Re: [Dng] Plan for Devuan to use Mozilla products as is
> the Grsecurity/Pax hardening of the kernel, will you think of it, > instead of SELinux, or as an option besides SELinux? It sure will be > attainable in the way I got it in Debian in that Tip, but official > support would be so great! https://git.devuan.org/groups/hardened we are a few guys planning to try and maintain a grsec kernel for devuan, for now we are waiting for a bevuan beta version before starting working on it. anyone interested, feel free to join ! ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Plan for Devuan to use Mozilla products as is
> If I understand what you are saying you mean that a link to site A which links > to copyrighted material on site B is itself a violation of copyright. no, what i mean is that he was the one who uploaded the clips to youtube, got banned from youtube and then posted the links on a forum to the clips as "proof" that google was evil. - Gravis On Fri, Mar 6, 2015 at 1:39 AM, Peter Olson wrote: >> On March 5, 2015 at 11:26 PM Gravis wrote: > >> the link you posted links to a clip from Al Jazeera that was taken >> down due to copyright infringement. you do realize that content from >> Al Jazeera is copyright and that posting it without permission is >> copyright infringement, right? if you do stuff like that repeatedly >> they ban you. are you claiming you didn't post the videos and that >> there is a conspiracy to oppress you? if so, you have a persecution >> complex. > > If I understand what you are saying you mean that a link to site A which links > to copyrighted material on site B is itself a violation of copyright. > > This is a truly hazardous notion (called "contributory copyright infringement" > by some). > > Link A -> link B -> link C -> link D -> link E -> link F (violating) cause all > downstream links to B, C, D, and E, as well as A, to be violations? > > It's involuntary, since A cannot be expected to traverse all paths to links > out > of B to check for this supposed violation, especially with transitive closure > over the entire Internet and the lack of a useful discriminant for violation. > > It's retroactive, because site D can change its outbound links at any time > after > the initial citation of A to B and A will be none the wiser. > > Doubtless there are other worms in this can, so I rest my case. > > Peter Olson ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Plan for Devuan to use Mozilla products as is
On 6 March 2015 09:06:45 CET, Neo Futur wrote: >> the Grsecurity/Pax hardening of the kernel, will you think of it, >> instead of SELinux, or as an option besides SELinux? It sure will be >> attainable in the way I got it in Debian in that Tip, but official >> support would be so great! > >https://git.devuan.org/groups/hardened > >we are a few guys planning to try and maintain a grsec kernel for >devuan, for now we are waiting for a bevuan beta version before >starting working on it. >anyone interested, feel free to join ! That's great. I think Katolaz has also expressed interest in this? If the group will produce a stable release, it will be for sure included in our package repository. Furthermore frel free to request a space on our gitlab ciao ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] apt repository?
Jaromil: > hi Karl, Gravis, Hi! > On Thu, 05 Mar 2015, k...@aspodata.se wrote: > > Gravis: > > > deb [arch=amd64,i386] http://packages.devuan.org/devuan/ unstable main ... > > W: Failed to fetch > > http://packages.devuan.org/devuan/dists/unstable/main/binary-amd64/Packages > > Hash Sum mismatch ... > > maybe one should wait a little till some daemon fixes that... > yes please wait and be patient, Nextime is still working to settle our > repository and the workflow to build packages, progress and builds are > documented on #devuan-dev (beware: high automated volume of messages > from jenkins) and things are not ready yet for alpha testing. > > meanwhile, using those repos may misconfigure your systems! so do at > your own risk, but really noone here is advised to use our repos yet Understood. Regards, /Karl Hammar --- Aspö Data Lilla Aspö 148 S-742 94 Östhammar Sweden +46 173 140 57 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] apt repository?
Is there anything you need help with on this? On 6 March 2015 at 11:04, wrote: > Jaromil: >> hi Karl, Gravis, > > Hi! > >> On Thu, 05 Mar 2015, k...@aspodata.se wrote: >> > Gravis: >> > > deb [arch=amd64,i386] http://packages.devuan.org/devuan/ unstable main > ... >> > W: Failed to fetch >> > http://packages.devuan.org/devuan/dists/unstable/main/binary-amd64/Packages >> > Hash Sum mismatch > ... >> > maybe one should wait a little till some daemon fixes that... >> yes please wait and be patient, Nextime is still working to settle our >> repository and the workflow to build packages, progress and builds are >> documented on #devuan-dev (beware: high automated volume of messages >> from jenkins) and things are not ready yet for alpha testing. >> >> meanwhile, using those repos may misconfigure your systems! so do at >> your own risk, but really noone here is advised to use our repos yet > > Understood. > > Regards, > /Karl Hammar > > --- > Aspö Data > Lilla Aspö 148 > S-742 94 Östhammar > Sweden > +46 173 140 57 > > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] apt repository?
On Fri, 06 Mar 2015, Luke Diamand wrote: > Is there anything you need help with on this? later on yes, mirroring and perhaps hosting Jenkins builder arms like Martijn is already doing I believe. However Nextime will have more informations and we will have instructions for various levels of participation rather soon. it is just that at the moment we are still settling the very way we coordinate the builds, using the git-builder and various branches to tag the different builds for stable, testing and unstable... at the moment even I don't even know how nextime intends to stabilize this scheme, from the gitlab activity for instance on the deboostrap package is evident he is testing various configurations for the branches and on irc are the results of the builds, looking good FWIW but we haven't yet set in build all the pkgs-base repositories of what we have modified to extirpate systemd and we are still struggling to find a pinning scheme that avoids conflicts with Debian's new versions of packages. soo, patience :^) today I'm spending some time to fix the SDK to bootstrap correctly and eventually trying to produce a vagrant box for it (I'm an hascicorp fan) ciao ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] release names
Le 05/03/2015 02:36, Ricardo Larrañaga a écrit : So, basically we will be using mithology for names. Ahead on the list it gets a little more variety, but initially is mostly gods and godess It could start with an offset, say Charon, the companion of Pluto. Not so fancy, but not a god at least. Or maybe someone can find a better offset with a nice list ahead. Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] release names
On 06/03/15 16:07, Didier Kryn wrote: Le 05/03/2015 02:36, Ricardo Larrañaga a écrit : So, basically we will be using mithology for names. Ahead on the list it gets a little more variety, but initially is mostly gods and godess It could start with an offset, say Charon, the companion of Pluto. Not so fancy, but not a god at least. Or maybe someone can find a better offset with a nice list ahead. Didier I am sorry if this would be a bit off, but how about the name of insects? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] release names
Unless we are really intent on aping Debian and xBuntu, how about not using a name at all, but only a number; maybe split in Major and Minor ? Cheers, Ron. -- The right to be heard does not include the right to be taken seriously. --Hubert Humphrey -- http://www.olgiati-in-paraguay.org -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] [bikeshedding] release names
This thread is not about changing the release names. Read the first message. Do you have time on you hands? Please help review this week's postings for the next weekly news. There's also a TODO list on the gitlab. Seriously... https://git.devuan.org/devuan/devuan-project/wikis/devuan-codenames == hk ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Plan for Devuan to use Mozilla products as is
On Fri, Mar 06, 2015 at 10:25:53AM +0100, Jaromil wrote: > > > On 6 March 2015 09:06:45 CET, Neo Futur wrote: > >> the Grsecurity/Pax hardening of the kernel, will you think of it, > >> instead of SELinux, or as an option besides SELinux? It sure will be > >> attainable in the way I got it in Debian in that Tip, but official > >> support would be so great! > > > >https://git.devuan.org/groups/hardened > > > >we are a few guys planning to try and maintain a grsec kernel for > >devuan, for now we are waiting for a bevuan beta version before > >starting working on it. > >anyone interested, feel free to join ! > > > > That's great. I think Katolaz has also expressed interest in this? > > If the group will produce a stable release, it will be for sure included in > our package repository. > > Furthermore frel free to request a space on our gitlab > > ciao > That look so great! I just browse and saw, you, Neo Futur, and other three members of the hardened group. If I manage to follow you, it's an if, but I hope I'll be able to, I would like to transfer in world-wide understandable English things that a newbie needs to know to deploy grsecurity-hardened kernel properly. My case is, almost as soon as I learned how to compile grsecurity into vanilla kernel, almost that soon I started the tip on Debian Forums, and apparently managed to explain what was necessary for newbies newbier than me. I have "attacked" the RBAC system and finally have it properly deployed on my Gentoo, and for newbies it is so much more work than the compile! I really wish to teach the new Devuaners the real security/privacy/freedom so that they can enjoy what I finally enjoy with RBAC deployed. Just as I posted today, in the leader of grsecurity-hardening distro, ;-), the Gentoo: Updating and keeping your Gentoo non-poeterized http://forums.gentoo.org/viewtopic-t-1012022.html#7713052 (Bear in mind that I wrote this before learning about the your hardening group waiting for beta, pls. And before Jaromil's reply.) -- And I really hope to influence the nascent Devuan the new sun (as a friend of mine from Debian Forums, edbarx, calls it), so they pick up some of the spite for freedom from our developers. Because for the masses not advanced enough, which Debian served well before committing suicide with systemd, Devuan the Debian non-systemd fork will be much less learning than Gentoo, and if they get from Gentoo this security/privacy/freedom, then the world, yes!, will be that much freeer, in this Big Brotherly age... -- And pls., pls., the opt-out from dbus as well (see the whole link I gave above). Jaromil, Neo Futur, notice that I'm only an advanced user, and am slow at work, not repeating here other issues I might have as hindrance... But I'm passionate just like you are about freedom in computing and the internet. I hope to be able to continue my Grsecurity/Pax Deployment in Devuan for the Newbies (or of a similar title), like I did in Debian Forums (see my first message in this thread). And about the rest of non-poeterware (and related like, for me, dbus). Maybe in the Wiki, sure Devuan Wiki. If that is the space that Jaromil is talking about? (I can log in, I also posted my ssh key, I hope I'll be able to contribute somewhere somehow). ...Aaah, the beta, we're all impatient for the beta release! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.h pgpf1lUN4CPDd.pgp Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[Dng] Hardened Devuan (was Re: Plan for Devuan to use Mozilla products as is)
On 03/06/15 05:06, Neo Futur wrote: >> the Grsecurity/Pax hardening of the kernel, will you think of it, >> instead of SELinux, or as an option besides SELinux? It sure will be >> attainable in the way I got it in Debian in that Tip, but official >> support would be so great! > > https://git.devuan.org/groups/hardened > > we are a few guys planning to try and maintain a grsec kernel for > devuan, for now we are waiting for a bevuan beta version before > starting working on it. > anyone interested, feel free to join ! > *** I'm so happy to see this group. I've been using this kernel lately, running on Parabola: 3.14.34-gnu-201502271838-1-lts-grsec-knock GRSecurity, and Knock support. Knock is a kernel patch that enables single packet port knocking [0], thwarting common scanning attacks. I would love to see this running on Devuan. Parabola GNU/Linux was the first distro to deploy it, and I've been using it happily with SSH. == hk [0]: https://gnunet.org/kirsch2014knock -- _ _ We are free to share code and we code to share freedom (_X_)yne Foundation, Free Culture Foundry * https://www.dyne.org/donate/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[Dng] Plan for Devuan to use Mozilla products as is
I'm somewhat confused here. I'm not arguing against anyone expressing opinions, but what does all this chatter about "big brother" and "I don't trust Google" accomplish? We were talking about Chromium, not Chrome. There is a HUGE difference. If someone has issue with the code, it's open. Go look for yourself. I beg everyone's kind indulgence and excuse me for saying this, but the conspiracy theories about Google and the Chromium source code come from people who have never actually looked at the code. Then again, I bet they haven't looked at the Firefox code either. This means that they have really no experience, and no grounds for their theories - at all. That said, the reason I suggested Chromium as an alternative to Firefox is that essentially a better piece of software. It has better features, better support for Web standards, and it is more actively maintained. It is no worse than Firefox, except in the respect that a few useful NPAPI plugins still exist, which Chromium will not support without a patch. The Linux Flash NPAPI plugin has been shelved and is practically nonfunctional for streaming video these days, which is really the only reason that some people cannot live without Flash. I'm not suggesting that anyone has to use Chromium, only that it makes a far more sensible choice for a default install. t.j. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Plan for Devuan to use Mozilla products as is
dear Miroslav, On Fri, 06 Mar 2015, miroslav.rov...@zg.ht.hr wrote: > I hope to be able to continue my Grsecurity/Pax Deployment in Devuan for > the Newbies (or of a similar title), like I did in Debian Forums (see my > first message in this thread). And about the rest of non-poeterware (and > related like, for me, dbus). Maybe in the Wiki, sure Devuan Wiki. yes, the gitlab on https://git.devuan.org good that you made a login. people can contact me, Nextime or Hellekin to have groups or projects created and its wiki can be used for documentation. I will be among the newbies following your guides: last time I've used grsecurity was long time ago, before I gave up the maintainance of dyne.org servers to more volunteers. Wondering how much has changed in 10 years or so. > If that is the space that Jaromil is talking about? (I can log in, I > also posted my ssh key, I hope I'll be able to contribute somewhere > somehow). > > ...Aaah, the beta, we're all impatient for the beta release! there is some more time to be waited, but I'm also impatient indeed. thanks for your enthusiasm :^) ciao signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Hardened Devuan (was Re: Plan for Devuan to use Mozilla products as is)
On Fri, 06 Mar 2015, hellekin wrote: > GRSecurity, and Knock support. Knock is a kernel patch that enables > single packet port knocking [0], thwarting common scanning attacks. I > would love to see this running on Devuan. Parabola GNU/Linux was the > first distro to deploy it, and I've been using it happily with SSH. me too I'd like to see the Knock patch available for Devuan. Since you told me about this in the past I've been looking at it and think is really great. And we can really use it well in Dowse... ciao ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Plan for Devuan to use Mozilla products as is
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/06/2015 08:06 PM, T.J. Duchene wrote: > > That said, the reason I suggested Chromium as an alternative to > Firefox is that essentially a better piece of software. It has > better features, better support for Web standards, and it is more > actively maintained. On the other hand, Firefox runs rather well on my machine whereas Chromium does not. Plus Firefox has the ability to synchronize bookmarks, settings etc. with your own server while Chromium requires you to use one of them clouds for that. And then there is the thing where Debian had to EOL chromium early because there is no security support and the latest version cannot be built on Debian stable anymore [1], recommending their users "to switch to the iceweasel web browser". Personally I think the last point alone makes Firefox the better choice for a default browser -- we wouldn't want our users to suddenly find themselves without security updates... [1] https://lists.debian.org/debian-security-announce/2015/msg00031.html cheers - -- Stefan Ott http://www.ott.net/ -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBAgAGBQJU+gOfAAoJENlTbTnJZqYoBjsP/3Ftes275O3npxvUqx7I2WBg 3S4CzBWO6/04/PJcZaSfGbNFZYzpIULomfUOqVIh+7dD9LHVZNu6Qrzk6vACnagG jvxMj0fhiOMtg2qw75EGpbO/bj+Go0EKQfJkJl+G2aKj0Wcrd7bKQnO3+XGglY6a qaCZpKFpx2rytHAiWz5utawnKfB1Bu19N2BP93GJGIUeTgnUlQP55T91d4B+0sG7 VY81Cn+NcgJvSJeoK976HmOy1SmDh1NP1FWcdHg5ld3KF9KIZKh5iGSs4gjpkmtm +Zq/QQSO87cIty/EMz9nzel6aDZLMb6Kf0/HmJYervlu4fmWzqlZ69j0E3NqKVfw KqL/AJWY0njcTzLzEHjLED5Egen1diOeFNBIretD/iwXRlzbp6LsRoewC/qT5lIG O6qYAdtSLNyP48TlACX0VF5YgcnOBHLTUdfCTWYe30UlqMkijdoQ/UBIh4s4XlGd +1N4yd95mDda8f1nfRKgWtXFDae9D1N4qfDKYOy1gpjWDhSg6LTrc4D9N2zo/luu D1tYs/8obiAC5JOAJvVyFQDgCyZMLRDFBnqGUiHmFFm3wKjIsbyCS8EmOY5IDfT9 y16TytS11YuwOXJYhWi1h7D8hRfwiZ0h7idPE0wNgHPXWmBhm9yeIOgVSLWALp7t aIGEqf0lfoVOk57MQ+Cb =XR00 -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Hardened Devuan (was Re: Plan for Devuan to use Mozilla products as is)
On Fri, Mar 06, 2015 at 03:19:29PM -0300, hellekin wrote: > *** I'm so happy to see this group. I've been using this kernel lately, > running on Parabola: > > 3.14.34-gnu-201502271838-1-lts-grsec-knock > > GRSecurity, and Knock support. Knock is a kernel patch that enables > single packet port knocking [0], thwarting common scanning attacks. I > would love to see this running on Devuan. Parabola GNU/Linux was the > first distro to deploy it, and I've been using it happily with SSH. It looks like Knock breaks everything TCP SQN is used for, including even such basics as packet retransmission/duplication detection. I've read the LKML discussion to see if I'm missing something, but apparently, I don't. As such, I'd say Knock has no place on a distribution kernel. -- // If you believe in so-called "intellectual property", please immediately // cease using counterfeit alphabets. Instead, contact the nearest temple // of Amon, whose priests will provide you with scribal services for all // your writing needs, for Reasonable and Non-Discriminatory prices. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Hardened Devuan (was Re: Plan for Devuan to use Mozilla products as is)
at the beginning we plan : * to use only the pax options of the grsec kernel, no rbac enabled * to work on vanilla sources or gentoo hardened sources * no debian patches, no exotic patches * shipping the kernel with warnings that, as a default, java wont work with a secure kernel, and possibly any other graphical applications doing dirty stuff with memory ( buffer overflow, relocations and much more ) as soon as we have a devuan beta version we feel confident enough to install on at least one dedicated server ( something like dell r210 ) and on a laptop ( something like a thinkpad ), we ll start packaging a grsec patched kernel. speaking of installing on a dedicated server, do we have plans to provide some kind of easy install system to install on a server from a rescue mode ? ( not everyone have full kvm access to install graphically, many datacenters provide only the rescue mode ) On Fri, Mar 6, 2015 at 6:27 PM, Adam Borowski wrote: > On Fri, Mar 06, 2015 at 03:19:29PM -0300, hellekin wrote: >> *** I'm so happy to see this group. I've been using this kernel lately, >> running on Parabola: >> >> 3.14.34-gnu-201502271838-1-lts-grsec-knock >> >> GRSecurity, and Knock support. Knock is a kernel patch that enables >> single packet port knocking [0], thwarting common scanning attacks. I >> would love to see this running on Devuan. Parabola GNU/Linux was the >> first distro to deploy it, and I've been using it happily with SSH. > > It looks like Knock breaks everything TCP SQN is used for, including even > such basics as packet retransmission/duplication detection. I've read the > LKML discussion to see if I'm missing something, but apparently, I don't. > > As such, I'd say Knock has no place on a distribution kernel. > > -- > // If you believe in so-called "intellectual property", please immediately > // cease using counterfeit alphabets. Instead, contact the nearest temple > // of Amon, whose priests will provide you with scribal services for all > // your writing needs, for Reasonable and Non-Discriminatory prices. > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[Dng] apt repository - mirrors
I just want to chime in and say that I live in Taiwan and have some connections with the local Debian/Ubuntu and other geek communities. When we've finally got a Devuan release version 1.0, I'm willing to push, prod and pull the Taiwanese techie universities to get at least one mirror going here. It's still a bit early for that, but anyway just want to make it known that when the time comes, I'll do what I can. cheers, Robert ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[Dng] Devuan Alpha i386 - developers release series on Vagrant
Hi all, This is the initial release of the Alpha series, base-system stripped at minimum and distributed in Vagrant format (virtualbox provider), to make the life of developers working on core components as vdev easier. Vagrant is a very cool tool, check it out http://vagrantup.com I'll distribute new releases of the Devuan Alpha cycle virtual machine via Vagrant and Atlas. This is version 0.1 and can be tested on any PC running any operating system. To have this image running, install the latest Vagrant - not the one from your package manager, but the updated version from the vagrant website download section - then type into a terminal: mkdir ~/vagrant && cd ~/vagrant vagrant init jaromil/devuan-alpha-i386 vagrant up This will download and start the image into an headless virtualbox instance. From this "box" downloaded is possible to duplicate - should we say fork :^) - more virtual machines. To login use ssh via port with user devuan pass devuan. Root password is also devuan. Sources are from git.devuan.org and from Debian Jessie. Devuan runs on sysvinit, systemd is not the init and none of its daemons are running, but its packages are still present because we are still using udev. This is the start of the Alpha release cycle, other developers may also issue interim releases and updates will follow from packages.devuan.org as well ftp.debian.org's jessie (pinned) and security.debian.org happy hacking! ciao -- Jaromil, Dyne.org Free Software Foundry (est. 2000) We are free to share code and we code to share freedom Web: https://j.dyne.org Contact: https://j.dyne.org/c.vcf GPG: 6113 D89C A825 C5CE DD02 C872 73B3 5DA5 4ACB 7D10 Confidential communications: https://keybase.io/jaromil signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Devuan Alpha i386 - developers release series on Vagrant
Woo! I can't wait to start testing with vdev :D Thank you to everyone involved! -Jude On Fri, Mar 6, 2015 at 8:11 PM, Jaromil wrote: > > Hi all, > > This is the initial release of the Alpha series, base-system stripped at > minimum and distributed in Vagrant format (virtualbox provider), to make > the life of developers working on core components as vdev easier. > > Vagrant is a very cool tool, check it out http://vagrantup.com > > I'll distribute new releases of the Devuan Alpha cycle virtual machine > via Vagrant and Atlas. This is version 0.1 and can be tested on any PC > running any operating system. > > To have this image running, install the latest Vagrant - not the one > from your package manager, but the updated version from the vagrant > website download section - then type into a terminal: > > mkdir ~/vagrant && cd ~/vagrant > > vagrant init jaromil/devuan-alpha-i386 > > vagrant up > > This will download and start the image into an headless virtualbox > instance. From this "box" downloaded is possible to duplicate - should > we say fork :^) - more virtual machines. > > To login use ssh via port with user devuan pass devuan. > Root password is also devuan. > > Sources are from git.devuan.org and from Debian Jessie. > > Devuan runs on sysvinit, systemd is not the init and none of its daemons > are running, but its packages are still present because we are still > using udev. > > This is the start of the Alpha release cycle, other developers may also > issue interim releases and updates will follow from packages.devuan.org > as well ftp.debian.org's jessie (pinned) and security.debian.org > > happy hacking! > > ciao > > > > -- > Jaromil, Dyne.org Free Software Foundry (est. 2000) > We are free to share code and we code to share freedom > Web: https://j.dyne.org Contact: https://j.dyne.org/c.vcf > GPG: 6113 D89C A825 C5CE DD02 C872 73B3 5DA5 4ACB 7D10 > Confidential communications: https://keybase.io/jaromil > > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Hardened Devuan (was Re: Plan for Devuan to use Mozilla products as is)
also answering here to jaromil about a grsec question on another thread : On Fri, Mar 6, 2015 at 2:33 PM, Jaromil wrote: >> I hope to be able to continue my Grsecurity/Pax Deployment in Devuan for >> the Newbies (or of a similar title), like I did in Debian Forums (see my >> first message in this thread). And about the rest of non-poeterware (and >> related like, for me, dbus). Maybe in the Wiki, sure Devuan Wiki. > I will be among the newbies following your guides: last time I've used > grsecurity was long time ago, before I gave up the maintainance of > dyne.org servers to more volunteers. Wondering how much has changed in > 10 years or so. quite a bit, new options and new features are regularly added : https://grsecurity.net/changelog-stable.txt https://grsecurity.net/features.php https://grsecurity.net/compare.php the patches are very actively maintained and working very well on gentoo hardened, but once again I use only the sanitizing features, not the RBAC system. as a sysadmin, grsec have helped me quite a bit those last ten years, most of the kernel security problems, 0 days, local roots . . . have been useless against my grsec kernels ;) usefull ehen you provide a shell to most of your customers/users ! On Fri, Mar 6, 2015 at 7:22 PM, Neo Futur wrote: > at the beginning we plan : > > * to use only the pax options of the grsec kernel, no rbac enabled > * to work on vanilla sources or gentoo hardened sources > * no debian patches, no exotic patches > * shipping the kernel with warnings that, as a default, java wont work > with a secure kernel, and possibly any other graphical applications > doing dirty stuff with memory ( buffer overflow, relocations and much > more ) > > as soon as we have a devuan beta version we feel confident enough to > install on at least one dedicated server ( something like dell r210 ) > and on a laptop ( something like a thinkpad ), we ll start packaging a > grsec patched kernel. > > > speaking of installing on a dedicated server, do we have plans to > provide some kind of easy install system to install on a server from a > rescue mode ? ( not everyone have full kvm access to install > graphically, many datacenters provide only the rescue mode ) > > > > On Fri, Mar 6, 2015 at 6:27 PM, Adam Borowski wrote: >> On Fri, Mar 06, 2015 at 03:19:29PM -0300, hellekin wrote: >>> *** I'm so happy to see this group. I've been using this kernel lately, >>> running on Parabola: >>> >>> 3.14.34-gnu-201502271838-1-lts-grsec-knock >>> >>> GRSecurity, and Knock support. Knock is a kernel patch that enables >>> single packet port knocking [0], thwarting common scanning attacks. I >>> would love to see this running on Devuan. Parabola GNU/Linux was the >>> first distro to deploy it, and I've been using it happily with SSH. >> >> It looks like Knock breaks everything TCP SQN is used for, including even >> such basics as packet retransmission/duplication detection. I've read the >> LKML discussion to see if I'm missing something, but apparently, I don't. >> >> As such, I'd say Knock has no place on a distribution kernel. >> >> -- >> // If you believe in so-called "intellectual property", please immediately >> // cease using counterfeit alphabets. Instead, contact the nearest temple >> // of Amon, whose priests will provide you with scribal services for all >> // your writing needs, for Reasonable and Non-Discriminatory prices. >> ___ >> Dng mailing list >> Dng@lists.dyne.org >> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[Dng] Ubuntu To Officially Switch To systemd Next Monday
http://linux.slashdot.org/story/15/03/06/1448247/ubuntu-to-officially-switch-to-systemd-next-monday Interesting discussion on slashdot, especially about the Ubuntu Release Schedule ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Devuan Alpha i386 - developers release series on Vagrant
FYI vagrant cant be used on a grsec host, builing it need java ( meaning stack exec and more ) ==> grsec.log <== Mar 7 04:05:17 xena kernel: grsec: From x.x.x.x : denied RWX mmap of by /var/tmp/portage/app-emulation/virtualbox-4.3.18/work/VirtualBox-4.3.18/out/linux.x86/release/obj/VBoxTpG/VBoxTpG[VBoxTpG:21224] uid/euid:250/250 gid/egid:250/250, parent /usr/bin/kmk[kmk:7140] uid/euid:250/250 gid/egid:250/250 virtualbox-4.3.18/work/VirtualBox-4.3.18/out/linux.x86/release/obj/VBoxAPIWrap/apiwrappers /var/tmp/portage/app-emulation/virtualbox-4.3.18/work/VirtualBox-4.3.18/out/linux.x86/release/obj/VBoxAPIWrap filesplitter: Out of 286 files: 286 rewritten, 0 unchanged. (/var/tmp/portage/app-emulation/virtualbox-4.3.18/work/VirtualBox-4.3.18/out/linux.x86/release/obj/VBoxAPIWrap) kmk: *** Exiting with status 2 On Fri, Mar 6, 2015 at 8:17 PM, Jude Nelson wrote: > Woo! I can't wait to start testing with vdev :D > > Thank you to everyone involved! > > -Jude > > On Fri, Mar 6, 2015 at 8:11 PM, Jaromil wrote: >> >> >> Hi all, >> >> This is the initial release of the Alpha series, base-system stripped at >> minimum and distributed in Vagrant format (virtualbox provider), to make >> the life of developers working on core components as vdev easier. >> >> Vagrant is a very cool tool, check it out http://vagrantup.com >> >> I'll distribute new releases of the Devuan Alpha cycle virtual machine >> via Vagrant and Atlas. This is version 0.1 and can be tested on any PC >> running any operating system. >> >> To have this image running, install the latest Vagrant - not the one >> from your package manager, but the updated version from the vagrant >> website download section - then type into a terminal: >> >> mkdir ~/vagrant && cd ~/vagrant >> >> vagrant init jaromil/devuan-alpha-i386 >> >> vagrant up >> >> This will download and start the image into an headless virtualbox >> instance. From this "box" downloaded is possible to duplicate - should >> we say fork :^) - more virtual machines. >> >> To login use ssh via port with user devuan pass devuan. >> Root password is also devuan. >> >> Sources are from git.devuan.org and from Debian Jessie. >> >> Devuan runs on sysvinit, systemd is not the init and none of its daemons >> are running, but its packages are still present because we are still >> using udev. >> >> This is the start of the Alpha release cycle, other developers may also >> issue interim releases and updates will follow from packages.devuan.org >> as well ftp.debian.org's jessie (pinned) and security.debian.org >> >> happy hacking! >> >> ciao >> >> >> >> -- >> Jaromil, Dyne.org Free Software Foundry (est. 2000) >> We are free to share code and we code to share freedom >> Web: https://j.dyne.org Contact: https://j.dyne.org/c.vcf >> GPG: 6113 D89C A825 C5CE DD02 C872 73B3 5DA5 4ACB 7D10 >> Confidential communications: https://keybase.io/jaromil >> >> >> ___ >> Dng mailing list >> Dng@lists.dyne.org >> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng >> > > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Devuan Alpha i386 - developers release series on Vagrant
On 03/06/15 22:11, Jaromil wrote: > > vagrant init jaromil/devuan-alpha-i386 > *** Nice. Can you add libvirt and/or lxc providers? https://git.devuan.org/devuan/devuan-project/wikis/try-devuan-on-vagrant == hk -- _ _ We are free to share code and we code to share freedom (_X_)yne Foundation, Free Culture Foundry * https://www.dyne.org/donate/ signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] [bikeshedding] release names
Sorry, it's probably my fault, and I should start a new thread for it. Just let me explain what I really meant, it wasn't actually about release names, but for some ideas for Devuan, it happens that they influence these names also, so I put it here. I thought one of possibilities could be the split of testing repo in two. One (that could be permanently called Ceres) will be a proper testing, working as a bleeding edge rolling release. The other (that would be called as the next release, working as a tested rolling release) would contain the last good working snapshot of Ceres. And testing would point to Ceres repo, and with the last snapshot before the release it could "switch" to the next release repo to keep the compability with the "debian way" of doing things. Why? I think just copying debian structure won't work as expected, because Devuan will add some additional layer of complexity and possibility of breaking things, and devuan's unstable won't work exactly like debian's, because some components from there will be missing. This will result in devuan's testing working more like debian's unstable, and that's why I think Devuan will need an additional layer of testing to match the expected quality of Debian. As for double release names, if there's an upgrade path for Jessie users, I think there should be also a path for the next debian releases, as long as it will be possible. It would mean resigning from minor planet release names, or introducing an "unofficial" release names, just to make an easy upgrade possible. I think that permanently messing great naming scheme just for those who want to upgrade is not worth it, and the better solution is to introduce an alternative release names just for them. 2015-03-06 17:05 GMT+01:00, hellekin : > This thread is not about changing the release names. Read the first > message. Do you have time on you hands? Please help review this week's > postings for the next weekly news. There's also a TODO list on the > gitlab. Seriously... > > https://git.devuan.org/devuan/devuan-project/wikis/devuan-codenames > > == > hk > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
