a111: Logged on 2018-04-22 21:29 mircea_popescu: asciilifeform, in practical terms, how do you want s.mg to use fgs until rewritten ?
mircea_popescu: yeah. anyway, i'm thinking the best approach would actually be a kernel patch to destroy the extant random/urandom bs and replace it with fg
mircea_popescu: doesn't have to. /dev/random is blocking. all it needs to do is block if it has no fg.
mircea_popescu: well if the kernel can't be patched then a patch won't help.
mircea_popescu: but the idea isn't for ~our~ kernels. the idea is to have an infection vector, that permafucks a linus-tso kernel into no longer working like a piece orf shit.
mircea_popescu: i don't believe in this philosophy of "universal support". "break everything until it fully conforms to tmsr expectation" is entirely sufficient.
mircea_popescu: indeed. which is why i was encouraging mod6 to look into it.
mircea_popescu: so, tmsr-kernel, such as for instance the very tight musl stuff, or what cuntoo evnetually will become, is out of scope for this discussion. of course it should have native fg handling, and im sure it will.
mircea_popescu: neverthless, inca-kernel, be it "debian" or whatever it is, needs a way to be fucked such that it stops exposing any /dev/random AT ALL for as long as it is not exposing a fg random.
mircea_popescu: that's all that's contemplated here, all we really want from the rest of the shitpile is a very clear knob, which, when turned, makes everything stop working that doesn't work like we expect it to work.
mircea_popescu: so you can waltz into dc installed "linux", patch it, and it either has /dev/random perma-blocked or else fg-streaming.
mircea_popescu: asciilifeform, well, ideally patch random.c into a fg streamer.
mod6: ugh. get some rest, Sir
trinque: perhaps there's a yet more immediate route. /dev manager (eudev, w/e) is simply told to symlink /dev/random to the FG device.
mircea_popescu: trinque, that does at least half the job -- will get some actual entropy in there, even if it doesn't prevent the dilution with cvasi-random crap
lobbes: phew. I finally got logbot genesis up and inserting log lines into a database on my test machine. Hardest thing was figuring out the config knobs for postgres (and side-quests such as libuuid)
lobbes: Once I migrate this to pizarro shell, I plan to harvest my notes for a detailed n00b guide on standing up a 'vanilla' logbot (with focus on operating out of /home for pizarro shellists)
lobbes: I appreciate the suggested course correction earlier mircea_popescu. Now, after a week or so of toiling, I come out of the experience with more knowledge about V, sbcl, and postgres instead of painfully acquired trivia about dead-end things such as 'tcl' or the not-long-for-this-world gribble
mircea_popescu: diana_coman, ahh it's nice to be back to braiding cordage...
ben_vulpes: my body is reacting very poorly to spring this year
a111: Logged on 2018-04-23 00:35 asciilifeform: ave1 didja get it ?
mircea_popescu: ben_vulpes, send me invoice for rest of year for it too.
mircea_popescu: incidentally, is your "standard" mpwp installation linkbroken by default ?
diana_coman: ben_vulpes, I don't need the wp stuff; what do I need to do to nuke it ?
diana_coman: or uhm, ben_vulpes what's the link at which *my stuff* is served?
mircea_popescu: diana_coman, this usually goes the other way around : he tells you a ns, and i set the domain to point to it.
mircea_popescu: last time the process resembled pulling teeth, eventually ended up using qntra's ns.
diana_coman: I was hoping that part was already done :D
diana_coman: so basically now I can plonk all my stuff in there and ...wait
diana_coman: hence my q to ben_vulpes as to what link I can use to see my stuff at all
mod6: The weather has finally turned here! A few nice spring days we've had, after 6 months of winter.
mod6: Sure beats rolling blizzards, that's for sure.
mod6: Ugh, this coffee is horribru.
mod6: yeah, I could probably degrease my lawn-mower engine with this rot.
mod6: That'd be wonderful. I'd like to give real coffee a-go.
mod6: I saw on of your pictures (I think from a breakfast table), where it looked like there was a funnel/filter direct into the cup.
mircea_popescu: they do not give a flying fuck over here, use 1/4 lb of fresh ground coffee for one cup, throw it away.
BingoBoingo: diana_coman: Do you need any DNS records other than one pointing to your slice?
mod6: Morning asciilifeform, feeling any better?
mircea_popescu: BingoBoingo, yes lobbes needs logs.minigame.bz forwarded.
BingoBoingo: lobbes: Where do you need logs.minigame.biz pointed?
lobbes: BingoBoingo: 192.121.170.137 plox
BingoBoingo: Aite, there is a zone on ns1.qntra.net and ns2.qntra.net for minigame.bz
diana_coman: mircea_popescu, I've transfered the stuff to the folder from ben_vulpes said apache serves; but more than that I can't check/see
mircea_popescu: i have nfi how this is even fucking possible, but my dns zone is currently ns1 ns2.minigame.bz EXCEPT the domain is .biz
mircea_popescu: oooh i see the problem. ok so, i owned both .biz and .bz, back when i used namecheap. i transferred the latter but not the former to namesilo back when all those shenanigans occured. so .bz item is captive in namecheap, Registry Expiry Date: 2019-07-01T16:40:17Z. but basically i'm letting it lapse ; so erryone will have to update to the .biz version and we can pretend this all never occured.
mircea_popescu: so BingoBoingo use .biz plox ; lobbes you'll be logs.minigame.biz rather than logs.minigame.bz as before. sorry about that.
☟︎ ben_vulpes: diana_coman: server is configured to respond to minigame.bz, per ^^ will be updating to serve minigame.biz and www.minigame.biz
ben_vulpes laboring under serious immune system load and cognitive deficit
ben_vulpes: diana_coman: everything in ~/www needs to be 0755, may i effect that for you?
trinque suggests something like diana_coman:apache and 0750
ben_vulpes: i'm all ears, i've erred to date on what i think is safer but i lack a model
trinque: if you do chmod g+rX it'll make directories traversable, but not go around marking everything executable
☟︎ trinque: can then do something like find /path/to/www -iname '*.php' -exec chmod g+x {} \;
a111: Logged on 2018-04-23 17:03 mircea_popescu: so BingoBoingo use .biz plox ; lobbes you'll be logs.minigame.biz rather than logs.minigame.bz as before. sorry about that.
ben_vulpes: diana_coman: website appears up to me, although that may just be /etc/hosts, i'm not up to speed on dns propagation yet
diana_coman: I can't yet see it from here - will give it some time and check again later
ben_vulpes: yup, just checked without local routing and no resolution.
a111: Logged on 2018-04-23 17:27 trinque: if you do chmod g+rX it'll make directories traversable, but not go around marking everything executable
mircea_popescu: annnd no, minigame.biz does not resolve. BingoBoingo ben_vulpes ^
mircea_popescu: you really need this to work easier than multi-day multi-attempt sorta thing.
mircea_popescu: "Begin testing delegation for minigame.biz. Name servers listed at parent: ns1.qntra.net,ns2.qntra.net Failed to find name servers of minigame.biz/IN. No name servers found at child." <
mircea_popescu: shit internal references broken also. diana_coman when you have a moment run a sed /minigame.bz/minigame.biz/ plox.
diana_coman: ugh mircea_popescu I changed to minigame.biz and now the ownership of the files reverted to me and therefore index.html not available and it's again screwed; ben_vulpes ?
diana_coman: gah, I meant: permissions got screwed, not ownership
diana_coman: I'm not sure how this will work if groupownership of file changes from apache to my user every time I modify a file
diana_coman: files created in the ~/www dir should default /inherit apache group
diana_coman: mircea_popescu, I need to change the *group*
diana_coman: no,I need to change from diana:diana to diana:apache
diana_coman: iirc that required root rights but will try
mircea_popescu: well wait a second, wtf fix is this, "you can either edit your files or have them served by apache but not both" ?!
diana_coman: since it seems the fix to the fix is another wait, I'll set for now 755 on the files as otherwise ckang still won't be able to get the client and try the game
ben_vulpes: $user:$user and 0755 is what's been most useful on other sites; i think that'd be best here as well
diana_coman: I think trinque's suggestion makes perfect sense, as long as new files get by default user:apache too
ben_vulpes: ok i'll look into how to make new files inherit from parent dirs
spyked: TIL: setgid (g+s) should do the trick.
mircea_popescu: fwiw, all trilema.com files are trilema:trilema and somehow(tm) work.
ben_vulpes: spyked: thx, now to figure out what needs installing from portage to get setgid
ben_vulpes: ah i think i see how to get it with chmod
ben_vulpes: okay, gotit. diana_coman i'm going to run chmod -R g+srX your www dir
ben_vulpes: please confirm that new files show up as diana_coman:apache
diana_coman: ben_vulpes, new files show up as diana_coman:apache BUT apparently still not with the right permissions to get served
diana_coman: at least I can change the permissions though to what they need
ben_vulpes: well that's still not great; they're not inheriting from the parent directory?
diana_coman: the file inherited the group ownership but not the group permissions from what I can tell
trinque: eh actually there were cobwebs between my ears when I gave that suggestion
ben_vulpes: i suppose they wouldn't, that being controlled by umask
trinque: probably easier move is to just add apache to the diana group
diana_coman: i.e. new file had r and write for user but nothing for group
ben_vulpes: diana_coman: yeah i think that comes from the user-level umask, which as i understand it sets permissions on individual files on create
ben_vulpes: i am interested in the postgrestisms you used
ben_vulpes: ah i actually had a conversation with a little lady about the 'dirty read' thing last night
trinque: naw, congrats on phuctor's rebirth!
ben_vulpes only ever attended cs program of hard knocks
mircea_popescu: now let's test the keys of folk who showed up in the meanwhile huh.
diana_coman: ben_vulpes, trinque this is just too brittle : how about moving dirs/files in there?
ben_vulpes: diana_coman: shall i add apache to the diana_coman group before you 755 up?
ben_vulpes sitting for remedial unix permissionsology at SOHN this afternoon
mircea_popescu: asciilifeform> i had nfi they existed. << well they were mentioned duyring the 3-4 optimization threads about 3-5x each time, but...
mircea_popescu: anuyway, i can see the angle ; but it's one of those cases where ai is much cheaper than just letting the person make the settings.
ben_vulpes: \dt woulda shown you indices on the table too asciilifeform
mircea_popescu: some of my heavy hit tables are 60% indexes by weight.
diana_coman: ben_vulpes, no, enough experimenting I'd say