You are not logged in.
- Topics: Active | Unanswered
#26 Re: Off-topic » [SOLVED] "A future for the i386 architecture" and other good(???) news » 2023-12-18 16:04:39
Great share, yeti. I wonder what the stats are on consumer *nix users on i386 processors nowadays. I only see them in niche cases anymore.
#27 Re: DIY » Announcement of the OpenMATE desktop environment » 2023-12-18 15:13:55
...structurally-flawed Wayland protocol. ...
Which components or workflows of the protocol specifically do you find flawed?
Edit: Outsourcing this question to another thread, https://dev1galaxy.org/viewtopic.php?pid=46333#p46333
Anyway, keep us posted on your efforts with Mate. Git repos are appreciated.
#28 DIY » "Using Kali tools" on Devuan » 2023-12-16 06:39:53
- siva
- Replies: 0
Kali is a solid project if you need to use a large number of tools in one place. Many of these tools are widely available in package managers, Docker images, and Git repos. This guide will give you an idea of how and how not to install them outside of Kali, with the intention of installing them in Devuan as applicable.
The project maintains a searchable list of all their tools here: https://www.kali.org/tools/
If you like a tool you used in Kali, and want to use it in your own (Devuan) system, try to find it in this order:
1. With apt search <tool>
2. From a search in pypi.org
3. From Docker Hub (if you can afford the overhead)
4. In a public repository, like Github
5. Pre-built from the project's homepage
Here are some quick-and-dirty examples from a Devuan terminal:
# Inspect network traffic.
sudo apt install wireshark
# Test endpoint parameters.
pip3 install arjun
# Content discovery.
git clone https://github.com/assetnote/kiterunner && \
cd kiterunner && \
make build
# Web application testing.
wget -O zap-install.sh https://github.com/zaproxy/zaproxy/releases/download/v2.14.0/ZAP_2_14_0_unix.sh && \
bash zap-install.shMany of these tools also have a Dockerfile or a docker-compose.yml, so you can build and run it that way if you want. This can simplify the installation process at the cost of overhead, which may prove substantial on lower-end systems. Images maintained by a tool's official project are often fine, but you may want to do your own testing on any image you're pulling from the web.
Many of the GUI tools will require libraries like Java JRE. If you hate Java, you could use a VM, but this will probably introduce more overhead. Just something to keep in mind.
"Rebasing Kali on Devuan" would be a substantial effort. However, nothing is stopping you from setting up your own Devuan test environment with the tools you want to use. The hard part is figuring out what you want and then maintaining the packages, an effort that is easily solved with a shell script or two.
So, yeah, that's the gist of it. Just use the tools you want.
But before I go...
Words of caution.
Something you want to avoid like the plague is repo-mixing: by importing Kali's repositories. This may work fine for some tools, or for some time, but it almost always ends in broken packages or a broken system. I note this because older projects, like katoolin, took this exact route.
You're welcome to test that if you want. (You may want to use a VM.) A quick setup:
wget http://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2022.1_all.deb && \
sudo dpkg -i kali-archive-keyring_2022.1_all.deb && \
rm kali-archive-keyring_2022.1_all.deb && \
echo "deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" | \
sudo tee --append /etc/apt/sources.list && \
sudo apt updateAfter setup completes, you can try to install any of the packages or metapackages. This is a path of pain. For example, you can try:
sudo apt install -t kali-rolling kali-linux-everything
sudo apt install -t kali-rolling wireshark
sudo apt install -t kali-rolling sqlmap
sudo apt install -t kali-rolling tsharkThe first two installs failed because of dependency version mismatches: notably, due to the libfreerdp2-2 and libqt6multimedia6 dependencies. The command-line tools (sqlmap and tshark) installed fine; but both of these are readily available from the Devuan repos (and from Pip, or Docker, or source.)
The risks you introduce from mixing repos may not outweigh the reward to just using what's already there. Do some searching before importing packages from another project. Kali is no exception.
#29 Re: Off-topic » Weak processor + minimal DE = no miracle! » 2023-12-11 15:31:52
choosing a browser
To clarify, my discussion was intended to build on the divide between your point about JS and application usability, versus other observations about how running arbitrary JS (tab count notwithstanding) can contribute to overhead or overheating.
Anyway, there's always curl.
#30 Re: Off-topic » Weak processor + minimal DE = no miracle! » 2023-12-10 22:40:36
You can probably block Javascript on pages, but then the necessary functions will not work.
Valid and unfortunate point. Dasein wrote a great post on this somewhere in FDN awhile back.
As a "mitigation," you could use an addon that disables JS by default, then "allow" scripts only for sites where you need it. For daily browsing on known-safe-enough websites, you could also take the opposite approach and disable scripts on sites where it becomes intrusive. uBlock Origin is useful for either case. uMatrix is a better option for aggressive filtering but you'll have to put some work into maintaining the rules over time.
Chrome may try to push out content blockers in future releases. Be careful if you find yourself too reliant on a Chrome-based browser, even Brave. I've also had ads leak through Brave, so make sure you're checking up on their filtering once in awhile. https://www.reddit.com/r/uBlockOrigin/c … ck_origin/
Gecko-based browsers are great but may not be compatible with every web app you use. Firefox is good enough for general-purpose browsing imo. Surf2 is also fun and I need to revisit that one.
Be careful about smaller projects as they often (unfortunately) lack the manpower to maintain a robust behind-the-scenes security team. "Big Tech" tends to tackle security but the tradeoff is usually privacy. https://www.zdnet.com/article/pale-moon … -versions/
#31 Re: DIY » Crowz-Devuan-Daedalus ROOT Only Ultimate-Linux Hyper Drive Gaming Inst » 2023-12-07 17:44:58
instantaneous performance
#32 Re: DIY » [SOLVED] Devuan ROOT Only Linux Hyper-Gamer Install » 2023-12-06 19:11:53
@siva . . . OMG! Nice to see you after a loooong time . . .
I still lurk 
#33 Re: DIY » [SOLVED] Devuan ROOT Only Linux Hyper-Gamer Install » 2023-12-06 18:15:10
ransomwareOS
Semi-related: Steam Deck provides root/privileged execution via sudo, which I always found surprising.
More related: https://hackerone.com/reports/1974296
#34 Re: Off-topic » Devuan/Linux security: a novella » 2022-04-04 17:06:03
Sup HoaS,
madaidan has some legit insights. Whonix is an interesting distro. Used it for research awhile back.
Further reading: https://www.reddit.com/r/linux/comments … about_the/
The sad truth is that Windows is probably the most secure desktop operating system at the moment and Chrome is the most secure browser. Both are exceptionally poor in respect of privacy so I suppose that's the price to be paid.
It is upsetting that businesses treat privacy as a commodity, not a right in and of itself. The early web had so much promise...
#35 Off-topic » Devuan/Linux security: a novella » 2022-04-04 16:00:34
- siva
- Replies: 7
Sup everyone,
The tl;dr is that I recently eavesdropped a long conversation/FUD about "linux is the most secure OS blah blah..." Their claims were without support. It makes me cringe when people peddle misinformation about Linux-based operating systems (and when they call Linux an operating system...).
Still, it got the gears turning, and I realized, it's been a hot minute since I did anything in Linux that wasn't for professional end.
So, I wanted to open a topic for people to share facts, thoughts, or other info about Linux or Devuan security. The topic is open-ended. My interest is more to have a conversation about things we would not expect from Linux security. I know for a fact that our "frequent flyers" here bring a wealth of experience from a variety of backgrounds.
P.S.: It's been a minute since I posted here. I write software now and am working in the CyS field. I'll actually be working with an IoT/mobile security research team over the summer. Life is good.
#36 Re: Off-topic » Boot iso from hard disk » 2022-03-24 19:06:10
A question more: I don't like USB hardware stick outside from my laptops because danger (one more) for the computer itself. I assume other users are also afraid about the same danger and did try to use refracta snapshot iso's directly out the internal hard disk?
What seems to be the best way to do that?
I'm half-sure what you're asking, but I once ran dd to an HDD and basically copied a Kali ISO directly to a laptop's hard drive. Session data is non-persistent, which is a dealbreaker for most use cases.
#37 Re: DIY » Lowest memory footprint obtained. » 2021-04-28 14:13:50
You're welcome to try out my project and remind me. It's been awhile. Should probably push a Beowulf version once the semester ends...
Anyway, it was the best compromise I could get between "an optional GUI" and "default console" and "as many features as humanly possible."
No desktop - 18 MB
Desktop - 47 MB
Hell yeah.
#38 Re: Off-topic » ${THEY} continue crippling browsers... » 2021-04-24 15:53:40
If you download an .iso image and check the md5sum, that is really no different to using SSL/TLS.
I get your point but I don't know that I'd go this far. SSL has a purpose for securing the connection for web apps and the like. Preventing inline snooping is a big deal with mobile infrastructures. (Unfortunately, I think that proprietary mobile is the direction in which tech is heading.) Big tech and malware both take advantage of that, but SSL is a good thing when used correctly imo.
If protocol diversity is torn down, the web loses lots of dimensions, one for each discarded protocol. And it already has lost so many of them, if viewed via mainstream browsers.
Severely underappreciated point. I think we are already seeing this kind of deconstruction, and I imagine it will only get worse over time. Mobile/web app development seems to be aggressively pushing the idea of (their own) services over anything else. (Edit: To clarify, I share your point of view. [Another edit] I did not realize that was a goal with the history of browsers. Thanks for sharing.)
#39 Re: Off-topic » What are you reading/want to read ? » 2021-04-23 22:49:32
On my list to read: The Autobiography of Benjamin Franklin.
Get ready for little politics and a ton of snark. And this really uncomfortable scene where he goes on about hanging out in the nude...
#40 Re: Off-topic » ${THEY} continue crippling browsers... » 2021-04-23 22:48:32
well ctrl+f me sideways.
#41 Re: Off-topic » What are you reading/want to read ? » 2021-04-23 16:13:47
Just finished "Cyber Security Essentials" and "Cybersecurity and Cyberwar." Keeping an eye out for any opsec or cyber forensics books that might be worth reading.
Purely for fun, though, reading Pahlaniuk's "Doomed." "Rant" is next.
#42 Re: DIY » [HowTo] runit-init as PID1 » 2021-04-23 16:11:31
Also worth noting that the beowulf installer lets you select runit as the system init.
#43 Re: Off-topic » ${THEY} continue crippling browsers... » 2021-04-23 16:10:12
Not gonna defend Mozilla's questionable, if offensive, bloatware choices. But, honestly, does anyone use straight-up FTP anymore? sftp (or, better yet, the internal-sftp through ssh) seems way more preferable.
#44 Re: Off-topic » How To Guide: Hardening Mozilla Firefox Quantum For Privacy & Security » 2021-01-22 22:17:08
Can't reach this website. ChangTzu, do you have another link?
#45 Re: Off-topic » Our dystopian present » 2021-01-22 22:16:06
Necrosaging this with an updated link. (Needed to reference an essay in a paper I'm writing. Might just by the hardcover, too.)
#46 Re: Off-topic » Greetings from New Member » 2021-01-08 03:06:33
...it asked for the last name of the person who invented or created Linux... Ian Murdoch...
The murdux kernel more is to my taste, streamlined and minimal.
10 PRINT "THANK YOU FOR USING THE IAN MURDOCH KERNEL"
20 GOTO 10
30 RUN
...But, really, welcome.
#47 Re: Hardware & System Configuration » Using secure boot » 2021-01-06 04:47:32
Secure boot should work out of the box for Devuan beowulf with no special configuration needed. Just boot the machine in UEFI mode with Secure Boot enabled and make sure that the target drive has either a GUID partition table (GPT)...
These are the answers I live for. Thanks to both of you for the advice. Looks like everything is up and running now.
#48 Re: Off-topic » (privacy) surveillance state? » 2021-01-06 04:45:15
...to further a surveillance state
Fixed that for ya.
#49 Hardware & System Configuration » Using secure boot » 2021-01-05 20:45:09
- siva
- Replies: 4
I'm looking to install a Devuan build on a new laptop. I'd like to use secure boot, but have never actually used it before. The official Debian wiki has a lengthy article on it, but I'm having trouble anticipating if I'm following it correctly.
Before going too far (or leaving myself with a broken operating system), I wanted to get some clarification on how to set up secure boot in Devuan. My understanding on how to do so is fragmented. Right now it seems like it'd be similar to:
1. Install Devuan with grub-efi.
2. Boot to the new system.
3. Install shim.
4. Follow the MOK setup procedures.
5. Check with dmesg | grep -i Secure or efibootmgr -v.
Please feel free to correct me if I'm wrong. Wold much rather know now. By the end of this, I'll probably write a DIY article.
Also, if anyone has successfully pulled off secure boot in virtualbox, I'm interested to know how you configured that to work.
Thanks. Happy 2021.
Sources
https://wiki.debian.org/SecureBoot
https://medium.com/@kyleomalley/debian- … 6f3b24218b
#50 Re: Off-topic » Learning Linux » 2020-07-31 14:11:15
The best way is to start pulling features from your system. Challenge yourself just to use the command line to solve simple problems.
My two cents
Board footer
