[DNG] bind9 updates broke, needed second aptitude update

[Andrew McGlashan via Dng]

Hi,

I found on a couple of systems that an upgrade of bind9 caused it to fail to 
start.

The fix [for me] was to do a second update/upgrade as well as making sure that 
/etc/resolv.conf had a nameserver it could
find and use.  I must have just been caught after doing the update to the 
faulty version just before the fix come through.

This was on two systems still running ascii


bind9 versions:
   Pre-first update/upgrade
 1:9.10.3.dfsg.P4-12.3+deb9u10

   The versions for the two update/upgrades ...
 1:9.10.3.dfsg.P4-12.3+deb9u11
 1:9.10.3.dfsg.P4-12.3+deb9u12

Turns out that 1:9.10.3.dfsg.P4-12.3+deb9u11 was broken.


The changelog refers to this:\
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007945

  <---changelog extract>
  bind9 (1:9.10.3.dfsg.P4-12.3+deb9u12) stretch-security; urgency=high

* Non-maintainer upload by the LTS team.
* Regression update for CVE-2021-25220: Properly initialize variables before
  using them. (Closes: #1007945)

   -- Markus Koschany   Sat, 19 Mar 2022 14:43:45 +0100

  bind9 (1:9.10.3.dfsg.P4-12.3+deb9u11) stretch-security; urgency=high

* Non-maintainer upload by the LTS team.
* Fix CVE-2021-25220:
  When using forwarders, bogus NS records supplied by, or via, those
  forwarders may be cached and used by named if it needs to recurse for any
  reason, causing it to obtain and pass on potentially incorrect answers.

   -- Markus Koschany   Fri, 18 Mar 2022 14:25:50 +0100
  <---changelog extract>





I expect a single update/upgrade should be fine now, but just in case this 
helps anyone else, it's on the mailing list now ;-)


Cheers


-- 
Andrew McGlashan



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Website "motto"?

[Andrew McGlashan via Dng]

On 20/1/22 5:07 pm, goli...@devuan.org wrote:
> On 2022-01-19 23:08, Andrew McGlashan via Dng wrote:
>>
>> About the logo, /if/

Okay, then about the IMAGE ... /if/

...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Website "motto"?

[Andrew McGlashan via Dng]

On 20/1/22 7:56 am, Steve Litt wrote:
> Syeed Ali said on Wed, 19 Jan 2022 09:56:59 -0800
> 
>> On Tue, 18 Jan 2022 22:59:35 -0600
>> goli...@devuan.org wrote:
>>
>>> Or this might be even better https://transfer.sh/CeUT0r/if-rev3.png  
>>
>> I submit:
>>
>> "Freedom includes init choice."
> 
> Very nice

Yes, I like it too.

About the logo, /if/ -- could mean too many things;
 - my first thought was fedora
 - others facebook
 - interface
 - then there's that insurance company now

It's all over the place, the letters alone don't mean enough and too
closely represent other things; the extra "hidden" text may not make a
difference, even though the background is meant to be transparent.

And for a "symbol" for freedom, I had a quick look and didn't find
anything I liked that is out there and isn't political, religious or US
patriotic; as if the US owns freedom.  Or even otherwise not divisive.

But I do think some kind of universal symbol would work, just don't know
what it should be.  The closest I get to is the combination of the peace
(all roads lead to one, nuclear disarmanent) symbol with a dove flying free.

I see Devuan as a MORE universal Debian, what Debian was "meant" to be
and was for many years.  Whether that needs to be specifically init
freedom or not is another matter.  To me, it is just better because it
is more universal.  Embedded and other low resource hardware or
appliances are not going to use Debian with systemd, at the very least
systemd would likely be stripped.  But if the device has an abundance of
resources (strong CPU, storage, etc.), then minimalization and
reasonable optimization will fall by the wayside as it does with the
bloatiness and underlying performance problems of Winblows being "fixed"
by newer hardware ... but I digress.


Sure others could come up with better symbols / logos and words than me.

A.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Youtube is slow and advertisement laden: Was: Early Days at Bell Labs - Youtube, the systemd of video

[Andrew McGlashan via Dng]

On 17/1/22 1:54 pm, Ken Dibble wrote:
> Or just install tsp and submit the download commands to the queue.

What is "tsp" ?
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Website "motto"?

[Andrew McGlashan via Dng]

On 20/1/22 1:03 am, Antony Stone wrote:
> On Wednesday 19 January 2022 at 15:02:00, Hendrik Boom wrote:
> 
>> On Tue, Jan 18, 2022 at 10:59:35PM -0600, goli...@devuan.org wrote:
 Like this? https://transfer.sh/cTgmNi/if-rev2.png
>>>
>>> Or this might be even better https://transfer.sh/CeUT0r/if-rev3.png
>>
>> I do not see a difference between rev 2 and rev 3.
> 
> "take"

Yeah, I never noticed the "hidden" text around the circle either.

A.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Problems with SPF of dyne.org for this mailing list

[Andrew McGlashan via Dng]

Hi,

Not fixed?

Did anybody look at this.

There are a bunch of new messages now coming from one or more other IP
addresses for the list.

A.


On 6/1/22 11:15 pm, Andrew McGlashan via Dng wrote:
> This report/notice is generated from the  mail server which handles
> incoming and outgoing emails for: the mailing list
> 
> 
> NB: Incoming email has been flagged with a permanent error due to the
> currently defined SPF ruleset as setup by those responsible for the
> SENDING domain name.
> 
>   Sending IP Address: 141.95.47.84
> Sender Email Address: dng-boun...@lists.dyne.org
>  Sender Email Domain: lists.dyne.org
> 
> 
> Thu  6 Jan 23:11:35 AEDT 2022
> 
> spfquery.mail-spf-perl --mfrom dng-boun...@lists.dyne.org --ip 141.95.47.84
> fail
> .
> lists.dyne.org: Sender is not authorized by default to use
> 'dng-boun...@lists.dyne.org' in 'mfrom' identity (mechanism '-all' matched)
> Received-SPF: fail (lists.dyne.org: Sender is not authorized by default
> to use 'dng-boun...@lists.dyne.org' in 'mfrom' identity (mechanism
> '-all' matched)) receiver=mail.affinityvision.com.au; identity=mailfrom;
> envelope-from="dng-boun...@lists.dyne.org"; client-ip=141.95.47.84
> 
>  -- status: 1
> 
> 
> 
> Thu  6 Jan 23:11:38 AEDT 2022
> 
> dig -t txt lists.dyne.org +short|grep spf
> "v=spf1 mx include:dyne.org -all"
> 
>  -- status: 0
> 
> 
> 
> Thu  6 Jan 23:11:38 AEDT 2022
> 
> dig -x 141.95.47.84 +short
> harlock.dyne.org.
> 
>  -- status: 0
> 
> Kind Regards
> 
> AndrewM
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 

-- 
Andrew McGlashan
IT Support & Broadband Solutions
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Problems with SPF of dyne.org for this mailing list

[Andrew McGlashan via Dng]

Hi,

This report/notice is generated from the  mail server which handles
incoming and outgoing emails for: the mailing list


NB: Incoming email has been flagged with a permanent error due to the
currently defined SPF ruleset as setup by those responsible for the
SENDING domain name.

  Sending IP Address: 141.95.47.84
Sender Email Address: dng-boun...@lists.dyne.org
 Sender Email Domain: lists.dyne.org


Thu  6 Jan 23:11:35 AEDT 2022

spfquery.mail-spf-perl --mfrom dng-boun...@lists.dyne.org --ip 141.95.47.84
fail
.
lists.dyne.org: Sender is not authorized by default to use
'dng-boun...@lists.dyne.org' in 'mfrom' identity (mechanism '-all' matched)
Received-SPF: fail (lists.dyne.org: Sender is not authorized by default
to use 'dng-boun...@lists.dyne.org' in 'mfrom' identity (mechanism
'-all' matched)) receiver=mail.affinityvision.com.au; identity=mailfrom;
envelope-from="dng-boun...@lists.dyne.org"; client-ip=141.95.47.84

 -- status: 1



Thu  6 Jan 23:11:38 AEDT 2022

dig -t txt lists.dyne.org +short|grep spf
"v=spf1 mx include:dyne.org -all"

 -- status: 0



Thu  6 Jan 23:11:38 AEDT 2022

dig -x 141.95.47.84 +short
harlock.dyne.org.

 -- status: 0

Kind Regards

AndrewM

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] kvm -- virsh failed shutdown -- reason was missing acpid on vm [resolved]

[Andrew McGlashan via Dng]

Hi,

On 26/3/21 12:25 am, Antony Stone wrote:
> On Thursday 25 March 2021 at 14:16:52, Andrew McGlashan via Dng wrote:
> 
>>  "virsh shutdown vmname"
>>
>>  The immediate response was that it would shutdown the vm
>>
>>  However, doing "virsh list --all" still showed the vm as "Running" no
>> matter how long I waited.
>>
>> It turns out the the vm needed to have the acpid package installed so that
>> the vm could get the shutdown signal.
> 
> Indeed - this is a known requirement for VMs (certainly under KVM, I don't 
> know about Xen etc, but I would assume it also applies there).

I think that systemd takes care of it, with or without acpid, but I'm not sure 
about that.

If this is a consequence of choosing non-systemd, then perhaps it should be 
mitigated by the sans systemd system installing acpid.

> Whether you consider it a shortcoming of Debian (and therefore Devuan) that 
> acpid and acpid-support-base are not installed by default is up to you.

Debian, no need for acpid for vm but only if systemd is installed, is that 
correct?

> My solution is that I've added these packages to the script I run immediately 
> after creating a VM, to make sure it works the way I want it to.

Yeah, it was a pain point until I worked it out.

Cheers
A.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] kvm -- virsh failed shutdown -- reason was missing acpid on vm [resolved]

[Andrew McGlashan via Dng]

Hi,

I set up a new kvm machine with beowulf 3.1 and created a simple vm that I plan 
to use for Wireguard.

The problem I had was with doing:

 "virsh shutdown vmname"

 The immediate response was that it would shutdown the vm

 However, doing "virsh list --all" still showed the vm as "Running" no 
matter how long I waited.

It turns out the the vm needed to have the acpid package installed so that the 
vm could get the shutdown signal.

Kind Regards
AndrewM

-- 
Andrew McGlashan

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Upgrade problem [ ascii -> beowulf ] failed to boot, left at initramfs shell -- with fix and query

[Andrew McGlashan via Dng]

On 8/7/20 10:07 pm, Hendrik Boom wrote:
> On Wed, Jul 08, 2020 at 06:14:51PM +1000, Andrew McGlashan via Dng wrote:
>>
>>
>> On 8/7/20 7:31 am, Alexander Bochmann wrote:
>>> Hi,
>>>
>>> ...on Tue, Jul 07, 2020 at 02:00:38AM +1000, Andrew McGlashan via Dng wrote:
>>>
>>>  > After the dist-upgrade, it failed to boot and remained at the 
>>> ministrants shell environment after having complained about not being able 
>>> to find the /usr file system via it's UUID.
>>>
>>> I have a system mostly like this (minus mdraid) with split root and /usr 
>>> on lvm each, and didn't run into your problem.
>>>
>>> My fstab uses /dev/mapper device names instead of UUIDs, but I don't see 
>>> why that should make a difference, seeing as it isn't used in the initramfs.
>>
>> Apparently with initramfs-tools it will try to mount /usr if it is in 
>> /etc/fstab ... not being able to mount /usr stopped normally boot from 
>> progressing further.
>>
>> Using the /dev/mapper device name would likely have been just as good, but 
>> I'm not sure as I didn't try that; I adjusted the 
>> /usr/share/initramfs-tools/scripts/local-top/lvm2 file
>> to specifically activate the lv so it could be found to be mounted as it 
>> should have been.
>>
>>> (On the other hand, I usually use UUIDs too, so there might be a reason it 
>>> looks that way, and I just don't remember about it right now...)
>>
>> Yes, that makes sense.
>>
>> I would think that you fixed the problem by using the /dev/mapper 
>> entry and I fixed it in the lvm2 script.
> 
> 
> I quite agree.  There's a bug that needs fixing for Devuan, but not 
> Debian.
> I may delay upgrading until it's fixed.

Not sure it will get fixed... :(
 - it seems that the problem is a bit of an edge case and won't effect anybody 
whom doesn't split /usr from root.
 - if they have split them and they don't "merge" them,
 - then the problem /may/ only arise if UUIDs are used for mount reference 
in /etc/fstab.

I don't really like my fix, but I'll probably merge /usr into root myself next 
time I'm onsite where that machine lives to avoid future issues.

> My /boot is on an old-style RAID by itself, so either copy can be used
> directly.
> 
> My /usr, by the way, is on lvm2 on RAID.
>   Do I need both adjustments?

I would think that the /dev/mapper/VG-LV in /etc/fstab would probably be fine.

Otherwise, expand the root file system LV (hopefully you have space), boot from 
a LIVE USB and move /usr back to root as well as remove the /usr entry in your 
/etc/fstab file.

Once /usr is back inside the root filesystem, then there is no need to keep the 
/usr lv.

Cheers
A.



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Upgrade problem [ ascii -> beowulf ] failed to boot, left at initramfs shell -- with fix and query

[Andrew McGlashan via Dng]

On 8/7/20 7:31 am, Alexander Bochmann wrote:
> Hi,
> 
> ...on Tue, Jul 07, 2020 at 02:00:38AM +1000, Andrew McGlashan via Dng wrote:
> 
>  > After the dist-upgrade, it failed to boot and remained at the ministrants 
> shell environment after having complained about not being able to find the 
> /usr file system via it's UUID.
> 
> I have a system mostly like this (minus mdraid) with split root and /usr 
> on lvm each, and didn't run into your problem.
> 
> My fstab uses /dev/mapper device names instead of UUIDs, but I don't see 
> why that should make a difference, seeing as it isn't used in the initramfs.

Apparently with initramfs-tools it will try to mount /usr if it is in 
/etc/fstab ... not being able to mount /usr stopped normally boot from 
progressing further.

Using the /dev/mapper device name would likely have been just as good, but I'm 
not sure as I didn't try that; I adjusted the 
/usr/share/initramfs-tools/scripts/local-top/lvm2 file
to specifically activate the lv so it could be found to be mounted as it should 
have been.

> (On the other hand, I usually use UUIDs too, so there might be a reason it 
> looks that way, and I just don't remember about it right now...)

Yes, that makes sense.

I would think that you fixed the problem by using the /dev/mapper entry and I 
fixed it in the lvm2 script.  Either way, I think there is a bug that needs to 
be fixed with
initramfs-tools so that neither adjustment should be necessary.

Cheers
A.



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Upgrade problem [ ascii -> beowulf ] failed to boot, left at initramfs shell -- with fix and query

[Andrew McGlashan via Dng]

On 7/7/20 8:58 am, Hendrik Boom wrote:
> Doesn't systemd require a merged /usr partition?  It sounds as if a 
> systemd-ism has crept into our boot process.
> 
> Fortunately I haven't upgraded my server to beowulf yet.

Probably I know that Debian wants merged /usr, wasn't sure it was 
specifically due to systemd, but I think you are right.

I've upgraded 6 machines now from Ascii to Beowulf and it turns out the only 
one that I've done with this particular problem is the only one that had /usr 
as it's own file system
and not part of the root file system.

A.




signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Upgrade problem [ ascii -> beowulf ] failed to boot, left at initramfs shell -- with fix and query

[Andrew McGlashan via Dng]

Hi,

I had another "simple" server upgrade from Devuan Ascii to Devuan Beowulf, 
these are the details and my work around for the problem.


There was nothing particularly special about this server, it doesn't use 
encrypted file systems; it started out life as a Debian Wheezy installation, 
migrated to Devuan Jessie and
later to Devuan Ascii and now Beowulf.


The server has /boot on it's own RAID1 partition with another RAID1 volume for 
the rest of the disk being an LVM2 volume group having a number of logical 
volumes for root, swap,
/usr/, /var/, /home/ and more.


After the dist-upgrade, it failed to boot and remained at the ministrants shell 
environment after having complained about not being able to find the /usr file 
system via it's UUID.

It had another error as well which was fixed by allocating 25% to RUNSIZE 
variable (up from 10%) in /etc/initramfs-tools/initramfs.conf

- it was unable to find "rm" when running the boot up scripts before 
dumping itself to the initramfs shell.


Once at the initramfs prompt after fixing the first problem, I was able to do 
the following:

(initramfs) lvm

lvm> vgchange -ay

lvm> exit

(initramfs) exit


And then the server would continue to boot properly.


_The second fix, which I consider to be "clunky", was to adjust the 
/usr/share/initramfs-tools/scripts/local-top/lvm2 file, adding in a line near 
the bottom as highlighted_

activate "$ROOT"
*activate "/dev/mapper/vg0-usr"*
activate "$resume"


Then I rebuilt the initramfs in the usual way.

update-initramfs -u -k all


The original lvm2 script specifically only activated the root file system 
(/dev/mapper/vg0-root), even though /usr (/dev/mapper/vg0-usr) was in the exact 
same volume group as a
separate file system, thus stopping boot from succeeding as expected.

Other volumes come online in due course okay.


All was good with subsequent reboots.


Now, cludge or clunky, this was required because the /usr file system was [and 
continues to be] separate to the root file system and the initramfs only cared 
to enable the root
file system, leaving all other logical volumes as being "NOT AVAILABLE", 
including /usr which was definitely required!


Have I fixed this appropriately, or should I some how fix it another way?


Kind Regards
AndrewM




signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Upgrade problem [ ascii -> beowulf ] chrooted bind9 server -- /usr/share/dns/root.hints issue -- with fix

[Andrew McGlashan via Dng]

Hi,

Okay, not fully fixed after reboot... apparmor gave problems as previously 
discussed on the list.

Also needed to adjust:

   /etc/apparmor.d/local/usr.sbin.named


Added a line:

   /var/lib/named/** rw,


Then restarted apparmor service:

   service apparmor reload


And then bind would start properly, immediately and again after another reboot.


Should it be all good now?


Thanks
A.


On 6/7/20 12:04 am, Andrew McGlashan via Dng wrote:
> Hi,
> 
> I just upgraded fron Devuan ascii to beowulf with the server running bind9 in 
> a chroot environment and bind would not start.
> 
> 
> _This was the relevant error in /var/log/daemon.log_
> 
> Jul  5 23:36:43 bind9-server-name named[6476]: *could not configure root 
> hints from '/usr/share/dns/root.hints': file not found*
> Jul  5 23:36:43 bind9-server-name named[6476]: *loading configuration: 
> file not found*
> Jul  5 23:36:43 bind9-server-name named[6476]: *exiting (due to fatal 
> error)*
> 
> 
> _Fixed as follows:_
> 
> # mkdir -p /var/lib/named/usr/share/dns
> # cp -pv /usr/share/dns/* /var/lib/named/usr/share/dns/
> 
> 
> _NB: No upgrade changes were made to any config file including the 
> /etc/default/bind9 file below._
> 
> # cat /etc/default/bind9
> 
> # Set RESOLVCONF=no to not run resolvconf
> RESOLVCONF=yes
> 
> # startup options for the server
> #OPTIONS="-u bind"
> 
> 
> # Added -t ... for running of bind9 in a chroot environment
> #OPTIONS="-u bind -t /var/lib/named"
> # Added -4 to foce IPV4 lookups only
> OPTIONS="-u bind -4 -t /var/lib/named"
> 
> ### NB: This symbolic link is needed for the chroot environment too
> #    (without needing to change /etc/init.d/bind9 file)
> #
> # cd /run/named
> # ln -s /var/lib/named/run/named/named.pid .
> 
> 
> Kind Regards
> AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Upgrade problem [ ascii -> beowulf ] chrooted bind9 server -- /usr/share/dns/root.hints issue -- with fix

[Andrew McGlashan via Dng]

Hi,

I just upgraded fron Devuan ascii to beowulf with the server running bind9 in a 
chroot environment and bind would not start.


_This was the relevant error in /var/log/daemon.log_

Jul  5 23:36:43 bind9-server-name named[6476]: *could not configure root 
hints from '/usr/share/dns/root.hints': file not found*
Jul  5 23:36:43 bind9-server-name named[6476]: *loading configuration: file 
not found*
Jul  5 23:36:43 bind9-server-name named[6476]: *exiting (due to fatal 
error)*


_Fixed as follows:_

# mkdir -p /var/lib/named/usr/share/dns
# cp -pv /usr/share/dns/* /var/lib/named/usr/share/dns/


_NB: No upgrade changes were made to any config file including the 
/etc/default/bind9 file below._

# cat /etc/default/bind9

# Set RESOLVCONF=no to not run resolvconf
RESOLVCONF=yes

# startup options for the server
#OPTIONS="-u bind"


# Added -t ... for running of bind9 in a chroot environment
#OPTIONS="-u bind -t /var/lib/named"
# Added -4 to foce IPV4 lookups only
OPTIONS="-u bind -4 -t /var/lib/named"

### NB: This symbolic link is needed for the chroot environment too
#    (without needing to change /etc/init.d/bind9 file)
#
# cd /run/named
# ln -s /var/lib/named/run/named/named.pid .


Kind Regards
AndrewM




signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Ascii to Beowulf upgrade - 32% slowdown !

[Andrew McGlashan via Dng]

Hi,

On 12/6/20 8:49 pm, Riccardo Mottola via Dng wrote:
> Hi all!
> 
> I just upgraded from ascii to beowulf a pretty decent laptop, equipped
> with a core i7 and 8GB of RAM.
> 
> I upgraded everything in place: so same desktop environment, same
> applications, same hard disk... just "apt-get dist-upgrade" essentially.
> 
> I even kept gcc6 because I had it before and I need it.
> 
> My test case is compiling ArcticFox, thus something in the realm of
> Firefox: lots of compiler activity, make, disk access, make and python.
> But, of course, predominant factor is compilation and linking.
> 
> With ascii, I was consistently (= not just one build) doing a clean
> build in about 31 minutes! Quite fast for this small beast and I was happy.
> 
> With beowulf, this number is consistently about 41 minutes.
> 
> I say this is a very significant slowdown! Can I gain some speed back?
> Some setting? some spectre/meltdown mitigation? Having latest ascii, I
> think I had at least some of the backports.
> 
> 
> I am wary thus updating to beowulf on slower machines.

Just an idea, but it might be spectre/meltdown mitigations?


A.



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Out of data ca-certificates causing problems with wget and curl now...

[Andrew McGlashan via Dng]

Hi,

On 2/6/20 1:32 am, Ian Zimmerman wrote:
>> $ wget -v4U "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 
>> Firefox/60.0" https://www.idrix.fr/VeraCrypt/canary.txt--2020-06-01 
>> 09:15:48--
>> https://www.idrix.fr/VeraCrypt/canary.txt
>> Connecting to 127.0.0.1:8118... connected.
>> ERROR: The certificate of ‘www.idrix.fr’ is not trusted.
>> ERROR: The certificate of ‘www.idrix.fr’ has expired.
> 
> Most likely, this is the following problem.
> 
> https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration
> 
> Apply the workaround described there, via
> 
> dpkg-reconfigure ca-certificates

Okay, I did it via the cli only as per the steps 1 and 2 down the bottom of 
that post; then tried dpkg-reconfigure and found that due to the attempted 
install of the newer version,
I needed to do more work to fix things ... but it's all good now.

And it worked perfectly on a different box that hadn't had the errant install 
of the newer downloaded package.

Thank you very much.

Kind Regards
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Out of data ca-certificates causing problems with wget and curl now...

[Andrew McGlashan via Dng]

Hi,

On 1/6/20 6:37 pm, d...@d404.nl wrote:
> On 01-06-2020 01:31, Andrew McGlashan via Dng wrote:
>> ca-certificates
>>
>> /usr/bin/aptitude show -t stretch-backports ca-certificates:
>> E: Unable to locate package ca-certificates:
>>
>> https://packages.debian.org/search?suite=stretch-backports=ca-certificates
>>
>> Is there any chance of getting a backport of the package in buster without 
>> migrating to beowulf now?
>>
>> Thanks
> 
> It is downloadable, does most likely not have executable code. Just download 
> it and install it with dkpg.

I wondered about doing that but no good.

  - The version of openssl is too old (dependent) and the backports for it is 
as well; I think it could get messy.


# dpkg -i ca-certificates_20190110_all.deb
(Reading database ... 75115 files and directories currently installed.)
Preparing to unpack ca-certificates_20190110_all.deb ...
Unpacking ca-certificates (20190110) over (20161130+nmu1+deb9u1) ...
dpkg: dependency problems prevent configuration of ca-certificates:
 ca-certificates depends on openssl (>= 1.1.1); however:
  Version of openssl on system is 1.1.0l-1~deb9u1.

dpkg: error processing package ca-certificates (--install):
 dependency problems - leaving unconfigured
Processing triggers for man-db (2.7.6.1-2) ...
cat: /etc/debian_version: No such file or directory
cat: /etc/debian_version: No such file or directory
cat: /etc/debian_version: No such file or directory
Errors were encountered while processing:
 ca-certificates


# cat /etc/apt/sources.list
deb http://au.deb.devuan.org/merged ascii   main non-free contrib
deb http://au.deb.devuan.org/merged ascii-updates   main non-free contrib
deb http://au.deb.devuan.org/merged ascii-security  main non-free contrib
deb http://au.deb.devuan.org/merged ascii-backports main non-free contrib

deb-src http://au.deb.devuan.org/merged ascii   main non-free contrib
deb-src http://au.deb.devuan.org/merged ascii-updates   main non-free contrib
deb-src http://au.deb.devuan.org/merged ascii-security  main non-free contrib
deb-src http://au.deb.devuan.org/merged ascii-backports main non-free contrib


# aptitude show -t ascii-backports openssl
Mon  1 Jun 19:10:49 AEST 2020 -- show -t ascii-backports openssl
Package: openssl
Version: 1.1.0l-1~deb9u1
State: installed
Automatically installed: yes
Multi-Arch: foreign
Priority: optional
Section: utils
Maintainer: Debian OpenSSL Team 
Architecture: amd64
Uncompressed Size: 1,347 k
Depends: libc6 (>= 2.15), libssl1.1 (>= 1.1.0)
Suggests: ca-certificates
Description: Secure Sockets Layer toolkit - cryptographic utility

Homepage: https://www.openssl.org/
Tags: implemented-in::c, interface::commandline, protocol::ssl, role::program, 
scope::utility, security::cryptography, security::integrity, use::checking


Kind Regards
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Out of data ca-certificates causing problems with wget and curl now...

[Andrew McGlashan via Dng]

OUT OF DATE -- not data

On 1/6/20 9:31 am, Andrew McGlashan via Dng wrote:
> ca-certificates
> 
> /usr/bin/aptitude show -t stretch-backports ca-certificates:
> E: Unable to locate package ca-certificates:
> 
> https://packages.debian.org/search?suite=stretch-backports=ca-certificates
> 
> 
> Is there any chance of getting a backport of the package in buster without 
> migrating to beowulf now?
$ wget -v4U "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" 
https://www.idrix.fr/VeraCrypt/canary.txt--2020-06-01 09:15:48--
https://www.idrix.fr/VeraCrypt/canary.txt
Connecting to 127.0.0.1:8118... connected.
ERROR: The certificate of ‘www.idrix.fr’ is not trusted.
ERROR: The certificate of ‘www.idrix.fr’ has expired.

The cert is fine in the browser, where the browser is not relying upon 
ca-certificates.

Kind Regards
A.



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Out of data ca-certificates causing problems with wget and curl now...

[Andrew McGlashan via Dng]

Hi,

ca-certificates

/usr/bin/aptitude show -t stretch-backports ca-certificates:
E: Unable to locate package ca-certificates:



https://packages.debian.org/search?suite=stretch-backports=ca-certificates


Is there any chance of getting a backport of the package in buster without 
migrating to beowulf now?

Thanks

-- 
Andrew McGlashan
IT Support & Broadband Solutions




signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] The real reason I like Linux

[Andrew McGlashan via Dng]

Hi,

On 16/3/20 5:51 am, Andrew McGlashan via Dng wrote:
> On 13/3/20 1:59 pm, Steve Litt wrote:
>> It's called POSIX. With POSIX, I always have shellscripts, AWK and sort
>> ready to do my work for me. With POSIX, I can pipe a stdout into the
>> next stdin. With POSIX, I can plug in anything conforming to POSIX,
>> such as dmenu, a genius of a program that makes many hard user
>> interface situations simple.
> 
> POSIX is everywhere (including in Gates and Jobs machines), it's not the 
> domain of only *nix like operating systems at all.
> 
> Most things I can do in Linux, I can also do in Winblows .. but I choose to 
> avoid Winblows for other reasons.
> 
> GNU tools are very important, I've ran GNUWin32 tools on Winblows forever.

Actually, we've got more to fear with hardware [and the lower level firmware / 
EFI / SecureBoot / IME / vPro and other crap] these days whether we avoid 
Winblows or not.

The Intel and AMD flaws, Intel Management Engine (IME), vPro capabilities and 
all of that crap; how can we trust our computers?  Those run below the OS level 
and can see everything
that the OS does and it isn't vice/versa.

There are some outfits that go out of their way to give you back freedoms that 
you should not have lost; including System76 for one, disabling IME as much as 
is possible and using
Coreboot.  There have been other projects in the past, but some with very, very 
old pre Intel Core hardware.  Almost every computer sold since the early Intel 
Core Duo CPUs have
had serious flaws and components/systems that significantly lessen your 
freedoms and invades your privacy at the same time -- if they don't do that, 
they sure can if they want to.

Even if you bought almost any new computer these days and ran an OS of your own 
making; it will still include all the Intel Management and/or other crap.

The latest round of flaws from Intel make it so that only the very latest 
processors are immune to serious problems relating to the lack of security of 
IME system keys; meaning
that bad code could get on to the machines whilst masquerading as valid, secure 
and signed "Intel" code (whether you trust Intel or not).  Even having fixed 
this particular flaw,
assuming they have, then you've still got to trust Intel.

Cheers
A.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] The real reason I like Linux

[Andrew McGlashan via Dng]

Hi,

On 13/3/20 1:59 pm, Steve Litt wrote:
> It's called POSIX. With POSIX, I always have shellscripts, AWK and sort
> ready to do my work for me. With POSIX, I can pipe a stdout into the
> next stdin. With POSIX, I can plug in anything conforming to POSIX,
> such as dmenu, a genius of a program that makes many hard user
> interface situations simple.

POSIX is everywhere (including in Gates and Jobs machines), it's not the domain 
of only *nix like operating systems at all.

Most things I can do in Linux, I can also do in Winblows .. but I choose to 
avoid Winblows for other reasons.

GNU tools are very important, I've ran GNUWin32 tools on Winblows forever.

Cheers
A.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Terrible reporting / puff piece about systemd

[Andrew McGlashan via Dng]

Horrid article that could have been written by pro-systemd Debian devs
themselves.

https://fossforce.com/2020/02/the-verdict-on-systemd-is-in/

Throw your 2pence in, I have; not that I expect my post to actually
remain or remain without a counter attack :(

A.



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] buster to beowulf

[Andrew McGlashan via Dng]

Hi,

On 3/2/20 9:28 pm, Andrew McGlashan via Dng wrote:
> On 17/1/20 6:37 pm, Mark Hindley wrote:
>> On Thu, Jan 16, 2020 at 06:45:44PM -0500, Hendrik Boom wrote:
>> Yes, I have been working on this.
>>
>> Attached is the script I have been testing. It single steps through.
> 
> I've attached a patch file.

Adjusted patch file changed tab to 4 spaces and fixed typo.
 (orig file didn't use tabs)

Cheers
A.
*** buster_migration.sh.orig	2020-02-03 20:56:10.696650864 +1100
--- buster_migration.sh	2020-02-03 21:43:56.804316985 +1100
***
*** 1,10 
! #!/usr/bin/env bash
  
  # Single step: https://stackoverflow.com/questions/9080431/how-execute-bash-script-line-by-line#9080645
  set -x
  trap read debug
  
! update-alternatives --set editor $(which vim.tiny)
  
  # Migrate from Debian buster to Devuan beowulf
  
--- 1,10 
! #!/bin/bash
  
  # Single step: https://stackoverflow.com/questions/9080431/how-execute-bash-script-line-by-line#9080645
  set -x
  trap read debug
  
! update-alternatives --set editor "$(which vim.tiny)"
  
  # Migrate from Debian buster to Devuan beowulf
  
*** if  [ -d /run/systemd/system ]; then
*** 13,26 
  # Must be Buster
  
  # Install devuan-keyring
! wget http://titan:/pkgmaster.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2017.10.03_all.deb
  dpkg -i devuan-keyring_2017.10.03_all.deb
  
  # Change APT sources
! cat > /etc/apt/sources.list <http://pkgmaster.devuan.org/merged beowulf main 
! deb http://pkgmaster.devuan.org/merged beowulf-security main 
! EOF
  
  apt update
  
--- 13,28 
  # Must be Buster
  
  # Install devuan-keyring
! wget https://pkgmaster.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2017.10.03_all.deb
  dpkg -i devuan-keyring_2017.10.03_all.deb
  
+ mv -v /etc/apt/sources.list /etc/apt/sources.list.debian_buster
+ 
  # Change APT sources
! cat > /etc/apt/sources.list <<-EOF
! deb http://pkgmaster.devuan.org/merged beowulf main 
! deb http://pkgmaster.devuan.org/merged beowulf-security main 
! EOF
  
  apt update
  
*** EOF
*** 35,41 
  # Depends: libc6 (>= 2.28), libpam0g (>= 0.99.7.1), systemd (= 241-7~deb10u1), libpam-runtime (>= 1.0.1-6), dbus, systemd-sysv
  # 4) Remove ', systemd-sysv from the end of the line, leaving the rest of the line intact
  # 5) Save file
! cp /var/lib/dpkg/status /var/lib/dpkg/status.save
  editor /var/lib/dpkg/status
  
  # Install new init and dbus.
--- 37,43 
  # Depends: libc6 (>= 2.28), libpam0g (>= 0.99.7.1), systemd (= 241-7~deb10u1), libpam-runtime (>= 1.0.1-6), dbus, systemd-sysv
  # 4) Remove ', systemd-sysv from the end of the line, leaving the rest of the line intact
  # 5) Save file
! cp -pv /var/lib/dpkg/status /var/lib/dpkg/status.save
  editor /var/lib/dpkg/status
  
  # Install new init and dbus.
*** else
*** 67,73 
  apt autoremove --purge
  
  # Change ens3 to eth0 in /etc/network/interfaces
! sed s/ens3/eth0/ -i /etc/network/interfaces
  
  fi
  
--- 69,75 
  apt autoremove --purge
  
  # Change ens3 to eth0 in /etc/network/interfaces
! sed -i 's/ens3/eth0/' /etc/network/interfaces
  
  fi
  


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] buster to beowulf

[Andrew McGlashan via Dng]

Hi,

On 17/1/20 6:37 pm, Mark Hindley wrote:
> On Thu, Jan 16, 2020 at 06:45:44PM -0500, Hendrik Boom wrote:
> Yes, I have been working on this.
> 
> Attached is the script I have been testing. It single steps through.

I've attached a patch file.

AIUI it is better to specifically path /bin/bash rather than via env,
escpecially when we know for sure where bash is located

 - save [with verbose] orig sources.list (mv -v)
 - save file permissions and timestamps [with verbose] with cp (cp -vp)
 - adjust sed to use more normal "sed -i" form...?
 - indent cat EOF (better readability).

Also fix http:// ref to https:// with a server that is valid.



Not tested not sure if /etc/network/interfaces change is universal
or not.

Perhaps change line 7 for which vim instead of vim.tiny?

Also, if the keyring package (.deb file) is "stable", why not verify
it's checksum?

Passes shellcheck cleanly.

Cheers
A.

-- 
Andrew McGlashan
IT Support & Broadband Solutions


Affinity Vision Australia Pty Ltd

*** buster_migration.sh.orig	2020-02-03 20:56:10.696650864 +1100
--- buster_migration.sh	2020-02-03 21:09:41.708648329 +1100
***
*** 1,10 
! #!/usr/bin/env bash
  
  # Single step: https://stackoverflow.com/questions/9080431/how-execute-bash-script-line-by-line#9080645
  set -x
  trap read debug
  
! update-alternatives --set editor $(which vim.tiny)
  
  # Migrate from Debian buster to Devuan beowulf
  
--- 1,10 
! #!/bin/bash
  
  # Single step: https://stackoverflow.com/questions/9080431/how-execute-bash-script-line-by-line#9080645
  set -x
  trap read debug
  
! update-alternatives --set editor "$(which vim.tiny)"
  
  # Migrate from Debian buster to Devuan beowulf
  
*** if  [ -d /run/systemd/system ]; then
*** 13,26 
  # Must be Buster
  
  # Install devuan-keyring
! wget http://titan:/pkgmaster.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2017.10.03_all.deb
  dpkg -i devuan-keyring_2017.10.03_all.deb
  
  # Change APT sources
! cat > /etc/apt/sources.list <http://pkgmaster.devuan.org/merged beowulf main 
! deb http://pkgmaster.devuan.org/merged beowulf-security main 
! EOF
  
  apt update
  
--- 13,28 
  # Must be Buster
  
  # Install devuan-keyring
! wget https://pkgmaster.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2017.10.03_all.deb
  dpkg -i devuan-keyring_2017.10.03_all.deb
  
+ 	mv -v /etc/apt/sources.list /etc/apt/sources.list.debin_buster
+ 
  # Change APT sources
! cat > /etc/apt/sources.list <<-EOF
! 		deb http://pkgmaster.devuan.org/merged beowulf main 
! 		deb http://pkgmaster.devuan.org/merged beowulf-security main 
! 	EOF
  
  apt update
  
*** EOF
*** 35,41 
  # Depends: libc6 (>= 2.28), libpam0g (>= 0.99.7.1), systemd (= 241-7~deb10u1), libpam-runtime (>= 1.0.1-6), dbus, systemd-sysv
  # 4) Remove ', systemd-sysv from the end of the line, leaving the rest of the line intact
  # 5) Save file
! cp /var/lib/dpkg/status /var/lib/dpkg/status.save
  editor /var/lib/dpkg/status
  
  # Install new init and dbus.
--- 37,43 
  # Depends: libc6 (>= 2.28), libpam0g (>= 0.99.7.1), systemd (= 241-7~deb10u1), libpam-runtime (>= 1.0.1-6), dbus, systemd-sysv
  # 4) Remove ', systemd-sysv from the end of the line, leaving the rest of the line intact
  # 5) Save file
! cp -pv /var/lib/dpkg/status /var/lib/dpkg/status.save
  editor /var/lib/dpkg/status
  
  # Install new init and dbus.
*** else
*** 67,73 
  apt autoremove --purge
  
  # Change ens3 to eth0 in /etc/network/interfaces
! sed s/ens3/eth0/ -i /etc/network/interfaces
  
  fi
  
--- 69,75 
  apt autoremove --purge
  
  # Change ens3 to eth0 in /etc/network/interfaces
! sed -i 's/ens3/eth0/' /etc/network/interfaces
  
  fi
  


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Catching up (was Re: Result of the Debian vote 'General Resolution: Init systems and systemd')

[Andrew McGlashan via Dng]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 1/1/20 6:53 am, fsmithred via Dng wrote:
> On 12/31/19 2:16 PM, Andrew McGlashan via Dng wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>>
>> Hi,
>>
>> On 1/1/20 4:20 am, fsmithred via Dng wrote:
>>> On 12/31/19 12:06 PM, Andrew McGlashan via Dng wrote:
>>>
>>>> So how long before we can expect to get stable release
>>>> of Beowulf? Is there a reasonable timeline available yet?
>>>>
>>>
>>> About the only thing left to do is make the isos, and we're
>>> working on that. Meanwhile, upgrades from ascii seem to be
>>> pretty smooth.
>>
>> Okay, so safe to update /etc/apt/sources.list and then: apt-get
>> update apt-get dist-upgrade ... now?
>>
>> For production systems or any systems?
>>
>> Thanks A.
>
> For production systems, I might do an upgrade on a test system
> first, only because I haven't heard a lot of upgrade reports. Also,
> there might still be some issues on upgrading lvm.

I use lvm, a lot, what are the problems with lvm?

> I've upgraded standard system (no X), a few xfce systems and a
> mate desktop. They've all been uneventful.

Thanks
A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXgusjwAKCRCoFmvLt+/i
+/2nAP45jcuMKqIYELattxmjZuvMInvdAzx5hLKdA3g/yxrkfQD+JJjQrBq9wr9b
uU5+PkU6aGZFV5WqR/pEWu0PmoW534w=
=5XVG
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Catching up (was Re: Result of the Debian vote 'General Resolution: Init systems and systemd')

[Andrew McGlashan via Dng]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 1/1/20 4:20 am, fsmithred via Dng wrote:
> On 12/31/19 12:06 PM, Andrew McGlashan via Dng wrote:
>
>> So how long before we can expect to get stable release of
>> Beowulf? Is there a reasonable timeline available yet?
>>
>
> About the only thing left to do is make the isos, and we're working
> on that. Meanwhile, upgrades from ascii seem to be pretty smooth.

Okay, so safe to update /etc/apt/sources.list and then:
apt-get update
apt-get dist-upgrade
... now?

For production systems or any systems?

Thanks
A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXguelAAKCRCoFmvLt+/i
+0zGAPwKVDkEFIxG4VTq8KrUBR6cT/+Uqr/Rjux3XXR7W80DVgD9Fnf4NCFZui8E
76InJNxn0T62gzLF7bXcTG2BjowdEcU=
=4EIC
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Catching up (was Re: Result of the Debian vote 'General Resolution: Init systems and systemd')

[Andrew McGlashan via Dng]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

   --
essentially same message,
but with line resizing to help with gpg sig
   --

On 31/12/19 12:32 pm, Olaf Meeuwissen via Dng wrote:
> fsmithred via Dng writes:
>> On 12/29/19 10:46 PM, tom wrote:
>>> I know Devuan has been pretty much more or less 'to create a
>>> binary compatible Debian but without systemd', but at what
>>> point would it be determined that the best course of action
>>> may be to leave Debian behind and continue our own way?
>>> Probably won't happen any time soon due to manpower issues but
>>> it's worth thinking about.
>>
>> One way to measure that might be to see if we start falling
>> farther behind debian. Right now, we're still catching up.
>>
>> Jessie was 2 years late. Ascii was 1 year late. Beowulf is 6
>> months late.
>
> You just brightened up my view of Devuan's future :-)
>
> I'd been getting a little disappointed with the fact there's still
> no beowulf but looking at it this way, you're still going strong,
> despite any resources issues.  Keep up the good work!
>
>> Any talk of switching our base is premature.
>
> Hope this helps,

I agree, it is premature, but I, myself have to admit to being a bit
impatient.

I wonder, not very much though, if Fedora supports non system better
than Debian does or will?

I can't wait for Beowulf either, 6 months now... how long before it is
released. We do have Ascii 2.1 from fairly recently, but I'm sure
that there are many things that Beowulf will help to modernize our
distro of choice. My son is complaining about the mail server not
supporting TLS1.3 and that is down to openssl being v1.1.0l and
not v1.1.1

Buster, from which Beowulf will "align" has v1.1.1d-0_deb10u2 -- not
sure it includes TLS1.3 support, but I expect it does. Is there any
chance of a backport or should we just wait until Beowulf is ready?

I think it is pretty clear now that unless there is a serious change
in Debian's direction, the DDs have clearly flown the systemd flag as
their extremely strong preference and little will be possible in
persuading them otherwise, ever. Given that DDs are the only "chosen"
ones to decide on Debian's future, that makes it even more unlikely to
change.

Some here might be aware of Louis Rossmann[1], he is a strong advocate
of right to repair and whilst he regularly profits from Apple design
problems and highlights the problems (sans rose coloured glasses of
iDevotees), he would love for Apple to stop having problems and for
that part of his business to become unnecessary. In some respects I
was sort of hoping that Debian would "fix" their problems and lessen
the need for Devuan as well. As it is today and now very likely, very
much in to the future, we definitely need Devuan to keep going and to
get much stronger over time as we can surely not rely upon Debian too
much unless we choose to move to pro systemd camp and that is not
likely either for most, if not all of us here.

[1]
http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion/ch
annel/UCl2mFZoRqjw_ELax4Yisf6w

NB: That is a v3 .onion address for https://invidio.us (no need for
https with .onion addresses and only available on (or via) the Tor
network. Invidious is a "portal" of sorts to YT videos without the
need to visit YT.


So how long before we can expect to get stable release of Beowulf?
Is there a reasonable timeline available yet?

Thank you for your good work at Devuan, it is very much appreciated.

Kind Regards
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXguAHwAKCRCoFmvLt+/i
+67zAP98qK6YK5KtMHYNGZTXV5oNJOBCt41j/EwR0Qxu5jGz/gEAgEXB7tev/OmK
iguCz07vj9lsCpIGBFSTip5fupcixV8=
=r4Mm
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Catching up (was Re: Result of the Debian vote 'General Resolution: Init systems and systemd')

[Andrew McGlashan via Dng]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 31/12/19 12:32 pm, Olaf Meeuwissen via Dng wrote:
> fsmithred via Dng writes:
>> On 12/29/19 10:46 PM, tom wrote:
>>> I know Devuan has been pretty much more or less 'to create a
>>> binary compatible Debian but without systemd', but at what
>>> point would it be determined that the best course of action may
>>> be to leave Debian behind and continue our own way? Probably
>>> won't happen any time soon due to manpower issues but it's
>>> worth thinking about.
>>
>> One way to measure that might be to see if we start falling
>> farther behind debian. Right now, we're still catching up.
>>
>> Jessie was 2 years late. Ascii was 1 year late. Beowulf is 6
>> months late.
>
> You just brightened up my view of Devuan's future :-)
>
> I'd been getting a little disappointed with the fact there's still
> no beowulf but looking at it this way, you're still going strong,
> despite any resources issues.  Keep up the good work!
>
>> Any talk of switching our base is premature.
>
> Hope this helps,

I agree, it is premature, but I, myself have to admit to being a bit
impatient.

I wonder, not very much though, if Fedora supports non system better
than Debian does or will?

I can't wait for Beowulf either, 6 months now... how long before it is
released.  We do have Ascii 2.1 from fairly recently, but I'm sure
that there are many things that Beowulf will help to modernize our
distro of choice.  My son is complaining about the mail server not
supporting TLS1.3 and that is down to openssl being v1.1.0l and
not v1.1.1

Buster, from which Beowulf will "align" has v1.1.1d-0_deb10u2 -- not
sure it includes TLS1.3 support, but I expect it does.  Is there any
chance of a backport or should we just wait until Beowulf is ready?

I think it is pretty clear now that unless there is a serious change
in Debian's direction, the DDs have clearly flown the systemd flag as
their extremely strong preference and little will be possible in
persuading them otherwise, ever.  Given that DDs are the only "chosen"
ones to decide on Debian's future, that makes it even more unlikely to
change.

Some here might be aware of Louis Rossmann[1], he is a strong advocate
of right to repair and whilst he regularly profits from Apple design
problems and highlights the problems (sans rose coloured glasses of
iDevotees), he would love for Apple to stop having problems and for
that part of his business to become unnecessary.  In some respects I
was sort of hoping that Debian would "fix" their problems and lessen
the need for Devuan as well.  As it is today and now very likely, very
much in to the future, we definitely need Devuan to keep going and to
get much stronger over time as we can surely not rely upon Debian too
much unless we choose to move to pro systemd camp and that is not
likely either for most, if not all of us here.

[1]
http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion/channel/UCl2mFZoRqjw_ELax4Yisf6w

NB: That is a v3 .onion address for https://invidio.us (no need for
https with .onion addresses and only available on (or via) the Tor
network. Invidious is a "portal" of sorts to YT videos without the
need to visit YT.


So how long before we can expect to get stable release of Beowulf?
 Is there a reasonable timeline available yet?

Thank you for your good work at Devuan, it is very much appreciated.

Kind Regards
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXgt+uAAKCRCoFmvLt+/i
+0UBAQDEGvGAmJyf3x0j+j8fXI2KSV7cO5zwxsJEVXHRomczJgD5AdY6gAYCbLoF
st+b401/e6XFFAbq93NSFfnoY20gKyY=
=NHfA
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Result of the Debian vote 'General Resolution: Init systems and systemd'

[Andrew McGlashan via Dng]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 31/12/19 7:46 am, Steve Litt wrote:
> I didn't hear anyone telling people what to do. I heard Tom ask a
> question.

Tom?  I think you meant me ?

Cheers
A
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXgt6ogAKCRCoFmvLt+/i
+zjtAQC5pj90GT4Hrv1ep9Tg5VWGL5nxesJiCJvg8dYJIW8Y8gD/cjBHRmS04ark
OXBCjSJKPkKGlnJsCWjVwKblY+AJNm4=
=bugo
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Result of the Debian vote 'General Resolution: Init systems and systemd'

[Andrew McGlashan via Dng]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 30/12/19 3:10 pm, terryc wrote:
> On Sat, 28 Dec 2019 23:11:16 +1100 Andrew McGlashan via Dng
>  wrote: In my experience, when people who do
> not do the work start telling the people who do do the work, what
> to do, many efforts disintigrate.

Without users, including sysadmins willing to install and support an
OS, it's use will disintegrate.  It may as well then be a distro just
for the DDs and those that don't care about non systemd pollution
and/or vandalism.

A.

-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXgn+TgAKCRCoFmvLt+/i
+8LwAQDWqhzQVkBTLeqXMVjHIKy9EQ6nlr45Q9mGucMi3cwjGQEAl3GHl6TA8MTZ
VrhpIB59ktxBfnyzRXDs6ue46WgSxR4=
=phNs
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Again, again: DMARC is a no-win problem for mailing lists

[Andrew McGlashan via Dng]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 29/12/19 12:01 am, Mark Rousell wrote:
> On 28/12/2019 07:01, Steve Litt wrote:
>> So, if we insist on assisting Yahoo, Gmail, Hotmail, and their
>> ilk, and all their users, by incorporating DMARC
>
> Really, it's surely not a matter of willingly helping them. It's
> more a matter of survival at all in a world where they carry a
> significant proportion (possibly a majority but it's not certain)
> of the world's email and where they re-make the rules to suit
> themselves. Just be glad they still support SMTP at all!

Sadly that is too true.

They screw up greylisting, they screw up SPF and they screw up DMARC.

And to make matters worse, you can easily block IP addresses and IP
blocks of bad email servers unless it comes from the rotten lot as
above (including Apple and Microsoft).  I see plenty of forwarded junk
coming through my server from Apple and it's a real pain point.

I just wish everyone would stop using those rotten service providers
when it comes to email :(

A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXgdZ/AAKCRCoFmvLt+/i
+0ywAPwK9LnPkzeVNaatCEloqyHDEFDAcO08W+mGMhJdFAN1EQD/VuBBBnlmFUxv
HGebU11GuFOusgjdz6YHbhrr2GwK8cU=
=eaLf
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] :-) Don't get into a pissing contest with Rick Moen

[Andrew McGlashan via Dng]

On 25/12/19 5:17 pm, Rick Moen wrote:
> Quoting Andrew McGlashan via Dng (dng@lists.dyne.org):
> 
>> Although I don't expect to win pissing contests (especially with
>> Rick), I tend to decide that the other opinion /may/ be true or not
>> and simply beg to differ when there is clear relevance on both sides
>> of the argument, ending any potential and wasteful continued posts
>> about the matter.
> 
> Besides, we're both such jolly old elfs, who instinctively shy away from
> conflict, that such contention would never arise in the first place.
> 
> Season's Greetings, Andrew!  All the best to you and yours.
> 
> (Relevant to your point, my late Mom had a beautiful way to terminate
> just about any disputatious discussion:  She would say to the other
> party 'Well, you _may_ be right', and then calmly walk away.)

Well said Rick, and your Mom.

Season's Greetings to you and yours and everyone else here too.

A little warm here in AU, but nice, it'll be hotter later in the week.

Cheers
A.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] :-) Don't get into a pissing contest with Rick Moen

[Andrew McGlashan via Dng]

Hi,

On 19/12/19 10:27 pm, Steve Litt wrote:
> My advice, don't get into a pissing contest with Rick Moen: You'll
> lose. I know, I've lost many times. Rick and I are actually good
> friends, but when we disagree, we get in a pissing contest, and I'm
> always the guy ending up dripping wet.
> 
> If he writes sarcastic stuff to you, just let it alone. He won't keep
> pursuing the point. He takes his shot and moves on to other things,
> unless the other guy responds.

I'm sure plenty do that, me included.  If you make a valid point and it
gets argued, then argue until it stops or your argument (or theirs) is
falling on death ears ... or you just give up, then move on.  Although I
don't expect to win pissing contests (especially with Rick), I tend to
decide that the other opinion /may/ be true or not and simply beg to
differ when there is clear relevance on both sides of the argument,
ending any potential and wasteful continued posts about the matter.

Cheers
A.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Fw: looking for a replacement for debian since systemd

[Andrew McGlashan via Dng]

Hi,

On 14/12/19 2:30 pm, Rick Moen wrote:
> Quoting Steve Litt (sl...@troubleshooters.com):
> 
>> According to this message on the Debian-User email message, Debian is
>> working on dumping non-systemd inits.
> 
> I continue to be unimpressed by the debian-user mailing list as a source
> of reliable information.
> 
>>  The Debian vote methods are so
>> arcane I can't tell whether that's true or false, or whether the quoted
>> vote is early or partial information.
> 
> My advice:  Wait for the LWN.net coverage in this coming week's weekly
> issue.  About a week ago, LWN had this initial coverage (subscriber link
> so people here can see, without paying for subscription):
> https://lwn.net/SubscriberLink/806332/71a8e11132c02b54/

Thanks Rick, yes I think that there has been a call for votes, (first
call?) ... but someone may have some insider knowledge.

I'm really disgusted the way that Debian is going.  What happened to the
"universal Linux" 

Cheers
A.



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Formail for managing digests, Epoch

[Andrew McGlashan via Dng]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 27/11/19 7:42 pm, Stephane Ascoet wrote:
> Arnt Karlsen:
>
>> ..you can't (AFAIK), you do it outside your MUA, with e.g.: 'cat
>> $DIGEST |formail +1 -ds procmail '
>
> HI, yes, it was clear that it couldn't be done graphically in
> Thunderbird. The first thing I don't understand is what I must
> have behind $DIGEST? The digest saved as an .eml file?

Yes, well, I think if you have a source file that is .eml then I'm
sure it can be used to split out emails in mbox format, which can then
be converted to individual emails and them you can drag those emails,
as required to your TB folder.

>> On 26/11/19 3:22 pm, Rick Moen wrote:
>>>  and just let the two or three users of that mode curse
>>> me as long as they feel is therapeutic.
>>
>> Love it!  Great way to deal with it.
>
> This is a very m$ way to do :-(

Not really, the problem comes more with relying on big tech to do
things their way, Gmail method of "threading" is horrible too.  I
think that digest as a method of mail group delivery should be dead,
it isn't as useful as it used to be and lived in dial-up days of the
long past.

Why not just filter mailing list emails to a particular folder and
forgo the single emails in favour of many that are easier to work with
and not require any special extra processes to deal with properly?

Besides Maildir is all about multiple emails in separate files, but
mbox is not; mbox is pseudo digest, but still better handled than an
actual digest message.

Cheers
A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXd4+OwAKCRCoFmvLt+/i
+5N9AP9Tp9lL/bN0Sn68FFr3rA4W5/X9ww5cX9gX5OL3w0+EwQEA00aQN+QeFfed
fkLY5Hzfx4o1Luws6eC7GbXAscO+O5Q=
=T2K3
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan cannot exist without the help of Debian

[Andrew McGlashan via Dng]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi Rick,

On 26/11/19 3:22 pm, Rick Moen wrote:
>  and just let the two or three users of that mode curse me
> as long as they feel is therapeutic.

Love it!  Great way to deal with it.


On 26/11/19 8:33 pm, Arnt Karlsen wrote:
> ..anotherway is point them to 'info formail' and make them pick one
> of: EXAMPLES To split up a digest one usually uses: formail +1 -ds
> >>the_mailbox_of_your_choice or formail +1 -ds procmail
>


And for the formail, guess that's best for on the server like .forward
files are.  Not at the TB (thunderbird) client end.  Might need mb2md
as well   although TB can do maildir format for client storage
these days, I wanted that a long time ago, but am not using it and
don't expect to now.

Cheers
A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXd1B4AAKCRCoFmvLt+/i
+xojAP4+4xSZdwEhViz6lQUiUl6G1li4Ecnn/8Erg2OvEQ2O8QEA3GZURj7sGam+
cCbqsybPku8MmuW5K4zVLuCk81VWcJw=
=U7Me
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan cannot exist without the help of Debian

[Andrew McGlashan via Dng]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 24/11/19 1:21 am, Arnt Karlsen wrote:
> ..apologies, I just hit the Reply-button and saw you on the
> Cc:-line, and was led to believe that was your intention.
> Responding to this message, I found I had to hit the
> ReplyAll-button to get you there, probably because you put both me
> and DNG in the To: lines.

Again, no list message.  This time I changed after reply-all to have
you as CC and the list as TO.

>> I have tried ASCII 2.0 -- but it looks like there is a new 2.1
>> version just about to be announced?
>
> ..tried upgrading to 2.1?  AFAIK that should happen automagically
> if you run e.g. aptitude update etc at least weekly.

The NUC has Debian on the internal NVME drives but it doesn't work
properly.

I am running MX 18.3 on an external drive, it works fine.

This new machine has never ran Devuan properly; I do get a cli, but no
desktop GUI (XFCE) ... it just won't start, probably to do with the
graphics included in this box (Vega AMD / Intel special setup).

>> Graphics: Device-1: Intel driver: i915 v: kernel
>
> ..you have this Intel card working ok?

Not tried specifically.

>> Device-2: AMD driver: amdgpu v: kernel

There might be a BIOS setting for this, but I really expect the
"better" AMD setup to work... it's one of the reasons I chose this
particular option over the plain Intel one.

>> Display: server: X.Org 1.19.2 driver: amdgpu,ati,modesetting
>> unloaded: fbdev,radeon,
>
> ..are these drivers fighting each other??? I see amdgpu but no
> radeonsi, do you have 3D accelleration?

I did nothing special here, just tried a simple desktop live ISO of
ASCII 2.0 and now 2.1 -- no different.

The INXI output was created using the fully working MX 18.3 setup, not
Devuan.

> ..ah, Too New Toy: the Radeon RX Vega M GH on the i7-8809G

Yep, that's it.

> https://en.wikipedia.org/wiki/Kaby_Lake#List_of_8th_generation_Kaby_La
ke_G_processors
>
>
https://en.wikipedia.org/wiki/Radeon_RX_Vega_series
> https://ark.intel.com/content/www/us/en/ark/products/130409/intel-core
- -i7-8809g-processor-with-radeon-rx-vega-m-gh-graphics-8m-cache-up-to-4-2
0-ghz.html
>
>
https://www.pcworld.com/article/3267074/intel-hades-canyon-nuc-nuc8i7hvk
- -review.html
> https://cgit.freedesktop.org/xorg/driver/xf86-video-amdgpu/
>
> ..hang in there, or send it my way. ;o)

LOL

> ..this HW below works ok?

Yes, but I do have audio problems, which are temporarily fixed by doing:
   pulseaudio -k

But otherwise it is okay.

There are a combination of things that might be screwing with sound:
  1. Facebook.
  2. Palemoon (older version was worse)
  3. Waterfox Classic (56.3 base of Firefox)
  4. xfreerdp

If I stay away from FB and don't expect any browser to play sound and
don't use xfreerdp, then vlc is happy playing sound without giving
problems for extended periods of time.  If I use any of the above 4
options, particularly FB, then sound can screw-up pretty quickly.

Even tried FB in TBB, that helps a little, TNN is FF ESR 68+ based.
I'm thinking that older Firefox and related browsers is part of the
sound problem; using the latest Firefox and probably the the "modern"
version of Waterfox might be okay too. Never had ANY sound issues
whatsoever with any other device (was mostly using an older Macbook
Pro, it's sound was good with Devuan, as was everything else).

Anyway, the main problem is that Devuan isn't happy on the new toy;
hopefully Beowulf or other updates will fix these problems and I can
stop using MX.

>> Installing with ASCII 2.0 wouldn't boot properly to the XFCE
>> desktop and I wasn't interested in changing kernels
>
> ..you may have to, your box AMD graphics was too new for ASCII 2.0
> as released last year, the driver guys at *.freedesktop.org used to
> need half a year and guinea hardware to write drivers, nowadays, I
> dunno.

Yeah, sadly ASCII 2.1 has the same problems, stuck with MX for now.

>> or doing anything else to make it work out of the box, including
>> trying to work out why XFCE was a problem with Devuan ASCII.
>>
>>
>> Maybe I should try ASCII 2.1 -- but I was expecting Beowulf to be
>> here "any time soon" ... for a lon while now.
>
> ..mmm. :o)

:(

Pity it didn't help... but I did try.  Again, perhaps when Beowulf is
ready, the drivers /might/ be sorted too.

>> The MX installer doesn't support installation installation on
>> RAID1 mdadm devices!  I prefer to use RAID1 for everything, then
>> LUKS on all but the /boot partition with LVM2 -- that sort of
>> setup isn't possible with the MX installer.
>
> ..you've seen http://wiki.tldp.org/LVM-on-RAID or
> http://jasonwryan.com/blog/2012/02/11/lvm/ or
> http://www.iverbi.de/slackware/RAID1_LVM_LUKS_Slackware12_2_Howto.html
> ?

I've done this setup many times, all on servers that never needed any
GUI desktop.  The servers are all fine.  I'll live with MX installer
issues, hoping this is only temporary; I do need a working setup, so
thank goodness for MX to give me that 

Re: [DNG] Devuan cannot exist without the help of Debian

[Andrew McGlashan via Dng]

Hi,

On 23/11/19 4:38 am, Arnt Karlsen wrote:
> On Sat, 23 Nov 2019 03:17:58 +1100, Andrew wrote in message 
> :
> 
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Jo.
>>
>> On 23/11/19 12:26 am, Ismael L. Donis Garcia wrote:
>>> In the worst case we would not be able to rely on MX Linux?  
>>
>> I think not.
>>
>> MX is not exactly against systemd, they use it still, but not as the
>> init system.  And MX is reliant upon Debian anyway so sad that
>> Debian is being destroyed by systemd.  I don't know what the answer
>> is, but it would have been best if the original TC chose against
>> systemd, but that ship has sailed and the damage is well and truly
>> done and it's only getting worse.
>>
>> I prefer Devuan over MX, but at this time I am using MX on a machine
>> as an interim until my machine is properly supported by Devuan (if
>> that ever happens properly).
> 
> ..what's missing?

Okay, first off, I didn't see your email in the list yet, but it is
addressed to the list; so I'll reply with list inclusion...

I have tried ASCII 2.0 -- but it looks like there is a new 2.1 version
just about to be announced?

My machine is a NUC8i7HVK with the following hardware details:



# inxi -F -z --no-host -y 80
System:
  Kernel: 4.19.0-5-amd64 x86_64 bits: 64 Desktop: Xfce 4.12.3
  Distro: MX-18.3_x64 Continuum May 26  2019
Machine:
  Type: Desktop System: Intel product: NUC8i7HVK v: J71485-503
  serial: 
  Mobo: Intel model: NUC8i7HVB v: J68196-503 serial:  UEFI: Intel
  v: HNKBLi70.86A.0058.2019.0705.1646 date: 07/05/2019
CPU:
  Topology: Quad Core model: Intel Core i7-8809G bits: 64 type: MT MCP
  L2 cache: 8192 KiB
  Speed: 800 MHz min/max: 800/4200 MHz Core speeds (MHz): 1: 800 2: 800
3: 800
  4: 801 5: 801 6: 800 7: 800 8: 800
Graphics:
  Device-1: Intel driver: i915 v: kernel
  Device-2: AMD driver: amdgpu v: kernel
  Display: server: X.Org 1.19.2 driver: amdgpu,ati,modesetting
  unloaded: fbdev,radeon,vesa resolution: 3840x2160~60Hz, 2560x1440~60Hz
  OpenGL: renderer: AMD VEGAM (DRM 3.27.0 4.19.0-5-amd64 LLVM 7.0.0)
  v: 4.5 Mesa 18.2.6
Audio:
  Device-1: Intel driver: snd_hda_intel
  Device-2: AMD driver: snd_hda_intel
  Sound Server: ALSA v: k4.19.0-5-amd64
Network:
  Device-1: Intel Ethernet I219-LM driver: e1000e
  IF: eth1 state: up speed: 1000 Mbps duplex: full mac: 
  Device-2: Intel I210 Gigabit Network driver: igb
  IF: eth0 state: down mac: 
Drives:
  Local Storage: total: 1.36 TiB used: 74.17 GiB (5.3%)
  ID-1: /dev/nvme0n1 vendor: Samsung model: SSD 970 EVO Plus 1TB
  size: 931.51 GiB
  ID-2: /dev/nvme1n1 vendor: Samsung model: SSD 970 EVO Plus 1TB
  size: 931.51 GiB
  ID-3: /dev/sda type: USB vendor: Samsung model: Portable SSD T5
  size: 465.76 GiB
Partition:
  ID-1: / size: 118.75 GiB used: 74.09 GiB (62.4%) fs: ext4 dev: /dev/dm-0
  ID-2: /boot size: 487.9 MiB used: 85.7 MiB (17.6%) fs: ext4 dev:
/dev/sda2
Sensors:
  System Temperatures: cpu: 49.0 C mobo: N/A gpu: amdgpu temp: 37 C
  Fan Speeds (RPM): N/A
Info:
  Processes: 254 Uptime: 53m Memory: 31.34 GiB used: 3.59 GiB (11.5%)
  Shell: bash inxi: 3.0.36


Installing with ASCII 2.0 wouldn't boot properly to the XFCE desktop and
I wasn't interested in changing kernels or doing anything else to make
it work out of the box, including trying to work out why XFCE was a
problem with Devuan ASCII.


Maybe I should try ASCII 2.1 -- but I was expecting Beowulf to be here
"any time soon" ... for a lon while now.


The MX installer doesn't support installation installation on RAID1
mdadm devices!  I prefer to use RAID1 for everything, then LUKS on all
but the /boot partition with LVM2 -- that sort of setup isn't possible
with the MX installer.

But XFCE works perfectly out of the box with MX, so I have something to
work with in the meantime.

Kind Regards
AndrewM

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan cannot exist without the help of Debian

[Andrew McGlashan via Dng]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jo.

On 23/11/19 12:26 am, Ismael L. Donis Garcia wrote:
> In the worst case we would not be able to rely on MX Linux?

I think not.

MX is not exactly against systemd, they use it still, but not as the
init system.  And MX is reliant upon Debian anyway so sad that
Debian is being destroyed by systemd.  I don't know what the answer
is, but it would have been best if the original TC chose against
systemd, but that ship has sailed and the damage is well and truly
done and it's only getting worse.

I prefer Devuan over MX, but at this time I am using MX on a machine
as an interim until my machine is properly supported by Devuan (if
that ever happens properly).

Cheers
A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXdgKJwAKCRCoFmvLt+/i
+7BOAQCgJVQmiK1rW+U/6nwP4x1JWg/QtF8SqonJR1tjcQu2PQEA2N/kmJWcCvpF
MBl8KkFW4zDtjTM6E8B5+gKUHofU8qw=
=QO7d
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] I wrote IBM

[Andrew McGlashan via Dng]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi Steve,

First off, I fully support your initiative.

On 9/10/19 5:25 pm, Steve Litt wrote:
> I can't give you proof, but I can give a strong piece of evidence:
> 
> http://asay.blogspot.com/2006/10/interview-with-red-hat-cto-brian.html
> 
I think that is a very long bough you are drawing here; I wanted to
see the proof and be able to use it to advantage in arguing for non
systemd pollution of systems ... but it was quite weak.  We need [and,
I believe, already have much stronger arguments than that interview
gave for sure.

Cheers
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXZ91bAAKCRCoFmvLt+/i
++q2AP4+jOzXyd4BZzTVeIq44v0w+Wv00XJuj0tmPjwQG6yQnAEA3fUZs8+NPoCH
cntVGe3sDBBFYBOZUVzjcLjGLoyRUGY=
=6Lr6
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Patch for /etc/os-release on ascii

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 24/8/19 1:12 pm, Lars Noodén via Dng wrote:
> It might help to have the same level of detail for /etc/os-release
> on both ascii and beowulf.  That would allow a more standardized
> approach to automatically detecting the versions.  Perhaps the same
> should apply to jessie, too.
> 
> /Lars
> 
> diff /etc/os-release /etc/os-release.orig 3,5d2 < VERSION_ID="2" <
> VERSION="2 (ascii)" < VERSION_CODENAME=ascii 
> __

Why?

No changes here:


# cat /etc/os-release
PRETTY_NAME="Devuan GNU/Linux ascii"
NAME="Devuan GNU/Linux"
ID=devuan
ID_LIKE=debian
HOME_URL="https://www.devuan.org/;
SUPPORT_URL="https://devuan.org/os/community;
BUG_REPORT_URL="https://bugs.devuan.org/;


# lsb_release -a
No LSB modules are available.
Distributor ID: Devuan
Description:Devuan GNU/Linux 2.0 (ascii)
Release:2.0
Codename:   ascii


Cheers
A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXWDCUgAKCRCoFmvLt+/i
+9OhAP9jDsJYq8/obQmUSueIzHtyBsTPirlvjT5399eOqKBbqQD+LMVpy9paCDTk
XSZZJLJm5hdi6A6arkpzPB9r00t6zLI=
=WXcT
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Weird problem with every kernel update

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 27/7/19 8:29 pm, Pontus Goffe via Dng wrote:
> On 2019-07-27 03:44, Andrew McGlashan wrote:
>> Okay, it turns out that Devuan Jessie includes two extra modules
>> that needed to be added to the Devuan Ascii
>> /etc/initramfs-tools/modules file.

.

> Thank you very much!

Excellent, glad I could help.

I had quit a few USB modules for various things, including "special"
keyboards that wouldn't work with standard modules.

> Now I can remote reboot my custom kernel again without first
> unplugging the wireless USB mouse/keyboard transmitter. My .config
> already had evdev, but not CONFIG_USB_XHCI_PCI. I never suspected
> the kernel.

I've still got a server that won't reboot fully, and won't WOL either,
if I am physically near the server, it seems to work every time
though... some kind of painful Murphy's law going on.

I was hoping that machine would reboot properly with the extra USB
modules as it is similar (same box model) as the other one that
/needed/ the rescue stick to fix

Cheers
A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXTxiqwAKCRCoFmvLt+/i
+zCHAQDVZyV7zCHZVm6fnIPsLE4bi4GQKGUMiuCIIZ0D0UysiwEAsBcVvW7byr4Q
hZm9oEqu0cbg4CGHIFSSz5s6e0vDVT0=
=8wFE
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Weird problem with every kernel update

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 27/6/19 10:00 am, Gregory Nowak wrote:
> On Wed, Jun 26, 2019 at 01:10:20AM +1000, Andrew McGlashan wrote:
>> On 25/6/19 10:23 am, Gregory Nowak wrote:
>>> On Mon, Jun 24, 2019 at 06:50:48AM +1000, Andrew McGlashan
>>> wrote:
>>>> Hardware NUC6i7KYK.
>>>> 
>>>> Every time I do a kernel upgrade (Devuan ASCII), rebooting
>>>> loses USB devices shortly after grub kicks in.
>>> 
>>> Do you have the necessary module entries for your USB 
>>> controller/hub in /etc/initramfs-tools/modules?
>> 
>> Yes, I'm sure I actually have some extra modules in there just in
>> case that won't hurt to be there and the rescue boot picks up the
>> chroot environment copy of the modules file okay.
> 
> Even though the kernel upgrade scripts generate a new initramfs,
> have you tried generating them by hand with update-initramfs -u -k
> all after the upgrade process? What about creating them from
> scratch with the -c flag instead of -u? I don't see why either of
> those would make a difference, but it wouldn't hurt to check if
> they do for some reason. That's all I can think of for now.

Okay, it turns out that Devuan Jessie includes two extra modules that
needed to be added to the Devuan Ascii /etc/initramfs-tools/modules file.

I'm not sure exactly when those two modules become necessary (to add
to the modules file), but until they were added the only way I could
successfully get a working boot was via the rescue method using the
older Devuan Jessie USB stick which always worked.

This is the modinfo for these two extra modules:

# modinfo evdev
filename:   /lib/modules/4.9.0-9-amd64/kernel/drivers/input/evdev.ko
license:GPL
description:Input driver event char devices
author: Vojtech Pavlik 
alias:  input:b*v*p*e*-e*k*r*a*m*l*s*f*w*
depends:
retpoline:  Y
intree: Y
vermagic:   4.9.0-9-amd64 SMP mod_unload modversions

# modinfo xhci_pci
filename:
/lib/modules/4.9.0-9-amd64/kernel/drivers/usb/host/xhci-pci.ko
license:GPL
description:xHCI PCI Host Controller Driver
alias:  pci:v*d*sv*sd*bc0Csc03i30*
depends:usbcore,xhci-hcd
retpoline:  Y
intree: Y
vermagic:   4.9.0-9-amd64 SMP mod_unload modversions


Kind Regards
AndrewM

-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXTusfQAKCRCoFmvLt+/i
+13lAPwKuYZzYsnZW+/N39rmDKCwQ8GNlKFvzumrUnHDb2zW4gD+N0UUZOHZN1S+
o23RI/5AusrgcfUE0H6/a8s6g3NEYhg=
=X58/
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Weird problem with every kernel update

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 25/6/19 10:23 am, Gregory Nowak wrote:
> On Mon, Jun 24, 2019 at 06:50:48AM +1000, Andrew McGlashan wrote:
>> Hi,
>> 
>> Hardware NUC6i7KYK.
>> 
>> Every time I do a kernel upgrade (Devuan ASCII), rebooting loses
>> USB devices shortly after grub kicks in.
> 
> Do you have the necessary module entries for your USB
> controller/hub in /etc/initramfs-tools/modules?

Yes, I'm sure I actually have some extra modules in there just in case
that won't hurt to be there and the rescue boot picks up the chroot
environment copy of the modules file okay.

Thanks
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXRI5WAAKCRCoFmvLt+/i
+0O6AP9oeitwtxVVsbx6Y6j7BQCtR1juGjm/PBTUJjvXjtUlpwD9F5YnbK87doXr
lsw/BNgACn70Zv2BnAt9jTG8nHnQ/8I=
=cGIb
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Weird problem with every kernel update

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

Hardware NUC6i7KYK.

Every time I do a kernel upgrade (Devuan ASCII), rebooting loses USB
devices shortly after grub kicks in.

I have to boot a USB stick, which (Devuan Jessie Live), start a rescue
session and do all the following steps:

1. auto-detect RAID devices
2. enter a shell
3. unlock lvms LUKS encrypted volume (which has root and swap)
4. vgchange -ay
5. exit shell

Back to the rescue:
6. start root shell choosing root volume from lv (mounting /boot).
7. /bin/bash
8. update-initramfs -u -k all

Then, every single time I perform these steps, the NUC device will
continue to find USB properly until the next kernel update and I've
got to go through these specific steps again, every single time.

If I do the update and perform step 8 above before rebooting, I still
have a problem; I have to go via the USB live ISO to fix it.

There are external USB disks that are a mirror, when these don't come
up in the dropbear environment, then I know I have the problem.

So, attaching a USB keyboard, I can see it turn off (lights out) when
it gets past the grub stage of boot... so that's when I pull out the
USB live ISO from Devuan Jessie.  It has happened for quite a while
now, but I know exactly how to fix it, but not why it is happening.

- -- 
Kind Regards
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXQ/mIgAKCRCoFmvLt+/i
+/gZAP9v6QR3Cmvj331jkkknofxfUh+W6dnSu0BjDMUMnTeXSQEAnMm+GzpVaXnu
+cyesqom1c/hIGUV+tqe8MuqxMeo1HY=
=kOpl
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] issue with mailserver adding mail. to domain for email address....

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 15/5/19 10:43 am, Andrew McGlashan wrote:
> On the bad server I can do the following as root

I removed mailutils from the bad server and installed bsd-mailx and
that fixed the problem.

The /etc/alternatives/mailx were different on the two servers prevously.


The bad server had:

lrwxrwxrwx 1 root root 23 May 14 00:32 /etc/alternatives/mailx ->
/usr/bin/mail.mailutils


And the good server had:

lrwxrwxrwx 1 root root 18 Jan 12 20:09 /etc/alternatives/mailx ->
/usr/bin/bsd-mailx



Now the bad server has been made good and it has the same alternative
setting for mailx.


The problem manifested after doing an upgrade from Devuan Jessie to Asci
i.


Kind Regards
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXNtkRAAKCRCoFmvLt+/i
+7XsAP9w5TWh9SHED3HbejRtSMHVDQiFc1ZI9tvJklHgxtD23gD+MkyQ7YUKfkpN
5OM3WQLHfRubuYIUCHHBpaGLZvOuOlM=
=LCgD
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] issue with mailserver adding mail. to domain for email address....

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

I've got a weird problem, two servers are essentially setup
identically, but one is giving me grief.

I've got entries like the following on both servers in
/etc/email-addresses

user1: user1--u...@example.com.au
root: root--u...@example.com.au

Both servers are runing the same ascii version, with the same exim4
packages.

On the bad server I can do the following as root

su - -s /bin/bash user1
$ echo test|mailx -s 'test' f...@example.net

The receiving email has this sender:
  us...@mail.example.com.au

On the good server when I do the same thing, the sender shows as:
   user1--u...@example.com.au


What could be wrong?

Everything in the /etc/exim4/ directories seems to be correct when
diffing the directory trees

Both servers serve a number of domain names.

Why is the bad server adding in "mail." and ignoring the entries in
/etc/email-addresses ?

- --
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXNtgmgAKCRCoFmvLt+/i
+8aUAP947ldDjwcbq9ckT9riEGAq5nUWQeygShEn74+aIzf7kQEAgovpVL0tRgB7
TwzUx30ZM2NyAp4USenNdvybndbBPt0=
=nNT3
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] GPG signing of emails

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

For those that choose to sign their emails, please do so using "inline
PGP", this way the message parts that are signed will get properly
covered and can easily be checked for validity.

I use Thunderbird with Enigmail, and I don't automatically "decrypt"
messages, but when I click on "decrypt", then those /partially/ signed
messages don't validate well.

Kind Regards
AndrewM

-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXL1d0QAKCRCoFmvLt+/i
+wLHAP4gr3BRjR8UlhdASqovoHoqQWqp1SZAWzTTjlNXFFtkNAD/QXWifNbHZGfb
8IZyB0tZ3EFgWxvcJTCwj3rPDV0h+Sw=
=g2PL
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Way forward

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 15/4/19 5:07 am, info at smallinnovations dot nl wrote:
> On 14-04-19 21:03, Jim Jackson wrote:
>> 
>> I find this somewhat amusing. Have you ever followed the linux
>> kernel email list, and watched the falling out and aggression
>> there has been on there in the past? Linus's (and others)
>> language!! Better not take linux seriously any longer :-)
>> 
>> I'm happy to wait and see if the future is uncertain for Devuan -
>> instead of guessing.
>> 
>> cheers Jim
>> 
> You really think that the numbers working on the linux kernel are 
> somehow comparable to the numbers working on Devuan?

Yes, but back to Debian?

You did mention that an email suggesting and proposing the repair of
relationships was childish?  I think it is more childish to use that
as a means to exit and it doesn't help.  Are there other reasons?  Do
you really think that Devuan is not on track to recover from this?

That email to which you reacted so strongly to was clearly a heartfelt
plea  to repair the damage that has been done, especially when some of
that damage was not a lot more than differing opinions of the facts
and how things manifested from those mis-understandings and/or
disagreements and perhaps some over reaction; it was all about repair,
regret and mending bridges, however they may or may not have been
damaged.  That seems quite adult to me.

If I was to lose faith in Devuan, which I'm now invested in, then I
would consider the following, especially ahead of Debian (unless I
wished to return with systemd).

  https://mxlinux.org/

There are other alternatives, but right now, I am more than happy to
stick with Devuan, so long as it doesn't become RHEL in disguise.

Kind Regards
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXL1cpAAKCRCoFmvLt+/i
+wOyAP9z/dxDkpdkHH/uAiTKE3wQ3abp7gEcronj256lWAPJcgEA308JuIY+VZwg
MRKEl8D85WkwMUk3hDCAlxp56ANslc8=
=ky8j
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] What you saw on devuan.org yesterday was an April's fools joke

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 6/4/19 12:41 am, chillfan--- via Dng wrote:
> I'm not sure then if the bus-factor does apply, but I'm sure none
> of the core developers are the type to cross the road without
> looking ;-)

Sure, but the "bus factor" is not just relating to getting hit by a
bus; it is the effect of losing someone by any means (health,
accident, murder or otherwise).  It's about having a plan to ensure
that a lost person doesn't have other serious follow on problems ...
such as "nobody knows the encryption pass phrase or key to unlock
critical data (however it is stored), or nobody knows how the system
works so they can step in and keep things going.


https://en.wikipedia.org/wiki/Bus_factor

Cheers
A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXKeSVQAKCRCoFmvLt+/i
+4TfAPoC2Ik23+usr+kBX8D10QIwZh3Z6u3lKt3PYiNdU8yvMwD/Vz1jVcWLx0Aw
3YxY7Avyo9O+cL6yFTVV46EhVOMp5Uk=
=jJfN
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] What you saw on devuan.org yesterday was an April's fools joke

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 5/4/19 11:28 pm, info at smallinnovations dot nl wrote:
> On 05-04-19 11:16, Simon Hobson wrote:
>> chillfan wrote:
>> 
>>> Katolaz is working very hard to ensure we have releases, but I
>>> didn't realise he was doing all this even.
>> I didn't either. So another +1 for Katolaz and all the work he's
>> doing. And everyone else of course, but I think it's a bit unfair
>> for people to be calling for heads on spikes (or one head on a
>> spike) over a fairly good joke.
>> 
>> I can understand why some people get a bit upset, but really
>> guys, lighten up. If there's no room for a bit of fun now and
>> again then life gets a bit dull - like the corporate world of
>> grey suites and endlist lists of things you aren't allowed to say
>> or do.
> 
> I know Katolaz is working very hard and i appreciate it very much.
> But i am working in ICT and in construction and the two areas where
> you do not joke about are security and safety. Since he already
> apologized i will not discuss it further or in Dutch: zand erover.

There is a different, but also VERY IMPORTANT consideration here.

What if Katolaz gets hit by a bus?

Whilst I do appreciate the work he does, it really is a potential
nightmare should he become unavailable for the works he is currently
doing.  What about backup wetware and other team members, is enough
known to move forward if we, for whatever reason, are unfortunate
enough to lose him?

Kind Regards
AnsdrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXKdV1AAKCRCoFmvLt+/i
+7CTAQCWjlH91JovNj2WNPVwWfRPmDAi4vkyH55dluwoDkbOOAD/baCsnM5tnv/P
CO2WKE84dqqQ47p6a205TLeUHkRnCrw=
=6xWS
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Fwd: April's fools mess

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 2/4/19 11:33 pm, Rowland Penny via Dng wrote:
> On Tue, 2 Apr 2019 14:28:52 +0200 Arnt Karlsen 
> wrote:
> 
>> On Tue, 2 Apr 2019 14:29:46 +0300, Dimitris wrote in message 
>> :
>> 
>>> - TZ difference is bad. we should all go GMT or something
>>> unique, and know when april fools starts/ends.
>> 
>> ..disagreed, good pranks can use the extra bonus time. ;o)
>> 
> 
> Yes, but your 1st of April may be my 31st March.

Many April Fools are done /around/ the time of 1st April  some get
in early on purpose, irregardless of time zones.

Still, moving on; we've been promised that this won't happen again.

Thank you.

Cheers
A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXKOdbQAKCRCoFmvLt+/i
+8IKAQDf6G0rDdOoNE6HIuLxVBqIqEv1IgG+uRtRE9AHjGNjbgD/RcEJU/nGYjUp
t4eeNpEidzOAMM9zkToXEQ9iIqafs9I=
=eBgE
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Update on the Green Hat Hackers attack

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 2/4/19 4:13 am, Dimitris via Dng wrote:
> On 4/1/19 7:49 PM, Arnt Karlsen wrote:
>> ..this cartoon is used in production how? ;o)
> 
> snowden told us how.
> 
> dev1 joke affected production devuan systems how?

There is just so much wrong about this.

April Fools is fine in jest, but this prank, about a serious
alternative to Debian.  It may have caused heart attacks, it may have
stopped systems from getting valid updates, it may have done all sorts
of things.

I never went to the website; reading the mailing list only "about the
problems", any sane person shouldn't go to a website that is
potentially laden with malware.  For Android users, if you don't have
the February 2019 updates, you can get owned with just a PNG file.

So, this is very serious stuff.  Keep the humour to things much less
critical.

If you relied on Devuan for all your machines and the problem really
did happen; it would be hell.

A good prank would be a blog post that doesn't question the real
security of the project.  Once you question the security of the
project, you can then have lingering doubts .. that's not good for
anyone here.

There are times and places for great fun.  This was a terrible idea
and it has to lessen trust to at least some extent as well as posing a
serious health risk for administrators who care about security, a lot.

And the xkcd comic hsa nothing on this scare.

Kind Regards
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXKJptgAKCRCoFmvLt+/i
+5OPAQDPwW/D2S2sjxCQHmSCV4ptxC4V17qEoiNTKAMMLVS1ZAD9H6c1rtmYQtQR
6vD/bisjTQADFMhrkH6X8t1gpeVmfLs=
=X64u
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Ascii Multimedia -- /etc/apt/sources.list

[Andrew McGlashan]

Hi,

What /etc/apt/sources.list entries should we now use for Devuan ascii
for multimedia.


This is what I previously used with Deuan jessie:
 (and it seemed to be okay)

# deb-multimedia
deb http://www.deb-multimedia.org jessie main non-free


Thanks
AndrewM





signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] ..alsa+apulse and torbrowser... rpath is /usr/lib/apulse and is too long???

[Andrew McGlashan]

Hi,

On 17/1/19 2:51 pm, Arnt Karlsen wrote:
> ..we've heard of firefox dropping alsa etc for pulseaudio on behalf of
> the Tor/torbrowser people or the systemd people and since pulseaudio
> tried a "government shutdown", on _my_ iron, I did to pulseaudio what
> you yanks should try on your own putinist regime, a Great Purge with
> Stalinist Firmness.  ;o)

Okay, not what you were after, but what about this?

https://wiki.archlinux.org/index.php/PulseAudio/Examples#PulseAudio_as_a_minimal_unintrusive_dumb_pipe_to_ALSA


If it does what I think it does, then you can use Alsa in place of
pulseaudio and do so transparently.

Is that any good, does it do what you need and stop you needing pulseaudio?

Cheers
A.



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] KVM guest update to Ascii problem with Jessie KVM host

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

I upgraded a guest from Devuan Jessie to Devuan Ascii.

The guest wouldn't boot the 4.9 kernel, but I could boot it's older
3.16 kernel okay.

Then I upgraded the host from Jessie to Ascii as well and all was good.

My son believes this is a bug, but I'm inclined to believe that this
is a "fair" failure as whatever the host presented to the guest wasn't
compatible enough in relation to the kernels (probably).

If I upgraded the host first, then I probably wouldn't have seen any
issues.

NB: I am not using qemu directly, only via virsh. Perhaps if using
qemu directly it would be different.

Am I right in this case, or is my son right?

In any case, if my son is right, then there is a bug, but it wouldn't
hurt to always upgrade the host before any guests that rely upon that
host.

Kind Regards
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXDrd2gAKCRCoFmvLt+/i
+46kAP0UhfscYItl1pst2e+qAH6+XClVEj6SZAH76LIZrlXfTwD9HPsAUWDnVIKL
Fbpk2Cdf9EPG/cvfxhH7ZSxAdeaPWgo=
=JxI+
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Jessie --> ascii issues

[Andrew McGlashan]

Hi,

I've upgraded one of my servers from Devuan Jessie to Devuan ASCII and
had some issues.


First the initramfs failed to work properly as I have custom scripts for
the setup, one of the scripts sets up a bunch of useful tools for the
initramfs environment and that part was fine.

But a different script populated .profile and some other files in the
target DESTDIR/root directory -- now it needs to be DESTDIR/root*


# diff
hourly.1/kvm-affinity-devuan-b/root/usr/share/initramfs-tools/hooks/other
hourly.2/kvm-affinity-devuan-b/root/usr/share/initramfs-tools/hooks/other
43c43
<     (cd /etc/initramfs-tools/root.other_files/;tar cf - . | (cd
"${DESTDIR}/root"*;pwd;tar xvf -))
---
>     (cd /etc/initramfs-tools/root.other_files/;tar cf - . | (cd
"${DESTDIR}/root/";tar xvf -))


The newer rsnapshot (hourly.1) fixes the problem with my root files area
setup, with the pwd thrown in there for my benefit when building the
initramfs files.


I do have multiple LUKS disks (not just the root file system) and simply
unlocking the root file system wasn't enough; my initramfs setup gives
me extra tools to check RAID devices and unlock extra LUKS volumes.


The other problem I had was with a backup script that has a weird
difference with "fdisk -l" output -- if the lvm is referenced via
/dev/mapper/vg_name-lv_name, then the output now includes "-part"
components, but if I do an "fdisk -l" for the /dev/vg_name/lv_name, then
it doesn't have "-part".  For Jessie, both paths give the same suffix
endings for partitions.  You can see the differences below.  I had to
use sed to remove the "-part" string for my backup scripts to work.


ASCII (upgraded from Devuan Jessie)

# fdisk --version
fdisk from util-linux 2.29.2



# l /dev/vg0/server--disk0--backup /dev/mapper/vg0-serverdisk0backup
lrwxrwxrwx 1 root root 7 Nov 18  2018 /dev/vg0/server--disk0--backup ->
../dm-9
lrwxrwxrwx 1 root root 7 Nov 18  2018
/dev/mapper/vg0-serverdisk0backup -> ../dm-9

# fdisk -l /dev/vg0/server--disk0--backup
Disk /dev/vg0/server--disk0--backup: 15 GiB, 16106127360 bytes, 31457280
sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0bf87a90

Device  Boot   Start  End  Sectors  Size Id Type
/dev/vg0/server--disk0--backup1 2048  3905535  3903488  1.9G 82
Linux swap / Solaris
/dev/vg0/server--disk0--backup2 *    3905536 31455231 27549696 13.1G 83
Linux


# fdisk -l /dev/mapper/vg0-serverdisk0backup
Disk /dev/mapper/vg0-serverdisk0backup: 15 GiB, 16106127360
bytes, 31457280 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0bf87a90

Device  Boot   Start  End 
Sectors  Size Id Type
/dev/mapper/vg0-serverdisk0backup-part1 2048  3905535 
3903488  1.9G 82 Linux swap / Solaris
/dev/mapper/vg0-serverdisk0backup-part2 *    3905536 31455231
27549696 13.1G 83 Linux





Another server still running Devuan Jessie

# fdisk --version
fdisk from util-linux 2.25.2

# l /dev/mapper/vg0-serverdisk0 /dev/vg0/server--disk0
lrwxrwxrwx 1 root root 7 Nov 18 07:33 /dev/vg0/server--disk0 -> ../dm-3
lrwxrwxrwx 1 root root 7 Nov 18 07:33 /dev/mapper/vg0-serverdisk0 ->
../dm-3



# fdisk -l /dev/vg0/server--disk0
Disk /dev/vg0/server--disk0: 15 GiB, 16106127360 bytes, 31457280 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x077e996e

Device   Boot   Start  End  Sectors  Size Id Type
/dev/vg0/server--disk0p1 2048  3905535  3903488  1.9G 82 Linux
swap / Solaris
/dev/vg0/server--disk0p2 *    3905536 31455231 27549696 13.1G 83 Linux


# fdisk -l /dev/mapper/vg0-serverdisk0
Disk /dev/mapper/vg0-serverdisk0: 15 GiB, 16106127360 bytes,
31457280 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x077e996e

Device    Boot   Start  End  Sectors  Size
Id Type
/dev/mapper/vg0-serverdisk0p1 2048  3905535  3903488  1.9G
82 Linux swap / Solaris
/dev/mapper/vg0-serverdisk0p2 *    3905536 31455231 27549696 13.1G
83 Linux

Now this was just a kvm host machine (without any actual vms at this
time), so these little annoyances were less critical to me, but a bit of
a pain nonetheless.


Not sure why initramfs must now have /root-${RANDOM_PART} for dropbear's
root login instead of being just /root


The fdisk changes were also baffling, why it had to change from p1, p2,
p3 to -part1, -part2, -part3 suffixes for the 

Re: [DNG] Well, this is interesting

[Andrew McGlashan]

On 30/10/18 05:06, taii...@gmx.com wrote:
> I wouldn't consider this necessarily doom and gloom

Some might say IBM "helped" derail the AU census... and more, but the AU
gov't keeps giving them support after multiple alleged botch ups where
they can /claim/ it to not be their fault.  It may allegedly have a
smell of corruption about it too, I just don't know.

Just as I don't know what is in store for RHEL with IBM, but at least it
has to be better than Ellison getting hold of the company.

A.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Who remembers rootkit..

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 21/10/18 21:10, Jimmy Johnson wrote:
> I first noticed it while testing Stretch, I run a multimedia setup
> no problem with Jessie without systemd or wheezy, I was running a
> intel laptop HDMI to a big screen smart tv, the screen would go
> black and the audio would stop, I'm not the only on who has seen
> the problem as it's been mentioned on the Debian mailing list.
> Since then I have ran it on other systems, like Devuan, PCLinuxOS
> and Slackware too and have seen the the problem in real time while
> looking at the system log and I would see the kernel making calls
> to get a outside HTTP, I bring down my net connection and the
> kernel calls avahi daemon to bring it back up and make a HTTP
> connection, I stop avahi daemon and the kernel binds with the NIC
> and tries to get outside HTTP, that's where my firewall stops it.
> But the kernel keeps trying over and over and over endlessly to
> get outside HTTP and all this makes it imposable to watch my movie.
> Using the Intel laptop was convenient, but I got the idea to try my
> AMD nvidia desktop, I got the same kernel activity but no
> interference with audio/video, I'm now using ATI Radeon laptop,
> works the same as nvidia or maybe it's because their both AMD as I
> don't have nvidia or ATI running on a intel system that I can
> test.
> 
> Questions?

Is the cable perhaps 1.4 type with built-in Ethernet?  Wonder if that
might have something to do with it too.  The SmartTV might be doing
the communication attempts.  Maybe it is trying to tattle on you for
using video that it /thinks/ is breaking digital rights.. maybe
something else entirely.  If the kernel is making the HTTP calls, it
might be under direction of the video driver that is able to network
with the screen via the HDMI cable.

Cheers
A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW8x+CQAKCRCoFmvLt+/i
+w1SAQDK1eXGm8fdtu7vmydvNeJzrLB3UCK/CKAX24xGGSX35QD9GLIqVQCJaoUw
GsPPNGOYwpz0fw/tj6IZj576OYlTZ7I=
=S3xz
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Who remembers rootkit..

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi Rick,

On 21/10/18 14:42, Rick Moen wrote:
> Quoting Jimmy Johnson (field.engin...@gmail.com):
> 
>> Who remembers when rootkit hunter started showing problems and 
>> Debian said they where false positive problems? I think it was 
>> sometime during the development of Stretch. Well they fixed
>> rootkit hunter to not show those problems any longer and so goes
>> systemd, one BIG FAT security problem and has made security
>> software pretty much useless.  At lest with a firewall and no
>> systemd you can stop kernel calls to get outside http or at lest
>> I can. I think it's to bad we have to live with a kernel that's
>> passing our activity to outside sources.  I have this stuff
>> logged, it can't be denied.

I think he means the callout by some systemd setup that does a http or
some other test for "connenctivity" ... perhaps it is more than that,
but that alone is a concern.  It was suggested in /that/ thread to
which I think he is talking about, that the test should be to the
router or the first outside gateway from your local network.

Anyways, I'm not too sure.

Cheers
A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW8w2nAAKCRCoFmvLt+/i
++iFAQC82Ew5AvLbmau+s0hMBK7CwZKTu2UMDWvr6e6EIYbZ1gD/f8PxCIXBNCq5
fRJIig7kLjUFY/RxwN/qACxg0dy6JBU=
=A6fC
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] What's the latest stable version?

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 14/10/18 07:01, Antony Stone wrote:
> On Saturday 13 October 2018 at 21:49:30, Steve Litt wrote:
>> What's the latest stable version of Devuan? I'm going to set up a
>> test VM to test runit on Devuan.
> 
> "Devuan’s stable release is now 2.0.0 ASCII."
> 
> https://devuan.org/
> 
> I'm surprised to see *you* ask a question like this, Steve...

Well there is a different answer to that.

Sometimes stable is testing that has been testing long enough and is
perhaps close enough to freezing that it is considered stable.

;-)

Cheers
A.
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW8LfgQAKCRCoFmvLt+/i
+9q3AQCtXjvfBzvjiyc4IB2dM+Tzu6artBw6Nh2/sU0+D3BstwD7Bj8gauCQZLvL
o5yjI2QDuZOZ9Xh/AWMA+g8F+tsDl6Y=
=IBkg
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] [OT] Restricting user capabilities after ssh login

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 12/08/18 14:55, mett wrote:
> I m wondering about the best way to restrict a user after he has
> ssh'd into his web folder.

I solved this problem a different way.

Created a VM just for the required user(s).  They needed to provide
their static IP address and a public key for the authorized_keys file.
 Only they could login to their own VM and only from a trusted IP
address with their private key (hopefully protected with a decent
password/passphrase).

The VM mounted particular directories so that the user could access
those alone in their restricted VM without any direct access to the
main host that has shared and non-shared files for others.

As the VM spins up, so to speak, a process mounts the required
directories as the correct user and if they adjust those files, then
the main server will get those adjustments, but they cannot change
ownership of any file (they can, but it won't propagate to the main
server).

There are still risks, they can be bad and place files in their own
areas on the server that might try to do something that would be
frowned upon, such as trying to break security with some kind 0f
executable code (perhaps website code).  Some trust is needed, but if
they abuse that trust and get found out, then there would be hell to
pay as I'll cut them off completely and only allow update to files
much less directly.

Cheers
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW7tx2gAKCRCoFmvLt+/i
+6+2AQC/9mUoP9hJtaNa4FbsBl2AJm5n4gTp7I9YPrhXOirtCQD8D3upPY9h6mky
E1CvUz/RUCn7rQmz0BkKXTvVl1okH+E=
=JKdL
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan ASCII Live USB security issue

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 27/09/18 08:28, fsmithred wrote:
> On 09/26/2018 01:03 PM, Andrew McGlashan wrote: Add the following
> to the boot command: noautologin nocomponents=sudo

Perfect, that takes care of my most immediate concerns.

> There aren't any daily images or even weekly images. If you want
> your live images to get all the latest security fixes, you'll need
> to make your own. You can do that either with live-sdk (which will
> pull the latest packages from the repo) or refractasnapshot (which
> will copy the running system to make a live iso. I generally use a
> dedicated system in a VM for this.)
> 
> You might also want to take a look at refracta2usb. It can make a
> live usb with one or more persistent volumes, encrypted or not. I
> think you can do what you want with a single usb. 
> http://www.ibiblio.org/refracta/docs/readme.refracta2usb.txt 
> https://sourceforge.net/projects/refracta/files/tools/refracta2usb-2.3
.6.deb

Okay,
> 
thanks.  I've been thinking about refracta2usb ... I expect I'll
use that one day, but not just yet.

Kind Regards
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW6yDjAAKCRCoFmvLt+/i
+15sAP9DKn0owzlgdv097O+tb6Ui/YNV6TGSS+eSCwVQUOdg3gEA0wAXzZ2qgQFS
GEPAlUZhJIFLugr2B7GyM7PxCseFv8k=
=ZKR6
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan ASCII Live USB security issue

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 27/09/18 06:01, Jaromil wrote:
> On Thu, 27 Sep 2018, Andrew McGlashan wrote:
> 
>> I've been using a live USB of Devuan with XFCE, I boot it to RAM
>> and then setup my temporary environment from a different LUKS
>> encrypted USB.
> 
> have you tried https://heads.dyne.org?

I definitely like the idea of heads, particularly over tails.

But my setup actually uses both the Tor network and the clear net;
most downloads and browsing are over Tor using privoxy, except when I
really want something and it is denied just because I am using the Tor
network.  Palemoon normally transits using socks5 proxy (Tor), with
some exceptions.  Firefox is set to go direct. Thunderbird also used
the proxy.  Most times when websites block me for using Tor or even
uBlock Origin and uMatrix to stop tracking and lessen advertising
rubbish, then the content is often available elsewhere -- if they want
to lock me out, then I'll find alternatives.  Just like I use Devuan
over Debian as my alternative to avoid the cancer of systemd.

I'm concerned that heads is too far behind in terms of security, the
last release was some time ago now, I have been keeping an occasional
eye on it.  The last release being 2018-03-26 (6 months ago).  Tails,
which I hope to stop using one day has had a number of releases in
that time frame.  Don't get me wrong, I do want heads to win over
tails here for sure.

In any case, tails and one day heads instead will have their place for
my usage, but I need more than either of this for everyday tasks.

> is a Devuan derivative based on Beowulf (current testing) hardened
> for security, routing all traffic through tor and removing all
> non-free firmware (100% free). Maybe it works for your case, maybe
> not (the persistent setup aka "nesting" is not yet there) but since
> you seem to have all the persistance scripts by yourself, this live
> USB may do well for your purpose.

All of which is why I will definitely be preferring heads over tails,
but down the track.

Kind Regards
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW6x+dgAKCRCoFmvLt+/i
+w5oAP9OXQOspu+IU3bciNgdsKd3E8Ga0NYMzVi9dC4tQWu/YgEAqNjOCSjobsKQ
vjQ5EmcagKJoJUzI0xi2/+KEDDvMbXs=
=zR+X
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Devuan ASCII Live USB security issue

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

I've been using a live USB of Devuan with XFCE, I boot it to RAM and
then setup my temporary environment from a different LUKS encrypted USB.

This allows me to keep my data secure and the setup as simple as
possible without actually installing Devuan on the working device.

My method includes saving dot files and dot directories so that I don't
have to reconfigure everything from scratch each time.  I even include
".mozilla" ."moonchild productions" and ."thunderbird" directories from
the LUKS encrypted USB.  I am installed Firefox, Palemoon and
Thunderbird from downloads .bz2 files (just extracted to a directory). 
I setup keyboard entries to launch them easily.

Also using "KeePassXC-2.3.4-x86_64.AppImage 

I've got my ssh configs and the gnome keyring in play (all coming from
the encrypted USB).  I install a bunch of .deb updates and some extra
outside .debs that I've got on hand to give me all the tools I need.

Whilst running in this environment, all of my usual important working
data and working environment is available (together with mapped drives
using sshfs when available).  However, I need it to be better secured
during usage with the Live USB before I finish my session and then
update the LUKS encrypted USB using rsync for the next use at a later time.

The trouble I have is that whilst I can easily change the "devuan"
(live) user to have a secure password, the terminals all auto-login,
without requiring any password to be entered!  That is, if I go to any
or all of the ttys for instance, and type d to logout, then it
immediately starts a new session as "devuan" without asking for the new
(or any) password.

Adding to this problem is the fact that the "devuan" user has, by
default, full SUDO rights without needing any password as well; the
latter is probably easily fixed with an adjusted sudoers file, but the
auto-login is a major security risk,

How do I stop those automatic logins on the ttys ?

Doing this setup, I can travel with two USB sticks, use just about any
computer and boot up the LIVE USB, then apply my setup form the
encrypted one.

The other thing I would like would be to be able to do is to use a daily
LIVE DEVUAN USB image to keep it up to date and safer (particularly the
kernel or really anything that would need a reboot to pickup the new
version), but I don't know if daily images are available anywhere for it.

Kind Regards
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW6u77wAKCRCoFmvLt+/i
++lWAQCZNpzPIAbikb4Q4WzJuLSxN7MmkCN0uhTMp1jFP4GungEAtxFuIBipTFoe
BXq3pzflpao953jDirPVaagoayDUFWU=
=A5fP
-END PGP SIGNATURE-

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] A Devuan kernel?

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On 09/07/18 17:51, KatolaZ wrote:
> Literally anybody can get the sources of the Linux kernel and read 
> through it. So I guess your fears are somehow unjustified...

There were long standing problems with openssl -- the source code was
fully available, anybody could have found the problems, but they didn't.

The Linux Kernel is HUGE, the possibility to find something that
shouldn't be there would not be very easy.  Binary blobs remain the
most "risky" components, but anything else can easily hide in plain sigh
t.

Cheers
A.
-BEGIN PGP SIGNATURE-

iF4EAREIAAYFAltDF2wACgkQqBZry7fv4vuOqAEAzsCAqEwTGdeU0naWbKauol8+
HtUPlRJNtcNftl+6G8AA/RE+ahm/ImQblbacaPOEVBDh/UmFqxfdd2NEUQFHroBN
=+Tvv
-END PGP SIGNATURE-
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] what happened to usbmount?

[Andrew McGlashan]

On 20/06/18 00:05, Erik Christiansen wrote:
> Martin, I think I will too. That is one nifty little bit of kit, not
> just to be added to my survival notes accumulated over the decades, but
> to be pushed into the wetware despite increasing backpressure after 2^6
> trips around our star.

Song  "will you still love me when I'm 2^6", hahaha

A.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] X11RDP-o-Matic Information - Scarygliders

[Andrew McGlashan]

https://scarygliders.net/x11rdp-o-matic-information/


Interesting quote from the above link:

NOTE: I am no longer actively spending days/hours of my time to maintain
this script – there are too many different variations of Linux
Distributions and they come out so frequently and always include changes
in the way they do things, that it became utterly impractical for me to
try to test o-Matic for every possible “gotcha” in every new and
wonderful distribution. Systemd is another reason why I simply cannot
spend any more time on o-Matic. It broke an awful lot of things when
Debian decided to include it in their distributions, and I refuse to
spend any more time dealing with this malware. If anyone wants to, they
can feel free to submit pull requests to the o-Matic repository at
Github, and if I have time I will review the changes and merge them with
the main o-Matic branch.

Regards.

Cheers
A.



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] [OT] Re: (forw) [GoLugTech] Microsoft buys GitHub

[Andrew McGlashan]

On 09/06/18 15:49, Jimmy Johnson wrote:
> There's something fishy about this story.
>  https://www.bbc.co.uk/news/technology-44368813
> It was first published on June 5th and now dated June 6th, I first read
> the story on June 5th at the same link.  Not recoverable, not repairable
> or so they say and who's data will be stored there?  I don't know abut
> you but the only one I trust to store my data is me and I'm backed-up
> since '94 on 3 external and 2 internal drives with no problems and it's
> safe to say I'm a pack rat.

archive.org has 30 different snapshots so far.

https://web.archive.org/web/*/https://www.bbc.co.uk/news/technology-44368813

Your earliest "5th June" version may be one of the earlier 6th June
entries depending on your timezone.

Cheers
A.



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] [OT] Re: (forw) [GoLugTech] Microsoft buys GitHub

[Andrew McGlashan]

On 05/06/18 03:06, Mark Rousell wrote:
> My statement that MS were the largest single contributor on GitHub comes
> from GitHub's own statistics specifically for *open source*
> contributions (admittedly dating from 2016).
> 
> Source: http://businessinsider.com/microsoft-github-open-source-2016-9
> 'Microsoft just edged out Facebook and proved that it's changed in an
> important way'.

Don't believe the Microsoft hype.

Now, if they open sourced EVERY single Microsoft software and allowed
forks with proper open licenses that are not restrictive; only then I
might be happy to use a completely vetted fork that removes every single
privacy concern or, at the very least, allows absolute total
transparency with options to allow/disallow data transfer based on the
pros of giving up particular and specific personal or other data for a
different, but worthwhile benefit -- knowing the "cost" of giving up
exactly which data is what counts and understanding that the benefit is
worth it.

A.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] [OT] Re: (forw) [GoLugTech] Microsoft buys GitHub

[Andrew McGlashan]

On 05/06/18 02:46, Mark Rousell wrote:> Anyway, I look forward to
Microsoft Enterprise Linux in due course. ;-)
NO WAY!  It's bad enough with RHEL and it's competitors; if I need that
brand of Linux, I would go CentOS... but it will be a very cold day in
hell before I opted for a Microsoft version.

A.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] (forw) [GoLugTech] Microsoft buys GitHub

[Andrew McGlashan]

Is this a case of mass US based industrial espionage now?

It's been said that Microsoft makes a great deal of monies from Linux
with patents in play.

I see this as a perfect solution for Microsoft to go after every man and
his dog using github to see if there are any patents to win more money
over (like Oracle did to Google for instance over Java).  If Microsoft
has full and unfettered access to all the code repositories, then they
can deep scan every project looking for opportunities to take legal action.

This is a disaster waiting to happen.

I won't use Skype ever again, haven't for a long time.

My LinkedIn is just a placeholder account and some "wise" person screwed
up my profile long ago with incorrect information.

LinkedIn is a problem in itself.  What are they?  They are the ultimate
3 letter agencies dream.  They want to know about every single business,
every single employee and job description, every single skill; it's
entirely encompassing -- it is a nightmare for anyone wanting to
preserve any shred of privacy about their own information.

I just hope that people abandon Github, but I won't hold my breath;
people haven't abandoned LinkedIn or Skype as they should.

Very troubling times indeed.

A.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Is Void OK? Was: Keep it alive

[Andrew McGlashan]

On 20/05/18 00:42, Arnt Karlsen wrote:
> ..you need both, IME.  17 years ago, I was the final lawful webmaster
> at fmb.no, our domain docs were stolen by https://www.frp.no/ people. 

Is there an English translation for that?

https://web.archive.org/web/20051119085953/http://www.fmb.no:80/

Cheers
A.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] It's far from being over. Sigh!

[Andrew McGlashan]

Hi,

On 05/05/18 04:04, Hendrik Boom wrote:
> It may not be an option unless I want to get out of computing 
> altogether.

The problem is that everything has got a computer in it these days and I
too fear that the only option to avoid all the bad-ness going on is to
opt out of computing as well :(

But whilst I still can, I'll at least run my own servers and rely on the
"cloud" as little as possible.  Librem 5 phone coming next year for me.

Opting out of the big 5 is also very much something I would like to do:

1. Google (including Android)
2. Apple
3. Microsoft (including LinkedIn, Skype and other privacy nightmares)
4. Amazon (including AWS)
5. Facebook

Oh and Twitter would make it six...


NB: The article is not mine, but the sentiments are the same:

https://motherboard.vice.com/en_us/article/mbxndq/one-month-without-big-five-microsoft-google-facebook-apple-amazon

I even hate it very much that our public broadcaster has to have fb and
twitter accounts -- they are supposed to be 100% free and
non-commercial, but that's really just a dream because they, themselves
(abc.net.au) are always going to be more commercial than they'll admit.

Being sans systemd is not enough, that is another eco-system I want to
avoid as much as I can (as we all know here).

Kind Regards
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Used *and* free hardware

[Andrew McGlashan]

One thing about using used [,old] and free hardware is that it has power
efficiency problems.

Newer hardware tends to be more power efficient (if you choose wisely).
This means that newer hardware can "pay" for itself via energy savings
alone.  Less power consumed, less heat.  If you have an abundance of
excess "free" power, that you don't have a better use for, then perhaps
old hardware might be better than new hardware from an environmental
perspective.

A reasonably good example of new vs old is the incandescent light globe
against an LED.  You could wait until the old one blows or replace it
and start saving energy straight away.

We have reduce, re-use and recycle; these are all important but
sometimes replace is more important for all sorts of reasons.

Cheers
A.



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] The FSF seems to have finally sold out

[Andrew McGlashan]

Hi,

On 08/03/18 10:05, taii...@gmx.com wrote:
> In exchange for money they are now advertising and endorsing a maker of
> fake libre hardware by letting them have a booth at libreplanet an
> endorsing their debian copy "PureOS"
> 
> https://libreplanet.org/2018/sponsors

Really? I am pretty positive about Purism right now, I'm not sure the
criticisms are valid.

> Purism is NOT free hardware and certainly not "grassroots" as their
> mysterious founder somehow has a bottomless pit of money to burn on
> hardware costs and propaganda campaigns.

Intel ME can be disabled up to a point, but some things must remain or
the motherboard can't boot up.  If you want completely new hardware and
not hardware that is commly available, then expect things to cost
significantly more.  As much as I don't like the considerable duopoly we
have in the mobile phone OS space, the hardware, being sold in huge
quantity, is why we can have "super" computers in our pockets without
the super, super pricing of yesteryear.

Would I like Intel and AMD to provide more free hardware, absolutely I
would.  And to disable IME as much as possible, for sure!

Purism has works in place to enable you to have a machine that you can
control the keys (not M$, not anybody else), you load your bits and
everything is 100% verified -- and you can update your bits by signing
new bits with your keys and it remains verified.

Are these things an illusion?

https://puri.sm/posts/purism-integrates-heads-security-firmware-with-tpm-giving-full-control-and-digital-privacy-to-laptop-users/

https://puri.sm/posts/librem-now-most-secure-laptop-under-full-user-with-tamper-evident-features/

> I encourage everyone who cares about the future of free computing to
> contact the FSF about this.
> Here are posts that help explain the purism situation better than I can.
> https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/

In IT terms, that Reddit thread started a long time ago perhaps it
is irrelevant these days?

> https://web.archive.org/web/20161010040458/https://blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/
> 
> https://web.archive.org/web/20161010100959/https://blogs.coreboot.org/blog/2015/08/09/the-truth-about-purism-behind-the-coreboot-scenes/

Again, I would like more free and again those archived posts are from
2016; still relevant today?  I'm not sure they  are and even if the do
have relevance, how much is subjective and how much really matters?  I
think that Purism is heading in the right direction.

There was also quite a positive interview on "Late Night Linux" just
recently.

https://latenightlinux.com/late-night-linux-episode-31/


Purism

We are joined by Todd Weaver who is the CEO and founder of Purism to
talk about the completely FOSS-friendly phone that they are planning to
deliver in January next year and their laptops that are available right
now. Can they really deliver something good as well as private and
secure? Todd certainly thinks they can.



Episode 32 could be interesting too, but I haven't listened to it yet.

https://latenightlinux.com/late-night-linux-episode-32/

> Isn't it strange that purism receives so much coverage in the tech press
> but real freedom hardware gets none at all?

It has more freedom than many other options and it is targeted in the
right direction, for sure, from what I can see.

Kind Regards
AndrewM




signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Problems with KVM server after updates (possibly linux-image is culprit) -- cannot start any guests.

[Andrew McGlashan]

Hi,

On 11/01/18 18:32, Thomas Besser wrote:
> Just upgraded one of the KVM server host machines to
> linux-image-3.16.0-5-amd643.16.51-3+deb8u1
> 
> After that starting of virtual machines work like before (qemu-kvm
> 1:2.1+dfsg-12+deb8u6).

Okay, I think I might be better off doing a clean fresh install on
another box and make sure it works properly with migrated VMs.  There
was a time when the packages being supplied were in a "wrong" state
and perhaps the backports might also be an issue.

# dpkg-query -l|egrep -i  '(qemu|kvm)'
ii  ipxe-qemu1.0.0+git-20141004.86285d1-1
all  PXE boot firmware - ROM images for qemu
ii  qemu-kvm 1:2.8+dfsg-3~bpo8+1
amd64QEMU Full virtualization on x86 hardware
ii  qemu-system-common   1:2.8+dfsg-3~bpo8+1
amd64QEMU full system emulation binaries (common files)
ii  qemu-system-x86  1:2.8+dfsg-3~bpo8+1
amd64QEMU full system emulation binaries (x86)
ii  qemu-utils   1:2.8+dfsg-3~bpo8+1
amd64QEMU utilities

Thanks and Kind Regards
AndrewM
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Problems with KVM server after updates (possibly linux-image is culprit) -- cannot start any guests.

[Andrew McGlashan]

Hi,

On 11/01/18 08:10, Andrew McGlashan wrote:
> Hi,
>
> I'm getting errors when trying to start guests after a restart with new
> kernel.
>
>
> qemu-system-x86_64:
> /build/qemu-CeGdkI/qemu-2.8+dfsg/target-i386/kvm.c:1805: kvm_put_msrs:
> Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed.
> 2018-01-10 20:29:51.073+: shutting down
>
>
> < ii  linux-image-3.16.0-4-amd64   3.16.43-2+deb8u5
> amd64    Linux 3.16 for 64-bit PCs
> ---
>> ii  linux-image-3.16.0-4-amd64   3.16.51-3   
> amd64    Linux 3.16 for 64-bit PCs
>
>
> I don't think any other updates could have been the cause

Okay, well I tried to fix this with a different kernel, available, but
not installed?

linux-image-3.16.0-5-amd64   3.16.51-3+deb8u1

That didn't work, so I looked in my /var/cache/apt/archives and foudn a
4.9 kernel.

I installed that and I can now start all my guests

# dpkg-query -l|grep linux-image
ii  linux-image-3.16.0-4-amd64   3.16.51-3   
amd64    Linux 3.16 for 64-bit PCs
ii  linux-image-3.16.0-5-amd64   3.16.51-3+deb8u1
amd64    Linux 3.16 for 64-bit PCs
ii  linux-image-4.9.0-0.bpo.4-amd64  4.9.65-3+deb9u1~bpo8+1  
amd64    Linux 4.9 for 64-bit PCs


The 4.9 kernel was there by some mis-configuration previously (with the
Devuan project).  I've done aptitude update and safe-upgrade -V ... but
the /older/ 4.9 kernel didn't have any updates.

Right now, I am /reasonably/ happy becuase he guests are running, but
whatever went wrong is serious and I'm sure others will see issues, so
if we an fix it properly, that would be great.

Thanks AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Problems with KVM server after updates (possibly linux-image is culprit) -- cannot start any guests.

[Andrew McGlashan]

Hi,

I'm getting errors when trying to start guests after a restart with new
kernel.


qemu-system-x86_64:
/build/qemu-CeGdkI/qemu-2.8+dfsg/target-i386/kvm.c:1805: kvm_put_msrs:
Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed.
2018-01-10 20:29:51.073+: shutting down


< ii  linux-image-3.16.0-4-amd64   3.16.43-2+deb8u5
amd64    Linux 3.16 for 64-bit PCs
---
> ii  linux-image-3.16.0-4-amd64   3.16.51-3   
amd64    Linux 3.16 for 64-bit PCs


I don't think any other updates could have been the cause


Any ideas?

Thanks and Kind Regards
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request file system reviews and recomendations.

[Andrew McGlashan]

On 29/12/17 13:57, Rick Moen wrote:
> One can also reasonably say that the ext2/ext3/ext4 codebase has
> benefited from more real-world testing than any other *ix fileystem code
> in history.  (ext4 departs significantly more from ext3 than the latter
> did from ext2, as detailed here:
> https://www.thomas-krenn.com/en/wiki/Ext4_Filesystem )

Okay, that lead me to consider TRIM for my SSD... everything I need is
covered just fine, but the following blog post might be useful to some:

http://blog.neutrino.es/2013/howto-properly-activate-trim-for-your-ssd-on-linux-fstrim-lvm-and-dmcrypt/

On my Linux Mint 18.3 laptop, I already had discard in /etc/crypttab (I
never put it there).

It was also already enabled in my /etc/lvm/lvm.conf file as well, (again
I didn't put it there).

And a very simple weekly job (compliments of Mint team I guess) also
takes care of fstrim for all file-systems that support it as follows:

# cat /etc/cron.weekly/fstrim
#!/bin/sh
# trim all mounted file systems which support it
/sbin/fstrim --all || true


Cheers
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request file system reviews and recomendations.

[Andrew McGlashan]

On 28/12/17 11:51, Steve Litt wrote:
> Being a fan of simplicity, I use ext4 on all partitions. No LVM: I
> don't want the extra layer. With things like bind mount I can
> temporarily move parts of one filetree to a different partition, and
> the next time I full-install or buy a new computer or something, I can
> resize partitions accordingly.
> 
> ext4 is years old, proven reliable for years, has all the necess
> 
> I don't use disk encryption, but if I did I'd find a way to do it
> without LVM.

LVM is wonderful, the snapshotting with it is excellent for doing
backups and having even less downtime.  I always use ext4 for the
logical volumes and sometimes find that I need to resize the file
systems (resize2fs and other steps).

> I don't use RAID, and to the best of my knowledge I've never had data
> silently go bad on me.

The trouble with bit-rot is that it is silent loss of data; doing extra
checksumming is a potential help for diagnosing lost data though, but
that's why ZFS is so attractive, scrub the file system and it picks up
problems.  Use RAID1 (at least) and ZFS can fix the errant data that it
finds.  Still, the licensing issues and RAM requirements is a bummer, as
is the fact that you really need server class hardware to have any
possibility to use ECC type RAM.

If your 'puter is a portable one, then you really, really should use
full disk encryption.  I've got to admit that the machine I'm replying
on is my portable laptop, it runs stock Linux Mint 18.3 (sadly, with
systemd), it is fully encrypted and boots in a matter of seconds
(longest time is entering the unlock phrase and then my login password
later).  Even non-portable machines can do well to use LUKS (full disk
encryption).

My Devuan KVM machines use dropbear with trusted authorized_keys for
bootup, I unlock the crypted volumes and continue normal boot; the only
issue is that I need to be available to unlock the crypt vols.  But it
does protect the data if the box is lifted or the internal drives are
stolen.

Cheers
A.



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request file system reviews and recomendations.

[Andrew McGlashan]

On 28/12/17 15:05, Rick Moen wrote:
> ECC RAM is not sufficient to catch all bad RAM problems, only some.
> Back in 2006, I had an interesting case of this:
> http://linuxmafia.com/pipermail/conspire/2006-December/002662.html
> http://linuxmafia.com/pipermail/conspire/2006-December/002668.html
> http://linuxmafia.com/pipermail/conspire/2007-January/002743.html
> 
> I know most people won't bother to read that, so I'll summarise: 

Your posts are almost, if not ALWAYS worth a read!
  TL/DR; DO BOTHER TO READ RICK'S POSTS

I recommend it greatly; you are always good value to learn new things or
new ways to look at things with a different pair of eyes that are always
attached to a very well functioning brain.

Your posts are very much appreciated.

Thank you
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request file system reviews and recomendations.

[Andrew McGlashan]

Hi,

On 27/12/17 16:50, Josef Grosch wrote:
> A good place to start is ZFS On Linux (http://zfsonlinux.org/) This project 
> is being run by the bright boys and girls at Lawrence Livermore National Lab, 
> our tax dollars at work. Yes, it is covered by a GPLv2-incompatible 
> licence[1] (CDDL), but I consider the advantages of ZFS enough to ignore the 
> license issue. I mostly run Debian and ZFS works like a charm.

ZFS on Linux is different to ZFS in the Linux Kernel. each has it's
own license.  ZFS on Linux uses Fuse and is quite happily GPL.  I hate
the fact that Oracle bought Sun Microsystems and I wish they would
re-license any and all Sun code that should be fairly provided for the
community (especially anything to do with ZFS, especially since they
cared more about BTRFS anyway...).  Sun created ZFS, Oracle created
BTRFS, they are competing, ZFS should be the winner, but the CDDL
situation is a pain.

You can legally, if I understand correctly, build ZFS in to a Linux
Kernel yourself, but you cannot (due to license restriction), do so and
provide it for others to use "as is", everyone whom want to use it in a
Linux Kernel must compile it themselves.  That makes a mockery of
Canonical's opinion, but perhaps they paid monies to Oracle to free it
up for them somehow

Oh and I definitely think Oracle should give up on it's fight with
Google over Java -- Sun always meant it to be possible for anybody to
use unencumbered and they surely encouraged it; so it is my opinion that
Oracle should let it be (not that I am defending Google, but I
absolutely believe that Google is right here), however, I am not a
lawyer so take my opinion for what it is.

I would much prefer to have ext4 support checksumming too, but I can't
see that ever happening; if it does, it will be new works based on BTRFS
most likely and it'll be ext5 or something else.

My preference, if it was never a licensing issue, would be to use ZFS
with ECC RAM built-in to the Linux Kernel, but I am not rolling my own
kernel these days and am sticking with "stock" ones that come with my
distro.

Kind Regards
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] git.devuan.org -- 2FA issues

[Andrew McGlashan]

Hi,

On 25/08/17 21:04, Andrew McGlashan wrote:
>>> 2FA is re-enabled for me, but if you use the Google Authenticator app,
>>> it won't work because you cannot change the time sever to use
>>> git.devuan.org (which has a different time).

The time is still out by over 2 minutes.


1504095347  Wed Aug 30 22:15:47 2017git.devuan.org
1504095209  Wed Aug 30 22:13:29 2017local

Whatever code GA gives will never work as the git.devuan.org server is
more than 2 minutes fast.

Kind Regards
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] git.devuan.org -- 2FA issues

[Andrew McGlashan]

On 25/08/17 20:09, Narcis Garcia wrote:
> El 25/08/17 a les 11:00, Andrew McGlashan ha escrit:
>> Hi,
>>
>> Okay, my code wasn't actually using the git.devuan.org server time, it
>> just displayed it.
>>
>> 2FA is re-enabled for me, but if you use the Google Authenticator app,
>> it won't work because you cannot change the time sever to use
>> git.devuan.org (which has a different time).
>>
>> Kind Regards
>> AndrewM
>>
>>
>>
>> ___
>> Dng mailing list
>> Dng@lists.dyne.org
>> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>>
> 
> Do you mean in devuan.org there are services depending on Google?

Sort of, the time is different for the git.devuan.org server and the one
that Google is using for generation of TOTP PINs.  If Google's server
has the time correct (NTP) and git.devuan.org has also got the same
time, then it should be no problem.

However, as the timing is out, nobody can rely on Google's Authenticator
app to provide the right PIN.

Kind Regards
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] git.devuan.org -- 2FA issues

[Andrew McGlashan]

Hi,

Okay, my code wasn't actually using the git.devuan.org server time, it
just displayed it.

2FA is re-enabled for me, but if you use the Google Authenticator app,
it won't work because you cannot change the time sever to use
git.devuan.org (which has a different time).

Kind Regards
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] git.devuan.org -- 2FA issues

[Andrew McGlashan]

Hi,

There is an issue with 2FA when logging in to:

https://git.devuan.org/

The correct PIN code is always invalid.

I run my own tool to generate the PINs, but I also tested using Google's
Authenticator app and it gives the same PINs at the same time.

I logged in with a recovery code, but couldn't login with a PIN.

Then I removed 2FA and tried to re-enable it.  I cannot re-enable it now
because the PIN is always invalid

The server time may be out, but I've also tried Google's server time as
the reference instead of git.devuan.org's time and it didn't help.

This was comparison of Google's time to my own local time:

1503649725Fri Aug 25 18:28:45 2017accounts.google.com
1503649724Fri Aug 25 18:28:44 2017local

And this was an earlier comparison using git.devuan.org server time:

1503649151Fri Aug 25 18:19:11 2017git.devuan.org
1503649036Fri Aug 25 18:17:16 2017local

As it stands now, I cannot re-enable 2FA with the account.

My Python code gets the server (https://git.devuan.org) time using curl
-Is with the "Date:" header.


-- 
Kind Regards
AndrewM

Andrew McGlashan




signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading

[Andrew McGlashan]

  -- update from original posteer --

Minor update on the issue:

The check command provided in the advisory to test for hyper-threading
doesn't work: it will always report hyper-theading as enabled.  A better
command is provided below.

Note: this also means the perl script will give some false-positives.
I apologise for the inconvenience.


On Sun, 25 Jun 2017, Henrique de Moraes Holschuh wrote:
> Once you know your processor model name, you can check the two lists
> below:
> 
>   * List of Intel processors code-named "Skylake":
> http://ark.intel.com/products/codename/37572/Skylake
> 
>   * List of Intel processors code-named "Kaby Lake":
> http://ark.intel.com/products/codename/82879/Kaby-Lake
> 
> Some of the processors in these two lists are not affected because they
> lack hyper-threading support.  Run the command below in a command line
> shell (e.g. xterm), and it will output a message if hyper-threading is
> supported/enabled:
> 
>   grep -q '^flags.*[[:space:]]ht[[:space:]]' /proc/cpuinfo && \
>   echo "Hyper-threading is supported"

The above test (using "grep") does not work, and will always report that
hyper-threading is enabled.

Please use the "lscpu" utility from the util-linux package in a command
line shell (e.g.  xterm):

lscpu

If the lscpu output reports: "Thread(s) per core: 2", that means
hyper-threading is enabled and supported.

If the lscpu output reports: "Thread(s) per core: 1", that means
hyper-threading either disabled or not supported.  In this case, the
specific defect mentioned in the advisory will not trigger.

-- 
  Henrique Holschuh

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading

[Andrew McGlashan]

Just re-sending this from the Debian User's list FYI
 - originally from: "Henrique de Moraes Holschuh "
 - this email with the perl script
  (I'll post that one here too)


On Sun, 25 Jun 2017, Henrique de Moraes Holschuh wrote:
> This warning advisory is relevant for users of systems with the Intel
> processors code-named "Skylake" and "Kaby Lake".  These are: the 6th and
> 7th generation Intel Core processors (desktop, embedded, mobile and
> HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
> well as select Intel Pentium processor models.

Attached, you will find a perl script that can help detect if your
system is affected or not.  Many thanks to Uwe Kleine-König for
suggesting, and writing this script.

-- 
  Henrique Holschuh

#!/usr/bin/perl
# Copyright 2017 Uwe Kleine-König
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License version 2 as published by the
# Free Software Foundation.

open(my $cpuinfo, ") {
	if (/^$/) {
		print "cpu $cpunum: ";
		if ($vendor eq "GenuineIntel" and $family == 6) {
			if ($model == 78 or $model == 94) {
if ($stepping eq "3") {
	print "Your CPU is affected, ";
	if (hex($microcoderev) >= 0xb9) {
		print "but your microcode is new enough\n";
	} elsif ($hyperthreading ne "on") {
		print "but hyper threading is off, which works around the problem\n";
	} else {
		print "you should install the latest intel-microcode\n";
	}
} else {
	print "You may need a BIOS/UEFI update (unknown Skylake-Y/H/U/S stepping)\n";
}
			} elsif ($model == 85 or $model == 142 or $model == 158) {
print "You may need a BIOS/UEFI update (Kaby Lake, or Skylake-X processor)\n";
			} else {
print "You're likely not affected\n";
			}
		} else {
			print "You're not affected\n";
		}

		$cpunum = undef;
		$vendor = undef;
		$family = undef;
		$stepping = undef;
		$microcoderev = undef;
		$hyperthreading = undef;

		next;
	}

	$cpunum = $1 if /^processor\s*:\s(.*)/;
	$vendor = $1 if /^vendor_id\s*:\s(.*)/;
	$family = $1 if /^cpu family\s*:\s(.*)/;
	$model = $1 if /^model\s*:\s(.*)/;
	$stepping = $1 if /^stepping\s*:\s(.*)/;
	$microcoderev = $1 if /^microcode\s*:\s(.*)/;

	if (/^flags\s*:/) {
		if (/^flags\s*:.*\bht\b/) {
			$hyperthreading = "on";
		} else {
			$hyperthreading = "off";
		}
	}
}

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading

[Andrew McGlashan]

Just re-sending this from the Debian User's list FYI
 - originally from: "Henrique de Moraes Holschuh "
 - are we all good here?
 - NB: there is a nice perl script to check vuln too on that list
  (I'll post that one here too)


This warning advisory is relevant for users of systems with the Intel
processors code-named "Skylake" and "Kaby Lake".  These are: the 6th and
7th generation Intel Core processors (desktop, embedded, mobile and
HEDT), their related server processors (such as Xeon v5 and Xeon v6), as
well as select Intel Pentium processor models.

TL;DR: unfixed Skylake and Kaby Lake processors could, in some
situations, dangerously misbehave when hyper-threading is enabled.
Disable hyper-threading immediately in BIOS/UEFI to work around the
problem.  Read this advisory for instructions about an Intel-provided
fix.


SO, WHAT IS THIS ALL ABOUT?
---

This advisory is about a processor/microcode defect recently identified
on Intel Skylake and Intel Kaby Lake processors with hyper-threading
enabled.  This defect can, when triggered, cause unpredictable system
behavior: it could cause spurious errors, such as application and system
misbehavior, data corruption, and data loss.

It was brought to the attention of the Debian project that this defect
is known to directly affect some Debian stable users (refer to the end
of this advisory for details), thus this advisory.

Please note that the defect can potentially affect any operating system
(it is not restricted to Debian, and it is not restricted to Linux-based
systems).  It can be either avoided (by disabling hyper-threading), or
fixed (by updating the processor microcode).

Due to the difficult detection of potentially affected software, and the
unpredictable nature of the defect, all users of the affected Intel
processors are strongly urged to take action as recommended by this
advisory.


DO I HAVE AN INTEL SKYLAKE OR KABY LAKE PROCESSOR WITH HYPER-THREADING?
---

The earliest of these Intel processor models were launched in September
2015.  If your processor is older than that, it will not be an Skylake
or Kaby Lake processor and you can just ignore this advisory.

If you don't know the model name of your processor(s), the command below
will tell you their model names.  Run it in a command line shell (e.g.
xterm):

grep name /proc/cpuinfo | sort -u

Once you know your processor model name, you can check the two lists
below:

  * List of Intel processors code-named "Skylake":
http://ark.intel.com/products/codename/37572/Skylake

  * List of Intel processors code-named "Kaby Lake":
http://ark.intel.com/products/codename/82879/Kaby-Lake

Some of the processors in these two lists are not affected because they
lack hyper-threading support.  Run the command below in a command line
shell (e.g. xterm), and it will output a message if hyper-threading is
supported/enabled:

  grep -q '^flags.*[[:space:]]ht[[:space:]]' /proc/cpuinfo && \
echo "Hyper-threading is supported"

Alternatively, use the processor lists above to go to that processor's
information page, and the information on hyper-threading will be there.

If your processor does not support hyper-threading, you can ignore this
advisory.


WHAT SHOULD I DO IF I DO HAVE SUCH PROCESSORS?
--

Kaby Lake:

Users of systems with Intel Kaby Lake processors should immediately
*disable* hyper-threading in the BIOS/UEFI configuration.  Please
consult your computer/motherboard's manual for instructions, or maybe
contact your system vendor's support line.

The Kaby Lake microcode updates that fix this issue are currently only
available to system vendors, so you will need a BIOS/UEFI update to get
it.  Contact your system vendor: if you are lucky, such a BIOS/UEFI
update might already be available, or undergoing beta testing.

You want your system vendor to provide a BIOS/UEFI update that fixes
"Intel processor errata KBL095, KBW095 or the similar one for my Kaby
Lake processor".

We strongly recommend that you should not re-enable hyper-threading
until you install a BIOS/UEFI update with this fix.


Skylake:

Users of systems with Intel Skylake processors may have two choices:

1. If your processor model (listed in /proc/cpuinfo) is 78 or 94, and
   the stepping is 3, install the non-free "intel-microcode" package
   with base version 3.20170511.1, and reboot the system.  THIS IS
   THE RECOMMENDED SOLUTION FOR THESE SYSTEMS, AS IT FIXES OTHER
   PROCESSOR ISSUES AS WELL.

   Run this command in a command line shell (e.g. xterm) to know the
   model numbers and steppings of your processor.  All processors must
   be either model 78 or 94, and stepping 3, for the intel-microcode fix
   to work:

 grep -E 'model|stepping' /proc/cpuinfo | sort -u

   If you get any lines with a model number that is neither 78 or 94, or
   the 

Re: [DNG] devuan.org inaccessible two days

[Andrew McGlashan]

Hi,

On 20/05/17 01:00, Thaddeus Nielsen wrote:
> For the second consecutive day my end of the internet cannot find devuan.org

http://isup.me/devuan.org

It's fine for me...

Cheers
A.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] dovecot / exim4 / system users -- restriction of emails per user

[Andrew McGlashan]

Hi,

Okay, this is how I've managed to /mostly/ sort this problem; logging is
my friend and I can keep outgoing emails for verification.

I've adjusted an acl entry to add a temporary header as follows:

/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt

  accept
authenticated = *
add_header = X-Authenticated-User: Yes by example.org --
${authenticated_id} -- sender address: ${sender_address}

I also put that up a little higher in the config file to make sure I get
the header added.


That gives me a header to use in the /etc/exim4/system_filter

Then in the system_filter I have the following:


if $h_X-Authenticated-User: contains "Yes by example.org"
then
logfile /backup/mail/system_filter_all_mail/authenticated_emails.log
logwrite
"$tod_log\t$message_id\t$message_size\tX-Authenticated-User:
~$h_X-Authenticated-User:~\t-- reply address: $reply_address"
logwrite "$sender_host_address $sender_address"
logwrite "$reply_address"
logwrite "$h_to"
logwrite "$h_subject:\n\n"
logwrite "$sender_address_domain"
logwrite
"/backup/mail/system_filter_all_mail/authenticated/$authenticated_id/$sender_address_domain/$sender_host_address/.${tr{$sender_address}{.}{_}}/${length_99:${tr{$recipients}{.,\040}{_--}}}/"
unseen save
/backup/mail/system_filter_all_mail/authenticated/$authenticated_id/$sender_address_domain/$sender_host_address/.${tr{$sender_address}{.}{_}}/${length_99:${tr{$recipients}{.,\040}{_--}}}/
else
logfile
/backup/mail/system_filter_all_mail/non-authenticated_emails.log
logwrite "$tod_log\t$message_id\t$message_size"
logwrite "$sender_host_address $sender_address"
logwrite "$reply_address"
logwrite "$h_to"
logwrite "$h_subject:\n\n"
logwrite "$sender_address_domain"
endif


# Remove this specially added header as it should not be sent externally
to anybody
# as it gives away the user's authentication id (username)
headers remove "X-Authenticated-User"


Now, that works fine with normal usage, but I still need a way with
SquirrelMail -- that won't give me the authenticated_id  :(

Kind Regards
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Latest 64-bit Skype for Linux works with ALSA

[Andrew McGlashan]

Hi,

On 14/05/17 23:24, Joel Roth wrote:
> I installed the 64-bit .deb, and after some fruitless
> struggles with the apulse wrapper (microphone not detected) discovered 
> that Skype now works just fine with ALSA only.

Skype is a pox from M$  why not support alternatives?

Other options include, but I'm sure are not limited to:
  jitsi on the desktop
  and
  Signal (with VIDEO now) on mobiles...

btw LinkedIn is the same, more pox now owned by M$.

Cheers
A.



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] dovecot / exim4 / system users -- restriction of emails per user

[Andrew McGlashan]

Hi,

On 12/05/17 21:34, Arnt Gulbrandsen wrote:
> IIRC this isn't at all simple with that software. For mostly poor
> reasons that may have changed since last time I looked.
> 
> You could approximate it with a bit of hacking, though: Use exim to
> force a bcc to something like policyviolation@asdf, and use a generated
> sieve file for that address to check whether anyone's done anything
> forbidden. The generated sieve script needs a long list of clauses like
> this one, which permits aaa@asdf to use sales@asdf and blah@asdf in the
> From field:
> 
> if allof(envelope "from" :is "aaa@asdf".
> anyof(address "from" :is "sales@asdf",
>   address "from" :is "blah@asdf")) {
>drop;
> }
> 
> The default action at the end of a sieve script is to file into the
> inbox, so the end effect is that your policyviolation@asdf account
> receives only rule violations. Read that mail whenever you feel BOFHy
> and have a great day — one way or the other.

Okay, that's an interesting way to deal with it, thanks!

I've also thought about adding a header for the authenticated user, but
I don't want the actual usernames to be given away in emails that leave
the server.  Perhaps add the header, save the message and then remove
the header and let it transit on if that is possible; a bit like bcc
is there, then it goes and doesn't end up being actually included in the
source of a delivered email.

Kind Regards
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Linux 4.9 kernel

[Andrew McGlashan]

On 09/05/17 00:50, goli...@dyne.org wrote:
> There was an issue with backports not being pinned properly in the beta2
> (see: https://dev1galaxy.org/viewtopic.php?id=32). Or perhaps you have
> backports enabled?

Yes, that issue seems to hit the nail on the head; I'm sure that is why
I actually have a bunch of other bpo stuff on that box (not as many on
the new box).

# dpkg -l | grep bpo|wc -l
73

# dpkg -l | grep bpo|wc -l
11

Looks like I need to do some further investigation and decide if I want
to drop back to the non-bpo versions of packages.

Thanks all

Kind Regards
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Linux 4.9 kernel

[Andrew McGlashan]

On 09/05/17 01:04, KatolaZ wrote:
> On Tue, May 09, 2017 at 12:37:51AM +1000, Andrew McGlashan wrote:
> 
> [cut]
> 
>>
>> Start-Date: 2016-10-30  16:05:42
>> Install: linux-image-4.7.0-0.bpo.1-amd64:amd64 (4.7.8-1~bpo8+1,
>> automatic), firmware-linux-free:amd64 (3.3, automatic), irqbalance:amd64
>> (1.1.0-2~bpo8+1, automatic)
>> Upgrade: linux-image-amd64:amd64 (3.16+63, 4.7+75~bpo8+1)
>> End-Date: 2016-10-30  16:06:10
>>
> 
> Adam explained the arcane: you have linux-image-amd64 installed, which
> automatically points to the latest available kernel. That's probably
> why you got a backports kernel installed without you knowing that.

Yes, but both the old and the new boxes both have that meta package and
both have backports enabled.

Kind Regards
A.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Linux 4.9 kernel

[Andrew McGlashan]

Hi,

On 08/05/17 23:58, Andrew McGlashan wrote:
> I've got good logs, now I'll try to work out exactly when it was
> installed (4.9) and if there were any other packages that were done at
> that time.

The /var/log/apt/history.log.N.gz files have the following:

Start-Date: 2016-10-26  06:43:14
Commandline: apt-get upgrade
Upgrade: linux-image-3.16.0-4-amd64:amd64 (3.16.36-1+deb8u1,
3.16.36-1+deb8u2), libgd3:amd64 (2.1.0-5+deb8u6, 2.1.0-5+deb8u7),
tar:amd64 (1.27.1-2+b1, 1.29b-1~bpo8+1)
End-Date: 2016-10-26  06:43:30

Start-Date: 2016-10-27  00:49:49
Commandline: apt-get upgrade
Upgrade: tzdata:amd64 (2016f-0+deb8u1, 2016h-0+deb8u1)
End-Date: 2016-10-27  00:49:50

Start-Date: 2016-10-30  16:05:42
Install: linux-image-4.7.0-0.bpo.1-amd64:amd64 (4.7.8-1~bpo8+1,
automatic), firmware-linux-free:amd64 (3.3, automatic), irqbalance:amd64
(1.1.0-2~bpo8+1, automatic)
Upgrade: linux-image-amd64:amd64 (3.16+63, 4.7+75~bpo8+1)
End-Date: 2016-10-30  16:06:10


And this from /var/log/apt/term.log.N.gz

Log started: 2016-10-30  16:05:42
Selecting previously unselected package firmware-linux-free.^M
(Reading database ... ^M(Reading database ... 5%^M(Reading database ...
10%^M(Reading database ... 15%^M(Reading database ... 20%^M(Reading
database ... 25%^M(Reading database ... 30%^M(Reading database ...
35%^M(Reading database ... 40%^M(Reading database ... 45%^M(Reading
database ... 50%^M(Reading database ... 55%^M(Reading database ...
60%^M(Reading database ... 65%^M(Reading database ... 70%^M(Reading
database ... 75%^M(Reading database ... 80%^M(Reading database ...
85%^M(Reading database ... 90%^M(Reading database ... 95%^M(Reading
database ... 100%^M(Reading database ... 37528 files and directories
currently installed.)^M
Preparing to unpack .../firmware-linux-free_3.3_all.deb ...^M
Unpacking firmware-linux-free (3.3) ...^M
Selecting previously unselected package linux-image-4.7.0-0.bpo.1-amd64.^M
Preparing to unpack
.../linux-image-4.7.0-0.bpo.1-amd64_4.7.8-1~bpo8+1_amd64.deb ...^M
Unpacking linux-image-4.7.0-0.bpo.1-amd64 (4.7.8-1~bpo8+1) ...^M
Preparing to unpack .../linux-image-amd64_4.7+75~bpo8+1_amd64.deb ...^M
Unpacking linux-image-amd64 (4.7+75~bpo8+1) over (3.16+63) ...^M
Selecting previously unselected package irqbalance.^M
Preparing to unpack .../irqbalance_1.1.0-2~bpo8+1_amd64.deb ...^M
Unpacking irqbalance (1.1.0-2~bpo8+1) ...^M
Processing triggers for man-db (2.7.0.2-5) ...^M
Setting up firmware-linux-free (3.3) ...^M
update-initramfs: deferring update (trigger activated)^M
Setting up linux-image-4.7.0-0.bpo.1-amd64 (4.7.8-1~bpo8+1) ...^M
I: /vmlinuz.old is now a symlink to boot/vmlinuz-3.16.0-4-amd64^M
I: /initrd.img.old is now a symlink to boot/initrd.img-3.16.0-4-amd64^M
I: /vmlinuz is now a symlink to boot/vmlinuz-4.7.0-0.bpo.1-amd64^M
I: /initrd.img is now a symlink to boot/initrd.img-4.7.0-0.bpo.1-amd64^M
/etc/kernel/postinst.d/initramfs-tools:^M
update-initramfs: Generating /boot/initrd.img-4.7.0-0.bpo.1-amd64^M
...
...
...



The 3 3.16 kernel upgraded on the 26th of October (normally), then the
4.7 kernel was an "automatic" install no "Commandline:" entry?


It doesn't look like I manually chose to update, other than accepting
what was presented by perhaps "aptitude safe-upgrade -V" option.

Strange

Kind Regards
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Linux 4.9 kernel

[Andrew McGlashan]

On 08/05/17 23:33, Adam Borowski wrote:
> On Mon, May 08, 2017 at 02:10:12PM +0100, KatolaZ wrote:
>> apt does NOT automatically update your kernel major version, for the
>> simple reason that the kernel package contains the version in its
>> name, so apt would not have any clue about the fact that
>> linux-image-3.16.0-whatever and linux-image-4.9.0-whatever are related
>> packages. And this is actually done on purpose, and for very good
>> reasons ;)
> 
> And if you want to actually do auto-upgrade kernels, install
> "linux-image-amd64", it depends on the latest non-experimental kernel
> package.

Yes, that same package is installed on both servers.  The second server
was set up.

dselect was installed
 - it was ran and updated to learn about available packages

dpkg --set-selections was ran against a --get-selections from the older box.

And an upgrade was done after the new selections were setup.

In the end, the old box has the 4.9 kernel and the new box has the older
(standard) one.

I've got good logs, now I'll try to work out exactly when it was
installed (4.9) and if there were any other packages that were done at
that time.

Thanks
AndrewM



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Linux 4.9 kernel

[Andrew McGlashan]

Hi KatolaZ,


On 08/05/17 23:10, KatolaZ wrote:
> On Mon, May 08, 2017 at 10:55:07PM +1000, Andrew McGlashan wrote:
> jessie ships with a 3.16 kernel, so the most plausible way you could
> have got a 4.9 kernel from backports in the other jessie box (or was
> it wheezy?) is by:
> 
>   # apt-get install linux-image-4.9.0-whateverversion
> 
> apt does NOT automatically update your kernel major version, for the
> simple reason that the kernel package contains the version in its
> name, so apt would not have any clue about the fact that
> linux-image-3.16.0-whatever and linux-image-4.9.0-whatever are related
> packages. And this is actually done on purpose, and for very good
> reasons ;)

The other box started life as Devuan, using the same ISO as the new box
(from way back then).  So, both boxen are Devuan from the start, not any
kind of migration from Wheezy or even Debian Jessie.

I must have deliberately installed the 4.9 kernel manually, I just don't
remember doing so and why I would have done it.

Thanks
A.



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng