The officially official Devuan Forum!

You are not logged in.

#1 Re: Hardware & System Configuration » Microcode to fight Spectre and Meltdown cpu flaws » 2018-08-17 14:04:54

As I recall, "Spectre" variant 1 is not mitigated via microcode updates.  Only "Meltdown" and "Spectre" variant 2 are fixable this way.

You also have "TLBleed" and "Foreshadow" to worry about...

If you have doubts, get and build a new kernel from kernel.org.

#3 Re: Hardware & System Configuration » Microcode to fight Spectre and Meltdown cpu flaws » 2018-08-16 08:47:16

Proprietary blobs will usually live in the "non-free" repository.  Assuming you have that and "contrib" enabled then you should be able to install Intel microcode (and reboot).

But more Intel flaws just in: https://www.theregister.co.uk/2018/08/1 … ault_bugs/

And you can probably expect more...

#4 Re: Other Issues » [solved] Back to Debian 7 » 2018-08-15 13:19:15

If it's just the older version of that programme you want, then maybe try adding the Debian wheezy src repository, get the source and just build it for your current release.

#5 Re: Desktop and Multimedia » In search of a privacy oriented browser » 2018-07-26 08:17:25

Unfortunately, with the exception of tor browser, most browsers are not configured for privacy by default.  The onus is really on you to do that.  Firefox for example is relatively easy to configure to be more secure.  You can even just install tor browser look at what they have done to secure the browser and mimic that in Firefox.

Iridium is pretty much configured as is, to disable chromium's google tracking, but there are still some other privacy settings for you to configure, plus script and/or ad blocking if you want that.

It would be interesting to know what "missing library" was involved?  Usually in Debian based systems it's enough to install the package then

# apt-get -f install

to try to resolve dependencies.

#6 Re: Installation » Installation without Session management and policykit backends » 2018-07-25 07:33:23

Does

# apt-get --no-install-recommends install xfce4-session

give the same result?

//edit: Never mind - just saw the above post

#7 Re: Desktop and Multimedia » In search of a privacy oriented browser » 2018-07-25 07:22:18

You cannot really be sure anything is "safe" including the software in any given Linux distribution's repositories.

There is always an element of trust - as you, being the end user in most cases, cannot audit the code.

I use Iridium and find it to be 'ok'.  I use it with both the uMatrix and HTTPS everywhere addons installed, but I'm under no illusions that it's 100% private and/or secure.

#8 Re: Installation » Installation without Session management and policykit backends » 2018-07-23 15:08:52

consolekit2 was forked from consolekit by an XFCE developer as a temporary measure.  consolekit is a dead project.  The reason for this was to allow working shutdown/reboot/etc options from the GUI.  If you don't require these, then you almost certainly don't need consolekit2 installed.  thunar may be a source of the udkisks2 and gvfs dependencies if that's still a problem?  This may be because you've installed its recommended dependencies.  But ditch the display manager, as recommended above (or switch to XDM) and you should be able to safely remove most of those.

#10 Re: Off-topic » Does anybody run (or has thought of running) NetBSD pkgsrc on Devuan? » 2018-07-13 14:30:04

Panopticon wrote:

Its just interesting or a preference maybe but im not sold on it. Seems like a waste of bandwidth.

I'm not entirely sure who's bandwidth it would be wasting...?

One could say that 90% of Debian use is a "waste of bandwidth" as much of it is from hobbyists running testing or unstable and not really contributing anything.  The same goes for Arch Linux and Gentoo use, to name but two others...

Panopticon wrote:

Can you tell me of any advantages using pkgsrc over apt?

As someone who admitted to not really knowing what pkgsrc is earlier in this thread, you seem very intent on dismissing it out of hand?

The obvious advantage is that you might be able to compile and run software which is not available in the Debian/Devuan repositories.  You will also get control over the build system, be able to set compile flags, to avoid unwanted dependencies such as avahi, pulseaudio, udisks2 upower, dbus, etc - a clear advantage over binary package management.

#11 Re: Off-topic » Does anybody run (or has thought of running) NetBSD pkgsrc on Devuan? » 2018-07-13 11:12:14

The advantage may be the ability to use newer software than is provided in the Debian repositories and also being able to fine tune builds, etc.

I can't speak for Ottavio, but it may be just a preference or an interesting experiment.

While debianising source and building deb packages is ok for the odd package or backport, it's not really a rival to pkgsrc or the various *BSD ports systems.

#12 Re: Off-topic » Does anybody run (or has thought of running) NetBSD pkgsrc on Devuan? » 2018-07-12 07:57:22

Ottavio wrote:

And another question. Is OpenRC similar to NetBSD rc init?

You can install openrc in NetBSD - if that answers your question?  In Linux you'd probably want to install it from the "base" system's package manager.

I recently found out about this from a post on the FreeBSD forums: http://www.ravenports.com/

Looks like a new and interesting alternative to pkgsrc.  Sadly the latter never really gained traction and one of the few adopters outside of the NetBSD project, DragonFly BSD, abandoned using it as it's official ports system several years ago.  The only OS I can think of outside of NetBSD still using it is MINIX 3.

Panopticon wrote:

I don't think it would be a good idea to use a NetBSD package management system on linux, let alone devuan.

pkgsrc is a multi-platform "ports" framework for many types of *nix.  Packages compiled via pkgsrc don't install to the same locations or in any way impact the "base" operating system, by design.

#13 Re: Desktop and Multimedia » Firefox 'proper' » 2018-07-06 13:28:39

Just download the statically compiled binary in tarball form and you can install whatever version you like:

https://ftp.mozilla.org/pub/firefox/releases/

#14 Re: Installation » non-free available upon fresh install? » 2018-06-28 16:01:16

I believe the Devuan iso images include the proprietary firmware (much like the Debian unofficial iso images).

#15 Re: Other Issues » Firestarter » 2018-06-28 09:24:09

Caluser2000 wrote:

I went to force its removal with

apt-get -f autoremove

and that sorted the dependencies strangely enough.

Not strange at all.  By including the "-f" option, you instructed apt-get to fix broken dependencies.  autoremove is used to remove any  packages which are marked as automatically installed and which are no longer needed (i.e. the packages you installed, which pulled these in as dependencies are no longer installed).  The firestarter package was not marked automatically installed, so autoremove would not have removed it.

To remove the "firestarter" package, you only needed to use the remove argument and specify the package name.

It looks like firestarter is dead upstream, hence why it was removed from Debian.  The last upstream release was in 2005, it was maintained and patched in Debian up until 2012.

#16 Re: Desktop and Multimedia » Firefox Oddities » 2018-06-27 16:07:43

You're right that script blocking could be seen as security related.  However just completely turning off javascript is probably the best approach, though not practical for most people.

I can manage to browse the web by selectively disabling those scripts which just aren't needed (advertising, tracking, etc related), but the average person usually can't manage this or just doesn't know about.  This is all assuming that 100% of the issue is javascript and nothing more...  you've also no reliable or practical way of knowing which scripts are dangerous and which are not.

Hence "secure by default" is the best approach and why sandboxing, privsep, etc are preferred and very important.

It's not so much "duct tape", as just correctness - in that the OS should never assume that any installed programme is "safe", never mind the web content it accesses.  It really boils down to that the OS should stick to the principle of least privilege.

#17 Re: Hardware & System Configuration » How to install nvidia CUDA on ASCII? » 2018-06-27 13:56:41

The cuda packages you installed were intended for an Ubuntu release.  You will probably have to purge all of those first and then install it from the repositories.

#18 Re: Desktop and Multimedia » Firefox Oddities » 2018-06-27 11:28:07

devuser wrote:

Nothing wrong with chromium (chrome on the other hand...). It's a solid product. I've actually considered switching to it too but i can't get used to the UI and it's lacking when it comes to plugins (the main reason i used to use FF).

chromium, like firefox still comes out of the box with google spyware built in and enabled.  chrome is worse still.  Iridium is a chromium fork which does not.  Iridium doesn't seem to be available in Debian repositories, but they do provide a .deb package.  It's available in OpenBSD ports and for Windows, hence why I use it.

Last time I checked, chrome "phones home" when installed initially.  But I wasn't referring to privacy settings or anonymous browsing, etc.

UI wise, I dislike chromium/chrome/iridium, but have gotten used to it.  I preferred the old Netscape/Mozilla/Seamonkey UI, but common sense in UI design seems to be a thing of the past (just look at the gnome project).

devuser wrote:

Regarding security i don't see how process separation (i guess that's what you are hinting at?) is all that important though. While i'll have to agree that it's (at least used to be - i don't follow this all that closely) easier to turn an exploit into a compromise with FF we are talking about last line defenses when there is already major hole in the bucket.

I'm not familiar with "process separation".  I am referring to privilege separation (privsep).  It's important for browsers, due to the attack surface offered by modern browsers.  chromium was designed from day one with sanboxing and privsep in mind, where Mozilla have been retrofitting it to legacy Netscape code.

devuser wrote:

(is there anything even close to Random Agent Spoofer for chromium?).

Spoofing user agents is really a privacy thing, rather than a security concern.  For example, you can browse with tor, script blocking and random UAs, but a vulnerability in e.g. the browser, kernel, SSL (or in the CPU!) is still a security hole and could still compromise your system, irrespective of any extra privacy measures you've taken.

There are several user agent switchers for chrome, some offer random switching, but I'm not aware if they have the same functionality as the one you refer to, as I've not used them.

Regarding extensions, I have umatrix (better than what noscript has become by a square mile) and HTTPS everywhere installed.  The extensions situation seems ok, though again extensions always have to be researched an vetted rather than installed blindly.  The Seamonkey extensions situation is far worse...

#19 Re: Desktop and Multimedia » Firefox Oddities » 2018-06-27 09:20:02

While we're into suggesting alternatives in preference to solving the OP's, problem, I suggest iridium or chromium.  Yes an evil google product, but actually better put together, does privilege separation better and as a result is more secure.

#20 Re: Hardware & System Configuration » How to install nvidia CUDA on ASCII? » 2018-06-27 08:07:06

stierlitz wrote:

I was able to install nvidia proprietary driver (using deb provided by nvidia) but I am stuck on installing cuda. I get dependencies error like this:
[...]
The following packages have unmet dependencies:
cuda : Depends: cuda-9-2 (>= 9.2.88) but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

The Debian package from the vendor breaks the dependency chain.  I hadn't realised that Nvidia provided a Debian package of the blob.  When I last used it, it was a still a shellscript.  Removing it and installing the blob from the repositories should be the first step to resolving this.

Looking at the  cuda version in Debian unstable, it's currently at version 9.1.85, so still older than the vendor version.  The version in the stable release is 8.0.44 - thus you cannot satisfy the 9.2.88 dependency via the repositories.

#21 Re: Installation » Black Screen on Devuan Ascii - acpi=off solves it (undesirable) » 2018-06-27 07:47:51

Sanssystemd wrote:

I've tried both, on root i got a display (1024x768)
As a regular user i got nothing.

You have X.org log files and the ~/.xsession-errors file to refer to.

Also once you run X as root you can break Xauth.  It's often necessary to clear up any of these dotfiles, before attempting to startx again as a normal user.

#22 Re: Desktop and Multimedia » Firefox Oddities » 2018-06-27 07:41:34

Run firefox from a terminal emulator and see what output appears?

#23 Re: Installation » Black Screen on Devuan Ascii - acpi=off solves it (undesirable) » 2018-06-26 15:46:20

I'm not entirely sure as to why you're issuing startx as root?  This is wrong irrespective of whether you're trying to run a rootless or setuid x.org.  You need to stop doing that immediately if you want to troubleshoot this effectively.

The whole point of non setuid x.org is that it does not run the xserver as root (setuid xorg does), it's rootless.

Try issuing startx as a normal user.  Remove stale ~/.Xauthority files if needed.

If you still get the same error, then it's possibly due to some legacy video driver and you might have to settle for running the older x.org with setuid root.

#24 Re: Installation » Black Screen on Devuan Ascii - acpi=off solves it (undesirable) » 2018-06-26 13:45:44

i965 is part of mesa/dri, it's not the kernel module, so that is in fact correct.

What exactly happens when you install elogind and libpam-elogind as it suggests and try to startx normally, rather than running the older xserver as setuid root??

#25 Re: Desktop and Multimedia » Problem with package mate-power-manager » 2018-06-26 09:54:53

This may be worth a bug report, as mate-power-manager was originally systemd dependent.  So possibly some functionality is broken.  You will need to state which release you're using.  You could also start mate-power-manager from the console and see if it spits anything useful on lid close.

Board footer

Forum Software