libera/#devuan/ Wednesday, 2018-12-05

dsknbhello07:30
dsknbsudo apt full-upgrade it occurred error (FATAL ERROR)07:32
fhuser59__hello08:32
amarsh04solved my KDE plasma issue - reinstalled package "plasma-workspace" and then not running prelink on its binaries09:09
furrymcgeeapt install vsftpd in a schroot fails to start the service: invoke-rc.d: could not determine current runlevel11:12
r3bootyep, that's correct11:12
r3bootTry installing it outside of chroot, or bind-mount the directories containing your runlevel info into your chroot11:13
furrymcgeeno its fine to do manually service start command after install, just curious because I expected schroot to do this11:28
r3bootOh check. yeah, You could try to bindmount /var/run into the chroot and get it working that way, but if it works manually as well, that's fine11:30
furrymcgeeyes thank you11:31
furrymcgeerunlevel is "N 2" after apt purge --yes --allow-remove-essential sysvinit-core && apt install runit-init/testing12:34
devoid_why hasnt libsystemd been eradicated yet13:23
devoid_i know of at least 1 (one) person who is extremely bothered by this13:23
r3bootjust out of curiosity, whats the problem with libsystemd?13:23
devoid_i dont know13:29
r3bootwhy should it be eradicated then?13:29
devoid_i dont know13:29
devoid_but ill ask him when he gets back from afk13:30
r3bootok, that's fair13:30
devoid_=)13:30
r3bootI really wonder how libsystemd got into devuan at all tbh, this being the non-systemd distro13:30
gnarfaceit's just the runtime libraries13:37
gnarfacethey're harmless (probably)13:37
gnarfacesystemd itself isn't there13:37
gnarfacethat's a different package from libsystemd13:37
r3bootyeah, I know, hence I was wondering how it got into devuan :)13:37
r3bootI assume it's because it's required b/c some dependency that came along from debian jessie, but I'd love to know the background on that13:38
gnarfaceit's because those packages were already built that way13:38
gnarfacemost the packages in devuan haven't been altered from debian13:38
gnarfaceit would be a lot more work to actually edit and rebuild all the packages13:39
gnarfaceand they would do it if they had the man power13:40
r3bootyeah, I expected that. Same thing that elogind exists nowadays; Lots of apps have become dependent on SD api's, and if devuan doesnt support those api's, it needs an alternative13:40
r3bootand alternatives are expensive if you need to write + maintain them13:41
gnu_srsr3boot: Maybe the problems will be solved so that libsystemd can be replaced with libelogind. Work is ongoing in that direction :)14:12
r3bootyeah, following that somewhat closely :)14:13
r3bootDevuan has, so far, been the only serious distro that actually tries to live w/o systemd. And in doing so, it'll need to either maintain a bunch of forks (for, say, gnome), or rewrite the functionality (elogind). Its good to see that the elogind path has been chosen, but I do wonder about long-term maintenance, especially if the rest of the Linux/GNU FLOSS world has moved beyond sysv init14:17
r3boot(note, gentoo does that as well, but I dont see that as a general-purpose distro)14:17
system16hi14:18
system16should i DDoS my sftp server ? i want to see if my firewall settings are working or not14:19
system16using loic14:19
system16low orbit ion cannon14:19
r3bootdont14:19
system16why14:19
r3bootbecause you are not going to test your firewall ruleset using loic, AND you will trigger a lot of IDS alerts in doing so14:19
r3bootBetter to use nmap14:19
system16nmap ?14:20
r3bootnmap -sT -vv -p1-6553514:20
r3bootyes, a portscanner14:20
system16a port scanner ?14:20
r3bootyes, a tool which systematically attempts to open up all ports on a given computer system to see if something is listening on that port14:20
system16(i just want to see its reaction to a ddos attack)14:20
r3bootyour host will go offline, or your network will go offline, or nothing will happen at all14:21
r3bootdont test firewalls using a DoS tool, that's just wrong :)14:21
system16a reboot fixes them right ?14:21
r3bootyou dont even need to reboot14:21
r3bootjust stop DoS'ing14:21
* MinceR reboots the universe14:21
system16my server is OFF right now . what would happen if i ddos my public IP ?14:22
r3bootsystem16: seriously, if you cant make the distinction between a DoS tool and a portscanner, maybe you need to learn a thing or two about network security before you attempt to validate the security of your network (nofi, just some wise words)14:22
r3bootdo not ddos your public ip!14:22
r3bootyou have a chance of getting caught / getting into trouble14:22
system16o k o k14:22
system16oh14:22
r3boot(not if you do it on your local lan tho)14:22
system16by my isp ?14:22
r3bootcould be, yeah, or some isp in between14:23
r3bootbut really, read up about network security first14:23
system16port 22 is open14:23
r3bootyep, that's ssh14:23
system16338914:23
system16remote desktop14:23
r3bootsftp is a protocol that runs over ssh14:23
system16ik14:23
errandir1In case of a ddos attach you network card or the linux IP stack should drop the packets. If you have enough CPUs your system should still function14:24
system16so technically nothing serious would happen if someone ddoses me right ?14:25
system16https://pentest-tools.com/network-vulnerability-scanning/tcp-port-scanner-online-nmap14:25
system16im using that14:25
errandir1depends on your expectations and the number of CPUs in your system...14:26
r3booterrandir1: yeah, but there is a chance that your kernel will consume all cores just processing + dropping the packets14:26
system16it did nothing14:26
errandir1r3boot: yes it will consume a number of cores14:27
system16what should i look for ?14:27
r3bootalso depends on the age of your cpu tho, and the type of nics, the amount of offloading features, and how fast the DoS is coming in. If your 1GE nic is saturated with 10GE of traffic, nothing will come through at all14:28
system16cmd does not have nmap right ?14:28
system16nope14:28
r3bootI'm running an old colo (dl380g4, debian squeeze, dont ask), which used to run a public ntp server, and I had to pull that offline b/c reflection attacks taking my colo offline14:29
r3bootsystem16: cmd sounds like windows14:29
system16well my server runs linux ( but i have a ton of linux VMs)14:29
r3bootthen nmap from your server ;)14:29
r3bootwindows does not come with nmap by default iig14:29
r3bootbut you can install it, no problem14:30
system16let me try termux14:30
system16of course. an error my luck is AWESOME14:32
system16cannot link executable "nmap"14:32
system16i guess my only way is to power the server14:32
r3bootno14:33
r3bootyou need to install nmap, and make sure it is in PATH14:33
r3bootapt-get install nmap ; nmap -sT <blah>14:33
system16its pkg but OK14:34
system16server is b00ting14:34
system16is root needed ?14:35
system16(im on my server)14:36
gnarfacedepends on options14:36
gnarfacei'm sure it will tell you14:36
system16i ran apt install nmap14:36
system16(its not installed)14:37
gnarfaceoh, root is needed for that14:37
gnarfacebut root isn't always needed to run nmap, it depends on the options you pass to it14:37
system16nmap -sT -vv -p1-65535 <<where should i type the host name ?14:38
system16after nmap ?14:38
gnarfaceat the end14:38
system16ok14:38
system16some open ports14:39
system1622 and 21 is expected14:39
system16but 7547 is open14:39
system165225214:39
system16and thats it14:40
system16(443 and etc are open but they are normal)14:40
system16so are those 2 ports normal (its says they are unknown )14:42
gnarfacegoogle search suggests 52252 is your apple Xsan and 7547 is a backdoor your ISP put there to patch yoru router firmware14:42
system16but i replaced my isp provided router14:42
system162 months ago14:42
system16(i bought my own)14:43
gnarfacei think the way that portscan was run it's possible you could have caught outbound traffic ports being opened for other programs you're running (dns queries)14:43
gnarfaceso they could also be false positives14:43
gnarfaceunless they're still there when you run it a second time... then you should probably see what process owns them14:43
system16i also ran nmap (my Ip)14:43
system16those 2 ports are gone14:43
gnarfacewithout the -p parameter, it will only scan the first 1024 ports14:44
system16well i have a lot of devices connect to the router right now14:44
gnarfacedo you know about wireshark?14:45
system16https://www.whatismyip.com/port-scanner/ reports taht port 52252 is closed hmmm14:46
system16yes14:46
system16scam-baiters use that alot14:46
gnarfacewireshark might be useful too, or even just tcpdump, so you can see what is passing traffic14:46
system16to find out scammers location and IP14:46
system16so i guess my network is safe ?14:48
gnarfaceseems that way from what you've said14:49
gnarfaceyou probably shouldn't be using ftp really though14:49
system16sftp*14:49
gnarfaceno, if it was sftp it wouldn't be open on port 2114:50
gnarfacethat's not good14:50
system16port 22 and 21 are open14:50
system16so i should probably close port 2114:50
system16oops14:50
gnarfaceall you need is 22 unless you also want to provide regular unencrypted ftp14:50
gnarfaceopenssh-server should have built-in sftp by default now14:51
djphgnarface: it's been builtin for ~ages~14:51
gnarfacedjph: yes, but despite that it's paradoxically rare knowledge14:52
r3bootgnarface: technically, you have implicit-ftps, which does encryption on tcp/21, but I guess that's a bit out of scope for this discussion ;P14:53
djphyup.  I had one issue (different channel) where the guy was complaining ftp/ssl was difficult to configure, and was getting super mad at people for saying "guy, sftp://servernamehere"14:53
system16wow dlinks UI is so confusing14:53
r3bootdjph: I 'officially' support a 2500 user ftp+ftps cluster, I feel your pain :P14:54
system16there are 3 things for 1 thing wow virtual server and application rules >> they all do the samething as "port forwarding" section14:54
system16according to its help14:55
system16i managed to disable port 21 (inbound filter)14:56
r3bootbetter to disable the ftp server that's running on that port as well14:57
system16there is no ftp server14:57
r3bootis tcp/21 open?14:57
system16i never used ftp in my life14:57
djphr3boot: thankfully, this was just on the #linux or #networking channels14:57
system16well nmap says its still open14:57
system16but other websites say its closed14:58
r3bootsystem16: then you *are* running an ftp server, or something else which masquerades as a ftp server14:58
djph$5 says it's the dlink box itself, and/or the ISP's device.14:58
r3bootyour router is probably not portforwarding tcp/21 to your server, which is why it returns as 'closed'14:58
r3bootbut you want multiple layers of defense14:58
r3boot(so both a block on tcp/21 AND not running anything on tcp/21)14:59
r3bootthat way, if you (accidentaly or on purpose) disable your firewall, ftp will not be accessible. Nor will it be accessible if you (accidently) run a ftp server14:59
djphyou can "accidentally" install vsftp these days?15:00
r3bootif someone w/o a clue of what the difference is between ftp, ftps and sftp, there is a big chance it will happen :P15:00
r3boot'hey, I need an ftp server.. Look at all these confusing howto's? I just installed vsftpd, but sftp <myhost> does not work?? Oh, I need to enable sftp server in sshd_config'15:01
system16nah i do know the difference. SSH ftp = sftp15:02
djphr3boot: pretty sure sshd_config ships with sftp enabled ... and has since at least old-old-old stable15:02
system16its safer15:02
system16cuz it uses ssh15:02
system16and ssh is *mostly* safe15:02
r3bootright :)15:02
r3bootdjph: yeah, I get that. Just trying to explain a situation that I see *very* often over the past 10 yrs of beginner support15:03
djphr3boot: yeah, 10 years is a long time though15:03
djph... tbh, i'm getting tired of "beginners" ---> "Why doesn't this work like Windows?!"  "because it's not" "But I want it to work like windows" "so use windows"  "but I don't want to use windows" "so stop whining already..."15:04
system16guys i think i cant do anything else other than denying inbound filter15:05
system16stupid router15:05
r3bootdjph: I had the 'tired of lusers' phase some years ago, and I'm trying to get back on track. The satisfaction overwins the amount of end-user drama, if you dont let it get to you that often, imho :)15:06
djphr3boot: it's why I tend to /ignore rather quickly these days ... and Usenet15:06
r3bootsystem16: if you really want to get fancy, replace the default route on your linux box with a default route pointing to a blackhole interface, and add host routes for the source ip's that you use to access your box ;)15:07
system16brain.deb is not responding15:07
r3bootEg, ip route del 0.0.0.0/0 ; ip route add 0.0.0.0/0 via lo ; ip route add <your external ip address of another host>/32 via <ip address of gateway>15:07
r3bootyeah, then dont do that :)15:07
system16every port scanning site that i tried says its closed15:07
system16i think its good enough15:08
r3bootbut it's way more secure then just a firewall, since your box will simply not route packets to a box which you havent explicitly configured a hostroute for15:08
gnarfacesystem16: keep in mind the view from inside the router will be different than outside, and the router will have it's own firewall settings that need to be checked15:09
gnarface(probably)15:09
system16yes hence the name "inbound filter"15:09
r3bootwhat do you think 'inbound filter' means in this context?15:09
r3bootdjph: and yep, /ignore for ppl that really dont want to learn or are too stubborn to learn :P15:10
system16denies access to port XXXX on wan15:10
r3boot*BZZT* wrong :)15:10
r3boota network interface has two directions15:10
r3bootinbound, from the network to the device15:10
r3bootand outbound, from the device to the network15:10
djphand local!15:11
r3boot(and under linux, foward, for packets that enter one interface and exit another)15:11
system16r3boot, i meant that ^^15:11
r3bootso an inbound filter implies a ruleset for packets coming FROM the network TO a device :)15:11
r3bootah, check :)15:11
system16thats what i meant15:11
r3bootsystem16: you would really help yourself if you learn a bit about networking btw :)15:11
system16i enabled 21 again. still does nothing :)15:12
r3bootLots of questions you asked could be trivially answered if you know networking basics15:12
system16im still learning15:13
system16server is not responding on port 2115:13
system16see i told ya. that server wont do anything on port 2115:14
r3boot:)15:15
r3bootyeah, I know system16 :) Just trying to teach you how to fish :)15:15
system16am i the only one that is afraid of fstab ?15:17
system16i actually put a command in rc.local that mounts the external drive on startup15:17
djphuh, why?15:17
r3bootwhy are you afraid of fstab?15:17
djph^15:17
system16because15:17
djphfstab is the right way to do it ...15:18
system16if i mess it up15:18
system16it wont boot15:18
r3bootit's a tab/whitespace delimited file, and you can test it w/o rebooting15:18
djph^15:18
djphmount -a15:18
r3bootso add your entry, try to mount, and only if that works, reboot15:18
djph"reading fstab ...."15:18
system16well15:18
system16rc.local works15:18
system16so why bother ?15:18
r3bootbecause you want a working system?15:18
r3bootso ^^ is how you test it w/o rebooting it15:18
system16and i told it to play a MP3 file after that15:19
djphbecause fstab is the *correct* way15:19
system16"hyperdrive initiated"15:19
djphWhy would you want to learn multiplication when you can just add?15:19
system16what if i unplug the drive15:19
r3bootthen you first need to umount it15:19
system16would it still boot normally ?15:20
r3bootdepends15:20
r3bootif you added the 'noauto' flag to the fstab line, it wont be an issue15:20
system16rc.local just runs the command. does not care if it works or not15:20
r3bootsystem16: look, you want to do this correctly, or in a way which 'just works'15:20
r3bootbecause both are possible ;)15:20
r3bootbut you'll wont learn a lot with the 'just works' method15:20
r3bootespecially not how Linux actually works15:21
r3bootI can think of a bunch of other ways to mount that usb disk apart from rc.local, but none of those methods will learn you anything, apart from that stuff is possible(tm) :P15:22
devoid_udev is the worst thing since udev15:23
r3bootwhy?15:23
devoid_it gets device events via netlink15:24
devoid_afaik15:24
r3bootthat's how modern linux networking layers work. Your point is?15:25
devoid_well15:25
r3bootSee also ip and ss15:25
devoid_i know15:25
system16nice fail2ban works... i got banned for 24 hours15:26
devoid_but why send device events over _netlink_?15:26
r3bootbecause you want to be notified about device events?15:26
devoid_seems like such a hack15:26
r3bootpolling (eg) interface status, now that's a hack15:26
devoid_yeah well read from a device file15:26
r3bootpolling, yeah, that's a resource hog ;)15:27
r3boothaving a watcher + event is way more efficient + fast15:27
devoid_just use a blocking read15:27
r3bootmja, event-driven programming is the way to go nowadays15:28
r3bootiig, I dont see why that would make udev so bad15:28
devoid_it annoys me15:28
r3bootI would even see it as an improvement15:28
r3bootahja15:28
devoid_reusing an interface used for configuring networking15:28
devoid_for device events15:29
r3boothttps://en.wikipedia.org/wiki/Netlink15:29
devoid_i really dont like netlink at all to be honest15:29
r3bootits an IPC mechanism, not a configuration interface15:29
r3bootTsja, you could see if you can get an old kernel to run, or switch over to a BSD kernel or so15:30
r3bootbut if you're using linux, netlink is here to stay15:30
devoid_sadly15:30
r3bootTsja, you do have a choice ofc :)15:32
errandir1maybe there are udev alternative that do not use netlink yet, but netlink is the kernel's way forward15:37
devoid_the kernel can call a binary instead i think15:38
r3boot(and if it's not there, just implement your own ;)15:38
devoid_with ueventd15:38
devoid_s15:38
devoid_its somewhere in the config15:38
r3bootTIL ueventd == ported / imported from Android15:39
r3bootwhy not just use the FLOSS implementation instead of an implementation that was written by an advertisement company? :P15:40
silverwillowhey all. Having a bit of a puzzle finding a more recent PHP than 7.0. Am I supposed to get it from a debian repository?17:07
silverwillowoh, running ASCII17:07
djphascii is stable, which means "stuff isn't going to change" -- same as debian stable17:10
silverwillowah. so i need to migrate to ceres... ok. google will provide :)17:12
Juestohow should i safely transition to efi grub from mbr and keeping things in a partition? i also have a uefi fedora already17:43
buZzsilverwillow: isnt it in ascii-backports?18:55
buZzjep, it is18:55
buZzphp/stable,stable 1:7.0+49 all18:55
furrywolf"stable php"...  now there's an oxymoron...18:56
buZzwait18:56
buZzthats not from backports? hmm18:56
silverwillowisn't that still 7.0.xxx?18:56
furrywolfI have never, ever had a php update not break something.18:56
buZzah too me thats new ;)18:56
silverwillowi need > 7.1 for cphalcon18:57
silverwillowor rather for stuff that builds on cphalcon - i've been running around in dependency hell all the bloody day.18:57
buZzsilverwillow: cphalcon says it supports 7.0.x ?18:57
buZzeven 5.x it seems18:57
silverwillowand waddayano.... they tools that supposedly should make it less painfull... npm, bower, etc. they are all BROKEN!!!18:58
silverwillowi really do hate the 'modern web' with a passion18:58
buZz? you need nodejs and golang to compile a C++ lib for php?18:58
buZzsilverwillow: yeah you and me both , i tend to just design new websites in html3 with near zero .js for speed benefits18:59
silverwillowyeah cphalcon itself was easy to build/install... but there's a further dependency for something else... meh - i can't even be bothered to type it all... too fed-up with wasting time with all of this stuff. sorry :(18:59
buZznp18:59
silverwillowanyhow - thanks for taking a pico second of your time to suggest a few things - much appreciated :)19:00
buZzwelcome \o/19:00
silverwillow:)19:00
furrywolfI find these "modern" websites to generally not work, and when they do, to be worse in every way than a non-javascript solution.19:01
furrywolfwitness, for example, USGS's new and improved earthquake site...  that now only works in about two specific browser versions, none of which are for linux or for mobile devices...19:02
furrywolffor 99% of websites, a huge javascript blob does not add anything to the site in any way.19:03
buZzfurrywolf: on the flipside of things19:07
buZzsomeone made ncsa-mosaic compile again on modern linuxes, its nearly the fastest browser i know now19:08
buZz:P19:08
buZzhttps://github.com/alandipert/ncsa-mosaic19:08
furrywolflol19:08
furrywolfI've always used dillo for fast-and-light.19:08
furrywolf(in modern times)19:10
buZz'surf' is nice aswell, from the suckless ppl19:10
devoid_if you can figure out how to use tabbed19:16
devoid_also from the suckless ppl19:17
aggroray20:09
* ttkv used "surf" for a while. it's okay.21:41
ttkvmostly seems like a nice basis on which to develop a real browser .. it's the simplest useful wrapper around WebKit/GTK+21:42
furrywolfbbl, time for work21:53
Juestohow should i safely transition from mbr to efi grub and keeping the configuration plus everything contained in a single partition? i have another distro with efi already21:55
* redrick waves at esr22:51
* redrick is shocked! shocked! to find esr interested in Devuan. (Your winnings, sir.)22:52
James1138lol23:07
James1138ESR... the stuff dreams are made of.23:09

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!