Thanks a lot for your answer. How would you encrypt a server? Typing a password every time it boots isn’t possible for me, since I would need a monitor for my headless server.
I use Luks/Tang to unlock the server at boot from another computer that is always on too. If that one is down I’ll need to type it or power the other PC on, but otherwise it auto decrypts for me as long as I’m on the same network.
Is this for your home? If it is, you don’t really have to worry about someone stealing your desktop. If someone breaks into your home, they’re looking for quick cash and jewelry and TVs. They’re not going to bother stealing your server to dig through files for something usable.
I’ve had quite a bad experience with police for example.
30 cops raided my home because of something trivial (I ordered a bit of non-psychoactive CBD-weed, which is, even in the most restrictive country you can imagine, ridiculous).
Of course, I got the whole experience-pack, including strip searches and confiscating all electronics.
Even though I believe them getting hold of any data wouldn’t have changed much, I’m still glad I had my devices encrypted.
Just knowing they didn’t see my cringy pictures of my teeny-me, where I discovered Snapchat filters, is a big relief. 😅
Yeah… that traumatized me a bit and maybe that’s the reason I’m worrying.
Also, you could never know what will happen in the future. Maybe my GF will turn crazy tomorrow and use those embarrassing pictures against me. Who knows?
I believe everyone should use encryption, even if they don’t have much to hide…
If Linux, use LUKS but you need to enter the passphrase at boot, you can securely put the key in TPM2 I think (à la Windows) but it may be complicated to setup, or just seal the phrase in TPM2 but if you boot on grub you can break grub and replace init with a shell in boot option and have access to the system I think :-/ but a simple crackhead thief would not understand that.
You can also have the key on a USB key, but if on the server and the server get stolen, it’s useless. You can setup a “anywhereUSB” and have your USB key in another room/place, etc, there is others possibilities.
I wanted to unlock with bluetooth but having the bluetooth HW driver and stack in initramfs was nightmarish a little bit :-/
It is a very typical way of doing things, you just have to read the output and make sure no important packages are in the list.
Your command should be working. It won’t remove manually installed dependencies but should take care of automatic ones. You can check an individual package with apt show and look at the APT-Manual-Installed field.
I already checked with apt show emacs and the output clearly shows emacs-gtk as depends on. And while installing the emacs package with: sudo apt-get install emacs it installed a ~400Mo package and all dependencies.
So why doesn’t sudo apt remove --purge --autoremove emacs removes everything ? I thought this command would be the exact opposite of sudo apt install package-name
Ah, I can duplicate this behavior too. I think it is probably related to emacs being a metapackage. It does not include emacs itself but forces the install of emacs-gtk. In my mind removing the metapackage should allow you to autoremove dependencies, but people have broken their systems badly with this behavior so it may have been changed or it’s stuck behind some configuration option.
Removing emacs-gtk itself will work as you expect. You can also install emacs-nox for a cli-only one that is smaller.
Edit: there is a setting called APT::Never-MarkAuto-Sections that by default includes meta packages and I think is the cause of this.
Thank you very much for your enlighten answer :D !
Removing emacs-gtk itself will work as you expect
Yes that’s what I found out with apt show emacs-gtk, it shows all the dependencies but I found it quiet odd behavior (lack of knowledge).
I wasn’t aware of metapackages, something new to put into my knowledge database.
Edit: While writing my replay and searching through the web and my console, even though I wouldn’t have had understood it while reading it… It actually tells me in the description that emacs is a metapackage… Bad reading skills :/ sorry about that !
Description: GNU Emacs editor (metapackage) GNU Emacs is the extensible self-documenting text editor. This is a metapackage that will always depend on the latest recommended Emacs variant (currently emacs-gtk).
If you don’t mind I have a last question. Imagine I want to remove docker-ce, which depends on iptables among others, if I sudo apt remove --purge --autoremove docker-ce, this isn’t going to remove iptables and break my system right? Because it’s used by other packages, system… I guess, no?
I think a more general question would be how can I be sure I not going to fuck my system while removing packages? Maybe I’m to paranoïd and today it’s relatively safe to do so, compared to years ago??
If something else depends on it then it shouldn’t be removed, it’s only removing things that are not used elsewhere.
Usually just reading through the packages it’s listing and double check what it’s doing is enough. If something is removing a ton of gnome and you’re not trying to remove gnome, that would be an issue. If something is trying to remove the kernel (unless it’s an old kernel) or grub that’s also worth digging into. I’ve never run into problems with it, I don’t think it’s common these days.
Microsoft has pushed OEM’s to stop supporting S3 in bios, instead wanting hybrid sleep. Microsoft wants this because hybrid sleep allows waking for sending telemetry to Microsoft all the dang time, like cell phones do. I curse the day they did this.
I’m curious, what file system do you use to mount your share? (SMB, SSHFS, WebDAV, NFS…?) I’ve never managed to get decent performance on a remote-mounted directory because of the latency, even on a local network, and this becomes an issue with large directories
Like iSCSI, it exposes a disk image file, or a raw partition if you’d like (by using something like /dev/sda3 or /dev/mapper/foo as the file name). Unlike iSCSI, it’s a fairly basic protocol (the API is literally only 9 commands). iSCSI is essentially just regular SCSI over the network.
NFS and SMB have to deal with file locks, multiple readers and writers concurrently accessing the same file, permissions, etc. That can add a little bit of overhead. With iSCSI and NBD, it assumes only one client is using the file (because it’s impossible for two clients to use the same disk image at the same time - it’ll get corrupted) and it’s just reading and writing raw data.
main thing to note is that NFS is an object based storage (acts like a share) where iSCSI is block based (acts like a disk). You’d really only use iSCSI for things like VM disks, 1:1 storage, etc. For home use cases unless you’re selfhosting (and probably even then) you’re likely gonna be better off with NFS.
if you were to do iSCSI I would recommend its own VLAN. NFS technically should be isolated too, but I currently run NFS over my main VLAN, so do what ya gotta do
Yeah, there are a few limitations to each. NFS, for example, doesn’t play nicely with certain options if you’re using a filesystem overlay (overlays), which can be annoying when using it for PXE environments. It does however allow you to mount in several remote machines simultaneously, which I don’t think iSCSI would play nicely with.
SMB though has user-based authentication built in, watch can be quite handy esp if you’re not into setting up a whole Kerberos stack in order to use that functionality with NFS.
I’ve found that NFS gives me the best performance and the least issues. For my use cases, single user where throughput is more important than latency, it’s indistinguishable from a local disk. It basically goes as fast as my gigabit NIC allows, which is more or less the maximum throughput of the hard disks as well.
A benefit of NFS over SMB is that you can just use Unix ownerships and permissions. I do make sure to synchronize UIDs and GIDs across my devices because I could never get idmapping to work with my NAS.
idmap only works with Kerberos auth, but iirc I didn’t have to set anything up specifically for it. Though I’ve also never really had to test it since my UIDs match coincidentally, I just tested with the nfsidmap command.
The entire point is that your DE has NO security features at all, those come ALL from the underlying system such as PAM for example, managing the authentication and such.
These stupid strawmans “huhr dur watch a video”
Besides that I’ll just answer the straw man argument anyway because it’s even stupid if you take it seriously YES YOU CAN ACTUALLY LAUNCH GUI (such as a game) DIRECTLY FROM TTY.
I would love to only use the computer in tty but would be hard to edit images in GIMP. Or do you still launch GUI apps directly from tty? Most websites are an abomination viewed through lynx or similar.
The entire point is that your DE has NO security features at all, those come ALL from the underlying system such as PAM for example, managing the authentication and such.
These stupid strawmans “huhr dur watch a video”
Besides that I’ll just answer the straw man argument anyway because it’s even stupid if you take it seriously YES YOU DO ACTUALLY LAUNCH GUI DIRECTLY FROM TTY.
"UNEXPECTED_EOS" is almost certainly "unexpected end of stream", that is, the file is missing the end or there's data corruption and the unpacker has interpreted the bad data as meaning the file should be longer than it is.
Redownload the file, or try to download it using a different tool (e.g. wget or curl rather than a browser). If that still gets a truncated file, try a different source / mirror.
linux
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.