[DNG] How stable is the devuan migration?

Greetings, I have a VPS running whezzy (7.8) which was a little behind updates before systemd hit the fan. It's used as a LAMP stack and i'm wondering how easy would it be to upgrade it to devuan. I had a debian vm laying around and remember i did just that and IIRC it wasn't a big deal. Does

Re: [DNG] Beware

On Tue, 19 Jan 2016 20:46:00 +, Rainer wrote in message <87d1sxguwn@doppelsaurus.mobileactivedefense.com>: > k...@aspodata.se writes: > > Arnt Gulbrandsen: > >> By now, the concept of unprivileged local users is a little > >> obsolete anyway. > > > > Yes, unless you let your kids or some

Re: [DNG] lilo development has ended

On Tue, 19 Jan 2016 14:44:59 - "dev1fanboy" wrote: > https://lilo.alioth.debian.org/ > > The author has updated their site to say: > > "NOTE: I will finish development of LILO at December 2015 because of > some limitations (e.g. with BTFS, GPT, RAID). If someone

Re: [DNG] Beware

Arnt Karlsen: > On Tue, 19 Jan 2016 20:46:00 +, Rainer wrote in message > <87d1sxguwn@doppelsaurus.mobileactivedefense.com>: > > > k...@aspodata.se writes: > > > Arnt Gulbrandsen: > > >> By now, the concept of unprivileged local users is a little > > >> obsolete anyway. > > > > > > Yes,

Re: [DNG] Beware

Rainer Weikusat writes: > shraptor writes: >> On 2016-01-19 19:07, Rainer Weikusat wrote: >>> In this particular case, an unprivileged local user could gain root >>> access by running a program which does billions of syscalls as fast as >>> it

Re: [DNG] Beware

k...@aspodata.se writes: > Arnt Gulbrandsen: >> By now, the concept of unprivileged local users is a little obsolete >> anyway. > > Yes, unless you let your kids or some guests use your computer. How many of your "kids and guests" even know what a kernel is, let alone how to exploit a bug in

Re: [DNG] Beware

On Tue, 19 Jan 2016 21:55:12 +0100, shraptor wrote in message <0f6f017d5d303a92526f829661e84...@epost.bahnhof.se>: > On 2016-01-19 19:07, Rainer Weikusat wrote: > > In this particular case, an unprivileged local user could gain root > > access by running a program which does billions of syscalls

Re: [DNG] Beware

shraptor writes: > On 2016-01-19 19:07, Rainer Weikusat wrote: >> In this particular case, an unprivileged local user could gain root >> access by running a program which does billions of syscalls as fast as >> it can for ca 30 minutes (according the 'real' article). > > I

[DNG] OpenBSD doas - was Re: Beware

Has anybody had a good look at the new OpenBSD 'doas' replacement for sudo? I hope doas will be as easy to set up as they claim, sudo can be a bit of a pain to setup exactly how you want it. DaveT On 19/01/16 21:58, Stephanie Daugherty wrote: On Tue, Jan 19, 2016 at 4:12 PM, Arnt Karlsen

Re: [DNG] lilo development has ended

the plethora of numbered config files is a consequence of debian policy (config files have to be owned by exactly one package, and that's the only package which can automatically touch them) rather, than any design of grub2 itself. Split configs is the way that Debian works around this policy

Re: [DNG] lilo development has ended

I use lilo on assorted tired old bits of kit. The fact it can't cope with GPT and what have you isn't a problem. I will be using lilo on old kit until they fall over. Grub1 was getting a bit tired. I can understand why they felt grub2 was needed. I was running debian unstable during the

Re: [DNG] Beware

On Tue, Jan 19, 2016 at 4:12 PM, Arnt Karlsen wrote: > ..why did Debian kill ssh into localhost? > Is su or sudo safer than ssh nowadays? > Because the architecture of Linux gurantees that root has a fixed account name, fixed UID, and, if in a server environment, will be

Re: [DNG] Beware

On 2016-01-19 19:07, Rainer Weikusat wrote: In this particular case, an unprivileged local user could gain root access by running a program which does billions of syscalls as fast as it can for ca 30 minutes (according the 'real' article). I tested the program in the 'real' article but it

Re: [DNG] Beware

On Tue, Jan 19, 2016 at 06:07:28PM +, Rainer Weikusat wrote: "Linux kernel bug fixed" would be more appropriate. Is this why I have never heard of any "antivirus" software for linux? (Apart from clamav a while back...) The users are capable of fixing the vulnerabilities themselves, so a

Re: [DNG] Beware

Adam Borowski writes: > On Tue, Jan 19, 2016 at 04:09:10PM +, Rainer Weikusat wrote: >> Steve Litt writes: >> > Beware: >> > >> >

Re: [DNG] Beware

By now, the concept of unprivileged local users is a little obsolete anyway. Today, hosts generally serve only one unix user, there generally is only one local user of one host, and that local user is the user that owns everything valuable. So is the a real point to local-user-to-root

Re: [DNG] Beware

Arnt Gulbrandsen: > By now, the concept of unprivileged local users is a little obsolete > anyway. Yes, unless you let your kids or some guests use your computer. > Today, hosts generally serve only one unix user, there > generally is only one local user of one host, and that local user is >

Re: [DNG] lilo development has ended

Hi All, On this machine I am using right now on which I developed netman, I have grub2 installed. Since I never agreed with how grub2 should be managed, I opted to use a manual method to update grub.cfg. This machine has about 9 Debian/Devuan installations installed to separate partitions on a

Re: [DNG] Beware

shraptor writes: > On 2016-01-19 16:58, Steve Litt wrote: >> Beware: >> >> http://www.networkworld.com/article/3023447/security/linux-zero-day-affects-most-androids-millions-of-linux-pcs.html > > Would this type of misbehavior be mitigated by kernel ASLR? No. It could be

Re: [DNG] How stable is the devuan migration?

Le 19/01/2016 14:06, Micky Del Favero a écrit : On workstations I cannot do it because removing dbus remove also inkskape That's an example of crazy contamination. Why the f. does inkscape need dbus interaction? Didier ___ Dng mailing

Re: [DNG] lilo development has ended

On Tue, 19 Jan 2016 07:26:57 -1000 Joel Roth wrote: > Steve Litt wrote: > > On Tue, 19 Jan 2016 17:20:10 +0100 > > Adam Borowski wrote: > > > > > On Tue, Jan 19, 2016 at 11:02:17AM -0500, Steve Litt wrote: > > > > Grub is the systemd of bootloaders.

Re: [DNG] Startup delays (Was: The perversion continues)

If I boot the modem and the laptop at the same time, I always get a 30s wait. If the modem up and running, there's no delay in booting. On Wed, Jan 20, 2016 at 11:49 AM, aitor_czr wrote: > On 01/19/2016 01:00 PM, KatolaZ >

Re: [DNG] Startup delays (Was: The perversion continues)

On 01/19/2016 01:00 PM, KatolaZ wrote: On Tue, Jan 19, 2016 at 07:37:21AM +1100, Ozi Traveller wrote: >I have created iso using live-build for Debian wheezy and jessie as well as >Devuan Jessie. Apart from systemd and slight version differences they are >the same. Debian

Re: [DNG] lilo development has ended

On Wed, 20 Jan 2016 00:04:25 +0100 richard lucassen wrote: > On Tue, 19 Jan 2016 14:44:59 - > "dev1fanboy" wrote: > > So I assume lilo has stopped development altogether from the last > > release, and we can look forward to only having

Re: [DNG] How stable is the devuan migration?

On 19/01/16 12:59, Nuno Magalhães wrote: Greetings, I have a VPS running whezzy (7.8) which was a little behind updates before systemd hit the fan. It's used as a LAMP stack and i'm wondering how easy would it be to upgrade it to devuan. I had a debian vm laying around and remember i did just

[DNG] lilo development has ended

Hi everyone. It's been a long time since I posted here, but don't worry, I haven't gone over to the Dark Side (ie Systemd). I've just been quietly waiting for Devuan-beta, and in the meantime have tried to keep out of the way of the Devuan developers rather than waste their time with my ignorant

[DNG] Input Method Framework

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi dear list, Thanks again for all the work u did on Dev1 and tell me if I can help in anyway. I followed devuanfanboy howto, removed dbus and installed fluxbox（was under xfce b4） Thing is Im using Japanese a lot and need anthy or similar. I

Re: [DNG] Input Method Framework

Hi メット, I haven't yet found the time to actually upgrade my Debian systems to Devuan. I didn even consider, that there are pitfalls around the input method support, thanks for the info, it is good to be able to consider these things in advance (I use japanese input myself). My usual workaround

Re: [DNG] lilo development has ended

On Tue, Jan 19, 2016 at 03:25:13PM +, Nuno Magalhães wrote: > On Tue, Jan 19, 2016 at 2:44 PM, dev1fanboy > wrote: > > So I assume lilo has stopped development altogether from the last release, > > and we can look forward to only having the more complex grub2.

Re: [DNG] How stable is the devuan migration?

I did an upgrade of wheezy to devuan jessie last week, and it was uneventful. It seemed easier than any major upgrades of debian that I've done in the past. Boring description is here - https://lists.dyne.org/lurker/message/20160114.194903.4e35c189.en.html fsr On 01/19/2016 06:59 AM, Nuno

Re: [DNG] How stable is the devuan migration?

Nuno Magalhães writes: > I had a debian vm laying around and remember i did just that and IIRC > it wasn't a big deal. Does anyone have fresh/recent input/tips? not too much recent, I did last upgrade at the end of november 2015, the first one was back in may 2015,

Re: [DNG] How stable is the devuan migration?

quick and easy, no reboot involved for wheezy as systemd isn't pid1 there. On Tuesday, January 19, 2016 11:59 AM, Nuno Magalhães wrote: > Greetings, > > I have a VPS running whezzy (7.8) which was a little behind updates > before systemd hit the fan. It's used as a

Re: [DNG] lilo development has ended

On Tue, Jan 19, 2016 at 2:44 PM, dev1fanboy wrote: > So I assume lilo has stopped development altogether from the last release, > and we can look forward to only having the more complex grub2. Slackware uses lilo by default, maybe someone there will tend to it. Or

[DNG] lilo development has ended

https://lilo.alioth.debian.org/ The author has updated their site to say: "NOTE: I will finish development of LILO at December 2015 because of some limitations (e.g. with BTFS, GPT, RAID). If someone want to develop this nice software further, please let me know ..." So I assume lilo has

Re: [DNG] lilo development has ended

On Tue, 19 Jan 2016 14:44:59 - "dev1fanboy" wrote: > https://lilo.alioth.debian.org/ > > The author has updated their site to say: > > "NOTE: I will finish development of LILO at December 2015 because of > some limitations (e.g. with BTFS, GPT, RAID). If someone

Re: [DNG] lilo development has ended

On Tue, 19 Jan 2016 15:48:40 - "dev1fanboy" wrote: > Hopefully something will happen with it, personally I'd use grub but > it does some fancy stuff I'm not a fan of. Grub is the systemd of bootloaders. It's all about pretty colors, nice images, and hiding the

Re: [DNG] Beware

On Tue, Jan 19, 2016 at 04:09:10PM +, Rainer Weikusat wrote: > Steve Litt writes: > > Beware: > > > > http://www.networkworld.com/article/3023447/security/linux-zero-day-affects-most-androids-millions-of-linux-pcs.html > > Just another local privilege escalation.

Re: [DNG] Beware

Steve Litt writes: > Beware: > > http://www.networkworld.com/article/3023447/security/linux-zero-day-affects-most-androids-millions-of-linux-pcs.html Just another local privilege escalation. May enable users to gain control of their own Android devices (imminent end of

Re: [DNG] Beware

Does that actually mean that we should migrate to newer kernels as soon as the hole gets fixed? I reckon, even though there are plenty of machines that run older than 3.8 (2.6.32 notably) this affects pretty much everyone, at least here. Well, applying patches is not something time-consuming,

[DNG] Beware

Beware: http://www.networkworld.com/article/3023447/security/linux-zero-day-affects-most-androids-millions-of-linux-pcs.html SteveT Steve Litt January 2016 featured book: Twenty Eight Tales of Troubleshooting http://www.troubleshooters.com/28 ___

Re: [DNG] lilo development has ended

Hopefully something will happen with it, personally I'd use grub but it does some fancy stuff I'm not a fan of. On Tuesday, January 19, 2016 3:25 PM, Nuno Magalhães wrote: > On Tue, Jan 19, 2016 at 2:44 PM, dev1fanboy > wrote: >> So I

Re: [DNG] lilo development has ended

On Tue, Jan 19, 2016 at 11:02:17AM -0500, Steve Litt wrote: > Grub is the systemd of bootloaders. It's all about pretty colors, nice > images, and hiding the fact that processes are being instantiated. Grub is complex, but that's caused by what it tries to do (read the kernel image from real

Re: [DNG] lilo development has ended

On Tue, 19 Jan 2016 17:20:10 +0100 Adam Borowski wrote: > On Tue, Jan 19, 2016 at 11:02:17AM -0500, Steve Litt wrote: > > Grub is the systemd of bootloaders. It's all about pretty colors, > > nice images, and hiding the fact that processes are being > > instantiated. > >

Re: [DNG] Beware

On 2016-01-19 16:58, Steve Litt wrote: Beware: http://www.networkworld.com/article/3023447/security/linux-zero-day-affects-most-androids-millions-of-linux-pcs.html Would this type of misbehavior be mitigated by kernel ASLR? ___ Dng mailing list

Re: [DNG] lilo development has ended

Steve Litt wrote: > On Tue, 19 Jan 2016 17:20:10 +0100 > Adam Borowski wrote: > > > On Tue, Jan 19, 2016 at 11:02:17AM -0500, Steve Litt wrote: > > > Grub is the systemd of bootloaders. It's all about pretty colors, > > > nice images, and hiding the fact that processes are