3[00:02:23] <CrystalMath> still, if a program has that many
problems i just can't say it's any good; it's a
terrible choice for the default; but idk if it's maybe the only
"sound server" we have on GNU/linux that is
general-purpose (JACK is for professional audio stuff)
4[00:03:01] <CrystalMath> though personally my choice for
ordinary sound-using software is - no server, just ALSA with dmix
5[00:03:31] <n4dir> i propose we switch to the good old
editor-flamewar.
53[00:25:29] <EdePopede> konqueror would come with five and a
half lines of dependencies (fullscreen xterm), since i don't
use kde (ressources). and after i had some issues (like it crashed
on a 301 with empty body) and website builders nowadays seem to be
in a horse breeder like competition it was the last browser of a DE
i gave a serious chance.
54[00:25:38] <EdePopede> 2 reasons, there are probably more.
55[00:26:14] <jelly> n4dir: webkit does not get timely security
updates and is not safe to use on the internet, so konqueror is out
56[00:26:40] <n4dir> i see. I tried it, but didn't stick
to it, but i forgot why.
57[00:28:01] <jelly> there's basically just two usable web
browsers for linux, chromium/chrome and firefox
58[00:28:16] <n4dir> ha. just wanted to propose that
conclusion.
59[00:28:24] <jelly> current opera uses the same engine as
chromium
60[00:28:28] <CrystalMath> and chromium is google'd
61[00:28:41] <CrystalMath> and firefox is pulse'd :(
62[00:28:46] <CrystalMath> but the latter is easier to fix
63[00:28:48] <diogenes_> falkon is good
64[00:28:57] <jelly> I have no idea what you mean by
"google'd"
65[00:29:09] <CrystalMath> jelly: it contains lots of google
spyware, phones home, etc...
78[00:30:47] <CrystalMath> honestly, i'm too scared to
even let it run once... who knows what it might do, probably inject
a backdoor into every executable it can write to
79[00:31:06] <jelly> best not run any software from debian,
then
80[00:31:13] <jelly> write everything from scratch
81[00:31:20] <CrystalMath> jelly: but i use firefox :P
115[00:36:03] <n4dir> Butt3rfly: that hasn't got much to do
with being scared of technology. For example look at the videos of
the freedombox project and also Eben Moglen
116[00:36:12] <michael2> android doesn't lock you out of
phone if no email
117[00:36:17] <petn-randall> CrystalMath: That's not true,
but then again that's offtopic here.
118[00:36:40] <jetscreamer> it's a bit more complicated
than that but basically the facts
120[00:37:09] <n4dir> Also there was a blog from Uwe Hermann
about how much firefox sucks, regarding security, but i can't
find it right now.
121[00:37:24] <ryouma> programs are bags full of tricks / with
backdoors and bugs more than 6 / 15:28 <CrystalMath> and
chromium is google'd 15:28 <CrystalMath> and firefox is
pulse'd :(15:28 <CrystalMath> but the latter is easier to
fix
122[00:37:35] <jetscreamer> no if there was never one it does
not, nor if there is currently not one
159[00:48:23] <CrystalMath> hypn0: jelly said it's safe, i
looked stuff up
160[00:48:26] <CrystalMath> and found that
161[00:48:52] <CrystalMath> hoping that jelly will read it and
say something like "oh, we made sure nothing like that happens
in the debian version ever again, it's totally safe now"
168[00:49:59] <CrystalMath> or, at least, it has never been
caught downloading and running non-free software to listen on the
microphone
169[00:50:12] <hypn0> but it does other things
170[00:50:17] <bites> CrystalMath: debian has removed a lot of
things from chromium, the hotword module being one of them.
171[00:50:32] <CrystalMath> hypn0: i made a lot of things for
free, i even did things for people on their demand, for free; i
never did anything like that
172[00:50:58] <CrystalMath> hypn0: so if i were to assume that
everyone is like me, everyone would make free software out of the
kindness of their hearts
173[00:51:06] <CrystalMath> and completely selflessly ask for
nothing in return
174[00:51:07] <hypn0> well money makes you lose morals
175[00:51:48] <CrystalMath> hypn0: thanks for the heads up, i
will make sure not to get a significant amount of this
"money"
176[00:52:29] <bites> corporate interest, not idealism, drives
linux development.
177[00:52:32] <aloo_shu> !dfind qupzilla2
178[00:52:35] <n4dir> not that i had a clue, but the very reason
for SRWare Iron were concerns regarding privacy in chromium, no?
183[00:53:37] <michael2> What is debian's official policy
about projects which are open source, e.g. chromium, but which
contain (or load on demand) non-free components? would debian still
package that in main archive? or contrib or non-free?
184[00:53:57] <CrystalMath> michael2: it was fixed, so it's
in "main"
185[00:54:15] <CrystalMath> michael2: it's not supposed to
run non-free components, if it does then it's bug
186[00:54:36] <CrystalMath> but it's always hard with
google, you never know what that evil is up to
187[00:54:38] <bites> CrystalMath: the gnu project gets many
contributions from corporations as well.
188[00:54:43] <michael2> I mean in general. I was just using
chromium as an example
189[00:54:45] <aloo_shu> funny, dpkg answers me in the query
I've got open with him - Updating debian files [..]. failed.
190[00:54:54] <CrystalMath> bites: but are they *why* GNU
exists?
191[00:54:57] *** Quits: Brigo (~Brigo@replaced-ip) (Remote host closed the connection)
192[00:55:02] <CrystalMath> bites: or is it idealism?
193[00:55:09] <bites> no, that's not what i said, was it?
200[00:57:19] <CrystalMath> bites: i'm pretty much a
Neo-Luddite in a lot of ways, i do use computers and free software
on them, but i am not really a fan of technology itself
201[00:57:47] <CrystalMath> though i suppose that's not
really being a Neo-Luddite... i should rephrase that
202[00:58:04] <EdePopede> technology should be helpful and fun
(ideally both of them)
203[00:58:05] <CrystalMath> i'm apathetic towards the
progress of technology, i only care about the progress of freedom
208[00:59:09] <Gerowen> CrystalMath: Stallman takes things to an
extreme though, I think. Take Debian for example, it takes an
extreme stance, but it gives you the option of using non-free
components if you need to. Not all of us have the time or desire to
write our own hardware drivers, and there's some hardware that
just straight up wouldn't work right without the proprietary
blobs, so it's nice to have a clean, "free" software
only foundation, but have the option to stray
209[00:59:09] <Gerowen> from that when/if you want/need to.
Stallman, best I can understand, doesn't even think we should
be given that choice, the GNU peeps don't even endorse Debian
as a "free" operating system.
210[00:59:18] <n4dir> "Your software is used in war
machines to kill people and the companies will never give back. So
enforce GPLv3, it's needed. " bitreich manifest. Loving
the sarcasm in it.
211[00:59:41] <CrystalMath> Gerowen: yeah i don't like
that, debian is right there
212[01:00:22] <CrystalMath> Gerowen: *debian is right, there
213[01:00:25] <ryouma> Gerowen: it is also the case that debian
thinks that ceratain gnu documentation is non-free
214[01:00:41] <CrystalMath> ryouma: and that's where i
think debian is wrong :P there's nothing wrong with the GFDL
215[01:00:42] <ryouma> tar, emacs
216[01:01:06] <CrystalMath> i install that documentation from
non-free because i think the license is really nice and acceptable
217[01:01:28] *** Quits: MACscr|lappy (~MACscr|la@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
228[01:07:30] <EdePopede> »There are no restrictions on
redistribution of the main Debian distribution.« -- but you
have to be careful about the license you chose when uploading your
images to wikipedia (may appear on a DVD)
229[01:07:50] <EdePopede> "commercial" isn't that
easy
230[01:08:05] <n4dir> Gerowen: why debian isn't considered
"free" by the gnu project is explained here:
replaced-url
255[01:29:09] <aloo_shu> "Your softwarebis used in
warbmachines to kill peopleband the companirs will never give back.
So enforce GPLv3, it's needed", bitreich manifest <--
this is when I thought it's getting interesting. --> ethics
--> philosophy
320[02:39:37] <sZbcE8qNfG> is this true?
replaced-url
321[02:39:55] <sZbcE8qNfG> the post said "The net iso of
9.5 "debian-9.5.0-amd64-netinst.iso" is problematic. (At
least with the expert graphicall installation... cannot find the
source disc to load the files and the installation cannot
continue):eek: If anyone wants to perform a net installation should
use the previous one "debian-9.4.0-amd64-netinst.iso" from
the archive "
364[03:12:38] <Noldorin> trying to use smartctl on a drive here,
but getting this message
365[03:12:39] <Noldorin> /dev/sda: Unknown USB bridge
[0x0480:0xa202 (0x315)]
366[03:12:41] <Noldorin> any idea why?
367[03:15:19] <Gigglebyte> Any possibility of getting someone to
add Python 3.6 or newer to the repos? I can't install my
System76 drivers as a result of the repos only offering 3.5
Alternative I might be able to unplung my keyboard lights from the
motherboard until 3.6 moves out of SID, but I really could use 3.6
now.
368[03:17:47] <ryouma> just ooc, keyboard lights are plugged
into motherboard? and python is related to this?
387[03:41:01] <Gigglebyte> ryouma> Yes, it looks like Cleavo
went for cheap when they built this computer for System76. I
installed Debian stable, but now can't shut off the back
lights. I tried to install the drivers, but they were only tested
with Ubuntu and no other linux distro. Today I got as far as
installing a PGP key from the System76 keyring server, and now I get
an error message indicating that python3-evdev is missing. I did
some
388[03:41:02] <Gigglebyte> research and it looks like
python3-evdev is in Debian SID and is greater than Python 3.6
However, there is no guaranty that once this piece of software is
installed that there won't be other dependency issues. System76
is not to swift, and doesn't even use the Linux Firmware Shared
Infrastructure. Inspite of the shortcomings Cleavo does offer a
generous amount of ports, and expansion slots, the screen is real
bright in
389[03:41:02] <Gigglebyte> the brightest setting, but their
electronics is a lot to be desired. My laptop actually shuts off
when I plug in for charging, even when the battery life is still
decent. Cleavo tests nothing and lets their US resellers bear all
the costs.
398[03:46:02] * ryouma trying to figure out return codes for smartctl
so i can just run all my disks through it and use the return codes
to try a different device
427[04:13:20] <ryouma> if the /dev/disk/by-id starts with ata-
can you use scsi always and if it is
usb-_Patriot_Memory_07013B5B22647A29-0:0 can you use sat always?
490[04:58:34] <michael2> ip a seems to report different values
on every invocation - Im looking for a command which reports the
bssid of the wifi chipset device itself
507[05:05:43] <michael2> I think syslog will be connected to all
important logs, but if you for example created your own custom
service for a timer , then journalctl is probably the only way you
will get it
508[05:06:23] <michael2> also, if you have persistent logging
enabled, journalctl allows you to see where reboots happened
516[05:10:17] <ryouma> michael2: var log seems to show when the
computer rebooted in jessie, are yous aying journalctl showsm ore
there? i don't use any of my own services as i am clueless
about systemd (just want it to work).
518[05:10:54] <Moussa> Noldorin, not a good idea to test a Hd
through USB enclosure let alone through a HUB
519[05:11:23] <Noldorin> Moussa, I don't think my rpi has
enough power for it without a hub
520[05:11:39] <Moussa> i see
521[05:11:54] <al2o3-cr> michael2: what do mean if reports a
different MAC address on every invocation?
522[05:12:00] <Moussa> can you test it on another pc
523[05:12:07] <al2o3-cr> ^ using ip a
524[05:13:04] <michael2> ryouma: thats great if you can see when
reboots happened via syslog or kernel log. I just have never been
able to tell myself when the reboots happended. with the binary log
files that journalctl reads from , there is a --Reboot-- log
inserted - so you can tell
526[05:14:43] <al2o3-cr> michael2: what does this produce: cat
/sys/class/net/<interface>/address
527[05:14:58] <michael2> al2o3-cr: when I run `ip a' it
keeps showing a different mac address. Im guessing the command
prints the mac address reported to my neighbours on the network, but
not the 'burned in' address on the wifi NIC
528[05:15:18] <Noldorin> al2o3-cr, yeah possibly
529[05:15:21] <Noldorin> oops
530[05:15:23] <Noldorin> Moussa,
531[05:15:32] *** Quits: fedorafan (~fedorafan@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
532[05:15:36] <Noldorin> will do that tomorrow, off for now
533[05:15:41] <Noldorin> cheers for the advice
534[05:15:55] <michael2> al2o3-cr: looks like the NIC mac
address. thanks
535[05:16:17] <al2o3-cr> michael2: np.
536[05:16:42] <Moussa> Noldorin, cheers
537[05:16:43] <SerajewelKS> Moussa: smart tests happen on the
device itself, the hub isn't really that relevant i don't
think
538[05:16:54] *** Quits: b (coffee@replaced-ip) (Quit: Lost terminal)
539[05:17:01] <SerajewelKS> smart tests are done by the
drive's own controller
540[05:17:08] <Moussa> true, but some hubs do time out on the
bus
541[05:17:34] <michael2> al2o3-cr: you don't know what the
uuid field in network manager [connection] section in network
manager config files is do you?
542[05:17:41] <Moussa> from own experience anyway
543[05:17:46] <SerajewelKS> they might. but the timeout does not
apply to the test, rather to the querying by smartctl.
544[05:17:51] <SerajewelKS> smartctl does not wait for the test
results
545[05:18:03] <SerajewelKS> "start test" and "get
status" are separate commands
556[05:31:04] <n4dir> no experience with it, don't fully
understand the error message too, but the web proposes to install
"debian-archive-keyring". If you alrady did that, and the
second line relates to that, i got no clue. jim
565[05:36:47] <Moussa> so what might work on some does not mean
it will work on others
566[05:37:02] <Moussa> so eliminating the middle man might help
567[05:37:05] <jim> nyov, thanks... let's see whidch one I
have
568[05:37:27] <nyov> jim: or extract those keys and tell apt
about them
569[05:37:47] <jim> ok
570[05:38:43] <nyov> so you don't downgrade your current
package and lose the current keys - depends on if you want to have
squeeze in parallel with stretch or newer
576[05:40:11] <jim> apparantly the one I have is the latest in
that dir, [ ] debian-archive-keyring_2010.08.28+squeeze1_all.deb
577[05:40:15] *** Quits: Noldorin (~noldorin@replaced-ip) (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
578[05:43:09] <nyov> jim: oooh
579[05:43:31] <nyov> now I remember. ofcourse the key is
expired. system time not back, and all that. (doh)
580[05:47:05] <nyov> so, I thought I remembered an option to
allow expired keys. But I must have been wrong. what you can do, is:
`apt-get --allow-unauthenticated`
581[05:47:24] <nyov> (APT::Get::AllowUnauthenticated
"true"; in /etc/apt/apt.conf.d/)
582[05:47:44] <nyov> or try to fetch an update of the key first,
perhaps it got renewed
583[05:47:47] <n4dir> jim : which release are you trying to use?
594[05:57:02] <Gigglebyte> Is there a say way to install
Python3.6 in Debian stable? The repos only have 3.5 and I need 3.6
in order to install my System76 drivers. I am running Debian stable.
602[05:59:42] <Gigglebyte> nyov> Python 3.6 is required in
order to install the System76 driver which is required in order to
install the System76 Nvidia drivers. Apparely Clevo who makes
System76 is cheap on system ware, so most of the LInux distros will
have issues unless driver's and firmware offer something.
603[06:00:10] <Gigglebyte> System76 did upload its Nvidia
drivers to the repos but they are not usable.
620[06:04:37] <Gigglebyte> No, it is the System76 drivers that
are requiring this. System76 is a bit goofy anyway, and they only
support Ubuntu which is riduculous, but I assume the issue is $$$.
622[06:04:47] <Gigglebyte> nyov> How do I build myself a
dummy package?
623[06:05:14] <nyov> just like building a regular debian
package, but with nothing in it
624[06:05:21] <nyov> except the meta-data
625[06:05:23] *** Quits: donofrio (~donofrio@replaced-ip) (Remote host closed the connection)
626[06:05:46] <themill> !wquivs
627[06:05:49] <themill> bah
628[06:05:53] <themill> dselect: equivs
629[06:05:53] <dselect> equivs is a package that enables you to
create dummy packages that tell <apt> you really have
installed (through some other means) the package. aptitude install
equivs, and read /usr/share/doc/equivs/*, see also <usrlocal>.
A better plan is often to adapt the Debian packages to your needs,
ask me about <package recompile> <uupdate> <ssb>.
630[06:06:33] <nyov> themill: awesome, I totally forgot about
those (thanks)
650[06:32:20] *** Quits: n4dir (~user@replaced-ip) (Remote host closed the connection)
651[06:33:27] <jim> I think that did it
652[06:34:47] <Gigglebyte> nyov> In that case I could just
unplug the backlight to the keyboard and take a chance that the
laptop will eventually be repairable. What about downgrading to
Linux Testing? Earlier this evening I found Python 3.6 in SID. Will
it also work in testing?
653[06:34:54] <jim> nyov, I don't think it is... but, you
can use pyenv to get and build it
655[06:35:54] <nyov> Gigglebyte: I don't follow. If you are
on testing or sid, you will have access to python3.6
656[06:35:57] <Gigglebyte> I am going to contact System76 about
this and point out some of the problems. They did upload their
Nvidia driver to the repos so it looks like they are making some
type of effort.
657[06:36:04] <jim> Gigglebyte, the binary package? I don't
think so... but you might be able to backport it
658[06:36:14] <Gigglebyte> Is Python 3.6 available in Testing?
or only SID?
668[06:37:30] <nyov> but as I said, possibly linking python3.5
to 3.6 is good enough, and telling apt you have python3.6, using
equivs
669[06:37:59] <nyov> jim: but you can't install in on a
stable system without breaking slews of packages
670[06:38:01] <Gigglebyte> nyov> How would I link python3.5
to 3.6?
671[06:38:35] <Gigglebyte> But you said it breaks a bunch of
things. Would I be better of downgrading to Debian testing instead
of using equivs? Or do you think equivs will be ok?
672[06:38:45] <jim> right, and if I recall, there's some
kind of change in the python building in debian, that you can't
backport to stable
674[06:39:00] <jim> I don't remember what they said
675[06:39:03] <themill> eww?
676[06:39:10] <nyov> themill: no?
677[06:39:20] <nyov> temporarily
678[06:39:51] <jim> Gigglebytem what are you running?
679[06:40:04] <themill> If it actually needs python3.6 that
won't work; if it doesn't need python3.6, it would use
#!/usr/bin/python3 for the shebang, surely?
680[06:40:41] <nyov> themill: true, it should. so actually a
symlink is unnecessary even
681[06:40:49] <nyov> hadn't thought about that
682[06:41:27] <nyov> Gigglebyte: what's the package name?
683[06:41:53] <Gigglebyte> python3-evdev
684[06:42:31] <Gigglebyte> I looked it up and it is part of
Python 3.6 This package is required in order to install the System76
driver, and the System76 driver is required in order to install the
System76 Nvidia driver.
689[06:43:42] <nyov> so what you really want is a backport of
that package, no?
690[06:44:21] <Gigglebyte> nyov> Yes, as long as it
doesn't break a bunch of other things. Right now Debian testing
is working great except for the keyboard lights and I blame Cleavo
for that.
691[06:44:35] <Gigglebyte> Also, the F keys quit working, but I
suspect the drivers will help.
693[06:45:18] <Gigglebyte> nyov> Would I be better of
downgrading to Testing instead of trying to backport Python 3.6 to
stable?
694[06:45:36] <nyov> yeah now you lost me. you talk about being
on stable and then you talk about being on testing and then you talk
about downgrading to testing. ???
697[06:47:06] <Gigglebyte> I have always been on Debian stable.
python3-evdev is not in stable, and I get an error message
indicatding I can't install the System76 driver unless
python3-evdev is installed.
699[06:47:47] <Gigglebyte> I need to install the System76
drivers so that I can shut off the hideous blue keyboard lights that
are on 24/7. Hopefully I can regain brightness control of the screen
as well.
700[06:48:27] <themill> python3-evdev is entirely vbackportable
709[06:56:13] <RoyK> Gigglebyte: if you need something not in
backports, just setup a vm and install something new and shiny there
710[06:56:16] <RoyK> !sns
711[06:56:16] <dpkg> Shiny New Shit Syndrome is a serious
disorder, which usually breaks out into an epidemic every time
something new is released. If you have SNS, ask me about
<backports> and <ssb>; these are better options than
upgrading to <testing> because it is a <moving target>.
712[06:57:10] <Gigglebyte> RoyK> Will that allow me to
install the System76 driver that complains of a missing dependency
called python3-evdev? python3-evdev is part of Python3.6
713[06:57:21] <nyov> themill: python3.5 is listed as supported
in classifiers though,
replaced-url
714[06:57:59] <Gigglebyte> RoyK> Would I be better of using
the vm to avoid breaking something> nyov advises that python3.6
breaks a bunch of packages in Debian, but apparently the file is
available in Testing and SID, but it isn't available in
backports.
715[06:58:00] <RoyK> Gigglebyte: I have no idea about system76
things, sorry
716[06:58:35] <Gigglebyte> RoyK> I just want to install the
driver that depends on Python3-evdev (Python 3.6)
729[07:04:21] <Gigglebyte> I am headed to sleep. I tried
creating a symbolic link as you suggested from Python3.5 to
Python3.6, but still get the same error. Feel free to memoserve me.
I am headed to sleep.
871[09:37:09] <zer0_her0> hello, sorry about what i am going to
moan about, but, is the old pal, /etc/security/limits semi
deprecated? : in order to define a daemon's limits do I have to
create a copy of the daemon.service in /etc/systemd/system and blah
blah ??
882[09:46:01] <tdn> mspe, yeah, I would like to know what people
in here tend to go with since most people I encounter (mostly RHEL
guys) are all using the latest from upstream.
883[09:47:03] <Fox> ppa on debian, hell...
884[09:47:24] <Fox> !dontbreakdebian
885[09:47:24] <dpkg> methinks dont break debian is
replaced-url
886[09:47:35] <nyov> what's the point of using the latest
when the stable one is good enough
892[09:48:38] <tdn> It is fairly old. But I may stille be able
to use it just fine
893[09:48:48] <tdn> nyov, that is not stable then, right?
894[09:48:54] <jelly> tdn: RHEL ships very little software so
enriching the environment from non-distro sources is basically a
must
895[09:48:57] <nyov> stretch is stable
896[09:49:05] <nyov> stable is stretch
897[09:49:23] <jelly> and yes the version in stretch is old
898[09:49:36] <jelly> !bdo
899[09:49:36] <dpkg> backports.debian.org (formerly
backports.org) is an official repository of <backports> for
the current stable (see <jessie backports>) and oldstable
(<wheezy backports>) distributions, prepared by Debian
developers. Ask me about <backport caveat> and read
replaced-url
900[09:50:12] <nyov> magnitudes better than using a ppa, IMHO
901[09:50:26] <jelly> ppa debs are not built for debian.
902[09:50:29] <nyov> but YMMV
903[09:50:53] <tdn> jelly, ok
904[09:51:32] <n4dir> let's hope the "don't use
ppa's " somehow got through.
912[09:54:03] <nyov> what is wrong with backports? it's the
same source, with (usually trivial) dependency fixes for stable. I
never had a bpo package that didn't work out :)
913[09:54:46] <n4dir> if there already is a version in sid, then
a simple sid backport might be a choice too. probably easier than
compiling upstream.
917[09:55:37] <jelly> ansible is python, there's not much
compiling
918[09:55:47] <n4dir> i meant in general.
919[09:56:19] <tdn> nyov, I just have very little experience
with it. Maybe there is no problem at all. What I fear, I think is
two things: 1) lack of experience/unknown and 2) that it might break
the next upgrade somehow.
920[09:57:39] <nyov> tdn: okay, that's understandable. In
my experience, though, it's not a problem to install backported
packages - they will continue to be upgraded by apt on the next
release version
921[09:58:03] <n4dir> hurry. dpkg, the bot, worked for one day
for me. now stopped again. oh my.
922[09:58:19] *** Quits: ToBeCloud (uid51591@replaced-ip) (Quit: Connection closed for inactivity)
923[09:59:38] <format_c> hi, I use exim4 as the MTA. I've
some webscripts that are capable to send emails (submit to
localhost). By default this submission is accepted w/o
authentication. I'd like to adjust the configuration to enforce
authenticated submission for anything that is not destined to
+local_domains. I already searched the web. But there I only find
how to solve it the other way round. Any hint?
924[09:59:39] <n4dir> anyway he has info what to check in what
order in case a version in stable ain't sufficient.
933[10:04:45] <zer0_her0> themill, just for the record i started
with backport until I found that a newer version was not still
backported and switched to ppa (and since they write it to their
website)
936[10:06:42] <zer0_her0> that does not mean that I encourage
the use of ppa repos in general, but maybe one could use it for
particual software repos, that provide only one upstream package.
shouldn't this be safe ?
937[10:07:58] <jelly> in general, no, it would not be safe
938[10:08:05] <themill> it doesn't only provide one package
either
941[10:09:10] <themill> Maybe they know what they are doing,
maybe they don't....
942[10:09:29] <jelly> it's as safe as the author of PPA can
make it safe, you rely completely on them not to mess up your
installation
943[10:10:11] <zer0_her0> of course, trust is in the basis of
every repository.
944[10:10:27] <jelly> and if PPA infrastructure is used to build
binary .deb and not just as a distribution point, it has to be said
they _only_ build for ubuntu releases
951[10:16:46] <zer0_her0> nevertheless, one (admin) will get to
the point that she needs to install an upstream piece of software in
a stable debian. Then imho the options are, a) upstream source:
difficult to maintain, b) a third party trust worthy repo : easier
to maintain (maybe combined with some apt policy assurances)
952[10:18:34] <zer0_her0> and oh i forgot c) container based
solution, an easy to maintain black box.
953[10:18:56] <n4dir> stevepusser made posts at
forums.debian.net how to use ppa's and rebuild them for debian.
I can't find them right now (and sure would not know anything
about it. Just saying one would find infos, in case one needs).
954[10:20:45] *** Quits: COOurb (~COOurb@replaced-ip) (Remote host closed the connection)
964[10:25:46] <rgr> can anyone suggest to me why
30x11-common_xresources is not being processed on a gdm3 login? My
~/.Xresources are not being processed.
965[10:25:48] <at0m> zer0_her0: also, #ansible is quite active
966[10:28:10] <nyov> rgr: I would assume gdm3 ignores
~/.Xresources | ~/.Xdefaults
967[10:28:42] <nyov> but I'm just guessing. what would gdm3
want in those files/
968[10:28:51] <rgr> why would yo uassume that? Its not suppose
to.
971[10:29:36] <rgr> they are X resource files. so obvuiously a
graphical login might be interested in sourcing them and the X init
file I mentioned does exactly that but its not being processed. And
I would like to know why.
985[10:41:37] <muAdmDev> we got a cron problem on one debian 9.5
system. cronjobs are arbitrarily just not run. e.g. we got an hourly
cron that isn't run (also not listed on dron.log) every 5-7
hours. Known bugs, hints, any experience with that?
1002[10:59:58] <muAdmDev> jelly: time is correct and it's a
physical system. How could I check for skipping? Further other
(weekly) crons are also having this problem and they are run at
differnt times
1022[11:13:27] <dpkg> In order to troubleshoot your problem with
apt-get, apt or aptitude we need ALL OF THE FOLLOWING information:
1. complete output of your apt-get/apt/aptitude run (including the
command used) 2. output from "apt-cache policy pkg1
pkg2..." for ALL packages mentioned ANYWHERE in the problem,
and 3. "apt-cache policy". Use
replaced-url
1023[11:14:23] <jim> ok hold on a sec for 2 and 3
1024[11:16:09] <jelly> muAdmDev: not easily (might eg. run date
in an endless loop and collect output)
1096[12:13:17] <ViperXL75> hey guys. I just ran into the most
peculiar behaviour. I'm running Debian Stretch and sharing
files through SMB. The strange thing is, I want to copy an ISO file
from it. The thing allows me to copy other file types like TXT. But
not ISO. Been trying to copy with both Win10 as Win7.
1103[12:18:32] *** Quits: fedorafan (~fedorafan@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
1104[12:19:52] <ViperXL75> screw my life. The file rights were
set wrong. I was looking at the wrong place for the problem. SOrry
and thanks for your listening ears and shoulders to cry on.
1105[12:20:39] *** Quits: schu-r (~Thunderbi@replaced-ip) (Remote host closed the connection)
1121[12:33:08] <moldy> any idea why my compose key is not
working? i tried Alt_R, Super_R and Control_R: setxkbmap -layout us
-option compose:Control_R
1132[12:45:33] *** Quits: yonder (~yonder@replaced-ip) (Remote host closed the connection)
1133[12:46:58] <nyov> moldy: you are certain the key works, of
course? Try one of the other options from `grep "compose:"
/usr/share/X11/xkb/rules/base.lst`
1153[12:56:29] <muAdmDev> we are back at the "cron
abitrarily not running" problem. now suspecting PAM and LDAP.
Is it normal behavior that even for local users LDAP is queried
1154[12:59:29] <Iridos> maybe you have anacron installed
1159[13:01:21] <petn-randall> D0c70rWh0: Sounds a lot like a XY
problem. Or a survey.
1160[13:01:22] <petn-randall> !xy
1161[13:01:22] <dpkg> Slow down for a bit! Are you sure that you
need to jump through that particular hoop to achieve your goal? We
suspect you don't, so why don't you back up a bit and tell
us about the overall objective... We know that people often falsely
diagnose problems because they are too close to them -- it's
easy to miss that there is a better way to proceed. See
replaced-url
1162[13:01:49] <petn-randall> D0c70rWh0: What is the issue
you're trying to solve?
1163[13:02:05] <nyov> muAdmDev: if users are configured for ldap
lookup in nsswitch, yes, your cron user would also be looked up
1164[13:02:20] <D0c70rWh0> petn-randall: the LDAP and local user
problem of muAdmDev
1184[13:11:59] <muAdmDev> the problem is that (of course) there
are always LDAP queries, when a cron is run. So we thought that root
of the evil might be there
1185[13:12:06] <Moussa> custom rather
1186[13:13:02] <muAdmDev> the funny thing is: we see the LDAP
query in the logs (due to cron running) but the cronjob isn't
run (or crashes) and also not logged in cron.log
1187[13:13:09] <nyov> muAdmDev: perhaps you need some nscd
(caching daemon)
1188[13:13:18] <nyov> for faster lookups?
1189[13:13:44] <muAdmDev> nyov: got it installed, will check the
config
1190[13:13:54] <nyov> shouldn't need config
1191[13:14:00] <nyov> but then I have no clue
1192[13:14:01] *** debhelper sets mode: +l 1118
1193[13:14:54] <muAdmDev> nyov: ok, further the LDAP-Server is
also local, meaning on the same machine that is causing trouble
(crons not being run) :(
1194[13:15:20] <nyov> muAdmDev: perhaps increase cron log output
in /etc/default/cron
1203[13:17:56] <nyov> COOurb: bridging will go through Layer2
(ebtables), routing will go through L3 (iptables)?
1204[13:18:47] <COOurb> nyov: what difference in practice? Some
different client configuration or what?
1205[13:18:59] <D0c70rWh0> muAdmDev: nsswitch looks fine for me.
have you tried to filter the local user in questin by setting
nss_initgroups_ignoreuser accordingly?
1221[13:25:30] <COOurb> well, I'm asking not about features
1222[13:26:22] <COOurb> for example, I have OpenVPN server and 2
clients. one routing, one bridging
1223[13:26:36] <COOurb> what difference in configuring clients?
1224[13:26:55] <COOurb> let's say that server configured for
both/2servers
1225[13:27:34] <cef> that's not a feature. that's the
nature of bridging. it's like "being" on a network
card on the same lan segment. all that broadcast traffic (which is
not usually necessary for a VPN) goes over your VPN link. More
traffic to send/encrypt/etc.
1226[13:28:49] <COOurb> Will it be still same virtual network
device(created by OpenVPN software) with IP assigned? Or somethng
else?
1227[13:28:59] <nyov> the routing client will get a
(default)route pushed to it to know where to send to - the bridging
client will have a tap device (like another ethernet card)
1234[13:30:09] <cef> when you bridge 2 networks, they are
effectively connected for broadcast traffic (ie: layer 2 traffic).
It's really only useful when you have stuff that relies on
broadcast traffic, such as older (not IP) network protocols or you
want to monitor the other network (eg: packet sniff).
1239[13:31:51] <Moussa> more like to bridge 2 networks
1240[13:32:14] <cef> COOurb: you shouldn't really need to
change the config for either bridging or routing on the client
afaik, UNLESS you're actively joining 2 separate networks at 2
different sites.
1245[13:33:51] <muAdmDev> cef: seems like it. didn't touch
/etc/pam.d/cron, its including mostly the "commom" PAM
stuff. Not sure if the common PAM stuff is right. here is a summary:
replaced-url
1246[13:34:01] *** debhelper sets mode: +l 1126
1247[13:34:16] <Moussa> you should really explain what are you
trying to do, to me sound like you want to connect 2 friends network
to yours
1250[13:34:32] <cef> COOurb: Routing is built into pretty much
every OS. If you're using OpenVPN, you need to use the OpenVPN
client regardless of bridge or route.
1257[13:38:05] <cef> yes. Either the gateway needs to translate
things if the outside world doesn't know how to get back to it
(NAT), or the outside world needs to know how to get back to your
network (routing advertisement protocols, global routes on all
necessary devices, or negotiation via a client).
1258[13:38:23] *** Quits: oerheks (~oerheks@replaced-ip) (Remote host closed the connection)
1259[13:39:25] <cef> muAdmDev: sure its' not that
'default=bad' in Account?
1260[13:39:45] <muAdmDev> cef: maybe, I'm not familiar with
the systems config
1261[13:40:34] <COOurb> ok, heh.
1262[13:40:36] <cef> muAdmDev: what's the ldap server and
are you using an existing schema or something?
1263[13:41:24] <COOurb> What clients of payed VPN services have?
I think bridget, am I right?
1267[13:41:55] <muAdmDev> cef: now checking the meaning of
"default=bad". we have replicated LDAP-Servers with
multiple schemes. the local ldap-slave gets the queries
1272[13:42:23] <cef> just cos you route the traffic, doesn't
mean it can't be encrypted/decrypted.
1273[13:42:45] <COOurb> but if routed they only need IP+route,
not VPN clients
1274[13:43:20] <cef> in a paid vpn service, you don't want
bridging cos then all your broadcast traffic would go to the other
end, and OTHER clients on the VPN would see it (cos it'd be
sent to them), which isn't very private.
1275[13:43:35] <muAdmDev> cef: default=bad seems to be a good
choice security-wise
1286[13:46:49] <cef> muAdmDev: if so, then you might need to make
a copy of pam.d/common-auth copy and change pam.d/cron to use that
instead of pam.d/common-auth
1319[14:20:12] <Ulrar> Hi, debian 9 seems to have no way to be
configured with a remote gateway (a gateway in another subnetwork,
onlink) and the installer seems to have recently dropped the
"trick" of using the machine's own IP as a gateway to
get around that. How would I report that, is there a point to
reporting that on the bug tracker ?
1320[14:20:34] <Ulrar> Because it's very, very annoying but
it might be on purpose, I guess, not sure it's really a bug
1330[14:26:51] <Ulrar> jelly: Yes I know, and that works
1331[14:27:20] <Ulrar> But that's really annoying to do in
the installer, and again after the first boot where you end up
trying to access a machine that doesn't have network access
1332[14:27:29] <Ulrar> On debian 8 you could just put the
machine's own IP as a gateway
1333[14:27:35] <Ulrar> but debian 9 refuses that
1334[14:28:01] <Ulrar> I wish there was at least a "trust
me, I know what I'm doing" button that would disable
checks
1335[14:28:24] <jelly> I wasn't even aware that would work.
1336[14:28:37] <jelly> (and that it'd worked in debian 8)
1337[14:28:41] <Ulrar> Well might not everywhere, but in ovh /
online it does work, for some reason
1338[14:28:52] <Ulrar> It did work up to debian 8
1339[14:29:05] <Ulrar> And until the latest installer, it worked
in the installer even on debian 9
1340[14:29:21] <Ulrar> (The machine didn't have network at
boot though)
1341[14:29:49] <Ulrar> On pfsense / opnsense you have a
"remote gateway" tick box that disable the subnetwork
test, it's perfect
1343[14:31:55] <Ulrar> Anyway, debian 8 used to be easy to
install, debian 9 is a pain, so I thought I might report it. Takes a
while to figure out why everything stops working suddenly, I'm
probably not the only one that change is affecting
1344[14:33:15] <jelly> Ulrar: fwiw, commenting here is not really
visible to the people who can actually fix things. File an
installation report if you have the time.
1345[14:33:28] *** sauvin is now known as Sauvin
1346[14:33:29] <Ulrar> That was my original question
1347[14:33:34] <Ulrar> How should I report that
1348[14:33:44] <jelly> !installation report
1349[14:33:44] <dpkg> from memory, installation report is
replaced-url
1350[14:34:01] *** debhelper sets mode: +l 1132
1351[14:34:16] <Ulrar> Great, thanks
1352[14:37:17] <jelly> if you're doing preseed or some other
automation you might go straight for debian-installer package, but
if a workaround works in the installer and same config fails on
first boot that might be actually something for ifupdown
1365[14:48:25] <akay> Hi, does anybody here know something about
linux udp low latency tuning (WAN)? i've seen people get udp
latencys as low as their ICMP TCP counterparts and i'd love to
know their secret :-) i've read through some redhat
presentations and tried some things like changing buffer sizes, but
that neither improved nor increased the latency.
1366[14:48:44] <nyov> rootkea: perhaps you changed that after the
file was created?
1406[15:02:31] <dob1> sZbcE8qNfG, if you have a iptables rule
based on, let's say eth0, and the next time you boot this one
becomes eth1 it's not good :)
1407[15:02:39] <dob1> I take a look thanks
1408[15:02:48] <rootkea> nyaomi, I moved the file and just
rebooted but /var/log/btmp got recreated with the same 600
permissions in spite of /etc/logrotate.conf asking for 660
1409[15:03:05] <rootkea> nyov, ^
1410[15:03:14] <sZbcE8qNfG> i run a router and everytime I boot,
all the interfaces have the same name starting with enxp*
1411[15:03:26] <sZbcE8qNfG> not sure how it would change
1424[15:06:03] <hans_> what kernel version does 9.5 run on?
1425[15:06:10] <pjboro> dob1: most probably they won't
change. As nyov already said the system recognizes the device
looking at its MAC address.\
1426[15:06:22] <hans_> is it 4.9.x?
1427[15:06:28] <petn-randall> rootkea: I'm going to assume
that if you wait 4 weeks that logrotate will create it correctly.
1428[15:06:36] <petn-randall> hans_: yes
1429[15:06:43] <hans_> thanks
1430[15:07:02] <dob1> and if I have old names?
1431[15:07:21] <nyov> pjboro: but that's because it was
fixed in udev rules. changing device names otherwise is a real
possibilty
1432[15:07:39] <nyov> was/is
1433[15:08:35] <rootkea> petn-randall, Ah, I am using Stretch for
months now and still found /var/log/btmp with 600 I'm almost
convinced as if logrotate.conf has no effect on btmp or may be
something else changes the permissions again?
1455[15:14:41] <n4dir> to create a full debian installation this
wiki page first 1) export MY_CHROOT=/sid-root and 2) uses the
variable $MY_CHROOT to put proc and sysfs in the debootstrap
/etc/fstab file. That doesn't make sense to me, am i overseeing
something? export MY_CHROOT=/sid-root
1462[15:17:39] <rootkea> nyov, I moved the file. Then executed
/etc/cron.daily/logrotate and then logrotate but still the
/var/log/btmp didn't get created.
1483[15:23:35] <rootkea> Alright, looks like inotify is an API so
maybe one needs to write some code. But I was wondering if there is
an existing tool/command to check which process/daemon created the
given file...
1533[15:53:53] <tylertwo_> Hey, the recent iceweasel update made
it so that all of my plugins stopped working, and so that the
browser won't play any audio. Any ideas on solving this? Debian
9 stable
1534[15:54:16] <tylertwo_> I can just re-install some plugins,
but not sure about audio.
1535[15:54:33] <greycat> Iceweasel is a dummy package that brings
in firefox-esr. Current firefox-esr is 60.x and has audio support
ONLY for pulse audio, not for ALSA.
1556[16:06:19] <rootkea> nyov, Thanks. I get that inotifywatch
can be used to watch for file creation event. But since the file in
question /var/log/btmp gets created just after the boot may be I
should place `inotifywatch -e create /var/log > foo` in
~/.profile? (I can't seem to think of a better place to catch
the file creation event)
1557[16:07:43] *** Quits: learjet60xr (~learjet60@replaced-ip) (Quit: live, learn, love and make friends :))
1561[16:10:11] <greycat> anyway, /var/log/btmp is related to the
"lastb" command and it mentioned BRIEFLY in lastb(1)
1562[16:10:12] <rootkea> "(I can't seem to think of a
better place to catch the file creation event)" -> "Can
you please suggest the better place for inotifywatch?"
1563[16:11:19] <rootkea> Thanks for the info. :)
1564[16:11:50] <greycat> If you expect to catch something that
happens during boot, the notify would have to be set up DURING boot,
BEFORE the event you are hoping to catch. ~john/.profile is
completely too late, assuming john ever logs in at all.
1566[16:12:51] <nyov> hm, so according to /etc/login.defs, btmp
is handled by login
1567[16:13:04] <hexhaxtron> I just installed OpenSIPS. Everything
seems to be working properly. Anyone with a SIP address? I just
wanted to confirm that it works.
1568[16:13:09] <nyov> though I wonder where
1569[16:13:50] <petn-randall> rootkea: Just run it in a terminal,
and the log in on another one.
1572[16:14:13] <nyov> rootkea: lastb manpage says: The files wtmp
and btmp might not be found. The system only logs information in
these files if they are present. This is a local configuration
issue. If you want the files to be used, they can be created with a
simple touch(1) command
1573[16:14:28] <nyov> I think you should juwst *chmod* the thing
and be done with it
1593[16:16:25] <v0idpwn> I'm using Jessie and I want to use
backports from Stretch, I added "deb
replaced-url
1594[16:16:47] <greycat> If petn-randall's guess is correct,
and if nyov's information that this is defined in
/etc/login.defs is also correct, then perhaps the solution to the
REAL problem is to edit /etc/login.defs and comment out the
FTMP_FILE thing.
1609[16:19:54] <greycat> /etc/logrotate.conf on my stretch box
says that it'll create a /var/log/btmp file once a month if
it's missing
1610[16:20:08] <greycat> This seems to jibe with my 0-byte
/var/log/btmp file that is timestamped sep 1.
1611[16:20:10] <jelly> nyov: IIRC logrotate keeps previous
ownership and permissions if the file exists; those ownerships and
perms are applied only if the file doesn't exist at rotate
time?
1612[16:20:31] *** Quits: Ayo (~quassel@replaced-ip) (Remote host closed the connection)
1613[16:20:36] <nyov> jelly: we assumed that already. but
logrotate doesn't seem to create the file either
1614[16:20:53] <v0idpwn> It still acts as I have the newest
version... :( . Maybe there is no backport avaible.
1615[16:20:54] <greycat> So, if I'm understanding this
correctly, his actual issue is that his /var/log/btmp file exists
and is growing unreasonably large, and removing it did not help,
because logrotate keeps re-creating it.
1616[16:21:11] <greycat> v0idpwn: of what package?
1617[16:21:28] <nyov> jelly: perhaps it only creates it if it
existed and gets rotated. humm
1618[16:21:31] <greycat> v0idpwn: also, why are you still on
jessie? Is there a specific issue that prevents you from upgrading
to stretch?>
1619[16:21:53] *** Quits: Sepultura (~Sepultura@replaced-ip) (Remote host closed the connection)
1620[16:22:02] <greycat> nyov: it says "missingok" and
"create 0660 root utmp" which I believe means it will
create the file if it's missing
1621[16:22:03] <Fox> v0idpwn: what does apt-cache policy
<package> say ?
1622[16:22:04] <v0idpwn> Well, the server is not mine
1623[16:22:24] <nyov> greycat: no, I think that means if
it's missing, it'll just be ignored
1624[16:22:54] <petn-randall> v0idpwn: And yet you're
allowed to administer it?
1625[16:22:58] <nyov> but perhaps thats exactly hthe problem
1626[16:23:08] <greycat> nyov: the "create" command
seems pretty explicit here
1642[16:25:31] <nyov> rootkea: right. manpage says
"Immediately after rotation (before the postrotate script is
run) the log file is created (with the same name as the log file
just rotated)"
1643[16:25:52] <nyov> rootkea: so I assume it only creates it
when it found one, not if (missingok) is set
1644[16:26:01] <v0idpwn> f. I'll have to compile from
source, then?
1645[16:26:09] <greycat> You can try that.
1646[16:26:47] <petn-randall> v0idpwn: Why not upgrade? jessie
only has limited security support, anyway.
1647[16:26:51] <greycat> rootkea: try commenting out the
FTMP_FILE line in /etc/login.defs and see if that stops it from
writing to the file after logrotate creates it
1648[16:27:06] <greycat> rootkea: assuming of course that
petn-randall's guess is correct
1673[16:41:14] <SerajewelKS> i've found no reason to use
anything but iptables
1674[16:41:15] <nyov> I'm considering switching shorewall to
ufw. But then I think nftables might just obsolete the requirement
for either
1675[16:41:28] <rootkea> greycat, I moved btmp. Then edited
login.defs to comment out FTMP_FILE. And then rebooted the box. btmp
got created automatically with 600 even if logrotate.conf asks it to
be 660. Even tiger (security tool) complains about it.
1681[16:43:10] <rootkea> greycat, That last message purely
reads/looks personal. So I'm going to ignore it :)
1682[16:43:44] <greycat> Yes, I also advise that you simply
ignore this /var/log/btmp file. That's what you meant by
"it", right? Right. It's the only reading that makes
any sense.
1683[16:44:21] *** Quits: ledeni (~ledeni@replaced-ip) (Remote host closed the connection)
1688[16:44:48] <petn-randall> nyov: shorewall and ufw have two
very different use cases. And the whole nftables/iptables is only
relevant for the kernel. Use whatever solution fixes your problem.
1721[16:51:14] <n4dir> if it was me i would start with
understanding why something in ~/.profile has no meaning for the
boot process at all. Then work my way up.
1722[16:52:51] <rootkea> petn-randall, I just tried multiple
login failed login attempts and then a successful attempt in another
terminal while leaving `inotifywatch -e create /var/log` in one
terminal but it didn't catch any event. Guess my command is
wrong?
1723[16:52:56] <v0idpwn> Sorry, didnt saw your message,
petn-randall: "v0idpwn: And yet you're allowed to
administer it?". Yes, I work here, but the server is from my
uni and serves some stuff for them. So I can't break it.
1724[16:53:55] <nyov> v0idpwn: do you need to replace the system
binary then? perhaps place a newer one in ~/.local/bin ?
1725[16:54:01] *** debhelper sets mode: +l 1137
1726[16:54:52] <v0idpwn> I'm planning to do it, afaik
they've got a bin with all dependencies included. I'm
downloading it.
1727[16:55:11] <v0idpwn> Oh sorry I got you wrong.
1763[17:03:22] <hans_> greycat, also i don't have any
screensaver i think. the normal debian-xfce installer probably
installs a screensaver, but i did a custom install with apt install,
i think i need to do something like `apt install xfce4-screensaver`
or something to actually get a screensaver
1764[17:03:54] <rootkea> hans_, check the Security tab of Power
Manager settings
1771[17:07:20] <n4dir> i don't recall xfce having a
screensaver (you could install). just checked xfce4-goodies, and
that metapackage doesn't seem to contain one either (i never
installed it, as most of that i didn't need. You might want to
look at it, perhaps you do).
1828[17:57:33] <BoF> buen dia alguien con experiencia en galera
cluster?
1829[17:57:50] <petn-randall> !es
1830[17:57:50] <dpkg> Este canal es de soporte técnico en
Inglés para Debian. Si prefiere que el soporte sea en
Español, puede ingresar en #debian-es tecleando /join
#debian-es en la línea de chat.
1841[18:04:01] <RoyK> BoF: yes, I have experience with galera
clusters, but it won't work if you don't speak english,
norwegian or something similar ;)
1844[18:05:37] <BoF> RoyK: I have 3 clients, but each one has
different storage capacity, cluster galera merges them as a single
unit ?, example: Client1 5BG, Client2 10 GB and Client3 2GB, with
cluster gallery my total would be 17GB?
1931[18:53:24] <RoyK> petn-randall: hm - can't find a CVE,
only the MS-ISAC
1932[18:55:14] <petn-randall> RoyK: Not much I can say. Pretty
much every reputable publisher uses CVEs. And from the look of that
website, it's garbage.
1933[18:55:36] <RoyK> possibly
1934[18:55:41] <bites> you have to dig deeper. the only bug that
seems to affest the php version in stable is #76582 in the php bug
tracker. there is the CVE
replaced-url
1935[18:56:03] <bites> s/affest/affect/
1936[18:56:14] <petn-randall> Not even links to the original
source. I'd start digging on other websites to see if those
issues exist.
1937[18:56:45] <petn-randall> (I'm talking about
cisecurity.org, s.d.o is fine)
1938[18:57:54] <bites> so it's still vulnerable, but most of
the list you can ignore.
1980[19:36:01] <hans_> gkwhc, what? pass multiple parameters to a
command?
1981[19:36:18] <greycat> if this xinput command only takes one
number in that spot, you could write a shell loop. for n in 10 11
16; do xinput map-to-output "$n" LVDS1; done
1984[19:36:36] <gkwhc> hans_: like in the example, i used curly
brackets. thought it would work but the command doesnt take that
1985[19:37:00] <gkwhc> greycat: ah so it really depends on the
command then. i thought its a universal thing for bash
1986[19:37:07] <gkwhc> shell programs i mean
1987[19:37:11] <greycat> The shell's brace expansion is just
a shorthand for writing out the sequence of arguments directly.
xinput m {10,11,16} L is equivalent to xinput m 10 11 16 L
1988[19:37:36] <gkwhc> oh i see
1989[19:37:43] *** Quits: intcat (~zshlyk@replaced-ip) (Remote host closed the connection)
2004[19:40:43] <ctcx> But file extensions sure can mean different
things for different applications...
2005[19:41:00] <ctcx> If trying to open a tar.gz with 7zip GUI I
have to open it twice!
2006[19:41:09] <greycat> Some programs (notably, web servers)
will use the file extension to decide what kind of Content-Type:
header to put on the output stream, etc.
2007[19:41:28] <greycat> Maybe your "7zip GUI" assigns
meaning to the filename extensions.
2031[19:45:46] <nyov> tar is not much better, but both together
are disaster, without some error correction
2032[19:45:46] <greycat> Is that a real concern for you, nyov? I
haven't run into a corrupted compressed data file in years.
2033[19:45:55] <nyov> greycat: lucky you
2034[19:46:04] <nyov> xz btw. is not much better
2035[19:46:18] <nyov> but bzip2 is nice in that regard
2036[19:46:37] <greycat> As far as I'm aware, they're
not *designed* for robustness in the face of random bit damage.
They're designed for compression ratio and speed.
2037[19:46:50] *** Quits: rugshucker (rugshucker@replaced-ip) (Remote host closed the connection)
2038[19:46:55] <hans_> hrm it's capable of beeping but
nothing else it seems
2039[19:48:03] <nyov> yes, but everyone seems to use them that
way. besides most people aren't even aware about the issue
2040[19:48:03] <ctcx> So file extensions, at least on Linux, are
just meaningful for the users, not the system. So if I found an
unknown extension-less file, there's no way to tell what it is?
Whether a text file, binary, image, audio....
2059[19:52:22] <greycat> Even if I publish the specification and
it has versioned headers and everything, it will still be something
your file(1) command doesn't know about, because your command
is from yesterday.
2060[19:52:35] <greycat> New file formats are invented
constantly.
2061[19:52:43] <nyov> well, depends on your file format greycat.
2062[19:52:44] <Habbie> greycat, well, they should stop doing
that ;)
2063[19:53:03] <nyov> if it was based, e.g. on EA-IFF-85, file
should still be able to ident some
2078[19:56:24] <hypn0> its not file type, its mime type :-)
2079[19:56:40] <pldiem1> hi, I am trying to install nvidia
drivers, but I am getting compiler version check fail, during dkms
compilation, is there any simple thing I can do about it?
2089[19:58:21] <jmcnaught> pldiem1: those are bad instructions
that cause you to overwrite system files, you should follow these
instructions instead:
replaced-url
2213[20:29:50] <pldiem1> should I try apt-get again?
2214[20:30:07] <pldiem1> nvidia-driver
2215[20:30:10] <pakcjo> Hello, I just added a package to my
private repository with reprepro, but I didn't have the
password of the key at that moment, the package was added but I
assume it isn't signed, is there a command I can use to resign
it? or should I remove and add it again?
2216[20:30:10] <nyov> oh, was that still apt-get?
2217[20:30:16] <pldiem1> yes
2218[20:30:24] *** Quits: krabador (~krabador@replaced-ip) (Remote host closed the connection)
2219[20:30:31] <pakcjo> I can't find anything in the
reprepro man page about signing/resigning
2220[20:30:32] <nyov> was it doing dkms stuff?
2221[20:30:58] <pldiem1> I don't think so, it was during the
cleanup
2223[20:31:26] <nyov> do you have a
/etc/X11/xorg.conf.nvidia-xconfig-original now, and a
/etc/X11/xorg.conf? if so, perhaps move that back before trying
again
2230[20:34:45] <pldiem1> so, install nvidia, once again?
2231[20:34:52] <nyov> then just one more check- if you have
'/etc/modprobe.d/nouveau-kms.conf' with 'options
nouveau modeset=0', remove the file and update-initramfs again
2232[20:35:03] <nyov> to undo that other tutorial stuff
2233[20:35:15] <pldiem1> I did that, but let me verify
2234[20:35:34] <nyov> ok, not sure if it's relevant much,
but tobesafe
2235[20:36:17] <pldiem1> ok, I have it and I will remove the file
2257[20:42:14] <pldiem1> there are three processes
2258[20:42:17] <greycat> roylaprattep: the fact that you *did*
join here, and were able to ask, implies that perhaps you were
asking a theoretical question about the other #debian on the other
network..? maybe.
2259[20:42:23] <pldiem1> all related to nvidia
2260[20:42:30] <roylaprattep> Oh, ok, no.
2261[20:43:15] <roylaprattep> cause my irssi is set to
autoconnect on freenode and autojoin #debian then, it connect but do
not autojoin anymore.
2310[21:05:05] <jhutchins_wk> Does current chromium have this
stupid problem with repeated keyring password windows popping up
every time you start it?
2311[21:05:43] *** Quits: Night-Shade (~TimF@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
2412[22:10:59] <nyov> I think that can switch your cards -
replaced-url
2413[22:11:29] <diogenes_> nyov, sof instance if i want my whole
xfce session to run with nvidia, i modify
/usr/share/xsessions/xfce.desktop, Exec = optirun blah blah
2414[22:11:40] <diogenes_> for*
2415[22:11:43] <nyov> but you have bumblebee, so Idk if that
works
2416[22:11:59] <nyov> ok
2417[22:12:31] <diogenes_> in my case i modify Exec=startxfce4
for Exec=optirun startxfce4
2418[22:12:36] <diogenes_> reboot afterwards
2419[22:12:42] <nyov> do you have hdmi out?
2420[22:12:50] <diogenes_> no i don't
2421[22:12:59] * jhutchins_wk has yet to meet anyone who knows how
bumblebee works.
2422[22:13:17] <pldiem1> I have no prime-select command
2493[22:29:19] <nyov> well. whatever you have before when you ran
glxgears?
2494[22:29:40] *** vjacob_ is now known as vjacob
2495[22:30:54] <pldiem1> You do not appear to be using NVIDIA X
driver. Please edit your X configuration file (just run
`nvidia-xconfig` as root), and restart the X server.
2496[22:31:00] <pldiem1> that is in the popup
2497[22:31:15] <pldiem1> on terminal some error
2498[22:31:16] <nyov> did you run `optirun -b none
nvidia-settings -c :8` ?
2583[23:02:50] <nyov> did you set your /etc/default/grub to your
specifications then?
2584[23:03:01] <ryouma> Brigo: the kernel switches fonts as it
scrolls past, for example. still possible? also console has
seemingly irremediable issues like a blinking cursor that even if
you fix it with ansi codes (which requires having those in memory or
available on a partition) it still gets reset by emacs.
2585[23:03:10] <ryouma> nyov: yes i did that
2586[23:03:43] <ryouma> (probably gets reset by any tui, not sure
thought)
2587[23:03:47] <ryouma> though*
2588[23:03:47] <nyov> you could perhaps try
GRUB_CMDLINE_LINUX="nomodeset vga=0"
2589[23:04:08] <nyov> but that's no good advice ;)
2593[23:04:39] <nyov> looks like you might have a framebuffer
there
2594[23:04:40] *** Quits: hammer065 (~hammer065@replaced-ip) (Quit: Restart the game...)
2595[23:04:43] *** Quits: platvoeten (~platvoete@replaced-ip) (Remote host closed the connection)
2596[23:05:17] <nyov> okay I should just shut up, my boot
knowledge isn't the best anymore
2597[23:05:19] <ryouma> dunno. i just know that pre-jessie worked
perfectly with my video card, then it stoped working and then i had
to for the first time run firmware-nonfree and taht modeset had
smoething to do with it
2598[23:05:39] <greycat> ryouma: that sounds like the upgrade
from jessie->stretch actually
2599[23:06:41] <ryouma> jessie was such a problematic upgrade
taht i have yet to upgrade to stretch
2614[23:14:43] <slark> hi all, long time since i didn't
install a debian server. And i see that the i have the option to use
LVM for my partitioning. (last time i heard aboud lvm it was
experiemental i think)
2616[23:15:08] <slark> Is LVM partitioning the way to go now ? or
can i still use the old way ?
2617[23:15:57] <greycat> You can use either way. Whichever one
makes the most sense for this machine.
2618[23:16:02] <nyov> LVM is stable and very well usable. but of
course you can use 'static' partitioning, if you
don't anticipate the need to rechange your partition layout
2631[23:19:19] <slark> nyov: humm in fact i am a bit confused to
ask this.. cause this is really a "newbee" question. i
need advice for my partionning scheme. if you feel to share your
experience following my need.
2634[23:20:36] <slark> nyov: i have 1 TO and actually i will run
a debian server which will do almost everything (web, mail,
application logic of mobile app and git rep)
2636[23:21:16] <ryouma> slark: to me lvm has too many levels and
commands and corner cases to be worth remembering between needs to
use them. but if you're a sysadmin, it would be totally worth
it.
2637[23:21:38] <slark> ryouma: ok you convinced me to use static
partionning then
2638[23:21:43] <ryouma> hehe :)
2639[23:22:07] <ryouma> you can still get luks and stuff without
lvm
2640[23:22:09] <nyov> humm. on a server I don't expect you
have UEFI, but my standard layout is: 200MB EFI sda1 / 200MB ext2
boot sda2 / * LVM sda3
2641[23:22:09] <slark> i mean i can learn, i mean we all do this
in tech stuff.. but i need this server to be up for tomorow so..
2643[23:22:48] <slark> nyov: this is a dedicateed server on the
net so not sure about UEFI
2644[23:22:52] <jrg> does anybody here use a pi running debian
that uses upsd to call ipmi commands to soft shut down computers
during a power outage?
2645[23:22:57] <jrg> i was wondering if this was a viable option
2646[23:23:00] <nyov> then just drop the first partition
2647[23:23:16] <jrg> since a pi can stay on a lot longer with far
less power. then once power is restored it can run an ipmi command
to bring the boxes back up
2648[23:23:22] <nyov> I'd keep a dedicated boot partition
2649[23:23:29] <nyov> then 10-20GB root partition
2650[23:23:40] <nyov> the rest for your data
2651[23:23:45] <slark> nyov: sound perfect so far it was my main
idea
2652[23:23:52] <slark> nyov: oh really the rest for the data ?
2653[23:24:09] <nyov> well, depends on where your data is I
suppose
2654[23:24:13] <slark> should i create a kind of /var /usr and a
/home partition ?
2656[23:24:27] <nyov> usually too much hassle for me
2657[23:24:32] <slark> nyov: mostly log, bdd, some mail and
application ( node.js)
2658[23:24:33] <nyov> I use /data or some such
2659[23:24:49] <slark> ofc apache/web stuff
2660[23:24:58] <nyov> ok, if you think much happens in /var/ and
/usr/ then give those more space
2661[23:25:50] <ryouma> depends on your server. if you think it
could run out of space then you might ened it but otherwise i thi8nk
the trend is boot, root, home, data
2668[23:27:54] <nyov> which usually never exceeds 10G
2669[23:28:07] <nyov> (including logs)
2670[23:28:12] <slark> humm if i don't create a /var /src
/usr or even /opt they will be appent to the / part right ?
2671[23:28:34] <nyov> they'll appear on the root, yes
2672[23:28:36] <ryouma> during dist-upgrade you might accumulate
packages that transiently fill up more than your root if you do not
put enough there, i think
2673[23:29:15] <slark> ryouma: yeah i remember this kind of
things on a little server, and it was a nightmare to maintain
2678[23:30:16] <nyov> here LVM helps me; I have sda3 a PV volume,
single VG, and can resize the LVs I add in there if I need to
2679[23:30:22] *** Quits: wonderer (~quakeroat@replaced-ip) (Quit: Famous quotes #1: "Not everything that can be counted
counts, and not everything that counts can be counted." -
Albert Einstein (1879-1955))
2680[23:30:44] <nyov> so if var fills up more than expected, I
can resize the LV, say xfs_growfs, and done
2681[23:30:57] <nyov> (though I can't shrink an xfs)
2682[23:31:14] <slark> nyov: you use a single LVM parition, or
you use more than one ?
2683[23:31:34] <slark> if you can create and resize your lvm
partition do you really need more than one ?
2729[23:41:25] <nyov> except the 2 or so times my rack died
because of some power switch issue
2730[23:41:40] *** Quits: Night-Shade (~TimF@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
2731[23:42:56] <slark> nyov: well i feel dirty to use a
"/boot" "/" and "swap" partition
scheme, particulary when i worked a sys admin like 15 years ago lol
2788[23:56:38] <BCMM> annadane: basically iptables has been
replaced by nftables in the kernel (a few years back now). however,
there is an iptables compatibility layer for nftables, so iptables
rules work the same as ever
2791[23:57:54] <BCMM> native nftables will probably perform
better, but very few users are handling enough traffic (or have
complex enough rules) for that to matter
2792[23:57:55] <nyov> has it really been a few years back? I was
trying to switch several times, with some issue or other
2794[23:59:03] <slark> the bsd alternative can be still used
right ?
2795[23:59:09] <nyov> can you use both in parallel now? as in,
have some script work with nftables natively while another manages
the rules in iptables syntax?
2796[23:59:23] <slark> the firewall bsd alternatives i mean
2797[23:59:30] <BCMM> should probably say nftables has replaced
netfilter; i don't think the kernel part was ever called
iptables