libera/#devuan/ Monday, 2020-11-30

Xenguyonefang: I used shorewall for some years, and thought it was quite well done (except for whenever they released a new version, you had to adjust the config every time)00:43
XenguyI'm not sure you're going to get something as good as shorewall for nftables so soon.  If you find something, I'd be interested in hearing about it.  I wonder if the shorewall devs have any plans to migrate over to nftables?00:44
ShorTieever try SmoothWall  ??01:16
XenguyShorTie: Heard of it, but never tried it01:19
ShorTieit's the original and the best, imho01:44
tuxd3vI am searching for a good firewall for arm64, the majority of firewall software exists for amd64/i386, but for arm64 doesn't know anny..02:15
tuxd3veventually I will go with iptables, but as onefang said, maybe best to advance for nftables..02:16
clorthi tuxd3v02:26
clortopen source frontends should compile on arm02:27
tuxd3vclort, hello02:27
clortnftables still put the hurt on me.02:27
clorti still don't have my nftables box handling the packet forwarding to usb network02:28
clorti only have so much energy.  people breaking sh*t on my OS pisses me off now.02:28
tuxd3vI wanted it for an appliance, to run on nanoPI R2S :)02:29
tuxd3vif I found anny, I know that pfsense, seems to support arm/arm64, but they are freebsd based, I wanted one linux based :)02:30
clorthm if you find one for stupid bears like me02:31
clortwhere i can point-click 'share network interface'02:31
clortthat would be nice02:31
rrqtuxd3v: check with "apt-cache search firewall" ... there are a fair few though I do't know if they fit your "good" list02:32
rrqI liked the name ipkungfu but have no idea what it is :)02:33
clortit's iptables-based.  devuan forces nftables on me02:34
clortbad devuan. no biscuit.02:34
tuxd3vrrq that seems a option indeed :)02:35
rrqI think iptables "API" remain available over the nftables backend02:35
clortit's broken02:36
clortiptables -L  broken02:36
clortah ok wait maybe it's my stupid kernel from nvidia that's broken02:36
clortyes sorry my bad02:37
clortanybody here want to make a linux .dts for nvidia jetson nano?02:37
tuxd3vclort, that board should be in devuan indeed.. if I got one, I would make a img for it :)02:38
clortare you in europe tuxd3v ?02:38
tuxd3vrrq, shorewall seems also available, but I never used it don't know, what it is :)02:39
clorthah prices for jetson nano have gone up02:39
tuxd3vclort, yes I am02:39
clorti don't see myself able to afford sending you one sorry02:39
tuxd3venclosured in a house in emergency state due to covid :/02:40
clortdue to politicians02:40
clortoh there's a 2GB version for 74 euro on amazon02:40
rrqtuxd3v: I believe ufw is fairly commonly used02:40
tuxd3vrrq: I use it on desktop, but I wanted one like an apliance to run headless02:42
rrqI'm doing naked iptables myself so I can't vouch for any ...02:42
XenguyWhen I needed a 'real firewall', I used shorewall, but now that I don't really need to be opening ports or doing anything fancy, I've found that 'ufw' is super simple to setup...02:43
XenguyDefault is just deny outside, allow inside, so makes a good default firewall setup with a minimum of effort.02:43
XenguyI'm sure it could scale a bit too, but not sure how far, or how easily02:44
tuxd3vyeah, I loved iptables( and still do ), and I have done already some things with it, so its a option for me, I already have all rules, for a vpn to work, now I need to adjust a bit, for incomming traffic02:45
tuxd3vbut if I find a good software that I can manage via web/ethernet, that supports also vpn, maybe I will give it a try instead.. :)02:46
tuxd3vclort, yea i have the idea jetson nano have a higher price now03:00
clortthe khadas Vim3 will be nice when panfrost just works03:01
tuxd3vhave you tried to do a devuan img with your jetson nano?03:01
clorti did live conversion03:01
clortbut nvidia's kernel sucks. it sucks.  no cdrom support etc03:01
clortno iptables03:01
tuxd3vyeah, its better to compile your own kernel for it :)03:02
clortyeah idk if i lose the openGL though03:09
tuxd3vidk how the graphics stack works for jetison nano03:15
tuxd3von normal computers you need the kernel headers, and dkms, to be able to install the nvidia drivers03:15
tuxd3vbut idk how it works on nano :/03:16
Guest21does neofetch just bring up the debian logo05:35
brocashelmit did for me when i first installed devuan, but after major updates, it corrected05:39
brocashelmthere should be a file in /etc you can edit to point to devuan IIRC05:40
brocashelmwhat its faq writes: "When Neofetch detects a Linux distro it first looks for the lsb_release command before searching for the /etc/os-release file. Since some downstream distros mostly utilize their upstream distro's repositories they'll include the upstream distro's version of lsb_release. The prominent case is with Antergos and Arch with lsb_release installed, Antergos will be detected as "Arch" instead."05:42
Guest21interesting05:43
Xenguyneofetch brings up devuan ascii art here, on Ascii06:10
onefangXenguy: (who isn't here, but for others that are interested as well) Shorewall developer is 71 and wont be adding nftables support coz it too much work.08:46
onefangShorTie: Smoothwall isn't available in Beowulf package repo.  Isn't it where Shorewall came from?08:47
systemdleteonefang:  I'm using openwrt, which has been pretty good so far.  Works on x86 machines also, including VM's.09:01
onefangThat would be in a separate box, not an in place firewall?09:02
systemdleteI did evaluation on a few firewall projects.  smoothwall, endian, zeroshell.09:02
systemdletein place?  You mean a server running in a general-purpose box?09:02
systemdleteopenwrt runs in 256m or less.  There is a claim it can be run in 64m.09:03
onefangI need it for my desktop, and my remote server.  So needs to run directly on the remote server.09:03
systemdleteIt's just an option, onefang.  You will decide what is best.  For "in-place" (if I'm understanding you), I use ufw/gufw, which works well enough for most purposes.09:04
systemdletegufw doesn't do everything, but if you are willing to hack at ufw, I think it can address most things.09:04
systemdleteI'm not expert with ufw or openwrt though.  Just been using them for some time.09:04
onefangufw looks to be iptables only.  I used to use it looong ago, before switching to Shorewall.09:05
systemdleteOne problem I encountered with smoothwall is the fact it is not well-supported.  They don't come out with many updates, and support is sketchy.09:05
systemdletenice interface, though.09:06
systemdlete(I'm referring to smoothwall appliance though, not the type of install you want)09:07
systemdleteopenwrt support has been very good, btw.09:07
systemdletedid you check backports also, onefang?09:08
systemdleteSometimes I miss those.09:08
onefangYes, I'm running a backports kernel.09:09
systemdleteI mean, is there a shorewall package in backports?  (I haven't checked)09:09
onefangNope.09:10
onefangBut as I said, Shorewall isn't likely to move to nftables, and I think it's time I did move to nftables.09:10
systemdleteWell, I ran into an interesting bit of bad luck.  A starlinux (essentially, beowulf) VM desktop froze, though I could get console and switch back and forth.  The error messages I saw were something to do with "crtc disable failed" -- this was after being "away" from the VM for a bit -- I was working in the host and other VM's.  Had to do a reset on the VM.  All seems OK now, but that was odd.09:12
onefangScreenblanker tried to kick in and failed maybe?  Just a wild guess.09:13
systemdleteWell, it *is* vbox, after all.  I'm seeing more and more problems in the latest releases.09:13
systemdleteIt has plenty of memory and disk.  So I'm not sure what was wrong.09:14
systemdleteAh, well this is interesting.  I had not noticed this previously.  On Nov 28 (2 days ago), that VM had hard disk errors.  I wonder if that might have been a USB drive I mounted that day... can't recall now.09:16
systemdleteonefang:  firewalld maybe?09:32
systemdlete(I've not used it)09:32
onefangI mentioned above that firewalld seems to be what Debian is recommending.  It's use of dbus might be an issue.09:33
systemdleteah I see.09:34
ShorTieonefang, no package, it's a LFS build10:48
ShorTieand i'm sure if you search shorewall sources you will find some SmoothWall in it10:49
ShorTieeven ipfire has some10:50
onefangI'm trying to avoid too much stuff that needs to be tracked outside of simple apt update & apt upgrade.  There's sure to be perfectly adequate firewall software in Devuan Beowulf apt repos.11:43
masononefang: A straight iptables script driven from /etc/network/interfaces would work well and meet that criteria.15:26
KREYREENI have debian in VM that has VGA on PCI 00:00.0, but i can't use it in e.g. `DRI_PRIME=1 supertuxkart` and #debian is band of retards that doesn't want to help me because xen >.>19:38
* KREYREEN wants to change it on devuan, but he can't do that now as QubesOS is using systemd atm >.>19:38
KREYREEN#debian helped after all.. so far resolved20:12
KREYREEN^-^20:12
unixbsdhello is there maybe any FTP to download devuan DVD ascii i386? e.g.    ncftp   ftp.devuan.org  ?22:29
unixbsd(bit like netbsd or BSDs).22:29
gnarfacesome of the mirrors that were also mirroring other things already might have ftp still, if debian didn't deprecated it officially yet (but i seem to recall they did)22:30
gnarfaceafaik none of the devuan infrastructure has ftp ports open at all22:30
gnarfacei recommend wget or curl22:30
gnarfaceor lynx, if you're desperate22:30
unixbsdI prefer ncftp, it compiles from source, and it works on all platform.s22:30
unixbsdwget needs pkg installer.22:31
gnarfacehmm22:31
gnarfacewell if you know HTTP and are a little clever you can get it with netcat22:31
phoggor telnet22:31
unixbsdlynx has dump indeed and it compiles well with termcap22:31
unixbsdreally, I didnt know that netcat would help there.22:32
unixbsdnice sockets ;)22:32
gnarfaceHTTP is just a lot better thought out than FTP22:32
gnarfaceit's way easier to work with22:32
unixbsdwell, actually you would just use my code to FTP to get it might work. ..22:32
phoggabout 20 years better22:32
DHEnetcat would be sufficient to download all by itself22:32
unixbsd telnet-client.c  http://termbin.com/oxtt   (just clang and it works).22:33
unixbsdnc and netcat is in all BSD and linux, except ubuntu maybe22:33
gnarfacesome of the primary load concerns about HTTP over FTP aren't measurably relevant anymore after processors got > 500MHz22:33
gnarfaceso the security concerns introduced by the dual-port communication model just came under fire22:34
gnarfaceand people started throwing it overboard because they'd been using their web browser as their primary FTP client anyway22:34
gnarface(and uploading over ssh/scp)22:35
gnarfacebut i'm sure there's a compilation of netcat examples out there that includes using it for both a http client and http server22:36
unixbsdwell, still... FTP is the oldest protocol. it is the best ever. Hence ftp.devuan.org would be great idea. like Unix ;) real one.22:36
MinceRwhy not UUCP?22:36
unixbsdI wonder why people havent discoverd FTP yet.22:37
Wonkawhat for?22:37
Wonkaname anything that's worse with HTTP22:37
gnarfacebecause you can use ssh for sftp instead22:37
unixbsdThere are all striving and sweating to copy a file on Windows, while a raspberry pi zero can offer FTP, samba, and all stuffs without having to use a dropbox or evilish google/microsoft drive.22:38
WonkaPeople need to acknowledge that FTP's time is over.22:38
WonkaSFTP works.22:38
phoggunixbsd: have you read the FTP RFC? It is not the best.22:38
gnarfacealright, well this is drifting into editorializing, which is offtopic22:38
onefanghttps://www.devuan.org/get-devuan lists plenty of FTP mirrors for the ISOs, and https://pkgmaster.devuan.org/mirror_list.txt lists plenty of package mirrors that support FTP.22:38
golinuxThere are ftp mirrors listed on the download page of devuan.org22:38
unixbsdFTP is basically too old, way too old. The good reason is sufficient to use a dropbox ;)22:38
WonkaIf you need to mount storage as a Windows drive, use WebDAV over HTTPS.22:38
unixbsdhaha -.. no seriously, I use FTP. Not even ssl.22:39
golinuxThere are 11 of them so take your pick.22:39
golinuxunixbsd: ^^^22:39
WonkaPASV my ass, just use HTTPS!22:40
golinuxonefang: Do we have a mind meld going on?22:40
unixbsdI prefer FTP on secured sites. SSL is overkill a bit for a file, that anyhow will be MD5sum ;)!22:40
fsmithredsha256sum22:41
Wonkamd5sum is an invitation to inject malware22:42
fsmithredalso won't tell you anything useful about our isos.22:43
onefangIf FTP is too old, then TCP/IP is also too old, we need to create Devuan mirrors that use the more modern Mind Meld Protocol.  B-)22:43
fsmithredstart saving tin cans and string22:44
unixbsdnice shinning modern things are overkill, usually. FTP + md5 is fair enough and secured enough.22:45
unixbsdOn Ubuntu, the DVD are EFI, and it seems that they focus on secured boots, (U)EFI. Shall it be similar in next devuan releases?22:59
jonadabftp is fine for downloading public data, like open-source software and such.23:00
jonadabUnless you're in China, in which case you have to use a VPN anyway.23:00
unixbsdreally, chinese gov do that? man, china != human rights.23:00
jonadabFor private data, you use scp.23:00
jonadabunixbsd: In practice, pretty much any site you can name is probably blocked in China.23:01
jonadabThough I suppose ftp sites are more likely to not be blocked, than http ones.23:01
unixbsdI heard that google is banned up there in china.23:01
fsmithredsecure boot should be working in beowulf23:01
golinuxGetting reall offtopic folks23:01
unixbsdI am still at Legacy, I dont need uefi. I am proud to run Netbsd 9.0 on AMD-K6 with 64MB with X11, could linux offer that (debian: -nope)?  here an amd-k6 running modern advanced, stuffs: https://postimg.cc/xqJyfCbT       Of course, it would be great that devuan had still amd-k6 or more archs.23:04
unixbsd(gallery : https://postimg.cc/gallery/MS7whZ0 ) I guess ascii would eventually work maybe on it.23:05
fsmithred686 should work on k623:06
ErRandirI still have an AMD-K6 somewhere in the house. Hasn't been booted in a while, the clock crystal is unstable.23:06
unixbsdit can be used as a perfect router or for simple eboard chess or classic gtk games for kids.;) xpenguins and stuffs23:06
ErRandirI'll probably be doing a new Devian install soon. Normally I would do a network install, but this one will be behind a firewall. Does that mean I have to use all the CD ISOs?23:07
ErRandirs/Devian/Devuan/23:08
qaluHdevian?23:08
unixbsdif you have apache you can debootstrap from your server mounted dvd.23:08
unixbsdIn case you use local dvd, mount /cdrom and run :23:08
gnarfaceErRandir: no, netinstall should still work unless the firewall is misconfigured23:08
unixbsd   PKG='wpasupplicant,netbase,ssh,login,passwd,less,gcc,make' ; debootstrap   --no-check-gpg  --include=$PKG --arch amd64 ascii  .    file:///media/cdrom23:09
unixbsd(for more reading, I have a bunch of installation craps like that for bsd and devuan here: https://termbin.com/qy11 )23:09
qaluHwhat is devian?23:10
unixbsd*u23:10
gnarfaceErRandir: the netinstall should only need to be allowed outbound DNS and HTTP requests23:10
ErRandirok, so those are 2 options I can try. Thanks!23:11
qaluHalways minimal23:13
ErRandirI will try to use Beowulf. I'm still on ASCII on my other machines.23:14
qaluHapt will fix all dependecies23:14
unixbsdDepends the hardware, I see that ubuntu is at kernel 5.8. man, that's quite evolved kernels.23:14
miskatonici prefer old kernels for my old hardware23:16
unixbsdreally, why?23:16
unixbsdfaster?23:16
miskatonicfaster to start23:16
qaluHwhy??23:17
gnarface> #devuan-offtopic23:17
qaluHits only the kernel, why should the kernel be slower in a higher state?23:17
unixbsdthe kernel uses more memory, looks modern stable debian. forget a low mem specs. it is no longer supported by debian.23:20
qaluHlol23:21
aitor_hi23:51

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!