The database of hardware

[fehlix]

Paul just upgraded the install instructions on the page to be more secure and safe for the system: https://wiki.debian.org/Hardware/Database

IIUC, the idea of the Privacy notice:

Privacy
Private information (including the username, machine's hostname, IP addresses, MAC addresses and serial numbers) is NOT uploaded to the database.

The tool uploads 32-byte prefix of salted SHA512 hash of MAC addresses and serial numbers to properly identify unique computers and hard drives. All the data is uploaded securely via HTTPS.

is to convince the user the data uploaded are in a kind anonymized.
OTHO, I do see UUID's in the uploaded data, which are fairly unique to the devices. Wouldn't it be more privacy focused to get those UUID's also hashed or randomized.

[linuxbuild]

Some MX probes are currently counted as Debian probes, e.g. this one. Why `lsb_release -a` may report Debian instead of MX on some systems?

[kmathern]

Some MX probes are currently counted as Debian probes, e.g. this one. Why `lsb_release -a` may report Debian instead of MX on some systems?

That's mine.

My install is from MX-19beta-2.1, I'm not sure what `lsb_release -a` shows on the final release of MX-19.

[Jerry3904]

Code: Select all

└─> lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 10 (buster)
Release:	10
Codename:	buster

[linuxbuild]

OTHO, I do see UUID's in the uploaded data, which are fairly unique to the devices. Wouldn't it be more privacy focused to get those UUID's also hashed or randomized.

Let's hide them. I'll try to prepare a patch tomorrow morning.

[SwampRabbit]

Privacy
Private information (including the username, machine's hostname, IP addresses, MAC addresses and serial numbers) is NOT uploaded to the database.

The tool uploads 32-byte prefix of salted SHA512 hash of MAC addresses and serial numbers to properly identify unique computers and hard drives. All the data is uploaded securely via HTTPS.

is to convince the user the data uploaded are in a kind anonymized.

I think this is a great project as far as the concept is concerned.

I would like to see official Collection, Usage, and Privacy policies (I couldn't find these)
"Privacy Notes" just doesn't cut it imho.

Also not sure why hw-probe is under the GPL, but hwinfo is under Creative Commons, but I assume there is a reason.

Pardon my ignorance with the next question, because I haven't installed this yet, but does and can the user see/review the actual data collected prior to it being uploaded?

Edit: added "Collection" to Usage and Privacy sentence.

[Stuart_M]

Some MX probes are currently counted as Debian probes, e.g. this one. Why `lsb_release -a` may report Debian instead of MX on some systems?

The same problem happened to me. I did a probe on my MX-18.3 system on 2 Dec 19 which shows my system as Debian 10 instead of MX.

This https://linux-hardware.org/?probe=a06c7f57fe is the upload. The banner on the top of the page says "MX Hardware" but down a bit under Host Info and System it says Debian 10 and my upload is displayed under the Debian and not MX results.

Contrast my upload with the one kmathern said was his (post #13), the banner on the top says "MX Hardware" like mine, but under "Host Info" and "System" his says MX 19.

Running "lsb_release -a" shows

Code: Select all

No LSB modules are available.
Distributor ID:	MX
Description:	MX 18.3 Continuum
Release:	18.3
Codename:	Continuum

Edit: Regarding the question about seeing the data before it is uploaded. Not when I did mine in December 2019. It was all automatic with just a simple response in the Terminal displaying the URL of the upload after the probe was finished.

[kmathern]

Contrast my upload with the one kmathern said was his (post #13), the banner on the top says "MX Hardware" like mine, but under "Host Info" and "System" his says MX 19.

Mine originally said "Debian 10" in the "Host Info" section.

Someone (linuxbuild ?) changed it to "MX 19" after I made post #13.

[fehlix]

They seem to have changed in buster where lsb_release get's defaults from:
indicated here with the first lines from diff of libs used ( /usr/lib/python3/dist-packages/lsb_release.py )

Code: Select all

$ diff lsb_release.py.MX18.txt    lsb_release.py.MX19.txt
4a5
< # Whatever is guessed above can be overridden in /etc/lsb-release
< def get_lsb_information():
---
> # Whatever is guessed above can be overridden in /usr/lib/os-release by derivatives
> def get_os_release():

In MX18 /stretch lsb_release info comes from /etc/lsb-release
In MX19 /buster they seem to ignore /etc/lsb-release and get it from /usr/lib/os-release
So "lsb_release -a" to get version/release info is currently not reliable in MX-19 as it ignores /etc/lsb-release

Code: Select all

==> /etc/lsb-release <==
PRETTY_NAME="MX 19 patito feo"
DISTRIB_ID=MX
DISTRIB_RELEASE=19
DISTRIB_CODENAME="patito feo"
DISTRIB_DESCRIPTION="MX 19 patito feo"

and takes all values from /etc/os-release -> /usr/lib/os-release

Code: Select all

==> /usr/lib/os-release <==
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

[Stevo]

Since we now have hwprobe in the MX 17-19 test repos, can we get the installation instructions changed in the first post to installing it from there with MX Package Installer?