| SkyforgerHarold | is anyone else having trouble connecting to the 0ad website and lobby server at wildfiregames.com ? | 06:05 |
|---|---|---|
| freem | SkyforgerHarold: pings passes, but website does not allows connection, neither in http nor in https. My guess: their httpd is dead. I do not know for the lobby, I don't play 0ad. | 06:07 |
| freem | (that probably should have been asked on their communication channels though) | 06:08 |
| Xenguy | SkyforgerHarold, wildfiregames.com resolves fine here | 06:09 |
| freem | to query lobby one could either know the port they use, or run nmap, but the latter may be illegal depending on the type of scan and countries involved | 06:11 |
| freem | with the port one could ping, I mean. | 06:12 |
| freem | but if game fails at it, likely nothing would pass | 06:12 |
| golinux | Isn't this off-topic? Please take it there. | 06:14 |
| SkyforgerHarold | oops, I thought I was talking in #devuan_offtopic. Sorry! | 06:15 |
| psionic | What on earth happened to Kismet? | 09:58 |
| psionic | package just vanished or what | 09:58 |
| rwp | psionic, https://tracker.debian.org/pkg/kismet it appears to have been gone since 2020. | 10:07 |
| metala | @psionic interesting, it seems that the last one that has it as a package is buster. However, kismet are shipping their own Debian packages. | 10:08 |
| metala | ref. https://www.kismetwireless.net/packages/#debian-bookworm | 10:10 |
| psionic | kismet-capture-hak5-wifi-coconut : Depends: libwebsockets16 but it is not installable | 11:41 |
| psionic | ah man this is gonna be painful | 11:41 |
| psionic | tons of unmet deps for kismet | 11:41 |
| psionic | its gonna be easier if i install some hodge podge like kali linux in a docker and give it direct access to wlan0 | 13:33 |
| Alverstone | Did you know that without polkit, elogind cannot switch tty for you? | 19:02 |
| Alverstone | For that matter, for some reason, by default, seatd only allows root to use the socket. Why is that? Are there any security implications in allowing users to access seatd? | 19:02 |
| gnarface | Alverstone: i think those are both expected functionality, but on daedalus you can still just disable seatd if you are using startx instead. you'll see complaints in the xorg log but it'll still work | 19:11 |
| freem | I suppose there are security implications for multi-user systems? | 19:19 |
| gnarface | well, running any graphical login daemon necessitates using permissions backends that are inherently less secure than doing without | 19:21 |
| rwp | What multi-user systems run X? And why would they? | 19:21 |
| freem | as in, systems which have multiple accounts, not systems on which multiple users use the same account (i.e. family computers in my childhood, when 1 computer *and* account was used by all) | 19:21 |
| gnarface | but to a lesser degree just running X at all is also a security hazard... | 19:21 |
| freem | is it a network security hazard, or a physical one? | 19:21 |
| rwp | For the most part by now after these decades X is understood but the concern is that there may still be unknown problems lurking there somewhere. | 19:22 |
| gnarface | eh, i think local access risks only probably, as long as you're not using nvidia drivers | 19:22 |
| gnarface | but if you have users using untrustworthy software all bets are off anyway... | 19:23 |
| freem | I am more concerned by wayland not implementing enough features in a standard/generalised enough way than by X11 "security problems" | 19:23 |
| freem | I would be curious to learn about a way in which X11 was actually usable to trigger real damages, that wayland would have prevented | 19:24 |
| freem | the most important part of a disk $HOME and I don't see how wayland can protect that | 19:24 |
| freem | s/disk/systems/ | 19:25 |
| rwp | I am unaware of any actual attacks that wayland would have protected against but that X would have allowed. When I read wayland articles talking smack about X they always seem to be things that no reasonable person is actually doing. | 19:27 |
| gnarface | yea, i don't either really. you don't want to be in any situation where the video card drivers are the only line of defense between users reading other users' passwords | 19:27 |
| freem | I believe wayland can have a performance benefit, though, since it's designed for modern harware... but then it also have, in some negligible areas, performance degradations: https://mort.coffee/home/wayland-input-latency/ | 19:27 |
| freem | I also have a long list of bugs created in, say, SDL2, for supporting wayland | 19:28 |
| freem | so, wayland? To me it's nayland | 19:28 |
| freem | I see no benefit for my cheap hardware, really | 19:28 |
| freem | security is how you sell bullshit to naive people | 19:28 |
| freem | and performance benefits... they have the mouse cursor lagging, in some conditions, in some servers (because no standard ofc) on some places. Compared to the old, slow protocol. | 19:29 |
| freem | I would be very curious to learn about practical and neutral analysis of performances and security, for those who dare to not junk their electronics because fashion says so | 19:32 |
| Alverstone | ... | 19:47 |
| Alverstone | The question was, why exactly seatd chooses to be root-only by default? Is there any particular reason why access to seatd should be denied? | 19:47 |
| Alverstone | A wild guess - seatd does not have the concept of active sessions, so it seizes and releases devices only in cooperation with software that uses it, so if some software grabs your input devices you'll be screwed tight. But I have absolutely no idea how it *actually* works | 19:49 |
| Alverstone | I combine elogind and seatd at the same time. No real reason, but it seems I don't have this bug with X going blank with seatd, while just not so long ago I experienced such "crash" with a elogind user | 19:50 |
| * Xenguy checked and seatd is not installed here ... | 20:46 | |
| fsmithred | Maybe I don't understand correctly, but I can switch tty just fine without polkit. But maybe that's because I don't have elogind or dbus or a display manager on this build. Just seatd. | 22:14 |
| fsmithred | ctrl-alt-Fn works | 22:15 |
| leitz | I have a laptop with an internal wifi, but I want to test a USB wifi adapter. How do I use the adapter? | 22:16 |
| fsmithred | leitz, if network-manager is installed, I think you just select that as the interface for it to use. | 22:19 |
| fsmithred | Assuming the firmware for it is installed. Do you know if it is or not? | 22:19 |
| fsmithred | does it show up if you run 'lspci'? | 22:20 |
| leitz | fsmithred, it shows up under lsusb, so it should be good. | 22:20 |
| fsmithred | what is it? | 22:21 |
| fsmithred | atheros, realtek, intel, broadcom? | 22:21 |
| fsmithred | maybe a model number? | 22:21 |
| leitz | Ralink mt7601u, and I'm not seeing any way to "select" it. The top bar has the wifi, and lets me choose networks, but not the devices. | 22:24 |
| fsmithred | right-click or left-click should have 'edit connections' | 22:25 |
| fsmithred | and I think you can add one there | 22:25 |
| fsmithred | make sure firmware-realtek is installed (assuming this is daedalus) | 22:25 |
| leitz | Chimera, and firmware-realtek is installed | 22:29 |
| fsmithred | ok, it's the same package in chimaera. There used to be a separate one for ralink. | 22:30 |
| fsmithred | ok, I just tried this on a laptop, and 'Edit connections' is not the right place. That's for adding a different wireless connection, not wireless device. | 22:32 |
| leitz | I think I've gotten it going. | 22:35 |
| leitz | Well, I used a different wifi adapter, an actual Realtek. :) | 22:35 |
| fsmithred | and I'm already connected on the wireless device without doing anything. I must have used it before on this laptop. | 22:35 |
| leitz | Yeah, I found how to add it, but when I try to connect, even given the new MAC address, it goes to the internal wifi. | 22:41 |
| fsmithred | maybe you can turn it off with network-manager or else with rfkill in a terminal | 22:44 |
| fsmithred | you should be able to disconnect the interneal in n-m | 22:44 |
| fsmithred | left-click on the icon and it should say Disconnect under any active connection | 22:45 |
| leitz | I need to look at it after a decent break. It's a "plug and play for linux" that's taken up much of the afternoon. It doesn't work on another Linux varient either. :( | 22:47 |
| Alverstone | fsmithred, correct, seatd works. | 22:47 |
| Alverstone | But elogind want polkit | 22:48 |
| Alverstone | why? wish I knew | 22:48 |
| Alverstone | This design is really strange. Why do they need to outsource authentication to another process? Elogind already knows whether the session is active or not, and it runs as root. Why does it need polkit at all? Maybe I don't want to know at all | 22:49 |
| fsmithred | understanding polkit is above my paygrade | 23:06 |
| Alverstone | fsmithred, I don't blame you. Future is only known to titans that create it, eh? On the topic, do you know which implication might turn up if I make seatd socket world writable? | 23:07 |
| fsmithred | no I don't, but my gut says it would be bad | 23:08 |
| Alverstone | :( | 23:08 |
| Alverstone | which solution you applied? | 23:09 |
| fsmithred | for what? | 23:09 |
| Alverstone | for seatd socket! | 23:09 |
| fsmithred | I can't recall a problem to solve with it. | 23:09 |
| fsmithred | my "solution" for that particular build is to pin dbus to -1 priority | 23:10 |
| fsmithred | it's a fairly comprehensive software filter. | 23:10 |
| fsmithred | or malware filter, depending on your view | 23:11 |
| Alverstone | fsmithred, stat -c '%U:%G' /run/seatd.sock | 23:11 |
| fsmithred | I have to reboot a usb stick on a laptop to do that. Take me a couple minutes. | 23:11 |
| fsmithred | root:video | 23:17 |
| rrq | Alverstone: it's fine to make the seatd socket world accessible; no reason not to really, unless you do want to separate users who can access it from users who can't. | 23:18 |
| rrq | the "credentials" for vt control is with /dev/ttyN ownership | 23:19 |
| rrq | and seatd (like elogind) use that for device node access permission | 23:20 |
| Alverstone | fsmithred, thank you, understoon | 23:25 |
| Alverstone | understood* | 23:26 |
| Alverstone | rrq, does seatd check which tty is currently active? | 23:28 |
| rrq | yes | 23:29 |
| Alverstone | so if a process on another tty tried to request access to input devices, it gets rejected? | 23:30 |
| rrq | yes | 23:33 |
| rrq | there's a bit of code in Xorg & seatd handle VT transitions (leave + enter) | 23:34 |
| Alverstone | thank you | 23:35 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!