Re: [DNG] Docker on Devuan?

[Olaf Meeuwissen]

Hi,

goli...@dyne.org writes:

> On 2017-09-07 07:22, Olaf Meeuwissen wrote:
>> Hi Ozi,
>>
>> Ozi Traveller writes:
>>
>>> Just wondering whether anyone has managed to get docker installed on
>>> Devuan?
>>>
>>> If so, how? And are you getting docker updates as well?
>>
>> Have a look at my blog post[1] on this topic ;-)
>>
>>  [1]: https://paddy-hack.gitlab.io/posts/sandwiching-docker-with-devuan/
>>
>> I basically just use the vendor provided package for Debian.  Works
>> fine so far.
>>
>> I've also put together a Devuan base image and have a few issues[2]
>> that I plan to work on in the not too distant future.
>>
>>  [2]: https://gitlab.com/paddy-hack/devuan/issues
>>
>> Hope this helps,
>
> Would you consider moving that to git.devuan.org?  Would make it easier
> for devuan users to find.

I have an account on git.devuan.org already, so, yes, I could move my
Docker Devuan base image project there but I'm not quite sure how that
would affect the CI/CD pipeline I use, i.e. my .gitlab-ci.yml, and what
Docker registry I would be able to push the images to.  There doesn't
seem to be any Registry support yet on git.devuan.org :-(

Hope this helps,
--
Olaf Meeuwissen, LPIC-2FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Softwarehttps://my.fsf.org/donate
 Join the Free Software Foundation  https://my.fsf.org/join
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]

[taii...@gmx.com]

On 09/08/2017 07:18 PM, Alessandro Selli wrote:


On Fri, 8 Sep 2017 at 00:22:40 -0400
"taii...@gmx.com"  wrote:


On 09/07/2017 02:18 PM, Rick Moen wrote:


Quoting taii...@gmx.com (taii...@gmx.com):


I also find a bit questionable your going around attempting to tarnish
the reputation of someone with a real name, while concealing your own.

Criticism isn't allowed?

This is of course nothing like what I said.


I dislike when people deal with speculation instead of proven facts
when judging technical merits.

Then, _address what you perceive as speculation_.

I apologize - I should have done that in the first place instead of
resorting to name calling.

Mr. Selli has said:
*That IBM's POWER CPU's have a hardware level backdoor and have had
backdoors in the past whilst providing no real evidence to support that
those claims,

   I did provide with the evidence:
https://lists.dyne.org/lurker/message/20170907.084234.3d39055c.en.html
That .pdf you linked is for IBM's x86 products, which they stopped 
making 7 years ago.


Irregardless that is a BMC not a backdoor - a BMC is a standard server 
feature and on POWER9 the code is entirely open source and you can run 
whatever you please on the BMC chip as there isn't hardware code signing 
enforcement like with Intel ME/AMD PSP.


   Why do you write easy to disprove falseness?  Don't you have a minimum
of self-respect?

Ah the pot calling the kettle black.

he bolstered that argument by stating that IBM's work with
the US military is suspect and thus concludes guilt by association.

   No, I just pointed out that the fact that IBM does indeed put hardware
and software remote-control devices inside it's chips is an established
and documented truth.

Again a BMC isn't a backdoor

IBM sells POWER chips to both the the US Military and the Chinese
Military, doing that is largely as to why they are still in business -
as the worlds third maker of high performance computing hardware one
simply can't and shouldn't ignore the worlds two largest consumers.

IBM has done a variety of bad things, but that doesn't mean OpenPOWER
isn't a really good one.

* That the presence of a BMC chip on POWER means it has a backdoor

BMC chips are a common server feature required for remotely
administering a computer without headache, this one is owner controlled
(no hw code signing enforcement) and has full source code available to
the public after POWER9 is released.

   Again, this is a faith-based assumption as only IBM knows what's
inside their proprietary hardware.  Anyone who's had experiences on
their AS400 and RS600 platforms knows how darned proprietary their
hardware is.  You're free to believe they changed and they now value the
commoner's freedom more than the interests of the governments they
serve, of course.  You are *not* free to write falsity and disparage
people who hold different opinions, though.
I would say buying TALOS where am IBM backdoor is simply fringe 
speculation is much better than a purism where it is an absolute fact.

*That TALOS is proprietary closed source hardware  -  which isn't true -
as not being that is the entire point of it.

   I repeatedly asked you if there is anyone who has their chips'
blueprints, which is a prime condition to be able to call their hardware
anything other than proprietary.  You always turned a deaf ear to these
requests.
Uhh no I didn't, as I have stated (and as you would know had you read 
the TALOS2 website) the POWER9 datasheets and HDL's are currently under 
embargo and will be released to the general public when the hardware is 
- the makers of TALOS 2 have them as they are a member of the OpenPOWER 
foundation.

After the release of POWER9 the board and BMC firmware sources will be
provided,

   Ok, so nothing available *now* from IBM is openhardware.  For a
strange reason this is acceptable from IBM/Talos, while it's a disgrace
when Purism does the same thing.  Go figure.
Again, the public will get the spec sheets and HDL's when the hardware 
is released - why do you consider this equivalent to purism? they will 
never be able to get intel to release anything, their hardware has been 
out for many years and they still don't even have a blobbed coreboot.

and both the CPU/board and the BMC are owner controlled due to
the absence of hardware enforced code signing.

   ...that you know of, as the available hardware is proprietary and
closed-source.

No it isn't, which you would know if you read the TALOS2 website.

Full documentation and HDL's will be available for all components

   All right, good.  I'll believe what I will see.


besides the onboard broadcom nics which currently require a firmware
blob

   I wonder why you felt entitled at railing against Purism for having
considered equipping their laptops with Nvidia GPUs while it's perfectly
OK that TALOS uses a NIC from one of the most opensource unfriendly vendors.
A network interface isn't a critical component like a graphics device 
is, it 

Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]

[Alessandro Selli]

On Fri, 8 Sep 2017 at 00:22:40 -0400
"taii...@gmx.com"  wrote:

> On 09/07/2017 02:18 PM, Rick Moen wrote:
> 
>> Quoting taii...@gmx.com (taii...@gmx.com):
>>
 I also find a bit questionable your going around attempting to tarnish
 the reputation of someone with a real name, while concealing your own.
>>> Criticism isn't allowed?
>> This is of course nothing like what I said.
>>
>>> I dislike when people deal with speculation instead of proven facts
>>> when judging technical merits.
>> Then, _address what you perceive as speculation_.
> I apologize - I should have done that in the first place instead of 
> resorting to name calling.
> 
> Mr. Selli has said:
> *That IBM's POWER CPU's have a hardware level backdoor and have had 
> backdoors in the past whilst providing no real evidence to support that 
> those claims,

  I did provide with the evidence:
https://lists.dyne.org/lurker/message/20170907.084234.3d39055c.en.html

  Why do you write easy to disprove falseness?  Don't you have a minimum
of self-respect?

> he bolstered that argument by stating that IBM's work with 
> the US military is suspect and thus concludes guilt by association.

  No, I just pointed out that the fact that IBM does indeed put hardware
and software remote-control devices inside it's chips is an established
and documented truth.

> IBM sells POWER chips to both the the US Military and the Chinese 
> Military, doing that is largely as to why they are still in business - 
> as the worlds third maker of high performance computing hardware one 
> simply can't and shouldn't ignore the worlds two largest consumers.
>
> IBM has done a variety of bad things, but that doesn't mean OpenPOWER 
> isn't a really good one.
>
> * That the presence of a BMC chip on POWER means it has a backdoor
>
> BMC chips are a common server feature required for remotely 
> administering a computer without headache, this one is owner controlled 
> (no hw code signing enforcement) and has full source code available to 
> the public after POWER9 is released.

  Again, this is a faith-based assumption as only IBM knows what's
inside their proprietary hardware.  Anyone who's had experiences on
their AS400 and RS600 platforms knows how darned proprietary their
hardware is.  You're free to believe they changed and they now value the
commoner's freedom more than the interests of the governments they
serve, of course.  You are *not* free to write falsity and disparage
people who hold different opinions, though.

> *That TALOS is proprietary closed source hardware  -  which isn't true - 
> as not being that is the entire point of it.

  I repeatedly asked you if there is anyone who has their chips'
blueprints, which is a prime condition to be able to call their hardware
anything other than proprietary.  You always turned a deaf ear to these
requests.

> After the release of POWER9 the board and BMC firmware sources will be 
> provided,

  Ok, so nothing available *now* from IBM is openhardware.  For a
strange reason this is acceptable from IBM/Talos, while it's a disgrace
when Purism does the same thing.  Go figure.

> and both the CPU/board and the BMC are owner controlled due to 
> the absence of hardware enforced code signing.

  ...that you know of, as the available hardware is proprietary and
closed-source.

> Full documentation and HDL's will be available for all components

  All right, good.  I'll believe what I will see.

> besides the onboard broadcom nics which currently require a firmware 
> blob

  I wonder why you felt entitled at railing against Purism for having
considered equipping their laptops with Nvidia GPUs while it's perfectly
OK that TALOS uses a NIC from one of the most opensource unfriendly vendors.

> as there are no open source non-intel gigabit NIC's

  Is not having Intel hardware more important than having opensource
components inside a TALOS workstation?

> - but the FSF 
> says that this minor detail doesn't prevent it from receiving RYF 
> certification as they are behind the POWER-IOMMU and as such are not 
> capable of doing anything malicious.

  Good.

> * That the reason he/purism hasn't made owner controlled hardware is 
> because it is "too expensive"

  I don't remember writing anything like this.  Quote, please?

> Purism's "Librem" 15" laptop is $2,000

  False, again:
https://puri.sm/shop/librem-15/
$1,599.00, now running a rebate to $1,449.00

  Compare with this:
https://secure.raptorcs.com/content/TL2WK2/purchase.html
Talos™ II Secure Workstation$4,750.00

> - in comparison one can have a 
> TALOS-2 DIY build for $2.6K

  Do you realize your "errors" are regularly one-sided, they always play
in favour of TALOS and to the detriment of Purism?  How do you expect to
be trusted as a neutral source of information, given that you also never
provide pointers to third-party documentation to back your claims?

  You're really comparing apples to oranges: Purism sells finished
laptops, TALOS sells 

Re: [DNG] Talos, Intel, libre purism, ...

[Narcis Garcia]

El 08/09/17 a les 11:02, Arnt Karlsen ha escrit:
> On Thu, 7 Sep 2017 13:13:17 +0100, Rowland wrote in message 
> <20170907131317.02a67...@devstation.samdom.example.com>:
> 
>> On Thu, 7 Sep 2017 13:59:01 +0200
>> Narcis Garcia  wrote:
>>
>>> This thread has now 86 posts, and I still don't see a solid
>>> contribution to Devuan project.
> 
> ..in the narrower sense of building Devuan, I agree. 
> In the wider sense, I disagree, Devuan happens largely because 
> we believe systemd is some form of backdoor to subvert freedom.
> 
> ..there are many other ways to create those mean backdoors.
> 

Devuan GNU+Linux is a project with a decision already taken: The default
ability to run without Systemd.
A very bad contribution to the project is to flood community with
subjects related to this, while other serious areas of a normal distro
project aren't properly deployed to guarantee a future.

Please complete first Devuan as a project and a distro, and AFTER
introduce new or different features.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]

[Arnt Karlsen]

On Thu, 7 Sep 2017 23:16:08 -0700, Rick wrote in message 
<20170908061608.gc9...@linuxmafia.com>:

> Quoting taii...@gmx.com (taii...@gmx.com):
> 
> > I apologize - I should have done that in the first place instead of
> > resorting to name calling.
> 
> I thank you.
> 
> (In fairness, Mr. Selli then return-volleyed the same thing, which was
> not 'cricket' either but rather amusing in context.)
> 
> Thank you as well for the attempt to hold a serious conversation about
> the obstacles to truly open hardware.
> 
> > No it isn't, I have had 5 separate targeting hacking attacks on me
> > in my 10 years on the internet - one of those people attempted to
> > find my physical location so he could SWAT me which is why I never
> > use my real name nor have any type of social media.
> 
> I can only say that some passive-aggressives in the online community
> have tried to 'get Moen fired', which has been hilarious to watch.  
> I think it rather unnerves them when they notice that my Web site has
> my real street address, real telephone number, and, best of all, my
> exact latitude, longitude, and altitude expressed as 'ICBM
> address'.  ;->

..I used to have a ping target "If it responds, you missed." service 
going. ;o)

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] ..OT: Can we do new cpu etc hardware, from scratch, on e.g. Google funding?, was: Purism Librem and disabling Intel ME: it can be done

[Arnt Karlsen]

On Fri, 8 Sep 2017 00:22:40 -0400, taii...@gmx.com wrote in message 
:

> Google has many times attempted to get intel to provide a method to 
> disable ME and remove it from the boot process for their in house 
> computers and the coreboot laptops they sell, they have not been 
> successful - thus if a billion dollar company can't pull it off a
> small upstart certainly can't.

..can we do it (on e.g. Google funding)?  I.e. new cpu etc hardware
from scratch on e.g. Google funding.

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Purism Librem and disabling Intel ME

[Arnt Karlsen]

On Thu, 7 Sep 2017 16:27:17 +0100, Rowland wrote in message 
<20170907162717.459c8...@devstation.samdom.example.com>:

> On Thu, 7 Sep 2017 17:12:25 +0200
> Edward Bartolo  wrote:
> 
> > Quote: "Please take this discussion somewhere else, it has NOTHING
> > to do with Devuan"
> > 
> > This discussion has taught me that Intel CPUs from 2008 onwards also
> > come with GRATIS but QUESTIONABLE functionalities, that many
> > including myself, frown upon.
> > 
> > If there are non-risky hacks that readers can use to 'harden' their
> > computer against this unwelcome feature, please go ahead and provide
> > it, even here. This has to do with Devuan as it has to do with
> > security.
> 
> Sorry Edward, but this doesn't really have anything to do with Devuan
> OS directly and if it was just a mention of a 'feature', I could live
> with it. This topic, like several others lately, just goes on and
> on and on. It is just clogging my email with something I not that
> interested in (well not to the extent it has been discussed here).
> 
> If you are going to mention something not directly to do with Devuan,
> then do just that, mention it and move on, don't chew it over and
> over. If you feel you should have a major discourse about it, then do
> it of list!
> 
> Rowland

..Penny, we're both using X-Mailer: Claws Mail 3.11.1, to stop seeing
threads that annoy you, quickest way is pick the "Message" menu, then
down that pick "Mark", then down that, pick "Ignore thread" and enjoy
your future. ;o) 

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Talos, Intel, libre purism, ...

[Arnt Karlsen]

On Thu, 07 Sep 2017 11:16:52 -0500, goli...@dyne.org wrote in message 
<9acf140d828463744afd3e33596e0...@dyne.org>:

> On 2017-09-07 10:40, zap wrote:
> > On 09/07/2017 08:11 AM, Antony Stone wrote:
> >> On Thursday 07 September 2017 at 13:59:01, Narcis Garcia wrote:
> >> 
> >>> This thread has now 86 posts, and I still don't see a solid 
> >>> contribution
> >>> to Devuan project.
> >>> This makes very heavy to be subscribed in a mailing list for
> >>> people like
> >>> me, that are looking a good alternative to Debian/Systemd, not
> >>> only in
> >>> software but also in community.
> >> I'm strongly inclined to agree.
> >> 
> >> Perhaps we could have something like a "devuan-discuss" list for
> >> the philosophy and the disagreements, leaving this list for
> >> discussions actually
> >> directly related to developing or using Devuan?
> >> 
> > Yes! PLEASE! let's do that. :)
> 
> Do you not READ this list?  Been there. Done that.  It failed
> miserably.

..it might succeed this time around, if we give it a new try.

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Talos, Intel, libre purism, ...

[Arnt Karlsen]

On Thu, 7 Sep 2017 13:13:17 +0100, Rowland wrote in message 
<20170907131317.02a67...@devstation.samdom.example.com>:

> On Thu, 7 Sep 2017 13:59:01 +0200
> Narcis Garcia  wrote:
> 
> > This thread has now 86 posts, and I still don't see a solid
> > contribution to Devuan project.

..in the narrower sense of building Devuan, I agree. 
In the wider sense, I disagree, Devuan happens largely because 
we believe systemd is some form of backdoor to subvert freedom.

..there are many other ways to create those mean backdoors.

> > This makes very heavy to be subscribed in a mailing list for people
> > like me, that are looking a good alternative to Debian/Systemd, not
> > only in software but also in community.
> > 
> > 
> 
> Totally agree with the sentiments of the above post.
> Can we please keep to posts that are relevant to Devuan.
> 
> If you want to have philosophical discussions about Open source, can
> you please do it somewhere else.

..a better way might be mark those threads "OT", even good old
fetchmail and procmail can be set up to e.g. not fetch those 
thread posts if you don't wanna waste bandwidth fetching them.

-- 
..med vennlig hilsen = with Kind Regards from Arnt Karlsen
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]

[Enrico Weigelt, metux IT consult]

On 08.09.2017 09:53, Erik Christiansen wrote:


No, one of the variety of CPUs implemented on FPGAs, so not so curious
at all. Some FPGAs contain RAM areas, improving the gate efficiency of
e.g. a CPU implementation.


No, that's just boring ;-)

I'm thinking of generating VHDL from fw rules and synthesize that into
an FPGA.

OTOH, for such applications we could also think about different
computer architectures (maybe transputers, etc)

--

mit freundlichen Grüßen
--
Enrico, Sohn von Wilfried, a.d.F. Weigelt,
metux IT consulting
+49-151-27565287
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Purism Librem and disabling Intel ME: it can be done [ Re: TALOS 2 - The Libre Owner Controlled POWER9 Workstation/Server ]

[Erik Christiansen]

On 07.09.17 17:34, Enrico Weigelt, metux IT consult wrote:
> On 07.09.2017 16:12, Erik Christiansen wrote:
> 
> > If the firewall is on a FPGA, then we know what every gate is doing, as
> > we have the VHDL source for it.
> 
> An purely FPGA-based firewall (w/o an cpu in it), specifically
> synthesized for a given ruleset seems an very interesting approach.

No, one of the variety of CPUs implemented on FPGAs, so not so curious
at all. Some FPGAs contain RAM areas, improving the gate efficiency of
e.g. a CPU implementation.

Erik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng