Re: debian-user-digest Digest V2020 #849
unsubscribe.
> On 08/25/2020 8:12 PM debian-user-digest-request@lists.debian.org wrote:
>
>
> debian-user-digest Digest Volume 2020 : Issue 849
>
> Today's Topics:
> Re: stretch vs iptables auto-start [ Andrew Cater <amacater@gmail.com> ]
> Re: stretch vs iptables auto-start [ Gene Heskett <gheskett@shentel.net> ]
> Re: Homebuilt NAS: System Drive File [ David Christensen <dpchrist@holgerd ]
> Re: Continuing problem with malfunct [ David Christensen <dpchrist@holgerd ]
> Re: Cannot see a process listening o [ Victor Sudakov <vas@sibptus.ru> ]
> Re: Homebuilt NAS: System Drive File [ Andrei POPESCU <andreimpopescu@gmai ]
> Re: Cannot see a process listening o [ Anssi Saari <as@sci.fi> ]
> Re: Homebuilt NAS: System Drive File [ Patrick Bartek <nemommxiv@gmail.com ]
> Signal [Was:] Re: Encrypt files on L [ Celejar <celejar@gmail.com> ]
> Re: Cannot see a process listening o [ Victor Sudakov <vas@sibptus.ru> ]
> Start here perhaps? https://wiki.debian.org/nftables
>
> It should be relatively straightforward to move backward and forwards. Working as a systemd service means that it will start automatically if you're using systemd.
>
> [When in doubt, check the Debian wiki for a topic - if that's no good, have a quick look at the Arch Linux wiki - as folk who build from source, they're good at documenting how things work.
>
> All best, as ever,
>
> Andy C.
>
> On Mon, Aug 24, 2020 at 8:15 PM deloptes <deloptes@gmail.com> wrote:
> > Gene Heskett wrote:
> >
> > > At the present time I have around 80 rules, all designed to deny the
> > > network spiders and bots that think they have to mirror my several
> > > giga-byte site, 2 or 3 times a day. And that was eating up my bandwidth
> > > allocation on a slow net connection.
> > >
> > > Is there a tut someplace to guide one in converting from iptables to this
> > > newer nftables? I'm assumeing its a similar utility.
> >
> > Sure, but I have not looked into ... I only read there will be a couple of
> > years transition period and somehow a compatibility layer is or can be
> > used.
> >
> > Perhaps someone more in this can gives us a detail or a hint to a good
> > tutorial
> >
> On Monday 24 August 2020 17:03:13 Andrew Cater wrote:
>
> > Start here perhaps? https://wiki.debian.org/nftables
> >
> > It should be relatively straightforward to move backward and forwards.
> > Working as a systemd service means that it will start automatically if
> > you're using systemd.
> >
> > [When in doubt, check the Debian wiki for a topic - if that's no good,
> > have a quick look at the Arch Linux wiki - as folk who build from
> > source, they're good at documenting how things work.
> >
> > All best, as ever,
> >
> > Andy C.
>
> As always. good advice, thanks Andy.
>
> > On Mon, Aug 24, 2020 at 8:15 PM deloptes <deloptes@gmail.com> wrote:
> > > Gene Heskett wrote:
> > > > At the present time I have around 80 rules, all designed to deny
> > > > the network spiders and bots that think they have to mirror my
> > > > several giga-byte site, 2 or 3 times a day. And that was eating
> > > > up my bandwidth allocation on a slow net connection.
> > > >
> > > > Is there a tut someplace to guide one in converting from iptables
> > > > to this newer nftables? I'm assumeing its a similar utility.
> > >
> > > Sure, but I have not looked into ... I only read there will be a
> > > couple of years transition period and somehow a compatibility layer
> > > is or can be used.
> > >
> > > Perhaps someone more in this can gives us a detail or a hint to a
> > > good tutorial
>
>
> Cheers, Gene Heskett
> --
> "There are four boxes to be used in defense of liberty:
> soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> If we desire respect for the law, we must first make the law respectable.
> - Louis D. Brandeis
> Genes Web page <http://geneslinuxbox.net:6309/gene>
> On 2020-08-24 02:40, Jonathan Dowland wrote:
> > On Fri, Aug 21, 2020 at 09:02:05PM -0700, Patrick Bartek wrote:
> >> Opinions? Suggestions? Recommendations?
>
> > But I'd also avoid trying to run / on a flash drive. I just use a
> > logical volume on my NAS storage for the OS. I can't see a reason not
> > to.
>
> I find it is easier to administer computers when the operating system is
> on one device/RAID and the data is on another device/RAID (or several,
> one for each subgroup of data) -- e.g. "separation of concerns".
>
>
> David
> On 2020-08-24 10:49, Mick Ab wrote:
> > I am still struggling to solve the problem with the malfunctioning USB 3
> > port on a desktop running Debian.
> >
> > I would be very grateful if someone could please give useful answers to the
> > following questions :-
> >
> > (1) Can the desktop be safely rebooted, if needed, given the USB 3 problem?
>
> If your desktop cannot be safely rebooted, the USB ports are the least
> of your worries.
>
>
> > (2) Can the USB 3 problem be fixed in some way or is the port now
> > permanently unavailable?
>
> That depends upon your hardware, your operating system, your software,
> and/or your definition of "fixed".
>
>
> > (3) If the USB 3 port is unavailable, can the new portable hard drive be
> > used to do a back-up of the system from the USB 2 port currently occupied
> > by a card reader or is there any risk the card reader will be messed up
> > again afterwards ?
> >
> > (On a previous occasion, a portable hard drive was plugged into this
> > USB 2 port in place of the card reader. The system issued a message
> > indicating the port was busy. The card reader was plugged back into the USB
> > 2 port and it was then found that a card inserted into the card reader
> > could not be mounted).
>
> Power down the computer. Disconnect everything except the keyboard,
> mouse, monitor, and network cable. Boot the computer.
>
>
> Connect one device at a time and test it thoroughly. Repeat for all
> devices.
>
>
> Post if you have problems. Please run the following commands and post
> the console session -- prompt, command entered, output obtained:
>
> # cat /etc/debian_version ; uname -a
>
> # lsusb
>
> # dmesg | grep usb
>
>
> David
> Andy Smith wrote:
> >
> > On Thu, Aug 20, 2020 at 12:09:03PM +0700, Victor Sudakov wrote:
> > > There is a process listening on 127.0.0.1:8081 but for some reason
> > > netstat/sockstat/ss do not show it listening on IPv4. Is this a bug or a
> > > feature?
> >
> > I think it's listening on an IPv4-mapped IPv6 address so it can
> > accept either v4 or v6. Does this answer your question?
> >
> > https://unix.stackexchange.com/questions/152612/netstat-why-are-ipv4-daemons-listening-to-ports-listed-only-in-a-inet6
> >
> > Daemons that want to receive connections will do the equivalent of:
> >
> > bind(address, port)
> >
> > The address will determine the interface and whether it is v4 or v6
> > or whatever. If they instead do:
> >
> > bind(INADDR_ANY, port)
> >
> > then this will bind to every interface whether it's v4 or v6 and the
> > daemon will get udp6 or tcp6 sockets that can from fromn/to a v4 address.
>
> Thank you, Andy, that explains it.
>
> It's different in *BSD which got me confused. In *BSD, even if you bind
> to INADDR_ANY, you'll see something like this in sockstat output:
>
> root dovecot 39601 21 tcp4 *:110 *:*
> root dovecot 39601 22 tcp6 *:110 *:*
> root dovecot 39601 23 tcp4 *:995 *:*
> root dovecot 39601 24 tcp6 *:995 *:*
>
> --
> Victor Sudakov, VAS4-RIPE, VAS47-RIPN
> 2:5005/49@fidonet http://vas.tomsk.ru/
> On Lu, 24 aug 20, 09:26:57, Patrick Bartek wrote:
> >
> > Since F2FS is not supported directly for an install, one would have to
> > convert to it after or configure the flash drive with another computer
> > before the install. I don't know if it is worth the time to do so.
> > EXT4 without journaling would be easier.
>
> The journal is written to only if the filesystem is written to as well.
>
> Without having any other data than my own, admittedly limited,
> experience[1] it doesn't seem worth disabling the journal, it is only
> written when the filesystem is written to as well anyway.
>
> [1] all my current systems are running from SD cards, with the only
> optimisation being to not configure any swap.
>
> Kind regards,
> Andrei
> --
> http://wiki.debian.org/FAQsFromDebianUser
> Victor Sudakov <vas@sibptus.ru> writes:
>
> > It's different in *BSD which got me confused. In *BSD, even if you bind
> > to INADDR_ANY, you'll see something like this in sockstat output:
> >
> > root dovecot 39601 21 tcp4 *:110 *:*
> > root dovecot 39601 22 tcp6 *:110 *:*
> > root dovecot 39601 23 tcp4 *:995 *:*
> > root dovecot 39601 24 tcp6 *:995 *:*
>
> Well, what about using ss instead of netstat on Linux? I don't seem to
> have any daemon running that would show different with netstat or ss so
> can't check.
> On Tue, 25 Aug 2020 09:37:20 +0300
> Andrei POPESCU <andreimpopescu@gmail.com> wrote:
>
> > On Lu, 24 aug 20, 09:26:57, Patrick Bartek wrote:
> > >
> > > Since F2FS is not supported directly for an install, one would have to
> > > convert to it after or configure the flash drive with another computer
> > > before the install. I don't know if it is worth the time to do so.
> > > EXT4 without journaling would be easier.
> >
> > The journal is written to only if the filesystem is written to as well.
>
> Yes, and every time a log is written to, too. On my main system,
> normal usage, journaling on, I'm getting hard drive activity about 2 to
> 3 times a minute 24/7/365. And currently, I have firewall logging off
> which was writing to log every 2 seconds or so. The two Roku devices I
> have, for some reason, were trying to access this computer, but no
> others. Don't know why.
>
> Some have suggested to remount / read-only, but since my plan is not to
> have a separate /home partition, that would cause problems. Probably
> will cause problems even if I do.
>
> However, the NAS software I plan to use (OpenMediaVault) has a
> specific plugin if you're using solid state devices for the system
> and/or DATA drives. Don't know exactly what it does, or whether it's a
> binary or an executable script. Guess I'll have to wait until I get to
> the point of installing it to see what it does. No details are given
> in OMV's docs.
>
> > Without having any other data than my own, admittedly limited,
> > experience[1] it doesn't seem worth disabling the journal, it is only
> > written when the filesystem is written to as well anyway.
>
> At least the flash drive I'm using has wear leveling. And I'm going to
> leave about 15% of it unpartitioned to be safe. Plus, clone it, so if
> it goes down, I just plug in the clone and I'm up and running.
>
> > [1] all my current systems are running from SD cards, with the only
> > optimisation being to not configure any swap.
>
> Thanks for your input.
>
> B
> On Sun, 23 Aug 2020 14:03:21 +0300
> Andrei POPESCU <andreimpopescu@gmail.com> wrote:
>
> > On Vi, 21 aug 20, 13:07:56, Charles Curley wrote:
> > > On Fri, 21 Aug 2020 13:31:00 -0500
> > > Paul Johnson <baloo@ursamundi.org> wrote:
> > >
> > > > GnuPG. It's in Debian, there's Windows versions on its website, and
> > > > it's not some mystery box like Signal.
> > >
> > > ++
> > >
> > > It also has the advantage that the cryptext will stay encrypted on any
> > > intermediate servers. WhatsApp and Signal claim their traffic is, but
> > > one must take their word for it.
> >
> > Signal is free and open source software.
> >
> > Please do feel free to inspect the source code for potential back doors
> > or vulnerabilities.
>
> I do use Signal on mobile, and I want to like it, but there are a few
> things about it that just really bother me (these may not be relevant
> to the OPs situation):
>
> 1) The requirement of associating accounts with (real, working) phone
> numbers.
>
> 2) The (current) refusal [1] to provide an option to export messages
> into a format easily accessible by the user. (I know, I can read and
> try to understand Signal's code, and then write my own decryptor -
> thanks, Signal).
>
> 3) The strong encouragement of the use of Google's Play Store to install
> the mobile app, and the strong discouragement of other, FLOSS
> compatible, methods of installation. [2]
>
> Discussion of these and many other issues with Signal: [3]
>
> I'm just a user, and not a very advanced one at that, but I can't get
> away from the feeling that Signal is somewhat user-hostile, with an
> attitude of "Trust us - Moxie is a legend, our code is great (and
> FLOSS), and we really care." All true, to be sure, but still.
>
> [1] https://github.com/signalapp/Signal-Android/issues/7586
> [2] https://signal.org/android/apk/
> [3] https://github.com/privacytools/privacytools.io/issues/779
>
> Celejar
> Anssi Saari wrote:
> > Victor Sudakov <vas@sibptus.ru> writes:
> >
> > > It's different in *BSD which got me confused. In *BSD, even if you bind
> > > to INADDR_ANY, you'll see something like this in sockstat output:
> > >
> > > root dovecot 39601 21 tcp4 *:110 *:*
> > > root dovecot 39601 22 tcp6 *:110 *:*
> > > root dovecot 39601 23 tcp4 *:995 *:*
> > > root dovecot 39601 24 tcp6 *:995 *:*
> >
> > Well, what about using ss instead of netstat on Linux? I don't seem to
> > have any daemon running that would show different with netstat or ss so
> > can't check.
>
> Basically the same:
>
> root@test4:~# netstat -lpn | grep 8081
> tcp6 0 0 :::8081 :::* LISTEN 10872/node /home/ad
> root@test4:~# ss -ln | grep 8081
> tcp LISTEN 0 128 :::8081 :::*
> root@test4:~#
>
>
> --
> Victor Sudakov, VAS4-RIPE, VAS47-RIPN
> 2:5005/49@fidonet http://vas.tomsk.ru/
Reply to: