IRC log for #devuan on 20200601

`00:15.25`	`*** join/#devuan xcm (~xcm@ipd114.250.tellas.gr)`
`00:43.05`	`*** join/#devuan ac_laptop (~ac_laptop@186.2.247.129)`
`00:53.10`	`*** join/#devuan xcm (~xcm@ipd114.250.tellas.gr)`
`01:16.31`	`*** join/#devuan ar3itrary (~hacker@v22016101923038440.bestsrv.de)`
`01:45.09`	`*** join/#devuan sacioz (~sacioz@170.233.51.2)`
`01:46.41`	`*** part/#devuan sacioz (~sacioz@170.233.51.2)`
`01:51.14`	`*** join/#devuan Oksana (~Wikiwide@Maemo/community/ex-council/Wikiwide)`
`01:51.45`	`Oksana`	`Ti-red. How do I get/set date, time, timezone? Beowulf, Devuan, Xfce.`
`01:54.19`	`*** join/#devuan dho (~dho@freenode/staff/dho)`
`01:55.06`	`bgstack15`	`Xfce panel whisker menu, select the "Settings" icon. Or in the Alt+F2 run screen, run "xfce4-settings-manager"`
`01:55.32`	`bgstack15`	`and of course my xfce setup doesn't have a timezone chooser.`
`01:55.43`	`*** join/#devuan sedrosken (~sedrosken@216.146.235.121)`
`01:55.59`	`bgstack15`	Are you comfortable with command line? `sudo dpkg-reconfigure tzdata`
`01:56.25`	`bgstack15`	`will get you the Devuan canonical way to set timezone.`
`01:57.09`	`bgstack15`	`and then to set time, are you interested in using ntp/chrony (points to a network time server) or just manually telling your computer what time it is?`
`01:58.24`	`Oksana`	`bgstack15: Sounds good, thank you. It says Current default time zone: 'Australia/Sydney' Local time is now: Mon Jun 1 12:57:13 AEST 2020. https://www.timeanddate.com/ says 11:57.`
`01:58.34`	`bgstack15`	`date -s "2020-06-01 01:58 UTC"`
`01:58.39`	`Oksana`	`So, the problem is still there`
`01:58.58`	`Oksana`	`doesn't want to set it manually, with DST and everything - wants it to just work.`
`01:59.09`	`bgstack15`	`The trickery begins with getting your BIOS (or motherboard) to store the time that your OS is using.`
`01:59.19`	`bgstack15`	`Particularly on VMware... but I digress.`
`01:59.58`	`bgstack15`	`so to fix that pesky hour off thing:`
`01:59.58`	`bgstack15`	`sudo service chrony restart`
`01:59.59`	`Oksana`	`It is possible that Microsoft Teams doesn't work because of wrong time. https://github.com/IsmaelMartinez/teams-for-linux/issues/286 Not my choice of conferencing software, but still, would be nice to not have to deduct 1 hour every time I glance at laptop clock.`
`02:00.05`	`*** join/#devuan tomtastic_ (~tomtastic@90.207.17.214)`
`02:00.34`	`Oksana`	`chrony: unrecognized service`
`02:00.36`	`bgstack15`	`Yes, I expect Teams to struggle due to the clock being off. Some things (certs? kerberos? SAML in particular for sure) only tolerate <5 minutes off.`
`02:00.51`	`*** join/#devuan sedrosken_ (~sedrosken@216.146.235.121)`
`02:00.57`	`bgstack15`	`try "sudo service ntpd restart" or ntp`
`02:01.04`	`bgstack15`	`Dratted chrony replacing ntp...`
`02:01.24`	`Oksana`	`bgstack15: Would be nice if they told me what the problem was! I tried three different web browsers, incognito mode, and empties my/etc/hosts file in vain.`
`02:01.52`	`bgstack15`	`so the command line, "date -u" should show you UTC time of Monday at 02:01 right now.`
`02:02.04`	`Oksana`	`Not ntpd, not ntp`
`02:02.06`	`bgstack15`	`If that's good, then we just need to solve your DST display issue.`
`02:02.32`	`Oksana`	`date -u Mon 1 Jun 03:02:08 UTC 2020`
`02:03.14`	`bgstack15`	`OK, so definitely off. Make sure ntpdate is installed. We're going to run ntpdate manually for now.`
`02:03.18`	`bgstack15`	`sudo apt-get install ntpdate`
`02:04.05`	`Oksana`	`ntpdate is installed, already.`
`02:04.15`	`bgstack15`	`then: ntpdate 0.centos.pool.ntp.org`
`02:04.29`	`bgstack15`	`that's the one I use... even though I also use Devuan Linux.`
`02:04.43`	`Oksana`	`Running ps aux \| grep ntp \| grep -v firefox, I get/usr/sbin/ntpd -f /etc/openntpd/ntpd.conf AND ntpd: ntp engine AND ntpd: dns engine AND grep ntp`
`02:05.42`	`bgstack15`	`maybe the service goes by another name on Beowulf. Maybe do a ls -l /etc/init.d/ntp`
`02:05.48`	`bgstack15`	`Sorry, I'm all Ceres over here.`
`02:06.33`	`bgstack15`	`so the manual ntpdate command will take a few seconds, as you should have observed. But your date should be good now.`
`02:07.05`	`Oksana`	`date -u Mon 1 Jun 02:06:41 UTC 2020`
`02:07.37`	`bgstack15`	`I've actually never had good luck with chrony (or ntpd for that matter) actually pulling time from a time server. So whenever my VMware host screwed up the date, my VMs would too and never fix themselves because I suck at ntp.conf.`
`02:08.05`	`bgstack15`	`Good, so correct date now. So the probable cause of this is your system boots up with the hardware clock time which is probably off by an hour.`
`02:08.14`	`bgstack15`	`I have this problem twice a year...`
`02:08.38`	`bgstack15`	`So run: sudo hwclock -ru`
`02:09.00`	`bgstack15`	`So for some reason my hwclock is showing me my real time in my timezone even though I gave it the -u flag.`
`02:10.03`	`bgstack15`	`if this hwclock output is off by the one hour, then that means the hardware clock is off. So you can change the hardware clock time to use the system time now that you corrected it.`
`02:10.14`	`bgstack15`	`sudo hwclock --systohc`
`02:10.28`	`Oksana`	`sudo hwclock -ru 2020-06-01 22:10:11.342550+10:00`
`02:11.13`	`Oksana`	`doesn't know what that means`
`02:11.27`	`bgstack15`	`Wow, for me it shows: 2020-05-31 22:08:29.925546-04:00`
`02:12.00`	`bgstack15`	`And it is actually Sun, May 31 at 22;11 right now here.`
`02:12.33`	`bgstack15`	`So unless you're a full 24-hours ahead of me, and it's 10pm in your timezone right now, your system clock is off. (But by way more than an hour)`
`02:12.41`	`bgstack15`	`I think. I'm getting a little lost too.`
`02:12.58`	`bgstack15`	`My recommendation is make sure your system time is good, and then just do the hwclock --systohc`
`02:15.13`	`Oksana`	`sudo hwclock --systohc doesn't change anything`
`02:15.33`	`bgstack15`	`As in, doesn't show anything when you run that one command?`
`02:15.56`	`Oksana`	`As in, after I run sudo hwclock --systohc, sudo hwclock -ru says 2020-06-01 22:14:52.264761+10:00`
`02:18.10`	`bgstack15`	`maybe my limited understand of the -l and -u (local versus UTC) flags is confounding the issue. How about hwclock -rl`
`02:20.10`	`bgstack15`	`g2g. I hope I helped! Please continue asking here if you still need help; maybe somebody else can rescue us from my lack of knowledge.`
`02:22.35`	`gnarface`	`Oksana: dpkg-reconfigure tzdata`
`02:23.04`	`gnarface`	`Oksana: if the install shares a machine with a windows box, it could be corrupting it in the bios though`
`02:23.23`	`gnarface`	`Oksana: (less likely the timezone but definitely the time itself)`
`02:25.59`	`Oksana`	`There are ruins of an old Windows XP on the same laptop, but not booting into it at all.`
`02:26.42`	`*** join/#devuan xcm (~xcm@ipd114.250.tellas.gr)`
`02:26.51`	`*** join/#devuan sh4 (shapeless@unaffiliated/sh4)`
`02:26.51`	`Oksana`	`sudo hwclock -rl gives 2020-06-01 12:26:20.967229+10:00. Looks better, but still suspect.`
`02:32.59`	`*** join/#devuan bilbo_b (~quassel@2a02:908:175:12e0:20d:b9ff:fe35:b114)`
`02:36.40`	`*** join/#devuan Gup (~Gup@jh3.jhodges.co.uk)`
`02:36.55`	`gnarface`	`Oksana: well after you set the timezone you can use the ntpdate program to do a one-time sync of the system clock to the network time pool, then run that "hwclock --systohc" command again to flush the update into the bios. then it should be fine`
`02:38.02`	`gnarface`	`Oksana: as long as you're never booting into windows again, it is preferable to tell tzdata to store the bios in UTC, just in case you didn't know`
`02:38.09`	`gnarface`	`Oksana: bios time*`
`02:40.20`	`*** join/#devuan phicoh (phicohmatr@gateway/shell/matrix.org/x-kqzubvmfqodxwzpo)`
`02:41.13`	`*** join/#devuan D-HUND (~debdog@2a00:79c0:65c:8c00:7a24:afff:fe8a:d04d)`
`02:44.19`	`*** join/#devuan cerna (cernamatri@gateway/shell/matrix.org/x-vlfueeifwdzojcgl)`
`02:44.36`	`Xenguy`	`There is 'ntpdate-debian' also, for occasional one-offs`
`02:46.44`	`*** join/#devuan LucasRamage[m] (oxr463matr@gateway/shell/matrix.org/x-qikjiayaokegtobc)`
`02:52.04`	`*** join/#devuan hkuj (hkujmatrix@gateway/shell/matrix.org/x-qahjphbfanaevyht)`
`02:54.03`	`*** join/#devuan palinuro (palinuroma@parrotsec/teamleader/palinuro)`
`02:57.20`	`*** join/#devuan Oksana (~Wikiwide@Maemo/community/ex-council/Wikiwide)`
`03:07.37`	`*** join/#devuan jiefk[p] (jiefkpriva@gateway/shell/matrix.org/x-gvqbpcmrzajpbxbt)`
`03:15.46`	`*** join/#devuan erhandsoME[m] (erhandsome@gateway/shell/matrix.org/x-hpmtwshkrdpnucif)`
`03:16.14`	`*** join/#devuan sakhawinks (~n0a110w@unaffiliated/n0a110w)`
`03:18.29`	`*** join/#devuan mischix (175bc31c@23-91-195-23-91-195-28.cpe.sparklight.net)`
`03:18.40`	`mischix`	`Good evening ..`
`03:20.01`	`gnarface`	`mischix: if you have questions, just ask, don't wait for permission. someone usually answers if you're patient enough`
`03:20.31`	`mischix`	`gnarface: ah. I just didn't want to appear .. emm .. pushy :)`
`03:20.31`	`*** join/#devuan I3^RELATIVISM (alexissamp@gateway/shell/matrix.org/x-dbwxoeobelikswbh)`
`03:21.03`	`*** join/#devuan grin[m] (gringrinhu@gateway/shell/matrix.org/x-bnblylhnpvzsojmc)`
`03:21.29`	`*** join/#devuan n0a110w- (~n0a110w@unaffiliated/n0a110w)`
`03:21.47`	`mischix`	`I migrated from 10+ years Debian. All works quite well. But I can't install Google Chrome (which I need for development). It misses two pages of libraries :(`
`03:22.30`	`gnarface`	`you probably need to enable non-free in your sources.list`
`03:22.36`	`gnarface`	`that part shouldn't have changed from debian`
`03:22.46`	`gnarface`	`alternately i could recommend chromium mabye`
`03:22.50`	`gnarface`	`maybe`
`03:24.07`	`*** join/#devuan gavlee (~gav@unaffiliated/gavlee)`
`03:24.17`	`gnarface`	`also note that devuan ascii corresponds to debian stretch, not buster, so maybe you just have version conflicts`
`03:24.49`	`gnarface`	`devuan beowulf is the one that corresponds to current debian stable`
`03:25.05`	`*** join/#devuan thomascovenant (thomascove@2a01:7e00::f03c:91ff:fe2b:2634)`
`03:25.05`	`*** join/#devuan thomascovenant (thomascove@fsfe/thomascovenant)`
`03:25.34`	`mischix`	`Chromium is ages behind Google Chrome. And I have non-free activated. But you are right - Google-Chrome usually wants a current Debian version.`
`03:26.23`	`gnarface`	`what you need could be in ascii-backports too, i'm not sure`
`03:26.28`	`mischix`	`On the other hand ... I have Chrome on my stretch desktop. Weird ...`
`03:29.01`	`mischix`	`It looks like this:`
`03:29.16`	`mischix`	`<PROTECTED>`
`03:29.38`	`mischix`	`About 30 or so libs missing and not installable.`
`03:31.30`	`mischix`	`However: libappindicator3-1 is already the newest version (0.4.92-4).`
`03:32.58`	`*** join/#devuan nyov (~nyov@unaffiliated/nyov)`
`03:34.16`	`mischix`	`Crap. Just found out that I installed 686-pae. That explains a lot. This is awkward ...`
`03:34.22`	`mischix`	`blushes`
`03:40.14`	`*** join/#devuan n0a110w (~n0a110w@unaffiliated/n0a110w)`
`03:48.26`	`*** join/#devuan frabbit (~free_rabb@unaffiliated/free-rabbit/x-8401877)`
`03:49.26`	`frabbit`	`is there a way to blacklist all connections from devuan accept the ones on a whitelist?`
`03:52.15`	`Oksana`	`hosts.allow ?`
`03:57.52`	`Oksana`	`https://unix.stackexchange.com/questions/304021/how-can-i-implement-a-whitelist-on-a-specific-port-using-iptables`
`04:23.19`	`frabbit`	`Oksana: oh i see! =o`
`04:24.15`	`frabbit`	`so i can simply enable "ALL:PARANOID" in hosts.deny and then whitelists the ones i want?`
`04:24.47`	`frabbit`	`and this works for all network traffic, firefox, apt, wget, mumble etc:?`
`04:39.58`	`*** join/#devuan DocScrutinizer05 (~saturn@openmoko/engineers/joerg)`
`04:42.10`	`*** join/#devuan engidea (~damiano@46.141.120.243)`
`04:55.37`	`*** join/#devuan cd (~cd@unaffiliated/cd)`
`05:40.45`	`*** join/#devuan arnoldoree (~arnoldore@2001:d08:1a04:5e9e:1799:3312:2391:7c9d)`
`05:51.44`	`*** join/#devuan frabbit_ (~free_rabb@unaffiliated/free-rabbit/x-8401877)`
`06:03.10`	`frabbit`	`hm nah.. ALL: ALL in hosts.deny and its only for acces to the machine where that file can be found`
`06:03.54`	`frabbit`	`so for blocking acces through website and so on i need to config these iptables then`
`06:09.07`	`*** join/#devuan gavlee (~gav@unaffiliated/gavlee)`
`06:14.50`	`*** join/#devuan silentjet (~jet@staticline-31-182-193-145.toya.net.pl)`
`06:29.51`	`*** join/#devuan phyre (~phyre___@78.30.22.107)`
`06:31.31`	`*** join/#devuan Joril (~joril@host-217-194-188-145.sbs.redder.net)`
`06:38.00`	`*** join/#devuan fylgje (~fylgje@59.red-79-148-22.dynamicip.rima-tde.net)`
`06:44.50`	`*** join/#devuan Pali (~pali@Maemo/community/contributor/Pali)`
`06:50.01`	`*** join/#devuan n0a110w (~n0a110w@unaffiliated/n0a110w)`
`06:51.31`	`*** join/#devuan n0a110w (~n0a110w@unaffiliated/n0a110w)`
`06:59.14`	`*** join/#devuan bgustav (~bgustav@86.121.63.209)`
`07:26.22`	`*** join/#devuan rsx (~rsx@ppp-188-174-157-213.dynamic.mnet-online.de)`
`07:33.45`	`*** join/#devuan sb35 (~sb35@167.114.5.9)`
`07:47.09`	`*** join/#devuan frabbit_ (~free_rabb@unaffiliated/free-rabbit/x-8401877)`
`08:01.41`	`*** join/#devuan zatumil (~debian@cgn-213-196-210-191.nc.de)`
`08:21.30`	`*** join/#devuan Uberius (~Uberius@gateway/tor-sasl/uberius)`
`08:22.49`	`tomtastic`	`I thought hosts.allow / hosts.deny (known as TCP wrappers?) only worked for inetd services ?`
`08:24.33`	`tomtastic`	`I think iptables is a much better approach`
`08:25.50`	`*** join/#devuan BiG_NoBoDy (~ruslanas@2001:41d0:401:3100::20a3)`
`08:37.18`	`frabbit`	`tomtastic: im totally new to all this network stuff..`
`08:37.45`	`tomtastic`	`you sound like you're on the right track`
`08:38.14`	`frabbit`	`the hosts.deny file with "ALL: ALL" should now block all access to my computer from other computers correct?`
`08:39.08`	`frabbit`	`atm im reading about iptables, apparmor, firejail....`
`08:41.12`	`*** join/#devuan frabbit_ (~free_rabb@unaffiliated/free-rabbit/x-8401877)`
`08:41.54`	`frabbit`	`... bombs on telefonica... -.-`
`08:41.59`	`tomtastic`	`I would suggest you use iptables instead. You can have a default 'DROP' rule for all incoming traffic, and then whitelist certain connections`
`08:42.13`	`frabbit`	`tomtastic: instead of what?`
`08:42.25`	`tomtastic`	`instead of using the /etc/hosts.* files`
`08:43.30`	`frabbit`	`but that entry was pretty easy.. does it not work?`
`08:43.43`	`frabbit`	`iptables seems heavy...`
`08:45.54`	`frabbit`	`is it wrong what i think that entry is doing now?`
`08:47.32`	`*** join/#devuan xinomilo (~xinomilo@gateway/tor-sasl/xinomilo)`
`08:51.13`	`tomtastic`	`TCP wrappers only block services compiled with TCP wrapper support.`
`08:51.24`	`tomtastic`	`iptables will catch everything`
`08:52.41`	`frabbit`	`ok`
`08:52.53`	`frabbit`	`now i need to read what TCP wrappers are...`
`08:53.33`	`frabbit`	`name reminds me of tcpdump`
`08:53.47`	`frabbit`	`that program has probably something to do with it?`
`08:54.14`	`tomtastic`	`They aren't related other than both working on network traffic. :)`
`08:54.40`	`tomtastic`	`tcpdump works at the network level, whereas tcpwrappers work at the application level.`
`08:55.02`	`frabbit`	`phew.. tahts to much sorry =(`
`08:55.19`	`tomtastic`	`Be very careful with iptables if you're accessing this server remotely, it's easy to deny yourself access.`
`08:55.48`	`frabbit`	`but i read atm that DenyHosts is or was vulnerable for "Remote Log Injection"`
`08:56.02`	`frabbit`	`so its probably not good to use anyway`
`08:56.28`	`frabbit`	`tomtastic: this server?`
`08:56.52`	`frabbit`	`you mean the freenode server? what do you mean by remotely?`
`08:56.59`	`tomtastic`	`whichever system you're trying to limit incoming traffic to`
`08:57.13`	`frabbit`	`im on my laptop`
`08:57.26`	`tomtastic`	`Like, the system you're running devuan on`
`08:57.33`	`frabbit`	`i want that for my but in first place for the laptop of a child`
`08:57.43`	`frabbit`	`*me`
`08:58.04`	`frabbit`	`i want to whitelist pages and connects that this child could visit / use`
`08:58.11`	`frabbit`	`*connections`
`08:58.29`	`frabbit`	`this is possible with iptables right?`
`08:59.30`	`tomtastic`	`Ahh, OK, iptables will only get you so far then. You'll be able to limit HTTP traffic to certain websites, but you wont be able to use it to limit access to particular pages on those weebsites.`
`08:59.56`	`frabbit`	`oh! =(`
`09:00.05`	`frabbit`	`but how to do that then?`
`09:00.33`	`frabbit`	`there are firefox addons, but they are shitty or u must pay for them... and thats for forefox alone...`
`09:00.41`	`frabbit`	`*firefox`
`09:02.15`	`tomtastic`	`If this is for a child, I'd probably be looking at using some kind of portal mode application, where they can't escape from the app.`
`09:02.25`	`frabbit`	`if the cild is using a differen tbrwoser or join the wrong channel in mumble..`
`09:03.11`	`frabbit`	`nah the kid should have acces to several programs, just as an adult, but be protected from shit form the web`
`09:03.17`	`frabbit`	`*access`
`09:03.30`	`frabbit`	`i dont want a kiosk mode or something`
`09:03.51`	`tomtastic`	`I think what you're trying to achieve on Linux will be complex.`
`09:03.58`	`frabbit`	`=(`
`09:04.16`	`frabbit`	`thats bad... then it is not respecting children rights...`
`09:04.30`	`frabbit`	`isnt there any children distro?`
`09:04.35`	`tomtastic`	`Restricting access on the web is very complicated.`
`09:04.37`	`frabbit`	`lokks for that now?`
`09:04.49`	`xinomilo`	`not much complicated`
`09:05.08`	`frabbit`	`tomtastic: but thats a problem... 80% of the web is porn or violence or both...`
`09:05.14`	`tomtastic`	`xinomilo really, even when HTTPS is considered?`
`09:05.29`	`xinomilo`	`local dns + local zones, parental controls in ISP/router, fixed confs and then limiting permissions to change..`
`09:05.36`	`xinomilo`	`depends on what you want to do`
`09:05.36`	`tomtastic`	`domain blocking will get you 80% of the way there`
`09:06.06`	`frabbit`	`i dont understand what all that means...`
`09:06.15`	`frabbit`	`domain blocking as blacklist?`
`09:06.21`	`tomtastic`	`But if you want to block based on other URL components, you'll have to MITM the SSL`
`09:06.34`	`tomtastic`	`frabbit yes`
`09:06.45`	`frabbit`	`i want to block everything except urls / ips on a whitelist`
`09:06.51`	`tomtastic`	`eg. blacklist : porn.com, etc.`
`09:07.02`	`frabbit`	`blacklists are useless`
`09:07.05`	`xinomilo`	`another example, web proxy(squid)`
`09:07.21`	`frabbit`	`tomtastic: wont work everyday there are new site spreading up...`
`09:07.38`	`tomtastic`	`xinomilo ; yes, thats the MITM aspect though isn't it ?`
`09:08.07`	`tomtastic`	`frabbit : A Whitelist might be more appropriate.`
`09:08.17`	`frabbit`	`whitelisting is always the best way, for protection, no matter what.`
`09:08.32`	`frabbit`	`yes i know`
`09:09.15`	`frabbit`	`i mean whats better: 1. giving everyone in the world the keys to ur flat except some specif ones, or 2. giving the keys only to a few people or even no one? ;)`
`09:09.24`	`frabbit`	`*specific`
`09:09.35`	`tomtastic`	`Personally, I'd just setup an old ipad with a configuration profile applied.`
`09:09.36`	`xinomilo`	`tomtastic, if you're running squid locally, it's not.`
`09:09.52`	`frabbit`	`tomtastic: o_0`
`09:10.21`	`frabbit`	`err... im talking about security and u offer me apple? thats a joke, is it?`
`09:10.45`	`frabbit`	`apple collects everything and sells everything...`
`09:10.59`	`frabbit`	`just as google, microsoft, amazon...`
`09:11.18`	`tomtastic`	`https://www.linux.com/news/parents-guide-linux-web-filtering-0/`
`09:11.21`	`frabbit`	`to me acces to their "services" is a security issue`
`09:11.25`	`tomtastic`	`https://www.maketecheasier.com/configure-linux-for-children/`
`09:11.34`	`tomtastic`	`https://www.instructables.com/id/Set-up-web-content-filtering-in-4-steps-with-Ubunt/`
`09:11.39`	`frabbit`	`visit links`
`09:11.41`	`tomtastic`	`https://mintguide.org/other/227-nanny-a-parental-control-in-linux-mint.html`
`09:13.36`	`*** join/#devuan spuria (~spuria@93-45-50-235.ip100.fastwebnet.it)`
`09:14.22`	`frabbit`	`these distros in that one link arent useful imho, they are child-user-friendly but nor secure`
`09:15.00`	`frabbit`	`tha child is already using the terminal a bit, so it isnt necessary to have big colorful icons or something =)`
`09:15.11`	`frabbit`	`*the`
`09:15.53`	`tomtastic`	`frabbit : Afraid I disagree with the comment about Apple collecting everything, they dont rely on advertising revenue unlike Google/Amazon.`
`09:16.27`	`frabbit`	`Danguardian is just a blacklist`
`09:16.31`	`frabbit`	`as it seems`
`09:16.42`	`frabbit`	`https://en.wikipedia.org/wiki/Dansguardian`
`09:16.50`	`frabbit`	`tomtastic: oh please...`
`09:17.00`	`tomtastic`	`frabbit : the DansGuardian is more than just blacklist.`
`09:17.04`	`frabbit`	`they do and they are part of PRISM`
`09:17.09`	`tomtastic`	`you can easily add a whitelist too`
`09:17.22`	`frabbit`	`Apple sucks`
`09:18.01`	`tomtastic`	`PRISM isnt a collective of orgs that spy on people, it was the NSA programme to hack into large orgs to sniff their traffic.`
`09:18.28`	`frabbit`	`its ot`
`09:19.03`	`frabbit`	`but whats the different between sniff traffic and spy? xD`
`09:19.21`	`frabbit`	`and "was" is not correct they still do`
`09:19.31`	`tomtastic`	`yes, very OT. Anyway, as xinomilo suggested, a combination of iptables/DansGuardian,squid will probably achieve roughly what you want`
`09:19.33`	`frabbit`	`but no ot here`
`09:19.58`	`frabbit`	`yeah probably its the only way...`
`09:20.45`	`frabbit`	`there should be a distro for children that runs out of the box that way. only thing to do should be add entrys in the whitelist and done...`
`09:22.08`	`frabbit`	`https://en.wikipedia.org/wiki/Children's_rights - it lacks there massively...`
`09:22.22`	`frabbit`	`ok thank u for now tomtastic and xinomilo`
`09:23.43`	`*** join/#devuan AntoFox (~Thunderbi@net-2-39-203-61.cust.vodafonedsl.it)`
`09:28.31`	`tomtastic`	`good luck frabbit, let us know how you get on`
`09:33.18`	`frabbit`	`tomtastic: thx =) but this will take some time i think... and i need a lot of other stuff to do "nearby" x)`
`09:41.55`	`*** join/#devuan tomtastic_ (~tomtastic@90.207.138.219)`
`09:56.28`	`*** join/#devuan FlibberTGibbet (~david@unaffiliated/flibbertgibbet)`
`10:01.25`	`*** join/#devuan xcm (~xcm@ipd114.250.tellas.gr)`
`10:10.32`	`*** join/#devuan systemdlete (~systemdle@c-76-105-3-38.hsd1.ca.comcast.net)`
`10:23.33`	`*** join/#devuan frabbit_ (~free_rabb@unaffiliated/free-rabbit/x-8401877)`
`10:25.59`	`*** join/#devuan xcm (~xcm@ipd114.250.tellas.gr)`
`10:39.15`	`*** join/#devuan fylgje (~fylgje@59.red-79-148-22.dynamicip.rima-tde.net)`
`10:48.14`	`*** join/#devuan tomtastic (~tomtastic@90.207.138.219)`
`11:01.08`	`*** part/#devuan frabbit_ (~free_rabb@unaffiliated/free-rabbit/x-8401877)`
`11:07.56`	`*** join/#devuan ac_laptop (~ac_laptop@186.2.247.129)`
`11:15.19`	`*** join/#devuan psymin (~psymin@fsf/member/psymin)`
`11:18.28`	`*** join/#devuan xcm (~xcm@ipd114.250.tellas.gr)`
`11:22.49`	`*** join/#devuan scaniatrucker (~scaniatru@78-56-98-5.static.zebra.lt)`
`11:37.56`	`*** join/#devuan tomtastic (~tomtastic@90.207.138.219)`
`11:55.12`	`*** join/#devuan frabbit (~free_rabb@unaffiliated/free-rabbit/x-8401877)`
`11:56.55`	`frabbit`	`in debian buster iptables as default was replaced by nftables: https://wiki.debian.org/nftables#Current_status`
`11:57.23`	`frabbit`	`so i better should learn nftables as it seems right?`
`12:02.40`	`frabbit`	`seems even much easier and better`
`12:03.07`	`frabbit`	`so nftables is default in Beowulf too?`
`12:03.24`	`gnarface`	`i'm sure you can still use either one`
`12:04.19`	`*** join/#devuan Kruppt (~Kruppt@50-111-43-204.drhm.nc.frontiernet.net)`
`12:04.25`	`gnarface`	`and for what you're doing it will probably matter very little which you choose`
`12:05.15`	`gnarface`	`iptables has been around longer, which makes a good case for itself`
`12:06.19`	`frabbit`	`yeah but nfstables looks quite easier, only one command, several actions in a single rule...: https://wiki.debian.org/nftables#What_are_the_major_differences.3F`
`12:07.44`	`frabbit`	`nfstable started in 2008, i think 12 years is enough to proof a program =)`
`12:09.20`	`frabbit`	`*nftables`
`12:09.48`	`frabbit`	`gnarface: so is it also default in Beowulf?`
`12:10.09`	`gnarface`	`i don't actually know, but that sounds like something that wouldn't be different`
`12:10.23`	`frabbit`	`ok =)`
`12:10.27`	`gnarface`	`they wouldn't have changed anything not dependent on systemd`
`12:11.18`	`gnarface`	`and the kernel packages are all the same on i386 and amd64`
`12:11.34`	`gnarface`	`same as debian i mean, not same as each other`
`12:11.39`	`gnarface`	`obviously`
`12:14.02`	`frabbit`	`yeah`
`12:14.39`	`frabbit`	`ive never missed since i chnaged to devuan, but i never really used big bloated program that depneds on systemd i think...`
`12:14.48`	`frabbit`	`*missed anything`
`12:17.01`	`frabbit`	`gnarface: can u give me a suggestion what better to use for permission management of programs? AppArmor or Firejail?`
`12:17.28`	`frabbit`	`Firejail seems very beginenr friendly, but is it as powerful as AppArmor?`
`12:17.33`	`frabbit`	`*beginner`
`12:21.55`	`gnarface`	`i can not give you a suggestion`
`12:23.36`	`frabbit`	`gnarface: oh why? =o`
`12:28.58`	`gnarface`	`never touched either one`
`12:29.00`	`gnarface`	`can't tell you`
`12:29.51`	`frabbit`	`oh ok what do u use to control permissions of programs then?`
`12:32.23`	`gnarface`	`my bare hands`
`12:32.53`	`frabbit`	`gnarface: how to do that?`
`12:33.08`	`frabbit`	`i mean i know chmod but tahts not the same`
`12:33.15`	`gnarface`	`isn't it?`
`12:33.45`	`gnarface`	`there's also chgrp`
`12:33.48`	`gnarface`	`and chown`
`12:34.00`	`frabbit`	`hmm.. my non root user has acces to all files in /home/USER`
`12:34.13`	`frabbit`	`so do the programs that this users starts`
`12:34.31`	`gnarface`	`it's read-only access, but yea that is the default`
`12:34.37`	`gnarface`	`it's easy to change though`
`12:34.38`	`gnarface`	`so easy`
`12:34.55`	`gnarface`	`i have no idea how apparmor or firejail could be related to this task`
`12:35.17`	`frabbit`	`when i start firefox in a firejail with the default firejail profile, firefox has only acces to Download, .mozilla, .cache and config`
`12:35.29`	`gnarface`	`well, sure`
`12:35.35`	`frabbit`	`i cant do that with chwon or chmod`
`12:35.41`	`frabbit`	`*chown`
`12:35.42`	`gnarface`	`sure you can`
`12:35.54`	`frabbit`	`with multiple users u mean?`
`12:36.08`	`gnarface`	`ideally`
`12:36.25`	`gnarface`	`or groups`
`12:36.28`	`gnarface`	`or both`
`12:36.35`	`djph`	`isn't firejail a mix of different users and also chroots for them?`
`12:36.39`	`frabbit`	`thats hard work though...`
`12:36.46`	`djph`	`or am I thinking of something else?`
`12:37.00`	`frabbit`	`djph: cant say ive just found it =)`
`12:37.05`	`gnarface`	`and you'll note that you only have read access to the files in /home/ that aren't yours`
`12:37.17`	`gnarface`	`unless you fucked something up`
`12:37.46`	`frabbit`	`with firejail firefox havent even read access, only to the dirs i listed above`
`12:38.31`	`frabbit`	`fj grants only the bare stuff`
`12:39.02`	`frabbit`	`and thats just the default profile that comes with the installation, u can edit it`
`12:40.09`	`frabbit`	`gnarface: do u use scripts for that work or do u do it everytime manually u set up an installation?`
`12:41.59`	`gnarface`	`i mean it's like one command`
`12:42.18`	`gnarface`	`chmod 0700 /home`
`12:43.27`	`frabbit`	`with one command u set up different users, groups, attach these groups and users to specific programms and grant them specific permissions depending on all the files on your computer?`
`12:43.42`	`frabbit`	`huh? o_0`
`12:44.00`	`frabbit`	`thats read write execute for the owner`
`12:44.00`	`gnarface`	`oh, no`
`12:44.17`	`gnarface`	`no obviously i write scripts if i have to set up a lot of identical computers at once`
`12:44.26`	`gnarface`	`otherwise there's little point`
`12:45.08`	`frabbit`	`ok give me an example please how do u manually sandboxing firefox.`
`12:45.35`	`frabbit`	`creating user and group firefox in the first place?`
`12:46.28`	`frabbit`	`and then grant that user/group rights for nothing except, three home folders, etc and bin or something?`
`12:48.23`	`frabbit`	`and in productive work u switch between this and all the other users (one user per program?) to use the system efficent?`
`12:51.33`	`*** join/#devuan justinsm (~justinsm@82-69-63-196.dsl.in-addr.zen.co.uk)`
`13:08.20`	`frabbit`	`"Qubes OS" does an interesting job: https://en.wikipedia.org/wiki/Qubes_OS`
`13:10.38`	`*** join/#devuan james1138 (~James1138@71-222-133-42.albq.qwest.net)`
`13:12.38`	`gnarface`	`you should look into qemu`
`13:12.48`	`gnarface`	`if you want containers`
`13:14.19`	`frabbit`	`yeah ive reading atm about chroot, LXC, qemu and qube os`
`13:14.28`	`frabbit`	`*im`
`13:14.43`	`gnarface`	`but otherwise, the answer is basically yes`
`13:14.57`	`gnarface`	`if you're not going to use containers, then you just make extra users and groups, and manage your filesystem permissions carefully`
`13:15.05`	`gnarface`	`it's not as hard as it seems`
`13:15.24`	`gnarface`	`you'll find the overall amount of learning needed to pull something like this off tends to even out`
`13:17.48`	`*** join/#devuan AntoFox (~Thunderbi@net-2-39-203-61.cust.vodafonedsl.it)`
`13:19.55`	`frabbit`	`but isnt this virtualizing more secure? i mean why do projects like QubeOS exists, when the same is possible with gnu linux base programs?`
`13:19.57`	`*** join/#devuan bsd4me (~bsd@98-106-74-65.gci.net)`
`13:20.27`	`gnarface`	`of course virtualizing is more secure in theory`
`13:21.03`	`frabbit`	`in theory?`
`13:21.21`	`*** join/#devuan xcm (~xcm@ipd114.250.tellas.gr)`
`13:21.25`	`gnarface`	`even monkeys fall out of trees`
`13:21.35`	`frabbit`	`gnarface: what does that mean? =D`
`13:21.42`	`gnarface`	`anyone can have a bad day`
`13:21.46`	`gnarface`	`mistakes can be made`
`13:21.47`	`frabbit`	`xD`
`13:21.52`	`frabbit`	`ok ok`
`13:21.53`	`specing`	`instead of one $1500 powerful VM host you can buy 15 $100 used laptops :P`
`13:22.10`	`specing`	`and DMZ each of them`
`13:22.13`	`gnarface`	`yea, that's actually more secure^`
`13:22.20`	`frabbit`	`or 30 50â¬`
`13:22.40`	`frabbit`	`whats DMZ?`
`13:23.04`	`gnarface`	`like a network quarantine`
`13:23.29`	`gnarface`	`https://en.wikipedia.org/wiki/DMZ_(computing)`
`13:23.38`	`frabbit`	`lol`
`13:23.45`	`frabbit`	`i just wanted to post that link`
`13:32.20`	`*** join/#devuan yanmaani (~yanmaani@gateway/tor-sasl/yanmaani)`
`13:41.02`	`*** join/#devuan xcm (~xcm@ipd114.250.tellas.gr)`
`13:48.14`	`*** join/#devuan Defender1031 (~DeFender1@109-186-131-241.bb.netvision.net.il)`
`14:03.29`	`*** join/#devuan g4570n (~g4570n@unaffiliated/g4570n)`
`14:19.26`	`*** join/#devuan danyspin97 (danyspin97@liveunix.org)`
`14:20.25`	`*** join/#devuan cocoadaemon_ (~foo@2a01:e0a:4e1:97e0:179d:1cc6:8854:4d5c)`
`14:34.48`	`*** join/#devuan danyspin97 (~danyspin9@liveunix.org)`
`14:57.28`	`tomtastic`	`Uhh, no announcement for Beowulf reaching stable ?`
`14:59.34`	`fsmithred`	`announcement is in the ether and will land soon`
`15:02.00`	`*** join/#devuan xcm (~xcm@ipd114.250.tellas.gr)`
`15:06.04`	`*** join/#devuan spuria (~spuria@93-45-50-235.ip100.fastwebnet.it)`
`15:11.48`	`*** join/#devuan HumanG33k (~HumanG33k@62.147.242.8)`
`15:12.32`	`tomtastic`	`waiting for mirrors to sync up ?`
`15:13.23`	`*** join/#devuan HumanG33k (~HumanG33k@62.147.242.8)`
`15:15.29`	`fsmithred`	`waiting to make sure we're really finished writing it.`
`15:15.45`	`*** join/#devuan Tenkawa (~Tenkawa@unaffiliated/tenkawa)`
`15:20.31`	`*** join/#devuan targz (~Thunderbi@unaffiliated/targz)`
`15:22.08`	`*** join/#devuan fylgje (~fylgje@59.red-79-148-22.dynamicip.rima-tde.net)`
`15:25.52`	`*** join/#devuan HumanG33k (~HumanG33k@62.147.242.8)`
`15:33.02`	`*** part/#devuan Joril (~joril@host-217-194-188-145.sbs.redder.net)`
`15:44.46`	`*** join/#devuan xcm (~xcm@ipd114.250.tellas.gr)`
`15:45.01`	`*** join/#devuan doppo (doppo@2604:180::e0fc:a07f)`
`15:45.18`	`*** join/#devuan mdrights[m] (mdrightsma@gateway/shell/matrix.org/x-zhyixngppczwgnts)`
`15:45.42`	`*** join/#devuan humpelstilzchen[ (erikmailus@gateway/shell/matrix.org/x-hgymclihjzuufcsh)`
`15:48.14`	`*** join/#devuan jathan (~jathan@189.216.183.142)`
`15:58.46`	`*** join/#devuan cocoadaemon_ (~foo@88.123.134.95)`
`16:02.41`	`*** join/#devuan bgustav_ (~bgustav@188.25.46.107)`
`16:28.21`	`*** join/#devuan engidea (~damiano@46.141.120.243)`
`16:29.47`	`*** join/#devuan Uberius (~Uberius@gateway/tor-sasl/uberius)`
`16:32.43`	`*** join/#devuan Gnhugo (~yaaic@2806:2f0:90a0:ac55:10a2:e795:eb01:a21c)`
`16:33.38`	`*** join/#devuan damisys (~damien@2a02:2788:834:473:fe3f:342d:5dd9:bdaa)`
`16:38.59`	`*** join/#devuan Uberius (~Uberius@gateway/tor-sasl/uberius)`
`16:39.37`	`*** join/#devuan st3ma (~st3ma@185.31.62.101)`
`16:41.32`	`*** join/#devuan DocScrutinizer05 (~saturn@openmoko/engineers/joerg)`
`16:49.49`	`*** join/#devuan alexus (~alexus@176.207.202.222)`
`17:15.06`	`*** join/#devuan mason (~mason@redhat/mason)`
`17:31.18`	`*** join/#devuan Akuli (~akuli@mobile-access-b04815-223.dhcp.inet.fi)`
`17:52.44`	`*** join/#devuan AntoFox (~Thunderbi@net-2-39-203-61.cust.vodafonedsl.it)`
`18:02.02`	`*** join/#devuan silentjet (~jet@5.102.45.1)`
`18:18.41`	`*** join/#devuan Uberius (~Uberius@gateway/tor-sasl/uberius)`
`18:45.02`	`*** join/#devuan engidea (~damiano@46.141.120.243)`
`18:45.02`	*** join/#devuan fred`` (fred@earthli.ng)
`19:03.47`	`*** part/#devuan james1138 (~James1138@71-222-133-42.albq.qwest.net)`
`19:04.41`	`*** join/#devuan dacencora (~devuan@c-24-91-58-180.hsd1.ma.comcast.net)`
`19:04.57`	`dacencora`	`Which release is beowulf forked from?`
`19:05.04`	`dacencora`	`Is it buster?`
`19:07.20`	`Hurgotron`	`yes.`
`19:10.08`	`*** join/#devuan james1138 (~James1138@71-222-133-42.albq.qwest.net)`
`19:15.04`	`*** join/#devuan arnoldoree (~arnoldore@113.210.191.186)`
`19:19.15`	`*** join/#devuan LucasRamage[m] (oxr463matr@gateway/shell/matrix.org/x-hhfjowtfupbbuida)`
`19:19.44`	`*** join/#devuan IoFran (~Thunderbi@189.154.216.104)`
`19:23.48`	`*** join/#devuan tomtastic (~tomtastic@90.207.138.219)`
`19:27.43`	`*** join/#devuan g4570n (~g4570n@unaffiliated/g4570n)`
`19:29.29`	`*** join/#devuan dacencora (~logan@c-24-91-58-180.hsd1.ma.comcast.net)`
`19:29.52`	`dacencora`	`Best way to force X to use a xorg.conf?`
`19:30.04`	`dacencora`	`If I put one in /etc/X11/ will it be used by default?`
`19:33.49`	`fsmithred`	`dacencora, yes. I think there's also xorg.conf.d where you can put files`
`19:34.11`	`fsmithred`	`and you can just put the xorg.conf sections you need. Not necessarily everything.`
`19:34.23`	`*** join/#devuan xcm (~xcm@ipd114.250.tellas.gr)`
`19:40.03`	`dacencora`	`OK I will try that. For some reason, Gentoo is the only distro where I can get brightness control working with my NVIDIA card on my laptop. I am now testing it on Devuan`
`19:45.36`	`*** join/#devuan humpelstilzchen[ (erikmailus@gateway/shell/matrix.org/x-pgbumxfklackjzzl)`
`19:45.36`	`*** join/#devuan ulno[m] (ulnomatrix@gateway/shell/matrix.org/x-kaovvlulvdccdnxf)`
`19:45.36`	`*** join/#devuan veeee (v7ematrixo@gateway/shell/matrix.org/x-jcirnnghklvobjsp)`
`19:45.36`	`*** join/#devuan jiefk[p] (jiefkpriva@gateway/shell/matrix.org/x-kshpxqmcneiiwref)`
`19:45.36`	`*** join/#devuan palinuro (palinuroma@parrotsec/teamleader/palinuro)`
`19:45.36`	`*** join/#devuan grin[m] (gringrinhu@gateway/shell/matrix.org/x-ednydcfhgmjpqibd)`
`19:45.36`	`*** join/#devuan I3^RELATIVISM (alexissamp@gateway/shell/matrix.org/x-hqmdqlegliunphlx)`
`19:45.36`	`*** join/#devuan erhandsoME[m] (erhandsome@gateway/shell/matrix.org/x-gcyapjuyrmxrhuuk)`
`19:45.36`	`*** join/#devuan mdrights[m] (mdrightsma@gateway/shell/matrix.org/x-svwnrysdxbymbosm)`
`19:45.36`	`*** join/#devuan phicoh (phicohmatr@gateway/shell/matrix.org/x-gyndwmxhzbaszkoo)`
`19:45.36`	`*** join/#devuan cerna (cernamatri@gateway/shell/matrix.org/x-mkjtbenopxthfqaz)`
`19:45.36`	`*** join/#devuan hkuj (hkujmatrix@gateway/shell/matrix.org/x-vdarjwxltpbbtzfd)`
`20:02.39`	`*** join/#devuan Tenkawa (~Tenkawa@unaffiliated/tenkawa)`
`20:09.00`	`*** join/#devuan xcm (~xcm@ipd114.250.tellas.gr)`
`20:11.10`	`*** join/#devuan bsd4me (~me@98-106-74-65.gci.net)`
`20:14.14`	`*** join/#devuan Uberius (~Uberius@gateway/tor-sasl/uberius)`
`20:52.19`	`*** join/#devuan AntoFox (~Thunderbi@net-2-39-203-61.cust.vodafonedsl.it)`
`20:54.16`	`*** join/#devuan tomtastic (~tomtastic@90.207.138.219)`
`20:57.54`	`*** join/#devuan tomtastic (~tomtastic@90.207.138.219)`
`21:03.22`	`*** join/#devuan xrogaan (~xrogaan@unaffiliated/xrogaan)`
`21:04.17`	`*** join/#devuan TwistedFate (~TwistedFa@unaffiliated/twistedfate)`
`21:04.28`	`*** join/#devuan Acacia (~Acacia@unaffiliated/acacia)`
`21:06.17`	*** join/#devuan fred`` (fred@earthli.ng)
`21:15.31`	`*** join/#devuan silentjet (~jet@staticline-31-182-193-145.toya.net.pl)`
`21:15.57`	`*** join/#devuan bsd4me (~me@98-106-74-65.gci.net)`
`21:20.59`	`*** join/#devuan bsd4me (~bsd@98-106-74-65.gci.net)`
`21:25.07`	`*** join/#devuan xcm (~xcm@ipd114.250.tellas.gr)`
`21:32.46`	`*** join/#devuan sacioz (~sacioz@170.233.51.2)`
`21:36.41`	`*** part/#devuan sacioz (~sacioz@170.233.51.2)`
`21:39.35`	`*** join/#devuan espiropapa (~espiropap@gateway/tor-sasl/espiropapa)`
`21:42.36`	`*** join/#devuan ferdy- (~ferdy@funtoo/contrib/ferdy-)`
`21:51.26`	`*** join/#devuan Uberius (~Uberius@gateway/tor-sasl/uberius)`
`21:52.43`	`*** join/#devuan targz (~Thunderbi@unaffiliated/targz)`
`21:55.36`	`*** part/#devuan james1138 (~James1138@71-222-133-42.albq.qwest.net)`
`22:09.04`	`*** join/#devuan silentjet (~jet@staticline-31-182-193-145.toya.net.pl)`
`22:09.55`	`*** join/#devuan Uberius (~Uberius@gateway/tor-sasl/uberius)`
`22:28.10`	`*** join/#devuan silentjet (~jet@staticline-31-182-193-145.toya.net.pl)`
`22:37.54`	`*** part/#devuan Tenkawa (~Tenkawa@unaffiliated/tenkawa)`
`22:48.43`	`*** join/#devuan Oksana (~Wikiwide@Maemo/community/ex-council/Wikiwide)`
`23:43.34`	`*** join/#devuan Centurion_Dan (~Thunderbi@devuan/developer/centuriondan)`
`23:59.20`	`*** join/#devuan mrtux (~nobody@2600:3c03:e000:266::cafe:babe)`

Generated by irclog2html.pl Modified by Tim Riker to work with infobot.