14 Nov
2024
14 Nov
'24
8:45 p.m.
Someone said that there is a way better top these days. What is it?
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
14 Nov
14 Nov
9:20 p.m.
On Thu, 14 Nov 2024, Brian E. Lavender wrote:
Someone said that there is a way better top these
days. What is it?
bottom(btm). gives you super fun graphs and stuff:
https://github.com/ClementTsang/bottom
see attached screencap which is from my firewall. Also, I am using st
(with a theme) as my terminal emulator: https://st.suckless.org/
sen-h.
10:39 p.m.
Hmm, I guess bottom isn't packaged into Fedora. I just tried htop. It at
least shows the load on all 20 cores. The screen shots for bottom look
very nice!
Brian
On Thu, Nov 14, 2024 at 01:20:03PM -0800, Sen Hastings wrote:
On Thu, 14 Nov 2024, Brian E. Lavender wrote:
Someone said that there is a way better top these
days. What is it?
bottom(btm). gives you super fun graphs and stuff:
https://github.com/ClementTsang/bottom
see attached screencap which is from my firewall. Also, I am using st (with
a theme) as my terminal emulator: https://st.suckless.org/
sen-h. _______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
11:53 p.m.
There are a lot of graphy top alternatives out there lately. Bashtop has
been my favorite as of late.
On Thu, Nov 14, 2024 at 2:39 PM Brian E. Lavender <brian(a)brie.com> wrote:
Hmm, I guess bottom isn't packaged into Fedora. I
just tried htop. It at
least shows the load on all 20 cores. The screen shots for bottom look
very nice!
Brian
On Thu, Nov 14, 2024 at 01:20:03PM -0800, Sen Hastings wrote:
On Thu, 14 Nov 2024, Brian E. Lavender wrote:
(with
Someone said that there is a way better top these
days. What is it?
bottom(btm). gives you super fun graphs and stuff:
https://github.com/ClementTsang/bottom
see attached screencap which is from my firewall. Also, I am using st a theme) as my terminal emulator:
https://st.suckless.org/
sen-h.
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
15 Nov
15 Nov
1:46 a.m.
I'll typically use atop or htop but if they aren't available top itself
will work and I just give it a '1' to get the multicore view.
On Thu, Nov 14, 2024, 2:39 PM Brian E. Lavender <brian(a)brie.com> wrote:
Hmm, I guess bottom isn't packaged into Fedora. I
just tried htop. It at
least shows the load on all 20 cores. The screen shots for bottom look
very nice!
Brian
On Thu, Nov 14, 2024 at 01:20:03PM -0800, Sen Hastings wrote:
On Thu, 14 Nov 2024, Brian E. Lavender wrote:
(with
Someone said that there is a way better top these
days. What is it?
bottom(btm). gives you super fun graphs and stuff:
https://github.com/ClementTsang/bottom
see attached screencap which is from my firewall. Also, I am using st a theme) as my terminal emulator:
https://st.suckless.org/
sen-h.
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
16 Nov
16 Nov
6:44 a.m.
The '1' works awesome!
👍
And, I got my emojis working in Fedora!
On Thu, Nov 14, 2024 at 05:46:11PM -0800, Aria wrote:
I'll typically use atop or htop but if they
aren't available top itself
will work and I just give it a '1' to get the multicore view.
On Thu, Nov 14, 2024, 2:39 PM Brian E. Lavender <[1]brian(a)brie.com>
wrote:
Hmm, I guess bottom isn't packaged into Fedora. I just tried htop.
It at
least shows the load on all 20 cores. The screen shots for bottom
look
very nice!
Brian
On Thu, Nov 14, 2024 at 01:20:03PM -0800, Sen Hastings wrote:
On Thu, 14 Nov 2024, Brian E. Lavender wrote:
> Someone said that there is a way better top these days. What is
it?
bottom(btm). gives you super fun graphs and stuff:
[2]https://github.com/ClementTsang/bottom
see attached screencap which is from my firewall. Also, I am using
st (with
a theme) as my terminal emulator:
[3]https://st.suckless.org/
sen-h.
_______________________________________________
Lug-nuts mailing list -- [4]lug-nuts(a)bigbrie.com
To unsubscribe send an email to [5]lug-nuts-leave(a)bigbrie.com
--
Brian Lavender
[6]https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the
other
way is to make it so complicated that there are no obvious
deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- [7]lug-nuts(a)bigbrie.com
To unsubscribe send an email to [8]lug-nuts-leave(a)bigbrie.com
References
1. mailto:brian@brie.com
2. https://github.com/ClementTsang/bottom
3. https://st.suckless.org/
4. mailto:lug-nuts@bigbrie.com
5. mailto:lug-nuts-leave@bigbrie.com
6. https://www.brie.com/brian/
7. mailto:lug-nuts@bigbrie.com
8. mailto:lug-nuts-leave@bigbrie.com
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
14 Nov
14 Nov
10:16 p.m.
It turs out, there are a lot of tops out there. I thought I might find pw-top usefule. I
found these 3 that might fit the bill for you. I had heard of the first two before. It
all depends on how you define "better". I find top pretty much does what I need,
mnost of the time.
Maybe atop:
An advanced interactive monitor for Linux-systems to view the
load on system-level and process-level.
The command atop has some major advantages compared to other
performance-monitors:
- Resource consumption by all processes
- Utilization of all relevant resources
- Permanent logging of resource utilization
- Highlight critical resources
- Watch activity only
- Watch deviations only
- Accumulated process activity per user
- Accumulated process activity per program
or btop:
Modern and colorful command line resource monitor that shows
usage and stats
https://github.com/aristocratos/btop
Apache-2.0 and MIT and Public Domain
Resource monitor that shows usage and stats for processor,
memory, disks, network and processes.
C++ version and continuation of bashtop and bpytop.
or maybe bpytop:
Resource monitor that shows usage and stats for processor,
memory, disks, network and processes.
Python port and continuation of bashtop.
Features
* Easy to use, with a game inspired menu system.
* Full mouse support, all buttons with a highlighted key is
clickable and mouse scroll works in process list and menu
boxes.
* Fast and responsive UI with UP, DOWN keys process selection.
* Function for showing detailed stats for selected process.
* Ability to filter processes, multiple filters can be entered.
* Easy switching between sorting options.
* Send SIGTERM, SIGKILL, SIGINT to selected process.
* UI menu for changing all config file options.
* Auto scaling graph for network usage.
* Shows message in menu if new version is available
* Shows current read and write speeds for disks
-Gary
On Thu, Nov 14, 2024 at 12:45:05PM -0800, Brian E. Lavender wrote:
Someone said that there is a way better top these
days. What is it?
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
21 Nov
21 Nov
5:32 p.m.
New subject: BPF
I have this old computer, probably from 2015, I see the CPU was released in 2011. The
mouse is acting up, and every few months, like 9 or 10, it crashes or reboots or something
like that. I always investigate. It happened today (yes, I'm going to replace it.
It's my unenclosed system and I have stuff hanging off itLOL. But it is probably
time).
I noticed some entries about loading and unloading BPF. At first, I read the Wikipedia
article. I wish Jimmy would stop asking for money and just cavort with his
"executive staff." But the section on security was interesting.
Has anybody played with BPF?
On this particular system, when it tries to load or unload the BPF, it gets a permission
denied. For as far back as I have logs and it does this a few times a day. Usually about
a second apart. For the entries around the crash, it tried to do this multiple times over
the course of about 7 seconds. The system rebooted when it crashed BTW.
In looking at another system, there are no permission denied errors. This sequence, load
BPF then unload BPF about a second later, seems to run every day, just after midnight,
right around logrotate. For as far back as I have logs, it runs just after midnight and
at one other seemingly random time of day.
Given what BPF does, this is kind of suspicious. But since it has been going on for
awhile, I'm not going to do anything rash.
It seems to be only in the logs for actual CPU, as opposed to VM's.
Another curious fact is that the system that crashed and generates the permission denied
errors has an AMD processor and the other systems I have are Intel.
I plan to continue investigating, but I thought I would see if anyone had any thoughts
that might prevent me from wasting a lot of time.
-Gary
22 Nov
22 Nov
12:42 a.m.
New subject: BPF
On 11/21/24 09:32, Gary wrote:
[elided]
Hi Gary,
You forget to mention which O.S., when it
was last updated, kernel version, and you didn't
list any actual log messages. It's hard to
do much with general hand-wavy remarks.
I'm sure I've done worse, but we can all do better.
;-)
Best regards,
--
Chuck
PS: Immersed as I am in ancient hardware, I
recommend checking (1) power supply voltage
and ripple*, (2) CPU thermal regulation. If
your system is well-favored some of this is
accessible via IPMI and/or the 'sensors'
command.
PPS: BPF is supposedly unable to harm your
system, it's an interesting concept.
* EVERYONE NEEDS AN OSCILLOSCOPE FOR MEASURING RIPPLE.
3:43 a.m.
New subject: BPF
OK. I'll give it a shot.
Linux version 5.17.5-300.fc36.x86_64 (mockbuild(a)bkernel01.iad2.fedoraproject.org) (gcc
(GCC) 12.0.1 20220413 (Red Hat 12.0.1-0), GNU ld version 2.37-24.fc36) #1 SMP PREEMPT Thu
Apr 28 15:51:30 UTC 2022
Based on your request, I started looking around for something to send you. After a lot of
scrolling around, I found this in the log:
2024-11-21T07:37:07.740484-08:00 Bastion audit[2514]: CRED_DISP pid=2514 uid=100
0 auid=1000 ses=24 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 ms
g='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su"
hostname=? add
r=? terminal=/dev/pts/0 res=success'
2024-11-21T07:37:07.740855-08:00 Bastion audit[1717]: USER_LOGOUT pid=1717 uid=0 auid=1000
ses=24 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=logout id=1000
exe="/usr/sbin/lightdm" hostname=Bastion.mcg addr=? terminal=/dev/tty1
res=success'
2024-11-21T07:37:07.740970-08:00 Bastion ModemManager[645]: <info> caught signal,
shutting down...
2024-11-21T07:37:07.741529-08:00 Bastion systemd[1]: Stopping session-24.scope - Session
24 of User gmcglinn...
2024-11-21T07:37:07.747574-08:00 Bastion audit[1717]: USER_END pid=1717 uid=0 auid=1000
ses=24 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_close
grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_gnome_keyring,pam_lastlog,pam_umask,pam_lastlog
acct="gmcglinn" exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0
res=success'
Which has nothing to do with BPF. Since my original post, I have found instances in the
log where BPF runs just fine. It looks like the shutdown occurred about 40 min before I
noticed, and the interesting repeating BPF entries occur about 40 min after the shutdown.
I'm a bit confused. The system had the monitor turned off and I was ssh'd into it
from another system. It shouldn't have shutdown without me issuing an explicit
shutdown request of some kind. But, it's old, and so it is probably just crufty.
But, since I was focused on BPF initially, I took a look at the logs for the system I was
on (the remote system) and that's when I saw the interesting log entries:
Nov 18 00:00:01 entertain audit: BPF prog-id=470 op=LOAD
Nov 18 00:00:01 entertain audit: BPF prog-id=470 op=UNLOADNov 18 00:00:01 entertain
systemd[1]: Starting logrotate.service - Rotate log fi
les...
Nov 18 00:00:01 entertain systemd[1]: unbound-anchor.service: Deactivated succes
sfully.
Nov 18 00:00:01 entertain systemd[1]: Finished unbound-anchor.service - update o
f the root trust anchor for DNSSEC validation in unbound.
Nov 18 00:00:01 entertain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 se
s=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=unbound-anchor comm="sys
temd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
res=success'
Nov 18 00:00:01 entertain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses
=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=unbound-anchor comm="syst
emd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
res=success'
Nov 18 00:00:01 entertain systemd[1]: logrotate.service: Deactivated successfull
y.
Nov 18 00:00:01 entertain systemd[1]: Finished logrotate.service - Rotate log fi
les.
Nov 18 00:00:01 entertain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 se
s=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=logrotate
comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Nov 18 00:00:01 entertain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses
=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=logrotate
comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Nov 18 00:00:01 entertain audit: BPF prog-id=470 op=UNLOAD
Every day.
I think the first and last lines are all that matter. The intervening entries aren't
consistent from day to day. Since the Wikipedia page for BPF states that the Chinese
alledge that the NSA uses BPF to hide packets, I found this pattern interesting. Maybe
somebody else is too. It could be just harmless firewall stuff.
But, the BPF stuff and the Spectre virus (somehow related to BPF per Wikipedia) seemed
interesting, so I thought I would find out more about them, starting with BPF.
So, I don't think BPF harms my system, but it may provide that capability to someone
else.
Not that I'm paranoid LOL.
On Thu, Nov 21, 2024 at 04:42:07PM -0800, Charles Polisher wrote:
On 11/21/24 09:32, Gary wrote:
[elided]
Hi Gary,
You forget to mention which O.S., when it
was last updated, kernel version, and you didn't
list any actual log messages. It's hard to
do much with general hand-wavy remarks.
I'm sure I've done worse, but we can all do better.
;-)
Best regards,
--
Chuck
PS: Immersed as I am in ancient hardware, I
recommend checking (1) power supply voltage
and ripple*, (2) CPU thermal regulation. If
your system is well-favored some of this is
accessible via IPMI and/or the 'sensors'
command.
PPS: BPF is supposedly unable to harm your
system, it's an interesting concept.
* EVERYONE NEEDS AN OSCILLOSCOPE FOR MEASURING RIPPLE.
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
3:23 p.m.
New subject: BPF
(Responses in-line)
On 11/21/24 19:43, Gary wrote:
OK. I'll give it a shot.
Linux version 5.17.5-300.fc36.x86_64 (mockbuild(a)bkernel01.iad2.fedoraproject.org) (gcc
(GCC) 12.0.1 20220413 (Red Hat 12.0.1-0), GNU ld version 2.37-24.fc36) #1 SMP PREEMPT Thu
Apr 28 15:51:30 UTC 2022
Can anyone else on-list confirm if Gary's running an up-to-date Fedora Core?
Gary, have you tried whatever the update process is (maybe yum update or
dnf update,
I haven't run Fedora in several years so rusty on this point.) That's merely
a stock suggestion. I know keeping those systems updated can be a chore,
especially
Fedora. All this rain is good system-updating weather.
Based on your request, I started looking around for
something to send you. After a lot of scrolling around, I found this in the log:
2024-11-21T07:37:07.740484-08:00 Bastion audit[2514]: CRED_DISP pid=2514 uid=100
0 auid=1000 ses=24 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 ms
g='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su"
hostname=? add
r=? terminal=/dev/pts/0 res=success'
2024-11-21T07:37:07.740855-08:00 Bastion audit[1717]: USER_LOGOUT pid=1717 uid=0
auid=1000 ses=24 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=logout id=1000
exe="/usr/sbin/lightdm" hostname=Bastion.mcg addr=? terminal=/dev/tty1
res=success'
2024-11-21T07:37:07.740970-08:00 Bastion ModemManager[645]: <info> caught signal,
shutting down...
2024-11-21T07:37:07.741529-08:00 Bastion systemd[1]: Stopping session-24.scope - Session
24 of User gmcglinn...
2024-11-21T07:37:07.747574-08:00 Bastion audit[1717]: USER_END pid=1717 uid=0 auid=1000
ses=24 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_close
grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_namespace,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_gnome_keyring,pam_lastlog,pam_umask,pam_lastlog
acct="gmcglinn" exe="/usr/sbin/lightdm" hostname=? addr=? terminal=:0
res=success'
So, you've got SELinux running. That's excellent, I'm a big fan.
Wasn't,
until I took a class at USENIX. Some SELinux items to consider:
(1) "getenforce" command will indicate if SELinux is "off" (not the
case
here),
"permissive", or "enforcing". Generally, if troubleshooting a stubborn
problem,
and only during the troubleshooting run, you can use "setenforce 0" to put
SELinux into permissive mode, where it reports errors *as if* it was
enforcing
but then doesn't enforce. If flipping the system into permissive mode solves
the observed problems, that's a smoking gun. But in general, leave the
system
in enforcing mode!
Use the "ausearch" command to find instances of SELinux enforcement where
permission wasn't granted. I use this command to check:
sudo ausearch --interpret -ts this-month --success no
The man page has other useful values for -ts (time start) such as "recent".
Typically you'll only care if the enforcement logs a failure:
"res=failed".
Fixing any indicated problems is mostly straightforward, let the list know
if you find any SELinux issues.
Which has nothing to do with BPF. Since my original post, I have found instances in the
log where BPF runs just fine. It looks like the shutdown occurred about 40 min before I
noticed, and the interesting repeating BPF entries occur about 40 min after the shutdown.
2024-11-21T07:37:07.740970-08:00 Bastion ModemManager[645]: <info> caught signal,
shutting down...
^^^^^^^^^^^^
This appears to be a normal daemon (ModemManager) shutting down in
response to
a signal (maybe SIGHUP or SIGTERM?). Nothing to see here, might be perfectly
normal cycle for the daemon. Anyone else on-list more familiar with
ModemManager
who can confirm this? Maybe this is nightly maintenance cycle? Maybe driven
by anightly cronjob (or the systemd equivalent?).
I'm a bit confused. The system had the monitor
turned off and I was ssh'd into it from another system. It shouldn't have
shutdown without me issuing an explicit shutdown request of some kind. But, it's old,
and so it is probably just crufty.
But, since I was focused on BPF initially, I took a look at the logs for the system I was
on (the remote system) and that's when I saw the interesting log entries:
Nov 18 00:00:01 entertain audit: BPF prog-id=470 op=LOAD
Nov 18 00:00:01 entertain audit: BPF prog-id=470 op=UNLOADNov 18 00:00:01 entertain
systemd[1]: Starting logrotate.service - Rotate log fi
les...
Nov 18 00:00:01 entertain systemd[1]: unbound-anchor.service: Deactivated succes
sfully.
Nov 18 00:00:01 entertain systemd[1]: Finished unbound-anchor.service - update o
f the root trust anchor for DNSSEC validation in unbound.
Nov 18 00:00:01 entertain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 se
s=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=unbound-anchor
comm="sys
temd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
res=success'
Nov 18 00:00:01 entertain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses
=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=unbound-anchor
comm="syst
emd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
res=success'
Nov 18 00:00:01 entertain systemd[1]: logrotate.service: Deactivated successfull
y.
Nov 18 00:00:01 entertain systemd[1]: Finished logrotate.service - Rotate log fi
les.
Nov 18 00:00:01 entertain audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 se
s=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=logrotate
comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
res=success'
Nov 18 00:00:01 entertain audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses
=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=logrotate
comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Nov 18 00:00:01 entertain audit: BPF prog-id=470 op=UNLOAD
Every day.
I think the first and last lines are all that matter. The intervening entries aren't
consistent from day to day. Since the Wikipedia page for BPF states that the Chinese
alledge that the NSA uses BPF to hide packets, I found this pattern interesting. Maybe
somebody else is too. It could be just harmless firewall stuff.
This looks exactly like what I would expect for a daily logrotate
process. Stop the daemon, rotate the log, start the daemon. You might
garner more info with something like:
systemctl list-unit-files | egrep 'log|rotate'
There may even be a man page for logrotate.service?
But, the BPF stuff and the Spectre virus (somehow
related to BPF per Wikipedia) seemed interesting, so I thought I would find out more about
them, starting with BPF.
So, I don't think BPF harms my system, but it may provide that capability to someone
else.
Not that I'm paranoid LOL.
"I believe that the moment is near when by a procedure of active paranoiac
thought, it will be possible to systematize confusion and contribute to the
total discrediting of the world of reality." -- Salvador Dali
23 Nov
23 Nov
1:39 a.m.
New subject: BPF
On Thu, Nov 21, 2024 at 09:32:05AM -0800, Gary wrote:
I have this old computer, probably from 2015, I see
the CPU was released in 2011. The mouse is acting up, and every few months, like 9 or 10,
it crashes or reboots or something like that. I always investigate. It happened today
(yes, I'm going to replace it. It's my unenclosed system and I have stuff hanging
off itLOL. But it is probably time).
I noticed some entries about loading and unloading BPF. At first, I read the Wikipedia
article. I wish Jimmy would stop asking for money and just cavort with his
"executive staff." But the section on security was interesting.
Has anybody played with BPF?
Is Jimmy some sort of red herring?
I see an article on eBPF. Is that it?
https://ebpf.io/
Perhaps backup and reinstall?
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
5:34 a.m.
New subject: BPF
Jimmy Wales, founder of Wikipedia.
BPF is Berkeley Packet Filter. It's a packet filter that is written in some kind of
bytecode that gets loaded and unloaded into the kernel. Not sure what eBPF is.
On Fri, Nov 22, 2024 at 05:39:17PM -0800, Brian E. Lavender wrote:
On Thu, Nov 21, 2024 at 09:32:05AM -0800, Gary wrote:
I have this old computer, probably from 2015, I
see the CPU was released in 2011. The mouse is acting up, and every few months, like 9 or
10, it crashes or reboots or something like that. I always investigate. It happened
today (yes, I'm going to replace it. It's my unenclosed system and I have stuff
hanging off itLOL. But it is probably time).
I noticed some entries about loading and unloading BPF. At first, I read the Wikipedia
article. I wish Jimmy would stop asking for money and just cavort with his
"executive staff." But the section on security was interesting.
Has anybody played with BPF?
Is Jimmy some sort of red herring?
I see an article on eBPF. Is that it?
https://ebpf.io/
Perhaps backup and reinstall?
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
25 Nov
25 Nov
3:19 a.m.
New subject: BPF
Extended Berkeley Packet Filter
https://www.kentik.com/kentipedia/what-is-ebpf-extended-berkeley-packet-fil…
On Fri, Nov 22, 2024 at 09:34:14PM -0800, Gary wrote:
Jimmy Wales, founder of Wikipedia.
BPF is Berkeley Packet Filter. It's a packet filter that is written in some kind of
bytecode that gets loaded and unloaded into the kernel. Not sure what eBPF is.
On Fri, Nov 22, 2024 at 05:39:17PM -0800, Brian E. Lavender wrote:
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
On Thu, Nov 21, 2024 at 09:32:05AM -0800, Gary
wrote:
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com I have this old computer, probably from 2015, I
see the CPU was released in 2011. The mouse is acting up, and every few months, like 9 or
10, it crashes or reboots or something like that. I always investigate. It happened
today (yes, I'm going to replace it. It's my unenclosed system and I have stuff
hanging off itLOL. But it is probably time).
I noticed some entries about loading and unloading BPF. At first, I read the Wikipedia
article. I wish Jimmy would stop asking for money and just cavort with his
"executive staff." But the section on security was interesting.
Has anybody played with BPF?
Is Jimmy some sort of red herring?
I see an article on eBPF. Is that it?
https://ebpf.io/
Perhaps backup and reinstall?
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
41
days inactive
52
days old
13 comments
6 participants
participants (6)
-
Aria -
Brian E. Lavender -
Charles Polisher -
Gary -
Joseph Menke -
Sen Hastings