Re: Self-censorship 101 (was: Problems with https://manpages.debian.org/)

[Reco]

Hi.

On Tue, Jun 26, 2018 at 05:51:27PM -0500, David Wright wrote:
> > 2) Why bother with /etc/hosts at all, if one can use DNS or HTTP proxy
> > for the same purpose with much simplier configuration (hint - you cannot
> > block all sites in a domain via /etc/hosts unless you list all of them
> > there).
> 
> That's probably why it's so long.

That's the only reason it's that long.

> But do I want to set up a DNS proxy
> on each host, with any wheezy, jessie and stretch differences to sort
> out?

Why would you? You set up a single DNS (or HTTP proxy) and point all
your devices there.
Setting up a local DNS resolver is justifiable for a laptop, of course,
provided you carry one with you into different networks.

> Then I have to maintain my list of domains to send to localhost.
> Where do I start with that?

My DNS of choice for small LAN segments is dnsmasq.


> > 3) Why cripple system-wide resolver for a single program (in this
> > case - a browser). A suitable browser plugin should suffice here.
> 
> How long does it take to read ½MB into memory (once) and then check
> it? Obviously not very long as it works well.

You misunderstood me, it seems. You make a change to the file that's
respected by each and every program that utilizes gethostbyname(3) and
gethostbyaddr(3).
The only positive thing that achieves is better browsing experience, and
the reason you do this is the brokenness of Modern Web™.
At the same time you get numerous side effects for every other program
in your system(s), which may or may not be problematic.


>  A plugin means yet more maintenance for me to do.

They say that one should not argue about tastes. So I won't.

Reco

Aw: Re: session trunking with NFS

[Stefan K]

Hi,

today i tried it, but it didn't work:
on my nfs-test system I use the 2x1GB interfaces
showmount -e 
and
showmount -e 
shows me the exports
so now i mount the nfs-share on a server with 10G Interfaces(bond), when i 
mount it with the second NFS-IP, I got an error "mount.nfs: mount(2): Device or 
resource busy"

Did I something wrong?

best regards
Stefan

> Gesendet: Dienstag, 26. Juni 2018 um 09:07 Uhr
> Von: Reco 
> An: debian-user@lists.debian.org
> Betreff: Re: session trunking with NFS
>
>   Hi.
> 
> On Tue, Jun 26, 2018 at 08:57:25AM +0200, Stefan Krueger wrote:
> > Hello,
> > 
> > so far as I know Debian stretch is shipped with NFS-Version 4.2. The RFC[1] 
> > said NFSv4.1 has the capability for sessiontrunking to speed up the 
> > performance/throughput, so my question is how can I archiv this? How to 
> > configure the NFS-server and how to mount it on the client-side? There is 
> > no hint in the manpage for this.
> 
> The way they describe the feature at [1], it does not seem being that useful.
> 
> Assuming that you don't need a bunch of kernel patches ([1] describes
> Debian 7.9), all you need to do is obtain an NFS server with multiple
> non-bonded network interfaces, a client with the same, and mount NFS
> share several times into the same directory.
> 
> And all you get out of this is the ability to utilize several network
> links on both NFS client and server for a single client.
> 
> Personally I'd rather use conventional network bonding on NFS server,
> and be done with it.
> 
> [1] http://packetpushers.net/multipathing-nfs4-1-kvm/
> 
> Reco
> 
> 

Re: Re: session trunking with NFS

[Reco]

Hi.

On Wed, Jun 27, 2018 at 10:32:25AM +0200, Stefan K wrote:
> Hi,
> 
> today i tried it, but it didn't work:
> on my nfs-test system I use the 2x1GB interfaces
> showmount -e 
> and
> showmount -e 
> shows me the exports
> so now i mount the nfs-share on a server with 10G Interfaces(bond), when i 
> mount it with the second NFS-IP, I got an error "mount.nfs: mount(2): Device 
> or resource busy"

>From a quick look to a Debian kernel source version 4.9.88 I conclude
that Multipath NFS feature is definitely included there.
The sources have all XPRTMULTIPATH defines, NFS client has
xprtmultipath.c file included, etc.
What I cannot find (and probably won't look into it) is whenever the
feature can be disabled during the compilation.
So, it should work, as long as client uses NFS protocol version 4.1 or
later. 

The crucial implementation detail seems to be the need to use TCP to
mount NFS share, not the default UDP.

Reco

solved Re: Insertion of USB devices not being recognised.

[terryc]

On Tue, 26 Jun 2018 21:57:33 +0200
deloptes  wrote:

> terryc wrote:
> 
> > Mostly it is USB sticks for stuff to play/display on the TV & "noise
> > device"  
> 
> what do you see in dmesg when you plug in the device?
Nothing. that was the problem. it is hard to mount it if you don't know
what /dev/sd?? it is and although I "know" what it should be, unless it
is listed in dmesg, i can do nothing with it,

> What happens if you downgrade the kernel to the previous version?
Same situation, but it lead me to an unwelcome diagnose.
i extracted the machine and the back plane ports were working. so I
went back t 9.0.6(?) and it was the same.

The current diagnose is that the front usb ports have failed for data.
they work fine for power(mobile phone charging), but not for data.

Not impressed as the mobo is less than two years old.

Thanks for the help

 

apt-cron mails via imap receive and awk work, for putting them into a sqlite

[Denny Fuchs]

Hello,

because of a requirement, we need to document, which packages 
(Weezy/Jessie/Stretch) where upgraded and which problems where fixed.
At the moment, we receive the apt-cron mails and copy the content into 
our MediaWiki (with some cleanups and Wiki syntax).

In that way, we make sure, not to have the duplicates in the Wiki.

That costs a half day and we want to make it better:

We use a python script, which receives the apt-cron mails (sorted by 
Debian version). this script creates for every mail a file, which has 
only the body as content (no headers).In the next step, we want to put 
the content of that "cleaned" files into sqlite DB, to have a tool, to 
remove the duplicates.



For example, the file "70.eml"

 cut 
++


apticron report [Mon, 18 Jun 2018 11:27:07 +]


apticron has detected that some packages need upgrading on:

auth.example.com
[ 172.21.0.8 ]

The following packages are currently pending an upgrade:

ldproxy 1.1.0-7
libgcrypt20 1.7.6-2+deb9u3
libperl5.24 5.24.1-3+deb9u4
openotp 1.3.11-0
perl 5.24.1-3+deb9u4
perl-base 5.24.1-3+deb9u4
perl-modules-5.24 5.24.1-3+deb9u4
puppet-agent 5.5.3-1stretch
spankey 2.0.0-3
td-agent 3.2.0-0
webadm 1.6.6-2



Package Details:

apt-listchanges: Reading changelogs...
apt-listchanges: Changelogs
---

--- Changes for libgcrypt20 ---
libgcrypt20 (1.7.6-2+deb9u3) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * ecc: Add blinding for ECDSA (CVE-2018-0495)

 -- Salvatore Bonaccorso   Fri, 15 Jun 2018 11:58:05 
+0200


--- Changes for perl (libperl5.24 perl perl-base perl-modules-5.24) ---
perl (5.24.1-3+deb9u4) stretch-security; urgency=high

  * [SECURITY] CVE-2018-12015: fix directory traversal vulnerability
in Archive-Tar (Closes: #900834)

 -- Dominic Hargreaves   Sun, 10 Jun 2018 18:37:28 +0100

--- Changes for ldproxy ---
ldproxy (1.1.0-7) experimental; urgency=low

  * Converted from .rpm format to .deb by alien version 8.90


 -- root   Thu, 14 Jun 2018 10:26:12 +0200

--- Changes for openotp ---
openotp (1.3.11-0) experimental; urgency=low

  * Converted from .rpm format to .deb by alien version 8.90


 -- root   Fri, 15 Jun 2018 17:31:47 +0200

--- Changes for puppet-agent ---
puppet-agent (5.5.3-1stretch) stretch; urgency=low

 * Update to version 5.5.3

 -- Puppet Labs  Tue, 12 Jun 2018 19:56:37 +

--- Changes for spankey ---
spankey (2.0.0-3) experimental; urgency=low

  * Converted from .rpm format to .deb by alien version 8.90


 -- root   Wed, 13 Jun 2018 18:41:35 +0200

--- Changes for webadm ---
webadm (1.6.6-2) experimental; urgency=low

  * Converted from .rpm format to .deb by alien version 8.90


 -- root   Fri, 15 Jun 2018 18:35:11 +0200



You can perform the upgrade by issuing the command:

apt-get dist-upgrade

as root on auth.example.com

--
apticron


 cut 
++




I want that part in the sqlite:



libgcrypt20 (1.7.6-2+deb9u3) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * ecc: Add blinding for ECDSA (CVE-2018-0495)


So, if I do a select * on the table, I get all these packages and maybe 
sorted by urgency and Debian Version. But the important part is,that I 
don't get duplicates back (DISTINCT?). At the very end, maybe I can put 
the Mediawiki syntax around the output.



But the first step is, how to get the AWK output into a sqlite DB ? 
Someone had the idea:



 awk '/urgency/{file="tmp/"(FILENAME)(++i)".txt"}{print > file}' (which 
works on OSX, but not on Fedora18 ..) that creates files for every entry 
in tmp/ ... maybe it is possible to use that as an idea, but instead if 
creating files, put that output to the sqlite.



Any suggestions ?


cu denny

Re: timeout before file dialogs show up

[Lucio]

Il 24/06/2018 20:15, bw ha scritto:


I had the same thing happen to me on kde, but only for vlc prog.  The
first time I opened a file it took 25 sec for the dialog to pop up.  It
drove me crazy.

I eventually solved it, but I can't remember how, sorry.  The steps I took
were something like this:

try another user account


If I login with another user it's the same. However if I login with my 
user account, then


lucio@mypc:~$ xhost +
lucio@mypc:~$ su - other
other@mypc:~$ lowriter
Menu File | Open

the problem does not show up while using the other account that way.


try removing certain conf files in ~/.config
try removing write access to them after they are recreated
tweaking files named QT* in ~/.config/
tweaking files in ~/.config/gtk-*/


See above, same problem also with completely new and clean user account.


removing all Trolltech.conf and restart desktop


What?


getting rid of anything that saves recent files


so you mean something like "apt-get remove \*"?


purging all the samba/file sharing stuff I could find


This one sounds interesting to me, however I'ìm afraid that a

# find / | grep samba | xargs rm -f

would be a little too dangerous... what do you mean by "all stuff"? Do 
you mean packages that contain "samba" in their name?

Re: timeout before file dialogs show up

[Lucio]

Il 25/06/2018 16:51, David Wright ha scritto:

Do you have a symlink from your home/current working directory
pointing to a networked file system (like gvfs, in the light of
that error message) which the dialog box is trying to resolve
before it can display itself?


Well, sort of, but probably no.

I have a directory in my home that is a mount point to a server that 
isn't usually mounted because it is not usually reachable, but it is 
listed in /etc/fstab as noauto,users:


//fx/data   /home/lucio/_data   cifs
noauto,users,user=lucio,password=secret 0   0

Does that count?

Re: solved Re: Insertion of USB devices not being recognised.

[Jape Person]

On 06/27/2018 09:38 AM, terryc wrote:

On Tue, 26 Jun 2018 21:57:33 +0200 deloptes 
wrote:


terryc wrote:


Mostly it is USB sticks for stuff to play/display on the TV &
"noise device"


what do you see in dmesg when you plug in the device?

Nothing. that was the problem. it is hard to mount it if you
don't know what /dev/sd?? it is and although I "know" what it
should be, unless it is listed in dmesg, i can do nothing with
it,


What happens if you downgrade the kernel to the previous
version?

Same situation, but it lead me to an unwelcome diagnose. i
extracted the machine and the back plane ports were working. so
I went back t 9.0.6(?) and it was the same.

The current diagnose is that the front usb ports have failed for
data. they work fine for power(mobile phone charging), but not
for data.

Not impressed as the mobo is less than two years old.

Thanks for the help



My suggestion is late, and possibly not much of a contribution due 
to my not having read the entire thread.


I have two motherboards which BIOS settings which allow the 
front-side USB ports to be set for charging only. Is there any 
possibility that such a setting is in effect on your motherboard?


JP

Debian testing - release number

[Martin Krämer]

Hi everyone,

I am wondering if it is possible to get the debian release number for
debian testing (and maybe sid) from command line?

I know that current testing is codename buster, while its release number is
10.
I can get the codename from command line, but not that the corresponding
release number is 10. I know I could match the codename to release numbers,
but that is not a nice solution.
For stable (stretch 9) and oldstable (jessie 8) etc. it is possible to get
that number using different commands.

I additionally understand that it is not possible to display something like
10.1 or 10.2 since testing follows not the same release process as stable
does.

Here are the commands & output I tested without success:
__
root@mybuster:~# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux buster/sid"
NAME="Debian GNU/Linux"
ID=debian
HOME_URL="https://www.debian.org/";
SUPPORT_URL="https://www.debian.org/support";
BUG_REPORT_URL="https://bugs.debian.org/";
root@mybuster:~# cat /etc/issue
Debian GNU/Linux buster/sid \n \l

root@mybuster:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux testing (buster)
Release: testing
Codename: buster
root@mybuster:~# cat /etc/debian_version
buster/sid
root@mybuster:~# cat /proc/version
Linux version 4.16.0-2-amd64 (debian-ker...@lists.debian.org) (gcc version
7.3.0 (Debian 7.3.0-19)) #1 SMP Debian 4.16.12-1 (2018-05-27)
root@mybuster:~# uname -a
Linux mybuster 4.16.0-2-amd64 #1 SMP Debian 4.16.12-1 (2018-05-27) x86_64
GNU/Linux
__

Thank you for any input :)

Re: solved Re: Insertion of USB devices not being recognised.

[deloptes]

terryc wrote:

> The current diagnose is that the front usb ports have failed for data.
> they work fine for power(mobile phone charging), but not for data.
> 
> Not impressed as the mobo is less than two years old.

I hope for you and your health that you clean up your home regularly. Two
years is nothing, however I had a situation when some fine particles get
into the usb plug of my mobile and it refused to work, because it was
covering the contact plate.

regards

Re: Debian testing - release number

[Brad Rogers]

On Wed, 27 Jun 2018 19:49:13 +0200
Martin Krämer  wrote:

Hello Martin,

>I know that current testing is codename buster, while its release
>number is 10.

My (possibly mistaken) understanding is that it will get the official
release number 10 when buster becomes the stable branch of Debian.

See https://wiki.debian.org/DebianReleases which indicates v10/buster
has no release date yet.  IOW it will be at some, currently unknown, time
in the future.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
Where will you be when the bodies burn?
The Gasman Cometh - Crass


pgpzY35WgU1hv.pgp
Description: OpenPGP digital signature

apt-cron mails via imap receive + awk work, for putting them into a sqlite

[Denny Fuchs]

Hello,

because of a requirement, we need to document, which packages 
(Weezy/Jessie/Stretch) where upgraded and which problems where fixed.
At the moment, we receive the apt-cron mails and copy the content into our 
MediaWiki (with some cleanups and Wiki syntax).
In that way, we make sure, not to have the duplicates in the Wiki.

That costs a half day and we want to make it better:

We use a python script, which receives the apt-cron mails (sorted by Debian 
version). This script creates for every mail a file, which has only the body as 
content (no headers).In the next step, we want to put the content of that 
"cleaned" files into sqlite DB, to have a tool, to remove the duplicates.

For example, the file "70.eml"

 cut 
++

apticron report [Mon, 18 Jun 2018 11:27:07 +]


apticron has detected that some packages need upgrading on:

auth.example.com
[ 172.21.0.8 ]

The following packages are currently pending an upgrade:

ldproxy 1.1.0-7
libgcrypt20 1.7.6-2+deb9u3
libperl5.24 5.24.1-3+deb9u4
openotp 1.3.11-0
perl 5.24.1-3+deb9u4
perl-base 5.24.1-3+deb9u4
perl-modules-5.24 5.24.1-3+deb9u4
puppet-agent 5.5.3-1stretch
spankey 2.0.0-3
td-agent 3.2.0-0
webadm 1.6.6-2



Package Details:

apt-listchanges: Reading changelogs...
apt-listchanges: Changelogs
---

--- Changes for libgcrypt20 ---
libgcrypt20 (1.7.6-2+deb9u3) stretch-security; urgency=high

 * Non-maintainer upload by the Security Team.
 * ecc: Add blinding for ECDSA (CVE-2018-0495)

-- Salvatore Bonaccorso   Fri, 15 Jun 2018 11:58:05 +0200

--- Changes for perl (libperl5.24 perl perl-base perl-modules-5.24) ---
perl (5.24.1-3+deb9u4) stretch-security; urgency=high

 * [SECURITY] CVE-2018-12015: fix directory traversal vulnerability
   in Archive-Tar (Closes: #900834)

-- Dominic Hargreaves   Sun, 10 Jun 2018 18:37:28 +0100

--- Changes for ldproxy ---
ldproxy (1.1.0-7) experimental; urgency=low

 * Converted from .rpm format to .deb by alien version 8.90


-- root   Thu, 14 Jun 2018 10:26:12 +0200

--- Changes for openotp ---
openotp (1.3.11-0) experimental; urgency=low

 * Converted from .rpm format to .deb by alien version 8.90


-- root   Fri, 15 Jun 2018 17:31:47 +0200

--- Changes for puppet-agent ---
puppet-agent (5.5.3-1stretch) stretch; urgency=low

* Update to version 5.5.3

-- Puppet Labs  Tue, 12 Jun 2018 19:56:37 +

--- Changes for spankey ---
spankey (2.0.0-3) experimental; urgency=low

 * Converted from .rpm format to .deb by alien version 8.90


-- root   Wed, 13 Jun 2018 18:41:35 +0200

--- Changes for webadm ---
webadm (1.6.6-2) experimental; urgency=low

 * Converted from .rpm format to .deb by alien version 8.90


-- root   Fri, 15 Jun 2018 18:35:11 +0200



You can perform the upgrade by issuing the command:

apt-get dist-upgrade

as root on auth.example.com

--
apticron


 cut 
++



I want to have this part in the sqlite:


libgcrypt20 (1.7.6-2+deb9u3) stretch-security; urgency=high

 * Non-maintainer upload by the Security Team.
 * ecc: Add blinding for ECDSA (CVE-2018-0495)


So, if I do a select * on the table, I get all these packages and maybe sorted 
by urgency and Debian Version. But the important part is,that I don't get 
duplicates back (DISTINCT?). At the very end, maybe I can put the Mediawiki 
syntax around the output.


But the first step is, how to get the AWK output into a sqlite DB ? Someone had 
the idea:


awk '/urgency/{file="tmp/"(FILENAME)(++i)".txt"}{print > file}' (which works on 
OSX, but not on Fedora18 ..) that creates files for every entry in tmp/ ... 
maybe it is possible to use that as an idea, but instead if creating files, put 
that output to the sqlite.


Any suggestions ?


cu denny

Re: Debian testing - release number

[Nicholas Geovanis]

On Wed, Jun 27, 2018 at 12:49 PM Martin Krämer  wrote:
>
> I am wondering if it is possible to get the debian release number for debian 
> testing (and maybe sid) from command line?
> I know that current testing is codename buster, while its release number is 
> 10.
> I can get the codename from command line, but not that the corresponding 
> release number is 10. I know I could match the codename to release numbers, 
> but that is not a nice solution.
> For stable (stretch 9) and oldstable (jessie 8) etc. it is possible to get 
> that number using different commands.
>
> I additionally understand that it is not possible to display something like 
> 10.1 or 10.2 since testing follows not the same release process as stable 
> does.
>
> Here are the commands & output I tested without success:
> 
.
> root@mybuster:~# cat /etc/debian_version
> buster/sid

Interesting. Even 9.2 and 9.3 servers installed here contain the following:

ngeovanis@maglab01:~$ cat /etc/debian_version
9.2
ngeovanis@maglab01:~$
> Thank you for any input :)

Claws-mail - which plugin for html mails?

[Aldo Maggi]

It is now more than one year I have to manually  send html content to a
browser to see it
I know that fancy plugin, which formerly did that job very well
automatically, was dismissed because of problems of security with a
library, I remember, though, that, formerly, dillo-plugin existed, and
BTW I've Dillo installed and working, how is it that when I try to load
such plugin it isn't available?

Thanks!

Aldo :-)

Re: Debian testing - release number

[Roberto C . Sánchez]

On Wed, Jun 27, 2018 at 03:03:45PM -0500, Nicholas Geovanis wrote:
> On Wed, Jun 27, 2018 at 12:49 PM Martin Krämer  wrote:
> >
> > I am wondering if it is possible to get the debian release number for 
> > debian testing (and maybe sid) from command line?
> > I know that current testing is codename buster, while its release number is 
> > 10.
> > I can get the codename from command line, but not that the corresponding 
> > release number is 10. I know I could match the codename to release numbers, 
> > but that is not a nice solution.
> > For stable (stretch 9) and oldstable (jessie 8) etc. it is possible to get 
> > that number using different commands.
> >
> > I additionally understand that it is not possible to display something like 
> > 10.1 or 10.2 since testing follows not the same release process as stable 
> > does.
> >
> > Here are the commands & output I tested without success:
> > 
> .
> > root@mybuster:~# cat /etc/debian_version
> > buster/sid
> 
> Interesting. Even 9.2 and 9.3 servers installed here contain the following:
> 
> ngeovanis@maglab01:~$ cat /etc/debian_version
> 9.2
> ngeovanis@maglab01:~$
> > Thank you for any input :)
> 

That is because buster is still development, so it is not yet released.
It would not make much sense to have it report a release version, since
the assigned version is still just a planned version at this point.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: Claws-mail - which plugin for html mails?

[Patrick Bartek]

On Wed, 27 Jun 2018 22:19:53 +0200
Aldo Maggi  wrote:

> It is now more than one year I have to manually  send html content to
> a browser to see it
> I know that fancy plugin, which formerly did that job very well
> automatically, was dismissed because of problems of security with a
> library, I remember, though, that, formerly, dillo-plugin existed, and
> BTW I've Dillo installed and working, how is it that when I try to
> load such plugin it isn't available?

I checked around the last time you posted this query.  Couldn't
find it.  Perhaps the Dillo-plugin is no longer supported. I use the
fancy-plugin to display directly in the Claws-Mail window. Although, I
don't use it that much. HTML emails are so artsy-fartsy and a waste of
bandwidth.

I'm sure that "security problem" has been fixed. That was from when
Wheezy was Stable.

B 

firefox-esr security update for Jessie?

[Ed Jabbour]

I see that firefox-esr has a 
security update.  It is only 
for Stretch.  What are we 
Jessie users to do?

Re: firefox-esr security update for Jessie?

[Roberto C . Sánchez]

On Wed, Jun 27, 2018 at 06:37:51PM -0400, Ed Jabbour wrote:
>I see that firefox-esr has a security update. It is only for Stretch. What
>are we Jessie users to do?

A member of the LTS team is working on it.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: Self-censorship 101 (was: Problems with https://manpages.debian.org/)

[David Wright]

On Wed 27 Jun 2018 at 10:17:11 (+0300), Reco wrote:
>   Hi.
> 
> On Tue, Jun 26, 2018 at 05:51:27PM -0500, David Wright wrote:
> > > 2) Why bother with /etc/hosts at all, if one can use DNS or HTTP proxy
> > > for the same purpose with much simplier configuration (hint - you cannot
> > > block all sites in a domain via /etc/hosts unless you list all of them
> > > there).
> > 
> > That's probably why it's so long.
> 
> That's the only reason it's that long.

On further checking, the current hitlist of sites has 13531 hostnames.
A global edit in emacs and a  sort -u  yields a list of two-component
domains, and this edited list has 6765 items.

> > But do I want to set up a DNS proxy
> > on each host, with any wheezy, jessie and stretch differences to sort
> > out?
> 
> Why would you? You set up a single DNS (or HTTP proxy) and point all
> your devices there.

I can't guarantee that any particular machine at home is always
running as a proxy whenever I browse using an arbitrary machine
for browsing. My home isn't a business running a server 24/7,
and my consumer-grade router runs only DHCP, not DNS.

> Setting up a local DNS resolver is justifiable for a laptop, of course,
> provided you carry one with you into different networks.

I'm not sure what you mean. The only resolver at home is /etc/hosts,
which is very easy to maintain. I have a master list of local hosts
(PC/router/phone/printer/TV/roku devices) and the hitlist, and a
one-liner to install it (concatenate, and mangle the host's own
IP address).

> > Then I have to maintain my list of domains to send to localhost.
> > Where do I start with that?
> 
> My DNS of choice for small LAN segments is dnsmasq.

Sure. But who's going to generate the list of domains¹? As I said,
my edited list has 6765 items, but is unsuitable for use as is:
it might be sensible to block ads.youtube.com, but not youtube.com.

> > > 3) Why cripple system-wide resolver for a single program (in this
> > > case - a browser). A suitable browser plugin should suffice here.
> > 
> > How long does it take to read ½MB into memory (once) and then check
> > it? Obviously not very long as it works well.
> 
> You misunderstood me, it seems. You make a change to the file that's
> respected by each and every program that utilizes gethostbyname(3) and
> gethostbyaddr(3).
> The only positive thing that achieves is better browsing experience, and
> the reason you do this is the brokenness of Modern Web™.
> At the same time you get numerous side effects for every other program
> in your system(s), which may or may not be problematic.

I'm not aware of any other program that's 1% as promiscuous as a
browser. (Perhaps you could suggest some.) OTOH there are legitimate
sites that block my traffic on occasion, eg Cox (my ISP) and Debian
blocking my "spam" on the basis of blacklistings.

> >  A plugin means yet more maintenance for me to do.
> 
> They say that one should not argue about tastes. So I won't.

I'm not sure who's arguing. You asked three questions and I'm trying
to answer them in a way that reveals my motives. So if I install a
suitable plugin, how do I choose it and where do I obtain the list
of domains² to block?

Cheers,
David.

¹-² I've posted the source of my hostname hitlist; perhaps someone
will post the source of a similar kind of domain hitlist.

Re: Debian testing - release number

[David Wright]

On Wed 27 Jun 2018 at 19:49:13 (+0200), Martin Krämer wrote:
> I am wondering if it is possible to get the debian release number
> for debian testing (and maybe sid) from command line?

Yes.

# cat > /etc/debian_version
Write whatever you want here
^D

Job done. (That's a control-D.)

Whether it's advisable to depend on its being numerical is a different matter.

Cheers,
David.

Re: Claws-mail - which plugin for html mails?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, Jun 27, 2018 at 02:47:17PM -0700, Patrick Bartek wrote:
> On Wed, 27 Jun 2018 22:19:53 +0200
> Aldo Maggi  wrote:
> 
> > It is now more than one year I have to manually  send html content to
> > a browser to see it

[...]

> I checked around the last time you posted this query.  Couldn't
> find it [...]

> I'm sure that "security problem" has been fixed. That was from when
> Wheezy was Stable.

To be fair, HTML mails dont "have" this or that "security problem", they
are a *constant source* of security problems. Be it that they use links
that auto-resolve (yes, you can disable loading images, and most sensible
MUAs do it, but what about CSS? Do you know what other resources HTML is
set to load?).

For one recent example on how HTML mail can subvert (S-MIME) encryption,
see efail [1] (and no, don't follow EFF's recommendation quoted there
to disable PGP -- better disable HTML).

The biggest problem (apart from its sheer complexity) is that HTML is
a moving target: soon it won't be HTML without Javascript. Me? I don't
want my mail user agent executing programs sent by some random spammer,
thankyouverymuch.

Cheers

[1] 
https://arstechnica.com/information-technology/2018/05/decade-old-efail-attack-can-decrypt-previously-obtained-encrypted-e-mails/

- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAls0gkcACgkQBcgs9XrR2kZWMACfbZRSQtidhrjCHXMdkTJDvq3s
NlgAnArXEipedrlOcZonvIddiT7ECYnY
=K7jn
-END PGP SIGNATURE-

Re: Self-censorship 101 (was: Problems with https://manpages.debian.org/)

[Reco]

Hi.

On Wed, Jun 27, 2018 at 10:25:34PM -0500, David Wright wrote:
> > > But do I want to set up a DNS proxy
> > > on each host, with any wheezy, jessie and stretch differences to sort
> > > out?
> > 
> > Why would you? You set up a single DNS (or HTTP proxy) and point all
> > your devices there.
> 
> I can't guarantee that any particular machine at home is always
> running as a proxy whenever I browse using an arbitrary machine
> for browsing. My home isn't a business running a server 24/7,
> and my consumer-grade router runs only DHCP, not DNS.

A router seems a natural place to host DNS (to me at least). If it's
impossible for whatever reason - then things are tough, but are not
hopeless. Any cheap/free VPS will solve it.


> > Setting up a local DNS resolver is justifiable for a laptop, of course,
> > provided you carry one with you into different networks.
> 
> I'm not sure what you mean. The only resolver at home is /etc/hosts,
> which is very easy to maintain. I have a master list of local hosts
> (PC/router/phone/printer/TV/roku devices) and the hitlist, and a
> one-liner to install it (concatenate, and mangle the host's own
> IP address).
> 
> > > Then I have to maintain my list of domains to send to localhost.
> > > Where do I start with that?
> > 
> > My DNS of choice for small LAN segments is dnsmasq.
> 
> Sure. But who's going to generate the list of domains¹?

The same person who it for your /etc/hosts, of course. Who else?


> As I said,
> my edited list has 6765 items, but is unsuitable for use as is:
> it might be sensible to block ads.youtube.com, but not youtube.com.

Any DNS can contain a custom A/ record ('host block') or a custom
NS/SOA record ('domain block'). DNS adds you options, it does not take them.


> > > > 3) Why cripple system-wide resolver for a single program (in this
> > > > case - a browser). A suitable browser plugin should suffice here.
> > > 
> > > How long does it take to read ½MB into memory (once) and then check
> > > it? Obviously not very long as it works well.
> > 
> > You misunderstood me, it seems. You make a change to the file that's
> > respected by each and every program that utilizes gethostbyname(3) and
> > gethostbyaddr(3).
> > The only positive thing that achieves is better browsing experience, and
> > the reason you do this is the brokenness of Modern Web™.
> > At the same time you get numerous side effects for every other program
> > in your system(s), which may or may not be problematic.
> 
> I'm not aware of any other program that's 1% as promiscuous as a
> browser. (Perhaps you could suggest some.)

Let's see. Any torrent client. Any MTA. SSH client. Tor/I2P/Freenet
instance. A Modern Desktop Environment™.

As I wrote earlier, it may, or may not be a problem. I take it that it
for you it is not.

Reco

Re: solved Re: Insertion of USB devices not being recognised.

[terryc]

On Wed, 27 Jun 2018 19:56:22 +0200
deloptes  wrote:

> terryc wrote:
> 
> > The current diagnose is that the front usb ports have failed for
> > data. they work fine for power(mobile phone charging), but not for
> > data.
> > 
> > Not impressed as the mobo is less than two years old.  
> 
> I hope for you and your health that you clean up your home regularly.
> Two years is nothing, however I had a situation when some fine
> particles get into the usb plug of my mobile and it refused to work,
> because it was covering the contact plate.

Definitely not the issue. the hovel is late 1940's construction and the
major VOC sources are 30+ years old, unless the mobo itself is toxic,
but non other of the trio has that problem.

I'm coming to the conclusion that a lot of mass produced electronic
products suffer from very poor quality soldering and this is probably
such a case.

FWIW, I experience a VOC issue in the 1990's when i was working User
support and the mob I worked for decided to go with the ACER plastic
386(?) computer into a newly buld and furnished tower building. I
quickly twigged that various computer failures were down to
'cruft' coating the various contacts and reinserting  them a few
time would fix the problem. Well before it was documented in the
science press.

We're still to experience flotsam and jetsum clogging the various
min-usbs floating around. The mobile phone spends most of it life
packed ina soft cover as it only ever travels when we go on major trips
for emergency use.
>

Re: solved Re: Insertion of USB devices not being recognised.

[terryc]

On Wed, 27 Jun 2018 12:27:30 -0400
Jape Person  wrote:

> My suggestion is late, and possibly not much of a contribution due 
> to my not having read the entire thread.
> 
> I have two motherboards which BIOS settings which allow the 
> front-side USB ports to be set for charging only. Is there any 
> possibility that such a setting is in effect on your motherboard?

Idea welcome and I'll check it out.
The mobo manual talks about option to enable/disable individual usb
ports, but the reason(s) for this to be the cause for is ???