Jump to content
funtoo forums

swamprabbit

Members
  • Content Count

    7
  • Joined

  • Last visited

  • Days Won

    3

Reputation Activity

  1. Trolling
    swamprabbit got a reaction from 666threesixes666 in Opinions on using Funtoo or different distro on my Lenovo Yoga 2 11   
    Just a quick update, I have been overly busy with work that I haven't gotten far with this install.
     
    But since my last post, I put in a improvement bug report for a subarch for Silvermont CPUs, and drobbins has been great enough to create a subarch for the CPU used in the Yoga 2 11S!
     
    Which means now when I get back to it in the next week or so, it will be an optimized build for the Yoga 2 11S now!
  2. Trolling
    swamprabbit reacted to 666threesixes666 in Any advantage using 'hardened' for the desktop user?   
    i think the best way to address this is security sub pages....  as in a general security page, then security/threesixestake security/drobbinstake security/olegstake security/physical security/hardening security/selinux security/apparmor security/applicationsecurity security/networksecurity etc etc etc so that it would be able to be very branched out and specific in the same breath.  we could have the extremely broad topic then boil everything down to a tightly knit highly secure system quickly.  skim through all the garbage and just have essentials.  like i need to work on speeding up /dev/random quite a bit more and the entropy daemons that can feed it with more data....  i need to figure out hashing files and salting them, need to figure out gpg...  need to figure out encfs, or luks auto decrypting at boot.  physical security is also a huge topic, how physically secure is your server/laptop etc.  can i break your laptop lock with a hammer?  can i use my lock picking expertise to break your lock open in 2 seconds?  do you have video watching the servers?  are the servers rack mounted?  are the servers vulnerable to nuclear attack, and mirrored off site multiple times?
  3. Trolling
    swamprabbit got a reaction from 666threesixes666 in Any advantage using 'hardened' for the desktop user?   
    Threesixes and spectromas, I'd be more than happy to assist with something like this as well. :)
     
    Security Blueprints sounds good but what about Security Configuration Guides?
     
    It could be good to lay it out in a Defense in Depth matter:
    Physical Security
    BIOS Configurations
    Kernel Configurations
    Network Configurations
    Application Configurations
    Etc, etc.
     
    If you really want to kick off some brainstorming and what not please feel free to PM and I can provide some info on my background in relation to this sort of thing.
  4. Trolling
    swamprabbit got a reaction from 666threesixes666 in Funtoo ranking on DistroWatch   
    Not that if really matters or is a proper way of gauging a distro's popularity, because it really really isn't.
     
    Just wanted to share with anyone who cares or never took notice that Funtoo has moved up quite a few positions lately.
     
    As of today it has the following listed:
     
    Popularity (hits per day): 12 months: 163 (68), 6 months: 157 (72), 3 months: 154 (72), 4 weeks: 139 (72), 1 week: 118 (75)
     
    http://distrowatch.com/table.php?distribution=funtoo
     
    The Funtoo DistroWatch page does not list any reviews, which is a shame.  I highly doubt Jesse Smith from DistroWatch would go through the trouble of installing Funtoo and doing a review, I can't recall the last time he did a review of a distro that didn't have a "one click" installer.   :P But it would be awesome if he did and would give Funtoo some well deserved time in the spotlight because disto's which don't have actual releases never get on the front page really.
     
    I wonder if Funtoo can break the top 100 before the end of the year either way?  Because that would be awesome!
  5. Trolling
    swamprabbit reacted to sputnik in Minimizing compile time   
    I have a Toshiba TE2000, it's a P4, 15 years old and keeps on ticking, even the CDROM!  I don't think you'll find this is much of an issue once you get over the initial install, it's not that horribly slow.
    I believe LXDE is a good choice, mine is openbox with  lxpanel, etc., I think LXDE IS openbox if I remember correctly.
    The biggest help you can give it is to use ccache and DISTCC - if you have other machines to help.  ccache irregardless of other machines.  Lots of info about those at the wikis and forums.
    swamprabbit's suggestion is excellent too.  There is also the tinderbox, the developer says it's not maintained anymore, but it seems to have recent activity: http://tinderbox.dev.gentoo.org/.  Binary compiles of many packages.  I've never used tinderbox, but I do use the binary browsers, they are a very time consuming compile.
    Also if you can spare a few bucks, mine was 1GB ram, I got 2GB on ebay for something like $12-13, new even.  That helped it alot.
    It's likely you have a tiny HD, if need be it's easy to put /usr/portage on a usb stick.  Or if you do have other machines you can just link to /usr/portage through NFS or samba, that's what I do here.
    Oh, 1 more thing you can do if you increase memory size.  You can run /var/tmp/portage as a ramdisk, should be much faster than storing intermediary compiled programs on disk, reading them back, etc. (although I must confess lately I'm not so sure).  To do this you make an entry like this in /etc/fstab:
    tmpfs /var/tmp/portage tmpfs size=2G 0 0 Don't worry about the 2G, it's smart and only uses what's available for the ramdisk.
    However, a handful of packages cannot fit into such a small size and you will have to make exceptions for them thusly:
    cat /etc/portage/package.env app-office/libreoffice notmpfs.conf app-text/poppler notmpfs.conf cat /etc/portage/env/notmpfs.conf PORTAGE_TMPDIR="/var/tmp/notmpfs" Then portage will use a "real" temporary directory for those packages.  These are examples only, for example, you would almost surely want libreoffice-bin, the compiled version is the king of long compile times.  You'll find out what needs to be added to package.env when it says "out of disk space" when it fails ;)
  6. Trolling
    swamprabbit reacted to drobbins in Pre-built kernels!   
    Hi All,
     
    For a long while, the most time-consuming and potentially error-prone part of installing Funtoo Linux has been building a kernel. I worded to make this better by creating the debian-sources kernel, when combined with the "binary" USE flag will build you a kernel that just works. The problem: the compile time is excessive -- it can take an hour or more even on relatively modern hardware.
     
    To make installing Funtoo Linux even easier, stage3's are now including debian-sources pre-built! We're using the Funtoo compute power made available by Funtoo supporters to save you time and hassle when installing Funtoo :) All you need to do is configure a boot loader and you're ready to go :)
     
    I enabled this yesterday on our build servers, so it will take a few days before all stage3's are updated to include debian-sources. If they have a date of 2015-05-11 or later, they should have a kernel and initramfs included.
     
    If you still want to build your own custom kernel, it is easy enough to unmerge, remove kernel and initramfs, and build your own.
     
    Enjoy!
     
    -Daniel
  7. Trolling
    swamprabbit reacted to caseycole589 in Opinions on using Funtoo or different distro on my Lenovo Yoga 2 11   
    I know I'm late to the discussion but I've been using nothing but sourced based distros on my intel 180 GB ssd asus laptop for  about 2 and a half years now and no compiling in ram. I still get the same read/write speeds as when I first installed and regurlary do emerge -e world, so I don't think its quite as bad as everyone thinks, also have a ssd gentoo server which I don't update as often but haven't had any problems on it either. The only thing I botherd to do was switch my scheduler to noop and added noatime to my fstab.
  8. Trolling
    swamprabbit reacted to pytony in Funtoo ranking on DistroWatch   
    Fixed. Thanks.
  9. Trolling
    swamprabbit reacted to 666threesixes666 in Funtoo ranking on DistroWatch   
    gentoo's taking a hit from our presence also.
     
    Popularity (hits per day): 12 months: 39 (330), 6 months: 40 (313), 3 months: 44 (310), 4 weeks: 46 (304), 1 week: 44 (301)
     
    the moral of the story is post to the wiki accurate eclectic information, and high quality content...  not a bunch of stub articles.  
     
    arch is a roller with no installer...  it's top 10
     
    Popularity (hits per day): 12 months: 8 (997), 6 months: 9 (914), 3 months: 10 (897), 4 weeks: 9 (842), 1 week: 13 (824)
     
    again they have tons of presence, tons of high quality articles...  were aiming for top 10, but this takes massive amounts of effort...  i try to post articles that will answer recurring questions from google searches, or if they're too lazy, and ask anyways i can quickly end the conversation with a link.  if a wiki page is missing the content people want to know, ill add it once i've tested it.  if i haven't tested, ill usually note that or word it less than secure & firm.
     
    the website has approximately 1,500 hits a day.  i've been working a bit on linuxforums.com helping people and letting them know im from the funtoo community.  i keep getting locked out of https://www.linux.com/communityso if you want to start talking to people about issues that would be great.
  10. Trolling
    swamprabbit got a reaction from 666threesixes666 in Funtoo ranking on DistroWatch   
    I agree with you.  I want to do more on the wiki with what time I can give right now.  I added the Kodi package because I use it and someone has a question about trying to install XBMC because they didn't know about the name change.  I was looking at working the one Samba one, but I am not a full expert on Samba an all its internals.
     
    I noticed the Chuse package has a ebuild page, but doesn't show up here http://www.funtoo.org/Ebuilds
     
    Neither does Xfce, I'd like to document some things I found out need to really be done after installing xfce-meta if you want a fully usable desktop from DM to DE.
     
    I am going to document my Yoga 2 11 install and post it on a free Wordpress blog I started to talk about Funtoo.
  11. Trolling
    swamprabbit got a reaction from duncan.britton in Funtoo ranking on DistroWatch   
    Not that if really matters or is a proper way of gauging a distro's popularity, because it really really isn't.
     
    Just wanted to share with anyone who cares or never took notice that Funtoo has moved up quite a few positions lately.
     
    As of today it has the following listed:
     
    Popularity (hits per day): 12 months: 163 (68), 6 months: 157 (72), 3 months: 154 (72), 4 weeks: 139 (72), 1 week: 118 (75)
     
    http://distrowatch.com/table.php?distribution=funtoo
     
    The Funtoo DistroWatch page does not list any reviews, which is a shame.  I highly doubt Jesse Smith from DistroWatch would go through the trouble of installing Funtoo and doing a review, I can't recall the last time he did a review of a distro that didn't have a "one click" installer.   :P But it would be awesome if he did and would give Funtoo some well deserved time in the spotlight because disto's which don't have actual releases never get on the front page really.
     
    I wonder if Funtoo can break the top 100 before the end of the year either way?  Because that would be awesome!
  12. Trolling
    swamprabbit reacted to sitquietly in Opinions on using Funtoo or different distro on my Lenovo Yoga 2 11   
    Your requirements list probably excludes all of the binary distros.  I've used Arch/Manjaro extensively and can't agree that they are light in any sense except that the original install is a small base.  After that their packages have the same extensive, all-inclusive, dependencies as Fedora.
     
    For me it was impossible to accept anything less than Funtoo for my last notebook installation (Toshiba Satellite with amd dual-core, radeon graphics - 4GB ram).  I did want to know if everything was going to work so I got the latest Calculate Linux iso, partitioned the drive with a swap, two "root" parttiions and a home partition, installed Calculate KDE, and tested the wireless, trackpad, etc.  Calculate could easily be the end of the line; it is built with Gentoo, uses standard emerge and allows you to build packages with your own USE flags if necessary.  It is a really nice and very flexible binary distro that allows you to "lighten" it as much as you need.  Of course it uses OpenRC.  I suspect that it ticks all of your checkboxes.
     
    But to get exactly what I want, which is a system that uses openrc and avoids unnecessary or trouble-prone daemons (e.g. avahi, pulseaudio, dbus, kdepim, notifications) I build my own set of binary packages on my workstation and share those via http so that I can install Funtoo on the other partition, drawing packages from my own binary repo.  In order to support different USE flags and CPU_FLAGS_X86 and CFLAGS in the repo than I have on my workstation I do the package building in a chroot, rather like is done with Poudriere for FreeBSD.
  13. Trolling
    swamprabbit reacted to nrc in Opinions on using Funtoo or different distro on my Lenovo Yoga 2 11   
    Libreoffice is definitely one to go with the binary package if possible. There was something I didn't like about the binary package - the branding, I think - so I installed the full package and it took something over 14 hours on my laptop for that package alone.
     
    I probably only update my laptop monthly and then only if there's something worthwhile or important.
  14. Trolling
    swamprabbit reacted to iwoloschin in Opinions on using Funtoo or different distro on my Lenovo Yoga 2 11   
    Why not explore distcc?  You've got other Funtoo systems laying around, it's possible to set up the laptop to not even do any of the compiling, just linking, and if you're really concerned about the SSD and don't care how long it takes, you could set up all of the linking to occur over a NFS mount (not recommended...but possible!).
     
    Years ago I did something like this between a laptop and desktop both running Gentoo.  It worked well because the laptop wasn't nearly as powerful.  Around the same time I also used distcc in an internship, to farm out compilation tasks from one master server to 40+ slaves (which weren't useful until the software was compiled...), which was awesome because it turned an all day compilation into a 30 minute affair, and none of the engineers understood how I had done it :D.
  15. Trolling
    swamprabbit reacted to nrc in Opinions on using Funtoo or different distro on my Lenovo Yoga 2 11   
    /tmp is tmpfs but that sees minimal use.   Swap and /var/tmp are on SSD.   I don't see a lot of swap use but I don't do a lot of heavy multi-tasking on this unit.  I have it tuned for just two threads on builds because the CPU is really the bottleneck here.
     
    Yes, there's some concern about wear on the SSD from builds but all my reading suggests the SSD should easily outlive the useful life of this laptop.
     
    Just to be clear, when I say it takes "a while" I mean many hours.  I didn't really keep track of how long the original builds took but an update of 60 packages just took about 10 hours.   This is no big deal for the way I use this laptop. 
  16. Trolling
    swamprabbit reacted to nrc in Opinions on using Funtoo or different distro on my Lenovo Yoga 2 11   
    I run Funtoo on a Dell Latitude 13 with 2G of memory and a 1.3Ghz Celeron.  Originally it had a 16G SSD and it was fine but I installed 128G when I had to replace the drive cable.
     
    It takes a while to build everything but I mainly use it as an ultra-portable for travel so there's no reason to update it all that often.
  17. Trolling
    swamprabbit reacted to morphmex in [SOLVED]ERROR: media-tv/xbmc-13.2-r1 failed (compile phase): * emake failed   
    Many thank's
    swamprabbit  :D
  18. Trolling
    swamprabbit got a reaction from adessemond in Any advantage using 'hardened' for the desktop user?   
    jwjones, my apologies, I just realized  that I went rolling on with the ideas 666threesixes666 and spectromas brought up, without providing some info to your question.
    I am still new to Funtoo/Gentoo specific things, but I think I can add more to what threesixes said in the first post, I'll try and be broad and focused at this same time, because I also don't know paranoid and security focused you are.  Or maybe it will answer something for someone else. ;)
     

    In general there are advantages to a user running an "hardened" desktop, but there are also disadvantages such as consuming time to configure it so that everything "just works".  Security mechanisms can often get in the way of a user's needs or forces them modify how they use their system in order to accommodate the protections that are put in place.
     
    The key for "average desktop user" that likes to keep a security focused mindset is to find balance when implementing security in relation to the cost of the data or user's time and the risks that are out there.
    Much of this is preference, but like you mentioned in your post, servers often held to higher preferences because of the cost of the data/resource and the server administrator's time.  But some people like to run their desktops with the same level of protection.  In the business world more often than not all of this is evaluated through a Business Impact Assessment and security mechanisms are developed and implemented based on this.
     
    For example, 666threesixes666 explained some of the security mechanisms and configurations that they find reasonable for their situations and usage.
    For your "average desktop user" or desktop system that is used for surfing the web, playing games, creating non-sensitive documents; things like 666threesixes666 explained are usually enough.  Things like were mentioned: a long complex password, a good host firewall, not running un-needed services that create risk (ssh, avahi, samba, ftp, telnet, etc), using separate partitions for data separation.  These are considered typical security configurations because most security people think of these first and they work well at protecting the "average desktop users" without getting in the way really.
     
    A "average desktop user" can take things a step further without running the hardened mix-in or compiling a hardened kernel by using security related applications like sshguard, fail2ban, denyhosts, rkhunter, aide, tripwire, dnscrypt, apparmor, sudo, etc, etc.
    These types of things are I consider "piling on security", this falls under "hardening" in general.  But I like to call it "piling on security" because you are just adding security mechanisms "on top" of the base system and it helps people understand.
     
    A user can take it a step further by doing some extra configuration changes as well; these are usually focused strictly on the base system.  Such as: configuring password complexity, aging, and lockout options, modifying hosts.deny and host.allow for use with tcpwrappers, adding egress filtering to the firewall, modifying /etc/sysctl.conf, using Bastille and or Lynis for extra hardening options, and using openscap and or cvechecker to continuously monitor system vulnerabilities based on installed software.  There are so many others that are for specific applications a user may use, too many to add right now.
     
    The last option or step is to take it to the extreme or partially there.  This is using hardened mix-in and or a hardened kernel.
     
    The Funtoo Flavors and Mix-ins page states the Hardened Mix-in "enables hardened support."
    Now because I am still new to all the ways of Funtoo/Gentoo, I am going to assume this relates to what Gentoo has in their wiki. "By choosing the hardened profile, certain package management settings (masks, USE flags, etc) become default for your system. This applies to many packages, including the toolchain. The toolchain is used for building/compiling your programs, and includes: the GNU Compiler Collection (GCC), binutils (linker, etc.), and the GNU C library (glibc). By re-emerging the toolchain, these new default settings will apply to the toolchain, which will allow all future package compiling to be done in a hardened way.  I believe this is what the hardened mix-in offers because when I used it it did not include grsecurity options in the kernel .config (see below).
     
    By using the hardened-sources versus gentoo-sources or anything other, includes the Hardened Gentoo Toolchain into the kernel.  The Hardened Gentoo Toolchain includes: PaX, PIE/SSP, grsecurity kernel patches, Mandatory Access Controls (gersecurity, SELinux, RSBAC, Tomoyo), Linux Integrity Measurement Architecture in conjunction with Extended Verification Module subsystem.
     
     
    I am currently "tinkering" with a build using both the hardened mix-in, gentoo's hardened-sources with Funtoo, and a bunch of what I talked about above and it seems to be working fine so far.  Do I need it for everyday use, absolutely not.  :ph34r:
     
     
    So the advantages for you personally using the hardened mix-in is really up to you, your system, and its use.  Technically there is an advantage, but the disadvantage is that it could cause issues leading to configuring and troubleshooting time increases.  More than likely you will be a safe and secure "average desktop user" with far less. ;)
     
    Like 666threesixes666 stated at the end of their first post "security is a strange beast, there are many angles you can take with security.".
    It can be as complex as the user/data/owner/etc need it to be, which is why I left out things like physical, BIOS, and network protections, etc, etc.
    Plus I was getting close to writing a book anyway.  :P
  19. Trolling
    swamprabbit reacted to Oleg Vinichenko in Installation of xfce4-meta-4.12 not possbile   
    xfce4-meta-4.10 has >= atom in dependencies, i.e versions 4.12 are satisfied. For current releases (known as unstable ~keyworded in Gentoo) it will pull 4.12, for stable users, it will be <4.12.
  20. Trolling
    swamprabbit reacted to 666threesixes666 in static IP configuration   
    before doing any of this: nameservers="192.210.200.10" to nameservers="8.8.8.8"
     
    basically drop in a known working name server 1st, double check the gateway is correct.  the information you gave omits the subnet mask.  the work network could have a wonky subnet mask.
     
    post the output of ifconfig, and ifconfig -a, and dmesg.
     
    i use network manager, there is a command line ncurses interface for it...  id emerge network manager (and follow along funtoos package page about it) from chroot, and use nmtui in console to configure the ip addresses.

     
    you could turn that old machine into your offices new dhcp server that assigns specific addresses to specific computers, and provides generic pool ip addresses to roaming machines with dnsmasq.
  21. Trolling
    swamprabbit got a reaction from spectromas in Any advantage using 'hardened' for the desktop user?   
    Threesixes and spectromas, I'd be more than happy to assist with something like this as well. :)
     
    Security Blueprints sounds good but what about Security Configuration Guides?
     
    It could be good to lay it out in a Defense in Depth matter:
    Physical Security
    BIOS Configurations
    Kernel Configurations
    Network Configurations
    Application Configurations
    Etc, etc.
     
    If you really want to kick off some brainstorming and what not please feel free to PM and I can provide some info on my background in relation to this sort of thing.
  22. Trolling
    swamprabbit reacted to 666threesixes666 in Any advantage using 'hardened' for the desktop user?   
    sshguard yes...  the others not so much because they are general infra deployment techniques.  i imagine hardened is for shared webserver systems that have tons of users, as far as i know its just more granular permission settings.  i guess it should go to a securing a funtoo install wiki page that would outline several packages/tutorials.
     
    LPS "lightweight portable security" is the DOD linux distro, not cia.  what should the page be named, security tips below hardened...  security blueprints?  i like security blueprints for the title of a page of security tips / links to security articles / tutorials.
  23. Trolling
    swamprabbit reacted to spectromas in Any advantage using 'hardened' for the desktop user?   
    Would it be good (or relevant at all) to have some mention of whether it is being targeted towards server security or desktop user security?
     
    desktop security and server security maybe?
  24. Trolling
    swamprabbit reacted to drobbins in Subarch Profiles   
    Hi All,
     
    If you have installed a new Funtoo Linux system in the last week, you may have noticed something interesting -- /etc/make.conf is EMPTY and eselect profile show shows something new -- a subarch profile:
     
    test / # eselect profile show   Currently set profiles:     arch: gentoo:funtoo/1.0/linux-gnu/arch/x86-64bit    build: gentoo:funtoo/1.0/linux-gnu/build/current   flavor: gentoo:funtoo/1.0/linux-gnu/flavor/core  subarch: gentoo:funtoo/1.0/linux-gnu/arch/x86-64bit/subarch/corei7   What's going on? This is part, or maybe culmination of an ongoing effort to simplify /etc/make.conf. While it is still possible to set CFLAGS in /etc/make.conf, by default, these settings are now defined in a subarch profile. By default, new stage3's will have a subarch profile set, but existing Funtoo systems don't need to have one set. If you'd like to set a subarch profile, you can do so by ensuring you have the latest eselect installed and using the "eselect profile set-subarch" command.   What are the benefits of subarch profiles? Of course, the first big benefit is to keep /etc/make.conf clean. Subarch profiles, along with flavors and mix-ins, are designed to help keep /etc/make.conf tidy and only contain the tweaks you personally need for your system. It also assists with Metro, our stage building tool. Metro no longer has to store all the CFLAGS settings for each subarch -- these are now integrated into the Portage tree, in one place. And also, this allows us to fix and improve subarches over time, and you automatically benefit from any improvements with an emerge --sync.   Hope you enjoy the new system,
    Daniel
×
×
  • Create New...