The Linux Thread - The Autist's OS of Choice

He Who Points And Laughs

Flavortown Refugee
kiwifarms.net
I too am a man of culture and enjoy nano with slightly better shortcuts and menus
The menus are what annoyed me. Everything in nano is simply a keystroke combination, explained at the bottom. ctrl o to save, ctrl k to delete, ctrl x to exit, ctrl w to find (where)... nano is a thing of beautiful elegant simplicity.
 

He Who Points And Laughs

Flavortown Refugee
kiwifarms.net
All I can say is stick with it. I used to think the Enlightenment & the *box WMs (blackbox, openbox,fluxbox) were the closest "feel" to *nix, now I am completely sold on the tiling window managers, with i3 being my absolute favorite. The configuration file ( ~/.config/i3/config) can be adjusted as needed and a simple mod+shift+r will reload it.

There's a trio of videos on Youtube for configuring i3wm. If you haven't watched them yet, I do recommend them. Here's the link to 1/3.
 
  • Informative
Reactions: Yotsubaaa

Coffee Anon

kiwifarms.net
I plan to purchase a 16 core machine and want to compartmentalize things into VM guest OSs, like having a work guest, gaming guest, shitposting guest, COOMing guest, etc... Sort of like Qubes OS in spirit but not technically. I would be using KVM instead of Xen and not virtualizing every program.

Is there any point in using a hardened kernel for the hypervisor? I'm thinking there isn't since it just gives a chunk of memory to each VM guest. I'm guessing a hardened guest OS is more important, and so was thinking of using Alpine for most of the Linux guests.

I'm also thinking of disabling kernel modules, remote SSH, and maybe even the package manager for the host OS, so it's basically unmodifiable without physical access to the M.2 drive. Should the firewall be run at the host level? I have very little experience with VMs outside of VirtualBox.
 
Last edited:
  • Like
Reactions: Ahriman

He Who Points And Laughs

Flavortown Refugee
kiwifarms.net
If you keep your install updated, that *should* be good enough. Hardened isn't necessary. It also can create a lot of headaches. Keep up to do with security announcements. The GLSAs are a good place to watch.
 
  • Informative
Reactions: Coffee Anon

a_lurker

kiwifarms.net
I'm also thinking of disabling kernel modules, remote SSH, and maybe even the package manager for the host OS, so it's basically unmodifiable without physical access to the M.2 drive. Should the firewall be run at the host level? I have very little experience with VMs outside of VirtualBox.

You could run a firewall on the host and the guests as well, in the event a guest is compromised and starts launching attacks on the other virtual machines?

Unless the host is 'technically" offline (each vm has a dedicated network card that is assigned to each vm and the host doesn't actually have any internet facing connection) I'd say you probably want a firewall if you're really going for lockdown.


I mean, its a good project to learn and get some experience, but it sounds as if you may be a tin foil enthusiast or are gonna be doing some "interesting" shit.

if you go team blue turn off hyperthreading, SMT (zombieload,etc) attacks can grab info from other guests or the host.
 
Last edited:
  • Thunk-Provoking
Reactions: Coffee Anon

Coffee Anon

kiwifarms.net
Unless the host is 'technically" offline (each vm has a dedicated network card that is assigned to each vm and the host doesn't actually have any internet facing connection) I'd say you probably want a firewall if you're really going for lockdown.
Hmm, I never thought of using PCIe passthrough for network cards, only for GPUs. Interesting idea but I think I would run out of slots. I will have to put more thought into this.

I mean, its a good project to learn and get some experience, but it sounds as if you may be a tin foil enthusiast or are gonna be doing some "interesting" shit.
I'm not up to anything naughty. Posting here is about the most "interesting" shit I would be up to. I do think that may eventually be considered reason enough in the minds of certain NGOs and (depending on elections) government agencies to dox/shame/imprison in the near future though, if that's not the case already. There's a reason I created my account through, and only log in with, the Tor hidden service version of this site. I guess that opinion would put me in the tin foil enthusiast camp?

I am of the opinion that opsec is something the average person should learn to be proficient with, if only to defend against cyber criminals.

I know all about hyperthreading issues with Intel. Some (Theo de Raadt) think all hyperthreading should be turned off until proven secure. By "16-core machine" I was implying either a Ryzen 3950x or 2nd gen Threadripper. I'll have to weigh the pros and cons, and I think 3rd gen Threadrippers will be out of my budget, even though they would be ideal for what I want to do.

If I was rich I would buy a Talos II but I'm not rich. Also, that would preclude using a Windows server 2016 guest for muh gaymin'.
 

Vecr

"nanoposts with 90° spatial rotational symmetries"
kiwifarms.net
Hmm, I never thought of using PCIe passthrough for network cards, only for GPUs. Interesting idea but I think I would run out of slots. I will have to put more thought into this.



I'm not up to anything naughty. Posting here is about the most "interesting" shit I would be up to. I do think that may eventually be considered reason enough in the minds of certain NGOs and (depending on elections) government agencies to dox/shame/imprison in the near future though, if that's not the case already. There's a reason I created my account through, and only log in with, the Tor hidden service version of this site. I guess that opinion would put me in the tin foil enthusiast camp?

I am of the opinion that opsec is something the average person should learn to be proficient with, if only to defend against cyber criminals.

I know all about hyperthreading issues with Intel. Some (Theo de Raadt) think all hyperthreading should be turned off until proven secure. By "16-core machine" I was implying either a Ryzen 3950x or 2nd gen Threadripper. I'll have to weigh the pros and cons, and I think 3rd gen Threadrippers will be out of my budget, even though they would be ideal for what I want to do.

If I was rich I would buy a Talos II but I'm not rich. Also, that would preclude using a Windows server 2016 guest for muh gaymin'.
I passed though a Wi-Fi card once, so it should work, depending on how your PCI slots are grouped.
 
  • Informative
Reactions: Coffee Anon

FigMePhilthy

Weapons Grade Autism
kiwifarms.net
Setting up iptables with the stateful out chains would be safe enough on each host. It only permits outbound traffic sourced from the host. No inbound unless a session is present.
 

sadrabbit

kiwifarms.net
Using ubuntu with i3 for every day stuff, and in the middle of setting up kali on a vm. I'm actually wondering if I should go about trying black arch though (never used arch based anything before so I'm a bit unsure).
 

He Who Points And Laughs

Flavortown Refugee
kiwifarms.net
Using ubuntu with i3 for every day stuff, and in the middle of setting up kali on a vm. I'm actually wondering if I should go about trying black arch though (never used arch based anything before so I'm a bit unsure).
BlackArch isn't as finely tuned as Kali for just an "out of the box" hacking platform. It comes with many more tools, but getting BlackArch as tuned as Kali takes a while. When I install Kali on a laptop, it's ready for use within hours (openvas-setup takes a couple hours alone). BlackArch Took me a bit longer to get everything set up, and because it's Arch, you have to manually tune things like your postgresql. Kali takes care of all of that.

All of that aside, Arch is a phenomenal distro. Pacman & Aur cover nearly everything. There are a few things I will grab from github, but most of it is in Aur.
 
  • Like
Reactions: Yotsubaaa

sadrabbit

kiwifarms.net
BlackArch isn't as finely tuned as Kali for just an "out of the box" hacking platform. It comes with many more tools, but getting BlackArch as tuned as Kali takes a while. When I install Kali on a laptop, it's ready for use within hours (openvas-setup takes a couple hours alone). BlackArch Took me a bit longer to get everything set up, and because it's Arch, you have to manually tune things like your postgresql. Kali takes care of all of that.

All of that aside, Arch is a phenomenal distro. Pacman & Aur cover nearly everything. There are a few things I will grab from github, but most of it is in Aur.
Ah I see, thank you. I would definitely like to try out arch in general. I have no problems with Ubuntu, but Arch's package manager does seem superior at a glance. I'm just unsure as to whether I would be able to maintain it or not. Either way, I think I'll wait until I can set aside some time to set it up for the first time.

As for Kali vs Black arch, I guess I'll stick with Kali first, and once I've had more experience with Arch, I'll try out BlackArch. Thanks again for the help.
 

He Who Points And Laughs

Flavortown Refugee
kiwifarms.net
Ah I see, thank you. I would definitely like to try out arch in general. I have no problems with Ubuntu, but Arch's package manager does seem superior at a glance. I'm just unsure as to whether I would be able to maintain it or not. Either way, I think I'll wait until I can set aside some time to set it up for the first time.

As for Kali vs Black arch, I guess I'll stick with Kali first, and once I've had more experience with Arch, I'll try out BlackArch. Thanks again for the help.
I used Kali for years before trying BlackArch. In general, I prefer Arch to Debian (which is what Kali... and Ubuntu and numerous other distros are based on), but Kali is just so well built for what it does. Had Kali decided to base their distro on Arch instead of Debian when they made the switch from BackTrack (which was Slackware based), I would have been extremely happy.

Because Kali is based on Debian, you'll be comfortable with it. apt install blah, apt-get update && apt-get dist-upgrade -y, apt autoremove -y, etc etc.
 

cecograph

kiwifarms.net
NixOS for both desktop and server. Much more information than this is dangerously close to my fingerprint.

Became dissatisfied with WMs when I realized I just work in a fullscreen Emacs most of the time anyway.
Have you tried EXWM? Cut out the middle-man entirely.
 

3119967d0c

رنج آمریکایی ها
True & Honest Fan
kiwifarms.net
How bad is systemd, really?
I know it's ugly, ungainly, and the Pottering approach is grating at best. It's not "Unix philosophy", but Linux is not Unix.
Isn't it better to perhaps direct systemd's development to a better place instead of trying to ditch it?

Also, thoughts on KDE5 vs older versions? never had any "krashes" with it.
Have you tried fvwm2 as a wm?
Nothing it does is necessary. I don't have a particular problem with the concept of a parallelized init system, like the excellent OpenRC on Gentoo. SystemD probably isn't the worst implementation of this. But immediately after they got that foothold, they started messing around where they should not be,. They are even trying to ruin networking now!

I haven't found newer versions of KDE post KDE3 to be any more stable than 3 (though 3 onwards was definately better than 1 & 2), but I don't think there's been any advance except for eyecandy.

Used everything from twm, to fvwm/fvwm95/fvwm2 back in the day, and later on BlackBox/OpenBox. My favourite non-tiling window managers back then were WindowMaker and Enlightenment, very different but both great for what they are- still pretty good choices. KDE3 era KWin was the apex as far as one that's part of a desktop environment for my money.
 

cecograph

kiwifarms.net
Also, you can run some games natively on Linux, such as Minecraft, and quite a few other inde games.
There's a shit ton of indie games on Steam that run on everything, I imagine because many of the technologies indie devs use have a decent Linux deployment story (games written in Unity, for instance).
 
Tags
None

About Us

The Kiwi Farms is about eccentric individuals and communities on the Internet. We call them lolcows because they can be milked for amusement or laughs. Our community is bizarrely diverse and spectators are encouraged to join the discussion.

We do not place intrusive ads, host malware, sell data, or run crypto miners with your browser. If you experience these things, you have a virus. If your malware system says otherwise, it is faulty.

Supporting the Forum

How to Help

The Kiwi Farms is constantly attacked by insane people and very expensive to run. It would not be here without community support.

BTC: 1DgS5RfHw7xA82Yxa5BtgZL65ngwSk6bmm
ETH: 0xc1071c60Ae27C8CC3c834E11289205f8F9C78CA5
BAT: 0xc1071c60Ae27C8CC3c834E11289205f8F9C78CA5
LTC: LSZsFCLUreXAZ9oyc9JRUiRwbhkLCsFi4q
XMR: 438fUMciiahbYemDyww6afT1atgqK3tSTX25SEmYknpmenTR6wvXDMeco1ThX2E8gBQgm9eKd1KAtEQvKzNMFrmjJJpiino