17 Jan 2025 14:33:05 Roberto C. Sánchez :
> Others, for various reasons, choose a stable distribution to which
> security patches are backported.
In particular Debian testing shouldn't be recommended to users as it is the
least likely to have security patches!
18 Dec 2024 05:03:12 to...@tuxteam.de:
> I'm all for concise code, but I usually revert some things in a second
> pass when they seem to hurt clarity. After all, you write your code for
> other people to read it.
As you wrote the code then uness that second pass is weeks or months later then
cla
30 Oct 2024 16:25:58 Christian :
> I choosed Nvidia again deliberately because I want to play with Tesorflow,
> Scikit-Learn and GPT.
Or perhaps game. People seem to forget that 20 years ago Nvidia was the only
supporter of full featured gpu drivers on Linux.
Have you tried disabling secure bo
29 Oct 2024 17:38:39 Timothy M Butterworth :
> NVIDIA is a major pain in the ass with Linux. Which is why I do not
> use them.
Actually this is more Linux being a major pain in the ass to Nvidia.
When secure boot is enabled lockdown is automatically enabled. Really debian
should provide an Nvid
Apparently hibernate works on OpenSuse with secure boot enabled when swap is
within an encrypted drive or encrypted itself.
Is that true? If it is then why hasn't Debian followed suit?
It seems it isn't possible to enable secure boot and disable lockdown any more
more with sysrq alt x.
In any case. Can anyone save me the time (having already done it?) to come up
with a grub cmdline to restore as much of the kernel lockdown as possible e.g.
debugfs=off, signed modules, disable
So I noticed the vivaldi thread said the latest flash version is
20.0.0.228 which is bundled with chrome and downloaded by the pepper
downloader packages. I have had 267 appear in the home folder though
but it cannot run.
Since the time adobe dropped support, I only have had flash enabled on
my my
> Yeah, and the best and most correct way to do that is to use the
> aforementioned:
>
> update-rc.d avahi-daemon disable
>
> avahi no longer uses a ENABLE flag in /etc/default/avahi-daemon. Those
> flags are a hack and the above menthod is much better.
Personally I disagree in that I believe
> I'm not sure how this works. What were the permissions on the file before you
> edited it?
Yeah, you sure your not accessing an sftp with suid dir permissions.
I get permission denied.
Also setting chattr +ias on a file as root prevents the folder
shenanigans
On OpenBSD setting chflags schg
> Anyone have any user experience with transreflective screens?
Yep they are brill and don't require a backlight and so sunlight will
actually allow you to see the screen perfectly with less power.
Unfortunately they are expensive in comparison though nokia
used them there isn't a single phone wi
> >
> > Not quite. I want sudo 'activated' when I enter my password.
> >
> > Ie, when I log in to XFCE, or when I unlock the xscreensaver, I have
> > in both cases just entered my password. So because I just entered my
> > password, I expect sudo to be 'activated'.
>
> Ah, now I get it. :)
>
> Hi folks!
>
> I need create a block file, later use it like archive (with dm).
>
> What is better use?
>
> /dev/random or /dev/urandom?
>
> thanks!
>
> Pol
>
You might want to install haveged. You can use that directly without
affecting your system entropy.
>
> --
> To UNSUBSCRIBE, emai
> > I always use dist-upgrade but there's not a lot a choose. Upgrade
> > upgrades installed packages while dist-upgrade can make more
> > significant changes. Once Wheezy becomes stable the two should do
> > the same thing. However, I prefer to stay in the habit of using
> > dist-upgrade (or full-
> > - With a package manager, if any of the rootfs, /usr or /var are
> > damaged, you need to either restore the entire set from a backup
> > or reinstall. This comes back to the fact that all locations
> > under the control of the package manager are a unified whole: if one
> > part bre
> On Sat, Apr 20, 2013 at 09:43:08PM +0100, Kevin Chadwick wrote:
> > > I am, as a matter of fact, subscribed to the FHS list. If you
> > > read the specification, you'll see that it does not in any way
> > > require /usr to be a *mountpoint*; it can be l
> On Wed, Apr 17, 2013 at 09:51:02PM +0100, Kevin Chadwick wrote:
> > And that's a Linux problem where some BSDs put lots of effort into
> > compliance only to have the standard changed to suit linux due to
> > pressure.
>
> Which standard, POSIX?
http://www.
> >
> > OpenBSD has only had something like two holes in over a decade
> > which is nice for uptime.
>
> Let's not get carried away here. I was under the impression that
> openbsd was one of the best things since sliced bread ... then I read
> this:
> http://allthatiswrong.wordpress.com/2010/01
> I am, as a matter of fact, subscribed to the FHS list. If you read
> the specification, you'll see that it does not in any way require
> /usr to be a *mountpoint*; it can be located on the root filesystem
> without any problems. It's actually the default partitioning method.
>
> Do you have a
> > Don't believe opinion as fact just because it's on a server hosted
> > by freedesktop.org. Rusty Russel and the FHS is a more
> > authoritative (and correct) source, I suggest you read it.
>
> I never split up / and /usr for the last century or so and they are
> all working fine.
Wow, your
> That looks like you have to somehow be logged into both hosts and run
> nat-traverse on each. But it looks interesting.
Firewalls can track and block UDP (create state) even if it is a
stateless protocol too, so you may have to have control of the gateways
too.
--
__
> > Hi,
> >
> > I have a debian wheezy server up, I would like to free some space
> > on rootfs but can't guess how...
> > Here follows the filesystem, any hints?
> >
> > regrds
> > /r
> >
> > debian:~# df -h
> > File system Dim. Usati Dispon. Uso% Montato su
> > rootfs
> I haven't actually looked at your layout but copy something like /opt
> to /usr (where it should be anyway in my opinion) and bind mount it.
Sorry move it!
--
___
'Write programs that do one thing and do it well. Write progra
> >> Ok, here follows the "relevant" ouput.
> >> Apart from spf13 vim environment, that I can remove for root user, I guess
> >> my only choice would be a pruned custom kernel... am I wrong?
> >>
> >
> > You seem to be using lvm. Can't you shrink another partition to grow root?
>
>
> Yes I co
> The security related flaws are typically in
> subsystems that are not part of a minimalist kernel.
A reboot is an attackers best friend and potentially an attackers
enemy too.
However whilst your practice is right. I hope you are reviewing all bugs
as the kernel devs simply label them as bugs
> >
> > If i am not mistaken, The OpenBSD Team recommends a clean installation
> > every 6
> > month.
>
> For users following -stable instead of -current, the support goes back two
> releases which means about 12 to 18 months, since the releases have been
> every 6 months:
>
> http://
> On the humor side though I rememeber a story about a guy who moved his
> apartment. His machine was on a UPS. He determined a way to borrow a
> second UPS and daisy chain them for more uptime and then drove like a
> madman halfway to his new place where he had previously scouted and
> found a p
> > OpenBSD has only had something like two holes in over a decade which is
> > nice for uptime.
>
> Two holes in the default install, which is a very different thing to two
> holes in the entire distribution.
It is but you can see the erratas for the whole base system at
openbsd.org/errata.htm
> On 04/16/2013 03:02 PM, Kevin Chadwick wrote:
> >>> Lets not pollute this useful thread with systemd
> >> It seems a thread about init systems and administration/tweaking of them
> >> is the
> >> most appropriate place for systemd to be mentioned.
> > I believe very strongly that it is. universality with Linux supporting
> > smaller and smaller Arm chips is part of what I was touching on in the
> > paragraph you had a hard time deciphering. This is something BSD is
> > having a hard time competing with atleast in my experience of wanting
> >
> Although, I accept there is no real excuse for my rudeness.
No worries, I have a thick actually english skin as I hope those I talk
to do too. If you think that's rude, you are probably a gent.
--
___
'Write programs that do
> > > Linux greer 3.2.6 #1 SMP Mon Feb 20 17:05:10 CST 2012 i686 GNU/Linux
> > >
> > > 22:35:31 up 412 days, 10:05, 1 user, load average: 1.18, 0.97, 0.44
> >
> > So you are over a year behind in installing security updates for the
> > kernel. (I know, if your machine doesn't have untrusted
> > Yes and do you know it was designed to do just what it does for a good
> > reason in 32 kb of code. Hello world is 8kb
>
> Not relevant to choosing an init system.
I believe very strongly that it is. universality with Linux supporting
smaller and smaller Arm chips is part of what I was touc
> On Tue, Apr 16, 2013 at 10:33:47AM +0100, Kevin Chadwick wrote:
> > I think you miss the point which is those unit files depend on C code
>
> So do classic init scripts:
>
> $ file /sbin/init
> /sbin/init: ELF 64-bit LSB executable, x86-64, version 1 (SYSV),
&g
> > Lets not pollute this useful thread with systemd
>
> It seems a thread about init systems and administration/tweaking of them is
> the
> most appropriate place for systemd to be mentioned. Not least that it can
> solve
> the problem the OP had. It should not be ignored or avoided from bein
> > + dropping human readable textfiles in favour of c binary code, which makes
> > it
> > needless more complex to debug the whole show.
>
> That's non-sense. systemd unit files are text-files in ini-like format
> and much more readable then shell scripts with all their boiler plate.
I think
On Mon, 15 Apr 2013 10:54:17 +0200
Rene Engelhard wrote:
> On Mon, Apr 15, 2013 at 10:47:50AM +0100, Kevin Chadwick wrote:
> > > Personally I like the about two-year stable release schedule. It is
> > > long enough
> >
> > I appreciate knowing that our set
>> file-rc "works", but only just. I would not be surprised if it was
>> removed for the next stable release--it's simply incompatible with
>> dependency-based booting.
That's a shame, I would take direct editing of runlevel.conf over
dependency-based booting myself.
>> When you are using dyn
> > I have been using Debian for many years now. In all of that time I
> > have never wanted to "manage" init scripts. I always wonder. What
> > are people trying to do?
>
> Hi Bob,
>
> For an example of where one will want to "manage" the init scripts,
> take a look at the thread in debi
> Personally I like the about two-year stable release schedule. It is
> long enough
I appreciate knowing that our setup will not break due to this but
also compile and download various packages like libreoffice and
xfce-4.10.
Now I would not expect libreoffice to be packaged but xfce-4.10 had a
On Sat, 13 Apr 2013 10:34:36 -0700
Kelly Clowers wrote:
> >> DBus isn't a problem per se, it just can cause issues, when implemented
> >> without thinking about the needs of all users?
> >
> > Right but it's actually much worse than that. Take mozilla firefox even
> > which may or may not have b
> Then again, if you build from source, you'll lose the automatic upgrade
> feature provided by apt/aptitude.
>
> Anyone, please correct me if I'm wrong.
I believe so. There are some debian source building tools and mepis
archives are usable perhaps best with pinning. I plan to experiment
with th
> DBus isn't a problem per se, it just can cause issues, when implemented
> without thinking about the needs of all users?
Right but it's actually much worse than that. Take mozilla firefox even
which may or may not have been changed due to me bringing it up on the
dev-security list. Without dbus
> GConf I *think* was merely a GNOME construct, so if you're not a GNOME
> user you don't have to bother with it. There wasn't really much of a
> technical issue with it except it emulates the Windows Registry in
> superficial ways.
There are technical issues such as actually more difficult
adm
> D-Bus is good overall...
The good thing about standard IPC was that you would have to develop
the protocol etc.. which means if your app used it.
1./ You needed to use it otherwise you wouldn't.
2./ You made an app specific mechanism (very good if your good but
could be bad, the latter is what
> Today I successfully reinstalled my NVIDIA driver and repaired kernels -
> and after restart computer it could boot the x86 kernel with Bigmem option.
I should have said this earlier too sorry but you will know for next
time.
When you had your flashing cursor on a blank screen then, there was
l
> But regarding to updates the management by ports for a FreeBSD noop
> like me is a PITA and btw. I also prefer binaries to compiling _really
> everything_ from source. Theoretically you can manage FreeBSD by a
> package management that does provide binaries too, but when I
> installed FreeBSD the
> > Breaking the system because Arch haven't tested it well enough, or
> > released the right information happened atleast three times in the 6
> > months that I used it.
>
> It only happened one time for me, when they switched from init to
> systemd I dropped Arch for perhaps a year. But with D
> > I use Firefox not with Debian,
> > but other distros.
>
> I didn't notice that..I see Arch Linux listed among the multitudes:
>
> http://futurist.se/gldt/wp-content/uploads/12.10/gldt1210.svg
>
> You can't have too many Linux distros apparently. What's to like
> about Arch Linux?
> --
> I'm using Debian Squeeze X86 - 2.6.32-5-686 - and Chrome always show
> me this message.
>
> Why? How to solve this?
https://code.google.com/p/chromium/issues/detail?id=224537
Perhaps it will be fixed.
--
___
'Write programs
> you
> could install a minimal up-to-date Linux distro to a virtual machine
> running on Squeeze
If you are short of memory, you don't actually need to waste the memory
to run it either, you can quite easily run it from a chroot (you may
have to sort dbus out) and assuming the software doesn't re
> > Why on earth does so much of the default desktops depend on polkit
> > when very little breaks when it is disabled!
> >
>
> Because "very little" is not "nothing at all."
But 99% of the code would work just fine without it and does if you
remove it's suid.
On Fri, 05 Apr 2013 15:39:30 -040
Why on earth does so much of the default desktops depend on polkit when
very little breaks when it is disabled!
I think some important principles have been forgotten...or never
learnt in the first place in these 'modern' times.
--
> What does it mean when /dev is said to be static? dynamic?
> What should I be reading about?
On Linux, static tends to be used on embedded systems for speed and
sanity when you know about all the hardware that will be connected and
don't want anything interfering. OpenBSD has a Makedev script wh
> If I run grub with "linux-image-2.6.32-5-686-bigmem (Recovery Mode)" it
> starts fine and I have all the 4GByte of RAM - but when I run the same
> without Recovery Mode it shows me black screen with blinking cursor and
> wait forever.
>
> I think it was because when I give more memory to the com
On Thu, 4 Apr 2013 20:23:25 +0200
Gábor Hársfalvi wrote:
> try find options about big memory, PAE in the BIOS -> After
> installing RAM at first I saw in BIOS and it looked all of 4096MByte.
> So what about BIOS?
>
> How could I see what is in the kernel - Bigmem and PAE? As I wrote I
> installe
On Tue, 2 Apr 2013 12:43:56 -0600
Bob Proulx wrote:
> (Use 'visudo -f /etc/sudoers.d/local-foo' explicitly.) But
> it makes upgrades easier so I do it this way.
What is so difficult about that and sudoers could be for users and
sudoers.d for dev changes. You could even only warn upon uncommente
On Tue, 2 Apr 2013 01:45:53 +0200
sp113438 wrote:
Personally I think it would be great if package devs added perhaps
commented by default lines sudoers or to a file in sudoers.d
There is no need for groups and logging back in for the average system
and sudoers changes take immediate effect wher
57 matches
Mail list logo
