On Mon, 23 Oct 2017 00:28:12 +0200, Antony wrote in message
<201710230028.12849.antony.st...@devuan.open.source.it>:
> On Sunday 22 October 2017 at 23:28:51, Fungal-net wrote:
>
> > I am still unclear on what the onion repositories are
>
> Me too - what are you referrring to?
..peel an onion
On ASCII "apt-get update; apt-get upgrade" pulled about 150M of
packages. This is the first time since several months this has
occurred. Well done to all!
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Dear All,
thanks a lot for your effort in helping battle-testing amprolla3. We
have several dozen distinct IPs currently using amprolla3, and we had
already the first bug report and fix on Saturday night/Sunday morning
(thanks to Arnt and Olaf for reporting, and to parazyd for fixing it)
:)
Due t
On 22/10/17 11:37, Jaromil wrote:
Thanks everyone for adding details,
On Fri, 20 Oct 2017, Patrick Meade wrote:
https://github.com/lamby/pkg-redis/commit/6a9e4d0142b45195a0d55945bbc558df4c48707b#diff-9e388da7cd119765989cc22d2bc07e5c
This diff clearly shows that redis-sentinel example scripts
On 21/10/17 01:53, Patrick Meade wrote:
That text is not from the Debian changelog, but rather from debian/NEWS.
Ah, didn't notice that. Always trust the code before the doc.
Still don't understand why it says "in favour of systemd's ... commands"
when the patch does no such thing.
The
Contrary to the main argumentative line of this thread, I found EFI
far better than BIOS booting. The fact that a dedicated partition is
used to hold the primary boot loaders, is a great advantage. With
BIOS, the booloader was placed in the first sector's initial 446 bytes
of data with the remainin
On Mon, Oct 23, 2017 at 11:24:12AM +0200, Edward Bartolo wrote:
> Contrary to the main argumentative line of this thread, I found EFI
> far better than BIOS booting. The fact that a dedicated partition is
> used to hold the primary boot loaders, is a great advantage. With
> BIOS, the booloader was
kato...@freaknet.org writes:
And what if you want to use your own unsigned bootloader? Why should
you ask someone else the permission to boot your own machine? o_O
Because I want deny people with physical access the ability to boot
unsigned bootloaders.
I am both the owner of my hardware and
KatolaZ wrote:
> And what if you want to use your own unsigned bootloader? Why should
> you ask someone else the permission to boot your own machine? o_O
Two ways :
1) You simply turn off secure boot and it'll boot your unsigned binary. If your
machine doesn't have that then it's a bug and you
On Mon, Oct 23, 2017 at 10:47:31AM +0100, Arnt Gulbrandsen wrote:
> kato...@freaknet.org writes:
> >And what if you want to use your own unsigned bootloader? Why should
> >you ask someone else the permission to boot your own machine? o_O
>
> Because I want deny people with physical access the abil
On 10/23/2017 05:47 AM, Arnt Gulbrandsen wrote:
kato...@freaknet.org writes:
And what if you want to use your own unsigned bootloader? Why should
you ask someone else the permission to boot your own machine? o_O
Because I want deny people with physical access the ability to boot
unsigned boo
On Mon, Oct 23, 2017 at 10:50:54AM +0100, Simon Hobson wrote:
> KatolaZ wrote:
>
> > And what if you want to use your own unsigned bootloader? Why should
> > you ask someone else the permission to boot your own machine? o_O
>
> Two ways :
> 1) You simply turn off secure boot and it'll boot your
kato...@freaknet.org writes:
I don't know much about signed bootloaders, and i will try to re-read
the thread to fully understand your statement.
The short version: You can remove keys, so that only your own key is valid
for booting. If you're then careful about that key, then later physical
On Mon, Oct 23, 2017 at 11:16:50AM +0100, Arnt Gulbrandsen wrote:
> kato...@freaknet.org writes:
> >I don't know much about signed bootloaders, and i will try to re-read
> >the thread to fully understand your statement.
>
> The short version: You can remove keys, so that only your own key is valid
kato...@freaknet.org writes:
Yes, but what about *adding* your own keys? This does not seem to be a
popular option, AFAIK.
Of course it isn't. Who has a reason to talk about it?
Microsoft doesn't talk much about that, because Microsoft wants most users
to use Windows Upgrade and get timely up
hi
recently installed devuan jessie LTS - many thank yous for the project
im not new to 'nix but am i missing something when i can't install
libreoffice or qemu completely ?
dont have that computer handy now, sorry, but id say atleast 30-50%
packages/dependencies are 404
using tor+https repos
On Mon, Oct 23, 2017 at 12:34:45PM +, Fulano Diego Perez wrote:
> hi
>
> recently installed devuan jessie LTS - many thank yous for the project
>
> im not new to 'nix but am i missing something when i can't install
> libreoffice or qemu completely ?
>
> dont have that computer handy now, sor
KatolaZ:
> # apt-get update
>
> before trying to install/upgrade packages? One reason why you might
> have a 404 is that the cache kept by apt is older than the actual
> version.
dont be sorry.
yes, did the obvious updates ..
___
Dng mailing list
D
On Mon, Oct 23, 2017 at 01:15:08PM +, Fulano Diego Perez wrote:
>
>
> KatolaZ:
> > # apt-get update
> >
> > before trying to install/upgrade packages? One reason why you might
> > have a 404 is that the cache kept by apt is older than the actual
> > version.
>
> dont be sorry.
>
> yes, d
Le 23/10/2017 à 11:47, Arnt Gulbrandsen a écrit :
Because I want deny people with physical access the ability to boot
unsigned bootloaders.
I am both the owner of my hardware and the person who usually has
physical access. Requiring signed boot loaders is way to transfer
rights from latter
On 10/23/2017 04:10 AM, John Hughes wrote:
On 21/10/17 01:53, Patrick Meade wrote:
That text is not from the Debian changelog, but rather from debian/NEWS.
Ah, didn't notice that. Always trust the code before the doc.
Still don't understand why it says "in favour of systemd's ... commands"
On 23/10/17 15:59, Patrick Meade wrote:
As John Hughes said, this isn't quite as bad as we originally thought.
We can still run redis-server with the Debian provided sysvinit
script, and Debian isn't throwing away upstream files for no reason.
Also note that the upstream init script example
Didier Kryn writes:
For me the things which need to be protected are
1) the data
2) the OS, to avoid backdoors
I can't see any need to protect a motherboard against
booting from a "foreign" disk.
To access the data: Boot from foreign media, modify or replace the usual
boot p
taii...@gmx.com writes:
No you aren't.
Intel ME + "Secure" boot non-owner controlled firmware code
signing enforcement (probably hardware enforced via boot guard,
so one couldn't even spend the thousands to have it removed via
a coreboot platform port)
If you can't execute whatever you plea
On Mon, 23 Oct 2017 10:50:54 +0100
Simon Hobson wrote:
> Two ways :
> 1) You simply turn off secure boot and it'll boot your unsigned
> binary. If your machine doesn't have that then it's a bug and you
> should complain to the retailer - and return the machine (which by
> now is not in a re-sell
El 23/10/17 a les 16:35, Arnt Gulbrandsen ha escrit:
> Didier Kryn writes:
>> For me the things which need to be protected are
>>
>> 1) the data
>> 2) the OS, to avoid backdoors
>>
>> I can't see any need to protect a motherboard against booting from
>> a "foreign" disk.
>
> To acc
Le 23/10/2017 à 16:35, Arnt Gulbrandsen a écrit :
Didier Kryn writes:
For me the things which need to be protected are
1) the data
2) the OS, to avoid backdoors
I can't see any need to protect a motherboard against booting
from a "foreign" disk.
To access the data: Boot from
Didier Kryn writes:
I've read previously on this list that secureboot doesn't
prevent booting from a usb key... Or did I misunderstood?
People spread too much FUD.
Various people have asserted, without naming names, that some/most vendors
do not allow you to delete keys from the list of a
On Mon, Oct 23, 2017 at 10:41:29AM -0400, Steve Litt wrote:
> On Mon, 23 Oct 2017 10:50:54 +0100
> Simon Hobson wrote:
>
>
> > Two ways :
> > 1) You simply turn off secure boot and it'll boot your unsigned
> > binary. If your machine doesn't have that then it's a bug and you
> > should complain
On 2017-10-23 09:41, Steve Litt wrote:
To get Windows 10 certification, you have to have Secure Boot but
there's no requirement for an off switch.
SteveT
If that is true, it sounds like a class action law suit to me. Anyone
want to take it on?
golinux
I'm having trouble doing an "apt-get upgrade" over tor+http. The update
works fine; my guess is the manifests have bad information. Here's what
a session looks like (see below). Am I doing something wrong?
I would have posted this to the bug tracker but I'm not sure to which
package to assign it.
> On Oct 23, 2017, at 2:37 PM, goli...@dyne.org wrote:
>
> On 2017-10-23 09:41, Steve Litt wrote:
>> To get Windows 10 certification, you have to have Secure Boot but
>> there's no requirement for an off switch.
>> SteveT
>
> If that is true, it sounds like a class action law suit to me. Anyone
>> If that is true, it sounds like a class action law suit to me. Anyone want
>> to take it on?
> Can you identify any vendors where you can’t install Linux? If you can’t,
> this just a bunch of FUD.
>
> jf
>
It sounds like something that windows 10 vendors would love to do. The
idea of anyon
Quote: "secure operating system"
Where can I get that? Linux does have vulnerabilities. Together with
that, a kernel alone doesn't do much. Other packages are needed which
add up more attack surface area.
You do remember when kernel.org itself was hacked without anyone
noticing anything for seven
> kato...@freaknet.org writes:
> >And what if you want to use your own unsigned bootloader? Why should
> >you ask someone else the permission to boot your own machine? o_O
>
> Because I want deny people with physical access the ability to boot unsigned
> bootloaders.
>
> I am both the owner of my
On Mon, 23 Oct 2017 15:42:00 -0400
John Franklin wrote:
> > On Oct 23, 2017, at 2:37 PM, goli...@dyne.org wrote:
> >
> > On 2017-10-23 09:41, Steve Litt wrote:
> >> To get Windows 10 certification, you have to have Secure Boot but
> >> there's no requirement for an off switch.
> >> SteveT
>
> On Oct 23, 2017, at 5:34 PM, marc wrote:
>
>> kato...@freaknet.org writes:
>>> And what if you want to use your own unsigned bootloader? Why should
>>> you ask someone else the permission to boot your own machine? o_O
>>
>> Because I want deny people with physical access the ability to boot u
> On Oct 23, 2017, at 6:13 PM, Steve Litt wrote:
>
>
> And by the way, I had a Win8 box that wouldn't accept Linux, but
> luckily it was for one of my kids who wanted Windows.
>
Brand and model? Why wouldn’t it accept Linux?
jf
--
John Franklin
frank...@tux.org
smime.p7s
Description:
Quoting John Franklin (frank...@tux.org):
Technically, a rootkit is not a threat but rather a minor after-the-fact
sequel to a threat and succesful attack. It does not embody an attack,
itself. Rather, it's a method of hiding from the legitimate
administrator the covert activity of an intruder
> On Oct 23, 2017, at 6:44 PM, Rick Moen wrote:
>
> Quoting John Franklin (frank...@tux.org):
>
> Technically, a rootkit is not a threat but rather a minor after-the-fact
> sequel to a threat and succesful attack. It does not embody an attack,
> itself. Rather, it's a method of hiding from t
I'm unsure if this is the way for a lurker to reply to his list. If not, my
apologies. Someone posted that it would be nice to get a list of PC vendors
who don't allow disabling of secure boot. That would be a great boon if
someone can actually post such a list. I'm currently posting from a Dell
XP
On 10/23/2017 04:18 PM, Edward Bartolo wrote:
> Quote: "secure operating system"
>
> Where can I get that? Linux does have vulnerabilities. Together with
> that, a kernel alone doesn't do much. Other packages are needed which
> add up more attack surface area.
>
> You do remember when kernel.org
On 2017-10-23 20:12, zap wrote:
firetools is how you use your web browser/internet connecting
applications
your web browser is firefox based with the garbage disabled but still
regularly updated
fsmithred has a neat text interface for firejail at:
https://sourceforge.net/projects/refracta/fi
On 23.10.2017 11:50, Simon Hobson wrote:
[U]EFI in itself isn't all that bad - what some manufacturers do with it, and
the hash they make of it, is often bad.
It always had been bullshit. A good technical solution would be
OF + device tree.
Board vendors should just provide the board init co
Struggling with vendors that cater mostly for MS Windows users who
don't really care about Secure Boot being disabled or not, is not the
way that leads to an available solution. Such vendors are far too
powerful to bow to the pressures of insignificant pressure groups like
'old fashioned' Linux use
On Tue, Oct 24, 2017 at 05:33:18AM +0200, Edward Bartolo wrote:
> Struggling with vendors that cater mostly for MS Windows users who
> don't really care about Secure Boot being disabled or not, is not the
> way that leads to an available solution. Such vendors are far too
> powerful to bow to the p
El 23/10/17 a les 21:42, John Franklin ha escrit:
>
>> On Oct 23, 2017, at 2:37 PM, goli...@dyne.org wrote:
>>
>> On 2017-10-23 09:41, Steve Litt wrote:
>>> To get Windows 10 certification, you have to have Secure Boot but
>>> there's no requirement for an off switch.
>>> SteveT
>>
>> If that is
(Sorry, forgot to send earlier)
Steve Litt writes:
Something that used to
take no more than correctly configuring grub now requires execution
of the volumes of information in these links, with much of that
execution being trial and error because of different UEFI/secureboot
implementations.
Th
48 matches
Mail list logo
