this is #debianan IRC-Channel at freenode
(freenode IRC service closed
2021-06-01)
0[00:00:11] <BCMM> PantheraLeo: what qualifies as lightweight
for you? again, that seems like a somewhat odd goal from somebody
who's been using ubuntu...
1[00:00:41] <PantheraLeo> Resource usage.
2[00:01:46] <BCMM> PantheraLeo: see if this assuages your
concerns at all
replaced-url
3[00:02:11] <BCMM> what desktop environment you choose is
going to have orders of magnitude more impact than your init system
4[00:02:12] *** Quits: bsld (50485aef@replaced-ip) (Remote host closed the connection)
19[00:04:03] <dpkg> it has been said that light is "If you
find yourself in a loong tunnel, stay AWAY from the light!"
20[00:04:09] <BCMM> PantheraLeo: i'd say that changing the
init system is something you shouldn't do unless you really
know what you're doing and why you're doing it
26[00:05:22] <annadane> oh no, not another rob alt
27[00:05:47] <BCMM> PantheraLeo: the impact on resource usage
is minimal. the main issues with systemd are philosophical, and
won't affect you or your system directly.
28[00:06:04] <whislock> And whether or not they're even
issues is debatable.
29[00:06:16] <BCMM> i.e., i'd like it if systemd
wasn't trying to gradually take control of the whole ecosystem,
but keeping it off my own system as a protest doesn't really
mean a lot
30[00:07:08] <whislock> If it works better than what came
before, I don't really care, personally.
94[00:51:59] <Gigglebyte> Is there a plugin that would allow my
file viewing to be descending by default? Currently I have to reset
the folder to descending every time I open the documents folder, and
it is a nuisance.
95[00:52:14] <Gigglebyte> I know this is more of an XFCE
question, but no one has responded in the #xfce channel.
240[02:49:13] <brwoods> I'm trying to build a debian kernel
but with some modded kconfig options, when I run "debian/rules
debian/control" I get a python trace and "KeyError:
'gnu-type-package'"
245[02:53:20] *** Quits: mytym (~Mibbit@replaced-ip) (Remote host closed the connection)
246[02:58:31] <nvz> o.O
247[02:58:43] <nvz> you don't rebuild kernel packages the
same as other packages
248[02:58:52] <nvz> !kernel maint
249[02:59:08] <Delf> Who broke my multi-seat!? Having issues
with multi-seat setup such as not being able to log back in after
having logged out. Anyone else having this issue? Debian Buster.
Proprietary nvidia drivers.
250[02:59:15] * nvz shrugs and wanders off... lookup the debian kernel
maintainers handbook
251[03:01:09] <brwoods> well, turns out it was because I was on
Ubuntu 16.04, switched over to my buster VM and it works so
352[04:09:28] <ov3mind> anyone can help me on puseaudio, i had
truble here q-when i login i need stop it and restart and the sound
works only two times, any tip?
375[04:23:21] <grimR> sponix: be careful updating after. That is
where things can get messy. Disable the MX Linux repository during
updates should help prevent breakage
376[04:23:46] <jmcnaught> It's not recommended or supported
to mix distros.
447[05:13:54] <oiaohm> loupe: that does not look right.
nvidia-legacy-340xx-driver << Notice the no -dkms
448[05:15:18] <oiaohm> loupe: the one I referenced should pull
in the libs and other things that may make Nvidia card work. When I
get to needing nvidia legacy drivers I find it as a sign I need to
upgrade.
478[05:39:57] <loupe> oiaohm> after digging around, I
discovered that the driver meta package was ALREADY installed ...
something must have depended on it. SO... I don't know what to
do. I'm running stretch because busters gnome always crashes
after being logged in for about 22 seconds. I'm running dual
boot stretch's ... I use one for testing and this one for
stable use
499[05:49:54] <oxek> why does debian use by default umask 0022
in /usr/sbin/mkinitramfs instead of umask 0077 ? 0077 would help
prevent users from shooting their own foot when configuring
cryptokeys in initrd.
500[05:50:49] <oxek> possibly related
replaced-url
728[09:32:39] <ratrace> holy skagsack, this FF is becoming a
nigthmare to restrict with apparmor. 68 has some pretty nonsensical
requirements in writing stuff under ~/
805[10:46:23] <ratrace> (in theory, I haven't tried if auth
forwarding works via rsync though, but it should as rsync uses
standard ssh client facilities)
850[10:58:45] <no_gravity> One way I used to get the whole dir
out of the container is this: docker exec containername bash -c
'cd /some/dir && tar -cf - .' | ssh othermachine
'cd /some/dir && tar xf -'
851[10:59:04] <no_gravity> But now I would prefer to update it
via rsync then to do a full copy via tar.
854[11:00:29] <ratrace> no_gravity: what do you mean and then
what? any path that's accessible from within docker should be
accessible from the host too
855[11:00:58] <no_gravity> ratrace: How so?
856[11:01:01] <ratrace> no_gravity: like, if you have /some/path
in (chrooted) container, from the host it'd be
/path/to/container'sroot/some/path
857[11:01:08] <ratrace> no_gravity: because it's a
namespace, not a VM
858[11:01:27] <ratrace> of course exceptions to what I wrote
exist if you have a bind mount mess so views are totally different
between host and container
865[11:02:25] <no_gravity> ratrace: Well, as I said, I doubt you
are correct that there is a path on the host that shows what the
container sees under /some/path
866[11:02:43] <no_gravity> ratrace: And you mentioned exceptions
already, so I think you agree.
867[11:03:24] <ratrace> no_gravity: doesn't docker bind
mount paths from the host to begin with?
868[11:03:52] <Habbie> stop
869[11:03:55] <Habbie> again
870[11:04:02] <Habbie> these are implementation details
871[11:04:11] <no_gravity> ratrace: Not sure what you mean.
872[11:04:13] <Habbie> that, in the face of overlapping mounts,
probably doesn't even work
873[11:04:30] <Habbie> what ratrace says is -generally- true
889[11:09:12] * no_gravity installs sshd in the container: apt-get
install openssh-server -y
890[11:09:34] <ratrace> okay so the key point here is that
docker should not be treated as a VM. no ssh-ing in it (you
technically can, but then you technically can run DOS too :) )
893[11:09:58] <ratrace> which means you should configure it in
such a way that all storage paths are primarily host side,
bind-mounted into the docker for its pleasure and business.
894[11:10:23] <ratrace> no_gravity: because dockers are designed
to isolate and contain single process (and their privsep subprocess)
use cases
895[11:10:26] <Habbie> yes, but because no_gravity pieces
together that dir from bindmounted and nonbindmounted things
896[11:10:34] <Habbie> there is no path on the host that
reflects the total state of that dir
897[11:10:38] <ratrace> they're NOT designed to be treated
as "light" VMs, even though technically you CAN do that.
898[11:10:51] <no_gravity> ratrace: By that logic you should not
eat apples. As they are not designed to be eaten.
899[11:10:57] <Habbie> well
900[11:10:59] <Habbie> you should not eat apples
901[11:11:02] <Habbie> there we agree
902[11:11:05] <ratrace> no_gravity: no that's a hyperbole
with no logical reasoning
903[11:11:32] <Habbie> but seriously
904[11:11:35] <Habbie> #docker :)
905[11:11:36] <ratrace> no_gravity: best tool for the job etc...
if you want "light" VM-like environment using containers,
there's LXC for that
906[11:11:41] <Habbie> oh no_gravity is there already
907[11:11:45] <no_gravity> ratrace: Docker works fine for me.
958[11:58:30] <Skuggen> Hi all. I'm looking at the new
members process, and it mentions using an inline pgp signature for
sending the request. I can't seem to get mutt to actually do
this (it just wants to send the signature as an attachment). Anyone
have any ideas?
1119[13:57:57] <jmd> I'm running Debian on a PC. So I wonder
how I can configure it to avoid /bin/login and and display managers.
Is there a howto for this?
1136[14:07:56] <jelly> I have no idea how up-to-date this is:
1137[14:07:59] <jelly> !autologin
1138[14:08:00] <dpkg> If you want an insecure box that boots into
a session with your user. Xdm cannot do autologin but gdm and kdm
can if you really want them to. (But do you?) The <nodm>
package is a good way of automating this.
1139[14:08:03] <jelly> !nodm
1140[14:08:03] <dpkg> In systemd, "systemctl set-default
multi-user.target", or remove the DM package(s) with
"aptitude remove gdm3 kdm lightdm lxdm nodm sddm slim wdm
xdm". "echo false
>/etc/X11/default-display-manager" will also disable the DM,
or just hit ctrl-alt-fN to get to a console. nodm is the name of a
minimal/automatic display manager (replaced-url
1141[14:08:21] <jelly> just the last "nodm" sentence.
1142[14:09:06] <jelly> eypo: actually disabling services will
leave them unable to log in at all; I'm not sure that's
what they want
1177[14:34:41] <Grelek> Hello, we're currently migrating
from Alpine and we'd like to use Alpine's apk feature
"virtual package" or "virtual groups". Basically
we want to install some packages and mark them so we can remove them
all by using a single name. Is it possible in apt-get/apt?
1178[14:35:03] <xormor> is this a good kernel to run on Debian?
is it the latest from the 4 series that I can get as "a normal
default kernel"?
1181[14:37:16] *** Quits: TheFuzzball (~TheFuzzba@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
1182[14:37:20] <xormor> I want to run a signed kernel, because to
me it "sounds cool" to have a signed kernel and Secure
Boot enabled. Now I do. I was considering using the kernel I
compiled by myself again, 5.3.7 but I do not need it, and I do not
want to create a signature for it. I could have Secure Boot
disabled, but I think it is "cool".
1192[14:42:55] <jmosco> so during install, the "debian
desktop environment" is selected by default. From my
understanding, that is gnome. what is the difference when selecting
the gnome option under the default debian desktop environment ?
1227[14:49:09] <ksk> I asked for a way to easily lookup switches
in manpages like some years ago, reddit to the rescue:
"/^[[:space:]]+-r" - works for me (but I will never be
able to remember that regex ;)
1234[14:49:30] <dpkg> English as a language (and other uses) has
plenty of background on wikipedia, however for #debian support,
it's the primary and best supported language here. Please use
other specific language channels (even if they're very idle), a
related mailing list, or your best English here anyway (we'll
try to cope).
1244[14:50:31] <tazul> keluar lah den gw mau nge ddos
1245[14:50:32] <torchinz> hi guys, I have been able to install
nvidia driver on buster. I tried nvtop to check the usage and it
appears that the card is not being used
1246[14:50:38] *** Quits: tazul (~u0_a226@replaced-ip) (Quit: Lost terminal)
1271[15:06:37] <ksk> torchinz: did you read the wiki entry I just
liked? It has a paragraph about having a secondary/primary intel
GPU, too.
1272[15:07:13] <torchinz> damn it, I just saw that. I can't
believe I missed that :/
1273[15:07:20] <ksk> also, I am not very into linux desktops, so
it would also be nice if you could say which driver you installed
how (again, according to the wiki), so we can get a better picture
;)
1294[15:13:41] <L7> there's a bug in debian 10, where the
screensaver doesn't cover the 300pixels from the right to the
left of the screen, with screensaver lockd- u can still use whatev
on the desktop in those 300px range.. ^_^ nice 1..
1295[15:13:48] <BCMM> torchinz: actually this link might be
better
replaced-url
1301[15:14:46] <torchinz> BCMM, can you explain this a little?
"You can use your NVIDIA card for rendering graphics which will
be displayed using the Intel card. "
1302[15:15:12] <BCMM> torchinz: that's how optimus hardware
works. your intel GPU is connected to the screen. your nvidia gpu is
not.
1303[15:15:23] <BCMM> (well, not directly)
1304[15:15:39] <karlpinc> !tell sklv1 about su
1305[15:15:41] <torchinz> follow up question: so the nvidia gpu
is not used?
1321[15:18:54] <L7> o
yeaaaaa:ddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
1322[15:18:55] <L7> there's also a bug in ubuntu 18 and 19,
prolly prior to those too, it deletes a random char in the middle of
your passwd when choosing encryption in the installer, passwd ->
\][123...[]\
1323[15:19:04] <L7> dunno if it's debian related or not, but
prolly so
1324[15:19:12] <BCMM> torchinz: but the conclusion is that, to
get high performance graphics, the intel and nvidia devices will
have to work together, and there are instructions on the debian wiki
for how to achieve that.
1325[15:19:34] <sklv1> fixed, but having dpkg -i and loads of
commands not work if you use su is objectively stupid.
1326[15:19:45] <L7> if any1 can send me foodz n booze n ganja n
topnotch women, that'd be gr8
1333[15:20:27] <L7> hey CrystalMath, fix that reactos already
where you can drag the icons around on the desktop and they remain
in place instead of restacking em ^_^
1334[15:20:39] <L7> 101 mead cir, west monroe, louisiana.. ;-)
THX
1335[15:20:43] <torchinz> BCMM, are you refering to to this guide
for full performance?
replaced-url
1355[15:25:20] <BCMM> i was referring to the page that i linked
you to, and i don't really know how to make it any clearer than
that.
1356[15:25:26] <BCMM> !optimus
1357[15:25:26] <dpkg> The Bumblebee project aims to provide
support for the Nvidia Optimus GPU switching technology on Linux
systems. GeForce 400M (4xxM) and later mobile GPU series are
Optimus-enabled; if «lspci -nn | grep
'\[030[02]\]'» returns two lines, the laptop likely
uses Optimus. Packaged for Debian <jessie> and
<wheezy-backports>.
replaced-url
1358[15:25:53] <BCMM> torchinz: have a look at the above factoid.
i'm out.
1391[15:49:17] <karlpinc> What's wrong with my brain? I
thought that if I had 'w' permissions on the containing
directory I can change the group of a file. But I get a permission
error.
1392[15:49:34] <greycat> Only the owner of a file, or root, can
change the file's group.
1394[15:49:56] <greycat> w perms on a directory would allow you
to remove the file and create a whole new one in its place, but not
to modify an existing file's content or metadata
1421[16:01:51] <uio> Hi. When I open Thunar and then run pdflatex
-synctex=1 file.tex, file.pdf is shown to be empty. If I close
Thunar and reopen it, then file.pdf is shown to be non-null. This
issue is not produced with pcmanfm, and does occur in Thunar if I
run pdflatex -synctex=0 file.tex Any thoughts?
1422[16:03:01] *** Quits: Space_Man (~Space_Man@replaced-ip) (Remote host closed the connection)
1423[16:03:18] *** Quits: null1337 (~WhoAmI@replaced-ip) (Quit: Give a man a fish and he will eat for a day. Teach him how
to fish, and he will sit in a boat and drink beer all day)
1449[16:16:29] <premoboss> ACTUAL SITUATION: pc_A and pc_B are
connected, no matter wifi or wired. On A there is a bash program, it
is a "menu" done with whiptail that allow me to do some
settings on A.. form B i ssh into A, run program, all ok. NEED: i
wish to do it using web browser on B (and web server on A) but
without to port the scrip from bash to php (3000+ lines of code).
So, I guess if When from B i do
replaced-url
1450[16:16:29] <premoboss> "start and show" the bash
script, so i can use it from B. how to do?
1451[16:17:41] <greycat> You can't just run a terminal menu
program in a web browser. You have to rewrite it. It doesn't
have to be in PHP -- more likely you would rewrite it using native
web form widgets, and possibly javascript.
1452[16:17:57] *** abdulocracy_ is now known as abdulocracy
1461[16:21:14] <premoboss> greycat, rewrite is exactly what i
wish to avoid :-(
1462[16:21:57] <premoboss> i remenber years ago it exists
"something" that allow you to oper a scell command line on
server from web browser of client... but i dont remember where i
fount it.
1463[16:21:59] <jelly> premoboss: there are terminal+ssh clients
that work inside browser.
1464[16:22:18] <premoboss> jelly, that ok i think. where to find
it?
1512[16:42:39] *** Quits: TheFuzzball (~TheFuzzba@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
1513[16:44:11] <premoboss> jmcnaught, nice, i installed
shellinabox and it works. but i would like to "automatize"
the login and run directly the script i need... is it possible?
1514[16:44:39] *** Quits: ich (~ich@replaced-ip) (Quit: Ex-Chat)
1516[16:45:01] <jmcnaught> premoboss: I don't know, I just
knew shellinabox existed. If it were me I would probably try to find
a solution that doesn't involve a browser.
1521[16:46:32] <premoboss> jmcnaught, to me, ssh+bash script ios
enough. but this shound be managed also by people not skilled with
CLI, ssh and so on. so i am forced to rewrite in php or so some
"dirty trick" to export the bash cli program via web
browser.
1522[16:46:36] <xormor> jelly, it did not work. but I do not need
it.
1523[16:46:41] <greycat> You could write a one-letter shell
function/alias to kick it off.
1541[16:55:15] *** Quits: bashquest (~bash0r@replaced-ip) (Remote host closed the connection)
1542[16:56:34] <tobiasBora> My laptop has a HDD, with some ext4
over LVM partitions. My hard drive is nearly full (I need to remove
stuff from time to time), and I noticed recently very strange file
corruptions. Some pictures were just impossible to open, some were
incomplete... And today, I was compiling some documents in LaTeX (no
error so fars), and suddently, one picture that was here since 10
days got suddently a super strange
1543[16:56:35] <tobiasBora> appearance, with basically the blue
layer removed on the lower part, leaving a very redish picture.
1549[16:58:55] <tobiasBora> I thought that HDD were pretty
resistant... but I'm thinking more and more than my hard drive
is having some issues. Do you think it's plausible? Do you see
other explanations? If yes, can I recover corrupted files? Can I run
some tools to check if my hard drive is close to die or not, and are
these tools dangerous for my hard drive? (my last backup is a few
months old and I don't want to lose my last
1550[16:58:57] <tobiasBora> pictures)
1551[16:59:32] <tobiasBora> also, I'm very concerned to see
my LVM partition corrupted, and to lose everything. Is there any
trick to save the partition somewhere and avoid such lose?
1564[17:04:46] <xormor> how well is Debian supported on Amiga?
1565[17:05:10] <greycat> !m68k
1566[17:05:10] <dpkg> [m68k] Motorola 680x0 CPU family. Used in
old world Apple Macintosh, Amiga, Palm, old Sun workstations and
various VME bus systems. Linux m68k runs on some of these, ucLinux
should run on the less powerful models. As of Debian 4.0
"Etch", the m68k port is not a release architecture.
replaced-url
1567[17:05:54] <greycat> Hasn't been supported in a really
long time.
1597[17:19:09] <lunchslut> Is there an easy tool to compare the
list of orphaned packages (abandoned by their maintainers) with
those installed on my system?
1598[17:19:18] <greycat> !deborphan
1599[17:19:19] <dpkg> deborphan is a package that will tell you
what library packages you have installed that nothing's using.
If you want remove all packages use 'deborphan | xargs apt-get
-y remove --purge', or a nice tool to clean up grown debians.
replaced-url
1600[17:19:31] <greycat> oh, hmm, that's not quite the thing
you asked for
1601[17:19:38] <lunchslut> Yeah, thats a different type of orphan
:D
1612[17:22:00] <dpkg> For information on packages which are not
in Debian but you think should be, check the Work-Needing and
Prospective Packages list at
replaced-url
1613[17:22:06] *** Quits: timahvo1 (~rogue@replaced-ip) (Remote host closed the connection)
1614[17:22:14] <lunchslut> Awesome! Thank you
1615[17:22:20] <lunchslut> That sounds like it'll do it :)
1616[17:22:22] <jelly> also, how-can-i-help
1617[17:22:41] <jelly> ,i how-can-i-help
1618[17:22:42] <judd> Package how-can-i-help (devel, optional) in
buster/amd64: show opportunities for contributing to Debian.
Version: 16; Size: 11.3k; Installed: 37k; Homepage:
replaced-url
1698[17:57:00] <jelly> wrksx: it means "sticky bit is set,
and execute bit for "other", usually seen in that place,
is not set"
1699[17:57:12] <jelly> hm, should have escaped the inner
""
1700[17:57:34] <jelly> !sticky bit
1701[17:57:34] <dpkg> well, sticky bit is the "t" bit
on /tmp. When set on a directory, it means that users cannot unlink
anyone else's files (and a few other things). It has no effect
on files in Linux or FreeBSD; on some other Unices it has another
meaning, usually related to swapping or the page cache.
1702[17:57:40] *** Joins: todi (~todi@replaced-ip)
1703[17:57:49] <greycat> It's in the info page, but not the
man page. "info ls | less" and search for sticky.
1704[17:59:07] <wrksx> Thx.Oh and yeah I didn't even
remember there was the info command... Is there a specific reason
why both coexist.
1748[18:22:14] *** Parts: darsie (~kvirc@replaced-ip) ("No boundaries on the net!")
1749[18:23:01] <ratrace> Anyone using i3-wm and latest Firefox
ESR? I see some glitches with the hamburger menu drawing,
there's a thick black border. Y'all see the same?
1772[18:31:04] <greycat> It's a follow-up from an earlier
problem. They're getting some kind of error message from
apparmor. The message seems to be *saying* that some file system
isn't mounted, but when they checked, /sys/kernel/security
*was* in fact mounted.
1773[18:31:19] <greycat> So, it's really unclear what the
error means. I would suggest Googling it and praying.
1791[18:35:20] <cinesc> can´t open up the grup file anymore
1792[18:35:21] <greycat> If you're unsure what this boot
parameter is going to do, you could just set it one time by editing
the parameters in GRUB interactively, instead of modifying files
permanently.
1796[18:36:04] *** Quits: wrksx (~wrksx@replaced-ip) (Remote host closed the connection)
1797[18:36:22] <greycat> In GRUB, you can use the keyboard to do
stuff while booting. One of the things you can do is press
'e' to edit the selected menu item before booting it.
1834[18:55:12] <greycat> horribleprogram: depends on which
installer you use, but MOST importantly, it depends on what you
select during the installation
1841[18:55:55] <horribleprogram> greycat: dude it's the
default one
1842[18:56:14] <towo`> Latr_work, but maybe 10th Gen could be too
new for debian stable
1843[18:56:14] <horribleprogram> greycat: is there a way to check
1844[18:56:26] <horribleprogram> greycat: like systemctl status
GNOME
1845[18:56:34] <greycat> So that's a "yes". You
don't know what you chose. You probably can't tell me what
installer you used, either. Well, if we assume a reasonably normal
installer, and you chose "gimme a desktop, I don't care
which one", then yes, you would have GNOME. Probably. Perhaps.
Maybe.
1854[18:57:58] <Latr_work> firmware-linux-nonfree is installed
1855[18:58:11] <horribleprogram> greycat: when you're
prompted for a password, there's a settings cog you can press,
and it shows System X11 Default, GNOME, GNOME Classic, GNOME on
Xorg, and the GNOME is the bulleted one
1856[18:58:26] <greycat> Sounds like buster, then.
1860[18:58:57] <greycat> And you chose (or allowed the installer
to choose for you) GNOME, and you've been running the default
buster GNOME session which uses Wayland instead of X.
1861[18:59:09] <horribleprogram> my point is my .xinitrc
doesn't work anymore
1862[18:59:12] <horribleprogram> greycat: AHHH
1863[18:59:33] <horribleprogram> iight that should help me find a
solution easier than
1901[19:10:38] <cinesc> @ratrace yes, stretch required appArmor
enabling explicitly on the kernel command line (unlike Buster where
it's now default enabled)
1902[19:10:40] <ratrace> horribleprogram: Wayland is a protocol,
not a thing you run. when you ask "how do I do XX under
Wayland", you must really ask "how do I do XX under this
specific Walyand compositor here"
1903[19:10:56] <ratrace> horribleprogram: which would imply that
maybe different compositors do stuff differently...
1904[19:10:58] <cinesc> what commandline do I have to use?
1911[19:12:05] *** Quits: Afss (25dbede5@replaced-ip) (Remote host closed the connection)
1912[19:12:06] <ratrace> cinesc: yea I just looked at my Stretch
deployment scripts, I used that
1913[19:12:17] <horribleprogram> ratrace: okay how I change back
to X11
1914[19:12:18] <greycat> ratrace: your spoon is not large enough.
They think they're supposed to type that into a shell.
1915[19:12:19] <ratrace> cinesc: uhhhh that's kernel command
line, you set that up in /etc/default/grub
1916[19:12:20] <cinesc> it works fine with it?
1917[19:12:53] <cinesc> in grub?
1918[19:12:54] <ratrace> horribleprogram: whatever DM you're
using (by default GNOME + GDM) should have the option to change the
session. GDM has this cog icon next to the login button
1919[19:12:56] <greycat> ratrace: I think you will need to SHOW
them exactly what the file needs to look like, and even then, you
might end up needing to tell them keystroke by keystroke how to run
an editor
1922[19:13:24] <cinesc> more detailed instructions, yes that is
what I need.
1923[19:13:32] <ratrace> horribleprogram: greycat is right. if
you don't know how to set that up, you should NOT use Apparmor,
you'll just lock yourself out of your computer :)
1924[19:13:33] <horribleprogram> ratrace: yeah that's the
one, I got 4 different ways to login ;)
1947[19:20:13] <CrystalMath> why doesn't debian's
slrnpull package have a sample slrnpull.conf?
1948[19:20:14] <cinesc> as root after just pasting the additional
text and then save the change I should use update-grub as root in
the terminal then restart the computer to then run aa-status and see
if anything changed to the better?
1949[19:20:31] <greycat> cinesc: yes
1950[19:20:33] <CrystalMath> it's literally impossible to
write this important conf file, as there is **zero** information on
the syntax
1951[19:20:48] <cinesc> this better be working without a hitch
1953[19:22:12] *** Quits: Haudegen (~quassel@replaced-ip) (Quit: Bin weg.)
1954[19:22:22] <cinesc> save with the text editor´s save
feature then close?
1955[19:22:54] <ratrace> ...
1956[19:23:03] <greycat> I mentioned the spoon-feeding...
1957[19:23:09] <CrystalMath> oh
1958[19:23:16] <ratrace> cinesc: if you don't know THAT...
then how are you supposed to use AppArmor? There are no policies for
that thing by default, except a very few basic ones
1959[19:23:22] <CrystalMath> hehe, oops, somehow i missed that
1960[19:24:04] <cinesc> this is quite new to me so I need to be
sure that it goes right
1961[19:24:28] <greycat> cinesc: what are you trying to do?
1988[19:29:30] <greycat> AppArmor is a policy framework that lets
you restrict what certain programs are able to do.
1989[19:30:11] <cinesc> ok
1990[19:30:11] <greycat> You can write a configuration file that
says "/bin/rm is never allowed to create a file". And then
if there's a bug lurking in /bin/rm where it can accidentally
create a file instead of removing files, then AppArmor will prevent
that bug from triggering.
1991[19:30:46] <greycat> (Not 100% sure that specific example is
possible, but that's the kind of thing it's for.)
1992[19:30:57] <cinesc> sounds like something I want to use
1993[19:31:24] <karlpinc> cinesc: If you want to know about
(some) changed files you can use the "debsums" tool.
1994[19:31:42] <ratrace> cinesc: but you'll have to write
the policies, there are only a very few ones for some basic
programs, by default in Debian
2002[19:35:38] *** Quits: cinesc (5518fd07@replaced-ip) (Remote host closed the connection)
2003[19:35:45] <ratrace> greycat: technically, with apparmor
everything is denied by default (for the process that's under
enforcement), so you have to explicitly allow rm to create a file at
specific path.
2004[19:36:09] <greycat> ... are you that guy that suspected his
system was compromised, because your internet was a little bit slow
one time a few weeks ago, and everyone told you to reinstall,
repeatedly, and you STILL didn't reinstall, but instead,
decided there must be some tool out there that can tell you whether
your system is compromised?
2010[19:38:15] <BCMM> i mean, if the internet is going slow due
to the compromised system, then yes, there are absolutely tools that
can detect that! just, probably not when running on the compromised
system itself
2011[19:38:46] <greycat> crap, didn't know he was
disconnected :(
2012[19:38:56] <greycat> cinesc: are you that guy that suspected
his system was compromised, because your internet was a little bit
slow one time a few weeks ago, and everyone told you to reinstall,
repeatedly, and you STILL didn't reinstall, but instead,
decided there must be some tool out there that can tell you whether
your system is compromised?
2013[19:38:57] *** Quits: lapsi (~lapsi@replaced-ip) (Ping timeout: 240 seconds)
2014[19:39:15] <ratrace> cinesc: "it worked" yes now
you have appArmor enabled, but it doesn't do anything by
itself.
2015[19:40:41] <ratrace> (well not 100% true, by default
there's enforcement policy on man, tcpdump, named and a few
other minor programs)
2031[19:47:53] <ratrace> jmcnaught: yes, but they aren't
enabled upon installation (except a few that do come with
apparmor-profiles under /etc/apparmor.d). you have to copy them over
from /usr/share and then prey they work, or manually tweak them
2032[19:48:58] <greycat> in any case, they do not tell you
"you're infected with Swine Flu 3.14, run
/usr/sbin/fixswineflu to fix it"
2034[19:49:07] <greycat> which I gather is what cinesc thinks
2035[19:49:37] <ratrace> problem with MACs is that generic
policies are kinda contrary to the whole purpose. For example,
there's AA policy in Ubuntu for Firefox but it's useless
for me, I have my own that does NOT allow FF to access anything
under ~/ except those few shared files it creates on its own.
2036[19:50:25] <ratrace> it also does not allow running a bunch
of programs that FF in Ubuntu is configured to be able to run, like
starting OpenOffice from FF when you click-open an office document
2038[19:50:50] <ratrace> I run my FF very restricted with AA,
that's the whole point of it. the generic policy from ubuntu is
too wide open.
2039[19:51:06] *** Quits: horribleprogram (~horriblep@replaced-ip) (Quit: Where I came from the Great Wild 'n shit, where you
can get shot if you crack smiles and shit...)
2040[19:51:57] <ratrace> greycat: that most certainly it
doesn't :) mayhaps cinesc wanted something like rkhunter or
whatsitcalled
2041[19:52:23] <cinesc> if I have all the directories showing up,
what is there more to do?
2059[20:00:31] <ratrace> cinesc: again, "to do" for
what end goal? you run aa-status and it shows you some profiles are
in enforced or complain mode. what does that mean to you? what do
you want to achieve with it? remember it is NOT a tool that will
find viruses for you
2067[20:02:44] <greycat> If "something happens" means
network activity, then maybe you want tcpdump.
2068[20:02:49] <ratrace> cinesc: AA will only log AVC denials for
active profiles, but again, the profiles are almost non-existent,
you'd have to write them for programs you use.
2069[20:03:57] <cinesc> how does tcpdump work and what do I need
for it to not miss an important package?
2074[20:04:20] <greycat> It monitors network activity, using the
specific criteria that you tell it to use.
2075[20:04:23] <jmcnaught> cinesc: maybe you want an intrusion
detection system, in Debian there's aide, tripwire, and others:
aptitude search ~Gsecurity::ids
2083[20:06:01] *** Quits: todi (~todi@replaced-ip) (Quit: Quit)
2084[20:06:25] <cinesc> then what does detect on an already
affected machine?
2085[20:07:27] *** Quits: Cyb0ti-2 (~Cyb0ti@replaced-ip) (Quit: I'll be back...)
2086[20:07:35] <jmcnaught> cinesc: you can't trust an
already compromised system to tell you the truth about whether it
has been compromised or not, no matter what tool you use.
2087[20:08:33] <ratrace> indeed. a compromised system should have
its disk mounted elsewhere and then analyzed offline. but......
that'd probably just be full of false negatives.
2090[20:09:22] <cinesc> Just as I have a bad feeling this being
the case
2091[20:09:29] <ratrace> I regularly run all the attachments I
find in spamtrap's inbox through clamav. I have yet to see
clamav recognize anything. It usually does after several days or
weeks, if I re-run it, after the network has picked up the
signature.
2096[20:10:38] <ratrace> on the other hand commercial AV like
NOD32 (the linux version) will detect stuff fairly often, but that
stuff is mostly just windows malware.
2099[20:11:09] <chp> any ops online? this guy jelly came into our
channel and he seems like he has mental problems or something
2100[20:11:11] <cinesc> that is relatively easy to find
2101[20:11:14] <chp> says hes an op in here
2102[20:11:15] <ratrace> (I know NOD32 is not considered the best
tool for the job these days, but it's the only commercial AV on
linux I managed to test out, I'm sure others like maybe
Kaspersky would be better)
2105[20:12:39] <chp> if whoever is jelly's handler, could u
come wrangle him
2106[20:12:56] <chp> hes off leash and terrorizing the
neighborhood
2107[20:13:09] *** ChanServ sets mode: +o greycat
2108[20:13:16] <cinesc> one tool I was suggested to see if there
is something that stands out is wireshark
2109[20:13:36] <chp> greycat: is jelly an op in here?
2110[20:13:39] <ratrace> cinesc: wireshark is a tool that can
capture packets on itself or it can analyze tcpdump's output
2111[20:13:41] <greycat> Yes, he is.
2112[20:14:48] <ratrace> cinesc: but that's packet matching
and analyis, that has to be done with very specific goals in mind.
you can't just run it for a while and rely on it itself
tellling you what's worng
2117[20:15:30] <chp> hes come into a channel and tried puffing
his chest w his ops status in here, complaining abt users joining
#debian that are like quit/joining too much
2138[20:20:25] <pasiz> ethernet adapter needs to be run
promiscuous mode that is not allowed for normal user
2139[20:21:47] <ratrace> problem here is a user with zero
knowledge about security issues trying random tools like apparmor
and wireshark, with no clear goal in mind or any knowledge how to
use those tools. and teaching them that is out of scope or scale of
what can be typed in irc.
2145[20:23:35] <ratrace> cinesc: what do you mean not really? you
had no clue what apparmor is, and apparently don't know what
packet capture is, and how wireshark and tcpump come into that
picture. am I wrong?
2146[20:24:10] <cinesc> the problem here is that something
happened and I with limited knowledge of how things really work have
no real idea how to be sure if that thing that happened is solved or
not.
2148[20:24:35] *** Quits: forgotmynick (uid24625@replaced-ip) (Quit: Connection closed for inactivity)
2149[20:24:39] <ratrace> cinesc: yes so you're trying random
tools which really have nothing to with what you want.
2150[20:24:49] <greycat> As we told you repeatedly over the span
of multiple days, if you suspect your system is compromised, the
ONLY thing you can safely do is wipe it and reinstall.
2155[20:26:22] <cinesc> it was a tool that could help me with
what I want to find out
2156[20:26:26] <ratrace> wipe and reinstall is something I'd
recommend myself, and my job among other things is securing our
servers, so I know quite a bit on how to do it. post-hoc analysis?
thanks, no thanks. you need a lot of experience, proper tools,
forensics. just nuke & pave and mitigate.
2157[20:26:27] *** Quits: JohnML (~john1@replaced-ip) (Remote host closed the connection)
2160[20:27:46] <ratrace> (post-hoc assuming you have a
compromised system and zero audit trails or logs from an IDS that
would imply what could possibly be the intrusion vector)
2163[20:29:04] <Ede|Popede> cinesc: "could" is the
keyword. are you used to use such tools? do you know enough about
security?
2164[20:29:18] <cinesc> barely
2165[20:29:42] <Ede|Popede> you know what you need to fix things?
2166[20:29:48] <Ede|Popede> 1. the tools
2167[20:29:57] <Ede|Popede> 2. someone who knows how to use them.
2168[20:30:28] <ratrace> 0. have the actual symptoms to begin
with
2169[20:30:29] <Ede|Popede> (unless you're macgyver, then
you'd make your own tools)
2170[20:30:32] <ratrace> "slow network" aint' it
2171[20:32:02] <ratrace> for "slow network" you can
start with something like mtr (and find out that your ISP has issues
within their network as the most likely cause)
2172[20:32:03] <Ede|Popede> could be the cable. too tight curves
and the electrons may fly out of the wire. pure physics.
2174[20:33:10] <ratrace> Ede|Popede: yea but that's REALLY
too tight. like quantum-scale right angles that are behaving like
waves when you observe them, kind of tight. :)
2175[20:33:25] <ratrace> only then will the electrons fly out of
the subatomic wire.
2177[20:34:30] <cinesc> if that is the only thing I can do to
solve it by a reinstall, I don´t know where to start since
that would mean it´s not only my stuff that is going to need a
reinstall and everyone is going to think I am crazy because the
massive sacrifice it´s going to be.
2178[20:34:44] <wasamasa> paranoia is hard to deal with
2179[20:35:00] <ratrace> cinesc: that's assuming you really
ARE compromised to begin with.
2180[20:35:07] <cinesc> yes
2181[20:35:33] <ratrace> like, you caught your computer doing
nasty things, not just thinking it might be compromised because
it's a bit slow or something
2196[20:38:33] <greycat> LDAP if you're a kool kid, NIS if
you're old school
2197[20:38:44] <DammitJim> hhhmmmm
2198[20:38:57] <bernyrd> can also use Samba, but the focus in on
controlling access to the shares
2199[20:39:11] <DammitJim> yeah, not a fan of Samba for this
2200[20:39:22] <bernyrd> probably LDAP then
2201[20:39:39] <jelly> DammitJim: which functionality are you
going for? Management of users and groups? Computers? SSO
(kerberos)?
2202[20:39:59] <bernyrd> also consider if you really need a DC,
and read the Windows license... technically I don't think you
are allowed to join a domain not hosted by Windows Server
2203[20:40:04] <DammitJim> jelly, all of the above
2204[20:40:23] <jelly> use AD then.
2205[20:40:30] *** Tony-St4rk is now known as OS-Tony-St4rk
2221[20:42:41] <karlpinc> Didn't RH open source some gui
ldap managment tool? Or am I thinking of something else.
2222[20:42:49] <bernyrd> so I have machine with openvpn running,
and connect to it, but the normal if is firewalled. how do I route
specific traffic through the openvpn if without taking down the main
network comms?
2228[20:43:53] <Ede|Popede> hmpf. if i try to read a big file
from a thumb drive and on 2 different PCs it stops after the same
amount of sectors, can i assume the thing to be dead then and the
data lost? (dd_rescue would be the next i guess)
2229[20:44:21] <karlpinc> bernyrd: IIRC there's options to
do this in the openvpn config so the route goes up and down with the
openvpn virtual interface.
2230[20:44:26] *** Quits: JohnML (~john1@replaced-ip) (Remote host closed the connection)
2231[20:44:29] <bernyrd> karlpinc: my confusion comes from having
tried to do this before, and realizing I must not construct routes
that make the packets forming the tunnel on the "real"
network unroutable
2232[20:44:54] <bernyrd> yeah it's defconfig or similar
2233[20:44:58] <bernyrd> it is kind of restrictive
2237[20:46:36] <cinesc> doesn´t clicking onto a link that
contained viruses that turned out to have infected my computer by
making it look like there was something wrong with the connection
even if it wasn´t the case (it disappeared with the
reinstalation) and it affected my phone that was connected at the
time of the event someone spied on me count as evidence?
2238[20:46:45] <blackflow> Hi. What's the recommended way to
install a newer nvidia driver in debian? I remember there being a
bot factoid here about backporting, but I forgot which one was it.
2239[20:46:50] <karlpinc> Ede|Popede: You can try the usual
recovery method. dd the entire device and then work from the dd-ed
copy. With a flash drive I'd not hold out mch hope.
2241[20:47:19] <Ede|Popede> karlpinc: i'll do it so.
2242[20:47:22] <jhutchins_wk> !nvidia
2243[20:47:22] <dpkg> Where possible, Nvidia graphic processing
units are supported using the open source <nouveau> driver on
Debian systems by default. To install the proprietary
"nvidia" driver, see
replaced-url
2252[20:48:54] <blackflow> jelly: That was the factoid, thanks!
2253[20:48:59] <ratrace> cinesc: modern malware in general wants
you to pay up, so its unlikely it did something without being
explicitly loud about it
2256[20:49:39] <cinesc> that is a rather more obvious behaviour
2257[20:49:55] <ratrace> cinesc: I mean, malware of the
"click a link and get randomly infected" as opposed to
someone running a campaign against you (and needing to be as
stealthy as possible)
2258[20:49:59] <karlpinc> Ede|Popede: With spinning media you can
use ddrescue. Probably won't help with flash. The idea is that
the device is going to get worse. So keep a backup of the dd-ed copy
in case you totally bork your rescue and destroy the copy.
2259[20:50:03] *** Quits: Vizva (~Vizva@replaced-ip) (Remote host closed the connection)
2260[20:50:14] <cinesc> the thing that has me concerned is that
this is a near silent malware
2261[20:50:35] <ratrace> cinesc: you keep assuming there WAS
malware.
2266[20:51:02] <karlpinc> cinesc: On the off chance no one has
mentioned this: If you think you may be compromised the only way to
be certain that you're not is to completely reinstall.
2272[20:51:31] <Ede|Popede> it quacks like a duck... ;)
2273[20:52:03] <cinesc> that wasn´t why I changed it if you
think that´s why
2274[20:52:22] <ratrace> don't call Elmer Fudd... or there
be shotin'
2275[20:52:40] <Ede|Popede> no chance, it's not rabbit
season now
2276[20:52:54] <greycat> it's because he's using nick A
on compromised botnet host A, and nick B on compromised botnet host
B, but he forgot to adopt different personas as well as different
names
2277[20:53:13] <ratrace> Ede|Popede: he does the number on the
duck too sometimes :)
2278[20:53:39] <wwilliam> changing in fstab and xfs partitions
from the default ionode32 to ionode64 will it break the system?
2283[20:56:19] *** Quits: noodlepie (~phillip@replaced-ip) (Quit: Going to do something more productive, I think!)
2284[20:56:23] <blackflow> Anyone rebuilding in Stable the nvidia
driver from sid? I wonder if there are any gotchas like having to
upgrade mesa or some other related library or X11 interface as well?
2285[20:56:35] <dka> I am looking for a tool like
replaced-url
2289[20:58:11] <cinesc> I only went with a different name because
it felt likeI took the wrong approach to tell what happened and
failed to find a solution hence the name thing.
2290[20:58:15] <jhutchins_wk> dka: Tell us what the tool does.
2305[21:02:40] <cinesc> sorry if it felt like I bombarded you
greycat, I´m just concerned about losing valuable all because
of a mistake I want to make it right without it repeating all over
again.
2306[21:04:36] <greycat> The vagueness is what makes it
impossible to help you. You're running some version of Debian,
maybe, not sure if you ever said which one. You ran a web browser,
no idea which one. You clicked some link, but you won't say
what it was. Something happened that scared you, but you won't
say what.
2319[21:08:48] <greycat> For all we know, you clicked on a
"test my connection speed" page, and it saturated your
bandwidth for a few minutes, which is why your phone and other
devices were slow.
2336[21:23:10] <ratrace> new firefox-esr broke my workflow.... le
sigh... I have a rxvt plugin to open up links via keyboard, dirctly
into firefox --private-window thing. worked 100% reliable with esr
60. no longer with 68, after a while it stops opening private mode
and opens regular FF instead.
2337[21:23:32] <ratrace> (despite the --private-window flag)
2353[21:28:04] <deadrom> greycat: why not esacpe the . in /.foo/
?
2354[21:28:12] <RoyK> deadrom: but then - a find loop or a perl
script can do the job if anything else won't work
2355[21:28:12] <somiaj> rany: this is an unfourntate side affect
of stables firefox tracking the current ESR, so eventually there has
to be a major vesion bump. Debian use to avoid this by having its
own browser (iceweasel) but, browsers have so many security holes,
debian cannot backport fixes to a version the upstream will not
matain. They tried this for years, and it was too much work.
2359[21:28:41] <RoyK> I didn't find prename, though, but I
found gprename, with a 23 line manpage telling me nada
2360[21:28:45] <somiaj> ratrace: you might need to get a newer
version of the plugin that is compadaible with version 68
2361[21:29:01] *** debhelper sets mode: +l 1532
2362[21:29:09] <greycat> in s/PATTERN/string/ the string
doesn't undergo any kind of pattern-matching, so a dot is just
a dot
2363[21:29:21] <greycat> dots only need to be escapes in the
PATTERN part
2364[21:29:44] <ratrace> somiaj: the problem is not in Debian,
sooner or later it'd need to upgrade. problem is in FF not
behaving consistently with --private-window, and the plugin is not
related to FF, it's just something I wrote myself to open up
links from urxvt
2371[21:31:33] <ratrace> somiaj: thought of using chromium for
these random link openings (that aren't my regular, vetted
sites I use under FF) but..... chromium seems to be in even sadder
state
2372[21:31:52] <ratrace> running it from a snap would be
admitting defeat :)
2373[21:32:09] <ratrace> (plus you can't apparmor a snap, so
that's a huge no-no for me)
2375[21:32:53] <somiaj> ratrace: yea, chromium has no ESR branch,
so security fixes are always version bumps.
2376[21:33:45] <RoyK> probably because chromium doesn't have
bugs :D
2377[21:33:47] <RoyK> - Debugging is like being the detective in
a crime movie where you are also the murderer.
2378[21:34:18] *** Quits: jmd (~user@replaced-ip) (Remote host closed the connection)
2379[21:34:26] <ratrace> it's a nice OS just lacking a good
browser :)
2380[21:34:45] <RoyK> like Emacs - a nice OS lacking a good
editor...
2381[21:35:11] <somiaj> debian would love to be able to offer a
frozen browser with only security fixes, but with the way the web is
constnatally changing and number of vulns in browsers, this is not
realistic with the manpower debian has.
2382[21:35:19] <RoyK> dunno if anyone's using emas anymore,
though
2383[21:35:29] <ratrace> somiaj: I'm guessing it's a
bug somewhere in IPC, as I keep two FF windows open. a regular one
and a private mode one, and so far, running "firefox
--private-window $URL_HERE" would ipc it into the correct one,
the private mode
2384[21:35:29] <somiaj> As a side affect, the webbrowsers are an
exeception to debian's stable policy.
2385[21:35:51] <greycat> ,popcon emacs-gtk
2386[21:35:52] <judd> Popcon data for emacs-gtk: inst: 7179,
vote: 3292, old: 2523, recent: 1364, nofiles: 0
2387[21:35:58] <greycat> ,popcon vim
2388[21:36:00] <judd> Popcon data for vim: inst: 79721, vote:
22144, old: 50611, recent: 4427, nofiles: 2539
2389[21:36:03] <ratrace> YAY!
2390[21:36:23] * ratrace is firmly in the vim camp
2391[21:36:37] * RoyK tends to stick to vim, and his co-workers tend to
get angry when he adds 'set -o vi' to root's .bashrc
2392[21:36:58] <jelly> !start an editor war
2393[21:36:58] <dpkg> joe blows!
2394[21:37:42] <RoyK> old one, but...
replaced-url
2396[21:38:20] <jmcnaught> somiaj: according to the buster
release notes the webkit2gtk source package is covered by security
support, so browsers based on it may not version-drift as much
2397[21:38:45] <jmcnaught> the release notes still recommend
firefox or chromium in the next paragraph though
2398[21:38:54] <somiaj> jmcnaught: oh they changed that? Good to
hear. I must have over looked that and expected webkit browsers to
not have security support.
2399[21:39:10] <somiaj> maybe they are slower at getting support,
but are at least offering some security support now.
2404[21:41:52] <karlpinc> When I enable Linux support on a
chromebox I get debian. But I get debian 9. Uses the debian repos
and everything in sources.list. There are (IIRC) a couple of
packages installed from another repo in sources.list.d/. I'm
wondering if things will break if I upgrade to debian 10, and
wondering if it will eventually upgrade by itself.
2405[21:42:19] <karlpinc> I don't care enough to try it and
break things, but I still wonder.
2406[21:42:31] <somiaj> karlpinc: depends on the packages, the
release notes often suggest disabling that repo during the upgrade
(and maybe removing said packages0
2407[21:42:51] <somiaj> but for example, google's
google-chrome repo will be just fine
2408[21:43:00] <somiaj> but some other repos (like dmo) can cause
lots of problems
2415[21:45:30] <somiaj> karlpinc: I don't know that repo,
but it would depend on what is actually installed from that repo (if
they are packages independent of debian, probably fine, but if they
replace debian packages, higher chance of issues)
2416[21:45:53] <karlpinc> somiaj: I don't have the device
around. I'll look at the repo source later.
2417[21:46:29] <karlpinc> somiaj: They do not (IIRC) seem to be
anything that replaces any debian packages.
2418[21:46:36] <in1t3r> Hi guys someone can help me with setting
up of the hybrid graphics on the HP omen laptop running debian
testing.
2419[21:46:51] <karlpinc> !debian-next
2420[21:46:51] <dpkg> #debian-next is the channel for
testing/unstable support on the OFTC network (irc.oftc.net), *not*
on freenode. If you get "Cannot join #debian-next (Channel is
invite only)." it means you did not read it's on
irc.oftc.net.
2436[21:54:53] <in1t3r> Well ok I haveproblems with booting up
with nvidia drivers installed. When I boot and pass my passphrase
prompt for LUKS it goes few seconds and then just hang while
overloading CPU cores I can here that from fans going crazy and cpu
going extremly hot basically I can feel on the keyboard. @karlpinc
2472[22:18:45] <dpkg> We recommend against using
deb-multimedia.org; these unofficial packages are known to cause
many hard to debug problems. They are not in Debian either because
the they are poor in quality or for legal reasons. See
replaced-url
2490[22:29:41] <_DeLa_> jmcnaught: I'll probably go with the
Opentoonz AppImage then
2491[22:31:07] <schumaml> regarding that - should upstream
projects add debian package building to their CI and point to that,
or is this not useful and there's a more feasible way to have
up-to-date versions packaged for debian?
2492[22:32:53] <Latr_work> guys, is it okay if I install a
precompiled kernel for ubuntu on debian?
2499[22:34:12] <somiaj> Latr_work: for buster, and 5.2 kernel is
in buster backports. A 5.3 kernel will make it there in a few weeks
I think.
2500[22:34:14] <Latr_work> GPU is not recognised on my dell xps
7390
2501[22:34:22] <somiaj> Latr_work: what GPU do you have?
2502[22:34:24] <greycat> In theory, you can use an ubuntu (or red
hat or whatever) kernel on Debian, but it's something you
basically have to support for yourself.
2503[22:34:36] <somiaj> Latr_work: and are you sure it is a
kernel issue, and not just missing firmware?
2504[22:34:38] <Latr_work> UHD 630
2505[22:34:44] <Latr_work> it is an intel 10th gen
2553[22:47:40] <boktan> i need help with my internal wifi
adaptor! i did fresh install and even now the intel wifi adaptor not
works and i tryed to upgrade system with my external usb wifi
adaptor but still not fixed. what it is doing is: the wifi adaptor
is coming and dissappearing every second on desktop and iwconfig
command is giving 3 different output if i give it
2554[22:47:41] <boktan> speedly again and again. one is wlan1
have one is no such device the another i dont remember now. so i
remowed the firmware-iwlwifi now it is total gone! i did tryed to
install it from here:
replaced-url
2555[22:47:41] <boktan> nothing about wlan1 i cannot see! can you
please help me!
2602[23:15:09] <cinesc> I was going to describe what happened and
why I am here trying to endlessly troubleshoot something even if I
know that this is beyond my knowledge about computers or even how
linux works with the exception of a few things but that is about it.
2611[23:18:51] *** Quits: leden (~leden@replaced-ip) (Remote host closed the connection)
2612[23:19:44] <cinesc> I don´t want to present anything to
do with a feeling because that will scare away anyone wanting to
help me, I rather present this as something serious that requires a
certain type of expertise about computers and how software work and
it´s something I can´t fix on my own
2627[23:25:22] <karlpinc> _DeLa_: At minimum, a lot of the time
3rd party software needs to be removed before a major release
upgrade and the re-installed after. So at least keep track of what
3rd party stuff you install.
2628[23:25:45] <_DeLa_> karlpinc: Well, I have my first major
release upgrade with debian 11 still ahead of me...and I am not
using debian on a production machine yet...so I guess I'll see
then
2629[23:25:47] <cinesc> I clicked onto something that did
malicious stuff to not only my computer where it happened but also
affected another device that wasn´t even using debian and I
don´t know how to tackle it as in seeing if there is anything
alien or that something got modified without me knowing although
it´s most likely a trojan being a file that gives access to
2630[23:25:48] <cinesc> a hacker to spy which I can confirm has
happened in a very horrible manner.
2631[23:26:17] <karlpinc> (The upgrade instructions in the
release notes tell you how to find 3rd party software that's
going to mess with the upgrade.)
2632[23:26:28] <wasamasa> cinesc: sounds like a movie plot to me,
lots of claims without any evidence
2633[23:26:33] *** Quits: annadane (~annadane@replaced-ip) (Remote host closed the connection)
2634[23:26:37] <cinesc> really?so far
2635[23:26:57] <karlpinc> cinesc: If you think that's what
happened then your best choice is to re-install.
2636[23:27:23] <wasamasa> cinesc: if we break it down, the only
thing we can be sure of is that you clicked on something
2637[23:27:31] <wasamasa> cinesc: then you claim it did malicious
stuff
2638[23:27:31] <cinesc> yeah
2639[23:27:39] <wasamasa> cinesc: if you can't verify that,
forget verifying anything after that
2648[23:28:30] <cinesc> og well I might as well share this with
you no matter what
2649[23:28:41] <cinesc> took me a while to put it down
2650[23:28:54] <wasamasa> hence why I suggest you to write an
angry blogpost
2651[23:28:56] <cinesc> At around 4 pm I was browsing youtube on
my thinkpad t430s running linux debian 9 and was looking at the
notifications of comments from a video from LTT and when I looked at
what was new it displayed a comment from someone using their real
name as the account name that I now have trouble remembering
completely but it was similar to "oreb oronoev"
2652[23:28:56] <cinesc> (a really tricky name to remember hence
the wrong spelling) that contained a link disguised as being
"BarbieRemix2019" and that was all the comment
contained.Before I clicked onto it, the internet and the computer I
used was just fine with not a single frame drop at all with
integrated graphics when looking at 1080p and this is with hd 4000
2653[23:28:57] <cinesc> graphics though. I visited the video
again to see the comment thread where I saw the comment with that
link in it.When I opened it up in a new tab and clicked onto the tab
the text in the tab showed random letters like mty://dsb... or
://mty... and at the lower left corner where the subdomains or
domains appear when it loads content it showed only
2654[23:28:57] <cinesc> novans.ru in a dimming behaviour as if it
tried to connect to something it couldn´t connect to which it
went over and over again and force a download of something.I closed
the tab immediately because I freaked out that it was one of those
browser attacks I heard about being a thing no matter what operating
system you use because you are still
2655[23:28:58] <cinesc> vulnerable because it´s the weak
spot in this case and after I opened the link in the tab the video I
was looking at the buffer I had let do was gone and it refused to
play normally anymore. Even refreshing a tab with a video became a
hit and miss if it could even load a video normally anymore since it
took three times to get the video to load
2656[23:28:58] *** cinesc was kicked by debhelper (flood)
2661[23:29:19] <wasamasa> some people really can't take a
hint
2662[23:29:35] <annadane> anyone know if the entry to put in
.xinitrc to start mate, whether it's mate-session or mate-wm?
2663[23:30:22] <karlpinc> _DeLa_: Right. There are a few rare
projects that share developers with debian (postgresql), or
whatever, and "just work" when you enable their repos.
2682[23:35:25] <ratrace> cinesc: can you read what dpkg posted
above?
2683[23:35:34] <cinesc> yeah
2684[23:35:56] <ratrace> then go to paste.debian.net, paste your
long text in the textarea on that page, select how long you want it
active, save, and post here the resulting URL
2685[23:36:07] <cinesc> ok
2686[23:36:24] <wasamasa> in what country do you even use the
backtick instead of the apostrophe
2709[23:43:23] <cinesc> it took me around an hour to write
2710[23:43:29] <ratrace> cinesc: I still don't get it what
happened. you clicked a link and then it showed a .ru site and then
somethign sloweed and then <drama incl. calling a lot of
people>
2711[23:43:45] <ratrace> so, like, when you restarted the
browser, did everything work back normally?
2712[23:43:59] <cinesc> no it was the same as when it was
affected
2713[23:44:07] <ratrace> and after you restarted the computer?
2714[23:44:21] <cinesc> yeah
2715[23:45:00] <ratrace> yeah = youtube doesn't play videos
any more?
2716[23:45:12] <cinesc> it only disappeared when I reinstalled
the OS because I really had no choice at the time
2718[23:45:26] <cinesc> it played but worse than before
2719[23:45:51] *** Quits: squirrel- (mj@replaced-ip) (Remote host closed the connection)
2720[23:46:03] <deadrom> I need a specific kernel module's
messages out of syslog. can I mute it somehow? device driver, never
spoke a meaningful word anyway but keeps spamming the logs
2721[23:46:09] <cinesc> it didn´t even have to be at hd for
the stutter to happen
2723[23:46:30] <cinesc> I might as well be 144p and still it
would happen
2724[23:47:12] <cinesc> sounds weird but that is how it presented
itself but also in games too
2725[23:47:14] <ratrace> cinesc: in all that wall of text you
missed to describe the EXACT symptoms of what was going wrong.
"not playing normally" doesn't say anything.
2727[23:47:57] <cinesc> it played with a stutter every now and
then
2728[23:47:59] <ratrace> "I opened the link in the tab the
video I was looking at the buffer I had let do was gone and it
refused to play normally anymore." -- this is the closest you
got to describing the actual problem you're having
2739[23:50:16] <cinesc> hence why I am here and still here
2740[23:50:21] <ratrace> Latr_work: is that a running commentary
of a debug session or is there a question in there somewhere :) I
scrolled quite a few to try and find context, failed :)
2741[23:50:42] <ratrace> cinesc: I think you're jumping to
quite a lot of conclusions
2742[23:51:16] <Latr_work> ratrace: somiaj was helping me out
bringing up Debian 10 on my XPS 7390
2743[23:51:20] <ratrace> next time if it happens, it'd be
prudent to start troubleshooting by looking at the process list (ps,
top) and find out if there's a process hogging CPU or IO that
would explain the stuttering
2744[23:51:37] <ratrace> Latr_work: ah
2745[23:51:39] <cinesc> I might be fast at estimating bad things
but I do usually think of worst case scenario
2746[23:52:10] *** Quits: prueba (~miprueba1@replaced-ip) (Remote host closed the connection)
2747[23:52:29] <ratrace> cinesc: linux malware exists but
it's almost always of commercial ("pay up or else")
nature, or targeted data exfiltration or denial of service
2749[23:52:58] <cinesc> what do those two last ones mean?
2750[23:53:31] <ratrace> cinesc: it means someone attacks someone
else, deliberately and targetting just them, to steal data or cause
some denial of service
2754[23:55:27] <ratrace> cinesc: also, majority of linux malware
is of "trojan" kind, meaning the user has to be tricked
into installing it. there's also software exploits, eg. a
random website you visit exploits something in your firefox to
install somethign on your computer but... that something can't
easily propagate further. just because something is connected via
USB does not immediately mean it's vulnerable to something,
2755[23:55:33] <ratrace> and in practice it's quite unlikely
to happen
2756[23:56:06] <ratrace> vast majority of linux malware is trying
to exploit badly configured or unsecured web servers and use them
for spam, DDoS botnetting, etc...
2759[23:56:22] <cinesc> @ratrace the funny thing was that the cpu
activity was the same, it just performed worse than before
2760[23:56:27] <somiaj> Latr_work: so you have the
linux-image-amd64 and firmware-misc-nonfree installed from
buster-backports and your GPU still isn't working.
2761[23:56:28] <ratrace> infact, I don't know of any desktop
oriented linux malware in the wild. there could be, I just
haven't heard of it.
2762[23:56:48] <ratrace> cinesc: could be a cryptominer that
glitched your GPU
2768[23:57:52] <cinesc> although that doesn´t explain why
someone could see what I was watching
2769[23:57:57] <cinesc> in real time
2770[23:58:03] <ratrace> could be a network issue that coincided
with you clicking a link. human brain is like that. you're
assuming things and there it is, concocting all kinds of scenarios
and pereceiving all kinds of random things it sees, as PART of the
thing it worries about.
2774[23:59:10] <ratrace> cinesc: "it sounded as if someone
knew exactly what I was watching" -- that also says nothing.
Did anyone tell you they saw what you were watching? why do you
think anyone did know what you were watching?
2775[23:59:48] <ratrace> cinesc: also, here's a funny story.
we men are pigs. I have yet to meet a man, who's using the
internet, and has NOT at least once peeped at porn.
2776[23:59:51] <cinesc> you mean the phenomena of thinking
unrelated weird things that happens at the same time are related
then yes it happened twice