Re: Matrox G450 PCI DVI with modern xorg ?

[didier gaumet]

Le 15/04/2014 22:01, Mark Carroll a écrit :
> I have a Matrox G450 video card in a 5v 33MHz PCI slot in an old system.
> I hope to get DVI output from it, I don't care about using the other
> head. While the console is fine, I can't get xorg to work with it.
> 
> I have tried various approaches. I've tried installing xorg from both
> wheezy and sid. I've tried downloading the mga_drv.so and mga_hal_drv.so
> from Matrox and using Option "IgnoreABI" instead of using the one from
> xserver-xorg-video-mga. I have tried setting DigitalScreen options in
> xorg.conf. I've tried un-blacklisting matroxfb_base.ko, not that I have
> managed to get any /dev/fb? devices to appear, in case Option "UseFBDev"
> or Driver "fbdev" helped. Basically, I've googled for ideas and tried
> the ones I could, yet "startx" always acts as if to just turn off the
> video output altogether. I can't switch to any other virtual consoles,
> but if I start xorg in parallel with a sleep 20 ; killall xinit then
> eventually the monitor wakes back up and I get to see my console again.
> 
> Rather than trying many more speculative adjustments, I am wondering:
> does anybody else actually have this hardware working with a modern 
> xorg under Debian? If so, maybe you can share what you have in relevant
> configuration, and what you had to do? Or, failing that, does anyone
> have any suggestions? ("Spend more on video cards," perhaps!)
> 
> -- Mark

Hi Mark,

I would suggest to install firmware-linux-non-free if not already
installed, and reboot to test.
If not sufficient, I would try to boot the kernel with the nomodeset
option to disable KMS: I do not know if KMS is enabled at boot for your
graphic card but anyhow, I doubt it can manage it.
In case of failure, I would inquire about (EE) error codes in
/var/log/Xorg*.log.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/lil9ns$mjp$1...@ger.gmane.org

Re: Sun/Oracle Java

[Frank Weißer]

Hi Oliver!

Facing the same problem a while ago, i somewhere found a hint to add

deb http://www.duinsoft.nl/pkg debs all

to sources.list. Don't remember from where, but it works for me on
debian testing.

readU
Frank

Am 16.04.2014 05:27, schrieb Oliver Fairhall:
> Hi,
> 
> Setting up a new machine, noticed that Sun/Oracle Java is no longer
> available to Debian.
> 
> Saw a post here with an explanation:
> 
> http://sylvestre.ledru.info/blog/2011/08/26/sun_java6_packages_removed_from_debian_u
> 
> 
> Unfortunately, there are limitations and issues with OpenJDK, and
> incompatibilities with various software.
> 
> I'm not sure how it has worked in the past, but presumably someone
> manually built the installation package for Debian. Would it be possible
> to do this for oneself? I assume there is no source available to
> compile. Is it feasible to convert an rpm release for use with Debian?
> I've tried this sort of thing before, but with mixed results.
> 
> Sorry if this has been covered already - I couldn't see mention of it in
> my email search.
> 
> Cheers,
> 
> Oliver
> 
> 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/534e2e42.2090...@weisser-ol.de

Re: Cropping a large collection of .PNG screenshots

[Alberto Luaces]

Slavko writes:

> Ahoj,
>
> Dňa Tue, 15 Apr 2014 03:48:29 -0700 "Kevin O'Gorman"
>  napísal:
>
>> SOLVED.  Thanks to whoever gave me the clue that convert(1) could do
>> the cropping.  That and 2 bash scripts do all the work.
>
> See this
> https://www.ibm.com/developerworks/community/blogs/waldensponderings/entry/2_fer_friday_cropping_pictures_with_imagemagick31?lang=en
>
> it contains simple solution to find proper dimensions for cropping
> graphically, via GIMP, and then use them in batch script - i often use
> this for cropping e.g. VBox's screenshots, which adds some noise around
> screen ;)

In order to get the clipping coordinates, "display" from the same
package bringing "convert" can be used: press "c" and then drag the
mouse to define the region.

"display" loading is almost instantaneous.

-- 
Alberto


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87d2ghyc2x@eps142.cdf.udc.es

Re: Wayland in Debian

[Gian Uberto Lauri]

Ric Moore writes:
 > Is it the answer 
 > to a prayer regarding older laptops with shoddy displays when running X?

I was perfectly happy with X11 on my P133 and on a brick-thick Hyunday
laptop of the late 90's, how old are these laptop?

If I should bet, I would bet on the "No" as the answer to your question.

-- 
 /\   ___Ubuntu: ancient
/___/\_|_|\_|__|___Gian Uberto Lauri_   African word
  //--\| | \|  |   Integralista GNUslamicomeaning "I can
\/ coltivatore diretto di software   not install
 già sistemista a tempo (altrui) perso...Debian"

Warning: gnome-config-daemon considered more dangerous than GOTO


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/21326.12310.853306.175...@mail.eng.it

Re: Cropping a large collection of .PNG screenshots

[Curt]

On 2014-04-16, Alberto Luaces  wrote:
>
> "display" loading is almost instantaneous.
>

Whereas the gimp is gimpy.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/slrnlkse4d.2e5.cu...@einstein.electron.org

Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

[Curt]

On 2014-04-16, Slavko  wrote:
>
> If this vulnerability comes not from newbie and was made by intent,
> thing are worse than wrong. Then it is an attack to alone fundamental of
> the free/open software. And what community about this? Where are
> information, from who this vulnerability arrived? It is experienced
> expert or it is a novice? Contribute this person to another (especially
> security) projects too? What this person tell about this? And more and
> more another questions are left unanswered.

Robin Seggelmann introduced the bug:

>From the Sydney Morning Herald:

 Dr Seggelmann, of Münster in Germany, said the bug which introduced the
 flaw was "unfortunately" missed by him and a reviewer when it was
 introduced into the open source OpenSSL encryption protocol over two
 years ago.

Only four eyes?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/slrnlksfck.2e5.cu...@einstein.electron.org

More on heartbeat/bleed

[Joel Rees]

For those who have been concerned about the impact (among other things):

http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed

And for those who follow Schneier, he had some comments as well.

https://www.schneier.com/blog/archives/2014/04/more_on_heartbl.html

He refers to an xkcd comic which is less funny than many xkcd comics, but
fairly illustrative of the general problem of unchecked array boundaries.

For those who are getting excited, don't. Take the time to understand the
whole process, and the reason certificates and cryptographic tokens should
be rotated, and how you go about doing it. (They should be rotated anyway,
and if you don't, well, it's time to start leaning how, and this is as good
a reason as any.)

Incidentally, nobody does it right yet, not even the banks. In my way of
thinking, that's a bigger problem than being able to reach blindly into a
server's memory.

-- 
Joel Rees

Be careful where you see conspiracy.
Look first in your own heart.

Re: More on heartbeat/bleed

[Erwan David]

On Wed, Apr 16, 2014 at 12:35:23PM CEST, Joel Rees  said:
> 
> For those who are getting excited, don't. Take the time to understand the
> whole process, and the reason certificates and cryptographic tokens should
> be rotated, and how you go about doing it. (They should be rotated anyway,
> and if you don't, well, it's time to start leaning how, and this is as good
> a reason as any.)
> 
> Incidentally, nobody does it right yet, not even the banks. In my way of
> thinking, that's a bigger problem than being able to reach blindly into a
> server's memory.

Some do, however only ther certificate expires, not the keys...

Thus many of those who rotate the certificate just issue a new one
with existing key, just changing the dates and signing.

And that's bad.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140416110455.gb15...@rail.eu.org

Re: Duplicate sources.list entry

[Jochen Spieker]

Charles Kroeger:
> 
> W: Duplicate sources.list entry http://dl.google.com/linux/chrome/deb/ 
> stable/main
> amd64 Packages

Someone asked that same question only about 1.5 hours ago with the same
subject line. :) Take a look into /etc/apt/sources.list.d/.

J.
-- 
There is no justice in road accidents.
[Agree]   [Disagree]
 


signature.asc
Description: Digital signature

Re: images not correctly rendered in iceweasel

[kamaraju kusumanchi]

On Fri, Mar 21, 2014 at 6:55 PM, Kumar Appaiah wrote:

> On Fri, Mar 21, 2014 at 06:41:42PM -0400, kamaraju kusumanchi wrote:
> >  FWIW, I am using iceweasel 27.0.1-1 from experimental, and the
> >  rendering is identical for me in chromium and iceweasel. This seems
> to
> >  be an artefact in 24 though…
> >
> >Thanks for the reply Kumar. That is a good data point to have. Could
> you
> >please post the output of "dpkg -l iceweasel chromium" on the machine
> you
> >tested this? Is there anyone who is able to reproduce the problem?
>
> Desired=Unknown/Install/Remove/Purge/Hold
> |
> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> ||/ Name   Version Architecture Description
>
> +++-==-===--=
> ii  chromium   32.0.1700.123-4 amd64Chromium web browser
> ii  iceweasel  27.0.1-1amd64Web browser based on
> Firefox
>
> Hope this helps.
>
> Kumar
>

This issue got solved itself when I upgraded the system to Jessie
completely.

rajulocal@hogwarts:~$ dpkg -l iceweasel chromium
ii  chromium   33.0.1750.15 amd64Chromium web browser
ii  iceweasel  24.4.0esr-1  amd64Web browser based on Firefox

Thanks Kumar.

-- 
Kamaraju S Kusumanchi
http://malayamaarutham.blogspot.com/

Squid security

[Rob van der Putten]

Hi there


http://www.squid-cache.org/Advisories/SQUID-2014_1.txt
AFAIK SSL-Bump is disabled by default. I did not find any Debian 
reference to this bug.

Or did I miss something?


Regards,
Rob


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/lilu7o$jp3$1...@ger.gmane.org

Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

[John Hasler]

Bill Wood writes:
> I have noticed that everyone talks about the impact on the financial
> services sector but no one has mentioned the health care information
> sector.  I understand that healthcare systems use SSL a great deal,
> and medical identity theft has risen sharply in recent years.

What is medical identity theft?
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87r44x8mfn@thumper.dhh.gt.org

Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

[shawn wilson]

On Wed, Apr 16, 2014 at 8:54 AM, John Hasler  wrote:
> Bill Wood writes:

>> and medical identity theft has risen sharply in recent years.
>
> What is medical identity theft?

I'd also be interested seeing the proof for the claim (I think he
means medical data breaches but IDK anyone has disclosed that
information).


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAH_OBieq6ECfG914h=e3_uxq2q_ynuv6o-vzd9ohcrkaqw7...@mail.gmail.com

Re: More on heartbeat/bleed

[Joel Rees]

On Wed, Apr 16, 2014 at 8:04 PM, Erwan David  wrote:

> On Wed, Apr 16, 2014 at 12:35:23PM CEST, Joel Rees 
> said:
> >
> > For those who are getting excited, don't. Take the time to understand the
> > whole process, and the reason certificates and cryptographic tokens
> should
> > be rotated, and how you go about doing it. (They should be rotated
> anyway,
> > and if you don't, well, it's time to start leaning how, and this is as
> good
> > a reason as any.)
> >
> > Incidentally, nobody does it right yet, not even the banks. In my way of
> > thinking, that's a bigger problem than being able to reach blindly into a
> > server's memory.
>
> Some do, however only ther certificate expires, not the keys...
>

Which is one of the problems with the current way of doing things.

Secrets go stale pretty quickly. The only private keys that can safely not
be rotated are the ones you never use. Any private key that is stored on a
computer attached to a network should be rotated regularly.

Any private key that you don't want to have to rotate regularly should be
kept on encrypted media in a strong safe behind strong locked doors (and
six strong walls) that require the three highest ranking people in the
organization to unlock. The computer to read it should be behind other
locked doors, and should never be used for anything but reading the key and
generating certificates from it..


> Thus many of those who rotate the certificate just issue a new one
> with existing key, just changing the dates and signing.
>
> And that's bad.


And it was bad without the heartbeat/bleed circus. This particular buffer
range error just forces the issue a bit.

I'm not advocating complacency. I'm just saying that this one vulnerability
doesn't effectively change the current situation that much. And you
shouldn't act without understanding what you are doing  If you don't see
this sort of thing coming again, you don't understand.

-- 
Joel Rees

Be careful where you see conspiracy.
Look first in your own heart.

Re: apt-get doesn't upgrade, but synaptic does

[Andrei POPESCU]

On Du, 13 apr 14, 17:24:07, Patrick Bartek wrote:
> On Sun, 13 Apr 2014, Sven Joachim wrote:
> > 
> > You could use aptitude to mark the dependencies as auto-installed
> > (untested):
> > 
> > # aptitude markauto "~Dlibreoffice"
> > 
> > Then you can autoremove them as you wish.

Shouldn't that be ~R? Besides, 'libreoffice' is not specific enough.

> Not all that knowledgeable of aptitude.  Wary of using an untested
> procedure of a utility I'm unfamiliar with.  That's surely asking for
> trouble. 

You can use the search function to return a list of packages and then 
use your favorite tool to act on it. The following will return a list of 
package names that are dependencies of the package 'libreoffice'.


aptitude --display-format %p search 
'?reverse-depends(?exact-name(libreoffice))'

short version

aptitude -F %p search '~R^libreoffice$'

('?exact-name()' doesn't have an equivalent short form, so I used ^$ to 
exclude packages containing 'libreoffice' in their name)


Please note that IMNSHO aptitude's visual/interactive/whatever mode is 
very well suited for this.

For example you can easily go to the package 'libreoffice' and mark all 
its dependencies as automatically installed and check to see what effect 
this will have on your system. If you don't like it you can cancel 
individual, or all pending actions and start from scratch and only apply 
the changes you are satisfied with.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
http://nuvreauspam.ro/gpg-transition.txt


signature.asc
Description: Digital signature

Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

[Karen Lewellen]

I give you an example of medical identity theft.  At least how it can happen 
stateside.
You are say a senior or someone with a print disability in a doctor's 
office.
You must get help completing the forms, and the first question you 
must provide  is...?
your social security umber.   Add that you may also be providing this 
person private insurance numbers and the like.  A person need only write down our 
identification and have a field day.
Given how challenging it is to correct damage done on your credit file, 
see the informative story on the 60 minutes website about this, a person 
may never get cleared.  the thief on the other hand is getting credit cards 
and cell phones and medial things with your information.
because the victim may not be able to investigate with ease, they might 
not even know their identity has been compromised.

make sense?
Kare

On Wed, 16 Apr 2014, shawn wilson wrote:


On Wed, Apr 16, 2014 at 8:54 AM, John Hasler  wrote:

Bill Wood writes:



and medical identity theft has risen sharply in recent years.


What is medical identity theft?


I'd also be interested seeing the proof for the claim (I think he
means medical data breaches but IDK anyone has disclosed that
information).


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAH_OBieq6ECfG914h=e3_uxq2q_ynuv6o-vzd9ohcrkaqw7...@mail.gmail.com





--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: 
https://lists.debian.org/pine.bsf.4.64.1404160946490.36...@server1.shellworld.net

Re: Sun/Oracle Java

[Oliver Fairhall]

Hi folks,

On 16/04/14 11:49, Luis Eduardo Cortes wrote:

Googling I've found this article:

http://d.stavrovski.net/blog/post/installing-oracle-java-7-on-debian-wheezy

Hope this is helpful for you.

Regards.


On 16/04/14 13:34, Scott Ferguson wrote:> On Wheezy you can make a 
debian package of the latest java.

> It "just works".
> ...
> Kind regards

On 16/04/14 15:16, Frank Weißer wrote:> Hi Oliver!
> Facing the same problem a while ago, i somewhere found a hint to add
>
> deb http://www.duinsoft.nl/pkg debs all
>
> to sources.list. Don't remember from where, but it works for me on
> debian testing.
>
> readU
> Frank

Thank you all so much for your prompt, and lucid help! Just had a quick 
read of the links etc, and it looks easily manageable.


Cheers,

Oli


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/534e8de9.7070...@iinet.net.au

Re: unpack error

[Sven Joachim]

On 2014-04-16 02:54 +0200, Frank McCormick wrote:

> I installed youtube-dl on the Sid installation tonight
> and noticed a dpkg error  which didn't halt the process.
>
> This is what happened:
>
>
> Selecting previously unselected package libavdevice53:i386.
> (Reading database ... 147371 files and directories currently installed.)
> Preparing to unpack .../libavdevice53_6%3a9.11-3+b2_i386.deb ...
> Unpacking libavdevice53:i386 (6:9.11-3+b2) ...
> Selecting previously unselected package libavfilter3:i386.
> Preparing to unpack .../libavfilter3_6%3a9.11-3+b2_i386.deb ...
> Unpacking libavfilter3:i386 (6:9.11-3+b2) ...
> Selecting previously unselected package libav-tools.
> Preparing to unpack .../libav-tools_6%3a9.11-3+b2_i386.deb ...
> dpkg: error: --compare-versions takes three arguments: 
>  
>
> Type dpkg --help for help about installing and deinstalling packages [*];
> Use 'apt' or 'aptitude' for user-friendly package management;
> Type dpkg -Dhelp for a list of dpkg debug flag values;
> Type dpkg --force-help for a list of forcing options;
> Type dpkg-deb --help for help about manipulating *.deb files;
>
> Options marked [*] produce a lot of output - pipe it through 'less' or
> 'more' !
> Unpacking libav-tools (6:9.11-3+b2) ...

That's https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742676.  I
think the maintainer scripts are invoking dpkg-maintscript-helper not
quite correctly.

> Is this a major problem? I ask because the installation went ahead
> without aborting.

It's not a big deal apparently.

Cheers,
   Sven


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87y4z5s689@turtle.gmx.de

[OT] Medical identity theft was: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

[Lisi Reisz]

On Wednesday 16 April 2014 14:54:03 Karen Lewellen wrote:
> I give you an example of medical identity theft.  At least how it
> can happen stateside.
> You are say a senior or someone with a print disability in a
> doctor's office.
> You must get help completing the forms, and the first question you
> must provide  is...?

This is a very American rant.  The inability of the rest of us to make 
sense of it is because it doesn't apply to most of us.

Anyhow, anyone who wants my medical identity is welcome to it - so 
long as I lose it when they acquire it. ;-)

Lisi

> your social security umber.   Add that you may also be providing
> this person private insurance numbers and the like.  A person need
> only write down our identification and have a field day.
> Given how challenging it is to correct damage done on your credit
> file, see the informative story on the 60 minutes website about
> this, a person may never get cleared.  the thief on the other hand
> is getting credit cards and cell phones and medial things with your
> information.
> because the victim may not be able to investigate with ease, they
> might not even know their identity has been compromised.
> make sense?
> Kare
>
> On Wed, 16 Apr 2014, shawn wilson wrote:
> > On Wed, Apr 16, 2014 at 8:54 AM, John Hasler  
wrote:
> >> Bill Wood writes:
> >>> and medical identity theft has risen sharply in recent years.
> >>
> >> What is medical identity theft?
> >
> > I'd also be interested seeing the proof for the claim (I think he
> > means medical data breaches but IDK anyone has disclosed that
> > information).
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmas...@lists.debian.org Archive:
> > https://lists.debian.org/CAH_OBieq6ECfG914h=E3_UXq2Q_YnUv6O-vzd9O
> >hcrkaqw7...@mail.gmail.com


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201404161545.05229.lisi.re...@gmail.com

Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

[Bill Wood]

On Wed, 2014-04-16 at 09:01 -0400, shawn wilson wrote:
> On Wed, Apr 16, 2014 at 8:54 AM, John Hasler  wrote:
   . . .
> > What is medical identity theft?

Theft of patient identity information, usually for the purpose of
insurance fraud.

> I'd also be interested seeing the proof for the claim (I think he
> means medical data breaches but IDK anyone has disclosed that
> information).

My brother was heavily involved in bringing hospitals into HIPAA
compliance after the Act was implemented in, I think, 1996.  He
subsequently consulted for the state government and hospital systems
defining security and privacy policies and conducting audits until his
retirement a few years ago.  He told me yesterday (U.S. CDT) about the
sharp rise in patient identity theft in recent years.  His comment was
that ID theft occurred more often as 1-1 cases than as massive breaches
like the recent Target exploits. Apparently the goal is usually to
obtain health services and prescriptions from another person's
insurance.  The consequences of the corruption of the victim's medical
records can be devastating.

-- 
Bill Wood


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1397659016.27492.37.camel@bills-debian

Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

[Paul E Condon]

On 20140416_0823+, Curt wrote:
> On 2014-04-16, Slavko  wrote:
> >
> > If this vulnerability comes not from newbie and was made by intent,
> > thing are worse than wrong. Then it is an attack to alone fundamental of
> > the free/open software. And what community about this? Where are
> > information, from who this vulnerability arrived? It is experienced
> > expert or it is a novice? Contribute this person to another (especially
> > security) projects too? What this person tell about this? And more and
> > more another questions are left unanswered.
> 
> Robin Seggelmann introduced the bug:
> 
> >From the Sydney Morning Herald:
> 
>  Dr Seggelmann, of Münster in Germany, said the bug which introduced the
>  flaw was "unfortunately" missed by him and a reviewer when it was
>  introduced into the open source OpenSSL encryption protocol over two
>  years ago.
> 
> Only four eyes?

This is a silly rhetorical question. 
How many 'eyes' are appropriate for a last, final look?
Many, many eyes had surely already looked at the same code before
this final look. 

-- 
Paul E Condon   
pecon...@mesanetworks.net


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140416144801.ga22...@big.lan.gnu

Repeatable apt-get WARNING: The following packages cannot be authenticated!

[Richard Owlett]

Richard Owlett wrote:

[SNIP]
I will try to give enough detail that someone could duplicate
what I've done.

My environment:
   1. Lenovo R61 ThinkPad with intentionally no network connectivity
   2. 64 GB USB flash drive
   3. Set of physical install DVDs (Debian 6.0.5 was all
  available when I started)
   4. A reasonably typical install of Squeeze using Gnome2 DE

My procedure:
   1. Copy DVD 1 of 8 to beginning of flash drive using dd
   2. Create an ext2 partition on remainder of drive using
  Gparted, labeling it squeeze_dvds
   3. Copy each of the 8 DVDs to that partition using dd
  I now have files dvd1.iso thru dvd8.iso on that partition.
   4. Create mount points with
  mkdir /home/richard/tst/dvd1
  thru
  mkdir /home/richard/tst/dvd8
5. Loop mount the files with
mount -t iso9660 -o ro,loop /media/squeeze_dvds/dvd1.iso
/home/richard/tst/dvd1
  thru
mount -t iso9660 -o ro,loop /media/squeeze_dvds/dvd8.iso
/home/richard/tst/dvd8
6.  Replace contents of /etc/apt/sources.list with
deb file:/home/richard/tst/dvd1 squeeze contrib main
  thru
deb file:/home/richard/tst/dvd7 squeeze contrib main
deb file:/home/richard/tst/dvd8 squeeze main
 NOTE - {no "contrib" files exist on last DVD}
7. In Synaptic type Ctrl+R to reload package information
8. Install desired additional packages

*UNRESOLVED PROBLEM*
When marking a package as "to install", a warning message is
triggered saying the package cannot be authenticated. I don't
understand. I assumed that by copying with dd all relevant
information would  be available.


Google search not very useful. Lots of hits on the general 
structure of repositories and  creating personally signed private 
repositories. Only fount one hit relevant to diagnosing error 
message when repository is apparently fully legitimate clone of 
official repo.


I found a thread titled "How to use the debian installation iso 
for installing packages using aptitude". The relevant diagnostic 
suggestions began near end of 
https://lists.debian.org/debian-user/2013/08/msg00554.html .


I found no indication that the problem was ever resolved.
Suggestions please.

Below is transcript of following suggestions from that and 
subsequent posts.

*NOTE* I've inserted blank lines to make it more readable

root@debian:/home/richard# mount -t iso9660 -o ro,loop 
/media/squeeze_dvds/dvd1.iso /home/richard/tst/dvd1
root@debian:/home/richard# mount -t iso9660 -o ro,loop 
/media/squeeze_dvds/dvd2.iso /home/richard/tst/dvd2
root@debian:/home/richard# mount -t iso9660 -o ro,loop 
/media/squeeze_dvds/dvd3.iso /home/richard/tst/dvd3
root@debian:/home/richard# mount -t iso9660 -o ro,loop 
/media/squeeze_dvds/dvd4.iso /home/richard/tst/dvd4
root@debian:/home/richard# mount -t iso9660 -o ro,loop 
/media/squeeze_dvds/dvd5.iso /home/richard/tst/dvd5
root@debian:/home/richard# mount -t iso9660 -o ro,loop 
/media/squeeze_dvds/dvd6.iso /home/richard/tst/dvd6
root@debian:/home/richard# mount -t iso9660 -o ro,loop 
/media/squeeze_dvds/dvd7.iso /home/richard/tst/dvd7
root@debian:/home/richard# mount -t iso9660 -o ro,loop 
/media/squeeze_dvds/dvd8.iso /home/richard/tst/dvd8



root@debian:/home/richard# apt-get install pforth
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  pforth
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/81.2 kB of archives.
After this operation, 291 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  pforth
Install these packages without verification [y/N]?
E: Some packages could not be authenticated



root@debian:/home/richard# find /home/richard/tst/dvd1 -name 
'debian-archive-keyring_*_all.deb'

/home/richard/tst/dvd1/pool/main/d/debian-archive-keyring/debian-archive-keyring_2010.08.28_all.deb
root@debian:/home/richard# dpkg -i 
/home/richard/tst/dvd1/pool/main/d/debian-archive-keyring/debian-archive-keyring_2010.08.28_all.deb
(Reading database ... 116472 files and directories currently 
installed.)
Preparing to replace debian-archive-keyring 2010.08.28 (using 
.../debian-archive-keyring_2010.08.28_all.deb) ...

Unpacking replacement debian-archive-keyring ...
Setting up debian-archive-keyring (2010.08.28) ...
gpg: key F42584E6: "Lenny Stable Release Key 
" not changed
gpg: key 55BE302B: "Debian Archive Automatic Signing Key 
(5.0/lenny) " not changed
gpg: key 6D849617: "Debian-Volatile Archive Automatic Signing Key 
(5.0/lenny)" not changed
gpg: key B98321F9: "Squeeze Stable Release Key 
" not changed
gpg: key 473041FA: "Debian Archive Automatic Signing Key 
(6.0/squeeze) " not changed

gpg: Total number processed: 5
gpg:  unchanged: 5


root@debian:/home/richard# dpkg --status debian-archive-keyring
Package: debian-archive-keyring
Status: install ok installed
Priority: important
Section: misc
Installed

Re: [OT] Medical identity theft was: Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

[Karen Lewellen]

Perhaps smiles.
After all most countries do not associate so much critical information 
to one number.
But many people do not put their private information by choice in places where 
security  of a site is a risk either so.

Sorry for the side track smiles.
Kare

On Wed, 16 Apr 2014, Lisi Reisz wrote:


On Wednesday 16 April 2014 14:54:03 Karen Lewellen wrote:

I give you an example of medical identity theft.  At least how it
can happen stateside.
You are say a senior or someone with a print disability in a
doctor's office.
You must get help completing the forms, and the first question you
must provide  is...?


This is a very American rant.  The inability of the rest of us to make
sense of it is because it doesn't apply to most of us.

Anyhow, anyone who wants my medical identity is welcome to it - so
long as I lose it when they acquire it. ;-)

Lisi


your social security umber.   Add that you may also be providing
this person private insurance numbers and the like.  A person need
only write down our identification and have a field day.
Given how challenging it is to correct damage done on your credit
file, see the informative story on the 60 minutes website about
this, a person may never get cleared.  the thief on the other hand
is getting credit cards and cell phones and medial things with your
information.
because the victim may not be able to investigate with ease, they
might not even know their identity has been compromised.
make sense?
Kare

On Wed, 16 Apr 2014, shawn wilson wrote:

On Wed, Apr 16, 2014 at 8:54 AM, John Hasler 

wrote:

Bill Wood writes:

and medical identity theft has risen sharply in recent years.


What is medical identity theft?


I'd also be interested seeing the proof for the claim (I think he
means medical data breaches but IDK anyone has disclosed that
information).


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmas...@lists.debian.org Archive:
https://lists.debian.org/CAH_OBieq6ECfG914h=E3_UXq2Q_YnUv6O-vzd9O
hcrkaqw7...@mail.gmail.com



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201404161545.05229.lisi.re...@gmail.com





--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: 
https://lists.debian.org/pine.bsf.4.64.1404161100460.41...@server1.shellworld.net

Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

[Paul E Condon]

On 20140416_0754-0500, John Hasler wrote:
> Bill Wood writes:
> > I have noticed that everyone talks about the impact on the financial
> > services sector but no one has mentioned the health care information
> > sector.  I understand that healthcare systems use SSL a great deal,
> > and medical identity theft has risen sharply in recent years.
> 
> What is medical identity theft?

A very good, leading question. I think it is the kind of vacuous meme
that happens when a person's words get ahead of his thinking, the
origin of bad law.


-- 
Paul E Condon   
pecon...@mesanetworks.net


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140416151455.gb22...@big.lan.gnu

Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

[Curt]

On 2014-04-16, Paul E Condon  wrote:
>> 
>> Only four eyes?
>
> This is a silly rhetorical question. 
> How many 'eyes' are appropriate for a last, final look?
> Many, many eyes had surely already looked at the same code before
> this final look. 

We're talking about code *review*. 

>From the Sydney Morning Herald:

 Dr Seggelmann, of Münster in Germany, said the bug which introduced the
 flaw was "unfortunately" missed by him and a reviewer when it was
**
 introduced into the open source OpenSSL encryption protocol over two
 years ago.

...

 After he submitted the code, a reviewer "apparently also didn’t notice
  **
 the missing validation", Dr Seggelmann said, "so the error made its way
 from the development branch into the released version." Logs show that
 reviewer was Dr Stephen Henson.

...

 Phong Q. Nguyen, Author of the GNUPG paper Phong Q. Nguyen noted that
 "bad cryptography is much more frequent than good cryptography", and the
 "fact that a source code can be read does not imply that it is actually
 read, especially by cryptography experts".

 "A reviewer would only look at the way [the algorithm] works, not at the
 code of the program that was submitted. The same happened with GNUPG,
 the reviewer accepted the code."


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/slrnlkt7kd.2e5.cu...@einstein.electron.org

Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

[Ralph Katz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 04/16/2014 10:36 AM, Bill Wood wrote:
> On Wed, 2014-04-16 at 09:01 -0400, shawn wilson wrote:
>> On Wed, Apr 16, 2014 at 8:54 AM, John Hasler
>>  wrote:
> . . .
>>> What is medical identity theft?
> 
> Theft of patient identity information, usually for the purpose of 
> insurance fraud.
> 
>> I'd also be interested seeing the proof for the claim (I think
>> he means medical data breaches but IDK anyone has disclosed that 
>> information).
> 
> My brother was heavily involved in bringing hospitals into HIPAA 
> compliance after the Act was implemented in, I think, 1996.  He 
> subsequently consulted for the state government and hospital
> systems defining security and privacy policies and conducting
> audits until his retirement a few years ago.  He told me yesterday
> (U.S. CDT) about the sharp rise in patient identity theft in recent
> years.  His comment was that ID theft occurred more often as 1-1
> cases than as massive breaches like the recent Target exploits.
> Apparently the goal is usually to obtain health services and
> prescriptions from another person's insurance.  The consequences of
> the corruption of the victim's medical records can be devastating.
> 

More info here:
http://www.consumer.ftc.gov/articles/0171-medical-identity-theft


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTTqdlAAoJECe2FpioHXO6jzEH/AwtRnTv0jm2I+1XDEZDfGF/
oU6LdokbkGkTZmNlBHIsI/YrF/3dDbJUr+83crAtY+36gV29bEsBr7sQsAvvoIbr
TlKyanGonaC72IpVVcNNy7yUU/vjgExw5lqjjDWmhfCEZh3ojlR3NwxmigAdNZsc
DUicNGjga8gVF+TLWnIcWujh1IhDDtEr0LFWhuSahJ2HQSXVEa/on+NhhkBAj2o6
jY3NrpmMItnp9/1nkRikx++B96iSAPjjq/HQbzDU3OMA+iYjvGD4s4JwkIuP3jUs
SM2dtVELmpmOlDkjb7QQAy+DN4tlw8b3S5RODzR+0ybw5e6zlMHtelv6bGXOtZQ=
=AZoQ
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/534ea76b.7000...@rcn.com

Re: Skype - no microphone input sound...

[pch0317]

Read this https://wiki.debian.org/skype - it help me.

On 04/13/2014 02:26 AM, Man_Without_Clue wrote:
Is there anyone who is using Skype with no problem at all on Debian 
Wheezy 64 bit?




On 04/12/2014 12:13 AM, Man_Without_Clue wrote:

Hi all,

I don't know what really is going on and where to start this off.

For some reason Skype doesn't pick up microphone audio at all.

I set pulse audio and with other applications, microphone is working 
fine...


On Debian wheezy 64 bit

No clue, absolutely no clue...







--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/534eac05.4040...@gmal.com

Re: unpack error

[Frank McCormick]

On 16/04/14 10:23 AM, Sven Joachim wrote:

On 2014-04-16 02:54 +0200, Frank McCormick wrote:


I installed youtube-dl on the Sid installation tonight
and noticed a dpkg error  which didn't halt the process.

This is what happened:





Selecting previously unselected package libav-tools.
Preparing to unpack .../libav-tools_6%3a9.11-3+b2_i386.deb ...
dpkg: error: --compare-versions takes three arguments: 
 

Type dpkg --help for help about installing and deinstalling packages [*];
Use 'apt' or 'aptitude' for user-friendly package management;
Type dpkg -Dhelp for a list of dpkg debug flag values;
Type dpkg --force-help for a list of forcing options;
Type dpkg-deb --help for help about manipulating *.deb files;

Options marked [*] produce a lot of output - pipe it through 'less' or
'more' !



That's https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742676.  I
think the maintainer scripts are invoking dpkg-maintscript-helper not
quite correctly.


Is this a major problem? I ask because the installation went ahead
without aborting.


It's not a big deal apparently.

Cheers,
Sven


  Yup, that's the one...it's been there since March 26tth..I guess 
because it's not a big deal :)






--
When the rich get richer they get more powerful
and that puts them in the position to lobby for policies
to make them even richer.
- former Clinton advisor Larry Summers


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/534eadd1.30...@videotron.ca

Re: Wayland in Debian

[Ralf Mardorf]

On Wed, 16 Apr 2014 10:45:01 +0200 I replied to this thread. After
subscribing again with my Alice account, I now receive mails, but when I
send this mail using the Alice account, it didn't came through the list.

A chance to reconsider my reply and to send another one instead, with
one rhetorical question.

What window manager do you plan to use after switching to Wayland?

And a serious question, perhaps OT, but we never know.

Do you like the trend to drop window title bars, resp. to drop window
buttons and to drop menu bars?

www.another-bloated-desktop-conspiracy-question-mark.neverneverland


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1397664975.13149.73.camel@archlinux

Re: Sun/Oracle Java

[Andrew McGlashan]

On 16/04/2014 3:34 PM, Scott Ferguson wrote:
> # make-jpkg jre-7u21-linux-i586.tar.gz

If you need Java, then you really *must* have the latest version, 7u21
is quite old now .. there have been 5 updates including the latest at
7u55 [1].

Cheers
A.

Footnote: It has been said that JAVA stands for:
   "Just Another Vulnerability Update"  ;-)

[1] http://www.oracle.com/technetwork/java/javase/7u-relnotes-515228.html




-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/534ebd94.3030...@affinityvision.com.au

Re: Skype - no microphone input sound...

[Mark Carroll]

> On 04/13/2014 02:26 AM, Man_Without_Clue wrote:
>> Is there anyone who is using Skype with no problem at all on Debian 
>> Wheezy 64 bit?

I missed the start of this thread, but I have Skype working just fine on
Debian Wheezy 64 bit. I am using ALSA, not pulseaudio or anything, and I
have Skype installed inside a 32-bit chroot (using schroot) so I don't
know if for your purposes that counts or not.

-- Mark


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87ppkhcggt@ixod.org

Re: Sun/Oracle Java

[Brad Rogers]

On Thu, 17 Apr 2014 03:27:48 +1000
Andrew McGlashan  wrote:

Hello Andrew,

>Footnote: It has been said that JAVA stands for:
>   "Just Another Vulnerability Update"  ;-)

(smiley noted)

Wouldn't that be JAV*U*?   :-)

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
I'll tell you something, I think that you should know
Rich Kids - Rich Kids


signature.asc
Description: PGP signature

[j...@debian.org: [SECURITY] [DSA 2907-1] Announcement of long term support for Debian oldstable]

[Brian]

For those who are interested in still running squeeze and those who took
note of

  https://lists.debian.org/debian-user/2014/03/msg01075.html




- Forwarded message from Moritz Muehlenhoff  -

Date: Wed, 16 Apr 2014 18:24:18 +0200
From: Moritz Muehlenhoff 
To: debian-security-annou...@lists.debian.org
Subject: [SECURITY] [DSA 2907-1] Announcement of long term support for Debian 
oldstable
Reply-To: debian-secur...@lists.debian.org
User-Agent: Mutt/1.5.23 (2014-03-12)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -
Debian Security Advisory DSA-2907-1   secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
April 16, 2014 http://www.debian.org/security/faq
- -

This is an advance notice that regular security support for Debian
GNU/Linux 6.0  (code name "squeeze") will be terminated on the 31st of
May.

However, we're happy to announce that security support for squeeze is
going to be extended until February 2016, i.e. five years after the 
initial release. This effort is driven by various interested parties /
companies which require longer security support. See the "LTS" section 
of https://lists.debian.org/debian-devel-announce/2014/03/msg4.html
for the initial announcement.

The details are currently being sorted out and a more detailed 
announcement will be made soon.

Brief advance FAQ (but you should really wait for the more detailed 
announcement):

Q: What's the difference between regular security support and the LTS 
   support?
A: squeeze-lts is only going to support i386 and amd64. If you're
   running a different architecture you need to upgrade to Debian 7 
   (wheezy). Also there are going to be a few packages which will not
   be supported in squeeze-lts (e.g. a few web-based applications
   which cannot be supported for five years). There will be a tool to 
   detect such unsupported packages.

Q: Does this mean that Debian 7 (wheezy) and/or Debian 8 (jessie) will 
   have five years security support as well?
A: Likely, we'll see how squeeze-lts turns out. If there's sufficient 
   support it will be continued for later releases as well. Also, see 
   below.

Q: Is additional help needed?
A: Absolutely. squeeze-lts is not handled by the Debian security team, 
   but by a separate group of volunteers and companies interested in 
   making it a success (with some overlap in people involved). So, if
   you're a company using Debian and seeing a benefit in security 
   support for five years, get in touch with t...@security.debian.org
   and we'll see how you can help (if you e.g. don't have the manpower /
   know how but are willing to contribute, we can point you to a list
   of Debian consultants)

Mailing list: debian-security-annou...@lists.debian.org


-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJTTq40AAoJEBDCk7bDfE42irUP/07ESI2s3WobVwt6CWtLxgac
HdM11boSnqDJgoG6IV4hoOWgmeUluxQu+VH/e55k6etWN8tC4rYBgkDsOfRBLros
9S9XesreaJ7rS4RbGZSRwCqVMNPpMBCHcBIFchwMcSwjcVyBeNrfcfm6blBVkpY2
2t6ml6ar3au9mAS1WqhktAKfQY9YlrvXPnzNL2/fkW6U6hCPeqOPOa4glm0ZbXgA
qkkOZZ52anaz70FA5ZWsCnpktz8mwrnfKuoH3gDmLTo6cnuWBH0ZxB3kvKAnY9rn
2QWE0EUBYi/ch26E8RkQ4W8xHC+KTMdVnfsKyd8ggHBdaQBuQwSuqxCT75KLhjOd
9WWzlnI4UK0Q4M3SYoOqTtwC7ImBeIamDZ+bhOapDjzfA6Z1RovqZ2q5DkpxMStf
L95paG8lbgvggBZ6X+1hTBNxbhae4DLLsrXjCBSqk1DtiiWL/ukAsAKCJ6ufzX8f
2fTYBilb6o51wQTp+0fUuTRJkBv/jgp/PlaWLOaPDmlqFxmYTRr0HrLjaDuj4J7s
F8m6AS9Nw3lEzYo5g65xg0/xvq5hBa/A6zM+x7cn/21llOmPvY5VbWlcO5ywAYh7
151een6x4tWTSd7bLdvrxCiQWSYNnUnfFJcJz3v7kqPtRq4GnLyKzvpNtaOjzrx8
1OawvgPyZEqBBsb0sw11
=OwPu
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140416162417.GA2707@pisco.westfalen.local


- End forwarded message -


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140416175814.gg3...@copernicus.demon.co.uk

Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

[Steve Litt]

On Wed, 16 Apr 2014 08:48:01 -0600
Paul E Condon  wrote:

> On 20140416_0823+, Curt wrote:
> > On 2014-04-16, Slavko  wrote:

> > Robin Seggelmann introduced the bug:
> > 
> > >From the Sydney Morning Herald:
> > 
> >  Dr Seggelmann, of Münster in Germany, said the bug which
> > introduced the flaw was "unfortunately" missed by him and a
> > reviewer when it was introduced into the open source OpenSSL
> > encryption protocol over two years ago.
> > 
> > Only four eyes?
> 
> This is a silly rhetorical question. 
> How many 'eyes' are appropriate for a last, final look?
> Many, many eyes had surely already looked at the same code before
> this final look. 

I'd feel a lot better with 200 eyes than 4. Even 10 would make me
nervous.

But the fault is partly mine. I never contributed to the OpenSSL
project, either with dollars or eyes.

SteveT

Steve Litt*  http://www.troubleshooters.com/
Troubleshooting Training  *  Human Performance


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140416140539.53f7a0dd@mydesk

Re: Sun/Oracle Java

[Andrew McGlashan]

On 17/04/2014 3:56 AM, Brad Rogers wrote:
> On Thu, 17 Apr 2014 03:27:48 +1000
> Andrew McGlashan  wrote:
> 
> Hello Andrew,
> 
>> Footnote: It has been said that JAVA stands for:
>>   "Just Another Vulnerability Update"  ;-)
> 
> (smiley noted)
> 
> Wouldn't that be JAV*U*?   :-)

Whoops, the last A is for Announcement ...

Cheers
A.




signature.asc
Description: OpenPGP digital signature

Re: Matrox G450 PCI DVI with modern xorg ?

[Mark Carroll]

didier gaumet  writes:

> Le 15/04/2014 22:01, Mark Carroll a écrit :
(snip)
>> Rather than trying many more speculative adjustments, I am wondering:
>> does anybody else actually have this hardware working with a modern 
>> xorg under Debian?
(snip)

Well, the silence on this point isn't encouraging.

> I would suggest to install firmware-linux-non-free if not already
> installed, and reboot to test.

Yes, got that, currently have the sid one in.

(The mga_drv.so downloaded from Matrox instead, doesn't work: 
undefined symbol: miEmptyData)

> If not sufficient, I would try to boot the kernel with the nomodeset
> option to disable KMS: I do not know if KMS is enabled at boot for your
> graphic card but anyhow, I doubt it can manage it.

That's a new to me, thanks. Now done:

$ dmesg | grep nomodeset
[0.00] Command line: BOOT_IMAGE=/boot/vmlinuz-3.2.0-4-amd64 
root=UUID=c2a40482-3482-4671-b9a0-58a201e94879 ro nomodeset quiet
[0.00] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-3.2.0-4-amd64 
root=UUID=c2a40482-3482-4671-b9a0-58a201e94879 ro nomodeset quiet

> In case of failure, I would inquire about (EE) error codes in
> /var/log/Xorg*.log.

Regardless of if I have the Matrox mga_hal in place or not, they are:

/var/log/Xorg.0.log:[   317.276] (EE) open /dev/dri/card0: No such file or 
directory
/var/log/Xorg.0.log:[   317.290] (EE) open /dev/fb0: No such file or directory
/var/log/Xorg.0.log:[   318.164] (EE) AIGLX: reverting to software rendering

See http://pastebin.com/zExRYQ7m (includes the killall xinit after 20s).

-- Mark


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87mwfl9jg2@ixod.org

Re: Matrox G450 PCI DVI with modern xorg ?

[Sven Hartge]

Mark Carroll  wrote:

> I have a Matrox G450 video card in a 5v 33MHz PCI slot in an old system.
> I hope to get DVI output from it, I don't care about using the other
> head. While the console is fine, I can't get xorg to work with it.

I am afraid to say this, but: G450 DVI with modern Xorg does not work
and will never work, because you need the closed source proprietary HAL
for this which has not been updated since a long long time.

I tried to get this to work several years ago, trying everything, even
binary patching mga_hal.so with some information gathered from Usenet
and forums.

I'm sorry, but "it's dead, Jim".

Grüße,
Sven.

-- 
Sigmentation fault. Core dumped.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/6ajp9smpv...@mids.svenhartge.de

Re: Sun/Oracle Java

[Ric Moore]

On 04/16/2014 03:16 AM, Frank Weißer wrote:

Hi Oliver!

>
> Facing the same problem a while ago, i somewhere found a hint to add
>
> deb http://www.duinsoft.nl/pkg debs all
>
> to sources.list. Don't remember from where, but it works for me on
> debian testing.
>
>
I use this with Debian Wheezy and Jessie

|sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java7-installer

It does everything, including updating the browser, correcting the links 
in alternatives and setting paths. It's blooming magic. I too have an 
app that refuses to run with OpenJDK. Ric

http://www.webupd8.org/2012/01/install-oracle-java-jdk-7-in-ubuntu-via.html



--

My father, Victor Moore (Vic) used to say:

"There are two Great Sins in the world...

..the Sin of Ignorance, and the Sin of Stupidity.

Only the former may be overcome." R.I.P. Dad.

https://linuxcounter.net/cert/44256.png

X-oldie-warning: Toothless but still vicious




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: https://lists.debian.org/534ee378.4040...@gmail.com

Re: Cropping a large collection of .PNG screenshots

[Slavko]

Ahoj,

Dňa Wed, 16 Apr 2014 09:20:54 +0200 Alberto Luaces 
napísal:

> In order to get the clipping coordinates, "display" from the same
> package bringing "convert" can be used: press "c" and then drag the
> mouse to define the region.
> 
> "display" loading is almost instantaneous.

I didn't know about his feature of the display. But it is not the same,
although both provides coordinates, the display don't allow to finalize
selection by moving the selection's border.

Or is there in display solution for this too, please?

regards

-- 
Slavko
http://slavino.sk


signature.asc
Description: PGP signature

Re: Heartbleed

[Slavko]

Ahoj,

Dňa Tue, 15 Apr 2014 22:32:26 -0500 Bill Wood
 napísal:

> I've been following this thread since it started, as well as some
> other Internet sites that have been mentioned, and I have noticed that
> everyone talks about the impact on the financial services sector but
> no one has mentioned the health care information sector.  I

Not everyone ;-) My bank had no problem with this, my hospital uses
standard papers...

I am talking about encryption and the F/OSS in general and i have my
privacy in the mind. Here exists a lot of people int today world, which
tell, that they have nothing to hide. But i don't want to share my
privacy with others. I want, that my small home server to remain my
(administration) and when i encrypt something, i want to nobody smile
from me (and my public secrets). And i am talking about my fears from
near future...

I expect, that critical applications (openssl, gpg, ssh, gnutls, etc)
will not contain these mistakes, and if something similar happens again
(because yes - mistakes happens), then discovering these mistakes will
not take years, but days or weeks...

I cannot contribute. I am not a crypto expert, nor the C expert (nor
any other language). I am regular user (perhaps more than regular,
but in software usage), i have no spare money to sponsor them. I can
(and i do it) contribute on another parts (translating, package
management, etc), but i cannot help with code or code reviews.

Is it a my mistake, that i cannot help with this? Am i expecting a
lot? Need i switch to proprietary software (yes, i know, that is no
solution)?

And there is one crucial question. There was debian's patches, gnutls
mistakes, gnupg mistakes in last years. Now there was a openssl problem.
The crucial question is: What will be next? What need to happen, in
order to things changes?

I am sorry, that i am sharing my frustration...

regards

-- 
Slavko
http://slavino.sk


signature.asc
Description: PGP signature

Re: Heartbleed

[Lisi Reisz]

On Wednesday 16 April 2014 22:43:40 Slavko wrote:
> Is it a my mistake, that i cannot help with this? Am i expecting a
> lot? Need i switch to proprietary software (yes, i know, that is no
> solution)?

And you believe that proprietary software is _better_?? :-/

Lisi


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/201404162356.43079.lisi.re...@gmail.com

Re: Heartbleed

[Brad Alexander]

On Wed, Apr 16, 2014 at 5:43 PM, Slavko  wrote:

> Ahoj,
>
> I am talking about encryption and the F/OSS in general and i have my
> privacy in the mind. Here exists a lot of people int today world, which
> tell, that they have nothing to hide.


*Everybody* has something to hide. Everyone. Don't believe me? Offer to put
a public webcam in their bathroom. :D

The problem is that the people that are wanting to know every single thing
about everyone are the same ones that are making the rules as to whether or
not you have anything to hide.

I expect, that critical applications (openssl, gpg, ssh, gnutls, etc)
> will not contain these mistakes, and if something similar happens again
> (because yes - mistakes happens), then discovering these mistakes will
> not take years, but days or weeks...
>
> Is it a my mistake, that i cannot help with this? Am i expecting a
> lot? Need i switch to proprietary software (yes, i know, that is no
> solution)?
>

You could, but then, you end up in a situation where a corporate entity
will sacrifice your security for their bottom line, for their next
quarterly earnings statement. Look at MS, who finally fixed a years-old bug
in XP two months before it's end of life...Or Apple, sacrifices your
security by wordsmithing. According to them, they don't get malware, their
computers just have "unwanted programs."

Re: Heartbleed

[Ralf Mardorf]

On Wed, 2014-04-16 at 21:18 -0400, Brad Alexander wrote:
> *Everybody* has something to hide. Everyone. Don't believe me? Offer
> to put a public webcam in their bathroom. :D

That's why I don't have a webcam in my bathroom and assumed my iPad
would be connected to the Internet, I would paste a light-tight thingy
to the cams of it.

When I mentioned that the German news talk about openssl nowadays, but
nobody on Linux and BSD mailing lists care about those news, I wanted to
pointed out, that our communities are aware about the issues and not
that we are ignorant, but it simply is known.



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1397698532.13149.107.camel@archlinux

Re: Heartbleed

[Wolf Halton]

As soon as heartbleed was found, they patched the OpenSSL package.  My
servers are in the process of being patched and when they are, the SSL
certs will be updated.  This door was open for a long time when nobody had
seen it, but the door was shut and nailed closed as soon as the problem was
noticed.  OpenSource is still the best way to go.

Wolf Halton

--
This Apt Has Super Cow Powers - http://sourcefreedom.com
Security in the Cloud -
http://AtlantaCloudTech.com



On Wed, Apr 16, 2014 at 9:35 PM, Ralf Mardorf
wrote:

>
>
> On Wed, 2014-04-16 at 21:18 -0400, Brad Alexander wrote:
> > *Everybody* has something to hide. Everyone. Don't believe me? Offer
> > to put a public webcam in their bathroom. :D
>
> That's why I don't have a webcam in my bathroom and assumed my iPad
> would be connected to the Internet, I would paste a light-tight thingy
> to the cams of it.
>
> When I mentioned that the German news talk about openssl nowadays, but
> nobody on Linux and BSD mailing lists care about those news, I wanted to
> pointed out, that our communities are aware about the issues and not
> that we are ignorant, but it simply is known.
>
>
>
> --
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmas...@lists.debian.org
> Archive: https://lists.debian.org/1397698532.13149.107.camel@archlinux
>
>

Re: Heartbleed

[Ralf Mardorf]

On Thu, 2014-04-17 at 03:35 +0200, Ralf Mardorf wrote:
> 
> On Wed, 2014-04-16 at 21:18 -0400, Brad Alexander wrote:
> > *Everybody* has something to hide. Everyone. Don't believe me? Offer
> > to put a public webcam in their bathroom. :D
> 
> That's why I don't have a webcam in my bathroom and assumed my iPad
> would be connected to the Internet, I would paste a light-tight thingy
> to the cams of it.
> 
> When I mentioned that the German news talk about openssl nowadays, but
> nobody on Linux and BSD mailing lists care about those news, I wanted to
> pointed out, that our communities are aware about the issues and not
> that we are ignorant, but it simply is known.

PS: The NSA claimed that they were not aware about the openssl issues,
so they couldn't benefit from it.

Hm?

They have absolutely control about the Internet, but are unable to to
get informations from open mailing lists and newsgroups?

Wow! ;)



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1397699402.13149.111.camel@archlinux

Re: Sun/Oracle Java

[Scott Ferguson]

On 17/04/14 03:27, Andrew McGlashan wrote:
> On 16/04/2014 3:34 PM, Scott Ferguson wrote:
>> # make-jpkg jre-7u21-linux-i586.tar.gz
> 
> If you need Java, then you really *must* have the latest version, 7u21
> is quite old now .. there have been 5 updates including the latest at
> 7u55 [1].
> 
> Cheers
> A.

> 
> 
> 
> 

The "presumption" was made that the majority of readers, including the
OP, would have the basic intelligence necessary to differentiate between
the instructions to use "the latest java package" and an *example* using
"an example version".
There's really no need to pass laws against bad weather, or sharp
corners on furniture, to protect idiots from themselves - it's just not
possible, as demonstrated by your confirmation biased ability to read
stupid in carefully worded instructions.

Regards.




-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/534f38e2.6040...@gmail.com

Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)

[green]

Steve Litt wrote at 2014-04-16 13:05 -0500:
> I'd feel a lot better with 200 eyes than 4. Even 10 would make me
> nervous.
> 
> But the fault is partly mine. I never contributed to the OpenSSL
> project, either with dollars or eyes.

+1


signature.asc
Description: Digital signature

Re: Duplicate sources.list entry

[Charles Kroeger]

On Wed, 16 Apr 2014 13:50:01 +0200
Jochen Spieker  wrote:

> Someone asked that same question only about 1.5 hours ago with the same
> subject line. :)

strange isn't it..looks like a clear case of simultaneous unconsciousness.

-- 
CK 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/br93rjfkf5...@mid.individual.net