|
File a bug on https://bugs.freedesktop.org?product=xorg please, under the "Driver/nouveau" component. Link it in here once you do so I can CC to it as well.
|
# ? Nov 30, 2013 15:50 |
|
|
# ? May 9, 2024 22:41 |
|
Bug report here: https://bugs.freedesktop.org/show_bug.cgi?id=72180 It's a bit all over the place as I wasn't sure which information was relevant.
|
# ? Nov 30, 2013 19:14 |
|
What's a good ssh/rdp connection manager thing? I'd like something with tabs. I use Gnome 3. I've tried Remmina which had a few quirks (can't copy from SSH sessions, menu floats in a different window) and Vinagre (can't copy from SSH, can't work out how to change size of terminal buffer, RDP sessions close instantly) Seriously what is with these programs copy/paste is really important. Anything better? I think I literally just want a list of bookmarked servers and sessions in tabs.
|
# ? Dec 2, 2013 08:36 |
|
I think pianobar is pretty neat. It is a command-line Pandora app. I have an old, slow laptop connected to my stereo, with Linux installed on it. I SSH into it from my personal laptop, and control Pandora with keyboard shortcuts. It's very convenient, and needless to say, it REALLY impresses chicks.
|
# ? Dec 2, 2013 09:40 |
|
my stepdads beer posted:What's a good ssh/rdp connection manager thing? I'd like something with tabs. I use Gnome 3. A coworker is working on hotssh in his spare time. You'll have to compile from source, but it has copy/paste support in the form of Shift+Insert / Ctrl+Insert, and PRIMARY support. I'm trying to make Ctrl+Shift+C / Ctrl+Shift+V work. It's a bit rough now, also.
|
# ? Dec 2, 2013 17:40 |
|
This popped up on hacker news and I thought it was really useful: http://explainshell.com/
|
# ? Dec 2, 2013 18:40 |
|
my stepdads beer posted:What's a good ssh/rdp connection manager thing? I'd like something with tabs. I use Gnome 3. This is ssh-only but you can use gnome-terminal for tabs, add hosts in ~/.ssh/config and then set up your shell to tab-complete with data from the config and known_hosts files.
|
# ? Dec 2, 2013 19:36 |
|
Suspicious Dish posted:A coworker is working on hotssh in his spare time. You'll have to compile from source, but it has copy/paste support in the form of Shift+Insert / Ctrl+Insert, and PRIMARY support. I'm trying to make Ctrl+Shift+C / Ctrl+Shift+V work. I will check this out at work today, thnaks edit this is weird - one of the issues of running a beta I guess? Worth a bug report? code:
cowboy beepboop fucked around with this message at 23:35 on Dec 2, 2013 |
# ? Dec 2, 2013 22:35 |
|
Does anyone know how to get more info out of wpa_supplicant about why it's not connecting? When I try to run it, I get the error "ioctl[SIOCSIWENCODEEXT]: Invalid argument", and then it just hangs for ages never connecting. The wifi chip is on and the firmware's loaded as dmesg says as such. Just to clarify the wifi chip is a Marvell SD8797.
|
# ? Dec 3, 2013 02:53 |
|
Experto Crede posted:Does anyone know how to get more info out of wpa_supplicant about why it's not connecting? Knowing the name and version of your Linux distribution would be helpful. Google tells me that your wpa_supplicant.conf file might be incorrectly formatted: http://askubuntu.com/questions/106633/wpa-supplicant-ioctlsiocsiwencodeext-invalid-argument Another possible cause is that the driver might only support the newer nl80211 configuration API instead of the old Wireless Extensions. In that case, start your wpa_supplicant with "-D nl80211" instead of "-D wext", or make the equivalent change to the configuration file.
|
# ? Dec 3, 2013 10:08 |
|
telcoM posted:Knowing the name and version of your Linux distribution would be helpful. Sorry, thought I'd included that! This is ubuntu 12.04 (sans a UI) running on an ARM chromebook. I just ran it with a -d and it seems it was that the chip didn't like wext, but when using nl80211 I just get it stuck on Daemonize and then not doing anything. EDIT: Actually, ignore all that. It seems wpa_supplicant was running fine, but dhclient running after it is hanging. When I do dhclient -d mlan0, I see the license info then nothing. Experto Crede fucked around with this message at 14:19 on Dec 3, 2013 |
# ? Dec 3, 2013 14:11 |
|
On Ubuntu what's a good way to work with commands that have tab-completion, but the system needs elevated privleges to get the info for the tab completion? Specifically, zfs' zpool commands can tab-complete device names, but if you try doing something like: pre:sudo zpool clear tank1 name_of_de pre:sudo zpool clear tank1 name_of_deUnable to open /dev/zfs: Permission denied.
|
# ? Dec 3, 2013 17:48 |
|
Thermopyle posted:On Ubuntu what's a good way to work with commands that have tab-completion, but the system needs elevated privleges to get the info for the tab completion? Can you do sudo -i first to put yourself in a temporarily elevated shell?
|
# ? Dec 3, 2013 17:51 |
Thermopyle posted:On Ubuntu what's a good way to work with commands that have tab-completion, but the system needs elevated privleges to get the info for the tab completion? This is one thing I hate about sudo vs. simply su'ing to root. I usually just type out the command sans sudo, then hit home and add in the sudo last. Does zpool tab complete even with an unprivileged user?
|
|
# ? Dec 3, 2013 18:14 |
|
Thermopyle posted:On Ubuntu what's a good way to work with commands that have tab-completion, but the system needs elevated privleges to get the info for the tab completion? Copy whatever completer gets used to your local config file and then prepend a sudo to it.
|
# ? Dec 3, 2013 18:22 |
|
What's a good way I can write a script on my side to send commands to a remote host via SSH? This isn't something I can send a script to and run remotely, so every command I need to send needs to be written locally.
Drunk Badger fucked around with this message at 19:51 on Dec 3, 2013 |
# ? Dec 3, 2013 19:48 |
|
Drunk Badger posted:What's a good way I can write a script on my side to send commands to a remote host via SSH? This isn't something I can send a script to and run remotely, so every command I need to send needs to be written locally. Net::SSH Paramiko Pexpect Expect if you hate yourself.
|
# ? Dec 3, 2013 19:56 |
|
Drunk Badger posted:What's a good way I can write a script on my side to send commands to a remote host via SSH? This isn't something I can send a script to and run remotely, so every command I need to send needs to be written locally. I've attached a work in progress python script that I use daily to do this, seems to do the trick for most things. Please note that there are issues with the script which I've noted below. I'll put it up on github or sourcefourge... eventually. Comments welcome. Requirements: python-argparse, python-paramiko, python 2.6+ (2.7+ more better for a number of reasons, including native argparse) I TAKE NO RESPONSIBILITY FOR THIS SCRIPT RUNNING ON LIVE PRODUCTION SYSTEMS AND BURNING THINGS TO THE GROUND OR OTHERWISE BREAKING poo poo so use common sense pls http://howdoilinux.com/files/premote sample command: code:
- move sudo prompt into OutputThread - clean up argument parsing (-q -k unexpected behavior) KNOWN ISSUES: - child threads default to 30 second connect timeout (OpenSSH default). This is an issue when attempting to connect to a host in DNS with no network. Workaround with -T <n> (ssh connect timeout). Root cause: child threads do not catch the ^C against the parent thread. matato fucked around with this message at 20:52 on Dec 3, 2013 |
# ? Dec 3, 2013 20:29 |
|
pliantkitchen posted:I've attached a work in progress python script that I use daily to do this, seems to do the trick for most things. Paramiko can be wily and it hangs or kills the child thread on extremely long-running remote commands - I'm still debugging that issue. I'll put it up on github or sourcefourge... eventually. Comments welcome. I use pliant's script daily as well (we work together - sup bro) for all manner of tasks that are too ad-hoc for Puppet and for things I'd prefer to run via sudo rather than root. Here's an example of me bouncing all five of my Splunk indexers at once code:
|
# ? Dec 3, 2013 20:39 |
|
pliantkitchen posted:I've attached a work in progress python script that I use daily to do this, seems to do the trick for most things. Paramiko can be wily and it hangs or kills the child thread on extremely long-running remote commands - I'm still debugging that issue. I'll put it up on github or sourcefourge... eventually. Comments welcome. Honest question: What's the advantage of this over polysh?
|
# ? Dec 3, 2013 20:49 |
|
evol262 posted:Honest question: That's a good question! I've never used polysh. I'm curious how it handles multi-line output or interactive responses (sudo, yes/no, ls -l on a large directory)... all of the examples I see on that page show commands that produce one line of output. Edit: Gave a quick spin... a few pros: - synchronous commands on multiple hosts (acts like DSH on AIX) - multi-line output and interactive responses handled well a few knocks (maybe there are flags to disable some of these so ignore if so): - requires a known_hosts entry for the remote host, does not auto-add from what I found - assumes SSH keys - much more complex for simple tasks - output generated is not easily parsed using simple commands In general, if something were to require me to use an interactive shell for configuration like polysh I'd rather throw it into puppet to avoid fat fingering something. We typically use premote for fire-and-forget operational tasks (sudo service restart, etc) or auditing flat files; in general stuff that doesn't require tight synchronization or the use of distributed shells. matato fucked around with this message at 21:36 on Dec 3, 2013 |
# ? Dec 3, 2013 20:55 |
|
I ended up using pexpect, which worked pretty well. Thanks for the advice!
|
# ? Dec 3, 2013 22:30 |
|
pliantkitchen posted:That's a good question! I've never used polysh. I'm curious how it handles multi-line output or interactive responses (sudo, yes/no, ls -l on a large directory)... all of the examples I see on that page show commands that produce one line of output. I guess I've always used polysh for exactly the same things your example command lines looked like. I take keybased auth as a given, but using polysh to run commands across servers which don't require enough complexity for mcollective, one-off puppet runs, or whatever is natural enough. I'd definitely rather use puppet, chef, ansible, or something else for configuration management, but my implication was that you don't necessarily need to roll your own utility for fire-and-forget operational tasks. That said, I've never seen a utility quite like premote before, and there's definitely room for more than one tool in this space. You should try to get it packaged in Debian, and/or Fedora/EPEL.
|
# ? Dec 3, 2013 22:36 |
|
evol262 posted:I take keybased auth as a given Maybe I'm being naïve, but - is this the case everywhere? I've never been in a shop that has encouraged blasting SSH keys to thousands of boxes just for convenience's sake.
|
# ? Dec 3, 2013 22:49 |
|
Cidrick posted:Maybe I'm being naïve, but - is this the case everywhere? I've never been in a shop that has encouraged blasting SSH keys to thousands of boxes just for convenience's sake. I guess I should have said passwordless auth, but it's common to have keys, kerberos auth+forwardable tickets, or some other method of single-sign-on for SSH. If you're in a regulated environment which needs auditing, you may still be connecting with your account and escalating with powerbroker, sudo (with pam_audit logging), or some other mechanism, but there's no reason to be typing in your password (or worse, a root or service password) all day. SSH keys are an expected part of AWS-like environments as well.
|
# ? Dec 3, 2013 22:58 |
|
evol262 posted:I guess I should have said passwordless auth, but it's common to have keys, kerberos auth+forwardable tickets, or some other method of single-sign-on for SSH. If you're in a regulated environment which needs auditing, you may still be connecting with your account and escalating with powerbroker, sudo (with pam_audit logging), or some other mechanism, but there's no reason to be typing in your password (or worse, a root or service password) all day. That's a good point, I didn't take Kerberos into account. I could see polysh being very useful in an environment like that...
|
# ? Dec 3, 2013 23:16 |
|
Cidrick posted:Maybe I'm being naïve, but - is this the case everywhere? I've never been in a shop that has encouraged blasting SSH keys to thousands of boxes just for convenience's sake.
|
# ? Dec 4, 2013 01:53 |
|
So, somewhat related to the Linux topic, but I'm leaving my current job next Friday. They're finally starting to realize that it's impossible for the guy they've chosen to replace me to actually do anything near what I do. They want to keep me available as a contractor. I'm not sure of the full details yet, like if I get to set the rate, etc. I'm looking for some tips on how to approach this as I've never done consulting/contract type stuff before. What should I charge? Is there anything I need to be aware of?
|
# ? Dec 4, 2013 16:32 |
|
Goon Matchmaker posted:So, somewhat related to the Linux topic, but I'm leaving my current job next Friday. They're finally starting to realize that it's impossible for the guy they've chosen to replace me to actually do anything near what I do. They want to keep me available as a contractor. I'm not sure of the full details yet, like if I get to set the rate, etc. I'm looking for some tips on how to approach this as I've never done consulting/contract type stuff before. What should I charge? Is there anything I need to be aware of? The best thing you can do is to leave good documentation for the new guy. I'm sure you couldn't do anything near what you can do when you started in your position either. If you're going to contract for them, you should basically set the following conditions:
|
# ? Dec 4, 2013 17:34 |
|
Not entirely a Linux question but since there isn't an OpenSSH thread I figure it makes the most sense here, is there any way to get OpenSSH to behave more like PuTTY when it encounters a key mismatch? As in scream and yell a warning, but still let me acknowledge and continue on? Or at least tell it to never, ever, ever remember keys for common internal IPs like 192.168.1.1? It's annoying as hell to have a 50/50 shot of needing to open up known_hosts and delete a line every time I connect to a device at a customer site.
|
# ? Dec 4, 2013 17:45 |
|
wolrah posted:Not entirely a Linux question but since there isn't an OpenSSH thread I figure it makes the most sense here, is there any way to get OpenSSH to behave more like PuTTY when it encounters a key mismatch? As in scream and yell a warning, but still let me acknowledge and continue on? wolrah posted:Or at least tell it to never, ever, ever remember keys for common internal IPs like 192.168.1.1? Host whatever Hostname 192.168.1.1 UserKnownHostsFile /dev/null StrictHostKeyChecking no
|
# ? Dec 4, 2013 18:04 |
|
evol262 posted:StrictHostKeyChecking no quote:~/.ssh/config This got me on the right track, and I found that this apparently works: code:
|
# ? Dec 4, 2013 18:17 |
|
evol262 posted:W2 only. If they want to make you I9 If they're moving him from a waged employee to a contractor, he'll likely not be compensated via regular W-2 in the company any longer - that's synonymous with a waged employee, something a contractor is not. If what he said is actually what's happening, he'll definitely be filing for a 1099, or Independent Contractor. Why you brought up an I-9 (aka: whether or not he's legal to work in the United States, I'll never know - as that doesn't cause any tax hassle at all). eightysixed fucked around with this message at 17:48 on Dec 5, 2013 |
# ? Dec 4, 2013 19:40 |
|
evol262 posted:The best thing you can do is to leave good documentation for the new guy. I'm sure you couldn't do anything near what you can do when you started in your position either. I've written about 100 pages of documentation covering day to day stuff and some of the more common things that explode, so there's that. The guy is a windows admin they're trying to shoehorn into Linux administration. His knowledge extends as far as "cd" and "ls". quote:If you're going to contract for them, you should basically set the following conditions: I don't think any of this is unreasonable. I've given them 3 full weeks of notice and made myself available over the thanksgiving week I took off in case they had issues. The contract labor stuff is going to go straight to savings if I do any of it which is the only reason I'm considering it. Thanks!
|
# ? Dec 4, 2013 19:45 |
|
Don't look at it like you're doing a favor for them, it's an opportunity for you to make more money and expand your business knowledge and resume. Do you have the time and interest in doing so? You have no obligation to do anything for them. If you do want the extra work and extra money then charge them a rate that makes it worth your time. If "worth your time" is double or whatever then be honest and tell them that, but know that if you ask for something ridiculous they'll think poorly of you. I'd suggest you work for them on "projects" only. Scope the work, send them an estimate, and have them approve, all before you do any actual work. Don't let them call you whenever they want and ask you to do something if you have a new full time job, they need to schedule your time in advance. This helps you not gently caress up your real job and makes sure they understand you work for them on specific tasks agreed upon tasks only. After the work is done make sure they sign off on it and send them an invoice. Save all the emails.
|
# ? Dec 4, 2013 22:33 |
|
Got a new lenovo T430 laptop. I put Fedora 19 on it. It seems that every windowmanager except for Cinnamon has really poor graphics performance, like an old OLD OLD windows 3.1 box with no 2d or 3d acceleration. Any window I move gets "jagged" and so does any video. UNLESS i use Cinnamon. I'm not sure what kind of thing i'm missing, because i'm a dummy when it comes to X.
|
# ? Dec 6, 2013 04:03 |
|
Is there a best practices guide for securing linux (CentOS in this case) servers? Right now I've got a VPS with some basics set up. fail2ban, iptables drops null/xmas packets and lock down the ports I'm not using, ssh password authentication disabled etc. It would be nice to know if I'm missing some really obvious things.
|
# ? Dec 6, 2013 15:46 |
|
more like dICK posted:Is there a best practices guide for securing linux (CentOS in this case) servers? Right now I've got a VPS with some basics set up. fail2ban, iptables drops null/xmas packets and lock down the ports I'm not using, ssh password authentication disabled etc. It would be nice to know if I'm missing some really obvious things. We don't enable every service under the sun anymore, so most of your IPtables "lock down the ports I'm not using" rules are doing essentially nothing. Linux is basically "secure" out of box on a default installation of Debian, CentOS, or whatever. It's a waste of time to go "harden" it by setting up port knocking, fail2ban, and other "make sure people can't brute force my SSH password!" services as long as you're using keybased auth or have a strong password. It's extremely likely that you'll get compromised through whatever services you are running (whatever those happen to be -- Wordpress exploit, etc), so worry about hardening those. nitrogen posted:Got a new lenovo T430 laptop. Do you actually have accelerated graphics on it? Because it doesn't sound like it. glxinfo |grep Direct
|
# ? Dec 6, 2013 16:04 |
|
evol262 posted:If you really care, you should read this. Thanks, that makes sense. I'm more comfortable and experienced with the application side of things, not the OS
|
# ? Dec 6, 2013 16:21 |
|
|
# ? May 9, 2024 22:41 |
|
evol262 posted:If you really care, you should read this. This is very much true. Although, fail2ban does do DoS mitigation that can arise from brute-forcing. We have a rule in production to block an IP for x minutes if y failures occur during a given interval. Before this, it wasn't uncommon for Dovecot login processes to swell and max out while some attacker enumerated over every username A-Z. Same idea for SASL authentication via SMTP with Postfix. A similar practice is used for MySQL and iptables, since it's been the target of a brute-force in production. Use rate limiting to restrict the number of remote MySQL connections. This only works though, because the majority of MySQL traffic originates on the same server as the MySQL server itself. Remote access is provided as a convenience. Important thing is to follow guidelines with some discretion. Know why you're doing it in addition to what you're doing.
|
# ? Dec 6, 2013 17:25 |