Hello,
An OpenVPN 2.6 server is connected to multiple OpenVPN 2.5 clients.
On the clients, a warning happens regularly:
WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532',
remote='tun-mtu 1500'
There is no tun-mtu config neither on the server nor on the clients. There is
howev
Hello,
On Tue, Jun 24, 2025 at 09:33:52AM +, michael.davis303 via Openvpn-users
wrote:
> ping6: sendmsg: Permission denied (even with doas used)
No recent experience with *BSD, but on Linux, you get that kind of behaviour
with firewall rules, AFAIR.
Hello,
On Fri, May 23, 2025 at 12:51:58PM +0200, Marc SCHAEFER wrote:
> changelog says:
>
>linux-signed-amd64 (5.10.237+1) bullseye-security; urgency=high
it looks like the DLA was published today, and it's also linked to
the recent microcode update.
> Is there a
Hello,
changelog says:
linux-signed-amd64 (5.10.237+1) bullseye-security; urgency=high
[ and a very long list of changes, I saw mostly local issues and
WiFi
]
I don't think I saw the DLA for it in https://www.debian.org/lts/security/
nor e-mail.
Is there a reason to upgrade immed
Hello,
On Thu, May 22, 2025 at 10:49:56AM +0100, Sean Whitton wrote:
> It seems that Mojolicious upstream take the view that application
> authors are responsible for configuring a secure session secret and so
> the fact these the defaults are not cryptographically secure is not
> something to fix
Hello,
On Wed, May 07, 2025 at 08:41:00AM -0600, Charles Curley wrote:
> syncthing does what it calls file versioning.
> https://docs.syncthing.net/users/versioning.html
Aha, interesting!
Thank you.
Hello,
On Tue, May 06, 2025 at 10:53:08AM +0300, Anssi Saari wrote:
> > Has anyone experienced the following setup:
>
> I wonder how fast the git repo grows as you add stuff in the keepass
> database?
That's indeed a good question. I liked the idea of having an history
of the password database
Hello,
Has anyone experienced the following setup:
On a standard system (Debian GNU/Linux):
- install keepassxc, create a master password and a database file
[ alternative: keepass2, but mono dependancy ]
- make sure that database file is on a git, pushable to a
remote repository (I like gi
On Mon, Apr 14, 2025 at 03:08:11PM +0200, didier gaumet wrote:
> please take all that precedes with a grain of salt: I do not install and set
> up ssh servers :-)
All input is welcome, thank you.
I wrote:
> If you
>sudo systemctl disable cups # and maybe others
Actually, if you follow the discussion, the CUPS Bonjour auto-discovery
- it presumably handled by the cups-browsed package
(you can uninstall it, or systemctl disable it,
if you don't want printer auto-detection
Hello,
On Sun, Apr 13, 2025 at 11:38:01AM -0400, Stefan Monnier wrote:
> Why do you need cups ports open to print?
You presumably do not, in the general sense.
On this machine, I have this:
tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN
10711/cupsd
tcp
Hello,
On Sun, Apr 13, 2025 at 06:24:50PM +0200, didier gaumet wrote:
> didier@hp-notebook14:~$ ldd /usr/sbin/tinysshd
> linux-vdso.so.1 (0x7ffdb29f7000)
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f54a996c000)
> /lib64/ld-linux-x86-64.so.2 (0x7f54a9c2e000)
>
Hello,
> would you be open to using another implementation of an ssh server?
> If so, it would be a third approach:
Yes, it would be. It might help with the attack surface issue of
current sshd.
However, I would guess that most of the alternative to OpenSSH are
using libssh, which also had some
Hello,
On Sun, Apr 13, 2025 at 10:59:45AM -0400, Lee wrote:
> I taking a class at the local library; my laptop has avahi and cups
> ports open .. which I'm not thrilled about but I like the zero-conf
> printing ability.
If you
sudo systemctl disable cups # and maybe others
then, you can do
Hello,
Jumping into your interesting ssh vs VPN discussion:
On Sat, Apr 12, 2025 at 07:24:17AM +0200, to...@tuxteam.de wrote:
> - you didn't explain how "a VPN's" mechanism is inherently more
> secure than sshd's, given that their mechanisms are all pretty
> similar.
I agree. Especially si
Hello,
systemd dependancies that are activated on a Debian system imply a lot
of library injections into sshd, much more than the stock OpenBSD ssh.
To avoid this, there seem to be two approaches:
- remove those dependancies (see below)
- confine the impact of those dependancies, as propo
On Thu, Apr 10, 2025 at 05:32:06PM +0200, Félix Hauri via gull wrote:
> Au fait, tu connais
>https://f-hauri.ch/vrac/reshellcheck.sh
>https://f-hauri.ch/vrac/parShellCheck.sh
Non, ça me dépasse :)
___
gull mailing list
gull@forum.linux-gull.ch
ht
On Thu, Apr 10, 2025 at 03:58:43PM +0200, Félix Hauri via gull wrote:
> Le Thu, Apr 10, 2025 at 10:54:02AM +0200, Marc SCHAEFER via gull a écrit :
> > Un commentaire: j'utilise un IDS, et donc la parallélisation des
> > connexions pourrait le trigger. Je vais donc utilise
Salut,
On Thu, Apr 10, 2025 at 10:11:51AM +0200, Félix Hauri via gull wrote:
> Je suis heureux de vous présenter mon petit dernier: certShow.sh
Cool!
En ce qui me concerne, j'ai un test de connectivité HTTPS pour tous mes
sites, mais bien évidemment, ça n'avertit pas à l'avance de l'expiration
d
On Fri, Apr 04, 2025 at 11:40:39AM +0200, Marc SCHAEFER via Postfix-users wrote:
> - except for a single case where I want to bypass milters
>
> Any idea except running a completely different Postfix daemons set
> on different spool directories?
Replying to myself: would [1] and spec
Hello,
On Fri, Apr 04, 2025 at 11:25:41AM +0200, Matus UHLAR - fantomas via
Postfix-users wrote:
> Perhaps you could use "-C config_dir" option to specify config path of
> another postfix instance, but I'm not sure it's a good idea.
On this topic, I was trying to make so sendmail uses a differen
Hello,
I run a nut-server & nut-client on Debian bullseye connected to an UPS.
It works very well: there are syslog messages for when the current is
down and it's on battery, I can see the various statistics with upsc.
However, it does not seem it really shuts down when low on battery.
I noticed
Errata:
On Thu, Mar 06, 2025 at 11:59:15AM +0100, Marc SCHAEFER via gull wrote:
> possible. Le MAS-RAD a pour but principale la reconversion
> professionnele d'ingénieur-e-s informaticien-ne-s vers les métiers de la
> digitalisation, ou, plus concrètement, du développement logicie
Bonjour,
On Wed, Mar 05, 2025 at 09:12:21PM +0100, Philippe Ney via gull wrote:
> Ce serait pas mal d'avoir une certification officielle provenant de
> python.org.
C'est ainsi que fonctionne souvent l'industrie. Après on peut se poser
la question de la qualité et de la valeur des certifications d
Hello,
On Thu, Feb 27, 2025 at 05:34:07PM +0100, Salvatore Bonaccorso wrote:
> Cf. https://lists.debian.org/debian-lts-announce/2025/02/msg00019.html
Thank you, docker.io is indeed listed.
I don't really use go, so I usually delete those security reports
without reading them.
However, I seem to
Hello,
There is a docker.io upgrade for bullseye:
https://security-tracker.debian.org/tracker/TEMP-000-7C9547
However, it was not yet announced, if I am not mistaken.
Is this because of a responsible disclosure policy?
$ dpkg -s docker.io|grep Version
Version: 20.10.5+dfsg1-1+deb11u3
$
Dear Marko,
On Thu, Jan 09, 2025 at 05:26:29PM +0100, Matej Marko wrote:
> I don't use Debian or Debian based distributions, because you don't support
> F2FS. Other distribution yes.
First a disclaimer: I am not part of the Debian project nor the LTS team, but
just a satisfied user.
You are wri
On Tue, Nov 26, 2024 at 04:30:46PM +0100, Claude Paroz via gull wrote:
> https://bonjourlafuite.eu.org/
Tiens, d'ailleurs, en France, il y a des lois pour obliger les
entreprises à informer. C'est vrai qu'on entend souvent dire qu'en
France -- ou en Europe en général -- il y aurait "trop de lois
Hello,
On Sat, Nov 09, 2024 at 01:53:46PM +, Richard Lewis wrote:
> (as above, we wouldn't want to include any syslog-summary in the
> debian package but we should keep the support for such local scripts:
> i think it should still work if the script is correct)
Yes, I read the whole thread AN
Hello,
You can find my script here:
https://git.alphanet.ch/gitweb/?p=various;a=blob;f=logcheck/syslog-summary;h=dcfe82b9ab2065309dc39f929d0d5c9055c75f55;hb=HEAD
It basically attempts to merge similar lines and count them, handy
e.g. for DNS DDoS while still being able to see what is happening
i
Dear contributor,
On Tue, Nov 05, 2024 at 06:42:07PM +0100, Nicolas George wrote:
> I suggest you try compiling projects more complex than Hello World.
It is always a sliding slope to assume things about people
you interact with on mailing-lists.
When I do compile complex projects, I usually sta
Hello,
On Tue, Nov 05, 2024 at 12:11:39PM +0100, Nicolas George wrote:
> > It could have been handy on a real tty
>
> It is very handy on emulated ttys too. You never had the output of
> tcpdump / tail -f /var/log/ / make you wanted to pause to inspect
> something?
On slow, physical VT100 termin
Hello,
Something funny is that on a pty you have XON/XOFF software flow control
enabled by default:
- if you type C-s (XOFF), output will be paused
- if you type C-q (XON), output will be resumed
It could have been handy on a real tty -- serial line/port -- although
when I was using modems
Hello,
On Fri, Oct 25, 2024 at 05:22:20PM +0200, Frederic Dumas via gull wrote:
> détenteur de son copyright réside aux États-Unis. C'est une directive
> du président Biden de 2022, qui fait obligation aux entités situées
> sur le territoire américain et travaillant dans l'IT, d'exclure les
> Russ
On Sat, Oct 12, 2024 at 09:46:40PM +0200, Marc SCHAEFER via gull wrote:
> Donc c'est bien en direction de l'optimiseur qu'il faut probablement
> regarder, tout en étant conscient que l'exemple ci-dessus est tiré
> par les cheveux.
Très concrètement (sur une machine
Hello,
On Sun, Oct 13, 2024 at 08:16:04AM +1300, Thomas Munro wrote:
> > template1=> SELECT COUNT(*) FROM pg_class a, pg_class b, pg_class c;
> >
> > I see only one 100% CPU PostgreSQL process.
>
> If you set set min_parallel_table_scan_size = 0 then it uses
Without it, it uses one CPU and takes
Bonjour,
On Fri, Oct 11, 2024 at 08:51:26AM +0200, Marc SCHAEFER via gull wrote:
> Si jamais tu arrivais à faire une requête, par exemple sur les
> tables internes de PostgreSQL -- ou en nous fournissant les données
> et les requêtes -- qui montre le problème, on pourrait tester
Hello,
on a machine where starting two processes:
perl -e 'while (1) { ; }'
I see two processed at 100% CPU, which is expected (with top).
Now, if I do:
template1=> SELECT COUNT(*) FROM pg_class a, pg_class b, pg_class c;
I see only one 100% CPU PostgreSQL process.
I read that while Postgre
Salut,
On Thu, Oct 10, 2024 at 07:17:12PM +0200, felix via gull wrote:
> > et forcer avec https://postgresqlco.nf/doc/en/param/debug_parallel_query/
> Tiens, merci! Je vais
> - essayer ça
> - comparer les **résultats** à proprement parler des fameuses queries...
>( En y repensant, je ne me s
Hello,
On Thu, Oct 10, 2024 at 08:39:03AM +0200, felix via gull wrote:
> Les machines sont différentes, mais cela n'explique pas:
>- Window 32G 12 coeurs 3GHz
>- Linux 16G 8 coeurs. 3.2GHz
> Sous linux la swap n'est pas accédée.
Attention à ce que Linux soit natif, pas comme VM. La diff
Salut,
On Thu, Oct 10, 2024 at 08:23:37AM +0200, felix via gull wrote:
> > Ça me parait un bon moyen de les faire ré-allouer sans plus attendre
> > par le firmware du HDD.
> C'est son boulot, (au firmware du HDD)!
Il y a bien longtemps, disons plus de 30 ans, le SCSI disposait de pages
de mode o
Hello,
On Mon, Sep 30, 2024 at 05:04:24PM +0200, Frederic Dumas via gull wrote:
> On me glisse dans l'oreillette qu'il serait peut-être temps de passer à
> nftables, plutôt que de bricoler ipset en surcouche d'iptables. :-) Merci à
> la régie !
Tout à fait. Même si dans les cas simples, il semb
Bonjour,
Certains, pour garantir l'intégrité de leur données utilisent btrfs ou
zfs. Mais il y a d'autres approches possibles, et j'en ai documenté une
qui respecte l'approche en couche UNIX:
https://wiki.alphanet.ch/Sandbox/ExperienceIntegriteFS
Bon appétit :)
___
Hello,
On Wed, Oct 02, 2024 at 08:05:44AM -, Chupin Maxime via Mailman-users wrote:
> Thank you. So, using `mailman-web makemigrations --merge` as `root` is the
> right way to do it (as it call user `www-data`). Unfortunately, I get the
> error wrote in my first message:
> PermissionError: [
On Tue, Oct 01, 2024 at 08:10:54PM -0700, Mark Sapiro wrote:
> Look at the contents of the mailman-web script. My guess is it contains
> `sudo -u list ...`
Not exactly:
(debian bookworm)
su -s /bin/sh -c "python3 /usr/share/mailman3-web/manage.py $*" www-data
if run from root, it should not req
On Tue, Oct 01, 2024 at 11:29:52AM -, Chupin Maxime via Mailman-users wrote:
> Another error message from the cron executions:
Under Debian, I wrote a script for fixing up a few things, you can find it here:
https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/OONLWQYV3
Hello,
On Tue, Oct 01, 2024 at 11:08:19AM -, Chupin Maxime via Mailman-users wrote:
> root@machine: sudo -u list bash
If you are root already, you could also use su:
su - -u list -s /bin/bash -c "mailman-web makemigrations --merge"
(the -s /bin/bash is because the list account has a /usr/s
Hello,
et quelques infos sur TCP/TSO: (sans rapport avec notre sujet):
Très généralement, il y a deux façons de faire des I/Os:
- traiter une interruption pour chaque trame, voire parfois
par liste de trames (scatter/gather DMA)
- faire du polling
et il est aussi possible de combiner
Hello,
On Sat, Sep 28, 2024 at 03:52:20PM +0200, Frederic Dumas via gull wrote:
> Il faut maintenant purger les 70K+ drops d'iptable, peut-être exporter
> les IP de fail2ban. Une fois le package ipset ajouté au système, où se
> fait la configuration manuelle pour dire à fail2ban de l'utiliser,
> p
Hello,
On Sat, Sep 28, 2024 at 01:33:06PM +0200, felix via gull wrote:
> Ce n'est pas pour rien que je configure mes imprimante, ainsi que
> tous mes objets locaux, SANS route par défaut.
>
> Et bon, laisser un accès public sur 631 est égallement qqch que je
> ne conçoit pas.
Ah, si c'est cups,
On Sat, Sep 28, 2024 at 02:18:59PM +0200, Marc SCHAEFER via gull wrote:
> > Ça parait personnalisé par l'hébergeur dans l'image Ubuntu installée
> > sur ses serveurs.
>
> Peut-être lui demander pourquoi?
Et j'ai supposé que ce n'était pas de la virtual
Hello,
On Sat, Sep 28, 2024 at 01:06:43PM +0200, Frederic Dumas via gull wrote:
> un petit casse tête sur Ubuntu, puisque c'est le week-end. Ce tout petit
> serveur s'étrangle dès qu'on tire dessus en sftp à peine quelques Mb/s.
> ksoftirqd vient faire la police, et le débit moyen plafonne à ~50
On Tue, Sep 24, 2024 at 04:18:49PM +0200, Philippe Strauss via gull wrote:
> https://securityonline.info/severe-unauthenticated-rce-flaw-cvss-9-9-in-gnu-linux-systems-awaiting-full-disclosure/
Oui, on se réjouit :)
Vu que la publication aura lieu d'abord dans OpenWall, ça fait penser
à un remote
Hello,
On Tue, Sep 24, 2024 at 01:17:04PM +0200, Yann Lehmann via gull wrote:
> Je pense que la solution sera d'indiquer à grub où chercher "le nouveau"
> /boot. Je creuse et posterai le résultat.
Je dirais de supprimer ce qui n'est plus utile (les partitions/LV),
puis de lancer
grub-install
Bonjour,
On Fri, Sep 20, 2024 at 06:41:00PM +0200, Yann Lehmann via gull wrote:
> Le menu de ce dernier me propose une noyau plus ancien de quelques versions,
> ainsi que celui encore d'avant, qui n'est lui même plus sur le système, mais
> aucun de ceux qui ont été installés après lui.
>
> Ce qui
Hello,
I agree with Mark. However, as I run an IPS on Mailman3 login, I changed the
login HTML template to warn the users clearly that they MUST create an account
as long as they didn't since the migration date.
So far (migrated end of June) I only had one user locked out because of the IPS
an
On Thu, Sep 05, 2024 at 10:28:22AM +0200, Marc SCHAEFER via gull wrote:
> C'est intéressant. Jusqu'ici j'ai surtout fait du traçage de quels
> appels systèmes sont faits dans quelle application (avec eBPF), dans
ou quels fichiers sont accédés, ou quels programmes sont lanc
Hello,
On Thu, Sep 05, 2024 at 09:52:53AM +0200, Philippe Strauss via gull wrote:
> Un bon choix, c'est le développeur qui sait le mieux ce que son service fait
> comme interaction valide, normale, avec le système.
>
> https://docs.kernel.org/userspace-api/landlock.html
C'est intéressant. Jusqu
Salut,
On Wed, Sep 04, 2024 at 07:06:25PM +0200, Claude Paroz via gull wrote:
> Ça sent le FUD à plein nez. Et comme tout FUD, il y a très probablement
> quelques vérités à l'intérieur.
Certainement. Je pense que le monde a bien changé, et que la
complexité des attaques ne fait qu'augmenter. Le
Hello,
On Wed, Aug 21, 2024 at 10:35:15PM +0200, Daniel Cordey via gull wrote:
> Mais j'ai des doutes qu'un kernel 4.19, marqué "longterm", soit vraiment
> maintenu à jour avec tous les backport... Ça me semble extrêmement couteux,
> voire impossible dans certains cas.
Un des liens que j'avais me
Salut,
On Wed, Aug 21, 2024 at 11:37:46AM +0200, Daniel Cordey via gull wrote:
> Je suis perplexe... la notion de Linux stable n'existe pas, puisque
> Linux n'est que le kernel. Et... Debian, c'est un tout avec les
> notions de versions 'stable', 'testing', etc. Mais il me semble que
> cette noti
Hello,
On Wed, Aug 21, 2024 at 08:56:39AM +0200, felix via gull wrote:
> > Eviter Debian stable, systemd, OpenSSL, etc :)
>
> Tu veux dire ``Linux stable'',
> (Debian stable utilise Linux LTS, il me semble)
Non, Debian stable: le document cité mentionne le problème du
backporting (que cela soit
Hello,
On Tue, Aug 20, 2024 at 01:22:07PM +0200, Philippe Strauss via gull wrote:
> toujours recompiler son noyau en appliquant les recommendations
> de configuration de ce site:
> https://kspp.github.io/Recommended_Settings
Effectivement, on est devenu fainéants :)
Je dois toutefois mentionner
Bonjourm
On Sun, Aug 18, 2024 at 06:59:21PM +0200, Marc SCHAEFER via gull wrote:
> Votre machine est souvent attaquée?
Suite à quelques questions hors liste, voici quelques recommandations
s'il vous faut du SSH ouvert à Internet:
- vous pourriez mettre votre SSH sur un autre por
Bonjour,
Votre machine est souvent attaquée?
Vous recevez un résumé logcheck mais il est plein d'attaques
automatiques, ce qui fait que vous ne voyez plus les éléments
importants? (les attaques ciblées)
Les attaques automatiques sont un risque pour votre système car vos
utilisateurs n'ont pas to
Salut,
On Mon, Aug 12, 2024 at 11:22:38AM +0200, felix via gull wrote:
> Voici un petit example d'application de DB utilisant fzf (Fuzzy Finder)
> pour parcourir une DB et effectuer une selection.
Faut faire une vidéo sur peertube/youtube/tiktok :->
___
Hello,
On Fri, Aug 09, 2024 at 08:47:40AM +0200, felix via gull wrote:
> J'ai ressorti mon PET de son placard...
Sympa. Je n'ai jamais eu l'occasion de jouer avec un PET, mais j'ai eu
un C-64 (qui tournait notamment un BBS ~ 1985). La sonnerie du modem
se détectait sur un fil du port d'extension,
Bonjour,
Etant entrain de mettre en place une solution d'archivage à long terme à
base LTO-8 pour des clients intéressés et moi-même (**), je n'aurai
toutefois qu'un lecteur. En plus de la consultation des pages SCSI MODE
SENSE permettant de lister les erreurs corrigées (à l'écriture: rewrite
auto
Hello,
On Tue, Jul 16, 2024 at 08:48:36PM +0200, Philippe Strauss via gull wrote:
> Switzerland mandates software source code disclosure for public sector: A
> legal milestone :
> https://joinup.ec.europa.eu/collection/open-source-observatory-osor/news/new-open-source-law-switzerland
Bravo à /ch/
Hello,
On Tue, Jun 25, 2024 at 09:53:41AM -0400, Lee wrote:
> My question is: how do I reformat the flash drive so it's usable as a
> "normal" flash drive again?
Nowadays, people rarely "format" (*) their "drives".
They create filesystems on raw devices.
For example `mkfs.ext4 /dev/sdX`, where
Hello,
On Sat, Jul 06, 2024 at 12:49:32PM +0200, Detlef Vollmann wrote:
> The only thing that's always annoying is that too many programs
> believe they have to overwrite /etc/resolv.conf...
chattr +i # immutable
still works :)
On Mon, Jul 01, 2024 at 12:10:42PM +0200, Claude Paroz via gull wrote:
> Oui, je ne l'avais pas écrit mais je l'avais fait bien sûr.
Ok,
curieux,
J'ai mis à jour du buster, du bullseye et du bookworm ce matin sans
souci.
Je refais un essai, avec du bookworm sans sources d'installation
spéciales
ase, indépendamment de la correction SSH de ce matin.
Aussi, confirmation que buster (néanmoins obsolète depuis hier) n'est
pas affecté:
Date: Mon, 1 Jul 2024 11:51:32 +0200
From: Ola Lundqvist
To: Marc SCHAEFER
Cc: debian-...@lists.debian.org
Subject: Re: SSH vulnerability
Hi
I have checked the sou
Hello,
Regarding https://security-tracker.debian.org/tracker/CVE-2024-6387
I guess *buster* is not affected either, because it did not
integrate the patchset from 2020?
I ask this even if buster LTS support stopped ... yesterday.
I still have one server (upgrading today) which has a fully
access
Bonjour,
Il semblerait que SSH ait eu quelques soucis dans le code de terminaison
(signal handler pas signal-safe), que le bug a été introduit, puis
corrigé, puis réintroduit. Il ne semble pas s'agir d'une attaque, mais
d'une simple régression (d'où le nom de cette vulnérabilité:
regresshion).
L
Hello,
On Wed, Jun 19, 2024 at 11:34:28PM +, Phil Smith wrote:
> I'd like to know how others are using OpenVPN? Desktop? Private website or?
- IoT networks on Debian GNU/Linux (measuring solar power, temperature,
humidity, etc)
- various private networks (webcam, SDR, RA, etc)
- routing a /2
Hello,
On Mon, Jun 17, 2024 at 08:12:51AM +0200, Claude Paroz via gull wrote:
> Résultat des courses: un week-end passé à découvrir comment flasher une ROM
> Android libre (+ ajout des outils Google non libres pour pouvoir installer
> les apps sus-mentionnées) sur ce téléphone. Opération quasi imp
Bonjour,
Cette liste: https://secure.alphanet.ch/cgi-bin/mailman/listinfo/epfl-usa
est-elle encore utile?
Merci de me répondre directement (et pas à la liste).
___
epfl-usa mailing list
epfl-usa@lists.alphanet.ch
https://secure.alphanet.ch/cgi-bin/mailm
Bonjour,
Cette liste: https://secure.alphanet.ch/cgi-bin/mailman/listinfo/ftn-nostalgie
est-elle encore utile?
Merci de me répondre sans passer par la liste.
___
ftn-nostalgie mailing list
ftn-nostalgie@lists.alphanet.ch
https://secure.alphanet.ch/cgi-b
Bonjour,
Cette liste est-elle encore utile?
https://secure.alphanet.ch/cgi-bin/mailman/listinfo/cafe-du-coin
Avec mes meilleures salutations.
___
cafe-du-coin mailing list
cafe-du-coin@lists.alphanet.ch
https://secure.alphanet.ch/cgi-bin/mailman/listin
Hello,
On Wed, May 22, 2024 at 05:03:34PM -0400, Stefan Monnier wrote:
> Hmm... I've been using a "plain old partition" for /boot (with
> everything else in LVM) for "ever", originally because the boot loader
> was not able to read LVM, and later out of habit. I was thinking of
> finally moving /
Hello,
On Wed, May 22, 2024 at 10:13:06AM +, Andy Smith wrote:
> metadata tags to some PVs prevented grub from assembling them,
grub is indeed very fragile if you use dm-integrity anywhere on any of
your LVs on the same VG where /boot is (or at least if in the list
of LVs, the dm-integrity pr
Hello,
On Wed, May 22, 2024 at 08:57:38AM +0200, Marc SCHAEFER wrote:
> I will try this work-around and report back here. As I said, I can
> live with /boot on RAID without dm-integrity, as long as the rest can be
> dm-integrity+raid protected.
So, enable dm-integrity on all LVs,
Additional info:
On Wed, May 22, 2024 at 08:49:56AM +0200, Marc SCHAEFER wrote:
> Having /boot on a LVM non enabled dm-integrity logical volume does not
> work either, as soon as there is ANY LVM dm-integrity enabled logical
> volume anywhere (even not linked to booting), grub2 complains
Hello,
On Tue, May 21, 2024 at 08:41:58PM +0200, Franco Martelli wrote:
> I can only recommend you to read carefully the Wiki:
> https://raid.wiki.kernel.org/index.php/Dm-integrity
I did, and it looks it does not seem to document anything pertaining
to my issue:
1) I don't use integritysetup (fr
Hello,
1. INITIAL SITUATION: WORKS (no dm-integrity at all)
I have a Debian bookwork uptodate system that boots correctly with
kernel 6.1.0-21-amd64.
It is setup like this:
- /dev/nvme1n1p1 is /boot/efi
- /dev/nvme0n1p2 and /dev/nvme1n1p2 are the two LVM physical volumes
- a volume g
Hello,
On Mon, May 13, 2024 at 05:06:55PM +0200, Philippe Strauss via gull wrote:
> Critical OpenVPN Zero-Day Flaws Affecting Millions of Endpoints
> https://cybersecuritynews.com/openvpn-zero-day-flaws/
Comme je suis abonné à la liste openvpn, voici quelques infos:
Il y a récemment eu 2 annonce
On Fri, May 03, 2024 at 01:50:52PM -0700, David Christensen wrote:
> Thank you for devising a benchmark and posting some data. :-)
I did not do the comparison hosted on github. I just wrote the
script which tests the dm-integrity on dm-raid error detection
and error correction.
> FreeBSD also o
On Mon, Apr 08, 2024 at 10:04:01PM +0200, Marc SCHAEFER wrote:
> For off-site long-term offline archiving, no, I am not using RAID.
Now, as I had to think a bit about ONLINE integrity, I found this
comparison:
https://github.com/t13a/dm-integrity-benchmarks
Contenders are btrfs, zfs,
Hello,
On Mon, Apr 22, 2024 at 04:47:55PM +0200, Philippe Strauss via gull wrote:
> Le code (pour le framework Flask) d'un de ces support d'autocomplete est:
Je ne connais pas :)
Le risque principal avec LIKE c'est que des % peuvent être injectés.
C'est surtout dangereux dans du code comme:
SEL
Hello,
On Tue, Apr 23, 2024 at 10:04:14AM +0200, Stefan via swinog wrote:
> But you know that it is already daily business that Swiss ISP's are blocking
> websites?
One of the example you give was voted by the Swiss people (Casino blocking).
ISP have no say in that matter. Some countries go way
On Sat, Apr 20, 2024 at 05:08:54PM +0200, Marc SCHAEFER via gull wrote:
> Ca me rappelle des beaux souvenirs Amiga, qui avait développé (avec
> Electronic Arts?) le fameux format IFF, qui évitait justement les
> Forks (et la perte de performance des fichiers .info, de mémoire).
La lectur
Salut,
On Sat, Apr 20, 2024 at 10:56:53AM +0200, Frederic Dumas via gull wrote:
> Dommage que le gestionnaire de la mailing-list bloque les pièces-jointes,
Il suffit de mettre le fichier sur un site comme grosfichiers.com puis
de mettre l'URL ici. Cela évitera à tout le monde de devoir télécharg
Salut,
On Thu, Apr 18, 2024 at 07:55:41AM +0200, felix via gull wrote:
> Attention! L'UTF8 de Apple n'est pas forcement le même que celui de Linux...
>
> voire:
> Général Bâtiment
> Général Bâtiment
C'est juste.
En fait, il s'agit ici de la normalisation Unicode:
> 00
On Thu, Apr 11, 2024 at 04:14:33PM +0200, DdB wrote:
> - the resulting transfer is way faster than say ... ssh.
AFAIK ssh is mono-threaded (like OpenVPN, unless you use the kernel
module). wireguard is multi-threaded.
The symptom will be one CPU ("core") at 100% and the rest mostly
idle.
Hello,
On Tue, Apr 09, 2024 at 03:13:01PM +0200, DdB wrote:
> from my research, the abbreviated takeaway is:
I never used mbuffer, I use buffer combined with netcat-traditional:
# receiver (TCP server on port 8000)
nc -l -p 8000 | buffer -S 1048576 -s 32768 -o /dev/null
# sender (TCP c
Hello,
On Mon, Apr 08, 2024 at 11:28:04AM -0700, David Christensen wrote:
> So, an ext4 file system on an LVM logical volume?
>
> Why LVM? Are you implementing redundancy (RAID)? Is your data larger than
> a single disk (concatenation/ JBOD)? Something else?
For off-site long-term offline arc
For offline storage:
On Tue, Apr 02, 2024 at 05:53:15AM -0700, David Christensen wrote:
> Does anyone have any comments or suggestions regarding how to use magnetic
> hard disk drives, commodity x86 computers, and Debian for long-term data
> storage with ensured integrity?
I use LVM on ext4, and
Salut,
On Wed, Apr 03, 2024 at 07:51:03AM +0200, felix via gull wrote:
> Mais bon, j'ai installé un buster. (oldoldstable). J'ai alors essayé de
> changer quelque trucs pour passer en bookworm
Dans mon experience, si le host est buster, alors des conteneurs lxc ou
Docker de types buster ou bullse
On Sun, Mar 31, 2024 at 04:03:53PM +0200, Marc SCHAEFER via gull wrote:
> > https://www.nongnu.org/lzip/xz_inadequate.html
>
> Cette URL est considérée comme "FUD" (Fear, Uncertainty, Doubt) par des
> contributeurs de l'URL précédente.
Et surtout, ce qu'il f
1 - 100 of 4254 matches
Mail list logo
