Re: [DNG] Announcing Devuan 4.0: Chimaera!
Congratulations to all who were involved and helped making this awaited milestone a reality! Having upgraded from beowulf to chimaera on a long-standing system, in which everything was most likely to break, the most time-consuming steps I encountered were: * Loads of customised configuration to update based on new configuration templates * A few stopped services I forgot to decommission, inducing failures on package update restart hooks * A poorly written network pre-up hook managing DHCPv6 which back-fired All in all, a rather smooth upgrade overall, even though it might be too soon to be peremptory about it. It also be be noted that this was a server, hence a rather "simple" environment, involving no GUI nor fancy network management tools. As an anecdote, I (re?)learnt about the "proposed" repository thanks to the release notes ! (o: I wish you all a great week, Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Twitch and 2FA (TOTP)
As it is an object coming generations can't imagine living with, this message is/will be widely accepted without a thought. with -> without, of course. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Twitch and 2FA (TOTP)
- Twitch only supplies a QR code - Twitch forces the use of Authy 2FA Something very important is implied there, and probably only a few will notice it: there is a requirement for a smartphone. Smartphones are notoriously known for: - Being a closed/proprietary environment: * hardware * OS (unless jailbreaked) * Application "stores" - From the previous point, being an easy target for vulnerabilities - Being incredible eavesdropping enablers - Being incredible privacy intrusion enablers At the same time, emails are discarded as being unsafe/unenough for 2FA... but isn't it because *how* people/moral entities use emails (no DNSSEC, using external email providers - not mentioning GAFAM, cleartext)? Are smartphones more secure than emails? To people answering yes to the previous question: really?! With the pretext of "security" slowly comes the forced-fed ownership of smartphones. As it is an object coming generations can't imagine living with, this message is/will be widely accepted without a thought. This. This scares the shit outta me. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Git learning -- Was: devuan gitea broken?
the freely taken choices aren't that much nowadays unless you Have I said "freely taken"? (o: Choices are made anyway, and it's important to own them. I'll come back to you as soon as I start again to mess with the android code base. Thanks for your time and effort. Looking forward to it! Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Git learning -- Was: devuan gitea broken?
Yes, but I don't have the time to learn the git-fu at the moment. I usually prefer to say "I don't *take* the time", because there is plenty of time; it's just a series of choices (some of them not being freely taken) on what to allocate it for that matters. Said otherwise, you'll never take the time to learn something until you decide to allocate time for it. Hit me up privately if you want a (quick?) session about the basics of Git, so you'd be able to see changes, write them and pull from/push to repositories (ie any other Git repository you got access to out there - decentralised!). I'm readily available/motivated to share such important knowledge, and the basics could be covered in, say, 30 minutes hands-on. Of course, if/when you'll start pulling on the thread of specifics to discover/learn, the required time will grow exponentially :o) Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: Upcoming compatibility problem of oldstable (and older) vs. certificates from Let's Encrypt
Hello Adrian, The issue has been recently resolved by the LTS Team, see LTS Advisory DLA-2761-1 an DLA-2760-1. [1] It seems that OpenSSL problem is merely addressed by DLA-2761-1; DLA-2760-1 deals with another package. As far as I can tell, the reported issue on Debian-LTS List is also relevant for Devuan jessie, ascii and beowulf. As far as I can tell, there is no v1.0 of OpenSSL in beowulf, as the transition between v1.0 & v1.1 was done in stretch (ascii). Moreover, that problem could only arise in stretch (ascii) if the TLS certificate agent was/is running against OpenSSL v1.0 and not v1.1; if the agent has been updated in the past 4 years, it was probably not the case anymore... and if it wasn't updated in the past 4 years, why are people even using that anymore? (o: Thanks for the piece of information, though. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] changing init systems on Debian
Just a heads-up: there's a discussion on the debian-doc mailing list about providing instructions on switching init system away from systemd. It may end up being a link from the release notes to a wiki. I guess the TL; DR" will be: WONTFIX :oD I hope Devuan will survive, as a project defined by the synergy of active people maintaining it. It is easy to laugh. It is hard to provide alternatives, especially on the long term. Keep up the good job people. You know who you are. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Microsoft: Really? Yes. It's all about vapour
Foreseable, foreseen, and now happening. It is the logical and predictable move away from local installed instances on own hardware to everything "cloud"/vapourous. Said move is *not* user-focused (despite marketing - aka "bullshit" - about "simplicity" that will ensue), but is operator-focused... as the whole "cloud" thing is: it eases things for the service provider on many levels. Welcome to the Software-as-a-Service world. This has been the go-to cash cow for 10-15 years or so: you do not own things anymore, as you rent them. Almost guaranteed continuous income as the vendor lock-in is even more violently ensured: stop to pay and you lose everything. The longer you stay, the more effective the effect, as habits and stored data grow. Rents. Coercion by attrition of other means. No need to add value when people cannot go around your scam. Invented by <...> ages ago. Adoption growing each and every day. On a M$ business roadmap note, it was a foreseeable move from the CEO which has pushed for unification and cloud-based since his arrival. - Azure - End of Windows Phone (it will come back, with a unified Windows) - Office 365 - Windows 365 The gap is ever groing between people who understand what they are doing and ask for budget control and the mass consumer who has no idea nor who cares about what (s)he consumes, provided it's easy, immediate, and resonates well with his/her most immediate wishes. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] malfunctioning graphical application
[...] powering down the computer, letting it alone for 30 seconds [...] All this stuff costs you 10 to 15 minutes and rules out a lot. I would also suggest burning incense and jumping on one foot counter-clockwise around the desk chair while making chicken sounds. The last time I did maintenance, I followed all that, and my problem ended up solved, hence I concluded these steps helped ruling out a lot of problems. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Need openssl for this week's fetchmail vulnerabiltiy fix
# apt-get source openssl Reading package lists... Done E: You must put some 'source' URIs in your sources.list Have you run apt-get update after having modified sources.list? # cat /etc/apt/sources.list ## package repositories deb http://deb.devuan.org/merged beowulf main deb http://deb.devuan.org/merged beowulf-updates main deb http://deb.devuan.org/merged beowulf-security main deb http://deb.devuan.org/merged beowulf-backports main ## source repositories deb-src http://deb.devuan.org/merged beowulf main deb-src http://deb.devuan.org/merged beowulf-updates main deb-src http://deb.devuan.org/merged beowulf-security main deb-src http://deb.devuan.org/merged beowulf-backports main Your sources are correct, even overkill as pointed out by others. For the openssl sources, you only require: deb-src http://deb.devuan.org/merged beowulf main Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] routine ascii upgrade mysteriously on hold
On 31/07/2021 22:03, Hendrik Boom wrote: I'm practicing upgrades on my spare laptop, getting ready for doing my server upgrade from ascii to beowulf.. They are both running ascii. Starting, of course, by making the ascii up to date still as ascii, before I try tye upgrade to beowulf. Having trouble doing even this innocuous act. I tried starting by using interactive aptitude to just update and upgrade. After changing your sources to point to the new release, have you run "apt-get upgrade" or "apt-get dist-upgrade"? It looks to me as if you did the former. Only to discover that *every* package that might be upgraded was "held", and could therefore not be upgraded even though newer packages were available. What could be causing this? Or rather, how should I go about trying to track down the origin of these holds/this mass hold? Packages might be held back in several situations, for instance when download fails or checksum mismatches. In your case I would guess it is because dependencies of the held back packages have changed. The "dist-upgrade" action handles that, not "upgrade". To check your current state, you could always run "apt-get check" or "aptitude why-not ". To fix the current situation, you could run the "dist-upgrade" action, which is the official, documented way of doing release upgrades (cf. https://www.debian.org/doc/manuals/debian-faq/uptodate.en.html#apt). That will also take care of the cleanup, ie will offer to remove packages. Check what it tells you to do before accepting (and maybe run it with the "--simulate" option?), especially having a look at the proposed packages removal. You could also try "apt-get --with-new-pkgs upgrade", which should download the new dependencies (in case that is your problem), but I suspect it will leave litter behind. I suggest this only as a possibility, but would encourage you to follow the best practice stated above. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Nasty Linux systemd security bug revealed
I've found a discussion between a developper and Lennart Poeterring in which LP recommends the addition of this kind of functions in Musl libc (which will certainly never happen). It's slightly amusing how the author of such a critical software as systemd lacks a culture of security. Many things he lacks if I would say. For CVE-2021-33910, maybe could we direct him towards a website to enlarge his culture? Say... StackOverflow? Ba-dum-tss Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Nasty Linux systemd security bug revealed
https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/ I'll be projecting myself here, but I reckon sharing the original source rather than journalistic articles whenever possible is best towards a tech-savvy audience. The source (included in above article) is here: https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/cve-2021-33910-denial-of-service-stack-exhaustion-in-systemd-pid-1 That said, thanks for sharing! Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] RFC: minimal-live iso changes for chimaera
I've used transmission in the past but currently use deluge. Both have a gui, whereas AFAIR them as relatively klunky. YMMV. I have been a user of Transmission for years, because license, features and history talk for it. I just checked Deluge on those and it seems decent too (despite the fact there is apparently some Python bake into). IIRC, both use a client-server model. It is great on a server, but I guess the idea of the minimal-live is to server as a showcase/demo instance on a user-facing machine. Isn't a standalone "hard" client what is sought there? If those are the only options, then Transmission might have a killing feature: on top of the remote cli client, there also is an integrated Web GUI available on the daemon: really handy, at no extra cost. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Refracta have a static IP
Hmm, that's new since I last **needed** to look in the man page for it - don't tell me you look at man pages for stuff you already know how to do, each time you do it ? I suppose ending up on a mailing list means you're looking for answers, hence there is by definition something you do *not* know (anymore). I guess the first step would be to realize you might *have known*, but not anymore. IMHO the first step shall ideally be (up-to-date) RTFM if you seek to be efficient, especially dealing with (others') time. Looks like "deprecated" was added between ascii and beowulf. Checking my next oldest system (Debian Wheezy), I see that it includes CIDR format. Guess it's a while since I last needed to check the man page for that ! I suppose surprises like that happen more often than one thinks! A common personal example is new options being introduced in a tool in order to solve something I am (re)trying to work around the hacky/ugly way. Perhaps it's time for the relevant package to spit out some notice level logging when it hits deprecated options ? I can't imagine the volume of information that would produce on system upgrades, even updates packs. Unreadable, if you ask me: Too much information = No information, as it will be discarded. Happy network configuration, Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Refracta have a static IP
..could this be as simple as: address 192.168.0.199/24 #??? Yes No, in /etc/network/interfaces it needs a net mask line like this : auto eth0 iface eth0 inet static address 192.168.nnn.nnn netmask 255.255.255.0 gateway 192.168.nnn.nnn No RTFM? Documentation states, for both INET & INET6 families: address address Address (dotted quad/netmask) required netmask mask Netmask (dotted quad or number of bits) deprecated Are we really debating how to configure network addresses without first searching in the man pages? I hope no-one is giving speeches in the whole lot :oP The only things which are not documented in the "interfaces" man page is how the default value for optional directives is computed. In doubt, specify those, but they are technically not required. Welcome to "default values" wonderland. Happy documentation reading, Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Distrowatch user satisfaction stats
To be honest, I never heard of distrowatch before. There are 221 reviews on Devuan, though. 221! People seem to know the place, and going full steam tu use it to share with the world! We must be doing something right!! :D Taking Debian, which had solid basis in the past, and fixing the crap introduced by poor leadership and catastrophic GR? Feels strange people eventually like the result, right? Oh, wait. Kudos to all the quiet hard workers behind that success! Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] (Anti-?)Society evolution - Was: Multiple resignations from Freenode's staff ??? New drama shake the opensource
Thanks for that interesting point of view Mark. We concur on he consumerism part, but it seems we differ on the individualism. It seems to me both are intertweened, despite not being sure if there is causality beyond a hunch, and if so, which way(s) it is at work; I have a feeling one feeds the other but the logic seems brittle, still. Allow me to give a try at explaining how I see this might work. I will only add that: consumerism is passive. It's the infamous tale of the "paradise" life of pig living in a farm: infinite food, shelter, healthcare, and nothing required of it. Being passive and self-oriented (self wealth, comfort, interests, etc.), it is not oriented towards others. You focus on the product and its price, not the producer. Following that logic, consumerism fuels self-importance, which in turn leads to: - disconnection from/to others, especially caring about them through the consequence of your (lack of) actions; lack of empathy - unwillingness, then inability to actually *drive* things, to participate in an unincentivised matters from which there is nothing personal to gain; lack of generosity and selflessness That would be my way of explaining why/how consumerism leads to individualism. Once you're individualistic, once you forgot your gregarious origins, what is there left to feel happy, beyond consuming products/services? It thus seems only logical individualism fuels consumerism. And you got your vicious circle initiated, whatever end it started with. The only way i see it can be broken is when you remember you are not alone, and what you do (not do) has impact on others. Always. The bright side would be this can happen at any time in the self-feeding loop to break it, which makes exiting it rather "easy", or at least not much more than entering it in the first place. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Multiple resignations from Freenode's staff ??? New drama shake the opensource
there are lawyers-threats involved and he took infra too. so it's not that simple/light as you're presenting it. To the best of my knowledge, the muppet got *access* to operations, yes. For the hosting part, staffers have repeatedly confirmed the hardware was donations from third-parties, with no contract/paperwork tying them in any way to this corporation thingy, which is just really a shell. As for the software, it's FOSS (FLOSS, even?), maintained and even developed/improved by said staffers over time, on their free time, without contract or ties of any sort either. If hardware and/or people was/were to shift purpose, the ego-maniac stirring all that crap would (will?) be powerless. It feels all like a legal scam. The problem being, and the reason why staffers resigned and moved on to another project, is that said ego-maniac seems to have money, and hence could be able to drown/stretch any legal action over time, requiring a lot of effort/stress/money to fight, resources staffers do not seem equipped with. IMHO all threats are void, and the takeover will fail, damaging the freenode name, removing from public access a long-standing, well-identified name of ever-working IRC services. This man seems to be a vulture, wishing to capitalize on the domain name's worth. He doesn't seem to realize the value is in the underlying services, which are not his. That's only logical, as ego is by nature not an expression of rationality. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Multiple resignations from Freenode's staff ??? New drama shake the opensource
It's a spelling change! Thanks Rick, for this lighthearted take on this! Very much welcome and appreciated on my part. It appears that Mr. Lee's corporate entity "freenode Limited" has, at least for now, Registrant status for three Internet domains, freenode.net/org/com. Mr. Lee appears to have no other assets relevant to what until now was called Freenode and, probably by the end of Thursday, his time, his three Internet domains will point to no Internet infrastructure, as it will all disaffiliate and reconstitute itself as "LiberaChat" -- as is happening in real time as I write this. This actually is the "dream" of any infra person facing a relentless ego-bloated hijacker above in such a situation. As you pointed out, it's not an isolated incident, and I also witnessed that happening years ago amongst aviation simmers/enthusiasts at IVAO. ivao.org attempted hijacking by the domain owner, which resulted in a split and a move to ivao.aero... which then hosted the actual infra. ivao.org promised it would continue services, called for staff to remain, but the technical know-how and assets actually slipped between that guy's fingers. Today, ivao.org is an empty shell, progressively forgotten by elders and unknown from the newcomers. Sounds familiar? (o: I do hope that change does not hurt IRC use more than it was already, albeit I somehom know it does/will. IRC is not popular amongst the masses anymore, as the general population get more and more individualistic, and does not think nor care about principles behind the products they seek using, usually proprietary, free of charge or not. Grab the pop-corn, Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FSF and human rights
This is by far the best analysis of how the first GR vote went down: Combatting revisionist history http://forums.debian.net/viewtopic.php?f=20=120652 Thank you a lot for that golinux! > There was never a systemd debate Yup. > [...] the discussion becomes fractured and disjointed, in what is literally the textbook definition of bikeshedding Yup, yup. Yup. Bookmarking that and sharing that around next time and/or with folks it feels necessary. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] network measurement
I thought the original question called for real-time "active" CLI
monitoring.
MTR is a useful tool for visualising data, either on it's own with your own
hand-rolled scripts, or with Cacti. You can pick up interface traffic stats
from somewhere in /proc/net - or Cacti will (IIRC) automate that for you (but
only does down to 5 minute resolution by default).
If solutions like passive monitoring are to be experimented, as per the
"classic" observability toolkit, I would recommend using Prometheus
(https://prometheus.io/ + its node exporter
https://github.com/prometheus/node_exporter); default data collection
("scrape") interval is 15s, configurable. A visualisation tool like
Grafana (https://grafana.com/) can then be used over HTTP to access
stored data.
Basically anything from /proc, including network traffic information, is
natively supported, hence monitoreable.
Bernard (Beer) Rosset
https://rosset.net/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Which beowulf iso to get a manual partitioner
I have recently run both the beowulf 3.0 and 3.1 desktop iso to carry out installations of a new system. Both of these isos do not provide a manual partitioner and the 'auto partitioner' randomly fails to mark any disk as a boot disk. You end up with a dummy grub install, which is an error and there no way, that I can find to break out and do this manually. I never ran the install from a live desktop image, which seems to follow a specific process. I would suggest you use one of the installer ISO, either the full (desktop), the netinstall or the minimal (server) one. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Advice to migrate from Beowulf to Chimaera
I would suggest dpkg -S instead of apt-file find, which matches prefix, not exact file. I would also filter on the package name and ensure unicity. Also, never log in as root. It has been brought to my attention I was wrong: dpkg -S doesn't require privileges and runs fine in userland. Hence, scratch that part of my previous message. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Advice to migrate from Beowulf to Chimaera
find /usr/bin -atime +360 | xargs -l1 apt-file find | sort
I would suggest dpkg -S instead of apt-file find, which matches prefix,
not exact file. I would also filter on the package name and ensure
unicity. Also, never log in as root.
Here would me my quick & dirty take at your command chain:
find /usr/bin -atime +360 | xargs -l1 sudo dpkg -S | awk -F ':' '{print
$1}' | sort | uniq
Bernard (Beer) Rosset
https://rosset.net/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] dns resolver
or if you prefer less typing "ss -lnp | grep -w 53". Rather than doing external filtering, you can also use the ipfilter baked-in syntax: ss -lnp 'sport = :53' (listening, hence "source port" notion is reversed) (you could also append -t or -u options to filter repectively on TCP or UDP if that was wished) Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Screen flickering
I would boot from an installation USB / CD (preferably the one you set the machine up from) and go into Rescue Mode, and see whether the hardware still continues behaving the same way. I just did that on the latest Devuan Beowulf Live distro (kernel 4.19.0-14), and... no flickering! Booting back on the internal disk... No flickering. I just don't get it. Would it be hardware/cable-related in the end? *sighs* Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Screen flickering
I would boot from an installation USB / CD (preferably the one you set the machine up from) and go into Rescue Mode, and see whether the hardware still continues behaving the same way. That means you're testing it with the versions of kernel / modules / boot loader / etc as you did when you set it up, without any updates. Good idea! I just did that on the latest Devuan Beowulf Live distro (kernel 4.19.0-14), and... no flickering! Kinda a relief, if you ask me... Now, where to start to look for the software defect? Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Screen flickering
When connected to an external monitor, does that monitor show the flickering, too? That is my case already: I am using the internal display + an extra one. No sign of trouble on the external one. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Screen flickering
Something I guess is important that I forgot to add: The flicker started happening after the screen went black during a session lock phase (screensaver was running on the other screen). I had to reboot to make the laptop's screen come back, only to have it flicker. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Screen flickering
Recently the screen of a Dell Latitude 7400 laptop I have (which is running Devuan) started flickering. I tried to deactivate/reactivate it (got a second monitor), unplug it to let it run w/o charger, change the display's frequency... you name it. I also tried to reboot on the previous 4.19.0-14 kernel, to no avail. Could it be due to some update or it necessarily hardware fault-related? What caught my eye is that the 1st time I tried rebooting it was doing that on the GRUB screen. Since then, not anymore then. Are there modules to look for/disable? What else is there to try? Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] FSF, RMS and a danger to almost all GPL code
On 02/04/2021 19:46, Mason Loring Bliss wrote: On Thu, Apr 01, 2021 at 08:39:30AM -0400, Steve Litt wrote: Didier Kryn said on Wed, 31 Mar 2021 12:07:50 +0200 cancel-culture Please don't use that phrase, unless you're the second coming of Rush Limbaugh. It's an ugly, Foxnews/right wing radio epithet for the time-honored practice of boycotting, perhaps the last tool of power for the average citizen. This bears some discussion. This notion of "cancelling" someone is different. It's aimed at an individual, and it generally seeks to do them harm - see them out of a job, for instance, beyond public humiliation. aka "justice by the mob" It's worth using the phrase "cancel culture" because it's very different from a boycott Yup, although beyond the whole "moral person" or "physical person" difference, an individual boycotting a company will always be on the weak side, hence it can be seen as exercising some rights. On a case of a mob against target individual, the mob will always be on the strong side. This is radically opposed. However, that is not even enough to explain it. The most worrysome aspect of cancel-culture is the aspects you quoted earlier. Victims (real, alleged or even just remotely feeling so) claim the right to fight back on a personal level, therefore becoming bullies. - There is public humiliation. - The target shall lose his/her job. - Beyond work, (s)he shall be barred from having a normal life anymore, getting "tagged" as bad anywhere, including in any casual or leisure location, having his/her reputation destroyed. - (S)He must "pay the price", although his/her wrongdoing is not clearly established and/or debatable and "the price" to pay is limitless. In a way, this is the same logic as "lock him/her up": prison is the final destination. You switch in a binary logic from white to black, and the stain is eternal. No rehabilitation, only pain until you withdraw, and eventually you die. Cancel-culture is such a prison without walls. Once you're targeted, you bear the stain for life. Anyone engaging in that is blinded by hatred, fear and/or pain. So, there's the problem. What are possible answers? Justice. Final sentence (destroying a life for good) without cause (basing oneself on circumstantial evidence, if any), without debate nor cross-examination (not all parties are heard nor tried equally), without an exit (pre-determined sentence). That is the exact opposite of any sound juridical system. The answer has always been the same: forbidding harassment and trial by a mob, making people seeking justice to bring any claim in a judicial system, which will deal with any legal offence swiftly, according to a set of laws which content is known and pre-determined at the moment of the trial. Justice. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] rm not freeing space
Marc,
So far, the only factual data does not show any problem, and the only
input stating something is wrong is actually you saying that.
My previous piece of advice with sfill was to kinda force *all* the free
space to be allocated, then released... Kinda desperate measure, which
would indicate something *very* wrong with the ext4 filesystem you use
on that disk.
Before going further, I guess the problem shall factually be
demonstrated. Here is what I suggest:
1°) sudo du --block-size=512 -s /mount/point
2°) sudo find /mount/point -print0 | xargs -0 ls --block-size=512 -ds |
awk '{print $1}' | paste -sd+ | bc
This should compute the size of all resources without dereferencing
links. Make sure no supplemental mount is made inside the hierarchy
you're inspecting.
Hopefully results are the same.
Bernard (Beer) Rosset
https://rosset.net/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] rm not freeing space
You are correct. I used '+L' NOT '-L'. I would add -nP -> "lsof -nP +L1" If negative, I would go for the ugly path, grep'ing lsof's output on "deleted" or "(deleted)". Past this point, if space of alleged deleted files is not cleared... I wonder. Even ext2 should do the trick. If not ext4, I would upgrade to it by changing the flags with the help of tune2fs. I am especially surprises by the fact that you stated you could unmount the volume and remount it, still without seeing free space improvement... Are you positive you deleted the real files, and not mere links to them? I would make sure by using du to seek for actual disk usage location. In a last, desperate resort, I would try to force allocation/release of free space through sfill Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Is RSA broken? Or is it a hoax?
Try this: https://www.schneier.com/blog/archives/2021/03/no-rsa-is-not-broken.html Thanks Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Is RSA broken? Or is it a hoax?
This is what the last line of the abstract claims; however the whole paper goes beyond my understanding. https://eprint.iacr.org/2021/232.pdf Any way, pushing for ECDSA or even EdDSA, both of which are more and more supported out there (and have been for a almost a decade already), is IMHO the most future-proof take. Bernard Rosset https://rosset.net/ smime.p7s Description: S/MIME Cryptographic Signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What does this remind you of?
See https://wiki.ubuntu.com/AppArmor for a explanation. Ubuntu? What's that? Is that the thing they use in North America 'cause they never heard of Debian? There is https://wiki.debian.org/AppArmor too, it seems (never read it). Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] /etc/debian_version
Debian : lsb_release -a Distributor ID: Debian Description: Debian GNU/Linux 10 (buster) Release: 10 Codename: buster cat /etc/debian_version 10.7 aptitude show base-files Package: base-files Version: 10.3+deb10u7 Essential: yes State: installed ... Description: Debian base system miscellaneous files ... devuan : lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Devuan GNU/Linux 3 (beowulf) Release: 3 Codename: beowulf cat /etc/debian_version 10.0 While the system is up to date, debian_version is misleading. This is more a bug than a feature. It takes some digging to see that. The referencing to debian is not consistent. I concur on this. Better the file /etc/debian_version is missing @devuan than it is wrong. That, however, may be debatable (would potentially break things?). Since Devuan only repackages the minimal subset possible of Debian packages to free them from that systemd garbage, wouldn't it be possible to stay relatively close to the upstream minor version? Maybe by the means of automated grabn check & recompile an incremented patch version whenever needed? This could be automated in a compilation farm, such as Jenkins (since GitLab's CD is not being used for the project). Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [FLASH] THE UNITED STATES CONGRESS HAS FALLEN
Domain Name: cock.email Registry Domain ID: e7d6e891090e47ccb65b201be0af6158-DONUTS Registrar WHOIS Server: whois.regtons.com Registrar URL: http://regtons.com Registrar: GRANSY S.R.O D/B/A SUBREG.CZ Registrar IANA ID: 1505 Registrar Abuse Contact Email: ab...@regtons.com Registrar Abuse Contact Phone: +420.734463373 Reseller: OvO Systems Ltd Name Server: ns1.cock.li Name Server: ns2.cock.li If you care about getting in touch with the provider about : - 37.120.193.123 - 37.120.193.124 - 2001:ac8:7d:1e::c0cc:2 - 2001:ac8:7d:1e::c0cc:3 Secure Data Systems SRL ab...@s-data.ro Str. Sf. Gheorghe 44 013124 Bucharest ROMANIA +40724358955 Personally, I'd block all this provider's ranges altogether: - 37.120.128.0 - 37.120.159.255 - 37.120.192.0 - 37.120.231.255 - 37.120.240.0 - 37.120.243.255 - 37.120.248.0 - 37.120.255.255 - 94.176.6.0 - 94.176.7.255 - 2a02:ae40::/29 Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Your system is not supported by certbot-auto anymore.
Other than a manual install, are there any alternatives? I am interested to hear how others are doing this. Isolate the application in a trashable environment. Cue containers. That's what I did followed answers in the 'snapd in Devuan? Dependency on systemd' thread. My host systems barely suffer from native packages' pollution anymore. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Obviousness (was: Let's Encrypt (was: snapd in Devuan? Dependency on systemd...))
It makes me sad that this view is deemed 'contrarian'. As a sysadmin, I consider it obvious common sense. I have no idea if it is contrarian or if it is the silent majority of opinions. However the opinion being more vocal definitely seems to be the one encouraging TLS encryption. The most vocal opinion tend to appear as winning or having won the ticket... that way of seeing things creates problems if a silent majority exists and when it suddenly expresses itself. I guess recent times tried to teach us lessons about that. If it can help you understanding the world better, there are no such things as "obvious" nor "common sense". Those are made-up stances which bring the comfortable and convenient consequence of avoiding debate. Don't get me wrong: we all are glad to join groups in which at least part of our opinions are externally validated. It just does not mean one's right. There will always be at least one person, amongst the billions crawling over this planet, having the exact opposite idea... and it does not imply that person is less sagacious or qualified than you are. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] snapd in Devuan? Dependency on systemd...
Certbot has removed support of certbot-auto for Debian-based systems (cf. https://github.com/certbot/certbot/blob/adacc4ab6dc63b024b17f0ec5adeb1adc9f93300/certbot-auto#L802). Official instructions for Debian (https://certbot.eff.org/lets-encrypt/debianbuster-other) tell to use the snapd package (https://packages.debian.org/buster/snapd)... which depends on systemd and has not been rebuilt separately for Devuan yet. Is there any plan to do so? I know making the list of repackaged packages grow is troublesome for maintenance future-wise... Cheers, Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Clarification please
*sighs* PIDfiles are not the right way to communicate with daemons. I stopped there. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Clarification please
That said, I've stopped using unbound and I'm using straight BIND as my local resolver lately. It's pleasant. From what we discovered about unbound during one of the meetings, I clearly do not trust that technology. Too bad: it was on my to-test list. However, unbound is recursive-only IIRC. Since I am most interested in authoritative NS technology, I have yet to test knot, of which I read good stuff. BIND is ol' do-it-all grand-daddy. A bit messy & overcomplicated to properly set up & manage to my taste. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] TB and Enigmail
It seems we're drifting away from the main subject. Count me in! Of course, my own way of eliminating GMail problems is: Don't use GMail, and you thereby magically avoid GMail problems. ;-> It's 2020. Snowden leaks started in 2013. . (Also, it seems to be stylized as Gmail, not GMail) It's increasingly hard to exchange e-mail between lesser known providers or even self-hosted servers and GMail accounts. ? If your emails are being refused by others, including major email hosters, I would kindly suggest you check you got at least correct SPF + DKIM entries. You can throw DMARC into the mix if you wish so, too. This does _not_ accord with my experience. In my experience, if you run a spam-clean and RFC-compliant SMTP operation and take modest anti-forgery measures (such as my domains' strongly asserted SPF RR), your mail domain will have no problem bidirectionally communicating with GMail / Googlemail -- without spamboxing or teergrubing, etc. I keep monitoring this situation, and it may change, but that is still my honest assessment from many decades of self-hosted SMTP smarthost operation. Yup. Own mail server here. The last problem I had was my server refused an email from some classic corporate suit-bearer (their line of work being IT)... because it was too big. Yup, Postfix's default envelope size limit is 1024 bytes (which is neither SI - 10.24 MB - or IEC - 9.77 MiB). You read correctly: someone tried to send me a >10 MiB email, mixing up email with a decent out-of-band file-transfer technology. (For the full story, the attachement was some popular slide-producing proprietary format. Had to accept 30+ MiB for that crap to arrive in my mailbox. Switched the parameter back to the default value right afterwards and never ran into such a problem anymore, with anyone.). I'd like to echo Rick's observation: Running a mail server is still totally doable. I say still, because the viability depends on there being a nontrivial pool of mailbox owner operated mail hosts. And it is bigger than mail - a good and free internet depends on reachable, static IPs with proper DNS names being held by the general population. So it is truly worth it to spend a few dollars a month to get a VPS/VM/staticVPN and do something with it. Like muscle and brain-cells, those things can disappear if you don't use them. Self-hosting, self-hosting, self-hosting (am I mimicking someone crazy shouting "deveopers" on stage?). Seriously: self-hosting. Oh, and cipher + forward-secrecy + out-of-band channels whenever required. It's saddening to assess how little is known by the general public (including people who actually work on technical matters in IT) about key technologies, like DNS (the mother/father of all) or email. One of my crusades for years: Yes, '+' is a valid email address character, please stop copy-pasting the same regular expression which denies it. A tiny glimpse on how inadequate mail-related Web forms usually are. Internet should not rely on a pool of self-hosted services. It shall become the Internet again, as in inter-net, inter-network, ie a myriad of hosts which are just that: hosts. Everyone hosting... his/her own services. Some technology has been there for 40 years now, and it's still deemed 'too complex' by people who actually don't care (but will never admit it with those words). Cue consumerism. Regarding mail: I have this hope that a personal mail server will become proper status symbol, and maybe even a heirloom. Rick will remember a mailing list called linux-elitists@ which didn't allow certain User-agents to subscribe. It would be nifty if there were a mailing list, with another pretentious title - say inet-lords@ or net-kings@ which only allowed posting from addresses starting with admin@ or, even better, abuse@ as these addresses are reserved and unlikely to be given out by providers... IIRC, some FreeBSD (NetBSD?) IRC channels do that with IRC clients. Apart from the fun of technically doing it, it might be seen as having fun at the expense of others, showing self-righteousness & definitely throwing off those who are different. Not very inclusive not showing social qualities like empathy. And definitely polluting the signal of technology serving (human) lives, not reverse. This kind of jokes works inside an air-tight group. Bernard (Beer) Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fonts trouble on beowulf
Sorry about this inadvertent message... Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Fonts trouble on beowulf
Having a setup running beowulf with an Xfce Desktop, and whatever theme I choose, I get white links on clear backgrounds. In applications that support it (like evolution), if I drift away from system fonts and switch back to them, the links are black (and readable!) again. This oddity also appear in another way when text is highlighted, which make it unreadable too. I remember having such fonts problem when ascii came out, but I do not recall the fix. I remember some themes were eventually corrected though. Any hints? Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Fonts trouble on beowulf
Having a setup running beowulf with an Xfce Desktop, and whatever theme I choose, I get white links on clear backgrounds. In applications that support it (like evolution), if I drift away from system fonts and switch back to them, the links are black (and readable!) again. This oddity also appear in another way when text is highlighted, which make it unreadable too. I remember having such fonts problem when ascii came out, but I do not recall the fix. I remember some themes were eventually corrected though. Any hints? Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Sort-of one-off thanks message
Thank you for those precious steps on how to swap a kernel version in an ISO! It will sure prove valuable to some people in the future. I wish I had known how to do that a month ago in order to install ascii on a Dell Latitude 7400, which Intel network chipset was not handled by the shipped kernel. Had to do buster -> beowulf (had not put my hand on any beowulf ISO), and... and due to some more difficulties, had to start from a minimal buster which proved problematic in the end :oD Glad to read you're joining us, and glad to read you're here to stay! Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Again, again: DMARC is a no-win problem for mailing lists
On 29/12/2019 06:30, Rick Moen wrote:
Quoting Mark Rousell (mark.rous...@signal100.com):
That said, the mail list *does* seem to work as Steve wants.
It really doesn't.
On 28/12/2019 14:16, Mark Rousell wrote:
At least it does for my mail client (Thunderbird).
It definitely seems to be MUA-specific. The last bit from Mark is
important: the Thunderbird MUA seems to always show consistent behaviour
of its "Reply" & "Reply List" buttons.
The only thing which changes for this MUA is the set of displayed
headers above the message.
Non-DMARC-protected domains show From, Subject & To, while
DMARC-protected ones show From, Subject, Reply-To & To.
I concur with Mark on the fact this email client seems to do the job, at
least on that front.
-
On a more gneric topic, what I read about DMARC over here seems to be a
bit unfair.
DMARC is only there to *enforce* SPF and/or DKIM ("DomainKeys Identified
Mail" hence not really "former" DomainKeys, just mere relabeling).
The real protection mechanisms being considered/violated here are SPF
and/or DKIM. DMARC's policy only triggers if *both* SPF & DKIM fail.
SPF is a mechanism to ensure the envelope matches the headers & sender
machine is authorized to emit for a domain (hence protects against
impersonation).
DKIM protects against message tempering by signing body & some headers
of the emitted email.
From-munging, used to circumvent SPF, actually means
faking/modifying/impersonating the original email source.
It also happens to circumvent DKIM... and DMARC as a whole, since the
emitting domain would now be the list's one, *not* the sender's.
This From-munging is a perfect man-in-the-middle example, actually
pulling the plug on all headers checks at destination.
Now, if the sender's domain supports DKIM, and provided the headers
potentially important to the mailing list's piping are not provided &
signed (Sender, List-*, Reply-To, etc.), ie if mere From, Subject are
signed (which I believe is a common case), it is alright.
Well. It is alright... provided mailing lists stop doing what they have
been doing for ages, ie *modifying* protected content, either protected
headers or body.
That means no From header modification (no From-munging).
That means no Subject header modification (no added prefix and rather
let destination users route incoming email based on headers rather than
Subject prefix).
That means no body modification (and rather leverage List-* headers &
let MUA augment received messages based on those).
As stated before, a DMARC policy fails if *both* SPF & DKIM checks fail
or if one fail and the other is non-existent.
Hence, the real problem comes from violating DKIM... or having no DKIM
set up.
DMARC + DKIM should do the trick, provided mailing lists (softwares)
stop being intrusive.
In the current state of my understanding of DMARC, SPF & DKIM, I have a
hard time understanding flaming any of those protection mechanisms.
The only trouble I see here is that mailing lists have a long history of
modifying email headers and/or content, and it has been deemed "normal"
over years of doing so.
Would you mind if I arbitrarily opened/modified your (private) postal
mail or any written message from/to you?
My understanding might be incomplete. If so, please enlighten me &
anyone interested, by all means.
Cheers,
Bernard Rosset
https://rosset.net/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Clamav not installable??
The other thing that has been pointed out to me is that your ursl are probably wrong. AFAIK you should use either deb.devuan.org or pkgmaster.devuan.org Yes, the standard URL for apt has been nl.deb.devuan.org for my systems, for this new mailer I started testing with different URL's. Thanks for your help. IMHO, deb.devuan.org shall be used as its load is balanced around all packages mirrors. pkgmaster.devuan.org is the origin, not distributed, and can put the Devuan infrastructure at risk is everyone sticks to it. I guess it's best not to use it. Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Clamav not installable??
On 15/12/2019 16:23, Roel Wagenaar via Dng wrote: Unfortunately the situation is still teh same, lots of 404's. deb.devuan.org is a pool of mirrors. You are probably hitting a mirror which is not up to date. Which mirror are you hitting (IP address)? I would uggest you (temporarily!) use the main repo pkgmaster.devuan.org in lieu of deb.devuan.org Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fw: looking for a replacement for debian since systemd
More talk is the last thing they want. Debating is hard, and requires many human qualities, like empathy, selflessness, lust for common good, long-term intuition & thinking, "self-rigorousness". It becomes increasingly & especially difficult when other people do not share your views. It is so much simpler to enforce a single side (the one from the people having the influence or the capability to enforce decisions) and ignore the rest. "Modern" (or another cycle?) way of making decisions (aka pseudo-thinking). "Modern" (or another cycle?) days. Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Migrating from Buster to Beowulf - feedback needed
Having migrated from buster to beowulf, using wicd as the network manager, how does one rename network interfaces from "persistent names" to old, numbered, ones? Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] buster to beowulf
Quite an old thread without any reaction to it, but I myself attempted a migration from buster to beowulf today, and thought about sharing my experience. What is the current recommended way to crossgrade from buster to beowulf (so I can test it properly) I followed https://devuan.org/os/documentation/dev1fanboy/migrate-to-ascii which happened to roughly do the trick. To grab the Devuan keyring, temporarily use ascii repository. And what logging would be useful to do while I do this? I suppose you could record your session the way Debian recommends it: https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html#record-session In particular, is there any useful way to get a log during reboot to the new system? On top of the session recording from above, I guess digging into /var/log/dmesg, /var/log/messages (which might include the former) and any other resource deemed useful. I got myself some errors on boot I was not able to find in the logs (probably happened before filesystem was mounted) I am now having to deal with ugly network interfaces name, and a couple related quirks & bruises everywhere. My case was particular, as having installed buster w/o network from the full DVD (not netinst), I ended without a desktop GUI & a minimal install... I don't know what went wrong with that official Debian installer. I had to use buster, as the kernel used in stretch (and ascii) was too old for my network hardware which ascii did not detect. I happened to notice, for instance, that USB drives were not popping up on plug in Xfce4 GUI... Might be an install quirk... or a software defect? Overall, it seems to be working. The basics are there. Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Error trying to update beowulf
Hello Mark, Thanks. This is caused by our migration yesterday to a new build pipeline and dak repository. I have changed the config to be as similar to the old one as I can. Today, reverse happened: E: Repository 'http://pkgmaster.devuan.org/merged beowulf InRelease' changed its 'Label' value from 'None' to 'Devuan' N: Repository 'http://pkgmaster.devuan.org/merged beowulf InRelease' changed its 'Version' value from '3.0.0' to '3.0' I also ran into another problem, which is a first to my recollection: Setting up linux-headers-4.9.0-11-amd64 (4.9.189-3+deb9u2) ... /etc/kernel/header_postinst.d/dkms: Error! The dkms.conf for this module includes a BUILD_EXCLUSIVE directive which does not match this kernel/arch. This indicates that it should not be built. Setting up linux-image-4.9.0-11-amd64 (4.9.189-3+deb9u2) ... /etc/kernel/postinst.d/dkms: Error! The dkms.conf for this module includes a BUILD_EXCLUSIVE directive which does not match this kernel/arch. This indicates that it should not be built. dkms status reports: aufs, 4.19+20190211, 4.19.0-6-amd64, x86_64: installed My knowledge of kernel modules stops there. Have I got something to clean? Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Please stop this nonsense - Was: Re: Formail for managing digests
All I read on this ML these days are ethereal hopes people fervently supporting systemd's madness and/or having strongly invested in it, or tools attempting at transforming poop in platinum. All I read on this ML these days are ethereal hopes people fervently supporting systemd's madness and/or having strongly invested in it *will stop doing so*, or tools attempting at transforming poop in platinum. Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Please stop this nonsense - Was: Re: Formail for managing digests
Or perhaps IBM will get sick of this schtick and make Redhat dump
systemd. Write IBM's CEO.
I am starting to get sick of this nonsense.
Either you do not understand unregulated liberal capitalism in its
essence, motives & goals, or you play dumb. It is not a question, not
even rhetorical. Just... stop. Please?
All I read on this ML these days are ethereal hopes people fervently
supporting systemd's madness and/or having strongly invested in it, or
tools attempting at transforming poop in platinum.
On top of that, add uncertainty on Devuan's future & demotivating
peremptory statements ("I'm sure Devuan will not survive without
Debian's help.") and I am close to be utterly certain we are colliding
with a wall down the road.
Then, the icing on the cake, threads dealing with emails are being
mixed/split in an incoherent fashion *and* their content do not reflect
their subject. It is so over the top it almost looks like a prank?
That's for the destructive/ranting part.
---
Now, on to the constructive/positive part.
Problems are solved by actions... and I am a bit short-sighted on that part.
I did put a files mirror up - which I am yet to drive into being
officially registered.
I might set a packages mirror up once I can secure enough disk space on
a 24/7-available location.
Those are the only *actions* I did to try to help Devuan's project.
I noticed golinux propagated on this very list a set of actions (to be)
done about Devuan's infrastructure. This was refreshing and gave
perspective. Thanks for that little piece of hope.
Was this coming from the devuan-dev ML? I naively thought this was
related to *development*... and I am no coder. If not, is there a
non-officially-promoted ML to join?
Is there a way to give a hand on infrastructure-wise projects, like
services or pipes to set up?
These questions are asked in a very personal fashion, but I believe I am
not alone in my corner, unbelievingly staring at all the fuss on this ML.
I guess this init privation/privatization nightmare can only be solved
through actual people doing actual thingys.
I believe everyone being eternally grateful for the very sole existence
of Devuan and to the people being responsible for that to happen, as I
am, shall be talking less (especially tackling nonsense) & act more.
Bernard Rosset
https://rosset.net/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Devuan cannot exist without the help of Debian
Is there any way to give our support to this proposal? Only Debian-accepted developers (cf. https://www.debian.org/devel/join/), subsequently called "Debian Developer", or "DD", have a right to vote (cf. https://www.debian.org/vote/howto_follow). I would also be eager to help Debian (& Devuan too as a consequence, from Denis' own words) not being steered in another wall, but I am no DD. Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] iptables at risk when uprgading?
Does this mean that the upgrade from ascii to beowulf is not transparent and that I risk losing the iptables on my front-end machine when I do it? That is precisely what happened to me, for unclear reasons. Cannot say if this is systematic, or if I fell upon a specific use case trap. Manually save your rules, as in: do not merely rely on you if-pre-up.d/ & if-post-down.d/ scripts. As stated before, you'll always be able to restore exported rules, as nftables keeps backwards-compatible tools allowing to load your saved rulesets from iptables. It *might* just not happen automatically during the upgrade process, as I experienced. Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] How stable Is beowulf? How to upgrade from ascii?
Beowulf/Buster has moved from iptables to nftables. You can still use iptables* with iptables-legacy*, but you'll need to edit your scripts to reflect this. The option to save existing rules is part of the upgrade but assumes that the existing rules haven't already been overwritten with the default 'allow anything and everything'. Thanks for that catch. I forgot about the move, which was publicized years ago already IIRC. Are you implying the upgrade process (ie no reboot) already replaced the rules? Well... That is not surprising in the usual Debian's way (and why loads of people hate it ;o) ), but still damaging if that was the case... That is something I definitely did not check for, and might explain while all of the sudden rulesets were empty (noticed only after reboot). My scripts, using ip(6)tables-save binaries and then loading through ip(6)tables, are still working. I am not used to the nftables interface (yet). Time to learn at last, I guess. :o) I use a second root terminal to check the current ruleset before making the decision to accept; I also check that the correct ruleset has been applied after the first few reboots and any updates just to be sure. Whatever way it is done: it means manual backup & restoration whenever needed. Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] How stable Is beowulf? How to upgrade from ascii?
How stable is beowulf? Is there people using it in production? It is stated on https://devuan.org/os/releases: Beowulf -> In development I suppose it is equivalent to "testing". "testing is where the next stable suite is developed. Software is usually more up-to-date but there may still be issues. testing becomes stable “when it is ready”." It is thus technically "not ready" - yet. The dev team released Ascii 2.1 recently, which concurs with the table in page linked above. Follow announces for when that will change. I suggest you read the changes: https://www.debian.org/releases/stable/amd64/release-notes/ch-whats-new.html - On a personal note, I switched from Ascii to Beowulf almost exactly a month ago. Hard to get proper feedback with such a small hindsight, but here a couple points: - So far, no major problem - A myriad of package default configuration having changed (hence a lot of diff to do to cook modified configuration files on top of the new formats) -- nothing unusual here, though - AppArmor! (https://www.debian.org/releases/stable/amd64/release-notes/ch-whats-new.html#apparmor) If you run a nameserver daemon, the corresponding AppArmor configuration will most probably not be activated: none of mine was. It seems also to be a pain with namespaces (containers) requiring elevated privileges ie for debootstrap (cf. https://stackoverflow.com/questions/26406048/debootstrap-inside-a-docker-container/45661089#45661089) - Even though I use scripts to automatically save/restore ip(6)tables rules on up/down, I ended up having my rules cleared through initial reboots. No precise idea on why. I suggest you always keep a manual save of them somewhere. How to I upgrade from ascii to beowulf? As usual with APT. If you are unsure, you can follow Debian's guide (https://www.debian.org/releases/stable/amd64/release-notes/ch-upgrading.html). The tutorial uses apt. Some feel more confident with the lower-level, original interface apt-get. HTH, Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Raspberrypi 4
Thanks for the clarifation gents, unfortunately the contents of this website is as clear as mud to me. I gues i will have to wait for someone far more capable to solve this issue. May I suggest you do not give up? Not knowing is great: it means all you can do is learn (o: It seems this website got a "Getting started" section (https://projects.raspberrypi.org/en/pathways/getting-started-with-raspberry-pi). More specifically one about how to set up the hardware by using a SD card (https://projects.raspberrypi.org/en/projects/raspberry-pi-setting-up). It seems there are picture and step-by-step procedures, which might help you feel better. My 42 cents, Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Raspberrypi 4
I am trying to get my new pi to boot, I have replaced the bootcode.bin with the one from raspbian buster, unfortunately the pi stalls. Any suggestions what else to try?? A quick search engine use lead to https://www.raspberrypi.org/documentation/hardware/raspberrypi/bootmodes/ stating: "Note: The Raspberry Pi 4B does not use the bootcode.bin file - instead the bootloader is located in an on-board EEPROM chip. The Pi 4B bootloader currently only supports booting from an SD card." That's all I could find in 1 min 37 s. I own no Raspberry myself. Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Devuan as a rescue CD?
Hello Steve, Has any of you been using Devuan as a rescue CD? If so, how has it been working out for you, and do you have any suggestions to make the Devuan rescue experience easy and productive? I have replaced my old GParted Live DVD with Devuan live desktop to partition/repair/copy (dd) disks or mount filesystems for recovery/repair purposes. I now install GParted from the live desktop when need be. Of course some fdisk could also do the trick, but I like the preview/comfort from the GUI. Handy to have a lightweight functional fully-fledged live GUI environment thanks to Devuan :o) All it takes is modifying the keyboard map, changing the APT sources and installing a couple packages if/when needed. Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] openvpn beowulf package imssing
(Sorry Hendrik for the double post, but I replied to you personally, and not the list) Has it perhaps acquired ties to systemd? That is most probably why the Devuan team made the initial effort of recompiling it, yeah. I was merely wondering why that effort had since stalled. Upstream sources cut? Now-unsolvable set of dependencies? Mere lack of (human) resources to trigger compilations/debug? Side question: how a non-developer like me can help? Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] I wrote IBM
The facts with systemd is this. RedHat's business model is to sell support for their OS. Only problem is that Linux is pretty stable on it's own. No problems means no support money. That's why they must replace a perfectly good init system that's worked perfectly for multiple decades with something that's got over 1000 bugs in the tracker alone and handles thing like dns resolution. This isn't even about features. If it was they'd be using something like OpenRC which does pretty much all the same process management systemd does without all the RCEs and scope creep. RedHat's aims have not changed from when they first introduced SystemD and they are achieving them on target which is why IBM bought in. It is to become the only Distro regardless of name, in effect the SystemD Operating System. By forcing the same packages and package versions by tight integration with SystemD (Apache2, BIND9, dhcpcd5, etc. etc.) then all Linux Distros will fall into the scope of RedHat Support business model and make everyone potential clients regardless of who the packager was. I thought all this was public knowledge Although all very interesting theories (even some being plausible), and although I am inclined to believe any (*any*!) explanation, even the oddest, as to *why* this systemd monstruosity exists, all I see here is conjecture and/or opinions presented as facts. I would gladly take anything that would connect any wild theory to something remotely looking like a fact or a proof when talking about knowledge. So Devs, this is one good reason NOT to submit patches to Debian. Unfortunately, all the other Devs in the world not here either don't care, or have a vested interest in (work for) IBM\Redhat. Sometimes evil intent can be explained by mere ignorance. Most people out there won't take the time about how/why/where they do something as "trivial" as packaging some code, which is a "side" activity to the "real core": the software code. That is where propaganda (as in "the spreading of ideas, information, or rumor for the purpose of helping or injuring an institution, a cause, or a person") kicks in, to help spread the word of Devuan's existence, and the underlying principles at work. Poettering fans out there negate the very principle of the existence of "init freedom" and are very vocal about it... That is *miles* away from any elaborate grand scheme about anything, and this fight is already hard to win. Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] openvpn beowulf package imssing
So why there 2.3 version is in beowulf while buster's package is 2.4? FWIU, it seems this package is compiled from Devuan's CI and not merely merged from upstream: https://ci.devuan.org/job/openvpn-binaries/ I have no idea about what kind of problem made that package not having been recompiled since 3y 8m. I guess only a dev could shed some light on the underlying reasons? Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] I wrote IBM
On 2019-09-30 18:34, Steve Litt wrote: It's their job to receive letters from the public Who does "they" refers to, exactly? and any half way smart business values feedback. Out from any idealized vision, the question would be: what is the incentive? From a pragmatic observation of the real world, I would quote those few words from golinux: On 01/10/2019 02:13, goli...@devuan.org wrote: still they persist. Big companies persist on their agenda, whatever the (fiducial) cost as long as (fiducial) benefits outweight them. Steve, you talk about values; companies talk about money. systemd sells well, more & more distro fall to it. Actually, less & less major Linux distro have been available out-of-the-box without systemd as init system (+ dependencies, where the real pain hides & lies). Why would Red Hat, ie IBM would see that another way than beeing good news? Hegemony, lock-in, monopoly: (tech) giants have been using these tactic for ages. TL; DR systemd is good for IBM's business. Moar revenue, moar profit. The rest is cosmetics. Now. How/Where does you little email inserts itself into that plan? Nowhere. Your idealized, desperate wish to force the way things go round & round makes you wish that will have any impact. I would call that being blinded. As told before, and hinted by many including myself, any energy wishing to fight this nightmarish systemd hydra is to provide alternatives, and promote them to the general population for the greater good. You energy & wishes are good, this is fuel. I hope you will understand the somewhat knee-jerk reactions you (will) get about writing emails to IBM are not against you, but mere incentives to use your fuel to promote/make Devuan (better). Heck, suggesting it to a colleague who seek for a distro to try/use is a start, installing it for some family members that will use office software for accounting/small business needs, are common possibilities, and that coupled with explanations is spreading knowledge. No-one has any idea on how this war will end. The risk being, systemd being tightly coupled with GNU/Linux, its envisioned eventual self-induced demise from bloating & controlling every system component will hurt GNU/Linux reputation. I guess the long-term strategy is to say & repeat (& repeat & repeat) systemd is a mere component, yet propagating in it like cancer, of GNU/Linux systems, showing proof-by-example distro exists without it, are stable, maintainable, and remembering people *choice* is the eternal fuel for freedom. Companies have no values. You have no "money" talking point. IBM won't listen. IBM does not care about anything but money. Business do not care about anything but money. Stop wasting your fuel. Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ..the D in Systemd is for Directories: Poettering says his creation will phone /home in future ... albeit with broken SSH login
Sigh . . . If only Devuan development could generate the participation and enthusiasm that the silliness of systemd bashing does . . . golinux Nothing silly about it. Devuan was born from systemd bashing. I guess the hint there was to take all that energy aimed towards fruitless projects, like writing to some people at IBM, which is leading nowhere... ... and using it positively, constructively to build & expand projects like Devuan which provide actual solutions to the problem(s) systemd embodies and about which we all agree on here. Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] The real nessecity to have a Independent Distribution - PRIVACY
> The problem we are facing is MUCH bigger than that. This eye-opener > from Eben Moglen: > > https://19.re-publica.com/en/session/why-freedom-thought-requires-attention The diction parameters & voice pitch makes me think so hard about Richard Stallman. Thanks for sharing; Watching that now. Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mirror 141.84.43.19 - Frequent unavailability
> Mirror maintainer confirmed very quickly that it was a hiccup they were > dealing with Yup, as we already noticed, the trouble had already stopped for several hours, in total opposition of observed behavior observed until then. Good to have formal confirmation things are back to normal! Thx for that Evilham & GJ target maintainers. > The connection-level monitoring should happen though :-). Yup! Ready to engage on the hows & when, via your preferred channel :o) Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mirror 141.84.43.19 - Frequent unavailability
Thx Evilham for your answer. Glad it was not sinkholed ;o) > FWIW: I've been running "while; curl; sleep 30" as a similar test for a > good few minutes now and it's been solid. Yup, as I stated before in my report, nothing wrong had been detected since 1100Z, ie almost 6h ago. I have been using a simple shell shell (see what I did?) around nc -z sending notifications... Truly nothing high-tech. At all. PoC? > But maybe it'll be interesting to add simple monitoring at a connection > level same way you ran your tests. > I'll try to setup a thing in the next couple days. I was actually thinking about ways of involving the community, whose kind members already are actively participating in mirrors & such, in a distributed monitoring array. While heavy checks might be run on more central, tighly-controlled components, availability checks could be run from anyone's scheduled tasks manager, and might be aggregated as "pods" in (a) monitoring instance(s) responsible to store & display results? I was thinking simple checks run as scheduled tasks, collection through rsyslog. For the displaying part YMMV, depending on which you merely wanna display or allow viewers to query on the dataset... hence either a static display or more evolved stuff like Grafana. Has anyone built such a thing recently with maybe more proper architectures, yet agent-less, than this one? The usual monitoring setups I encountered so far tended to be locked to the previously chosen tech... for better or worse. Decoupling is good. This would pave the way for check coming from many networks/IX/equipments/hosters, etc. balancing/nullifying observation biases. > If we get more reports we totally will, so far everything is "looking > good" and all tests pass, but maybe there is indeed something inherently > spotty on the connection and that's what you are seeing; we'll see if > with more data or more reports or when the maintainer takes a look > something changes. IIUC, this lack of detection seems to be coming from the lack of monitoring... hence my ping/call to the community :o) Anyone jumping on board is warmly welcome! Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Mirror 141.84.43.19 - Frequent unavailability
After I stumbled, by chance, on mirror 141.84.43.19 (being part of the deb.devuan.org pool) being unavailable for a couple of minutes, I set a script up checking TCP/80 availability for all of mirrors in said pool. The conclusion is clear: 1°) 141.84.43.19 is the only mirror suffering from this problem 2°) This problem was detected with a high frequency, despite relatively infrequent checks (1 every 5 min) For this day only so far, 2019-07-17, at 1600Z, all the failed occurences were happening at those times: 0050Z 0055Z 0100Z 0105Z 0110Z 0115Z 0120Z 0123Z 0145Z 0150Z 0155Z 0200Z 0205Z 0230Z 0240Z 0245Z 0250Z 0310Z 0410Z 0420Z 0455Z 0510Z 0515Z 0520Z 0535Z 0610Z 0615Z 0630Z 0640Z 0645Z 0715Z 0755Z 0800Z 0805Z 0825Z 0905Z 1035Z 1100Z Hence the following questions: a) Am I the only one observing this (ie someone else having set such a check up with a check frequency relatively close to mine, eliminating biases of my setup)? b) If not and this a confirmed defect, would not it be reasonable to remove said host from the pool until the maintainer can inspect what is going on and act on it? Bernard Rosset https://rosset.net/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
