|
The article I linked indicates that that error is a particularly dumb compatibility error
|
# ? Mar 15, 2021 02:31 |
|
|
# ? Jun 12, 2024 04:10 |
RFC2324 posted:I wish nbsd were here to rant about why Ubuntu is the devil
|
|
# ? Mar 15, 2021 11:44 |
|
RFC2324 posted:Might try OpenSUSE. There is an official Nvidia repo over here that makes it slightly less painful to deal with(its still not painless)
|
# ? Mar 15, 2021 16:21 |
|
standard.deviant posted:I’m trying this now. I set up an encrypted file system at install time, post-install boot gives me a grub command line. Someone else will need to help with the encryption, I've never actually worked with an encrypted boot volume. Always seemed easier/smarter to only encrypt the data I care about.
|
# ? Mar 15, 2021 16:26 |
|
RFC2324 posted:Someone else will need to help with the encryption, I've never actually worked with an encrypted boot volume. Always seemed easier/smarter to only encrypt the data I care about.
|
# ? Mar 15, 2021 16:35 |
|
standard.deviant posted:Other distros make booting to an encrypted FS pretty transparent, so I don’t know that it is the source of this issue for sure. I thought it might be relevant though, I’m asking for help on the SUSE distro as well. Yeah, thats part of whats weird to me about it. OpenSUSE should make it transparent too, and I lack the experience to troubleshoot without my googles in front of me(I'm chasing drugs today)
|
# ? Mar 15, 2021 16:37 |
|
RFC2324 posted:Yeah, thats part of whats weird to me about it. OpenSUSE should make it transparent too, and I lack the experience to troubleshoot without my googles in front of me(I'm chasing drugs today)
|
# ? Mar 15, 2021 18:53 |
RFC2324 posted:Someone else will need to help with the encryption, I've never actually worked with an encrypted boot volume. Always seemed easier/smarter to only encrypt the data I care about. The disadvantage is that you can't use S3 STR, since saving the contents of the RAM means that any DMA attack (firewire, modern USB, or opening the device physically) leaks the encryption key.
|
|
# ? Mar 15, 2021 20:21 |
|
standard.deviant posted:I tried to reinstall without the encryption and got the same problem. I think I’m going to delete the whole partition and try again. you might need to clean up your EFI partition with all this distro hopping
|
# ? Mar 16, 2021 02:41 |
|
I will say that I've looked at disc encryption, and concluded that the slightly increased risk of losing data (e.g. by how it makes normal recovery tools pointless) outweighs the risk of someone stealing my desktop and using the data for something nefarious. The laptop is borderline - it's enabled, but I'm not sure that's actually the risk-minimizing strategy given that it only really goes in a backpack between home and work. OTOH I have nothing too important on it anyway; the few documents created on it quickly end up in a cloud service or two. Work machines that touch actually sensitive data get full disk encryption, though.
|
# ? Mar 16, 2021 03:55 |
|
RFC2324 posted:you might need to clean up your EFI partition with all this distro hopping
|
# ? Mar 16, 2021 10:57 |
Why not just mount the EFI partition and remove the files and folders you don't want, then make sure efibootmgr reflects what you do want?
|
|
# ? Mar 16, 2021 13:02 |
|
Because its easier to nuke and rebuild a simple one, at a guess. Better to clean up your way, but it doesn't really make a difference when you only want one entry
|
# ? Mar 16, 2021 15:30 |
|
XDP is predicated on writing ebpf programs right into the NIC of a supported network card. Bypassing the real CPU entirely for packet forwarding applications and early decision making. How does that work for Virtual Machines which have presumably virtual network interfaces that aren't 'real hardware'. Something something paravirtual drivers?
|
# ? Mar 17, 2021 06:33 |
|
Methanar posted:XDP is predicated on writing ebpf programs right into the NIC of a supported network card. Bypassing the real CPU entirely for packet forwarding applications and early decision making.
|
# ? Mar 17, 2021 06:39 |
|
The people who use that are either on bare metal or use SR-IOV.
|
# ? Mar 17, 2021 10:14 |
|
How many of you have thinkpads?
|
# ? Mar 17, 2021 10:35 |
|
I would blow Dane Cook posted:How many of you have thinkpads? Probably quite a few of us. I have a T440s and Linux support for it has been excellent since I purchased it new several years ago.
|
# ? Mar 17, 2021 12:31 |
|
I would blow Dane Cook posted:How many of you don't have thinkpads?
|
# ? Mar 17, 2021 12:39 |
Methanar posted:XDP is predicated on writing ebpf programs right into the NIC of a supported network card. Bypassing the real CPU entirely for packet forwarding applications and early decision making. Nothing is actually run on the NIC. Antigravitas posted:The people who use that are either on bare metal or use SR-IOV. I would blow Dane Cook posted:How many of you have thinkpads? By buying T420 laptops, mostly sold as "broken but can probably be fixed", I've now got a handful of working replacements, in case my current one gives up the ghost. Next step will probably be to see if I can source a few i7-2670QMs cheaply, so that I can upgrade all of them, as the *20 series is the last model with a socketed CPU.
|
|
# ? Mar 17, 2021 13:46 |
|
I would blow Dane Cook posted:How many of you have thinkpads? T14 (Amd version), X1C gen6 and gen1, a T410 and T61 both in some state of disrepair, and I may even have an R50 in a closet somewhere. I'm just waiting for the bleeding edge of FreeBSD to properly support the Vega 8 and the WiFi card in my T14, so I can tripleboot it. At least Fedora runs fine on it.
|
# ? Mar 17, 2021 18:21 |
|
I've owned a few including the older W and newer gen T models, but I've daily driven a X230 with an OG keyboard and will probably continue to do so for the forseable future.
|
# ? Mar 17, 2021 20:26 |
|
BlankSystemDaemon posted:BPF is a virtual machine that builds just-in-time machine code at runtime; it's used, among other places, for FreeBSDs ipfw(8) and for packet capture in tcpdump (and everything that uses the pcap(3) library). https://duo.com/labs/tech-notes/writing-an-xdp-network-filter-with-ebpf https://developers.redhat.com/blog/2018/12/06/achieving-high-performance-low-latency-networking-with-xdp-part-1/ XDP hooks exist in several different places. Some network cards themselves actually support the ebpf VM and you can directly attach an epbf program to execute on that asic hardware. Saving the time of ever being copied over to the main CPU at all. https://docs.cilium.io/en/v1.8/bpf/#bpf-guide quote:One of the basic XDP BPF features is to tell the driver to drop a packet with XDP_DROP at this early stage which allows for any kind of efficient network policy enforcement with having an extremely low per-packet cost. This is ideal in situations when needing to cope with any sort of DDoS attacks, but also more general allows to implement any sort of firewalling policies with close to no overhead in BPF e.g. in either case as stand alone appliance (e.g. scrubbing ‘clean’ traffic through XDP_TX) or widely deployed on nodes protecting end hosts themselves (via XDP_PASS or cpumap XDP_REDIRECT for good traffic). Offloaded XDP takes this even one step further by moving the already small per-packet cost entirely into the NIC with processing at line-rate. In particular, cilium's SDN for kubernetes is capable of replacing kube-proxy's implementation of nodePorts and service IPs. Rather than processing in-kernel through iptables or ipvs, cilium has an implementation that's currently in alpha(beta?) for forwarding (or dropping non-permitted) traffic around between nodes right at the XDP layer, whether that's in-kernel XDP or at the NIC injection level if possible. It's mostly crazy poo poo. Methanar fucked around with this message at 20:54 on Mar 17, 2021 |
# ? Mar 17, 2021 20:37 |
Methanar posted:https://duo.com/labs/tech-notes/writing-an-xdp-network-filter-with-ebpf Doesn't mean it's a good idea.
|
|
# ? Mar 17, 2021 21:18 |
|
I would blow Dane Cook posted:How many of you have thinkpads? I've owned a few but the last one I tried had bad bios sleep issues under linux. To be fair it wasn't one they marketed as compatible (X1Y3). I've got a maxed out refurb XPS 13 from a couple years ago that's treated me well. Not that I use it much these days when I dont leave the house ever
|
# ? Mar 17, 2021 22:50 |
A combination of ThinkPads getting worse and Dell and HP business line laptops getting better has meant that they're all functionally interchangeable unless you're as much of a nerd as I am.
|
|
# ? Mar 17, 2021 23:26 |
|
I have web apps on a remote Linux server that bind solely to localhost on various ports. Currently, I use FoxyProxy to match against http://localhost:port and forward those through a SOCKS5 proxy (ssh -fND 127.0.0.1:1080 user@remote-server). I'd rather have everything accessible via https://butt.farts.com/webapp1, webapp2, etc, where some fancy proxies know the "webapp -> tunnel -> port" mapping. Here butt.farts.com is independent of the FQDN of the remote server. How can I achieve this without root on the remote server?
|
# ? Mar 18, 2021 23:59 |
|
That's something nginx is really good at. https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/ It'll take some extra steps though, you'll have to do a lot of massaging the config because nginx likes to touch a lot of privileged areas: https://www.exratione.com/2014/03/running-nginx-as-a-non-root-user/ You'll also be limited to binding it to ports over 1024 as non-root. Will have issues starting it automatically on boot unless systemd has user services enabled.
|
# ? Mar 19, 2021 00:27 |
|
xzzy posted:That's something nginx is really good at. Yeah, I've looked into nginx and while I can I reverse proxy on the remote server (http://remote-server-fdqn:11111/webapp1) it doesn't satisfy everything I'm looking for. Naively, I was imagining running nginx or some type of proxy locally. The intention is to use my own domain name and not hit the remote server's FQDN via HTTP/S at all. This allows me to abstract away the bound ports on the remote server via normal-looking URLs on my end. http://my.domain.com/webapp1 -> proxy/tunnel -> http://localhost:10001 (remote server) http://my.domain.com/webapp2 -> proxy/tunnel -> http://localhost:10002 (remote server) and so on Is that possible with nginx + an ssh tunnel, for example?
|
# ? Mar 19, 2021 00:45 |
|
xzzy posted:That's something nginx is really good at. Also a good fit for relayd from OpenBSD if I understood the use case correctly.
|
# ? Mar 19, 2021 00:53 |
|
I had endless trouble getting nginx to work with https://butt.farts.com/webapp1, but everything just worked when I switched to using https://webapps1.farts.com/.
|
# ? Mar 19, 2021 00:55 |
|
Sir Bobert Fishbone posted:I had endless trouble getting nginx to work with https://butt.farts.com/webapp1, but everything just worked when I switched to using https://webapps1.farts.com/. Sure, I'll keep this in mind. Were your remote-server webapps accessible to the outside world (bound to * or 0.0.0.0)? Mine aren't but I guess I might have to concede that set up.
|
# ? Mar 19, 2021 01:03 |
|
Turd Eater posted:Sure, I'll keep this in mind. Were your remote-server webapps accessible to the outside world (bound to * or 0.0.0.0)? Mine aren't but I guess I might have to concede that set up. They were, just because that was the easiest way to go, and then I handled all the access limiting through my firewall. Not sure if that's required or not, though.
|
# ? Mar 19, 2021 01:07 |
|
Turd Eater posted:Is that possible with nginx + an ssh tunnel, for example? Almost certainly, you can pass as many ports to -L as you want so all the nginx config should fall easily into place. It'll be a bit of a rickety setup though, the free version of nginx will not start unless it can connect to all backends in its config so you'll need to make sure the ssh tunnel is up first. Once it's up the ssh tunnel can stop and start at will. I'd never consider it as my first option, it's pretty crappy system administration and I'd never use it for any business purpose, but as a side project that might actually be useful it's not the worst idea in history.
|
# ? Mar 19, 2021 01:21 |
|
Turd Eater posted:http://my.domain.com/webapp1 -> proxy/tunnel -> http://localhost:10001 (remote server) I've done this a couple of times using nginx + wireguard to proxy access on one network through to an application that is running on another network segment that isn't normally available. Works great and is one of the few things I literally never have to worry about. Works well in containers, too. Sheep fucked around with this message at 03:27 on Mar 19, 2021 |
# ? Mar 19, 2021 03:20 |
|
nvm didn't read properly.
|
# ? Mar 19, 2021 03:23 |
|
Sheep posted:I've done this a couple of times using nginx + wireguard to proxy access on one network through to an application that is running on another network segment that isn't normally available. Works great and is one of the few things I literally never have to worry about. Works well in containers, too. Was gonna say it sounds like you're just trying to hide poo poo from the world but still access it in a "secure" fashion, in that case just setup any VPN and off you go.
|
# ? Mar 19, 2021 04:34 |
xzzy posted:You'll also be limited to binding it to ports over 1024 as non-root. Will have issues starting it automatically on boot unless systemd has user services enabled. rufius posted:Also a good fit for relayd from OpenBSD if I understood the use case correctly.
|
|
# ? Mar 19, 2021 15:11 |
|
Linux has a couple ways to grant non-root processes the ability to bind to privileged ports but they're gross hacks that should offend any reasonable system administrator. (the CAP_NET_BIND_SERVICE capability is probably the best way to do it if one must)
|
# ? Mar 19, 2021 15:36 |
|
|
# ? Jun 12, 2024 04:10 |
|
Cheese Thief posted:I'm thinking about installing BSD on a tertiary laptop. I've installed all the usual linuxi before. All I want is a console only no gui system that I can use console applications, for maximum productivity and fewer distraction. I know pretty much nothing about BSD. Which recommended distribution? Curious if you have any updates on this; I've thought about doing something similar for writing my dissertation. Going through the process of setting up a new OS to write is probably the pinnacle of yak shaving, but it could pay off in the long run...
|
# ? Mar 19, 2021 16:49 |