Hello,
On Wed, May 07, 2025 at 08:41:00AM -0600, Charles Curley wrote:
> syncthing does what it calls file versioning.
> https://docs.syncthing.net/users/versioning.html
Aha, interesting!
Thank you.
Hello,
On Tue, May 06, 2025 at 10:53:08AM +0300, Anssi Saari wrote:
> > Has anyone experienced the following setup:
>
> I wonder how fast the git repo grows as you add stuff in the keepass
> database?
That's indeed a good question. I liked the idea of having an history
of the password database
Hello,
Has anyone experienced the following setup:
On a standard system (Debian GNU/Linux):
- install keepassxc, create a master password and a database file
[ alternative: keepass2, but mono dependancy ]
- make sure that database file is on a git, pushable to a
remote repository (I like gi
On Mon, Apr 14, 2025 at 03:08:11PM +0200, didier gaumet wrote:
> please take all that precedes with a grain of salt: I do not install and set
> up ssh servers :-)
All input is welcome, thank you.
I wrote:
> If you
>sudo systemctl disable cups # and maybe others
Actually, if you follow the discussion, the CUPS Bonjour auto-discovery
- it presumably handled by the cups-browsed package
(you can uninstall it, or systemctl disable it,
if you don't want printer auto-detection
Hello,
On Sun, Apr 13, 2025 at 11:38:01AM -0400, Stefan Monnier wrote:
> Why do you need cups ports open to print?
You presumably do not, in the general sense.
On this machine, I have this:
tcp0 0 127.0.0.1:631 0.0.0.0:* LISTEN
10711/cupsd
tcp
Hello,
On Sun, Apr 13, 2025 at 06:24:50PM +0200, didier gaumet wrote:
> didier@hp-notebook14:~$ ldd /usr/sbin/tinysshd
> linux-vdso.so.1 (0x7ffdb29f7000)
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x7f54a996c000)
> /lib64/ld-linux-x86-64.so.2 (0x7f54a9c2e000)
>
Hello,
> would you be open to using another implementation of an ssh server?
> If so, it would be a third approach:
Yes, it would be. It might help with the attack surface issue of
current sshd.
However, I would guess that most of the alternative to OpenSSH are
using libssh, which also had some
Hello,
On Sun, Apr 13, 2025 at 10:59:45AM -0400, Lee wrote:
> I taking a class at the local library; my laptop has avahi and cups
> ports open .. which I'm not thrilled about but I like the zero-conf
> printing ability.
If you
sudo systemctl disable cups # and maybe others
then, you can do
Hello,
Jumping into your interesting ssh vs VPN discussion:
On Sat, Apr 12, 2025 at 07:24:17AM +0200, to...@tuxteam.de wrote:
> - you didn't explain how "a VPN's" mechanism is inherently more
> secure than sshd's, given that their mechanisms are all pretty
> similar.
I agree. Especially si
Hello,
systemd dependancies that are activated on a Debian system imply a lot
of library injections into sshd, much more than the stock OpenBSD ssh.
To avoid this, there seem to be two approaches:
- remove those dependancies (see below)
- confine the impact of those dependancies, as propo
Hello,
I run a nut-server & nut-client on Debian bullseye connected to an UPS.
It works very well: there are syslog messages for when the current is
down and it's on battery, I can see the various statistics with upsc.
However, it does not seem it really shuts down when low on battery.
I noticed
Dear contributor,
On Tue, Nov 05, 2024 at 06:42:07PM +0100, Nicolas George wrote:
> I suggest you try compiling projects more complex than Hello World.
It is always a sliding slope to assume things about people
you interact with on mailing-lists.
When I do compile complex projects, I usually sta
Hello,
On Tue, Nov 05, 2024 at 12:11:39PM +0100, Nicolas George wrote:
> > It could have been handy on a real tty
>
> It is very handy on emulated ttys too. You never had the output of
> tcpdump / tail -f /var/log/ / make you wanted to pause to inspect
> something?
On slow, physical VT100 termin
Hello,
Something funny is that on a pty you have XON/XOFF software flow control
enabled by default:
- if you type C-s (XOFF), output will be paused
- if you type C-q (XON), output will be resumed
It could have been handy on a real tty -- serial line/port -- although
when I was using modems
Hello,
On Tue, Jun 25, 2024 at 09:53:41AM -0400, Lee wrote:
> My question is: how do I reformat the flash drive so it's usable as a
> "normal" flash drive again?
Nowadays, people rarely "format" (*) their "drives".
They create filesystems on raw devices.
For example `mkfs.ext4 /dev/sdX`, where
Hello,
On Sat, Jul 06, 2024 at 12:49:32PM +0200, Detlef Vollmann wrote:
> The only thing that's always annoying is that too many programs
> believe they have to overwrite /etc/resolv.conf...
chattr +i # immutable
still works :)
Hello,
On Wed, May 22, 2024 at 05:03:34PM -0400, Stefan Monnier wrote:
> Hmm... I've been using a "plain old partition" for /boot (with
> everything else in LVM) for "ever", originally because the boot loader
> was not able to read LVM, and later out of habit. I was thinking of
> finally moving /
Hello,
On Wed, May 22, 2024 at 10:13:06AM +, Andy Smith wrote:
> metadata tags to some PVs prevented grub from assembling them,
grub is indeed very fragile if you use dm-integrity anywhere on any of
your LVs on the same VG where /boot is (or at least if in the list
of LVs, the dm-integrity pr
Hello,
On Wed, May 22, 2024 at 08:57:38AM +0200, Marc SCHAEFER wrote:
> I will try this work-around and report back here. As I said, I can
> live with /boot on RAID without dm-integrity, as long as the rest can be
> dm-integrity+raid protected.
So, enable dm-integrity on all LVs,
Additional info:
On Wed, May 22, 2024 at 08:49:56AM +0200, Marc SCHAEFER wrote:
> Having /boot on a LVM non enabled dm-integrity logical volume does not
> work either, as soon as there is ANY LVM dm-integrity enabled logical
> volume anywhere (even not linked to booting), grub2 complains
Hello,
On Tue, May 21, 2024 at 08:41:58PM +0200, Franco Martelli wrote:
> I can only recommend you to read carefully the Wiki:
> https://raid.wiki.kernel.org/index.php/Dm-integrity
I did, and it looks it does not seem to document anything pertaining
to my issue:
1) I don't use integritysetup (fr
Hello,
1. INITIAL SITUATION: WORKS (no dm-integrity at all)
I have a Debian bookwork uptodate system that boots correctly with
kernel 6.1.0-21-amd64.
It is setup like this:
- /dev/nvme1n1p1 is /boot/efi
- /dev/nvme0n1p2 and /dev/nvme1n1p2 are the two LVM physical volumes
- a volume g
On Fri, May 03, 2024 at 01:50:52PM -0700, David Christensen wrote:
> Thank you for devising a benchmark and posting some data. :-)
I did not do the comparison hosted on github. I just wrote the
script which tests the dm-integrity on dm-raid error detection
and error correction.
> FreeBSD also o
On Mon, Apr 08, 2024 at 10:04:01PM +0200, Marc SCHAEFER wrote:
> For off-site long-term offline archiving, no, I am not using RAID.
Now, as I had to think a bit about ONLINE integrity, I found this
comparison:
https://github.com/t13a/dm-integrity-benchmarks
Contenders are btrfs, zfs,
On Thu, Apr 11, 2024 at 04:14:33PM +0200, DdB wrote:
> - the resulting transfer is way faster than say ... ssh.
AFAIK ssh is mono-threaded (like OpenVPN, unless you use the kernel
module). wireguard is multi-threaded.
The symptom will be one CPU ("core") at 100% and the rest mostly
idle.
Hello,
On Tue, Apr 09, 2024 at 03:13:01PM +0200, DdB wrote:
> from my research, the abbreviated takeaway is:
I never used mbuffer, I use buffer combined with netcat-traditional:
# receiver (TCP server on port 8000)
nc -l -p 8000 | buffer -S 1048576 -s 32768 -o /dev/null
# sender (TCP c
Hello,
On Mon, Apr 08, 2024 at 11:28:04AM -0700, David Christensen wrote:
> So, an ext4 file system on an LVM logical volume?
>
> Why LVM? Are you implementing redundancy (RAID)? Is your data larger than
> a single disk (concatenation/ JBOD)? Something else?
For off-site long-term offline arc
For offline storage:
On Tue, Apr 02, 2024 at 05:53:15AM -0700, David Christensen wrote:
> Does anyone have any comments or suggestions regarding how to use magnetic
> hard disk drives, commodity x86 computers, and Debian for long-term data
> storage with ensured integrity?
I use LVM on ext4, and
Hello,
On Fri, Mar 29, 2024 at 07:02:54PM +0100, Kamil Jo?ca wrote:
> O-o, is there any simple test to check if I have infected version or
> not?
For example, under root:
path="$(ldd $(which sshd) | grep liblzma | grep -o '/[^ ]*')"
if hexdump -ve '1/1 "%.2x"' "$path" | grep -q
f30f1efa55
Hello,
On Wed, Mar 27, 2024 at 05:30:50PM -0400, Lee wrote:
> Apparently the root of the security issue is that wall is a setguid program?
a) wall must be able to write to your tty, which is not possible
if wall is not installed setguid OR if people have sane permissions
on their terminals
Hello,
On Fri, Mar 15, 2024 at 06:54:38PM +0100, to...@tuxteam.de wrote:
> I may be stating the obvious, but have you made sure the USB hub
> is providing enough power to keep your disks happy?
It's a 60W external power supply, for 4 disks.
Hello,
On Fri, Mar 15, 2024 at 01:30:08PM -0400, Dan Ritter wrote:
> I have never had long-term happiness with multiple disks
> connected via USB. I strongly recommend that you find a 4 or 8
> disk SATA/SAS PCIe card -- an LSI 2008, for example -- and connect
> through that, instead. US prices are
Hello,
on a Debian bullseye uptodate system [1], I experiment frequent (every
3-4 hours on heavy load) disk disconnections from a md RAID10 array with
4 drives connected to an USB 1M adapter [2].
Errors do not look like a timeout, but like a DMA error [3].
Immediately after, the disk reappea
Hello,
On Wed, May 31, 2023 at 11:37:34AM -0700, John Conover wrote:
> How long will Debian Bullseye have debian security team support after
> Bookworm is announced?
LTS planning is here:
https://wiki.debian.org/LTS
bullseye will be LTS-supported til june 2026 (not yet clearly defined),
but
Hello,
I had a few issues with building a bookworm container using the
debian:bookworm image (problems with repository signatures and lzma
decompression errors) on a buster docker host.
The buster and bullseye containers seem to work like a charm though.
So I went the bullseye -> upgrade to book
On Fri, Oct 15, 2021 at 09:02:50PM +0200, Marc SCHAEFER wrote:
> Should I abandon all hope to make it work with USB, or should it work?
Yes, sysrq can work with USB, but not with stock Debian kernels,
because of [1].
Here is the work-around:
1) recompile kernel (see [2]) with the follow
Hello,
On Fri, Oct 15, 2021 at 09:33:20PM -0500, Nicholas Geovanis wrote:
> It's a side issue, not my main question, but If feel some details are
> missing in
> the "apu2 null modem" block-box there :-)
It may be that your e-mail client is not handling ASCII art properly,
you can look at the
Hello,
I made the following setup work, that is I can send break and '?'
(to get the magic sysrq help) or 's' to do an Emergency sync, and the
kernel logs it:
laptopapu2
USB serial port --- null modem --- ttyS0 internal 16550A
(an apu2 is an e
On Thu, Jan 21, 2021 at 06:23:56PM -0600, David Wright wrote:
> Yes, that documents what we normally observe as a %eth0 or %1 suffix
> for IPv6 addresses which selects the interface to use. "Requires"
> (unemphasised in the original) mean that it is necessary to identify a
> particular zone, but IM
On Thu, Jan 21, 2021 at 08:04:05AM +0100, Marc SCHAEFER wrote:
> fe80::1 is specifically a link-local scope, a bit like if you try to
> access a class variable without telling in what class it is.
Reading RFC-4291 [1], 2.5.6 (link-local addresses) and RFC-4007 [2] 6,
Zones Indices:
B
On Wed, Jan 20, 2021 at 11:59:46PM -0600, David Wright wrote:
> As far as the address is concerned, fe80::1 is perfectly formed,
> but ambiguous. Is that what your jessie error message used to say?
The error was one of the usual kernel errors (-EINVALID probably), see
below.
Actually, stretch doe
Hello,
I experiment a change of behaviour between the kernel of Debian jessie
and Debian buster.
Namely, before, ping6 fe80::1 would fail, since it is ambiguous (fe80::1
is a link scope, thus a zone/interface scope ID is required).
With buster, it tries the first Ethernet interface, no error (un
Hello,
I quickly grepped my DEBIAN-USER mailing-list file but did not find any
leapsecond in it, thus this message.
I get this error on all of my buster machines although I think they are
uptodate:
Dec 1 09:34:39 virtual ntpd[2432]: leapsecond file
('/usr/share/zoneinfo/leap-seconds.list'): wi
On Tue, Nov 17, 2020 at 07:04:59AM -0500, The Wanderer wrote:
> FWIW, I parsed this as "and possibly file a(nother) bug report[ about
> this bug, since the one I thought I remembered having filed before seems
> to have disappeared, if it ever existed in the first place]".
Exactly, thank you for pa
Hello,
In jessie, the kernel had a very annoying bug: if you did I/O on
multiple sr devices, the global lock in sr.c would slow down
to a crawl.
E.g. 5 DVD-R written to in parallel gave the same performance as
one writing; and ejecting the DVD in parallel was completely
sequential.
Based on this
On Sun, Nov 08, 2020 at 05:54:14PM +0100, Marc SCHAEFER wrote:
> What could I try to do?
Thanks to some people around here (private replies), I tried:
- finding an option in the BIOS about 64 bit PCI addresses,
none found
- setpci -s 01:00.0 COMMAND=0x02
- removing all ca
Hello,
I have a Mellanox card, which is detected, however on one machine:
01:00.0 Network controller: Mellanox Technologies MT27500 Family [ConnectX-3]
Subsystem: Mellanox Technologies MT27500 Family [ConnectX-3]
Flags: fast devsel, IRQ 16
Memory at dfb0 (64-bit, non-p
On Mon, Aug 10, 2020 at 07:03:26PM +0200, Marc SCHAEFER wrote:
> Should I try with another window-manager? I will also double-check that
> the other working buster MATE installation uses marco.
The bug is NOT present with compiz.
The bug IS NOT present on a fresh buster install with mar
On Mon, Aug 10, 2020 at 01:47:08PM +0200, to...@tuxteam.de wrote:
> Have you tried another "classic" X program? For example xmag or xeyes?
Yes, they fail miserably.
> xterm in a special way, or the decorations of all "classic" X programs
> fail in the same way.
I would guess that.
Should I try
On Sun, Aug 09, 2020 at 09:59:12AM +0200, to...@tuxteam.de wrote:
> To verify/falsify that, you might run xprop on your xterm window.
> The property you are looking for is called WM_NAME. You can even
xprop | grep WM_NAME
WM_NAME(STRING) = "schaefer@reliand: /home/schaefer"
> use xprop to /set/ t
On Sat, Aug 08, 2020 at 02:22:44PM -0700, Mike Kupfer wrote:
> I assume you're using the system xterm, not something in /usr/local or
> $HOME.
yes
schaefer@reliand:~$ which xterm
/usr/bin/xterm
(BTW was working nice before upgrade to buster)
> Could the problem be locale-related? I have
>
>
> > What about if you use another window-manager and/or desktop-environment?
>
> I haven't tried that yet.
I just tried twm and it says "Untitled" even with xterm -T abcd &
On Sat, Aug 08, 2020 at 08:25:39AM -0400, Stefan Monnier wrote:
> Does it affect other terminal emulators?
no, mate-terminal is not affected.
> Have you checked whether the problem also shows up for a freshly created
> user (i.e. without any config of your own)?
yes, it does.
> What about if yo
On Sat, Aug 08, 2020 at 09:47:56AM +, Long Wind wrote:
> have you looked at .bashrc?
Actually, I have sent the usual title escape sequence: it works in
mate-terminal,
but xterm's title remains blank.
Thomas Schmitt :
Also I tried the -T option, with no success.
Running MATE in marco (buster
Hello,
I have a funny problem since I upgraded my laptop to buster: xterm does not
have any title.
It is the only window that has this problem. I did not see anything special in
the .Xresources.
Anyone having this issue ?
Thank you for pointers.
On Thu, Aug 08, 2019 at 12:23:15PM +0300, Reco wrote:
> lxc-cgroup -n 11 -o /dev/stdout -l INFO cpuacct.stat
> And you'll probably have to apply some amount of sed to the output.
> Try it, you'll see what I'm talking about.
Oh, yes. Should I have read the manpage more closely (for me
a log file is
Hello,
I just updated a jessie system to buster. Kudos to the packagers of
lxc, the upgrade script worked and the containers work like a charm.
However, I have an issue with some lxc munin plugins I use. Namely
they don't show anything.
It reduces to the following problem:
lxc-cgroup -n 11 c
On Sun, Apr 02, 2017 at 03:20:56PM -0500, David Wright wrote:
> IIRC I have in the past typed ip route show
> and then pasted the IP of the default route into the browser.
> Am I remembering correctly, and would that IP address obey
> your conditions outlined earlier?
That would work too, even i
On Sun, Apr 02, 2017 at 07:51:40PM +0100, Brian wrote:
> Probably the best place for this is the wiki. Anyone can create a page
> on the topic of captive networks there. Maybe there one is in existence
> which can be added to. Feel free to add to such a page or start a new
> one.
I did not find an
Hello,
with a basic Debian jessie install and a recent Firefox, I observe the
following:
[1] Debian has no specific support for detecting captive networks
(e.g. Android, iOS) and redirecting automatically the browser to
the captive login page
[2] launching Firefox on the defa
On Fri, Aug 22, 2014 at 08:10:45AM -0500, Buchs, Kevin J. wrote:
> Thanks for the comment, Nuno. I only want to run a single X client,
> so XDMCP is not the way to go. My problem is solely getting Xorg to
> start on Debian without the -nolisten tcp argument. On CentOS, this
> is the default and I c
Replying to myself, this is the working solution. It is not that pretty,
but has the advantage to be easily compatible each time GNOME will change
the way it handles configuration files.
---/usr/local/etc/gnome3-user-settings---
#! /bin/bash
gsettings set org.gnome.nautilus.desktop volumes-visibl
Hi,
I can somewhat influence GNOME 3 (wheezy) to my taste,
with the following commands, to be run under X11/GNOME and valid
for the logged user only:
gsettings set org.gnome.nautilus.desktop volumes-visible true
gsettings set org.gnome.desktop.background show-desktop-icons true
gsettings
Hi,
on a quite new machine, with ECC memory, stress-tested before
installing, installed about a month ago, everything was fine,
running squeeze (linux-image-2.6.32-5-openvz-amd64)
I upgraded the kernel to the latest release (2.6.32-41) and
apart from the load average being wrong in some VEs, seem
First, some software already uses kernel-passed command line to disable
or enable user-space services, namely knoppix. And of course
debian-installer.
Second, I will probably file a bug against nut, however it is really
difficult to discriminate between UPS not installed *intentionnally* and
not,
Summary:
I wanted an administratively easy way to disable a service from
running, something that could be specified at the LILO or GRUB boot
prompt.
I proposed to disable this service in run level 3, while still
leaving it running at level 2. This would mean disabling the service
Hi,
I have the following issue:
if the cable to the UPS is removed, nut will shutdown the server.
This is perfectly correct, when the UPS is supposed to be there. But
when it has failed and is not in house ?
First, I thought that nut could consider the system boot as a special
case, and if t
Hi,
apparently gpg-idea was removed from the archives at some point (stable).
Can someone confirm/explain this ?
thanks
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Wed, 9 May 2001, Jens Benecke wrote:
> Windows kernel API to Linux. That means just about every performance boost
> But that also means that the Linux drivers need a proprietary Kernel
> module, which is so riddled with patents, NDAs and sub-contracts (which the
[ and also that now a video dr
seg <[EMAIL PROTECTED]> wrote:
> Now, I have read all the possible instruction files from the debian
Use the pseudo-image-kit (see http://cdimage.debian.org). I did use
it successfully once. I have however heard that you need a very recent
version of the utilities.
Hi,
I intend to print a few (say 100) of the i386 French, German and English
installation manuals. However, before sending this out, I would like
to be sure it's the latest released version.
For example, on the 2.2r2 CD1 you can find a file called install.pdf.fr,
which is version 2.2.20 (30th of
Robert Waldner <[EMAIL PROTECTED]> wrote:
> any SCSI-tapedrive should do AFAICT. never had any problems (with scsi,
> those things which reside on the floppy controller or come with their
> own cards are another matter altogether).
Except the ones which do not behave like a SCSI Tape (Sequential
Marc SCHAEFER <[EMAIL PROTECTED]> wrote:
> Is it possible, and if yes, how can I do this ?
Yes, it seems possible (it is running at this time). All the
needed information seems to be at:
http://cdimage.debian.org/potato_pre.html
Hi,
I have an uptodate slink installation and a potato + slink mirror (as
files). I read that you can automatically create images with the
debian-cd*.deb package (that I have in my mirror). However, I cannot
install it since it seems it requires a few other potato packages.
I don't want to upgrad
75 matches
Mail list logo
