Florian Zieboll writes:
I suggest you get some workout and then target the original source of
your frustration, constructively - instead of (cowardly) dissing 40+yo
script kiddies (yeah, that's me^^). This brings definitely more fun and
satisfaction, while providing at least some slight
Steve Litt writes:
As one such back seat driver, allow me to explain. When you've been
both programming and using for a long time, you get a feel for the many
ways something can be done,
...
I stopped here, because I remember what you wrote about Redis recently.
Perhaps you don't have a feel
Dave Turner writes:
which network printers should we buy?
Look for something with wired ethernet, postscript and IPP, not under €300,
not under 20kg for a BW laser. WLAN is okay but if the printer doesn't have
wired ethernet, it's not targeted at the right market niche.
HP, Lexmark,
chill...@protonmail.com writes:
lol @ about the browser taking longer to compile.. I have no
doubt you didn't exaggerate this.
That'll have been Chrome. A giant. It includes several compilers and lots
of libraries. The only things I've seen that are comparable are gcc (over a
gigabyte of
J. Fahrner writes:
That's also what I do. I have a Brother DCP-7045N connected as
network printer with lpd protocol. I can install it with a
single ppd file, but then printing is VERY SLOW. Printing is
fast with the Brother supplied "cupswrapper" driver, but this is
only available as 32bit
Didier Kryn writes:
Do you remember any of these comics where the driver of a
car opens the motor to repair, throws away a bunch of parts, and
then the engine starts again and the guy goes away with the car?
Here we are with Linux. The BIG piece to remove was systemd, but
there are quite
Menelaos Maglis writes:
Why should an application need a system bus to pass messages
between its own components? CUPS is not using D-Bus and is able
to print to other printers; only HPLIP uses D-bus, so far as I
am aware. Why not keep using the same method/interfaces that are
proven for
kato...@freaknet.org writes:
yeah, namely. Why on Earth do we need dbus to send a print job over
the network via lpd or http? The real answer is "we don't". The
effective one is "the developers of hplip don't give a toss".
Yet another answer is: The developers don't see another way that's both
Didier Kryn writes:
You're certainly right: it isn't simple. But it's
essential, isn't it?. Graphics printing reached the personnal
computer probably with the first McIntosh, in 1982. Not
sure it's more feature-rich today than 10 years ago, when it
wasn't depending on dbus.
I wrote a
taii...@gmx.com writes:
I still have not received an answer from the FSF about if
purism will be allowed to fraudulently market their products at
libreplanet, they avoid the question as if I never asked it
whilst answering my other questions.
I've answered enough support mail to be able to
taii...@gmx.com writes:
Purism is NOT free hardware and certainly not "grassroots" as
their mysterious founder somehow has a bottomless pit of money
to burn on hardware costs and propaganda campaigns.
Bit of a dissappointment as mysteries go. Crunchbase and the team page
suggest that Purism
> ext3/ext4 are solid fs, and have
> always been. the lost+found folder is a remainder of the ext2 era, and
> is not even mandatory any more, AFAIU.
lost+found is required since ext3+ext4 permit mounting as ext2, which requires
it. A poor reason, perhaps, but put differently getting rid of a
kato...@freaknet.org writes:
Yes, I see. It's not that macbooks are preferred by developers. It's
more like they are forced onto them by the marketing departments of
their companies, who must ensure that their employees' laptops shine
at least as much as their competitors'.and then we gasp
kato...@freaknet.org writes:
I don't see how macbooks could be the "standard" among developers
(BTW, what kind of developers?). I cannot associate any feeling except
*claustrophobia* to the very few times when I had to use a Mac. But
perhaps I don't qualify as the kind of developer to whom Mac
Steve Litt writes:
Is there evidence somewhere that Debian DDs use OS/x?
It's so common among developers in general that it would be very surprising
if zero debianites do it.
Macbooks are almost a standard among developers, certainly a majority of
the last hundred developers I've worked
Yevgeny Kosarzhevsky writes:
I don't see that it will give lower security than any other FS in this case.
Rick is trying to say: NFS has a poor reputation for accidental security
misconfigurations. Something about the way NFS is configured leads even
careful, clueful people to make
k...@aspodata.se writes:
If you know any specific packages which breaks the "separate /usr" idea,
please report.
Libraries in these
libdiscover2
libffi6
libgmp10
libgnutls-deb0-28
libgnutls-openssl27
libgssapi-krb5-2
libhogweed2
libk5crypto3
libkrb5-3
libkrb5support0
libnettle4
libp11-kit0
Steve Litt writes:
It appears you're using NFS.
Back in my youth, the wise men told me that NFS was a horrible security
threat unless you also used YP, which was too sophisticated for me to
ever figure out.
That's a long time ago and the world has changed.
Back then, the big problem was that
Svante Signell writes:
This is not the first posting from Eduardo to this list. He still has
not learned netiquette, a very sad story. Sorry for raising this issue
now, I just couldn't wait any longer. Regarding technicalities we are
speaking about he is fully aware.
Fix your own mail reader
Edward Bartolo writes:
The parent compiler and the other compilers must produce identical
code from the same source code. How is the control (parent source)
compiler known to produce exactly the same executables as the other
compilers?
No. David Wheeler's dissertation goes into that in detail.
Didier Kryn writes:
Well, postgress is a database manager. You have a choice of
several others; they must be able to deal with high fluxes of
data. None of them is a critical system component.
WTF? Postgres is a critical system component of every single server where
I've ever installed
Aldemir Akpinar writes:
No, I've actually asked an honest question.
In that case you'll get my honest answer. I've implemented several
file/network formats vaguely like that journal format, one of them has
likely been used by millions of people.
In each case, the team decided to use a
Aldemir Akpinar writes:
Could you elaborate why are you comparing a relational database
system where its files must be binary with a logging system
where its files doesn't need to binary?
You make it sound is if binary files were some sort of horror that requires
special justification.
Arnt Karlsen writes:
you appear to suggest that law enforcement wanting to read systemd
journal logs, _should_ depend on the mercy of systemd developers not
"filtering" away inconvenient evidence of e.g. systemd developer
wrongdoing from said law enforcement.
That's routine. Few readers read
Olaf Meeuwissen writes:
Crying wolf like this time and again is not doing Devuan any good.
Amen.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
John Hughes writes:
The lkml.org archive contains a broken link. How odd. There's
another message from Linus with the same subject:
https://lkml.org/lkml/2017/10/26/524
That one's to the point... Linus may/will not react to conspiracy theories
about possible future commits, but it there's
Didier Kryn writes:
That's why a bunch of people have endeavoured replacing
systemd-udev by mdev or mdevd, something much simpler to
configure and not locked-in. The only issue now is that sysfs is
unstable on purpose to force libudev on people (sysfs is
developped by the same persons
One more.
When we say entropy and random numbers, we generally mean completely
unpredictable.
Intel's RDRAND, ekey, presumably ID-Quantique's solution and others rely
for their entropy on quantum physics. If our understanding of quantum
physics is correct, then by constructing such and such
If this is not your field of expertise the you should not call Intel's
solution junk.
It will not help with disks. What it helps with is
applications that need properly independent random numbers often. A VPN
server is such a case, it needs a few bits every time a client opens a
connection
Nate Bargmann writes:
I've also used Procmail for an
equal length of time and it is now claimed to be "unmaintained".
Who claims that?
Arnt
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
If I am remember well, MS Windows (the operating system) does have a
micro-kernel, but is it more efficient with an extra layer of
intercommunication?
Windows NT is based on DEC VMS, not a very modern OS ;-)
https://en.wikipedia.org/wiki/Dave_Cutler
Based on VMS, right, like Linux is based on
Didier Kryn writes:
The distinction trust-zone vs normal doesn't look very
different of kernel-mode vs user-mode, does it?
Or, for that matter, like the privsep distinctions used in some programs.
It's all the same kind of thing.
Arnt
___
Dng
Martin Steigerwald writes:
I don´t know much about Trustzone. Do you have any links to a good
explaination of it (preferable from a non-vendor source)?
Not offhand, sorry. But let me summarise the one I read:
You can put code and data in a part of RAM and then turn off regular access
to
Martin Steigerwald writes:
I wonder about ARM64 as an alternative? But they have some
Trustzone crap if I remember correctly.
ARM64 is fine from a performance viewpoint. The mobile phone vendors have
spent a decade optimising ARM SOCs for performance on small batteries. I
haven't found
Dr. Nikolaus Klepp writes:
Nice. But it they suffer from the "not invented here"-syndrome:
instead of using prooven good busysbox, they rewrite userspace
in GO .. oops, who "invented" Go and wants to push it to the
users?
They use the linux kernel, but suffer from NIH syndrome? Has it
taii...@gmx.com writes:
I can't imagine it being equivalent to a (non-intel/amd)
hardware source of entropy when it comes to quality of entropy -
have there been any quality analysis performed?
Yes. But it misses the point.
Olaf Meeuwissen writes:
I have used the `haveged` package to keep my /dev/urandom "topped up"
when randomizing disks. Greatly shortened the time needed to fill my
disks. No idea about the quality of randomness, though.
I looked at it now. It seems to observe some real entropy, but I think
(Sorry, forgot to send earlier)
Steve Litt writes:
Something that used to
take no more than correctly configuring grub now requires execution
of the volumes of information in these links, with much of that
execution being trial and error because of different UEFI/secureboot
implementations.
Didier Kryn writes:
I've read previously on this list that secureboot doesn't
prevent booting from a usb key... Or did I misunderstood?
People spread too much FUD.
Various people have asserted, without naming names, that some/most vendors
do not allow you to delete keys from the list of
taii...@gmx.com writes:
No you aren't.
Intel ME + "Secure" boot non-owner controlled firmware code
signing enforcement (probably hardware enforced via boot guard,
so one couldn't even spend the thousands to have it removed via
a coreboot platform port)
If you can't execute whatever you
Didier Kryn writes:
For me the things which need to be protected are
1) the data
2) the OS, to avoid backdoors
I can't see any need to protect a motherboard against
booting from a "foreign" disk.
To access the data: Boot from foreign media, modify or replace the usual
boot
kato...@freaknet.org writes:
Yes, but what about *adding* your own keys? This does not seem to be a
popular option, AFAIK.
Of course it isn't. Who has a reason to talk about it?
Microsoft doesn't talk much about that, because Microsoft wants most users
to use Windows Upgrade and get timely
kato...@freaknet.org writes:
I don't know much about signed bootloaders, and i will try to re-read
the thread to fully understand your statement.
The short version: You can remove keys, so that only your own key is valid
for booting. If you're then careful about that key, then later physical
kato...@freaknet.org writes:
And what if you want to use your own unsigned bootloader? Why should
you ask someone else the permission to boot your own machine? o_O
Because I want deny people with physical access the ability to boot
unsigned bootloaders.
I am both the owner of my hardware
Dr. Nikolaus Klepp writes:
Sorry to say, it's not. These keys don't allow booting your retail windows.
Uh-huh. Are we talking about black helicopter keys?
Arnt
___
Dng mailing list
Dng@lists.dyne.org
Dr. Nikolaus Klepp writes:
Well, that's not true: If you are lucky, your vendor installed
a bios that allows you seamingly do so. But most likely he
didn't. Most likely his implementation has a backdoor for
windows.
You're saying most vendors do this? Not just some but MOST? Name one or two
taii...@gmx.com writes:
I found this seemingly cool product, a pci-e hardware RNG that
produces a large stream of "truly random" "quantum" random
numbers.
...
I am curious what the deal with this is, does it really work?
what is the use case for this? does anyone here have one?
I have a
John Franklin writes:
That’s not an apology. Would you like to try again?
I'm not Steve, but the occasion fits:
Tobias, until I read your posting a couple of days ago I did not realise
that UEFI/Secure Boot can be configured such that ONLY my kernels can be
booted, not even fresh install
jaro...@dyne.org writes:
Same here, its a core part of many software projects, not only web
based but also on embedded systems and micro-service related.
Totally offtopic but some if you will be fascinated by the references to
redis in this talk by John Regehr: https://youtu.be/Ux0YnVEaI6A
Alessandro Selli writes:
Plus, it's purported security is mostly a mith. It only checks if the
first-stage bootloader was signed by a known, authorized key,
everything else
is as exposed to malware and rootkits as it's always been. It protects from
one of the smallest attack vectors that
Rowland Penny writes:
Please stop being obtuse, You know very well what I meant.
I do indeed, and I think you're wrong. Devuan has taken a no-systemd
decision, that's all. That isn't a promise from anyone to provide
alternatives in any other question, or to make alternative packages. Not
Rowland Penny writes:
This is all down to the sysadmins decision and I thought one of the
main ideas behind Devuan is that nothing is forced on the sysadmin.
Systemd isn't forced on you. LOTS of other things are, starting with the
choice of .deb as package format.
Arnt
Edward Bartolo writes:
With a compromised CPU that has questionable smaller cores running a
HIDDEN OS, I cannot see what advantages anyone gets by installing
grsecurity. This is worse than having a compromised machine that is
always connected to your computer.
Bah.
We already know that a CPU
Arnt Karlsen writes:
..which idea is worse then, keep having dbus interacting with
ssh-agent, or ripping out dbus of Devuan?
Ripping it out looks like a lot of work, based on just a quick look at
dpkg/status. A lot of nontrivial things to think about.
I noticed a printer library on the list
Alessandro Selli writes:
What makes you think IBM is more trustable than Intel? Who, other than
IBM, produces Power8 CPUs? Are the blueprints publicly available?
You're just raising the bar to the point where noone can possibly build an
acceptable product. (Not just you, Alessandro, most
taii...@gmx.com writes:
I take it you work for purismraptor has made a legitimately
owner controlled computer - whats stopping you?
Is that an actual owner-controlled computer, or is it controlled by whoever
is at the keyboard? Or is it controlled by all the people who have a
certain
Rick Moen writes:
Having the i.MX6 ori.MX8 CPU 'separate' from the baseband controller (a
term on which they have not yet elaborated), but the latter remains
deeply problematic, being a proprietary black box with proprietary,
opaque firmware.
Really?
I suppose you've dealt with as many ISPs
Simon Hobson writes:
[1] The drive "most likely" does not know about partitioning,
and even if it did, it would be very dangerous to assume that
any space not occupied by a partition was "fair game" to be
erased since there may be other ways the space might be used
(for example, the way Grub
If you want to do it it can be done, though. You can intercept the mount
system call using LD_PRELOAD and about 10 lines of C, or you can write an
/etc/fstab line for /mnt that specifies noatime and your usual USB device
(perhaps sdb1, YMMV). If you write the fstab line at least "sudo mount
Narcis Garcia writes:
USB drives use filesystem as were formatted.
When they are formatted in ext4, support atime.
Indeed. I assumed you meant USB drives generally, not ones restricted to
work only with linux. Sorry.
I was asking for a method to set noatime by default. Is udev/eudev
Narcis Garcia writes:
Does anybody know some way to configure an already installed system to
mount points with noatime by default?
Edit /etc/fstab.
I'm specially interested for USB pendrives, that are automatically
mounted in a desktop environment.
USB drives generally use some sort of
Android apps run in one process each, and anything in the background
may be killed at any moment. If you are in the background and the
foreground app needs memory, you just die. If the system invokes you,
you do not get another process, you get another thread in your existing
process.
Thus,
ael writes:
I am happy with that. Just as long as one can enable it when
*necessary*.
You have a compiler and building is easy.
What is unacceptable is for Devuan to take away the freedom to read
email or prevent communication with devices which cannot be updated.
Keep in mind that
My office desktop runs KDE on Devuan, without any problems.
Arnt
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
For what it's worth, SPF, DKIM and DMARC were developed by largely
different sets of people, who disagreed without each other about what
was acceptable tradeoffs, what was doable and more.
The "they" you
mention act senselessly because it is not one set of people. Patching
up email against
Hendrik Boom writes:
How much source code actually cares whether pointers are 32 or 64 bits?
How many packages are ctually affected?
Any guesses?
a+b.
a = the number of things whose maintainers all use 64-bit OSes, and chance
to have a relevant bug. Given the number of small teams, I'm not
Rick Moen writes:
Quoting KatolaZ (kato...@freaknet.org):
All those users are being left without any other choice than throwing
their hw away by many distributions, without a concrete motivation
(well, except the usual "it's old so it must be thrown away", which is
as popular as lame these
Juergen Moebius writes:
No, not only Devuan. You forgot the great "Slackware",
the mother of Linux distributions.
If we're going to go into ancient history — Slackware was (simplifying) a
fork of SLS, but SLS wasn't the first either. Either ABC or H. J. Lu's
nameless microdistribution might
Rick Moen writes:
I'm curious who implied this. I didn't, for one.
My impression is that you're talking about something nobody upthread has
been talking about, and asserting that they did.
You weren't around then — at least a year ago Edward made a bit of a
nuisance of himself on this
If the name server receives a question via UDP, that's how it will answer,
necessarily. The client could have asked via TCP, but it doesn't know how
large the response will be when it sends the question.
The general intention here is that the client will receive either an ICMP
message or a
Please pay attention to what Linus actually wrote.
Linus complained about the patches, not the grsecurity code. I know (from
other threads) that he's not in love with the code either, but what he
actually complained about is the patches. Linus wants patches with clean
version history, and he
Hendrik Boom writes:
Sounds like sonething that should go into Devuan jessie as a bug fix.
After someone tests it, of course.
"Of course"... Which would you rather have, an untested fix or a known bug?
IMNSHO that's an insidious question and neither a yes or a no is "of
course" correct.
It is nicely stable already. After all, it is mostly Debian. Just use
it.
Arnt
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
jaro...@dyne.org writes:
for now however I can anticipate that a "shared" server that is also
used for other things can host a mirror (if bandwidth is enough) - and
we will document also how to have a package mirror. However for other
uses we likely need to have a dedicated server.
I have two,
Better yet, don't change in a year.
Cross-distribution apt-get is
risky, in the sense that you may often be the first person to try your
combination. I would rather look at building from source or
contributing packages to devuan, so as to avoid that risk. Contributing
also takes time, but
IIRC this isn't at all simple with that software. For mostly poor reasons
that may have changed since last time I looked.
You could approximate it with a bit of hacking, though: Use exim to force a
bcc to something like policyviolation@asdf, and use a generated sieve file
for that address to
Hendrik Boom writes:
So... does sane need saned? Do the scanners have to initiate communication
with the computer for which there always has to be a daemon running?
That's not what sane does. Sane doesn't need saned to scan; I use devuan
and a scanner without even having saned installed.
kato...@freaknet.org writes:
Unfortunately we are already paying the consequences of badly-written
software implementing oddly-designed solutions to non-existing
problems...
Indeed. But what's your point?
Arnt
___
Dng mailing list
Dng@lists.dyne.org
kato...@freaknet.org writes:
I genuinely don't understand why the kernel should know about the
internals of running processes, or get notified if a process is
"ready" to do whatever it is supposed to do, or get queried by other
processes which would like to access this kind of information, or
Aldemir Akpinar writes:
It also has the grand finale:
poettering locked and limited conversation to collaborators 2 hours ago
Makes sense. Nothing new was being said, just old stuff repeated, and the
bug was fixed three weeks ago.
Arnt
___
Dng
I do the same and suffer the errors. A backup without an exception is a
backup without a buggy exception.
"Oh, the exclusion that was meant to
not back up coredumps also excluded the vital config file
foo/cf/core/vitalfile?" I am not making this up.
Arnt
That message means that the file changed during backup.
Arnt
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Klaus Ethgen writes:
I wonder if Devuan will stay with free software like debian was long
time ago and let the user choose what to use or if it follows debian in
only supporting one (non-working) sound system.
There are two questions here. Open source support is limited by a)
volunteer
Alessandro Selli writes:
This still doesn't explain why they decided to force-feed Google's DNS
server on the user without prompting the poor fellow any possible choice.
"Your network sucks. Do you want to [ ] use google or [ ] just give up?"
BTW, how many Debian installations are
Simon Hobson writes:
For the rest of us, if we have no DNS servers in resolv.conf
then we expect the system to respect that and not do DNS
resolution. That is the **ONLY** correct behaviour.
What is absolutely, 100%, not acceptable behaviour is what's
been done - to silently do something
Rick Moen writes:
You might not have noticed that you were strenuously agreeing with me.
I mixed up the participants in the thread while reading through the posts.
Sorry.
Arnt
___
Dng mailing list
Dng@lists.dyne.org
I wrote:
This year I've seen...
No I haven't ;) Happy new year, everyone!
Arnt
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Alessandro Selli writes:
Why are Debian
folks so eager at increasing Google's traffic and "free" "services"?
Just a guess: Because so many of the resolvers at random hotels suck, and
that suckage causes support load.
This year I've seen almost infinitely slow resolvers, resolvers that
Steve Litt writes:
What's wrong with 8.8.8.8? It's Google's public DNS, and for me, it
always works.
Didn't work for me at the captive portal in the hotel I was in two weeks
ago.
There are two kinds of hotel networks that block 8.8.8.8: Hotels in China,
and ones that block all DNS except
Rick Moen writes:
One recursive namserver per LAN is obviously better than several on
grounds of multiple considerations that I won't belabour here.
Is it, really? Significantly?
It eases the load on the root and big-zone TLDs. I've heard that most of
their load is caused by other factors,
Yes, it has to point to something the client knows. Android uses a
gstatic.com link.
The key is that the client knows to expect a
particular response, but the captive middlebox does not. Thereby the
client can find out whether there is a captive middlebox or not, by
seeing whether it gets
Hendrik Boom writes:
Worst is probably the connections that seem to be wide open, but
aren't. The ones where you have to open a browser and look for a page
and get an interception page instead asking for your credentials.
Those are detectable: Open http://wlanhelper.devuan.org/.html in
the
Hendrik Boom writes:
My laptop will connect to the coffee shop'w wifi modem, which has IP
number 172.16.0.1 and gives me IP number 182.16.0.194, but there seems
to be no route from it to anywhere, not even DNS lookup.
Can you tcpdump the DHCP sequence?
This sounds like a bug; 182.etc is not
Well, v6 has been stable for quite a number of years now, while v4 had
a security-relevant change in 2012, so you may consider the dust on v6
to have settled already.
(RFC 6598.)
Arnt
___
Dng mailing list
Dng@lists.dyne.org
The key here is that linux doesn't assume one user. You get to answer, from
first principles, whether a particular USB device belongs to user x or to
root, etc. The mac has a stronger assumption that your mac belongs to you
(which is why the default hostname is "Dave Turner's Mac", etc) and
Steve Litt writes:
I hadn't thought much about several people using the same computer for
different GUI tasks in the last 12 years.
It happens. There are some family-shared tablets with >1 account. Rumour
has it it's rare, although I've never spoken to anyone with numbers and
without an NDA.
So that when you arrive in the office, you get a view of the world that
includes the s3kr3t servers in the office (i.e. split horizon), and
when you later leave the office, those things disappear from your
view.
Arnt
___
Dng mailing list
Hendrik Boom writes:
Liinux has a decent file system. It has a decent set of tools for
manageing them. Its file systems even have mechanisms for storing many
small files. It even has symbolic links, that can be see-also's.
I really don't see that the problem of storing menus requires
Steve Litt writes:
So let me ask you: What standards of quoting are compatible with
Linux-Speakup, and could you please elaborate on concise and
meaningful quoting as it relates to people reading my replies with
Linux-Speakup?
Can't say about that specific reader, but in general, stick to RFC
Rainer Weikusat writes:
This can be avoided by ensuring that each thread which needs to hold A
and B acquired A first and B second.
Every time I've run into that in the past ten years, the reason for the
deadlock was that subsystem X locked B and subsystem Y Z, and then someone
made a
1 - 100 of 164 matches
Mail list logo
