Re: [DNG] Bug in synaptic package manager?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2022-01-26 at 03:30 +0200, Boian Bonev wrote: > > > Hi, > > a stupid question, could the templates be added to the base-files package > > that is already forked? > > It is not stupid at all - technically that is possible because there would be > no filename conflict. But I do not think it is the proper way because that > may > create confusion and would be hard to track for anyone not knowing what was > done. BTW I have no idea about the level of pureness desired, so I can't say. It was decided to add a Devuan specific package - python-apt-common-devuan, that is already in ceres but nothing depends on it. Soon the parts in tasksel that recommend synaptic will also recommend python-apt-common-devuan, so it would get installed automatically... Please test that - it does not depend on anything, so it should be easy to install the ceres package anywhere. Updates to the stable releases are pending after more thorough testing. HTH With best regards, b. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEumC8IPN+WURNbSUAE2VyCRPS8i0FAmH6FNYACgkQE2VyCRPS 8i2zqBAAk1v4FBjdHzZOhw6vN7ygva3zuZaYf+iRbPHPcriZkVJi03TIEmZfRsrP EDGQHQKfeJHlbH27Kl8ZtwrxuIRaGbj+fTNwRG8zVQKZA2L17TWLSXJpJw5qESis /N+PzqGa0y4exMvNNqUZNQOvsqHSrAwtHqEg7fJ2Xi5fLQqC6pUWqQ/ciI+DHNcv 1pxAIN8ID66gdLieFLrZCQGzz9gUHUYLoSYTpJQ9ySbU5wBwFdoHz6ymsRTg+o/q Pf/ALKJm/FTI6xMMnLiIayyL30ZpWqJQYDrJj61NsD6yT3o5CXT3QMuVpM+tZP3P ylRr3b0LUX6LBWDp2k3iz1VyNdHLM1j+QS0wotqTIvHHjJ67p6N7nVDKvu947Yvm rCqxyeufE3lcO1NODisqEkYCWuyBvbxkzyY1Hxe+V8QRTG+3n8RLK63WB1FcE28M 1Cde0OGIz6X+QUEazGrqRMzSYff/B/2iQ0tBG09BetHuCcyj9E7FmLojNZeuIL0z NHOsflcc+kQgd9yC4kjfiFM0B0DoVlgnZ9LuZ9Haqmt0OAWamEHupkbTZ2oxIOgy rZhVkAn3+hJqmE8wIiUvsEZhdfje0R7R5Htr1GK5bGBpX38omKuITC7rJzi67EmA L4OJPChdTFFAGB53T541mcqnBb8BW6Y4HnKRaUm+fiyrhwBt0Rc= =H0PX -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Functional languages
On Tue, Feb 01, 2022 at 12:01:56PM -0500, Steve Litt wrote: > Nikolaus Klepp via Dng said on Tue, 1 Feb 2022 17:55:30 +0100 > > >Anno domini 2022 Tue, 1 Feb 11:44:37 -0500 > > Steve Litt scripsit: > > >> In the hands of anything but a very careful and > >> security-knowledgeable programmer, writing Python3 is more secure > >> than writing C. You could think of Python3 as C with seatbelts and > >> airbags, and a heck of an inefficient transmission. > > > > I've been trying for over a decade to learn Scheme, or any other > functional programming language. I've failed every time. Since 1982 I had decided not to jump in on this thread since I am fanatical about occam and haskell. Unfortunately occam seems to be withering away. But if you learn any functional language Haskell is the only sane choice. There are many excellent tutorials online. Some assume a fair mathematical background, but there are some which make very few assumptions. Haskell code can be extremely efficient despite being functional and having garbage collection, approaching well written C. Haskell's proper rigorous mathematical underpinings make it very easy to learn. Extremly simple, and no hidden surprises. Pure elegance. But yes, a fairly steep learning curve if you have only a C-style imperative background. But the journey is exhilarating. Python is OO, so hopelessly broken in a concurrent world. But yes, still useful, and most of its good ideas are stolen/taken from Haskell... ael ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] questions further into networking
o1bigtenor via Dng wrote: > When this (streaming device only works with the vendor's DNS) happens > - - - is there a way to > counter or change that particular behavior? > > (Fascinating what's all connected!!!) Obviously when you buy those closed boxes, you get what’s lent and it does what the vendor wants it to do. But with DNS, you have the option to filter the DNS packets at the firewall and re-direct them to the internal DNS server. But you also have to arrange for the replies to get re-written as well so the devices sees the replies as having come back from the same address it sent the query to. Fundamentally this needs the traffic to pass through the firewall in both directions - either because the firewall is in the traffic path, or because it’s the default router for the DNS server. There’s a lot of stuff in the Shorewall FAQs, though I guess they “lose a bit in translation” if you aren’t familiar with Shorewall and it’s config files. https://shorewall.org/FAQ.htm#faq1f Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Scheme/Lisp: was What is your take on finit?
Anno domini 2022 Tue, 1 Feb 12:01:56 -0500 Steve Litt scripsit: > Nikolaus Klepp via Dng said on Tue, 1 Feb 2022 17:55:30 +0100 > > >Anno domini 2022 Tue, 1 Feb 11:44:37 -0500 > > Steve Litt scripsit: > > >> In the hands of anything but a very careful and > >> security-knowledgeable programmer, writing Python3 is more secure > >> than writing C. You could think of Python3 as C with seatbelts and > >> airbags, and a heck of an inefficient transmission. > > > >When it comes to this, I still prefer Scheme/Lisp seatbelts and > >airbags. But that's most likely because I have a grey beard and the > >first "high level" languages where indentation kicked my butt were > >fortran and cobol. Seeing that resurrected in python is like return of > >the living dead ... > > > >Nik > > Hi Nik, > > I've been trying for over a decade to learn Scheme, or any other > functional programming language. I've failed every time. Since 1982 > I've been a structured programmer using functional decomposition as a > design method. I can do OOP, although I'm not that impressed by it. > > How can I acquire the proper mindset to do Scheme or other functional > languages the right way, so I can finally start functional programming > that doesn't have a C accent? Hi Steve, This is a good talk on functionl programming for non-functional programmers: https://www.youtube.com/watch?v=0if71HOyVjY A good book helps a lot https://www.scheme.com/tspl4/ - get the printed version, it's better to read. And an IDE. Some like emacs, I prefer drracket https://racket-lang.org - (when you want to do GUIs look at racket-gui-easy - https://www.youtube.com/channel/UCHn3px69jb1bx5EOWyCIgFg ) Don't get fooled by pythoneers teaching pythonised scheme. And then start a little project without using any of the assignment functions like set! :) Nik > > Thanks, > > SteveT > > Steve Litt > Spring 2021 featured book: Troubleshooting Techniques of the Successful > Technologist http://www.troubleshooters.com/techniques > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] IPv6 for dummies by a dummy (was: Configuring ethernet port for IPv6)
o1bigtenor via Dng wrote: > I hope that others might also contribute even questions and thereby > a document in the 'how to' class is created. In many ways that’s a better way - there’s only so much generic stuff you can throw at someone before they get overwhelmed. If anyone does have specific question then I’ll try and help. >> You will want to configure an IPv6 firewall. I used Shorewall for this - >> it’s an amazing package. It’s still usable, but it’s time is now limited as >> it’s deeply entangled with iptables which is now deprecated and replaced >> with nftables. I imagine that at some point the iptables compatibility shim >> will go away and that will stop Shorewall. >> > I am looking at (have the hardware waiting for pickup) running something > like Pfsense or Opnsense for a firewall. It seems that either support > ipv6 as well. I would imagine either of those would do fine based on reputation - I’ve not used either. > Wondering about physical setup. > > I had thought of running my network (part of it at least) like this: > > WAN == router == firewall == managed switch == complicated network > > It has been suggested to me that I should combine the router and > the firewall functions into the same machine. Which option (combining > functions or separating functions) gives a more robust network? You can run it as you’ve drawn, but the firewall will inherently end up doing internal routing functions - effectively you’ve mane the router-firewall link there analogous to the ISP provided Wan link for your firewall. To elaborate, assuming you end up with multiple networks, traffic between them will need to be routed and managed. What you don’t want to do (and it would be tricky to configure anyway) is to route traffic out to the router only for it to be sent back in - passing through the firewall twice. So internal inter-network traffic could pass through the firewall just once, coming in through on VLAN interface, and being passed out via another one. In theory the single ethernet link between firewall and switch can be a bottleneck if there’s lots of traffic between networks, but I suspect few home networks will find that a problem, and you can always add extra ethernet ports (either as separate connection or aggregated as a bonded interface) for more bandwidth. > Where would a pihole function in this scenario? Pretty well anywhere it’s convenient ! All you need to do it to direct internal devices to use the Pihole for their DNS - and block outbound DNS queries from anything but your internal DNS service. As long as clients can reach it, it doesn’t matter where in the network you put it. According to a comment I read on a different mailing list, you may have to redirect “unauthorised” network traffic with firewall rules - so that devices which use hardcoded external DNS servers can use your internal service. > How secure can a system be made using firewall(s)? Probably the only totally secure system is one that’s been shredded, the threads incinerated, and the resulting bits mixed into lumps of concrete which are dropped into the deepest trench in the ocean - but that’s not all that useful :D If your firewall is reasonably secure in itself, then you can do a lot with a “block everything that’s not allowed” policy. There’s massive scope for tradeoffs between the effort you put into setting up and maintaining the system and the ease of using it. I suspect that for most of us, it’s not too hard to reach a point where the effort needed to break in puts you into “there are simpler ways for those sufficiently resourced to get at you”. Blocking individual sites gets a bit more tricky, especially these days when there can be so many sites sharing addresses - which change (with the various hosting proxy services). The Pihole does that at the DNS level, or you’d need to setup and use a proxy server - which only works for HTTPS sites if you are able to install your own root certificate on each client. Obligatory XKCD https://xkcd.com/538/ Steve Litt wrote: > Very soon I'll build myself an OpenBSD/pf firewall/router. At that time > I might set up something like the following: > > 11.22.33.440.0/24100.0/24 > INTERNET==SPECTRUM_MODEM_FW/ROUTERBSD/PF==WIRED_LAN >\\ > \=WIFI_ACCESS_POINT=Laptops > 0.0/240.0/24 > > The preceding leaves the Spectrum modem/firewall/router/wifi open to > the 20005 attack, but that attack can't go anywhere easily. I'll try > very hard to disable the Spectrum's wifi. The OpenBSD/pf will protect > the wired network from packets initiated from the Internet or from the > wifi laptops. I might leave ports 80 and 22 open to the laptops so they > can get house websites or ssh in. Also, I'll need to have them receive > DHCP from somewhere, and try to configure the DHCP to specific MAC > addresses. That’s one way of doing
Re: [DNG] Scheme/Lisp: was What is your take on finit?
On Tuesday 01 February 2022 at 18:01:56, Steve Litt wrote: > How can I acquire the proper mindset to do Scheme or other functional > languages the right way, so I can finally start functional programming > that doesn't have a C accent? From personal experience I suspect the only answer to that is to lose 35 to 45 years from your age. Antony. -- "Life is just a lot better if you feel you're having 10 [small] wins a day rather than a [big] win every 10 years or so." - Chris Hadfield, former skiing (and ski racing) instructor Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What is your take on finit?
On Tuesday 01 February 2022 at 17:55:30, Nikolaus Klepp via Dng wrote: > Anno domini 2022 Tue, 1 Feb 11:44:37 -0500 Steve Litt scripsit: > > > > In the hands of anything but a very careful and security-knowledgeable > > programmer, writing Python3 is more secure than writing C. You could > > think of Python3 as C with seatbelts and airbags, and a heck of an > > inefficient transmission. > > When it comes to this, I still prefer Scheme/Lisp seatbelts and airbags. > But that's most likely because I have a grey beard and the first "high > level" languages where indentation kicked my butt were fortran and cobol. > Seeing that resurrected in python is like return of the living dead ... I concur totally :) I, too, have a grey beard (although still containing some dark brown), and I have written Fortran, and also professionally had to read (although fortunately not write) Cobol. I learned Perl and Python at about the same time, in order to try to improve the efficiency (both create-time and run-time) of my (previously just Bash) scripts, and I find the indentation-fussiness of Python simply drives me up the wall. I regard indentation as something to make things easier to read for people. Syntactical items such as 'if', 'else', '{' or ';' are for computers to work out which bits of programming belong together. Mind you, that said, I these days spend a fair amount of my professional time writing Asterisk dial plans, whose language strongly reminds of programming in Basic in the 1980s. It has "Goto" and "Gosub", but no real "If" except for "GotoIf", and there is no concept at all of "{ ... }". In the first versions of the language you even had to number the lines of your code sequentially. Nowadays you can get away with numbering the first line '1' and then using 'n' for all the rest (but you still have to put it in). Antony. -- All generalisations are inaccurate. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Scheme/Lisp: was What is your take on finit?
Nikolaus Klepp via Dng said on Tue, 1 Feb 2022 17:55:30 +0100 >Anno domini 2022 Tue, 1 Feb 11:44:37 -0500 > Steve Litt scripsit: >> In the hands of anything but a very careful and >> security-knowledgeable programmer, writing Python3 is more secure >> than writing C. You could think of Python3 as C with seatbelts and >> airbags, and a heck of an inefficient transmission. > >When it comes to this, I still prefer Scheme/Lisp seatbelts and >airbags. But that's most likely because I have a grey beard and the >first "high level" languages where indentation kicked my butt were >fortran and cobol. Seeing that resurrected in python is like return of >the living dead ... > >Nik Hi Nik, I've been trying for over a decade to learn Scheme, or any other functional programming language. I've failed every time. Since 1982 I've been a structured programmer using functional decomposition as a design method. I can do OOP, although I'm not that impressed by it. How can I acquire the proper mindset to do Scheme or other functional languages the right way, so I can finally start functional programming that doesn't have a C accent? Thanks, SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What is your take on finit?
Anno domini 2022 Tue, 1 Feb 11:44:37 -0500 Steve Litt scripsit: > tito via Dng said on Tue, 1 Feb 2022 13:49:30 +0100 > > >On Tue, 1 Feb 2022 09:50:31 +0100 > >Didier Kryn wrote: > > > >> Le 31/01/2022 à 19:16, Steve Litt a écrit : > >> >> Writing a self-daemonizing daemon in C was a routine when I > >> >> was still active, though I understand it could be more difficult > >> >> in shell. > >> > But more difficult in Python. I try to stay away from C if Python > >> > does the job. I think Python3 plus its standard libraries are more > >> > secure than C code written by the error prone Steve Litt. > >> > >> Let me generalize: "I think Python3 plus its standard libraries > >> are more secure than C code written by an error prone human being." > >> (~: > > > >You made my day ;-) ... and Python is written in which programming > >language? > > This is my point exactly. The C in Python was written by much more > careful and security aware programmers than I, checked by thousands. > This is why you almost never hear of security flaws or bugs in Python3. > > Although made from C, Python3 has no pointers and has infinitly > expandable arrays and dictionaries, so no pointer exploits, no errant > pointers, no ininitialized pointers, and no buffer overflows. They pull > off RAM from the stack and the heap in the right way, and have garbage > collection, so memory leaks and the like are unlikely to occur by > accident. I can screw up a Python program in many ways, but assuming I > cleanse my inputs, few of those ways are a security risk. > > In the hands of anything but a very careful and security-knowledgeable > programmer, writing Python3 is more secure than writing C. You could > think of Python3 as C with seatbelts and airbags, and a heck of an > inefficient transmission. When it comes to this, I still prefer Scheme/Lisp seatbelts and airbags. But that's most likely because I have a grey beard and the first "high level" languages where indentation kicked my butt were fortran and cobol. Seeing that resurrected in python is like return of the living dead ... Nik > > SteveT > > Steve Litt > Spring 2021 featured book: Troubleshooting Techniques of the Successful > Technologist http://www.troubleshooters.com/techniques > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What is your take on finit?
tito via Dng said on Tue, 1 Feb 2022 13:49:30 +0100 >On Tue, 1 Feb 2022 09:50:31 +0100 >Didier Kryn wrote: > >> Le 31/01/2022 à 19:16, Steve Litt a écrit : >> >> Writing a self-daemonizing daemon in C was a routine when I >> >> was still active, though I understand it could be more difficult >> >> in shell. >> > But more difficult in Python. I try to stay away from C if Python >> > does the job. I think Python3 plus its standard libraries are more >> > secure than C code written by the error prone Steve Litt. >> >> Let me generalize: "I think Python3 plus its standard libraries >> are more secure than C code written by an error prone human being." >> (~: > >You made my day ;-) ... and Python is written in which programming >language? This is my point exactly. The C in Python was written by much more careful and security aware programmers than I, checked by thousands. This is why you almost never hear of security flaws or bugs in Python3. Although made from C, Python3 has no pointers and has infinitly expandable arrays and dictionaries, so no pointer exploits, no errant pointers, no ininitialized pointers, and no buffer overflows. They pull off RAM from the stack and the heap in the right way, and have garbage collection, so memory leaks and the like are unlikely to occur by accident. I can screw up a Python program in many ways, but assuming I cleanse my inputs, few of those ways are a security risk. In the hands of anything but a very careful and security-knowledgeable programmer, writing Python3 is more secure than writing C. You could think of Python3 as C with seatbelts and airbags, and a heck of an inefficient transmission. SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What is your take on finit?
On Tue, Feb 01, 2022 at 09:50:31AM +0100, Didier Kryn wrote: > Le 31/01/2022 à 19:16, Steve Litt a écrit : > > > Writing a self-daemonizing daemon in C was a routine when I was > > > still active, though I understand it could be more difficult in shell. > > But more difficult in Python. I try to stay away from C if Python does > > the job. I think Python3 plus its standard libraries are more secure > > than C code written by the error prone Steve Litt. > > Let me generalize: "I think Python3 plus its standard libraries are more > secure than C code written by an error prone human being." (~: > > Actually I don't know Python, but I think I can trust you because I > consider C/C++ amongst the most insecure languages. But this is one of my > favourite themes... Not surprising. In many ways, C is Algol 68 without type-safety, array bounds checking, or garbage-collection. -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What is your take on finit?
On Tue, Feb 01, 2022 at 01:49:30PM +0100, tito via Dng wrote: > On Tue, 1 Feb 2022 09:50:31 +0100 > Didier Kryn wrote: > > > Le 31/01/2022 à 19:16, Steve Litt a écrit : > > >> Writing a self-daemonizing daemon in C was a routine when I was > > >> still active, though I understand it could be more difficult in shell. > > > But more difficult in Python. I try to stay away from C if Python does > > > the job. I think Python3 plus its standard libraries are more secure > > > than C code written by the error prone Steve Litt. > > > > Let me generalize: "I think Python3 plus its standard libraries are > > more secure than C code written by an error prone human being." (~: > > You made my day ;-) ... and Python is written in which programming language? There's a number of implementations. One is in Python (self-hosting), a Java one, a .NET one… there's even a CPython implemented in C if you want it! -- Tomasz Torcz 72->| 80->| to...@pipebreaker.pl 72->| 80->| ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What is your take on finit?
On Tue, 1 Feb 2022 09:50:31 +0100 Didier Kryn wrote: > Le 31/01/2022 à 19:16, Steve Litt a écrit : > >> Writing a self-daemonizing daemon in C was a routine when I was > >> still active, though I understand it could be more difficult in shell. > > But more difficult in Python. I try to stay away from C if Python does > > the job. I think Python3 plus its standard libraries are more secure > > than C code written by the error prone Steve Litt. > > Let me generalize: "I think Python3 plus its standard libraries are > more secure than C code written by an error prone human being." (~: You made my day ;-) ... and Python is written in which programming language? Ciao, Tito > Actually I don't know Python, but I think I can trust you because I > consider C/C++ amongst the most insecure languages. But this is one of > my favourite themes... > > -- Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] What is your take on finit?
Le 31/01/2022 à 19:16, Steve Litt a écrit : Writing a self-daemonizing daemon in C was a routine when I was still active, though I understand it could be more difficult in shell. But more difficult in Python. I try to stay away from C if Python does the job. I think Python3 plus its standard libraries are more secure than C code written by the error prone Steve Litt. Let me generalize: "I think Python3 plus its standard libraries are more secure than C code written by an error prone human being." (~: Actually I don't know Python, but I think I can trust you because I consider C/C++ amongst the most insecure languages. But this is one of my favourite themes... -- Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] 3 GoLUG meeting presentations
Hi all, The GoLUG meeting at 7pm on Wednesday 2/2/2022 7PM Eastern (New York) time, features three short presentations, as detailed at http://golug.info. Due to time constraints, we're not taking any more presenters for the 2/2/2022 meeting. Presentations plus each presentation's 10 minute question and answer are scheduled to take 1.5 hours. Presenters, please arrive at least 15 minutes early to test your sound and video setup and make sure you're able to share your screen. I'll probably arrive about half an hour early. This is an online meeting via Jitsi. The URL is https://meet.jit.si/golug From Linux, I've had best success using Jitsi from the Chromium browser. Others have been able to use Firefox, but I haven't. There are also static image apps you can download. Jitsi works fine with Mac, Windows, iPhone and Android. If you're not using headphones, or if you're working from a noisy environment, please keep your mike muted except when speaking. SteveT Steve Litt Spring 2021 featured book: Troubleshooting Techniques of the Successful Technologist http://www.troubleshooters.com/techniques ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng