<riteo>
I guess you were kinda right regarding vlans
<riteo>
I got told at school that they're not a security feature, and they're not strictly speaking, but they kinda help like a lot
<riteo>
also like new vlan-aware thingies are a lot more sturdy compared to old ones so probably that's also like outdated or something
<riteo>
so yea, I owe you an apology ig
<kris_>
no need for an apology
<kris_>
im curious what they told you
<riteo>
yea that it's simply not a security feature and that you should use firewalls instead
<riteo>
and I actually found a wikipedia reference from the 90s that has "VLANS ARE NOT A SECURITY FEATURE" prominently displayed on top of the page
<kris_>
id say they are a security feature
<kris_>
it just depends on your handling
<riteo>
maybe in the past they were less sturdy
<kris_>
the literal purpose is to have things split into multiple LANs with different subnets
<riteo>
yea that makes sense
<kris_>
generally you don't have cross vlan routing though
<kris_>
like i have two vlans right now and they can't communicate as dictated by the firewall
<kris_>
there are a lot of moving parts here though, your switch has to tag traffic appropriately
<kris_>
and the router decides what can interact between vlans
<riteo>
i see
<riteo>
also fun fact, my very expensive ISP router apparently can't do vlan
<riteo>
and I can't get fresh openwrt on it because fcking broadcom
<riteo>
that's how I got into the rabbit hole
<riteo>
I mean we have a crapton of IoT stuff into our net so it's not like it's safe, but I'm not sure how to go forwards with the thin client public-facing server plan
<kris_>
yeah most of them can't handle vlans
<kris_>
if that's what you want, buy a generic x86 box and put a network card in it and route with that
<kris_>
imo
<kris_>
mine is an HP T740 thin client, has low profile pcie
<kris_>
what you should be doing is splitting as much stuff off into vlans as possible and not having any inter-vlan traffic
<kris_>
*once you're able to
<kris_>
you also need a switch that will tag your traffic appropriately, most should be fine
<kris_>
and if using wifi, an AP that is vlan aware
<kris_>
god dammit
<kris_>
i don't know what possessed me to do a glibc install of void on my server but i'm about to nuke it again to fix that oversight lmao
<kris_>
not sure i even noticed which iso i put on my flash drive
<midfavila>
>broadcomlet
<midfavila>
tsk tsk tsk
<kris_>
hi mid
<midfavila>
:3c
<midfavila>
:3ccccccccccccccccccc
<sewn>
:<
<kris_>
gm sewn
<kris_>
how is everyone
<sewn>
gm kris
<sewn>
it is the weekend
<kris_>
it do be
<kris_>
im getting my local server moved over to musl
<sewn>
yaya
<kris_>
that means my laptop is the last thing i have on glibc
<sewn>
it got approved but became stale because ?????????????????????????????????
<kris_>
github just does that automatically
<sewn>
yeah but the shit was approved its stupid
<kris_>
ik
<kris_>
i feel your pain
<sewn>
i still have it on chimera
<kris_>
i'm running my own build of musl right now because void is still on 1.1.24 lol
<sewn>
honestly i think i might move to void
<sewn>
but
<sewn>
the updates
<sewn>
oh man the updates
<sewn>
its so fucking slow
<kris_>
i think it just depends on how you look at it
<kris_>
"when will XYZ be updated" is a bad question in the context of void
<kris_>
people work on stuff when they feel like it and that's kinda just the end of it
<kris_>
loosely directed anarchy
<sewn>
and i dont like that
<kris_>
but honestly what put me off of chimera was going into their irc to ask a few questions
<kris_>
i didnt like the responses i got so i bailed immediately
<sewn>
ooh hold on when was that
<kris_>
idk like a year ago probably
<kris_>
nekopsykose really pissed me off so i left
<sewn>
oh
<sewn>
oh yeah
<sewn>
psykose used to be a prolific alpine developer
<sewn>
or maintainer
<kris_>
yeah, it tracks
<kris_>
at least in my mind
<sewn>
but then took a break went to chimera and now another break
<sewn>
and i think the amount of stress got to her or something
<sewn>
shes mean
<sewn>
anyway are you
<sewn>
kris_ on oftc
<kris_>
no
<kris_>
i dont hafe oftc
<sewn>
then...??
<sewn>
chimera was on oftc
<sewn>
what
<kris_>
i know, i joined just for that one question and left
<kris_>
everything else is on libera
<sewn>
yeah i know
<sewn>
where
<sewn>
what was your username
<kris_>
its been a year sewn i have no idea
<sewn>
cmon try to remember
<kris_>
potentially kris
<sewn>
'kris' 0 results
<kris_>
potentially kris_
<kris_>
potentially krum
<sewn>
wait krum sounds familiar
<sewn>
but no results
<kris_>
oh man i sure hope krum doesnt sound familiar
<sewn>
i swear ive heard it somewhere
<kris_>
i mean you might have seen that when we played cs2
<kris_>
thats my name on steam
<sewn>
o maybe
<sewn>
were you kanyck?
<kris_>
no
<sewn>
then thats all i got
<sewn>
try to rememmebmembembembemrbmmrbem
<sewn>
were you a guest
<kris_>
the question i asked was what is their policy on non-free software in the repos
<kris_>
i might have been lmao idk
<sewn>
no results for that, nonfree, and propietary
<kris_>
well theres no way for me to answer that question so
<kris_>
sewn you would be a roblox player
<kris_>
:p
<sewn>
hm?
<kris_>
oh nothing i just looked at your github and saw vinegar pinned
<sewn>
i mean yeah i maintain vinegar
<kris_>
i miss the vinegar days
<sewn>
we have sober now
<kris_>
yeah i know, i just don't want to use it
<sewn>
propietary?
<kris_>
actually while you're here i do have a question about that
<kris_>
is there a reason it's not on flathub
<sewn>
its on flathub now
<kris_>
oh
<kris_>
that changes things
<sewn>
lmao
<kris_>
the proprietary thing does bother me a little bit yeah but roblox is also proprietary so like whatever
<sewn>
we have our reasons to make it propietary
<kris_>
nah i get that
<kris_>
like 100% it's fine
<sewn>
lol
<kris_>
roblox is a pita to deal with
<sewn>
i didnt expect you to be a roblox player tbh
<kris_>
oh im an OG
<sewn>
since?
<kris_>
itdobehappen is my username
<sewn>
nice avatar lmao
<kris_>
my oldest account that i still have access to is from 2010 i think
<kris_>
christopher221
<sewn>
2025 join date
<kris_>
and yes i spelled my own name incorrectly
<kris_>
what??
<sewn>
oh wait nvm
<sewn>
i looked at the wrong person
<sewn>
ok now your avatar is boring
<sewn>
its censored for some reason
<sewn>
2011 damn
<kris_>
i had a big ass vending machine on my body with like doritos logos on it and stuff
<kris_>
so i think that got like copyright striked
<sewn>
i think thats gone yea
<kris_>
since sober is on flathub now i might get back into it
<kris_>
ive been missing playing the conquerors
<sewn>
well lmk
<sewn>
i might join u
<kris_>
i gotta get back on phantom forces and flex my vet tag
<sewn>
i dont ever play roblox (obviously}
<sewn>
oh
<sewn>
phantom forces is dying
<kris_>
not surprising, its ancient
<sewn>
no
<sewn>
like
<sewn>
not dying as in less people playing cuz old
<sewn>
less people cuz the developers dont care about the players
<sewn>
and pedophiles within the servers
<kris_>
yeah i know they dont care
<sewn>
they changed the movement mechanics
<kris_>
i used to hang out with lito a bit back in like 2012
<kris_>
when call of robloxia was the thing
<sewn>
god damn
<kris_>
he was such an asshole back then
<sewn>
lmao
<kris_>
i wouldnt be surprised if nothing has changed
<sewn>
im suprised
<sewn>
well ill send you a req in the meantime
<kris_>
you're making me feel old
<kris_>
and i'm only 23
<sewn>
because you are
<sewn>
anyhoo
<kris_>
nuh uh
<sewn>
we will play games unite some time then
<sewn>
its like a cs clone
<kris_>
yeah ill check it out
<sewn>
theres tons of good games on roblox but i just stopped caring
<kris_>
but on the note of void, the real reason i'm so hard stuck here is because eveyr time i try something else i get burnt immediately
<kris_>
ive been running void for like 3.5 years and have nothing but good things to say
<sewn>
o yea
<sewn>
whats your username
<kris_>
so its kind of just my debian now
<sewn>
on
<sewn>
irc
<sewn>
cmon i gotta find out
<kris_>
dude i can't even remember this morning
<kris_>
let alone an irc nick i randomly chose from a year ago
<sewn>
any keywordss
<kris_>
no
<kris_>
i meant that literally, i can't remember this morning
<sewn>
gah
<kris_>
so a year ago is not going to happen
<sewn>
alright then
<sewn>
i might switch to void for the fun of it
<kris_>
fried my brain with way too much drug use
<kris_>
my memory went with it
<sewn>
obviously ill be using turnstile cuz its that good
<kris_>
i still havent tried turnstile
<kris_>
im using elogind
<sewn>
blegh
<kris_>
i wonder about sobers performance
<sewn>
better than windowsw
<kris_>
vinegar was already on par with windows for me
<kris_>
as far as i could tell anyway
<kris_>
with vulkan
<sewn>
its my honor
<kris_>
is studio included with sober or is that still via vinegar
<sewn>
vinegar is now studio only obviously
<sewn>
sober is player only
<kris_>
ahokay
<sewn>
both use copmletely different technologies
<sewn>
and codebases that cant be interchangable
<kris_>
time to waste way too much time modeling things in roblox studio
<kris_>
ive tried to make a game like 5 times and always end up getting into an argument with the other devs
<sewn>
studio is kinda shit on wine
<kris_>
oh it absolutely fucking is
<sewn>
lmfao
<kris_>
studio kept me on windows for a long time
<kris_>
lol
<sewn>
you werent even a actaul game developer what needed you to use windows
<kris_>
mouse bugs on wayland
<kris_>
at the time
<sewn>
oh pfft
<kris_>
and fwiw we got very close to finishing a runescape clone for roblox
<kris_>
until we got into an argument on cs:go and he blocked me
<kris_>
tis a shame
<sewn>
shame indeed
<kris_>
ive always only done modeling, 3d modeling is kinda one of my non-linux hobbies
<sewn>
i used to do that when i was young
<kris_>
it seems like kids on roblox these days only want low poly trash though
<kris_>
with bright colors
<sewn>
there are still gems
<kris_>
wtf is phantom resistance
<kris_>
is this a zombies pf
<sewn>
yep
<sewn>
its not worth it
<sewn>
dont bother with stylis lol
<kris_>
aaaa tinyramfs is so refreshing
<kris_>
compared to dracut, i mean
<sewn>
why bother though
<sewn>
just make custom kernel
<kris_>
abnormal encryption setups is why i bother
<sewn>
wha?
<kris_>
luks headers that may or may not exist
<kris_>
and generally i ssh into my initramfs so i can decrypt my server remotely
<kris_>
and usbguard for that decryption
<sewn>
what the
<sewn>
huh?????
<kris_>
:p
<sewn>
explain
<kris_>
explain what lol
<sewn>
that whole thing
<kris_>
without luks headers, luks encrypted partitions cannot be decrypted by any known technology
<kris_>
and it can't even be proven that data exists on that disk at all
<kris_>
dropbear in the initramfs so you can decrypt server boot drives without having to get out a monitor and keyboard for it
<kris_>
usbguard so devices you haven't explicitly allowed cannot function
<kris_>
useful for things like those little in-line keyloggers
<kris_>
i'm still looking for sensible ways to tie my luks keys to my motherboard
<kris_>
so given like a clone of the disk or something, it can't be unlocked
<kris_>
unless it's paired with its motherboard
<kris_>
i need to write some hooks for tinyramfs sooner than later though to get all of this working, it's fine with dracut but i cannot stand dracut
<sewn>
mew
<kris_>
at some point i should set up an xbps mirror
fultilt has quit [Quit: Leaving]
<kris_>
crazy thing, ovh will no longer sell americans vps' that are in europe or canada seemingly
<kris_>
which is just such a shame
ilt_m has joined #kisslinux
ilt_m has quit [Remote host closed the connection]
ilt_m has joined #kisslinux
ilt_m has quit [Remote host closed the connection]
<sewn>
kris_: oh don't buy from the big guys for a vps
<sewn>
you can scour for really good vps deals lol
<sewn>
if you need I can give a resource I used to get a vps
<ilt>
kris_: why not put your keys into the TPM? unless you are afraid of NSA backdoors, tpm can give you integrity checks for free
<ilt>
also it's worth looking into dm-integrity. however it's not intended to protect against malicious actor, its goal is to make disk failures easier to detect
raph_ael has quit [Ping timeout: 248 seconds]
raph_ael has joined #kisslinux
farkuhar has joined #kisslinux
fultilt has joined #kisslinux
zlg has joined #kisslinux
tylerdq has joined #kisslinux
<kris_>
ilt i do use dm-integrity with my lvm raid array on my server
<kris_>
and on the note of the TPM- ive been thinking about that, but i don't want automatic unlocking
<kris_>
so what i'd probably have to do is stage it, have the tpm unlock /boot and then the initramfs there handle root
<kris_>
sewn at the moment i'm with hetzner
<kris_>
which has been less than ideal but it's better than people like vultr