Re: Bug with soft raid?

[steve]

Hello Andy,

Thank you very much for your lengthy and very informative answer.

After some investigation, I discovered that it was /dev/sdc that had
some problems. So I took it out of the Rais 1 array. But this didn't
really help since I got other freeze.

grep "120 seconds" kern.log
Feb 18 16:16:38 box kernel: [30209.474017] INFO: task md1_raid1:467 blocked for 
more than 120 seconds.
Feb 18 16:16:38 box kernel: [30209.474151] INFO: task md0_raid1:470 blocked for 
more than 120 seconds.
Feb 18 16:16:38 box kernel: [30209.474250] INFO: task jbd2/md0-8:982 blocked 
for more than 120 seconds.
Feb 18 16:16:38 box kernel: [30209.474447] INFO: task jbd2/md1-8:988 blocked 
for more than 120 seconds.
Feb 18 16:16:38 box kernel: [30209.474721] INFO: task configmgrWriter:26206 
blocked for more than 120 seconds.
Feb 18 16:16:38 box kernel: [30209.474944] INFO: task kworker/u56:1:25006 
blocked for more than 120 seconds.
Feb 18 16:16:38 box kernel: [30209.475150] INFO: task kworker/u56:2:26207 
blocked for more than 120 seconds.
Feb 18 16:18:39 box kernel: [30330.307956] INFO: task md1_raid1:467 blocked for 
more than 120 seconds.
Feb 18 16:18:39 box kernel: [30330.308088] INFO: task md0_raid1:470 blocked for 
more than 120 seconds.
Feb 18 16:18:39 box kernel: [30330.308188] INFO: task jbd2/md0-8:982 blocked 
for more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.751926] INFO: task md0_raid1:412 blocked for 
more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.752059] INFO: task md1_raid1:416 blocked for 
more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.752158] INFO: task jbd2/md1-8:988 blocked 
for more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.752348] INFO: task jbd2/md0-8:993 blocked 
for more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.752513] INFO: task uptimed:1174 blocked for 
more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.752743] INFO: task fetchmail:3121 blocked 
for more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.752990] INFO: task offlineimap:4247 blocked 
for more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.753195] INFO: task kworker/u56:0:10116 
blocked for more than 120 seconds.
Feb 19 11:03:22 box kernel: [ 8217.753390] INFO: task kworker/u56:2:11869 
blocked for more than 120 seconds.
Feb 19 11:05:22 box kernel: [ 8338.585502] INFO: task md0_raid1:412 blocked for 
more than 120 seconds.


On Fri, Feb 15, 2019 at 09:35:27AM +0100, steve wrote:

>for i in /dev/sd{b..f}; do echo "DISK: ${i}"; smartctl -l scterc "${i}"; sleep 
3; done

I get this for sdb and sdc

SCT Error Recovery Control:
  Read: Disabled
 Write: Disabled

and this for sdf

SCT Error Recovery Control:
  Read: 70 (7.0 seconds)
 Write: 70 (7.0 seconds)

What does it tell me ?


It means that sd[bc] may support SCTERC but it's disabled (promising),
and sdf does support it and it's set to 7 seconds (good).

For disks in Linux software RAID, SCTERC with a low timeout is
essential. If it's not possible then the block layer timeout for the
device should be increased.

You should try to set SCTERC for sd[bc] like so:

# for dev in /dev/sd[cd]; do smartctl -l scterc,70,70 "$dev"; done


I tried this:

smartctl -l scterc,70,70 /dev/sdb
smartctl 6.6 2016-05-31 r4324 [x86_64-linux-4.19.0-0.bpo.1-amd64] (local build)
Copyright (C) 2002-16, Bruce Allen, Christian Franke, www.smartmontools.org

SCT Error Recovery Control set to:
  Read: 70 (7.0 seconds)
 Write: 70 (7.0 seconds)

But then

smartctl -l scterc /dev/sdb
smartctl 6.6 2016-05-31 r4324 [x86_64-linux-4.19.0-0.bpo.1-amd64] (local build)
Copyright (C) 2002-16, Bruce Allen, Christian Franke, www.smartmontools.org

Unexpected SCT status 0x0046 (action_code=3, function_code=2)
SCT (Get) Error Recovery Control command failed


Which is weird…



If that works then great - all your drives support SCTERC and have low
timeouts.

If setting it to 70 (centiseconds, so 7 seconds) doesn't work then you
will need to increase the block layer timeout like this:


cat /sys/block/sdb/device/timeout 
30



echo 180 > /sys/block/sdb/device/timeout

Let's see if it helps.


I am here in a field that I don't master at all, so just following your advices.


Will let you know.

Thank you

Best,
Steve

Re: Can't scan new disk

[Curt]

On 2019-02-20, Mark Allums  wrote:
>>>
>> Maybe something simple like "lsof" command can shed some light on this 
>> problem?
>>      $ sudo lsof /dev/sdb
>>      $ sudo lsof /dev/sdb1
>
> root@martha:~# lsof /dev/sdb
> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1001/gvfs
>Output information may be incomplete.
> root@martha:~# lsof /dev/sdb1
> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1001/gvfs
>Output information may be incomplete.
> root@martha:~#

>From what I'm reading you'll have to be martha for this and not root
(*une fois n'est pas coutume*), if martha mounted.

>From man mount.fuse:

 SECURITY
   The fusermount program is installed set-user-gid to fuse. This is done to
   allow users from  fuse group to mount their own filesystem implementations.
   There must however be some limitations, in order to prevent Bad User from 
doing
   nasty things.  Currently those limitations are:

   1. The user can only mount on a mountpoint, for which it has write 
permission

   2. The mountpoint is not a sticky directory which isn't owned by the 
user (like /tmp usually
  is)

   3. No other user (including root) can access the contents of the mounted 
filesystem.

Re: Can't scan new disk

[Alexander V. Makartsev]

On 20.02.2019 11:16, Mark Allums wrote:
> On 2/17/19 10:59 PM, Alexander V. Makartsev wrote:
>> On 17.02.2019 1:21, Mark Allums wrote:
>>> On 2/16/19 2:41 AM, Curt wrote:
 On 2019-02-15, Mark Allums  wrote:
> I just bought a new backup disk, and I want to check it. It's
> mounted in
> a USB dock.
>
> Running the following gives an error:
>
> root@martha:~# umount /dev/sdb1
> root@martha:~# e2fsck -c -c -C 0 -f -F -k -p /dev/sdb1
> /dev/sdb1 is in use.
> e2fsck: Cannot continue, aborting.
>
> What's causing this and how do I fix it?  It's not MATE; I tried
> rebooting to rescue mode, but that didn't help.
>
> Mark

 People sometimes recommend 'fuser' in cases like these in order to
 identify processes that might be accessing the drive.

 I mean, the message says '/dev/sdb1 is in use.' Perhaps it is indeed.

   fuser -v -m /dev/sdb1

 Worth a try, maybe, as no one else seems to have suggested it.
>>>
>>> root@martha:~# fuser -v -m /dev/sdb1
>>> root@martha:~#
>>>
>>> No results.  Thanks.
>>>
>>> Mark
>>>
>> Maybe something simple like "lsof" command can shed some light on
>> this problem?
>>  $ sudo lsof /dev/sdb
>>  $ sudo lsof /dev/sdb1
>
> root@martha:~# lsof /dev/sdb
> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system
> /run/user/1001/gvfs
>   Output information may be incomplete.
> root@martha:~# lsof /dev/sdb1
> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system
> /run/user/1001/gvfs
>   Output information may be incomplete.
> root@martha:~#
>
There you have it. "lsof" command should not output anything if examined
object is not in use.
I assume that "/dev/sdb1" gets auto-mounted by gvfsd [1] for user with
UID 1001.
AFAIK GIO and company implements different mounting scheme without
involving traditional kernel mounting and allow to restrict mounted
devices only for user who mounted them.
So even root user can't access them if they are mounted by other user.
Try to use gio [2] utility to check status and unmount "/dev/sdb1" device.

[1] man gvfsd
[2] man gio

-- 
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄ 

Re: Can't scan new disk

[Mark Allums]

On 2/20/19 3:19 AM, Curt wrote:

On 2019-02-20, Mark Allums  wrote:



Maybe something simple like "lsof" command can shed some light on this
problem?
      $ sudo lsof /dev/sdb
      $ sudo lsof /dev/sdb1


root@martha:~# lsof /dev/sdb
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1001/gvfs
Output information may be incomplete.
root@martha:~# lsof /dev/sdb1
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1001/gvfs
Output information may be incomplete.
root@martha:~#



From what I'm reading you'll have to be martha for this and not root

(*une fois n'est pas coutume*), if martha mounted.


martha is the name of the server.



From man mount.fuse:


  SECURITY
The fusermount program is installed set-user-gid to fuse. This is done to
allow users from  fuse group to mount their own filesystem implementations.
There must however be some limitations, in order to prevent Bad User from 
doing
nasty things.  Currently those limitations are:

1. The user can only mount on a mountpoint, for which it has write 
permission

2. The mountpoint is not a sticky directory which isn't owned by the 
user (like /tmp usually
   is)

3. No other user (including root) can access the contents of the 
mounted filesystem.




The disk is not mounted.

Re: Can't scan new disk

[Mark Allums]

On 2/20/19 3:20 AM, Alexander V. Makartsev wrote:

On 20.02.2019 11:16, Mark Allums wrote:

On 2/17/19 10:59 PM, Alexander V. Makartsev wrote:

On 17.02.2019 1:21, Mark Allums wrote:

On 2/16/19 2:41 AM, Curt wrote:

On 2019-02-15, Mark Allums  wrote:
I just bought a new backup disk, and I want to check it. It's 
mounted in

a USB dock.

Running the following gives an error:

root@martha:~# umount /dev/sdb1
root@martha:~# e2fsck -c -c -C 0 -f -F -k -p /dev/sdb1
/dev/sdb1 is in use.
e2fsck: Cannot continue, aborting.

What's causing this and how do I fix it?  It's not MATE; I tried
rebooting to rescue mode, but that didn't help.

Mark


People sometimes recommend 'fuser' in cases like these in order to
identify processes that might be accessing the drive.

I mean, the message says '/dev/sdb1 is in use.' Perhaps it is indeed.

  fuser -v -m /dev/sdb1

Worth a try, maybe, as no one else seems to have suggested it.


root@martha:~# fuser -v -m /dev/sdb1
root@martha:~#

No results.  Thanks.

Mark

Maybe something simple like "lsof" command can shed some light on 
this problem?

 $ sudo lsof /dev/sdb
 $ sudo lsof /dev/sdb1


root@martha:~# lsof /dev/sdb
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system 
/run/user/1001/gvfs

  Output information may be incomplete.
root@martha:~# lsof /dev/sdb1
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system 
/run/user/1001/gvfs

  Output information may be incomplete.
root@martha:~#

There you have it. "lsof" command should not output anything if examined 
object is not in use.
I assume that "/dev/sdb1" gets auto-mounted by gvfsd [1] for user with 
UID 1001.
AFAIK GIO and company implements different mounting scheme without 
involving traditional kernel mounting and allow to restrict mounted 
devices only for user who mounted them.

So even root user can't access them if they are mounted by other user.
Try to use gio [2] utility to check status and unmount "/dev/sdb1" device.

[1] man gvfsd
[2] man gio



The disk is not mounted.

Yubikey and LUKS on testing (Buster)

[gpdsbe]

Hi! :)
Im trying to use yubikey with disk encryption.

Im running Buster and my partitions are

$ lsblk 
NAMEMAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
nvme0n1 259:00 238.5G  0 disk  
├─nvme0n1p1 259:10   512M  0 part  /boot/efi
├─nvme0n1p2 259:20   244M  0 part  /boot
└─nvme0n1p3 259:30 237.8G  0 part  
  └─nvme0n1p3_crypt 254:00 237.8G  0 crypt 
├─Laptop--vg-root   254:10   230G  0 lvm   /
└─Laptop--vg-swap_1 254:20   7.7G  0 lvm   [SWAP]


I insert yubikey with an empty slot on 2 and i execute the following commands 

$ sudo ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible

then

$ sudo yubikey-luks-enroll -d /dev/nvme0n1p3 -s 7

Then i reboot my computer and when it asks for a password to unlock my disk 
encryption I insert my yubikey.
It doesn't accept the password that i programmed to use with yubikey. 

Instead it accepts the password i use without the yubikey! The prompt to enter 
my password doesn't mention yubikey.

Any ideas?

Thanks in advance for your help!

PS.I have 2 yubikeys. I'm having the same problem with both of them.

Re: Can't scan new disk

[Thomas Schmitt]

Hi,

Mark Allums wrote:
> The disk is not mounted.

At least not from the perception of e2fsck, indeed, or else it would say
  "%s is mounted.\n"
instead of
  "%s is in use.\n"
See
  https://sources.debian.org/src/e2fsprogs/1.44.5-1/e2fsck/unix.c/?hl=269#L269
(found by
  https://codesearch.debian.net/search?q=package%3Ae2fsprogs+is+in+use
)

If i understand the code correctly, the program gets to that spot because
condition

  if ((!(ctx->mount_flags & (EXT2_MF_MOUNTED | EXT2_MF_BUSY))) ||

is not true. It says "is in use", because

  if (ctx->mount_flags & EXT2_MF_MOUNTED)

is not true. I.e. (ctx->mount_flags & EXT2_MF_BUSY) is true.

I bet that it is about open(2)/fcntl(2) flag O_EXCL, because of
  https://codesearch.debian.net/search?q=package%3Ae2fsprogs+EXT2_MF_BUSY
  
https://sources.debian.org/src/e2fsprogs/1.44.5-1/lib/ext2fs/ismounted.c/?hl=415#L410
where i see 

int fd = open(device, O_RDONLY | O_EXCL);

if (fd >= 0)
close(fd);
else if (errno == EBUSY)
*mount_flags |= EXT2_MF_BUSY;

O_EXCL has a special meaning with Linux device files. It works as advisory
locking with this file type only. In the context of mounting, a failure
with O_EXCL and success without that flag instructs the mounter to mount
read-only. In the context of CD burning, it tells an interested drive
groping program (except mount(8)) to leave the drive alone. Even cdrecord
joined that party.


So one should hop back to the sub-thread where open file pointers to
/dev/sdb1 were the main suspects.

fcntl(2) would be able to inquire the O_EXCL flag by command F_GETFL,
but it needs the file descriptor which is an integer number in the context
of the using process. Dunno whether it is possible to inquire this from
another process.


Have a nice day :)

Thomas

Re: Can't scan new disk

[Curt]

On 2019-02-20, Mark Allums  wrote:
> On 2/20/19 3:19 AM, Curt wrote:
>> On 2019-02-20, Mark Allums  wrote:
>
 Maybe something simple like "lsof" command can shed some light on this
 problem?
       $ sudo lsof /dev/sdb
       $ sudo lsof /dev/sdb1
>>>
>>> root@martha:~# lsof /dev/sdb
>>> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1001/gvfs
>>> Output information may be incomplete.
>>> root@martha:~# lsof /dev/sdb1
>>> lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1001/gvfs
>>> Output information may be incomplete.
>>> root@martha:~#
>> 
>>>From what I'm reading you'll have to be martha for this and not root
>> (*une fois n'est pas coutume*), if martha mounted.
>
> martha is the name of the server.

I said if. Poor martha.  Whoever mounted.
>
>>>From man mount.fuse:
>> 
>>   SECURITY
>> The fusermount program is installed set-user-gid to fuse. This is done to
>> allow users from  fuse group to mount their own filesystem 
>> implementations.
>> There must however be some limitations, in order to prevent Bad User 
>> from doing
>> nasty things.  Currently those limitations are:
>> 
>> 1. The user can only mount on a mountpoint, for which it has write 
>> permission
>> 
>> 2. The mountpoint is not a sticky directory which isn't owned by the 
>> user (like /tmp usually
>>is)
>> 
>> 3. No other user (including root) can access the contents of the 
>> mounted filesystem.
>> 
>> 
>
> The disk is not mounted.

I don't think it matters (as you seem to have demonstrated).



-- 

When you have fever you are heavy and light, you are small and swollen, you
climb endlessly a ladder which turns like a wheel. 
Jean Rhys, Voyage in the Dark

Re: get my ip address

[tony]

On 19/02/2019 17:36, Dan Ritter wrote:
> tony wrote: 
>> On 19/02/2019 16:10, Greg Wooledge wrote:
>>> On Fri, Feb 15, 2019 at 11:11:29AM +0100, tony wrote:
 Debian 9. I need to read my IPv6 address into a python script.
>>>
>>> Why?
>>>
>>>  may offer some insight.

> That sounds like a job for a dynamic dns client.
> 
> existing Debian packages:
> 
> ddclient (multiple backend services supported)
> ddupdate (also supports multiple services, more plugin-oriented)
> dyfi  (Finnish users only)
> dyndns   (multiple services)
> ez-ipupdate (multiple services)
> ipcheck (dyndns protocol specific, but many services use it)
> isc-dhcp-client-ddns  (adds dynamic dns to DHCP)
> 
> Don't reinvent the wheel, when it looks like it already has
> seven versions already.
> 

Right, I've had a (brief) look at some of those, and it seems to me that
none offer a better solution than what I've already got.

This thread has now drifted from my asking whether there was any way of
interrogating the hardware to obtain the current IP6 address of host -
apparently not - via an outburst of pedantry, to recommendations on some
off the shelf libraries to update a DNS. I have no problem; I was simply
investigating alternatives to obtaining the current IP6 address, and
thanks to an early reply came up with netifaces, which does a fine job.

As I previously mentioned, I have a well-tried program for keeping my
DNS updated - albeit for IP4 only, and all I want is to extend that for
IP6. Re-inventing the wheel? No, just a natural evolution. I'd be
re-inventing the wheel if I scrapped what I've got, simply to use a
general-purpose library.

If I were starting from scratch, I may well consider a ready-made
client. One drawback that is immediately apparent, and may well be a
misunderstanding on my part, is that any of the clients mentioned
require to be configured with a particular (proprietary) protocol, to
communicate with a (proprietary) dynamic DNS server (DynDNS seems to be
the favourite). Nowhere have I seen NSUpdate mentioned. Maybe there's a
reason for that, but I'm quite happy with NSUpdate.

So, whilst I appreciate all your attempts to help, I think I'll stick
with what I've got.

Thanks all.

Cheers, Tony

Re: Yubikey and LUKS on testing (Buster)

[Roberto C . Sánchez]

On Wed, Feb 20, 2019 at 12:15:57PM +0200, gpd...@mailbox.org wrote:
> 
> Then i reboot my computer and when it asks for a password to unlock my disk 
> encryption I insert my yubikey.
> It doesn't accept the password that i programmed to use with yubikey. 
> 
> Instead it accepts the password i use without the yubikey! The prompt to 
> enter my password doesn't mention yubikey.
> 
> Any ideas?
> 
I do not know specifically about using a YubiKey with LUKS in the way
that you describe.  However, I have had good results using the static
password (3-5 second press) like I would a normal password entered from
the keyboard.

As far as it accepting the non-yubikey password, remember that a LUKS
container has multiple key slots (8 or 24, I do not recall precisely at
the moment).  Accessing a LUKS container only requires that a single key
be unlocked, so any available password is sufficient to gain access.
Once you have the yubikey-based password working, you will need to
remove the other key slot if you no longer want that password to unlock
the container.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: Can't scan new disk

[Curt]

On 2019-02-20, Alexander V. Makartsev  wrote:
>>
> There you have it. "lsof" command should not output anything if examined
> object is not in use.

I believe you're wrong, at least according my experimentations below.

curty@einstein:~$ mount | grep /dev/sdb1
/dev/sdb1 on /media/76b40b65-5871-4e11-8ed7-64b76e1b4808 type ext2 
(rw,nosuid,nodev,noexec,relatime,block_validity,barrier,user_xattr,acl,user)
root@einstein:/home/curty# umount /dev/sdb1
root@einstein:/home/curty# mount | grep /dev/sdb1
root@einstein:/home/curty# 
root@einstein:/home/curty# lsof /dev/sdb1
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
  Output information may be incomplete.
curty@einstein:~$ lsof /dev/sdb1
curty@einstein:~$ 

Re: get my ip address

[Dan Ritter]

tony wrote: 
> This thread has now drifted from my asking whether there was any way of
> interrogating the hardware to obtain the current IP6 address of host -
> apparently not 

The hardware doesn't know IP addresses. The kernel knows those.

$ ip -6 a show eth0
2: eth0:  mtu 1500 state UP
qlen 1000
inet6 2001:470:1e07:ff7:d63d:7eff:fe93:e318/64 scope global
   valid_lft forever preferred_lft forever
inet6 fe80::d63d:7eff:fe93:e318/64 scope link
   valid_lft forever preferred_lft forever

$ ip -6 r show | grep eth0
2001:470:1e07:ff7::/64 dev eth0 proto kernel metric 256  pref
medium
fe80::/64 dev eth0 proto kernel metric 256  pref medium

Tra-la.

Didn't you get this answer before?

-dsr-

Re: get my ip address

[tony]

On 20/02/2019 13:24, Dan Ritter wrote:
> tony wrote: 
>> This thread has now drifted from my asking whether there was any way of
>> interrogating the hardware to obtain the current IP6 address of host -
>> apparently not 
> 
> The hardware doesn't know IP addresses. The kernel knows those.
> 
> $ ip -6 a show eth0
> 2: eth0:  mtu 1500 state UP
> qlen 1000
> inet6 2001:470:1e07:ff7:d63d:7eff:fe93:e318/64 scope global
>valid_lft forever preferred_lft forever
> inet6 fe80::d63d:7eff:fe93:e318/64 scope link
>valid_lft forever preferred_lft forever
> 
> $ ip -6 r show | grep eth0
> 2001:470:1e07:ff7::/64 dev eth0 proto kernel metric 256  pref
> medium
> fe80::/64 dev eth0 proto kernel metric 256  pref medium
> 
> Tra-la.
> 
> Didn't you get this answer before?
> 
> -dsr-
> 

Many times.

Re: Can't scan new disk

[Celejar]

On Tue, 19 Feb 2019 21:27:39 -0800
David Christensen  wrote:

> On 2/19/19 7:21 PM, Celejar wrote:
> > On Tue, 19 Feb 2019 18:48:23 -0800
> > David Christensen  wrote:
> >> AFAIK there are no commercial off the shelf (COTS) USB-SATA docks with
> >> FOSS hardware (device), firmware (device), or software (device or host).
> >>(If somebody knows of any examples, please post the URL's.)
> > 
> > I'm still not sure what you're saying - there certainly are COTS
> > devices fully supported by FOSS software. E.g., I have a Syba
> > SY-ENC50091:
> > 
> > https://www.sybausa.com/index.php?route=product/product&product_id=885
> > 
> > It works fine under Debian without needing any non-free stuff, as far
> > as I recall.
> 
> The Syba USB-SATA dock works with Debian because the HDD manufacturer, 
> Syba, the USB cable manufacturer, the computer manufacturer, and Debian 
> have implemented everything needed for an end-to-end connection from the 
> HDD firmware kernel to the Debian Linux kernel.  Standards facilitated 
> that result.

Exactly. So what do you mean when you say that "there are no commercial
off the shelf (COTS) USB-SATA docks with FOSS hardware (device),
firmware (device), or software (device or host)"?

> > If you're objecting to the hardware not being FOSS, my understanding
> > is that most useful hardware isn't. Is the SATA hardware itself FOSS?
> 
> I agree that, historically, hardware has often been closed-source.  But, 
> similar to software, there are open-source hardware projects:
> 
> https://en.wikipedia.org/wiki/Open-source_hardware

Of course. But unlike with software, they are relatively few and minor,
and a normal user can't hope to go FOSS hardware as he can with software

Celejar

Re: Yubikey and LUKS on testing (Buster)

[Georgios Pediaditis]

> As far as it accepting the non-yubikey password, remember that a LUKS
> container has multiple key slots (8 or 24, I do not recall precisely at
> the moment).  Accessing a LUKS container only requires that a single key
> be unlocked, so any available password is sufficient to gain access.
> Once you have the yubikey-based password working, you will need to
> remove the other key slot if you no longer want that password to unlock
> the container.

Thanks for your reply.

I know that it has multiple slots. For the time being that's the only reason i 
can open my laptop :-p

It must be challenge response and not static password since i already use the 
yubikey slot 1 and i need to use yubikey slot 2 with challenge response on 
other services.

Thanks again for your help

Re: Yubikey and LUKS on testing (Buster)

[Curt]

On 2019-02-20, Georgios Pediaditis  wrote:
>
>> As far as it accepting the non-yubikey password, remember that a LUKS
>> container has multiple key slots (8 or 24, I do not recall precisely at
>> the moment).  Accessing a LUKS container only requires that a single key
>> be unlocked, so any available password is sufficient to gain access.
>> Once you have the yubikey-based password working, you will need to
>> remove the other key slot if you no longer want that password to unlock
>> the container.
>
> Thanks for your reply.
>
> I know that it has multiple slots. For the time being that's the only
> reason i can open my laptop :-p
>
> It must be challenge response and not static password since i already
> use the yubikey slot 1 and i need to use yubikey slot 2 with challenge
> response on other services.
>
> Thanks again for your help
>
>

As you omitted the part about appending
'keyscript=/usr/share/yubikey-luks/ykluks-keyscript' to your
/etc/crypttab file and subsequently running 'update-initramfs -u' in
your description of your procedure, I'm wondering whether you
inadvertently skipped that step.

https://github.com/cornelinux/yubikey-luks

Re: guacamole - recording

[Peter Ludikovsky]

¡Saludos!

Esta lista es para correos enviados en inglés. Si necesita ayuda en
español, escriba a la lista debian-users-spanish en
https://lists.debian.org/debian-user-spanish/.

Saludos,
Peter

On 19.02.19 21:53, Eriel Perez wrote:
> Saludos amigos de la lista. 
> 
> Tengo guacamole instalado en debían con RDP a 1 pc en windows 10. Y funciona 
> bien. Aunque quisiera hacerle algunas mejoras. Por ejemplo, en la config con 
> el cliente de windows tengo que especificar el usuario y psw del usuario en 
> windows para que pueda funcionar. o sea no me llega a la pantalla de login de 
> windows para que pueda entrar por cualquier usuario local de windows. 
> 
> Y bueno lo mas importante, tengo entendido que guacamole hace recording de 
> las sesiones que se hagan. No logro hacer que esto me funcione. Cualquier 
> persona por aquí que tenga experiencia en el tema y me pueda ayudar se lo 
> agradecería.
> 
> Gracias.
> 



signature.asc
Description: OpenPGP digital signature

Re: guacamole - recording

[Eriel Perez]

Greetings friends from the list.

I have guacamole installed in should with RDP to 1 pc in windows 10. And it 
works fine. Although I would like to make some improvements. For example, in 
the config with the windows client I have to specify the user and psw of the 
user in windows so that it can work. that is, I do not get to the windows login 
screen so you can enter by any local windows user.

And good the most important thing, I understand that guacamole makes recording 
of the sessions that are done. I can not make this work for me. Anyone around 
here who has experience in the subject and can help me would appreciate it.

Thank you.

> On Feb 20, 2019, at 10:10 AM, Peter Ludikovsky  wrote:
> 
> Saludos amigos de la lista. 
> 
> Tengo guacamole instalado en debían con RDP a 1 pc en windows 10. Y funciona 
> bien. Aunque quisiera hacerle algunas mejoras. Por ejemplo, en la config con 
> el cliente de windows tengo que especificar el usuario y psw del usuario en 
> windows para que pueda funcionar. o sea no me llega a la pantalla de login de 
> windows para que pueda entrar por cualquier usuario local de windows. 
> 
> Y bueno lo mas importante, tengo entendido que guacamole hace recording de 
> las sesiones que se hagan. No logro hacer que esto me funcione. Cualquier 
> persona por aquí que tenga experiencia en el tema y me pueda ayudar se lo 
> agradecería.
> 
> Gracias.

Re: Looking for advise to replacy Pan newsreader

[Eric S Fraga]

On Sunday, 17 Feb 2019 at 06:51, Nate Bargmann wrote:
> How can it be configured to show all headers both read and unread even
> after leaving and coming back to a group?  This is my gripe about most
> newsreaders where the default is trim the headers list aggressively.

You can use /o for showing all "old" messages.  But I doubt you really
want this for some groups.  What works well, in practice, however, is to
show all the old headers in threads for any new messages.  You can get
this behaviour by setting gnus-fetch-old-headers to t.

> The news server I used in the past was news.aioe.org and it is still
> online.

I used to use this but, these days, gmane gives me access to all the
groups I read.

-- 
Eric S Fraga via Emacs 27.0.50 & org 9.2.1 on Debian buster/sid

Re: Can't scan new disk

[Jude DaShiell]

umount /dev/sdb probably will work better.
gparted /dev/sdb also.
if those two don't throw errors, try print command inside gparted and
learn about your new hardware.


--

Re: Yubikey and LUKS on testing (Buster)

[gpdsbe]

Thanks for the reply! You are right! I was looking to older instructions that 
didnt include that info!

> 
> As you omitted the part about appending
> 'keyscript=/usr/share/yubikey-luks/ykluks-keyscript' to your
> /etc/crypttab file and subsequently running 'update-initramfs -u' in
> your description of your procedure, I'm wondering whether you
> inadvertently skipped that step.
> 
> https://github.com/cornelinux/yubikey-luks
> 
>

Offender: MOSAY, CLINT

[CorrLinks]

This is a system generated message informing you that the above-named person is 
a WIDOC prisoner who seeks to add you to his/her contact list for exchanging 
electronic messages.  There is no message from the prisoner at this time.

You can ACCEPT this prisoner's request or BLOCK this individual or all WIDOC 
prisoners from contacting you via electronic messaging at www.corrlinks.com.  
To register with CorrLinks you must enter the email address that received this 
notice along with the identification code below.

Email Address: debian-user@lists.debian.org
Identification Code: 2XY5SC8D
This identification code will expire in 10 days. 

By approving electronic correspondence with WIDOC prisoners, you consent to 
have the WIDOC staff monitor the content of all electronic messages exchanged. 

Once you have registered with CorrLinks and approved the prisoner for 
correspondence, the prisoner will be notified electronically.

*

Este es un mensaje generado por el sistema que le informa que la persona 
mencionada es un prisionero WIDOC que pretende añadirlo a usted a su lista de 
contactos para intercambiar mensajes electrónicos. No hay ningún mensaje del 
preso en este momento

Usted puede ACEPTAR esta petición del preso o BLOQUEAR a esta persona o a todos 
los presos de WIDOC de contactarlo a usted a través de la mensajería 
electrónica en www.corrlinks.com. Para inscribirse en CorrLinks debe introducir 
la dirección de correo electrónico que recibió esta notificación, junto con el 
código de identificación a continuación.

Dirección de correo electrónico: debian-user@lists.debian.org
Código de identificación: 2XY5SC8D
Este código de identificación expirará en 10 días.

Your Password Reset Link from CorrLinks

[Web]

To reset your password, please click the link below.  This link will expire in 
24 hours.

https://www.corrlinks.com/R.aspx?c=d04a199a-bd92-42c9-8654-5384a255da06

Re: Your Password Reset Link from CorrLinks

[Gene Heskett]

On Thursday 21 February 2019 01:14:03 w...@corrlinks.com wrote:

> To reset your password, please click the link below.  This link will
> expire in 24 hours.
>
> https://www.corrlinks.com/R.aspx?c=d04a199a-bd92-42c9-8654-5384a255da0
>6

Whats worse is that my isp is rightfully rejecting some of this bs as 
spam, but I get the threatening msgs from the debian server, threatening 
to unsuscribe me for the bounces. debian shoulda rejected it in the 
first place.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Your Password Reset Link from CorrLinks

[Reco]

Hi.

On Thu, Feb 21, 2019 at 02:30:48AM -0500, Gene Heskett wrote:
> On Thursday 21 February 2019 01:14:03 w...@corrlinks.com wrote:
> 
> > To reset your password, please click the link below.  This link will
> > expire in 24 hours.
> >
> > 
> 
> Whats worse is that my isp is rightfully rejecting some of this bs as 
> spam, but I get the threatening msgs from the debian server, threatening 
> to unsuscribe me for the bounces.

You do not bounce to the list - [1]. Yes, even if it's spam.
They will excommunicate you if you insist on bouncing to the list.

If you want to notify listmaster team about spam, you should bounce to [2].


> debian shoulda rejected it in the first place.

And you can help this by reporting an offending e-mail as spam, see [1].

Reco

[1] https://wiki.debian.org/Teams/ListMaster/FAQ
[2] mailto:listmas...@lists.debian.org