Re: [gentoo-user] Re: Password questions, looking for opinions. cryptsetup question too.
Grant Edwards wrote: > On 2023-09-20, Dale wrote: > >> For websites, I really like Bitwarden. I remember one password and it >> can generate passwords for all the websites I use. The passwords it >> generates are pretty random. For sites that don't allow symbols, I can >> turn that off. The big point, I only remember one password. Thing is, >> on one hand I need help remembering all these passwords. On the other >> hand, that is a risk itself. > I second the recommendation of Bitwarden. I used to use Lastpass but > they discontinued their free version, and the entry-level price was > just too high. I was so impressed with Bitwarden's support that I did > end up subsribing to their lowest-level paid service even though I > don't really need any of the extras that gets me. It's also nice to > know that I can set up my own Bitwarden server if I want to. > > If you're using Bitwarden's cloudy storage, don't forget to back up > your password database locally too. I always back it up in human > readable format and then encrypt it using openssl command-line > methods. You don't want to have to depend on either Bitwarden's > servers or the Bitwarden app to retreive your passwords. > > -- > Grant > Usually, once a year I change my major passwords, bank, credit card, ebay, Paypal, Amazon and such. I have a folder thingy that I store those in to make sure I don't forget to change something important. Anyway, when I do that and use the new passwords successfully, I make a backup copy and on my rig, I can encrypt it with a right click. I then shred the original. While I think Bitwarden will be around and they will work fine, one never knows. I'm thinking of making a one time donation to Bitwarden. Just to help them out. I can't do much but I can do that. I used Lastpass until they switched too. I actually imported my passwords from one to the other. It seems to work the same way to me. I still use Lastpass in Seamonkey. Bitwarden doesn't have a plugin for Seamonkey that I've found. Lastpass hasn't been updated in ages either. Once Firefox did their major changes a few years ago, a lot of old plugins are no longer maintained. Seamonkey needs to catch up or it is going to die. Dale :-) :-)
Re: [gentoo-user] Re: Computer case for new build
Grant Edwards wrote: > On 2023-09-20, Dale wrote: >> Grant Edwards wrote: On 2023-09-18, Dale wrote: >> >>> The built-in Intel video on an oldish Intel i5 at the office is >>> currently driving 3 displays. The built-in video on the AMD at home is >>> driving 2 and, IIRC, could handle 2 more. >> Then maybe I can use the onboard one. At least I know it is a option. >> Most of the mobos I've seen, shich are older by the way, have only one >> port, usually a DB15. I think I got one around here somewhere that has >> a HDMI, I think. > The old i5 used to have an NVidia 3xx Quadro board installed which had > a dual DisplayPort pigtail cable with DisplayPort to DVI adapters to > drive two 1600x1200 monitors. I wasn't using the built-in graphics at > all because we've all known for decades that built-in graphics were > useless, right? > > Then the pandemic happened, and I brought the NVidia card and one of > those monitors home for the duration, leaving the other monitor > plugged in to the i5 motherboard's DVI output. > > Not too long after that, NVidia stopped supporting the Quadro card. I > got to a point where I needed to update the kernel for [some reason]. > But, the NVidia driver wasn't available for a kernel that recent. The > i5 motherboard I had at home at the time had DVI, HDMI, and DB15 > connectors on the back. I sort of assumed that the built-in graphics > could only mirror the same image onto multiple displays, but once I > got the right cables, it drove a 1600x1200 and a 1920x1200 at full > resolution with no problems. The one thing the built-in graphics > couldn't do is provide two separate X11 displays (instead of one > virtual display that's spread out over two monitors). For various > reasons I had always run multiple separate X11 desktops on NVidia > cards rather than one desktop spread over multiple monitors. But I got > used to the single large virtual desktop setup. > > I've since replaced the home i5 machine with a Ryzen 5 3400G, and it > was definitely a step up in video performance. > > Then I acquired a couple more monitors so that I had three at the > office. That i5 motherboard has DVI, HDMI, mini-DisplayPort and DB15 > connectors. With the right adapter cables, I was able to connect two > 1600x1200 monitors to DVI and HDMI, plus a 1600x900 monitor to the > mini-DP port. It drives all of them at their native resolutions. > > I don't do any heavy duty gaming or 3D stuff, so I can't vouch for > performance in that area. But both the i5 and Ryzen 5 have HW > direct-rending 3D support, and the RC heli/plane flight simulator I do > play with seems happy enough (the two year old Ryzen 3400G does > maintain noticably higher frame-rates than the ten year old i5-3570K). > > Neither one of these processors was top of the class for integrated > graphics when they were introduced. I tend to go for lower TDP to > keep fan noise down, and that limits GPU performance. > > -- > Grant The way my displays are set up is like this. In nvidia-settings, I set my monitor as primary. In nvidia-settings, I set the second display, sometimes called screen 1, to be to the right of primary display. Primary is also called screen 0 in places. Names seem to change at times. My usual computer stuff is on the primary screen, screen 0. However, to watch TV, I right click on file and pick smplayer. Now smplayer is set to go to screen 1, right display, automatically and go full screen. Also, sound is set to go there as well. It behaves just the same as it does when I'm watching some other device, cable etc. Neither of the displays takes much as far as power goes. Heck, a lot of videos I watch are only 720p anyway. From what you describe, that should be more than enough for my uses. It seems that the way on board stuff works even with Linux has come a long ways. Sounds like the Linux drivers have come a long ways too. This is good to know. It helps with some options at least. Dale :-) :-)
Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
Michael wrote: > On Tuesday, 19 September 2023 06:36:13 BST Dale wrote: > >> Heck, a link to some good info on that would be good. :-) > https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/FAQ.md > > https://gitlab.com/cryptsetup/cryptsetup/wikis/LUKS-standard/on-disk-format.pdf > > https://wiki.archlinux.org/title/Data-at-rest_encryption Oops. Should have sent this in other message. Interesting links. Some of the info I'm clueless. I don't know some of the terms and what they mean. Some of it I get tho. Basically, despite people wanting to encrypt to protect data, some powerful entities can still crack it no matter how good the password or phrase is. It seems encryption done 'on the fly' I think is the phrase they use is just very hard to do without some serious CPU power or other tools. Am I getting it? I have a question tho. Can a person use a password/pass phrase that is like this: 'This is a stupid pass phrase.' Does it accept that even with spaces? I know file names can have spaces for a long while now but way back, you couldn't do that easily. One had to use dashes or underscores. Uses spaces could open a few options. Dale :-) :-)
[gentoo-user] Re: Password questions, looking for opinions. cryptsetup question too.
On 2023-09-20, Dale wrote: > For websites, I really like Bitwarden. I remember one password and it > can generate passwords for all the websites I use. The passwords it > generates are pretty random. For sites that don't allow symbols, I can > turn that off. The big point, I only remember one password. Thing is, > on one hand I need help remembering all these passwords. On the other > hand, that is a risk itself. I second the recommendation of Bitwarden. I used to use Lastpass but they discontinued their free version, and the entry-level price was just too high. I was so impressed with Bitwarden's support that I did end up subsribing to their lowest-level paid service even though I don't really need any of the extras that gets me. It's also nice to know that I can set up my own Bitwarden server if I want to. If you're using Bitwarden's cloudy storage, don't forget to back up your password database locally too. I always back it up in human readable format and then encrypt it using openssl command-line methods. You don't want to have to depend on either Bitwarden's servers or the Bitwarden app to retreive your passwords. -- Grant
Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
Michael wrote: > On Tuesday, 19 September 2023 12:13:40 BST Dale wrote: >> H, >> >> For some reason, I didn't get Michael's email. I see him being quoted >> but don't have his original. I wonder what is up with that. O-o > Assuming you will receive this message, have a look here: > > https://marc.info/?l=gentoo-user=169511184714476=2 > > >> Rich Freeman wrote: >>> On Tue, Sep 19, 2023 at 4:26 AM Michael wrote: On Tuesday, 19 September 2023 06:36:13 BST Dale wrote: > Howdy, A strong password, like a strong door lock, buys you time. Hence the general recommendation to change your passwords frequently. >>> While that can help on websites, it is of no use for full disk >>> encryption passwords - at least not without jumping through some big >>> hoops. >>> >>> In order to crack your LUKS password somebody obviously needs to be >>> able to read the encrypted contents of your disk. They cannot begin >>> cracking it until they have a copy of the LUKS headers. However, once >>> they do have it, they can make a copy and crack it at their leisure. >>> If they manage to crack it, then it will give them the volume key. At >>> that point if they were able to make a full copy of your disk they can >>> read whatever was on it at the time. If they can make a fresh copy of >>> your disk then changing the passphrase will not change the volume key, >>> and so they'll be able to read what is currently on your disk. >>> >>> Changing the volume key would defeat this, but requires running >>> cryptsetup-reencrypt which will take considerable time/CPU, though it >>> sounds like it can be done online. >> Let's jump into a hypothetical here. Let's say I'm a nasty terrorist or >> some other really evil dude. Let's say I have passwords are that really >> good. Let's say around 20 characters and a really nice mix of >> characters. If some gov't agency got my hard drive, how long would it >> take for them to crack it? > A couple of minutes? > > https://xkcd.com/538/ > > :-) I did get this one. I also got the other message, I think at the same time. It sure did arrive late tho. I have mine set up to view as threads. This thread looked odd until it got the previous message. Must have got hung up somewhere. Maybe a server somewhere had to reboot and it took a while. ROFL I like the cartoon. In some countries, that would likely be a first option. :/ Dale :-) :-)
[gentoo-user] Re: Computer case for new build
On 2023-09-20, Dale wrote: > Grant Edwards wrote: On 2023-09-18, Dale wrote: > >> The built-in Intel video on an oldish Intel i5 at the office is >> currently driving 3 displays. The built-in video on the AMD at home is >> driving 2 and, IIRC, could handle 2 more. > > Then maybe I can use the onboard one. At least I know it is a option. > Most of the mobos I've seen, shich are older by the way, have only one > port, usually a DB15. I think I got one around here somewhere that has > a HDMI, I think. The old i5 used to have an NVidia 3xx Quadro board installed which had a dual DisplayPort pigtail cable with DisplayPort to DVI adapters to drive two 1600x1200 monitors. I wasn't using the built-in graphics at all because we've all known for decades that built-in graphics were useless, right? Then the pandemic happened, and I brought the NVidia card and one of those monitors home for the duration, leaving the other monitor plugged in to the i5 motherboard's DVI output. Not too long after that, NVidia stopped supporting the Quadro card. I got to a point where I needed to update the kernel for [some reason]. But, the NVidia driver wasn't available for a kernel that recent. The i5 motherboard I had at home at the time had DVI, HDMI, and DB15 connectors on the back. I sort of assumed that the built-in graphics could only mirror the same image onto multiple displays, but once I got the right cables, it drove a 1600x1200 and a 1920x1200 at full resolution with no problems. The one thing the built-in graphics couldn't do is provide two separate X11 displays (instead of one virtual display that's spread out over two monitors). For various reasons I had always run multiple separate X11 desktops on NVidia cards rather than one desktop spread over multiple monitors. But I got used to the single large virtual desktop setup. I've since replaced the home i5 machine with a Ryzen 5 3400G, and it was definitely a step up in video performance. Then I acquired a couple more monitors so that I had three at the office. That i5 motherboard has DVI, HDMI, mini-DisplayPort and DB15 connectors. With the right adapter cables, I was able to connect two 1600x1200 monitors to DVI and HDMI, plus a 1600x900 monitor to the mini-DP port. It drives all of them at their native resolutions. I don't do any heavy duty gaming or 3D stuff, so I can't vouch for performance in that area. But both the i5 and Ryzen 5 have HW direct-rending 3D support, and the RC heli/plane flight simulator I do play with seems happy enough (the two year old Ryzen 3400G does maintain noticably higher frame-rates than the ten year old i5-3570K). Neither one of these processors was top of the class for integrated graphics when they were introduced. I tend to go for lower TDP to keep fan noise down, and that limits GPU performance. -- Grant
Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
Jude DaShiell wrote: > I generate random passwords using dice. First and last characters in > passwords are letters that's arbitrary buys more time. Those should have > lengths over 13 and before the agency I used to work for went to > smartcards and 256 character random passwords their last standard was 16 > characters with minimum two symbols minimum two numbers minimum two > upper-case and minimum two lower-case. No dictionary words or keyboard > walking allowed. Firewall piercing with laptops got used regularly by > state actors and there is a firewall-piercing-howto file on the internet > for anyone interested. > The remaining characters first got their sets chosen. A 1 on dice picked > a number for that spot and a 6 picked a symbol. Two or 3 picked an > upper-case and 4 or 5 picked a lower-case. Once the set spots got figured > five dice got used for letters add the total and subtract 4 for the > particular letter. three dice got used for symbols with a single dice > roll of either odd for first 16 symbols or even single dice roll for > second 16 symbols. Your choice as to put which 16 symbols in the even and > odd sets those could be randomized. Numbers used two dice with 2 > subtracted from total and a 2 rolled with the dice returned a 0. Slow and > necessary to write worksheet down as dice rolling proceeded and password > needed writing down on completion. Since I do most of my writing in > braille I have a good encryption system I can encrypt further by using the > old English braille instead of the American braille. American braille has > dot arrangement 123 down left side of cell for reading and 4 5 6 down > right side of cell for reading. English braille has 1 3 5 down the left > side and 2 4 6 down the right side of the cell for reading. Those are dot > number arrangements. Braille readers on this list I expect maybe only one > other will understand what I just wrote. > > > -- Jude "There are four boxes to be used in > defense of liberty: soap, ballot, jury, and ammo. Please use in that > order." Ed Howdershelt 1940. It is interesting what people can come up with. Thing is, if one uses a true random generated password, they are hard to crack but also hard to remember. I try to come up with something that will be hard to crack but easy for me to remember. Thing is, I do have a few passwords to keep up with. I recently changed my root password. I plan to change my user password soon. Then I have the password for Bitwarden. Then I have the password for the NAS, three external hard drives with different passwords for each etc. That's a lot to remember. To be honest, it's getting to be a bit much. Associating one password to one item is also difficult. Unless one leaves clues. Thing is, those clues reveal things as well. For websites, I really like Bitwarden. I remember one password and it can generate passwords for all the websites I use. The passwords it generates are pretty random. For sites that don't allow symbols, I can turn that off. The big point, I only remember one password. Thing is, on one hand I need help remembering all these passwords. On the other hand, that is a risk itself. This reminds me of a tennis ball. It just goes back and forth. Dale :-) :-) > On Tue, 19 Sep 2023, Michael wrote: > >> On Tuesday, 19 September 2023 06:36:13 BST Dale wrote: >>> Howdy, >>> >>> As some know, I encrypt a lot of stuff here. I use passwords that I can >>> recall but no one could ever guess. I don't use things that someone may >>> figure out like pet's name or anything like that. I use a couple sites >>> to see just how good my passwords are. I try to get into the millions >>> of years at least. I have a couple that it claims is in the trillions >>> of years to crack. I've read some things not to use like pet names and >>> such. I've also read that one should use upper and lower case letters, >>> symbols and such and I do that, especially on my stuff I never want to >>> be cracked. Some stuff, when I'm dead, it's gone. >> As/when quantum computers development progresses, many/some passwords and >> hashes will be cracked/brute forced (RSA encryption springs to mind). It is >> best if you can think of any password as keeping your door and windows >> locked. >> They will stop most opportunistic attempts, but not anyone who is determined >> to break in. It is unlikely your passwords will stop state actors. A strong >> password, like a strong door lock, buys you time. Hence the general >> recommendation to change your passwords frequently. >> >> >>> In the real world tho, how do people reading this make passwords that no >>> one could ever guess? >> You can use gpg, or openssl, or app-admin/apg, or app-admin/pwgen, to >> generate >> random enough strings to use as passwords. They will be difficult to guess, >> but will be VERY difficult to remember. You'll have to store them offline >> and/or protect them in turn with some master passphrase
Re: [gentoo-user] Re: Computer case for new build
Grant Edwards wrote: > On 2023-09-18, Dale wrote: > >> Well, for one, I usually upgrade the video card several times before I >> upgrade the mobo. When it is built in, not a option. I think I'm on my >> third in this rig. I also need multiple outputs, two at least. One for >> monitor and one for TV. > The built-in Intel video on an oldish Intel i5 at the office is > currently driving 3 displays. The built-in video on the AMD at home is > driving 2 and, IIRC, could handle 2 more. > > -- > Grant > > > . > Then maybe I can use the onboard one. At least I know it is a option. Most of the mobos I've seen, shich are older by the way, have only one port, usually a DB15. I think I got one around here somewhere that has a HDMI, I think. That's good to know. Dale :-) :-)
Re: [gentoo-user] Computer case for new build
Rich Freeman wrote: > > Well, you can, but they don't fit on a tweet. Just my really long emails... > > We're not their target demographic in any case. Now, if Dale wanted > more RGB lights and transparent water hoses, and not more PCIe slots, > the market would be happy to supply... > That seems to be the trend with a lot of things. People want flashy stuff, that really serves little purpose, and sadly, to many people fall for it. It's just like a car. I drive a 1994 Mazda Protege complete with a antique tag. The fanciest thing it has, buttons to adjust the outside mirrors. I went with a friend that bought a brand new car. When I saw all the gadgets in that thing, I was sick. If someone offered me a free new or close to new car, I'd take it but I'd want to disable half the car right from the start. I might use a USB port to charge my phone but that is about as fancy as I want to get. The back up camera can be handy too but I could do without it as well. Haven't had one for 40 years. Never hit anything. ;-) I hope I don't end up having to get a more expensive server board just to get the PCIe slots I need. If past is any predictor of current things, I'd need one for network, would like two for either a SATA or SAS card and one for video card. That's three, prefer four slots. The ethernet would only take the smaller one, PCIex1 I think it is called. The video would be PCIex16 but most mobos have that. The SATA/SAS slot would depend on the card and what it needs. I think some are the faster ones called PCIex4 or something. That would be the smallest number of slots I could get by with. I'd like to have a couple extras for something in the future. Sadly, I'm not sure they make them anymore. They are at least. Frank, the link to different mobos is really helpful. Big difference between AM4 and AM5 and slots. That site may be UK but the mobos are the same regardless. The prices will likely be off is all. Still, good for mobo hunting. Once I find a model, I can search USA sites for my price and availability. Very helpful. Dale :-) :-)
Re: [gentoo-user] PCIe x1 or PCIe x4 SATA controller card
On Tuesday, 19 September 2023 14:40:24 BST Peter Humphrey wrote: > My machine was built by Armari, and it has 64GB. Even that isn't enough to > accommodate more than one huge package emerge at a time - which is why I'd > like to see the new feature I've been bleating about. I might ask them if I > can double it. It turns out that I can double it to 128 GB, but at a cost of course. I'm now musing over whether I can justify it. I'll also have to consider whether portage can make effective use of it. I also discovered that Armari are a big player. They've supplied well over 100 huge systems to CERN for the LHC. I wish I had CERN's money! :) -- Regards, Peter.
Re: [gentoo-user] Computer case for new build
On Tue, Sep 19, 2023 at 1:05 PM Frank Steinmetzger wrote: > > Am Tue, Sep 19, 2023 at 11:01:48AM -0400 schrieb Rich Freeman: > > No, the chipset downlink is always four lanes wide. The diagram you linked has 8, but I can't vouch for its accuracy. Haven't looked into it for AM4. > > Again, that is AM4 which I haven't looked into as much. AM5 increases > > the v5 lanes and still has some v4 lanes. > > AFAIR, PCIe 5 is only guaranteed for the NVMe slot. The rest is optional or > subject to the chipset. Actually, PCIe v5 isn't guaranteed for the NVMe slot either, or even the first 16x slot. It is all subject to the motherboard design. There are AM5 MBs that don't have any PCIe v5 slots. > > I'm sure PCIe v5 switching is hard/expensive, but they definitely > > could mix things up however they want. The reality is that most IO > > devices aren't going to be busy all the time, so you definitely could > > split 8 lanes up 64 ways, especially if you drop a generation or two > > along the way. > > Unfortunately you can’t put low-speed connectors on a marketing sheet, when > competitors have teh shizz. Well, you can, but they don't fit on a tweet. Just my really long emails... We're not their target demographic in any case. Now, if Dale wanted more RGB lights and transparent water hoses, and not more PCIe slots, the market would be happy to supply... > > > Server hardware definitely avoids many of the limitations, but it just > > tends to be super-expensive. > > Which is funny because with the global cloud trend, you would think that its > supply increases and prices go down. I think the problem is that the buyers are way less price-sensitive. When a medium/large company is buying a server, odds are they're spending at least tens of thousands of dollars on the software/maintenance side of the project, if not hundreds of thousands or more. They also like to standardize on hardware, so they'll pick the one-size-fits-all solution that can work in any situation, even if it is pricey. Paying $5k for a server isn't a big deal, especially if it is reliable/etc so that it can be neglected for 5 years (since touching it involves dragging in the project team again, which involves spending $15k worth of time just getting the project approved). The place where they are price-sensitive is on really large-scale operations, like cloud providers, Google, social media, and so on - where they need tens of thousands of identical servers. These companies would create demand for very efficiently-priced hardware. However, at their scale they can afford to custom develop their own stuff, and they don't sell to the public, so while that cheap server hardware exists, you can't obtain it. Plus it will be very tailored to their specific use case. If Google needs a gazillion workers for their search engine they might have tensor cores and lots of CPU, and maybe almost no RAM/storage. If they need local storage they might have one M.2 slot and no PCIe slots at all, or some other lopsided config. Backblaze has their storage pods that are basically one giant stack of HDD replicators and almost nothing else. They probably don't even have sideband management on their hardware, or if they do it is something integrated with their own custom solutions. Oh, the other big user is the US government, and they're happy to pay for a million of those $5k servers as long as they're assembled in the right congressional districts. Reducing the spending probably reduces the number of jobs, so that is an anti-feature... :) -- Rich
Re: [gentoo-user] Computer case for new build
Am Tue, Sep 19, 2023 at 11:01:48AM -0400 schrieb Rich Freeman: > > > The higher-end motherboards have switches, and not all > > > the lanes may be the highest supported generation, but I don't think > > > any modern AMD motherboards have any kind of PCIe controller on them. > > > > Here are the I/O capabilities of the socket: > > https://www.reddit.com/r/Amd/comments/bus60i/amd_x570_detailed_block_diagram_pcie_lanes_and_io/ > > So, that is AM4, not AM5 Yup. I kept on rambling about AM4, because that’s what I laid my eyes on (and so did Dale a few posts up). > > A slight problem is that it is connected to the CPU by only 4.0×4. So tough > > luck if you want to do parallel high-speed stuff with two PCIe×4 M.2 drives. > > So, that block diagram is a bit weak. If you look on the left side it > clearly shows 20 PCIe lanes, and the GPU only needs 16. So there are > 8 lanes for the MB chipset to use. No, the chipset downlink is always four lanes wide. PCIe 4.0 for most AM4 CPUs, but PCIe 3.0 for the monolithic APUs (because they don’t have 4.0 at all, as their I/O die is different). The remaining four lanes are reserved for an NVMe slot. > The 4 on the left aren't the same as the 4 on the right I think. The diagram is indeed a bit confused in that part. > Again, that is AM4 which I haven't looked into as much. AM5 increases > the v5 lanes and still has some v4 lanes. AFAIR, PCIe 5 is only guaranteed for the NVMe slot. The rest is optional or subject to the chipset. As in the A series doesn’t have it, stuff like that. But it’s been a while since I read about that, so my memory is hazy. > All the same desktop CPUs are a bit starved for lanes. Hey we did get four more now with AM5 vs. AM4. > I'm sure PCIe v5 switching is hard/expensive, but they definitely > could mix things up however they want. The reality is that most IO > devices aren't going to be busy all the time, so you definitely could > split 8 lanes up 64 ways, especially if you drop a generation or two > along the way. Unfortunately you can’t put low-speed connectors on a marketing sheet, when competitors have teh shizz. > Server hardware definitely avoids many of the limitations, but it just > tends to be super-expensive. Which is funny because with the global cloud trend, you would think that its supply increases and prices go down. -- Grüße | Greetings | Salut | Qapla’ Please do not share anything from, with or about me on any social network. If you were born feet-first, then, for a short moment, you wore your mother as a hat. signature.asc Description: PGP signature
Re: [gentoo-user] Computer case for new build
On Tue, Sep 19, 2023 at 10:35 AM Frank Steinmetzger wrote: > > Am Tue, Sep 19, 2023 at 09:17:45AM -0400 schrieb Rich Freeman: > > > The higher-end motherboards have switches, and not all > > the lanes may be the highest supported generation, but I don't think > > any modern AMD motherboards have any kind of PCIe controller on them. > > Here are the I/O capabilities of the socket: > https://www.reddit.com/r/Amd/comments/bus60i/amd_x570_detailed_block_diagram_pcie_lanes_and_io/ So, that is AM4, not AM5 > A slight problem is that it is connected to the CPU by only 4.0×4. So tough > luck if you want to do parallel high-speed stuff with two PCIe×4 M.2 drives. So, that block diagram is a bit weak. If you look on the left side it clearly shows 20 PCIe lanes, and the GPU only needs 16. So there are 8 lanes for the MB chipset to use. The 4 on the left aren't the same as the 4 on the right I think. Again, that is AM4 which I haven't looked into as much. AM5 increases the v5 lanes and still has some v4 lanes. > > Basically memory, USB, and PCIe are all getting so fast that trying to > > implement a whole bunch of separate controller chips just doesn't make > > sense. > > However, the CPU has a limited number of them, hence there are more in the > chipset. Most notably SATA. Yup, especially since AM5 dropped SATA entirely. The chipset would be using PCIe lanes for SATA. > Those look really weird. “Huge” ATX boards, but all covered up with fancy > gamer-style plastics lids and only two slots poking out. Yeah, that is definitely the trend. Few are using PCIe cards, so they aren't supporting as many. In theory they could take one PCIe v5 lane on the board and run it into a switch and provide 4 more 1x v3 lanes for older expansion cards, and so on. Those v5 lanes can move a lot of data and other than the GPU and maybe NVMe little is using them. All the same desktop CPUs are a bit starved for lanes. > > > Look at the X670 chipset boards as those tend to have PCIe switches which > > give them more lanes. The switched interfaces will generally not support > > PCIe v5. > > The X series are two “B-chipset chips” daisychained together to double the > downstream connections. Meaning one sits behind the other from the POV of > the CPU and they share their uplink. > > Here are some nice block diagrams of the different AM5 chipset families: > https://www.hwcooling.net/en/amd-am5-platform-b650-x670-x670e-chipsets-and-how-they-differ/ Thanks - that site is handy. I'm sure PCIe v5 switching is hard/expensive, but they definitely could mix things up however they want. The reality is that most IO devices aren't going to be busy all the time, so you definitely could split 8 lanes up 64 ways, especially if you drop a generation or two along the way. It is all packet switched so it is really no different than having a 24 port gigabit network switch with a 10Gb uplink - sure in theory the uplink could be saturated but typically it would not be. Ultimately though the problem is supply and demand. There just isn't much demand for consumer boards with stacks of expansion cards, so nobody makes them. They'd rather give you more M.2 slots, USB, or just make the CPU cheaper. That is why I've been trying to change how I design my storage/etc. Rather than trying to find the one motherboard+HBA combo that lets me cram 16 drives into one case, it is WAY easier to get a bunch of $100 used corporate SFF desktops, slap a 10GbE NIC in them, and plug USB3 hard drives into them. The drives still perform about as fast, and it is infinitely expandable. If anything breaks it can be readily replaced by commoditized hardware. Hardest part is just making sure the SFF PC has a 16x slot and integrated graphics, but that isn't too big of an ask. Server hardware definitely avoids many of the limitations, but it just tends to be super-expensive. Granted, I haven't been looking on eBay for used stuff. The used desktop gear at least tends to be reasonably low-power - you have to watch the server gear as the older stuff can tend to guzzle power (newer stuff isn't as bad). Granted, you can definitely find server hardware that can accomodate 12+ drives. -- Rich
Re: [gentoo-user] Computer case for new build
Am Tue, Sep 19, 2023 at 09:17:45AM -0400 schrieb Rich Freeman: > > Well they allow you to put larger cards in, but they don’t have the lanes > > for it. Somewhere else in the thread was mentioned that the number of lanes > > is very limited. Only the main slot (the big one for the GPU) is directly > > connected to the CPU. The rest is hooked up to the chipset which itself is > > connected to the CPU either via PCIe×4 (AMD) or whatchacallit (DMI?) for > > Intel. > > So, on most AMD boards these days all the PCIe lanes are wired to the > CPU I believe. Not all. Only the main slot. The rest is routed through the chipset. I’m only speaking of expansion slots here. But for NVMe it is similar: the primary one is attached to the CPU, any other is connected via the chipset. This is for AM4. AM5 provides two NVMes. > The higher-end motherboards have switches, and not all > the lanes may be the highest supported generation, but I don't think > any modern AMD motherboards have any kind of PCIe controller on them. Here are the I/O capabilities of the socket: https://www.reddit.com/r/Amd/comments/bus60i/amd_x570_detailed_block_diagram_pcie_lanes_and_io/ A slight problem is that it is connected to the CPU by only 4.0×4. So tough luck if you want to do parallel high-speed stuff with two PCIe×4 M.2 drives. > Basically memory, USB, and PCIe are all getting so fast that trying to > implement a whole bunch of separate controller chips just doesn't make > sense. However, the CPU has a limited number of them, hence there are more in the chipset. Most notably SATA. > > Look for youself and filter what you need, like 1 or 2 HDMI, DP and PCIe: > > AM4: https://skinflint.co.uk/?cat=mbam4=18869_4%7E4400_ATX > > AM5: https://skinflint.co.uk/?cat=mbam5=18869_4%7E4400_ATX > > Interestingly: the filter goes up to 6 PCIe slots for the former, but only > > to > > 4 for the latter. > > You can definitely get more PCIe slots on AM5, but the trend is to > have less in general. Those look really weird. “Huge” ATX boards, but all covered up with fancy gamer-style plastics lids and only two slots poking out. > Look at the X670 chipset boards as those tend to have PCIe switches which > give them more lanes. The switched interfaces will generally not support > PCIe v5. The X series are two “B-chipset chips” daisychained together to double the downstream connections. Meaning one sits behind the other from the POV of the CPU and they share their uplink. Here are some nice block diagrams of the different AM5 chipset families: https://www.hwcooling.net/en/amd-am5-platform-b650-x670-x670e-chipsets-and-how-they-differ/ -- Grüße | Greetings | Qapla’ Please do not share anything from, with or about me on any social network. Greet every douche, for he may be your superior tomorrow. signature.asc Description: PGP signature
Re: [gentoo-user] PCIe x1 or PCIe x4 SATA controller card
On Sunday, 26 March 2023 20:08:29 BST Dale wrote: > I looked at a few lists of CPU processors. This is a bit pricey but I may > try to buy a AMD Ryzen 9 5900X 12-Core @ 3.7 GHz. It has 4 more cores but > clock speed is a little slower. Even just comparing number of cores and the > fairly close clock speed, that alone should make it a bit faster. Add in > that they make them run code more efficiently now, should be a good bit > better. That's the CPU I have. It's double-threaded, and it just flies. :) > I usually try to aim for 4 or 5 times more processing power. I suspect > this may help with encryption as well since newer CPUs have extra code > just for that on there now. Most of the mobos also handle a lot more > memory as well. I have 32GBs now. Most support 64GB and I think I saw > a 128GB version somewhere. My machine was built by Armari, and it has 64GB. Even that isn't enough to accommodate more than one huge package emerge at a time - which is why I'd like to see the new feature I've been bleating about. I might ask them if I can double it. -- Regards, Peter.
Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
Am 19.09.23 um 13:47 schrieb Michael: A couple of minutes? https://xkcd.com/538/ Most crypto nerds have a wrench at home. The gov. can even save those 5$. :-)
Re: [gentoo-user] Computer case for new build
On Tue, Sep 19, 2023 at 8:26 AM Frank Steinmetzger wrote: > > BTW: it’s APU, without the G. Because it is an Accellerated Processing Unit > (i.e. a processor), not a GPU. No real "reason" for it besides branding/naming/etc. They could have called it a MPU for Mixed Processing Unit if they wanted, and no doubt somebody would come up with a nice explanation about how that is the only term that makes sense. The GPU in a processor with an integrated GPU is a GPU like just about any other. It might not have dedicated memory, and it might not be as big, but they do the same thing. > Well they allow you to put larger cards in, but they don’t have the lanes > for it. Somewhere else in the thread was mentioned that the number of lanes > is very limited. Only the main slot (the big one for the GPU) is directly > connected to the CPU. The rest is hooked up to the chipset which itself is > connected to the CPU either via PCIe×4 (AMD) or whatchacallit (DMI?) for > Intel. So, on most AMD boards these days all the PCIe lanes are wired to the CPU I believe. The higher-end motherboards have switches, and not all the lanes may be the highest supported generation, but I don't think any modern AMD motherboards have any kind of PCIe controller on them. Basically memory, USB, and PCIe are all getting so fast that trying to implement a whole bunch of separate controller chips just doesn't make sense. They benefit from higher end fabs, though not necessarily quite as high-end as the processor cores themselves (hence the AMD chiplet design). A single PCIe v5 lane is moving data at 32Gb/s. Plus if you were going to consolidate things at that speed on the motherboard you'd need one heck of a pipe to get it from there to the CPU anyway (something the CPU has internally). It looks like Intel still puts a controller on the motherboard AM5 has 28 PCIe v5 lanes, 4 PCIe v4 lanes, and 4 20Gbps USB3 ports. LGA1700+MB has 16 PCIe v5 lanes, 16 PCIe v4 lanes, 16 PCI v3 lanes, and quite a bit more USB3 (though that is via the MB so I'm not sure it can sustain them all at max). Not meant as an Intel vs AMD comparison as I'm sure there are caveats in the details, and individual motherboards use that IO differently, but just meant to give a sense of what these desktop CPUs typically deliver. In contrast here are the latest server sockets: SP5 (AMD) has 128 PCIe v5 lanes, and 4 20Gbps USB3 ports (and 16 memory channels is of course a big selling point - vs 4 on AM5) LGA 4677 (Intel) has 16 PCIe v4 lanes and 12 PCIe v3 lanes, and again more USB3 (all via the MB). I'm actually kinda surprised how few lanes it has. It also only has 8 memory channels. Seems like PCIe v5 isn't as much of a selling point on servers. If I missed some detail please point it out - I mainly run AMD desktop CPUs so there could be some server/Intel capabilities out there I'm less familiar with. With the Intel approach of putting more on the motherboard I suspect that there might be bottlenecks if all that IO were to be used at once, though that does seem unlikely. > Look for youself and filter what you need, like 1 or 2 HDMI, DP and PCIe: > AM4: https://skinflint.co.uk/?cat=mbam4=18869_4%7E4400_ATX > AM5: https://skinflint.co.uk/?cat=mbam5=18869_4%7E4400_ATX > Interestingly: the filter goes up to 6 PCIe slots for the former, but only to > 4 for the latter. You can definitely get more PCIe slots on AM5, but the trend is to have less in general. Look at the X670 chipset boards as those tend to have PCIe switches which give them more lanes. The switched interfaces will generally not support PCIe v5. That said, the SATA ports tend to take up lanes (AM5 has no SATA support on the CPU), so motherboards that have 4x/2x slots available might disable some SATA ports if they use them. The trend is definitely more towards M.2 and those each eat up 4 lanes. In any case, if what you want is lots of IO, I guess you can shell out for an EPYC... -- Rich
[gentoo-user] Re: Computer case for new build
On 2023-09-18, Dale wrote: > Well, for one, I usually upgrade the video card several times before I > upgrade the mobo. When it is built in, not a option. I think I'm on my > third in this rig. I also need multiple outputs, two at least. One for > monitor and one for TV. The built-in Intel video on an oldish Intel i5 at the office is currently driving 3 displays. The built-in video on the AMD at home is driving 2 and, IIRC, could handle 2 more. -- Grant
Re: [gentoo-user] Controlling emerges
On Monday, 18 September 2023 17:13:04 BST Alan McKinnon wrote: > I did read all those but no matter how you move things around you still > have only X resources available all the time. > Whether you just let emerge do it's thing or try get it to do big packages > on their own, everything is still going to use the same number of cpu > cycles overall and you will save nothing. That isn't the point. The point is that it takes twice as long, and it wastes the machine's resources while I twiddle my thumbs waiting for it. > If webkit-gtk is the only big package, have you considered: > > emerge -1v webkit-gtk && emerge -avuND @world? Of course. > What you have is not a portage problem. It is a orthodox parallelism > problem, and I think you are thinking your constraint is unique in the work > - it isn't. No, I think my problem has not been tackled by the portage developers. > With parallelism, trying to fiddle single nodes to improve things overall > never really works out. See above. -- Regards, Peter.
Re: [gentoo-user] Computer case for new build
Am Tue, Sep 19, 2023 at 04:43:02AM -0500 schrieb Dale: > Wols Lists wrote: > > Oh, and to the best of my knowledge, you can combine a video card and > > an AGPU. BTW: it’s APU, without the G. Because it is an Accellerated Processing Unit (i.e. a processor), not a GPU. > I been on Newegg using their rig builder feature. Just to get rough > ideas, I picked a AMD Ryzen 9 5900X 12-Core 3.7 GHz Socket AM4. Yea, I > did a copy and paste. lol It's a bit pricey but compared to my current > rig, I think it will run circles around it. My current rig has a AMD FX > -8350 Eight-Core Processor running at 4GHz or so. You think I'll see > some speed improvement or am I on the wrong track? Twice the single-thread performance and 7 times multi-core: https://www.cpubenchmark.net/cpu.php?cpu=AMD+FX-8350+Eight-Core=1780 https://www.cpubenchmark.net/cpu.php?cpu=AMD+Ryzen+9+5900X=3870 Naturally at lower power consumption as well. > My problem is the mobo. I need a few PCIe slots. Most just don't have > enough. Most have a slot for a video card. Then maybe 2 other slightly > slower ones and maybe one slow one. I can't recall what the names are > at the moment. I know the length of the connector tends to tell what > speed it is, tho some cheat and put long connectors but most of the > faster pins aren't used. That confuses things. Well they allow you to put larger cards in, but they don’t have the lanes for it. Somewhere else in the thread was mentioned that the number of lanes is very limited. Only the main slot (the big one for the GPU) is directly connected to the CPU. The rest is hooked up to the chipset which itself is connected to the CPU either via PCIe×4 (AMD) or whatchacallit (DMI?) for Intel. > Anyway, mobo, which I > will likely change, CPU and memory is already adding up to about $600. > I don't need much of a video card tho. The built in thing may be > enough, as long as I can connect my monitor and TV. The 5900X has no built-in. For the Ryzen 5000 series, only those with -G have graphics. The 7000 ones all have a basic GPU (may except for some with another suffix). > If someone knows of a good mobo, Gigabyte, ASUS preferred, that has > several PCIe slots, I'd like to know the model so I can check into it. > It's doesn't have to be the latest thing either. I tend to drop down > several notches from the top to save money. I still end up with a > pretty nice rig and save some money. Look for youself and filter what you need, like 1 or 2 HDMI, DP and PCIe: AM4: https://skinflint.co.uk/?cat=mbam4=18869_4%7E4400_ATX AM5: https://skinflint.co.uk/?cat=mbam5=18869_4%7E4400_ATX Interestingly: the filter goes up to 6 PCIe slots for the former, but only to 4 for the latter. -- Grüße | Greetings | Qapla’ Please do not share anything from, with or about me on any social network. Wires are either too short, not available or don’t work. signature.asc Description: PGP signature
Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
On Tuesday, 19 September 2023 12:13:40 BST Dale wrote: > H, > > For some reason, I didn't get Michael's email. I see him being quoted > but don't have his original. I wonder what is up with that. O-o Assuming you will receive this message, have a look here: https://marc.info/?l=gentoo-user=169511184714476=2 > Rich Freeman wrote: > > On Tue, Sep 19, 2023 at 4:26 AM Michael wrote: > >> On Tuesday, 19 September 2023 06:36:13 BST Dale wrote: > >>> Howdy, > >> > >> A strong > >> password, like a strong door lock, buys you time. Hence the general > >> recommendation to change your passwords frequently. > > > > While that can help on websites, it is of no use for full disk > > encryption passwords - at least not without jumping through some big > > hoops. > > > > In order to crack your LUKS password somebody obviously needs to be > > able to read the encrypted contents of your disk. They cannot begin > > cracking it until they have a copy of the LUKS headers. However, once > > they do have it, they can make a copy and crack it at their leisure. > > If they manage to crack it, then it will give them the volume key. At > > that point if they were able to make a full copy of your disk they can > > read whatever was on it at the time. If they can make a fresh copy of > > your disk then changing the passphrase will not change the volume key, > > and so they'll be able to read what is currently on your disk. > > > > Changing the volume key would defeat this, but requires running > > cryptsetup-reencrypt which will take considerable time/CPU, though it > > sounds like it can be done online. > > Let's jump into a hypothetical here. Let's say I'm a nasty terrorist or > some other really evil dude. Let's say I have passwords are that really > good. Let's say around 20 characters and a really nice mix of > characters. If some gov't agency got my hard drive, how long would it > take for them to crack it? A couple of minutes? https://xkcd.com/538/ :-) signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
Jude DaShiell wrote: > another possibility is use of a dictionary. Find a word in dictionary > note page column and line. Divide pages in dictionary by 2 and either add > or subtract that number of pages to or from page word is found on then on > the new page find the column and line for your actual password. Of > course, you write the first word you looked up down as your password and > not the second word you just found you use for your real password. > > > -- Jude "There are four boxes to be used in > defense of liberty: soap, ballot, jury, and ammo. Please use in that > order." Ed Howdershelt 1940. > > I think I've seen that used for messages ages ago. It's a way of sending info that without knowing how to decode it and the same version of dictionary, you have no idea what it says. Just don't lose the book you use. The responses I'm getting sure are interesting. Some I've seen but never thought of using myself. After all, it was a TV show, sometimes a history documentary or something. Reading about it here, it makes sense. Oh, like the signature too. ;-) Dale :-) :-)
Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
H, For some reason, I didn't get Michael's email. I see him being quoted but don't have his original. I wonder what is up with that. O-o Rich Freeman wrote: > On Tue, Sep 19, 2023 at 4:26 AM Michael wrote: >> On Tuesday, 19 September 2023 06:36:13 BST Dale wrote: >>> Howdy, >>> >> A strong >> password, like a strong door lock, buys you time. Hence the general >> recommendation to change your passwords frequently. > While that can help on websites, it is of no use for full disk > encryption passwords - at least not without jumping through some big > hoops. > > In order to crack your LUKS password somebody obviously needs to be > able to read the encrypted contents of your disk. They cannot begin > cracking it until they have a copy of the LUKS headers. However, once > they do have it, they can make a copy and crack it at their leisure. > If they manage to crack it, then it will give them the volume key. At > that point if they were able to make a full copy of your disk they can > read whatever was on it at the time. If they can make a fresh copy of > your disk then changing the passphrase will not change the volume key, > and so they'll be able to read what is currently on your disk. > > Changing the volume key would defeat this, but requires running > cryptsetup-reencrypt which will take considerable time/CPU, though it > sounds like it can be done online. > Let's jump into a hypothetical here. Let's say I'm a nasty terrorist or some other really evil dude. Let's say I have passwords are that really good. Let's say around 20 characters and a really nice mix of characters. If some gov't agency got my hard drive, how long would it take for them to crack it? I know when Snowden released all that info, there was some changes to encryption. Still, do they have the ability to crack them without much trouble? Is there something better to use than what I'm using now? I might add, when I configured my three drive setup, I sort of did it a different way. I still used cryptsetup but I used it later in the process. I also made sure to put the luks bit in. That way I can change passwords if needed. I found a new howto and it seems to end the same way but it's done in layers. Luks first and then encryption but different somehow. Mostly, I can change passwords on it. I don't really get the whole thing, yet. If I read it enough, my light bulb will come on. o_O > >>> Also, I use cryptsetup luksFormat -s 512 ... to encrypt things. Is >>> that 512 a good number? Can it be something different? I'd think since >>> it is needed as a option, it can have different values and encrypt >>> stronger or weaker. Is that the case? I've tried to find out but it >>> seems everyone uses 512. If that is the only value, why make it a >>> option? I figure it can have other values but how does that work? > You can use a different size, but 512b is the recommended value for > the default cipher. It is also the default I believe, so there isn't > much point in passing it. Actually, I'd consider passing that > parameter harmful unless you also specify the cipher. If in the > future the default changes to some other cipher, perhaps 512b will no > longer be appropriate, and you'll weaken it by specifying one and not > the other. > > If you just want to trust the defaults, then trust the defaults. > > As to why 512b is the recommendation, that seems like it would require > a LOT more reading. Apparently it is in an IEEE standard and I'd need > to grok a lot more crypto to appreciate it. > Well, I was wondering if it could be set to 1024 and it make the encryption stronger or something. I've searched but no one explains what that number really does other than set something. Since that is the default, I guess I can leave that out of my command. Save me some typing. Anyway, 512 it is. Dale :-) :-)
Re: [gentoo-user] Computer case for new build
On Tue, Sep 19, 2023 at 5:43 AM Dale wrote: > > I been on Newegg using their rig builder feature. Just to get rough > ideas, I picked a AMD Ryzen 9 5900X 12-Core 3.7 GHz Socket AM4. Yea, I > did a copy and paste. lol It's a bit pricey but compared to my current > rig, I think it will run circles around it. My current rig has a AMD FX > -8350 Eight-Core Processor running at 4GHz or so. You think I'll see > some speed improvement or am I on the wrong track? Lol - they'd be night and day, and that's just looking at CPU. The RAM is way faster too. CPU mark lists the 5900X as 6-7x faster, and the 7900X as almost 9x faster. > My problem is the mobo. I need a few PCIe slots. Most just don't have > enough. The trend is towards fewer slots. Some of that is driven by the addition of M.2 slots which require 4 lanes each. More of the IO is going to USB compared to PCIe, probably because that is what people tend to use with desktops. > Most have a slot for a video card. Then maybe 2 other slightly > slower ones and maybe one slow one. I can't recall what the names are > at the moment. I know the length of the connector tends to tell what > speed it is, tho some cheat and put long connectors but most of the > faster pins aren't used. This is actually pretty simple. PCIe is measured in lanes. There are no slower/faster pins. There are just lanes. A 4x slot has 4 lanes, and a 1x slot as 1 lane, and a 16x slot has 16 lanes. What you're talking about with "faster pins not being used" is something like a 16x slot with only 4 lanes wired. That behaves like a 4x slot, but lets you plug in physically larger cards. The missing 12 lanes aren't any faster than the 4 lanes that are wired, but obviously 4 lanes don't go as fast as 16 lanes. The other factor is PCIe generation. Each generation doubles the bandwidth, so a 1x PCIe v5 card with a supporting CPU is the same speed as a 16x PCIe v1 card. The interface runs at the maximum generation supported by both the card and the controller (located on the CPU these days). Most cards don't actually support recent generations - GPUs are the main ones that keep pace. I was talking about 10GbE NICs earlier, and if one supported a recent enough PCIe generation it could work fine in a 1x slot, but most use older generations and require a 4x slot or so. PCIe works fine if all the lanes aren't actually connected - you can plug a 16x GPU into a 1x riser, or a 1x slot that has an open notch on the end, and it will work fine. Though, in the latter case it will probably need physical support as the 16x slots have locks for large boards. The GPU will of course perform poorly with any kind of data transfer. > That confuses things. Anyway, mobo, which I > will likely change, CPU and memory is already adding up to about $600. If you're going to be spending THAT much on CPU+MB+RAM then I'd seriously look at how much moving to zen4 / AM5 costs. If you can get something cheap by going AM4 by all means do it, but if you aren't saving significant cash then you're buying into a much older platform. > I don't need much of a video card tho. Freeing up the 16x slot when you're so driven by PCIe requirements is a HUGE consideration here. > If someone knows of a good mobo, Gigabyte, ASUS preferred, that has > several PCIe slots, I'd like to know the model so I can check into it. I think you need to rethink your approach. Look, there is no reason you shouldn't be able to find a reasonably-priced motherboard that has lots of PCIe slots. If nothing else the manufacturer could stick a switch on the board, especially if you don't need PCIe v5 and don't mind the board switching the v5 lanes into a ton of v3-4 ones. However, nobody makes anything like that for consumers. There are chips out there that do some of that, but you'd have to custom-build something to use them. You really need to figure out how to get by with mostly 1x cards, and maybe 1-2 larger ones if you ditch the GPU. That is part of what drove me to distributed storage, and also using USB3 for large numbers of hard drives. PCs tend to have lots of unused USB3 capacity, and that works fine for spinning disks. It just looks ugly. (As a bonus the USB3 disks can often be obtained far cheaper.) -- Rich
Re: [gentoo-user] Computer case for new build
On Tuesday, 19 September 2023 10:43:02 BST Dale wrote: > Wols Lists wrote: > > On 19/09/2023 00:40, Dale wrote: > >>> I get it when you wanna do it your way because it always worked™ > >>> (which is > >>> not wrong — don’t misunderstand me) and perhaps you had some bad > >>> experience > >>> in the past. OTOH it’s a pricey component usually only needed by > >>> gamers and > >>> number crunchers. On-board graphics are just fine for Desktop and even > >>> (very) light gaming and they lower power draw considerably. Give it > >>> a swirl, > >>> maybe you like it. Both Intel and AMD work just fine with the kernel > >>> drivers. > >> > >> Well, for one, I usually upgrade the video card several times before I > >> upgrade the mobo. When it is built in, not a option. I think I'm on my > >> third in this rig. I also need multiple outputs, two at least. One for > >> monitor and one for TV. My little NAS box I'm currently using is a Dell > >> something. The video works but it has no GUI. At times during the boot > >> up process, things don't scroll up the screen. I may be missing a > >> setting somewhere but when it blanks out, it comes back with a different > >> resolution and font size. I figure it is blanking during the switch. > >> My Gentoo box doesn't do that. I can see the screen from BIOS all the > >> way to when it finishes booting and the GUI comes up. I'm one of those > >> who watches. > > > > Well, in my case I've only recently upgraded to a system where AGPUs > > are available :-) > > > > Plus, although I haven't got it working, I want multi-seat (at > > present, my system won't boot with two video cards). You can run > > multi-head off integrated graphics, but as far as I know linux > > requires one video card per seat. > > > > Oh, and to the best of my knowledge, you can combine a video card and > > an AGPU. > > > > Cheers, > > Wol > > I been on Newegg using their rig builder feature. Just to get rough > ideas, I picked a AMD Ryzen 9 5900X 12-Core 3.7 GHz Socket AM4. Yea, I > did a copy and paste. lol It's a bit pricey but compared to my current > rig, I think it will run circles around it. My current rig has a AMD FX > -8350 Eight-Core Processor running at 4GHz or so. You think I'll see > some speed improvement or am I on the wrong track? You should see a significant improvement. The 5900X boosts up to 4.9GHz and it has 24 threads. > I'm also shooting > for 64GBs of memory at first. I can put in two more sticks later. I > got 32GB right now. Thing is, I have 18 virtual desktops now. o_O > > My problem is the mobo. I need a few PCIe slots. Most just don't have > enough. Most have a slot for a video card. Then maybe 2 other slightly > slower ones and maybe one slow one. I can't recall what the names are > at the moment. I know the length of the connector tends to tell what > speed it is, tho some cheat and put long connectors but most of the > faster pins aren't used. That confuses things. Anyway, mobo, which I > will likely change, CPU and memory is already adding up to about $600. > I don't need much of a video card tho. The built in thing may be > enough, as long as I can connect my monitor and TV. Either one DB15 and > a HDMI or two HDMI will work. My monitor has both. TV is HDMI. Must > have TV!! > > If someone knows of a good mobo, Gigabyte, ASUS preferred, that has > several PCIe slots, I'd like to know the model so I can check into it. > It's doesn't have to be the latest thing either. I tend to drop down > several notches from the top to save money. I still end up with a > pretty nice rig and save some money. What you describe looks more like a workstation or server tower MoBo, rather than the current brood of retail MoBos which cater more for gaming. signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Controlling emerges
MAKEOPTS - for example I have a laptop that locks up (heat) on long compiles so reduce the number of jobs (rust and webgtk). The discussion asks about how to control emerge - appropriate per package -j and -l for the heavy packages should go a long way to doing what you want. On 19 September 2023 5:48:39 pm AWST, Peter Humphrey wrote: >(I assume this was addressed to me, though it was a reply to someone else.) > >On Tuesday, 19 September 2023 10:14:42 BST William Kenworthy wrote: >> That is where you set per package compiler parameters by overriding >> make.conf settings. > >And which make.conf setting might achieve what I want? Careful reading of the >make.conf man page hasn't revealed anything relevant. > >-- >Regards, >Peter. > > > > > >
Re: [gentoo-user] Controlling emerges
On Tue, Sep 19, 2023 at 5:48 AM Peter Humphrey wrote: > > On Tuesday, 19 September 2023 10:14:42 BST William Kenworthy wrote: > > That is where you set per package compiler parameters by overriding > > make.conf settings. > > And which make.conf setting might achieve what I want? Careful reading of the > make.conf man page hasn't revealed anything relevant. > There isn't one. At best there is -l which regulates jobs by system load, but there is nothing that takes into account RAM use. I just use package.env to limit jobs on packages that I know are RAM-hungry. Right now my list includes: calligra qtwebengine qtwebkit ceph nodejs passwdqc scipy pandas spidermonkey (It has been ages since I've pruned the list, and of course what is "too much RAM" will vary.) The other thing I will tweak is avoiding building in a tmpfs. Obviously anything that is RAM constrained is a good contender for not using a tmpfs, but there are also packages that just have really large build directories that otherwise don't need to much RAM when building. -- Rich
Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
On Tue, Sep 19, 2023 at 4:26 AM Michael wrote: > > On Tuesday, 19 September 2023 06:36:13 BST Dale wrote: > > Howdy, > > > A strong > password, like a strong door lock, buys you time. Hence the general > recommendation to change your passwords frequently. While that can help on websites, it is of no use for full disk encryption passwords - at least not without jumping through some big hoops. In order to crack your LUKS password somebody obviously needs to be able to read the encrypted contents of your disk. They cannot begin cracking it until they have a copy of the LUKS headers. However, once they do have it, they can make a copy and crack it at their leisure. If they manage to crack it, then it will give them the volume key. At that point if they were able to make a full copy of your disk they can read whatever was on it at the time. If they can make a fresh copy of your disk then changing the passphrase will not change the volume key, and so they'll be able to read what is currently on your disk. Changing the volume key would defeat this, but requires running cryptsetup-reencrypt which will take considerable time/CPU, though it sounds like it can be done online. > > In the real world tho, how do people reading this make passwords that no > > one could ever guess? You didn't ask this question, but I'll just note that most organizations don't use human-readable passwords to implement full disk encryption. The most commonly used solution is to use a TPM to measure the boot process and secure the disk encryption keys. If the system is booted normally, the bootloader can read the encryption keys from the TPM and can decrypt the disk without any user interaction (or even awareness it is happening). If the system is booted from alternative media, or the on-disk bootloader is tampered with, or even if the firmware is tampered with, then the TPM measurements will not agree with those used to store the key, and the TPM will not allow the keys to be read. This is how solutions like Bitlocker work. The components for this exist in the Linux world, but I'm not aware of any distro/etc actually implementing this with a pretty front-end, and there are obviously details that need to be carefully handled so that a bootloader or firmware update doesn't render your disk unreadable. Typically software implementations have ways to store "recovery keys" for these situations (just another copy of the disk key stored outside the TPM). > You can use gpg, or openssl, or app-admin/apg, or app-admin/pwgen, to generate > random enough strings to use as passwords. You might want to also consider app-admin/xkcdpass > > Also, I use cryptsetup luksFormat -s 512 ... to encrypt things. Is > > that 512 a good number? Can it be something different? I'd think since > > it is needed as a option, it can have different values and encrypt > > stronger or weaker. Is that the case? I've tried to find out but it > > seems everyone uses 512. If that is the only value, why make it a > > option? I figure it can have other values but how does that work? You can use a different size, but 512b is the recommended value for the default cipher. It is also the default I believe, so there isn't much point in passing it. Actually, I'd consider passing that parameter harmful unless you also specify the cipher. If in the future the default changes to some other cipher, perhaps 512b will no longer be appropriate, and you'll weaken it by specifying one and not the other. If you just want to trust the defaults, then trust the defaults. As to why 512b is the recommendation, that seems like it would require a LOT more reading. Apparently it is in an IEEE standard and I'd need to grok a lot more crypto to appreciate it. -- Rich
Re: [gentoo-user] Controlling emerges
(I assume this was addressed to me, though it was a reply to someone else.) On Tuesday, 19 September 2023 10:14:42 BST William Kenworthy wrote: > That is where you set per package compiler parameters by overriding > make.conf settings. And which make.conf setting might achieve what I want? Careful reading of the make.conf man page hasn't revealed anything relevant. -- Regards, Peter.
Re: [gentoo-user] Computer case for new build
Wols Lists wrote: > On 19/09/2023 00:40, Dale wrote: >>> I get it when you wanna do it your way because it always worked™ >>> (which is >>> not wrong — don’t misunderstand me) and perhaps you had some bad >>> experience >>> in the past. OTOH it’s a pricey component usually only needed by >>> gamers and >>> number crunchers. On-board graphics are just fine for Desktop and even >>> (very) light gaming and they lower power draw considerably. Give it >>> a swirl, >>> maybe you like it. Both Intel and AMD work just fine with the kernel >>> drivers. >> Well, for one, I usually upgrade the video card several times before I >> upgrade the mobo. When it is built in, not a option. I think I'm on my >> third in this rig. I also need multiple outputs, two at least. One for >> monitor and one for TV. My little NAS box I'm currently using is a Dell >> something. The video works but it has no GUI. At times during the boot >> up process, things don't scroll up the screen. I may be missing a >> setting somewhere but when it blanks out, it comes back with a different >> resolution and font size. I figure it is blanking during the switch. >> My Gentoo box doesn't do that. I can see the screen from BIOS all the >> way to when it finishes booting and the GUI comes up. I'm one of those >> who watches. >> > Well, in my case I've only recently upgraded to a system where AGPUs > are available :-) > > Plus, although I haven't got it working, I want multi-seat (at > present, my system won't boot with two video cards). You can run > multi-head off integrated graphics, but as far as I know linux > requires one video card per seat. > > Oh, and to the best of my knowledge, you can combine a video card and > an AGPU. > > Cheers, > Wol I been on Newegg using their rig builder feature. Just to get rough ideas, I picked a AMD Ryzen 9 5900X 12-Core 3.7 GHz Socket AM4. Yea, I did a copy and paste. lol It's a bit pricey but compared to my current rig, I think it will run circles around it. My current rig has a AMD FX -8350 Eight-Core Processor running at 4GHz or so. You think I'll see some speed improvement or am I on the wrong track? I'm also shooting for 64GBs of memory at first. I can put in two more sticks later. I got 32GB right now. Thing is, I have 18 virtual desktops now. o_O My problem is the mobo. I need a few PCIe slots. Most just don't have enough. Most have a slot for a video card. Then maybe 2 other slightly slower ones and maybe one slow one. I can't recall what the names are at the moment. I know the length of the connector tends to tell what speed it is, tho some cheat and put long connectors but most of the faster pins aren't used. That confuses things. Anyway, mobo, which I will likely change, CPU and memory is already adding up to about $600. I don't need much of a video card tho. The built in thing may be enough, as long as I can connect my monitor and TV. Either one DB15 and a HDMI or two HDMI will work. My monitor has both. TV is HDMI. Must have TV!! If someone knows of a good mobo, Gigabyte, ASUS preferred, that has several PCIe slots, I'd like to know the model so I can check into it. It's doesn't have to be the latest thing either. I tend to drop down several notches from the top to save money. I still end up with a pretty nice rig and save some money. I got to get a larger hard drive next month. After that, case. Then I start saving up to buy the other stuff. The big thing is the combo of mobo, CPU and memory. I like to get them at the same time and the same place. Just in case the smoke gets out. :/ Dale :-) :-)
Re: [gentoo-user] Controlling emerges
On Tue, 19 Sep 2023 17:14:42 +0800 William Kenworthy wrote: > That is where you set per package compiler parameters by overriding > make.conf settings. > > BillK > > I would argue, that per package compiler parameters is not what is needed, because in the example of chromium 99% of the compile time can be done with -j16 on my machine, but at a very short time I would need to run with -j1, because I otherwise run out of memory otherwise. In short: I want to run with as many jobs as I have cores, as long as I do not run out of memory, and when I run out of memory I want to run with as little jobs as possible until the pressure on the memory is gone. Then I want to continue with as many jobs as possible. And this is not something that make / ninja provide. They have a concept of global number of jobs, which in this concept must be set to the maximum number that your RAM can take at the very short period in time where you have a high watermark on your RAM, but that number would be at 99% of the compilation time way too low. FWIW, I have a hacky solution that I use privately, but I never published it anywhere, because it could break some builds, and at the moment I'm not ready to support it. Basically it tries to run with as many jobs as the number of CPU cores at all times. It watches memory pressure in the background and kills build jobs as soon as a high watermark is reached. At this point, make would normally exit, because a build job failed. However my hacky solution overrides the exec-family of system calls, and if a job fails, it is being retried exclusively, i.e. no other build job is allowed to run at the same time as the failed job. It fails ultimately, when the second and exclusive run fails too. This way, if the job failed only because of lack of memory, it will be retried exclusively and succeeds. If it failed due to a programming error, it will fail also the second time, and then the error is forwarded to make.
Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
another possibility is use of a dictionary. Find a word in dictionary note page column and line. Divide pages in dictionary by 2 and either add or subtract that number of pages to or from page word is found on then on the new page find the column and line for your actual password. Of course, you write the first word you looked up down as your password and not the second word you just found you use for your real password. -- Jude "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." Ed Howdershelt 1940. On Tue, 19 Sep 2023, hitachi303 wrote: > Am 19.09.23 um 07:36 schrieb Dale: > > Maybe even a example or two of a fake password, just something that you > > would come up with and how. > > > There was this TV series Sherlock. In one episode they communicated by numbers > where each number referred to a word in a book. This was somewhat also used in > a movie with Nicolas Cage where he is treasure hunting. > > For the passwords which matter this seems to be a quit good way. As long as > nobody guesses your book you can write down your passwords and look them up if > needed. Like 239/4 which would tell you to open page 239 and use word 4. Or > 239/4/3 -> page 239 line 4 word 3. > Then you start to make it difficult so that you don't just use words. Like > start with the first letter of the word than go backwards and use every second > letter until you habe 8 letters. Mix in a number for every third position. > You can change the rule as you like. Keep it always the same and you can look > your password up every time. In German there are quit a lot of capital letters > so just take them. > You can be creative as wild. Take a poem in middle age German and take only > the first an last letter from every line. Every third number from pi. Since > there is no pattern in pi this should be safe. > > Something like that. > >
Re: [gentoo-user] Controlling emerges
That is where you set per package compiler parameters by overriding make.conf settings. BillK On 19/9/23 17:09, Peter Humphrey wrote: On Monday, 18 September 2023 23:44:50 BST William Kenworthy wrote: per package env variables? https://wiki.gentoo.org/wiki//etc/portage/package.env Apropos of what?
Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
hitachi303 wrote: > Am 19.09.23 um 07:36 schrieb Dale: >> Maybe even a example or two of a fake password, just something that >> you would come up with and how. > > > There was this TV series Sherlock. In one episode they communicated by > numbers where each number referred to a word in a book. This was > somewhat also used in a movie with Nicolas Cage where he is treasure > hunting. > > For the passwords which matter this seems to be a quit good way. As > long as nobody guesses your book you can write down your passwords and > look them up if needed. Like 239/4 which would tell you to open page > 239 and use word 4. Or 239/4/3 -> page 239 line 4 word 3. > Then you start to make it difficult so that you don't just use words. > Like start with the first letter of the word than go backwards and use > every second letter until you habe 8 letters. Mix in a number for > every third position. > You can change the rule as you like. Keep it always the same and you > can look your password up every time. In German there are quit a lot > of capital letters so just take them. > You can be creative as wild. Take a poem in middle age German and take > only the first an last letter from every line. Every third number from > pi. Since there is no pattern in pi this should be safe. > > Something like that. > > I like the Sherlock stuff. Everything from the black and white versions, 1950's, to the TV series Elementary which is more recent. That is a idea but I currently come up with them from things I have or weird things I won't forget. Models of vehicles or some other thing I have and will have for a long time. Some are a little short but those password sites say they are good strong passwords. That's a interesting way to come up with passwords tho. I've seen that is a few whodunit type shows. Way back in the old days, they had some interesting ways of coding messages. Passwords are sort of similar. I'll have to give that some thought. It's not how I usually do it but it is interesting. Thanks. Dale :-) :-)
Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
I generate random passwords using dice. First and last characters in passwords are letters that's arbitrary buys more time. Those should have lengths over 13 and before the agency I used to work for went to smartcards and 256 character random passwords their last standard was 16 characters with minimum two symbols minimum two numbers minimum two upper-case and minimum two lower-case. No dictionary words or keyboard walking allowed. Firewall piercing with laptops got used regularly by state actors and there is a firewall-piercing-howto file on the internet for anyone interested. The remaining characters first got their sets chosen. A 1 on dice picked a number for that spot and a 6 picked a symbol. Two or 3 picked an upper-case and 4 or 5 picked a lower-case. Once the set spots got figured five dice got used for letters add the total and subtract 4 for the particular letter. three dice got used for symbols with a single dice roll of either odd for first 16 symbols or even single dice roll for second 16 symbols. Your choice as to put which 16 symbols in the even and odd sets those could be randomized. Numbers used two dice with 2 subtracted from total and a 2 rolled with the dice returned a 0. Slow and necessary to write worksheet down as dice rolling proceeded and password needed writing down on completion. Since I do most of my writing in braille I have a good encryption system I can encrypt further by using the old English braille instead of the American braille. American braille has dot arrangement 123 down left side of cell for reading and 4 5 6 down right side of cell for reading. English braille has 1 3 5 down the left side and 2 4 6 down the right side of the cell for reading. Those are dot number arrangements. Braille readers on this list I expect maybe only one other will understand what I just wrote. -- Jude "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." Ed Howdershelt 1940. On Tue, 19 Sep 2023, Michael wrote: > On Tuesday, 19 September 2023 06:36:13 BST Dale wrote: > > Howdy, > > > > As some know, I encrypt a lot of stuff here. I use passwords that I can > > recall but no one could ever guess. I don't use things that someone may > > figure out like pet's name or anything like that. I use a couple sites > > to see just how good my passwords are. I try to get into the millions > > of years at least. I have a couple that it claims is in the trillions > > of years to crack. I've read some things not to use like pet names and > > such. I've also read that one should use upper and lower case letters, > > symbols and such and I do that, especially on my stuff I never want to > > be cracked. Some stuff, when I'm dead, it's gone. > > As/when quantum computers development progresses, many/some passwords and > hashes will be cracked/brute forced (RSA encryption springs to mind). It is > best if you can think of any password as keeping your door and windows locked. > They will stop most opportunistic attempts, but not anyone who is determined > to break in. It is unlikely your passwords will stop state actors. A strong > password, like a strong door lock, buys you time. Hence the general > recommendation to change your passwords frequently. > > > > In the real world tho, how do people reading this make passwords that no > > one could ever guess? > > You can use gpg, or openssl, or app-admin/apg, or app-admin/pwgen, to generate > random enough strings to use as passwords. They will be difficult to guess, > but will be VERY difficult to remember. You'll have to store them offline > and/or protect them in turn with some master passphrase you can remember. > > As an example, you could choose characters/strings from the output stored in > file.txt, when you run: > > < /dev/random tr -dc "[:space:][:print:]" | head -c500 > file.txt > > > > I use Bitwarden to handle website passwords and > > it does a good job. I make up my own tho when encrypting drives. I'm > > not sure I can really use Bitwarden for that given it is a command line > > thing, well, in a script in my case. I doubt anyone would ever guess > > any of my passwords but how do people reading this do theirs? Just how > > far do you really go to make it secure? Obviously you shouldn't give up > > much detail but just some general ideas. Maybe even a example or two of > > a fake password, just something that you would come up with and how. > > > > This is the two sites I use. > > > > > > https://www.passwordmonster.com/ > > > > https://www.security.org/how-secure-is-my-password/ > > > > > > I have a password in the first one that shows this: > > > > > > It would take a computer about 63 thousand years to crack your password > > > > > > Second one says this. > > > > It would take a computer about 5 million years to crack your password > > > > Exact same password in both. Why such a large range to crack? > > I don't know why these guys come up with
Re: [gentoo-user] Controlling emerges
On Monday, 18 September 2023 23:44:50 BST William Kenworthy wrote: > per package env variables? > > https://wiki.gentoo.org/wiki//etc/portage/package.env Apropos of what? -- Regards, Peter.
Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
Am 19.09.23 um 07:36 schrieb Dale: Maybe even a example or two of a fake password, just something that you would come up with and how. There was this TV series Sherlock. In one episode they communicated by numbers where each number referred to a word in a book. This was somewhat also used in a movie with Nicolas Cage where he is treasure hunting. For the passwords which matter this seems to be a quit good way. As long as nobody guesses your book you can write down your passwords and look them up if needed. Like 239/4 which would tell you to open page 239 and use word 4. Or 239/4/3 -> page 239 line 4 word 3. Then you start to make it difficult so that you don't just use words. Like start with the first letter of the word than go backwards and use every second letter until you habe 8 letters. Mix in a number for every third position. You can change the rule as you like. Keep it always the same and you can look your password up every time. In German there are quit a lot of capital letters so just take them. You can be creative as wild. Take a poem in middle age German and take only the first an last letter from every line. Every third number from pi. Since there is no pattern in pi this should be safe. Something like that.
Re: [gentoo-user] Computer case for new build
On 18/09/2023 11:13, Frank Steinmetzger wrote: With so many drives, you should also include a pricey power supply. And/or a server board which supports staggered spin-up. Also, drives of the home NAS category (and consumer drives anyways) are only certified for operation in groups of up to 8-ish. Anything above and you sail in grey warranty waters. Higher-tier drives are specced for the vibrations of so many drives (at least I hope, because that’s what they™ tell us). Have you seen the article where somebody tests that? And yes, it's true. The more drives you have, the more you need damping. If all the drives move their heads together, the harder it is for them to home in on the correct track, to the point where you get the "perfect storm" of vibration causing them all to reset, go back to park, try again, and they are shaking so much none of them can find what they're looking for. To be honest, I kinda like the Fractal Design Define 7 XL right now despite the higher cost. I could make a NAS/backup box with it and I doubt I'd run out of drive space even if I started using RAID and mirrored everything, at a minimum. With 12 drives, I would go for parity RAID with two parity drives per six drives, not for a mirror. That way you get 2/3 storage efficiency vs. 1/2 and more robustness; in parity, any two drives may fail, but in a cluster of mirrors, only specific drives may fail (not two of the same mirror). If the drives are huge, nine drives with three parity drives may be even better (because rebuilds get scarier the bigger the drives get). One of my projects in my copious (not) free time was to try and implement raid-61. Like raid-10, you could spread it across any number of drives (subject to a minimum). You could lose any 4 drives which gives you a minimum of five (although with that few that would be the equivalent of a five-times mirror). Hey ho, I don't think that's going to happen now. Cheers, Wol
Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
On Tuesday, 19 September 2023 06:36:13 BST Dale wrote: > Howdy, > > As some know, I encrypt a lot of stuff here. I use passwords that I can > recall but no one could ever guess. I don't use things that someone may > figure out like pet's name or anything like that. I use a couple sites > to see just how good my passwords are. I try to get into the millions > of years at least. I have a couple that it claims is in the trillions > of years to crack. I've read some things not to use like pet names and > such. I've also read that one should use upper and lower case letters, > symbols and such and I do that, especially on my stuff I never want to > be cracked. Some stuff, when I'm dead, it's gone. As/when quantum computers development progresses, many/some passwords and hashes will be cracked/brute forced (RSA encryption springs to mind). It is best if you can think of any password as keeping your door and windows locked. They will stop most opportunistic attempts, but not anyone who is determined to break in. It is unlikely your passwords will stop state actors. A strong password, like a strong door lock, buys you time. Hence the general recommendation to change your passwords frequently. > In the real world tho, how do people reading this make passwords that no > one could ever guess? You can use gpg, or openssl, or app-admin/apg, or app-admin/pwgen, to generate random enough strings to use as passwords. They will be difficult to guess, but will be VERY difficult to remember. You'll have to store them offline and/or protect them in turn with some master passphrase you can remember. As an example, you could choose characters/strings from the output stored in file.txt, when you run: < /dev/random tr -dc "[:space:][:print:]" | head -c500 > file.txt > I use Bitwarden to handle website passwords and > it does a good job. I make up my own tho when encrypting drives. I'm > not sure I can really use Bitwarden for that given it is a command line > thing, well, in a script in my case. I doubt anyone would ever guess > any of my passwords but how do people reading this do theirs? Just how > far do you really go to make it secure? Obviously you shouldn't give up > much detail but just some general ideas. Maybe even a example or two of > a fake password, just something that you would come up with and how. > > This is the two sites I use. > > > https://www.passwordmonster.com/ > > https://www.security.org/how-secure-is-my-password/ > > > I have a password in the first one that shows this: > > > It would take a computer about 63 thousand years to crack your password > > > Second one says this. > > It would take a computer about 5 million years to crack your password > > Exact same password in both. Why such a large range to crack? I don't know why these guys come up with different years-equivalent strength, but I tend to treat such websites as suspicious. They are more likely to act as a honeypot to *record* your passwords, than provide you with truly meaningful information. I suppose you could use them to test an example of a password you would never use thereafter, but even this could reveal some underlying pattern in how you structure your passwords. > I tend > to use the first site to create a password. Then I test it in the > second site to sort of confirm it. If both say a long time, then I got > a fairly good one depending on what I'm protecting. Still, why such a > difference? One reason I use the first site, I can make it show the > password. The second site doesn't do that so editing it to improve > things is harder since you can't see it. The first site makes that easy > and gives me a idea of whether I'm on the right track. Second site > confirms it. I did contact the second site and ask for a button to show > the password. After all, no one is here but me. My windows are covered. > > Also, I use cryptsetup luksFormat -s 512 ... to encrypt things. Is > that 512 a good number? Can it be something different? I'd think since > it is needed as a option, it can have different values and encrypt > stronger or weaker. Is that the case? I've tried to find out but it > seems everyone uses 512. If that is the only value, why make it a > option? I figure it can have other values but how does that work? The size of key options depend on the block cipher. A larger key size tends to be stronger, but its processing slower. Embedded devices without hardware accelerated crypto could struggle with larger key sizes. > Heck, a link to some good info on that would be good. :-) https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/FAQ.md https://gitlab.com/cryptsetup/cryptsetup/wikis/LUKS-standard/on-disk-format.pdf https://wiki.archlinux.org/title/Data-at-rest_encryption signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Computer case for new build
Am Tue, Sep 19, 2023 at 01:01:42AM -0500 schrieb Dale: > They have added a lot of stuff to mobos since I bought one about a > decade ago. Maybe things have improved. I just like PCIe slots and > cards. Gives me more options. I definitely know the feeling. That is why I went with µATX instead of ITX nine years ago. I thought “now that I have a beefy machine, I could get a sound card and start music production” and stuff like that. It never happened. Aside from an entry-level GPU for some gaming (which broke two years ago, so I am back on Intel since then) I never used any of my slots. But in the end, they are — as you say yourself — options, not necessities. > Given how things have changed tho, I may > have to give in on some things. I just like my mobos to be like Linux. > Have something do one thing and do it well. When needed, change that > thing. ;-) Over the past years, boards tend to do less and less by themselves. It’s all been migrated into the CPU; voltage regulation, basic graphics, memory controller, lots of I/O. The chipset (at least in AMD land, I’ve been out of touch with Intel for a while now) basically determines the amount of *additional* I/O. The Deskmini X300 mini-PC that I mentioned earlier actually has no chipset on its board, everything is done by the CPU. What irks me is again market segmentation. Even though Ryzen CPUs have the capability of 10 Gbps USB 3.1 Gen 2 built-in, the low-end boards do not route that out, not even at least one. -- Grüße | Greetings | Qapla’ Please do not share anything from, with or about me on any social network. The only thing that makes some people bearable is their absence. signature.asc Description: PGP signature
Re: [gentoo-user] Computer case for new build
On 18/09/2023 12:16, Rich Freeman wrote: This is part of why I like storage implementations that have more robustness built into the software. Granted, it is still only as good as your clients, but with distributed storage I really don't want to be paying for ECC on all of my nodes. If the client calculates a checksum and it remains independent of the data, then any RAM corruption should be detectable as a mismatch (that of course assumes the checksum is preserved and not re-calculated at any point). Which is why I run raid-5 over dm-integrity. I'm not sure it's that stable :-( :-( but it means any disk corruption will get picked up at the integrity level, and raid-5 will just get a read error which will trigger a parity recalc without data loss. Cheers, Wol
Re: [gentoo-user] Computer case for new build
On 19/09/2023 00:40, Dale wrote: I get it when you wanna do it your way because it always worked™ (which is not wrong — don’t misunderstand me) and perhaps you had some bad experience in the past. OTOH it’s a pricey component usually only needed by gamers and number crunchers. On-board graphics are just fine for Desktop and even (very) light gaming and they lower power draw considerably. Give it a swirl, maybe you like it. Both Intel and AMD work just fine with the kernel drivers. Well, for one, I usually upgrade the video card several times before I upgrade the mobo. When it is built in, not a option. I think I'm on my third in this rig. I also need multiple outputs, two at least. One for monitor and one for TV. My little NAS box I'm currently using is a Dell something. The video works but it has no GUI. At times during the boot up process, things don't scroll up the screen. I may be missing a setting somewhere but when it blanks out, it comes back with a different resolution and font size. I figure it is blanking during the switch. My Gentoo box doesn't do that. I can see the screen from BIOS all the way to when it finishes booting and the GUI comes up. I'm one of those who watches. Well, in my case I've only recently upgraded to a system where AGPUs are available :-) Plus, although I haven't got it working, I want multi-seat (at present, my system won't boot with two video cards). You can run multi-head off integrated graphics, but as far as I know linux requires one video card per seat. Oh, and to the best of my knowledge, you can combine a video card and an AGPU. Cheers, Wol
Re: [gentoo-user] Computer case for new build
On a previous computer, I had an Alien ATX case. The one drawback with that case was only one drive slot for a DVD drive. I prefer computer cases with a few more than that so internal drive sleds can be installed. When onboard cards break, if you have spare pci slots available and spare cash you can replace those broken onboard cards with alternatives if you can redirect the motherboards to use your replacement cards. -- Jude "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." Ed Howdershelt 1940. On Tue, 19 Sep 2023, Dale wrote: > Frank Steinmetzger wrote: > > Am Mon, Sep 18, 2023 at 06:40:52PM -0500 schrieb Dale: > > > I tend to need quite a few PCIe slots. I like to have my own video > card. I never liked the built in ones. > >>> You’re just asking to be asked. ;-) Why don’t you like them? (I fear I may > >>> have asked that before). > >>> > >>> I get it when you wanna do it your way because it always worked™ (which is > >>> not wrong — don’t misunderstand me) and perhaps you had some bad > >>> experience > >>> in the past. OTOH it’s a pricey component usually only needed by gamers > >>> and > >>> number crunchers. On-board graphics are just fine for Desktop and even > >>> (very) light gaming and they lower power draw considerably. Give it a > >>> swirl, > >>> maybe you like it. :) Both Intel and AMD work just fine with the kernel > >>> drivers. > >> Well, for one, I usually upgrade the video card several times before I > >> upgrade the mobo. When it is built in, not a option. I think I'm on my > >> third in this rig. > >> > >> I also need multiple outputs, two at least. > > That is not a problem with iGPUs. The only thing to consider is the type of > > video connectors on the board. Most have two classical ones, some three, > > divided among HDMI and DP. And the fancy ones use USB-C with DisplayPort > > alternative mode. Also, dGPUs draw a lot more when using two displays. > > > > They have added a lot of stuff to mobos since I bought one about a > decade ago. Maybe things have improved. I just like PCIe slots and > cards. Gives me more options. Given how things have changed tho, I may > have to give in on some things. I just like my mobos to be like Linux. > Have something do one thing and do it well. When needed, change that > thing. ;-) > > > >> One for > >> monitor and one for TV. My little NAS box I'm currently using is a Dell > >> something. The video works but it has no GUI. At times during the boot > >> up process, things don't scroll up the screen. I may be missing a > >> setting somewhere but when it blanks out, it comes back with a different > >> resolution and font size. > > In case you use Grub, it has an option to keep the UEFI video mode. > > So there would be no switching if UEFI already starts with the proper > > resolution. > > That rig is old. Maybe 10 or 15 years old. No UEFI on it. Does use > grub tho. I duckduckgo'd it and changed some settings but last time I > booted, it did all that blinky, blank stuff. Sometimes, I wonder if it > is hung up or crashed. Then it pops up again and lets me know it is > still booting. Eventually, I'll remove the monitor completely. Then it > either boots up or it doesn't. I just ssh in, decrypt the drives, then > mount from my main rig and start my backups. I might add, this new > setup with LVM, the backups started at about the end of a previous > thread last Wednesday I think. It's still copying data to the new > backup. It's up the files starting with a "M". The ones starting with > "The" is pretty big. It's gonna take a while. Poor drives. o_O > > > >> My Gentoo box doesn't do that. I can see the screen from BIOS all the > >> way to when it finishes booting and the GUI comes up. I'm one of those > >> who watches. ;-) > > Yeah, and it’s neat if there is no flickering or blanking. So modern and > > clean. > > > Figure the case is a > good place to start. Mobo, CPU and such next. Figure mobo will pick > memory for me since usually only one or two will work anyway. > >>> One or two what? > >> One or two types of memory. Usually, plain or ECC. Mobos usually are > >> usually pretty picky on their memory. > > Hm… while I haven’t used that many different components in my life, so far > > I have not had a system not accept any RAM. Just stick to the big names, I > > guess. > > I think one of my rigs uses DDR, I think my main rig is DDR3. I noticed > they are up to DDR5 now. What I meant was if a mobo requires DDR4, that > is usually all it will take. Nothing else will work. Whatever the mobo > requires is what you use, just pick a good brand as you say. > > > Since no one mentioned a better case, that Define thing may end up being > it. That Gamemax is cheaper but a lot less drive capacity. Heck, when > I bought my current case, which has space for five 3.5" and six 5 1/4" > drives, I
Re: [gentoo-user] Computer case for new build
Frank Steinmetzger wrote: > Am Mon, Sep 18, 2023 at 06:40:52PM -0500 schrieb Dale: > I tend to need quite a few PCIe slots. I like to have my own video card. I never liked the built in ones. >>> You’re just asking to be asked. ;-) Why don’t you like them? (I fear I may >>> have asked that before). >>> >>> I get it when you wanna do it your way because it always worked™ (which is >>> not wrong — don’t misunderstand me) and perhaps you had some bad experience >>> in the past. OTOH it’s a pricey component usually only needed by gamers and >>> number crunchers. On-board graphics are just fine for Desktop and even >>> (very) light gaming and they lower power draw considerably. Give it a >>> swirl, >>> maybe you like it. :) Both Intel and AMD work just fine with the kernel >>> drivers. >> Well, for one, I usually upgrade the video card several times before I >> upgrade the mobo. When it is built in, not a option. I think I'm on my >> third in this rig. >> >> I also need multiple outputs, two at least. > That is not a problem with iGPUs. The only thing to consider is the type of > video connectors on the board. Most have two classical ones, some three, > divided among HDMI and DP. And the fancy ones use USB-C with DisplayPort > alternative mode. Also, dGPUs draw a lot more when using two displays. > They have added a lot of stuff to mobos since I bought one about a decade ago. Maybe things have improved. I just like PCIe slots and cards. Gives me more options. Given how things have changed tho, I may have to give in on some things. I just like my mobos to be like Linux. Have something do one thing and do it well. When needed, change that thing. ;-) >> One for >> monitor and one for TV. My little NAS box I'm currently using is a Dell >> something. The video works but it has no GUI. At times during the boot >> up process, things don't scroll up the screen. I may be missing a >> setting somewhere but when it blanks out, it comes back with a different >> resolution and font size. > In case you use Grub, it has an option to keep the UEFI video mode. > So there would be no switching if UEFI already starts with the proper > resolution. That rig is old. Maybe 10 or 15 years old. No UEFI on it. Does use grub tho. I duckduckgo'd it and changed some settings but last time I booted, it did all that blinky, blank stuff. Sometimes, I wonder if it is hung up or crashed. Then it pops up again and lets me know it is still booting. Eventually, I'll remove the monitor completely. Then it either boots up or it doesn't. I just ssh in, decrypt the drives, then mount from my main rig and start my backups. I might add, this new setup with LVM, the backups started at about the end of a previous thread last Wednesday I think. It's still copying data to the new backup. It's up the files starting with a "M". The ones starting with "The" is pretty big. It's gonna take a while. Poor drives. o_O >> My Gentoo box doesn't do that. I can see the screen from BIOS all the >> way to when it finishes booting and the GUI comes up. I'm one of those >> who watches. ;-) > Yeah, and it’s neat if there is no flickering or blanking. So modern and > clean. > Figure the case is a good place to start. Mobo, CPU and such next. Figure mobo will pick memory for me since usually only one or two will work anyway. >>> One or two what? >> One or two types of memory. Usually, plain or ECC. Mobos usually are >> usually pretty picky on their memory. > Hm… while I haven’t used that many different components in my life, so far > I have not had a system not accept any RAM. Just stick to the big names, I > guess. I think one of my rigs uses DDR, I think my main rig is DDR3. I noticed they are up to DDR5 now. What I meant was if a mobo requires DDR4, that is usually all it will take. Nothing else will work. Whatever the mobo requires is what you use, just pick a good brand as you say. Since no one mentioned a better case, that Define thing may end up being it. That Gamemax is cheaper but a lot less drive capacity. Heck, when I bought my current case, which has space for five 3.5" and six 5 1/4" drives, I thought I'd never fill up just the 3.5" ones. Now, the 3.5" ones have been full for a while and the 5 1/4" are about full too. >>> Full with ODDs? Or drive cages? You can get 3×3.5″ cages which install into > ^ > > That should have been 5×3.5″. Too many threes and fives floatin’ around in > my head and it’s getting late. > Honestly, I read it the way you meant it. lol I've got about three different kinds in my wish list. Eventually, I'll take the side off and see which one will work. I also found one that I think can be used as a external case. It has a fan, power plug and eSATA connectors. I think it holds five drives. If I get that, I just may scrap the setup I currently have and have one
