Re: debian CDs DVDs

[Thomas Schmitt]

Hi,

arne wrote:
> The jigdo files do not work nowadays too.

I believe to know what you mean.
If you enter the .jigdo file URL like
  https://cdimage.debian.org/debian-cd/current/amd64/jigdo-bd/debian-9.3.0-a
md64-BD-1.jigdo
then it says immediately

  File 
`https://cdimage.debian.org/debian-cd/current/amd64/jigdo-bd/debian-9.3.0-am 
d64-BD-1.jigdo' does not exist!

This is bug 865864, which is fixed by a new jigdo-file package since about
a month: The download URLs have been changed to "https" but jigdo-lite did
not recognize this as valid URL prefix.
(I encountered it yesterday when testing Jigdo download by help of a running
 Debian LiveCD system and "apt-get install jigdo-file".)

A workaround is to use program wget to download .jigdo and .template file.
Then, while still being in the download directory, run jigdo-lite with
the URL of the .jigdo file. It will report that both files need not to be
downloaded and will go on with processing. (The mirror should have no "https"
either, i believe to remember ...)

Or, if you feel apt, consider to apply the changes from
  
https://sources.debian.org/src/jigdo/0.7.3-5/debian/patches/03.jigdo-lite-https.patch/
to a local copy of the shell script /usr/bin/jigdo-lite and run that copy.


Have a nice day :)

Thomas

Re: Keyboard language randomly changes to Arabic(?)

[Tim Hume]

> Original Message 
>Subject: Re: Keyboard language randomly changes to Arabic(?)
>Local Time: 12 January 2018 1:09 PM
>UTC Time: 12 January 2018 02:09
>From: d...@debian.org
>To: debian-user@lists.debian.org
>
>On Thu, 11 Jan 2018, Tim Hume wrote:
>>I've encountered a strange problem where my keyboard layout/language
>> changes when I'm typing. I'm running on Debian buster, upgraded with
>> all the latest updates.
>>
> I'm not certain, but I wonder if you're accidentally hitting the layout
> switch key when you type '| ' quickly. Often it's mapped to shift-caps
> or something like that.
>
> setxkbmap -print; should tell you what your default keymap is set to and
> what the possible alternates are. [There may also be an XFCE specific
> way of setting this.]
>
>
>
>Don Armstrong https://www.donarmstrong.com

I don't think I'm accidentally hitting the layout switch key. I can reliably 
reproduce this problem when I'm typing in both Libre Office and xfce4-terminal.

I've found a solution for the terminal; I've switched to using st (a cut-down 
terminal emulator). This doesn't have the problem. Plain old xterm doesn't have 
the problem either as far as I can tell. I wonder if xfce4-terminal and Libre 
Office share a common buggy library, or something like that?

Cheers,

Tim Hume

Re: Why was this package removed but apt?

[Jonathan Sélea]

Hi again,

A quick update:

It seems like

Unattended-Upgrade::Remove-Unused-Dependencies "false";

Is not "false" by default but indeed true in unattended-upgrades on 
Debian 9 (stretch)

Am I wrong about that?

/ Jonathan



On 01/11/18 16:27, Jonathan Sélea wrote:
Well, it was removed by unattended-upgrades according to term.log and 
apt.log :)


/ Jonathan


On 01/11/2018 03:35 PM, Stefan Monnier wrote:

It was installed manually by me:
apt install php7.1-mbstring
So I "explicitly asked" apt to install that package actually.

So now the question is why/how did this package end up marked
"automatically installed" (or if it wasn't, why did unattended-upgrades
remove it even tho it wasn't marked as automatically-installed; tho this
would most likely be a bug in unattended-upgrades and I think such a bug
is rather unlikely at this stage).


 Stefan








smime.p7s
Description: S/MIME Cryptographic Signature

java, javac versions not the same, apt-get doesn't help ...

[Albretch Mueller]

java gives you error messages when you compile and run code with
different versions of the JVM

while trying to update my box using apt-get I am getting:
"openjdk-8-jdk is already the newest version."

How do you make sure you install the same version of both java and
javac using apt-get?

lbrtchx
~
$ uname -a
Linux IBMThnkPdT60 3.16.0-4-686-pae #1 SMP Debian 3.16.36-1+deb8u1
(2016-09-03) i686 GNU/Linux

$ java -version
openjdk version "1.8.0_131"
OpenJDK Runtime Environment (build 1.8.0_131-8u131-b11-1~bpo8+1-b11)
OpenJDK Server VM (build 25.131-b11, mixed mode)

$ javac -version
javac 1.7.0_111


# _LOG_FL="openjdk-8-jdk_install_$(date +%Y%m%d%H%M%S).log"

# uname -a >> "${_LOG_FL}" 2>&1

# time(apt-get -V install openjdk-8-jdk) >> "${_LOG_FL}" 2>&1

# cat openjdk-8-jdk_install_20180112040601.log
Linux IBMThnkPdT60 3.16.0-4-686-pae
#1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) i686 GNU/Linux

Reading package lists...
Building dependency tree...
Reading state information...
openjdk-8-jdk is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 365 not upgraded.

real0m3.571s
user0m0.672s
sys 0m0.092s

# java -version
openjdk version "1.8.0_131"
OpenJDK Runtime Environment (build 1.8.0_131-8u131-b11-1~bpo8+1-b11)
OpenJDK Server VM (build 25.131-b11, mixed mode)

# javac -version
javac 1.7.0_111

Re: Keyboard language randomly changes to Arabic(?)

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Jan 12, 2018 at 03:47:45AM -0500, Tim Hume wrote:
> > Original Message 
> >Subject: Re: Keyboard language randomly changes to Arabic(?)
> >Local Time: 12 January 2018 1:09 PM
> >UTC Time: 12 January 2018 02:09
> >From: d...@debian.org
> >To: debian-user@lists.debian.org
> >
> >On Thu, 11 Jan 2018, Tim Hume wrote:
> >>I've encountered a strange problem where my keyboard layout/language
> >> changes when I'm typing. I'm running on Debian buster, upgraded with
> >> all the latest updates.
> >>
> > I'm not certain, but I wonder if you're accidentally hitting the layout
> > switch key when you type '| ' quickly. Often it's mapped to shift-caps
> > or something like that.
> >
> > setxkbmap -print; should tell you what your default keymap is set to and
> > what the possible alternates are. [There may also be an XFCE specific
> > way of setting this.]
> >
> >
> >
> >Don Armstrong https://www.donarmstrong.com
> 
> I don't think I'm accidentally hitting the layout switch key. I can reliably 
> reproduce this problem when I'm typing in both Libre Office and 
> xfce4-terminal.

You can verify (or falsify) that with xinput (same-named package).

Sample session:

  tomas@trotzki:~$ xinput list
  ⎡ Virtual core pointer  id=2[master pointer  (3)]
  ⎜   ↳ Virtual core XTEST pointerid=4[slave  pointer  (2)]
  ⎜   ↳ SynPS/2 Synaptics TouchPadid=10   [slave  pointer  (2)]
  ⎜   ↳ TPPS/2 IBM TrackPoint id=11   [slave  pointer  (2)]
  ⎣ Virtual core keyboard id=3[master keyboard (2)]
  ↳ Virtual core XTEST keyboard   id=5[slave  keyboard (3)]
  ↳ Power Button  id=6[slave  keyboard (3)]
  ↳ Video Bus id=7[slave  keyboard (3)]
  ↳ Sleep Button  id=8[slave  keyboard (3)]
  ↳ AT Translated Set 2 keyboard  id=9[slave  keyboard (3)]
  ↳ ThinkPad Extra Buttonsid=12   [slave  keyboard (3)]
  tomas@trotzki:~$ xinput test 9
  key release 36 
  key press   65 
   key release 65 
  key press   62 
  key release 62 
  key press   50 
  key press   37 
  [...]

The gory details in the manpage :)

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlpYflAACgkQBcgs9XrR2kZjqgCfQ8dvDJokGt7TVgmZ/Lq8G434
CXwAniPDme22IMRDLYMtSwpyFuEwLpT+
=ih4B
-END PGP SIGNATURE-

Re: java, javac versions not the same, apt-get doesn't help ...

[Bastien Durel]

Le vendredi 12 janvier 2018 à 04:20 -0500, Albretch Mueller a écrit :
> java gives you error messages when you compile and run code with
> different versions of the JVM
> 
> while trying to update my box using apt-get I am getting:
> "openjdk-8-jdk is already the newest version."
> 
> How do you make sure you install the same version of both java and
> javac using apt-get?
> 
> lbrtchx
> ~
> $ uname -a
> Linux IBMThnkPdT60 3.16.0-4-686-pae #1 SMP Debian 3.16.36-1+deb8u1
> (2016-09-03) i686 GNU/Linux
> 
> $ java -version
> openjdk version "1.8.0_131"
> OpenJDK Runtime Environment (build 1.8.0_131-8u131-b11-1~bpo8+1-b11)
> OpenJDK Server VM (build 25.131-b11, mixed mode)
> 
> $ javac -version
> javac 1.7.0_111
> 
> 
> # _LOG_FL="openjdk-8-jdk_install_$(date +%Y%m%d%H%M%S).log"
> 
> # uname -a >> "${_LOG_FL}" 2>&1
> 
> # time(apt-get -V install openjdk-8-jdk) >> "${_LOG_FL}" 2>&1
> 
> # cat openjdk-8-jdk_install_20180112040601.log
> Linux IBMThnkPdT60 3.16.0-4-686-pae
> #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) i686 GNU/Linux
> 
> Reading package lists...
> Building dependency tree...
> Reading state information...
> openjdk-8-jdk is already the newest version.
> 0 upgraded, 0 newly installed, 0 to remove and 365 not upgraded.
> 
> real0m3.571s
> user0m0.672s
> sys 0m0.092s
> 
> # java -version
> openjdk version "1.8.0_131"
> OpenJDK Runtime Environment (build 1.8.0_131-8u131-b11-1~bpo8+1-b11)
> OpenJDK Server VM (build 25.131-b11, mixed mode)
> 
> # javac -version
> javac 1.7.0_111
> 
You d'like to look at your alternatives

$ ls -l /etc/alternatives/java*
lrwxrwxrwx 1 root root 46 juil.  2  2017 /etc/alternatives/java ->
/usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
lrwxrwxrwx 1 root root 56 juil.  2  2017 /etc/alternatives/java.1.gz ->
/usr/lib/jvm/java-8-openjdk-amd64/jre/man/man1/java.1.gz
lrwxrwxrwx 1 root root 39 déc.  14  2010 /etc/alternatives/java_vm ->
/usr/lib/jvm/java-6-sun/jre/bin/java_vm
lrwxrwxrwx 1 root root 38 déc.  14  2010 /etc/alternatives/javaws ->
/usr/lib/jvm/java-6-sun/jre/bin/javaws
lrwxrwxrwx 1 root root 48 déc.  14  2010 /etc/alternatives/javaws.1.gz
-> /usr/lib/jvm/java-6-sun/jre/man/man1/javaws.1.gz

On this box, java and javaws use different java versions
You can set them using update-alternatives(1) -- or update-java-
alternatives(8) for java

-- 
Bastien

html page for bug report

[Pétùr]

I am looking for a very simple way to create a bug report webpage. I
would like to obtain a single html page where a visitor can create a bug
report or feature request. Another visitor can mark the bug as fixed. No
authentication. User have zero knowledge in html.

Are you aware of such program or script?

Pétùr

Re: html page for bug report

[Dan Ritter]

On Fri, Jan 12, 2018 at 11:33:17AM +0100, Pétùr wrote:
> I am looking for a very simple way to create a bug report webpage. I
> would like to obtain a single html page where a visitor can create a bug
> report or feature request. Another visitor can mark the bug as fixed. No
> authentication. User have zero knowledge in html.
> 
> Are you aware of such program or script?

Every bug or ticket tracker expands to fit at least a minimal
set of features: bug numbering, more states between "new" and
"fixed", assignment to individuals...

I like Request Tracker (RT) an awful lot. It's in Debian. It is
not simple to set up, but it can be quite simple to use.

-dsr-

Re: [Diagnostic Summary] Re: Strange message during boot

[Richard Owlett]

On 01/11/2018 01:28 PM, bw wrote:



On Thu, 11 Jan 2018, Richard Owlett wrote:


On 01/11/2018 11:35 AM, bw wrote:

[snip]
Sounds complicated, one version of grub but
separate boot partitions always gets me confused too.


Not sure best solution.
But I'm used to it and have not discovered any potholes. YET ;/
I've had it that way since Squeeze in order to force update-grub
to be run-able from only one environment.
At the time I was doing multiple install in a day to experiment
with package complement and configurations.




Well, I admit I do the same thing on one machine.  I have jessie,
stretch with fluxbox, and stretch with kde and I hate it when I
upgrade a kernel and get grub menu inconsistent so i purged grub
pkg on two of them.  I have used chroot in the past in an emergency
to update-initramfs, but this setup is pretty solid with an edited
40-custom file on the grub machine.


Any pointers to a good tutorial on NN-custom files?



I'm thinking a common /boot partition would be easier but not sure
how to set that up.


I've seen mention of effectively a minimalist kernel and *ONLY* those 
packages required for Grub to function. Never found directions for 
setting one up. I don't know if a common /boot partition would work on 
one of my machines with Windows and a arbitrary collection of Linux vendors.

Re: [Diagnostic Summary] Re: Strange message during boot

[Richard Owlett]

On 01/11/2018 01:43 PM, David Wright wrote:

On Thu 11 Jan 2018 at 11:10:33 (-0600), Richard Owlett wrote:

I multi-boot several varieties of Debian.
When booting one specific install, it displays many repetitions of:

Begin: Running /scripts/local-block ... done.



It then proceeds to bring up an apparently normal system.

[…]

sda8 - The problem install is Debian 8. It had been my primary work
   install until I trashed some data files. It has been kept to
   reconstruct those files as I have time.


Two questions: When did this start happening?


Not sure. Noticed it recently after fixing a long standing problem 
involving a bad UUID for the swap partition. Debian installer 
automatically changes the swap's UUID when a partition already 
identified as "swap partition" is used. I can sort-of see why it's done, 
but I find it a *NUISANCE* ;<



In view of the portion quoted above, why bother?


A forensic/educational analysis of just what I did to mess up what had 
been a nice and well working system.

There may still be useful data there.
Also, there are programs there I use rarely that I don't want to lose 
for now, but can't justify adding to current install. When disk space 
becomes critical, I'll likely move it to a flash drive.

Re: [Diagnostic Summary] Re: Strange message during boot

[The Wanderer]

On 2018-01-11 at 12:45, bw wrote:

> On Thu, 11 Jan 2018, The Wanderer wrote:
> 
>> On 2018-01-11 at 12:35, bw wrote:
>> 
>> > On stretch local_block is a function in a script named local, maybe using 
>> > a stretch tool on jessie has things confused?  or the initramfs-tools pkg 
>> > is hosed on the bad system.  Sounds complicated, one version of grub but 
>> > separate boot partitions always gets me confused too.
>> > 
>> > grep local_block /usr/share/initramfs-tools/scripts/local
>> > local_block()
>> > local_block "${dev_id}"
>> 
>> That's local_block; this appears to be local-block.
>> 
>> On my system (stable+testing, though with sysvinit rather than systemd):
>> 
>> $ dlocate scripts/local-block
>> mdadm: /usr/share/initramfs-tools/scripts/local-block
>> mdadm: /usr/share/initramfs-tools/scripts/local-block/mdadm
>> lvm2: /usr/share/initramfs-tools/scripts/local-block
>> lvm2: /usr/share/initramfs-tools/scripts/local-block/lvm2
> 
> Okay, that is weird.  I had no idea that a sysV system installed 
> different scripts, or why that is the case.
> 
> # find / -name local-block*
> #
> ls -l /sbin/init
> lrwxrwxrwx 1 root root 20 Nov 12 00:28 /sbin/init -> /lib/systemd/systemd

I don't think its being sysvinit has anything to do with it; I think
it's just a matter of the specific packages involved.

$ apt-file search scripts/local-block
cryptsetup: /usr/share/initramfs-tools/scripts/local-block/cryptroot
lvm2: /usr/share/initramfs-tools/scripts/local-block/lvm2
mdadm: /usr/share/initramfs-tools/scripts/local-block/mdadm

and of course the output of apt-file should have nothing to do with what
init system is active.

Do you have any of those three packages on your system? If not, that
would explain why you don't have any of these files.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: CVE-2017-5754 - ETA?

[Vincent Lefevre]

On 2018-01-04 12:47:42 -0800, Don Armstrong wrote:
> On Thu, 04 Jan 2018, francis picabia wrote:
> > Redhat, Ubuntu and others have kernel updates available today for this
> > kernel patch that has been worked on since November. Normally Debian
> > has been quick out of the gate with security measures.
> > 
> > Is there an ETA when Debian will update kernel packages?
> 
> The DSA has been (will be shortly?) released for stable. Unstable,
> testing, and likely oldstable will probably follow soon.
> https://security-tracker.debian.org/tracker/DSA-4078-1

According to answers on

  
https://security.stackexchange.com/questions/176624/how-do-i-check-if-kpti-is-enabled-on-linux/176654

linux-image-4.9.0-5-amd64 4.9.65-3+deb9u2 is still vulnerable as shown
below:

# dmesg | grep -i isolation
# cat /sys/kernel/debug/x86/pti_enabled
cat: /sys/kernel/debug/x86/pti_enabled: No such file or directory

The command line is:

  root=UUID=... ro console=ttyS0 console=hvc0 nomce loglevel=5 net.ifnames=0

thus KPTI is not disabled via the command line.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Frustration over Debian naming (was: Re: Meltdown fix for wheezy-backports)

[rhkramer]

Intentionally cross posted.

On Friday, January 12, 2018 04:58:38 AM Richard Hector wrote:
> Apologies for my misunderstanding. I hadn't made the mental link from
> wheezy to LTS (I don't (think I) have any wheezy machines left myself,
> but have acquired clients who do).

Aside: For those on the debian-user lists, the thread came from the debian-
backports list, but my frustration should probably be expressed more to the 
debian-user list (or debian-developer list, assuming there is such a list (to 
which I am not subscribed).

I like Debian, a lot, and have used it since 5.n (was that Lenny??), and will 
probably stick with it as my main daily user system (for some special purposes 
I will install other distros--e.g., I want to do some development for an 
application (Scintilla)  that requires C++ version 17 (iiuc) (although they do 
have an LTS support version that can be compiled with C++ version 11).

But the various names and use of those names gets very frustrating for me, and 
I suspect I am not the only one.  The numbered versions, the Toy Story names, 
and then the testing, stable, old stable, old old stable is just frustrating.

I'm not proposing a soltuion, I'm just expressing frustration.  I guess, for 
me, at first glance, the numbered versions seem easiest (and most 
straightforward)  to me.

I do susbscribe to the backports list.  Maybe someone will tell me that as an 
"ordinary user" I shouldn't, but I think others like myself may subscribe just 
to keep somewhat informed.

Anyway, have a good day.

Re: Frustration over Debian naming (was: Re: Meltdown fix for wheezy-backports)

[Holger Levsen]

On Fri, Jan 12, 2018 at 08:49:05AM -0500, rhkra...@gmail.com wrote:
> But the various names and use of those names gets very frustrating for me, 
> and 
> I suspect I am not the only one.  The numbered versions, the Toy Story names, 
> and then the testing, stable, old stable, old old stable is just frustrating.
 
https://en.wikipedia.org/wiki/Debian_version_history explains this
nicely and is linked from https://en.wikipedia.org/wiki/Debian


-- 
cheers,
Holger


signature.asc
Description: PGP signature

Re: Frustration over Debian naming (was: Re: Meltdown fix for wheezy-backports)

[rhkramer]

On Friday, January 12, 2018 09:01:34 AM Ian Campbell wrote:
> On Fri, 2018-01-12 at 13:54 +, Holger Levsen wrote:
> > On Fri, Jan 12, 2018 at 08:49:05AM -0500, rhkra...@gmail.com wrote:
> > > But the various names and use of those names gets very frustrating
> > > for me, and
> > > I suspect I am not the only one.  The numbered versions, the Toy
> > > Story names,
> > > and then the testing, stable, old stable, old old stable is just
> > > frustrating.
> > 
> > https://en.wikipedia.org/wiki/Debian_version_history explains this
> > nicely and is linked from https://en.wikipedia.org/wiki/Debian
> 
> I took their point to be that if one needs a wiki page to follow the
> versioning scheme then perhaps the versioning scheme has an issue.

+1---thanks for amplifying / clarifying my point!

> IIRC teams like the Press Team have a policy of always leading with the
> numerical version rather than the code names, presumably for this very
> reason, but that doesn't carry over into "casual" conversation like the
> parent thread or the repo urls etc.

I like that (leading with the numerical version)!

Re: java, javac versions not the same, apt-get doesn't help ...

[Albretch Mueller]

On 1/12/18, Bastien Durel  wrote:
> Le vendredi 12 janvier 2018 à 04:20 -0500, Albretch Mueller a écrit :
>> java gives you error messages when you compile and run code with
>> different versions of the JVM
>>
>> while trying to update my box using apt-get I am getting:
>> "openjdk-8-jdk is already the newest version."
>>
>> How do you make sure you install the same version of both java and
>> javac using apt-get?
>>
>> lbrtchx
>> ~
>> $ uname -a
>> Linux IBMThnkPdT60 3.16.0-4-686-pae #1 SMP Debian 3.16.36-1+deb8u1
>> (2016-09-03) i686 GNU/Linux
>>
>> $ java -version
>> openjdk version "1.8.0_131"
>> OpenJDK Runtime Environment (build 1.8.0_131-8u131-b11-1~bpo8+1-b11)
>> OpenJDK Server VM (build 25.131-b11, mixed mode)
>>
>> $ javac -version
>> javac 1.7.0_111
>>
>>
>> # _LOG_FL="openjdk-8-jdk_install_$(date +%Y%m%d%H%M%S).log"
>>
>> # uname -a >> "${_LOG_FL}" 2>&1
>>
>> # time(apt-get -V install openjdk-8-jdk) >> "${_LOG_FL}" 2>&1
>>
>> # cat openjdk-8-jdk_install_20180112040601.log
>> Linux IBMThnkPdT60 3.16.0-4-686-pae
>> #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) i686 GNU/Linux
>>
>> Reading package lists...
>> Building dependency tree...
>> Reading state information...
>> openjdk-8-jdk is already the newest version.
>> 0 upgraded, 0 newly installed, 0 to remove and 365 not upgraded.
>>
>> real0m3.571s
>> user0m0.672s
>> sys 0m0.092s
>>
>> # java -version
>> openjdk version "1.8.0_131"
>> OpenJDK Runtime Environment (build 1.8.0_131-8u131-b11-1~bpo8+1-b11)
>> OpenJDK Server VM (build 25.131-b11, mixed mode)
>>
>> # javac -version
>> javac 1.7.0_111
>>
> You d'like to look at your alternatives
>
> $ ls -l /etc/alternatives/java*
> lrwxrwxrwx 1 root root 46 juil.  2  2017 /etc/alternatives/java ->
> /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
> lrwxrwxrwx 1 root root 56 juil.  2  2017 /etc/alternatives/java.1.gz ->
> /usr/lib/jvm/java-8-openjdk-amd64/jre/man/man1/java.1.gz
> lrwxrwxrwx 1 root root 39 déc.  14  2010 /etc/alternatives/java_vm ->
> /usr/lib/jvm/java-6-sun/jre/bin/java_vm
> lrwxrwxrwx 1 root root 38 déc.  14  2010 /etc/alternatives/javaws ->
> /usr/lib/jvm/java-6-sun/jre/bin/javaws
> lrwxrwxrwx 1 root root 48 déc.  14  2010 /etc/alternatives/javaws.1.gz
> -> /usr/lib/jvm/java-6-sun/jre/man/man1/javaws.1.gz
>
> On this box, java and javaws use different java versions
> You can set them using update-alternatives(1) -- or update-java-
> alternatives(8) for java

 Well, yes, but, based on my poor understanding of such matters, how
can you change the alternatives if apt-get doesn't install more
updated versions? I think you should be able to specify to the
differencet utilities in the jdk. This is what I got in my env:

$ ls -l /etc/alternatives/java*
lrwxrwxrwx 1 root root 45 Dec 17 18:16 /etc/alternatives/java ->
/usr/lib/jvm/java-8-openjdk-i386/jre/bin/java
lrwxrwxrwx 1 root root 55 Dec 17 18:16 /etc/alternatives/java.1.gz ->
/usr/lib/jvm/java-8-openjdk-i386/jre/man/man1/java.1.gz
lrwxrwxrwx 1 root root 42 Nov 11 22:14 /etc/alternatives/javac ->
/usr/lib/jvm/java-7-openjdk-i386/bin/javac
lrwxrwxrwx 1 root root 52 Nov 11 22:14 /etc/alternatives/javac.1.gz ->
/usr/lib/jvm/java-7-openjdk-i386/man/man1/javac.1.gz
lrwxrwxrwx 1 root root 44 Nov 11 22:14 /etc/alternatives/javadoc ->
/usr/lib/jvm/java-7-openjdk-i386/bin/javadoc
lrwxrwxrwx 1 root root 54 Nov 11 22:14 /etc/alternatives/javadoc.1.gz
-> /usr/lib/jvm/java-7-openjdk-i386/man/man1/javadoc.1.gz
lrwxrwxrwx 1 root root 42 Nov 11 22:14 /etc/alternatives/javah ->
/usr/lib/jvm/java-7-openjdk-i386/bin/javah
lrwxrwxrwx 1 root root 52 Nov 11 22:14 /etc/alternatives/javah.1.gz ->
/usr/lib/jvm/java-7-openjdk-i386/man/man1/javah.1.gz
lrwxrwxrwx 1 root root 42 Nov 11 22:14 /etc/alternatives/javap ->
/usr/lib/jvm/java-7-openjdk-i386/bin/javap
lrwxrwxrwx 1 root root 52 Nov 11 22:14 /etc/alternatives/javap.1.gz ->
/usr/lib/jvm/java-7-openjdk-i386/man/man1/javap.1.gz
$

# update-alternatives --config java
There are 2 choices for the alternative java (providing /usr/bin/java).

  SelectionPath   Priority   Status

  0/usr/lib/jvm/java-7-openjdk-i386/jre/bin/java   1071
  auto mode
  1/usr/lib/jvm/java-7-openjdk-i386/jre/bin/java   1071
  manual mode
* 2/usr/lib/jvm/java-8-openjdk-i386/jre/bin/java   1069
  manual mode

Press enter to keep the current choice[*], or type selection number:

# update-alternatives --config javac
There are 2 choices for the alternative javac (providing /usr/bin/javac).

  SelectionPathPriority   Status

* 0/usr/lib/jvm/java-7-openjdk-i386/bin/javac   1071  auto mode
  1/usr/lib/jvm/java-7-openjdk-i386/bin/javac   1071
manual mode
  2/usr/lib/jvm/java-8-openjdk-i386/bin/javac   1069
manual mode

Press enter to keep the current choice[*], 

Re: Frustration over Debian naming (was: Re: Meltdown fix for wheezy-backports)

[Ian Campbell]

On Fri, 2018-01-12 at 13:54 +, Holger Levsen wrote:
> On Fri, Jan 12, 2018 at 08:49:05AM -0500, rhkra...@gmail.com wrote:
> > But the various names and use of those names gets very frustrating
> > for me, and 
> > I suspect I am not the only one.  The numbered versions, the Toy
> > Story names, 
> > and then the testing, stable, old stable, old old stable is just
> > frustrating.
> 
>  
> https://en.wikipedia.org/wiki/Debian_version_history explains this
> nicely and is linked from https://en.wikipedia.org/wiki/Debian

I took their point to be that if one needs a wiki page to follow the
versioning scheme then perhaps the versioning scheme has an issue.

IIRC teams like the Press Team have a policy of always leading with the
numerical version rather than the code names, presumably for this very
reason, but that doesn't carry over into "casual" conversation like the
parent thread or the repo urls etc.

Ian.

black screen after hibernation

[Kamil Jońca]

I have strange problem with hibernation (to disk) on my laptop.
After resume my screen remains blank.


(It is similar to
https://lists.debian.org/debian-user/2017/01/msg00177.html, but in my
case it is regardless if monitor was off before hibernation)

System appears to be alive  (can ssh to it, and can see my running
processess)
Keyboard working (I can enter password, and enter some text "blindly")
But I cannot turn on my monitor.

I tried to play with:
echo 2000 |sudo tee 
/sys/class/backlight/intel_backlight/device/intel_backlight/brightnes

but without success.

There is not suspected in logs except:
--8<---cut here---start->8---
2018-01-12T15:11:23.637383+01:00 bambus systemd[1]: 
sys-devices-pci:00-:00:02.0-drm-card0-card0\x2dLVDS\x2d1-intel_backlight.device:
 Installed new job 
sys-devices-pci:00-:00:02.0-drm-card0-card0\x2dLVDS\x2d1-intel_backlight.device/nop
 as 1004
2018-01-12T15:11:23.637689+01:00 bambus systemd[1]: 
sys-devices-pci:00-:00:02.0-drm-card0-card0\x2dLVDS\x2d1-intel_backlight.device:
 
sys-devices-pci:00-:00:02.0-drm-card0-card0\x2dLVDS\x2d1-intel_backlight.device
 lost dependency Wants=systemd-back
light@backlight:intel_backlight.service
2018-01-12T15:11:23.637931+01:00 bambus systemd[1]: 
systemd-backlight@backlight:intel_backlight.service: 
systemd-backlight@backlight:intel_backlight.service lost dependency 
WantedBy=sys-devices-pci:00-:00:02.0-drm-card0-card0\x2dLVDS\x2d1-intel_backlight.
device
2018-01-12T15:11:23.638170+01:00 bambus systemd[1]: 
systemd-backlight@backlight:intel_backlight.service: 
systemd-backlight@backlight:intel_backlight.service lost dependency 
ReferencedBy=sys-devices-pci:00-:00:02.0-drm-card0-card0\x2dLVDS\x2d1-intel_backli
ght.device
2018-01-12T15:11:23.638398+01:00 bambus systemd[1]: 
sys-devices-pci:00-:00:02.0-drm-card0-card0\x2dLVDS\x2d1-intel_backlight.device:
 
sys-devices-pci:00-:00:02.0-drm-card0-card0\x2dLVDS\x2d1-intel_backlight.device
 lost dependency References=systemd
-backlight@backlight:intel_backlight.service
2018-01-12T15:11:23.638568+01:00 bambus systemd[1]: 
sys-devices-pci:00-:00:02.0-drm-card0-card0\x2dLVDS\x2d1-intel_backlight.device:
 Job 
sys-devices-pci:00-:00:02.0-drm-card0-card0\x2dLVDS\x2d1-intel_backlight.device/nop
 finished, result=done
--8<---cut here---end--->8---
Any hints?
After suspending to ram, there is no problems.
-- 
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
Do clones have navels?

Re: Frustration over Debian naming

[Teemu Likonen]

Ian Campbell [2018-01-12 14:01:34Z] wrote:

> On Fri, 2018-01-12 at 13:54 +, Holger Levsen wrote:
>> https://en.wikipedia.org/wiki/Debian_version_history explains this
>> nicely and is linked from https://en.wikipedia.org/wiki/Debian
>
> I took their point to be that if one needs a wiki page to follow the
> versioning scheme then perhaps the versioning scheme has an issue.

I started with Debian Woody and I did remember and use the names of a
couple of following versions but then it started to be quite difficult.
I mentally switched to version numbers. Honestly, I don't remember the
name of current Debian 9 which is the version I use. It's trivial to
check, though.

-- 
/// Teemu Likonen   - .-..    //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///


signature.asc
Description: PGP signature

Re: [Diagnostic Summary] Re: Strange message during boot

[David Wright]

On Fri 12 Jan 2018 at 06:19:57 (-0600), Richard Owlett wrote:
> On 01/11/2018 01:43 PM, David Wright wrote:
> >On Thu 11 Jan 2018 at 11:10:33 (-0600), Richard Owlett wrote:
> >>I multi-boot several varieties of Debian.
> >>When booting one specific install, it displays many repetitions of:
> Begin: Running /scripts/local-block ... done.
> >
> >>It then proceeds to bring up an apparently normal system.
> >[…]
> >>sda8 - The problem install is Debian 8. It had been my primary work
> >>   install until I trashed some data files. It has been kept to
> >>   reconstruct those files as I have time.
> >
> >Two questions: When did this start happening?
> 
> Not sure. Noticed it recently after fixing a long standing problem
> involving a bad UUID for the swap partition.

Perhaps it's no coincidence then that the Wanderer's earlier
forum reference concerns a swap partition's UUID.

> Debian installer
> automatically changes the swap's UUID when a partition already
> identified as "swap partition" is used. I can sort-of see why it's
> done, but I find it a *NUISANCE* ;<

Workarounds, including mine, have already been posted in response to
your earlier threads here on this topic.

> >In view of the portion quoted above, why bother?
> 
> A forensic/educational analysis of just what I did to mess up what
> had been a nice and well working system.
> There may still be useful data there.

A forensic analysis of a vague error message (which took a day to be
solicited) over this list? Seems unlikely.

> Also, there are programs there I use rarely that I don't want to
> lose for now, but can't justify adding to current install. When disk
> space becomes critical, I'll likely move it to a flash drive.

GB/$ disk vs flash is still quite high.

Cheers,
David.

Re: Why was this package removed but apt?

[David Wright]

On Fri 12 Jan 2018 at 10:04:52 (+0100), Jonathan Sélea wrote:

> It seems like
> 
> Unattended-Upgrade::Remove-Unused-Dependencies "false";
> 
> Is not "false" by default but indeed true in unattended-upgrades on
> Debian 9 (stretch)
> Am I wrong about that?

--✄

* `Unattended-Upgrade::Remove-Unused-Dependencies` - boolean (default:False)

 Remove all unused dependencies after the upgrade finished.

* `Unattended-Upgrade::Remove-New-Unused-Dependencies` - boolean (default:True)

 Remove any new unused dependencies after the upgrade finished.

--✄

Perhaps the latter occurred.

> On 01/11/18 16:27, Jonathan Sélea wrote:
> >Well, it was removed by unattended-upgrades according to term.log
> >and apt.log :)
> >
> >/ Jonathan
> >
> >
> >On 01/11/2018 03:35 PM, Stefan Monnier wrote:
> >>>It was installed manually by me:
> >>>apt install php7.1-mbstring
> >>>So I "explicitly asked" apt to install that package actually.
> >>So now the question is why/how did this package end up marked
> >>"automatically installed" (or if it wasn't, why did unattended-upgrades
> >>remove it even tho it wasn't marked as automatically-installed; tho this
> >>would most likely be a bug in unattended-upgrades and I think such a bug
> >>is rather unlikely at this stage).

Cheers,
David.

Re: CVE-2017-5754 - ETA?

[Jack Dangler]

On 01/12/2018 10:00 AM, bw wrote:


On Fri, 12 Jan 2018, Vincent Lefevre wrote:


According to answers on

   
https://security.stackexchange.com/questions/176624/how-do-i-check-if-kpti-is-enabled-on-linux/176654

linux-image-4.9.0-5-amd64 4.9.65-3+deb9u2 is still vulnerable as shown
below:

# dmesg | grep -i isolation

You should get either

[0.00] Kernel/User page tables isolation: enabled
or
[0.00] Kernel/User page tables isolation: disabled

Search with dmesg | less it's about two pages down for me,

$ uname -a
Linux debian 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04)
x86_64 GNU/Linux



I tried this on my Ubu workstation and didnt get anything back...
$ dmesg | grep -i isolation
$
$ uname -a
Linux 4.10.0-40-generic #44~16.04.1-Ubuntu SMP Thu Nov 9 15:37:44 UTC 
2017 x86_64 x86_64 x86_64 GNU/Linux

Re: CVE-2017-5754 - ETA?

[Roberto C . Sánchez]

On Fri, Jan 12, 2018 at 10:51:34AM -0500, Jack Dangler wrote:
> I tried this on my Ubu workstation and didnt get anything back...
> $ dmesg | grep -i isolation
> $
> $ uname -a
> Linux 4.10.0-40-generic #44~16.04.1-Ubuntu SMP Thu Nov 9 15:37:44 UTC 2017
 ^^^
> x86_64 x86_64 x86_64 GNU/Linux
> 

Your kernel was built prior to the vulnerbilities being made public.
The patches had not yet made their way into Linux at that point.

Regards,

-Roberto
-- 
Roberto C. Sánchez

Re: [Diagnostic Summary] Re: Strange message during boot

[Richard Owlett]

On 01/11/2018 11:22 AM, bw wrote:



On Thu, 11 Jan 2018, Richard Owlett wrote:
[snip]

journalctl -xb > jan11test

The string of interest not present.

/usr/share/initramfs-tools/ does not exist
/etc/initramfs-tools/scripts has 10 empty folders



Doesn't sound right.
[snip]


Something is looking strange.
I likely wont be able to pursue until the weekend.

Re: html page for bug report

[Pétùr]

On 12/01/18 05:57, Dan Ritter wrote:

On Fri, Jan 12, 2018 at 11:33:17AM +0100, Pétùr wrote:

I am looking for a very simple way to create a bug report webpage. I
would like to obtain a single html page where a visitor can create a bug
report or feature request. Another visitor can mark the bug as fixed. No
authentication. User have zero knowledge in html.

Are you aware of such program or script?


Every bug or ticket tracker expands to fit at least a minimal
set of features: bug numbering, more states between "new" and
"fixed", assignment to individuals...

I like Request Tracker (RT) an awful lot. It's in Debian. It is
not simple to set up, but it can be quite simple to use.


Thanks, it seems too powerful for my present needs (I don't want users
management, mysql database, etc.) but I will have a look.

I will maybe create a html page with a form myself. But I don't see
how the visitor can modify an bug report (to mark as fixed).

Pétùr

Re: [Diagnostic Summary] Re: Strange message during boot

[Richard Owlett]

On 01/11/2018 11:38 AM, The Wanderer wrote:

[snip]

On my system (stable+testing, though with sysvinit rather than systemd):

$ dlocate scripts/local-block
mdadm: /usr/share/initramfs-tools/scripts/local-block
mdadm: /usr/share/initramfs-tools/scripts/local-block/mdadm
lvm2: /usr/share/initramfs-tools/scripts/local-block
lvm2: /usr/share/initramfs-tools/scripts/local-block/lvm2



I get

root@stretch-2nd:~#
root@stretch-2nd:~# updatedb
root@stretch-2nd:~# dlocate scripts/local-block
root@stretch-2nd:~# update-dlocatedb
root@stretch-2nd:~# dlocate scripts/local-block
root@stretch-2nd:~#

Re: [Diagnostic Summary] Re: Strange message during boot

[Richard Owlett]

On 01/12/2018 09:29 AM, David Wright wrote:

On Fri 12 Jan 2018 at 06:19:57 (-0600), Richard Owlett wrote:

On 01/11/2018 01:43 PM, David Wright wrote:

On Thu 11 Jan 2018 at 11:10:33 (-0600), Richard Owlett wrote:

I multi-boot several varieties of Debian.
When booting one specific install, it displays many repetitions of:

Begin: Running /scripts/local-block ... done.



It then proceeds to bring up an apparently normal system.

[…]

sda8 - The problem install is Debian 8. It had been my primary work
  install until I trashed some data files. It has been kept to
  reconstruct those files as I have time.


Two questions: When did this start happening?


Not sure. Noticed it recently after fixing a long standing problem
involving a bad UUID for the swap partition.


Perhaps it's no coincidence then that the Wanderer's earlier
forum reference concerns a swap partition's UUID.


I had attempted to follow his suggestion. Lost my log of doing it.
Will rerun this weekend.





Debian installer
automatically changes the swap's UUID when a partition already
identified as "swap partition" is used. I can sort-of see why it's
done, but I find it a *NUISANCE* ;<


Workarounds, including mine, have already been posted in response to
your earlier threads here on this topic.


In view of the portion quoted above, why bother?


A forensic/educational analysis of just what I did to mess up what
had been a nice and well working system.
There may still be useful data there.


A forensic analysis of a vague error message (which took a day to be
solicited) over this list? Seems unlikely.


I thought you were asking "Why am I interested in keeping that partition 
around?"
As to forensics, I know "what I did to mess up the usefulness of that 
install". I'm interested in "why didn't my recovery attempts work" - a 
very different threat than this.






Also, there are programs there I use rarely that I don't want to
lose for now, but can't justify adding to current install. When disk
space becomes critical, I'll likely move it to a flash drive.


GB/$ disk vs flash is still quite high.


Yes. But there is, for my goals, a favorable cost/benefit ratio.
It has been mentioned before that many consider my goals strange.



Cheers,
David.

Re: debian CDs DVDs

[arne]

Thanks Thomas and David!

It now works.

Re: Debian iso installation incorrectly sets sources.list

[Steve McIntyre]

David Wright wrote:
>On Wed 10 Jan 2018 at 11:34:57 (+), Steve McIntyre wrote:

...

>> This is a long-standing design decision that probably merits
>> re-examination, yes. The current logic assumes:
>> 
>>  * if you've used a "netinst" to install, then you won't want to use
>>it again later, so it will be used by d-i then commented out later.
>> 
>>  * if you've used a bigger (set of) image(s), then you most likely
>>will want to use this again in the future. This is to support
>>people using CD/DVD media sets for installations. We should
>>probably drop this for the single-CD xfce media at least.
>
>That sounds sensible …

I've made this change now in my local copy of d-i and I'll be testing
shortly.

>> >(2) Installation should keep track of the installation medium;
>> >if necessary by asking the user.
>> >(2) reflects a wider problem: Debian has a legacy of
>> >assuming CD or DVD installation. But much is now done by
>> >flash memory sticks. Debian should change to reflect this.
>> >For example, the iso file names might be "large" (or "full")
>> >or "small" (or "base"), not "DVD" or "CD". References
>> >to "CD" or "DVD" should be replaced by  reference to the
>> >"installation medium", unless "CD" is actually necessary. Etc.
>> 
>> Agreed, yes. The way we use USB media in the installer at the moment
>> is to make them appear just like CDs. That works, but leads to odd
>> messages. We should fix up those messages, at the very least. It's on
>> my list...
>
>… but you can almost never win at this game because there'll always
>be someone who assumes or wants the opposite.

We could do a better job, nonetheless - I can totally understand
people being confused by us talking about "CD" media when they're
using DVDs, let alone if they're using a USB stick!

>eg they do a netinst but leave out a package necessary to get
>connected to the internet after they reboot;
>or they install from a full DVD but then decide their connectivity
>is good enough to rely instead entirely on the internet.
>
>Perhaps /etc/apt/sources.list could have a one-line pointer to a text
>file that explained the options available and how to achieve them.

At the very least, to go with the change above I've added code to
(conditionally) add the following comment in sources.list:

# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"I suspect most samba developers are already technically insane... Of
 course, since many of them are Australians, you can't tell." -- Linus Torvalds

Re: black screen after hibernation

[deloptes]

Kamil Jońca wrote:

> But I cannot turn on my monitor.

screen saver?

Re: html page for bug report

[Tom Furie]

On Fri, Jan 12, 2018 at 05:04:25PM +0100, Pétùr wrote:
> On 12/01/18 05:57, Dan Ritter wrote:

> >Every bug or ticket tracker expands to fit at least a minimal
> >set of features: bug numbering, more states between "new" and
> >"fixed", assignment to individuals...
> >
> >I like Request Tracker (RT) an awful lot. It's in Debian. It is
> >not simple to set up, but it can be quite simple to use.

> Thanks, it seems too powerful for my present needs (I don't want users
> management, mysql database, etc.) but I will have a look.
> 
> I will maybe create a html page with a form myself. But I don't see
> how the visitor can modify an bug report (to mark as fixed).

That's where the "complexity" of a database comes in. You need
*somewhere* to store the submitted bugs so that they can be recorded,
retrieved, and updated.

Cheers,
Tom

-- 
Connection reset by some moron with a backhoe


signature.asc
Description: Digital signature

apt uninstall apparmor (was: Thunderbird no longer opens links)

[solitone]

On 30/11/17 08:48, Alexander V. Makartsev wrote:
> On 30.11.2017 10:45, solitone wrote:
>> Hi, since a few days, hyperlink no longer works in my Thunderbird.
>> When I click a hyperlink in a message, Chromium (my system's default
>> web browser) should open and display the link. This has been working
>> fine for long, but now it no longer happens.
>>
> I had this problem too, and yes AppArmor is the reason.
> 
> You can disable AppArmor for thunderbird by typing:
>     $ sudo aa-disable /usr/bin/thunderbird


I was almost going nuts with qemu/virt-manager. I could no longer attach
USB devices to the guest. When shutting down the guest, it ended up in a
"shutting down" state, and never exited from that.

Then I found a post [1] pointing the finger to apparmor. I uninstalled
it and everything works again as expected. At the moment I have no plan
to reinstall it.

[1]
https://ubuntuforums.org/showthread.php?t=2229882&page=2&p=13070240#post13070240

Thunderbird font broken

[Markus Grunwald]

Hello,

Thunderbird seems to handle fontsizes different than all the other
programs I'm using. I had to install the extension "Theme Font & Size
Changer for Thunderbird" (62.0) to fix that broken behaviour, then all
was fine.

Until yesterday. I started Thunderbird and the UI-Fonts were   H U G E
again :( The Icon for the Theme Font & Size Changer is gone. I tried to
reinstall the  extension, no success. I restored ~/.mozilla and
~/.icedove (where .thunderbird links to) from backup, still no success.

Can you help me to get a non-screaming thunderbird again?
-- 
Markus Grunwald
http://www.the-grue.de/~markus/markus_grunwald.gpg



signature.asc
Description: OpenPGP digital signature

Re: black screen after hibernation

[Kamil Jońca]

deloptes  writes:

> Kamil Jońca wrote:
>
>> But I cannot turn on my monitor.
>
> screen saver?
Can you explain?
KJ

-- 
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
Never have children, only grandchildren.
-- Gore Vidal

Re: Thunderbird font broken

[Felix Miata]

Markus Grunwald composed on 2018-01-12 20:24 (UTC+0100):

> Thunderbird seems to handle fontsizes different than all the other
> programs I'm using. I had to install the extension "Theme Font & Size
> Changer for Thunderbird" (62.0) to fix that broken behaviour, then all
> was fine.

> Until yesterday. I started Thunderbird and the UI-Fonts were   H U G E
> again :( The Icon for the Theme Font & Size Changer is gone. I tried to
> reinstall the  extension, no success. I restored ~/.mozilla and
> ~/.icedove (where .thunderbird links to) from backup, still no success.

> Can you help me to get a non-screaming thunderbird again?

Maybe. This came up here less than a week ago, likely same problem. It's a
common Mozilla/GTK/DE-WM-Xorg problem, not a problem specific to Debian.
https://lists.debian.org/debian-user/2018/01/msg00327.html
-- 
"Wisdom is supreme; therefore get wisdom. Whatever else you
get, get wisdom." Proverbs 4:7 (New Living Translation)

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata  ***  http://fm.no-ip.com/

Re: apt uninstall apparmor (was: Thunderbird no longer opens links)

[Brian]

On Fri 12 Jan 2018 at 19:16:28 +0100, solitone wrote:

> On 30/11/17 08:48, Alexander V. Makartsev wrote:
> > On 30.11.2017 10:45, solitone wrote:
> >> Hi, since a few days, hyperlink no longer works in my Thunderbird.
> >> When I click a hyperlink in a message, Chromium (my system's default
> >> web browser) should open and display the link. This has been working
> >> fine for long, but now it no longer happens.
> >>
> > I had this problem too, and yes AppArmor is the reason.
> > 
> > You can disable AppArmor for thunderbird by typing:
> >     $ sudo aa-disable /usr/bin/thunderbird
> 
> 
> I was almost going nuts with qemu/virt-manager. I could no longer attach
> USB devices to the guest. When shutting down the guest, it ended up in a
> "shutting down" state, and never exited from that.
> 
> Then I found a post [1] pointing the finger to apparmor. I uninstalled
> it and everything works again as expected. At the moment I have no plan
> to reinstall it.
> 
> [1]
> https://ubuntuforums.org/showthread.php?t=2229882&page=2&p=13070240#post13070240

Do you have a plan to inform the AppArmor team of your detailed findings?
The wiki has some help if you don't know what to do.

-- 
Brian.

Re: Frustration over Debian naming (was: Re: Meltdown fix for wheezy-backports)

[David Wright]

On Fri 12 Jan 2018 at 14:01:34 (+), Ian Campbell wrote:
> On Fri, 2018-01-12 at 13:54 +, Holger Levsen wrote:
> > On Fri, Jan 12, 2018 at 08:49:05AM -0500, rhkra...@gmail.com wrote:
> > > But the various names and use of those names gets very frustrating
> > > for me, and 
> > > I suspect I am not the only one.  The numbered versions, the Toy
> > > Story names, 
> > > and then the testing, stable, old stable, old old stable is just
> > > frustrating.
> > 
> >  
> > https://en.wikipedia.org/wiki/Debian_version_history explains this
> > nicely and is linked from https://en.wikipedia.org/wiki/Debian
> 
> I took their point to be that if one needs a wiki page to follow the
> versioning scheme then perhaps the versioning scheme has an issue.

I disagree with that, and with the view that you don't need 3½
schemes to describe the situation. That page is a useful summary
for people unfamiliar with the schemes and their relationships.

I would prefer, however, that buster were not described as 10,
nor bullseye 11, just as buzz was not released as version 1.0.

> IIRC teams like the Press Team have a policy of always leading with the
> numerical version rather than the code names, presumably for this very
> reason,

Which reason? The formal name of a release is the Release number.
As point releases are issued, the Release number changes; the
code name doesn't. When a release becomes ancient history, its
code name still applies to it and the all its point releases,
whatever numbering scheme is then in force.

> but that doesn't carry over into "casual" conversation like the
> parent thread or the repo urls etc.

No, for several reasons which may differ between people. In this
specific case, wheezy-backports packages are packaged for
installation on wheezy systems, but they're not part of any
Debian [0-9]+ release; using a Release number (which one?) would
carry misleading implications.

Another reason: it's a convention that organisations use
because it works. It's less ambiguous to write jessie than 8
especially in contexts where lots of numbers are being discussed,
and it's more memorable to most people. People use names,
computers like numbers.

As for stable etc, at the users' end, they're designed to give
a seamless path for any particular system to evolve through the
upgrade process. At the developers' end, they provide static
handles for the discussion of how packages migrate through the
repositories. LTS is somewhat similar.

Some people always seem to remain confused. Perhaps they have
the same confusion with timezones, for similar reasons.

Cheers,
David.

Re: CVE-2017-5754 - ETA?

[Vincent Lefevre]

On 2018-01-12 10:00:03 -0500, bw wrote:
> On Fri, 12 Jan 2018, Vincent Lefevre wrote:
> > According to answers on
> > 
> >   
> > https://security.stackexchange.com/questions/176624/how-do-i-check-if-kpti-is-enabled-on-linux/176654
> > 
> > linux-image-4.9.0-5-amd64 4.9.65-3+deb9u2 is still vulnerable as shown
> > below:
> > 
> > # dmesg | grep -i isolation
> 
> You should get either
> 
> [0.00] Kernel/User page tables isolation: enabled
> or
> [0.00] Kernel/User page tables isolation: disabled

I get neither.

> Search with dmesg | less it's about two pages down for me,

If I search for isolation I get:

Pattern not found  (press RETURN)

> $ uname -a
> Linux debian 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04) 
> x86_64 GNU/Linux

$ uname -a
Linux joooj 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04) x86_64 
GNU/Linux

There seems to be something really wrong. I'll report a bug.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: CVE-2017-5754 - ETA?

[Roberto C . Sánchez]

On Fri, Jan 12, 2018 at 09:59:20PM +0100, Vincent Lefevre wrote:
> 
> $ uname -a
> Linux joooj 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04) x86_64 
> GNU/Linux
> 
> There seems to be something really wrong. I'll report a bug.
> 
What is the output of `grep vendor_id /proc/cpuinfo` on your machine?

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: CVE-2017-5754 - ETA?

[Vincent Lefevre]

On 2018-01-12 16:10:40 -0500, Roberto C. Sánchez wrote:
> On Fri, Jan 12, 2018 at 09:59:20PM +0100, Vincent Lefevre wrote:
> > $ uname -a
> > Linux joooj 4.9.0-5-amd64 #1 SMP Debian 4.9.65-3+deb9u2 (2018-01-04) x86_64 
> > GNU/Linux
> > 
> > There seems to be something really wrong. I'll report a bug.
> > 
> What is the output of `grep vendor_id /proc/cpuinfo` on your machine?

$ grep vendor_id /proc/cpuinfo
vendor_id   : GenuineIntel

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: apt uninstall apparmor

[Ben Caradoc-Davies]

On 13/01/18 07:16, solitone wrote:

Then I found a post [1] pointing the finger to apparmor. I uninstalled
it and everything works again as expected. At the moment I have no plan
to reinstall it.


If you find yourself needing to install it for dependencies, you can 
disable and mask it with:


systemctl disable apparmor.service
systemctl mask apparmor.service

and then reboot.

Kind regards,

--
Ben Caradoc-Davies 
Director
Transient Software Limited 
New Zealand

Re: CVE-2017-5754 - ETA?

[Nick]

On 2018-01-12 21:09 GMT, Vincent Lefevre wrote:
> On 2018-01-12 10:00:03 -0500, bw wrote:
> > On Fri, 12 Jan 2018, Vincent Lefevre wrote:
> > > # dmesg | grep -i isolation
> > 
> > You should get either
> > 
> > [0.00] Kernel/User page tables isolation: enabled
> > or
> > [0.00] Kernel/User page tables isolation: disabled
> 
> I get neither.

> There seems to be something really wrong. I'll report a bug.

It might have aged out of the buffer that dmesg reports on. I don't
see it in my dmesg either but in /var/log/kern.log.1 there is

  Kernel/User page tables isolation: enabled

Try a grep in /var/log ?
-- 
Nick

Re: CVE-2017-5754 - ETA?

[Vincent Lefevre]

On 2018-01-12 21:21:06 +, Nick wrote:
> It might have aged out of the buffer that dmesg reports on.

No, there's the beginning of the dmesg output:

[0.00] Linux version 4.9.0-5-amd64 (debian-ker...@lists.debian.org) 
(gcc version 6.3.0 20170516 (Debian 6.3.0-18) ) #1 SMP Debian 4.9.65-3+deb9u2 
(2018-01-04)

But I think I've found the reason:

In arch/x86/mm/kaiser.c:

void __init kaiser_check_boottime_disable(void)
{
[...]
if (boot_cpu_has(X86_FEATURE_XENPV))
goto silent_disable;
[...]
disable:
pr_info("disabled\n");

silent_disable:
kaiser_enabled = 0;
setup_clear_cpu_cap(X86_FEATURE_KAISER);
}

I must be in the "silent_disable" case (this is a Xen guest).

It's unfortunate that no-one mentions this case!

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: System won't boot anymore after upgrade to jessie

[David Wright]

On Thu 11 Jan 2018 at 20:26:24 (+0100), deloptes wrote:
> Greg Wooledge wrote:
> 
> > I don't actually know how many cpio archives are concatenated together
> > in that image.  At least two, obviously, with the first uncompressed
> > and the second gzipped.
> 
> This kernel is custom, produced on one stretch system. On other stretch
> system another custom image is as you describe it. Something must be
> responsible for producing those images on stretch in different format. Who
> knows what is that exactly - would save me some time - is it automatically
> done by size or an option somewhere?

It seems likely that it's because you can add blobs to a preexisting
initramfs without polluting it/having to unpack and repack it. Greg's
example seems to contain an Intel blob. Not compressing it could be
down to futility, or even licence restrictions (not "hiding" it).

https://unix.stackexchange.com/questions/243657/appending-files-to-initramfs-image-reliable

BTW the necessity of directories to be unpacked before their contents
still pertains, ie ignore the trick in "cpio -o"'s manpage about using
find … -depth   to create archives in case you are tempted.

Cheers,
David.

Re: black screen after hibernation

[deloptes]

Kamil Jońca wrote:

> deloptes  writes:
> 
>> Kamil Jońca wrote:
>>
>>> But I cannot turn on my monitor.
>>
>> screen saver?
> Can you explain?
> KJ

sorry I read now the log from your post regarding backlight

Documentation/admin-guide/kernel-parameters.txt

if this does not help might be bug somewhere - could be udev or kernel

what versions do you have there

Re: System won't boot anymore after upgrade to jessie

[deloptes]

David Wright wrote:

> It seems likely that it's because you can add blobs to a preexisting
> initramfs without polluting it/having to unpack and repack it. Greg's
> example seems to contain an Intel blob. Not compressing it could be
> down to futility, or even licence restrictions (not "hiding" it).

thanks, so is it automatically done by selecting specific options, or is
setup somewhere in config file (/etc/initram... or alike)?

that is indeed very interesting

regards

Re: System won't boot anymore after upgrade to jessie

[deloptes]

David Wright wrote:


> 
>
https://unix.stackexchange.com/questions/243657/appending-files-to-initramfs-image-reliable
> 
> BTW the necessity of directories to be unpacked before their contents
> still pertains, ie ignore the trick in "cpio -o"'s manpage about using
> find … -depth   to create archives in case you are tempted.
> 
> Cheers,
> David.

I think it is automatically done when microcode is installed

HELP!! - was [Re: [Diagnostic Summary] Re: Strange message during boot]

[Richard Owlett]

On 01/12/2018 09:29 AM, David Wright wrote:

On Fri 12 Jan 2018 at 06:19:57 (-0600), Richard Owlett wrote:

[snip]

Not sure. Noticed it recently after fixing a long standing problem
involving a bad UUID for the swap partition.


Perhaps it's no coincidence then that the Wanderer's earlier
forum reference concerns a swap partition's UUID.


I agree. It prompted my phraseology.
I *NEVER* delete posts &/or emails.
Can't find reference locally.

DuckDuckGo and Google unproductive.

I suspect not in debian-user.
Help. Where?

Re: Frustration over Debian naming (was: Re: Meltdown fix for wheezy-backports)

[rhkramer]

On Friday, January 12, 2018 04:03:25 PM David Wright wrote:
> Another reason: it's a convention that organisations use
> because it works. It's less ambiguous to write jessie than 8
> especially in contexts where lots of numbers are being discussed,
> and it's more memorable to most people. People use names,
> computers like numbers.

I don't want to respond to most of what you wrote, although I generally 
disagree.

Numbers were used by people long before computers came into being, and for 
things that have some sequential aspect (like releases of computer software), 
numbers are very convenient and easy to remember.

The Toy Story names have no inherent sequence to them, and fail to aid in my 
(and I suspect several others) understanding.

Timezones using numbers (e.g., GMT -5) are much easier to understand than, for 
example, EST, EDT, etc.

Re: Frustration over Debian naming

[John Hasler]

rhkramer writes:
> The Toy Story names have no inherent sequence to them, and fail to aid
> in my (and I suspect several others) understanding.

I dislike them as well and would also prefer numbers.  I never saw the
movie nor had any interest in it so to me the names might as well have
been picked at random from a list of Hindu gods.

For those who prefer words, how about "One", "Two",  ?
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: Frustration over Debian naming

[Richard Hector]

On 13/01/18 10:03, David Wright wrote:
> On Fri 12 Jan 2018 at 14:01:34 (+), Ian Campbell wrote:
>> On Fri, 2018-01-12 at 13:54 +, Holger Levsen wrote:
>>> On Fri, Jan 12, 2018 at 08:49:05AM -0500, rhkra...@gmail.com wrote:
 But the various names and use of those names gets very frustrating
 for me, and 
 I suspect I am not the only one.  The numbered versions, the Toy
 Story names, 
 and then the testing, stable, old stable, old old stable is just
 frustrating.
>>>
>>>  
>>> https://en.wikipedia.org/wiki/Debian_version_history explains this
>>> nicely and is linked from https://en.wikipedia.org/wiki/Debian
>>
>> I took their point to be that if one needs a wiki page to follow the
>> versioning scheme then perhaps the versioning scheme has an issue.
> 
> I disagree with that, and with the view that you don't need 3½
> schemes to describe the situation. That page is a useful summary
> for people unfamiliar with the schemes and their relationships.

I agree with rhkramer, that if you need to look it up, it's a bit
confusing. I tend to think of releases by their codenames, and have to
occasionally look up the numbers, and generally have no idea what's in
'LTS' status.

> I would prefer, however, that buster were not described as 10,
> nor bullseye 11, just as buzz was not released as version 1.0.

You mean they shouldn't be numbered till they're released? And according
to the wikipedia page, buzz never was 1.0; it was 1.1, released or
otherwise.

>> IIRC teams like the Press Team have a policy of always leading with the
>> numerical version rather than the code names, presumably for this very
>> reason,
> 
> Which reason? The formal name of a release is the Release number.
> As point releases are issued, the Release number changes; the
> code name doesn't. When a release becomes ancient history, its
> code name still applies to it and the all its point releases,
> whatever numbering scheme is then in force.

Except you can't really tell from the release number whether it's a new
release or not. Historically, sometimes a point release has been a new
release, and other times it hasn't. AFAIK a new code name is always 1:1
with needing to read the release notes and using dist-upgrade or whatever.

>> but that doesn't carry over into "casual" conversation like the
>> parent thread or the repo urls etc.
> 
> No, for several reasons which may differ between people. In this
> specific case, wheezy-backports packages are packaged for
> installation on wheezy systems, but they're not part of any
> Debian [0-9]+ release; using a Release number (which one?) would
> carry misleading implications.
> 
> Another reason: it's a convention that organisations use
> because it works. It's less ambiguous to write jessie than 8
> especially in contexts where lots of numbers are being discussed,
> and it's more memorable to most people. People use names,
> computers like numbers.

I don't think the 'number' as used here is particularly more
computer-friendly; it's still a string. And sources.list uses names, and
AFAIK doesn't translate to numbers before talking to the repo.

> As for stable etc, at the users' end, they're designed to give
> a seamless path for any particular system to evolve through the
> upgrade process.

Do they though? Is it ever recommended to let a 'stable' installation be
upgraded to the next release without manual intervention and lots of
care? I certainly always use codenames in sources.list, so I can control
when the upgrade happens.

> At the developers' end, they provide static
> handles for the discussion of how packages migrate through the
> repositories. LTS is somewhat similar.

I guess LTS is more or less a synonym for 'oldoldstable', right? A
moving target, anyway.

> Some people always seem to remain confused. Perhaps they have
> the same confusion with timezones, for similar reasons.

Verging on personal, but whatever.

Richard




signature.asc
Description: OpenPGP digital signature

Re: Frustration over Debian naming (was: Re: Meltdown fix for wheezy-backports)

[Ionel Mugurel Ciobîcă]

On 12-01-2018, at 15h 03'25", David Wright wrote about "Re: Frustration over 
Debian naming (was: Re: Meltdown fix for wheezy-backports)"
> [...] People use names, computers like numbers.
> 

I do not take sides here, but I can't accept this statement. Numbers
are universal, Debian release names are English. I do not use any of
then (numbers or names). I simply have a look in /etc/apt/sources when
I need to know what version of Debian I use at the moment, and I am
using Debian before potato... (yes, I look into my /etc/apt/sources
file to pull that name).

Did any of Debian release names were translated? I am bad with names.
Specially English ones. I find all of Debian release names stupid till
now. Culminating with perpetual Sid (no, I did not consulted
/etc/apt/sources file now).

I am extremely good with numbers. You could say that I can speak
math. Although I studied chemistry. So, coming back to the statement,
I find it extremely stupid. You could have getting away saying 
"People use WORDS, computers USE numbers." Numbers are words so nobody
is offended. 

Take care what you write.

Ionel

Re: CVE-2017-5754 - XEN silent_disable?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, Jan 12, 2018 at 08:08:17PM -0500, bw wrote:
> 
> 
> On Fri, 12 Jan 2018, Vincent Lefevre wrote:
> 
> > But I think I've found the reason:
> > 
> > In arch/x86/mm/kaiser.c:
> > 
> > void __init kaiser_check_boottime_disable(void)
> > {
> > [...]
> > if (boot_cpu_has(X86_FEATURE_XENPV))
> > goto silent_disable;
> > [...]
> > disable:
> > pr_info("disabled\n");
> > 
> > silent_disable:
> > kaiser_enabled = 0;
> > setup_clear_cpu_cap(X86_FEATURE_KAISER);
> > }
> > 
> > I must be in the "silent_disable" case (this is a Xen guest).
> > 
> > It's unfortunate that no-one mentions this case!
> > 
> 
> It is an unfortunate situation all around, no doubt!  I did a quick 
> websearch and found contrary opinions about whether Xen paravirtualization 
> is affected or not, whether a patched server and a patched guest is 
> necessary, and to what degree patching one or the other protects either, 
> and from whom.

FWIW, this is the patch which brought it about:

  http://lists-archives.com/linux-kernel/29009008-kaiser-disabled-on-xen-pv.html

I'm not very happy with the "silent" part either.

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlpZtIEACgkQBcgs9XrR2kbNwACfRovUdRTiZR7U1TIfbspdk14b
WXgAnRhSFGayMn18nREAE0hb1h2CkzqV
=GNHh
-END PGP SIGNATURE-