devank has quit [Remote host closed the connection]
<sewn>
holy carp evs are so bad
<sewn>
Vova: nicely done
<sewn>
am proud :3c
<sewn>
I personally had something similar but not as good quality and modular as yours
<Vova>
sewn: Ty, you taught me everything UwU
<sewn>
no way bwo
<sewn>
am just little guy
<sewn>
ur big
<Vova>
Damn, thanks
<Vova>
Wait
<Vova>
You saw me IRL ?
<Vova>
I may have sent you a picture years ago or something, can't remember
<sewn>
what no lol
<sewn>
I just imagine ur big
<sewn>
which u are btw
<sewn>
he could probably lift kris with a single hand
<sewn>
s/he/you
fultilt has joined #kisslinux
<midfavila>
leave kris ALONE >:c
* midfavila
taps sewn's head with a rolled-up newspaper
<sewn>
more plz :3
<midfavila>
smdh
<midfavila>
little weirdo
* midfavila
turns his nose up at sewn
<sewn>
wat does this act mean
<kris_>
?????
<riteo>
sewn mid was outraged I think
<riteo>
like, I imagine mid closing his eyes and "looking" up with an angry face
<riteo>
I think that's what it means
<kris_>
jefferson starships EVERYWHERE
<thomas_adam>
I was more a fan of Jefferson Airplane.
<kris_>
TIL jefferson starship is an artist
<kris_>
i was referencing supernatural honestly
<kris_>
s/artist/band
<thomas_adam>
Oh. Well, now you've learned that the genesis of Jefferson Starship was with Jefferson Airplane.
<midfavila>
doing some reading on bicycles again
<midfavila>
i keep seeing people dumping on drum brakes in favour of rim or disc brakes, citing lower weight and claiming greater stopping power, and while the weight claim is undeniably true, it's hard to understand the argument about braking power...
<midfavila>
drum hubs are plenty capable of locking both front and rear wheels, which, at that point, any greater power would kind of be useless.
<midfavila>
but i don't see anyone discussing the fact that the drum mechanism is sealed and therefore practically immune to environmental conditions, aside from temperature possibly affecting the cables and maybe the grease, whereas rim and disc brakes get contaminated basically immediately, meaning drums would have more consistent performance...
<midfavila>
hm.
<sad_plan>
midfavila: stop being silly. the only senible cchoice here is getting a bmx without breaks. die like real men
<midfavila>
sad_plan: i can't haul a kris' worth of groceries or ikea furniture on a bmx
<midfavila>
smdh
<midfavila>
oh my gosh
<midfavila>
kris_ you could take a ride in my bike trailer >:O
<midfavila>
that's crazy
<midfavila>
man bicycles are so cool
<kris_>
why don't *you* ride on the bike trailer
<midfavila>
i mean i probably could tbh
<midfavila>
the manufacturer's suggested weight limit is something like 200lbs
<midfavila>
i moved a fridge with it once
<midfavila>
actually the trailer was made in canada which was neat
<midfavila>
one of two manufacturing jobs left in the country
<midfavila>
the other is for washboards
<midfavila>
:v
<kris_>
i wish distros would stop calling things full disk encryption when they aren't
<kris_>
FDE means /boot too
<kris_>
depending on who you ask apparently
<riteo>
kris_: how would you decrypt the disk then
<kris_>
the way i do it is roll my kernel, initramfs, cmdline, and potentially cpu microcode into 1 file called a UKI and store it on my ESP, which is usually at /boot/efi
<kris_>
the only unencrypted portion of my system, initramfs there handles decryption of / and /boot isnt split off from /
<kris_>
protect that with self signed secure boot and good to go
<kris_>
^ the point of this is to keep the kernel and initramfs you use to actually generate these UKIs that are responsible for decryption safe
<sad_plan>
midfavila: sure you can. just get pegs both front and back, aswell as a basket on front. put on a 110L backpack awswell and youre right as rain
<midfavila>
yeah but bmxes also suck
<midfavila>
i much prefer my utility bike
<sad_plan>
those arent kool enough
<sad_plan>
also brakes are bloat. all the cool kids rides without brakes
<midfavila>
yeah i'm not cool lol
<midfavila>
i REJECT your demands that i meet societal expectations of "coolness"
* sad_plan
makes sad noices
* kris_
straps a speaker to his bicycle with velcro and blasts radiohead
<kris_>
(i'm competing to be less cool)
<midfavila>
gonna kick u off ur bike
<kris_>
albeit that's kinda cool so
<kris_>
that may backfire
<sewn>
hey kris kris
<sewn>
what do u reccomend encryption of the disk
<sewn>
am using unencrypted boot and a bcachefs
<sewn>
soon will bitloxker my windows just for safeties
<midfavila>
>using windows
<midfavila>
if you must, use qemu
<midfavila>
smdh
<sewn>
uhh
<kris_>
why exactly are you using bcachefs
<sewn>
I'm not sure bluebook would work in qemu
<sewn>
kris_: funnn :3
<sewn>
plus works the same as cryptsetup
<sewn>
but I don't need any init/initramfs stuff
<sewn>
legitimately just works
<kris_>
also idk what you mean by what do i recommend
<kris_>
i only use luks but i change a few settings
<kris_>
kdf i always use is argon2id because it's the most expensive, everyone *should* be using it but grub still doesnt support it
<sewn>
a
<sewn>
oke
<sewn>
what's an argon
<kris_>
and i set my iteration time based on the hardware i'm using it on
<sewn>
also ew grub
<sewn>
what's an iteration time
<kris_>
because it's going to iterate quicker on more powerful machines
* sewn
is clueless
<kris_>
the amount of time it has to sit and calculate based on your passphrase to see if its correct and unlock with it
<kris_>
tldr
<kris_>
like massive tldr
<kris_>
by default luks calculates for 2 seconds for the system it's being run on, will be faster on systems with faster cpus
<kris_>
the higher this is the longer it takes to brute force
<kris_>
argon2id is the key derivation function, argon2id is the current standard
<kris_>
basically you're changing how long this is meant to take in order to make brute forcing it take longer
<kris_>
i set mine to 30 seconds to like 5 minutes depending on the system
<kris_>
(which means 5 minutes to unlock the drive)
<sewn>
oh wowie
<sewn>
but why
<midfavila>
just in case kris_ needs to stab their assigned NSA agent who snuck in while kris_ was making more gfuel
<midfavila>
obvs
<kris_>
sewn because i view things as either secure enough or not
<kris_>
i don't believe in middlegrounds when i live in a country like this
<sewn>
bww
<sewn>
intewesting
<kris_>
i'm doing absolutely nothing that would warrant any problems, *at the moment*
<kris_>
as trump views more and more things as problems, who knows
<kris_>
given he doesn't like neurodivergent people
<midfavila>
yeah
<midfavila>
did they drop the autism registry or are they trying that again
<kris_>
i have no idea
<riteo>
re FDE sorry kris_ I got distracted downloading a huge JD vance meme archive
<riteo>
after the norwegian tourist incident they became cool again
<kris_>
after the what now
<riteo>
sooo, I mean, I guess that's kinda a play on semantics
<kris_>
god dammit i am so perpetually out of the loop and don't know how to fix that
<riteo>
lmaoooooooooooooooooooo
<kris_>
riteo it is but FDE *typically* means including /boot
<riteo>
didn'y you know
<kris_>
i am not a knower
<kris_>
apparently
<riteo>
apparently a norwegian tourist got their phone checked at the border (they apparently do that) and they kicked them out of the country because they had like the plainest jd vance meme
<kris_>
oh yeah that happens regularly now
<riteo>
not even the unhinged ones, just him with a bloated face and bald
<kris_>
they can and will search your devices at the border
<midfavila>
lol
<kris_>
one of my friends wiped her phone before coming here from canada
<riteo>
wise choice
<midfavila>
yeah if i end up visiting america i'm just leaving all my stuff here
<midfavila>
"yeah sorry officer i'm actually a bit of a luddite"
<kris_>
crazy how everyone also forgot about having security at airports to make sure pregnant women aren't going to states where abortion is still legal
<riteo>
that's really funny cause nothing stops you from saving all your data in the cloud, encrypted and shit, wiping your phone and redownloading it once you get in
<kris_>
this is getting *crazy*
<riteo>
like, what is device searching even for
<midfavila>
riteo: finding political opponents
<midfavila>
this isn't new behaviour lol
<kris_>
oh they're setting up some sort of country wide citizen surveillance now too, more extreme than what had happened after 9/11
<kris_>
i forget what it's called
<riteo>
that's just... useless
<midfavila>
it's also a way to show that criticising the regime has consequences imho
<kris_>
i figure i should probably keep a copy of tor locally for when shit really goes batshit
<kris_>
and keep my mullvad subscription up lmao
<midfavila>
just a power projection thing
<midfavila>
kris_: tor was funded by the US navy wasn't it
<riteo>
kris_ what I might be saying might be awful adviec
<riteo>
but like
<kris_>
midfavila funded? no. created by? yes.
<kris_>
i don't trust it but it's effective enough in other parts of the world supposedly
<riteo>
apparently debian has huge disk-ready archives of both binaries and source of every single program ever packaged there
<kris_>
the actual good shit is i2p
<riteo>
I unironically bring with me a blu-ray with a 25G image of debian on it so that I can save my ass whenever the time comes
<riteo>
also kris_ tails might be a great choice
<riteo>
fits in a pen drive
<midfavila>
fwiw if there's an actual thing that goes down and telco lines get cut you should get like
<midfavila>
a little radio setup
<kris_>
we're not at that point yet
<midfavila>
so you can use digital modes or w/e
<kris_>
but i do intend on preparing local copies of some stuff
<kris_>
so if the time comes i can still access the world
<riteo>
yeah that's very wise
<riteo>
that's also a great advantage of source based distros actually
<riteo>
you can archive a shitton of software in very little space
<kris_>
yeah zstd on that and you're golden
<riteo>
btw
* midfavila
ncompresses kris_
<kris_>
i *really* need to get my bouncer off of a hetzner server
<riteo>
burn it in a pen drive and you should be golden when america makes encryption illegal
<kris_>
yeah i'm familiar with tails
<kris_>
but shortly, right now im still trying to figure out my local infra
<riteo>
fair
<kris_>
probably going with gentoo for my servers honestly
<riteo>
talking about infra
<kris_>
lowest effort
<kris_>
has what i need packaged
<kris_>
sane *enough*
<riteo>
you know if there's any cheap openwrt ready managed switch
<kris_>
not a clue
<riteo>
I still haven't hooked up my beautiful lil outward-facing server because I have no way to isolate it
<kris_>
look at their supported devices list and see if theres anything there
<midfavila>
riteo you could use an SBC and a PCIe switch board
<kris_>
but i just have a $25 netgear GS308E
<riteo>
that sounds expensive mid
<kris_>
is managed
<midfavila>
eh depends on your setup
<kris_>
i tend to default to netgear equipment though so
<kris_>
everyone tends to have their default
<riteo>
BTW kris the openwrt has been faster ever since they hooked up the anti bot thing
<riteo>
lightning fast actually
<riteo>
I think it might have been unironically the ai scrapers
<kris_>
actually 24.10.2 is out now
<kris_>
i'm dreading updating my router
<riteo>
oh
<riteo>
ughhh I gotta update my fork
<kris_>
also TIL openwrt supports switches?
<riteo>
I mean
<riteo>
it supports everything really
<kris_>
it makes sense given routers have built in managed switches often
<kris_>
just never came to mind
<riteo>
welp the GS308E is definitely not supproted
<riteo>
althought netgear has quite solid open source support
<kris_>
the GS308T is
<riteo>
I wonder how hard it might be to upstream a patch since they do GPL dumps IIRC
<riteo>
ohhh awesome
<kris_>
had i known about this before i may not have bought this one
<kris_>
it would be cool to have openwrt on everything
<riteo>
although tbf it costs a lot more
<kris_>
it also has POE at least
<kris_>
62w
<riteo>
defo overkill for my broken home network
<kris_>
i don't consider things at this price overkill given the purpose
<riteo>
it's really awful and it's gonna be real funny to hook up FTTH once we figure out if it's even there
<kris_>
it's overkill if you're going to quickly replace it
<kris_>
if you're keeping it for years on end, its not
<midfavila>
ngl, i doubt i'll ever bother with fibre or whatever agian
<midfavila>
again
<riteo>
apparently the maybe-state-owned fiber infrastructure thing is very confused by a recent house number change here
<kris_>
i'm still on coax
<kris_>
as is most of the US
<riteo>
we never had coax
<midfavila>
physical infra is annoying in general
<riteo>
rn we're on xDSL
<midfavila>
i'm very happy with my lte connection
<riteo>
and the wires somewhere got oxidised
<midfavila>
<3 lte
<kris_>
cgnat hours
<kris_>
:(
<midfavila>
on lte?
<riteo>
I quickly stripped them and twisted them toghether and I got almost the same throughput
<kris_>
midfavila nah one of my friends just got a 5g verizon home modem
<midfavila>
fwiw *i* get a static ip on my lte connection
<kris_>
i realize now that i completely didnt provide context
<midfavila>
50CAD a month
<riteo>
no I'm not going to solder/crimp them because that's an even better reason to switch from our AWFUL offering
<midfavila>
for the whole getup
<kris_>
that's fucking crazy
<midfavila>
v gomfy
<kris_>
my friend is paying $80/mo for 300 down 20 up with no static IP
<midfavila>
rip
<riteo>
we pay unironically something like 50 EUROS for the crappiest FTTC ever
<kris_>
but he's doing that because spectrum internet is horrid
<kris_>
he has constant outages and insane packet loss
<riteo>
when we could pay 20 with an alternative provider
<kris_>
and they basically just say "get fucked clown"
<midfavila>
idk canada's internet in general is wildly expensive
<midfavila>
i guess i don't need more than 5mbps
<midfavila>
the ease of use of lte is just super nice
<midfavila>
it just werks
<kris_>
you're paying 50cad / month for 5mbps??
<midfavila>
happily yes
<midfavila>
for what it's worth my building also doesn't have telco hookups lmfao
<kris_>
that is such a scam
<midfavila>
nah
<midfavila>
there's a method to the madness
<midfavila>
ostensibly it's a business data line
<midfavila>
but like i said there's no hookups in my building
<midfavila>
and i don't really need higher speeds
<riteo>
btw kris_ I have a feeling that the GS308E might run OpenWRT fine too
<midfavila>
plus, i can use my uconsole as a hotspot :D
<kris_>
out of my area of expertise
<kris_>
if i could run openwrt on this thing i'd be like
<kris_>
yippeeeee
<kris_>
etc
<riteo>
I mean
<riteo>
no promises
<riteo>
but if I get that one
<midfavila>
yibby
<riteo>
I can give a shot
<midfavila>
:^DDDDDDDD
<kris_>
the problem is idk how you'd flash back to stock if you broke it
<riteo>
out of my are of expertise but I don't care 8-)
<kris_>
i wonder if these things A/B
<kris_>
seems like they probably should
<riteo>
ehh, they usually have jtag headers I heard
<kris_>
oh cool
<riteo>
I don't think they have ab at that price tag
<riteo>
I don't have a jtag writer either
<kris_>
in all fairness it's $25
<riteo>
but oh well, hopefully everything goes all right lmao
<riteo>
oh also wait
<riteo>
netgear has a recovery mode
<kris_>
i'm happy enough with it as it is though so
<riteo>
I might have bricked my repeater a bunch of times and all it takes is to figure out when to press the reset switch and where to push the binary
<riteo>
probably the switch has the same bootloder
<kris_>
netgear is a lot less evil than most other network gear providers
<kris_>
unifi shills make me chuckle
<riteo>
yes but I'm unironically, like, starting to fear the american telco stuff as much as the chinese
<riteo>
privacy-wise
<kris_>
nah i understand
<riteo>
that's why openwrt is mandatory for me
<riteo>
but yea netgear is quite comfy
<kris_>
it would also be nice if my AP supported openwrt
<kris_>
another thing i didn't know about before buying this
<riteo>
> The switch will prompt you to create a Netgear cloud account to manage the device and offer you 'limited access' to the device until you do so.
<kris_>
wtf
<riteo>
good news though
<riteo>
> According to the Netgear knowledge base, however, this 'limited access mode' should still allow you to update the firmware.
<kris_>
depends on what they mean by limited access
<riteo>
> This method sometimes fails. Be prepared to open the device and solder a pin header for serial console. The holes are filled with solder, so having desoldering tools is also highly recommended!
<riteo>
lmaooooooooo
<kris_>
with their current gen stuff they try to get you to make an account for their cloud management utilities
<riteo>
aight guess no recovery in the switches
<kris_>
but if you dont want to you can just not
<riteo>
it's gonna be fun
<riteo>
oh that's nice to knkow
<kris_>
they make it hard to figure that out though
<kris_>
in the sense that they have basically 2 different spec sheets for each device
<kris_>
and they word things very specifically to make you think you need their cloud management shit to use the device at all
<kris_>
which costs a monthly fee btw
<kris_>
but really unfortunately this type of behavior is just expected with any network gear
<riteo>
you can't tell the processor from the web UI right
<riteo>
that'd be useful
<kris_>
uh
<riteo>
oh wait there oughta be the GPL dump somewhere right
<riteo>
that might be useful
<kris_>
no i dont see any information
<kris_>
on the webui i mean
<riteo>
aight no worries
<riteo>
I mean I should also see what's sold in my local shop since we usually go there for this kind of stuff, although I don't recall seeing many switches at all
<riteo>
kinda doubt that a regular electronics store would sell any tbh
<kris_>
probably the best bet
<kris_>
i just got mine on amazon as all good consoomers do
<riteo>
we'll see
<riteo>
awww come onnn
<riteo>
there's not even a gpl dump for the GS308E
<riteo>
the hell does it run
<kris_>
that's moderately concerning
<riteo>
don't tell me it runs eCos
<riteo>
no idea what it is but apparently it's not linux
<riteo>
> GS308E is not Linux, firmware from the Netgear web is definitely not for Linux. Also, according to openwrt community it is most likely BCM53128
<kris_>
which honestly maybe this is meta anyway given less going on in software typically means much lower attack vector
<kris_>
but who knows
<riteo>
yea
<kris_>
also im sure you're already aware but when you create a vlan in openwrt make sure you give it its own firewall zone
<kris_>
it doesnt do that automatically and just allows cross vlan traffic
<riteo>
i gave a look at netgear catalog and it looks like basically every single GS*E is the "Easy Smart Managed" one, which by smart I suppose it means "full ASIC"
<riteo>
maybe that's why every single one of them as the puniest CPU
<riteo>
apparently the cheapish moddable ones from netgear are the cloud managed ones which need a beefier cpu and thus can run linux
<riteo>
so you won't pay less than let's say 50 bucks from them
<riteo>
then there are the super expensive "full managed" ones which I feel like might mean that everything goes through the CPU