urandom

not even a single flame war...

http://ompldr.org/vOHZibQ

[OT]why can't I edit my post anymore, is there any time limit?[/OT]

forgot to add:

* only root has /sbin and /usr/sbin in its $PATH

* i have a few gigs LUKS encrypted partition for my tentacle hentai sensible data.

@skiller

you may not want to grant access to any user to *anything* with sudo, you can set it up so he can access only specific paths.

good practices WRT ssh are also using AllowUsers so only some of them can get access. you should really consider key authentification also, it is way more secure than password only. in fact in that case, you should disable password auth.

@ukrules

using higher ports does make a difference, port scanners will most likely scan the first 1,000 ports. check your logs and see how many brute force attempts you had on port 22. change to higher ports, all gone.

to allow only specific IPs, you can use hosts.allow instead of archaic scripts

finally, WRT security and FWIW, here are the few things I try to use:

* simple iptables rules (stateful firewall)

* unbound, DNSSEC enabled

* grsec kernel patch (low) when running a stable kernel

* hardened toolchain (relevant if you're using a source based distro)

* using ASCII passwords generated by https://www.grc.com/passwords.htm

* using ssh tunnelling on any hostile networks (i.e. not my network )

* minimal custom kernel with CONFIG_CC_STACKPROTECTOR=y

* privoxy

* as few daemons as possible

thanks guys

just in case, the bfs (and -ck) patches are here: http://ck.kolivas.org/patches/

con's blog is here: http://ck-hack.blogspot.com/

about him: http://en.wikipedia.org/wiki/Con_Kolivas

a good source of information to build your own kernel: http://kernel-seeds.org/

cheers

hey all - turns out i don't have an hdmi cable after all, i have s-video and a rather long svga. @ urandom - since you are doing the presentation tonight, you have vga output? i'm betting on that over s-vid, but i'll bring both just in case.

k

in fact, that's the only video output I have, VGA...

also, as some of you know, I'm in a huge sh1tstorm at work since a few months/weeks and couldn't prepare anything (slides, docs, etc...) for tonight... but I can still do the presentation - in a freestyle fashion - and post the references on the forum after... sorry about that guys, I can do it, no problem, but I wish I could make it more seriously.

sorry for bumping instead of editing but there's a typo in the cpio command and I thought it would be better to bump the thread instead. it should be:

cpio -id < filename

Booting into a usb device has been OK as long as the BIOS has the option and the USB can be placed in the boot order like:

CD

USB

HD

In your case the CD option would be unlisted to save it from timing it out and then it would go to look for a bootable image on the USB before the HD.

Maybe I should have been clearer. As a distro hopper i am well aware of bios boot priorities..However,

there is a rumor in a linux hcat channel that USB-3 booting off an external HD

is problamtic. Most new laptops are now USB-3.

I dont think USB-2 is a problem but I am considering a new laptop and replacing

the dvd drive with a SSD. For dvd use an external.

So my question is..does the usb-3 standard cause any problems for dual booting via external DVD?

Or is the rumor baseless?

isn't it problematic only if the device itself is using USB3.0 (genuine question, I have no idea) ?

you could check if your distro kernel does support USB3.0 by booting the live CD and check if the USB3.0 module is there:

# zgrep -i xhci /proc/config.gz

and see what it returns (not set, y or m)

that's for the kernel, but I guess we should check the initrd as well.

locate it on the install CD and copy it somewhere. change its extension to .gz and decompress it (gunzip filename.gz) then check which modules are included (we're looking for usb_xhci_hcd)

cpio -id filename (the one we just decompressed)

now check the modules and look for the USB3.0 one. if it's there, I guess you should be fine.

disclaimer: I do not have any USB3.0 machine

DNS Spoofing (+ demo)

demo which wasn't really successful as I forgot I had a custom networking daemon script for "outside networks" that triggers additional iptables rules. coke zero only, for me, next time

Now that we have our giant LCD display, we could demo it again, it takes only a few minutes.

Next time we have - hopefully - have a presentation about Gnome 3 and how to build your own Linux kernel (more info later)

I'd be happy to make a short presentation on how to make a custom kernel .config and to build a "desktop oriented" patched kernel (with BFS scheduler or even -ck maybe)

I can't say I'm able to explain each and every option in the kernel config but I've spent a lot of CPU cycles building kernels and it could be fun (but maybe a bit long so hopefully not boring)

cheers

see you guys tonight, late (not too much) as usual...

cheers

what is your filesystem? ext4 does support trim, just add the the discard mount flag and you should be good (.33 or later)

so how is it going with the shiny lappy and linux?

"I feel some disturbance in the Force"

-- a random Soi8 customer at next linux meeting

by the way...

@Crushdepth, here's the SSD I was talking about:

http://www.crucial.com/store/partspecs.aspx?IMODULE=CTFDDAC128MAG-1G1

the first one to fully support sata III 6Gb/s, it became quite affordable nowadays (I may have been wrong by a few hundred dollars last time, no food+booze never works too well for me )

@dharmabm

here's the patch to get back packet injection with recent kernels:

http://ompldr.org/vNjNkcg/channel-negative-one-maxim.patch

there may be some other solutions but this one works for me™

Urandom was .... actually, probably better not to go into detail on this one.

Barbara, if you're reading this, this is *not* what you think, my .bash_history is at your disposal

Still no women for some reason!

If that ever happens, I'll swear I'll be using Windows Millennium Edition for a full month.

By the way, there was also some discussion about CMS softwares.

@ColinChapman, nice machine you're having here and the case looks great indeed. Bring it next time, there's that LCD TV just nearby our official table

sorry to hear that Cloggie... i'll be there around 8.xx pm, see you guys.

tomorrow is the day. who will be there?

Colin, Cloggie, Crushdepth, BugJack, me. Kevin, will we see you (cant miss the guiness call)? thaimite's friend?

we had a ubuntu (9.10 i think) machine with 512K of RAM in office that swapped as hell... 2 firefox instances (different profiles, few tabs), openoffice, open a heavy image and boom!

once my machine is up and running, it uses 57M of RAM. Using a source base distro, I build everything in RAM and rarelly use more than 1 GB. This is while browsing, compiling, ssh'ing, listening to some music... Linux is what you make of it... and here comes the big BUT (no pun intended): if this is one of your first linux experiences, I believe (and in fact I would recommend) you'll use a "ready-to-use" distro like ubuntu, mint, mandrake, <insert-your-favorite-distro>, etc... so it will come with a full desktop environnement (like gnome or kde), heavy weight apps like openoffice, etc... in that case, if you're really multitasking then you may hit the limit with 1G only and your machine will start to swap (which *ahem* sux). in conclusion, it may work without any issue except if you are used to have 50 tabs open, word processor and spreadsheets while listening to some music using a heavy player. so try it first so you can have some fun with linux, if you see you like it and use it more and more and that you hit the limit, just add some more RAM later, it takes 5 minutes and it's very cheap nowadays.

Richard, gnome will still be supported. You wont have to do anything to keep using gnome.

I was wondering what most of you going to do when Ubuntu is switching from Gnome to Unity graphical user interface in the upcoming version of Ubuntu...

in fact, you'll still have the choice of what you want to use. plain gnome or unity or whatever DE/WM you want to use.

What I read about Unity is that it doesn't need the Xserver layer, and therefore needs (very likely) new videocard drivers.

wayland wont be ready yet so you'll be using X still. unity needs 3d support but there will be a 2d unity alternative so this is a non-issue. a lot of video cards support 3d anyway so it's very likely that you wont have any problem. a few OSS drivers dont fully (or even partially) support 3d (ATI I'm looking at you )

Closed source manufacturers like Nvidia, ATI, and probably a few more are likely not very excited to create new drivers for a new graphical platform only supported by one Linux distribution...

they wont have to, really. wayland support is another issue but unity is not (yet) concerned.

oh and btw, I'm not using ubuntu so I cant answer your question

But remember that not everyone with a laptop is one of us, as I discovered last week :-)

yum yum. targets

well, after tomorrow in fact

so, do i have to bring my lappy with me tomorrow morning?

you're most welcome.

what I would really test is wireless.

just pray that it's not realtek. broadcom has some downsides too. intel and atheros should work without any issue.

broadcom recently opensourced their drivers so hope is there but you may suffer for a bit. realtek has some drivers available but they really really suck. it may work but you may have connectivity/signal strenght problems.

if you have the opportunity to fire up mint before buying, just open a terminal and issue the lspci command, look at the "Network controller" line to see what is the chipset.

I just got my shiny new machine and I'm using a CD to check out what you asked above; and here's the result of the lspci in terminal:

03:00.0 Network controller: Broadcom Corporation BCM4313 802.11b/g LP-PHY (rev 01)

I'm using a fixed land line at home and without a wifi connection nearby - I'll try and get to a friend's house or coffee shop.

this chipset is one of those that is supported by the opensource driver. the driver is already in linus' tree but still in staging http://git.kernel.or...819008e;hb=HEAD . anyway, you shouldnt get too many troubles with it and if you do have some, then you wont have to wait too long for a stable, reliable driver. depending on your distro, it may use an older kernel in which the code wasn't merged yet but they may have added the modules independently anyway. a good way to know this is to issue the lsmod command and see which module is loaded. if you see brcm80211 then you're using the opensource driver, if you see something like wl then you are using broadcom proprietary driver which is known to be limited. anyway...

enjoy your new machine !

I ran the terminal lsmod command and this is the result, which, with me being a newbie, means absolutely nothing.

ec,snd_rawmidi,snd_hwdep,snd_pcm,snd_seq,snd_timer,snd_seq_device

soundcore 880 1 snd

snd_page_alloc 7216 2 snd_hda_intel,snd_pcm

bluetooth 50500 9 rfcomm,sco,bnep,l2cap,btusb

parport 31492 3 parport_pc,ppdev,lp

dm_raid45 81721 0

xor 15136 1 dm_raid45

btrfs 489451 0

zlib_deflate 19266 1 btrfs

crc32c 2531 1

libcrc32c 887 1 btrfs

nouveau 517628 2

ttm 56825 1 nouveau

ahci 19013 0

drm_kms_helper 30200 1 nouveau

libahci 21731 3 ahci

sky2 45456 0

drm 168726 4 nouveau,ttm,drm_kms_helper

i2c_algo_bit 5168 1 nouveau

video 18712 0

output 1883 1 video

intel_agp 26720 0

agpgart 32075 3 ttm,drm,intel_agp

strangely, there's nothing about wireless here... what we can see is that the nouveau module is loaded, this means you're not using nvidia closed source driver which is very likely to give you the very best performance.

I don't know much about gaming machines but just wanted to point out that intel are releasing a new line of SSD's too...

http://www.pcper.com/article.php?aid=1087&type=expert