subject:"Open Source \?\?\?"

Michel Verdier a écrit :
> Est-ce que tu utilise la version 1 ou la version 2 ?

Version 2 sur les machines faisant tourner une Bookworm, version 1 sur
celle faisant encore tourner une Bullseye.

> Tu expliques bien les intérêts pour la sauvegarde, mais comment se
> passe une restauration ?

Très bien. :)

Il est possible d'extraire l'ensemble d'une archive ou seulement un
répertoire, voire un fichier. J'ai eu plusieurs fois l'occasion de
récupérer un répertoire ou un fichier effacé ou altéré par erreur. La
dernière fois que j'ai migré de serveur, je me suis dit que c'était le
moment de vérifier si mes scripts sauvegardaient tout ce dont j'avais
besoin. Du coup, au lieu de récupérer les données et fichiers de
configuration sur l'ancien serveur, je les ai récupérés depuis une
sauvegarde et tout s'est déroulé sans accroc.

> Il y a une interface/commande pour lister ce qui est disponible ?

Si ce n'était pas le cas, ce ne serait pas un outil digne de ce nom. ;)

https://borgbackup.readthedocs.io/en/stable/usage/list.html

> Et je suppose qu'il y a un index des blocs sauvegardés ?

Oui, dans le répertoire /root/.cache/borg/, c'est ce qui le rend
efficace. Mais je n'ai jamais eu à m'en soucier. Comme pour tout système
de sauvegarde, ce qui est vital de stocker ailleurs que sur le PC
sauvegardé, c'est :

* La clé de chiffrement
* Les paramètres de connexion au service distant lorsqu'on utilise autre
  chose qu'un disque local, interne ou externe :
  * les paramètres du compte client s'il s'agit d'un hébergeur tiers ;
  * la paire de clés SSH permettant de se connecter au service de
sauvegarde ;
  * l'uri de connexion au service de sauvegarde. Chez Hetzner, elle
a cette allure là :

ssh://uxxx...@uxx.your-storagebox.de:23/~/backup/borg

Sébastien

-- 
Sébastien Dinot, sebastien.di...@free.fr
http://www.palabritudes.net/
Ne goutez pas au logiciel libre, vous ne pourriez plus vous en passer !

Re: Intérêt d’un « NAS » commercial ou open source ?

2023-07-28 Thread Michel Verdier

Le 28 juillet 2023 Sébastien Dinot a écrit :

> La question n'a rien de stupide, tout au contraire ! Il faut commencer par se
> poser la question du besoin et des risques contre lesquels on veut se prémunir
> afin d'apporter une réponse pertinente et économiquement supportable. J'ai
> écrit un article à ce sujet sur mon blog :
>
> https://www.palabritudes.net/2020/11/21/quelques-reflexions-sur-la-sauvegarde.html

Est-ce que tu utilise la version 1 ou la version 2 ? ? Tu expliques bien
les intérêts pour la sauvegarde, mais comment se passe une restauration ?
Il y a une interface/commande pour lister ce qui est disponible ?
Et je suppose qu'il y a un index des blocs sauvegardés ?

[HS] Re: Intérêt d’un « NAS » commercial ou open source ?


Le 28/07/2023 à 13:42, Sébastien Dinot a écrit :
[...]
Borgbackup, 

[...]

Vorta

[...]

A une époque, j'avais regardé ça (Vorta en utilisation principale GUI et 
Borgbackup en utilisation dégradée CLI) ainsi que d'autres et je m'étais 
fixé sur Déjà-Dup en GUI et Duplicity en CLI.


Mais ton message m'a fait regarder de nouveau la doc de Vorta+Borg et 
celle de Deja-Dup+Duplicity pour me rappeler pourquoi j'avais chois ça.


Globalement je suis satisfait pour mon usage de Deja-Dup+Duplicity je 
vais tester un peu plus Vorta+Borg, surtout que le développement de Borg 
a l'air plus actif que celui de Duplicity

Re: Intérêt d’un « NAS » commercial ou open source ?


Le 28/07/2023 à 17:28, RogerT a écrit :



Le 28 juil. 2023 à 11:03, didier gaumet  a écrit :

[...]

L'un des points qui me vient à l'esprit, c'est la dépendance:

- le fournisseur est-il fiable? Déjà, quelle est son  honnêteté? Risque-t-il de 
voler ou laisser voler par autrui les données de l'utilisateur (pour compte 
propre ou celui de sa clientèle) (entre autres, propriété intellectuelle, vie 
privée, etc...) ? quel est son propre plan de sauvegarde (à lui, l'hébergeur, 
parce lui aussi peut être victime d'un problème informatique ou d'un sinistre)? 
quelles garanties contractuelles offre-t-il de ne pas perdre les données de 
l'utilisateur? etc...


On s’en moque si la sauvegarde est en plusieurs endroits.


c'est effectivement une attitude possible de ne pas accorder 
d'importance à la fiabilité de l'hébergeur de sauvegardes. Mais on peut 
alors se demander pourquoi payer ses services. Et je pense que 
multiplier les hébergeurs multiplie aussi les risques de sécurité (non 
seulement vol de données mais aussi risque d'injecter un ransomware, un 
rootkit ou un virus espion lors de la restauration d'une sauvegarde d'un 
hébergeur qui s'est fait pirater).
Entendons-nous bien: je ne dis pas que tu dois absolument dabs ton cas 
te préoccuper de ce genre de choses: ça dépend de ton contexte, de ton 
appréciation des priorité, ainsi que de celle des tiers concernés 
(famille, amis, clients, partenaires commerciaux, etc...)...

Donc "on s'en fout" peut être une réponse tout-à-fait valable en l'espèce

[...]

les sauvegardes sur-et-hors-site me paraissent ne pas répondre tout-à-fait aux 
mêmes besoins et pouvoir être complémentaires


Une, voire deux chez deux hébergeurs.
Et une en local, immédiatement disponible.
Toutes chiffrées.

Aussi, la taille des fichiers indispensables à l’activité est assez faible.
Et on ne va quand même pas attendre de restaurer une VM ou un ordi complet.
Il faut absolument dissocier ce qui relève de la configuration du poste de 
travail (avoir la sauvegarde ou un poste de rechange sous la main) et ce qui 
relève des fichiers pour faire son métier (sauvegardes multiples).

Également, si les utilisateurs utilisent des terminaux ou des clients légers, 
on peut mettre du soin sur le serveur (réplication+ sauvegarde).

Du coup, si vous adhérez à cette vision, il suffit de choisir le bon outil qui 
va sauvegarder et restaurer les fichiers utiles au travail à partir d’une des 3 
copies de sauvegarde disponibles.

D’accord ?


D'autres te répondront peut-être plus précisément.
Perso, et d'une je ne suis pas consultant dans le domaine, donc mon avis 
est encore plus sujet à précaution, et de deux, si ta démarche te paraît 
solide, mets-la en application, mais de mon côté je serais bien en peine 
de te dire si c'est carré ou patatoïde sans en savoir (beaucoup) plus, 
ce qui ne rentre pas dans le cadre de cet échange (investissement en 
temps pour tous deux voire sensibilité de ce que tu souhaiterais évoquer 
ou non)



Je sais que ça a l'air stupide, mais commencer par se demander "des sauvegardes? 
pour quoi faire (me prémunir de quels risques)?" pourrait être avantageux


Oui, bien sûr.
Mais c’est toujours la même chose. Voir article de Sébastien (indispensable, 
utile, inutile - ou environ).
Si on choisit le bon outil, il doit amener à définir ces priorités.


Disons que c'est une tendance instinctive à l'être humain de d'abord 
choisir un outil (le "comment") qui permet d'atteindre un but (le 
"quoi") alors qu'il faudrait plutôt se demander quel est le but à 
atteindre ("quoi?"), se demander si il est vraiment pertinent 
("pourquoi?"), dans la négative revenir à la définition du but et dans 
l'affirmative passer aux modalités de mise en oeuvre (choix de l'outil: 
"comment?", éventuellement "qui?" et généralement "quand?"). en gros.


Mais bon, c'est juste la façon dont je vois les choses :-)

Re: Intérêt d’un « NAS » commercial ou open source ?

2023-07-28 Thread RogerT




> Le 28 juil. 2023 à 11:03, didier gaumet  a écrit :
> 
> Le 28/07/2023 à 03:56, RogerT a écrit :
> 
>> Merci beaucoup pour ton retour très détaillé et illustré. Tu as vraiment 
>> franchi le pas !
>> Je comprends pourquoi un utilisateur lambda (perso, prof libérale, etc.) 
>> préférera acheter un NAS commercial. Il le branche, installe un agent sur 
>> son PC et peut immédiatement gérer ses sauvegardes et même en envoyer une 
>> copie chiffrée sur un serveur non sûr. Les non informaticiens que j'ai vu 
>> l'utiliser font des choses simples (partage de fichiers, site web).
>> Il me reste une double  question, du point de vue d'un admin système debian 
>> de niveau moyen :
>> 1/ Quel intérêt y a-t-il à avoir un NAS (un serveur avec du stockage 
>> attaché, en RAID) chez soi; si on peut héberger l'équivalent chez son 
>> hébergeur préféré ? (les services réseaux, dont la sauvegarde)
> 
> Je pense que ça dépend des besoins qu'on a identifiés lors de l'étude de 
> ceux-ci, donc que c'est plus souvent une réflexion stratégique d'entreprise 
> qu'une réflexion personnelle.
> 
> L'un des points qui me vient à l'esprit, c'est la dépendance:
> 
> - le fournisseur est-il fiable? Déjà, quelle est son  honnêteté? Risque-t-il 
> de voler ou laisser voler par autrui les données de l'utilisateur (pour 
> compte propre ou celui de sa clientèle) (entre autres, propriété 
> intellectuelle, vie privée, etc...) ? quel est son propre plan de sauvegarde 
> (à lui, l'hébergeur, parce lui aussi peut être victime d'un problème 
> informatique ou d'un sinistre)? quelles garanties contractuelles offre-t-il 
> de ne pas perdre les données de l'utilisateur? etc...
> 
On s’en moque si la sauvegarde est en plusieurs endroits. 


> L'un des autres point c'est la disponibilité des sauvegardes
> 
> - L'utilisateur a-t-il besoin de restauration très rapide? auquel cas la 
> disponibilité et rapidité de l'hébergeur et celles du FAI de l'utilisateur 
> permettront-elles une vitesse de restauration comparable à celles d'une 
> restauration de sauvegarde sur site? etc...
> 
> les sauvegardes sur-et-hors-site me paraissent ne pas répondre tout-à-fait 
> aux mêmes besoins et pouvoir être complémentaires

Une, voire deux chez deux hébergeurs. 
Et une en local, immédiatement disponible. 
Toutes chiffrées. 

Aussi, la taille des fichiers indispensables à l’activité est assez faible. 
Et on ne va quand même pas attendre de restaurer une VM ou un ordi complet. 
Il faut absolument dissocier ce qui relève de la configuration du poste de 
travail (avoir la sauvegarde ou un poste de rechange sous la main) et ce qui 
relève des fichiers pour faire son métier (sauvegardes multiples). 

Également, si les utilisateurs utilisent des terminaux ou des clients légers, 
on peut mettre du soin sur le serveur (réplication+ sauvegarde). 

Du coup, si vous adhérez à cette vision, il suffit de choisir le bon outil qui 
va sauvegarder et restaurer les fichiers utiles au travail à partir d’une des 3 
copies de sauvegarde disponibles. 

D’accord ?

> 
> Je sais que ça a l'air stupide, mais commencer par se demander "des 
> sauvegardes? pour quoi faire (me prémunir de quels risques)?" pourrait être 
> avantageux

Oui, bien sûr. 
Mais c’est toujours la même chose. Voir article de Sébastien (indispensable, 
utile, inutile - ou environ). 
Si on choisit le bon outil, il doit amener à définir ces priorités. 

> 
>> 2/ Qu'est-ce que permet de faire un NAS commercial (qnap, syno) qu'on ne 
>> peut pas faire simplement avec debian ?
>> Sauf erreur, avec debian on peut gérer *tous* les services réseaux.
>> Et en plus des outils ordinaire, on peut écrire ou utiliser un programme de 
>> surveillance d'infrastructure, avec alerte et réparation automatique, qui me 
>> semble plus simple et adaptable qu'un GUI où il faut passer de panneaux en 
>> panneaux de la manière prévue par le fabricant-éditeur.
> 
> L'appréciation personnelle de ce qui est "simple" est différente de celle 
> d'autrui: si tu te sens à l'aise en administration d'une Debian ce n'est pas 
> forcément le cas de tout le monde, et d'aucuns pourraient avoir une opinion 
> inverse: Synology c'est simple et Debian, non.
> 
> D'autre part tu pourrais être amené à changer d'avis sur la simplicité 
> d'administration d'une Debian comparée à Synology si tu étais confronté à une 
> situation temporairement que tu n'avais pas envisagée de cette manière 
> (exemple ton récent problème de DNS) et en l'occurrence tu pourrais 
> (supposition, je n'ai jamais utilisé ces solutions) regretter la simplicité 
> d'emploi Synology, malgré la perte de contrôle que tu perçois par rapport à 
> une solution Debian

Pour l’instant, j’ai observé et vécu la contrainte d’attendre le GUI ou le 
support de son éditeur !
Mais j’aimerais bien savoir à partir de quel niveau on peut vraiment miser sur 
debian…
?

> 
>> PS : j'utilise un client Thunderbird où mon texte apparaît beaucoup plus 
>> gros que le tien ; on verra ce que ça donne une fois

Re: Intérêt d’un « NAS » commercial ou open source ?


Le 2023-07-28 12:06, didier gaumet a écrit :

Tu n'es qu'un abject et cruel tortionnaire


Diantre, c'est bien la première fois qu'on me qualifie de la sorte, et 
contre toute attente, je ne le prends même pas mal. ;)


tu l'anticipes et tu t'en vantes mais pourtant tu ne dévoiles ta 
préconisation d'outil à employer qu'en toute fin d'article bien que tu 
saches pertinemment que c'est la seule chose qui intéresse ton lecteur 
;-)


Je m'y suis d'autant moins aventuré que le sujet tient du troll (un peu 
comme quand on demande quel éditeur de texte choisir, Emacs ou Vim, 
certains s'acharnent à défendre Vim, c'est pénible et stérile cette 
mauvaise foi ;)).


Une fois de plus, il faut d'abord établir le besoin, le cahier des 
charges, puis identifier les outils qui y répondent, puis les tester et 
en choisir un. C'est d'autant plus vrai avec un outil aussi névralgique 
que celui à qui nous allons confier la sauvegarde de nos précieuses 
données. Pour ma part, je suis un quasi-inconditionnel de Borgbackup, 
mais si on a besoin d'un outil multiplateforme, il ne fera pas l'affaire 
(on se tournera alors vers Bacula ou BackupPC), pas plus que si on veut 
déposer les sauvegardes dans un espace objet S3 (on lui préfèrera alors 
Restic, que certains préfèrent à Borgbackup en toute circonstance). 
Certains ont besoin d'une interface graphique, pas moi (bien que j'aie 
installé Vorta à mon épouse afin de l'autonomiser dans la gestion de ses 
sauvegardes).


Pour l'anecdote, lorsque le besoin d'un outil multiplateforme s'est fait 
sentir (smartphone et PC « Lordi » tournant sur MS-Windows de mes 
enfants), au lieu de me tourner vers un autre outil de sauvegarde, 
multiplateforme, j'ai rusé. J'ai déployé Syncthing sur leur téléphone et 
sur leur PC et j'ai configuré une synchronisation mono-directionnelle 
des données vers le PC GNU/Linux familial. Syncthing crée ainsi une 
copie de leurs données sur une seconde machine et ces données se 
trouvent en outre sauvegardées chaque soir, via la sauvegarde de la 
machine GNU/Linux.



Didier, passeur de pommade professionnel, si, si.


Je reconnais, ça fait du bien ! ;)

Sébastien

--
Sébastien Dinot
Ne goutez pas au logiciel libre, vous ne pourriez plus vous en passer !
https://www.palabritudes.net/

Re: Intérêt d’un « NAS » commercial ou open source ?


Le 28/07/2023 à 11:20, Sébastien Dinot a écrit :
[...]

J'ai écrit un article à ce sujet sur mon blog :

https://www.palabritudes.net/2020/11/21/quelques-reflexions-sur-la-sauvegarde.html


Tu n'es qu'un abject et cruel tortionnaire: tu l'anticipes et tu t'en 
vantes mais pourtant tu ne dévoiles ta préconisation d'outil à employer 
qu'en toute fin d'article bien que tu saches pertinemment que c'est la 
seule chose qui intéresse ton lecteur ;-)


Plus sérieusement, pour autant que je puisse en juger le contenu me 
paraît intéressant et judicieux, de plus la forme est structurée et ce 
qui ne gâte rien, le style agréable.


Donc ami lecteur, si comme moi tu n'es pas compétent sur le sujet, lis 
cet article, tu t'en féliciteras peut-être un jour.


Didier, passeur de pommade professionnel, si, si.
(ceux qui me connaissent pisseraient de rire à cette affirmation)

Re: Intérêt d’un « NAS » commercial ou open source ?


Le 2023-07-28 11:02, didier gaumet a écrit :
- le fournisseur est-il fiable? Déjà, quelle est son  honnêteté? 
Risque-t-il de voler ou laisser voler par autrui les données de 
l'utilisateur (pour compte propre ou celui de sa clientèle) (entre 
autres, propriété intellectuelle, vie privée, etc...) ?


On résout le problème de la confiance en chiffrant les sauvegardes à la 
source, ce que permet l'outil Borgbackup que j'utilise (mais aussi 
Restic et d'autres).


Je sais que ça a l'air stupide, mais commencer par se demander "des 
sauvegardes? pour quoi faire (me prémunir de quels risques)?" pourrait 
être avantageux


La question n'a rien de stupide, tout au contraire ! Il faut commencer 
par se poser la question du besoin et des risques contre lesquels on 
veut se prémunir afin d'apporter une réponse pertinente et 
économiquement supportable. J'ai écrit un article à ce sujet sur mon 
blog :


https://www.palabritudes.net/2020/11/21/quelques-reflexions-sur-la-sauvegarde.html

Sébastien


--
Sébastien Dinot
Ne goutez pas au logiciel libre, vous ne pourriez plus vous en passer !
https://www.palabritudes.net/

Re: Intérêt d’un « NAS » commercial ou open source ?

2023-07-28 Thread Olivier Pavilla


Bonjour

- Message de didier gaumet  -
 Date: Fri, 28 Jul 2023 11:02:46 +0200
   De: didier gaumet 
Objet: Re: Intérêt d’un « NAS » commercial ou open source ?
À: debian-user-french@lists.debian.org



Le 28/07/2023 à 03:56, RogerT a écrit :

Merci beaucoup pour ton retour très détaillé et illustré. Tu as  
vraiment franchi le pas !

[snip]


Désolé si j'interviens trop, hein, (dans ce cas , me le dire  
gentiment), je ne suis pas expert en la matière, je m'interroge  
juste à haute voix en parcourant les messages de la liste :-)

- Fin du message de didier gaumet  -

Que neni.
Super post. Super intéressant et bien argumenté.
Etant en formation professionnelle, je le garde pour les arguments,  
pour la constitution de mon dossier projet.

Merci pour votre contribution

Cordialement


--




bindP84y_h3V9.bin
Description: Clé publique PGP


pgpYCNjt4tW2t.pgp
Description: Signature numérique PGP

Re: Intérêt d’un « NAS » commercial ou open source ?


Le 28/07/2023 à 03:56, RogerT a écrit :

Merci beaucoup pour ton retour très détaillé et illustré. Tu as vraiment 
franchi le pas !


Je comprends pourquoi un utilisateur lambda (perso, prof libérale, etc.) 
préférera acheter un NAS commercial. Il le branche, installe un agent 
sur son PC et peut immédiatement gérer ses sauvegardes et même en 
envoyer une copie chiffrée sur un serveur non sûr. Les non 
informaticiens que j'ai vu l'utiliser font des choses simples (partage 
de fichiers, site web).


Il me reste une double  question, du point de vue d'un admin système 
debian de niveau moyen :


1/ Quel intérêt y a-t-il à avoir un NAS (un serveur avec du stockage 
attaché, en RAID) chez soi; si on peut héberger l'équivalent chez son 
hébergeur préféré ? (les services réseaux, dont la sauvegarde)


Je pense que ça dépend des besoins qu'on a identifiés lors de l'étude de 
ceux-ci, donc que c'est plus souvent une réflexion stratégique 
d'entreprise qu'une réflexion personnelle.


L'un des points qui me vient à l'esprit, c'est la dépendance:

- le fournisseur est-il fiable? Déjà, quelle est son  honnêteté? 
Risque-t-il de voler ou laisser voler par autrui les données de 
l'utilisateur (pour compte propre ou celui de sa clientèle) (entre 
autres, propriété intellectuelle, vie privée, etc...) ? quel est son 
propre plan de sauvegarde (à lui, l'hébergeur, parce lui aussi peut être 
victime d'un problème informatique ou d'un sinistre)? quelles garanties 
contractuelles offre-t-il de ne pas perdre les données de l'utilisateur? 
etc...


L'un des autres point c'est la disponibilité des sauvegardes

- L'utilisateur a-t-il besoin de restauration très rapide? auquel cas la 
disponibilité et rapidité de l'hébergeur et celles du FAI de 
l'utilisateur permettront-elles une vitesse de restauration comparable à 
celles d'une restauration de sauvegarde sur site? etc...


les sauvegardes sur-et-hors-site me paraissent ne pas répondre 
tout-à-fait aux mêmes besoins et pouvoir être complémentaires


Je sais que ça a l'air stupide, mais commencer par se demander "des 
sauvegardes? pour quoi faire (me prémunir de quels risques)?" pourrait 
être avantageux


2/ Qu'est-ce que permet de faire un NAS commercial (qnap, syno) qu'on ne 
peut pas faire simplement avec debian ?

Sauf erreur, avec debian on peut gérer *tous* les services réseaux.
Et en plus des outils ordinaire, on peut écrire ou utiliser un programme 
de surveillance d'infrastructure, avec alerte et réparation automatique, 
qui me semble plus simple et adaptable qu'un GUI où il faut passer de 
panneaux en panneaux de la manière prévue par le fabricant-éditeur.


L'appréciation personnelle de ce qui est "simple" est différente de 
celle d'autrui: si tu te sens à l'aise en administration d'une Debian ce 
n'est pas forcément le cas de tout le monde, et d'aucuns pourraient 
avoir une opinion inverse: Synology c'est simple et Debian, non.


D'autre part tu pourrais être amené à changer d'avis sur la simplicité 
d'administration d'une Debian comparée à Synology si tu étais confronté 
à une situation temporairement que tu n'avais pas envisagée de cette 
manière (exemple ton récent problème de DNS) et en l'occurrence tu 
pourrais (supposition, je n'ai jamais utilisé ces solutions) regretter 
la simplicité d'emploi Synology, malgré la perte de contrôle que tu 
perçois par rapport à une solution Debian


PS : j'utilise un client Thunderbird où mon texte apparaît beaucoup plus 
gros que le tien ; on verra ce que ça donne une fois envoyé...


Désolé si j'interviens trop, hein, (dans ce cas , me le dire gentiment), 
je ne suis pas expert en la matière, je m'interroge juste à haute voix 
en parcourant les messages de la liste :-)

Re: Intérêt d’un « NAS » commercial ou open source ?


Le 2023-07-28 03:56, RogerT a écrit :
1/ Quel intérêt y a-t-il à avoir un NAS (un serveur avec du stockage 
attaché, en RAID) chez soi; si on peut héberger l'équivalent chez son 
hébergeur préféré ? (les services réseaux, dont la sauvegarde)


Si on considère les sauvegardes (sujet auquel j'accorde beaucoup 
d'importance), je vois deux intérêts à l'autonomie :


* La bande passante sur le réseau local est bien supérieure à celle 
qu'offrent les hébergeurs. En effet, pour que leurs solutions de 
sauvegarde ne soient pas utilisées pour du stockage de données chaudes, 
les hébergeurs n'octroient qu'une faible bande passante à ces solutions 
(pour les données chaudes / vivantes, les hébergeurs proposent des 
solutions bien plus performantes et louées bien plus cher). Rapatrier 
toutes ses données à la vitesse de 2 à 4 Mo/s, ça prend du temps !


* Quand on s'appuie sur une offre SaaS, notre accès à nos données dépend 
de notre capacité à payer chaque mois le service, et même quand on paie 
ce service, le fournisseur peut décider du jour au lendemain d'y mettre 
fin ou de nous en interdire l'accès.


Du coup, si en ce qui me concerne, j'utilise aussi une offre SaaS 
(service Borgbackup sur l'offre Storage Box de Hetzner), je considère 
que cette sauvegarde est celle que j'utiliserai en dernier recours. Je 
m'appuie aussi sur :


* Des sauvegardes effectuées sur des disques externes (un à deux fois 
par mois), sachant que j'ai toujours un disque externe à la maison, un 
autre sous clé au bureau et un autre sur moi (toutes les sauvegardes 
étant chiffrées à la source par Borgbackup)


* Une sauvegarde que je vais mettre en place sur le NAS dont je viens de 
me doter (il y a encore deux ans, j'avais une autre solution de 
sauvegarde déportée : une machine m'appartenant, hébergée par 
l'hébergeur associatif Tetaneutral, dans une salle de Mix'Art Myrys à 
Toulouse. Mais lorsque le lieu a fermé, j'ai dû récupérer ma machine).


2/ Qu'est-ce que permet de faire un NAS commercial (qnap, syno) qu'on 
ne peut pas faire simplement avec debian ?


L'aspect clé en main, la compacité et plus globalement l'optimisation de 
la solution, l'esthétique ? :)


Si on a les compétences, la volonté et la disponibilité, une simple 
machine faisant tourner un système Debian nu fera parfaitement 
l'affaire. Mais il faut avoir les compétences, la volonté et la 
disponibilité...


Ceci étant, les systèmes tels que TrueNAS ou OpenMediaVault et leurs 
équivalents propriétaires, ont l'avantage de fournir clé en main les 
services que l'on attend d'un NAS. Un système TrueNAS est par exemple 
relativement facile à déployer, même lorsqu'on ne connait rien à FreeBSD 
(j'ai pour ma part un peu galéré, car le support par FreeBSD du matériel 
que j'ai choisi n'est pas parfait et nécessite quelques hacks, notamment 
au niveau réseau, mais c'est une contingence liée au matériel) et 
lorsque l'installation automatique est terminée, le système est 
quasiment prêt à l'emploi (il ne reste plus qu'à se connecter sur 
l'interface web pour configurer les volumes de données exposés).


En ce qui me concerne, mon NAS ne fera tourner que très peu de services, 
car je dispose déjà d'un serveur auto-hébergé.


Sébastien


--
Sébastien Dinot
Ne goutez pas au logiciel libre, vous ne pourriez plus vous en passer !
https://www.palabritudes.net/

Re: Intérêt d’un « NAS » commercial ou open source ?




Le 7/27/23 à 23:24, Sébastien Dinot a écrit :

Bonsoir,

Sauf erreur de ma part, la question a déjà été débattue plusieurs fois
ici sous une perspective ou une autre. On doit trouver trace des
échanges dans les archives.


Bonsoir,

Oui, mais ça doit faire très longtemps.


Voici mon petit retour d'expérience personnelle.

Au boulot, j'utilise depuis une douzaine d'années des NAS Synology et
j'en suis très satisfait. Le matériel se révèle fiable, les NAS sont
compacts et se font oublier, l'interface Web est plutôt agréable et bien
fichue, le système DSM est maintenu pendant au moins 7 ans (parfois
plus, tout dépend de la capacité du matériel – CPU et RAM – à satisfaire
les besoins des nouvelles versions de DSM).

Bien que le système GNU/Linux qui se cache sous DSM soit assez exotique
et bricolé, on peut faire des choses avec, d'où l'existence de paquets
communautaires en plus des paquets proposés par Synology. J'ai aussi
scripté quelques actions.

Bref, ces NAS ont presque tout pour plaire sauf que :

* à la maison, je privilégie les systèmes libres ;
* à cout égal, on peut monter un NAS bien plus performant soi-même.

Le seul hic est que l'offre en boitiers compacts conçus pour les NAS est
anémique, à moins qu'on ait la folie des grandeurs et qu'on vise un NAS
doté de 8 ou 12 disques. Mais là, le boitier commence à être sacrément
volumineux et à être gourmand en énergie.

Lorsque j'avais effectué mes recherches, le boitier le plus intéressant
que j'avais trouvé était le JONSBO N2 :

https://www.jonsbo.com/en/products/N2Black.html

Malheureusement, renseignement pris auprès de mes fournisseurs habituels
et de l'importateur de la marque JONSBO en France, il s'est avéré que ce
boitier n'était pas disponible en France. Ne voulant pas commander sur
Amazon, j'ai fait une croix sur ce boitier, d'autant plus qu'à la
réflexion, il m'orientait vers une solution disproportionnée au regard
de mes maigres besoins.

Considérant mon cahier des charges, je suis in fine parti sur une carte
Odroid H3 de Hardkernel :

https://www.hardkernel.com/shop/odroid-h3/

Et je me suis fait mon NAS :

https://www.palabritudes.net/2023/05/10/nas-diy-odroid-h3.html

Au départ, j'ai opté pour un boitier low cost vendu par Hardkernel, mais
je n'étais pas satisfait. J'ai donc décidé de créer mon propre boitier :

https://www.palabritudes.net/2023/06/18/boitier-decoupe-laser-nas-diy.html

Restait la question du système. J'aurais tout à fait pu me contenter
d'un système Debian nu, mais opter pour TrueNAS était pour moi
l'occasion de me frotter à FreeBSD – dont j'ignore tout – et de voir ce
que valait un OS libre pour NAS par rapport à des systèmes tels que DSM.
Mon bilan actuel est que :

* TrueNAS propose une interface web agréable qui répond au besoin, mais
   qui reste très classique au regard du « WebOS » qu'est DSM.

* FreeBSD, c'est peut-être un Unix, mais c'est un autre monde quand on
   n'a connu que GNU/Linux !

* Je ne regrette absolument pas d'avoir monté mon propre NAS, car j'en
   tire une petite fierté et j'ai pas mal appris au passage (y compris en
   concevant mon propre boitier). Mais il est clair que je ne
   conseillerai pas cette voie à mon entourage. Il faut être un libriste
   teinté d'admin. sys. pour y trouver de la satisfaction. Le caractère
   clé en main et cadré des produits propriétaires est bien plus
   séduisant pour un quidam qui voudrait juste un espace de stockage
   partagé (c'est une situation assez classique).

Sébastien

Merci beaucoup pour ton retour très détaillé et illustré. Tu as vraiment 
franchi le pas !


Je comprends pourquoi un utilisateur lambda (perso, prof libérale, etc.) 
préférera acheter un NAS commercial. Il le branche, installe un agent 
sur son PC et peut immédiatement gérer ses sauvegardes et même en 
envoyer une copie chiffrée sur un serveur non sûr. Les non 
informaticiens que j'ai vu l'utiliser font des choses simples (partage 
de fichiers, site web).


Il me reste une double  question, du point de vue d'un admin système 
debian de niveau moyen :


1/ Quel intérêt y a-t-il à avoir un NAS (un serveur avec du stockage 
attaché, en RAID) chez soi; si on peut héberger l'équivalent chez son 
hébergeur préféré ? (les services réseaux, dont la sauvegarde)


2/ Qu'est-ce que permet de faire un NAS commercial (qnap, syno) qu'on ne 
peut pas faire simplement avec debian ?

Sauf erreur, avec debian on peut gérer *tous* les services réseaux.
Et en plus des outils ordinaire, on peut écrire ou utiliser un programme 
de surveillance d'infrastructure, avec alerte et réparation automatique, 
qui me semble plus simple et adaptable qu'un GUI où il faut passer de 
panneaux en panneaux de la manière prévue par le fabricant-éditeur.



PS : j'utilise un client Thunderbird où mon texte apparaît beaucoup plus 
gros que le tien ; on verra ce que ça donne une fois envoyé...

Re: Intérêt d’un « NAS » commercial ou open source ?

2023-07-27 Thread Sébastien Dinot

Bonsoir,

Sauf erreur de ma part, la question a déjà été débattue plusieurs fois
ici sous une perspective ou une autre. On doit trouver trace des
échanges dans les archives.

Voici mon petit retour d'expérience personnelle.

Au boulot, j'utilise depuis une douzaine d'années des NAS Synology et
j'en suis très satisfait. Le matériel se révèle fiable, les NAS sont
compacts et se font oublier, l'interface Web est plutôt agréable et bien
fichue, le système DSM est maintenu pendant au moins 7 ans (parfois
plus, tout dépend de la capacité du matériel – CPU et RAM – à satisfaire
les besoins des nouvelles versions de DSM).

Bien que le système GNU/Linux qui se cache sous DSM soit assez exotique
et bricolé, on peut faire des choses avec, d'où l'existence de paquets
communautaires en plus des paquets proposés par Synology. J'ai aussi
scripté quelques actions.

Bref, ces NAS ont presque tout pour plaire sauf que :

* à la maison, je privilégie les systèmes libres ;
* à cout égal, on peut monter un NAS bien plus performant soi-même.

Le seul hic est que l'offre en boitiers compacts conçus pour les NAS est
anémique, à moins qu'on ait la folie des grandeurs et qu'on vise un NAS
doté de 8 ou 12 disques. Mais là, le boitier commence à être sacrément
volumineux et à être gourmand en énergie.

Lorsque j'avais effectué mes recherches, le boitier le plus intéressant
que j'avais trouvé était le JONSBO N2 :

https://www.jonsbo.com/en/products/N2Black.html

Malheureusement, renseignement pris auprès de mes fournisseurs habituels
et de l'importateur de la marque JONSBO en France, il s'est avéré que ce
boitier n'était pas disponible en France. Ne voulant pas commander sur
Amazon, j'ai fait une croix sur ce boitier, d'autant plus qu'à la
réflexion, il m'orientait vers une solution disproportionnée au regard
de mes maigres besoins.

Considérant mon cahier des charges, je suis in fine parti sur une carte
Odroid H3 de Hardkernel :

https://www.hardkernel.com/shop/odroid-h3/

Et je me suis fait mon NAS :

https://www.palabritudes.net/2023/05/10/nas-diy-odroid-h3.html

Au départ, j'ai opté pour un boitier low cost vendu par Hardkernel, mais
je n'étais pas satisfait. J'ai donc décidé de créer mon propre boitier :

https://www.palabritudes.net/2023/06/18/boitier-decoupe-laser-nas-diy.html

Restait la question du système. J'aurais tout à fait pu me contenter
d'un système Debian nu, mais opter pour TrueNAS était pour moi
l'occasion de me frotter à FreeBSD – dont j'ignore tout – et de voir ce
que valait un OS libre pour NAS par rapport à des systèmes tels que DSM.
Mon bilan actuel est que :

* TrueNAS propose une interface web agréable qui répond au besoin, mais
  qui reste très classique au regard du « WebOS » qu'est DSM.

* FreeBSD, c'est peut-être un Unix, mais c'est un autre monde quand on
  n'a connu que GNU/Linux !

* Je ne regrette absolument pas d'avoir monté mon propre NAS, car j'en
  tire une petite fierté et j'ai pas mal appris au passage (y compris en
  concevant mon propre boitier). Mais il est clair que je ne
  conseillerai pas cette voie à mon entourage. Il faut être un libriste
  teinté d'admin. sys. pour y trouver de la satisfaction. Le caractère
  clé en main et cadré des produits propriétaires est bien plus
  séduisant pour un quidam qui voudrait juste un espace de stockage
  partagé (c'est une situation assez classique).

Sébastien

-- 
Sébastien Dinot, sebastien.di...@free.fr
http://www.palabritudes.net/
Ne goutez pas au logiciel libre, vous ne pourriez plus vous en passer !

Re: Intérêt d’un « NAS » commercial ou open source ?

2023-07-27 Thread ptilou

Le jeudi 27 juillet 2023 à 15:30:04 UTC+2, RogerT a écrit :
> > Le 27 juil. 2023 à 15:00, ptilou  a écrit : 
> > 
> > Bonjour,
> > 
> >> Le jeudi 27 juillet 2023 à 11:20:05 UTC+2, RogerT a écrit : 
> >> Bonjour, 
> >> 
> >> J’ai eu l’occasion de manipuler quelques « NAS » commerciaux (un serveur 
> >> avec une baie…). Dont qnap et synology (basé sur debian). 
> >> 
> >> Le matériel neuf fait bonne figure. 
> >> 
> >> Le GUI est censé simplifier la vie de l’administrateur, mais de mon 
> >> expérience la lui complique et le ralentit, l’empêche de gérer vite et 
> >> bien en CLI. Et en particulier de faire des scripts et de personnaliser le 
> >> système, en partie verrouillé. Ou alors il faut passer par des panneaux 
> >> lents et contraignants. 
> >> Sans compter la dépendance matérielle ET logicielle à un éditeur qui 
> >> verrouille le système libre qu’il intègre (debian). 
> >> 
> >> Je comprends que celui qui veut sauvegarder ses machines win/mac/linux 
> >> peut le faire avec très peu de compétences (presser des boutons). 
> >> 
> >> Mais il peut très bien faire des sauvegardes chiffrées chez un hébergeur 
> >> de son choix qui propose le même service. 
> >> Le temps de restauration sera dicté par le débit de sa connexion (mais il 
> >> peut aussi conserver une sauvegarde sur un support de stockage en local) 
> >> Non ? 
> >> 
> >> Il y a sur ces « NAS » (qui est un serveur avec du stockage attaché, donc 
> >> un serveur… oui, le stockage pourrait être attaché au réseau / SAN…) 
> >> diverses applications : utilisateurs, vpn, serveur de fichier (avec accès 
> >> web), serveur de messagerie, serveur de nom, etc. 
> >> 
> >> Mais un serveur debian peut faire tout ça, librement. 
> >> 
> >> J’ai aussi aperçu divers « NAS » opensource (truenas, freenas…). Je ne les 
> >> connais pas. 
> >> 
> >> Ce genre de matériel propose aussi de monter un cluster haute dispo juste 
> >> en branchant un câble 10 Gbps pour le heartbeat et de cliquer sur un 
> >> bouton « créer le cluster » (de ce qu’on m’a rapporté, il arrive quand 
> >> même des problèmes). 
> >> 
> >> Par ailleurs, Proxmox est disponible en version gratuite ou avec support 
> >> payant. Ça fonctionne bien mais il faut quand même de l’expertise pour le 
> >> gérer en production. 
> >> 
> >> Quand un support de stockage tombe en rade, le NAS ne suffit pas pour le 
> >> diagnostiquer : il faut le sortir et le tester avec l’outil de son 
> >> fabricant. Bon… Inutile, autant le remplacer à chaud s’il donne un signe 
> >> de faiblesse… 
> >> 
> >> Selon vous, quel intérêt a un « NAS » commercial par rapport à un serveur 
> >> debian ? 
> >> Et surtout pour qui ? (Cad selon le profil de son propriétaire et 
> >> administrateur). 
> >> 
> >> Autrement dit : à partir de quel niveau un administrateur système debian 
> >> peut-il se passer purement et simplement de ce genre d’engin (basé sur 
> >> debian, au moins pour synology) ? 
> >> 
> >> Merci. 
> > 
> > Alors deja la principale raison de ne pas faire du maison, c'est de tisser 
> > des liens commerciaux, avec d'autre entites ... 
> > 
> > La question ou les n'est pas dans un contexte de quelqu'un qui exploite 
> > puisque les donnees technique ne sont pqs presente comme ce qu'il y a en 
> > therme de bandes passantes et de volumes de donnees ! 
> > 
> > Le tous recemblant a un troll ! 
> > 
> > Sinon en 2003 j'ai propose de faire un cluster sur une sortie serie en 
> > processsus 2 ou 3, et avec l'usb et la possibilite de faire de l'esclave 
> > maitre, de masquer une deuxieme sauvegarde ! 
> > 
> > Mais tous ces choses datent des annees 70 en informatique  
> >
> Et ?

Dans etc/fstab tu declare ton pole disque dur, tu peux tous imaginer un NAS 
pour la sauvegarde, un pour la securite, un pour le travail colaboratif, un en 
DMZ pour un back frond size, cherche des informations qui permettent de 
comprendre les sollicitations !
si tu paye une multinational, tu leur achete les disque dur, ce que j'ai jamais 
vue comme competence ici, mais souvent dans une boite italienne, il injecte un 
binnaire sur une epron rikiki, coupe ou desoude une pate pour que tu puisse 
plus reecrire, et te font des sauvegarde dans leur data center moyenant un 
abonement, y a toujours un livre blanc chez IBM pour expliquer ...

Et donc par exemple une fois je bois le coup avec un debiantiste qui me dit que 
le centre de recherche d'IBM, ou il aimerai etre a plein temps ce trouve au 
USA, et la a la librairie de Lidingo, ile de banlieu de Stockholm comme je fais 
de la photo je vois qu'il y a un prix d'architecture pour un immeuble centre de 
recherche IBM a cote de NICE ?

Donc je suis toujours dubitatif, quand je me suis deplace au jeudis a Chatelet 
j'ai rencontre des gens competent qui m'ont dit la verite, la je te sens accacé 
?

Sinon quand j'ai fait des cite web en 2001, un informaticiens d'Ajaccio, 
m'avait montre comment extraire des encapusele dans du code #C, çà permet quand 
le brevet du logiciel est fini de le

Re: Intérêt d’un « NAS » commercial ou open source ?



> Le 27 juil. 2023 à 15:00, ptilou  a écrit :
> 
> Bonjour,
> 
>> Le jeudi 27 juillet 2023 à 11:20:05 UTC+2, RogerT a écrit :
>> Bonjour, 
>> 
>> J’ai eu l’occasion de manipuler quelques « NAS » commerciaux (un serveur 
>> avec une baie…). Dont qnap et synology (basé sur debian). 
>> 
>> Le matériel neuf fait bonne figure. 
>> 
>> Le GUI est censé simplifier la vie de l’administrateur, mais de mon 
>> expérience la lui complique et le ralentit, l’empêche de gérer vite et bien 
>> en CLI. Et en particulier de faire des scripts et de personnaliser le 
>> système, en partie verrouillé. Ou alors il faut passer par des panneaux 
>> lents et contraignants. 
>> Sans compter la dépendance matérielle ET logicielle à un éditeur qui 
>> verrouille le système libre qu’il intègre (debian). 
>> 
>> Je comprends que celui qui veut sauvegarder ses machines win/mac/linux peut 
>> le faire avec très peu de compétences (presser des boutons). 
>> 
>> Mais il peut très bien faire des sauvegardes chiffrées chez un hébergeur de 
>> son choix qui propose le même service. 
>> Le temps de restauration sera dicté par le débit de sa connexion (mais il 
>> peut aussi conserver une sauvegarde sur un support de stockage en local) 
>> Non ? 
>> 
>> Il y a sur ces « NAS » (qui est un serveur avec du stockage attaché, donc un 
>> serveur… oui, le stockage pourrait être attaché au réseau / SAN…) diverses 
>> applications : utilisateurs, vpn, serveur de fichier (avec accès web), 
>> serveur de messagerie, serveur de nom, etc. 
>> 
>> Mais un serveur debian peut faire tout ça, librement. 
>> 
>> J’ai aussi aperçu divers « NAS » opensource (truenas, freenas…). Je ne les 
>> connais pas. 
>> 
>> Ce genre de matériel propose aussi de monter un cluster haute dispo juste en 
>> branchant un câble 10 Gbps pour le heartbeat et de cliquer sur un bouton « 
>> créer le cluster » (de ce qu’on m’a rapporté, il arrive quand même des 
>> problèmes). 
>> 
>> Par ailleurs, Proxmox est disponible en version gratuite ou avec support 
>> payant. Ça fonctionne bien mais il faut quand même de l’expertise pour le 
>> gérer en production. 
>> 
>> Quand un support de stockage tombe en rade, le NAS ne suffit pas pour le 
>> diagnostiquer : il faut le sortir et le tester avec l’outil de son 
>> fabricant. Bon… Inutile, autant le remplacer à chaud s’il donne un signe de 
>> faiblesse… 
>> 
>> Selon vous, quel intérêt a un « NAS » commercial par rapport à un serveur 
>> debian ? 
>> Et surtout pour qui ? (Cad selon le profil de son propriétaire et 
>> administrateur). 
>> 
>> Autrement dit : à partir de quel niveau un administrateur système debian 
>> peut-il se passer purement et simplement de ce genre d’engin (basé sur 
>> debian, au moins pour synology) ? 
>> 
>> Merci.
> 
> Alors deja la principale raison de ne pas faire du maison, c'est de tisser 
> des liens commerciaux, avec d'autre entites ...
> 
> La question ou les n'est pas dans un contexte de quelqu'un qui exploite 
> puisque les donnees technique ne sont pqs presente comme ce qu'il y a en 
> therme de bandes passantes et de volumes de donnees !
> 
> Le tous recemblant a un troll !
> 
> Sinon en 2003 j'ai propose de faire un cluster sur une sortie serie en 
> processsus 2 ou 3, et avec l'usb et la possibilite de faire de l'esclave 
> maitre, de masquer une deuxieme sauvegarde !
> 
> Mais tous ces choses datent des annees 70 en informatique 
> 
Et ?

Re: Intérêt d’un « NAS » commercial ou open source ?

2023-07-27 Thread ptilou

Bonjour,

Le jeudi 27 juillet 2023 à 11:20:05 UTC+2, RogerT a écrit :
> Bonjour, 
> 
> J’ai eu l’occasion de manipuler quelques « NAS » commerciaux (un serveur avec 
> une baie…). Dont qnap et synology (basé sur debian). 
> 
> Le matériel neuf fait bonne figure. 
> 
> Le GUI est censé simplifier la vie de l’administrateur, mais de mon 
> expérience la lui complique et le ralentit, l’empêche de gérer vite et bien 
> en CLI. Et en particulier de faire des scripts et de personnaliser le 
> système, en partie verrouillé. Ou alors il faut passer par des panneaux lents 
> et contraignants. 
> Sans compter la dépendance matérielle ET logicielle à un éditeur qui 
> verrouille le système libre qu’il intègre (debian). 
> 
> Je comprends que celui qui veut sauvegarder ses machines win/mac/linux peut 
> le faire avec très peu de compétences (presser des boutons). 
> 
> Mais il peut très bien faire des sauvegardes chiffrées chez un hébergeur de 
> son choix qui propose le même service. 
> Le temps de restauration sera dicté par le débit de sa connexion (mais il 
> peut aussi conserver une sauvegarde sur un support de stockage en local) 
> Non ? 
> 
> Il y a sur ces « NAS » (qui est un serveur avec du stockage attaché, donc un 
> serveur… oui, le stockage pourrait être attaché au réseau / SAN…) diverses 
> applications : utilisateurs, vpn, serveur de fichier (avec accès web), 
> serveur de messagerie, serveur de nom, etc. 
> 
> Mais un serveur debian peut faire tout ça, librement. 
> 
> J’ai aussi aperçu divers « NAS » opensource (truenas, freenas…). Je ne les 
> connais pas. 
> 
> Ce genre de matériel propose aussi de monter un cluster haute dispo juste en 
> branchant un câble 10 Gbps pour le heartbeat et de cliquer sur un bouton « 
> créer le cluster » (de ce qu’on m’a rapporté, il arrive quand même des 
> problèmes). 
> 
> Par ailleurs, Proxmox est disponible en version gratuite ou avec support 
> payant. Ça fonctionne bien mais il faut quand même de l’expertise pour le 
> gérer en production. 
> 
> Quand un support de stockage tombe en rade, le NAS ne suffit pas pour le 
> diagnostiquer : il faut le sortir et le tester avec l’outil de son fabricant. 
> Bon… Inutile, autant le remplacer à chaud s’il donne un signe de faiblesse… 
> 
> Selon vous, quel intérêt a un « NAS » commercial par rapport à un serveur 
> debian ? 
> Et surtout pour qui ? (Cad selon le profil de son propriétaire et 
> administrateur). 
> 
> Autrement dit : à partir de quel niveau un administrateur système debian 
> peut-il se passer purement et simplement de ce genre d’engin (basé sur 
> debian, au moins pour synology) ? 
> 
> Merci.

Alors deja la principale raison de ne pas faire du maison, c'est de tisser des 
liens commerciaux, avec d'autre entites ...

La question ou les n'est pas dans un contexte de quelqu'un qui exploite puisque 
les donnees technique ne sont pqs presente comme ce qu'il y a en therme de 
bandes passantes et de volumes de donnees !

Le tous recemblant a un troll !

Sinon en 2003 j'ai propose de faire un cluster sur une sortie serie en 
processsus 2 ou 3, et avec l'usb et la possibilite de faire de l'esclave 
maitre, de masquer une deuxieme sauvegarde !

Mais tous ces choses datent des annees 70 en informatique

Re: Intérêt d’un « NAS » commercial ou open source ?



> Le 27 juil. 2023 à 11:47, Gaëtan Perrier  a écrit :
> 
> 
> Bonjour,
> 
> Je ne vais pas répondre à toutes tes interrogations mais juste partager ma 
> toute petite expérience.

Bonjour,
Merci pour ton retour. 

> J'ai un NAS Synology 4 baies (DS918+).
> 
> Pourquoi avoir choisi un NAS tout fait plutôt que d'en monter un à base d'une 
> debian ?
> En premier pour l'intégration ! C'est tout petit ça ne prend pas de place, ça 
> ne fait pas de bruit (ou si peu). Quand on vit dans un petit appartement 
> c'est important !
> En second parce que je n'ai pas des besoins poussés donc l'eco système 
> Synology me convient très bien. C'est simple, efficace, maintenu sur une 
> longue période.

Une baie de 6 disques + ventilos, ça n’est pas silencieux !

> 
> Pourquoi ne pas avoir choisi une sauvegarde en ligne ? En fait je fais les 
> deux. En matière de sauvegarde je ne fie pas à une seule technique...
> Un hébergeur peut toujours disparaître, ses serveurs planter, etc.

D’où l’intérêt d’une sauvegarde en au moins deux endroits (dont une locale). 
Vu l’offre des hébergeurs avec agent de sauvegarde pour le PC (comme synlogy, 
etc.), je n’arrive vraiment pas encore à voir l’intérêt de s’embarrasser avec 
un NAS, qui plus est à la maison. 

> Enfin sur un Synology tu peux te connecter en ssh pour faire de la cli si tu 
> veux. Mais n'ayant pas expérimenté la chose je n'en connais pas les limites.
Accéder en ssh, ça oui. Mais tout est remanié par rapport à debian ! Et il y a 
plein de choses que tu ne peux pas faire. Ou/et alors au risque de perdre la 
garantie du fournisseur.
Déclencher un script ? Il y a un panneau pour glisser le script (ou un pointeur 
qui source le script visé). C’est lourdingue, de mon expérience, par rapport à 
un système debian simple et net. 
A+

> 
> A+
> 
> Gaëtan 
> 
> 
> 
> Le 27 juillet 2023 11:12:49 GMT+02:00, RogerT  a écrit :
>> Bonjour,
>> 
>> J’ai eu l’occasion de manipuler quelques « NAS » commerciaux (un serveur 
>> avec une baie…). Dont qnap et synology (basé sur debian). 
>> 
>> Le matériel neuf fait bonne figure.
>> 
>> Le GUI est censé simplifier la vie de l’administrateur, mais de mon 
>> expérience la lui complique et le ralentit, l’empêche de gérer vite et bien 
>> en CLI. Et en particulier de faire des scripts et de personnaliser le 
>> système, en partie verrouillé. Ou alors il faut passer par des panneaux 
>> lents et contraignants. 
>> Sans compter la dépendance matérielle ET logicielle à un éditeur qui 
>> verrouille le système libre qu’il intègre (debian). 
>> 
>> Je comprends que celui qui veut sauvegarder ses machines win/mac/linux peut 
>> le faire avec très peu de compétences (presser des boutons). 
>> 
>> Mais il peut très bien faire des sauvegardes chiffrées chez un hébergeur de 
>> son choix qui propose le même service. 
>> Le temps de restauration sera dicté par le débit de sa connexion  (mais il 
>> peut aussi conserver une sauvegarde sur un support de stockage en local)
>> Non ?
>> 
>> Il y a sur ces « NAS » (qui est un serveur avec du stockage attaché, donc un 
>> serveur… oui, le stockage pourrait être attaché au réseau / SAN…) diverses 
>> applications : utilisateurs, vpn, serveur de fichier (avec accès web), 
>> serveur de messagerie, serveur de nom, etc.
>> 
>> Mais un serveur debian peut faire tout ça, librement. 
>> 
>> J’ai aussi aperçu divers « NAS » opensource (truenas, freenas…). Je ne les 
>> connais pas. 
>> 
>> Ce genre de matériel propose aussi de monter un cluster haute dispo juste en 
>> branchant un câble 10 Gbps pour le heartbeat et de cliquer sur un bouton « 
>> créer le cluster » (de ce qu’on m’a rapporté, il arrive quand même des 
>> problèmes). 
>> 
>> Par ailleurs, Proxmox est disponible en version gratuite ou avec support 
>> payant. Ça fonctionne bien mais il faut quand même de l’expertise pour le 
>> gérer en production.
>> 
>> Quand un support de stockage tombe en rade, le NAS ne suffit pas pour le 
>> diagnostiquer : il faut le sortir et le tester avec l’outil de son 
>> fabricant. Bon… Inutile, autant le remplacer à chaud s’il donne un signe de 
>> faiblesse…
>> 
>> Selon vous, quel intérêt a un « NAS » commercial par rapport à un serveur 
>> debian ? 
>> Et surtout pour qui ? (Cad selon le profil de son propriétaire et 
>> administrateur). 
>> 
>> Autrement dit : à partir de quel niveau un administrateur système debian 
>> peut-il se passer purement et simplement de ce genre d’engin (basé sur 
>> debian, au moins pour synology) ?
>> 
>> Merci. 
> 
> -- 
> Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma 
> brièveté.

Re: Intérêt d’un « NAS » commercial ou open source ?

2023-07-27 Thread Frederic Zulian

A mon domicile, j'ai un NAS avec Openmediavault  (distribution basée sur
Debian).
J'ai récupéré une petite tour avec CM, cpu, alim, ...
j'y ai mis un petit ssd pour l'OS et 2 HD de 4To (miroring).

Certes, il faut  faire la configuration mais c'est ce qui fait son intérêt.

Au travail tous nos NAS   sont en synology (RAID 5).

Frédéric ZULIAN



Le jeu. 27 juil. 2023 à 11:47, Gaëtan Perrier  a
écrit :

> Bonjour,
>
> Je ne vais pas répondre à toutes tes interrogations mais juste partager ma
> toute petite expérience.
>
> J'ai un NAS Synology 4 baies (DS918+).
>
> Pourquoi avoir choisi un NAS tout fait plutôt que d'en monter un à base
> d'une debian ?
> En premier pour l'intégration ! C'est tout petit ça ne prend pas de place,
> ça ne fait pas de bruit (ou si peu). Quand on vit dans un petit appartement
> c'est important !
> En second parce que je n'ai pas des besoins poussés donc l'eco système
> Synology me convient très bien. C'est simple, efficace, maintenu sur une
> longue période.
>
> Pourquoi ne pas avoir choisi une sauvegarde en ligne ? En fait je fais les
> deux. En matière de sauvegarde je ne fie pas à une seule technique...
> Un hébergeur peut toujours disparaître, ses serveurs planter, etc.
>
> Enfin sur un Synology tu peux te connecter en ssh pour faire de la cli si
> tu veux. Mais n'ayant pas expérimenté la chose je n'en connais pas les
> limites.
>
> A+
>
> Gaëtan
>
>
>
> Le 27 juillet 2023 11:12:49 GMT+02:00, RogerT  a
> écrit :
>
>> Bonjour,
>>
>> J’ai eu l’occasion de manipuler quelques « NAS » commerciaux (un serveur 
>> avec une baie…). Dont qnap et synology (basé sur debian).
>>
>> Le matériel neuf fait bonne figure.
>>
>> Le GUI est censé simplifier la vie de l’administrateur, mais de mon 
>> expérience la lui complique et le ralentit, l’empêche de gérer vite et bien 
>> en CLI. Et en particulier de faire des scripts et de personnaliser le 
>> système, en partie verrouillé. Ou alors il faut passer par des panneaux 
>> lents et contraignants.
>> Sans compter la dépendance matérielle ET logicielle à un éditeur qui 
>> verrouille le système libre qu’il intègre (debian).
>>
>> Je comprends que celui qui veut sauvegarder ses machines win/mac/linux peut 
>> le faire avec très peu de compétences (presser des boutons).
>>
>> Mais il peut très bien faire des sauvegardes chiffrées chez un hébergeur de 
>> son choix qui propose le même service.
>> Le temps de restauration sera dicté par le débit de sa connexion  (mais il 
>> peut aussi conserver une sauvegarde sur un support de stockage en local)
>> Non ?
>>
>> Il y a sur ces « NAS » (qui est un serveur avec du stockage attaché, donc un 
>> serveur… oui, le stockage pourrait être attaché au réseau / SAN…) diverses 
>> applications : utilisateurs, vpn, serveur de fichier (avec accès web), 
>> serveur de messagerie, serveur de nom, etc.
>>
>> Mais un serveur debian peut faire tout ça, librement.
>>
>> J’ai aussi aperçu divers « NAS » opensource (truenas, freenas…). Je ne les 
>> connais pas.
>>
>> Ce genre de matériel propose aussi de monter un cluster haute dispo juste en 
>> branchant un câble 10 Gbps pour le heartbeat et de cliquer sur un bouton « 
>> créer le cluster » (de ce qu’on m’a rapporté, il arrive quand même des 
>> problèmes).
>>
>> Par ailleurs, Proxmox est disponible en version gratuite ou avec support 
>> payant. Ça fonctionne bien mais il faut quand même de l’expertise pour le 
>> gérer en production.
>>
>> Quand un support de stockage tombe en rade, le NAS ne suffit pas pour le 
>> diagnostiquer : il faut le sortir et le tester avec l’outil de son 
>> fabricant. Bon… Inutile, autant le remplacer à chaud s’il donne un signe de 
>> faiblesse…
>>
>> Selon vous, quel intérêt a un « NAS » commercial par rapport à un serveur 
>> debian ?
>> Et surtout pour qui ? (Cad selon le profil de son propriétaire et 
>> administrateur).
>>
>> Autrement dit : à partir de quel niveau un administrateur système debian 
>> peut-il se passer purement et simplement de ce genre d’engin (basé sur 
>> debian, au moins pour synology) ?
>>
>> Merci.
>>
>> --
> Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma
> brièveté.
>

Re: Intérêt d’un « NAS » commercial ou open source ?

2023-07-27 Thread Gaëtan Perrier

Bonjour,

Je ne vais pas répondre à toutes tes interrogations mais juste partager ma 
toute petite expérience.

J'ai un NAS Synology 4 baies (DS918+).

Pourquoi avoir choisi un NAS tout fait plutôt que d'en monter un à base d'une 
debian ?
En premier pour l'intégration ! C'est tout petit ça ne prend pas de place, ça 
ne fait pas de bruit (ou si peu). Quand on vit dans un petit appartement c'est 
important !
En second parce que je n'ai pas des besoins poussés donc l'eco système Synology 
me convient très bien. C'est simple, efficace, maintenu sur une longue période.

Pourquoi ne pas avoir choisi une sauvegarde en ligne ? En fait je fais les 
deux. En matière de sauvegarde je ne fie pas à une seule technique...
Un hébergeur peut toujours disparaître, ses serveurs planter, etc.

Enfin sur un Synology tu peux te connecter en ssh pour faire de la cli si tu 
veux. Mais n'ayant pas expérimenté la chose je n'en connais pas les limites.

A+

Gaëtan 



Le 27 juillet 2023 11:12:49 GMT+02:00, RogerT  a écrit :
>Bonjour,
>
>J’ai eu l’occasion de manipuler quelques « NAS » commerciaux (un serveur avec 
>une baie…). Dont qnap et synology (basé sur debian). 
>
>Le matériel neuf fait bonne figure.
>
>Le GUI est censé simplifier la vie de l’administrateur, mais de mon expérience 
>la lui complique et le ralentit, l’empêche de gérer vite et bien en CLI. Et en 
>particulier de faire des scripts et de personnaliser le système, en partie 
>verrouillé. Ou alors il faut passer par des panneaux lents et contraignants. 
>Sans compter la dépendance matérielle ET logicielle à un éditeur qui 
>verrouille le système libre qu’il intègre (debian). 
>
>Je comprends que celui qui veut sauvegarder ses machines win/mac/linux peut le 
>faire avec très peu de compétences (presser des boutons). 
>
>Mais il peut très bien faire des sauvegardes chiffrées chez un hébergeur de 
>son choix qui propose le même service. 
>Le temps de restauration sera dicté par le débit de sa connexion  (mais il 
>peut aussi conserver une sauvegarde sur un support de stockage en local)
>Non ?
>
>Il y a sur ces « NAS » (qui est un serveur avec du stockage attaché, donc un 
>serveur… oui, le stockage pourrait être attaché au réseau / SAN…) diverses 
>applications : utilisateurs, vpn, serveur de fichier (avec accès web), serveur 
>de messagerie, serveur de nom, etc.
>
>Mais un serveur debian peut faire tout ça, librement. 
>
>J’ai aussi aperçu divers « NAS » opensource (truenas, freenas…). Je ne les 
>connais pas. 
>
>Ce genre de matériel propose aussi de monter un cluster haute dispo juste en 
>branchant un câble 10 Gbps pour le heartbeat et de cliquer sur un bouton « 
>créer le cluster » (de ce qu’on m’a rapporté, il arrive quand même des 
>problèmes). 
>
>Par ailleurs, Proxmox est disponible en version gratuite ou avec support 
>payant. Ça fonctionne bien mais il faut quand même de l’expertise pour le 
>gérer en production.
>
>Quand un support de stockage tombe en rade, le NAS ne suffit pas pour le 
>diagnostiquer : il faut le sortir et le tester avec l’outil de son fabricant. 
>Bon… Inutile, autant le remplacer à chaud s’il donne un signe de faiblesse…
>
>Selon vous, quel intérêt a un « NAS » commercial par rapport à un serveur 
>debian ? 
>Et surtout pour qui ? (Cad selon le profil de son propriétaire et 
>administrateur). 
>
>Autrement dit : à partir de quel niveau un administrateur système debian 
>peut-il se passer purement et simplement de ce genre d’engin (basé sur debian, 
>au moins pour synology) ?
>
>Merci. 

-- 
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma 
brièveté.

Intérêt d’un « NAS » commercial ou open source ?

Bonjour,

J’ai eu l’occasion de manipuler quelques « NAS » commerciaux (un serveur avec 
une baie…). Dont qnap et synology (basé sur debian). 

Le matériel neuf fait bonne figure.

Le GUI est censé simplifier la vie de l’administrateur, mais de mon expérience 
la lui complique et le ralentit, l’empêche de gérer vite et bien en CLI. Et en 
particulier de faire des scripts et de personnaliser le système, en partie 
verrouillé. Ou alors il faut passer par des panneaux lents et contraignants. 
Sans compter la dépendance matérielle ET logicielle à un éditeur qui verrouille 
le système libre qu’il intègre (debian). 

Je comprends que celui qui veut sauvegarder ses machines win/mac/linux peut le 
faire avec très peu de compétences (presser des boutons). 

Mais il peut très bien faire des sauvegardes chiffrées chez un hébergeur de son 
choix qui propose le même service. 
Le temps de restauration sera dicté par le débit de sa connexion  (mais il peut 
aussi conserver une sauvegarde sur un support de stockage en local)
Non ?

Il y a sur ces « NAS » (qui est un serveur avec du stockage attaché, donc un 
serveur… oui, le stockage pourrait être attaché au réseau / SAN…) diverses 
applications : utilisateurs, vpn, serveur de fichier (avec accès web), serveur 
de messagerie, serveur de nom, etc.

Mais un serveur debian peut faire tout ça, librement. 

J’ai aussi aperçu divers « NAS » opensource (truenas, freenas…). Je ne les 
connais pas. 

Ce genre de matériel propose aussi de monter un cluster haute dispo juste en 
branchant un câble 10 Gbps pour le heartbeat et de cliquer sur un bouton « 
créer le cluster » (de ce qu’on m’a rapporté, il arrive quand même des 
problèmes). 

Par ailleurs, Proxmox est disponible en version gratuite ou avec support 
payant. Ça fonctionne bien mais il faut quand même de l’expertise pour le gérer 
en production.

Quand un support de stockage tombe en rade, le NAS ne suffit pas pour le 
diagnostiquer : il faut le sortir et le tester avec l’outil de son fabricant. 
Bon… Inutile, autant le remplacer à chaud s’il donne un signe de faiblesse…

Selon vous, quel intérêt a un « NAS » commercial par rapport à un serveur 
debian ? 
Et surtout pour qui ? (Cad selon le profil de son propriétaire et 
administrateur). 

Autrement dit : à partir de quel niveau un administrateur système debian 
peut-il se passer purement et simplement de ce genre d’engin (basé sur debian, 
au moins pour synology) ?

Merci.

Re: New open source project

2023-06-12 Thread Gregory Seidman

On Mon, Jun 12, 2023 at 12:26:35PM +0200, the2nd wrote:
> i am developing an open source OTP authentication server and currently
> searching for someone to test it. I hope its okay to ask for this on this
> list.
> 
> There is no documentation yet but i can write a step by step guide if
> someone is interested in testing my project.
[...]

No documentation is one thing, but no justification for why this is useful
or better than existing OTP options like otpw-bin and libpam-otpw means
that you aren't likely to find a lot of interest.

You did a thing, and you've announced it, but why should anyone care
(beyond the intellectual exercise) that you did it? This isn't to say it's
a waste or not worth doing, just that you haven't explained why it isn't.

> Regards
> the2nd
--Gregory

New open source project

2023-06-12 Thread the2nd


Hi,

i am developing an open source OTP authentication server and currently 
searching for someone to test it. I hope its okay to ask for this on 
this list.


There is no documentation yet but i can write a step by step guide if 
someone is interested in testing my project.


Installation instructions for debian bullseye can be found here: 
https://github.com/the2nd/otpme/blob/main/pip-install.sh



If someone knows a better place to ask for testers just let me know and 
ill give it a try.


Regards
the2nd

Sat/Sun @Geldrop (Eindhoven, NL): T-DOSE Open Source Event

2023-04-20 Thread J.A. Bezemer




Hi all,

This Saturday and Sunday, Debian has a booth at the T-DOSE "Technical 
Dutch Open Source Event" in Geldrop, The Netherlands.


Join us to discuss all things Debian, meet people from other projects, and 
listen to interesting talks on many subjects. Entrance is free!


More info: https://t-dose.org

Thanks,
Anne Bezemer

Re: Paying Debian contributors (Was Re: Advantages/Disadvantages of Open Source Software)

2022-09-18 Thread riveravaldez

On Thursday, September 15, 2022, Chuck Zmudzinski  wrote:
> On 9/15/2022 11:46 AM, Andy Smith wrote:
>> Hello,
>>
>> On Wed, Sep 14, 2022 at 10:04:48PM -0400, Chuck Zmudzinski wrote:
>> > I am not against giving maintainers like Steve just compensation for the
>> > work they do fixing bugs, and by compensation I mean money.
>> (...)
>> to be able to force the developers to work on what you want them to
>> work on, in the way you want them to work on it. I can only ever see
>> that happening in situations where you pay much much more for a
>> bespoke solution.
>
> So I have to pay someone lots of money to fix a problem I already know how to 
> fix?

Hi, not sure at all, but maybe that could be the case, because to know
how to fix a problem and to make someone else to work on what you want
them to work on in the way you want them to work on it are just two
different and independent things. But I really don't know, just
guessing.
Best regards.

Re: Paying Debian contributors (Was Re: Advantages/Disadvantages of Open Source Software)

2022-09-16 Thread Chuck Zmudzinski

On 9/16/22 12:05 AM, Maude Summerside wrote:
>
> On 2022-09-15 17:56, Chuck Zmudzinski wrote:
> > On 9/15/2022 11:46 AM, Andy Smith wrote:
> >> Hello,
> >>
> >> On Wed, Sep 14, 2022 at 10:04:48PM -0400, Chuck Zmudzinski wrote:
> >>> I am not against giving maintainers like Steve just compensation for the
> >>> work they do fixing bugs, and by compensation I mean money.
> >>
> >> It's a very tricky subject to propose to start paying (some?) people
> >> in what was always a volunteer project, to do the same work that
> >> others do voluntarily. It has been proposed before, and it did not
> >> go down well. Search for "dunc tank debian" to read about that.
> >>
> >> More recently (since 2014), the Debian LTS effort started paying
> >> people to upload fixed Debian packages past the end of the normal
> >> release lifetime. This is organised by private company Freexian who
> >> accept sponsorship funds and pay developers to do this work for
> >> Debian, not out of Debian's own funds.
> >>
> >> https://www.freexian.com/services/debian-lts.html
> >> https://wiki.debian.org/LTS
> >> https://wiki.debian.org/LTS/FAQ
> >>
> >> They do LTS, ELTS and some other limited scope efforts.
> >>
> >> If you do use Debian LTS maybe you could consider contributing to
> >> this? Though I would point out:
> >>
> >> - It's not going to give you the right to tell people what to work
> >>   on, how to do it, govern their timescales etc. Sponsors are paying
> >>   for a certain amount of developer time per month, but Freexian and
> >>   those developers decide what to work on and how to do it.
> >>
> >> - At the moment the minimum contribution is €255/year.
> >>
> >> It could also be interesting to explore individual packaging teams
> >> within Debian having Patreon and/or ko-fi accounts or similar.
> >>
> >> Broadly though, none of these small scale funding ideas are ever
> >> going to give you the kind of service you apparently seem to want:
> >> to be able to force the developers to work on what you want them to
> >> work on, in the way you want them to work on it. I can only ever see
> >> that happening in situations where you pay much much more for a
> >> bespoke solution.
> > 
> > So I have to pay someone lots of money to fix a problem I already know how 
> > to fix?
> > I don't think you really understand my use case very well.
> > 
> > Cheers
> > 
>
> Can you stop complaining and take a minute to go read the code of
> conduct, rules regarding the Debian mailing list.
> There's no reason to do dual posting.
>
> WtF have you written myself a personal mail ?
I think I did, but it was just an oversight. I am aware
of the Code of Conduct, and it also says everyone is
to presume good intentions, as far as possible. When
I noticed I forgot to reply to list, I sent the message
again, I think with a little more detail, to the list also,
where I should have sent the message in the first place.

BTW, just so everyone is aware, the message I sent
is on debian-user, and it is an interesting story about
a Debian bug and I don't think it was against the Code
of Conduct.

Best regards,

Chuck

Re: Paying Debian contributors (Was Re: Advantages/Disadvantages of Open Source Software)

2022-09-15 Thread Maude Summerside




On 2022-09-15 17:56, Chuck Zmudzinski wrote:
> On 9/15/2022 11:46 AM, Andy Smith wrote:
>> Hello,
>>
>> On Wed, Sep 14, 2022 at 10:04:48PM -0400, Chuck Zmudzinski wrote:
>>> I am not against giving maintainers like Steve just compensation for the
>>> work they do fixing bugs, and by compensation I mean money.
>>
>> It's a very tricky subject to propose to start paying (some?) people
>> in what was always a volunteer project, to do the same work that
>> others do voluntarily. It has been proposed before, and it did not
>> go down well. Search for "dunc tank debian" to read about that.
>>
>> More recently (since 2014), the Debian LTS effort started paying
>> people to upload fixed Debian packages past the end of the normal
>> release lifetime. This is organised by private company Freexian who
>> accept sponsorship funds and pay developers to do this work for
>> Debian, not out of Debian's own funds.
>>
>> https://www.freexian.com/services/debian-lts.html
>> https://wiki.debian.org/LTS
>> https://wiki.debian.org/LTS/FAQ
>>
>> They do LTS, ELTS and some other limited scope efforts.
>>
>> If you do use Debian LTS maybe you could consider contributing to
>> this? Though I would point out:
>>
>> - It's not going to give you the right to tell people what to work
>>   on, how to do it, govern their timescales etc. Sponsors are paying
>>   for a certain amount of developer time per month, but Freexian and
>>   those developers decide what to work on and how to do it.
>>
>> - At the moment the minimum contribution is €255/year.
>>
>> It could also be interesting to explore individual packaging teams
>> within Debian having Patreon and/or ko-fi accounts or similar.
>>
>> Broadly though, none of these small scale funding ideas are ever
>> going to give you the kind of service you apparently seem to want:
>> to be able to force the developers to work on what you want them to
>> work on, in the way you want them to work on it. I can only ever see
>> that happening in situations where you pay much much more for a
>> bespoke solution.
> 
> So I have to pay someone lots of money to fix a problem I already know how to 
> fix?
> I don't think you really understand my use case very well.
> 
> Cheers
> 

Can you stop complaining and take a minute to go read the code of
conduct, rules regarding the Debian mailing list.
There's no reason to do dual posting.

WtF have you written myself a personal mail ?
-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Re: Paying Debian contributors (Was Re: Advantages/Disadvantages of Open Source Software)

2022-09-15 Thread Chuck Zmudzinski

On 9/15/22 6:29 PM, Lee wrote:
> On 9/15/22, Chuck Zmudzinski  wrote:
> >
> > So I have to pay someone lots of money to fix a problem I already know how
> > to fix?
> > I don't think you really understand my use case very well.
>
> I surely don't.  If you know how to fix whatever why haven't you fixed
> it already?

I have it fixed in the distro on one bug, but on another I still have to
apply the fix myself because no one in Debian will fix it. Fedora
developers also fixed the same bug. I discuss that bug in some
other posts here. Please read them before asking me about this
again.

Cheers,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-15 Thread Chuck Zmudzinski

On 9/15/22 11:45 AM, Maude Summerside wrote:
>
> On 2022-09-14 23:23, Chuck Zmudzinski wrote:
> > On 9/14/2022 11:01 PM, Maude Summerside wrote:
> >>
> >> On 2022-09-14 21:45, Michael Stone wrote:
> >>> On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:
>  I'll be brutally honest: being accused of "possibly malicious"
>  unwilligness is *not* a great way to convince overstretched volunteers
>  to spend their time on issues.
> >>>
> >>> Especially when it's an ongoing pattern of discourse.
> >>>
> >>
> >> I think there's many barrier that discourage people from wanting to
> >> contribute to many project. I feel some developer use the community as
> >> unpaid beta tester but don't go further into accepting contribution.
> >>
> >> For sure, having managed some project, I have to say that it's hard to
> >> accept contribution that will add new functions to as software when
> >> these come from a unknown contributor. Not because of being scared of
> >> malicious intent (unless the person is really paranoid but that's
> >> another story). Simply because adding a new function means having to
> >> support it's ongoing development and there's no guarantee that the
> >> contributor will do so. Same goes on for code contributed that needs
> >> refactoring, that are badly documented, etc. But all this need some good
> >> social behavior from the project owner/manager.
> > 
> > As a user of the Debian software and a user of the BTS, I am discouraged not
> > because new contributions or functions are being rejected, but because bugs
> > are not being fixed. Those are two very different things. Maybe it's just 
> > too hard
> > for volunteers to fix the bugs and make Debian better, and maybe we need to
> > pay the volunteers so they are not volunteers anymore and will be motivated
> > to actually fix the Debian software. The fact that Debian is created by 
> > volunteers
> > is probably one of the really big disadvantages of Debian software.
> > 
> I think there's a piece missing hugely in *your* equation.
> The package maintainer are the LAST line of resort when there's a bug to
> fix. Sure you can report them thru BTS but they'll transmit those
> upstream to the original software developer.

Not in my experience. Most upstream projects say users should report
bugs to the distro first and let the distro's maintainers decide what to
do. The bugs I see that the Debian maintainer *should* forward to the
upstream project usually fail to do that. Of two cases of bugs affecting
my machine this past couple of years, one I reported the bug to Debian,
Debian's maintainer ignored it, I found the fix after a long bisecting process
and the fix was in the upstream part of the code. So I tagged the
bug with patch and upstream and waited for the maintainer to forward
the bug. The maintainer again ignored it so I had the opportunity to
make a contribution to an upstream project and I submitted the patch
to the upstream project myself and when it was committed upstream
I tagged the bug fixed upstream on BTS and now the bug is closed.

That is a happy ending to a bug report. The other one this year both
Debian and the upstream project, the Linux kernel, are ignoring the
bug and that is the one I described in a post earlier today to this list
when I also asked the community a question about systemd, udev,
and the coldplug all devices stage of boot where the bug happens. This
bug is still not a happy ending, at least for those who want the bug fixed.
I am not the one who reported it. I would not be surprised if the one
who reported it gave up on it and switched to Fedora or another distro
that has fixed the bug in their distro. It is the kind of bug that can be
fixed in *either* the Linux kernel upstream code or in the systemd/udev
configuration by the distro. But Debian maintainers are just volunteers
so they cannot fix it. At least that is what everyone here is telling me.

>
> What would happened if every bug was fixed by the Debian maintainer ?
> We'd end up having two different source code because at every bug fix
> there would be a different tree of source code being built.

Most users are not able to determine when they report a bug if
it is in the upstream or Debian part. I learned how to find where
the bug is because no one else in the free software world would do
it. You advocate for a world where every user can fix their own
bugs and the maintainers can complain they can't fix bugs because
they are just volunteers. That doesn't make sense to me. The BTS
is useful because users do post workarounds for the bugs that
the maintainers don't fix, but users are mistaken if they think
when they report a bug the maintainer will see to it that it
will get fixed. I also think the bot that says the maintainer
will respond to you in due course sometimes lies because in
some cases the maintainer never responds.

Best regards,

Chuck

Re: Paying Debian contributors (Was Re: Advantages/Disadvantages of Open Source Software)

2022-09-15 Thread Lee

On 9/15/22, Chuck Zmudzinski  wrote:
>
> So I have to pay someone lots of money to fix a problem I already know how
> to fix?
> I don't think you really understand my use case very well.

I surely don't.  If you know how to fix whatever why haven't you fixed
it already?

Lee

Re: Paying Debian contributors (Was Re: Advantages/Disadvantages of Open Source Software)

2022-09-15 Thread Chuck Zmudzinski

On 9/15/2022 11:46 AM, Andy Smith wrote:
> Hello,
>
> On Wed, Sep 14, 2022 at 10:04:48PM -0400, Chuck Zmudzinski wrote:
> > I am not against giving maintainers like Steve just compensation for the
> > work they do fixing bugs, and by compensation I mean money.
>
> It's a very tricky subject to propose to start paying (some?) people
> in what was always a volunteer project, to do the same work that
> others do voluntarily. It has been proposed before, and it did not
> go down well. Search for "dunc tank debian" to read about that.
>
> More recently (since 2014), the Debian LTS effort started paying
> people to upload fixed Debian packages past the end of the normal
> release lifetime. This is organised by private company Freexian who
> accept sponsorship funds and pay developers to do this work for
> Debian, not out of Debian's own funds.
>
> https://www.freexian.com/services/debian-lts.html
> https://wiki.debian.org/LTS
> https://wiki.debian.org/LTS/FAQ
>
> They do LTS, ELTS and some other limited scope efforts.
>
> If you do use Debian LTS maybe you could consider contributing to
> this? Though I would point out:
>
> - It's not going to give you the right to tell people what to work
>   on, how to do it, govern their timescales etc. Sponsors are paying
>   for a certain amount of developer time per month, but Freexian and
>   those developers decide what to work on and how to do it.
>
> - At the moment the minimum contribution is €255/year.
>
> It could also be interesting to explore individual packaging teams
> within Debian having Patreon and/or ko-fi accounts or similar.
>
> Broadly though, none of these small scale funding ideas are ever
> going to give you the kind of service you apparently seem to want:
> to be able to force the developers to work on what you want them to
> work on, in the way you want them to work on it. I can only ever see
> that happening in situations where you pay much much more for a
> bespoke solution.

So I have to pay someone lots of money to fix a problem I already know how to 
fix?
I don't think you really understand my use case very well.

Cheers

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-15 Thread Dan Ritter

Maude Summerside wrote: 
> 
> 
> On 2022-09-14 21:45, Michael Stone wrote:
> > On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:
> >> I'll be brutally honest: being accused of "possibly malicious"
> >> unwilligness is *not* a great way to convince overstretched volunteers
> >> to spend their time on issues.
> > 
> > Especially when it's an ongoing pattern of discourse.
> > 
> 
> I think there's many barrier that discourage people from wanting to
> contribute to many project. I feel some developer use the community as
> unpaid beta tester but don't go further into accepting contribution.
> 
> For sure, having managed some project, I have to say that it's hard to
> accept contribution that will add new functions to as software when
> these come from a unknown contributor. Not because of being scared of
> malicious intent (unless the person is really paranoid but that's
> another story). Simply because adding a new function means having to
> support it's ongoing development and there's no guarantee that the
> contributor will do so. Same goes on for code contributed that needs
> refactoring, that are badly documented, etc. But all this need some good
> social behavior from the project owner/manager.

I quite like the approach taken by Espen Jurgensen, project
owner of Owntone (formerly forked-daapd). If a feature is
requested and he thinks he might want to use it, he brings it
in. If he doesn't see a point for his own usage but thinks that
other people might want it, he asks the contributor to
maintain a fork for a few months. The initial bugs get worked
out by someone who cares about it, and then a pull request can
be made to bring it back to the main branch.

-dsr-

Paying Debian contributors (Was Re: Advantages/Disadvantages of Open Source Software)

2022-09-15 Thread Andy Smith

Hello,

On Wed, Sep 14, 2022 at 10:04:48PM -0400, Chuck Zmudzinski wrote:
> I am not against giving maintainers like Steve just compensation for the
> work they do fixing bugs, and by compensation I mean money.

It's a very tricky subject to propose to start paying (some?) people
in what was always a volunteer project, to do the same work that
others do voluntarily. It has been proposed before, and it did not
go down well. Search for "dunc tank debian" to read about that.

More recently (since 2014), the Debian LTS effort started paying
people to upload fixed Debian packages past the end of the normal
release lifetime. This is organised by private company Freexian who
accept sponsorship funds and pay developers to do this work for
Debian, not out of Debian's own funds.

https://www.freexian.com/services/debian-lts.html
https://wiki.debian.org/LTS
https://wiki.debian.org/LTS/FAQ

They do LTS, ELTS and some other limited scope efforts.

If you do use Debian LTS maybe you could consider contributing to
this? Though I would point out:

- It's not going to give you the right to tell people what to work
  on, how to do it, govern their timescales etc. Sponsors are paying
  for a certain amount of developer time per month, but Freexian and
  those developers decide what to work on and how to do it.

- At the moment the minimum contribution is €255/year.

It could also be interesting to explore individual packaging teams
within Debian having Patreon and/or ko-fi accounts or similar.

Broadly though, none of these small scale funding ideas are ever
going to give you the kind of service you apparently seem to want:
to be able to force the developers to work on what you want them to
work on, in the way you want them to work on it. I can only ever see
that happening in situations where you pay much much more for a
bespoke solution.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-15 Thread Maude Summerside




On 2022-09-14 23:23, Chuck Zmudzinski wrote:
> On 9/14/2022 11:01 PM, Maude Summerside wrote:
>>
>> On 2022-09-14 21:45, Michael Stone wrote:
>>> On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:
 I'll be brutally honest: being accused of "possibly malicious"
 unwilligness is *not* a great way to convince overstretched volunteers
 to spend their time on issues.
>>>
>>> Especially when it's an ongoing pattern of discourse.
>>>
>>
>> I think there's many barrier that discourage people from wanting to
>> contribute to many project. I feel some developer use the community as
>> unpaid beta tester but don't go further into accepting contribution.
>>
>> For sure, having managed some project, I have to say that it's hard to
>> accept contribution that will add new functions to as software when
>> these come from a unknown contributor. Not because of being scared of
>> malicious intent (unless the person is really paranoid but that's
>> another story). Simply because adding a new function means having to
>> support it's ongoing development and there's no guarantee that the
>> contributor will do so. Same goes on for code contributed that needs
>> refactoring, that are badly documented, etc. But all this need some good
>> social behavior from the project owner/manager.
> 
> As a user of the Debian software and a user of the BTS, I am discouraged not
> because new contributions or functions are being rejected, but because bugs
> are not being fixed. Those are two very different things. Maybe it's just too 
> hard
> for volunteers to fix the bugs and make Debian better, and maybe we need to
> pay the volunteers so they are not volunteers anymore and will be motivated
> to actually fix the Debian software. The fact that Debian is created by 
> volunteers
> is probably one of the really big disadvantages of Debian software.
> 
I think there's a piece missing hugely in *your* equation.
The package maintainer are the LAST line of resort when there's a bug to
fix. Sure you can report them thru BTS but they'll transmit those
upstream to the original software developer.

What would happened if every bug was fixed by the Debian maintainer ?
We'd end up having two different source code because at every bug fix
there would be a different tree of source code being built.

Sure maintainer will fix bug that are Debian specifics.

Didn't this ever went in your consideration ?

Maybe you should take some time to read the different documentations
relating to the roles of everyone and this would save lot of useless
anger on your side.
> Best regards,
> 
> Chuck
> 

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Jude DaShiell





Jude 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)

.

On Wed, 14 Sep 2022, Steve McIntyre wrote:

> Stefan wrote:
> In article  you 
> write:
> >> the interest of the user. These "volunteers" obviously have other,
> >> possibly malicious, interests if they prove themselves unwilling to
> >> apply fixes to bugs that are reported to them.
> >
> >I think there's a confusion here: these volunteers will also have
> >"other, possibly malicious, interests" even if they are willing/eager
> >to apply fixes to bugs that are reported to them.
> >
> >Same goes for people you pay, so it's not specific to volunteers.
> >And of course it's also not specific to a particular kind of license.
>
> Thanks Stefan, it's great to see that some people understand the
> issues.
>
> I'll be brutally honest: being accused of "possibly malicious"
> unwilligness is *not* a great way to convince overstretched volunteers
> to spend their time on issues.
>
>
I think an appropriate analogy for proprietary versus open source software
is the American Electoral College compared to The American General
Election.  The difference in the number of minds brought to apply to each
I think parallels proprietary versus open source software and whatever
effects attach to both.  Open source additionally has the internet which
varies in support quality but is far larger than any proprietary
operation.

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/14/2022 11:01 PM, Maude Summerside wrote:
>
> On 2022-09-14 21:45, Michael Stone wrote:
> > On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:
> >> I'll be brutally honest: being accused of "possibly malicious"
> >> unwilligness is *not* a great way to convince overstretched volunteers
> >> to spend their time on issues.
> > 
> > Especially when it's an ongoing pattern of discourse.
> > 
>
> I think there's many barrier that discourage people from wanting to
> contribute to many project. I feel some developer use the community as
> unpaid beta tester but don't go further into accepting contribution.
>
> For sure, having managed some project, I have to say that it's hard to
> accept contribution that will add new functions to as software when
> these come from a unknown contributor. Not because of being scared of
> malicious intent (unless the person is really paranoid but that's
> another story). Simply because adding a new function means having to
> support it's ongoing development and there's no guarantee that the
> contributor will do so. Same goes on for code contributed that needs
> refactoring, that are badly documented, etc. But all this need some good
> social behavior from the project owner/manager.

As a user of the Debian software and a user of the BTS, I am discouraged not
because new contributions or functions are being rejected, but because bugs
are not being fixed. Those are two very different things. Maybe it's just too 
hard
for volunteers to fix the bugs and make Debian better, and maybe we need to
pay the volunteers so they are not volunteers anymore and will be motivated
to actually fix the Debian software. The fact that Debian is created by 
volunteers
is probably one of the really big disadvantages of Debian software.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Maude Summerside

On 2022-09-14 21:45, Michael Stone wrote:
> On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:
>> I'll be brutally honest: being accused of "possibly malicious"
>> unwilligness is *not* a great way to convince overstretched volunteers
>> to spend their time on issues.
> 
> Especially when it's an ongoing pattern of discourse.
> 

I think there's many barrier that discourage people from wanting to
contribute to many project. I feel some developer use the community as
unpaid beta tester but don't go further into accepting contribution.

For sure, having managed some project, I have to say that it's hard to
accept contribution that will add new functions to as software when
these come from a unknown contributor. Not because of being scared of
malicious intent (unless the person is really paranoid but that's
another story). Simply because adding a new function means having to
support it's ongoing development and there's no guarantee that the
contributor will do so. Same goes on for code contributed that needs
refactoring, that are badly documented, etc. But all this need some good
social behavior from the project owner/manager.

There's people who just think "I've done something free if people are
happy they use it, if they ain't they continue their journey". Those
don't accept criticism. But that's all part of the human behavior.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/14/22 6:16 PM, Steve McIntyre wrote:
> Stefan wrote:
> In article  you 
> write:
> >> the interest of the user. These "volunteers" obviously have other,
> >> possibly malicious, interests if they prove themselves unwilling to
> >> apply fixes to bugs that are reported to them.
> >
> >I think there's a confusion here: these volunteers will also have
> >"other, possibly malicious, interests" even if they are willing/eager
> >to apply fixes to bugs that are reported to them.
> >
> >Same goes for people you pay, so it's not specific to volunteers.
> >And of course it's also not specific to a particular kind of license.
>
> Thanks Stefan, it's great to see that some people understand the
> issues.
>
> I'll be brutally honest: being accused of "possibly malicious"
> unwilligness is *not* a great way to convince overstretched volunteers
> to spend their time on issues.
>

Thank you Steve, for the work you do as maintaining the grub software
packages on Debian.

I am not against giving maintainers like Steve just compensation for the
work they do fixing bugs, and by compensation I mean money.

Why not require the user to pay a small fee when reporting a bug
which can be used to provide just compensation for the services the
maintainers provide to the community when the maintainer fixes bugs?
I would be willing to pay a reasonably small fee that would go to the
maintainers who worked on the bug and successfully fixed it.

I'll be brutally honest: Being accused of being a troll is *not* a
great way to convince Debian users who want to contribute to
and help Debian to spend their free time helping maintainers fix
the bugs reported to the BTS. I also suspect many users agree
with me, but are afraid to say so for fear of being accused of
being a troll.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Michael Stone


On Wed, Sep 14, 2022 at 11:16:00PM +0100, Steve McIntyre wrote:

I'll be brutally honest: being accused of "possibly malicious"
unwilligness is *not* a great way to convince overstretched volunteers
to spend their time on issues.


Especially when it's an ongoing pattern of discourse.

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Maude Summerside




On 2022-09-14 17:06, Thiemo Kellner wrote:
> Am 14.09.22 um 18:39 schrieb Maude Summerside:
>> This is where intellectual shortcut starts...
>> Free/OSS doesn't mean GPL.
>> There's plenty of Free/OSS software that the copyright owner retains
>> right to commercial licensing. Just look at libraries, some of them will
>> be in such a licensing term that if you use the free version, you have
>> to share your code if you distribute it but they offer a commercial
>> license that allow you to link and distribute without source code. If
>> you only stick to Debian, no such thing because they aren't in the
>> licensing term accepted for distribution.
>>
>> But let say QT, you have a free version, force you to distribute freely
>> if linked against or you go with the commercial license.
>>
>> Why would the owner of the copyright regarding Chromium (that can write
>> their own terms) couldn't reserve himself a right to make a closed
>> source version (like Google Chrome, owned by the owner of Chromium
>> license).
>>
>> Something taking a break and make some research just shows off that we
>> don't only know how to type code, but we have a bit more knowledge than
>> that, regarding mostly real life example of what's also part of the
>> ecosystem.
> Thanks for trying to point out. I am afraid, it is beyond me as is dual
> licensing in general.
> 

We all have our forces and weakness, so we are all the same.
I'm probably not as fast as you can be for writing JavaScript code,
HTML, or whatever you do. But my force is mostly at project management,
legal and business side of IT solutions.

I've driven mostly medical projects so I'm pretty used to the *thingy*
related to licensing.

The error I see the most often is generalizing a situation, in this case
thinking that GPL means Free/OSS. And even there free ain't OSS.

One of the reason behind the birth of MariaDB was such a dual licensing
change to MySQL when eveil-Oracle purchased the right to the software.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Steve McIntyre

Stefan wrote:
In article  you write:
>> the interest of the user. These "volunteers" obviously have other,
>> possibly malicious, interests if they prove themselves unwilling to
>> apply fixes to bugs that are reported to them.
>
>I think there's a confusion here: these volunteers will also have
>"other, possibly malicious, interests" even if they are willing/eager
>to apply fixes to bugs that are reported to them.
>
>Same goes for people you pay, so it's not specific to volunteers.
>And of course it's also not specific to a particular kind of license.

Thanks Stefan, it's great to see that some people understand the
issues.

I'll be brutally honest: being accused of "possibly malicious"
unwilligness is *not* a great way to convince overstretched volunteers
to spend their time on issues.

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"We're the technical experts.  We were hired so that management could
 ignore our recommendations and tell us how to do our jobs."  -- Mike Andrews

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Thiemo Kellner


Am 14.09.22 um 18:39 schrieb Maude Summerside:

This is where intellectual shortcut starts...
Free/OSS doesn't mean GPL.
There's plenty of Free/OSS software that the copyright owner retains
right to commercial licensing. Just look at libraries, some of them will
be in such a licensing term that if you use the free version, you have
to share your code if you distribute it but they offer a commercial
license that allow you to link and distribute without source code. If
you only stick to Debian, no such thing because they aren't in the
licensing term accepted for distribution.

But let say QT, you have a free version, force you to distribute freely
if linked against or you go with the commercial license.

Why would the owner of the copyright regarding Chromium (that can write
their own terms) couldn't reserve himself a right to make a closed
source version (like Google Chrome, owned by the owner of Chromium license).

Something taking a break and make some research just shows off that we
don't only know how to type code, but we have a bit more knowledge than
that, regarding mostly real life example of what's also part of the
ecosystem.
Thanks for trying to point out. I am afraid, it is beyond me as is dual 
licensing in general.


--
Signal (Safer than WhatsApp): +49 1578 7723737
Threema (Safer than WhatsApp): A76MKH3J
Handy: +49 1578 772 37 37

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Maude Summerside

On 2022-09-14 08:31, Chuck Zmudzinski wrote:

>>> For example, most web
>>> browsers are based on chromium, a free oss project that comes in large part 
>>> from
>>> Google, but some of the most-used browsers in the world based on chromium
>>> are proprietary, such as chrome and edge.
>> I am not sure that this holds true. I would be quite surprised that 
>> chromium or edged can legally use code of a OSS browser, being CSS. But 
>> I am not an attorney.

This is where intellectual shortcut starts...
Free/OSS doesn't mean GPL.
There's plenty of Free/OSS software that the copyright owner retains
right to commercial licensing. Just look at libraries, some of them will
be in such a licensing term that if you use the free version, you have
to share your code if you distribute it but they offer a commercial
license that allow you to link and distribute without source code. If
you only stick to Debian, no such thing because they aren't in the
licensing term accepted for distribution.

But let say QT, you have a free version, force you to distribute freely
if linked against or you go with the commercial license.

Why would the owner of the copyright regarding Chromium (that can write
their own terms) couldn't reserve himself a right to make a closed
source version (like Google Chrome, owned by the owner of Chromium license).

Something taking a break and make some research just shows off that we
don't only know how to type code, but we have a bit more knowledge than
that, regarding mostly real life example of what's also part of the
ecosystem.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread Andrew M.A. Cater

People of debian-user :)

This thread does seem to be degenerating slightly into accusations and
name-calling, justified or not. Without prejudice to anyone: please may
I remind you that debian-user and all Debian lists and IRC channels are
subject to the Debian Code of Conduct.

It would be very much appreciated if disagreements could be resolved 
constructively and in a positive way. Ad hominem attacks don't help
anyone here. Taking a breath / walking away from the keyboard for half
a day might also help get a sense of perspective in any mailing list
opinion difference. (And yes, I know about https://xkcd.com/386/ and 
the difficulty that brings).

With every good wish, as ever,

Andy Cater

[For and on behalf of the Debian Community Team]

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/14/2022 9:06 AM, The Wanderer wrote:
> On 2022-09-14 at 08:51, Chuck Zmudzinski wrote:
>
> > On 9/14/2022 1:03 AM, to...@tuxteam.de wrote:
> >
> >> On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote:
> >>
> >> [...]
> >>
> >>> Actually, someone already has shown us how to do it better. His name is
> >>> Linus Torvalds [...]
> >>
> >> I don't know what your aim is.
> >>
> >> I have the impression that it's just arguing for arguing's sake [1].
> >>
> >> [1] in the classical sense of "trolling", as per Wikipedia:
> >>  "In Internet slang, a troll is a person who posts inflammatory,
> >>   insincere, digressive,[1] extraneous, or off-topic messages in
> >>   an online community [...], with the intent of provoking readers
> >>   into displaying emotional responses,[2] or manipulating others'
> >>   perception.
> >>   https://en.wikipedia.org/wiki/Trolling
> > 
> > So you are accusing me of being a troll. Well, it takes one to know one.
>
> No, it very much does not.
>
> > Congratulations! I am starting my own list of trolls on debian-user and
> > you are the first member of that list.
>
> Given the long, long history of helping people that Tomas has on this
> mailing list, I think that if you want to convince anyone other than
> yourself that Tomas is a troll, you're going to have a *very* heavy lift
> (or a whole lot of lying) ahead of you.
>
> (Mind, by my personal definition - which is a bit different from the
> above, though probably still largely compatible - I'm not entirely
> convinced that you're a troll either. But you're *definitely* behaving
> in such a way that I do not blame others for reaching that conclusion.)

I admit that I behaved like a troll when i tried to enter into a conversation 
with
Tomas. I do know he helps many people on this list, that is something good he
does. But on this thread, he also behaved like a troll and caused me to also
behave like a troll. That is a fact, if anyone wants to take the time to look at
what he said, the things he omitted in his replies, etc.

I especially noted his response to my introduction of the idea in this thread
that open source projects like Debian consider themselves communities, and
I wanted to emphasize that those who volunteer to help out with Debian or
other free software communities should not serve their own interests but the
interests of the community. After I made those points, that is when Tomas
started his ad hominum attacks against me and turned the conversation away
from what it means for Debian to be a community and changed it into an ad
hominum attack against me. It causes me to think there are some aspects of
the idea of Debian as a community that are offensive to him. From what he
actually did in this thread, I am inclined to think his idea of Debian as a 
community
is that it is a community of developers only, and not of users. Maybe he is 
right
about that. Maybe Debian *is only* a community of the one thousand or so
Debian developers with voting rights, and the rest of us are trolls if we dare 
to
express our opinions as mere Debian users on the debian-user list or on any
other Debian hosted forum.

So I am going to be very careful about trying to have an objective conversation
with Tomas, given what I actually saw him do in this thread, and given the 
mistake
I made by letting him bait me into appearing to be a troll. I will be careful
to not let that happen again.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 7:11 PM, Thiemo Kellner wrote:
> Am 13.09.22 um 23:55 schrieb Chuck Zmudzinski:
> > 
>
> > I am fairly sure I was a victim of
> > the breach of Yahoo that affected hundreds of millions of its users.
> I am sorry for you. I do not know this case, so I cannot tell whether 
> OSS or CSS components of their service were breached, or even a social 
> engineering case.

There is information about the Yahoo data breach on the Internet, including the
$117 million class action case on behalf of 194 million class members:

https://www.cnbc.com/2020/02/06/what-to-do-if-you-got-email-from-yahoo-about-a-data-breach-settlement.html

I don't know if there is enough information available in the public domain to 
determine
to what extent free/oss software might have contributed to that data breach. I 
do remember
Yahoo admitted the number of affected accounts was around 500 million.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread The Wanderer

On 2022-09-14 at 08:51, Chuck Zmudzinski wrote:

> On 9/14/2022 1:03 AM, to...@tuxteam.de wrote:
>
>> On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote:
>>
>> [...]
>>
>>> Actually, someone already has shown us how to do it better. His name is
>>> Linus Torvalds [...]
>>
>> I don't know what your aim is.
>>
>> I have the impression that it's just arguing for arguing's sake [1].
>>
>> [1] in the classical sense of "trolling", as per Wikipedia:
>>  "In Internet slang, a troll is a person who posts inflammatory,
>>   insincere, digressive,[1] extraneous, or off-topic messages in
>>   an online community [...], with the intent of provoking readers
>>   into displaying emotional responses,[2] or manipulating others'
>>   perception.
>>   https://en.wikipedia.org/wiki/Trolling
> 
> So you are accusing me of being a troll. Well, it takes one to know one.

No, it very much does not.

> Congratulations! I am starting my own list of trolls on debian-user and
> you are the first member of that list.

Given the long, long history of helping people that Tomas has on this
mailing list, I think that if you want to convince anyone other than
yourself that Tomas is a troll, you're going to have a *very* heavy lift
(or a whole lot of lying) ahead of you.

(Mind, by my personal definition - which is a bit different from the
above, though probably still largely compatible - I'm not entirely
convinced that you're a troll either. But you're *definitely* behaving
in such a way that I do not blame others for reaching that conclusion.)

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw

signature.asc
Description: OpenPGP digital signature

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/14/2022 1:03 AM, to...@tuxteam.de wrote:
> On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote:
>
> [...]
>
> > Actually, someone already has shown us how to do it better. His name is
> > Linus Torvalds [...]
>
> I don't know what your aim is.
>
> I have the impression that it's just arguing for arguing's sake [1].
>
> [1] in the classical sense of "trolling", as per Wikipedia:
>  "In Internet slang, a troll is a person who posts inflammatory,
>   insincere, digressive,[1] extraneous, or off-topic messages in
>   an online community [...], with the intent of provoking readers
>   into displaying emotional responses,[2] or manipulating others'
>   perception.
>   https://en.wikipedia.org/wiki/Trolling
>

So you are accusing me of being a troll. Well, it takes one to know one.

Congratulations! I am starting my own list of trolls on debian-user and
you are the first member of that list.

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/14/2022 7:08 AM, debian-u...@howorth.org.uk wrote:
> > On 9/13/2022 3:59 PM, err...@free.fr wrote:
> > > Please STOP!
> > >
> > > you are annoying, and if you want improve free softwares, is not
> > > like this. you will better contribute with your code or with your
> > > translations than by writing to this mailing-list  
>
> I agree with the sentiments of annoyance and that this thread should
> stop now, please.

Not everyone agrees, because some have still been making comments here that
in my opinion and theirs are constructive and not just trolling.

>
> > The problem is, with all due respect, that I do have my code
> > improvements for free software, but some free software people do not
> > want to accept my contributions but instead want to allow the free
> > software to continue to have the bugs, and they will not explain
> > themselves either. Why should I waste my time contributing to
> > software projects who do not want my contributions? Treating people
> > who want to contribute this way is not the way to gain more advocates
> > for free software!
>
> But again you have been asked before to be specific about your
> objections, so a link to your proposed code improvements and whatever
> conversation there was when you submitted them would go some way to
> justifying the space and time you have already wasted on this list.
>
> > > I want you kicked from this list.  
> > 
> > Well, if you get me kicked off, I will be kicked off. But that is not
> > the way to build a community of people trying to make good software.
> > That is all I am advocating for, and I am really surprised to be
> > treated this way on this list for advocating for improved software in
> > Debian. I guess the trolls on here do not really want to increase the
> > number of people working on improving Debian. But without more
> > people, Debian cannot possibly provide quality support for 59,000
> > free software packages. That is just a fact, even it no one here
> > wants to acknowledge it.
>
> I haven't seen much evidence of trolls here, apart from yourself.

I did make the mistake of feeding a couple of trolls, from now on I will ignore 
them.
They baited me into appearing as a troll by refusing to acknowledge a simple 
truth
and forcing me to say the same obvious truth over and over again, and I 
understand
why some people might be annoyed by that.

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 7:11 PM, Thiemo Kellner wrote:
> Am 13.09.22 um 23:55 schrieb Chuck Zmudzinski:
> > On 9/13/2022 4:14 PM, Thiemo Kellner wrote:
> > I think Megha is emphasizing, and possibly over-emphasizing, the fact 
> > that the persons
> > who actually commit the code in free software projects can operate with 
> > little or
> > no oversight when they are just volunteers not really accountable to anyone.
> And I very much think she is wrong there. Being software developer 
> myself, unfortunately closed source mainly, I can tell that oversight is 
> not related to the licensing model or the pay of the developer. I would 
> go to the length to say that volunteers take, in general, a bigger pride 
> in the quality of their work, because they are not payed for it. The few 
> quite fruitless attempts in writing OSS, I took, failed sometimes 
> because I intend to create the perfect solution and thus not 
> progressing, whereas in the work for money I am often forced to 
> implement a working solution I can tell from the start, it will not be 
> easily maintainable or extendable.
> > to think the situation might be better if either 1) open source projects 
> > exercised more
> > oversight than they currently do over the persons who actually write the 
> > code and
> > release the software
> As I already told. In over 25 years of experience, I do not have 
> complaints about the oversight taken by OSS projects, where as I 
> regularly can complain about closed source payed for software. In the 
> past two weeks I was hunting down a problem we had with IBM DataStage. 
> One of the parallel subprocess terminated unexpectedly and all the 
> message DataStage cared to give was that the subprocess received a 
> SIGINT. We hope to have work around, because we could not find the 
> source. To me, one of the worst things one can do as developer not to 
> have proper error reporting - unless you know, you will not get bothered 
> when the shit starts to hit the fan.
> > , or 2) free/oss software never became ubiquitous. We just cannot
> > know without being able to do a time machine experiment and see how the 
> > software
> > world would have developed if free/oss software had not become as 
> > ubiquitous as it is
> > today.
> I cannot agree with you at all on this point. Omnipresence of OSS does 
> not mean there are more error in the code. It just means there are more 
> users to detect problems, thus more possiblities for the bugs to get 
> fixed. Sure, if OSS developers are overloaded the will not get to fix 
> all the problems, just as developers on CSS (closed source software). 
> Much more, because the sales man can sell better new shiny features even 
> if useless, than stable code. The buyer expects that flaws get fixed for 
> free, maybe rightly so, thus the CSS company will fix as few bugs it can 
> get away with (exageration).
> > If there was not a serious problem of malware, identity theft, ransomware, 
> > etc.,
> > I would be more inclined to question what Megha Verma wrote, but based on 
> > what
> > I see in how free/oss projects are governed, I am not surprised that a 
> > world that relies
> > on so much free/oss software also suffers from so much malware, ransomware, 
> > identity
> > theft, etc.
> Again, my experience with OSS is not this one. And I very much think, 
> that malware, ransomware usually is software on its own not built-in any 
> software. Maybe exploiting a backdoor a company put in their products 
> for ease of maintenance or just by negligence. Identity theft sounds 
> like social engineering or man in the middle attack. The latter not 
> necessarily being a problem of OSS.
> >   Just because *you* have not experienced malware in the software you use
> > does not mean that there are no cases where free/oss software is being 
> > deployed
> > elsewhere in a stealthy way for malicious purposes.
>
> I did not state that OSS was free of flaws and bugs. I am make a point 
> to state that in my experience there are fewer bugs therein than in CSS.
>
> > I am fairly sure I was a victim of
> > the breach of Yahoo that affected hundreds of millions of its users.
> I am sorry for you. I do not know this case, so I cannot tell whether 
> OSS or CSS components of their service were breached, or even a social 
> engineering case.
> >
> > I know people will reply and say it is much worse with proprietary 
> > software. But we
> > really cannot know for sure, because free/oss is so ubiquitous now it is 
> > hard to
> > separate free/oss software from proprietary software.
>
> I certainly can tell my experience comparing OSS to CSS. And

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 6:47 PM, Stefan Monnier wrote:
> > If free/oss projects like Debian want to provide software with those
> > positive characteristics to their users, those projects must have in
> > place some level of oversight over what the persons who actually write
> > the software actually do, or don't do in the case of failing to fix
> > bugs that could easily be fixed, so that the goals of quality, useful,
> > safe, and secure software are reached.
>
> That's why I like Free Software: all of this is done out in the open,
> making oversight particularly easy.
>
> For proprietary code you generally simply can't do that at all because
> it's all kept secret.
>
>
> Stefan
>

We really agree on this point, thanks.

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 4:38 PM, Stefan Monnier wrote:
> > The users. They stop using software or any product that does not work
> > well or is more trouble than it is worth. Then the entity, whether
> > a free/oss or proprietary provider ends up shutting down
> > the enterprise.
>
> But, being Free Software, any remaining user can keep using it,
> improving it, checking if it contains any back doors, hire someone else
> to do it, etc...
>
> >> You do realize that nobody enforces that on proprietary software
> >> either, right?
> > The users do, in the marketplace - and what is not used by enough
> > users eventually disappears.
>
> That's right.  And then you're typically completely screwed even if it
> happened to work well for you.
>
> The company will also blissfully ignore your requests if you're part of
> too-small a slice of their users.  Ever tried to get an `armhf` binary for
> a proprietary GNU/Linux software?
>
> > I think it is true that the "best" software development model depends
> > less on free/oss vs.  proprietary and more on the wisdom, foresight,
> > integrity, and technical expertise of those doing the work and making
> > the important decisions.
>
> I don't care which is better.  I just prefer not to depend on the
> goodwill of a company (most of which I know act against my interest;
> probably inevitably because they are beholden to their shareholders).

Of course you know many of those companies that you know act against your
interests have employees who "volunteer" to contribute to free/oss software 
projects,
so in practice the free/oss software is not free from this problem, but a truly
open project can make it possible to find out which volunteers are not acting
in the true interests of those who advocate for the benefits of free/oss 
software,
and this is not possible in secretive, proprietary organizations.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-14 Thread debian-user

> On 9/13/2022 3:59 PM, err...@free.fr wrote:
> > Please STOP!
> >
> > you are annoying, and if you want improve free softwares, is not
> > like this. you will better contribute with your code or with your
> > translations than by writing to this mailing-list  

I agree with the sentiments of annoyance and that this thread should
stop now, please.

> The problem is, with all due respect, that I do have my code
> improvements for free software, but some free software people do not
> want to accept my contributions but instead want to allow the free
> software to continue to have the bugs, and they will not explain
> themselves either. Why should I waste my time contributing to
> software projects who do not want my contributions? Treating people
> who want to contribute this way is not the way to gain more advocates
> for free software!

But again you have been asked before to be specific about your
objections, so a link to your proposed code improvements and whatever
conversation there was when you submitted them would go some way to
justifying the space and time you have already wasted on this list.

> > I want you kicked from this list.  
> 
> Well, if you get me kicked off, I will be kicked off. But that is not
> the way to build a community of people trying to make good software.
> That is all I am advocating for, and I am really surprised to be
> treated this way on this list for advocating for improved software in
> Debian. I guess the trolls on here do not really want to increase the
> number of people working on improving Debian. But without more
> people, Debian cannot possibly provide quality support for 59,000
> free software packages. That is just a fact, even it no one here
> wants to acknowledge it.

I haven't seen much evidence of trolls here, apart from yourself.
Again, specifics help if you wish to make such claims, rather than
general assertions.

> Best regards,
> 
> Chuck
>

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread tomas

On Tue, Sep 13, 2022 at 03:41:11PM -0400, Chuck Zmudzinski wrote:

[...]

> Actually, someone already has shown us how to do it better. His name is
> Linus Torvalds [...]

I don't know what your aim is.

I have the impression that it's just arguing for arguing's sake [1].

My time is too short to take part in this.

From time to time you mix blatant falsehoods like the above (Linus
wouldn't have got anywhere with his kernel had'nt he had at the time
a whole free toolchain (C compiler, linker, build tools like Make,
etc.), a whole user space (shell ls, cp, sed, you name it), all
courtesy of the GNU project (he acknowledges that, you seem to ignore
it, either by lack of research or by malice, I don't even want to
know at this point).

This is how free software works: you use things out there and build
other things for others to use. *YOU* decide what *you* build. *OTHERS*
decide what *they* do with it. So simple. You seem to have a beef
with that. You can keep your beef. All of it.

I'm out of this thread.

[1] in the classical sense of "trolling", as per Wikipedia:
 "In Internet slang, a troll is a person who posts inflammatory,
  insincere, digressive,[1] extraneous, or off-topic messages in
  an online community [...], with the intent of provoking readers
  into displaying emotional responses,[2] or manipulating others'
  perception.
  https://en.wikipedia.org/wiki/Trolling

-- 
t

signature.asc
Description: PGP signature

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread Thiemo Kellner


Am 13.09.22 um 23:55 schrieb Chuck Zmudzinski:

On 9/13/2022 4:14 PM, Thiemo Kellner wrote:
I think Megha is emphasizing, and possibly over-emphasizing, the fact 
that the persons

who actually commit the code in free software projects can operate with little 
or
no oversight when they are just volunteers not really accountable to anyone.
And I very much think she is wrong there. Being software developer 
myself, unfortunately closed source mainly, I can tell that oversight is 
not related to the licensing model or the pay of the developer. I would 
go to the length to say that volunteers take, in general, a bigger pride 
in the quality of their work, because they are not payed for it. The few 
quite fruitless attempts in writing OSS, I took, failed sometimes 
because I intend to create the perfect solution and thus not 
progressing, whereas in the work for money I am often forced to 
implement a working solution I can tell from the start, it will not be 
easily maintainable or extendable.

to think the situation might be better if either 1) open source projects 
exercised more
oversight than they currently do over the persons who actually write the code 
and
release the software
As I already told. In over 25 years of experience, I do not have 
complaints about the oversight taken by OSS projects, where as I 
regularly can complain about closed source payed for software. In the 
past two weeks I was hunting down a problem we had with IBM DataStage. 
One of the parallel subprocess terminated unexpectedly and all the 
message DataStage cared to give was that the subprocess received a 
SIGINT. We hope to have work around, because we could not find the 
source. To me, one of the worst things one can do as developer not to 
have proper error reporting - unless you know, you will not get bothered 
when the shit starts to hit the fan.

, or 2) free/oss software never became ubiquitous. We just cannot
know without being able to do a time machine experiment and see how the software
world would have developed if free/oss software had not become as ubiquitous as 
it is
today.
I cannot agree with you at all on this point. Omnipresence of OSS does 
not mean there are more error in the code. It just means there are more 
users to detect problems, thus more possiblities for the bugs to get 
fixed. Sure, if OSS developers are overloaded the will not get to fix 
all the problems, just as developers on CSS (closed source software). 
Much more, because the sales man can sell better new shiny features even 
if useless, than stable code. The buyer expects that flaws get fixed for 
free, maybe rightly so, thus the CSS company will fix as few bugs it can 
get away with (exageration).

If there was not a serious problem of malware, identity theft, ransomware, etc.,
I would be more inclined to question what Megha Verma wrote, but based on what
I see in how free/oss projects are governed, I am not surprised that a world 
that relies
on so much free/oss software also suffers from so much malware, ransomware, 
identity
theft, etc.
Again, my experience with OSS is not this one. And I very much think, 
that malware, ransomware usually is software on its own not built-in any 
software. Maybe exploiting a backdoor a company put in their products 
for ease of maintenance or just by negligence. Identity theft sounds 
like social engineering or man in the middle attack. The latter not 
necessarily being a problem of OSS.

  Just because *you* have not experienced malware in the software you use
does not mean that there are no cases where free/oss software is being deployed
elsewhere in a stealthy way for malicious purposes.


I did not state that OSS was free of flaws and bugs. I am make a point 
to state that in my experience there are fewer bugs therein than in CSS.



I am fairly sure I was a victim of
the breach of Yahoo that affected hundreds of millions of its users.
I am sorry for you. I do not know this case, so I cannot tell whether 
OSS or CSS components of their service were breached, or even a social 
engineering case.


I know people will reply and say it is much worse with proprietary software. 
But we
really cannot know for sure, because free/oss is so ubiquitous now it is hard to
separate free/oss software from proprietary software.


I certainly can tell my experience comparing OSS to CSS. And there I OSS 
gets better off. And for the rest, well I cannot tell it is this or the 
other way around at all.



For example, most web
browsers are based on chromium, a free oss project that comes in large part from
Google, but some of the most-used browsers in the world based on chromium
are proprietary, such as chrome and edge.
I am not sure that this holds true. I would be quite surprised that 
chromium or edged can legally use code of a OSS browser, being CSS. But 
I am not an attorney.

I recommend everyone be very aware of the risks of using any software, whether
it be proprietary software or free/oss software in today's

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread Larry Martell

On Tue, Sep 13, 2022 at 3:48 PM Stefan Monnier  wrote:
>
> > If free/oss projects like Debian want to provide software with those
> > positive characteristics to their users, those projects must have in
> > place some level of oversight over what the persons who actually write
> > the software actually do, or don't do in the case of failing to fix
> > bugs that could easily be fixed, so that the goals of quality, useful,
> > safe, and secure software are reached.
>
> That's why I like Free Software: all of this is done out in the open,
> making oversight particularly easy.
>
> For proprietary code you generally simply can't do that at all because
> it's all kept secret.

I thought this argument was over many years ago. This is an old book,
but it seems people need to read it today:
https://www.amazon.com/Cathedral-Bazaar-Musings-Accidental-Revolutionary/dp/0596001088

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 4:31 PM, Stefan Monnier wrote:
> > the interest of the user. These "volunteers" obviously have other,
> > possibly malicious, interests if they prove themselves unwilling to
> > apply fixes to bugs that are reported to them.
>
> I think there's a confusion here: these volunteers will also have
> "other, possibly malicious, interests" even if they are willing/eager
> to apply fixes to bugs that are reported to them.
>
> Same goes for people you pay, so it's not specific to volunteers.
> And of course it's also not specific to a particular kind of license.
>
>
> Stefan
>

So I presume you agree that no matter the kind of license, development model, 
etc.,
it is in the interest of the users of software for there to be oversight of 
what the persons
who actually write the code and release the software to the public actually do 
to deter
them from doing anything malicious, and if they do not act in the interest of 
the users,
then they are undermining the purpose of any software project that claims to 
provide
quality software that is secure, useful, and safe to use.

If free/oss projects like Debian want to provide software with those positive
characteristics to their users, those projects must have in place some level of 
oversight
over what the persons who actually write the software actually do, or don't do 
in the
case of failing to fix bugs that could easily be fixed, so that the goals of 
quality, useful,
safe, and secure software are reached.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 4:14 PM, Thiemo Kellner wrote:
> Am 12.09.22 um 19:47 schrieb Chuck Zmudzinski:
> > "Open Source Software is accessible to all means it can be used and 
> > misused.
> > And, that’s where it turns unconstructive for us. With OSS, we can expect 
> > harm,
> > virus transfer, identity burglary, and many other malicious practices to 
> > hurt the
> > process." [1]
> > ...
> > 
> > [1] 
> > https://medium.com/quick-code/advantages-disadvantages-of-open-source-software-explained-2fd35acd413
>
> Hi Chuck
>
> ...
>
> I do not quite get the meaning of "Open Source Software is accessible to 
> all means it can be used and misused." by Megha Verma. Assuming that it 
> is by its nature possible to "inject" malicious code then yes and no. 
> Yes, it theoretically is possible as anyone can get and change the code, 
> but no, if the project is fairly well maintained, i.e. no commits to the 
> main branch of the code repository without any review. Personally, I 
> have been using OSS for more than 25 years and never had the suspicion 
> any of the OSS I used was acting malicious.

I think Megha is emphasizing, and possibly over-emphasizing, the fact that the 
persons
who actually commit the code in free software projects can operate with little 
or
no oversight when they are just volunteers not really accountable to anyone. 
Also,
we do not really know what the malware/ransomware situation would be like today
around the world if free/oss software were not as ubiquitous as it is today in 
web
servers, phone operating systems like android, etc. It clearly is not a good 
situation
now regarding malware and ransomware around the world, and it is not 
unreasonable
to think the situation might be better if either 1) open source projects 
exercised more
oversight than they currently do over the persons who actually write the code 
and
release the software, or 2) free/oss software never became ubiquitous. We just 
cannot
know without being able to do a time machine experiment and see how the software
world would have developed if free/oss software had not become as ubiquitous as 
it is
today. If there was not a serious problem of malware, identity theft, 
ransomware, etc.,
I would be more inclined to question what Megha Verma wrote, but based on what
I see in how free/oss projects are governed, I am not surprised that a world 
that relies
on so much free/oss software also suffers from so much malware, ransomware, 
identity
theft, etc. Just because *you* have not experienced malware in the software you 
use
does not mean that there are no cases where free/oss software is being deployed
elsewhere in a stealthy way for malicious purposes. I am fairly sure I was a 
victim of
the breach of Yahoo that affected hundreds of millions of its users. A word to 
the wise:
be vigilant about the software you use and take note of any red flags.

I know people will reply and say it is much worse with proprietary software. 
But we
really cannot know for sure, because free/oss is so ubiquitous now it is hard to
separate free/oss software from proprietary software. For example, most web
browsers are based on chromium, a free oss project that comes in large part from
Google, but some of the most-used browsers in the world based on chromium
are proprietary, such as chrome and edge.

I recommend everyone be very aware of the risks of using any software, whether
it be proprietary software or free/oss software in today's world of so much 
malware.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread Thiemo Kellner

Am 12.09.22 um 19:47 schrieb Chuck Zmudzinski:
"Open Source Software is accessible to all means it can be used and
misused.

And, that’s where it turns unconstructive for us. With OSS, we can expect harm,
virus transfer, identity burglary, and many other malicious practices to hurt
the
process." [1]

I would not go so far to say that is happening in Debian, but I have experienced
the fact that not every bug that is important to my use case will be fixed
quickly
in Debian, even if I or other users takes the time to find the fix and share it
with the Debian developers. This experience of mine with Debian as a long-time
user of Debian *does* raise suspicion in my mind, and I would not be suspicious
of malicious intent by Debian developers and maintainers if they were more
responsive to some bugs they just ignore for months and even years. I agree
my suspicion does not prove malice, but my suspicion is reasonable when there
are Debian "volunteers" who do work in corporate environments where the
interests of their employer might conflict with the interests of the open source
software projects such as Debian that they contribute to. This is simply a risk
that
users of Debian software, or of any open source software, should be aware of,
and users should know how to mitigate this risk of malicious activity within
open source software projects like Debian.

So it as a fact that if a person is just a user of Debian and not an official
developer of Debian, there is no guarantee that the use case of that particular
user will receive prompt attention from the official Debian developers. That
is true because Debian developers are just volunteers and not liable for any
problems the software they release might cause to those who use Debian
software. That is a *big disadvantage* of open source software.

Best regards,

Chuck

[1]
https://medium.com/quick-code/advantages-disadvantages-of-open-source-software-explained-2fd35acd413

Hi Chuck

While I think that you are partly right (prioritization of bug fixing of
OSS) but my experience of closed source software (even paid for) is that
one usually is only the small fish in the pond and one's needs are
rather put back. However, with OSS, if you cannot fix it yourself - I
suppose most users cannot do - one is free to give incentives to get
one's wishes done. You can call it bribery if you like or putting a
bounty on a problem.

I do not quite get the meaning of "Open Source Software is accessible to
all means it can be used and misused." by Megha Verma. Assuming that it
is by its nature possible to "inject" malicious code then yes and no.
Yes, it theoretically is possible as anyone can get and change the code,
but no, if the project is fairly well maintained, i.e. no commits to the
main branch of the code repository without any review. Personally, I
have been using OSS for more than 25 years and never had the suspicion
any of the OSS I used was acting malicious.

I also would like to point to the table of mentioned lady. It states
that OSS is open and FREE. As far as I am informed, the latter is not
mandatory. I believe Richard Stallman put it that way: OSS is free as in
freedom and not as in free beer. I hardly have ever noticed OSS not
being free of fees but yet it is possible. Either she did not know, or
she did not notice when putting in the table. But be it as it may, I
think, that the association of OSS with free beer raises the expectation
that OSS maintenance is not to cost a dime, and therefore a bad
association. Thus, I have begun to donate to OSS projects to give back
in that way at least.

Kind regards

Thiemo

--
Signal (Safer than WhatsApp): +49 1578 7723737
Threema (Safer than WhatsApp): A76MKH3J
Handy: +49 1578 772 37 37

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 3:59 PM, err...@free.fr wrote:
> Please STOP!
>
> you are annoying, and if you want improve free softwares, is not like this.
> you will better contribute with your code or with your translations than by 
> writing to this mailing-list

The problem is, with all due respect, that I do have my code improvements for 
free software, but some free software people do not want to accept my 
contributions but instead want to allow the free software to continue to have 
the bugs, and they will not explain themselves either. Why should I waste my 
time contributing to software projects who do not want my contributions? 
Treating people who want to contribute this way is not the way to gain more 
advocates for free software!

>
> I want you kicked from this list.

Well, if you get me kicked off, I will be kicked off. But that is not the way 
to build a community of people trying to make good software. That is all I am 
advocating for, and I am really surprised to be treated this way on this list 
for advocating for improved software in Debian. I guess the trolls on here do 
not really want to increase the number of people working on improving Debian. 
But without more people, Debian cannot possibly provide quality support for 
59,000 free software packages. That is just a fact, even it no one here wants 
to acknowledge it.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread err404




Please STOP!

you are annoying, and if you want improve free softwares, is not like this.
you will better contribute with your code or with your translations than by 
writing to this mailing-list

I want you kicked from this list.

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 2:33 PM, Michael Stone wrote:
> On Tue, Sep 13, 2022 at 02:14:38PM -0400, Chuck Zmudzinski wrote:
> >So do you, obviously. Someone said something that raised that question in my 
> >mind,
> >but you deleted that part from this message, which proves you are the one 
> >who has
> >an ax to grind by not answering the question that has been raised by the 
> >comments
> >you and another person has been making.
>
> What question?

You identified "rhetorical questions" that you wanted me to stop.

> I saw no question. Either talk about specifics or it's 
> nothing but empty FUD.
>
> >> Either get to the point and discuss
> >> what's bothering you directly or stop with the pointless rhetorical
> >> questions.
> >>
> >
> >It bothers me that there are supposed advocates of free/oss software like 
> >Debian
> >who think that it is good for free/oss software if the persons who volunteer
> >to develop and maintain free software like Debian can ignore bugs reported 
> >to them
> >and refuse to fix them.
>
> Here's the thing: it's open source. If you think it's not being done 
> right THEN YOU DO IT DIFFERENTLY. If you don't like how some software is 
> being maintained, fork it and show everyone how it can be done better.

Actually, someone already has shown us how to do it better. His name is
Linus Torvalds. Debian and other oss projects should see and understand
what he does that makes the Linux kernel a truly useful software project. Debian
is successful because of the Linux kernel, not the other way around.

Since you bring up forks, I have an opinion about that. Everyone have their own
fork is not a sustainable model for free/oss software, IMHO. If everyone needs
to have their own fork, that is because of the failure of the way free/oss 
projects
are governed. Again this is just my opinion, but I think it is valid.

There is a place for some forks when the goal of the project has a particular 
focus,
but for a project like Debian, which currently claims to support 59000 free 
software
packages in the stable distribution, the focus is on general purpose computing 
and,
IMHO, it is a failure for Debian and free/oss software when a fork such as 
Devuan
happens. The Devuan fork proved how ridiculous it is for Debian to claim to be 
able
to support 59000 software packages in its stable distribution, which is 
currently what
the "Reasons to use Debian" page on debian.org claims. I think that if Debian 
really
wants to provide *high quality* support for each and every one of the 59000 
software
packages in its repositories, it should look at the Devuan fork and try to 
understand
what it could have done to prevent it from happening. All those people working 
on
Devuan could still be working on Debian. I don't understand why it was good for 
that
fork to happen. Just my opinion, FWIW.

>  
> It's unreasonable to just sit on the sidelines and make vague 
> accusations. The ax you want to grind seems to involve one specific 
> issue.

The issue is the survival of free/oss software - it will not survive if the idea
that those who develop and maintain free/oss software don't have to respond
to the bugs that are reported to them prevails. No one will use it if the people
who create it are free to let the problems that inevitably arise go without 
fixing
them.

> Tell us what it is, then everyone can decide for themselves 
> whether you have a point, whether it can/should be addressed, or whether 
> you're just mad that you can't make someone else do what you want.

I think I have clarified what the issue is sufficiently. I am not mad that I 
cannot
make someone else do what I want. I would just be sad if free/oss software
dies out because it was taken over by people who refused to acknowledge the
simple idea that it is bad for free/oss software if those who develop and
maintain the software are free to not fix the bugs that users report to them.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread Michael Stone


On Tue, Sep 13, 2022 at 02:14:38PM -0400, Chuck Zmudzinski wrote:

So do you, obviously. Someone said something that raised that question in my 
mind,
but you deleted that part from this message, which proves you are the one who 
has
an ax to grind by not answering the question that has been raised by the 
comments
you and another person has been making.


What question? I saw no question. Either talk about specifics or it's 
nothing but empty FUD.



Either get to the point and discuss
what's bothering you directly or stop with the pointless rhetorical
questions.



It bothers me that there are supposed advocates of free/oss software like Debian
who think that it is good for free/oss software if the persons who volunteer
to develop and maintain free software like Debian can ignore bugs reported to 
them
and refuse to fix them.


Here's the thing: it's open source. If you think it's not being done 
right THEN YOU DO IT DIFFERENTLY. If you don't like how some software is 
being maintained, fork it and show everyone how it can be done better. 
It's unreasonable to just sit on the sidelines and make vague 
accusations. The ax you want to grind seems to involve one specific 
issue. Tell us what it is, then everyone can decide for themselves 
whether you have a point, whether it can/should be addressed, or whether 
you're just mad that you can't make someone else do what you want.

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 2:02 PM, Michael Stone wrote:
> On Tue, Sep 13, 2022 at 12:42:12PM -0400, Chuck Zmudzinski wrote:
> >Software projects today, IIUC, are communities. The "volunteers" should do 
> >what the community
> >wants, not necessarily what you or I want. Do you think the free/oss 
> >software community wants
> >volunteers who ignore bugs or refuse to fix bugs in free/oss software? If 
> >they do ignore a
> >bug or refuse to fix a bug with a known fix, don't they owe an explanation 
> >to the community?
> >If not, why not?
>
> You seem to have an ax to grind.

So do you, obviously. Someone said something that raised that question in my 
mind,
but you deleted that part from this message, which proves you are the one who 
has
an ax to grind by not answering the question that has been raised by the 
comments
you and another person has been making.

> Either get to the point and discuss 
> what's bothering you directly or stop with the pointless rhetorical 
> questions.
>

It bothers me that there are supposed advocates of free/oss software like Debian
who think that it is good for free/oss software if the persons who volunteer
to develop and maintain free software like Debian can ignore bugs reported to 
them
and refuse to fix them. If you think that is good for free/oss software, I 
disagree with
you. Fortunately, you are just one person, and I doubt the Debian community or
any other free software community wants the persons who develop and maintain
the software to ignore and/or refuse to fix the bugs reported to them.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread Michael Stone


On Tue, Sep 13, 2022 at 12:42:12PM -0400, Chuck Zmudzinski wrote:

Software projects today, IIUC, are communities. The "volunteers" should do what 
the community
wants, not necessarily what you or I want. Do you think the free/oss software 
community wants
volunteers who ignore bugs or refuse to fix bugs in free/oss software? If they 
do ignore a
bug or refuse to fix a bug with a known fix, don't they owe an explanation to 
the community?
If not, why not?


You seem to have an ax to grind. Either get to the point and discuss 
what's bothering you directly or stop with the pointless rhetorical 
questions.

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread Tim Woodall


On Tue, 13 Sep 2022, Chuck Zmudzinski wrote:


I agree with that. But the price-performance ratio could be even better if the 
"volunteers"
in free/oss software projects were not free to ignore bugs reported to them.



Pretty much everything worked for this grub bug other than some
unfortunate setting of priorities. The bug wasn't around long enough
that you can assume it was being ignored.

Yes, I agree there's some annoyance when volunteers ignore bugs that
have patches, there's one in ucf that has caused me no end of grief but
it's pretty easy to rebuild with patches and patches are easy to find.

There was that recent bash + ssh bug that I got lots of help with here a
few weeks ago. I have a patched bash - it would be nice not to have to
keep that but it's not a big deal.

I've been just as guilty the other way. I found a minor bug in dump but
it took me ages (probably years) to bother report it and then it was
fixed in a few days. Possibly I was the only person to encounter it and
when I couldn't fix it in five minutes I just put up with it and did
nothing.

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 12:36 PM, to...@tuxteam.de wrote:
> On Tue, Sep 13, 2022 at 12:25:40PM -0400, Chuck Zmudzinski wrote:
>
> [...]
>
> > I agree with that. But the price-performance ratio could be even better if 
> > the "volunteers"
> > in free/oss software projects were not free to ignore bugs reported to them.
>
> Hm. I doubt that. Perhaps they will do more what *you* want,

Software projects today, IIUC, are communities. The "volunteers" should do what 
the community
wants, not necessarily what you or I want. Do you think the free/oss software 
community wants
volunteers who ignore bugs or refuse to fix bugs in free/oss software? If they 
do ignore a
bug or refuse to fix a bug with a known fix, don't they owe an explanation to 
the community?
If not, why not?

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread tomas

On Tue, Sep 13, 2022 at 12:25:40PM -0400, Chuck Zmudzinski wrote:

[...]

> I agree with that. But the price-performance ratio could be even better if 
> the "volunteers"
> in free/oss software projects were not free to ignore bugs reported to them.

Hm. I doubt that. Perhaps they will do more what *you* want, but if they
are free to do what they want, the software's quality is higher?

Cheers
-- 
t

signature.asc
Description: PGP signature

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 11:53 AM, Michael Stone wrote:
> On Tue, Sep 13, 2022 at 11:27:43AM -0400, Chuck Zmudzinski wrote:
> >On 9/13/2022 12:36 AM, to...@tuxteam.de wrote:
> >> On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote:
> >>
> >> > [...] "I can't get personalized/dedicated support with enforceable
> >> > SLAs for free"
> >
> >If the requirement that maintainers and developers of free/oss software must 
> >actually
> >fix the bugs reported to them is not enforced, then free/oss software *is* 
> >vulnerable to
> >all kinds of malicious activity by the "volunteers" who create the free/oss 
> >software.
>
> Enforced by whom? How?

The users. They stop using software or any product that does not work well or
is more trouble than it is worth. Then the entity, whether a free/oss or 
proprietary
provider ends up shutting down the enterprise.

> You do realize that nobody enforces that on 
> proprietary software either, right?

The users do, in the marketplace - and what is not used by enough users 
eventually
disappears.

> THIS IS NOT A CHARACTERISTIC THAT 
> DISTINGUISHES OPEN SOURCE AND CLOSED SOURCE SOFTWARE. Given that, 
> continuing this discussion seems silly. (Especially since it appears 
> that you'll simply to repeat your original assertion, mistaken though it 
> is, without even trying to address to the points that others have made.)
>

I think it is true that the "best" software development model depends less on 
free/oss vs.
proprietary and more on the wisdom, foresight, integrity, and technical 
expertise of
those doing the work and making the important decisions.

Best regards,

Chuck

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

On 9/13/2022 11:44 AM, to...@tuxteam.de wrote:
> On Tue, Sep 13, 2022 at 11:27:43AM -0400, Chuck Zmudzinski wrote:
> > On 9/13/2022 12:36 AM, to...@tuxteam.de wrote:
> > > On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote:
> > >
> > > > [...] "I can't get personalized/dedicated support with enforceable
> > > > SLAs for free"
> > 
> > If the requirement that maintainers and developers of free/oss software 
> > must actually
> > fix the bugs reported to them is not enforced, then free/oss software *is* 
> > vulnerable to
> > all kinds of malicious activity by the "volunteers" who create the free/oss 
> > software.
> > 
> > >
> > > Had I a printer, I'd print out this, frame it and hang it on the
> > > wall. This makes the point very nicely :-)
> > >
> > > Cheers
> > 
> > Yes, it is true, no one should use Debian or any software maintained by 
> > totally
> > unaccountable "volunteers" for any mission-critical purpose without also 
> > hiring
> > someone with the time and expertise to do what is necessary to make such 
> > software
> > secure and bug-free for the intended purpose of the software. That is, users
> > must *not trust* the volunteers who maintain and develop Debian software to 
> > act in
> > the interest of the user [...]
>
> But how is that different from commercial software?

Not that much different. I like the fact that we have free/oss software now so
we can see which "volunteers" who sometimes work for big corporations choose to
ignore bugs reported to them. I won't trust those "volunteers" nor will I trust
the companies they work for, nor will I trust the software and hardware those
companies release into the marketplace. I also think it is better for free/oss
projects to enforce some minimum level of effort on the "volunteers" who
maintain and develop the software to reduce the chances that the
"volunteers" can get away with abusing their position as "volunteers" who have
the power to upload official software to the free/oss projects' download 
servers.

> The commercial entity
> is bound to the shareholders and to the paying customers -- based on how
> much they pay for. If you, as a customer, are shelling out a significant
> amount of money, you can as well pay a dedicated person to keep your
> free software in shape. Probably the price-performance ratio will be
> better.

I agree with that. But the price-performance ratio could be even better if the 
"volunteers"
in free/oss software projects were not free to ignore bugs reported to them.

Cheers

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread Michael Stone

On Tue, Sep 13, 2022 at 11:27:43AM -0400, Chuck Zmudzinski wrote:

On 9/13/2022 12:36 AM, to...@tuxteam.de wrote:

On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote:

> [...] "I can't get personalized/dedicated support with enforceable
> SLAs for free"

If the requirement that maintainers and developers of free/oss software must 
actually
fix the bugs reported to them is not enforced, then free/oss software *is* 
vulnerable to
all kinds of malicious activity by the "volunteers" who create the free/oss 
software.

Enforced by whom? How? You do realize that nobody enforces that on 
proprietary software either, right? THIS IS NOT A CHARACTERISTIC THAT 
DISTINGUISHES OPEN SOURCE AND CLOSED SOURCE SOFTWARE. Given that, 
continuing this discussion seems silly. (Especially since it appears 
that you'll simply to repeat your original assertion, mistaken though it 
is, without even trying to address to the points that others have made.)

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)

2022-09-13 Thread tomas

On Tue, Sep 13, 2022 at 11:27:43AM -0400, Chuck Zmudzinski wrote:
> On 9/13/2022 12:36 AM, to...@tuxteam.de wrote:
> > On Mon, Sep 12, 2022 at 03:32:27PM -0400, Michael Stone wrote:
> >
> > > [...] "I can't get personalized/dedicated support with enforceable
> > > SLAs for free"
> 
> If the requirement that maintainers and developers of free/oss software must 
> actually
> fix the bugs reported to them is not enforced, then free/oss software *is* 
> vulnerable to
> all kinds of malicious activity by the "volunteers" who create the free/oss 
> software.
> 
> >
> > Had I a printer, I'd print out this, frame it and hang it on the
> > wall. This makes the point very nicely :-)
> >
> > Cheers
> 
> Yes, it is true, no one should use Debian or any software maintained by 
> totally
> unaccountable "volunteers" for any mission-critical purpose without also 
> hiring
> someone with the time and expertise to do what is necessary to make such 
> software
> secure and bug-free for the intended purpose of the software. That is, users
> must *not trust* the volunteers who maintain and develop Debian software to 
> act in
> the interest of the user [...]

But how is that different from commercial software? The commercial entity
is bound to the shareholders and to the paying customers -- based on how
much they pay for. If you, as a customer, are shelling out a significant
amount of money, you can as well pay a dedicated person to keep your
free software in shape. Probably the price-performance ratio will be
better.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: Advantages/Disadvantages of Open Source Software (Was Re: Package grub-xen-host breaks PV domains with 11.5 point release)