freenode/#devuan/ Sunday, 2018-12-02

neplevitanyays my update somehow worked :D00:35
golinuxCongrats!00:38
neplevitanon a side note, steamos is suprisingly bad to play steam games on :300:38
neplevitanatleast compared to "normal" distros00:38
golinuxneplevitan: I wouldn't know.  I play solitaire.  :D00:46
neplevitanto each their own :)00:49
* man_in_shack dances01:53
man_in_shackjust finished transferring my devuan / from a pair of sata ssds in raid0 to an nvme01:55
man_in_shackfun fun01:55
lysoftdevuan is dope11:31
lysofthad a little trouble tonight installing gnome3, gdm wasn't working right, but just set default back to slim and everythings going fine11:32
lysoftnot a big deal, most devuan users i'm sure are more into light wm's but i got bored --- gnome is very pretty11:51
icecathi15:56
icecatcan you add icecat in repo15:56
icecathttps://fr.wikipedia.org/wiki/GNU_IceCat15:56
buZzits inside as iceweasel15:58
buZzsure, run15:59
buZz:)15:59
debdogpardon he's french16:00
devoid_is iceweasel really icecat16:09
devoid_i thought it was just ff without branding16:09
gnarfaceit's firefox with free branding16:11
MinceRi thought they were two separate free-branded failfox versions16:11
MinceRone by debian and one by GNU16:11
gnarfacehmm16:15
gnarfaceyes16:15
gnarfacetechnically the firefox branding is non-free though16:15
gnarfacebut debian did get permission back to use it16:15
gnarfacei thought they deprecated iceweasel then after that but it may still be in the repo...16:15
booyahI wonder how hard really would it be to create a web browser16:18
booyahIs security and privacy focused.  Has no CoC.16:18
booyahjust that that mostly-correctly renders pages16:19
booyaheven JS and htmlcanvas and that crap, could be not implemented for start16:19
MinceRdepends on what you want it to do16:19
booyah^16:19
MinceRif you settle for something simple like links2 or dillo, it can't be too difficult16:19
MinceRbut if you want full "standards" compliance including pixel-perfect css and js, you're in hell16:19
MinceRand the result will suck almost as much as all the ithers16:20
golinuxlysoft: How did you get gnome running on devuan?  Are you sure it didn't pull in systemd?16:22
KatolaZbooyah: create a new web browser from scratch?16:32
KatolaZ:D16:32
ChristobelHello all, is #devuan-arm avail?18:46
ChristobelTrying to join to no avail18:46
ChristobelI have a question about the Raspberry Pi Zero W, does anyone know how to make wifi work? :)18:48
ChristobelRunning ASCII18:48
unixman_homeChristobel, I was able to join just now. I'm not an ARM user though.18:48
tomekdevWhat's your WiFi card ?18:50
Christobelthanks unixman_home, I'll check again in a second.18:50
Christobeltomekdev: it's a Broadcom based chip18:54
tomekdevBuilt-in ?18:54
Christobeltomekdev: yep18:56
Christobelunixman_home: I've finished freenode registration and I can now join #devuan-arm18:56
unixman_homeAh, okay.18:56
tomekdevDoes it show up when you enter command "ifconfig -a" ?18:57
tomekdevSomething like "wlan0" or "wlpXXX"18:57
tomekdevOr better does "iwconfig" show something ?18:59
Christobeltomekdev, iwconfig, ip link show, ifconfig -a show nothing18:59
muepit might need an RPi specific kernel, and at least it requires some firmware that debian does not ship18:59
Christobelmuep: Yep, I've grabbed FW from Debian and installed18:59
tomekdevDoes dmesg suggest something ?18:59
muepraspbian has the wifi working out of the box, so could have that on another SD card and compare19:00
Christobelmuep/tomekdev: dmesg |grep firmware reports Direct firmware load for brcm/brcmfmac43430-sdio.txt failed with error -219:00
ChristobelI installed firmware-brcm80211_20161130-4_all.deb19:01
muepfor older firmware, it seemed like there would be a need to get that txt file separately19:02
muepI remember doing that with older Fedora releases19:02
Christobelokie, I'll look into19:02
Christobel/lib/firmware/brcm/brcmfmac43430.txt doesn't exist, so that could be an issue lol19:04
muepit was the same with fedora as well. that exact file had to be installed separately19:04
tomekdevI've just wanted to write about error -2, which means "no such file or directory"19:05
ChristobelI've found a copy https://github.com/armbian/firmware/blob/master/brcm/brcmfmac43430a0-sdio.txt19:05
Christobeljust halting the Pi and am gonna dump it on there :)19:05
tomekdevDoes anybody know how to fix undetected keys in xfce ?19:07
tomekdevEspecially combinations Fn+F9 and Fn+F1019:07
tomekdevI want to control brightness but XFCE does not register when I press them19:08
tomekdevIn dmesg there are strange errors near GPU driver initializtion19:09
tomekdevI'll post them in a while19:09
* Christobel reboots *prays*19:09
tomekdevI have Devuan 2.0.0 installed on my HP EliteBook 6930p19:10
Christobelnada, same error19:10
tomekdevhttps://pastebin.com/ZEaduTsb19:11
Christobelooh progress19:12
tomekdevIs path correct ?19:12
ChristobelI have wlan0 now :) now to work out why wpa_supplicant isn't working!19:13
tomekdevDo you have wpa_supplicant.conf ?19:14
tomekdevOr create your own and run wpa_supplicant -D wext -i wlan0 -c YOUR_CONF19:15
tomekdevYou can also add option -B so it will run in background19:15
Christobeliwlist scan wlan0 shows nothing though :(19:17
tomekdevI don't know if iwlist automatically puts up interface19:19
booyahKatolaZ: yes19:19
tomekdevChristobel: maybe run ip link set wlan0 up before iwlist19:20
ChristobelI'm just doing some cat stuff tomekdev - brb19:20
Christobeltomekdev: just ran those two commands and still the same19:21
tomekdevIn dmesg nothing new ?19:21
Christobeltomekdev: Cat stuff done, just gonna boot it back up19:29
ChristobelSad thing is, I've actually ordered an OTG ethernet adapter - it just hasn't arrived yet, my USB3 gigabit adaptor draws too much current19:30
tomekdevYou can connect that adapter to external hub with it's own power supply19:32
Christobeltomekdev: I don't have a powered USB hub lol19:32
Christobeltomekdev: from dmesg, I can see the usbcore has registered a new interface driver brcmfmac19:34
tomekdevbrcmfmac shows something interesting ?19:34
Christobeltomekdev: this looks interesting, might have the solution here: https://dev1galaxy.org/viewtopic.php?id=222819:35
Christobelgonna attempt grabbing those files from post 119:36
tomekdevChristobel: Good idea19:37
ChristobelDoin wifi like it's 199919:37
tomekdevAnd I'll try to fix ACPI errors in my Devuan :/19:37
* Christobel prays - firmware and descriptor replaced, I can see the files are larger thus newer, let's see if this fixes it :)19:44
ChristobelNope, broken even more haha19:45
ChristobelI can see the device registered itself but we have a new error now, brcmfmac: brcmf_sdio_htclk: HT Avail timeout (1000000): clkctl 0x5019:51
tomekdevHmmm... And this leads to no networks found ?20:04
Christobeltomekdev: indeed, I'm gonna put back the binary from before20:10
Christobeland play with different .txt configs and see if one of them brings it to life20:11
tomekdevChristobel: Did you try files from https://www.raspberrypi.org/forums/viewtopic.php?t=138629&start=25#p970239 ? It has some broken links but that files are here: https://github.com/RPi-Distro/firmware-nonfree/tree/master/brcm20:18
Christobeltomekdev: yep - I have, I believe they are the files I'm using right now20:19
ChristobelUnless they've gone and made their binaries systemd required ;)20:20
tomekdevStill no luck ?20:20
ChristobelI'm doing about 3 things at once at the moment - I have another question, apt-transport-https - is this still a thing on devuan? I can see it on the debian repos but not devuan20:20
tomekdevI always thought that packages in Devuan-only repos are these that required modifications to be freed of systemd. The rest is taken from Debian repos20:25
Christobelinteresting, I'll have to see what the dependencies for apt-transport-https are20:26
Christobeland thank you tomekdev, I'm still fiddling with wifi too :)20:26
DocScrutinizer05tomekdev: Christobel: original OTG drivers explicitly blacklist any USB hubs20:30
DocScrutinizer05you rather use a Y-cable or a powered USB ethernet adapter20:31
tomekdevNah, it' s probably common on ARM architectures. I experienced the same when I was trying to get my tablet running Debian 7 2 years ago ;-P20:31
tomekdevAnother question, how to deal with ACPI region conflicts ?20:33
tomekdevThey cause that hotkeys on my laptop under linux do not work20:34
tomekdevUnder Devuan Ascii20:34
DocScrutinizer05I'm talking about >>my USB3 gigabit adaptor draws too much current<< - and before you ask: yes, it's perfectly safe to connect two power supplies (here: OTG host and e,g, a wallwart USB charger) to same power rail, e.g. by using a Y-cable20:35
tomekdevOk, got it.20:35
tomekdevI'm wondering how to fix problem with hotkeys on my laptop under Ascii. On Jessie they worked perfectly20:36
ChristobelDocScrutinizer05: The PiZeroW is running off a 2.1A belkin adapter, I have an unpowered hub I tried connecting to USB OTG port and connected keyboard/USB3 gige ethernet20:40
ChristobelDocScrutinizer05: The Pi wasn't happy and was constantly disconnecting the keyboard/ethernet, I couldn't use the keyboard under this scenario20:41
ChristobelDocScrutinizer05: I have a USB2 OTG hub/ethernet combo on order20:41
muepthe rpi zero usb can also work as an ethernet usb device20:45
Christobelindeed, it can20:45
muepso you can connect it to your workstation using an ordinary microusb cable, providing both power and connectivity on one cable20:45
Christobelbut I then have to do a bridged network and iptables route everything over the usb interface from a host machine20:45
ChristobelI think to be honest, I'm just having a coffee, I'm gonna fiddle more with the brcmfmac drivers for a bit, if I can't resolve it I'll just wait for my ethernet adapter to arrive20:47
ChristobelInteresting with the apt-transport-https, I can't see any dependencies that require systemd20:48
Christobelhttps://packages.debian.org/stretch/apt-transport-https20:48
tomekdevAnd probably that's why it isn't on Devuan repo servers20:49
tomekdevI think20:49
ChristobelI dont wanna sound arrogant, but it should perhaps be a priority! Depending on unencrypted http which could be MITM'd so easily for all the systems packages is clearly unsafe.20:51
ChristobelI'm just gonna grab the .deb and see what it does (this isn't on the pi, it's on another boxen)20:51
tomekdevThere is some level of security in repos. Each of the files have 3 checksums20:53
Christobelbut if you can take over the http stream entirely?20:54
muepthe repository metadata is signed20:54
muepor actually I am not fully sure of the repository metadata, but at least the packages themselves are signed20:55
ChristobelI'm gonna attempt the install, I use the package on all my debian'ish boxes20:56
tomekdevUsually we get the repo pubkey first usually with wget and usually rather over https20:56
tomekdevThen download metadata and compare signatures20:57
tomekdevAnd finally each downloaded file from server has checked checksums20:57
tomekdevI think this way it works20:58
ChristobelI have just installed apt-transport-https deb, it installed no problems, updated sources.list to use https and it works so I'm happy, just weird that package isn't in the main repos20:59
tomekdevI think when you type "dpkg -l" you'll see that some of the packages have versions with "+deb" and so on.21:01
tomekdevThis means that Devuan uses it's own repo and Debian's21:01
barnseyHi All, have been trying to ge the ascii raspi2 image working. gnarface suggested I check out the config.txt filr in the boot partition.  I managed to get the pi to dispay some pg the kernel startup messages, but it seems to stop long before the OS has finnished booting.21:01
tomekdevSo I think that package is in main repos21:01
tomekdevHi barnsey, what are the last messages ?21:02
barnseytomekdev: hmm, will have to get back to you on that.21:04
DocScrutinizer05Christobel: OTG specs define a 100mA for VBUS21:07
DocScrutinizer05Christobel: >>which could be MITM'd so easily for all the systems packages<< AFAIK apt has its own checksummimng, no need to secure transport21:08
ChristobelDocScrutinizer05: Why does every other Debian'ish system I use have it then? Mint/Kali/Debian/Raspbian/etc21:10
DocScrutinizer05each package has a checksum listed in a file that itself is signed by a PKI key21:10
DocScrutinizer05iirc21:10
DocScrutinizer05poper security doesn't consist of indiscrimiantely trowing all switches to "maximum encryption", you need to understand the complete system and how it ensures uncompromised operation21:12
ChristobelDocScrutinizer05: https://nwrickert.wordpress.com/2011/03/23/pki-is-broken/ - https://www.informationweek.com/software/information-management/yes-trust-in-the-pki-is-broken/d/d-id/107519021:13
DocScrutinizer05I'm not interested in studying this in depth21:14
ChristobelDocScrutinizer05: Also, why give the 3 letter agencies cleartext on what packages you are using? They likely have selectors which make you more susceptible to being spied on, ie, you download a shitload of wifi hacking tools over cleartext, some governments would see that as a reason to monitor you21:14
Leanderthe PKI they are discussing is actually the one used for HTTPS, which is kind of ironic since you ask for it :)21:15
DocScrutinizer05why do you ask me such questions? I mnever said anything like that21:15
muepChristobel: I'd guess the mirror network is not available over https as well as over http21:15
muepI am not sure if that is actually the case but if it is, http is a sensible default21:16
Leanderthe PKI that Debian/Devuan and others use is not the same21:16
DocScrutinizer05I just say >>Depending on unencrypted http which could be MITM'd so easily for all the systems packages is clearly unsafe<< is a misleading and incorrect claim21:16
muepit does leak information on what you are installing, but it does have any easy way for someone doing MITM to hand you arbitrary malicious packages21:17
Leander^21:18
DocScrutinizer05on a sidenote: even with HTTPS encryption, you can usually tell pretty precisely what's been downloaded, by simply looking at the exact size of data downloaded. If you want to avoid any possibility of TLAs profiling you and same time do a favor to community, then run a apt mirror and download all, provide alternative mirror location to others21:27
DocScrutinizer05also21:30
DocScrutinizer05!amprolla21:30
infobotnextime gave an excellent explanation how amprolla works, at https://botbot.me/freenode/devuan/2016-05-07/?msg=65646427&page=4, or https://git.devuan.org/devuan-infrastructure/amprolla, or https://git.devuan.org/devuan-infrastructure/amprolla321:30
* DocScrutinizer05 can see how that might introduce issues with HTTPS21:30
* furrywolf pets RoamingFox, then tries stuffing a RoamingFox into ##furry21:30
golinux<muep> Christobel: I'd guess the mirror network is not available over https as well as over http21:32
golinuxYes.  This is the case21:33
golinuxafaik21:33
golinuxI think you can use https if you choose a particular mirror.21:35
golinuxhttp://pkgmaster.devuan.org/mirror_list.txt21:35
DocScrutinizer05Leander: >>...which is kind of ironic since you ask for it<< hehe indeed21:42
DocScrutinizer05also 2011/03/23 W*T*F?21:43
DocScrutinizer05the other is 12/30/2008 01:47 PM !!!21:44
DocScrutinizer05I don't think those help furthering Christobel's point ;-D21:46
Leanderwell, the first one does because it's a problem inherent to the PKI we use for public X509 certificates, we need to trust the whole chain and are at risk of a rogue certificate authority21:47
Leanderthe second one, on the other hand, is about how MD5 was already broken back in 2008, it's a technicality21:48
Christobelhttps://packages.roundr.devuan.org/ has a valid LetsEncrypt SSL cert.22:03
ChristobelTLS 1.2 apparently from my end22:05
ChristobelDocScrutinizer05: Indeed, I guess it is even with HTTPS possible to model the traffic to obtain some match on what is possibly being grabbed, but sniping that down to a single particular package, is that possible? Mirroring? ;) I rarely have 2mbps with my internetz but it's a good message to push to those that have the capability to help22:10
muepI would not be surprised to find out that an intermediary could identify the exact packages you download22:11
ChristobelIs it still better than letting the 3-letters profile you though? They might not have exact capabilities to do so (they likely do though), but why make it easy for them to casually build more a dataset on your exact usage?22:12
muepwell if you think you specifically are in risk of such profiling, you can do some special setup to add https or whatever you think is reasonable22:13
muepbut my impression is that http has to be allowed in the default setup in order to have a reasonable mirror network22:14
tomekdevSet up TOR and automatic mirror redirecting :-P22:15
tomekdevYour ISP can easily track you, I think22:16
ChristobelWell theres been a global push to encrypt everything possible as quickly as possible by the EFF, that I believe is a sensible move for all of human kind to maintain their given right to anonymity, we already know they are profiling everything and everyone and using relational databases to profile everyone and their risk status.22:17
Christobeland and sorry, pretty tired22:17
Christobeltomekdev: I think that would put you more on their radar to be honest!22:18
Criggie<insert "encryptAllTheThings\!.gif">22:18
Christobel^_^22:18
tomekdevOoopsss! ;-D22:19
ChristobelSo sorry, if I've been seen as testing, was just something I'd not ran into before, having a read into Amprolla22:19
golinuxhttps://git.devuan.org/devuan-infrastructure/amprolla322:21
tomekdevgolinux: quite interesting22:25
DocScrutinizer05just as interesting as it was when infobot provided the link22:25
DocScrutinizer05maybe slightly less, on repetition22:26
DocScrutinizer05the bless of /ignore22:26
DocScrutinizer05the other two link infobot provided are better in my book though22:28
DocScrutinizer05botbot might be stale meanwhile22:28
DocScrutinizer05indeed, what a pita22:29
* Christobel is outta here! Thank you for the chat everyone, have a lovely remainder of weekend. || Wifi = 0 || Knowledge of APT = +122:32
DocScrutinizer05christobel gave a nice farewell, appreciated23:21
DocScrutinizer05netiquette; A+23:22

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!