|
xzzy posted:I was spitting nails last night trying to get an unencrypted adhoc network set up on my raspberry. Doing it with four iw commands? Easy, had it working in two minutes. So systemd is still doing its job? systemd-network isn't the default anywhere I know of. I'd probably do the same Volguus posted:If only Lennart would be ... reasonable (or sane or ... just loving normal). The way bugs are dealt with in systemd is beyond abysmal. The latest famous ones are those that he got a PWNIE prize for (https://www.theregister.co.uk/2017/07/28/black_hat_pwnie_awards/). To be so opposed to have a CVE filled? WTF? So defensive of his project that I'm not even sure is healthy. Lennart is not in charge of CVEs. oss-sec and the srt are. He's also correct that a lot of potential vulnerabilities (and there are a lot in a C project running as root and init) are extremely minor or difficult to exploit. I'd also be opposed to putting "CVE-..." in the git log, because it isn't self-documenting at all. This is reasonable IMO. I have problems with filing systemd bugs. They almost always get closed until I re-open and explain why it's actually a problem. There are process problems. This is not one of them. It's not "being shoved down your throat", though? By whom? Your distro maintainers, who decided systemd was a better technical solution than sysvinit or upstart? I encourage everyone who parrots the "Redhat is forcing systemd" to read the Debian steering committee's debate (or SuSE's, or Gentoo's). Open source doesn't work by fiat. Even major projects (mysql, x11, etc) have debates and fork. Sometimes the fork wins. Sometimes it doesn't. It's on merits.
|
#
?
Aug 2, 2017 20:38
|
|
|
|
| # ? Jun 11, 2024 03:14 |
|
|
evol262 posted:So systemd is still doing its job? systemd-network isn't the default anywhere I know of. I'd probably do the same What job is that? Obfuscating system init so it's impossible to trace what it's actually doing? Because gently caress yeah it's doing a great job of it.  Perhaps my failure comes from using arch documentation. Too bad when you google for this stuff that's always the top link.
|
|
#
?
Aug 2, 2017 20:45
|
|
|
xzzy posted:What job is that? Obfuscating system init so it's impossible to trace what it's actually doing? Because gently caress yeah it's doing a great job of it. systemd.confirm_spawn, systemd.debug_shell, systemd.log_target, systemctl (in general, but in particular '-p "Wants"') and systemd-analyze are your friends. Figuring out what happens when and why is a hell of a lot easier than grepping through /etc/rc*.d for sysvinit "dependencies" I meant that systemd units are working as expected, not netctl, which is a typical Arch pile of hot garbage. You'd honestly be better off using systemd-network (not that I'd recommend that either)
|
|
#
?
Aug 2, 2017 21:43
|
|
|
What would you recommend?
|
|
#
?
Aug 2, 2017 21:56
|
|
|
xzzy posted:What would you recommend? NetworkManager or ip, probably
|
|
#
?
Aug 2, 2017 22:53
|
|
|
apropos man posted:On my laptop I quite often find myself trying to compile something or install a package and mess it up. Over time my system can often end up in a mess of partly installed packages and libraries. Theres a few things you can do. 1. 'Optify' everything by setting the PREFIX/--prefix with make/configure/whatever to /opt/app. Then everything sits in a folder. With a bit of scripting you can get /opt/**/bin on your path. 2. If you use a deb or rpm based distro, do the install step through checkinstall. This does *magic* and whatever files get put on disk become files from a deb/rpm package. Which you can then uninstall/reinstall/distribute easily. 3. Find community repos of the thing you want. 4. Docker/flatpak/whatever 'containerisation'. 5. SUSE has snapshots out of the box with snapper. Providing you run snapper frequently enough, you can do your 'totally not going to cause headaches' snapshotting.
|
|
#
?
Aug 2, 2017 23:42
|
|
|
I actually got the idea from someone on Reddit saying that they were using a combination of Tumbleweed/snapper/btrfs to achieve it. It''s likely that I'll give SUSE Tumbleweed a try over the next week. Cheers.
|
|
#
?
Aug 3, 2017 00:26
|
|
|
Horse Clocks posted:Theres a few things you can do. #1 is the "old school Unix" way of doing this but depending on what they're doing it might not satisfy all their needs. #3 is the newer way. Not just docker, but many OSs support some flavor of jails/zones, and pretty much everything supports a simple chroot if you're not concerned about kernel-level isolation. The downside is that you will have to be handy at setting everything up. I assume once you get a formula down then 95% of stuff will be smooth sailing but it's gonna be way more involved than "apt-get install myweirdapp". #5 isn't a bad idea but that's OS-specific (and SUSE isn't that popular/supported a distro anymore). If you're into these kinds of use-cases you might as well just install ZFS and call it a day. ZFS-on-Linux is mature enough to depend on nowadays with a major distro like Debian/Ubuntu/RHEL/CentOS/etc. --- Apropos of nothing but: in my brief adventure with FreeBSD I was extremely impressed with Ports in an engineering sense. Compared to the usual hell that ensues when you try and hand-build stuff, Ports is just magic. Everything builds cleanly with just a "make clean install", I can't imagine how much work it takes to keep everything synced like that. I don't think FreeBSD had drivers for my cheapo generic USB 3.0 addon card that I use on that server rig. I still need USB 3.0 support until I'm done re-arranging my data, so for now I'm gonna use Ubuntu, but I'm thinking real seriously that long-term that machine may be running FreeBSD as just a dedicated NAS (with maybe a few applications in containers/VMs or on other machines). Illumos seems really nice with its Branded Zones too - in theory you can run Linux applications (eg Ubuntu-based docker containers) pretty close to the metal. That seems like a compelling feature, but something like OpenIndiana would take me even further off the beaten path in terms of drivers/support. For now, this machine is my v1.0 attempt at a ZFS-based NAS. Right now I'm just going to focus on learning the ropes of this and trying not to lose data. At some future point I'd like to upgrade to an 8-bay NAS and I'll handle a decision of OS for that at a future point.
|
|
#
?
Aug 3, 2017 00:33
|
|
|
What's the virtualization solution in FreeBSD? I'm running CentOS as my server host with a few Linux guests running the actual services via KVM/qemu. I keep the CentOS host as 'clean' and vanilla as possible with no extra packages on it, running it headless and installing my VM's with the virt-install command. Is there an equivalent in FreeBSD that runs Linux guests nice?
|
|
#
?
Aug 3, 2017 00:52
|
|
|
apropos man posted:What's the virtualization solution in FreeBSD? I'm running CentOS as my server host with a few Linux guests running the actual services via KVM/qemu. I keep the CentOS host as 'clean' and vanilla as possible with no extra packages on it, running it headless and installing my VM's with the virt-install command. Is there an equivalent in FreeBSD that runs Linux guests nice? Jails, which are largely similar to LXC containers or Solaris/Illumos "zones". You're still running on a shared kernel (and so it's relatively fast) but it's more isolated than a standard chroot can allow. However, that limits you to applications that could run natively on FreeBSD - whereas with a Solaris/Illumos "branded zone" you get a compatibility layer that shims calls to the kernel, so you can run Linux applications "natively-ish".
|
|
#
?
Aug 3, 2017 01:04
|
|
|
apropos man posted:What's the virtualization solution in FreeBSD? I'm running CentOS as my server host with a few Linux guests running the actual services via KVM/qemu. I keep the CentOS host as 'clean' and vanilla as possible with no extra packages on it, running it headless and installing my VM's with the virt-install command. Is there an equivalent in FreeBSD that runs Linux guests nice? bhyve. apropos man posted:I actually got the idea from someone on Reddit saying that they were using a combination of Tumbleweed/snapper/btrfs to achieve it. It''s likely that I'll give SUSE Tumbleweed a try over the next week. Cheers. Fedora Modularity is similar to this. Here is one of Poettering's good ideas. Didn't take off, though. Paul MaudDib posted:#3 is the newer way. Not just docker, but many OSs support some flavor of jails/zones, and pretty much everything supports a simple chroot if you're not concerned about kernel-level isolation. The downside is that you will have to be handy at setting everything up. I assume once you get a formula down then 95% of stuff will be smooth sailing but it's gonna be way more involved than "apt-get install myweirdapp". chroot doesn't always work well these days. systemd and selinux in particular get quirky on kernls with namespace support. Paul MaudDib posted:#5 isn't a bad idea but that's OS-specific (and SUSE isn't that popular/supported a distro anymore). If you're into these kinds of use-cases you might as well just install ZFS and call it a day. ZFS-on-Linux is mature enough to depend on nowadays with a major distro like Debian/Ubuntu/RHEL/CentOS/etc. ZFS also doesn't solve this problem. ZFS is great, but it's not a magic bullet. LVM snapshotting is also 100% capable of this use case. I wouldn't rely on ZFS-on-Linux on any system which requires building the modules, since this often fails on updates between CentOS/Fedora versions (in my experience) and requires manual intervention. Paul MaudDib posted:Apropos of nothing but: in my brief adventure with FreeBSD I was extremely impressed with Ports in an engineering sense. Compared to the usual hell that ensues when you try and hand-build stuff, Ports is just magic. Everything builds cleanly with just a "make clean install", I can't imagine how much work it takes to keep everything synced like that. Picking the "right" defaults and putting a curses frontend on it is clever, but they're mostly the default values for whatever package anyway. Automatically grabbing dependencies this way is clever, though. pkgsrc is more impressive to me, since it basically worked everywhere. Paul MaudDib posted:Illumos seems really nice with its Branded Zones too - in theory you can run Linux applications (eg Ubuntu-based docker containers) pretty close to the metal. That seems like a compelling feature, but something like OpenIndiana would take me even further off the beaten path in terms of drivers/support. Zones/jails are great and all, for the same use cases as lxc. They are not a substitute for VMs or namespaced containers, though.
|
|
#
?
Aug 3, 2017 01:13
|
|
|
I guess that would work fine with the majority of Linux guests. Most of my vm's are just doing generic things like Plex, backups, webserver etc. Nothing fancy that would result in weird interactions with a BSD kernel. I wonder what sort of stuff would actually cause incompatibilities? E: didn't realise a couple of replies went in while I typed this. It belongs up there ^ somewhere. apropos man fucked around with this message at 01:17 on Aug 3, 2017 |
|
#
?
Aug 3, 2017 01:14
|
|
|
evol262 posted:So systemd is still doing its job? systemd-network isn't the default anywhere I know of. I'd probably do the same Well, the users are feeling like it's being "shoved down their throats" by their distributions. Since systemd has grown so large and is covering so many (useful indeed) tasks, programs do get dependent on it (Gnome & co for example). And then you find yourself in a position to not be able to easily move to a non-systemd system. It even prompted OpenBSD (at least on their mailing list, no idea if they did it for real) to make an systemd shim API, just to make stupid programs compile and run without too much hassle. That's not, of course, Lennart's fault, is actually his victory. But a lot of people are not happy. Including IT guys that claim they have lost precious logs because journald hosed up. Sure, you can send them to syslog too, but is not a "by default" setting. Overall, systemd filled a need. It is a bit too successful at "filling needs" for one project to handle though. And the developers working on it are sometimes behaving like children (which is off-putting too).
|
|
#
?
Aug 3, 2017 03:21
|
|
|
There's a reason that the BDFL model is such a common one. It often takes a an enormous Torvalds- or Poettering-style ego to sustain that kind of project. He's right about a lot but he can't admit when he's actually wrong. Another hilarious one is his opinion that rm -rf / deleting your efivars and bricking your BIOS was a totally acceptable thing, because it's absolutely inconceivable that we write protect efivars, or add a safety flag. You see, you can also write trash to /dev/sda, therefore your argument is invalid. Another example of that blind confidence is GVR not removing the GIL when everybody already had to go through and convert their code for Python 3 anyway. But yeah, I'm sure it's a mess to refactor, that's almost why you'd want a type-checking system or something. 
|
|
#
?
Aug 3, 2017 03:40
|
|
|
Volguus posted:Well, the users are feeling like it's being "shoved down their throats" by their distributions. Since systemd has grown so large and is covering so many (useful indeed) tasks, programs do get dependent on it (Gnome & co for example). And then you find yourself in a position to not be able to easily move to a non-systemd system. It even prompted OpenBSD (at least on their mailing list, no idea if they did it for real) to make an systemd shim API, just to make stupid programs compile and run without too much hassle. If you don't want systemd 'shoved down your throat' by your distro, use another one. There are plenty of non-systemd distros. Just like there were plenty of distros which avoided X.org. Your call. The gnome dependency on logind and friends is annoying, but that's not systemd per-se. Shimming out the services which gnome expects (logind, hostnamd, etc) is trivial. The real fight in BSD is against dbus, and especially kdbus (if it ever merges). Volguus posted:That's not, of course, Lennart's fault, is actually his victory. But a lot of people are not happy. Including IT guys that claim they have lost precious logs because journald hosed up. Sure, you can send them to syslog too, but is not a "by default" setting. Volguus posted:Overall, systemd filled a need. It is a bit too successful at "filling needs" for one project to handle though. And the developers working on it are sometimes behaving like children (which is off-putting too). Since we're doomed to have this conversation every couple of months from salty users, I'll just reiterate all the things I said earlier. You think systemd is too successful or wide in scope. That's fine. Most distros don't carry the ancillary systemd utilities. However, almost all of the people whining about systemd never really understood sysvinit anyway, never tried to write software which tried to cull the information available from the other tooling (logind, hostnamed, timedated, etc) from elsewhere, which was a lot more difficult than it needed to be, or don't understand systemd and its goals now. systemd is the essence of an open-source project, really. And it's better to think of it like "Apache Foo", since many of the pieces are not interdependent. It's just an umbrella. So two comments:
Paul MaudDib posted:There's a reason that the BDFL model is such a common one. It often takes a an enormous Torvalds- or Poettering-style ego to sustain that kind of project. He's right about a lot but he can't admit when he's actually wrong. Another hilarious one is his opinion that rm -rf / deleting your efivars and bricking your BIOS was a totally acceptable thing, because it's absolutely inconceivable that we write protect efivars, or add a safety flag. You see, you can also write trash to /dev/sda, therefore your argument is invalid. Poettering has actually mostly moved onto other work. And, as someone who has actually interacted with him (in person, even), he's 100% capable of admitting when he's wrong. But you're not going to change his arguments, so you better have convincing ones of your own instead of rebutting his. Ubuntu also bricked EFI systems. `rm -rf` deleting efivars is not necessarily systemd's fault. I'd point this at the kernel guys for not requiring some other syscall which is needed to actually write to these, since a lot of other utitilies actually write to efivars, and those would be equally likely to do this. The difference here is that Lennart is saying "things write to efivars, so it's normal to have it writable. Instead of mounting it read-only and requiring intervention from users to actually write, we'll assume that users know what they're doing", which is probably wrong from a user perspective, but I do agree with it from a development perspective. systemd cannot solve this problem for grub or anything else which needs to write. systemd cannot stop vendors from making terrible implementations. This is not a systemd problem, though. This is a problem with the entire way Linux treats EFI, and should probably be fixed kernel-side.
|
|
#
?
Aug 3, 2017 13:56
|
|
|
I'm just mad about systemd's documentation. freedesktop.org has an exhaustive reference and that's good, but every situation where you want to figure out how to do something you end up reading someone's blog post where they give you a recipe for one specific configuration and that's all you're getting on the topic because no one cares about building context of what's going on. It's great once you know the answer, it's just a shame getting to expert status requires flailing around in quicksand for hours.
|
|
#
?
Aug 3, 2017 14:13
|
|
|
I don't disagree with that, though it's kind of a problem with almost every open source project. Trying to cobble together a configuration for postgresql, nginx, apache, or anything else is an exercise frustration. It's generalized, not specific to systemd.
|
|
#
?
Aug 3, 2017 15:45
|
|
|
evol262 posted:You'll note that Solaris and MacOS (the other two 'big' UNIXes standing outside of AIX) Minor nitpick, HP-UX is still around, just, and yeah, AIX and HP-UX are still (different flavours of) SysV init.
|
|
#
?
Aug 3, 2017 15:59
|
|
|
feedmegin posted:Minor nitpick, HP-UX is still around, just, and yeah, AIX and HP-UX are still (different flavours of) SysV init. It is, but who uses it? Pretty much why I didn't include it.
|
|
#
?
Aug 3, 2017 16:27
|
|
|
I did IT for a software startup a long loving time ago, and they had a single HP-UX system for a single client that needed the company's software to run on HP-UX. It was by far the most painful unix based system I ever managed, so much stuff was sort of like solaris or linux, but just different enough that you had to retrain your brain for simple tasks. IRIX and Solaris were trivial by comparison (though back then, Solaris was also pretty much poo poo before you added all the gnu packages).
|
|
#
?
Aug 3, 2017 16:31
|
|
|
evol262 posted:It is, but who uses it? Pretty much why I didn't include it. Enough people that the company I used to work for still actively makes a product for it (though it is pretty low volume). Not many people use it but the people who do are willing to pay big.
|
|
#
?
Aug 3, 2017 16:33
|
|
|
feedmegin posted:Enough people that the company I used to work for still actively makes a product for it (though it is pretty low volume). Not many people use it but the people who do are willing to pay big. Sure. We've used it at companies I worked at before (mostly financials). I wouldn't exactly say that HP is putting effort into it or doing anything other than keeping it on life support for the institutional customers, though. I suppose I've felt that way ever since they killed Tru64
|
|
#
?
Aug 3, 2017 17:34
|
|
|
Ugh. My Tumbleweed install stopped activating LUKS partitions on boot. Time to try and recover initramfs somehow. Rolling releases for you I guess.
|
|
#
?
Aug 4, 2017 08:54
|
|
|
Horse Clocks posted:Ugh. My Tumbleweed install stopped activating LUKS partitions on boot. Time to try and recover initramfs somehow. Does lsinitrd show the right modules?
|
|
#
?
Aug 4, 2017 09:39
|
|
|
If you get dumped into a root shell just try luksOpen <device> <somename> and then exit the shell to reboot into the OS. This worked for me a couple of years ago on Debian.
|
|
#
?
Aug 4, 2017 10:06
|
|
|
Why did nobody tell me about Bash's ctrl-r?
|
|
#
?
Aug 4, 2017 12:09
|
|
|
Pablo Bluth posted:Why did nobody tell me about Bash's ctrl-r? I've been accidentally hitting it for years and never bothered to figure out what it does. Neat.
|
|
#
?
Aug 4, 2017 13:35
|
|
|
xzzy posted:I did IT for a software startup a long loving time ago, and they had a single HP-UX system for a single client that needed the company's software to run on HP-UX. We had a HP-UX server at my old job (Itanium!), it was weird. Like a mix of 1996 Linux and Solaris. But I knew it better than the other goobers there (they chmod 777'd a couple directories....  )
|
|
#
?
Aug 4, 2017 14:10
|
|
|
I feel like 777'ing directories to make poo poo work is going to be common no matter the nix flavor you're using.
|
|
#
?
Aug 4, 2017 14:36
|
|
|
setenforcing 0
|
|
#
?
Aug 4, 2017 14:41
|
|
|
Pablo Bluth posted:setenforcing 0 Only if you run for a while, then use 'audit2allow' to grab all the denials, fix them, and re-enable. selinux stops a lot of container breakouts and other vulnerabilities.
|
|
#
?
Aug 4, 2017 14:44
|
|
|
I know. I was joking that turning off SELinux rather than properly fixing the problem is the modern equivalent to 777 permissions.
|
|
#
?
Aug 4, 2017 15:31
|
|
|
Pablo Bluth posted:I know. I was joking that turning off SELinux rather than properly fixing the problem is the modern equivalent to 777 permissions. I though you might be, just suggesting that 'setenforce 0' then fixing the denials it shows after the fact is a reasonably good way to make things 'work' with selinux enabled instead of just disablng it...
|
|
#
?
Aug 4, 2017 17:01
|
|
|
Stupid question. I'm trying to log into my AWS ubuntu server with ssh on my Mac's terminal. I have my ppk file which works just fine on Windows with putty. I converted with puttygen for a pem file and generated a public key with puttygen but whenever I try to SSH I get a public key denied error. I have openssh installed. No idea what's going on here. Any ideas?
|
|
#
?
Aug 4, 2017 18:28
|
|
|
SnatchRabbit posted:Stupid question. I'm trying to log into my AWS ubuntu server with ssh on my Mac's terminal. I have my ppk file which works just fine on Windows with putty. I converted with puttygen for a pem file and generated a public key with puttygen but whenever I try to SSH I get a public key denied error. I have openssh installed. No idea what's going on here. Any ideas? What are the permissions on it, and on ~/.ssh ?
|
|
#
?
Aug 4, 2017 19:19
|
|
|
evol262 posted:What are the permissions on it, and on ~/.ssh ? I believe I chmoded to 600 on the pem files. don't remember if I did /,ssh. SSH complained abotu permissions at first but after I made the change it gave me the public key error
|
|
#
?
Aug 4, 2017 19:35
|
|
|
SnatchRabbit posted:I believe I chmoded to 600 on the pem files. don't remember if I did /,ssh. SSH complained abotu permissions at first but after I made the change it gave me the public key error The privkey should be 0600 (pubkey 0644, if it even matters) ~/.ssh should be 0700, and owned by you. If you can log in from Windows, ensure that the pubkey is in ~/.ssh/authorized_keys on the host (and that permissions are correct). Generate a privkey from the ppk (puttytools can do this) and put it on your workstation. You want to use the privkey to connect, and the AWS host should have the pubkey in the config (the AWS console can do all of this, and the AWS documentation is probably useful to you just for verification)
|
|
#
?
Aug 4, 2017 19:51
|
|
|
SnatchRabbit posted:I believe I chmoded to 600 on the pem files. don't remember if I did /,ssh. SSH complained abotu permissions at first but after I made the change it gave me the public key error I'd try loading it explicitly with ssh -vvv -i ~.ssh/key.pem aws.server.com and check to see what the verbose logging tells you
|
|
#
?
Aug 4, 2017 19:53
|
|
|
SnatchRabbit posted:I believe I chmoded to 600 on the pem files. don't remember if I did /,ssh. SSH complained abotu permissions at first but after I made the change it gave me the public key error
|
|
#
?
Aug 4, 2017 19:54
|
|
|
|
| # ? Jun 11, 2024 03:14 |
|
|
At the risk of starting a holy war.... What WM do people like these days? I haven't used linux desktop in like 6 years. I liked enlightenment back then, but the most current version is crashing a fair amount on me so I'm looking for elsething. I like transparency and stupid WM tricks (shading, etc.). I like a minimal amount of actual chrome on the windows. I've been using X forever so I like cursor follow and don't really desire a window-like experience. I've looked at awesome, but I figured I would poll and see.
|
|
#
?
Aug 4, 2017 23:24
|
|
