| + ec0 (~ec0@vps-446f4f39.vps.ovh.ca) | 01:01 | |
| - mtm (QUIT: Ping timeout: 260 seconds) (~mtm@c-71-228-84-213.hsd1.fl.comcast.net) | 02:03 | |
| - mjw (QUIT: Ping timeout: 244 seconds) (~mjw@213-10-231-91.fixed.kpn.net) | 02:23 | |
| - yewscion (QUIT: Remote host closed the connection) (~yewscion@2601:547:1480:bc60:9da:d549:1885:c96c) | 02:37 | |
| - nsc (QUIT: Ping timeout: 244 seconds) (~nicolas@107-49-142-46.pool.kielnet.net) | 03:16 | |
| + nsc (~nicolas@148-99-142-46.pool.kielnet.net) | 03:18 | |
| + Guest65 (~Guest65@ip4d15f165.dynamic.kabel-deutschland.de) | 04:05 | |
| + mtm (~mtm@c-71-228-84-213.hsd1.fl.comcast.net) | 04:09 | |
| - Guest65 (QUIT: Ping timeout: 246 seconds) (~Guest65@ip4d15f165.dynamic.kabel-deutschland.de) | 04:15 | |
| - Boostisbetter (QUIT: Ping timeout: 260 seconds) (4a410829d7@irc.cheogram.com) | 04:24 | |
| - ajr (QUIT: Quit: Connection closed for inactivity) (uid609314@user/ajr) | 05:48 | |
| + yewscion (~yewscion@2601:547:1480:bc60:9da:d549:1885:c96c) | 05:55 | |
| + ming_ (~yewscion@2601:547:1480:bc60:9da:d549:1885:c96c) | 06:01 | |
| - yewscion (QUIT: Read error: Connection reset by peer) (~yewscion@2601:547:1480:bc60:9da:d549:1885:c96c) | 06:02 | |
| - robin (QUIT: Ping timeout: 260 seconds) (~robin@user/terpri) | 06:05 | |
| + robin (~robin@user/terpri) | 07:33 | |
| + Boostisbetter (4a410829d7@irc.cheogram.com) | 07:41 | |
| josch | minute: I'm close to officially announcing reform.debian.net. Do you have a creative-commons or similarly licensed photo of the reform that you'd like to see on reform.d.n? | 08:36 |
|---|---|---|
| josch | The feedback I got from Debian people so far was, that they didn't know what this page was about and while I can (and did) write a text about that, an image would make it immediately clear what kind of hardware this is about. | 08:37 |
| + leonardo (leonardo@user/leonardo) | 09:12 | |
| ex-parrot | hello josch I see the SD image is live | 09:32 |
| ex-parrot | ACTION writes to an SD card | 09:32 |
| josch | ex-parrot: this is yet untested, okay? | 09:34 |
| josch | so please be careful :) | 09:34 |
| ex-parrot | I refuse to be careful | 09:34 |
| josch | please report all bugs you find :) | 09:35 |
| ex-parrot | that I can do | 09:35 |
| josch | thank you! | 09:35 |
| ex-parrot | would you prefer feedback by IRC, e-mail, something else? | 09:35 |
| josch | whatever fits you better :) | 09:36 |
| ex-parrot | number one impediment right now is where is my SD card reader.. | 09:37 |
| ex-parrot | hmm, doesn't seem like my LPC went to sleep last time I turned off the Reform | 09:38 |
| minute | josch: i would suggest the second picture on this page (you can crop it if needed) https://mntre.com/reform.html | 09:57 |
| ex-parrot | I found the world's slowest SD card reader | 09:59 |
| ex-parrot | it's been writing the image for more than half an hour | 09:59 |
| ex-parrot | mmm that bismuth wallpaper and ethernet LED | 09:59 |
| ex-parrot | beautiful | 09:59 |
| vkoskiv | bs=? That can make a big difference | 09:59 |
| ex-parrot | I'm just xzcating the image in macOS, I hope / assume it's capable of guessing a reasonable block size | 09:59 |
| ex-parrot | I think it's just a terrible reader. there's a reason I normally use my other MIA one :( | 09:59 |
| vkoskiv | On macOS, using /dev/rdisk<N> is often faster than /dev/disk<N> | 10:00 |
| vkoskiv | Don't ask me why. | 10:00 |
| ex-parrot | minute: do you think I should upgrade the keyboard in my reform? I don't dislike the v1 keyboard at all but I feel like I'm missing out on some immaterial thing :P | 10:00 |
| ex-parrot | good to know vkoskiv I didn't even know macOS had rdisk | 10:00 |
| ex-parrot | ok booting debian... | 10:11 |
| ex-parrot | josch: one bug report, there's no instruction or automated process for disabling the passwordless root login after making a normal user | 10:13 |
| ex-parrot | which makes me worried that a lot of Reforms are floating around in the world with passwordless root still enabled | 10:14 |
| ex-parrot | the instructions displayed on normal login tell me to use "sudo" but by default my user isn't in the sudoers group either | 10:14 |
| ex-parrot | also the kernel logging level might want to be adjusted, connecting to wifi I get the wlp1s0 status messages breaking through over the top of nmtui for instance | 10:15 |
| josch | ex-parrot: this is all addressed here: https://source.mnt.re/reform/reform-system-image/-/merge_requests/43 | 10:17 |
| josch | ex-parrot: also, when you run "sudo reform-check" you will be told how to disable the passwordless root | 10:17 |
| ex-parrot | excellent | 10:18 |
| ex-parrot | it seems that the reform-flash-rescue shipped in the reform.d.n image will still bork the eMMC install if you let it try update it | 10:18 |
| ex-parrot | actually no, it just /says/ it's going to download the v3 sysimage but I see it is actually pulling the correct debian one | 10:19 |
| ex-parrot | ok that mr makes sense josch, sorry I will have a look through what's open before I complain too much more :) | 10:20 |
| ex-parrot | there's an existing tool in Debian for handling boot-time partition resizing that I use at work | 10:20 |
| josch | which one? | 10:20 |
| ex-parrot | just trying to remember what it's called | 10:20 |
| ex-parrot | there are two I'm aware of, https://www.freedesktop.org/software/systemd/man/systemd-repart.service.html and growpart but that's in cloud-guest-utils so probably less good for Reform | 10:21 |
| josch | ah of course there is a systemd thing for this... | 10:22 |
| ex-parrot | yeah, it seems to work OK, I'm using it on a small handful of machines | 10:22 |
| ex-parrot | ok josch I was right the first time, the rescue flash script is borked still | 10:27 |
| ex-parrot | even using all reform.d.n parts | 10:27 |
| ex-parrot | reform-boot-config fails to run because it reckons /lib/modules/6.1.0-10-reform2-arm64 doesn't exist | 10:28 |
| ex-parrot | presumably inside the chroot in to the rescue env | 10:28 |
| ex-parrot | and indeed I seem to only have -9- modules in /lib/modules | 10:29 |
| ex-parrot | somehow | 10:29 |
| ex-parrot | ah, it /is/ installing the wrong image | 10:31 |
| ex-parrot | that's why :) | 10:31 |
| ex-parrot | I can fix this and send you a patch | 10:31 |
| - buckket (QUIT: Quit: buckket) (~buckket@vps.buckket.org) | 10:43 | |
| + buckket (~buckket@vps.buckket.org) | 10:44 | |
| ex-parrot | josch: another small issue, you're missing an http -> https redirect on reform.d.n | 10:46 |
| josch | i prefer to let the users choose what they want to use | 10:47 |
| josch | if you want an automatical redirect, your browser can do this for you | 10:47 |
| ex-parrot | it's irresponsible to serve up operating system images over http | 10:47 |
| ex-parrot | and configuration advice | 10:47 |
| josch | no | 10:47 |
| josch | it's GPG signed | 10:47 |
| ex-parrot | yeah but the entire page content can be replaced by a person with network intercept capability to make it say anything you like | 10:48 |
| ex-parrot | there should be nothing on *.debian.net without a strict redirect for safety | 10:48 |
| josch | correct | 10:48 |
| ex-parrot | that's how you care for the users of Debian | 10:48 |
| ex-parrot | I am fundamentally intensely opposed to serving any plaintext content ESPECIALLY if it's providing instructions on configuring or installing your operating system etc, it's irresponsible | 10:49 |
| josch | but... then why don't you use https instead? | 10:49 |
| ex-parrot | same reason I don't leave dangerous footguns around for people I care about | 10:49 |
| ex-parrot | it's our job to do the Right Things here | 10:49 |
| ex-parrot | and help people not get pwned | 10:49 |
| josch | i see you feel very strongly about this topic | 10:49 |
| ex-parrot | yeah I do | 10:50 |
| ex-parrot | I'm kind of astonished that there's even disagreement about this | 10:50 |
| ex-parrot | also, I made you a patch for the rescue system flasher | 10:50 |
| josch | you are correct in saying that somebody could be pwned by shipping different instructions over http | 10:51 |
| ex-parrot | yeah, it's intensely irresponsible to give critical advice over a plaintext channel over the Internet | 10:52 |
| ex-parrot | sorry I'm getting worked up about this, it legitimately distresses me | 10:52 |
| josch | and here we are passing critical advice to each other via IRC ;) | 10:52 |
| ex-parrot | yeah I know :( but we're in a position to evaluate this discussion | 10:53 |
| ex-parrot | speaking of which, here's a patch https://hotplate.co.nz/files/reform/reform-flash-rescue-fix-image-url.patch | 10:53 |
| ex-parrot | the whole ethos of the Reform project to me is responsible stewardship of technology | 10:53 |
| ex-parrot | rather than saying to people "oh you can choose to do the dangerous thing, and it's the default, and I don't have an opnion on the matter" | 10:54 |
| ex-parrot | there's no utility in serving it over plaintext but there are massive downsides | 10:54 |
| ex-parrot | I feel like this is the ethos of the Debian project even | 10:54 |
| ex-parrot | building responsible software for everyone | 10:54 |
| ex-parrot | you can't say "building software for everyone except people who don't know that http is dangerous" | 10:55 |
| josch | i don't want to argue | 10:56 |
| josch | i completely disabled http | 10:56 |
| ex-parrot | you'll need a redirect, ideally you want an HSTS header so the browser only ever connects over HTTP once | 10:56 |
| ex-parrot | ideally ideally the whole debian.net gets an HSTS preload but I can understand that is prob not possible yet | 10:56 |
| josch | i see you were never blocked yourself by sites that were https only | 10:57 |
| ex-parrot | how do you mean? | 10:58 |
| josch | it's not like i enabled http without redirect without thought | 10:58 |
| ex-parrot | I just assumed it was an oversight, it's extremely rare on the web now :/ | 10:58 |
| josch | i have used enough machines in the past that did either not allow https | 10:58 |
| josch | or was behind a firewall/proxy that did not | 10:58 |
| ex-parrot | I think the risk of that is much smaller than the risk of having folks interactions with the Debian Reform support stuff default to and probably stay entirely over plaintext http | 10:59 |
| ex-parrot | I see you've just killed port 80 now which feels unneccassrily passive agressive :( | 11:00 |
| ex-parrot | I'm trying to help get this in to what I consider to be an uncontroversially good and secure state for everyone to use | 11:00 |
| josch | do you have an nginx config that does the right thing? | 11:00 |
| ex-parrot | I mainly run Apache, but I can probably find a config | 11:01 |
| ex-parrot | I have no objection to figuring that out, hang on | 11:01 |
| ex-parrot | https://paste.hotplate.co.nz/hpgK2Dk5vS#HoBMIrRYcIL/0i5CZWS6NQ | 11:03 |
| ex-parrot | this should do it | 11:03 |
| josch | that looks like it will create a redirect lop | 11:04 |
| ex-parrot | you could add something like 'add_header Strict-Transport-Security "max-age=86400"' to the TLS server block too to tell browsers to connect over HTTPS in future | 11:04 |
| josch | *loop | 11:04 |
| josch | lets try it out | 11:04 |
| ex-parrot | if your TLS server block listens on 443 and this block listens on 80 it shouldn't loop? | 11:04 |
| josch | ah no it does the right thing | 11:05 |
| ex-parrot | phew | 11:05 |
| ex-parrot | sorry I realised I was being weirdly mean about this | 11:05 |
| josch | no worries | 11:05 |
| josch | we all feel strongly about something | 11:05 |
| ex-parrot | that patch fixes the rescue flash script on my machine | 11:05 |
| ex-parrot | I made the messages slightly more descriptive but that might be diverging from upstream too much, idk | 11:06 |
| josch | yes, i see how it works | 11:06 |
| josch | but i want to solve this is a different way | 11:06 |
| ex-parrot | yeah fair enough | 11:06 |
| josch | because otherwise, i will also fork reform-tools | 11:06 |
| ex-parrot | this script seems quite fragile | 11:06 |
| josch | it is | 11:06 |
| ex-parrot | ah no we do have a redirect loop now | 11:07 |
| josch | must've been my browser cache that made it work earlier | 11:07 |
| ex-parrot | fincham@samsa:~$ curl https://reform.debian.net/ | 11:07 |
| ex-parrot | <html> | 11:07 |
| ex-parrot | <head><title>301 Moved Permanently</title></head> | 11:07 |
| ex-parrot | I'd say the most common nginx config there is on the planet is 80->443 by a 301 redirect then serving the application on 443, so it shouldn't be esoteric | 11:08 |
| josch | i think i have to put this in its own server{} block | 11:08 |
| ex-parrot | yeah that is the usual way I've seen it done | 11:09 |
| ex-parrot | one server block for the port 80 redirect, one serverblock for the 443 / tls vhost | 11:09 |
| josch | now it works btter | 11:09 |
| ex-parrot | yep looks perfect | 11:09 |
| ex-parrot | thanks | 11:09 |
| ex-parrot | everything else seems to be working fine in these images | 11:10 |
| ex-parrot | gnome works, wifi works, browser works, battery measurement is working | 11:10 |
| ex-parrot | I managed one working round trip through suspend / resume | 11:11 |
| ex-parrot | booting in to the rescue immage from emmc is also working | 11:16 |
| ex-parrot | I'm going to do some boring dev work on this image and see if anything weird happens | 11:18 |
| josch | cool, thank you! | 11:18 |
| ex-parrot | no probs, I really want to help with this thing, sorry again for freaking out about the HTTPS thing :< | 11:18 |
| ex-parrot | idk what is wrong with me sometimes | 11:18 |
| ex-parrot | I've been using Debian since about 1999 and I really just finally want there to be a Canonically Debian Laptop | 11:19 |
| ex-parrot | Novena was good but didn't make it :/ | 11:19 |
| josch | you came to the right place -- the reform has been my only computer for nearly a year now | 11:21 |
| ex-parrot | mine has been sitting on a shelf for the last year more or less :/ | 11:21 |
| ex-parrot | I injured my spine and couldn't do much hobby computer stuff for the last year or so | 11:21 |
| ex-parrot | but I'm finally getting back in to it now | 11:22 |
| josch | i hope you are recovering well! | 11:23 |
| ex-parrot | fingers crossed | 11:23 |
| ex-parrot | sorry this is extra irrelevant, I think I should actually just go to bed | 11:23 |
| josch | thank you for your help and sleep well :) | 11:24 |
| ex-parrot | thanks for your continued great work josch I will report back on how the image is going in a couple days | 11:24 |
| josch | nice :) | 11:25 |
| amospalla[m] | Hi guys, was there any approximate date for Pocket Reforms? | 11:26 |
| amospalla[m] | Just wondering, no stress at all. | 11:26 |
| amospalla[m] | Does this conversation of yours mean that suspend/resume is working on modern kernel on a reform guys? | 11:27 |
| ex-parrot | it works some of the time | 11:28 |
| ex-parrot | some people seem to be having more success than others | 11:28 |
| amospalla[m] | That sounds great!, IIRC it didn't work at all some months ago. | 11:29 |
| ex-parrot | anecdotally at least it seems to be more reliable than it was | 11:29 |
| + mjw (~mjw@213-10-231-91.fixed.kpn.net) | 12:07 | |
| minute | ex-parrot: oh i'm also sorry to hear about your injury and wish you a good recovery | 13:45 |
| minute | huh, i'm using bluetooth PAN with my iphone by accident on a311d | 13:46 |
| minute | it works very well | 13:46 |
| - mtm (QUIT: Ping timeout: 264 seconds) (~mtm@c-71-228-84-213.hsd1.fl.comcast.net) | 14:04 | |
| - mjw (QUIT: Ping timeout: 258 seconds) (~mjw@213-10-231-91.fixed.kpn.net) | 15:42 | |
| + mjw (~mjw@213-10-231-91.fixed.kpn.net) | 15:49 | |
| + marty_mcfly88 (~marty@2603-6000-8c01-0f3e-f06c-aeac-847a-3a14.res6.spectrum.com) | 16:05 | |
| + mtm (~mtm@c-71-228-84-213.hsd1.fl.comcast.net) | 16:09 | |
| - Boostisbetter (QUIT: Ping timeout: 260 seconds) (4a410829d7@irc.cheogram.com) | 16:29 | |
| vkoskiv | Oh, hte a311d has bluetooth too? Very cool! | 17:25 |
| + Boostisbetter (4a410829d7@irc.cheogram.com) | 17:28 | |
| - marty_mcfly88 (QUIT: Ping timeout: 260 seconds) (~marty@2603-6000-8c01-0f3e-f06c-aeac-847a-3a14.res6.spectrum.com) | 17:45 | |
| + ajr (uid609314@user/ajr) | 18:44 | |
| + bgs (~bgs@212-85-160-171.dynamic.telemach.net) | 18:54 | |
| + vagrantc (~vagrant@2600:3c01:e000:21:7:77:0:50) | 19:21 | |
| - XYZ (QUIT: Ping timeout: 244 seconds) (~XYZ@78-80-114-28.customers.tmcz.cz) | 19:32 | |
| + XYZ (~XYZ@37-48-34-1.nat.epc.tmcz.cz) | 19:46 | |
| + wielaard (~mjw@213-10-231-91.fixed.kpn.net) | 20:55 | |
| - mjw (QUIT: Ping timeout: 246 seconds) (~mjw@213-10-231-91.fixed.kpn.net) | 20:57 | |
| + mjw (~mjw@213-10-231-91.fixed.kpn.net) | 22:03 | |
| - wielaard (QUIT: Ping timeout: 250 seconds) (~mjw@213-10-231-91.fixed.kpn.net) | 22:04 | |
| - bgs (QUIT: Remote host closed the connection) (~bgs@212-85-160-171.dynamic.telemach.net) | 22:07 | |
| + marty_mcfly88 (~marty@2603-6000-8c01-0f3e-eed9-8fa2-3f4a-6b40.res6.spectrum.com) | 22:26 | |
| - marty_mcfly88 (QUIT: Remote host closed the connection) (~marty@2603-6000-8c01-0f3e-eed9-8fa2-3f4a-6b40.res6.spectrum.com) | 22:28 | |
| - jacobk (QUIT: Ping timeout: 252 seconds) (~quassel@47-186-110-219.dlls.tx.frontiernet.net) | 22:38 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!