data1701d

joined 10 months ago
[–] data1701d@startrek.website 2 points 8 hours ago (1 children)

You're somewhat right in the sense that the point of disk encryption is not to protect from remote attackers. However, physical access is a bigger problem in some cases (mostly laptops). I don't do it on my desktop because I neither want to reinstall nor do I think someone who randomly breaks in is going to put in the effort to lug it away to their vehicle.

[–] data1701d@startrek.website 1 points 8 hours ago

Clevis pretty much does TPM encryption and is in most distros' repos. I use it on my Thinkpad. It would be nice if it had a GUI to set it up; more distros should have this as a default option.

You do have to have an unencrypted boot partition, but the issues with this can at least in be mitigated with PCR registers, which I need to set up.

[–] data1701d@startrek.website 1 points 11 hours ago

It’s a smidge more difficult on Debian if you want to use a non-ext4 filesystem - granted for most people, ext4’s probably still fine. I use it on my desktop, which doesn’t have encryption.

[–] data1701d@startrek.website 3 points 12 hours ago (1 children)

Yes, fellow OpenTTD player.

[–] data1701d@startrek.website 2 points 13 hours ago (3 children)

I’m using LVM. The BIOS solution would be a bad idea because it would be more difficult to access the drive on other systems if you had to; LVM allows you to enter your password on other systems to decrypt.

[–] data1701d@startrek.website 3 points 1 day ago (1 children)

Do your servers have TPM? Clevis might be the way to go; I use it on my Thinkpad and it makes my life easy. If the servers don’t have TPM, Clevis also supports this weird thing called Tang, which from what I can tell basically assures that the servers can only be automatically decrypted on your local network. If Clevis fails, you can have it fall back to letting you enter the LVM password.

Well, it was worth a shot.

I don't do it for my desktop because 1) I highly doubt my desktop would get stolen. 2) I installed Linux before I was aware of encryption, and don't have any desire to do a reinstall on my desktop at this time.

For my laptop, yes, I do (with exception of the boot partition), since it would be trivial to steal and this is a more recent install. I use clevis to auto-unlock the drive by getting keys from the TPM. I need to better protect myself against evil maids, though - luckily according to the Arch Wiki Clevis supports PCR registers.

I wouldn’t necessarily say that - Debian and FreeBSD releases have roughly the same support lifespan, meaning if installed on release day, you’d get a few (~5 years) years of support without major upgrades.

I’d say both systems have a high chance of success at upgrading to the immediate next version, so that becomes maybe 7 or 8 years when adding the years of support left on the now older immediate next version.

For a second immediate next upgrade, you might be right that a BSD has a better chance of surviving.

I wouldn’t know about Open SD, though, as they operate on point releases and I don’t know to what extent they prevent breaking changes.

I think you might win.

[–] data1701d@startrek.website 1 points 1 day ago (2 children)

I feel like I had a problem very much like this with Debian Testing on my Surface Go 1 (and I think my desktop too) a couple years back, and it turned out there was issues with /etc/nsswitch.conf. I can't remember exactly what I did, but this is the current contents of that file:

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files systemd
group:          files systemd
shadow:         files
gshadow:        files

hosts:          files mdns4_minimal [NOTFOUND=RETURN] dns myhostname
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Compare yours - maybe even post it so I can try to reproduce the issue on my machine. Anyhow, hope it helps, and good luck.

[–] data1701d@startrek.website 2 points 2 days ago* (last edited 2 days ago)

It depends. Sometimes I shut it down every night. Occasionally, I'll leave it in sleep mode for a few days.

I think the longest uptime I've had on anything I've owned is probably a month or so on a Raspberry Pi 4 server I used to have running with a personal Mediawiki instance (I still have the Pi, but if I ran a server in my dorm, I have the feeling someone might come to bite off my hand).

 

I made Cathode - don’t vote for it (or at least, don’t give it a high rank, since Debian uses ranked choice). It kind of sucks, honestly; I was just having fun.

I have a feeling Juliette Taka’s going to keep being the de facto face of Debian for a long time - I ranked hers first in the voting.

 

I guess for the thrill, same reason that I’m attempting LFS?

 

Personally, to keep my documents like Inkscape files or LibreOffice documents separate from my code, I add a directory under my home directory called Development. There, I can do git clones to my heart's content

What do you all do?

 

Half of these exist because I was bored once.

The Windows 10 and MacOS ones are GPU passthrough enabled and what I occasionally use if I have to use a Windows or Mac application. Windows 7 is also GPU enabled, but is more a nostalgia thing than anything.

I think my PopOS VM was originally installed for fun, but I used it along with my Arch Linux, Debian 12 and Testing (I run Testing on host, but I wanted a fresh environment and was too lazy to spin up a Docker or chroot), Ubuntu 23.10 and Fedora to test various software builds and bugs, as I don't like touching normal Ubuntu unless I must.

The Windows Server 2022 one is one I recently spun up to mess with Windows Docker Containers (I have to port an app to Windows, and was looking at that for CI). That all become moot when I found out Github's CI doesn't support Windows Docker containers despite supporting Windows runners (The organization I'm doing it for uses Github, so I have to use it).

40
submitted 4 months ago* (last edited 4 months ago) by data1701d@startrek.website to c/linux@lemmy.ml
 

Continued From: https://startrek.website/post/13283869 https://startrek.website/post/14075369

I managed to fix the one biggest gripe about my Thinkpad E16: the RTL8852BE Wi-Fi controller randomly dropping out. I actually found this a few days ago, but I had forgotten where I put the file I had edited. You put a file in modprobe.d called 70-rtw89.conf. Both /etc/modprobe.d/ and /usr/lib/modprobe.d work - I used the latter, but for the sake of conventions, you should probably use the former.

You then put in these options for the rtw89 module: options rtw89_pci disable_clkreq=y disable_aspm_l1=y disable_aspm_l1ss=y

Now, my Thinkpad is a fully functional Linux laptop. I will be docking it to an 8 from my initial score of 8.5, but I'm back to liking it for now. If you apply the fix, be sure to update the firmware as well - some older distros have an old version that works but returns a lot of journalctl error on this card.

Update: What do you know! The updated firmware-realtek just went into backports!

Thanks, https://bugs.launchpad.net/ubuntu/+source/linux-oem-6.1/+bug/2017277

21
submitted 4 months ago* (last edited 4 months ago) by data1701d@startrek.website to c/linux@lemmy.ml
 

Original Post: https://startrek.website/post/13283869

Update: Nope, I'm still having the problem. It seems to be an ACPI problem. I found a potential solution, which I will test soon. The issue seems to only occur when using the charger and Bricklink Studio. These seems to be a common issue on Lenovo.

Another update: I fixed it, but I can't remember what I did. I'm having a great experience again. I'll see if I can find the fix for other owners of this laptop.

Update: I remember what I did, and have detailed it and where I found the fix here: https://startrek.website/post/14342770 . You should probably update the firmware for the sake of a clean journalctl, though.

After using this laptop a few weeks, I have one important note. I was having a problem for a while where, usually after waking from sleep, in some rooms my Wi-Fi card would disconnect and I'd have to reboot to get my network connection back. Based on journalctl, it seemed to be some sort of weird firmware error.

I found the fix was to install updated firmware, specifically the version of firmware-realtek from testing, upon which the problem has stopped ocurring. As firmware packages tend to not have a lot of dependencies, I do want to see if I can get a bookwork-backports package uploaded so it's easier to install.

 

I'm writing a program that wraps around dd to try and warn you if you are doing anything stupid. I have thus been giving the man page a good read. While doing this, I noticed that dd supported all the way up to Quettabytes, a unit orders of magnitude larger than all the data on the entire internet.

This has caused me to wonder what the largest storage operation you guys have done. I've taken a couple images of hard drives that were a single terabyte large, but I was wondering if the sysadmins among you have had to do something with e.g a giant RAID 10 array.

205
submitted 5 months ago* (last edited 4 months ago) by data1701d@startrek.website to c/linux@lemmy.ml
 

Another update: https://startrek.website/post/13283869 I found a fix for my issue. I'm annoyed that I had it in the first place, but I overall still like my laptop.

Important update in this post: https://startrek.website/post/14075369 I still consider this a good laptop, but this is an important fix if you're using this on Debian 12. When 13 comes out next year, the out-of-box support of this laptop should be basically perfect.

Anyhow, back to the original post: I recently got a brand new laptop, a Thinkpad 21JT001PUS, to consolidate/replace my array of various on-the-go-Linux devices, and I have to say, I'm impressed. I know Thinkpad and Linux aren't news, but for such a recent device, I am surprised how well it works. The price wasn't bad (which makes up for the fact that it's a Zen 3 chip with DDR4, in my opinion), it has good upgradability (I'll touch a bit on my experience later), and hardware support was really good.

I initially tested hardware support with Debian Testing Trixie XFCE (as that was the Live USB I happened to have on hand, since I often test devices and also keep it around as a backup for my desktop, which runs Testing). At first I couldn't get it to boot, but then I found the BIOS setting to enable non-Microsoft certificates. After that, I booted in and found everything worked out of the box (except the fingerprint sensor, of course, but that's extremely rare for any laptop anyway). However, after experience with my previous portable devices, I learned I prefer stable distributions on those, as during some parts of the year, I can go months without opening the laptop.

Thus, I retested with Bookworm. Almost everything worked still, except for the Wi-Fi (which seems to have been introduced in later kernel versions). Luckily, this thing has an ethernet port (From which it is HECK to remove cables - I've found I had to twist the end up a bit to get it out), so I was able to do an install and then add the Backports kernel to get Wi-Fi working.

One minor issue I had (a software fault rather than a hardware/kernel one) was Bluetooth headphones, but as it turned out, it was just that PulseAudio was installed instead of Pipewire, so after switching, it worked flawlessly with Blueman).

As for battery life, so far it seems okay (as I write this, it says 3:29 left at 51%), but I haven't rigorously tested it yet (though I threw on the usual tlp and stuff like that for good measure).

For performance, I once again haven't tested it too rigorously, but I did play some Civ VI, which it was keeping up with just fine.

The upgrabability of this laptop does have one caveat, though. The bottom is a bother to remove, and most Youtube crap conveniently glosses over them. For one, some of the screws would get loose but not come out all the way. I eventually found the trick was to throw some pry tool under the screw head to hold it up so I could get it the rest of the way out. After they were all out, the bottom cover STILL wouldn't budge. This too ended up being a matter of jamming a pick in one corner of the case and running another one to slowly pry up the bottom case on all sides. I lost a plastic tab or two in the process, but that doesn't show up on the outside, and I think 24 GB of RAM (and 2 TB of NVME 2280 storage + 256 GB, the Windows drive that I left in the 2242 bay) will be plenty for a long time.

Overall, I would say this is a great laptop for those who don't want to go the route of purchasing a used laptop for Linux. I'll say an 8.5 out of 10 due to the hard-to-remove bottom cover and weird ethernet port (Update: 8 out of 10 now due to the nasty Wi-Fi bug I had to fix with a few module options, see posts linked in top of page).

Here's the Linux Hardware probe: https://linux-hardware.org/?probe=1e50fb1862

view more: next ›