Just, a command runner written in Rust

Just lets you save and run commands from files with a terse, readable syntax similar to Make:

build:
cc *.c -o main

# test everything
test-all: build
./test --all

# run a specific test
test TEST: build
./test --test {{TEST}}

It is cross-platform, written in Rust, and actively maintained on GitHub:

https://github.com/casey/just/

Just has a bunch of nice features:

- Can be invoked from any subdirectory
- Arguments can be passed from the command line
- Static error checking that catches syntax errors and typos
- Excellent error messages with source context
- The ability to list recipes from the command line
- Recipes can be written in any language
- Works on Linux, macOS, and Windows
- And much more!

Just doesn't replace Make, or any other build system, but it does replace reverse-searching your command history, telling colleagues the weird flags they need to pass to do the thing, and forgetting how to run old projects.

https://redd.it/ljdcki
@r_linux

Best and Easiest way(s) to Secure OpenSSH authentication on your personal systems.

There are two ways that I like nowadays and both of them involve 2FA and hardware keys. Specifically Yubikey in my case, but other ones will probably work as well.

The traditional approach to securing OpenSSH authorization involves several approaches:

Traditional SSH Keys - A very good and robust approach for managing access on personal systems. In large organizations the problem of key management is hairier then it seems at first glance.
SSH Keys signed with OpenSSH built-in CA support \- A intermediate approach that most people are unaware of that are a good match for many businesses and other organizations. With this approach you are using SSH keys that are signed by a CA. This way you can do things like revoke system access quickly in case of a compromise.
Kerberos - A great approach if you are using AD or FreeIPA already. But the overhead of managing it is pretty high and relatively minor issues with network configurations can cause massive headaches, which makes it detrimental for personal use.

So for personal use just old fashioned SSH keys are the way to go. However We can make OpenSSH auth even more secure with hardware tokens.

Now the older way to do it is to enable 2FA using OTP (one time password) approach. This generally involves adding additional login requirements in the form of PAM modules. This is going to be the most common search result as it's been in use for years now. It can take advantage of your own TOTP infrastructure or tie into Google's or other providers. This is fine, but I really despise working with PAM. If I can use something OpenSSH supports natively then that is the way to go, IMO. Especially when you can avoid additional infrastructure dependencies.

The two "new" ways I have discovered as of late are:

1. Take advantage of OpenPGP/Smartcard support available on some hardware cards. Most notable Yubikey 5 series, but there are others. With this approach you use GPG and gpg-agent to manage your private keys. Access is protected by a card PIN (can be up to 127 ascii characters).
2. Take advantage of FIDO2. Since version 8.2 OpenSSH has supported FIDO2 authentication natively. Which is freaking fantastic. You should use a password encrypted private key for additional security. Make it more 2FA-ish.

Pros of OpenPGP/Smart card approach:

Can work with older versions of OpenSSH
gpg-agent support is built into proper Linux desktops
All the private keys are managed via hardware token.
Can use hardware token with a wide variety of other software.
More single-sign-on-like You don't have to keep fingering your key for things like ansible.

Cons:

A lot of hardware tokens don't have OpenPGP/Smartcard support.
Can be a pain to migrate secured (password disable) systems from old key to GPG key. You end up doing things like running one shell with SSH_AUTH_SOCK ssh-agent and another with gpg-agent, or setting up aliases to help copy over new keys and remove old ones.
A lot of work is required to setup your card. Need to setup subkeys and such things.
You really need to have a second hardware key as backup in case your main key gets lost or damaged.
By default gpg deletes private keys from your \~/.gnupg keyring after copying to the card, so you have to back up your keyring prior to that if you want to have backups.
Need to configure ssh client to look to gpg-agent instead of ssh-agent.
Can't use cool ed25519 keys.

Pros of FIDO2 approach:

Minimal additional configuration. Pretty much all you need to do is use ssh-keygen. It's exceptionally easy to setup.
ssh-agent is integrated by default in decent Linux desktops.
Uses separate encrypted private key (recommended) for additional password protection.
easy migration to new keys.
Fido2 works well with many websites.

Cons:

Can't backup your hardware token. You need a second token if you want backup.
If you want backup token you have two sets of keys to

manage.
Need to finger the device for each SSH usage (can mitigate with OpenSSH [ControlMaster](https://ldpreload.com/blog/ssh-control) feature. May not be true for all hardware tokens.
Needs very new (>8.2) version of OpenSSH to work. So no-go on LTS installs like vanilla CentOS 8.

As you can see the Fido2 approach is the slicker and newer of the two approaches. Probably slightly more secure as well.

​

With the FIDO2 all you have to do is:

1. Purchase a hardware token that has U2F/FIDO2 support.
2. Setup the FIDO2 PIN (recommended) (for yubikey use yubiky-manager command "ykman set-pin")
3. And then run ssh-keygen:

​

ssh-keygen -C "nice name for key here" -t ed25519-sk -O resident -f ~/.ssh/mynewkey

And it should prompt you for your fido2 pin and that's it. You can begin copying around the key with ssh-copy-id.

​

If you do get a hardware token and it does have OpenPGP support then you really are going to want to use it for other stuff. It can tie into Pass password store, secure communication with email and other protocols and a whole bunch of other stuff. If you are already doing that stuff adding OpenSSH support is fairly trivial.

The approach to properly setting up OpenPGP support using GNUPG is significantly more involved. The best guide I know of is this one:

Dr. duh's YubiKey-Guide

He has you go full-paranoid with offline encrypted creation and backup of the keys among other things. Highly recommended. If you are doing it you might as well do it right.

After that you just need to make sure that you have "enable-ssh-support" set in your \~/.gnupg/gpg-agent.conf. (maybe restart your gpg-agent or log out and log back in, whatever works best for you).

And then tell OpenSSH to use the gpg-agent socket. Set the equivalent of

export SSHAUTHSOCK=$(gpgconf --list-dirs agent-ssh-socket)

If your .bashrc or whatever is appropriate for your setup.

After that you can run:

ssh-add -L

to list your public key. Which then you can copy around manually. Or just use ssh-copy-id, it'll do the right thing even though there is no pub file in \~/.ssh for it.

​

After that then pick a standard OpenSSH hardening guide. All the same things apply. Just don't go nuts. No need to make it easy to trivially trigger a denial of service on yourself using silly things like fail2ban. Remember with passwords disabled brute force attacks are worthless. Failed logins are just OpenSSH doing it's job and are about as interesting as logging pings. Successful logins are what you should be monitoring for and be paranoid about!

In /etc/ssh/sshd_config do things like:

PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no

​

https://redd.it/ljd9rl
@r_linux

code-connect: Open files in VS Code over remote terminal connections

I put this little thing together out of frustration while working with remote machines via SSH.

My usual workflow consists of connecting to a remote machine via SSH using my favorite terminal. Whenever I need to open a file in this terminal session, I can't simply run code nginx.conf as that would open a VS Code window on the remote machine. But I want to display the file in my local editor window without having to set up X11 or VNC. So I'm stuck with vim. Oof.

When using VS Code to establish a remote SSH session, the above works like a charm using the integrated terminal. The same goes for WSL sessions. Again, for other terminal sessions, this is not the case.

So I looked closer at how VS Code communicates between remote and client and came up with a repo based on an answer on StackOverflow. If you're interested in how it works, I've written a small summary in the README.

Meet code-connect

All you need to do is to source a noscript in your .bashrc. Run code-connect to find an open IPC socket and a corresponding code binary, which is now available in your shell session. You're now free to run code . anywhere on your remote machine to attach to your locally running VS Code window!

Users of the fish shell also get the easy option to install through a plugin.

https://github.com/chvolkmann/code-connect

Hope it's helpful to you guys, comments and feedback are welcome!

https://redd.it/ljfl3d
@r_linux

Possible to share GPU (Nvidia) between QEMU (Windows Guest; HDMI output) and docker containers?

I've been using my Nvidia GPU with docker without any problems (ie. nvidia-docker container/runtime) but I'd like to add a virtual Windows OS (ie. QEMU) to my host (Debian 10.8).

Is it possible to share one GPU between docker and QEMU?

Example:

Docker -> FFMPEG -> Transcoding
Docker -> Plex -> Transcoding
QEMU -> Windows 10 Guest OS -> (Gaming) -> HDMI output

https://redd.it/ljh5np
@r_linux

Microsoft Edge browser on linux

I heard new Microsoft Edge is better than Chrome. Is it true what i am reading. I thought Internet Explorer and Edge are same so i havent used it yet. How useful is it for web developers? Is it any better than remaining like firefox and chrome

https://redd.it/ljep15
@r_linux

fun nonsense = fortune + dadadodo

Somewhere in a distro's repositories there'll be the ancient games package(s), containing the fairly well known fortune and the slightly less well known dadadodo.

fortune pulls witty, silly, stupid and/or downright thought provoking things from a database. dadadodo is designed to take text and uses Markov chains to turn it into new text, which probably doesn't make any sense, but occasionally hits fortune levels of thought-provocation with a good input text.

Tennis between thoughts and slow cogs turning:

$ dadadodo -o ~/.fortunes.dadadodo <(fortunes -m .)

i.e. output a personal (~/ is home directory) database of fortune text from all fortunes (matching any character - regexp .) for later re-use

$ alias dddd='dadadodo -l ~/.fortunes.dadadodo -c $((1+RANDOM%3))'

i.e. set up an alias to run dadadodo using the aforementioned database with an output count of between 1 and 3 paragraphs at RANDOM.

Now when I run dddd I get odd nonsense such as:

The day! A is the Computer showed the soft Ritz: cracker?

You ever come in a crime or what's So that When your car you get
a Teddywookie: CSA, there must unintelligible chimeras, then
we're, one to remain then disappears.

etc.

https://redd.it/ljkzuo
@r_linux

Free Software - It's about much more than zero cost
https://blog.documentfoundation.org/blog/2021/02/14/free-software-its-about-much-more-than-zero-cost/

https://redd.it/ljldnb
@r_linux

Console like OS

What is the best console like linux distro. I'm new and would like to install linux in my old laptop. I heard that linux runs fast on old hardwares and i want to turn it into something like a portable console.

https://redd.it/ljmejc
@r_linux

Scaling with xrandr

Hello,

I am having trouble scaling my screen with xrandr to 200% without losing quality.

I am currently using the command xrandr --ouput eDP-1 --auto --scale 0.5x0.5 however the quality sucks. If anyone knows how to fix this please do let me know!

https://redd.it/ljnzlc
@r_linux

Introducing yabridge 3.0, with the first ever Linux <-> Windows VST3 plugin bridge

yabridge is a modern and transparent way to use Windows VST2 and VST3 plugins on Linux as if they were native Linux VST2 and VST3 plugins. VST2 and VST3 are the two most widely used standards for audio processing plugins.

I'm very proud to finally announce yabridge 3.0! I've spent the last few months working on adding support for VST3 plugins to yabridge. With this release yabridge now supports the entire VST 3.7.1 specification. This proved to be an interesting challenge since true VST3 plugin bridging had not been done before, but in the end I'm very happy with the results. If you're interested then you can read about some of the design decisions in the architecture document. Outside of supporting several new features that aren't supported by VST2, VST3 plugins running under yabridge also tend to be much more efficient than their VST2 counterparts because of the way VST3's audio processing works. And sicne new developers are not allowed to create commercial VST2 plugins anymore because of the licensing, robust VST3 plugin bridging seemed like a logical next step for improving the pro audio experience on Linux.

Outside of VST3 support and a number of other improvements, fixes, and new configuration options, I've also spend a lot of time optimizing the editor experience even further. Resizing windows should be more responsive with these changes, and closing windows is now deferred meaning that closing and switching between editors in some DAWs is much faster now. Yabridge now also changes realtime scheduling policies on the fly to minimize the risk that expensive GUI operations interfere with audio processing. This should get rid of any potential xruns when opening and interacting with plugin editors for certain plugins that do a lot of heavy computations there. There are a lot more editor related changes outside of this including a frame rate limiting option, a way to used Wine's own XEmbed implementation and an option to forcefully enable drag-and-drop in REAPER.

A full changelog with an exhaustive list of changes, improvements and fixes can be found here:

https://github.com/robbert-vdh/yabridge/releases

https://redd.it/ljp2vd
@r_linux

Malware in default repositories - is it possible?

I was using many distributions recently. I started wondering, how high is risk of getting malware from default repositories. Can I assume that I can download completely random packages from default Arch, Debian or Fedora repositories, and I should be safe? I believe only trusted packages should be present in default repositories. But i guess it might be different from distro to distro. I'm usually using only out of the box settings for repositories, or I'm adding only trusted ones like repo listed on official Visual Studio Code WWW.

https://redd.it/ljq8r5
@r_linux

What are some of the best books to learn the Linux Operating System?

I’ve been wanting to learn the linux operating system for quite some time now but don’t know exactly where to start. I have been looking at a few books but not sure which one is well worth the money for a complete beginner. Anyone have any recommendations?

https://redd.it/ljsrlu
@r_linux

Switch to Linux

Hello Guys!

I'am kinda new to the Linux Platform and I want to make a switch.

My Question is: If I buy a laptop that has Windows pre Installed on it, and i install let's say Ubuntu for example. Are all the necessary drivers in the new Install (The Distro grabs it automatically) or do I need to get them somewhere else, like the Manufacturers website.

https://redd.it/ljuwx7
@r_linux

The Kate Text Editor - Valentine's Day 2021
https://kate-editor.org/post/2021/2021-02-14-kate-valentines-day/

https://redd.it/ljvi53
@r_linux

My experience with cloud storage services

I want to share my experience. When I moved to Linux for job (I'm an artist and know linux for a long time, but previously I've used linux just for fun purposes) I've faced a problem: noone of most popular cloud services works properly/or being hard to configure (for example: google drive can't deal with my 100gb backup of artworks and settings from scratch on fresh install). So I found an application named koofr (from Slovenia, servers based in Switzerland) that have native linux client. It works good for 2 years for me.
I'll be happy if this helps somebody with the same problems.

https://redd.it/ljws8s
@r_linux

Canon Pixma MG2522 is fully compatible with Zorin OS

Both print AND scan are working, just struggling to get the ink cartridges clean. Hooked up automatically with usb cord without having to install any drivers. Will have to get some more ink (I may have to order online). Had problems with the hp scanner not working - which is mainly what I need it for. Just wanted to share the good news for anyone who needs it! Picked it up from the Goodwill for $6. Imagine that! I needed to use my own cord but I guess I got lucky I had one that worked :)

https://redd.it/ljwbgj
@r_linux

The 5.11 kernel is out
https://lwn.net/Articles/846113/

https://redd.it/ljzl92
@r_linux

What's biometrics support like in 2021?

Hey all, I'm at a point where I'm getting a new laptop and I'm while I used to be a heavy linux user, I've been on macos for the last 5 years. I've come to really love the finger print reader unlocks for macos and I'm curious what the biometrics user interface is like these days. I assume there a a bunch of gotcha's depending on driver support, but assuming a well supported device does it "just work"? ie. Does gnome have login support? Keychain support? etc...

Edit: Also how is the general driver situation for the "windows 10 hello" branded usb devices?

https://redd.it/lk1w0u
@r_linux

No need of Alexa, Siri, Cortana. I am happy with my Tuxi. A simple bash noscript I wrote to get answer of Any Question Instantly on my Terminal.

So I did some web scraping of google to create this simple but smart bash noscript which allow you to search almost any question from your terminal instantly and it's highly accurate/reliable. It look for multiple places of google search results.

Link - https://github.com/Bugswriter/tuxi (Video Explanation)

# How it Looks? (alternative demo video) -

Usage : tuxi <almost any question> (quotations are optional)

$ tuxi linus torvalds birthday
28 December 1969

$ tuxi fastest animal in the world
peregrine falcon

$ Does Choclate increase fat
> u mean Chocolate?
Also, chocolate is high in sugar and saturated fat. It is a high-energy (high calorie) food, and too much can result in excess weight, a risk factor for cardiovascular disease.

$ tuxi "what is unix?"
Unix is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, development starting in the 1970s at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and others.

$ tuxi best games of 2009
Batman: Arkham Asylum
Uncharted 2: Among Thieves
Call of Duty: Modern Warfare 2
Grand Theft Auto: Chinatown Wars

# Cool Features -

When you type something wrong program will say this before answer -

&#8203;

> u mean <correction of your mistake>

When you search some kind of list like - "The Social network cast". You will get a list view like this \-

&#8203;

Jesse Eisenberg
Andrew Garfield
Justin Timberlake
Armie Hammer
Aaron Sorkin
<Usually list is longer than this>

If you ask one word question like "Who was the first lady programmer?" You will get one word answer. Because Scraping is done with priority and one word answer is in top priority.

# Integrate this with espeak and dmenu -

Convert your response text into speech -

$ tuxi "$(echo "" | dmenu -p "ask tuxi")" | espeak -s 150

# PS -

I tested this program whole day ..it's highly accurate and reliable. Also I think it's very useful.. You can google stuff without GUI. No need to open browser. You can make noscripts. Good for kids.

I know it cannot replace Siri or Alexa. But for me it's magic.

https://redd.it/lk1il3
@r_linux

Any former iOS users --> Zorin OS users out there?

I'm considering switching an old iMac to a new operating system since it's no longer eligible for Mac os upgrades. I'm wondering what everyone thinks of Zorin OS (specifically if you're using it on a Mac). Also, if you suggest something different from Zorin please let me know. Windows 10 is not an option because the iMac I'm working with is late 2011. Thanks everyone!

https://redd.it/lk44eb
@r_linux