[DNG] Living Dangerously (was: Review of documentation needed)

[g4sra via Dng]

> g4sra via Dng wrote:
> 

> > I opt to live dangerously..(shove an '-r' in there too if you feel like it)
> > $ rm -i .* *
> > this way you can delete illegitimate entries without hacking the filesystem.
> 

> That is definitely dangerous indeed.
I wasn't exaggerating, what is life without a little excitement occasionally.
A rookie sysadmin mistake is to take backups but never ever do a test restore 
to ensure they are OK.
Using this command may provide you with that opportunity to perform a real 
restore from backup :)

> For example if for whatever
> reason one happens to have "-f" as a file name then it will override
> the "-i" listed as a command line option and then all files will be
> deleted without question.
> 

> $ mkdir /tmp/testdir
> $ cd /tmp/testdir
> $ touch ./-f .foo foo
> $ echo rm -i .* *
> rm -i . .. .foo -f foo
> $ rm -i .* *
> rm: cannot remove '.': Is a directory
> rm: cannot remove '..': Is a directory
> $ ll -a
> -rw-rw-r-- 1 rwp rwp 0 Sep 22 14:57 -f
> drwxrwxr-x 2 rwp rwp 60 Sep 22 14:57 ./
> drwxrwxrwt 11 root root 760 Sep 22 14:57 ../
> 

> Where is .foo? Where is foo? There was no -i prompt. The -f file i
> still on disk and not removed? All correct behavior given the
> command as given.
> 

> When dealing with file globs like "" it is always better to prefix it
> with "./" as in "./" so as to avoid the first character having any
> possibility of matching a dash and being interpreted as an option.

Thanks Bob, I will ensure I use ./* in future :)

> You make your own luck! :-)
I disagree with that though...it should be "You make your own bad fortune"

> [[ I have seen people intentionally leave a -i file in their home
> directory so as to intentionally have rm * cause it to be interpreted
> as an option. I recommend not relying upon it though. ]]
I have seen a few pranks in my time but never came across that one.
The most annoying of which was on one particular academic system which would 
not let you complete your login until you had read all your new mail.
Some bright spark emailed everybody (including the sysadmin so he could not 
purge mail) a copy of the system spellchecker dictionary.

I doubt the following will ever be topped, also a fashion statement, if you 
know different please post to this new thread.
https://jaromil.dyne.org/journal/forkbomb_art.html

> 

> Bob


publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Review of documentation needed

[g4sra via Dng]

<--snip-->
> Net question: how to get a '/' in a file name instead of having it
> interpreted as a separator in a path.
> 

> I needed it once long ago when using a file system that had been built
> on another OS.
> 

> I resorted to using a hexadecimal editor on the raw disk to get rid of
> the thing.
Been there, done that.
Now my time is worth more than the effort to go down that road.

I opt to live dangerously..(shove an '-r' in there too if you feel like it)

$ rm -i .* *

this way you can delete illegitimate entries without hacking the filesystem.



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] fresh install of chimaera on an Ultrabook - no touchpad

[g4sra via Dng]

<--snip-->

A web search suggests that the following will compensate for the hardware 
issues you are experiencing
I do not have your hardware and therefore cannot test.

edit /etc/default/grub and add parameters for i8042

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash i8042.notimeout i8042.nomux"

then run
$ sudo update-grub
and reboot

When done correctly they will show on the kernel command line
$cat /proc/cmdline
BOOT_IMAGE=/vmlinuz-?.??. root=/dev/ ro quiet splash i8042.notimeout 
i8042.nomux



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] KUserFeedback

[g4sra via Dng]

On Sunday, September 5th, 2021 at 11:54 AM, tito via Dng  
wrote:
> On Sun, 05 Sep 2021 10:18:15 +
> g4sra via Dng dng@lists.dyne.org wrote:
> > On Sunday, September 5th, 2021 at 11:15 AM, tito farmat...@tiscali.it wrote:
> > > On Sun, 05 Sep 2021 08:54:14 +
> > > g4sra via Dng dng@lists.dyne.org wrote:
> > > > <--snip-->
> > > > > Comments and better ideas are welcome. 

> > > > Apparmor
> > > > Hi,
> > > > the cure is worse than the disease ;-)
> > > > How is Apparmor abusive ?
> Hi,
> 

> I'm not very fond of apparmor for various reasons:
> 1.  I experienced unexpected behavior of programs 

> silently failing to do something (log, run, etc

> because the apparmor profile was wrong/bugged
> 2.  unless you study every code path in the program you want to   

> supervise the profiles used will not be safe but nobody really cares

> (e.g. maintainer adds a profile that works with the default setup

> of the distro (if it really works))
> 3.  if you use a customized setup of services or other programs 

> it is highly probable that the profiles will not work for you
>

> Summary:
> 

> apparmor gets in the way of doing stuff and

> in the end adds just one more software layer   

> with a million code lines and the inevitable 

> programming errors, so in my humble opinion 

> it just adds complexity (bad!) with no guarantee of improving 

> security (not so good!) and makes linux more

> windows-like (worse!!).
> 

> Addendum:
> 

> Quis custodiet ipsos custodes?
> 

> What will be the next evolutionary step, will we need

> a new layer that secures apparmor?
> 

> My Solution:
> 

> To avoid all of this trouble and reduce complexity I pin -1 

> apparmor in apt preferences, purge it and everything related

> and disable it on the kernel command line with apparmor=0

> and everything is smooth, understandable and reliable again

> as it has been "in saecula saeculorum".
> 

> Ciao,
> 

> Tito
> 

So to summarise...
The answer to my question 'What is abusive about Apparmor ?' is "nothing".

You don't like it because you find it overly complicated to configure.
Better throw overly complicated to configure KDE4 out (and Xorg, and ALSA, 
and...) with the bathwater as well then, and then KUserFeedback becomes a 
non-issue.










publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] KUserFeedback

[g4sra via Dng]

On Sunday, September 5th, 2021 at 11:15 AM, tito  wrote:
> On Sun, 05 Sep 2021 08:54:14 +
> g4sra via Dng dng@lists.dyne.org wrote:
> > <--snip-->
> > > Comments and better ideas are welcome.
> > Apparmor
> Hi,
> the cure is worse than the disease ;-)
How is Apparmor abusive ?



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] KUserFeedback

[g4sra via Dng]

<--snip-->
> Comments and better ideas are welcome.

Apparmor

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Firefox, sudo and apulse (was Re: Steam, Mumble, Valheim, Alsa and shared audio)

[g4sra via Dng]

On Tuesday, August 31st, 2021 at 7:41 PM, hal  wrote
> On 8/31/21 11:02, g4sra via Dng wrote:
> 
> > > ctl.!default {
> > > type hw
> > > card 0
> > > }
> > > 

> > > Check to make sure you do not have a ~/.asoundrc overriding 
> > > /etc/asound.conf
> Good thought, and have checked this. Especially relevant with the multi-user 
> situation. I will check on the other enlightening ALSA suggestions you have 
> made.
> 
> > get user_one's cookie:
> > user_one# xauth -n list localhost/unix:0
> > localhost/unix:0 MIT-MAGIC-COOKIE-1 83c12a394ac0c5afe1fee0a973b9e49g
> > then give the cookie to user_two:
> > user_two# xauth add localhost/unix:0 MIT-MAGIC-COOKIE-1 
> > 83c12a394ac0c5afe1fee0a973b9e49g
> > now 'user_two' can access the GUI (you may need to set DISPLAY):
> > user_two# DISPLAY=:0 /usr/bin/apulse /home/apps/firefox/firefox 
> > -ProfileManager
> Thank you for this! I have always used 'xhost +' and drop TCP 6000 (eth0) on 
> the host firewall (on my "single-user" workstation anyway). I've tried to 
> find more secure ways to share the X cookie but for one reason or another, 
> they never worked out. I will try this!

Hi Hal,

I replied off-list, it just occurred to me it may have gone into your spam box.


publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Firefox, sudo and apulse (was Re: Steam, Mumble, Valheim, Alsa and shared audio)

[g4sra via Dng]

On Tuesday, August 31st, 2021 at 7:41 PM, hal  wrote:
> On 8/31/21 11:02, g4sra via Dng wrote
> 
> 

> > > ctl.!default {
> > > 

> > > type hw
> > > 

> > > card 0
> > > 

> > > }
> > > 

> > > Check to make sure you do not have a ~/.asoundrc overriding 
> > > /etc/asound.conf
> 

> Good thought, and have checked this. Especially relevant with the multi-user 
> situation. I will check on the other enlightening ALSA suggestions you have 
> made.
> 

> 
> 

> > get user_one's cookie:
> > user_one# xauth -n list localhost/unix:0
> > localhost/unix:0 MIT-MAGIC-COOKIE-1 83c12a394ac0c5afe1fee0a973b9e49g
> > 

> > then give the cookie to user_two:
> > user_two# xauth add localhost/unix:0 MIT-MAGIC-COOKIE-1 
> > 83c12a394ac0c5afe1fee0a973b9e49g
> > 

> > now 'user_two' can access the GUI (you may need to set DISPLAY):
> > user_two# DISPLAY=:0 /usr/bin/apulse /home/apps/firefox/firefox 
> > -ProfileManager
> 

> Thank you for this! I have always used 'xhost +' and drop TCP 6000 (eth0) on 
> the host firewall (on my "single-user" workstation anyway). I've tried to 
> find more secure ways to share the X cookie but for one reason or another, 
> they never worked out. I will try this!

To work remotely you use the FQDN appended with the DISPLAY number (as opposed 
to localhost/unix:0) to get the TCP connection cookie.
user_one# xauth -n list host.example.com:0
10.0.0.1 MIT-MAGIC-COOKIE-1 92b21b394ac0c5afe1fee0a973b9e49g

This will only work if Xorg is listening for non-local TCP connections though, 
which is NOT the default.
I almost always use XForward'ing over ssh.






publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Firefox, sudo and apulse (was Re: Steam, Mumble, Valheim, Alsa and shared audio)

[g4sra via Dng]

On Tuesday, August 31st, 2021 at 4:21 PM, hal  wrote:
> On 8/28/21 13:24, g4sra via Dng wrote:
> > Install 'apulse' which are a sort of pulseaudio compatability libraries.
> apulse hasn't been working for me with Firefox for at least a year now. I 
> don't know if I messed it up or if it was some software change, but it just 
> stopped working once. Firefox doesn't seem to have FOSS in the focus so much 
> anymore so always thought maybe they did something (again).
> I just tried ff now running as my LXDE logged in user[1] and using sudo[2]. 
> Both generated some apulse complaints I have to look into. my "default" dev 
> is the onboard sound chip which might be in use with another application I 
> have open.
> Maybe I need to make "default" one of my dmix devices and not the "raw 
> device", or I need to specify a playback rate in /etc/asound.conf like I've 
> seen in some ALSA examples? hmm..
You are correct in that you definitely do not want a "raw device" as your 
default.

> ::: apulse errors :::
> [apulse] [error] do_connect_pcm: can't get initial hw parameters for playback 
> device "default". Error code 1 (Operation not permitted)
Permissions error, likely 'User' related.

> [apulse] [error] do_connect_pcm: failed to open ALSA device. Apulse does no 
> resampling or format conversion, leaving that task to ALSA plugins. Ensure 
> that selected device is capable of playing a particular sample format at a 
> particular rate. They have to be supported by either hardware directly, or by 
> "plug" and "dmix" ALSA plugins which will perform required conversions on CPU.
The selected device is not capable of handling the data format, so you need to 
change your "default" device configuration.

> ::: cards/devices :::
> $ cat /proc/asound/cards
> 0 [PCH ]: HDA-Intel - HDA Intel PCH
> HDA Intel PCH at 0xfbff8000 irq 37
> 

> ::: snipped /etc/asound.conf :::
> $ cat /etc/asound.conf
> 

> ...
> pcm.!default {
> type plug
> slave.pcm "duplex"
> }
> 

> ctl.!default {
> type hw
> card 0
> }
Check to make sure you do not have a ~/.asoundrc overriding /etc/asound.conf

> > This may (and I do mean 'may') be your Desktop not releasing the audio 
> > devices, google that for your specific desktop to find out how to make it 
> > release them when you launch steam.

> [1] $ /usr/bin/apulse /home/apps/firefox/firefox -ProfileManager 

> [2] $ sudo -u webuser /usr/bin/apulse /home/apps/firefox/firefox 
> -ProfileManager
Switching 'User's in a GUI without re-logging is not always straightforward, 
session management can get in the way and conflict with the GUI.

In case you are unaware
To simplify the GUI side, use 'xauth'

get user_one's cookie:
user_one# xauth -n list localhost/unix:0
localhost/unix:0  MIT-MAGIC-COOKIE-1  83c12a394ac0c5afe1fee0a973b9e49g

then give the cookie to user_two:
user_two# xauth add localhost/unix:0  MIT-MAGIC-COOKIE-1  
83c12a394ac0c5afe1fee0a973b9e49g

now 'user_two' can access the GUI (you may need to set DISPLAY):
user_two# DISPLAY=:0 /usr/bin/apulse /home/apps/firefox/firefox -ProfileManager

I do this so frequently for 'root' that I have a two-line bash script I called 
'xsudo.sh'

#!/usr/bin/env bash
sudo bash -c "xauth add $(xauth -n list localhost/unix:0) && exec $@ &"




publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] /run/user/#

[g4sra via Dng]

On Tuesday, August 31st, 2021 at 2:52 PM, Luciano Mannucci 
 wrote:
> On Tue, 31 Aug 2021 23:31:30 +1000
> wirelessduck--- via Dng dng@lists.dyne.org wrote:
> > > I've completely removed Xorg, rebooted the machine, and still it does
> > > the same: when I log in as user XXX via ssh I see a /run/usr/XXX on
> > > that machine. I'm still investigating...
> > 

> > Perhaps elogind or consolekit is creating this if you have either 
> > installed? They will manage the login sessions.
> Well, I just removed consolekit (I haven't found the package elogind
> in apt list --installed). I will reboot tonight to see whether it
> changes something.
> 

> Thanks,
> Luciano.

Hi Luciano,

Iterative change and reboot has it's place, but there are often better ways.

When you start removing packages without fully understanding their purpose and 
then rebooting you run the risk of severe breakage.
If this is your own personal machine that is fine, of course you get to keep 
all the pieces.
However when it is someone else's machine which is now broken into 
pieces...that is far less acceptable.

Don't give up, you are doing OK, but let me guide you a little in the right 
direction.

In relation to *nix, you may have heard the phrase "Do one thing and do it 
well", there is another, "Everything is a file".
This is less true than it used to be, but still worth remembering (no '/dev/lo' 
or '/dev/eth0').

A very useful utility for working with files (and the network) is 'lsof'.

sudo lsof +c0 +D /run/user/

Remember to 'man lsof' first to get an idea of what you will be looking at (or 
any other command someone on a mailing list or forum tells you to run).
Running this command with root permissions is important, you will get varying 
results otherwise.















publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] /run/user/#

[g4sra via Dng]

On Tuesday, August 31st, 2021 at 1:11 PM, Pontus Goffe via Dng 
 wrote:
> Among running systems I can quickly search I can only find one box
> without /run/user and it has a custom monolithic kernel so perhaps this
> is kernel specific rather than packages.

Its not kernel specific.



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] /run/user/#

[g4sra via Dng]

On Monday, August 30th, 2021 at 12:10 PM, Luciano Mannucci 
 wrote:

> Hello,
> I have two Beowulf systems that should be identical. If I issue "df"
> one does report among mounted filesystems a /run/user/xxx, where xxx
> is the id number of the user I am connected with (via ssh) and the
> other doesn't. As uname -a they both report:
> Linux mil-dbs66 4.19.0-14-amd64 #1 SMP Debian 4.19.171-2 (2021-01-30) x86_64 
> GNU/Linux
> What have I done wrong, and on which one of the two machines?
Not necessarily anything wrong, other than the two machines are not identical.

/run/user/xxx is used by session management (and in some corner cases its 
absence can break dpkg scripts).

You could list all the processes on both machines and then diff them.
Quick and dirty (and untested :)

local_host# ps -e | awk '{print $4}' | sort | uniq >/tmp/catch0
local_host# ssh remote_machine 'ps -e'  | awk '{print $4}' | sort | uniq 
>/tmp/catch1
local_host# diff /tmp/catch0 /tmp/catch1


> Thanks in advance,
> Luciano.



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] manpages

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Monday, August 30th, 2021 at 11:36 AM, Ralph Ronnquist via Dng 
 wrote:
> On Mon, 30 Aug 2021 09:42:25 + 

> g4sra via Dng dng@lists.dyne.org wrote:
> > Looking for the gcc..g++ suite manpages, expected to find them in
> > 'gcc-doc' but it's missing. Anybody point me in the right direction ?
> You find 5:8.3.0-1~bpo10+1 in beowulf-backports, not beowulf,
> then 5:10.1.0-1 in chimaera and ceres

Thanks Ralph

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] manpages

[g4sra via Dng]

Looking for the gcc..g++ suite manpages, expected to find them in 'gcc-doc' but 
it's missing.
Anybody point me in the right direction ?


publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Steam, Mumble, Valheim, Alsa and shared audio

[g4sra via Dng]

On Saturday, August 28th, 2021 at 12:55 PM, hal  wrote:

> On 8/23/21 19:40, terryc wrote:
> > On Mon, 23 Aug 2021 11:20:27 -0500
> > hal vmli...@charter.net wrote
> 
> > > Thanks, I finally got this working yesterday.
> > Care to share your set up?
> Sure, glad to. I made a pastebin for it here since it would become unreadable 
> posted to the list: https://pastebin.com/XrXtAfPX
> My setup (cat /proc/asound/cards):
> 0) PCH - external speakers/microphone plugged into back of computer
> 1.  Nvidia - I suppose HDMI audio route or something
> 2.  Logitech USB wireless headset with microphone
> -   I use "xhost +" to allow various users below to run gui on my login. I do 
> not have the X TCP socket listening so remote access to X is blocked. Could 
> be another way to do this I dunno.
> -   my /dev/snd/* devices are chmod 660 for the "audio" group and all users 
> are members  

> The problems I have is multiple applications need to access the audio 
> device concurrently but it does not work (until now):
> I have no sound in Firefox so sometimes I need to run Palemoon or Chrome for 
> any kind of multimedia content which needs sound (ffs Firefox.. an FOSS 
> embarrassment). Sort of unrelated but it part of the root cause of all this

Install 'apulse' which are a sort of pulseaudio compatability libraries.

> 

> 2)
> When I run a web browser, I use a launcher script with sudo to run the 
> browser as "firefox" user. This user cannot play audio if another application 
> has alsa "locked"
> 

> 3)
> Sometime I want to play MP3s on my disk. I run VLC with my login account. I 
> cannot hear any music if the firefox user has a web browser open.
> 

> 4)
> When I launch Steam, a launcher script runs sudo to run Steam as "steamuser". 
> If another application has audio device open, there is no sound in Steam 
> games.

This may (and I do mean 'may') be your Desktop not releasing the audio devices, 
google that for your specific desktop to find out how to make it release them 
when you launch steam.

> End result: this mostly works now! Thank you guys/gals! I can share the 
> Logitech headset between Mumble and Steam (Valheim) applications when both 
> are run as the "steamuser". Sharing the same device between DIFFERENT users 
> does NOT work though and maybe not possible I don't know (eg: using Mumble on 
> headset then trying to play Youtube video as "firefox" user).



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] random sudden stops

[g4sra via Dng]

On Thursday, August 26th, 2021 at 1:10 AM, Hendrik Boom 
 wrote:
> For the past few months my home server (running an ascii installation
> physically moved from another computer) has been suddenly stopping all
> processing about once a month. apparently at random. It seems to stop
> instantly, leaving power on and becoming completely responsive to ping,
> existing ssh connexions and use of the physical keyboard.
> The system log, after a reboot, shows nothing unusual except of course
> that there are no log entries for a shut-down.

> Can anyone provide ideas about tracking this down?
> It could of course be a random rare intermittent hardware error.

> -- hendrik

Sounds like a Kernel panic, which can be tricky to resolve.
My first step would be to enable the Magic SysReq Key and 

wait for a system freeze to see if it can reveal anything.

https://en.wikipedia.org/wiki/Magic_SysRq_key



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Steam, Mumble, Valheim, Alsa and shared audio

[g4sra via Dng]

On Monday, August 23rd, 2021 at 5:20 PM, hal  wrote:
> On 7/3/21 09:59, g4sra via Dng wrote:
> > 'dmix' is part of Alsa.
> > > RT? FM?
> > > Read The Fine Manual ~ go to the Alsa website and read up on the 'dmix' 
> > > plugin, then google for example Alsa configurations for sharing devices.
> Thanks, I finally got this working yesterday.

The ALSA configuration language has got to be the worst that I have ever come 
across.
Treat yourself, you have earned it.

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Displaying adequately sized UTF8 characters in a terminal

[g4sra via Dng]

<--snip-->

If you wish to play around (view) what the fonts you have installed actually 
look like, 'apt-get install x11-utils' will provide you with 'xfontsel' which 
is mouse driven.
It also indicates fonts missing from the system that it knows about as 'greyed 
out' in the menu selection, so you can at least track any missing font down by 
name.

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] malfunctioning graphical application

[g4sra via Dng]

On Thursday, August 12th, 2021 at 11:47 AM, g4sra  wrote:

> <--snip--
> > The problem with mouse-drag does not occur on the other disk.
> 

> <--snip--
> > Of note is that when I start /usr/games/sol as root the problem
> > disappars---I can drag cards just fine.
> 

> This implies that your issue is 'user' based.

See my comment above.

> 

> One of the re-occurring issues with (GUI) applications after an update can be 
> traced to the 'user's personal configuration files for the previous 
> application version.
> It runs as 'root' but not as 'user'-> it is either a permission issue or a 
> 'user' configuration issue.

See my comment above.

> 

> Two steps you could try...
> 

> Create a new 'user' and login. See if the app runs as non-root (no prior use 
> of the application - no stale personal configuration files, rules out a 
> permissions issue).

See my comment above.
As we now know it functions correctly for 'root' but does not run as a 
'new-non-root-user' it is most probably a permissions issue.

Next questions to ask are:
What has changed related to 'user' and X permissions between Beowulf and 
Chimera.
Why does this one App misbehave when others don't.


NB. If it was a hardware problem the mouse wouldn't work for 'any' user or any 
part of the GUI rather than just one App.




publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] malfunctioning graphical application

[g4sra via Dng]

<--snip-->
> The problem with mouse-drag does not occur on the other disk.

<--snip-->
> Of note is that when I start /usr/games/sol as root the problem
> disappars---I can drag cards just fine.

This implies that your issue is 'user' based.
One of the re-occurring issues with (GUI) applications after an update can be 
traced to the 'user's personal configuration files for the previous application 
version.

It runs as 'root' but not as 'user'-> it is either a permission issue or a 
'user' configuration issue.

Two steps you could try...
Create a new 'user' and login. See if the app runs as non-root (no prior use of 
the application - no stale personal configuration files, rules out a 
permissions issue).

For the user that cannot run the app, purge all personal configuration files 
for the application, these can be tricky to find.
Your desktop will determine where they are placed..

E.g.
.kde
.trinity
.config
.cache

A good punt is to purge all of '.cache' and then strip out anything in 
'.config' (if it exists, or look elsewhere).

[user@localhost:~]$ rm -fr .cache/*
[user@localhost:~]$ find .config -iname "aisleriot"
.config/gnome-games/aisleriot

[user@localhost:~]$ rm -fr .config/gnome-games/aisleriot






publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] malfunctioning graphical application

[g4sra via Dng]

<--snip-->

When you really have no idea where to start (after looking through all logs, 
obviously)...

Use 'ps' with the '-o cmd' option to find out *exactly* how the executable is 
being invoked.
After killing everything, paste the command in a terminal window and execute it 
from there.
Watch the text that scrolls by in that terminal window for anything erroneous!

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Starting outline for the DNG Safe Programmer Certificate

[g4sra via Dng]

On Thursday, July 29th, 2021 at 10:00 PM, Steve Litt 
 wrote:

> g4sra via Dng said on Thu, 29 Jul 2021 20:50:02 +
> > Sent with ProtonMail Secure Email. 

> > ‐‐‐ Original Message ‐‐‐
> > On Thursday, July 29th, 2021 at 9:19 PM, Steve Litt
> > sl...@troubleshooters.com wrote:
> > 

> > > spiralofhope said on Thu, 29 Jul 2021 11:00:48 -0700 

> > > > Once this gets complex enough it'll need to be self-hosting in a
> > > > sense; check the rules against the rules -- de-duplicate,
> > > > simplify, add documentation, etc. :)
> > 

> > > > Internal consistency? I don't know the correct term offhand.
> > 

> > > Huh?
> > 

> > Apply the whole document to each individual line sequentially ... 

> > Recursive Iteration ?
> 

> I still don't understand.
> 


If I correctly interpret spiralofhope's meaning

Regard the document itself as if it was pseudocode.
Apply the rules of the document to the document e.g.

1) keep the document as short as possible
...
3) all of a paragraph must fit on the screen
...
9) the document must be readable to others like a children's book


> SteveT
> 


> 

> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Starting outline for the DNG Safe Programmer Certificate

[g4sra via Dng]

Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐

On Thursday, July 29th, 2021 at 9:19 PM, Steve Litt  
wrote:

> spiralofhope said on Thu, 29 Jul 2021 11:00:48 -0700
> 

> > Once this gets complex enough it'll need to be self-hosting in a sense;
> > check the rules against the rules -- de-duplicate, simplify, add
> > documentation, etc. :)
> > 

> > Internal consistency? I don't know the correct term offhand.
> 

> Huh?

Apply the whole document to each individual line sequentially ...
Recursive Iteration ?

> 

> SteveT
> 




publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Rant: was fresh install of chimaera on an Ultrabook - no touchpad

[g4sra via Dng]

<--snip->> 

> > > > There are just too many Gigabytes of Drivers required to satisfy every 
> > > > corner case,
> > > > You would need to put Drivers and Firmware for every network device in 
> > > > existence on the installation media.
> 

> Hi,
> 

> let's add this up for example for amd64
> 

> kernel 48 MB
> firmware-linux-free 19.2 KB
> 

> There no more interesting packages in my Synaptic kernel and modules section 
> if we
> assume that a install iso ships just one kernel.
> In the kernel and modules (contrib) section there a few packages not more 
> then 20MB.
> in the kernel and modules (non-free) section about 50 more packages about 206 
> MB.
> Some 300 MB in total, where are all the GBs?
> Even if we add DKMS and compilers which I skipped how much GBs will them be?.
> 

> What am I missing?

All the 'other' Drivers that people are complaining are NOT in the netinstall 
ISO's.
I don't understand the point you are making in adding up the Drivers that *are* 
included.

mount -o loop devuan_beowulf_3.1.0_amd64-netinstall.iso /mnt/tmp
find /mnt/tmp/pool/DEBIAN/ -type f -name "firmware-*"
/mnt/tmp/pool/DEBIAN/contrib/b/b43-fwcutter/firmware-b43-installer_019-4+deb10u1_all.deb
/mnt/tmp/pool/DEBIAN/contrib/b/b43-fwcutter/firmware-b43legacy-installer_019-4+deb10u1_all.deb
/mnt/tmp/pool/DEBIAN/main/f/firmware-free/firmware-linux-free_3.4_all.deb
/mnt/tmp/pool/DEBIAN/main/o/open-ath9k-htc-firmware/firmware-ath9k-htc-dbgsym_1.4.0-97-g75b3e59+dfsg-3_all.deb
/mnt/tmp/pool/DEBIAN/main/o/open-ath9k-htc-firmware/firmware-ath9k-htc_1.4.0-97-g75b3e59+dfsg-3_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-adi_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-amd-graphics_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-atheros_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-bnx2_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-bnx2x_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-brcm80211_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-cavium_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-intel-sound_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-intelwimax_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-ipw2x00_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-ivtv_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-iwlwifi_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-libertas_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-linux-nonfree_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-linux_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-misc-nonfree_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-myricom_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-netronome_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-netxen_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-qcom-media_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-qlogic_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-ralink_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-realtek_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-samsung_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-siano_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/f/firmware-nonfree/firmware-ti-connectivity_20190114-2_all.deb
/mnt/tmp/pool/DEBIAN/non-free/z/zd1211-firmware/firmware-zd1211_1.5-6_all.deb

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Rant: was fresh install of chimaera on an Ultrabook - no touchpad

[g4sra via Dng]

On Thursday, July 29th, 2021 at 6:58 AM, tito via Dng  
wrote:

> On Wed, 28 Jul 2021 22:26:07 +
> g4sra via Dng dng@lists.dyne.org wrote:
> > <--snip-->
> > This is why Devuan's installer will ask\prompt you to insert additional 
> > installation media such as a USB stick.
> 

> Hi
> 

> The user most of the time doesn't even know which driver or firmware blob he 
> needs so this is not a solution
> (unless you know how to scan dmesg...to spot the trouble).
> 

> Better would be to tell them:
> 1.  minimal install, netinstall isos/usb images are for advanced users as 
> they could miss firmware/drivers and you are on your own.
> 2.  full install CD/DVD/usb images contain all available firmware/drivers and 
> give best results (plus initial opt out of non-free stuff defaulting to: I 
> want it)

Note the line following in my original text
> > There are just too many Gigabytes of Drivers required to satisfy every 
> > corner case,
You would need to put Drivers and Firmware for every network device in 
existence on the installation media. 


> > put the drivers your quirky hardware requires on a USB stick and use it 
> > when prompted!
> > I do not ever want to have to install an OS from 31 removable media's ever 
> > again! (Windows NT anybody?).
> 



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Rant: was fresh install of chimaera on an Ultrabook - no touchpad

[g4sra via Dng]

<--snip-->
This is why Devuan's installer will ask\prompt you to insert additional 
installation media such as a USB stick.
There are just too many Gigabytes of Drivers required to satisfy every corner 
case, put the drivers your quirky hardware requires on a USB stick and use it 
when prompted!
I do not ever want to have to install an OS from 31 removable media's ever 
again! (Windows NT anybody?).

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Nasty Linux systemd security bug revealed

[g4sra via Dng]

On Tuesday, July 27th, 2021 at 7:26 AM, tito via Dng  wrote:
> On Mon, 26 Jul 2021 22:53:02 -0400
> Steve Litt sl...@troubleshooters.com wrote:
> > Hendrik Boom said on Mon, 26 Jul 2021 17:21:24 -0400
> > > On Mon, Jul 26, 2021 at 11:48:53AM -0400, Steve Litt wrote:
> > > > Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200
> > > > 

> > > > > My feeling is, that you can not simply teach someone how to write 
> > > > > safe software.
> > > > 

> > > > Why not? You can teach a person to do anything else. But maybe not in
> > > > college, because college is built to make money, not to teach.
> > > > Consider the average textbook and compare to the average "For
> > > > Dummies" book. The former makes the subject matter look incredibly
> > > > complex, justifying the professor. The latter makes it easy to learn.
> > > > What is needed is a curated document explaining the five or ten or
> > > > twenty things you need to do to be secure, and then how to achieve
> > > > them in a practical world. Let's start with input field cleansing and
> > > > protection from errant pointers and buffer overflow. There are many
> > > > more:
> > > 

> > > Knowing you, you probably already have a draft of such a document lying 
> > > around.
> > 

> > Not that I know of. That's why I'm starting at the level of a simple list.
> > 

> > SteveT
> 

> Hi,
> 

> Ten Commandments
> 

> 1.  use the least amount of code possible
> 2.  try harder and go to point 1
> 3.  if the code doesn't fit into one screen go to point 2
> 4.  always initialize your vars at declaration time
> 5.  always set your vars to NULL after freeing them
> 6.  always check error codes of the functions you call and something 
> appropriate
> 7.  add comments about what and why you did (that ugly hack)
> 8.  use meaningful (to others) names for your functions and vars
> 9.  your code must be readable to others like a children's book
> 10.  if you don't know how to solve it, look what others did, then do it your 
> way (or forget Ctrl-C)
> 

> these are the few rules I used when I did a little programming in the past
> So tell me yours...
> 

> Ciao, 

> Tito

Applying all those rules to all programming languages for all situations will 
not be a guarantee of a quality software product.
Also as Tito would probably admit that list is far from complete.
The issue is determining what rules to apply and when.


If anyone here is interested in learning programming and does not know where to 
start...my suggestion would be as follows

Look up the definition of each word of the Software Developer's Mantra below in 
relation to software development
(they are in alphabetical order purely for the mnemonic effect and are all of 
equal importance).

Consider and apply that definition to the use of the *programming language* and 
the *specific application being developed*.
This should be done iteratively during authoring, line by line, first to the 
expression, the whole function, then the module, throughout the whole program.

Software Developer's Mantra
~~~
completeness conciseness
high-cohesion low-coupling
resilience robustness
validation verification

This will still work with whatever design methodology you have been forced to 
work under, be it Agile, Scrum, Waterfall, Bohemes Spiral, etc. etc.

For example .. look up high-cohesion
https://en.wikipedia.org/wiki/Cohesion_(computer_science)
Apply the concept to every line as you write it.

NB. There is a lot more to software development than this, but following the 
mantra can help you produce significantly better code.


publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Nasty Linux systemd security bug revealed

[g4sra via Dng]

<--snip-->
> > > 

> > > Agreed, we must have all at least heard of Kevin Mitnick,
> There you go with assumptions, something you should never do. I have
> absolutely no idea who Kevin Mitnick is, I had never heard that name
> until you posted it.
> 

> Rowland

It wasn't my intention to be educational, my mistake ;)



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Nasty Linux systemd security bug revealed

[g4sra via Dng]

Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐

On Monday, July 26th, 2021 at 5:39 PM, Dr. Nikolaus Klepp  
wrote:

> Anno domini 2021 Mon, 26 Jul 16:33:45 +
> 

> g4sra via Dng scripsit:
> 

> > [...]
> > 

> > > It takes some effort to learn, but I doubt it's rocket science
> > > Which is why they call it Computer Science, it's harder.
> > > Rocket Science has a formula for everything, even the top AI experts 
> > > cannot formulate the intricacies of a Neural Net program.
> Why not? It's just a set of equations. Calling it "AI" might sell it to 
> marketing guys and polititians that definitly lack "NI", but that's about it.

It's no big secret, because none of the experts 'understand' the intricacies of 
the interactions of said equations.
A very quick google (or web search if you prefer), not bothered reading them 
myself, there may be better examples out there.

Tabloid style:
https://qz.com/865357/we-dont-understand-how-ai-make-most-decisions-so-now-algorithms-are-explaining-themselves/

Industry style:
https://simmtester.com/News/IndustryArticle/21626

> 

> Nik
> 





publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Nasty Linux systemd security bug revealed

[g4sra via Dng]

On Monday, July 26th, 2021 at 4:48 PM, Steve Litt  
wrote:
> Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200
> 

> > My feeling is, that you can not simply teach someone how to write safe 
> > software.
> 

> Why not? You can teach a person to do anything else. But maybe not in
> college, because college is built to make money, not to teach. Consider
> the average textbook and compare to the average "For Dummies" book. The
> former makes the subject matter look incredibly complex, justifying the
> professor. The latter makes it easy to learn.
> What is needed is a curated document explaining the five or ten or
> twenty things you need to do to be secure, and then how to achieve them
> in a practical world.
Software is far too complex to be audited by following a fixed set of generic 
rules,
otherwise someone would have already written software that can do exactly that.
We have some tools, but they are incomplete and fallible.

The personality of the individual is key, which is why not anyone can learn to 
program safely.
I witnessed an individual sail through and get top marks at college, they had 
an eidetic mind.
They could recall any fact they had been told\read instantly and accurately.
But they had no creativity and could be easily tripped up with the simplest of 
problems if they had not seen it before. 


> Let's start with input field cleansing and
> protection from errant pointers and buffer overflow. There are many
> more:
Yeah, that's what they taught me at college :).

> It takes some effort to learn, but I doubt it's rocket science
Which is why they call it Computer Science, it's harder.
Rocket Science has a formula for everything, even the top AI experts cannot 
formulate the intricacies of a Neural Net program.

> and one certainly doesn't need to come from a family who can fund
> college plus living expenses for 4 years, or 7, or whatever.
Agreed, we must have all at least heard of Kevin Mitnick, who as a teenager 
learnt from his dad, a security expert.
How executing software processes what you enter into it is as much a security 
concern as the source code.
> 

> SteveT




publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Nasty Linux systemd security bug revealed

[g4sra via Dng]

On Sunday, July 25th, 2021 at 6:53 PM, Simon Hobson  
wrote:
> Andreas Messer a...@bastelmap.de wrote:
> 

> > Once we had a crash in
> > simple limit switch device. As a result the high-rack robot pushed a
> > pallet in 15m height out of the rack. Fortunately, it was just another
> > robot which was destroyed (stood just below) - not a human being. Still
> > a very expensive case for the company. So I'm used implement a lot of
> > checks :-). (Actually we even don't use heap allocation after booting
> > the firmware)
> 

> Back in the 90s I had an acquaintance that did a lot of consulting for sites 
> with "management issues" and running "big iron". He got a jolly to see a site 
> that was run by systems from that vendor - the very early days of warehouse 
> automation. High bar warehousing, automated forklifts, with operators riding 
> along to move boxes between pallet on the forks and pallet on the racks - it 
> was a highly seasonal business, and in the run up to Christmas they be 
> getting order in in all sorts of quantities, putting a small box on a pallet 
> is highly inefficient so the need for manual handling to combine multiple 
> shipments onto one pallet on the racks.
> Apparently the average stay before the operators quit from the stress was 
> only 3 months !
> Then one day a forklift went wrong - fortunately with no operator on board. 
> It accelerated in an uncontrolled manner until it crashed through the side of 
> the building and fell over in the field next door - at which point, all the 
> operators walked out !
> 

> g4sra via Dng dng@lists.dyne.org wrote:
> 

> > There is nothing stopping me for applying for systems programming work in 
> > Nuclear Power Stations, Air Traffic Control, Industrial Robotics, etc...
> Yes, but if you look a little deeper, in that sort of industry the 
> programmers don't get to "just get on with it".
It doesn't read like you have been exposed to the same industry working 
practices I have, because that is exactly what happens until deadlines are not 
met.
> The higher the risk, the higher the degree of risk management.
And the personnel performing the risk management are of no greater standing 
that the personnel writing the software.
> By the time the programmer gets to write code, there's been a lot of safety 
> based design - and when they've written the code, there's a lot of testing 
> and assurance before it can go live.
No. There is 'testing and assurance' performed to the level agreed during the 
planning stage, planned by personnel of no greater standing...
> Of course, if you are Boeing and designing systems for aircraft - then it 
> seems it's a different matter !
> 

> Simon
> 


Maybe things have changed in the last ten years without my knowledge since I 
fulfilled the role of Security Auditor without any formal certification, 
reporting to the Board of an International Telecommunications company, but I 
doubt it.

Put more simplistically
It does not how many spelling checks are put in place if the spelling checkers 
cannot spell.
or as I prefer
Monkeys checking the work of Monkeys designed by Monkeys is not going to 
guarantee quality, it is only going to guarantee the slinging of faeces.



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Nasty Linux systemd security bug revealed

[g4sra via Dng]

<--snip-->
> Why I'm so critical about letting it crash: I typically deal with stack
> sizes of no more around 2-8kB in automation devices and have to be careful
> with that. You can't simply let a newspaper printing machine's motor control
> crash, 1000's of newspaper pages would be trashed. Once we had a crash in 

> simple limit switch device. As a result the high-rack robot pushed a 

> pallet in 15m height out of the rack. Fortunately, it was just another
> robot which was destroyed (stood just below) - not a human being. Still 

> a very expensive case for the company.
<--snip-->

And this is why ever sice I entered the profession I have maintained that 
programmers should be vetted and certified in a similar manner to other 
professions such as doctors and lawyers, carrying a similar social status.
Only those with the appropriate qualification and experience should be 
permitted to work in certain sectors.
There is nothing stopping *me* for applying for systems programming work in 
Nuclear Power Stations, Air Traffic Control, Industrial Robotics, etc...
I have personal knowledge of a College classmate who went on to write Air 
Traffic Control software, personally I would not trust him to write an App for 
my phone (but would be the first person to call if organising a party).

People are going to continue to die until this change happens.

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] desktop-live chimaera isos

[g4sra via Dng]

<--snip-->
> 

> Hardware:
> 

> 1.  Netbook, CPU: Intel Atom N2600, GPU: Integrated controller, RAM: 2GB. 

> In this netbook the problem leave to appear afterwards to edit the GRUB   
>   

> to turn off the load of AppArmor, with apparmor=0.
> 2.  Desktop PC, CPU: AMD Athlon 64 3000+, GPU: NVIDIA GeForce4 MX 440, 

> RAM: 3GB. 

> In this PC the problem did not disappear deactivating AppArmor.
> 

> Possibilities: 

> -   Too old hardware?
> -   AppArmor?
> -   XFCE, now 100% with GTK3?

The nouveau driver is notably buggy on 'old' hardware, twenty year old graphics 
hardware is positively antique.
Nvidia hardware past five years old should be considered 'Legacy' and only 
legacy OS's should be expected to function, certainly not modern compositors.

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Refracta have a static IP

[g4sra via Dng]

<--snip-->
> 

> What does the following show (everythingish installed that triggers dhclient)
> for P in $(dpkg -l | grep dhcp); do apt-cache rdepends $P 2>/dev/null | grep 
> '|' ; done
> 

> If 'NetworkManager' rears its head.purge with prejudice would be my 
> advice.

Arrgh! that command chain doesn't (distinguish between what is and isn't 
installed) work right.
Lesson learned, test before you post...

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Refracta have a static IP

[g4sra via Dng]

On Tuesday, July 13th, 2021 at 9:41 PM, Steve Litt  
wrote:

> Hi all,
> I'm trying to make my new Chimera based Refracta have a static IP
> address at 192.168.0.199/24, in order that every other computer on the
> 192.168.0.0/24 subnet can easily access it, and so I can put it on my
> LAN DNS.
> So I made my /etc/network/interfaces look like the following, which
> follows the guidelines of "man interfaces":
> =
> auto lo
> iface lo inet loopback
> allow-hotplug eth0
> iface eth0 inet static
> address 192.168.0.199
> gateway 192.168.0.1
> =
> Unfortunately, instead of the IP address being 192.168.0.199, it's a
> DHCP supplied 192.168.0.204 . What additional steps must I take to get
> my desired 192.168.0.199?
> Additional note: When I used 192.168.0.40, which I KNOW is not in my
> leased DHCP range, the result was the same. What must I do to get a
> static IP at 192.168.0.199/24 ?

> Thanks,
> SteveT


What does the following show (everythingish installed that triggers dhclient)

for P in $(dpkg -l | grep dhcp); do apt-cache rdepends $P 2>/dev/null | grep 
'|' ; done

If 'NetworkManager' rears its head.purge with prejudice would be my advice.



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Steam, Mumble, Valheim, Alsa and shared audio

[g4sra via Dng]

> On Sat, 03 Jul 2021 12:21:31 +
> g4sra via Dng dng@lists.dyne.org wrote:
> > <--snip-->
> > Configure Alsa to use the 'dmix' plugin, RT(not so)FM.
> Er dbmix in chimaera. Thanks.
'dmix' is part of Alsa.

> RT? FM?
Read The Fine Manual ~ go to the Alsa website and read up on the 'dmix' plugin, 
then google for example Alsa configurations for sharing devices.

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Steam, Mumble, Valheim, Alsa and shared audio

[g4sra via Dng]

<--snip-->
Configure Alsa to use the 'dmix' plugin, RT(not so)FM.

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] package search methods was ( USB mount problem)

[g4sra via Dng]

On Wednesday, June 16th, 2021 at 1:59 AM, Fred  wrote:
> On 6/15/21 1:24 PM, g4sra via Dng wrote:
> > <--snip-->
> > > Unfortunately I am not able to find what package contains gvfs-udisks2-vo.
> > > <--snip-->
> > > apt-file search gvfs-udisks2-vo
> > > gvfs-daemons: /usr/lib/gvfs/gvfs-udisks2-volume-monitor
> > > gvfs-daemons: /usr/lib/systemd/user/gvfs-udisks2-volume-monitor.service
> 

> Hi,
> 

> Why does apt-cache search gvfs-udisk* not find these?
Because 'gvfs-udisk*' is not equivalent to 'gvfs-udisks2-vo'
The '*' is a shell wildcard substitution meta-charater.

> Why does apt-file search gvfs_udisk* not find these?
Because 'gvfs_udisk*' is not equivalent to 'gvfs-udisks2-vo'
There is no underscore in the path\filename
The '*' is a shell wildcard substitution meta-charater.

> Why does the package search page on debian.org and devuan.org not find these?
As nobody knows what you entered as the search field.. who can say ?

> apt-file search requires entering the exact name. I may not know that.
No it doesn't, it requires entering part of the exact path or name.

> What flippin' good is it?
Works for me.



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] USB mount problem

[g4sra via Dng]

<--snip-->
> Unfortunately I am not able to find what package contains gvfs-udisks2-vo.
<--snip-->
apt-file search gvfs-udisks2-vo
gvfs-daemons: /usr/lib/gvfs/gvfs-udisks2-volume-monitor
gvfs-daemons: /usr/lib/systemd/user/gvfs-udisks2-volume-monitor.service

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] USB mount problem

[g4sra via Dng]

<--snip-->

> > > 

> > > The udisksd man page says the daemon is started by dbus-daemon or
> > > systemd. However, it is not started by inserting a USB device. 

> > > tried starting it manually (with USB device inserted) and received
> > > this:
> > > 

> > > root@aragog:/home/fred# /usr/lib/udisks2/udisksd &
> > > [1] 5 3
> > > root@aragog:/home/fred# udisks-Message: 07:27:15.642: udisks daemon
> > > 

> > > version 2.8.1 starting
> > > 

> > > ** (udisksd:523): WARNING **: 07:27:15.773: failed to load module
> > > mdraid: libbd_mdraid.so.2: cannot open shared object file: No such
> > > file or directory
> > > 


You read it in the man page, you do not start udisksd that way.
what does the following command display when run with root privileges...

udisksctl dump







publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] USB mount problem

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐

On Friday, June 11th, 2021 at 2:58 PM, Fred  wrote:

> On 6/10/21 11:29 PM, Stefan Krusche wrote:
<--snip-->
> 

> I did find the man page for udisks. I will study that and the article
> for autofs. Likely one of them will work fine.

The intended use 'autofs' is for automatic mounting of network filesystems in 
real-time as\when you access them.
It requires prior knowledge and configuration of the media to be mounted, it is 
not relevant to directly connected USB devices (unless that device is a network 
interface).

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] halt

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐

On Thursday, June 10th, 2021 at 8:37 AM, Simon Walter  wrote:

> I am researching the behavior of halt on various Linux distros. They
> seem to be inconsistent.
> halt has different man pages:
> In ascii:
> "
> AUTHOR
> Miquel van Smoorenburg, miqu...@cistron.nl
> "
> 

> At https://linux.die.net/man/8/halt
> "
> Author
> Written by Scott James Remnant sc...@netsplit.com
> "
> 

> Does anyone have any insight on this?
No.

But looking at the Beowulf changelog...

sysvinit (2.93-8+devuan1) unstable; urgency=medium
  * merge 2.93-8 into unstable
 -- Vincenzo (KatolaZ) Nicosia   Tue, 26 Feb 2019 
16:59:47 +

sysvinit (2.93-8) unstable; urgency=medium
  * Return alternative dependency on file-rc for convenience of
stretch -> bustern upgrade for file-rc users.
 -- Dmitry Bogatov   Thu, 14 Feb 2019 20:33:13 +

sysvinit (2.93-7+devuan1) unstable; urgency=medium
  * merge 2.93-7 into unstable
 -- Vincenzo (KatolaZ) Nicosia   Mon, 04 Feb 2019 
09:53:28 +

KatolaZ seems to have been the most recent force for keeping sysvinit-core 
updated with Debian devs only chipping in when it caused issues for Debian.
'halt' from Debian hasn't been updated for a year, but then updates should be 
infrequent for a stable core binary.
This is also exactly what I would expect when the (Debian) Devs have no vested 
interest in maintaining a (sysvinit) package.

So instead of comparing 'halt' man pages I suggest you compare the source 
versions.



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] exim paniclog

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Monday, May 31, 2021 8:43 PM, Antony Stone 
 wrote:

> On Monday 31 May 2021 at 21:37:30, g4sra via Dng wrote:
> 

> > > Is deleting the paniclog the proper way to stop receiving these e-mails?
> > 

> > No, don't delete it, empty it, this should be the standard practice when
> > manually manipulating daemon log files.
> 

> Hm, why do you say that?
Because I was taught to do it this way and the reasoning fits.
> 

> Surely you want exim to open a new log file when it has something new to
> report.
To do that you would also need to to shut down and restart exim.

> If you do not delete the log file but simply write "nothing" to it in order to
> empty it, won't the daemon keep the current write position and then get
> confused when the file is smaller?
No. It actually appends the next write the the 'nothing' already in the file 
(the filepointer is moved by writing nothing, remember the OS filesystem holds 
the filepointer, exim holds a file descriptor).

Historically, not all daemons will create their log files, they will silently 
omit logging if they do not pre-exist.
Some daemons will not write to existing log files unless they have correct 
ownership and permissions (for security, plain text passwords in log files, or 
daemons that drop privileges).
Deleting a file does not delete any file descriptors held by other processes 
those processes will continue to write to the original file (it is possible to 
recover an unintentionally deleted file providing a process is holding a file 
descriptor as until it does, the file space is not unallocated for reuse).

Alternatively to my suggestion you could...

stop exim
delete /var/log/exim4/paniclog
recreate /var/log/exim4/paniclog with the correct user/mode permissions
start exim

I am both 'Old School' and lazy.






publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] exim paniclog

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Monday, May 31, 2021 8:25 PM, Marc Shapiro via Dng  
wrote:

> I received this e-mail yesterday, and again today:
> 

> ---
> 

> exim paniclog /var/log/exim4/paniclog on quixote.home has non-zero size, mail 
> system might be broken. The last 10 lines are quoted below.
> 

> 2021-05-29 19:35:47 daemon: fork of queue-runner process failed: Cannot 
> allocate memory
> 

> ---
> 

> I use Thunderbird for all non-local mail.
> I am only using exim for local mail.
> The only mail that I receive locally is a weekly e-mail from a cron job that 
> I have set up to do backups, and I did receive that e-mail yesterday, along 
> with the above e-mail.
> 

> I'm not familiar with the workings of exim, or any MTA, so I don't really 
> know what the error message means, other than that there was some memory 
> issue. The one clue that I have is that something (I am fairly sure that it 
> was a Firefox tab) completely locked my system on Saturday night. Everything 
> started slowing down. Mousing became erratic. Then everything completely 
> stopped. I couldn't even switch to a terminal where I could kill Firefox. I 
> finally had to simply power down the system. (How I hate doing that!) Then I 
> rebooted, did a controlled shutdown and rebooted, again. After that, 
> everything seems to be running just fine.
> 

> Is that likely the cause of the above message? 

Yes

> If so, is deleting the paniclog the proper way to stop receiving these 
> e-mails?
No, don't delete it, empty it, this should be the standard practice when 
manually manipulating daemon log files.
The easiest way, with root permissions to literally redirect nothing to the log 
file (omit the double-quotes).
">/var/log/exim4/paniclog"

> 

> Marc
> 

> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Cockpit removal might make sense

[g4sra via Dng]

Thanks for chirping in Mark.

‐‐‐ Original Message ‐‐‐
On Tuesday, May 25, 2021 4:37 PM, Mark Hindley  wrote:

> This is actually a Debian bug and should be fixed there.
> 

> If cockpit requires systemd, is should declare that dependency.
> 

> If the dependency were present, amprolla would exclude cockpit from the Devuan
> archives.
> 

> So I suggest you submit a bug to Debian's BTS asking for the explicit systemd
> dependency to be added.

Is this the rule for all packages that have dependency on SystemD for some 
functionality ?

I was under the impression that missing dependencies from Debian packages was 
to be expected, and that it was not considered 'important' by some of the 
Debian devs.
That was a while ago though (Lenny ?)...maybe opinions have changed.

> 

> If we want/need cockpit to work in Devuan that is a whole new problem ;)






publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Cockpit removal might make sense

[g4sra via Dng]

<--snip-->

> > I sympathise, but am not sure this would (currently) be the best use of 
> > resources.
> > There is an ever growing list of packaged applications that do not function 
> > without SystemD.
> > If every one were identified, then removal of all from the repos may be 
> > justified.
> > Who is going to volunteer to be the Devuan developer that continuously 
> > performs this duty ?
> > I see this as being the work for a downstream distribution, to take the 
> > freedom that Devuan provides and tailor it (reducing choice) for a specific 
> > target use.
> 

> There should be soe way of warning potential users once it has been
> discovered that a package is useless. We're wasting their time
> otherwise.

Are you volunteering to collate and maintain a list of SystemD dependant 
application packages ?
If so, I am sure some Users would be grateful and Devuan could add it alongside 
the release notes.

Devuan is not a distribution for 'newbie's, there is a benefit from not 
stripping them out. Anyone who is really passionate about a particular broken 
package will either attempt a fix and submit a patch upstream or pay someone 
else to do so.


publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Cockpit removal might make sense

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Tuesday, May 25, 2021 5:42 AM, Simon Walter  wrote:

> Hi all,
> 

> I wanted to see if Cockpit would by some unknown magic run on Devuan.
> The reason I wanted to do this is because the packages are available in
> the default repos.
> 

> After installing it on an fresh Beowulf installation, it does not run
> and to my knowledge will never be able to w/o systemd sockets.
> 

> So, may I suggest that it is removed from the default repos, as it is
> misleading for beginners and may lead to unnecessary bug reports.
> 

> IIRC, the policy is not to remove anything related, but use stubs and
> let the user deal with half-broken software (ie. GNOME). Cockpit doesn't
> (currently) have dependencies on systemd and it's modules, but it
> requires a systemd socket to function. So, AFAICT, it is not even
> partially usable.
> 

> Best regards,
> 

> Simon
> 


I sympathise, but am not sure this would (currently) be the best use of 
resources.
There is an ever growing list of packaged applications that do not function 
without SystemD.
If every one were identified, then removal of all from the repos may be 
justified.
Who is going to volunteer to be the Devuan developer that continuously performs 
this duty ?

I see this as being the work for a downstream distribution, to take the freedom 
that Devuan provides and tailor it (reducing choice) for a specific target use.




publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Devuan eBook Reader

[g4sra via Dng]

I am shocked at the amount of 'user profiling' the OEM firmware performs which 
is then sent to Chinese servers.
I have temporarily knobbled the network until I find a more permanent solution. 


Has anyone attempted to put Devuan on an eBook yet ?




publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Odd issue with busybox dc in beowulf

[g4sra via Dng]

<--snip-->

> Hi,
> by looking at the latest git code:
> 

> static const struct op operators[] ALIGN_PTR = {
> #if ENABLE_FEATURE_DC_LIBM
> {"^", power},
> // {"exp", power},
> // {"pow", power},
> #endif
> {"%", mod},
> // {"mod", mod},
> // logic ops are not standard, remove?
> {"and", and},
> {"or", or},
> {"not", not},
> {"xor", eor},
> {"+", add},
> // {"add", add},
> {"-", sub},
> // {"sub", sub},
> {"*", mul},
> // {"mul", mul},
> {"/", divide},
> // {"div", divide},
> {"p", print_no_pop},
> {"f", print_stack_no_pop},
> {"o", set_output_base},
> };
> 

> it seems to me that mod, add, sub, mul, div are disabled
> and only %, +, -, *, / are supported.
> Cannot say if simply uncommenting them restores
> the previous functionality, could be worth a try.
> Eventually if it works a patch for making them optional
> (CONFIG_DC_LONG_OPS or the like) could be sent
> to the list.


Perform a 'git blame' and then chase the relevant commit hasha potential 
for 'git revert'.




publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Odd issue with busybox dc in beowulf

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Thursday, April 29, 2021 2:59 AM, Brad Campbell via Dng  
wrote:

> G'day All,
> 

> I've upgraded a staging server from Jessie to Beowulf and find a script in my 
> initramfs is now broken, tracking it down it is a huge change in behaviour in 
> the busybox version of dc and I can't find any reference to what I'm missing. 
> Has anyone bumped up against this? I've tried this on both the arm and x64 
> versions and the behaviour is identical, so it's not an arm thing 
> specifically.
> 

> On jessie :
> brad@srv:~$ busybox dc
> 2
> 2
> add
> p
> 4
> 

> On beowulf :
> root@rpi31:~# busybox dc
> 2
> 2
> add
> p
> 


In case you did not try it, I observe the following on beowulf :

~$ busybox dc
2
2
+
p
4


<--snip-->

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Script to migrate buster desktop to beowulf v1.6

[g4sra via Dng]

> 

> This might be a good one to ask the users.
> 

> fsmithred
> 


Agreed.

But if you did want to do it programmatically without parsing every 
sources.{d/*,conf}...
Ask apt what it is cacheing...

if [ -n "$(apt-cache policy | grep 'buster/non-free')" ]; then
  echo "yes include non-free repo";
else 

  echo "no don't!";
fi


publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for assistance in dealing with a nouveau problem

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Thursday, April 1, 2021 5:53 PM, o1bigtenor via Dng  
wrote:
<--snip-->
> 

> Working through the following page:
> 

> https://nouveau.freedesktop.org/VideoAcceleration.html
> 

> I get to
> 

> $ python2 extract_firmware.py # this script is for python 2 only
> 

> where I am using
> 

> NVIDIA-Linux-x86_64-390.141.run
> extract_firmware.py (from right here)
> 

> my resultant is:
> 

> root@debianbase:/tmp/nouveau/nvidia# ls
> extract_firmware.py NVIDIA-Linux-x86_64-390.141.run
> root@debianbase:/tmp/nouveau/nvidia# python3 extract_firmware.py
> Please run this in a directory where NVIDIA-Linux-x86-340.108 is a subdir.
> 

> You can make this happen by running
> wget 
> http://us.download.nvidia.com/XFree86/Linux-x86/340.108/NVIDIA-Linux-x86-340.108.run
> sh NVIDIA-Linux-x86-340.108.run --extract-only
> 

> Note: You can use other versions/arches, see the source for what is 
> acceptable.
> 

> In looking at the source code version 340.108 is that latest listed.
> 

> What and how do I change things so that I can extract this firmware
> blob so that hopefully my error message will disappear and my system
> will as robust as it was for the last 4 years. (I added the 5th
> monitor and that's when the issue appeared.)
> 


You literally need to execute

NVIDIA-Linux-x86-340.108.run --extract-only

which will extract itself creating the subdirectory

NVIDIA-Linux-x86-340.108

you can then run

python2 extract_firmware.py





publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Remote two-way sound?

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Saturday, March 27, 2021 6:22 PM, g4sra via Dng  wrote:

> ‐‐‐ Original Message ‐‐‐
> On Saturday, March 27, 2021 5:32 PM, Antony Stone 
> antony.st...@devuan.open.source.it wrote:
> 

> > On Saturday 27 March 2021 at 17:29:56, tito via Dng wrote:
> 

> > > On Sat, 27 Mar 2021 16:36:46 +0100 Antony Stone wrote:
> 

> > > > Does anyone know of a remote access mechanism which supports two-way
> > > > sound?
> 

> > > Krdc (Kde remote desltop client) has a setting:
> > > Sound: on this computer / Remote computer /disable sound
> > > and Alsa/Pulseaudio/None.
> 

> > I've always interpreted that as sound from the remote machine coming to me,
> > but not including a microphone on my machine getting converyed to the other
> > end.
> 

> > > Cannot say if it does what you want as I don't use audio in remote
> > > desktop sessions.
> 

> > Nor me, usually, but this is a simple thing for me to try (since I already
> > have KDE at both ends) so I'll see what it does.
> 

> > Antony.
> 

> Never tried, but I have a project coming up that requires exactly this.
> I suggest you avoid getting bogged down in Desktops and complexity which has 
> little to do with sourcing audio streams.
> 

> My first google turned up this...
> http://www.pogo.org.uk/~mark/trx/streaming-desktop-audio.html
> 

> if you try it please post how you get on, as I intend to go down this route 
> you could save me some work :).
> 

> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

TRX seems to work OK,  seamlessly integrates with ALSA, minimalist RTS protocol 
KISS style wins the day.
Took me a moment to twig that a local IP address must be specified on the 
receiver if the host's IPv6 interfaces have been knobbled (which mine have).
Not yet got the audio quality/rate quite right yet (want it lower) but plenty 
of scope to play with in the settings.





publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] adding raspi to sources.list

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Sunday, March 28, 2021 12:59 AM, Gregory Nowak via Dng  
wrote:
<-snip->
> 

> Is there a way to do what I want, or do I need to download the correct
> package manually, and install with dpkg -i? 


You don't say what the 'correct' package is that you wish to install.



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Package Repository Issue

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Saturday, March 27, 2021 10:37 PM, g4sra via Dng  wrote:

> ‐‐‐ Original Message ‐‐‐
> On Saturday, March 27, 2021 8:06 PM, aitor  wrote:
> 

> > Hi Tony,
> > 

> > On 27/3/21 19:24, Tony Thedford wrote:
> > 

> > > Hello,
> > > 

> > > Seems to be an issue on the package mirrors regarding i686 packages 
> > > today. I get the following errors about a missing public key. Note that 
> > > amd64 packages are working ok, do not have such errors.
> > > 

> > > W: GPG error: http://pkgmaster.devuan.org/merged beowulf-security 
> > > InRelease: The following signatures couldn't be verified because the 
> > > public key is not available: NO_PUBKEY BB23C00C61FC752C
> > > E: The repository 'http://pkgmaster.devuan.org/merged beowulf-security 
> > > InRelease' is not signed.
> > > N: Updating from such a repository can't be done securely, and is 
> > > therefore disabled by default.
> > > N: See apt-secure(8) manpage for repository creation and user 
> > > configuration details.
> 

> Check the date\time on your i386 host...

s/i386/i686/
It's been a long day, it's late, the clocks go back tonight, I am going to 
bed..like I should have before I wrote that.

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Package Repository Issue

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Saturday, March 27, 2021 8:06 PM, aitor  wrote:

> Hi Tony,
> 

> On 27/3/21 19:24, Tony Thedford wrote:
> 

> > Hello,
> > 

> > Seems to be an issue on the package mirrors regarding i686 packages today. 
> > I get the following errors about a missing public key. Note that amd64 
> > packages are working ok, do not have such errors.
> > 

> > W: GPG error: http://pkgmaster.devuan.org/merged beowulf-security 
> > InRelease: The following signatures couldn't be verified because the public 
> > key is not available: NO_PUBKEY BB23C00C61FC752C
> > E: The repository 'http://pkgmaster.devuan.org/merged beowulf-security 
> > InRelease' is not signed.
> > N: Updating from such a repository can't be done securely, and is therefore 
> > disabled by default.
> > N: See apt-secure(8) manpage for repository creation and user configuration 
> > details.

Check the date\time on your i386 host...

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Remote two-way sound?

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Saturday, March 27, 2021 5:32 PM, Antony Stone 
 wrote:

> On Saturday 27 March 2021 at 17:29:56, tito via Dng wrote:
> 

> > On Sat, 27 Mar 2021 16:36:46 +0100 Antony Stone wrote:
> > 

> > > Does anyone know of a remote access mechanism which supports two-way
> > > sound?
> > 

> > Krdc (Kde remote desltop client) has a setting:
> > Sound: on this computer / Remote computer /disable sound
> > and Alsa/Pulseaudio/None.
> 

> I've always interpreted that as sound from the remote machine coming to me,
> but not including a microphone on my machine getting converyed to the other
> end.
> 

> > Cannot say if it does what you want as I don't use audio in remote
> > desktop sessions.
> 

> Nor me, usually, but this is a simple thing for me to try (since I already
> have KDE at both ends) so I'll see what it does.
> 

> Antony.


Never tried, but I have a project coming up that requires exactly this.
I suggest you avoid getting bogged down in Desktops and complexity which has 
little to do with sourcing audio streams.

My first google turned up this...
http://www.pogo.org.uk/~mark/trx/streaming-desktop-audio.html

if you try it please post how you get on, as I intend to go down this route you 
could save me some work :).


publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] FSF and human rights

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Friday, March 26, 2021 12:26 PM, Antony Stone 
 wrote:

> On Friday 26 March 2021 at 13:07:08, Alessandro Vesely via Dng wrote:
> 

> > Hi All,
> > Debian is engaging in a disgusting attack against RMS:

<<--snip-->

Quote from Debian's page

"consider the harm that he has done to our community and others"

Pot - kettle - black, Debian!




publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Upgrade from buster to beowulf, runlevels are goofed

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Sunday, March 21, 2021 10:07 AM, Antony Stone 
 wrote:

> On Sunday 21 March 2021 at 10:57:46, Erich Minderlein via Dng wrote:
> 

> > In the times of SuSE 7.0 to 7.3 I used runlevels to control a server with
> > attached thin clients. The users on the system got a wall message and had
> > to save their work. After a few minutes the runlevel was reduced from 5 to
> > 3.
> 

> That's a long time ago.
> 

> > Now I find that the runlevels are identical from 2 to 5 as opposed to the
> > old times, when they were substantially differentiated. (root only, +local
> > multi-user, +network, +Xserver) Is this a heritage of the debian
> > distribution crippled by the poeystemd?
> 

> No, Debian has had identical runlevels 2-5 for many releases, nothing to do
> with systemd.
> 

> > Can I obtain a devuan different more clever system with update-rc.d ?
> 

> I'm not quite sure what you're looking for - I've never tried Debian Buster,
> but Devuan Beowulf works fine for me, and I happened yesterday to have to
> install a sysvinit startup file (for zoneminder, which no longer comes with 
> one
> by default), which got installed using update-rc.d without any problem.
> 

> > https://en.wikipedia.org/wiki/Runlevel#Linux_Standard_Base_specification
> > devuan (beowulf standard installation with some cruft maybe) as I have it
> > on my notebooks does not conform to the LSB.
> 

> Devuan is based on Debian, and that project dropped LSB support in 2015:
> https://wiki.debian.org/LSB
> 

> You can have LSB, or you can have Debian/Devuan, but it's not easy to have
> both.
> 


The only change that I can recall since the very very early days is that the 
runlevels used to step either incrementally or decrementally through all states 
between the current runlevel and the target runlevel e.g. 2>3>4>5 and 4>3>2>1 
instead of jumping straight to 5 or straight to 1.

The sysvinit scripts require LSB headers on Debian/Devuan. The drop of LSB by 
Debian refers to not complying with the whole LSB specification which dictates 
far more than just the init scripts. There is nothing to prevent from defining 
different states at different runlevels. There is no practical way of 
determining what will be required at system build time by a generic 
installation utility, it is up to the system administrator to customise the 
install appropriately after.

man update-rc.d





publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] rm not freeing space

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Tuesday, March 16, 2021 2:32 PM, Marc Shapiro via Dng  
wrote:

 On 3/16/21 2:32 AM, g4sra via Dng wrote:

  --snip--
  With your removable drive attached and mounted...
  Paste the outputs of 'mount' and 'df' when run as root.

 The drive in question is /dev/sdb1.

 root:/home/marc# mount
 /dev/sdb1 on /media/archives type ext4 
(rw,nosuid,nodev,noexec,relatime,user)

 root:/home/marc# df
 
Filesystem
 1K-blocks Used Available Use% Mounted on
 
/dev/sdb1
 1663749752 1267718540 311447996 81% /media/archives


Good, that answered some of my queries.
Now as root again, paste the output of a comparative usage of the directory 
structure immediately above where the files were that you deleted.

For example if you have

/media/archives/2021/march/january
/media/archives/2021/march/february

then execute

du -s /media/archives/2021/march/*


/media/archives/january
/media/archives/february

then execute

du -s /media/archives/*


expect an output that ends with a 'january'

root:/home/marc# du -s /media/archives/*
9913216   /media/archives/january
43905428  /media/archives/february
219244/media/archives/march

I cannot make the following judgement, hopefully you can.
Compare the directories usage, as you know their expected contents determine if 
it makes sense.
An extra 200GB somewhere should stick out like a sore thumb.

Once you are certain where the extra usage is, you can work on that directory 
alone.
My very first check would be sorting by size including .dotfiles 


ls -alrS /media/archives/january






publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] rm not freeing space

[g4sra via Dng]

<--snip-->

With your removable drive attached and mounted...
Paste the outputs of 'mount' and 'df' when run as root.


publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jitsi-meet server in DMZ

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Wednesday, March 10, 2021 6:56 PM, Simon Hobson  
wrote:

> g4sra via Dng dng@lists.dyne.org wrote:
> 

> > > > The meeting being hosted on the server needs to be simultaneously
> > > > accessible as two different domains, internal.com and external.com.
> > > > Anyone achieved this yet or know a better way ?
> 

> > Decided to use the external FQDN and implement BIND's response-policy' 
> > lying to the internal domain.
> > If anyone can think of a good reason why this is a bad idea please shout.
> 

> Can you clarify what the issue is ?
> It is as simple as needing to connect to the server at different IPs (i.e. 
> the internal IP from inside, the external IP from outside), but using the 
> same URL ? 

In a nutshell, yes.

> If so, then split horizon DNS is your friend - and I'm assuming that's 

> what you are referring to when you say using BINDs response policy.
No.

BIND's 'responce policy' is a, um, policy similar to a normal zone BUT anything 
in this zone can mask a real resolve from occurring.
It's downside is it's non-authorative, breaks dnssec, and site certificate 
authentication.
In some way it is comparative to masking by having an entry in your hosts file, 
only you don't need to edit every host.

So you could for instance put "detectportal.firefox.com CNAME www.mylocal.net" 
in it and bounce firefox to pull www.mylocal.net:/success.txt from 
your server and prevent it calling home every time you launch it on any pc 
using your internal network.


> I run split horizon DNS at home. I have an internal zone for thehobsons.co.uk 
> which has internal addresses for my devices, and an external zone for it 
> which lists only the public IPs. Two views (in BIND terminology), with rules 
> applied to determine which view is used for which clients.

Yes, I use two different views for internal and external traffic too (not heard 
the term 'split horizon' before).


> Some will tell you that it's wrong - but as long as we have NAT then it's a 
> decent and reliable workaround for the breakage that NAT causes.
The reason it is wrong is...your internal DNS server is exposed to to a higher 
hacking threat than if you had two separate servers, with the one in the DMZ 
serving external queries and the internal one on the local lan behind a 
secondary firewall.










publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jitsi-meet server in DMZ

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Tuesday, March 9, 2021 4:00 PM, Florian Zieboll via Dng  
wrote:

> On Tue, 09 Mar 2021 14:18:34 +
> g4sra via Dng dng@lists.dyne.org wrote:
> 

> > The meeting being hosted on the server needs to be simultaneously
> > accessible as two different domains, internal.com and external.com.
> > Anyone achieved this yet or know a better way ?
> 

> Not sure if "better", but works for me: I connect to the DMZ'ed server
> from the LAN using its external FQDN.
> 

> libre Grüße,
> Florian

Thanks for the reply Florian.

Decided to use the external FQDN and implement BIND's response-policy' lying to 
the internal domain.
If anyone can think of a good reason why this is a bad idea please shout.


publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Jitsi-meet server in DMZ

[g4sra via Dng]

The meeting being hosted on the server needs to be simultaneously accessible as 
two different domains, internal.com and external.com.

Anyone achieved this yet or know a better way ?

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jitsi advice please [SOLVED] ish

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Tuesday, March 9, 2021 1:00 PM, al3xu5  wrote:

> Mon, 08 Mar 2021 22:01:53 + - g4sra g4...@protonmail.com:
> 

> > It turns out 80 of the issue was a syntax error in the ALSA
> > configuration. For an unknown reason this mostly only caused an issue
> > for web browsers. In fact I only detected it when running some third
> > party alsa software that displayed a warning.
> 

> Hi
> 

> Being interested about audio (ALSA), may I ask you which were the third
> party alsa software that displayed a warning?
> 

> Thanks
> al3xu5

I copied the 'c' code from here...

https://stackoverflow.com/questions/40346132/how-to-properly-set-up-alsa-device#40363505

None of the alsa-utils gave any hint that there was a configuration issue, 
whereas the above program barfed.

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jitsi advice please [SOLVED] ish

[g4sra via Dng]

It turns out 80 of the issue was a syntax error in the ALSA configuration.
For an unknown reason this mostly only caused an issue for web browsers.
In fact I only detected it when running some third party alsa software that 
displayed a warning.

? mostly only ? it must be bedtime :)

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Beowulf embedded builds?

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Saturday, March 6, 2021 12:40 PM, Antony Stone 
 wrote:

> Hi.
> 

> I use a few Raspberry Pi-type devices (Raspberry, Banana, Orange), and it's
> good to see that http://files.devuan.org/devuan_ascii/embedded/ provides
> installers for a good range of such boards.
> 

> However, there is no http://files.devuan.org/devuan_beowulf/embedded/ so I'm
> wondering whether there is documentation on how to run a build server to
> create these files for myself?
> 

> I have a machine which is probably up to the job (8 core, 32 Gb RAM) so I'm
> happy to try this, but I'm not sure where to start.
> 

> Has anything been put online already, or can anyone who has created the Jessie
> / Ascii installers for these boards give me some guidance?
> 

> Thanks in advance (I hope!),
> 

> Antony.


Quote from the Dev pad

- https://arm-files.devuan.org/ now contain fresh Beowulf 3.1 SD card images 
for Raspberry Pis - RPi0 & 1 (armel), RPi2 (armhf) RPi3 & RPi4 (arm64) - note 
these are Raspberry Pi Foundation non-mainline kernel builds (which help with 
hardware variants). Images are experimental. Feedback wanted. Regular scripted 
build in Jenkins planned.

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jitsi advice please

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Friday, March 5, 2021 4:33 PM,  wrote:

> On 2021-03-05 04:23, g4sra via Dng wrote:
> 

> > Can anyone recommend a browser (other than Chrome) that they know
> > works with Jitsi-meet ?
> 

> I use vivaldi for jitsi (but nothing else). It just works.
> 

> golinux
> 


Thanks golinux,

Gave vivaldi a go, exactly the same results.
I am now certain the non-working microphone issue is due to a peculiarity with 
my workstation.



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jitsi advice please

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Friday, March 5, 2021 10:32 AM, Antony Stone 
 wrote:

> On Friday 05 March 2021 at 11:23:24, g4sra via Dng wrote:
> 

> > My biggest beef with Microsoft Teams, Zoom, and now Jitsi-meetthey all
> > omitted an essential service. What I want is (looking at you Rick :P) a
> > test sever which simply echo's back the incoming video\audio to the
> > client.
> 

> In MS Teams, go to your profile (something up in the top right), then Settings
> and Devices, and there's a button labelled "Make a test call". It plays an
> announcement, then a ping sound, listens to you speak (or whatever), and then
> plays it back to you.
> 

> I know that doesn't help with your Jitsi query, but I just wanted to point out
> that at least one of the three platforms you mentioned does have the "self
> test" feature.
> 


Used that trying to get teams to work, proved pointless as it does not run full 
duplex to\from the cloud.
Also tried opening two sessions, but M$ knows and hijaked the already open 
session.


publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jitsi advice please

[g4sra via Dng]

Re: Firefox

To answer myself, it seems Firefox made a change somewhere around v75 to the 
audio input bitrate refusing to work with anything that does not match.

Quickly threw up a Jitsi server.
Can make Jitsi work under Chrome browser on all available systems but my own 
workstation! 


Ho humI have learnt something...

Chrome has a dialog to let you select the IO devices, interestingly on my 
workstation none of my microphone devices appear in the drop down list.

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Strange behaviour with last version of grub

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Friday, March 5, 2021 10:36 AM, Adrian Zaugg  
wrote:

> On 05.03.21 05:08, wirelessduck--- via Dng wrote:
> 

> > The changelog mentions changes to secure boot. Could that be related to
> > the issue?
> 

> No, not in my case, secure boot is not in use on the concerned system.
> 

> Does anyone see this problem on Debian too (non-bootable after GRUB update)?
> 

> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng


~# dpkg -l grub-pc
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name   Version   Architecture Description
+++-==-=--==
ii  grub-pc2.02+dfsg1-20+deb10u4 amd64

No issues.

NOTE:
1) MSDOS partition not GPT
2) EFI is disabled on this system 



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Jitsi advice please

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Friday, March 5, 2021 10:29 AM, Ralph Ronnquist via Dng  
wrote:

> On 05/03 10:23, g4sra via Dng wrote:
> 

> > ...
> > Can anyone recommend a browser (other than Chrome) that they know works 
> > with Jitsi-meet ?
> > Any other suggestions to fix the audio ?
> 

> If you use headphones you can open two tabs to the same meeting and
> talk to yourself.
> 

> Ralph.
> 



Thanks Ralph, I will give that a go.

Sometimes it never occurs to me to try the simple things...

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Jitsi advice please

[g4sra via Dng]

Having been forced to use both Microsoft Teams and Zoom (thanks Covid) I am 
trying to get Jitsi-meet working.


Stage 1. Jitsi Client on Devuan (web browser)

Issue: I cannot get incoming sound to work with Jitsi.

I use TDE (Trinity Desktop Environment) which uses 'Arts' sound system sitting 
directly on top of 'Alsa'.
I have the 'apulse' library installed to satisfy 'Pulseaudio' dependant 
packages.
I normally use Firefox, and am aware that there are 'issues' reported (wish 
'they' had elaborated) with Jitsi and Firefox.


My biggest beef with Microsoft Teams, Zoom, and now Jitsi-meetthey all 
omitted an essential service.
What I want is (looking at you Rick :P) a test sever which simply echo's back 
the incoming video\audio to the client.
Trying to fault-find, set video quality, and audio levels using a real live 
meet is both awkward and annoying to everyone concerned


Can anyone recommend a browser (other than Chrome) that they know works with 
Jitsi-meet ?
Any other suggestions to fix the audio ?



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Strange behaviour with last version of grub

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Thursday, March 4, 2021 8:10 PM, tito via Dng  wrote:

> On Thu, 4 Mar 2021 17:22:42 +0100
> viverna vive...@inventati.org wrote:
> 

> > Yesterday I updated one of my computers with apt-get upgrade. This
> > packages are upgraded:
> > grub-common grub-pc grub-pc-bin grub2-common
> > dpkg install from version 2.02+dfsg1-20+deb10u3 to version
> > 2.02+dfsg1-20+deb10u4
> > 2.02+dfsg1-20+deb10u4 seems came from to:
> > http://deb.devuan.org/merged beowulf-security/main
> > 2.02+dfsg1-20+deb10u3 is in:
> > http://deb.devuan.org/merged beowulf/main
> > Upgrading system does not produce or show any problems and then I
> > halt the system.
> > I use Devuan Beowulf for all my pc. In this computer there is only 1
> > hd, partition type gpt, 3 partitions:
> > /dev/sda1 EFI System
> > /dev/sda2 Linux filesystem
> > /dev/sda3 Linux swap
> > I switched on the pc later and grub rescue appears. WTF?
> > I solved (temporarily) the problems with:
> > set prefix=(hd0,gpt2)/boot/grub
> > set root=(hd0,gpt2)
> > insmod normal
> > normal
> > and grub menù appears.
> > Login with root, and then update-grub... grub-install... and so on...
> > Restart the system. Grub rescue. Then login with root. New tests.
> > Grub rescue again. [N times?]
> > At the end I downgrade from 2.02+dfsg1-20+deb10u4 to
> > 2.02+dfsg1-20+deb10u3 the upgraded package.
> > update-grub and grub-install. Reboot. Grub works!
> > I am currently reluctant to upgrade again.
> > And now the question. Has anyone reported the error in Devuan? Has
> > anyone haved this problem?
> 

> Hi,
> I updated all my boxes and rebooted them without problems (still have
> to reboot the routers, now that you tell I will do it when I'm there
> physically).
> 

> Ciao,
> Tito
> 

> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng


I bet this is an EFI issue, start by looking there.


publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Netiquette

[g4sra via Dng]

What is the netiquette on this list for changing subject lines.
I hate hijacking threads but I also hate breaking them.
Which is the lesser of the two evils ?



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] My Qemu LAN-peer documentation is now in its first draft

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Wednesday, March 3, 2021 7:54 PM, tito via Dng  wrote:

> On Wed, 03 Mar 2021 16:15:10 +
> g4sra via Dng dng@lists.dyne.org wrote:
> 


> > 

> > Your 'predictable' names name are being assigned by what ?
> 

> By the kernel, I suppose as you can pass a kernel command line
> parameter with grub (net.ifnames=0 or net.ifnames=1)
> to switch between eth* and en* names.
> 


Search under /lib/udev, you will find rules that post-boot process the kernel 
command line.
It is very common to pass configuration options to userspace via the kernel 
command line at boot.
The kernel simply ignores anything it doesn't understand. 


> 

> I was there, I did try hard, but I was not able to make ifrename
> work reliably in the case you want to rename and reorder
> the interfaces (that is change the name and the number)
> because you change it one by one but the names you want
> are already in use by other interfaces that are up.
> 


The key is to be imaginative with the naming, using standard network device 
names is not recommended an will cause issues if anything is hotplugged.
And to demonstrate how imaginative I am and always practise what I preach, in 
one router I use the following.

wan0   // this should actually be man0 for metropolitan area network, but I 
didn't like 'man' and it reaches the wide area network eventually anyway.
lan0   // local area network interface
wlan0  // wireless local area network access point interface

In another I prefixed 'mb' for devices on the motherboard and 'ex' for an 
external USB ethernet adapter.
I never did check to see if they potentially conflict as it just worked fist 
time trying.

mbeth0
mbeth1
exeth0

In my top secret highly confidential system (which I would have to Men In Black 
neuralise you if I revealed) I rename so that it makes my firewall rules easy 
to read.









publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] My Qemu LAN-peer documentation is now in its first draft

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Wednesday, March 3, 2021 3:21 PM, tito via Dng  wrote:

> On Wed, 03 Mar 2021 14:52:57 +
> g4sra via Dng dng@lists.dyne.org wrote:
> 

> > <-- huge snip -->
> > Just for completeness should someone dig this thread up trying to
> > solve an issue...such as a 12 port router
> > The kernel's FDT determines the order of detection for built-in
> > interfaces. Learn how to make them, then don't change it and the
> > interfaces will always come up the same way.
> 

> Hi,
> Cannot confirm that as I have a board with 8 onboard ports
> 

> 00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (2) 
> I219-LM (rev 31)
> 09:00.0 Ethernet controller: Intel Corporation I211 Gigabit Network 
> Connection (rev 03)
> 0a:00.0 Ethernet controller: Intel Corporation I211 Gigabit Network 
> Connection (rev 03)
> 0b:00.0 Ethernet controller: Intel Corporation I211 Gigabit Network 
> Connection (rev 03)
> 0c:00.0 Ethernet controller: Intel Corporation I211 Gigabit Network 
> Connection (rev 03)
> 0d:00.0 Ethernet controller: Intel Corporation I211 Gigabit Network 
> Connection (rev 03)
> 0e:00.0 Ethernet controller: Intel Corporation I211 Gigabit Network 
> Connection (rev 03)
> 0f:00.0 Ethernet controller: Intel Corporation I211 Gigabit Network 
> Connection (rev 03)
> 

> and they used to come up in all possible permutations.
> When I added a 4 port addon card
> 

> 07:00.0 Ethernet controller: Intel Corporation 82576 Gigabit Network 
> Connection (rev 01)
> 07:00.1 Ethernet controller: Intel Corporation 82576 Gigabit Network 
> Connection (rev 01)
> 08:00.0 Ethernet controller: Intel Corporation 82576 Gigabit Network 
> Connection (rev 01)
> 08:00.1 Ethernet controller: Intel Corporation 82576 Gigabit Network 
> Connection (rev 01)
> 

> things got even more funny.
> 

> > Mask (delete, override with empty) e/udev rules and scripts and use
> > the purpose created 'ifrename' utility. And don't use SystemD OS..
> 

> eudev could do nothing because the names I would have liked where in use
> same for ifrename.
Correct, you can clearly not have more than one interface per name. 



> It works eventually if you use so called predictable new names
> and rename to old style names but even then you cannot be sure the predictable
> names will stay the same at next reboot.

Your 'predictable' names name are being assigned by what ?

> The only working solution is to:
> 

> 1.  at boot rename all detected interfaces to some temporary name (e.g. 
> eth*renamed)
> 2.  rename eth*renamed to eth{0-99} by a hardcoded list of mac addresses in 
> the
> wanted order.
> 

> 3.  don't use udev it will not work (e.g delete 70-net-persistent-names.rules)
> 4.  eventually recreate 70-net-persistent-names.rules on the fly at boot
> after having renamed the interfaces with the desired names linked
> to mac addresses.
> 

> 5.  make sure 70-net-persistent-names.rules is DELETED at reboot (or is on 
> volatile storage)
> or chances will be good that you will be locked out of your box at the 
> next reboot.
> 


I believe that is exactly what I just previously posted, 'ifrename' does all 
the heavy lifting for you.
No need to write scripts, parse the /sys filesystem, simply create 
'/etc/iftab', mapping each MACAddr to the name you wish to assign.
That is the only downside, you need to know some prior piece of hardware 
information to create the mapping table.

https://www.unix.com/man-page/debian/8/ifrename/

https://www.unix.com/man-page/debian/5/IFTAB/

> Ciao,
> Tito




publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] My Qemu LAN-peer documentation is now in its first draft

[g4sra via Dng]

<-- huge snip -->

Just for completeness should someone dig this thread up trying to solve an 
issue...such as a 12 port router

The kernel's FDT determines the order of detection for built-in interfaces.
Learn how to make them, then don't change it and the interfaces will always 
come up the same way.

Mask (delete, override with empty) e/udev rules and scripts and use the purpose 
created 'ifrename' utility.
And don't use SystemD OS..

publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] My Qemu LAN-peer documentation is now in its first draft

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Wednesday, March 3, 2021 12:15 AM, spiralofhope 
 wrote:

> On Wed, 3 Mar 2021 01:34:40 +1100
> Ralph Ronnquist via Dng dng@lists.dyne.org wrote:
> 

> > For bare-metal hardware I believe there is a first possible "race"
> > between different modules (that handle different card types), and a
> > second possible "race" for multiple same-type cards, which are handled
> > by the one and same module.
> 

> I've always found this strange..
> 

> Is there nothing like hard drives' UUID?
> 


Yes, MAC Addresses.
Sysadmins are just generally too lazy to use them.



publickey - g4sra@protonmail.com - 0x42E94623.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] GNUPGP Web of trust

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Saturday, February 27, 2021 1:23 AM, Gabe Stanton via Dng 
 wrote:

> I obviously haven't done enough reading lol. Thanks for the link.
>
> On Fri, 2021-02-26 at 22:06 +, Simon Hobson wrote:
>
> > Gabe Stanton via Dng dng@lists.dyne.org wrote:
> >
> > > Is it as simple as inviting anyone that wants to, to send their
> > > public
> > > key to this list? I'm not experienced in web of trust
> > > common/accepted
> > > practices but have been interested for some time.
> >
> > No, it's not that simple !
> > Try this for starters : https://en.wikipedia.org/wiki/Web_of_trust
> > Simon

No it certainly isn't simple, but that does not mean it is not doable.

As this topic is not getting the response I hoped it would I am going to go out 
on a limb risking contamination of peoples imagination by being a lot more open 
with what I was thinking.


Confirmation of email address by challenge response, pretty common nowadays for 
almost everything signed up for online.

Meet'n'Greet over jitsi.org.

Exchange of public keys using Dyne pad.


Again I am seeking input from those with more knowledge about IT Security than 
myself, so I am setting the bar pretty low :)




___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] NFS Stale file handle for regular user, not root

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Thursday, February 25, 2021 3:02 AM, Jackman  wrote:

> Mounting and remounting is not the problem, unfortunately. That'd be easier 
> to track down. I can't unmount with the regular user, but root can do it just 
> fine.

Are you sure your 'regular' user is getting a kerberos ticket ?

I am bailing now, if I were attempting this I would divide to conquer by getting
good 'ol weak NFS working first and then kerberise it afterwards, that way you
can be sure where you need to look for the issue.

> BTW, the 'jackman' user has the same uid on both server and client.
>
> On Wed, Feb 24, 2021, 3:39 PM g4sra via Dng  wrote:
>
>> ‐‐‐ Original Message ‐‐‐
>> On Wednesday, February 24, 2021 10:03 PM, Jackman via Dng 
>>  wrote:
>>
>>> I don't even know how to Google for this.
>>>
>>> Hosts involved:
>>> storage0: NFS/KRB5 server
>>> dorito: NFS client
>>>
>>> As root, I can mount, list files, view files, and so on. When I try to list 
>>> files on the mount, I get a stale file handle error.
>>>
>>> ➜ ~ mount /mnt/backup && ls -hal /mnt/backup
>>> ls: cannot open directory '/mnt/backup': Stale file handle
>>> ➜ ~ ls /mnt -hal
>>> ls: cannot access '/mnt/backup': Permission denied
>>> total 24K
>>> drwxr-xr-x 7 root root 4.0K Feb 24 12:10 .
>>> drwxr-xr-x 22 root root 4.0K Feb 23 15:56 ..
>>> d? ? ? ? ? ? backup
>>>
>>> Note the difference with root:
>>>
>>> dorito :: ~ » mount /mnt/backup && ls -hal /mnt/backup
>>> total 57K
>>> drwxr-xr-x 12 root root 12 Feb 23 03:36 .
>>> drwxr-xr-x 7 root root 4.0K Feb 24 12:10 ..
>>> drwxr-xr-x 3 jackman jackman 3 Feb 11 04:21 backup_dorito_20210211
>>> drwxr-xr-x 4 jackman jackman 4 Feb 23 06:16 dorito_20210223-0336
>>> dorito :: ~ » ls -hal /mnt
>>> total 26K
>>> drwxr-xr-x 7 root root 4.0K Feb 24 12:10 .
>>> drwxr-xr-x 22 root root 4.0K Feb 23 15:56 ..
>>> drwxr-xr-x 12 root root 12 Feb 23 03:36 backup
>>>
>>> Cute, eh?
>>>
>>> This is not a problem on the storage server itself:
>>>
>>> storage0 :: /srv » mount /mnt/backup && ls -hal /mnt/backup
>>> total 57K
>>> drwxr-xr-x 12 root root 12 Feb 23 03:36 .
>>> drwxr-xr-x 8 root root 4.0K Feb 24 14:16 ..
>>> drwxr-xr-x 3 jackman jackman 3 Feb 11 04:21 backup_dorito_20210211
>>> drwxr-xr-x 4 jackman jackman 4 Feb 23 06:16 dorito_20210223-0336
>>>
>>> Here are some relevant things:
>>>
>>> ➜ ~ mount | grep nfs
>>> storage0:/srv/backup on /mnt/backup type nfs4 
>>> (rw,nosuid,nodev,noexec,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=krb5,clientaddr=10.1.0.110,local_lock=none,addr=10.1.0.100,user=jackman)
>>>
>>> ➜ ~ cat /etc/fstab | grep backup
>>> storage0:/srv/backup /mnt/backup nfs4 noauto,rw,noexec,user,sec=krb5 0 0
>>>
>>> storage0 :: /srv » cat /etc/exports | grep backup
>>> /srv/backup 10.0.0.0/8(rw,no_subtree_check,sec=krb5)
>>>
>>> storage0 :: /srv » cat /etc/default/nfs-kernel-server
>>> RPCNFSDCOUNT=32
>>> RPCNFSDPRIORITY=0
>>> RPCMOUNTDOPTS="--manage-gids"
>>> NEED_SVCGSSD="yes"
>>> RPCSVCGSSDOPTS=""
>>> storage0 :: /srv » cat /etc/default/nfs-common
>>> NEED_STATD=
>>> STATDOPTS=
>>> NEED_IDMAPD="yes"
>>> NEED_GSSD="yes"
>>>
>>> Networking is static:
>>>
>>> storage0 :: /var/log/kerberos » cat /etc/hosts
>>> 127.0.0.1 localhost
>>> ::1 localhost ip6-localhost ip6-loopback
>>> ff02::1 ip6-allnodes
>>> ff02::2 ip6-allrouters
>>> 10.1.0.100 storage0.jackman.local storage0
>>> 10.1.0.110 dorito.jackman.local dorito
>>>
>>> The mount appears to execute cleanly:
>>>
>>> ➜ ~ mount -v /mnt/backup
>>> mount.nfs4: timeout set for Wed Feb 24 14:27:58 2021
>>> mount.nfs4: trying text-based options 
>>> 'sec=krb5,vers=4.2,addr=10.1.0.100,clientaddr=10.1.0.110'
>>>
>>> I don't see anything in the system logs on either machine that look at all 
>>> relevant.
>>>
>>> Nothing odd (IMHO) is happening in the KRB5 logs, just successful grants.
>>>
>>> I thought this problem was exclusive to dorito (the client), so I nuked and 
>>> re-installed Devuan. I have since installed Xubuntu on my desktop and it 
>>> 

Re: [DNG] SystemD OS home directories

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Wednesday, February 24, 2021 10:48 PM, Ralph Ronnquist via Dng 
 wrote:

> On 24/02 17:04, Hendrik Boom wrote:
>
> > On Wed, Feb 24, 2021 at 09:13:07PM +, g4sra via Dng wrote:
> >
> > > Just pulled this kernel commit...
> > > commit 7d6beb71da3cc033649d641e1e608713b8220290
> > > Merge: aa8e3291729f f69e8091c4a2
> > > Author: Linus Torvalds torva...@linux-foundation.org
> > > Date: Tue Feb 23 13:39:45 2021 -0800
> > > 
> > >
> > >- Idmapped mounts make it possible to easily share files between
> > >  multiple users or multiple machines especially in complex
> > >  scenarios. For example, idmapped mounts will be used in the
> > >  implementation of portable home directories in
> > >  systemd-homed.service(8) where they allow users to move their
> > > home
> > >  directory to an external storage device and use it on multiple
> > >  computers where they are assigned different uids and gids. This
> > >  effectively makes it possible to assign random uids and gids at
> > >  login time.
> > >
> > >
> > > 
> > > I remember the question regarding implementation of migratory home 
> > > directories raising it's head in the past. We now have the answer.
> >
> > Let me hopw NFS will use that technique.
> > It squashes root. I'd like it to reassign UIDs too.
>
> Wasn't "idmapping" invented with and for NFS, a couple of decades ago?

Yes, in NFS userspace I think.

Now it is in the kernel, it can be leveraged by any mount of any filesystem. Or 
even the same filesystem mounted in two different places giving two different 
access controls to the single filesystem simultaneously.



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] NFS Stale file handle for regular user, not root

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Wednesday, February 24, 2021 10:03 PM, Jackman via Dng  
wrote:

> I don't even know how to Google for this.
>
> Hosts involved:
> storage0: NFS/KRB5 server
> dorito: NFS client
>
> As root, I can mount, list files, view files, and so on. When I try to list 
> files on the mount, I get a stale file handle error.
>
> ➜ ~ mount /mnt/backup && ls -hal /mnt/backup
> ls: cannot open directory '/mnt/backup': Stale file handle
> ➜ ~ ls /mnt -hal
> ls: cannot access '/mnt/backup': Permission denied
> total 24K
> drwxr-xr-x 7 root root 4.0K Feb 24 12:10 .
> drwxr-xr-x 22 root root 4.0K Feb 23 15:56 ..
> d? ? ? ? ? ? backup
>
> Note the difference with root:
>
> dorito :: ~ » mount /mnt/backup && ls -hal /mnt/backup
> total 57K
> drwxr-xr-x 12 root root 12 Feb 23 03:36 .
> drwxr-xr-x 7 root root 4.0K Feb 24 12:10 ..
> drwxr-xr-x 3 jackman jackman 3 Feb 11 04:21 backup_dorito_20210211
> drwxr-xr-x 4 jackman jackman 4 Feb 23 06:16 dorito_20210223-0336
> dorito :: ~ » ls -hal /mnt
> total 26K
> drwxr-xr-x 7 root root 4.0K Feb 24 12:10 .
> drwxr-xr-x 22 root root 4.0K Feb 23 15:56 ..
> drwxr-xr-x 12 root root 12 Feb 23 03:36 backup
>
> Cute, eh?
>
> This is not a problem on the storage server itself:
>
> storage0 :: /srv » mount /mnt/backup && ls -hal /mnt/backup
> total 57K
> drwxr-xr-x 12 root root 12 Feb 23 03:36 .
> drwxr-xr-x 8 root root 4.0K Feb 24 14:16 ..
> drwxr-xr-x 3 jackman jackman 3 Feb 11 04:21 backup_dorito_20210211
> drwxr-xr-x 4 jackman jackman 4 Feb 23 06:16 dorito_20210223-0336
>
> Here are some relevant things:
>
> ➜ ~ mount | grep nfs
> storage0:/srv/backup on /mnt/backup type nfs4 
> (rw,nosuid,nodev,noexec,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=krb5,clientaddr=10.1.0.110,local_lock=none,addr=10.1.0.100,user=jackman)
>
> ➜ ~ cat /etc/fstab | grep backup
> storage0:/srv/backup /mnt/backup nfs4 noauto,rw,noexec,user,sec=krb5 0 0
>
> storage0 :: /srv » cat /etc/exports | grep backup
> /srv/backup 10.0.0.0/8(rw,no_subtree_check,sec=krb5)
>
> storage0 :: /srv » cat /etc/default/nfs-kernel-server
> RPCNFSDCOUNT=32
> RPCNFSDPRIORITY=0
> RPCMOUNTDOPTS="--manage-gids"
> NEED_SVCGSSD="yes"
> RPCSVCGSSDOPTS=""
> storage0 :: /srv » cat /etc/default/nfs-common
> NEED_STATD=
> STATDOPTS=
> NEED_IDMAPD="yes"
> NEED_GSSD="yes"
>
> Networking is static:
>
> storage0 :: /var/log/kerberos » cat /etc/hosts
> 127.0.0.1 localhost
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> 10.1.0.100 storage0.jackman.local storage0
> 10.1.0.110 dorito.jackman.local dorito
>
> The mount appears to execute cleanly:
>
> ➜ ~ mount -v /mnt/backup
> mount.nfs4: timeout set for Wed Feb 24 14:27:58 2021
> mount.nfs4: trying text-based options 
> 'sec=krb5,vers=4.2,addr=10.1.0.100,clientaddr=10.1.0.110'
>
> I don't see anything in the system logs on either machine that look at all 
> relevant.
>
> Nothing odd (IMHO) is happening in the KRB5 logs, just successful grants.
>
> I thought this problem was exclusive to dorito (the client), so I nuked and 
> re-installed Devuan. I have since installed Xubuntu on my desktop and it has 
> the same issue now, too, but I'm politely setting that machine aside as it's 
> not a Devuan machine.
>
> BTW, I've tried with 'noac', with no apparent change in behavior.
>
> I'm happy to RTFM if I knew what I was looking for.
>
> As always, any helpful souls are welcome to solicit on behalf of their beer 
> fund.
>
> Andrew Jackman
> kd7...@gmail.com

The unmount/remount technique won't work if some process is locked to it.
Use 'lsof' as root to check the share on both the server and the client.
If you find something, kill it and try the unmount/remount again.

NB: this advice is worth exactly what you paid for it :)___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] SystemD OS home directories

[g4sra via Dng]

Just pulled this kernel commit...

commit 7d6beb71da3cc033649d641e1e608713b8220290
Merge: aa8e3291729f f69e8091c4a2
Author: Linus Torvalds 
Date:   Tue Feb 23 13:39:45 2021 -0800



   - Idmapped mounts make it possible to easily share files between
 multiple users or multiple machines especially in complex
 scenarios. For example, idmapped mounts will be used in the
 implementation of portable home directories in
 systemd-homed.service(8) where they allow users to move their  
  home
 directory to an external storage device and use it on multiple
 computers where they are assigned different uids and gids. This
 effectively makes it possible to assign random uids and gids at
 login time.




I remember the question regarding implementation of migratory home directories 
raising it's head in the past. We now have the answer.



Sent with ProtonMail Secure Email.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] How to firewall on Devuan?

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Wednesday, February 24, 2021 5:58 PM, Adam Borowski  
wrote:

> On Wed, Feb 24, 2021 at 07:26:35AM -0700, Gabe Stanton via Dng wrote:
>
> > If I understand correctly, the iptables cli that we use now is just a
> > wrapper around nftables.
>
> Actually, there are two independent subsystems. They're managed by two
> userspace tools:
>
> -   iptables-legacy
> -   iptables-nft
>
> Rules set by one of them are not visible by the other. This may give a
> nasty surprise if some tool sets a rule some other way.
>
> /usr/sbin/iptables is an alternatives link to one of the two, you can 
> check
> update-alternatives --display iptables
> to see which subsystem you're using by default.
>
> Meow!
> --
> ⢀⣴⠾⠻⢶⣦⠀ Latin: meow 4 characters, 4 columns, 4 bytes
> ⣾⠁⢠⠒⠀⣿⡁ Greek: μεου 4 characters, 4 columns, 8 bytes
> ⢿⡄⠘⠷⠚⠋⠀ Runes: ᛗᛖᛟᚹ 4 characters, 4 columns, 12 bytes
> ⠈⠳⣄ Chinese: 喵 1 character, 2 columns, 3 bytes <-- best!
>
>
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng


Steve,

I suggest that anybody new to firewalling should go with NFT.
There is a lot more IPTables choice of wrappers and GUI's which hide what is 
really happening and is not necessarily a good thing. No doubt NFT will get 
these further down the line.

IPTables is earmarked to go away as IFTables did before it and then you will 
need to learn NFT anyway.

Speaking as someone whom used IPTables ever since it came about and is new to 
NFT, NFT is far more versatile, logical and simpler to configure.


flush ruleset

table inet filter {
chain input {
type filter hook input priority 0;

# accept any localhost traffic
iif lo accept

# accept traffic originated by us
ct state established,related accept

# count and drop any other traffic
counter drop
}
}


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] GNUPGP Web of trust

[g4sra via Dng]

I don't like the way SSL Certs are managedso that only leaves gpg.

Recently had an issue with gpg which disturbed some grey cells and disrupted 
their slumber.

I don't get out much (lockdown understatement) so my current 'web of trust' is 
zero and unlikely to expand anytime soon using the conventional method of 
exchanging keys down the pub. I am also aware that 'thinking' can be a 
dangerous pastime.

Is there any mileage or interest in a Devuan web of trust where we can exchange 
keys ?

I would be interested to hear from the more security knowledgeable members on 
the list as to whether this is even feasible.

Knowing that something had been signed by the Devuan Community would earn more 
trust from me than anything signed by Red Hat, IBM, Google..ad infinitum.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Debian vim bug ?

[g4sra via Dng]

Rather than using gvim I prefer to work mainly in konsole using gpm mouse, and 
this may (or may not) be gpm related. I do have numerous other vim plugins 
installed also.

I am experiencing high load when using vim. This occurs whenever I edit and 
save a file but DO NOT move the cursor afterwards.

I strace'd it to vim spinning around 'poll' & 'select'.
Can anybody else duplicate this phenomenon ?


strace -p 24368
poll([{fd=5, events=POLLIN}], 1, 0) = 0 (Timeout)
select(8, [0 3 5 7], [], [0 3 7], NULL) = 1 (in [7])
recvmsg(5, {msg_namelen=0}, 0)  = -1 EAGAIN (Resource temporarily 
unavailable)
recvmsg(5, {msg_namelen=0}, 0)  = -1 EAGAIN (Resource temporarily 
unavailable)
recvmsg(5, {msg_namelen=0}, 0)  = -1 EAGAIN (Resource temporarily 
unavailable)
recvmsg(5, {msg_namelen=0}, 0)  = -1 EAGAIN (Resource temporarily 
unavailable)
poll([{fd=5, events=POLLIN}], 1, 0) = 0 (Timeout)
select(8, [0 3 5 7], [], [0 3 7], NULL) = 1 (in [7])
recvmsg(5, {msg_namelen=0}, 0)  = -1 EAGAIN (Resource temporarily 
unavailable)
recvmsg(5, {msg_namelen=0}, 0)  = -1 EAGAIN (Resource temporarily 
unavailable)
recvmsg(5, {msg_namelen=0}, 0)  = -1 EAGAIN (Resource temporarily 
unavailable)
recvmsg(5, {msg_namelen=0}, 0)  = -1 EAGAIN (Resource temporarily 
unavailable)

strace -p 24368 -k
> /usr/bin/vim.gtk(_start+0x2a) [0x6e4ba]
recvmsg(5, {msg_namelen=0}, 0)  = -1 EAGAIN (Resource temporarily 
unavailable)
 > /lib/x86_64-linux-gnu/libpthread-2.28.so(recvmsg+0x11) [0x12391]
 > /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0(xcb_wait_for_special_event+0x4c8) 
 > [0xee58]
 > /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0(xcb_poll_for_reply64+0x178) 
 > [0xf958]
 > /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0(_XFreeX11XCBStructure+0x82e) 
 > [0x434de]
^C > /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0(_XFreeX11XCBStructure+0x9a0) 
[0x43650]
 > /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0(_XEventsQueued+0x5d) [0x4394d]
 > /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0(XEventsQueued+0x50) [0x35640]
 > /usr/lib/x86_64-linux-gnu/libXt.so.6.0.0(XtAppPending+0x141) [0x2f051]
 > /usr/bin/vim.gtk(get_winbuf_options+0x24c) [0x17a4cc]
 > /usr/bin/vim.gtk(xsmp_handle_requests+0x2ab) [0x180fab]
 > /usr/bin/vim.gtk(mch_write+0xeb) [0x18156b]
 > /usr/bin/vim.gtk(ui_wait_for_chars_or_timer+0x50) [0x216040]
 > /usr/bin/vim.gtk(get_winbuf_options+0x315) [0x17a595]
 > /usr/bin/vim.gtk(inchar_loop+0xdc) [0x21821c]
 > /usr/bin/vim.gtk(ui_inchar+0xda) [0x217c9a]
 > /usr/bin/vim.gtk(fix_input_buffer+0x370) [0x1089b0]
 > /usr/bin/vim.gtk(vim_unescape_csi+0x1052) [0x10a8b2]
 > /usr/bin/vim.gtk(vgetc+0x257) [0x10b6d7]
 > /usr/bin/vim.gtk(safe_vgetc+0x9) [0x10bb09]
 > /usr/bin/vim.gtk(normal_cmd+0x10e) [0x15ae8e]
 > /usr/bin/vim.gtk(main_loop+0x43a) [0x281f5a]
 > /usr/bin/vim.gtk(vim_main2+0xc1f) [0x2832bf]
 > /usr/bin/vim.gtk(main+0xae7) [0x6c9b7]
 > /lib/x86_64-linux-gnu/libc-2.28.so(__libc_start_main+0xeb) [0x2409b]

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Assigning a specific subnet and address to a Devuan Beowulf Qemu guest

[g4sra via Dng]

‐‐‐ Original Message ‐‐‐
On Tuesday, February 16, 2021 12:55 PM, Steve Litt  
wrote:

> On Tue, 16 Feb 2021 20:29:46 +1100
> Ralph Ronnquist via Dng dng@lists.dyne.org wrote:
>
> > On 16/02 03:24, Steve Litt wrote:
> >
> > > Hi all,
> > > My ultimate goal is to have a Devuan VM guest on my Void Linux Daily
> > > Driver Desktop (DDD) that acts like just another metal computer on
> > > my LAN at 192.168.0.0/24. I want it to have address 192.168.0.66.
> > > I've tried to do this sporadically over the past 2 years, never
> > > with success. ...
> > > I tried setting the VM guest's /etc/network/interfaces to static
> > > with address 192.168.0.66, with the gateway, netmask etc set
> > > accordingly, but after doing that, ip addr on the VM showed no IP
> > > address at all.
> >
> > It all looks fine, and static setup should work. Possibly you left out
> > the "auto eth0" or "allow-hotplug eth0" line?
>
> Thanks Ralph,
>
> I had left them both out, but putting them in didn't change the
> symptom. I tried with only auto eth0, and that didn't change the
> symptom either.
>
> Thanks,
>
> SteveT
>
> Steve Litt
> Autumn 2020 featured book: Thriving in Tough Times
> http://www.troubleshooters.com/thrive
>
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

I gave up doing things this way as Qemu kept changing under me, voiding my 
scripts. I now use 'virt-manager' relatively painlessly.

That IP may have been issued by a Qemu dhcp server.

The first step is to confirm Qemu is not messing with stuff it shouldn't... 
Spin up the VM and confirm that your host network settings have not been 
altered/added to. You must do this when the VM is running.









___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Synaptics Touchpad Fn+F9

[g4sra via Dng]

Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
On Friday, February 5, 2021 11:12 AM, Florian Zieboll via Dng 
 wrote:

> Am 4. Februar 2021 20:13:49 MEZ schrieb g4sra g4...@protonmail.com:
>
> > ‐‐‐ Original Message ‐‐‐
> > On Thursday, February 4, 2021 6:59 PM, Florian Zieboll via Dng 
> > dng@lists.dyne.org wrote:
> > Thanks for the reply Florian
> >
> > > Am 4. Februar 2021 18:15:06 MEZ schrieb g4sra via Dng dng@lists.dyne.org:
> > >
> > > > Does anyone know how to re-enable a Synaptics Touchpad in Linux after 
> > > > it has been turned off in Windows using Fn+F9 ?
> > >
> > > If this key combo really changed something "in hardware", i assume that a 
> > > "hard reset" of the notebook(?!) should solve the issue...
> > > Usually, this is accomplished by removing all power sources and 
> > > periphery, and then holding down the power button for 15-20 seconds. The 
> > > idea is to remove any stored electricity (from ac adapter, battery, 
> > > capacitors) to clear all non-persistent storage.
> >
> > That is what googling said too, unfortunately it didn't work.
> >
> > > Your devices miles may vary, the manual should mention it.
> >
> > The manual is not much use at all, being digital it won't even serve 
> > purpose in the WC.
> >
> > > libre grüße,
> > > Florian
> >
> > By first installing Windows 7 and then the Synaptic drivers on an old HDD I 
> > was able to restore touchpad functionality with the Fn+F9 switching. This 
> > is a programmable multi-gesture touchpad which I guess may have flash 
> > memory.
> > There has got to be a better way
>
> Hallo g4sra,
>
> as you replied off-list and I don't know of any better way, I bring the issue 
> back to the list:

Thanks for that. This email client will not reply to the list. It considers to 
do so a security issue because of an authentication failure. If I post directly 
to the list then the message thread is lost.

I have tried something new.. it will allow me to CC, so I have done that 
replying directly to you, deleted the To, and promoted the CC, so if the 
message id has remained intact this may be a way around the problem.


> Perhaps someone has a hint on resetting the device, if you'd reveal its make 
> and model?

Laptop make is mostly irrelevant as the hardware is self-contained as 
manufactured by Synaptics. I believe the communication is SMBus in this 
instance, I know of no way to interrogate the touchpad itself other than by 
what is reported using Synaptics drivers for Windows.

>
> Another idea out of thin air: Did you remove the CMOS battery - or does the 
> notebook provide a button (or pins) to reset the bios password?
>

Yes, I did a thorough cold power-up.


> libre Grüße,
> Florian
>

I am looking for a 'Linux software' solution to this problem.
Currently grepping the kernel source to see if any giveaways in the DTB sources.





___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Synaptics Touchpad Fn+F9

[g4sra via Dng]

Does anyone know how to re-enable a Synaptics Touchpad in Linux after it has 
been turned off in Windows using Fn+F9 ?


Sent with ProtonMail Secure Email.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Clarification please

[g4sra via Dng]

On 29/10/2020 18:19, Bernard Rosset via Dng wrote:
>> That said, I've stopped using unbound and I'm using straight BIND as my
>> local resolver lately. It's pleasant.
> 
> From what we discovered about unbound during one of the meetings, I clearly 
> do not trust that technology. Too bad: it was on my to-test list.
> 
> However, unbound is recursive-only IIRC.
> 
> Since I am most interested in authoritative NS technology, I have yet to test 
> knot, of which I read good stuff.
> 
> BIND is ol' do-it-all grand-daddy. A bit messy & overcomplicated to properly 
> set up & manage to my taste.
Used it for ages, I like what I am used to, and after battling with Micro$oft's 
offering but it is not appropriate for my current project.

Can anybody suggest a suitable authoritative/recursive DNSSEC supporting name 
server for SOHO domain use on embedded systems.
What I am looking for is something like dnsmasq.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] devuan ?

[g4sra via Dng]

On 29/10/2020 18:31, radisso...@gmx.de wrote:
> The problem is a bit weired:
> 
> I did install Beowulf 3.0 had some problems nothing i could not fix,
> then i tried to install gcc via apt-get install gcc
> 
> 
> 
> Do you want to continue? [Y/n]
> Err:1 http://deb.devuan.org/merged beowulf/main amd64 linux-libc-dev amd64 
> 4.19.118-2
>   404  Not Found [IP: 130.225.254.116 80]
> Unable to correct missing packages.
> E: Failed to fetch 
> http://mirrors.dotsrc.org/debian/pool/main/l/linux/linux-libc-dev_4.19.118-2_amd64.deb
>   404  Not Found [IP: 130.225.254.116 80]
> E: Aborting install.
> --snip--

Have you 'apt update' and accepted the repo change from testing ?
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Clarification please

[g4sra via Dng]

On 29/10/2020 13:44, Michael Neuffer wrote:
> On 10/29/20 2:27 PM, d...@d404.nl wrote:
--snip--
>> To ease the maintenance of those servers i intend to migrate them to
>> docker containers. I wonder people on this list have experience on this
>> subject?
> 
> 
> You might want to take a look at this project:
> 
> https://github.com/mailserver2/mailserver

Please correct me if I am mistaken, I thought 'unbound' was tied to 'systemd 
creep' nowadays and have been avoiding it for that reason alone.
I want to avoid creating a dependency on something I don't already have only to 
need to purge it next year ...
 
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Any parties interested in lxc ?

[g4sra via Dng]

On 11/10/2020 02:52, Simon Walter wrote:
--snip--
> I use Qemu/KVM for Windows development.
I currently use Qemu/KVM for customising\slipstreaming Windows installation 
image, everything else Windows related I do in a VM is just playing.
Ever taken a look at ReactOS ?

> What is your use case for LXC?
Was to be OS installation image development for various legacy platforms that 
are no longer supported (since wheezy).
Once I had LXC functioning fully on my x68_64 workstation I was then going to 
clone the configuration over to an ARM platform to build images for Marvell 
Kirkwood (and Raspberry Pi for fun). 

> Did you mention USB passthrough?
No, not got that far yet.
The unsurpassable stumbling block I have hit is related to lack of support for 
kernel interaction within a namespace, kernel <> userspace messaging fails and 
so does everything that depends on it.

> Depending on what your developing, you
> may want to have several targets including physical computers.
If there wasn't any physical computers and other people using them I wouldn't 
spend hours sat at one mucking with software ;).

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Any parties interested in lxc ?

[g4sra via Dng]

On 10/10/2020 21:47, Simon Walter wrote:
> On 2020-10-08 21:08, g4sra via Dng wrote:
>-- snip --
>>
>> Anybody enlighten me about the meaning of the phrase...
>>
>> 'The controller seems to be unused by "cgfsng" cgroup driver or not enabled 
>> on the cgroup hierarchy'
> 
> Sorry for the late reply.
No problem. Real life comes first ;)

> 
> How have you set up cgroups? Cgroups has changed and my old set up
> didn't work after upgrading from Jessie.

I eventually deciphered the issue, partial configuration of pam_cgfs.so in 
/etc/pam.d/common-session{,-noninteractive}

However I am finding shortfalls with cgroups and namespaces functionality, and 
Debian packaging with SystemD creep.
I am being drawn to the conclusion that LXC is not suitable for system 
containers (or developing systems - my intended use), and are best suited for 
pure Application daemons such as HTTP or DNS.
I am currently considering rebuilding a Qemu/KVM development environment
 
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Crontab depends on Anachron which is not installed by default?

[g4sra via Dng]

On 10/10/2020 15:38, Mike Tubby wrote:
> All,
> 
> I've just discovered that my various Devuan systems aren't running cron.daily 
> or cron.weekly tasks because /etc/crontab performs a test on anacron being 
> present.
Not quite...

cron will NOT run if anacron IS installed AND IS executable.


If anacron is not installed, cron jobs will be skipped if the system is powered 
down at the time the job is due to run.

If anacron is installed, it will check for any outstanding jobs at boot and run 
them. 
NOTE: this depends on a correct clock and filesystem timestamping ('noatime' 
will break it).
Check your Devuan systems for the above, if anacron is not running on a sever, 
this is the most probable cause.
Laptops are subject to power management settings which may also stop anacron 
from running.
 

>  However /etc/crontab doesn't need anacron for cron.hourlyIt is still there 
>as anacrontab is not configured for /etc/cron.hourly by default
If it is missed by being powered down, worst case is a 59 miniute wait and it 
will be run.

cat /etc/anacrontab
# /etc/anacrontab: configuration file for anacron
# See anacron(8) and anacrontab(5) for details.

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
HOME=/root
LOGNAME=root

# These replace cron's entries
1   5   cron.daily  run-parts --report /etc/cron.daily
7   10  cron.weekly run-parts --report /etc/cron.weekly
@monthly15  cron.monthlyrun-parts --report /etc/cron.monthly



24/7/365 Servers usually don't benefit from anacron
Laptops & Workstations at the mercy of power cycling Users usually do

> 
> # /etc/crontab: system-wide crontab
> # Unlike any other crontab you don't have to run the `crontab'
> # command to install the new version when you edit this file
> # and files in /etc/cron.d. These files also have username fields,
> # that none of the other crontabs do.
> 
> SHELL=/bin/sh
> PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
> 
> # Example of job definition:
> # . minute (0 - 59)
> # |  .- hour (0 - 23)
> # |  |  .-- day of month (1 - 31)
> # |  |  |  .--- month (1 - 12) OR jan,feb,mar,apr ...
> # |  |  |  |  . day of week (0 - 6) (Sunday=0 or 7) OR 
> sun,mon,tue,wed,thu,fri,sat
> # |  |  |  |  |
> # *  *  *  *  * user-name command to be executed
> 17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
> 25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts 
> --report /etc/cron.daily )
> 47 6    * * 7   root    test -x /usr/sbin/anacron || ( cd / && run-parts 
> --report /etc/cron.weekly )
> 52 6    1 * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts 
> --report /etc/cron.monthly )
> 
> 
> Why do we need anacron at all?  Surely we can just do:
> 
> 17 *    * * *   root    cd / && run-parts --report /etc/cron.hourly
> 25 6    * * *   root    cd / && run-parts --report /etc/cron.daily
> 47 6    * * 7   root    cd / && run-parts --report /etc/cron.weekly
> 52 6    1 * *   root    cd / && run-parts --report /etc/cron.monthly
> 
> 
> ... or am I missing something?
> 
> 
> Mike
> 
> 
> 
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Any parties interested in lxc ?

[g4sra via Dng]

On 08/10/2020 04:30, Simon Walter wrote:
> On 2020-10-05 11:23, tom wrote:
> ...
>>
>> I would appreciate if we kept this on-board unless needed. Never know
>> when someone in the future might find it useful.
>>
> 
> I would appreciate that too!
> 

Current issue.. loop device not accessible...

lxc-start c1 20201007205137.329 WARN cgfsng - 
cgroups/cgfsng.c:get_hierarchy:204 - There is no useable devices controller
lxc-start c1 20201007205137.329 ERRORcgfsng - 
cgroups/cgfsng.c:cg_legacy_set_data:2191 - Failed to setup limits for the 
"devices" controller. The con
troller seems to be unused by "cgfsng" cgroup driver or not enabled on the 
cgroup hierarchy
lxc-start c1 20201007205137.329 WARN cgfsng - 
cgroups/cgfsng.c:__cg_legacy_setup_limits:2228 - Failed to set "devices.allow" 
to "b 7:* rwm"
lxc-start c1 20201007205137.329 ERRORstart - start.c:lxc_spawn:1814 - 
Failed to setup legacy device cgroup controller limits

Anybody enlighten me about the meaning of the phrase...

'The controller seems to be unused by "cgfsng" cgroup driver or not enabled on 
the cgroup hierarchy'




___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Any parties interested in lxc ?

[g4sra via Dng]

>> Can I put attachments on emails to the dyne mailing lists?
> No idea, so I attached one to see what would happen...

The attachment showed up, you might as well run it and post the output (on the 
list or direct, whichever you prefer) to give me a starting reference.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Any parties interested in lxc ?

[g4sra via Dng]

On 06/10/2020 04:36, tom wrote:
> On Mon, 5 Oct 2020 11:30:10 +0100
> g4sra via Dng  wrote:
--snip--
> 
> Unprivileged containers I still have not figured out how to generate.
If you would like I may be able to give guidance on generating them in Devuan.
You would have to translate that into Ubuntu yourself, I only install it for
other Users and do not use Ubuntu myself so lack the required familiarity.

> I
> have a script that creatures unprivileged containers and lxc comes with
> a template downloader script. However those templates are downloaded
> from some Ansible server hosted on Canonical's website. The images are
> generated from /HIGHLY/ abstracted Ansible templates, not actual
> source code or bash scripts. Because of this it's very difficult to
> figure out what's really going on as the specifics are all abstracted
> away.
One of Canonical's business practices that made me veer away from Ubuntu years 
ago.

> The difference between a script that builds a Devuan image for
> a container and a script that builds a Devuan image for a container then
> then 'underprivilegizes' it with subuids/subgids.
Actually quite easy to unpriviledgise (is that a 'word'?) a container.
I used that technique to debug my LXC configuration, copying a working
container built by 'root' I knew any issues were of my creation. 

> Maybe you being a Redhat stuff expert
Please, no, not an 'expert', more a dysfunctional geek, and not of Red Hat.
There were only two true contenders for business use back then, Red Hat or SUSE.
I preferred the American Style to the German Style, but it was a very close 
call otherwise.
Red Hat was good when it was built by two guys, the pioneer of the two working 
from his bedroom.
It was even better when the Community rallied and he built a team around him.
Then commercial interests took over, and since the RHEL split with the move 
from Fedora Core to Fedora its been downhill ever since.

I don't like Red Hat(IBM), and that is why I am here.

> would be able to enlighten us
> on that and I could then modify my script to be able to create
> unprivileged containers too instead of relying on some Canonical
> webserver always being up and accessible or having to build out a QA
> server when I really don't need one just to create local containers.
Ok lets have a crack at it, remote administration by proxy.

Let's split the unprivileged task to avoid muddying the waters...
Which would you like to try first, system (root) containers or User containers ?

And does the following create a working privileged container OK ?
~
$ lxc-create -n beowulf -t download -- -d devuan -r beowulf -a amd64

 
> Can I put attachments on emails to the dyne mailing lists?
No idea, so I attached one to see what would happen...



lxc-check.sh
Description: application/shellscript
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Any parties interested in lxc ?

[g4sra via Dng]

On 05/10/2020 16:50, g4sra via Dng wrote:
> Hi Tom, Mason, Anybody else...
> 
> Beowulf lxc  1:3.1.0+really3.0.3-8 amd64 is broken.
> 
> Simple test I picked up from the internet:
> 
> ~# lxc-usernsexec
> Failed to find subuid or subgid allocation
--snip--
> 
> Considering what steps to take next...

None...

After some tracing it seems that lxc-usernsexec is only failing for the default 
case.
When used internally by LXC, it appears lxc-usernsexec is always passed 
arguments and therefore this bug has little impact.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng