[DNG] bind9 updates broke, needed second aptitude update
Hi, I found on a couple of systems that an upgrade of bind9 caused it to fail to start. The fix [for me] was to do a second update/upgrade as well as making sure that /etc/resolv.conf had a nameserver it could find and use. I must have just been caught after doing the update to the faulty version just before the fix come through. This was on two systems still running ascii bind9 versions: Pre-first update/upgrade 1:9.10.3.dfsg.P4-12.3+deb9u10 The versions for the two update/upgrades ... 1:9.10.3.dfsg.P4-12.3+deb9u11 1:9.10.3.dfsg.P4-12.3+deb9u12 Turns out that 1:9.10.3.dfsg.P4-12.3+deb9u11 was broken. The changelog refers to this:\ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007945 <---changelog extract> bind9 (1:9.10.3.dfsg.P4-12.3+deb9u12) stretch-security; urgency=high * Non-maintainer upload by the LTS team. * Regression update for CVE-2021-25220: Properly initialize variables before using them. (Closes: #1007945) -- Markus Koschany Sat, 19 Mar 2022 14:43:45 +0100 bind9 (1:9.10.3.dfsg.P4-12.3+deb9u11) stretch-security; urgency=high * Non-maintainer upload by the LTS team. * Fix CVE-2021-25220: When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. -- Markus Koschany Fri, 18 Mar 2022 14:25:50 +0100 <---changelog extract> I expect a single update/upgrade should be fine now, but just in case this helps anyone else, it's on the mailing list now ;-) Cheers -- Andrew McGlashan signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Website "motto"?
On 20/1/22 5:07 pm, goli...@devuan.org wrote: > On 2022-01-19 23:08, Andrew McGlashan via Dng wrote: >> >> About the logo, /if/ Okay, then about the IMAGE ... /if/ ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Website "motto"?
On 20/1/22 7:56 am, Steve Litt wrote: > Syeed Ali said on Wed, 19 Jan 2022 09:56:59 -0800 > >> On Tue, 18 Jan 2022 22:59:35 -0600 >> goli...@devuan.org wrote: >> >>> Or this might be even better https://transfer.sh/CeUT0r/if-rev3.png >> >> I submit: >> >> "Freedom includes init choice." > > Very nice Yes, I like it too. About the logo, /if/ -- could mean too many things; - my first thought was fedora - others facebook - interface - then there's that insurance company now It's all over the place, the letters alone don't mean enough and too closely represent other things; the extra "hidden" text may not make a difference, even though the background is meant to be transparent. And for a "symbol" for freedom, I had a quick look and didn't find anything I liked that is out there and isn't political, religious or US patriotic; as if the US owns freedom. Or even otherwise not divisive. But I do think some kind of universal symbol would work, just don't know what it should be. The closest I get to is the combination of the peace (all roads lead to one, nuclear disarmanent) symbol with a dove flying free. I see Devuan as a MORE universal Debian, what Debian was "meant" to be and was for many years. Whether that needs to be specifically init freedom or not is another matter. To me, it is just better because it is more universal. Embedded and other low resource hardware or appliances are not going to use Debian with systemd, at the very least systemd would likely be stripped. But if the device has an abundance of resources (strong CPU, storage, etc.), then minimalization and reasonable optimization will fall by the wayside as it does with the bloatiness and underlying performance problems of Winblows being "fixed" by newer hardware ... but I digress. Sure others could come up with better symbols / logos and words than me. A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Youtube is slow and advertisement laden: Was: Early Days at Bell Labs - Youtube, the systemd of video
On 17/1/22 1:54 pm, Ken Dibble wrote: > Or just install tsp and submit the download commands to the queue. What is "tsp" ? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Website "motto"?
On 20/1/22 1:03 am, Antony Stone wrote: > On Wednesday 19 January 2022 at 15:02:00, Hendrik Boom wrote: > >> On Tue, Jan 18, 2022 at 10:59:35PM -0600, goli...@devuan.org wrote: Like this? https://transfer.sh/cTgmNi/if-rev2.png >>> >>> Or this might be even better https://transfer.sh/CeUT0r/if-rev3.png >> >> I do not see a difference between rev 2 and rev 3. > > "take" Yeah, I never noticed the "hidden" text around the circle either. A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Problems with SPF of dyne.org for this mailing list
Hi, Not fixed? Did anybody look at this. There are a bunch of new messages now coming from one or more other IP addresses for the list. A. On 6/1/22 11:15 pm, Andrew McGlashan via Dng wrote: > This report/notice is generated from the mail server which handles > incoming and outgoing emails for: the mailing list > > > NB: Incoming email has been flagged with a permanent error due to the > currently defined SPF ruleset as setup by those responsible for the > SENDING domain name. > > Sending IP Address: 141.95.47.84 > Sender Email Address: dng-boun...@lists.dyne.org > Sender Email Domain: lists.dyne.org > > > Thu 6 Jan 23:11:35 AEDT 2022 > > spfquery.mail-spf-perl --mfrom dng-boun...@lists.dyne.org --ip 141.95.47.84 > fail > . > lists.dyne.org: Sender is not authorized by default to use > 'dng-boun...@lists.dyne.org' in 'mfrom' identity (mechanism '-all' matched) > Received-SPF: fail (lists.dyne.org: Sender is not authorized by default > to use 'dng-boun...@lists.dyne.org' in 'mfrom' identity (mechanism > '-all' matched)) receiver=mail.affinityvision.com.au; identity=mailfrom; > envelope-from="dng-boun...@lists.dyne.org"; client-ip=141.95.47.84 > > -- status: 1 > > > > Thu 6 Jan 23:11:38 AEDT 2022 > > dig -t txt lists.dyne.org +short|grep spf > "v=spf1 mx include:dyne.org -all" > > -- status: 0 > > > > Thu 6 Jan 23:11:38 AEDT 2022 > > dig -x 141.95.47.84 +short > harlock.dyne.org. > > -- status: 0 > > Kind Regards > > AndrewM > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > -- Andrew McGlashan IT Support & Broadband Solutions ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Problems with SPF of dyne.org for this mailing list
Hi, This report/notice is generated from the mail server which handles incoming and outgoing emails for: the mailing list NB: Incoming email has been flagged with a permanent error due to the currently defined SPF ruleset as setup by those responsible for the SENDING domain name. Sending IP Address: 141.95.47.84 Sender Email Address: dng-boun...@lists.dyne.org Sender Email Domain: lists.dyne.org Thu 6 Jan 23:11:35 AEDT 2022 spfquery.mail-spf-perl --mfrom dng-boun...@lists.dyne.org --ip 141.95.47.84 fail . lists.dyne.org: Sender is not authorized by default to use 'dng-boun...@lists.dyne.org' in 'mfrom' identity (mechanism '-all' matched) Received-SPF: fail (lists.dyne.org: Sender is not authorized by default to use 'dng-boun...@lists.dyne.org' in 'mfrom' identity (mechanism '-all' matched)) receiver=mail.affinityvision.com.au; identity=mailfrom; envelope-from="dng-boun...@lists.dyne.org"; client-ip=141.95.47.84 -- status: 1 Thu 6 Jan 23:11:38 AEDT 2022 dig -t txt lists.dyne.org +short|grep spf "v=spf1 mx include:dyne.org -all" -- status: 0 Thu 6 Jan 23:11:38 AEDT 2022 dig -x 141.95.47.84 +short harlock.dyne.org. -- status: 0 Kind Regards AndrewM ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] kvm -- virsh failed shutdown -- reason was missing acpid on vm [resolved]
Hi, On 26/3/21 12:25 am, Antony Stone wrote: > On Thursday 25 March 2021 at 14:16:52, Andrew McGlashan via Dng wrote: > >> "virsh shutdown vmname" >> >> The immediate response was that it would shutdown the vm >> >> However, doing "virsh list --all" still showed the vm as "Running" no >> matter how long I waited. >> >> It turns out the the vm needed to have the acpid package installed so that >> the vm could get the shutdown signal. > > Indeed - this is a known requirement for VMs (certainly under KVM, I don't > know about Xen etc, but I would assume it also applies there). I think that systemd takes care of it, with or without acpid, but I'm not sure about that. If this is a consequence of choosing non-systemd, then perhaps it should be mitigated by the sans systemd system installing acpid. > Whether you consider it a shortcoming of Debian (and therefore Devuan) that > acpid and acpid-support-base are not installed by default is up to you. Debian, no need for acpid for vm but only if systemd is installed, is that correct? > My solution is that I've added these packages to the script I run immediately > after creating a VM, to make sure it works the way I want it to. Yeah, it was a pain point until I worked it out. Cheers A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] kvm -- virsh failed shutdown -- reason was missing acpid on vm [resolved]
Hi, I set up a new kvm machine with beowulf 3.1 and created a simple vm that I plan to use for Wireguard. The problem I had was with doing: "virsh shutdown vmname" The immediate response was that it would shutdown the vm However, doing "virsh list --all" still showed the vm as "Running" no matter how long I waited. It turns out the the vm needed to have the acpid package installed so that the vm could get the shutdown signal. Kind Regards AndrewM -- Andrew McGlashan ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Upgrade problem [ ascii -> beowulf ] failed to boot, left at initramfs shell -- with fix and query
On 8/7/20 10:07 pm, Hendrik Boom wrote: > On Wed, Jul 08, 2020 at 06:14:51PM +1000, Andrew McGlashan via Dng wrote: >> >> >> On 8/7/20 7:31 am, Alexander Bochmann wrote: >>> Hi, >>> >>> ...on Tue, Jul 07, 2020 at 02:00:38AM +1000, Andrew McGlashan via Dng wrote: >>> >>> > After the dist-upgrade, it failed to boot and remained at the >>> ministrants shell environment after having complained about not being able >>> to find the /usr file system via it's UUID. >>> >>> I have a system mostly like this (minus mdraid) with split root and /usr >>> on lvm each, and didn't run into your problem. >>> >>> My fstab uses /dev/mapper device names instead of UUIDs, but I don't see >>> why that should make a difference, seeing as it isn't used in the initramfs. >> >> Apparently with initramfs-tools it will try to mount /usr if it is in >> /etc/fstab ... not being able to mount /usr stopped normally boot from >> progressing further. >> >> Using the /dev/mapper device name would likely have been just as good, but >> I'm not sure as I didn't try that; I adjusted the >> /usr/share/initramfs-tools/scripts/local-top/lvm2 file >> to specifically activate the lv so it could be found to be mounted as it >> should have been. >> >>> (On the other hand, I usually use UUIDs too, so there might be a reason it >>> looks that way, and I just don't remember about it right now...) >> >> Yes, that makes sense. >> >> I would think that you fixed the problem by using the /dev/mapper >> entry and I fixed it in the lvm2 script. > > > I quite agree. There's a bug that needs fixing for Devuan, but not > Debian. > I may delay upgrading until it's fixed. Not sure it will get fixed... :( - it seems that the problem is a bit of an edge case and won't effect anybody whom doesn't split /usr from root. - if they have split them and they don't "merge" them, - then the problem /may/ only arise if UUIDs are used for mount reference in /etc/fstab. I don't really like my fix, but I'll probably merge /usr into root myself next time I'm onsite where that machine lives to avoid future issues. > My /boot is on an old-style RAID by itself, so either copy can be used > directly. > > My /usr, by the way, is on lvm2 on RAID. > Do I need both adjustments? I would think that the /dev/mapper/VG-LV in /etc/fstab would probably be fine. Otherwise, expand the root file system LV (hopefully you have space), boot from a LIVE USB and move /usr back to root as well as remove the /usr entry in your /etc/fstab file. Once /usr is back inside the root filesystem, then there is no need to keep the /usr lv. Cheers A. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Upgrade problem [ ascii -> beowulf ] failed to boot, left at initramfs shell -- with fix and query
On 8/7/20 7:31 am, Alexander Bochmann wrote: > Hi, > > ...on Tue, Jul 07, 2020 at 02:00:38AM +1000, Andrew McGlashan via Dng wrote: > > > After the dist-upgrade, it failed to boot and remained at the ministrants > shell environment after having complained about not being able to find the > /usr file system via it's UUID. > > I have a system mostly like this (minus mdraid) with split root and /usr > on lvm each, and didn't run into your problem. > > My fstab uses /dev/mapper device names instead of UUIDs, but I don't see > why that should make a difference, seeing as it isn't used in the initramfs. Apparently with initramfs-tools it will try to mount /usr if it is in /etc/fstab ... not being able to mount /usr stopped normally boot from progressing further. Using the /dev/mapper device name would likely have been just as good, but I'm not sure as I didn't try that; I adjusted the /usr/share/initramfs-tools/scripts/local-top/lvm2 file to specifically activate the lv so it could be found to be mounted as it should have been. > (On the other hand, I usually use UUIDs too, so there might be a reason it > looks that way, and I just don't remember about it right now...) Yes, that makes sense. I would think that you fixed the problem by using the /dev/mapper entry and I fixed it in the lvm2 script. Either way, I think there is a bug that needs to be fixed with initramfs-tools so that neither adjustment should be necessary. Cheers A. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Upgrade problem [ ascii -> beowulf ] failed to boot, left at initramfs shell -- with fix and query
On 7/7/20 8:58 am, Hendrik Boom wrote: > Doesn't systemd require a merged /usr partition? It sounds as if a > systemd-ism has crept into our boot process. > > Fortunately I haven't upgraded my server to beowulf yet. Probably I know that Debian wants merged /usr, wasn't sure it was specifically due to systemd, but I think you are right. I've upgraded 6 machines now from Ascii to Beowulf and it turns out the only one that I've done with this particular problem is the only one that had /usr as it's own file system and not part of the root file system. A. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Upgrade problem [ ascii -> beowulf ] failed to boot, left at initramfs shell -- with fix and query
Hi, I had another "simple" server upgrade from Devuan Ascii to Devuan Beowulf, these are the details and my work around for the problem. There was nothing particularly special about this server, it doesn't use encrypted file systems; it started out life as a Debian Wheezy installation, migrated to Devuan Jessie and later to Devuan Ascii and now Beowulf. The server has /boot on it's own RAID1 partition with another RAID1 volume for the rest of the disk being an LVM2 volume group having a number of logical volumes for root, swap, /usr/, /var/, /home/ and more. After the dist-upgrade, it failed to boot and remained at the ministrants shell environment after having complained about not being able to find the /usr file system via it's UUID. It had another error as well which was fixed by allocating 25% to RUNSIZE variable (up from 10%) in /etc/initramfs-tools/initramfs.conf - it was unable to find "rm" when running the boot up scripts before dumping itself to the initramfs shell. Once at the initramfs prompt after fixing the first problem, I was able to do the following: (initramfs) lvm lvm> vgchange -ay lvm> exit (initramfs) exit And then the server would continue to boot properly. _The second fix, which I consider to be "clunky", was to adjust the /usr/share/initramfs-tools/scripts/local-top/lvm2 file, adding in a line near the bottom as highlighted_ activate "$ROOT" *activate "/dev/mapper/vg0-usr"* activate "$resume" Then I rebuilt the initramfs in the usual way. update-initramfs -u -k all The original lvm2 script specifically only activated the root file system (/dev/mapper/vg0-root), even though /usr (/dev/mapper/vg0-usr) was in the exact same volume group as a separate file system, thus stopping boot from succeeding as expected. Other volumes come online in due course okay. All was good with subsequent reboots. Now, cludge or clunky, this was required because the /usr file system was [and continues to be] separate to the root file system and the initramfs only cared to enable the root file system, leaving all other logical volumes as being "NOT AVAILABLE", including /usr which was definitely required! Have I fixed this appropriately, or should I some how fix it another way? Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Upgrade problem [ ascii -> beowulf ] chrooted bind9 server -- /usr/share/dns/root.hints issue -- with fix
Hi, Okay, not fully fixed after reboot... apparmor gave problems as previously discussed on the list. Also needed to adjust: /etc/apparmor.d/local/usr.sbin.named Added a line: /var/lib/named/** rw, Then restarted apparmor service: service apparmor reload And then bind would start properly, immediately and again after another reboot. Should it be all good now? Thanks A. On 6/7/20 12:04 am, Andrew McGlashan via Dng wrote: > Hi, > > I just upgraded fron Devuan ascii to beowulf with the server running bind9 in > a chroot environment and bind would not start. > > > _This was the relevant error in /var/log/daemon.log_ > > Jul 5 23:36:43 bind9-server-name named[6476]: *could not configure root > hints from '/usr/share/dns/root.hints': file not found* > Jul 5 23:36:43 bind9-server-name named[6476]: *loading configuration: > file not found* > Jul 5 23:36:43 bind9-server-name named[6476]: *exiting (due to fatal > error)* > > > _Fixed as follows:_ > > # mkdir -p /var/lib/named/usr/share/dns > # cp -pv /usr/share/dns/* /var/lib/named/usr/share/dns/ > > > _NB: No upgrade changes were made to any config file including the > /etc/default/bind9 file below._ > > # cat /etc/default/bind9 > > # Set RESOLVCONF=no to not run resolvconf > RESOLVCONF=yes > > # startup options for the server > #OPTIONS="-u bind" > > > # Added -t ... for running of bind9 in a chroot environment > #OPTIONS="-u bind -t /var/lib/named" > # Added -4 to foce IPV4 lookups only > OPTIONS="-u bind -4 -t /var/lib/named" > > ### NB: This symbolic link is needed for the chroot environment too > # (without needing to change /etc/init.d/bind9 file) > # > # cd /run/named > # ln -s /var/lib/named/run/named/named.pid . > > > Kind Regards > AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Upgrade problem [ ascii -> beowulf ] chrooted bind9 server -- /usr/share/dns/root.hints issue -- with fix
Hi, I just upgraded fron Devuan ascii to beowulf with the server running bind9 in a chroot environment and bind would not start. _This was the relevant error in /var/log/daemon.log_ Jul 5 23:36:43 bind9-server-name named[6476]: *could not configure root hints from '/usr/share/dns/root.hints': file not found* Jul 5 23:36:43 bind9-server-name named[6476]: *loading configuration: file not found* Jul 5 23:36:43 bind9-server-name named[6476]: *exiting (due to fatal error)* _Fixed as follows:_ # mkdir -p /var/lib/named/usr/share/dns # cp -pv /usr/share/dns/* /var/lib/named/usr/share/dns/ _NB: No upgrade changes were made to any config file including the /etc/default/bind9 file below._ # cat /etc/default/bind9 # Set RESOLVCONF=no to not run resolvconf RESOLVCONF=yes # startup options for the server #OPTIONS="-u bind" # Added -t ... for running of bind9 in a chroot environment #OPTIONS="-u bind -t /var/lib/named" # Added -4 to foce IPV4 lookups only OPTIONS="-u bind -4 -t /var/lib/named" ### NB: This symbolic link is needed for the chroot environment too # (without needing to change /etc/init.d/bind9 file) # # cd /run/named # ln -s /var/lib/named/run/named/named.pid . Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Ascii to Beowulf upgrade - 32% slowdown !
Hi, On 12/6/20 8:49 pm, Riccardo Mottola via Dng wrote: > Hi all! > > I just upgraded from ascii to beowulf a pretty decent laptop, equipped > with a core i7 and 8GB of RAM. > > I upgraded everything in place: so same desktop environment, same > applications, same hard disk... just "apt-get dist-upgrade" essentially. > > I even kept gcc6 because I had it before and I need it. > > My test case is compiling ArcticFox, thus something in the realm of > Firefox: lots of compiler activity, make, disk access, make and python. > But, of course, predominant factor is compilation and linking. > > With ascii, I was consistently (= not just one build) doing a clean > build in about 31 minutes! Quite fast for this small beast and I was happy. > > With beowulf, this number is consistently about 41 minutes. > > I say this is a very significant slowdown! Can I gain some speed back? > Some setting? some spectre/meltdown mitigation? Having latest ascii, I > think I had at least some of the backports. > > > I am wary thus updating to beowulf on slower machines. Just an idea, but it might be spectre/meltdown mitigations? A. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Out of data ca-certificates causing problems with wget and curl now...
Hi, On 2/6/20 1:32 am, Ian Zimmerman wrote: >> $ wget -v4U "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 >> Firefox/60.0" https://www.idrix.fr/VeraCrypt/canary.txt--2020-06-01 >> 09:15:48-- >> https://www.idrix.fr/VeraCrypt/canary.txt >> Connecting to 127.0.0.1:8118... connected. >> ERROR: The certificate of ‘www.idrix.fr’ is not trusted. >> ERROR: The certificate of ‘www.idrix.fr’ has expired. > > Most likely, this is the following problem. > > https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration > > Apply the workaround described there, via > > dpkg-reconfigure ca-certificates Okay, I did it via the cli only as per the steps 1 and 2 down the bottom of that post; then tried dpkg-reconfigure and found that due to the attempted install of the newer version, I needed to do more work to fix things ... but it's all good now. And it worked perfectly on a different box that hadn't had the errant install of the newer downloaded package. Thank you very much. Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Out of data ca-certificates causing problems with wget and curl now...
Hi, On 1/6/20 6:37 pm, d...@d404.nl wrote: > On 01-06-2020 01:31, Andrew McGlashan via Dng wrote: >> ca-certificates >> >> /usr/bin/aptitude show -t stretch-backports ca-certificates: >> E: Unable to locate package ca-certificates: >> >> https://packages.debian.org/search?suite=stretch-backports=ca-certificates >> >> Is there any chance of getting a backport of the package in buster without >> migrating to beowulf now? >> >> Thanks > > It is downloadable, does most likely not have executable code. Just download > it and install it with dkpg. I wondered about doing that but no good. - The version of openssl is too old (dependent) and the backports for it is as well; I think it could get messy. # dpkg -i ca-certificates_20190110_all.deb (Reading database ... 75115 files and directories currently installed.) Preparing to unpack ca-certificates_20190110_all.deb ... Unpacking ca-certificates (20190110) over (20161130+nmu1+deb9u1) ... dpkg: dependency problems prevent configuration of ca-certificates: ca-certificates depends on openssl (>= 1.1.1); however: Version of openssl on system is 1.1.0l-1~deb9u1. dpkg: error processing package ca-certificates (--install): dependency problems - leaving unconfigured Processing triggers for man-db (2.7.6.1-2) ... cat: /etc/debian_version: No such file or directory cat: /etc/debian_version: No such file or directory cat: /etc/debian_version: No such file or directory Errors were encountered while processing: ca-certificates # cat /etc/apt/sources.list deb http://au.deb.devuan.org/merged ascii main non-free contrib deb http://au.deb.devuan.org/merged ascii-updates main non-free contrib deb http://au.deb.devuan.org/merged ascii-security main non-free contrib deb http://au.deb.devuan.org/merged ascii-backports main non-free contrib deb-src http://au.deb.devuan.org/merged ascii main non-free contrib deb-src http://au.deb.devuan.org/merged ascii-updates main non-free contrib deb-src http://au.deb.devuan.org/merged ascii-security main non-free contrib deb-src http://au.deb.devuan.org/merged ascii-backports main non-free contrib # aptitude show -t ascii-backports openssl Mon 1 Jun 19:10:49 AEST 2020 -- show -t ascii-backports openssl Package: openssl Version: 1.1.0l-1~deb9u1 State: installed Automatically installed: yes Multi-Arch: foreign Priority: optional Section: utils Maintainer: Debian OpenSSL Team Architecture: amd64 Uncompressed Size: 1,347 k Depends: libc6 (>= 2.15), libssl1.1 (>= 1.1.0) Suggests: ca-certificates Description: Secure Sockets Layer toolkit - cryptographic utility Homepage: https://www.openssl.org/ Tags: implemented-in::c, interface::commandline, protocol::ssl, role::program, scope::utility, security::cryptography, security::integrity, use::checking Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Out of data ca-certificates causing problems with wget and curl now...
OUT OF DATE -- not data On 1/6/20 9:31 am, Andrew McGlashan via Dng wrote: > ca-certificates > > /usr/bin/aptitude show -t stretch-backports ca-certificates: > E: Unable to locate package ca-certificates: > > https://packages.debian.org/search?suite=stretch-backports=ca-certificates > > > Is there any chance of getting a backport of the package in buster without > migrating to beowulf now? $ wget -v4U "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" https://www.idrix.fr/VeraCrypt/canary.txt--2020-06-01 09:15:48-- https://www.idrix.fr/VeraCrypt/canary.txt Connecting to 127.0.0.1:8118... connected. ERROR: The certificate of ‘www.idrix.fr’ is not trusted. ERROR: The certificate of ‘www.idrix.fr’ has expired. The cert is fine in the browser, where the browser is not relying upon ca-certificates. Kind Regards A. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Out of data ca-certificates causing problems with wget and curl now...
Hi, ca-certificates /usr/bin/aptitude show -t stretch-backports ca-certificates: E: Unable to locate package ca-certificates: https://packages.debian.org/search?suite=stretch-backports=ca-certificates Is there any chance of getting a backport of the package in buster without migrating to beowulf now? Thanks -- Andrew McGlashan IT Support & Broadband Solutions signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] The real reason I like Linux
Hi, On 16/3/20 5:51 am, Andrew McGlashan via Dng wrote: > On 13/3/20 1:59 pm, Steve Litt wrote: >> It's called POSIX. With POSIX, I always have shellscripts, AWK and sort >> ready to do my work for me. With POSIX, I can pipe a stdout into the >> next stdin. With POSIX, I can plug in anything conforming to POSIX, >> such as dmenu, a genius of a program that makes many hard user >> interface situations simple. > > POSIX is everywhere (including in Gates and Jobs machines), it's not the > domain of only *nix like operating systems at all. > > Most things I can do in Linux, I can also do in Winblows .. but I choose to > avoid Winblows for other reasons. > > GNU tools are very important, I've ran GNUWin32 tools on Winblows forever. Actually, we've got more to fear with hardware [and the lower level firmware / EFI / SecureBoot / IME / vPro and other crap] these days whether we avoid Winblows or not. The Intel and AMD flaws, Intel Management Engine (IME), vPro capabilities and all of that crap; how can we trust our computers? Those run below the OS level and can see everything that the OS does and it isn't vice/versa. There are some outfits that go out of their way to give you back freedoms that you should not have lost; including System76 for one, disabling IME as much as is possible and using Coreboot. There have been other projects in the past, but some with very, very old pre Intel Core hardware. Almost every computer sold since the early Intel Core Duo CPUs have had serious flaws and components/systems that significantly lessen your freedoms and invades your privacy at the same time -- if they don't do that, they sure can if they want to. Even if you bought almost any new computer these days and ran an OS of your own making; it will still include all the Intel Management and/or other crap. The latest round of flaws from Intel make it so that only the very latest processors are immune to serious problems relating to the lack of security of IME system keys; meaning that bad code could get on to the machines whilst masquerading as valid, secure and signed "Intel" code (whether you trust Intel or not). Even having fixed this particular flaw, assuming they have, then you've still got to trust Intel. Cheers A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] The real reason I like Linux
Hi, On 13/3/20 1:59 pm, Steve Litt wrote: > It's called POSIX. With POSIX, I always have shellscripts, AWK and sort > ready to do my work for me. With POSIX, I can pipe a stdout into the > next stdin. With POSIX, I can plug in anything conforming to POSIX, > such as dmenu, a genius of a program that makes many hard user > interface situations simple. POSIX is everywhere (including in Gates and Jobs machines), it's not the domain of only *nix like operating systems at all. Most things I can do in Linux, I can also do in Winblows .. but I choose to avoid Winblows for other reasons. GNU tools are very important, I've ran GNUWin32 tools on Winblows forever. Cheers A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Terrible reporting / puff piece about systemd
Horrid article that could have been written by pro-systemd Debian devs themselves. https://fossforce.com/2020/02/the-verdict-on-systemd-is-in/ Throw your 2pence in, I have; not that I expect my post to actually remain or remain without a counter attack :( A. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] buster to beowulf
Hi, On 3/2/20 9:28 pm, Andrew McGlashan via Dng wrote: > On 17/1/20 6:37 pm, Mark Hindley wrote: >> On Thu, Jan 16, 2020 at 06:45:44PM -0500, Hendrik Boom wrote: >> Yes, I have been working on this. >> >> Attached is the script I have been testing. It single steps through. > > I've attached a patch file. Adjusted patch file changed tab to 4 spaces and fixed typo. (orig file didn't use tabs) Cheers A. *** buster_migration.sh.orig 2020-02-03 20:56:10.696650864 +1100 --- buster_migration.sh 2020-02-03 21:43:56.804316985 +1100 *** *** 1,10 ! #!/usr/bin/env bash # Single step: https://stackoverflow.com/questions/9080431/how-execute-bash-script-line-by-line#9080645 set -x trap read debug ! update-alternatives --set editor $(which vim.tiny) # Migrate from Debian buster to Devuan beowulf --- 1,10 ! #!/bin/bash # Single step: https://stackoverflow.com/questions/9080431/how-execute-bash-script-line-by-line#9080645 set -x trap read debug ! update-alternatives --set editor "$(which vim.tiny)" # Migrate from Debian buster to Devuan beowulf *** if [ -d /run/systemd/system ]; then *** 13,26 # Must be Buster # Install devuan-keyring ! wget http://titan:/pkgmaster.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2017.10.03_all.deb dpkg -i devuan-keyring_2017.10.03_all.deb # Change APT sources ! cat > /etc/apt/sources.list <http://pkgmaster.devuan.org/merged beowulf main ! deb http://pkgmaster.devuan.org/merged beowulf-security main ! EOF apt update --- 13,28 # Must be Buster # Install devuan-keyring ! wget https://pkgmaster.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2017.10.03_all.deb dpkg -i devuan-keyring_2017.10.03_all.deb + mv -v /etc/apt/sources.list /etc/apt/sources.list.debian_buster + # Change APT sources ! cat > /etc/apt/sources.list <<-EOF ! deb http://pkgmaster.devuan.org/merged beowulf main ! deb http://pkgmaster.devuan.org/merged beowulf-security main ! EOF apt update *** EOF *** 35,41 # Depends: libc6 (>= 2.28), libpam0g (>= 0.99.7.1), systemd (= 241-7~deb10u1), libpam-runtime (>= 1.0.1-6), dbus, systemd-sysv # 4) Remove ', systemd-sysv from the end of the line, leaving the rest of the line intact # 5) Save file ! cp /var/lib/dpkg/status /var/lib/dpkg/status.save editor /var/lib/dpkg/status # Install new init and dbus. --- 37,43 # Depends: libc6 (>= 2.28), libpam0g (>= 0.99.7.1), systemd (= 241-7~deb10u1), libpam-runtime (>= 1.0.1-6), dbus, systemd-sysv # 4) Remove ', systemd-sysv from the end of the line, leaving the rest of the line intact # 5) Save file ! cp -pv /var/lib/dpkg/status /var/lib/dpkg/status.save editor /var/lib/dpkg/status # Install new init and dbus. *** else *** 67,73 apt autoremove --purge # Change ens3 to eth0 in /etc/network/interfaces ! sed s/ens3/eth0/ -i /etc/network/interfaces fi --- 69,75 apt autoremove --purge # Change ens3 to eth0 in /etc/network/interfaces ! sed -i 's/ens3/eth0/' /etc/network/interfaces fi signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] buster to beowulf
Hi, On 17/1/20 6:37 pm, Mark Hindley wrote: > On Thu, Jan 16, 2020 at 06:45:44PM -0500, Hendrik Boom wrote: > Yes, I have been working on this. > > Attached is the script I have been testing. It single steps through. I've attached a patch file. AIUI it is better to specifically path /bin/bash rather than via env, escpecially when we know for sure where bash is located - save [with verbose] orig sources.list (mv -v) - save file permissions and timestamps [with verbose] with cp (cp -vp) - adjust sed to use more normal "sed -i" form...? - indent cat EOF (better readability). Also fix http:// ref to https:// with a server that is valid. Not tested not sure if /etc/network/interfaces change is universal or not. Perhaps change line 7 for which vim instead of vim.tiny? Also, if the keyring package (.deb file) is "stable", why not verify it's checksum? Passes shellcheck cleanly. Cheers A. -- Andrew McGlashan IT Support & Broadband Solutions Affinity Vision Australia Pty Ltd *** buster_migration.sh.orig 2020-02-03 20:56:10.696650864 +1100 --- buster_migration.sh 2020-02-03 21:09:41.708648329 +1100 *** *** 1,10 ! #!/usr/bin/env bash # Single step: https://stackoverflow.com/questions/9080431/how-execute-bash-script-line-by-line#9080645 set -x trap read debug ! update-alternatives --set editor $(which vim.tiny) # Migrate from Debian buster to Devuan beowulf --- 1,10 ! #!/bin/bash # Single step: https://stackoverflow.com/questions/9080431/how-execute-bash-script-line-by-line#9080645 set -x trap read debug ! update-alternatives --set editor "$(which vim.tiny)" # Migrate from Debian buster to Devuan beowulf *** if [ -d /run/systemd/system ]; then *** 13,26 # Must be Buster # Install devuan-keyring ! wget http://titan:/pkgmaster.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2017.10.03_all.deb dpkg -i devuan-keyring_2017.10.03_all.deb # Change APT sources ! cat > /etc/apt/sources.list <http://pkgmaster.devuan.org/merged beowulf main ! deb http://pkgmaster.devuan.org/merged beowulf-security main ! EOF apt update --- 13,28 # Must be Buster # Install devuan-keyring ! wget https://pkgmaster.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2017.10.03_all.deb dpkg -i devuan-keyring_2017.10.03_all.deb + mv -v /etc/apt/sources.list /etc/apt/sources.list.debin_buster + # Change APT sources ! cat > /etc/apt/sources.list <<-EOF ! deb http://pkgmaster.devuan.org/merged beowulf main ! deb http://pkgmaster.devuan.org/merged beowulf-security main ! EOF apt update *** EOF *** 35,41 # Depends: libc6 (>= 2.28), libpam0g (>= 0.99.7.1), systemd (= 241-7~deb10u1), libpam-runtime (>= 1.0.1-6), dbus, systemd-sysv # 4) Remove ', systemd-sysv from the end of the line, leaving the rest of the line intact # 5) Save file ! cp /var/lib/dpkg/status /var/lib/dpkg/status.save editor /var/lib/dpkg/status # Install new init and dbus. --- 37,43 # Depends: libc6 (>= 2.28), libpam0g (>= 0.99.7.1), systemd (= 241-7~deb10u1), libpam-runtime (>= 1.0.1-6), dbus, systemd-sysv # 4) Remove ', systemd-sysv from the end of the line, leaving the rest of the line intact # 5) Save file ! cp -pv /var/lib/dpkg/status /var/lib/dpkg/status.save editor /var/lib/dpkg/status # Install new init and dbus. *** else *** 67,73 apt autoremove --purge # Change ens3 to eth0 in /etc/network/interfaces ! sed s/ens3/eth0/ -i /etc/network/interfaces fi --- 69,75 apt autoremove --purge # Change ens3 to eth0 in /etc/network/interfaces ! sed -i 's/ens3/eth0/' /etc/network/interfaces fi signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Catching up (was Re: Result of the Debian vote 'General Resolution: Init systems and systemd')
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 1/1/20 6:53 am, fsmithred via Dng wrote: > On 12/31/19 2:16 PM, Andrew McGlashan via Dng wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >> >> Hi, >> >> On 1/1/20 4:20 am, fsmithred via Dng wrote: >>> On 12/31/19 12:06 PM, Andrew McGlashan via Dng wrote: >>> >>>> So how long before we can expect to get stable release >>>> of Beowulf? Is there a reasonable timeline available yet? >>>> >>> >>> About the only thing left to do is make the isos, and we're >>> working on that. Meanwhile, upgrades from ascii seem to be >>> pretty smooth. >> >> Okay, so safe to update /etc/apt/sources.list and then: apt-get >> update apt-get dist-upgrade ... now? >> >> For production systems or any systems? >> >> Thanks A. > > For production systems, I might do an upgrade on a test system > first, only because I haven't heard a lot of upgrade reports. Also, > there might still be some issues on upgrading lvm. I use lvm, a lot, what are the problems with lvm? > I've upgraded standard system (no X), a few xfce systems and a > mate desktop. They've all been uneventful. Thanks A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXgusjwAKCRCoFmvLt+/i +/2nAP45jcuMKqIYELattxmjZuvMInvdAzx5hLKdA3g/yxrkfQD+JJjQrBq9wr9b uU5+PkU6aGZFV5WqR/pEWu0PmoW534w= =5XVG -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Catching up (was Re: Result of the Debian vote 'General Resolution: Init systems and systemd')
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 1/1/20 4:20 am, fsmithred via Dng wrote: > On 12/31/19 12:06 PM, Andrew McGlashan via Dng wrote: > >> So how long before we can expect to get stable release of >> Beowulf? Is there a reasonable timeline available yet? >> > > About the only thing left to do is make the isos, and we're working > on that. Meanwhile, upgrades from ascii seem to be pretty smooth. Okay, so safe to update /etc/apt/sources.list and then: apt-get update apt-get dist-upgrade ... now? For production systems or any systems? Thanks A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXguelAAKCRCoFmvLt+/i +0zGAPwKVDkEFIxG4VTq8KrUBR6cT/+Uqr/Rjux3XXR7W80DVgD9Fnf4NCFZui8E 76InJNxn0T62gzLF7bXcTG2BjowdEcU= =4EIC -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Catching up (was Re: Result of the Debian vote 'General Resolution: Init systems and systemd')
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, -- essentially same message, but with line resizing to help with gpg sig -- On 31/12/19 12:32 pm, Olaf Meeuwissen via Dng wrote: > fsmithred via Dng writes: >> On 12/29/19 10:46 PM, tom wrote: >>> I know Devuan has been pretty much more or less 'to create a >>> binary compatible Debian but without systemd', but at what >>> point would it be determined that the best course of action >>> may be to leave Debian behind and continue our own way? >>> Probably won't happen any time soon due to manpower issues but >>> it's worth thinking about. >> >> One way to measure that might be to see if we start falling >> farther behind debian. Right now, we're still catching up. >> >> Jessie was 2 years late. Ascii was 1 year late. Beowulf is 6 >> months late. > > You just brightened up my view of Devuan's future :-) > > I'd been getting a little disappointed with the fact there's still > no beowulf but looking at it this way, you're still going strong, > despite any resources issues. Keep up the good work! > >> Any talk of switching our base is premature. > > Hope this helps, I agree, it is premature, but I, myself have to admit to being a bit impatient. I wonder, not very much though, if Fedora supports non system better than Debian does or will? I can't wait for Beowulf either, 6 months now... how long before it is released. We do have Ascii 2.1 from fairly recently, but I'm sure that there are many things that Beowulf will help to modernize our distro of choice. My son is complaining about the mail server not supporting TLS1.3 and that is down to openssl being v1.1.0l and not v1.1.1 Buster, from which Beowulf will "align" has v1.1.1d-0_deb10u2 -- not sure it includes TLS1.3 support, but I expect it does. Is there any chance of a backport or should we just wait until Beowulf is ready? I think it is pretty clear now that unless there is a serious change in Debian's direction, the DDs have clearly flown the systemd flag as their extremely strong preference and little will be possible in persuading them otherwise, ever. Given that DDs are the only "chosen" ones to decide on Debian's future, that makes it even more unlikely to change. Some here might be aware of Louis Rossmann[1], he is a strong advocate of right to repair and whilst he regularly profits from Apple design problems and highlights the problems (sans rose coloured glasses of iDevotees), he would love for Apple to stop having problems and for that part of his business to become unnecessary. In some respects I was sort of hoping that Debian would "fix" their problems and lessen the need for Devuan as well. As it is today and now very likely, very much in to the future, we definitely need Devuan to keep going and to get much stronger over time as we can surely not rely upon Debian too much unless we choose to move to pro systemd camp and that is not likely either for most, if not all of us here. [1] http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion/ch annel/UCl2mFZoRqjw_ELax4Yisf6w NB: That is a v3 .onion address for https://invidio.us (no need for https with .onion addresses and only available on (or via) the Tor network. Invidious is a "portal" of sorts to YT videos without the need to visit YT. So how long before we can expect to get stable release of Beowulf? Is there a reasonable timeline available yet? Thank you for your good work at Devuan, it is very much appreciated. Kind Regards AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXguAHwAKCRCoFmvLt+/i +67zAP98qK6YK5KtMHYNGZTXV5oNJOBCt41j/EwR0Qxu5jGz/gEAgEXB7tev/OmK iguCz07vj9lsCpIGBFSTip5fupcixV8= =r4Mm -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Catching up (was Re: Result of the Debian vote 'General Resolution: Init systems and systemd')
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 31/12/19 12:32 pm, Olaf Meeuwissen via Dng wrote: > fsmithred via Dng writes: >> On 12/29/19 10:46 PM, tom wrote: >>> I know Devuan has been pretty much more or less 'to create a >>> binary compatible Debian but without systemd', but at what >>> point would it be determined that the best course of action may >>> be to leave Debian behind and continue our own way? Probably >>> won't happen any time soon due to manpower issues but it's >>> worth thinking about. >> >> One way to measure that might be to see if we start falling >> farther behind debian. Right now, we're still catching up. >> >> Jessie was 2 years late. Ascii was 1 year late. Beowulf is 6 >> months late. > > You just brightened up my view of Devuan's future :-) > > I'd been getting a little disappointed with the fact there's still > no beowulf but looking at it this way, you're still going strong, > despite any resources issues. Keep up the good work! > >> Any talk of switching our base is premature. > > Hope this helps, I agree, it is premature, but I, myself have to admit to being a bit impatient. I wonder, not very much though, if Fedora supports non system better than Debian does or will? I can't wait for Beowulf either, 6 months now... how long before it is released. We do have Ascii 2.1 from fairly recently, but I'm sure that there are many things that Beowulf will help to modernize our distro of choice. My son is complaining about the mail server not supporting TLS1.3 and that is down to openssl being v1.1.0l and not v1.1.1 Buster, from which Beowulf will "align" has v1.1.1d-0_deb10u2 -- not sure it includes TLS1.3 support, but I expect it does. Is there any chance of a backport or should we just wait until Beowulf is ready? I think it is pretty clear now that unless there is a serious change in Debian's direction, the DDs have clearly flown the systemd flag as their extremely strong preference and little will be possible in persuading them otherwise, ever. Given that DDs are the only "chosen" ones to decide on Debian's future, that makes it even more unlikely to change. Some here might be aware of Louis Rossmann[1], he is a strong advocate of right to repair and whilst he regularly profits from Apple design problems and highlights the problems (sans rose coloured glasses of iDevotees), he would love for Apple to stop having problems and for that part of his business to become unnecessary. In some respects I was sort of hoping that Debian would "fix" their problems and lessen the need for Devuan as well. As it is today and now very likely, very much in to the future, we definitely need Devuan to keep going and to get much stronger over time as we can surely not rely upon Debian too much unless we choose to move to pro systemd camp and that is not likely either for most, if not all of us here. [1] http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion/channel/UCl2mFZoRqjw_ELax4Yisf6w NB: That is a v3 .onion address for https://invidio.us (no need for https with .onion addresses and only available on (or via) the Tor network. Invidious is a "portal" of sorts to YT videos without the need to visit YT. So how long before we can expect to get stable release of Beowulf? Is there a reasonable timeline available yet? Thank you for your good work at Devuan, it is very much appreciated. Kind Regards AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXgt+uAAKCRCoFmvLt+/i +0UBAQDEGvGAmJyf3x0j+j8fXI2KSV7cO5zwxsJEVXHRomczJgD5AdY6gAYCbLoF st+b401/e6XFFAbq93NSFfnoY20gKyY= =NHfA -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Result of the Debian vote 'General Resolution: Init systems and systemd'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 31/12/19 7:46 am, Steve Litt wrote: > I didn't hear anyone telling people what to do. I heard Tom ask a > question. Tom? I think you meant me ? Cheers A -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXgt6ogAKCRCoFmvLt+/i +zjtAQC5pj90GT4Hrv1ep9Tg5VWGL5nxesJiCJvg8dYJIW8Y8gD/cjBHRmS04ark OXBCjSJKPkKGlnJsCWjVwKblY+AJNm4= =bugo -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Result of the Debian vote 'General Resolution: Init systems and systemd'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 30/12/19 3:10 pm, terryc wrote: > On Sat, 28 Dec 2019 23:11:16 +1100 Andrew McGlashan via Dng > wrote: In my experience, when people who do > not do the work start telling the people who do do the work, what > to do, many efforts disintigrate. Without users, including sysadmins willing to install and support an OS, it's use will disintegrate. It may as well then be a distro just for the DDs and those that don't care about non systemd pollution and/or vandalism. A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXgn+TgAKCRCoFmvLt+/i +8LwAQDWqhzQVkBTLeqXMVjHIKy9EQ6nlr45Q9mGucMi3cwjGQEAl3GHl6TA8MTZ VrhpIB59ktxBfnyzRXDs6ue46WgSxR4= =phNs -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Again, again: DMARC is a no-win problem for mailing lists
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 29/12/19 12:01 am, Mark Rousell wrote: > On 28/12/2019 07:01, Steve Litt wrote: >> So, if we insist on assisting Yahoo, Gmail, Hotmail, and their >> ilk, and all their users, by incorporating DMARC > > Really, it's surely not a matter of willingly helping them. It's > more a matter of survival at all in a world where they carry a > significant proportion (possibly a majority but it's not certain) > of the world's email and where they re-make the rules to suit > themselves. Just be glad they still support SMTP at all! Sadly that is too true. They screw up greylisting, they screw up SPF and they screw up DMARC. And to make matters worse, you can easily block IP addresses and IP blocks of bad email servers unless it comes from the rotten lot as above (including Apple and Microsoft). I see plenty of forwarded junk coming through my server from Apple and it's a real pain point. I just wish everyone would stop using those rotten service providers when it comes to email :( A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXgdZ/AAKCRCoFmvLt+/i +0ywAPwK9LnPkzeVNaatCEloqyHDEFDAcO08W+mGMhJdFAN1EQD/VuBBBnlmFUxv HGebU11GuFOusgjdz6YHbhrr2GwK8cU= =eaLf -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] :-) Don't get into a pissing contest with Rick Moen
On 25/12/19 5:17 pm, Rick Moen wrote: > Quoting Andrew McGlashan via Dng (dng@lists.dyne.org): > >> Although I don't expect to win pissing contests (especially with >> Rick), I tend to decide that the other opinion /may/ be true or not >> and simply beg to differ when there is clear relevance on both sides >> of the argument, ending any potential and wasteful continued posts >> about the matter. > > Besides, we're both such jolly old elfs, who instinctively shy away from > conflict, that such contention would never arise in the first place. > > Season's Greetings, Andrew! All the best to you and yours. > > (Relevant to your point, my late Mom had a beautiful way to terminate > just about any disputatious discussion: She would say to the other > party 'Well, you _may_ be right', and then calmly walk away.) Well said Rick, and your Mom. Season's Greetings to you and yours and everyone else here too. A little warm here in AU, but nice, it'll be hotter later in the week. Cheers A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] :-) Don't get into a pissing contest with Rick Moen
Hi, On 19/12/19 10:27 pm, Steve Litt wrote: > My advice, don't get into a pissing contest with Rick Moen: You'll > lose. I know, I've lost many times. Rick and I are actually good > friends, but when we disagree, we get in a pissing contest, and I'm > always the guy ending up dripping wet. > > If he writes sarcastic stuff to you, just let it alone. He won't keep > pursuing the point. He takes his shot and moves on to other things, > unless the other guy responds. I'm sure plenty do that, me included. If you make a valid point and it gets argued, then argue until it stops or your argument (or theirs) is falling on death ears ... or you just give up, then move on. Although I don't expect to win pissing contests (especially with Rick), I tend to decide that the other opinion /may/ be true or not and simply beg to differ when there is clear relevance on both sides of the argument, ending any potential and wasteful continued posts about the matter. Cheers A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fw: looking for a replacement for debian since systemd
Hi, On 14/12/19 2:30 pm, Rick Moen wrote: > Quoting Steve Litt (sl...@troubleshooters.com): > >> According to this message on the Debian-User email message, Debian is >> working on dumping non-systemd inits. > > I continue to be unimpressed by the debian-user mailing list as a source > of reliable information. > >> The Debian vote methods are so >> arcane I can't tell whether that's true or false, or whether the quoted >> vote is early or partial information. > > My advice: Wait for the LWN.net coverage in this coming week's weekly > issue. About a week ago, LWN had this initial coverage (subscriber link > so people here can see, without paying for subscription): > https://lwn.net/SubscriberLink/806332/71a8e11132c02b54/ Thanks Rick, yes I think that there has been a call for votes, (first call?) ... but someone may have some insider knowledge. I'm really disgusted the way that Debian is going. What happened to the "universal Linux" Cheers A. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Formail for managing digests, Epoch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 27/11/19 7:42 pm, Stephane Ascoet wrote: > Arnt Karlsen: > >> ..you can't (AFAIK), you do it outside your MUA, with e.g.: 'cat >> $DIGEST |formail +1 -ds procmail ' > > HI, yes, it was clear that it couldn't be done graphically in > Thunderbird. The first thing I don't understand is what I must > have behind $DIGEST? The digest saved as an .eml file? Yes, well, I think if you have a source file that is .eml then I'm sure it can be used to split out emails in mbox format, which can then be converted to individual emails and them you can drag those emails, as required to your TB folder. >> On 26/11/19 3:22 pm, Rick Moen wrote: >>> and just let the two or three users of that mode curse >>> me as long as they feel is therapeutic. >> >> Love it! Great way to deal with it. > > This is a very m$ way to do :-( Not really, the problem comes more with relying on big tech to do things their way, Gmail method of "threading" is horrible too. I think that digest as a method of mail group delivery should be dead, it isn't as useful as it used to be and lived in dial-up days of the long past. Why not just filter mailing list emails to a particular folder and forgo the single emails in favour of many that are easier to work with and not require any special extra processes to deal with properly? Besides Maildir is all about multiple emails in separate files, but mbox is not; mbox is pseudo digest, but still better handled than an actual digest message. Cheers A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXd4+OwAKCRCoFmvLt+/i +5N9AP9Tp9lL/bN0Sn68FFr3rA4W5/X9ww5cX9gX5OL3w0+EwQEA00aQN+QeFfed fkLY5Hzfx4o1Luws6eC7GbXAscO+O5Q= =T2K3 -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Devuan cannot exist without the help of Debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Rick, On 26/11/19 3:22 pm, Rick Moen wrote: > and just let the two or three users of that mode curse me > as long as they feel is therapeutic. Love it! Great way to deal with it. On 26/11/19 8:33 pm, Arnt Karlsen wrote: > ..anotherway is point them to 'info formail' and make them pick one > of: EXAMPLES To split up a digest one usually uses: formail +1 -ds > >>the_mailbox_of_your_choice or formail +1 -ds procmail > And for the formail, guess that's best for on the server like .forward files are. Not at the TB (thunderbird) client end. Might need mb2md as well although TB can do maildir format for client storage these days, I wanted that a long time ago, but am not using it and don't expect to now. Cheers A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXd1B4AAKCRCoFmvLt+/i +xojAP4+4xSZdwEhViz6lQUiUl6G1li4Ecnn/8Erg2OvEQ2O8QEA3GZURj7sGam+ cCbqsybPku8MmuW5K4zVLuCk81VWcJw= =U7Me -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Devuan cannot exist without the help of Debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 24/11/19 1:21 am, Arnt Karlsen wrote: > ..apologies, I just hit the Reply-button and saw you on the > Cc:-line, and was led to believe that was your intention. > Responding to this message, I found I had to hit the > ReplyAll-button to get you there, probably because you put both me > and DNG in the To: lines. Again, no list message. This time I changed after reply-all to have you as CC and the list as TO. >> I have tried ASCII 2.0 -- but it looks like there is a new 2.1 >> version just about to be announced? > > ..tried upgrading to 2.1? AFAIK that should happen automagically > if you run e.g. aptitude update etc at least weekly. The NUC has Debian on the internal NVME drives but it doesn't work properly. I am running MX 18.3 on an external drive, it works fine. This new machine has never ran Devuan properly; I do get a cli, but no desktop GUI (XFCE) ... it just won't start, probably to do with the graphics included in this box (Vega AMD / Intel special setup). >> Graphics: Device-1: Intel driver: i915 v: kernel > > ..you have this Intel card working ok? Not tried specifically. >> Device-2: AMD driver: amdgpu v: kernel There might be a BIOS setting for this, but I really expect the "better" AMD setup to work... it's one of the reasons I chose this particular option over the plain Intel one. >> Display: server: X.Org 1.19.2 driver: amdgpu,ati,modesetting >> unloaded: fbdev,radeon, > > ..are these drivers fighting each other??? I see amdgpu but no > radeonsi, do you have 3D accelleration? I did nothing special here, just tried a simple desktop live ISO of ASCII 2.0 and now 2.1 -- no different. The INXI output was created using the fully working MX 18.3 setup, not Devuan. > ..ah, Too New Toy: the Radeon RX Vega M GH on the i7-8809G Yep, that's it. > https://en.wikipedia.org/wiki/Kaby_Lake#List_of_8th_generation_Kaby_La ke_G_processors > > https://en.wikipedia.org/wiki/Radeon_RX_Vega_series > https://ark.intel.com/content/www/us/en/ark/products/130409/intel-core - -i7-8809g-processor-with-radeon-rx-vega-m-gh-graphics-8m-cache-up-to-4-2 0-ghz.html > > https://www.pcworld.com/article/3267074/intel-hades-canyon-nuc-nuc8i7hvk - -review.html > https://cgit.freedesktop.org/xorg/driver/xf86-video-amdgpu/ > > ..hang in there, or send it my way. ;o) LOL > ..this HW below works ok? Yes, but I do have audio problems, which are temporarily fixed by doing: pulseaudio -k But otherwise it is okay. There are a combination of things that might be screwing with sound: 1. Facebook. 2. Palemoon (older version was worse) 3. Waterfox Classic (56.3 base of Firefox) 4. xfreerdp If I stay away from FB and don't expect any browser to play sound and don't use xfreerdp, then vlc is happy playing sound without giving problems for extended periods of time. If I use any of the above 4 options, particularly FB, then sound can screw-up pretty quickly. Even tried FB in TBB, that helps a little, TNN is FF ESR 68+ based. I'm thinking that older Firefox and related browsers is part of the sound problem; using the latest Firefox and probably the the "modern" version of Waterfox might be okay too. Never had ANY sound issues whatsoever with any other device (was mostly using an older Macbook Pro, it's sound was good with Devuan, as was everything else). Anyway, the main problem is that Devuan isn't happy on the new toy; hopefully Beowulf or other updates will fix these problems and I can stop using MX. >> Installing with ASCII 2.0 wouldn't boot properly to the XFCE >> desktop and I wasn't interested in changing kernels > > ..you may have to, your box AMD graphics was too new for ASCII 2.0 > as released last year, the driver guys at *.freedesktop.org used to > need half a year and guinea hardware to write drivers, nowadays, I > dunno. Yeah, sadly ASCII 2.1 has the same problems, stuck with MX for now. >> or doing anything else to make it work out of the box, including >> trying to work out why XFCE was a problem with Devuan ASCII. >> >> >> Maybe I should try ASCII 2.1 -- but I was expecting Beowulf to be >> here "any time soon" ... for a lon while now. > > ..mmm. :o) :( Pity it didn't help... but I did try. Again, perhaps when Beowulf is ready, the drivers /might/ be sorted too. >> The MX installer doesn't support installation installation on >> RAID1 mdadm devices! I prefer to use RAID1 for everything, then >> LUKS on all but the /boot partition with LVM2 -- that sort of >> setup isn't possible with the MX installer. > > ..you've seen http://wiki.tldp.org/LVM-on-RAID or > http://jasonwryan.com/blog/2012/02/11/lvm/ or > http://www.iverbi.de/slackware/RAID1_LVM_LUKS_Slackware12_2_Howto.html > ? I've done this setup many times, all on servers that never needed any GUI desktop. The servers are all fine. I'll live with MX installer issues, hoping this is only temporary; I do need a working setup, so thank goodness for MX to give me that
Re: [DNG] Devuan cannot exist without the help of Debian
Hi, On 23/11/19 4:38 am, Arnt Karlsen wrote: > On Sat, 23 Nov 2019 03:17:58 +1100, Andrew wrote in message > : > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Jo. >> >> On 23/11/19 12:26 am, Ismael L. Donis Garcia wrote: >>> In the worst case we would not be able to rely on MX Linux? >> >> I think not. >> >> MX is not exactly against systemd, they use it still, but not as the >> init system. And MX is reliant upon Debian anyway so sad that >> Debian is being destroyed by systemd. I don't know what the answer >> is, but it would have been best if the original TC chose against >> systemd, but that ship has sailed and the damage is well and truly >> done and it's only getting worse. >> >> I prefer Devuan over MX, but at this time I am using MX on a machine >> as an interim until my machine is properly supported by Devuan (if >> that ever happens properly). > > ..what's missing? Okay, first off, I didn't see your email in the list yet, but it is addressed to the list; so I'll reply with list inclusion... I have tried ASCII 2.0 -- but it looks like there is a new 2.1 version just about to be announced? My machine is a NUC8i7HVK with the following hardware details: # inxi -F -z --no-host -y 80 System: Kernel: 4.19.0-5-amd64 x86_64 bits: 64 Desktop: Xfce 4.12.3 Distro: MX-18.3_x64 Continuum May 26 2019 Machine: Type: Desktop System: Intel product: NUC8i7HVK v: J71485-503 serial: Mobo: Intel model: NUC8i7HVB v: J68196-503 serial: UEFI: Intel v: HNKBLi70.86A.0058.2019.0705.1646 date: 07/05/2019 CPU: Topology: Quad Core model: Intel Core i7-8809G bits: 64 type: MT MCP L2 cache: 8192 KiB Speed: 800 MHz min/max: 800/4200 MHz Core speeds (MHz): 1: 800 2: 800 3: 800 4: 801 5: 801 6: 800 7: 800 8: 800 Graphics: Device-1: Intel driver: i915 v: kernel Device-2: AMD driver: amdgpu v: kernel Display: server: X.Org 1.19.2 driver: amdgpu,ati,modesetting unloaded: fbdev,radeon,vesa resolution: 3840x2160~60Hz, 2560x1440~60Hz OpenGL: renderer: AMD VEGAM (DRM 3.27.0 4.19.0-5-amd64 LLVM 7.0.0) v: 4.5 Mesa 18.2.6 Audio: Device-1: Intel driver: snd_hda_intel Device-2: AMD driver: snd_hda_intel Sound Server: ALSA v: k4.19.0-5-amd64 Network: Device-1: Intel Ethernet I219-LM driver: e1000e IF: eth1 state: up speed: 1000 Mbps duplex: full mac: Device-2: Intel I210 Gigabit Network driver: igb IF: eth0 state: down mac: Drives: Local Storage: total: 1.36 TiB used: 74.17 GiB (5.3%) ID-1: /dev/nvme0n1 vendor: Samsung model: SSD 970 EVO Plus 1TB size: 931.51 GiB ID-2: /dev/nvme1n1 vendor: Samsung model: SSD 970 EVO Plus 1TB size: 931.51 GiB ID-3: /dev/sda type: USB vendor: Samsung model: Portable SSD T5 size: 465.76 GiB Partition: ID-1: / size: 118.75 GiB used: 74.09 GiB (62.4%) fs: ext4 dev: /dev/dm-0 ID-2: /boot size: 487.9 MiB used: 85.7 MiB (17.6%) fs: ext4 dev: /dev/sda2 Sensors: System Temperatures: cpu: 49.0 C mobo: N/A gpu: amdgpu temp: 37 C Fan Speeds (RPM): N/A Info: Processes: 254 Uptime: 53m Memory: 31.34 GiB used: 3.59 GiB (11.5%) Shell: bash inxi: 3.0.36 Installing with ASCII 2.0 wouldn't boot properly to the XFCE desktop and I wasn't interested in changing kernels or doing anything else to make it work out of the box, including trying to work out why XFCE was a problem with Devuan ASCII. Maybe I should try ASCII 2.1 -- but I was expecting Beowulf to be here "any time soon" ... for a lon while now. The MX installer doesn't support installation installation on RAID1 mdadm devices! I prefer to use RAID1 for everything, then LUKS on all but the /boot partition with LVM2 -- that sort of setup isn't possible with the MX installer. But XFCE works perfectly out of the box with MX, so I have something to work with in the meantime. Kind Regards AndrewM ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Devuan cannot exist without the help of Debian
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jo. On 23/11/19 12:26 am, Ismael L. Donis Garcia wrote: > In the worst case we would not be able to rely on MX Linux? I think not. MX is not exactly against systemd, they use it still, but not as the init system. And MX is reliant upon Debian anyway so sad that Debian is being destroyed by systemd. I don't know what the answer is, but it would have been best if the original TC chose against systemd, but that ship has sailed and the damage is well and truly done and it's only getting worse. I prefer Devuan over MX, but at this time I am using MX on a machine as an interim until my machine is properly supported by Devuan (if that ever happens properly). Cheers A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXdgKJwAKCRCoFmvLt+/i +7BOAQCgJVQmiK1rW+U/6nwP4x1JWg/QtF8SqonJR1tjcQu2PQEA2N/kmJWcCvpF MBl8KkFW4zDtjTM6E8B5+gKUHofU8qw= =QO7d -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] I wrote IBM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Steve, First off, I fully support your initiative. On 9/10/19 5:25 pm, Steve Litt wrote: > I can't give you proof, but I can give a strong piece of evidence: > > http://asay.blogspot.com/2006/10/interview-with-red-hat-cto-brian.html > I think that is a very long bough you are drawing here; I wanted to see the proof and be able to use it to advantage in arguing for non systemd pollution of systems ... but it was quite weak. We need [and, I believe, already have much stronger arguments than that interview gave for sure. Cheers AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXZ91bAAKCRCoFmvLt+/i ++q2AP4+jOzXyd4BZzTVeIq44v0w+Wv00XJuj0tmPjwQG6yQnAEA3fUZs8+NPoCH cntVGe3sDBBFYBOZUVzjcLjGLoyRUGY= =6Lr6 -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Patch for /etc/os-release on ascii
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 24/8/19 1:12 pm, Lars Noodén via Dng wrote: > It might help to have the same level of detail for /etc/os-release > on both ascii and beowulf. That would allow a more standardized > approach to automatically detecting the versions. Perhaps the same > should apply to jessie, too. > > /Lars > > diff /etc/os-release /etc/os-release.orig 3,5d2 < VERSION_ID="2" < > VERSION="2 (ascii)" < VERSION_CODENAME=ascii > __ Why? No changes here: # cat /etc/os-release PRETTY_NAME="Devuan GNU/Linux ascii" NAME="Devuan GNU/Linux" ID=devuan ID_LIKE=debian HOME_URL="https://www.devuan.org/; SUPPORT_URL="https://devuan.org/os/community; BUG_REPORT_URL="https://bugs.devuan.org/; # lsb_release -a No LSB modules are available. Distributor ID: Devuan Description:Devuan GNU/Linux 2.0 (ascii) Release:2.0 Codename: ascii Cheers A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXWDCUgAKCRCoFmvLt+/i +9OhAP9jDsJYq8/obQmUSueIzHtyBsTPirlvjT5399eOqKBbqQD+LMVpy9paCDTk XSZZJLJm5hdi6A6arkpzPB9r00t6zLI= =WXcT -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Weird problem with every kernel update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 27/7/19 8:29 pm, Pontus Goffe via Dng wrote: > On 2019-07-27 03:44, Andrew McGlashan wrote: >> Okay, it turns out that Devuan Jessie includes two extra modules >> that needed to be added to the Devuan Ascii >> /etc/initramfs-tools/modules file. . > Thank you very much! Excellent, glad I could help. I had quit a few USB modules for various things, including "special" keyboards that wouldn't work with standard modules. > Now I can remote reboot my custom kernel again without first > unplugging the wireless USB mouse/keyboard transmitter. My .config > already had evdev, but not CONFIG_USB_XHCI_PCI. I never suspected > the kernel. I've still got a server that won't reboot fully, and won't WOL either, if I am physically near the server, it seems to work every time though... some kind of painful Murphy's law going on. I was hoping that machine would reboot properly with the extra USB modules as it is similar (same box model) as the other one that /needed/ the rescue stick to fix Cheers A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXTxiqwAKCRCoFmvLt+/i +zCHAQDVZyV7zCHZVm6fnIPsLE4bi4GQKGUMiuCIIZ0D0UysiwEAsBcVvW7byr4Q hZm9oEqu0cbg4CGHIFSSz5s6e0vDVT0= =8wFE -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Weird problem with every kernel update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 27/6/19 10:00 am, Gregory Nowak wrote: > On Wed, Jun 26, 2019 at 01:10:20AM +1000, Andrew McGlashan wrote: >> On 25/6/19 10:23 am, Gregory Nowak wrote: >>> On Mon, Jun 24, 2019 at 06:50:48AM +1000, Andrew McGlashan >>> wrote: >>>> Hardware NUC6i7KYK. >>>> >>>> Every time I do a kernel upgrade (Devuan ASCII), rebooting >>>> loses USB devices shortly after grub kicks in. >>> >>> Do you have the necessary module entries for your USB >>> controller/hub in /etc/initramfs-tools/modules? >> >> Yes, I'm sure I actually have some extra modules in there just in >> case that won't hurt to be there and the rescue boot picks up the >> chroot environment copy of the modules file okay. > > Even though the kernel upgrade scripts generate a new initramfs, > have you tried generating them by hand with update-initramfs -u -k > all after the upgrade process? What about creating them from > scratch with the -c flag instead of -u? I don't see why either of > those would make a difference, but it wouldn't hurt to check if > they do for some reason. That's all I can think of for now. Okay, it turns out that Devuan Jessie includes two extra modules that needed to be added to the Devuan Ascii /etc/initramfs-tools/modules file. I'm not sure exactly when those two modules become necessary (to add to the modules file), but until they were added the only way I could successfully get a working boot was via the rescue method using the older Devuan Jessie USB stick which always worked. This is the modinfo for these two extra modules: # modinfo evdev filename: /lib/modules/4.9.0-9-amd64/kernel/drivers/input/evdev.ko license:GPL description:Input driver event char devices author: Vojtech Pavlik alias: input:b*v*p*e*-e*k*r*a*m*l*s*f*w* depends: retpoline: Y intree: Y vermagic: 4.9.0-9-amd64 SMP mod_unload modversions # modinfo xhci_pci filename: /lib/modules/4.9.0-9-amd64/kernel/drivers/usb/host/xhci-pci.ko license:GPL description:xHCI PCI Host Controller Driver alias: pci:v*d*sv*sd*bc0Csc03i30* depends:usbcore,xhci-hcd retpoline: Y intree: Y vermagic: 4.9.0-9-amd64 SMP mod_unload modversions Kind Regards AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXTusfQAKCRCoFmvLt+/i +13lAPwKuYZzYsnZW+/N39rmDKCwQ8GNlKFvzumrUnHDb2zW4gD+N0UUZOHZN1S+ o23RI/5AusrgcfUE0H6/a8s6g3NEYhg= =X58/ -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Weird problem with every kernel update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 25/6/19 10:23 am, Gregory Nowak wrote: > On Mon, Jun 24, 2019 at 06:50:48AM +1000, Andrew McGlashan wrote: >> Hi, >> >> Hardware NUC6i7KYK. >> >> Every time I do a kernel upgrade (Devuan ASCII), rebooting loses >> USB devices shortly after grub kicks in. > > Do you have the necessary module entries for your USB > controller/hub in /etc/initramfs-tools/modules? Yes, I'm sure I actually have some extra modules in there just in case that won't hurt to be there and the rescue boot picks up the chroot environment copy of the modules file okay. Thanks AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXRI5WAAKCRCoFmvLt+/i +0O6AP9oeitwtxVVsbx6Y6j7BQCtR1juGjm/PBTUJjvXjtUlpwD9F5YnbK87doXr lsw/BNgACn70Zv2BnAt9jTG8nHnQ/8I= =cGIb -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Weird problem with every kernel update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Hardware NUC6i7KYK. Every time I do a kernel upgrade (Devuan ASCII), rebooting loses USB devices shortly after grub kicks in. I have to boot a USB stick, which (Devuan Jessie Live), start a rescue session and do all the following steps: 1. auto-detect RAID devices 2. enter a shell 3. unlock lvms LUKS encrypted volume (which has root and swap) 4. vgchange -ay 5. exit shell Back to the rescue: 6. start root shell choosing root volume from lv (mounting /boot). 7. /bin/bash 8. update-initramfs -u -k all Then, every single time I perform these steps, the NUC device will continue to find USB properly until the next kernel update and I've got to go through these specific steps again, every single time. If I do the update and perform step 8 above before rebooting, I still have a problem; I have to go via the USB live ISO to fix it. There are external USB disks that are a mirror, when these don't come up in the dropbear environment, then I know I have the problem. So, attaching a USB keyboard, I can see it turn off (lights out) when it gets past the grub stage of boot... so that's when I pull out the USB live ISO from Devuan Jessie. It has happened for quite a while now, but I know exactly how to fix it, but not why it is happening. - -- Kind Regards AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXQ/mIgAKCRCoFmvLt+/i +/gZAP9v6QR3Cmvj331jkkknofxfUh+W6dnSu0BjDMUMnTeXSQEAnMm+GzpVaXnu +cyesqom1c/hIGUV+tqe8MuqxMeo1HY= =kOpl -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] issue with mailserver adding mail. to domain for email address....
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 15/5/19 10:43 am, Andrew McGlashan wrote: > On the bad server I can do the following as root I removed mailutils from the bad server and installed bsd-mailx and that fixed the problem. The /etc/alternatives/mailx were different on the two servers prevously. The bad server had: lrwxrwxrwx 1 root root 23 May 14 00:32 /etc/alternatives/mailx -> /usr/bin/mail.mailutils And the good server had: lrwxrwxrwx 1 root root 18 Jan 12 20:09 /etc/alternatives/mailx -> /usr/bin/bsd-mailx Now the bad server has been made good and it has the same alternative setting for mailx. The problem manifested after doing an upgrade from Devuan Jessie to Asci i. Kind Regards AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXNtkRAAKCRCoFmvLt+/i +7XsAP9w5TWh9SHED3HbejRtSMHVDQiFc1ZI9tvJklHgxtD23gD+MkyQ7YUKfkpN 5OM3WQLHfRubuYIUCHHBpaGLZvOuOlM= =LCgD -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] issue with mailserver adding mail. to domain for email address....
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I've got a weird problem, two servers are essentially setup identically, but one is giving me grief. I've got entries like the following on both servers in /etc/email-addresses user1: user1--u...@example.com.au root: root--u...@example.com.au Both servers are runing the same ascii version, with the same exim4 packages. On the bad server I can do the following as root su - -s /bin/bash user1 $ echo test|mailx -s 'test' f...@example.net The receiving email has this sender: us...@mail.example.com.au On the good server when I do the same thing, the sender shows as: user1--u...@example.com.au What could be wrong? Everything in the /etc/exim4/ directories seems to be correct when diffing the directory trees Both servers serve a number of domain names. Why is the bad server adding in "mail." and ignoring the entries in /etc/email-addresses ? - -- AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXNtgmgAKCRCoFmvLt+/i +8aUAP947ldDjwcbq9ckT9riEGAq5nUWQeygShEn74+aIzf7kQEAgovpVL0tRgB7 TwzUx30ZM2NyAp4USenNdvybndbBPt0= =nNT3 -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] GPG signing of emails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, For those that choose to sign their emails, please do so using "inline PGP", this way the message parts that are signed will get properly covered and can easily be checked for validity. I use Thunderbird with Enigmail, and I don't automatically "decrypt" messages, but when I click on "decrypt", then those /partially/ signed messages don't validate well. Kind Regards AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXL1d0QAKCRCoFmvLt+/i +wLHAP4gr3BRjR8UlhdASqovoHoqQWqp1SZAWzTTjlNXFFtkNAD/QXWifNbHZGfb 8IZyB0tZ3EFgWxvcJTCwj3rPDV0h+Sw= =g2PL -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Way forward
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 15/4/19 5:07 am, info at smallinnovations dot nl wrote: > On 14-04-19 21:03, Jim Jackson wrote: >> >> I find this somewhat amusing. Have you ever followed the linux >> kernel email list, and watched the falling out and aggression >> there has been on there in the past? Linus's (and others) >> language!! Better not take linux seriously any longer :-) >> >> I'm happy to wait and see if the future is uncertain for Devuan - >> instead of guessing. >> >> cheers Jim >> > You really think that the numbers working on the linux kernel are > somehow comparable to the numbers working on Devuan? Yes, but back to Debian? You did mention that an email suggesting and proposing the repair of relationships was childish? I think it is more childish to use that as a means to exit and it doesn't help. Are there other reasons? Do you really think that Devuan is not on track to recover from this? That email to which you reacted so strongly to was clearly a heartfelt plea to repair the damage that has been done, especially when some of that damage was not a lot more than differing opinions of the facts and how things manifested from those mis-understandings and/or disagreements and perhaps some over reaction; it was all about repair, regret and mending bridges, however they may or may not have been damaged. That seems quite adult to me. If I was to lose faith in Devuan, which I'm now invested in, then I would consider the following, especially ahead of Debian (unless I wished to return with systemd). https://mxlinux.org/ There are other alternatives, but right now, I am more than happy to stick with Devuan, so long as it doesn't become RHEL in disguise. Kind Regards AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXL1cpAAKCRCoFmvLt+/i +wOyAP9z/dxDkpdkHH/uAiTKE3wQ3abp7gEcronj256lWAPJcgEA308JuIY+VZwg MRKEl8D85WkwMUk3hDCAlxp56ANslc8= =ky8j -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What you saw on devuan.org yesterday was an April's fools joke
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 6/4/19 12:41 am, chillfan--- via Dng wrote: > I'm not sure then if the bus-factor does apply, but I'm sure none > of the core developers are the type to cross the road without > looking ;-) Sure, but the "bus factor" is not just relating to getting hit by a bus; it is the effect of losing someone by any means (health, accident, murder or otherwise). It's about having a plan to ensure that a lost person doesn't have other serious follow on problems ... such as "nobody knows the encryption pass phrase or key to unlock critical data (however it is stored), or nobody knows how the system works so they can step in and keep things going. https://en.wikipedia.org/wiki/Bus_factor Cheers A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXKeSVQAKCRCoFmvLt+/i +4TfAPoC2Ik23+usr+kBX8D10QIwZh3Z6u3lKt3PYiNdU8yvMwD/Vz1jVcWLx0Aw 3YxY7Avyo9O+cL6yFTVV46EhVOMp5Uk= =jJfN -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What you saw on devuan.org yesterday was an April's fools joke
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 5/4/19 11:28 pm, info at smallinnovations dot nl wrote: > On 05-04-19 11:16, Simon Hobson wrote: >> chillfan wrote: >> >>> Katolaz is working very hard to ensure we have releases, but I >>> didn't realise he was doing all this even. >> I didn't either. So another +1 for Katolaz and all the work he's >> doing. And everyone else of course, but I think it's a bit unfair >> for people to be calling for heads on spikes (or one head on a >> spike) over a fairly good joke. >> >> I can understand why some people get a bit upset, but really >> guys, lighten up. If there's no room for a bit of fun now and >> again then life gets a bit dull - like the corporate world of >> grey suites and endlist lists of things you aren't allowed to say >> or do. > > I know Katolaz is working very hard and i appreciate it very much. > But i am working in ICT and in construction and the two areas where > you do not joke about are security and safety. Since he already > apologized i will not discuss it further or in Dutch: zand erover. There is a different, but also VERY IMPORTANT consideration here. What if Katolaz gets hit by a bus? Whilst I do appreciate the work he does, it really is a potential nightmare should he become unavailable for the works he is currently doing. What about backup wetware and other team members, is enough known to move forward if we, for whatever reason, are unfortunate enough to lose him? Kind Regards AnsdrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXKdV1AAKCRCoFmvLt+/i +7CTAQCWjlH91JovNj2WNPVwWfRPmDAi4vkyH55dluwoDkbOOAD/baCsnM5tnv/P CO2WKE84dqqQ47p6a205TLeUHkRnCrw= =6xWS -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 2/4/19 11:33 pm, Rowland Penny via Dng wrote: > On Tue, 2 Apr 2019 14:28:52 +0200 Arnt Karlsen > wrote: > >> On Tue, 2 Apr 2019 14:29:46 +0300, Dimitris wrote in message >> : >> >>> - TZ difference is bad. we should all go GMT or something >>> unique, and know when april fools starts/ends. >> >> ..disagreed, good pranks can use the extra bonus time. ;o) >> > > Yes, but your 1st of April may be my 31st March. Many April Fools are done /around/ the time of 1st April some get in early on purpose, irregardless of time zones. Still, moving on; we've been promised that this won't happen again. Thank you. Cheers A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXKOdbQAKCRCoFmvLt+/i +8IKAQDf6G0rDdOoNE6HIuLxVBqIqEv1IgG+uRtRE9AHjGNjbgD/RcEJU/nGYjUp t4eeNpEidzOAMM9zkToXEQ9iIqafs9I= =eBgE -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 2/4/19 4:13 am, Dimitris via Dng wrote: > On 4/1/19 7:49 PM, Arnt Karlsen wrote: >> ..this cartoon is used in production how? ;o) > > snowden told us how. > > dev1 joke affected production devuan systems how? There is just so much wrong about this. April Fools is fine in jest, but this prank, about a serious alternative to Debian. It may have caused heart attacks, it may have stopped systems from getting valid updates, it may have done all sorts of things. I never went to the website; reading the mailing list only "about the problems", any sane person shouldn't go to a website that is potentially laden with malware. For Android users, if you don't have the February 2019 updates, you can get owned with just a PNG file. So, this is very serious stuff. Keep the humour to things much less critical. If you relied on Devuan for all your machines and the problem really did happen; it would be hell. A good prank would be a blog post that doesn't question the real security of the project. Once you question the security of the project, you can then have lingering doubts .. that's not good for anyone here. There are times and places for great fun. This was a terrible idea and it has to lessen trust to at least some extent as well as posing a serious health risk for administrators who care about security, a lot. And the xkcd comic hsa nothing on this scare. Kind Regards AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXKJptgAKCRCoFmvLt+/i +5OPAQDPwW/D2S2sjxCQHmSCV4ptxC4V17qEoiNTKAMMLVS1ZAD9H6c1rtmYQtQR 6vD/bisjTQADFMhrkH6X8t1gpeVmfLs= =X64u -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Ascii Multimedia -- /etc/apt/sources.list
Hi, What /etc/apt/sources.list entries should we now use for Devuan ascii for multimedia. This is what I previously used with Deuan jessie: (and it seemed to be okay) # deb-multimedia deb http://www.deb-multimedia.org jessie main non-free Thanks AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ..alsa+apulse and torbrowser... rpath is /usr/lib/apulse and is too long???
Hi, On 17/1/19 2:51 pm, Arnt Karlsen wrote: > ..we've heard of firefox dropping alsa etc for pulseaudio on behalf of > the Tor/torbrowser people or the systemd people and since pulseaudio > tried a "government shutdown", on _my_ iron, I did to pulseaudio what > you yanks should try on your own putinist regime, a Great Purge with > Stalinist Firmness. ;o) Okay, not what you were after, but what about this? https://wiki.archlinux.org/index.php/PulseAudio/Examples#PulseAudio_as_a_minimal_unintrusive_dumb_pipe_to_ALSA If it does what I think it does, then you can use Alsa in place of pulseaudio and do so transparently. Is that any good, does it do what you need and stop you needing pulseaudio? Cheers A. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] KVM guest update to Ascii problem with Jessie KVM host
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I upgraded a guest from Devuan Jessie to Devuan Ascii. The guest wouldn't boot the 4.9 kernel, but I could boot it's older 3.16 kernel okay. Then I upgraded the host from Jessie to Ascii as well and all was good. My son believes this is a bug, but I'm inclined to believe that this is a "fair" failure as whatever the host presented to the guest wasn't compatible enough in relation to the kernels (probably). If I upgraded the host first, then I probably wouldn't have seen any issues. NB: I am not using qemu directly, only via virsh. Perhaps if using qemu directly it would be different. Am I right in this case, or is my son right? In any case, if my son is right, then there is a bug, but it wouldn't hurt to always upgrade the host before any guests that rely upon that host. Kind Regards AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXDrd2gAKCRCoFmvLt+/i +46kAP0UhfscYItl1pst2e+qAH6+XClVEj6SZAH76LIZrlXfTwD9HPsAUWDnVIKL Fbpk2Cdf9EPG/cvfxhH7ZSxAdeaPWgo= =JxI+ -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Jessie --> ascii issues
Hi, I've upgraded one of my servers from Devuan Jessie to Devuan ASCII and had some issues. First the initramfs failed to work properly as I have custom scripts for the setup, one of the scripts sets up a bunch of useful tools for the initramfs environment and that part was fine. But a different script populated .profile and some other files in the target DESTDIR/root directory -- now it needs to be DESTDIR/root* # diff hourly.1/kvm-affinity-devuan-b/root/usr/share/initramfs-tools/hooks/other hourly.2/kvm-affinity-devuan-b/root/usr/share/initramfs-tools/hooks/other 43c43 < (cd /etc/initramfs-tools/root.other_files/;tar cf - . | (cd "${DESTDIR}/root"*;pwd;tar xvf -)) --- > (cd /etc/initramfs-tools/root.other_files/;tar cf - . | (cd "${DESTDIR}/root/";tar xvf -)) The newer rsnapshot (hourly.1) fixes the problem with my root files area setup, with the pwd thrown in there for my benefit when building the initramfs files. I do have multiple LUKS disks (not just the root file system) and simply unlocking the root file system wasn't enough; my initramfs setup gives me extra tools to check RAID devices and unlock extra LUKS volumes. The other problem I had was with a backup script that has a weird difference with "fdisk -l" output -- if the lvm is referenced via /dev/mapper/vg_name-lv_name, then the output now includes "-part" components, but if I do an "fdisk -l" for the /dev/vg_name/lv_name, then it doesn't have "-part". For Jessie, both paths give the same suffix endings for partitions. You can see the differences below. I had to use sed to remove the "-part" string for my backup scripts to work. ASCII (upgraded from Devuan Jessie) # fdisk --version fdisk from util-linux 2.29.2 # l /dev/vg0/server--disk0--backup /dev/mapper/vg0-serverdisk0backup lrwxrwxrwx 1 root root 7 Nov 18 2018 /dev/vg0/server--disk0--backup -> ../dm-9 lrwxrwxrwx 1 root root 7 Nov 18 2018 /dev/mapper/vg0-serverdisk0backup -> ../dm-9 # fdisk -l /dev/vg0/server--disk0--backup Disk /dev/vg0/server--disk0--backup: 15 GiB, 16106127360 bytes, 31457280 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x0bf87a90 Device Boot Start End Sectors Size Id Type /dev/vg0/server--disk0--backup1 2048 3905535 3903488 1.9G 82 Linux swap / Solaris /dev/vg0/server--disk0--backup2 * 3905536 31455231 27549696 13.1G 83 Linux # fdisk -l /dev/mapper/vg0-serverdisk0backup Disk /dev/mapper/vg0-serverdisk0backup: 15 GiB, 16106127360 bytes, 31457280 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x0bf87a90 Device Boot Start End Sectors Size Id Type /dev/mapper/vg0-serverdisk0backup-part1 2048 3905535 3903488 1.9G 82 Linux swap / Solaris /dev/mapper/vg0-serverdisk0backup-part2 * 3905536 31455231 27549696 13.1G 83 Linux Another server still running Devuan Jessie # fdisk --version fdisk from util-linux 2.25.2 # l /dev/mapper/vg0-serverdisk0 /dev/vg0/server--disk0 lrwxrwxrwx 1 root root 7 Nov 18 07:33 /dev/vg0/server--disk0 -> ../dm-3 lrwxrwxrwx 1 root root 7 Nov 18 07:33 /dev/mapper/vg0-serverdisk0 -> ../dm-3 # fdisk -l /dev/vg0/server--disk0 Disk /dev/vg0/server--disk0: 15 GiB, 16106127360 bytes, 31457280 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x077e996e Device Boot Start End Sectors Size Id Type /dev/vg0/server--disk0p1 2048 3905535 3903488 1.9G 82 Linux swap / Solaris /dev/vg0/server--disk0p2 * 3905536 31455231 27549696 13.1G 83 Linux # fdisk -l /dev/mapper/vg0-serverdisk0 Disk /dev/mapper/vg0-serverdisk0: 15 GiB, 16106127360 bytes, 31457280 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x077e996e Device Boot Start End Sectors Size Id Type /dev/mapper/vg0-serverdisk0p1 2048 3905535 3903488 1.9G 82 Linux swap / Solaris /dev/mapper/vg0-serverdisk0p2 * 3905536 31455231 27549696 13.1G 83 Linux Now this was just a kvm host machine (without any actual vms at this time), so these little annoyances were less critical to me, but a bit of a pain nonetheless. Not sure why initramfs must now have /root-${RANDOM_PART} for dropbear's root login instead of being just /root The fdisk changes were also baffling, why it had to change from p1, p2, p3 to -part1, -part2, -part3 suffixes for the
Re: [DNG] Well, this is interesting
On 30/10/18 05:06, taii...@gmx.com wrote: > I wouldn't consider this necessarily doom and gloom Some might say IBM "helped" derail the AU census... and more, but the AU gov't keeps giving them support after multiple alleged botch ups where they can /claim/ it to not be their fault. It may allegedly have a smell of corruption about it too, I just don't know. Just as I don't know what is in store for RHEL with IBM, but at least it has to be better than Ellison getting hold of the company. A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 21/10/18 21:10, Jimmy Johnson wrote: > I first noticed it while testing Stretch, I run a multimedia setup > no problem with Jessie without systemd or wheezy, I was running a > intel laptop HDMI to a big screen smart tv, the screen would go > black and the audio would stop, I'm not the only on who has seen > the problem as it's been mentioned on the Debian mailing list. > Since then I have ran it on other systems, like Devuan, PCLinuxOS > and Slackware too and have seen the the problem in real time while > looking at the system log and I would see the kernel making calls > to get a outside HTTP, I bring down my net connection and the > kernel calls avahi daemon to bring it back up and make a HTTP > connection, I stop avahi daemon and the kernel binds with the NIC > and tries to get outside HTTP, that's where my firewall stops it. > But the kernel keeps trying over and over and over endlessly to > get outside HTTP and all this makes it imposable to watch my movie. > Using the Intel laptop was convenient, but I got the idea to try my > AMD nvidia desktop, I got the same kernel activity but no > interference with audio/video, I'm now using ATI Radeon laptop, > works the same as nvidia or maybe it's because their both AMD as I > don't have nvidia or ATI running on a intel system that I can > test. > > Questions? Is the cable perhaps 1.4 type with built-in Ethernet? Wonder if that might have something to do with it too. The SmartTV might be doing the communication attempts. Maybe it is trying to tattle on you for using video that it /thinks/ is breaking digital rights.. maybe something else entirely. If the kernel is making the HTTP calls, it might be under direction of the video driver that is able to network with the screen via the HDMI cable. Cheers A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW8x+CQAKCRCoFmvLt+/i +w1SAQDK1eXGm8fdtu7vmydvNeJzrLB3UCK/CKAX24xGGSX35QD9GLIqVQCJaoUw GsPPNGOYwpz0fw/tj6IZj576OYlTZ7I= =S3xz -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Who remembers rootkit..
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Rick, On 21/10/18 14:42, Rick Moen wrote: > Quoting Jimmy Johnson (field.engin...@gmail.com): > >> Who remembers when rootkit hunter started showing problems and >> Debian said they where false positive problems? I think it was >> sometime during the development of Stretch. Well they fixed >> rootkit hunter to not show those problems any longer and so goes >> systemd, one BIG FAT security problem and has made security >> software pretty much useless. At lest with a firewall and no >> systemd you can stop kernel calls to get outside http or at lest >> I can. I think it's to bad we have to live with a kernel that's >> passing our activity to outside sources. I have this stuff >> logged, it can't be denied. I think he means the callout by some systemd setup that does a http or some other test for "connenctivity" ... perhaps it is more than that, but that alone is a concern. It was suggested in /that/ thread to which I think he is talking about, that the test should be to the router or the first outside gateway from your local network. Anyways, I'm not too sure. Cheers A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW8w2nAAKCRCoFmvLt+/i ++iFAQC82Ew5AvLbmau+s0hMBK7CwZKTu2UMDWvr6e6EIYbZ1gD/f8PxCIXBNCq5 fRJIig7kLjUFY/RxwN/qACxg0dy6JBU= =A6fC -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What's the latest stable version?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 14/10/18 07:01, Antony Stone wrote: > On Saturday 13 October 2018 at 21:49:30, Steve Litt wrote: >> What's the latest stable version of Devuan? I'm going to set up a >> test VM to test runit on Devuan. > > "Devuan’s stable release is now 2.0.0 ASCII." > > https://devuan.org/ > > I'm surprised to see *you* ask a question like this, Steve... Well there is a different answer to that. Sometimes stable is testing that has been testing long enough and is perhaps close enough to freezing that it is considered stable. ;-) Cheers A. -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW8LfgQAKCRCoFmvLt+/i +9q3AQCtXjvfBzvjiyc4IB2dM+Tzu6artBw6Nh2/sU0+D3BstwD7Bj8gauCQZLvL o5yjI2QDuZOZ9Xh/AWMA+g8F+tsDl6Y= =IBkg -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Restricting user capabilities after ssh login
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 12/08/18 14:55, mett wrote: > I m wondering about the best way to restrict a user after he has > ssh'd into his web folder. I solved this problem a different way. Created a VM just for the required user(s). They needed to provide their static IP address and a public key for the authorized_keys file. Only they could login to their own VM and only from a trusted IP address with their private key (hopefully protected with a decent password/passphrase). The VM mounted particular directories so that the user could access those alone in their restricted VM without any direct access to the main host that has shared and non-shared files for others. As the VM spins up, so to speak, a process mounts the required directories as the correct user and if they adjust those files, then the main server will get those adjustments, but they cannot change ownership of any file (they can, but it won't propagate to the main server). There are still risks, they can be bad and place files in their own areas on the server that might try to do something that would be frowned upon, such as trying to break security with some kind 0f executable code (perhaps website code). Some trust is needed, but if they abuse that trust and get found out, then there would be hell to pay as I'll cut them off completely and only allow update to files much less directly. Cheers AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW7tx2gAKCRCoFmvLt+/i +6+2AQC/9mUoP9hJtaNa4FbsBl2AJm5n4gTp7I9YPrhXOirtCQD8D3upPY9h6mky E1CvUz/RUCn7rQmz0BkKXTvVl1okH+E= =JKdL -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Devuan ASCII Live USB security issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 27/09/18 08:28, fsmithred wrote: > On 09/26/2018 01:03 PM, Andrew McGlashan wrote: Add the following > to the boot command: noautologin nocomponents=sudo Perfect, that takes care of my most immediate concerns. > There aren't any daily images or even weekly images. If you want > your live images to get all the latest security fixes, you'll need > to make your own. You can do that either with live-sdk (which will > pull the latest packages from the repo) or refractasnapshot (which > will copy the running system to make a live iso. I generally use a > dedicated system in a VM for this.) > > You might also want to take a look at refracta2usb. It can make a > live usb with one or more persistent volumes, encrypted or not. I > think you can do what you want with a single usb. > http://www.ibiblio.org/refracta/docs/readme.refracta2usb.txt > https://sourceforge.net/projects/refracta/files/tools/refracta2usb-2.3 .6.deb Okay, > thanks. I've been thinking about refracta2usb ... I expect I'll use that one day, but not just yet. Kind Regards AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW6yDjAAKCRCoFmvLt+/i +15sAP9DKn0owzlgdv097O+tb6Ui/YNV6TGSS+eSCwVQUOdg3gEA0wAXzZ2qgQFS GEPAlUZhJIFLugr2B7GyM7PxCseFv8k= =ZKR6 -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Devuan ASCII Live USB security issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 27/09/18 06:01, Jaromil wrote: > On Thu, 27 Sep 2018, Andrew McGlashan wrote: > >> I've been using a live USB of Devuan with XFCE, I boot it to RAM >> and then setup my temporary environment from a different LUKS >> encrypted USB. > > have you tried https://heads.dyne.org? I definitely like the idea of heads, particularly over tails. But my setup actually uses both the Tor network and the clear net; most downloads and browsing are over Tor using privoxy, except when I really want something and it is denied just because I am using the Tor network. Palemoon normally transits using socks5 proxy (Tor), with some exceptions. Firefox is set to go direct. Thunderbird also used the proxy. Most times when websites block me for using Tor or even uBlock Origin and uMatrix to stop tracking and lessen advertising rubbish, then the content is often available elsewhere -- if they want to lock me out, then I'll find alternatives. Just like I use Devuan over Debian as my alternative to avoid the cancer of systemd. I'm concerned that heads is too far behind in terms of security, the last release was some time ago now, I have been keeping an occasional eye on it. The last release being 2018-03-26 (6 months ago). Tails, which I hope to stop using one day has had a number of releases in that time frame. Don't get me wrong, I do want heads to win over tails here for sure. In any case, tails and one day heads instead will have their place for my usage, but I need more than either of this for everyday tasks. > is a Devuan derivative based on Beowulf (current testing) hardened > for security, routing all traffic through tor and removing all > non-free firmware (100% free). Maybe it works for your case, maybe > not (the persistent setup aka "nesting" is not yet there) but since > you seem to have all the persistance scripts by yourself, this live > USB may do well for your purpose. All of which is why I will definitely be preferring heads over tails, but down the track. Kind Regards AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW6x+dgAKCRCoFmvLt+/i +w5oAP9OXQOspu+IU3bciNgdsKd3E8Ga0NYMzVi9dC4tQWu/YgEAqNjOCSjobsKQ vjQ5EmcagKJoJUzI0xi2/+KEDDvMbXs= =zR+X -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Devuan ASCII Live USB security issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I've been using a live USB of Devuan with XFCE, I boot it to RAM and then setup my temporary environment from a different LUKS encrypted USB. This allows me to keep my data secure and the setup as simple as possible without actually installing Devuan on the working device. My method includes saving dot files and dot directories so that I don't have to reconfigure everything from scratch each time. I even include ".mozilla" ."moonchild productions" and ."thunderbird" directories from the LUKS encrypted USB. I am installed Firefox, Palemoon and Thunderbird from downloads .bz2 files (just extracted to a directory). I setup keyboard entries to launch them easily. Also using "KeePassXC-2.3.4-x86_64.AppImage I've got my ssh configs and the gnome keyring in play (all coming from the encrypted USB). I install a bunch of .deb updates and some extra outside .debs that I've got on hand to give me all the tools I need. Whilst running in this environment, all of my usual important working data and working environment is available (together with mapped drives using sshfs when available). However, I need it to be better secured during usage with the Live USB before I finish my session and then update the LUKS encrypted USB using rsync for the next use at a later time. The trouble I have is that whilst I can easily change the "devuan" (live) user to have a secure password, the terminals all auto-login, without requiring any password to be entered! That is, if I go to any or all of the ttys for instance, and type d to logout, then it immediately starts a new session as "devuan" without asking for the new (or any) password. Adding to this problem is the fact that the "devuan" user has, by default, full SUDO rights without needing any password as well; the latter is probably easily fixed with an adjusted sudoers file, but the auto-login is a major security risk, How do I stop those automatic logins on the ttys ? Doing this setup, I can travel with two USB sticks, use just about any computer and boot up the LIVE USB, then apply my setup form the encrypted one. The other thing I would like would be to be able to do is to use a daily LIVE DEVUAN USB image to keep it up to date and safer (particularly the kernel or really anything that would need a reboot to pickup the new version), but I don't know if daily images are available anywhere for it. Kind Regards AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW6u77wAKCRCoFmvLt+/i ++lWAQCZNpzPIAbikb4Q4WzJuLSxN7MmkCN0uhTMp1jFP4GungEAtxFuIBipTFoe BXq3pzflpao953jDirPVaagoayDUFWU= =A5fP -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/07/18 17:51, KatolaZ wrote: > Literally anybody can get the sources of the Linux kernel and read > through it. So I guess your fears are somehow unjustified... There were long standing problems with openssl -- the source code was fully available, anybody could have found the problems, but they didn't. The Linux Kernel is HUGE, the possibility to find something that shouldn't be there would not be very easy. Binary blobs remain the most "risky" components, but anything else can easily hide in plain sigh t. Cheers A. -BEGIN PGP SIGNATURE- iF4EAREIAAYFAltDF2wACgkQqBZry7fv4vuOqAEAzsCAqEwTGdeU0naWbKauol8+ HtUPlRJNtcNftl+6G8AA/RE+ahm/ImQblbacaPOEVBDh/UmFqxfdd2NEUQFHroBN =+Tvv -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] what happened to usbmount?
On 20/06/18 00:05, Erik Christiansen wrote: > Martin, I think I will too. That is one nifty little bit of kit, not > just to be added to my survival notes accumulated over the decades, but > to be pushed into the wetware despite increasing backpressure after 2^6 > trips around our star. Song "will you still love me when I'm 2^6", hahaha A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] X11RDP-o-Matic Information - Scarygliders
https://scarygliders.net/x11rdp-o-matic-information/ Interesting quote from the above link: NOTE: I am no longer actively spending days/hours of my time to maintain this script – there are too many different variations of Linux Distributions and they come out so frequently and always include changes in the way they do things, that it became utterly impractical for me to try to test o-Matic for every possible “gotcha” in every new and wonderful distribution. Systemd is another reason why I simply cannot spend any more time on o-Matic. It broke an awful lot of things when Debian decided to include it in their distributions, and I refuse to spend any more time dealing with this malware. If anyone wants to, they can feel free to submit pull requests to the o-Matic repository at Github, and if I have time I will review the changes and merge them with the main o-Matic branch. Regards. Cheers A. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Re: (forw) [GoLugTech] Microsoft buys GitHub
On 09/06/18 15:49, Jimmy Johnson wrote: > There's something fishy about this story. > https://www.bbc.co.uk/news/technology-44368813 > It was first published on June 5th and now dated June 6th, I first read > the story on June 5th at the same link. Not recoverable, not repairable > or so they say and who's data will be stored there? I don't know abut > you but the only one I trust to store my data is me and I'm backed-up > since '94 on 3 external and 2 internal drives with no problems and it's > safe to say I'm a pack rat. archive.org has 30 different snapshots so far. https://web.archive.org/web/*/https://www.bbc.co.uk/news/technology-44368813 Your earliest "5th June" version may be one of the earlier 6th June entries depending on your timezone. Cheers A. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Re: (forw) [GoLugTech] Microsoft buys GitHub
On 05/06/18 03:06, Mark Rousell wrote: > My statement that MS were the largest single contributor on GitHub comes > from GitHub's own statistics specifically for *open source* > contributions (admittedly dating from 2016). > > Source: http://businessinsider.com/microsoft-github-open-source-2016-9 > 'Microsoft just edged out Facebook and proved that it's changed in an > important way'. Don't believe the Microsoft hype. Now, if they open sourced EVERY single Microsoft software and allowed forks with proper open licenses that are not restrictive; only then I might be happy to use a completely vetted fork that removes every single privacy concern or, at the very least, allows absolute total transparency with options to allow/disallow data transfer based on the pros of giving up particular and specific personal or other data for a different, but worthwhile benefit -- knowing the "cost" of giving up exactly which data is what counts and understanding that the benefit is worth it. A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Re: (forw) [GoLugTech] Microsoft buys GitHub
On 05/06/18 02:46, Mark Rousell wrote:> Anyway, I look forward to Microsoft Enterprise Linux in due course. ;-) NO WAY! It's bad enough with RHEL and it's competitors; if I need that brand of Linux, I would go CentOS... but it will be a very cold day in hell before I opted for a Microsoft version. A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] (forw) [GoLugTech] Microsoft buys GitHub
Is this a case of mass US based industrial espionage now? It's been said that Microsoft makes a great deal of monies from Linux with patents in play. I see this as a perfect solution for Microsoft to go after every man and his dog using github to see if there are any patents to win more money over (like Oracle did to Google for instance over Java). If Microsoft has full and unfettered access to all the code repositories, then they can deep scan every project looking for opportunities to take legal action. This is a disaster waiting to happen. I won't use Skype ever again, haven't for a long time. My LinkedIn is just a placeholder account and some "wise" person screwed up my profile long ago with incorrect information. LinkedIn is a problem in itself. What are they? They are the ultimate 3 letter agencies dream. They want to know about every single business, every single employee and job description, every single skill; it's entirely encompassing -- it is a nightmare for anyone wanting to preserve any shred of privacy about their own information. I just hope that people abandon Github, but I won't hold my breath; people haven't abandoned LinkedIn or Skype as they should. Very troubling times indeed. A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Is Void OK? Was: Keep it alive
On 20/05/18 00:42, Arnt Karlsen wrote: > ..you need both, IME. 17 years ago, I was the final lawful webmaster > at fmb.no, our domain docs were stolen by https://www.frp.no/ people. Is there an English translation for that? https://web.archive.org/web/20051119085953/http://www.fmb.no:80/ Cheers A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] It's far from being over. Sigh!
Hi, On 05/05/18 04:04, Hendrik Boom wrote: > It may not be an option unless I want to get out of computing > altogether. The problem is that everything has got a computer in it these days and I too fear that the only option to avoid all the bad-ness going on is to opt out of computing as well :( But whilst I still can, I'll at least run my own servers and rely on the "cloud" as little as possible. Librem 5 phone coming next year for me. Opting out of the big 5 is also very much something I would like to do: 1. Google (including Android) 2. Apple 3. Microsoft (including LinkedIn, Skype and other privacy nightmares) 4. Amazon (including AWS) 5. Facebook Oh and Twitter would make it six... NB: The article is not mine, but the sentiments are the same: https://motherboard.vice.com/en_us/article/mbxndq/one-month-without-big-five-microsoft-google-facebook-apple-amazon I even hate it very much that our public broadcaster has to have fb and twitter accounts -- they are supposed to be 100% free and non-commercial, but that's really just a dream because they, themselves (abc.net.au) are always going to be more commercial than they'll admit. Being sans systemd is not enough, that is another eco-system I want to avoid as much as I can (as we all know here). Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Used *and* free hardware
One thing about using used [,old] and free hardware is that it has power efficiency problems. Newer hardware tends to be more power efficient (if you choose wisely). This means that newer hardware can "pay" for itself via energy savings alone. Less power consumed, less heat. If you have an abundance of excess "free" power, that you don't have a better use for, then perhaps old hardware might be better than new hardware from an environmental perspective. A reasonably good example of new vs old is the incandescent light globe against an LED. You could wait until the old one blows or replace it and start saving energy straight away. We have reduce, re-use and recycle; these are all important but sometimes replace is more important for all sorts of reasons. Cheers A. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] The FSF seems to have finally sold out
Hi, On 08/03/18 10:05, taii...@gmx.com wrote: > In exchange for money they are now advertising and endorsing a maker of > fake libre hardware by letting them have a booth at libreplanet an > endorsing their debian copy "PureOS" > > https://libreplanet.org/2018/sponsors Really? I am pretty positive about Purism right now, I'm not sure the criticisms are valid. > Purism is NOT free hardware and certainly not "grassroots" as their > mysterious founder somehow has a bottomless pit of money to burn on > hardware costs and propaganda campaigns. Intel ME can be disabled up to a point, but some things must remain or the motherboard can't boot up. If you want completely new hardware and not hardware that is commly available, then expect things to cost significantly more. As much as I don't like the considerable duopoly we have in the mobile phone OS space, the hardware, being sold in huge quantity, is why we can have "super" computers in our pockets without the super, super pricing of yesteryear. Would I like Intel and AMD to provide more free hardware, absolutely I would. And to disable IME as much as possible, for sure! Purism has works in place to enable you to have a machine that you can control the keys (not M$, not anybody else), you load your bits and everything is 100% verified -- and you can update your bits by signing new bits with your keys and it remains verified. Are these things an illusion? https://puri.sm/posts/purism-integrates-heads-security-firmware-with-tpm-giving-full-control-and-digital-privacy-to-laptop-users/ https://puri.sm/posts/librem-now-most-secure-laptop-under-full-user-with-tamper-evident-features/ > I encourage everyone who cares about the future of free computing to > contact the FSF about this. > Here are posts that help explain the purism situation better than I can. > https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/ In IT terms, that Reddit thread started a long time ago perhaps it is irrelevant these days? > https://web.archive.org/web/20161010040458/https://blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/ > > https://web.archive.org/web/20161010100959/https://blogs.coreboot.org/blog/2015/08/09/the-truth-about-purism-behind-the-coreboot-scenes/ Again, I would like more free and again those archived posts are from 2016; still relevant today? I'm not sure they are and even if the do have relevance, how much is subjective and how much really matters? I think that Purism is heading in the right direction. There was also quite a positive interview on "Late Night Linux" just recently. https://latenightlinux.com/late-night-linux-episode-31/ Purism We are joined by Todd Weaver who is the CEO and founder of Purism to talk about the completely FOSS-friendly phone that they are planning to deliver in January next year and their laptops that are available right now. Can they really deliver something good as well as private and secure? Todd certainly thinks they can. Episode 32 could be interesting too, but I haven't listened to it yet. https://latenightlinux.com/late-night-linux-episode-32/ > Isn't it strange that purism receives so much coverage in the tech press > but real freedom hardware gets none at all? It has more freedom than many other options and it is targeted in the right direction, for sure, from what I can see. Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Problems with KVM server after updates (possibly linux-image is culprit) -- cannot start any guests.
Hi, On 11/01/18 18:32, Thomas Besser wrote: > Just upgraded one of the KVM server host machines to > linux-image-3.16.0-5-amd643.16.51-3+deb8u1 > > After that starting of virtual machines work like before (qemu-kvm > 1:2.1+dfsg-12+deb8u6). Okay, I think I might be better off doing a clean fresh install on another box and make sure it works properly with migrated VMs. There was a time when the packages being supplied were in a "wrong" state and perhaps the backports might also be an issue. # dpkg-query -l|egrep -i '(qemu|kvm)' ii ipxe-qemu1.0.0+git-20141004.86285d1-1 all PXE boot firmware - ROM images for qemu ii qemu-kvm 1:2.8+dfsg-3~bpo8+1 amd64QEMU Full virtualization on x86 hardware ii qemu-system-common 1:2.8+dfsg-3~bpo8+1 amd64QEMU full system emulation binaries (common files) ii qemu-system-x86 1:2.8+dfsg-3~bpo8+1 amd64QEMU full system emulation binaries (x86) ii qemu-utils 1:2.8+dfsg-3~bpo8+1 amd64QEMU utilities Thanks and Kind Regards AndrewM ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Problems with KVM server after updates (possibly linux-image is culprit) -- cannot start any guests.
Hi, On 11/01/18 08:10, Andrew McGlashan wrote: > Hi, > > I'm getting errors when trying to start guests after a restart with new > kernel. > > > qemu-system-x86_64: > /build/qemu-CeGdkI/qemu-2.8+dfsg/target-i386/kvm.c:1805: kvm_put_msrs: > Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed. > 2018-01-10 20:29:51.073+: shutting down > > > < ii linux-image-3.16.0-4-amd64 3.16.43-2+deb8u5 > amd64 Linux 3.16 for 64-bit PCs > --- >> ii linux-image-3.16.0-4-amd64 3.16.51-3 > amd64 Linux 3.16 for 64-bit PCs > > > I don't think any other updates could have been the cause Okay, well I tried to fix this with a different kernel, available, but not installed? linux-image-3.16.0-5-amd64 3.16.51-3+deb8u1 That didn't work, so I looked in my /var/cache/apt/archives and foudn a 4.9 kernel. I installed that and I can now start all my guests # dpkg-query -l|grep linux-image ii linux-image-3.16.0-4-amd64 3.16.51-3 amd64 Linux 3.16 for 64-bit PCs ii linux-image-3.16.0-5-amd64 3.16.51-3+deb8u1 amd64 Linux 3.16 for 64-bit PCs ii linux-image-4.9.0-0.bpo.4-amd64 4.9.65-3+deb9u1~bpo8+1 amd64 Linux 4.9 for 64-bit PCs The 4.9 kernel was there by some mis-configuration previously (with the Devuan project). I've done aptitude update and safe-upgrade -V ... but the /older/ 4.9 kernel didn't have any updates. Right now, I am /reasonably/ happy becuase he guests are running, but whatever went wrong is serious and I'm sure others will see issues, so if we an fix it properly, that would be great. Thanks AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Problems with KVM server after updates (possibly linux-image is culprit) -- cannot start any guests.
Hi, I'm getting errors when trying to start guests after a restart with new kernel. qemu-system-x86_64: /build/qemu-CeGdkI/qemu-2.8+dfsg/target-i386/kvm.c:1805: kvm_put_msrs: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed. 2018-01-10 20:29:51.073+: shutting down < ii linux-image-3.16.0-4-amd64 3.16.43-2+deb8u5 amd64 Linux 3.16 for 64-bit PCs --- > ii linux-image-3.16.0-4-amd64 3.16.51-3 amd64 Linux 3.16 for 64-bit PCs I don't think any other updates could have been the cause Any ideas? Thanks and Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Request file system reviews and recomendations.
On 29/12/17 13:57, Rick Moen wrote: > One can also reasonably say that the ext2/ext3/ext4 codebase has > benefited from more real-world testing than any other *ix fileystem code > in history. (ext4 departs significantly more from ext3 than the latter > did from ext2, as detailed here: > https://www.thomas-krenn.com/en/wiki/Ext4_Filesystem ) Okay, that lead me to consider TRIM for my SSD... everything I need is covered just fine, but the following blog post might be useful to some: http://blog.neutrino.es/2013/howto-properly-activate-trim-for-your-ssd-on-linux-fstrim-lvm-and-dmcrypt/ On my Linux Mint 18.3 laptop, I already had discard in /etc/crypttab (I never put it there). It was also already enabled in my /etc/lvm/lvm.conf file as well, (again I didn't put it there). And a very simple weekly job (compliments of Mint team I guess) also takes care of fstrim for all file-systems that support it as follows: # cat /etc/cron.weekly/fstrim #!/bin/sh # trim all mounted file systems which support it /sbin/fstrim --all || true Cheers AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Request file system reviews and recomendations.
On 28/12/17 11:51, Steve Litt wrote: > Being a fan of simplicity, I use ext4 on all partitions. No LVM: I > don't want the extra layer. With things like bind mount I can > temporarily move parts of one filetree to a different partition, and > the next time I full-install or buy a new computer or something, I can > resize partitions accordingly. > > ext4 is years old, proven reliable for years, has all the necess > > I don't use disk encryption, but if I did I'd find a way to do it > without LVM. LVM is wonderful, the snapshotting with it is excellent for doing backups and having even less downtime. I always use ext4 for the logical volumes and sometimes find that I need to resize the file systems (resize2fs and other steps). > I don't use RAID, and to the best of my knowledge I've never had data > silently go bad on me. The trouble with bit-rot is that it is silent loss of data; doing extra checksumming is a potential help for diagnosing lost data though, but that's why ZFS is so attractive, scrub the file system and it picks up problems. Use RAID1 (at least) and ZFS can fix the errant data that it finds. Still, the licensing issues and RAM requirements is a bummer, as is the fact that you really need server class hardware to have any possibility to use ECC type RAM. If your 'puter is a portable one, then you really, really should use full disk encryption. I've got to admit that the machine I'm replying on is my portable laptop, it runs stock Linux Mint 18.3 (sadly, with systemd), it is fully encrypted and boots in a matter of seconds (longest time is entering the unlock phrase and then my login password later). Even non-portable machines can do well to use LUKS (full disk encryption). My Devuan KVM machines use dropbear with trusted authorized_keys for bootup, I unlock the crypted volumes and continue normal boot; the only issue is that I need to be available to unlock the crypt vols. But it does protect the data if the box is lifted or the internal drives are stolen. Cheers A. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Request file system reviews and recomendations.
On 28/12/17 15:05, Rick Moen wrote: > ECC RAM is not sufficient to catch all bad RAM problems, only some. > Back in 2006, I had an interesting case of this: > http://linuxmafia.com/pipermail/conspire/2006-December/002662.html > http://linuxmafia.com/pipermail/conspire/2006-December/002668.html > http://linuxmafia.com/pipermail/conspire/2007-January/002743.html > > I know most people won't bother to read that, so I'll summarise: Your posts are almost, if not ALWAYS worth a read! TL/DR; DO BOTHER TO READ RICK'S POSTS I recommend it greatly; you are always good value to learn new things or new ways to look at things with a different pair of eyes that are always attached to a very well functioning brain. Your posts are very much appreciated. Thank you AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Request file system reviews and recomendations.
Hi, On 27/12/17 16:50, Josef Grosch wrote: > A good place to start is ZFS On Linux (http://zfsonlinux.org/) This project > is being run by the bright boys and girls at Lawrence Livermore National Lab, > our tax dollars at work. Yes, it is covered by a GPLv2-incompatible > licence[1] (CDDL), but I consider the advantages of ZFS enough to ignore the > license issue. I mostly run Debian and ZFS works like a charm. ZFS on Linux is different to ZFS in the Linux Kernel. each has it's own license. ZFS on Linux uses Fuse and is quite happily GPL. I hate the fact that Oracle bought Sun Microsystems and I wish they would re-license any and all Sun code that should be fairly provided for the community (especially anything to do with ZFS, especially since they cared more about BTRFS anyway...). Sun created ZFS, Oracle created BTRFS, they are competing, ZFS should be the winner, but the CDDL situation is a pain. You can legally, if I understand correctly, build ZFS in to a Linux Kernel yourself, but you cannot (due to license restriction), do so and provide it for others to use "as is", everyone whom want to use it in a Linux Kernel must compile it themselves. That makes a mockery of Canonical's opinion, but perhaps they paid monies to Oracle to free it up for them somehow Oh and I definitely think Oracle should give up on it's fight with Google over Java -- Sun always meant it to be possible for anybody to use unencumbered and they surely encouraged it; so it is my opinion that Oracle should let it be (not that I am defending Google, but I absolutely believe that Google is right here), however, I am not a lawyer so take my opinion for what it is. I would much prefer to have ext4 support checksumming too, but I can't see that ever happening; if it does, it will be new works based on BTRFS most likely and it'll be ext5 or something else. My preference, if it was never a licensing issue, would be to use ZFS with ECC RAM built-in to the Linux Kernel, but I am not rolling my own kernel these days and am sticking with "stock" ones that come with my distro. Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] git.devuan.org -- 2FA issues
Hi, On 25/08/17 21:04, Andrew McGlashan wrote: >>> 2FA is re-enabled for me, but if you use the Google Authenticator app, >>> it won't work because you cannot change the time sever to use >>> git.devuan.org (which has a different time). The time is still out by over 2 minutes. 1504095347 Wed Aug 30 22:15:47 2017git.devuan.org 1504095209 Wed Aug 30 22:13:29 2017local Whatever code GA gives will never work as the git.devuan.org server is more than 2 minutes fast. Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] git.devuan.org -- 2FA issues
On 25/08/17 20:09, Narcis Garcia wrote: > El 25/08/17 a les 11:00, Andrew McGlashan ha escrit: >> Hi, >> >> Okay, my code wasn't actually using the git.devuan.org server time, it >> just displayed it. >> >> 2FA is re-enabled for me, but if you use the Google Authenticator app, >> it won't work because you cannot change the time sever to use >> git.devuan.org (which has a different time). >> >> Kind Regards >> AndrewM >> >> >> >> ___ >> Dng mailing list >> Dng@lists.dyne.org >> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng >> > > Do you mean in devuan.org there are services depending on Google? Sort of, the time is different for the git.devuan.org server and the one that Google is using for generation of TOTP PINs. If Google's server has the time correct (NTP) and git.devuan.org has also got the same time, then it should be no problem. However, as the timing is out, nobody can rely on Google's Authenticator app to provide the right PIN. Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] git.devuan.org -- 2FA issues
Hi, Okay, my code wasn't actually using the git.devuan.org server time, it just displayed it. 2FA is re-enabled for me, but if you use the Google Authenticator app, it won't work because you cannot change the time sever to use git.devuan.org (which has a different time). Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] git.devuan.org -- 2FA issues
Hi, There is an issue with 2FA when logging in to: https://git.devuan.org/ The correct PIN code is always invalid. I run my own tool to generate the PINs, but I also tested using Google's Authenticator app and it gives the same PINs at the same time. I logged in with a recovery code, but couldn't login with a PIN. Then I removed 2FA and tried to re-enable it. I cannot re-enable it now because the PIN is always invalid The server time may be out, but I've also tried Google's server time as the reference instead of git.devuan.org's time and it didn't help. This was comparison of Google's time to my own local time: 1503649725Fri Aug 25 18:28:45 2017accounts.google.com 1503649724Fri Aug 25 18:28:44 2017local And this was an earlier comparison using git.devuan.org server time: 1503649151Fri Aug 25 18:19:11 2017git.devuan.org 1503649036Fri Aug 25 18:17:16 2017local As it stands now, I cannot re-enable 2FA with the account. My Python code gets the server (https://git.devuan.org) time using curl -Is with the "Date:" header. -- Kind Regards AndrewM Andrew McGlashan signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
-- update from original posteer -- Minor update on the issue: The check command provided in the advisory to test for hyper-threading doesn't work: it will always report hyper-theading as enabled. A better command is provided below. Note: this also means the perl script will give some false-positives. I apologise for the inconvenience. On Sun, 25 Jun 2017, Henrique de Moraes Holschuh wrote: > Once you know your processor model name, you can check the two lists > below: > > * List of Intel processors code-named "Skylake": > http://ark.intel.com/products/codename/37572/Skylake > > * List of Intel processors code-named "Kaby Lake": > http://ark.intel.com/products/codename/82879/Kaby-Lake > > Some of the processors in these two lists are not affected because they > lack hyper-threading support. Run the command below in a command line > shell (e.g. xterm), and it will output a message if hyper-threading is > supported/enabled: > > grep -q '^flags.*[[:space:]]ht[[:space:]]' /proc/cpuinfo && \ > echo "Hyper-threading is supported" The above test (using "grep") does not work, and will always report that hyper-threading is enabled. Please use the "lscpu" utility from the util-linux package in a command line shell (e.g. xterm): lscpu If the lscpu output reports: "Thread(s) per core: 2", that means hyper-threading is enabled and supported. If the lscpu output reports: "Thread(s) per core: 1", that means hyper-threading either disabled or not supported. In this case, the specific defect mentioned in the advisory will not trigger. -- Henrique Holschuh ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
Just re-sending this from the Debian User's list FYI - originally from: "Henrique de Moraes Holschuh" - this email with the perl script (I'll post that one here too) On Sun, 25 Jun 2017, Henrique de Moraes Holschuh wrote: > This warning advisory is relevant for users of systems with the Intel > processors code-named "Skylake" and "Kaby Lake". These are: the 6th and > 7th generation Intel Core processors (desktop, embedded, mobile and > HEDT), their related server processors (such as Xeon v5 and Xeon v6), as > well as select Intel Pentium processor models. Attached, you will find a perl script that can help detect if your system is affected or not. Many thanks to Uwe Kleine-König for suggesting, and writing this script. -- Henrique Holschuh #!/usr/bin/perl # Copyright 2017 Uwe Kleine-König # # This program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License version 2 as published by the # Free Software Foundation. open(my $cpuinfo, ") { if (/^$/) { print "cpu $cpunum: "; if ($vendor eq "GenuineIntel" and $family == 6) { if ($model == 78 or $model == 94) { if ($stepping eq "3") { print "Your CPU is affected, "; if (hex($microcoderev) >= 0xb9) { print "but your microcode is new enough\n"; } elsif ($hyperthreading ne "on") { print "but hyper threading is off, which works around the problem\n"; } else { print "you should install the latest intel-microcode\n"; } } else { print "You may need a BIOS/UEFI update (unknown Skylake-Y/H/U/S stepping)\n"; } } elsif ($model == 85 or $model == 142 or $model == 158) { print "You may need a BIOS/UEFI update (Kaby Lake, or Skylake-X processor)\n"; } else { print "You're likely not affected\n"; } } else { print "You're not affected\n"; } $cpunum = undef; $vendor = undef; $family = undef; $stepping = undef; $microcoderev = undef; $hyperthreading = undef; next; } $cpunum = $1 if /^processor\s*:\s(.*)/; $vendor = $1 if /^vendor_id\s*:\s(.*)/; $family = $1 if /^cpu family\s*:\s(.*)/; $model = $1 if /^model\s*:\s(.*)/; $stepping = $1 if /^stepping\s*:\s(.*)/; $microcoderev = $1 if /^microcode\s*:\s(.*)/; if (/^flags\s*:/) { if (/^flags\s*:.*\bht\b/) { $hyperthreading = "on"; } else { $hyperthreading = "off"; } } } ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading
Just re-sending this from the Debian User's list FYI - originally from: "Henrique de Moraes Holschuh" - are we all good here? - NB: there is a nice perl script to check vuln too on that list (I'll post that one here too) This warning advisory is relevant for users of systems with the Intel processors code-named "Skylake" and "Kaby Lake". These are: the 6th and 7th generation Intel Core processors (desktop, embedded, mobile and HEDT), their related server processors (such as Xeon v5 and Xeon v6), as well as select Intel Pentium processor models. TL;DR: unfixed Skylake and Kaby Lake processors could, in some situations, dangerously misbehave when hyper-threading is enabled. Disable hyper-threading immediately in BIOS/UEFI to work around the problem. Read this advisory for instructions about an Intel-provided fix. SO, WHAT IS THIS ALL ABOUT? --- This advisory is about a processor/microcode defect recently identified on Intel Skylake and Intel Kaby Lake processors with hyper-threading enabled. This defect can, when triggered, cause unpredictable system behavior: it could cause spurious errors, such as application and system misbehavior, data corruption, and data loss. It was brought to the attention of the Debian project that this defect is known to directly affect some Debian stable users (refer to the end of this advisory for details), thus this advisory. Please note that the defect can potentially affect any operating system (it is not restricted to Debian, and it is not restricted to Linux-based systems). It can be either avoided (by disabling hyper-threading), or fixed (by updating the processor microcode). Due to the difficult detection of potentially affected software, and the unpredictable nature of the defect, all users of the affected Intel processors are strongly urged to take action as recommended by this advisory. DO I HAVE AN INTEL SKYLAKE OR KABY LAKE PROCESSOR WITH HYPER-THREADING? --- The earliest of these Intel processor models were launched in September 2015. If your processor is older than that, it will not be an Skylake or Kaby Lake processor and you can just ignore this advisory. If you don't know the model name of your processor(s), the command below will tell you their model names. Run it in a command line shell (e.g. xterm): grep name /proc/cpuinfo | sort -u Once you know your processor model name, you can check the two lists below: * List of Intel processors code-named "Skylake": http://ark.intel.com/products/codename/37572/Skylake * List of Intel processors code-named "Kaby Lake": http://ark.intel.com/products/codename/82879/Kaby-Lake Some of the processors in these two lists are not affected because they lack hyper-threading support. Run the command below in a command line shell (e.g. xterm), and it will output a message if hyper-threading is supported/enabled: grep -q '^flags.*[[:space:]]ht[[:space:]]' /proc/cpuinfo && \ echo "Hyper-threading is supported" Alternatively, use the processor lists above to go to that processor's information page, and the information on hyper-threading will be there. If your processor does not support hyper-threading, you can ignore this advisory. WHAT SHOULD I DO IF I DO HAVE SUCH PROCESSORS? -- Kaby Lake: Users of systems with Intel Kaby Lake processors should immediately *disable* hyper-threading in the BIOS/UEFI configuration. Please consult your computer/motherboard's manual for instructions, or maybe contact your system vendor's support line. The Kaby Lake microcode updates that fix this issue are currently only available to system vendors, so you will need a BIOS/UEFI update to get it. Contact your system vendor: if you are lucky, such a BIOS/UEFI update might already be available, or undergoing beta testing. You want your system vendor to provide a BIOS/UEFI update that fixes "Intel processor errata KBL095, KBW095 or the similar one for my Kaby Lake processor". We strongly recommend that you should not re-enable hyper-threading until you install a BIOS/UEFI update with this fix. Skylake: Users of systems with Intel Skylake processors may have two choices: 1. If your processor model (listed in /proc/cpuinfo) is 78 or 94, and the stepping is 3, install the non-free "intel-microcode" package with base version 3.20170511.1, and reboot the system. THIS IS THE RECOMMENDED SOLUTION FOR THESE SYSTEMS, AS IT FIXES OTHER PROCESSOR ISSUES AS WELL. Run this command in a command line shell (e.g. xterm) to know the model numbers and steppings of your processor. All processors must be either model 78 or 94, and stepping 3, for the intel-microcode fix to work: grep -E 'model|stepping' /proc/cpuinfo | sort -u If you get any lines with a model number that is neither 78 or 94, or the
Re: [DNG] devuan.org inaccessible two days
Hi, On 20/05/17 01:00, Thaddeus Nielsen wrote: > For the second consecutive day my end of the internet cannot find devuan.org http://isup.me/devuan.org It's fine for me... Cheers A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] dovecot / exim4 / system users -- restriction of emails per user
Hi, Okay, this is how I've managed to /mostly/ sort this problem; logging is my friend and I can keep outgoing emails for verification. I've adjusted an acl entry to add a temporary header as follows: /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt accept authenticated = * add_header = X-Authenticated-User: Yes by example.org -- ${authenticated_id} -- sender address: ${sender_address} I also put that up a little higher in the config file to make sure I get the header added. That gives me a header to use in the /etc/exim4/system_filter Then in the system_filter I have the following: if $h_X-Authenticated-User: contains "Yes by example.org" then logfile /backup/mail/system_filter_all_mail/authenticated_emails.log logwrite "$tod_log\t$message_id\t$message_size\tX-Authenticated-User: ~$h_X-Authenticated-User:~\t-- reply address: $reply_address" logwrite "$sender_host_address $sender_address" logwrite "$reply_address" logwrite "$h_to" logwrite "$h_subject:\n\n" logwrite "$sender_address_domain" logwrite "/backup/mail/system_filter_all_mail/authenticated/$authenticated_id/$sender_address_domain/$sender_host_address/.${tr{$sender_address}{.}{_}}/${length_99:${tr{$recipients}{.,\040}{_--}}}/" unseen save /backup/mail/system_filter_all_mail/authenticated/$authenticated_id/$sender_address_domain/$sender_host_address/.${tr{$sender_address}{.}{_}}/${length_99:${tr{$recipients}{.,\040}{_--}}}/ else logfile /backup/mail/system_filter_all_mail/non-authenticated_emails.log logwrite "$tod_log\t$message_id\t$message_size" logwrite "$sender_host_address $sender_address" logwrite "$reply_address" logwrite "$h_to" logwrite "$h_subject:\n\n" logwrite "$sender_address_domain" endif # Remove this specially added header as it should not be sent externally to anybody # as it gives away the user's authentication id (username) headers remove "X-Authenticated-User" Now, that works fine with normal usage, but I still need a way with SquirrelMail -- that won't give me the authenticated_id :( Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Latest 64-bit Skype for Linux works with ALSA
Hi, On 14/05/17 23:24, Joel Roth wrote: > I installed the 64-bit .deb, and after some fruitless > struggles with the apulse wrapper (microphone not detected) discovered > that Skype now works just fine with ALSA only. Skype is a pox from M$ why not support alternatives? Other options include, but I'm sure are not limited to: jitsi on the desktop and Signal (with VIDEO now) on mobiles... btw LinkedIn is the same, more pox now owned by M$. Cheers A. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] dovecot / exim4 / system users -- restriction of emails per user
Hi, On 12/05/17 21:34, Arnt Gulbrandsen wrote: > IIRC this isn't at all simple with that software. For mostly poor > reasons that may have changed since last time I looked. > > You could approximate it with a bit of hacking, though: Use exim to > force a bcc to something like policyviolation@asdf, and use a generated > sieve file for that address to check whether anyone's done anything > forbidden. The generated sieve script needs a long list of clauses like > this one, which permits aaa@asdf to use sales@asdf and blah@asdf in the > From field: > > if allof(envelope "from" :is "aaa@asdf". > anyof(address "from" :is "sales@asdf", > address "from" :is "blah@asdf")) { >drop; > } > > The default action at the end of a sieve script is to file into the > inbox, so the end effect is that your policyviolation@asdf account > receives only rule violations. Read that mail whenever you feel BOFHy > and have a great day — one way or the other. Okay, that's an interesting way to deal with it, thanks! I've also thought about adding a header for the authenticated user, but I don't want the actual usernames to be given away in emails that leave the server. Perhaps add the header, save the message and then remove the header and let it transit on if that is possible; a bit like bcc is there, then it goes and doesn't end up being actually included in the source of a delivered email. Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Linux 4.9 kernel
On 09/05/17 00:50, goli...@dyne.org wrote: > There was an issue with backports not being pinned properly in the beta2 > (see: https://dev1galaxy.org/viewtopic.php?id=32). Or perhaps you have > backports enabled? Yes, that issue seems to hit the nail on the head; I'm sure that is why I actually have a bunch of other bpo stuff on that box (not as many on the new box). # dpkg -l | grep bpo|wc -l 73 # dpkg -l | grep bpo|wc -l 11 Looks like I need to do some further investigation and decide if I want to drop back to the non-bpo versions of packages. Thanks all Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Linux 4.9 kernel
On 09/05/17 01:04, KatolaZ wrote: > On Tue, May 09, 2017 at 12:37:51AM +1000, Andrew McGlashan wrote: > > [cut] > >> >> Start-Date: 2016-10-30 16:05:42 >> Install: linux-image-4.7.0-0.bpo.1-amd64:amd64 (4.7.8-1~bpo8+1, >> automatic), firmware-linux-free:amd64 (3.3, automatic), irqbalance:amd64 >> (1.1.0-2~bpo8+1, automatic) >> Upgrade: linux-image-amd64:amd64 (3.16+63, 4.7+75~bpo8+1) >> End-Date: 2016-10-30 16:06:10 >> > > Adam explained the arcane: you have linux-image-amd64 installed, which > automatically points to the latest available kernel. That's probably > why you got a backports kernel installed without you knowing that. Yes, but both the old and the new boxes both have that meta package and both have backports enabled. Kind Regards A. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Linux 4.9 kernel
Hi, On 08/05/17 23:58, Andrew McGlashan wrote: > I've got good logs, now I'll try to work out exactly when it was > installed (4.9) and if there were any other packages that were done at > that time. The /var/log/apt/history.log.N.gz files have the following: Start-Date: 2016-10-26 06:43:14 Commandline: apt-get upgrade Upgrade: linux-image-3.16.0-4-amd64:amd64 (3.16.36-1+deb8u1, 3.16.36-1+deb8u2), libgd3:amd64 (2.1.0-5+deb8u6, 2.1.0-5+deb8u7), tar:amd64 (1.27.1-2+b1, 1.29b-1~bpo8+1) End-Date: 2016-10-26 06:43:30 Start-Date: 2016-10-27 00:49:49 Commandline: apt-get upgrade Upgrade: tzdata:amd64 (2016f-0+deb8u1, 2016h-0+deb8u1) End-Date: 2016-10-27 00:49:50 Start-Date: 2016-10-30 16:05:42 Install: linux-image-4.7.0-0.bpo.1-amd64:amd64 (4.7.8-1~bpo8+1, automatic), firmware-linux-free:amd64 (3.3, automatic), irqbalance:amd64 (1.1.0-2~bpo8+1, automatic) Upgrade: linux-image-amd64:amd64 (3.16+63, 4.7+75~bpo8+1) End-Date: 2016-10-30 16:06:10 And this from /var/log/apt/term.log.N.gz Log started: 2016-10-30 16:05:42 Selecting previously unselected package firmware-linux-free.^M (Reading database ... ^M(Reading database ... 5%^M(Reading database ... 10%^M(Reading database ... 15%^M(Reading database ... 20%^M(Reading database ... 25%^M(Reading database ... 30%^M(Reading database ... 35%^M(Reading database ... 40%^M(Reading database ... 45%^M(Reading database ... 50%^M(Reading database ... 55%^M(Reading database ... 60%^M(Reading database ... 65%^M(Reading database ... 70%^M(Reading database ... 75%^M(Reading database ... 80%^M(Reading database ... 85%^M(Reading database ... 90%^M(Reading database ... 95%^M(Reading database ... 100%^M(Reading database ... 37528 files and directories currently installed.)^M Preparing to unpack .../firmware-linux-free_3.3_all.deb ...^M Unpacking firmware-linux-free (3.3) ...^M Selecting previously unselected package linux-image-4.7.0-0.bpo.1-amd64.^M Preparing to unpack .../linux-image-4.7.0-0.bpo.1-amd64_4.7.8-1~bpo8+1_amd64.deb ...^M Unpacking linux-image-4.7.0-0.bpo.1-amd64 (4.7.8-1~bpo8+1) ...^M Preparing to unpack .../linux-image-amd64_4.7+75~bpo8+1_amd64.deb ...^M Unpacking linux-image-amd64 (4.7+75~bpo8+1) over (3.16+63) ...^M Selecting previously unselected package irqbalance.^M Preparing to unpack .../irqbalance_1.1.0-2~bpo8+1_amd64.deb ...^M Unpacking irqbalance (1.1.0-2~bpo8+1) ...^M Processing triggers for man-db (2.7.0.2-5) ...^M Setting up firmware-linux-free (3.3) ...^M update-initramfs: deferring update (trigger activated)^M Setting up linux-image-4.7.0-0.bpo.1-amd64 (4.7.8-1~bpo8+1) ...^M I: /vmlinuz.old is now a symlink to boot/vmlinuz-3.16.0-4-amd64^M I: /initrd.img.old is now a symlink to boot/initrd.img-3.16.0-4-amd64^M I: /vmlinuz is now a symlink to boot/vmlinuz-4.7.0-0.bpo.1-amd64^M I: /initrd.img is now a symlink to boot/initrd.img-4.7.0-0.bpo.1-amd64^M /etc/kernel/postinst.d/initramfs-tools:^M update-initramfs: Generating /boot/initrd.img-4.7.0-0.bpo.1-amd64^M ... ... ... The 3 3.16 kernel upgraded on the 26th of October (normally), then the 4.7 kernel was an "automatic" install no "Commandline:" entry? It doesn't look like I manually chose to update, other than accepting what was presented by perhaps "aptitude safe-upgrade -V" option. Strange Kind Regards AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Linux 4.9 kernel
On 08/05/17 23:33, Adam Borowski wrote: > On Mon, May 08, 2017 at 02:10:12PM +0100, KatolaZ wrote: >> apt does NOT automatically update your kernel major version, for the >> simple reason that the kernel package contains the version in its >> name, so apt would not have any clue about the fact that >> linux-image-3.16.0-whatever and linux-image-4.9.0-whatever are related >> packages. And this is actually done on purpose, and for very good >> reasons ;) > > And if you want to actually do auto-upgrade kernels, install > "linux-image-amd64", it depends on the latest non-experimental kernel > package. Yes, that same package is installed on both servers. The second server was set up. dselect was installed - it was ran and updated to learn about available packages dpkg --set-selections was ran against a --get-selections from the older box. And an upgrade was done after the new selections were setup. In the end, the old box has the 4.9 kernel and the new box has the older (standard) one. I've got good logs, now I'll try to work out exactly when it was installed (4.9) and if there were any other packages that were done at that time. Thanks AndrewM signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Linux 4.9 kernel
Hi KatolaZ, On 08/05/17 23:10, KatolaZ wrote: > On Mon, May 08, 2017 at 10:55:07PM +1000, Andrew McGlashan wrote: > jessie ships with a 3.16 kernel, so the most plausible way you could > have got a 4.9 kernel from backports in the other jessie box (or was > it wheezy?) is by: > > # apt-get install linux-image-4.9.0-whateverversion > > apt does NOT automatically update your kernel major version, for the > simple reason that the kernel package contains the version in its > name, so apt would not have any clue about the fact that > linux-image-3.16.0-whatever and linux-image-4.9.0-whatever are related > packages. And this is actually done on purpose, and for very good > reasons ;) The other box started life as Devuan, using the same ISO as the new box (from way back then). So, both boxen are Devuan from the start, not any kind of migration from Wheezy or even Debian Jessie. I must have deliberately installed the 4.9 kernel manually, I just don't remember doing so and why I would have done it. Thanks A. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng