Re: luks, crypttab: why 3 partition only 2 passphrases entered

[Jonathan Dowland]

On Tue, Aug 07, 2018 at 11:10:39PM +0100, Carles Pina i Estany wrote:

That was quite lot of fun!


Good investigation and report, thanks, yes it was fun to read too!

Some time ago I added a second encrypted disk to my setup, but it is a
removable one. I wanted to use the same encryption passphrase as my
primary drive, so I looked into the systemd/keyctl stuff. I tried to
override the timeout, because I plug in the external drive roughly once
a month. (It's my offsite backup drive)

I figured out one hacky way to do that, but in the meantime a friend
suggested I just use a key file for the removeable drive instead, stored
on the internal encrypted drive. I considered my threat model, realised
that was fine, so abandoned my attempts to change the systemd/keyctl
timeout.

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.

Re: New `no sound' problems

[Curt]

On 2018-08-07, deloptes  wrote:
> Curt wrote:
>
>> He means it's self-explanatory given you're using testing and when using
>> testing shit happens (things break)
>
> its not even testing it is sid - as far as I know it is after testing and
> there even more shit happens, so I don't understand why he/she should
> bother us or we should bother answering.
> This definitely is not a user query but rather something that goes to
> package/support etc.

Right, sorry, Sid is unstable not testing, which is even more 
"self-explanatory."

> For example I play with newer kernels from time to time and last time I
> compiled/installed 4.16 it broke sound - I was seeing the devices twice in
> all mixers - so I stayed on 4.15 for a while. I now compiled 4.17
> (yesterday) and all works just fine.
>
> Sid may work today but not tomorrow - this is the purpose of sid and if you
> are not debuggin/testing for debian, I am not sure you want to run anything
> on sid 
>
> regards
>
>
>


-- 
‘If I can’t have long hair or any fun, I can have a cat.’ 
Ernest Hemingway, “Cat in the Rain”

Using Sid (was: New `no sound' problems)

[Rodolfo Medina]

Curt  writes:

> On 2018-08-07, deloptes  wrote:
>> Curt wrote:
>>
>>> He means it's self-explanatory given you're using testing and when using
>>> testing shit happens (things break)
>>
>> its not even testing it is sid - as far as I know it is after testing and
>> there even more shit happens, so I don't understand why he/she should
>> bother us or we should bother answering.
>> This definitely is not a user query but rather something that goes to
>> package/support etc.
>
> Right, sorry, Sid is unstable not testing, which is even more
> "self-explanatory."


deloptes, Curt, I understand what you say so that I'm considering downgrading
to Stable.  Nevertheless, I'm not sure that the debian-user list should not
discuss problems arising from the use of Sid.  After all, my recent experience
with Sid and two problems coming up: `no sound' and `su/sudo', gave birth and
occasion for an interesting discussion with a lot of passionate users taking
part to it (the `su/sudo' one).  Discussions that turn to be useful and
clarifying also for Stable of course.  Secondarily, what is important I think
to point out is the fact that I've been using Sid for may years now - I that am
not expert at all - and, after all, the problems that I've had using Sid were
of minor issue.  Consider for example these two latest: the `no sound' problem
were easily solved simply removing pulseaudio, and the `su/sudo' one was just a
matter of doing, since now on, `su -' in place of `su': not a big one.

Thanks, cheers, 

Rodolfo

Re: luks, crypttab: why 3 partition only 2 passphrases entered

[Celejar]

On Wed, 8 Aug 2018 08:57:40 +0100
Jonathan Dowland  wrote:

> On Tue, Aug 07, 2018 at 11:10:39PM +0100, Carles Pina i Estany wrote:
> >That was quite lot of fun!
> 
> Good investigation and report, thanks, yes it was fun to read too!
> 
> Some time ago I added a second encrypted disk to my setup, but it is a
> removable one. I wanted to use the same encryption passphrase as my
> primary drive, so I looked into the systemd/keyctl stuff. I tried to
> override the timeout, because I plug in the external drive roughly once
> a month. (It's my offsite backup drive)
> 
> I figured out one hacky way to do that, but in the meantime a friend
> suggested I just use a key file for the removeable drive instead, stored
> on the internal encrypted drive. I considered my threat model, realised
> that was fine, so abandoned my attempts to change the systemd/keyctl
> timeout.

I've also been doing this (storing the encryption keyfile for my
external backup drives on my internal drive) for a while - I figure that
since the external drives are just backups of the internal, anyone with
access to the internal already has all the data on the external, so
there's no real loss of security incurred by storing the key on the
internal.

Celejar

Using jq to clean/organize SeaMonkey bookmarks?

[Richard Owlett]

My bookmarks have grown like Topsy
I have many duplicates and the tree structure is a mess.
I have two primary goals:
  1. find and purge duplicates.
  2. move folders around to create a more reasonable structure.

After trying several approaches and looking for useful tools I found
jq [https://stedolan.github.io/jq/]. One related page I found is titled 
"jq is sed for JSON".


An outline of a possible procedure might be:
 1. Export SeaMonkey bookmarks in JSON format.
 2. use jq to pretty print the JSON. It does so nicely.
 3. Find duplicate targets and delete all but one.
 4. Each leaf of the bookmark tree is an object.
Move these objects around to create a more friendly tree.
 5. Import the clean organized bookmarks.

Has anyone done this?
Is there a friendly in depth jq tutorial? The ones I've found tend to be 
on the "Hello world" level. There is just enough to tantalize.


Links of interest include:
https://stedolan.github.io/jq/manual/v1.5/
http://stedolan.github.io/jq/tutorial/
https://robots.thoughtbot.com/jq-is-sed-for-json

USB2 or 3 WiFi dual band adapters

[tony mollica]

  
  
Hello.
I need to find a good,
  reliable WiFi adapter.  I have an Alfa AWUS036ACH using a RTL8812au
chip
and there is support but it's
  unreliable.  Connects sometimes,
mostly not.  My older adapters work
but they're slow but maybe that's the compromise I need to resolve.
  
What's being used reliably?
Thanks,
Tony

  

Re: need help with sftp

[John Darrah]

On Tue, Aug 07, 2018 at 10:02:57AM -0700, Fred wrote:
> Hi,
> 
> On a new Sid installation I need to ftp some files to another computer on
> the network.  sftp appears to be the only ftp program available.  The other
> computers on the network do not use ssl so the ftp connection is refused
> from both directions.  One computer is using vsftp under Jessie.  I don't
> see any option that makes sftp just do plain ordinary ftp.  Is this
> hopeless?
> 

apt install lftp

-- 
john

Re: Any VPS recommendations?

[Hubert Hauser]

Good afternoon!
> What do you mean by “accept” those things?
>
> Do you mean, the terms of service allow you to make your VPS do those
> functions?
>
> Do you mean, the terms of service allow you to access the VPS from an
> anomymous proxy / Tor relay / etc., from another machine?
Yes.
> I assume this means “accept [cryptocurrency] as payment for the service”.
Yes, but I'm not sure if Bitcoin enough stable currency to regular pay
for VPS, so its support is rather optional.
> Do you require the ability to contact the support service via email?
> Some other contact method (which)?
Mainly e-mail.
> What is the relevant criterion that is common to those, and absent for
> other countries?
I want to country with very liberal law.

--
Cheers,
Hubert Hauser.


0x3C7DE8CE56189C2F.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: Any VPS recommendations?

[Hubert Hauser]

Good afternoon!

> What do you mean by “accept” those things?
>
> Do you mean, the terms of service allow you to make your VPS do those
> functions?
>
> Do you mean, the terms of service allow you to access the VPS from an
> anomymous proxy / Tor relay / etc., from another machine?
Yes.
> I assume this means “accept [cryptocurrency] as payment for the service”.
Yes, but I'm not sure if Bitcoin enough stable currency to regular pay
for VPS, so its support is rather optional.
> Do you require the ability to contact the support service via email?
> Some other contact method (which)?
Mainly e-mail.
> What is the relevant criterion that is common to those, and absent for
> other countries?
I want to country with very liberal law.

--
Cheers,
Hubert Hauser.


0x3C7DE8CE56189C2F.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: Using Sid (was: New `no sound' problems)

[Joe]

On Wed, 08 Aug 2018 13:13:32 +0200
Rodolfo Medina  wrote:

> Curt  writes:
> 
> > On 2018-08-07, deloptes  wrote:  
> >> Curt wrote:
> >>  
> >>> He means it's self-explanatory given you're using testing and
> >>> when using testing shit happens (things break)  
> >>
> >> its not even testing it is sid - as far as I know it is after
> >> testing and there even more shit happens, so I don't understand
> >> why he/she should bother us or we should bother answering.
> >> This definitely is not a user query but rather something that goes
> >> to package/support etc.  
> >
> > Right, sorry, Sid is unstable not testing, which is even more
> > "self-explanatory."  
> 
> 
> deloptes, Curt, I understand what you say so that I'm considering
> downgrading to Stable.  Nevertheless, I'm not sure that the
> debian-user list should not discuss problems arising from the use of
> Sid.  After all, my recent experience with Sid and two problems
> coming up: `no sound' and `su/sudo', gave birth and occasion for an
> interesting discussion with a lot of passionate users taking part to
> it (the `su/sudo' one).  Discussions that turn to be useful and
> clarifying also for Stable of course.  Secondarily, what is important
> I think to point out is the fact that I've been using Sid for may
> years now - I that am not expert at all - and, after all, the
> problems that I've had using Sid were of minor issue.  Consider for
> example these two latest: the `no sound' problem were easily solved
> simply removing pulseaudio, and the `su/sudo' one was just a matter
> of doing, since now on, `su -' in place of `su': not a big one.
> 
Yes, there's no suggestion that this list is 'stable-only', just that
sid users should expect a certain amount of trouble. 

Having said that, I don't think I've had more sound problems with my
sid workstations than with my stable server. Sound is generally a pig
on Linux, as the software base seems to change every few years, and
until recently, multiple sound cards had the same problem as multiple
NICs in that the OS couldn't seem to identify them reliably. I've
solved most of my sound problems by getting brutal and actually ripping
out and blacklisting drivers for the sound devices I'm not using.
Nothing less seemed to permanently solve the identity crisis.

-- 
Joe

SystemD problem with launching a server

[Bill]

Hi,

So I'd like to run rinetd at boot time on Stretch along with sshd.

I've no problem running rinetd manually using /usr/sbin/rinetd
or in a script using the same command. ps aux |grep rinetd shows it's 
running and it works as expected.


So I've written a service file for systemd, 
/etc/systemd/system/rinetd.service and enabled it with systemctl enable 
/etc/systemd/system/rinetd.service. At boot time the file gets run but 
nothing shows up with ps aux, although sshd is running correctly. I 
think the problem is with the systemd file. Here's the rinetd.service file:


# /etc/systemd/system/rinetd.service
# A systemd.service file to start
# /usr/sbin/rinetd at boot time.

[Unit]
Description=Start rinetd server
After=multi-user.target network.target sshd.service

[Service]
Type=oneshot
ExecStart=/usr/sbin/rinetd
Restart=no

[Install]
WantedBy=multi-user.target

Any clues? Is this file too sparse? Or am I pining for the fjords?

Bill



--
Sent using Icedove on Debian GNU/Linux.

Re: which program/command can show wireless connection quality?

[T BkRl]

Try wavemon! I used to use it on a laptop without graphics installed it 
requires ncurses but who doesn't love ncurses?

Get Outlook for iOS

From: Long Wind 
Sent: Wednesday, August 8, 2018 8:29:31 PM
To: Debian-user List Debian
Subject: which program/command can show wireless connection quality?

i have a USB wireless card, it doesn't seem stable, sometimes it's slow
i even suspect changing USB connector can affect network speed

which program can show connection quality?
i use twm, those that depend on big software (KDE/GNOME) are not preferred

Brother or Canon; not both

[Allen Hoover]

Ever since upgrading some customized Debian 64bit systems to Debian 8, I've
had trouble with the Canon UFRII printer drivers.  I've now been
testing this issue on a vanilla Debian 8, and Debian 9 system with the
same issues on both.

I use official Brother printer drivers which are i386 only, so have
multi-arch installed, and the libc6-i386 package.  The Canon UFRII
package installs fine, but when printing with any of those drivers the
following error shows in the status: "Idle - src =
libcanon_pdlwrapper.c, line = 514, err = 0nError Response:ReqNo=2,
SeqNo=3,opvpErrorNo=-2".  If I uninstall the libc6-i386 package, the
Canon drivers dont't throw an error, but the official Brother drivers
quit working. The Brother doesn't indicate any error, but it simply
prints nothing.

This was very repeatable on the 3 different systems( 2 systems were
fresh installs) I've tried.  Its like an On/Off switch, install
libc6-i386 and only one brand works, un-install and the only the other
brand works

-- 
Thanks, Allen

Re: SystemD problem with launching a server

[likcoras]

On 08/09/2018 08:02 AM, Bill wrote:
> So I've written a service file for systemd,
> /etc/systemd/system/rinetd.service and enabled it with systemctl enable
> /etc/systemd/system/rinetd.service. At boot time the file gets run but
> nothing shows up with ps aux, although sshd is running correctly. I
> think the problem is with the systemd file. Here's the rinetd.service file:
> 
> # /etc/systemd/system/rinetd.service
> # A systemd.service file to start
> # /usr/sbin/rinetd at boot time.
> 
> [Unit]
> Description=Start rinetd server
> After=multi-user.target network.target sshd.service
> 
> [Service]
> Type=oneshot
> ExecStart=/usr/sbin/rinetd
> Restart=no
> 
> [Install]
> WantedBy=multi-user.target

I suspect this is because rinetd is forking and not a oneshot script.
You have two choices here: you may use Tye=simple and pass -f to rinetd
(probably recommended, more straightforward to stop the process) or use
Type=forking and leave the rest as-is.

Type=oneshot is used for exactly that, one-shot scripts that are run
once and do not persist. Since rinetd does persist (forks by default),
oneshot is not a good choice here. It wouldn't let you stop the service
through systemd, for instance, even if it worked, without adding
ExecStop manually.

When writing service unit files, I especially find systemd.service(5)
and systemd.exec(5) helpful. Also see systemd.unit(5) for more generic
information on unit files as a whole.

Good luck!

Re: Using Sid (was: New `no sound' problems)

[deloptes]

Joe wrote:

> Having said that, I don't think I've had more sound problems with my
> sid workstations than with my stable server. Sound is generally a pig
> on Linux, as the software base seems to change every few years, and
> until recently, multiple sound cards had the same problem as multiple
> NICs in that the OS couldn't seem to identify them reliably. I've
> solved most of my sound problems by getting brutal and actually ripping
> out and blacklisting drivers for the sound devices I'm not using.
> Nothing less seemed to permanently solve the identity crisis.

Hi,
for my workstation (I want to turn it on and just work), I use stable. For
my server(s) the same. IMO Sid belongs in a VM for playing arround.
If you want to be one step ahead of time, try testing it is usually stable.

If you don't read/write code, I don't see why someone would use unstable. As
I mentioned ubuntu is much better to take in such a case (Not a developer,
but want to be ahead of debian time)

Regarding the sound - I never had a problem in the past 12+ years. Why?
Because I did configure the system properly and I use stable. So instead
of "getting brutal" you could setup your system properly and forget about
the issues.

One bad thing that people do is the install things on the production system
just to try them out. Take a second system - or a second drive - or a
second installation on the same driver. Test there and move to the working
environment, when you are sure it works.
With other works make backups before doing something on your production
system.

regards

Re: SystemD problem with launching a server

[john doe]

On 8/9/2018 1:02 AM, Bill wrote:

Hi,

So I'd like to run rinetd at boot time on Stretch along with sshd.

I've no problem running rinetd manually using /usr/sbin/rinetd
or in a script using the same command. ps aux |grep rinetd shows it's 
running and it works as expected.


So I've written a service file for systemd, 
/etc/systemd/system/rinetd.service and enabled it with systemctl enable 
/etc/systemd/system/rinetd.service. At boot time the file gets run but 
nothing shows up with ps aux, although sshd is running correctly. I 
think the problem is with the systemd file. Here's the rinetd.service file:


# /etc/systemd/system/rinetd.service
# A systemd.service file to start
# /usr/sbin/rinetd at boot time.

[Unit]
Description=Start rinetd server
After=multi-user.target network.target sshd.service

[Service]
Type=oneshot
ExecStart=/usr/sbin/rinetd
Restart=no

[Install]
WantedBy=multi-user.target

Any clues? Is this file too sparse? Or am I pining for the fjords?



Do you see anything in the log (systemctl status rinetd)?

From google:

https://github.com/mixool/rinetd/wiki/System-startup-script
https://github.com/mixool/rinetd

Isn't Debian providing a service file?

--
John Doe