General Linux Chat and Small Questions v. I broke my Arch Install - Hardware & Software

I just made a couple of bash scripts [vid]http://dev.novaember.com/s/13-11-15_17-12-00_158809865.webm[/vid] [editline]15th November 2013[/editline] and it works when I'm not attached to irssi etc [img]http://dev.novaember.com/s/13-11-15_17-17-26_244284384.png[/img]

I finally got unicode to work, I have no idea why you need to actually set a locale, but you do Everything except sublime is also nice enough to not give a fuck about warning you on the default value of "C" I also finally figured out what was wrong with my graphics drivers, I forgot lib32-ati-dri apparently, the joy of 64 bit, now I can experience the opensource drivers in all their artifacting glory, starting with the UI [editline]15th November 2013[/editline] Jesus fucking christ sublime is completely unusable like this, the text rendering is a trainwreck and its artifacting to hell and back

[QUOTE=lavacano;42868354] • If you don't like a certain part of it, you can't drop in a replacement. For instance - the wireless network manager [b]absolutely fucking sucks.[/b] You have to prefix WEP keys with \", you can't tell it to auto connect to a specific network (so people who only connect to one or two networks every day are screwed over), and you absolutely have to make a profile for every network you connect it to (which leaves out the guy who has to do all his work in various coffee shops). It's convenient for literally nobody. Why haven't I switched it out for wpa_supplicant? Because I can't. There is no way to disable the network manager component.[/QUOTE] This is news to me. I use systemd on Arch, but use wicd for all of my network management (which is super easy). Is this an Arch-specific patch that allows this? Is wicd wrapping systemd to make it easier to use? I've never had a bad experience with systemd, but I also don't have much experience with other init scripts. [editline]15th November 2013[/editline] In fact I can't find any mention of this on the Arch wiki either. The only place where systemd is used for networking is when it's working as a startup script for launching other services like wicd or wpa_supplicant, which is the main purpose of systemd.

[QUOTE=supervoltage;42851204]WINE - Wine Is Not an Emulator It's a compatibility layer which allows Windows programs to understand the Linux kernel.[/QUOTE] Did you know that WINE originally stood for WINdows Emulator? [url]http://www.faqs.org/faqs/windows-emulation/wine-faq/[/url]

I think I broke everything, woo Hint: dont run out of root space during a pacman -Syu [editline]15th November 2013[/editline] It seems I could recover without dying by just clearing enough space and running the command again

[QUOTE=HueyFreeman;42874299]Did you know that WINE originally stood for WINdows Emulator? [url]http://www.faqs.org/faqs/windows-emulation/wine-faq/[/url][/QUOTE] Then it ended up being Not an Emulator instead.

Holy shit this is a lot nicer after rebooting, cinnamon doesnt look like turd, DPI scaling issues are fixed, better font rendering from what I can tell Also the artifacting that dissapeared after the update is back, sublime looks like sweet bro and hella jeff again, woo 3.12.0-1 kernel [editline]15th November 2013[/editline] It stops artifacting if you run glxgears once Not even suprised

do any of you guys know how I can apply a .p12 certificate systemwide on Arch running Cinnamon? I can add them into the browsers themself, but then they only apply for that specific browser. stuff like chat applications and pretty much everything going through https won't work without my private certificate.

[QUOTE=PredGD;42875228]do any of you guys know how I can apply a .p12 certificate systemwide on Arch running Cinnamon? I can add them into the browsers themself, but then they only apply for that specific browser. stuff like chat applications and pretty much everything going through https won't work without my private certificate.[/QUOTE] Pretty sure certificates go to /usr/share/ca-certificates or /usr/share/certs

[QUOTE=mastersrp;42875314]Pretty sure certificates go to /usr/share/ca-certificates or /usr/share/certs[/QUOTE] dropped my .crt in /usr/share/ca-certificates without much luck. still not letting me go to google or facebook (https) [editline]15th November 2013[/editline] also, how do I change fish colors? been searching around for a while but not finding anything. kinda miss how easy it was with zsh

[QUOTE=PredGD;42875387]dropped my .crt in /usr/share/ca-certificates without much luck. still not letting me go to google or facebook (https) [/QUOTE] Those domains are [URL="http://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state_static.json?view=markup&pathrev=147665"]pinned[/URL], You can't MITM them while using chrome.

[QUOTE=benjojo;42876815]Those domains are [URL="http://src.chromium.org/viewvc/chrome/trunk/src/net/base/transport_security_state_static.json?view=markup&pathrev=147665"]pinned[/URL], You can't MITM them while using chrome.[/QUOTE] what exactly does that mean? :v:

After adding in your cert, you have to run update-ca-certificates The certs for Google and Facebook are built into the browser (pinned), so you can't use your own cert if you're trying to MITM those sites.

Gnome's getting more and more grandma friendly, I'm liking it. Their extension system is actually pretty cool: [vid]http://farmpolice.com/content/videos/441f9630.webm[/vid] Instantly enable and disable extensions that can drastically change your desktop environment.

[QUOTE=Naelstrom;42879472]Gnome's getting more and more grandma friendly, I'm liking it. Their extension system is actually pretty cool: [vid]http://farmpolice.com/content/videos/441f9630.webm[/vid] Instantly enable and disable extensions that can drastically change your desktop environment.[/QUOTE] Enlightenment's been able to do that for years :v: Okay, well, been able to enable/disable modules that can substantially change your desktop at will. But the on the fly downloading wasn't a thing, sadly.

[QUOTE=Naelstrom;42879472]Gnome's getting more and more grandma friendly, I'm liking it. Their extension system is actually pretty cool: - Wibbly wobbly timey wimey windows - Instantly enable and disable extensions that can drastically change your desktop environment.[/QUOTE] With the right extensions, it's honestly the only DE I would use, but being a little more lightweight would be great.

[QUOTE=Stonecycle;42879501]With the right extensions, it's honestly the only DE I would use, but being a little more lightweight would be great.[/QUOTE] you can strip away a lot and make it lightweight(-er)

[QUOTE=nikomo;42877134]After adding in your cert, you have to run update-ca-certificates The certs for Google and Facebook are built into the browser (pinned), so you can't use your own cert if you're trying to MITM those sites.[/QUOTE] just did that, and it said that none had been added or removed. everything but facebook and google works, so that sucks. how exactly would I get past this pinned thing so I can access the sites?

crossposting from [url=http://facepunch.com/showthread.php?t=1325413]this thread[/url] I made yesterday: So I've finished my netcat notify-send thing: notify-send for the server: [code] #!/bin/bash ( echo -e "$1\001$2" > /tmp/notifications ) & [/code] notifyd for the server: (run this in the background) [code] #!/bin/bash FILE=/tmp/notifications [ -e "$FILE" ] && rm -rf "$FILE" touch "$FILE" while :; do tail -f /tmp/notifications | nc -lp 2000; done [/code] notifyc for the client: [code] #!/bin/bash # while :; do nc novaember.com 2000 | while read header; do read body; notify-send "$header" "$body"; done; sleep 1s; done while :; do IFS="`echo -e "\001"`" nc novaember.com 2000 | while read -ra notification; do notify-send "${notification[0]}" "${notification[1]}" done sleep 1s done [/code] It should automatically try to reconnect, and notifications will stay on the server until there's a client available. Downsides are that you can't use newlines in notifications and it's insecure (everyone has access to the notifications stream, though only one client can be served at a time.) Also, is editing posts broken for someone else?

[QUOTE=PredGD;42881019]just did that, and it said that none had been added or removed. everything but facebook and google works, so that sucks. how exactly would I get past this pinned thing so I can access the sites?[/QUOTE] Why the hell do you need to do that? Are you MITMing yourself? You could use a browser that doesn't have the certificates built-in, or you could grab the source code, remove the functionality and build it.

[QUOTE=nikomo;42882039]Why the hell do you need to do that? Are you MITMing yourself? You could use a browser that doesn't have the certificates built-in, or you could grab the source code, remove the functionality and build it.[/QUOTE] not trying to perform a MITM attack on myself or anything. using a paloalto firewall at home and I need a certificate installed on my pc to access most https websites and things using https. [editline]16th November 2013[/editline] so uh yeah, it's kinda essential to have my certificate installed so I can use my arch install properly. really annoying to use alternatives like bing when trying to search for something.

Turn off the functionality that MITM's SSL connections. Having a firewall in the middle break the connection like that isn't exactly safe and secure. If someone got into the firewall box, they could observe all traffic, even SSL traffic, going through.

[QUOTE=nikomo;42882555]Turn off the functionality that MITM's SSL connections. Having a firewall in the middle break the connection like that isn't exactly safe and secure. If someone got into the firewall box, they could observe all traffic, even SSL traffic, going through.[/QUOTE] I'm not in charge of that firewall and what you're saying is scaring the living shit out of me right now :v: my stepfather is the one in control of it, and the day we got it he told me to install his certificate on my computer so things would "work". I've always had a tiny suspicion that he might have been monitoring everyones network traffic, and what you're saying is kind of confirming that thought. think I'll live without google or facebook than being worried of all of my accounts being compromised or my mails read through.

[QUOTE=PredGD;42882684]I'm not in charge of that firewall and what you're saying is scaring the living shit out of me right now :v: my stepfather is the one in control of it, and the day we got it he told me to install his certificate on my computer so things would "work". I've always had a tiny suspicion that he might have been monitoring everyones network traffic, and what you're saying is kind of confirming that thought. think I'll live without google or facebook than being worried of all of my accounts being compromised or my mails read through.[/QUOTE] Get a VPN, so he can kiss your ass. Compromising HTTPS Security is always alarming, when it doesen't come from yourself. HTTPS is there for a reason. [editline]16th November 2013[/editline] Also, if you assume he supposedly monitors HTTP/HTTPS traffic, I'd really recommend that you encrypt your harddisks. If he knows how to monitor your network traffic, then he surely has the ability to boot your PC/Laptop with a Linux CD, and snoop around it. Just a suggestion. [editline]16th November 2013[/editline] Basically if he knows that you are using a VPN, (because he only sees encrypted traffic from your PC), then you could assume that he would get access to your harddisk using a Linux CD, and copy the Chrome/Firefox profile, containing cache, history, cookies and everything, to see what you are up to.

[QUOTE=kaukassus;42882771]Get a VPN, so he can kiss your ass. Compromising HTTPS Security is always alarming, when it doesen't come from yourself. HTTPS is there for a reason. [editline]16th November 2013[/editline] Also, if you assume he supposedly monitors HTTP/HTTPS traffic, I'd really recommend that you encrypt your harddisks. If he knows how to monitor your network traffic, then he surely has the ability to boot your PC/Laptop with a Linux CD, and snoop around it. Just a suggestion. [editline]16th November 2013[/editline] Basically if he knows that you are using a VPN, (because he only sees encrypted traffic from your PC), then you could assume that he would get access to your harddisk using a Linux CD, and copy the Chrome/Firefox profile, containing cache, history, cookies and everything, to see what you are up to.[/QUOTE] proxies, VPN's and the like are disabled. I'd love to get a VPN but I can't connect due to his restrictions. I'll get to encrypting my HDD and SSD

Ooooooook, your stepfather is definitely monitoring your shit.

[QUOTE=PredGD;42882893]proxies, VPN's and the like are disabled. I'd love to get a VPN but I can't connect due to his restrictions. I'll get to encrypting my HDD and SSD[/QUOTE] [del]AFAIK, you can't completly block all VPN connections.[/del] Completly blocking VPN's is impossible. If your stepfather could, then he got a better firewall, than the great firewall in china. If you want to completly block all VPN's, then you need to reject all inbound and outbound connections on any port. AKA the same as pulling the plug on your network modem.

[QUOTE=kaukassus;42882964][del]AFAIK, you can't completly block all VPN connections.[/del] Completly blocking VPN's is impossible. If your stepfather could, then he got a better firewall, than the great firewall in china. If you want to completly block all VPN's, then you need to reject all inbound and outbound connections on any port. AKA the same as pulling the plug on your network modem.[/QUOTE] yeah, I found a VPN which isn't blocked (their website isn't at least). Hidemyass though, is for example blocked so I can't use that. the one I'm thinking of buying right now is StrongVPN. any thoughts on that one?

[QUOTE=PredGD;42882999]yeah, I found a VPN which isn't blocked (their website isn't at least). Hidemyass though, is for example blocked so I can't use that. the one I'm thinking of buying right now is StrongVPN. any thoughts on that one?[/QUOTE] You could also buy a cheap VPS, and set up your own private VPN. I am currently Cyberghost, since I am too lazy to set up a VPN myself.

[QUOTE=PredGD;42882999]yeah, I found a VPN which isn't blocked (their website isn't at least). Hidemyass though, is for example blocked so I can't use that. the one I'm thinking of buying right now is StrongVPN. any thoughts on that one?[/QUOTE] Personally I'd just buy a cheap VPS and use that as a VPN, just make sure to secure it.