00:13.03 | *** join/#devuan xes (~xes@unaffiliated/xes) |
00:15.30 | *** join/#devuan xes (~xes@unaffiliated/xes) |
00:21.04 | *** join/#devuan infobot (ibot@rikers.org) |
00:21.04 | *** topic/#devuan is Recent (2017-05-5): Jessie 1.0.0 RC2 | https://devuan.org/ discussion channel (logged at https://botbot.me/freenode/devuan - with useful 'search') | Please take off-topic conversation to #debianfork | /msg chanserv info #devuan | !listkeys #devuan <foo> | Devuan Forum: https://dev1galaxy.org/ |
00:27.05 | *** join/#devuan nighty-- (~nighty@d246113.ppp.asahi-net.or.jp) |
00:27.11 | *** join/#devuan CaptainFixerpc14 (~captainfi@unaffiliated/captainfixerpc14) |
00:35.20 | *** join/#devuan auser_ (~devuan@190.213.248.147) |
00:42.21 | *** join/#devuan Chanku (~Chanku@2602:306:32a0:d690:21b:77ff:fea3:4a99) |
00:45.01 | *** part/#devuan auser_ (~devuan@190.213.248.147) |
00:50.23 | *** join/#devuan NewGnuGuy (~NewGnuGuy@69.41.81.178) |
01:16.12 | *** join/#devuan KittenNIX (~KittenGNU@unaffiliated/kittengnu) |
01:30.10 | *** join/#devuan Humpelstilzchen (erik@x4e3662e7.dyn.telefonica.de) |
01:31.32 | *** join/#devuan zocker_ (~tobias@x86.li) |
01:31.38 | *** join/#devuan nikitis-temp (d068e4ad@gateway/web/freenode/ip.208.104.228.173) |
01:32.17 | nikitis-temp | I recently installed Devuan today, and when I reboot now, I cannot get past "waiting for /dev to be fully populated...." |
01:33.43 | fsmithred | nikitis-temp, were you able to boot this install earlier? |
01:50.10 | *** join/#devuan stroucki (~luser@gunkai.ascient.net) |
01:53.13 | stroucki | is there documentation for the InRelease file format? |
01:54.04 | stroucki | all debian derivatives that i have at hand have one space from the begin of line for the md5sums |
01:54.13 | stroucki | MD5Sum: 8ae3baea40d236b5d1f31ccf30b6bc8f 1180269937 Contents-powerpc |
01:54.38 | stroucki | well, there was supposed to be a newline after the MD5Sum: |
01:55.33 | stroucki | while devuan has two spaces before the md5sum |
01:55.41 | stroucki | and approx chokes on that |
01:56.44 | stroucki | and jessie-update's InRelease is missing a newline before the MD5Sum: |
02:01.28 | *** part/#devuan catprints (~realperso@172.58.83.68) |
02:02.25 | *** join/#devuan Hoshpak (~Hoshpak@p200300C90BC8A800084F9EB3C66D0A0D.dip0.t-ipconnect.de) |
02:32.48 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |
02:35.53 | *** join/#devuan NewGnuGuy (~NewGnuGuy@69.41.81.178) |
02:37.36 | *** join/#devuan misto6_ (~misto6@dslb-178-012-120-018.178.012.pools.vodafone-ip.de) |
02:46.45 | fsmithred | nikitis-temp, did you edit /etc/network/interfaces? If it says 'allow hotplug' change it to 'allow auto' |
03:04.25 | *** join/#devuan Centurion_Dan (~Icedove@office.centurion.net.nz) |
03:09.32 | rrq | or just 'auto' |
03:10.19 | rrq | no 'auto eth0' .. or replace eth0 with your interface name |
03:12.18 | *** join/#devuan pekman (~pekman@unaffiliated/pekman) |
03:34.35 | *** join/#devuan JohnTheRipper (~JohnTheRi@2.229.193.226) |
03:38.35 | fsmithred | rrq is right. |
03:42.38 | *** join/#devuan NewGnuGuy1 (~NewGnuGuy@69.41.81.178) |
03:57.23 | *** join/#devuan pekman (~pekman@unaffiliated/pekman) |
04:06.39 | golinux | pekman: You left the other channel |
04:07.02 | golinux | Surely you've read the announcements for RC1 and RC2 |
04:09.44 | *** join/#devuan NewGnuGuy (~NewGnuGuy@69.41.81.178) |
04:13.17 | *** join/#devuan Drugo (~Drugo@62-11-1-95.dialup.tiscali.it) |
04:13.42 | *** join/#devuan NewGnuGuy1 (~NewGnuGuy@69.41.81.178) |
04:32.14 | *** join/#devuan dardevelin_ (~dardeveli@unaffiliated/dardevelin) |
04:33.43 | *** join/#devuan zdzichu (~zdzichu@2001:470:6459:b1b3:b134:c310:0:b1) |
04:41.02 | *** join/#devuan NewGnuGuy (~NewGnuGuy@69.41.81.178) |
04:45.45 | *** join/#devuan towo^work (~towo@unaffiliated/towo/x-4064351) |
05:03.58 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
05:11.02 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
05:13.10 | *** join/#devuan freemangordon (~ivo@46.249.74.23) |
05:17.27 | *** join/#devuan NewGnuGuy1 (~NewGnuGuy@69.41.81.178) |
05:20.13 | *** join/#devuan mchasard (~mchasard@glg95-h03-89-81-23-36.dsl.sta.abo.bbox.fr) |
05:21.30 | *** join/#devuan godbed (~Wowbagger@HSI-KBW-078-042-209-105.hsi3.kabel-badenwuerttemberg.de) |
05:34.30 | mchasard | hi |
05:35.11 | mchasard | i have a trouble with a vlc compilation when i run it i have this error |
05:35.24 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
05:35.34 | mchasard | core interface error: no suitable interface module |
05:35.34 | mchasard | [0000000020735130] core libvlc error: interface "globalhotkeys,none" initialization failed |
05:36.04 | mchasard | i follow this tuto |
05:36.05 | mchasard | https://www.jjtronics.com/wordpress/2016/10/26/raspberry-pi-3-et-raspbian-jessie-vlc-2-4-et-acceleration-materiel-hardware-acceleration/ |
05:54.33 | mchasard | how to remove an application compiled but fault |
06:01.45 | mchasard | i can't use firefox till few day it return me that |
06:01.46 | mchasard | www.google.com uses an invalid security certificate. The certificate will not be valid until 03/05/2017 10:42. The current time is 01/05/2017 07:32. |
06:02.08 | mchasard | how to get a new valid certificate ? |
06:05.09 | aaro | try setting the right date to your system |
06:07.05 | mchasard | i did not see that it was at 01 /05 |
06:07.13 | *** join/#devuan DPA (~Daniel@194.230.159.173) |
06:07.46 | mchasard | cool thanks a lot ... |
06:17.38 | *** join/#devuan cocoadaemon (~foo@2a01:e35:8a99:e90:1202:b5ff:fe91:e4ca) |
06:24.39 | *** join/#devuan zyliwax (~zyliwax@unaffiliated/zyliwax) |
06:32.19 | *** join/#devuan ruenoak (~chatzilla@122-60-114-138.jetstream.xtra.co.nz) |
06:33.46 | *** join/#devuan Levure (~quassel@91.181.29.158) |
06:47.49 | *** join/#devuan neutron_stz (~Icedove@151.237.37.183) |
06:54.02 | *** join/#devuan neutron_stz (~Icedove@151.237.37.183) |
06:56.19 | *** join/#devuan Countess_Bathory (~Tess@unaffiliated/bloodcountess) |
07:07.48 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-39-168.clienti.tiscali.it) |
07:13.58 | *** join/#devuan chomwitt (~chomwitt@ppp-94-66-62-48.home.otenet.gr) |
07:15.13 | *** join/#devuan mchasard (~pierre@glg95-h03-89-81-23-36.dsl.sta.abo.bbox.fr) |
07:25.51 | *** join/#devuan JohnnyRun (~gianni@net94-124-67-2.static.bb.mainsoft.it) |
07:26.17 | *** join/#devuan Countess_Bathory (~Tess@unaffiliated/bloodcountess) |
08:03.26 | *** join/#devuan peetaur (~peter@p57AAAFD3.dip0.t-ipconnect.de) |
08:06.35 | *** join/#devuan Irrwahn (UNKNOWN@p57992FA7.dip0.t-ipconnect.de) |
08:13.50 | *** join/#devuan peetaur (~peter@p200300E10BC06900667002FFFE2E10FC.dip0.t-ipconnect.de) |
08:15.53 | *** join/#devuan cocoadaemon (~foo@91.194.61.201) |
08:20.53 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-39-168.clienti.tiscali.it) |
08:34.37 | *** join/#devuan Madda (~Madda@hq.m3team.it) |
08:36.18 | AntoFox | o/ |
08:51.00 | *** join/#devuan DPA (~Daniel@194.230.159.173) |
09:10.39 | *** join/#devuan alazred (~alazred@2.46.151.69) |
09:10.57 | *** join/#devuan alazred (~alazred@unaffiliated/alazred) |
09:22.00 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
09:37.49 | *** join/#devuan Besnik_b (~Besnik@athedsl-4367270.home.otenet.gr) |
09:38.31 | *** join/#devuan kelsoo (~kelsoo@dragora/developer/kelsoo) |
09:45.20 | *** join/#devuan bairdy (~cjb@ppp121-44-248-115.bras2.syd2.internode.on.net) |
09:46.17 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-39-168.clienti.tiscali.it) |
09:48.05 | *** join/#devuan Drugo (~Drugo@62-11-1-95.dialup.tiscali.it) |
09:55.38 | *** join/#devuan dardevelin_ (~dardeveli@unaffiliated/dardevelin) |
09:56.50 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-39-168.clienti.tiscali.it) |
09:58.16 | *** join/#devuan alazred (~alazred@unaffiliated/alazred) |
10:19.43 | *** join/#devuan Gup (~Gup@jh3.jhodges.co.uk) |
10:28.14 | *** join/#devuan kelsoo (~kelsoo@dragora/developer/kelsoo) |
10:40.48 | *** join/#devuan _root_ (~taha@unaffiliated/root/x-2442832) |
10:40.53 | _root_ | hello |
10:41.15 | DPA | hi |
10:42.00 | *** join/#devuan aitor (~aitor@213.143.48.79) |
10:42.05 | aitor | hi all |
10:43.13 | aitor | i recorded a video about the behavior of the security key in the backend of simple-netaid |
10:45.00 | aitor | at every click on the connect button of the password dialog, a random key is generated and sent to the backend through the port of the socket |
10:46.02 | aitor | the backend receives the message comparing its value with the argument in the command line |
10:46.15 | aitor | if they differ, the backend will do nothing |
10:46.47 | aitor | i'll give you the link to the video in a few minuts |
10:47.35 | aitor | somebody suggested that this idea is a security hole, instead a security measury |
10:47.42 | aitor | what do you think about? |
10:48.01 | *** join/#devuan k0nsl (~k0nsl@feel.the.power.feel.the.k3k.su) |
10:48.01 | *** join/#devuan k0nsl (~k0nsl@unaffiliated/k0nsl) |
10:49.42 | *** join/#devuan _root_ (~taha@unaffiliated/root/x-2442832) |
10:53.23 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-39-168.clienti.tiscali.it) |
10:53.36 | DPA | Is there a link to the code? |
10:56.58 | *** join/#devuan AntoFox (~Thunderbi@78.12.39.168) |
10:57.00 | aitor | still not, but i'll push it today |
10:58.13 | aitor | first of all, i must to do this process multithreaded |
10:59.39 | DPA | ok |
11:00.37 | aitor | i'm uploading the video |
11:01.55 | aitor | i promise no more videos about swallows |
11:01.58 | aitor | done: |
11:02.00 | aitor | http://gnuinos.org/socket.mpg |
11:05.19 | aitor | DPA: i must to do it multithreaded because the server (in this case, the backend) is waiting for the message for a few miliseconds while the on_button_connect() method is being executed |
11:06.41 | aitor | is a bad idea to send also the other arguments (essid, password) through the socket, insteas as arguments in the command line? |
11:07.04 | aitor | what do you think about? |
11:07.42 | aitor | you are much better unix admins than me, even being worse chefs |
11:08.23 | aitor | i had to underline this point |
11:11.05 | aitor | the server's address is set to 127.0.0.1, a special address for the local host |
11:11.46 | aitor | so the client and server should be on the same machine |
11:12.36 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
11:13.05 | djph | aitor: what is it that you're doing (can't watch the vidjeo, at work ... all I have is ssh out ... lalalala) |
11:13.36 | aitor | lalalala? are you french? |
11:13.56 | Leander_ | it's pretty difficult to understand what you're actually doing, indeed |
11:14.21 | aitor | the backend of simple-netaid has suid permissions |
11:14.38 | djph | aitor: nah, just "singing" "lalalala" since I can still ssh out to me IRC box |
11:14.41 | Leander_ | and you don't need multithreading in many cases, just a "select" (available in many languages) |
11:15.44 | aitor | we won in Eurovision with such song many years ago |
11:17.01 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |
11:17.54 | KatolaZ | aitor: whatever you do in the GUI, I would put a lot of effort in input sanitising |
11:18.01 | aitor | if you run the backend in the command line, it'll be waiting for an answer from the Connect button of the password dialog through the port |
11:18.08 | KatolaZ | and also on the backend, I would avoid direct feeding of user inputs |
11:18.30 | aitor | and only the user of the GUI can do that |
11:18.32 | KatolaZ | that's the most important thing with SUID processes |
11:18.42 | djph | KatolaZ: GUI or CLI, sanitize your inputs. Otherwise Little Bobby Tables will ruin your da |
11:18.45 | djph | *day |
11:18.53 | KatolaZ | aitor: that's not the best design |
11:18.55 | KatolaZ | probably |
11:19.00 | aitor | so, you think that's a good idea, KatolaZ? |
11:19.06 | KatolaZ | you might wans to have several clients connecting to the same backend |
11:19.08 | KatolaZ | not just one |
11:19.11 | KatolaZ | .... |
11:19.37 | aitor | several ports, then? |
11:20.09 | aitor | we can select many ports in the range 1024...65535 |
11:21.17 | parazyd | what are unix sockets? |
11:21.28 | Leander_ | ^ exactly |
11:22.50 | detha | parazyd: things that look like a socket to the program, and like some special type of file to ls |
11:23.07 | aitor | sockets are used for the comunication between different processes |
11:23.27 | parazyd | only Leander_ gets my point it seems |
11:23.42 | Leander_ | what are rethorical questions? |
11:24.43 | aitor | Leander_: what's difficult to understand? |
11:25.11 | aitor | first of all i'll improve the code and push it to gitlab |
11:25.11 | detha | aitor: why a backend for something on the local machine should be listening on 127.0.0.1 |
11:25.31 | aitor | after that, we can discuss |
11:26.03 | Leander_ | why you generate a random number to then send it later via a socket, not sure how you then know that this number is the one you should have been expecting in the first place, especially if you keep changing it |
11:26.11 | *** join/#devuan chomwitt1 (~chomwitt@athedsl-351929.home.otenet.gr) |
11:27.26 | aitor | only the code of the password dialog knows its value |
11:27.43 | aitor | the password dialog sends it by two different ways: |
11:27.53 | aitor | through the port |
11:28.06 | aitor | and as an argument in the command line |
11:28.15 | *** join/#devuan malinas_ (~user@137.132.22.252) |
11:28.18 | aitor | the banckend compares both values |
11:29.16 | Leander_ | that's what I don't get: if you don't trust input A alone, and don't trust input B alone, then how come you can trust input A+B? |
11:29.42 | aitor | if you run the backend from the command line, you can't know beforehand twhich value will be sent trhough the socket |
11:29.53 | aitor | and the backend will do nothing |
11:30.19 | Leander_ | but then why do you need to confirm through 2 different channels? there's something amiss |
11:30.32 | aitor | sorry, 13:30 qnd need to go |
11:31.45 | Leander_ | I think you're trying to use a shared secret scheme, but it feels like something's wrong about the way it is done |
11:33.01 | aitor | surelly, that's not the best scheme :) |
11:33.10 | aitor | see you later, Leander_ |
11:34.07 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-39-168.clienti.tiscali.it) |
11:34.09 | parazyd | shrugs |
11:36.59 | detha | doesn't get it. What is he trying to defend against here? |
11:43.15 | djph | no idea |
11:49.16 | *** join/#devuan _root_ (~taha@94.183.156.125) |
11:49.17 | *** join/#devuan _root_ (~taha@unaffiliated/root/x-2442832) |
11:50.03 | detha | Either one assumes local sockets are safe, and sends things straight through, or one assumes they are not, and wraps the whole thing in asymmetric encryption. |
11:54.23 | *** join/#devuan DPA (~irc@75-128-16-94.static.cable.fcom.ch) |
11:57.50 | *** join/#devuan thehornet (~a0225280@192.91.75.30) |
12:05.16 | _root_ | is it true that qt technologies (qt-desktop qt web and so on) is the property of Nokia Corp. and not at all secure riddle with whole :) |
12:05.27 | _root_ | but seriously |
12:06.42 | gnarface | qt isn't perfect, but that's half lies and half contrivance |
12:07.36 | parazyd | qt rocks |
12:09.10 | gnarface | all that is important to understand here is that software can be available under multiple licenses simultaneously. it's up to you, the customer, to choose which |
12:10.55 | gnarface | qt is hardly unique in that respect |
12:11.30 | gnarface | you can always choose to use something else too |
12:11.52 | gnarface | gtk is also quite popular |
12:15.47 | *** join/#devuan chocolate (65a40f0e@gateway/web/freenode/ip.101.164.15.14) |
12:16.24 | gnarface | i like efl |
12:16.35 | gnarface | (and they're probably ALL riddled with holes) |
12:16.46 | sixwheeledbeast | qt was trolltech, Nokia and then Digia before being the "Qt Project" |
12:16.50 | chocolate | hello friends, can anyone suggest a calendar prog for devuan? I want to plan my week and have a nice looking and customizable weekly planner! |
12:17.05 | buZz | calcurse? |
12:17.46 | chocolate | thanks buzz |
12:17.49 | chocolate | checking it out now |
12:17.50 | djph | isn't there an extension for t-bird as well? |
12:17.51 | gnarface | chocolate: is iceowl (sunbird) still in the repos? |
12:17.56 | djph | uh ... lightning, I think? |
12:18.20 | gnarface | oh, yea they re-named it lightning |
12:18.20 | sixwheeledbeast | thunderbird's calendar suitable? |
12:18.28 | sixwheeledbeast | oh yep |
12:18.34 | gnarface | all i can tell you about it is that it installs |
12:19.15 | gnarface | iceowl/iceweasel |
12:19.18 | gnarface | lightning/thunderbird |
12:19.51 | chocolate | great - checking them out now! |
12:20.44 | gnarface | isn't there a planner in libreoffice? |
12:21.10 | djph | gnarface: not that I'm aware of |
12:21.16 | gnarface | there is not |
12:21.21 | gnarface | i was thinking of lotus |
12:21.38 | djph | :) |
12:24.52 | KatolaZ | chocolate: if you are using emacs, the standard diary + calendar + orgmode are quite powerful |
12:25.23 | chocolate | iceowl is still in repos |
12:25.37 | chocolate | as the extension for thunderbird |
12:25.41 | chocolate | looks good! |
12:26.03 | fsmithred | orage is the xfce calendar |
12:26.42 | *** join/#devuan JohnnRun (~gianni@net94-124-67-2.static.bb.mainsoft.it) |
12:26.55 | chocolate | thanks gnarface, djph, katolaz, fsmithred |
12:27.03 | chocolate | *thumbs up |
12:39.11 | *** join/#devuan tgragnato (~tgragnato@host200-186-dynamic.52-82-r.retail.telecomitalia.it) |
12:39.20 | DPA | In that simple-netaid video, what is the password prompt there for? |
12:40.31 | DPA | I mean, what's the purpose of the password prompt? |
12:42.02 | gnarface | root or sudo password? |
12:42.10 | gnarface | just guessing |
12:42.26 | *** join/#devuan chomwitt1 (~chomwitt@athedsl-351929.home.otenet.gr) |
12:48.44 | *** join/#devuan snux (~snux@net-5-95-198-148.cust.vodafonedsl.it) |
12:51.26 | detha | wifi password maybe? |
12:53.24 | detha | anyway, if all he wants to do is the odd command to configure an interface, what is wrong with something along the lines of http://paste.debian.net/932518/ plus http://paste.debian.net/932517/ ? |
12:53.57 | gnarface | oh, wifi password, that's a better guess than mine |
12:54.00 | detha | No need to have a multithreaded server hanging around doing nothing 99.9% of the time |
12:55.31 | KatolaZ | I still think that using a C program which just does "execl" something else is an overkill... :| |
12:58.33 | detha | you have to gain privileges somehow. 10 years ago, people would just run the entire front-end SUID. And in case of interface config, yes one could pull up the source of /bin/ip and speak netlink directly. But that is a project on its own |
13:03.12 | KatolaZ | detha: I mean, you can just call a shell script to gain privileges |
13:03.20 | KatolaZ | :) |
13:03.32 | KatolaZ | without the need of making a shell from scratch |
13:04.02 | KatolaZ | which is probably what you need to do, if you have more than a couple of possible commands |
13:04.49 | detha | alas, there's no such thing as a suid shell scripts, and sudo has this annoying habit of checking /etc/sudoers and asking for passwords |
13:06.45 | KatolaZ | well, you're right |
13:07.06 | djph | detha: though, can't you fix /etc/sudoers to allow certain things to get by password-free? |
13:08.34 | parazyd | >not using pinentry |
13:08.35 | detha | one can. one has to be extremely careful with it though - never underestimate what you can make a command do |
13:09.44 | *** join/#devuan DGMurdockIII (~dgmur@c-73-146-35-181.hsd1.in.comcast.net) |
13:09.46 | detha | for example, let junior have the rights to update systems. can't just say 'allow apt-get', because junior might create a .deb that installs an suid shell |
13:11.38 | KatolaZ | detha: reality is that admin should be kept separate from users |
13:12.13 | KatolaZ | I know people want a windows-like experience on Linux |
13:12.24 | KatolaZ | but that is simply wierd |
13:12.28 | KatolaZ | and leads to wierd solutions |
13:13.00 | buZz | KatolaZ: i think that you could run wannacry inside Wine |
13:13.00 | bluemarlin | detha: i wouldn't let non-admin update production systems - the updates either run automatic or require full supervision imho |
13:13.08 | buZz | but why would you want that |
13:13.15 | detha | KatolaZ: agreed. but in case of these wifi things, can't give users access to too much, but they need the odd setting |
13:13.19 | *** join/#devuan Countess_Bathory (~Tess@unaffiliated/bloodcountess) |
13:14.54 | KatolaZ | detha: if you need to setup wifi, you must agree to use some level of "weirdness" |
13:15.10 | KatolaZ | it might be sudo |
13:15.13 | KatolaZ | or sup |
13:15.13 | detha | bluemarlin: all depends on what environment you are in. keeping systems patched is boring. the days that you could leave prod on auto-pilot and nothing would break are long gone |
13:15.16 | KatolaZ | or something else |
13:15.32 | KatolaZ | but there is no escape: you need to execute some operations as admin |
13:15.38 | detha | aitor seems to be busy developing the 'something else' ;) |
13:16.09 | KatolaZ | I wouldn't touch the "something else" for any gold |
13:16.17 | KatolaZ | ~amount of gold |
13:16.26 | KatolaZ | because almost any solution will be flawed |
13:16.37 | KatolaZ | or more flawed than sudo, sup, etc. |
13:16.44 | bluemarlin | i honestly can't think of any 'safe' method besides authenticating the user-space binary with some sort of executable-signing |
13:17.23 | KatolaZ | bluemarlin: and even then, you must be sure that the "user" cannot mangle with the signing ;) |
13:17.49 | detha | and even that can be circumvented. run the binary under debugger, 'fix' the data that goes to the backend, continue |
13:18.08 | KatolaZ | detha: namely ;) |
13:18.26 | detha | that's why I suggested the suid part with lots of checking, and hard-coded commands. |
13:18.44 | KatolaZ | detha: I would insist on "lots of checking" |
13:18.50 | bluemarlin | good points, damn |
13:19.06 | KatolaZ | knowing that even in setnet.sh there are things that must be hardened in this sense |
13:19.54 | KatolaZ | has a list of checks which needs to be implemented in setnet |
13:20.07 | equex | hey. im trying to decide wether to install devuan or regular jessie. from the website it comes down to the "one program should do one thing well"-doctrime which i agree very much with. but when i first heard about the systemd debacle long ago, the argument against systemd was about it being unsecure and an invitation to make backdoors almost by design? is there any truth to that ? |
13:21.04 | fsmithred | I haven't heard of any exploits yet. |
13:22.20 | fsmithred | bbl |
13:22.35 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-39-168.clienti.tiscali.it) |
13:29.18 | bluemarlin | equex: if you could prove that something is flawed by design, then not many people would use it, i guess. If you have time, go through this: http://without-systemd.org/wiki/index.php/Arguments_against_systemd |
13:32.56 | bluemarlin | for me personally - i switched to devuan because debian 8 was painful to interact with. system service management works as a sorry hybrid between systemd and sysvinit, binary logs got currupt somehow when my systems have crashed, etc |
13:33.57 | bluemarlin | bbl |
13:35.56 | equex | right |
13:38.32 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |
13:40.40 | nepugia | KatolaZ: personally my solution would not be to allow the user to allow any elevated binaries but rather let a system daemon run in the background that accepts some commands like commect to this wifi (and probably logs those) |
13:49.27 | KatolaZ | yes nepugia, but you must sanitise all the input that comes from the user program, and all the stuff that the daemon accepts |
13:49.47 | KatolaZ | and double-check that those are as expected, on both sides |
13:50.04 | *** join/#devuan alazred (~alazred@unaffiliated/alazred) |
13:50.45 | nepugia | you have to do that for pretty much any software :) |
13:51.11 | KatolaZ | yep ;) |
13:54.47 | Leander_ | it sounds quite like what dbus is for, doesn't it? |
13:56.04 | KatolaZ | it does Leander_ |
13:56.06 | KatolaZ | :) |
13:56.06 | *** join/#devuan jathan (~jathan@201.99.106.102) |
13:57.16 | nepugia | i thought dbus's purose was to annoy users? |
13:57.48 | zdzichu | I don't think dbus devs care about users at all |
13:58.04 | zdzichu | annoying them is just an unintended side effect |
13:59.22 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
13:59.36 | *** join/#devuan TemporalBeing (~Ben_Meyer@172-6-231-225.lightspeed.tukrga.sbcglobal.net) |
14:06.32 | *** join/#devuan jathan (~jathan@201.99.106.102) |
14:06.38 | *** join/#devuan MutantTurkey (~calvin@unaffiliated/mutantturkey) |
14:06.41 | MutantTurkey | hello |
14:11.13 | *** join/#devuan furrywolf (~randyg@172.56.38.106) |
14:12.03 | *** join/#devuan TemporalBeing (~Ben_Meyer@72.32.180.178) |
14:12.27 | *** join/#devuan DPA (~irc@75-128-16-94.static.cable.fcom.ch) |
14:12.27 | *** join/#devuan dardevelin (~dardeveli@unaffiliated/dardevelin) |
14:17.11 | *** join/#devuan dardevelin_ (~dardeveli@unaffiliated/dardevelin) |
14:22.27 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-39-168.clienti.tiscali.it) |
14:22.36 | *** join/#devuan aitor (~aitor@213.143.48.86) |
14:23.08 | aitor | No need to have a multithreaded server hanging around doing nothing 99.9% of the time - Detha |
14:23.32 | aitor | the multithreaded server will be hangin only during the click event |
14:23.41 | aitor | hanging :) |
14:24.17 | buZz | :P |
14:24.27 | buZz | i had a dev at work say something similar today |
14:24.40 | buZz | 'its multithreaded, so when a job is running the process is stuck' |
14:24.51 | buZz | i gave up trying to educate them :P |
14:25.55 | DPA | aitor: What is the purpose of the random number again? |
14:26.27 | aitor | save, i'm working... |
14:26.35 | aitor | i'll answer you later :) |
14:28.21 | *** join/#devuan dardevelin__ (~dardeveli@unaffiliated/dardevelin) |
14:28.28 | *** join/#devuan Spass (~malysps@agmn53.neoplus.adsl.tpnet.pl) |
14:37.57 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
14:41.51 | *** join/#devuan IoFran (~Icedove@189.231.74.45) |
14:49.45 | *** join/#devuan avis- (~textual@pdpc/supporter/student/avis) |
14:51.32 | *** join/#devuan Spass_ (~malysps@ayk135.neoplus.adsl.tpnet.pl) |
14:51.38 | *** join/#devuan thehornet (~a0225280@192.91.75.30) |
14:59.16 | *** join/#devuan JohnnRun (~gianni@net94-124-67-2.static.bb.mainsoft.it) |
15:11.11 | *** join/#devuan bluemarlin (~bluemarli@ip-78-45-210-206.net.upcbroadband.cz) |
15:14.28 | *** join/#devuan tarbz2 (~Thunderbi@181.44.20.92) |
15:15.47 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |
15:20.46 | *** join/#devuan Oldmoss (~Oldmoss@anon-40-65.vpn.ipredator.se) |
15:24.18 | *** join/#devuan avis- (~textual@74-115-5-36.anchorfree.com) |
15:31.50 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-39-168.clienti.tiscali.it) |
15:33.31 | *** join/#devuan Spass (~malysps@ayk135.neoplus.adsl.tpnet.pl) |
15:37.02 | *** join/#devuan jathan (~jathan@201.99.106.102) |
15:40.51 | *** join/#devuan reetspetit (~john@239.red-80-59-216.staticip.rima-tde.net) |
15:41.41 | *** join/#devuan ltem (~ltem@h081217057026.dyn.cm.kabsi.at) |
15:43.12 | *** join/#devuan avis-_ (~identd@74.115.5.36) |
15:48.35 | *** join/#devuan kelsoo (~kelsoo@dragora/developer/kelsoo) |
15:52.13 | *** join/#devuan _root_ (~taha@94.183.156.125) |
15:52.13 | *** join/#devuan _root_ (~taha@unaffiliated/root/x-2442832) |
15:54.54 | *** join/#devuan Pali (~pali@Maemo/community/contributor/Pali) |
16:02.35 | _root_ | why retroshare debian file doesn't have plugins in it? |
16:04.01 | *** join/#devuan HaikuUser2 (~mchasard@glg95-h03-89-81-23-36.dsl.sta.abo.bbox.fr) |
16:05.46 | *** join/#devuan aitor (~aitor@213.143.48.77) |
16:06.36 | *** join/#devuan _i486DX2_ (~Devuan@5.86.74.108) |
16:08.24 | aitor | hi |
16:09.11 | aitor | DPA: i need more time for the design of the password dialog with the security key |
16:10.10 | aitor | the design should be similar to the separation of Window_main.cpp and window_main_worker.cpp in the code of simple-netaid-gtk: |
16:10.24 | aitor | https://git.devuan.org/aitor_czr/simple-netaid-gtk/tree/master/src |
16:10.35 | *** join/#devuan HaikuUser2 (~mchasard@glg95-h03-89-81-23-36.dsl.sta.abo.bbox.fr) |
16:11.00 | *** join/#devuan alazred (~alazred@5.92.19.117) |
16:11.00 | *** join/#devuan alazred (~alazred@unaffiliated/alazred) |
16:11.11 | aitor | the code of window_main_worker.cpp is running continuosly in paralell with the main window |
16:13.38 | aitor | calculating at every 40 miliseconds the status of the network connection, and changing the status icon and its label acording to it |
16:14.02 | aitor | now, answering to your question: |
16:14.45 | aitor | as i explained above, the backend will need an integer as an argument in the command line |
16:15.48 | aitor | inmediatly, the backend hangs waiting for this same integer through the port of the socket |
16:17.04 | detha | aitor: what is the purpose of that? i.e., what are you protecting against? |
16:17.14 | aitor | only the user of the GUI can send the same value through these two different channels |
16:17.48 | aitor | you can't run the backend from the command line |
16:18.12 | aitor | only clicking on the connect button of the frontend |
16:19.15 | detha | ehm, if one runs the backend from the command line, with '42' as argument, one can send it 42 over a socket. |
16:19.26 | furrywolf | I missed some context here. why would anything to do with networking need such a weird security thing? |
16:20.21 | aitor | detha: that's true |
16:21.17 | aitor | but it must be sent through the same port |
16:21.56 | detha | aitor: don't know if you've seen my example connecting an ad-hoc backend with pipes, that at least guarantees that nobody interferes |
16:22.09 | furrywolf | and why would you want to force interaction only through a gui? |
16:22.16 | furrywolf | this entire thing seems broken (and idiotic). |
16:22.27 | detha | long and the short of it, whatever the gui can do, another program can do |
16:23.16 | detha | So assume that a standard user can run the backend from the command line, and protect it from anything you don't want a user to be able to do |
16:23.29 | *** join/#devuan peetaur (~peter@p57AAAFD3.dip0.t-ipconnect.de) |
16:27.18 | aitor | detha: this is exactly the case of the backend of simple-netaid |
16:27.20 | aitor | using |
16:27.26 | aitor | switch() |
16:27.30 | aitor | case 1: |
16:27.34 | aitor | case2: |
16:27.37 | *** join/#devuan DGMurdockIII (~dgmur@c-73-146-35-181.hsd1.in.comcast.net) |
16:27.38 | aitor | etc... |
16:28.10 | *** join/#devuan Lydia_K (~Lydia_K@li328-145.members.linode.com) |
16:29.35 | golinux | Morning Lydia_K |
16:31.38 | detha | aitor: in that case, all the extras are not worth it. It is nice to protect comms between gui and frontend from random processes lying in wait to inject extra commands, but in the end, the backend should not be able to do anything you don't want the user to do |
16:31.54 | detha | s/frontend/backend/ |
16:33.47 | *** join/#devuan jathan (~jathan@201.99.106.102) |
16:33.57 | aitor | so, what's the conclusion? |
16:34.05 | aitor | socket or no socket? |
16:34.49 | Leander_ | as detha said: if you don't want the user to be able to perform an action, then the backend must not be able to perform it either |
16:35.22 | detha | network sockets open a whole new can of worms, because without something like selinux or apparmor you can't prevent anybody, even 'guest', from sending stuff. |
16:35.38 | detha | unix sockets is an option |
16:36.00 | detha | passing key material on the command line is not an option |
16:39.12 | *** join/#devuan cyteen (~cyteen@155.28.93.209.dyn.plus.net) |
16:39.37 | *** join/#devuan zono50 (~zono50@67.197.149.18) |
16:39.49 | *** join/#devuan Sleaker (~quassel@2604:880:a:7::e1b) |
16:40.16 | zono50 | hello everyone, I was hoping there is someone here who can assist me with a problem i'm having |
16:41.10 | fsmithred | try stating the problem and hanging around for awhile |
16:41.27 | zono50 | When I boot my pc, it boots into tty1 command line login, I have to manually sudo service kdm restart for kdm to load. I've reinstalled kdm and kde-full, but everytime i boot, it goes straight to command line login |
16:41.29 | aitor | zono50: are you cooking? |
16:41.51 | zono50 | I recently upgraded my kernel to 4.9 |
16:42.57 | fsmithred | you could mess around with update-rc.d to figure out when the service is supposed to be started and stopped. |
16:43.31 | fsmithred | or you could install sysv-rc-conf and see a table showing all services and what runlevels they run on |
16:43.41 | fsmithred | maybe kdm is just turned off |
16:43.56 | zono50 | well when i do sudo service kdm start it says it's already running |
16:44.01 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
16:44.02 | fsmithred | oh |
16:44.06 | fsmithred | try restart |
16:44.26 | KatolaZ | zono50: did it work previously? |
16:44.36 | KatolaZ | zono50: I mean, before the kernel upgrade? |
16:44.37 | zono50 | i've rebooted multiple times, it auto directs to console login everytime, and if i try to do CTRL+ALT+F7, i get a blinking cursor unless i restart kdm service |
16:44.56 | *** join/#devuan peetaur (~peter@p57AAAFD3.dip0.t-ipconnect.de) |
16:46.00 | fsmithred | can kde be started without kdm? stop it and run startx (or is there a startkde command?) |
16:46.35 | KatolaZ | zono50: there is nothing in the 8th virtual terminal as well, right? |
16:47.55 | zono50 | i'm not sure, i'm not an expert at this stuff |
16:48.40 | zono50 | i installed sysv-rc-conf, how do i load it |
16:49.31 | aitor | detha: then, in your opinion, is it better to send the essid and the password through the local host or not? |
16:51.43 | zono50 | ok so on sysv-rc-conf kdm has an x on run levels 2, 3, 4, 5, |
16:53.09 | fsmithred | that's correct |
16:53.17 | fsmithred | try ctrl-alt-F8 |
16:53.20 | fsmithred | or even F9 |
16:53.43 | fsmithred | q to quit sysv-rc-conf |
16:54.02 | zono50 | ctrl alt f8 gives a blinking cursor, and f9 does nothing |
16:54.03 | detha | aitor: personally, I would fork off a suid binary and send it the interface+ESSID+password through a pipe. Or, if you opt for a daemon, have the daemon open a socket in /var/run/simple-net/cmd, and have the gui write to that. |
16:55.19 | fsmithred | as root, grep EE /var/log/Xorg.0.log |
16:55.55 | Leander_ | aitor: just to make sure, did you look into "unix sockets" or do you think they're IP sockets with another name (they are not)? |
16:56.14 | zono50 | (WW) warning, (EE) error, (NI) not implemented, (??) unknown |
16:56.42 | Leander_ | the complete name is actually unix domain socket |
16:57.08 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
16:57.16 | aitor | detha: i'm reading this tutorial: |
16:57.17 | aitor | https://www.tutorialspoint.com/unix_sockets/network_addresses.htm |
16:57.58 | fsmithred | yeah, that's the key. I guess you got no error. |
16:58.21 | fsmithred | stop kdm and try startx |
16:58.36 | zono50 | so sudo service start startx? |
16:58.40 | fsmithred | no |
16:58.48 | fsmithred | sudo service kdm stop |
16:59.03 | fsmithred | and then 'startx' just one word |
16:59.07 | zono50 | ok brbr |
16:59.09 | aitor | thanks, detha, need to go |
16:59.12 | aitor | see you later |
16:59.44 | detha | aitor: that looks like network sockets, mostly. |
17:00.05 | *** join/#devuan zono50 (~zono50@67-197-149-18.fttp.sta.comporium.net) |
17:00.08 | aitor | another link? |
17:00.14 | zono50 | startx brought the gui up |
17:00.20 | *** join/#devuan alazred (~alazred@unaffiliated/alazred) |
17:00.50 | aitor | bye: 19:00 :) |
17:03.13 | *** join/#devuan jathan (~jathan@201.99.106.102) |
17:04.16 | *** join/#devuan ChubYann (~ChubYann@LFbn-1-8790-85.w193-250.abo.wanadoo.fr) |
17:07.44 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-39-168.clienti.tiscali.it) |
17:08.10 | detha | in case I miss him, please point aitor to https://troydhanson.github.io/network/Unix_domain_sockets.html |
17:13.53 | *** join/#devuan kelsoo (~kelsoo@dragora/developer/kelsoo) |
17:16.27 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |
17:18.03 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
17:19.03 | *** join/#devuan zono50 (~zono50@67-197-149-18.fttp.sta.comporium.net) |
17:20.07 | zono50 | <PROTECTED> |
17:20.31 | zono50 | on boot, kdm is already runninng, but requires a manual restart of kdm to show on the screen |
17:26.22 | *** join/#devuan amphi (~amphi@222.red-81-32-135.dynamicip.rima-tde.net) |
17:29.17 | *** join/#devuan firegarden (~dionysos@net-2-44-128-132.cust.vodafonedsl.it) |
17:29.45 | fsmithred | sounds like the problem is with kdm |
17:30.03 | fsmithred | I don't know if there are any bug reports on it. |
17:30.16 | fsmithred | I can think of a few workaround solutions. |
17:30.36 | fsmithred | oh, I'm talking to the wall. |
17:34.53 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
17:40.24 | *** join/#devuan zono50 (~zono50@67-197-149-18.fttp.sta.comporium.net) |
17:41.09 | *** join/#devuan snux (~snux@net-5-95-198-148.cust.vodafonedsl.it) |
17:46.46 | *** part/#devuan Oldmoss (~Oldmoss@anon-40-65.vpn.ipredator.se) |
17:51.26 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-39-168.clienti.tiscali.it) |
18:00.01 | grillon | by bye |
18:00.04 | *** part/#devuan grillon (~grillon@94.177.239.76) |
18:01.16 | *** join/#devuan bluemarlin (~bluemarli@ip-78-45-210-206.net.upcbroadband.cz) |
18:04.23 | *** join/#devuan Akuli (~Akuli@mobile-access-5d6a33-21.dhcp.inet.fi) |
18:13.58 | *** join/#devuan Chanku (~Chanku@2602:306:32a0:d690:21b:77ff:fea3:4a99) |
18:14.19 | *** join/#devuan kelsoo1 (~kelsoo@dragora/developer/kelsoo) |
18:14.47 | *** join/#devuan alazred (~alazred@176.246.39.0) |
18:14.48 | *** join/#devuan alazred (~alazred@unaffiliated/alazred) |
18:15.01 | *** join/#devuan Oldmoss (~Oldmoss@testbed-users.calyx.net) |
18:20.12 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
18:20.28 | *** join/#devuan bn_ (~bn_@c-65-50-70-13.hs.gigamonster.net) |
18:29.00 | *** join/#devuan jathan (~jathan@201.99.106.102) |
18:31.26 | zono50 | what's the best way to update to kde 5.9 from devuan? |
18:34.59 | *** join/#devuan jathan (~jathan@201.99.106.102) |
18:39.30 | nepugia | if you use jessie i doubt there is an easy way, for ascii you might be able to compile it yourself (if it is not in the repositories) |
18:44.57 | DPA | I once tried to make a server with workers, each as their own process. I first made a library which allows arbitrary numbers of programm entry points: https://github.com/Daniel-Abrecht/worker . Afterwards, I masivly extended it in an attemp to make a server framework: https://dpa.li/server/ . At the begining it looked really promising, I made an API for message handlers for workers which where able to recive |
18:45.03 | DPA | file descriptors and pointers using an anonymus unix socket and a signal in the background: https://dpa.li/server/src/example/example.c . The idea was to process datas from incomming tcp connections by pipeing datas using filedescriptors between different workers which processed different parts of the input: https://dpa.li/server/src/stream/tcpserver.c . It looked really promising at the begining, but the |
18:45.08 | *** join/#devuan peetaur2 (~peter@p200300E10BC85C001C8C32FFFE073D39.dip0.t-ipconnect.de) |
18:45.09 | DPA | concept turned out to be fundamentally flawed, because it was impossible to use the file descriptors without risking the worker waiting for enough datas forever and the code not becoming a total mess. After I noticed that, I abandonend that project and removed it from github. However, there is one thing that may be from interest now, the generation of an anonymus unix socket pair: socketpair( PF_UNIX, |
18:45.15 | DPA | SOCK_DGRAM, 0, socket_pair ) and the inheritance of it after a fork. I know that if a process starts another programm, any filedescriptor without the FD_CLOEXEC flag will be inherited. I don't know if this applies to unix sockets too, but if it does, it allows for the exchange of datas and filedescriptors between a program started by another program without having a named socket, a opened port or a file |
18:45.21 | DPA | laying around. No other process could interfere with the connection (except one that attaches to one of the programs using ptrace). |
18:52.05 | zono50 | what's the preferred display and window manager for devuan? is devuan stopping support for kde at kde4? |
18:59.36 | *** part/#devuan Oldmoss (~Oldmoss@testbed-users.calyx.net) |
19:04.36 | nepugia | lightdm maybe? kde works fine (kde4) it only is not a default install option |
19:11.25 | golinux | KDE5 is in the repos but there are some gottchas. Like not being able to unlock screen which is a show stopper (in ascii) |
19:11.46 | golinux | TDE is in process of being packaged |
19:12.04 | golinux | zono50: ^^^ |
19:13.53 | zono50 | ah I gotcha |
19:15.28 | zono50 | which package do i need to install, is it included in the main repositories |
19:16.17 | nepugia | kde-full for alllll stuff afaik |
19:16.52 | nepugia | kde-task-desktop is what the installer would do, if it is still available |
19:17.20 | zono50 | thanks |
19:19.28 | zono50 | so devuan is working on bringing over kde 5 then? if so than I can wait til the bugs are out |
19:28.52 | nepugia | kde5 will not be in jessie, you can use it in ascii :), but i did not test it so i do not know how stable it is |
19:29.43 | zono50 | well not being able to unlock the screen is definitely a deal breaker |
19:30.55 | zono50 | is kde5 in the kde-full package in ascii? |
19:31.44 | nepugia | fix it :), personally it is not since it does not matter at most of my installs since keyboard acces is more then enough to take over the system regardless of whether kde can lock the screen of not |
19:31.57 | nepugia | pretty sure ascii only has kde5 |
19:34.09 | *** join/#devuan greenjeans (~greenjean@45.53.139.135) |
19:34.48 | *** join/#devuan alazred (~alazred@5.91.223.183) |
19:34.49 | *** join/#devuan alazred (~alazred@unaffiliated/alazred) |
19:35.57 | *** join/#devuan cocoadaemon (~foo@2a01:e35:8a99:e90:1202:b5ff:fe91:e4ca) |
19:40.11 | zono50 | what's the best way to upgrade from jessie to ascii? |
19:40.49 | fsmithred | replace "jessie" with "ascii" in sources.list, update and upgrade and dist-upgrade |
19:41.06 | fsmithred | and you might need to upgrade kernel separately |
19:41.15 | zono50 | i updated kernel to 4.9 yesterday |
19:41.32 | fsmithred | from backports or ascii? |
19:42.24 | zono50 | neither, from linus torvalds git site |
19:42.28 | zono50 | 4.9 rc8 |
19:42.33 | fsmithred | oh |
19:43.07 | fsmithred | you doing that just so you can have kde? |
19:44.02 | *** join/#devuan tarbz2 (~Thunderbi@181.44.20.92) |
19:44.40 | nepugia | 4.9 rc8 is not a 4.9 kernel |
19:46.43 | zono50 | oh wait nevermind that was the previous version, i have 4.9.0-0.bpo.2-amd64 |
19:47.01 | nepugia | that is the jessie-backports kernel |
19:47.12 | fsmithred | ok, so get the ascii kernel when you're finished upgrading |
19:47.22 | fsmithred | but I ask again, are you upgrading just for kde? |
19:47.32 | zono50 | pretty much |
19:47.54 | fsmithred | just use a different display manager instead |
19:48.25 | fsmithred | wish I could find it, but I did install kde recently, and I seem to remember that I couldn't get kdm to work |
19:49.04 | zono50 | yeah, i had to restart service manually, so i was told to set sudo service kdm start in rc.local and now the gui boots up as normal |
19:51.27 | nepugia | why use a dm at all? :p |
19:52.10 | djph | nepugia: more terminals? |
19:52.39 | nepugia | having a dm gives you less tty's to use not more |
19:52.44 | fsmithred | so you don't have to be root to shut down |
19:53.16 | nepugia | fsmithred: tested, does not have anything to do with the dm |
19:53.31 | DusXMT | yeah, that's policykit |
19:54.16 | fsmithred | ok, but it's easier to be root than to use dbus commands |
19:54.29 | nepugia | djph: you can have more tty's if you want , up to 36 accesivly by the keyboardbi thibk |
19:55.07 | nepugia | fsmithred: what are you on about? in bith cases you can use roor and dbus :3, does not affect the dm |
19:55.31 | fsmithred | ok, well in xfce, the shutdown buttons don't work if you aren't using a dm |
19:55.59 | nepugia | intetesting, i do not have experiemce woth xgce |
19:56.12 | djph | nepugia: okay, "more ttys that're on the screen at once" |
19:56.54 | nepugia | djph: that is just X itself :), you do not need a dm to get an x session |
19:57.19 | DusXMT | fsmithred: Try this in your .xinitrc: ck-launch-session dbus-launch --sh-syntax --exit-with-session xfce4-session |
19:57.19 | djph | pretty sure x is the display manager ... |
19:57.20 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
19:57.25 | djph | *is a |
19:57.41 | djph | but then again, I've been known to be very wrong more than not |
19:57.47 | fsmithred | DusXMT, sudo halt is easier |
19:57.49 | fsmithred | lol |
19:57.57 | DusXMT | hmm, that commands appears not to exist on devuan jessie |
19:58.05 | DusXMT | https://wiki.gentoo.org/wiki/Xfce#startx |
19:58.38 | fsmithred | I've got some dbus commands that do work in jessie. I've used them with openbox and icewm. |
19:58.40 | nepugia | no dm has a different terminology :), x is i think called the display server or something (granted i could be wrong aswell) |
19:59.35 | nepugia | fsmithred can you add them to the xfce menu? if so we could put them into the default xfce so a dm is not neccesesarily needed |
20:00.20 | fsmithred | first we need to fix the fact that you must have a dm in ascii. (unless that's changed in the last couple of months) |
20:06.05 | *** join/#devuan telmich (~deadghost@vm116-cluster2.place4.ungleich.ch) |
20:06.05 | *** join/#devuan telmich (~deadghost@gpm/telmich) |
20:06.47 | *** join/#devuan bluemarlin (~bluemarli@ip-89-103-101-135.net.upcbroadband.cz) |
20:06.52 | fsmithred | I'm trying that now |
20:07.14 | bluemarlin | hi there |
20:07.21 | fsmithred | hi |
20:07.56 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-39-168.clienti.tiscali.it) |
20:09.04 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
20:12.52 | *** join/#devuan decoy_N3g3v (~decoy_N3g@KD118157015215.ppp-bb.dion.ne.jp) |
20:25.10 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
20:25.35 | *** join/#devuan chomwitt1 (~chomwitt@athedsl-351929.home.otenet.gr) |
20:41.42 | *** join/#devuan decoy_N3g3v (~decoy_N3g@89.160.93.123) |
20:42.01 | *** join/#devuan fsmithred (~fsmithred@68-184-46-18.dhcp.oxfr.ma.charter.com) |
20:45.38 | fsmithred | ok, startx does work in ascii. |
20:48.38 | nepugia | why wouldnt it? |
20:49.03 | fsmithred | don't really know, but it didn't work a few months ago when I installed ascii |
20:49.15 | fsmithred | had to install a dm |
20:51.14 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
20:56.15 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |
20:57.26 | parazyd | fsmithred: works but you have to run x as root |
20:57.45 | parazyd | meaning, /usr/bin/Xorg needs the suid bit as root |
20:58.25 | fsmithred | yeah, that's done by xserver-xorg-legacy, isn't it? |
20:58.48 | parazyd | no |
20:58.58 | parazyd | it works vanilla |
20:59.14 | parazyd | if you install xinit with no-recommends it pulls the minimum needed |
20:59.26 | parazyd | forget legacy |
20:59.40 | fsmithred | what is that for? |
21:00.10 | parazyd | for some obsolete support |
21:00.16 | fsmithred | ok, I just removed it |
21:00.18 | parazyd | the Xwrapper thingie in /etc/x11 |
21:00.21 | fsmithred | and now startx doesn't work |
21:00.31 | parazyd | ls -l /usr/bin/Xorg |
21:00.52 | fsmithred | can't copy/paste |
21:00.57 | parazyd | is it suid? |
21:01.02 | fsmithred | no |
21:01.08 | parazyd | then do it |
21:01.08 | fsmithred | -rwxr-xr-x |
21:01.41 | parazyd | you might also have to be in the video group |
21:01.47 | parazyd | (and also input) |
21:02.14 | nepugia | video is only needed for 3d acceleration, input only for input afaik |
21:02.23 | nepugia | xorg schould start anyway |
21:02.55 | parazyd | you'll usually want both ;) |
21:03.31 | parazyd | also xorg is dumb and if the system has /dev/dri it will fail if you have no perms |
21:03.35 | nepugia | usually yes, but whether startx works or not schould not affect this :) |
21:03.39 | fsmithred | Description: setuid root Xorg server wrapper |
21:04.08 | *** join/#devuan peetaur (~peter@p200300E10BC85C001C8C32FFFE073D39.dip0.t-ipconnect.de) |
21:04.20 | parazyd | fsmithred: can you remove the suid bit for a sec? |
21:04.25 | parazyd | add yourself to video and input |
21:04.35 | fsmithred | I don't see a setuid bit |
21:04.36 | parazyd | then chown :input /usr/bin/Xorg ; chmod g+s /usr/bin/Xorg |
21:04.47 | parazyd | i wonder if that will work |
21:05.00 | parazyd | (make sure you relog when you get added to the groups) |
21:05.03 | fsmithred | ok |
21:05.15 | fsmithred | already in video, will add input |
21:05.19 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
21:06.02 | golinux | nepugia: I stand corrected KDE4 is in jessie repos. |
21:06.49 | fsmithred | no screens found |
21:06.55 | nepugia | yea, i use it on 2 installs :) |
21:07.24 | parazyd | fsmithred: i see, yeah no point then. you would need to write an xorg.conf |
21:07.40 | nepugia | no screens found os such a bs error, was always something with video drivers for me though |
21:07.42 | fsmithred | haven't done that in awhile |
21:07.44 | parazyd | however if you put the root suid bit on it's going to work |
21:07.57 | parazyd | chmod +s /usr/bin/Xorg |
21:08.12 | parazyd | i'd also chown it back to root:root |
21:08.35 | nepugia | you schould not need an xorg conf at all, only if you have a not qwerty keyboard layout or need a different video driver |
21:09.33 | fsmithred | shouldn't I see an s in the perms? |
21:09.40 | parazyd | you should |
21:09.54 | parazyd | srwxr-x-x i guess |
21:10.00 | fsmithred | nope |
21:10.08 | parazyd | what? |
21:10.10 | parazyd | how |
21:11.10 | fsmithred | I'll do it again |
21:11.25 | nepugia | i use xorg in jessie , my Xorg does not have an s in the front |
21:11.30 | parazyd | add -v to chmod/chown |
21:11.34 | nepugia | startx* |
21:11.36 | parazyd | maybe it shows you what happens |
21:11.40 | fsmithred | ok, it worked second time |
21:11.45 | parazyd | :) |
21:11.48 | parazyd | weird :D |
21:12.03 | fsmithred | yeah, I can still see the command, and I typed it correctly both times |
21:12.07 | parazyd | haha |
21:12.38 | fsmithred | still won't go |
21:12.44 | parazyd | what's it say? |
21:13.33 | parazyd | ran xorg without a login manager on ascii a few days ago |
21:13.38 | fsmithred | oh this is new: check /home/user/.local/share/xorg.Xorg.0.log |
21:14.13 | fsmithred | no screens, unable to connect, error (1) |
21:14.20 | fsmithred | operation not permitted |
21:14.27 | parazyd | drmSetMaster? |
21:14.32 | fsmithred | failed to set IOPL for I/0 |
21:14.35 | fsmithred | O |
21:14.40 | parazyd | oh |
21:14.45 | parazyd | what kernel are you using? |
21:14.59 | fsmithred | wow |
21:15.01 | fsmithred | 4.6 |
21:15.09 | fsmithred | guess I should upgrade that |
21:15.14 | parazyd | try |
21:15.34 | parazyd | but you'll have to reboot of course, then you lose it |
21:16.16 | greenjeans | upower |
21:16.36 | *** join/#devuan _william_ (~william@LFbn-1-525-115.w86-245.abo.wanadoo.fr) |
21:16.55 | fsmithred | mepower? |
21:17.20 | greenjeans | lol, yep, just for u fsr |
21:17.35 | fsmithred | thanks, I need some power. |
21:19.08 | greenjeans | upower is apparently the reason for hibernation bug in Mate, also problem with mate-power-manager not working properly and not reading battery info |
21:19.54 | greenjeans | working on vuu-do mate |
21:20.12 | greenjeans | i think maybe I should have left xfce power manager in |
21:21.39 | *** join/#devuan hightower4 (~hightower@247-185.dsl.iskon.hr) |
21:22.07 | greenjeans | is newer upower no good for some reason? we are using a version that's like 7 years old |
21:23.12 | fsmithred | same error: failed to set IOPL for I/O |
21:23.18 | greenjeans | 7 years old this month in fact |
21:23.37 | greenjeans | gnome 2 was still around when this version of upower was made |
21:23.44 | greenjeans | lol |
21:27.21 | *** join/#devuan TemporalBeing (~Ben_Meyer@172-6-231-225.lightspeed.tukrga.sbcglobal.net) |
21:27.30 | *** join/#devuan aitor (~aitor@213.143.48.78) |
21:27.35 | aitor | hi |
21:28.50 | fsmithred | parazyd, any other ideas? |
21:28.54 | fsmithred | hi aitor |
21:29.09 | aitor | hi |
21:29.09 | parazyd | fsmithred: tomorrow, when i get to a proper machine |
21:29.16 | fsmithred | ok |
21:31.58 | *** join/#devuan Oldmoss (~Oldmoss@anon-46-32.vpn.ipredator.se) |
21:33.52 | greenjeans | hi aitor |
21:34.45 | aitor | an explanation for the "probable" sense of the security key of simple-netaid is needed, even appearing absurd |
21:35.06 | aitor | hi, greenjeans :) |
21:37.16 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
21:37.51 | *** join/#devuan Katnija (~KittenGNU@unaffiliated/kittengnu) |
21:38.13 | aitor | the quid of the question is: |
21:38.45 | aitor | which way is more secure for sending data? |
21:39.16 | *** join/#devuan AntoFox (~Thunderbi@dynamic-adsl-78-12-39-168.clienti.tiscali.it) |
21:39.36 | aitor | args in the command line, or the socket? |
21:41.10 | aitor | imagine a hacker trying to steal your password |
21:46.06 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |
21:48.11 | *** join/#devuan Capricornus (~Devuan@94.165.92.46) |
21:55.13 | *** join/#devuan aitor (~aitor@229.85-84-19.dynamic.clientes.euskaltel.es) |
21:55.30 | greenjeans | pesky hackers |
21:55.35 | fsmithred | brb |
21:55.37 | aitor | sorry, i lost my network connection |
21:55.37 | *** join/#devuan dardevelin__ (~dardeveli@unaffiliated/dardevelin) |
21:55.37 | *** part/#devuan fsmithred (~fsmithred@68-184-46-18.dhcp.oxfr.ma.charter.com) |
21:56.41 | *** join/#devuan bpmedley (~bpm@c-24-72-144-105.ni.gigamonster.net) |
21:57.55 | greenjeans | http://www.mrgreenjeans.net/linux/vuudo/openbox/64-RC/ |
21:58.38 | *** join/#devuan fsmithred (~fsmithred@68-184-46-18.dhcp.oxfr.ma.charter.com) |
21:59.16 | aitor | if your answer is: the command line is more secure, then we need to check if the person sending those args is the same person connected to the port |
22:00.41 | aitor | otherwise, the args will be sent through the socket and the security key has no sense in such case, obviously |
22:01.15 | *** join/#devuan aitor_ (~aitor@229.85-84-19.dynamic.clientes.euskaltel.es) |
22:01.25 | nepugia | if i dont have security it cant be broke, meheh |
22:01.33 | nepugia | n* |
22:02.04 | aitor | what's your opinion? |
22:02.24 | aitor | i'm a newbye in security stuff |
22:03.53 | parazyd | aitor: why don't you use asymmetric key encryption? |
22:04.09 | parazyd | still doesn't know the usecase of this whole discussion |
22:05.18 | *** join/#devuan Oldmoss (~Oldmoss@anon-46-32.vpn.ipredator.se) |
22:05.29 | aitor | encryptation? |
22:06.07 | parazyd | encryption |
22:06.21 | aitor | quantum computers will break them in a few minuts, in the future |
22:06.30 | Leander_ | no they won't |
22:06.32 | parazyd | lol |
22:06.55 | aitor | that's the true |
22:07.26 | parazyd | then use post quantum cryptography ;) |
22:07.36 | Leander_ | *if* a real quantum computer is created, it will be able to break *some* encryption schemes (hello RSA) with specific key strengths |
22:08.23 | Leander_ | it's slightly more complicated than just "everything will be broken" |
22:08.35 | parazyd | "slightly" |
22:10.22 | aitor | bye, VUAs |
22:10.32 | aitor | i hate you |
22:10.44 | aitor | i love you :) |
22:10.48 | parazyd | <3 |
22:11.22 | parazyd | Leander_: what is he doing? |
22:12.04 | Leander_ | err... I don't know |
22:12.51 | Leander_ | what's VUA? |
22:13.05 | fsmithred | Veteran Unix Admins |
22:13.08 | fsmithred | as in |
22:13.13 | fsmithred | deVUAn |
22:14.25 | parazyd | "when i was in 'nam...' |
22:14.42 | parazyd | loves 'nam flashbacks in trash b-movies |
22:15.01 | Capricornus | hands parazyd some napalm |
22:15.16 | Capricornus | smell it in the morning |
22:15.30 | parazyd | grins |
22:15.41 | Capricornus | .) |
22:16.06 | greenjeans | i think devuan's current version of upower is 'nam-era |
22:16.25 | Leander_ | anyway, he has this strange security scheme in mind, that's he's been trying to deal with all day long |
22:17.22 | MinceR | the 'nam-shub of Enki |
22:17.30 | parazyd | weird indeed. i understand he's doing some nework management tool |
22:19.04 | *** join/#devuan reetspetit (~john@194.149.220.77) |
22:19.44 | *** join/#devuan reetp_x5 (~john@239.red-80-59-216.staticip.rima-tde.net) |
22:38.17 | *** part/#devuan stroucki (~luser@gunkai.ascient.net) |
22:46.31 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
22:51.28 | *** join/#devuan baird (~cjb@ppp121-44-255-244.bras2.syd2.internode.on.net) |
22:56.30 | *** join/#devuan Xenguy (~Xenguy@unaffiliated/xenguy) |
23:00.05 | *** join/#devuan zono50 (~zono50@67-197-149-18.fttp.sta.comporium.net) |
23:01.21 | zono50 | i'm trying to install nvidia drivers, but it can't find the 32 bit libraries. |
23:01.36 | zono50 | i have multiarch-support installed, and did sudo apt-get update, but it's still not working |
23:02.46 | Sleaker | zono50: if you're on a 64bit kernel you can't use 32 bit drivers. |
23:03.30 | Sleaker | multi-arch support is so you can run 32bit applications on the 64bit machine, not for hardware support. |
23:03.52 | Sleaker | zono50: which nvidia driver/distro? |
23:04.50 | zono50 | 375.66 geforce gtx 980 ti |
23:04.50 | Sleaker | oh I'm not in ##linux. haha |
23:04.54 | *** join/#devuan blueness (~blueness@gentoo/developer/blueness) |
23:04.55 | Sleaker | and this is jessie? |
23:05.02 | Sleaker | err eres. |
23:05.04 | Sleaker | ceres* |
23:05.07 | zono50 | yes jessie |
23:05.20 | Sleaker | k |
23:05.36 | zono50 | i've installed them before, but it seems to be hit or miss, sometimes it does it, sometimes it doesn't |
23:05.49 | Sleaker | you installing the official nvidia driver? |
23:06.08 | zono50 | yes |
23:06.53 | Sleaker | hmm yah I haven't tried to use the official one on a recent system. I've always had pre-packed binaries. |
23:07.17 | Sleaker | I thought you might have been trying to install a i386 package or something. |
23:11.18 | nepugia | the driver is in devuan repos aswell, if you need a recent version you can use the one in the non-free section of jessie-backports (i kinda recomend installing it from there, seems to work better for me) |
23:11.28 | *** join/#devuan NewGnuGuy (~NewGnuGuy@72.34.178.41) |
23:16.00 | *** join/#devuan para123 (c4345438@gateway/web/freenode/ip.196.52.84.56) |
23:21.09 | *** join/#devuan rrq (~ralph@60-242-139-200.static.tpgi.com.au) |
23:32.58 | *** join/#devuan Besnik_b (~Besnik@athedsl-4367270.home.otenet.gr) |
23:33.02 | *** part/#devuan Oldmoss (~Oldmoss@anon-46-32.vpn.ipredator.se) |
23:33.30 | *** join/#devuan Spass (~malysps@ayk135.neoplus.adsl.tpnet.pl) |
23:41.56 | *** join/#devuan furrywolf (~randyg@172.56.38.186) |
23:59.59 | *** join/#devuan jathan (~jathan@201.99.106.102) |