| odb1 | i just have this fear of something being missed/forgotten and only noticing it near the end, forcing to restart...if you have any of that kind of experience/pitfalls to avoid to share.... | 00:02 |
|---|---|---|
| odb1 | also i might have to continue this project later as I currently only have 8gb ram in the intented device...was planning on buying 16gb ram, but I might not be able to purchase it in store this w-e as I'm told lenovo laptops are finicky about the ram they accept...even moreso if corebooted/librebooted | 00:06 |
| odb1 | bbl | 00:07 |
| fsmithred | <odb1> i just have this fear of something being missed/forgotten and only noticing it near the end, forcing to restart...if you have any of that kind of experience/pitfalls to avoid to share.... | 00:14 |
| fsmithred | nothing in particular except that I hate when that happens | 00:15 |
| fsmithred | and you don't need more than 8G ram. I have done it many times with 2G | 00:15 |
| odb1 | ah cool | 00:15 |
| odb1 | but still 12-14gb storage right? | 00:16 |
| fsmithred | you should have more than 2G to run the iso if you plan on opening a web browser | 00:16 |
| fsmithred | yeah | 00:16 |
| fsmithred | installed system is around 4G, give or take 1G or so | 00:16 |
| fsmithred | and you need that much again for a copy of the file system | 00:16 |
| fsmithred | plus room for the iso | 00:16 |
| fsmithred | wait, I'm confused | 00:17 |
| odb1 | -4+4+4 = 12gb? | 00:17 |
| fsmithred | which method are we talking about? | 00:18 |
| fsmithred | 12G virtual disk is enough to install the nodbus, update/upgrade and make a new iso (or two) | 00:18 |
| odb1 | live-sdk for heads...maybe for nodbus too if i use the blend folder you mentioned, no? | 00:18 |
| fsmithred | if we're talking about live-sdk, you probably need more space | 00:18 |
| odb1 | theres no refrsn...that takes far less | 00:19 |
| odb1 | oh crap | 00:19 |
| fsmithred | not sure. I've never run live-sdk in a vm | 00:19 |
| fsmithred | always did that on hardware | 00:20 |
| odb1 | actually scratch that...refrsn uses about 3 times the iso size i would say, no? | 00:20 |
| odb1 | so what about live-sdk...assume out of a vm? | 00:20 |
| fsmithred | refractasnapshot makes an rsync copy of the entire filesystem | 00:21 |
| fsmithred | then squashes it | 00:21 |
| fsmithred | and puts the squash inside an iso | 00:21 |
| fsmithred | so fs copy, squashfs and iso are all present at the same time | 00:21 |
| qbmonkey | does an error in aufs-dkms 686 get reported to devuan or debian? | 01:10 |
| qbmonkey | misconfigured package scripts | 01:14 |
| DocScrutinizer05 | >>[18 Jul 2020 21:57:22] <fsmithred> DocScrutinizer05, ^^^<< HMM? [18 Jul 2020 21:56:39] <mason> Not sure who runs it. [18 Jul 2020 21:50:09] <mason> Nitter is nice ... ??? | 01:48 |
| odb1 | hello DocScrutinizer05 ... | 01:48 |
| fsmithred | hi DocScrutinizer05 | 01:49 |
| DocScrutinizer05 | aaaah, the chanlog | 01:49 |
| fsmithred | the question was about https on the irc log site | 01:49 |
| DocScrutinizer05 | >><odb1> is there a reason why http://maemo.cloud-7.de/irclogs/freenode/_devuan/ not accessible with https?<< well, I'm simply too lazy and actually also no idea what for I would need a server cert and https for | 01:50 |
| fsmithred | so nobody could snoop on the publically accessible logs you're reading? | 01:51 |
| DocScrutinizer05 | all that stuff is absolutely public and I don't care encrypting it | 01:51 |
| DocScrutinizer05 | if you wanna do sekrit searches then too bad ;-) | 01:52 |
| fsmithred | tor browser | 01:52 |
| DocScrutinizer05 | or that | 01:52 |
| odb1 | certbot apparently is the quick way (i know of) to install letsencrypt... | 01:55 |
| DocScrutinizer05 | I know (and sort of hate) LE | 01:55 |
| odb1 | maybe its just assuming that mitm is too easy when no cert | 01:56 |
| odb1 | its less about secrets...more about am I actually reading the site, or some identically looking site, perhaps with malware | 01:56 |
| DocScrutinizer05 | what would you be aftaid of a MITM would do to the highly critical data you may read on my server? | 01:56 |
| DocScrutinizer05 | swap all devuan for debian? ;-P | 01:57 |
| DocScrutinizer05 | there is no ware, neither mal nor any other, on my server | 01:57 |
| DocScrutinizer05 | AND you don't even need damn KS for my server | 01:58 |
| DocScrutinizer05 | ;-) | 01:58 |
| DocScrutinizer05 | JS * | 01:58 |
| DocScrutinizer05 | when you're afraid of malware, I'm really pleased you think it's unlikely to find on my server but likely on a MITM attack | 02:00 |
| DocScrutinizer05 | well, I do NOT do automatic cert and script update from LE, so my server is prolly more safe against getting hijacked and malware infested than a lot of others ;-) | 02:01 |
| DocScrutinizer05 | I'm really not that convinced everybody and their dog on this planet downloading certs from one unique service automatically adds a lot of security in _any_ way | 02:03 |
| odb1 | KS? | 02:03 |
| odb1 | ah | 02:03 |
| odb1 | JS | 02:03 |
| fsmithred | kava script - read it and it puts you to sleep | 02:03 |
| odb1 | DocScrutinizer05, my spider senses once were firing about LE...i guess the browser whining when its not there but quiet when it is has pavlov'ed me | 02:05 |
| DocScrutinizer05 | btw LE clearly states that it's *only* about encryption and absolutely zilch about authentication | 02:08 |
| odb1 | i think you actually win, DocScrutinizer05 , maybe im safe from all except for whoever can secretly issue LE certs/parent certs | 02:09 |
| odb1 | and their allies... | 02:09 |
| odb1 | LE = Law Enforcement cert chain :) | 02:10 |
| Weeezy | I get this dialog box when I first log in, I'm on 2.1 that gives me an option to log back out or rename my session. | 02:14 |
| Weeezy | I don't know how to get rid of it, any ideas on this? | 02:15 |
| Weeezy | so I just rename the session to my regular login name and hit enter again | 02:15 |
| DocScrutinizer05 | your spider senses prolly were correct. LE waters down and erodes HTTPS by establishing an ubiquitous false sense of security, by exactly this Pavlov-ish conditioning | 02:16 |
| DocScrutinizer05 | and, unlike other certs, I can't pin down a LE cert reasonably to detect when a domain got hijacked, since even the true domain server has new certs every 8 weeks or so | 02:19 |
| systemdlete | I want to add some bareos packages from the bareos.org repo; I do not want to pick up devuan/debian's repos for this one effort. The two repos have DIFFERENT bareos-* packages. I don't know how to specify the pinning for this. Thanks. | 02:21 |
| systemdlete | the deb line for bareos is: | 02:21 |
| systemdlete | deb https://download.bareos.org/bareos/release/18.2/Debian_9.0 ./ | 02:22 |
| odb1 | but dont you need some private key/cert to get new ones every 8 weeks? At least its less likely some random 3rd party hacker is mitm or got your cert... | 02:22 |
| odb1 | sometimes I wonder if its not simpler just no longer trying to defend against large govt/large corps mitm/hacking/surveilling you, and just focus on avoiding random hackers/criminals/sec failures | 02:23 |
| odb1 | that seems more feasible | 02:23 |
| DocScrutinizer05 | no, literally everybody can install LE package on literally every server they got root access to | 02:23 |
| odb1 | yes, but exactly, just dont get your LE login/password/privatekey/whatever stolen and the system works...nothing is perfect | 02:24 |
| odb1 | but this is better than http:// everywhere | 02:24 |
| odb1 | like ebay and amazon were http for the longest time | 02:24 |
| DocScrutinizer05 | sorry, but LE does _not_ provide _any_ level of authentication assertion | 02:25 |
| odb1 | maybe its useful to avoid deanon using vpn/tor or something... | 02:26 |
| DocScrutinizer05 | and the fact that you, like so many others, seem to think it does is exactly what I hate with LE | 02:26 |
| odb1 | well how would regular certs do better...not ev certs where they ensure you control your business, but regular/cheap certs, where you just validate you control the domain name | 02:27 |
| DocScrutinizer05 | they do better in just one way: they were not that ubiquitous since they still took time and/or some bucks to get | 02:30 |
| DocScrutinizer05 | and they lasted a year, not 8 weeks | 02:30 |
| DocScrutinizer05 | so once you checked and accepted such a cert, you could pin it on your machine for that URL/domain and stay rather sure you're talking to the right authentic server for a year | 02:31 |
| odb1 | DocScrutinizer05, with all due respect...there are browser extensions (at least for the old firefox) that would verify certs on alternate dbs to see if others were seeing the same cert for the same hostname | 02:35 |
| odb1 | whether the cert last 1 full yr or 2 sec, whether you pin in or not, why wouldnt the cert end up in wrong hands or be reissued to wrong person if privatekey/id/email of rightful owner got stolen | 02:36 |
| odb1 | there is revoc list, but that can be activated during the 8 weeks as well of LE | 02:36 |
| odb1 | maybe LE can be improved...or forked if the governance for that project doesnt want to improve authentication | 02:37 |
| DocScrutinizer05 | odb1: that's zilch security improvement | 02:38 |
| odb1 | i mean it would be simple to ensure that the cert shipped is shipped to someone controlling a domain name, perhaps also to a email encrypted with a person's public gpg key. | 02:39 |
| odb1 | what would you add for authentication then? | 02:39 |
| odb1 | or for secu | 02:39 |
| DocScrutinizer05 | the same that been used for this very purpose since umphty years. See common public documentation about how certs work | 02:41 |
| DocScrutinizer05 | when even LE themselves clearly state they do encryption but NOT authentication, there's hardly a way you could establish authentication in this existing scheme by strong wishful thinking | 02:43 |
| DocScrutinizer05 | heck, not even a MITM attack gets _really_ defeated by LE | 02:44 |
| DocScrutinizer05 | LE is about using SSL encryption, NOT about authentication | 02:48 |
| DocScrutinizer05 | it's unfortunate that HTTPS implies both | 02:48 |
| MinceR | would a plain self-signed certificate not do that? | 02:48 |
| DocScrutinizer05 | yep | 02:48 |
| DocScrutinizer05 | and honestly I prefer a self signed cert over an LE cert | 02:49 |
| odb1 | how could one mitm and use an le cert looking like its legit from the site? | 02:51 |
| DocScrutinizer05 | basically what LE provides are "class self-signed" certs which do not trigger the usual warnings on your browser. But the don't yield any better higher authentication features than a selfsigned | 02:51 |
| * systemdlete has figured out a way around on he/him/his/hey you 's own | 02:51 | |
| systemdlete | Now I see, that in the last few minutes, there are updates to linux-headers-amd64 and linux-image-amd64, which are both meta-packages. Did this just happen? | 02:57 |
| systemdlete | Or did I have my repos messed up somehow, and these got overlooked? | 02:57 |
| fsmithred | last kernel and headers were in early june (in beowulf) | 03:01 |
| fsmithred | same for ascii | 03:02 |
| systemdlete | wonder why I didn't get them then. | 03:08 |
| systemdlete | I've done update/upgrades since then. Did one just a while ago, in fact. | 03:08 |
| systemdlete | ok, I just did an update on my host machine (the other was a VM). apt update | 03:25 |
| systemdlete | then I list the packages that are upgradeable: apt list upgradeable | 03:25 |
| systemdlete | but when I ls /boot, I don't see the *-4.9.0-13-* files, just 9, 11, and 12 | 03:26 |
| systemdlete | (it's ascii) | 03:26 |
| systemdlete | oh wait! | 03:27 |
| systemdlete | "48 packages can be upgraded. Run 'apt list --upgradeable' to see them. | 03:27 |
| systemdlete | it's --upgradeable, not upgradeable. Doh! | 03:27 |
| * systemdlete smacks himself | 03:27 | |
| odb1 | systemdlete, i rarely misstype because i always prefer pressing tab to complete to the right spelling... | 03:29 |
| odb1 | you can also just sudo apt upgrade and see whats about to upgrade before writing Y | 03:29 |
| systemdlete | odb1: In this case, though, it thought I was trying to list the package called "upgradeable" | 03:29 |
| systemdlete | nah, I'm going to get new eyeglasses. | 03:30 |
| systemdlete | and slow down and READ more. | 03:30 |
| systemdlete | I do this in every project. I don't want to become a pariah. | 03:30 |
| systemdlete | trouble is, with the lockdown and all, it may be hard to get in to an eye doctor | 03:31 |
| odb1 | to the guillotine! lol | 03:31 |
| systemdlete | and, besides, I'm afraid of going out these days | 03:31 |
| systemdlete | don't joke about guillotines... there is a movement on to bring them back! | 03:31 |
| systemdlete | (and I think some of them may be serious, too) | 03:31 |
| odb1 | fair enough... | 03:31 |
| golinux | Please take to #debianfork. You're off-topic. | 03:37 |
| DeeEff | Is there a any part of the devuan community that uses docker? I've run into a couple snafus with docker while trying to develop apps for my Pinephone with Ubuntu Touch, and I'm wondering if there's any kind of resources for that. | 03:42 |
| DeeEff | the first issue I ran into was not having an `/etc/machine-id`, which supposedly is created when systemd is installed. A lot of docker configs seem to rely on this, so that was annoying. | 03:43 |
| DeeEff | beyond that I've had a heck of a time ensuring nvidia / graphics passthrough work well | 03:44 |
| DeeEff | I end up with a lot of libGL errors in the container ☹️ | 03:44 |
| odb1 | ty DeeEff for avoiding me all those hassles myself | 03:45 |
| odb1 | didnt realize lacking machine-id could create so many issues...perhaps a constant id randomizer is better golinux ? | 03:46 |
| DeeEff | ¯\_(ツ)_/¯ honestly I didn't even know that machine-id was a thing | 03:47 |
| DeeEff | until it started mounting as a directory because lol docker | 03:47 |
| golinux | odb: Very long discussions about machine-id on the mail list: https://lists.dyne.org/lurker/search/20191125.181001.1bdff22f@ml:dng,machine-id.en.html | 03:52 |
| golinux | odb1: ^^^ | 03:52 |
| golinux | Sorry about that. Those posts might be useful to you. | 03:53 |
| golinux | One of the features of ascii 2.1 was a dbus patch to generate new dbus machine-id on boot. This behavior is configurable in /etc/default/dbus | 03:55 |
| odb1 | if this is the main/only thread on machine-id, I had already read some of it, the point though is DeeEff seems to say that m-id is missing...so i thought maybe it could randomly be reassigned after ever x minutes without requiring a reboot | 04:00 |
| odb1 | or maybe you have a specific post in ml addressing why this isnt possible | 04:01 |
| odb1 | or no one volunteered to implement..or | 04:01 |
| DeeEff | I think having a new machine-id each boot is fine. The problem is this machine-id is in /var/lib/dbus/machine-id, not /etc/machine-id | 04:02 |
| DeeEff | but now, rather than faking it with a single constant machine-id, I can symlink the two | 04:02 |
| DeeEff | that should probably help wherever machine-id is needed. | 04:02 |
| odb1 | if you've lived through reading that entire ml thread, is there a tldr (or specific reply) on why cycling machine-ids every x minutes without rebooting isnt feasible? | 04:10 |
| odb1 | or implemented | 04:10 |
| DeeEff | Sounds like it's feasible according to: https://lists.dyne.org/lurker/message/20190312.202658.d725f0af.en.html | 04:14 |
| DeeEff | From this it sounds like you could do this yourself | 04:14 |
| DeeEff | just punch in `head -c 4 /dev/random | md5sum | cut -d " " -f 1 > /etc/machine-id` into a cron.hourly and it should work? I suspect there's no need to make a daemon or any other service handle this either, but it seems like it would be okay (aside from you know, google chrome maybe thinking that you're on a different device all the time) | 04:15 |
| odb1 | DeeEff, that post only seems to show him overwriting machine-id once...and it made chromium stopped working | 04:19 |
| DeeEff | hmm that seems different from this message: https://lists.dyne.org/lurker/message/20190312.160305.cffca933.en.html | 04:22 |
| odb1 | yes...DeeEff that looks like a one-line in cli-now just to cron that and we have a rapid cycling machine-id | 04:27 |
| brocashelm | i see it was libpam-tmpdir that affected my problem from earlier. removed and works again | 04:29 |
| Weeezy | I've used ufw for a firewall on all my devuan installs, is there some other tool that may be better? | 16:28 |
| gnarface | shell scripts rule | 16:29 |
| Weeezy | is there such a tool that can be run that looks for vulnerabilities | 16:31 |
| gnarface | nmap | 16:32 |
| Weeezy | I've read some bits on it, i understood nmap to be something that is run from another machine to look for open ports, is that right? | 16:34 |
| gnarface | nmap will work from the inside too, but obviously you should test it from both sides to be scientific. here's a example firewall in a single shell script: https://paste.debian.net/1157026/ (i promise it doesn't have any vulnerabilities) | 16:35 |
| Weeezy | ok, awesome, I'll take a look at it. | 16:37 |
| Weeezy | a lot of the web pages I was seeing were directed towards people running servers and having to worry about all types of threats. | 16:37 |
| gnarface | well that firewall script i gave you basically refuses all inbound and applies basic acceleration to your own outbound connections, no ports are open, it should be suitable for desktops or laptops with the exception of a handful of games' multiplayer modes | 16:46 |
| gnarface | or like, file sharing | 16:47 |
| gnarface | it would sabotage peer to peer file sharing too | 16:47 |
| gnarface | if you aren't running a server, this task is very simple and doesn't require any fancy tools | 16:47 |
| gnarface | that's why you aren't finding any | 16:47 |
| gnarface | not that i use any fundamentally different method for my servers, their scripts just have a few more lines | 16:56 |
| gnarface | so maybe i'm the wrong person to ask | 16:56 |
| gnarface | i hear pfsense is good, but i think it's still not in debian | 16:56 |
| gnarface | alot of the good, better known ones are more commercially oriented, and aren't necessarily in any distro | 16:56 |
| Weeezy | this is meant to be run at startup I presume gnarface | 17:17 |
| Weeezy | I just got it activated, I'm chasing dogs and listening to cackling women the last half hour | 17:18 |
| Weeezy | sorry for my dumb questions, I see it's not a loop so it terminates | 17:22 |
| gnarface | Weeezy: yea, run it at startup | 17:23 |
| gnarface | Weeezy: after you run that script you can get the status with these commands: iptables -L -v; iptables -L -v -t nat | 17:25 |
| gnarface | Weeezy: you should read the iptables man page though, it's a good read | 17:25 |
| gnarface | Weeezy: (should basically tell you everything is closed and state tracking is on) | 17:26 |
| Weeezy | excellent advice. thank you. | 17:31 |
| Weeezy | here is my output from iptables -L -v gnarface | 17:50 |
| Weeezy | https://pastebin.com/qAsJgC3W | 17:51 |
| Weeezy | I turned off ufw, idk if that should be left running or not | 17:51 |
| gnarface | Weeezy: i don't know anything about ufw, but i would assume it would interfere | 17:54 |
| gnarface | Weeezy: paste looks right | 17:54 |
| Weeezy | ok, that's great. | 17:54 |
| Weeezy | I'll have to work on getting this script into my boot up procedure | 17:55 |
| gnarface | Weeezy: you can easily see the difference between that and the output of "iptables -L -v; iptables -L -v -t nat" if run before hand | 17:55 |
| gnarface | you can just add it to rc.local | 17:56 |
| gnarface | if you want to be fancy and get it earlier in the init process you have to create or modify a init script | 17:56 |
| fsmithred | what about iptable-save and iptables-restore? | 17:59 |
| fsmithred | those should both be plural (tables) | 18:00 |
| gnarface | i dunno they seemed crappy and unnecessarily complicated to me | 18:05 |
| gnarface | they might be worthwhile checking out though now, it's been a long time | 18:05 |
| gnarface | their man pages are mentioned in the main iptables man page | 18:05 |
| Weeezy | afk | 18:17 |
| fsmithred | I've only used them a couple of times, but they seemed easy enough to use. Assuming you knew some rules to use. | 18:21 |
| fsmithred | yeah, ok. debian wiki shows about four more steps to make it all work. | 18:25 |
| mason | I'm a fan of running firewalls out of an "up" rule in /etc/network/interfaces. | 18:32 |
| roo^y | ASCII didn't work back in the day on my mele pcg35 apo, so I've been on the derivative Refracta 9. Beowulf booted on USB, & now SSD :) | 19:48 |
| fsmithred | why didn't it work? Refracta 9 is ascii. | 19:49 |
| roo^y | yes, a derivative. I think it was you who helped me.. did a test on some test refracta successfully, so you hooked me up with a newer one | 19:51 |
| fsmithred | oh, with a backports kernel? | 19:55 |
| fsmithred | if so, it would make perfect sense that beowulf would work. | 19:55 |
| fsmithred | same kernel - 4.19 | 19:56 |
| roo^y | i'll guess yes, i just saw it/them earlier when i had a external hdd hooked up | 19:56 |
| fsmithred | you could just upgrade to beowulf. Don't need to reinstall. | 19:57 |
| roo^y | i should have asked! :D my refracta almost takes up the 1st half of SSD, about 220GB, & I just put devuan on the 3rd quarter about 110GB | 20:00 |
| roo^y | i didn't have success with sudo apt-get update && apt-get upgrade. Says something about repos changing & accepting changes | 20:02 |
| fsmithred | say yes to that | 20:04 |
| fsmithred | ascii was stable and beowulf was testing. Now ascii is oldstable and beowulf is stable. | 20:05 |
| fsmithred | continue using the codenames | 20:05 |
| roo^y | for 3 changed repos: 'See apt-secure(8) manpage for details' | 20:07 |
| fsmithred | I guess. I didn't bother reading the manpage. | 20:07 |
| roo^y | it's just CLI updating, or does it do it GUI too? | 20:08 |
| fsmithred | what do you mean? | 20:08 |
| fsmithred | if you run 'apt update' and 'apt upgrade' it will upgrade whatever packages have newer versions in the repo. | 20:09 |
| roo^y | I see synaptic package manager. Was wondering if i could use it similarly to sudo apt-get update && apt-get upgrade | 20:10 |
| fsmithred | if you change sources.list from ascii to beowulf, that will be a lot of packages | 20:10 |
| fsmithred | I think you can, but I don't think it works as well. | 20:10 |
| fsmithred | and I'm sure there are fewer people around who could help you if you run into problems with that method. | 20:10 |
| fsmithred | been there, done that recently with someone. | 20:10 |
| fsmithred | on the forum, I think | 20:11 |
| fsmithred | best is to follow the upgrade guide on devuan.org | 20:11 |
| roo^y | thanks, i'll have a look at sources.list (i just downloaded Beowulf 3.0 & installed) | 20:11 |
| fsmithred | https://devuan.org/os/documentation/dev1fanboy/en/upgrade-to-beowulf | 20:12 |
| fsmithred | oh, are you talking about doing updates on beowulf? | 20:12 |
| fsmithred | that should be pretty close to current | 20:12 |
| roo^y | yes | 20:12 |
| fsmithred | that will probably work ok with synaptic | 20:13 |
| roo^y | i see :) | 20:13 |
| fsmithred | I wouldn't use it to go from ascii to beowulf. | 20:13 |
| fsmithred | that's more complicated | 20:13 |
| fsmithred | you'll probably have around 100 packages to upgrade | 20:13 |
| roo^y | i changed root PW before using refracta installer. At end of install, it asked to change root PW. I put in same one as before install. Then I made the mistake of assuming it wouldn't take the same root PW as i'd already changed to, as I wrongfully thought the same window popped up again *(Turns out it was a different window, asking for a User PW, so it's PW is the same as root!) | 20:17 |
| hemimaniac_ | quick question, is there any real downside to switching to chimaera for a sources.list? | 20:18 |
| fsmithred | hemimaniac_, other than the fact that it's not ready and not stable (i.e. bullseye isn't in freeze yet) then no | 20:20 |
| hemimaniac_ | OHH, SHINY | 20:20 |
| hemimaniac_ | thanks fsmithred | 20:20 |
| fsmithred | it runs, but I'm sure some stuff is broken and some stuff has yet to break | 20:20 |
| fsmithred | if you're using to running debian sid or testing, you could get away with chimaera or ceres or a combination with proper pinning | 20:21 |
| fsmithred | but please don't depend on it for anything critical | 20:21 |
| hemimaniac_ | well on an already installed beowulf would it to be safe to say that damage may be limited to just a few packages or dependencies? | 20:22 |
| fsmithred | I don't know. | 20:23 |
| fsmithred | I upgraded Refracta 10 (beowulf) to chimaera and it seems to work ok, but I haven't really tested much. | 20:24 |
| fsmithred | and I haven't heard of how upgrade goes with other desktops | 20:24 |
| fsmithred | window manager is probably safer than full desktop | 20:24 |
| fsmithred | and whatever it is now might be better or worse next week | 20:24 |
| hemimaniac_ | well I guess we about to, besides, it it breaks real bad I got net-reinstalls down to 20 min flat ;) | 20:25 |
| hemimaniac_ | about to find out* | 20:25 |
| fsmithred | https://devuan.org/os/documentation/dev1fanboy/en/upgrade-to-beowulf | 20:26 |
| fsmithred | hemimaniac_, ^^^ | 20:26 |
| fsmithred | oh | 20:26 |
| fsmithred | I had to remove build-essential and libc6-dev | 20:27 |
| fsmithred | and someone else had to also remove libgcc1 | 20:28 |
| fsmithred | and then I had to do: apt install libgcc-8-dev=8.4.0-4 | 20:29 |
| hemimaniac_ | well looks like it wants to pull in libgcc-9-dev on its own, and the only thing I can see directly DE related going away is cinnamon-screensaver-webkt | 20:34 |
| hemimaniac_ | well here it goes | 20:35 |
| fsmithred | good luck | 20:36 |
| hemimaniac_ | 1571 packages to be upgraded | 20:40 |
| fsmithred | all of them | 20:40 |
| hemimaniac_ | well some of the stuff from the debian multimedia stuff will be untouched but..... looks like fun | 20:41 |
| golinux | debian multimedia? YIKES! | 20:41 |
| golinux | That's the sure way to a frankendevuan | 20:42 |
| hemimaniac_ | i know, need it for a couple multimedia things | 20:42 |
| roo^y | so my refracta 9 ascii will upgrade to refracta 10 beowulf. Whereas I changed distro flavors, & fresh installed Devuan beowulf 3.0, not being able to previously install Devuan ascii 2.1, with it's kernel incompatible with my HW | 20:45 |
| fsmithred | the main difference between the upgraded refracta and the fresh install of beowulf would be the package selections | 20:47 |
| roo^y | i see | 20:47 |
| fsmithred | and the relative lack of metapackages in refracta | 20:47 |
| fsmithred | refracta uses only devuan repos. | 20:48 |
| fsmithred | so it's just a re-spin | 20:48 |
| roo^y | ok | 20:48 |
| roo^y | I might cut refracta's large partition in half, & give it a birthday, upgrading to Beowulf :) | 20:50 |
| fsmithred | depending on how much space you have, maybe upgrade before resize | 21:08 |
| roo^y | alright | 21:16 |
| hemimaniac | well it seemed to go ok fsmithred >> Kernel: 5.7.0-1-amd64 x86_64 bits: 64 compiler: gcc v: 9.3.0 Desktop: Cinnamon 3.8.8 tk: GTK 3.24.5 wm: Muffin 3.8.2 dm: LightDM 1.26.0 Distro: Devuan GNU/Linux 4 (chimaera/ceres) | 21:34 |
| fsmithred | cool | 21:34 |
| fsmithred | I'm curious - do you have consolekit or elogind? | 21:35 |
| hemimaniac | messed up a couple of custom lists and configs i had, but after a quick mv/cp seems happy and sane | 21:35 |
| hemimaniac | 1 sec | 21:35 |
| hemimaniac | elogind | 21:37 |
| hemimaniac | why? did i break it? | 21:37 |
| hemimaniac | looks like I can actually install console-kit and it will upgrade elogind | 21:40 |
| xrogaan | they are somewhat exclusive | 21:41 |
| hemimaniac | well second round of updates is now on the way | 21:42 |
| xrogaan | Serves the same purpose. Except that libelogind might be required by any odd software as a stand in for libsystemd | 21:42 |
| xrogaan | because debian loves to insert that in everything | 21:43 |
| xrogaan | even emacs, if you can believe that, | 21:43 |
| fsmithred | if everything is working with elogind, I would keep it | 21:46 |
| fsmithred | everything = things like reboot/shutdown buttons, mounting removable media, running synaptic or gparted as root | 21:47 |
| fsmithred | xrogaan, you even get libsystemd0 in a debootstrap install | 21:48 |
| hemimaniac | weather got bad, internet gonna go away, check back later | 22:04 |
| odbw | any link for dbus alternatives, and what works and doesnt with them? ive heard of kdbus and gdbus...i think some are just dbus wrappers | 23:35 |
| odbw | alternativeto.net lists 0MQ and ubus... | 23:36 |
| odbw | libdbus, as a reference implementation of the specification. This library should not be confused with D-Bus itself, as other implementations of the D-Bus specification also exist, such as GDBus (GNOME),[9] QtDBus (Qt/KDE),[10] dbus-java[11] and sd-bus (part of systemd).[12] | 23:39 |
| odbw | im slightly obsessing over dbus because its even more ubiquitous than systemd...its in ubports, most nosystemd distros and even bsd's when they run wm's/de's usually | 23:43 |
| odbw | i tend to dislike quasi-monopolies/single points of failure | 23:43 |
| odbw | i didnt find a #nodbus channel where this talk might be more ontopic | 23:45 |
| odbw | i just came across zbus in rust for embedded, though im focused on desktop/server first | 23:51 |
| odbw | there seems to be binder on android too | 23:54 |
| odbw | i know the friendsofdebian wiki page was mentioned yesterday, but theres no talk for what is running instead of dbus (or what COULD run) | 23:55 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!