paynode | i know you'd still be vulnerable to traffic spikes/slashdot effect (if you dont auto-reroute to cloud) but are you saying it could take more than a day to ghost image a new server, provided you can buy/physically cable one quickly? | 00:00 |
---|---|---|
paynode | i dont understand the risk in underspending... | 00:01 |
paynode | / underprovisioning | 00:01 |
gnarface | paynode: it's not really a devuan support issue, but businesses do things like... project traffic and revenue, etc. too much traffic can mean not enough revenue. | 00:12 |
gnarface | paynode: if the difference is dozens, nobody usually cares because usually it's not important, but if the difference is millions... heads will roll | 00:13 |
gnarface | paynode: and yes, i'm saying it can take more than a day to bring one thousand servers online | 00:13 |
paynode | thanks...is ungleich/(other devuan hosters if they exist) ontopic here | 00:14 |
golinux | Probably better at https://chat.ungleich.ch/ungleich/channels/datacenterlight | 00:15 |
gnarface | paynode: cloud overflow is a useful modern convention but also a easy way to accidentally pay too much for bandwidth | 00:15 |
CAPTCHA_REQUIRED | paynode, you could ask me | 00:17 |
paynode | golinux - that seems to recommend mattermost to chat, unless you know of other ways. Still unfamiliar with using it rn | 00:17 |
CAPTCHA_REQUIRED | with my setup I can plug my server directly into a backbone (via colo provider or large VPS provider) | 00:17 |
golinux | Yes. ungleich uses mattermost | 00:18 |
CAPTCHA_REQUIRED | assign the ipv6 range i am given to my route-advertisement dameon | 00:18 |
CAPTCHA_REQUIRED | and ounce the new hypervisor is up rsync (or zfs-send) the existing nodes around | 00:18 |
CAPTCHA_REQUIRED | I've been hacker-newsed and reddited before | 00:32 |
CAPTCHA_REQUIRED | Don't know how that compares to being slashdotted | 00:32 |
golinux | Your nick is punching my eyeballs. | 00:33 |
golinux | Like sitting next to a 500 lb person on an airplane. | 00:34 |
golinux | Guess I'll go elsewhere. | 00:34 |
CAPTCHA_REQUIRED | ugh | 00:37 |
CAPTCHA_REQUIRED | this is why i don't use paste.debian.net | 00:37 |
CAPTCHA_REQUIRED | randomly it refuses to accept pastes and just says DO NOT SPAM | 00:38 |
CAPTCHA_REQUIRED | is this ok? https://f.perl.bot/raw/b58u1i | 00:38 |
CAPTCHA_REQUIRED | I seem to have completely broke my system with this beowulf upgrade | 00:38 |
paynode | maybe you can soothe golinux and put your nick in a pastebin and /nick the new shortlink | 00:50 |
paynode | :) | 00:50 |
paynode | totally asking nicely friendly here :) | 00:51 |
paynode | -friendly, though im friendly too ofc | 00:51 |
paynode | golinux: it seems mattermost is not packaged in the repos for devuan/debian/ubuntu yet? ironic of ungleich.ch to choose it/not package it | 01:35 |
paynode | https://dev1galaxy.org/search.php?action=search&keywords=mattermost&author=&search_in=0&sort_by=0&sort_dir=DESC&show_as=posts&search=Submit - will installing through guides meant for debian work? | 01:38 |
paynode | there are 0 mentions of mattermost in the forum | 01:38 |
paynode | DIF Q: https://pkginfo.devuan.org - is there any reason why the search doesnt check for pkgs in any branch, rather than 3.0? if anyone is authorized to change this, itd be happy if they did | 01:40 |
paynode | s/itd/i'd | 01:40 |
gnarface | "any" is an option in the pulldown... | 01:41 |
gnarface | or it was... | 01:41 |
gnarface | and i don't know anything about mattermost but you should try compiling it | 01:42 |
gnarface | you can package it with checkinstall if it doesn't have a ./debian/ directory | 01:43 |
paynode | gnarface: any is indeed an option but without js in my browser, after successful search in any, it redefaults to beowulf, so i constantly need to reset it to any after each search... | 01:44 |
meep_____ | test | 01:45 |
paynode | test seen in irc meep_____ | 01:46 |
meep_____ | thanks | 01:46 |
meep_____ | is uuidd new? | 01:46 |
meep_____ | as of beowulf | 01:46 |
meep_____ | it's not installed after the beowulf upgrade and running as a daemon | 01:46 |
gnarface | i don't think it's that new | 01:48 |
meep_____ | also why is sudo and rmnologin in the default runlevel rather than sysinit? | 01:48 |
meep_____ | gnarface do you know what uses uuidd? | 01:48 |
gnarface | not exhaustively, no. but it's commonly used to identify block devices | 01:48 |
gnarface | ... among other things | 01:49 |
gnarface | as far as i know that's all it does, generate uuids | 01:49 |
meep_____ | I've used UUIDs before plenty fine without having a daemon running | 01:49 |
meep_____ | why now have a daemon for uuids? | 01:50 |
gnarface | if it wasn't what was generating them all this time then i don't know | 01:50 |
paynode | https://git.devuan.org/devuan/www.devuan.org - is this where to bugreport for pkginfo? | 01:50 |
gnarface | paynode: either there or bugs.devuan.org, dunno for sure | 01:50 |
Garb0_ | I LOVE BEOWULF | 05:25 |
paynode | no one believes you're serious unless you get an allcaps tattoo... | 05:40 |
hemimaniac | lol | 05:45 |
meep_____ | The VUA are hackers on steroids | 05:49 |
* meep_____ blows up random van | 05:49 | |
yeti | paynode: 𝕴 𝖑𝖔𝖛𝖊 𝕭𝖊𝖔𝖜𝖚𝖑𝖋! <<< better than allcaps | 05:59 |
meep_____ | that is better | 06:01 |
meep_____ | also didn't know irc could handle unicode | 06:01 |
paynode | til unicode in irc ...nice yeti | 06:05 |
yeti | depends on the client, the terminal, the font(s), ... | 06:06 |
yeti | unicode in irc is not reliable... as in "readable for everyone" | 06:07 |
yeti | but sometimes it s fun | 06:07 |
furrywolf | most of it worked here, with a few broken characters... but I can't read any of it. lol | 06:08 |
golinux | paynode: The release reset in pkginfo also annoys me. | 06:08 |
furrywolf | fancy characters with a font that's not many pixels high... | 06:09 |
yeti | my xterm "bends" thes fraktur charaters too | 06:09 |
furrywolf | looks like the "v" is the only thing that didn't render here. | 06:09 |
paynode | golinux: is that with js as well? i wasnt allowing js at all, so i dunno | 06:11 |
paynode | yeti's unicode chars worked in smuxi just fine...which i recommend because it has slightly dif colors for each nick, really easier to read irc convos | 06:12 |
yeti | I want all nicks to have the same colur (depending on active, away, offline) only. these 1000 colour screens only would drive me nuts | 06:15 |
yeti | ok... i force some nicks to colours.. grey for bots and darkblue for trolls... but thats a different superpower | 06:17 |
yeti | :-) | 06:17 |
golinux | paynode: I'm too lazy to look at the source but knowing who put it together, I doubt there is js on that site. There is cgi. | 06:21 |
CAPTCHA_REQUIRED | thank you devuan developers for the vast improvement of AppArmor support in Beowulf | 06:30 |
CAPTCHA_REQUIRED | I've finally been able to fully secure my LXC containers in beowulf | 06:31 |
CAPTCHA_REQUIRED | I was using apparmor in jessie and ascii but there were always constant problems and workarounds and aa.incomplete=1 | 06:31 |
CAPTCHA_REQUIRED | not anymore | 06:31 |
golinux | I don't think that Devuan had anything to do with it. Looks like it's coming directly from Debian. | 06:39 |
paynode | parrot linux is probably a good place to check for things like apparmor/firejail/other profiles and such, they do a lot of trial/error/dev in house | 06:42 |
hemimaniac | is that still around? | 06:44 |
hemimaniac | nice | 06:44 |
paynode | they're still around, they were the ones who convinced me systemd was bad, but they never migrated away from it, so...im in #devuan now | 06:58 |
adhoc | evenen all. | 07:00 |
golinux | parrotsec is preparing a Devuan release | 07:01 |
golinux | They have been working on ti for some time | 07:01 |
adhoc | Is there a nice way to do c-groups other than to use Docker? | 07:01 |
hemimaniac | personally I don't like systemd just as it has a habit of throwing everything up (or down) at once, and for the average user it too much tweaking to make nice so I don't see the point | 07:02 |
adhoc | Something that allows process isolation so I can do network simulations with out mess up the runs... | 07:02 |
hemimaniac | isn't that what boxi is for? | 07:10 |
paynode | firejail adhoc ? | 07:10 |
paynode | assuming vm's is too heavy, but that will also isolate even better | 07:10 |
adhoc | paynode: Would have to be dozens of VMs, so huge disk space waste. | 07:23 |
* adhoc looks into firejail. | 07:23 | |
adhoc | https://packages.debian.org/stretch/firejail | 07:24 |
adhoc | could be a good starting point | 07:24 |
adhoc | paynode: thanks =) | 07:24 |
paynode | np | 07:25 |
paynode | also, last i checked (last year? ) cgroups was still unfinished in the kernel, so maybe this is still wip featurewise/stabilitywise | 07:26 |
paynode | also, subgraphos had some serious isolation tools they created but they are still alpha, and none of those tools are packaged for i.e. devuan/debian that i know of | 07:27 |
paynode | otherwise, qubes uses xen, so thats likely too heavy too...there are other containers than docker, lxc/kubernetes etc, but that goes beyond my interest at the moment since they do not isolate as well as vms or as simply as firejail command args | 07:29 |
adhoc | it uses apparmour ? | 07:33 |
adhoc | speaking of unfinished | 07:34 |
adhoc | apparmour was one of the main reasons I stopped using ubuntu. | 07:34 |
adhoc | that was many years ago now, in hindsight | 07:35 |
paynode | firejail doesnt use apparmour but parrotsec linux probably has tried (and partially failed) to get both working in harmony more than any other project | 07:46 |
paynode | im not sure if they failed, but they made it not default at some point because there were so many edge cases where something would fail to run (properly) because of firejail/apparmour/etc | 07:47 |
adhoc | so apparmour is an option? | 07:48 |
* adhoc re-reads | 07:48 | |
paynode | they were also using selinux iirc, dont remember perfectly | 07:48 |
paynode | https://parrotsec.org/docs/info/firejail/ | 07:49 |
adhoc | "Firejail can work in a SELinux or AppArmor environment" | 07:49 |
paynode | firejail playing nicely with apparmor is definately part of parrotsec's goals - is in the link/docs | 07:49 |
adhoc | ah | 07:49 |
paynode | selinux im less sure | 07:49 |
paynode | there | 07:49 |
adhoc | I don't think anyone is sure about what SELinux is good for. | 07:49 |
paynode | you never really know if its doing/protecting until something fails to work...thats how you know it affects your life good or bad | 07:50 |
paynode | thus until now, ive mostly noticed bad | 07:50 |
adhoc | ok then, I'll head up to the lab and give it a go =) | 07:51 |
bean | seems like there aren't any mesa packages with beowulf-backports versions, and I'm confused about how to go about stack tracing Xorg... I did look some stuff up to try figuring it out on my own though | 17:41 |
gnarface | bean: yea i guess there's no mesa in there right now. there isn't always. as for stack tracing xorg... you'd have to do it when it starts up, so you'd probably have to disable your graphical login temporarily | 18:10 |
gnarface | bean: though, if it's a compositor issue it might be better to stack trace the window manager | 18:11 |
gnarface | bean: what ever happened with using the kernel and firmware from backports together as a pair though? no change at all? | 18:27 |
gnarface | last you talked in here you said you had not tested them together | 18:27 |
gnarface | but i had forgotten to mention they would absolutely not be expected to work separately | 18:27 |
gnarface | bean: also, you never mentioned the actual glitch... can bit be reliably reproduced? does it only ever happen when waking up from sleep or suspend? | 18:29 |
gnarface | bean: does it happen in opengl programs too, or just compositing window managers?? | 18:29 |
gnarface | bean: and have you tried a non-compositing window manager? i'm sure i asked some of these questions already but i don't remember getting answers for all of them | 18:29 |
gnarface | bean: anyway, i know this is a big pain, and not optimal, but you have very little recourse besides filing a bug report upstream and being patient... the stack trace is just a way to maybe get the bug report to be taken a bit more seriously | 18:39 |
gnarface | bean: other than that just basic deduction by trying other versions of stuff, and eliminating unnecessary variables from your tests | 18:41 |
bean | thanks for the help | 18:56 |
gnarface | bean: sorry it hasn't been much actual help... but maybe there's a irc channel specifically for the amdgpu driver and firmware that has more current info about this | 18:58 |
bean | oh, thanks for the idea | 19:00 |
meep_____ | what gpu are you using that your having problems with | 21:44 |
meep_____ | I have an RX580 works flawlessly out of the box | 21:44 |
gnarface | already gone | 21:46 |
brocashelm | the rx gpus are just fine for me. i just need to start writing angry e-mails to amd until it's fully open-source | 22:12 |
meep_____ | the only problem | 22:25 |
meep_____ | is that if you embed the amdgpu driver into the kernel instead of a module, you need to also embed the polaris firmware blobs into the kernel or initramfs | 22:26 |
meep_____ | else the gpu will hang | 22:26 |
meep_____ | so yes those emails to amd are still needed | 22:27 |
meep_____ | but it's way better than nvidia | 22:27 |
meep_____ | brocashelm: I'd be interested in hearing the responses from those emails | 22:27 |
nemo | brocashelm: https://m8y.org/tmp/amdgpu.html I had to do this btw | 22:43 |
nemo | brocashelm: could not find a better solution. I bring it up in case you have one ☺ | 22:44 |
nemo | or in case, I guess, the situation has improved in the last couple of months | 22:44 |
nemo | brocashelm: but, at least it works! | 22:45 |
meep_____ | >https://m8y.org/tmp/amdgpu.html wow this is garbage | 22:57 |
nemo | meep_____: ok. | 22:57 |
meep_____ | why would anyone buy a GPU from a company if they had to put up with this | 22:57 |
meep_____ | (the gpu not your article nemo) | 22:57 |
nemo | meep_____: heh. I'm used to situation on linux being crap | 22:57 |
nemo | meep_____: but the ABI thing is pretty dumb | 22:58 |
nemo | meep_____: the not having devuan in their script OS detection, hard to fault them for that | 22:58 |
meep_____ | the whole thing is dumb | 22:58 |
meep_____ | what th even is a "legit debian"? | 22:58 |
nemo | but old xorg? I guess that's due to what ubuntu uses? but... why the hell not bundle two? you detect debian. they use newer xorg | 22:58 |
nemo | meep_____: I meant "one they were willing to officially support" | 22:58 |
nemo | meep_____: my *hope* is they test on those - but. I'm not certain they do, due to the ABI fail | 22:59 |
meep_____ | this is just sloppy and reeks of internal incompetence | 22:59 |
meep_____ | why are they even doing anything with a distro | 22:59 |
meep_____ | the kernel handles DRI | 22:59 |
nemo | well. it's a linux installer that adds an extra apt repo | 23:00 |
nemo | so there's some need to do distro checking, but not much | 23:00 |
meep_____ | they really should not be doing that | 23:00 |
meep_____ | packages shouldn't be screwing with apt's configuration | 23:00 |
nemo | meep_____: I gotta say it's way way way way way better than the nvidia situation | 23:00 |
nemo | meep_____: which I'm currently dealing with on the work desktop with devuan | 23:00 |
nemo | meep_____: where, if you make the mistake or had the need to ever install the nvidia package | 23:01 |
nemo | it will not cleanly install, uninstall or generally interoperate with devuan apt | 23:01 |
paynode | nemo do you not use h-node.org or linux-/j artix | 23:01 |
nemo | be prepared to do repeated install/uninstall, cursing, stray config... | 23:01 |
meep_____ | nemo can't you just refund the card and tell them to sell you something that works with linux | 23:01 |
nemo | paynode: oh when buying it? | 23:01 |
nemo | paynode: frankly, it's fairly new, so I figured distros would usually catch up. I'm always used to new cards having issues with debian due to their strategy | 23:02 |
meep_____ | if I were you I would be right away getting a refund | 23:02 |
nemo | meep_____: meh. works fine | 23:02 |
nemo | meep_____: their ABI thing is lame, but an old Xorg pin is not the end of the world | 23:02 |
nemo | not gonna do a new build just for that | 23:02 |
paynode | sorry that last part of msg was crap...h-node.org or linux-hardware.info i think...im looking for the link, i try to stick to devices that have fully libre drivers/kernel working great, so i dont have to deal with the kind of crap described in ur article | 23:02 |
nemo | paynode: yeah, but I wanted a brand spanking new graphics card, so odds of debian support out of the box were not high | 23:03 |
nemo | paynode: this was my first ever "over-the-top" gamer machine | 23:03 |
nemo | with, like LEDs and glass sides and silliness | 23:03 |
nemo | was for the family living room | 23:03 |
nemo | paynode: it was half paid for by the boss sooooo 😃 | 23:03 |
nemo | well. more like ⅔rds | 23:03 |
paynode | sorry http://linux-hardware.org ...its the sister side of http://linux-hardware.info/, which is why i typed it wrong | 23:04 |
paynode | there are likely more resources i dont know about... | 23:04 |
nemo | yeah, I've used things like that in past | 23:05 |
nemo | but situation has gotten better, and was feelign a bit confident in my skills | 23:05 |
paynode | boss? do you work in gaming? or are you being groomed not to leave your employer :) | 23:05 |
nemo | meep_____: you know what you missed, was my first attempt at getting it to work, where I had downloaded the wrong version of AMD's driver, and was trying to manually rewrite their kernel driver to be compatible | 23:05 |
nemo | paynode: it's just a perk. tech toy perk | 23:05 |
nemo | paynode: $500/y play money. plenty of other perks too. | 23:06 |
nemo | paynode: we've known each other for a while, and I think he's giving me a pretty good deal | 23:06 |
nemo | meep_____: actually, did you hear about AMD's fail that is *still* impacting this machine 'cause I haven't gotten around to rebooting it after manually applying the upstream debian package that is not in devuan yet? | 23:07 |
nemo | meep_____: the CPU fail? | 23:07 |
nemo | it's particularly hilarious since I never noticed for a long time due to not using systemd | 23:07 |
meep_____ | ><nemo> with, like LEDs and glass sides and silliness | 23:07 |
meep_____ | how many retracting cupholders? | 23:07 |
meep_____ | or clothes hangers | 23:08 |
nemo | hehe | 23:08 |
nemo | the only retracting cupholder is a usb one sitting on top of the bass right now to transfer the CD collection to it | 23:09 |
nemo | task that's been on the todo for years | 23:09 |
meep_____ | yes i heard about the cpu failure shit | 23:09 |
meep_____ | which is why i still haven't upgraded to ryzen | 23:10 |
meep_____ | also the mandatory psp | 23:10 |
nemo | meep_____: well, my boss had ordered that ryzen for me fairly early before that even came out | 23:10 |
meep_____ | they had some lame excuse 'oh uh most consumers don't load their cpu to 100% so it's fine' | 23:10 |
nemo | meep_____: er... what does psp have to do with cpu load? | 23:11 |
meep_____ | the psp is a backdoor | 23:11 |
meep_____ | not related to the crashing | 23:11 |
nemo | ok... | 23:11 |
nemo | crashing, I was referring to: | 23:11 |
nemo | https://www.phoronix.com/scan.php?page=news_item&px=Ryzen-3K-RdRand-Systemd-Maybe | 23:11 |
meep_____ | oh | 23:11 |
nemo | which is particularly funny to devuan users, and explaisn why I didn't notice | 23:12 |
meep_____ | no I was talking about how on some early ryzens were defective and if you sustained 100% load on them they would hang the system | 23:12 |
meep_____ | they did a recall | 23:12 |
nemo | IMO systemd does not get off the hook in blaming AMD because they coded an infinite loop if there was any issue there, and there had been issues in the past. not to mention trusting an instruction that could be malicious | 23:12 |
nemo | meep_____: ah. this one seems fine | 23:12 |
nemo | have quite a lot of load on it | 23:12 |
nemo | but I haven't applied the RDRAND patch yet | 23:12 |
nemo | meep_____: their NSA pseudorandom sequence generator must have an initialisation bug 😉 | 23:13 |
meep_____ | systemd relies on RDRAND? | 23:13 |
nemo | yes | 23:13 |
meep_____ | not even Linux itself is dumb enough to do that | 23:13 |
nemo | yes | 23:13 |
meep_____ | I remember this whole big drama ordeal about one of the linux kernel maintainer refusing to have the kernel rely solely on RDRAND despite pressure from Intel, and eventually being called a rapist or something as some kind of blackmail | 23:14 |
meep_____ | it's nice to know where systemd stands on that | 23:14 |
nemo | hehe | 23:16 |
meep_____ | Theodore Ts'o | 23:16 |
meep_____ | do you remember that? | 23:16 |
meep_____ | when your init system is so massively bloated that it takes the whole system if it can't access some obscure cpu assembly feature | 23:19 |
nemo | meep_____: well. they only use it if it is available and claims to be working. not that that excuses things IMO | 23:22 |
nemo | given track record of rdrand in general both in reliability and security | 23:22 |
nemo | oh well. they fixed their infinite loop at least... | 23:22 |
meep_____ | but nemo | 23:23 |
meep_____ | regardless if it claims to be working on not | 23:23 |
meep_____ | *or not | 23:23 |
meep_____ | relying on only one single source of entropy and doing no mixing whatsoever I thought was common knowledge never to do when building crypto systems | 23:23 |
nemo | brocashelm: aaaanyway. dunno if it got lost in all this, but do let me know if your experience was similar to mine in that url. I'm quite curious | 23:24 |
meep_____ | and even part of FIPS certification | 23:24 |
nemo | meep_____: yeah. not sure how critical it was for them. But, it's not even a useful thing to do performance-wise, apparently. supposedly rdrand is quite slow compared to *good* sources. | 23:24 |
nemo | (and a decent alg) | 23:24 |
nemo | (must be all the time it takes to execute the NSA... etc) 😉 | 23:25 |
meep_____ | that's really strange. | 23:27 |
meep_____ | how slow? | 23:27 |
meep_____ | slower than even a homebrew chaos key? | 23:27 |
meep_____ | or a 20 dollar modified sdr tv tuner | 23:28 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!