@signal9 followed @Alanna
@signal9 voted I went to Sweden with a friend today. We took the ferryboat from Helsingør
@signal9 voted I went to Sweden with a friend today. We took the ferryboat from Helsingør
@signal9

Heavy week. The start-up where I work had to make big cuts, 20% of the team, and I had to help choose. Not a good feeling. Doing the deed even worse, while we try to remain (or become) positive restructuring what's left and relearning to execute.

Positive side, I've taken over cybersecurity. I don't know everything I need to know, but I think I can learn. It's a huge and fertile problem space where I've had interest for some time. It's fun. Requires a lot of focus. I'm tired :smile:

Social discussion made its way into game night, and a completed game of Forbidden Island devolved into a heated debate on wealth disparity. I think I said some pretty tough things to a friend. There were beers. We're all middle-class American tech workers. Nobody is impressed.

So, yeah, unload on scuttlebutt. Maybe it's a safe place to vent these things. I don't have an FM transmitter, this will have to be my pirate radio.

That's the news from Lake Wobegon...

@signal9 in #cooperative
Re: %ZdkD1w8sh

I've proposed exploring a (or many) tech union here in the states a number of times over the last several years. As work is plentiful, particular in the Denver/Boulder area, there is little to motivate. Personally, I say solve problems before you have them. For a bit I looked at leveraging the existing IWW framework, but they are at this point largely an historic union and only really working to organize unskilled labor. I proposed organizing tech workers at a meeting a couple years ago and they looked at me like I grew another head, though the prospect of full-dues paying members seemed attractive...

All of that aside, I'm quite interested.

@signal9 subscribed to channel #Dat
@signal9 voted [@signal9](@l46t7D+90dV8nf7FvKmA6Ro998Qf1Nx6KUypqEvDEBY=.ed25519) I joined
@signal9 in #books
Re: %6J+1YrbNV

It's so good! I haven't gotten to play much lately as my weekly tabletop game group has moved on to a variety of board games. We were playing casual homebrew every week for a couple of years before we stopped.

I've read a number of MtG novels, started buying them as I can find them in used book stores in the area. The quality varies, but they tend to be pretty fun and add a lot to the cards, for me. So far The Brothers' War is easily the best.

@signal9 voted [@Mikey](@6ilZq3kN0F+dXFHAPjAwMm87JEb/VdB+LC9eIMW3sa0=.ed25519) won't shut
@signal9 followed @mixxx
@signal9 voted [@signal9](@l46t7D+90dV8nf7FvKmA6Ro998Qf1Nx6KUypqEvDEBY=.ed25519) you can f
@signal9
Re: %fT0dPiiYD

Thanks, @mix! I work in a similar space as Loomio, though with the unfortunate monicker of "digital engagement," as our application is sold in the enterprise professional services space. Oh gawd, let's hope that's the most awkward sentence I type this week. Let's just say that on a surface level I don't have a lot in common with my clients. Deeper, of course I do.

I don't have a topic for now, but I appreciate you making yourselves available. I and my colleagues found @richdecibels interview particularly inspiring.

@signal9 followed @Richard D. Bartlett
@signal9 voted Hi everyone, greetings from Brazil. I am amazed to find such incredible com
@signal9 in #books
Re: %u26WShaFb

I tore thru Walkaway and may reread in the near future. My friends, who would otherwise not have read it, are reading it now just to shut me up about it.

Also recently reread A Brave New World.

"The Power of Neighborhood" and The Commons by P.M.

The Brothers War, first in the Artifact Cycle - a Magic the Gathering novel because I'm a giant nerd.

@signal9
Re: %fT0dPiiYD

I listened to the Team Human podcast hosted by Douglas Rushkoff where he was talking to Richard D. Bartlett from Loomio and was riveted. I listened to that episode 3 times. Somehow while reading about Loomio and what was going on in NZ I stumbled upon scb. I was traveling at the time and did not bring a laptop, but I read everything I could get my hands on when I had access to LTE.

I've been long interested in p2p and limited-connectivity systems and am frequently fooling around with stuff like Forban, PirateBox, IPFS etc. and scb fit right in there. Firing up Patchwork sealed the deal, and this makes up the majority of my "social networking."

@signal9 voted Everytime I setup a new SSH Server, I have to search _teh indexez_ for this
@signal9
Re: %RRqjIzyKS

I've worked for a number of companies who claim meritocracy. I have even been considered one of merit. After the high that comes with being deemed meritorious wears off, the meritocracy reveals itself to be self-supporting. Those with merit (knowledge, wisdom, skill) are in charge. I am in charge, therefore I have merit and am entitled, no, admonished to bestow merit upon- and to withhold it from - others as I see fit. If I like you and you support my position, perhaps you have merit and will be invited to participate. If I do not like you, well, you're just going to have to go away, aren't you? You lack merit.

This whole manner of thinking may justify any number of weird decisions.

@signal9 subscribed to channel #crypto
@signal9 in #linux
Re: %9lBDLWpkN

Thanks! And thank you for sharing this info, not something I was familiar with. I'll add this to my own docs and share with the local group.

@signal9
Re: %lpZQfr9NH

I'd been thinking about going in that direction, to tell you the truth. There is some browser p2p stuff I want to play with and I think that's the way to go. I wanted to see about compiling Rust to a webassembly target instead, however.

I do like me some lisp. Coded a fair amount of SBCL in the past...

@signal9

I feel like I have bandwidth to learn one: rust or go?

@signal9 voted this
@signal9 in #gardening
Re: %AZgo+zGqh

I should try this around my basil and beets. Something has been munching on them...

@signal9 voted this
@signal9 in #new-people
Re: %xXjNDWeuM

Greetings, new person.

@signal9 voted We need a bookmark system for patchbay, this looks very interesting. Thanks
@signal9 in #new-people
Re: %+x42uH7nI

Howdy.

@signal9
Re: %30SkZmxP2

Has this been pursued? I am looking to build myself a small, occasionally connected network device, and this looks like it could be a good base.

@signal9 in #words

gambiarra, a Portuguese word that seems to, rather gracelessly, translate to kludge, is highlighted in article below as a Brazilian virtue:

'Gambiarra refers to all kinds of improvised solutions to concrete problems that appear when one doesn't >have access to the proper tools, materials, parts or specific knowledge to perform a given task. It is all >about repairing or re-purposing objects that seemed to be of little use but end up acquiring new value out >of tacit, applied creativity. I sometimes call it "everyday innovation".'

https://efeefe-arquivo.github.io/livro/repair-culture/gambiarra/

@signal9 in #words
Re: %trBmSY6Px

There is a school of thought in the US where management tries to treat people as fungible as well.

@signal9 subscribed to channel #runcible
@signal9 in #linux
Re: %c0XRY9uIe

@jer Forgive me if I overlooked it, but did you say whether you were dual-booting on your Mac, or if you were using a new machine?

@signal9

I like how Scuttlebut encourages me to slow down. No point in hitting refresh all day, responses come when they come and not a minute sooner. And I have to live with my mistakes. If I misspell something, make a social misstep or flub a thread, it's just there. No fixing it.

Reminds me to remember that everyone else is having this same experience.

@signal9 followed @dominic
@signal9 followed @WookieDefense
@signal9 in #linux

Please forgive me if that's too spammy. I may have borked the threaded bits a bit.

@signal9 in #linux
Re: %9lBDLWpkN

Lock down SSH access

Disable root remote login

We have options to significantly restrict SSH access and to minimize the ability
for attackers to brute-force a remote login. First, we will require that all SSH
users are non-root users. We will edit /etc/ssh/sshd_config. Find the setting
PermitRootLogin and set it to no.

Disable passwords

Still in /etc/ssh/sshd_config, look for the setting PasswordAuthentication
and set it to no. This will disable the use of passwords when logging in over
SSH, thus requiring that your keys have been installed.

Now you may restart the SSH server for the new settings to take effect.

sudo systemctl restart sshd

You should now see access denied when trying to log in as root, or as any user
not configured in ~/.ssh/config

Removing unwanted services

There are likely at least a couple of services running on a default installation
that we do not want. To list the running services, type:

sudo netstat -tulpn

On my system, I expect to see sshd and dhclient, but I also so see rpcbind
rpc.statd and exim, which I currently do not intend to use. I see that
removing rpcbind will also remove rpc.statd, so I only have to uninstall
one.

sudo apt-get purge rpcbind exim4
sudo systemctl stop exim4

Running sudo netstat -tulpn again will show that now we are only running
sshd and dhclient.

@signal9 in #linux
Re: %9lBDLWpkN

Improve SSH Access

Generate a keypair

Our goal is to allow our user to authenticate to the virtual server using public
key encryption rather than passwords. To do this, we will have to generate a
keypair and install the public key on the virtual machine.

First, we need a safe place to keep our keys and configs. On your local machine:

mkdir ~/.ssh
chmod 700 ~/.ssh

Now, also on our local machine, we will generate our key. If a key name is not
specified, the default is to create a pair of files called id_rsa and id_rsa.pub.
Today we will create a keypair called debian_server

ssh-keygen -b 4096 -f ~/.ssh/debian_server

Push your keypair

During keypair creation, you will be prompted for an optional passphrase. It is
up to you whether you use one, but an empty passphrase is also acceptable.

We will need to copy our public key to the virtual server to use it for remote
access. To do this, we'll use ssh-copy-id. On your local machine:

ssh-copy-id -i ~/.ssh/debian_server *youruser*@*yourip*

You will be prompted for your remote password, then the file will copy securely
to the remote machine. To verify the key is present on the virtual server, from
that machine type:

cat ~/.ssh/authorized_keys

You should see your key as the last item listed.

Configure SSH locally

At this point you should be able to access the virtual server using your keypair
for authentication:

ssh -i ~/.ssh/debian_server *youruser*@*yourip*

However, why do so much typing? ssh allows us to configure our local client
for name-based access.

On your local machine, create or edit the file ~/.ssh/config and add the
following:

Host debian-server
    HostName *yourip*
    User *youruser*
    IdentityFile ~/.ssh/debian_server

With this in place, you may connect to the remote server simply by the name
configured:

ssh debian-server
@signal9 in #linux
Re: %9lBDLWpkN

Configure networking

In order to allow us to access our virtual machine over ssh, we need to enable
and configure the host-only network adapter we added to our virtual machine.
While this is not a step we would often perform when setting up a typical cloud
VPS, it is good to be at least aware of network interface configuration.

During installation, Debian only configures the primary interface, eth0.
We're going to leave this be and enable eth1 for our remote access. While this
step is not typical when configuring a cloud server, the networking principles
are basic to Linux and worth at least being aware of.

Verify network interfaces

Having logged into the virtual machine as root, check and verify that both
network interfaces are present:

ifconfig -a

You should see two configured interfaces: eth0 and eth1. eth0 will have
an IP4 address configured, and perhaps an IP6 address as well. eth1 should not
have any addresses assigned

Enable secondary interface

Using your editor of choice, open /etc/network/interfaces

To the end of the file you will want to add:

# Secondary network interface, vbox host-only
allow-hotplug eth1
iface eth1 inet dhcp

Save and close the file.

The first line tells the server to automatically bring up the interface. The
second configures it for DHCP. A static address may be configured, but we'll
stick with this for now.

Now, reboot the machine:

shutdown -r now

When the machine comes back up, log in again as root and once again check our
interfaces by typing ifconfig -a.

We should now see the second interface, eth1, has an IP4 address assigned.
Make a note of this address as we'll need it later. We should also now be able
to access the virtual machine from our host machine over ssh:

ssh *youruser*@*yourip*

Empower your user

It is best to do most if not all of your work as a less privileged user than
root. The Debian installation creates a user for this purpose. We will want to
allow this user to perform some tasks with escalated privileges.

First we will need to install sudo and give our user access.

apt-get install sudo
adduser *youruser* sudo

Now, log out of the root account and log back in with your less-privileged user.
We will test that we have access to sudo:

sudo ls

You should have been warned about the implications of using sudo and prompted
for your password.

@signal9 in #linux
Re: %9lBDLWpkN

Intalling Debian

Debian has a number of installation options, including a graphical install. We
will be using the default install method. When the Debian installation screen
appears, press Enter. The first few screens ask information regarding
localization and keyboard maps. Do what you will.

You will encounter a screen labeled Configure the Network where you should
see two available network interfaces. The default is to use eth0 as the primary
interface. This is fine.

Choose your hostname and domain. These can be changed later, and since we're
running on local VMs, it doesn't overly matter for what we're doing.

Choose a root password. You will also be asked to create a new user. Enter and
verify that user's password. We will be working with this user more later.

Choose a timezone. When it is time to partition disks, choosing Guided - use
entire disk
and all files in one partition is fine for our purposes. Agree to
the partition table and continue.

It is ok to use the defaults when configuring the package manager. After
choosing a location and a mirror (and configure a proxy if necessary) Debian
will download and install the base system.

On the software selection screen, we will deselect Debian desktop environment
and print server, but we will enable SSH server. A desktop environment
may be added later if you want, but since this is intended as a server, we want
a pretty bare-bones system. Navigate thru the screen using your arrow keys.
Press the space bar to select or deselect an option. Tab to Continue and press
Enter. Debian will install the remaining packages.

You will be asked to install the GRUB boot loader, to which you will agree and
select /dev/sda as the installation target.

With this complete, you will be prompted to reboot. Don't worry about removing
the installation media, the system will do that for you.

In a few seconds, you will see the boot loader screen. Hit enter, or wait for
it to autoboot. You will then see a login prompt. You are now ready to log in.
The next few steps will require elevated privileges, so go ahead and log in as
root.

@signal9 in #linux

A group have friends and I have a bit of a Chautauqua going on that we call Science Fridays. The topics vary. One week was a discussion of general relativity (whiteboard session, utterly over my head) while another week was largely made up of white flour and gunpowder. Below are some notes I wrote for a presentation I'll be making in the near future. I thought I'd like to share it here. May be a bit elementary, but hey, we're not all of us Linux gurus.

Science Friday - Basic Setup and Hardening of a Linux Server

Prerequisites

  • Install VirtualBox for your platform
  • Download a Debian netinst ISO from Debian

Setting up our machine

Create a host-only network

In order for us to be able to access our virtual machine over the network, we
will need to create a host-only network. The finer points of what exactly this
means are beyond the scope of this document.

  1. Open VirtualBox preferences
  2. Select Network
  3. Open the Host-only Networks tab
  4. Click on the + button

This will add a new host-only network adapter, likely named vboxnet0.

Create a new virtual machine

Click New. In the open dialog, give your machine a name, type and version.
In our case, we will be creating a Linux machine, version Debian (64-bit).
The next few pages, we will go with the defaults for memory and disk size.

Click on the newly created record and then click Settings. Under Storage,
select the installed device under Controller IDE labeled Empty. Next to the
Optical drive, click the disk icon and navigate to the Debian installation ISO
you downloaded earlier.

Under Network, click on the Adapter 2 tab and check Enable Network Adapter.
In the Attached to dropdown, select Host-only Adapter. vboxnet0 should appear
under name.

At this point we should be able to start the virtual machine and the Debian
installation media will boot.

@signal9
Re: %c/OBnsPGt

Makes sense to me, and that's likely what I do.

Thanks for the other references, I'll check them out.

@signal9
Re: %c/OBnsPGt

Ok, if the limit is 8k, then I guess that's the culprit. Too bad, the rendered content looks pretty nice :-).

@signal9
Re: %c/OBnsPGt

Yeah, it seems that Patchwork does not open git-ssb links. I have more stuff to install, it looks like.

@signal9
Re: %c/OBnsPGt

Where should I expect the link you reference to open? I'm afraid it just opens a browser to a 404.

@signal9 in #patchwork-help
Re: %c/OBnsPGt

I'm afraid I do not know how to interpret the links you sent.

@signal9 in #patchwork-help
Re: %c/OBnsPGt

I have not tried those clients. I'll check them out. I took a screenshot of the error as well, please see attached.
patchwork-error.png

@signal9 in #patchwork-help
Re: %c/OBnsPGt

I'm sorry, v.3.6.5

@signal9 in #patchwork-help

Hi. I'm trying to publish some markdown content. When I paste into an input box and hit 'Publish', a dialog opens where the content looks pretty great. When I hit 'Confirm', it pretty well hoses Patchwork and I have to restart. The content is 9463 bytes, basic markdown with no linked images. If I open the dev tools I see an error in the console where there are errors about size being exceeded. I'm surprised as I'm sure most of the images I see are larger (yeah, blobs.)

Thoughts?

@signal9 subscribed to channel #linux
@signal9 unsubscribed from channel #Gnu/Linux
@signal9 sent a private message
@signal9 in #colorado
Re: %TvOYERIYl

I'm interested in talking dex and tech in Colorado. I've been here 20 years this summer, coding between Denver and Boulder the last 17 or so.

@signal9 subscribed to channel #colorado
@signal9 subscribed to channel #faq
@signal9 subscribed to channel #Gnu/Linux
@signal9 subscribed to channel #p2p
@signal9 in #golang
Re: %QJu2sAqri

Oh, so that's cool. Been running vim-go for a few minutes now. Hadn't even thought about the tooling, it's pretty nice. I especially like the integrated docs. This will be fun, thanks.

@signal9 in #golang
Re: %QJu2sAqri

Thank you, I'll check them both out. Somehow I've avoided syntastic, thus far, maybe it's time to give it a go (ahem).

@signal9 in #golang

Hey, all.

I'm finally getting around to picking up go. I'm a die-hard vi user, so I was wondering if any of you were coding go in vi, and if so what if any plugins/syntax files you were using?

Cheers.

@signal9 followed @pub.mixmix.io
@signal9 dug [@signal9](@l46t7D+90dV8nf7FvKmA6Ro998Qf1Nx6KUypqEvDEBY=.ed25519) no, you a in #decentralize
@signal9 in #decentralize
Re: %ngUVVVlo6

My apologies, I should not have butt in.

@signal9 in #decentralize
Re: %ngUVVVlo6

What do you need out of said American? Like, paperwork? I know Americans. Like, loads of them.

@signal9 dug for anyone following along, here's where it's up to - a fully drag and drop in #ssb-show-and-tell
@signal9 in #rust
Re: %6eCEK4m+m

I've been keeping an eye on Rust since it hit 1.0. I like many others found the memory management to be especially challenging, though otherwise I really enjoy the language. For the most part my daily tasks do not require a language this low-level, but I would like to add it to my repertoire.

Perhaps once Mozilla releases Firefox using Servo we can consider the language prime-time?

@signal9 dug # The state of Rust from the point of view of a casual observer Since it s in #rust
@signal9 dug Pouring rain. :umbrella: Sitting on the bed pair programming. Doing git d in #theville
@signal9 dug @noffle, > _What else are you growing or want to grow @kas?_ My balconies in #urban-gardening
@signal9 followed @gb
@signal9 in #coffee
Re: %0KspCoBww

Sorry to jump in late to this thread, but it is relevant to my interests :-)

We use an 8-cup Chemex pour-over and a run-of-the-mill Farberware electric kettle which we discovered while visiting the UK. While we used to use paper filters, that ended up being way too much waste and really dominated the compost pile, so we replaced it with a re-usable filter.

For a number of years we'd gone thru this horrible phase of buying increasingly expensive automatic grind-and-brew machines, hoping that the new one would be better than the last, but alas! The luddite approach has been a massive improvement for a few years now. Remarkable how many household "conveniences" have gone by the wayside in the same manner.

@signal9 followed @Kas
@signal9 followed @webi
@signal9 subscribed to channel #urban-gardening
@signal9 subscribed to channel #cjdns
@signal9 subscribed to channel #security
@signal9 subscribed to channel #rust
@signal9 subscribed to channel #scuttleverse
@signal9 subscribed to channel #scuttlebot
@signal9 subscribed to channel #golang
@signal9 subscribed to channel #against-consensus
@signal9
Re: %HSnQT3DbT

I hadn't heard of this. Thank you for the tip.

@signal9 dug Hey, welcome to the scuttleverse! We're glad to have you. in #new-people
@signal9 subscribed to channel #mesh
@signal9

Digging into using protocols similar to ssbc in browsers over WebRTC to solve bandwidth problems for groups of users. I'm seeing WebRTC + gossip protocols + something akin to bittorrent to share larger assets (think PDFs, images, etc) where connectivity to a group (think shitty wifi in a hotel conference room).

@signal9 subscribed to channel #magicthegathering
@signal9 in #new-people

Hello, all!

I'm glad to be participating in the network. In addition to decentralized networking, I'm interested in encryption and security; programming, python when I can; old European motorcycles and gardening. I look forward to getting to know some of you.

Cheers,
signal9

@signal9 subscribed to channel #gardening
@signal9 subscribed to channel #ssb-show-and-tell
@signal9 subscribed to channel #decentralize
@signal9 subscribed to channel #python
@signal9 subscribed to channel #new-people
@signal9 followed @ssb.rootsystems.nz
@signal9 connected to a pub
@signal9 changed something in about
@signal9 changed something in about