--- Log opened Fri Feb 16 00:00:51 2024
02:36 -!- opticron [~opticron@136.53.157.170] has quit [Ping timeout: 264 seconds]
02:46 -!- opticron [~opticron@136.53.157.170] has joined #se2600
02:46 -!- mode/#se2600 [+o opticron] by ChanServ
06:01 <@Dolemite> mr0ning, be0tches and h0ez!
06:02 <@Dolemite> Evilpig: I know you're up because you can't sleep when nervous
07:48 <@Mirage> He must've been channeling that shit my way because I didn't get to sleep until after 4a..
08:51 <@Dagmar> Jesus fuckin' christ Google has to be using a hallucinating AI to search for policy violations
08:52 <@Dagmar> That old septicycle clock widgets package got suspended from Google Play for some kind of "deception"
08:52 <@Dagmar> The notification had two screenshots, both which contain entirly 100% original images
08:53 <@Dagmar> The only non-unique thing is that I cloned the icon bedding Niantic used to fit in and that is literally not an issue
08:53 <@Dagmar> Also, I know for a fact that Niantic doesn't care
08:53 <@Dagmar> LIke, fuckin Leo or Nadia would absolutely have said something to me. lol
10:25  * aestetix hugs Dolemite 
10:26 < aestetix> when do we find out if Evilpig's name has been cleared?
10:26 <@Dagmar> When he reappears
10:26 < aestetix> ok
10:27 < Synx_> his court appearance is today? sending him good vibes
10:28 < aestetix> I could imagine crazy showed up to court wearing pajamas with the word "bitch" on the butt
10:28 < Synx_> lol
10:35 <@Dagmar> I think it'll be a win if the judge tell the woman to shut the fuck up with these ridiculous accusations of pedophilia
10:35 <@Dagmar> That is just _not_ acceptable under any circumstances
10:36 <@Dagmar> LIke, for one, we know Wilbur.  For the other, she's obviously making the accusations because she thinks being hurtful is a good substitute for having any kind of basis for her arguments
10:38 < Synx_> ya that is so fucked there should be ramifications for bringing those accusations to the court unfounded
10:43 <@Dagmar> I'm pretty sure the veiled accusations in their affidavit will be responded to with a reminder that lying is a crime
10:44 <@Dagmar> There's nothing "odd" about apartment dwellers looking for a house
11:04 < Synx_> ya, aside Dagmar, CoolRetroTerm is a terminal emulator right? I'm talking about an actual getty replacement with KMSCon, I've not got nerd fonts in my hardware console
11:05 <@Dagmar> Yes.
11:05 <@Dagmar> I've never seen any reason to bother changing the default consoles
11:06 <@Dagmar> I mean, other than when I've replaced them with applications
11:06 < Synx_> ya agreed, im just stuck in the console for a while on arch while i configure wayland so i wanted to bring over my dotfiles and forgot that my fish prompt used a nerd font :)
11:06 < Synx_> having scrollback is also huge
11:07 <@Dagmar> Consoles have always had scrollback
11:07 < Synx_> really? i thought the kernel devs removed it at some point
11:08 < Synx_> i know it had it quite a while ago
11:08 <@Dagmar> It was apparently removed for 5.9 but very few people are using that yet
11:08 < Synx_> ahh i was confused then
11:10 <@Dagmar> Mainly it was removed in 5.9 because they found a bug in the vga console code, which led to finding a couple more bugs, and no one gives much of a shit about those anymore because vanishingly no one spends the majority of their time _at_ the physical console anymore so they're just disabling it
11:10 < Synx_> makes sense
11:11 < Synx_> i should just be sshing in like a sane person
11:29 <@Dagmar> Damn they made it a bit complex to modify pam rules in rhel-alikes
11:30 <@Dagmar> I just got around to creating a whitelist for allowing logins to certain systems at work, and Debian lets you have a relatively simple place to stick something like that in
11:30 <@Dagmar> For RHEL you have to create a whole new authselect profile, generally by copying some other profile, modify _that_ and then activate it
11:38 < Synx_> joy
12:51 < Synx_> I'm so tempted to buy one of these micro pc's with multi nics off aliexpress, i've got a strong desire to get my opnsense firewall off virtualization. Its no fun doing maintenance on the hypervisor and having the entire network down at the same time 
12:58 <@Dagmar> I'd check Amazon for any Beelink models that have two NICs in them
12:58 <@Dagmar> They're almost magical
12:58 <@Dagmar> The come with like a "real" CPU in them and an nVME stick for booting/storage
12:59 <@Dagmar> ...and they're actually kinda cheap
13:56 < Synx_> ya those were exactly what i was looking at
13:57 < Synx_> some have 2.5g nics and even a few have 10g sfp+ ports
14:42 <@Dagmar> Yeah they are good stuff if you want a vm-capable CPU
14:42 <@Dagmar> We have been rather gleefully enjoying them at work
16:51 < Synx_> can i ask what you are using them for at work?
16:59 <@Dagmar> Basically thin-clients and kiosk terminals
17:00 <@Dagmar> We have a lot of people whose stuff only happens via various web portals and they're freakin' perfect for that
17:00 <@Dagmar> I'm gearing up some stuff to make them all AD-joined automatically
17:01 <@Dagmar> ...and I just (like _just_) finished an automatic cron job that works for both Debian- and RHEL-derived systems to ensure the fuckers stay up to date.
17:02 <@Dagmar> ...up to and including looking at `hostnamectl deployment` to figure out if it's on a prod system that's allowed patching, a dev system, or something else (manual only!) which will actually reschedule it's own cron job appropriately
17:02 <@Dagmar> 283 lines of nice clean bash code
17:03 <@Dagmar> I'mma let it soak on a few test boxes over the weekend and then probably push it out via mock-ansible on Monday
17:04 <@Dagmar> I've been building most of our in-house stuff on CentOS/Rocky/Alma but people seem to prefer Debian/Mint for workstation roles, so now I'm supporting both and refactoring my automation to deal with those now too
17:09 < Synx_> awesome, i love it when a good script gets finished up and it tests good, nothing feels better haha
17:13 <@Dagmar> I'm sort of racing against the clock to avoid all these little boxes getting ahead of us and turning into chaos
17:21 < Synx_> haha
17:24 <@Dagmar> I have an entire "thing" built right now that I'll probably do a pressie on at Phreaknic this yea
17:25 <@Dagmar> r
17:25 <@Dagmar> it uses x509 certs for everything
17:26 <@Dagmar> The client side will (you can see I recycle code 'tricks') automatically reschedule its cron job for a random point in the day, and at that time it will use an invitation cert to access the central webserver and "register" itself, at which point it will be issued a unique x509 cert
17:27 <@Dagmar> Then it will use that x509 cert to access a different URL where it will report in about it's various hardware bits and pieces, network configuration, and storage utilization
17:27 <@Dagmar> When it's done that the server can send back a list of very specific instructions, like changeing its deployment, changing it's hostname, installing/removing specific packges, etc
17:28 <@Dagmar> The infrastructure for Debian-deriveds is almost 100% working.  I've got a mirror for Debian and Raspian bookworm, and I just zigged when I should have zagged to make it include some extra packages so everything will be using *our* mirror and those individual certs will be the only way to access them
17:29 <@Dagmar> RHEL has been so stock on the idea of everyone using Satellite (and Spacewalk) which are a clusterfuck on teh best of days it's not going to be nearly as easy to get that running
17:30 <@Dagmar> I'm not even going to _try_ again until someone refactors that shit
17:30 <@Dagmar> I can do _better_
17:30 <@Dagmar> The Debian/Raspbian mirror takes a list of packages and uses aptly to go update a local repo
17:31 <@Dagmar> For debian I used the list from preseed and for Raspbian I just flat out took the list of packages that were installed from a new install
17:32 <@Dagmar> I've still got to finalize the ingest of the packages being reported by the client into a database, and then build a bit of stuff that scrapes our repos and loads them into a table so I can just have the database determine if something has all the packages it's should based on it's deployment tags
17:32 <@Dagmar> ...but via actual deb/rpms is how I've been installing the enterprise CA cert onto things
17:33 <@Dagmar> ...and doing most of the customization
17:33 <@Dagmar> With a bit of fancy I could probably snarf most of the local configuration data from the things, turn those into individual RPMs and restore or do a new install with the same shit
17:34 <@Dagmar> I had to do a _very_ fancy song and dance to come up with a UUID that works across teh board
17:34 <@Dagmar> Basiclaly, if I can find a serial number in DMI-space, I want that, so I run that thought sha256 sum and chop off the latter half
17:35 <@Dagmar> If I can't then I go hunting mac addresses for the first wired interface, and failing that the first wireless interface, adn _that_ gets run through sha256 and circumcized to 128 bits
17:36 <@Dagmar> "machine-id" is a made up number based on nothing which can identify an "install" but it can be wiped or changed or lost which is not useful for our purposes
17:36 <@Dagmar> So long as a motherboard doesn't have a NON UNIQUE serial flashed into dmi-space we're golden
17:36 <@Dagmar> VMs report weird shit, if they report anything at all for a serial
17:37 <@Dagmar> ...but the MAC address is generally very persistent
17:37 < Synx_> wow thats awesome, what are you doing this all in? ansible/python?
17:39 < Synx_> ugh son of a bitch, my new team (got re-org'ed last month) just got split into groups of 4. that is way too damn small of a grouping for doing on-call rotations
18:17 <@Dagmar> Perl & bash
18:17 <@Dagmar> The client bits are all bash scripts
18:17 <@Dagmar> The server end is all mod_perl
18:17 <@Dagmar> The only even slightly not-vanilla prerequisite on the machine end is wget
18:19 <@Dagmar> ...but the CN field of the cert the clients check in with contains the UUID they registered with so everything is tracked by that
18:19 <@Dagmar> No crazy 10,000+ framework for session cookies needed
18:23 < Synx_> nice
18:23 <@Dagmar> So far it seems more computationally efficient than what I was doing previously over ssh
18:24 < Synx_> hope that gets your some recognition at work, that is if you are looking for that
18:24 <@Dagmar> I have sort of an uncomforable level of recognition as it is
18:24 <@Dagmar> the C-levels _looove_ the stuff i'm doing
18:24 < Synx_> thats always a good kind of candy to trade in :)
18:24 <@Dagmar> ...mainly because the users _love_ iot
18:24 <@Dagmar> er it
18:25 <@Dagmar> Some of it's just simple stuff, like there's a thing that's normally only accessible from the office, but people need access to it from off-site
18:26 <@Dagmar> So... I built (several actually) what amount to an Apache proxy wrapper, so they can login with a username/password that gets them through teh auth gateway and then they can login to the actual site with their AD credentials
18:26 <@Dagmar> Another thing is used by _many_ of the kitchens, and it's just a website that buckets them into the right group based on their calling iP and lets them put in special lunch orders that appear just like a blog scroll
18:27 < Synx_> haha thats great
18:27 <@Dagmar> In the kitchen, ther'es a display wiht the same URL showing on it that updates every 30-45 seconds and color codes the requests, they can mark them as noticed (which shows up on the tablet the staffer is using when they refresh) etc etc
18:28 < Synx_> you'd do awesome at my company, they love builders that innovate their own solutions to complex problems
18:28 < Synx_> not that you'd want to work here
18:28 <@Dagmar> It's just using local storage and I had some issues with speed because it was getting used so much the start time of perl scripts was getting underfoot, so I figured out mod_perl and rebuilt it with that and now it's pretty much ready to scale to all our centers with a minimal three virtual cores that don't even max out their load
18:29 <@Dagmar> ...and I do most of this stuff in the slack times _between_ reading through pcaps and so forth to untangle whatver networking issue is going on
18:29 <@Dagmar> My biggest problem is that I need more _mes_
18:30 <@Dagmar> I get something working to the 0.9beta point and hten some other project becomes more important and I have to switch
18:30 <@Dagmar> ...which is part of the reason I'm so big on automattion
18:31 <@Dagmar> We've got 100+ centers and going round to all of them one at a time is not really an option
18:31 < Synx_> lol im the same way even in my personal projects, grand vision but once its just working i move on to something else
18:31 <@Dagmar> I've got a thing that grabs a copy of their configs nightly, and other things so I can run scripts on them all without even involving the Fortimanager
18:32 <@Dagmar> I have one thing that's a documents safekeeping system that I _really_ want to focus on and have us take some money for medical records management
18:32 <@Dagmar> Like, it _works_ now, but I want to get all the actual files indexed in the database and apply a full labeling system to them for access
18:33 <@Dagmar> ...because then I can partition it and we can basically sell access to it or clone it out for on-prem things for otehr companies
18:33 <@Dagmar> I'm pretty sure there's a bunch of money to be made in that space
18:33 < Synx_> EMR is big business
18:34 < Synx_> and its in desperate need of standardization 
18:34 <@Dagmar> Not a fan of the point we're at where I'm going to have to start looking at LTO system so we've got a way to make archival backups of these things without attaching a few 4Tb USB drives
18:34 < Synx_> archival grade bluray?
18:35 <@Dagmar> Not large enough
18:35 <@Dagmar> I have a blueray drive here at home
18:35 <@Dagmar> The _smallest_ pile of docs _just we_ have will fit on one with a bit to spare
18:35 < Synx_> ahh
18:35 <@Dagmar> Backing up the lot would be more like ten of them
18:36 < Synx_> cloud? glacier deep archive
18:37 <@Dagmar> There's just no good way to back up over a terabyte of stuff
18:37 <@Dagmar> Not without tape
18:37 < Synx_> tape is the gold standard
18:38 <@Dagmar> Oh yeah, while we have Veeam for the Windows stuff Ben scored a box with about 35Tb of disks in it which I just plain turned into a near-line backup system for the Linux stuff that runs on rsync and keeps nightly backups
18:38 < Synx_> rsync is such a simple backup solution that is installed in damn near everything
18:38 <@Dagmar> I have yet to have the time to write another shell script to let the admin of a box go and query the backup server to restore a given version of a file like veeam can do
18:39 < Synx_> im partial to borg backup though
18:39 <@Dagmar> Well, this is all ssh keys, too
18:39 <@Dagmar> The server has a key for each machine that will let it run rrsync
18:39 < Synx_> nice
18:41 <@Dagmar> Yah as a hat trick they also do a quick image of their boot sector and partition table so if I absolutely have to I can restore them back to whatever VM as needed
18:41 < Synx_> smart
18:41 <@Dagmar> If PXE could be a little more granular so I could run a separate one in our network I would be super happy
18:41 <@Dagmar> ...although I'm getting close to that point now that we're starting to finally get comfy with the idea of software-defined networks, i.e., vlans
18:42 <@Dagmar> I've got an independent DHCP/DNS server set up so I can stretch some connections out to centers and manage the out of band networks through that
18:42 < Synx_> welcome to the future haha
18:43 <@Dagmar> ...and I'm going to be basically stretching a new VLAN across my vhosts so I can just go ahead and run a DHCP/PXE setup on that so I can then for sure restore my backups to VMs
18:43 <@Dagmar> VLANs have a real "synergy" with virtual machines
18:44 <@Dagmar> The windows guys are equally overloaded which is I suspect why they've not decided I'm some kind of threat or something
18:44 < Synx_> haha
18:44 <@Dagmar> For sure I could _never_ get this kind of stuff oging at Vandy because every ignorant SOB on the planet would insist on getting their piece of the action
18:45 < Synx_> at my last job i ended up having to support some GPO stuff and man was i out of my element
18:45 <@Dagmar> Yeah I do *not* want any part of the AD stuff
18:45 <@Dagmar> ...but I definitely want to free up some of their time by taking the infrastructure stuff out of their  way
18:45 < Synx_> all our solaris boxes were AD joined *cries inside*
18:46 <@Dagmar> They're sharp guys and I know they can wrangle those things with ruthless efficiency if they weren't getting snarled in messes all the time
18:46 <@Dagmar> Yeah I'm not ready to try to roll out Samba as an AD controller backup but I want to
18:47 <@Dagmar> Just in case something terrible happens I'd be able to slap down a quick change and have all the LInux boxes looking to the new AD controller on Samba which doesn't have any ransomware shit in it
18:47 <@Dagmar> ...but trying to build a homogenous identity management system is a real bitch
18:47 <@Dagmar> er maybe that's the wrong word
18:47 < Synx_> man samba shares on those things were a bitch getting AD kerberos working
18:48 <@Dagmar> Sorry, yeah, _heterogenous_ so if Windows gets compromised I can just lock it out and keep running on Linux while they fix it
18:48 <@Dagmar> Synx_: It's gotten way easier in the last 8 years with realm
18:49 <@Dagmar> I ccan get a box doing AD auth in about ten minutes, doing it manually, with one domain admin account
18:49 < Synx_> nice
18:49 <@Dagmar> Maybe three minutes tops if I'm already familiar with the box
18:50 <@Dagmar> I didn't
18:50 <@Dagmar> I didn't automate that at first because I needed to jump through the hoops repeatedly until I understood it all
18:50 < Synx_> got to be really familiar with failure modes before you automate something, that takes time :)
18:51 <@Dagmar> NOW I just have a mock ansible tarball I open up on a machine, and run like 'JOIN_TO_AD=y bash makeitso.sh` and then slap in the domain account password hwen it asks
18:51 < Synx_> haha
18:51 <@Dagmar> ...and it largely does "all the things" from there, including notifying Nagios about the services it's running, registering with the backup server, etc etc
18:52 <@Dagmar> if I don't set that variable it just skips over all the AD-specific bits and then I'm usually sitting there going "why is it not authing?"
18:53 < Synx_> whelp, gotta go and help my wife cook dinner (i live in pacific time now)
18:54 <@Dagmar> Good luck!
18:54 < Synx_> ill try not to chop a finger off
20:44 -!- Mirage_ [~mirage@ra.thehippo.net] has joined #se2600
20:44 -!- mode/#se2600 [+o Mirage_] by ChanServ
20:44 -!- Mirage_ [~mirage@ra.thehippo.net] has quit [Client Quit]
20:45 -!- Mirage_ [~mirage@ra.thehippo.net] has joined #se2600
20:45 -!- mode/#se2600 [+o Mirage_] by ChanServ
20:45 <@eryc> when will meta employ gen z from every mit class gruaduate
20:47 <@eryc> channel five doesn't fuck with custer
21:55 <@Dagmar> Less drinking more thinking
22:42 <@Mirage_> Pretty cool.  Tempted to snag it and run it as a VM.  https://youtu.be/SATYQyIcimM
22:42 < PigBot> A Modern Operating System in 1.44MBs - YouTube (at youtu.be) http://tinyurl.com/27ge2oqn
22:43 -!- Mirage_ [~mirage@ra.thehippo.net] has quit [Quit: leaving]
22:44 <@Mirage> Heh, forgot I'd connected from this other jump box when my NAS took a shit.
22:44 <@Mirage> https://kolibrios.org/en/
22:44 < PigBot> KolibriOS official site (at kolibrios.org) http://tinyurl.com/ybsyw33p
--- Log closed Sat Feb 17 00:00:52 2024