Re: [DNG] Chimaera CPU stuck
On Wed, 14 Sep 2022 15:08:27 -0500 Hector Gonzalez Jaime via Dng wrote: > > Issueing root@bobby:~# cat /sys/block/vda/queue/scheduler gives: > > > > [mq-deadline] none > > > > Is it wrong? > > It's as it should be. Did you check this on the hypervisor? The use of > vda suggests this was checked on a VM, please check the physical host, > which is the one doing the I/O for your VM. Yes, the phisical host says the very same: root@archimede:~# cat /sys/block/sda/queue/scheduler [mq-deadline] none > The physical host is also > the one that needs to have a few dedicated processors to perform I/O for > the VMs. Yes it has free processors. Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 02485781 FAX: +39 0248028247 X AGAINST HTML MAIL/ E-MAIL: posthams...@sublink.sublink.org / \ AND POSTINGS/ WWW: http://www.lesassaie.IT/ _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Chimaera CPU stuck
On Wed, 14 Sep 2022 21:56:43 +0200, Luciano wrote in message <4mswlm0ldwz1f...@baobab.bilink.it>: > On Wed, 14 Sep 2022 21:16:27 +0200 > Arnt Karlsen wrote: > > > > echo "deadline" >/sys/block/sda/queue/scheduler > > > > > > > ..a possibly simpler idea: Give the vm another cpu thread to > > help do the i/o work? > It already has twelve cpu theads. ..ok, wrong diagnosis on my part, I assumed you only gave it one thread, with 12, your i/o problems are somewhere else. > Is there a way to reserve some of them to I/O? ..anyone? I have read somewhere(?) that you can assign (or somesuch) a program to run on a specific cpu, if that helps your search for ideas. > Luciano. -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Welcome to wiki.devuan.org!
On Tue, Sep 13, 2022 at 08:41:22PM -0500, goli...@devuan.org wrote: > Greetings all! > > Did that get your attention? Good . . . :D > > The wiki has been languishing in the doldrums for some time in a rather > unusable state but it could become a reality if some Wiki Whisperers would > step up to make it happen. > > If anyone here has experience with Foswiki or other wikis, this is your > moment to shine! I gather that upgrading the Foswiki software has effectively disabled it. Foswiki is vastly complicated. So. What is the simplest available free Wiki software? Desiderata: * Separation between wiki software and content (so upgrades don't disable it) * registration of users, with the ability for administrators to approve or ban them. * roll back mistakes and delete spam * handle mathematical notation insamuch as the the browser can. * Unicode And it would be nice to be able to make it distributed. Though that's probably not required as long as it remains low-volumt. -- hendrik > > Once it is in a usable state, we will need a team of contributors to begin > populating pages with content sourced from the forum, mailing lists, IRC, > personal experience etc. > > Devuan users . . . the ball is squarely in your court. Will Devuan have a > wiki? It's up to YOU, ! > > Discussion here and on dev1galaxy.org and #devuan-wiki. > > Now . . . . just where are those Wiki Whisperers . . . :D > > For the love of Devuan . . . just DO IT! > > golinux > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Chimaera CPU stuck
On 9/14/22 14:54, Luciano Mannucci wrote: On Wed, 14 Sep 2022 12:37:41 -0500 Hector Gonzalez Jaime via Dng wrote: kernel:[ 7336.007287] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [swapper/0:0] if I write to the disk via dd nothing wrong happens... Luciano. Check which scheduler you are using, for virtual machine loads you might want to use "deadline", assuming your disk is sda, the first command checks your scheduler, the second changes to deadline. cat /sys/block/sda/queue/scheduler echo "deadline" >/sys/block/sda/queue/schedule Well, the disk seems to be "vda". Issueing root@bobby:~# cat /sys/block/vda/queue/scheduler gives: [mq-deadline] none Is it wrong? It's as it should be. Did you check this on the hypervisor? The use of vda suggests this was checked on a VM, please check the physical host, which is the one doing the I/O for your VM. The physical host is also the one that needs to have a few dedicated processors to perform I/O for the VMs. Luciano. -- Hector Gonzalez ca...@genac.org ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Chimaera CPU stuck
On Wed, 14 Sep 2022 21:16:27 +0200 Arnt Karlsen wrote: > > echo "deadline" >/sys/block/sda/queue/scheduler > > > > ..a possibly simpler idea: Give the vm another cpu thread to > help do the i/o work? It already has twelve cpu theads. Is there a way to reserve some of them to I/O? Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 02485781 FAX: +39 0248028247 X AGAINST HTML MAIL/ E-MAIL: posthams...@sublink.sublink.org / \ AND POSTINGS/ WWW: http://www.lesassaie.IT/ ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Chimaera CPU stuck
On Wed, 14 Sep 2022 12:37:41 -0500 Hector Gonzalez Jaime via Dng wrote: > >kernel:[ 7336.007287] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! > > [swapper/0:0] > > > > if I write to the disk via dd nothing wrong happens... > > > > Luciano. > > Check which scheduler you are using, for virtual machine loads you might > want to use "deadline", assuming your disk is sda, the first command > checks your scheduler, the second changes to deadline. > > cat /sys/block/sda/queue/scheduler > > echo "deadline" >/sys/block/sda/queue/schedule Well, the disk seems to be "vda". Issueing root@bobby:~# cat /sys/block/vda/queue/scheduler gives: [mq-deadline] none Is it wrong? Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 02485781 FAX: +39 0248028247 X AGAINST HTML MAIL/ E-MAIL: posthams...@sublink.sublink.org / \ AND POSTINGS/ WWW: http://www.lesassaie.IT/ _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Chimaera CPU stuck
On Wed, 14 Sep 2022 12:37:41 -0500, Hector wrote in message <36d765d0-e9a7-ccaa-8b36-098e1f275...@genac.org>: > On 9/14/22 10:02, Luciano Mannucci wrote: > > On Wed, 14 Sep 2022 12:49:19 +0200 > > Luciano Mannucci wrote: > > > >>> vm.dirty_background_bytes=67108864 > >>> vm.dirty_bytes=268435456 > >>> > >>> Maybe this additional information is helpful: > >>> > >>> https://forum.proxmox.com/threads/io-performance-tuning.15893/ > >>> https://lonesysadmin.net/2013/12/22/better-linux-disk-caching-performance-vm-dirty_ratio/ > >>> > >>> Hope that helps, > >> Yes, it does! > >> Works like a charm! > > I've been to quick... > > Now only if the data comes from the local LAN (not drossing routers > > or firewalls) I still get > > > >kernel:[ 7336.007287] watchdog: BUG: soft lockup - CPU#0 stuck > > for 22s! [swapper/0:0] > > > > if I write to the disk via dd nothing wrong happens... > > > > Luciano. > > Check which scheduler you are using, for virtual machine loads you > might want to use "deadline", assuming your disk is sda, the first > command checks your scheduler, the second changes to deadline. > > cat /sys/block/sda/queue/scheduler > > echo "deadline" >/sys/block/sda/queue/scheduler > ..a possibly simpler idea: Give the vm another cpu thread to help do the i/o work? -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Chimaera CPU stuck
On 9/14/22 10:02, Luciano Mannucci wrote: On Wed, 14 Sep 2022 12:49:19 +0200 Luciano Mannucci wrote: vm.dirty_background_bytes=67108864 vm.dirty_bytes=268435456 Maybe this additional information is helpful: https://forum.proxmox.com/threads/io-performance-tuning.15893/ https://lonesysadmin.net/2013/12/22/better-linux-disk-caching-performance-vm-dirty_ratio/ Hope that helps, Yes, it does! Works like a charm! I've been to quick... Now only if the data comes from the local LAN (not drossing routers or firewalls) I still get kernel:[ 7336.007287] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [swapper/0:0] if I write to the disk via dd nothing wrong happens... Luciano. Check which scheduler you are using, for virtual machine loads you might want to use "deadline", assuming your disk is sda, the first command checks your scheduler, the second changes to deadline. cat /sys/block/sda/queue/scheduler echo "deadline" >/sys/block/sda/queue/scheduler -- Hector Gonzalez ca...@genac.org ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Chimaera CPU stuck
On Wed, 14 Sep 2022 12:49:19 +0200 Luciano Mannucci wrote: > > vm.dirty_background_bytes=67108864 > > vm.dirty_bytes=268435456 > > > > Maybe this additional information is helpful: > > > > https://forum.proxmox.com/threads/io-performance-tuning.15893/ > > https://lonesysadmin.net/2013/12/22/better-linux-disk-caching-performance-vm-dirty_ratio/ > > > > Hope that helps, > Yes, it does! > Works like a charm! I've been to quick... Now only if the data comes from the local LAN (not drossing routers or firewalls) I still get kernel:[ 7336.007287] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [swapper/0:0] if I write to the disk via dd nothing wrong happens... Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 02485781 FAX: +39 0248028247 X AGAINST HTML MAIL/ E-MAIL: posthams...@sublink.sublink.org / \ AND POSTINGS/ WWW: http://www.lesassaie.IT/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Chimaera CPU stuck
On Wed, 14 Sep 2022 11:04:39 +0200 Andreas Messer wrote: > # Start background writing when more than 128MB data are in write cache > # This value is tuned regarding write performance of HDD ~ 100MB > vm.dirty_background_bytes=67108864 > vm.dirty_bytes=268435456 > > Maybe this additional information is helpful: > > https://forum.proxmox.com/threads/io-performance-tuning.15893/ > https://lonesysadmin.net/2013/12/22/better-linux-disk-caching-performance-vm-dirty_ratio/ > > Hope that helps, Yes, it does! Works like a charm! Many thanks, Luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 02485781 FAX: +39 0248028247 X AGAINST HTML MAIL/ E-MAIL: posthams...@sublink.sublink.org / \ AND POSTINGS/ WWW: http://www.lesassaie.IT/ ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Chimaera CPU stuck
Hi Luciano, Am Wed, Sep 14, 2022 at 07:24:07AM +0200 schrieb Luciano Mannucci: > hello all! > > I have a virtual machine running under kvm who started hanging giving > this message just before it dies: > > kernel:[ 296.013011] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! > [swapper/0:0] > > This happens only on high i/o load. > The other virtual machines are all running with no problems. > What should I do? The message actually means, that moving memory pages to/from swap space took much longer than the kernel expects. This can happen when another process is using the entire I/O bandwidth to the disk. I had similar issues with my Desktop PC. It turned out this was somehow related to the 32GB RAM of my machine. When a process writes files, the kernel will cache the data first and executes the actual disk writes later depending on cache fill and time. When a process produces data very fast, the cache will grow more and more even while the kernel is already writing data out to disk and at some point an internal threshold in the kernel is hit. (/proc/sys/vm/dirty_ratio) At this time, the kernel will block all processes writing to disks and flush the entire cache content to the disk. If you have a lot of RAM, this flushing can take a lot of time (seconds till minutes). Large RAM machines are affected by this since the threshold is by default set as ratio from f RAM memory. I mitigated this by reconfigure the so called background write threshold cat /etc/sysctl.d/tuning.conf # The following settings are to avoid long application stalls when # writing large files to disk. They lower the amount of write # cached data in RAM until actual writing occurs. This will prevent # the system from writing data in large chunks while everything # else blocks. So this improves the latency of the desktop # The values are by defaulted computed as fraction of the main memory # which results in fairly large cached unwritten data on high memory # systems # Start background writing when more than 128MB data are in write cache # This value is tuned regarding write performance of HDD ~ 100MB vm.dirty_background_bytes=67108864 vm.dirty_bytes=268435456 Maybe this additional information is helpful: https://forum.proxmox.com/threads/io-performance-tuning.15893/ https://lonesysadmin.net/2013/12/22/better-linux-disk-caching-performance-vm-dirty_ratio/ Hope that helps, cheers, Andreas -- gnuPG keyid: 8C2BAF51 fingerprint: 28EE 8438 E688 D992 3661 C753 90B3 BAAA 8C2B AF51 signature.asc Description: PGP signature ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Chimaera CPU stuck
> On 14 Sep 2022, at 15:24, Luciano Mannucci wrote: > > hello all! > > I have a virtual machine running under kvm who started hanging giving > this message just before it dies: > > kernel:[ 296.013011] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! > [swapper/0:0] > > This happens only on high i/o load. > The other virtual machines are all running with no problems. > What should I do? > > luciano. Have you tried upgrading to the kernel from chimaera-backports? Add sources for backports repository from https://www.devuan.org/os/packages and then `apt-get update && apt-get install -t chimaera-backports linux-image-amd64` should do it.___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Chimaera CPU stuck
hello all! I have a virtual machine running under kvm who started hanging giving this message just before it dies: kernel:[ 296.013011] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [swapper/0:0] This happens only on high i/o load. The other virtual machines are all running with no problems. What should I do? luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII RIBBON CAMPAIGN / PHONE : +39 02485781 FAX: +39 0248028247 X AGAINST HTML MAIL/ E-MAIL: posthams...@sublink.sublink.org / \ AND POSTINGS/ WWW: http://www.lesassaie.IT/ _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Welcome to wiki.devuan.org!
Greetings all! Did that get your attention? Good . . . :D The wiki has been languishing in the doldrums for some time in a rather unusable state but it could become a reality if some Wiki Whisperers would step up to make it happen. If anyone here has experience with Foswiki or other wikis, this is your moment to shine! Once it is in a usable state, we will need a team of contributors to begin populating pages with content sourced from the forum, mailing lists, IRC, personal experience etc. Devuan users . . . the ball is squarely in your court. Will Devuan have a wiki? It's up to YOU, ! Discussion here and on dev1galaxy.org and #devuan-wiki. Now . . . . just where are those Wiki Whisperers . . . :D For the love of Devuan . . . just DO IT! golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Ceres broke (/lib/lsb/init-functions missing)
Alexander, On Tue, Sep 13, 2022 at 10:12:12AM +, Alexander Brüning via Dng wrote: > Hi, > > my Devuan Ceres (unstable) broke after updating today because the file > /lib/lsb/init-functions went missing. Downgrading lsb-base and lsb-release > brought it back. > > It seems like Debian is moving the file to sysvinit-utils. I am just building the new version for ceres now. Mark ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Ceres broke (/lib/lsb/init-functions missing)
Hi, my Devuan Ceres (unstable) broke after updating today because the file /lib/lsb/init-functions went missing. Downgrading lsb-base and lsb-release brought it back. It seems like Debian is moving the file to sysvinit-utils. Regards, Alex ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] New Chimaera torrent file needs seeders.
On 2022-09-12 17:36:45, wirelessduck--- via Dng wrote: > > > > On 12 Sep 2022, at 17:08, fraser kendall wrote: > > > > On Sun, 11 Sep 2022 11:43:12 -0400 > > fsmithred via Dng wrote: > > > >> Please seed. Thanks. > > > > Hi to all. I have a headless backup machine (with about 2T spare > > capacity) that I'd be willing to use as a long-term seeding host, but I > > have no knowledge about how to do this securely, and it'd have to be > > managed via ssh. I have a couple of questions. > > > > 1) How do I get the client to continue to run after logging off? Is it > > as simple as a remote command: > > > > $ aria2c -V --seed-ratio=0.0 -d /home/devuan/torrent > > https://files.devuan.org/devuan_chimaera.torrent & exit > > > > or should I keep the ssh instance open on the local host to monitor > > what's going on? > > > > 2) Should the client be chrooted? > > > > 3) Any advice on a secure aria2.conf would be appreciated. > > > > Many thanks > > > > fraser > > I can’t speak to aria2, but transmission has a cli/remote client and daemon > you can run on a headless server. Also the usual method of keeping things running after logout is to use screen or tmux. -- A big old stinking pile of genius that no one wants coz there are too many silver coated monkeys in the world. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] New Chimaera torrent file needs seeders.
> On 12 Sep 2022, at 17:08, fraser kendall wrote: > > On Sun, 11 Sep 2022 11:43:12 -0400 > fsmithred via Dng wrote: > >> Please seed. Thanks. > > Hi to all. I have a headless backup machine (with about 2T spare > capacity) that I'd be willing to use as a long-term seeding host, but I > have no knowledge about how to do this securely, and it'd have to be > managed via ssh. I have a couple of questions. > > 1) How do I get the client to continue to run after logging off? Is it > as simple as a remote command: > > $ aria2c -V --seed-ratio=0.0 -d /home/devuan/torrent > https://files.devuan.org/devuan_chimaera.torrent & exit > > or should I keep the ssh instance open on the local host to monitor > what's going on? > > 2) Should the client be chrooted? > > 3) Any advice on a secure aria2.conf would be appreciated. > > Many thanks > > fraser I can’t speak to aria2, but transmission has a cli/remote client and daemon you can run on a headless server. Tom ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] New Chimaera torrent file needs seeders.
On Sun, 11 Sep 2022 11:43:12 -0400 fsmithred via Dng wrote: > Please seed. Thanks. Hi to all. I have a headless backup machine (with about 2T spare capacity) that I'd be willing to use as a long-term seeding host, but I have no knowledge about how to do this securely, and it'd have to be managed via ssh. I have a couple of questions. 1) How do I get the client to continue to run after logging off? Is it as simple as a remote command: $ aria2c -V --seed-ratio=0.0 -d /home/devuan/torrent https://files.devuan.org/devuan_chimaera.torrent & exit or should I keep the ssh instance open on the local host to monitor what's going on? 2) Should the client be chrooted? 3) Any advice on a secure aria2.conf would be appreciated. Many thanks fraser _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] simple-netaid for daedalus
Hi, On 11/9/22 9:36, Joel Roth via Dng wrote: Well, for now I'll open a request-for-packaging bug with debian and we can see if someone steps up. Thanks, Joel! Can you provide a link to the sources? They are in gitea.devuan.dev: https://git.devuan.dev/aitor_czr/libnetaid https://git.devuan.dev/aitor_czr/simple-netaid-cdk https://git.devuan.dev/aitor_czr/snetaid https://git.devuan.dev/aitor_czr/libpstat https://git.devuan.dev/aitor_czr/libubox https://git.devuan.dev/aitor_czr/libubus https://git.devuan.dev/aitor_czr/simple-netaid-gtk I have some improvements in mind, and I'll apply the changes as soon as possible. The last one (simple-netaid-gtk) isn't finished. Cheers, Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] New Chimaera torrent file needs seeders.
There's a new torrent file for chimaera to include the updated live isos. All the installer isos are unchanged and still at 4.0.0. The four live isos are 4.0.2 and include a bugfix for the live installer. Please seed. Thanks. Here's the torrent file: https://files.devuan.org/devuan_chimaera.torrent There's a magnet link at the bottom of this page: https://www.devuan.org/get-devuan fsmithred ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] simple-netaid for daedalus
On Sat, Sep 10, 2022 at 10:43:25AM +0200, aitor wrote: > Hi Joel, > > On 10/9/22 8:36, Joel Roth via Dng wrote: > > I tried downloading and installing the packages one-by-one. > > Had some dependency problems (no details, sorry it was a > > while back.) Anyway not sure which packages are relevant, > > for example do I need the cdk and vte3 versions? > > Yes, you need to install libcdk5nc6, libvte-2.91-0 and libvte-2.91-common. > The packages missing in devuan are here: > > https://www.gnuinos.org/simple-netaid/ Thanks I'll try again. > > > Is it possible to contribute the packages to the Devuan or > > Debian package repositories? It would be easier for > > me to install. Otherwise, some docs would help, or I can > > try manually installing the packages again and report > > my failures;-) > > I'm not a devuan caretaker, but, as far as I know, devuan just removes > systemd dependency from debian. > About including simple-netaid in debian repo..., I don't know the way to go. Well, for now I'll open a request-for-packaging bug with debian and we can see if someone steps up. Can you provide a link to the sources? [...] > > Also, including the call to dhclient makes it easier > > to use than, for example, wpa_gui. > > The client is managed internally by ifupdown: > > https://salsa.debian.org/debian/ifupdown/-/blob/master/inet.defn > > https://salsa.debian.org/debian/ifupdown/-/blob/master/inet6.defn I appreciate the explanations. Regards, Joel > > Cheers, > > Aitor. > > > _______ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng -- Joel Roth ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] simple-netaid for daedalus
Hi Joel, On 10/9/22 8:36, Joel Roth via Dng wrote: I tried downloading and installing the packages one-by-one. Had some dependency problems (no details, sorry it was a while back.) Anyway not sure which packages are relevant, for example do I need the cdk and vte3 versions? Yes, you need to install libcdk5nc6, libvte-2.91-0 and libvte-2.91-common. The packages missing in devuan are here: https://www.gnuinos.org/simple-netaid/ Is it possible to contribute the packages to the Devuan or Debian package repositories? It would be easier for me to install. Otherwise, some docs would help, or I can try manually installing the packages again and report my failures;-) I'm not a devuan caretaker, but, as far as I know, devuan just removes systemd dependency from debian. About including simple-netaid in debian repo..., I don't know the way to go. I like having the wifi SSIDs and passwords stored under /etc/networks/wifi, where I can easily refer to them. This is how simple-netaid works. Also, including the call to dhclient makes it easier to use than, for example, wpa_gui. The client is managed internally by ifupdown: https://salsa.debian.org/debian/ifupdown/-/blob/master/inet.defn https://salsa.debian.org/debian/ifupdown/-/blob/master/inet6.defn Cheers, Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] simple-netaid for daedalus
On Mon, Jul 18, 2022 at 02:17:56AM +0200, aitor wrote: > Hi Joel, > > On Thu, 14 Jul 2022 23:33:00 +0700 > Joel Roth via Dng wrote: > > > Great that you're working on a new architecture for this program. > > Since upgrading to daedalus, I noticed that my old sn didn't > > work properly. I didn't investigate further but have been > > looking to install a newer version. > > > > Currently apt-cache search netaid shows: > > > > simple-netaid-vte3 - Gtk3 container for the ncurses interface of simple > > netaid > > snetaid - configuration daemon for simple-netaid. > > > > Can I expect a complete package for devuan? I looked for > > packages in gnuinos/pool but seemed to be > > missing dependencies such as libnetaid0. > > This weekend I uploaded the packages for daedalus. The newest versions are > packaged > in quilt source format, and you can differentiate them by the suffix > -N+gnuinos5 in > the debian version: > > http://packages.gnuinos.org/gnuinos/pool/main/libp/libpstat/ > <http://packages.gnuinos.org/gnuinos/pool/main/libp/libpstat/> > > http://packages.gnuinos.org/gnuinos/pool/main/libu/libubox/ > <http://packages.gnuinos.org/gnuinos/pool/main/libu/libubox/> > > http://packages.gnuinos.org/gnuinos/pool/main/u/ubus/ > <http://packages.gnuinos.org/gnuinos/pool/main/u/ubus/> > > http://packages.gnuinos.org/gnuinos/pool/main/libn/libnetaid/ > <http://packages.gnuinos.org/gnuinos/pool/main/libn/libnetaid/> > > http://packages.gnuinos.org/gnuinos/pool/main/s/snetaid/ > <http://packages.gnuinos.org/gnuinos/pool/main/s/snetaid/> > > http://packages.gnuinos.org/gnuinos/pool/main/s/simple-netaid-cdk/ > <http://packages.gnuinos.org/gnuinos/pool/main/s/simple-netaid-cdk/> > > http://packages.gnuinos.org/gnuinos/pool/main/s/simple-netaid-vte3/ > <http://packages.gnuinos.org/gnuinos/pool/main/s/simple-netaid-vte3/> > > > > I'm mainly interested the command line utility. > > You can find some documentation in the website about the command line > utilities: > > https://www.gnuinos.org/ubus/ <https://www.gnuinos.org/ubus/> > > Feel free to ask :) Hiya Aitor, I tried downloading and installing the packages one-by-one. Had some dependency problems (no details, sorry it was a while back.) Anyway not sure which packages are relevant, for example do I need the cdk and vte3 versions? Is it possible to contribute the packages to the Devuan or Debian package repositories? It would be easier for me to install. Otherwise, some docs would help, or I can try manually installing the packages again and report my failures ;-) I like having the wifi SSIDs and passwords stored under /etc/networks/wifi, where I can easily refer to them. Also, including the call to dhclient makes it easier to use than, for example, wpa_gui. > Thanks for your interest in simple-netaid !! Thanks for providing and supporting it! > Cheers, > > Aitor. > > > > ________ > > Dng mailing list > > Dng@lists.dyne.org > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng -- Joel Roth ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Interesting Read on Linux Permissions
On 9/9/22 22:27, aitor wrote: The way to get so called capability is: $ sudo /sbin/setcap cap_kill+ep cap_example Remove the binary after the test. Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Interesting Read on Linux Permissions
Hi O'Beardly On 9/9/22 13:48, Linux O'Beardly via Dng wrote: I was "aware" of this, but I don't know that I understood it. I'm actually not sure that I understand it now, but I'm more aware of it than I was before. https://medium.com/@boutnaru/linux-security-capabilities-part-1-63c6d2ceb8bf A file with the suid permissions always execute as the user who owns the file, regardless of the user passing the command. Let's put an example in C: #include #include #include int main() { setuid(0); system("apt-get update"); return 0; } This program will update your devuan repo. Compile the code: $ gcc suid_example.c -o suid_example Before trying to run it, you must change the ownership of the given binary because you'll need admin permissions: $ sudo chown root:root suid_example In addition, the line 'setuid(0)' in the C code requires another step to be honored: $ sudo chmod u+s suid_example You've given suid permissions to the file. Indeed: $ ls -l suid_example -rwsr-xr-x 1 root root 16656 sep 9 21:09 suid_example Now run the binary, and your repo will be updated: $ ./suid_example Des:1http://deb.devuan.org/merged chimaera InRelease [33,5 kB] Des:2http://deb.devuan.org/merged chimaera-updates InRelease [26,1 kB] Des:3http://deb.devuan.org/merged chimaera-security InRelease [26,2 kB] . . On the other hand, the goal of the linux capabilities is to escalate permissions of the binary from the low privilege (effective uid is not 0) in a less risky way than using suid. Such a binary cannot do whatever it pleases, because it's limited by the capability bounding set. Further information about linux capabilities: https://man7.org/linux/man-pages/man7/capabilities.7.html Consider the following program: #include #include #include #include int main(int argc, char **argv) { kill(atoi(argv[1]), SIGTERM); return 0; } In order to compile the program you need to install 'libcap-dev': $ sudo apt-get install libcap-dev Build the program: $ gcc cap_example.c -o cap_example -lcap The generated binary will terminate a concrete process, whenever the PID of the process is received as an argument in the command line. However, if the given process is a root process, obviously you will not be able to kill it as a mortal user. You'll need a concrete linux capability then, called CAP_KILL. The way to get so called capability is: $ sudo /sbin/setcap cap_kill+ep cap_example The additional flags (+ep) mean effective-set and permitted-set. I'm not going into details. Now open another terminal and run a root process, for the sake of example, synaptic. You can pass the pid of the running process as an argument to the compiled binary using the following pipe: $ pidof synaptic | xargs cap_example ... And the root process, i.e. synaptic, terminates. HTH, Aitor. _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Interesting Read on Linux Permissions
On Fri, Sep 9, 2022 at 6:48 AM Linux O'Beardly via Dng wrote: > > I was "aware" of this, but I don't know that I understood it. I'm actually > not sure that I understand it now, but I'm more aware of it than I was before. > > https://medium.com/@boutnaru/linux-security-capabilities-part-1-63c6d2ceb8bf > Couple of interesting 'networking' articles too. HTH ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Seeking professional mentor (was Re: Interesting Read on Linux Permissions)
On Friday, September 9, 2022, 04:48:29 a.m. PDT, Linux O'Beardly via Dng wrote: > I was "aware" of this, but I don't know that I understood it. I'm actually > not sure that I understand it now, but I'm more aware of it than I was before. > https://medium.com/@boutnaru/linux-security-capabilities-part-1-63c6d2ceb8bf I should probably clarify that I am just a lowly trained musician seeking career advice from veteran UNIX system administrators and it's just timing that Debian had been previous my tool to get work done. My previous system to that was an Apple //e. Linux trolls and hackers are much too clever for someone as simple as me. Thanks for any help! Kindest Regards, Jason Jason Kinney Ethical Technologist & GUA Surrey, BC, Canada jkinney23 at yahoo.ca ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Interesting Read on Linux Permissions
I was "aware" of this, but I don't know that I understood it. I'm actually not sure that I understand it now, but I'm more aware of it than I was before. https://medium.com/@boutnaru/linux-security-capabilities-part-1-63c6d2ceb8bf -- Linux O'Beardly @LinuxOBeardly http://o.beard.ly linux.obear...@gmail.com _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On 9/9/22 3:24 am, Simon Hobson wrote: Marjorie Roome via Dng wrote: I configure strict postfix rules that incoming mail should have a reverse DNS. I find grey-listing to be by far the most effective spam blocker. I use postscreen rather than grey-listing. It does much the same delay function as grey-listing but also does timing and protocol violation checks https://www.postfix.org/POSTSCREEN_README.html https://www.linuxbabe.com/mail-server/configure-postscreen-in-postfix-to-block-spambots It does require a few minutes thinking about your master.cf structure, but that's a good thing anyway. -- Jeremy OpenPGP_signature Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] update error
'$ apt update' wrote on Thu 08 Sep 2022 08:57:21 PM CEST: > An error occurred during the signature verification. The repository is > not updated and the previous index files will be used. GPG error: > http://pkgmaster.devuan.org/merged chimaera InRelease: The following > signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository > (Amprolla3 on Nemesis) https://www.devuan.org/os/packages wrote Thu 08 Sep 2022 08:58:17 PM CEST: > To use deb.devuan.org, you must have devuan-keyring version > 2022.09.04 or higher. '$ dpkg -l *devuan-keyring' wrote on Thu 08 Sep 2022 08:58:26 PM CEST: > ii devuan-keyring 2017.10.03 '$ cat /var/log/apt/history.log' wrote on Thu 08 Sep 2022 09:02:34 PM CEST: > Start-Date: 2022-09-07 19:47:08 > Commandline: /usr/bin/apt-get upgrade -y -q > Upgrade: [...] Dear currently so silent list: Something seems wrong... is it just that I missed to /pgkmaster/deb/ in my sources.list? libre Grüße, Florian -- \ \\ \ \ | | / \ | ils sont | | brainfrickin' FOUS | |ces romains!| \__/ ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Configuring ethernet port for IPv6
Curtis Maurand wrote: > I think this is all great right up until you need a fixed address for > something like a mail server or a web server. That is no more of a problem with IPv6 as it is with IPv4 - if you have a “poor quality” ISP that doesn’t do fixed addresses then you have a problem with anything that needs a fixed(dish) IP. > So far, I've found IPV6 to be unreliable. In what way ? I’m not currently running IPv6 at home as I’ve not got round to reconfiguring the network to use my own (pre-systemd Debian, Linux VM) router, and the ISP supplied router doesn’t have the option to forward (IIRC) GRE needed to make my HE tunnel work. But in the past when I have had IPv6 running, it’s worked fine. I didn’t run my email over IPv6 for the simple reason that at the time, there was one element of my software stack that didn’t fully cope with it. Again, not found time to update everything - I believe that one issue was fixed a while ago. Going back probably around 10 years, I enabled IPv6 on our office network and waited to see if anyone noticed - no-one did, and we didn’t start experiencing new problems. Simon _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Marjorie Roome via Dng wrote: > I configure strict postfix rules that incoming mail should have a > reverse DNS. Ah, we’re talking two different checks. I too reject connections if there’s no reverse DNS, but ideally that reverse DNS should forward resolve to a list (one or more IPs) containing the IP of the connecting device. It’s this latter bit that people seem too incapable of getting right. But while rejecting “no reverse DNS” does block a lot, there is a lot of spam that comes from addresses that have generic reverse DNS entries - many ISPs have reverse DNS setup for their customer IP ranges along the lines of a-b-c-d.dynamic.ispname.net. I find grey-listing to be by far the most effective spam blocker. Simon _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Seeking professional mentor (was Re: meta: list)
>On Thursday, September 8, 2022, 04:35:35 a.m. PDT, Steve Litt > wrote: >> Would anyone have the infrastructure to help us less advantaged FOSS >> advocates >> who got trampled on by big tech and the pandemic with the appropriate email >> address >> to stay involved in the discussion if this experiment happens? >I don't understand the preceding question. To explain: I used to run a small solo FOSS advocacy project where I recycled computers and gave them away to kids and non-profits and taught them some basic digital literacy skills. I did about 200 on my own. In a heavily Microsoft-centric community. Should I explain what the impact was on my small business here? I hope not. I've since retrained with a better CS skill-set and wrote my LPIC-1 certification to go with my work, but the pandemic put me homeless in an RV instead and dependent on a social support system that doesn't care that I took advantage of free online resources to build those skills and certainly does not care about FOSS. The original poster sounded like I would need to be running my own domain and email service to participate in your gmail resistance experiment. I don't have the means to do that on my own at this time. I *could* look up documentation to set up email service on my own, although I've not done that before. >> I just got here and I >> love it. I'd otherwise need a bit more time if all the wise old veterans are >> leaving to go >> somewhere else :) >Whoaaa! As far as I know, neither I nor anybody else was advocating changing or >abandoning THIS list. I would be very against that. I thought we were talking >about >an SMTP that would bounce gmail krap and not bounce DMARC, DKIM, OATH2 and all >the >other clutterment the big boys are using to try to marginalize email so their >walled >gardens have no competition. Perfect! As long as I've already stuck my foot in my mouth on list, is there anyone from the Devuan community that would like to help mentor someone into a new career as a system administrator? I've been very unhappy in other communities because I understand the problems big tech is causing and this place seems to share my values. I feel really at home here. I finally got around to installing Devuan on bare metal to use as my main system and I really like design choices that have been made. I come from this little minimalist Debian based system called Crunchbang and have been rolling my own from scratch since it was discontinued. It was very easy and comfortable to do this with Devuan as well. It's also been really nice to be reading posts on a mailing list with veterans who know what they are doing. It would be awesome if someone from this community had just the bare minimum of time to help me figure out how to get back to work using a system like this that I feel comfortable using both on technical and ethical levels. If anyone has suggestions at all that could help me feel, free to respond in whatever way feels best for you. In any case, thanks so much to this community for building such a rocking system for me to get work done on! I love it! Warm Regards, Jason Jason Kinney Ethical Technologist Surrey, BC, Canada jkinney23 at yahoo.ca ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] devuan.org signature problem
On Thu, Sep 08, 2022 at 08:53:01PM +0100, Antony Stone wrote: > On Thursday 08 September 2022 at 19:52:20, Joel Roth via Dng wrote: > > > Hi list, > > > > Upgrading a machine to daedalus, apt-get update returns this error: > > > > W: GPG error: http://deb.devuan.org/merged daedalus InRelease: The > > following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan > > Repository (Amprolla3 on Nemesis) > > > Is this easily resolved? > > See https://lists.dyne.org/lurker/message/20220903.172703.1050aabb.en.html > and > https://lists.dyne.org/lurker/message/20220903.173401.2043605d.en.html Thank you. This does the trick. > Antony. -- Joel Roth ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] devuan.org signature problem
On Thursday 08 September 2022 at 19:52:20, Joel Roth via Dng wrote: > Hi list, > > Upgrading a machine to daedalus, apt-get update returns this error: > > W: GPG error: http://deb.devuan.org/merged daedalus InRelease: The > following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan > Repository (Amprolla3 on Nemesis) > Is this easily resolved? See https://lists.dyne.org/lurker/message/20220903.172703.1050aabb.en.html and https://lists.dyne.org/lurker/message/20220903.173401.2043605d.en.html Antony. -- Python is executable pseudocode. Perl is executable line noise. Please reply to the list; please *don't* CC me. ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] devuan.org signature problem
Hi list, Upgrading a machine to daedalus, apt-get update returns this error: W: GPG error: http://deb.devuan.org/merged daedalus InRelease: The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) E: The repository 'http://deb.devuan.org/merged daedalus InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Is this easily resolved? I'd like to upgrade today, securely if possible. Thanks -- Joel Roth ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] installation images
On Thu, 2022-09-08 at 12:29 +0100, Peter Duffy wrote: > On Thu, 2022-09-08 at 21:21 +1000, Ralph Ronnquist wrote: > > On Thu, Sep 08, 2022 at 11:46:50AM +0100, Peter Duffy wrote: > > > I assume that at some point, the installation iso images are > > > going > > > to > > > be rebuilt to include the new devuan-keyring package? Until this > > > is > > > done, a devuan install can only be completed by using the > > > wget/chroot/dpkg kludge. > > > > > > Given LP's move to M$, there's probably more interest than usual > > > in > > > devuan and other non-systemd distros at the moment - so maybe > > > this > > > needs doing quite urgently. > > > > > > I did manage to rebuild the chimaera netinstall image with the > > > new > > > devuan-keyring package yesterday (I needed to install several > > > chimaera > > > VMs, and it was an interesting challenge). The new image appears > > > to > > > work (install on a virtualbox VM completed without a problem, and > > > the > > > VM booted fine). If it would be helpful, I'm happy to give > > > details > > > of > > > how I did it - but I'm conscious that although it seems to work, > > > my > > > new > > > image is probably slightly different from the original, and I > > > don't > > > want to muddy any waters. The best by far would be to have new > > > images > > > available, built using the standard process. On the other hand, > > > it > > > might be good for the process of generating debian/devuan > > > installation > > > images to be more widely known (there doesn't seem to be a lot of > > > information on the web about it, and what there is seems mostly > > > to > > > be > > > out-of-date and/or broken). > > > > To build a chimaera netinstall, the following command sequence > > might > > work: > > > > $ git clone https://git.devuan.org/devuan/installer-iso.git > > $ cd installer-iso > > $ TRIAL=yes ./build-sudo chimaera netinstall 4.2.meown > > > > You obviusly need sudo, or you may run it as root. > > > > That scripting will firstly debootstrap a chimaera installer > > building > > hosting filesystem, then chroot into that for the actual iso > > building. > > The resulting ISO ends up at chimaera.$ARCH.fs/installer-iso/ with > > the > > name of netinstall-$ARCH.iso. > > > > I'm doing like that so it must work the same for everyone ;) > > > > Ralph. > > Thanks for that - I was hoping that the tools to do this were > generally > available. I'll give it a try. > That worked fine - the image built successfully, and an install from it on a virtualbox VM was also successful. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Thu, 2022-09-08 at 11:29 +, jkinne...@yahoo.ca wrote: > Would anyone have the infrastructure to help us less advantaged FOSS > advocates > who got trampled on by big tech and the pandemic with the appropriate email > address > to stay involved in the discussion if this experiment happens? I don't understand the preceding question. > I just got here and I > love it. I'd otherwise need a bit more time if all the wise old veterans are > leaving to go > somewhere else :) Whoaaa! As far as I know, neither I nor anybody else was advocating changing or abandoning THIS list. I would be very against that. I thought we were talking about an SMTP that would bounce gmail krap and not bounce DMARC, DKIM, OATH2 and all the other clutterment the big boys are using to try to marginalize email so their walled gardens have no competition. SteveT ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Would anyone have the infrastructure to help us less advantaged FOSS advocates who got trampled on by big tech and the pandemic with the appropriate email address to stay involved in the discussion if this experiment happens? I just got here and I love it. I'd otherwise need a bit more time if all the wise old veterans are leaving to go somewhere else :) Thanks! Jason On Thursday, September 8, 2022, 03:48:19 a.m. PDT, Steve Litt wrote: On Thu, 2022-09-08 at 10:29 +0200, marc wrote: > > I am considering starting an admin list, where one can only > subscribe with an address starting with admin@... and > perhaps only one admin@... per IP. I suggest a name other than admin@, because people are probably using admin@ for other purposes already. Maybe something like cleanmail@. I could subscribe with cleanm...@troubleshooters.com . I deleted your rant, but see a lot of value in your rant and would like to participate in your experiment, if you do it. SteveT ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] installation images
On Thu, 2022-09-08 at 21:21 +1000, Ralph Ronnquist wrote: > On Thu, Sep 08, 2022 at 11:46:50AM +0100, Peter Duffy wrote: > > I assume that at some point, the installation iso images are going > > to > > be rebuilt to include the new devuan-keyring package? Until this is > > done, a devuan install can only be completed by using the > > wget/chroot/dpkg kludge. > > > > Given LP's move to M$, there's probably more interest than usual in > > devuan and other non-systemd distros at the moment - so maybe this > > needs doing quite urgently. > > > > I did manage to rebuild the chimaera netinstall image with the new > > devuan-keyring package yesterday (I needed to install several > > chimaera > > VMs, and it was an interesting challenge). The new image appears to > > work (install on a virtualbox VM completed without a problem, and > > the > > VM booted fine). If it would be helpful, I'm happy to give details > > of > > how I did it - but I'm conscious that although it seems to work, my > > new > > image is probably slightly different from the original, and I don't > > want to muddy any waters. The best by far would be to have new > > images > > available, built using the standard process. On the other hand, it > > might be good for the process of generating debian/devuan > > installation > > images to be more widely known (there doesn't seem to be a lot of > > information on the web about it, and what there is seems mostly to > > be > > out-of-date and/or broken). > > To build a chimaera netinstall, the following command sequence might > work: > > $ git clone https://git.devuan.org/devuan/installer-iso.git > $ cd installer-iso > $ TRIAL=yes ./build-sudo chimaera netinstall 4.2.meown > > You obviusly need sudo, or you may run it as root. > > That scripting will firstly debootstrap a chimaera installer building > hosting filesystem, then chroot into that for the actual iso > building. > The resulting ISO ends up at chimaera.$ARCH.fs/installer-iso/ with > the > name of netinstall-$ARCH.iso. > > I'm doing like that so it must work the same for everyone ;) > > Ralph. Thanks for that - I was hoping that the tools to do this were generally available. I'll give it a try. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] installation images
On Thu, Sep 08, 2022 at 11:46:50AM +0100, Peter Duffy wrote: > I assume that at some point, the installation iso images are going to > be rebuilt to include the new devuan-keyring package? Until this is > done, a devuan install can only be completed by using the > wget/chroot/dpkg kludge. > > Given LP's move to M$, there's probably more interest than usual in > devuan and other non-systemd distros at the moment - so maybe this > needs doing quite urgently. > > I did manage to rebuild the chimaera netinstall image with the new > devuan-keyring package yesterday (I needed to install several chimaera > VMs, and it was an interesting challenge). The new image appears to > work (install on a virtualbox VM completed without a problem, and the > VM booted fine). If it would be helpful, I'm happy to give details of > how I did it - but I'm conscious that although it seems to work, my new > image is probably slightly different from the original, and I don't > want to muddy any waters. The best by far would be to have new images > available, built using the standard process. On the other hand, it > might be good for the process of generating debian/devuan installation > images to be more widely known (there doesn't seem to be a lot of > information on the web about it, and what there is seems mostly to be > out-of-date and/or broken). To build a chimaera netinstall, the following command sequence might work: $ git clone https://git.devuan.org/devuan/installer-iso.git $ cd installer-iso $ TRIAL=yes ./build-sudo chimaera netinstall 4.2.meown You obviusly need sudo, or you may run it as root. That scripting will firstly debootstrap a chimaera installer building hosting filesystem, then chroot into that for the actual iso building. The resulting ISO ends up at chimaera.$ARCH.fs/installer-iso/ with the name of netinstall-$ARCH.iso. I'm doing like that so it must work the same for everyone ;) Ralph. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Thu, 2022-09-08 at 10:29 +0200, marc wrote: > > I am considering starting an admin list, where one can only > subscribe with an address starting with admin@... and > perhaps only one admin@... per IP. I suggest a name other than admin@, because people are probably using admin@ for other purposes already. Maybe something like cleanmail@. I could subscribe with cleanm...@troubleshooters.com . I deleted your rant, but see a lot of value in your rant and would like to participate in your experiment, if you do it. SteveT ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] installation images
I assume that at some point, the installation iso images are going to be rebuilt to include the new devuan-keyring package? Until this is done, a devuan install can only be completed by using the wget/chroot/dpkg kludge. Given LP's move to M$, there's probably more interest than usual in devuan and other non-systemd distros at the moment - so maybe this needs doing quite urgently. I did manage to rebuild the chimaera netinstall image with the new devuan-keyring package yesterday (I needed to install several chimaera VMs, and it was an interesting challenge). The new image appears to work (install on a virtualbox VM completed without a problem, and the VM booted fine). If it would be helpful, I'm happy to give details of how I did it - but I'm conscious that although it seems to work, my new image is probably slightly different from the original, and I don't want to muddy any waters. The best by far would be to have new images available, built using the standard process. On the other hand, it might be good for the process of generating debian/devuan installation images to be more widely known (there doesn't seem to be a lot of information on the web about it, and what there is seems mostly to be out-of-date and/or broken). ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Gregory Nowak was quoted by Simon Hobson: > > I have toyed more than once with the question of what would happen if > > a group of us running our own mail exchanges made the choice to > > reject mail from gmail.com with a 550? If a few of us did it, we might > > miss mail we maybe wanted to get. If a bunch of us did it, then a > > bunch of gmail users would complain to google. My guess is google's > > response would be "this is a free service; if it doesn't work for you, > > then don't use it.??? > > No, I'll tell you what Google's response will be : > > "Our system is working fine, the other system is broken". > Don't forget that this is a company that is quite happy to > simply change the rules on the basis that it's big enough that > the rest of the world will adapt. Look at the history of stuff > they've "just changed" because it suits them. Sticking > with email, they were one of the first to implement SPF > fully knowing that it would break most mailing lists and > mail forwarders around the world - and so most mailing lists > around the world had to update software & change setups to suit > Google's* new set of "how email is to work" rules. I know, > I had a customer facing mail server** and mailing list server. I am considering starting an admin list, where one can only subscribe with an address starting with admin@... and perhaps only one admin@... per IP. While I support the right of consenting adults to indulge in various risky behaviours, including bending over for surveillance capitalists, I'd like to think that a more selective list would lead to more worthwhile conversations. I am perhaps a bit unkind when I say we have reached the point where many people have been so captured by google and similar that a form of Stokholm syndrome has set in, and that useful conversation is often derailed with "but actually I like ads that are relevant to my interests", "the upgrade/feature treadmill is fun, and keeps us all safe/buying stuff" - and I regard the entire SPF/DKIM/DMARC/SRS/nonsense part of this. I remember the propaganda being that encrypted mail is too hard to implement, dear Barbie: And yet here we are - we now are supposed to have full on signatures in every mail, yet the keys aren't held by the user, and the mail isn't private, and google spams me anyway - WTF, where did we go wrong ? I suppose I am derailing things - but if you think the admin@ list is something worth doing, let me know (off list is fine too) regards marc ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Key is expired
On 06/09/22 19:33, Chris Dos wrote: Just spent that last few hours updating all our Devuan servers. If you ever need again to do the same set of commands on multiple servers, you may find cssh useful. It connects via SSH to any number of servers and replicates the commands you type to all of them at once. https://linux.die.net/man/1/cssh (on Devuan the package is 'clusterssh') ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Key is expired
On 9/7/22 04:42, Peter Duffy wrote: > On Tue, 2022-09-06 at 11:33 -0600, Chris Dos wrote: >> I also had to manually delete the previous key in order for this to >> work: >> apt-key del "E032 601B 7CA1 0BC3 EA53 FA81 BB23 C00C 61FC 752C" >> > > I've not found that I needed to do the "apt-key del" step for it to > work - I just do the wget and then the dpkg. After that, all seems > fine. > > Did you find that you needed to delete the old key for the new one to > work? Yea I had to delete the key on the first three servers that I fixed so I just added that step to all my other servers as well. Not sure if they all needed it, but the first three did for sure. Chris ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Key is expired
On Tue, 2022-09-06 at 11:33 -0600, Chris Dos wrote: > I also had to manually delete the previous key in order for this to > work: > apt-key del "E032 601B 7CA1 0BC3 EA53 FA81 BB23 C00C 61FC 752C" > > After that: > wgethttp://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb > sudo dpkg -i devuan-keyring_2022.09.04_all.deb > sudo apt update > > Just spent that last few hours updating all our Devuan servers. May > want to put this information on the home page or something. > > Chris > I've not found that I needed to do the "apt-key del" step for it to work - I just do the wget and then the dpkg. After that, all seems fine. Did you find that you needed to delete the old key for the new one to work? _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] chimaera install problem
In der Nachricht vom Tuesday, 6 September 2022 16:29:35 CEST steht: > On Tue, Sep 06, 2022 at 03:53:08PM +0200, Adrian Zaugg wrote: > > In der Nachricht vom Tuesday, 6 September 2022 15:02:47 CEST steht: > > > At that point you use wget to grab the devuan-keyring package > > > http://deb.devuan.org/merged/pool/DEVUAN/main/d/devuan-keyring/devuan-ke > > > yrin g_2022.09.04_all.deb and store that at /target, so you can follow [...] > I must say that you are mistaken about that. Thank you, you are right, don't know what I did to not see this correctly. Sorry for the noise. But I hope you do not oppose when I insist to use https to download the keyring (and thus from pkgmaster.devuan.org), there is no DNSSEC on devuan.org and I believe the package itself is not signed: $ dpkg-sig --list devuan-keyring_2022.09.04_all.deb Processing devuan-keyring_2022.09.04_all.deb... $ Regards, Adrian. signature.asc Description: This is a digitally signed message part. ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Configuring ethernet port for IPv6
On Mon, Sep 05, 2022 at 11:47:33AM -0400, Curtis Maurand wrote: > I think this is all great right up until you need a fixed address for > something like a mail server or a web server. So far, I've found IPV6 to be > unreliable. I would argue it's easier to get a fixed address with IPv6 than it is with IPv4. If a provider is using mobile IPv6 to hand out addresses, or is doing something else preventing users from having a fixed static IPv6 subnet this is the fault of that provider, and not a deficiency of the IPv6 protocol. Greg -- web site: http://www.gregn.net gpg public key: http://www.gregn.net/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) If we haven't been in touch before, e-mail me before adding me to your contacts. -- Free domains: http://www.eu.org/ or mail dns-mana...@eu.org _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Hi Simon, On Sun, 2022-09-04 at 21:22 +0100, Simon Hobson wrote: > declassed art via Dng wrote: > > > I do have an unconfigured PTR for a couple of reasons, one > > of those is lack of static IP for now. > > I figured out quite quickly that checking reverse DNS is a waste of > time - too many systems, even those run by professional > network/server engineers, are just badly configured. > My experience (running a small family mail server on the premises, but of course with a fixed IP - I'm with Zen in the UK) is the opposite of this. I configure strict postfix rules that incoming mail should have a reverse DNS. Here's my recent traffic: 3490 received 3444 delivered 43 forwarded 1 deferred (1 deferrals) 0 bounced 1799 rejected (34%) Of those rejected: 974 Cannot find your reverse hostname 283 Helo command rejected: Host not found 251 Cannot find your hostname 23 Helo command rejected: need fully-qualified hostname 16 Recipient address rejected: User unknown Message that pass my postfix filters are then scored by my spamfilter rspamd: 222 Rejected by rspamd (mix of 4.7.1 try again later or 5.7.1 spam message rejected). In practice most greylisted 'try again laters' that do try again then end up in the users spam folders for them to evaluate and if necessary recategorise. So checking for a valid reverse DNS is my most effective filter. Only very rarely is it rejecting mail from anyone I'm expecting mail from: by inspection they are all obvious spam addresses and of course if they have a genuine reason to email me they are getting the message that their mail isn't getting through because they have no reverse DNS. -- Marjorie ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] chimaera install problem
On Tue, 2022-09-06 at 17:46 +0100, Peter Duffy wrote: > Ralph, thanks for the workaround - it worked fine. I had been trying > something similar, but I'd forgotten about the chroot. (Or to coin a phrase, close but no ch(e)root ;) ) _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Key is expired
I also had to manually delete the previous key in order for this to work: apt-key del "E032 601B 7CA1 0BC3 EA53 FA81 BB23 C00C 61FC 752C" After that: wget http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb sudo dpkg -i devuan-keyring_2022.09.04_all.deb sudo apt update Just spent that last few hours updating all our Devuan servers. May want to put this information on the home page or something. Chris On 9/3/22 11:27, Ludovic Bellière via Dng wrote: > Hello list, > > In order to resolve the gpg key being outdated, the following steps needs to > be taken: > > wget > http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb > sudo dpkg devuan-keyring_2022.09.04_all.deb > sudo apt update > > Cheers, > Ludovic > > > On Sat, 03 Sep 2022, Elimar Riesebieter wrote: > >> >> Hi all, >> >> the signing key 'Devuan Repository (Amprolla3 on Nemesis)' is >> expired: >> >> W: GPG error: http://deb.devuan.org/merged stable InRelease: The following >> signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository >> (Amprolla3 on Nemesis) >> >> Elimar > > -- > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] chimaera install problem
On Tue, 2022-09-06 at 23:02 +1000, Ralph Ronnquist wrote: > > The required hands-on to make use of the current installer ISOs > includes the use of wget and dpkg at the point where the installation > first breaks, though probably only via a C-A-F2 escape to a root > shell > while the installation (at C-A-F1) is blocked and waiting on the > error > report dialog. > > At that point you use wget to grab the devuan-keyring package > http://deb.devuan.org/merged/pool/DEVUAN/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb > and store that at /target, so you can follow up with manual > installation into /target, by: > # chroot /target /usr/bin/dpkg -i devuan-keyring_2022.09.04_all.deb > > Following that, you re-enter the installation at C-A-F1 and select > "continue" so that it re-tries with the failing step using the the > updated keyring. > > On the side of all that I should add that I also taken have the > opportunity to polish the installer-iso project so that it easily > builds ISOs for the old releases. Some trial builds of that are > currently available for testing at https://ido.rrq.id.au/download Ralph, thanks for the workaround - it worked fine. I had been trying something similar, but I'd forgotten about the chroot. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] chimaera install problem
On Tue, Sep 06, 2022 at 03:53:08PM +0200, Adrian Zaugg wrote: > In der Nachricht vom Tuesday, 6 September 2022 15:02:47 CEST steht: > > At that point you use wget to grab the devuan-keyring package > > http://deb.devuan.org/merged/pool/DEVUAN/main/d/devuan-keyring/devuan-keyrin > > g_2022.09.04_all.deb and store that at /target, so you can follow up with > > manual > > installation into /target, by: > > # chroot /target /usr/bin/dpkg -i devuan-keyring_2022.09.04_all.deb > There is neither curl, wget nor dpkg available in the netinst iso, at least > not in daedalus and presumably not in chimaera either. I must say that you are mistaken about that. "/usr/bin/wget" is available in the installer itself, and "/usr/bin/dpkg" is available in the installed base system (i.e. chroot /target) Ralph. > _______ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] chimaera install problem
In der Nachricht vom Tuesday, 6 September 2022 15:02:47 CEST steht: > At that point you use wget to grab the devuan-keyring package > http://deb.devuan.org/merged/pool/DEVUAN/main/d/devuan-keyring/devuan-keyrin > g_2022.09.04_all.deb and store that at /target, so you can follow up with > manual > installation into /target, by: > # chroot /target /usr/bin/dpkg -i devuan-keyring_2022.09.04_all.deb There is neither curl, wget nor dpkg available in the netinst iso, at least not in daedalus and presumably not in chimaera either. Regards, Adrian. signature.asc Description: This is a digitally signed message part. _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] chimaera install problem
On Tue, Sep 06, 2022 at 01:14:06PM +0100, Peter Duffy wrote: > Adrian and Olaf - thanks for the comments. > > This is definitely the expired key problem - so at the moment, chimaera > can't be installed via the netinstall image. Probably the same for > other devuan versions. > > Adrian - I tried changing the date as you suggested. That doesn't work > - I now get a message in the log saying: > > "http://deb.devuan.org/merged/dists/chimaera/InRelease is not valid > yet" > > I found that I could get the install to complete if I told it to ignore > the error, and the resulting system would boot. However, it's obviously > just the bare-bones base system from the netinstall image. > > Are the netinstall images going to be re-generated fairly soon? If not, > is it worth while thinking of a way of importing the new key into the > install process? The required hands-on to make use of the current installer ISOs includes the use of wget and dpkg at the point where the installation first breaks, though probably only via a C-A-F2 escape to a root shell while the installation (at C-A-F1) is blocked and waiting on the error report dialog. At that point you use wget to grab the devuan-keyring package http://deb.devuan.org/merged/pool/DEVUAN/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb and store that at /target, so you can follow up with manual installation into /target, by: # chroot /target /usr/bin/dpkg -i devuan-keyring_2022.09.04_all.deb Following that, you re-enter the installation at C-A-F1 and select "continue" so that it re-tries with the failing step using the the updated keyring. On the side of all that I should add that I also taken have the opportunity to polish the installer-iso project so that it easily builds ISOs for the old releases. Some trial builds of that are currently available for testing at https://ido.rrq.id.au/download Ralph. > > On Mon, 2022-09-05 at 16:49 +0100, Peter Duffy wrote: > > Sorry if this has been addressed before - I did look through the > > posts, > > but couldn't see anything relevant. Also sorry if I'm missing > > something > > obvious. > > > > I'm trying to install chimaera on a virtualbox VM, using the > > netinstall > > image (devuan_chimaera_4.0.0_amd64_netinstall.iso, dated Nov 18 2021) > > - > > I've done this many times before, without a problem. This time, when > > I > > get to "configure the packet manager", it comes back with "The > > installer failed to access the mirror". I used wireshark to check > > that > > it's talking to the network and the server - it appears to be doing > > so > > (accessing server at 95.216.15.86). > > > > I'm wondering if it could be another effect of the recent key expiry > > problem. > > > > > > > > ___ > > Dng mailing list > > Dng@lists.dyne.org > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] chimaera install problem
Hi Peter Good if your new system boots up afterwards! Go to a console and run as root tasksel --new-install and complete the installation like this. If you're missing other packages install them with apt, e.g. apt install openntpd ...to have time synchronisation. Regards, Adrian. In der Nachricht vom Tuesday, 6 September 2022 13:10:47 CEST steht: > Hi Adrian > > I tried changing the date as you suggested. That doesn't work - I now > get a message in the log saying that > "http://deb.devuan.org/merged/dists/chimaera/InRelease is not valid > yet" > > If I tell the install to ignore the error and continue, it completes > and the system boots successfully - but obviously that's only a very > basic system. > > I've been trying to install the new devuan-keyring package via one of > the console sessions during installation - but I think there are too > many missing and conflicting dependencies. > signature.asc Description: This is a digitally signed message part. _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] chimaera install problem
Adrian and Olaf - thanks for the comments. This is definitely the expired key problem - so at the moment, chimaera can't be installed via the netinstall image. Probably the same for other devuan versions. Adrian - I tried changing the date as you suggested. That doesn't work - I now get a message in the log saying: "http://deb.devuan.org/merged/dists/chimaera/InRelease is not valid yet" I found that I could get the install to complete if I told it to ignore the error, and the resulting system would boot. However, it's obviously just the bare-bones base system from the netinstall image. Are the netinstall images going to be re-generated fairly soon? If not, is it worth while thinking of a way of importing the new key into the install process? On Mon, 2022-09-05 at 16:49 +0100, Peter Duffy wrote: > Sorry if this has been addressed before - I did look through the > posts, > but couldn't see anything relevant. Also sorry if I'm missing > something > obvious. > > I'm trying to install chimaera on a virtualbox VM, using the > netinstall > image (devuan_chimaera_4.0.0_amd64_netinstall.iso, dated Nov 18 2021) > - > I've done this many times before, without a problem. This time, when > I > get to "configure the packet manager", it comes back with "The > installer failed to access the mirror". I used wireshark to check > that > it's talking to the network and the server - it appears to be doing > so > (accessing server at 95.216.15.86). > > I'm wondering if it could be another effect of the recent key expiry > problem. > > > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] chimaera install problem
Hi Peter, Peter Duffy writes: > Sorry if this has been addressed before - I did look through the posts, > but couldn't see anything relevant. Also sorry if I'm missing something > obvious. > > I'm trying to install chimaera on a virtualbox VM, using the netinstall > image (devuan_chimaera_4.0.0_amd64_netinstall.iso, dated Nov 18 2021) - > I've done this many times before, without a problem. This time, when I > get to "configure the packet manager", it comes back with "The > installer failed to access the mirror". I used wireshark to check that > it's talking to the network and the server - it appears to be doing so > (accessing server at 95.216.15.86). > > I'm wondering if it could be another effect of the recent key expiry > problem. I'd start a shell in the installer environment (or switch to a VT) and poke in the various logs to see more details. -- Olaf Meeuwissen _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
> Maybe related news, and some more reading: > > https://www.jwz.org/blog/2022/08/today-in-google-broke-email/ No, it is not related, he just needs to get SRS implemented. Regards, Adrian. signature.asc Description: This is a digitally signed message part. _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] chimaera install problem
Hi Peter This is because package verification fails, you can see this in the console log. Devuan has forgotten to renew its signing key on time, which is major fault. All install images need to be regenerated but it seems that hasn't been done. A workaround, not a nice one, is to set your clock to a date before the key was expired. Unfortunately you can't update the repository signing key in the installer env the way it was posted here. Change to a console with alt-F2, hit enter to activate it, and set the date using: date -s "2022-08-31" ...then try again to configure the package manager. Regards, Adrian. In der Nachricht vom Monday, 5 September 2022 17:49:23 CEST steht: > Sorry if this has been addressed before - I did look through the posts, > but couldn't see anything relevant. Also sorry if I'm missing something > obvious. > > I'm trying to install chimaera on a virtualbox VM, using the netinstall > image (devuan_chimaera_4.0.0_amd64_netinstall.iso, dated Nov 18 2021) - > I've done this many times before, without a problem. This time, when I > get to "configure the packet manager", it comes back with "The > installer failed to access the mirror". I used wireshark to check that > it's talking to the network and the server - it appears to be doing so > (accessing server at 95.216.15.86). > > I'm wondering if it could be another effect of the recent key expiry > problem. > > > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng -- -°) (_^/ Adrian Zaugg Zweierstrasse 56 CH-8004 Zürich 044 291 02 38 (This eMail gets best displayed using a monospace font.) # Retrieve my public GPG key: gpg --locate-external-keys a...@ente.limmat.ch signature.asc Description: This is a digitally signed message part. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Keith Smith presents on Model View Controller best practices
Hi all, The Wednesday, September 7, 2022 GoLUG online meeting will start at the SPECIAL TIME of 6pm Eastern Daylight Time rather than the usual time. It will be at https://meet.jit.si/golug. Full information is at http://golug.info . PHP expert Keith Smith will outline the way he does the MVC (Model View Controller) web application methodology. This is important because there are many contradictory definitions of MVC out there, many of which lead to difficult to maintain volleyball code and inconsistent coding. Among other things, Keith will outline the following: * Main Benefits of MVC. * Philosophy of MVC. * The meaning and function of the Model, the View and the Controller. * Are there one or several Models? Views? Controllers? Web based MVC documentation differs on this point. * Which code to put in the Model, which to put in the View, and which to put in the Controller. * Tips on how to keep track of your classes, objects and methods, in order to code quick with a minimum of debugging. * Pitfalls to be careful of while coding MVC. If you're unfamiliar with MVC, or if you've gotten a bad impression of MVC due to careless web documentation, or if you use MVC but just want to gain more ideas and techniques, or if you create web applications or if you want to start creating web applications, this presentation is for you. SteveT Steve Litt GoLUG Publicity Coordinator ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] chimaera install problem
Sorry if this has been addressed before - I did look through the posts, but couldn't see anything relevant. Also sorry if I'm missing something obvious. I'm trying to install chimaera on a virtualbox VM, using the netinstall image (devuan_chimaera_4.0.0_amd64_netinstall.iso, dated Nov 18 2021) - I've done this many times before, without a problem. This time, when I get to "configure the packet manager", it comes back with "The installer failed to access the mirror". I used wireshark to check that it's talking to the network and the server - it appears to be doing so (accessing server at 95.216.15.86). I'm wondering if it could be another effect of the recent key expiry problem. _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Configuring ethernet port for IPv6
On 1/30/22 14:01, o1bigtenor via Dng wrote: On Sun, Jan 30, 2022 at 8:14 AM Simon wrote: Joel Roth via Dng wrote: My problem is connecting via dhcp over ethernet. On IRC I was advised to try ping ff02::1%eth1 which fails to get a response, indicating IPv6 is not enabled in my client. I tried setting "iface eth1 inet6 dhcp" in /etc/network/interfaces, then "ifup eth1". This fails with no link-local IPv6 address for eth1 References suggest that "ifconfig eth1 up" or "ip link set dev eth1 up" will trigger the kernel to assign an IPv6 address. Since this is not happening, I'm asking the wisdom of the list VUAs how to enable IPv6 for this port. You don’t actually need DHCP to configure IPv6. snip As an aside, and not specifically in response to either of the above emails, I recommend the certification scheme run by HE at https://ipv6.he.net/certification/, and if your ISP doesn’t yet offer IPv6, then their tunnel service will provide you with good IPv6 connectivity. It’s true that there is some learning you need to do for IPv6, but this course will take you through things in steps - start with the basics and work up to the more complicated stuff. The only bit I thought was a p.i.t.a. is a stage where you have to provide ping and traceroute results to 100 different IPv6 destinations over 100 days. The hardest part if finding 100 different destinations - at the time I did it, I did some grepping of DNS server logs at work to find them ;-) Not only do I want to echo mr Joel but for mr Simon. This gives great information - - - all together AND in a fashion that I think I may even be understanding this. Please would you fashion perhaps 2 or three more messages for intermediate and maybe even extend this into more of the 'advanced' networking country. I am not needing ipv6 at present but likely this spring fiber optics are happening (finally some decent speed options) and they are in the process of moving to ipv6 likely within a year or so. I would prefer to know at least some more before I 'need' it. I think this is all great right up until you need a fixed address for something like a mail server or a web server. So far, I've found IPV6 to be unreliable. -- Curtis https://curtis.maurand.com ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
declassed art via Dng wrote: > I do have an unconfigured PTR for a couple of reasons, one of those is lack > of static IP for now. I figured out quite quickly that checking reverse DNS is a waste of time - too many systems, even those run by professional network/server engineers, are just badly configured. Gregory Nowak via Dng wrote: > I have toyed more than once with the question of what would happen if > a group of us running our own mail exchanges made the choice to > reject mail from gmail.com with a 550? If a few of us did it, we might > miss mail we maybe wanted to get. If a bunch of us did it, then a > bunch of gmail users would complain to google. My guess is google's > response would be "this is a free service; if it doesn't work for you, > then don't use it.” No, I’ll tell you what Google’s response will be : “Our system is working fine, the other system is broken”. Don’t forget that this is a company that is quite happy to simply change the rules on the basis that it’s big enough that the rest of the world will adapt. Look at the history of stuff they’ve “just changed” because it suits them. Sticking with email, they were one of the first to implement SPF fully knowing that it would break most mailing lists and mail forwarders around the world - and so most mailing lists around the world had to update software & change setups to suit Google’s* new set of “how email is to work” rules. I know, I had a customer facing mail server** and mailing list server. * OK, they weren’t the only ones, but they were one of the first. In the network world, Android devices don’t work on managed networks using DHCPv6 for address assignment. For idealogical reasons, they don’t support DHCPv6 and even actively block third party support (by pressuring chipset manufacturers to block the packets in the hardware). I could be flippant and suggest it’s because they see it as their job to snoop on people and using DHCP allows network admins to do that, but it’s mostly because they are interested only in mobile applications and refuse to consider the needs of any other environment (even where it’s a legal requirement). In the web world they are pushing for “SSL or it doesn’t exist” despite the fact that it does actually cost money** to add SSL and there are situations (such as supporting older hardware) where there is no SSL and never will be. And of course, there’s the shenanigans with QUIK and DoH ... So basically, Google’s attitude is that if some other system doesn’t work with their offering - then it’s the other system that’s broken. And they are big enough that they can get away with that, especially when they are able to tell users who complain that that’s the case. ** When SPF started getting applied, clients started seeing problems. Ideally we’d have them set up an account in their mail client to get mail from our server using IMAP, but many customers would refuse to do that - “I want my mail in my inbox”. Trying to explain why that’s not a good idea is an exercise in futility. So once their ISP is checking SFP, they no longer get any emails from sources setting SPF - and it’s our fault that the client insists on doing the broken way. Instead, they’d say it’s because out mail server is faulty - because that’s what their ISP (usually using an ISP mail account) told them and apparently the hell desks at the big ISPs are more honest that a small IT services company where they can be on first name terms with the staff. Simon ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Invalid signatures on testing
Thanks, it worked. Sorry for not noticing the solution passing through. Il 05/09/22 14:42, Antony Stone ha scritto: On Monday 05 September 2022 at 13:35:00, Antonio Rendina via Dng wrote: Hi, I get invalid signatures from testing version. Should I just wait that they get updated or is there something that I should do to update it? See https://lists.dyne.org/lurker/message/20220903.172703.1050aabb.en.html and https://lists.dyne.org/lurker/message/20220903.173401.2043605d.en.html Antony. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Invalid signatures on testing
On Monday 05 September 2022 at 13:35:00, Antonio Rendina via Dng wrote: > Hi, > I get invalid signatures from testing version. Should I just wait that > they get updated or is there something that I should do to update it? See https://lists.dyne.org/lurker/message/20220903.172703.1050aabb.en.html and https://lists.dyne.org/lurker/message/20220903.173401.2043605d.en.html Antony. -- "Linux is going to be part of the future. It's going to be like Unix was." - Peter Moore, Asia-Pacific general manager, Microsoft Please reply to the list; please *don't* CC me. _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Invalid signatures on testing
Hi, I get invalid signatures from testing version. Should I just wait that they get updated or is there something that I should do to update it? Here the error: $ sudo apt-get update Hit:1 https://packages.microsoft.com/repos/ms-teams stable InRelease Hit:2 http://download.virtualbox.org/virtualbox/debian bullseye InRelease Hit:3 https://download.docker.com/linux/debian bullseye InRelease Hit:4 https://apt.releases.hashicorp.com bullseye InRelease Get:5 http://deb.devuan.org/merged testing InRelease [33.4 kB] Err:5 http://deb.devuan.org/merged testing InRelease The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) Fetched 33.4 kB in 2s (20.9 kB/s) Reading package lists... Done W: http://download.virtualbox.org/virtualbox/debian/dists/bullseye/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details. W: https://apt.releases.hashicorp.com/dists/bullseye/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.devuan.org/merged testing InRelease: The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) W: Failed to fetch http://deb.devuan.org/merged/dists/testing/InRelease The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) W: Some index files failed to download. They have been ignored, or old ones used instead. Thanks --- Antonio ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Key is expired
Ludovic, thanks for that. Confirmed that the new key seems to work, and upgrade now in process. One point which I'm sure is obvious, but just thought I'd mention it: "dpkg " => "dpkg -i " On Sat, 2022-09-03 at 19:27 +0200, Ludovic Bellière via Dng wrote: > Hello list, > > In order to resolve the gpg key being outdated, the following steps > needs to be taken: > > wget > http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb > sudo dpkg devuan-keyring_2022.09.04_all.deb > sudo apt update > > Cheers, > Ludovic > > > On Sat, 03 Sep 2022, Elimar Riesebieter wrote: > > > > > Hi all, > > > > the signing key 'Devuan Repository (Amprolla3 on Nemesis)' is > > expired: > > > > W: GPG error: http://deb.devuan.org/merged stable InRelease: The > > following signatures were invalid: EXPKEYSIG BB23C00C61FC752C > > Devuan Repository (Amprolla3 on Nemesis) > > > > Elimar > > -- > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Not installing files to /boot Debian discussion
Hi! Not installing files to /boot https://lists.debian.org/debian-kernel/2022/09/msg00062.html I hope this will be rejected by Debian community. EFI has a partition already, why then use FAT filesystem for /boot is beyond me. Especially as EFI should be replaced by something sane anyway. Ciao, -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] IPv6 for dummies by a dummy (was: Configuring ethernet port for IPv6)
Following up from this old thread, over on an IETF list I’ve come across this resource for learning IPv6. https://afrinic.academy/ I’ve not looked at the content or quality - but the headings seem logical and it’s free. Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mixer for alsa
Hi, On 4/9/22 11:31, aitor wrote: On 3/9/22 19:14, aitor wrote: Today I did a mistake somewhere and the gui is not receiving sound event notifications. I'll fix this issue as soon as possible. On the other hand, I have tested it on other machines (on august I had only one computer to hand), and it's working only for the "hw:0" card, but I'll work on that too. I'll let you know... Done. I've fixed a segmentation fault as well, and now it's possible to pass the card number as an argument in the command line. For example, "amixer-gtk 1" would use "hw:1". Future releases will read the default card from /etc/asound.conf First packages will be available today, I hope. Now it's working very well for me. Packages are available at: https://www.gnuinos.org/amixer-gtk/ In order to launch the mixer with a concrete card "hw:N" run: $ amixer-gtk N By default, it'll assume "hw:0". Steve, you can build the alsa mixer from source downloading the tarball: https://www.gnuinos.org/amixer-gtk/amixer-gtk_0.1.tar.gz Hope you like it. Cheers, Aitor. _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [SPAM] Re: Key is expired
In der Nachricht vom Sunday, 4 September 2022 11:20:39 CEST steht: > Automatically updates require the key to be updated, but the package in > point that should provide the updated key is outdated as well. So, it's a > vicious circle that requires manual intervention via "dpkg -i", as Ludovic > has pointed out. I feared what you wrote, so it's a kind of second worst case scenario. We will have some Devuan installations not getting updates any longer (1411 unattended-upgrades installed according to popcon and not all of these are closely accompanied, I guess). At least Devuan should put a clearly visible warning on the front page of https://devuan.org/ linked to a helping page, if an automatic correction of the problem is impossible. But, if I look at the list of installed keys, I see: $ apt-key list [...] /etc/apt/trusted.gpg.d/devuan-keyring-2016-archive.gpg -- pub rsa2048 2014-12-02 [SC] 72E3 CB77 3315 DFA2 E464 743D 9453 2124 5419 22FB uid [ unknown] Devuan Repository (Primary Devuan signing key) sub rsa2048 2014-12-02 [E] sub rsa4096 2016-04-26 [S] [...] This key does not expire and it seems installed on beowulf and chimaera. Can we just also sign the index file and the devuan-keyring package with this key for a while? Would this help to get the new devuan-keyring package and thus to fix the issue automatically? Regards, Adrian. signature.asc Description: This is a digitally signed message part. ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mixer for alsa
Hi again, On 3/9/22 19:14, aitor wrote: Today I did a mistake somewhere and the gui is not receiving sound event notifications. I'll fix this issue as soon as possible. On the other hand, I have tested it on other machines (on august I had only one computer to hand), and it's working only for the "hw:0" card, but I'll work on that too. I'll let you know... Done. I've fixed a segmentation fault as well, and now it's possible to pass the card number as an argument in the command line. For example, "amixer-gtk 1" would use "hw:1". Future releases will read the default card from /etc/asound.conf First packages will be available today, I hope. Cheers, Aitor. ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Key is expired
Hi, On 4/9/22 11:20, aitor wrote: Hi Adrian, On 4/9/22 10:39, Adrian Zaugg wrote: Will the key update on existing systems be done automatically at some point or is Ludovic's described manual action required? Automatically updates require the key to be updated, but the package in point that should provide the updated key is outdated as well. So, it's a vicious circle that requires manual intervention via "dpkg -i", as Ludovic has pointed out. Cheers, Aitor. Sorry for the [SPAM] in the subject of my previous email._______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [SPAM] Re: Key is expired
Hi Adrian, On 4/9/22 10:39, Adrian Zaugg wrote: Will the key update on existing systems be done automatically at some point or is Ludovic's described manual action required? Automatically updates require the key to be updated, but the package in point that should provide the updated key is outdated as well. So, it's a vicious circle that requires manual intervention via "dpkg -i", as Ludovic has pointed out. Cheers, Aitor. _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Key is expired
In der Nachricht vom Saturday, 3 September 2022 19:27:03 CEST schrieb Ludovic Bellière via Dng: > In order to resolve the gpg key being outdated, the following steps needs to > be taken: [...] Will the key update on existing systems be done automatically at some point or is Ludovic's described manual action required? Regards, Adrian. BTW: ...please use https: as discussed on this list at 2020-03-19 onwards in the thread "Beowulf Beta is here!" to download the package: wget https://pkgmaster.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb signature.asc Description: This is a digitally signed message part. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Question re: screen blanking and shutoff
Hi, onefang writes: > For what it's worth I just discovered that xscreensaver now has > xscreensaver-systemd, and is running on my Chimaera desktop. "The > xscreensaver-systemd program is a helper program to integrate > xscreensaver with systemd(1)." > > I've been having problems with screen blanking / monitor power off > recently. Can we blame systemd now? > > S, I just want to be able to lock the screen manually, or have it > lock after a configurable time out. Once locked, the monitors should > be powered down after a short time out. No fancy OpenGL screen > savers, just blanking, locking, and monitor power off. So waving my > mouse around or hitting some random key should then bring up a > password prompt so I can unlock it. Is there something that can do > that which hasn't been infected with systemd? I'm using slock (from suckless-tools) on Xfce4 and i3. On Xfce4 it is executed via xflock4 (a shell script, attached, that also seems to handle turning off the display's backlight. On i3 I just run it from dmenu at the moment (still need to configure a keybinding). slock does not respond to the mouse, only the keyboard. There's no password dialog, you just start typing your password and the screen turns blue. On a bad password the screen goes red (after you hit return). In that case just start typing again. I don't think it supports configuring an auto-lock time, at least not with a recompile, but perhaps xss-lock can help with that. Haven't used it myself (yet?) though. See the manual page at https://bitbucket.org/raymonad/xss-lock/src/master/doc/xss-lock.1.rst.in for details. Hope this helps, -- Olaf Meeuwissen. #!/bin/sh # # xfce4 # # Copyright (C) 1999, 2003 Olivier Fourdan (four...@xfce.org) # Copyright (C) 2011 Guido Berhoerster (guido+xfce@berhoerster.name) # Copyright (C) 2011 Jarno Suni (8...@iki.fi) # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # First test for the command set in the session's xfconf channel LOCK_CMD=$(xfconf-query -c xfce4-session -p /general/LockCommand) # Lock by xscreensaver or gnome-screensaver, if a respective daemon is running for lock_cmd in \ "$LOCK_CMD" \ "xfce4-screensaver-command --lock" \ "xscreensaver-command -lock" \ "light-locker-command --lock" \ "gnome-screensaver-command --lock" \ "mate-screensaver-command --lock" do if [ ! -z "$lock_cmd" ]; then $lock_cmd >/dev/null 2>&1 && exit fi done # else run another access locking utility, if installed for lock_cmd in \ "xlock -mode blank" \ "slock" do set -- $lock_cmd if command -v -- $1 >/dev/null 2>&1; then $lock_cmd >/dev/null 2>&1 & # turn off display backlight: xset dpms force off exit fi done # else access locking failed exit 1 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Key is expired
A typo inserted itself in the previous message. I obviously meant for y'all to use 'dpkg -i package.deb' to install the newly acquired package. -- Cheers, Ludovic ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Key is expired
Hello list, In order to resolve the gpg key being outdated, the following steps needs to be taken: wget http://deb.devuan.org/devuan/pool/main/d/devuan-keyring/devuan-keyring_2022.09.04_all.deb sudo dpkg devuan-keyring_2022.09.04_all.deb sudo apt update Cheers, Ludovic On Sat, 03 Sep 2022, Elimar Riesebieter wrote: Hi all, the signing key 'Devuan Repository (Amprolla3 on Nemesis)' is expired: W: GPG error: http://deb.devuan.org/merged stable InRelease: The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) Elimar -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mixer for alsa
Hi again, Steve On 3/9/22 13:12, aitor wrote: Hi Steve, On 3/9/22 0:40, Steve Litt wrote: Any chance of my getting the source code to compile on my computer? Yes, I have it working in my Void Linux: https://www.gnuinos.org/gmixer/amixer-gtk.png You can download the tarball from here: https://www.gnuinos.org/gmixer/amixer-gtk.tar.xz Then, you need to remove pulseaudio and install the following dependencies: - make - base-devel (provides g++) - pkg-config - alsa-lib-devel - gtkmm2-devel - libsigc++dev - procps-ng-devel - wmctrl The last one is a runtime dependency required in order to send the application to the current desktop workspace via: $ wmctrl -i -r $(wmctrl -l | grep " amixer-gtk$" | cut -d ' ' -f 1) \ -t $(xprop -root -notype _NET_CURRENT_DESKTOP | cut -d ' ' -f 3) Once you've installed all the packages, use the make commands: make, make clean, make cleanall, make install, make uninstall Amixer-gtk is a very recent project and there might be some possible bugs. If so, please let me know. Thanks for your interest in the project! Today I did a mistake somewhere and the gui is not receiving sound event notifications. I'll fix this issue as soon as possible. On the other hand, I have tested it on other machines (on august I had only one computer to hand), and it's working only for the "hw:0" card, but I'll work on that too. I'll let you know... Cheers, Aitor. _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Key is expired
On 2022-09-03 15:41:59, Elimar Riesebieter wrote: > > Hi all, > > the signing key 'Devuan Repository (Amprolla3 on Nemesis)' is > expired: > > W: GPG error: http://deb.devuan.org/merged stable InRelease: The following > signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository > (Amprolla3 on Nemesis) Yes, we know, already reported on this mailing list. We are fixing it now. -- A big old stinking pile of genius that no one wants coz there are too many silver coated monkeys in the world. ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Key is expired
Hi all, the signing key 'Devuan Repository (Amprolla3 on Nemesis)' is expired: W: GPG error: http://deb.devuan.org/merged stable InRelease: The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) Elimar -- On the keyboard of life you have always to keep a finger at the escape key;-) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Key errors at repository (Amprolla3 on Nemesis)
On 2022-09-03 13:18:25, John Hallam wrote: > I am seeing errors like that below from apt since yesterday > evening. > > Err:4 http://deb.devuan.org/merged beowulf InRelease > The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C > Devuan Repository (Amprolla3 on Nemesis) > > Have the repository signing keys changed? > > Suggestions gratefully received for fixing this. We are working on fixing that, so my suggestion is to wait until we have, and then wait until the fix propagates to the package mirrors. -- A big old stinking pile of genius that no one wants coz there are too many silver coated monkeys in the world. ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Question re: screen blanking and shutoff
On Sat, Sep 3, 2022 at 6:26 AM onefang wrote: > > For what it's worth I just discovered that xscreensaver now has > xscreensaver-systemd, and is running on my Chimaera desktop. "The > xscreensaver-systemd program is a helper program to integrate > xscreensaver with systemd(1)." > I dunno if this will help mr onefang but here is a present day report. I have found that there is a large difference in screensaver operation depending upon the browsers being used. There are 'only' some 7 - - - or is that 8 different browsers available for use in my system. Four of which I use most all the time. Perhaps my use of system resources also adds to the issue so will also describe this. I have some 5 monitors (4 - 1920x1080s and 1 4k) running from a Ryzen 570X. I have a plethora of desktops (well over 25!!!). Firefox allows me to use browser windows on more than one desktop and only occasionally causes issues (usually when there is a version update but that's a different peeve). The other three all use a Chrome (maybe a Chromium but their literature says Chrome) backend with their 'stuff' as a frontend. For these three the windows are only used one 1 () desktop as a reboot does NOT place the windows on the previous desktops used. These three browser are Opera, Brave and Vivaldi. Opera is the most pita out of the three in that it likes blocking the use of a screensaver (will not allow a screen shut off just goes to the pretty blips part of the screen saver). When I first reported this behavior the suggestion was given to just use a 'kill' on the browsers, followed by a restart on each, to get the screensaver system operational. Well for the last about month I just kill Opera and restart it and my screensaver system is back. IMHO the programming to requires this kind of usage - - - well its most definitely NOT good. I do have a relatively easy work around (as outlined in this email) but it sure would be nice if it were fixed. I'm guessing that it never will be fixed as that would require putting some limits on Javascript - - - and why would anyone want that - - - - - right. Thank you to monsieur Ludovic Bellière and this community for their assistance. Keep on keeping on! ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Question re: screen blanking and shutoff
For what it's worth I just discovered that xscreensaver now has xscreensaver-systemd, and is running on my Chimaera desktop. "The xscreensaver-systemd program is a helper program to integrate xscreensaver with systemd(1)." I've been having problems with screen blanking / monitor power off recently. Can we blame systemd now? S, I just want to be able to lock the screen manually, or have it lock after a configurable time out. Once locked, the monitors should be powered down after a short time out. No fancy OpenGL screen savers, just blanking, locking, and monitor power off. So waving my mouse around or hitting some random key should then bring up a password prompt so I can unlock it. Is there something that can do that which hasn't been infected with systemd? I can probbably accept movie viewers being able to disable the blanking / locking after a lengthy inactivity. But right now if I have run certain games, I get crap like the monitor keeps powering on and off every few minutes. The cancer, it spreads! -- A big old stinking pile of genius that no one wants coz there are too many silver coated monkeys in the world. _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Key errors at repository (Amprolla3 on Nemesis)
I am seeing errors like that below from apt since yesterday evening. Err:4 http://deb.devuan.org/merged beowulf InRelease The following signatures were invalid: EXPKEYSIG BB23C00C61FC752C Devuan Repository (Amprolla3 on Nemesis) Have the repository signing keys changed? Suggestions gratefully received for fixing this. Best wishes, John ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mixer for alsa
Hi Steve, On 3/9/22 0:40, Steve Litt wrote: Any chance of my getting the source code to compile on my computer? Yes, I have it working in my Void Linux: https://www.gnuinos.org/gmixer/amixer-gtk.png You can download the tarball from here: https://www.gnuinos.org/gmixer/amixer-gtk.tar.xz Then, you need to remove pulseaudio and install the following dependencies: - make - base-devel (provides g++) - pkg-config - alsa-lib-devel - gtkmm2-devel - libsigc++dev - procps-ng-devel - wmctrl The last one is a runtime dependency required in order to send the application to the current desktop workspace via: $ wmctrl -i -r $(wmctrl -l | grep " amixer-gtk$" | cut -d ' ' -f 1) \ -t $(xprop -root -notype _NET_CURRENT_DESKTOP | cut -d ' ' -f 3) Once you've installed all the packages, use the make commands: make, make clean, make cleanall, make install, make uninstall Amixer-gtk is a very recent project and there might be some possible bugs. If so, please let me know. Thanks for your interest in the project! Cheers, Aitor. _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Fri 02/Sep/2022 22:09:27 +0200 marc wrote: But look here: This is the sending host for the DNG mailing list: Received: from mail.dyne.org (ns3218761.ip-162-19-139.eu [162.19.139.95]) I think OVH allows classless delegation or at least setting PTRs for fixed IPs. I'd guess it's laziness the reason why it isn't set. The list has no DKIM signature, which is another sign of it. However, they have a good SPF record. Aha - now that you mention it: $ dig +nocmd +short dyne.org txt "google-site-verification=6FghqJroXIvBY8cutq6ouO0RC-a8qynFu6sJR3S-IbA" "v=spf1 mx ip4:162.19.139.95/32 ip4:195.169.149.119/32 ip4:213.127.207.66/32 ip4:141.95.83.167/32 ip4:141.95.47.84/32 -all" "google-site-verification=xUtkCygX3roBSYAEh01x4JWAYzvUarh3igtFGUu99v8" "google-site-verification=Jl4hhjC5wPXP1owryns13qpeuEksWw_m-8lWNL_Kleg" "google-site-verification=2XoWrMMTQ7jmgcB_76Y_TQSnWDGhR4e-y_KLqoKOK1Q" Maybe it is not the spf line that makes a difference here but the other gunk. I worry that takes us ever closer to changing the E in email to a G. No, those records seem to be for the web, not for email. Maybe related news, and some more reading: https://www.jwz.org/blog/2022/08/today-in-google-broke-email/ The reason why Google breaks email is not their getting stricter. That blog surprised me when it says that a company cannot afford disk space to hold email for its employees! Best Ale -- _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mixer for alsa
On Fri, 2022-09-02 at 21:50 +0200, aitor wrote: > Hi, > > On 24/8/22 3:35, Steve Litt wrote: > > > > I'll call it Gmixer for sure. > > Better publicize the hell out of the fact it has no connection with Gnome. > > The project is already finished, and finally I've decided to call it > amixer-gtk, > because most of the code in the backend is taken from amixer.c, by Jaroslav > Kysela: > > https://github.com/alsa-project/alsa-utils/tree/master/amixer > > Software .deb packages will be available this weekend. Any chance of my getting the source code to compile on my computer? SteveT _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Hello > >But look here: This is the sending host for the DNG mailing list: > > > > Received: from mail.dyne.org (ns3218761.ip-162-19-139.eu [162.19.139.95]) > > > I think OVH allows classless delegation or at least setting PTRs for fixed > IPs. I'd guess it's laziness the reason why it isn't set. The list has no > DKIM signature, which is another sign of it. However, they have a good SPF > record. Aha - now that you mention it: $ dig +nocmd +short dyne.org txt "google-site-verification=6FghqJroXIvBY8cutq6ouO0RC-a8qynFu6sJR3S-IbA" "v=spf1 mx ip4:162.19.139.95/32 ip4:195.169.149.119/32 ip4:213.127.207.66/32 ip4:141.95.83.167/32 ip4:141.95.47.84/32 -all" "google-site-verification=xUtkCygX3roBSYAEh01x4JWAYzvUarh3igtFGUu99v8" "google-site-verification=Jl4hhjC5wPXP1owryns13qpeuEksWw_m-8lWNL_Kleg" "google-site-verification=2XoWrMMTQ7jmgcB_76Y_TQSnWDGhR4e-y_KLqoKOK1Q" Maybe it is not the spf line that makes a difference here but the other gunk. I worry that takes us ever closer to changing the E in email to a G. Maybe related news, and some more reading: https://www.jwz.org/blog/2022/08/today-in-google-broke-email/ regards marc ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Mixer for alsa
Hi, On 24/8/22 3:35, Steve Litt wrote: I'll call it Gmixer for sure. Better publicize the hell out of the fact it has no connection with Gnome. The project is already finished, and finally I've decided to call it amixer-gtk, because most of the code in the backend is taken from amixer.c, by Jaroslav Kysela: https://github.com/alsa-project/alsa-utils/tree/master/amixer Software .deb packages will be available this weekend. Cheers, Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Thu 01/Sep/2022 23:22:13 +0200 marc wrote: It's imperative that you have rdns, spf, dkim and dmarc set up and that it all matches. My MTA will reject you if your ptr doesn't match your a record and your helo/ehlo hostname. spf, dkim and dmarc are all scored via spamassassin. Google rejects, outright, if there is any sort of mismatch in any of that at all. Setting up dnssec for your domain is also helpful. DNG list traffic comes through just fine. But look here: This is the sending host for the DNG mailing list: Received: from mail.dyne.org (ns3218761.ip-162-19-139.eu [162.19.139.95]) I think OVH allows classless delegation or at least setting PTRs for fixed IPs. I'd guess it's laziness the reason why it isn't set. The list has no DKIM signature, which is another sign of it. However, they have a good SPF record. As you can see that reverse IP doesn't match what the SMTP server connects as. So I am actually not quite sure if your MX is as strict as you claim it to be ? Or am I missing something ? Do you have a different Received header - it should be one of the first lines of every message ? And your server isn't alone in being not quite as strict as claimed: Curtis said his MTA weights authentication along with a bunch of other factors to get a message score. That's fuzzy, but sometimes works. Despite the received wisdom that one had to have SPF+DKIM+DMARC+YOLO+SPQR+WTF :) set up to send mail to the dominant email servers, this wasn't actually true: At least until last week I managed to get mail accepted reliably by google despite having only a proper MX and reverse DNS entry - nothing else, not even SPF. And given that real people answered to those mails, most of them did not end up in their spam folders either. But this seems to have changed recently... hence this thread. Reverse DNS was already in use by some MTAs (and FTP servers) when I started to connect to the Internet. SPF came short afterwards, in the early 2000. My first DKIM filter appeared in 2010. DMARC still has no "standard" spec. It is coming very slowly, not only for inertia and indolence of mail operators, but also. The original anti-spam recipe, to block key words or phrases in the message body, is faulty. Against phishing, it's definitely disastrous. The point of domain-based authentication is to allow domains to earn a reputation, so that good actors can be trusted and messages accepted or rejected on a solid basis. The alternative for Internet mail is to go Bananas[*], methinks. Best Ale -- [*] https://en.wikipedia.org/wiki/Bananas_(film) _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On 01-09-2022 23:46, marc wrote: Hello I use gmail, and seem to be getting email from this list. I wonder if it is because I have it skip the inbox, and go straight into a different label. I think you are on to something: It could well be that there has been a shift to using how the recipients organise their gmail (do you sort it into a high value folder, do you reply to it, do you star it, etc, etc) as a factor in the decision to reject email at the SMTP transaction. That might explain why a small subset of gmail users still get to see the DNG messages ... if the heuristics are local to a user. Which seems reasonable, otherwise a spammer could sign up and superlike the their own spam, guaranteeing delivery for others too... Though I am not sure I should expend the energy to run some tomography on these interactions, in order to discover the heuristics that google actually uses - with apologies to the hitch-hikers guide to the galaxy: As soon as we have an explanation, the system will be replaced by an even more complex set of rules. What it does seem to mean is that gmail users are likely missing some legitimate messages completely - without even a trace in their spam folders. I suppose that is just another instance of the Availability vs Integrity vs Confidentiality Tradeoff that underlies most of Computer Security... though I for one like to make that call myself rather than having some AI try infer that from my mail reading behaviour. regards marc Not for to use this list but i do have a gmail account as spamcatcher for a publicly visible mail address. I never use the web interface though but use Thunderbird to handle that account. So i do not see fancy lines or high value folders or am using stars. So far Google does handle spam correctly and I do not have to search that often in the spam folder. I recommend this for all gmail users. I do run my own MTA (three of them actually) and noticed a rejection by gmail the moment I got IPv6 and forgot to set reverse DNS for it. So rDNS is a thing for gettingaccepted by gmail. Grtz. Nick ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On 2022-08-31 10:04, Curtis Maurand wrote: I’ve been running my own MTA for 15+ years. occasionally I get bounced. recently was bounced by sbcglobal (AT) who doesn’t respond to removal requests. It’s definitely a PITA. However, in all fairness, I was sending to a large group (25 or so)and that might have done it. It’s imperative that you have rdns, spf, dkim and dmarc set up and that it all matches. My MTA will reject you if your ptr doesn’t match your a record and your helo/ehlo hostname. spf, skim and dmarc are all scored via spamassassin. Google rejects, outright, if there is any sort of mismatch in any of that at all. Setting up dnssec for your domain is also helpful. DNG list traffic comes through just fine. Cheers —Curtis I have also run afoul of sbcglobal (AT) for no apparent reason recently and also several other times over the years and yes, there seems to be no recourse to resolve it. A bit heavy handed but not unexpected from a corporate behemoth like ATT. golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Hello > I use gmail, and seem to be getting email from this list. I wonder if it > is because I have it skip the inbox, and go straight into a different > label. I think you are on to something: It could well be that there has been a shift to using how the recipients organise their gmail (do you sort it into a high value folder, do you reply to it, do you star it, etc, etc) as a factor in the decision to reject email at the SMTP transaction. That might explain why a small subset of gmail users still get to see the DNG messages ... if the heuristics are local to a user. Which seems reasonable, otherwise a spammer could sign up and superlike the their own spam, guaranteeing delivery for others too... Though I am not sure I should expend the energy to run some tomography on these interactions, in order to discover the heuristics that google actually uses - with apologies to the hitch-hikers guide to the galaxy: As soon as we have an explanation, the system will be replaced by an even more complex set of rules. What it does seem to mean is that gmail users are likely missing some legitimate messages completely - without even a trace in their spam folders. I suppose that is just another instance of the Availability vs Integrity vs Confidentiality Tradeoff that underlies most of Computer Security... though I for one like to make that call myself rather than having some AI try infer that from my mail reading behaviour. regards marc _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
Hello > It???s imperative that you have rdns, spf, dkim and dmarc set up and that it > all matches. > > My MTA will reject you if your ptr doesn???t match your a record and your > helo/ehlo hostname. spf, skim and dmarc are all scored via spamassassin. > Google rejects, outright, if there is any sort of mismatch in any of that at > all. Setting up dnssec for your domain is also helpful. > > DNG list traffic comes through just fine. But look here: This is the sending host for the DNG mailing list: Received: from mail.dyne.org (ns3218761.ip-162-19-139.eu [162.19.139.95]) As you can see that reverse IP doesn't match what the SMTP server connects as. So I am actually not quite sure if your MX is as strict as you claim it to be ? Or am I missing something ? Do you have a different Received header - it should be one of the first lines of every message ? And your server isn't alone in being not quite as strict as claimed: Despite the received wisdom that one had to have SPF+DKIM+DMARC+YOLO+SPQR+WTF :) set up to send mail to the dominant email servers, this wasn't actually true: At least until last week I managed to get mail accepted reliably by google despite having only a proper MX and reverse DNS entry - nothing else, not even SPF. And given that real people answered to those mails, most of them did not end up in their spam folders either. But this seems to have changed recently... hence this thread. regards marc ___________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Thu 01/Sep/2022 18:33:48 +0200 Hendrik Boom wrote: On Thu, Sep 01, 2022 at 11:30:43AM +1000, onefang wrote: The problem with PTRs is that I run several domains from the one IP address, and PTR can only point to one of those. It costs money to get more IPs, my pension is barely coping with the recent cost of living increases. That is what MX records are for. It's straightforward to set up mail.example.com with its PTR having a single name that matches. Then, for all the other domains set the MX to it. For example: whatever.domain IN MX 2 mail.example.com. the HELO (or EHLO) command also uses mail.example.com. Nobody will notice any difference unless the analyze the message header. From: uses the virtual domain . DKIM signatures with d=whatever.domain. SPF records at whatever.domain have the address of mail.example.com. DMARC record for whatever.domain has rua=reports@whatever.domain. If IP's are expensive, would it help to switch to IPv6? Not all MXes have IPv6 address. You need an IPv4 to send to an IPv4-only MX. Google is said to be more severe with mail coming from IPv6 addresses. HTH Ale -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] meta: list
On Thu, Sep 01, 2022 at 11:30:43AM +1000, onefang wrote: > > The problem with PTRs is that I run several domains from the one IP > address, and PTR can only point to one of those. It costs money to get > more IPs, my pension is barely coping with the recent cost of living > increases. If IP's are expensive, would it help to switch to IPv6? -- hendrik kk _______ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng