] SMP " (check log for details) > PID: 0 > COMMAND: "swapper/0" > TASK: 8181a460 [THREAD_INFO: 8180] > CPU: 0 >STATE: TASK_RUNNING (PANIC) > > crash> bt > PID: 0 TASK: 8181a460 CPU: 0 COMMAND: "swapper/0" > #0 [88007fc039c8] machine_kexec at 8104c0a2 > #1 [88007fc03a18] crash_kexec at 810df7da > #2 [88007fc03ad8] oops_end at 81016228 > #3 [88007fc03af8] no_context at 8150b172 > #4 [88007fc03b38] __do_page_fault at 810571c0 > #5 [88007fc03c30] async_page_fault at 81516a58 > [exception RIP: put_page+5] > RIP: 8114a935 RSP: 88007fc03ce8 RFLAGS: 00010206 > RAX: 0030 RBX: 88007974f4c0 RCX: 7974f400 > RDX: RSI: fe01 RDI: > RBP: 0001 R8: 8000 R9: 880036c500b0 > R10: 6db6db6db6db6db7 R11: 1600 R12: 880079a35d00 > R13: 0049 R14: 88007974f220 R15: 88007971bb00 > ORIG_RAX: CS: 0010 SS: 0018 > #6 [88007fc03ce0] ip_finish_output2 at 81459756 > #7 [88007fc03d20] ip_fragment at 8145a1c8 > #8 [88007fc03d98] ip_finish_output at 8145a9d4 > #9 [88007fc03dd8] __netif_receive_skb_core at 8141f1a3 > #10 [88007fc03e28] netif_receive_skb_internal at 8141f42f > #11 [88007fc03e48] virtnet_poll at a00375aa [virtio_net] > #12 [88007fc03ed0] net_rx_action at 8141f7b0 > #13 [88007fc03f20] __do_softirq at 8106c6a1 > #14 [88007fc03f78] irq_exit at 8106ca75 > #15 [88007fc03f80] do_IRQ at 81517822 > --- --- > #16 [81803e48] ret_from_intr at 8151566d > [exception RIP: native_safe_halt+2] > RIP: 81051c12 RSP: 81803ef0 RFLAGS: 0246 > RAX: 8101c8b0 RBX: 0086 RCX: 81855220 > RDX: RSI: RDI: > RBP:
Re: Bash command completion
No, chsh changes the login shell for the user within /etc/passwd. It won't affect any currently active shells. What happens when you do an /bin/bash --login That should start a login shell. If you still only get the tab character, check if you've got the line set -o vi in /etc/profile, /etc/bash*, ~/.profile, or ~/.bash* anywhere. Am 07.07.2016 um 07:14 schrieb Glenn English: > >> On Jul 6, 2016, at 10:38 PM, Peter Ludikovsky <pe...@ludikovsky.name> wrote: >> >> After an chsh, you have to log out & in again. > > I thought of that -- I logged out and back in, no joy. I rebooted, same thing. > > I wasn't too surprised. I assumed that rebooting the machine would just put > stuff back the way it was. And that the problem was with the scripts in the > user directories. > > That wasn't it, and I was working on the wrong things. Lisi's insight led me > to this afternoon's solution. And deloptes came up with another very > interesting thought (which I haven't investigated yet). > > Does chsh change things for good -- in passwd or in a shell var or a link? I > thought it just started a shell, as if it was just starting a new program. > signature.asc Description: OpenPGP digital signature
Re: Bash command completion
After an chsh, you have to log out & in again. Am 07.07.2016 um 00:17 schrieb Glenn English: > >> On Jul 6, 2016, at 4:06 PM, Lisi Reiszwrote: >> >> So have you followed the suggestion to test whether it is in fact bash that >> you are in fact using? > > Yes. And I wasn't -- it was dash. > > So I: > > 'chsh -s /bin/bash' > 'ls Do\t' > > and got a tab. > >> lisi@Tux-II:~$ echo $SHELL >> /bin/bash >> lisi@Tux-II:~$ > > I'll try your codelet. Before and after chsh... > signature.asc Description: OpenPGP digital signature
Re: proper way to handle NFS for laptop ?
autofs will handle both issues just fine. 1. autofs disconnects a mount if there hasn't been any activity for a certain amount of time (default 5 minutes). 2. see above A distributed filesystem might create even more problems, as you'll have to re-sync with the other nodes on reconnect, which -- in the worst case -- might mean syncing almost everything. Regards, /peter Am 18.05.2016 um 17:24 schrieb bri...@aracnet.com: > The obvious issues: > > 1 after sleeping the NFS connection is lost and takes a very long time to > re-establish. I was under the impression that systemd or > -whatever-handles-sleeping- would unmount/remount the filesystem to avoid > this , but apparently that's not the case. Potentially I can fix this with > some sort of sleep-wake script hackery. > > 2 disconnecting the laptop from the network will obviously cause problems. > > The standard suggestion is to use autofs,but I'm unclear as to whether that > will handle case 2. I'm actually not clear on whether or not it will handle > case 1, and in fact have found some discussions that it does NOT. > > The other possibility is to use a distributed filesystem on the laptop. I > actually like that idea the best, but I'm unsure what is available on Debian. > > I looking for some suggestions/recommendations. > > Thank you. > signature.asc Description: OpenPGP digital signature
Re: /etc/init.d/networking does not start everything in /etc/network/interfaces
In /etc/network/interfaces change allow-hotplug eth1 to auto eth1 Regards, /peter Am 17.05.2016 um 14:05 schrieb Gene Heskett: > Greetings all; > > 32 bit Debian wheezy, updated at least daily. > > This fact was brought to my attention because I needed a path to a router > I needed to do a hard reset on, and reconfigure to do my stuff, but my > normal home network isn't on the usual 192.168.1.1 class C, and a hard > reset puts the router back to the 1.1 address. > > So in order to use eth1 as a path to this router, I have to do a separate > > sudo ifconfig eth1 up > > as a sudo service networking restart will not restart the second eth1 > stanza in my interfaces file, starting only eth0. > > Normally the interface is not even graced with a cat5 in the socket, and > ATM it is but the far end of 5 feet of cat5 is laying on the floor. > > Is it possible to make this init.d/networking script start everything it > finds in the interfaces file? > > Cheers, Gene Heskett > signature.asc Description: OpenPGP digital signature
Re: Creating a home network
Not really broke. Eg. the BananaPi Router board comes in at about €75, with 5 Gb interfaces (4 switched) and a 2.5" SATA connector, and runs a minimally adapted Debian called Bananian. Add to that a small powered USB hub, starting at about €10, and some cables, and your total should be at around €100. As for required reading: * Samba * autofs and/or udev to automagically export USB devices via Samba Can't tell you what to do about the USB Hotspot, never used one of those. Regards /peter Am 11.05.2016 um 16:32 schrieb Richard Owlett: > Underlying question: What should I be reading? > > I wish a blackbox which: > > 1. Connects 4 local machines via Ethernet [WiFi shall *NOT* be considered] > A. A desktop with WinXP and multiple versions of Debian > B. A laptop with WinXP Pro SP3 whose reason for existence is running > SeaMonkey. >Historically it is/was my primary machine. Its future is as a > portable. > C. A laptop dedicated to Linux experiments. I have erased the HDD as > many as >ten times in one week ;/ > D. Misc temporarily connected laptops. > 2. It shall provide multiple USB ports in order that a selection of > flash dives > and a 1 TB HDD can be accessed by any machine. > 3. It *SHALL* connect to the internet via a T-Mobile 4G Hotspot Z915 > connected > via USB. The WiFi features have been disabled. I really wanted a USB > cell network > modem. The local T-Mobile outlet was only vendor that didn't try > assaulting me with > their 'smartphone-du-jour' with an atrociously large data plan. this > connection > shall be protected by a firewall. > > How broke will I be? > TIA > > signature.asc Description: OpenPGP digital signature
Re: Zero filling my HDD before installation
Hi, 1) You might want to use "Reply to list", so that all readers can see your answer. 2) Unneeded files are gone, as soon as you format the disk. Same for any malware, aside from the fact that Windows malware won't run on Linux anyway. The only thing possible would be people recovering date from unused blocks, and that is easily mitigated by encrypting the disk if you're concerned enough. At least with dm-crypt and luks _all_ sectors are encrypted, no matter if used or not. Regards, /peter Am 02.05.2016 um 17:50 schrieb Ralph Sanchez: > Heqamilus --- Not an expert, but I've worked with Kali and Backtrack > for quite a while from USB live boot and figure, if I didn't kill > myself virtually while perm logged in as a root user, I should be okay > switching to debian. Plus it's more secure, to me, and better as far > as apt-get programs and what not, imho from research. > > My laptop is two years old, an ASUS model with 280 gig HDD, 4 g ram, > intel I forget processor lol > > NO DVD OR CD DRIVE > > and your saying it will allow me an option for encryption and random > fill before, during or after install?? > > > Peter _ I have multiple reasons to want to sanitize and zero or random > fill my hdd. Multiple copies of unneeded files, things I don't want > people accessing if they would get through my sec, possibilities of > malware/viruses/keyboard logging, etc that will continue to effect my > system. I want a fresh start. And I know you can't be 100% sure, > unless you initiate multiple passes and try to recover your disk using > another system to check, still not 100% sure but better then blind > trust. > > On Mon, May 2, 2016 at 11:41 AM, Peter Ludikovsky <pe...@ludikovsky.name> > wrote: >> Hello & welcome to Linux! >> >> To be honest, I haven't found a good reason to zero any media, unless I >> was decommissioning it and/or selling it. When you create a new file >> system on installation, any new information will overwrite the old one. >> And as soon as it's created, the old file system won't be able to >> interfere with the system anymore. >> >> Besides, with SSDs and some newer HDDs, you can't be sure that there >> won't be something left over in a block that was marked defect and isn't >> accessed anymore. >> >> Regards, >> /peter >> >> Am 02.05.2016 um 17:00 schrieb CD Lexi: >>> Hey everyone. I'm currently looking to switch to Debian from Windows. I >>> used to love windows, but with every upgrade it seems I lose privacy, >>> control and honestly functionality. Sure, there's a lot more I can, if >>> that wasn't mitigated by what windows wants me to do at the time. I >>> should have never even moved on to 10...constantly interrupting or >>> flogging my system to ask me to upgrade in the middle of sensitive work >>> should have been my tip offI digress... >>> >>> My question is this: I know what Zero and Random fills do to a drive, I >>> run them on every USB and Sd/MSD card I buy or retrieve, and everytime I >>> repurpose them. But I've never done this to a HDD and my laptop is my >>> only accessible PC aside from my Galaxy S6. I've backed up all my >>> important documents to multiple cloud locations, so I'm not worried >>> about losing user data. I'm just wandering, is it safe to Zero Fill an >>> HDD before installing Debian from a USB ISO? I know I can boot to the >>> ISO and Zero or Random Fill, or other sani methods from the USB Booted >>> Debian, but will doing this to my hard drive stop me from being able to >>> install from the USB to the HDD? I guess because I've never really >>> messed with the BIOS in windows, aside from neccisity, I'm just worried >>> if I zero fill and for some reason my laptop reboots before the new >>> install, it won't boot from the USB anymore and thus make me have to >>> find another computer from which to install DB. This is probably a >>> rookie question, but better safe then sorry with my first full HDD >>> sanitzation. Thanks!!! >>> >> signature.asc Description: OpenPGP digital signature
Re: Zero filling my HDD before installation
Hello & welcome to Linux! To be honest, I haven't found a good reason to zero any media, unless I was decommissioning it and/or selling it. When you create a new file system on installation, any new information will overwrite the old one. And as soon as it's created, the old file system won't be able to interfere with the system anymore. Besides, with SSDs and some newer HDDs, you can't be sure that there won't be something left over in a block that was marked defect and isn't accessed anymore. Regards, /peter Am 02.05.2016 um 17:00 schrieb CD Lexi: > Hey everyone. I'm currently looking to switch to Debian from Windows. I > used to love windows, but with every upgrade it seems I lose privacy, > control and honestly functionality. Sure, there's a lot more I can, if > that wasn't mitigated by what windows wants me to do at the time. I > should have never even moved on to 10...constantly interrupting or > flogging my system to ask me to upgrade in the middle of sensitive work > should have been my tip offI digress... > > My question is this: I know what Zero and Random fills do to a drive, I > run them on every USB and Sd/MSD card I buy or retrieve, and everytime I > repurpose them. But I've never done this to a HDD and my laptop is my > only accessible PC aside from my Galaxy S6. I've backed up all my > important documents to multiple cloud locations, so I'm not worried > about losing user data. I'm just wandering, is it safe to Zero Fill an > HDD before installing Debian from a USB ISO? I know I can boot to the > ISO and Zero or Random Fill, or other sani methods from the USB Booted > Debian, but will doing this to my hard drive stop me from being able to > install from the USB to the HDD? I guess because I've never really > messed with the BIOS in windows, aside from neccisity, I'm just worried > if I zero fill and for some reason my laptop reboots before the new > install, it won't boot from the USB anymore and thus make me have to > find another computer from which to install DB. This is probably a > rookie question, but better safe then sorry with my first full HDD > sanitzation. Thanks!!! > signature.asc Description: OpenPGP digital signature
Re: [ A little off topic] Best e-mail client for Android
Reference: https://en.wikipedia.org/wiki/K-9_%28Doctor_Who%29 Am 12.04.2016 um 02:40 schrieb li...@rickv.com: > On Mon, Apr 11, 2016 at 04:44:50PM +0200, Siard wrote: >> Byung-Hee HWANG: >> I really hate K9-Mail's logo. >> Looks like a severely battered blind dog. >> That's why I go for Kaiten. > > Glad you said that -- I don't like the dog either. I don't get the > reference, so Kaiten's postbox makes more sense. > I bought Kaiten too, but after it stopped getting updates and support, I > switched back to K-9. You know in a lot of ROMs and I think even > launchers, you can change an app's icon? That's what I do; install both > apps; change K-9's app icon to use Kaiten's icon; uninstall Kaiten but > keep the icon with K-9. 100% cosmetic stupidity, but it makes me > slightly happier. > signature.asc Description: OpenPGP digital signature
Possible bug, unsure of where to report against
Hello, I'm currently experimenting with a VM running Debian 8 on top of a ZFS root, and noticed a kernel panic occurring on shutdown. The bug happens only when * /boot (ext3) is mounted * the machine is shutting down It does not happen when * /boot is unmounted OR * the machine is rebooting My question is: against which package should I report this bug? linux-image? e2fslibs/e2fsprogs? systemd? Something else? Regards, /peter signature.asc Description: OpenPGP digital signature
Re: iceape availability
That is more than risky. 1) Iceape is EOL since 2013: https://www.debian.org/security/2013/dsa-2819 2) While Ubuntu is based on Debian, there's (sometimes) a huge difference in the software releases shipped: * libc6: 2.11 (Debian 6) vs. 2.21 (Ubuntu 15.10) * libssl: 0.9.8o vs. 1.0.2d * libgtk: 2.20.1 vs 2.24.28 So there's a good chance iceape won't even install, and if it does, you might experience strange behaviour, or nothing at all. Regards, /peter Am 25.02.2016 um 16:27 schrieb Bret Busby: > On 25/02/2016, Peter Ludikovsky <pe...@ludikovsky.name> wrote: >> Hello, >> >> Yes, and no. You can run `apt-get -d install iceape`, and it will >> download the package, and the missing dependencies, to >> /var/cache/apt/archives/. However, if you want to install something on a >> machine without internet access you might be better off with apt-medium >> [1], although I never used that. >> >> And I'm sorry, but I don't understand your second question. I assume >> that you think that the security repository is independent of the >> others, but that's not so. A Debian installation usually uses 3 >> repositories together: >> * A "base" repo, containing the release packages >> * A "security" repo, containing security fixes for those packages >> * An "updates" repo that serves updates for non-security relevant bugs >> >> As always, we might be able to better help you if you can give us a >> description of what you want to do. >> >> Regards, >> /peter >> >> Am 25.02.2016 um 09:32 schrieb Bret Busby: >>> On 25/02/2016, Peter Ludikovsky <pe...@ludikovsky.name> wrote: >>>> Hello, >>>> >>>> Searching for a single .deb & trying to install that is the way >>>> proprietary systems handle it. With Debian, and most other Linux >>>> distros, there's repositories, and tools to handle dependencies. Open a >>>> command line / terminal and enter >>>> sudo apt-get install iceape >>>> >>>> It will pull iceape, and all dependencies, from the Debian repos, and >>>> install them. >>>> >>>> Updates are handled similarily. >>>> >>>> Regards, >>>> /peter >>>> >>>> Am 25.02.2016 um 07:08 schrieb Bret Busby: >>>>> Hello. >>>>> >>>>> I searched for a .deb package, for iceape, so that I could download >>>>> the package for the iceape suite, to try to install it. >>>>> >>>>> Ahat I found, is apparently submerged in a "security pool". >>>>> >>>>> I found that what is apparently provided as the iceape suite .deb >>>>> package, is just something that has endless unsatisfiable >>>>> dependencies. >>>>> >>>>> Is an installable .deb package for the iceape suite, available? >>>>> >>>> >>>> >>> >>> Is there a way (a switch for the apt-get command?) to download all of >>> the dependencies? I have looked at man apt-get, and, that has an >>> option "download" (as opposed to install or find), but I could not >>> find, from the man entry for apt-get, how to download the package and >>> all of its dependencies; that is, to download the particular package, >>> and, its dependency packages, so that they can be stored, and, >>> installed (or, tried to be installed) on different systems as wanted. >>> >>> Also, does a means exist, for specifying a particular repository for >>> only the particular instantiation of the command, so that, for >>> example, as iceape is only in the security pool repository, to specify >>> only for the installation of iceape (or, if it can be done, for the >>> download of iceape and its dependencies, to a directory on the >>> computer), the particular repository path? >>> >>> >> >> > > Okay. > > Explicitly, what I want to try to do, and, the reason that I want to > know whether the repository can be specified for only, and, limited > to, a single instantiation of a download or install command, is to > try to install iceape on a Ubuntu installation. > > iceape has functionality that seamonkey does not have, and, the > specific functionality that I want, is the primary reason for me > wanting to try this. > > I do not know whether iceape and seamonkey can be concurrently > installed on the same system. > > With the LTS for Debian 6 (which I believe to be the latest version > operating system for which iceape is an available package), due to end > on Monday, I want to try an installation on a system, to install > iceape on a new installation of UbuntuMATE 15.10, so that I would > install UbuntuMATE on the system, and then try to install iceape. > signature.asc Description: OpenPGP digital signature
Re: iceape availability
Hello, Yes, and no. You can run `apt-get -d install iceape`, and it will download the package, and the missing dependencies, to /var/cache/apt/archives/. However, if you want to install something on a machine without internet access you might be better off with apt-medium [1], although I never used that. And I'm sorry, but I don't understand your second question. I assume that you think that the security repository is independent of the others, but that's not so. A Debian installation usually uses 3 repositories together: * A "base" repo, containing the release packages * A "security" repo, containing security fixes for those packages * An "updates" repo that serves updates for non-security relevant bugs As always, we might be able to better help you if you can give us a description of what you want to do. Regards, /peter Am 25.02.2016 um 09:32 schrieb Bret Busby: > On 25/02/2016, Peter Ludikovsky <pe...@ludikovsky.name> wrote: >> Hello, >> >> Searching for a single .deb & trying to install that is the way >> proprietary systems handle it. With Debian, and most other Linux >> distros, there's repositories, and tools to handle dependencies. Open a >> command line / terminal and enter >> sudo apt-get install iceape >> >> It will pull iceape, and all dependencies, from the Debian repos, and >> install them. >> >> Updates are handled similarily. >> >> Regards, >> /peter >> >> Am 25.02.2016 um 07:08 schrieb Bret Busby: >>> Hello. >>> >>> I searched for a .deb package, for iceape, so that I could download >>> the package for the iceape suite, to try to install it. >>> >>> Ahat I found, is apparently submerged in a "security pool". >>> >>> I found that what is apparently provided as the iceape suite .deb >>> package, is just something that has endless unsatisfiable >>> dependencies. >>> >>> Is an installable .deb package for the iceape suite, available? >>> >> >> > > Is there a way (a switch for the apt-get command?) to download all of > the dependencies? I have looked at man apt-get, and, that has an > option "download" (as opposed to install or find), but I could not > find, from the man entry for apt-get, how to download the package and > all of its dependencies; that is, to download the particular package, > and, its dependency packages, so that they can be stored, and, > installed (or, tried to be installed) on different systems as wanted. > > Also, does a means exist, for specifying a particular repository for > only the particular instantiation of the command, so that, for > example, as iceape is only in the security pool repository, to specify > only for the installation of iceape (or, if it can be done, for the > download of iceape and its dependencies, to a directory on the > computer), the particular repository path? > > signature.asc Description: OpenPGP digital signature
Re: iceape availability
Hello, Searching for a single .deb & trying to install that is the way proprietary systems handle it. With Debian, and most other Linux distros, there's repositories, and tools to handle dependencies. Open a command line / terminal and enter sudo apt-get install iceape It will pull iceape, and all dependencies, from the Debian repos, and install them. Updates are handled similarily. Regards, /peter Am 25.02.2016 um 07:08 schrieb Bret Busby: > Hello. > > I searched for a .deb package, for iceape, so that I could download > the package for the iceape suite, to try to install it. > > Ahat I found, is apparently submerged in a "security pool". > > I found that what is apparently provided as the iceape suite .deb > package, is just something that has endless unsatisfiable > dependencies. > > Is an installable .deb package for the iceape suite, available? > signature.asc Description: OpenPGP digital signature
Re: Cannot install Mono Develop on Debian
Hello, Does it work using the standard way for Debian? # apt-get install monodevelop Since with the first way you already verified it's in the repositories, why go the proprietary way of things, instead of using the power of Linux distributions? Regards /peter Am 21.02.2016 um 20:49 schrieb johny jj2: > Hello, > > I cannot install Mono Develop on Debian. > > * First way > > Package downloaded from here > (https://packages.debian.org/jessie/all/monodevelop/download) does > not work because of this error: > > Cannot install 'libglade2.0-cil'. > > The details (Lintian output) were as follows: > > W: monodevelop: debian-news-entry-has-unknown-version 0.18.1-1 E: > monodevelop: debian-copyright-file-uses-obsolete-national-encoding > at line 23 W: monodevelop: manpage-has-errors-from-man > usr/share/man/man1/mdtool.1.gz 104: warning: macro `/'' not > defined E: monodevelop: menu-icon-not-in-xpm-format > usr/share/icons/hicolor/scalable/apps/monodevelop.svg W: > monodevelop: script-not-executable > usr/lib/monodevelop/AddIns/MonoDevelop.Autotools/templates/autogen.sh.template > > W: monodevelop: script-not-executable > usr/lib/monodevelop/AddIns/MonoDevelop.Autotools/templates/configure.template > > W: monodevelop: script-not-executable > usr/lib/monodevelop/AddIns/MonoDevelop.Autotools/templates/exe.wrapper.in.template > > W: monodevelop: executable-not-elf-or-script > usr/lib/monodevelop/AddIns/MonoDevelop.XmlEditor/schemas/appconfig.xsd > > W: monodevelop: executable-not-elf-or-script > usr/lib/monodevelop/AddIns/MonoDevelop.XmlEditor/schemas/XMLSchema.xsd > > W: monodevelop: executable-not-elf-or-script > usr/lib/monodevelop/AddIns/MonoDevelop.XmlEditor/schemas/W3C-License.html > > W: monodevelop: executable-not-elf-or-script > usr/lib/monodevelop/AddIns/MonoDevelop.XmlEditor/schemas/xslt.xsd > W: monodevelop: executable-not-elf-or-script > usr/lib/monodevelop/AddIns/MonoDevelop.XmlEditor/schemas/nant.xsd > W: monodevelop: executable-not-elf-or-script > usr/lib/monodevelop/AddIns/MonoDevelop.AspNet/Schemas/readme.txt W: > monodevelop: executable-not-elf-or-script > usr/lib/monodevelop/AddIns/MonoDevelop.XmlEditor/schemas/manifest.xsd > > W: monodevelop: executable-not-elf-or-script > usr/lib/monodevelop/AddIns/MonoDevelop.XmlEditor/schemas/readme.txt > > W: monodevelop: executable-not-elf-or-script > usr/lib/monodevelop/AddIns/MonoDevelop.AspNet/Schemas/W3C-License.html > > Lintian finished with exit status 1 > > * Second way > > These three commands > (http://www.mono-project.com/docs/getting-started/install/linux/#debian-ubuntu-and-derivatives) > > worked so my package repository was updated. But then thing described in > 'Usage' section did not: > > root@myusername:~# sudo apt-get install mono-devel Reading package > lists... Done Building dependency tree Reading state information... > Done Some packages could not be installed. This may mean that you > have requested an impossible situation or if you are using the > unstable distribution that some required packages have not yet been > created or been moved out of Incoming. The following information > may help to resolve the situation: > > The following packages have unmet dependencies: mono-devel : > Depends: libgdiplus (>= 2.6.7) but it is not going to be installed > Depends: libmono-system-design4.0-cil (>= 1.0) but it is not going > to be installed Depends: libmono-system-drawing4.0-cil (>= 3.0.6) > but it is not going to be installed Depends: > libmono-system-messaging4.0-cil (>= 2.10.1) but it is not going to > be installed Depends: libmono-system-runtime4.0-cil (>= 2.10.1) but > it is not going to be installed Depends: > libmono-system-servicemodel-activation4.0-cil (>= 1.0) but it is > not going to be installed Depends: > libmono-system-servicemodel-web4.0-cil (>= 3.2.1) but it is not > going to be installed Depends: libmono-system-servicemodel4.0a-cil > (>= 3.2.3) but it is not going to be installed Depends: > libmono-system-web-extensions4.0-cil (>= 2.10.3) but it is not > going to be installed Depends: libmono-system-web-services4.0-cil > (>= 1.0) but it is not going to be installed Depends: > libmono-system-web4.0-cil (>= 2.10.3) but it is not going to be > installed Depends: libmono-system-windows-forms4.0-cil (>= 1.0) > but it is not going to be installed Depends: libmono-cil-dev (= > 4.2.2.30-0xamarin2) but it is not going to be installed E: Unable > to correct problems, you have held broken packages. > > Similar thing for the second package in 'Usage'. > > How to install Mono Develop (for C# development of Android apps) > on Debian Linux? > > Thank you! signature.asc Description: OpenPGP digital signature
Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 More or less. What I wouldn't agree with is locking the root account completely, because, like Thomas said, you'll be locked out should you ever be dropped to a rescue shell due to an hardware error. Regards, /peter Am 17.02.2016 um 15:56 schrieb Tom Browder: > On Wed, Feb 17, 2016 at 8:23 AM, Peter Ludikovsky > <pe...@ludikovsky.name> wrote: >> -BEGIN PGP SIGNED MESSAGE- > ... > > Thanks, Peter. Do you agree with Darac's solution? > > Best, > > -Tom > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWxJEkAAoJEM+6Ng5pbtyZgCAP/2a9hxEmLEFwaMTdR4+EwTso ZAMjRtrVGGMg/scVy5OFit5VLgsyAlv3bOvG2xoyOCN2C7b8TGQ0I5KIC4ycA3fI hK1tKCiifm3hsJHjhFAy0QghlykxKuaBqY1/k2cDC4ZtfOdFlvPe15ngaL5JqCP2 PEbCgYU5hDeG0IdMw+t979DizWmPb/YtrJwB7r5o6cDUdxcApANVgLle5sI+FdUs +kVy7OELKT+vNFwXupwL8AvuIT/igE2irHm8OvChHXg8BUQ3tbmVqGGIaU6KjZuE UYEK2R75X4XgrewF4PpQPMy+WbKzjBi7ezOp6bXzZ3U0JN8VdIuZ9WSMTE7kTdQB gMHVCQzch/VsRHbZ4DvHtL/rOhPl0JC40xDwcci8I+ua1jcoRJ1doyRNxu5nzdlV itA1qcojPpj/50RsLELzsL140pg6y9Ne1KCV2jw+bJ9WrXZm2Ak7aJ8oYa5UcRUS YJGW85SiKINmFq3Y05AHkQYU/fSqb2EkGkJBUKwVTchZe57h2vkggH3HlpS63cMr zUKQEo2JfrenvvvkJdXKuA2MOks9xITlSbApKV/vkhgdjx6xPYv6+OuRvhZg/QhJ 8cuCSukwOpAKVhElXEIpRs5/yZFxyZ/B07yWRmjBT0PEpBFtfkH4FnSc5m6X78SQ F9zUUMtJ/QWehfi6l3p8 =i2K+ -END PGP SIGNATURE-
Re: Debian security: need recipe for blocking root ssh access AND all ssh password access
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, The first requirement is simple. Add the line PermitRootLogin no or change it accordingly, and reload the SSH daemon. For the second: do you want to disallow any logins via passwords, or are the to be allowed once to set up the keys? The first is easy, with the line PasswordAuthentication no The latter isn't possible, as far as I know, with the vanilla OpenSSH daemon. Regards, /peter Am 17.02.2016 um 15:08 schrieb Tom Browder: > I have several remote Debian 7 servers and would like to secure it > in the following manner: > > 1. root will not be allowed any external access (access is only via > a user becoming root while logged in) > > 2. after initial setup, no ssh access will be allowed via a > password > > I have seen much documentation on securing such a host, but I > don't want to be an expert--I just need a recipe. > > Many thanks. > > Best regards, > > -Tom > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWxIJrAAoJEM+6Ng5pbtyZc1gP/jjPfucXz7DvaGuAOmiSeKof rBcS+oTU4znY57+whr0cNW+douaH/f7d7Vwcun5b3IUA1EUFHC9G74/CR4bU3XbD aEKeBGIF6eUVw6jE0Sh5aFs6D+AoFePZKurs173azjfgFcveynYv3eSbzWk/e60U KgRwtoSRLQu3wKZLJh/lR4/Ukx+spEvGzGvtc3PdkioT79u3OxdSw/FFm8r0N4qH ifcX2R6hE4HsoVM3QMbEIxhiwbs63+j8Mu0ASfagLsPi1MqKBfLg5Iy1JeV5d1ND plrDFaSRrzfJqNqO8nxwtUxji9ruQ1XkBo3DvdmXc/ZwOiJzNSCM/wvHuTupCq1x gn3WfCEKryAZEmUx092CYFtbTLZ2Bu3A0vOHeFdiC2qGNqB85dicmhpMoouAnzq4 NaWDLJHXB8zdkvUL+zRIkoqACH8sBohogrqbnQAXCtJ+9LRqANdlvKs+F2Dp0eGE GNIU3cscy6RtXYUDVFRFFgwp4oLOx3fE7Lv8EEV8o38KE7v712aNqzsCn8VuirWq KHSoeUPTtD9o/0z4EOXRbMtwEPDgQjsUOHNPR73YNO/EJluNRA7JJ6E2aIkNTF8f RwoWD9GhSi1CKzATn9GuaikejrpVGIFfSvdirVDgTOcuW82wfPiL1yyBhw6Kr2Y4 alA2W8K9y7InpEC1I/Ik =S5IF -END PGP SIGNATURE-
Re: L7 filter and iptables Problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, According to to project site [0] there hasn't been any real development since 2013, which was a patch against the 2.6 kernel line. That kernel line is out of support since mid-2015. I'm afraid the string matching module would be your best bet for now. Regards, /peter [0] http://l7-filter.clearos.com/ Am 01.12.2015 um 08:56 schrieb Muhammad Yousuf Khan: > Hello, > > i am using Debian jessie and I have been trying to work with L7 > filter to block p2p but its not working > > iptables -I FORWARD -m layer7 --l7proto bittorrent -j DROP iptables > v1.4.21: Couldn't load match `layer7':No such file or directory > > Try `iptables -h' or 'iptables --help' for more information. > > can you guys Please help. string match with ip tables is easy but > i am looking to use L7 filter on jessie. all the how-tos are out > dated. example kernel patch etc. > > Please help. > > Thanks, Yousuf > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWXd4OAAoJEM+6Ng5pbtyZAd8P/3vM3gVfiaUcVVdxsNPkRIzb NddWvxnWwYp4DNCHRj5sKAJ4X5DhdqClEysT8eLMBfG+IXLW44mF/M3NBeVsbMAk 5ugH4hlyaIK2Pxh1yIHOCz1uP7yRnj8X6ASp5PxbzBTowmHLynjyka0OnEdg0pR4 hsNvw9RyxPKPuqBTXy37SXGbp8mBmuFbQucaX7G80e8n5reCL9CvLTHKLiQ3BGdc KanmYQjZ7K1/FISuBpl653iiR/Kpb4bfY2x2Nl54Pxs2ueFMwskIqsfGyxU6nSPb Hk9OpDpJlQ14PTxZ2Tw/tvPJIhFqvQshrVD57OvQhgXrda+7o/sz1DbL5djLSAPj b05luaVW9U+88XgAkcNPNZfrohy3JY1EnXPY5n3M83yZZ7QPPlwxc66Nu2PBS/rM B0erP4t0c2tqxpMoewSmlX3Q0qm83IRET9ozSMqoEWbFYho499MR+uyTCkw1YO05 JfHS/4o/t+z9PzHo1h2r0tqij52WcgeD4TSZ8W4MdZxMmwk6w+XOsJYDpY7eX2gt a6IRr5/pgzv6PLWjpXSwj1XCtQUxoZkWS7GPF5qfbBh1/t3hjRe6Hv8MwQPP0oSw LelvMIhii2NVvlPueuSWH46XencEQId66wTkAx02YxP84FMctw7jJl7oljb/JrQ7 EXo9Iaaohz1ZjLSH3+Ht =rHnt -END PGP SIGNATURE-
Re: System craches when browsing a web site
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks for the corrections. To be honest, the install to test this was the first install using tasks I've done in a very, very long time. /peter Am 27.10.2015 um 22:51 schrieb Lisi Reisz: > On Tuesday 27 October 2015 13:30:02 Peter Ludikovsky wrote: >> (Iceweasel is the default for Debian for example) > > It's not. It's desktop dependant. > > Lisi > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWMG4YAAoJEM+6Ng5pbtyZWDQP/inM6hdsX2FDlP7ENpD4t6LD bW5VCk4C4tP/rssXvLamxHKhXR0/s5kFvkU/G8MYita0cfG8+/T5lbrC/PPMX+i2 jU80yuR9VANh2rm8A6poxY100+tMBkzEigxm8jhWGvmCgxzcz1EkfkoUvKy8ueRE zUBa3lLlu1vXcmphWbv4u3xdR10Vo7J5l3qDjhfDvYPZ+3XCI/RbqNQF9CtjSXPL riqelvYJtiq2g6LE1pmojwaBnbws9HlWz/iM7xsn7QNxpJxJnvkASWtfQWZol2tD drpVfKlnXv4WhWu6x9CyXhGREsN/+j2+pjZYg5hLgJ6vZx196ffAfyGKnQo44zRm EocfuIOh1q1lO0srCfs8EFZoZMMSm0f5Q/7vabH53RZSwlJwn7b+QhbwKYTLln3N WbAWh7lgdZGOONDtztEpTohxSGUuSjPYAoSDM3yHihPe8p+6WhMkR1mqsHV+VZWS XqcEQcRiQk+fo0FhyfJnVMsgWcVdU56RKQBhqp0kQE/wowZ2sxAMJai5ZZFkXY8O SOmvOOaFMBPtYrzcqVJGO4Ptl0rmIMw0wmSc5JdC2N47pZmx5TReJGPfKxxTkJkk AVHD/cfPxd2kEXXUbpE/kAPtXDai4Ndk4IFMTuDvH9kLJmxT2jWbg6glS5Qx0Yga IEwdoJMZrG6VWM1we3qD =CdTo -END PGP SIGNATURE-
Re: System craches when browsing a web site
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, This is not a bug with Debian in particular, but with Epiphany in general. I could reproduce a similar behaviour, but managed to kill the browser process before the system became completely unresponsive. I suggest you file a bug report with the Gnome team: https://bugzilla.gnome.org/enter_bug.cgi?product=epiphany Regards, /peter Am 26.10.2015 um 16:40 schrieb Abou Al Montacir: > Dear All, > > I tried to browse the following site multiple times using epiphany > browser, and each time it makes my hole system crash. Only > poweroff/poweron can recover. https://www.blinq.com/ > > While I can understand that epiphany does not support some features > and craches, I don't understand that the system itself craches. I > was not even bean able to user ctrl+alt+F1 to kill the process. I'm > using 16GiB ram + 32MiB swap, so I don't think this is memory > issue. > > Can you please advise if I need to fill a bug against general? > > PS: Please copy me as I'm not subscribed. > > -- Cheers, Abou Al Montacir > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWLzfzAAoJEM+6Ng5pbtyZGo8P/Aq5Bnb730q4g6/3bxnHbt1z gTLgl2lxKZNVS4awjhZfbLskAAIN+WZcLQtQNZPSaCVZrGEZxYDavo8QCztMr9mT t1IZYXgw7aPozKeTm+tuEHIKtS4U5nsbF9Yylg1txyBjRpwgry322VN5fKSNcJJS bIoVVzlZ8EGG0x8tggzgFwkUWoyj0Ry4/Nc2qohwiKaom+1gxBir92etpIqlqXD9 3wB84c/ZxvgD5puAH4o2Y1dojJckyZomHihvojmD532aQE3u0aIshbFIeQipmb6+ BPyiKHFceL4Lj2pWVJoTLKe+XqJZCQc7WJFsFF1S25XIirKMP6caRyzB9APyeN4G xX1aOipDQ1f/aPzItBhM+KAlxQZsXR+C2MWiXzP3eqCiX4SVfspM7v2CkY26K++s Qtk10r48FSDp64iW5XT/q8YLu+VQ400huv6Dy52S1gT9AchdTKZmQMFDaGIY9mxh dCGUUDkUws2o8EAcFHUp2Qmq6YQnNTdHNaQ8zzcYuBCJkmcNfhjT0KgIu9HbesOL oBvaCo3b+e0KAF88do5c8npE64qQKXa2g7STQGKP9gAIvtrwKPWhD2ee+7mi5UPK vSgfHeeHzdn8qzTFJee21KGcQTIv0Xttf0T1imH2cFBVg6Jvd89+ztgZhhaxVgQZ g+h44ZkquZzW/Ywm7Mlk =HvPV -END PGP SIGNATURE-
Re: System craches when browsing a web site
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I've looked into that issue a bit futher, and as far as I can test within the confines of a VM I can say that 1) I can still access the TTYs and 2) the OOM killer removes the offending process as soon as both RAM and Swap is full. Since your Swap is rather large it takes a long time to fill up, during which time the system constantly has to swap in and out programs you might be using. Aside from the obvious issue here you've apparently made a conscious effort to switch the system browser, as Debian by default installs Iceweasel, not Epiphany. That means it's not a combination that the Debian QA team had high on their list of priorities. Why is that important? You lament that you switched to Debian from another OS because you wanted stability. Given the high number of different DEs, browsers, mail clients, chat programs, ... in any given distribution the QA team can only test certain combinations, and make those as stable as possible. Since the browser from the GNOME project isn't included with the GNOME default install I'd wager it was exchanged because of bugs like this. But the system stability didn't suffer. The OOM killer removes the offending browser process once the memory is used up, and the system doesn't die. Once that happens, everything else is back to normal. Even a bug in the GUI can't (usually) kill the whole system. If you really want to protect yourself from issues like that in the future, either switch to a better maintained browser (Iceweasel is the default for Debian for example) and/or set a hard memory limit through limits.conf or control groups. Regards, /peter Am 27.10.2015 um 10:05 schrieb Abou Al Montacir: > On Tue, 2015-10-27 at 09:38 +0100, Peter Ludikovsky wrote: >> Hello, >> >> This is not a bug with Debian in particular, but with Epiphany >> in general. I could reproduce a similar behaviour, but managed to >> kill the browser process before the system became completely >> unresponsive. >> >> I suggest you file a bug report with the Gnome team: >> https://bugzilla.gnome.org/enter_bug.cgi?product=epiphany >> >>> > Thank Peter for you answer and you test. > > I fully understand that there is a bug in epiphany browser and that > one shall be reported both against the package as I consider this > serious and against the upstream bugzilla. > > That is not the point I want to discuss, but rather shall I open a > bug against general as the system is supposed to be robust enough > against any buggy user program. This particular capability of > Unixes system that make it possible for multiple users to share the > same computer, but also for the same user to ensure no program is > jeopardizing the others. > > Isn't Linux kernel supposed to care about this kind of issues? In > the past I knew that if a program was trying to allocate too much > memory, more that what the system could, it used to get a > segmentation fault, or similar signals, if a program enters an > infinite while loop it get anyway preempted to let other thread > run... All the nice features that make one migrate from a popular > OS to a nice one! >>> Can you please advise if I need to fill a bug against general? >>> PS: Please copy me as I'm not subscribed. > > -- Cheers, Abou Al Montacir -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWL3xZAAoJEM+6Ng5pbtyZLsgQAJK4J8/J1QQWGpeuKLOLIMLU z/mIszPnIuX5Ouo3vUM7YAcSW07D5cIg/6tuIhu3MiruSAgFNGzeXPergb8m1Tkp nJDOrxrNbhRxBYTmvqZ5mM/JoiErzVmRAw/JHjrpVvOxiJMu0XmAVo3tIre4QUsB MP6hhvu/5yfomP+aad83bhfh75m+zzXLoT3oAw7C9Qh85WfBWHwoC/SCAm5HydKt OImaIAN7eakdsJvprUtZHyM4PNYAT7RUviAlxER6PbaJS3XVOruy46vcUYCuOtxf 449BI2ifwMpHgTzcvgXhYd6qhS51UdSESw+Buo8YBdnGntuDA7nM19Lif+wYI6Qc F37NnfTxKu43L8DpnlFXQOzZ6N5WweNSF96ylMFJn1LxQywPKClMip1dk8uojw0H lr4lDix3JATcenzVWlLzrRfFdHq2yjM47euZ5elZjQI0wAcGdIsGABnBifO7Y6gI AdguQHDojGeCNzYnZCTpksyIIanXfoc3ip7pKEq2ZXPuiIWVlGlAq8cetNT1mXk+ RQPDgTdKlbjqdNf+fwWO9E9vuwKEz8qf40yETztm1Z586FU33EsOZZ3xiY+HNu6N 1gILihmXduF/i2x99Xg0oUPv132H/NmG21lJ+4tWGlTtV+Kc6Z8XaZZ+/gd2poq+ lkykv2JKh2Ap20Vu18F8 =AjMN -END PGP SIGNATURE-
Re: Isn't this a security compromise?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, As a general rule: If someone with malicious intent has had access to your box it ain't yours anymore. But there are some things you can do in order to keep all but the most determined attackers out: * Set a boot password, either in BIOS or (U)EFI * Set another boot password in GRUB2 * Encrypt your disk with LUKS and yet another password In the end it's your decision where on the line between security and comfort you want your box. Regards, /peter Am 14.10.2015 um 06:37 schrieb Himanshu Shekhar: > I searched today about what to do if one forgets his/her linux > password. The following links described the process: > https://pve.proxmox.com/wiki/Debian_reset_root_password > http://xmodulo.com/how-to-reset-root-password-in-debian-ubuntu.html > > These tutorials assume that a person has the possession of > his/her machine which is true for non-mobile devices. But how can > one make sure that the security of laptop/tablet having any distro > of linux is not compromised? > > -- Himanshu Shekhar IIIT-Allahabad IRM2015006 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWHeQkAAoJEM+6Ng5pbtyZGXYP/06tXQIlSNyf31DimDaqJt3l nKpJDSexH0cDK6ziHWHWnCB2IcW6eBIuuOeB2nM1unw0mkaS8s84ORse5Mvt54rF J6RGs+3Z4fUdX+QPTzP4qsUItkoaYUrH603JYMkECP54oghitrfOrzMBQCWOje0i Q0Ic7NdAe25OxZj+HdlMwxNpXF5ac3m58CrWgbZrnurXG1i1I3o96p0qpA+KrxC1 cKNkiGmIlzsHNYyYNKXdwZTJb91sgSV9aZZEPAEO6/SEnnCkHzEoPOyqOabaOJJw c0XGh8mL+weF7BOrBgpGDGFiaFNRsmsc+VPYpp1dbqMMRq81/e+IOhzG/yRyynKp wZbjAOkVa3SLsuHFBHRR4sDasg6OolBZZ/ePyexJ91a79cs9CSpw4/azTyvENxup ZsiBIqVFu3aC9thxVFHZRIiRrnVdAvADgGytBf4oINOsPZhwYOtpfLOGmuVfvXBg YOejVFjlpxOIplLrd1Gf8y+IcFvKqcI1JfbKQF5h7pxp9gcy5AK5AovfGa9Su9dk nStYk40A6v4wssbbyLOQ4chNj1930Iezh0B06AgM2r0rnUHoBb7cK9WV6aDDGDoI EhK3WC4Amu8nnj6UkW9uqLlpGeLP9JSpmMiTctYpyz5mBy0X42vp4WQPGYx6UETm pS4d4sNtElhQsfrWyZWL =Q+zn -END PGP SIGNATURE-
Re: Advertising and commercial services in free software
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, > Lately, I feel that this trust has been violated. Most notably, by > the addition of advertisements to iceweasel's new tab page. > http://timothy.hobbs.cz/iceweasel-ads.png See the "Booking.com" > sponsored link. Apparently, that's a bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787174 > I would like to see an in-depth discussion of where Debian draws > the line when it comes to interaction of packaged software with > commercial services. Iceweasel has, for years now, used google.com > as the default search engine. I doubt few would disagree with that > choice, despite the fact that Mozilla gets paid by Google to make > it that way. As I can speak only for myself as a user: I draw the line at closed source for which there is an open-source alternative with the features I need. > Another interesting example is that of the open source Atom text > editor: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747824 > Atom is, as far as I can tell, mostly a front end to github's > closed source services. Should the DFSG allow open source software > that is merely a thin front end to something closed source? As long as it doesn't require non-free software to work? Why not. After all, someone could integrate it with some open-source front-end, like GitLab or RoundCube. In the case of Atom cited: * The ticket is about the "issue" that not all files contain a license header, which isn't required anyway. * It's an editor/IDE. You could just as well complain that it's possible to create closed source software with it. > Another example is docker.io, which is almost inseparably > integrated with Docker Inc's comercial Docker hub. You said it yourself: "almost". As long as it's possible to create your own images without resorting to closed source repositories I don't see an issue. If you want to completely detach your private cloud from Docker Inc they have release the Registry software as open source: https://docs.docker.com/registry/ Also, would you complain about RedHat for their business model? After all, they too require you to buy a subscription to their open source repositories. Or is it alright if a company wants compensation for their work of curating, testing, and integrating of software? Regards, /peter -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWE1NnAAoJEM+6Ng5pbtyZeWQQALGi9hronXdP6CZoMTZi8no+ 2tWPFMF8/4ysa/1y8TBNvNZonJOF12MM6wUb8lU6B9raOLZfu2sq+Y6DdIotnmAH rnkGxVK8BZCKUmHV6BqFr+98UO/J1ak/tnXZs0vXkf0ZuVfrJGSM5W1HwupsGnfs +HsVw7nLlw6oGLtCU2ml1Ar3UHJZXLrldVghYk3fgqgmygavOJdPt6RLlM5C+0CM umJ1X3PG05MGoTCeHYRaxWHEG9cc3aaLd/lQ0agJHS7ZMZ7xuwEs1zRNH8nzjO4C TgeZxAdgigZ46ZiEPfAJopRckYZLL1QiHoa9iF5ui2FtRelK69tYWZp/LWBIcAqI JSyvalMXJGjr2qHZq55gi4OiLv5W6eSsmGHYnOSjF0f7XLhv9vqgk4UUvnr0kD0V Rk59DcuT8DKd+uF7DycoSmBgTLOIlgdVuQqLR7Su47qpzhw5h6Cd1v3AGSXxeEPu sHy1ADRz6bNIF6u2Iq5K0maG7/1l+JZdJibsdoCKu4BUHOKr3OeGTkp7XfE2FG+8 4HQwZ5+5dBN75/5tEp8jBRpqYHQQGLMa+X7nxVsNVSbhSQEKI5zwspRJr9dxsvZr BGu2aBqCb3vUpHvyiWVrLHV2WCfPMS7bjkoF0pQnh+mhs89NCJ24PcyC2e+wK48W wl0cpwSLk2UtJHAn8a8I =zlOr -END PGP SIGNATURE-
Re: NFS rename sometimes hangs for 15 seconds after upgrade to Debian 8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 28.09.2015 um 18:59 schrieb Mike Kupfer: > Peter Ludikovsky wrote: > >> The big difference happens at packets 58/54 (Deb7/Deb8). For >> Deb7, the RENAME call is immediately answered by an NFS4_OK, >> whereas for Deb8 as the client it's an NFS4ERR_DELAY. I haven't >> seen any reason on the client communication that would explain >> that, however this is far beyond my knowledge of the NFS >> internals. > > The DELAY response in the deb8 trace is likely so that the server > can ask the .3 client to return its delegation, which it does at > packets 56-57. (The .3 client obtained its delegation at packet 39 > as part of the reply to the OPEN op.) > > In the deb7 trace, the other client is .4, not .3. It does not get > a delegation when it opens file2 (see packet 39), so the server > can process the RENAME immediately. > > mike > Hang on, the two traces haven't been made at the same time, but rather separate. As in: * mount the share on 2 machines * create the files on one * cat it on the other * time mv again on the first * umount the share However, the captures omit the mount/umount part, since that doesn't appear to affect the outcome. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWCXahAAoJEM+6Ng5pbtyZJ1IP/3QJi8sJPPfGvLBxwKK8h2lx ywnVGRzZhM90ILND6JjIBXmlgKEdGf6fHxdu9cjLDYri3CzfL/oM2T/X3CPmCn3s 23T8x2P6Yp3jGhR8HgxV/HWlUAt3wKpzfkYiQFGHVmjR78nEE61Do027p/Z2M31E nBy8yNUoINjY0RGfiHVm0zzU+CrPG/CVUmWNFTB+Z9xkz96svqdudttoa5HMEON+ QHzNYtyw2dsg9EI2VxxDe/Uv1MJz7CIy41cTsQCZYaQOhBw+ywExNRww6IZcDg4R QpLNv2Vo2NvQpuENQyqgEgx22opTuKbNLFoCN2DUDWPXhjRN1sqVuWgjWvX3+7X7 et3EqddZRZosjSOSI1sTMfWixQUIvimg9qnlovBh4qzZXmsyPUKC6852qhoHk/IN JyHggEff/u3TeMmJqnyHgI1Gys08kXyCql3DGMyhIii4xJ2bLK//JvyhuGe6JzOn Zo5UQt1nr+M5t0xwCKX0HvpnSbKhC04HDYxaTZ/DAgT9t3yOMFstM0vn8m0M4z2C W3ry8itJf5PP9bWCeI3XbgsZkwrcg57oK4VfXE3hGQjzZQ+Bkina1vLQcDRywcrx 7ENbUQH7QbzmheM/ezzw6Vz+AdRvWwus1CSJ0fqeBTdSU+lDGUKQpLVbtY1yQfvL XK5RL1TmemDp5VkrRDPT =+m/o -END PGP SIGNATURE-
Re: NFS rename sometimes hangs for 15 seconds after upgrade to Debian 8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 25.09.2015 um 14:04 schrieb Vincent Lefevre: > On 2015-09-25 10:11:10 +0200, Peter Ludikovsky wrote: >> My guess is: Due to the rather large wsize/rsize, the clients >> create a rather large attribute cache. As a result, when you cat >> a file on the second machine it updates the atime in the cache, >> but doesn't yet transfer that information to the server. When you >> do the mv on the first machine, the client tries to get the >> current attributes on the files involved, which prompts the >> server to wait until the second client runs into some kind of >> timeout and updates the attributes. Only then is the second file >> "unlocked" to be overwritten. >> >> Further proof of that: when setting noatime as a mount option, >> instead of noac, there's also no delay on the mv. > > Thanks for the explanations. But the second client, though it > doesn't update the attributes immediately, seems to do it quickly > when asked by the server, otherwise the problem would also be > visible on Debian 7 machines. I think that on Debian 8, when the > rename cannot be done immediately, the client retries after 15 > seconds instead of retrying earlier. > > Is this related to the following patch? > > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8478eaa16e701ecfe054b62ec764bc1291b79e19 > > Can't say if it's related. I have, however, managed to capture the related network traffic (see attachments). The big difference happens at packets 58/54 (Deb7/Deb8). For Deb7, the RENAME call is immediately answered by an NFS4_OK, whereas for Deb8 as the client it's an NFS4ERR_DELAY. I haven't seen any reason on the client communication that would explain that, however this is far beyond my knowledge of the NFS internals. Maybe attach that information to your bug report as a point for investigation. Regards /peter -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWCQizAAoJEM+6Ng5pbtyZxBUQAIp/OIHN4SM1N6DnS1GjN31Q 8i0eDFw3PNd/LoFBuQ8CUPK7U1ts8II2z0hBqCSFVj8VGGnxOVgkqYPEh2+Ovz4G 1SkeDmlo79POIwfXIhL8ORG/0svr2bbZ81L4ciFAQyF2xiRLq8Y+fNTgS5qNAjm2 xSFwnno7rXyKkT/U1oufjoCD65u263UpBCYgDeNs/pgbay+q3CEmYJOerd10cue7 fkgzysdRTYKQ9G9LqPsWPspMo+TMxzr415ln0bYcBmN/R0mQx4+lPzZsacSX4Hjh FO5y8j0xyJKUE9BS3dCDW7me9SMQl2fbCoS9eDTs5LocwnvhggVVbtVc1iAHL8te S06Fq8c2Pj5WNQlCP1cY42drJnqYOZdTirk2aAGAdklbRP1CBAvecld2r0vdAHFv 2tvSeyIYNVR5eGDT4tbpx94Dzy/MOM66d1Cxlu5lBk/pPOw1/gHwgxCIeHAXXV1d 5i1OYenFN988JQbr8kpyBwBVBuCK4IiGnOkZRECIdTS1VV6YzlpMH8LeRvKs8OiO t09O8LBoHvA9Zgy7Fz8c3mDlHhcRqJXRH7ArspMM519eFaXaxIzA0o1vQfHUzDB/ yPfVsnX0oCRF9VwfpIMOCg0RJBb/XZB3Iiotou+Uj8QOrcyY0Hw3NBOy1kQjtvUh bGysI2qLKAcggJ3P7k4n =3edq -END PGP SIGNATURE- nfs_deb7.pcap Description: Binary data nfs_deb8.pcap Description: Binary data
Re: NFS rename sometimes hangs for 15 seconds after upgrade to Debian 8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 25.09.2015 um 09:32 schrieb Vincent Lefevre: > On 2015-09-24 14:38:01 +0200, Peter Ludikovsky wrote: >> Other than that, what mount command did you use? Are you mounting >> the share yourself, or is this an fstab or autofs mount? > > autofs > > The only option used in /etc/auto.master is the obvious -o nosuid. > > But the options seem to be the same on Debian 7 clients. > >> Do you have any control over the NFS server, and if so what are >> its settings? > > I could ask the admin, if they are useful for the bug. > >> I did manage to replicate your issue. However, it disappears as >> soon as I sync before the mv, as well as when both the rsize and >> wsize parameters are reduced to 65536, suggesting this has >> something to do with a local cache and/or lock. >> >> Apparently the issue also disappears as soon as both sides have >> noac added to the mount options. > > Did you have to change the server settings to replicate the > problem? > > Note that if I do a "touch" on the target before the mv, the > problem doesn't occur. > No, I didn't have to change anything on the server side. noac is a mount setting for NFS, which basically tells the client not to cache any file/directory attributes, but to ask the server each time. My guess is: Due to the rather large wsize/rsize, the clients create a rather large attribute cache. As a result, when you cat a file on the second machine it updates the atime in the cache, but doesn't yet transfer that information to the server. When you do the mv on the first machine, the client tries to get the current attributes on the files involved, which prompts the server to wait until the second client runs into some kind of timeout and updates the attributes. Only then is the second file "unlocked" to be overwritten. Further proof of that: when setting noatime as a mount option, instead of noac, there's also no delay on the mv. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWBQGeAAoJEM+6Ng5pbtyZel8QAItKpN7wTP527aF06YGYymwQ Ema5V6cQ8dfYHT6dr2YKqCdG+I9TZeg4xeX5i6b8jtrbKqTHuOFK95SfN/dt3FTb 6clEgXndEZP022Mko7C7IGVBsQQIgnc57POywsglcBW3Vkq7FhBualg10S+KnhUw XFeHhW9SFNwY6sjM+r77rvzilMjEnbry/ik8gSzEB9Y/Zak92DzHFVB/mQshgZKG uDuwI3ZY9pRsW8QfxfX4/Ueo6IwtrP3K9eBObifbpiuFzfj8h13+hA4rCp+JYfhb +2lvlngzQH6pArk/cXt/7RkIi7Rr4Baxyn4ZR5viO2HcDBtFszsvWJkwHMl6JO5v 7YeNL0ZuVQiHXZ5XjNKiVnMuyu0cBuzgYA/vOqwkMDbJj5GRZ9g2Mu3BIxHjCI5l xqGJ2Lj3RJpzk5K0y0BYurxxEA2Fr4L2r3OqrChHXzYdU/+sCJ1FRvU+tHK++Vdn CgGxnrWn7nzBo3l1MCmj1KeZgEVzCkBJhJ66AWlNL4EUYEDYowolaNOur1dsT9Ci dxYxWru8YyifEW3zNlBkBJXqu4s2YkTY5J7pS4apYX4jvhrKpFkqtlu/gvTYzLrc PU9W/12VsmBQqLhfIo/1We0iRX/wHNyMSHgI/vvWsuwtlgjcM4ECwNK/M96WLncr 0CuIVjGKpxXxn6FOC4Ey =DNAx -END PGP SIGNATURE-
Re: NFS rename sometimes hangs for 15 seconds after upgrade to Debian 8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 24.09.2015 um 11:46 schrieb Vincent Lefevre: > On 2015-09-23 17:56:30 +0200, Peter Ludikovsky wrote: >> When mounted as NFS3 over UDP: - root@lab1# echo foo > >> file1 root@lab1# cp file1 file2 >> >> root@lab2# cat file2 foo >> >> root@lab1# time mv file1 file2 real 0m0.004s user 0m0.000s sys >> 0m0.000s - >> >> Same with NFS4 over TCP: root@lab1# time mv file1 file2 real >> 0m0.005s user0m0.000s sys0m0.000s >> >> Any special mount options or export options you might be using? > > Here this is NFS4 over TCP: > > filer.lip.ens-lyon.fr:/export/home/vlefevre on /home/vlefevre type > nfs4 > (rw,nosuid,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=140.77.14.11,local_lock=none,addr=140.77.14.5) > > > > Is there any other information I could get? > The most obvious thing: remove the public visible IPs and DNS names. Other than that, what mount command did you use? Are you mounting the share yourself, or is this an fstab or autofs mount? Do you have any control over the NFS server, and if so what are its settings? I did manage to replicate your issue. However, it disappears as soon as I sync before the mv, as well as when both the rsize and wsize parameters are reduced to 65536, suggesting this has something to do with a local cache and/or lock. Apparently the issue also disappears as soon as both sides have noac added to the mount options. Regards, /peter -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWA+6pAAoJEM+6Ng5pbtyZvjEQALFrhCJHmF/JYmAvXncmbBdz PYvSHTbAN9vNzCc4vqzkf4CmhgIVNSrP0WsPE/AHo2BNgpQQIQzfiiTgLGRBJnqT jDctQE/bJYMhk1aw08b/c2l6a7Ykc9R1rXu516ftrBKe9f5fcxFLndjIrtgGP01K 3Tah6v8epDd2t3MDzhABZdn4QB5oWesgcnISJOBsrds8+vfYOKjEYiCNGm7wlduV 8968HXrCWJxNrkyhMmHTpPopFxzk1LZD270zxkUiidA4kDxjcADSCJhP6+Bivv1H h+QhzNZ8NUEYBam+PuL3LhlBFalgvEZGfRF8gULEbjX7umA4b2tLWhgQAraYmiDO arfCrUPkcqv4oB9mldrL1PfhKLzMtz4bQfg3/8u7gBBWnpkFq7JhE9CMQ7oddBBQ rosT9sXsCRneYXfINJ57czof2kca3+5p/nZB7wgANKwD0nFWhFObduZJRnxqNXes jdKNRrGg4oy0HJAMWXUvr/0Oy5iqoWwtGNhx4FHr2W4Lgie8g+YOciLsInsdytCu x5x2EHcIOpVUBkya+xHxD02kk2loWKNh/sIV0RdgKabJ9YhY7srxh6uiPm/SNnvJ 67mpH7ekg5FOFc6njndeq1nXBzp/CX29GM8AnC5no5/Zmqf1qLiXxlTJFvYzZpNS g4oRynIeq5Zd7sD2JoaW =FojV -END PGP SIGNATURE-
Re: NFS rename sometimes hangs for 15 seconds after upgrade to Debian 8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I tried to replicate your problem, but couldn't. When mounted as NFS3 over UDP: - root@lab1# echo foo > file1 root@lab1# cp file1 file2 root@lab2# cat file2 foo root@lab1# time mv file1 file2 real0m0.004s user0m0.000s sys 0m0.000s - Same with NFS4 over TCP: root@lab1# time mv file1 file2 real0m0.005s user0m0.000s sys 0m0.000s Any special mount options or export options you might be using? Regards, /peter Am 22.09.2015 um 15:19 schrieb Vincent Lefevre: > At my lab, with NFS accounts, some machines have been upgraded to > Debian 8, and I get regular hangs on these machines, while they > never occurred before on the same machine and still never occur on > a machine that is still under Debian 7. > > This happens with one of my scripts, which does a lot of "mv", and > more often when the target has just been modified from another > machine. > > A strace showed that it is the "rename" system call that hangs: > > 52026 0.000208 execve("/bin/mv", ["mv", "-v", > "ssh/ssh-reconfigure", "/home/vlefevre/bin/ssh-reconfigu"...], [/* > 112 vars */]) = 0 [...] 52026 0.97 > rename("ssh/ssh-reconfigure", > "/home/vlefevre/bin/ssh-reconfigure") = 0 52026 15.057725 > lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) 52026 > 0.000189 close(0)= 0 52026 0.000175 close(1) > = 0 52026 0.93 munmap(0x7fd5a610b000, 4096) = 0 52026 > 0.79 close(2) = 0 52026 0.000106 exit_group(0) = ? > 52026 0.000307 +++ exited with 0 +++ > > The NFS server isn't particularly loaded. > > Has anyone seen a problem like that? Where does it come from? And > why does it affect only Debian 8 machines? A new bug? > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJWAsuuAAoJEM+6Ng5pbtyZGhMP/2yC/CgWhb5+yvA5jb/pd3sW FwNw1mvH+FQikKVvvPgy5AMO3d2rQafh/fXQlfZRnC0Hu3jXn99K60mV//88KqGm N+axMi5octq8s2zhF/K0/axsiPHAhgo9ggdlcdXE0ekQvgw5gzXJ6hDutnaFTaun gay6HK6Ujp0JuvCxUQzq8uiv5VTPJiT0ftyBAF02dFqO0yBgGhDAt80NUtMGRwZB nuya8pD7EhZH7x0vabnv3935+X0V1bpQhyKHWAbzCMY4Uce2wt0wtR9FEJVOyj4v gQ7WHULo53fYOLdKw5REhgtEDqIFDz6MRsOup28gv7sZBW7/Ps3IbOi06/ovuR3W WWZhYys+F/5Nmt8tKD7XWZfYQ7TnUN35Z1PS0xCK8+cEUWxSbI2OftyVBfI+iRCn W3n0N2cvxyaRfWGwLs5ROO7/g+5xeNH5WiziaNZa5QfFae8j2J8lUIyG8aSZ/Axe n0/HfwfA5vp9IIPVSOgsw+xmjkzCtIOtL+2cWBu5nTixD301hFRSuZCbUsz5f0Sq tDUDzyYKYsUXJ5+YvBktgZ1dKD6nR3TuJdRl70gPJo6RuCxhvfRqHy47qrSOw6qL HfKUZYnlgOMV1ufXLTI9sTq/YcDmJzKD+LDJUlumF88le58w5bq8KeR8uusGySSF wQjgvRlwVkzvDsxm9b0z =CCwk -END PGP SIGNATURE-
Re: upgrading debian 8.1 to 8.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, Updating between point releases is the same as any other update: apt-get update apt-get upgrade Regards, /peter Am 10.09.2015 um 10:17 schrieb Himanshu Shekhar: > i have debian jessie 8.1 on my laptop and wish to upgrade it to > 8.2 without messing with the much configuration i have done and > without losing any of the packages installed. please don't give any > suggestion or method you are not confident of. > > -- Himanshu Shekhar IIIT-Allahabad IRM2015006 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJV8UiqAAoJEM+6Ng5pbtyZaYAP/30dMEmlHLhzkHsaRWYy3YON y6c7AfCeFA9OOseJPQB+ZWpgJYUduh9ek8gQaZQO2lx9dQPIIHD9wAmTrFo7vv4D 2RN23yRLoSBGOEha81fcCGkXRjpmXIVFahgH5XtXJubqSbbEZqwgpMWrcW39O8F+ sDFANjmsw5oymZQeRQQRptW/tsbXW629OIItH5oNutY7eVWcaI/wQ1ziL8OzSYfy XKuUStWDf1rSGaNr09/PDwYmBCyZZM85RTYkgBzXqmonYMWH0keVDCg/TTNWlO4L 9Jw4Kqq5UXtuIyBum0L3nYg2yPOMVjZgbDnztAamjtVAesq0+4SouYz6VipL20w+ J6/BhpY8BqBQeZOjYeyLSv3LZcDrFuryRlNjS0I7vHHPG6mn0lDubNI1EJdHUwlv FzLA53Uw7sXGNTbtPuETlymtVKVtRspBEUtbHZTJuM4xc7W4FeCmVQVX8s5HArax 2ksih1XCQR1JKWhE/1f1f9xeJFolZ5MIM/dcn1W84ckuyK38QySqlR7rFUJOO8Vq PPfeuguSpGszKf+w9dGlLhKmTgZU3IJSBJbPBhwtGn1aK3IETpNb/jzKKAOinzEA lJRCiw7in7xcusogvp/g3wOb581UARV3tWJlSFK5mOhGCOMwFOalRvCLY3xAeEeC Y1yp7SjySUFDEL6j8vAx =OzCm -END PGP SIGNATURE-
Re: Redirecing root emails to a gmail account
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, First of all, use -v -s instead of -sv, as the latter says to set the subject to 'v', and adds an additional recipient Testing. Other than that, can you post your /etc/postfix/main.cf, and/or the relevant parts from /var/log/mail.log? Regards, /peter Am 08.09.2015 um 09:03 schrieb James Allsopp: > Hello, I want to have the root e-mails sent to my gmail account if > possible. I can send email here via commandline > > echo "This is a test." | mail -s Test > > but despite editing /etc/aliases so that root points to the > external address I can't get this to work. > > echo "This is a test.(root)" | mail -sv Testing root > > adding a verbose to the mail command doesn't give any more > details. I tried running newaliases, but that didn't make any > difference. > > Any help would be greatly appreciated. > > James > > -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJV7t5/AAoJEM+6Ng5pbtyZsBQQAJuXnS0qZ5qonTpEiXvAynFx 5ierTpmuLiIez2mlfc52bz0gmQWKBbkPcQBFCuOehkAYB3+56HT4HyIjw2ID/luF eFudNhTSUPd83e5SSEgry1BgpJZltJ6dW65tTrqwJQLdk2Rie0dDwVXSmrhmWXj/ RUUQVXGxEiS8gO4vpmoyZ3INXKuqwh9kn+mGIdk0zTnq5e6GLVtMP3gpD3WHU5JV QFRd0y4cFbYTt1GDuT5BpeiBoQxXZv3jZXL9/Hh+ll6DLAhBpnG6GEIn9uobX8Wv wNoXYyfOefLIDOC7IV2jbHZ2rteA+q8rwQcWq0W67t7Zg46bO/hsNxXpOVUhdGUD 9UOVW3Y28UiW1VplT9imJaI+DWl6WUN233QgxqUB0eorvQR5nK+pOSPvUYb0/IyO 6TSMB0xGmi4MSVm01dU5CipJkQHWVU0XXLOlgAX7ceGnAvNiOSP1Ubm/ldiR5PgD caGq8EXHStQlngwV74lorKS04KfIG8AcRthmjgRT7Bww5H+Z1mWWBGIx8aNWlEDL nuSD43HeKRAb8IHCvtQuWnvygxElp9ZX4i1JYW4yg8hg/qBg9hWoevrJbmh4r/Uw JC8iFmhx9398HxCJ0bMW5Hm0U1l/Up9juZks/OyWDNOvPd8Xry6QrOTRrZ4pBffi lFF9IDxtZZ+3VmsN6K70 =SLx9 -END PGP SIGNATURE-
Re: Problems with php5-fpm/nginx/ownCloud after upgrade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, For documentation purposes, if someone might stumple on this. On debian-user-german it was suggested [1] that a new snippet has been added to nginx for FastCGI [0]. Using that snippet solved my issue. Regards, Peter Ludikovsky [0] Bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762491 [1] https://lists.debian.org/debian-user-german/2015/08/msg00307.html Am 17.08.2015 um 14:31 schrieb Peter Ludikovsky: Hello, Recently, I upgraded my home server from Wheezy to Jessie. Ever since my PHP web stack doesn't work anymore, mostly affecting the ownCloud installation. The problem manifests itself as an empty page served. Software/Versions: * ownCloud 8.1.1, installed from their Debian repo * nginx 1.6.2-5 * php5(-fpm) 5.6.9+dfsg-0+deb8u1 * postgresql 9.4+165 So far I've attempted to enable FPM logging, but the log files remain suspiciously absent or empty. nginx doesn't see an error coming back. If I run ownClouds index.php on the command line I get the source for the login page just fine. Listening in on the FPM port I see that only an empty response is returned. I have attached the scrubbed configuration files for nginx and php5-fpm. Any help is much appreciated. Regards, Peter Ludikovsky -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJV1cZWAAoJEM+6Ng5pbtyZp7QP/2Bw3QLmJwFaNoUwvEp0ar8G ERB66mSNB5pJFQ1+w6RPoV/0s2LpIlDReXuW7diZZrnfw5ozHbLKfB8cxiY1IlRU 23ndx9WBPJjjxjZ1fyxmcxC97WnEUjcF9WrOTRJPK82Ik1H2sYD/4o+wkuB22tYx kkSrCo+GcC64L/BaK1VSetJioLmjNFPQmgexAaUaESIOJSpqMC4RhKvTT47t+142 P8O3floyphFns8y6Mxcr38iDT6reNMOniTlWqxY3WLIFGpjASAJLxJDdSGitcEMU THSq3Mzygx3efYpQhSW0ZPIPgc7Awh5Ye8LbKjsQMVnJib4rBQtFBQpORFE9Gi4g ukFpKHoCNgmboCYyBpCnf8zvjQFjACxZO83DstaTy9vbUzRkycrw2lSD0c4Ir3MH aHI0GYmz9+d99F8uyr+Xg1Bj8ywckL6LU2VP2xg9awTaeJWJ91yltT/dTiR+Y9zX FogD5VrHNt9y9z+dYmY3lYEjvf7p6imLhq0RHzjmLX6eT6kw62/0AcGsQowHL0cb ugXluj8S6dQ/yF38uNvPg53lMGDQAhNPP+p28JAt2xFsBz2iM/irYX6rqPhMLPvw foLtOIJE1bYWkNPSz+vjmYZ/40fvXrnKiU+8bmVnIpU5RmijNNeOouPyHYVFr0cX lVDmmtZ2eQ0x5t6BqJW0 =ianl -END PGP SIGNATURE-
Problems with php5-fpm/nginx/ownCloud after upgrade
Hello, Recently, I upgraded my home server from Wheezy to Jessie. Ever since my PHP web stack doesn't work anymore, mostly affecting the ownCloud installation. The problem manifests itself as an empty page served. Software/Versions: * ownCloud 8.1.1, installed from their Debian repo * nginx 1.6.2-5 * php5(-fpm) 5.6.9+dfsg-0+deb8u1 * postgresql 9.4+165 So far I've attempted to enable FPM logging, but the log files remain suspiciously absent or empty. nginx doesn't see an error coming back. If I run ownClouds index.php on the command line I get the source for the login page just fine. Listening in on the FPM port I see that only an empty response is returned. I have attached the scrubbed configuration files for nginx and php5-fpm. Any help is much appreciated. Regards, Peter Ludikovsky [global] pid = /run/php5-fpm.pid error_log = /var/log/php5-fpm.log include=/etc/php5/fpm/pool.d/*.conf [www] user = www-data group = www-data listen = 127.0.0.1:9000 listen.owner = www-data listen.group = www-data pm = dynamic pm.max_children = 5 pm.start_servers = 2 pm.min_spare_servers = 1 pm.max_spare_servers = 3 chdir = / catch_workers_output = yes php_flag[display_errors] = on php_admin_value[error_log] = /var/log/fpm-php.www.log php_admin_flag[log_errors] = on upstream php-handler { #server unix:/var/run/php5-fpm.sock; server 127.0.0.1:9000; } server { listen *:443; server_name name1.local; server_name name2.local; access_log /var/log/nginx/name1.local/access.ssl.log combined; error_log /var/log/nginx/name1.local/error.ssl.log; root /srv/www/external/; index index.html index.htm; client_max_body_size 1024M; fastcgi_buffers 64 4K; add_header Strict-Transport-Security max-age=31536000; includeSubDomains; if ($request_uri ~ ) { return 444; } location ~ ^/owncloud/core/(js|css|img)(/.*)?$ { alias /srv/www/owncloud/core/$1$2; } rewrite ^/owncloud/caldav(.*)$ /owncloud/remote.php/caldav$1 redirect; rewrite ^/owncloud/carddav(.*)$ /owncloud/remote.php/caldav$1 redirect; rewrite ^/owncloud/webdav(.*)$ /owncloud/remote.php/caldav$1 redirect; location ~ ^/owncloud/(?:data|config|\.ht|db_structure\.xml|README) { deny all; } location / { # The following 2 rules are only needed with webfinger rewrite ^/.well-known/host-meta /owncloud/public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /owncloud/public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /owncloud/remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /owncloud/remote.php/caldav/ redirect; rewrite ^/owncloud/(/core/doc/[^\/]+/)$ /owncloud/$1/index.html; try_files $uri $uri/ index.php; } location ~ ^(/owncloud/.+?\.php)(/.*)?$ { try_files $1 = 404; include fastcgi_params; fastcgi_param SCRIPT_FILEPATH $document_root$1; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; fastcgi_pass php-handler; } location /srv/www/external/owncloud/data { internal; root /srv/www/external/; } location ~ ^/tmp/oc-noclean/.+$ { internal; root /tmp/; } ssl on; ssl_certificate /etc/ssl/certs/name1.local.pem; ssl_certificate_key /etc/ssl/certs/name1.local.pem; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS; ssl_prefer_server_ciphers on; ssl_session_cache shared:name1.local:2M; add_header X-Frame-Options DENY; # ssl_stapling on; # ssl_stapling_verify on; resolver 127.0.0.1 8.8.4.4 valid=300s; resolver_timeout 5s; } signature.asc Description: OpenPGP digital signature