#soylent | Logs for 2024-05-29
« return
[01:35:43] -!- dx3bydt3 has quit [Ping timeout: 252 seconds]
[01:48:24] -!- dx3bydt3 [dx3bydt3!~|dx3bydt3@129.224.oqq.ulu] has joined #soylent
[02:09:49] -!- anontor has quit [Ping timeout: 252 seconds]
[02:10:29] -!- anontor [anontor!~anontor@185.220.szw.wt] has joined #soylent
[03:52:40] -!- anontor has quit [Ping timeout: 252 seconds]
[03:58:34] -!- anontor [anontor!~anontor@la06430.tor.shh.sh] has joined #soylent
[07:59:02] <fab23> AlwaysNever: a journal entry on SN after you are using Snip-IT :)
[08:15:44] <Ingar> also in IT asset management: license and certificate management
[08:16:10] <Ingar> like, SSL CERTIFICATES
[08:16:19] <Ingar> *ducks*
[08:18:45] <ted-ious> You need a spreadsheet to keep track of your cron scripts? :)
[08:20:35] <fab23> Ingar: they should be with ACME and then monitored with Nagios
[09:04:25] <Ingar> tell that to <insert name of very large client I obviously cant name here>
[09:11:41] <fab23> Ingar: hm, I guess I should make a business out of my ACME script stuff, requesting wildcard certificates through DNS challange and distributing to various systems.
[09:20:27] <Ingar> fab23: yes, I'd be your first customer.
[09:21:22] <Ingar> make me a quote for a single domain, and a domain with wildcards :D
[09:24:26] <fab23> Ingar: the certificate request is the easy part, the fully custom part is the distribution of the certificates and reloading of daemons
[09:25:29] <chromas2> systemd-certificated
[09:25:55] <fab23> Ingar: so far I have it for Apache httpd, sendmail, Cyrus IMAPd and inspircd on FreeBSD and for Debian with I think only Apache httpd
[09:26:40] <fab23> chromas2: not available on the "Besonders Schöne Distribution" :)
[09:28:19] <chromas2> hm I'm using acme.sh I guess. It complains that it won't run as root, but without root it doesn't have permission to stick the certs where they need to go
[09:28:44] <chromas2> I have symlinks set up pointing to where it sticks the cert, but for some reason I have to delete and recreate the symlink each time
[09:29:39] <janrinok> can you automate that with a post-update script which I think is possible with ACME?
[09:30:28] <fab23> chromas2: what daemon? For Apache an 'apachectl graceful' should be fine.
[09:31:27] <fab23> I am using lego on FreeBSD, does use 2 periodic weekly entries, one runs as _lego user (to request the certificates) and a second one which runs as root to distribute the certificates
[09:31:59] <chromas2> I don't know what that is but anyhow reloading is fine it's getting the cert into its slot that I'm bitching about
[09:33:34] <chromas2> Where it puts the cert files, I have symlinks from the nginx or whatever pointing to that spot, but when the cert's replaced it doesn't work no mo'
[09:34:05] <fab23> Back in the days with manual certificates, I alsways stored them as wildcard.example.com-20240529.pem and then updated the symlink for wildcard.example.com.pem to is (but all as root) and did 'apachectl graceful'
[09:34:52] <fab23> chromas2: strange, is the destination of the link also another link?
[09:35:44] <chromas2> haha yeah
[09:36:05] <chromas2> that's dumb. shouldn't affect it though since just recreating the exact same link fixes it
[09:36:39] <chromas2> then again I also have to chown and chmod the rspamd socket when the mail server starts. Maybe I just don't know what I'm doing :D
[09:36:53] <fab23> don't know what the filesystem is doing there, may resolve directly to the file, which then changes
[09:37:29] <fab23> chromas2: you should outsource that stuff into the cloud :)
[09:37:34] <chromas2> /etc/nginx/ssl/fullchain -> /etc/ssl/private/vmail.crt -> /home/user/.acme.etc
[09:38:04] <chromas2> well at least I gotta repoint that first symlink
[09:38:09] <fab23> what filesystem type? on the same file system?
[09:38:30] <chromas2> ext4, all one fs
[09:38:34] <janrinok> perhaps it is changing the inode or something!?
[09:38:39] <fab23> maybe when creating the first link, it does resolve directly to the dest file, which then breaks
[09:39:30] <janrinok> i.e rename old cert, create new cert, delete old renamed cert or something - I don't know
[09:39:47] <fab23> janrinok: sure the inode of the file does change, but that should not break the link, unless something ugly happens during creation of the first link, which points to another link
[09:40:22] <janrinok> I agree, it shouldn't....
[09:40:30] <chromas2> ooh, what if they rename the old cert, make the new one, then delete the old one in case something borks?
[09:40:47] <chromas2> oh you said that already
[09:40:52] <janrinok> yep
[09:41:16] <fab23> chromas2: maybe a bug in the fs, who knows
[09:41:17] <chromas2> maybe the best thing would be to just make the original destination world-readable then point everything to it :D
[09:42:27] <fab23> on FreeBSD I do copy (as root) the certs into the places where the appliction wants it and then reload the daemon
[09:42:53] <chromas2> Actually almost everything goes through nginx now. Nobody seems to make bridges for XMPP so I switched to shitty http-based matrix for messaging
[09:43:02] <fab23> some deamons do want ugly files anyway, like key, cert and chain in proper order in one file
[09:43:35] <chromas2> someone should create a standard
[09:43:45] <fab23> another standard? :)
[09:43:53] <janrinok> you beat me to it
[09:44:04] <chromas2> certml
[09:44:09] <fab23> https://xkcd.com
[09:44:09] <systemd> ^ 03Standards
[09:44:11] <chromas2> XertML
[09:44:39] <chromas2> zipped XML containing all the cert bits plus key files
[09:44:56] <chromas2> use xz since that's installed for some reason even though it was always a garbage format
[09:45:10] <fab23> chromas2: you mean similar to .p12 / PKCS#12 ?
[09:45:28] <janrinok> isn't that the compromised compression?
[09:45:40] <chromas2> Never heard of it. I'll write it from scratch without knowing what I'm doing, just like xz
[09:45:41] <chromas2> yeah
[09:45:53] <fab23> :)
[09:46:00] <janrinok> you line on the edge....
[09:48:18] <chromas2> and dot on the vertex
[09:55:43] <janrinok> lol
[10:01:55] <chromas2> I wonder if the new Windows PC APUs can run stable diffusion
[10:02:02] <chromas2> NPUs
[10:04:18] <janrinok> Auxilliary Power Units? Is that a type of GPU?
[10:04:37] <janrinok> I'm not keeping up with the technology
[10:05:51] <janrinok> Ah, APU is a combined GPU and CPU.
[10:07:05] <Ingar> fab23: two debian servers with apache :)
[10:09:51] <janrinok> Even if the APU gave Windows that capability I still wouldn't go back to a Windows OS.
[10:10:02] <chromas2> npu is what I meant. It's a tpu but even moreso
[10:10:51] <chromas2> well windows uses it for spyware but if the hardware's there, Linux should be able to use it as well
[10:14:23] <fab23> Ingar: ok, then it only needs a new FreeBSD system where I can run my scripts :)
[10:14:44] <janrinok> While I understand the difference in names, I'm not sure how similar GPUs, APUs and NPUs are to each other. Persumably the differences are sufficient to justify different designs and manufacturing.
[10:14:55] <fab23> Ingar: or I can run it out of my infra, I will provide a ssh key which needs to be put into the home of root on the 2 Debian servers
[10:17:33] <fab23> I may call it AaaS, ACME as a Service :)
[10:19:56] <fab23> what could go wrong? :) Like in the old days when some CAs even did create the private key for you.
[10:21:45] <janrinok> Perhaps they have a different definition of the word "security"...
[10:23:23] <fab23> I just have to write that my service is secure, then all will be fine. :)
[10:27:09] <Ingar> "security" is out of fashion, it has to be "AI" these days
[10:33:21] <chromas2> blockchain.ai
[10:53:25] <ted-ious> https://www.youtube.com
[10:53:26] <systemd> ^ 03I Tried The Boldest Cheating Technique In Blackjack History
[11:04:04] <ted-ious> This is the first in the series. https://www.youtube.com
[11:04:05] <systemd> ^ 03I Cheat At Blackjack
[11:10:27] -!- aristarchus [aristarchus!~aristarch@185.191.ssn.hn] has joined #soylent
[11:19:01] <aristarchus> Fink!!
[11:27:27] -!- aristarchus has quit [Quit: Client closed]
[11:42:28] <Ingar> I had no idea ari was into indie rock
[11:44:02] <Ingar> but rock - moon - hole, it makes sense
[12:02:17] <janrinok> where did you get that titbit from?
[12:02:50] <janrinok> I know he likes astronomy but I haven't heard him express any musical taste.
[12:03:09] <janrinok> Ingar^
[12:04:32] <Ingar> https://finkmusic.net
[12:04:33] <systemd> ^ 03Fink Store
[12:05:31] <chromas2> or any taste
[12:06:25] <chromas2> perhaps he's professing his love for long-lost user SirFinkus
[12:06:48] <janrinok> He has called me a 'Fink' several times - I'm not sure that it is related to his taste in music. "Fink is a North American slang term that originally meant "informant" or "strikebreaker" and expanded to be a general pejorative term for a jerk or an unpleasant person."
[12:07:54] <janrinok> I don't think that he likes me...
[12:08:03] <chromas2> How can you be so sure?
[12:08:49] <chromas2> Interesting though, I don't think I've heard the word fink before...at least, outside of SN
[12:09:36] <chromas2> maybe it's an animal-friendly alternative to rat
[12:29:05] <drussell> The Wizard of Id is always saying, "THE KING IS A FINK!"
[12:31:20] <ted-ious> https://www.c-span.org
[12:31:21] <systemd> ^ 03emThe Bill Gates Problem/em
[13:20:48] -!- fairyowl [fairyowl!~matt@2603:7081:izyo:vmkg::ugmj] has joined #soylent
[13:21:55] -!- piusbird has quit [Ping timeout: 252 seconds]
[13:36:15] -!- chromas [chromas!~chromas@Soylent/Staph/Infector/chromas] has joined #soylent
[13:36:15] -!- mode/#soylent [+v chromas] by Imogen
[13:36:46] -!- systemd has quit [Ping timeout: 252 seconds]
[13:36:46] -!- chromas2 has quit [Ping timeout: 252 seconds]
[14:44:47] <Runaway1956> ted-ious, good link, helps to explain how our covid response went all wrong
[14:45:33] <Runaway1956> secret decisions made for profit and political power, preventing others from contributing
[16:01:54] <Runaway1956> Wow - I didn't know this.
[16:02:04] <Runaway1956> DISM /Online /Cleanup-Image /ScanHealth
[16:02:22] <Runaway1956> https://www.windowscentral.com
[16:03:16] <Runaway1956> Looks awesome, tryingn to repair a windows image now . . .
[16:05:26] <Runaway1956> Assuming you have an internet connection, no need to supply an install disk or anything, it downloads replacement files directly from Microsoft updates.
[16:23:29] <Ingar> almost like my linux distro has been doing the past 25 years
[16:52:45] <Runaway1956> Remarkable, isn't it? Windows becomes more and more like Linux.
[16:56:26] <janrinok> It is important to remember that this might still be part of the "Embrace" before moving to the "Extend" and "Extinguish" elements.
[16:57:39] <janrinok> Their argument will be why bother with Linux when Windows can do all of that too. The C-Suites will love it because they think that they understand it.
[17:00:16] -!- Runaway1956 has quit [Ping timeout: 252 seconds]
[17:30:10] <Ingar> janrinok: if you know windows very well, there actually is some usefull admin stuff under the hood
[17:34:32] <janrinok> I am sure that there is - but I still wouldn't want to change back from Linux.
[18:04:14] <chromas> but also linux is becoming less and less like linux
[18:05:00] <Ingar> flatpacks, certain sound daemons, certain init systems
[18:05:26] <chromas> yeah snappackimages is what I'm thinking of
[18:05:31] <Ingar> and the damn flattification of the UI
[18:05:39] <chromas> or is it snakpak images
[18:05:46] <Ingar> I open gimp, I got 100 icons and they all look the same
[18:06:35] <chromas> you don't want your desktop to make your ultra hd hdr qdled display to look like a cga monitor?
[18:07:15] <Ingar> that cga monitor already destroyed my eyes, wearing glasses now
[18:07:32] <Ingar> so I need 4 large icons in different bright colors
[18:07:45] <Ingar> cirlce, triamgle, square, x I think
[18:08:15] <chromas> you'll have one large icon with six feet of margin so you can finger it even though you're using a mouse or trackball
[18:08:48] <Ingar> a few years back, I got my mom a large touchscreen, I should get me one of those
[18:09:11] <Ingar> like having a 27" tablet
[18:10:44] <Ingar> I t could even be beneficial to some workflows
[18:13:24] * chromas puts the ⭕🔺🟨❌ into a 🍔 menu
[18:14:16] -!- Runaway1956 [Runaway1956!~OldGuy@the.abyss.stares.back] has joined #soylent
[18:15:02] <Runaway1956> It seems to have worked - the problems I started out troubleshooting seem to be fixed.
[19:14:48] -!- anontor has quit [Quit: anontor]
[19:20:53] -!- anontor [anontor!~anontor@185.220.thv.hky] has joined #soylent
[19:24:28] <prg> thankfully you can change the icon theme in gimp back to legacy. I have no idea why they thought making gray on gray the new default would be a great idea.
[19:26:45] <requerdanos> I, too, use legacy gimp icons
[19:29:20] <chromas> We just need a project to put a few features into Krita to make it completely replace gimp
[19:30:08] <prg> like colorful tool icons
[19:31:05] <prg> those are also just gray on gray for some reason
[19:44:06] <chromas> the colors change with the theme
[19:44:25] <chromas> they seem to think you need monochrome icons because colors are distracting and will ruin your art somehow
[19:44:45] <chromas> even though in the real world all your tools aren't monochrome. how dumb
[19:48:41] <chromas> hm I wonder what changed recently; every time I clone an aur repo I get some whinging about not using "master" for the branch name
[19:49:52] <chromas> Looks like people have been asking about it for years, but I've never seen it until a couple weeks ago
[19:54:05] <chromas> Guess I'll have to start using git and then name all my forks slave0, slave1, slave2, cottonpicker
[21:34:01] -!- anontor has quit [Remote host closed the connection]
[22:55:01] -!- chromas has quit [Ping timeout: 252 seconds]
[22:55:25] -!- chromas [chromas!~chromas@Soylent/Staph/Infector/chromas] has joined #soylent
[22:55:25] -!- mode/#soylent [+v chromas] by Imogen
[22:59:55] -!- anontor [anontor!~anontor@21.tor-exit.nothingtohide.nl] has joined #soylent
[23:40:44] -!- anontor has quit [Remote host closed the connection]
[23:41:10] -!- anontor [anontor!~anontor@cnw7v6.digitale-gesellschaft.ch] has joined #soylent