Re: firewall

[lina]

On 4 Jul, 2012, at 14:15, Ralf Mardorf  wrote:

> On Wed, 2012-07-04 at 11:19 +0800, lina wrote:
>> Hi,
>> 
>> I don't know which firewall (http://wiki.debian.org/Firewalls) I should 
>> choose.
>> 
>> Thanks ahead for recommendation, and it will be very nice if you tell
>> me why you recommend this one.
> 
> To answer drily: Test them and report what firewall does protect you the
> best against no attacks. Linux for home usage was safe, is safe, will be
> safe. Yes, it's safe regarding to things I criticize. I don't criticize
> protection per se, I only worry about t much security for nothing.

Ha... I just realized mine is exposed at least in our department.  I can see 
the open ports and the OS.  
Just sometimes wish it can be invisible in some way.  

I tried firehol yesterday.  It's orphed. 

Thanks.
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/1341382519.2110.17.camel@precise
> 


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/b24c45dd-f0fb-47cf-a5ed-2163a377a...@gmail.com

xen hypervisor security update.

[Mauro]

Hello.
In debian squeeze there are several xen security updates:

xen-hypervisor
xen-utils
and so on.

In the debian website there are no information on what are the fixes.
Where can I find them?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cae17a0xs1wss0rapzg8uk154uszn83urb7hx2dejz43d-_n...@mail.gmail.com

Re: xen hypervisor security update.

[Markus Schönhaber]

04.07.2012 09:20, Mauro:

> In the debian website there are no information on what are the fixes.

The information is there.

> Where can I find them?

http://www.debian.org/security/2012/dsa-2501

-- 
Regards
  mks




-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff3ef66.1050...@list-post.mks-mail.de

Re: firewall

[Mika Suomalainen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

On 04.07.2012 06:19, lina wrote:
> Hi,
> 
> I don't know which firewall (http://wiki.debian.org/Firewalls) I
> should choose.
> 
> Thanks ahead for recommendation, and it will be very nice if you
> tell me why you recommend this one.
> 
> Best regards,
> 
> 

I recommend UFW. It's simple to use and does everything what firewall
should do in my opinion.

All commands are like "ufw allow 22/tcp" (allows connections to SSH port).

It also has gui called GUFW.

aptitude install ufw gufw

- -- 
Mika Suomalainen

NOTICE! I am on mobile broadband with very limited time, so I cannot
read emails very much.
The best time to contact me is probably weekends when I have better
connectivity with good luck.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Homepage: http://mkaysi.github.com/
Comment: gpg --keyserver pool.sks-keyservers.net --recv-keys 82A46728
Comment: Public key: http://mkaysi.github.com/PGP/key.txt
Comment: Fingerprint = 24BC 1573 B8EE D666 D10A  AA65 4DB5 3CFE 82A4 6728
Comment: Why do I (clear)sign emails? http://git.io/6FLzWg
Comment: Please send plaintext instead of HTML. http://git.io/TAc0cg
Comment: Please don't toppost. http://git.io/7-VB3g
Comment: Charset of this message should be UTF-8.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP8/FPAAoJEE21PP6CpGcoMrAP/25aBYoVpV89NpzHkf3MCMwo
pIddE3JamyDKQRDBl6Dicv3BMWPu67UX2CgJ02w1FoQKH6rCyxbwRbwDsHibrWwS
G9c6Zk0S9e4LyA+agVsTEYChTDG0O9HwDNT5jTpipb5x0SIqfi9QhNhHAmD5A87b
FdUKnL3T8UjAkyHW/+78v3+WgR5id0qDtM/X7aoeEehyBPOGLIAHYYAYdowTCPeF
AQiLb02a8s88k6UvUDeBhofx8lDGpWOtDAmoZ/LwCAe93l6dMKui8S65mfwBvpFQ
5JbUtqGwmsNFWLaErvt8Df1q9jZVso346jYulD6YRF5i0YOdqzraC/pNHTYo5H2N
fkQR+GZqOLd1SnjcBLyKNjWaey6LI+ltXBnNytGH7CGVxhxN23UqATwTNxdHLgi7
WIrHLQaV/KAeE3xTXaaL1MrzuRFD2CpfId4JdaaGYJvkk7/90uT512eoPfARwrCX
0hFxsd5QJisIOtyBWNOIPWnYL+10gIbtue8BPeJVxMfrrlKoTZsTVHK4akc05Gsh
4wgrxNoA6Nps+gVHaSvpD6vL69EcfY0McOIJYz25fCHfSiH5KbUGIa1XxVKQWN/E
HvZEr0smY4jYneABESfJcG+PF0w/Ujyrc8gGmKyOrhTz/okCNe5oTd5OFnhfWmBP
tUBGQoF5QepoLcUR8XsL
=QfLY
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff3f153.2000...@hotmail.com

Re: xen hypervisor security update.

[Ivan Shmakov]

> Mauro   writes:

 > In debian squeeze there are several xen security updates:

 > xen-hypervisor xen-utils and so on.

 > In the debian website there are no information on what are the fixes.

?

http://debian.org/security/2012/dsa-2501

 > Where can I find them?

Apart from checking http://www.debian.org/security/2012/ (and
http://debian.org/) regularly, one may also subscribe to the
debian-security@ mailing list, which is also available via
Gmane, e. g.:

http://dir.gmane.org/gmane.linux.debian.user
nntp://news.gmane.org/gmane.linux.debian.user/
http://news.gmane.org/gmane.linux.debian.user/
http://rss.gmane.org/messages/complete/gmane.linux.debian.user

and so on.

-- 
FSF associate member #7257


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/86a9zgc782@gray.siamics.net

Re: firewall

[Ralf Mardorf]

On Wed, 2012-07-04 at 15:04 +0800, lina wrote:
> On 4 Jul, 2012, at 14:15, Ralf Mardorf  wrote:
> 
> > On Wed, 2012-07-04 at 11:19 +0800, lina wrote:
> >> Hi,
> >> 
> >> I don't know which firewall (http://wiki.debian.org/Firewalls) I should 
> >> choose.
> >> 
> >> Thanks ahead for recommendation, and it will be very nice if you tell
> >> me why you recommend this one.
> > 
> > To answer drily: Test them and report what firewall does protect you the
> > best against no attacks. Linux for home usage was safe, is safe, will be
> > safe. Yes, it's safe regarding to things I criticize. I don't criticize
> > protection per se, I only worry about t much security for nothing.
> 
> Ha... I just realized mine is exposed at least in our department.  I can see 
> the open ports and the OS.  
> Just sometimes wish it can be invisible in some way.  
> 
> I tried firehol yesterday.  It's orphed. 
> 
> Thanks.

*chuckle* A trillion years ago I used a firewall myself. "Ports" are an
issue, I wasn't able to down- or upload by ftp. BUT, How many serious
attacks did you notice around the last 30 days?

Nobody tried to simply open your DVD drive, let alone really serious
attacks.

Regarding to the security "Linux Land" is "Pony land", there aren't
serious attacks to home computers using Linux and even serious attacks
against Linux server-users usually go /dev/null ... Hard to believe, but
Linux is Pony Land regarding to attacks.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1341387514.2110.29.camel@precise

Re: firewall

[Muhammad Yousuf Khan]

Web base Firewall (IPCOP) very powerful with the addon called BOT
(block out traffice) base on IPtables.

On Wed, Jul 4, 2012 at 12:38 PM, Ralf Mardorf
 wrote:
> On Wed, 2012-07-04 at 15:04 +0800, lina wrote:
>> On 4 Jul, 2012, at 14:15, Ralf Mardorf  wrote:
>>
>> > On Wed, 2012-07-04 at 11:19 +0800, lina wrote:
>> >> Hi,
>> >>
>> >> I don't know which firewall (http://wiki.debian.org/Firewalls) I should 
>> >> choose.
>> >>
>> >> Thanks ahead for recommendation, and it will be very nice if you tell
>> >> me why you recommend this one.
>> >
>> > To answer drily: Test them and report what firewall does protect you the
>> > best against no attacks. Linux for home usage was safe, is safe, will be
>> > safe. Yes, it's safe regarding to things I criticize. I don't criticize
>> > protection per se, I only worry about t much security for nothing.
>>
>> Ha... I just realized mine is exposed at least in our department.  I can see 
>> the open ports and the OS.
>> Just sometimes wish it can be invisible in some way.
>>
>> I tried firehol yesterday.  It's orphed.
>>
>> Thanks.
>
> *chuckle* A trillion years ago I used a firewall myself. "Ports" are an
> issue, I wasn't able to down- or upload by ftp. BUT, How many serious
> attacks did you notice around the last 30 days?
>
> Nobody tried to simply open your DVD drive, let alone really serious
> attacks.
>
> Regarding to the security "Linux Land" is "Pony land", there aren't
> serious attacks to home computers using Linux and even serious attacks
> against Linux server-users usually go /dev/null ... Hard to believe, but
> Linux is Pony Land regarding to attacks.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/1341387514.2110.29.camel@precise
>


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAGWVfMkBFCuWuPS0ef6Z5HG_JtZScAYzm93Mej=6t_yc+yz...@mail.gmail.com

Re: firewall

[Lars Noodén]

On 7/4/12 10:46 AM, Muhammad Yousuf Khan wrote:
> Web base Firewall (IPCOP) very powerful with the addon called BOT
> (block out traffice) base on IPtables.

In some ways it's easier just to work with IPtables directly.

Regards,
/Lars





-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff3f65c.7060...@gmail.com

Re: firewall

[Joe]

On Wed, 4 Jul 2012 15:04:03 +0800
lina  wrote:

> 
> Ha... I just realized mine is exposed at least in our department.  I
> can see the open ports and the OS. Just sometimes wish it can be
> invisible in some way.  
> 

Most ports can be closed by configuration, even the infamous portmap
can be limited to localhost if you're not using it externally e.g. for
NIS or NFS. If you have a standalone Linux machine in a foreign
network, pretty much everything can be closed.

I'd have thought most of the simple firewall frontends would do what
you need. If they are simple to configure, then they tend not to be
very flexible, so if you need the full power of iptables, you have no
choice but to learn to use it. But just to keep out random automatic
attacks, which may or may not be looking for Linux machines in a
Windows network, one of the simple ones should work.

I gave firestarter a go on my workstation, but it didn't really suit me
and is now not under development. The package description suggests gufw
as a modern replacement, but I know nothing about that.

-- 
Joe


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120704090444.3d496...@jretrading.com

Re: firewall

[Muhammad Yousuf Khan]

On Wed, Jul 4, 2012 at 12:53 PM, Lars Noodén  wrote:
> On 7/4/12 10:46 AM, Muhammad Yousuf Khan wrote:
>> Web base Firewall (IPCOP) very powerful with the addon called BOT
>> (block out traffice) base on IPtables.
>
> In some ways it's easier just to work with IPtables directly.

not just easy but i think it is better but for just starting and
understanding i think GUI is a good start.

>
> Regards,
> /Lars
>
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/4ff3f65c.7060...@gmail.com
>


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cagwvfmnen6q5mpja5qtxyb0sann-syazwzjtvn_qok3uze8...@mail.gmail.com

Re: firewall

[lina]

Thanks all.

Actually I even don't know how to check where there was/is attach or not.

I am looking for a firewall is mainly to have some sense of guarantee,
otherwise I will definitely freak out in front of attack.

I will start learning something about iptables.

Just know so little ^_^

Thanks again,

Best regards,


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cag9cjmmgdtnk9blp5p6dv4qerr5dabvcgmmqwzp-nz31-sq...@mail.gmail.com

Re: firewall

[Ralf Mardorf]

On Wed, 2012-07-04 at 12:46 +0500, Muhammad Yousuf Khan wrote:
> Web base Firewall (IPCOP) very powerful with the addon called BOT
> (block out traffice) base on IPtables.

I don't care, but I certain that I know some guys (no women) how
recommend IPCOP too, for good reasons. At least for my usage it's
overdosed. Believing does ... Wow, there's no shortcut for my "new
needs" so simply believe the hype.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1341389813.2110.44.camel@precise

Re: Upgrading to Wheezy (frozen)

[daniele.g]

Camaleón  writes:

> On Tue, 03 Jul 2012 11:35:03 +0200, daniele.g wrote:
>
>> Are already there the release notes for upgrading to Wheezy?
>
> ?
>
> We're still long away from Wheezy release (~6 months?). 
>
> Frozen != released :-)

Yes, you're very right, but, come on, at this point I suppose that it
should be defined if, for example, systemd will replace insserv.

> Anyway, the ongoing "Release Notes" doc is available here:
>
> Http://d-i.alioth.debian.org/manual/
>
> Greetings,

Thank you very much.
-- 
  Anche se a una mucca dai da bere cacao, non ne mungerai cioccolata.
-- Stanislaw J. Lec, "Pensieri spettinati"


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/877guk37xy@father.nostromo.wy

Re: Upgrading to Wheezy (frozen)

[Roger Leigh]

On Tue, Jul 03, 2012 at 10:28:57PM +0200, daniele.g wrote:
> Camaleón  writes:
> 
> > Frozen != released :-)
> 
> Yes, you're very right, but, come on, at this point I suppose that it
> should be defined if, for example, systemd will replace insserv.

It will not.  sysvinit/sysv-rc/insserv will remain the default;
systemd/systemd-sysv will be an optional replacement.


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linuxhttp://people.debian.org/~rleigh/
 `. `'   schroot and sbuild  http://alioth.debian.org/projects/buildd-tools
   `-GPG Public Key  F33D 281D 470A B443 6756 147C 07B3 C8BC 4083 E800


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120704083208.gn4...@codelibre.net

Re: Debian's grub doesn't detect Ubuntu

[Tom H]

On Mon, Jul 2, 2012 at 10:30 AM, Siard  wrote:
> Tom H wrote:
>> Siard wrote:
>>> Mika Suomalainen wrote:

 It seems that Debian's grub can only detect Debian and Windows 7,
 but not Ubuntu.
>>>
>>> First make sure that Ubuntu's /boot/grub/grub.cfg contains a
>>> menuentry for Ubuntu in the section starting with
>>> ### BEGIN /etc/grub.d/10_linux ###
>>
>> os-prober doesn't need "/boot/grub/grub.cfg" in Ubuntu to exist in
>> order to create an entry in the Debian "/etc/grub.d/30_os-prober"
>> section.
>
> I have Squeeze and Wheezy. I uninstalled Wheezy's grub, but then
> Squeeze's grub did not detect kernel upgrades in Wheezy. After
> reinstalling Wheezy's grub, things worked right again.
> That's why I concluded that Wheezy's /boot/grub/grub.cfg is needed.

This hasn't been my experience with grub2 at all. Just in case, I've
just tested in a VM with two disks one with sid and one with quantal.
sid's grub2 recognized and added quantal when (1) quantal's grub2 was
installed and "/boot/grub/grub.cfg" existed (it used the kernel
options in grub.cfg), (2) quantal's grub2 was installed and quantal's
"/boot/grub/grub.cfg" was deleted, (3) quantal's grub* was
uninstalled, (4) quantal's grub* was uninstalled and the first 446 of
quantal's MBR and quantal's bios_boot partition were blanked out with
dd.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOdo=szcp_2olocjauv+zj-nuvco3wpbka0oy_n6f2sujfm...@mail.gmail.com

Re: Upgrading to Wheezy (frozen)

[Tom H]

On Wed, Jul 4, 2012 at 4:32 AM, Roger Leigh  wrote:
> On Tue, Jul 03, 2012 at 10:28:57PM +0200, daniele.g wrote:
>> Camaleón  writes:
>>
>> > Frozen != released :-)
>>
>> Yes, you're very right, but, come on, at this point I suppose that it
>> should be defined if, for example, systemd will replace insserv.
>
> It will not.  sysvinit/sysv-rc/insserv will remain the default;
> systemd/systemd-sysv will be an optional replacement.

I think that it was just a suggestion that certain essential decisions
have already been made.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOdo=SwT-nSQPh-iWcefFG65aAo9bCH7p8POCwHckEzU3=0...@mail.gmail.com

Re: firewall

[Weaver]

> Hi,
>
> I don't know which firewall (http://wiki.debian.org/Firewalls) I should
> choose.

APF (Advanced Policy Firewall)
>
> Thanks ahead for recommendation, and it will be very nice if you tell
> me why you recommend this one.

Easy to configure and comprehensively used by many ISPs.
Other reasons are best summed up here:

http://www.rfxn.com/projects/advanced-policy-firewall/

Regards,

Weaver

-- 


Religion is regarded by the common people as true,
by the wise as false,
and by the rulers as useful.

— Lucius Annæus Seneca.

Terrorism, the new religion.



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/df6f984ff0bbee4965f2835ad4c4f4e3.squir...@fulvetta.riseup.net

Re: UDEV identical devices. How to?

[Budnev Vladimir]

07/04/12 02:29, Andrew Reid пишет:

   If you're set on using udev, it should be possible to find the
devices under /sys somewhere (/sys/bus/pci/...), and query them
for udev-sensitive attributes using udevinfo (or the appropriate
udevadm commands), until you find something that differs between
the two.  Udev certainly can create device nodes, but I am not
an expert on that part.

   But, you may find it simpler to just create static devices.  It used
to be possible to create static devices in /lib/udev/devices -- at
boot-time, the device tree at that location gets copied over to
/dev, and after that, udev runs and does all the magic to create
the dynamic devices.  If you know the right major and minor numbers,
and if they're consistent across reboots, and if there are no
conflicting udev devices, then the right mkdev should work.
It won't appear in /dev until reboot, but the /lib/udev/devices
entries will persist across reboots.

   This is still true in the 2.6.32 kernels ("squeeze"), but
may not be true in the 3.0 series.


Good day to all

I am not sure which list this quistions should be send to so some
overkill maybe.

We have Debian 2.6.32 and DVB cards with two/four tunners on the each
card. We want to assign specific number in /dev/dvb/ tree for each tuner.

The problems is that from udev point of view those devices(tuners) are
absolutely equal(udefinfo gives absolutely identical output), because
tuners are placed in one dvb card.

We'v googled and found that theoretically we can assign numbers in
specific order with using ENV options in udev rules.

Here is a working example which creates symlinks:
# Create a symlinks for both tuners of Kworld device
SUBSYSTEM=="dvb", ATTRS{idVendor}=="1b80", ATTRS{idProduct}=="e399",
ENV{kworld}!="two", ENV{kworld}="two", PROGRAM="/bin/sh -c 'K=%k;
K=$${K#dvb}; printf dvb/adapter_kw1/%%s $${K#*.}'", SYMLINK+="%c"
SUBSYSTEM=="dvb", ATTRS{idVendor}=="1b80", ATTRS{idProduct}=="e399",
ENV{kworld}=="two", ENV{kworld}="one", PROGRAM="/bin/sh -c 'K=%k;
K=$${K#dvb}; printf dvb/adapter_kw2/%%s $${K#*.}'", SYMLINK+="%c"

But we do want devices instead of symlinks, like e.g. /dev/dvb/adapterX

We'v tried such rules, but has no luck:

SUBSYSTEM=="dvb", KERNELS==":04:00.0", ENV{kworld}!="two",
ENV{kworld}="one", PROGRAM="/bin/sh -c 'K=%k; K=$${K#dvb}; printf
dvb/adapter1/%%s $${K#*.}'", NAME="%c", GROUP="video"
SUBSYSTEM=="dvb", KERNELS==":04:00.0", ENV{kworld}=="two",
ENV{kworld}="one", PROGRAM="/bin/sh -c 'K=%k; K=$${K#dvb}; printf
dvb/adapter2/%%s $${K#*.}'", NAME="%c", GROUP="video"

Can someone give an advice how to properly construct rules to assign
devices. It woul be great with an example string :)
Mb we missing some global udev option to enable such constructions?

Tnx in advance.

--
Andrew Reid / rei...@bellatlantic.net


Tnx for pointing to /lib/udev/devices. Following that way we'v found the 
cause.


First we'v created /lib/udev/devices/dvb/adapter0 and populated it with 
mknod with correct major and minor numbers(got them from exicted ls -l 
/dev/adapter0/ output). Rebooted ... Strange, but no effect.major/minor 
nodes in /dev/dvb/adapter0 was not the same as we made in 
/lib/udev/devices/dvb/adapter0/. Ok we created different path 
/lib/udev/devices/adapter0 (without dvb) and populated it the same way. 
Rebooted and everything works as described in articles like "tmpfs /dev 
created then content of /lib/udev/devices/ copied ..etc."


Ok but the problem with /dev/dvb dir looked strange. We'v cleared rules 
in udev/rules.d and we thought that there will be no adapters in 
/dev/dvb but after reboot adapters was added even with no rules in udev. 
Wtf?


And then we faced with random article where was described that dvb 
kernel modules populate /dev/ by themselvs. Tbh it looks for us like 
ugly if-then-else code like "Ohe yeah its up tu udev to populate /dev 
dir... but dvb kernel modules do such thing themselvs...".Ok mb 1000 
other modules and diffferen utils do the same how do peape should know 
that when struggling with udev rules with no result? Mb that should be 
mentioned in manuals? :)


So now seems it's all clear and easy to fix for us. Tnx again for 
pointing the right way.






--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/4ff40f0b.6010...@gmail.com

Re: firewall

[Atıf CEYLAN]

On Wed, 2012-07-04 at 11:19 +0800, lina wrote:
> Hi,
> 
> I don't know which firewall (http://wiki.debian.org/Firewalls) I should 
> choose.
> 
> Thanks ahead for recommendation, and it will be very nice if you tell
> me why you recommend this one.
> 
> Best regards,
> 
> 

I think you don't need anything else than Iptables. You should learn
Iptables if you want to use linux as a firewall. But my suggestion is PF
on BSD. PF is a very powerful stateful firewall. I use PF on FreeBSD and
I show 1-2 million states at attack times. Also my firewall cpu and
memory usage is very low shown (I have 1 cpu and 4GB memory).

If you want to more easy solution than PF+BSD you can use pfsense.
pfsense is web based management tool for PF on FreeBSD. You must do some
settings as manual on terminal but I think pfsense is better solution
for you. 
-- 
M.Atıf CEYLAN


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1341393750.3632.54.camel@debian

Re: firewall

[Muhammad Yousuf Khan]

On Wed, Jul 4, 2012 at 1:16 PM, Ralf Mardorf  wrote:
> On Wed, 2012-07-04 at 12:46 +0500, Muhammad Yousuf Khan wrote:
>> Web base Firewall (IPCOP) very powerful with the addon called BOT
>> (block out traffice) base on IPtables.
>
> I don't care, but I certain that I know some guys (no women) how
> recommend IPCOP too, for good reasons. At least for my usage it's
> overdosed. Believing does ... Wow, there's no shortcut for my "new
> needs" so simply believe the hype.
>

IPcop is a SOHO firewall. with squid, iptables, snort , openvpn and
all the other useful stuff.
BTW due to the GUI limitation i am also moving towards more CLI base.
thats why i join debian list but i am sure for those who are beginners
lina and want to use some open source stuff is quite good option.
there are several other firewalls like pfsence, monowall, utangle, etc
but i found IPCop more easier to configure,


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cagwvfmkt5oq2sty6g4lhwd2dvoelpjscy__-yawojw6yap5...@mail.gmail.com

Re: Backports on Squeeze

[Helmut Wollmersdorfer]

Am 03.07.2012 um 23:02 schrieb Chris Bannister:

[...]


Add backports to your sources, update, then spend some time comparing
your favourite packages, see answer to 2+3. Remember a package may be
backported at anytime, so you may need to check more than once.


apticron with mail-notification?

[...]


I think if you are running a production system, then you should be
intimate enough with the software to know when a new feature is  
wanting

etc, etc.


In my case I adminster a dozen of servers and there are some minor  
problems, which maybe can be solved with backports.


Subscribing mailing lists of critical software isn't always enough.

So it would be nice and less time consuming to be automatically  
informed about new  relevant packages in backports.


Thanks to your comments I will try out a combination of backports in  
the sources.list, pinning and apticron--on a test-server.



Otherwise, it is just wanting to "be up with the Joneses" :)


IMHO stable is good enough on the servers and on my PCs.

If I want the newest of $package, then I first try in a virtual machine.

Helmut Wollmersdorfer


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: 
http://lists.debian.org/8cd402ff-ef00-456e-9320-3456c0195...@fixpunkt.de

Re: aptitude update question

[Darac Marjal]

On Wed, Jul 04, 2012 at 12:47:33AM -0400, Jude DaShiell wrote:
> One thing I read as the end result of some update operations is a certain 
> number of new.  I take it to mean new packages if I'm correct.  What I'd 
> like to know is if any utility exists that can tell me the names of the 
> new packages.  If I can get that much information, I can probably use 
> apt-cache to read the package descriptions for the new packages.

One way to find this out is to start aptitude in it's Curses-UI mode
(just run aptitude with no arguments). You will be shown a window with
two panes, top and bottom. In the top pane, the bar-cursor is in a tree
structure. The first branch of that tree probably reads "New Packages
(nnn)". Press return and the tree will expand that branch to show some
categories (admin, database, devel etc). Move down onto one of these and
press return again; you'll get a list of components (main, contrib,
non-free, etc). Open one of these and you'll see the list of packages in
that component for that category. Repeat as desired.

Alternatively, simply enter "aptitude search '?new'" at a prompt. :)



signature.asc
Description: Digital signature

Re: aptitude update question

[Jude DaShiell]

Thanks much, I'll probably use the command line approach.


Windows Pants: made entirely of patches on patches each with a picture of
a Microsoft Vacuum Cleaner; a computer mouse, or a dollar sign.

Jude 



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/alpine.bsf.2.01.1207040629130.93...@freire1.furyyjbeyq.arg

Re: aptitude update question

[Jude DaShiell]

Just thought of something, would: "aptitude search '?new' '?uninstalled'" 
show the new packages that aren't yet on the system? On Wed, 4 Jul 2012, 
Darac Marjal wrote:

> On Wed, Jul 04, 2012 at 12:47:33AM -0400, Jude DaShiell wrote:
> > One thing I read as the end result of some update operations is a certain 
> > number of new.  I take it to mean new packages if I'm correct.  What I'd 
> > like to know is if any utility exists that can tell me the names of the 
> > new packages.  If I can get that much information, I can probably use 
> > apt-cache to read the package descriptions for the new packages.
> 
> One way to find this out is to start aptitude in it's Curses-UI mode
> (just run aptitude with no arguments). You will be shown a window with
> two panes, top and bottom. In the top pane, the bar-cursor is in a tree
> structure. The first branch of that tree probably reads "New Packages
> (nnn)". Press return and the tree will expand that branch to show some
> categories (admin, database, devel etc). Move down onto one of these and
> press return again; you'll get a list of components (main, contrib,
> non-free, etc). Open one of these and you'll see the list of packages in
> that component for that category. Repeat as desired.
> 
> Alternatively, simply enter "aptitude search '?new'" at a prompt. :)
> 
> 


Windows Pants: made entirely of patches on patches each with a picture of
a Microsoft Vacuum Cleaner; a computer mouse, or a dollar sign.

Jude 



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/alpine.bsf.2.01.1207040631170.93...@freire1.furyyjbeyq.arg

Re: Crontab, Scripting and Syslog (solved)

[Titanus Eramius]

On Mon, 2 Jul 2012 15:47:35 +0200
Titanus Eramius  wrote:

> snip
> 
> > # min hr dom mon dow command 
> > > *   04 *   *   *   /home/titanus/scripts/web-log >> /dev/null 2>&1
> > 
> > That is, every minute during hour 4, on every day of every month
> > (that being every day of the week), the command is run.
> > 
> > Presumably, webalizer writes its output to the same place each time,
> > so that is why you're only seeing the output of the 4:59 run.
> > 
> > Try changing your crontab to read:
> > 
> > # min hr dom mon dow command 
> >   0   04 *   *   *   /home/titanus/scripts/web-log >> /dev/null 2>&1
> > 
> > This will run at 4:00 every day, and is probably what you meant.
> > 
> Yes it is.
> I'll try and set it and return tommorrow.
> 
> Cheers
> 
> 

It works perfect. Thanks for the help :)

Cheers


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120704124712.6ea4b...@asrock.local.aptget.dk

Re: Crontab, Scripting and Syslog (solved)

[Titanus Eramius]

On Mon, 02 Jul 2012 15:07:46 +0100
Chris Davies  wrote:

> Titanus Eramius  wrote:
> > * 04 * * * /home/titanus/scripts/web-log >> /dev/null 2>&1
> 
> > The line runs every morning at 4, and AFAIK, the /dev/-part should
> > redirect all but errors to null.
> 
> No.
> 
> 1. This runs every minute while the hour is 4. If you want the script
> to run only a 4am, you need to specify a zero minute value too
> 
> 2. The ">> /dev/null 2>&1" tells cron to thow away not just errors but
> also all normal output. If you want to lose information written to
> stderr (typically errors), then you need "2> /dev/null"
> 
> 0 4 * * * /home/titanus/scripts/web-log 2>/dev/null
> 
> Chris
> 
> 

Thank you for the corrections, the first part works now, and
the second part will probaly be tested by some future error.

Cheers


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120704125006.55639...@asrock.local.aptget.dk

Re: aptitude update question

[Darac Marjal]

On Wed, Jul 04, 2012 at 06:32:39AM -0400, Jude DaShiell wrote:
> Just thought of something, would: "aptitude search '?new' '?uninstalled'" 
> show the new packages that aren't yet on the system?

I think that, if you've installed a package, it's no longer counted as
new. Additionally, you can configure aptitude with regards to what it
considers new (i.e. new packages since the last download or new packages
since forever?).

Sadly, "?uninstalled" isn't a proper search term. See
http://algebraicthunk.net/~dburrows/projects/aptitude/doc/en/ch02s03s05.html
for the gory details, but for uninstalled you probably need
"!?installed".

> On Wed, 4 Jul 2012, Darac Marjal wrote:
> 
> > On Wed, Jul 04, 2012 at 12:47:33AM -0400, Jude DaShiell wrote:
> > > One thing I read as the end result of some update operations is a certain 
> > > number of new.  I take it to mean new packages if I'm correct.  What I'd 
> > > like to know is if any utility exists that can tell me the names of the 
> > > new packages.  If I can get that much information, I can probably use 
> > > apt-cache to read the package descriptions for the new packages.
> > 
> > One way to find this out is to start aptitude in it's Curses-UI mode
> > (just run aptitude with no arguments). You will be shown a window with
> > two panes, top and bottom. In the top pane, the bar-cursor is in a tree
> > structure. The first branch of that tree probably reads "New Packages
> > (nnn)". Press return and the tree will expand that branch to show some
> > categories (admin, database, devel etc). Move down onto one of these and
> > press return again; you'll get a list of components (main, contrib,
> > non-free, etc). Open one of these and you'll see the list of packages in
> > that component for that category. Repeat as desired.
> > 
> > Alternatively, simply enter "aptitude search '?new'" at a prompt. :)
> > 
> > 
> 
> 
> Windows Pants: made entirely of patches on patches each with a picture of
> a Microsoft Vacuum Cleaner; a computer mouse, or a dollar sign.
> 
> Jude 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: 
> http://lists.debian.org/alpine.bsf.2.01.1207040631170.93...@freire1.furyyjbeyq.arg
> 


signature.asc
Description: Digital signature

Re: firewall

[Eike Lantzsch]

OK, I see that this might be flamebait ...

On Tuesday 03 July 2012 23:19:06 lina wrote:
> Hi,
> 
> I don't know which firewall (http://wiki.debian.org/Firewalls) I should
> choose.
> 
> Thanks ahead for recommendation, and it will be very nice if you tell
> me why you recommend this one.
> 
> Best regards,

It seems that you want a firewall on the computer which you are working with.
As regards to closing unnecessary ports or limiting them to localhost, Joe 
gave good advice already.

Some may call me a security paranoid and a control freak but ...

I'm afraid that learning about IPtables is necessary before one is able to 
appreciate what the higher layer of administration s/w does to it.
A firewall frontend may deceive you into thinking that you have full control 
over the firewall while it does things that the frontend developer THINKS you 
want - but do you?
e.g. For some years I was using Webmin to maintain my servers until it did 
atrocious things to my Samba configuration. Now I'm a lot more wary and double 
check against the config files. Backups and etckeeper (using git) help to 
avoid catastrophies.

I personally do not think much of firewalls which reside on the same machine 
which I want to protect. I'd choose an older PC to play with and install 
OpenBSD on it. Then setup a firewall - you might even have a look at a 
bridging firewall if you want to make it invisible to the network. As long as 
you have keyboard and screen access to the machine you won't need a third 
network port for maintenance. Although it comes in handy for upgrades.

http://www.openbsd.org/faq/faq6.html#Bridge
http://bio3d.colorado.edu/tor/sadocs/tcpip/bridge.html#what%20is%20a%20bridging%20firewall
see also: Firewalling with OpenBSD’s PF packet filter
Peter N. M. Hansteen
To get started with OpenBSD
"Secure Architectures With OpenBSD" by Palmer and Nazario

The OpenBSD documentation is excellent and very helpful. Later when everything 
is working as planned and if I'm tight on office space I'd get one of those 
Soekris boxes or similar and install my firewall there. Then you can tuck it 
safely under your desk.

I once tried out a GUI to handle my OpenBSD firewall but gave it up and I do 
prefer editing the pf.conf file with vim.

I installed Denyhosts on the firewall as well. There is no OpenBSD port for it 
but setup is easy with the Denyhosts documentation.
It is quite funny to see all the attempts to break into your box on port 22. 
Changing SSH to another port quiets this immediately.

Kind regards
Eike


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201207040821.10855.zp6...@gmx.net

Re: Gnome 3 fallback not working with Silicon Motion GPU

[Andrew Wood]

On 03/07/12 18:02, Camaleón wrote:


Is the same when you login with a fresh-new created user?
  
In principle I don't see it as a VGA driver problem :-?


Anyway, you can check the driver in use from your /var/log/Xorg.0.log and
also when running "lspci -vv" (scroll down for the VGA card and look for
the "kernel driver in use" line).

Greetings,

I'll have a go and report back - the machine is at a museum where I 
volunteer so I only go at weekends.


If its not a driver problem how come now I've brought the hard disk home 
and put it in a machine here with a PCI Matrox card from 1996 Gnome 
fallback mode displays perfectly?



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/4ff44b3f.8020...@perpetualmotion.co.uk

Re: firewall

[Jon Dowland]

On Wed, Jul 04, 2012 at 10:53:00AM +0300, Lars Noodén wrote:
> On 7/4/12 10:46 AM, Muhammad Yousuf Khan wrote:
> > Web base Firewall (IPCOP) very powerful with the addon called BOT
> > (block out traffice) base on IPtables.
> 
> In some ways it's easier just to work with IPtables directly.

Except on Debian you are required to do a fair amount of work to make
your rules persistent across reboots and ensure you get ordering right
to not lock yourself out of the box (if remote): all problems that
do not exist if you install and use ufw.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120704141610.GA10717@debian

Re: firewall

[lina]

Hi,

Following the instructions from http://wiki.debian.org/iptables

I am kinda of "running" the iptables now? (perhaps I understand wrong.
welcome correction.)

One thing a bit unexpected (to me) is that there are continuously
rolling info as following:

 Jul  4 22:18:07 Debian dhclient: DHCPREQUEST on eth0 to 172.21.4.192 port 67
Jul  4 22:18:10 Debian kernel: [42251.607781] --log-prefixIN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:1b:78:4a:c7:5f:08:00 SRC=172.21.51.33
DST=255.255.255.255 LEN=149 TOS=0x00 PREC=0x00 TTL=127 ID=0 DF
PROTO=UDP SPT=43619 DPT=17500 LEN=129
Jul  4 22:18:23 Debian kernel: [42264.062275] --log-prefixIN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:26:55:e3:4e:29:08:00 SRC=172.21.48.111
DST=172.21.51.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=11802 PROTO=UDP
SPT=137 DPT=137 LEN=58

Is it normal? or I set something wrong? Here is the output of the iptables -L

c# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source   destination
ACCEPT all  --  anywhere anywhere
REJECT all  --  anywhere loopback/8
reject-with icmp-port-unreachable
ACCEPT all  --  anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp  --  anywhere anywhere tcp dpt:http
ACCEPT tcp  --  anywhere anywhere tcp dpt:https
ACCEPT tcp  --  anywhere anywhere state
NEW tcp dpt:ssh
ACCEPT icmp --  anywhere anywhere icmp echo-request
LOGall  --  anywhere anywhere limit:
avg 5/min burst 5 LOG level debug prefix "--log-prefix"
REJECT all  --  anywhere anywhere
reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source   destination
REJECT all  --  anywhere anywhere
reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination
ACCEPT all  --  anywhere anywhere

Thanks ahead for your suggestions,

Best regards,


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAG9cJmnRjvgoe0QYwYXhM86mB4LSuNfh2m7O4v1X4Myq=tp...@mail.gmail.com

Re: changing the font size in Xdialog

[Camaleón]

On Tue, 03 Jul 2012 20:51:37 +0200, Pierre Frenkiel wrote:

> On Tue, 3 Jul 2012, Camale?n wrote:
> 
>> Could it be because the kind of widget you are using (--msgbox) does
>> not allow the font property to be changed? I would try with the exact
>> example used in the FAQ.
> 
>I actually tried with --textbox, and the rc-file given in the
>example:
> 
>Xdialog --rc-file fixed-font.rc  --textbox file 0 0
> 
>That doesn't work, 

How bad :-(

Then it can be something worth to report to the Xdialog developer... 
ouch, hold on:

***
http://xdialog.free.fr/

Remarks regarding some distributions quirks:

- Recent Debian distributions seem to have utterly broken fonts for GTK+ 
v1.2. Please, do NOT report bugs dealing with weird/badly looking fonts 
under Debian: this is NOT an Xdialog bug but rather deals with how 
screwed up is Debian's fonts system.

- Still about Debian: given how rigid is the (IMHO stupid) Debian policy 
about packaging, and how stubborn are the Debian maintainers, I do NOT 
and will NEVER support any Debian-related problem. If you are using a 
Debian (or a Debian-based) distribution and think you found a bug, 
please, first recompile Xdialog from the sources available on this site 
before concluding it's a bug in the genuine Xdialog. I will NOT bother 
with investigating bugs introduced with Debian's private patches which 
are unapproved by me.
***

Wow... not a Debian lover here :-P

I'm afraid you are on your own unless you are using the upstream sources 
and still can reproduce the error.

> and after that, I discovered that the font name in
>the rc-file is not used, i.e. if you put  a wrong font name, you get
>no error message.
> 
>idem if you give a non existing rc file.  Now, doing more tests, I
>discovered that the following command is accepted: without any error
>message: !!!
> 
>  Xdialog --anything  --msgbox "xdialog  test"  0 0
>idem with
>  Xdialog anything bla_bla  --msgbox "xdialog  test"  0 0
> 
> That seems really crazy!

Yes, that behaviour is a bit of nonsense.

> do you have the same behaviour?
> 
> Xdialog --version
> Version: 2.3.1

You must be still on Lenny, right?

I use "zenity" (to drawn small GTK GUI dialogs) and "dialog" for ncurses, 
I'm not using Xdialog which BTW, looks like it has been removed from 
Debian repositories.

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/jt1jj6$3jh$5...@dough.gmane.org

Re: Upgrading to Wheezy (frozen)

[Camaleón]

On Tue, 03 Jul 2012 22:28:57 +0200, daniele.g wrote:

> Camaleón  writes:
> 
>> On Tue, 03 Jul 2012 11:35:03 +0200, daniele.g wrote:
>>
>>> Are already there the release notes for upgrading to Wheezy?
>>
>> ?
>>
>> We're still long away from Wheezy release (~6 months?).
>>
>> Frozen != released :-)
> 
> Yes, you're very right, but, come on, at this point I suppose that it
> should be defined if, for example, systemd will replace insserv.

(...)

The basics, yes, of course. 

For instance, you will get GNOME 3 and gnome-shell by default and kernel 
3.2.20. But please, don't ask me for every decision that has been taken 
for every aspect of the distribution because I just don't know ;-)

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/jt1k3l$3jh$6...@dough.gmane.org

Re: firewall

[lina]

P.S. Your guys are great.
Sometimes even I didn't reply item by item, or thanks one by one, but
I read every sentences in the emails. Many times read more than once.
So please kindly realize that your suggestions are very valuable and
highly appreciated (most time silently).
BTW, I didn't realize there is a etckeeper before. just installed. And
for iptables I have spent 5 hours on it based on the suggestions.

Thanks again.

Best regards,


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAG9cJmm10vYHujOUvJ=GyDWb5OFN4nQQxJ==tj6mcrqwej6...@mail.gmail.com

Re: Backports on Squeeze

[Camaleón]

On Wed, 04 Jul 2012 08:38:33 +1200, Chris Bannister wrote:

> On Tue, Jul 03, 2012 at 02:04:52PM +, Camaleón wrote:
>> On Tue, 03 Jul 2012 10:38:02 +1200, Chris Bannister wrote:
>> 
>> > On Mon, Jul 02, 2012 at 05:34:19PM +, Camaleón wrote:
>> >> On Mon, 02 Jul 2012 10:09:49 -0600, Paul E Condon wrote:
>> >> > but how does one know of the existance of a backported package.
>> >> 
>> >> As usual, you go to the online search and type the name of the
>> >> package. If there's a backport counterpart it will listed there.
>> >> 
>> >> You can also query from here:
>> >> 
>> >> http://backports-master.debian.org/Packages/
>> > 
>> > Are you supposed to do this daily, or what?
>> 
>> To do what? Search for a package in the backports?
> 
> An updated backport.

What's an "updated backport"? I only know of the usual backported 
packages regardless their numbering version (up-to-date or not).

>> That would depend on your needings, I personally do a few software
>> installs in my systems so yes, when I need to search for a package I
>> use the online interface.
> 
> apt-cache search should be good enough for a new package, apt-cache
> policy for version info.

Well, that's exactly what I suggested to Paul.

>> > He means it being a push operation not a pull operation. No doubt he
>> > already knows about querying for himself at
>> > http://backports-master.debian.org/Packages/
>> 
>> What do you suggest then?
> 
> either subscribe to: debian-backports-chan...@lists.debian.org, 

(...)

I'm subscribed but it's not a convenient way to know what packages are in 
the pool but what is happening in the background (proposal of newer 
packages, updated versions...).

> or
> 
> use appropriate pinning; 

(...)

That's also what I suggested. I wonder if you really read in deep my 
posts or just reply by the sake of replying :-)

> or
> 
> run testing, especially if you are backporting a lot of packages.

If you run testing there's no need to use the backports.

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/jt1km3$3jh$7...@dough.gmane.org

Re: CD/DVD diagnostic tools needed

[Camaleón]

On Wed, 04 Jul 2012 10:21:21 +1200, Chris Bannister wrote:

> On Tue, Jul 03, 2012 at 02:32:18PM +, Camaleón wrote:
>> On Tue, 03 Jul 2012 18:17:12 +1200, Chris Bannister wrote:
>> 
>> > On Mon, Jul 02, 2012 at 02:37:42PM +, Camaleón wrote:
>> >> On Mon, 02 Jul 2012 11:34:00 +1200, Chris Bannister wrote:
>> >> > Ouch!!, at least try different media first, some media are
>> >> > problematic with some DVD/CD drives (according to some stuff I've
>> >> > read)
>> >> 
>> >> The above "weird, inconsistent, and intermittent" errors indicate
>> >> some CDs do work and some doesn't. If all the tests are being done
>> >> in the same way (same media, same writing speed, same burning
>> >> tools...) there's a high chance for the unit going bad.
>> > 
>> > I was referring to whether it was CD+R or CD-R media, although you
>> > can get the odd crook one; especially in those bulk cheap stacks.
>> 
>> Discarding the media is as easy as using a different CD/DVD type/brand.
> 
> Exactly!
> 
> And certainly easier than replacing the burner. 

(...)

I assume the OP already discarded a bad media because of the tests he 
have run and the kind of questions he asked ;-)

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/jt1ksk$3jh$8...@dough.gmane.org

Re: Very slow network with certain APs -- ipv6 problem?

[Camaleón]

On Tue, 03 Jul 2012 16:10:46 -0700, Paul Zimmerman wrote:

> Since the "official" switch to IPv6 I've been having serious problems
> with certain wireless APs. Some are unchanged, but others are very, very
> slw for no detectable reason. Yet, the same APs are just as easily
> accessible as always with a Windows machine. Could there be a problem
> caused by not updating for the change to IPv6? 

You mean you're still using ipv4 with no ipv6 support from the OS at all?

> Something that Windows would detect and adjust for automatically? Is
> there some simple way to make my Linux system use IPv4 again with only
> those certain APs?

To discard a problem coming from the ipv6 stack, you can try to disable/
enable it system wide and check if the issue with the AP is still present 
or not.

Some tips to turn it off:

http://wiki.debian.org/DebianIPv6#How_to_turn_off_IPv6

Anyway, my wild guess is that the problem with the AP can be because of 
the driver or another environmental or configuration factors. What's your 
wifi adapter and what driver are you using? When you say is "slow" what 
are the exact symtoms you experience (e.g., random reconnects, download/
upload speed is not as expected, lazy AP -it takes so long to get 
associated with your computer-...)?

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/jt1lbc$3jh$9...@dough.gmane.org

Re: Gnome 3 fallback not working with Silicon Motion GPU

[Camaleón]

On Wed, 04 Jul 2012 14:55:11 +0100, Andrew Wood wrote:

> On 03/07/12 18:02, Camaleón wrote:
>>
>> Is the same when you login with a fresh-new created user?
>>   
>> In principle I don't see it as a VGA driver problem :-?
>>
>> Anyway, you can check the driver in use from your /var/log/Xorg.0.log
>> and also when running "lspci -vv" (scroll down for the VGA card and
>> look for the "kernel driver in use" line).
>>
>>
> I'll have a go and report back - the machine is at a museum where I
> volunteer so I only go at weekends.

Thats what's "ssh -X" is for, but wait... in a museum? Is the computer 
that old?

> If its not a driver problem how come now I've brought the hard disk home
> and put it in a machine here with a PCI Matrox card from 1996 Gnome
> fallback mode displays perfectly?

Well, given the nature of the problem you first reported (GNOME look 
showing like an old or uncomplete GTK+ style) with no additional 
information it did not look like a driver problem but another thing, I 
mean, for a driver problem I would expected something like your display 
showing small dots (noise) or lines in the screen, flickering, windows 
wrongly positioned or something like that.

By running the tests I mentioned (you can login with a new user, read 
from the X logs and also the "~/.xsession-errors" file...) you could have 
a better understanding on what can be happening with the museum's 
computer.

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/jt1n4s$3jh$1...@dough.gmane.org

Re: not autocompleting

[Camaleón]

On Tue, 03 Jul 2012 20:11:19 +0100, mk bane wrote:

> On 6/23/12, Camaleón  wrote:

(...)

>> How about your alias? Do you have something fancy added that can be
>> interferring with autocomplete? Are you experiencing the problem when
>> you login with a different user? Does the same happen for all of the
>> OOo applications (oowriter, oodraw, ooimpres...)?
>>
>>
> Hi folks with apologies for being busy elsewhere...
> 
> The problem for oocalc is when the directory begins with a dot (.) and
> partially given, eg
> 
> oocalc .per[TAB] won't auto-complete
> 
> but
> 
> oocalc time[TAB] will auto-complete
> 
> Same applies to oowriter

Ah, you mean for "hidden" directories. 

For those I neither get the autocomplete when using OOo applications 
(oowriter, oocalc...), though it works with the usual bash built-in tools 
(e.g., "cat .th[tab]" → it does autocomplete).

Not sure if this behaviour can be tweaked :-?

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/jt1o65$3jh$1...@dough.gmane.org

Re: cannot upgrade or remove multipath-tools

[Camaleón]

On Tue, 03 Jul 2012 23:31:40 -0700, John Magolske wrote:

> In doing `aptitude ugrade`, multipath-tools is to be upgraded, but I
> keep getting the following message:
> 
> % sudo aptitude install multipath-tools [...]
> Preparing to replace multipath-tools 0.4.9+git0.4dfdaf2b-4 (using
> .../multipath-tools_0.4.9+git0.4dfdaf2b-6_i386.deb) ... Device does not
> exist.
> Command failed
> invoke-rc.d: initscript multipath-tools, action "stop" failed.

(...)

Could it be because of this?

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674733

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/jt1pcb$3jh$1...@dough.gmane.org

Re: minimal HTTP server recommends

[Camaleón]

On Wed, 04 Jul 2012 03:10:32 +, T o n g wrote:

> Just noticed that the thttpd package that I'm using has been removed
> from Debian repo early this year.

Mmm, it was removed because of:

http://packages.qa.debian.org/t/thttpd/news/20120101T154305Z.html

--- Reason ---
RoQA; orphaned, RC-buggy, dead upstream, plenty of alternatives exist
--

Seems reasonable.

> It suits my personal web server well, because "It has an executable
> memory size of about 50 kB. . . it is uniquely suited to service high
> volume requests for static data" (http://en.wikipedia.org/wiki/Thttpd)
> 
> Now that it's gone, please recommend another minimal HTTP server with
> similar goal as above.

There's a nice comparison table here:

http://en.wikipedia.org/wiki/Comparison_of_lightweight_web_servers

Can't comment on these lightweight solutions, I use Apache2 for no 
specific reason other than "it just works and fits my needs".

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/jt1pu6$3jh$1...@dough.gmane.org

Re: firewall

[Brad Alexander]

On Wed, Jul 4, 2012 at 2:15 AM, Ralf Mardorf  wrote:
> On Wed, 2012-07-04 at 11:19 +0800, lina wrote:
>> Hi,
>>
>> I don't know which firewall (http://wiki.debian.org/Firewalls) I should 
>> choose.
>>
>> Thanks ahead for recommendation, and it will be very nice if you tell
>> me why you recommend this one.
>
> To answer drily: Test them and report what firewall does protect you the
> best against no attacks. Linux for home usage was safe, is safe, will be
> safe. Yes, it's safe regarding to things I criticize. I don't criticize
> protection per se, I only worry about t much security for nothing.

I disagree. Its about defense in depth. Because what happens if you
get a piece of bad software that opens a vulnerability? And yes, that
could happen to a home Linux user as easily as a corporate one, since
they are using the same update mechanisms. In fact, I would posit that
a home user could be at *more* risk, since, in theory, a corporate
user would be limited in the amount and types of software
installed...Corporate server vs home workstation.

So a piece of bad software gets introduced into the repos. It could
happen...And having a firewall in place (an external firewall would
have the advantage of not being able to be turned off by said
malware).

So it comes down to where the line between "protection" and "too
much". Which means it comes down to the following two questions. "What
are you trying to protect?" and "Who are you trying to defend
against?" For a home user, the obvious answer, like with corporate
users is "your data." Consider what that data consists of. Personal
documents, banking information, pictures, etc, would all be valid
types of data. The types of data may be different, but the exercise of
protecting it would be the same as a corporate user.

Now as for the second question, who are you trying to defend against,
let's look at the windows world. You have people taking over boxes,
using them in botnets, stealing information, a whole niche market for
antivirus and antimalware products. IMHO, there are three things that
keep us from being in a similar situation. First, Linux users are
generally more savvy than Windows users (and less arrogant than Mac
users :) ); second, Linux has a higher bar for base security. Use of a
firewall, IDS, reading your logs only enhances that. But the fact that
the bar is higher doesn't mean its insurmountable. The third reason we
are not in the same boat as windows is that we have a much smaller
attack surface than Windows. Windows still has over 90% penetration on
the desktop, Therefore, they are the low hanging fruit.

This doesn't mean that we will never be in that boat, and only
vigilance will keep us out of it.

Just my 2 cents.
--b


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cakmzw+y+hv9dq2+v_d4psyrn9fla+jht_yu6p-oemaazox7...@mail.gmail.com

Re: changing the font size in Xdialog

[Pierre Frenkiel]

On Wed, 4 Jul 2012, Camale?n wrote:


http://xdialog.free.fr/

Remarks regarding some distributions quirks:

Wow... not a Debian lover here :-P

   yes, and In My Holy Opinion, stupid...
   If the font are broken, how comes that they are displayed correctly
   (good shape and size), with the --fontsel option !?
   Anyway, I re-compiled from the tar source, and got EXACTLY the
   same behaviour. So it seems that I have now the right to fill a bug report.



You must be still on Lenny, right?


  No, I am on Squeeze on my desktop, and SID on my laptop:
  same behaviour on both


I use "zenity" (to drawn small GTK GUI dialogs) and "dialog" for ncurses,
I'm not using Xdialog which BTW, looks like it has been removed from
Debian repositories.


  yes. I must have installed it before the removal.
  I looked at zenity some time ago, and found it had less features than xdialog
  I'll check whether this is still true.

best regards,
--
Pierre Frenkiel


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: 
http://lists.debian.org/alpine.deb.2.00.1207041734210.9...@pfr2.frenkiel-hure.net

Re: GPG - secret key not available?

[Csanyi Pal]

Jon Dowland  writes:

> On Tue, Jul 03, 2012 at 04:51:09PM +0200, Csanyi Pal wrote:

[snip]

> I suspect that's what you are doing wrong; you should export the
> public half rather than the secret. It's the public half which is used
> by others to verify your sigs.

gpg: skipped "Csanyi Pal ": secret key not available
gpg: [stdin]: clearsign failed: secret key not available

> (note also that if you are just starting to play around, it would be
> worth generating a much stronger key. Read
> http://keyring.debian.org/creating-key.html to find out how)

I generated such a strong key.

Still I get the message as abowe:
secret key not available

So what can I do to get signed .dsc and .changes file when run
dpkg-buildpackage -rfakeroot ??

-- 
Regards from Pal


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/877gujfoz5@gmail.com

Re: not autocompleting

[Curt]

On 2012-07-04, Camaleón  wrote:
>
> Ah, you mean for "hidden" directories. 
>
> For those I neither get the autocomplete when using OOo applications 
> (oowriter, oocalc...), though it works with the usual bash built-in tools 
> (e.g., "cat .th[tab]" → it does autocomplete).
>
> Not sure if this behaviour can be tweaked :-?


curty@einstein:/etc$ complete -p | grep oocalc
complete -o filenames -d -X '.[^./]*' -F _ooexp_ oocalc

If I only knew what that meant!

 Completion is implemented in the file /etc/bash_completion
 New completion commands may be placed inside the directory
 /etc/bash_completion.d
 We can list all the current completion routines bound via "complete -p"

http://www.debian-administration.org/articles/316



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/slrnjv8u1i.2vn.cu...@einstein.electron.org

Re: firewall

[Lisi]

On Wednesday 04 July 2012 17:14:29 Brad Alexander wrote:
> The third reason we
> are not in the same boat as windows is that we have a much smaller
> attack surface than Windows. Windows still has over 90% penetration on
> the desktop, Therefore, they are the low hanging fruit.

How, then, do you explain the fact that Windows servers, which have a 
penetration of less than 50%, suffer on the Internet as do Windows home 
users, whilst Unix and family servers, which have over 50% penetration, still 
suffer from _far_ less malware?

Lisi


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/201207041811.14505.lisi.re...@gmail.com

Re: Random lockups

[Camaleón]

On Tue, 03 Jul 2012 13:10:24 -0400, Frank McCormick wrote:

> My desktop running Debian Sid just locked up for the 4th or 5th time
> recently.
> 
> There is nothing is the syslog...nothing in the xorg log. The system
> just locks changing what's on the screen to yellow tinged text. It locks
> so tight that only a hard reset gets it back. Alt-SysReq does nothing.

(...)

Can you still login from ssh? If so, X is crashing.

Also, if you can, try to load "vesa" or "fb" VGA driver instead "intel", 
although with KMS in place I don't know if this is still possible neither 
the steps to proceed.

> I am running an Intel D865GBF board, and Intel on-board video.

That's an old motherboard, right? :-?

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/jt1tim$3jh$1...@dough.gmane.org

Re: not autocompleting

[Camaleón]

On Wed, 04 Jul 2012 17:05:58 +, Curt wrote:

> On 2012-07-04, Camaleón  wrote:
>>
>> Ah, you mean for "hidden" directories.
>>
>> For those I neither get the autocomplete when using OOo applications
>> (oowriter, oocalc...), though it works with the usual bash built-in
>> tools (e.g., "cat .th[tab]" → it does autocomplete).
>>
>> Not sure if this behaviour can be tweaked :-?
> 
> 
> curty@einstein:/etc$ complete -p | grep oocalc 
> complete -o filenames -d -X '.[^./]*' -F _ooexp_ oocalc

(...)

Ah! Sure, the above listing, I completely forgot.

Now, if you tell the user what needs to be done to tweak the current 
complete routines your post would be even useful.

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/jt1uv8$3jh$1...@dough.gmane.org

Re: Random lockups

[Frank McCormick]

On 04/07/12 01:12 PM, Camaleón wrote:

On Tue, 03 Jul 2012 13:10:24 -0400, Frank McCormick wrote:


My desktop running Debian Sid just locked up for the 4th or 5th time
recently.

 There is nothing is the syslog...nothing in the xorg log. The system
just locks changing what's on the screen to yellow tinged text. It locks
so tight that only a hard reset gets it back. Alt-SysReq does nothing.


(...)

Can you still login from ssh? If so, X is crashing.



  Yes, but nothing works



Also, if you can, try to load "vesa" or "fb" VGA driver instead "intel",
although with KMS in place I don't know if this is still possible neither
the steps to proceed.



   I have done that - fbdev **seems** to run fine - except the mouse 
cursor disappears at random. Found it too annoying so went back to the 
Intel driver...and it hasn't locked up yet today (crossed-fingers). The 
Vesa driver is next to useless as it really doesn't like doing anything 
more than  800x600.



 I am running an Intel D865GBF board, and Intel on-board video.


That's an old motherboard, right? :-?



  Yes, about 5 or 6 years old...but from prowling the net it seems 
newer Intel boards aren't much better. I'd still like to hear advice on 
the best/easiest video card to run. I ran Nvidia for a while but got 
tired of constantly recompiling whenever a new kernel popped up. I'd 
like something other than Nvidia.






--
Cheers
Frank



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/4ff48190.5030...@videotron.ca

Re: cannot upgrade or remove multipath-tools

[John Magolske]

* Camaleón  [120704 10:51]:
> On Tue, 03 Jul 2012 23:31:40 -0700, John Magolske wrote:
> > In doing `aptitude ugrade`, multipath-tools is to be upgraded, but I
> > keep getting the following message:
> > 
> > % sudo aptitude install multipath-tools [...]
> > Preparing to replace multipath-tools 0.4.9+git0.4dfdaf2b-4 (using
> > .../multipath-tools_0.4.9+git0.4dfdaf2b-6_i386.deb) ... Device does not
> > exist.
> > Command failed
> > invoke-rc.d: initscript multipath-tools, action "stop" failed.
> 
> Could it be because of this?
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674733

Yes, I was looking at that last night after emailing the list:

If a user's setup is direct access to scsi device, be it either sd
naming scheme or persistent names, it appears that no entry for it
is created in /sys/block sysfs hierarchy.

In this scenario, the multipath-tools' stop target fails thusly
breaking all upgrades.

Current resolution is to run the init script to survive errors,
i.e. "!sh -e"

I tried what I think is being suggested here, changing the first
line of /etc/init.d/multipath-tools to "#!/bin/sh -e", but still get
"...package failed to install" when trying to upgrade multipath-tools,
and this when running "multipath-tools stop" manually:

# /etc/init.d/multipath-tools stop
Device does not exist.
Command failed

I did notice however this morning that `aptitude upgrade` does not try
to upgrade multipath-tools. A dist-upgrade does still want to upgrade
this package -- as did a regular upgrade as recently as yesterday. But
now for some reason I can do a regular upgrade without the complaining
brought on by multipath-tools.

John

-- 
John Magolske
http://B79.net/contact


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120704182217.ga12...@s70206.gridserver.com

[POSTPONED] Re: installation with UEFI

[Andreas Weber]

On 2012-07-03 19:23, Camaleón wrote:
> There was a discussion at the devel mailing list:
> 
> http://lists.debian.org/debian-devel/2012/01/msg00168.html

Thanks for this, hadn't seen it yet.

> And also an article from the same person who started the above thread:
> 
> http://tanguy.ortolo.eu/blog/article51/

I tried this one out before I posted. It doesn't work for my setup.

> Can't comment on the methods, sorry, I'm afraid I'm still stuck with the 
> old BIOS in all of my systems and haven't had the chance to test the new 
> implementation ;-(

I will stick to "old style", too, for the time being. This whole UEFI
thing hasn't landed in Debian land yet AFAICS.

Besides the "all new and shiny" thing about UEFI, booting with grub-pc
works pretty ok for me at the moment.

Thanks to all who replied.

ändu


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff496f2.5050...@worldwideweber.ch

Re: firewall

[Joe]

On Wed, 4 Jul 2012 18:11:14 +0100
Lisi  wrote:

> On Wednesday 04 July 2012 17:14:29 Brad Alexander wrote:
> > The third reason we
> > are not in the same boat as windows is that we have a much smaller
> > attack surface than Windows. Windows still has over 90% penetration
> > on the desktop, Therefore, they are the low hanging fruit.
> 
> How, then, do you explain the fact that Windows servers, which have a 
> penetration of less than 50%, suffer on the Internet as do Windows
> home users, whilst Unix and family servers, which have over 50%
> penetration, still suffer from _far_ less malware?
> 

All kinds of reasons, beginning with the fact that most malware
designed for Windows desktops works just fine on the servers, too,
though I think most servers are somewhat better protected than a home
PC. People don't sit in front of them and surf the Web, for one thing
(at least not in sensible companies).

But while there are excellent Windows admins, the fact is that it is a
point-and-click environment, with qualifications obtainable from exams
marked by computer, and hence multiple-choice. I'm not suggesting the
exams are trivial, but by their nature they ask go-nogo questions, and
the questions are mostly based on operating the Windows dialogue boxes.

Microsoft has made its billions by making computers relatively easy to
use, so you can go a long way as a junior admin or consultant by just
knowing the right box to tick. There is a relatively small amount you
can do wrong.

I'm not just guessing here: I started in network admin by being given a
small NT4 network to look after. I didn't install the server, and
occasionally had to call in the company who did, but I bought the
appropriate set of MS books with a view to going for the MSCE. That
never happened, but I got fairly familiar with what was in the books
and I could sort out most problems. I built a second PC at home and
installed NT server and workstation software multi-booting with my
production Win95 and Win98.

Then I discovered Linux, at about Red Hat 5 if I remember rightly (long
before RHEL and Fedora), and learned a great deal more about computer
and network admin in a couple of months than I had in about two years
of practical NT admin, having in that time learned what I estimated was
most of the knowledge necessary for the NT4 MCSE. What was a little
disturbing was that after a fairly short exposure to Linux, I now
*understood* a lot more about what I had been doing by rote with NT,
and that understanding was *not* required by the MCSE exam.

The bottom line is that Linux is significantly harder to drive than
Windows (and I've dabbled with Server 2000, 2003 and 2008, and a few
Red Hats, Mandrakes and Debians) and the admins are likely to know
more about what they're actually doing, because they need to.

On the other hand, a lot more Linux knowledge is transferable, because
Linux developers don't have to sell new versions every few years.
Windows doesn't actually change all that much between versions, but the
GUI and in particular the GUI paradigms (I hate that word, but it is
the right one for the mix of views and concepts that MS use to overlay
the prosaic world of IP addresses and daemons) must change noticeably
to convince buyers they're getting something better. So Windows admins
have to learn a different method of access to many configurations with
each version, getting further and further away from the nuts and
bolts, and Linux admins just need to keep track of what has now
migrated into /etc/default, or that a big configuration file is now
split into many smaller ones.

The current limit is reached with MS Small Business Server, which aims
to be a full-featured server for people who know no IT whatever. It's
very limited compared to the full Server version, because almost
everything is hard-coded. There are a lot of these about now, and
some of the people who own them do some extremely stupid things with
them...

-- 
Joe


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120704204605.22653...@jretrading.com

Re: Random lockups

[Camaleón]

On Wed, 04 Jul 2012 13:46:56 -0400, Frank McCormick wrote:

> On 04/07/12 01:12 PM, Camaleón wrote:
>> On Tue, 03 Jul 2012 13:10:24 -0400, Frank McCormick wrote:
>>
>>> My desktop running Debian Sid just locked up for the 4th or 5th time
>>> recently.
>>>
>>>  There is nothing is the syslog...nothing in the xorg log. The
>>>  system
>>> just locks changing what's on the screen to yellow tinged text. It
>>> locks so tight that only a hard reset gets it back. Alt-SysReq does
>>> nothing.
>>
>> (...)
>>
>> Can you still login from ssh? If so, X is crashing.
> 
> 
>Yes, but nothing works

What do you mean by that? :-?

Sure you can't get a full-featured environment when login from remote but 
the fact the kernel is still "alive" (accepting logins, network up...) it 
points to a less severe problem (xserver-xorg?).
 
>> Also, if you can, try to load "vesa" or "fb" VGA driver instead
>> "intel", although with KMS in place I don't know if this is still
>> possible neither the steps to proceed.
> 
> 
> I have done that - fbdev **seems** to run fine - except the mouse
> cursor disappears at random. 

Ugh. But the issue with the screen freeze and the yellow text is not 
present with this driver, right?

> Found it too annoying so went back to the Intel driver...and it hasn't
> locked up yet today (crossed-fingers). 

Maybe an update in the middle? :-?

> The Vesa driver is next to useless as it really doesn't like doing
> anything more than  800x600.

Yes, I know, the plain VGA drivers are close to useless nowadays but they 
still serve for testing purposes like this situation :-)

>>>  I am running an Intel D865GBF board, and Intel on-board video.
>>
>> That's an old motherboard, right? :-?
> 
> 
>Yes, about 5 or 6 years old...but from prowling the net it seems
> newer Intel boards aren't much better. I'd still like to hear advice on
> the best/easiest video card to run. I ran Nvidia for a while but got
> tired of constantly recompiling whenever a new kernel popped up. I'd
> like something other than Nvidia.

nVidia would be my personal choice but true is that when using sid the 
problem with the driver can be a headache because of the constant kernel 
updates (unless you can use module assistant or can be happy with 
nouveau, the open source driver).

Other than nVidia there are ATI (which I don't like so much) and Matrox 
(but these cards are currently out of the 3D market and I don't know 
about their current linux support...).

Anyway, I wouldn't give up with your current system. If finally is X that 
freezes, you can open a bug report or test with a different driver 
version (either downgrade from the current one or try to get the lastest 
from upstream sources).

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/jt280k$3jh$1...@dough.gmane.org

which layer to configure so Alt-x does Meta-x in bash?

[Dan B.]

What's the right layer to reconfigure so that Alt functions as Meta in bash
command line editing?

Right now, when I try to type Alt-f to execute bash's Meta-f line-editing
function (Forward Word), bash instead inserts a non-ASCII character (the
a-e ligature).  That happens in bash in xterm and in ssh sessions, but not
in bash on a virtual console.

(What I mean by "right layer" above is the layer that probably would have
the fewest unwanted side effects.  For example, on an older system, Alt-f
works as Meta-a in bash, but still inserts the a-e character when typed
while running a command such as "cat" (that is, just echoing typed input
to output), so I don't think I want a solution that completely disables
the non-ASCII character generation.)


Do I want to be looking in bash?  in inputrc?  in xterm?  somewhere else?


Thanks,
Daniel




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/4ff4a482.4000...@kempt.net

Re: cannot upgrade or remove multipath-tools

[Camaleón]

On Wed, 04 Jul 2012 11:22:17 -0700, John Magolske wrote:

> * Camaleón  [120704 10:51]:

(...)

>> > Command failed
>> > invoke-rc.d: initscript multipath-tools, action "stop" failed.
>> 
>> Could it be because of this?
>> 
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674733
> 
> Yes, I was looking at that last night after emailing the list:

(...)

> I tried what I think is being suggested here, changing the first line of
> /etc/init.d/multipath-tools to "#!/bin/sh -e", but still get "...package
> failed to install" when trying to upgrade multipath-tools, and this when
> running "multipath-tools stop" manually:
> 
> # /etc/init.d/multipath-tools stop
> Device does not exist.
> Command failed

After editing the boot script I guess the service should be restarted 
again to reflect the changes so that when it's stopped it does not fail.

> I did notice however this morning that `aptitude upgrade` does not try
> to upgrade multipath-tools. A dist-upgrade does still want to upgrade
> this package -- as did a regular upgrade as recently as yesterday. But
> now for some reason I can do a regular upgrade without the complaining
> brought on by multipath-tools.

You can try "dist-upgrading" again once you have edited the init script 
and daemon has been restarted. Or you can also take a more practical 
approach and manually download the updated deb package (0.4.9
+git0.4dfdaf2b-6) and copy/paste the init script or look for the 
differences :-)

Greetings,

-- 
Camaleón


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/jt29kn$3jh$1...@dough.gmane.org

Re: firewall

[Brad Alexander]

On Wed, Jul 4, 2012 at 3:46 PM, Joe  wrote:
> On Wed, 4 Jul 2012 18:11:14 +0100
> Lisi  wrote:
>
>> On Wednesday 04 July 2012 17:14:29 Brad Alexander wrote:
>> > The third reason we
>> > are not in the same boat as windows is that we have a much smaller
>> > attack surface than Windows. Windows still has over 90% penetration
>> > on the desktop, Therefore, they are the low hanging fruit.
>>
>> How, then, do you explain the fact that Windows servers, which have a
>> penetration of less than 50%, suffer on the Internet as do Windows
>> home users, whilst Unix and family servers, which have over 50%
>> penetration, still suffer from _far_ less malware?
>>
>
> All kinds of reasons, beginning with the fact that most malware
> designed for Windows desktops works just fine on the servers, too,
> though I think most servers are somewhat better protected than a home
> PC. People don't sit in front of them and surf the Web, for one thing
> (at least not in sensible companies).
>
> But while there are excellent Windows admins, the fact is that it is a
> point-and-click environment, with qualifications obtainable from exams
> marked by computer, and hence multiple-choice. I'm not suggesting the
> exams are trivial, but by their nature they ask go-nogo questions, and
> the questions are mostly based on operating the Windows dialogue boxes.
>
> Microsoft has made its billions by making computers relatively easy to
> use, so you can go a long way as a junior admin or consultant by just
> knowing the right box to tick. There is a relatively small amount you
> can do wrong.

Excellent points, Joe. In addition, Windows was designed from the
ground up as a single-user operating system, which means that all of
the files on a system were accessible by the user. Then, over the
course of time security and file restrictions were bolted on.
Unix/Linux, OTOH, were designed as multiuser environments. So the
concept of file permissions, root-only parts of the filesystem and so
forth were baked in early on. The latter approach is far easier to
maintain/enhance than the former.

Add to that the fact that MS (and apple) packs software in a black box
and tosses it over the wall to consumers. This means any vulnerability
that the Bad Guys are able to reverse engineer are in the wild until
the company gets around to patching it. Which is something MS has
gotten very, very good at over the years. Call it reactive security.
With Open Source software, OTOH, anyone can find a problem and fix it.
Consequently, in a lot of cases, the fix for a problem is included
with the description of the problem. No, this does not happen all of
the time, witness the recent authentication bypass in MySQL or the
kernel bug that was there for 8 years...But then again, there is a bug
in the 16-bit code in windows that was first reported in 1994 that MS
says that they will not fix...So there are corner cases on both sides.

> The bottom line is that Linux is significantly harder to drive than
> Windows (and I've dabbled with Server 2000, 2003 and 2008, and a few
> Red Hats, Mandrakes and Debians) and the admins are likely to know
> more about what they're actually doing, because they need to.

I disagree with this. I have been doing Linux almost exclusively since
1998, and in fact, have only had a windows box on my desk for a total
of 1 year in that period. I'm as lost in a windows environment as a
windows user would be if dropped cold-turkey into Linux.

--b


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAKmZw+YgX3gSREFKT_6-Cunj9e3jOVcvK9pWy4=qd4p_puz...@mail.gmail.com

Re: firewall

[Adrian Fita]

On 04/07/12 10:31, Mika Suomalainen wrote:
> On 04.07.2012 06:19, lina wrote:
>>
>> I don't know which firewall (http://wiki.debian.org/Firewalls) I
>> should choose.
>>
>> [...]
>>
> I recommend UFW. It's simple to use and does everything what firewall
> should do in my opinion.
> 
> All commands are like "ufw allow 22/tcp" (allows connections to SSH port).
> 
> It also has gui called GUFW.

Agreed. This is what I use. ufw is great for home PC/laptop use. And the
GUI, GUFW makes it as easy as a firewall can be. Fire and forget. Of
course, knowing a bit about iptables is recommended, to understand what
happens behind the scenes.

firestarter is also nice and easy to work with.

-- 
Adrian Fita


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff4ad95.4080...@gmail.com

Re: firewall

[Tom H]

On Wed, Jul 4, 2012 at 4:04 AM, Joe  wrote:
>
> Most ports can be closed by configuration, even the infamous portmap
> can be limited to localhost if you're not using it externally e.g. for
> NIS or NFS. If you have a standalone Linux machine in a foreign
> network, pretty much everything can be closed.

With nfsv4, you don't have to expose 111; you can just have 2049 open
(I've never tried to close 111 with nfsv3; perhaps it works too).


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOdo=sxtqajjxou0pdxwqjxu-umwjljntvo01f93blasdoc...@mail.gmail.com

Re: firewall

[Tom H]

On Wed, Jul 4, 2012 at 3:38 AM, Ralf Mardorf  wrote:
>
> *chuckle* A trillion years ago I used a firewall myself. "Ports" are an
> issue, I wasn't able to down- or upload by ftp. BUT, How many serious
> attacks did you notice around the last 30 days?

Your aversion to security is interesting. You dismissed selinux in a
previous thread and are now belittling iptables. Why don;t just
publish your username and password on the net if you think that there
are no dangers out there? :)


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOdo=SzSbr51O2jL_xDvcMb=oxc+uthv0yzuepr_ki0agsd...@mail.gmail.com

Re: Current SSD setup recommendations for laptop with Debian

[Nick Lidakis]

On Wed, Jul 04, 2012 at 01:03:34AM -0500, Stan Hoeppner wrote:
> People often need to be presented with a healthy dose of realism--what
> you call "harsh".
> 

> Once the OP asked about "alignment" I knew he needed a dose...

I don't need a "dose", thank you. All my questions are valid and you did
a piss poor job of answering them. I did what was required before I posted to 
the
list: I Googled for 2 days; found a lot of conflicting information; found
information that might be outdated considering the changes in SSD flash and
controllers.

I'm not a tweaker; I need to get work done on my laptop. Also, I need the
drive to perform reliably for as long as possible. My data is important to me
and I try to use my computer hardware for as long as possible --not
subscribing to the idea of disposable consumerism that is prevalent today.

> Again, at the end of the day, the OP in this thread will notice ZERO
> performance difference whether he wastes his time on things like erase
> block alignment and TRIM, which is another can of worms.  Real time TRIM
> or batch TRIM?  The XFS devs recommend batch TRIM with a cron job,
> because real time TRIM kills performance, with the current Linux
> implementation of real time TRIM support.  So we've come full circle.

>From what I Googled: 

TRIM support is included in the latest kernels and
hdparm utility. Are you telling me that the kernel kernel devs included 
useless code that I should not bother with?

"Alignment" was mentioned in several "Debian" websites including the SSD
wiki. It was valid for me to ask.


 
> Camp #1 or camp #2?
> My original "harsh" response got the point across with about 1000 less
> characters.  Replace harsh with "direct" or "no bullshit".

Stan, you gave me rant because you assumed my computer case has lots of blue
LEDs. You can try again or just don't bother.

Nick


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120704211541.GA19850@phobos

Re: firewall

[Brian]

On Wed 04 Jul 2012 at 11:19:06 +0800, lina wrote:

> I don't know which firewall (http://wiki.debian.org/Firewalls) I
> should choose.
> 
> Thanks ahead for recommendation, and it will be very nice if you tell
> me why you recommend this one.

You can either manipulate netfilter directly with iptables or have
something else (like the suggested ufw or gufw) do it for you. using
iptables is not for the faint hearted.

Alternatively, you could detail why you need a firewall. The only reason
you have given up to now is fear. This leads to strange things being
done: for example, your 'iptables -L' output in another post shows
connections to a webserver and sshd being accepted from anywhere, as are
ICMP requests. Nothing wrong with that. But why bother with an iptables
rule if that is what you had in the first place?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120704213108.GA28931@desktop

Re: Upgrading to Wheezy (frozen)

[daniele.g]

Roger Leigh  writes:

> On Tue, Jul 03, 2012 at 10:28:57PM +0200, daniele.g wrote:
>> Camaleón  writes:
>> 
>> > Frozen != released :-)
>> 
>> Yes, you're very right, but, come on, at this point I suppose that it
>> should be defined if, for example, systemd will replace insserv.
>
> It will not.  Sysvinit/sysv-rc/insserv will remain the default;
> systemd/systemd-sysv will be an optional replacement.

Good: one thing less to be changed.
-- 
La maturita' di una persona non si misura dall'eta', ma dal modo in cui
reagisce svegliandosi in pieno centro in mutande.
-- Woody Allen


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/871ukr30hl@father.nostromo.wy

Re: firewall

[Brian]

On Wed 04 Jul 2012 at 12:14:29 -0400, Brad Alexander wrote:

> On Wed, Jul 4, 2012 at 2:15 AM, Ralf Mardorf  
> wrote:
> >
> > To answer drily: Test them and report what firewall does protect you the
> > best against no attacks. Linux for home usage was safe, is safe, will be
> > safe. Yes, it's safe regarding to things I criticize. I don't criticize
> > protection per se, I only worry about t much security for nothing.
> 
> I disagree. Its about defense in depth. Because what happens if you

A commonly used phrase - military in origin, I imagine. One day I must
investigate how a firewall can protect my mail server. Until then I will
just continue to accept connections from anywhere.

> get a piece of bad software that opens a vulnerability? And yes, that

I'd rather you were specific here about the sort of vulnerability in the
service you are thinking about but, talking in general and using Debian,
the fix would become available, you would download it and move on. No
problem, no fuss, no firewall needed.

[Snip]

> So a piece of bad software gets introduced into the repos. It could
> happen...And having a firewall in place (an external firewall would
> have the advantage of not being able to be turned off by said
> malware).

A firewall will not give protection from a software defect in a running
service. Not unless you lock the service down so much it becomes
useless.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120704220425.GB28931@desktop

Re: which layer to configure so Alt-x does Meta-x in bash?

[Clive Standbridge]

> What's the right layer to reconfigure so that Alt functions as Meta in bash
> command line editing?
> 
> Right now, when I try to type Alt-f to execute bash's Meta-f line-editing
> function (Forward Word), bash instead inserts a non-ASCII character (the
> a-e ligature).  That happens in bash in xterm and in ssh sessions, but not
> in bash on a virtual console.
> 
> (What I mean by "right layer" above is the layer that probably would have
> the fewest unwanted side effects.  For example, on an older system, Alt-f
> works as Meta-a in bash, but still inserts the a-e character when typed
> while running a command such as "cat" (that is, just echoing typed input
> to output), so I don't think I want a solution that completely disables
> the non-ASCII character generation.)
> 
> 
> Do I want to be looking in bash?  in inputrc?  in xterm?  somewhere else?

Hi Daniel,

Setting the X resource for xterm will cause Alt-f to send Meta-f, but
it's not exclusive to bash. But an alternative quick and easy way to
enter ligatures and other special characters is to use the compose key.

To make Alt function as Meta, put this line in your
~/.Xresources file:
*metaSendsEscape:True
It will take effect when you next login to X. To apply it immediately,
run
xrdb -merge ~/.Xresources
The metaSendsEscape resource will work for xterm and uxterm, not sure
about any other terminal emulators.

To enable the Compose key, run
dpkg-reconfigure keyboard-configuration
and choose which key you wish to function as Compose (e.g. the Menu key).

To use it, press (don't hold) the Compose key followed by the two keys
which make up the special character. They're mostly intuitive, for
example
Compose a e gives æ
Compose 1 2 gives ½
Compose " o gives ö
Compose o c gives ©
and so on.

I hope this helps.

-- 
Cheers,
Clive


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120704214551.GA3692@rimmer.localdomain

Re: Very slow network with certain APs -- ipv6 problem?

[Paul Zimmerman]

Camaleón  wrote:

> You mean you're still using ipv4 with no ipv6 support from the OS at all?

I am using an up-to-date install of Squeeze. There were several network 

related updates when IPv6 was supposed to be activated. So I presume 

this was an activation for Debian. Since then, certain wireless APs have
not worked properly. It claims to connect and get an IP address, but there
is almost no actual traffic. It can take 5 or 10 minutes to get a simple page
with mostly text and very few graphics. Yet, these same IPs are as fast as 

ever when you connect with a Windows machine. Which leads me to suspect
that Windows automatically detects what the AP is using and adjusts, while
Linux does not.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/1341439765.70192.yahoomail...@web126104.mail.ne1.yahoo.com

Re: firewall

[Brian]

On Wed 04 Jul 2012 at 08:21:10 -0400, Eike Lantzsch wrote:

> OK, I see that this might be flamebait ...
> 
> On Tuesday 03 July 2012 23:19:06 lina wrote:
> > Hi,
> > 
> > I don't know which firewall (http://wiki.debian.org/Firewalls) I should
> > choose.
> > 
> > Thanks ahead for recommendation, and it will be very nice if you tell
> > me why you recommend this one.
> > 
> > Best regards,
> 
> It seems that you want a firewall on the computer which you are working with.
> As regards to closing unnecessary ports or limiting them to localhost, Joe 
> gave good advice already.

The very best way of closing a port is to shut down the service or
remove it from the machine. I cannot think of a single service which
doesn't allow connections to be limited without the use of a firewall.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120704223924.GC28931@desktop

Re: Current SSD setup recommendations for laptop with Debian

[green]

Nick Lidakis wrote at 2012-07-04 16:15 -0500:
> I'm not a tweaker; I need to get work done on my laptop. Also, I need the
> drive to perform reliably for as long as possible. My data is important to me
> and I try to use my computer hardware for as long as possible --not
> subscribing to the idea of disposable consumerism that is prevalent today.

This is precisely why I have purchased a Crucial m4 and researched alignment, 
TRIM, etc.  I would like to see the particular build I am working on last for 
10+ years, as previous systems have, as a production workstation.

With my limited understanding of wear-leveling, TRIM especially seems (to me) 
to be important for long-term reliability (provide the controller with true 
'free space' to work with).  Anyone, feel free to enlighten me.

Unfortunately it is difficult to find current and concise information about 
SSD, TRIM, and alignment.  What I have learned follows.

Use a current kernel: either wheezy or squeeze-backports (≥2.6.33?).  For 
encryption, use at least cryptsetup v1.4.  I do not have information about 
LVM.

Use gdisk (GPT partition table) if possible; it automatically aligns (start 
of) partitions at 1MB ("sector alignment" = 2048).

If you need encryption:
`cryptsetup luksFormat --align-payload=2048 /dev/sda1`

Create ext4 partition with:
`mkfs.ext4 -b -4096 -E stride=128,stripe_width=128 /dev/sda1`

If using encryption, add discard option to `/etc/crypttab`.

Add discard option to `/etc/fstab` *or* set up a fstrim cron job.

Test with `fstrim` in the util-linux package and/or see 
.

If you are doing a new squeeze install, you probably want to set up the 
partitions and filesystems yourself before the install (or using the alt-f2 
console, before the 'partition disks' step), then select 'keep existing data' 
(use the empty filesystem).  If you are doing encryption, perhaps create the 
encrypted partition with the installer, then backup, re-format, and restore 
the encrypted partitions using eg. grml.

Note that this setup has so far only been tested in a virtual machine and is 
waiting for actual implementation.

Hope this helps.


signature.asc
Description: Digital signature

Sid, kernel 3.2.0.3 Removable media not working

[Curt Howland]

Dear Debian User,

I updated three Sid systems this morning, two laptops and a desktop,
stupidly removing kernel 3.2.0.2 from two of them before testing all
functionality. What I'm seeing is that with kernel 3.2.0.2 removable
media like CDs, USB thumb drives, etc, mount just fine, but when
booted into 3.2.0.3 mounts stop.

The devices are recognized, "USB sdg1 vfat" etc messages are all
correct, but automount does not occur, and when I try to mount/view
the device using the xfce icon for removable media, an error pops up,
"Permissions failure".

Is anyone else seeing this problem?

Curt-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cagy8_s2mdntcmcjjunkhubzhn_vogd+bxn-jae4d04xecf2...@mail.gmail.com

how does update-grub choose the root filesystem

[Alan Chandler]

I am trying to figure out how to move my current rootfs to raid1 (its 
just a partition at the moment).


The plan is to make a a raid device, copy the current root fs in to it - 
but I then need to tell grub to set up this up as the root for the boot.


How do I do this?

--
Alan Chandler
http://www.chandlerfamily.org.uk


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/4ff4d03c.1070...@chandlerfamily.org.uk

Re: Random lockups

[Frank McCormick]

On 04/07/12 04:11 PM, Camaleón wrote:

On Wed, 04 Jul 2012 13:46:56 -0400, Frank McCormick wrote:


On 04/07/12 01:12 PM, Camaleón wrote:

On Tue, 03 Jul 2012 13:10:24 -0400, Frank McCormick wrote:


My desktop running Debian Sid just locked up for the 4th or 5th time
recently.





Can you still login from ssh? If so, X is crashing.



Yes, but nothing works





The kernel is fine - I **believe** it's X that is chasing its tail :)



 fbdev **seems** to run fine - except the mouse
cursor disappears at random.


Ugh. But the issue with the screen freeze and the yellow text is not
present with this driver, right?


  Didn't run it long enough to determine that.



Found it too annoying so went back to the Intel driver...and it hasn't
locked up yet today (crossed-fingers).


Maybe an update in the middle? :-?


  Nope...same driver


  I am running an Intel D865GBF board, and Intel on-board video.


That's an old motherboard, right? :-?



Yes, about 5 or 6 years old...but from prowling the net it seems
newer Intel boards aren't much better. I'd still like to hear advice on
the best/easiest video card to run. I ran Nvidia for a while but got
tired of constantly recompiling whenever a new kernel popped up. I'd
like something other than Nvidia.


nVidia would be my personal choice but true is that when using sid the
problem with the driver can be a headache because of the constant kernel
updates (unless you can use module assistant or can be happy with
nouveau, the open source driver).



  Maybe Nvidia is really the only choice...but this time I'll start off 
with Nouveau and see how it runs





Anyway, I wouldn't give up with your current system. If finally is X that
freezes, you can open a bug report or test with a different driver
version (either downgrade from the current one or try to get the lastest
from upstream sources).


  I have a look at upstream bugs.

   Thanks
--

Cheers
Frank



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/4ff4df66.9010...@videotron.ca

Small xorg?

[Patrick Bartek]

Any recommendations for a small, compact version of X (limited features OK) for 
an old Thinkpad 240X -- max RAM 192MB (design limit.  won't take more.  
tried.), 500MHz P3, 800x600 screen--to install Squeeze on?  I'm running Etch 
and XFCE on it currently.  Want to see if I can install a supported version of 
Debian with a small window manager without the bloat of a full size X.

I really like this notebook for travel--what I got it for originally before 
netbooks existed.  Great keyboard--I do a lot of typing.  Don't want to put it 
in a closet to gather dust.  Waste not, want not. ;-)

Patrick

Re: firewall

[Brad Alexander]

On Wed, Jul 4, 2012 at 6:04 PM, Brian  wrote:

> A commonly used phrase - military in origin, I imagine. One day I must
> investigate how a firewall can protect my mail server. Until then I will
> just continue to accept connections from anywhere.

I will give you an example of this. Your mailserver runs, say,
roundcube or some other webmail. You want port 80 (or 443) available
on your local LAN, but not to the internet. A perimeter firewall could
block access from outside your perimeter. Just as an example. Or for
that matter, you could insert imap/imaps, pop3/pop3s, etc.

>> get a piece of bad software that opens a vulnerability? And yes, that
>
> I'd rather you were specific here about the sort of vulnerability in the
> service you are thinking about but, talking in general and using Debian,
> the fix would become available, you would download it and move on. No
> problem, no fuss, no firewall needed.

Using the above example, suppose your mail server had to run sendmail
(I know, a stretch nowadays, but in the not-to-distant past, a
distinct possibility). Sendmail had a tradition of having more holes
than Swiss cheese, and vulnerabilities were fixed almost weekly. When
a new version was uploaded to the repos, I guarantee not all of the
holes had been fixed.

This is the concept of the 0day vulnerability. An unknown, unpublished
vulnerability. A firewall *might* help blunt a possible attack or
block an attack vector.

But it is a game of chances. As I have told people before, "Security
times usability is a constant: The only secure system is one that
is unplugged from the network, powered off, packed in concrete, and
fired into the sun...But at that point, it isn't very usable, is it?"

--b

> [Snip]
>
>> So a piece of bad software gets introduced into the repos. It could
>> happen...And having a firewall in place (an external firewall would
>> have the advantage of not being able to be turned off by said
>> malware).
>
> A firewall will not give protection from a software defect in a running
> service. Not unless you lock the service down so much it becomes
> useless.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/20120704220425.GB28931@desktop
>


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cakmzw+ya3pfon4robbx2jgtdzgm52-_jktngaqzr6lowcaf...@mail.gmail.com

Alternative(s) to VirtualBox

[Carl Fink]

So I have at various times installed VMWare Player, VMWare Server, and
VirtualBox. Host was Debian, guest was Windows, generally but not always XP
Pro.

VB's Guest Additions' video driver doesn't work correctly with Adobe
Premiere Elements. I have filed a bug at Oracle's site, but no action yet
after five weeks.

I tried kvm, but virt-manager reports "Unable to connect to libvirt" even
though libvirtd is running.

If I start kvm from the command line I get:

WARNING: gnome-keyring:: couldn't connect to: 
/home/carlf/.cache/keyring-7jbXBL/pkcs11: No such file or directory
error: failed to get domain '/mnt/data/kvm-images/xp2'
error: An error occurred, but the cause is unknown

So anyone have another suggestion? VMWare doesn't appeal to me--I didn't
like it much when I tried it years ago and it's very, very proprietary. 

Xen seems to be more difficult to set up than the above-mentioned and
Windows support is not complete--although the implication of the Xen docs
is that even without paravirtualization it wouldn't run *slower* than under
VB.

Any kvm experts who can help me debug? Anyone got a brilliant howto or FAQ
to point me to? Should I file a bug against Debian's kvm/qemu? Any advice
much appreciated. I'm currently running Testing on an AMD FX-8120-based
system.

Thanks.
-- 
Carl Fink   nitpick...@nitpicking.com 

Read my blog at blog.nitpicking.com.  Reviews!  Observations!
Stupid mistakes you can correct!


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120705022951.ga13...@panix.com

Re: Current SSD setup recommendations for laptop with Debian

[Henrique de Moraes Holschuh]

On Wed, 04 Jul 2012, Nick Lidakis wrote:
> > Once the OP asked about "alignment" I knew he needed a dose...
> 
> I don't need a "dose", thank you. All my questions are valid and you did

Indeed, you don't need any dose of reality, and your questions are
valid.  Any proper sysadmin knows of alignment, it is indeed important
and not just on SSDs.

Almost all of the relevant tools on Debian Wheezy (including the Wheezy
installer) automatically align partitions to 1MiB boundaries, which takes
care of almost every HDD and SSD block and erase-block alignment
requirements.  USB "pendrives" are a different matter, and almost all of
those really want filesystems with heavy write access patterns that look
like the one for FAT filesystems.

LVM in Wheezy also knows to not botch AF (4KiB) alignment, but it might
not get erase-block alignment right should the erase-block be too large.
On good SSDs, it will not be too large and it will do the right thing
out of the box.

mdadm in Wheezy also does the right thing on most cases.  When in doubt,
metadata format 1.0 preserves the host partition or device alignment, but it
has a severe drawback: on some RAID levels, component devices might looks
like a valid filesystem, so you risk the component device [as opposed to the
md raid device] getting mounted by mistake in some failure scenarios and
rescue-attempt scenarios.

> I'm not a tweaker; I need to get work done on my laptop. Also, I need the
> drive to perform reliably for as long as possible. My data is important to me
> and I try to use my computer hardware for as long as possible --not
> subscribing to the idea of disposable consumerism that is prevalent today.

The choice of SSD will be really important, then.  Get one with a _lot_
of spare area for defect management and background defragmentation, and
with firmware known to be of high quality at cleaning after itself when
left idle.  The type of flash memory will also matter a lot, the
simplest type of MLC will die much sooner than any alternatives (but it
will be a lot cheaper, enough that it might make more sense to replace
the drive sooner than to get one that will last longer).

> TRIM support is included in the latest kernels and
> hdparm utility. Are you telling me that the kernel kernel devs included 
> useless code that I should not bother with?

You will have to test, to see if the combination of your storage stack
and a particular SSD does well at online TRIM.  Batch TRIM sort of
"always works well enough".  Online TRIM requires one to drain the
request queue even if the SSD does it fast, so on a drive with lots of
spare area (or unused area) it is likely to not be the best choice for
performance.

BTW: Some SSD controllers depend on being able to compress data to work
well.  Do not get a drive based on those controllers if you are going to use
any OS-level encryption.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120705031451.ga31...@khazad-dum.debian.net

Re: FAIL: where is snes9x?

[Chris Moeller]

shawn wilson  gmail.com> writes:

> per one of the other replies, it has been dropped on the upstream

It has only been dropped upstream if you believe the project's own
home page, which has not been updated in some time. One must dig into
the project's message board or forum to find posts about more recent
development, as it seems that none of the active developers have
access to the main site. There aren't even any download links on the
official site's download page, one must dig into the same forum to
find those as well, which are all hosted off-site.



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/loom.20120705t051219-...@post.gmane.org

Re: Small xorg?

[Sthu Deus]

Good time of the day, Patrick.


You worte:

> Any recommendations for a small, compact version of X (limited
> features OK) for an old Thinkpad 240X -- max RAM 192MB (design limit.
>  won't take more.  tried.), 500MHz P3, 800x600 screen--to install
> Squeeze on?  I'm running Etch and XFCE on it currently.  Want to see
> if I can install a supported version of Debian with a small window
> manager without the bloat of a full size X.
> 
> I really like this notebook for travel--what I got it for originally
> before netbooks existed.  Great keyboard--I do a lot of typing.
>  Don't want to put it in a closet to gather dust.  Waste not, want
> not. ;-)

You assuredly can! - I used current Debian w/ LXDE on P-I ! w/ same RAM
size as Yours and HDD of 40 GB.


Sthu.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff50ecb.e327700a.1219.2...@mx.google.com

Re: firewall

[lina]

On Thu, Jul 5, 2012 at 5:31 AM, Brian  wrote:
> On Wed 04 Jul 2012 at 11:19:06 +0800, lina wrote:
>
>> I don't know which firewall (http://wiki.debian.org/Firewalls) I
>> should choose.
>>
>> Thanks ahead for recommendation, and it will be very nice if you tell
>> me why you recommend this one.
>
> You can either manipulate netfilter directly with iptables or have
> something else (like the suggested ufw or gufw) do it for you. using
> iptables is not for the faint hearted.
>
> Alternatively, you could detail why you need a firewall. The only reason
> you have given up to now is fear. This leads to strange things being
> done: for example, your 'iptables -L' output in another post shows
> connections to a webserver and sshd being accepted from anywhere, as are
> ICMP requests. Nothing wrong with that. But why bother with an iptables
> rule if that is what you had in the first place?
Indeed, I found actually the system is no much difference than before
under current iptable configuration.
>
>
> --
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
> Archive: http://lists.debian.org/20120704213108.GA28931@desktop
>


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAG9cJm=eaop_vaore8x9cb8v3in2mcqxcmnyhe5shd87jkg...@mail.gmail.com

DVD burning within VirtualBox VM

[T o n g]

Hi,

I think DVD burning would be possible within the VirtualBox VM. Can 
anyone confirm that? 

The host is Win7, and I don't like Windows' DVD burning solution at all. 

Thanks

-- 
Tong (remove underscore(s) to reply)
  http://xpt.sourceforge.net/techdocs/
  http://xpt.sourceforge.net/tools/


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/jt33mq$t3v$2...@dough.gmane.org

Re: Small xorg?

[Javier Vasquez]

On Wed, Jul 4, 2012 at 9:49 PM, Sthu Deus  wrote:
> Good time of the day, Patrick.
>
>
> You worte:
>
>> Any recommendations for a small, compact version of X (limited
>> features OK) for an old Thinkpad 240X -- max RAM 192MB (design limit.
>>  won't take more.  tried.), 500MHz P3, 800x600 screen--to install
>> Squeeze on?  I'm running Etch and XFCE on it currently.  Want to see
>> if I can install a supported version of Debian with a small window
>> manager without the bloat of a full size X.
>>
>> I really like this notebook for travel--what I got it for originally
>> before netbooks existed.  Great keyboard--I do a lot of typing.
>>  Don't want to put it in a closet to gather dust.  Waste not, want
>> not. ;-)
>
> You assuredly can! - I used current Debian w/ LXDE on P-I ! w/ same RAM
> size as Yours and HDD of 40 GB.
>
>
> Sthu.
>


You can go even further, with no DE (desktop environment) at all.
Just plain WM (window manager), such as fluxbox (the one I prefer),
blackbox (the one used by default on LXDE), fvwm2, etc...  Some other
tiling WMs are also available such as xmonad...

-- 
Javier.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/calurrgdajtfuf+troriwykcir1vm_pwz0eczeakuezo1+t-...@mail.gmail.com

Re: DVD burning within VirtualBox VM

[Umarzuki Mochlis]

2012/7/5 T o n g :
> Hi,
>
> I think DVD burning would be possible within the VirtualBox VM. Can
> anyone confirm that?
>
> The host is Win7, and I don't like Windows' DVD burning solution at all.
>
> Thanks
>

it is possible and i had done that because debian detects blank dvd on
my external dvdburner as corrupted


-- 
Regards,

Umarzuki Mochlis
http://debmal.my


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/cahw9mbxf+afrfgu3bjaznreesquwrvzoaq0xnrdsq9kxark...@mail.gmail.com

Re: Small xorg?

[Istimsak]

You can use DSL(damn small linux), debian with no DEs just a simple Wm. The wms 
I prefer are fluxbox and openbox. If you want to use a DE, then use lxde or 
xfce.

Javier Vasquez  wrote:

>On Wed, Jul 4, 2012 at 9:49 PM, Sthu Deus  wrote:
>> Good time of the day, Patrick.
>>
>>
>> You worte:
>>
>>> Any recommendations for a small, compact version of X (limited
>>> features OK) for an old Thinkpad 240X -- max RAM 192MB (design limit.
>>>  won't take more.  tried.), 500MHz P3, 800x600 screen--to install
>>> Squeeze on?  I'm running Etch and XFCE on it currently.  Want to see
>>> if I can install a supported version of Debian with a small window
>>> manager without the bloat of a full size X.
>>>
>>> I really like this notebook for travel--what I got it for originally
>>> before netbooks existed.  Great keyboard--I do a lot of typing.
>>>  Don't want to put it in a closet to gather dust.  Waste not, want
>>> not. ;-)
>>
>> You assuredly can! - I used current Debian w/ LXDE on P-I ! w/ same RAM
>> size as Yours and HDD of 40 GB.
>>
>>
>> Sthu.
>>
>
>
>You can go even further, with no DE (desktop environment) at all.
>Just plain WM (window manager), such as fluxbox (the one I prefer),
>blackbox (the one used by default on LXDE), fvwm2, etc...  Some other
>tiling WMs are also available such as xmonad...
>
>-- 
>Javier.
>
>
>-- 
>To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
>with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
>Archive: 
>http://lists.debian.org/calurrgdajtfuf+troriwykcir1vm_pwz0eczeakuezo1+t-...@mail.gmail.com
>

Re: DVD burning within VirtualBox VM

[Istimsak]

Never tried DVD burning in virtualbox. But worth finding out. Make sure you 
point your DVD drive to the idea storage and start from there. Let us know what 
happens.

T o n g  wrote:

>Hi,
>
>I think DVD burning would be possible within the VirtualBox VM. Can 
>anyone confirm that? 
>
>The host is Win7, and I don't like Windows' DVD burning solution at all. 
>
>Thanks
>
>-- 
>Tong (remove underscore(s) to reply)
>  http://xpt.sourceforge.net/techdocs/
>  http://xpt.sourceforge.net/tools/
>
>
>-- 
>To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
>with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
>Archive: http://lists.debian.org/jt33mq$t3v$2...@dough.gmane.org
>

Re: Current SSD setup recommendations for laptop with Debian

[Stan Hoeppner]

On 7/4/2012 4:15 PM, Nick Lidakis wrote:

> Stan, you gave me rant because you assumed my computer case has lots of blue
> LEDs. You can try again or just don't bother.

I gave you all of the information you need.  Do you feel you are missing
necessary information?

-- 
Stan


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff52e07.6080...@hardwarefreak.com

dotdeb.org?

[Richard Hector]

How reliable/trustworthy is this site?

I want to install packages that aren't in squeeze or squeeze-backports.
(php5-fpm in particular, atm)

Should I be pretty safe with dotdeb?

Thanks,

Richard


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4ff52ed4.7010...@walnut.gen.nz