IRC Logs for #crux Sunday, 2014-05-18

*** jdolan has joined #crux00:05
*** jdolan has quit IRC00:09
*** njection has joined #crux00:11
*** dkoby has joined #crux00:53
*** dkoby has quit IRC00:55
*** vlnx has quit IRC01:29
*** vlnx has joined #crux01:31
*** vlnx has quit IRC01:44
*** vlnx has joined #crux01:46
*** tilman has quit IRC02:03
*** tilman has joined #crux02:05
*** vlnx has quit IRC02:07
*** jdolan has joined #crux02:07
*** vlnx has joined #crux02:07
*** jdolan has quit IRC02:11
*** pidsley has quit IRC02:12
*** mavrick61 has quit IRC02:30
*** mavrick61 has joined #crux02:31
*** jdolan has joined #crux03:08
*** jdolan has quit IRC03:12
*** vlnx has quit IRC03:37
*** vlnx has joined #crux03:39
*** jdolan has joined #crux04:09
*** jdolan has quit IRC04:13
RomsterteK_, i'm using feh --bg-scale ... can sxiv do that?04:44
openfbtdI don't see naything about settng the root window bg in sxiv's man04:47
RomsterteK_, URL:          https://github.com/muennich/sxiv.html <- 40404:49
Romsteropenfbtd, romster/aria2c05:01
Romsterdoes torrents05:01
Romstervlnx, abyxcos i'd recomend a docker host as there is a crux image prologic made.05:02
Romstereasy to spin up.05:02
Romsternrxtx, yeah that's probably not conting the fact i also am in compat-32 and xorg with a group of people as well05:03
Romsterhmm i don't see anything about background or root window in sxiv05:05
Romsterwould like to have my background and as a bonus make it also handle multiple windows either stretched or different backgrounds on each monitor.05:06
Romsterwhich feh doesn't do so well05:06
openfbtdRomster, I'm using bitflu for now05:07
openfbtdIt seems perfect for me so far05:07
Romsteraria2c or deluge is what i use here.05:19
Romsterdeluge is pretty heavy though05:20
diversearia2c can also encrypt your downloads as an extra05:55
diverseI found myself using aria2 more after I got rid of transmission, although I need to play around with it more05:57
*** xvee has joined #crux06:01
xveewasn'there a mate port some time ago?06:01
*** dkoby has joined #crux06:07
*** jdolan has joined #crux06:10
*** phant0mas has joined #crux06:14
*** jdolan has quit IRC06:15
diversexvee: there is one, just not listed on portdb06:15
xveeyea i think i just found it. how come its not in the ports?06:19
diversexvee: ask jaeger06:25
xveehow are you diverse? been a while06:32
diversealrighty06:33
xveei suppose thats good06:34
diverse*I'm alright06:34
diverseyeah, what about you?06:34
xveejust finished finals. im so drained06:35
Romsterxvee, https://code.google.com/p/crux-mate/06:46
xveeRomster:  yea i got it. im actually compiling it06:50
Romstercool i hope they fixed that port i forget which that had itself listed as a dependency and made prt-get go spastic...06:50
xveehm. the build fails. cant seem to find the libgcrypt.so files http://pastebin.com/JnzFM7D906:54
xveethough libgcrypt is installed06:54
Romsterxvee, a recent libgcrypt brike ABI you need to prt-get update -fr `revdep`07:02
Romsterbroke*07:02
*** jdolan has joined #crux07:11
xveeill give it a shot. thanks romster07:15
*** jdolan has quit IRC07:15
xveeprt-get update -fr `revdep`07:20
xveeis taking quite a while o.o07:20
diversexvee: revdep is really slow07:33
xveeyea it finished. figured since it has to go through a whole lot07:38
*** hbekel has quit IRC07:51
*** hbekel has joined #crux07:53
*** blueness has quit IRC07:54
xveemate-notification-daemon also failed to compile http://pastebin.com/uxN9RyWr07:54
Romsterhas to check every library on every installed port07:54
Romsterdid you add prtdir for mate above opt?07:55
xveeyea. makes sense why it was slow. no biggie07:55
Romstermate seems to over ride a few ports07:55
Romsterthen prt-get sysup07:55
horrorStruckjust out of curiosity, how many ports do you guys have installed on your machines? 374 here07:57
xveetried doing a sysup. says the system is update to date07:57
Romster77807:57
Romster-32 stuff adds a lot to that.07:58
horrorStruckyou have a lot of multimedia stuff Romster, don't you?07:58
diverseprt-get listinst | wc -l, gives me 45207:58
Romsteryes07:58
horrorStruckah you're right, i didnt think about lib-32 stuff07:59
xvee322 on my end07:59
horrorStruckcore itself is already 10708:00
Romsterpkginfo -i |cut -d' ' -f1 |egrep '\-32$' |wc -l08:00
Romster12408:00
Romsterso still a ton of ports on my system.08:01
diverseNothing wrong with having a ton of ports08:01
Romsterapparantly i'm insane though :D08:01
horrorStruck:D08:01
diverseRomster: by frinnst standards08:01
*** xvee has quit IRC08:02
*** xvee has joined #crux08:04
xveei tried launching mate...not a very good idea. xD08:04
diverseRomster: although frinnst freaks out everytime he sees a giant text wall08:05
xveeRomster: it isn't above opt, no08:08
xveeill try that out now, see if sysup changes anything08:08
horrorStruckRomster: btw, ffmpeg-compat is at 0.10.12 if you have time to bump it08:09
horrorStruckxvee: what happened when you launched mate?08:12
*** jdolan has joined #crux08:12
xveeno icons, couldn't click anything. all i had was a wallpaper lol08:12
diverseat least you got a wallpaper08:12
xveemeans the compiling is working lol08:13
diversenow get a wallpaper in your dwm environment08:14
xveelooks like its a heafty system update. probably why it wasn't launchng08:14
xveei've had a black wallpaper on dwm ever since i've been using it08:14
diversehow original08:14
horrorStruckme too, no wallpaper in fact08:14
xveeblack wallpapers make me edgy.08:15
diverseand I got tired of a black backgrounds in my terminal08:15
*** jdolan has quit IRC08:16
xveewhats your setup like now08:16
horrorStruckcan't live without my orange terminal cursor :P08:16
horrorStruckxvee: not sure who you were talking to but still the same here... dwm, rxvt-unicode+tmux and chromium is all i need08:19
xveei was talking to diverse. i recall he wasn't happy with e1808:20
xveebut i've been using dwm for a while too. i just want change...i've been using it for ever08:20
horrorStrucknot happy with it? i'd find it "difficult" not to use tiling anymore08:21
diversexvee: I'm getting a pic of it, hold on08:21
diversexvee: and it's just the st terminal08:22
diversehorrorStruck: no WM porn, just terminal porn08:22
horrorStruck<308:23
xveeis boot time porn a thing? i kinda like that08:23
diversehttp://imgur.com/KbnfwNd08:23
diversethis is more pleasing on my eyes08:23
horrorStrucki'm a boot time fetishist08:24
diverseinstead of a black background08:26
xveei always wanted to see crux boot up on a bunch of ssd's in raid08:26
xveetalk about ricers eh?08:26
diverseactually now that I think about it, I think I created a "crux" terminal theme! \o/08:27
diversekind of like the blue penguin08:27
diversexvee: did you see it?08:28
xveeyes, its not bad at all08:29
diverseI was limited with 256 colors only, so I don't have a lot of freedom that vte terminals have08:29
xveewell, mate just finished compiling08:30
xveelet me log into that, brb08:30
*** xvee has quit IRC08:30
*** xvee has joined #crux08:36
xveeyea...ill stick with dwm.08:36
xveeit took for ever to log into, and it was using 50% of my cpu. cmon...08:37
diverseperhaps it was not built properly08:40
diverseanyway talk to jaeger about it08:40
xveeyea i will =]08:40
xveewell im off to bed. good night everyone =]08:41
diversexvee: but I predict even with it built properly, you will still go back to dwm. So you will get my eye-roll of doom in advance08:41
xveei've used mate before08:42
xveeif it worked properly, i would've used it for quite a while lol08:42
diversealright, I will take the benefit of the doubt08:42
xveei wish there was a pantheon port though. that this looks really nice. too bad its unsable as hell08:42
diversejust worry about mate, so have a good night08:43
xveegood night08:43
*** xvee has quit IRC08:43
*** phant0mas has quit IRC08:59
*** phant0mas has joined #crux09:01
*** jdolan has joined #crux09:12
*** BitPuffin has joined #crux09:16
*** jdolan has quit IRC09:17
*** BitPuffin has quit IRC09:25
*** BitPuffin has joined #crux09:35
*** doomicide has joined #crux09:41
*** himynameisphil has quit IRC09:49
*** doomicide has quit IRC09:56
*** jdolan has joined #crux10:13
*** jdolan has quit IRC10:17
*** jdolan has joined #crux11:14
*** jdolan has quit IRC11:18
cruxbot[contrib.git/3.0]: ffmpeg-compat: 0.10.7 -> 0.10.1211:21
RomsterhorrorStruck, ^11:22
*** BitPuffin has quit IRC11:24
*** jdolan has joined #crux12:15
*** toriso has joined #crux12:18
*** jdolan has quit IRC12:19
*** blueness has joined #crux12:38
nrxtxhi12:51
*** sh4rm4 has joined #crux13:08
*** jdolan has joined #crux13:15
*** jdolan has quit IRC13:20
*** BitPuffin has joined #crux13:32
*** dkoby has quit IRC13:54
*** haltect has joined #crux14:08
*** pidsley has joined #crux14:13
*** jdolan has joined #crux14:16
*** Rotwang has joined #crux14:31
*** jdolan has quit IRC14:36
nwenow I using crux 3.1 :) working very good :)14:41
BitPuffin:)14:42
frinnstgreat14:50
nweyeah :)14:53
*** pitillo has quit IRC14:58
*** pitillo has joined #crux14:59
*** jdolan has joined #crux15:07
nweI just chage from 3.0 to 3.1 in /etc/ports/* and ports update && prt-get update -fr $(prt-get listinst15:10
nwe)15:10
frinnstnice. you will probably experience some breakage before everything is sorted. libpng is incompatible and fucking everything links with it15:13
nwefrinnst: yupp I know :)15:14
BitPuffinyeah I still need to sort that15:17
nwefrinst how have you done with the libpng problem ? installed libpng15 ?15:26
*** haltect has quit IRC15:32
*** jdolan has quit IRC15:37
*** jdolan has joined #crux15:50
*** lnds has joined #crux16:18
BitPuffinnwe: rebuild everything that links to it16:33
*** pitillo has quit IRC16:44
*** pitillo has joined #crux16:46
nweBitPuffin: did you run prt-get update -fr $(revdep) ?17:20
nwenow it?s working :)17:23
horrorStruckRomster: thanks17:24
cruxbot[opt.git/3.0]: dnsmasq: update to 2.7117:30
nwehow can I remove whole xfce ?17:42
cruxbot[core.git/3.0]: xfsprogs: update to 3.2.017:47
BitPuffinnwe: no that didn't work because not all packages that depend on libpng will have that in their Pkgbuild17:57
BitPuffinIt was suggested that I use finddeps instead17:57
BitPuffinor something like that17:57
BitPuffinfrom the prt-utils package17:58
BitPuffinnwe: I believe that xfce is a port collection right? so just `cd /usr/ports/xfce && prt-get remove *`17:58
*** jdolan has quit IRC18:33
*** jdolan has joined #crux18:34
*** toriso has quit IRC18:37
*** jdolan has quit IRC18:39
*** jdolan has joined #crux18:52
cruxbot[contrib.git/3.0]: dmenu: took maintainership19:16
cruxbot[contrib.git/3.0]: leafpad: took maintainership19:16
cruxbot[contrib.git/3.0]: ncdu: took mantainership19:16
cruxbot[contrib.git/3.0]: [notify] thunderbird: updated to 24.5.019:16
cruxbot[contrib.git/3.0]: pidgin: took maintainership19:30
BitPuffinso19:38
BitPuffinwhere do I add the march flag to GCC?19:38
BitPuffinI'd like to rebuild stuff so that it's optimized for my CPU :)19:39
horrorStruckBitPuffin: /etc/pkgmk.conf19:40
cruxbot[contrib.git/3.0]: iotop: took maintainership19:41
cruxbot[contrib.git/3.0]: murrine: took maintainership19:41
BitPuffinyay! got crux iso now on iniz19:57
cruxbot[contrib.git/3.0]: thunderbird: cleanups20:05
cruxbot[contrib.git/3.0]: iotop: new maintainer again20:05
*** lnds has quit IRC20:10
*** prologic has joined #crux20:18
BitPuffinshould /boot be checked on pass 2 or 1_20:21
BitPuffin?20:21
*** BitPuffi1 has joined #crux20:23
*** BitPuffin has quit IRC20:25
horrorStruckBitPuffi1: i'd say 220:28
BitPuffi1yeah that is what I went with20:30
horrorStruckjust make sure /  is 120:31
BitPuffi1it is20:31
z3brahi !20:33
z3braGot a question20:36
z3braby default, what's the uig/gid of the newly created user ?20:36
horrorStruckz3bra: 100/10020:37
z3braokay, just wanted a confirmation, thanks20:38
horrorStruckroot:~# grep -i min /etc/login.defs20:38
horrorStruckPASS_MIN_DAYS           020:38
horrorStruckPASS_MIN_LEN            520:38
horrorStruckUID_MIN                 10020:38
horrorStruckGID_MIN                 10020:38
horrorStruckSYS_UID_MIN             2520:38
horrorStruckSYS_GID_MIN             2520:38
z3braoh, nice hint20:39
BitPuffi1hm weird20:41
BitPuffi1lilo20:41
BitPuffi1Fatal: Open /dev/ is a directory20:41
BitPuffi1ah20:43
jaegeredit lilo.conf20:43
BitPuffi1yup20:45
BitPuffi1setting boot to /dev/sda2 and root to /dev/sda320:45
frinnstor use extlinux/grub20:45
BitPuffi1oddly enough it says partition 2 on /dev/sda is not active20:45
frinnstlilo should die20:46
BitPuffi1ah20:47
BitPuffi1thoguht lilo was preferred on a server20:47
jaegerboot loader doesn't particularly matter, it's your preference20:48
BitPuffi1well I am used to grub20:48
BitPuffi1so I guess I will use that20:48
frinnstsure, it does the job. but its very limted and cant cope with proper filesystems :)20:49
horrorStruckif CRUX were a bootloader, it'd be syslinux :P20:49
BitPuffi1frinnst: well since this is a vps I\m just using ext4 anyway :P20:50
*** hbekel has quit IRC20:51
BitPuffi1hmm20:55
*** Rotwang has quit IRC20:58
*** phant0mas has quit IRC21:02
*** haltect has joined #crux21:06
*** haltect has quit IRC21:15
z3braWhy doesn't CRUX have utilities like c99, c89, etc.. ?21:24
*** xvee has joined #crux21:25
horrorStruckxvee: boot porn for ya, 18+ only ! http://i.imgur.com/PyFpYPt.jpg21:28
xveehorrorStruck: jelly :P21:36
xveeare you on an ssd?21:36
horrorStruckxvee: yep21:37
horrorStruckfew years old m421:37
horrorStruckbut most important, sys***d :P21:37
BitPuffi1hrm21:38
BitPuffi1I can't seem to get my network working if I use static IP21:38
z3brawith systemd ? ôO21:39
BitPuffi1wat21:39
BitPuffi1not with crux21:39
BitPuffi1on 3.1 RC21:39
BitPuffi1I set the ADDR variable to be my ip21:39
horrorStruckit's my frankencrux/cruxenstein install :)21:40
xveehorrorStruck: sorta tempted to try systemd, but i know everythign will go to the shitter if i do lol21:40
z3braxvee, if all you need is a fast boot21:40
z3brajust try sinit + minirc21:40
BitPuffi1and my default gateway to be the ip but .1 for the gateway (like they said) and the mask to be 2421:41
BitPuffi1since it's 255.255.255.021:41
z3brait boots faster than systemd on my notebook21:41
BitPuffi1is it different how you add your ip with ip if the ip address you specify is a public one_21:41
BitPuffi1?21:41
horrorStruckxvee: i really like it. more and more in fact...21:41
z3braBitPuffi1, http://sprunge.us/THde21:43
z3brathat's how I set my static IP21:43
z3bra/etc/rc.d/net start|stop21:43
xveez3bra: do you use sinit?21:44
BitPuffi1z3bra: this is for a serve21:44
z3braxvee, not on crux21:45
z3brabut someone does at 2f3021:45
z3brahttp://git.2f30.org/crux-initscripts/21:45
z3braBitPuffi1, and so what ?21:46
z3brawhat is it running ?21:46
BitPuffi1z3bra: your setup is using an internal ip21:46
BitPuffi1this doesn't have an internal network21:46
z3braI don't get it21:47
z3bra(What you're trying to achieve)21:48
z3braSet the external IP of the server ?21:48
z3braMake it the gateway of something ?21:48
BitPuffi1yeah set the ip21:49
z3braThe ip of the card connected to the internet ?21:50
z3bradirectly ?21:50
BitPuffi1I dunno it's a VPS21:51
z3braOh, so it does already have an IP21:51
z3braas you're connected to it ?21:51
BitPuffi1he said they don't have an internal ip and that I should use the details he provided for static assignment21:51
BitPuffi1yes21:51
BitPuffi1through vnc21:51
z3braMmmh21:52
z3braI don't know what they mean by "internal IP"21:52
BitPuffi1jaeger which package contains the /etc/rc.d/net script?21:52
*** blueness has quit IRC21:52
BitPuffi1z3bra: I guess the usual setup you have at home where it's 192.168.1.something21:52
z3brawell, then the script I gave you should be fine21:53
z3brahttp://crux.nu/Main/Handbook3-0#ntoc5221:53
*** blueness has joined #crux21:54
*** blueness has quit IRC21:54
*** blueness has joined #crux21:54
z3braBut you need to know your gateway's IP21:54
z3braand the mask21:54
z3bra(as well as the network address)21:54
z3bra(and your interface name)21:54
BitPuffi1Yeah I know the gateway and mask etc21:55
z3brathen update the script accordingly21:55
BitPuffi1well one would think it would work with the default script21:55
xveei might try systemd with crux 3.1.21:55
z3brahttp://crux.nu/portdb/?a=search&q=systemd21:56
z3branot available, even in contrib :P21:56
z3brafrom what I know, crux is heavily reticent to using systemd21:57
BitPuffi1nobody likes it no21:57
horrorStruckxvee: i have all ports available, just need to update to migration how-to...21:57
frinnstBLASPHEMY21:58
z3bra^this21:58
BitPuffi1z3bra: hmm well the script is basically identical21:59
z3braexactly :)21:59
z3braI used it to create my own, and it works like a charm21:59
horrorStruck:)21:59
frinnstBitPuffi1: are you running 3.1-rc ?22:00
frinnstiproute2 provides /etc/rc.d/net if thats the case22:00
z3branice22:00
frinnst(prt-get fsearch net)22:00
z3bradoes it use an external config file ?22:00
BitPuffi1frinnst: yeah, although I realized that vim could undo all the way back22:00
BitPuffi1so it was fine22:00
frinnstgreat22:01
BitPuffi1well I still can't get the network working lol >P22:01
frinnstmaybe your host fucked it up?22:01
z3braNeed to sleep22:02
z3bragood night everybody !22:02
frinnstwhat kind of ip are you supposed to use? a public class c ?22:02
*** pidsley has quit IRC22:13
*** linXea has quit IRC22:13
*** Amnesia has quit IRC22:13
*** BitPuffi1 has quit IRC22:14
*** blueness has quit IRC22:14
*** cybin has quit IRC22:14
*** pekryl has quit IRC22:14
*** z3bra has quit IRC22:15
*** jaeger has quit IRC22:15
*** sh4rm4 has quit IRC22:15
*** Feigrim has quit IRC22:15
*** nrxtx has quit IRC22:15
*** c0x has quit IRC22:15
*** nogagplz has quit IRC22:15
*** prologic has quit IRC22:16
*** teK_ has quit IRC22:16
*** nullmark has quit IRC22:17
*** xvee has quit IRC22:17
*** pitillo has quit IRC22:17
*** jue has quit IRC22:17
*** horrorStruck has quit IRC22:17
*** pips has quit IRC22:17
*** orbea has quit IRC22:17
*** rmull has quit IRC22:17
*** cosban has quit IRC22:17
*** mavrick61 has quit IRC22:17
*** syncn has quit IRC22:18
*** lowe has quit IRC22:18
*** shat has quit IRC22:18
*** DaViruz has quit IRC22:18
*** rauz has quit IRC22:18
*** nwe has quit IRC22:18
*** Lukc_ has quit IRC22:19
*** cruxbot has quit IRC22:19
*** darfo has quit IRC22:19
*** dxtr has quit IRC22:19
*** deus_ex has quit IRC22:19
*** krue has quit IRC22:20
*** thetornainbow has quit IRC22:20
*** chris2 has quit IRC22:20
*** blueness has joined #crux22:21
*** xvee has joined #crux22:21
*** BitPuffi1 has joined #crux22:21
*** pitillo has joined #crux22:21
*** pidsley has joined #crux22:21
*** sh4rm4 has joined #crux22:21
*** mavrick61 has joined #crux22:21
*** prologic has joined #crux22:21
*** jue has joined #crux22:21
*** horrorStruck has joined #crux22:21
*** teK_ has joined #crux22:21
*** Feigrim has joined #crux22:21
*** cybin has joined #crux22:21
*** nrxtx has joined #crux22:21
*** deus_ex has joined #crux22:21
*** pekryl has joined #crux22:21
*** Lukc_ has joined #crux22:21
*** c0x has joined #crux22:21
*** openfbtd has joined #crux22:21
*** darfo has joined #crux22:21
*** linXea has joined #crux22:21
*** Amnesia has joined #crux22:21
*** frinnst has joined #crux22:21
*** cruxbot has joined #crux22:21
*** nogagplz has joined #crux22:21
*** syncn has joined #crux22:21
*** pips has joined #crux22:21
*** lowe has joined #crux22:21
*** dxtr has joined #crux22:21
*** z3bra has joined #crux22:21
*** shat has joined #crux22:21
*** jaeger has joined #crux22:21
*** nullmark has joined #crux22:21
*** rmull has joined #crux22:21
*** cosban has joined #crux22:21
*** orbea has joined #crux22:21
*** rauz has joined #crux22:21
*** kInOzAwA has joined #crux22:21
*** nwe has joined #crux22:21
*** thetornainbow has joined #crux22:21
*** DaViruz has joined #crux22:21
*** joacim has joined #crux22:21
*** heroux has joined #crux22:21
*** krue has joined #crux22:21
*** Sleepy_Coder has quit IRC22:23
*** Sleepy_C1der has joined #crux22:23
BitPuffi1frinnst: well if I get dns with dhcp I bet they have one22:23
BitPuffi1so now I am asking them22:23
*** chris2 has joined #crux22:26
BitPuffi1okay they recommend google dns22:30
frinnsthow cheap of them :)22:30
BitPuffi1:P22:31
BitPuffi1it is a cheap vps22:31
frinnstanybody have trouble resolving kernel.org?22:31
frinnst ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 3503122:32
frinnstah, up now22:32
BitPuffi1yay it woorks22:33
BitPuffi1so22:41
BitPuffi1the ssh default configuration does nothing_22:41
BitPuffi1?22:41
frinnst?22:49
BitPuffi1well I mean it doesn't accept connections_22:50
BitPuffi1since I can't ssh to it22:50
BitPuffi1:P22:50
frinnstcheck /etc/hosts.allow22:50
frinnstor make sure you dont have anything in /etc/hosts.deny22:51
frinnstalso check sshd is running and listening for connections: ss|grep ssh22:52
BitPuffi1oh lol22:52
BitPuffi1ALL: ALL: DENY22:52
frinnstsorry, ss -l|grep ssh22:53
BitPuffi1I can't seem to pipe with vnc lol22:53
BitPuffi1so that is kind of a problem22:53
BitPuffi1but yeah it seems to be running22:53
frinnstjust comment out the DENY line and you are good to go22:54
BitPuffi1*:*22:54
BitPuffi1that doesn't sound like a good idea22:54
BitPuffi1lol22:54
BitPuffi1can't I just explicitly allow ssh?22:54
frinnstuse iptables for security22:54
frinnstsure you can, unless you prefer iptables22:54
BitPuffi1ah22:55
BitPuffi1I was considering trying that new thign22:55
BitPuffi1what's it called22:55
prologictcp_wrappers is not good security ihmo22:55
BitPuffi1iftables_22:55
frinnstsshd: ALL: ALLOW22:55
prologiciptables if you want to firewall things to ip ranges and such :)22:55
frinnstin hosts.allow22:55
BitPuffi1prologic: tcp wrappers is the hosts.deny stuff?22:55
prologicufw you mean22:55
prologicipfilter22:55
BitPuffi1prologic: no there is a new thing22:55
prologicwith it’s own dsl as such22:55
prologicyeah22:55
frinnstebtables22:55
prologicthat’s what I’m talkinga bout :)22:55
prologicin any case ip filtering is over rated :)22:56
prologicI almost never firewall any of my machines22:56
prologicexcept my home network22:56
prologicjust don’t run any unwanted services :)22:57
frinnstbe careful messing with remote firewalls :)22:57
frinnstnot fun locking yourself out22:57
frinnstzz22:58
prologicindeed22:58
prologicdone it many many many times22:58
BitPuffi1nftables22:58
prologicvery painful experience :)22:58
prologicQ: Do you really need ip security?22:58
prologicsshd - key only access, turn off everything you don’t need22:59
BitPuffi1yeah I'm gonna set up key only acces soon23:02
BitPuffi1but initially it will have to do to just disable root login23:02
prologicit’s far easier than setting up an elabarate firewall :)23:03
BitPuffi1well a firewall is probably good to have as well23:04
prologicand you could just easily setup something like denyhosts or such that watches auth logs for ssh auth failures and explitely blocks them23:04
prologichttp://dfarq.homeip.net/2011/10/dont-use-software-firewalls-good-advice-or-bad/23:05
BitPuffi1doesn't really seem server oriented23:06
prologicno but it illustarted the same point23:06
prologicyou can either be as paranoid as all hell and setup really strict firewall rules, etc23:07
prologicthen lock yourself out accidently :)23:07
prologicor somtwhere in between23:07
prologicor not have one at all and just don’t run anything you don’t want to :)23:07
prologiclike en open nfs that you haven’t configured or an open dns server23:07
*** xvee has quit IRC23:08
BitPuffi1hmm23:10
prologichttp://ubuntuforums.org/showthread.php?t=168559823:11
prologicsome other opiniated material worth reading23:11
prologicthe thing is a firewall (software) won’t save you in the event of a zero day exploit for example23:11
prologicat beast it’ll prevent unknown or unwanted networks from accessing services on your server23:12
prologicand maybe you can also elaborately setup rules for denying spoofing as well23:12
prologicmaybe even hide your server from icmp echo (ping)23:12
prologicbut what are you really protectng, and will it really protect you :)23:13
prologicif you don’t expose anything to the web (or very little) there’s very little ways of getting in :)23:13
BitPuffi1well23:15
BitPuffi1I will be exposing stuff23:15
BitPuffi1I now have lighttpd running :P23:15
prologicgreat so web :)23:16
prologiclike all the millions of other webservers around the world :)23:16
prologicoh wait I don’ tknow any lighttpd exploits :)23:16
BitPuffi1:P23:17
prologicbut QED23:17
prologicfirewall don’t proect you from an exploit in lighttpd :)23:17
prologicyou could also look at openvz or docker (lxc)23:18
prologicprocess isolation made easy (docker)23:18
prologicor plain ol lxc/openvz23:18
prologichttps://www.docker.io/23:18
BitPuffi1yeah I*m gonna be running most things in docker indeed23:18
BitPuffi1in fact I'm gonna run everything in it's own docker23:19
BitPuffi1like the email server part23:19
BitPuffi1docker23:19
BitPuffi1the websites, separate dockers23:19
BitPuffi1file sync (maybe) separate docker23:19
BitPuffi1etc23:19
prologicgreat23:22
prologicso you’ll want to setup your crux host (presumably) with docker :)23:22
prologicyou’ll want to use my docker ports in contrib then ;)23:22
prologicjust don’t f’up your kernel :)23:22
BitPuffi1yeah :P23:22
prologicand fyi23:22
prologicthey’re called containers :)23:22
BitPuffi1I know23:23
prologicand fwiw I’m also adopting docker (d’uh) all round as well, servers, desktop, apps, services23:23
BitPuffi1oh right they call them docker containers, thought you meant the underlying tech23:23
prologicat home I’m trying to (haven’t started yet) Dockerize my local cups service(s)23:23
prologicyeah Docker Host as I think most call it23:24
prologicor Docker Platform23:24
BitPuffi1I'm just kinda confused23:24
prologicbasically you can: CRUX + Docker (from contrib)23:24
BitPuffi1if I need a separate crux install in every docker23:24
prologicwell plus a correctly configured kernel ofc23:24
BitPuffi1sure23:24
BitPuffi1there's a readme I think you informed me23:24
prologicit’s not considered a separate crux install per container, no23:24
prologicit’s called an image23:24
prologicor the image of your app/service/etc23:24
prologicand it doesn’t have to be crux fc :)23:25
prologicalthough I do provide a base image that is stock standard crux 3.0 (soon to be updated to 3.1)23:25
BitPuffi1well I mean I just don't know how to set it up so that it re-uses some stuff on the system :P23:25
BitPuffi1like for example if I have 4 websites23:25
BitPuffi1and they all use postgres or something23:25
prologicI also provide crux-python base image that has python, setuptools, pip, mercurial, git pre-isntalled ready to hack your next app up23:25
BitPuffi1I would want them to use the host binary of postgres23:25
BitPuffi1but run it in the container23:25
prologic4 websites, postgres backed db23:26
prologicsure23:26
prologicassuming they’re pwoered by http frontends of some kind (e.g: a python web app)23:26
BitPuffi1well I just mean that it loads the library from system23:26
BitPuffi1but nothing else23:26
BitPuffi1libraries*23:26
prologicyou’ll want something like hipache + 4x<your app container> + postgres container23:26
prologicand you link your web backends to postgres23:26
prologicvia docker linking23:26
BitPuffi1although my websites are gonna be using sqlite23:27
prologicor any other kind of discovery you want23:27
BitPuffi1but I mean, it would feel wasteful to install sqlite in all the containers23:27
BitPuffi1instead of sharing the disk space23:27
prologicthe host doesn’t need to have anything installed but Docker btw23:27
prologicyou don’t run postgres there23:27
prologicyou run it inside yet another container :)23:27
BitPuffi1no like I said23:27
BitPuffi1not running it there23:27
prologicperhaps (recommended) with a data volume container for the actual data storage23:27
BitPuffi1but loading the binaries etc from there23:27
BitPuffi1but again23:27
BitPuffi1I'm not gonna run postgres, it was an example23:28
prologic*nods*23:28
BitPuffi1but yeah23:28
BitPuffi1so with sqlite23:28
BitPuffi1it probably has libsqlite or something23:28
BitPuffi1I don't want to duplicate that over all the containers23:28
prologicideally you never installed anything on the actual host23:28
prologicrun eveying as containers23:28
BitPuffi1even lighttpd?23:28
BitPuffi1ssh has to be on host23:28
BitPuffi1lighttpd seemed reasonable to run on host23:29
prologicanything!23:29
BitPuffi1but I guess it could run in a container23:29
prologicyou could even run sshd in a container23:29
BitPuffi1well23:29
BitPuffi1no?23:29
prologicand bind mount the docker unix socket23:29
prologicso that the container you ssh into23:29
BitPuffi1then I couldn't get to the other containers could I haha23:29
prologicyou can at least spwan new containers23:29
BitPuffi1but then how do I update my kernel XD23:29
prologicahh :)23:30
prologicso yes23:30
prologicit’s a good idea for the host to run sshd itself23:30
BitPuffi1yup23:30
prologicbut probably nothing else :)23:30
prologicat least for “host upgrades"23:30
BitPuffi1okay so lighttpd goes in to a container then23:30
prologicI would ( I do )23:30
BitPuffi1you run lightd?23:30
prologicI do23:30
BitPuffi1coolio23:30
prologiclighttpd + circuits.web backends23:31
prologice.g: http://sahriswiki.org/23:31

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!