The Linux Thread - The Autist's OS of Choice

[HairyBadger]

chroot jails have been a thing since forever.

We would disable selinux on RHEL6 because of how overly restrictive it would be. Unless you were running very simple applications, it would catch lots of things and block them, which required you to go through and watch all of the sealerts and add custom rules for the most minor of shit. So it just became a blanket disable until RHEL7 came out, which actually had a very sane implementation out of the box. Still been bit in the ass by it, but over relatively minor things that a quick relabel/reset context fixed.

why cut the security?

 

[HootersMcBoobies]

That's why I am cautious because the application changes seem fine on the surface, but the video itself and esp this dude's attitude to any criticism even of a dev build is what makes me think shit is going to stink. I am not too worried since we do have the Tenacity fork to fall back on.

All of the issues would have been avoided if they used a fucking development branch. Putting broken shit on master of a project you just took over is such a clearly inexperienced development choice.

I should start experimenting with Gentoo and Artix for when the time systemd becomes too much.

I was using Gentoo and Void, but Void devs seems to be complete dipshits and their lack of stable version numbers is asinine (let's break Python every year in October!) Gentoo has some of the best design choices for developers and power users. I've been migrating more of my machines to Gentoo. I have a local mirror on my network for portage and a distfiles cache. My CI/CD process even rebuilds a Gentoo testing image and I'm thinking about creating a pipeline for standard server base images ... maybe even wrapping it with a tool to make tree/commit based immutable builds.

 

[analrapist]

Running my first Gentoo rebuild after being forced to disable my global -wayland use flag. Wish me luck, friends, as Wayland fags poz my neghole. Needed the following useflags to eliminate the encroachment of poz.

www-client/librewolf -wayland
x11-libs/libxkbcommon -wayland
media-libs/libva -wayland
media-video/libva-utils -wayland
net-im/discord -wayland
x11-apps/mesa-progs -wayland
dev-qt/qtgui -wayland
app-crypt/pinentry -wayland
games-emulation/pcsx2 -wayland
media-video/obs-studio -wayland
media-video/vlc -wayland
www-client/chromium -wayland
dev-games/godot -wayland
net-libs/webkit-gtk -wayland
app-crypt/gcr -wayland
games-util/steam-launcher -wayland
media-video/mpv -wayland
games-emulation/RetroArch -wayland
app-emulation/wine-staging -wayland
app-emulation/qemu -wayland
media-libs/libsdl2 -wayland

 

[HairyBadger]

There are hundreds of new Linux Distros.

 

[daffodils]

There are hundreds of new Linux Distros.

How many of them aren't just Debian with a new coat of paint? Or a "spin" of those immutable Fedora monstrosities? Or Arch, but repackaged for an even more insufferable userbase?

 

[raidforumgod124]

can someone recommend me a distro? ive been thinking about arch or a distro like that..

 

[acid_ra1n]

Running my first Gentoo rebuild after being forced to disable my global -wayland use flag. Wish me luck, friends, as Wayland fags poz my neghole. Needed the following useflags to eliminate the encroachment of poz.

www-client/librewolf -wayland
x11-libs/libxkbcommon -wayland
media-libs/libva -wayland
media-video/libva-utils -wayland
net-im/discord -wayland
x11-apps/mesa-progs -wayland
dev-qt/qtgui -wayland
app-crypt/pinentry -wayland
games-emulation/pcsx2 -wayland
media-video/obs-studio -wayland
media-video/vlc -wayland
www-client/chromium -wayland
dev-games/godot -wayland
net-libs/webkit-gtk -wayland
app-crypt/gcr -wayland
games-util/steam-launcher -wayland
media-video/mpv -wayland
games-emulation/RetroArch -wayland
app-emulation/wine-staging -wayland
app-emulation/qemu -wayland
media-libs/libsdl2 -wayland

Did u not just - Wayland globally

 

[analrapist]

being forced to disable my global -wayland use flag

Did u not just - Wayland globally

Various GTK dependencies will no longer build on my system with a global -wayland USE flag. I'd have to add package specific carveouts to keep it. It's shorter to keep a negative list. The rest is dependency.

 

[Belisarius Cawl]

https://www.trollaxor.com/2000/06/eric-s-raymond-arrogant-gas-baron.html

Yes, that's right, folks, he'll do it for free (the first time, anyway)! See, ESR's time is so valuable, being that he can't be away from his home network of 386s running Linux, that he has to limit his time to one free presentation per group. Not that that's an unreasonable request for any other person. It's just totally arrogant because he pretends his time is worth enough to limit it to only one free presentation per group. Hell, if people were not so easily fooled by his Refinery wealth, they'd realize he should be paying them to even attend the presentations he currently speaks at.

Please, someone, put a leak in this petroleum fiend's ego!

Anyway, on we go.

If you are not a local Linux user's group, you can make your request more attractive to me by scheduling a double-header with the local LUG.

Here we have another example of ESR's total blind arrogance. Assuming that he swings enough weight around to include his herds of unwashed Linux users at any event that he presents at.

Of course ESR knows he can, at a whim, call upon the GNU Patrol and Linux users and have them beckoning at his feet for orders (which usually are to buy cases of Jägermeister), and include them in any presentation's audience by sheer force of number. But ESR has darker plans behind the quote above.

The statement above is evidence that, simply, ESR is trying to spread the diseases of Linux zealotry, poor hygiene, and Communism, using the very organizations that pay for his lifestyle, dumbly hypnotized by his Black Gold wealth, as a catalyst for his viral teachings, in hopes of converting those caught in his wake. A wake of stench thick with idealism, crude oil, and BO.

 

[prollyanotherlurker]

Various GTK dependencies will no longer build on my system with a global -wayland USE flag. I'd have to add package specific carveouts to keep it. It's shorter to keep a negative list. The rest is dependency.

Yeah that's what I saw when I tried that. Its not really possible without Wayland at this point. Maybe if you hold back some packages. Like browsers. But it's easier to just enable Wayland for gtk in my opinion.

 

[analrapist]

just enable Wayland for gtk

It ends up being like a dozen GTK dependencies, a dozen QT dependencies, other garbage. My philosophy towards use flags is to specify the use flags of packages I care about, rather than ones I don't. Steam totally messes with this because of all the 32-bit stuff but whatever.

 

[Angie Wormwood]

why cut the security?

In the information security world, there's a triad that is followed. CIA -- Confidentiality, Integrity, and Availability. A secure system must meet all 3 criteria. You must maintain your data's confidentiality, its integrity from unauthorized modification, and make the system serving that data available to the users.

You can take a system and bury it in concrete. Going to be extremely secure, since no one can get to it to access or modify the data. But the availability will be dogshit.

With selinux on RHEL6, that was the problem. Secure, maybe, but it required a ton of work to make available, with no guarantees that you'd catch everything, particularly with the complexity of the applications we ran.

 

[Lonjil]

can someone recommend me a distro? ive been thinking about arch or a distro like that..

Download Linux Mint. Enjoy life because it just works. Its that simple.

 

[prollyanotherlurker]

In the information security world, there's a triad that is followed. CIA -- Confidentiality, Integrity, and Availability. A secure system must meet all 3 criteria. You must maintain your data's confidentiality, its integrity from unauthorized modification, and make the system serving that data available to the users.

You can take a system and bury it in concrete. Going to be extremely secure, since no one can get to it to access or modify the data. But the availability will be dogshit.

With selinux on RHEL6, that was the problem. Secure, maybe, but it required a ton of work to make available, with no guarantees that you'd catch everything, particularly with the complexity of the applications we ran.

https://docs.freebsd.org/en/books/handbook/security/

This page goes over it a bit. For people that haven't heard about it.

There is a lot of freebsd specific stuff in it. But just about everything it has, linux has it's own version of, or it has the same things. Either way the principles of security still apply.

That said. I do agree. Selinux, and some of the other LSM (MAC's in general) can take things too far to the point where they make the system unusable, or they make them so inconvenient that you just disable them, then it ends up hurting your security because you are disabling it to get around the limitations. I do think if something is set up carefully, and with thought put into the given use case. They can probably make a big difference in either stopping, or limiting a possible attack/exploit.

 

[prollyanotherlurker]

No 4chan. You will not be claiming the gnu+Linux mean. (At least it doesn't appear so)

For once a YouTuber actually put the links in the description.

https://web.archive.org/web/20091031140239/https://xercestech.com/linux-not-gnulinux.geek

Off topic. It annoys me how fucking lazy most of these YouTubers are. They are making money off reacting to other people's work, whether it be a video or article. But when I check the description because I want to actually read or share the thing the video is about. 95% of the time they never actually put any of the sources. I hate it.

A guy sperging and "stimming about Linux in the autism corner"

 

[Angie Wormwood]

That said. I do agree. Selinux, and some of the other LSM (MAC's in general) can take things too far to the point where they make the system unusable, or they make them so inconvenient that you just disable them, then it ends up hurting your security because you are disabling it to get around the limitations. I do think if something is set up carefully, and with thought put into the given use case. They can probably make a big difference in either stopping, or limiting a possible attack/exploit.

RHEL7 onwards took a sane stance on using it. Running it, without even any custom rules, is unlikely to break anything unless you're doing something very esoteric. And even then, it's usually a couple of exceptions and you're golden, or doing something like relabeling a context or changing it, or setting a port context.

It gets nutty when you start slipping back into needing stuff like fapolicyd.

 

[Curry Teafag]

Download Linux Mint. Enjoy life because it just works. Its that simple.

Recently tried it out, this is how it ended some two days later.

 

[Curry Teafag]

No 4chan. You will not be claiming the gnu+Linux mean. (At least it doesn't appear so)

For once a YouTuber actually put the links in the description.

https://web.archive.org/web/20091031140239/https://xercestech.com/linux-not-gnulinux.geek

What is that weirdo talking about? Stallman has maintained that the system be called "GNU/Linux" since 1994, with GNU itself officially adopting it in early '95. Earliest mentions date back as far as 1992. I remember it from the late 90s when a friend got interested in this stuff and started propagating it (and correcting the rest of us).

 

[CheepMeds]

Would be pretty sweet if these kind of operations ended up bumping a few % points toward Linux on that OS marketshare graph.

 

[Betonhaus]

Recently tried it out, this is how it ended some two days later.

Were you live booting the usb drive the entire time? It sounds like the iso image got corrupted, which could be a failed download but you never specified if you had it successfully boot until two days later