memtest86+ on UEFI (was: Hardware Advice Wanted: Router)

[Stefan Monnier]

> Interesting.  I have memtest86+ 6.10-4, for amd64, on the machine.

Then AFAIK it is not a known problem (IOW, it should work).

> Maybe I'll try a USB stick version.

IIRC the memtest86+ Debian package comes with .iso files which you can
(manually) put into /boot/images/ and which boot in a slightly different
way than the image files installed there by default, so you could try
that as ell.
Also upstream has a slightly more recent release.


Stefan

Re: Hardware Advice Wanted: Router

[Charles Curley]

On Sat, 02 Dec 2023 11:58:11 -0500
Stefan Monnier  wrote:

> > Note: Memtest86 does not appear to work. I believe that is a known
> > problem with UEFI machines.  
> 
> AFAIK the current memtest86+ (not to be confused with memtest86, which
> is proprietary) claims to work fine on UEFI.
> IIUC the one in oldstable doesn't OTOH.
> 
> 
> Stefan
> 

Interesting. I have memtest86+ 6.10-4, for amd64, on the machine. Maybe
I'll try a USB stick version.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Getting UEFI to boot Debian (was: Hardware Advice Wanted: Router)

[Stefan Monnier]

> For the curious, I occasionally need to run Microchip MPLAB, the old
> pre-Java version which doesn't do Linux. It only just about does
> Windows... I used to think Serif software was buggy until I tried
> Microchip stuff.

Setting it up might take some work (especially if you need it to have
direct access to some of your hardware) but running it inside a VM
might save you a fair bit of trouble in the long run.


Stefan

Re: Hardware Advice Wanted: Router

[Stefan Monnier]

> Note: Memtest86 does not appear to work. I believe that is a known
> problem with UEFI machines.

AFAIK the current memtest86+ (not to be confused with memtest86, which
is proprietary) claims to work fine on UEFI.
IIUC the one in oldstable doesn't OTOH.


Stefan

Re: Set UEFI boot target with Windows (was: Hardware Advice Wanted: Router)

[Joe]

On Thu, 30 Nov 2023 13:27:59 +0100
Arno Lehmann  wrote:


> 
> ... have you ever tried
> 
> bcdedit /bootsequence 
> 
> In general, the built-in help of bcdedit is not bad, needs a bit of 
> patience, though.
> 
> And of course we lack the flexibility of tools such as awk or sed on 
> Windows, to automate setting things and still remain flexible :-)
> 
> On a particular system, with rather static setup, hard-coding a
> single bcdedit call and automatically execute that should be
> feasible, though.
> 
> Give it a try if you haven't done yet!
> 

I have used it in the past, when Windows moved away from boot.ini. That
was probably XP, so about twenty years ago.

I believe using it to write currently requires booting to Safe Mode,
and if I've got to reboot, it might as well be to the Debian install
disc/USB. Having got to chroot, I just use the up-arrow and it remembers
the efibootmgr command I used last time.

I haven't looked for a while, if it's possible to set NextBoot from
normal Windows it would be worth doing.

-- 
Joe

Set UEFI boot target with Windows (was: Hardware Advice Wanted: Router)

[Arno Lehmann]

Bit of a digression here, probably better not to pursue *this* on the 
mailing list, but...


Am 30.11.2023 um 12:52 schrieb Joe:

On Wed, 29 Nov 2023 18:34:30 -0500
Jeffrey Walton  wrote:

  


As I understand things, a well functioning UEFI system does not need
to use GRUB. The entries for Linux and Windows will be in the UEFI
boot menu, and you can boot directly using EFI variables.



It's the 'well functioning' that is sometimes a problem. I have a
netbook which, left to its own devices, will always boot to Windows,
and cannot be made to boot to anything else from the UEFI part of
whatever we're supposed to call the BIOS these days. It does not honour
DefaultBoot, always resetting it to Windows, but for some reason does
honour NextBoot. So once Linux is running, a script sets NextBoot to
grub. Unfortunately, there's no simple way to set NextBoot from
Windows,


... have you ever tried

bcdedit /bootsequence 

In general, the built-in help of bcdedit is not bad, needs a bit of 
patience, though.


And of course we lack the flexibility of tools such as awk or sed on 
Windows, to automate setting things and still remain flexible :-)


On a particular system, with rather static setup, hard-coding a single 
bcdedit call and automatically execute that should be feasible, though.


Give it a try if you haven't done yet!


There seems to be a lot of problems with the EFI commands operating
BIOSes properly, so I wonder if good old MS requires compliant
manufacturers to get it wrong deliberately.


Well...

... probably yes. But that's MS and their hardware partners for you. 
It's getting better the more MS loses interest in actually selling Windows.



Cheers,

Arno

--
Arno Lehmann

IT-Service Lehmann
Sandstr. 6, 49080 Osnabrück

Re: Hardware Advice Wanted: Router

[Joe]

On Wed, 29 Nov 2023 18:34:30 -0500
Jeffrey Walton  wrote:

 
> 
> As I understand things, a well functioning UEFI system does not need
> to use GRUB. The entries for Linux and Windows will be in the UEFI
> boot menu, and you can boot directly using EFI variables.
> 

It's the 'well functioning' that is sometimes a problem. I have a
netbook which, left to its own devices, will always boot to Windows,
and cannot be made to boot to anything else from the UEFI part of
whatever we're supposed to call the BIOS these days. It does not honour
DefaultBoot, always resetting it to Windows, but for some reason does
honour NextBoot. So once Linux is running, a script sets NextBoot to
grub. Unfortunately, there's no simple way to set NextBoot from
Windows, so after the odd occasion when I run that, I need a rescue USB
to get back to grub.

There seems to be a lot of problems with the EFI commands operating
BIOSes properly, so I wonder if good old MS requires compliant
manufacturers to get it wrong deliberately.

For the curious, I occasionally need to run Microchip MPLAB, the old
pre-Java version which doesn't do Linux. It only just about does
Windows... I used to think Serif software was buggy until I tried
Microchip stuff.

-- 
Joe

Re: Hardware Advice Wanted: Router

[Jeffrey Walton]

On Wed, Nov 29, 2023 at 6:17 PM Charles Curley
 wrote:
>
> On Mon, 13 Nov 2023 15:57:28 -0700
> Charles Curley  wrote:
>
> > My FIT-PCs that provide network services are getting old, and i386
> > Linux is slowly fading away. So I would like to replace them with a
> > router/gateway computer.
>
> Thank you all for much useful advice. I ended up with an ACEMAGIC T8
> Plus. https://www.acemagic.com/collections/minipcs/products/t8plus
>
> Debian 12 installed nicely, with one glitch. I had shrunk the Windows
> partition in order to install Debian, but left it otherwise intact.
> However the thing insisted on booting to Windows.
>
> To fix it, do the following:
>
> To make the grub bootloader active after installing Linux and GRUB, in
> the firmware:
>
> During boot, hit escape or delete to get into the firmware.
>
> Security -> Secure Boot -> Enabled
>
> Boot -> UEFI BBS Priorities -> Debian boot option
>
> Save & Exit -> Save Changes and Exit
>
> I now get GRUB, which will boot either Debian or Windows.
>
> Note: Memtest86 does not appear to work. I believe that is a known
> problem with UEFI machines.
>
> I am now busy moving network service over to the new machine.

As I understand things, a well functioning UEFI system does not need
to use GRUB. The entries for Linux and Windows will be in the UEFI
boot menu, and you can boot directly using EFI variables.

Jeff

Re: Hardware Advice Wanted: Router

[Charles Curley]

On Mon, 13 Nov 2023 15:57:28 -0700
Charles Curley  wrote:

> My FIT-PCs that provide network services are getting old, and i386
> Linux is slowly fading away. So I would like to replace them with a
> router/gateway computer.

Thank you all for much useful advice. I ended up with an ACEMAGIC T8
Plus. https://www.acemagic.com/collections/minipcs/products/t8plus

Debian 12 installed nicely, with one glitch. I had shrunk the Windows
partition in order to install Debian, but left it otherwise intact.
However the thing insisted on booting to Windows.

To fix it, do the following:

To make the grub bootloader active after installing Linux and GRUB, in
the firmware:

During boot, hit escape or delete to get into the firmware.

Security -> Secure Boot -> Enabled

Boot -> UEFI BBS Priorities -> Debian boot option

Save & Exit -> Save Changes and Exit

I now get GRUB, which will boot either Debian or Windows.

Note: Memtest86 does not appear to work. I believe that is a known
problem with UEFI machines.

I am now busy moving network service over to the new machine.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Hardware Advice Wanted: Router

[Tixy]

On Thu, 2023-11-16 at 15:56 +0800, jeremy ardley wrote:
> The FriendlyPC version run a vendor version of Debian with some packages 
> especially compiled for the device such as ffmpeg and graphics drivers
> 
> Armbian is usually a bit slower in releases and produces a more 
> canonical Debian version with differences in the SBC specific device 
> drivers using dynamic overlays. Most packages are pure debian


Thanks for replying. I'm just want something to act as a router, NAS
using NFS, and SMTP/IMAP sever for my email. I.e. Ethernet, USB and
SATA. What I have at the moment works finem its just that when Debian
drops support for the armel architecture I'm going to have to fork out
for new hardware, so am keeping my eye out for cheap options.

Another alternative is to just build armel myself. That might work for
the first release after the architecture is dropped, assuming it isn't
dropped for some major region, like broken compilers etc.

-- 
Tixy

Re: Hardware Advice Wanted: Router

[Tixy]

On Thu, 2023-11-16 at 10:49 -0500, Stefan Monnier wrote:
> > 
> 
> > I'm currently running a Globalscale SheevaPlug and a DreamPlugs but
> > Debian support for the old ARM architecture is likely to end soon.
> > (Dropping it seems to come up each release, but so far they're
> > still
> > releasing for it.)
> 
> If these can run the `armhf` port you should be fine for a few
> more years.  For `armel` the writing is on the wall, tho.

They're armel. ARMv5 Thumb mode only.

-- 
Tixy

Re: Hardware Advice Wanted: Router

[basti]

On 16.11.23 16:49, Stefan Monnier wrote:

My current favourites are RK3588 based CPU SBC devices which have an
exceptionally fast set of CPUs, high speed networking, and options for
Debian or Ubuntu or OpenWRT or Armbian.


Are these the usual SBC setup where you have to run the vendor kernel,
plus possibly other custom bits, or would pure Debian including kernel
run on them?


A good source of info to find out is to check the device tree files in
the official kernel source code:

 https://github.com/torvalds/linux/tree/master/arch/arm64/boot/dts/rockchip

you'll see lots of rk3588 boards are supported and if you look inside
that board's `.dts` file you can see which parts of its hardware are
actually supported by the vanilla kernel (tho this is not written in
natural language, so if you're not familiar with the technical details
of devicetree files it can be somewhat challenging to interpret, YMMV).


I'm currently running a Globalscale SheevaPlug and a DreamPlugs but
Debian support for the old ARM architecture is likely to end soon.
(Dropping it seems to come up each release, but so far they're still
releasing for it.)


If these can run the `armhf` port you should be fine for a few
more years.  For `armel` the writing is on the wall, tho.


 Stefan



I wouldn't recommend an ARM CPU. amd64 architecture is also quite energy 
efficient and you may avoid a lot of trouble.


My thinclient needs around 10W (with 1x 2.5" SSD and 1x 2.5" HDD)

Re: Hardware Advice Wanted: Router

[Stefan Monnier]

>> My current favourites are RK3588 based CPU SBC devices which have an
>> exceptionally fast set of CPUs, high speed networking, and options for
>> Debian or Ubuntu or OpenWRT or Armbian.
>
> Are these the usual SBC setup where you have to run the vendor kernel,
> plus possibly other custom bits, or would pure Debian including kernel
> run on them?

A good source of info to find out is to check the device tree files in
the official kernel source code:

https://github.com/torvalds/linux/tree/master/arch/arm64/boot/dts/rockchip

you'll see lots of rk3588 boards are supported and if you look inside
that board's `.dts` file you can see which parts of its hardware are
actually supported by the vanilla kernel (tho this is not written in
natural language, so if you're not familiar with the technical details
of devicetree files it can be somewhat challenging to interpret, YMMV).

> I'm currently running a Globalscale SheevaPlug and a DreamPlugs but
> Debian support for the old ARM architecture is likely to end soon.
> (Dropping it seems to come up each release, but so far they're still
> releasing for it.)

If these can run the `armhf` port you should be fine for a few
more years.  For `armel` the writing is on the wall, tho.


Stefan

Re: Hardware Advice Wanted: Router

[jeremy ardley]

On 16/11/23 15:40, Tixy wrote:

On Thu, 2023-11-16 at 09:04 +0800, jeremy ardley wrote:

My current favourites are RK3588 based CPU SBC devices which have an
exceptionally fast set of CPUs, high speed networking, and options for
Debian or Ubuntu or OpenWRT or Armbian.

Are these the usual SBC setup where you have to run the vendor kernel,
plus possibly other custom bits, or would pure Debian including kernel
run on them?



The FriendlyPC version run a vendor version of Debian with some packages 
especially compiled for the device such as ffmpeg and graphics drivers


Armbian is usually a bit slower in releases and produces a more 
canonical Debian version with differences in the SBC specific device 
drivers using dynamic overlays. Most packages are pure debian


The Armbian kernel is a variation on Debian but you can cross compile it 
on an X86 debian system if you need specific kernal mods - though 
generally the Armbian kernel doesn't need any changes.


This is from my Armbian Router using my fastest mirror which is in Singapore

root@edge:/etc/apt# cat sources.list
#deb cdrom:[Debian GNU/Linux 12.0.0 _Bookworm_ - Official amd64 DVD 
Binary-1 with firmware 20230610-10:23]/ bookworm main non-free-firm>


deb http://mirror.djvg.sg/debian/ bookworm main non-free-firmware
deb-src http://mirror.djvg.sg/debian/ bookworm main non-free-firmware

deb http://security.debian.org/debian-security bookworm-security main 
non-free-firmware
deb-src http://security.debian.org/debian-security bookworm-security 
main non-free-firmware


# bookworm-updates, to get updates before a point release is made;
# see 
https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports

deb http://mirror.djvg.sg/debian/ bookworm-updates main non-free-firmware
deb-src http://mirror.djvg.sg/debian/ bookworm-updates main 
non-free-firmware


deb http://deb.debian.org/debian/ bookworm main contrib non-free
deb-src http://deb.debian.org/debian/ bookworm main contrib non-free


root@edge:/etc/apt/sources.list.d# cat armbian.list
deb [signed-by=/usr/share/keyrings/armbian.gpg] http://apt.armbian.com 
bookworm main bookworm-utils bookworm-desktop

Re: Hardware Advice Wanted: Router

[Tixy]

On Thu, 2023-11-16 at 09:04 +0800, jeremy ardley wrote:
> My current favourites are RK3588 based CPU SBC devices which have an 
> exceptionally fast set of CPUs, high speed networking, and options for 
> Debian or Ubuntu or OpenWRT or Armbian. 

Are these the usual SBC setup where you have to run the vendor kernel,
plus possibly other custom bits, or would pure Debian including kernel
run on them?

I'm currently running a Globalscale SheevaPlug and a DreamPlugs but
Debian support for the old ARM architecture is likely to end soon.
(Dropping it seems to come up each release, but so far they're still
releasing for it.)

-- 
Tixy

Re: Hardware Advice Wanted: Router

[jeremy ardley]

On 16/11/23 10:15, Charles Curley wrote:

On Thu, 16 Nov 2023 09:04:55 +0800
jeremy ardley  wrote:


My current favourites are RK3588 based CPU SBC devices which have an
exceptionally fast set of CPUs, high speed networking, and options
for Debian or Ubuntu or OpenWRT or Armbian. They can provide a
network storage service as well as a highly capable firewall
Ipv4/IPv6 function,with  DNS, DHCP, mail gateway, VPN gateway etc.

These things cost under $100USD including a nice heatsink case and
8-16GB RAM.

Nice. Can you point me at any specific vendors? I found the four
US vendors mentioned in https://pcengines.ch/order.htm. You've already
mentioned Friendly Elec.
https://www.friendlyelec.com/index.php?route=product/category=69



The FriendlyElec boards are the most suitable as they have two or more 
LAN interfaces.


Alternatives are possible if you use a USB3 to LAN adaptor, so OrangePi 
and Rock Pi are options. The Orange Pi 5 is getting a lot of interest, 
but spec wise the FriendlyElec NanoPi devices equal or out perform it 
plus have multiple LAN


If I was after just a router I'd look at the NanoPi R6C 
https://www.friendlyelec.com/index.php?route=product/product=69_id=291


or for a DMZ implementation with 3 LAN, NanoPi R6S 
https://www.friendlyelec.com/index.php?route=product/product=69_id=289 
- which breaks the $100 barrier


You can even go down a notch and look at the R5 and R4 series, but the 
price difference is not that great


If you want a full fledged PC with inbuilt PCIe NVME Drive and two LANS  
and plugabble wifi the NanoPC-T6 fits the bill. 
https://www.friendlyelec.com/index.php?route=product/product=69_id=292


(I have a T6 for development work, a M4V2 for a lan server, and an R4 
for router)

Re: Hardware Advice Wanted: Router

[Charles Curley]

On Thu, 16 Nov 2023 09:04:55 +0800
jeremy ardley  wrote:

> My current favourites are RK3588 based CPU SBC devices which have an 
> exceptionally fast set of CPUs, high speed networking, and options
> for Debian or Ubuntu or OpenWRT or Armbian. They can provide a
> network storage service as well as a highly capable firewall
> Ipv4/IPv6 function,with  DNS, DHCP, mail gateway, VPN gateway etc.
> 
> These things cost under $100USD including a nice heatsink case and 
> 8-16GB RAM.

Nice. Can you point me at any specific vendors? I found the four
US vendors mentioned in https://pcengines.ch/order.htm. You've already
mentioned Friendly Elec.
https://www.friendlyelec.com/index.php?route=product/category=69

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Hardware Advice Wanted: Router

[jeremy ardley]

On 14/11/23 08:42, Dan Ritter wrote:
I bought one of these: 
https://www.amazon.com/Firewall-Appliance-HUNSN-Barebone-Storage/dp/B0B53MKZBX/ 
(4 x 2.5Gb NICs, N5105 CPU) -- I paid about $250 including 16GB RAM 
and a 500GB SSD. Works very nicely. For about $70 less you can get 
them with 2x 2.5Gb instead of 4; for a little more money you can get 
up to 5x 2.5Gb NICs. You can add wifi via a miniPCIe slot; I didn't 
bother. There are



The reality is that for a basic router function you don't need very much 
hardware and certainly don't need fans. All the commercial Chinese 
routers demonstrate that.


I've seen various comments on this thread advocating for NUC devices 
with and without fans. In my view they are way overkill.


I have progressed over a couple of decades with different fanless router 
technology starting with PCengines (current product is the APU2 
https://pcengines.ch/apu2.htm )


Since then I have used a variety of Chinese ARM based SBC computers with 
RAM as low as 512K. I changed them as networking speed increased and the 
current generations are now capable of running multiple 2.5G LAN 
interfaces and usually have USB3 interfaces and often HDMI


Some of them also provide inbuilt PCIe M.2 drive slots that run at very 
impressive transfer speeds.


My current favourites are RK3588 based CPU SBC devices which have an 
exceptionally fast set of CPUs, high speed networking, and options for 
Debian or Ubuntu or OpenWRT or Armbian. They can provide a network 
storage service as well as a highly capable firewall Ipv4/IPv6 
function,with  DNS, DHCP, mail gateway, VPN gateway etc.


These things cost under $100USD including a nice heatsink case and 
8-16GB RAM.


Incidentally I live in Australia and don't have airconditioning and it 
gets up to 35C inside some days. The units I use have never gone into 
thermal shutdown.

Re: Hardware Advice Wanted: Router

[gene heskett]

On 11/15/23 18:37, Alexander V. Makartsev wrote:

On 16.11.2023 03:46, Charles Curley wrote:

On Thu, 16 Nov 2023 01:58:05 +0500
"Alexander V. Makartsev"  wrote:


16 years is a good amount of value. :)
Is it Pentium 4 on ITX motherboard?

Nope. FIT-PC, first iteration. Processor is an AMD Geode SBC.
https://linux-hardware.org/?probe=c256a73072


https://www.compulab.com/products/computer-on-modules/cm-iglx/#specs
x86 CPU 500Mhz, DDR1, IDE ATA-100, 100Mbit NIC and only 3-5W.
Cool stuff.
I've never seen them in the wild.


And dis-interesting also is that the Pricing etc list has zero prices.

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis

Re: Hardware Advice Wanted: Router

[Alexander V. Makartsev]

On 16.11.2023 03:46, Charles Curley wrote:

On Thu, 16 Nov 2023 01:58:05 +0500
"Alexander V. Makartsev"  wrote:


16 years is a good amount of value. :)
Is it Pentium 4 on ITX motherboard?

Nope. FIT-PC, first iteration. Processor is an AMD Geode SBC.
https://linux-hardware.org/?probe=c256a73072


https://www.compulab.com/products/computer-on-modules/cm-iglx/#specs
x86 CPU 500Mhz, DDR1, IDE ATA-100, 100Mbit NIC and only 3-5W.
Cool stuff.
I've never seen them in the wild.

--
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: Hardware Advice Wanted: Router

[Charles Curley]

On Thu, 16 Nov 2023 01:58:05 +0500
"Alexander V. Makartsev"  wrote:

> 16 years is a good amount of value. :)
> Is it Pentium 4 on ITX motherboard?

Nope. FIT-PC, first iteration. Processor is an AMD Geode SBC.
https://linux-hardware.org/?probe=c256a73072

I did buy a spare hard drive for each, and I think all four of those are
in use. At the time 80 Gig hard drives were cheaper than the 60 Gig ones
that came with the computers, so I got a mild upgrade.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Hardware Advice Wanted: Router

[Alexander V. Makartsev]

On 15.11.2023 18:47, Charles Curley wrote:

On Wed, 15 Nov 2023 12:31:52 +0500
"Alexander V. Makartsev"  wrote:


On 15.11.2023 07:56, Stefan Monnier wrote:
  [...]
  [...]
I wrote that email as a word of caution, because Roberto had
mentioned he is looking for the device with the same conditions as
OP, which is "no fans".
And this model will be very noisy at all times.

How do you figure that it will be noisy at all times? I saw noting in
the specifications or reviews that indicated that.

Are you talking about Neosmay based on i7-1260P CPU?
Like I said previously there are no reviews that would show temperatures 
under load and no disassembly videos that will show the thermal solution.
IMO the reason for that is simple, to keep it quiet about inconvenient 
technicalities and to sell sub-optimal product.
Specifications for this CPU shows a requirement of a good thermal 
solution, which should be adequately large\noisy for this form factor.



  [...]
And this is why there is no reason to have high power CPU inside.
I expect the CPU temperature to be at 98 degrees Celsius at all times
and constant throttling under minimal load.

Yikes! None of my machines gets anywhere near that. The fan cooled CPUs
on my desktop are in the 26-32° range right now (early morning, no
load). The machine I am typing this on, a laptop, is reporting core
temps of 44° and 50° right now. All consider high to be ~~86°, with
critical near 98°. (Data courtesy of the sensors program.)
None of my personal machines either. It all depends on specifications 
for each individual piece of hardware.
My desktop has Skylake CPU rated at 65W Base TDP and cooled by 
tower-style heatsink with 4 heatpipes rated at 130W TDP.
Idle, small load temps are 28-32°C, busy workloads: 4 cores compiling, 
7-zip compression, video rendering, maxes out at 70°C in Summer.
There is also a netbook, I use it on rare occasion, it has 6.5W Atom CPU 
and Nvidia ION discrete VGA.
It has heatsinks for both Intel SoC and Nvidia chipset with heatpipes 
and a cooling fan, and it is incapable of overheating even under high 
load, because of low power CPU.
This netbook is painfully slow, it has quite noisy small fan, but 
temperatures are maxed out at 50°C.
The thing is desktops and laptops could have much better thermal 
solution simply because there is space inside for it.


Now let's look at thermal solutions of Intel NUCs [1] [2] for an example.
They look similar to what you could see inside a laptop, except in both 
cases there is only a small heatsink and two heatpipes.

VRM zone is cooled by air which is not great.
First photo depicts thermal solution for i5-10210U processor [3] which 
is rated at 15W TDP, or 10-25W base frequency.
Second photo depicts thermal solution for i7-1165G7 processor [4] which 
is rated at 12-28W base frequency.
Both thermal solutions show sub-par performance under load, because 
there are multiple complains about overheating NUCs on the Internet.
Most of the solutions for the complaints either a cleanup from dust or 
set a power limit via BIOS, or both.
There is a fan-less case [5] for NUCs is available, which looks 
reasonable, basically a brick of aluminum, but even then they are rated 
25W TDP maximum and

it is required from user to set BIOS settings to power limit CPU to 25W.

And that's about widely distributed and supported NUCs from Intel.
Now lets take a look at Newsmay Neosmay products. Odd naming.
We can't find any photos of disassembled products on Newsmay official 
website [6].
There is one good review of S2-B560TPM mini PC [7] with photos of it 
disassembled.

And there it is, same two heatpipes and a heatsink with a fan.
As shown in the review, even with slightly larger case size, they 
couldn't manage to design adequate cooling solution for i5-11400T 
desktop CPU [8] which is rated 35W TDP,

although there are additional heatsinks covering VRM zone, which is a plus.
It looks like a good thermal solution for a 10-15W TDP CPU and that is it.

So once again, what is the point to have high power CPU inside (and pay 
more for it also),
if because of inadequate thermal solutions you have to power limit it to 
base frequency, or suffer from constant throttling under load, noise and

other consequences of overheating, such as reduced lifetime of the device?


What good will it be if with high probability the device will burn
out in 3 months?

Indeed. I've gotten 16 years out of my FIT-PCs so far and would like to
get a respectable portion of that out of their replacement.

16 years is a good amount of value. :)
Is it Pentium 4 on ITX motherboard?
Nowadays they don't make them like before, and it is so hard to buy 
something decent.
Everything is power hungry, working at insane frequency speeds; tiny ICs 
are more fragile and susceptible to overheating;
BGA SoCs with hundreds of leads on thin PCBs prone to deformation; 
lead-free solder and all that other planned obsolescence dance..



[1] 

Re: Hardware Advice Wanted: Router

[Charles Curley]

On Wed, 15 Nov 2023 12:31:52 +0500
"Alexander V. Makartsev"  wrote:

> On 15.11.2023 07:56, Stefan Monnier wrote:
>  [...]  
>  [...]  
> I wrote that email as a word of caution, because Roberto had
> mentioned he is looking for the device with the same conditions as
> OP, which is "no fans".
> And this model will be very noisy at all times.

How do you figure that it will be noisy at all times? I saw noting in
the specifications or reviews that indicated that.

> 
>  [...]  
> And this is why there is no reason to have high power CPU inside.
> I expect the CPU temperature to be at 98 degrees Celsius at all times 
> and constant throttling under minimal load.

Yikes! None of my machines gets anywhere near that. The fan cooled CPUs
on my desktop are in the 26-32° range right now (early morning, no
load). The machine I am typing this on, a laptop, is reporting core
temps of 44° and 50° right now. All consider high to be ~~86°, with
critical near 98°. (Data courtesy of the sensors program.)


> What good will it be if with high probability the device will burn
> out in 3 months?

Indeed. I've gotten 16 years out of my FIT-PCs so far and would like to
get a respectable portion of that out of their replacement.


-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Hardware Advice Wanted: Router

[Alexander V. Makartsev]

On 15.11.2023 07:56, Stefan Monnier wrote:

This looks too good to be true and raises many red flags.
According to Intel specs [1] for this processor it's 28W of heat to
  dissipate and that is Base Power only, Turbo Boost is whooping 64W(!).
IMO it is impossible to do with fan-less design at this small size, so there
will be at least small fan running at full speed at all time and there has
to be quite beefy heatsink also.

The marketing material does say fairly clearly that there's a fan inside
(it even boasts of it being "efficient" and "low noise", mentioning
"45db").
I wrote that email as a word of caution, because Roberto had mentioned 
he is looking for the device with the same conditions as OP, which is 
"no fans".

And this model will be very noisy at all times.


Also my understanding is that this CPU is like the one in many NUCs which
means that its 4.7GHz turbo mode can be used only for *very* short
bursts, so it may be unnecessary to size the heatsink for the full
64W as long as it can withstand it for a long enough "short burst".

And this is why there is no reason to have high power CPU inside.
I expect the CPU temperature to be at 98 degrees Celsius at all times 
and constant throttling under minimal load.
There is also VRM zone often neglected, most likely it will be air 
cooled (without heatsink) with temperatures close to 100C at all times and

there is a limit of how much heat a PCB could dissipate until carbonation.
Even NVMe SSD and RAM generate substantial amounts of heat and I doubt 
this device has the same design as NUC that has extra heatsink under the 
top cover.
What good will it be if with high probability the device will burn out 
in 3 months?



Note they also offer a fanless system with somewhat similar specs for
$100 more.  That sounds a lot more atttractive to my ears.
Intel NUC with the same CPU [1] and fan cooling, draws 40-90W from PSU 
and struggle with throttling, overheating and noise.
And NUCs are usually expected to have much better thermal solution 
design than its clones.


If I needed a fan-less PC of this form factor I'd look for 10-15W low 
power CPUs and
refused to buy anything if there is no video review of it, with complete 
disassembly and temperatures under load,

or at least a complete service manual with accurate pictures of components.


[1] https://www.youtube.com/watch?v=fZbYSUwvea0
--
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: Hardware Advice Wanted: Router

[Stefan Monnier]

> This looks too good to be true and raises many red flags.
> According to Intel specs [1] for this processor it's 28W of heat to
>  dissipate and that is Base Power only, Turbo Boost is whooping 64W(!).
> IMO it is impossible to do with fan-less design at this small size, so there
> will be at least small fan running at full speed at all time and there has
> to be quite beefy heatsink also.

The marketing material does say fairly clearly that there's a fan inside
(it even boasts of it being "efficient" and "low noise", mentioning
"45db").

Also my understanding is that this CPU is like the one in many NUCs which
means that its 4.7GHz turbo mode can be used only for *very* short
bursts, so it may be unnecessary to size the heatsink for the full
64W as long as it can withstand it for a long enough "short burst".

Note they also offer a fanless system with somewhat similar specs for
$100 more.  That sounds a lot more atttractive to my ears.


Stefan

Re: Hardware Advice Wanted: Router

[debian-user]

Roberto C. Sánchez  wrote:
> On Mon, Nov 13, 2023 at 03:57:28PM -0700, Charles Curley wrote:
> > My FIT-PCs that provide network services are getting old, and i386
> > Linux is slowly fading away. So I would like to replace them with a
> > router/gateway computer.
> > 
> > It should run Debian.
> > 
> > It should either have two gigabit (or better) Ethernet interfaces or
> > have suitable expansion capability.
> > 
> > It should be quiet: no fans, and low power requirements. A small
> > physical footprint would be nice.
> > 
> > Most of the time it will run headless, but occasionally I will need
> > to stick a monitor and keyboard on it. VGA will do fine.
> > 
> > It will be a router. It will have at least DNS, DHCP, apt-cacher-ng
> > and firewalld on it. Modest disk and RAM will be fine.
> > 
> > WiFi is handled elsewhere for now, but I won't turn it down.
> > 
> > SSD for storage would be nice, although the FIT-PCs do fine with IDE
> > spinning rust.
> >   
> I am in the process of solving almost the exact same problem. At the
> moment, this is my leading candidate:
> https://www.newegg.com/neosmay-kc12-alder-lake/p/2SW-006Y-00074
> 
> In my case, I also use my router as a backup server, so I wanted dual
> storage. If you can get by without that, then this much cheaper
> machine might work for you:
> https://www.newegg.com/p/2SW-006Y-00079
> 
> I haven't purchased either one yet, but I plan to purchase the first
> in the coming weeks.

The price of the first one goes up in 5 days, so don't leave it weeks!
 
> Regards,
> 
> -Roberto
> 

Re: Hardware Advice Wanted: Router

[basti]

On 14.11.23 10:45, Anssi Saari wrote:

Charles Curley  writes:


My FIT-PCs that provide network services are getting old, and i386
Linux is slowly fading away. So I would like to replace them with a
router/gateway computer.


I built a router with an APUD4D board and case from
pcengines.ch. They're going out of production but are currently
available.

I put Debian on mine and love it to bits. It's been quite some fun too
setting up failover via LTE and enabling IPv6 using 6rd tunneling but
that stuff is extra.

To your specs, there's no video, just serial console and ethernet of
course. Wifi and LTE are optional, storage is mSATA SSD. From memory,
power consumption is about 9W, the case is used as a heat sink to
dissipate that.



I have a Fujitsu Futro s920 (the model with 2x2.2 GHz)
with a 4-port Gbit NIC and a Mini PCIE to SATA adapter for RAID
and 16GB RAM.

Round about 170€ without HDD/SSD

Re: Hardware Advice Wanted: Router

[Anssi Saari]

Charles Curley  writes:

> My FIT-PCs that provide network services are getting old, and i386
> Linux is slowly fading away. So I would like to replace them with a
> router/gateway computer.

I built a router with an APUD4D board and case from
pcengines.ch. They're going out of production but are currently
available.

I put Debian on mine and love it to bits. It's been quite some fun too
setting up failover via LTE and enabling IPv6 using 6rd tunneling but
that stuff is extra.

To your specs, there's no video, just serial console and ethernet of
course. Wifi and LTE are optional, storage is mSATA SSD. From memory,
power consumption is about 9W, the case is used as a heat sink to
dissipate that.

Re: Hardware Advice Wanted: Router

[Alexander V. Makartsev]

On 14.11.2023 04:08, Roberto C. Sánchez wrote:

On Mon, Nov 13, 2023 at 03:57:28PM -0700, Charles Curley wrote:

My FIT-PCs that provide network services are getting old, and i386
Linux is slowly fading away. So I would like to replace them with a
router/gateway computer.

It should run Debian.

It should either have two gigabit (or better) Ethernet interfaces or
have suitable expansion capability.

It should be quiet: no fans, and low power requirements. A small
physical footprint would be nice.

Most of the time it will run headless, but occasionally I will need to
stick a monitor and keyboard on it. VGA will do fine.

It will be a router. It will have at least DNS, DHCP, apt-cacher-ng and
firewalld on it. Modest disk and RAM will be fine.

WiFi is handled elsewhere for now, but I won't turn it down.

SSD for storage would be nice, although the FIT-PCs do fine with IDE
spinning rust.


I am in the process of solving almost the exact same problem. At the
moment, this is my leading candidate:
https://www.newegg.com/neosmay-kc12-alder-lake/p/2SW-006Y-00074

This looks too good to be true and raises many red flags.
According to Intel specs [1] for this processor it's 28W of heat to 
dissipate and that is Base Power only, Turbo Boost is whooping 64W(!).
IMO it is impossible to do with fan-less design at this small size, so 
there will be at least small fan running at full speed at all time and 
there has to be quite beefy heatsink also.
There are no photos of this device disassembled and fake 3D rendered 
pictures doesn't count.
A quick search of "NEOSMAY MINI PC Disassembly" on YT gave no results, 
only fake reviews and useless unboxing videos.
I've seen 17" laptops with much larger heatsink solutions (multiple 
heatpipes and fans), struggle with effective heat dissipation.



[1] 
https://www.intel.com/content/www/us/en/products/sku/226254/intel-core-i71260p-processor-18m-cache-up-to-4-70-ghz/specifications.html

--
With kindest regards, Alexander.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄

Re: Hardware Advice Wanted: Router

[Dan Ritter]

Charles Curley wrote: 
> It should run Debian.
> 
> It should either have two gigabit (or better) Ethernet interfaces or
> have suitable expansion capability.
> 
> It should be quiet: no fans, and low power requirements. A small
> physical footprint would be nice.
> 
> Most of the time it will run headless, but occasionally I will need to
> stick a monitor and keyboard on it. VGA will do fine.
> 
> It will be a router. It will have at least DNS, DHCP, apt-cacher-ng and
> firewalld on it. Modest disk and RAM will be fine.
> 
> WiFi is handled elsewhere for now, but I won't turn it down.
> 
> SSD for storage would be nice, although the FIT-PCs do fine with IDE
> spinning rust.

I bought one of these: 
https://www.amazon.com/Firewall-Appliance-HUNSN-Barebone-Storage/dp/B0B53MKZBX/
(4 x 2.5Gb NICs, N5105 CPU) -- I paid about $250 including 16GB
RAM and a 500GB SSD. Works very nicely.

For about $70 less you can get them with 2x 2.5Gb instead of 4;
for a little more money you can get up to 5x 2.5Gb NICs.

You can add wifi via a miniPCIe slot; I didn't bother. There are
antenna holes.

-dsr-

Re: Hardware Advice Wanted: Router

[Jeffrey Walton]

On Mon, Nov 13, 2023 at 5:58 PM Charles Curley
 wrote:
>
> My FIT-PCs that provide network services are getting old, and i386
> Linux is slowly fading away. So I would like to replace them with a
> router/gateway computer.
>
> It should run Debian.
>
> It should either have two gigabit (or better) Ethernet interfaces or
> have suitable expansion capability.
>
> It should be quiet: no fans, and low power requirements. A small
> physical footprint would be nice.
>
> Most of the time it will run headless, but occasionally I will need to
> stick a monitor and keyboard on it. VGA will do fine.
>
> It will be a router. It will have at least DNS, DHCP, apt-cacher-ng and
> firewalld on it. Modest disk and RAM will be fine.
>
> WiFi is handled elsewhere for now, but I won't turn it down.
>
> SSD for storage would be nice, although the FIT-PCs do fine with IDE
> spinning rust.

It sounds like you want an all-in-one of sorts. Something with
hardware+software. I don't have a recommendation for that.

However, if you would like a piece of hardware that checks most of the
boxes and can run whatever you like, then I recommend you look at
Protectli. They make low power, fanless, mini pc's with multiple
ethernet ports. You can choose between 2, 4 and 6 ports.
 and
.

Protectli devices are typically used as firewalls. In fact, I use one
running pfSense as a firewall behind my ISP's router. I am very
pleased with it.

On the downside, Protectli does not have open hardware design or use
OpenFirmware. Those gadgets are a little harder to find.

Jeff

Re: Hardware Advice Wanted: Router

[Roberto C . Sánchez]

On Mon, Nov 13, 2023 at 03:57:28PM -0700, Charles Curley wrote:
> My FIT-PCs that provide network services are getting old, and i386
> Linux is slowly fading away. So I would like to replace them with a
> router/gateway computer.
> 
> It should run Debian.
> 
> It should either have two gigabit (or better) Ethernet interfaces or
> have suitable expansion capability.
> 
> It should be quiet: no fans, and low power requirements. A small
> physical footprint would be nice.
> 
> Most of the time it will run headless, but occasionally I will need to
> stick a monitor and keyboard on it. VGA will do fine.
> 
> It will be a router. It will have at least DNS, DHCP, apt-cacher-ng and
> firewalld on it. Modest disk and RAM will be fine.
> 
> WiFi is handled elsewhere for now, but I won't turn it down.
> 
> SSD for storage would be nice, although the FIT-PCs do fine with IDE
> spinning rust.
> 
I am in the process of solving almost the exact same problem. At the
moment, this is my leading candidate:
https://www.newegg.com/neosmay-kc12-alder-lake/p/2SW-006Y-00074

In my case, I also use my router as a backup server, so I wanted dual
storage. If you can get by without that, then this much cheaper machine
might work for you:
https://www.newegg.com/p/2SW-006Y-00079

I haven't purchased either one yet, but I plan to purchase the first in
the coming weeks.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: Hardware Advice Wanted: Router

[jeremy ardley]

On 14/11/23 06:57, Charles Curley wrote:
My FIT-PCs that provide network services are getting old, and i386 
Linux is slowly fading away. So I would like to replace them with a 
router/gateway computer. It should run Debian. It should either have 
two gigabit (or better) Ethernet interfaces or have suitable expansion 
capability. It should be quiet: no fans, and low power requirements. A 
small physical footprint would be nice. Most of the time it will run 
headless, but occasionally I will need to stick a monitor and keyboard 
on it. VGA will do fine. It will be a router. It will have at least 
DNS, DHCP, apt-cacher-ng and firewalld on it. Modest disk and RAM will 
be fine. WiFi is handled elsewhere for now, but I won't turn it down. 
SSD for storage would be nice, although the FIT-PCs do fine with IDE 
spinning rust.



I use FriendlyElec devices that match all your requirements. You just 
have to load and configure the software yourself.


Current examples include NanoPi R6C for a simple router or NanoPi R6S if 
you want to run a DMZ LAN as well as an internal LAN. They all have 
2.5Gbit ethernet out of the box.


https://www.friendlyelec.com/index.php?route=product/category=69

Hardware Advice Wanted: Router

[Charles Curley]

My FIT-PCs that provide network services are getting old, and i386
Linux is slowly fading away. So I would like to replace them with a
router/gateway computer.

It should run Debian.

It should either have two gigabit (or better) Ethernet interfaces or
have suitable expansion capability.

It should be quiet: no fans, and low power requirements. A small
physical footprint would be nice.

Most of the time it will run headless, but occasionally I will need to
stick a monitor and keyboard on it. VGA will do fine.

It will be a router. It will have at least DNS, DHCP, apt-cacher-ng and
firewalld on it. Modest disk and RAM will be fine.

WiFi is handled elsewhere for now, but I won't turn it down.

SSD for storage would be nice, although the FIT-PCs do fine with IDE
spinning rust.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: Wanted: a special purpose Debian installer

[Brian]

On Fri 02 Jul 2021 at 11:09:58 +0100, Brian wrote:

> Indeed. Apologies, Felix.

Having said that, perhaps installing in the same way as two other
users have idicaated would allow you to make a useful contriburion
without having to rely on memory.

-- 
Brian.

Re: Wanted: a special purpose Debian installer

[Brian]

On Thu 01 Jul 2021 at 16:24:12 +0100, Brian wrote:

[..]

> on the system. So...a D-I bug?

Quite possibly, but my involvement with it ends here. Others can
pursue it in a suitable report.

Note that the installation with "recommends=false" still sets up
the system not to install recommended packages. A user really does
need to know what he is doing with the commandline options given
to D-I, whether or not they work.

-- 
Brian.

Re: Wanted: a special purpose Debian installer

[Brian]

On Fri 02 Jul 2021 at 04:55:04 -0500, Richard Owlett wrote:

> On 07/01/2021 04:52 PM, Brian wrote:
> > On Thu 01 Jul 2021 at 16:34:46 -0400, Felix Miata wrote:
> > 
> > > Brian composed on 2021-07-01 21:05 (UTC+0100):
> > > 
> > > > On Thu 01 Jul 2021 at 12:40:05 -0400, Felix Miata wrote:
> > >   
> > > 
> > > > > Dunno what to tell you. Maybe that's because I always include also
> > > > >   tasks=standard
> > > > Extremely unlikely. In fact, impossible.
> > >   
> > > 
> > > Interesting claim. Care to explain further?
> > 
> > Not particularly. The standard task does not pull in anything to
> > account for mine or Richard's observations.
> 
> That has not been established.

It has been here.
 
> > In fact, I did not install it.
> 
> *BUT* I had made the assumption that his use of "tasks=standard" was
> functionally equivalent to me checking "standard system utilities" in the
> menu.

It is.
 
> I suspect that what the installer does when I check mark any menu item may
> not match what I expect.

Probably.

> > 
> > Over to you and your imagination.
> > 
> 
> Courtesy please.

Indeed. Apologies, Felix.

-- 
Brian.

Re: Wanted: a special purpose Debian installer

[Richard Owlett]

On 07/01/2021 04:52 PM, Brian wrote:

On Thu 01 Jul 2021 at 16:34:46 -0400, Felix Miata wrote:


Brian composed on 2021-07-01 21:05 (UTC+0100):


On Thu 01 Jul 2021 at 12:40:05 -0400, Felix Miata wrote:




Dunno what to tell you. Maybe that's because I always include also
  

tasks=standard
  

Extremely unlikely. In fact, impossible.



Interesting claim. Care to explain further?


Not particularly. The standard task does not pull in anything to
account for mine or Richard's observations.


That has not been established.


In fact, I did not install it.


*BUT* I had made the assumption that his use of "tasks=standard" was 
functionally equivalent to me checking "standard system utilities" in 
the menu.


I suspect that what the installer does when I check mark any menu item 
may not match what I expect.




Over to you and your imagination.



Courtesy please.

Re: Wanted: a special purpose Debian installer

[Brian]

On Thu 01 Jul 2021 at 16:34:46 -0400, Felix Miata wrote:

> Brian composed on 2021-07-01 21:05 (UTC+0100):
> 
> > On Thu 01 Jul 2021 at 12:40:05 -0400, Felix Miata wrote:
>   
> 
> >> Dunno what to tell you. Maybe that's because I always include also
>  
> >>tasks=standard
>  
> > Extremely unlikely. In fact, impossible.
>   
> 
> Interesting claim. Care to explain further?

Not particularly. The standard task does not pull in anything to
account for mine or Richard's observations. In fact, I did not
install it.

Over to you and your imagination.

-- 
Brian.

Re: Wanted: a special purpose Debian installer

[Felix Miata]

Brian composed on 2021-07-01 21:05 (UTC+0100):

> On Thu 01 Jul 2021 at 12:40:05 -0400, Felix Miata wrote:


>> Dunno what to tell you. Maybe that's because I always include also
 
>>  tasks=standard
 
> Extremely unlikely. In fact, impossible.


Interesting claim. Care to explain further?

The following is from a local LAN backup/template directory, partially redacted:

Inst/Grub # grep tasks=standard *cfg* *lst* | wc -l
345
Inst/Grub # ls -rtgG *.cfg* *.lst* | tail
-rw-r--r-- 1 10552 Nov 11  2020 menu.lst.gx780-boot.19
-rw-r--r-- 1 10023 Dec 13  2020 menu.lst.gx150-boot.35
-rwxrwxr-x 1  7287 Jan 18 02:37 customARA88-02.cfg
-rwxr-xr-x 1  4800 Feb  9 03:42 customAB85m-05.cfg
-rwxr-xr-x 1  4802 Feb 27 21:39 customAB85m-06.cfg
-rw-r--r-- 1 10843 Apr  3 21:32 menu.lst.gx780-boot.20
-rw-r--r-- 1  4877 Apr 19 14:34 menu.lst.gx270-boot.39
-rwxr-xr-x 1  5486 Apr 29 18:40 customAB85m-07.cfg
-rw-r--r-- 1  4637 May  1 20:59 menu.lst.gx78b-boot.23
-rw-rw-r-- 1 18115 Jun  3 04:15 menu.lst.hp945-boot.47
Inst/Grub # grep tasks=standard customAB85m-07.cfg
linuxefi /deb10/linux showopts --- netcfg/get_hostname=ab85m 
netcfg/get_domain=ij.net netcfg/disable_autoconfig=true 
netcfg/get_ipaddress=#.#.#.#/24 netcfg/get_gateway=#.#.#.# 
netcfg/get_nameservers=8.8.4.4 netcfg/confirm_static=true tasks=standard 
base-installer/install-recommends=false
linuxefi /buntu/linux showopts --- netcfg/get_hostname=ab85m 
netcfg/get_domain=ij.net netcfg/disable_autoconfig=true 
netcfg/get_ipaddress=#.#.#.#/24 netcfg/get_gateway=#.#.#.# 
netcfg/get_nameservers=8.8.4.4 netcfg/confirm_static=true tasks=standard 
base-installer/install-recommends=false
-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: Wanted: a special purpose Debian installer

[Richard Owlett]

On 07/01/2021 11:40 AM, Felix Miata wrote:

Richard Owlett composed on 2021-07-01 08:00 (UTC-0500):


Felix Miata wrote:



Richard Owlett composed on 2021-06-30 08:43 (UTC-0500):



I don't recall just when I
did it but I had tried including "install-recommends=false" somewhere in
the command line. It failed.


I start most installations with Grub. Nearly always I start with a minimal
installation. On the linu lines in these files is:



base-installer/install-recommends=false



I tried that this morning.
I did *NOT* get the desired result.
I got all the "recommended" packages of MATE Desktop Environment.
Just as if I hadn't specified otherwise on the installer command line :{



Dunno what to tell you. Maybe that's because I always include also

tasks=standard

I only add a desktop after first boot into the fresh minimal installation.

What other command line options did you use?




None other added to defaults.

Re: Wanted: a special purpose Debian installer

[Brian]

On Thu 01 Jul 2021 at 12:40:05 -0400, Felix Miata wrote:

> Richard Owlett composed on 2021-07-01 08:00 (UTC-0500):
> 
> > Felix Miata wrote:
> 
> >> Richard Owlett composed on 2021-06-30 08:43 (UTC-0500):
> 
> >>> I don't recall just when I
> >>> did it but I had tried including "install-recommends=false" somewhere in
> >>> the command line. It failed.  
> >>> 
> >> I start most installations with Grub. Nearly always I start with a minimal
> >> installation. On the linu lines in these files is:
> 
> >>base-installer/install-recommends=false
> 
> > I tried that this morning.
> > I did *NOT* get the desired result.
> > I got all the "recommended" packages of MATE Desktop Environment.
> > Just as if I hadn't specified otherwise on the installer command line :{
>   
> 
> Dunno what to tell you. Maybe that's because I always include also
> 
>   tasks=standard

Extremely unlikely. In fact, impossible.

> I only add a desktop after first boot into the fresh minimal installation.

This isn't what Richard Owlet or I are doing. We are not on the same page.

> What other command line options did you use?

Irrelelevant.

-- 
Brian.

Re: Wanted: a special purpose Debian installer

[Felix Miata]

Richard Owlett composed on 2021-07-01 08:00 (UTC-0500):

> Felix Miata wrote:

>> Richard Owlett composed on 2021-06-30 08:43 (UTC-0500):

>>> I don't recall just when I
>>> did it but I had tried including "install-recommends=false" somewhere in
>>> the command line. It failed.
>>> 
>> I start most installations with Grub. Nearly always I start with a minimal
>> installation. On the linu lines in these files is:

>>  base-installer/install-recommends=false

> I tried that this morning.
> I did *NOT* get the desired result.
> I got all the "recommended" packages of MATE Desktop Environment.
> Just as if I hadn't specified otherwise on the installer command line :{


Dunno what to tell you. Maybe that's because I always include also

tasks=standard

I only add a desktop after first boot into the fresh minimal installation.

What other command line options did you use?
-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: Wanted: a special purpose Debian installer

[Brian]

On Thu 01 Jul 2021 at 08:00:25 -0500, Richard Owlett wrote:

> On 06/30/2021 01:39 PM, Felix Miata wrote:
> > Richard Owlett composed on 2021-06-30 08:43 (UTC-0500):
> > 
> > > I don't recall just when I
> > > did it but I had tried including "install-recommends=false" somewhere in
> > > the command line. It failed.  
> > > 
> > I start most installations with Grub. Nearly always I start with a minimal
> > installation. On the linu lines in these files is:
> > 
> > base-installer/install-recommends=false
> > 
> 
> I tried that this morning.
> I did *NOT* get the desired result.
> I got all the "recommended" packages of MATE Desktop Environment.

Thanks for trying again. For the commandline option above the Installer
Guide says

By setting this option to false, the package management
system will be configured to not automatically install
"Recommends", both during the installation and for the
installed system.

I installed Gnome using debian-10.8.0-i386-DVD-1.iso and checked the
syslog and /target/var/lib/dpkg/info for what was installed using
D-I. AFAICT, all the recommended packages of task-gnome-desktop are
on the system. So...a D-I bug?

-- 
Brian.

Re: Wanted: a special purpose Debian installer

[Richard Owlett]

On 06/30/2021 01:39 PM, Felix Miata wrote:

Richard Owlett composed on 2021-06-30 08:43 (UTC-0500):


I don't recall just when I
did it but I had tried including "install-recommends=false" somewhere in
the command line. It failed.


I start most installations with Grub. Nearly always I start with a minimal
installation. On the linu lines in these files is:

base-installer/install-recommends=false



I tried that this morning.
I did *NOT* get the desired result.
I got all the "recommended" packages of MATE Desktop Environment.
Just as if I hadn't specified otherwise on the installer command line :{

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Dan Ritter]

Polyna-Maude Racicot-Summerside wrote: 
> > 
> > There are a bunch of loonies out there who don't like other
> > people based on gender, sex, skin color, religion, geography, or
> > merely the fact that their computer is unsecured.
> > 
> 
> Thanks, I didn't know the word loonies applied to yourself. Now I get a
> better understanding.
> 
> Maybe you shall read back before sending email. Because I have a strong
> proof based opinion that you are getting pretty angry against people
> with unsecured computer.

I'm not angry at you, Polyna-Maude.

But it's clear that arguing with you will not help you, so I will stop.

-dsr-

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi,
> If I'm asking for help, I don't want to hear "try this, it's
> dangerous" unless all other possibilities have been exhausted.
> 
> If you want to start a thread "dangerous things to do to risk
> your data", that's fine. 

Would you be stuck in something like YOU = ALL OTHER BEING ?
Can you let other evaluate their own risk ? You know what ? If I feel
like doing parachute, I can do so.

And if I feel like going in the forest without having pepper spray for
bear, I also can.

> 
> 
>> I feel like there's some quasi religious mentality that :
>> 1. Must always obey to the latest standard / RFC / way of doing things.
> 
> RFC literally means "request for comment". Only the
> peer-reviewed ones listed as Standards Track can claim to be
> standards; most RFCs are informational.
> 
> This is because the grad student taking notes at meetings wasn't
> sure of how accurate the notes were, so they stuck "Request For
> Comment" at the top of the paper when distributing it.
> 
Great but other than showing me "You know stuff", it's irrelevant.

My message had nothing to do with what you say here.

I was putting simply a list of word that relate to "norms, standard,
procedure". The need to show that I didn't know the whole story behind
RFC makes me believe that you have a need to express that you are part
of "the ones who know".

But this apply only to the sandbox of your limited domain of knowledge
and we all have our own.

Read it back if you feel.

> 
>> 2. If we can win a millisecond then everything is worth getting this
>> poor millisecond.
> 
> Depends. If you can save a millisecond on something that
> happens a million times a day, that's 15 minutes of your day
> back. If it takes you an hour to save a millisecond on something
> that only happens once a day, it's probably not worth it.
> 
And even if I could save the millisecond every second.
Sure on a pure math based calculation you save much.

But nothing to force you.

Not everyone's life is based and revolve around what computer does.

Many people only care about the result, and have no need to save one
minute per day. Because they are happy this way.

Leave them alone !

>> 3. Unix is SERIOUS stuff, even if you use it only for web surfing, if
>> you have the technical knowledge then you must ensure it's safe.
> 
> There are a bunch of loonies out there who don't like other
> people based on gender, sex, skin color, religion, geography, or
> merely the fact that their computer is unsecured.
> 

Thanks, I didn't know the word loonies applied to yourself. Now I get a
better understanding.

Maybe you shall read back before sending email. Because I have a strong
proof based opinion that you are getting pretty angry against people
with unsecured computer.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer] - continue

[Polyna-Maude Racicot-Summerside]

Hi,

> 
> 
> And there's most people on earth who don't give a minute thinking about
> this.
> 
> Ask any business manager, he doesn't give much interest in his computer
> installation, as long one thing goes, what is it ? That the system
> permit core operation for the company and profit continue to get in.
> That's it, don't care on all the "how, why, etc".
> 
> There's a rule that say "Don't change a great team". And it also apply
> to computer science. So if your actual partition scheme work for you,
> even if it's outdated, continue on.
> Unless all your life revolve around computer and what goes with them.
> 
> But sorry ! Not everyone is so much interested in getting married with
> silicon.
> 

I give a example, they guy who asked about a problem with MATE desktop
that he runs from under Windows.

But that we start trying to tell him that he shall change it because
using Windows Subsystem for Linux (or whatever the name, running Linux
under Windows) is not "the best way".

Sorry, he didn't ask anything regarding to this.

And I was the only one who gave him some clue of where he could find
answer about why can he run Synaptic with sudo but no by clicking on it.
I told him where he could find logs and how to trace such launch.

Maybe for a geek mind it seem trivial that WSL is not a good solution.
But if this guy did a master degree in Chemistry, I'm more than
convinced that he evaluated the situation in a more than proper way. Did
someone forget that when you touch higher education, what you mostly
learn is how to evaluate system, context, situation, knowledge, data...
You become a specialist in analysis, whatever branch you did.

I don't know how many of the ones who answered him took a minute to
think about this one or how many got close to a post graduate diploma.

> And even some people who do receive this mailing list may have
> absolutely no interest in getting married with silicon.
> 
This was the guy above's case. He got married with Chemistry but has the
need for the computer as a tool for analysis.


> This seem to be a huge problem that gets over all the time, as soon you
> get a group of people who have strong interest in technology. The fact
> that their need may be pretty far from most other people need seem to
> vanishes and be out of reach for a bit of thinking.
> 

Some people may be very knowledgeable on computer but don't care much on
everything that revolve around computer. They learned a programming
language for some work in a master degree in Chemistry, Physics, Natural
Science, Liberal arts and more. Like I did, I learned programming so I
could develop algorithm used to analysis context of word usage and
relate them to language ability of people.

And I'd be more than happy to share knowledge with others, contribute to
project or such. But I abstain from doing so for one reason...

The mentality that goes on when you pack a group of computer programmer
together. And don't ask them to admit that even the big computer tech
don't care about latest technology, standard and good way.

But they all say the opposite when you listen because they complain of
the bugs in closed source program ;-) And seem to also get it pretty
right that profit is the main motto for Apple, IBM, Oracle and others...
So yes a business manager is driven only by one thing profit.

And computer have only one use, other than gaming, that is to assist us
in making some process easier, better for us.

Unless you choose to get married to silicon and make your life revolving
around all that has to do with the best, the latest, what is considered
good and what's evil-outdated.

But by being so close minded and stubborn we loose people on this way
and we can't teach those to keep their computer safe, one step at a time.

Thanks for all the Debian contributor, developers, mentor and more.

With a bunch of love,

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi,

Note :
Sorry Andrei if this message may seem to be wrote directly to you
because in fact it's written to all the "you" around who may feel
concerned. You got a direct reply because I was replying to your
message. Again, this could be something not to be done.


On 2021-06-30 7:58 p.m., Andrei POPESCU wrote:
> On Mi, 30 iun 21, 11:44:42, Polyna-Maude Racicot-Summerside wrote:
>>
>> Now here's what will amaze you...
>> You can do the same with a computer.
>> Take risk...
>> Make your computer unusable...
> 
> Sure, it's a great learning experience.
> 
>> Type "alias cd=rm -rf"
> 
> In my opinion it's generally a bad idea to post stuff like this, even as 
> joke. There's just too many people blindly copy-pasting commands of the 
> internet.
> 
I know that there's a remote possibility that someone could type this
"only for a try", but at that point it could be the same as saying never
write how to erase the partition table directly with something like
dd if=/dev/zero of=/dev/sda bs=1024k count=4

There's also a risk someone type a command out of context.

>> Open all the ports and get hacked.
> 
> This can affect others as well, if that computer becomes part of a 
> botnet or whatever, so no, please don't do that if you can help it.
> 
I do understand all of this AND the risk of putting burden on other
(like when you become part of a botnet).

BUT if you read the whole context of my message, instead of going for a
cherrypick then I'm sure you understand the point.

If we are talking about the lack of advancement in research regarding
artificial intelligence used for threat detection and I start talking on
the social theory behind what create the latest rise in the populist and
right wing party. You'll think I'm a bit off, even if there's a link
because most ring wing and populist based party distrust science and
research, so they won't fund it.

When you get too far from the day to day meaning, you start to loose
people, unless they have a interest in the subject. But this also apply
to people who have interest in the subject but want to change their
life, not society.

This also apply to what we see around here.

Ex :

You have the people who build their whole career around computer. For
them something not up to date is a computer that people are missing out
on their responsibility to maintain.

A partition table not setup by the latest standard (they believe in) is
something not done the proper way.

Unix was based on a KISS principle (Keep It Simple Stupid), as we see
with all the small utilities you can pipe on into another, that are
still there without much change after nearly 50 years of existence. All
deviation out of this rule will be seen as problematic. But with all
their rigid thinking and obligation of obeying to model and procedures,
they still prefer using SystemD.

A need for using a antivirus is a non negotiable obligation. You shall
be cursed if you ever lack your obligation of due diligence and cause
harm to other (even unknowingly). The simple fact you may have a virus
make you a person unfit to participate in the global network.


And there's most people on earth who don't give a minute thinking about
this.

Ask any business manager, he doesn't give much interest in his computer
installation, as long one thing goes, what is it ? That the system
permit core operation for the company and profit continue to get in.
That's it, don't care on all the "how, why, etc".

There's a rule that say "Don't change a great team". And it also apply
to computer science. So if your actual partition scheme work for you,
even if it's outdated, continue on.
Unless all your life revolve around computer and what goes with them.

But sorry ! Not everyone is so much interested in getting married with
silicon.

And even some people who do receive this mailing list may have
absolutely no interest in getting married with silicon.

This seem to be a huge problem that gets over all the time, as soon you
get a group of people who have strong interest in technology. The fact
that their need may be pretty far from most other people need seem to
vanishes and be out of reach for a bit of thinking.

Sorry guys, you are really nice to helping others out, are a mine of
knowledge and have built a great Linux distribution throughout the
years. But by pushing so much on your "system engineer based opinion"
this make people fly away.

I'll repeat a small story about myself.

I use Linux since early 1998-199, started with Slackware 3.3 on a 486.
Would take a night to compile the kernel, so start compilation before
heading to bed.

I compiled hundred of program, importing them from Kali into Debian when
they weren't available or backported some for my personal use. Yes, I
made the choice to prefer having a DEB package than using something
else. This way I get detection of file conflict between software and
other (this is my own choice).

I did a PhD in cognitive science, worked somewhat on the path of Seymour
Papert, even if 

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Andrei POPESCU]

On Mi, 30 iun 21, 11:44:42, Polyna-Maude Racicot-Summerside wrote:
> 
> Now here's what will amaze you...
> You can do the same with a computer.
> Take risk...
> Make your computer unusable...

Sure, it's a great learning experience.

> Type "alias cd=rm -rf"

In my opinion it's generally a bad idea to post stuff like this, even as 
joke. There's just too many people blindly copy-pasting commands of the 
internet.

> Open all the ports and get hacked.

This can affect others as well, if that computer becomes part of a 
botnet or whatever, so no, please don't do that if you can help it.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Andrei POPESCU]

On Mi, 30 iun 21, 11:02:43, Thompson, Brian wrote:
> 
> Is this mailing list usually used for philosophical debates, persuasion, and
> primitive name-calling?  Genuinely curious so that I can unsub if it is.

It happens more or less every time during the freeze, as there are less 
problems to solve.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Andrei POPESCU]

On Mi, 30 iun 21, 05:57:19, The Wanderer wrote:
> On 2021-06-30 at 05:23, Polyna-Maude Racicot-Summerside wrote:
> > 
> > On 2021-06-30 4:32 a.m., Andrei POPESCU wrote:
> > 
> >> On Ma, 29 iun 21, 17:08:16, Polyna-Maude Racicot-Summerside wrote:
> >> 
> >>> I can only hope that one day someone will knock you off with a
> >>> shovel in the face because you said something wrong. This will be
> >>> a great day and you'll get back what you serve to others.
> >> 
> >> Seriously?
> >> 
> > Yes, whatever great idea you have, even if others are wrong in what
> > they say. Nothing justify being rude and lacking respect.
> > 
> > I never used any swearing word on this mailing list and it won't be
> > part in any of my arguments.
> 
> It's possible that there may be a miscommunication / confusion here.

As far as I'm concerned the literal interpretation is already 
inappropriate, regardless of the language.
 
> At least according to my understanding, the idiom "to knock [person]
> off" is commonly understood as a euphemism for "to murder [person]".

That just makes it worse (though it's the first time I hear about it).

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Brian]

On Wed 30 Jun 2021 at 23:40:54 +0100, mick crane wrote:

> On 2021-06-30 18:56, Brian wrote:
> 
> > > "f" word is very ancient English word which gives added emphasis
> > > especially
> > > when unexpected
> > > Doesn't bother me but as you say is inappropriate on mailing list
> > > and I'm
> > > sure it's a one-off.
> > 
> > It is inappropriate anywhere in public. You are not bothered by this?
> > I am and so are others. Just so you know.
> > 
> > By all means use it with your parents, children and grandparents. Keep
> > it in the family and don't subject the rest of us to it.
> 
> I am more outraged that you assume I would swear in front of family members
> than I am seeing "f" word.

But you appear to be comfortable (not bothered) when the word is
inflicted on members of the public, who include family members. I
am not. It does bother me.

-- 
Brian.

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[mick crane]

On 2021-06-30 18:56, Brian wrote:

"f" word is very ancient English word which gives added emphasis 
especially

when unexpected
Doesn't bother me but as you say is inappropriate on mailing list and 
I'm

sure it's a one-off.


It is inappropriate anywhere in public. You are not bothered by this?
I am and so are others. Just so you know.

By all means use it with your parents, children and grandparents. Keep
it in the family and don't subject the rest of us to it.


I am more outraged that you assume I would swear in front of family 
members than I am seeing "f" word.


mick
--
Key ID4BFEBB31

Re: Wanted: a special purpose Debian installer

[Brian]

On Wed 30 Jun 2021 at 08:43:51 -0500, Richard Owlett wrote:

> On 06/26/2021 01:32 PM, Richard Owlett wrote:
> > On 06/26/2021 12:31 PM, David Wright wrote:
> > > [snip]
> > > 
> > > I thought we had established last year that you need to install the
> > > initial system without Recommends:
> > 
> > That is EXPLICITLY my goal. I vaguely recall attempting to follow some
> > suggestions which didn't end well ;{
> > 
> > > 
> > > https://lists.debian.org/debian-user/2020/09/msg00436.html
> > 
> > I don't recall that post.
> > 
> > > 
> > > and one possible answer was:
> > > 
> > > https://lists.debian.org/debian-user/2020/09/msg00441.html
> > 
> > That has an intriguing section:
> > > > This the tail of basically the same installer cmdline I've been
> > > > using for Debian
> > > > for several years, Bullseye the last:
> > > > netcfg/get_nameservers=8.8.4.4 netcfg/confirm_static=true tasks=standard
> > > > base-installer/install-recommends=false GRUB_DISABLE_OS_PROBER=true
> > 
> > I've lost my local copy of posts from that time period. I can't do it
> > today, but tomorrow I'll create a local copy of the thread to examine.
> > 
> 
> Now that I've reread all the "Re: LEAN Debian install: Exploring task
> selection menu" it triggered some memories. I don't recall just when I did
> it but I had tried including "install-recommends=false" somewhere in the
> command line. It failed. IIRC there's something hard-coded in part of the
> installer that ignores that directive just where I wanted it to have effect.
> Without my local references, I don't have the details.

IIRC isn't the soundest basis for making an assertion or claim. I would
suggest YAIITUW (yet another installtion in the usual way) would help
to clear up the matter. The D.I. syslog would be useful to glance at.

-- 
Brian.

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Joe]

On Wed, 30 Jun 2021 09:33:37 -0400
Polyna-Maude Racicot-Summerside  wrote:


> 
> There's a old saying that state :
> "Give someone a fish, feed him for the day, teach him how to fish,
> feed him for life".
> 
> That must be something that doesn't apply anymore.

It never did. The second clause is really 'and he'll be back in the
same place the next day waiting for you to give him *his* fish.' Why
bother learning something when you can just hold out your hand?

Fashions change by the week, customs change by the decade, human
psychology changes by the tens of millennia. It would have been the
same in Christ's day.

The IT world is admittedly a bit different, a higher proportion of us
generally want to learn to fish. It is safe to include anyone who
wrangles a Linux distribution among those. Many people explicitly ask
'how do I troubleshoot ', or 'where can I learn about ' rather
than 'how do I fix '.

-- 
Joe

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Brian]

On Wed 30 Jun 2021 at 14:27:16 -0400, Dan Ritter wrote:

[...]
 
> There are a bunch of loonies...

A very nineteenth centrury word. This bunch of people have views that
are due to some mental illness? Maybe a touch of empathy would not go
unnoticed.

[...]

-- 
Brian.

Re: Wanted: a special purpose Debian installer

[Felix Miata]

Richard Owlett composed on 2021-06-30 08:43 (UTC-0500):

> I don't recall just when I 
> did it but I had tried including "install-recommends=false" somewhere in 
> the command line. It failed.  
> 
I start most installations with Grub. Nearly always I start with a minimal
installation. On the linu lines in these files is:

base-installer/install-recommends=false
-- 
Evolution as taught in public schools is, like religion,
based on faith, not based on science.

 Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Dan Ritter]

Polyna-Maude Racicot-Summerside wrote: 
> Hi,
> 
> > For people that I consider part of my community, I feel a higher
> > standard of care is in order.
> > 
> Haven't you ever tried to think of computing as a "no risk involved"
> possibility ?
> 
> If I accept that I may risk rendering the system unusable and requiring
> a re-install BUT I can assume this risk and learn from this ?

If I'm asking for help, I don't want to hear "try this, it's
dangerous" unless all other possibilities have been exhausted.

If you want to start a thread "dangerous things to do to risk
your data", that's fine. 


> I feel like there's some quasi religious mentality that :
> 1. Must always obey to the latest standard / RFC / way of doing things.

RFC literally means "request for comment". Only the
peer-reviewed ones listed as Standards Track can claim to be
standards; most RFCs are informational.

This is because the grad student taking notes at meetings wasn't
sure of how accurate the notes were, so they stuck "Request For
Comment" at the top of the paper when distributing it.


> 2. If we can win a millisecond then everything is worth getting this
> poor millisecond.

Depends. If you can save a millisecond on something that
happens a million times a day, that's 15 minutes of your day
back. If it takes you an hour to save a millisecond on something
that only happens once a day, it's probably not worth it.

> 3. Unix is SERIOUS stuff, even if you use it only for web surfing, if
> you have the technical knowledge then you must ensure it's safe.

There are a bunch of loonies out there who don't like other
people based on gender, sex, skin color, religion, geography, or
merely the fact that their computer is unsecured.

If you depend on your computer to be safe, it's worth taking
these things seriously.

If you have a throwaway computer for fun, go have fun with it.

> 5. It's up to date.

Makes it easier to be secure, often offers features or fixes
that people like.

> 6. Follow the "guidelines".

There's not just one set. But if you ask for help, you should
get good advice. And if lots of people ask for the same sort of
help, writing down that good advice is efficient.

> 7. You collect metrics and review them to prevent anything bad from
> arriving.

Metrics don't prevent bad things, they show you bad things in
progress or the past.

> 8. You only used limited sudo possibility (in case someone hack into
> your box).

Good advice.

> 9. You must care about your own data (which you don't really care,
> except some family photo that you backup on Google Drive) like it if was
> client user's data.

I can't tell you how to value your data. Most people are pretty
upset when they lose things that they thought were safe.

> 10. Use error correction ram.

Hardly ever worth while in a personal computer context. Often
worthwhile in a business context.

> 11. Have a kernel optimized with the good type of scheduling for your work.

Hardly ever has to be changed; if you need it, it should be
obvious.


> 12. Leave the less port possible open (sacred).

If you mean "don't leave ports open that you didn't mean to
leave open", certainly. I've lived in places where it was pretty
safe to leave your front door unlocked. I don't live in one now.
If you're connected to the Internet, you don't.


> Why can't it be also fun ?

It is. Don't make mean jokes, that's not fun for anyone
except you.

-dsr-

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Brian]

On Wed 30 Jun 2021 at 13:31:37 +0100, mick crane wrote:

> On 2021-06-30 10:59, to...@tuxteam.de wrote:
> > On Tue, Jun 29, 2021 at 02:43:28PM -0400, Greg Wooledge wrote:
> > 
> > [...]
> > 
> > > DO NOT USE xhost + WITH ssh -X OR ssh -Y
> > > 
> > > That was the fucking point.
> > 
> > Calm down. I understand security is close to your heart,
> > but there's no need to be so vitriolic and borderline
> > insulting about it.
> > 
> > There are nicer ways to drive the point home that, nowadays,
> > "xhost +" isn't a good idea, generally.
> 
> "f" word is very ancient English word which gives added emphasis especially
> when unexpected
> Doesn't bother me but as you say is inappropriate on mailing list and I'm
> sure it's a one-off.

It is inappropriate anywhere in public. You are not bothered by this?
I am and so are others. Just so you know.

By all means use it with your parents, children and grandparents. Keep
it in the family and don't subject the rest of us to it.

Your use of a euphanism is interesting. The "E" word?

-- 
Brian.

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-06-30 11:59 a.m., Dan Ritter wrote:
> Polyna-Maude Racicot-Summerside wrote: 
>> Now here's what will amaze you...
>> You can do the same with a computer.
>> Take risk...
>> Make your computer unusable...
>> Type "alias cd=rm -rf"
>> Open all the ports and get hacked.
>> Open all the ports and not get hacked.
>> Take risk and loose not much because you don't care...
>> Choose unsafe configuration.
> 
> 
> I endorse this as best practice for my competitors.
> 
> For people that I consider part of my community, I feel a higher
> standard of care is in order.
> 
Haven't you ever tried to think of computing as a "no risk involved"
possibility ?

If I accept that I may risk rendering the system unusable and requiring
a re-install BUT I can assume this risk and learn from this ?

Why should you never learned something because it just went bad ?

I feel like there's some quasi religious mentality that :
1. Must always obey to the latest standard / RFC / way of doing things.
2. If we can win a millisecond then everything is worth getting this
poor millisecond.
3. Unix is SERIOUS stuff, even if you use it only for web surfing, if
you have the technical knowledge then you must ensure it's safe.
4. It's optimized.
5. It's up to date.
6. Follow the "guidelines".
7. You collect metrics and review them to prevent anything bad from
arriving.
8. You only used limited sudo possibility (in case someone hack into
your box).
9. You must care about your own data (which you don't really care,
except some family photo that you backup on Google Drive) like it if was
client user's data.
10. Use error correction ram.
11. Have a kernel optimized with the good type of scheduling for your work.
12. Leave the less port possible open (sacred).
...

Why can't it be also fun ?

Maybe more user would have some interest in Debian and stop praying for
Ubuntu. And this, I'd love for it to happens. Because I don't understand
why a derivative or fork could be better than the sweet original.

Let's make Debian happy and fun ?
Doesn't mean we can't have some serious stuff roasting underneath !
> -dsr-
> 

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Thompson, Brian]

On 30 Jun 2021, at 10:44, Polyna-Maude Racicot-Summerside wrote:


Hi,


To summarize, there are basically two sane approaches to remote X 
clients:



"Two sane approach" ?

Okay, there's only two approach YOU believe in.
That's it.

There's at least a dozen of way to install a X11 network system.

You don't have any a power to judge other than your own self.
You may consider something to be inappropriate but it doesn't make 
this

solution unacceptable, except in your own mind.

You seem to use a knife and cut every thing with a straight line, one
side what's positive, good, acceptable, allowable, usable, possible.

And on the other side...
Everything else, what's evil, dangerous, open to furry, waiting for a
disaster, not for use in a nuclear power plant, worst than putting 
some

plutonium with your morning eggs.

Sorry, but that's all false.
What you state here only applies to the case of situation you have put
thru your mind.

But there's other people (and situation) that may exist, that you 
don't

even know. And that's... okay too ! And you know what ? Those solution
are happy and good for those person. And they are allowed to use 
them...


Let me tell you something very crazy !

One day I was reading on a forum that a guy changed the shutter speed 
of

his soviet camera before arming. That's dangerous because it somewhat
but the gears in a "unknown state".

But there's a way to fix it... You play with the rewind lever and
magic.. it gets back on track. But you may also wreck your camera if 
you

do it the wrong way.

You know what I did ?
I took my camera and did exactly like the guy did and screwed my on
purpose !

And after "fixing" it three time, I told him the solution worked !
Could have ended up putting that camera to be used a paper weight.

Now here's what will amaze you...
You can do the same with a computer.
Take risk...
Make your computer unusable...
Type "alias cd=rm -rf"
Open all the ports and get hacked.
Open all the ports and not get hacked.
Take risk and loose not much because you don't care...
Choose unsafe configuration.
Even the most crazy thing ever, erase MS Windows and install Debian
Buster with X11 !

Sincerely,

Open minded doesn't mean you have to crack your head open and have 
brain

juice sprouting over the place...

--
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development


There comes a point when trying to convince someone of something that 
you
believe in just isn't worth it.  I don't know if this is usually the 
case about
the debian-user mailing list, but it's recently become the equivalent of 
spam.


Is this mailing list usually used for philosophical debates, persuasion, 
and

primitive name-calling?  Genuinely curious so that I can unsub if it is.

Best regards,

Brian T

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Dan Ritter]

Polyna-Maude Racicot-Summerside wrote: 
> Now here's what will amaze you...
> You can do the same with a computer.
> Take risk...
> Make your computer unusable...
> Type "alias cd=rm -rf"
> Open all the ports and get hacked.
> Open all the ports and not get hacked.
> Take risk and loose not much because you don't care...
> Choose unsafe configuration.


I endorse this as best practice for my competitors.

For people that I consider part of my community, I feel a higher
standard of care is in order.

-dsr-

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi,
> 
> To summarize, there are basically two sane approaches to remote X clients:
> 
"Two sane approach" ?

Okay, there's only two approach YOU believe in.
That's it.

There's at least a dozen of way to install a X11 network system.

You don't have any a power to judge other than your own self.
You may consider something to be inappropriate but it doesn't make this
solution unacceptable, except in your own mind.

You seem to use a knife and cut every thing with a straight line, one
side what's positive, good, acceptable, allowable, usable, possible.

And on the other side...
Everything else, what's evil, dangerous, open to furry, waiting for a
disaster, not for use in a nuclear power plant, worst than putting some
plutonium with your morning eggs.

Sorry, but that's all false.
What you state here only applies to the case of situation you have put
thru your mind.

But there's other people (and situation) that may exist, that you don't
even know. And that's... okay too ! And you know what ? Those solution
are happy and good for those person. And they are allowed to use them...

Let me tell you something very crazy !

One day I was reading on a forum that a guy changed the shutter speed of
his soviet camera before arming. That's dangerous because it somewhat
but the gears in a "unknown state".

But there's a way to fix it... You play with the rewind lever and
magic.. it gets back on track. But you may also wreck your camera if you
do it the wrong way.

You know what I did ?
I took my camera and did exactly like the guy did and screwed my on
purpose !

And after "fixing" it three time, I told him the solution worked !
Could have ended up putting that camera to be used a paper weight.

Now here's what will amaze you...
You can do the same with a computer.
Take risk...
Make your computer unusable...
Type "alias cd=rm -rf"
Open all the ports and get hacked.
Open all the ports and not get hacked.
Take risk and loose not much because you don't care...
Choose unsafe configuration.
Even the most crazy thing ever, erase MS Windows and install Debian
Buster with X11 !

Sincerely,

Open minded doesn't mean you have to crack your head open and have brain
juice sprouting over the place...

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[tomas]

On Wed, Jun 30, 2021 at 11:07:24AM -0400, Greg Wooledge wrote:
> On Wed, Jun 30, 2021 at 04:35:13PM +0200, to...@tuxteam.de wrote:
> > BTW: the problematic thing is called "xhost +", not "xhost +x", which
> > won't work...
> > 
> >   tomas@trotzki:~$ xhost + x
> >   xhost:  bad hostname "x"
> > 
> > ...unless there's a host in your network named "x" :-)

[...]

> Another person mentioned "xhost +x" in which I took the final x to be
> a placeholder for a local network hostname [...]

This interpretation makes a lot of sense, thanks.

[rest deleted]

Thanks for the detailed description.

Cheers
 - t


signature.asc
Description: Digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Greg Wooledge]

On Wed, Jun 30, 2021 at 04:35:13PM +0200, to...@tuxteam.de wrote:
> BTW: the problematic thing is called "xhost +", not "xhost +x", which
> won't work...
> 
>   tomas@trotzki:~$ xhost + x
>   xhost:  bad hostname "x"
> 
> ...unless there's a host in your network named "x" :-)

xhost was mentioned by at least two different people, and they may not
be on the same page as each other.

One person mentioned "xhost +" (althogh I think they actually typoed
it as "xhost+"), which is VERY bad indeed, and should never be used
outside of an isolated private network.

Another person mentioned "xhost +x" in which I took the final x to be
a placeholder for a local network hostname.  Doing this is less bad
than "xhost +", because now you're only susceptible to keylogger attacks
and so forth from the one host that you trusted, rather than from EVERY
host.

But still, this is not how remote X clients should be handled in this
century.

> Further, I don't think things are as bleak as Greg put them, since
> by default, X doesn't listen on the network these days

I mentioned this earlier.  I think it got drowned out.

My concern is that apparently there are people on this mailing list who
are actively advocating that people should enable X's TCP listening
and then enable xhost authorization, either globally or per-host.  And
these people are not giving adequate warnings about the security
ramifications of their suggestions.  Let alone the difficulty.


To summarize, there are basically two sane approaches to remote X clients:

1) Run a Display Manager with XDMCP on the remote host, and allow users
   to connect to that from their workstations.  The workstation will run
   an X server only; the rest of the session (all X clients including
   window manager) runs on the remote host.

2) Run a local X session including window manager on each workstation, but
   use ssh -X to the remote host to run specific X client programs.

The first approach is a traditional "thin client" setup, and was common
in some universities, back in the 1980s and 1990s.  Full workstations
capable of running both the X server *and* the client applications
were expensive, so some organizations saved money by purchasing cheaper
machines that would run only the X server.

There is also a centralization benefit here, with all of the X clients
running on a single host, that some administrators might have found
useful.  On the other hand, you had all your eggs in one basket.

The second approach is more common now, with even the cheapest desktop
machines being more than capable of handling both the X server and
the X client applications.  Having the window manager and other highly
latency-susceptible programs running on the local machine, rather than
over the network, gives a greatly improved experience for the user.
This same consideration applies to web browsers, video players, etc.

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[tomas]

On Wed, Jun 30, 2021 at 09:16:37AM -0400, Polyna-Maude Racicot-Summerside wrote:
> Hi,

[...]

> I didn't have in mind any type of murder or long lasting damage of any soft.

Still, it's a pretty violent metaphor, I think we can agree on that.
And perhaps somewhat off-tone for a mailing list with roughly 3k
subscribers from all over the world. For some, it might be somewhat...
intimidating.

[...]

> So as you are the almighty that now believe I shall be banned.
> Wish you good luck.

I think no one here has proposed banning you. Among those suggesting
you tone down, I think no one has the power to do that.

> I'll go back like all those ones who take and don't give.
> And will surely abstain from sharing my opinions or helping others in
> what I may have knowledge.

I agree with The Wanderer here: that would be a pity. Your contributions
are valuable here.

Cheers
 - t


signature.asc
Description: Digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[tomas]

On Wed, Jun 30, 2021 at 09:33:37AM -0400, Polyna-Maude Racicot-Summerside wrote:
> Hi,

[...]

> I was the stupid and dumb person who started talking about "the classic
> way" of authentication using X11.

Uh, whatever. I don't think you're stupid. I don't think *you* think
you're stupid. So I'm ignoring that :)

> I am so sorry to have had the wrong idea of telling someone that
> learning the "classic way" of authentication with X11 [...]

> Another user added that "xhost +x" can be used if there's a
> authentication problem. As one of the "things to try".

FWIW, I don't think it's "wrong". But if people use it, they should
understand the implications. The X protocol isn't the most secure
out there.

BTW: the problematic thing is called "xhost +", not "xhost +x", which
won't work...

  tomas@trotzki:~$ xhost + x
  xhost:  bad hostname "x"

...unless there's a host in your network named "x" :-)

Further, I don't think things are as bleak as Greg put them, since
by default, X doesn't listen on the network these days, but only
on a local Unix socket anyway. The attacker would have to have
access to the local machine. Security-wise there's bigger fish to
fry out there (automount, anyone?).

So I don't agree 100% with Greg, and I agree even less with the
way he put it (pointing out the issues might be more productive
than shouting), but he /has/ a point.

Cheers
 - t


signature.asc
Description: Digital signature

Re: Wanted: a special purpose Debian installer

[Richard Owlett]

On 06/26/2021 01:32 PM, Richard Owlett wrote:

On 06/26/2021 12:31 PM, David Wright wrote:

[snip]

I thought we had established last year that you need to install the
initial system without Recommends:


That is EXPLICITLY my goal. I vaguely recall attempting to follow some 
suggestions which didn't end well ;{




https://lists.debian.org/debian-user/2020/09/msg00436.html


I don't recall that post.



and one possible answer was:

https://lists.debian.org/debian-user/2020/09/msg00441.html


That has an intriguing section:
This the tail of basically the same installer cmdline I've been using 
for Debian

for several years, Bullseye the last:
netcfg/get_nameservers=8.8.4.4 netcfg/confirm_static=true tasks=standard
base-installer/install-recommends=false GRUB_DISABLE_OS_PROBER=true


I've lost my local copy of posts from that time period. I can't do it 
today, but tomorrow I'll create a local copy of the thread to examine.




Now that I've reread all the "Re: LEAN Debian install: Exploring task 
selection menu" it triggered some memories. I don't recall just when I 
did it but I had tried including "install-recommends=false" somewhere in 
the command line. It failed. IIRC there's something hard-coded in part 
of the installer that ignores that directive just where I wanted it to 
have effect. Without my local references, I don't have the details.






I don't remember your ever reporting doing that. Did you try it,
and what was the result? It would be nice to put this problem to bed,
rather than revisiting it ever year.


I tried many things. Usually a mass failure. I'll see what I can re-create.
Thank you.

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[The Wanderer]

On 2021-06-30 at 09:16, Polyna-Maude Racicot-Summerside wrote:

> Hi,
> 
> On 2021-06-30 5:57 a.m., The Wanderer wrote:
> 
>> On 2021-06-30 at 05:23, Polyna-Maude Racicot-Summerside wrote:

>>> Yes, whatever great idea you have, even if others are wrong in
>>> what they say. Nothing justify being rude and lacking respect.
>>> 
>>> I never used any swearing word on this mailing list and it won't
>>> be part in any of my arguments.
>> 
>> It's possible that there may be a miscommunication / confusion
>> here.
>> 
>> At least according to my understanding, the idiom "to knock
>> [person] off" is commonly understood as a euphemism for "to murder
>> [person]".
> 
> I didn't have in mind any type of murder or long lasting damage of
> any soft.
> 
> When I said, to "Knock you off with a shovel in the face", I meant a 
> kind of "Wake up call". But now, as you say it, and as English is 
> somewhat my first language, even if it's more my second now, I do 
> remember as a kid / teenager that I would have interpreted that as
> "To be turned off".
> 
> I was a somewhat literal translation from the french where you can
> say "Le réveiller à coup de pelle dans la face" which mean to wake
> someone up with a shovel in the face.
> 
> So take it as :
> A kick in the ass.
> A kick in the but.
> A slap in the face.
> A physical wake up call.
> ...
> Something that will shake you enough that you get the time to think.
> Something like...
> Hope you understand before you end up 6 month on a hospital bed so you
> can get your mind straight.

I guessed that you might mean something like that, but that is not how
it may have come across to someone familiar with the English idiom in
question. That's why I wanted to clarify the point.

>> Thus, when you wrote "I can only hope that someone will knock you
>> off with a shovel in the face", that may have been read as "I can
>> only hope that someone one day murders you by smashing your face in
>> with a shovel".
>> 
>> This is, clearly, a *far greater* verbal escalation than merely
>> using foul language; I suspect, though I am not certain, that it
>> would be seen as grounds for immediate banning from the mailing
>> list.
> 
> If it is, then be it. Which would be somewhat hard to understand has
> you seem to accept mail coming from any server and even user not on
> the mailing list.

I seem to recall mention of moderation at some points in the past,
although specifics do escape me, and it's possible I'm remembering wrong.

> So as you are the almighty that now believe I shall be banned. Wish
> you good luck.

I never said any such thing. I said that, *if* the statement which yours
could be interpreted as had been what you said (or what you meant), then
clearly that would be grounds for a ban.

Since you've now clarified that that isn't what you meant (and plausibly
so, at least in my opinion), that would probably be enough to remove
that option from the picture, if it was ever in.

> I'll go back like all those ones who take and don't give. And will
> surely abstain from sharing my opinions or helping others in what I
> may have knowledge.

That would be a sad outcome. Although the style of your posts to this
mailing list that I've seen thus far don't tend to fit very well with my
personal tastes, I do think that we're overall better off with you
participating than we'd be if you were not.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-06-30 5:59 a.m., to...@tuxteam.de wrote:
> On Tue, Jun 29, 2021 at 02:43:28PM -0400, Greg Wooledge wrote:
> 
> [...]
> 
>> DO NOT USE xhost + WITH ssh -X OR ssh -Y
>>
>> That was the fucking point.
> 
> Calm down. I understand security is close to your heart,
> but there's no need to be so vitriolic and borderline
> insulting about it.
> 
> There are nicer ways to drive the point home that, nowadays,
> "xhost +" isn't a good idea, generally.
> 
I was the stupid and dumb person who started talking about "the classic
way" of authentication using X11.

I am so sorry to have had the wrong idea of telling someone that
learning the "classic way" of authentication with X11 (or the old way)
would give them some knowledge of the inner working, how the client
communicate with the server and how to setup the DISPLAY variable.

My idea (pretty dumb) was that by learning this way, that person would
have the knowledge to understand if later on a there's a problem with
using SSH -X.

Another user added that "xhost +x" can be used if there's a
authentication problem. As one of the "things to try".

But as we didn't think like the chef, we we're so wrong.

So lets all think the same.

And if the person ever has problem using SSH -X then she'll come over
here and ask question, this way the chef and his follower will be able
to feel good that they helped someone.

There's a old saying that state :
"Give someone a fish, feed him for the day, teach him how to fish, feed
him for life".

That must be something that doesn't apply anymore. Everyone who doesn't
think like This Dear God is so much far from the only truth in the world
of computing science.
Make me thing about the day I was told that those people who use Gnome
(as I was told, if you use Gnome then all your problem are caused by
this cursed desktop manager, real user don't use desktop environment).
Another stupidity that goes with, whoever has a idea that is different
then mine must be bad. After all, there must be a bunch of stupid person
wasting their time packaging KDE and Gnome, even making Live image !

I wonder why does Debian offer many different Live image... Can be
everything except to leave the choice to the user...

You ask a question relating to the use of Grub and it ends-up we tell
you that "you have the wrong way of doing partition. It is bad to have
them separated for home, tmp, var, usr/local, etc. Because you do it the
old way". Sorry, I didn't ask to have a comment of my partition table
and I only shared it because I was asked to. And I didn't ask help for
this. Only on how to install Grub as a command line after debootstrap
and if I need to put my bios boot drive as a option or prepare it somehow.

To be open minded doesn't mean that you have to crack your head open. So
people seem to forget this one.

It's a easy question why people prefer Ubuntu over Debian. Not for the
quality of the software but the quality of the community. Not people who
only think about what they consider to be the "best way to do those
things" without regard to the user themselves and their need. No, they
have calculated, analyzed and this is the way.

But their only experience is not much in business themselves but only
what relate to core computer science. But in life, people don't care
much if you save them a milliseconds if your solution is a pain to use.

> Cheers
>  - t
> 

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-06-30 5:57 a.m., The Wanderer wrote:
> On 2021-06-30 at 05:23, Polyna-Maude Racicot-Summerside wrote:
> 
>> Hi,
>>
>> On 2021-06-30 4:32 a.m., Andrei POPESCU wrote:
>>
>>> On Ma, 29 iun 21, 17:08:16, Polyna-Maude Racicot-Summerside wrote:
>>>
 I can only hope that one day someone will knock you off with a
 shovel in the face because you said something wrong. This will be
 a great day and you'll get back what you serve to others.
>>>
>>> Seriously?
>>>
>> Yes, whatever great idea you have, even if others are wrong in what
>> they say. Nothing justify being rude and lacking respect.
>>
>> I never used any swearing word on this mailing list and it won't be
>> part in any of my arguments.
> 
> It's possible that there may be a miscommunication / confusion here.
> 
> At least according to my understanding, the idiom "to knock [person]
> off" is commonly understood as a euphemism for "to murder [person]".
> 
I didn't have in mind any type of murder or long lasting damage of any soft.

When I said, to "Knock you off with a shovel in the face", I meant a
kind of "Wake up call". But now, as you say it, and as English is
somewhat my first language, even if it's more my second now, I do
remember as a kid / teenager that I would have interpreted that as "To
be turned off".

I was a somewhat literal translation from the french where you can say
"Le réveiller à coup de pelle dans la face" which mean to wake someone
up with a shovel in the face.

So take it as :
A kick in the ass.
A kick in the but.
A slap in the face.
A physical wake up call.
...
Something that will shake you enough that you get the time to think.
Something like...
Hope you understand before you end up 6 month on a hospital bed so you
can get your mind straight.

> Thus, when you wrote "I can only hope that someone will knock you off
> with a shovel in the face", that may have been read as "I can only hope
> that someone one day murders you by smashing your face in with a
> shovel".
> 
> This is, clearly, a *far greater* verbal escalation than merely using
> foul language; I suspect, though I am not certain, that it would be seen
> as grounds for immediate banning from the mailing list.
> 

If it is, then be it.
Which would be somewhat hard to understand has you seem to accept mail
coming from any server and even user not on the mailing list.

Anyway, I kind of believe that this is the type of game played around here.
Sadly, about a month ago, after I asked a question and got a bunch of
stupid answer like :

1. If you are using Gnome then Gnome is your problem. (ha ha ha)
2. Your projects are redundant and useless so give the rack you rent for
Debian usage
3. And those similar stupidity like your good friend Greg said, that is,
we know what's good. Our way is the only way that's good.

A user suggested that I look over at Devuan, because as he said, there's
not much of those kind of foul play and crying game on Devuan.
I didn't went further because I was happy with the actuel SystemD.
But this reminded me all those fork that happens only because people get
stubborn with their idea and take computing for a hard science like
physics and mathematics, with those rigid rules. And that is not the
case... As a basic rule of computing is, if it work for you then it's good.

So as you are the almighty that now believe I shall be banned.
Wish you good luck.

I'll go back like all those ones who take and don't give.
And will surely abstain from sharing my opinions or helping others in
what I may have knowledge.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[mick crane]

On 2021-06-30 10:59, to...@tuxteam.de wrote:

On Tue, Jun 29, 2021 at 02:43:28PM -0400, Greg Wooledge wrote:

[...]


DO NOT USE xhost + WITH ssh -X OR ssh -Y

That was the fucking point.


Calm down. I understand security is close to your heart,
but there's no need to be so vitriolic and borderline
insulting about it.

There are nicer ways to drive the point home that, nowadays,
"xhost +" isn't a good idea, generally.


"f" word is very ancient English word which gives added emphasis 
especially when unexpected
Doesn't bother me but as you say is inappropriate on mailing list and 
I'm sure it's a one-off.


mick
--
Key ID4BFEBB31

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[tomas]

On Tue, Jun 29, 2021 at 02:43:28PM -0400, Greg Wooledge wrote:

[...]

> DO NOT USE xhost + WITH ssh -X OR ssh -Y
> 
> That was the fucking point.

Calm down. I understand security is close to your heart,
but there's no need to be so vitriolic and borderline
insulting about it.

There are nicer ways to drive the point home that, nowadays,
"xhost +" isn't a good idea, generally.

Cheers
 - t


signature.asc
Description: Digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[The Wanderer]

On 2021-06-30 at 05:23, Polyna-Maude Racicot-Summerside wrote:

> Hi,
> 
> On 2021-06-30 4:32 a.m., Andrei POPESCU wrote:
> 
>> On Ma, 29 iun 21, 17:08:16, Polyna-Maude Racicot-Summerside wrote:
>> 
>>> I can only hope that one day someone will knock you off with a
>>> shovel in the face because you said something wrong. This will be
>>> a great day and you'll get back what you serve to others.
>> 
>> Seriously?
>> 
> Yes, whatever great idea you have, even if others are wrong in what
> they say. Nothing justify being rude and lacking respect.
> 
> I never used any swearing word on this mailing list and it won't be
> part in any of my arguments.

It's possible that there may be a miscommunication / confusion here.

At least according to my understanding, the idiom "to knock [person]
off" is commonly understood as a euphemism for "to murder [person]".

Thus, when you wrote "I can only hope that someone will knock you off
with a shovel in the face", that may have been read as "I can only hope
that someone one day murders you by smashing your face in with a
shovel".

This is, clearly, a *far greater* verbal escalation than merely using
foul language; I suspect, though I am not certain, that it would be seen
as grounds for immediate banning from the mailing list.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[The Wanderer]

On 2021-06-30 at 05:23, Polyna-Maude Racicot-Summerside wrote:

> Hi,
> 
> On 2021-06-30 4:32 a.m., Andrei POPESCU wrote:
> 
>> On Ma, 29 iun 21, 17:08:16, Polyna-Maude Racicot-Summerside wrote:
>> 
>>> I can only hope that one day someone will knock you off with a
>>> shovel in the face because you said something wrong. This will be
>>> a great day and you'll get back what you serve to others.
>> 
>> Seriously?
>> 
> Yes, whatever great idea you have, even if others are wrong in what
> they say. Nothing justify being rude and lacking respect.
> 
> I never used any swearing word on this mailing list and it won't be
> part in any of my arguments.

It's possible that there may be a miscommunication / confusion here.

At least according to my understanding, the idiom "to knock [person]
off" is commonly understood as a euphemism for "to murder [person]".

Thus, when you wrote "I can only hope that someone will knock you off
with a shovel in the face", that may have been read as "I can only hope
that someone one day murders you by smashing your face in with a
shovel".

This is, clearly, a *far greater* verbal escalation than merely using
foul language; I suspect, though I am not certain, that it would be seen
as grounds for immediate banning from the mailing list.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[tomas]

On Wed, Jun 30, 2021 at 05:23:49AM -0400, Polyna-Maude Racicot-Summerside wrote:
> Hi,
> 
> On 2021-06-30 4:32 a.m., Andrei POPESCU wrote:
> > On Ma, 29 iun 21, 17:08:16, Polyna-Maude Racicot-Summerside wrote:
> >>
> >> I can only hope that one day someone will knock you off with a shovel in
> >> the face because you said something wrong. This will be a great day and
> >> you'll get back what you serve to others.
> > 
> > Seriously?
> >  
> Yes, whatever great idea you have, even if others are wrong in what they
> say. Nothing justify being rude and lacking respect.

Sorry, Polyna -- I've to agree with Andrei here. "Knocking someone off
with a showel in the face" is, in this context, in my eyes as harsh as
any swear word can be. Even if you relativise it later.

I have the impression that with "swear word" you are alluding to Greg's
in that other thread which converged to "xhost +", and no, I didn't
like that either. Not so much the swear word as rather the generally
aggresive undertone Greg had.

FWIW I don't mind swear words whenever they're not aimed at people,
but since the latter is pretty difficult to pin down "objectively",
independently of cultural background and current perception, I'm fine
with a "no swear word" policy in such a broad mailing list.

Cheers, thanks
 - tomás


signature.asc
Description: Digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-06-30 4:32 a.m., Andrei POPESCU wrote:
> On Ma, 29 iun 21, 17:08:16, Polyna-Maude Racicot-Summerside wrote:
>>
>> I can only hope that one day someone will knock you off with a shovel in
>> the face because you said something wrong. This will be a great day and
>> you'll get back what you serve to others.
> 
> Seriously?
>  
Yes, whatever great idea you have, even if others are wrong in what they
say. Nothing justify being rude and lacking respect.

I never used any swearing word on this mailing list and it won't be part
in any of my arguments.

>> This is a figure of speech, we all agree.
> 
> No, I don't agree. Please don't speak for others.
> 
> As far as I'm concerned it's just inappropriate -- regardless of whether 
> the other party also stepped out of line -- and you claiming it's "just" 
> a figure of speech doesn't make it better.
>  
>> A great man doesn't only try to find mistake others do, he also act with
>> decency and respect.
> 
> Hmm...
> 
Sometime you have the best software solution in the world but the
community around it make people go away.
Sadly, it's what I'm seeing here and this is far from what I expected.

Even if "Greg's" right about unsafe solution, this doesn't mean that all
the solutions will be unsafe. If I run my network behind a firewall and
don't allow outside connection then I can use xhost + or unblock all the
port on my machine, if I feel like it.

Don't get messed up, computer science ain't physic or chemistry. It's
all a question of personal choice, of the will to take risk, of our own
priority, etc. It's far from an exact science (if we can call this a
science). It's closer to liberal arts than to hard science like
chemistry, physics or mathematics.

So if someone think he's got it all right then maybe it's because the
ego's too big. You can run your box the way you want, as long it gives
you what you like.

And I'll give you a example...
I've heard many and many more time people telling me it was "not the way
to do" by creating many different partitions for my hard drive, having a
/tmp, /usr/local, /home, /var, /tmp, etc. Maybe for them it's wrong but
for me, it does the job and even prevent some problem when my GF fill up
her laptop's home partition.

And yes, sometime I did use xhost + because it was easy to do when
running over our home network. Even more that we have a computer that
serve as a router and filter everything, there's was nearly no risk that
someone could "call-in" and connect to the X server from the outside.

I'll tell you a little story about the "Oh it's so great computer and
what we do with them".
Around 2018 I had to go see a conference on Elasticsearch and Logstash
during the IETF 2018 meeting that was in Montreal. Everyone was amazed
with that "solution" being able to give you exact logs for the last
month and doing "day average" after this. All automatic ! WoW they said...

Really ?

In 1982 my father in-law did his master degree in geophysics, analysis
of waveform. He developed an algorithm that does an average over long
period but keep individual values for short periods. This way you get
both the trends and important individual variation. This was somewhat
the same algorithm than LogStash was doing

So yes, I get pretty upset when I see people thinking they are so great
because they think they found a fault in someone's explanation and just
want to show they are so great by pointing it out.

There's nothing of a genius in finding people's error. But what's a
genius is to use our knowledge in context and express it wit
consideration to other's context.

Maybe if he'd have asked "is this for the purpose of learning" before
acting out then he would have received the answer "yes".

Because all this started by giving some way of using X11 that will allow
the end-user to also learn how the inner work does. Because if you use
ssh -X then yes it will work most of the time but you won't get the
knowledge of how it does. This will make you clueless the day there's a
small glitch in ssh. Because in some way, ssh -X does two thing :
setup the DISPLAY variable
redirect some port so that the session appears local to the client.

I'm ain't the one who said "this is fcking stupid" or a sentence of
this kind.

So sorry for all those virgin ears who dislike my figure of speech.

Like my dad says, sometime a good kick in the butt give you much more to
learn than reading two books.

This is now over for myself.
> 
> Kind regards,
> Andrei
> 
Cheer,

Sincerely,
-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Andrei POPESCU]

On Ma, 29 iun 21, 17:08:16, Polyna-Maude Racicot-Summerside wrote:
> 
> I can only hope that one day someone will knock you off with a shovel in
> the face because you said something wrong. This will be a great day and
> you'll get back what you serve to others.

Seriously?
 
> This is a figure of speech, we all agree.

No, I don't agree. Please don't speak for others.

As far as I'm concerned it's just inappropriate -- regardless of whether 
the other party also stepped out of line -- and you claiming it's "just" 
a figure of speech doesn't make it better.
 
> A great man doesn't only try to find mistake others do, he also act with
> decency and respect.

Hmm...


Kind regards,
Andrei
-- 
Loyalty to petrified opinion never yet broke a chain or freed a human 
soul in this world -- and never will. (Mark Twain)


signature.asc
Description: PGP signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Andrei POPESCU]

On Ma, 29 iun 21, 04:56:55, Polyna-Maude Racicot-Summerside wrote:
> 
> On 2021-06-28 11:13 p.m., Greg Wooledge wrote:
> 
> > (Avoid ANY proposed solution that talks about xhost.  Seriously.)
> > 
> Yes, solutions using xhost maybe a bit a pain in the ass but they are
> also some of the nice one that get you a understanding of the inner
> working of the X11 architectures.

I'm guessing Greg is suggesting that because most (possibly all) such 
solutions are unsafe.


Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi my friend,

On 2021-06-29 4:58 p.m., Greg Wooledge wrote:
> On Tue, Jun 29, 2021 at 04:46:48PM -0400, Polyna-Maude Racicot-Summerside 
> wrote:
>> I've read back the whole series of message and no one ever said anything
>> that is somewhat possible to be interpreted as
>> using xhost +x with SSH -X
> 
> https://lists.debian.org/debian-user/2021/06/msg00900.html
> 

I know, but does this justify being rude with people ?

I'm also sure that people are smart enough to read what does options do
and not only type them dumbly because some "dude" say so on a mailing list.

Does because you have a fantastic memory for all the boring computer
stuff make you a god or some type of person that is not subject to
normal rules of manner in society ?

You must be very tired at night, searching thru all the message and
correcting everything you see. I salute you !

I can only hope that one day someone will knock you off with a shovel in
the face because you said something wrong. This will be a great day and
you'll get back what you serve to others.

This is a figure of speech, we all agree.

A great man doesn't only try to find mistake others do, he also act with
decency and respect.

Cheers and enjoy life.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Greg Wooledge]

On Tue, Jun 29, 2021 at 04:46:48PM -0400, Polyna-Maude Racicot-Summerside wrote:
> I've read back the whole series of message and no one ever said anything
> that is somewhat possible to be interpreted as
> using xhost +x with SSH -X

https://lists.debian.org/debian-user/2021/06/msg00900.html

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi,
>> that's how you learned things back in the early 1990s, that's your right,
>> but I hope you will at least point out how INCREDIBLY INSECURE this is,
> 
> I never said in no situation something like "use xhost +".
> The same way as I never said to unblock all the ports on your router or
> to let everyone have access to *sudo* on a server.

I've read back the whole series of message and no one ever said anything
that is somewhat possible to be interpreted as
using xhost +x with SSH -X

Maybe you shall come down a bit.
There's no need for this type of bad word and anger on a happy Debian
mailing list.

For myself, I wouldn't be open to taking advice from someone who can't
express himself without the use of bad manners and swearing word. This
only show a lack of self-control and impulsiveness. Or a profound desire
to *be the best*.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-06-29 2:43 p.m., Greg Wooledge wrote:

> DO NOT USE xhost + WITH ssh -X OR ssh -Y
> 
> That was the fucking point.
WoW...
Take it *easy* there...
> Now, if you want to advocate that people should use xhost + because
I never talked about xhost myself.
And the only thing I said was that by learning how things work from the
inside out, you'll be able to fully understand problems that may arise
when ssh -X does not do what you want automatically.

> that's how you learned things back in the early 1990s, that's your right,
> but I hope you will at least point out how INCREDIBLY INSECURE this is,

I never said in no situation something like "use xhost +".
The same way as I never said to unblock all the ports on your router or
to let everyone have access to *sudo* on a server.

> 
> Even then, you wouldn't combine it with ssh -X.  xhost + and manually
> overriding DISPLAY bypasses the ssh encryption layer entirely.  It also
> involves starting the X server with a non-default option, so it's quite
> a lot more work than using ssh -X.  Which is good.  We wouldn't want the
> horribly broken way to be the easy way.
> 

I never said anything related to using DISPLAY and / or xhost with ssh.

Maybe if you read what it is said in the complete context, then you may
start to get a beginning of a understanding.

You are *messing up* two things.

The first :
I suggested to read some book, someone else gave some good references
for books name as I only suggested "X11 books from O'Reilly".

The second :
I suggested to learn on how does X11 networking infrastructure work. And
this is  how does a client know where to display using the DISPLAY
variable and how does X11 authenticate client.
*As you can see, there's no indication of using xhost*

The third :
This thread suggested to use ssh -X for using a X client and X server on
different machine. As a easier way around.

The fourth :
I suggested to still learn the inner working of X authentication so that
if a problem arise with ssh -X then you'll be able to do some diagnostic
yourself.

The fifth :
You show up and(whatever)

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Lucas Castro]

Jesus h

Em 29 de junho de 2021 15:58:49 BRT, "Andrew M.A. Cater"  
escreveu:
>On Tue, Jun 29, 2021 at 02:43:28PM -0400, Greg Wooledge wrote:
>> > On 2021-06-29 1:27 p.m., Greg Wooledge wrote:
>> > > On Tue, Jun 29, 2021 at 04:33:50PM +, Andrew M.A. Cater
>wrote:
>> > >> ssh -Y is similar to ssh -X but does some authentication - yuu
>don't have
>> > >> to use xhost+ or similar.
>> > > 
>> > > You don't use xhost with ssh -X, either.  At least, not
>explicitly.
>> > > ssh takes care of that for you.
>> > > 
>> > > In fact, on Debian, ssh -X and ssh -Y do exactly the same thing,
>due
>> > > to changes that Debian made.  This is documented in the ssh(1)
>man page.
>> > > 
>> > > If you've been using "xhost +" together with "ssh -X", you've
>been doing
>> > > it wrong (and *dramatically* destroying all your network
>security) all
>> > > along.
>> 
>> On Tue, Jun 29, 2021 at 02:05:18PM -0400, Polyna-Maude
>Racicot-Summerside wrote:
>> > What I stated was pretty simple :
>> 
>> That was the fucking point.
>> 
>
>Greg: If it helps, I get that - and have always got it. I hadn't
>appreciated
>that - for Debian - ssh -X and ssh -Y are essentially identical. Thanks
>for the pointer.
>
>Sorry to have created any confusion.
>
>It's _nearly_ July 1st. Tomorrow sometime I'll be getting round to
>reposting
>the debian-user mailing list FAQ. Please, no rude words, especially the
>f-ing
>word? As frustrating as any of us can be, it doesn't add merit to
>argument.
>Email is already hard enugh to understand and appreciate: there are
>folk
>here where English is a non-native language and swear words don't help
>carry meaning.
>
>
>All the very best to you both - and everybody reading and using this
>list
>and it's archives.
>
>Andy Cater
>
>> 
>> Now, if you want to advocate that people should use xhost + because
>> that's how you learned things back in the early 1990s, that's your
>right,
>> but I hope you will at least point out how INCREDIBLY INSECURE this
>is,
>> and that it should only be done on an isolated private network, and
>only
>> for educational purposes, never for actual work.
>> 
>> Even then, you wouldn't combine it with ssh -X.  xhost + and manually
>> overriding DISPLAY bypasses the ssh encryption layer entirely.  It
>also
>> involves starting the X server with a non-default option, so it's
>quite
>> a lot more work than using ssh -X.  Which is good.  We wouldn't want
>the
>> horribly broken way to be the easy way.
>> 

-- 
Enviado de meu dispositivo Android com K-9 mail. Desculpe-me pela brevidade.

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Andrew M.A. Cater]

On Tue, Jun 29, 2021 at 02:43:28PM -0400, Greg Wooledge wrote:
> > On 2021-06-29 1:27 p.m., Greg Wooledge wrote:
> > > On Tue, Jun 29, 2021 at 04:33:50PM +, Andrew M.A. Cater wrote:
> > >> ssh -Y is similar to ssh -X but does some authentication - yuu don't have
> > >> to use xhost+ or similar.
> > > 
> > > You don't use xhost with ssh -X, either.  At least, not explicitly.
> > > ssh takes care of that for you.
> > > 
> > > In fact, on Debian, ssh -X and ssh -Y do exactly the same thing, due
> > > to changes that Debian made.  This is documented in the ssh(1) man page.
> > > 
> > > If you've been using "xhost +" together with "ssh -X", you've been doing
> > > it wrong (and *dramatically* destroying all your network security) all
> > > along.
> 
> On Tue, Jun 29, 2021 at 02:05:18PM -0400, Polyna-Maude Racicot-Summerside 
> wrote:
> > What I stated was pretty simple :
> 
> That was the fucking point.
> 

Greg: If it helps, I get that - and have always got it. I hadn't appreciated
that - for Debian - ssh -X and ssh -Y are essentially identical. Thanks
for the pointer.

Sorry to have created any confusion.

It's _nearly_ July 1st. Tomorrow sometime I'll be getting round to reposting
the debian-user mailing list FAQ. Please, no rude words, especially the f-ing
word? As frustrating as any of us can be, it doesn't add merit to argument.
Email is already hard enugh to understand and appreciate: there are folk
here where English is a non-native language and swear words don't help
carry meaning.


All the very best to you both - and everybody reading and using this list
and it's archives.

Andy Cater

> 
> Now, if you want to advocate that people should use xhost + because
> that's how you learned things back in the early 1990s, that's your right,
> but I hope you will at least point out how INCREDIBLY INSECURE this is,
> and that it should only be done on an isolated private network, and only
> for educational purposes, never for actual work.
> 
> Even then, you wouldn't combine it with ssh -X.  xhost + and manually
> overriding DISPLAY bypasses the ssh encryption layer entirely.  It also
> involves starting the X server with a non-default option, so it's quite
> a lot more work than using ssh -X.  Which is good.  We wouldn't want the
> horribly broken way to be the easy way.
> 

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Greg Wooledge]

> On 2021-06-29 1:27 p.m., Greg Wooledge wrote:
> > On Tue, Jun 29, 2021 at 04:33:50PM +, Andrew M.A. Cater wrote:
> >> ssh -Y is similar to ssh -X but does some authentication - yuu don't have
> >> to use xhost+ or similar.
> > 
> > You don't use xhost with ssh -X, either.  At least, not explicitly.
> > ssh takes care of that for you.
> > 
> > In fact, on Debian, ssh -X and ssh -Y do exactly the same thing, due
> > to changes that Debian made.  This is documented in the ssh(1) man page.
> > 
> > If you've been using "xhost +" together with "ssh -X", you've been doing
> > it wrong (and *dramatically* destroying all your network security) all
> > along.

On Tue, Jun 29, 2021 at 02:05:18PM -0400, Polyna-Maude Racicot-Summerside wrote:
> What I stated was pretty simple :

I wasn't replying to what *you* said.  I was replying to something that
Andrew Cater said.

> It's of not much use to start debate without reading fully the thread.

I was replying to *one* message from a person who *was not you*, because
that message contained massively important wrongness.

It is important that this wrongness be called out and eradicated if
possible.  Because it's *dangerously* wrong.

Your points about "people should start out by doing it the way we did it
back in 1991 so they learn the old ways first, and then they can move on
to the new ways" are irrelevant to my point from *that* message, which was:

DO NOT USE xhost + WITH ssh -X OR ssh -Y

That was the fucking point.


Now, if you want to advocate that people should use xhost + because
that's how you learned things back in the early 1990s, that's your right,
but I hope you will at least point out how INCREDIBLY INSECURE this is,
and that it should only be done on an isolated private network, and only
for educational purposes, never for actual work.

Even then, you wouldn't combine it with ssh -X.  xhost + and manually
overriding DISPLAY bypasses the ssh encryption layer entirely.  It also
involves starting the X server with a non-default option, so it's quite
a lot more work than using ssh -X.  Which is good.  We wouldn't want the
horribly broken way to be the easy way.

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-06-29 1:27 p.m., Greg Wooledge wrote:
> On Tue, Jun 29, 2021 at 04:33:50PM +, Andrew M.A. Cater wrote:
>> ssh -Y is similar to ssh -X but does some authentication - yuu don't have
>> to use xhost+ or similar.
> 
> You don't use xhost with ssh -X, either.  At least, not explicitly.
> ssh takes care of that for you.
> 
> In fact, on Debian, ssh -X and ssh -Y do exactly the same thing, due
> to changes that Debian made.  This is documented in the ssh(1) man page.
> 
> If you've been using "xhost +" together with "ssh -X", you've been doing
> it wrong (and *dramatically* destroying all your network security) all
> along.
> 

This is going pretty much side way now.
What I stated was pretty simple :
Unrelated to efficacy, ease of use or whatever other consideration.
Learning how to use the DISPLAY variable and learning how does xhost
work, is a good way to get understanding of the separation between
client and server, plus how does X11 authenticate connections.

I am the person who introduced using DISPLAY and setting up X client and
server the "old way". Why, simply that for someone who doesn't have any
knowledge about X and the way it deals with machine separated thru a
network, this will force the person some learning that will be helpful
later on.

Yes, using ssh -X work great but if you get some problem, you won't have
gotten any knowledge on how it really work "behind the scene".

By learning the whole way of how X11 work on network, this will teach
you that simply said, we could reduce ssh to :
Using port redirection to allow remote client to be seen as local
AND
Setting up the DISPLAY variable accordingly.

It's of not much use to start debate without reading fully the thread.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Greg Wooledge]

On Tue, Jun 29, 2021 at 04:33:50PM +, Andrew M.A. Cater wrote:
> ssh -Y is similar to ssh -X but does some authentication - yuu don't have
> to use xhost+ or similar.

You don't use xhost with ssh -X, either.  At least, not explicitly.
ssh takes care of that for you.

In fact, on Debian, ssh -X and ssh -Y do exactly the same thing, due
to changes that Debian made.  This is documented in the ssh(1) man page.

If you've been using "xhost +" together with "ssh -X", you've been doing
it wrong (and *dramatically* destroying all your network security) all
along.

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Andrew M.A. Cater]

On Tue, Jun 29, 2021 at 12:13:53PM -0400, Polyna-Maude Racicot-Summerside wrote:
> Hi,
> 
> On 2021-06-29 5:52 a.m., IL Ka wrote:
> > 
> > 
> > There's plenty of book you can find by searching on Google with the
> > subject "X11 architecture" or something similar.
> > 
> > There is a classic "Definitive Guides to the X Window System" series.
> > https://www.oreilly.com/library/view/x-windows-system/9780937175835/
> > <https://www.oreilly.com/library/view/x-windows-system/9780937175835/>
> > Also
> > https://www.oreilly.com/library/view/x-window-system/9780937175149/
> > <https://www.oreilly.com/library/view/x-window-system/9780937175149/>
> > 
> > 
> Just wanted to say thanks, I have many books on X11 but they are all
> paper and in my library. I only had in mind a book by O'Reilly so it's
> why I didn't put down any name.
> 
> As this guy talks about a campus, he probably has access to college /
> university library. Often the "classic" books that date from the time of
> X11R6 are laying around there. Those may not cover the latest techniques
> but they describe the big concepts of X11.
> 
> It's always great to see cooperative work ;-)
> 
> -- 
> Polyna-Maude R.-Summerside
> -Be smart, Be wise, Support opensource development
> 

ssh -Y is similar to ssh -X but does some authentication - yuu don't have
to use xhost+ or similar.

All best, as ever,

Andy Cater

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-06-29 5:52 a.m., IL Ka wrote:
> 
> 
> There's plenty of book you can find by searching on Google with the
> subject "X11 architecture" or something similar.
> 
> There is a classic "Definitive Guides to the X Window System" series.
> https://www.oreilly.com/library/view/x-windows-system/9780937175835/
> <https://www.oreilly.com/library/view/x-windows-system/9780937175835/>
> Also
> https://www.oreilly.com/library/view/x-window-system/9780937175149/
> <https://www.oreilly.com/library/view/x-window-system/9780937175149/>
> 
> 
Just wanted to say thanks, I have many books on X11 but they are all
paper and in my library. I only had in mind a book by O'Reilly so it's
why I didn't put down any name.

As this guy talks about a campus, he probably has access to college /
university library. Often the "classic" books that date from the time of
X11R6 are laying around there. Those may not cover the latest techniques
but they describe the big concepts of X11.

It's always great to see cooperative work ;-)

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[IL Ka]

>
>
>
> There's plenty of book you can find by searching on Google with the
> subject "X11 architecture" or something similar.
>
> There is a classic "Definitive Guides to the X Window System" series.
https://www.oreilly.com/library/view/x-windows-system/9780937175835/
Also
https://www.oreilly.com/library/view/x-window-system/9780937175149/

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-06-28 11:13 p.m., Greg Wooledge wrote:
> On Mon, Jun 28, 2021 at 10:46:01PM -0400, Polyna-Maude Racicot-Summerside 
> wrote:
>> On 2021-06-28 10:12 p.m., Rick Thomas wrote:
>>> I'd love to be able to do that!  E.g. a headless machine with plenty of RAM 
>>> and CPU power to run Mate, but located in a locked building on the other 
>>> side of campus.
>>>
>>> What do I need to install to do that?  And what are the configuration 
>>> options?
> 
>> There's plenty of book you can find by searching on Google with the
>> subject "X11 architecture" or something similar.
>>
>> Simply made,
>> You have the server (the part the display on a screen, ex all the
>> xserver-xorg-*)
>> and
>> You have the client (the software that ask stuff to be displayed, ex : GIMP)
>> Plus you have a window manager that give a "look" to the windows example
>> Gnome / KDE / TWM...
> 
> You also probably want a Display Manager package, configured to use XDMCP.
> 
>> What will make it possible to choose where the client display is by
>> setting DISPLAY variable.
> 
> That would be a heavily piecemeal approach, and there's a bit more to it
> than that.
> 
I know there's much more to this than only setting up the DISPLAY variable.
But, unless this is called a complete tutorial and I'll do all your work
mailing list, then I have the firm belief that if he really want to have
a working solution then he's also gonna do part of the work.

The guy talks about a solution on a campus. So if he's trying to build
such solution then it's a must to be able doing some research on his
own. Or at least reading a "old like myself" HOWTO !

I ain't gonna write back what can be found elsewhere (Wiki, Debian Docs,
etc) regarding the complete sequence of authentication for using remote
display of client for the X11 protocol.

> If you're trying to do this without full XDMCP sessions, an easier
> approach to running one-off X11 clients remotely would be X11 forwarding
> over ssh.  Simply make sure X11 forwarding is enabled on the server's
> sshd_config, and then "ssh -X" from the client to the server, and run
> the single program(s) you want to run.
> 
You may need some configuration on the ssh server side so do a *man
ssh_config* to get the info needed.

> (Avoid ANY proposed solution that talks about xhost.  Seriously.)
> 
Yes, solutions using xhost maybe a bit a pain in the ass but they are
also some of the nice one that get you a understanding of the inner
working of the X11 architectures.
> I still think they're looking for XDMCP sessions, though.
> 

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Greg Wooledge]

On Mon, Jun 28, 2021 at 10:46:01PM -0400, Polyna-Maude Racicot-Summerside wrote:
> On 2021-06-28 10:12 p.m., Rick Thomas wrote:
> > I'd love to be able to do that!  E.g. a headless machine with plenty of RAM 
> > and CPU power to run Mate, but located in a locked building on the other 
> > side of campus.
> > 
> > What do I need to install to do that?  And what are the configuration 
> > options?

> There's plenty of book you can find by searching on Google with the
> subject "X11 architecture" or something similar.
> 
> Simply made,
> You have the server (the part the display on a screen, ex all the
> xserver-xorg-*)
> and
> You have the client (the software that ask stuff to be displayed, ex : GIMP)
> Plus you have a window manager that give a "look" to the windows example
> Gnome / KDE / TWM...

You also probably want a Display Manager package, configured to use XDMCP.

> What will make it possible to choose where the client display is by
> setting DISPLAY variable.

That would be a heavily piecemeal approach, and there's a bit more to it
than that.

If you're trying to do this without full XDMCP sessions, an easier
approach to running one-off X11 clients remotely would be X11 forwarding
over ssh.  Simply make sure X11 forwarding is enabled on the server's
sshd_config, and then "ssh -X" from the client to the server, and run
the single program(s) you want to run.

(Avoid ANY proposed solution that talks about xhost.  Seriously.)

I still think they're looking for XDMCP sessions, though.

Re: X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Polyna-Maude Racicot-Summerside]

Hi,

On 2021-06-28 10:12 p.m., Rick Thomas wrote:
> On Sun, Jun 27, 2021, at 8:33 AM, Peter Ehlert wrote:
>>> X clients like MATE don't directly depend on an X server, because in
>>> theory, the X server could be on a different machine.
> 
> I'd love to be able to do that!  E.g. a headless machine with plenty of RAM 
> and CPU power to run Mate, but located in a locked building on the other side 
> of campus.
> 
> What do I need to install to do that?  And what are the configuration options?
> 
There's plenty of book you can find by searching on Google with the
subject "X11 architecture" or something similar.

Simply made,
You have the server (the part the display on a screen, ex all the
xserver-xorg-*)
and
You have the client (the software that ask stuff to be displayed, ex : GIMP)
Plus you have a window manager that give a "look" to the windows example
Gnome / KDE / TWM...

What will make it possible to choose where the client display is by
setting DISPLAY variable.

You'll find some info about all of this by reading the Debian Handbook
and the Wiki.

> AtDhVaAnNkCsE (thanks in ADVANCE)
> Rick
> 

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development



OpenPGP_signature
Description: OpenPGP digital signature

X server running on a different machine [Re: Wanted: a special purpose Debian installer]

[Rick Thomas]

On Sun, Jun 27, 2021, at 8:33 AM, Peter Ehlert wrote:
> > X clients like MATE don't directly depend on an X server, because in
> > theory, the X server could be on a different machine.

I'd love to be able to do that!  E.g. a headless machine with plenty of RAM and 
CPU power to run Mate, but located in a locked building on the other side of 
campus.

What do I need to install to do that?  And what are the configuration options?

AtDhVaAnNkCsE (thanks in ADVANCE)
Rick

Re: Wanted: a special purpose Debian installer

[Brian]

On Sun 27 Jun 2021 at 08:33:58 -0700, Peter Ehlert wrote:

> 
> On 6/27/21 7:37 AM, Greg Wooledge wrote:
> > On Sun, Jun 27, 2021 at 07:31:57AM -0700, Peter Ehlert wrote:
> > > On 6/27/21 12:29 AM, Curt wrote:
> > > > On 2021-06-25, Richard Owlett  wrote:
> > > > > One paragraph of "Debian GNU/Linux Installation Guide"[1] causes me
> > > > > grief. It is part of "6.3.5. Installing the Base System"[2].
> > > > > 
> > > > Install only the standard system utilities with the installer,
> > > > and then once you have a core system up and running install
> > > > 
> > > >mate-desktop-environment-core
> > > > 
> > > > which is purported to be the minimal set of packages for Mate.
> > > good thought,
> > > 
> > > I tried that just now but something is still missing.
> > > nada, no desktop, only the command line and "startx not found"
> > You also need to install "xorg", which will bring in the X server and
> > various utilities to make it run, including startx (which is in the
> > xinit package, which is a direct dependency of xorg).
> Thanks, that works
> I do still need to run startx but that's not a problem

For veteran Debian users the special purpose Debian installer to
install MATE is accessed after first boot with

  apt install task-mate-desktop --no-install-recommends

Also available from the installer itself with the correct degree
of tickling.

-- 
Brian.

Re: Wanted: a special purpose Debian installer

[Greg Wooledge]

On Sun, Jun 27, 2021 at 08:33:58AM -0700, Peter Ehlert wrote:
> 
> On 6/27/21 7:37 AM, Greg Wooledge wrote:
> > You also need to install "xorg", which will bring in the X server and
> > various utilities to make it run, including startx (which is in the
> > xinit package, which is a direct dependency of xorg).
> Thanks, that works
> I do still need to run startx but that's not a problem

Some of us prefer it that way.

If you'd like a graphical login screen, choose one of the Display Manager
package (perhaps lightdm or gdm3) and install that.  This will change
how you login, which will change which dot files you need to edit to make
things happen.

Re: Wanted: a special purpose Debian installer

[Peter Ehlert]

On 6/27/21 7:37 AM, Greg Wooledge wrote:

On Sun, Jun 27, 2021 at 07:31:57AM -0700, Peter Ehlert wrote:

On 6/27/21 12:29 AM, Curt wrote:

On 2021-06-25, Richard Owlett  wrote:

One paragraph of "Debian GNU/Linux Installation Guide"[1] causes me
grief. It is part of "6.3.5. Installing the Base System"[2].


Install only the standard system utilities with the installer,
and then once you have a core system up and running install

   mate-desktop-environment-core

which is purported to be the minimal set of packages for Mate.

good thought,

I tried that just now but something is still missing.
nada, no desktop, only the command line and "startx not found"

You also need to install "xorg", which will bring in the X server and
various utilities to make it run, including startx (which is in the
xinit package, which is a direct dependency of xorg).

Thanks, that works
I do still need to run startx but that's not a problem


X clients like MATE don't directly depend on an X server, because in
theory, the X server could be on a different machine.

Re: Wanted: a special purpose Debian installer

[Greg Wooledge]

On Sun, Jun 27, 2021 at 07:31:57AM -0700, Peter Ehlert wrote:
> 
> On 6/27/21 12:29 AM, Curt wrote:
> > On 2021-06-25, Richard Owlett  wrote:
> > > One paragraph of "Debian GNU/Linux Installation Guide"[1] causes me
> > > grief. It is part of "6.3.5. Installing the Base System"[2].
> > > 
> > Install only the standard system utilities with the installer,
> > and then once you have a core system up and running install
> > 
> >   mate-desktop-environment-core
> > 
> > which is purported to be the minimal set of packages for Mate.
> 
> good thought,
> 
> I tried that just now but something is still missing.
> nada, no desktop, only the command line and "startx not found"

You also need to install "xorg", which will bring in the X server and
various utilities to make it run, including startx (which is in the
xinit package, which is a direct dependency of xorg).

X clients like MATE don't directly depend on an X server, because in
theory, the X server could be on a different machine.