IRC Logs for #crux Thursday, 2017-10-05

*** ][_R_][ has joined #crux02:01
*** chinarulezzz has quit IRC02:02
*** chinarulezzz has joined #crux02:08
abenzsomething is not right with my fonts02:37
abenzI didnt change anything.. but they are somewhat too close or so02:37
abenzlike the letter get into the next letters' space02:37
*** _________mavric6 has quit IRC02:37
*** _________mavric6 has joined #crux02:38
marakuhmm, so for that symbol problem i had earlier... i fixed it by loading fb, shadow, and glamoregl in /etc/X11/xorg.conf.d02:57
marakualthough it's weird xorg doesn't do that automatically02:57
*** emmett1 has joined #crux03:12
j_vabenz: do you mean fonts in general or mainly fonts in the terminal?03:40
j_vi had issues with xterm font display after update to xterm-330, but turned out (for me at least) to be due to it not depending on fontconfig and xorg-libxft (fontconfig also pulls in freetype, which i needed).03:52
abenzin some apps04:08
abenzeg thunderbird04:08
abenzthey worked fine a few days ago I think04:08
abenzjust recently something looks off04:08
j_vdoes not sound like similar issue as my xterm one. i wonder if the recent freetype and/or fontconfig updates could have changed something that is affecting thunderbird font handling, maybe04:11
j_vmaybe start thunderbird from an x terminal to see if it's spitting out any errors/warnings during it's startup04:12
abenzgood call04:16
abenzgonna try it now04:16
abenznone, clean start04:16
abenzyou know I think I'm noticing it too on my terminal!04:16
j_vi wonder if there is an issue with the font dir indexing... i had an issue with that once, but i can't remember the details04:18
j_vdon't take me too seriously on this, i'm grasping at straws based on half remembered issues04:21
*** emmett1 has quit IRC04:21
j_vabenz: did you update fontconfig? if so, i'm wondering if you ran rejmerge to update fontconfig's etc/fonts/fonts.conf & etc/fonts/fonts.dtd?04:28
abenzno I haven't!04:31
j_vdidn't update fontconfig? or didn't rejmerge?04:32
abenzgoing through rejmerge now04:36
abenzbeen ages04:36
abenzso much stuff04:36
abenzj_v: I ran sysup so all up to date04:43
abenzand cleared all rejmerge04:43
abenzI suppose I need to exit X and relaunch it04:43
*** abenz has quit IRC04:44
*** abenz has joined #crux04:45
abenzthat didnt do it unfortunately04:45
j_vdamn... i'm reading up on fc-cache for rebuilding the fontconfig caches, but i'm hesitant to suggest that, because i seem to remember messing that up bad enough that i had an interesting time fixing it04:47
j_vwas at least more that a year ago, so i'm pretty fuzzy about any details04:47
j_vi'm no guru with setting up fonts. when i get them acceptable, i usually leave them alone. but i can understand the frustration when they look crappy or make it hard to read04:52
abenzespecially when they looked great just a few days prior :P04:55
j_vyeah, wish i was more help for you.04:56
*** tilman_ has joined #crux04:56
j_vfontconfig port's Pkgfile has at the end: 'rm -r $PKG/usr/share'04:59
j_vi'm pretty sure that should be: 'rm -r $PKG/usr/share/doc'05:00
j_vand then we would have manpages for the fontconfig utilities05:00
j_vprobably removing usr/share dates back to when manpages were in usr/man05:01
*** JanC_ has joined #crux05:36
j_vadded FS#1481 for fontconfig missing manpages, includes patch05:44
*** abenz has quit IRC05:49
*** abenz has joined #crux05:51
abenzj_v: I rebuilt cache.. still no go05:51
abenznot sure its font related anymore05:51
abenzI will make a screenshot05:51
abenzhopefully you can spot it05:51
abenzmore like spacing between letters ..05:51
j_vi don't blame you, makes things more readable05:52
abenzcan you spot it?05:56
abenzsee the non-uniform spacing between letters, so subtle but very annoying05:56
j_vyeah, that's weird... idk the answer, but i'll do a little research. i'm curious why that would happen05:58
abenzso its not a placebo effect is it? :P06:01
abenzvery clear right?06:02
j_vthe issue seems clear to me, though the cause is not. what's really weird is that, from what you've said, that fonts are like that for much or most applications in X06:04
j_vare you running a desktop environment?06:05
j_vah, used that for many years. good solid wm.06:09
j_vi've since moved to tiling wm (bspwm), but openbox rarely disappointed06:10
tilmanabenz: did you try playing with those subpixel rendering options in fontconfig?06:10
abenzyes I like it06:10
abenztilman: nope06:10
abenzdidnt touch a thing related to fonts06:10
tilmanand/or that lcd filter option06:11
abenzfirst time I hear about that06:11
abenzso that'd be a no06:11
tilmangrep -r rgb /etc/fonts06:11
*** elderK has joined #crux06:12
elderKHey guys, is anyone here having issues logging in to Steam?06:12
elderKI can see that it's having trouble finding the SSL certificates.06:13
elderKBut I don't know how to solve the problem :)06:13
tilmanabenz: so start by symlinking 10-sub-pixel-rgb.conf into conf.d06:13
tilmanthat might help already06:13
elderKI've tried straceing but I haven't found anything useful doing that06:13
tilmaniirc rgb is the most commonly used mode for displays06:13
abenzdo I need to run fc-cache or something ?06:15
tilmandont think so06:15
abenzok cycling openbox, brb06:15
*** abenz has quit IRC06:15
j_vtilman: thanks for stepping in to help abenz, you obviously know more about fonts and setup06:15
*** abenz has joined #crux06:16
abenzthat didnt fix it06:16
abenzsudo ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.d/06:16
abenzthats what you meant right?06:16
tilmanthat symlink is a little over-qualified, but yeah06:17
tilmantry the lcdfilter stuff next06:17
elderKabenz: What problem are you having? I just updated FT. And I'm thinking things are looking a little odd...06:19
abenzelderK: text doesnt look right:
tilmangrep -r lcdfilter /etc/fonts06:23
tilmanany hits?06:23
abenzsymlink it?06:25
abenzwhat does yours show tilman ?06:25
tilmannothing, but i'm not on crux anymore06:25
elderKWeird. Fontconfig settings don't seem to have any affect.06:26
elderKWill cycle Xorg later.06:26
tilmangotta run to work06:26
abenzI cant recall when this became a problem but it cant be a few days, I wouldn't noticed it.. not sure which sysup caused it06:26
abenztilman: thanks for tryna help06:26
elderKabenz: I just sysup'd now.06:27
abenzso you encountered the same prob as I have?06:28
elderKI sysuped yesterday too - or the day before. So this is recent for me.06:28
elderKVery similar to yours, yes.06:28
abenzI see06:29
elderKYou see the l in your picture? All my text in Firefox, Thunderbird, etc, looks like that.06:29
elderKWeirdly, URXVT seems to be fine. But that may be because I opened it prior to updating.06:29
abenzI see06:30
elderKAFAIK, you don't need to do anything like fc-cache etc. That's when you add new fonts, etc.06:30
elderKThis is just adjusting FT's parameters, afaik.06:30
abenzwell, if you get the solution pls ping me, I'll do the same06:30
elderKThanks abenz. I'm simply going to cycle through various things in conf.avil06:30
elderKQT powered stuff seems ok06:31
*** elderK has quit IRC06:32
*** elderK has joined #crux06:56
elderKabenz: No luck so far. It's almost as if the system is completely ignoring the changes in /etc/font/conf.d06:57
elderKabenz: Alright. I've found a configuration that seems to work okay for me. It's not perfect but it's suitable.07:02
elderKFirst I removed autohinter, lcdfilter, subpixel, etc, from conf.d07:02
elderKThen I linked in no-sub-pixel.07:02
elderKLinked in hinting-slight07:02
elderKRe-added autohint. Things seem okay07:03
elderKHope this helps :)07:03
cruxbot[compat-32.git/3.3]: fontconfig-32: 2.12.4 -> 2.12.607:28
cruxbot[compat-32.git/3.3]: curl-32: 7.55.1 -> 7.56.007:28
abenzelderK: many thanks for sharing07:29
RomsterelderK, i've had some issues logging into steam, if i log in the web site then log out, then steam will log in.07:32
cruxbot[opt.git/3.3]: fontconfig: update signature07:53
cruxbot[opt.git/3.3]: fontconfig: reinstate manual pages07:53
frinnstelderK: are you the one that opened the fs bug?09:02
*** onodera has joined #crux09:04
*** elderK has quit IRC09:06
*** amonn_ has quit IRC09:06
*** onodera has quit IRC09:54
*** pejman has quit IRC10:14
*** pejman has joined #crux10:14
pedjaabenz, does this sound like your issue? 'the spacing between characters is much larger with Harmony' (new default engine for Freetype-2.8.1)11:06
frinnstI already have a patch ready11:29
frinnstwill push it when I get to go to lunch11:29
frinnstvertical characters were super-thin etc11:30
pedjaI haven't noticed that, probably because I still enable ClearType in my Freetype build11:36
pedjaor use otf fonts. who the hell knows, fonts are a bit dark magic on Linux for me :)11:38
abenznot sure11:39
abenzwill see after applying frinnst patch11:40
pedjapatches in the FS bug are for FF/thunderbird, so I guess he has something else in mind11:42
pedjaabenz, have you tried using different fonts? maybe the new ft engine is more strict with rendering them, or something11:44
abenzprt-get isinst `prt-get search xorg-font` | grep -v not11:45
abenzpackage xorg-font-dejavu-ttf is installed11:45
abenzpackage xorg-font-terminus is installed11:45
abenzpackage xorg-font-util is installed11:45
abenzpackage xorg-fontsproto is installed11:45
abenzhow would I change the font used by thunderbirds menus ?11:46
pedjanever used it, sorry11:47
cruxbot[opt.git/3.3]: thunderbird: fix font rendering with freetype 2.8.1 "12:18
frinnstits with firefox esr too?12:58
frinnsti'll fix that after work then. the same patch probably works12:58
pedjaTB is based on FF, so probably yes :)13:18
jaegerpedja: I'd be afraid to remove the stripping from go because they'll likely break it again in the future :P13:33
pedjaaccording to go devs, if the application breaks because it was striped, it's a bug13:34
jaegeryeah. I agree with that but they have broken everything in the past more than once13:35
pedjadocker is ~3Mb smaller stripped, hugo 10+ :)13:36
pedjago builds fine with go-1.9, btw13:37
jaegeryeah, I've got 1.9.1 running locally13:37
jaegerneed to do some more docker tests before pushing it13:38
pedjaargh. *docker* builds fine etc. need more coffee13:38
pedjaare you using docker-ce repo for docker or that moby thingie?13:41
jaegermoby, I think. I haven't updated it in a while because of the version thrash13:42
*** onodera has joined #crux13:42
pedjayeah, they are...weird... :)13:43
pedjalast release, cli was in a separate repo. it's back into docker proper with 17.0913:44
jaegerew, that's messy13:45
jaegerElastic does stuff like that as well, very annoying13:45
*** amonn has joined #crux13:46
pedjahere is the Pkgfile I've been using, if you are interested
jaegerI'll check it out, thanks13:50
pedjanp. nothing seems to be broken, but :)13:52
jaegerIt'll be a while before I can take a serious look, need to spend some time today writing puppet configs for postgresql servers13:53
jaegerfor work13:53
pedjaahh, Ruby, right?13:56
jaegerit's ruby under the hood, mostly, but puppet has its own DSL so you don't often write ruby directly13:56
pedja damn, that's many options :)14:01
jaegerI can paste an example of using it if you're interested14:11
pedjayes, please :)14:13
pedjathat's not that bad, apart from somewhat weird json-like syntax :) you use something like KitchenCI to test it, or you have something else set up?14:20
pedjasorry for all the questions, btw, but ops side of things is very interesting to me14:23
jaegerI test it in a vagrant env on my local system14:24
frinnstjust found this old goodie on youtube
frinnsttoms hardware - what happens when a cpu heatsink is removed14:25
frinnstcomplete with wonderful amiga music14:25
jaegerheh, I remember that one without even watching :D14:26
joacimdidnt recognise it until i saw the smoking athlon cpu14:51
][_R_][Interesting that Intel seems to have some kind of protection built in14:52
joacimdo supermicro cases sometimes have different front panel pinouts?14:53
SiFuhI laugh at these Chinese ebay stores. I ordered something in Gray because there was no option for Silver as it was sold out. They email "i am so sorry for all the inconveniences caused.hope you will forgive14:56
SiFuhthey tell me that there is no gray only silver or some other colour and it sounds like we are dating and they are dumping me.14:57
*** cippp has joined #crux14:57
jaegerjoacim: they should all be the same in a particular line but I think there's no guarantee that different models or generations will be15:05
jaeger][_R_][: these days thermal throttling is a thing on almost all CPUs... those were more dangerous times :D15:06
onoderaHi, do files in a port have a manpage15:35
onoderasuch as Pkgfiles, .footprints, etc15:35
*** p4cman has joined #crux15:37
*** nwe has quit IRC15:37
*** nwe has joined #crux15:38
*** nwe has quit IRC15:43
*** nwe has joined #crux15:43
onoderaThanks SiFuh!15:46
SiFuhonodera: you don't need to worry about the footprint so much. When you have a successful package a footprint will be created. If I download your package and compile it and my footprint doesn't match the footprint from your package then it will error out. This tells me something is different on my system.15:51
onoderaSiFuh: I'm actually building a go library for interacting with ports, and wanted to lift some documentation :)15:55
onodera if you are interested15:56
SiFuhWhat is your opinion of 'go' ?15:57
onoderaI'm obviously biased, but it's my favorite language15:58
onoderait's very easy to pick up and very simple, but what the big big pro of the language is for me is the toolchain15:59
SiFuhI have never done anything in 'go'.15:59
onoderathe automatic formatting, the quick compile times, the ease of using third party packages, the build in testing and benchmarking15:59
onoderaanyways dinner time for me, brb16:00
SiFuhCRUX-go :-)16:00
jaegerI've written some small go apps for work, it's not bad. Some things are awesome, like how it handles concurrency... some things less awesome, like JSON16:05
SiFuhI should try and catch up to the young ones...16:20
SiFuhI still haven't even moved to C++ haha ;-)16:20
*** john_cephalopoda has joined #crux16:23
ryu0jaeger: if crux enabled the full set of GCC compiler frontends, we could use Go to write stuff for CRUX too. lol16:24
ryu0gccgo even.16:24
john_cephalopodaBut it would take longer to compile gccc.16:26
SiFuhare they modular?16:27
john_cephalopodaSiFuh: Iirc you have to recompile all of gcc to get e.g. gcc-fortran.16:28
SiFuhoh yuck16:28
SiFuhOpenBSD made xorg modular with it's 'xenocara'16:28
john_cephalopodaHmm, having modular libs for frontends (and possibly backends) would be nice.16:29
SiFuhmaybe gcc should do the same16:29
*** cippp has quit IRC16:30
][_R_][Perhaps begin allowing optional flags on the builds?16:50
][_R_][FYI: Unless you get binaries elsewhere, you can't compile all of GCC from CRUX (as the Ada subset is written in Ada...)16:50
SiFuh][_R_][: the intention is faster compilation. Compile the modules you need later...16:51
SiFuhand yeah you are right..16:51
SiFuhI myself do not like modules due to security reasons. Unfortunately they can be a needed security risk.16:52
][_R_][Optional flags would mean faster compiles for those who don't need everything.16:52
SiFuhI am not entirely sure if I understand your comment. But if you want options added you need to set flags.16:53
][_R_][I mean for a way to tell the package building system that "yes build gcc-go with the rest of gcc please"16:55
SiFuhsuch as what slackware offers?16:55
][_R_][Slackware doesn't have an automated build system last I checked16:55
SiFuhflags during compilation.. would also mean different footprints. That could work.. but the original issue was slower compilation.16:56
][_R_][The footprints thing is a headache anyways, is there even a case where it's useful?16:56
SiFuh][_R_][: sbopkg is close to automated and allows options to add flags, and view readme's. Slackpkg downloads pre-compiled binaries.16:57
SiFuh][_R_][: yeah removing each of the files, when you fsck up the package build. Also when you are missing something, that should be there because you are missing another package/library16:58
SiFuhI like the footprint, because it allows me to completely clean what ever the hell I fscked up.16:59
][_R_][I should've clarified my stance here17:00
][_R_][Other build systems I've seen don't care about shipping the footprint out with the source17:01
][_R_][CRUX is the only on that does that17:01
][_R_][The footprint after you've personally compiled it is fine (every package manager does that)17:01
][_R_][Though the "missing something" is more a fault of the package not correctly listing its dependencies.17:02
SiFuhThat is true17:02
SiFuhAtleast I can compare it to the maintainers version and see what is different. It isn't a sin, it is an education ;-)17:03
ryu0SiFuh: It's a "sin" in trigonometry. :P17:05
SiFuhI wondered if I would hear a good joke today17:06
SiFuhHusband and Wife are looking at their son. The wife say 'he looks strange'. They get a DNA test. The son is not related to either of them. She says "How can it be, I gave birth to him?". The husband says "Do you remember 10 years ago when he was born and he pooed in his diaper and you asked me me to change him? Well I got a new, clean one"17:10
john_cephalopodaSiFuh: In which way do modules introduce security risks?17:12
][_R_][If you can load any module, you can load a hostile one17:12
john_cephalopodaModules just would have to be handled like programs.17:14
john_cephalopodaActually I don't really see the difference here.17:14
][_R_][There isn't much really IMO17:15
][_R_][Especially not on a system that ships a compiler by default17:15
ryu0][_R_][: same logic can be applied to shared libraries.17:16
john_cephalopodaIf my compiler module is infected or my linker is infected doesn't really make a big difference in the end.17:16
ryu0in fact, to C, plugins are normally shared objects anyway.17:16
SiFuhjohn_cephalopoda: kernel models are run without security checks. THey can be modifed or manipulated. This is why binary blobs of drivers for your hardware that can be loaded are dangerous17:36
][_R_][Except those aren't even kernel modules IIRC.  They get loaded by kernel modules.17:37
SiFuhIf however your modules are compiled. You can read the source and see if it affects your system. However, the option of loading a module is just as bad.17:37
][_R_][Which is worse17:37
SiFuhIt allows the system to ACCEPT a loaded module whether or not it was compiled by the user/adminstrator17:38
john_cephalopodaSiFuh: You can also run any malicious software on your system.17:39
john_cephalopodaWithout any modules.17:39
SiFuhbut those don't affect the kernel17:40
SiFuhthey affect the user or the program17:40
john_cephalopodaTo load kernel modules, one requires root privs. And if a module has root privs or a program has root privs doesn't make a difference.17:40
SiFuhbut a compiler like GCC would affect system wide, and would not be a brilliant idea for the adminstrator.17:41
john_cephalopodaIf your gcc-fortran frontend module or your gcc-fortran executable is malicious, doesn't make a difference in the end.17:41
SiFuhSince it is modifying (loaded module) the original system that runs as an adminstrator.17:41
*** tsaop has joined #crux17:41
SiFuhmy point exactly17:42
SiFuhi want my source and i want to review my source.17:42
john_cephalopodaYou can review your module source, too.17:42
SiFuhI don't want a module unless i can compile it17:42
SiFuhand i want the source!17:42
SiFuhand if the system allows a module to load as a (hacked) adminstrator then what?17:43
john_cephalopodaWhat changes?17:44
john_cephalopodaIf the system allows a program to load as a (hacked) administrator, it can do the same thing.17:44
SiFuhYou want most of your primary software (kernel or what not) to run at boot without human or hacked intervention.17:44
SiFuhonce the bios tells mbr to find that kernel you dont want it modified at all!17:45
SiFuhHence rebooting a system when you update a kernel (simple sence)17:45
john_cephalopodaWhen somebody can bring a malicious gcc module into your system, they can also bring a malicious gcc into your system.17:45
SiFuhif GCC was to implement modules, GCC will needed to be loaded at boot time, from from modification....17:46
SiFuhunfrotunately it will never happen17:46
john_cephalopodagcc will simply be loaded when it is needed, and will load modules (via libdl or similar) when required.17:47
SiFuhjohn_cephalopoda: I hack into your system and I create my own module, and i load it as root.17:47
john_cephalopodaWhat's the difference to hacking into my system and creating your own gcc and replacing the actual gcc with it?17:48
SiFuhjohn_cephalopoda: I hack into your system and I create my own module, and I load it and it fails because root or not, I am denied17:48
SiFuhjohn_cephalopoda: good point17:48
SiFuhlook upwards17:48
SiFuh[03 46 15]� SiFuh> if GCC was to implement modules, GCC will needed to be loaded at boot time, 'free' from modification....17:49
john_cephalopodaWhy would it have to be?17:49
SiFuhprotect your system from hackers17:49
john_cephalopodaI want to compile something, I launch gcc and specify that I want to use the C++ module, I compile stuff with it, I terminate gcc.17:50
][_R_][Protip: if they have root, you're fucked anyways17:50
john_cephalopoda^ That's what I'm talking about the whole time17:50
][_R_][Doesn't matter if you disabled modules, there's so many other things they can do17:50
SiFuhi understand17:51
john_cephalopodaThe only thing that they can do with modules, is doing things in kernel memory. But with root privs, you could simply upload a modified kernel.17:51
SiFuhbut what i am saying is protecting your system17:51
SiFuhnot user/root land17:51
john_cephalopodaWhen user/root land is corrupted, the system is, too.17:51
SiFuhbut you actuall system. I think GCC should be treated the same as a kernel. Personal opinion though17:52
SiFuhjohn_cephalopoda: and ][_R_][ your opinions are great and I see how you are trying to protect the entire system.17:52
][_R_][... I like how you're the one that brought up the suggestion that gcc should be modular, then argued against it17:53
][_R_][Geez man17:53
SiFuhIt would be awesome if it was modular!17:53
SiFuhbut we can't do it17:53
john_cephalopodaOne has to be a root user to add kernel modules. When somebody is root user, then they can just replace the kernel with a new one. It won't even show up in lsmod. Way better.17:53
SiFuhhang on17:54
][_R_][Or replace init17:54
john_cephalopodaIt would take a reboot for it to work. The only disadvantage.17:54
SiFuhOpenBSD only allows modules if you step down security17:54
john_cephalopodaWhen you load modules that are badly written, your system could break.17:55
SiFuha monolothic system is probably the most secure we will get for a while17:55
john_cephalopodaWhen you execute badly written kernel code, that will happen, too.17:55
john_cephalopodaImo, microkernels are more secure than monolithic ones.17:55
SiFuhI am listening (reading)17:56
john_cephalopodaThey got modules which are completely sandboxed.17:56
john_cephalopodaYou can exchange modules, and compromised modules can't affect others.17:56
SiFuh][_R_][: What I beleive and what I want are not always the same.17:56
SiFuhjohn_cephalopoda: so if i write code and create a module it can affect another module or kernel? If I insert code it can cause more damage, even though it is reviewed by every developer?17:58
SiFuhIf the developer(s) miss an error in my code it can affect 'other' modules or the kernel?17:59
SiFuhnot 'can', sorry I mean 'could'17:59
john_cephalopodaA module in the linux kernel isn't really different from just writing new code into the kernel itself, iirc.18:00
john_cephalopodaThe only difference is, that you can load a module on the fly, while you have to recompile your kernel to get a module inside.18:01
john_cephalopodaYou can actually compile most modules into the kernel.18:01
SiFuhHow many are binary?18:01
john_cephalopodaThat doesn't have anything to do with modules.18:02
SiFuhI saw lots of options to allow binary blobs in my kernel18:02
SiFuhand i saw many options to load binary blobs as a module into my kernel18:02
john_cephalopodaYou can compile binary blobs into your kernel or load them as module. There is no difference, except for that you can add and remove the module at any time, while the blob is always in the kernel when you compile it in.18:03
SiFuhi dont want binary, i want source. I don't want an option to allow modules, since the can appended to my kernel  binary or not.18:03
john_cephalopodaWhen you don't want binary, just don't get any binary blobs.18:04
SiFuhthis entire argument is for Theo18:04
john_cephalopodaYou can still keep modules enabled.18:04
john_cephalopodaThat way you can load modules that you don't usually need (e.g. for some specific device) on-the-fly.18:04
SiFuhlet me simplify it18:05
SiFuhI hack your system (software)18:05
SiFuhI want your hardware18:05
SiFuhI create a module and now I have hardware access18:05
SiFuhthrough software, I have accessed your hardware18:06
][_R_][I think it'd do you good to understand what an attack vector actually is18:06
john_cephalopodaI hack your system and want your hardware18:06
john_cephalopodaI replace the kernel with a new one, or just do anything that root can do.18:06
john_cephalopodaThen I got hardware access, even without modules.18:07
SiFuhthat needs a reboot18:07
john_cephalopodaI can still reconfigure your network, or compile some program that accesses the hardware in any way.18:07
john_cephalopodaThe kernel will allow me to do anything with the hardware, since I am root.18:07
*** cippp has joined #crux18:08
john_cephalopodaWhen you are root, you got access to pretty much anything. A module can give you a little more convenience, but in the end it makes no difference.18:09
SiFuhnot neccesarily18:10
SiFuhif the kernel does not allow access from any user but itself then root is rendered useless.18:11
SiFuhroot is not the highest level in a system. A running system provides a kernel that has more power than the users/superusers themselves.18:12
SiFuhThe kernel allows some appendages but absoultely NO modifications of itself whilst running.18:12
SiFuhHacking root access is nothing like hacking a running kernel.18:14
john_cephalopodaSiFuh: Root can use syscalls to access any device that the OS can do things with.18:17
tilmanusing a module you'd be able to do things to the hardware that isn't exposed via a syscall18:18
SiFuhtry it on OpenBSD18:18
john_cephalopodatilman: That's true, on the other hand you could just overwrite the kernel and force a reboot.18:18
tilmani'm using pxe boot18:19
SiFuhjohn_cephalopoda: I am going to sleep and whilst doing so, I wish to beat my head against a wall...18:19
john_cephalopodatilman: Then having module access shouldn't change anything either.18:19
tilmanthe changes i apply to the hw using my module might persist a power cycle18:20
john_cephalopodaYeah, that's a difference.18:22
SiFuhwe went from hacking root to hacking kernel to hacking hardware to a system reboot.. Seriously read the previous comment, It is all up there...18:22
tilmanSiFuh: yeah, i did not. apologies ;)18:22
SiFuhno tilman you are fine18:23
SiFuhI was talking to to john_cephalopoda18:23
tilmanyay i'm fine18:23
john_cephalopodaThe OS is just an abstraction layer on top of the hardware. You have some more power over the hardware, but most functionality is implemented in Linux drivers, so with normal syscalls and root access, most things could be changed.18:24
SiFuhI can't understand. I mean I like the guy, he is very intelligent, but I don't see why he is denying something that has been fought against since the early 2K18:25
][_R_][He's not18:25
][_R_][He's arguing against your reasons18:25
SiFuh][_R_][: it is what I am saying18:25
][_R_][It isn't18:26
SiFuhI dont understand his argument because there is actually no argument.18:26
john_cephalopodaSiFuh: I'm saying that the decrease in security introduced by modules is probably not significant in most cases.18:26
][_R_][Anyone in a position to actually take advantage of that has many, many other attack vectors18:27
SiFuh][_R_][: no18:27
SiFuhyou cant say that I able to shoot a gun with 45 because I have an army behind me.18:27
SiFuhsorry if i am wrong18:28
SiFuhBut it sounds like, if a guy can create a module he can take down your entire system.18:28
][_R_][Your last line made no sense, I suspect multiple typos18:28
john_cephalopodaSiFuh: When a guy has root rights, he can take down your entire system, too.18:29
][_R_][If a guy can get a module loaded, he can do many other things that are just as problematic if not worse18:29
SiFuhyes john_cephalopoda but he cant change your kernel without a reboot.18:29
][_R_][And the module won't stay loaded without a reboot unless he also changes other files18:30
][_R_][It cuts both ways18:30
john_cephalopodaSiFuh: The kernel is just an abstraction layer. The attacker might be able to add a new device driver, but with root rights, they can access all devices that a driver exists for in the kernel.18:30
john_cephalopodaAlso with root rights, one can kill init and force a reboot.18:31
tilman< john_ceph> Yeah, that's a difference.18:31
tilmanstop argueing18:31
SiFuhi use to run a server. It was pretty much readonly. Anyone fsck with it, then i will know. I will never allow a reboot. Secondly incase of power failure I had a line printer that printed everything... If my servers went down i would review the printout and know if I was hacked.18:31
][_R_][So you're saying that you never applied security updates18:32
][_R_][Good to know18:32
SiFuhi never said that18:32
][_R_]["I will never allow a reboot"18:32
][_R_][Yes you did18:32
SiFuhforeign reboot18:32
SiFuhsorry   only i could reboot and everytime i reviewed all logs18:33
john_cephalopodaSiFuh: Somebody with root rights can manipulate logs.18:33
SiFuhgood luck manipulating a line printer18:33
john_cephalopodaNot having modules would not change that though.18:34
john_cephalopodaAlso it would be easy to DOS the line printer.18:34
SiFuhhow would you DOS a line priniter?18:34
][_R_][It has finite paper18:35
john_cephalopodaGenerate a billion lines of log.18:35
SiFuhyou want to DOS my LPT port?18:35
SiFuhFrom I don't know, China?18:35
][_R_][Don't need to, you're doing that already18:35
john_cephalopodaYou would see that something is wrong, but it won't show up in the logs, since the computer would have rebooted before it has finished logging.18:35
SiFuhIf you ever used a line printer as a log printer, you would know because 1) pattern change 2) you ran out of paper18:36
john_cephalopodaWhat does it log?18:36
SiFuhwhat ever you want it too18:36
SiFuhexample   syslog is line by line. Line printers, print line by line. Beautiful system.18:37
john_cephalopodaWell, if you want to log any access to anything, it can be DOS'd by just randomly accessing a lot of things. Then you could do an evil thing, then reboot and the queue in the computer would be gone. You would see a lot of accesses, but the malicious one would not be logged.18:37
SiFuhI recommend it to everyone who runs a server and wishes permanent logs.18:37
john_cephalopodaYou could see the reboot. But not what happened shortly before it.18:38
SiFuhjohn_cephalopoda: LPT port18:38
SiFuhyou want to dos it?18:38
SiFuhYou need to be inside my computer first18:38
john_cephalopoda1000 requests per second. Try to print so fast.18:38
SiFuhit was recorded by my shit ancient printer18:39
SiFuhthen you dos it18:39
SiFuhi still have records18:39
SiFuhmy system is comprimised..18:39
john_cephalopodaOr it just broke down from the load.18:39
SiFuhand now I know has ][_R_][  don't reboot!18:39
john_cephalopodaWhen somebody DDOSes your system and it breaks down and reboots, you can't be sure if it was compromised.18:40
SiFuhIf Server off take out drives and connect to another for check/verify18:40
john_cephalopodaWould be possible to do but a lot of work.18:41
SiFuhI don't allow my systems to reboot  Once down, i get messages/alarms on my phone. (I can't be 100% sure if it actually works, because I have never needed it)18:41
john_cephalopodaWhen somebody DDOSes you frequently, you'll be in the server room 24/7, reading logs and checking file integrity.18:42
SiFuhI don't think so. Skillful greps can do much faster searches ;-)18:42
john_cephalopodaThe electronic logs could be manipulated.18:43
SiFuhI dont rely on electronic logs18:43
john_cephalopodaYou can't grep paper logs.18:43
SiFuhI rely on paper logs18:43
john_cephalopodaAnd when your printer was DOS'd from the starting DDOS, it can't log the malicious activities. Those will only be in the electronic logs.18:43
SiFuhand I clone my system nightly so it has many comparrisons18:44
SiFuhjohn_cephalopoda: I said PATTERNS18:44
SiFuhWhen you look though paper logs as long as I have you will see a standard patter18:44
SiFuhline lengths, in groups.. Try it  You can flick through a months logs in 5 minutes and find something different18:45
john_cephalopodaIn a DDOS you have hundreds of patterns and then the computer goes down with maybe 10000 messages still in the printer queue, one of them maybe showing that you have been hacked.18:45
john_cephalopodaBut it never went out to the printer.18:45
SiFuhYou obvioulsy have never tried it... Try it...18:45
SiFuhYou will love it..18:45
john_cephalopodaI'm talking about unprinted, lost lines.18:46
SiFuhYou cannot DDOS an LPT printer18:46
SiFuhI don't care of the unprinted lines18:46
SiFuhI want to know if my system was comprimised18:47
SiFuhthat is what the printer does18:47
john_cephalopodaThe unprinted lines might contain the proof that your system was compromised - or not.18:47
john_cephalopodaWhen the system goes down with a full printer queue in memory, the messages that tell you that it is compromised can go missing.18:47
SiFuhonce you are in... I don't give a fsck, I will spend years wading through the entire system if I have too.. Fortunately I have daily backups so I can compare file/directory sizes and find our what the fsck you changed..18:48
SiFuhholy shit...  what are you trying to prove.. I had been a system admin/network security DUDE for 20 years.. This conversation is becoming childish..18:48
john_cephalopodaThere are a lot of attack vectors. A sufficiently motivated person could circumvent most security measures.18:50
john_cephalopodaAnd when you are in, it doesn't matter much, if you can put in a module or not.18:50
SiFuhand an md5sum of every file on a daily backed-up system shows no evedince of tampering?18:50
SiFuhfsck with my system as much as you want, when I compare it from the day(S) before I will know what you did18:51
john_cephalopodaDepends. If you compare the md5 sums by sshing into it, an attacker with root privs could show you false sums.18:52
SiFuhDo you know why I love my line printer?18:53
SiFuhBecause it does the job without hinderance!18:54
john_cephalopodaAs long as the printer queue actually arrives at the printer and isn't so long that one has time to infect the computer and delete the queue.18:54
john_cephalopoda(Before the evidence for infection left the queue)18:55
SiFuhToo late, you logged into my computer and gave away yourself, and my printer printed it...18:55
SiFuhthat is the beauty of hard-copies18:55
john_cephalopodaWhen I do a small DDOS, the queue will be full of DDOS messages, but if I am quick enough, I can compromise your system, delete the printer queue on the computer and then let the log-to-printer program do anything I want.18:56
SiFuhIt is a line printer18:56
john_cephalopodaA line printer can't print 10000 lines in a second.18:56
SiFuhit prints as the text arrives  character by character18:57
john_cephalopodaIt needs to have a queue.18:57
SiFuhno it is a line printer18:57
john_cephalopodaHow do you log 10000 requests per second with a line printer?18:57
SiFuhit prints as the message is being typed18:57
SiFuhare you trying to drop my server or access it?18:58
john_cephalopodaI want to send so much to your line printer, so it queues somewhere and I can kill the queue or computer before the log message of the malicious compromise is printed.18:59
SiFuhIf i remember correclty we were talking about accessing my computer and loading modules into my kernel..18:59
john_cephalopodaIt doesn't matter if I can load modules into your kernel or not. When I DOS your printer, I got a short timeframe to do whatever I want. With or without modules.19:00
*** tsaop has quit IRC19:00
SiFuhline printers print character by character, I am not sure how much is needed to overload it, but I am sure a 32 bit data stream will be delayed but a modern PC could handle it.19:01
john_cephalopodaIf the delay is long enough, I can kill the computer before it logs my compromising access.19:01
john_cephalopodalogs -> sends to the printer19:01
SiFuhkill me19:01
john_cephalopodaIt would be a massive attack. Very complex and would probably take months of preparation.19:01
SiFuhSiFuh> If i remember correclty we were talking about accessing my computer and loading modules into my kernel..19:01
SiFuhjohn_cephalopoda: oh  how many months?19:02
SiFuhI want to leave and back to Asia in March.19:02
john_cephalopodaSiFuh: Idk, not really interested in the practical aspects.19:02
john_cephalopodaWhen just accessing it somehow, logs would either catch both the module loading and the kernel compromising, or catch neither.19:03
SiFuhAnyways, we were talking about modules not DDOS or DOS19:03
john_cephalopodaDDOS and DOS was just to mask the compromising of the system.19:03
SiFuhgood night sir19:04
john_cephalopodaLet's assume your printer just logs everything infinitely fast. Then module loading and kernel overwriting etc. would both be logged.19:04
SiFuhsee you tomorrow19:04
john_cephalopodaIt would make no difference.19:04
john_cephalopodaSee you. :)19:04
SiFuhI have something special, called a buffer19:05
SiFuh:-P  night night19:05
john_cephalopodaSiFuh: which is accessible by a root user19:05
john_cephalopodaWell, anyway, night :þ19:05
john_cephalopodaNice stuff :D19:10
pedjasomeone sent LevelTechs guys some Scandinavian candy. they say it tastes like 'salt and sadness' :)19:11
frinnsthaha wtf "The name was taken from the American slang for the Japanese during World War II"19:17
frinnstjapp = yep or yeah19:17
frinnstdunder salt is epic19:18
frinnstI can eat a kilo of Zoo without trouble19:19
frinnst <319:22
pedja'ammonium chloride flavored candy' :)19:25
frinnstI have a big lump of ammonium chloride for soldering. I sometimes lick it :(19:25
tilmanWTF am i reading19:26
pedjatilman, that's what I said when I read a book on statistics :)19:27
pedjaor end up at Wolfram Alpha
pedjawhat's with all the asterisks in review section? lots of swearing going on?19:36
frinnstyou cant review tobacco products19:36
frinnstso anything positive or negative is "censored"19:36
pedjais this rolling tobacco?
frinnstto roll your own ciggarettes19:41
pedjaI roll my own for more than 5 years now19:47
pedjamaybe even longer19:48
john_cephalopodaI once told wolframalpha to solve a very complex formula for homework late at night. Related searches: "Lethal dose of caffeine" :þ19:50
jaegerI'm not a fan of using footprints on source-based distros19:53
jaegerI would like to know if the footprint changed between builds or versions but I don't want to use it as a blocker, usually19:53
jaegerIn my pkgutils rewrite that hasn't gotten far at all I was going to show differences but not enforce or stop on them19:56
*** Lukc has quit IRC20:08
*** Lukc has joined #crux20:15
*** Lukc_ has joined #crux20:20
*** Lukc has quit IRC20:20
*** Lukc has joined #crux20:25
*** Lukc_ has quit IRC20:25
cruxbot[contrib.git/3.3]: postgresql: 9.6.4 -> 10.020:28
*** SiFuh has quit IRC20:42
*** SiFuh has joined #crux20:43
john_cephalopodajaeger: When I build packages manually, footprints tell me if I forgot to invoke fakeroot. Also they can be disabled easily, which I do for NEW files.20:49
jaegerI know how they work... just stating my preference21:05
jaegercertainly not everyone will share that opinion21:10
*** cippp has quit IRC21:26
pedja'PKGMK_IGNORE_NEW=yes' should be the default, imho21:38
john_cephalopodaYes, that would make sense.21:39
pedjaMISSING ones can be annoying, when I don't agree with the maintainers choice of dependencies :)21:42
pedjabut I am guilty of that myself, so21:42
john_cephalopodaReminds me, last time I had MISSING, it was because sysup doesn't check for new dependencies.21:45
pedjaI can see the reasoning behind making footprint mismatches non-fatal, they are rare on a properly run system21:45
pedjabut I have a lot of crap accumulated over the years, so they are handy to me21:46
pedjajohn_cephalopoda, yeah, that's an ongoing project, to add a prt-get depupdate21:47
pedjapatches welcome :)21:47
john_cephalopodaI once tried to put something like that into prt-get. Didn't work. :þ21:48
john_cephalopodaIt's quite complex.21:48
john_cephalopodaNot the problem itself, but how to implement it on top of the current code base.21:48
jaegeryeah, I was writing mine from scratch in c rather than using the existing c++ codebase21:59
john_cephalopodaThe codebase was C++? Didn't notice :þ22:11
jaegerpkgutils in this case, I don't think I've looked at prt-get22:12
pedjapdf rendering is completely broken in qpdfview after freetype update. grrr22:40
john_cephalopodapedja: Try mupdf?22:42
*** john_cephalopoda has left #crux ("Trees can see into your soul.")22:42
pedjamupdf works fine. hm. wtf22:44
pedjaI rebuilt poppler, poppler-qt5 and qpdfview, no change, font hinting is up to 11, for some reason22:46
frinnst15:49 <pedja> frinnst, have you tried freetype-2.8.1 yet?22:47
frinnst15:50 <pedja> it ships with a new font optimization, I guess, engine22:47
frinnst15:51 <pedja> not that I see any difference :)22:47
pedjanot lies, there were no differences with the apps I used :)22:48
pedjauntil now22:48
pedjathere is always one app to mess up, isn't it?22:51
*** xcko has joined #crux22:52
xcko404 url for xclip port in contrib22:52
frinnstxcko: thanks, fixing now22:58
xckono prob. thanks for the quick fix23:00
cruxbot[contrib.git/3.3]: xclip: fixed source url23:01
jaegerdeath to the packager field!23:01
xckofrinnst: perfect, thanks23:02
pedjabtw, poppler is at 0.60.1, two tiny fixes23:06
*** onodera has quit IRC23:10
xckoI've got some ports, but a major package in them fails to run when installed. Should I still request them to be added to the portsdb or try and fix then add?23:15
*** p4cman has quit IRC23:46

Generated by 2.14.0 by Marius Gedminas - find it at!