21[00:09:13] <petn-randall> noob23: You can install
intel-microcode, or amd64-microcode, and the kernel should make use
of the new CPU instructions to fix it.
33[00:19:49] <Lyberta> there are mentions that "su"
has changed in buster and recommends ALWAYS_SET_PATH in
/etc/login.defs but that leads to warning when logging in:
replaced-url
34[00:20:09] *** Quits: Space_Man (~Space_Man@replaced-ip) (Remote host closed the connection)
53[00:37:58] <jmcnaught> Lyberta: I recommend simply using
'su -l' instead of 'su' without arguments. With
a login shell you will get root's $PATH with /sbin and
/usr/sbin
54[00:38:22] <Lyberta> jmcnaught, but will this change current
directory?
58[00:39:24] <rwp> If su'ing to root it's a good idea
to change directory and get out of the non-root directory. Otherwise
other things have a tendency to leave root owned files behind.
59[00:39:47] <jmcnaught> Debian before buster used su from
login, but in buster has switched to the su from util-linux
86[00:57:21] <Lyberta> karlpinc, so if I want to keep current
directory but become root via a root password I need to just use
"su" with ALWAYS_SET_PATH, right?
88[00:59:41] <karlpinc> Lyberta: I don't know about
ALWAYS_SET_PATH. What are you really trying to do? You wind up with
a strange system that only you can admin if you start frobbing stuff
like that.
89[01:00:27] <Lyberta> karlpinc, I guess I just new "open
root terminal here" right click option in file manager...
90[01:00:31] <Lyberta> need*
91[01:01:08] <Lyberta> right now I use "open terminal
here" and then type "su"
94[01:02:37] <karlpinc> Lyberta: I always open a regular
terminal and "su -l" when I need to be root. Then,
I'm logged in as root, in root's home directory etc., etc.
And I can do things as root, things which generally should not be
done in "regular" directories that are user accessable.
95[01:03:14] <karlpinc> Lyberta: Or, I use the UPG idiom and
put my user in a group so that it has permissions it needs to do
things like maintain website documents, etc.
96[01:03:28] <Lyberta> karlpinc, I have typing, so i prefer to
open directory via mouse and then I need root terminal there
105[01:05:51] <karlpinc> Lyberta: If I were you I'd write a
script that does what I want and stick it in a menu entry. I stay
away from the GUI mostly. It's too slow.
111[01:07:17] <Lyberta> karlpinc, and for me mouse in the
fastest way, like, I don't need to look at keyboard and move my
hands to type
112[01:07:37] <karlpinc> Lyberta: You may need to log out and
back in again, dunno.
113[01:08:28] <karlpinc> Lyberta: Reaching back and forth from
the mouse to the keyboard is too slow. You're going to have to
type stuff, so keeping your fingers on the keyboard is fastest.
114[01:08:50] <karlpinc> Lyberta: Of course if you can't
type, that's different. It's worth learning, unless
you've a disability.
116[01:10:13] <Lyberta> karlpinc, for me it's mostly web
browser and gaming and for gaming I use arrow keys so switching to
qwerty part of keyboard is slow
160[01:32:08] *** Quits: alexertech (~xb@replaced-ip) (Quit: Fades into the darkness)
161[01:32:40] <annadane> test left but in case anyone else wants
openbox tips, obmenu, lxhotkey and tint2 are good packages and you
can copy /etc/xdg/openbox to .config/openbox for your user
188[01:54:50] <epony> I was at work that day, watched it on TV
live as it was happening, felt both very sad and disheartened..
couldn't believe it was possible this could happen.
189[01:54:59] *** Quits: penyuka_ibu2_sem (~androirc@replaced-ip) (Remote host closed the connection)
190[01:55:39] <epony> but what does it have to do with OpenBox
configuration?
191[01:55:45] <magic_ninja_work> I was in 10th grade algebra
class. I remember watching in awe. My teach was crying.
192[01:56:15] <magic_ninja_work> OpenBox configuration holds the
keys to defeating ISIS
210[02:07:01] *** Quits: fearnothing (~nothing@replaced-ip) (Remote host closed the connection)
211[02:07:07] *** Joins: Immanuel (~Manu@replaced-ip)
212[02:07:33] <dstaring> I have discovered that commercial
websites actively change around their JSON blobs and HTML in order
to mess with my bots. It forces me to constantly manually verify
that the info is actually correct and has not been screwed with. For
example, a resource that list the registered vehicles for an address
now puts "1" in the HTML and then later changes this by
JavaScript-loading a JSON blob, parsing it and changing the DOM.
That's evil.
213[02:07:47] <dstaring> It causes me constant stress as I have
to keep up with their stupid changes.
214[02:08:10] <dstaring> (They charge so much for actual API
access that I could never even come close to affording it.)
215[02:08:10] <annadane> name and shame!
216[02:08:28] <epony> use other web sites, that don't need
JS :-)
217[02:08:39] <dstaring> epony: No such thing.
218[02:09:11] <epony> well what could you do then to solve it?
244[02:27:41] <ghormoon> hi, hypothetical question, is there
some way to make linux "remount" a drive to a copy of it
(somehow hold off writes for a little while to ensure sync is up to
date, mount from another location) and keep (somehow remap) open
files, so not kill any apps, just let them wait few seconds for io?
268[02:34:31] <ghormoon> let's say i have 1min old copy of
the / partition, i want to freeze it, sync in the last minute of
changes, mount it from the new location and disconnect the old one
269[02:34:42] <ghormoon> but it's kinda stretched scenario
270[02:34:44] <ghormoon> just came to my mind
271[02:34:54] <ghormoon> and rare so reboot is ok :D
272[02:35:01] <rant> idk what any of that means
273[02:35:24] <rant> sounds to me like you got a long list of
other problems making you think you need to do this
274[02:35:39] <ghormoon> no, i'm just overengineering
things :D
275[02:36:08] <ghormoon> thiking i can make a "live"
usb, that would be able also to bootstrap itself to a real disk,
start using it without reboot. but i can just reboot there
276[02:37:15] <jmcnaught> ghormoon: with LVM you can make a
snapshot volume of a filesystem's underlying block device. You
can then mount that snapshot somewhere and copy from it, or modify
it. The original block device remains read-write. You can also merge
a volume back to the state of the snapshot, but doing that with root
filesystem would require reboot.
277[02:37:32] <rant> you are confusing terms and creating one x
y problem after another
278[02:38:02] <rant> debian systems already do pretty much
exactly what you describe.. its called a pivot_root
279[02:38:30] <jmcnaught> ghormoon: well I think you would
definitely want to reboot after installing to make sure the system
is installed properly
281[02:39:20] <rant> the linux kernel is full of such things..
pivot_root() kexec() etc..
282[02:39:58] <ghormoon> what happens if you do that and some
random binary is writing to some file? will it write to the same
filename in new root or die and need a restart?
286[02:41:15] <ghormoon> the backroud sync would be zfs
send/recv, so i can do it kinda efficiently with -I to sync up the
last minute of changes or so, no need to copy over lvm volume at
once
287[02:41:39] *** Quits: mchnsmrrd (~androirc@replaced-ip) (Remote host closed the connection)
288[02:42:08] <dstaring> linux.die.net <-- I always read that
domain as a sentence. "Linux: die, net!"
289[02:42:35] <annadane> die bart die
290[02:42:39] <epony> read it as "linux.the.net"
291[02:44:52] <dstaring> Epona the e-pony.
292[02:45:00] <epony> doesn't Debian have a manual pages
somewhere
replaced-url
293[02:46:24] <ghormoon> thinking if i can actually use criu
somehow for that, just dump it, umount/sync/mount and restore
294[02:46:47] <ghormoon> especially for containers
308[03:00:07] <Lyberta> while updating to the newer kernel and
regenerating initramfs I get: "run-parts: failed to exec
/etc/initramfs/post-update.d//update-efi: No such file or
directory", why is there a second slash out of sudden?
314[03:07:22] <ghormoon> is there something more generic than
pivot_root to pivot any other mountpoint too? sometnig like mv but
for a mountpoint?
315[03:08:20] <ryouma> when i booted stretch just now, it had a
lot of messages that flew by, including a lot of messages about a
mapped drive. /var/log does not seem to have this. i tried
journalctl, but it does not have it either. what switches to
journalctl do i use? i have bootlogd installed but it does not seem
to do anything. i tried journalctl -b as it suggested but that does
not work either.
316[03:09:11] <ryouma> ghormoon: i am ignorant but maybe bind
mount could be useful?
317[03:09:35] <ghormoon> not sure what happens if you remove the
original mount then? does it stay at the new place?
318[03:10:03] <ghormoon> which makes me think it will be even
more complicates with containers as they use bind mounts, yay :D
320[03:11:23] <ryouma> ghormoon: dunno, i try to steer clear of
them unless i am doing a chroot, just a random idea in case nobody
who has a clue could help you
321[03:11:52] <ghormoon> i guess criu them out and back
immediately after rmeounting would be the easiest in the end :D
322[03:12:24] <ryouma> my question above can be summarized as:
"in stretch, a lot of booting stuff flew by. what do i do to
look at all of them?"
427[04:40:55] <jetblackcloud> so, i'm a bit confused. it
would appear per the debian "secure boot" web page that
there is a package called "grub-efi-ia32-signed." yet, it
doesn't come up in the repos with apt.
429[04:42:13] <dstaring> Do the ****** at Google not have a real
e-mail list for Chromium support? I only get the "Login to
Google account" screen of death no matter what I try to do.
430[04:42:29] <jetblackcloud> do an "apt-cache search
grub-efi-ia32-signed" and nothing comes up.
431[04:42:40] <jmcnaught> jetblackcloud: are you on a 32-bit
system?
434[04:43:54] <jetblackcloud> jmcnaught: no. but, i write a
guide that teaches a means of creating a usb stick that can boot to
either efi 64/32 or bios. with buster, the ability to secure boot is
nice. and while the webpage says it can work with 32 bit, and there
is a package to download from that link above, it does not appear to
be in the repos.
435[04:44:33] <themill> dstaring: I'm not sure #debian
would know.
436[04:44:42] <jetblackcloud> trying to figure out if i'm
missing something.
445[04:47:32] <jmcnaught> jetblackcloud: if you are on an amd64
system and want to install a package that is only available for i386
then you need to add the architecture as in the wiki page I linked
above.
449[04:48:15] <jetblackcloud> if you're running buster,
test it out with apt-cache. i've yet to personally encounter a
situation where a 32 bit efi install was needed. but the machines
that use that are out there.
450[04:48:44] <jetblackcloud> so, trying to figure out what i
need to do to address that instance in a future guide,
466[04:57:00] *** Quits: Prints (~333@replaced-ip) (Ping timeout: 252 seconds)
467[04:57:07] <jetblackcloud> jmcnaught: in past, installing the
grub-efi-ia32-bin package without adding the i386 arch wasn't
an issue. read about weird machines that used 64 bit cpu based os
with 32 bit efi.
468[04:57:19] <jetblackcloud> figured there'd be something
there for signed as well.
469[04:57:57] <themill> having i386 packages within amd64 was
always a kludge and people have been trying to get rid of them and
just use multiarch
470[04:58:47] <jetblackcloud> themill: for the screwy setup i
read about, it appeared the only "32 bit" aspect was the
uefi loader. everything else was 64. never encountered it myself.
471[04:59:01] *** debhelper sets mode: +l 1511
472[04:59:05] <jetblackcloud> some tablet based machines it
seemed.
473[04:59:37] <themill> yes, there's a couple of classes of
machines that need that sort of boot
474[04:59:46] <jetblackcloud> probably overkill on my part
covering it. but, seemed worthwhile just in case.
488[05:09:09] <ryouma> booting stretch has a lot of messages
that flew by (including a whole lot of messages about a mapped
drive). /var/log does not seem to have this. i tried journalctl, but
it does not have it either. i have bootlogd installed but it does
not seem to do anything. i tried journalctl -b as it suggested but
that does not work either. what switches to journalctl do i use?
489[05:10:04] <mureena> use bacon
490[05:10:09] <mureena> that'll fix it
491[05:11:15] <ryouma> mureena: p ruby-bacon - Small RSpec clone
492[05:11:50] <ryouma> what is the usual thing you do when you
want to see exactly what flew by and disappeared when you boot?
493[05:11:55] <mureena> I suggest that you check the output of
dmesg
494[05:12:18] <ryouma> i did that too. it does not contain the
lines about the mapped drive.
495[05:12:38] <mureena> mapped drive, anything special on your
fstab?
499[05:13:53] <jmcnaught> ryouma: are these mystery messages in
early boot?
500[05:14:44] <ryouma> jmcnaught: they were definitely after i
aws prompted for password for drive, but idk what constitutes early
501[05:15:03] <ryouma> for a partition*
502[05:15:47] <dstaring> What do you do when Chromium literally
doesn't work according to instructions and their IRC rooms are
100% dead and they don't provide any kind of support besides
the Google Cancer-only Google Spy Group BS?
503[05:15:50] <ryouma> so journalctl with no args is supposed to
print everything that shows in booting except ... before it is
initialized or something?
504[05:15:58] <dstaring> And Stack Exchange ignores all my
questions...
505[05:16:41] <jmcnaught> ryouma: I don't think that
messages from the initrd stage of booting are captured in the logs
506[05:16:56] <ryouma> jmcnaught: ah, i presume this is much
after that, as i was prompted for luk s
507[05:17:13] <themill> dstaring: This really isn't
on-topic for #debian. Given the way you write here, I'd have a
guess that there's an issue with the way you ask the questions.
508[05:17:38] *** Quits: alex27m (~alex27m@replaced-ip) (Remote host closed the connection)
513[05:21:49] <jmcnaught> ryouma: my root filesystem is
encrypted so it needs to be unlocked at boot. That's the initrd
handling that, because root and its contents are not unlocked yet.
init and journald and rsyslog aren't running yet because
they're on the encrypted drive
514[05:22:30] <magic_ninja_work> So has debian implemented
anything like silverblue?
515[05:23:17] <jmcnaught> ryouma: I think using systemd-boot it
can record those early boot messages in the journal, but Debian uses
GRUB and initframfs-tools instead
516[05:23:20] <magic_ninja_work> I was thinking about it. Seems
like it would be a pretty good solution Industrial Stuff. I'm
looking at making my own HMI.
517[05:23:29] <magic_ninja_work> Or rather platform to deploy
industrial stuff.
518[05:24:24] *** Quits: debsan__ (~debsan@replaced-ip) (Remote host closed the connection)
524[05:26:38] <ryouma> jmcnaught: yeah it is root. so journalctl
by itself gets me everythign i should be able to get on debian?
unless i switch to some systemd booting system?
525[05:27:17] <jmcnaught> ryouma: I could be wrong about
systemd-boot I don't think it replaces initrd
526[05:27:23] *** Quits: debsan__ (~debsan@replaced-ip) (Remote host closed the connection)
527[05:27:46] <jmcnaught> ryouma: but yeah the journal includes
the complete kernel logs (dmesg) as well as the stdout and stderr of
every service running
528[05:27:49] <ryouma> i vaguely remember that bootlogd used to
get me everything i wanted, but no longer
532[05:30:46] <jmcnaught> ryouma: you could try adding
'debug' as a kernel command line arugment which according
to this wiki page will put some debug information in
/run/initramfs/initramfs.debug:
replaced-url
538[05:35:01] <ryouma> is there a command to check the fsck
status of an fs, without unmounting it? like, check status of root
fs right now (even if it doesnt fsck it but just says what the
result was)
539[05:36:40] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
541[05:37:52] *** Quits: saptech (~saptech@replaced-ip) (Quit: Now you see me, now you don't)
542[05:37:54] <ryouma> (lol, the initramfs debug shell has vi.
that's great, but i'd be beeping and my computer would be
swearing, or vice-versa. i wonder if it has nano.)
543[05:39:04] <somiaj> ryouma: journalctl -u systemd-fsck* --
seems to give you what happened at boot
551[05:43:06] <ryouma> somiaj: your cat command works great and
actully shows me lots of lines for the mapped drive (it was fsck).
your journalctl command doesn't show those.
554[05:47:50] <dstaring> epony: I have Firefox installed and use
it exclusively as my browser. So that part is not the problem. The
problem is that Firefox has no --dump-dom option, which Chromium at
least *claims* to have (but actually doesn't, since it
doesn't actually do anything)...
555[05:48:13] <dstaring> epony: The only way to dump the DOM in
Firefox appears to be to install a bunch of unwanted cancerware such
as Node.js and Selenium, and I wish I could avoid that.
556[05:48:21] <dstaring> (And even then, it's not clear how
to do it.)
560[05:49:37] <ryouma> would it be useful to put nano on my boot
partition? it uses shared libraries, so i don't know whether
that is possible. can you make a shared library executable static?
561[05:51:17] *** Quits: yans (~yans@replaced-ip) (Quit: chaos is the only true answer)
577[06:06:00] <jmcnaught> ryouma: you can add binaries to the
initrd, look at
/usr/share/doc/initramfs-tools-core/examples/example_hook in that
script it uses a copy_exec function
578[06:06:47] *** Quits: herlocksholmes (~herlocksh@replaced-ip) (Remote host closed the connection)
584[06:09:10] <ryouma> jmcnaught: thank you. looks like a task
bigger than i can do right now but maybe if i take another look at
it tomorrow. sounds like i cargo cult that if statement, add my
executable, and redo the initrd. then take care to ... maintain the
initrd across debian versions or somethign? not suer.
587[06:12:42] <jmcnaught> ryouma: you put the hook in
/etc/initramfs-tools/hooks/ I had to do this once on jessie to use
lvmcache I needed to add /usr/sbin/cache_check into the initrd as
was a couple of kernel modules
591[06:14:57] <jmcnaught> I don't know what you mean by
cargo cult in this context.
592[06:15:06] <jmcnaught> Use it without understanding it?
593[06:15:44] <ryouma> more or less
594[06:16:30] *** Quits: lord_helmet (~lordhelme@replaced-ip) (Remote host closed the connection)
595[06:16:31] *** Quits: dez (uid92154@replaced-ip) (Quit: Connection closed for inactivity)
596[06:16:43] <ryouma> but if it is in /etc, then it will not be
run until root is mounted. so it would not be useful for th case
when root is not mounted, i guess
601[06:17:54] <jmcnaught> ryouma: the hook script's
copy_exec function copies a binary and its libraries into the initrd
when update-initramfs -u is run
661[07:36:22] <themill> deetwelve: I don't think
/etc/netconfig ever had anything to do with disabling ipv6 on a
system. It's the config file for one particular library.
662[07:36:35] <themill> !noipv6
663[07:36:36] <dpkg> From Debian 6.0 "Squeeze"
onwards, <IPv6> is built into the Linux kernel (excluding the
loongson-2f flavour). To disable IPv6, add the kernel command line
option ipv6.disable=1 to your bootloader.
664[07:36:51] <themill> ^^ that might well still work, I
can't say that I've ever tried
680[07:52:55] <kreyren> how do i get linux 5.2 on debian
bullseye ?
681[07:54:06] <jetblackcloud> any idea why grub-update hangs
indefinitely after manual install of grub via cli in expert install?
if i reboot into rescue, it works fine. but, not during install.
695[07:59:01] <jetblackcloud> some extra info. partion is msdos
table. set up to support both efi and bios.
696[07:59:02] <kreyren> if curl is missing on your system ->
install it
697[07:59:14] <jetblackcloud> on a reboot with rescue,
update-grub works without issue.
698[07:59:53] <jetblackcloud> but, during expert install phase,
in the shell at the end, after the grub-install routines are run,
update-grub hangs with nothing
699[07:59:58] <kreyren> jetblackcloud, interesting.. what
grub-mkconfig is used on rescue distro? host or chroot?
700[08:00:14] <jetblackcloud> chroot
701[08:00:30] <kreyren> what kernel is used on host and chroot
702[08:00:31] <jetblackcloud> and it's hanging in chroot
during initial install
703[08:00:46] <kreyren> did you tried to pass grub-mkconfig
manually?
704[08:02:10] <jetblackcloud> same kernel. 4.19.0-5-amd64. tried
running grub-mkconfig manually. same issue.
705[08:02:40] <deetwelve> themill: strange that the file i used
to edit and comment out ipv6 would force all ipv4 binds. now anytime
i run something its automatically binding to ipv6 which i dont want.
706[08:02:49] <kreyren> just to be sane: `sudo apt update -y
&& sudo apt upgrade -y && sudo apt dist-upgrade -y
&& sudo apt autoremove -y`
727[08:11:55] <deetwelve> its not that its not offering ipv4,
its just a pain to have to define it. and currently i cant find the
parms for caddy to bind to 4
728[08:11:58] <jetblackcloud> root in sh as well
729[08:12:09] <jetblackcloud> still hanging in bash
730[08:12:27] <kreyren> jetblackcloud, so bash works? if yes
-> try executing it now
731[08:12:44] <themill> deetwelve: most daemons would listen on
all available networks
732[08:12:48] <kreyren> jetblackcloud, also i would suggest you
to verify checksum of installer in case it got corrupted
733[08:12:50] <jetblackcloud> kreyren: i did. update-grub is
still hanging.
734[08:13:24] <kreyren> sounds like bug to me then.. so we can
either try to fix the installer or you can check if it's
corrupted
735[08:13:24] <jetblackcloud> installer is fine. verified on
download. and "update-grub" works if i reboot in rescue
mode and run it.
736[08:13:26] <themill> deetwelve: no idea what caddy is though
-- it doesn't seem to be in debian?
737[08:13:36] <deetwelve> caddyserver.com
738[08:13:54] <jetblackcloud> something is locking it up.
739[08:14:13] <kreyren> jetblackcloud, try to nuke /boot/grub
and reinstall it then followup with update-grub
780[08:35:54] <jetblackcloud> kreyren: that is hanging as well
781[08:36:02] <kreyren> O.o
782[08:36:32] <kreyren> theories: hugged up scheduler, glibc
issue
783[08:36:55] <jetblackcloud> kreyren: this is with a fresh
install
784[08:37:07] <kreyren> sorry i sent wrong logic try this: `if
grep -qF
/boot/{initrd.img,config,System.map,vmlinuz}-4.19.0-5-amd64; then
echo "all gut"; fi`
785[08:38:46] <jetblackcloud> also hanging
786[08:38:53] <kreyren> elaborate hanging
787[08:39:09] <jetblackcloud> text drops to next line
788[08:39:14] <jetblackcloud> no blinking cursor
789[08:39:17] <jetblackcloud> nothing
790[08:39:21] <kreyren> wait you are using sh so it wont work
since i'm using {something,something1}
791[08:39:22] <jetblackcloud> absolute stall
792[08:39:28] <kreyren> hm
793[08:39:41] <jetblackcloud> should i go back to bash
794[08:40:19] <kreyren> verify that there are config- ,
System.map-, vmlinuz-, initrd.img- suffixed with your kernel version
in /boot
800[08:42:42] <jetblackcloud> kreyren: i'm at a loss as
well. i read that os-prober may have been the issue. but, i've
tried removing it in test runs and this still happens.
801[08:43:08] <kreyren> it would have some output without
os-prober based on my experience
802[08:43:21] <jetblackcloud> oddly, if i just let the standard
non-expert run through, it works without issue. and with stretch,
this issue didn't happen with expert install.
803[08:43:40] <kreyren> and assuming that curl returns C
function it seems like something wrong with glibc or it may be
affected by you using tor, but i lack the experience in that area
804[08:44:11] <jetblackcloud> if i reboot and go into rescue
mode, update-grub works fine once i mount and drop the shell.
805[08:44:13] <kreyren> jetblackcloud, i would suggest filing a
bug report and provide info for reproduction
806[08:44:29] <epony> jetblackcloud you should read grep's
man page
807[08:44:34] <jetblackcloud> ok.
808[08:44:53] <kreyren> epony, eh? i've provided that logic
for grep
809[08:45:07] <jetblackcloud> maybe i'm missing something.
let me give you basic steps.
820[08:46:39] <kreyren> epony, works on my system (tm)
821[08:47:07] <jetblackcloud> encrypted root in 3rd logical
partition
822[08:47:13] <kreyren> jetblackcloud, uefi doesnt care about
filesystem you can use any table based on my results
823[08:47:23] <epony> kreyren try with $ grep .
824[08:47:39] <jetblackcloud> go through expert install and get
to point of asking to install boot loader. choose "continue
without boot loader." drop to shell.
825[08:47:58] <jetblackcloud> mount the random requirements.
chroot target.
910[09:10:35] <dpkg> friendlyGoat: Please pastebin the contents
of your /etc/apt/sources.list and /etc/apt/sources.list.d/*.list.
The easiest way to do this is to pastebin the output of: head -v -n
-0 /etc/apt/sources.list{,.d/*}
911[09:10:52] <generic> dist-upgrade
912[09:11:39] <xbow> friendlyGoat: just try # rgrep -nie
'stable' /etc/apt
913[09:11:48] <jetblackcloud> kreyren: sorry, pts was being
bitchy, not proc.
914[09:12:01] <xbow> friendlyGoat: this will show all occurences
971[09:38:33] <dpkg> First, check for a backport on
<debian-backports>. If unavailable: 1) Add a deb-src line for
sid (not a deb line!); ask me about <deb-src sid> 2) enable
debian-backports (see <bdo>) 3) apt update; apt install
build-essential; apt build-dep packagename 4) apt -b source
packagename 5) dpkg -i packagename-ver.deb To change compilation
options, see <package recompile>; for versions newer than sid
see <uupdate>.
972[09:40:50] <Kon-> !bdo
973[09:40:50] <dpkg> backports.debian.org (formerly
backports.org) is an official repository of <backports> for
the current stable (see <buster backports>) and oldstable
(<stretch backports>) distributions, prepared by Debian
developers. Ask me about <backport caveat> and read
replaced-url
974[09:41:16] <zamuro> Kon- You bored at home or something?
975[09:41:23] <zamuro> !flood
976[09:41:23] <dpkg> It's considered impolite to paste many
lines of text on IRC. Please don't do it. Pasting one line is
fine. Pasting two lines you can usually get away with. Pasting three
lines will get you insulted. Pasting four or more lines will get you
kicked. If you want to paste, ask me about <paste>
977[09:41:54] <Kon-> Well, I want to know if the "enable
backports" step is required to build a deb from deb-src sid on
a Testing installation
978[09:42:10] <at0m> Kon-: you can also /msg dpkg $factoid
985[09:43:20] <at0m> if the info is relevant to the discussion
here, you can !factoid, if it's for single user there's
"dpkg: tell $nick about $factoid"
986[09:44:01] <ratrace> what kind of policy does debian apply to
firefox-esr; now with 68.0-ESR released can we ever expect that
version (or perhaps the next ESR) in stable?
990[09:46:02] <ratrace> at0m: but 60.x.x (current esr) expires
in october
991[09:46:31] *** Quits: dez (uid92154@replaced-ip) (Quit: Connection closed for inactivity)
992[09:46:44] <annadane> when esr goes EOL we'll see the
new esr
993[09:46:59] <sedrosken> yeah they'
994[09:47:02] <sedrosken> erp
995[09:47:08] <sedrosken> they'll figure it out then
i'm sure
996[09:47:11] <at0m> ratrace: for desktop use, feel free to use
backports or testing/sid. on servers, it would become messy if
automated (security-)updates changed functionality, let alone config
syntax etc
1005[09:48:21] <ratrace> at0m: yeah i know but iam not asking
about that
1006[09:49:15] <vsayikiran> hi i am debian buster+mate+lightdm
user with 2 local accounts user1 and user2......I wish to setup each
account with its own locale values. Such that all menus are
displayed in their local language......currently locales are
installed and env variables set up, but only default english is
applied across all user accounts. Kindly help me in this regard.
1014[09:50:10] *** Quits: Codier (~user@replaced-ip) (Remote host closed the connection)
1015[09:51:30] *** Quits: yonder (~yonder@replaced-ip) (Remote host closed the connection)
1016[09:51:30] <ratrace> at0m: both stretch and jessie have
upgraded to 60.x.x so iam assuming that as the debian policy for
firefox-esr; just wasn't sure
1017[09:52:49] *** Quits: Space_Man (~Space_Man@replaced-ip) (Remote host closed the connection)
1018[09:52:51] <noln> Kon-, backports is for isntalling pre-built
pkgs from testing on stable. It's not to be enabled on testing.
To build a package, apt-get -b source
1019[09:53:05] <ratrace> ah and i can use flatpak too? how's
flatpak support on debian?
1022[09:53:59] <annadane> for firefox specifically? i don't
know
1023[09:54:04] <Kon-> Okay noln, thanks. That's what I
assumed but was confused because the info bot said "2) enable
debian-backports" was step 2 for building a package from sid
source
1024[09:54:47] <Kon-> I guess the purpose of that is to make sure
Stable users have the most up to date libs before compiling
1025[09:54:52] <ratrace> annadane: i meant in general, i guess
individual flatpak packages just work if the framework works
1026[09:55:04] <annadane> i haven't heard any problems
1027[09:55:11] <ratrace> i'll give it a spin
1028[09:55:22] <annadane> in stretch they actually recommended
you install from backports but no longer as of buster, obviously
1029[09:56:17] <annadane> which may or may not change as buster
ages but i guess flatpak was new as of stretch?
1031[09:57:03] <noln> Kon-, the ssb factoid tells how to make a
backport. In general, compiling is done against the distro libs: to
compile for stable you use libs from stable, not testing.
1032[09:58:10] <noln> That's what makes a frozen release...
frozen.
1033[09:58:41] <weedly> and then you chill
1034[09:58:46] <annadane> initial release for flatpak, september
2015, so... stretch was the first release to include it
1035[09:59:02] <annadane> so now that it's matured it's
unclear whether one will want to use buster-backports for flatpak in
future
1036[09:59:26] <annadane> well i suppose it might've been in
jessie backports but you get the point
1037[09:59:28] <ratrace> depends on functionality wanted or
required?
1038[10:00:05] <annadane> the only two things *i* noticed were
syntax changes compared to the manual and the fact flatpak's
website specifically recommended stretch users to use the backports
version
1039[10:01:16] <ratrace> probably due to those early versions
needing bugs ironed out
1042[10:03:55] <annadane> oh right jessie-backports is
discontinued anyway
1043[10:04:03] <annadane> was wondering if it'd show up
there or not
1044[10:04:39] <noln> flatkill.org and other interesting articles
discuss security problems of flatpaks et similia. Some are even
inherent to the idea of a "bundled application image".
1045[10:06:41] <weedly> thats what you use to distro trojans
1046[10:07:31] <weedly> vul lib bundled in PROFIT
1047[10:07:45] <weedly> NSA lovers it
1048[10:08:50] <annadane> i've seen that and related
discussions and i'm still pretty comfortable using flatpaks,
but make up your own mind
1050[10:09:08] <ratrace> that's a rather old fud site; most
of those arguments are not specific to flatpak packaged software;
besides containers never were security frameworks as one needs
something like selinux to secure them
1051[10:09:20] <annadane> that being said i use them for one
package and not 20 of them
1052[10:09:45] <ratrace> it's good to have them should one
need something unavailable regularly
1055[10:12:24] <annadane> i need to go over the manual more some
day, there's a *lot* of behind the scenes stuff functionality
that's easy to gloss over
1059[10:13:48] <annadane> i'm also honestly getting a little
tired of "could execute arbitrary code" when the
likelihood of it happening for any given vulnerability in any
program is 0.00000000001%
1062[10:14:15] <annadane> i mean that's an exaggeration but
still
1063[10:14:30] <noln> the point is that sandboxing is done by
using a different uid and Xorg anyway, anything else is escapable by
definition. Containers are meant to be secure as long as uid 0 is
not mapped inside the container.
1075[10:19:04] <annadane> i think given a choice you probably
should use something other than flatpak (for various reasons) but
they're a good resource i suppose
1076[10:19:30] <annadane> whether flatpak is ESPECIALLY a
security nightmare compared to other containerizations... i
don't know
1077[10:21:01] <ratrace> on fedora at least it is secured by
selinux
1078[10:21:03] <weedly> flatpak should run virtualized
1086[10:22:34] <jaggz> how do I scan networks (using a
wifi-radar) when the wifi manager is using the device?
1087[10:22:55] <jaggz> I think I used to be able to use it,
intermittently or something -- it used to figure out a way to access
it, or find some window of time?
1088[10:23:03] <jaggz> but now, no matter what, I get
"Device or resource busy"
1093[10:25:31] <annadane> "It is recommended to run such
applications under a Wayland session that provides real isolation
between graphical applications, unlike X."
replaced-url
1116[10:43:47] <LinuxGuy2020> I was wondering if I use the
program Timeshift to make a snapshot of my stable installation and
then I upgrade to the unstable branch, can Timeshift effectively
take me back to stable if I restore the snapshot?
1174[11:24:03] <kojibka> I've sticked to Buster since
initial 'testing' time. Starting from March or May I could
not get any updates except 3-rd party software due to it's
Frozen state. Now as it is 'stable' I still could not
update/upgrade it. Does it mean my system is in full order? I did
try # apt-get update --allow-release-change , no luck so far. My
' /etc/apt/sources.list' :
replaced-url
1216[11:47:10] <Tom-_> your sources.list looks fine. what is the
symptom exactly?
1217[11:47:11] <Tom-_> !ask
1218[11:47:12] <dpkg> If you have a question, just ask! For
example: "I have a problem with ___; I'm running Debian
version ___. When I try to do ___ I get the following output ___. I
expected it to do ___." Don't ask if you can ask, if
anyone uses it, or pick one person to ask. We're all
volunteers; make it easy for us to help you. If you don't get
an answer try a few hours later or on debian-user@lists.debian.org.
See <smart questions><errors>.
1220[11:49:13] <humpled> looks to me like one of the security
lines should be uncommented
1221[11:49:13] <kojibka> Tom-_: #diogenes_: stated it right. All
was commented out. That was surely not me. Probably some Buster
transition bugs. All I did was follow wiki page above and all set
back to normal
1222[11:49:50] <kojibka> Have no idea how it could happen!
1223[11:50:03] <humpled> the main line at the bottom won't
give any upgrades until the next point release i guess
1224[11:50:08] <Tom-_> me neither, unless it was always commented
out and you were really using some other sources file
1225[11:50:16] <Tom-_> but humpled is right, you should include
security updates
1246[11:58:08] <dutchfish> one more thought, when you come from
stretch is, sudo apt dist-upgrade, so all newer is pulled in, when
apt/source.list is correct.
1251[12:01:12] <kojibka> dutchfish: Buster present on my system
since it was 'testing' - almost from the first day. More
then 1 year by now.😀️
1252[12:02:00] <kojibka> All this mess started the time is was
declared 'Frozen-state'
1253[12:02:39] <kojibka> Anyway it is OK for now
1254[12:02:55] <kojibka> Thanks to developers!
1255[12:03:27] <dutchfish> kojibka, i have the same going on,
still, after dist-upgrade it updated the sources.list automagically
to stable. as is yours now. Of couse, after Buster was released.
1256[12:03:51] <dutchfish> kojibka, and apt got updated in the
process.
1257[12:04:56] <dutchfish> kojibka, it tested both ways 1. Buster
testing -> Buster stable. 2. Stretch upgrading to Buster, after
Buster was released.
1263[12:06:34] <kojibka> dutchfish: For me 'buster'
instead of 'testing' in 'sources.list' kept me
safe from any other problems. This should give a rough idea to
developers. May be it's time to avoid 'old-stable' ,
'stable' and 'testing' in
'sources.list'? What do you think? As soon as release got
upgraded there's a lot of confusion over veteran-noobs like
myself!
1314[12:16:10] <zophyx_> wow, a gnome/debian store is a good idea
1315[12:17:02] <kojibka> zophyx_: !)
1316[12:17:43] <nope> Hi. when the computer sleeps the audio
seems to change from hdmi/displayport to digital output. This is on
buster gnome. Is there any way to make it stick to hdmi?
1353[12:33:02] *** Quits: makinazo_ (~makinazo_@replaced-ip) (Remote host closed the connection)
1354[12:33:11] <daifuco> Hi. when the computer sleeps the audio
seems to change from hdmi/displayport to digital output. This is on
buster gnome. Is there any way to make it stick to hdmi?
1360[12:36:24] <mathieu> daifuco: I had the same issue, this is
annoying and I finally disable the analog jack device directly in
the bios to leave the HDMI as the sole sound output
1361[12:36:42] <zophyx_> daifuco, you might have to find a way to
run script on wakeup to correct that behavior
1367[12:40:04] <mathieu> humpled: no just an option that enable a
device to be default and stays default even if another is connected
and even if it is temporary disconnected
1369[12:41:03] <mathieu> it has to be coded in junction between
the UI setting and the sound server, that might be the reason why it
is not yet implemented
1370[12:41:35] <mathieu> I have an issue with a newly installed
buster (w/ Gnome), the log application does not have privilege
access to system log. I prefer to ask before making a mistake, what
privilege I have to modify to fix this problem?
1373[12:44:11] <mathieu> The help is descriptive about the
privilege scheme and how it works but is not specific to what group
the admin user should have access to
1381[12:47:51] <daifuco> thanks mathieu and zophyx_ , i tried the
on wake script on ubuntu but i cant remember if it worked, ill check
disabling the analog audio
1441[13:26:04] <MTB2019> using debian9. on chrome there is a
script on acertan websites(newspapers) with the "accept cookies
click OK" message... that makes the browser freeze for like 2
minutes. whois is very inconvenient as u can imagine. any clue how
to fix this ?
1443[13:32:22] <_Vi> Why `gpg2` can generate a detached
signature, but `gpg1` says "secret key not available".
Previously "aplty publish" worked, but after update to
buster it doesn't.
1480[13:51:10] <themill> _Vi: apt uses gpgv to verify signatures,
not gpg. In principle, you can use either gpg1 or gpg2 to make the
signatures, just that aptly hadn't caught up with the fact that
everyone had moved on from gpg1 already
1495[13:58:04] <themill> _Vi: if the aptly you have will instead
run gpg2 and work, then you could remove the gpg1 package and
pretend that it is installed with equivs.
1496[13:58:06] <themill> !equivs
1497[13:58:07] <dpkg> equivs is a package that enables you to
create dummy packages that tell <apt> you really have
installed (through some other means) the package. apt install
equivs, and read /usr/share/doc/equivs/*, see also <usrlocal>.
A better plan is often to adapt the Debian packages to your needs,
ask me about <package recompile> <uupdate> <ssb>.
1498[13:58:29] <themill> (Note that when using equivs and things
break, you get to keep all the pieces)
1499[13:59:11] <_Vi> `apt-get remove gnupg1` simply removed this
one package. `aptly upload` works after that.
1505[14:00:48] <themill> (This is basically the standard failure
mode of having both gnupg1 and gnupg2 installed, and it's not
clear that there is any way of fixing that)
1506[14:01:13] *** Quits: BlueByte (~walther@replaced-ip) (Quit: This computer has gone to sleep)
1507[14:01:33] <terr_> she is 65
1508[14:03:18] <jelly> terr_, you probably wanted
#debian-offtopic not #debian
1531[14:15:16] <jelly> NetTerminalGene, it does not seem to be
configured as resolver by default. It starts, listens on all
interfaces, does not answer dig google.com @127.0.0.1
1535[14:17:54] <jelly> NetTerminalGene, unless you have specific
reasons to use Bind, there probably are better options for a local
recursor. unbound or pdns-recursor come to mind
1540[14:20:09] <jelly> terr_, most of what you're writing
does not seem to be coming through. If you're asking for tech
help, make sure to read what your irc client is doing.
1555[14:28:38] <NetTerminalGene> jelly, dig A gnu.org @127.0.0.1
gives me output and 0 query time. does it work? but my
/etc/resolv.conf shows the dns address i used before
1558[14:30:18] <jelly> NetTerminalGene, I have no idea how bind9
integrates with resolvconf these days. See if there's a service
missing. See if there's a README.Debian in
/usr/share/doc/bind9/
1580[14:38:00] <NetTerminalGene> it can connect sites
1581[14:38:46] <themill> MTB2019: you can install the
firmware-misc-nonfree package as it contains some of those firmware
blobs. You may or may not actually need those blobs for your
hardware, of course.
1722[16:17:26] <Antioch> Hello. I've used rsync to copy a
set of files/folders from HostA to HostB, moved and renamed things
on HostB and want to sync the changes back to HostA. It appears that
rsync cannot simply move and rename files, and instead wants to copy
all the changed files/folders back leaving me with two copies on
HostA. Is there any other tool I can use that will simply
move/rename files as necessary on HostA without leaving me with two
copies?
1723[16:18:13] *** Quits: amphiprions (~amphiprio@replaced-ip) (Remote host closed the connection)
1724[16:18:45] <themill> rsync can clean up the second copy
(--delete options) but it will still do the transfer again. rsync is
not a good tool for bidirectional syncing
1726[16:19:16] <maze88> Hi, I am getting a new laptop, what would
be better, generally, and specifically for using with Debian - Dell
Latitude 7300 or Thinkpad X390?
1727[16:20:21] <flipxyz> I really like thinkpads and never had
any problem with it in terms of linux
1728[16:20:31] <Antioch> themill, what alternative do you suggest
for this use case?
1729[16:20:33] <flipxyz> So I would X390
1730[16:20:37] <petn-randall> maze88: Thinkpads are known to run
well on Linux in general. Don't know much about that Dell
model. But if you do a quick internet search of "Dell Latitude
7300 Debian" you'll likely find some blog post of any
issues that showed up.
1731[16:20:45] <tiggster79> maze88, either would be great, but
Thinkpads are legendary for their Linux compatibility.
1734[16:21:26] <silver_hook> After updating to Buster, does it
make sense to purge the older PHP and Postgres versions? And if so
how do I do that?
1735[16:21:28] <themill> Antioch: I like unison for such things
but it's far from perfect. git-annex can work well if
you're syncing via some sort of repo
1736[16:21:33] <oiaohm> petn-randall: dell it depends on the
model
1737[16:21:47] <oiaohm> petn-randall: and configuration of that
model.
1738[16:22:00] <maze88> what do you mean by configuration of that
model?
1739[16:22:02] <tiggster79> Plus Thinkpads are just awesome! My
Thinkpad X280 is the nicest computer I've ever owned.
1740[16:22:06] <petn-randall> silver_hook: You likely want to
migrate any database over before removing old postgres.
1741[16:22:16] <vsayikiran> maze88: I run buster on Dell latitude
D520, 500gb HDD 7200rpm, 1GB DDR2 RAM...purchased in 2006
1742[16:22:49] <sysmox> lenovo has a poor linux support IMHO,
don't know about DELL
1743[16:22:53] <oiaohm> tiggster79: the new thinkpads not so much
they are starting to go the route of built in battery.
1744[16:23:00] <vsayikiran> since 2007 from time of debian
4.0(etch) and until now 2019 still working fine
1745[16:23:21] <tiggster79> If you want to go Dell, the XPS 13 is
probably the best bet if you want full Linux support
1746[16:23:26] <oiaohm> sysmox: again with lenovo it depend
model. Lenovo does make some models intentionally with Linux
support.
1758[16:27:26] <tiggster79> maze88: I guess that depends on what
you're looking for. They still are extremely durable and have
amazing keyboards. If your goal is primarily expansion and upgrades,
they have certainly slipped in that regard
1759[16:27:29] <maze88> I think I am veering towards Dell, I
'feel' I believe in them more then..
1760[16:27:35] <adfeno> After building a package using sbuild, I
now have .DEB files, but how do I install them in my sbuild chroot /
schroot ?
1761[16:28:20] <tiggster79> maze88, honestly you won't go
wrong with either
1762[16:28:22] <sysmox> Under Linux, different Lenovo models have
what's called Thermal Throttling (CPU capped), plus, also some
models affected by fan noise because of turbo boost stays at 4GHz in
idle. Lenovo solution is powershell commands.
1763[16:28:53] <themill> adfeno: if you want to do that
permanently, then enter the chroot and install them. If you want
them available to apt as build-deps on a future build, then make a
local apt repo
1764[16:29:01] *** debhelper sets mode: +l 1558
1765[16:29:38] <oiaohm> sysmox: 2019 ThinkPad P-series from
lenovo ship with Ubuntu installed out box. It really does depend on
the model.
1766[16:29:41] <maze88> powershell commands? that doesn't
sound linux-y to me! ):
1767[16:30:01] <oiaohm> sysmox: and of course those are not using
powershell hacks or any other hacks.
1772[16:31:57] <adfeno> I must go now, I'm in a hurry. Thank
you all ! :D
1773[16:31:57] <sysmox> oiaohm: yes, some modes might be great,
AFAK, none of them support fingerprint reader under linux (it might
have changed, though)
1780[16:36:23] <NetTerminalGene> guys, i installed "bind9
bind9utils bind9-doc bind9-host" packages. i want to remove
them, but it wants to remove core gnome packages too. how can i
remove these packages without removing other packages?
1786[16:39:13] <themill> NetTerminalGene: bind9-host is required;
you can't remove it
1787[16:39:21] *** sdx is now known as Guest41830
1788[16:39:40] *** Quits: gangwan (~gangwan@replaced-ip) (Remote host closed the connection)
1789[16:39:46] <sourcream> xbow, I need to ban proxies when
detected. Does /etc/hosts update real time or requires restart?
1790[16:39:57] <NetTerminalGene> themill, thanks
1791[16:40:33] <xbow> sourcream: no restart required
1792[16:40:57] <sourcream> xbow, so it updates right away after
its modified?
1793[16:41:05] <sourcream> Also what if there is bunch of lines
1794[16:41:08] <sourcream> like thousands?
1795[16:41:13] <petn-randall> sourcream: Adding things in
/etc/hosts just changes the DNS resolution. If you want to blackhole
IP addresses, you'd do that with `ip route`.
1802[16:42:25] *** Quits: daifuco (~daif@replaced-ip) (Remote host closed the connection)
1803[16:42:34] <petn-randall> sourcream: You'll need
something to set it up permanently. Either script it, or use
shorewall (or many other tools for the job).
1804[16:42:37] <_abc_> Hello. Is there a debian package for
gradio? I can only find sources and mint/etc packages.
replaced-url
1805[16:42:41] <xbow> sourcream: depends what you want to do...
1820[16:46:34] <petn-randall> sourcream: If the xbox doesn't
do a DNS lookup, the connection will go straight through when using
/etc/hosts. So setting a nullroute or rejecting packets is the safer
option.
1821[16:47:05] <sourcream> petn-randall, oh okay I see!
1839[16:52:03] <sourcream> petn-randall, okay! Oh yeah I got you.
But also is this null routing most efficient way to drop unwanted
traffic from ip addresses?
1840[16:52:11] <sourcream> tds, hmm il google
1841[16:53:12] *** Quits: yagi (~yagi@replaced-ip) (Remote host closed the connection)
1845[16:55:58] <tds> if you want most efficient, dropping as
early as possible (ie iptables raw/prerouting, or maybe with tc/nft)
is probably what you want
1847[16:56:27] <tds> and use ipsets if you want to drop many
things with quick hash based lookups
1848[16:56:54] <tds> if you need to drop an awful lot of traffic,
you might also want to look at dropping directly on NICs
1849[16:57:20] <silver_hook> petn-randall: I already did the
migrations. Just wondering if it makes sense for security reasons to
clean up older versions of binaries
1850[16:57:47] <jelly> dob1, that's a VERY good question
1851[16:58:28] <jelly> my znc users definitely do not have
sudo-to-root rights
1904[17:21:24] <dob1> I mean, I want to encrypt the connection
between my pc and the pc where is running the bnc, even if they are
on the same network. I was thinking to use a self signed cert.
1905[17:21:37] <jelly> dob1, yes, but I also access it only via
vpn.
1910[17:23:54] <tsujp> hey guys I am trying to set up an ssh
tunnel from localhost, through the jumpbox host1, to the bastion
host2 but it's not working. I use ssh keys for this,
here's the command I am using, does anyone have any ideas?
1922[17:28:28] <jmcnaught> tsujp: do you know about ProxyJump
(man ssh_config) and its commandline shortcut -J (man ssh)? You can
probably simply do 'ssh -J user@host1 user@host2'
1923[17:28:47] <jmcnaught> tsujp: Also why log in as root,
especially on the jump host?
1928[17:29:53] <tsujp> It needs to be a tunnel though because I
want to run commands locally and have those hit the endpoint on
host2, e.g. curl localhost:7007 and have it return the webpage on
host2 and not my local machine
1951[17:37:49] <tsujp> Right, well let's just use ProxyJump
for now because working > not-working
1952[17:38:01] <tsujp> How do I bind my localport say.. 9999 to
the target host machine's port 9999
1953[17:38:14] *** Joins: kale (~kale@replaced-ip)
1954[17:38:23] <tsujp> So that I can view a website in my
localbrowser, or do things like "curl localhost:9999" on
my local machine and get the response from the server running on
host2
1961[17:47:16] <tsujp> Okay so I've got this working `ssh -J
jump,host1 host2`
1962[17:47:36] <tsujp> But I don't want to actually ssh into
the machine, I just want the tunnel, so I tried adding `-D 7007` but
that doesn't work. Am I doing something wrong?
1963[17:47:47] <tsujp> I want to access 7007 on host2 from my
localmachine (for development purposes)
1964[17:48:10] <rudi_s> tsujp: -L ?
1965[17:48:36] <vsayikiran> I wish to install flash plugin from
adobe website in firefox. installation guide says to copy
libflashplayer.so file to default plugins directory.....which is
that directory?
1966[17:49:27] <jmcnaught> tsujp: yeah did you try "ssh -J
user@host1 -L 7007:host2:7007 user@host2"
1968[17:49:55] <tsujp> I need the jump there also jmcnaught
1969[17:50:17] <tsujp> Hmm -L 7007:host2:7007 says it's
already bound, so I set it to some random 9999 and it says it's
also bound so something is going wrong there rudi_s
1971[17:50:28] <jmcnaught> tsujp: that's what the -J was for
in my command
1972[17:51:15] <Rust3dCor3> Hi. Anyone know a nice prog. for
replaygain editing for mp3 files for buster? I was using mp3gain and
easymp3gain in the past.
1973[17:51:26] <tsujp> You've only got host1 and host2 in
yours though but I need jump, host1 and host2 jmcnaught
1974[17:51:29] <noln> vsayikiran, should be .mozilla/plugins
create it if it doesn't exist
1975[17:52:10] <jmcnaught> tsujp: there are three hosts involved?
2012[18:13:25] <jmcnaught> NetTerminalGene: you have 127.0.0.1 in
/etc/resolv.conf? Is it still there, is anything else there? How did
you 'see ISP DNS?'
2013[18:14:14] <tsujp> okay jmcnaught I've got that but now
I get curl: (56) Recv failure: Connection reset by peer
2018[18:15:04] <tsujp> I want to run this curl curl -X POST -H
"Content-Type: application/json" --data
'{"jsonrpc":"2.0","method":"web3_clientVersion","params":[],"id":67}'
replaced-url
2024[18:18:53] *** Quits: Roedy (Roedy@replaced-ip) (Quit: See you IRL!)
2025[18:19:01] *** debhelper sets mode: +l 1564
2026[18:19:02] <jmcnaught> tsujp: with this command I only have
keys on the local computer: 'ssh -J
host1.example.org,host2.example.org -L 8080:target.example.org:80
host3.example.org' then if I go 'telnet localhost
8080' I am connected to port 80 on target.example.org
2060[18:40:12] <jmcnaught> tsujp: sorry I don't now
what's going wrong without seeing the commands you're
using. Maybe there is a problem with network or DNS configuration?
2114[19:11:56] *** Quits: tiggster79 (~stephen@replaced-ip) (Remote host closed the connection)
2115[19:14:25] <n-st> i'm trying to chroot into an old
wheezy installation (3.16 kernel) from a live iso with kernel 4.19,
and bash and zsh segfault immediately
2116[19:14:29] <n-st> is there anything i can do about that?
2117[19:14:46] <ChmEarl> n-st yes
2118[19:15:00] <petn-randall> srged: That's not a bad idea,
though totally unrelated to your issue.
2238[20:42:44] <seekr> Does anyone here have experience using
Clonezilla and/or other techniques for cloning a partition? I want
to move my installed system to a new machine.
2310[21:27:12] <somiaj> debian-user: oh that is the desktop or
filemanager app inside the desktop
2311[21:27:19] <debian-user> xdg?
2312[21:27:21] <moritz> Hi all. I've upgraded my server from
stretch to buster, and now a systemd service that starts a docker
container fails with: "Failed to trim compat systemd cgroup
/system.slice/tau-alert.service: Device or resource busy"
2313[21:27:21] <debian-user> goddamnit
2314[21:27:28] <moritz> what does that mean, and how do I fix it?
2315[21:27:34] <debian-user> okay, thank you, greatly appreciate
that
2316[21:27:45] <somiaj> debian-user: for those of us who
don't use desktops, the files Downloads, Desktop, etc will not
be created.
2317[21:28:05] <debian-user> i just hate the bloody
capitalization
2318[21:28:10] <debian-user> i'm not a windows user, i can
read
2319[21:28:30] <annadane> so mv /home/debian-user/Downloads
/home/debian-user/downloads
2320[21:28:36] <debian-user> aha! there it is. thank you kindly
2321[21:28:47] <petn-randall> Huh? Capital letters are a thing on
Linux filesystems.
2323[21:29:24] <debian-user> petn-randall: seriuosly? you
seriously typed that?
2324[21:29:25] <somiaj> its more the xdg (freedesktop.org)
standards and desktop files. I agree, I think they are silly, but
then again I don't use a desktop so they usually aren't a
problem for me
2325[21:29:30] <debian-user> cmon
2326[21:29:33] <somiaj> though I get annoyed at xdg apps that
create them.
2327[21:29:36] <debian-user> you know what i am actually saying
2339[21:32:05] <somiaj> I would try to keep your comments on
actuall support and not adding noise and agression to those trying
to help
2340[21:32:27] <petn-randall> this ^
2341[21:32:31] <debian-user> i only dish it out in equal amounts
2342[21:32:50] <debian-user> petn-randall is welcome to not say
anything if it isn't useful either
2343[21:32:58] <somiaj> and either you need to learn how to deal
with xdg (I don't think there is much way around it at some
level) or just avoid the desktop enviroments and build your system
up from a simple window manager.
2346[21:33:10] <somiaj> debian-user: you are the only one dishing
anythying out.
2347[21:33:15] <debian-user> somiaj: i agee *nod*
2348[21:33:30] <debian-user> well not on the last part but
whatever
2349[21:33:39] <debian-user> i appreciate the heads up on xdg
2350[21:33:47] <mq> can somebody help me understanding
processes/scripts and the "ownage" of them?
2351[21:34:03] <jmcnaught> moritz: can you show the service unit
that is having the problem (with systemctl cat <unit>) and the
systemctl status output from it?
2352[21:34:37] <somiaj> mq: in *nix, all files and thus process
have a user who 'owns' the file or process.
2353[21:34:52] <mq> wait, i'll start over again: Is a script
that is run by systemd owned by root?
2354[21:34:55] <somiaj> mq: in addition files (and process) have
permissions on what can be done via a 'group' and then
'eveyone'.
2355[21:35:19] <mq> somiaj thanks. I think i mixed up some
terminology here
2356[21:35:21] <somiaj> mq: not generally, root can run a process
as any users, so systemd will start many processes as an appropriate
user. Only some are actually run by root in the end.
2365[21:36:49] <somiaj> mq: so though the systemd unit/service is
run by root, the process it forks (or creates) may be run by a
different user. For example the apache process is run the the
replaced-url
2381[21:39:07] <elm_> what do I need to do to still get updates
from buster as it has been turned from testing to stable?
2382[21:39:09] *** Tom_- is now known as Tom-_
2383[21:39:12] <somiaj> You haven't described your actual
task, but systemd uses unit files which can launch commands (or
other scripts)
2384[21:39:25] <somiaj> but systemd is not like sysv which uses a
lot of scripts, it uses unit files, and most things can be done with
just the unit file.
2385[21:39:37] <annadane> elm_, you can set up unattended
upgrades or subscribe to debian-security@lists.debian.org and run
those updates manually
2388[21:40:01] *** Quits: ghoti (~paul@replaced-ip) (Read error: No route to host)
2389[21:40:03] <somiaj> also depending on the script, what you
want it to do, a unit filie/systemd may not be the appropriate place
for such things (user scripts can be run in different placese)
2391[21:40:40] <elm_> annadane: isn´t there a simple
command I can enter to continue with user invoked updates?
2392[21:40:49] <somiaj> elm_: provided you have
'buster' in your sources.list and include the standard
buster, buster security and buster updates (pre point release
updates) in your sources.list, nothing, just upgrade as normal.
2393[21:41:01] <annadane> !buster sources.list
2394[21:41:01] <dpkg> A suitable /etc/apt/sources.list for
"Buster" has three lines: "deb
replaced-url
2395[21:41:05] <somiaj> if you use 'testing' in your
sources.list, you might not be running buster anymore.
2396[21:41:06] <mq> somiaj: i would like to run a simple shutdown
script, but every unit-file i created did either work not at all or
if so it seemed unstable and didn't work after some time
2397[21:41:25] <somiaj> mq: simple shutdown script that does
what?
2398[21:41:55] <somiaj> sounds like you need to read up on
systemd docs on unit files and how configure a unit file to execute
a certain script/command at shutdown.
2399[21:42:10] <somiaj> (I'd have to read up on it myself,
as I don't write many shutdown specific scripts)
2400[21:42:24] <jmcnaught> moritz: that is curious. I would ask
in #systemd if you don't get an answer here, in that channel
you might need to be patient while it's still the weekend
though
2401[21:42:33] <mq> somiaj: i've read them serveral times
and i am looking for a simpler way. The script should send a
shutdown command to another machine using client based ssh-key
authentication.
2405[21:44:04] <mq> somiaj i managed to do this with a
systemd-unit once or twice but it was allways buggy
2406[21:44:14] <somiaj> mq: and you want this shutdown request to
happen everything machine A is shutdown, what about restarted (since
it does go through a shutdown process)
2412[21:45:18] <somiaj> elm_: user invoked updates? You
shoudln't have to change anything once buster was released and
continue update/upgrading normally.
2413[21:45:27] <somiaj> (provided you use 'buster' and
not 'testing' or now 'stable' in your
sources.list)
2414[21:45:56] <moritz> jmcnaught: ok, thanks. I'm writing a
bug report first
2415[21:46:03] <somiaj> mq: that does change things, because
systemd will run shutdown scripts even with a restart.
2418[21:46:27] <somiaj> mq: maybe just write a custom shutdown
script that shutsdown all the machines and run that vs trying to
automate it via systemd.
2419[21:46:44] <noln> elm_, yw. Next time don't assume we
know what's the problem, take the time to write a one-liner
with your cmd and the error msg
2428[21:49:18] <somiaj> mq: that is one way to do it, you have to
kinda anaylize your use case to see what is most affective for you,
but a custom shutdown script that triggers shutdown on all machines
you want at once might be more useful, than having a service
automatically do this each shutdown.
2431[21:49:56] <somiaj> again this isn't a use case I'm
familar with so I dont' really have any better suggetions.
Either learn systemd well enough to know what targets you need to
reference and have it be automatic, or just write a separte shutdown
script.
2432[21:50:09] <somiaj> I also think there are often tools for
managing multiple machines that may have this functionality built
in.
2434[21:50:33] <somiaj> mq: just out of curiousity, why do you
need one machien shutdown to trigger another, are these machiens
linked via host/guest and vms?
2435[21:50:41] <mq> somiaj: thanks! My initial concern was that
there are troubles with authentication scince i haven't really
found a way to test it.
2436[21:51:12] <somiaj> provided you have the keys setup
correctly it should work.
2438[21:52:18] <mq> somiaj: the command/script works perfectly
when i run it as root in a shell. One machine controls the power of
the other machine so the second one needs to shutdown
simultaneausly/slightly before the first one.
2439[21:52:29] *** Quits: earend1 (uid170954@replaced-ip) (Quit: Connection closed for inactivity)
2446[21:55:47] <somiaj> provided there isn't some way the
machine will trigger shutdown without you initiating it, you could
just manually run the script
2447[21:56:10] <somiaj> though it appears you can configure
systemd to do this, you just have to make sure you configure it
right, seems it is possible, just not something that is that
standard so could take some testing
2449[21:58:04] <mq> somiaj: ok. I thought
/usr7lib/systemd/system-shutdown was intended for exactly those
things scince it is easyer though. anyhow it doesn't work that
way either.
2463[22:02:23] <somiaj> yup, which is why the examples in that
stackexchange link run /bin/true at start, and then something at
start down.
2464[22:02:39] <somiaj> the part that takes some work is ensuring
it is run at the correct time (and maybe only run via an actual
shutdown and not restart)
2465[22:02:55] <mq> jmcnaught: yes i am (sort of) familiar with
this but it doesn't seem reliable
2466[22:03:14] *** Quits: conta (~Thunderbi@replaced-ip) (Remote host closed the connection)
2476[22:06:56] <mq> i only know that sshad disabled root-login
completely at some point and i was wondering if there were any known
changes regarding rsa authentication.
2483[22:08:27] <jmcnaught> mq: root logins aren't completely
disabled by default, only with passwords. Key based authentication
still works for root, and it's all configurable in
/etc/ssh/sshd_config
2484[22:08:38] *** Quits: Thedarkb1-T60 (~Thedarkb-@replaced-ip) (Remote host closed the connection)
2494[22:13:45] <somiaj> there are also ways to setup keys to only
run certain commands, if you want extra secruity you can limit what
a key is actually allowed to do. For example I have keys that are
only allowed to run rsync as root, they can't actually login
and they can only pull data (not push)
2510[22:22:20] <mq> somiaj: i only log in as user and excepted
the shutdown command in the sudoers-file on the remote machine. But
that's interesting too.
2518[22:26:36] <mq> wait: as long as i'm here: i could
technically place the unit in network-online.target.wants with
ExecStop=myscript and OneShot=False, right?
2609[23:13:51] <BazookaTooth> n0a110w: the really slick
screensavers ports for xscreensaver possibly. rss-somethingorother?
haven't used those in ages so not sure of the current deb name