TL;DR version:
With modern linux kernels (5.6 or later) there is no need to install haveged on a GNU/Linux box being used as a wireless router.
Detailed version:
Entropy is needed for fast communication between wireless router and wireless clients (due to wpa2 cryptography operations). It used to be recommended to run cat /proc/sys/kernel/random/entropy_avail on the router and, if result was less than 1000, to install haveged and run it as a daemon to augment router's entropy pool.
Turns out that linux 5.6 incorporated a haveged-inspired mechanism that generates entropy extremely quickly (~200 MiB/s), making the haveged daemon obsolete for this use case (fast entropy generation). Also, result of cat /proc/sys/kernel/random/entropy_avail is now meaningless (the command always returns "256").
Ref: https://github.com/jirka-h/haveged/issues/57
P.S. Would the forum moderator kindly delete haveged from Reply #18 (two places) and Reply #21 (one place)? I tried to delete it myself, but was denied ("You do not have permission to access this page").
]]>The project maintains a searchable list of all their tools here: https://www.kali.org/tools/
If you like a tool you used in Kali, and want to use it in your own (Devuan) system, try to find it in this order:
1. With apt search <tool>
2. From a search in pypi.org
3. From Docker Hub (if you can afford the overhead)
4. In a public repository, like Github
5. Pre-built from the project's homepage
Here are some quick-and-dirty examples from a Devuan terminal:
# Inspect network traffic.
sudo apt install wireshark
# Test endpoint parameters.
pip3 install arjun
# Content discovery.
git clone https://github.com/assetnote/kiterunner && \
cd kiterunner && \
make build
# Web application testing.
wget -O zap-install.sh https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2_14_0_unix.sh && \
bash zap-install.sh
Many of these tools also have a Dockerfile or a docker-compose.yml, so you can build and run it that way if you want. This can simplify the installation process at the cost of overhead, which may prove substantial on lower-end systems. Images maintained by a tool's official project are often fine, but you may want to do your own testing on any image you're pulling from the web.
Many of the GUI tools will require libraries like Java JRE. If you hate Java, you could use a VM, but this will probably introduce more overhead. Just something to keep in mind.
"Rebasing Kali on Devuan" would be a substantial effort. However, nothing is stopping you from setting up your own Devuan test environment with the tools you want to use. The hard part is figuring out what you want and then maintaining the packages, an effort that is easily solved with a shell script or two.
So, yeah, that's the gist of it. Just use the tools you want.
But before I go...
Words of caution.
Something you want to avoid like the plague is repo-mixing: by importing Kali's repositories. This may work fine for some tools, or for some time, but it almost always ends in broken packages or a broken system. I note this because older projects, like katoolin, took this exact route.
You're welcome to test that if you want. (You may want to use a VM.) A quick setup:
wget http://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2022.1_all.deb && \
sudo dpkg -i kali-archive-keyring_2022.1_all.deb && \
rm kali-archive-keyring_2022.1_all.deb && \
echo "deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" | \
sudo tee --append /etc/apt/sources.list && \
sudo apt update
After setup completes, you can try to install any of the packages or metapackages. This is a path of pain. For example, you can try:
sudo apt install -t kali-rolling kali-linux-everything
sudo apt install -t kali-rolling wireshark
sudo apt install -t kali-rolling sqlmap
sudo apt install -t kali-rolling tshark
The first two installs failed because of dependency version mismatches: notably, due to the libfreerdp2-2 and libqt6multimedia6 dependencies. The command-line tools (sqlmap and tshark) installed fine; but both of these are readily available from the Devuan repos (and from Pip, or Docker, or source.)
The risks you introduce from mixing repos may not outweigh the reward to just using what's already there. Do some searching before importing packages from another project. Kali is no exception.
]]>Screwing around, feet up on desk. One hand for beer, one for rodent, all the overlapping windows and flashy animation nonsense is fine.
Here, this is my working position.
Therefore, the mouse and DE with a maximum of GUI to configure everything.
And secondly, if cli, then you should at least try to fulfill the ergonomic requirements, position the keyboard in the desired position, angle at the elbow joint, etc.
Then it will work out with all your fingers and blindly, but the pose is practically the only one for the whole day.
]]>And Linux without a system actually works faster.
Two of my machines have two OSes, one with systemd, the other without. Both work without any problems, with the same DU they load approximately the same amount of memory, but the number of processes is different.
@siva . . . OMG! Nice to see you after a loooong time . . .
Indeed!
]]>There are a few things to consider as far as the best power management solution...
Here are some useful references:
- https://www.reddit.com/r/thinkpad/comme … ittle_fan/
- https://wiki.archlinux.org/title/Lenovo … -State_EPP
- https://www.phoronix.com/review/linux-65-thinkpad
- https://www.phoronix.com/news/Linux-6.6 … Management
Currently, I am using the 6.5.0.0. kernel from daedalus-backports.
aluma, if you are having sleep issues, you may want to try that kernel, no sleep issues for me.
However, the wifi driver doesn't wake from hibernate (known issue for that kernel driver)
- https://wiki.archlinux.org/title/Lenovo … ibernation
Note that I have tried the suggestion from the reddit post above and getting good power utilisation rate now (around 5.5 - 7W which should give close to 10hr battery life).
echo 'power' | tee /sys/devices/system/cpu/cpu*/cpufreq/energy_performance_preference
I will write up an install guide for Devuan for the laptop soon, but looks really good and should improve even further with new kernel releases.
]]>RE: netinstall and upgrades, I was assuming the kernel and infrastructure that would be initially installed was whatever was on the netinstall iso? And since there's been a kernel upgrade since I first downloaded and installed Daedalus I thought that might be the case with the netinstall as well.
So basically the netinstall is just the vehicle, and all the files you will install on the machine will come not from it but directly from the repo?
All depends on how you install.
If you do an offline install or deny using a mirror, you can just install whats on the iso, and the versions that are available when the iso was being built.
When you have a network connection and you have selected a mirror, you can install everything thats in the repo, and you are getting an update of the files installed from the iso free of charge.
]]>I'm tinkering to make my config more modular, and want to decouple autostarting some daemons from my WM e.g. udiskie, transmission-daemon, mpd, etc. I was wondering what the best way to do that was via dotfiles?
I remove these autostarting via services because by default my user can't access my music library via mpd, or interact with the transmission-daemon etc. so I currently have them started via my WM's config file e.g.
(in ~/.config/i3/config)
exec --no-startup-id mpd
exec --no-startup-id transmission-daemon
etc.
My goal is to make my setup a bit more modular so that if/when I jump ship to a different WM, I won't need to configure as much. My first thought was to put these in ~/.bash_profile because I sometimes don't even run an X environment and just use a tty. However that felt off to me somehow because I've not heard of it before.
Anyone have any reckons or any experience with this? Is putting this stuff in ~/.bash_profile ok? Or should I be using the services better? Something else? Ideally it's something I can write into a config somewhere to manage as part of my dotfiles repo.
Very keen to learn what other people do and also what would be technically "correct", if applicable.
]]>GRUB_ENABLE_CRYPTODISK=y
was set on original in /etc/default/grub. I tried setting to n and making a new iso from the live image but I think issue is initramfs is not updating when resquashing live image.
cryptsetup will wait for encrypted source device when I installed system unencrypted. I tried modifying grub defaults before installing but same behavior then it drops into initramfs. What would you recommend to solve this? I can work on liveiso. But in order to rebuild initramfs I'd need to have it installed and decrypted. Or get live-update-initramfs working. How to I make a usb read and write? Possibly add multiple OS support I saw is possible on one usb.
What is meant by nocrypt.sh script?
]]>nahkhiirmees wrote:One day i had complaints from every https site i tried to visit. The reason was:the hardware decided that current time is january 2002.
That sounds like the battery for the real time clock is going flat. And might cause it to forget changes you made to the BIOS settings (or just randomly change settings). Replacing the battery would be a good start, then check all the BIOS settings.
Again i think that bios battery is not the whole story. With my "new" desktop things have detoriorated to a situation where it won't boot even from hard disk. I get complaints from bios instead.
I have changed battery 2 or 3 times this year. Tried also returning bios settings to factory defaults once or twice. Changed sata cables also, just in case.
Very interesting problem indeed. Unfortunately i have some things to do, preferably within a deadline. So now is not a good time for further research.
In a way this reminds me the last seasons of Stargate, there were this bad guy called Anubis. He had to change hosts often.
]]>