Re: random number generator missing after upgrade

[Anders Andersson]

On Sun, Aug 13, 2023 at 11:09 PM Björn Persson  wrote:
>
> Jeffrey Walton wrote:
> > Maybe related to https://www.phoronix.com/news/Linux-Disables-RNG-AMD-fTPMs
>
> Not likely. That article is about a firmware TPM that comes with newer
> Ryzen processors. Older Ryzens supposedly don't have it. The processor
> in my APU2 is a GX-412TC, not a Ryzen at all, and my TPM is a discrete
> chip from Infineon. The change in question is supposed to disable the
> random number generator only if the TPM lists AMD as its manufacturer.

I agree that the patch looks ok, but I remember being hit by a kernel
change that inadvertently changed the behavior on other systems too
(ECC RAM background scrubbing), but nobody really noticed because it
was not in much use.

I suspect that the case of having an external TPM on an AMD system is
such an unusual case, and I couldn't trace exactly where that patch
checked the AMD string, so perhaps it's picking up the AMD string
earlier on, and decides to disable all TPM on the AMD system. At least
the timing of the problem and the patch is suspicious.

Upgrade to Bookworm, now GNOME keyring dies--no access to stored SSH key passwords

[Nate Bargmann]

I now have two desktop systems running Bookworm with GNOME.  The laptop
was upgraded last month and I upgraded the desktop this afternoon.  I
have been using the GNOME keyring applet to manage the SSH public key
passwords I use as it prompts to save passwords and then lets me SSH to
other hosts without out a password prompt.

Some time after the upgrade I wanted to SSH into one of the other
systems on my LAN and was greeted with a password prompt for the
corresponding public key that had prior been managed by the keyring
applet.  I noted differences in the running processes between the laptop
where the keyring applet is still working and the desktop where it was
not.

On an off-chance I cold booted this system and found the keyring applet
was working as expected so I went on doing other things for a while.
Then I tried again and was prompted for the public key's password.
Uggh.

Right after rebooting the process list looked like this which mirrors
the laptop:

$ ps ax -u nate | grep "agent\|keyring"
   2037 ?SLsl   0:00 /usr/bin/gnome-keyring-daemon --foreground 
--components=pkcs11,secrets --control-directory=/run/user/1000/keyring
   2151 ?Ssl0:00 /usr/libexec/gcr-ssh-agent /run/user/1000/gcr
   2157 ?Ss 0:00 ssh-agent -D -a /run/user/1000/openssh_agent
   3802 ?S  0:00 /usr/bin/ssh-agent -D -a 
/run/user/1000/keyring/.ssh
   3922 pts/0S+ 0:00 grep --color=auto agent\|keyring

When I began this mail things looked like this:

$ ps ax -u nate | grep "agent\|keyring"
   2151 ?Ssl0:00 /usr/libexec/gcr-ssh-agent /run/user/1000/gcr
   2157 ?Ss 0:00 ssh-agent -D -a /run/user/1000/openssh_agent
  12324 ?Sl 0:00 /usr/bin/gnome-keyring-daemon --start --foreground 
--components=secrets
  12325 ?Ssl0:00 /usr/bin/gnome-keyring-daemon --foreground 
--components=pkcs11,secrets --control-directory=/run/user/1000/keyring
  19308 pts/0S+ 0:00 grep --color=auto agent\|keyring

It appears to me that gnome-keyring-daemon has been restarted for some reason.
As a result PIDs 2037 and 3802 are terminated and also
/run/user/1000/keyring/.ssh is no longer present along with the pkcs11 and ssh
files in the same directory.

I don't see anything out of the ordinary, in fact, these packages are
the same on the desktop and laptop systems:

debian-archive-keyring/stable,stable,now 2023.3 all [installed,automatic]
fasttrack-archive-keyring/stable,stable,now 2020.12.19 all [installed]
gnome-keyring-pkcs11/stable,now 42.1-1+b2 amd64 [installed,automatic]
gnome-keyring/stable,now 42.1-1+b2 amd64 [installed,automatic]
gpg-agent/stable,now 2.2.40-1.1 amd64 [installed,automatic]
libpam-gnome-keyring/stable,now 42.1-1+b2 amd64 [installed,automatic]
libpolkit-agent-1-0/stable,now 122-3 amd64 [installed,automatic]

Now, while typing this email all keyring PIDs have vanished!

$ ps ax -u nate | grep "agent\|keyring"
   2151 ?Ssl0:00 /usr/libexec/gcr-ssh-agent /run/user/1000/gcr
   2157 ?Ss 0:00 ssh-agent -D -a /run/user/1000/openssh_agent
  22418 pts/0S+ 0:00 grep --color=auto agent\|keyring

I am flummoxed.

TIA

- Nate

-- 
"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."
Web: https://www.n0nb.us
Projects: https://github.com/N0NB
GPG fingerprint: 82D6 4F6B 0E67 CD41 F689 BBA6 FB2C 5130 D55A 8819



signature.asc
Description: PGP signature

Re: List administrators - request for intervention - was - Re: Mailing list unsubscription requests and identificatio

[Bret Busby]

On 14/8/23 03:36, davidson wrote:

On Sun, 13 Aug 2023 Andy Smith wrote:

Hello,

On Sun, Aug 13, 2023 at 12:12:49AM +, davidson wrote:

The foregoing demonstration is meant to show how, using alpine's
threaded mode, I minimise my irritation with threads that I find
irrelevant to my interests


Unfortunately no matter how advanced your MUA is, it doesn't help
against prolific posters who derail nearly every thread with copious
amounts of irrelevance and outright false information.


This is a higher bar than merely neutralising the disruption (to one's
own use of the list) caused by a popular thread that one has little
interest in.

And here, my instincts are screaming "Leave it here. Stop now. Leave
well enough alone for the sake of all that is holy!"

However, and speaking only for myself, I'll bite:

Being able to see a thread's messages structured as a tree of message
headers (author, subject) can indeed help me infer quite a bit about
what's going on, before I bother to dig in and actually read any of
the messages' content.

For example, let P and Q be two regularly prolific participants, P
with exceptionally high signal-to-noise contributions, and Q a hot
willfully clueless mess. If there is a branch of the tree that is just
a chain of back-and-forth between P and Q --Q.P.Q.P.Q...-- then I know
what's going on in there and so some OTHER branch will be my first
destination, unless I'm in the mood for a laugh.


You can easily see from looking at most of the large threads here,
the points at which they go off the rails and the common factors
involved there.


I can indeed. Without seeing the tree structure, I do not think it
would be so easy to see.


It is a difficult problem to solve as mailing lists like this tend
to promote a volume-wins approach,


You may be correct, but this isn't clear to me. (Unless the object of
the game is to annoy the greatest number of participants.)


and the baseline user will not have an advanced MUA nor necessarily
the experience to know that they're reading nonsense.


When I conquer the world, you will know because /etc/motd will contain
something like this:

   Don't enter commands you don't understand, and you won't understand
   the commands unless you read the manual. If you read the manual, you
   STILL may not understand the commands. Nevertheless, keep trying,
   Curious Human. We are rooting for you!


Things get easier when you use an advanced MUA, so people should
invest the time to do so, but let's not pretend that this will avoid
a mega-thread next time some outlandish thread hijack by one of the
usual suspects happens.


My point was simply this: threads I've lost interest in (regardless of
size) are a single line in my mailbox, provided I do not delete its
initial message.


Does this particular thread go much better if you assume that
everyone participating (except the OP, who doesn't know how to
unsubscribe, or how to spell it) is fully competent at efficiently
managing email but still posts as they posted?


Funnily enough, if you look carefully, you can see some utterly
slapstick confusion of that very nature in this thread, over who is to
blame for posting a red-herring link to the Alpine Linux distro
mailing list:

%<--
 18159 Thursday   glenn green   (6K) . UNUBSCRIBE
 ...   ......   ......
[1] 18192 Yesterday  fjd   (7K) .   |   \-Alpine was
[2] 18193 Yesterday  Bret Busby(8K) .   | |-Re: Alpi
[6] 18194  5:55  fjd   (7K) | | |-Re: Al
[7] 18195  6:11  fjd   (8K) | | \-Re: Al
[3] 18196 Yesterday  Jeffrey Walton(7K) .   | \-Re: Alpi
[4] 18197 Yesterday  Greg Wooledge (5K) .   |   \-Re: Al
[5] 18198  2:41  Bret Busby(9K) .   | \-Re:
 18199 Yesterday  David Wright  (6K) |   
\-Re
-->%

Somebody requests a link to an alpine MUA forum or mailing list.
  [1] https://lists.debian.org/debian-user/2023/08/msg00333.html

Somebody posts a link to an alpine MUA mailing list.
  [2] https://lists.debian.org/debian-user/2023/08/msg00341.html

Somebody else posts a red-herring link, to a mailing list concerning
the linux distro called Alpine Linux.
  [3] https://lists.debian.org/debian-user/2023/08/msg00355.html

Then Greg points out, in reply to the red-herring poster, that they
have posted a red herring. <-- Here is where the tree structure view
is illuminating.
  [4] https://lists.debian.org/debian-user/2023/08/msg00356.html

And then the person who had posted the CORRECT link in the first place
apologises for posting the wrong one, and posts the very same correct
link once again. <-- This person

Re: next question in the arm64 world

[gene heskett]

On 8/13/23 16:12, Andrew M.A. Cater wrote:

On Sun, Aug 13, 2023 at 02:35:56PM -0400, gene heskett wrote:

The arm64 board I have a 6 pack of, has an emmc memory of 16Gb soldered on
it, which would be handier than sliced bread to put stuff needed over system
upgrades, like gcodes to drive 3d printers or cnc machinery.  Or network
configs.



If it's an emmc, it may well come up as a storage device - what does mount
say?


Unfortunately, this kernel still doesn't seem to recognize it:

Linux bpi52 6.1.30-meson64 #8 SMP PREEMPT Wed May 24 16:32:53 UTC 2023
aarch64 aarch64 aarch64 GNU/Linux



This is the upstream BSP kernel at a guess - it's not a Debian kernel version - 
and the meson64 gives it away.

  What do the manufacturers of the Banana Pi say?

What do Armbian say?


Is there a module I've not heard about which will allow it to be formatted,
mounted and used?

I may have found it, Andy, there is an unmounted /dev/mmcblk1 device 
which ack fdisk has no partition table and is within 200k of the right 
size. Looks like the most likely culprit to me...


Fdisk might work - but until we know what the kernel actually reports
from dmesg / proc or whatever, none of us can help.

Thanks.

Cheers, Gene Heskett.
--


All best, as ever,

Andy

"There are four boxes to be used in defense of liberty:
  soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
  - Louis D. Brandeis
Genes Web page 



.


Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: random number generator missing after upgrade

[Björn Persson]

Jeffrey Walton wrote:
> Maybe related to https://www.phoronix.com/news/Linux-Disables-RNG-AMD-fTPMs

Not likely. That article is about a firmware TPM that comes with newer
Ryzen processors. Older Ryzens supposedly don't have it. The processor
in my APU2 is a GX-412TC, not a Ryzen at all, and my TPM is a discrete
chip from Infineon. The change in question is supposed to disable the
random number generator only if the TPM lists AMD as its manufacturer.

Björn Persson


pgpeOz3MAeGrY.pgp
Description: OpenPGP digital signatur

Re: List administrators - request for intervention - was - Re: Mailing list unsubscription requests and identificatio

[Jeffrey Walton]

On Sun, Aug 13, 2023 at 4:33 PM davidson  wrote:
> [...]
> Somebody else posts a red-herring link, to a mailing list concerning
> the linux distro called Alpine Linux.
>  [3] https://lists.debian.org/debian-user/2023/08/msg00355.html
>
> Then Greg points out, in reply to the red-herring poster, that they
> have posted a red herring. <-- Here is where the tree structure view
> is illuminating.
>  [4] https://lists.debian.org/debian-user/2023/08/msg00356.html
> [...]
> (The person who really HAD posted the red herring says nothing.)

What would you have me say? Greg made the correction. Do you really
need more fodder from me?

But I'll give you what you want... I sincerely apologize for posting
an incorrect link to an Alpine mailing list. I am so sorry I troubled
you for it. I hope you can find it in your heart to forgive me for the
transgression, and the inconvenience I caused to all members of the
list.

Jeff

Re: next question in the arm64 world

[Andrew M.A. Cater]

On Sun, Aug 13, 2023 at 02:35:56PM -0400, gene heskett wrote:
> The arm64 board I have a 6 pack of, has an emmc memory of 16Gb soldered on
> it, which would be handier than sliced bread to put stuff needed over system
> upgrades, like gcodes to drive 3d printers or cnc machinery.  Or network
> configs.
> 

If it's an emmc, it may well come up as a storage device - what does mount
say?

> Unfortunately, this kernel still doesn't seem to recognize it:
> 
> Linux bpi52 6.1.30-meson64 #8 SMP PREEMPT Wed May 24 16:32:53 UTC 2023
> aarch64 aarch64 aarch64 GNU/Linux
> 

This is the upstream BSP kernel at a guess - it's not a Debian kernel version - 
and the meson64 gives it away.

 What do the manufacturers of the Banana Pi say?

What do Armbian say?

> Is there a module I've not heard about which will allow it to be formatted,
> mounted and used?
> 

Fdisk might work - but until we know what the kernel actually reports 
from dmesg / proc or whatever, none of us can help.
> Thanks.
> 
> Cheers, Gene Heskett.
> -- 

All best, as ever,

Andy
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author, 1940)
> If we desire respect for the law, we must first make the law respectable.
>  - Louis D. Brandeis
> Genes Web page 
> 

Re: List administrators - request for intervention - was - Re: Mailing list unsubscription requests and identificatio

[davidson]

On Sun, 13 Aug 2023 Andy Smith wrote:
> Hello,
>
> On Sun, Aug 13, 2023 at 12:12:49AM +, davidson wrote:
>> The foregoing demonstration is meant to show how, using alpine's
>> threaded mode, I minimise my irritation with threads that I find
>> irrelevant to my interests
>
> Unfortunately no matter how advanced your MUA is, it doesn't help
> against prolific posters who derail nearly every thread with copious
> amounts of irrelevance and outright false information.

This is a higher bar than merely neutralising the disruption (to one's
own use of the list) caused by a popular thread that one has little
interest in.

And here, my instincts are screaming "Leave it here. Stop now. Leave
well enough alone for the sake of all that is holy!"

However, and speaking only for myself, I'll bite:

Being able to see a thread's messages structured as a tree of message
headers (author, subject) can indeed help me infer quite a bit about
what's going on, before I bother to dig in and actually read any of
the messages' content.

For example, let P and Q be two regularly prolific participants, P
with exceptionally high signal-to-noise contributions, and Q a hot
willfully clueless mess. If there is a branch of the tree that is just
a chain of back-and-forth between P and Q --Q.P.Q.P.Q...-- then I know
what's going on in there and so some OTHER branch will be my first
destination, unless I'm in the mood for a laugh.

> You can easily see from looking at most of the large threads here,
> the points at which they go off the rails and the common factors
> involved there.

I can indeed. Without seeing the tree structure, I do not think it
would be so easy to see.

> It is a difficult problem to solve as mailing lists like this tend
> to promote a volume-wins approach,

You may be correct, but this isn't clear to me. (Unless the object of
the game is to annoy the greatest number of participants.)

> and the baseline user will not have an advanced MUA nor necessarily
> the experience to know that they're reading nonsense.

When I conquer the world, you will know because /etc/motd will contain
something like this:

  Don't enter commands you don't understand, and you won't understand
  the commands unless you read the manual. If you read the manual, you
  STILL may not understand the commands. Nevertheless, keep trying,
  Curious Human. We are rooting for you!

> Things get easier when you use an advanced MUA, so people should
> invest the time to do so, but let's not pretend that this will avoid
> a mega-thread next time some outlandish thread hijack by one of the
> usual suspects happens.

My point was simply this: threads I've lost interest in (regardless of
size) are a single line in my mailbox, provided I do not delete its
initial message.

> Does this particular thread go much better if you assume that
> everyone participating (except the OP, who doesn't know how to
> unsubscribe, or how to spell it) is fully competent at efficiently
> managing email but still posts as they posted?

Funnily enough, if you look carefully, you can see some utterly
slapstick confusion of that very nature in this thread, over who is to
blame for posting a red-herring link to the Alpine Linux distro
mailing list:

%<--
18159 Thursday   glenn green   (6K) . UNUBSCRIBE
...   ......   ......
[1] 18192 Yesterday  fjd   (7K) .   |   \-Alpine was
[2] 18193 Yesterday  Bret Busby(8K) .   | |-Re: Alpi
[6] 18194  5:55  fjd   (7K) | | |-Re: Al
[7] 18195  6:11  fjd   (8K) | | \-Re: Al
[3] 18196 Yesterday  Jeffrey Walton(7K) .   | \-Re: Alpi
[4] 18197 Yesterday  Greg Wooledge (5K) .   |   \-Re: Al
[5] 18198  2:41  Bret Busby(9K) .   | \-Re:
18199 Yesterday  David Wright  (6K) |   \-Re
-->%

Somebody requests a link to an alpine MUA forum or mailing list.
 [1] https://lists.debian.org/debian-user/2023/08/msg00333.html

Somebody posts a link to an alpine MUA mailing list.
 [2] https://lists.debian.org/debian-user/2023/08/msg00341.html

Somebody else posts a red-herring link, to a mailing list concerning
the linux distro called Alpine Linux.
 [3] https://lists.debian.org/debian-user/2023/08/msg00355.html

Then Greg points out, in reply to the red-herring poster, that they
have posted a red herring. <-- Here is where the tree structure view
is illuminating.
 [4] https://lists.debian.org/debian-user/2023/08/msg00356.html

And then the person who had posted the CORRECT link in the first place
apologises for posting the wrong one, and posts the very same correct
link once again. <-- This person, it would 

Re: ipv6 maybe has arrived.

[gene heskett]

On 8/13/23 13:59, Celejar wrote:

On Fri, 10 Feb 2023 16:20:00 +0300
Reco  wrote:


Hi.

On Fri, Feb 10, 2023 at 08:04:38AM -0500, Greg Wooledge wrote:

On Fri, Feb 10, 2023 at 05:58:07AM -0500, gene heskett wrote:

hosts:  files mymachines dns myhostname


This is wrong.



But I didn't put them there, the armbian/jammy install iso did.


You're correct, but for the wrong reason.


I don't know where you got it from, but "mymachines"
and "myhostname" are not valid entries in this file.


On the contrary.

apt show libnss-myhostname libnss-mymachines

Interesting if I knew the why and what:
Package: libnss-myhostname
Version: 249.11-0ubuntu3.9
Priority: extra
Section: universe/admin
Source: systemd
Origin: Ubuntu
Maintainer: Ubuntu Developers 
Original-Maintainer: Debian systemd Maintainers 


Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 316 kB
Depends: libc6 (>= 2.34)
Homepage: https://www.freedesktop.org/wiki/Software/systemd
Task: ubuntu-budgie-desktop, ubuntu-budgie-desktop-raspi
Download-Size: 53.4 kB
APT-Manual-Installed: yes
APT-Sources: http://ports.ubuntu.com jammy-updates/universe arm64 Packages
Description: nss module providing fallback resolution for the current 
hostname


Package: libnss-mymachines
Version: 249.11-0ubuntu3.9
Priority: extra
Section: admin
Source: systemd
Origin: Ubuntu
Maintainer: Ubuntu Developers 
Original-Maintainer: Debian systemd Maintainers 


Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 509 kB
Depends: libc6 (>= 2.34), libcap2 (>= 1:2.24-9~), systemd-container (= 
249.11-0ubuntu3.9)

Homepage: https://www.freedesktop.org/wiki/Software/systemd
Download-Size: 143 kB
APT-Sources: http://ports.ubuntu.com jammy-updates/main arm64 Packages
Description: nss module to resolve hostnames for local container instances

N: There are 4 additional records. Please use the '-a' switch to see them.
That -a option apparently shows older versions that have been overwritten.



Why would anyone in their sane mind willingly install those is another
question :)


libnss-mymachines is marked as automatically installed on my (Debian
Sid) system:

$ aptitude why libnss-mymachines
i   libvirt-daemon-system Dependslibvirt-daemon-system-systemd (= 
9.6.0-1) | libvirt-daemon-system-sysv (= 9.6.0-1)
i A libvirt-daemon-system-systemd Dependssystemd-container
i A systemd-container Recommends libnss-mymachines

So if one wants to run libvirt as a system service on a systemd system,
and "Recommends" are installed by default (which I would assume is a
not uncommon scenario), then one will end up with libnss-mymachines
installed.



Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

next question in the arm64 world

[gene heskett]

The arm64 board I have a 6 pack of, has an emmc memory of 16Gb soldered 
on it, which would be handier than sliced bread to put stuff needed over 
system upgrades, like gcodes to drive 3d printers or cnc machinery.  Or 
network configs.


Unfortunately, this kernel still doesn't seem to recognize it:

Linux bpi52 6.1.30-meson64 #8 SMP PREEMPT Wed May 24 16:32:53 UTC 2023 
aarch64 aarch64 aarch64 GNU/Linux


Is there a module I've not heard about which will allow it to be 
formatted, mounted and used?


Thanks.

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: Kiauh - setting up an ARM based single board computer for 3d printing

[gene heskett]

On 8/13/23 11:07, Andrew M.A. Cater wrote:

Gene,

A little bit more information in each post would help a whole lot here.

For others following along at home this saga is unclear: for others, here's
my attempted summary:

The ARM machines


Gene has a network of small ARM SBCs. They're not Raspberry Pi's, they're
one of the somewhat similar range of OrangePis. 


Only have one orange pi. Still unpowered as its equ to a rpi3b, not fast 
enough to do the job. So I'm running an rpi4b to run my big lathe, and a 
bunch (6 so far) of bananapi-m5's to run 3d printers, essentially a 
slightly faster rpi4b w/o the rpi's radio, but  with 16Gb of emmc memory 
the kernel does not see.  The rest of them are old Dell dimensions with 
i5 brains and have been for as long as wheezy's been around.


Over a period of years,

he's had Intel machines, Raspberry Pi machines, Orange Pis either running
heavy machinery like lathes (see threads on linuxcnc) or now 3D printers.

The Armbian OS
==
These run Armbian, not vanilla Debian. Armbian is similar, but the impetus
behind the project is to get unsupported boards supported using a vendor's
BSP (board support package) enough to then add Debian packages


Correct but armbian can give a full desktop. as can raspiOS.


Armbian as a project is extremely useful but extremely limited: they barely
have enough time to compe with the huge numbers of boards now in circulation
and insufficient developers. They don't have enough for user support on a
regular basis.


This is also true to the extent I'm tempted to contribute to the beer fund.


Using small ARM SBCs - 3D printing
==

From what I can see, Gene has several of the OrangePi boards, each running

a 3D printer.

Never happened. bpi's work great.


Package selection
=
Gene has some some definite preferences in package selection: synaptic
as a graphical tool for package selection rather than apt-get, apt or aptitude
and he will sometimes blame the tools for somehow messing up the packages he
wants to install.
Another untruth, I'm scared of only aptitude, its destroyed 4 installs 
for me by deleting everything in sight.


Risk appetite
=
Unlike some others on the list, he's happy to be an experimentalist and to
run third party tools and all in one packages like Appimages and Flatpaks
if they serve his purpose. He's also prepared to build things from random
sources. In this, he's prepared to be on the very definite bleeding edge
and sometimes suffers for it :)


For everyones enlightenment, at an age of 88 that you all imagine as 
drowning in my breakfast cereal bowl:


Mother did gave me one thing, an IQ that raises eyebrows when I'm 
tested, like the Iowa test in '46 of 147, AFQT in 1952, my 8th grade 
education at that point made a 98 and got me 4F'd. 10 years later I 
walked into a testing session for FCC licenses and passed a 1st phone 
exam w/o cracking a book, another 10 years later I sat for the CET, and 
got 123 of 125 correct w/o a books help. I wasn't impressed with the 
college prof administering the test which was 4 hours long, when he was 
amazed I was done in 45 minutes, he was dubious, laying the answer 
stencil on my sheets and seeing a sea of black raised his eyebrows, he 
had been teaching a course based on electronics for 5 years and I, who 
had just walked in the door with a 20 dollar bill for the test was the 
first to pass it. But I'm fading with age, failing the mensa test about 
6 years back. I explained to the FCC in the 1970's, the distortion in 
the signal that a klystron amplfier does timewise to the NTSC signal, 
using relativity's effect on the mass of the electron as the cause of 
it. We can correct that now or digital tv would not work, but we 
couldn't then i the late '70's.. I helped build the cameras in the later 
'50's that went down 37,000 feet in the mohole. You've, if old enough, 
seen pix in the encyclopedias taken where external water pressure was 
around 18,000 psi. I've seen pix taken with those 2 cameras that prove 
water IS compressible. It just takes an unimaginable amount of psi. I've 
been there, and done that, places many of you would not believe, and 
I've had fun learning about it. Been asked to remove my shoes during 
physicals by parameds who'd been told I probably have webbed feet cuz I 
have walked on water electronically, often enough I use WOWElectronics 
as a business name.


Now I readily admit I'm having trouble keeping up, but I'll try till I 
miss roll call, its in my genes.


So take care and stay well everybody.


kiauh https://github.com/th33xitus/kiauh
=

This is from a Github repository. It is a script, [Klipper Installation And
Update Helper] to pull together an SD card image and various applications
to produce an integrated environment for 3D printing.

Requirements: Raspbian Lite or equivalent small environment. It can be
run on Ubuntu Jammy - the site itself notes that it h

Re: ipv6 maybe has arrived.

[Celejar]

On Fri, 10 Feb 2023 16:20:00 +0300
Reco  wrote:

>   Hi.
> 
> On Fri, Feb 10, 2023 at 08:04:38AM -0500, Greg Wooledge wrote:
> > On Fri, Feb 10, 2023 at 05:58:07AM -0500, gene heskett wrote:
> > > hosts:  files mymachines dns myhostname
> > 
> > This is wrong.
> 
> You're correct, but for the wrong reason.
> 
> > I don't know where you got it from, but "mymachines"
> > and "myhostname" are not valid entries in this file.
> 
> On the contrary.
> 
> apt show libnss-myhostname libnss-mymachines
> 
> Why would anyone in their sane mind willingly install those is another
> question :)

libnss-mymachines is marked as automatically installed on my (Debian
Sid) system:

$ aptitude why libnss-mymachines
i   libvirt-daemon-system Dependslibvirt-daemon-system-systemd (= 
9.6.0-1) | libvirt-daemon-system-sysv (= 9.6.0-1)
i A libvirt-daemon-system-systemd Dependssystemd-container  
   
i A systemd-container Recommends libnss-mymachines 

So if one wants to run libvirt as a system service on a systemd system,
and "Recommends" are installed by default (which I would assume is a
not uncommon scenario), then one will end up with libnss-mymachines
installed.

-- 
Celejar

Re: Mailing list unsubscription requests and identificatio

[Curt]

On 2023-08-12, Jeffrey Walton  wrote:
>
> In the US, the banks are laxed. Banks claim they don't want to lose
> customers with inconveniences. I understand things are different from
> Europe.

It's a two-edged sword, though: I had to purchase a new smart phone in
order to continue banking with one French bank, because I could no
longer update their app with my old one; the enforcement of the fairly
recent security regulations for online banking here involve methods that
generally, and conceivably invariably, require you to possess a fairly
recent device.

> In the US, risk is democratized and reward is privatized. Shareholders
> get the losses and executives get the bonuses. No skin off the
> executive's backs if the bank or the customer loses money due to
> fraud.
>
> Jeff
>
>


-- 

[sakkrabi...@gmail.com: Re: Bootloader error grub minimal bash "load the kernel first" after installing my live image via calamares installer]

[Andrew M.A. Cater]

- Forwarded message from Sakkra Billa  -

Date: Sun, 13 Aug 2023 21:35:33 +0530
From: Sakkra Billa 
To: "Andrew M.A. Cater" 
Subject: Re: Bootloader error grub minimal bash "load the kernel first" after
installing my live image via calamares installer

Thanks for the reply,
Actually i am not using debian live-build (as it wont work for 512mb ram)
rather i am using debootstrap

On Sun, Aug 13, 2023 at 8:43 PM Andrew M.A. Cater 
wrote:

> On Sun, Aug 13, 2023 at 06:56:08PM +0530, Sakkra Billa wrote:
> > I followed the tutorial from:
> > https://www.willhaley.com/blog/custom-debian-live-environment/ to make a
> > live custom debian 12 image. In order to install it on my VM I installed
> > calamares, calamares-settings-debian and rsync . The live image works
> > perfectly and the installation also finishes without errors but when i
> > reboot my VM into the installed environment, it boots into grub minimal
> > bash line editing mode. On typing boot it says "load the kernel first". I
> > did not change any of the calamares settings everything is default.
> Please
> > guide me that where did i go wrong.
>
> I don't know the tutorial. I'd suggest asking on IRC channel debian-live on
> OFTC or on the debian-live Debian mailing list.
>
> I think this is sufficiently niche that those two sources of advice may
> prove to be better.
>
> All the very best, as ever,
>
> Andy Cater
>
>

- End forwarded message -

Re: Bootloader error grub minimal bash "load the kernel first" after installing my live image via calamares installer

[Thomas Schmitt]

Hi,

Sakkra Billa wrote:
> I followed the tutorial
> from: https://www.willhaley.com/blog/custom-debian-live-environment/
> [www.willhaley.com] to make a live custom debian 12 image.

(The xorriso run looks ok.)


> In order to
> install it on my VM I installed calamares, calamares-settings-debian and
.rsync . The live image works perfectly

So the aim of the tutorial was achieved.


> and the installation also finishes
> without errors but when i reboot my VM into the installed environment, it
> boots into grub minimal bash line editing mode. On typing boot it says "load
> the kernel first".

I assume you used calamares for the installation.
Obviously it did not give GRUB the right configuration to load the
installed Linux kernel.


> I did not change any of the calamares settings everything
> is default.

You will have to look for instructions about calamares.


Have a nice day :)

Thomas

Kiauh - setting up an ARM based single board computer for 3d printing

[Andrew M.A. Cater]

Gene,

A little bit more information in each post would help a whole lot here.

For others following along at home this saga is unclear: for others, here's
my attempted summary:

The ARM machines


Gene has a network of small ARM SBCs. They're not Raspberry Pi's, they're
one of the somewhat similar range of OrangePis. Over a period of years,
he's had Intel machines, Raspberry Pi machines, Orange Pis either running
heavy machinery like lathes (see threads on linuxcnc) or now 3D printers.

The Armbian OS
==
These run Armbian, not vanilla Debian. Armbian is similar, but the impetus
behind the project is to get unsupported boards supported using a vendor's
BSP (board support package) enough to then add Debian packages

Armbian as a project is extremely useful but extremely limited: they barely
have enough time to compe with the huge numbers of boards now in circulation
and insufficient developers. They don't have enough for user support on a 
regular basis.

Using small ARM SBCs - 3D printing
==
>From what I can see, Gene has several of the OrangePi boards, each running
a 3D printer.

Package selection
=
Gene has some some definite preferences in package selection: synaptic
as a graphical tool for package selection rather than apt-get, apt or aptitude
and he will sometimes blame the tools for somehow messing up the packages he
wants to install.

Risk appetite
=
Unlike some others on the list, he's happy to be an experimentalist and to
run third party tools and all in one packages like Appimages and Flatpaks
if they serve his purpose. He's also prepared to build things from random
sources. In this, he's prepared to be on the very definite bleeding edge
and sometimes suffers for it :)

kiauh https://github.com/th33xitus/kiauh
=

This is from a Github repository. It is a script, [Klipper Installation And
Update Helper] to pull together an SD card image and various applications
to produce an integrated environment for 3D printing.

Requirements: Raspbian Lite or equivalent small environment. It can be
run on Ubuntu Jammy - the site itself notes that it has some installations
run on Armbian but the status of support is unknown.

Essentially, it pulls in a base list of Debian packages then lots of third
party repositories to provide the functionality.

Takeaways
=
>From this: Gene, I think you need to start from something really minimal:
I'd suggest you have a look at which packages are in Rasbian Lite and attempt
to emulate that.

Debian with no graphics environment and standard packages might be enough to
bootstrap it - so no initial need for X or Firefox or Chromium.
That means working on the command line - but that's what tasksel and apt
are designed for.

An approach?


Write stuff down so you can explain it. Buid a list of steps.
The first step is probably to set up a minimal system and get it networked.

You've already had discussions on how to do this: if all else fails, I 
suggest you look at Gunnar Wolf's advice on Debian Raspberry Pi images and
how he set up /etc/network/interfaces from the outset.

Don't just run kiauh without understanding what the scripts are doing, at least
in outline.

Don't attempt to second guess the script maintainer and try and build your
own that's better until you *REALLY* know how it's meant to work using 
the unmodified script. If needs be, dig up a Raspberry Pi to do it once the way
it's been done previously.

*Do* report back to the kiauh script maintainer what you've needed to do
to get it to work on Armbian.

Once you've got one SD card, you can potentially just duplicate it for 
all of the machines and do a minimal edit set thereafter.

It doesn't look as if you need a web browser on each machine: if you set
up nginx on each to talk to a different network port, you can probably 
cycle around them all and control from one machine.

Oh - and use meaningful subject lines. If need be "kiauh - step one - 
networking" so that those of us who are interested might help rather than being 
left in
the dark.

All best, as ever,

Andy Cater

Re: Bootloader error grub minimal bash "load the kernel first" after installing my live image via calamares installer

[Andy Smith]

Hi,

On Sun, Aug 13, 2023 at 06:56:08PM +0530, Sakkra Billa wrote:
>when i reboot my VM into the installed environment, it boots into
>grub minimal On typing boot it says "load the kernel first".

What kind of VM is this? Which provider, if you are unsure.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Bootloader error grub minimal bash "load the kernel first" after installing my live image via calamares installer

[Michael Kjörling]

On 13 Aug 2023 18:56 +0530, from sakkrabi...@gmail.com (Sakkra Billa):
> but when i
> reboot my VM into the installed environment, it boots into grub minimal
> bash line editing mode. On typing boot it says "load the kernel first".

Sounds to me like GRUB can't find grub.cfg, or it is somehow corrupt.

-- 
Michael Kjörling 🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”

Re: Bootloader error grub minimal bash "load the kernel first" after installing my live image via calamares installer

[Andrew M.A. Cater]

On Sun, Aug 13, 2023 at 06:56:08PM +0530, Sakkra Billa wrote:
> I followed the tutorial from:
> https://www.willhaley.com/blog/custom-debian-live-environment/ to make a
> live custom debian 12 image. In order to install it on my VM I installed
> calamares, calamares-settings-debian and rsync . The live image works
> perfectly and the installation also finishes without errors but when i
> reboot my VM into the installed environment, it boots into grub minimal
> bash line editing mode. On typing boot it says "load the kernel first". I
> did not change any of the calamares settings everything is default. Please
> guide me that where did i go wrong.

I don't know the tutorial. I'd suggest asking on IRC channel debian-live on
OFTC or on the debian-live Debian mailing list.

I think this is sufficiently niche that those two sources of advice may
prove to be better.

All the very best, as ever,

Andy Cater

Bootloader error grub minimal bash "load the kernel first" after installing my live image via calamares installer

[Sakkra Billa]

I followed the tutorial from:
https://www.willhaley.com/blog/custom-debian-live-environment/ to make a
live custom debian 12 image. In order to install it on my VM I installed
calamares, calamares-settings-debian and rsync . The live image works
perfectly and the installation also finishes without errors but when i
reboot my VM into the installed environment, it boots into grub minimal
bash line editing mode. On typing boot it says "load the kernel first". I
did not change any of the calamares settings everything is default. Please
guide me that where did i go wrong.

Re: Swap size in debain 12

[Andy Smith]

Hello,

On Sun, Aug 13, 2023 at 01:38:35PM +0100, Darac Marjal wrote:
> If it's useful, you *can* Hibernate to a swap file.
> https://wiki.debian.org/Hibernation/Hibernate_Without_Swap_Partition It
> looks a little flaky, though, because you need to tell the kernel how many
> bytes into a device to find the file (which, if you defrag your filesystems
> often could be a problem, but generally speaking files don't move around on
> disk much).

Swap files are fine and their contents never move around on disk.
Not by normal use, anyway.

However, if you create one for the first time when the filesystem is
quite full then there may not be enough contiguous space for the
swap file so it may start off fragmented into several pieces, which
is not optimal.

This isn't usually a concern because:

- Most people that are going to use a swap file set it up quite
  early on when the file system that it's on is pretty empty.

- Swap is inherently slow anyway (even to SSD) so some fragmentation
  isn't going to change much.

Once the actual swap file is created it is a static chunk of data
that doesn't move around as its IO doesn't go through the filesystem
that it is on.

Swap files are a good solution when you later decide to do
hibernation on a machine that either doesn't have a swap partition
or doesn't have one big enough for the task.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Swap size in debain 12

[Darac Marjal]

On 12/08/2023 15:32, Erwan David wrote:

Le 12/08/2023 à 16:24, David Wright a écrit :

On Sat 12 Aug 2023 at 15:45:52 (+0200), Erwan David wrote:

Installing a new debian 12 I see that the installer setups a 1G swap
on a 24G RAM laptop.

Is the hibernation out of swap now ? (I chose to have a biigger swap,
but I find it strange)

The arguments are rehearsed in:

   https://wiki.debian.org/Swap

Cheers,
David.


Not completely : I think I will open a bug (wishlist) against the 
installer : it is complicated to change swap size when you must reduce 
root partition size to do this. So at least a question "will you use 
suspend/hibernate" at install time would be useful (I did not find in 
the installer how to change the sizes so I had to delete bot then 
recreate them, and it would have been complicated on a machine already 
installed)
If it's useful, you *can* Hibernate to a swap file. 
https://wiki.debian.org/Hibernation/Hibernate_Without_Swap_Partition It 
looks a little flaky, though, because you need to tell the kernel how 
many bytes into a device to find the file (which, if you defrag your 
filesystems often could be a problem, but generally speaking files don't 
move around on disk much).


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Was: setting up network q, now no x

[gene heskett]

On 8/12/23 19:07, Greg Wooledge wrote:

On Sat, Aug 12, 2023 at 06:37:30PM -0400, gene heskett wrote:

I need X running so I can use firefox to go get and build the rest of the
software I am building this thing to run.


Then why on earth are you installing a full Desktop Environment?

If you need to use Firefox to obtain files and then compile them, then
what you need are xorg, firefox-esr, build-essential, and some kind of
simple window manager.  twm would suffice, or fvwm, or whatever you're
comfortable with.  Hell, in theory you could skip the window manager and
just run "startx firefox" or something.  You'd be limited to a single
browser window, but that's not a crippling limitation.


Today I'll copy off the net changes, rewrite its sd card with the iso 
and restore the net changes b4 putting the sd card back in the bpi. From 
there I'll install ff, nginx, build-essential, + dhelper maybe and see 
if that pulls in what it needs thru those deps.  Unless you know an even 
better way. build-essential will likely be needed for kiauh.



Or, as an alternative, you could obtain the files from another machine,
and copy them over.  Then you only need build-essential, and NONE of the
rest.

This kit of utils to run a printer is far superior to octoprint, 
installed and maintained by kiauh, needs a full time X and FF to control 
the printer. It a 2-way web server using nginx to run the printer and 
display it. From that install, I can watch the printer and control it, 
from anyplace on my local net. The default browser armbian uses is 
chromium, but chromium has hijacked port 80 for google adv bs so 
chromium doesn't work but FF.esr does. https to 8080 works, http to 80 
doesn't. Googles hunger for your data knows no limits. We need another 
Judge Green.



(For a given value of "build", of course.  You may need other development
tools beyond build-essential, but we can't advise you on that without more
information.)



Maybe this helps...


I would absolutely NOT install GNOME unless you need it for something
more than just launching a web browser.

.

Pulling in nearly 800 pkgs triple underscores that point.
synaptic must also run.

Thanks Greg.

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: random number generator missing after upgrade

[Jeffrey Walton]

On Sun, Aug 13, 2023 at 5:13 AM Björn Persson  wrote:
>
> Hello, I upgraded from Debian 11 to Debian 12, and my random number
> generator disappeared.
>
> When I boot vmlinuz-5.10.0-23-amd64, there are two hardware random
> number generators available:
>
> # cat /sys/class/misc/hw_random/rng_available
> ccp-1-rng tpm-rng-0
>
> ccp-1-rng is nonfunctional because AMD's "Cryptographic Coprocessor" is
> too secretive to work with Coreboot, so I've been using tpm-rng-0.
>
> When I boot vmlinuz-6.1.0-11-amd64, there is no tpm-rng-0. Only the
> nonfunctional ccp-1-rng is available:
>
> # cat /sys/class/misc/hw_random/rng_available
> ccp-1-rng
>
> The hardware is an APU2 from PC Engines with this TPM board:
> https://www.pcengines.ch/tpm1a.htm
> The actual TPM seems to be SLB 9665TT2.0 from Infineon, (although the
> writing on the actual chip differs from Infineon's rendering):
> https://www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-tpm/slb-9665tt2.0/
>
> The TPM seems to still exist as /dev/tpm0, but its random number
> generator is somehow unavailable.
>
> Rebooting to Linux 5.10 makes tpm-rng-0 reappear and provide seemingly
> random numbers like it always did. That rules out a hardware problem.
> It's some difference between the two kernels, but so far I haven't found
> anything obvious in the Linux source code.
>
> Is there anything that can be done, or is support for this random number
> generator just gone from Linux 6.1?

Maybe related to https://www.phoronix.com/news/Linux-Disables-RNG-AMD-fTPMs

Jeff

random number generator missing after upgrade

[Björn Persson]

Hello, I upgraded from Debian 11 to Debian 12, and my random number
generator disappeared.

When I boot vmlinuz-5.10.0-23-amd64, there are two hardware random
number generators available:

# cat /sys/class/misc/hw_random/rng_available
ccp-1-rng tpm-rng-0

ccp-1-rng is nonfunctional because AMD's "Cryptographic Coprocessor" is
too secretive to work with Coreboot, so I've been using tpm-rng-0.

When I boot vmlinuz-6.1.0-11-amd64, there is no tpm-rng-0. Only the
nonfunctional ccp-1-rng is available:

# cat /sys/class/misc/hw_random/rng_available
ccp-1-rng

The hardware is an APU2 from PC Engines with this TPM board:
https://www.pcengines.ch/tpm1a.htm
The actual TPM seems to be SLB 9665TT2.0 from Infineon, (although the
writing on the actual chip differs from Infineon's rendering):
https://www.infineon.com/cms/en/product/security-smart-card-solutions/optiga-embedded-security-solutions/optiga-tpm/slb-9665tt2.0/

The TPM seems to still exist as /dev/tpm0, but its random number
generator is somehow unavailable.

Rebooting to Linux 5.10 makes tpm-rng-0 reappear and provide seemingly
random numbers like it always did. That rules out a hardware problem.
It's some difference between the two kernels, but so far I haven't found
anything obvious in the Linux source code.

Is there anything that can be done, or is support for this random number
generator just gone from Linux 6.1?

Björn Persson


pgpgOVEgYOwhW.pgp
Description: OpenPGP digital signatur