this puts a hole in your firewall
Indeed, thanks, I realized that shortly after posting it.
dig not supporting mdns
Yep you both are correct. Looking at it now, the result does actually warn me that I'm trying to send a regular DNS request to mDNS multicast address.
It just sort of happens to work correctly if you get a single reply
Yeah I guess it's a hack. To me it does not really matter because I'm just using it for wireguard, so the worst thing that could happen is that I would try to connect to a wrong host and the key exchange would fail.
libnss-mdns
The reason for why I'm doing this whole hack is that nss-mdns package is only available on glibc version of Void but I'm using musl, so it's really just hacks on top of hacks. I found a final solution though so that's nice (see final edit of post). Thanks for all your replies!
It's solved now. Basically what's happening is that I ask a multicast address on UDP port 5353 and get a response from different IP because the original IP was multicast. So my firewall blocks the reply, because it really isn't a reply like downloading a webpage. I solved it by filtering based on the source port. Meaning the reply has source port 5353 but on my machine it arrives at some random UDP port so I cannot really filter based on the destination port.
solution
undefined
-A OUTPUT -p udp -m udp --sport 5353 -j ACCEPT
Thanks for your help!
Well the musl C library does not have nss-mdns available. But it does not matter, I solved it now. Thanks anyways!
Edit 2: Actually dig picks a random port to send the mDNS request from and sends it to 224.0.0.251:5353 (multicast IP). The correct host then replies from port 5353 to the previously picked random port from dig. But I found that you can specify the port with dig -b IP#port so I think that should help. I kinda don't have the time to try it out currently though.
end of edit2.
well I randomly solved it by adding
undefined
-A OUTPUT -p udp -m udp --sport 5353 -j ACCEPT
Which basically means you are right. The destination port is just some randomly picked number (checked wireshark), so I have to filter based on source port, which is 5353.
Edit: Also thanks for your help!
It just times out so my thought was that it just blocks the reply.
Actually I don't have avahi installed. I only have some avahi-libs. I thought it's only needed on the computer who's IP I'm trying to get.
Huh weird. For me the first one works but the second one fails and returns an empty string.
I guess I should have specified that I'm on Void-musl. The reason why I'm doing this is because there is no NSS library on musl, so as far as I know you cannot automagically query hostnames on the network.
What ports do I need to open for mDNS?
EDIT: The bad solution is to unblock UDP port 5353 but the port has to be source port, not destination port. (--sport flag) See the now modified rules. The issue is that this is very insecure (see this stackexchange question and comments) but obviously better than no firewall at all because at least I'm blocking TCP traffic.
The proper solution (other than using glibc and installing nss-mdns package) is to open a port with netcat (nc) in the background (using &) and then listen with dig on that port using the -b flag.
bash
port="42069"
nc -l -p "$port" > /dev/null || exit 1 &
dig somehostname.local @224.0.0.241 -p 5353 -b "0.0.0.0#${port}"
Then we need to remember to kill the background process. The DNS reply will now be sent to port 42069, so we can just open it with this iptables rule:
undefined
-A INPUT -p udp -m udp --dport 42069 -j ACCEPT
---->END OF EDI
It's also likely that most of these signatures aren't even from graphic designers, just some people from Linux related forums.
Well the dev said that he does not care about the license. He wanted to create a coreutils alternative with better concurency using Rust as a pet project. He had even stated that he was not interested in the MIT vs GPL drama, yet people here were acting like children over it.
People think it's some kind of Canonical evil master plan, yet it's just some random dude slapping a license on his cool new code, without really thinking about it. Also this conspiracy does not make sense at so many levels. For one Canonical would shoot themselves into their foot if they created their own proprietary coreutils, because admins would not want to deal with non-portable scripts. Also there are already the BSD utils, so if they wanted to create their own fork, they would have already done that by now. They won't because they prefer free labor from FOSS devs.
If you link to GPL library, your software has to be GPL. You are confusing it with LGPL. Though you can bypass this by making the library its own standalone app. Like let's say FFmpeg which is just a frontend for libAV libraries. (ignore that these libraries are actually LGPL, so you can link to them.)
The author explicitly states that this is not the reason.
https://github.com/uutils/coreutils/discussions/4358#discussioncomment-8027681
Bruh instead of all this speculation, you guys could have just looked it up.
https://github.com/uutils/coreutils/discussions/4358#discussioncomment-8027681
I will give you one. You want to embed the coreutils in some other projects ie. a browser. But at that point it's cheaper for you to submit your modification upstream because you are making money selling the browser not by selling modified coreutils. Maintaining your own fork is not worth it once you make meaningful changes.
I think this is the reason why uutils are being funded by Big Tech and why they chose this license. (to get funded) correction: I only found that they are funded by the Sovereign Tech Fund and apparently the author is open to changing the license, they don't care (see video/presentation).
But yes, I agree this whole comment section is deranged. The reason why Ubuntu chose uutils is because of Rust's safety and because of speed. In some workloads (I think it's sorting) they totally smash the GNU counterparts.
For Ubuntu it does not make any sense to make a proprietary fork. You don't choose your OS based on its coreutils. If they added a new convenience flag for their proprietary grep, it would just make them look bad. Also skilled users would hate it because now their scripts would not be portable. Or if it were really that big of a gamechanger, the feature would get added to the other coreutils and Ubuntu would end up with nothing but bad reputation. Unless they made change to the underlying code for performance. Then it would be harder to implement in the other coreutils but as I said before, nobody would care. Faster and safer coreutils are a nice to have, not something people base their OS choice on.
Edit: added source to author's stance on license
It's not recommended because there are better options ie. Arch, not that it would be impossible to learn linux using Void. Arch simply has better documentation than Void. Which is important when you want to learn fast. My previous comments provided examples why the documentation is worse.
Btw arch wiki does provide documentation for runit but only on its runit page, not on every page that mentions managing a service.
Not talking about the quality of the software. I mean that some guide on Arch wiki will not work because some software expects systemd or the guide is just more difficult to follow with a system using runit. My point is that a new user does not have "the context", so for a new user Void is a worse way to learn linux quickly than Arch or honestly even Gentoo. Even Gentoo has its own wiki so it's likely that if an Arch wiki guide does not work for you, you will likely find the Gentoo specific detail on their wiki. You don't have such luxury with Void.
Ubuntu pro provides support after 5 years of standard LTS support. Linux Mint does not provide any support (paid nor free) after the first 5 years so the comparison does not really make sense.
People want to switch from baguettes to bread. So they get flour, water, yeast and salt and are asked to bake their own bread. "I never saw what was so hard about baking bread, the seller says." Well the issue is not the difficulty of baking bread. They simply don't want to spend time baking bread. They are used to going to the store to buy an already baked baguette.
I'd argue the demographic that writes posts about switching their OS is more likely to be happy switching to Arch than most of the people who switch. The way I imagine the average Linux noob is a university student who installed Ubuntu for their coding class.
For novices Void is worse because it does not have the Arch wiki. The Void Docs are brief and you will inevitably end up reading the Arch wiki anyways, except you will run into Runit specific bs.
It makes sense because if you are a veteran, you probably already have your workflow streamlined, so you don't need new software in the repositories.
Most efficient way to check kernel version of devices?
I'm considering using PostmarketOS on a tablet for a project. I need kernel greater than x.y.z (so far I know >3.0.1 works, <2.6.32 does not). However it's kinda difficult to find it on the wiki. Some devices specify kernel version (android a.b.c, kernel e.f.g), some only the android version (android a.b.c) and some neither.
I found that android version should correspond to a kernel version (https://android.stackexchange.com/questions/51651/which-android-runs-which-linux-kernel). But how do I check (in the least time consuming way) the kernel version of the devices that don't mention anything?
Thanks.
edit: I think I was looking for this answer: https://postmarketos.org/source-code/#linux-kernel
Custom mouse acceleration curve on Sway
Does anyone know how to set a custom mouse acceleration curve on Sway? man sway-input does mention mouse acceleration but unfortunately it's one of those "you won't learn anything new unless you already knew it before" type of manpage.
I also found this project https://github.com/N-R-K/leetmouse which I will probably use in the end but I would also like to hear if anyone of you has any experience with custom acceleration profile, in case there is a better way or whatever.
Edit: I will use leetmouse (different branch tho), because libinput's acceleration is not very good for gaming (see comments for sources)
Is there a kde-connect like VPN?
My issue is that many of my remote desktop apps require knowing the IP adress of the other PC. I'm looking for a VPN that auto-discovers other devices on the same network. That way I could just "ssh" into the same IP every time, because it would be IP inside of a virtual network. Ideally I am looking a solution that does not require internet connection.
Thanks.
Edit: I should probably specify my usecase. I have a portable desktop and use VNC from a laptop to connect to it. To do that I need the IP of the desktop but that's different on a different network. This can be solved by using hostname.local as the "IP". (hostname is the "ubuntu" in "bob@ubuntu$:~/Documents") The solution is quite simple, I just haven't known about it.
Thinkpad X200 Tablet stylus brokie on Void Linux
Edit: Solved according to this: reddit
Obviously Void has no systemd service but I just created a script service containing a single line isdv4-serial-inputattach /dev/ttyS0 --baudrate 19200. The serial communication often crashes but runit automatically restarts it so that's fine. Also 6.6 kernel is kinda buggy but 6.10(custom compiled) and 6.1(from void's repo) work fine. Yeah and don't forget to enable the ttySx service otherwise it cannot work.
I cannot get sway to detect my tablet device on Void Linux installed on a Thinkpad X200 Tablet. Anyone knows how to fix it? I have both libwacom and xf86-input-wacom installed. It worked fine on Debian.
Now when I think about it, I don't have libwacom-32bit installed, because I'm using musl library which is 64bit only. That might be the issue considering how old my hardware is. I'm going to try to investigate but I'm going post this here anyway
Change the panning keybind in Zathura
The manual mentions that by default you can pan by holding middle click but my tablet does not have one, so I would like to change it to left click. Anyone knows how to do it? Thanks.
SOLVED: Best QEMU graphics settings for intel GMA4500?
Edit with solution: I'm dumb. Just use the default quickemu settings and only change "-device virtio-gpu-gl to "-device virtio-gpu and "-display sdl,gl=on to "-display sdl,gl=off . Although qemu will have a lot of overhead at boot, the CPU usage when on the desktop should not eat your linux host's entire core. I also disabled Windows Defender, which I don't recommend if you run random stuff from the internet (or open .xlsm spreadsheets), but it helps. I ran CTT's windows debloat tool and removed edge because it was updating in the background for some reason. Even then Windows is still a last resort kind of machine when my desktop isn't available, not an actual work OS.
Edit with solution 2: The above still sucks compared to using RDP. Use the above to set up Windows Remote Desktop, then use for example Gnome Connections to RDP into it. I had to forward the RDP port to the Windows VM for it to work.
I changed the line
undefined
-netdev user,hostname=Quickemu,hostfwd=tcp::22220
Open hardware single board computer server recommendations?
Hi, I am looking for a SBC to self host stuff on. I would like it to be somewhat open hardware (manufacturer provides schematics and drivers are open source). Which is why I initially wanted to buy a banana-pi router but after reading a post in this /c/ I found that mainline linux support is fairly rare in these arm/riscv SBCs.
So I was hoping someone more knowledgeable would help me find some options. Here are my "wants":
- Low power drain
- Open source hardware and software
- Mainline linux support
- 2 ethernet ports, at least 1Gb
- at least 2GB RAM - could do with 1GB I suppose
- a reasonable way to connect 2 SSDs and 2 HDDs - ie. 4 sata ports or one pcie port (not through USB)
- EU seller. Not required but I hate dealing with import taxes and I like guarantees
- Finally I need it to have "wake on power", so that it can start automatically after power outage
The more I search the internet, the more it seems that this mythical computer does not exist but maybe someone knows