• 3 Posts
  • 10 Comments
Joined 1 year ago
cake
Cake day: July 22nd, 2023

help-circle

  • Lots of good answers here but I’ll toss in my own “figure out what you need” experience from my first firewall funtime. (Disclaimer: I used nftables – it should be similar to ufw in terms of defaults though).

    • Right off the bat, everything unneeded was blocked. I “needed” no configuration, except for maybe…
    • Whatever CUPS runs on (when I use it)
    • Sometimes I ran python -m http.server – I unblocked port 8000 for personal use.
    • I chose to unblock port 53 (DNS). I wanted to connect to another computer via hostname IIRC (e.g. connecting to raspberry-pi.local. I might be misremembering this though).
    • At one point I played with NGINX – that’s port 80 (HTTP) and port 443 (HTTPS).
    • SSH was already permitted (port 22 – you need root access to enable traffic through ports below 1024 anyway so this wasn’t an issue for running typical apps)

    I didn’t use WireShark back then, really. I think I just ran something like

    sudo lsof -nP -iTCP -sTCP:LISTEN
    

    which showed me a bunch of port traffic (mostly just harmless language servers).

    You don’t have to dive to deep into all the “egress” and “ingress” and whatnot unless you’re doing something special. Or your software uses a weird port. (LocalSend lol)


  • Oh I love the “walk me through what I’m about to do” concept. Dry runs should be more common – especially in shell scripts…

    The world would be a better place if every install.sh had a --help, some nice printf’s saying “Moving this here” / “Overwrite? [Y/N]”, and perhaps even a shoehorned-in set -x.

    Hope your r/w wasn’t eaten up by the subfolder incident (that I presume happened) :P




  • Hah, stochastic parrots.

    Makes me wonder. Every laziness I’ve had with the vector guessers, I’ve seen an exact counterweight.

    matrix scrombulator webpage (2007-2014)
    Here’s random code. Pray it works Free ancient code at man 3 getifaddrs.
    How does this API work? (when the API has below 10 million sample lines of code) Incredibly concise documentation worth spending 2 minutes on or HTML text without margin lines worth spending 20 minutes on
    Maybe this is what’s causing your bug. Investigate a, b, and c. Conclusion sentence. footnote in ArchWiki / archetypal 2009 StackOverflow duplicate
    Here’s the main idea of X… you need to take into account a combination of facets to ensure safety. Angry blog post about X that’s oddly technical (now you see both sides)

    One, you can invoke more often (throw ChatGPT configs against the wall until it doesn’t error); the other you can invoke more deeply. So I can’t help but wonder – when we cancel out all the terms – if the timesaving sum is positive or negative. ¯\_(ツ)_/¯



  • Yeah, it’s pretty funny how distros just passed each other by like that. Back then it was Debian that was regarded as the hyper-poweruser distro:

    The reason I havn’t used Debian is because I can’t install it. “This guy is totally clueless” you might think. My only response is that I’m writing this on a Gentoo box that I have installed myself.

    And then now there are plenty of people reading this thread who liked Windows 7. As time passed, their grade on the ease-of-use of A passed the don’t-get-in-my-way of B, and a load of Windows 10ers jumped ship to Linus & Friends, the last place their Windows 7 selves would have expected to go. Always a reminder that the end of history isn’t now.


  • Bending the question a little but my second “first impression” of Arch’s “simplicity” surprised me the most.

    I was running Gentoo for a while before deciding to move back, and I was surprised that somehow I had

    • saved space
    • gotten faster at doing new things (…)
    • didn’t lose any boot speed or anything like that

    Granted, I had jumped on Gentoo because of misconceptions (speed, ricing, the idea that I needed USE flags), but going back, I saw things more clearly:

    • the AUR being basically a shell script download + 300 MB of base-devel was simpler and more space-efficient than /var/db/repos (IIRC – since the portage and guru ebuilds were all held locally anyway after syncing, an on-demand AUR saved space).
      • the simple automatic build file audits on Arch felt more clean to me. I like checking my build files; had to make a script for the guru ebuild equivalent (but maybe there’s a portage arg i missed somewhere – wouldn’t be the first time)
    • Arch repos separating parts of packages in case you don’t need some part (like splitting some font into its languages, or splitting a package into x and x-doc and x-perl) was almost a simple USE flag-ish thing already
    • /etc/makepkg.conf was Gentoo’s make.conf. And its build flags looked similar to the CFLAGS I manually set up anyway.
    • My boot time (btrfs inside LUKS with encrypted /boot) was the same with systemd vs. openrc
    • I realized I liked systemd (because of the completeness of my systemctl muscle memory, like with systemctl status and journalctl, or managing systemd-logind instead of using seatd and friends).

    Not bashing on Gentoo or anything, but it’s when I realized why Arch was “simple.” Even me sorely missing /etc/portage/patches was quelled by paru -S <pkg> --fm vim --savechanges.

    And Arch traveling at the speed of simplicity even quantifiably helped: Had to download aur/teams the other day with nine-minute warning.

    ¯\_(ツ)_/¯