Blog Home :: Videos :: All Posts :: Tags :: RSS :: IMG :: About :: Test :: Gift 4 You ::

Linux Containers Success!

Greetings people of spaaace! There's a moth flying around space here too right now. I am glad to announce a first time major success with LXC containers! I finally had the patience to get down to dealing with, at the beginning, such an amount of debugging required and pull through. Thing is? I didn't watch a single video, I didn't do a single course online, I didn't even get any first hand advice or help! I simply forged my way through it. So I thought I would document here some of the key parts of what I discovered were things LXC needs for Debian 12.

Also, it's worth mentioning that this summer has been going really well for advanced Linux system administration, for me. Previously, suppose it was last week, I had gotten a SELinux Debian 12 VM configured well enough to launch to a new cloud platform. I struggled with a new one, it was Kamatera.com, and they honestly were not great. Their image init system rekt my SELinux user contexts I had setup for UID 1000, first unprivileged user, otherwise the sysadmin_r. I ended up paying off my balance with Digital Ocean. Yea, these guys effortlessly, programmatically, without intervention took my Debian 12 SELinux VM and made it a server. However I ultimately didn't go with it, because it still required a LOT of work and when you upload your own image you don't get automatically ipv6. It was going to be far too much work to do.

So anyways, about LXC I discovered a number of new concepts, or concepts in more depth, such as Control Groups, as part of the Linux kernel. With this came the need to understand SUBUID/SUBGID (man 5 subuid). With this concept also comes namespaces (man 7 namespaces). Included in these things to learn I've learned a bunch of new Linux concepts and commands, which to me was very cool and a bit exciting as it's been quite a long time since I've bothered my OS in such depth 😁

One drawback about LXC is that often if you change something serious enough you might have to reboot your host. This is aggravating to do on this public web facing server, when there's folks chatting on xmpp://wwan@muc.xmpp.packets.cc, but I got it done. I found that apparmor, which is Debian's default (and crap imo) LSM (linux security module), tended to cause problems, so I recommend you get apparmor configured totally, even before you work with LXC. One of the biggest gains with my efforts was configuring unprivileged containers, meaning, having my own $USER be able to use and work all the lxc-* commands, and also stash the rootfs for each container in ~/.local/share/lxc/{name}/{config,rootfs}. I sought after this because on this invaluably resourceful page it says that LXC containers get basically no security benefits from being started under root user. I took this very seriously.

I'll let you know of a very hard to find bit of information, and I'll be happy to put it here for my own future reference, but something confuses the Debian kernel or somesuch where cgroup version 1 is what it prefers, otherwise it COMPLETELY ruins LXC, and I wasn't really able to find anything that stood out, and came across a forum page where somebody asked for help, and the one line of that whole page that matters incredibly is to put systemd.unified_cgroup_hierarchy=0 in GRUB_CMDLINE_LINUX_DEFAULT="", then ofc run update-grub and reboot. What this does is disable cgroups v2, where the heirarchy for all the groups is unified, and apparently this is better, but disabling that made my stuff sing, and I was ever stoked. Perhaps there's some way to improve my setup and use v2 cgroups 🤔

Hmmmm... I'm trying to think about what else is worth mentioning, eh, I suppose my lxc.idmap config was much simpler than I was struggling with a week or more ago. It was simply to have in /etc/subuid (and /etc/subgid too exact same) username:100000:65536 and the lxc.idmap to correspond to it like lxc.idmap = u 0 100000 65535, same for group, BUT *NOTE:* I did in fact have some errors when I tried to use only 10000 and 20000 UID's (which is the last number for both /etc/subuid, and lxc.idmap in /etc/lxc/default.conf || ~/.config/lxc/default.conf) and INDEED, or at least on Debian 12, you NEED the full 65536 UID/GID's, no doubt.

EH, I hope this helps somebody! This will for sure help myself for next time, and serve as a nice short point of reference. Have some B A S S: Albion Collective Presents Teffa. Here's the SoundCloud link. pEAcE.. ✌️

Tags: LXC, system-administration, linux, servers, nginx, selinux, cgroups, containers, packets

For fear of a dead link

Not always a good thing! That is getting lost in hypertext world! Here's the new, and permanent URL for my cgit instance: ccgit.packets.cc. I renamed my cgit project because c, for my XMPP nickname chunk, seemed too convenient to pass up. I can't really say that I legitimately forked cgit so I don't know what kind of repository it would actually be considered. However it's general purpose, though it's currently private and sorry to disappoint you now, is install.sh and the fact that for my iteration on any new webserver this works 100% correctly. I am really really stoked about that because I did indeed put some effort into smoothing out all it's undocumented hiccups, cgit that is. Also I have made it pretty, yay!

I am stoked to keep my eyes open for more inspiring open source projects like xserver or xlibre that are like, doing good work. I can not promise perfect uptime, cuz yea, but I wish to mirror more cool stuff on it. The next bout of development for this project is non-existent yet, but probably at some point I might work into it my own unique way of using Linux server OS and some funky backend user/repo/project management. As well, though I'm still not sure how, I think it would be very nice to make a mini login, but using Linux server OS actual users and perhaps PAM authentication and accounting, but without giving users shells, and allow members of a little community to have their own cooperative access to repos. That would be very damn cool. It's quite possible that for my first quantifiable exercise in C programming, ccgit/cgit will be my first interest :D

Tags: ccgit, cgit, cgi, fcgiwrap, nginx, git, repositories, THEARMADA, chunk, codez

New Post 5 Minutes Ago

For the record, 5 minutes ago, the address to the cgit is now git.packets.cc so ya know, and I was never here now, but 5 minutes ago, time travel yes.....

Tags: hotel-california, cgit, git, codez, websites, webmaster, c, webserver, time-travel

New Post 5 Minutes in the Future

In the spirit of a new post I thought I would state that it's like a new time, honestly, for me. I've gotten past a longsuffering and under God's heavenly clouds I see happiness! Praise the Lord! I have gotten a public (i think it's called an SVN?) cgit website/server up now! I've been having helluva lot of fun with that since yesterday. The address is cgit.packets.cc which is a subdomain of my XMPP server packets.cc (click to join muc chat in your xmpp client!). I hope you like it, if you are going to follow along with the development of THE ARMADA, a (currently) lone enterprise. That's all I wanted to share, have a good one out there! Don't go to sketchy websites, pay close attention to everything! The white van isn't what you think it is! HaHaHa!!! (not funny I know) ....

Tags: news, freedom, fresh-start, good-times, no-more-haste, programming, lua, cgit, python, golang, php, nginx, system-administration, hosting, xmpp

Some cool text texts!

I've been using Debian 12 for ALL of my Linux hosts, servers, laptop, desktop, vm's all of them eh. I've also lately been enjoying compiz on xfce4 too lately on my recently acquired HP Elitebook. Here's a screenshot of my text texts:



NEWS: I will be doing some cool stuff with TwTXT on here, my current twtxt.txt is at https://the8woodcutter.sh/twtxt.txt but I want to create a bit of a front end for it, maybe some scripts AND MAYBE EVEN A FLASK APP :D That has form fields and authentication for me to utilize (whore to the maximum) something that I wanted to do that to for long time (twtxt). Bon Voyage!

Tags: twtxt, text, textual, unicode, fonts, compiz, xfce4, debian, debian12, theme, screenshot

Alright, this is bullshit

The Styles and Formatting Execution on this Blog have FINALLY done just Now pissed me off.
Check: Last Post Below -- This is horrible, HORRIBLE!

PyBlog: HERE WE COME!!!!!!!!!!!!!!!!!!!!!!!!!

Tags: angry, horrible, styles, css, design, the8woodcutter, wtficandobetter, pyblog, comeup

TIL Torrent Networking

Greetings feeble TCP or QUIC or UDP or even IRC or XMPP packets encapsulating you humans! I'm glad that you've decided to grab the text I have to share with you now here and return it to your interfaces!

It's been a while since I blogged anything, and well, I have something might be useful to you. Ever wonder how the fuck torrent's work? Have you ever used QBittorrent torrent application? This is my favorite Torrent program, which is kind necessary for using torrents.

So my questions were of a few notable ones and here they are:
<code>
<ul>
<li>🕒 i) <big>What does a tracker do?</big> ❓🧨 🧨🧨</li>
<li>🕕 ii) <big>What the heck is DHT?</big> ❓❔🧨 🧨🧨🧨</li>
<li>🕘 iii) <big>Why are my files in little bits and pieces?</big> 🧨 ⁉️🧨🧨</li>
</ul>
</code>

This accompanied with some other curiosities like such as how is it that many people end up sharing bits and pieces of these files with seemingly no order or rhyme or reason? Well the order is like this:

Tracker (torrent file info and original file(s)) ... .. ... I suppose it's a network and/or web location of the actual WHOLE file. Containing also obviously the Torrent File and it acts as the mothership, for say. Now the:
DHT (Decentralized Hashing Table)

.. .... ... is a really cool piece of technology that stashes MASSIVE key:value pairs and an association of all the peers that are connected (to I assume the tracker and DHT). I read maybe that a torrent need not have required to have a tracker file and that in fact in the torrent DHT peers attached to associated torrent info hashes can actually be, in all the amazement of decentralization, automatically discovered without a tracker because a peer alone with just fragments of the file can still be in the DHT. Imagine that eh? Think about that a second or two ..........
Yea so the DHT is like a master database in torrent network that will keep knowledge and route of distance understanding from all peers related to .... files torrented, or, tracker info hashes.
I hope that I am making sense here, and not rambling on, cuz for me I am attempting to hold forefront in my mind the many and somewhat deep things I want to make sure I cover here uwu

Peer (obviously any connected user/network connection to this central interest, being the torrent file(s))

The peer is the user connection but it contains a few things of interest, namely our third question above ^ up there. So how come the files come in randomly as bits and pieces? And in Qbittorrent app you can see a large, say, movie file is got lines of partially completed slices of data. Well reason is because when the torrent was created it was created selecting a certain chunk size, in say 5kb, 1mb, 4096k, 1g, whatever and each chunk is found it's unique hash. Remember the original file will compute it's own LEGIT authentic hash of itself, that should not be deterred from, otherwise the file downloaded corrupt or wrong. So each chunk now has a hash for itself too that will coincide with the master full file hash too. So then when a peer downloads a chunk it will be able to verify the hash sum of that chunk, say is it good then keep it, not good then discard and try again. I don't exactly know but I imagine this is more stuff the DHT (like chronic database of all the things for a torrent) is handling, as key:value pairs including hash sums and such and yea.



Here's some links to some thick and juicy infos about this to help reinforce, or even correct, me in this post as well as give you much much more insight:

<ul>
<li>🧨 Distributed Hash Table (DHT)</li>
<li>🧨 Mainline DHT</li>
<li>🧨 Hash Buckets</li>
<li>👻 Bittorrent Over i2p</li>
<li>🎧 Dubbacle -x- Jah Fire(reason unknown) ..</li>
</ul>


LASTLY SOME NEWS GUYS:
-- News For The8Woodcutter's Webmaster Endeavours --
I am planning on very very soon making the big swing into working on pyblog here as the way I see it now, bash blog, which this blog is based on and uses to operate itself, is extremely non-readable (bash is ugly as fuck) and janky as fuck too to say the least. I think it would be a majorly big bonus to this blog here, and to many others in spaaaaaaaaace, if I got off my lazy ass and made pyblog functional. It's job is simple really, it's job is basically at first to do exactly what this blog does when running the bb.sh script. It will allow text input using your bash $EDITOR to make a post in either ` -html` or markdown format (which is 100% nonfunctional with this exact blog lmao), it will allow posting that post to the post feed, associating the tags u added to the tags list and thus also all posts with similar tags to the tags as posts of tags, ofc... As well as a `bash bb.sh rebuild` which will, say in the event that yuour posts are ordered out of date, and some elements that the bb.sh script assembles (html blocks) are misaligned, it will rebuild like a top to bottom run of MAKE THIS SITE. Also it can `bash bb.sh reset` your blog to original. These are the pretty much functions, oh and to delete a post too, that the bash blog single script to run a blog does. PyBlog will do these things too. BUTMORERERERE!@@@@@@@@@

Yea so I want to get the fuck on that, asap. Then completely TOTALLY redo my blog. Looking forward to that fellows! Hopefully maybe so are you!!!

Tags: networking, protocols, TIL, teaching, learning, researching, themoreyouknow

Joke Detected

"IM GOING TO BUILD A CAVE, AND GET INTERNET INNNNSIDE OF IT
AND EAT THE BUGS, AND NEVER LEAVE" - some of the shit you're missing when chunk is on XMPP chats...

Tags: jokes, detected, mofos, space, chunk, whodunnit, warez, elite-unquenchable-spam-artist, chunk4president