You are not logged in.
- Topics: Active | Unanswered
#51 Re: News & Announcements » Devuan 2.0 ASCII Release Candidate » 2018-05-16 09:59:59
Thank you so much for your work !
The only very very very bad thing is the use of "contrib" and "non-free" with the default install.
If we want to fight for freedom, we need to have to fight hard! Let's give up a small part, and they will take it all!My computer has one network devices which require non-free software (or slow), which I don't use but I can't remove, and also one that work with free software. So here is what is happening for me:
Debian: only free software (good) + systemd (bad)
Devuan: proprietary software (very very very bad)
Where is Devuan installing contrib and/or non-free software without your explicit consent? Which install medium have you used? With which options? As we have repeatedly said, Devuan does not install any non-free software at all. It asks if you want to use contrib and/or non-free but this is the same as in Debian. The only non-free software available in the install media is non-free wifi firmware. And you are asked if you want to use it or not. If you discovered an unexpected behaviour in this respect, please file a bug report, providing detailed information about the install image you used, the options you selected at install time, and the specific non-free software you found installed in your Devuan system.
Please clarify your statement, and, please, just avoid to spread more FUD :-(
Regards
KatolaZ
#52 Re: Forum Feedback » The sound of one hand clapping » 2018-05-15 13:36:17
figdev: I genuinely don't know what you are talking about. I usually don't get on dev1galaxy much (or at all). I'm here more or less by chance, and will most probably disappear again for several months. Fora have never been my cookie. Whatever it is, I am sure it can be solved/clarified by more active forum members ;-)
HTH
#53 Re: Devuan Derivatives » Any Devuan-based distros that use Debian's original installer? » 2018-05-15 13:04:18
I guess the intention here is not much to make Devuan "libre", rather to provide a separate libre-only repo (e.g., libre.devuan.org) for Devuan derivatives and/or for Devuan users that want to use only libre stuff. I know that "main" is effectively "libre", but in practice no Devuan derivative could ever get an official "libre" label by using the current Devuan repos, assuming that they want such a label at all.
Making a base distribution is as much working to facilitate derivatives as it is working for the base distribution itself ;-)
#54 Re: Devuan » In certain email contexts, PGP may be rendered vulnerable [PDF below] » 2018-05-14 19:02:42
Siva, please not that they say that the attack is based on the *symmetric* part of the encryption, not on the *asymmetric* part (that is the part that involved private and public keys). The factual error is in the description of how *asymmetric* encryption works in OpenPGP. And it is not relevant to the attack (and they say that in the article).
In general, publishing a paper does not mean publishing a truth. Especially if the paper had not been peer-reviewed yet (and this does not seem to have been peer reviewed yet, or at least not with proper attention)...
#55 Re: Devuan » In certain email contexts, PGP may be rendered vulnerable [PDF below] » 2018-05-14 17:46:23
Since they're the ones who published the actual paper, it may be a good idea to tell them to stop spreading FUD.
I totally agree, and I was not referring to your article, rather to the original one.
I believe you. Can you help me understand how to interpret this segment of page 3 in the paper:
2.1 Cryptographic basics
In the email context, both S/MIME and PGP use hybrid encryption, in which the sender generates a random session key "s" that is used to symmetrically encrypt the message "m" into a cipher text "c."
The session key "s" is encrypted with at least two public keys using a public key encryption scheme. The first encryption of "s" happens with the public key of the sender. Additional encryptions are done using all the public keys of the intednded recievers. Thus, "s" will be encrypted under n+1 different public keys for "n" recipients of the email. Since our attacks exploit weaknesses in the symmetric encryption, we focus on the symmetric encryption part.
This part is irrelevant to the exploit, and is also factually wrong. Encrypting something with the *public* key of the sender makes *no sense at all*, since the only way to recover whatever is in there is by using the *private* key of the sender (<- this is the factual mistake in the text above). The session key is encrypted with the *private* key of the sender (so that the received can decrypt it using the *public* key of the sender, to guarantee that it comes indeed from the sender) and then with the *public* key of the receiver (so that the receiver can decrypt it with her *private* key, which guarantees that only the receiver can decrypt it if her private key has not been compromised).
#56 Re: Devuan » In certain email contexts, PGP may be rendered vulnerable [PDF below] » 2018-05-14 16:48:53
This is the latest evidence that security is not at all an automatic thing (if we ever needed one more), and that FUD spreads faster than real news.
The article is really misleading, and the way it has been advertised is even more misleading. Please avoid to spread FUD: It's not PGP or OpenPGP to have been exploited, rather the uncanny behaviour of sending, receiving, and automatically visualising multipart emails containing external references (e.g., HTML tags which are interpreted by the MUA).
OpenPGP is *not* flawed: the MUAs which visualise external content without asking the user are flawed and broken. The usage of HTML emails is flawed and broken.
PGP/OpenPGP/GPG are *safe*. Please continue encrypting and signing your emails. Just use a *sane* client. If you can't use one, then just disable the automagic visualisation of HTML parts, and disable the references to external content.
#57 Re: Devuan Derivatives » Any Devuan-based distros that use Debian's original installer? » 2018-05-14 13:49:07
I started using Debian in 2000, I have used Devuan since Valentine pre-alpha (feb 2015), and I am one of those users with strict requirements about non-free firmware. Nevertheless, I think that the solution adopted by Devuan is not too bad, overall. It is not impossible to create alternative installer images for CD/DVD/NETINST which do not include non-free firmware packages, but we decided that providing both versions would be a bit too much. We are already providing 40+ different images for each release...
There is certainly room for a Devuan derivative there.
We have also planned to provide a libre Devuan repo, which might come to existence soonish. Stay tuned ;-)
#58 Re: Other Issues » Several bash completions unavailable » 2018-05-14 13:38:28
I have always sourced only "/etc/bash_completion" (which, BTW, sources /usr/share/bash-completion/bash_completion, which in turns loads all the completions under /usr/share/bash-completion/completions/ ...) and I don't use apt :-)
#59 Re: Other Issues » Several bash completions unavailable » 2018-05-14 13:22:14
Sorry if this sounds silly, but please consider that /etc/bash_completion is *not* included by default in your bashrc/profile. So in order for the completions to work you have to explicitly source /etc/bash_completion in your bashrc/profile.
My2Cents
#60 Re: Devuan Derivatives » Any Devuan-based distros that use Debian's original installer? » 2018-05-14 13:18:34
Hi All,
official Devuan installers based on d-i (debian installer) have always included non-free firmware. This is a choice made by Devuan developers. Non-free firmware packages are also available in live images (desktop-live and minimal-live), and there you have the option to remove them. This does not mean that non-free software is automatically installed or that non-free repos are automatically added to your sources.list during installation (which is something that has come up in this and other threads, and is wrong and misleading).
The only case in which "non-free" is silently added to sources.list is when you install non-free firmware during installation, and it is added only to the deb entry corresponding to the install medium (CDROM or DVD). The reason is that the non-free component on the install medium contains exclusively packages for non-free firmware, which you already chose to install anyway.
Please notice that an explicit reference to the presence of non-free firmware in Devuan install media is included in the files README.txt and README.html shipped with NETINST, DVD, and CD since Devuan ASCII RC.
If you use a network mirror at install time, you are always asked if you want to include "contrib" and/or "non-free" or not [1]. If you don't use a network mirror, there is no way you can install any non-free software except for the firmware referred to above, since non-free firmware packages are the only non-free packages shipped with Devuan install media.
My personal understanding is that there is no compelling reason to change this default, since it is reasonable enough and accommodates the needs of all Devuan users.
HND
KatolaZ
[1] Please notice that the installer of Devuan ASCII Beta had a bug which included "contrib" and/or "non-free" in every line of sources.list. That was a genuine bug (http://bugs.devuan.org/190), not an intentional addition as a few contributors here have suggested. The bug was fixed in Devuan ASCII RC.
#61 Re: Other Issues » [SOLVED] No extensions available in iptables after upgrading do ascii » 2018-05-13 09:07:02
Hi,
which is the issue, exactly? Which error message are you seeing? Which kernel version are you using? On which platform? (no need to say that I am using some or all of those iptables modules in many ASCII installations, without problems, and I am sure I am not alone here otherwise we would have had thousands of users complaining here and on DNG).
#62 Re: Other Issues » md5sums for packages » 2018-05-10 17:56:02
I am not sure I fully understand your question, but the sources of all the packages are available from the corresponding deb-src repos (as in Debian). Moreover, all the packages forked by Devuan are available at https://git.devuan.org/devuan-packages You can download the source or each package and rebuild it on your own if you like. Moreover, it's git, so you have the whole change history there.
You are sure that the packages installed in your system through dpkg/apt/apt-get/aptitude/synaptic/ come actually from the original Devuan repository because the Release files in the repo are signed with the Devuan archive signing key (the corresponsding public key is distributed within the devuan-keyring package and is available under /usr/share/keyrings/devuan-archive.gpg). apt checks if the Release files you download from a mirror are signed with one of the configured keys. If the signatures are not valid, apt will exit and refuse to install anything.Each Release file contains the SHA256SUMs of all the Packages.gz files in the corresponding suite. Those Packages.gz files contain an RFC822 stanza for each package, and one of the fields in the stanza is the SHA256SUM of the corresponding binary package. That SHA256SUM is checked by dpkg/apt/apt-get/aptitude/synaptic before actually installing the package. If it does not match, the package is not installed.
In a word: if you trust strong encryption and strong hash functions, you should be almost certain that the stuff you have in your system comes from Devuan. If you don't trust Devuan, you can always download the source and build the packages on your own. If this is still not enough, you'd better try another distro :-)
HTH
KatolaZ
#63 News & Announcements » Devuan 2.0 ASCII Release Candidate » 2018-05-09 22:26:51
- KatolaZ
- Replies: 37
Dear Init Freedom Lovers,
Once again the Veteran Unix Admins salute you!
We are happy to announce that the Devuan 2.0 ASCII Release Candidate is now available
thanks to the support, feedback, and collaboration of the Devuan community. Devuan 2.0
ASCII Stable will be following soon.
The Devuan 2.0 ASCII RC installer now offers a wider variety of Desktop Environments
including XFCE, KDE, MATE, Cinnamon, LXQT (with others available post-install). In
addition, there are options for "Console productivity" with hundreds of CLI and TUI utils,
as well as a minimal base system ideal for servers.
When installing from ISO, the expert install option offers a choice of SysVinit and OpenRC.
Official ready-to-use Devuan 2.0 ASCII RC images are available for dozens of ARM boards
and SOCs, including Raspberry Pi, BeagleBone, OrangePi, BananaPi, OLinuXino,
Cubieboard, Nokia N900, and several Chromebooks, as well as for Virtualbox/QEMU/Vagrant.
The desktop-live images are recommended for users to explore and easily install Devuan 2.0
ASCII RC and also for the press to review the default Xfce desktop.
The minimal-live image provides a full-featured console-based system with a particular
focus on accessibility.
Devuan developers have already started working on the third Devuan release codenamed
Beowulf (Planet nr. 38086). Preliminary installer images should be ready for testing soon.
## Download
Devuan 2.0 ASCII Release Candidate images are available for download at:
http://files.devuan.org/devuan_ascii_rc/
and from the ISO mirrors listed at:
http://devuan.org/get-devuan
The latter URL also includes information about the official Devuan repositories.
## Upgrade
Upgrade paths from Debian Jessie, Devuan Jessie, and Debian Stretch are available.
Please see the instructions at:
https://devuan.org/os/documentation/dev1fanboy/
The following will be enough to upgrade if you are already using Devuan ASCII Beta:
apt-get update && apt-get dist-upgrade
## Derivatives
The Devuan project is about providing a reliable universal base for derivatives to
build on its foundation. These recent Devuan derivatives deserve special recognition:
Maemo Leste is a new ASCII-based derivative succesfully ported on a number of mobile
phones like the Nokia N900, N950, Motorola Droid 4, Allwinner tablets and more.
https://maemo-leste.github.io/
DecodeOS is another ASCII-based derivative targeting micro-service usage on anonymous
network clusters. It includes original software developed to automatically build p2p
networks as Tor hidden service families. https://decodeos.dyne.org/
heads, the libre privacy distro previously based on ASCII, continues its development and
has already moved forward to Beowulf as its new base. https://heads.dyne.org
More Devuan derivatives can be found at:
https://devuan.org/os/partners/devuan-distros
## Contact
Mailing list: https://mailinglists.dyne.org/cgi-bin/m … stinfo/dng
IRC: #devuan #devuan-dev (Freenode)
Forum: http://dev1galaxy.org
Press contact: freedom@devuan.org
Bug tracker: https://bugs.devuan.org
Popularity contest: https://popcon.devuan.org
## Appreciation
We wish to thank all of you for the incredible support given to this development effort,
which continues to make Devuan a useful and reliable base distro as well as a pleasant
and cooperative community.
To support the Devuan project: https://devuan.org/donate
Financial reports for the year 2017 are available for download from the same page.
happy hacking ;^)
#64 Re: Devuan » My thanks to all! » 2017-05-12 19:16:45
Sorry, I genuinely didn't mean to sound accusative in my post, so please accept my apologies if it sounded
anywhere close to that.
I am always grateful for any kind of help people can give to Devuan, without distinction.
The thing is that Devuan genuinely needs to transform appreciation of users into concrete
help, of any kind 
Thanks, and sorry again!
KatolaZ
#65 Re: Devuan » Devuan brings back the real LINUX » 2017-05-09 10:18:44
Hi,
the best way to "thank" Devuan is to help making it survive, grow, and prosper. Please consider whether you can contribute with any of the things indicated in the "wishlist" here:
https://devuan.org/os/debian-fork/stabl … nce-050517
under the section "Anyone can help Devuan". Hang out on the IRC channel #devuan (freenode) to find fellow Devuaners, or roll your sleeves up and shout on #devuan-dev to get in touch with devs and offer your help.
Devuan is not much about "making a point", rather about "drawing a new path". And everyone is responsible for making this new path become real ;-)
HND
KatolaZ
#66 Re: Devuan » My thanks to all! » 2017-05-09 10:17:35
Hi,
the best way to "thank" Devuan is to help making it survive, grow, and prosper. Please consider whether you can contribute with any of the things indicated in the "wishlist" here:
https://devuan.org/os/debian-fork/stabl … nce-050517
under the section "Anyone can help Devuan". Hang out on the IRC channel #devuan (freenode) to find fellow Devuaners, or roll your sleeves up and shout on #devuan-dev to get in touch with devs and offer your help.
Devuan is not much about "making a point", rather about "drawing a new path". And everyone is responsible for making this new path become real
;-)
HND
KatolaZ
#67 Re: Devuan » Thanks! » 2017-05-09 10:14:48
Hi,
the best way to "thank" Devuan is to help making it survive, grow, and prosper. Please consider whether you can contribute with any of the things indicated in the "wishlist" here:
https://devuan.org/os/debian-fork/stabl … nce-050517
under the section "Anyone can help Devuan". Hang out on the IRC channel #devuan (freenode) to find fellow Devuaners, or roll your sleeves up and shout on #devuan-dev to get in touch with devs and offer your help.
Devuan is not much about "making a point", rather about "drawing a new path". And everyone is responsible for making this new path become real ;-)
HND
KatolaZ
#68 News & Announcements » For package maintainers: d1h is available in experimental » 2017-04-10 22:25:20
- KatolaZ
- Replies: 0
Hi all,
just to let you know that d1h (a helper to simplify operations
in the Devuan package maintenance workflow) is now available in
experimental. The aim of d1h is to make Devuan package
maintenance as easy as it can get, by hiding most of the unnecessary
details and providing a simple (CLI) interface.
More info about getting and using d1h, together with a simple
guide with a worked example can be found at:
https://dev1galaxy.org/viewtopic.php?id=549
Comments, suggestions, and issues are welcome, and should be
reported on the git page of the project:
https://git.devuan.org/devuan-packages/d1h
HH
KatolaZ
#69 News & Announcements » Reporting bugs in devuan » 2017-04-07 17:28:08
- KatolaZ
- Replies: 11
Hi all,
just to let you know that Devuan's Bug Tracking System (BTS) is now online at:
In order to post a bug report, you need to install the "reportbug" tool found in jessie-proposed.
So just add the following line to your /etc/apt/sources.list:
deb http://packages.devuan.org/devuan/ jessie-proposed main
and:
# apt-get update
# apt-get install reportbug -t jessie-proposedIf you want to report a bug on the package PKG you just type:
$ reportbug PKG and the tool will guide you through the process.
HH
KatolaZ
#70 Documentation » HOWTO: Installing and configuring surf under Devuan » 2017-03-15 18:25:50
- KatolaZ
- Replies: 0
Hi there,
you know I have been bugging everybody in DNG with surf and suckless tools 
Please
find below a short howto that describes how to install and configure surf on Devuan Jessie.
The very same procedure (apt-get source PACKAGE && change something in the sources &&
dpkg-source commit && dpkg-buildpackage) can be used to recompile any other Devuan
package and get a new .deb package which can be installed with dpkg.
HH
KatolaZ
Installing and configuring surf under Devuan
0) You need to have the correct deb-src entries in your /etc/apt/sources.list, e.g.:
deb-src http://auto.mirror.devuan.org/merged/ jessie main contrib1) Download the surf source code package:
# apt-get source surfThis will download the sources of surf in the current directory. If you run the command from the
directory ~/packages/surf/, you should see something like:
root@******:~/packages/surf# ls
surf-0.6 surf_0.6-1.debian.tar.xz surf_0.6-1.dsc surf_0.6.orig.tar.gz
root@******:~/packages/surf# 2) chdir into the source directory:
# cd surf-0.6All the configuration options are in the file config.def.h. Open it with your preferred editor.
3) Now let's imagine that we want to change the default directory where files are downloaded by surf, setting it to "~/Downloads", and that we want to run curl in xterm instead than stterm. We should look for something like:
#define DOWNLOAD(d, r) { \
.v = (char *[]){ "/bin/sh", "-c", \
"stterm -e /bin/sh -c \"curl -J -O --user-agent '$1'" \we will replace the line:
"stterm -e /bin/sh -c \"curl -J -O --user-agent '$1'" \with:
"xterm -e /bin/sh -c \"cd ~/Downloads/; curl -J -O --user-agent '$1'" \4) When you are done with your changes, you need to install the changes as a patch, so you save the file and run:
# dpkg-source --commitYou will be asked to provide a description for this patch.
5) Now you should give:
# dpkg-buildpackageIf the command complains about missing dependencies, just apt-get install the needed stuff, and then give "dpkg-buildpackage" again.
6) When dpkg-buildpackage is done, you will find the debian package in:
# ../surf_0.6-1_amd64.debwhich can be installed with:
# dpkg -i surf_0.6-1_amd64.deb7) The same procedure above can be used to recompile any package in the De**an repos.
Board footer
