On Sat, Apr 19, 2025 at 05:35:51PM +, Andrew M.A. Cater wrote:
[...]
> Hi Gene,
>
> This is probably off topic for the subject of the thread above but -
>
> You always claim that stuff is grossly broken: in this instance, CUPS
> is probably *not* broken. The problem is that the free drivers
On Fri, Apr 18, 2025 at 11:09:06PM -0400, gene heskett wrote:
> On 4/16/25 03:14, Erwan David wrote:
> > On Wed, Apr 16, 2025 at 03:16:29AM CEST, Lee said:
> > > On Mon, Apr 14, 2025 at 10:27 AM Dan Purgert wrote:
> > > > On Apr 14, 2025, Marc SCHAEFER wrote:
>
> Which brings up the fact that if
On 4/16/25 03:14, Erwan David wrote:
On Wed, Apr 16, 2025 at 03:16:29AM CEST, Lee said:
On Mon, Apr 14, 2025 at 10:27 AM Dan Purgert wrote:
On Apr 14, 2025, Marc SCHAEFER wrote:
I wrote:
If you
sudo systemctl disable cups # and maybe others
Actually, if you follow the discussion, the C
On 4/16/25 06:27, Lee wrote:
On Wed, Apr 16, 2025 at 1:32 AM Jeffrey Walton wrote:
Add a printer manually using the Printers applet.
Where does one find this applet? Or what is it called - I'm
I have a "Print Setting" applet (system-config-printer 1.5.18 "A CUPS
configuration tool")on
On Wed, Apr 16, 2025 at 1:32 AM Jeffrey Walton wrote:
>
> On Tue, Apr 15, 2025 at 11:57 PM Lee wrote:
> >
> > On Sun, Apr 13, 2025 at 11:38 AM Stefan Monnier wrote:
> > >
> > > >> My laptop has one to two handful of these, depending on what I'm
> > > >> currently playing with.
> > > > I taking a cl
On Wed, Apr 16, 2025 at 5:37 AM Erwan David wrote:
>
> On Wed, Apr 16, 2025 at 03:16:29AM CEST, Lee said:
> > On Mon, Apr 14, 2025 at 10:27 AM Dan Purgert wrote:
> > >
> > > On Apr 14, 2025, Marc SCHAEFER wrote:
> > > > I wrote:
> > > >
> > > > > If you
> > > > >sudo systemctl disable cups # a
On Wed, Apr 16, 2025 at 03:16:29AM CEST, Lee said:
> On Mon, Apr 14, 2025 at 10:27 AM Dan Purgert wrote:
> >
> > On Apr 14, 2025, Marc SCHAEFER wrote:
> > > I wrote:
> > >
> > > > If you
> > > >sudo systemctl disable cups # and maybe others
> > >
> > > Actually, if you follow the discussion, t
On 2025-04-15, Lee wrote:
> If I turn the cups service back on I can print:
>
> $ sudo systemctl start cups.service
>
> $ lp -d Canon_MG3600_series check-for-updates.sh
> request id is Canon_MG3600_series-4 (1 file(s))
cupsd should listen on ports but only on localhost:
# ss -nltup | grep cups
t
On Tue, Apr 15, 2025 at 11:57 PM Lee wrote:
>
> On Sun, Apr 13, 2025 at 11:38 AM Stefan Monnier wrote:
> >
> > >> My laptop has one to two handful of these, depending on what I'm
> > >> currently playing with.
> > > I taking a class at the local library; my laptop has avahi and cups
> > > ports op
On Mon, Apr 14, 2025 at 10:27 AM Dan Purgert wrote:
>
> On Apr 14, 2025, Marc SCHAEFER wrote:
> > I wrote:
> >
> > > If you
> > >sudo systemctl disable cups # and maybe others
> >
> > Actually, if you follow the discussion, the CUPS Bonjour auto-discovery
> >
> >- it presumably handled by t
On Sun, Apr 13, 2025 at 11:38 AM Stefan Monnier wrote:
>
> >> My laptop has one to two handful of these, depending on what I'm
> >> currently playing with.
> > I taking a class at the local library; my laptop has avahi and cups
> > ports open .. which I'm not thrilled about but I like the zero-conf
On Mon, Apr 14, 2025 at 12:20:34PM -0700, Michael Paoli wrote:
> What systemd dependencies? :-)
Thanks for reminding us that Debian is (more or less) viable
without systemd (I try to keep my daily driver that way, too).
But the original poster has another, valid concern. I think
the best illustr
What systemd dependencies? :-)
# readlink /proc/1/exe /sbin && dpkg -S /sbin/init && cat
/etc/debian_version && more /etc/apt/preferences.d/* | cat
/usr/sbin/init
usr/sbin
sysvinit-core: /sbin/init
12.10
::
/etc/apt/preferences.d/98init
::
Explanation: Avoid unintended in
On Mon, Apr 14, 2025 at 03:08:11PM +0200, didier gaumet wrote:
> please take all that precedes with a grain of salt: I do not install and set
> up ssh servers :-)
All input is welcome, thank you.
On Apr 14, 2025, Marc SCHAEFER wrote:
> I wrote:
>
> > If you
> >sudo systemctl disable cups # and maybe others
>
> Actually, if you follow the discussion, the CUPS Bonjour auto-discovery
>
>- it presumably handled by the cups-browsed package
> (you can uninstall it, or systemctl di
Le 14/04/2025 à 13:57, Marc SCHAEFER a écrit :
Hello,
Yes! On the (dynamic) dependancy side it seems ideal.
So it means it's a reimplementation of the SSH server, not using libssh?
(or it's statically compiled, which could be worse?)
libssh does not appear in the build-dependencies of the sou
I wrote:
> If you
>sudo systemctl disable cups # and maybe others
Actually, if you follow the discussion, the CUPS Bonjour auto-discovery
- it presumably handled by the cups-browsed package
(you can uninstall it, or systemctl disable it,
if you don't want printer auto-detection
Hello,
On Sun, Apr 13, 2025 at 06:24:50PM +0200, didier gaumet wrote:
> didier@hp-notebook14:~$ ldd /usr/sbin/tinysshd
> linux-vdso.so.1 (0x7ffdb29f7000)
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f54a996c000)
> /lib64/ld-linux-x86-64.so.2 (0x7f54a9c2e000)
>
On 14/04/2025 06:52, Lee wrote:
I taking a class at the local library; my laptop has avahi and cups
ports open .. which I'm not thrilled about but I like the zero-conf
printing ability.
It's nice being able to print when I'm at home. I don't know how to
turn this stuff off when I'm not at hom
On Sun, Apr 13, 2025 at 11:38 AM Stefan Monnier wrote:
>
> >> My laptop has one to two handful of these, depending on what I'm
> >> currently playing with.
> > I taking a class at the local library; my laptop has avahi and cups
> > ports open .. which I'm not thrilled about but I like the zero-conf
* On 2025 13 Apr 10:38 -0500, Stefan Monnier wrote:
> >> My laptop has one to two handful of these, depending on what I'm
> >> currently playing with.
> > I taking a class at the local library; my laptop has avahi and cups
> > ports open .. which I'm not thrilled about but I like the zero-conf
> >
Le 13/04/2025 à 17:13, Marc SCHAEFER a écrit :
Hello,
would you be open to using another implementation of an ssh server?
If so, it would be a third approach:
Yes, it would be. It might help with the attack surface issue of
current sshd.
However, I would guess that most of the alternative t
>> My laptop has one to two handful of these, depending on what I'm
>> currently playing with.
> I taking a class at the local library; my laptop has avahi and cups
> ports open .. which I'm not thrilled about but I like the zero-conf
> printing ability.
Why do you need cups ports open to print?
I
Hello,
> would you be open to using another implementation of an ssh server?
> If so, it would be a third approach:
Yes, it would be. It might help with the attack surface issue of
current sshd.
However, I would guess that most of the alternative to OpenSSH are
using libssh, which also had some
Hello,
On Sun, Apr 13, 2025 at 10:59:45AM -0400, Lee wrote:
> I taking a class at the local library; my laptop has avahi and cups
> ports open .. which I'm not thrilled about but I like the zero-conf
> printing ability.
If you
sudo systemctl disable cups # and maybe others
then, you can do
On Sat, Apr 12, 2025 at 10:48 AM wrote:
>
> On Sat, Apr 12, 2025 at 09:29:41AM -0400, Lee wrote:
> > On Sat, Apr 12, 2025 at 1:44 AM tomas wrote:
> > >
> > > On Sat, Apr 12, 2025 at 01:32:06PM +0800, jeremy ardley wrote:
> > > >
> > > > On 12/4/25 13:24, tomas wrote:
> > > > > So, share your wisdo
On Sat, Apr 12, 2025 at 09:29:41AM -0400, Lee wrote:
> On Sat, Apr 12, 2025 at 1:44 AM tomas wrote:
> >
> > On Sat, Apr 12, 2025 at 01:32:06PM +0800, jeremy ardley wrote:
> > >
> > > On 12/4/25 13:24, tomas wrote:
> > > > So, share your wisdom with us: what makes ssh less secure than
> > > > "a VPN
On Sat, Apr 12, 2025 at 1:44 AM tomas wrote:
>
> On Sat, Apr 12, 2025 at 01:32:06PM +0800, jeremy ardley wrote:
> >
> > On 12/4/25 13:24, tomas wrote:
> > > So, share your wisdom with us: what makes ssh less secure than
> > > "a VPN"?
> >
> >
> > It's quite simple. If you have a VPN exposed to the
Le 11/04/2025 à 20:12, Marc SCHAEFER a écrit :
Hello,
systemd dependancies that are activated on a Debian system imply a lot
of library injections into sshd, much more than the stock OpenBSD ssh.
To avoid this, there seem to be two approaches:
- remove those dependancies (see below)
-
Hi,
On Sat, Apr 12, 2025 at 09:39:53AM +0200, Marc SCHAEFER wrote:
> sometimes, yes, I think [VPNs] are overblown compared to a "simple"
> ssh server.
I think that a decent modern VPN solution is much simpler than OpenSSH
and especially when your alternative is recompiling OpenSSH to remove
depen
On Sat, Apr 12, 2025 at 09:39:53AM +0200, Marc SCHAEFER wrote:
> Hello,
>
> Jumping into your interesting ssh vs VPN discussion:
[...]
Thanks for all those interesting details.
To sum up, I'd concur with Andy in one point: *if* you are running
a VPN anyway, it's better to hide you SSH behind th
Hello,
Jumping into your interesting ssh vs VPN discussion:
On Sat, Apr 12, 2025 at 07:24:17AM +0200, to...@tuxteam.de wrote:
> - you didn't explain how "a VPN's" mechanism is inherently more
> secure than sshd's, given that their mechanisms are all pretty
> similar.
I agree. Especially si
On Sat, Apr 12, 2025 at 01:32:06PM +0800, jeremy ardley wrote:
>
> On 12/4/25 13:24, to...@tuxteam.de wrote:
> > So, share your wisdom with us: what makes ssh less secure than
> > "a VPN"?
>
>
> It's quite simple. If you have a VPN exposed to the internet and an ssh
> service then you have two a
On 12/4/25 13:24, to...@tuxteam.de wrote:
So, share your wisdom with us: what makes ssh less secure than
"a VPN"?
It's quite simple. If you have a VPN exposed to the internet and an ssh
service then you have two attack surfaces in parallel. Breach either one
and you breach the system
If
On Fri, Apr 11, 2025 at 07:59:40PM +, Andy Smith wrote:
> Hi,
>
> On Fri, Apr 11, 2025 at 08:12:14PM +0200, Marc SCHAEFER wrote:
> > systemd dependancies that are activated on a Debian system imply a lot
> > of library injections into sshd, much more than the stock OpenBSD ssh.
[...]
> > Wha
Hi,
On Fri, Apr 11, 2025 at 08:12:14PM +0200, Marc SCHAEFER wrote:
> systemd dependancies that are activated on a Debian system imply a lot
> of library injections into sshd, much more than the stock OpenBSD ssh.
>
> To avoid this, there seem to be two approaches:
>
>- remove those dependanc
On Fri, Apr 11, 2025 at 08:12:14PM +0200, Marc SCHAEFER wrote:
To solve this, I could use a Bastion host with a limited, non Debian,
OS, or I could recompile the OpenSSH package on Debian with options
disabled.
I'd suggest just backporting the currrent version from sid rather than
trying to mo
Marc SCHAEFER wrote:
>
> To avoid this, there seem to be two approaches:
>
>- remove those dependancies (see below)
>
>- confine the impact of those dependancies, as proposed
> by some developpers, in having those dependancies confined
> (not examined here)
>
> To solve this,
38 matches
Mail list logo
