agris | OMG | 01:11 |
---|---|---|
agris | buster released | 01:11 |
golinux | Yesterday. | 01:13 |
golinux | It seems to be breaking stuff | 01:13 |
agris | Isn't Debian supposed to... ya know; not break stuff? | 01:14 |
golinux | https://lists.dyne.org/lurker/message/20190707.142939.b233b63b.en.html | 01:15 |
agris | What if I consider Microsoft a malware distributor | 01:17 |
agris | I totally get the point of secureboot (although it's really not the best solution compared to things like CB) It should not be 'enroll additional keys' into secureboot | 01:18 |
agris | rather have the ability to remove M$'s keys from the secureboot rom completely | 01:19 |
kilobyte | there is no reason _ever_ to use Microsoft keys | 01:19 |
golinux | These days, Debian is broken by design but that's not a discussion for this channel | 01:19 |
agris | also, why in the hell are we treating M$ like a certificate authority? | 01:19 |
agris | Now competitors will have to go through M$ to get their keys signed | 01:19 |
agris | or why using an X509 like authentication scheme for hardware is a good idea in the first palce | 01:20 |
agris | *place | 01:20 |
agris | That's too bad. I was really looking forward to Debian potentially turning things around with their new release | 01:20 |
agris | omg and they are pulling an ubuntu here and switching to wayland early | 01:21 |
kilobyte | possible attackers: 1. state or well-connected level: will get a valid M$ signature, 2. data thief: can just boot any signed OS release with any ring 0 vulnerability (including those in _any_ driver), 3. hardware thief: a fence will install Windows, while the thief enjoys his booze/drugs | 01:22 |
kilobyte | I have yet to see a machine without a "reset CMOS" button, be it via a hash(date) password (Asus, you set date to any publicly known value and that's it) or a switch on the motherboard -- so there's no protection against Evil Maid | 01:24 |
kilobyte | (assuming you're a hard target who enrolls your own keys; for 99.99% of people the Evil Maid will just boot a M$-signed OS) | 01:26 |
kilobyte | and there are downsides: no hibernation, many other restrictions | 01:29 |
palinuro | the only safe secure-boot computer is the one that allows only one CA to sign updates, where you are the creator of that CA, and the only signed kernels are those you have manually signed and approved | 01:30 |
kilobyte | exactly | 01:30 |
palinuro | any other way to use secure-boot seems to be just flawed at its core | 01:30 |
kilobyte | but, because of "reset CMOS" you can't do that because manufacturers won't allow their hardware to be brickable by a stupid user and/or a virus | 01:32 |
kilobyte | (unless you're big enough to specifically buy hardware permanently tied to your CA key and no other) | 01:32 |
palinuro | as far as i know i can delete all the certificates from my secure boot configuration and make manual approval operations like adding a specific key, a whole CA or blacklist something | 01:35 |
agris | kilobyte, you can still replace your system firmware with coreboot | 01:36 |
palinuro | i can protect the bios with a boot password and add my signed kernel to the approved keys | 01:36 |
palinuro | if i loose access to the system, i can still open the bios and approve a new key or CA | 01:36 |
agris | although most of the time your going to have to physically attach or remove the flash chip | 01:36 |
agris | I'd like to see PGP signed kernels and CB/grub2 in the firmware an industry norm | 01:37 |
palinuro | agris how many coreboot computers do you know? how many of them cost less than $500 more than any other equivalent piece of hardware around? | 01:37 |
palinuro | people tend to hate overpriced shit | 01:37 |
kilobyte | agris: coreboot works for a tiny percentage of machines | 01:37 |
agris | were talking about workstations here right? | 01:37 |
agris | and embedded computers | 01:38 |
agris | not cheap-as-possible consumer facebook browsers | 01:38 |
kilobyte | my cheap-as-possible consumer laptop has its ME-equivalent entirely user-replaceable, and will boot from a SD card if one is inserted without reading any mutable storage at all | 01:40 |
agris | you can still load me-firmware (even neutered) on CB | 01:42 |
agris | I've got a few machines like that | 01:42 |
agris | How can Devuan take advantage of Debian's botched Buster release? | 01:45 |
kilobyte | I wouldn't speak loudly against systemd-caused breakage (that's obvious by now, and not going to convince anyone who hasn't already made up his mind) -- but _well-researched_ "Secure" Boot education would work nicely | 01:47 |
kilobyte | as SecureBoot support is outright sabotage of user rights, even for people who don't care about privacy politics -- you lose actual capabilities | 01:48 |
agris | what about wayland | 01:48 |
kilobyte | wayland has some stupid decisions, but nothing unfixable | 01:49 |
kilobyte | they fixed primary selection, re-add network transparency, etc | 01:49 |
agris | they re-added network transparency or they will read it? | 01:50 |
kilobyte | there's some serious effort, I don't know how good it is at the moment | 01:50 |
kilobyte | (I didn't have the tuits to look at Wayland recently.) | 01:51 |
kilobyte | compared to X11's baggage of 1980s design, Wayland might be actually a good thing once it matures | 01:51 |
agris | that's the thing kilobyte | 01:52 |
agris | the whole thing Debian (used to) stand for. Waiting "till it's ready" for new releases | 01:52 |
agris | as in waiting for something to mature before including it in the next release | 01:53 |
kilobyte | you need to switch at _some_ point | 01:53 |
agris | not if wayland doesn't mature, or goes in the wrong direction | 01:53 |
kilobyte | only GNOME has switched, and that's a lost cause usability-wise | 01:53 |
kilobyte | going in the wrong direction is a concern, yeah | 01:53 |
kilobyte | CSD being the biggest offender at the moment. It ignores decades of UI research just to make some "app" (as opposed to program) developers happy | 01:55 |
agris | that's a HUGE concern of mine as well | 01:56 |
kilobyte | an "app" is there to bolster some "UX designer"'s ego, build "brand awareness" -- while a program is to obey user's wishes and optimize for common workflows, which the program's author can't fully know beforehand | 01:57 |
kilobyte | that "don't theme our apps" campaign from GNOME folks, or "Material Design". There are some interesting research papers about that. | 01:58 |
kilobyte | poorly-marked buttons/etc (the big name is "lacking strong signifiers") make the user take a much longer to do a given task, looking at the interface that much longer vs if the program obeyed some reasonable design | 02:00 |
kilobyte | same for title bar that places maximize/close/etc buttons in random places | 02:00 |
fsmithred | it's a plot to get old people off the computer | 02:01 |
agris | I think it's a side effect of lowering the bar due to the massive need and lack of skilled programmers | 02:02 |
kilobyte | the real plot here is to have the user stick with the app ("user engagement") for as long as possible | 02:02 |
agris | where web developers are put into program development roles | 02:02 |
kilobyte | yeah | 02:02 |
agris | and where people who only ever worked with/developed for windows are suddenly told they need to program for UNIX too | 02:03 |
kilobyte | that's why they're fighting so hard against streamlined, consistent interfaces | 02:03 |
agris | without learning the completely different set of skills and style UNIX programming requires | 02:03 |
agris | I'm reading this https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html and I feel thoroughly disappointed and let down | 02:05 |
agris | It concerns me if this is going to present much additional baggage for the development of devuan. Especially with them now completely removing all sysvinit leftovers | 02:06 |
agris | and how a lot of the Debian documentation is now being replaced with systemd specific documentation | 02:07 |
agris | >Hidepid mount option for procfs unsupported because systemd doesn't support it | 02:10 |
agris | are you kidding me | 02:11 |
agris | network interface names no longer supported by systemd or udev so now you have to use the wlp2324u280ry2389fh34 names | 02:12 |
kilobyte | yes, both of these are worthy talking points | 02:12 |
kilobyte | easiest way to get _predictable_ interface names is appending net.ifnames=0 to kernel's cmdline | 02:14 |
kilobyte | there's a concern about possible reorders, but those are mostly theoretical: not a single x86 machine I own or admin has only a single ethernet interface, yet grepping through logs I did not notice even a single reorder (as opposed to disks which get reordered a good part of the time) | 02:15 |
kilobyte | "consumer" laptops or desktops have a single ethernet interface, while servers have (or are supposed to have) a competent admin, so you give interfaces meaningful names like lan0 or out0 anywa | 02:16 |
agris | ok | 02:18 |
Centurion_Dan | agris: Devuan uses eudev, and we have maintained the old network device naming schemes by default. So you need not worry about that issue. | 02:18 |
agris | How close to Debian's base install do we need to make Devuan? | 02:18 |
agris | Can we make some improvements? | 02:18 |
plasma41 | kilobyte: I have 4 ethernet interfaces on my computer and interface name assignments are a race condition every boot. I have a panel widget that displays traffic load on a given interface. I have to change the interface it's tracking about half the time I boot. | 02:19 |
agris | Like for a local mailer daemon instead of using Postfix can we use OpenSMTPd? | 02:19 |
kilobyte | plasma41: USB? | 02:19 |
agris | and using sysklogd instead of rsyslog or syslog-ng by default | 02:19 |
plasma41 | Onboard | 02:19 |
Centurion_Dan | We have tried to keep changes from debian at the minimum required with some exceptions that avoid specific poetteringisations that have leaked into debian. | 02:19 |
plasma41 | I'm using an old server board | 02:20 |
fsmithred | plasma41, boot with net.ifnames=1 | 02:20 |
agris | also, do we /have/ tp ship pulseaudio and avahi in the default install | 02:20 |
Centurion_Dan | fsmithred: we shouldn' | 02:20 |
Centurion_Dan | shoudln ' | 02:20 |
agris | those are usually some of the first things I uninstall and replace | 02:20 |
fsmithred | Centurion_Dan, it would solve his problem | 02:21 |
plasma41 | fsmithred: do I specify that in grub? | 02:21 |
fsmithred | yeah, and you'll get the enps... names | 02:21 |
Centurion_Dan | fsmithred: how? it should be stable with the old names because it should be saving them after first seeing them. | 02:22 |
fsmithred | plasma41 said his names change every boot | 02:22 |
plasma41 | Is there any way to manually bind the eth0 through eth3 names to the individual hardware interfaces? | 02:22 |
fsmithred | udev rules | 02:23 |
plasma41 | Alias, basically | 02:23 |
Centurion_Dan | that said I install ifrename and setup iftab to define special use related interface names bound by the mac addresses. | 02:23 |
Centurion_Dan | plasma41: install ifrename | 02:23 |
Centurion_Dan | and create an /etc/iftab with the name to mac mapping.... but don't use ethX names... | 02:24 |
agris | plasma41, with eudev you can actually specify static interface names per mac-address | 02:24 |
agris | for example in my system I have the following: /etc/udev/rules.d/70-net-name-use-custom.rules | 02:25 |
plasma41 | Why not use ethX? Can I not manually bind to those names? | 02:25 |
kilobyte | plasma41: I no longer work as a sysadmin thus the list is short, but: box 1: 2× "Intel Corporation I211 Gigabit Network Connection" (onboard) + 2× iwlwifi (onboard), box 2: 2× "Intel Corporation I210 Gigabit Network Connection" (onboard), box 3: dual "Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller" (PCIe) + ancient RTL8169 (PCI) for WoL only + an USB | 02:25 |
agris | SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="b8:97:5a:XX:XX:XX", NAME="eth0" | 02:25 |
kilobyte | dongle; box 4: onboard + USB dongle | 02:25 |
agris | add that line in and change the mac address to reflect the interface for every interface you need static | 02:26 |
kilobyte | Centurion_Dan: not using ethX deserves a big paragraph in in-your-face documentation | 02:26 |
kilobyte | box 5, 6 (hosted): something dual, etc | 02:26 |
agris | I have 3 ethernet interface on the box i'm on right now | 02:27 |
xrogaan | pulseaudio is a godsend. I really do not want to deal with audio issues as I did 10 years ago. | 02:30 |
Centurion_Dan | plasma41: I've had problems binding ethX names in the past if they've already been bound to other interfaces. It may work but I've not tested lately and instead use more descriptive names like lanX wanX dmzX etc | 02:30 |
kilobyte | xrogaan: yes, the usual fix for audio issues is "apt purge pulseaudio" :) | 02:31 |
agris | kilobyte, so many times headphones were ruined and ears were ringed because of pulseaudio | 02:33 |
agris | even on Devuan ASCII | 02:33 |
agris | Didn't realize pulseaudio was installed until that happened again | 02:33 |
agris | >plug in headphones. somehow audio magically turned itself to 200% on the headphone port | 02:34 |
agris | >start music synth, unable to initialize audio backend | 02:34 |
palinuro | is there any way to make pulseaudio work on devuan? or to make pulseaudio-addicted applications work properly? | 02:34 |
kilobyte | it works well on my current desktop; on three of my previous hardware it was a crapshot with on-board hardware | 02:34 |
xrogaan | sounds like user error to me. | 02:35 |
kilobyte | palinuro: perhaps you hit the autospawn error? The version is buster is sabotaged to work around a systemd bug. | 02:35 |
agris | I know this is not likely to ever happen, but it would be nice if we could replace ALSA and pulseadio with SNDIO http://www.sndio.org/ | 02:36 |
palinuro | wtf | 02:36 |
kilobyte | palinuro: https://bugs.debian.org/923203 | 02:36 |
agris | You can find patches to port to sndio already in the OpenBSD ports tree | 02:36 |
xrogaan | you guys make great suggestions for the next april fool joke. | 02:38 |
palinuro | kilobyte do you want me to work on it? i have never played with pulseaudio before | 02:38 |
plasma41 | agris: Disable flat volumes in pulseaudio https://www.reddit.com/r/linux/comments/2rjiaa/horrible_decisions_flat_volumes_in_pulseaudio_a/ | 02:38 |
agris | Is that why pulseaudio does that? because Windows does that? | 02:39 |
plasma41 | :-/ Maybe? | 02:39 |
kilobyte | palinuro: just delete the file in /etc/pulse/client.conf.d/ (forgot the name) -- its only contents is disabing autospawn in favour of systemd user session | 02:39 |
kilobyte | palinuro: (if this is the bug I'm thinking of, you may suffer from something else) | 02:40 |
agris | or I could just apt purge pulseaudio, and not have a single audio problem in the future like I already did | 02:41 |
palinuro | doesn't pulseaudio depend on libsystemd0, udevsomething and other systemd dependencies? i see they are in the Depends field, not the Recommends field | 02:41 |
palinuro | how does it affect devuan if the package doesn't seem to be installable at all? | 02:42 |
agris | none of my machines have pulseaudio on them at all, and only 1 application had problems. A proprietary game called Duskers | 02:42 |
Centurion_Dan | agris, we shall work to make the installation of pulseaudio opt in rather then opt out for beowulf. | 02:42 |
kilobyte | Centurion_Dan: too much work mucking with Firefox and the like | 02:42 |
plasma41 | agris: Purging pulseaudio is, of course, a perfectly valid option. | 02:43 |
agris | and you can still build firefox & clones with ac_add_options --enable-alsa | 02:43 |
fsmithred | choice is good | 02:43 |
fsmithred | ff-esr works with alsa | 02:43 |
kilobyte | Centurion_Dan: and for a lazy or dumb user, putting some sound to speakers while others go to headphones is nice via pulseaudio | 02:43 |
Centurion_Dan | firefox currently works without pulseaudio - as debian had been persuaded to build it with --enable-alsa | 02:43 |
Centurion_Dan | oops, ff esr that is. | 02:44 |
kilobyte | (the bare alsa way requires editing a conf file or per-program cmdline args) | 02:44 |
xrogaan | The only issue I ever had with pulseaudio, of recent memory, is the order in which it loads my sound cards. Which got fixed by manually writing down the default card it should use. | 02:46 |
xrogaan | set-default-sink somethingsomething_alsa_output | 02:46 |
xrogaan | I had none of the issues listed earlier in this channel. I don't even have a /etc/pulse/client.conf.d/ | 02:47 |
kilobyte | the default should be fit for the dumb user, as the likes of us know where to change them. Thus, pulseaudio is greatly preferred even if it has bugs and downsides. | 02:47 |
palinuro | <fsmithred "ff-esr works with alsa"> ESR 50 series or the new 60 one? | 02:47 |
agris | kilobyte, that's not actually true. ALSA-mixer as a setting called automute, where when you plug in headphones the main speakers go on mute until you unplug them | 02:47 |
agris | no user-interaction required for that | 02:47 |
Centurion_Dan | palinuro ff-esr 60.72 supports alsa | 02:48 |
palinuro | and the latest non-esr version? | 02:48 |
kilobyte | agris: I want to use both at the same time | 02:48 |
palinuro | does it have a build flag for alsa? | 02:49 |
agris | what? | 02:49 |
xrogaan | well, gee, if firefox supports it then we're all safe! | 02:49 |
kilobyte | agris: I mean, I don't actually play sound on both, but my headphones are permanently plugged in, and I wear them when doing particular tasks (speakers being mostly for music, notifications and so on) | 02:49 |
kilobyte | s/play sound on/play sound simultaneously on/ | 02:50 |
agris | kilobyte, https://0x0.st/zLeK.png | 02:51 |
Centurion_Dan | palinuro: that is the latest version in beowulf too.. | 02:52 |
agris | another issue is if you've ever done audio production work on linux | 02:52 |
agris | or used a midi keyboard | 02:53 |
agris | the first thing you have to do before doing ANY professional audio work on Linux is uninstall pulseaudio | 02:53 |
agris | you have horrible latency issues, lock contention issues with jackaudio, midi mapping, | 02:53 |
xrogaan | Yeah, what about everybody else? | 02:54 |
agris | even if your not going to use alsa and use something like JackAudio you need to uninstall pulse because pulse will fight jack for lock of the sound card | 02:54 |
Centurion_Dan | agris: agreed... pulseaudio is a toy sound daemon that needs to be evicted before doing professional audio work. | 02:54 |
agris | the ONLY thing it has over ALSA for consumer use is a built-in per-application mixer. But It's a horrible implementation of it and you can live without it | 02:55 |
agris | otherwise applications need their own volume control | 02:55 |
agris | and the reason we aren't doing jack by default for general usage in the linux work is ONLY because some applications don't implement it correctly and copypasta pulseadio code for jack code | 02:56 |
agris | which leads to buffer problems | 02:56 |
agris | like in Mumble VoIP | 02:56 |
agris | or firefox | 02:56 |
agris | not a limitation in jack | 02:57 |
fsmithred | Was gnupg always Priority: optional, or is that new in Buster? | 02:57 |
xrogaan | Because supporting 30 sound API is a ridiculous prospect and devs are fine with just one or two. | 02:57 |
agris | xrogaan, you know what was ridiculous? dropping OSS from the kernel way back for licensing issues | 02:58 |
agris | that worked | 02:58 |
agris | and FreeBSD still uses it | 02:58 |
agris | also piping to /dev/dsp worked | 02:58 |
agris | like back in Linux 2.6 days | 02:58 |
kilobyte | fsmithred: you don't need gnupg anymore on most installs | 02:59 |
fsmithred | well, I needed it to get the devuan-keyring | 02:59 |
fsmithred | trying buster to beowulf migration | 02:59 |
agris | audio on linux is a dilemma | 03:00 |
xrogaan | agris: back in those days I sometimes couldn't play 2 audio at the same time. And sometimes the audio wouldn't work because of, well I don't know. I don't want to go back to figure out « what went wrong with the audio *this time*. » | 03:00 |
agris | it really surprises me audio is still an issue in linux after all these years | 03:01 |
agris | the only people that seems to have fixed it is OpenBSD | 03:01 |
agris | I can't remember a single time I had an audio problem on that OS | 03:01 |
agris | Windows isn't innocent here either | 03:02 |
agris | if your doing audio work on WIndows you have to replace windows sound api with ASIO | 03:02 |
xrogaan | I don't really care. | 03:02 |
fsmithred | Migration of Buster (standard system utils only) to Beowulf was easy except for the part where I installed sysvinit-core and elogind in debian and rebooted to no inittab. | 03:03 |
agris | you have to be careful with that. systemd deprecated inittab for systemd-something | 03:06 |
plasma41 | agris: Wat? | 03:06 |
agris | I remember when I was programming a kiosk for a company, and was trying to start a web browser and x on one of the TTYs | 03:06 |
agris | plasma41, systemd does it's own thing rather then defining a getty in /etc/inittab | 03:07 |
plasma41 | *facepalm* | 03:08 |
agris | I don't remember what. I stopped basing the kiosk around debian after I encountered that issue after also fighting with systemd replacing automount | 03:08 |
agris | and x-system-automount not being reliable | 03:08 |
agris | for network shares | 03:08 |
agris | there was a huge debacle about "not being able to debug the system back into a sane state over the last remaining serial port" when they removed inittab | 03:10 |
fsmithred | OK, I didn't do 'apt autoremove' after installing sysvinit-core and elogind the first time. Second attempt I did that and rebooted to sysvinit no problem. | 03:12 |
fsmithred | I won't get to doing this with a DE tonight. | 03:13 |
agris | https://forums.opensuse.org/showthread.php/475468-In-search-for-a-inittab-entry-replacement-for-systemd | 03:18 |
agris | https://bugzilla.redhat.com/show_bug.cgi?id=817186 | 03:18 |
fsmithred | oh, I just needed to complete the install of the necessary packages. | 03:23 |
gnu_srs | Hello again: Need help to get Beowulf released? which packages are not Devuanized yet? | 09:04 |
gnu_srs | Since Debian has released Buster, their packages will not change much for some time (except for security issues) | 09:04 |
Centurion_Dan | hi gnu_srs! | 09:22 |
LeePen | Centurion_Dan: Hi! Any chance you can move slim-1.3.6-5.1+devuan4 in | 10:38 |
LeePen | ceres to beowulf? | 10:38 |
Centurion_Dan | oh, that didn't happen? | 10:39 |
Centurion_Dan | will take a look... | 10:39 |
LeePen | Not AFACS on pkginfo. Thanks | 10:39 |
Centurion_Dan | ok. pushed to beowulf and building now. keep an eye on #devuan-ci | 10:45 |
Centurion_Dan | LeePen, build failed .... missing dep libck-connector-dev - aka consolekit2 hasn't been built for beowulf... | 10:57 |
LeePen | Centurion_Dan: Thanks. I see you are building consolekit2 now. | 11:01 |
jaromil | palinuro: what is your assessment of the new d-i ? | 14:37 |
jaromil | should we try to spin a build? | 14:37 |
jaromil | palinuro: for grub2 to build please create a branch suites/beowulf-proposed | 14:50 |
palinuro | i have an exam tomorrow (databases), but i would like to start working on d-i within this week | 16:38 |
palinuro | <jaromil "palinuro: for grub2 to build ple"> doing it right now | 16:38 |
palinuro | grub2 branched and mirror-pushed | 16:39 |
palinuro | https://git.devuan.org/palinuro/grub2/tree/suites/beowulf-proposed | 16:40 |
palinuro | last question before i go: does devuan tightly follow the debian development? do we have any chance to backport some additional software from testing not backported by debian? | 16:45 |
palinuro | i mean, do we have enough freedom in such kind of decisions? | 16:45 |
Evilham | yup, if it makes sense, yes | 16:46 |
Evilham | ideally it should stay close to debian | 16:46 |
Evilham | but that's just my opinion :-) | 16:46 |
Evilham | but that "stay close to debian" is not an end-goal itself, just something beneficial for everyone | 16:47 |
palinuro | just to make an exapmle | 16:49 |
palinuro | debian stretch has never tried to backport docker.io to stretch-backports even if it was a very easy task to do without any change to both stretch or docker | 16:49 |
jaromil | the main goal of forking is to keep devuan systemd free | 17:04 |
jaromil | i am wary of any other change to occur on devuan | 17:05 |
jaromil | rather would recommend doing a derivative | 17:05 |
jaromil | esp. for software that is directly provided by third-parties and works, why add a burden of maintaining a package to the base system? docker.io has packages they distribute on their own and work great on beowulf | 17:43 |
Centurion_Dan | palinuro, I agree generally with jaromil. Although I would say that on a case by case basis we might consider adding packages if there was a utility value to Devuan, and there was a commitment by the proposer to maintain the package throughout a release cycle. | 22:03 |
Centurion_Dan | ... at least. And by maintain, that means track the upstream for security issues and ensure any critical security issues are attended too. | 22:04 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!