• 1 Post
  • 13 Comments
Joined 7 months ago
cake
Cake day: May 9th, 2024

help-circle
  • just 1 thing, why are you moving yay/paru to tmpdir, since they often have aur builds, and if you dont have a baller setup (i definitely do not), downloading the source and the compiles are not really temporary waste, also a general tip, dont remove browser cache also (depending upon how aggressively should the cache, like i have a slow cpu, but i got a ram upgrade and fair speed, i get almost near instantaneous load time when going to pages i have cached(for configuration, please check betterfox speed setup))


  • why would i want to delete my bash history, like to refer to my old commands (and yes i semi-regularly clear the XDG_CACHE_HOME because many apps treat them as temporary locations, STATE_HOME would be better, but i also do not remember about its existence all the time, and thank you for the librewolf script, i had something similar (i did not actually specify with this granularity though)


  • I have not setup these particular XDG variables, but i have been able to use bash without creating any files in my home dir (i was also able to use firefox (librewolf) without having .dir in my $HOME)

    first I do not use bash as my default shell (I am on arch and installed dash and a package which basically symlinks /bin/sh to dash (I think i it is called dashbinsh), because it is slightly faster (I have many shell scripts, for some of them difference is perceivable) and it does not create any files by default

    also I use a login display manager (ly) (if you use something else, then that does not really change anything, if you just type out the command in tty, just the command will change), and I have edited my sway desktop file (/usr/share/wayland-sessions/sway.desktop), you can use any other de/wm, just replace the specific command to launch sway (here sway), with something else (for example, in xfce (a de), you have start-xfce4 command), and the desktop file used

    [Desktop Entry]
    Name=Sway
    Comment=An i3-compatible Wayland compositor
    Exec=sway-wrapper
    Type=Application
    

    I made a script sway-wrapper, placed it at /home/sg/.local/bin/sway-wrapper (my user name here is sg), and symlinked it to /bin/sway-wrapper

    these are the only changes made to root system

    here is my full sway-wrapper, it launches sway, and also declares all my system variables

    #!/bin/sh
    # here i have exported many variables, not necessary for now
    # export A_LOT_OF_THINGS
    exec sway
    

    now I use bash as my shell (I also tried zsh, but was not really amazed), and I only use it in my terminal emulator (if you use it elsewhere (if in editors, most have some way to set the shell used, if in tty, then I think you can set via some systemd init thing that I have forgotten, but most likely you would not have to set it at many places), so I edited my terminal emulator’s (foot) config file to launch with bash, but with a specific rc file,

    shell=bash --rcfile /home/sg/.local/bin/bashrc.sh
    

    (most terminal emulators have some way to set this)

    and in my bashrc, i have

    # many things, this is just your bashrc, you can simply move your old one here with almost no changes (if you pull some variables/aliases with relative path, then change them)
    export HISTFILE=${XDG_DATA_HOME}/bash-history
    

    and also do

    touch ${XDG_DATA_HOME}/bash-history
    

    beforehand, as bash does not create hist file if it does not already exist

    I also started using different programs or use hem with different cli flags (with help of launch scripts) to have there stuff in different directories

    Outside of xdg specification dirs, I have .librewolf (if you want to not have this(this approach works with pretty much all firefox derivatives/family), then make a script, which basically launches librewolf with different home, like HOME=$XDG_DATA_HOME librewolf (or wherever you want), after doing so, you may have to reinstall extensions, but they do not lose there data, also maybe have to reset the download path, or if you use nativemessaging (some extensions use this), you may hae to slightly edit them, then either create a different desktop file to launch browser with this script, or edit the existing desktop file for your browser(with first approach you would have to reset your default browser everywhere (either by choosing it again, or editing your mime file in .config), with the latter approach, you may have to edit your desktop file after each browser update))(i stopped doing because i have some broken mime issue that pretty much every file type that i have not already set the default opener for, got opened with browser, and that created the .dot dir again and again), and some proprietary stuff that i have tried with the browser approach, and it still does not work



  • 2024-05-12 23:51:46 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
    2024-05-12 23:51:47 TCP/UDP: Preserving recently used remote address: ***********
    2024-05-12 23:51:47 Socket Buffers: R=[212992->212992] S=[212992->212992]
    2024-05-12 23:51:47 UDPv4 link local: (not bound)
    2024-05-12 23:51:47 UDPv4 link remote: ******************
    2024-05-12 23:51:47 TLS: Initial packet from *************
    2024-05-12 23:51:47 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    2024-05-12 23:51:47 VERIFY OK: depth=1, C=IN, ***************
    2024-05-12 23:51:47 VERIFY OK: depth=0, C=IN, ***************
    2024-05-12 23:51:48 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, peer certificate: 3072 bits RSA, signature: RSA-SHA256, peer temporary key: 1024 bits DH
    2024-05-12 23:51:48 [vpn.*******] Peer Connection Initiated with ****************
    2024-05-12 23:51:48 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
    2024-05-12 23:51:48 TLS: tls_multi_process: initial untrusted session promoted to trusted
    2024-05-12 23:51:49 SENT CONTROL [vpn.iitd.ac.in]: 'PUSH_REQUEST' (status=1)
    2024-05-12 23:51:49 PUSH: Received control message: ************
    2024-05-12 23:51:49 OPTIONS IMPORT: --ifconfig/up options modified
    2024-05-12 23:51:49 OPTIONS IMPORT: route options modified
    2024-05-12 23:51:49 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    2024-05-12 23:51:49 OPTIONS ERROR: failed to negotiate cipher with server.  Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.
    2024-05-12 23:51:49 ERROR: Failed to apply push options
    2024-05-12 23:51:49 Failed to open tun/tap interface
    2024-05-12 23:51:49 SIGUSR1[soft,process-push-msg-failed] received, process restarting
    2024-05-12 23:51:49 Restart pause, 1 second(s)
    

    this repeats over and over, i killed it, also i tried to connect with our vpn a year or 2 ago this method, and had same/similar errors even back then, and it only used to worked with network manager

    sorry for editing it heavily, but would love to not be doxxed



  • 
    #####******************############**************
    STUFF I HAVE WRITTEN
    ##############*************************
    Intentionally not written nicely to be able to distinguish
    ######################***************************
    remote had the my college's vpn domain vpn.coll.eg.e
    CA had college's certificate file name (in the same dir as config)
    cert myid.crt
    key myid.key
    
    
    ##############################################
    # Sample client-side OpenVPN 2.0 config file #
    # for connecting to multi-client server.     #
    #                                            #
    # This configuration can be used by multiple #
    # clients, however each client should have   #
    # its own cert and key files.                #
    #                                            #
    # On Windows, you might want to rename this  #
    # file so it has a .ovpn extension           #
    ##############################################
    
    # Specify that we are a client and that we
    # will be pulling certain config file directives
    # from the server.
    client
    
    # Use the same setting as you are using on
    # the server.
    # On most systems, the VPN will not function
    # unless you partially or fully disable
    # the firewall for the TUN/TAP interface.
    ;dev tap
    dev tun
    
    # Windows needs the TAP-Win32 adapter name
    # from the Network Connections panel
    # if you have more than one.  On XP SP2,
    # you may need to disable the firewall
    # for the TAP adapter.
    ;dev-node MyTap
    
    # Are we connecting to a TCP or
    # UDP server?  Use the same setting as
    # on the server.
    ;proto tcp
    proto udp
    
    # The hostname/IP and port of the server.
    # You can have multiple remote entries
    # to load balance between the servers.
    ;remote my-server-1 1194
    ;remote my-server-2 1194
    remote 
    port 1194
    
    # Choose a random host from the remote
    # list for load-balancing.  Otherwise
    # try hosts in the order specified.
    ;remote-random
    
    # Keep trying indefinitely to resolve the
    # host name of the OpenVPN server.  Very useful
    # on machines which are not permanently connected
    # to the internet such as laptops.
    resolv-retry infinite
    
    # Most clients don't need to bind to
    # a specific local port number.
    nobind
    
    # Downgrade privileges after initialization (non-Windows only)
    ;user nobody
    ;group nobody
    
    # Try to preserve some state across restarts.
    persist-key
    persist-tun
    
    # If you are connecting through an
    # HTTP proxy to reach the actual OpenVPN
    # server, put the proxy server/IP and
    # port number here.  See the man page
    # if your proxy server requires
    # authentication.
    ;http-proxy-retry # retry on connection failures
    ;http-proxy [proxy server] [proxy port #]
    
    # Wireless networks often produce a lot
    # of duplicate packets.  Set this flag
    # to silence duplicate packet warnings.
    ;mute-replay-warnings
    
    # SSL/TLS parms.
    # See the server config file for more
    # description.  It's best to use
    # a separate .crt/.key file pair
    # for each client.  A single ca
    # file can be used for all clients.
    ca 
    cert 
    key 
    
    # Verify server certificate by checking
    # that the certicate has the nsCertType
    # field set to "server".  This is an
    # important precaution to protect against
    # a potential attack discussed here:
    #  http://openvpn.net/howto.html#mitm
    #
    # To use this feature, you will need to generate
    # your server certificates with the nsCertType
    # field set to "server".  The build-key-server
    # script in the easy-rsa folder will do this.
    ;ns-cert-type server
    
    # If a tls-auth key is used on the server
    # then every client must also have the key.
    tls-auth ta.key 1
    
    # Select a cryptographic cipher.
    # If the cipher option is used on the server
    # then you must also specify it here.
    cipher AES-128-CBC
    ;cipher BF-CBC
    
    # Enable compression on the VPN link.
    # Don't enable this unless it is also
    # enabled in the server config file.
    comp-lzo
    
    # Set log file verbosity.
    verb 3
    
    # Silence repeating messages
    ;mute 20
    
    route-method exe
    route-delay 2
    
    auth-user-pass
    


  • with my college, they are not even up to current openvpn versions, if i use a verbose vpn app on phone (open vpn for android on fdroid), i have to use compatibility settings to even connect, they even use older encryption standards and compression settings, what i think is coincidentally something in my system updated which may not work with their current configs, and on my phone it is somehow still working