|
other people posted:CONFIG_ENCRYPTED_KEYS is baked into the kernel in both RHEL7 and RHEL8 so I hope that wasn't an official guide you were reading The downside of our primary work skill being Google is sometimes we find the wrong info to work from.
|
# ? Aug 19, 2020 14:47 |
|
|
# ? Apr 19, 2024 23:37 |
|
other people posted:CONFIG_ENCRYPTED_KEYS is baked into the kernel in both RHEL7 and RHEL8 so I hope that wasn't an official guide you were reading Welp: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-encryption Edit: I have a question regarding cryptsetup: Currently if one has an encrypted partition, it can be automatically decrypted if one adds the keyscript=/path/to/some/executable option in crypttab. That executable/script can do whatever it wants to produce the key (read it from the TPM, kernel keyring or the movement of stars in the sky), but it has to output the decryption passphrase for the drive to be decrypted. Is there a way to to avoid that? Somehow to tell dm-crypt that "hey, you're a module in the kernel, you should go and read it from somewhere where I don't have access to from userland"? Like a kernel keyring that's not user accessible? Am I looking at it wrong? I just started reading this crap (encrypting volumes and securely storing keys) and I am a bit lost in here. The main purpose would be that if someone would have access to the machine (a booted, let's say even a logged-in root shell available, the worst case) that they would not be able to just run the keyscript executable to obtain said key. Or, at that moment is a lost cause no matter what? Volguus fucked around with this message at 22:53 on Aug 19, 2020 |
# ? Aug 19, 2020 22:39 |
|
I misread your post at first, but I think you're right that that's an inherent problem with automatic mounting mechanisms. They should be interactive and then you should remember the password will be stored in RAM too.
xtal fucked around with this message at 23:38 on Aug 19, 2020 |
# ? Aug 19, 2020 23:33 |
|
Anyone have recommendations for reliable wireless and Bluetooth solutions for Linux? The last couple Tumbleweed updates have left me with my Realtek USB wireless not working (it works in Windows) and my Broadcom USB Bluetooth adapter not working due to a packaging error in the driver. I'm online using a spare USB wireless stick that is nowhere near as my fast my rtl8812au (the spare is n, the rtl8812 is ac). The frustrating thing is that of course Bluetooth and the Realtek wireless work just fine in Windows. Should I give up on USB and go to a PCIe card? I'm loathe to do that out of a paranoia about case temperatures and airflow, but always used to run PCI wireless cards back in the old days. I'd like to have Bluetooth 5 and at least AC1200 speed, but trying to figure out which chipsets are best for Linux is a pain. Does anyone have recommendations about brands or products that are more known-good?
|
# ? Aug 20, 2020 06:45 |
|
Intel is generally well supported, but I mostly see them integrated in laptops (including my AMD ThinkPad, curiously); I don't think I've ever seen an intel-based USB dongle. I assume they exist as PCIe cards, though.
|
# ? Aug 20, 2020 10:25 |
|
Volguus posted:Welp: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-encryption It turns out these bits are built as modules for every arch except x86_64 so the docs are wrong in a different way. Neat. ❯ grep -nr CONFIG_ENCRYPTED_KEYS redhat/configs/ redhat/configs/generic/x86_64/CONFIG_ENCRYPTED_KEYS:1:CONFIG_ENCRYPTED_KEYS=y redhat/configs/generic/CONFIG_ENCRYPTED_KEYS:1:CONFIG_ENCRYPTED_KEYS=m I filed a bug against the docs so some day in the future this should be corrected. Thank you for pointing it out.
|
# ? Aug 20, 2020 11:44 |
|
Should I install Gentoo on my old laptop that I still rather would program on than my new macbook, or no? Debian just feels so out of date. I have Arch on my workstation but Im curious if I should turn up the heat a little bit
|
# ? Aug 23, 2020 02:07 |
|
excellent bird guy posted:Should I install Gentoo on my old laptop that I still rather would program on than my new macbook, or no? Debian just feels so out of date. I have Arch on my workstation but Im curious if I should turn up the heat a little bit You will turn up the heat on your CPU when you compile everything by yourself for no reason. Just use Arch unless you have a philosophical attachment to Gentoo.
|
# ? Aug 23, 2020 02:19 |
|
excellent bird guy posted:Should I install Gentoo on my old laptop that I still rather would program on than my new macbook, or no? Debian just feels so out of date. I have Arch on my workstation but Im curious if I should turn up the heat a little bit Have you tried Fedora?
|
# ? Aug 23, 2020 02:31 |
|
No And do you actually compile _byyourself_ or does Portage assist in cases such as, resolving dependencies? I like to watch computers compile, but only if it builds in success.
|
# ? Aug 23, 2020 03:27 |
|
excellent bird guy posted:No It does everything for you, you just sit back and relax looking at it work. Until you get the system up and running though (whatever that would mean to you), that's all you can do. Afterwards, if you have a browser, you can at least go on SA.
|
# ? Aug 23, 2020 05:26 |
|
excellent bird guy posted:No this is why I like gentoo as well. I'm dumb enough I actually once spun up a bunch of VMs so I could compile on them in parallel then I realized I could multibox hackertyper.com and get the same effect
|
# ? Aug 23, 2020 07:03 |
|
excellent bird guy posted:Should I install Gentoo on my old laptop that I still rather would program on than my new macbook, or no? Debian just feels so out of date. I have Arch on my workstation but Im curious if I should turn up the heat a little bit Debian Unstable is certainly not outdated. I would also recommend openSUSE Tumbleweed.
|
# ? Aug 23, 2020 08:56 |
|
does anybody use: https://github.com/swaywm/sway ? I think it's a fork of i3 except it's Wayland. Not sure what the advantages of that would be,. I start my computing session by first editing .xinitrc to choose my windows manager, and then typing xinit. I guess i'd have to learn a different system
|
# ? Aug 23, 2020 11:04 |
|
If you just like watching things compile, the ports system in FreeBSD is quite similar to portage, but I think it's a bit easier to live with precompiled packages if you desire. And on an old laptop, the hardware is probably supported, too. (I recommend using synth instead of just ports, though.)
|
# ? Aug 23, 2020 22:45 |
|
On a different note, my partner uses Fedora, and has one of those problems that seem like a nightmare to debug: after a few hours, sudo and unlocking the screen and anything else that need authentication hangs for ten plus seconds before responding; everything else seems fine. Strace of sudo doesn't work, of course. I've looked at the logs for logind and they look normal; there's nothing special for sss, and there's a bit too much to look through everything.
|
# ? Aug 23, 2020 23:09 |
|
Computer viking posted:On a different note, my partner uses Fedora, and has one of those problems that seem like a nightmare to debug: after a few hours, sudo and unlocking the screen and anything else that need authentication hangs for ten plus seconds before responding; everything else seems fine. This is admittedly a longshot, but they didn't happen to set up that box on an LDAP system or some other exernal auth system, did they? I once set up a personal laptop to be able to auth to the LDAP system at my work, never actually used it and then forgot all about it, and later on was puzzled when anything auth-related took forever (because it was trying to reach the unreachable-from-home LDAP server).
|
# ? Aug 24, 2020 06:52 |
|
excellent bird guy posted:does anybody use: https://github.com/swaywm/sway ? I think it's a fork of i3 except it's Wayland. Not sure what the advantages of that would be,. I start my computing session by first editing .xinitrc to choose my windows manager, and then typing xinit. I guess i'd have to learn a different system I use it; I'm pretty happy with it. Mainly because of the always-works vsync, and support for independent DPI per monitor. If i3 already works perfectly for you though, there's probably no real point in switching. It's not a fork of i3 btw, it's a new from-scratch wm that intentionally works like i3.
|
# ? Aug 24, 2020 07:46 |
Computer viking posted:If you just like watching things compile, the ports system in FreeBSD is quite similar to portage, but I think it's a bit easier to live with precompiled packages if you desire. And on an old laptop, the hardware is probably supported, too. As for building stuff, synth or poudriere are both good - though the first is a community-maintained tool whereas poudriere is project-maintained. That, in and of itself, doesn't really matter as long as there's a community to maintain it, but becomes a problem if synth ends up like portmaster which for a long time didn't have a maintainer, and therefore didn't support flavors after that feature had been rolled out.
|
|
# ? Aug 24, 2020 08:58 |
|
Hello, the Gentoo mad man has logged on. I'm not sure I'd recommend Gentoo on a Laptop because Laptops are insanely fiddly to begin with, not to mention a proper compile job will cripple that thing. Especially since everything seems to pull in a browser nowadays and you DO NOT want to compile qtwebkit or qtwebengine or webkit-gtk on anything. Gentoo is, however, genuinely nice if you do any kind of dev work. Writing ebuilds is also far, far easier than writing .debs, and version bumping software is downright trivial. Some packages also exist as binary packages because gently caress compiling Firefox, so some of the worst offenders don't cripple you while compiling. Portage is pretty cool but it takes some reading to learn to understand its dependency error messages. You should only see those if you use unstable packages though, and Gentoo has become pretty conservative. Gentoo is absolutely amazing if you need to build a custom Linux distro for something. The tooling is almost perfect for this.
|
# ? Aug 24, 2020 11:40 |
Antigravitas posted:Hello, the Gentoo mad man has logged on. That's another place where FreeBSD and poudriere has a bit of an advantage (well, until Linux users discover it, and replicate it). Poudriere (or the development version, at least) can build the packaged base version of FreeBSD, which enables you to upgrade the base system via pkg(8), the binary package management system that's based on FreeBSD Ports. This means it's now possible to build an image (as a DVD, memdisk, zfs snapshot, or other media), of a custom version of FreeBSD on a workstation/server, optionally with with very high thread count and oodles of memory, and then install (and later upgrade) on a low-power device like a laptop, even one that's running an ARM chip like pinebook (since both the base system as well as ~30k ports builds on aarch64).
|
|
# ? Aug 24, 2020 11:56 |
|
You can let portage build binary packages as well, so you can have a build system prepare a binary repository for clients. Afaik it exists because some HPC environments use Gentoo for their compute nodes and if you have identical hardware running identical software you really don't need to run compile jobs on each individual node. One great thing is that you can just drop .patch files in a folder structure and have those automatically applied during the build process without having to modify the packaging process in any way. Just put the patch into /etc/portage/patches/$CATEGORY/$PACKAGE/[ $VERSION / ] and portage will pick it up on rebuild (if the ebuild supports it, which many do).
|
# ? Aug 24, 2020 12:27 |
|
Antigravitas posted:you really don't need to run compile jobs on each individual node. But it would be an awesome feeling maxing out that compile The first time, anyway
|
# ? Aug 24, 2020 18:08 |
Antigravitas posted:You can let portage build binary packages as well, so you can have a build system prepare a binary repository for clients. Afaik it exists because some HPC environments use Gentoo for their compute nodes and if you have identical hardware running identical software you really don't need to run compile jobs on each individual node. The end result is a folder that you can point nginx (optionally configured with acme.sh) at a folder, edit /usr/local/etc/pkg/repos/FreeBSD.conf, and get binary packages for your system over HTTPS for one or multiple systems, almost-independent of CPU architecture and other factors. RFC2324 posted:But it would be an awesome feeling maxing out that compile
|
|
# ? Aug 24, 2020 19:59 |
|
Portage can pretty much do that as well including the cross-architecture bit. I've used it to run Gentoo on a first generation raspberry pi. Just so I could say I had done it
|
# ? Aug 24, 2020 21:03 |
|
portage has always maxed out the thread on whatever machine I throw at it, provided I actually tell it how many to use I just want to do that on every node in a giant multinode HPC cluster
|
# ? Aug 24, 2020 21:05 |
|
Fun fact: Most projects default to -j1 for make. This is sane. You tell it to use more. Meson defaults to -j $(nproc). This is insane. You have to explicitly tell it to use less. Compiling qtwebengine with jumbo-headers consumes more than 2GB of RAM (!!!!111cos(0)) per compile thread. On an 8-core Ryzen with SMT that's 16*2GB of memory. Until the Gentoo people managed to reign it in that build was basically impossible on my machine with jumbo headers enabled…and without it takes EVEN LONGER. Webshit is an embarassment at all levels, it's crazy.
|
# ? Aug 24, 2020 21:20 |
|
Try running it with nice? I would expect a build tool for a huge program to use all my CPUs and RAM, otherwise what is it there for?
|
# ? Aug 24, 2020 21:30 |
|
That doesn't do anything, it'll just use less CPU while exhausting all your RAM until OOM kills it.
|
# ? Aug 24, 2020 21:31 |
|
This is why you use the -l option with make
|
# ? Aug 25, 2020 15:25 |
|
Running into an issue in Pop!_OS with X11 and dual monitors. I have a 4k monitor that desperately needs scaling enabled and a 1440p monitor that I game on. If I enable 200% scaling it enables it for both of them, I can't just set one individually. I'm running an Nvidia card so Wayland isn't an option, X11 only. I've tried gsettings set org.gnome.mutter experimental-features "['x11-randr-fractional-scaling']" but it doesn't seem to do anything. Any way to get this working? I guess I could set font scaling in Firefox so I can actually read on here but I would prefer to scale everything up on just the 4k and leave the 1440p monitor alone.
|
# ? Aug 30, 2020 22:19 |
|
I got a little minor issue. I thought it would just werk to create a PDF on the OSX laptop I own, but the thing saved as .pages, my company can't open it, then I exported pages to .pdf, and it won't open for me or the company now. So I will use one of my Linux builds for PDF because no way am I paying money to make a PDF file. What is a good one that is available, GNU/Linux? Doesn't matter which distro or repository I have, I'll be able to get ahold of it.
|
# ? Sep 1, 2020 21:21 |
|
excellent bird guy posted:I got a little minor issue. I thought it would just werk to create a PDF on the OSX laptop I own, but the thing saved as .pages, my company can't open it, then I exported pages to .pdf, and it won't open for me or the company now. So I will use one of my Linux builds for PDF because no way am I paying money to make a PDF file. What is a good one that is available, GNU/Linux? Doesn't matter which distro or repository I have, I'll be able to get ahold of it. LibreOffice can export to PDF, the question is if your document can be opened by it (no idea what .pages is). I usually just "print" to PDF in linux. Every program that has a print dialog has that option for me, no idea what package exactly brings in that feature.
|
# ? Sep 2, 2020 01:46 |
|
excellent bird guy posted:I got a little minor issue. I thought it would just werk to create a PDF on the OSX laptop I own, but the thing saved as .pages, my company can't open it, then I exported pages to .pdf, and it won't open for me or the company now. So I will use one of my Linux builds for PDF because no way am I paying money to make a PDF file. What is a good one that is available, GNU/Linux? Doesn't matter which distro or repository I have, I'll be able to get ahold of it. The LibreOffice Draw thing is fine for creating PDFs from scratch or from a Word file or whatever. Does forms too. It seems to be openable by Adobe Arcobat Reader DC. If you need to manipulate pages a lot I like PDF Arranger. PDFs it creates are definitely openable by Acrobat Reader DC. Or yeah just use the Print to PDF for easiest option.
|
# ? Sep 2, 2020 02:19 |
|
Perfect thanks. Well since I'm here I'll go ahead and complain a little. I've had so much trouble with Debian 10 these past few days. I got it in the first place for stability, which is good, nothing essential has broken. These past few days code that works on my Arch build doesn't work on Debian. This includes python3 certification stuff which I don't know much about to say specifically. Also installing nodejs per nvm, the npm seg faults. The nodejs/npm builds from apt repo are not even compatible. Everything just bothers me and I am going to go all out and say Debian 10 would be nice of course for servers but I don't want these problems anymore. Had no problem with sbcl environment though, so that's what I have to work on tonight until I can find a thumb drive somewhere (it's lost) and install something else, not sure but I have to have i3wm.
|
# ? Sep 2, 2020 06:56 |
|
I want to do browser based (selenium) web scraping with AWS Lambda functions but the only headless chrome binary is being fucky. My lambda has a file system at /mnt/efs so my next thought is to install chrome or Firefox in a specific folder on that file system. Is this possible in Linux?
|
# ? Sep 4, 2020 00:45 |
|
You should be able to find tar.gz files of Firefox or Chromium that can be extracted and run anywhere.
|
# ? Sep 4, 2020 01:30 |
|
waffle iron posted:You should be able to find tar.gz files of Firefox or Chromium that can be extracted and run anywhere. I tried to find Firefox portable for Linux to no avail. I’ll try Chromium Can’t try it until work tomorrow but it looks like maybe there may be chromium binaries I can download. CarForumPoster fucked around with this message at 02:14 on Sep 4, 2020 |
# ? Sep 4, 2020 01:51 |
|
CarForumPoster posted:I tried to find Firefox portable for Linux to no avail. I’ll try Chromium https://ftp.mozilla.org/pub/firefox/releases/80.0.1/linux-x86_64/en-US/
|
# ? Sep 4, 2020 02:38 |
|
|
# ? Apr 19, 2024 23:37 |
|
You’re cool and good. I’ll give this a try tomorrow.
|
# ? Sep 4, 2020 02:57 |