|
I've largely switched from Ubuntu, to Fedora for desktops & Rocky for VMs doing server duty. The VMs are still hosted on a micro form factor Dell running Ubuntu but next time I rebuild it, it'll probably become Fedora too. Snaps finally drove me away. One of the big learning curves on redhat related distros is selinux. It's powerful but opaque.
|
#
?
Jan 23, 2023 21:56
|
|
|
|
| # ? May 24, 2024 14:49 |
|
|
SELinux is a powerful tool. Too powerful, perhaps. Particularly when working on a machine you didn't set up and weren't informed it was enabled on, only to keep bashing your head against permissions apparently not working like they should until you think for a moment: "hang on, is SEL enabled on this loving thing?" and realise that's why you wasted an hour checking config files and feeling like you've gone crazy.
|
|
#
?
Jan 23, 2023 21:59
|
|
|
The health of the Debian community has been looking better than ever in the last few years. Debian is an extremely safe bet for a good long-term experience.
|
|
#
?
Jan 23, 2023 22:20
|
|
|
Small PSA for anyone with a new-ish laptop with an Intel CPU, probably Thinkpad T480/8th gen Intel Core and newer: Due to Intel's "Dynamic Platform and Thermal Framework" (DPTF), the CPU may be held at a lower performance level due to DPTF needing drivers that are Windows-only. I couldn't find any mention of it here or in a forums search, so I figured it's still semi-obscure knowledge. https://www.notebookcheck.net/Lenovo-admits-ThinkPad-CPU-throttling-problem-when-running-Linux-fix-in-development.435549.0.html The fix is to run thermald (recommended) or throttled, in order to allow the CPU to enter higher-power modes. As an example, my T480 with an i5-8350U will not go over 2.4GHz when testing with s-tui, but with thermald running, it will sit happily at 3GHz all day. I can switch thermald on and off while the stress test is running and see the frequency change. If your distro doesn't install thermald by default, you should probably install it. KozmoNaut fucked around with this message at 23:15 on Jan 23, 2023 |
|
#
?
Jan 23, 2023 22:52
|
|
|
Tesseraction posted:SELinux is a powerful tool. Too powerful, perhaps. Particularly when working on a machine you didn't set up and weren't informed it was enabled on, only to keep bashing your head against permissions apparently not working like they should until you think for a moment: "hang on, is SEL enabled on this loving thing?" and realise that's why you wasted an hour checking config files and feeling like you've gone crazy. I tried real hard to get it enabled by default when RHEL7 landed but people got real whiny about taking the time to get all their services using it properly so after a couple months management sent the order to go in and disable it. I didn't fine it that hard, the learning curve certainly sucks but once you set up a few rules it all starts to make sense and I really like daemons being strictly limited in what it can access. With a configuration management tool it's pretty convenient to modify things cluster wide.
|
|
#
?
Jan 23, 2023 23:18
|
|
|
chmod 777 oughta be enough for anyone
|
|
#
?
Jan 24, 2023 00:51
|
|
|
KozmoNaut posted:Small PSA for anyone with a new-ish laptop with an Intel CPU, probably Thinkpad T480/8th gen Intel Core and newer: Due to Intel's "Dynamic Platform and Thermal Framework" (DPTF), the CPU may be held at a lower performance level due to DPTF needing drivers that are Windows-only. I couldn't find any mention of it here or in a forums search, so I figured it's still semi-obscure knowledge. This is useful, thanks.
|
|
#
?
Jan 24, 2023 06:58
|
|
|
Trying to move away from windows here and have been mostly successful except gaming. Using steam and various version of proton I can get everything to launch and run fine with the exception of audio. Sound works great for movies and shows. All 8 channels come through and are clear but in any non Linux native game I've tried it's choppy and all sounds are the same volume level regardless of distance from source in games. The setup Ryzen 7 3700 6700xt Asus xonar DG or DX (7.1 analog out) Mint 21.1 currently, willing to try others All my searching shows years old results showing this has been fixed since version 3.x of proton or some weird poo poo where they're trying to stream audio to a raspberry pi or something. The instructions for the solutions didn't seem to follow the way things actually worked, I'm guessing they were all for things several versions ago. I'm leaning towards thinking it has something to do with the sample rate but almost all my Linux experience is in embedded systems or a headless file server, nothing with pulse or ALSA. What should I be searching for or reading to learn how to fix this?
|
|
#
?
Jan 27, 2023 16:11
|
|
|
Looks like Mint still isn't using PipeWire. At this point I'd definitely want pipewire for gaming since that's what Steam uses on the Deck. Especially if you have a multi-channel setup. So you could switch Mint over to pipewire, which looks possible but very manual (no pipewire bundle in the mint repos so you're adding debian PPAs). Or you could switch to a distro that's more bleeding-edge than Mint. Which is most of them, even something like fedora. This is probably IMO a good idea if gaming is a primary purpose for you. I briefly used a Xonar audio card with my linux install before switching to a USB DAC/AMP. Had no problems with it -- the Xonars are really a standard Cirrus audio chip with Asus silkscreened on top, so they're terribly weird. Only bought the USB thing because I needed more PCIe slots for my Windows Gaming VM plan, which I'm not even doing because linux gaming works so well for me. OTOH I've never done anything but 2-channel because I use headphones only. So I have zero clue about all the potential problems of multi-channel, with the Xonar or just in general.
|
|
#
?
Jan 27, 2023 16:41
|
|
|
OSS (which was dual GPL+BSD licensed, and got implemented in FreeBSD where it's used to this day), ALSA, JACK, PulseAudio, PipeWire, and I'm probably forgetting at least one or two - so I give it a few years before the latter is deprecated in favour of something else.
|
|
#
?
Jan 27, 2023 17:13
|
|
|
PipeWire has been absolutely hassle free for me, and also nice it could act as a 1:1 drop-in replacement for PulseAudio. All I remember of OSS from Linux back in the early '00s was audio only worked around half the time on a lucky day.
|
|
#
?
Jan 27, 2023 17:23
|
|
|
Thanks I installed Mint on it because it was the easiest, I installed it on an old Thinkpad a while back and it just worked without any hassle. I don't game on that laptop so I didn't run into this issue until a few weeks ago. I found the Cinnamon desktop to be easy to use and resolved many of my complaints about win 10. I'll do some reading on it, in the meantime if anyone has any distro suggestions I'm willing to do some experimenting.
|
|
#
?
Jan 27, 2023 18:00
|
|
|
SpeedFreek posted:Trying to move away from windows here and have been mostly successful except gaming. Using steam and various version of proton I can get everything to launch and run fine with the exception of audio. Sound works great for movies and shows. All 8 channels come through and are clear but in any non Linux native game I've tried it's choppy and all sounds are the same volume level regardless of distance from source in games. I use Mint exclusively and when it comes to Wine. Best bet is the Staging version. Use the latest Proton from ProtonDB.
|
|
#
?
Jan 27, 2023 19:02
|
|
|
Theres a gaming mega thread over in games, https://forums.somethingawful.com/showthread.php?threadid=4004994&pagenumber=12&perpage=40 that will probably be a good resource (not that you can't ask here). As far as dristros to check out, for gaming, Fedora, Pop_OS and Arch + derivatives (manjaro) are crowd favorites. I would recommend Fedora personally, for linux gaming its good to be on a rolling release distro and Fedora is very stable for being bleeding edge.
|
|
#
?
Jan 27, 2023 21:20
|
|
|
I've had (almost) no issues with Fedora. The only thing I've had break for it in the 2ish years I've used it now is a kernel update a month ago or so that broke smb shares, but it got fixed within a couple days and I just rolled back the kernel in the meantime.
|
|
#
?
Jan 28, 2023 00:30
|
|
|
Klyith posted:Looks like Mint still isn't using PipeWire. At this point I'd definitely want pipewire for gaming since that's what Steam uses on the Deck. Especially if you have a multi-channel setup. On my mint 21 install at least pipewire is available in the official preconfigured repos, no adding PPAs required. Edit: ah the link does mention that it's already there, but suggests the PPA for a more up to date version. Ignore me then, I contributed nothing here 
Phosphine fucked around with this message at 09:53 on Jan 28, 2023 |
|
#
?
Jan 28, 2023 09:04
|
|
|
I'm having trouble forwarding port 80, but I can forward port 8080 just fine. I don't understand where the packets are being dropped and need some help. I've got a debian box running proxmox. I need to temporarily forward port 80 on the public IP to a VM. Below I am forwarding 80 and 8080 to the VM. Port 8080 works, port 80 doesn't work. Troubleshooting: I did a tcpdump, I can see the port 80 request come in, but no response. From the debian host, wget localhost:80 works. From the internet, wget ip:80 does not work. Since this is temporary, I chose to use socat rather than iptables as fat fingering isn't going to lock me out. code:
|
|
#
?
Jan 29, 2023 15:45
|
|
|
Are you certain there's nothing upstream potentially blocking port 80? What does your iptables nat table look like? The only practical different between 80 and 8080 is that being a low-numbered port you need superuser privileges to open a socket on it--which you have, and which you've demonstrated works via localhost.
|
|
#
?
Jan 29, 2023 15:52
|
|
|
From the wireshark, I can see port 80 request come in from the internet. This leads me to believe nothing upstream is blocking. Does iptables -S not display the nat table? What cmd will print that?
|
|
#
?
Jan 29, 2023 16:00
|
|
|
iptables -t nat -L
|
|
#
?
Jan 29, 2023 16:05
|
|
|
ok, that solved the mystery. From previous attempts to forward ports (months ago) with iptables, I had some entries in the nat table. Removing those, the socat forward works fine. Thanks goons.
|
|
#
?
Jan 29, 2023 16:15
|
|
|
People still use iptables???
|
|
#
?
Jan 29, 2023 16:53
|
|
Associate Christ
|
other people posted:People still use iptables??? For some, it's still the only option (*cough*AIX*cough*). Though I loving hate ufw, and it's actually one of the reasons I main RH. Firewalld is far superior for the casual user and has plenty of power user features.
|
|
#
?
Jan 29, 2023 16:56
|
|
|
pretty sure iptables was default installed on debian 11 edit: or maybe it came with proxmox idk horse_ebookmarklet fucked around with this message at 17:03 on Jan 29, 2023 |
|
#
?
Jan 29, 2023 16:58
|
|
|
nvm i can't read
|
|
#
?
Jan 29, 2023 17:04
|
|
|
other people posted:People still use iptables???
|
|
#
?
Jan 29, 2023 17:05
|
|
|
Doesn't Linux have a firewall based off BPF nowadays?ExcessBLarg! posted:It works for me? What am I supposed to use now?
|
|
#
?
Jan 29, 2023 17:07
|
|
|
ExcessBLarg! posted:It works for me? What am I supposed to use now? Isn't nftables the replacement?
|
|
#
?
Jan 29, 2023 17:08
|
|
|
RedHat is warning that iptables could disappear in any RHEL9 point release. They want people off it. Learn them nftables/firewalld, kids.
|
|
#
?
Jan 29, 2023 17:12
|
|
|
nftables is the iptables replacement, I think its in most modern distros by this point, at least its the default in debian Edit, lol
|
|
#
?
Jan 29, 2023 17:12
|
|
|
Mr. Crow posted:nftables is the iptables replacement, I think its in most modern distros by this point, at least its the default in debian Also, if memory serves, it's administrated with the nft command-line utility, which is just loving hilarious now. 
|
|
#
?
Jan 29, 2023 17:42
|
|
|
Looks like nftables replaced iptables in Ubuntu 21.10 and I haven't had to do any firewall stuff in 22.04 yet. But nftables doesn't use the same in-kernel mechanisms as bpf right? Honestly 90% of my iptables usage these days is DNAT rules to redirect traffic to test hosts. I don't do much in the way of actual packet filtering since that all happens upstream of stuff I manage.
|
|
#
?
Jan 29, 2023 18:08
|
|
|
ExcessBLarg! posted:Looks like nftables replaced iptables in Ubuntu 21.10 and I haven't had to do any firewall stuff in 22.04 yet. It's great that Linux finally has a proper firewall that can do that, it's needed it for longer than I can remember.
|
|
#
?
Jan 29, 2023 18:12
|
|
|
I could have sworn the kernel already had support for BPF. Doesn't io_uring use it?
|
|
#
?
Jan 29, 2023 20:42
|
|
|
Neither io_uring nor nftables uses BPF/eBPF or any kind of bytecode at all.
|
|
#
?
Jan 29, 2023 22:47
|
|
|
What's the recommended low-bullshit way to record and graph system statistics on a Linux server? Last time I did it it was mid-2000s and collectd+rrdtool+some perl scripts to dump gifs in htdocs every hour but these days it doesn't look like collectd is even available in vendor repositories anymore. I can find lots of stuff about cluster monitoring dashboards that require like a half dozen docker containers, I just want something dumb and simple for tracking utilization on a single system.
|
|
#
?
Jan 29, 2023 22:48
|
|
|
BlankSystemDaemon posted:They're both virtual machines that execute bytecode in order to match and process packets, so I find it hard to believe that the netfilter folks weren't at least inspired - which is fine, it's about the best design for a firewall that anyone has come up with. Doesn’t netfilter go back to the 90s, built by some Australian guy for…SunOS? Or is this a name collision?
|
|
#
?
Jan 29, 2023 23:03
|
|
|
corgski posted:What's the recommended low-bullshit way to record and graph system statistics on a Linux server? Last time I did it it was mid-2000s and collectd+rrdtool+some perl scripts to dump gifs in htdocs every hour but these days it doesn't look like collectd is even available in vendor repositories anymore. A few pages back someone asked and I recommended sysstat but some other posters around me had what seem to be way better solutions Original question: https://forums.somethingawful.com/showthread.php?noseen=0&threadid=2389159&pagenumber=925&perpage=40#post529056492
|
|
#
?
Jan 29, 2023 23:41
|
|
|
Oh nice, sysstat plus sarviewer looks like exactly the level of complexity I need. Thanks!
|
|
#
?
Jan 29, 2023 23:56
|
|
|
|
| # ? May 24, 2024 14:49 |
|
|
VostokProgram posted:I could have sworn the kernel already had support for BPF. Doesn't io_uring use it? Subjunctive posted:Doesn’t netfilter go back to the 90s, built by some Australian guy for…SunOS? Or is this a name collision? Darren Reeds ipf(ilter), which is probably what you're thinking of, was the firewall of a lot of Unix-likes that weren't BSD or based on it, and it's what Solaris uses to this day - although it's way more maintained in FreeBSD, where Cy Schubert is working regularly on it. EDIT: Interestingly enough, BPF isn't the first firewall, as the code for BPF readily points out - which makes me wish there was as good a digital archiving done with Stanford/CMU derived code as there's been with software out of Berkeley. The BPF based ipfw that's in FreeBSD nowadays derives its BPF functionality from BSD/OS after it was ported by Luigi Rizzo. BlankSystemDaemon fucked around with this message at 01:55 on Jan 30, 2023 |
|
#
?
Jan 30, 2023 01:30
|
|