[DNG] http://packages.devuan.org/merged/pool/ empty?
I've just tried to update my systen and found this: http://packages.devuan.org/merged ascii/main amd64 libc6 amd64 2.22-4 [ERROR] 404 Not Found so I went to http://packages.devuan.org/ and found that the /merged/pool/ subdirectory is empty Is this normal? Regards Noel er Envite binGX_eaV9y6I.bin Description: Clave PGP pública pgppDpPEoc9bQ.pgp Description: Firma digital PGP ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] useradd defaults
Am 04.04.2016 um 08:58 schrieb Boruch Baum: > [...] > I'm getting a bit uncomfortable about starting this thread, because > upon reflection, it seems that one consequence of setting the > system-wide may be that the 027 umask will end up having some system > account creating a file that should be world-readable or > world-executable, but because of the umask, it now would not be, and > so would break stuff. This is why a process creating a file that needs to have a specific mode must use chmod(2) to set that mode and may not rely on a specific setting of umask. Kind regards, T. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Subject: Re: useradd defaults
>> I'm getting a bit uncomfortable about starting this thread, because upon >> reflection, it seems that one consequence of setting the system-wide may >> be that the 027 umask will end up having some system account creating a >> file that should be world-readable or world-executable, but because of >> the umask, it now would not be, and so would break stuff. My intent was >> to protect data of one user from other users, which could be done by >> making the change in .profile or even in the default .bashrc. >> > > I was actually waiting for somebody to realise this before answering > your email. In a "Universal OS" there is much more than the > preferences of single specific users, or specific applications, or > specific environments. There is the necessity to accommodate a huge > number of different scenarios and use cases. In short, that's why you > have the umask set by default to 022. Any user can change this > behaviour to a more restrictive one, if they need so. Yes indeed - permission errors are among the most common difficulties that inexperienced users encounter when they first start with Linux. Long ago, I tried setting my own umask to 077, thinking that it would enhance my security. Didn't occur to me until later that it broke all the web pages I created and uploaded to my site, since no one but me could read them. Once I realized it, I was able to fix the problem with chmod, but it was easy enough to forget to do that when creating a new page, and I eventually decided the only sane solution was to go back to umask 022, which was the default. I ran into the above problem after I'd been using Linux for about five years, and I understood the cause once somebody complained to me that he couldn't read my site even though I still could. However, had I run into this difficulty earlier in my Linux career, I probably would not have been able to figure out the cause, and would have concluded that "Linux is no good." So I favor keeping the default umask at 022, and let users tweak their own .bashrc and .profile if they want more restrictive security. cheers, Robert ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ...and when trolling went too far
On Mon, 04 Apr 2016 11:09:01 +0300 Mitt Green wrote: > https://en.wikipedia.org/w/index.php?title=Lennart_Poettering&oldid=703955376 Occupation: Bloatware generator. I would have added: Slogan: Do you hate disabled people ? SteveT Steve Litt March 2016 featured book: Quit Joblessness: Start Your Own Business http://www.troubleshooters.com/startbiz ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Another multi-user issue
Boruch Baum writes: - some clarifications as I tend to forget how far remove from 'everyday experiences' this stuff happens to be - > On 04/04/2016 11:22 AM, Rainer Weikusat wrote: [...] >> [*] "Everyday real-world example": One of the things I'm dealing with >> is a proprietary racoon fork part of a VPN product for mobiles >> (hefty simplification). I usually don't work on code as root but in >> case I need to run a debugging session, I have to run the debugger as >> root as it will need to be able to control a privileged process, >> namely, the IKE daemon. Being prevented from seeing my own processes >> via ps because they happen to be running with elevated privileges >> would at least be a nuisance. > You're trying to make a case for lowering system security using an > example of a project meant to raise system security. It seems to me, as > an outsider to your case, that you would be compromising your ipsec > efforts There are no "IPsec efforts" to compromise here -- I'm working as developer on a product which includes racoon (IKEv1 implementation) and whose purpose (one of them, at least) is to provide remote access VPNs to iOS, OS X, Windows and Android devices. The machines in question here would either be development servers run by my employer or production appliances. VPN user itself have no access to either system, only 'tech staff' has. [...] > Finally, in the case you mentioned, I'm not certain I understand what > you mean when you say you would be "prevented from seeing my own > processes via ps because they happen to be running with elevated > privileges" - you said earlier that you run the debugger as root, and as > root you would be seeing ALL processes. I'm running the debugger as root via sudo. But not any other shell session on the same computer. > If you're not running as root, you would still be seeing all the other > processes of your shared group. Also, there's a plethora of processes involved here using many different user and group IDs, depending on what kind of privileges they need and what access to generally protected information they require. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] useradd defaults
Boruch Baum writes: [...] > 2.2] umask. This was a shocker, security-wise. The default umask is set > to 022 instead of the better 027 or, my preference, 077. My memory is > that on other systems on which I've seen the command seemingly > hard-coded for 022, the fix to 027 or 077 was placed in this file. Ultimatively, the lineage of everything-UNIX(*) is that of a research and development system used by a group of people who weren't fighting each other. Hence, the default policy of every file being world-readable unless this is specifically prevented. Other people have had even more 'radical' ideas about this in the past. In the old days on ITS it was considered desirable that everyone could look at any file, change any file, because we had reasons to. I remember one interesting scandal where somebody sent a request for help in using Macsyma. Macsyma is a symbolic algebra program that was developed at MIT. He sent to one of the people working on it a request for some help, and he got an answer a few hours later from somebody else. He was horrified, he sent a message “so-and-so must be reading your mail, can it be that mail files aren't properly protected on your system?” “Of course, no file is protected on our system. What's the problem? You got your answer sooner; why are you unhappy? Of course we read each other's mail so we can find people like you and help them”. Some people just don't know when they're well off. http://www.gnu.org/philosophy/stallman-kth.en.html ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Another multi-user issue
Boruch Baum writes: > On 04/04/2016 11:22 AM, Rainer Weikusat wrote: >> Boruch Baum writes: >>> Please consider setting the default /etc/fstab to include: >>> >>> proc/proc procdefaults,hidepid=2 >>> >>> This has the effect of keeping the specific activities, process >>> ids, command lines and parameters of a user from other users. >> >> If you think that's useful to you, why don't you just use it. > I do. > >> It's not useful to me[*] and - IMHO - generally useless on any system >> where more than one user with privileged access works on a >> cooperative projects. > My understanding is that the intention of the design of the UNIX > architecture in such cases is to have members of a 'project' be assigned > a similar 'group' to allow mutual 'group' access. At least for this situation (and presumably many similar ones), it's desirable that every locally defined users has full access to all usually public information about the system, eg, what processes are running. >> [*] "Everyday real-world example": One of the things I'm dealing with >> is a proprietary racoon fork part of a VPN product for mobiles >> (hefty simplification). I usually don't work on code as root but in >> case I need to run a debugging session, I have to run the debugger as >> root as it will need to be able to control a privileged process, >> namely, the IKE daemon. Being prevented from seeing my own processes >> via ps because they happen to be running with elevated privileges >> would at least be a nuisance. > You're trying to make a case for lowering system security using an > example of a project meant to raise system security. I didn't make any statements of this generality. > It seems to me, as an outsider to your case, that you would be > compromising your ipsec efforts with the large and elementary security > hole you're willing to make - to allow any one / any process to see > every other. In my opinion, this isn't "a large and elementary security hole". The default behaviour is useful for me for the reasons I gave. It's further useful in every situation where 'local users with shell access' are not considered untrusted. Further, no system I ever had an account on which was considered an untrusted one behaved in the way you suggest. Even on Windows (I occasionally use for client-testing), the process list is public. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] useradd defaults
On Mon, Apr 04, 2016 at 08:53:29PM +0800, Brad Campbell wrote: > On 04/04/16 16:19, KatolaZ wrote: > > >(unfortunately Linux does not run on microcontrollers, yet, mainly due > >to the general lack of some form of underlying MMU in the vast > >majority of microcontrollers...). > > http://www.uclinux.org/index.html > > It has been around for years :) I ran it for quite a while on some > m68k processors before I moved to embedded Intel boards. > Well, I would call the 68K a microprocessor, not a microcontroller, but that might be just a matter of taste, or nomenclature :) I know uCLinux, and I have used it as well, in several contexts. My previous comment was a reply in the specific context of Debian/Devuan being a "Universal OS", and what I intended to say is that you can't just take a vanilla kernel + some utils (more or less what you have on a Devuan) and put them in a microcontroller, since this requires some extra stuff that Linux does not natively provide (and that, obviously, something like uCLinux provides). But I admit that the wording was at least misleading ;) HND KatolaZ -- [ Enzo Nicosia aka KatolaZ --- GLUG Catania -- Freaknet Medialab ] [ me [at] katolaz.homeunix.net -- http://katolaz.homeunix.net -- ] [ GNU/Linux User:#325780/ICQ UIN: #258332181/GPG key ID 0B5F062F ] [ Fingerprint: 8E59 D6AA 445E FDB4 A153 3D5A 5F20 B3AE 0B5F 062F ] ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] useradd defaults
On 04/04/16 16:19, KatolaZ wrote: (unfortunately Linux does not run on microcontrollers, yet, mainly due to the general lack of some form of underlying MMU in the vast majority of microcontrollers...). http://www.uclinux.org/index.html It has been around for years :) I ran it for quite a while on some m68k processors before I moved to embedded Intel boards. Regards, Brad ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Another multi-user issue
On 04/04/2016 11:22 AM, Rainer Weikusat wrote: > Boruch Baum writes: >> Please consider setting the default /etc/fstab to include: >> >> proc/proc procdefaults,hidepid=2 >> >> This has the effect of keeping the specific activities, process >> ids, command lines and parameters of a user from other users. > > If you think that's useful to you, why don't you just use it. I do. > It's not useful to me[*] and - IMHO - generally useless on any system > where more than one user with privileged access works on a > cooperative projects. My understanding is that the intention of the design of the UNIX architecture in such cases is to have members of a 'project' be assigned a similar 'group' to allow mutual 'group' access. > [*] "Everyday real-world example": One of the things I'm dealing with > is a proprietary racoon fork part of a VPN product for mobiles > (hefty simplification). I usually don't work on code as root but in > case I need to run a debugging session, I have to run the debugger as > root as it will need to be able to control a privileged process, > namely, the IKE daemon. Being prevented from seeing my own processes > via ps because they happen to be running with elevated privileges > would at least be a nuisance. You're trying to make a case for lowering system security using an example of a project meant to raise system security. It seems to me, as an outsider to your case, that you would be compromising your ipsec efforts with the large and elementary security hole you're willing to make - to allow any one / any process to see every other. Another approach I've seen in some linux distributions intended for security / forensic research and testing is to expect the user to always be running as root (Kali linux comes to mind in that regard). As a security-conscious person, you seem to be advocating a default of lack-of-security, where the universal set of devuan users would have to a] be aware of the vulnerability, and b] take a positive action to opt-in to be secure. My position is that this is a basic security precaution that should be opt-out, not opt-in. Most users won't notice, except possibly for lack of clutter in their htop / ps -aux output. More sophisticated users with a specific need like yours can make the judgment call, as masters of their own destiny, to drop the feature (or set up some other access control regimen), Finally, in the case you mentioned, I'm not certain I understand what you mean when you say you would be "prevented from seeing my own processes via ps because they happen to be running with elevated privileges" - you said earlier that you run the debugger as root, and as root you would be seeing ALL processes. If you're not running as root, you would still be seeing all the other processes of your shared group. -- hkp://keys.gnupg.net CA45 09B5 5351 7C11 A9D1 7286 0036 9E45 1595 8BC0 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Another multi-user issue
Boruch Baum writes: > Please consider setting the default /etc/fstab to include: > > proc/proc procdefaults,hidepid=2 > > This has the effect of keeping the specific activities, process ids, > command lines and parameters of a user from other users. If you think that's useful to you, why don't you just use it. It's not useful to me[*] and - IMHO - generally useless on any system where more than one user with privileged access works on a cooperative projects. [*] "Everyday real-world example": One of the things I'm dealing with is a proprietary racoon fork part of a VPN product for mobiles (hefty simplification). I usually don't work on code as root but in case I need to run a debugging session, I have to run the debugger as root as it will need to be able to control a privileged process, namely, the IKE daemon. Being prevented from seeing my own processes via ps because they happen to be running with elevated privileges would at least be a nuisance. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ...and when trolling went too far
Mitt Green writes: > https://en.wikipedia.org/w/index.php?title=Lennart_Poettering&oldid=703955376 The joke is a little too clumsy to qualify as well-done satire and I could have done without being notified of it ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Nicht alles was hinkt ist ein Vergleich (was: ...and when trolling went too far)
Boruch Baum writes: [...] > You know what. How about this. Think of systemd as that girlfriend you > broke up with. You've decided to dump systemd, Did I? It rather reminds me of these commercial ladies I meet in the streets every once in a while and who can - at times - be very inisistent when advertising their services --- "I'm sorry and I surely don't 'hate' you, however, I didn't ask for this, don't think it's good for anything and would - apart from that - like to go home to cook diner instead of having this conversation, no disrespect intended". ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ...and when trolling went too far
Boruch Baum wrote: You know what. How about this. Think of systemd as that girlfriend you broke up with. You've decided to dump systemd, so be done with it. Leave it behind and move on. It's over. If you can't forget about her, its not over, and frankly, something in your head is messed up. A girlfriend that gave me gonorrhea, because I was dull enough not to use a "barrier device". And that slut now wants to sleep with everyone around the block. Who would be the next? Slack, that old guy once was considered conservative? Or his dog, he calls it "Puppy"? The answer is: I don't care. Nobody does. Ye too. I sent it to show some creep with Hungarian IP address that has piles in his arse. You are right. Rants seem to be over, or, at least, I don't care about them. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ...and when trolling went too far
Boruch Baum wrote: > Sorry to ruin the party, but I'll object to it because its just not a > nice thing to do, and its an awful thing to mess up content on the fine > site that is wikipedia. +1 for that Regardless of what people think of him, it's not a grown up or pleasant thing to do. >> There is obviously enough demand for systemd. So challenging his actions >> on a technical level would be difficult. What is strange is how ditros >> other than RH have jumped on the bandwagon - especially Debian. I don't find it strange at all. I haven't been following things all that closely, but it looks very much to me as though the vandals have been rapidly inserting dependencies into so much software that it gets harder and harder to keep them out. So if your choice is between spending a lot of resource that your don't have ripping out all the crapware, or "adopting" systemd then it's fairly clear what the choice is going to be. > You know what. How about this. Think of systemd as that girlfriend you > broke up with. You've decided to dump systemd, so be done with it. Leave > it behind and move on. It's over. If you can't forget about her, its not > over, and frankly, something in your head is messed up. Where the analogy falls down is if the ex girlfriend lives in the flat next door, works in the same office, and is actively dating all your friends, and goes to the same pubs/restaurants as you do ... so it takes a lot of effort to avoid her. So you've decided to put her behind you, but you just can't stop her intruding into your life. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ...and when trolling went too far
Simon Walter wrote: ...so challenging his actions on a technical level would be difficult. Not really. Take a look at systemd changelogs, and you'll find out, how many new "features" it has now. It now has X11 and a terminal. And your screen brightness can't be lower than 5%, because the machine will not reboot. There are actually many, many insane design solutions, for more, as I said, refer to their changelogs. Mitt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] xscreensaver issues (including hardcoded DEBIAN!)
Le 03/04/2016 23:18, Hendrik Boom a écrit : It's a formal art form, and occasionally amusing. Yes, some are really nice to watch. I'd like to be able to run them independtly of the concept of a screen-saver which doesn't make much sense today. Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ...and when trolling went too far
I'm NOT specifically ranting against either Simon or Trond below. I'm addressing the wider issue, that I think is pretty obvious to anyone following this list for any amount of time. On 04/04/2016 09:00 AM, Simon Walter wrote: > On 2016/04/04 17:39, Trond Arild Ydersbond wrote: >> Den Mandag, 4. april 2016 8.09 skrev Mitt Green : >> https://en.wikipedia.org/w/index.php?title=Lennart_Poettering&oldid=703955376 >> >> >> >> Representing him as an ass and bloatware generator is definitely not >> in the interest of those challenging his actions as a developer. Why >> the heck give that guy any martyr cards to play? Sorry to ruin the party, but I'll object to it because its just not a nice thing to do, and its an awful thing to mess up content on the fine site that is wikipedia. > There is obviously enough demand for systemd. So challenging his actions > on a technical level would be difficult. What is strange is how ditros > other than RH have jumped on the bandwagon - especially Debian. > > "Never attribute to malice that which is adequately explained by > stupidity..." or laziness. It is one or a mixture of the three: malice, > laziness, and or stupidity. > > I am daily amazed by stupidity. It might be the TV or something in the > food, but it's getting worse. What daily amazes me is how easy it is for people on this list to get distracted from doing something positive, ie contributing to the progress of devuan, and opt instead for the negative - being disrespectful to people, or projects. You're not my grandkids, so you're not going to get a 'talk' from me, but all of you on the list, please just get a grip. You know what. How about this. Think of systemd as that girlfriend you broke up with. You've decided to dump systemd, so be done with it. Leave it behind and move on. It's over. If you can't forget about her, its not over, and frankly, something in your head is messed up. -- hkp://keys.gnupg.net CA45 09B5 5351 7C11 A9D1 7286 0036 9E45 1595 8BC0 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ...and when trolling went too far
On 2016/04/04 17:39, Trond Arild Ydersbond wrote: Den Mandag, 4. april 2016 8.09 skrev Mitt Green : https://en.wikipedia.org/w/index.php?title=Lennart_Poettering&oldid=703955376 Representing him as an ass and bloatware generator is definitely not in the interest of those challenging his actions as a developer. Why the heck give that guy any martyr cards to play? There is obviously enough demand for systemd. So challenging his actions on a technical level would be difficult. What is strange is how ditros other than RH have jumped on the bandwagon - especially Debian. "Never attribute to malice that which is adequately explained by stupidity..." or laziness. It is one or a mixture of the three: malice, laziness, and or stupidity. I am daily amazed by stupidity. It might be the TV or something in the food, but it's getting worse. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ...and when trolling went too far
Den Mandag, 4. april 2016 8.09 skrev Mitt Green : https://en.wikipedia.org/w/index.php?title=Lennart_Poettering&oldid=703955376 Representing him as an ass and bloatware generator is definitely not in the interest of those challenging his actions as a developer. Why the heck give that guy any martyr cards to play? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] useradd defaults
On Mon, Apr 04, 2016 at 06:58:39AM +, Boruch Baum wrote: [cut] > > I'm getting a bit uncomfortable about starting this thread, because upon > reflection, it seems that one consequence of setting the system-wide may > be that the 027 umask will end up having some system account creating a > file that should be world-readable or world-executable, but because of > the umask, it now would not be, and so would break stuff. My intent was > to protect data of one user from other users, which could be done by > making the change in .profile or even in the default .bashrc. > I was actually waiting for somebody to realise this before answering your email. In a "Universal OS" there is much more than the preferences of single specific users, or specific applications, or specific environments. There is the necessity to accommodate a huge number of different scenarios and use cases. In short, that's why you have the umask set by default to 022. Any user can change this behaviour to a more restrictive one, if they need so. My2Cents KatolaZ -- [ Enzo Nicosia aka KatolaZ --- GLUG Catania -- Freaknet Medialab ] [ me [at] katolaz.homeunix.net -- http://katolaz.homeunix.net -- ] [ GNU/Linux User:#325780/ICQ UIN: #258332181/GPG key ID 0B5F062F ] [ Fingerprint: 8E59 D6AA 445E FDB4 A153 3D5A 5F20 B3AE 0B5F 062F ] ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] useradd defaults
On Sun, Apr 03, 2016 at 08:05:05PM -0400, Boruch Baum wrote: [cut] > > 2] /etc/profile > > 2.1] $PATH for users includes by default two specialty (and frivolous) > entries - for games folders. This strikes me as inconsistent with what's > meant to be a "universal OS" that can be expected to be deployed in > everything from supercomputers to iot-microcontrollers. > I personally don't see any problem with having /usr/games in the PATH of regular users, or why this might be a problem for a "Universal OS", even when it is deployed to supercomputers and iot-boards (unfortunately Linux does not run on microcontrollers, yet, mainly due to the general lack of some form of underlying MMU in the vast majority of microcontrollers...). games have been a part of unix since its inception, since when it was mainly used for a definitely-non-frovolous activity like handling thousands of patent-related documents. My2Cents KatolaZ -- [ Enzo Nicosia aka KatolaZ --- GLUG Catania -- Freaknet Medialab ] [ me [at] katolaz.homeunix.net -- http://katolaz.homeunix.net -- ] [ GNU/Linux User:#325780/ICQ UIN: #258332181/GPG key ID 0B5F062F ] [ Fingerprint: 8E59 D6AA 445E FDB4 A153 3D5A 5F20 B3AE 0B5F 062F ] ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] ...and when trolling went too far
https://en.wikipedia.org/w/index.php?title=Lennart_Poettering&oldid=703955376 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng