CISPE's call for new regulations on VMware
Md at debian.org
by Marco d'Itri
3M ago
A few days ago CISPE, a trade association of European cloud providers, published a press release complaining about the new VMware licensing scheme and asking for regulators and legislators to intervene. But VMware does not have a monopoly on virtualization software: I think that asking regulators to interfere is unnecessary and unwise, unless, of course, they wish to question the entire foundations of copyright. Which, on the other hand, could be an intriguing position that I would support... I believe that over-reliance on a single supplier is a typical enterprise risk: in the past decade som ..read more
Visit website
Extending access to the systemd RuntimeDirectory with a POSIX ACL
Md at debian.org
by Marco d'Itri
4M ago
inn2 uses ephemeral UNIX domain sockets in /run/news/ to communicate with the ctlinnd program. Since the directory is only writeable by the "news" user, other unprivileged users are not able to use the command. I solved this by extending the inn2.service systemd unit with a drop-in file which uses setfacl to give access to my user "md" to the RuntimeDirectory created by systemd. This is the content of /etc/systemd/system/inn2.service.d/md-ctlinnd.conf: [Service] # innd will change the permissions of /run/news/ when started: without # creating it now with mode 0775 then that will change the AC ..read more
Visit website
On having a track record in operating systems development
Md at debian.org
by Marco d'Itri
1y ago
Now that Debian 12 has been released with proprietary firmwares on the official media, non-optional merged-/usr and systemd adopted by everybody, I want to take a moment to list, not without some pride, a few things that I was right about over the last 20 years: Distribution of proprietary firmwares (#33, #40, #114) udev systemd (#454) merged-/usr Accepting the obvious solution about firmwares took 18 years. My work on the merged-/usr transition started in 2014, and the first discussions about replacing sysvinit are from 2011. The general adoption of udev (and dynamic device names, and persi ..read more
Visit website
Debian bookworm on a Lenovo T14s Gen3 AMD
Md at debian.org
by Marco d'Itri
1y ago
I recently upgraded my laptop to a Lenovo T14s Gen3 AMD and I am happy to report that it works just fine with Debian/unstable using a 5.19 kernel. The only issue is that some firmware files are still missing and I had to install them manually. Updates are needed for the firmware-amd-graphics package (#1019847) for the Radeon 680M GPU (AMD Rembrandt) and for the firmware-atheros package (#1021157) for the Qualcomm NFA725A Wi-Fi card (which is actually reported as a NFA765). s2idle (AKA "modern suspend") works too. For improved energy efficiency it is recommended to switch from the acpi_cpufreq ..read more
Visit website
Run an Ansible playbook in a chroot
Md at debian.org
by Marco d'Itri
3y ago
Running a playbook in a remote chroot or container is not supported by Ansible, but I have invented a good workaround to do it anyway. The first step is to install Mitogen for Ansible (ansible-mitogen in Debian) and then configure ansible.cfg to use it: [defaults] strategy = mitogen_linear But everybody should use Mitogen anyway, because it makes Ansible much faster. The trick to have Ansible operate in a chroot is to make it call a wrapper script instead of Python. The wrapper can be created manually or by another playbook, e.g.: vars: - fsroot: /mnt tasks: - name: Create the chro ..read more
Visit website
My resignation from freenode
Md at debian.org
by Marco d'Itri
3y ago
As it is now known, the freenode IRC network has been taken over by a narcissistic Trumpian wannabe korean royalty bitcoins millionaire. To make a long story short, the former freenode head of staff secretly "sold" the network to this person even if it was not hers to sell, and our lawyers have advised us that there is not much that we can do about it without some of us risking financial ruin. Fuck you Christel, lilo's life work did not deserve this. What you knew as freenode after 12:00 UTC of May 19 will be managed by different people. As I have no desire to volunteer under the new regime, t ..read more
Visit website
RPKI validation with FORT Validator
Md at debian.org
by Marco d'Itri
3y ago
This article documents how to install FORT Validator (an RPKI relying party software which also implements the RPKI to Router protocol in a single daemon) on Debian 10 to provide RPKI validation to routers. If you are using testing or unstable then you can just skip the part about apt pinnings. The packages in bullseye (Debian testing) can be installed as is on Debian stable with no need to rebuild them, by configuring an appropriate pinning for apt: cat <<END > /etc/apt/sources.list.d/bullseye.list deb http://deb.debian.org/debian/ bullseye main END cat <<END > /etc/apt/pr ..read more
Visit website
RPKI validation with OpenBSD's rpki-client and Cloudflare's gortr
Md at debian.org
by Marco d'Itri
3y ago
This article documents how to install rpki-client (an RPKI relying party software, the actual validator) and gortr (which implements the RPKI to Router protocol) on Debian 10 to provide RPKI validation to routers. If you are using testing or unstable then you can just skip the part about apt pinnings. The packages in bullseye (Debian testing) can be installed as is on Debian stable with no need to rebuild them, by configuring an appropriate pinning for apt: cat <<END > /etc/apt/sources.list.d/bullseye.list deb http://deb.debian.org/debian/ bullseye main END cat <<END > /etc ..read more
Visit website
Debian support for libxcrypt
Md at debian.org
by Marco d'Itri
4y ago
glibc 2.29-7 and libxcrypt 1:4.4.10-10 today entered Debian testing: crypt(3) and the other related library functions in libcrypt from now on will be provided by libxcrypt instead of glibc. After 18 months of packaging work, Debian finally supports modern password hashing methods like yescrypt: the details about them are documented in crypt(5). For the time being there is still no support for libxcrypt in our release of PAM, but hopefully the Debian maintainer will update the package soon and this will allow using yescrypt by default. If you want to test now the new algorithms then you can ..read more
Visit website

Follow Md at debian.org on FeedSpot

Continue with Google
Continue with Apple
OR