Re: Package postgresql-9.6 is not configured yet

[Marco DE BOOIJ]

The script stops at: invoke-rc.d postgresql start $VERSION # 
systemd: argument ignored, starts all versions


This is the last step in the configure_version() function. Is this 
really necessary when you use systemctl? Can I comment it safely just to 
finish the configuration?


The server has already started a few times so I am sure that postgresql 
restarts. Here is information on the postgresql service:


root:~# systemctl status postgresql
● postgresql.service - PostgreSQL RDBMS
   Loaded: loaded (/lib/systemd/system/postgresql.service; enabled)
   Active: active (exited) since Fri 2017-08-25 08:08:22 CEST; 2 days ago
 Main PID: 1269 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/postgresql.service

Aug 25 08:08:22 jessie systemd[1]: Started PostgreSQL RDBMS.
root:~#


Op 23-08-17 om 19:13 schreef Greg Wooledge:

On Wed, Aug 23, 2017 at 11:28:14AM -0400, Cindy-Sue Causey wrote:

On 8/23/17, Marco DE BOOIJ  wrote:

root:~# dpkg --configure postgresql-9.6
Setting up postgresql-9.6 (9.6.4-1.pgdg80+1) ...
dpkg: error processing package postgresql-9.6 (--configure):
   subprocess installed post-installation script returned error exit
status 102
Errors were encountered while processing:
   postgresql-9.6

A search attempt on the Net landed me the possibility that I'm thinking of:

dpkg --configure -a

Yes, that's probably the first thing to try.  But if that fails (again),
then the problem appears to be in the postinst script itself, or more
precisely whatever command the postinst script executes.

I don't have a stretch box with postgresql-9.6 installed at the moment,
but looking at a jessie box with -9.4, the postinst is simply this:

=
#!/bin/sh

set -e

VERSION=9.4

if [ "$1" = configure ]; then
 . /usr/share/postgresql-common/maintscripts-functions

 configure_version $VERSION "$2"
fi
=

Following the trail, the configure_version function is defined in
/usr/share/postgresql-common/maintscripts-functions and looks like:

=
configure_version() {
 VERSION="$1"

 # Create a main cluster for given version ($1) if no cluster already exists
 # for that version and we are installing from scratch.
 [ "$VERSION" ] || { echo "Error: configure_version: need version parameter" 
>&2; exit 1; }
 if [ ! -d "/etc/postgresql/$VERSION" ] || [ -z "$(ls 
/etc/postgresql/$VERSION)" ] || \
[ -z "$(ls /etc/postgresql/$VERSION/*/postgresql.conf 2>/dev/null)" ]; 
then
 # skip creating the main cluster when this is not the first install, or
 # when explicitely disabled ($create is 1/0/"")
 create=$(perl -I/usr/share/postgresql-common -mPgCommon -e 'print 
PgCommon::config_bool(PgCommon::get_conf_value 0, 0, "createcluster.conf", 
"create_main_cluster")')
 if [ -z "$2" ] && [ "$create" != "0" ]; then
 set_system_locale
 /usr/bin/pg_createcluster -u postgres $VERSION main ||
 echo "Error: could not create default cluster. Please create 
it manually with

   pg_createcluster $VERSION main --start

or a similar command (see 'man pg_createcluster')." >&2
 fi
 fi

 _link_manpages "$VERSION" postmaster.1.gz "postgresql-$1" 
"postgresql-contrib-$1"

 if [ -x /etc/init.d/postgresql ] && [ ! -x /etc/init.d/postgresql-$VERSION 
]; then
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
 invoke-rc.d postgresql start $VERSION || exit $?
 else
 /etc/init.d/postgresql start $VERSION || exit $?
 fi

 fi
}
=

Of course the stretch version may be different.  Assuming Marco is
even running stretch; he didn't say.

So, to figure out what's breaking, what I would do is put "set -x" at the
start of the configure_version function, and "set +x" at the end of it.
Then try dpkg --configure -a once again.  That should give you a shell
trace of the commands being executed in that function, so you can see
which one breaks.

Assuming Marco's versions of these scripts look basically like jessie's.

I need help to determine package name for a bug report.

[Alexander V. Makartsev]

Hello.

On rare occasion, I have these strange system lockups that seems to be
tied to "ALC88" sound driver\kernel module.
I am unable to determine package name to file a bug report.
All information I have is this syslog from previous boot. Got it with
"journalctl -b -1"
>From what I can tell it could be alsa, or pulseaudio, or kernel, or one
of its modules.
 cut 
авг 25 20:45:59 fortune kernel: alsa-sink-ALC88: Corrupted page table at
address 7f018fe0
авг 25 20:45:59 fortune kernel: PGD 442eb9067
авг 25 20:45:59 fortune kernel: PUD 423196067
авг 25 20:45:59 fortune kernel: PMD 80045fae08e7
 cut 
авг 25 20:45:59 fortune kernel: sched: RT throttling activated
авг 25 20:45:59 fortune kernel: BUG: unable to handle kernel paging
request at fffeffa0005f
авг 25 20:45:59 fortune kernel: IP: [] 0xfffeee19a725
авг 25 20:45:59 fortune kernel: PGD 346a0a067
авг 25 20:45:59 fortune kernel: PUD 0
авг 25 20:45:59 fortune kernel:
авг 25 20:45:59 fortune kernel: Oops:  [#2] SMP
 cut 
авг 25 20:46:33 fortune kernel: kernel BUG at
/build/linux-me40Ry/linux-4.9.30/mm/slab.c:2981!
авг 25 20:46:33 fortune kernel: invalid opcode:  [#3] SMP
 cut 
авг 25 20:46:33 fortune kernel: NMI watchdog: BUG: soft lockup - CPU#2
stuck for 22s! [psensor:1185]

 cut 

Re: I need help to determine package name for a bug report.

[Zoltán Herman]

kernel team
linux-image-

May be a memory error?

2017. aug. 27. 12:13 ezt írta ("Alexander V. Makartsev" ):

Hello.

On rare occasion, I have these strange system lockups that seems to be
tied to "ALC88" sound driver\kernel module.
I am unable to determine package name to file a bug report.
All information I have is this syslog from previous boot. Got it with
"journalctl -b -1"
>From what I can tell it could be alsa, or pulseaudio, or kernel, or one
of its modules.
 cut 
авг 25 20:45:59 fortune kernel: alsa-sink-ALC88: Corrupted page table at
address 7f018fe0
авг 25 20:45:59 fortune kernel: PGD 442eb9067
авг 25 20:45:59 fortune kernel: PUD 423196067
авг 25 20:45:59 fortune kernel: PMD 80045fae08e7
 cut 
авг 25 20:45:59 fortune kernel: sched: RT throttling activated
авг 25 20:45:59 fortune kernel: BUG: unable to handle kernel paging
request at fffeffa0005f
авг 25 20:45:59 fortune kernel: IP: [] 0xfffeee19a725
авг 25 20:45:59 fortune kernel: PGD 346a0a067
авг 25 20:45:59 fortune kernel: PUD 0
авг 25 20:45:59 fortune kernel:
авг 25 20:45:59 fortune kernel: Oops:  [#2] SMP
 cut 
авг 25 20:46:33 fortune kernel: kernel BUG at
/build/linux-me40Ry/linux-4.9.30/mm/slab.c:2981!
авг 25 20:46:33 fortune kernel: invalid opcode:  [#3] SMP
 cut 
авг 25 20:46:33 fortune kernel: NMI watchdog: BUG: soft lockup - CPU#2
stuck for 22s! [psensor:1185]

 cut 

VAT Consultants - Level Financials

[Omar Kamal]

If you are unable to view this email properly Click here





You are receiving this email because you have subscribed to our email 
newsletters services or are registered with one of our Partner or affiliate 
sites.

If you no longer to wish to receive emails please Click Here

Re: How to Keep Track of Changes to the System

[hdv@gmail]

On 2017-08-26 05:14, ray wrote:
> I would like to find a way to keep track of changes I make to my system.  It
> seem that I may learn from others on how they keep track of changes they make
> to their systems.
> 
> When I make changes, I don't remember where I made changes or why.
> 
> It would be great to have a log of what changes I've made, where they were
> made, how they were made (direct edit, scripted, etc.), why I made them,
> references that I used to determine the change, and what was the outcome.
> 
> Right now, I get lost in my documentation.  I research solutions, make notes
> in Onenote on a Windows machine, record configurations files that I will
> test.  But It is difficult to record results such as syslogs or console
> transactions.  More challenging is that I have different notebook tabs for
> different objectives.  So when I want to see what I changed, I have to go
> through many different objectives because I don't know what object I was
> shooting for when I made the change.
> 
> I would really like to hear how others track their changes or suggestions how
> I may tack changes.
> 
> I store all the changes on a different computer because I screw up the
> installation on my machine under test and rebuild the OS.  The laptop I am
> building to run Xen is on its 28th build.
> 
> I would appreciate any suggestions.
> 
> Ray
> 

Hi Ray,

I just returned from a short holiday, so I am a bit late to the party, but... if
you don't want to set up a full versioning system I might have something else
for you. About 10 years ago I had the same need as you. What I did was write a
perl-script that automatically makes a timestamped backup of each file you edit
to a directory you define yourself (in that directory the full path of the
original is preserved). You use it like visudo, you just call it like this:

vicf 

All the rest happens automagically.

Of course this will only help for plain-text files and it doesn't provide for
the annotations you mentioned. But if you are interested I
can mail it to you.

Grx HdV

P.S. Here's the output of the help so you can decide if this is what you need:

vicf --help

Usage:
vicf [options] 

List of options:

[-h|--help|-?] [--manual] [-V|--version] [-r|--root ]
[-d|--datetime ] [-n|--sequencenr ]
[-a|--append_sequencenr] [-p|--permissions] [-o|--owner] [-g|--group]
[-t|--times] [-b|--backup] [-x|--x_editor]

Options:
--help
Print a brief help message.

--manual
Print the full manual.

--version
Print version and copyright information.

--root
The directory under which a dated copy of the original file should
be stored.

--datetime
A format string suitable for strftime(). Together with the local
time this parameter will used as input for strftime(). The result
will be appended to the name of the target file. See man 3 strftime
for more details.

--sequencenr
A format string suitable for sprintf(). This will be used to
generate a sequence number, which will be append to the filename if
the target file already exists.

--append_sequencenr
Append a sequence number to the filename, even if it does not exist.
Used to start sequences at 1 instead of 2.

--permissions
Preserve the access permissions of the original file.

--owner
Preserve the owner of the original file.

--group
Preserve the group of the original file.

--times
Preserve the access and modification times of the original file.

--backup
Instruct the editor to make a backup of the original file. This is a
convenience option that has nothing to do with the dated copy of the
original file.

--x_editor
Start the editor in graphical mode instead of console mode.

At the top of the code there is a section named 'User-definable
defaults' where defaults appropriate for the current environment can be
set. Doing so alleviates the need to specify options on every invocation
of the program.

Arguments:
This program accepts only one argument, which is the path to the file to
be edited.

Re: One-line password generator

[Brian]

On Sat 26 Aug 2017 at 20:07:34 +0100, Brian wrote:

> On Sat 26 Aug 2017 at 20:37:01 +0200, Nicolas George wrote:
> 
> > Le nonidi 9 fructidor, an CCXXV, Brian a écrit :
> > >  echo 'secretpassword' |
> > 
> > echo 'secretpassword site-name'
> > 
> > >  sha256sum - | base64
> > 
> > Very bad: since sha256sum outputs its result in hexadecimal, it only has
> > half the entropy it seems to have. The same thing with Perl's
> > Digest::b64digest would be much better.
> 
> Thanks. That is the sort of analysis I was after, (Although I will have
> to work out why hexadecimal matters).
> 
> May I impose and ask how Digest::b64digest would be used in a command
> line string of commands?

The libdigest-sha-perl package appears to be what I want. I've avoided
any serious contact with Perl for many, many years.

-- 
Brian.

Re: One-line password generator

[Brian]

On Sat 26 Aug 2017 at 21:14:35 -0500, Mario Castelán Castro wrote:

> On 26/08/17 13:25, Brian wrote:
> > How does this
> > 
> >  echo 'secretpassword' | sha256sum - | base64 | cut -c -30 | head -1
> > 
> > compare with your recommendation?
> 
> I do not see the point in this post-processing.
> 
> It seems that you have a very wrong impression of what makes a password
> generation scheme be a good password generation scheme.

I'd be prepared to accept lacking :). But that's inevitable when dealing
with the innards of an unfamiliar topic. I'm getting better, though.

> For any probability distribution fixed in advanced, the *expected* (in
> the sense used in probability theory) entropy of a password generated
> with my scheme is well defined and at least 132 bits (I wanted 128 bits,
> but using Base64 the choice is between 132 bits and 126 bits because 132
> is not a multiple of 6). In other words, if you take a probability
> distribution and keep if fixed while generating a big amount of
> passwords with my scheme, the average entropy under that probability
> distribution will be at least (within sampling error) 132 bits.
> 
> This property is achieved *because* there is a source of randomness
> (that we can assume, has uniform distribution and thus maximal entropy
> per byte) in my generation scheme, not because of Base64. Base64 is
> there just to turn the random bytes into a *short* human-readable
> string. One could turn the random bytes instead into a list of words (as
> long as the mapping is one-to-one) and the same property about expected
> entropy would hold, but then the password would be *much* longer.
> 
> Length is the *only* reason to use Base64 here instead of using the
> random bytes to choose words at random.
> 
> By contrast, your “scheme” has no systematic source of randomness. It
> requires that one has already decided for a “randompassword”, and then
> post-process it. If the attacker knows the post-processing, guessing
> this password is at least as easy than guessing the input to the
> post-processing step (plus computing the hash and encoding, but this is
> negligible). Moreover, your post-processing stage loses information, as
> another user has already noted. If the attacker knows your
> post-processing method, he can speed the search by avoid trying the
> passwords that could not be possibly generated with your method because
> of this loss of information.
> 
> For example, your method will never generate a string of '...'
> because the input to Base64 are hex digits in ASCII, which never have
> the byte value 0 (0 is unprintable).
> 
> If the attacker does not know the post-processing stage, then maybe he
> will eventually begin to guess that your password is an human-generated
> password ran through a post-processing stage. Then very possibly your
> post-processing adds security (because the attacker has to guess the
> post-processing method too), but how much? *It is not well defined*. We
> already talked about non-well-defined probabilities, so I will not
> repeat that fragment.

Thank you for the detailed explanation. I had already come to some of
the conclusions in your account but it is good to have them firmly and
succinctly laid out.

-- 
Brian.

Re: One-line password generator

[Brian]

On Sat 26 Aug 2017 at 21:15:37 +0200, Thomas Schmitt wrote:

> Hi,
> 
> Brian wrote:
> > echo 'secretpassword' | sha256sum - | base64 | cut -c -30 | head -1
> 
> The quality criterion is the ease or difficulty to guess the 'secretpassword'
> by a skilled enumerator and the fact whether your attacker knows the rest
> of your processing pipeline.
> 
> If your secretpassword itself is enumerated late, then the attacker needs
> a lot of tries.
> 
> If you keep the further processing secret, then the attacker will have to
> try several hash algorithms with each enumerated input string. Quite hard
> to guess would be if you replace sha256sum by an encryption program with
> a key which you successfully keep secret.

Increasing difficulty in this way looks good to me. Thanks. I would most
certainly hope I could keep the key secret.

> If you stay with sha512sum:
> The combination of sha256sum and base64 inflates the string length before
> it gets cut to 30 characters length. So you actually throw away good bits
> which would elsewise fit into the 30 characters.
> It would be better to convert sha512sum output from hex to binary before
> applying base64 to make it printable. This brings a maximum of sha256sum
> bits into the 30 character result.

Ok, I think I've got the idea here. xxd looks a useful utility for the
conversion.

-- 
Brian.

Re: How to Keep Track of Changes to the System

[rhkramer]

On Friday, August 25, 2017 11:14:52 PM ray wrote:
> I would like to find a way to keep track of changes I make to my system. 
> It seem that I may learn from others on how they keep track of changes
> they make to their systems.
> 
> When I make changes, I don't remember where I made changes or why.
> 
> It would be great to have a log of what changes I've made, where they were
> made, how they were made (direct edit, scripted, etc.), why I made them,
> references that I used to determine the change, and what was the outcome.
> 
> Right now, I get lost in my documentation.  I research solutions, make
> notes in Onenote on a Windows machine, record configurations files that I
> will test.  But It is difficult to record results such as syslogs or
> console transactions.  More challenging is that I have different notebook
> tabs for different objectives.  So when I want to see what I changed, I
> have to go through many different objectives because I don't know what
> object I was shooting for when I made the change.
> 
> I would really like to hear how others track their changes or suggestions
> how I may tack changes.
> 
> I store all the changes on a different computer because I screw up the
> installation on my machine under test and rebuild the OS.  The laptop I am
> building to run Xen is on its 28th build.
> 
> I would appreciate any suggestions.

In general, I have similar problems, and, I don't have a good general solution 
or suggestion at this time, but I do have one suggestion to address one 
specific part of the problem.

I would suggest that you create a separate partition on the "subject" computer 
(the one on which you rebuild the OS when you have a (significant) problem with 
the OS.  Then:
   * mount that partition each (or almost each) time you rebuild the OS 
   * never reformat or delete that partition
   * when you mount the partition, create a mounting point outside the FHS 
hierarchy (i.e., not in /home)--I typically create several such partitions 
(for different reasons) using my initials or similar, for instance, I have 
rhk01, rhk02, ..., back01, back02 and such
   * keep the change log (whatever form it takes on such a partition--with 
luck they will always be available, and, it is easier to c&p to a file on the 
computer in question rather than "transcribe" stuff to a different computer.

Of course, a similar result could be obtained by mounting a partion on some 
other computer over the network (using, for example, NFS or Samba), or using 
SSL to write notes on the subject computer but store them on a "safer" 
computer.

Of course, in any case, the files on that separate partition should be backed 
up regulalrly, just in case (and, particularly, just before you start an OS 
rebuild).



With respect to an actual general change log (as opposed to where to keep it), 
I keep my notes in some specially formatted files for which I've created some 
"programming" (e.g., macros, and similar)  to create something that I call (at 
various times): my askSam workalike, my offline wiki-like thing, and some other 
similar names that I don't recall at the moment.  (Oh, I also consider it a 
"mashup" as it (each iteration) uses a variety of programs to provide all the 
features I want to have (for example, recoll for full text indexed search).

I've gone through several iterations, each using an editor with special macros 
to make things more convenient, but I don't currently have any features that 
do anything like monitor all of the files in /etc (and/or /var/log or similar 
locations) and record any changes, the date, and prompt me to enter a reason 
for the change.

That would be nice!

(Previous iterations have been based on nedit as the editor, then kate as the 
editor (with a different feature set, partially based on the capabilties of the 
editor), and have also included a full text indexed search system (using 
recoll).  My current focus (which I've been "working on" sporadically over the 
last 12 years or so, will be based on scintilla, which because scintilla is 
used as the editing "widgit" for quite a few editors, would open the door to 
letting me choose from a variety of editors.  (And then, maybe (not something 
I really considered before today), might include something like monitoring 
/home, etc. for changes (as mentioned somewhere above) (using things like--
well, I can't remember the name, but there are tools that monitor files for 
changes, and scintilla-based editors have a pretty powerful scripting language 
in Lua.

Re: Re: I need help to determine package name for a bug report.

[Alexander V. Makartsev]

Package: linux-image-4.9.0-3-amd64
Version: 4.9.30-2+deb9u3
Maintainer: Debian Kernel Team 

I've already checked memory with memtest86+ and found no errors. My
hardware pretty recent (Skylake i5 CPU and H170 Chipset based mobo)
Also these errors always begin with "kernel: alsa-sink-ALC88: Corrupted
page table at address", so I doubt it is hardware problem.

On 27.08.2017 15:35, Zoltán Herman wrote:
> kernel team
> linux-image-
>
> May be a memory error?
>

Re: One-line password generator

[Thomas Schmitt]

Hi,

i wrote:
> > Quite hard
> > to guess would be if you replace sha256sum by an encryption program with
> > a key which you successfully keep secret.

Brian wrote:
> Increasing difficulty in this way looks good to me. Thanks. I would most
> certainly hope I could keep the key secret.

Now you would have a human memorizable password in your mind and a strong
encryption key which you hopefully can keep secret on a storage device.
(The key is not strong if you can memorize it in your wetware.)

The password known to the remote service would be generated by the script
which combines the secrets from your brain and the storage device to one
that is supposed to be very hard to crack.

You would best avoid to store this remote password permanently on your
computer. I.e. let the machine forget it as early as possible. Just in case
you get unfriendly visitors.

If your encryption key gets stolen, then your brain stored password will
still impose some obstacle, which could give you some time to react.
If you notice the breach, that is, and if your password is already quite
hard to guess.

Each password should have its own encryption key, so that one stolen and
cracked password does not weaken the encryption of other passwords.


If your password is not that strong, then you are probably better off with
Mario Castelán Castro's approach modified by use of /dev/random instead of
/dev/urandom.
  https://lists.debian.org/debian-user/2017/08/msg01260.html

  head -c 16 /dev/random | base64 | head -c 22

Reading 16 bytes of good random yields up to 128 bit of secret information.
Making it printable by base64 does not change the information content.
Cutting off the last two characters of the base 64 result does not reduce
the secret, because any run of

  head -c 16 some_file | base64

yields "==" at these positions. It's a consequence of base64 converting
groups of 3 bytes to groups of 4 bytes. See
  https://en.wikipedia.org/wiki/Base64#Output_padding

This password would have to be stored entirely on a storage device because
it is not human memorizable.


> > If you stay with sha512sum: [Duh ... that should have been 256]
> > ...
> > It would be better to convert sha512sum output from hex to binary before
> > applying base64 to make it printable.

> Ok, I think I've got the idea here. xxd looks a useful utility for the
> conversion.

I had no success with looking for such a thing.

But be aware that the combination of a human memorizable password and
an easy to guess hashing algorithm is much weaker than the two methods
mentioned above.
There is few chance that your brain can hide a secret from a bunch of
high end processors, if they have a final goal to which they can compare
the results of their tries.

That final goal would be the stolen list of usernames and password hashes
and the stolen info how the hashes get generated by the service from your
remote password.

-

This all is theory. In practice, you can fall victim to small loopholes
in the way you use or store the highly armored passwords.

For real security concerns, consider to look for a password management
system from people who have experience with real attacks.


Have a nice day :)

Thomas

Resign me from your lists

[Paul Farou]

I am receiving unwanted mail from you please get me off these lists!

Paul FAROU

Re: Wow, ik verwacht nooit tegen een man te zeggen dat ik hem leuk vindt op het eerste gezicht. Elli

[Willy Geerts]

Gelieve mijn emailadres te verwijderen. Geen interesse
> Op 27 aug. 2017, om 17:47 heeft Elli Zhayo  het 
> volgende geschreven:
> 
> Je hebt dit verandert in me. 
> 
> http://bit.ly/2wS4TDA  

Re: One-line password generator

[Mario Castelán Castro]

On 27/08/17 08:55, Brian wrote:
> Thank you for the detailed explanation. I had already come to some of
> the conclusions in your account but it is good to have them firmly and
> succinctly laid out.

You are welcome.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: security issues

[Mike McClain]

On Sat, Aug 26, 2017 at 04:35:21PM -0400, Gene Heskett wrote:
>
> I have had the ultimate revenge on those who were enemies at one time,
> I've outlived the turkeys without doing anything to hasten their
> demise. ;-)
>

I thought that was worthy of being a tagline.
Hope you don't mind.
Mike
--
You can't say that civilization don't advance,
  for in every war they kill you in a new way.
- Will Rogers

Re: How to Keep Track of Changes to the System

[Mario Castelán Castro]

On 26/08/17 16:10, Joe wrote:
>> Thank you for the list of solutions.  It is interesting that SVN can
>> be used with etckeeper.  It looks like I should learn git.  I have
>> used SVN for other things, but I am easily pulled from my comfort
>> zone for value.  
> 
> Git is very widely used, and on important projects, so it is being
> vigorously maintained. It's probably the right choice for new projects.
New project should use Mercurial. Existing project should switch to
Mercurial.

Although Git can do anything that can be needed (and so can Mercurial),
the difference is that Git has an horrendously designed interface and
the concepts it is based on are many times irrational.

For example, consider the “git reset” command. This one deserves an
award for the most irrationally designed command in all of GNU/Linux.

If you want to change what commit the current branch points to, you must
use “git reset”, and you must memorize the meanings of “--soft”,
“--mixed”, “--hard” and “--keep”. If you do it wrong (e.g.: “keep”
instead of “--mixed”, you lose data).

But surprisingly, git reset does not always change what commit the
current branch points to. Sometimes it just moves files from a commit to
the index (“staging area”). (“git reset  -- .”).

So “git reset” does 4 things with little relation: Sometimes it moves
what commit the current branch points to and *maybe* changes the working
directory and staging area. Sometimes it just de-stages your staged
changes (“git reset”). Sometimes it cancels a failed merge. Sometimes it
copies files from an older commit to the staging area. These tasks are
group into a single command for no logical reason.

Now, this is no problem *after* you have learned how to use Git. You may
even think that well, it ought to be difficult to learn how to use it,
but that is incorrect. It is difficult only because the interface and
the concepts behind it are irrationally designed.

By contrast, Mercurial interface is very clean. Every command always
does one simple thing. This does not mean that it is less powerful.
Although in a previous time (years ago) when one could not do powerful
history modification as in Git, that era is now history.

Imagine how many man-hours are wasted learning how to use Git, which
would otherwise be used to do actual programming.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Ask the isosceles triangle people. This is the TRIANGLE-user mailing list

[Mario Castelán Castro]

On 26/08/17 13:06, david...@freevolt.org wrote:
> On Sat, 26 Aug 2017, Mario Castelán Castro wrote:
>> Whatever you find in Tails, is there because of a Tails developer
>> put it there.
> 
> I am perpelexed by this last statement, since the uri in the error
> message reported by the Tails user[1]

..which a Tails developer has there, like I said.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: How to Keep Track of Changes to the System

[Mario Castelán Castro]

On 25/08/17 22:14, ray wrote:
> I would like to find a way to keep track of changes I make to my system.  It 
> seem that I may learn from others on how they keep track of changes they make 
> to their systems.

I have a plain-text file of notes, which I keep under Mercurial version
control. I make a note here whenever I make any big change.

For manually installed packages, I install them under a directory in
“~/local/stow”. For example “~/local/stow/emacs”. Since there is a
one-to-one correspondence between packages and directories under the
“stow” directory, obtaining a list of what packages I have installed is
as easy as “ls ~/local/stow”.

The search path for executables is “~/local/bin”. I use GNU Stow to
automatically make symbolic links from here to the corresponding
directory under “~/local/stow”.

I can recommend GNU Stow to have better control over *manually*
installed packages. A common problem is that ones does “make install”
and then when one wants to delete the package, one does not know what
files one should delete, and ones does not realize if something is being
overwritten. GNU Stow solves that.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

leaving the hibernate state

[Pierre Frenkiel]

hi,
I installed pm-hibernate on my laptop, and it seemed to work,
i.e. I got a black screen 10 to 15 seconds after issuing the 
pm-hibernate command, but I was unable to wake-up the laptop.

Looking on Internet I found tons of documentation about suspend and
hibernate, but amazingly, not a single line about the way to leave these 
states. 
Of course, I tried almost all the keyboard keys, without success, and 
all I could do was to  hold down the power button, which gave the normal

startup, with a "recovering journal".
My laptop is a Lenovo ideapad 110, running Stretch
Should I configure something to use pm-hibernate?
I have in syslog lines like:

Hibernation image not present or could not be loaded.

but I didn't find how to  fix that.(adding resume=/dev/disk/by-uuid/...
in /etc/default/grub changed nothing)

best regards,
--
Pierre Frenkiel

Re: One-line password generator

[Curt]

On 2017-08-27, Thomas Schmitt  wrote:
>
>
> If your password is not that strong, then you are probably better off with
> Mario Castelán Castro's approach modified by use of /dev/random instead of
> /dev/urandom.
>   https://lists.debian.org/debian-user/2017/08/msg01260.html
>
>   head -c 16 /dev/random | base64 | head -c 22
>

So this is wrong:

https://www.2uo.de/myths-about-urandom/

(Not a rhetorical question).

-- 
"The purpose of art is to lay bare the questions that have been hidden by the 
answers."
— James Baldwin

Re: One-line password generator

[Brian]

On Sun 27 Aug 2017 at 17:08:16 +0200, Thomas Schmitt wrote:

> Hi,
> 
> i wrote:
> > > Quite hard
> > > to guess would be if you replace sha256sum by an encryption program with
> > > a key which you successfully keep secret.
> 
> Brian wrote:
> > Increasing difficulty in this way looks good to me. Thanks. I would most
> > certainly hope I could keep the key secret.
> 
> Now you would have a human memorizable password in your mind and a strong
> encryption key which you hopefully can keep secret on a storage device.
> (The key is not strong if you can memorize it in your wetware.)
> 
> The password known to the remote service would be generated by the script
> which combines the secrets from your brain and the storage device to one
> that is supposed to be very hard to crack.
> 
> You would best avoid to store this remote password permanently on your
> computer. I.e. let the machine forget it as early as possible. Just in case
> you get unfriendly visitors.
> 
> If your encryption key gets stolen, then your brain stored password will
> still impose some obstacle, which could give you some time to react.
> If you notice the breach, that is, and if your password is already quite
> hard to guess.
> 
> Each password should have its own encryption key, so that one stolen and
> cracked password does not weaken the encryption of other passwords.

Nothing significant to argue with here.
 
> If your password is not that strong, then you are probably better off with
> Mario Castelán Castro's approach modified by use of /dev/random instead of
> /dev/urandom.
>   https://lists.debian.org/debian-user/2017/08/msg01260.html
> 
>   head -c 16 /dev/random | base64 | head -c 22
> 
> Reading 16 bytes of good random yields up to 128 bit of secret information.

/dev/random versus /dev/urandom appears to be one of those Holy Wars
topics. I'll stay as a bystander.

> Making it printable by base64 does not change the information content.
> Cutting off the last two characters of the base 64 result does not reduce
> the secret, because any run of
> 
>   head -c 16 some_file | base64
> 
> yields "==" at these positions. It's a consequence of base64 converting
> groups of 3 bytes to groups of 4 bytes. See
>   https://en.wikipedia.org/wiki/Base64#Output_padding

Ah! That's the origin of the 3/4 I've seen in entropy calculations.
 
> This password would have to be stored entirely on a storage device because
> it is not human memorizable.

Yep.
 
> > > If you stay with sha512sum: [Duh ... that should have been 256]

Thanks for the correction.

> > > ...
> > > It would be better to convert sha512sum output from hex to binary before
> > > applying base64 to make it printable.
> 
> > Ok, I think I've got the idea here. xxd looks a useful utility for the
> > conversion.
> 
> I had no success with looking for such a thing.

It is in stretch, buster and sid.

> But be aware that the combination of a human memorizable password and
> an easy to guess hashing algorithm is much weaker than the two methods
> mentioned above.
> There is few chance that your brain can hide a secret from a bunch of
> high end processors, if they have a final goal to which they can compare
> the results of their tries.
> 
> That final goal would be the stolen list of usernames and password hashes
> and the stolen info how the hashes get generated by the service from your
> remote password.
> 
> -
> 
> This all is theory. In practice, you can fall victim to small loopholes
> in the way you use or store the highly armored passwords.
> 
> For real security concerns, consider to look for a password management
> system from people who have experience with real attacks.

I am trying to avoid password management schemes (wallets etc). Also, I
am still firm in my view that passwords for online logins can be very
safe and memorable. It is the leaking of databases and offline cracking
which has my attention now (but I am not losing any sleep over it).

To some extent, I'm with David Wright

 https://lists.debian.org/debian-user/2017/08/msg01417.html

I do not have to run faster than the bear, just faster than anyone else.

-- 
Brian.

coucou on pourait ce voir bisous

[deleuil . raymond]

‌

Re: Resign me from your lists

[Mario Castelán Castro]

On 27/08/17 10:56, Paul Farou wrote:
> I am receiving unwanted mail from you please get me off these lists!

Then why did you subscribe to this mailing list in the first place? Are
you stupid?

To unsubscribe, send an e-mail to debian-user-requ...@lists.debian.org
with subject “unsubscribe”.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Wow, I’d never expect to say to a guy I like him from the 1st sight. Cindy

[David Skinner]

STOP WRITING ME

On Aug 27, 2017 2:20 PM, "Cindy Maulaboksh" 
wrote:

> You have changed this assurance in me.
>
> http://bitly.com/2vty9N7
>

Re: Wow, I’d never expect to say to a guy I like him from the 1st sight. Elsie

[David Skinner]

STOP WRITING ME

On Aug 27, 2017 2:23 PM, "Elsie Leangsiripraseart" <1sof...@orange.fr>
wrote:

> You have changed this assurance in me.
>
> http://bitly.com/2wT6lFA
>

Re: Unable to change mouse acceleration and threshold in Stretch

[Илья Валеев]

21.08.2017 01:00, Mario Castelán Castro wrote:
> On 2017-08-21 00:26 +0500 Илья Валеев  wrote:
>> It seems to work, thank you!
>>
>> Is there any way to configure it via GUI or another way without restart?
>> The way described in Arch Wiki does not do anything.
>> If not, will it be added in future Debian (or DE?) releases?
> 
> Hello.
> 
> I do not know what is the context of this message, so apologies if my
> reply is out of place.
> 
> I use LXDE and I can adjust the acceleration and speed through the program
> accessible in LXDE menu. It is called “mouse and keyboard preferences“ or
> something like that. However, even setting the speed at minimum, it is
> still too high. What I have done is to use this command:
> 
> “xinput --set-prop
> "Logitech USB Optical Mouse" "Coordinate Transformation Matrix" 0.28 0 0 0
> 0.28 0 0 0 1”
> 
> Replace 0.28 by your preferred multiplier (1 = no change; 1.123 = 12.3%
> increase, et cetera) This ought to work regardless of desktop environment.
> In lightdm, you can put this in “$HOME/.xsessionrc“ to run it
> automatically at each log-in.
> 

Seems like bug is unique for me, but your method works.
Solved.
Thanks!

Re: Resign me from your lists

[Reco]

On Sun, 27 Aug 2017 11:17:09 -0500
Mario Castelán Castro  wrote:

> On 27/08/17 10:56, Paul Farou wrote:
> > I am receiving unwanted mail from you please get me off these lists!
> 
> Then why did you subscribe to this mailing list in the first place?

He did not (e-mail headers show that clearly). He's probably yet another
victim of this month spam attack which fakes From header to be
'debian-user@lists.debian.org'.


> Are you stupid?

To paraphrase your signature, do not insult technically illiterate,
respect them as you respect people.

Reco

Re: One-line password generator

[Thomas Schmitt]

Hi,

Curt wrote:
> So this is wrong:
> https://www.2uo.de/myths-about-urandom/

Dunno. I took my info from the man page.

This article is, at least at its beginnings, very affirmative and fewly
equipped with supporting facts. Mainly "Believe Me !".
The author is a proselyte of urandom, as he confesses openly.

Of course, if you are lucky, urandom gives you 8 bit entropy per byte read.
But as all diagrams in the article say: Entropy can be lower and urandom will
still hand out the bytes. The whole article is about why this shall not
be of concern.
Why is the potentially missing stuff considered to be entropy then ?

Verifying the statements about the way how random and urandom correspond
in the Linux kernel would last a few weeks. Why was it changed so often ?
Further i'd need to wrap my head around the topic whether this really yields
the properties claimed by the author.


Compared to that, what is the penalty if i do not join the urandom church ?
I might be doomed to wait a few seconds before my password is generated.
Maybe a mass generator of random numbers, which relies on /dev/random against
the advise of the man page, will have to wait too. Serves him right.

If i get bored, i can speed it up by doing things on mouse and keyboard.
But it's not necessary for me. I just read 5 times 16 bytes. No waiting,
no lightning strike from heaven.

Am i stupid to go any risk and reject the offer of the kernel to test my
random bytes before i get them ?
Just because people with undisclosed interests tell me ?
The term for this is "social engineering".


Have a nice day :)

Thomas

Re: One-line password generator

[Thomas Schmitt]

Hi,

Brian wrote:
> I do not have to run faster than the bear, just faster than anyone else.

According to the article about the successful cracking, it is not so much
about how fast you are. The bear will not stop when it is done with eating
those behind you.

It is rather about not to walk the paths which all the tasty others walk.
The first found meal tells the bear that there is more food in the same
direction.


Have a nice day :)

Thomas

Re: Resign me from your lists

[Curt]

On 2017-08-27, Reco  wrote:
> On Sun, 27 Aug 2017 11:17:09 -0500
> Mario Castelán Castro  wrote:
>
>> On 27/08/17 10:56, Paul Farou wrote:
>> > I am receiving unwanted mail from you please get me off these lists!
>> 
>> Then why did you subscribe to this mailing list in the first place?
>
> He did not (e-mail headers show that clearly). He's probably yet another
> victim of this month spam attack which fakes From header to be
> 'debian-user@lists.debian.org'.
>
>
>> Are you stupid?
>
> To paraphrase your signature, do not insult technically illiterate,
> respect them as you respect people.

Don't eat people. They're animals too.

What she lacks in generosity she makes up in vegetables; but it takes
all kinds, I guess.

> Reco
>
>


-- 
"The purpose of art is to lay bare the questions that have been hidden by the 
answers."
— James Baldwin

Re: Debian v9 it's a stretch

[Liam O'Toole]

On 2017-08-27, Mario Castelán Castro  wrote:
> On 26/08/17 20:36, Liam O'Toole wrote:
>> On 2017-08-25, Borden Rhodes  wrote:
>>> I encourage everyone to check out "How to Irritate People salesmen" on=
>
>>> your favourite community video streaming site. That's how I've found
>>> FOSS support: "Best software in the world. No problems at all. But if
>>> you find a problem, file a bug and we'll fix it." "Well I have filed a=
>
>>> bug, and you haven't fixed it." "Nope, no problems with this software
>>> at all..."
>>=20
>> And you have never encountered that attitude with proprietary software
>> vendors? Ever?
>>=20
>> The difference with FLOSS is that you can fix any problems yourself. Or=
>
>> persuade or pay someone else to do it for you. The choice is yours.
>
> There are plenty of sites where asking stupid question about free
> software programs is the norm, and you are not allowed to admonish users
> for not knowing what they must already know (very often it has a section
> in the manual about it). The most popular one is probably stackexchange.
>
> For example, I mean questions like: =E2=80=9CI am the manager of a nuclea=
> r power
> plant. The engineers are telling me that we are having a loss of coolant
> and core meltdown, what does that mean? Is it dangerous?=E2=80=9D
>
> If you want to go spoonfeed, then go to one of those sites.

Thanks for the suggestion. I hope you won't be offended as I blithely
ignore it.

-- 

Liam

[no subject]

[teddy sangnier]

Veuillez supprimer mes donné personnelle de votre liste afin de ne plus être 
importuner par vos mails envahissant.
Merci de faire le nécessaire au plus vite.
Cordialement

Re: Re: I need help to determine package name for a bug report.

[Zoltán Herman]

I would try to exchange the memories by swapping...

2017-08-27 16:36 GMT+02:00 Alexander V. Makartsev :

> Package: linux-image-4.9.0-3-amd64
> Version: 4.9.30-2+deb9u3
> Maintainer: Debian Kernel Team 
>
> I've already checked memory with memtest86+ and found no errors. My
> hardware pretty recent (Skylake i5 CPU and H170 Chipset based mobo)
> Also these errors always begin with "kernel: alsa-sink-ALC88: Corrupted
> page table at address", so I doubt it is hardware problem.
>
> On 27.08.2017 15:35, Zoltán Herman wrote:
> > kernel team
> > linux-image-
> >
> > May be a memory error?
> >
>
>

Re: Re: I need help to determine package name for a bug report.

[Fungi4All]

> From: zoltan...@gmail.com
> To: Debian User 
>
> I would try to exchange the memories by swapping...
>
> 2017-08-27 16:36 GMT+02:00 Alexander V. Makartsev :
>
>> Package: linux-image-4.9.0-3-amd64
>> Version: 4.9.30-2+deb9u3
>> Maintainer: Debian Kernel Team 
>>
>> I've already checked memory with memtest86+ and found no errors. My
>> hardware pretty recent (Skylake i5 CPU and H170 Chipset based mobo)
>> Also these errors always begin with "kernel: alsa-sink-ALC88: Corrupted
>> page table at address", so I doubt it is hardware problem.
>>
>> On [27.08.2017 15](tel:27.08.2017%2015):35, Zoltán Herman wrote:
>>> kernel team
>>> linux-image-
>>>
>>> May be a memory error?
>>>

Do sound cards have memory chips on them?  How can we tell?  If they do
could this be a source of the above problem that memtest doesn't test?

Re: Re: I need help to determine package name for a bug report.

[Zoltán Herman]

No, but since every one works in memory, one of its segments may be
defective.
Memtest writes and reads ... but not concurrent.

2017-08-27 23:16 GMT+02:00 Fungi4All :

>
> From: zoltan...@gmail.com
> To: Debian User 
>
> I would try to exchange the memories by swapping...
>
> 2017-08-27 16:36 GMT+02:00 Alexander V. Makartsev :
>
>> Package: linux-image-4.9.0-3-amd64
>> Version: 4.9.30-2+deb9u3
>> Maintainer: Debian Kernel Team 
>>
>> I've already checked memory with memtest86+ and found no errors. My
>> hardware pretty recent (Skylake i5 CPU and H170 Chipset based mobo)
>> Also these errors always begin with "kernel: alsa-sink-ALC88: Corrupted
>> page table at address", so I doubt it is hardware problem.
>>
>> On 27.08.2017 15:35, Zoltán Herman wrote:
>> > kernel team
>> > linux-image-
>> >
>> > May be a memory error?
>> >
>>
>
> Do sound cards have memory chips on them?  How can we tell?  If they do
> could this be a source of the above problem that memtest doesn't test?
>
>

Re: One-line password generator

[Andy Smith]

Hello,

On Sun, Aug 27, 2017 at 09:05:41PM +0200, Thomas Schmitt wrote:
> Curt wrote:
> > So this is wrong:
> > https://www.2uo.de/myths-about-urandom/
> 
> Dunno. I took my info from the man page.

The article at 2uo.de is correct. The relevant Linux man pages were
recently updated to clarify that once seeded, /dev/urandom is
sufficient for any use and that /dev/random is a legacy interface
for callers that may require it during early boot before the pool is
initialised. The non-legacy interface for such callers is proper use
of getrandom() which will block until the pool is initialised.

https://bugzilla.kernel.org/show_bug.cgi?id=71211

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Resign me from your lists

[Mario Castelán Castro]

On 27/08/17 14:03, Reco wrote:
> On Sun, 27 Aug 2017 11:17:09 -0500
> Mario Castelán Castro  wrote:
>> Then why did you subscribe to this mailing list in the first place?
> 
> He did not (e-mail headers show that clearly). He's probably yet another
> victim of this month spam attack which fakes From header to be
> 'debian-user@lists.debian.org'.

I have to admit that I do not know what specific header you are talking
about.

I was not aware that this mailing list was used in “From:” spoofing.

>> Are you stupid?
> 
> To paraphrase your signature, do not insult technically illiterate,
> respect them as you respect people.

Fair enough.

I assumed originally that this was a person who subscribed then realized
he did not want to be subscribed and decided to complain to the list
about that.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Re: Resign me from your lists

[Gene Heskett]

On Sunday 27 August 2017 11:56:58 Paul Farou wrote:

> I am receiving unwanted mail from you please get me off these lists!
>
> Paul FAROU

If you look at the headers of this message, it will contain 
a "List-Unsubscribe" url, which if fed to your browser, will take you to 
the list unsubscribe page. Follow its instructions, including replying 
to the 'are you sure' email that will generate.

All done.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: security issues

[Gene Heskett]

On Sunday 27 August 2017 12:22:30 Mike McClain wrote:

> On Sat, Aug 26, 2017 at 04:35:21PM -0400, Gene Heskett wrote:
> > I have had the ultimate revenge on those who were enemies at one
> > time, I've outlived the turkeys without doing anything to hasten
> > their demise. ;-)
>
> I thought that was worthy of being a tagline.
> Hope you don't mind.
> Mike

Help yourself Mike. But I am far from the first to say that in print. :)
> --
> You can't say that civilization don't advance,
>   for in every war they kill you in a new way.
> - Will Rogers


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Unable to change mouse acceleration and threshold in Stretch

[Mario Castelán Castro]

On 27/08/17 13:57, Илья Валеев wrote:
> 21.08.2017 01:00, Mario Castelán Castro wrote:
>> I use LXDE and I can adjust the acceleration and speed through the program
>> accessible in LXDE menu. It is called “mouse and keyboard preferences“ or
>> something like that. However, even setting the speed at minimum, it is
>> still too high. What I have done is to use this command:
>>
>> “xinput --set-prop
>> "Logitech USB Optical Mouse" "Coordinate Transformation Matrix" 0.28 0 0 0
>> 0.28 0 0 0 1”
>>
>> Replace 0.28 by your preferred multiplier (1 = no change; 1.123 = 12.3%
>> increase, et cetera) This ought to work regardless of desktop environment.
>> In lightdm, you can put this in “$HOME/.xsessionrc“ to run it
>> automatically at each log-in.
>>
> 
> Seems like bug is unique for me, but your method works.
> Solved.

It does not seem to be a bug. As mentioned in a previous message
 what
happens is that in Debian 9, mouse acceleration parameters are handled
by libinput by default (I think that one can disable libinput by
replacing the package “xserver-xorg-input-libinput” with
“xserver-xorg-input-evdev”, but I beware that I have *NOT* tried it)

Apparently, libinput uses its own parameters and ignores the parameters
that “xset” alters.

> Thanks!

Пожалуйста.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan



signature.asc
Description: OpenPGP digital signature

Wie ben jij

[Steven Spenen]

Steven Soenen

Re: Resign me from your lists

[Ben Finney]

Mario Castelán Castro  writes:

> I assumed originally that this was a person who subscribed then
> realized he did not want to be subscribed and decided to complain to
> the list about that.

Even on that assumption, there is no call to insult the person. No-one
is born knowing how to operate a mailing list subscription, please allow
people to learn without implying they are inferior.

-- 
 \ “I went over to the neighbor's and asked to borrow a cup of |
  `\   salt. ‘What are you making?’ ‘A salt lick.’” —Steven Wright |
_o__)  |
Ben Finney

Re: Resign me from your lists

[rhkramer]

On Sunday, August 27, 2017 07:15:23 PM Ben Finney wrote:
> Mario Castelán Castro  writes:
> > I assumed originally that this was a person who subscribed then
> > realized he did not want to be subscribed and decided to complain to
> > the list about that.
> 
> Even on that assumption, there is no call to insult the person. No-one
> is born knowing how to operate a mailing list subscription, please allow
> people to learn without implying they are inferior.

+1, thank you!

lp printing doesn't work

[Gary Roach]

Hi all

Debian Stretch
KDE Desktop
HP Officejet Pro 8600 printer
Wireless connection

For some reason, my lp print command doesn't work. My lpoptions file in 
/etc/cups/lpoptions is:



Default Officejet_Pro_8600_N911a media=DRAFT  page-bottom=54 page-left=54 
page-right=54 page-top=54



If I run lpoptions on the command line I get:

  copies=1 device-uri=socket://192.168.1.5:9100 finishings=3 
fitplot=true job-cancel-after=10800 job-hold-until=no-hold 
job-priority=50 job-sheets=none,none marker-change-time=0 media=DRAFT 
number-up=1 page-bottom=54 page-left=54 page-right=54 page-top=54 
printer-commands=AutoConfigure,Clean,PrintSelfTestPage printer-info='HP 
Officejet Pro 8600' printer-is-accepting-jobs=true 
printer-is-shared=false printer-location='Local Printer' 
printer-make-and-model='HP Officejet Pro 8600, hpcups 3.16.11' 
printer-state=3 printer-state-change-time=1503877259 
printer-state-reasons=none printer-type=10522652 
printer-uri-supported=ipp://localhost/printers/Officejet_Pro_8600_N911a


A you can see, my printer is specifically called out. But if I run lp 
 I get:


lp: Error - no default destination available.

I've tried to reinstall cups_client but that didn't help.

I have an almost identical system that is setup the same way and is not 
having the problem.


Anyone have an idea what's causing this.

Gary R.

Re: Ask the isosceles triangle people. This is the TRIANGLE-user mailing list

[davidson]

On Sun, 27 Aug 2017, Mario Castelán Castro wrote:


On 26/08/17 13:06, david...@freevolt.org wrote:

On Sat, 26 Aug 2017, Mario Castelán Castro wrote:

Whatever you find in Tails, is there because of a Tails developer
put it there.


I am perpelexed by this last statement, since the uri in the error
message reported by the Tails user[1]


..which a Tails developer has there, like I said.


LOL!

All right, my friend. That is indeed a conceivable interpretation of
what you said.

Thank you for bikeshedding with me. Hopefully we can do it again
sometime.

--

@InternetHippo 22 Jul 2017 |

Life before the internet was awful. Your friend would be wrong about a
trivial issue during dinner and you just had to let it go

%% twitter.com/InternetHippo/status/888750986252226560

XFCE wm deadlocks on (other) console logout

[Zenaan Harkness]

I consistently get a deadlock of the XFCE window manager, immediately
after I logout of say Linux console 2, when e.g. XFCE is running on
console 1.

Procedure to replicate:

1. login to console 1

2. start xfce

3. switch to console 2 (e.g. CTRL+ALT+F2)

4. loging to console 2

5. logout of console 2 (e.g. CTRL+D)


Notably, when I'm on console 2, either logged in or not, I can safely
use ALT+Left to go to console 1 and appears my XFCE desktop.

Similarly using Ctrl+Alt+F1

So I'm guessing some sort of unhandled race condition, but I'm at a
loss as to how to debug this.

Create virtual ethernet devices on Debian 9 stretch ?

[Zenaan Harkness]

Riffing on the recent thread, here's the one I thought that was, and
wanted it to be. Alas, twas not so, and thus the inordinately
difficult and challanging task of creating a new thread is weighty
upon my shoulders.  So this is it :)


Have done quite a bit of research over the last couple months,
there's a -lot- of tech, plenty of it "fairly new" too.

Some years back, I ran openvpn to connect a few computers "securely"
(for wild "I hope this works as I cross my fingers" values of
"securely").  I have some vague recollection of creating tap and tun
devices.


"Right now" my aim is to run virt-manager or qemu, with kvm
underneath, with a host-only virtual network to which I shall connect
two virtual machines, and the host machine, and run some nfs or samba
thing to share folders between all 3.


My requisite is to have a sense of full control over my virtual
networking - this means setup and tear down primarily via
/etc/network/interfaces unless some other mechanism were more highly
recommended
- this means not relying on say the virt-manager gui

However, I'd also like to learn how to use the virt-manager gui to
create a single "host-only virtual network" instance for a virtual
machine (or two :)


The reason I want to learn how to do this virtual host-only network
with virt-manager gui, is so I can teach others, most of whom are
really only comfortable with a gui.

The reason I must learn how to do this virtual host-only network via
/e/n/i is for skills transfer - so that when I must manage a remote
host or VM in the future, I can readily do what I need to do via an
SSH cmd line (i.e. text only) interface.



Here are the examples/ snippets I've gleaned in the last few months:

## temporary ssh vpn:
iface tun0 inet static
   pre-up sleep 3
   address 10.3.3.1
   netmask 255.255.255.255
   pointopoint 10.3.3.3
   #up arp -sD 10.3.3.3 eth0 pub # perhaps just do NAT, eg, on
   server:
   up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
   up echo "1" /proc/sys/net/ipv4/ip_forward
   down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
   down echo "0" /proc/sys/net/ipv4/ip_forward
# alternative routing:
   #up ip route add 10.3.3.0/24 dev tun0 # this happens
   automatically
   up ip route add 10.1.1.0/24 dev tun0
   up ip route add 10.1.2.0/24 dev tun0
   down ip route del 10.1.1.0/24
   down ip route del 10.1.2.0/24


# Simple case; man bridge-utils-interfaces(5)
# Bridge interface to make VMs bridge to specific networks
auto br0
iface br0 inet dhcp
   bridge-ports eth0
   bridge-ports ve0
   bridge-ports all # WARNING, bridges all ethernet interfaces!


# Not so simple; virtual switch with host as gateway
# See http://debian-handbook.info/browse/stable/sect.virtualization.html
# Virtual interface
auto tap0
iface tap0 inet manual
  vde2-switch -t tap0


# Bridge for containers
auto br0
iface br0 inet static
  bridge-ports tap0
  address 10.0.0.1
  netmask 255.255.255.0


# See http://wiki.debian.org/QEMU#Host_and_guests_on_same_network
auto br0
iface br0 inet dhcp
   pre-up ip tuntap add dev tap0 mode tap user 
   pre-up ip link set tap0 up
   bridge_ports all tap0
   bridge_stp off
   bridge_maxwait 0
   bridge_fd  0
   post-down ip link set tap0 down
   post-down ip tuntap del dev tap0 mode tap


# qemu/kvm host only or private/ internal network:
#  - it's a form of "bridge" network - apt-get install bridge-utils
#  - ho0 is the (random) name chosen for this bridge device,
#e.g. "hostonly0" might be a better memory jog
#  - 10.13.13.1 is the (random) host address for this network
auto ho0
iface ho0 inet static
   address 10.13.13.1
   netmask 255.255.255.0
   pre-up  brctl addbr ho0
   post-down   brctl delbr ho0



See also attached snippets file, with links and my initial notes
regarding differences of different virt networking systems.

AIUI I don't need any exotic networking to try to extract the last
few cycles of CPU performance, just functional, flexible, cmd-line/
text config style virtual networking to link a few virtual machines,
with an eye to remote admin of a host and/ or a few VMs.

Given so many options, and so many variations, I feel completely lost
at this point in time :(

Any suggestions as to which pathway/ program etc would be a
reasonably balanced pathway to follow, would be greatly appreciated.

TIA,
Zenaan

see:
   http://baturin.org/docs/iproute2/ -- ip cheat sheet
   e.g.: "Link is another name for network interface" (in ip command, e.g. ip 
link add ...)

see:
   http://doger.io/ - comparison of virtual eth options !!!

   https://en.wikibooks.org/wiki/QEMU/Networking
   
http://linux-blog.anracom.com/2016/02/02/fun-with-veth-devices-linux-virtual-bridges-kvm-vmware-attach-the-host-and-connect-bridges-via-veth/
   google openvswitch vde comparison

   
https://unix.stackexchange.com/questions/272850/how-to-determine-the-logical-type-of-a-linux-network-device
   http://virt.kernelnewbies.org/
   http://blog.bofh.it/debian/id_379 - ip program doe

Re: How does one create virtual ethernet devices with modern tools on Debian 8 (jessie)?

[Zenaan Harkness]

On Fri, Aug 25, 2017 at 05:45:17PM +0200, Sven Hartge wrote:
> Tom Browder  wrote:
> > On Fri, Aug 25, 2017 at 09:26 Sven Hartge  wrote:
> >> Tom Browder  wrote:

> >> > So how does one do the same thing with "modern" tools?
> >>
> >> I don't understand the question. Do you mean "systemd-networkd"?
> 
> > I'm indirectly referencing a long-running thread on this list about
> > using ifconfig versus "modern" tools for viewing the current
> > interfaces setup.
> 
> When using /e/n/interfaces and ifupdown you don't really come in contact
> with "ip" or "ifconfig" directly.
> 
> > And just how does one restart the new interfaces with systemctl?
> 
> You don't. Commands like "service networking restart" have been
> deprecated and partially non-functioning since at least Wheezy, because
> of the internal limit of ifupdown itself.

So to do text-config based networking, what's
"The Recommended Way (TM)(R)(C)"?

Re: Wow, I’d never expect to say to a guy I like him from the 1st sight. Nancy

[rama]

fuck off black prick




From: Nancy Kingofvirgo To: 
"debian-user@lists.debian.org" Sent: Monday, 
August 28, 2017, 2:18:42 AM GMT+8Subject: Wow, I’d never expect to say to a guy 
I like him from the 1st sight. Nancy
You have changed this assurance in me. 
   
   
  http://bitly.com/2wTl9E8  
 
  

Re: How does one create virtual ethernet devices with modern tools on Debian 8 (jessie)?

[Jonathan de Boyne Pollard]

Tom Browder:


   # added alias IPv4s:
   up   ip addr add 142.54.186.3/29 dev $IFACE label $IFACE:0
   down ip addr del 142.54.186.3/29 dev $IFACE label $IFACE:0


Ironically, the "modern tools" aspect is the thing that you are in fact 
aiming to eliminate here. |/etc/network/interfaces| is best treated as 
an entirely descriptive mechanism, with as little imperative stuff in it 
as can be arranged.  Here, you are getting rid of the imperative 
explicit invocations of the |ip| command, the "modern tool" as you 
mention, and replacing them with the descriptive "stanzas" that 
|/etc/network/interfaces| /already has/ as a mechanism for 
non-imperatively describing multiple IPv4/IPv6 addresses on a single 
|eth0| interface.


|ifup| and |ifdown| are best thought of as translators, as their manual 
page implies.  They take what is in |/etc/network/interfaces| and 
translate it into the necessary sequences of imperative commands for 
actually doing the job, which they run under the covers. Those 
underlying commands can include |bootpc|, |avahi-autoipd|, 
|settle-dad.sh|, |pon|, |poff|, |wvdial|, |dhclient|, |dhclient3|, 
|pump|, |udhcpc|, |dhcpd|, |kill|, |ip|, and (sic!) |ifconfig|, all 
invoked with various parameters calculated from the 
|/etc/network/interfaces| description.


They aren't the only translators for that file.  For example, here's 
what happens when one runs your proposed non-imperative 
|/etc/network/interfaces| (with the typing errors mentioned elsewhere 
cleaned up) through mine, which translates from that description 
 into 
(roughly) the |rc.conf| configuration format for FreeBSD/TrueOS 
:



JdeBP % sudo redo -C /etc/system-control/convert/ rc.conf
Password:
redo: INFO: rc.conf: Redone.
JdeBP % sed -ne '/etc.network.interfaces/,/sysrc:/p' 
/etc/system-control/convert/rc.conf
# Converted from /etc/network/interfaces:
network_interfaces="lo eth0 "
ifconfig_lo="AUTO inet  127.0.0.1 "
ifconfig_eth0="AUTO inet  142.54.186.2 netmask 255.255.255.248 gateway 142.54.186.1 
"
ifconfig_eth0_ipv6="inet6  2604:4300:a:95::2 netmask ::::: "
ifconfig_eth0_aliases="inet 142.54.186.3
inet 142.54.186.4
inet 142.54.186.5
inet 142.54.186.6
inet6 2604:4300:a:95::3
inet6 2604:4300:a:95::4
inet6 2604:4300:a:95::5
inet6 2604:4300:a:95::6"
# dump by sysrc:
JdeBP %

Re: Resign me from your lists

[Reco]

Hi.

On Sun, 27 Aug 2017 15:02:30 -0500
Mario Castelán Castro  wrote:

> On 27/08/17 14:03, Reco wrote:
> > On Sun, 27 Aug 2017 11:17:09 -0500
> > Mario Castelán Castro  wrote:
> >> Then why did you subscribe to this mailing list in the first place?
> > 
> > He did not (e-mail headers show that clearly). He's probably yet another
> > victim of this month spam attack which fakes From header to be
> > 'debian-user@lists.debian.org'.
> 
> I have to admit that I do not know what specific header you are talking
> about.
> 
> I was not aware that this mailing list was used in “From:” spoofing.

X-Spam-Status contains LDOSUBSCRIBER for you, me, and everyone that's
on the list. Like this:

X-Spam-Status: No, score=-16.2 required=4.0
tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,DKIM_VERIFIED,FREEMAIL_FROM,LDOSUBSCRIBER,LDO_WHITELIST…

OP's e-mail has this:

X-Spam-Status: No, score=-0.9 required=4.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,DKIM_VERIFIED,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW
autolearn=no

Reco

obsolete wiki (was: no /etc/inittab)

[Jonathan de Boyne Pollard]

Felix Miata:

The problem with software documentation wikis is the people in best 
position to know what they should contain have no incentive to do the 
update work. To write useful docs requires knowledge what should be in 
them. That knowledge is mostly possessed by those writing and changing 
code, those who /caused/ the need to update docs.



Brian:


Knowledge is confined to those who know what they are doing? They are 
the ones in charge? It is not for us ordinary mortals to spread or 
interpret it? Some politians and priests are with you. Disseminating 
knowledge is only for the few.


That is a straw man, and very clearly (to at least this reader) not what 
M. Miata wrote at all.

obsolete wiki (no /etc/inittab)

[Jonathan de Boyne Pollard]

Greg Wooledge:


Gene's copy/paste was crude, but his point was essentially valid:



No, it was not. I remind you of xyr point which was:


Gene Heskett:


So if you call it widely publicized it fails that definition AFAIAC.



That I pointed to 9 different copies, including copies on Debian's own 
manual pages WWW site for Debian Wheezy as well as in prominent 
locations for such information (including linux.die.net, man7.org, and 
Stack Exchange), out of the many more copies on the WWW of this 
information, should be ample demonstration that this is *indeed* widely 
publicized.  It has been so widely publicized that it has even managed 
to filter through into books, years since.  Christopher Negus's _Linux 
Bible_ points it out, for example, and that was published back in 2015.


Subsequent backpedalling on this claim of not being widely publicized 
has been to the effect that the wide dissemination of this information 
did not reach Gene Heskett, which is really not a criterion for being 
widely publicized, and that somehow, the manual pages that I pointed to 
were not "Wheezy approved", when clearly they are right there on 
Debian's own manual pages WWW site for Debian 7 (the string "wheezy" 
even being in the two URLs given).


The simple truth is that the several independent groups of people who 
all made these particular changes *did* document them and publicize 
them.  Sadly, there are things far more deserving of the "They didn't 
tell anyone about this!" accusation; the desuetude of /etc/inittab, 
which we've been warned about for over ten years, is not however one of 
them.