71[00:50:17] <sney> ok. what is in your
/etc/network/interfaces?
72[00:50:27] *** Quits: [E]sc (~playboy@replaced-ip) (Remote host closed the connection)
73[00:50:32] <blackop> well in my other machine there is
normally wifi icon but not on this machine
74[00:51:25] <Thedarkb-Desktop> Modprobe it out and back in
again.
75[00:51:26] <blackop> sney: there are configs
76[00:51:45] <blackop> Thedarkb-Desktop: i tried modprobe but
didnt work
77[00:52:01] <Thedarkb-Desktop> I remember you from
##ibmthinkpad
78[00:52:09] <blackop> Thedarkb-Desktop: yup
79[00:52:15] <sney> blackop: if your wireless interface is
listed in /etc/network/interfaces, network-manager will ignore it.
Remove the entry from that file and restart network-manager.
82[00:53:20] <blackop> sney: should i delete that fire or where
my previous wifi connection info exists
83[00:53:27] <blackop> ?
84[00:53:57] <trek00> blackop: lspci -k shows a module loaded
for your card?
85[00:54:04] <sney> blackop: you should edit that file and
remove any lines which refer to your wifi adapter.
86[00:54:08] <blackop> trek00: yes
87[00:54:39] <Waxhead> Howdy , this may be a stupid question.
But I copyed (rsync -aHAXx) my rootfs to another drive on another
fs. Then I edited /etc/fstab with the new UUID for my new rootfs,
ran dpkg-reconfigure grub-pc and installed grub on all drives
(I've got 24 of them), ran update-grub and my system still
boots up from the old rootfs... What am I missing?!
88[00:55:15] <Waxhead> (I even tried chrooting to the new
rootfs)
89[00:55:30] <Waxhead> (....and doing the exact same as above)
90[00:55:41] <blackop> typing on french keyboard is crazyy
91[00:55:50] <blackop> it is azerty keyboard
92[00:56:06] <trek00> blackop: is there an entry for your wifi
card on /etc/network/interfaces?
93[00:56:09] <blackop> sney: ok i deleted wifi line
97[00:56:23] <blackop> i deleted wifi info from there
98[00:56:34] <blackop> there are some other configs there
99[00:56:48] <blackop> should i leave or remove them also?
100[00:57:14] <sney> blackop: there should be 2 lines "auto
lo" and "iface lo inet loopback" that need to be in
that file. everything else is optional.
101[00:57:17] <trek00> blackop: you should leave lo interface
116[00:59:38] <trek00> Waxhead: you should modify the /etc/fstab
on the new rootfs, then chroot and run update-grub and check again
that /boot/grub/grub.cfg on the new rootfs
127[01:03:42] <Waxhead> trek00: just what I done... but without
the livecd... could it be some systemd thing that prevent the bind
mount for working properly ?
136[01:08:12] <trek00> Waxhead: may be you could add
GRUB_DEVICE_UUID=your-new-uuid to /etc/default/grub
137[01:08:17] <Waxhead> trek00: I get a couple of warnings on
grub-update. /dev/sdX not initialized in udev database even after
waiting for 10000000 microseconds
138[01:08:25] <Waxhead> (not sure I got the number of 0's
right)
139[01:09:18] <Waxhead> trek00: I can try to add that to
/etc/default/grub yes, I would prefer it to work the "correct
way" :)
141[01:09:59] <trek00> Waxhead: usually i boot adding manually
the right uuid to the grub menu, then i run update-grub once booted
from the right device
146[01:13:28] <trek00> Waxhead: the use the GRUB_DEVICE_UUID
conf, then update-grub and check if grub.cfg is ok, then reboot and
if it's all ok, remove the GRUB_DEVICE_UUID and rerun
update-grub
147[01:13:36] <blackop> sney: trek00: it is working thanks a lot
153[01:18:00] <Waxhead> trek00: well, I'll keep that in
mind. I am starting to get too tired to try... UUID's are never
a good idea when you are sleepy ;) - so for now , thanks a bunch for
your help! Appreciated!
154[01:18:31] <trek00> :)
155[01:19:57] *** Quits: tuxmania (~tuxmania@replaced-ip) (Remote host closed the connection)
157[01:21:17] <Waxhead> Arrrh.... why not - thanks to EVERYBODY
that tries to help out. IRC is a friendlier place than it was 20
years ago, but still - not often that is being said so why the heck
not! :) Can't hurt (too much) to try to spread some positive
vibes once in a wile! ;)
201[01:55:39] <asterismo_l> hi, is mongo-db supported in debian
buster? or is there anyway to install it without breaking the system
installing libcurl3?
202[01:56:07] <n-iCe> Hello guys, how can I stop debian to
restore my last windows
203[01:57:02] <Gryllida> n-iCe: in what desktop environment?
206[01:58:57] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
207[01:59:53] <n-iCe> Gryllida: xfce
208[02:01:06] *** Quits: de-facto (~de-facto@replaced-ip) (Quit: See you around.)
209[02:01:15] *** Quits: b1ack0p (~M@replaced-ip) (Quit: good nite)
210[02:01:40] <Gryllida> n-iCe: Open Session and Startup from
Menu - > Settings -> Settings Manager. Untick the
Automatically save sessions on logout under Logout Settings.
225[02:06:54] <trek00> Gryllida: may be you can set the cpu
scaling governor to powersave: echo powersave | tee
/sys/devices/system/cpu/cpu[0-9]*/cpufreq/scaling_governor
226[02:07:42] <Gryllida> trek00: is this what thermald does?
227[02:09:00] <Maizum> after install nvidia driver i need to
login on tty2 also to have desktop working any idea?
228[02:09:01] *** debhelper sets mode: +l 1261
229[02:09:10] <Maizum> Xfce4
230[02:12:00] *** Quits: ecbrown (~user@replaced-ip) (Remote host closed the connection)
231[02:12:09] <trek00> Gryllida: may be thermald does more
things i don't know
232[02:12:26] *** Quits: Tom01 (~tom@replaced-ip) (Read error: No route to host)
233[02:12:52] <Maizum> after install nvidia driver i need to
loging on tty also to start xfce4 any idea?Xorg conflit?
234[02:13:12] <trek00> Maizum: if you don't log in on tty,
what happens?
240[02:13:48] *** Quits: kristijonas (~kristijon@replaced-ip) (Remote host closed the connection)
241[02:14:08] <trek00> Maizum: then after login on a tty, the
desktop appears on the X session?
242[02:14:23] <Maizum> yes verything
243[02:14:31] <Maizum> works then
244[02:14:51] <Maizum> everything
245[02:15:48] <trek00> Maizum: i really don't know, is
there some non-standard configuration? some error messages on screen
or inside log files like /var/log/syslog?
361[03:57:50] <mason> Did something significant change between
Debian 9 and 10 re: fail2ban? Trying to spin up a Buster equivalent
to a server, and I don't see fail2ban spinning up its iptables
entries.
362[03:58:56] <sponix> think there might be a new one, something
not called iptables anymore
363[03:59:13] <mason> Right, but iptables still exists as a
compatibility layer.
372[04:00:58] <sponix> I have fail2ban installed, or at least
thought I did -- and don't even have nftables installed
373[04:01:14] <mason> On Buster?
374[04:01:28] <sponix> Yes
375[04:01:37] <sponix> Buster base anyway
376[04:01:51] <mason> It's working unproblematically on
Stretch here. I've not yet found what's different.
377[04:02:40] <sponix> I'm going to check my logs if
possible, and see if it is doing "anything" for me lol
378[04:02:59] <mason> sponix: You should see iptables it set up.
379[04:03:13] <mason> sponix: You can also say fail2ban-client
status to see what's active.
380[04:03:38] <mason> For me, identical between the two systems,
just no iptables, which means it's effectively doing nothing.
381[04:04:40] <sponix> mason: yeah, that status says it is
active on sshd. But my iptables is blank, and my fail2ban.log is
also -- so seems it is either purely cosmetic for me, or working
some damn good it has no complaints :)
443[04:28:21] <sponix> mason: after following that guide with
fail2ban.local file, "enabled = true" under sshd section,
setting my port to 66534 (my port I use for ssh), and a few other
things. It is not at least writing to /var/log/fail2ban.log with
information that makes it look functional
444[04:28:46] <sponix> mason: I recommend you give that webpage
a 2nd look as it does seem Buster needs a little more fail2ban love
to get it going :)
445[04:28:48] <mason> sponix: Do you see rules?
446[04:29:00] * sponix goes to check
447[04:29:00] <mason> iptables -L, do you see fail2ban tables?
451[04:29:45] <mason> sponix: Even if there are no hits, it
ought to set up the tables so they exist and are ready for rules.
452[04:29:50] <saptech> I recently purchased an Epson WF-3720
AIO printer. Running Debian Linux, I have the printer & scanner
working, but I can't use the ADF tray. Any ideas/suggestions on
getting it working?
453[04:29:56] <sponix> mason: nope, still no rules. But from
what I read it is only going to add a ban to iptables if it is
triggered
454[04:30:26] <mason> sponix: Easily tested. And in this case
since I'm migrating an active server, there were no end of IPs
it ought to have banned.
455[04:30:42] <sponix> mason: try to hit my sponix.asuscomm.com
with ssh on port 66534 a few times and see if it does anything ?
456[04:30:59] <mason> sponix: Argh, kk. I hate doing that even
when requested but I'll do it.
457[04:31:21] <sponix> 2020-05-05 21:26:30,819 fail2ban.server
[4716]: INFO Jail sshd is not a JournalFilter instance
465[04:34:31] <sponix> mason: oh, well I meant 65534 -- read my
mind ;)
466[04:35:00] <sponix> mason: well I did connect from my phone,
and nothing logged in fail2ban about it, and /var/log/auth.log does
show my sshd login as legit
482[04:41:10] <mason> ah, that's a lot then, sorry
483[04:42:54] <sponix> I could always change it.. Just what I
did
484[04:43:25] <sponix> mason: well... Yeah, I need to change my
default ban action from iptables-multisomething to just iptables --
but it did just try to run it after the dozen or so failed attempts,
so it is working
485[04:43:26] <mason> don't forget to reload the service
486[04:43:40] <sponix> I just need to fix that, and it should
generate the iptables rule
487[04:43:53] <mason> sponix: Eh? You needed to move
iptables-multiport to iptables for it to work?
488[04:44:41] <mason> sponix: in Stretch, banaction =
iptables-multiport works and generates iptables rules
489[04:44:56] *** Quits: sa-ghosts (~sa-ghosts@replaced-ip) (Quit: see you later ~)
524[04:56:01] <sponix> sponix sshd[23032]: error: maximum
authentication attempts exceeded for sponix from 192.168.1.1 port
50582 ssh2 [preauth]\nMay 5 21:42:14 sponix sshd[24976]: Failed
password for sponix from 192.168.1.1 port 50606 ssh2',
'ipfailures': 10, 'ipjailfailures': 10})':
Error banning 192.168.1.1
525[04:56:27] <mason> sponix: And now... you see rules?
526[04:56:56] <sponix> trying, I don't know how to work ufw
lol
527[04:57:03] <sponix> going to see if they show up in gufw now
528[04:57:13] <mason> sponix: Here's the thing - even
without active bad guys to ban there should be actionstart =
<iptables> -N f2b-<name> and others at service start
time.
529[04:57:52] <sponix> it still can't figure out how to ban
me
530[04:57:56] <sponix> still no rules
531[04:58:02] <mason> This is not encouraging.
532[04:58:04] * sponix goes to look at the documentation again
552[05:13:08] <mason> My Ubuntu 18.04 test VM is almost up and
ready to test, and that'll help figure out if it's
something in the Debian package or not.
553[05:13:26] <mason> Ubuntu's fixed stuff that's
lagged in Debian in the past, so it'll be a useful data point.
592[05:42:14] <annadane> kline, pretty sure he's a
maintainer, did you try his email?
593[05:43:12] <sponix> mason: Yeah.... It is correctly banning
me through iptables now. I will bookmark that. And sleep a little
safer at night knowing no Malaysians can brute force my ssh ;)
594[05:43:22] <annadane> i found the username but i dunno if i
should just say it in the chat
732[07:20:40] <mason> Easier to just write my own I think.
I've got parsers that comb through logs to find badness, and
they're a far sight simpler than what fail2ban has become.
733[07:21:28] <mason> Also, I noticed that xbl.spamhaus lists
most of the sites that'd otherwise be banned, so that might
help obviate the issue.
734[07:22:01] <mason> My random sampling of five hosts that did
doorknob jiggling had five positive results from xbl.
813[08:06:44] *** Quits: user217_ (~user217_@replaced-ip) (Remote host closed the connection)
814[08:07:09] *** Quits: VoidFox (~VoidFox@replaced-ip) (Quit: Women do not snore, burp, sweat, or pass gas. Therefore
them must bitch or they will blow up)
817[08:07:47] <setra> hello I encountered after jessie to buster
upgrade the issue that if I start a virtualmachine that in my syslog
appears failed to get cgroup backend for 'getCpuacctUsage'
and my virtual machine does not start. I tried all I could find and
added a Delegate=yes to the Service but nothing really helps. Fact
is that no virtual machine can be started anymore
818[08:08:50] *** Quits: user217_ (~user217_@replaced-ip) (Remote host closed the connection)
961[09:34:17] <shtrb> What would be the proper syntax for
apparmor to avoid ( audit: type=1400 audit(1588750217.481:104):
apparmor="DENIED" operation="file_mmap"
profile="/usr/bin/pidgin//sanitized_helper"
name="/tmp/.glzUh8qM" pid=9442 comm="x-replaced-url
1088[12:09:15] <ratrace> shtrb: okay I see. the sanitized helper
is in abstractions/ubuntu-helpers and used via
abstractions/ubuntu-browsers which is included in the pidgin profile
1089[12:09:58] <ratrace> shtrb: ubuntu is apparmor upstream so
that's where the stupid name comes from. anyway, problem is the
whole sanitized_helper abstraction does not expect gpu acceleration
needing userland file access, like nvidia does.
1090[12:10:53] *** Quits: dselect (~dselect@replaced-ip) (Quit: ouch... that hurt)
1091[12:11:40] <ratrace> shtrb: so, one hack would be to add
those rules in the /etc/apparmor.d/abstractions/ubuntu-helpers, in
the "sanitized_helper" profile, you can add it near the
end, BUT.... it'll get overwritten with next update unless the
package manager will back off seeing the file is under /etc, I
don't know
1092[12:11:58] <ratrace> unfortunately the abstraction(s) do not
have #includes built in for local user overrides, like main profiles
do
1094[12:12:32] <ratrace> that'd be one reason why I almost
never use packaged profiles and build my own, even if I take the
packaged profiles as a starting point.
1096[12:14:02] <ratrace> you could also try to file a bug but
that requires a report via launchpad.net and in my experience
usually falls on deaf eears so I'm not bothering, I just build
my own profiles.
1168[13:32:39] <oxek> How do I synchronize time on debian? I know
it should do it automatically, but it does not, so I need to do it
manually (but not as manually as setting the actual time manually).
1169[13:33:10] <oxek> is there some command to one-off
synchronize time on-demand?
1170[13:33:16] <bguebert> time command is ntpdate i think
1171[13:33:39] <oxek> is that supposed to be installed by
default?
1172[13:33:48] <bguebert> I don't think so
1173[13:33:51] *** Prints is now known as oxycontin
1219[13:48:52] <IsUp> ratrace: i need to set env variables for
'freeswitch.service'. right now i am using
/etc/default/freeswitch to accomplish this. is this should be
avoided?
1221[13:49:57] <satanist> hi i have alwas problems with copy
paste under x, because there are 3 diffrend selection one programm
uses primary and an other programm reads out of the clipboard. is
there a way to merge these three selections?
1222[13:53:14] <joepublic> The nice thing about clipboard
standards is that there are so many to choose from
1223[13:53:43] <bguebert> isn't that a bad thing when you
want them to work together?
1230[14:01:11] <ratrace> IsUp: as you can see it has the
EnvironmentFile directive, which is okay. /etc/default/ has always
been a place to specify env vars for services.
1232[14:01:26] <ratrace> IsUp: however, that's not
"system wide" as you originally asked.
1233[14:02:00] <ratrace> satanist: there's two, not three
cliboards under xorg. depending on your DE, there might be
extensions that merge them if they aren't already
1234[14:02:26] <annadane> somiaj, just for your information, xset
s off && xset -dpms does work in MATE
1235[14:03:14] <bguebert> putting that env var in /etc/profile
would work for users logged in, not sure about cron jobs and things
like that or if it is the "best" way
1238[14:06:34] <IsUp> ratrace: got it. i am just testing
/etc/environment - is there any way to reload this file after making
changes instead of reboot?
1252[14:15:38] <ratrace> satanist: ah, no there isn't afaik.
if you're having trouble with the terminal, the terminal itself
might have plugins or configurations, like urxvt does for example
1253[14:15:54] <satanist> also according to
/usr/share/doc/xorg-docs/icccm/icccm.html there are three selections
``clients need deal with''
1254[14:16:04] <ratrace> I use i3-wm too and sometimes it pisses
me off, those two separate clipboards
1255[14:16:20] <satanist> why is this i3-wm problem?
1256[14:16:39] <oxek> shtrb: ntpsec-ntpdate installed both
`ntpdate` and `ntpdig`, any idea which one is better to use?
1257[14:16:59] <satanist> this is a xorg problem, why are there
multible selections for copy paste without an config option to merge
them
1258[14:17:03] <ratrace> satanist: there's really two,
"primary" and "clipboard". I don't think
any application uses "secondary" these days
1259[14:18:21] <ratrace> satanist: it's a complete mess kind
of problem. basically it's xorg's main fault and DEs/WMs
may or may not merge them into one. i3-wm surely doesn't, as
it's just a WM and not a DE so I guess the devs think it's
not its job to manage the "clipboards"
1263[14:19:39] <ratrace> IsUp: then I'm sorry, I
wouldn't know. daemon-reload _should_ work, as that reloads and
reinits the generators, and per systemd.environment-generator(7)
manpage, that's exactly what should've happened
1266[14:20:16] <ratrace> IsUp: however, it also says the reload
will affect any service started subsequently...
1267[14:20:45] <IsUp> ratrace: thank you so much
1268[14:23:38] <jmd> Does anyone know what the holdup is getting
Gettext 0.2 into Debian?
1269[14:24:27] <somiaj> annadane: still surprised there
isn't a configuration for that, but I use that for my wm. I
almost think you could put options in xorg.conf to make that
default, but I have been too lazy to do that, so instead I type that
command into my laptop every time I reboot it
1270[14:24:43] <satanist> ratrace: you know how selections work?
for a client (even if it's the DE/WM) there is no way to merge
them, the only way is to read them out and take ownershipp
1271[14:25:21] <satanist> taking ownershipp is something I
don't want, because I use a pwmanager based on selections
1283[14:34:00] *** tadeus_brick is now known as TadeusTaD
1284[14:34:32] <ratrace> satanist: well then pick one and use it,
eg. the "clipboard" one, so you explicitely need to copy
and paste instead of rely on selection
1291[14:38:59] <satanist> the problem I have is, that some
programms use one selection and other a other one, so I can't
sometimes direct copy and have some old data in the selection
1292[14:39:31] <satanist> so I want to tell xorg that all three
default selections are handled as they would be the same
1294[14:40:17] <ratrace> satanist: most if not all GUI prorgams
can use "clipboard" via ctrl-(shift-)c and -v. terminals
usually need coercing to do so. urxvt, for example, can do it and
there's a config option for that.
1297[14:41:10] <ratrace> using selection is really very annoying.
you can't select this text, then copy, then select this text
then replace with copied. any selection replaces previous in memory.
1302[14:43:31] <ratrace> satanist: per definition of the problem
it's unsolvable. ctrl-c is explicit copy action. merging that
with selection would make it obsolete, as you have to select to
copy, and selection would already do the copy.
1319[14:47:28] <pitch> so where is the nfs config?
1320[14:47:36] <satanist> ratrace: I understand this is the
default behavior, but this doesn't match my usage, therefore
I'm searching for a flag/option to change it
1323[14:48:21] <ratrace> pitch: services are now handled by
systemd. env for services is in /etc/default unless they explicitly
set env via service unit. network is in /etc/network/interfaces if
you're using default ifupdown framework
1392[15:03:53] <pitch> back to topic: i was looking for a simple
approach of getting a network share from linux to include in win10.
i thought nfs would be nice, but thats from beeing used to just
write a line in /etc/exports and be done.
1413[15:06:58] <pitch> it was for me too. thats why i was so
excited. setup my nfs. checked for funtion with my laptop ->
nice. trying with windows: nothing.
1431[15:18:39] <pitch> i am just a casual linux user for 20+
years, which makes me an advanced computer user i guess, but
still... never really haggled with multiOS systems/networks. now i
was asked to make this bunch of Win10pro machines backup themselfs
to another location.
1439[15:24:20] <ratrace> pitch: what I'd do, if possible, is
install them into VMs. there's a nifty video by Linus Tech
Tips, the guy replaced all his computres at home withh a single
beefy server running VMs with dedicated CPUs and GPUs, exposed to
extra thin clients via firewire-or-whatwasit + usb cables for
peripherals.
1440[15:24:44] <ratrace> I'll be doing the same but the host
will be linux of course.
1441[15:25:25] <greycat> judd file ec_sys*
1442[15:25:29] <judd> Search for ec_sys* in buster/amd64:
libitpp-dev: usr/include/itpp/comm/rec_syst_conv_code.h;
golang-go4-dev: usr/share/gocode/src/go4.org/osutil/exec_sysctl.go
1443[15:25:43] <greycat> It does not appear to exist, at least
under that name. Perhaps you could tell us what it *is*.
1444[15:27:01] <pitch> ratrace: thats a nice thing for a close
quarter situation. this is a private household with a carpentry and
a small office combined.
1448[15:27:48] <pitch> so i would need to run 200+ meters of
firewire/usb-c/fiber/whatever
1449[15:27:52] <Maizum__> ops
1450[15:27:56] <BadPractice> greycat, it is some interface to
talk with an embedded controller of my thinkpad (i think). I want to
control my red dot as in
replaced-url
1451[15:28:16] <ratrace> pitch: sure. just tossing ideas out
there ;) virtualized windows = easiest thing to maintain
1452[15:28:23] <pitch> true
1453[15:28:43] <greycat> BadPractice: not very good instructions,
apparently...
1454[15:28:56] <greycat> OK, google it is!
1455[15:29:11] <pitch> i would love to have a zfs-pool fed
virtualisation for myself and my girlfriend at home. atm its just
the hardware lacking.
1456[15:29:42] <pitch> because i love my computer games. but
windows is just a PAIN
1457[15:29:43] <greycat> Google gives me
replaced-url
1458[15:30:42] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
1459[15:30:50] <pitch> ratrace: if you are planning on building
this yourself: beware. the more recent nvidia drivers detect
PCI-passthrough and send the card into 2D-only
1460[15:31:15] <pitch> throwing error 3xx.
1461[15:31:28] <ratrace> pitch: I know. fixed with cpuid haxx
1462[15:31:35] <pitch> uuuuuh
1463[15:31:39] <pitch> clever
1464[15:31:46] <pitch> never thought about that.
1465[15:32:16] <ratrace> that alone has put nvidia on my sh!t
list. I'll be switching to all all AMD+ATI as soon as finances
allow.
1466[15:32:34] <ratrace> all *out
1467[15:32:51] <pitch> my solution: feeding my gaming machine
with network boot. normally it boots into a headless linux to crunch
em numbers. if powered by the buttons it boots windows10 to game.
1468[15:32:55] <ksk> BadPractice: ubuntu seems to ship that
module via linux-modules - as far as I can tell debian does not.
1490[15:36:08] <f8e4> latest is CHANGES-1.14 nginx-1.14.2
1491[15:36:13] <BadPractice> greycat, ksk so seems like my best
bet ist to compile that module myself. thanks for your help
1492[15:36:15] <greycat> !stable
1493[15:36:15] <dpkg> [stable] The status of a Debian release
when no packages will be added or version-bumped, and changes will
only fix security issues and critical bugs. Packages can be removed
in rare circumstances. The current stable version of Debian is
Buster (10.x); ask me about <releases>. Security bugs are
fixed in stable by backporting the fix to the stable version (ask me
about <security backports>).
replaced-url
1494[15:36:22] <greycat> !buster freeze
1495[15:36:22] <dpkg> Buster started the freeze process on
2019-01-12 see
replaced-url
1496[15:36:58] <ratrace> f8e4: do you need any specific
functionality in newer versions or a bug fix that's not
available in debian's standard package?
1497[15:37:07] <ksk> f8e4: if the nginx package in debian does
not fit your needs, check the "repos for debian from
nginx.org" - they are of good quality.
1498[15:37:16] <f8e4> ratrace scared only: latest == most secure
often
1499[15:37:33] <pitch> true but not most stable.
1500[15:37:36] <f8e4> do i break (again) sth if i install the
replaced-url
1501[15:37:36] <ratrace> f8e4: also latest == new (security) bugs
often
1502[15:37:43] <pitch> what the purpose of debian is
1503[15:37:44] <Maizum__> , /msg alis LIST #freenode* -min 10
1504[15:37:51] <ksk> f8e4: The Debian team will take care of
handling everything security related. It works well most of times..
1505[15:37:52] <ratrace> Maizum__: pls stop that crap
1506[15:38:06] <Maizum__> sorry
1507[15:38:24] <ratrace> f8e4: security bugs are backported to
debian's nginx. unless you know there's a specific
functionality or bug fixed upstream and not backported, I'd
recommend stay with debian standard packages.
1508[15:38:33] <annadane> speaking of security and the discussion
from earlier, salt did get patched
1511[15:38:41] <dpkg> The Tracker of Doom is a vulnerability
database maintained by the Debian security team, viewable at
replaced-url
1512[15:38:54] <joepublic> speaking of security, the current
mitigation for saltstack problems is apparently to unplug the
machines and set them on fire,
replaced-url
1513[15:38:55] <ratrace> annadane: and exposed my worst nightmare
about running salt on publicly accessible servers
1514[15:38:56] *** Quits: IsUp (~tamer@replaced-ip) (Remote host closed the connection)
1515[15:39:17] *** Guest94791 is now known as zodd__
1517[15:39:59] <pitch> f8e4: if you want recent features go for
rolling release distros, like arch (?) or voidlinux. they are fine
most of the time, but eentually they will break your whole system
with one update.
1518[15:40:36] <ratrace> the bestest rolling release is of course
gentoo. there will be no discussion or challenging of this
statement. thank you, have a nice day.
1519[15:40:45] <pitch> on the other hand distros like debian
often carry years old packages/versions but more or less guarantee
you that they wont break anything while updating
1520[15:41:19] <annadane> or run a rolling release... in a VM,
where you can have your cake and eat it too (mostly)
1521[15:41:34] <ratrace> pitch: true that, but they'll also
carry bugs for years </devils-advocate> in my case, I
can't use HTTP2 because it's broken in the current version
of nginx.
1522[15:41:38] <joepublic> well, it's a little harder to
eat, because it's really only virtual cake
1523[15:41:41] <pitch> ratrace: is gentoot rolling release? it
just includes an alias for git pull FOO && make basically
1525[15:42:26] <ratrace> pitch: it's rolling release yes,
but rolling release != what you said. gentoo is way more tested than
that, and has a period of stabilization. pop into #gentoo if
you're instrested ;)
1526[15:42:46] <DavePage> Any suggestions on how I can raise an
issue with the Debian kernel team? Basically our VM hosts are broken
in Debian 9 because of
replaced-url
1545[15:45:17] <sudomake> there is another guy/girl who has the
same problem and also using debian 10.3.
1546[15:45:28] <sudomake> we just both reported it on linux
channel
1547[15:45:38] <ratrace> DavePage: then I think you did pretty
much all you could until it's fixed in Debian
1548[15:45:51] <sudomake> when I heard that he had the same
problem I came to this channel
1549[15:45:57] <ratrace> sudomake: can you elaborate? what do you
mean trials? what error do you get?
1550[15:46:03] <DavePage> ratrace: Which is my concern, if
it's not fixed in Debian next time there's a security
release then updating will reintroduce the problem :/
1551[15:46:12] <cbilt> sudomake, so, you forgot your password?
1552[15:46:14] <pitch> DavePage: you can only fix it yourself and
start a PR
1553[15:46:19] <ratrace> DavePage: that's why you use the
debsrc kernel and rebuild on each update with your patch
1554[15:46:48] <sudomake> ratrace, login fails when I want to
resume session from stand-by (sleep mode with the lid put down)
1556[15:46:54] <ratrace> actually for the kernel I think
there's now a different method, than using the srcdeb, annadane
do you remember the factoid perhaps?
1557[15:47:02] <mirrorbird> i also have the problem with login
1650[16:09:45] <sudomake> greycat, it is not like a login loop. I
remember the login loop from ubuntu, where one is directed to
desktop but the screen jumps back to login window
1651[16:10:16] * greycat stops reading google results and closes the
tab and goes back to what he was doing before
1711[16:24:42] <greycat> The choice between "no RAID, if a
single disk fails, I lose, but I get to use all 8 TB of
storage" and "RAID 5, if a single disk fails I can
recover, but I only get to use 6 TB of storage" is not one we
can make for you. And I don't know enough about those other
choices to say anything.
1726[16:26:03] <ratrace> raid10 two may fail, if in different
mirror groups
1727[16:26:23] *** Quits: nickodd (~nickodd@replaced-ip) (Remote host closed the connection)
1728[16:27:29] <greycat> I have a hard time understanding people
who don't care about their data, only how fast it can be read
for the brief time that it survives.
1729[16:27:45] <DavePage> Also depends on whether you're
using spinning rust or SSD - a RAID10 works better with TRIM than
RAID5/6
1730[16:27:46] <greycat> Must be a millennial thing.
1731[16:28:12] <sudomake> BazookaToof, I turned the computer off.
will try a few things including your suggestion
1733[16:28:34] <greycat> Or maybe some Buddhist thing. All data
are ephemeral. When the data is gone, it is gone, and I will simply
move to a new state, change my name, and start all over.
1734[16:29:01] <DavePage> greycat: For a file server, you're
right. For a data processing server, you may care more about
throughput than redundancy.
1735[16:29:18] <ratrace> true, depends on use case.
1736[16:29:37] <ratrace> the use case here is "desktop"
if i'm not mistaken, and with 4 drives, I'd go for raid10.
1737[16:30:02] <DavePage> (a RAID-1 SSD mirror as a writeback
cache on top of RAID 5/6 spinning rust is a reasonable all-round
compromise IME)
1739[16:30:35] <greycat> who the hell puts 8 TB across 4 drives
in a desktop box
1740[16:30:50] <jla20> ratrace, yes, desktop, and 4 spinning
rust.
1741[16:30:55] <ratrace> someone with alotta steam games they
don't wanna redownload? :)
1742[16:31:08] <DavePage> Somebody with an impressive pr0n
collection?
1743[16:31:27] <greycat> but we *just* got through learning that
they don't care about data longevity in any way, so they *will*
be re-downloading all those games ...
1744[16:31:41] <rozie> DavePage: you don't need performance
for that one
1748[16:32:28] <DavePage> I like the idea of ZFS, but I CBA
messing around with the CDDL drama
1749[16:32:46] <rozie> jla20: ragarding your question: it
depends. there's no silver bullet
1750[16:32:47] <ratrace> greycat: seems to me they want both
performance and reliability, with performance being a bit more
important. thus, I'm assuming a 4-wide raid0 is out of the
question :)
1754[16:33:11] <ratrace> DavePage: what CDDL drama do you think
you'd be messing with, as a user and not developer of zfs?
1755[16:33:21] <rozie> but as you asked about performance &
reliability, not mentioning space, raid10 is obvious solution
1756[16:33:38] <sudomake> BazookaToof, as I suspected, when I
restarted computer after shutdown, I was able to login immediately.
which makes me think of a problem with stand-by mode, where I also
had a VM on. I also would like to add that I had often freezes with
this VM lately (CPU perf. at 100%), which did and did not happen at
the same time with the login problem. even though the VM problem may
not be directly related, the login problem seems related to the
1758[16:33:48] <greycat> that uses 2 out of the 4 disks for
redundancy?
1759[16:34:08] <jla20> greycat, I help shutdown a small business,
they had installed a server about a year before. The owner gave me
the HW, but the server had been physically damaged.
1768[16:35:39] *** Quits: Tom01 (~tom@replaced-ip) (Remote host closed the connection)
1769[16:35:48] *** cdown_ is now known as cdown
1770[16:36:09] <rozie> I'd also consider raid1 with one hot
spare and one stock drive
1771[16:37:21] <ratrace> what for. unused disk is a waste of
space
1772[16:37:24] <BazookaToof> sudomake: change your password to
use only keys shared with US keyboard layout. this reminds me of
something that caused problems for me when using JIS keyboards a few
years ago
1774[16:39:25] <greycat> So, when sudomake said they didn't
change ANYTHING yesterday, that was a complete fabrication, because
they changed their password?
1775[16:40:15] <ratrace> the plot thickens!
1776[16:40:27] <BazookaToof> well there was also some bit about
it only breaking after a suspend or something so..
1777[16:40:37] <sudomake> yes, the second time login works, too
1778[16:40:43] <greycat> Sorry, I have a bad habit of asking
passive-aggressive rhetorical questions. We already knew that they
changed something, because the problem "started
yesterday".
1787[16:42:13] <ratrace> problems after standby immediately
scream GPU for me, from experience. and gnome being a POS that also
requires HW acceleration, my suspicion would be key strokes / input
being messed up due to that. it happened before.
1788[16:42:14] <sudomake> if the problem were related to us keys,
I should be having problems with login after shutdown-restart
1789[16:42:18] <sudomake> if the problem were related to us keys,
I should be having problems with login after shutdown-restart
1807[16:47:19] <jla20> sudomake, I must have missed something!
what did you change prior to the failure
1808[16:47:49] <sudomake> jla20, I didnt change anything
1809[16:48:05] <sudomake> that is the story made up by others
with no clear aim to be here
1810[16:48:21] <ratrace> sudomake: so there's two questions
the volunteers spending their time to support you posed, that you
still have to answer.
1811[16:48:25] <sudomake> ratrace, two questions? I must have
missed among the noise
1812[16:48:31] <sudomake> I was looking for your questions
1813[16:48:32] <ratrace> 1) is the problem reproducible in tty,
2) did you try different keymap
1814[16:49:03] <sudomake> ok, I will change the password to US
keys, and try it on tty
1815[16:49:15] <ratrace> your assumption about keymap does not
hold. post-standby corruption in the code can cause any number of
things that aren't visible after shutdown-restart
1816[16:49:30] <jla20> sudomake, things don't just happen!
something must have changed or you have a hardware failure!
1817[16:50:15] <sudomake> jla20, I swear I had no problem the day
before. I put the computer to sleep, and went to sleep myself. and
the next morning this happened
1818[16:50:32] <ratrace> my bet is still with the gpu, but
that's just me
1819[16:50:54] <ratrace> is that nvidia perchance? that tends to
have issues with standby
1822[16:53:06] <jla20> sudomake, that sounds like a HW problem. I
suggest you do a full shutdown and restart. power off, disconnect
from PS, reconnect, restart
1832[16:58:44] <jla20> sudomake, I use APC Backup UPS's for
my systems/ network equipment ... they filter the Power supply and
provide power to the system, should the main s go out
1833[16:59:09] *** Quits: zodd (~Zzzzzzzzz@replaced-ip) (Remote host closed the connection)
1834[16:59:42] <pileofstraw> why would the "monit"
package be in stretch, buster-backports and bullseye? Did it just
skip a buster release?
1857[17:06:22] <ratrace> lol some entitled rusers in that thread
1858[17:06:26] <pileofstraw> I was just reading that, lol
1859[17:06:27] <pileofstraw> hilarious.
1860[17:07:02] <pileofstraw> well that's a pain. before I
get it from backports, can anyone suggest a package that will let me
monitor a directory and send a slack message when it exceeds a size
threshold
1863[17:09:31] <ratrace> pileofstraw: sure nagios could do
somethign liek that, but it sounds rather very specific, so I'm
guessing you can use any monitoring service that allows you to whip
up a quick custom plugin. I use munin and this would be dead easy
with munin
1873[17:13:56] <jla20> A long time ago I used to use
"sbackup" as my desktop backup program. Does anybody know
of a replacement
1874[17:14:38] <ratrace> pileofstraw: SIZE=$(du -sb /path/to/dir
| cut -f1); if [ $SIZE -ge $THRESHOLD ]; then curl
...slack_api_call_here ; fi # hardly calls for installing whole
monitoring suites just for this, if you're using nagios already
1879[17:20:58] <greycat> Avoid using all-caps variable names,
because they may conflict with environment variables and internal
shell variables. Quotes are important.
1896[17:31:35] <sudomake> BazookaToof, but it cant be lying in
the password characters, obviously. something to do with stand-by?
since after shutdown-restart the former password was accepted, too.
1897[17:32:36] <BazookaToof> dunno. don't care. just know it
fixed my problems with JIS keyboards
1905[17:33:41] <DammitJim> in the past, we have always just run:
apt-get update && apt-get -y upgrade && apt-get -y
dist-upgrade && apt-get -y autoremove
1906[17:34:02] <DammitJim> but from what I'm gathering,
that's not very safe because you don't know what you are
installing beforehand..
1907[17:34:22] <DammitJim> do any of you use special mechanisms
to know what you are updating?
1917[17:41:45] <sudomake> I just changed my pw back to the former
one, and didnt have login problem after stand-by. perhaps it is not
a problem that happens every time. ratrace mentioned above some kind
of corruption. what do you think the reason can be?
1920[17:42:38] <sudomake> or perhaps it is a problem that happens
after frequent stand-bys. maybe I should shutdown regularly. is that
kind of thing familiar?
1929[17:46:43] <sudomake> I dont know if youve been following the
conversations with other people on the topic, but I wasnt able to
login to resume session after stand-by. I shutdown and restarted,
now I can login. dont know if it is now solved, or if I have to
shutdown every time I have such problems.
1938[17:53:12] <BCMM> DammitJim: i'm probably missing
something here. why not just leave off the -y?
1939[17:53:51] <BCMM> i mean, if you're running apt manually
from the command line anyway, it has a built-in feature where it
tells you what it's about to do by default
1940[17:53:53] <dvs> BCMM, I think they are running this as an
automatic script
1941[17:54:17] <greycat> which is a bad and dangerous thing
1942[17:54:23] <dvs> yup
1943[17:54:28] <BCMM> dvs: it seems likely, but i hope
that's not what they're doing
1959[18:01:37] <DammitJim> so, if I need to be able to test the
upgrade first, how do I ensure that the same packages get upgraded
once we do this on the production systems?
1960[18:01:55] *** Quits: tgunr (~davec@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
1986[18:28:58] <imMute> DammitJim: make a note of which packages
were updated and to what version during testing and check that those
are the packages/versions available whne you do the upgrade for
real.
1988[18:29:49] <imMute> DammitJim: alternately, use the
snapshot.debian.org infrastructure to "lock" your view of
the apt repo to a specific point in time.
1989[18:30:12] <DammitJim> imMute, snapshot sounds like a great
way of doing this
1990[18:30:21] <DammitJim> not sure I can do the former...
that's just way too much work
1992[18:31:07] <imMute> DammitJim: for the former, run 'apt
list --upgradable' and save it to a text file. do that during
the real upgrade too and if the diff between the files is empty,
nothing new has snuck in
1993[18:31:42] <DammitJim> imMute, I have to do this for hundreds
of servers
2003[18:34:33] <Kobaz> once saltstack debian packages are fixed
with the new security issue, then that'll be safe
2004[18:34:35] <DammitJim> I use saltstack and they don't
provide a way to only upgrade the packages you tested for to the
proper version in an automated way
2005[18:34:41] *** Quits: Haudegen (~quassel@replaced-ip) (Quit: Bin weg.)
2015[18:39:37] <annadane> Kobaz, salt did get fixed
2016[18:39:42] <Kobaz> oh cool
2017[18:39:49] <annadane> though i don't know if salt and
saltstack are two different things
2018[18:39:52] <annadane> :P
2019[18:39:57] <annadane> but yeah i got the email
2020[18:40:24] <annadane> i also don't know what
"fixed" means, whether that's completely fixed or
"this is still super messed up, unplug your machines
anyway"
2021[18:40:50] <DammitJim> what salt problem are you guys
referring to?
2022[18:40:55] <greycat> !salt
2023[18:40:55] <dpkg> Salt is a tool used for remote mass system
management. A vulnerability has recently become public (March to May
2020) and is being actively exploited. See <replaced-url
2024[18:41:00] <DammitJim> I had to patch my master late last
week due to a security vulnerability
2154[20:22:55] <pileofstraw> alright in my continuing saga to
diagnose random reboots in a cohort of 300 identical machines at a
rate of 1-3 per day
2155[20:23:37] <pileofstraw> I am taking 10% of that grouping and
setting up kexec/kdump/crash, then running a cronjob to execute a
script that checks the size of /var/crash and if it exceeds a
threshold it CURLs to a slack app called Dumpy The A**hole Kernel
2156[20:23:44] <pileofstraw> who then messages me with the
hostname of the crashed system
2163[20:27:38] <greycat> At the moment I'm assuming
it's the infamous "intel driver crashing" bug that
only some people seem to run into.
2164[20:27:50] <pileofstraw> It's a two pronged issue and
both prongs are possibly unrelated
2165[20:28:16] <pileofstraw> 300+ intel NUC7i5BNK machines
running debian stretch went through this issue:
replaced-url
2166[20:28:25] <pileofstraw> Without finding cause I field
upgraded them all to Buster.
2167[20:28:49] <pileofstraw> Then I started seeing hard lockups
during regular operation, with X frozen on whatever it was showing
during the lock. No logging is generated.
2169[20:29:10] <pileofstraw> Since then I've been bugging
everyone in here for many days on what to try. I cannot reproduce
the lockup but the volume of machines in the field means I see about
1-3 per day.
2170[20:29:22] <pileofstraw> I am trying to capture a kernel dump
2171[20:29:57] <pileofstraw> in trying to mitigate it I also
discovered the iTCO_wdt watchdog on the NUC7i5BNK is 100% broken,
lol
2172[20:30:08] <pileofstraw> talking to intel support about that
2179[20:32:09] <pileofstraw> I am not sure of anything.
2180[20:32:15] <pileofstraw> I have no idea what it is.
2181[20:32:38] <pileofstraw> But I think I've ruled out RAM
and unless there was a bad run of NUCs I am hoping it's a bug
and not chronically broken hardware.
2184[20:33:29] <petn-randall> pileofstraw: I'd try a
different OS on those machines to see if you have hard lockups
there, too. If you have, you can at least say with some certainty
that it's a hw issue.
2186[20:33:52] <greycat> Have you tried variants on: have some of
them on-and-running but not in X/Wayland, or have some of them
on-and-running-in-plain-fvwm-no-we-browser? To rule out things like
"it's the 3d acceleration".
2190[20:34:55] <pileofstraw> So I have approximately 15 machines
in my shop that I can kill X on. At best, if X is the problem, I
wont have a definitive answer.
2191[20:35:03] <pileofstraw> It'll either be "X was the
problem" or "the crash just hasn't happened yet"
2192[20:35:10] *** flayer is now known as potatoes
2193[20:35:15] <pileofstraw> I can't kill any of the
in-field X instances because these are revenue generating adplayers.
2194[20:35:26] <pileofstraw> same answer for the web browser.
2195[20:35:40] *** potatoes is now known as Guest35906
2196[20:35:40] <greycat> I'm not saying it's X.
I'm saying it's probably some specific part of the
graphics chipset being exercised in a vigorous way by apps that use
3D acceleration, such as GNOME.
2197[20:35:43] *** Guest35906 is now known as flayer
2211[20:40:48] <joepublic> but still more than visa or
framebuffer can handle in the absense of the intel drivers?
2212[20:40:53] <joepublic> *vesa
2213[20:40:59] <lpancescu> i also had MATE+compiz hanging on an
intel chipset (work laptop) just by switching windows with alt+tab a
few times. don't even get me started on nouveau hanging the
system with gnome jsut by changing backgrounds...
2217[20:41:48] <pileofstraw> joepublic: what do you mean in the
absence of intel drivers?
2218[20:42:21] <a90c> what do you suggest about installing old
graphic card's drivers on new distros? whats the best way to do
it?
2219[20:42:23] <pileofstraw> like instead of installing the
driver stack from 01 and instead using the i915 kernel module with
nonfree firmware?
2220[20:42:29] <ham5urg> I would like to build a ldap based
login-server so to be used by windows-clients, linux-clients and a
samba-server for /home (win and linux) as well as for
/some_work_space.
2227[20:43:58] <pileofstraw> joepublic: with this frequency i
might not see a crash on an affected system for months? a year?
2228[20:44:10] <pileofstraw> whatever I test with, without being
able to reproduce this, I need to do on dozens of machines. it sucks
2229[20:44:53] <joepublic> suckage acknowledged. I didn't
really mean test for the crash so much as a test system to see if
everything would be fast/capable enough if i915 is blacklisted.
2243[20:50:37] *** Quits: tgunr (~davec@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
2244[20:50:46] <FUtz> hey guys, when i use ssh -X or ssh -Y and i
run gedit (for example) gedit will open grafically in my local host
and remote host? or just in my localhost?
2245[20:52:03] <greycat> just in what you consider local
2272[21:06:15] <metbsd> is there a way to restore init.d files?
2273[21:06:24] <somiaj> !confmiss
2274[21:06:24] <dpkg> You have to especially tell the packaging
system to reinstall config files because when they are gone, it is
assumed that you want them to stay deleted. "aptitude -o
DPkg::Options::='--force-confmiss' reinstall
$packagename" will restore them (man dpkg for details). If the
package uses <ucf> for config file management, ask me about
<ucf confmiss>.
2275[21:06:34] <somiaj> metbsd: assuming they are beging treated
as a conffile ^^
2300[21:16:19] <exceptionz> i switched from testing to sid some
time ago. is there any way to filter out the packages
uploaded/updated in the last x days for package updates over apt? if
not, is there a cli-way to get the information
"uploaded/updated" per package?
2305[21:17:42] <annadane> that confmiss factoid is a bit
confusing, i'd replace $packagename with <name of
package> or something
2306[21:17:44] <somiaj> exceptionz: sid questions should be on
#debian-next on irc.oftc.net, and if running sid you should really
stay current with the package versions.
2307[21:17:54] <annadane> i know it isn't _that_ confusing
but still
2308[21:18:16] <annadane> unless you specifically need the $
2309[21:18:28] <somiaj> It could be a learning expereience, $foo
is often a varaible.
2310[21:18:44] <greycat> At some point you have to cut your
losses and realize that if you have to dumb down a factoid TOO much,
your target audience isn't even Debian users any longer.
It's Windows users or something.
2311[21:19:01] <somiaj> what about do I need <>, I
don't see how your suggestion changes the are special
characters needed or not.
2312[21:19:01] *** debhelper sets mode: +l 1310
2313[21:19:16] <greycat> Plus, if you're dealing with
someone THIS dumb, the redirection angle brackets are even more
dangerous than the expansion dollar sign.
2314[21:19:21] <somiaj> apt install <fvwm> would fail for
the same reason as apt install $fvwm
2315[21:19:41] <exceptionz> somiaj: thanks for the information. i
will try to post it on oftc. in fact, i just plan to filter out the
packages that have been updated in the last 3-5 days. x should not
be that big :D.
2316[21:19:45] <somiaj> well actually not, $fvwm might be a
variable in the shell, while <> tries redriects.
2317[21:19:59] <annadane> yeah, all good points
2318[21:20:07] <somiaj> exceptionz: it could be, really if you
want to filter 5 days, run testing
2319[21:20:19] <somiaj> testing is said filter
2320[21:21:11] <exceptionz> somiaj: yeah, that's right,
that's what i've been doing all along. only it bugs me
during freeze.
2321[21:21:22] <somiaj> !slushy
2322[21:21:22] <dpkg> When a <testing> release becomes
frozen, <unstable> tends to partially freeze as well. This is
because developers are reluctant to upload radically new software to
unstable, in case the frozen software in testing needs minor updates
and to fix release critical bugs which keep testing from becoming
<stable>.
2328[21:24:25] *** Quits: benlue (~benlue@replaced-ip) (Quit: Lost terminal)
2329[21:24:34] <somiaj> exceptionz: also realize that sid/testing
is often more buggy than normal (if that is a thing) right after a
release, so maybe it is worth stablizing with testing, then waiting
a bit before upgrading to testing again.
2332[21:25:50] <somiaj> exceptionz: there are also acceptable
ways to install stuff from sid in testing, but in general, if you
want a filter to catch bugs, run testing.
2345[21:32:35] *** halvors1 is now known as halvors
2346[21:32:36] <exceptionz> somiaj: my usage information was not
quite accurate anyway. i didn't use pure testing but a mixture
of testing and sid with some pinnings. i just thought that i should
switch to sid completely at some point. however, except for freeze
time, it feels unnecessary, and with the additional hints you
provided (especially about developer tendencies during freeze), i
will reconsider it. my main concern with that filter was to
encounter bugs
2347[21:32:36] <exceptionz> for which it is more likely that a
corresponding issue has already been created.
2394[22:18:25] <boeg> well, i tried stable a while back, but i
found a lot of software not available in newer versions i needed, so
it didn't work for me, so I just ended up installing arch, but
I thought to see about trying debian again, but maybe with either
testing or unstable to have a bit newer versions available, although
not sure which of the two to go with. My intuition says testing
2395[22:18:59] *** Quits: Tobbi (~Tobbi@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
2396[22:19:01] <greycat> What specific "software" do
you "need" to be still raw and bleeding?
2443[22:44:32] <sney> zodd: it looks like some people have tried
to get etherpad into debian but effort stalled a couple times. it
doesn't look like there are any license issues. why not use
etherpad, then, and be the one who gets it into debian
2444[22:46:20] <zodd> etherpad used to have their own apt repo in
the past so it seems. No idea why that was abandoned
2478[23:01:41] *** Quits: CGZero (220285@replaced-ip) (Quit: Lost terminal)
2479[23:01:51] <sawgood> greycat: I too like saying its not full
Debian: its an image, but others around me say I'm wrong and
that this is full Debian 9, so I let it go
2482[23:02:30] <greycat> The relevant part here is that you had
to do something to work around the non-Debian piece of the
"image". Debian does not install dhcpcd by default.
Raspbian does, I believe.
2483[23:02:40] <greycat> So your OS is probably closer to
Raspbian than Debian.
2484[23:02:44] <sawgood> greycat: when I install Debin 9 or 10
from netinstall.ISO I do not face that concern
2487[23:03:31] <sney> if a hardware OEM rolls an image with all
packages from debian sources, it is still debian, it's what
debian itself refers to as "blends." a lot of those arm
board vendors include a proprietary repo for extra packages though
2488[23:03:41] <sawgood> greycat: are you guys seeing lots of
Rasberry/Debian usage boggles here?
2489[23:04:06] <greycat> We are constantly harassed by
"based on Debian" people.
2490[23:04:06] <sney> but just using a different dhcp client than
the standard debian task(s) isn't enough to consider something
a derivative IMO
2497[23:05:33] <phogg> If it's not bug-for-bug like Debian
it's hard to support if all you can check against is real
Debian.
2498[23:06:21] <sney> digital ocean rolled their own kernel but
otherwise it's 100% buster? oops, too bad
2499[23:06:46] <phogg> If it's Debian repos + some
additional vendor repos and packages it's probably close enough
that you can support it, up until the vendor packages become
involved. If it's a custom rolled install image it's hard
to be sure that it's *just* a different package selection.
2500[23:06:54] <sawgood> I really like using small form factor
PCs with multiple NICs for full Debian from .ISO installs: this is
my 1st time using Rasberry/Debian ... I had them sitting on a shelf
not in use: so I thought why not try to make them work
2501[23:07:15] <phogg> from experience it's usually not just
Debian + a package selection, it's that AND random config
changes by people who don't necessarily know what they're
breaking
2502[23:08:02] <phogg> sawgood: a good impulse, but be sure to be
up front about that for support purposes
2503[23:08:15] <sney> yeah and we can still support that because
it's no different from a user breaking their own system, in
practice
2504[23:08:31] <zodd> hmm. The dependency list of etherpad is
quite impressive....
2505[23:08:51] <phogg> sney: at least in those cases there's
some hope the user will be able to *tell you what he changed*
2506[23:08:59] <sney> hahaha sure maybe
2507[23:09:06] <sney> "I don't know I was on
stackexchange"
2508[23:09:38] <phogg> I'm certainly more confident in
telling him how to reset to the baseline and then move forward.
2509[23:11:14] <sney> "I did chmod 777 is that ok"
2510[23:11:45] <sney> "I followed this howto for installing
$thing (links blog page from 2009)"
2511[23:12:05] <sney> and those are the ones who tell you.
2516[23:13:08] *** Quits: wonderer (~quakeroat@replaced-ip) (Quit: Famous quotes #120: "The fear of death is the most
unjustified of all fears, for there's no risk of accident for
someone who's dead.")
2540[23:23:30] <oxek> this is the first month that I am using
debian and I am wondering how security updates work with respect to
firefox-esr. Firefox 68.8.0esr is out and contains security fixes,
but debian contains 68.7.0esr.
2541[23:23:47] <oxek> Does debian not update firefox for the
lifetime of a release, and only backport very specific patches
2542[23:23:50] <otyugh> n_1-c_k, diogenes_ : this gives the
codename, not the "freshness" of it
(oldstable/stable/testing...) :(
2543[23:24:06] <oxek> or has debian determined that none of the
security issues in 68.8.0esr affect the version in debian?
2544[23:24:14] <oxek> or am I being impatient?
2545[23:24:27] <tomreyn> oxek: you can check this here
replaced-url
2560[23:27:04] <oxek> this is so weird, I did `apt update` just
before asking this question and no updates were found, I did it
again now and it sees the firefox-esr update... Sorry for the noise.
2590[23:43:47] <pileofstraw> oxek: i've seen that happen,
its odd
2591[23:43:49] <pileofstraw> its like apt has to catch up
2592[23:44:24] <oxek> pileofstraw: but my understanding is that
`apt update` hits the security repo, which is the same for everyone
because it is not a mirror
2593[23:44:36] <oxek> so it's really weird
2594[23:44:38] *** Quits: tgunr (~davec@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
2595[23:44:53] <sney> the mirrors are distributed and don't
all sync immediately. security.debian.org is a round robin dns I
believe, not a single host
2608[23:49:15] *** Quits: isostatic (uid224824@replaced-ip) (Quit: Connection closed for inactivity)
2609[23:50:17] <LtL> oxek: no
2610[23:51:06] *** BrianG61UK_ is now known as BrianG61UK
2611[23:51:12] <LtL> oxek: subscribe to the mailing list and
you'll be notified of all security announcements before they
hit the repo's.
2612[23:51:27] <oxek> LtL: I was wondering because greycat wrote
"And even if you're using the older security.debian.org
URLs" so I thought there was something newer. Like using
deb.debian.org for the security updates as well.
2613[23:51:50] *** Quits: mase-tech (~mase-tech@replaced-ip) (Remote host closed the connection)