Re: [DNG] Any parties interested in lxc ?

[tom]

On Mon, 5 Oct 2020 11:30:10 +0100
g4sra via Dng  wrote:
> 
> Hi Tom,
> 
> This is my current thinking with regard to a LXC Container system for
> building OS images and support software. The host workstation has all
> the standard development tools ('build-essential' etc) that any/all
> containers would normally need. This can be updated as required (in
> effect, updating all containers).
> 
> The containers must run unprivileged as the both the software being
> built and the build software itself may be of dubious quality
> (especially if I wrote it).
> 
> Container1:
>   bind,ro mounts the host filesystem providing development tool
> access overlayfs a delta filesystem on which required tools\libraries
> etc can be built
> 
> ContainerN: repeat above as often as required
> 
> ContainerX: 
>bind,ro mounts the host filesystem providing development tool
> access bind,ro mounts CN deltas to provide access to the
> tools\libraries overlayfs a delta filesystem on which the test OS can
> be built 
> 
> Can you:
>   see anything wrong with the proposed above where container
> superuser privileges and device access would allow corruption of
> either the Host or of a neighbouring container ? think of anything
> builds require that I have not made allowance for ? detail a better
> way for obtaining my goal ?
> 
> Appreciate your comments Tom.
> Charlie
That all should be possible. As for mounting external directories, I
know that's possible but I have not personally tried that. I came
across that reading documentation. However I do have hypervisor
mountpoints inside of a container's rootfs.

Unprivileged containers I still have not figured out how to generate. I
have a script that creatures unprivileged containers and lxc comes with
a template downloader script. However those templates are downloaded
from some Ansible server hosted on Canonical's website. The images are
generated from /HIGHLY/ abstracted Ansible templates, not actual
source code or bash scripts. Because of this it's very difficult to
figure out what's really going on as the specifics are all abstracted
away. The difference between a script that builds a Devuan image for
a container and a script that builds a Devuan image for a container then
then 'underprivilegizes' it with subuids/subgids.

Maybe you being a Redhat stuff expert would be able to enlighten us
on that and I could then modify my script to be able to create
unprivileged containers too instead of relying on some Canonical
webserver always being up and accessible or having to build out a QA
server when I really don't need one just to create local containers.

Can I put attachments on emails to the dyne mailing lists?

-- 
 _ 
/ Suppose for a moment that the   \
| automobile industry had developed at|
| the same rate as computers and over the |
| same period: how much cheaper and more  |
| efficient would the current models be?  |
| If you have not already heard the   |
| analogy, the answer is shattering.  |
| Today you would be able to buy a|
| Rolls-Royce for $2.75, it would do  |
| three million miles to the gallon, and  |
| it would deliver enough power to drive  |
| the Queen Elizabeth II. And if you were |
| interested in miniaturization, you  |
| could place half a dozen of them on a   |
| pinhead.|
| |
\ -- Christopher Evans/
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Any parties interested in lxc ?

[tom]

On Mon, 5 Oct 2020 12:22:27 -0400
Hendrik Boom  wrote:

> On Sat, Oct 03, 2020 at 11:04:23AM +0100, g4sra via Dng wrote:
> > I am seeking any Devuaners with an interest in lxc to bounce ideas
> > off.
> > 
> > I wish to move to multi-fully-containerised development but am
> > repeatedly stumbling along the way. Unfortunately the official lxc
> > resources do not help much with the (systemd-less) issues I am
> > having. I find bouncing (sometimes stupid - I find playing devils
> > advocate can really help) ideas off other people often helps
> > understanding and can lead to solving the problems. 
> > 
> > If anybody out there with practical experience or interest in lxc
> > would like to be electronically pestered, please reply direct to me
> > off list.  
> 
> No practical experience.
> But is there any chance lxc can play nicely with random USB devices?
> Or the built-in camera and microphone? 
> 
> -- hendrik
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

I think so, you can write hardware device exception rules, though I
have not played with this myself. Only to fix containment and AppArmor
breakage on a server.

-- 
 _ 
/ Suppose for a moment that the   \
| automobile industry had developed at|
| the same rate as computers and over the |
| same period: how much cheaper and more  |
| efficient would the current models be?  |
| If you have not already heard the   |
| analogy, the answer is shattering.  |
| Today you would be able to buy a|
| Rolls-Royce for $2.75, it would do  |
| three million miles to the gallon, and  |
| it would deliver enough power to drive  |
| the Queen Elizabeth II. And if you were |
| interested in miniaturization, you  |
| could place half a dozen of them on a   |
| pinhead.|
| |
\ -- Christopher Evans/
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Any parties interested in lxc ?

[tom]

On Sat, 3 Oct 2020 11:04:23 +0100
g4sra via Dng  wrote:

> I am seeking any Devuaners with an interest in lxc to bounce ideas
> off.
> 
> I wish to move to multi-fully-containerised development but am
> repeatedly stumbling along the way. Unfortunately the official lxc
> resources do not help much with the (systemd-less) issues I am
> having. I find bouncing (sometimes stupid - I find playing devils
> advocate can really help) ideas off other people often helps
> understanding and can lead to solving the problems. 
> 
> If anybody out there with practical experience or interest in lxc
> would like to be electronically pestered, please reply direct to me
> off list.
> 
> Charlie.
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Hello grsra, I run LXC on Devuan, and have done so even through the
ascii->beowulf migration. I have some custom scripts and such for doing
so, but found the devuan gitlab a little overwhelming and a lack of
interest by other devuaners with LXC. If your interested in
Devuan+OpenRC+LXC I'm probably your man.

I would appreciate if we kept this on-board unless needed. Never know
when someone in the future might find it useful.

-- 
 _ 
/ "I honestly believe that the doctrine   \
| of hell was born in the glittering eyes |
| of snakes that run in frightful coils   |
| watching for their prey. I believe it   |
| was born with the yelping, howling, |
| growling and snarling of wild beasts... |
| I despise it, I defy it, and I hate |
\ it." -- Robert G. Ingersoll /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] dynamic resolver configuration [Was: Danger: Debian POSIX hostility]

[tom]

On Wed, 16 Sep 2020 12:40:18 -0700
Ian Zimmerman  wrote:

> On 2020-09-16 02:11, Steve Litt wrote:
> 
> > Speaking of Netowrk manager, am I the only one who hates it messing
> > with /etc/resolv.conf? You know what I'd like? I'd like
> > /etc/resolv.conf to be a symlink to one of many files, such as
> > resolv.dhcp, which *could* be modified by the network manager, and
> > all sorts of others that can be switched in and out by a
> > shellscript. Most folks would just use the symlink to resolv.dhcp,
> > but folks like us could actually put our own unbound on our laptops
> > and use a resolv.unbound or something like that.  
> 
> The resolvconf package already does something like this, and it _can_
> be utilized by user scripts, though it is not very well documented
> and, maybe even worse, not very well "promoted".  Also, you can
> achieve a similar effect by running dnsmasq with a few simple scripts
> on top, because the "upstream" dnsmasq resolver file is configurable.
> 
> But when I think about the normal way of resolver configuration
> I feel, for once, some sympathy for Len^H^H^H the one whose name shall
> not be said here.
> 

on an IPv6 network you don't need DHCP for autoconfiguration of IP and
DNS. Just run rdnssd and it will statelessly grab the resolver and
configure a unique publicly routable IP address.

-- 
  
/ Kiss me, Kate, we will be married o'   \
| Sunday.|
||
| -- William Shakespeare, "The Taming of |
\ the Shrew" /
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan Made The List

[tom]

On Tue, 15 Sep 2020 14:56:55 -0500
goli...@devuan.org wrote:

> On 2020-09-15 14:02, Linux O'Beardly via Dng wrote:
> > 10 Best Debian-Based Linux Distributions
> > 
> > https://www.tecmint.com/debian-based-linux-distributions/
> > 
> >   
> 
> Promoting Beowulf with a screenshot of the Jessie desktop. Get it 
> together tecmint . . .
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Ubuntu is second on their best list? More like second worst Linux
distro still in active development.

-- 
  
/ Kiss me, Kate, we will be married o'   \
| Sunday.|
||
| -- William Shakespeare, "The Taming of |
\ the Shrew" /
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] RFC: wiki software

[tom]

On Tue, 8 Sep 2020 10:39:26 -0700
spiralofhope  wrote:

> On Mon, 7 Sep 2020 09:05:39 -0400
> Hendrik Boom  wrote:
> 
> > Of course there's also mediawiki, which is the basis for the
> > WIkipedia.  
> 
> Unless something has changed, ACLs are explicitly absent from
> MediaWiki. There have always been efforts by third parties to make it
> more functional, but I'm of the opinion that security should be
> supported by the core engine.
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

If the wiki ends up web based, I only ask that it produce XHTML1.1 or
XHTML1.1 BASIC compliant web pages, so that there is actually a real
choice in user agent software and some consistency between different
rendering engines. Not HTML and DEFINITELY NOT HTML5.

-- 
 _ 
/ In arguing that current theories of \
| brain function cast suspicion on ESP,   |
| psychokinesis, reincarnation, and so|
| on, I am frequently challenged with the |
| most popular of all neuro-mythologies   |
| -- the notion that we ordinarily use|
| only 10 percent of our brains...|
| |
| This "cerebral spare tire" concept  |
| continues to nourish the clientele of   |
| "pop psychologists" and their many  |
| recycling self-improvement schemes. As  |
| a metaphor for the fact that few of us  |
| fully exploit our talents, who could|
| deny it? As a refuge for occultists |
| seeking a neural basis of the   |
| miraculous, it leaves much to be|
| desired. -- Barry L. Beyerstein, "The   |
| Brain and Consciousness: Implications   |
| for |
| |
| Psi Phenomena", The Skeptical Enquirer, |
\ Vol. XII, No. 2, pg. 171/
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] RFC: wiki software

[tom]

On Sun, 6 Sep 2020 19:56:32 -0700
tom  wrote:

> On Sun, 6 Sep 2020 20:29:24 -0400
> Steve Litt  wrote:
> 
> > On Fri, 4 Sep 2020 23:42:39 -0400
> > Mason Loring Bliss  wrote:
> >   
> > > On Fri, Sep 04, 2020 at 07:53:54PM -0700, tom wrote:
> > > 
> > > > How many Gemini and Kristall (or any other Gemini client of your
> > > > choosing) https://gemini.circumlunar.space/  
> > > 
> > > As it turns out, we were talking about that at the last meeting,
> > > and there's probably interest in it.
> > 
> > I'm interested. However, I sure wish they'd allow inline images.
> > That's a must for any kind of informative documentation.
> >  
> > SteveT
> >   
> I've thought about that too, but I'm not quite sure that fits with
> Gemini's mission or not to be part of the protocol. I don't see why a
> client can't implement that themselves though. Gemini does support
> MIME. In XMPP we already have clients that interpret links to content
> like images, video, and audio and display inline players/viewers for
> them.
> 
> That could either mean auto-dling linked images or loading on click.
> 
> 

If gemini was to do it in-protocol, I wonder if FARBFELD+Bzip2 would be
an acceptable raster format.

-- 
 _ 
/ "We can't schedule an orgy, it might be \
\ construed as fighting" --Stanley Sutton /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] RFC: wiki software

[tom]

On Sun, 6 Sep 2020 20:29:24 -0400
Steve Litt  wrote:

> On Fri, 4 Sep 2020 23:42:39 -0400
> Mason Loring Bliss  wrote:
> 
> > On Fri, Sep 04, 2020 at 07:53:54PM -0700, tom wrote:
> >   
> > > How many Gemini and Kristall (or any other Gemini client of your
> > > choosing) https://gemini.circumlunar.space/
> > 
> > As it turns out, we were talking about that at the last meeting, and
> > there's probably interest in it.  
> 
> I'm interested. However, I sure wish they'd allow inline images.
> That's a must for any kind of informative documentation.
>  
> SteveT
> 
I've thought about that too, but I'm not quite sure that fits with
Gemini's mission or not to be part of the protocol. I don't see why a
client can't implement that themselves though. Gemini does support
MIME. In XMPP we already have clients that interpret links to content
like images, video, and audio and display inline players/viewers for
them.

That could either mean auto-dling linked images or loading on click.


-- 
 _ 
/ "We can't schedule an orgy, it might be \
\ construed as fighting" --Stanley Sutton /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] RFC: wiki software

[tom]

On Fri, 4 Sep 2020 00:51:01 -0400
Mason Loring Bliss  wrote:

> Hi all! We're looking for opinions about wiki software. First choice
> at the moment is TWiki but we want more options and more perspective
> to get us to the best possible decision.
> 
> Goals, not in a particular order:
> 
> * Ideally not Python, PHP, Java unless it's otherwise perfect.
> 
> * Supports ACLs for per-account and/or per-group editing privs.
> Ability to disable edits by people not logged in.
> 
> * Potentially supports ACL-based visibility in addition to editing
> privs.
> 
> * Supports at least a minimum live editor, with mark-up being fine -
> no need for WYSIWYG.
> 
> * Flat files on the back end - ideally content can be captured to
> version control, can come from version control, etc.
> 
> * JavaScript not required for clients.
> 
> We'll continue poking at TWiki while we gather data.
> 

How many Gemini and Kristall (or any other Gemini client of your
choosing) https://gemini.circumlunar.space/

native format is markdown, supports data and query entry, identities
based on client certificates supporting both persistent and transient
identities. Protocol is dead simple to code for. Already a wide choice
of client software https://gemini.circumlunar.space/clients.html with
no degradation of service at all for even text-only clients. Compatible
with DIY-computing. The entire spec is readable with 15 minutes of your
time gemini://gemini.circumlunar.space/docs/specification.gmi and only
31K big.

-- 
  
/ QOTD:  \
||
\ "I'm just a boy named 'su'..." /
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] my experience upgrading to NFT

[tom]

On Mon, 3 Aug 2020 09:10:46 -0700
Ian Zimmerman  wrote:

> On 2020-08-02 22:35, Hendrik Boom wrote:
> 
> > Does iptables still work on beowulf?  
> 
> As long as you use update-alternatives to choose
> /usr/sbin/iptables-legacy. Please see the other subthreads - I am new
> to this topic myself, in fact I have not realized until today that I
> was running nftables for months on buster :-P
> 
> > And am I right in assuming that "nftables" does *not* stand for 
> > New-Fangled Tables?   :-)  
> 
> netfilter tables, AFAIK
> 

Yes, it's an optional upgrade for now. Just be sure that you migrate to
nft after upgrading to beowulf. In my testing nft in ASCII is pretty
broken.

-- 
  
/ Our documentation manager was showing  \
| her 2 year old son around the office.  |
| He was introduced to me, at which time |
| he pointed out that we were both   |
| holding bags of popcorn. We were both  |
| holding bottles of juice. But only |
| *__he* had a lollipop.   |
||
| He asked his mother, "Why doesn't HE   |
| have a lollipop?"  |
||
| Her reply: "He can have a lollipop any |
| time he wants to. That's what it means |
\ to be a programmer."   /
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] dev1galaxy.org down?

[tom]

On Tue, 18 Aug 2020 09:49:16 +1000
Ozi Traveller via Dng  wrote:

> me either
> 
> This site can’t be reached
> 
> *dev1galaxy.org * unexpectedly closed the
> connection.
> 
> 
> On Mon, Aug 17, 2020 at 11:28 PM pekman  wrote:
> 
> > yes. I don't access
> > --
> > att, pekman
> > ___
> > Dng mailing list
> > Dng@lists.dyne.org
> > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> >  

it is dead

-- 
 _ 
< When all else fails, EAT!!! >
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Has anybody else experienced Raspberry Pi breakage ?

[tom]

On Sun, 17 May 2020 13:20:13 +0100
g4sra via Dng  wrote:

> I have an old Rpi 2B that will boot its original Raspbian fine but
> panics 'killing init' on Devuan. Has anybody else experienced this ? 
> 
> The only difference I can discern is that the Devuan repository
> executables (init) are compiled as PIE. Any suggestions to further
> the diagnosis of this issue gratefully received.
> ___ Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

I ran Devuan on the pi for a while. It kept breaking because of the
insane mount options for the root partition on the sd card that
disables all filesystem safety. I'd suggest running debsums on the pi
and seeing if disk corruptions have occurred. Alternatively I have
switched to using NetBSD 9 on my pis and it's been a much more stable,
reliable, and predictable experience.

-- 
 _ 
/ Matz's Law: \
| |
| A conclusion is the place where you got |
\ tired of thinking.  /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] A way of holding telephone-conferences with DEVUAN?

[tom]

On Tue, 7 Apr 2020 09:24:47 +0300
Dimitris via Dng  wrote:

> On 4/7/20 9:05 AM, Rod Rodolico wrote:
> > but it works so far with FF  
> 
> 
> doesn't work for everyone, that's why jitsi suggests the use of
> chromium based browsers..
> 
> https://github.com/jitsi/jitsi-meet/commit/92740707f01547d4e431050ade1d17589c544629#diff-12cdb961bef2a8b83d0f510226f85495
> 
> 
> https://community.jitsi.org/t/software-unusable-on-firefox-why/22143/10
> https://github.com/jitsi/jitsi-meet/issues/4758
> 

suggests? you mean flat out blocks anyone not on chrome or firefox

-- 
 ___ 
/ The only thing necessary for the  \
| triumph of evil is for good men to do |
\ nothing. - Edmund Burke   /
 --- 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Current state of VPN software ?

[tom]

On Tue, 5 May 2020 15:04:17 -0400
Steve Litt  wrote:

> How did the SSH solution work out for you, performance wise?
> 
> Why did you move from the SSH method to OpenVPN?
> 
> Thanks,
> 
> SteveT
> 
> On Tue, 5 May 2020 06:15:45 -0600
> Chris Dos  wrote:
> 
> > On 4/8/20 2:14 PM, Simon Hobson wrote:
> > > It's been a while since I last did anything with VPNs on Linux,
> > > and I recall there being 3 options, some of which were "less well
> > > supported" than others. I'm looking to setup a site-site tunnel so
> > > I can remotely access stuff at mum's (she's in isolation because
> > > of this Covid 19 stuff) and using remote desktop control, connect
> > > her Mac to a video call.
> > >
> > > So what's the state of play in the VPN on Linux world - both ends
> > > would be running Devuan (one end an AMD64 VM, the other end rPi) ?
> > > Last thing I used was OpenVPN which AIUI is completely
> > > non-interoperable with anything else, while FreeSwan and OpenSwan
> > > were having a bun fight.
> > >
> > > Simon
> > >  
> > 
> > A little late, but I used to use a SSH script to create a full VPN
> > connection between my laptop and work sites. I just created a script
> > for each network I wanted to connect to. You'll need to set up SSH
> > keys first though to the root user (or you can modify the script to
> > use sudo on the remote end). Script I used to use:
> > 
> > #!/bin/bash
> > 
> > PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
> > 
> > HOST=remotehost.somedomain.com
> > REMOTETUNIP="172.16.200.2"
> > LOCALTUNIP="172.16.200.1"
> > REMOTENET="192.168.1.0"
> > REMOTENETMASK="255.255.255.0"
> > 
> > if [ "$1" != "start" -a "$1" != "stop" ]
> > then
> >     echo "Syntax: $0  "
> >     exit 1
> > fi
> > 
> > if [ "$1" = "start" ]
> > then
> >     # Find next available local TUN device
> >     TUNNUMBER=0
> >     FINDTUN="false"
> >     while [ "$FINDTUN" = "false" ]
> >     do
> >         ifconfig -a | grep -v tunl | grep tun$TUNNUMBER > /dev/null
> >         if [ "$?" != "1" ]
> >         then
> >             let TUNNUMBER=$TUNNUMBER+1
> >         else
> >             FINDTUN="true"
> >         fi
> >     done
> >    
> >     sudo ssh -f -C -w any:any root@$HOST true
> >     ssh root@$HOST "ifconfig tun0 $REMOTETUNIP pointopoint
> > $LOCALTUNIP" ssh root@$HOST "iptables -A INPUT -i tun+ -j ACCEPT"
> >     ssh root@$HOST "iptables -A FORWARD -i tun+ -j ACCEPT"
> >     ssh root@$HOST 'echo 1 > /proc/sys/net/ipv4/ip_forward'
> >     sleep 3
> >     sudo ifconfig tun$TUNNUMBER $LOCALTUNIP pointopoint $REMOTETUNIP
> >     sudo route add -net $REMOTENET netmask $REMOTENETMASK gw
> > $LOCALTUNIP tun$TUNNUMBER
> >     echo "Tunnel has been set up"
> > 
> > fi
> > 
> > if [ "$1" = "stop" ]
> > then
> >     sudo kill `ps ax | grep "any:any root@$HOST true" | grep -v grep
> > | cut -c 1-5` > /dev/null
> >     ssh root@$HOST 'kill `ps ax | grep "sshd: root@notty" | grep -v
> > grep | cut -c 1-5`'
> >     ssh root@$HOST 'ifconfig tun0 down'
> > fi
> > 
> > 
> > I currently use OpenVPN tunnels, but oh my word, OpenVPN is a bear
> > to get set up properly.  Probably today, if I was going to do it
> > again, WireGuard might be the next easiest solution other than
> > using SSH.
> > 
> >     Chris
> 
> 
> 

I used to use OpenVPN but when Wireguard was invented and released I
stopped using all other VPN solutions and moved everything over to
Wireguard. It is so much better and simpler than anything else out
there I've seen for layer3 IP VPNs.

-- 
 _ 
/ Arnold's Laws of Documentation: \
| |
| (1) If it should exist, it doesn't. |
| |
| (2) If it does exist, it's out of date. |
| |
| (3) Only documentation for useless  |
| programs transcends the |
| |
\ first two laws. /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] HW: Which brand and model of lapto have your successfully installed Devuan on?

[tom]

On Thu, 9 Apr 2020 11:56:07 +1000
terryc  wrote:

> This is a hardware question.
> Which brand and model(s) of laptop have people successfully installed
> devuan onto?
> How difficult was it?
> 
> Thank You In Advance.
> 
> The long story; I finally have a need to purchase my own personal
> laptop and have spent the last few days searching for such a beastie
> that I can order.
> 
> I have a strong preference to not pay the Microsoft Tax and not waste
> my money on bits for which there are no linux drivers. Obviously
> running Devuan is preferable.
> 
> Unfortunately, there appears to be no local vendor of Linux only
> laptops around any more. The only one in the coutry that I could
> located actually buys Win OS laptops and co-installs Linux and I'd
> prefer to avoid the future hassles that will cause(leopard-spots).
> 
> Note, also having great difficulty finding out how to order such a
> beastie from the major global brands.
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

My favorite laptop for running Linux is the Lenovo Thinkpad model T430
modified to run CoreBoot and IntelManagementEngine-nuetered. It has
been one of the most reliable machines I have ever owned. Runs Devuan
ASCII perfectly. I've got a 500G Samsung Pro SSD in there and 8GB of
Corsair RAM. I wonder if NASA still uses these in the ISS.

It was no difficulty at all installing Devuan on the device but I did
have to completely dissemble the device to get access to the two EEPROM
chips and attach an in-circuit programmer to them for flashing of
CoreBoot which removes the NSA management engine backdoor, removes the
restriction on which mPCIE cards can be installed, and allows the use
of generic batteries.

-- 
 __ 
/ If love is the answer, could you \
| rephrase the question?   |
|  |
\ -- Lily Tomlin   /
 -- 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] A way of holding telephone-conferences with DEVUAN?

[tom]

On Wed, 8 Apr 2020 11:34:19 +0300
Dimitris via Dng  wrote:

> On 4/7/20 5:17 PM, g4sra via Dng wrote:
> > OMG how can you agree with Dal and then go on to suggest the use of
> > something cloud based and written in Java ?  
> 
> jitsi can be installed anywhere. https://meet.jit.si is cloud based in
> europe dcs, run by jitsi devs, yes. but you don't have to use that,
> there are hundrends of other public jitsi meet instances (random
> list :
> https://fediverse.blog/~/DonsBlog/videochat-server?responding_to=745)
> and of course you can host your own.
> 
> zoom is also cloud based proprietary thing, based in the us... so not
> a good thing having our calls stored in some nsa dc in gafamville,
> usa... also misleading ads, privacy concers, data sellout..  how's
> that any different than skype?
> 
> random link :
> https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html
> 
> 
I think it's pretty horrible for Jitsi to flat out block every other
browser than Chrome or Firefox.

any time I go to a Jitsi server it just gives me a blank blue page
saying this:

It looks like your using a browser we don't support.
Please try again with the latest version of Chrome and Firefox

I have been through the browser wars of the 90s and I sure as hell am
not ready for browser war 2.0 Do we need to bring back the
anybrowser.org buttons?



-- 
  
/ This fortune soaks up 47 times its own \
\ weight in excess memory.   /
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] A way of holding telephone-conferences with DEVUAN?

[tom]

On Mon, 06 Apr 2020 20:51:37 -0500
goli...@devuan.org wrote:

> On 2020-04-06 20:46, Hendrik Boom wrote:
> > On Mon, Apr 06, 2020 at 08:46:03PM -0400, Dan Purgert wrote:
> >> On Apr 04, 2020, Raul Claro wrote:
> >> > Dear Devlers,
> >> >
> >> >     is there a way of holding a video- or an audioconference
> >> > with Firefox (or Vivaldi) on Devuan?  The ones I have come in
> >> > contact with. such als /https://global.gotomeeting.com/, /work
> >> > only with Windows or Mac and Chrome.
> >> >
> >> >  Are there any Debian/Devuan alternatives to these systems?
> >> 
> >> Jitsi would be my initial go-to, as Zoom seems to have proven 
> >> themselves
> >> less-than-trustworthy in the last couple of weeks.
> > 
> > I've been completely unable to get on Zoom from firefox esr.
> > Is it likely to work with Chrome or chromium?  One of my regular
> > meeetings has chosen Zoom, leaving me little choice.
> > 
> > Any idea how much computer jitsi needs?  My server is over a decade 
> > old.
> > I've been hanging onto it because it's too old to have a management
> > engine.
> > 
> > -- hendrik
> 
> The online version of jit.si - https://meet.jit.si/ - connects via
> your browser. You don't have to install on you server.
> 
> golinux
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Nextcloud talk also works, doesn't require any software either. just a
webrtc enabled browser and a coturn server.

-- 
  
/ If I could drop dead right now, I'd be \
| the happiest man alive!|
||
\ -- Samuel Goldwyn  /
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] why is polkit needed?

[tom]

On Tue, 10 Mar 2020 12:08:23 -0600
tekHedd  wrote:

> On Sat, Mar 7, 2020, at 5:37 PM, Rick Moen wrote:
> > Quoting tekHedd (tekh...@byteheaven.net):
> >   
> > > Cool software doesn't really happen without the ability for apps
> > > to communicate and read/write the state of the system and
> > > communicate with other user level components.  
> > 
> > If so, so what?  This doesn't in any way suggest need for a new
> > extra system authentication layer.  By default, all software
> > running under the user's EUID can intercommunicate as peers.  So,
> > given that, and taking as true for the sake of discussion your
> > assertion above, what would polkit or a workalike add, given that
> > apps can already do what you said is desirable?
> > 
> > I don't know, man.  Perhaps we're somehow failing to communicate, on
> > that point.  
> 
> I believe I see your point. Each app is responsible for deciding
> which actions to allow, or they have no security. In the end though
> you need to communicate, and you need to map those communications to
> authorized actions. The current toolkits fill these general needs, if
> perhaps suboptimally.
> 
> A quick analysis of polkit performed by the simple method of "trying
> to uninstall it on a working system" shows that it is required by:
> 
>  * synaptic etc
>  * colord (!)
> 
> and recommend by:
> 
>  * blueman
>  * cups
>  * elogind
>  * the desktop (xfce in my case)
>  * udisks2
>  * upower2
> 
> Which is what I'd expect. System management apps using polkit to
> decide whether to allow specific actions.
> 
> There are two correct answers to the thread: 1) polkit is not needed
> because you can accomplish all this with "sudo" and also 2) "you need
> polkit if you want to be able to manage local system things like
> disks and bluetooth devices from friendly UI programs without sudo".
> 
> One difference between polkit and d-bus is you can sum up polkit's
> requirements in one sentence. :) 
> 
> Polkit's goals seem reasonable. I hear suggestions that "polkit's
> goals should be accomplished with another mechanism"; groovy! What is
> that mechanism? If not polkit, what? I'm a sudo-only user myself by
> nature, but I find it difficult to criticize something that lets me
> configure bluetooth devices more easily.
> 
> t
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

assign bluetooth devices to a group, and make sure users that should be
able to access the hardware are in that group, also

add the 'user' mount option to things like cdroms to allow unprivileged
uses to mount the media.
/dev/sr0/media/cdrom0
auto,user,ro  0   0
#Compact Discs


-- 
 ___ 
/ leverage, n.: \
|   |
| Even if someone doesn't care what the |
| world thinks  |
|   |
| about them, they always hope their|
\ mother doesn't find out.  /
 --- 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] ibus

[tom]

On Tue, 17 Mar 2020 18:12:42 -0400
Steve Litt  wrote:

> On Tue, 17 Mar 2020 10:59:41 +0100
> "Dr. Nikolaus Klepp"  wrote:
> 
> > Anno domini 2020 Tue, 17 Mar 10:27:11 +0100
> >  Didier Kryn scripsit:
> 
> > >      There's now a fashion of doing all innovations in a
> > > complicated way. It seems developpers have become unable to think
> > > simple. This is terribly disapointing.
> > > 
> > >          Didier  
> > 
> > Oh my, that pestilence still has not died? I rember ages ago I was
> > tempted to use it as an "easy" way to inject mouse+keyboard events
> > from userspace program into X11. Turned out, it was an
> > overcomplicated way to solve a problem that "xdotool" has solved
> > already.
> 
> Thanks for telling me about xdotool. What a cool program!
>  
> SteveT
> 
> Steve Litt
> March 2020 featured book: Troubleshooting: Why Bother?
> http://www.troubleshooters.com/twb
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

oh yeah, xdotool is great. I have used it together in a script, in
combination with dmenu and pass to allow me to lookup a password in my
password store and auto-type it anywhere at the press of a macro. huge
timesaver and very reliable.

https://www.passwordstore.org/
https://tools.suckless.org/dmenu/

-- 
 _ 
/ Symptom: Feet cold and wet, glass   \
| empty. Fault: Glass being held at   |
| incorrect angle. Action Required: Turn  |
| glass other way up so that open end |
| points  |
| |
| toward ceiling. |
| |
| Symptom: Feet warm and wet. Fault:  |
| Improper bladder control. Action|
| Required: Go stand next to nearest dog. |
| After a while complain  |
| |
| to the owner about its lack of house|
| training and|
| |
| demand a beer as compensation.  |
| |
\ -- Bar Troubleshooting  /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help needed:[Fwd: eudev: Methods to detect if running in a container.]

[tom]

On Mon, 30 Mar 2020 16:37:40 +
aitor_czr  wrote:

> Hi,
> 
> On 30/3/20 14:09, g4sra via Dng wrote:
> > Fails to identify a Devuan Guest which has its own partition
> > running in a VM hosted by Fedora.  
> 
> Are you referring to the *raw* host hard disk from a guest?
> 
> http://www.virtualbox.org/manual/ch09.html#rawdisk
> 
> Aitor.
> 
> 

OpenRC natively supports detecting what kind of environment it running
in. Be it baremetal, LXC, etc. Perhaps you could use that or at least
look at the source code for it.

-- 
  
/ It's illegal in Wilbur, Washington, to \
\ ride an ugly horse./
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] discord is spyware

[tom]

On Fri, 20 Mar 2020 22:21:59 -0700
tom  wrote:

> the company
> behind it previously called OpenFeint and Hammer & Chisel has been
>  under a class action lawsuit in the state of California for
> various violations of consumer privacy, fraud, and abuse.
https://archive.org/details/OpenfeintComplaint/mode/2up

-- 
 _ 
/  We don't claim Interactive EasyFlow is \
| good for anything -- if you think it|
| is, great, but it's up to you to|
| decide. If Interactive EasyFlow doesn't |
| work: tough. If you lose a million  |
| because Interactive EasyFlow messes up, |
| it's you that's out the million, not|
| us. If you don't like this disclaimer:  |
| tough. We reserve the right to do the   |
| absolute minimum provided by law, up to |
| and including nothing.  |
| |
| This is basically the same disclaimer   |
| that comes with all software packages,  |
| but ours is in plain English and theirs |
| is in legalese. |
| |
| We didn't really want to include any|
| disclaimer at all, but our lawyers  |
| insisted. We tried to ignore them but   |
| they threatened us with the attack  |
| shark at which point we relented.   |
| |
| -- Haven Tree Software Limited, |
\ "Interactive EasyFlow"  /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] discord is spyware

[tom]

On Sat, 21 Mar 2020 14:55:21 +1000
onefang  wrote:

> On 2020-03-21 15:44:10, terryc wrote:
> > On Fri, 20 Mar 2020 08:38:32 -0400
> > Steve Litt  wrote:
> > 
> > > Is anybody using Discord in Devuan for virtual get-togethers?
> > 
> > Yes, in the sense that I can join such for various groups like
> > games, etc where someone else has paid for the server.
> > 
> > Best I've managed is to follow the text chat and swap between
> > discussion groups on "the server" and occasionally I manage to
> > receive audio. but not send. Nor have I ever received a video feed,
> > but I believe that requires a subscription
> > 
> > I do not know whether this depends on having pulse audio, but I
> > only use alsa.
> > 
> > I do not particularly like Discord as it doesn't turn off/exi and I
> > have to hunt down and kill the daemon and some of he severs tend to
> > use pesterpost to continually send messages about "what you
> > missed". Not my scene.
> > 
> > Usenet & IRC serves me fine, when I want it.
> > 
> > Although I was looking last night for linux based
> > "conference/meeting software that I might be able to run to host
> > free local discussions/"virtual meetings" for various local
> > community groups shut down by Sars-cov2/covid-19 virus, but the few
> > were all .
> 
> There are things like Jitsi (used by the Devuan developers), OpenSim
> (used by me), or plain old Jabber / XMPP (also used by me) if you only
> need text.  Jitsi is a combination of video and text, though I think
> the text bit is handled be the Prosody Jabber / XMPP server.  OpenSim
> is a 3d virtual world, I have worked for a company that offers
> business meeting services using it and VR (I added the VR bit).
> 

No, I do not use Discord. Discord is spyware
https://spyware.neocities.org/articles/discord.html and the company
behind it previously called OpenFeint and Hammer & Chisel has been
 under a class action lawsuit in the state of California for
various violations of consumer privacy, fraud, and abuse.

If you browse archive.org you can find discord's old website and with
the privacy link if you click it directs you here:
https://web.archive.org/web/20150215003920/http://hammerandchisel.com/privacy/

>Disclosure of Your Personal Information
>In connection with any merger or sale of Hammer & Chisel assets, or a
>financing or acquisition of all or a portion of our business to
>another company
>Please note that we may share aggregate or anonymous information about
>you with advertisers, publishers, business partners, sponsors, and
>other third parties.
>Advertisements

>We may feature advertisements on our Service served by third parties.
>These advertisers may collect and use information about your visits to
>our Service in order to provide advertisements about goods and services
>of interest to you.


I use the Open Source Mumble and XMPP with the psi-plus client. Maybe
one day Jingle support will mature in psi-plus and I could use that,
but until then Mumble works pretty good. In fact I'd even call it
studio quality with the right microphone and signal processing
combination. I also hear Jitsi and SIP is good for videocalls.
-- 
 _ 
/  We don't claim Interactive EasyFlow is \
| good for anything -- if you think it|
| is, great, but it's up to you to|
| decide. If Interactive EasyFlow doesn't |
| work: tough. If you lose a million  |
| because Interactive EasyFlow messes up, |
| it's you that's out the million, not|
| us. If you don't like this disclaimer:  |
| tough. We reserve the right to do the   |
| absolute minimum provided by law, up to |
| and including nothing.  |
| |
| This is basically the same disclaimer   |
| that comes with all software packages,  |
| but ours is in plain English and theirs |
| is in legalese. |
| |
| We didn't really want to include any|
| disclaimer at all, but our lawyers  |
| insisted. We tried to ignore them but   |
| they threatened us with the attack  |
| shark at which point we relented.   |
| |
| -- Haven Tree Software Limited, |
\ "Interactive EasyFlow"  /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] The real reason I like Linux

[tom]

On Fri, 20 Mar 2020 05:33:04 -0400
Dan Purgert  wrote:

> On Mar 19, 2020, tom wrote:
> > On Mon, 16 Mar 2020 21:29:51 -0400
> > Dan Purgert  wrote:  
> > > 
> > > What, then, is so bad about PCI?  Or hell, even ISA?
> > > 
> > > Sure, it's super-limiting in terms of what you can buy off the
> > > shelf -- but then again, so was the "compatible with Arduino(tm)"
> > > market 5-10 years ago (and now look at that mess!)
> > > 
> > > I guess what I'm trying to ask is what would be so bad about a
> > > "RISC-V Hobby Linux Machine(tm)" only offering these "older"
> > > peripheral connectivity interfaces in interests of being
> > > inexpensive and also preserving end-user freedom?
> > > 
> > > Or ... maybe I'm just a bit crazier than I thought.
> > >   
> > 
> > Nothing wrong with that in of itself, it's just a bit odd to pair a
> > RISCV cpu with only slow peripherals. Now there are RISCV
> > microcontrollers you can buy that don't have an MMU so you can't run
> > Linux on them, and they have all the IO you'd come to expect on a
> > microcontroller, however if you want to run Linux or some other
> > similar multitasking OS like NetBSD it probably makes a lot more
> > sense to choose something aarch64 based purely do to how good and
> > mature aarch64's IO capabilities are.  
> 
> Either I'm just horrific at asking (good) questions; or there's
> something here that you're saying that I simply don't understand.
> 
> > [...]
> > But back to your question why not RISCV with slow IO. That's like of
> > like pairing a Ferrari with a horse trailer. There are much better
> > options out there for pulling horse trailers than sports cars.  
> 
> Sure, but if all you have is the Ferrari, and the trailer needs to get
> pulled... 
> 
> 
> 
> 

Sorry, can you clarify or rephrase what you asking?

-- 
 _ 
/  We don't claim Interactive EasyFlow is \
| good for anything -- if you think it|
| is, great, but it's up to you to|
| decide. If Interactive EasyFlow doesn't |
| work: tough. If you lose a million  |
| because Interactive EasyFlow messes up, |
| it's you that's out the million, not|
| us. If you don't like this disclaimer:  |
| tough. We reserve the right to do the   |
| absolute minimum provided by law, up to |
| and including nothing.  |
| |
| This is basically the same disclaimer   |
| that comes with all software packages,  |
| but ours is in plain English and theirs |
| is in legalese. |
| |
| We didn't really want to include any|
| disclaimer at all, but our lawyers  |
| insisted. We tried to ignore them but   |
| they threatened us with the attack  |
| shark at which point we relented.   |
| |
| -- Haven Tree Software Limited, |
\ "Interactive EasyFlow"  /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] The real reason I like Linux

[tom]

On Mon, 16 Mar 2020 21:29:51 -0400
Dan Purgert  wrote:

> On Mar 16, 2020, tom wrote:
> > On Mon, 16 Mar 2020 08:38:04 -0400
> > Dan Purgert  wrote:
> > 
> > > On Mar 15, 2020, tom wrote:
> > > > [...] The biggest technical problem is the
> > > > lack of ASIC northbridge, or rather something to interface the
> > > > CPU to an PCIE bus. Currently the best thing available you can
> > > > get is an FPGA and it is a severe bandwidth bottleneck. It's
> > > > also super expensive getting an FPGA that beefy enough. I don't
> > > > see RISCV going anywhere until this is solved except
> > > > microcontroller applications.
> > > > 
> > > > The second problem is patents that prevent RISCV developers from
> > > > implementing a lot of popular specs and standards. Just as an
> > > > example look at the licensing cost of implementing HDMI vs
> > > > DisplayPort.
> > > 
> > > On the one hand, I understand why a "large market audience" device
> > > would need HDMI or DisplayPort or the newest whizbang 256K DNA
> > > ("Direct Neural Attachment") adapter is ... but why does that
> > > need to be on a small-market / hobby computer?
> > > 
> > > I can only speak for myself, but a reasonably open PC at the $400
> > > mark would certainly be competitive to dell or hp; even if it were
> > > "limited" in the peripheral interconnect area (assuming, of
> > > course, the motherboard's peripheral layout were well documented
> > > and people were encouraged to make stuff -- see arduino or rpi
> > > expansion boards )
> > > 
> > 
> > generally you want to be able to attach a video card or high
> > performance disk controller to a PCIE slot. you /can/ do these
> > things with an FPGA but I wouldn't call it very reliable. You do
> > too many things or send too much data over the bus it exceeds the
> > bandwidth and the system locks up needing a reset.
> 
> I think I wasn't clear enough then.  For the sake of discussion, let's
> say PCIe is off the table.
> 
> What, then, is so bad about PCI?  Or hell, even ISA?
> 
> Sure, it's super-limiting in terms of what you can buy off the shelf
> -- but then again, so was the "compatible with Arduino(tm)" market
> 5-10 years ago (and now look at that mess!)
> 
> I guess what I'm trying to ask is what would be so bad about a "RISC-V
> Hobby Linux Machine(tm)" only offering these "older" peripheral
> connectivity interfaces in interests of being inexpensive and also
> preserving end-user freedom?
> 
> Or ... maybe I'm just a bit crazier than I thought.
> 

Nothing wrong with that in of itself, it's just a bit odd to pair a
RISCV cpu with only slow peripherals. Now there are RISCV
microcontrollers you can buy that don't have an MMU so you can't run
Linux on them, and they have all the IO you'd come to expect on a
microcontroller, however if you want to run Linux or some other similar
multitasking OS like NetBSD it probably makes a lot more sense to
choose something aarch64 based purely do to how good and mature
aarch64's IO capabilities are.

There is a lot more out there for aarch64 Linux than just the raspberry
Pi computers. Look at Pine64, Beaglebones, and go up further to things
like the Ampere Emag. My personal fav is the RK3399 cpu. very good
all-rounder, lots of IO and hardware offload.

But back to your question why not RISCV with slow IO. That's like of
like pairing a Ferrari with a horse trailer. There are much better
options out there for pulling horse trailers than sports cars.



-- 
 _ 
/ Most people exhibit what political  \
| scientists call "the conservatism of|
| the peasantry." Don't lose what you've  |
| got. Don't change. Don't take a chance, |
| because you might end up starving to|
| death. Play it safe. Buy just as much   |
| as you need. Don't waste time.  |
| |
| When we think about risk, human beings  |
| and corporations realize in their heads |
| that risks are necessary to grow, to|
| survive. But when it comes down to  |
| keeping good people when the crunch |
| comes, or investing money in something  |
| untried, only the brave reach deep into |
| their pockets and play the game as it   |
| must be played. |
| |
| - David Lammers, "Yakitori", Electronic |
\ Engineering Times, January 18, 1988 /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] The real reason I like Linux

[tom]

On Mon, 16 Mar 2020 08:38:04 -0400
Dan Purgert  wrote:

> On Mar 15, 2020, tom wrote:
> > [...] The biggest technical problem is the
> > lack of ASIC northbridge, or rather something to interface the CPU
> > to an PCIE bus. Currently the best thing available you can get is
> > an FPGA and it is a severe bandwidth bottleneck. It's also super
> > expensive getting an FPGA that beefy enough. I don't see RISCV
> > going anywhere until this is solved except microcontroller
> > applications.
> > 
> > The second problem is patents that prevent RISCV developers from
> > implementing a lot of popular specs and standards. Just as an
> > example look at the licensing cost of implementing HDMI vs
> > DisplayPort.
> 
> On the one hand, I understand why a "large market audience" device
> would need HDMI or DisplayPort or the newest whizbang 256K DNA
> ("Direct Neural Attachment") adapter is ... but why does that need to
> be on a small-market / hobby computer?
> 
> I can only speak for myself, but a reasonably open PC at the $400 mark
> would certainly be competitive to dell or hp; even if it were
> "limited" in the peripheral interconnect area (assuming, of course,
> the motherboard's peripheral layout were well documented and people
> were encouraged to make stuff -- see arduino or rpi expansion boards )
> 

generally you want to be able to attach a video card or high
performance disk controller to a PCIE slot. you /can/ do these things
with an FPGA but I wouldn't call it very reliable. You do too many
things or send too much data over the bus it exceeds the bandwidth and
the system locks up needing a reset.

-- 
  
/ Sed quis custodiet ipsos Custodes? \
||
\ [Who guards the Guardians?]/
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] The real reason I like Linux

[tom]

On Sun, 15 Mar 2020 17:20:51 -0400
Hendrik Boom  wrote:

> On Sun, Mar 15, 2020 at 01:20:24PM -0700, tom wrote:
> > 
> > But this may be a stop-gap if you /really/ need to get an X86
> > machine you already have running. My advice is to stop buying X86
> > in the future and invest in other arches.
> 
> 
> Like what the libre-risv / libre-soc project is working on
> ( currently at https://libre-riscv.org ).  But that won't be ready
> for a while.
> 
> Also https://www.crowdsupply.com/libre-risc-v/m-class
> 
> They started planning on a RISC-V processor, but the seem to be
> moving to a POWER processor for technical licencing reasons.
> 
> -- hendrik
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

I've actually used one of the first RISCV ASIC cpus. The Sifive Hifive.
It ran Debian just fine and I even connected it to a network and played
some multiplayer video games on my laptop vs the RISCV machine clocked
at 1Ghz. Compilers fly on RISCV. I do think RISCV is the future,
however there's a big problem with RISCV and it's a mixture of
political and technical problems. The biggest technical problem is the
lack of ASIC northbridge, or rather something to interface the CPU to
an PCIE bus. Currently the best thing available you can get is an FPGA
and it is a severe bandwidth bottleneck. It's also super expensive
getting an FPGA that beefy enough. I don't see RISCV going anywhere
until this is solved except microcontroller applications.

The second problem is patents that prevent RISCV developers from
implementing a lot of popular specs and standards. Just as an example
look at the licensing cost of implementing HDMI vs DisplayPort.

At least that is how I understand the situation to be, but there are
probably more knowledgeable RISCV experts than me

-- 
 _ 
/ An elderly couple were flying to their  \
| Caribbean hideaway on a chartered plane |
| when a terrible storm forced them to|
| land on an uninhabited island. When |
| several days passed without rescue, the |
| couple and their pilot sank into a  |
| despondent silence. Finally, the woman  |
| asked her husband if he had made his|
| usual pledge to the United Way  |
| Campaign.   |
| |
| "We're running out of food and water|
| and you ask *that*?" her husband|
| barked. "If you really need to know, I  |
| not only pledged a half million but |
| I've already paid them half of it." |
| |
| "You owe the U.W.C. a *quarter  |
| million*?" the woman exclaimed  |
| euphorically. "Don't worry, Harry,  |
\ they'll find us! They'll find us!"  /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Beowulf Beta is here!

[tom]

On Sun, 15 Mar 2020 11:22:49 -0500
goli...@devuan.org wrote:

> Pulseaudio
>   - If you have no sound, make sure the following line in
> /etc/pulse/client.conf.d/00-disable-autospawn.conf is commented as
> shown here:
> 
> #autospawn=no
> 
>   - Note that firefox-esr no longer requires pulseaudio. You can
> easily remove pulseaudio and just use alsa.
Just wanted to ask, not a huge deal to uninstall it by hand, but why
isn't pulseaudio removed by default?

-- 
  
/ All generalizations are false, \
| including this one.|
||
\ -- Mark Twain  /
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] The real reason I like Linux

[tom]

On Mon, 16 Mar 2020 06:05:49 +1100
Andrew McGlashan via Dng  wrote:

> Actually, we've got more to fear with hardware [and the lower level
> firmware / EFI / SecureBoot / IME / vPro and other crap] these days
> whether we avoid Winblows or not.
> 
> The Intel and AMD flaws, Intel Management Engine (IME), vPro
> capabilities and all of that crap; how can we trust our computers?
> Those run below the OS level and can see everything that the OS does
> and it isn't vice/versa.
> 
> There are some outfits that go out of their way to give you back
> freedoms that you should not have lost; including System76 for one,
> disabling IME as much as is possible and using Coreboot.  There have
> been other projects in the past, but some with very, very old pre
> Intel Core hardware.  Almost every computer sold since the early
> Intel Core Duo CPUs have had serious flaws and components/systems
> that significantly lessen your freedoms and invades your privacy at
> the same time -- if they don't do that, they sure can if they want to.
> 
> Even if you bought almost any new computer these days and ran an OS
> of your own making; it will still include all the Intel Management
> and/or other crap.
> 
> The latest round of flaws from Intel make it so that only the very
> latest processors are immune to serious problems relating to the lack
> of security of IME system keys; meaning that bad code could get on to
> the machines whilst masquerading as valid, secure and signed "Intel"
> code (whether you trust Intel or not).  Even having fixed this
> particular flaw, assuming they have, then you've still got to trust
> Intel.

Well, if freedom is what your after and then I assume you are only
using software you have the source code to. If that's the case then
there is really no reason to use the X86 arch. Most people are only
stuck to the X86 arch because they need to run Windows or run some
windows binary. When you have the source just run it through a
cross-compiler like GCC and target whatever arch you want to use.

On the mobility side we have the excellent and extremely power
efficient aarch64 cpus like the RK3399. And on the workstation side we
have the POWER9 cpus like the ones from IBM.

http://opensource.rock-chips.com/wiki_RK3399
https://www.theobroma-systems.com/som-product/rk3399-q7/
https://www.theobroma-systems.com/evaluationkit/haikou-q7-dev-kit/ (atx
form factor motherboard for aarch64 with PCIE and sata)

https://www.raptorcs.com/TALOSII/
https://www.raptorcs.com/content/TL2B01/intro.html
https://git.raptorcs.com/git/

Regarding cleaning out the intel backdoors from older hardware,
Generation 2 (Core2) cpus can have the ME blob completely removed from
them will no ill effects. Generations 3 and up to and including 6
(Skylake) You can 'neuter' the backdoor but not fully remove it. You do
this by removing every module except the ones that are now required to
start the main cores (like BUP for example) and setting the
undocumented 'HAP' bit which was found to be sit on dell machines going
to the US government.

https://github.com/corna/me_cleaner

Thankfully most X86 boards nowdays are not rolling their own BIOS
firmware and instead just modifying some template AmiBIOS licensees
them so you don't have to do a whole lot of reverse engineering to do
this, however do still note that X86 cpus are like swiss cheese when it
comes to security and correctness and you're still going to have all
those hardware vulns like meltdown,spectre,l1tf,mds,spectre_v2, and the
list just keeps on growing and growing.

But this may be a stop-gap if you /really/ need to get an X86 machine
you already have running. My advice is to stop buying X86 in the future
and invest in other arches.
-- 
  
/ All generalizations are false, \
| including this one.|
||
\ -- Mark Twain  /
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] The real reason I like Linux

[tom]

On Sat, 14 Mar 2020 15:08:37 +
Mark Rousell  wrote:

> I am not opposing your central message in any way, but...
> 
> On 13/03/2020 02:59, Steve Litt wrote:
> > involves programming, and most people can't
> > do that.
> >
> > Oh really? 12 lines of code and they can't do it (or have a friend
> > help do it)?
> 
> Really. There is no way on earth that the average computer user could
> even come close to writing a program or script and this applies to
> most of their friends too.
> 
> Some people might be able to use a macro recorder or a graphical tool
> that allows them to assemble functional blocks to create a script, but
> even that much would be too much for most end users in my experience.
> End users want to use, to consume. Creating/programming is not in
> their mindset.
> 
> 
> It strikes me that back when I first got into computers (the early
> 80s), there was a sense of optimism that the rapid growth of widely
> affordable technology would result in a new golden era of technical
> literacy. Oh dear, how naive.
> 
> Instead, the techies, geeks and entrepreneurs made technology
> *easier*. We made it so that it was easier for end users to consume,
> to use what was offered to them. There was no need for the
> non-technical end users to learn anything. It all just works. Or, if
> it doesn't work, they throw it away and try something else. And so
> that golden age of technical literacy has never really arrived. What
> we have now is billions of consumers and, proportionately speaking,
> fewer and fewer people who actually know how it all works.
> 
> Thus, the average user (even the average Linux user, I suspect) is not
> going to be scripting stuff any time soon (other than maybe by typing
> in stuff they Googled).
> 

I strongly feel like this kind of user should stay away from Linux and
just use Windows. When those kind of users displace the original
user-base of literate people they start making the system as a whole
worse for the core community who built the thing in the first place.

-- 
 ___ 
/ That woman speaks eight languages and \
| can't say "no" in any of them.|
|   |
\ -- Dorothy Parker /
 --- 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] why is polkit needed?

[tom]

On Fri, 06 Mar 2020 15:25:55 -0700
tekHedd  wrote:

> On Fri, Mar 6, 2020, at 12:51 PM, Hendrik Boom wrote:
> > On Thu, Mar 05, 2020 at 02:09:37PM +0100, Didier Kryn wrote:
> > > Le 03/03/2020 à 23:37, tekHedd a écrit :
> > > > 
> > > > So, I would consider rewriting polkit and dbus from scratch.
> > > > 
> > > > Also, who has time to rewrite polkit and dbus from scratch?
> > 
> > What are the actual requirements for a dbus-like system?
> > Requirements that would allow a completely different design?
> 
> Exactly. Are there even requirements supporting the current design?
> Were there ever requirements at all? We can easily see what it does,
> but it's really hard to determine what it *needs* to do. 
> 
> Bad sign: You know you've chosen poorly the moment you are
> simultaneously offering a) broadcast messaging and b) guaranteed
> delivery.
> 
> A google search for d-bus requirements turns up, well, documentation
> of its current architecture. No requirements. Also contains this
> choice quote:
> 
> "The usage of D-Bus is steadily expanding beyond the initial scope of
> desktop environments to cover an increasing amount of system
> services. For instance, NetworkManager network daemon, BlueZ
> bluetooth stack and Pulseaudio sound server use D-Bus to provide part
> or all of its services. systemd uses the D-Bus wire protocol for
> communication between systemctl and systemd, and is also promoting
> traditional system daemons to D-Bus services, such as logind.[25]
> Another heavy user of D-Bus is Polkit, whose policy authority daemon
> is implemented as a service connected to the system bus.[26]"
> 
> So... all of the usual suspects. What is absent here? That's right,
> no *other* programs are listed besides the usual suspects. So who
> really uses it? 
> 
> Nothing I can find suggests that dbus is used for anything essential,
> besides possibly polkit. And there's nothing suggesting that polkit
> needs to be implemented via dbus. Therefore, you could eliminate dbus
> entirely and rethink polkit's implementation without undue impact,
> assuming you are ditching systemd and friends of course.
> 
> (I realize I'm skirting "devil's advocate" territory here...)
> 
> t
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

The ONLY thing I am using DBUS for on my systems is for notifications.
Be it have something blip in the top right of my monitor when I get an
email, or gmusicplayer changes a song. psi-plus (XMPP client) is able
to read MPRISv2 over dbus to update my presence information with the
song i'm currently listening to.

Other than that that is the only thing dbus is useful for that I can
see. But I am sure there is a more elegant way to handle desktop
notifications.

but to me clear i'm talking purely about dbus, not polkit

-- 
 _ 
< You love peace. >
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] why is polkit needed?

[tom]

On Mon, 24 Feb 2020 14:33:25 +0100
Tito via Dng  wrote:

> and only for known "safe" commands. For everything else, it'd be much
> better to just log in on a tty as root. Same goes for su.
> 
> for sudo only if set
> 
> userALL=(ALL:ALL) ALL
> 
> or if the user is added to the sudo group
> 
> # Allow members of group sudo to execute any command
> %sudo   ALL=(ALL:ALL) ALL
> 
> if used for single commands it should not be a problem
> unless you allow to open a root xterm
> To replace su or sudo binary you need root so at this point
> the system is already compromised.
> The use with no password solves one problem but creates others
> like everybody being able to wreck the system with synaptic
> or gparted as soon as they find an unattended desktop.
> Don't want my mom to use synaptic..just mail and browser.
just so you know, it's more traditional and portable to allow the wheel
group to sudo, not have a separate sudo group.
https://en.wikipedia.org/wiki/Wheel_%28computing%29
%wheel   ALL=(ALL:ALL) ALL

-- 
  
/ Hello... IRON CURTAIN? Send over a \
| SAUSAGE PIZZA! World War III? No   |
\ thanks!/
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] why is polkit needed? dropin replacement

[tom]

On Mon, 24 Feb 2020 13:46:46 +0100
Didier Kryn  wrote:

> Le 24/02/2020 à 10:44, aitor a écrit :
> > Hi Didier,
> >
> > En 24 de febrero de 2020 10:01:33 Didier Kryn 
> > escribió:
> >
> >> Le 24/02/2020 à 01:16, Aitor a écrit :
> >>>
> >>> Hi Tito,
> >>>
> >>> On 23/2/20 17:02, Tito via Dng wrote:
>  Why use 2 binaries rather than one, more programs, more code,
>  more communication in between them equals to more attack surface.
>  I would stay with just one suid binary, more so if you want to
>  go the su-only route.
> >>> I'll answer to this question in more detail: the requeriment of
> >>> suid privilegies implies an additional (non GUI) binary due to
> >>> the fact that the usage of any GTK suid binary is impossible.
> >>> Read here:
> >>>
> >>> http://soc.if.usp.br/manual/libgtk2.0-doc/faq/x392.html
> >>     Does it mean that synaptic works that way with droping
> >> priviledges in the GUI?
> >>
> >>     Didier
> >
> > Synaptic is run as root via sudo/su. There are no suid privilegies
> 
>      Hi Aitor.
> 
>      Sure, but it is running a GUI with root priviledge. I thought
> this was the danger and I understood this was forbidden in GTK+.
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

It's not a big deal as long as it's not some crazy bloated mess like a
web browser or something.

-- 
 _ 
/ This is the story of the bee Whose sex  \
| is very hard to see |
| |
| You cannot tell the he from the she But |
| she can tell, and so can he |
| |
| The little bee is never still She has   |
| no time to take the pill|
| |
| And that is why, in times like these|
\ There are so many sons of bees. /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] why is polkit needed? dropin replacement

[tom]

On Sun, 23 Feb 2020 13:17:21 +0100
Aitor  wrote:

> Hi,
> 
> On 23/2/20 12:34, Aitor wrote:
> >
> > Hi Steve,
> >
> > On 21/2/20 21:57, Steve Litt wrote:
> >> Will it work even if I'm not using lxqt? Does it stand alone?
> >>   
> >> SteveT
> > I've just started developing a replacement for gksu in gtk2
> > following the same method used in simple-netaid,
> > that is: a suid binary receiving the password through an unix
> > socket, and the name of the application
> > to be run as an argument in the command line. Since i'm not that 
> > expert on security stuff, maybe i'll
> > restrict this tool only to a few graphical applications like
> > synaptic, bleachbit, gparted, thunar, pcmanfm...
> > Any suggestion for the name of this alternative? What about gkexec?
> >
> > Cheers,
> >
> > Aitor.
> >
> I rectify:
> 
> The binary won't be suid, but rather it'll receive the root password 
> through the mentioned unix socket using internally (sudo | su)
> afterwards.
> 
> Aitor.
> 
> 

What happens when a password isn't need, such as when a sudo policy is
set?

-- 
 ___ 
/ I smell like a wet reducing clinic on \
\ Columbus Day! /
 --- 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] why is polkit needed? dropin replacement

[tom]

On Wed, 19 Feb 2020 15:17:06 +0100
Tito via Dng  wrote:

> 
> 
> On 2/19/20 10:23 AM, tom wrote:
> > On Wed, 19 Feb 2020 00:35:26 -0800
> > tom  wrote:
> > 
> >> Deprecated gksudo? Well thats pretty dumb. Any particular reason
> >> Devuan doesn't just fish around for the old gksudo git repo and
> >> continue that instead of dealing with this policykit mess of
> >> complexity? You can allow users in your a group for example
> >> 'installers' to run synaptic by editing sudo's config like so:
> >>
> >> %installers ALL=(ALL) NOPASSWD: /usr/sbin/synaptic
> >>
> >> This Policykit stuff just seems like completely unneeded and
> >> unstable cruft like systemd or pulseaudio.
> >>
> >> Thank you for clarifying though. I'm going to see about getting it
> >> working on Gentoo since I have more experience with ebuilds than I
> >> do with Debian packaging currently.
> >>
> >>
> >>
> > 
> > Just found a drop-in replacement for gksudo. It's called lxqt-sudo.
> > https://github.com/lxqt/lxqt-sudo
> > It works pretty well.
> > 
> Hi,
> 
> this one is nice! but it solves only partially the problem
> of eventually removing policykit because most packages
> like for example synaptic or network-manager have a
> dependency on polkit or on libpolkit-gobject-1.
> Replacing pkexec could be easily done with a wrapper
> calling lxqt-sudo, but I cannot imagine what
> debian packaging voodoo would be needed to
> remove polkit, but for sure a lot of work.
> It is hard to weed out over-complexity once
> it slipped in.
> 
> Ciao,
> Tito
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

If someone had some time they could patch synaptic to remove any pkexec
stuff. But a quick and dirty hack would be to simply modify the
XDG .desktop file and prepend lxsudo to the command line. Here is an
example I did for Zenmap: https://0x0.st/iZpe.png

[Desktop Entry]
Name=Zenmap (as root)
GenericName=GUI Port Scanner
TryExec=/usr/share/zenmap/su-to-zenmap.sh
Exec=lxsudo zenmap
Terminal=false
Icon=/usr/share/zenmap/pixmaps/zenmap.png
Type=Application
Categories=Network;System;Security;
Comment=A cross-platform GUI for the Nmap Security Scanner.
Keywords=network;scan;scanner;IP;security;
Path=
StartupNotify=false

It should also be noted the Zenmap already came with a decent script to
do this, but for my purposes this simple hack worked well enough. I
didn't like the jarring visual discontinuity of xterm. I also would
rather use sudo than su based tools since sudo can have finer grained
polices set

-- 
  
/ Maternity pay? Now every Tom, Dick and \
| Harry will get pregnant.   |
||
\ -- Malcolm Smith   /
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] why is polkit needed? dropin replacement

[tom]

On Wed, 19 Feb 2020 00:35:26 -0800
tom  wrote:

> Deprecated gksudo? Well thats pretty dumb. Any particular reason
> Devuan doesn't just fish around for the old gksudo git repo and
> continue that instead of dealing with this policykit mess of
> complexity? You can allow users in your a group for example
> 'installers' to run synaptic by editing sudo's config like so:
> 
> %installers ALL=(ALL) NOPASSWD: /usr/sbin/synaptic
> 
> This Policykit stuff just seems like completely unneeded and unstable
> cruft like systemd or pulseaudio.
> 
> Thank you for clarifying though. I'm going to see about getting it
> working on Gentoo since I have more experience with ebuilds than I do
> with Debian packaging currently.
> 
> 
> 

Just found a drop-in replacement for gksudo. It's called lxqt-sudo.
https://github.com/lxqt/lxqt-sudo
It works pretty well.

-- 
 _ 
/ We're Knights of the Round Table We \
| dance whene'er we're able We do |
| routines and chorus scenes We're|
| knights of the Round Table With |
| footwork impeccable Our shows are   |
| formidable We dine well here in Camelot |
| But many times We eat ham and jam and   |
| Spam a lot. We're given rhymes  |
| |
| That are quite unsingable In war we're  |
| tough and able, We're opera mad in  |
| Camelot Quite indefatigable We sing |
| from the diaphragm a lot. Between our   |
| quests We sequin vests And impersonate  |
| Clark Gable It's a busy life in |
| Camelot. I have to push the pram a lot. |
| |
\ -- Monty Python /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] PSI+ (Qt) on XFCE (GTK) on Beowulf

[tom]

On Tue, 18 Feb 2020 10:30:11 +0100
Didier Kryn  wrote:

> Le 18/02/2020 à 10:02, kernel panic! a écrit :
> > Hello freedom Heroes,
> >
> > i will use PSI+ on my Beowulf, XFCE. if i start it on XFCE "nothing
> > happend" The "XDG Runtime Dir" never exist on GTK?
> >
> >
> >> :~$ psi-plus
> >> [20200218 9:25:18] W:QStandardPaths: XDG_RUNTIME_DIR not set,
> >> defaulting to '/tmp/runtime-michael' (unknown:0, unknown)
> >>
> >>
> > Can i make this via hand? Or any other Idea?
> >
> > Thanks in Advaced
> >
> > Michael
> >
>      Many XDG_*_DIR are declared in $HOME/.config/user-dirs.dirs
> 
>      I know that if you want one of them to *not* be created, it
> doesn't work to just delete the line; the only way is to declare it
> as some already existing directory, eg $HOME.
> 
>      Don't know if it would work to add XDG_RUNTIME_DIR to this file. 
> That's just some black magic I would try.
> 
>      Happy if it helps.
> 
>          Didier
> 
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Hey, I don't know for sure if this is the same issue your having, but I
have compiled psi-plus by hand on ASCII and been in contact with the
devs. If you do it on ASCII you must set the chat type to BASIC not
WEBKIT. This is because there is some javascript functions in the
webkit edition that do not work with the older version of webkit that
comes with ASCII. BASIC is fine enough for most cases and certainly a
lot more ram efficient but this could also be fixed by someone
adjusting the javascript to not use such new functions. It just not has
been important enough to do yet for anyone and BASIC is good enough for
most.

-- 
  
/ "You can't teach seven foot." -- Frank \
| Layton, Utah Jazz basketball coach,|
| when asked why he had recruited|
||
\ a seven-foot tall auto mechanic/
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] why is polkit needed? bring back gksudo

[tom]

On Wed, 19 Feb 2020 00:35:26 -0800
tom  wrote:

> Deprecated gksudo? Well thats pretty dumb. Any particular reason
> Devuan doesn't just fish around for the old gksudo git repo and
> continue that instead of dealing with this policykit mess of
> complexity? You can allow users in your a group for example
> 'installers' to run synaptic by editing sudo's config like so:
> 
> %installers ALL=(ALL) NOPASSWD: /usr/sbin/synaptic
> 
> This Policykit stuff just seems like completely unneeded and unstable
> cruft like systemd or pulseaudio.
> 
> Thank you for clarifying though. I'm going to see about getting it
> working on Gentoo since I have more experience with ebuilds than I do
> with Debian packaging currently.
> 
> 
> 

Oh, I just remembered. This would also be a very clean fix for being
about to shutdown and reboot in XFCE. using gksudo to ask sudo if the
user is allowed to manage the system's power state instead of policykit.

-- 
  
/ "You can't teach seven foot." -- Frank \
| Layton, Utah Jazz basketball coach,|
| when asked why he had recruited|
||
\ a seven-foot tall auto mechanic/
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] why is polkit needed? bring back gksudo

[tom]

Deprecated gksudo? Well thats pretty dumb. Any particular reason Devuan
doesn't just fish around for the old gksudo git repo and continue that
instead of dealing with this policykit mess of complexity? You can
allow users in your a group for example 'installers' to run synaptic by
editing sudo's config like so:

%installers ALL=(ALL) NOPASSWD: /usr/sbin/synaptic

This Policykit stuff just seems like completely unneeded and unstable
cruft like systemd or pulseaudio.

Thank you for clarifying though. I'm going to see about getting it
working on Gentoo since I have more experience with ebuilds than I do
with Debian packaging currently.



-- 
  
/ "You can't teach seven foot." -- Frank \
| Layton, Utah Jazz basketball coach,|
| when asked why he had recruited|
||
\ a seven-foot tall auto mechanic/
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] [devuan-dev] [PATCH] (security) launcher: don't attempt to execute arbitrary binaries

[tom]

On Mon, 13 Jan 2020 10:27:40 +0100
Evilham via Dng  wrote:

> Hello Enrico,
> 
> On dt., gen. 07 2020, Enrico Weigelt wrote:
> 
> > What might supposed to be convenience functionality, poses a 
> > real-life
> > security threat:
> >
> > A user can be tricked be tricked to download malicious code, 
> > unpack it with
> > +x permissions (eg. via tar) and execute it by just clicking on 
> > the icton.
> > In combination with other techniques (eg. homoglyphs), even more 
> > experienced
> > users can be tricked "open" some supposedly harmless file type, 
> > while Thunar
> > in fact executes a binary - with full user's privileges. (the 
> > same approach
> > is one of the primary infection vectors used by thousands of 
> > malwares in
> > Windows world, which already caused gigantic damages).
> >
> > Therefore introduce a new setting and only execute programs if 
> > explicitly
> > enabled.
> 
> 
> That's great!
> 
> Have you tried poking Thunar's developers into merging such a 
> feature?
> This is where the developers would like such things: 
> https://docs.xfce.org/xfce/thunar/bugs
> 
> It'd really be the best place for a setting like this to land and 
> benefit all Thunar users out there (which are not limited to 
> Debian-like or even Linux, but also include the BSDs).
> 
> Cheers!
> --
> Evilham
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

If the user is stupid enough to run random binaries from the internet
no amount of nannyware is going to protect them. All this does is add
another layer of inconvenience and complexity literal computers users
have to work around.

If you have to deal with users like that then set their home
directory's mount with option noexec.

-- 
 _ 
/ There is no character, howsoever good   \
| and fine, but it can be destroyed by|
| ridicule, howsoever poor and witless.   |
| Observe the ass, for instance: his  |
| character is about perfect, he is the   |
| choicest spirit among all the humbler   |
| animals, yet see what ridicule has  |
| brought him to. Instead of feeling  |
| complimented when we are called an ass, |
| we are left in doubt.   |
| |
| -- Mark Twain, "Pudd'nhead Wilson's |
\ Calendar"   /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] why is polkit needed?

[tom]

On Thu, 9 Jan 2020 16:50:15 +
Mark Hindley  wrote:

> On Thu, Jan 09, 2020 at 05:44:17PM +0100, Alessandro Vesely via Dng
> wrote:
> > Hi,
> > 
> > is there a recommended GUI package browser for Devuan?
> > 
> > After migrating, synaptic isn't installed.  If I try to install it,
> > it says it needs policykit-1.  Since the latter seems to be akin to
> > systemd, I reply 'n'.
> 
> I really don't think that is true. There is no direct relationship
> between policykit-1 and systemd. And our policykit works with either
> elogind or consolekit, so you have options.
> 
> If you want a integrated gui desktop that allows you to do privileged
> things like install packages, you will need policykit-1 or something
> similar.
> 
> Alternatively, use apt or aptitude from the commandline.
> 
> Mark
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Sorry, can you explain why exactly polkit is needed here? What is wrong
with what everyone was doing before polkit which was gksu or gksudo?

-- 
 _ 
/ There is no character, howsoever good   \
| and fine, but it can be destroyed by|
| ridicule, howsoever poor and witless.   |
| Observe the ass, for instance: his  |
| character is about perfect, he is the   |
| choicest spirit among all the humbler   |
| animals, yet see what ridicule has  |
| brought him to. Instead of feeling  |
| complimented when we are called an ass, |
| we are left in doubt.   |
| |
| -- Mark Twain, "Pudd'nhead Wilson's |
\ Calendar"   /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] We need upgrade reports

[tom]

On Wed, 1 Jan 2020 15:58:11 +0100
"Dr. Nikolaus Klepp"  wrote:

> Anno domini 2020 Wed, 1 Jan 08:00:22 -0500
>  fsmithred via Dng scripsit:
> > On 12/31/19 4:49 PM, Dr. Nikolaus Klepp wrote:
> > > All upgraded since some months, no problems so far.
> > > 
> > > Nik
> > > 
> > 
> > Was that with kde desktop by any chance? (One less for me to do?)
> 
> No, I use TDE (http://trinitydesktop.org) - I droped KDE ages ago
> when it was promoted to 4.X - more clutter, less freedom ..
> 
> Nik
> 
> 
> > 
> > fsr
> > ___
> > Dng mailing list
> > Dng@lists.dyne.org
> > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> > 
> 
> 
> 

oh, Has Trinity released a beowulf/buster repo build yet?

-- 
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Result of the Debian vote 'General Resolution: Init systems and systemd'

[tom]

On Sat, 28 Dec 2019 23:11:16 +1100
Andrew McGlashan via Dng  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Hi,
> 
> On 28/12/19 9:03 pm, Alexis PM via Dng wrote:
> > A mediocre result, neither good nor bad. The best option for people
> > who don't want to use systemd, Option 6 "E: Support for multiple
> > init systems is Required", came in last. But Option 1 "F: Focus on
> > systemd" came in second place, if it had won it would have been a
> > tragedy.
> 
> It's completely broken when only one group of interested parties have
> the only say; DDs should be ashamed.  Another wasted opportunity to
> make things right has been blown and there probably won't be any other
> opportunity afforded ever again :(
> 
> Debian needs to somehow find a way to include users (especially
> sysadmins)  in a meaningful way in votes of such significance.
> 
> A.
> -BEGIN PGP SIGNATURE-
> 
> iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXgdGXQAKCRCoFmvLt+/i
> +z4mAP4x7ateI5rKrp4KelB64iy5prRlmb7C5Dz6/QBaol4FLQEAk3FcV0Poiy+f
> dJyq5lOuMZfEk7PvQlZluOU5bUKeeM4=
> =oikP
> -END PGP SIGNATURE-
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

I know Devuan has been pretty much more or less 'to create a binary
compatible Debian but without systemd', but at what point would it be
determined that the best course of action may be to leave Debian behind
and continue our own way? Probably won't happen any time soon due to
manpower issues but it's worth thinking about.

-- 
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: KVM/QEMU incremental backups?

[tom]

On Thu, 21 Nov 2019 08:08:41 +0100
"Dr. Nikolaus Klepp"  wrote:

> Anno domini 2019 Wed, 20 Nov 22:59:28 -0800
>  tom scripsit:
> > On Wed, 20 Nov 2019 10:58:35 +0100
> > "Dr. Nikolaus Klepp"  wrote:
> > 
> > > was not able to access my data after a kernel upgrade
> > Oh you'll LOVE Nvidia graphics cards then. (Sarcasm)
> Oh yes. And I really like KDE5 - tried it yesterday to see if my
> favorite no-go-bug was fixed after 5 years. Nop, it wasn't:
> ksplashqml freezes in intel x11.
> 
> Nik
> 
> 
> 
> > 
> 
> 
> 

In all seriousness ZFS is pretty good and would already have been
merged with the kernel if it wasn't given a purposefully GPL
incompatible license in an attempt to sell more Solaris installs. See
how that worked out for them.

-- 
 _ 
/ There can be no twisted thought without \
| a twisted molecule. |
| |
\ -- R. W. Gerard /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] OT: KVM/QEMU incremental backups?

[tom]

On Wed, 20 Nov 2019 10:58:35 +0100
"Dr. Nikolaus Klepp"  wrote:

> was not able to access my data after a kernel upgrade
Oh you'll LOVE Nvidia graphics cards then. (Sarcasm)

-- 
  
/ The course of true anything never does \
| run smooth.|
||
\ -- Samuel Butler   /
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Insane defaults on Raspberry Pi images - How to fix corruption/dataloss

[tom]

There is another option I think is worth looking into. There's been
word on Samsung adding another filesystem to the Linux kernel called
the Flash Friendly FileSystem (F2FS). Perhaps instead of debating
disabling the ext4 journal we could just replace it with F2FS?


-- 
 __ 
/  "We have the right to survive!" \
|  |
| "Not by killing others." |
|  |
| -- Deela and Kirk, "Wink of An Eye", |
\ stardate 5710.5  /
 -- 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Insane defaults on Raspberry Pi images - How to fix corruption/dataloss

[tom]

On Tue, 12 Nov 2019 10:31:27 +0100
Edward Bartolo via Dng  wrote:

> Hi all,
> 
> The Raspberry Pi is very frequency used with an SD Card which is
> highly intolerant of frequent writes as these are limited. My first SD
> Card became read only after about six weeks with Devuan running. Using
> Raspbian, this issue did not repeat itself.
> 
> Needless to state, although it seems, it is actually needed for some
> people, the Raspberry Pi is not a full blown server, although it can
> be used by the hobbyist adolescent who wants to experiment and learn.
> 
> The suggested defaults in this thread will make Devuan even more
> unuseable for the vast majority of use cases concerning the Raspberry
> Pi.
> 
> For those who cannot affort brand new hardware, they can always opt to
> use second hand hardware. If one wants a cheap computer/server, there
> is absolutely no need to buy new or to buy the best of brands.
> 
> In short, trying defaults which assume an infinite number of disk
> writes, is contrary to what a Raspberry Pi is.
> 
> Please, promote defaults that respect what a Raspberry Pi is.
> 
> Finally, Devuan's Image for Raspberry Pi did NOT DETECT my sound card
> by IQaudIO atlhough the kernel modules were included in the image.
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

I'm not constantly writing to the SD card so I really don't understand
how having the journal enabled is going to cause the thing to burn out
significantly sooner that with it off. I am not expecting to use the
thing like an FTP server, but I do expect to be able to boot off it and
store basic system stuff like a last-known-time since the thing lacks
an RTC and time can't be acquired until after network init.

I do not think it's appropriate to discount the Pis or any other SBC
and a toy for children. Sure it's used that way but so are pencils,
books, and anything else.

Some things just don't require a full blown server and are served just
fine by the pi. For example, I have an old venerable UPS and power
distribution unit I have taken apart, serviced, and modified over the
years. I can get data from it and control it via a custom driver shim
for Nut Daemon. Now I want all the servers, routers, and switches in
the rack to be aware of the UPS's state so that if the power is out
past a certain battery threshold, various devices will start to power
down so that only essentials are left. I also want to be able to
programaticly energize each inverter inside the thing as more or less
load is needed to help achieve maximum efficiency. No point in having
both inverters active when at less than 40% load. I also want to record
line conditions like input freq, voltage, etc for historical analysis
on the monitoring server.

The Pi is what I had laying around the seemed suitable for the task.
It's got GPIO pins and a network port. Sure there are other SBCs I
could have used but a lot of them are still going to have SD cards or
some kind of write-limited flash storage for their rom.

It's not as good as spending the time to actually write some firmware
based on OpenWRT but for 30 dollars it's well worth it's weight.

-- 
 __ 
/  "We have the right to survive!" \
|  |
| "Not by killing others." |
|  |
| -- Deela and Kirk, "Wink of An Eye", |
\ stardate 5710.5  /
 -- 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Insane defaults on Raspberry Pi images - How to fix corruption/dataloss

[tom]

On Tue, 12 Nov 2019 16:51:25 -0700
Gregory Nowak  wrote:

> On Tue, Nov 12, 2019 at 11:58:06AM -0800, Bruce Ferrell wrote:
> > There are actually a couple of ways around the SD wear issue, even
> > though people seem to dearly LOVE SSDs with the exact same issue;
> 
> I haven't seen anyone mention even once in this entire thread so far
> that the rpi supports trimming on SD cards. I have a rpi2b, and rpi3b
> the first for three years now, and the second for two. Both are up
> 24/7 running off SD cards, and both have a weekly cron job that runs
> fstrim -a. They're still doing fine on the original SD cards.
> 
> Greg
> 
> 

Wait, TRIM works on SD cards? I thought that was a feature that
firmware had to implement.

-- 
 __ 
/  "We have the right to survive!" \
|  |
| "Not by killing others." |
|  |
| -- Deela and Kirk, "Wink of An Eye", |
\ stardate 5710.5  /
 -- 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Insane defaults on Raspberry Pi images - How to fix corruption/dataloss

[tom]

On Sat, 9 Nov 2019 22:09:13 +
g4sra via Dng  wrote:

> On 09/11/2019 20:53, tom wrote:
> > On Fri, 8 Nov 2019 16:55:34 +0100
> > "Dr. Nikolaus Klepp"  wrote:
> > 
> >> Anno domini 2019 Fri, 8 Nov 16:36:24 +0100
> >>  Joril via Dng scripsit:
> >>> On 08/11/19 16:21, g4sra via Dng wrote:
> >>>> FYI: ext4 filesystem journaling (and swap) *should* be disabled
> >>>> by default on SD\SDHC media.
> >>>
> >>> To reduce wear?
> >>
> >> Yes.
> > 
> > I really don't think data-loss is an acceptable compromise just to
> > reduce wear.
> > 
> 
> Why do you believe turning off the journaling causes data loss ?
> Journaling is not an acceptable method to prevent data loss - it
> doesn't. ___

Because the whole point of my starting this thread was to provide
instructions on how to recover a system after the dataloss occurred. If
you would take the time to read the original post. This is not even a
question. I would not have posted this or found out about these crazy
defaults if my data was never lost in the first place.


-- 
  
/ Into love and out again,   \
||
| Thus I went and thus I go. Spare your  |
| voice, and hold your pen:  |
||
| Well and bitterly I know All the songs |
| were ever sung,|
||
| All the words were ever said; Could it |
| be, when I was young,  |
||
| Someone dropped me on my head? |
||
\ -- Dorothy Parker, "Theory"/
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Insane defaults on Raspberry Pi images - How to fix corruption/dataloss

[tom]

On Fri, 8 Nov 2019 16:55:34 +0100
"Dr. Nikolaus Klepp"  wrote:

> Anno domini 2019 Fri, 8 Nov 16:36:24 +0100
>  Joril via Dng scripsit:
> > On 08/11/19 16:21, g4sra via Dng wrote:
> > > FYI: ext4 filesystem journaling (and swap) *should* be disabled
> > > by default on SD\SDHC media.
> > 
> > To reduce wear?
> 
> Yes.

I really don't think data-loss is an acceptable compromise just to
reduce wear.


-- 
 ___ 
/ Cold, adj.:   \
|   |
| When the politicians walk around with |
\ their hands in their own pockets. /
 --- 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Why is spamassasin compiling here?

[tom]

On Wed, 06 Nov 2019 07:45:56 -0600
hal  wrote:

> The past few days I have been getting this message from my Devuan
> ASCII mail host. Anyone know what's up with this?
> 
> I've installed the libc6-dev-i386 package to see if it solves it but
> then I wondered what is spamassasin doing compiling things anyway?
> 
> 
> 
> 
> /etc/cron.daily/spamassassin:
> In file included from body_0.xs:2:0:
> /usr/lib/x86_64-linux-gnu/perl/5.24/CORE/perl.h:689:23: fatal error:
> sys/types.h: No such file or directory #include 
>^
> compilation terminated.
> make: *** [body_0.o] Error 1
> command 'make PREFIX=/tmp/.spamassassin25658u4PidNtmp/ignored
> INSTALLSITEARCH=/var/lib/spamassassin/compiled/5.024/3.004002
> >>/tmp/.spamassassin25658u4PidNtmp/log' failed: exit 2
> 
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

SpamAss can compile the filtering rules into a machine readable binary
format which offers higher performance than parsing the rules.

-- 
  
/ Reality -- what a concept! \
||
\ -- Robin Williams  /
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Insane defaults on Raspberry Pi images - How to fix corruption/dataloss

[tom]

Hello,

I wanted to warn those of you using the Raspberry Pi or other aarch64
Devuan ASCII installs.

The defaults on the linux kernel flags have the options
rootflags=noload. This has the effect of disabling ext4 filesystem
journaling, checksumming, and all other safeguards.

In addition to that the root filesystem's parameters are set to always
disable filesystem checks.

To be clear, all filesystem safeguards have been turned off AND all
filesystem sanity checking has been disabled. This will inevitably lead
to major filesystem corruption and data loss as has happened to me. 

There is more. The vfat partition that stores the system's blobs,
kernel, hardware configuration, and boot partition is not able to be
checked because the userspace tools required for doing so are missing
from the default install.

If
you have ever wondered why your RPIs have stopped working properly this
is probably why.

I have also developed a recovery process.

First you will need to remove the insane kernel flag from your cmd
line. edit /boot/cmdline.txt with a text editor and remove the section
'rootflags=noload'. It is between rootwait and net.ifnames=0.

Next your going to install some utilities.
apt install dosfstools debsums

the dosfstools package contains the fsck.vfat utility. The debsums
utility will allow us to detect some corrupted and missing system files
later ounce we get the system into a more consistent state.

Now that we have removed the insane kernelflag you will want to edit
your /etc/fstab to look like this:
/dev/mmcblk0p1/boot vfat   defaults  02
/dev/mmcblk0p2  /   ext4
rw,data=ordered,relatime,block_validity,delalloc,journal_checksum,barrier,user_xattr,acl
0 1

This will enable the proper filesystem safeguards for the Pi's finicky
power connector and purpose as a development device that may get
powered on and off at any time. The 5 volt rail is also poorly designed
which without a specially offset power supply, can drop more than 0.45
volts from the input and bring the SoC out of spec as it only has a
tolerance of +/- 0.25V. This is due to the highly resistive
self-resetting fuse on the 5V power input.

Next we will want to properly adjust the root filesystem's parameters.

tune2fs -C 1 /dev/mmcblk0p2 # Check filesystem on every
boot/mount
tune2fs -i 1m /dev/mmcblk0p2# Check filesystem
monthly
tune2fs -e panic /dev/mmcblk0p2 # trigger kernel panic on fatal
disk error

If you would rather not check the filesystem on every bootup you can
omit the tune2fs -C line. However keep in mind that this only takes
about 2 seconds to check an ext4 filesystem of 64GB on a aarch64
cpu @200Mhz. Filesystem checking time is really a thing of the past and
only a problem with ext3 filesystem not ext4 thanks to ext4 features
like uninit_bg,extent, and other improvements.

next, create a new text file at /etc/sysctl.d/local.conf containing:

# Reboot on kpanic after 10 seconds
kernel.panic = 10


now, use the following command:

touch /forcefsck
reboot

This will reboot your Pi and check all filesystems. Ounce your Pi
comes back up it may come up in a degraded state as mine did. Some
system files may be missing such as /etc/hostname. Simply re-recreate
those. Now will will want to run debsums -c. This will check all
installed packages for corrupted/missing files. It should tell you what
packages these are from. If not you can use dpkg to query for them.

Ounce you have determined which packages are corrupted you can
reinstall them from the repositories with like like so. In this example
Vim, eudev, and tzdata had missing and corrupted files on my pi.

apt-get install --reinstall eudev vim-common tzdata

It's a good idea to run debsums -c one more time to make sure you got
everything. Ounce you've reinstalled all your corrupted packages reboot
again and watch your bootup process for any more errors you may need to
resolve by hand. If not double check all your mounts for insane
parameters using the 'mount' command. If everything looks perfect you
should be safe from now on.

I am currently studying how the Raspberry Pi Devuan image is made so
that I may supply patches to fix this by default for the next
point release or hotfix. Till then this manual procedure should
suffice. My guess is that RPI support was just copy-pasted from rasbian
without a whole lot of checking.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Devuan as a rescue CD?

[tom]

On Sat, 26 Oct 2019 17:06:43 -0400
Steve Litt  wrote:

> Hi all,
> 
> Has any of you been using Devuan as a rescue CD? If so, how has it
> been working out for you, and do you have any suggestions to make the
> Devuan rescue experience easy and productive?
> 
> System Rescue CD recently switched from Gentoo to Arch, thus acquiring
> systemd. I wouldn't have a big problem using systemd for a narrow,
> contained usage like rescue, but I've also heard their project is
> foundering.
> 
> Thanks,
> 
> 
> SteveT
> 
> Steve Litt
> Author: The Key to Everyday Excellence
> http://www.troubleshooters.com/key
> Twitter: http://www.twitter.com/stevelitt
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

I used to use the Debian Live image as a rescue CD as it's pretty easy
to install additional software as-needed and there wasn't any ramdisk
limitation issues. Going from Debian to Devuan was pretty easy. It's
also easy to make your own live ISOs with the Debian tooling preloaded
with common debug tools like gparted, debsums, rkhunter etc.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Fonts in testing/unstable are some ugly

[tom]

On Tue, 15 Oct 2019 13:51:07 +0200
Stephane Ascoet  wrote:

> > I would dream of a tool that lets me know what font is in what
> > package.
> 
> Hi, I think that  can do it.

You can extract fonts from programs with the GNU debugger. Simply dump
the virtual memory ranges of the program's objects (Remember X86_64
CPUs are little-endian, and then run the file utility on the dumped
objects to read their magic numbers and filter out objects that are not
fonts.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Problem installing Devuan-ascii

[tom]

Hello,

I'm not quite sure what you mean by 'Legacy Mode'. I'll assume your
talking about BIOS. If you want to use the installer to install
grub2-bios make sure to boot the installer disk in BIOS mode. Vice
versa to install grub2-EFI make sure to boot the disk in EFI mode.
Depending on your implementation of EFI you may need to disable
'SecureBoot' which prevents you from running "unauthorized" operating
systems such as Devuan.

If you want to install Devuan ontop of an existing Linux install you
can likely do this if your /home directory was installed as a separate
partition. Simply do the advanced install and setup your partitioning
manually to use the existing home directory. As with any potentially
destructive disk operation such as formatting or partitioning make sure
you have offline external backups of anything your not prepared to lose.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Security problem

[tom]

On Mon, 14 Oct 2019 07:07:18 +0200
"J. Fahrner via Dng"  wrote:

> Am 2019-10-14 01:01, schrieb tom:
> > Why in gods name does a centralized instant messenger require root
> > privileges on your machine?
> 
> Signal uses the electron framework for running in a sandbox. Electron 
> uses the Linux user namespaces feature for building the sandbox, but 
> this seems to be disabled in most distros. So they are using a setuid 
> helper as a workaround. See here:
> https://github.com/electron/electron/issues/17972
> 
> But I don't want to install setuid apps from untrusted sources.
> 
> Jochen
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Best mount your home partition with options nosuid,nodev and if you
don't run binaries from your homedir and only use system installed
binaries noexec.

-- 
 _ 
/ If you can't read this, blame a \
\ teacher./
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Security problem

[tom]

On Mon, 30 Sep 2019 19:46:28 +0200
Gonzalo Pérez de Olaguer Córdoba  wrote:

> Hi, Jochen.
> 
> El Mon, 30 Sep 2019 19:29:34 +0200
> "J. Fahrner via Dng"  escribió:
> 
> > I just came across a security problem. The application
> > signal-desktop could not be started anymore because a file from the
> > electron framework did not set a setuid bit 
> > (https://github.com/signalapp/Signal-Desktop/issues/3536).
> > For the sandbox feature this obviously needs root privileges.
> > It creeps me out when an application from an untrusted source
> > installs programs with root privileges without me even noticing it.
> > How can I protect myself against this? Is there a way to check
> > Debian packages for a setuid bit set, e.g. in the post-install
> > script?
> 
> See the manpage for dpkg-statoverride(1)
> and the file /val/lib/dpkg/statoverride
> 
> Cheers.
> 

Why in gods name does a centralized instant messenger require root
privileges on your machine?
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] I wrote IBM

[tom]

On Tue, 1 Oct 2019 20:42:01 -0400
Steve Litt  wrote:

> On Tue, 1 Oct 2019 18:01:11 +0300
> Dimitris via Dng  wrote:
> 
> > of similar crap.. (even did so for nazis.)
> 
> Hi Dimitris,
> 
> I'd like to ask you a favor. Could you please no longer mention the
> IBM->nazi connection?
> 
> The IBM-nazi cooperation happened in the 1930's and 1940's, and isn't
> relevant to IBM's 2019 like or dislike of systemd or willingness or
> 2019 unwillingness to listen to letters. What making the nazi
> connection on the list is make things more inflammatory.
> 
> Your point, which I believe is that it's hopeless to write letters to
> IBM, can be made without mentioning nazis.
> 
> Thanks,
> 
> Steve
>  
> Steve Litt
> Author: The Key to Everyday Excellence
> http://www.troubleshooters.com/key
> Twitter: http://www.twitter.com/stevelitt
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

The facts with systemd is this. RedHat's business model is to sell
support for their OS. Only problem is that Linux is pretty stable on
it's own. No problems means no support money. That's why they must
replace a perfectly good init system that's worked perfectly for
multiple decades with something that's got over 1000 bugs in the
tracker alone and handles thing like dns resolution. This isn't even
about features. If it was they'd be using something like OpenRC which
does pretty much all the same process management systemd does without
all the RCEs and scope creep.


-- 
 _ 
/ The moon may be smaller than Earth, but \
\ it's further away.  /
 - 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] backups from ext4 to ntfs - extended attributes and access control lists

[tom]

On Tue, 28 May 2019 19:14:25 -0700
Rick Moen  wrote:

> Quoting Bruce Ferrell (bferr...@baywinds.org):
> 
> > Sorry Rick... I missed that.
> 
> No worries (as our Australian friends say).
> 
> > I am absolutely astounded by the number of time I've seen *IX
> > "admins" at fortune X companies copy a tree to a windows share and
> > wonder why it's broken when they try to restore from it. NFS, if not
> > done correctly, can do that same thing too. So...
> 
> Reminds me of something I forgot to mention earlier.  Most Linux folks
> have heard of the stat(2) system call, but did you know there's also
> an informative stat(1) system _utility_?  Play with it on diverse
> sorts of file/directory targets, and see how informative it is.  It
> shows in human-readable form _all_ metadata available about any
> filesystem object.
> 
> Around 2001 when I was writing an article for _Linux Journal_ about
> then-new USB flash drives called 'Floppies for the New Millennium', it
> belatedly occurred to me to wonder how the vfat filesystem (typically
> used on flash drives) dealt with storage of native *ix's three time
> stamps (ctime, mtime, atime) on a filesystem (vfat) incapable of
> storing more than a single time stamp.  The answer is logical:  All
> three get instantiated by overloading the single DOS time stamp,
> which thus gets rewritten every time any of them must be updated.
> And, point is, one can observe this kludge at work
> using /usr/bin/stat.
> 
> Anyway, to second what you said:  Any storage target that's not
> Linux-native, and NTFS is case in point, is going to unavoidably
> introduce some degree of silent metadata loss (absent encapsulation,
> such as in a tarball), so beware.
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

huh, interesting. I've always just used ext2 on my floppies. still do.

-- 
 ___ 
/ The onset and the waning of love make \
| themselves felt in the uneasiness |
| experienced at being alone together.  |
|   |
\ -- Jean de la Bruyere /
 --- 
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] frustration with browsers.

[tom]

On Fri, 05 Apr 2019 15:21:06 +
chillfan--- via Dng  wrote:

> Indeed there is Icecat that is DRM free.
> 
> Iceweasel-UXP just covers some more of the criteria of what people
> would consider less frustrating or is closer to a real fork since
> they change things at the code level.
> 
> It would be interesting if there was a version of Icecat based on
> Iceweasel-UXP.
> 
> The other one that's similar is Palemoon, but it doesn't have WebRTC.
> Generally a good thing but sometimes WebRTC is wanted for jitsi.
> 
> Cheers,
> 
> chillfan
> 
> 
> ‐‐‐ Original Message ‐‐‐
> On Friday, April 5, 2019 3:10 PM, al3xu5 / dotcommon
>  wrote:
> 
> > Il giorno venerdì 05/04/2019 13:50:03 +
> > chill...@protonmail.com ha scritto:
> > 
> 
> > > Might potentially be a solution if anyone did decide to package
> > > another browser to try to solve the problem, since it comes from
> > > the hyperbola project.
> > 
> 
> > Another is the GNU/IceCat browser:
> > 
> 
> > -   IceCat project
> > https://www.gnu.org/software/gnuzilla/
> > 
> 
> > -   downloads:
> > https://ftp.gnu.org/gnu/gnuzilla/
> > 
> 
> > -   bug-gnuzilla mailing-list archives
> > https://lists.gnu.org/archive/html/bug-gnuzilla/
> > 
> 
> > -   user documentation
> > https://libreplanet.org/wiki/Group:IceCat/
> > 
> 
> > Regards
> > 
> 
> > --
> > al3xu5
> > 
> 
> > Say NO to copyright, patents, trademarks and any industrial
> > design restrictions. 
> 
> > 
> 
> > Public GPG/PGP key block
> > ID: 4096 bit RSA key 69C5977BF94CFE23
> > Fingerprint: 59C6 9DC7 CD4B CF2F A190 E3DE 69C5 977B F94C FE23
> > 
> 
> > Dng mailing list
> > Dng@lists.dyne.org
> > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 

You can still compile palemoon yourself and enable WebRTC.

-- 
  
/ The chat program is in public domain.  \
| This is not the GNU public license. If |
| it breaks then you get to keep both|
| pieces. (Copyright notice for the chat |
\ program)   /
  
\
 \
   /\   /\   
  //\\_//\\ 
  \_ _//   /
   / * * \/^^^]
   \_\O/_/[   ]
/   \_[   /
\ \_  /  /
 [ [ /  \/ _/
_[ [ \  /_/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Creating directory in /var/run on bootup

[Tom via Dng]

> On 6 Feb 2019, at 17:57, Steve Litt  wrote:
> 
> Or, you could use this as an opportunity to stick your toes in the
> water of runit or s6, by running runit or s6 from /etc/inittab's
> special respawn area, and then making a s6 or runit service that makes
> the directory, and then does a forever one minute loop-sleep that
> spawns your program. Maybe more work than Cron, but it's your easiest
> way into supervisor programs.
> 

I’m not likely to take this plunge on an existing production server, but I 
would love to learn more about it at some point.  I will try to review the 
presentation video on s6 from the upcoming d1conf (hopefully there will be a 
recorded session on s6?? :D).

I notice there is a s6 package inside Debian archives for buster and unstable, 
but no other packages.  Does this mean that s6 doesn’t need the extra packages 
like runit has with runit-sysv and runic-init?  Or does s6 not provide all the 
features that runit provides?

—Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Creating directory in /var/run on bootup

[Tom via Dng]

> On 6 Feb 2019, at 03:03, Didier Kryn  wrote:
> 
> The first solution seems the best to me because it concentrates all the 
> customization in one place, but, for completeness, an alternative to the 
> second solution is to add the line 'mkdir /var/run/barman' in /etc/rc.local .
> 
> Maybe you should also set the owner, group and permissions of this 
> directory in the same time.
> 

Thanks for all the responses.  I decided to use /etc/rc.local because it also 
needs to set the owner:group permissions after creating the directory.

I wanted to avoid touching the /etc/cron.d/barman file because that is provided 
by the barman package itself.  Minimal customisation of package-provided files 
is preferable to me if possible, so there’s less to manage on package updates 
that may want to overwrite any custom changes.  It’s also preferable to have 
this running once on each bootup instead of running every minute with the 
cronjob.

—Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Creating .deb packages with jenkins-debian-glue

[Tom]

nerated by jenkins-debian-glue on Thu 31 May
17:24:30 AEST 2018
EXTRAPACKAGES="$EXTRAPACKAGES eatmydata"
export LD_PRELOAD="${LD_PRELOAD:+$LD_PRELOAD:}libeatmydata.so"
# builtin support available with pbuilder >=0.225 (otherwise ignored):
EATMYDATA=yes
+ ls '/var/cache/pbuilder/base-ascii-amd64.cow.building.*'
+ ls '/var/run/lock/ascii-amd64.update*'
+ flock --nonblock 9
+ touch /var/run/lock/ascii-amd64.update.7558
+ '[' '!' -d /var/cache/pbuilder/base-ascii-amd64.cow ']'
+ echo '*** Creating cowbuilder base
/var/cache/pbuilder/base-ascii-amd64.cow for arch amd64 and
distribution ascii ***'
*** Creating cowbuilder base /var/cache/pbuilder/base-ascii-amd64.cow
for arch amd64 and distribution ascii ***
+ sudo DIST= ARCH=amd64 cowbuilder --create --basepath
/var/cache/pbuilder/base-ascii-amd64.cow --distribution ascii
--debootstrap debootstrap --architecture amd64 --debootstrapopts
--arch --debootstrapopts amd64 --debootstrapopts --variant=buildd
--configfile=/tmp/tmp.O85yPgnQOf --hookdir
/usr/share/jenkins-debian-glue/pbuilder-hookdir/
mkdir: No such file or directory
+ '[' 1 -eq 0 ']'
+ exit 2
+ case "$?" in
+ echo '*** Something went wrong with the creation of the cowbuilder
environment. Cleaning up. ***'
*** Something went wrong with the creation of the cowbuilder
environment. Cleaning up. ***
+ rm -rf /var/cache/pbuilder/base-ascii-amd64.cow
+ bailout 1 'Error: Failed to create cowbuilder base
/var/cache/pbuilder/base-ascii-amd64.cow.'
+ '[' -n 1 ']'
+ EXIT=1
+ '[' -n 'Error: Failed to create cowbuilder base
/var/cache/pbuilder/base-ascii-amd64.cow.' ']'
+ echo 'Error: Failed to create cowbuilder base
/var/cache/pbuilder/base-ascii-amd64.cow.'
Error: Failed to create cowbuilder base
/var/cache/pbuilder/base-ascii-amd64.cow.
+ rm -f /var/run/lock/ascii-amd64.building.7558
+ '[' -r /var/run/lock/ascii-amd64.update.7558 ']'
+ rm -f /var/run/lock/ascii-amd64.update.7558
+ rm -f /var/run/lock/ascii-amd64.update
+ '[' '' = true ']'
+ echo '*** Getting rid of files in
/var/lib/jenkins/workspace/deb-test/jenkins-debian-glue-binaries/architecture/amd64/binaries/
to avoid problems in next run. ***'
*** Getting rid of files in
/var/lib/jenkins/workspace/deb-test/jenkins-debian-glue-binaries/architecture/amd64/binaries/
to avoid problems in next run. ***
+ rm -f 
'/var/lib/jenkins/workspace/deb-test/jenkins-debian-glue-binaries/architecture/amd64/binaries/*'
+ '[' -n /tmp/tmp.O85yPgnQOf ']'
+ rm -rf /tmp/tmp.O85yPgnQOf
+ '[' -n '' ']'
+ '[' -n 1233774 ']'
++ sed -e 's/^\([0-9]*\).*/\1/'
+ SECONDS=0
++ date
+ echo '*** Finished execution of /usr/bin/build-and-provide-package
at Thu 31 May 17:24:30 AEST 2018 [running 0 seconds] ***'
*** Finished execution of /usr/bin/build-and-provide-package at Thu 31
May 17:24:30 AEST 2018 [running 0 seconds] ***
+ exit 1
Build step 'Execute shell' marked build as failure
Archiving artifacts
Finished: FAILURE

--- END ERROR LOG ---


--Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] lsb_release on ascii

[Tom]

On 17 April 2018 at 21:46, fsmithred <fsmith...@gmail.com> wrote:

> You can create your own /etc/lsb-release file to control the output of the
> lsb_release command.

Thanks, that looks interesting, but seems too much effort to set that
manually on every machine here.  I'm not running any
puppet/chef/ansible that would handle that easily.

On 17 April 2018 at 22:17, Olaf Meeuwissen <paddy-h...@member.fsf.org> wrote:

> I get the same 'n/a' with the same versions of base-files and lsb-base.
> FTR, lsb-release has the same version as lsb-base.
>
> I've been poking around in the Python source code for the lsb_release
> command and noticed a code path that sources the output of
>
>   apt-cache policy
>
> and looks for entries that have a label of Devuan, component of main and
> origin of Devuan (or an alternative that mentions packages.devuan.org
> and Devuan Ports).
>
> My `apt-cache policy` output does not match any of that so I *think*
> that's why I get an 'n/a' for the codename.
>
> # The code is a bit hard to follow which is why I am not sure :-/
>
> Any chance the `apt-cache policy` output on your machines is different
> in a way that would explain the behaviour you see?
>
> Hope this helps,

On the machine that returns "n/a" for "lsb-release -c -s", it has the
following apt policy:

# apt-cache policy
Package files:
 100 /var/lib/dpkg/status
 release a=now
 500 http://deb.devuan.org/merged ascii-updates/main amd64 Packages
 release v=2.0.0,a=testing-updates,n=ascii-updates,l=Devuan,c=main,b=amd64
 origin deb.devuan.org
 500 http://deb.devuan.org/merged ascii-security/non-free amd64 Packages
 release 
v=2.0,a=testing-security,n=ascii-security,l=Devuan-Security,c=non-free,b=amd64
 origin deb.devuan.org
 500 http://deb.devuan.org/merged ascii-security/main amd64 Packages
 release 
v=2.0,a=testing-security,n=ascii-security,l=Devuan-Security,c=main,b=amd64
 origin deb.devuan.org
 500 http://deb.devuan.org/merged ascii/main amd64 Packages
 release v=2.0,a=testing,n=ascii,l=Devuan,c=main,b=amd64
 origin deb.devuan.org
Pinned packages:


On the other machine that returns "ascii" for "lsb-release -c -s", it
seems to have included packages.devuan.org in there:

# apt-cache policy
Package files:
 100 /var/lib/dpkg/status
 release a=now
 500 http://packages.devuan.org/merged ascii/non-free amd64 Packages
 release v=2.0,o=Devuan,a=testing,n=ascii,l=Devuan,c=non-free,b=amd64
 origin packages.devuan.org
 500 http://packages.devuan.org/merged ascii/main amd64 Packages
 release v=2.0,o=Devuan,a=testing,n=ascii,l=Devuan,c=main,b=amd64
 origin packages.devuan.org
 500 http://deb.devuan.org/merged ascii-updates/main amd64 Packages
 release v=2.0.0,a=testing-updates,n=ascii-updates,l=Devuan,c=main,b=amd64
 origin deb.devuan.org
 500 http://deb.devuan.org/merged ascii-security/non-free amd64 Packages
 release 
v=2.0,a=testing-security,n=ascii-security,l=Devuan-Security,c=non-free,b=amd64
 origin deb.devuan.org
 500 http://deb.devuan.org/merged ascii-security/main amd64 Packages
 release 
v=2.0,a=testing-security,n=ascii-security,l=Devuan-Security,c=main,b=amd64
 origin deb.devuan.org
 500 http://deb.devuan.org/merged ascii/main amd64 Packages
 release v=2.0,a=testing,n=ascii,l=Devuan,c=main,b=amd64
 origin deb.devuan.org
Pinned packages:

# cat /etc/apt/sources.list
deb http://deb.devuan.org/merged/ ascii main
deb-src http://deb.devuan.org/merged/ ascii main

# ascii-security, previously known as 'volatile'
deb http://deb.devuan.org/merged/ ascii-security main non-free
deb-src http://deb.devuan.org/merged/ ascii-security main non-free

# ascii-updates, previously known as 'volatile'
deb http://deb.devuan.org/merged/ ascii-updates main non-free
deb-src http://deb.devuan.org/merged/ ascii-updates main non-free

# Devuan repositories
deb http://packages.devuan.org/merged ascii main non-free
deb-src http://packages.devuan.org/merged ascii main non-free


If I comment out the lines in /etc/apt/sources.list for
packages.devuan.org and then run "lsb-release -c -s", then it shows
"n/a".  Uncommenting those lines again shows "ascii" for "lsb-release
-c -s".

--Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] lsb_release on ascii

[Tom]

I installed two virtual machines running Devuan jessie and upgraded both to 
Devuan ascii using the same method.  After upgrading, I can see they have 
differing output for the command "lsb_release -a".


rppt@devuan1:/# lsb_release -a
No LSB modules are available.
Distributor ID: Devuan
Description: Devuan GNU/Linux testing/unstable
Release: testing/unstable
Codename: n/a


root@devuan2:/# lsb_release -a
No LSB modules are available.
Distributor ID: Devuan
Description: Devuan GNU/Linux 2.0 (ascii)
Release: 2.0
Codename: ascii


I'm guessing the output for devuan2 is correct?  How do I fix devuan1 to show 
the correct output?

Both machines have the same identical contents for /etc/os-release, 
/etc/debian_version, and /etc/devuan_version.

—Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] PostScript vs PCL

[Tom]

Thanks for the replies.  I'm currently using the default ColorMFP PPD
driver for a Toshiba e-Studio 3555C printer/copier, and it has a habit
of taking 5+ minutes to print a single page.  Would I get better
results with using a generic PS or PCL driver?  What is the
recommended generic driver for PS or PCL these days?

--Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Error when upgrading eudev

[Tom]

Thanks, that appears to have fixed it.

I did see one apt warning during package configuration of eudev, but I’m hoping 
that’s related to having the symlink in place and is ok to ignore for the 
moment.

It’s on the last line of the apt output:

Setting up eudev (3.2.2-10) ...
insserv: script udev: service eudev already provided!

***
  Warning: eudev will default to the older network
  interface names, such as eth0 or wlan0. If you use
  the new names, such as enp0s3, you will need to add
  the following to the boot command:
net.ifnames=1


update-initramfs: deferring update (trigger activated)
insserv: script udev: service eudev already provided!
Processing triggers for initramfs-tools (0.130) ...
update-initramfs: Generating /boot/initrd.img-4.9.0-5-amd64
W: APT had planned for dpkg to do more than it reported back (0 vs 4).
   Affected packages: eudev:amd64


Thanks for all your help

—Tom

> On 12 Feb 2018, at 06:06, KatolaZ <kato...@freaknet.org> wrote:
> 
> The error is there, and exists only if you have never had udev
> installed. We know how to get around that. Will be fixing that
> shortly. The best way forward is to just symlink /etc/init.d/eudev to
> /etc/init.d/udev. This will solve the problem.
> 
> HND
> 
> KatolaZ
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Error when upgrading eudev

[Tom]

Hi,

Has bug #177 been fixed yet?  I received what looks to be the same error when 
trying to upgrade eudev to 3.2.2-10 today.

# apt-get -f install
Reading package lists... Done
Building dependency tree   
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up eudev (3.2.2-10) ...
invoke-rc.d: unknown initscript, /etc/init.d/udev not found.
dpkg: error processing package eudev (--configure):
 subprocess installed post-installation script returned error exit status 100
Errors were encountered while processing:
 eudev
E: Sub-process /usr/bin/dpkg returned an error code (1)

# apt-cache policy eudev
eudev:
  Installed: 3.2.2-10
  Candidate: 3.2.2-10
  Version table:
 *** 3.2.2-10 500
500 https://pkgmaster.devuan.org/merged ascii/main amd64 Packages
100 /var/lib/dpkg/status


—Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Intel Says you Should Not Install its Meltdown Firmware Fixes

[Tom Cassidy]

https://soylentnews.org/breakingnews/article.pl?sid=18/01/22/218258

Looks like Intel is saying to hold off on the microcode updates for the moment.___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

[Tom Cassidy]

It looks like the latest Firefox has mitigations in place for spectre and/or 
meltdown. Chrome will include them in the next update too I believe.

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

> On 17 Jan 2018, at 23:00, jacksprat  wrote:
> 
> Thanks for the replies.  When I run the "spectre-meltdown-checker.sh" script 
> [github.com/speed47] I see that even using a recent kernel [4.15-rc8] only 
> Meltdown is covered.
> 
> The two mitigations for Spectre [IBRS or kernel compiled with "retpoline" 
> option with a retpoline-aware compiler] are harder for me to achieve.  The 
> latter requires a retpoline-aware version of gcc - did anyone try to make 
> one?  Even then, it seems I need "reptoline-aware" versions of things like 
> Firefox.
> 
> I have explored disabling javascript in Firefox on a per-site basis, but this 
> cannot be the future [devuan has old versions of Policy-Control addon 
> compared to [say] antix-17].  Early days.  
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

[Tom Cassidy]

You can install the intel-microcode package. AMD processors have a similar 
amd-microcode package.

https://packages.debian.org/intel-microcode

It looks like the updated microcode with the latest fixes is currently in 
Debian testing so I guess you could grab it from there directly and install 
manually if required.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886806

> On 17 Jan 2018, at 21:09, Didier Kryn  wrote:
> 
>> Le 17/01/2018 à 13:59, vmlinux a écrit :
>> 
>> On January 16, 2018 6:50:32 PM CST, KatolaZ  wrote:
>> [Snip]
>> 
>> ::
>> ::The only affected component is the kernel. Patch exist for jessie,
>> ::AFAWN, there is no way to
>> ::effectively patch Spectre.
>> 
>> I haven't had time to actually read up on it, however, isn't there a micro 
>> code mitigation available from Intel? I'm assuming this is some sort of cpu 
>> firmware update but not sure you can flash a cpu :/ so...
>> 
>> https://www.reddit.com/r/sysadmin/comments/7pe2ew/intel_spectre_microcode_update/.compact
>> 
> Still reading (subjects only) the mailing list of Linux on Dell 
> Poweredge, it seems they provide a means do download and install a new 
> microcode. Dunno how to do the same core-i7 of my laptop...
> 
> Didier
> 
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Apache2 CVE-2017-9798

[Tom Cassidy]

Ok thanks. In that case I will add the proposed updates repo and then wait for 
amprolla3.

—Tom

> On 28 Sep 2017, at 05:23, . fsmithred <fsmith...@gmail.com> wrote:
> 
> I don't think anything is coming through ascii-security. This will probably 
> change when amprolla3 is operational. I expect that will happen soon. Around 
> the same time, I hope that beowulf repos get set up.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Apache2 CVE-2017-9798

[Tom Cassidy]

Is that documented anywhere? I would have thought it would come through to 
ascii-security as that one is listed on the Devuan website at 
https://devuan.org/os/etc/apt/sources.list. There is no mention of 
ascii-proposed-updates on that page.

—Tom

> On 27 Sep 2017, at 22:22, . fsmithred <fsmith...@gmail.com> wrote:
> 
> apache2 version 2.4.25-3+deb9u3 is in ascii-proposed-updates. I believe 
> that's where the strech security updates are going.
> 
> 
>> On Tue, Sep 26, 2017 at 8:39 PM, Tom Cassidy <wirelessd...@gmail.com> wrote:
>> Does Devuan’s repository have updates for apache2 to fix CVE-2017-9798? I 
>> can only see 2.4.25-3+deb9u1 on ASCII while Debian Stretch has 
>> 2.4.25-3+deb9u3.
>> 
>> —Tom
>> 
>> ___
>> Dng mailing list
>> Dng@lists.dyne.org
>> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>> 
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Apache2 CVE-2017-9798

[Tom Cassidy]

Does Devuan’s repository have updates for apache2 to fix CVE-2017-9798? I can 
only see 2.4.25-3+deb9u1 on ASCII while Debian Stretch has 2.4.25-3+deb9u3.

—Tom___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Yunit

[Tom Cassidy]

> On 20 Sep 2017, at 21:08, Nate Bargmann <n...@n0nb.us> wrote:
> 
> * On 2017 20 Sep 04:01 -0500, Arnt Karlsen wrote:
> 
>> ..these https://forum.yunit.io/search.php?keywords=systemd 
>> and https://yunit.io/?s=systemd would if anything, suggest 
>> "systemd is not a worry here.", which might mean they might
>> be or become agnostic on init systems.
> 
> I read the forum post link as though the developer will have it
> completely supporting (depending on?) systemd.

Perhaps if we let the developers know there are users wanting it in Devuan sans 
systemd, they might reconsider that approach?

I will setup an ASCII test box sometime this week or next to try it out, as the 
Debian packages appear to be only for stable onwards.

—Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Yunit

[Tom Cassidy]

> ..these https://forum.yunit.io/search.php?keywords=systemd 
> and https://yunit.io/?s=systemd would if anything, suggest 
> "systemd is not a worry here.", which might mean they might
> be or become agnostic on init systems.

That doesn’t surprise me, considering Ubuntu was using Unity for a long time 
before systemd appeared on the scene.

—Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Yunit

[Tom Cassidy]

Has anyone tried out Yunit on Devuan? It’s a community fork of the Unity 8 code 
that was abandoned after Ubuntu switched to Gnome for their next release.

https://yunit.io/

https://yunit.io/yunit-packages-for-debian-stable-testing-and-unstable/

—Tom___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] ASCII - clearlooks-Phenix-Purpy style issues

[Tom Cassidy]

I had filed bug #107 against xfce4-terminal in ascii for this issue but I guess 
I can close that now if it's caused by the theme.

I have also solved my issue by switching to another theme.

--Tomas

> I never expected Clearlooks Phenix Purpy to work in ascii.   Both Xfce and 
> (I'm pretty sure) Mate have jumped the GTK3 shark.  Sorry to hear pluma has 
> gone down that road.   When I finally get around to playing with ascii, I'll 
> start looking for a theme that doesn't break GTK3 apps.  Still waiting for an 
> ascii 32 bit iso to test . . . hint, hint.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Which desktops are available in Devuan?

[Tom Cassidy]

Thanks for the link. Might check it out when I can find some spare hardware 
lying around.

> Sorry, i didn't attach the link:
> 
> http://gnuinos.org/Gnuinos%20Ascii%20Beta/
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Which desktops are available in Devuan?

[Tom Cassidy]

There's no release for ascii yet. You'll just have to dist-upgrade from jessie 
if you want to try it.

I've been running ascii + experimental/eudev on my work desktop and laptop for 
a few months without trouble.

-- Tomas

> I might just settle for the default XFCE for a while, after all: Life is
> the art of the possible. LXQt on ascii will be worth a try when it's
> out, though. (No ascii on the belltower mirror. I haven't seen one
> closer to Oz, either, yet.)
> 
> Erik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Which desktops are available in Devuan?

[Tom Cassidy]

Have you thought about LXQt? Upstream LXDE stopped development a while back and 
merged with Razor-qt into the new project running on Qt instead of GTK.

Unfortunately it's only in repositories for ascii and later, so not available 
on jessie.

-- Tomas

> I've downloaded the CD iso, and will try installing it. You never know,
> XFCE might suit well enough. But I'll try a simple apt-get replacement
> with LXDE, for consistency with my other hosts. Now's the time, before I
> begin using the little Udoo X86 for anything other than video streaming.
> 
> Thanks, all. I'll be over in the corner, futzing.
> 
> Erik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] WICD & DNS & IPv6

[Tom Cassidy]

> On 20 Jul 2017, at 18:44, Yevgeny Kosarzhevsky  wrote:
> 
> Hello,
> 
> which connection manager can also work with 3/4g equipment?

NetworkManager offers a GUI for this. Otherwise, wvdial is a console-based 
utility that will connect to USB 3/4g modems.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Install tomcat on devuan

[Tom Cassidy]

There is a tomcat8 package in the repositories. Have you tried that?

> On 21 Apr 2017, at 06:22, "alberto.se...@tin.it"  wrote:
> 
> Hi to all,
> 
> Is it possible install Apache Tomcat on Devuan ?
> 
> Alberto Senni
> 
> ---
> Questa e-mail è stata controllata per individuare virus con Avast antivirus.
> https://www.avast.com/antivirus
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Uninstallable packages on ascii

[Tom Cassidy]

FWIW, I've joined a Devuan machine to a Windows AD domain with samba/winbind 
and have no problems logging in with a domain user from slim when properly 
setup. I'll admit it's not as nice as lightdm in that it doesn't show a list of 
previous login names, but it is basically functional as a GUI login screen.

I'll try installing lightdm to see how that goes on Devuan compared to Ubuntu.

Does anyone recommend other display managers on Devuan?

-- Tom

> On 19 Jun 2017, at 21:09, Rowland Penny <rpenny241...@gmail.com> wrote:
> 
> On Mon, 19 Jun 2017 20:34:49 +1000
> Tom <wirelessd...@gmail.com> wrote:
> 
>> Both slim and rsyslog are uninstallable on ascii.  Thankfully I have
>> rsyslog still installed from jessie, but I accidentally uninstalled
>> slim and now can't re-install it.  Wha'ts involved in updating package
>> dependencies to get these (and other packages) installable on ascii?
>> Does it require extensive packaging knowledge, or could this be
>> handled by someone without any prior packaging/development experience?
>> 
>> http://bugs.devuan.org//cgi/bugreport.cgi?bug=72
>> 
>> -- Tom
> 
> I actually think it is a bonus that slim is not installable on ascii,
> Unless things have changed, it is a dead project, it is also about as
> much use as chocolate fire guard if you need to connect to a Samba AD
> domain. One of the first things I do after installing Devuan is
> replace slim with lightdm. You are quite at liberty to use slim if you
> like, but I will never use it ;-) 
> 
> Rowland
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Missing scrollbars and input widgets in firefox-esr for ascii

[Tom]

Firefox ESR in ascii seems to have problems showing the scrollbar thumb and
checkbox/radio/text input outlines.  I've found relevant bug reports on
Firefox bugzilla, but they appear to have been fixed in Firefox 48/49.

https://bugzilla.mozilla.org/show_bug.cgi?id=1230955
https://bugzilla.mozilla.org/show_bug.cgi?id=1234158
https://bugzilla.mozilla.org/show_bug.cgi?id=1262136

Is there any reason why this would be re-appearing in Firefox ESR 52?

Could this issue be what's causing the scrollbars to not show up on
xfce4-terminal, if it's related to gtk3?

-- Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Xfce4 task uninstalled on upgrade to ascii

[Tom]

On 17 June 2017 at 02:15, KatolaZ <kato...@freaknet.org> wrote:

> On Sat, Jun 17, 2017 at 01:54:53AM +1000, Tom wrote:
>
> [cut]
>
> Hi Tom,
>
> apt-get is telling you what is the problem (there are several packages
> which were automatically installed and are no longer required, mostly
> due to the dist-upgrade), and how to solve it (just run "apt-get
> autoremove --purge").
>

Thanks.  I've run that command to purge the packages and all seems to
still be ok with the xfce desktop as far as I can tell, so no problems
there.


> >
> > I had the task-xfce-desktop package installed because I selected that
> > during the initial installer package/task selection screen.
>
> OK, but tasksel-* are virtual packages, used only to pull in a certain
> number of other packages required for a certain "task", e.g., a
> complete desktop environment. Once the tasksel-* pakcage has done its
> job (i.e., asking apt to install all those packages), you can safely
> remove it.
>

That makes sense I guess.  Can we also get the tasksel and task-* package
versions in ascii updated to be equal to (or greater than if any changes)
to the package versions in jessie?  That would avoid the issue of
having to uninstall/reinstall after upgrade if people want to keep those
task
packages installed. I'll try and file a bug report with reportbug for that.

>
> > I've also noticed after upgrade that xfce4-terminal has a broken UI.  All
> > of the menu bar buttons are mashed together without any spacing in
> between,
> > and the vertical scrollbar has disappeared. I would post a screenshot
> > somewhere, but I'm not sure where is the best place to put it for a
> mailing
> > list.
> >
>
> It would be good to have those bugs filed to bugs.devuan.org. Dunno
> what's the best way to reference to a screenshot there, though.


I'll see how I go with reportbug but I've never used it before so might
take a
while to work it out.  Does the devuan/debian bug tracking system allow
image
attachments?  Is there a way to interact with it from the webpage, not using
reportbug command or email?

I've also noticed that other apps don't have the scrollbar either.
Firefox ESR has the scroll up/down buttons at the top and bottom but no
movable
bar in between.  Firefox also has the dodgy menu issue that plagues
xfce4-terminal.
Xterm/uxterm doesnt have a scrollbar showing up but I can still scroll with
the
touchpad.

Mousepad/Libreoffice don't have any issues so it doesn't seem to be a
system-wide issue.

-- Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Xfce4 task uninstalled on upgrade to ascii

[Tom]

cklauncher-plugin xfce4-volumed xorg-sgml-doctools
xtrans-dev
Use 'apt autoremove' to remove them.

The reason is that the development of some of the devuan-forked
> packages has not followed the usual unstable-testing-stable path,
> otherwise we would have probably not had jessie ready before a few
> more years :)
>
> IMHO, you should be able to safely remove tasksel-xfce4 and none of
> your xfce4 packages should be touched. As a matter of fact, you can
> remove tasksel entirely from your system, and none of the other
> packages that it would pull in will be affected. I have *never* had
> tasksel installed since it has been introduced. TBH, I find it to be a
> terribly complicated mess to not much avail, but that's just the
> opinion of a caveman.
>

I had the task-xfce-desktop package installed because I selected that
during the initial installer package/task selection screen.

If you have apt-get update-d, and you don't have any caching system in
> the middle, apt-cache policy is the autoritative source of information
> about which packages are available in the different sections of the
> repos.


Thanks

I've also noticed after upgrade that xfce4-terminal has a broken UI.  All
of the menu bar buttons are mashed together without any spacing in between,
and the vertical scrollbar has disappeared. I would post a screenshot
somewhere, but I'm not sure where is the best place to put it for a mailing
list.


-- Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Xfce4 task uninstalled on upgrade to ascii

[Tom]

I've been having issues upgrading a standard Devuan Jessie install to
Ascii.  During upgrade, the task-xfce4-desktop package gets uninstalled and
can't be installed afterwards due to dependency problems.

Jessie has tasksel=3.33+devuan1.0 and Ascii has tasksel=3.33+devuan0.3
which is preventing task-xfce4-desktop from being installed in Ascii.  This
is also causing a number of xfce4-* and other packages to be marked as not
required and removable with apt-get autoremove.


# apt-cache policy tasksel
tasksel:
  Installed: 3.33+devuan1.0
  Candidate: 3.33+devuan1.0
  Version table:
 *** 3.33+devuan1.0 100
100 /var/lib/dpkg/status
 3.33+devuan0.3 500
500 http://auto.mirror.devuan.org/merged ascii/main amd64 Packages

# apt-cache policy task-xfce-desktop
task-xfce-desktop:
  Installed: (none)
  Candidate: 3.33+devuan0.3
  Version table:
 3.33+devuan0.3 500
500 http://auto.mirror.devuan.org/merged ascii/main amd64 Packages

# apt-get install task-xfce-desktop
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 task-xfce-desktop : Depends: tasksel (= 3.33+devuan0.3) but 3.33+devuan1.0
is to be installed
 Depends: xfce4 but it is not going to be installed
 Recommends: xfce4-mixer but it is not installable
E: Unable to correct problems, you have held broken packages.


-- Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Upgrades to testing... Is DebianBug#864043 relevant to us?

[Tom Cassidy]

On 10 June 2017 at 22:37, Hendrik Boom  wrote:

> This is in response to a bug on the Debian documenation mailing list,
> but I'm replying to Devuan instead because some of it may be relevant
> here.
>
> I'm particularly concerned by the sentence at the end:
>
> > But I haven't heard anybody claiming to have
> > done any bug-free upgrades, so it's hard to be confident.
>
> I gather he's talking about upgrades from jessie to stretch.
>
> Are his problems caused by systemd issues?  Or are we going to
> run afoul of them, too?  Does Devuan have reports of clean
> upgrades to ascii?
>
> -- hendrik
>

I've noticed a mismatch in tasksel versions between jessie and ascii.

The desktop jessie install has a higher tasksel version than the ascii
install.

Is this expected?

goat@ascii-server:~$ apt-cache policy tasksel
tasksel:
  Installed: 3.33+devuan0.3
  Candidate: 3.33+devuan0.3
  Version table:
 *** 3.33+devuan0.3 500
500 http://auto.mirror.devuan.org/merged ascii/main amd64 Packages
500 http://packages.devuan.org/merged ascii/main amd64 Packages
100 /var/lib/dpkg/status

goat@jessie-desktop:~$ apt-cache policy tasksel
tasksel:
  Installed: 3.33+devuan1.0
  Candidate: 3.33+devuan1.0
  Version table:
 *** 3.33+devuan1.0 0
500 http://auto.mirror.devuan.org/merged/ jessie/main amd64 Packages
500 http://packages.devuan.org/merged/ jessie/main amd64 Packages
100 /var/lib/dpkg/status
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] A shell script for network connections

[Tom Cassidy]

Hi KatolaZ,

I would suggest running setnet.sh through the shellcheck program to lint the 
script.

You can access it online[1] or it should be available in the repository[2].

It has support for checking portability issues[3] (eg. bashisms, POSIX 
compliance) depending on which shell is specified in the shebang line, which 
sounds like it would help here.

Tom


[1] https://www.shellcheck.net/ <https://www.shellcheck.net/>
[2] https://github.com/koalaman/shellcheck#user-content-installing 
<https://github.com/koalaman/shellcheck#user-content-installing>
[3] https://github.com/koalaman/shellcheck#portability 
<https://github.com/koalaman/shellcheck#portability>

> On 1 Jan 2017, at 04:40, KatolaZ <kato...@freaknet.org> wrote:
> 
> On Sat, Dec 31, 2016 at 05:15:56PM +, KatolaZ wrote:
>> On Sat, Dec 31, 2016 at 10:38:48AM +, KatolaZ wrote:
>> 
>> [cut]
>> 
>>> 
>>> 
>>> Hi Steve,
>>> 
>>> thanks for your encouragement. bash is currently a requirement, since
>>> I am using a few non-posix little things. So if you want to test it
>>> and report bugs, please use it under bash atm since a few things will
>>> not work at all with dash. I hope I will be able to port it to
>>> posix-sh soon.
>>> 
>> 
>> Hi All,
>> 
>> it turns out that my last statement was wrong. To my own surprise,
>> setnet.sh seems to be already posix-compliant with a very slight
>> modification. In particular, it is sufficient to comment out the
>> keyword "function" in function declarations, which is done with
>> 
>>  sed -r -e 's/^function\ /##function\ \n/g' setnet.sh > setnet.dash
>> 
> 
> Actually, it is not that easy, and there are indeed a few things to
> iron out, but it should not be too difficult, I believe :)
> 
> StayTuned
> 
> KatolaZ
> 
> -- 
> [ ~.,_  Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab  ]  
> [ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
> [   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
> [ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
> [ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[Dng] Ста Деюс: As a russian, I have question for you.

[Tom Collins]

Ста Деюс: As a royssian what do you think of the murder of 
Boris? Do you like Vladimir Putin. And what do you make of this:

​Snowden ‘working exhaustively’ with US to secure terms of trial
 
Why does he want to go back? Are the women and girls of the Rus
not good enough for him. Why do you accept this sort of
provocation. You should do something about this disrespect
to his host country.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[Dng] VNC starts to be subsumed by systemd

[Tom Collins]

http://soylentnews.org/article.pl?sid=15/03/02/1037248
 VLC Media Player Gains Support For Logging To Systemd's Journal

Honestly, I am starting to suspect that userland will need to be entirely 
forked to stay away from systemd. It seems every developer these days is 
infected with a mind virus: from the phoning home that todays linux software 
does (be it the browsers or things like VNC) to the acceptance and then 
reliance on systemd, to the cavilear attitude towards security of any kind, 
today's developers are not the trustworthy people of the past. Linux is now 
where the microsoft world was in the 90s, with the same type of persons. (if 
you're not doing anything wrong Yes, we may be doing things that you say are 
wrong, guess what we live in different cultures and maybe are mortal enemies)
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [Dng] V^DNLC starts to be subsumed by systemd

[Tom Collins]

Yes, that is what I mean (Video Lan Client)

It also phones home these days by default:
http://www.dummies.com/how-to/content/downloading-and-installing-vlc-media-player-in-win.pageCd-storyboard,pageNum-11.html#slideshow



The linux we knew is done unless everything is forked. The new generation of developers are not trustworthy. They feel if you have nothing to hide you have nothing to fear. Bascially what that means is that their world view is correct and anyone who is against their worldview _should_ be found out and be subject to the law (which they support). They are totalitarians and feel that the world is theirs and it is only right that people follow their worldview and people that do not be punished and pushed out of the world.








Sent:Tuesday, March 03, 2015 at 5:25 PM
From:Svante Signell svante.sign...@gmail.com
To:dng@lists.dyne.org
Subject:Re: [Dng] V^DNLC starts to be subsumed by systemd

On Tue, 2015-03-03 at 18:11 +0100, Tom Collins wrote:
 http://soylentnews.org/article.pl?sid=15/03/02/1037248
  VLC Media Player Gains Support For Logging To Systemds Journal

 Honestly, I am starting to suspect that userland will need to be
 entirely forked to stay away from systemd. It seems every developer
 these days is infected with a mind virus: from the phoning home that
 todays linux software does (be it the browsers or things like V^DNLC) to
 the acceptance and then reliance on systemd, to the cavilear attitude
 towards security of any kind, todays developers are not the
 trustworthy people of the past. Linux is now where the microsoft world
 was in the 90s, with the same type of persons. (if youre not doing
 anything wrong Yes, we may be doing things that you say are wrong,
 guess what we live in different cultures and maybe are mortal enemies)

I assume you mean VLC in your mail at all entries, not VNC, thats
something different :)

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng