AMDmi3 | KatolaZ_: fetch attampt is performed once in around 3 hours, and out of latest 10 attempts there are 4 or 5 failures | 00:17 |
---|---|---|
golinux | AMDmi3: It is recommended to use the releasename because Devuan and Debian are not always in sync. | 00:18 |
golinux | So try with jessie rather than oldstable. | 00:19 |
AMDmi3 | golinux: but 403 seem to be a problem anyway. I don't care of synchronization to Debian, it's just that release aliases are more convenient for Repology as I don't need to update them for new releases | 00:28 |
Vajb | I have noticed a strange feature in my devuan mate desktop. When screen is locked and blanked and I press a button. It shows my desktop a while before reverting to login prompt. Is ther a way to prevent my desktop showing? | 01:03 |
gnarface | Vajb: hard to say, as i don't use mate, but it could be a compositing issue or a video driver issue in theory... do you have any other place to test it for the same behavior? maybe on something with a different brand of video card? | 02:13 |
DocScrutinizer05 | parazyd: ping | 02:14 |
gnarface | Vajb: oh, if you're using xscreensaver for this, it's probably also worth trying to disable "X damage" and screenshotting the desktop | 02:15 |
gnarface | could be a race condition related to how it caches those | 02:15 |
Digit | i see that mpv bug i mentioned earlier's been fixed upstream https://github.com/mpv-player/mpv/issues/5890 | 04:36 |
* man_in_shack waves | 09:07 | |
man_in_shack | eudev package in ceres/unstable is bitching about my kernel | 09:07 |
man_in_shack | reckons udev "since r198" won't work which is a blatant lie :P | 09:08 |
man_in_shack | checked my /proc/config.gz and all the CONFIG_s it's looking for are =y | 09:09 |
man_in_shack | ok | 09:36 |
man_in_shack | think i've found a side-effect of removing systemd that's not covered (yet) | 09:37 |
man_in_shack | gvfs expects /run/user/$UID to exist but this is something normally handled by pam-systemd | 09:37 |
man_in_shack | huh | 09:43 |
man_in_shack | openrc, why do you think alsa-utils needs networking? | 09:43 |
man_in_shack | and lm-sensors? | 09:43 |
man_in_shack | ok, haven't tracked down my gvfs-fuse issue | 10:16 |
man_in_shack | but creating /run/user/$UID via a pam_exec script, now there's gnupg in there | 10:18 |
man_in_shack | welp that was fun | 10:21 |
man_in_shack | looks like it was netatalk creating random files again | 10:22 |
man_in_shack | fucking .AppleDouble files | 10:22 |
man_in_shack | and gvfsd-fuse is now in ~/.gvfs as it should be | 10:23 |
man_in_shack | so there's something funky going on with my network boot scripts | 10:57 |
man_in_shack | looks like something to do with switching to eudev | 10:58 |
man_in_shack | could also be a bios bug | 11:18 |
man_in_shack | fuuuuun | 11:18 |
booyah | /trololo.uefi | 11:24 |
* man_in_shack agrees with booyah | 11:48 | |
booyah | A:/ Problem? [Yes, No, Abort, Fail, Try Again] | 11:49 |
man_in_shack | hm | 11:56 |
man_in_shack | trying with new initscripts | 11:56 |
man_in_shack | nope | 11:57 |
man_in_shack | something still confusing the network boot script | 11:57 |
man_in_shack | init-system-helpers? | 12:00 |
* man_in_shack flails at man_in_shack | 12:00 | |
DocScrutinizer05 | parazyd: ping | 14:58 |
DocScrutinizer05 | !seen parazyd | 14:59 |
infobot | parazyd is currently on #devuan #maemo, last said: 'It can even resize a partition in use.'. | 14:59 |
DocScrutinizer05 | :-S subpar implementation | 14:59 |
EHeM | The mirror 37.220.36.58 of us.deb.devuan.org is continues to give 403 Forbidden errors. | 18:29 |
EHeM | ^is^still | 18:30 |
golinux | KatolaZ: ^^^ | 18:32 |
nailyk_matrix | hi all. As suggested I set up my source.list with pkgmaster.devuan.org . Right now it is resolving to prod.debian.map.fastly.net. Looks like ipv6 is broken on this host. | 18:42 |
EHeM | Where did you see "pkgmaster.devuan.org"? (it needs to be hunted down and fixed) Currently you want deb.devuan.org. | 18:44 |
nailyk_matrix | here. Someone suggested me to use this | 18:45 |
nailyk_matrix | same as in the migration guide: https://devuan.org/os/documentation/dev1fanboy/migrate-to-ascii | 18:46 |
golinux | nailyk_matrix: I alerted the maintainer of that guide to make those changes but guess he never did. | 19:21 |
golinux | I will try to do it later today. | 19:21 |
Humpelstilzchen | 1 | 19:21 |
nailyk_matrix | golinux: any chance I can do it? | 19:22 |
golinux | You would have to have proper permissions to do so. | 19:24 |
golinux | And if you have ever looked at the code for the website, you might not be so eager to offer. It is a veritable hairball. | 19:25 |
nailyk_matrix | xD Thanks then :) | 19:25 |
* EHeM has a feeling #devuan has been telling people to correct the hostname, but missing the step of asking of original information source to correct those. | 19:25 | |
DocScrutinizer05 | parazyd: ping | 19:41 |
Wonka | *sigh* Failed to fetch http://deb.devuan.org/merged/dists/ceres/InRelease: 403 Forbidden [IP: 37.220.36.58 80] | 20:10 |
Wonka | I mean, anything. But 403??!? | 20:11 |
golinux | KatolaZ: ^^^ | 20:35 |
waydot | also the cert is wrong | 20:38 |
Wonka | what cert? | 20:38 |
waydot | at deb.devuan.org | 20:39 |
waydot | tls | 20:39 |
waydot | for https | 20:39 |
Wonka | ah. hm. well, "deb https" is not widely spread luckily - integrity of "deb http" is still assured by gpg signature, so why bother. | 20:47 |
waydot | *shrug* i just used my browser to check what happens ... due to hsts it's a showstopper | 20:51 |
gnarface | i think that's a known issue | 20:54 |
gnarface | or at least, people were complaining about https breaking their sources.list file before | 20:54 |
gnarface | i forget if it ended up getting blamed on their ISP or amprolla ... | 20:54 |
gnarface | but yea for the most part, the security risk is minimal... it exposes your package selection to eavesdroppers but gpg should protect you from any weaponized man-in-the-middle attacks | 20:56 |
gnarface | now, if you start getting spurious gpg validation errors from those packages... don't ignore/silence them. it's important to know at that point you ARE under attack by someone stupid/desperate/rich | 20:57 |
Wonka | ack | 20:57 |
gnarface | usually 2 of 3 of those at once is a bad combination | 20:58 |
gnarface | so far i haven't seen any conclusive proof of this type of persistent attack attempt reported in the wild | 20:59 |
gnarface | the https thing i recall from earlier i think we finally chalked it up to a bug or misconfiguration, i'm just not sure who it got blamed on | 20:59 |
golinux | Does https even work on deb.devuan.org? I thought it didn't, at least at one time. | 21:00 |
gnarface | hmmm. you're right, when that came up it was even before the introduction of deb.devuan.org, so i don't know | 21:01 |
fsmithred | I think the problem with using https with deb.devuan.org is that not all the mirrors use https, and the round-robin can't select for that. | 21:07 |
gnarface | that would make sense | 21:07 |
gnarface | right, because some stuff has to come from debian repos | 21:08 |
detha | Also, it appears that not all mirrors actually have a certficate for deb.devuan.org | 21:08 |
gnarface | and if debian doesn't require it, that would break | 21:08 |
detha | Randomly putting https://deb.devuan.org in a browser yields: "This server could not prove that it is deb.devuan.org; its security certificate is from sagres.c3sl.ufpr.br." | 21:09 |
gnarface | so that one DOES have https enabled, but it's the wrong key | 21:14 |
gnarface | *wrong cert | 21:14 |
gnarface | what a mess | 21:15 |
detha | The tl;dr version: getting https working on a motley crew of mirrors, with no central administration, is hard. | 21:15 |
waydot | well ... you could share the key :) | 21:29 |
waydot | or disable https altogether, if it's not needed | 21:30 |
detha | You will have to. That is not the problem. The problem is to get n administrators to all configure it properly, and to update with a new cert+key when it expires. | 21:30 |
detha | https is not needed. But people do not (want to) understand that, and "waaah, no https, it is unsafe" | 21:31 |
waydot | so, the problem is getting people who know what they're doing ... same old ... | 22:17 |
gnarface | well, keep in mind that lots of these are probably mirrors for other stuff too | 22:27 |
gnarface | so it might not always be as simple as switching the keys | 22:27 |
gnarface | *certs | 22:27 |
detha | Configure the web server for SNI, deb.devuan.org serves a devuan cert, other mirrors serve whatever other cert. | 22:29 |
gnarface | i think SNI kills support for a bunch of legacy microsoft stuff | 22:30 |
gnarface | IE6 and earlier maybe? | 22:30 |
gnarface | maybe something older than that | 22:30 |
detha | Something like that. Nothing that is still supported by MS in any way | 22:30 |
gnarface | yea nothing that is still supported by microsoft, but likely something that is still serving paying clients somewhere, in bulk | 22:31 |
detha | Maybe. But all it kills is the ability to use IE6 to view the devuan part of the mirror. | 22:32 |
gnarface | hmmm. is that all? i thought it also exposed some incidental MITM vector in the client... | 22:35 |
gnarface | like they'd have to suppress an unsafe warning to keep using it | 22:36 |
golinux | nailyk_matrix: I made the changes in git but looks like middleman is broken (again) so not getting to the webpage(s). Hopefully will be fixed soon. | 22:36 |
detha | Heh. If they can use it at all. Pretty sure most sites now don't support https for IE6 anyway, because enabling SSL versions that old give you bad scores on the security scanners | 22:38 |
waydot | indeed | 22:38 |
gnarface | it might have actually been ie4 and earlier | 22:38 |
gnarface | the notes in the default apache configs at least used to say ... | 22:38 |
gnarface | oh | 22:38 |
gnarface | right, there was that other cipher that was a patent trap... | 22:39 |
gnarface | *and* insecure | 22:39 |
waydot | it's supported in ie7 on vista and newer | 22:39 |
gnarface | i suppose that's a good argument in favor of enabling it | 22:40 |
golinux | nailyk_matrix: The ascii upgrade/update pages are now corrected and on the site. | 23:30 |
nailyk_matrix | Thanks ! | 23:35 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!