|
Mr Shiny Pants posted:Why would you turn it off?
|
#
?
Aug 14, 2018 23:14
|
|
|
|
| # ? Apr 25, 2024 06:49 |
|
|
Windows ships with mitigations disabled. RHEL shipped with it on, then turned it off a few months later because most of our customers didn't care anyway (internal/firewalled servers) and the performance hit mattered. The mitigations are opt-in on basically every OS, not opt-out I'd guess it's pretty much azure, gce, rackspace, AWS, digital ocean, and similar who actually have it turned on.
|
|
#
?
Aug 14, 2018 23:59
|
|
|
I've got a folder of files on my Ubuntu server owned by root that I'd like to edit from a windows PC. Whats a good best practices sort of workflow for setting that up? I don't really like the idea of enabling the root user, but I also don't know of a way to do a sudo sort of access to the files.
|
|
#
?
Aug 15, 2018 20:37
|
|
|
Thermopyle posted:I've got a folder of files on my Ubuntu server owned by root that I'd like to edit from a windows PC. WSL + ssh + sudo + vim? Or notepad++ with ftps enabled both of these with your ssh keys installed for security
|
|
#
?
Aug 15, 2018 20:42
|
|
|
SSHFS?
|
|
#
?
Aug 15, 2018 22:29
|
|
|
Have you tried not doing that? But honestly, sshfs is a good solution. Eclipse, Sublime, VScode, and others support remote editing this way. Or the NFS client on Windows. Or configure Samba to treat Administrator as uid0
|
|
#
?
Aug 15, 2018 23:41
|
|
|
For security, you might be able to chgrp them to some group that can edit the files, and then add a user that's also a member of that group.
|
|
#
?
Aug 15, 2018 23:46
|
|
|
“It hurts when I do that” “So don’t fuckin do that”  In a work environment I’d say edit the file locally and then push it to your other box with config management or at least a git repo. But for home use any number of the above solutions seem cool and good.
|
|
#
?
Aug 16, 2018 04:10
|
|
|
Emacs can do it with tramp in windows or windows linux or on the ubuntu server, although I'm not sure what your sudo problem entails or if you just mean you aren't sure how to set this all up without touching the command line
|
|
#
?
Aug 16, 2018 08:36
|
|
|
Turns out that I had already enabled root login for other purposes in the past so I just said gently caress it and set up a samba share for that specific folder with root user access.
|
|
#
?
Aug 16, 2018 19:52
|
|
|
Thermopyle posted:Turns out that I had already enabled root login for other purposes in the past so I just said gently caress it and set up a samba share for that specific folder with root user access. That's the spirit.
|
|
#
?
Aug 16, 2018 19:53
|
|
|
Volguus posted:That's the spirit. If that was supposed to be sarcasm, I LoL'ed.
|
|
#
?
Aug 16, 2018 22:49
|
|
|
Sarcastic but realistic. Eventually everyone gets to the point of "gently caress it, run as root" because they get tired of trying to figure out how to do it right.
|
|
#
?
Aug 16, 2018 22:56
|
|
|
Yeah, but hasn't samba been subject to lots of vulnerabilities over the years? That's partly what made me LoL, but I guess you could answer that question with "what *hasn't* had vulnerabilies?". I guess the futility of it all is part of the fun, too. I'm thinking about this far too hard. Must be tired. 
|
|
#
?
Aug 16, 2018 23:04
|
|
|
apropos man posted:If that was supposed to be sarcasm, I LoL'ed. Jesus, of course it was sarcastic (i got a lot of that going on at the moment), but really, when you think about it, like xzzy said, I just wanna do X, so gently caress all of ya paranoid security shmucks, and I'll "just do it". For a home user the security threat is very low already. So, nothing really matters and the extra effort required to be security "conscious" is a waste of time.
|
|
#
?
Aug 17, 2018 00:30
|
|
|
What's the most "linux" way to do password management? I've been using KeePass for years, but I've been playing with i3 recently and like the idea of moving workflows away from the mouse. The most "linux" thing I could find on YouTube was using ccrypt to encode a text file list of accounts and passwords, then ccat | grep to search and display relevant info... but there has to be something better than that, right?
|
|
#
?
Aug 21, 2018 10:57
|
|
|
There is a tool called “pass” that wraps a workflow involving git and gpg. It’s well suited to CLI and scripted usage. https://www.passwordstore.org/ Docjowles fucked around with this message at 12:35 on Aug 21, 2018 |
|
#
?
Aug 21, 2018 12:32
|
|
|
KeePassXC has a CLI but it's a bit of a hassle to use since you have to authenticate for every invocation, at least AFAIK. In my typical use that means once for searching and a second time for viewing the entry.
|
|
#
?
Aug 21, 2018 13:46
|
|
|
AgentCow007 posted:What's the most "linux" way to do password management? I've been using KeePass for years, but I've been playing with i3 recently and like the idea of moving workflows away from the mouse. The most "linux" thing I could find on YouTube was using ccrypt to encode a text file list of accounts and passwords, then ccat | grep to search and display relevant info... but there has to be something better than that, right? If you want a keyboard interface to keepass, kpcli gives you an interactive keepass shell. Authentication is once per invokation, not once per command, so you don't have the same issues that KeepassXC has. If you want something completely different, pass.
|
|
#
?
Aug 21, 2018 14:35
|
|
|
AgentCow007 posted:What's the most "linux" way to do password management? I've been using KeePass for years, but I've been playing with i3 recently and like the idea of moving workflows away from the mouse. The most "linux" thing I could find on YouTube was using ccrypt to encode a text file list of accounts and passwords, then ccat | grep to search and display relevant info... but there has to be something better than that, right? There is nothing wrong with the mouse. Yes, the keyboard is more efficient and that's important where a small gain can be substantial over a long enough period of time, but for a password manager? How often do you login into poo poo per hour?
|
|
#
?
Aug 21, 2018 14:38
|
|
|
Volguus posted:There is nothing wrong with the mouse. Yes, the keyboard is more efficient and that's important where a small gain can be substantial over a long enough period of time, but for a password manager? How often do you login into poo poo per hour? All the loving time. kpcli looks neat
|
|
#
?
Aug 21, 2018 19:17
|
|
|
Keito posted:All the loving time. kpcli looks neat Websites or ssh? Because if ssh you really should look into public/private key auth. If websites ... Good luck.
|
|
#
?
Aug 22, 2018 01:23
|
|
|
Volguus posted:Websites or ssh? Because if ssh you really should look into public/private key auth. If websites ... Good luck. I personally was thinking about SSH and console related stuff like sudo, because I am literally that lazy. But you'd have to be some kind of masochist to switch back and forth from a graphical web browser to a console-based password manager. I really should set up key auth on my VPSes though.
|
|
#
?
Aug 22, 2018 01:52
|
|
|
I have a yubikey that holds my (now expired and I have no idea how to renew it. Benefit of blindly reading guides on the web) GPG key. Passwords are stored with pass in a git repo, and gpg-agent holds my ssh key. I can install the smart card packages on any Linux machine and have SSH access to my machines and my passwords within minutes. It’s kinda neat. I can’t get my passwords on windows as easy, iOS, or android. There’s supposedly apps for all that, but the gpg-ssh stuff is mostly unsupported. Would I recommend? Eeeehhhh. On the fence.
|
|
#
?
Aug 22, 2018 08:16
|
|
|
keepass has a ssh agent plugin, all my ssh keys are in keepass and as long as keepass is unlocked i log in everywhere freely it owns
|
|
#
?
Aug 22, 2018 10:50
|
|
|
I have a qnap nas, can someone tell me which command checks to see if there are any smart failures or anything? I think one of the drives are dying but the QNAP OS isn't picking up. When I run cat/proc/mdtstat, below is what is returned. I can't tell which drive is rebuilding? I assume one is and the one is is actually the one that is failing because its taking a ridiculous amount of time. code:
|
|
#
?
Aug 24, 2018 09:49
|
|
|
smartctl mdadm -D /dev/md1 to see details on the rebuild; see here. Sheep fucked around with this message at 10:23 on Aug 24, 2018 |
|
#
?
Aug 24, 2018 09:53
|
|
|
Hmm looks like smartctl isn't installed by default. is the result for th erecovery. I take it the 4th drive is failing which is sdd ? or at least rebuilding anwyays.code:
|
|
#
?
Aug 24, 2018 09:59
|
|
|
sdd3 is the device being rebuilt. As to why that's happening I'm not sure, I've never had any devices fail on an mdadm raid so haven't gone through that process yet. You won't get any email alerts without the --monitor flag set to email you. Check your system log to see what happened. FWIW 40something days for an 8TB rebuild is really bad and I'd try to figure out why your speeds are so slow, 1862K/sec is like a fiftieth of what you should be getting with what I'm assuming are 8TB WD Reds. Sheep fucked around with this message at 10:22 on Aug 24, 2018 |
|
#
?
Aug 24, 2018 10:06
|
|
|
I've been working on duplicating an old piece of gear. In case the process went wrong I backed up the original contents of the donor drive so I could start over. The command I used was dd if=/dev/sdb of=~/backup.img I then did some other things that went wrong, so I restored the disk from backup, switiching of and if in the above command. The restored disk wouldn't boot. Can someone tell me where I went wrong? I ultimately did get it working, so this is just me trying to find what I'm not understanding, shouldn't using dd this way return the disk exactly to how it was before?
|
|
#
?
Aug 24, 2018 16:48
|
|
|
Sheep posted:sdd3 is the device being rebuilt. As to why that's happening I'm not sure, I've never had any devices fail on an mdadm raid so haven't gone through that process yet. Thanks I'm just assuming the rebuilt drive is actually failing or about to fail and SMART didn't pick it up. I am processing a RMA for that drive. In regards to replacing it, does anyone know if I should be copying the partition table from another drive prior to re-inserting it? I was following this guide: https://www.thegeekdiary.com/replacing-a-failed-mirror-disk-in-a-software-raid-array-mdadm/ I know that's for RAID 1 but I seen a couple search results saying its the same for RAID 5 but they don't really list the reason why. I would of thought just by re-adding it all that stuff is done automatically?
|
|
#
?
Aug 24, 2018 17:53
|
|
|
What's the default DVD to avi/mkv ripper for Linux? Preferably command-line? I've got an old BBC comedy DVD box set from eBay and I'd like to plug in my portable USB DVD player (because who uses a SATA DVD ROM these days) into my i7 in an another room, rip it and monitor the progress over SSH. Quality isn't going to be amazing because it's an old BBC2 show with a low filming budget (https://en.wikipedia.org/wiki/Fist_of_Fun), so I'm not too bothered about tweaking bitrates and achieving maximum quality. I'd just like to end up with a reasonably good quality set of files for each episode that I can archive into my Plex library. EDIT: dvdbackup from the Arch wiki seems to be doing a grand job of grabbing the VOB files. When I've got all the VOB's I need I'll have a go at encoding them into something more suitable. https://wiki.archlinux.org/index.php/dvdbackup apropos man fucked around with this message at 18:47 on Aug 25, 2018 |
|
#
?
Aug 25, 2018 17:12
|
|
|
apropos man posted:What's the default DVD to avi/mkv ripper for Linux? Preferably command-line? Handbrake is cool.
|
|
#
?
Aug 25, 2018 19:43
|
|
|
Yeah. Now that I've just about finished grabbing all the VOB's I might just run the Handbrake GUI in batch mode.
|
|
#
?
Aug 25, 2018 19:48
|
|
|
lol internet. posted:Thanks I'm just assuming the rebuilt drive is actually failing or about to fail and SMART didn't pick it up. I am processing a RMA for that drive. I think you said the RAID array is in a QNAP NAS box. Even if the QNAP user interface does not yet show the disk as failed, it will definitely go into  mode if you just yank a disk out without any advance notice. And if you insert a new unpartitioned disk, the system should generally more or less automatically partition it as required. If you partition it manually before inserting it, the user interface may just overwrite your work... or it may think everything necessary has been done, and later get wedged since something behind-the-scenes but essential like a QNAP bootloader did not get copied to that disk after all.https://www.qnap.com/en/how-to/tutorial/article/online-raid-capacity-upgrade Turns out that in the Storage Pool Management window, there should be a Manage -> Replace Disks One by One function. I think you should use it if the user interface has not yet detected the disk as faulty. And here are QNAP's instructions for replacing disks in the event the UI does identify them as failed: https://helpdesk.qnap.com/index.php?/Knowledgebase/Article/View/89/0/a-hard-disk-drive-error-is-shown-on-the-nas-what-should-i-do Disclaimer: I don't own a QNAP device, but I've remote-administered one at work. (Very remote: had I needed to go to the device physically, I'd have needed a passport, a visa and a plane ticket. So the motivation to be careful was definitely there.)
|
|
#
?
Aug 25, 2018 20:50
|
|
|
Got an odroid c1+, installed the Ubuntu MATE image and trying to get my docker image to run. I getcode:I hate this thing literally nothing runs right the first time.
|
|
#
?
Aug 26, 2018 22:15
|
|
|
/sys isn't normally a filesystem you can write that way. It's a representation of kernel structs. Does the kernel have the auditd subsystem enabled? Is AppArmor loaded?
|
|
#
?
Aug 27, 2018 00:12
|
|
|
Well...it didn't have auditd installed, so I installed it using apt-get. AppArmor is installed, but when I run sudo apparmor_status, I get:code:
|
|
#
?
Aug 27, 2018 03:09
|
|
|
I meant the kernel auditing subsystem, which selinux and AppArmor are parts of. My guess is that the odroid kernel was built without it, and you'll have to build your own kernel to get it
|
|
#
?
Aug 27, 2018 03:27
|
|
|
|
| # ? Apr 25, 2024 06:49 |
|
|
Well I switched to the ubuntu image after trying a minimal debian jesse image. The transmission-openvpn container would run under that, but it would throw "error: file too large" on the newest torrents before ceasing to respond altogether. It's great that Raspbian runs this stuff without a hitch, save for the fact the network interface stops responding once a week and I have to pull the power, also that it's limited to USB 2.0 bus speeds. Linux: There is always more and it is always worse
|
|
#
?
Aug 27, 2018 03:32
|
|