Stretch: Greeter powers down and locks monitors

[Roger Price]

Hi, I'm running stretch with Xfce.  Gnome is also installed.  The login 
greeter appears correctly, and allows login, but if I leave the "greeter" 
screen too long, then something intervenes and puts the two monitors into 
a sleep mode (iiyama E1700S orange light).  I cannot find any key 
combination which wakes up gdm3.


Command « inxi -GS » reports:

 System:Host: maria Kernel: 4.9.0-4-amd64 x86_64 (64 bit) Desktop:
Xfce 4.12.3 Distro: Debian GNU/Linux 9 (stretch)
 Graphics:  Card: NVIDIA G72 [GeForce 7300 LE]
Display Server: X.Org 1.19.2 driver: N/A   (nouveau)
Resolution: 1280x1024@60.02hz, 1280x1024@60.02hz
GLX Renderer: Gallium 0.4 on NV46 GLX Version: 2.1 Mesa 13.0.6

Command « xrandr » reports

 Screen 0: minimum 320 x 200, current 2560 x 1024, maximum 4096 x 4096
 VGA-1 connected primary 1280x1024+0+0 (normal left inverted right x axis
   y axis) 338mm x 270mm
   1280x1024 60.02*+  75.02
 DVI-I-1 connected 1280x1024+1280+0 (normal left inverted right x axis y
   axis) 338mm x 270mm
   1280x1024 60.02*+  75.02

xscreensaver 5.36-1 and light-locker 1.7.0-3 are both present but not 
running.


Command « ps -elf | grep gdm3 » reports

 4 S root   746 1  0  80   0 - 73899 SyS_po 11:36 ?00:00:00 
/usr/sbin/gdm3
 4 S Debian-+   777   756  0  80   0 - 47229 SyS_po 11:36 tty1 00:00:00
 /usr/lib/gdm3/gdm-wayland-session gnome-session 
--autostart
 /usr/share/gdm/greeter/autostart

Is there some way of either inhibiting the screensaver action or 
recovering the greeter screen?  My current workaround when this happens is 
to log in via ssh and then as root run command « systemctl restart 
gdm3.service ».


Roger

Re: LUKS password gets printed as stars

[Curt]

On 2017-12-20,   wrote:
>
> On Tue, Dec 19, 2017 at 02:07:34PM -0800, Don Armstrong wrote:
>> On Wed, 20 Dec 2017, root kea wrote:
>> > I want *default* password agent to be consistent with traditional *Nix
>> > password handling. And that is echoing NOTHING at all.
>> 
>> You can just recompile systemd-ask-password and set ASK_PASSWORD_SILENT
>> true. This probably should be a command-line option, though. I suspect
>> that a bug report with a patch will be well received.
>
> This was what we were missing, thanks Dan.
>
> [...]
>
>> The default is this way because it's less surprising to users who aren't
>> used to this style of password prompt. I personally prefer the other way
>> around, but that's because I already know what is going on and can
>> change it if I care.
>
> Yes, the good ol' click-to-focus culture war, I know ;-P


I wonder if the suppression of the echoed asterisks on the screen
obviates the scenario of the malevolent bystander counting the number of
characters in the OP's password. 

Perhaps his keystrokes make no noise because he has made some provision
to suppress the telltale auditory signals emitted by his keyboard, but
I'm assuming our malevolent bystander (with his back, cleverly, to the
OP's terminal) has his smartphone recording clicks.

But then again in the end the OP invokes "tradition," so all bets are
effectively off. I suppose he could argue that at least one attack
vector has been eliminated once he stops seeing stars, although the
real-world utility of knowing the length of a high-entropy password
requires demonstration.

> Thanks for the insight!
>
> Cheers
> - -- t
>
>


-- 
"An autobiography is only to be trusted when it reveals something disgraceful.
A man who gives a good account of himself is probably lying, since any life
when viewed from the inside is simply a series of defeats."
— George Orwell

Re: LUKS password gets printed as stars

[root kea]

On Wed, Dec 20, 2017 at 3:18 AM, Jonathan Dowland  wrote:
> On Wed, Dec 20, 2017 at 12:15:36AM +0530, root kea wrote:

>> And I just filed a bug report [0]. if anybody interested they can
>> follow the discussion there.
>>
>> [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884788
>
>
> In this case I think you would have much more luck in at least getting
> a discussion of the various merits of each approach, if not a change of
> behaviour, by posting to the systemd-devel mailing list[1]

Thanks for the suggestion! I just posted about "`systemd-ask-password`
echoing stars(*) by default" on systemd-devel ML. [0]

I genuinely hope that they change this default behavior.

[0] 
https://lists.freedesktop.org/archives/systemd-devel/2017-December/040023.html
-- 
Avinash Sonawane (rootKea)
PICT, Pune
https://rootkea.wordpress.com

Re: please help! debian won't boot

[Ionel Mugurel Ciobîcă]

On 13-12-2017, at 23h 02'29", Jason Brenkus wrote about "Re: please help! 
debian won't boot"
> By cursor what I mean is a flashing underscore line. I tried reinstalling
> grub2 using super grub. At first I didn't think anything happened, but now
> I'm getting more then a blinking cursor.  The screen now says #floppy0: no
> floppy controllers found
> # r8169 :03:00.0 eth0: link up
> # Ipv6: ADDCONF(NETDEV_CHANGE): eth0: link becomes ready.
> 
> I tried to record the script that show before this screen and it looks like
> there is a lot loading, but I saw one place in the script that had a red
> FAILED and it looks like it says #failed to start load kernel modules
> It would probably be easier to reinstall, but I'm trying to learn linux.
> Any more suggestions?
> 

Not more that what already was discussed. It looks like your Debian
boots fine. Try to access a console with Ctrl-Alt-Fn, where n=2-6, or
with Shift-Fn, if Ctrl-Alt-Fn doesn't work. Then login at the console
and check the logs.

If you have another computer you can try to ping or even ssh into this
Debian box. You can check your router and try to identify from the
dhcp clients list which one can be your Debian box.

If you have no other computers and you can't get into any console, try
to boot with a live disk, mount the harddrive and check the logs for
clues on what went wrong.

My best guess at the moment is that your kdm/gdm/xdm and X11 cannot
start due to a faulty xorg.conf file. All those messages that
disappeared are still there. You can get back to it with Ctrl-Alt-F1
or Shift-F1.


Ionel

Re: Debian, FF & NavyFed

[Jack Dangler]

On 12/19/2017 03:31 PM, Tom Dial wrote:


On 12/19/2017 06:06 AM, Greg Wooledge wrote:

On Mon, Dec 18, 2017 at 06:10:28PM -0800, Mike McClain wrote:

I signed up with Navy Federal Credit Union online banking last week.
I can login, I get the banner in color , it says getting your info.

Which browser?


...


...


Oh, you're one of those people who hides details in the Subject.  "FF"
meaning Firefox?  Upstream Firefox Quantum?  One of the firefox-esr
packages in Debian?  Iceweasel?  Which release of Debian?  Which Firefox
family package version?  What does it say in "About Firefox"?


As soon they come back with and display my balance all the text turnes
to grey and a twiddler pops up and it stays like that forever.
 NFCU's tech support will not admit to knowing who's waiting for
what just we don't support Linux.

Well-known and frequent response type from customer support staff
operating based on a script. I've been a Navy Federal customer for
around 40 years and found their customer support for banking operations
to be quite good. I've used their online banking application since it
became available, along with their online bill paying when it became
available.

Sounds like either an advertisement or some kind of applet.

They have applets for iPhone and Android, but not for PCs.

 Suggestions on how to fix this or how to approach it are most
welcome.

1) Try Google Chrome.
1a) Try Chromium.
1b) Try upstream Firefox Quantum if you're using a package; try the
 packaged firefox-esr if you're using upstream.

Their web application has worked for numerous versions of Google Chrome,
Chromium, and Firefox, on Debian Linux, for years. I have used it,
today, with the following:

Chromium: Version 63.0.3239.84 (Developer Build) built on Debian 9.3,
running on Debian 9.3 (64-bit) [chromium 63.0.3239.84-1~deb9u1]

Firefox: 52.5.2 (64 bit) [firefox-esr 52.5.2esr-1~deb9u1]

2) Try installing Java (with Firefox applet support).\

This may be necessary.

2a) Try installing Flash (with Firefox plugin support).

As far as I know, I do not have flash available; neither browser has any
hints of it.

3) Try disabling any ad blocker type things you're using.

Adblock Plus is not a problem nor, I suspect, is absence of an ad
blocker (3b).

3b) Try adding an ad blocker type thing.

4) Try borrowing a Microsoft Windows machine.

This is unnecessary.

5) Try a different bank.

NFCU, by the last report I saw, is the largest credit union. In the
world. It probably did not happen because of sloppiness in either
operations or customer support.

The general rule of thumb in Internet life: the more important a web site
is, the more atrociously, horribly, indefensibly BAD it is.  Governments,
banks, hospitals -- all use the WORST possible web technology you've
never even heard of.  Always.  Every fucking time.

Count on it to work only in one specific (deprecated) version of MSIE
on one specific (past end of life) release of Windows.  When the stars
align correctly.

In my experience, this is not the case for navyfederal.org.
A careful look at exactly what the firewall mentioned in the initial
post might reveal something, especially as the presenting symptom
appears to be a hang, maybe waiting for something blocked.

Regards,
Tom Dial



Check's in the mail, Tom. :)

Re: LUKS password gets printed as stars

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Dec 20, 2017 at 10:54:25AM +, Curt wrote:
> On 2017-12-20,   wrote:
> >
> > On Tue, Dec 19, 2017 at 02:07:34PM -0800, Don Armstrong wrote:
> >> On Wed, 20 Dec 2017, root kea wrote:
> >> > I want *default* password agent to be consistent with traditional *Nix
> >> > password handling. And that is echoing NOTHING at all.

[...]

> > Yes, the good ol' click-to-focus culture war, I know ;-P
> 
> 
> I wonder if the suppression of the echoed asterisks on the screen
> obviates the scenario of the malevolent bystander counting the number of
> characters in the OP's password. 
> 
> Perhaps his keystrokes make no noise because he has made some provision
> to suppress the telltale auditory signals emitted by his keyboard, but
> I'm assuming our malevolent bystander (with his back, cleverly, to the
> OP's terminal) has his smartphone recording clicks.
> 
> But then again in the end the OP invokes "tradition," so all bets are
> effectively off. I suppose he could argue that at least one attack
> vector has been eliminated once he stops seeing stars, although the
> real-world utility of knowing the length of a high-entropy password
> requires demonstration.

I think the most important thing here is "give the user the possibility
to use the software as (s)he pleases" vs. "we know better than you: suck
it up". Granted, I'm biased here.

"Just tradition" is perhaps another way to frame this conflict, may
be with the other bias :-)

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlo6S1MACgkQBcgs9XrR2kZhsACdHF+ZfxdHs8R7mw4CxfKjI3Ix
BdMAn12NgHJdEysOR1hGX16Kyd8v/YI9
=v6+R
-END PGP SIGNATURE-

Re: Debian networking - accessing public-side servers from a private network

[Phil Reynolds]

On Tue, 19 Dec 2017 18:22:47 +
Phil Reynolds  wrote:
> If I set up Zoiper to use the FQDN of the Asterisk box, it connects
> just fine when I am not at home. However, when I am at home, it still
> uses the public IP address (192.0.2.51) of the Asterisk box, which,
> because it can see the phone directly, then responds using its own
> private address (192.168.0.4) - this causes Zoiper to fail to
> register. (it is clear from a tcpdump that this is happening)
> 
> At no point does the router get involved in the communication between
> the phone and the Asterisk box. To do so might make things easier, or
> could just add an unnecessary layer of complexity.
> 
> The answer to the problem could lie in several places:
> 
> - If I could persuade the Asterisk box to respond on its public
> address rather than its private one, that would probably work.

... and, by adding two bindaddrs to the iax.conf, I have made this
happen. It no longer listens on 192.168.0.4, and my Android phone now
registers with it even when I'm at home, with no fiddling with anything
else.

Obviously, if I ever did need IAX on the local IPv4, I would have to
reopen this, so by no means do I consider this a permanent solution.
However, at present I can work with it. If some other solution (other
than the pinnacle, IPv6-enabled Zoiper) can be found, that would be
even better.

-- 
Phil Reynolds
mail: phil-deb...@tinsleyviaduct.com
Web: http://phil.tinsleyviaduct.com/

Re: Debian networking - accessing public-side servers from a private network

[Tom Furie]

On Wed, Dec 20, 2017 at 12:25:24PM +, Phil Reynolds wrote:
> On Tue, 19 Dec 2017 18:22:47 +
> Phil Reynolds  wrote:
> > If I set up Zoiper to use the FQDN of the Asterisk box, it connects
> > just fine when I am not at home. However, when I am at home, it still
> > uses the public IP address (192.0.2.51) of the Asterisk box, which,
> > because it can see the phone directly, then responds using its own
> > private address (192.168.0.4) - this causes Zoiper to fail to
> > register. (it is clear from a tcpdump that this is happening)
> > 
> > At no point does the router get involved in the communication between
> > the phone and the Asterisk box. To do so might make things easier, or
> > could just add an unnecessary layer of complexity.
> > 
> > The answer to the problem could lie in several places:
> > 
> > - If I could persuade the Asterisk box to respond on its public
> > address rather than its private one, that would probably work.
> 
> ... and, by adding two bindaddrs to the iax.conf, I have made this
> happen. It no longer listens on 192.168.0.4, and my Android phone now
> registers with it even when I'm at home, with no fiddling with anything
> else.
> 
> Obviously, if I ever did need IAX on the local IPv4, I would have to
> reopen this, so by no means do I consider this a permanent solution.
> However, at present I can work with it. If some other solution (other
> than the pinnacle, IPv6-enabled Zoiper) can be found, that would be
> even better.

One potential solution would be to split your DNS so that hostnames
resolve to public addresses for external queries, but private addresses
for internal queries.

I doubt dnsmasq can do this though, so you might have to look into
setting up a "real" DNS server.

Cheers,
Tom

-- 
knghtbrd: there may be no spoon, but can you spot the vulnerability in
eye_render_shiny_object.c?
-- rcw


signature.asc
Description: Digital signature

Re: Debian, FF & NavyFed

[Selim T . Erdoğan]

On Mon, Dec 18, 2017 at 06:10:28PM -0800, Mike McClain wrote:
> I signed up with Navy Federal Credit Union online banking last week.
> I can login, I get the banner in color , it says getting your info.
> As soon they come back with and display my balance all the text turnes
> to grey and a twiddler pops up and it stays like that forever.
> NFCU's tech support will not admit to knowing who's waiting for
> what just we don't support Linux.
> Suggestions on how to fix this or how to approach it are most
> welcome.

Try pressing ESC, or clicking on various points in the window.

I sometimes see such overlaid stuff on websites and, on some, I can get 
it to go away, and see the underlying "real stuff", by such a press/click.

Re: LUKS password gets printed as stars

[Curt]

On 2017-12-20, root kea  wrote:
> On Wed, Dec 20, 2017 at 3:18 AM, Jonathan Dowland  wrote:
>> On Wed, Dec 20, 2017 at 12:15:36AM +0530, root kea wrote:
>
>>> And I just filed a bug report [0]. if anybody interested they can
>>> follow the discussion there.
>>>
>>> [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884788
>>
>>
>> In this case I think you would have much more luck in at least getting
>> a discussion of the various merits of each approach, if not a change of
>> behaviour, by posting to the systemd-devel mailing list[1]
>
> Thanks for the suggestion! I just posted about "`systemd-ask-password`
> echoing stars(*) by default" on systemd-devel ML. [0]
>
> I genuinely hope that they change this default behavior.

I thought we wanted it to be configurable because it is currently not
configurable (through ordinary command-line means, short of
recompilation). Don Armstrong explained the rationale behind making
echoed "stars" the default and opining that a bug report with patch
would be welcome.

Now we want to change the default. Give them the moon, and they want the
stars, too!

Also, I'm uncertain whether suppression of the asterisk-echo qualifies
as "security by obscurity" (actually, that expression is almost
exclusively pejorative in my experience) as you claim in exposing your
reasoning in the article linked below.

> [0]
> https://lists.freedesktop.org/archives/systemd-devel/2017-December/040023.html


-- 
"An autobiography is only to be trusted when it reveals something disgraceful.
A man who gives a good account of himself is probably lying, since any life
when viewed from the inside is simply a series of defeats."
— George Orwell

Re: Stretch: Greeter powers down and locks monitors

[Thomas Amm]

On Wed, 20 Dec 2017 11:49:33 +0100 (CET)
Roger Price  wrote:

> Hi, I'm running stretch with Xfce.  Gnome is also installed.  The
> login greeter appears correctly, and allows login, but if I leave the
> "greeter" screen too long, then something intervenes and puts the two
> monitors into a sleep mode (iiyama E1700S orange light).  I cannot
> find any key combination which wakes up gdm3.
> 
> Command « inxi -GS » reports:
> 
>   System:Host: maria Kernel: 4.9.0-4-amd64 x86_64 (64 bit)
> Desktop: Xfce 4.12.3 Distro: Debian GNU/Linux 9 (stretch)
>   Graphics:  Card: NVIDIA G72 [GeForce 7300 LE]
>  Display Server: X.Org 1.19.2 driver: N/A   (nouveau)
>  Resolution: 1280x1024@60.02hz, 1280x1024@60.02hz
>  GLX Renderer: Gallium 0.4 on NV46 GLX Version: 2.1 Mesa
> 13.0.6
> 
> Command « xrandr » reports
> 
>   Screen 0: minimum 320 x 200, current 2560 x 1024, maximum 4096 x
> 4096 VGA-1 connected primary 1280x1024+0+0 (normal left inverted
> right x axis y axis) 338mm x 270mm
> 1280x1024 60.02*+  75.02
>   DVI-I-1 connected 1280x1024+1280+0 (normal left inverted right x
> axis y axis) 338mm x 270mm
> 1280x1024 60.02*+  75.02
> 
> xscreensaver 5.36-1 and light-locker 1.7.0-3 are both present but not 
> running.
> 
> Command « ps -elf | grep gdm3 » reports
> 
>   4 S root   746 1  0  80   0 - 73899 SyS_po 11:36 ?
> 00:00:00 /usr/sbin/gdm3 4 S Debian-+   777   756  0  80   0 - 47229
> SyS_po 11:36 tty1 00:00:00 /usr/lib/gdm3/gdm-wayland-session
> gnome-session --autostart /usr/share/gdm/greeter/autostart
> 
> Is there some way of either inhibiting the screensaver action or 
> recovering the greeter screen?  My current workaround when this
> happens is to log in via ssh and then as root run command « systemctl
> restart gdm3.service ».
> 
> Roger

I'd try simply replacing GDM with lightdm. Just a workaround, but the
oroginal problem might by very hard to solve.
-- 
Backup not found: (A)bort (R)etry (P)anic

Re: Stretch: Greeter powers down and locks monitors

[David Christensen]

On 12/20/17 02:49, Roger Price wrote:
Hi, I'm running stretch with Xfce.  Gnome is also installed.  The login 
greeter appears correctly, and allows login, but if I leave the 
"greeter" screen too long, then something intervenes and puts the two 
monitors into a sleep mode (iiyama E1700S orange light).  I cannot find 
any key combination which wakes up gdm3.


Have you tried right-clicking with the mouse?  My laptop with Stretch, 
Xfce, and the default login manager (lightdm?) requires this.



David

Re: Debian networking - accessing public-side servers from a private network

[Pascal Hambourg]

Le 19/12/2017 à 19:22, Phil Reynolds a écrit :

I have a network with a Debian router, using iptables for NAT and
firewalling. Connected to it via a Wi-fi acces point is, among other
things, an Android phone. This is mosty relevant in that I cannot vary
its settings very much, other than by changing them on the router.

I have IPv6 on the network, and, were all the apps I need to use on the
phone enabled, there would not be a problem, however some of them
require IPv4.

I have both public and private networks - let's say they are
192.0.2.48/28 and 192.168.0.0/24.

My network includes several physical machines that act as servers, and
all such machines have addresses in both IPv4 ranges, statically
assigned. Machines not used as servers have private addresses only,
assigned by DHCP. radvd is in use to assign IPv6 addresses and DNS
servers.

It is probably most notable that one server is running Asterisk, as it
is partially herein that the problem lies. I am trying to connect
Zoiper on the Android phone to it using IAX.

The router has addresses 192.0.2.49 and 192.168.0.1. The Asterisk box
has 192.0.2.51 and 192.168.0.4. The phone has been assigned
192.168.0.130 on this occasion. The router has NAT set up on
192.0.2.62 to enabre the private address only systems to access the
Internet.


IIUC, both the public and the private subnets are on the same physical LAN ?


If I set up Zoiper to use the FQDN of the Asterisk box, it connects


I guess you mean the public domain name pointing to the public IPv4 
addresse ?



just fine when I am not at home. However, when I am at home, it still
uses the public IP address (192.0.2.51) of the Asterisk box, which,
because it can see the phone directly, then responds using its own
private address (192.168.0.4) - this causes Zoiper to fail to register.
(it is clear from a tcpdump that this is happening)


That's really bad. I consider that Asterisk is faulty here. In theory 
UDP is not connection-oriented but in practice many client/server 
protocols based on UDP use some form of loose connection and work better 
through stateful firewalls and NATs when the reply packet source address 
is equal to the request packet destination address.



At no point does the router get involved in the communication between
the phone and the Asterisk box. To do so might make things easier, or
could just add an unnecessary layer of complexity.


How does the private client know that the public server address is 
reachable directly on the LAN an not through the router ?



The answer to the problem could lie in several places:

- If I could somehow get the phone to use the NAT to communicate with
   the Asterisk box, that would probably work.


You could use SNAT in the POSTROUTING chain on the router you can force 
routing of the public server address from the client through the router.
Or you could use SNAT on the server (in the INPUT chain on recent enough 
kernels) when the incoming packet has a private source address and a 
public destination address.
However in either case SIP requires special by netfilter with the 
conntrack and NAT SIP handler.



- If I could get the phone to pick up the private address of the
   Asterisk box rather than the public one, that would probably work. I
   have tried setting up to do this with dnsmasq, but the IPv6 settings
   for DNS cause this to be overridden. If I could somehow change the
   priority of this on the phone, it would help.


All the IPv4 and IPv6 nameservers used by the client must resolve the 
name into the private address. If they also serve the public zone, you 
must set up "split DNS" to server different versions for private and 
public clients.

Re: got a new one

[Brian]

On Tue 19 Dec 2017 at 14:44:09 +, Curt wrote:

> On 2017-12-19, Gene Heskett  wrote:
> > Greetings all;
> >
> > I just got a pdf emailed to me thats an invoice, and a puzzle. The 
> > automatic linkage when I click on the pdf opens it in evince. It reads 
> > perfectly on screen, but prints blank pages. Even with the colors 
> > inverted.
> >
> > I then saved it, loaded it up into okular, and it printed perfectly.
> >
> > evince has printed 700+ page documents, several times, flawlessly.
> >
> > So to what/where do I send this one page pdf as a test pdf to be used to 
> > fix evince?
> 
> There was a libgtk-3-0 bug that affected printing in evince (which could
> be avoided by unchecking the default 'Auto Rotate and Center' in the
> 'Page Handling' submenu of the print dialogue). 
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771205
> 
> This effectively prevents printing in landscape mode (you're not trying
> to print in landscape mode again, are you Gene)?

I've seen this said before. but I've never understood what "printing in
landscape mode" means. Does "printing in landscape" convey the same idea?

-- 
Brian.

Re: got a new one

[Gene Heskett]

On Wednesday 20 December 2017 15:34:19 Brian wrote:

> On Tue 19 Dec 2017 at 14:44:09 +, Curt wrote:
> > On 2017-12-19, Gene Heskett  wrote:
> > > Greetings all;
> > >
> > > I just got a pdf emailed to me thats an invoice, and a puzzle. The
> > > automatic linkage when I click on the pdf opens it in evince. It
> > > reads perfectly on screen, but prints blank pages. Even with the
> > > colors inverted.
> > >
> > > I then saved it, loaded it up into okular, and it printed
> > > perfectly.
> > >
> > > evince has printed 700+ page documents, several times, flawlessly.
> > >
> > > So to what/where do I send this one page pdf as a test pdf to be
> > > used to fix evince?
> >
> > There was a libgtk-3-0 bug that affected printing in evince (which
> > could be avoided by unchecking the default 'Auto Rotate and Center'
> > in the 'Page Handling' submenu of the print dialogue).
> >
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771205
> >
> > This effectively prevents printing in landscape mode (you're not
> > trying to print in landscape mode again, are you Gene)?
>
> I've seen this said before. but I've never understood what "printing
> in landscape mode" means. Does "printing in landscape" convey the same
> idea?

Either one implies a 90 degree rotation of the page on the paper, so that 
lng lines don't either get clipped off at the right margin, or often 
as not line wrapped by the printer which means on a multipage document, 
the pdf interpretors page count doesn't get totally scrambled & starts 
putting the headers and footers in the middle of the page. Doesn't 
always help though, some of the hal files I've hacked up over the years 
have effectively been north of 220 chars/line. There are ways to fix 
that, but they are relatively new in linuxcnc's init functions.  Those 
older files usually get fixed if I have to revisit them, because the 
hardware changed or something.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: LUKS password gets printed as stars

[Richard Hector]

On 21/12/17 02:02, Curt wrote:
> Also, I'm uncertain whether suppression of the asterisk-echo qualifies
> as "security by obscurity"

I think most people accept that obscurity is quite reasonable for
passwords ...

Richard




signature.asc
Description: OpenPGP digital signature

Re: got a new one

[Brian]

On Wed 20 Dec 2017 at 17:06:35 -0500, Gene Heskett wrote:

> On Wednesday 20 December 2017 15:34:19 Brian wrote:
> 
> > On Tue 19 Dec 2017 at 14:44:09 +, Curt wrote:
> > > There was a libgtk-3-0 bug that affected printing in evince (which
> > > could be avoided by unchecking the default 'Auto Rotate and Center'
> > > in the 'Page Handling' submenu of the print dialogue).
> > >
> > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771205
> > >
> > > This effectively prevents printing in landscape mode (you're not
> > > trying to print in landscape mode again, are you Gene)?
> >
> > I've seen this said before. but I've never understood what "printing
> > in landscape mode" means. Does "printing in landscape" convey the same
> > idea?
> 
> Either one implies a 90 degree rotation of the page on the paper, so that 
> lng lines don't either get clipped off at the right margin, or often 
> as not line wrapped by the printer which means on a multipage document, 
> the pdf interpretors page count doesn't get totally scrambled & starts 
> putting the headers and footers in the middle of the page. Doesn't 
> always help though, some of the hal files I've hacked up over the years 
> have effectively been north of 220 chars/line. There are ways to fix 
> that, but they are relatively new in linuxcnc's init functions.  Those 
> older files usually get fixed if I have to revisit them, because the 
> hardware changed or something.

What determines the choice of pages which suffer a 90 degree rotation?

-- 
Brian.

Re: BeFS or BFS or other filesystem for linux with attributes on debian

[Dan Hitt]

On Tue, Dec 19, 2017 at 11:16 PM, David Christensen
 wrote:
> On 12/19/17 14:07, Dan Hitt wrote:
>>
>> Just for reference, although the attributes exist and i ithink are
>> exactly what i need, it looks like the system has to be nudged a
>> little to use them.
>>
>> So, for example, with cp, you need to do 'cp -a' to carry along the
>> attributes ('cp -p' is not enough).
>>
>> Also, it looks like tar has to be told about the attributes both on
>> the way in and on the way out:
>> tar --xattr -cf my_archive.tar my_file
>> tar --xattr -xf my_archive.tar

I goofed here, should have been
tar --xattrs -cf my_archive.tar my_file
tar --xattrs -xf my_archive.tar


>>
>> It would be nice if the system could be told to use attributes by default.
>
>
> How about using aliases?
>
>
> For example, in my ~/.bashrc:
>
> alias cp='cp -ip'
> alias mv='mv -i'
>
>
> See bash(1) ALIASES.
>
>
> David
>

Thanks David.

That's a good idea, so i aliased cp to '/bin/cp -ai'

It was a little more problematic for tar (for me, at least), and i
also goofed on the tar command above :(  (correction inline).

For tar, when you use the '--xattrs' option, then you must precede
your 'cf' or 'xf' with a dash.  So an alias of tar='tar --xattrs'
changes how you type your tar command.  (But maybe that's just a poor
choice of alias for me.)

And there's another very common program, for me, anyway, which is rsync.

For rsync, you need to add the -X option.

So i also aliased that (rsync=/usr/bin/rsync -X).

So i do still think that a global option would be useful, as the
commands with options for paying attention to attributes keep
dribbling in, but your alias idea is very helpful.

One other point on this whole attr business is that apparently the
attr program only acts on one file at a time.

That point however i can't really complain about, because if i'm
unhappy, i can just write my own attr program which will allow
multiple files to be specified.   And for my use case, i probably
won't have to use attr so much anyway (just the attributes themselves,
via the interface that Roberto pointed out).

Thanks again everybody for your help, and thanks Tomas for pulling me
out of the dark ages!! :)

dan

Re: got a new one

[Gene Heskett]

On Wednesday 20 December 2017 17:56:46 Brian wrote:

> On Wed 20 Dec 2017 at 17:06:35 -0500, Gene Heskett wrote:
> > On Wednesday 20 December 2017 15:34:19 Brian wrote:
> > > On Tue 19 Dec 2017 at 14:44:09 +, Curt wrote:
> > > > There was a libgtk-3-0 bug that affected printing in evince
> > > > (which could be avoided by unchecking the default 'Auto Rotate
> > > > and Center' in the 'Page Handling' submenu of the print
> > > > dialogue).
> > > >
> > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771205
> > > >
> > > > This effectively prevents printing in landscape mode (you're not
> > > > trying to print in landscape mode again, are you Gene)?
> > >
> > > I've seen this said before. but I've never understood what
> > > "printing in landscape mode" means. Does "printing in landscape"
> > > convey the same idea?
> >
> > Either one implies a 90 degree rotation of the page on the paper, so
> > that lng lines don't either get clipped off at the right margin,
> > or often as not line wrapped by the printer which means on a
> > multipage document, the pdf interpretors page count doesn't get
> > totally scrambled & starts putting the headers and footers in the
> > middle of the page. Doesn't always help though, some of the hal
> > files I've hacked up over the years have effectively been north of
> > 220 chars/line. There are ways to fix that, but they are relatively
> > new in linuxcnc's init functions.  Those older files usually get
> > fixed if I have to revisit them, because the hardware changed or
> > something.
>
> What determines the choice of pages which suffer a 90 degree rotation?

Not individual pages unless you want to jump thru some pretty small 
hoops. You can select it for the whole, individual print job, in the 
printer requester that pops up when you select print from some 
application. I varies as to what tab its under but will usually be a 4 
choice. 2 of them will be labeled Portrait and Landscape, the other 2 
are further rotations at 180 and 270 degrees. The better versions of 
that requester will also let you specify odd only or even only, or a 
page range in case you only want a 10 page piece of a 750 pager.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Debian networking - accessing public-side servers from a private network

[Phil Reynolds]

On Wed, 20 Dec 2017 21:08:21 +0100
Pascal Hambourg  wrote:

> IIUC, both the public and the private subnets are on the same
> physical LAN ?

Yes, that is correct.
 
> > If I set up Zoiper to use the FQDN of the Asterisk box, it
> > connects  
> 
> I guess you mean the public domain name pointing to the public IPv4 
> addresse ?

Points to the public IPv6 and IPv4 addresses - most places other than
home do not currently have IPv6, though.

> > just fine when I am not at home. However, when I am at home, it
> > still uses the public IP address (192.0.2.51) of the Asterisk box,
> > which, because it can see the phone directly, then responds using
> > its own private address (192.168.0.4) - this causes Zoiper to fail
> > to register. (it is clear from a tcpdump that this is happening)  
> 
> That's really bad. I consider that Asterisk is faulty here. In theory 
> UDP is not connection-oriented but in practice many client/server 
> protocols based on UDP use some form of loose connection and work
> better through stateful firewalls and NATs when the reply packet
> source address is equal to the request packet destination address.

I will try to chase this up further with the Asterisk developers, but
their main answer has been "use the private address when at home". I do
agree it's a fault with Asterisk.

> > At no point does the router get involved in the communication
> > between the phone and the Asterisk box. To do so might make things
> > easier, or could just add an unnecessary layer of complexity.  
> 
> How does the private client know that the public server address is 
> reachable directly on the LAN an not through the router ?

That I couldn't say, but it's plainly the case.

> > The answer to the problem could lie in several places:
> > 
> > - If I could somehow get the phone to use the NAT to communicate
> > with the Asterisk box, that would probably work.  
> 
> You could use SNAT in the POSTROUTING chain on the router you can
> force routing of the public server address from the client through
> the router. Or you could use SNAT on the server (in the INPUT chain
> on recent enough kernels) when the incoming packet has a private
> source address and a public destination address.
> However in either case SIP requires special by netfilter with the 
> conntrack and NAT SIP handler.

Indeed, SIP can get mighty complicated with NAT. It's part of the
reason I prefer to use IAX for clients that connect from outside.

> > - If I could get the phone to pick up the private address of the
> >Asterisk box rather than the public one, that would probably
> > work. I have tried setting up to do this with dnsmasq, but the IPv6
> > settings for DNS cause this to be overridden. If I could somehow
> > change the priority of this on the phone, it would help.  
> 
> All the IPv4 and IPv6 nameservers used by the client must resolve the 
> name into the private address. If they also serve the public zone,
> you must set up "split DNS" to server different versions for private
> and public clients.

Unfortunately I have found no way to override the radvd-provided DNS
server addresses - otherwise I would have done this.

-- 
Phil Reynolds
mail: phil-deb...@tinsleyviaduct.com
Web: http://phil.tinsleyviaduct.com/

Re: got a new one

[Gene Heskett]

On Wednesday 20 December 2017 19:39:32 Gene Heskett wrote:

> On Wednesday 20 December 2017 17:56:46 Brian wrote:
> > On Wed 20 Dec 2017 at 17:06:35 -0500, Gene Heskett wrote:
> > > On Wednesday 20 December 2017 15:34:19 Brian wrote:
> > > > On Tue 19 Dec 2017 at 14:44:09 +, Curt wrote:
> > > > > There was a libgtk-3-0 bug that affected printing in evince
> > > > > (which could be avoided by unchecking the default 'Auto Rotate
> > > > > and Center' in the 'Page Handling' submenu of the print
> > > > > dialogue).
> > > > >
Libgtk3 should have come with a 55 gallon drum of Raid. Gladevcp3 will 
never work with any stability until its fixed.

> > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771205
> > > > >
> > > > > This effectively prevents printing in landscape mode (you're
> > > > > not trying to print in landscape mode again, are you Gene)?

Of course I am for some jobs, as noted in a previous post earlier this 
evening.

And I certainly wasn't doing landscape mode for an invoice composed in 
letter format, aka Portrait mode.

> > > > I've seen this said before. but I've never understood what
> > > > "printing in landscape mode" means. Does "printing in landscape"
> > > > convey the same idea?
> > >
> > > Either one implies a 90 degree rotation of the page on the paper,
> > > so that lng lines don't either get clipped off at the right
> > > margin, or often as not line wrapped by the printer which means on
> > > a multipage document, the pdf interpretors page count doesn't get
> > > totally scrambled & starts putting the headers and footers in the
> > > middle of the page. Doesn't always help though, some of the hal
> > > files I've hacked up over the years have effectively been north of
> > > 220 chars/line. There are ways to fix that, but they are
> > > relatively new in linuxcnc's init functions.  Those older files
> > > usually get fixed if I have to revisit them, because the hardware
> > > changed or something.
> >
> > What determines the choice of pages which suffer a 90 degree
> > rotation?

See previous post 20 minutes back.  Or below.
>
> Not individual pages unless you want to jump thru some pretty small
> hoops. You can select it for the whole, individual print job, in the
> printer requester that pops up when you select print from some
> application. I varies as to what tab its under but will usually be a 4
> choice. 2 of them will be labeled Portrait and Landscape, the other 2
> are further rotations at 180 and 270 degrees. The better versions of
> that requester will also let you specify odd only or even only, or a
> page range in case you only want a 10 page piece of a 750 pager.
>
> Cheers, Gene Heskett


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

AMD Ryzen 7 1700 mce: [Hardware Error]: CPU 10

[Siju George]

​​

My Kali Machine with AMD Ryzen 7 1700 suddenly rebooted and showed the
following error messages



0.086235] mce: [Hardware Error]: Machine check events logged

[0.086235] mce: [Hardware Error]: CPU 10: Machine Check: 0 Bank 5:
bea00108

[0.086235] mce: [Hardware Error]: TSC 0 ADDR 1b246a8e2 MISC
d01200010100 SYND 4d00 IPID 500b0

0.086235] mce: [Hardware Error]: PROCESSOR 2:800f11 TIME 1513775951 SOCKET
0 APIC a microcode 800111c



What is the problem? how to fix it?



Thanks :-)

Siju Oommen George

Re: Debian networking - accessing public-side servers from a private network

[Pascal Hambourg]

Le 21/12/2017 à 01:48, Phil Reynolds a écrit :



At no point does the router get involved in the communication
between the phone and the Asterisk box. To do so might make things
easier, or could just add an unnecessary layer of complexity.


How does the private client know that the public server address is
reachable directly on the LAN an not through the router ?


That I couldn't say, but it's plainly the case.


How are TCP/IP parameters configured on the client ?
Could you show its routing table ?


- If I could get the phone to pick up the private address of the
Asterisk box rather than the public one, that would probably
work. I have tried setting up to do this with dnsmasq, but the IPv6
settings for DNS cause this to be overridden. If I could somehow
change the priority of this on the phone, it would help.


All the IPv4 and IPv6 nameservers used by the client must resolve the
name into the private address. If they also serve the public zone,
you must set up "split DNS" to server different versions for private
and public clients.


Unfortunately I have found no way to override the radvd-provided DNS
server addresses - otherwise I would have done this.
Aren't you in control of the router configuration and which IPv6 DNS 
servers are advertised in the RAs it sends (radvd ?), and of these 
servers behaviour ?


Just another thought : isn't it possible to set up Asterisk to listen 
explicitly on both the private and public IPv4 addresses instead of any 
local address, so that it opens two separate sockets ? This way I think 
it would reply with the proper source address.

Re: AMD Ryzen 7 1700 mce: [Hardware Error]: CPU 10

[Dominique Dumont]

On Thursday, 21 December 2017 07:30:54 CET Siju George wrote:
> What is the problem? how to fix it?

A quick search on google yields:
https://askubuntu.com/questions/605369/mce-hardware-error-machine-check-events-logged-appears-in-syslog-what-sho#608156

HTH

-- 
 https://github.com/dod38fr/   -o- http://search.cpan.org/~ddumont/
http://ddumont.wordpress.com/  -o-   irc: dod at irc.debian.org