Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread KatolaZ 
On Wed, Jan 17, 2018 at 12:50:32AM +, KatolaZ wrote:

[cut]

> 
> The only affected component is the kernel. Patch exist for jessie,
> ascii, and unstable, but only for Meltdown. AFAWN, there is no way to
> effectively patch Spectre.
> 
> The patch for Meltdown comes directly from Debian:
> 
>   https://security-tracker.debian.org/tracker/CVE-2017-5754
> 
> and the updates are available from jessie-updates and from
> ascii-updates. So if you have updates enabled in your sources.list,
> you might already have got the patch. Just check that the version of
> your running kernel corresponds with that specified at the URL above.

Sorry, it's jessie-security and ascii-security, respectively.

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind available in experimental and ascii-proposed

2018-01-17 Thread Hleb Valoshka 
On 1/17/18, Andreas Messer  wrote:

> Btw, "ck-list-sessions" crashes for me:
...

Have you rebooted your pc after upgrading CK to CK2?
I believe this crash exist only when one is still running old ck
daemon. Unfortunately it looks like there is no way to replace running
ck daemon (we can kill running one and dbus will start a new instance,
ck2, but it won't have information about seats, etc created by the
previous instance)

> Maybe something to forward to upstream.

I need a bit more time to check that this crash is actually caused by
the old daemon.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind available in experimental and ascii-proposed

2018-01-17 Thread Didier Kryn 

Le 15/01/2018 à 11:30, KatolaZ a écrit :

The package is now available in Devuan in "ascii-proposed"


    I've added this repository to my sources.list:
deb http://pkgmaster.devuan.org/merged/ ascii-proposed main contrib non-free

Also added the following line to apt.conf, because synaptic refused to 
read the repository:

acquire::allowinsecurerepositories "yes";

Nevertheless, I can't see neither elogind, nor consolekit2

        Didier

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind available in experimental and ascii-proposed

2018-01-17 Thread Irrwahn 
Didier Kryn wrote on 17.01.2018 11:59:
> Le 15/01/2018 à 11:30, KatolaZ a écrit :
>> The package is now available in Devuan in "ascii-proposed"
> 
>      I've added this repository to my sources.list:
> deb http://pkgmaster.devuan.org/merged/ ascii-proposed main contrib non-free
> 
> Also added the following line to apt.conf, because synaptic refused to 
> read the repository:
> acquire::allowinsecurerepositories "yes";
> 
> Nevertheless, I can't see neither elogind, nor consolekit2

Uh? Aptitude sees it just fine (and I already installed it in a VM):

  Origin: None:2.0.0/ascii-proposed, Master:1.0.0/experimental [amd64]
  Origin URI: 
http://deb.devuan.org/devuan/pool/main/e/elogind/elogind_234.4-1+devuan1_amd64.deb

and

  Origin: None:2.0.0/ascii-proposed, Master:1.0.0/experimental [i386]
  Origin URI: 
http://deb.devuan.org/devuan/pool/main/e/elogind/elogind_234.4-1+devuan1_i386.deb

You might want to use interactive aptitude instead of synaptic.
Alternatively, you could perform a direct download via above URLs.
 
Ck2, OTOH, is not in the repositories yet, due to issues building 
it using c-i, AIUI.

As for the "allowinsecurerepositories" issue: is your devuan-keyring
package up-to-date?

HTH, best regards
Urban
-- 
-- 
Sapere aude!
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind available in experimental and ascii-proposed

2018-01-17 Thread Hleb Valoshka 
On 1/17/18, Didier Kryn  wrote:
> deb http://pkgmaster.devuan.org/merged/ ascii-proposed main contrib non-free

not /merged/ but /devuan/

> Nevertheless, I can't see neither elogind, nor consolekit2

ck2 is not there still due to jenkins issues
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind available in experimental and ascii-proposed

2018-01-17 Thread KatolaZ 
On Wed, Jan 17, 2018 at 11:59:22AM +0100, Didier Kryn wrote:
> Le 15/01/2018 à 11:30, KatolaZ a écrit :
> >The package is now available in Devuan in "ascii-proposed"
> 
>     I've added this repository to my sources.list:
> deb http://pkgmaster.devuan.org/merged/ ascii-proposed main contrib non-free
> 
> Also added the following line to apt.conf, because synaptic refused to read
> the repository:
> acquire::allowinsecurerepositories "yes";
> 

This should be impossible.  When did this happen exactly? Could you
please send a full apt log? You must never use
"allowinsecurerepositories" with Devuan repos.

Thanks

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind available in experimental and ascii-proposed

2018-01-17 Thread KatolaZ 
On Wed, Jan 17, 2018 at 02:25:48PM +0300, Hleb Valoshka wrote:
> On 1/17/18, Didier Kryn  wrote:
> > deb http://pkgmaster.devuan.org/merged/ ascii-proposed main contrib non-free
> 
> not /merged/ but /devuan/
> 
> > Nevertheless, I can't see neither elogind, nor consolekit2
> 
> ck2 is not there still due to jenkins issues

ck2 is not there still because you decided to go with the
pristine-tar, instead of using git tags for upstream versions, which
is the recommended way to go ;)

I will give it a try later, and see what happens.

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread vmlinux 


On January 16, 2018 6:50:32 PM CST, KatolaZ  wrote:
[Snip]

::
::The only affected component is the kernel. Patch exist for jessie,
::AFAWN, there is no way to
::effectively patch Spectre.

I haven't had time to actually read up on it, however, isn't there a micro code 
mitigation available from Intel? I'm assuming this is some sort of cpu firmware 
update but not sure you can flash a cpu :/ so...

https://www.reddit.com/r/sysadmin/comments/7pe2ew/intel_spectre_microcode_update/.compact

-- 
Sent from a Mobile device.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread Didier Kryn 

Le 17/01/2018 à 13:59, vmlinux a écrit :


On January 16, 2018 6:50:32 PM CST, KatolaZ  wrote:
[Snip]

::
::The only affected component is the kernel. Patch exist for jessie,
::AFAWN, there is no way to
::effectively patch Spectre.

I haven't had time to actually read up on it, however, isn't there a micro code 
mitigation available from Intel? I'm assuming this is some sort of cpu firmware 
update but not sure you can flash a cpu :/ so...

https://www.reddit.com/r/sysadmin/comments/7pe2ew/intel_spectre_microcode_update/.compact

    Still reading (subjects only) the mailing list of Linux on Dell 
Poweredge, it seems they provide a means do download and install a new 
microcode. Dunno how to do the same core-i7 of my laptop...


        Didier


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread Tom Cassidy 
You can install the intel-microcode package. AMD processors have a similar 
amd-microcode package.

https://packages.debian.org/intel-microcode

It looks like the updated microcode with the latest fixes is currently in 
Debian testing so I guess you could grab it from there directly and install 
manually if required.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886806

> On 17 Jan 2018, at 21:09, Didier Kryn  wrote:
> 
>> Le 17/01/2018 à 13:59, vmlinux a écrit :
>> 
>> On January 16, 2018 6:50:32 PM CST, KatolaZ  wrote:
>> [Snip]
>> 
>> ::
>> ::The only affected component is the kernel. Patch exist for jessie,
>> ::AFAWN, there is no way to
>> ::effectively patch Spectre.
>> 
>> I haven't had time to actually read up on it, however, isn't there a micro 
>> code mitigation available from Intel? I'm assuming this is some sort of cpu 
>> firmware update but not sure you can flash a cpu :/ so...
>> 
>> https://www.reddit.com/r/sysadmin/comments/7pe2ew/intel_spectre_microcode_update/.compact
>> 
> Still reading (subjects only) the mailing list of Linux on Dell 
> Poweredge, it seems they provide a means do download and install a new 
> microcode. Dunno how to do the same core-i7 of my laptop...
> 
> Didier
> 
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread KatolaZ 
On Wed, Jan 17, 2018 at 09:25:19PM +0800, Tom Cassidy wrote:
> You can install the intel-microcode package. AMD processors have a similar 
> amd-microcode package.
> 
> https://packages.debian.org/intel-microcode
> 
> It looks like the updated microcode with the latest fixes is currently in 
> Debian testing so I guess you could grab it from there directly and install 
> manually if required.
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886806
> 

Oh, I didn't know that microcode packages had been added to
non-free. And I could have not noticed that, perhaps ;)

Thanks

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread jacksprat 
Thanks for the replies.  When I run the "spectre-meltdown-checker.sh"
script [github.com/speed47] I see that even using a recent kernel
[4.15-rc8] only Meltdown is covered.

The two mitigations for Spectre [IBRS or kernel compiled with "retpoline"
option with a retpoline-aware compiler] are harder for me to achieve.  The
latter requires a retpoline-aware version of gcc - did anyone try to make
one?  Even then, it seems I need "reptoline-aware" versions of things like
Firefox.

I have explored disabling javascript in Firefox on a per-site basis, but
this cannot be the future [devuan has old versions of Policy-Control addon
compared to [say] antix-17].  Early days.

I hate Intel for creating this mess and for the Management Engine fiasco.

I had been using a "libre" [de-blobbed] kernel.  Now I must use the blobby
4.15-rc8 kernel AND learn about firmware, which means per-arch /lib..?

jacksprat
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Call for testing: ConsoleKit2

2018-01-17 Thread Hleb Valoshka 
Hi!

ConsoleKit2 has been packaged for experimental (but it's also
installable in Ascii).

This is an update for the old ConsoleKit and can be installed instead of it.

Please help with its testing. What to test: PC stop/hibernate/etc,
mounting of usb drives and so on under DEs.

===
deb http://packages.devuan.org/devuan/ experimental main
===
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind available in experimental and ascii-proposed

2018-01-17 Thread KatolaZ 
On Wed, Jan 17, 2018 at 11:39:21AM +, KatolaZ wrote:
> On Wed, Jan 17, 2018 at 02:25:48PM +0300, Hleb Valoshka wrote:
> > On 1/17/18, Didier Kryn  wrote:
> > > deb http://pkgmaster.devuan.org/merged/ ascii-proposed main contrib 
> > > non-free
> > 
> > not /merged/ but /devuan/
> > 
> > > Nevertheless, I can't see neither elogind, nor consolekit2
> > 
> > ck2 is not there still due to jenkins issues
> 
> ck2 is not there still because you decided to go with the
> pristine-tar, instead of using git tags for upstream versions, which
> is the recommended way to go ;)
> 
> I will give it a try later, and see what happens.
> 

Hi, 

just to confirm that ConsoleKit2 packages are now in experimental. The
package is still called "consolekit", and the relevant version is
1.2.1-1~exp1.

Thanks a lot to Hleb Valoshka for contributing the package.

The package is installable without problems in ascii as well as in
ceres.

As usual, please keep in mind that packages in experimental might have
problems, so use experimental if you know how to get out of the mud,
should you get in there...

<3

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

2018-01-17 Thread Irrwahn 
Addendum:

I repeated below quick checks with the new consolekit-2 packages 
from experimental. The results were exactly the same.

Regards
Urban


Irrwahn wrote on 17.01.2018 00:17:
> Andreas Messer wrote on 16.01.2018 22:24:
>> since we have to test elogind now with various setups, KatolaZ asked me to
>> write a short guide what needs to be tested. So here we go:
> [snipped procedure]
> 
> I gave it a quick spin on my ascii VM with lightdm and XFCE:
> 
> 1. Simply installing elogind caused no regressions, as expected.
> 
> 2. With consolekit/policykit and elogind fully enabled:
> 
>   - lightdm+XFCE graphical login: 
> 
> * login, logout, poweroff, reboot, USB drive mount: 
>working (same as without elogind, or disabled elogind)
> 
>   - ssh console login:
> 
> * screen sessions killed on logout 
>   (regression, works with elogind disabled!)
> 
> * ssh-agent killed on logout 
>   (regression, not killed with elogind disabled!)
> 
> *  urban@vboxascii:~$ loginctl reboot
>AUTHENTICATING FOR org.freedesktop.login1.reboot
>Authentication is required for rebooting the system.
>Authenticating as: ,,, (urban)
>Password: 
>AUTHENTICATION COMPLETE
>Failed to reboot system via elogind: Message recipient disconnected
>  from message bus without replying
>urban@vboxascii:~$ 
>Broadcast message from root@vboxascii (console) (Tue Jan 16 23:25:17 
> 2018):
>The system is going down for reboot NOW!
>Connection to 192.168.2.167 closed by remote host.
> 
> *  root@vboxascii:~# loginctl reboot
>Failed to reboot system via elogind: Message recipient disconnected 
>  from message bus without replying
>root@vboxascii:~# 
>Broadcast message from root@vboxascii (console) (Tue Jan 16 23:52:22 
> 2018):
>The system is going down for reboot NOW!
>Connection to 192.168.2.167 closed by remote host.
> 
> 3. No consolekit/policykit, only elogind installed and activated
>(not sure if that even makes any sense, but what the heck):
> 
>   -lightdm+XFCE graphical login: 
> 
> * login, logout: working
> 
> * GUI poweroff, reboot, USB mount: NOT working!
> 
>   - ssh console login:
> 
> * screen sessions and ssh-agent killed on logout
> 
> *  urban@vboxascii:~$ loginctl reboot
>Failed to reboot system via elogind: The name 
> org.freedesktop.PolicyKit1 
>  was not provided by any .service files
>
> 
> TL;DR: 
> The only immediately noticeable regression caused by enabling elogind 
> in this setup was detached background processes (screen, ssh-agent) 
> being killed upon session termination; user mount, poweroff, and reboot 
> worked as expected.
> 
> HTH, best regards
> Urban
> 


-- 
Sapere aude!
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdow

2018-01-17 Thread William C Vaughan 
Date: Wed, 17 Jan 2018 14:09:09 +0100
From: Didier Kryn 
To: dng@lists.dyne.org
Subject: Re: [DNG] Help with Spectre and Meltdown
Message-ID: <1bf9d308-fc02-7cf6-7a70-50c817e24...@in2p3.fr>
Content-Type: text/plain; charset=utf-8; format=flowed

Le 17/01/2018 à 13:59, vmlinux a écrit :
>
> On January 16, 2018 6:50:32 PM CST, KatolaZ  wrote:
> [Snip]
>
> ::
> ::The only affected component is the kernel. Patch exist for jessie,
> ::AFAWN, there is no way to
> ::effectively patch Spectre.
>
> I haven't had time to actually read up on it, however, isn't there a
micro code mitigation available from Intel? I'm assuming this is some sort
of cpu firmware update but not sure you can flash a cpu :/ so...
>
> https://www.reddit.com/r/sysadmin/comments/7pe2ew/intel_spectre_microcode_
update/.compact
>
 Still reading (subjects only) the mailing list of Linux on Dell
Poweredge, it seems they provide a means do download and install a new
microcode. Dunno how to do the same core-i7 of my laptop...

 Didier

I just flashed the EFI/BIOS on my I7 XPS-13 several days ago. For
non-Windows machines you copy the provided DOS ".exe" to a USB, restart the
machine, and hit F12 (nearly always on Dell) and select "Flash / update the
BIOS" or something close to that, after which just follow the instructions.
Most newer Dell machines have the SA-00086 updates available. Older
machines might not.  Here's the relevant link:

Dell intel flash patches for meltdown/spectre

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdow

2018-01-17 Thread Hector Gonzalez 


On 01/17/2018 11:51 AM, William C Vaughan wrote:

Date: Wed, 17 Jan 2018 14:09:09 +0100
From: Didier Kryn mailto:k...@in2p3.fr>>
To: dng@lists.dyne.org 
Subject: Re: [DNG] Help with Spectre and Meltdown
Message-ID: <1bf9d308-fc02-7cf6-7a70-50c817e24...@in2p3.fr 
>

Content-Type: text/plain; charset=utf-8; format=flowed

Le 17/01/2018 à 13:59, vmlinux a écrit :
>
> On January 16, 2018 6:50:32 PM CST, KatolaZ > wrote:

> [Snip]
>
> ::
> ::The only affected component is the kernel. Patch exist for jessie,
> ::AFAWN, there is no way to
> ::effectively patch Spectre.
>
> I haven't had time to actually read up on it, however, isn't there a micro code mitigation 
available from Intel? I'm assuming this is some sort of cpu firmware 
update but not sure you can flash a cpu :/ so...

>
> https://www.reddit.com/r/sysadmin/comments/7pe2ew/intel_spectre_microcode_update/.compact 


>
 Still reading (subjects only) the mailing list of Linux on Dell
Poweredge, it seems they provide a means do download and install a new
microcode. Dunno how to do the same core-i7 of my laptop...



intel microcode is available as a debian package (non-free), you can see 
the tracker here: https://tracker.debian.org/pkg/intel-microcode you 
want the version from 20180108 which is in testing.  The package adds 
firmware patches during boot, and they stay in memory, so the package 
should remain installed afterwards.  The process is explained here:  
https://wiki.debian.org/Microcode


There are trackers for the CVE's associated with spectre too:

https://security-tracker.debian.org/tracker/CVE-2017-5715
https://security-tracker.debian.org/tracker/CVE-2017-5753

The xenbits.xen.org link in the notes of these trackers has a good 
explanation of the bugs.



     Didier

I just flashed the EFI/BIOS on my I7 XPS-13 several days ago. For 
non-Windows machines you copy the provided DOS ".exe" to a USB, 
restart the machine, and hit F12 (nearly always on Dell) and select 
"Flash / update the BIOS" or something close to that, after which just 
follow the instructions. Most newer Dell machines have the SA-00086 
updates available. Older machines might not.  Here's the relevant link:


Dell intel flash patches for meltdown/spectre 






___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng


--
Héctor González
ca...@genac.org

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Software design and Armageddon spaceships

2018-01-17 Thread Steve Litt 
Hi all,

There's a movie on the web called "Evacuate Earth" at
https://www.youtube.com/watch?v=kpkzxT2Ntto

The premise is that a neutron star is coming to eat Earth, and a
quarter million humans must go to a planet 5 lightyears away in order
to preserve our species.

The only part of this movie on-topic to this mailing list is the part
on assembling the spacecraft, 55:15 to 1:02:30. They're shooting the
sections up into space orbit and joining them in space, mostly via
robotics but some human intervention involved. By this space assembly
the spacecraft needn't gobble energy just leaving Earth.

Can you imagine the opportunity for failure? These sections are made in
factories all over the planet, and when they get up there, tab A must
fit into slot 1, every time. How in the world do you get that kind of
perfection. Really think about it.

I thought about it. The space ship is a 16 mile long, 2 mile diameter
cylinder. I'd put it together with interlocking and weldable cylinder
arcs, **all the same**. To the extent possible, I'd make the major
parts conform to one of a few templates. I'd make each template as
simple as possible, but with fittings and furniture sufficient to cover
all anticipated needs. Such simplicity makes perfection doable.

I'd design the templates from the ground up to be built by robotics,
but still reasonably assemblable/disassemblable by real humans with
reasonably simple tools.

For every template, I'd specify and build a test jig (perhaps call it a
unit test). Every piece that's built would be unit tested on earth,
before spending the time and opportunity cost to send it to space. I'd
make sure test jigs built in one factory are used in another, to limit
instrumentation errors that pass bad units.

Inevitably, the initial template designs will forget provisions for a
few features. Unless these features are a life and death thing, once
building commenced, I would neither change the design nor make complex
workarounds to accommodate those features. The crew and passengers
would just live their lives to make those features unnecessary.

I look at GNU/Linux (and BSD and POSIX in general) and see a lot of such
design. A startup script looping through the script files of
whatever.d/ is a perfect example of simple and openended design. Runit,
s6 and daemontools are another example. Even sysvinit is an example,
although sysvinit left out enough that those scripts
in /etc/rc.d/rc5.d/ must be overly complicated.

In the movie, parts get launched to the ship and bolted/welded on.
What is NOT done is to monolithically build huge megasections comprising
dozens of differing functionalities, and send those up. This was one of
the first lessons I had to learn when switching to GNU/Linux: My days of
building the single-executable-does-it-all were over. The new
catchphrase was do one thing and do it well. I found out that
executables are the best places to divide, and they can naturally be
made to have very thin and understandable interfaces.

If I had only one chance to save humanity, I'd build my spaceship like
GNU/Linux, not like Windows. And I wouldn't hire Poettering to be part
of the effort.

SteveT

Steve Litt
January 2018 featured book: Troubleshooting: Why Bother?
http://www.troubleshooters.com/twb
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Help with Spectre and Meltdown

2018-01-17 Thread Cassandra of Troy 
Much appreciated from lurker(s) as well as the OP.

Looking forward to unplugging this live USB stick and reading my mail on
Jessie tomorrow morning. :)

If any of you have the spare time to reply on or offlist, I value your
opinions on whether switching to an AMD processor from a libreboooted
Thinkpad something that an average joe should be prioritizing right now.



KatolaZ:

> The patch for Meltdown comes directly from Debian:
> 
>   https://security-tracker.debian.org/tracker/CVE-2017-5754
> 
> and the updates are available from jessie-updates and from
> ascii-updates. 
> 
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

2018-01-17 Thread Hleb Valoshka 
On 1/17/18, Irrwahn  wrote:

> * screen sessions killed on logout
>   (regression, works with elogind disabled!)

This is because elogind is designed to be logind replacement (and
actually shares its code) and so it's bug-for-bug compatible. Systemd
uses cgroups to track processes and on logout kills all user's
processes started during the session.

> *  urban@vboxascii:~$ loginctl reboot
>AUTHENTICATING FOR org.freedesktop.login1.reboot

This is incorrect behaviour. Required privileges should be granted
automatically due to pam module, could you show your
/etc/pam.d/session-common?

Oh, wait...

>Connection to 192.168.2.167 closed by remote host.

Remote connection, so this explains the previous message.

Can you repeat the same but with a local login?

> 3. No consolekit/policykit, only elogind installed and activated
>(not sure if that even makes any sense, but what the heck):
...

Works as expected.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread Hendrik Boom 
On Wed, Jan 17, 2018 at 07:27:24AM +0100, marc wrote:
> 
> Spectre has no patch in the conventional sense. But there 
> are two types of things one can do:
> 
> * Move to a processor which doesn't speculate :) with so many 
> side effects. Processors found on the raspberry PI, for example, 
> are ok to use.

I was planning on a new laptop so I could use a reasonablly current API.
But with the execute-ahead fiasco, I am reluctant to put serious money
down on a vulnerable processor.  So I'm getting a raspberry pi instead 
and connecting it to my TV.  Not really a laptop, no.

And I'm replacing my file server with one based on a MIPS processor.

-- hendrik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] elogind testing for experimental and ascii-proposed

2018-01-17 Thread Irrwahn 
Hleb Valoshka wrote on 17.01.2018 20:54:
> On 1/17/18, Irrwahn  wrote:
> 
>> * screen sessions killed on logout
>>   (regression, works with elogind disabled!)
> 
> This is because elogind is designed to be logind replacement (and
> actually shares its code) and so it's bug-for-bug compatible. Systemd
> uses cgroups to track processes and on logout kills all user's
> processes started during the session.

According to A. Messer this behavior can be changed in a configuration 
file.

> 
>> *  urban@vboxascii:~$ loginctl reboot
>>AUTHENTICATING FOR org.freedesktop.login1.reboot
> 
> This is incorrect behaviour. Required privileges should be granted
> automatically due to pam module, could you show your
> /etc/pam.d/session-common?
> 
> Oh, wait...
> 
>>Connection to 192.168.2.167 closed by remote host.
> 
> Remote connection, so this explains the previous message.
> 
> Can you repeat the same but with a local login?

Outcome is the same when logged in via a VT console, while elogind 
is fully enabled (and ck2 and pk installed). With elogind disabled 
(ck+pk only), no extra authentication is needed. 

However, I just finished debootstrapping a fresh ascii VM, and 
interestingly USB mounting with ck2 is broken again. Presumably I 
previously messed around with the older VM I made the tests with, 
possibly hacked open some polkit actions, or the like. Thus, the 
results I got must be taken with considerably more than just a grain 
of salt! OTOH, the reboot/shutdown sequences look the same as before,
i.e. requiring extra authentication.

HTH, regards
Urban
 -- 
-- 
Sapere aude!
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread Adam Borowski 
On Wed, Jan 17, 2018 at 03:27:16PM -0500, Hendrik Boom wrote:
> On Wed, Jan 17, 2018 at 07:27:24AM +0100, marc wrote:
> > Spectre has no patch in the conventional sense. But there 
> > are two types of things one can do:
> > 
> > * Move to a processor which doesn't speculate :) with so many 
> > side effects. Processors found on the raspberry PI, for example, 
> > are ok to use.
> 
> I was planning on a new laptop so I could use a reasonablly current API.
> But with the execute-ahead fiasco, I am reluctant to put serious money
> down on a vulnerable processor.  So I'm getting a raspberry pi instead 
> and connecting it to my TV.  Not really a laptop, no.

Grab a Pinebook.  It's slow, but still faster than Raspberry Pi, and has two
GB ram rather than one.

For $89, you don't care that it's only a stop-gap before you can get a
better one once such CPUs become available.  Also, its manufacture quality
is pretty nice compared to other cheap laptops I've seen.

> And I'm replacing my file server with one based on a MIPS processor.

GnuBee?


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢰⠒⠀⣿⡁ Imagine there are bandits in your house, your kid is bleeding out,
⢿⡄⠘⠷⠚⠋⠀ the house is on fire, and seven big-ass trumpets are playing in the
⠈⠳⣄ sky.  Your cat demands food.  The priority should be obvious...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Waterfox (was: Re: Help with Spectre and Meltdown)

2018-01-17 Thread Adam Borowski 
On Wed, Jan 17, 2018 at 08:51:42AM +0100, Irrwahn wrote:
> marc wrote on 17.01.2018 07:27:
> >  or maybe package up some of the firefox forks which
> > are more security focused.
> 
> Which would essentially boil down to a list of three candidates: 
> waterfox, icecat, or palemoon. 
> 
> My 2¢: Out of these, currently waterfox is my personal favorite, as 
> palemoon started to fail me on several occasions, not being able to
> reasonably render several web pages I use regularly. Didn't have 
> much exposure to icecat, though.

Does anyone happen to have sane packaging for Waterfox?  Upstream's just
copies binaries of unknown provenience.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢰⠒⠀⣿⡁ Imagine there are bandits in your house, your kid is bleeding out,
⢿⡄⠘⠷⠚⠋⠀ the house is on fire, and seven big-ass trumpets are playing in the
⠈⠳⣄ sky.  Your cat demands food.  The priority should be obvious...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread taii...@gmx.com 



On 01/17/2018 02:15 PM, Cassandra of Troy wrote:

Much appreciated from lurker(s) as well as the OP.

Looking forward to unplugging this live USB stick and reading my mail on
Jessie tomorrow morning. :)

If any of you have the spare time to reply on or offlist, I value your
opinions on whether switching to an AMD processor from a libreboooted
Thinkpad something that an average joe should be prioritizing right now.
The C2D/Q and probably ivy and sandybridge too (ugh so lame) will not be 
getting microcode updates from the bean counters at intel whereas AMD 
will be updating at least bulldozer and above.


I would get a Lenovo G505S, no ME/PSP, and it has open CPU/RAM init via 
coreboot, also has an IOMMU unlike the *200 series.
Blobs for video and power management but they can be removed eventually 
as there is no hardware code signing enforcement.
Unfortunately the build quality is not as good as the *200 series and 
the availability is not as good.


If you don't want a laptop a KCMA-D8 or KGPE-D16 board (libre firmware 
available via libreboot or coreboot) with a 4386 (D8) or 6328 (D16) is 
also a good affordable choice with no PSP/ME and is still able to play 
new games.


also everyone should please note that coreboot doesn't necessary mean 
open source firmware (ex: the sleazy purism marketing people) as it once did


On 01/17/2018 03:27 PM, Hendrik Boom wrote:


On Wed, Jan 17, 2018 at 07:27:24AM +0100, marc wrote:

Spectre has no patch in the conventional sense. But there
are two types of things one can do:

* Move to a processor which doesn't speculate :) with so many
side effects. Processors found on the raspberry PI, for example,
are ok to use.

I was planning on a new laptop so I could use a reasonablly current API.
But with the execute-ahead fiasco, I am reluctant to put serious money
down on a vulnerable processor.  So I'm getting a raspberry pi instead
and connecting it to my TV.  Not really a laptop, no.
I not advise getting a RPI, the RPI foundation only likes open source 
when it helps them (ie: free OS for their devices) - their devices 
firmware and hardware is entirely closed source.


ARM devices with open source firmware/hardware do exist from other 
companies.



___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread Dr. Nikolaus Klepp 
Am Mittwoch, 17. Januar 2018 schrieb Adam Borowski:
> [...]
> Grab a Pinebook.  It's slow, but still faster than Raspberry Pi, and has two
> GB ram rather than one.
> 
> For $89, you don't care that it's only a stop-gap before you can get a
> better one once such CPUs become available.  Also, its manufacture quality
> is pretty nice compared to other cheap laptops I've seen.

Pinebook would be nice, if they actually would ship some day :-/



-- 
Please do not email me anything that you are not comfortable also sharing with 
the NSA, CIA ...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread jacksprat 
on ARM alternative:  ODROID C2 is a sub-100 pound/dollar single board
computer like RaspberryPI3, but with 2 gbyte RAM and gigabit ethernet.  it
is a project as only Xubuntu is available as a ready-made Linux.  I want
one but can't afford time/effort.

jacksprat
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Call for testing: ConsoleKit2

2018-01-17 Thread Mike Schmitz 
On Wed, Jan 17, 2018 at 07:02:36PM +0300, Hleb Valoshka wrote:
> Hi!
> 
> ConsoleKit2 has been packaged for experimental (but it's also
> installable in Ascii).
> 
> This is an update for the old ConsoleKit and can be installed instead of it.
> 
> Please help with its testing. What to test: PC stop/hibernate/etc,
> mounting of usb drives and so on under DEs.
> 
> ===
> deb http://packages.devuan.org/devuan/ experimental main
> ===

it seems to want to install eudev. I am currently running vdev. Will it
work together?



signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

[DNG] Devuan Missing Icons GdkPixbuf-WARNING

2018-01-17 Thread Lee Gold 
Hi I am trying live iso:

devuan_jessie_1.0.0_i386_desktop-live.iso

In root terminal I did,( I don't know whether the issue was caused by
this ) but to be complete I did:

apt-get update

apt-get dist-upgrade


So far in Synaptic  and thunar I get blank windows, I mean all the
expected icons are not there:

root@devuan:/home/devuan# synaptic

(synaptic:13561): GdkPixbuf-WARNING **: Cannot open pixbuf loader
module file '/usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache':
No such file or directory

This likely means that your installation is broken.
Try running the command
  gdk-pixbuf-query-loaders >
/usr/lib/i386-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders.cache

and alot more error messages.

or in a non-root terminal I run thunar and there are no error messages
but it's in icon display mode and there are no icons.
- - - - - -

I hope I'm not over-looking something obvious, I and coming from using
Ubuntu and I am not a developer - just wanted to mention this. As far
as functionality goes, everything works...wifi...everything,  works
and very clean and fast. Thanks.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread Hendrik Boom 
On Wed, Jan 17, 2018 at 09:25:19PM +0800, Tom Cassidy wrote:
> You can install the intel-microcode package. AMD processors have a similar 
> amd-microcode package.
> 
> https://packages.debian.org/intel-microcode
> 
> It looks like the updated microcode with the latest fixes is currently in 
> Debian testing so I guess you could grab it from there directly and install 
> manually if required.
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886806

Has anyone revealed how this microcode avoids the Spectre problem?
Does it, for example, disable memory fetch from proteted memory?

-- hendrik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread KatolaZ 
On Wed, Jan 17, 2018 at 07:28:39PM -0500, Hendrik Boom wrote:
> On Wed, Jan 17, 2018 at 09:25:19PM +0800, Tom Cassidy wrote:
> > You can install the intel-microcode package. AMD processors have a similar 
> > amd-microcode package.
> > 
> > https://packages.debian.org/intel-microcode
> > 
> > It looks like the updated microcode with the latest fixes is currently in 
> > Debian testing so I guess you could grab it from there directly and install 
> > manually if required.
> > 
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886806
> 
> Has anyone revealed how this microcode avoids the Spectre problem?
> Does it, for example, disable memory fetch from proteted memory?
> 

The microcode is proprietary (non-free) code, so nobody knows if the
patch is better or worse than the bug...

HND

KatolaZ

-- 
[ ~.,_  Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab  ]  
[ "+.  katolaz [at] freaknet.org --- katolaz [at] yahoo.it  ]
[   @)   http://kalos.mine.nu ---  Devuan GNU + Linux User  ]
[ @@)  http://maths.qmul.ac.uk/~vnicosia --  GPG: 0B5F062F  ] 
[ (@@@)  Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ  ]


signature.asc
Description: Digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread Tom Cassidy 
It looks like the latest Firefox has mitigations in place for spectre and/or 
meltdown. Chrome will include them in the next update too I believe.

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

> On 17 Jan 2018, at 23:00, jacksprat  wrote:
> 
> Thanks for the replies.  When I run the "spectre-meltdown-checker.sh" script 
> [github.com/speed47] I see that even using a recent kernel [4.15-rc8] only 
> Meltdown is covered.
> 
> The two mitigations for Spectre [IBRS or kernel compiled with "retpoline" 
> option with a retpoline-aware compiler] are harder for me to achieve.  The 
> latter requires a retpoline-aware version of gcc - did anyone try to make 
> one?  Even then, it seems I need "reptoline-aware" versions of things like 
> Firefox.
> 
> I have explored disabling javascript in Firefox on a per-site basis, but this 
> cannot be the future [devuan has old versions of Policy-Control addon 
> compared to [say] antix-17].  Early days.  
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread taii...@gmx.com 

On 01/17/2018 05:17 PM, Dr. Nikolaus Klepp wrote:


Am Mittwoch, 17. Januar 2018 schrieb Adam Borowski:

[...]
Grab a Pinebook.  It's slow, but still faster than Raspberry Pi, and has two
GB ram rather than one.

For $89, you don't care that it's only a stop-gap before you can get a
better one once such CPUs become available.  Also, its manufacture quality
is pretty nice compared to other cheap laptops I've seen.

Pinebook would be nice, if they actually would ship some day :-/
I would instead get a novena, an actually shipping ARM laptop and it is 
apparently free firmware/hardware besides a blob for 3D graphics.

It also has an intergrated FPGA.

According to wikipedia:
"The pinebook cannot be run solely on free software now (December 2017), 
and the linux kernel choice is limited to an old no longer supported 
version (3.10) with binary blobs to support most of the hardware, 
including the Mali graphics or any kind of 2D or 3D acceleration.


Work is underway to integrate support into mainline Linux kernel, but 
the manufacturer of the CPU (Allwinner) is notorious for its lack of 
interest in supporting Open Source."

:[

On 01/17/2018 07:41 PM, KatolaZ wrote:


On Wed, Jan 17, 2018 at 07:28:39PM -0500, Hendrik Boom wrote:

On Wed, Jan 17, 2018 at 09:25:19PM +0800, Tom Cassidy wrote:

You can install the intel-microcode package. AMD processors have a similar 
amd-microcode package.

https://packages.debian.org/intel-microcode

It looks like the updated microcode with the latest fixes is currently in 
Debian testing so I guess you could grab it from there directly and install 
manually if required.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886806

Has anyone revealed how this microcode avoids the Spectre problem?
Does it, for example, disable memory fetch from proteted memory?


The microcode is proprietary (non-free) code, so nobody knows if the
patch is better or worse than the bug...
So is the microcode embedded in your CPU, which in the case of intel 
this is encrypted for god knows why.
The only CPU without microcode hardware code signing enforcement and the 
documentation to theoretically make your own updates is POWER8+


Keep in mind that most CPU's have always had serious critical security 
bugs without microcode updates so not applying them is a security risk.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread Hendrik Boom 
On Wed, Jan 17, 2018 at 10:14:13PM +0100, Adam Borowski wrote:
> 
> > And I'm replacing my file server with one based on a MIPS processor.
> 
> GnuBee?

Yes.  I'll see if it works when it gets here.

-- hendrik
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread Brad Campbell 

On 18/01/18 08:28, Hendrik Boom wrote:

On Wed, Jan 17, 2018 at 09:25:19PM +0800, Tom Cassidy wrote:

You can install the intel-microcode package. AMD processors have a similar 
amd-microcode package.

https://packages.debian.org/intel-microcode

It looks like the updated microcode with the latest fixes is currently in 
Debian testing so I guess you could grab it from there directly and install 
manually if required.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886806


Has anyone revealed how this microcode avoids the Spectre problem?
Does it, for example, disable memory fetch from proteted memory?


There is quite a bit of information out there but it's scattered fairly 
thinly. Note this is my current understanding only.


The microcode doesn't "avoid" the Spectre problem by and in itself. A 
large part of the fix is implementing extra instructions to inhibit 
branch prediction under certain circumstances. It is then up to the OS 
to manage that. The bit people are stuggling with right now is that when 
the microcode is applied, extra processor feature flags appear so the 
kernel will need to re-scan the processor flags after an update and deal 
with the consequential fallout.


That won't itself inhibit the ability for userspace processes to access 
other process memory. The chief mitigation for that at the moment is the 
reduction in timer resolution in Javascript interpreters. That still 
doesn't prevent malware using it as a vector, but it does make it a 
*lot* harder for a rouge bit of Javascript served as an in-page add from 
scrounging through the browser process space for your internet banking 
credentials.


What the microcode fix does do is allow some further mitigation to be 
applied from the OS perspective, although for people with Haswell and 
Broadwell variants it'd be wise not to install the microcode until Intel 
get it fixed.


The most important issue for Spectre is ensuring your browser is up to 
date (and by up to date I mean the absolute latest version of Firefox). 
If you use one of the "free" forks, make sure the mitigation has been 
ported across or disable Javascript full stop.


If you use an Intel processor then make sure you have the OS Meltdown 
mitigation applied (ie KPTI).


Again, my current understanding based on lots of reading and the 
occasional discussion with people who *do* know better.


Corrections welcome. Hysterical ranting about the closed source nature 
of microcode >> /dev/null

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread Brad Campbell 

On 17/01/18 23:00, jacksprat wrote:
Thanks for the replies.  When I run the "spectre-meltdown-checker.sh" 
script [github.com/speed47 ] I see that even 
using a recent kernel [4.15-rc8] only Meltdown is covered.


The two mitigations for Spectre [IBRS or kernel compiled with 
"retpoline" option with a retpoline-aware compiler] are harder for me to 
achieve.  The latter requires a retpoline-aware version of gcc - did 
anyone try to make one?  Even then, it seems I need "reptoline-aware" 
versions of things like Firefox.




If my understanding is correct, IBRS is just effectively a microcode 
implementation providing the same outcome as a retpoline (but 
theoretically slightly faster). In both cases you still need the 
compiler and resulting compiled binaries to support the feature. Just 
applying the microcode to enable the IBRS instructions isn't going to do 
anything without the supporting code.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread arne 
On Tue, 16 Jan 2018 23:33:41 +
jacksprat  wrote:

> I wanted to explore whether Devuan can provide a solution to the
> Spectre/Meltdown fiasco.  Is there a guide to what elements of Devuan
> [jessie, ascii, ?] have been upgraded to address these issues?
> 
> If I need to move to ascii to achieve this [I am on jessie], what do
> I need to put in /etc/apt/sources.list so that apt-get can be perform
> the upgrade?  I have a spare computer where an ascii-based solution
> can be tested .
> 
> Thanks, jacksprat


Do you know whether MediaTek Helio X25 deca-core processor is a victim
too for Meltdown and Spectrum?
I can not find anything about it on Google.

My next debian handheld will be Gemini PDA that has that CPU.

I prefer not to worry.  

Tanks, 
John
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Help with Spectre and Meltdown

2018-01-17 Thread Adam Borowski 
On Wed, Jan 17, 2018 at 10:03:46PM -0500, taii...@gmx.com wrote:
> According to wikipedia:
> "The pinebook cannot be run solely on free software now (December 2017),

Sad to hear this.  Because of this, I guess we should tell the ftpmasters
that atf-allwinner which I, seeing it's not going to be merged into mainline
this millenium, recently packaged separately, should be rejected based on
this non-freeness.

It also lacks core features its equivalents in the x86 land have: unlike ME
and PSP, there's no NSA functionality.  You do have the freedom to add such
backdoors if you wish, though.

> the linux kernel choice is limited to an old no longer supported version
> (3.10)

Wikipedia protects its readers by requiring verifiability via reliable,
published sources (such as Phoronix) rather than hearsay (#linux-sunxi) or
own research (cat /proc/version).

> with binary blobs to support most of the hardware, including the Mali
> graphics or any kind of 2D or 3D acceleration.

Unlike x86, on ARM 2D and 3D are separate.

Only Mali is lacking; while I see active work
(https://github.com/yuq/mesa-lima) it's not anywhere near functional.
I don't get what you'd need 3D on a laptop of this kind for, though.

More troubling is no arisc: it's needed for real suspend; without it, the
best you can do is to turn off all cores but one and set the last core to
lowest frequency.  It has been reverse engineered, but there's currently no
packaged toolchain.  For now, such one-eye-open sleep is uncool for those
who use laptops away from civilization.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀ 
⣾⠁⢰⠒⠀⣿⡁ Imagine there are bandits in your house, your kid is bleeding out,
⢿⡄⠘⠷⠚⠋⠀ the house is on fire, and seven big-ass trumpets are playing in the
⠈⠳⣄ sky.  Your cat demands food.  The priority should be obvious...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng