Re: [DNG] Amprolla3 is out for testing
On 10/21/2017 12:47 AM, goli...@dyne.org wrote: > Dear dev1rs, > > We are happy to announce that 'amprolla3', the rewrite of nextime's > amprolla by parazyd and Wizzup, is finally up and running and ready > to be tested. > > The code can be found at: > > https://git.devuan.org/devuan-infrastructure/amprolla3 [snip] Thanks! Is there a short (or long) blog entry about amprolla3 anywhere? I'd like to be able to link to the announcement but the list archives are not available to people that aren't subscribed. That means that those that can view the archive probably already read your message. /Lars ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] systemd-udevd: renamed network interface eth0 to eth1
John Franklin writes: That’s not an apology. Would you like to try again? I'm not Steve, but the occasion fits: Tobias, until I read your posting a couple of days ago I did not realise that UEFI/Secure Boot can be configured such that ONLY my kernels can be booted, not even fresh install media from the vendor. Thank you very much. Arnt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] systemd-udevd: renamed network interface eth0 to eth1
Am Samstag, 21. Oktober 2017 schrieb Arnt Gulbrandsen: > John Franklin writes: > > That’s not an apology. Would you like to try again? > > I'm not Steve, but the occasion fits: > > Tobias, until I read your posting a couple of days ago I did not realise > that UEFI/Secure Boot can be configured such that ONLY my kernels can be > booted, not even fresh install media from the vendor. Thank you very much. > > Arnt Well, that's not true: If you are lucky, your vendor installed a bios that allows you seamingly do so. But most likely he didn't. Most likely his implementation has a backdoor for windows. You'll need to see his contracts with M$ to verify this. Sometimes somebody down the sales lane will give you some hints, but don't count on it. Nik -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On Sat, Oct 21, 2017 at 10:27:30AM +0300, Lars Noodén wrote: > On 10/21/2017 12:47 AM, goli...@dyne.org wrote: > > Dear dev1rs, > > > > We are happy to announce that 'amprolla3', the rewrite of nextime's > > amprolla by parazyd and Wizzup, is finally up and running and ready > > to be tested. > > > > The code can be found at: > > > > https://git.devuan.org/devuan-infrastructure/amprolla3 > [snip] > > Thanks! > > Is there a short (or long) blog entry about amprolla3 anywhere? > > I'd like to be able to link to the announcement but the list archives > are not available to people that aren't subscribed. That means that > those that can view the archive probably already read your message. > The archives of this ML have always been OPEN. google: dng lurker 1st result: https://lists.dyne.org/lurker/list/dng.en.html HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ID Quantique "Quantum" PCI-e RNG's - does anyone have more info?
taii...@gmx.com writes: I found this seemingly cool product, a pci-e hardware RNG that produces a large stream of "truly random" "quantum" random numbers. ... I am curious what the deal with this is, does it really work? what is the use case for this? does anyone here have one? I have a competitor, http://www.entropykey.co.uk / apt-get install ekeyd, which I fear isn't being made any more. It's useful sometimes. "Arnt, marketing just signed a deal fory x with y, and we need 5000 coupon codes, they really should be impossible to guess". What these devices does is basically keep /dev/random topped up, even if the host is a rackmounted server and you need a half-megabyte of random bits in short order. I bought them when some software insisted on using /dev/random (because security), emptied the pool and an important service grew unresponsive. Arnt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On 10/21/2017 11:07 AM, KatolaZ wrote: [snip] > google: dng lurker I look at the link added by the list software to the tail end of the message ... [snip] > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ... and see that it says: "To see the collection of prior postings to the list, visit the Dng Archives. (The current archive is only available to the list members.) " And the link in that sentence is different: https://mailinglists.dyne.org/cgi-bin/mailman/private/dng/ Who can update it fix the wording and the link and how did it get closed off? /Lars ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On Sat, Oct 21, 2017 at 11:39:13AM +0300, Lars Noodén wrote: > On 10/21/2017 11:07 AM, KatolaZ wrote: > [snip] > > google: dng lurker > > I look at the link added by the list software to the tail end of the > message ... > > [snip] > > ___ > > Dng mailing list > > Dng@lists.dyne.org > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > > ... and see that it says: > > "To see the collection of prior postings to the list, > visit the Dng Archives. (The current archive is only > available to the list members.) " > > And the link in that sentence is different: > > https://mailinglists.dyne.org/cgi-bin/mailman/private/dng/ > > Who can update it fix the wording and the link and how did it get closed > off? > Lars, the archives of this ML have always been publicly available through lurker, who takes care of removing email addresses and other clutter (such as signatures) from the emails. The lurker archive is available at: https://lists.dyne.org/lurker/list/dng.en.html and is public. The original mailman archive is visible only to subscribed members, and rightly so. There is nothing to fix there. My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On 10/21/2017 11:56 AM, KatolaZ wrote: [snip]> and is public. The original mailman archive is visible only to > subscribed members, and rightly so. There is nothing to fix there. [snip] The list software seems to point to the wrong page then: > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng The link appended by the list software should be this one instead: https://lists.dyne.org/lurker/list/dng.en.html /Lars ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] systemd-udevd: renamed network interface eth0 to eth1
Le 21/10/2017 à 09:58, Arnt Gulbrandsen a écrit : John Franklin writes: That’s not an apology. Would you like to try again? I'm not Steve, but the occasion fits: Tobias, until I read your posting a couple of days ago I did not realise that UEFI/Secure Boot can be configured such that ONLY my kernels can be booted, not even fresh install media from the vendor. Thank you very much. Me neither. Who, in fact? There seems to be a lack of information on that matter. Does anybody have some link to point us? Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] systemd-udevd: renamed network interface eth0 to eth1
Dr. Nikolaus Klepp writes: Well, that's not true: If you are lucky, your vendor installed a bios that allows you seamingly do so. But most likely he didn't. Most likely his implementation has a backdoor for windows. You're saying most vendors do this? Not just some but MOST? Name one or two vendors who do it, please. You'll need to see his contracts with M$ to verify this. Sometimes somebody down the sales lane will give you some hints, but don't count on it. Booting Windows from a USB stick is an easy way to test it, right? Arnt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] systemd-udevd: renamed network interface eth0 to eth1
Am Samstag, 21. Oktober 2017 schrieb Arnt Gulbrandsen: > Dr. Nikolaus Klepp writes: > > Well, that's not true: If you are lucky, your vendor installed > > a bios that allows you seamingly do so. But most likely he > > didn't. Most likely his implementation has a backdoor for > > windows. > > You're saying most vendors do this? Not just some but MOST? Name one or two > vendors who do it, please. > > > You'll need to see his contracts with M$ to verify > > this. Sometimes somebody down the sales lane will give you some > > hints, but don't count on it. > > Booting Windows from a USB stick is an easy way to test it, right? > > Arnt Sorry to say, it's not. These keys don't allow booting your retail windows. Nik -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] systemd-udevd: renamed network interface eth0 to eth1
Dr. Nikolaus Klepp writes: Sorry to say, it's not. These keys don't allow booting your retail windows. Uh-huh. Are we talking about black helicopter keys? Arnt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] systemd-udevd: renamed network interface eth0 to eth1
On Sat, 21 Oct 2017 at 11:51:42 +0200 Didier Kryn wrote: > Le 21/10/2017 à 09:58, Arnt Gulbrandsen a écrit : >> John Franklin writes: >>> That’s not an apology. Would you like to try again? >> >> I'm not Steve, but the occasion fits: >> >> Tobias, until I read your posting a couple of days ago I did not >> realise that UEFI/Secure Boot can be configured such that ONLY my >> kernels can be booted, not even fresh install media from the vendor. >> Thank you very much. > > Me neither. Who, in fact? There seems to be a lack of information > on that matter. Does anybody have some link to point us? In fact that's impossible to UEFI, as it's designed to check only on the bootloader's first stage, which is the only binary it knows about, nothing that is loaded after it (bootloader second stage, kernel, init and so forth). Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ID Quantique "Quantum" PCI-e RNG's - does anyone have more info?
Il giorno Fri, 20 Oct 2017 22:43:57 -0400 "taii...@gmx.com" ha scritto: > I found this seemingly cool product, a pci-e hardware RNG that produces > a large stream of "truly random" "quantum" random numbers. > > https://www.idquantique.com/ > > It is made in Switzerland, which is cool as it isn't outsourced and it > endeavors way more trust than chinese hardware. > > > I am curious what the deal with this is, does it really work? what is > the use case for this? does anyone here have one? https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators says of all ID Quantique SA products: Open Hardware? Software License Closed Proprietary ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On 2017-10-21 02:27, Lars Noodén wrote: On 10/21/2017 12:47 AM, goli...@dyne.org wrote: Dear dev1rs, We are happy to announce that 'amprolla3', the rewrite of nextime's amprolla by parazyd and Wizzup, is finally up and running and ready to be tested. The code can be found at: https://git.devuan.org/devuan-infrastructure/amprolla3 [snip] Thanks! Is there a short (or long) blog entry about amprolla3 anywhere? I'd like to be able to link to the announcement but the list archives are not available to people that aren't subscribed. That means that those that can view the archive probably already read your message. /Lars ___ Of course the dng archives are available to everyone. It's just that the link on the mailman subscription page is broken and no one who can fix it has done so yet. This is the view that I prefer: https://lists.dyne.org/lurker/mindex/d...@20380101.00..en.html The announcement is also available here: https://dev1galaxy.org/viewtopic.php?id=1671 golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On 2017-10-21 03:56, KatolaZ wrote: On Sat, Oct 21, 2017 at 11:39:13AM +0300, Lars Noodén wrote: On 10/21/2017 11:07 AM, KatolaZ wrote: [snip] > google: dng lurker I look at the link added by the list software to the tail end of the message ... [snip] > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ... and see that it says: "To see the collection of prior postings to the list, visit the Dng Archives. (The current archive is only available to the list members.) " And the link in that sentence is different: https://mailinglists.dyne.org/cgi-bin/mailman/private/dng/ Who can update it fix the wording and the link and how did it get closed off? Lars, the archives of this ML have always been publicly available through lurker, who takes care of removing email addresses and other clutter (such as signatures) from the emails. The lurker archive is available at: https://lists.dyne.org/lurker/list/dng.en.html and is public. The original mailman archive is visible only to subscribed members, and rightly so. There is nothing to fix there. My2Cents KatolaZ ___ KatolaZ . . . I tried to explain yesterday that the link to the archives on that page is non-functional - I get a 404 (it used to work). It was discussed at the last meet and it's on jaromil's todo list. I have been addressing this issue for weeks via pm, on various lists etc. and at the meet but no action. I am getting tired of repeating myself. If you have access to mailman can you please fix it. golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On Sat, Oct 21, 2017 at 12:04:21PM +0300, Lars Noodén wrote: > On 10/21/2017 11:56 AM, KatolaZ wrote: > [snip]> and is public. The original mailman archive is visible only to > > subscribed members, and rightly so. There is nothing to fix there. > [snip] > > The list software seems to point to the wrong page then: > > > Dng mailing list > > Dng@lists.dyne.org > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > > The link appended by the list software should be this one instead: > > https://lists.dyne.org/lurker/list/dng.en.html No, it shouldn't, since the link shown is the correct link for the list subscribers. We could probably include an explicit pointer to the public lurker archives in the devuan.org homepage. @golinux might want to have a look at that, perhaps. HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On Sat, Oct 21, 2017 at 09:06:49AM -0500, goli...@dyne.org wrote: [cut] > > > KatolaZ . . . I tried to explain yesterday that the link to the archives on > that page is non-functional - I get a 404 (it used to work). It was > discussed at the last meet and it's on jaromil's todo list. I have been > addressing this issue for weeks via pm, on various lists etc. and at the > meet but no action. I am getting tired of repeating myself. If you have > access to mailman can you please fix it. > That must be fixed, but not removed from the footers. Will try to push on that direction :) HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On 10/21/2017 06:27 PM, KatolaZ wrote: [snip] > We could probably include an explicit pointer to the public lurker > archives in the devuan.org homepage. @golinux might want to have a > look at that, perhaps. Yes, that would be good, too. But there should be a way to get there from "here". Maybe the private link can have the public link below it in the message footer and it can be mentioned on the mailing list info page. As it currently stands, you can't get there from here. /Lars ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On Sat, Oct 21, 2017 at 06:31:26PM +0300, Lars Noodén wrote: > On 10/21/2017 06:27 PM, KatolaZ wrote: > [snip] > > > We could probably include an explicit pointer to the public lurker > > archives in the devuan.org homepage. @golinux might want to have a > > look at that, perhaps. > > Yes, that would be good, too. But there should be a way to get there > from "here". Maybe the private link can have the public link below it > in the message footer and it can be mentioned on the mailing list info > page. As it currently stands, you can't get there from here. > Yes, we could *add* the public lurker link in the ML signatire as well, without removing the private one. That's a good suggestion :) Thanks KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On Fri, 20 Oct 2017 16:47:57 -0500, goli...@dyne.org wrote in message : > If you want to help testing the new amprolla3, you just need to: > > - replace "auto.mirror.devuan.org" with "pkgmaster.devuan.org" in >your /etc/apt/sources.list > - # apt-get update > - # apt-get install devuan-keyring ..did all this (except with aptitude), should I then go from 4 to 615 upgradeable packages??? ..I did the git clone dance first. Does amprolla3 know that "Debian Jessie == Debian old-stable", and that "Debian stable == Debian Stretch", and that "Devuan Jessie != Debian Jessie", so we pick the right "Debian Jessie == Debian old-stable" packages into our /Merged/ tree and not the "Debian stable == Debian Stretch"??? ..bottom line: Did I pick up Debian Stretch packages from amprolla3? No worries, I'll do the aptitude upgrade dance only after we know what's going on here. ;o) -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On Sat, Oct 21, 2017 at 06:31:50PM +0200, Arnt Karlsen wrote: [cut] > > ..did all this (except with aptitude), should I then go from 4 to > 615 upgradeable packages??? > > ..I did the git clone dance first. > Does amprolla3 know that "Debian Jessie == Debian old-stable", > and that "Debian stable == Debian Stretch", and that > "Devuan Jessie != Debian Jessie", so we pick the right > "Debian Jessie == Debian old-stable" packages into our > /Merged/ tree and not the "Debian stable == Debian Stretch"??? > > ..bottom line: Did I pick up Debian Stretch packages from amprolla3? > No worries, I'll do the aptitude upgrade dance only after we know > what's going on here. ;o) > I am not sure I understand what you mean, but you must use "jessie", "ascii", or "ceres" in your sources.list, and not "stable", "testing", "unstable", if that is your question. You probably get 615 packages to upgrade since ascii-upgrades was finally merged by amprolla3. amprolla3 is functionally equivalent to the traditional amprolla. So if you specify "jessie", you will get Jessie packages, not Stretch ones. If you are on Devuan "ascii", you will get Ascii packages. Those packages that have been forked by Devuan will come from Devuan, and those that have not been touched will come from Debian. As in the original amprolla. As usual, you should never mix debian and devuan repos. If you do mix them, you are on your own, and must not blame amprolla or devuan :) We have been testing amprolla3 for more than two months now, on dozens machines, and it has been working like a charm. HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ID Quantique "Quantum" PCI-e RNG's - does anyone have more info?
On 10/21/2017 09:14 AM, Alessandro Selli wrote: https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators says of all ID Quantique SA products: Open Hardware? Software License Closed Proprietary Ah thank you. What a shame. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On Sat, 21 Oct 2017 17:47:50 +0100, KatolaZ wrote in message <20171021164750.gf4...@katolaz.homeunix.net>: > On Sat, Oct 21, 2017 at 06:31:50PM +0200, Arnt Karlsen wrote: > > [cut] > > > > > ..did all this (except with aptitude), should I then go from 4 to > > 615 upgradeable packages??? > > > > ..I did the git clone dance first. > > Does amprolla3 know that "Debian Jessie == Debian old-stable", > > and that "Debian stable == Debian Stretch", and that > > "Devuan Jessie != Debian Jessie", so we pick the right > > "Debian Jessie == Debian old-stable" packages into our > > /Merged/ tree and not the "Debian stable == Debian Stretch"??? > > > > ..bottom line: Did I pick up Debian Stretch packages from amprolla3? > > No worries, I'll do the aptitude upgrade dance only after we know > > what's going on here. ;o) > > > > I am not sure I understand what you mean, but you must use "jessie", > "ascii", or "ceres" in your sources.list, and not "stable", "testing", > "unstable", if that is your question. ..nope, I asked about amprolla3's understanding of these names. Do we (Devuan) abandon the "stable", "testing" and "unstable" names? ..but I agree with your answer, did I miss anything here?: root@d44:~# cat /etc/apt/sources.list # Devuan repositories deb http://packages.devuan.org/merged jessie main contrib non-free deb-src http://packages.devuan.org/merged jessie main contrib non-free # /etc/apt/sources.list.d/devuan-stable-security.list deb http://packages.devuan.org/merged jessie-security main contrib non-free deb-src http://packages.devuan.org/merged jessie-security main contrib non-free # /etc/apt/sources.list.d/devuan-stable-updates.list deb http://pkgmaster.devuan.org/merged jessie-updates main contrib non-free deb-src http://pkgmaster.devuan.org/merged jessie-updates main contrib non-free # /etc/apt/sources.list.d/devuan-stable-proposed-updates.list deb http://pkgmaster.devuan.org/merged jessie-proposed-updates main contrib non-free deb-src http://pkgmaster.devuan.org/merged jessie-proposed-updates main contrib non-free # /etc/apt/sources.list.d/devuan-stable-backports.list deb http://pkgmaster.devuan.org/merged jessie-backports main contrib non-free deb-src http://pkgmaster.devuan.org/merged jessie-backports main contrib non-free # /etc/apt/sources.list.d/devuan-experimental.list # deb http://pkgmaster.devuan.org/devuan experimental main contrib non-free # deb-src http://pkgmaster.devuan.org/devuan experimental main contrib non-free # https://wiki.trinitydesktop.org/DevuanInstall deb http://mirror.ppa.trinitydesktop.org/trinity/trinity-r14.0.0/debian jessie main deb-src http://mirror.ppa.trinitydesktop.org/trinity/trinity-r14.0.0/debian jessie main deb http://mirror.ppa.trinitydesktop.org/trinity/trinity-builddeps-r14.0.0/debian jessie main deb-src http://mirror.ppa.trinitydesktop.org/trinity/trinity-builddeps-r14.0.0/debian jessie main > You probably get 615 packages to upgrade since ascii-upgrades was > finally merged by amprolla3. ..ok, did something similar happen with the jessie-* ? (jessie-security, jessie-updates, jessie-proposed-updates, jessie-backports) ..or could it be my experimental lines? > amprolla3 is functionally equivalent to the traditional amprolla. So > if you specify "jessie", you will get Jessie packages, not Stretch > ones. ..ok, so you must have adressed my 2nd question on amprolla3's understanding of facts like "Debian Jessie == Debian old-stable" and "Debian stable == Debian Stretch", and "Devuan Jessie != Debian Jessie" then. :o) > If you are on Devuan "ascii", you will get Ascii packages. Those > packages that have been forked by Devuan will come from Devuan, and > those that have not been touched will come from Debian. As in the > original amprolla. > > As usual, you should never mix debian and devuan repos. If you do mix > them, you are on your own, and must not blame amprolla or devuan :) > > We have been testing amprolla3 for more than two months now, on dozens > machines, and it has been working like a charm. ..ok, with jessie + jessie-* + experimental too? -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On Sat, Oct 21, 2017 at 08:48:57PM +0200, Arnt Karlsen wrote: [cut] > > > > We have been testing amprolla3 for more than two months now, on dozens > > machines, and it has been working like a charm. > > ..ok, with jessie + jessie-* + experimental too? > Yes. You don't need to use both packages.devuan.org and pkgmaster.devuan.org. The former serves the packages merged by the original amprolla. The latter served the repos merged by amprolla3. So choose one of the two. HTH KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ID Quantique "Quantum" PCI-e RNG's - does anyone have more info?
On Sat, 21 Oct 2017 at 14:23:00 -0400 "taii...@gmx.com" wrote: > On 10/21/2017 09:14 AM, Alessandro Selli wrote: > >> https://en.wikipedia.org/wiki/Comparison_of_hardware_random_number_generators >> >> says of all ID Quantique SA products: >> >> Open Hardware? Software License >> Closed Proprietary > Ah thank you. > > What a shame. Their products are even amazingly costly: the Quantis-PCIe-16M sells for €2990, Quantis-PCIe-4M for €1299 and Quantis-USB for €990. I understand that a true RNG might be an important piece of hardware for your organisation and business and that Swiss people are on the average well-to-do (at least so they say), still I cannot believe these prices. I use a 602 kbit/s Japanese FST-01-NeuG 1.0 which I got for 50$: it works well and is fully supported by Linux. It is however slow when you want to initialise a large dm-crypt partition with random data to hide the true filesystem's encrypted data. It's best used to produce strong cryptography keys. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] systemd-udevd: renamed network interface eth0 to eth1
> On Oct 21, 2017, at 5:51 AM, Didier Kryn wrote: > > Le 21/10/2017 à 09:58, Arnt Gulbrandsen a écrit : >> John Franklin writes: >>> That’s not an apology. Would you like to try again? >> >> I'm not Steve, but the occasion fits: >> >> Tobias, until I read your posting a couple of days ago I did not realise >> that UEFI/Secure Boot can be configured such that ONLY my kernels can be >> booted, not even fresh install media from the vendor. Thank you very much. > >Me neither. Who, in fact? There seems to be a lack of information on that > matter. Does anybody have some link to point us? A generic guide to Secureboot and updating Secureboot keys in your uEFI firmware: https://www.rodsbooks.com/efi-bootloaders/secureboot.html https://www.rodsbooks.com/efi-bootloaders/controlling-sb.html Ubuntu’s guide to signing things for Secureboot: https://insights.ubuntu.com/2017/08/11/how-to-sign-things-for-secure-boot/ Red Hat’s guide to signing kernels, kernel modules and installing MOKs in your uEFI firmware: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-signing-kernel-modules-for-secure-boot OpenSUSE’s version: https://doc.opensuse.org/documentation/leap/reference/html/book.opensuse.reference/cha.uefi.html Between those four, you should be able to get a pretty good idea of how Secureboot works and how to get shim to boot your own signed kernels, even your own Devuan kernels. And finally, writing your own .efi binary, which requires linking a C program against a vast tree of dependencies a specific crt0 and static library: https://www.rodsbooks.com/efi-programming/hello.html jf -- John Franklin frank...@tux.org smime.p7s Description: S/MIME cryptographic signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] systemd-udevd: renamed network interface eth0 to eth1
Le 21/10/2017 à 22:54, John Franklin a écrit : A generic guide to Secureboot and updating Secureboot keys in your uEFI firmware: https://www.rodsbooks.com/efi-bootloaders/secureboot.html https://www.rodsbooks.com/efi-bootloaders/controlling-sb.html Ubuntu’s guide to signing things for Secureboot: https://insights.ubuntu.com/2017/08/11/how-to-sign-things-for-secure-boot/ Red Hat’s guide to signing kernels, kernel modules and installing MOKs in your uEFI firmware: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/sect-signing-kernel-modules-for-secure-boot OpenSUSE’s version: https://doc.opensuse.org/documentation/leap/reference/html/book.opensuse.reference/cha.uefi.html Between those four, you should be able to get a pretty good idea of how Secureboot works and how to get shim to boot your own signed kernels, even your own Devuan kernels. And finally, writing your own .efi binary, which requires linking a C program against a vast tree of dependencies a specific crt0 and static library: https://www.rodsbooks.com/efi-programming/hello.html Thanks John. I put a label on your mail and will read the links when I find the time. Now very busy building a native x86_64-pc-linux-musl-gcc-6.3. Wouldn't it be the ideal toolchain to build one's own secureboot? Didier Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] systemd-udevd: renamed network interface eth0 to eth1
On Sat, 21 Oct 2017 16:54:36 -0400 John Franklin wrote: > > On Oct 21, 2017, at 5:51 AM, Didier Kryn wrote: > >> Tobias, until I read your posting a couple of days ago I did not > >> realise that UEFI/Secure Boot can be configured such that ONLY my > >> kernels can be booted, not even fresh install media from the > >> vendor. Thank you very much. > > > >Me neither. Who, in fact? There seems to be a lack of > > information on that matter. Does anybody have some link to point > > us? > > A generic guide to Secureboot and updating Secureboot keys in your > uEFI firmware: > > https://www.rodsbooks.com/efi-bootloaders/secureboot.html > https://www.rodsbooks.com/efi-bootloaders/controlling-sb.html > [snip Ubuntu, redhat and opensuse info because I won't run those for obvious reasons] > And finally, writing your own .efi binary, which requires linking a C > program against a vast tree of dependencies a specific crt0 and > static library: > > https://www.rodsbooks.com/efi-programming/hello.html These links pretty much proves my point: Secure Boot is a disaster for those wanting to choose what software to run. Something that used to take no more than correctly configuring grub now requires execution of the volumes of information in these links, with much of that execution being trial and error because of different UEFI/secureboot implementations. Especially telling are the following experps from the links: === "some Secure Boot implementations are very finicky about their signed binaries, and will reject some binaries built with at least some versions of GNU-EFI", === === "Fortunately, users of popular distributions such as Fedora, Ubuntu, and OpenSUSE need not do this, because these distributions sign their own binaries and provide public keys", === === "OS installation utilities and system upgrade tools may not run or may replace your working custom-signed boot programs with versions that are signed improperly for your system. You'll have to be alert to such potential problems and keep suitable backups for restoration purposes. Disabling Secure Boot may be necessary to install a new OS", === === "Some of my Secure Boot computers reject a significant fraction of EFI programs that are signed as described on this page. Other computers accept the same binaries just fine, and they work fine on the affected machines when launched via Shim, so it appears that either some computers' Secure Boot implementations are overly strict or there's a subtle problem in the way the binaries are signed that affects only some Secure Boot implementations. Binaries built with recent versions of GNU-EFI seem to be particularly prone to these problems". === Remember the days when you could take any bootloader with any kernel in any distro and pretty much boot it up, perhaps with a few chroot adventures? I won't buy a computer or mobo without knowing whether or not it can disable Secure Boot (this isn't a publicized spec), and perhaps the next several years I'll buy Windows 8 or earlier computers in which ability to turn it off (if it existed at all) was a must. SteveT Steve Litt October 2017 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
On Sat, 21 Oct 2017 20:37:35 +0100, KatolaZ wrote in message <20171021193735.gg4...@katolaz.homeunix.net>: > On Sat, Oct 21, 2017 at 08:48:57PM +0200, Arnt Karlsen wrote: > > [cut] > > > > > > > We have been testing amprolla3 for more than two months now, on > > > dozens machines, and it has been working like a charm. > > > > ..ok, with jessie + jessie-* + experimental too? > > > > Yes. You don't need to use both packages.devuan.org and > pkgmaster.devuan.org. The former serves the packages merged by the > original amprolla. The latter served the repos merged by amprolla3. So > choose one of the two. ..done, 613 upgradeable, Obsolete & local dropped to 5 from 6k and Installed rose by 6k to 7380, so I guess we're headed the right way, I have e.g. pulseaudio wanting to upgrade from our 5.0-13+devuan2 to I suspect Debian's systemd'ed 7.1.2~bpo8+1, what else to look out for? ..still no changelog viewing in aptitude: "You can only view changelogs of official Debian packages. [ Ok ]" -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] ID Quantique "Quantum" PCI-e RNG's - does anyone have more info?
Hi, Arnt Gulbrandsen writes: > taii...@gmx.com writes: >> I found this seemingly cool product, a pci-e hardware RNG that >> produces a large stream of "truly random" "quantum" random >> numbers. > ... >> I am curious what the deal with this is, does it really work? >> what is the use case for this? does anyone here have one? > > I have a competitor, http://www.entropykey.co.uk / apt-get install ekeyd, > which I fear isn't being made any more. It's useful sometimes. "Arnt, > marketing just signed a deal fory x with y, and we need 5000 coupon codes, > they really should be impossible to guess". What these devices does is > basically keep /dev/random topped up, even if the host is a rackmounted > server and you need a half-megabyte of random bits in short order. I have used the `haveged` package to keep my /dev/urandom "topped up" when randomizing disks. Greatly shortened the time needed to fill my disks. No idea about the quality of randomness, though. Hope this helps, -- Olaf Meeuwissen, LPIC-2FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Softwarehttps://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Amprolla3 is out for testing
Hi, Arnt Karlsen writes: > On Sat, 21 Oct 2017 20:37:35 +0100, KatolaZ wrote in message > <20171021193735.gg4...@katolaz.homeunix.net>: > >> On Sat, Oct 21, 2017 at 08:48:57PM +0200, Arnt Karlsen wrote: >> >> [cut] >> >> > > >> > > We have been testing amprolla3 for more than two months now, on >> > > dozens machines, and it has been working like a charm. >> > >> > ..ok, with jessie + jessie-* + experimental too? >> > >> >> Yes. You don't need to use both packages.devuan.org and >> pkgmaster.devuan.org. The former serves the packages merged by the >> original amprolla. The latter served the repos merged by amprolla3. So >> choose one of the two. > > ..done, 613 upgradeable, Obsolete & local dropped to 5 from 6k > and Installed rose by 6k to 7380, so I guess we're headed the > right way, I have e.g. pulseaudio wanting to upgrade from our > 5.0-13+devuan2 to I suspect Debian's systemd'ed 7.1.2~bpo8+1, > what else to look out for? I found the same. I'm on jessie with security, updates and backports enabled. It turned out that all my upgradable packages are from the backports suite. Slightly worrying is that a number of these are for devuan-ized packages. The 'pulseaudio' package you mentioned is one. Another that is probably trouble was 'reportbug'. The other (source) packages I found were bash-completions and cups. For non-devuan-ized packages, udev and rsyslog might be problematic. Hope this helps, -- Olaf Meeuwissen, LPIC-2FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Softwarehttps://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
