71[01:33:15] <annadane> you're welcome to say it rocks,
just don't ask questions about it here
72[01:33:25] <annadane> !based on debian
73[01:33:25] <dpkg> Your distribution may be based on and have
software in common with Debian, but it is not Debian. We don't
and cannot know what changes were made by your distribution (compare
replaced-url
96[02:00:22] <mbnt> Hi, my mobo has a feature called XMP, where
I can switch the RAM speed to what it is capable of instead of the
default speed. However, when I boot into my Debian OS, it behaves
all wonky. Can Debian support XMP?
97[02:01:07] *** Quits: de-facto (~de-facto@replaced-ip) (Quit: See you around.)
98[02:01:08] <mbnt> So, on auto setting, debian is fine, on
XMP, programs freeze/crash/data goes missing
108[02:03:22] <sney> it would be upstream linux, since it's
a hardware thing. the other possibility is that the "capable
of" speed is over-estimated and you're really overclocking
the ram past what it can handle
109[02:03:35] <trek00> it should work on linux, but it really
depends by the hardware configuration (ddr and mobo)
138[02:15:10] <sney> it gets upgraded when you upgrade to a new
debian release, e.g. 9 to 10. the default-jdk for debian 10 will
stay the same except for bugfixes etc
160[02:25:02] <mbnt> "ultra durable", or so it claims.
: - b
161[02:25:37] <mbnt> Well, Blender chokes when I use it, so
maybe it will choke less.
162[02:26:00] <randompleb> Damn I had a LGA 775 board G41M-ES2L
still works. My 1155 board (ASUS) battery died so I replaced it with
my gigaby te one. I believe they had "dual bios" as
advertisement back in 2008..
163[02:26:12] <trek00> mbnt: it should work, but after a bit of
tuning on timings
164[02:26:34] <mbnt> trek00, So I look for timings in the BIOS/
165[02:26:36] <mbnt> ?
166[02:26:53] <trek00> mbnt: yes
167[02:27:16] <trek00> mbnt: don't expect big improvements
on the speed however
168[02:27:19] <mbnt> I'm such a newb
169[02:27:21] <mbnt> thanks
170[02:27:34] <trek00> mbnt: are you using blender via opencl?
171[02:28:19] <trek00> (on the internal gpu?)
172[02:28:21] <mbnt> mbnt, Yeah. I have the amd proprietary
drivers installed for Ubuntu and Windows (multiboot) but I also have
Debian
173[02:28:34] <mbnt> I don't think I can install amdgpupro
for Debian
193[02:35:38] <hunter0one> Came back to Debian today =)
194[02:38:34] <trek00> mbnt: if you want use opensource drivers
with opencl from amdgpu-pro you could, but no guarantees it will
work fine
replaced-url
195[02:38:55] <trek00> hunter0one: feel good?
196[02:39:12] <hunter0one> trek00: Absolutely
197[02:39:17] <trek00> good! :)
198[02:39:35] <hunter0one> I always come back. Maybe I can end
my distro hopping habit.
205[02:44:01] <mbnt> nor are proprietary nvidea ones, is this
true?
206[02:44:40] <sney> nvidia proprietary works very well but when
there's a problem you're out of luck, and they don't
always keep up with kernel/xorg changes as fast as we'd like.
207[02:44:57] <sney> nouveau is fine for basic usage and older
gpus
208[02:45:23] <sney> there was a time when amd said they were
going to scrap the proprietary (then fglrx) linux driver and just
contribute to radeon. I'm not sure what happened to that
209[02:45:25] <trek00> mbnt: with amd they are focusing more on
opensource drivers on linux, but the opencl part (radeon on compute
ROCm) is not yet available on debian/ubuntu
222[02:51:57] <trek00> mbnt: the open amdgpu should be faster
and more stable then amdgpu-pro, it should be better to install only
the opencl part from amdgpu-pro
223[02:53:18] <tomreyn> there's also a fully open opencl
stack, but it's not as mature.
224[02:53:39] <mbnt> trek00, I will look into that link you sent
me
225[02:53:54] <mbnt> It would be awesome to do real video
editingon Debian
226[02:53:56] <trek00> mbnt: i think Stallman is never gone to
jail :)
227[02:54:20] <mbnt> trek00, He did go, briefly, because he
protested against AMD proprietary drivers
236[02:56:06] <trek00> Protesting against proprietary software
in April 2006, Stallman held a "Don't buy from ATI, enemy
of your freedom" placard at a speech by an ATI representative
in the building where Stallman worked, resulting in the police being
called.
replaced-url
286[03:46:03] <dpkg> Many debian channels are on the OFTC
network (irc.oftc.net), *not* on freenode. If you try to join one
and you see "Cannot join (Channel is invite only)." it
means you did not read it's on irc.oftc.net. See also
replaced-url
365[05:21:20] <mbnt> Unit193: I cannot get into my GUI now
because of that
366[05:21:43] <Unit193> I believe someone else tried to give you
answers, and you didn't seem to like them.
367[05:21:49] <RodrigoBR> Debian is lighter than Ubuntu, thus
it's better. There are many files and solutions common to both.
And since Ubuntu is so famous, you'll find lots of answers on
Google that serve for Debian as well
368[05:22:10] <mbnt> Unit193: It was not that I did not like it,
rather, it was that it did not work.
369[05:22:32] <RodrigoBR> video drivers for Linux suck, because
they're most proprietary
370[05:22:41] <mbnt> Unit193: And I did not like that it did not
work.
371[05:22:47] <RodrigoBR> So install the proper video driver is
the first thing you should do after installing the system
372[05:22:52] <Unit193> mbnt: So other than "didn't
work" and "tried that already", do you have some
error output or something?
373[05:23:09] <mbnt> Unit193: Yeah, no GUI
374[05:23:23] <mbnt> Not even command line unless I get into
rescue mode
375[05:23:36] <RodrigoBR> @mbnt Have you tried
unix.stackexchange.com already?
376[05:24:05] <mbnt> I was hoping a straightforward uninstall of
all that crab would bring me to the pre-install state
377[05:24:09] <Unit193> mbnt: So when you tried to remove the
offending package, what output did you get?
378[05:24:14] <mbnt> Is that asking too much?
379[05:24:44] <mbnt> Nothing in the following line, so the
assumption was that it worked
380[05:25:00] <mbnt> Then when I reboot, I got an existential
nada
381[05:25:26] <RodrigoBR> Have you tried unix.stackexchange.com
already?
382[05:25:34] <Unit193> Anything in /var/log/Xorg.0.log?
383[05:25:38] <mbnt> Except in rescue mode
384[05:26:17] <mbnt> Unit193: Ahhh, you mean spend a coupld of
days trying to debug versus reinstalling for an hour or two
385[05:26:37] <Unit193> No, I do not mean that but if you'd
rather re-install, that's fine. :)
386[05:27:09] <mbnt> Apparently uninstalling is not so
straightforward
387[05:27:35] <Unit193> If a package is poorly created, it might
not.
462[07:00:39] *** Quits: bnw (~bnw@replaced-ip) (Remote host closed the connection)
463[07:04:23] <bolt> I just realized I'm postponing
upgrading to buster only because I can't be arsed configuring
all of my tiling wm stuff, all the hotkeys and customizations
again... My config is getting in the way of me doing stuff O.o
464[07:05:08] <somiaj> what wm do you use?
465[07:05:13] <bolt> awesome
466[07:05:40] <bolt> And, as you do with a tiling wm, I've
customized the hell out of it to make everything work brilliantly.
467[07:06:40] <somiaj> and all of this customization lives
nicely in $HOME right?
471[07:07:49] <somiaj> anyways you can upgrade in place from
stretch->buster, and with most WMs all the configuration should
live nicely in $HOME, so provided awsome didn't do any
incpmadable changes from 4.0 to 4.3, you shuld be able to upgrade in
place and have the exact same setup
472[07:07:53] <bolt> somiaj: of course it does. I've
already tested upgrading however, and things will break. A bunch of
programs change their window hints and such so my custom positioning
rules break.
473[07:07:57] <somiaj> (At least as far sa the wm goes)
474[07:08:40] <somiaj> hmm, I've been running fvwm for 10+
years, and I dno't have to change much of anything, except a
few styles here and there, maybe you should be triggering off of
diffrent hints
475[07:09:02] <somiaj> though you could also just being using
software that changes its class/resource/name way more often than ti
should
476[07:09:43] <bolt> Time to go window manager hunting and
finding something less fancy that I can live with, because this is
just stupid. After all, I can survive even on Windows for some of my
workflow. I must be able to find a WM that's tolerable with
less than an hour of work :)
478[07:10:56] <somiaj> do you just use a ton of software,
because maybe that is the difference here, i do most my work in
xterms, so I have xterm/firefox and maybe a few other gui apps that
I rarely use like gvim, and eveince
480[07:13:15] <bolt> Yeah, I have to use a lot of different
stuff. so much so that I went the route of running many GUI apps in
separate docker containers so their packages and dependencies
won't clutter up my main system. That worked surprisingly well.
481[07:13:22] <RodrigoBR> No way you can do a bash script to
save all the configuration to a file, and other script to put it
back again? That would be useful!
482[07:13:51] <RodrigoBR> I've never used wm though, so
sorry if it's a silly idea
483[07:14:00] <bolt> The bash script would have to know about
all the changes to every single piece of software :)
492[07:20:01] <somiaj> RodrigoBR: problem is lots of gui
software is garbage and doens't realize how important
ICCCM2/EWMH hints are
493[07:20:22] <somiaj> so they change things without realize the
ramifications to us windowmanager users who use that to control our
enviroment
494[07:21:28] <BazookaTooth> strange form of tech debt
495[07:21:41] <RodrigoBR> ok, but let me understand: awesome
helps you setting a default window position for many different
software? It must put these definitions somewhere, in its own dir or
in each program dir, right?
496[07:22:24] <somiaj> RodrigoBR: that is not the issue, a
window manager is what xorg uses to control where windows appear,
how they are layed out, which window has focus, which window is on
top of another and so on.
497[07:22:43] <RodrigoBR> right
498[07:23:05] <somiaj> some of the customizations a user might
want is to run firefox on desktop 2 maximized
499[07:23:45] <somiaj> so everytime firefox is run it should be
put on desktop 2 and maximized, now the window manager needs to be
able to identify what window firefox is so it can put the right
window in the right spot per the user's confiragion
500[07:24:06] <RodrigoBR> what I'm thinking is: if you
customized everything, this customization is somewhere, or in the
awesome dir, or in each program's dir
501[07:24:23] <RodrigoBR> in the second case, awesome still has
to know which programs are those
502[07:24:30] <somiaj> well if in one relase firefox
identifaction string was 'firefox 52' and in the next
release it was 'firefox 62', the confiugration is broken,
because the window manager will not be able to identify the window
any more, since the program changed its name
503[07:24:45] <RodrigoBR> oh I see
504[07:24:51] <somiaj> so bolt would have to go manually
reconfigure each and every window that changed its name in the
custom config file
505[07:24:56] <RodrigoBR> so it's not only updating Debian
to 10, but every software
506[07:24:59] <somiaj> for a few windows it might not be a big
deal, for tons of apps it will
507[07:25:46] <RodrigoBR> unless you're able to parse the
names to extract just the basename, not the version. I think
that's possible in a script, and not overwhelmingly hard
508[07:25:52] <somiaj> I have the same issue when I upgrade my
system, but I run about 10 apps max (90% of my work is in terminals
and xterms) so it doesn't bother me to update a few things
513[07:26:56] <somiaj> well what if the name changes are more
distracstic than my example, but anyways, I'm surprised things
change that much, but I don't run quickly evolving software
514[07:26:57] <RodrigoBR> That's something every user will
want
525[07:33:27] <qman__> I also use awesome, the problem there is
that they have major breaking changes too frequently
526[07:33:50] <qman__> to the point where upgrading required
essentially rewriting rc.lua, not even a simple find/replace or
patch would do
527[07:34:44] <qman__> the documentaiton also leaves a lot to be
desired from this specific issue
528[07:34:45] <RodrigoBR> Well, I use most of my windows
maximized, and I'm a big friend of Alt+Tab. That do it to me
529[07:36:48] <qman__> the window selection issue is real, too -
certain apps just refuse to be managed by the window manager, they
pop up on the "active" screen regardless of configuration
530[07:37:01] <qman__> it's infuriating
531[07:38:03] <qman__> unfortuantely I haven't found a
better solution yet
539[07:42:37] <somiaj> qman__: I say use fvwm, it works great
for me, though it isn't a fully tiling wm, you can configure
almost everything and make it almost tile
540[07:42:38] <qman__> interesting, but I'm not sure how
that could work with tiling window managers
554[07:58:48] <shtrb> Good morning ,is "sudo rsync -av -X
-P /home /mnt/backup/" incorrect way to copy home folder with
ownership preservation (/home/userX and all files have the proper
ownership , but /home/userX/.ssh is owned by root ) ?
567[08:04:31] <shtrb> /mnt/backup/home/userX/.ssh is owned y
root , but /home/userX/.ssh is not
568[08:04:49] <somiaj> is this backup ran as root?
569[08:04:53] <shtrb> yes
570[08:04:58] <shtrb> *sudo
571[08:05:23] <somiaj> if you remove /mnt/backup/home/userX/.ssh
and then run it again, the new directory gets owned by root?
572[08:05:31] <shtrb> yes
573[08:05:54] <somiaj> anyways, I have never noticed this
happening, but I don't use -X or -P on my rsync commands,
though I don't see why they would affect this.
574[08:05:56] <shtrb> It's all subfolders for each user are
owned by root in such case
576[08:07:06] <shtrb> If anything I recently install
apparmor-extra-plugins, but I do not see any denied messages yet
577[08:08:07] <shtrb> Also the users are logged in during the
backup
578[08:08:48] <somiaj> I don't see why -a is not preserving
ownwership, though in my test (which did preserve ownership) I found
I don't like mixing -v and -P
579[08:09:29] <shtrb> it's just verbose and progress
580[08:09:32] <somiaj> oh I guess it doesn't matter, maybe
I experced somethign different from -P, but I doublt that is the
issue
581[08:09:50] <somiaj> yea, I was thinking progress would be a
refreshing percent, but the verbose kept it scrolling
621[09:05:11] *** Quits: Grldfrdom (uid391113@replaced-ip) (Quit: Connection closed for inactivity)
622[09:05:30] <ratrace> shtrb: --info=progress2 will give you
overall progress, -P is just per file. -a should totally preserve
ownership. Is this a mounted filesystem, perhaps somethign thta
doesn't support permissions? fat? smb protocol?
629[09:11:21] <ratrace> shtrb: what happens if you just cp -a
/home/userX/.ssh /mnt/backup/home/userX/ (after having removed .ssh
from /mnt/backup/home/userX) ?
634[09:12:48] <ratrace> shtrb: that's absolutely impossible
unless you're not giving us all info. there must be some
protocol involved that doesn't know permissions, in sending
files to that mountpoint.
635[09:13:23] *** Quits: dez (uid92154@replaced-ip) (Quit: Connection closed for inactivity)
636[09:13:24] <ratrace> is this a linux system? is there a
setuid on /mnt/backup/home/userX ? is THAT owned by root too?
642[09:15:07] <shtrb> Oh feces , I got help in a different
channel , I was checking few seconds after the rsync and copy , I
had been told I should run sync and after that the ownership was
correct !
643[09:15:37] <shtrb> Thank you ratrace and somiaj , it was just
me not knowing I had to wait little bit more and run sync
651[09:17:23] <ratrace> that's bad though, because you have
something there that's messing up things and you don't
know what it is
652[09:18:02] <ratrace> are you 100% sure that /mnt/... is not
over nfs, smb or anything like thta, that would munge or remap
permissions? are you in a namespce and observing ownership from
outside?
653[09:20:52] <shtrb> ratrace, /dev/mapper/backup on /mnt/backup
type ext4 (rw,relatime) (it's over luks ) , I have no idea
about namespaces but I had recently installed apparmor-extra (but no
denied messages or anything in kern.log for now )
1001[14:17:49] <trek00> brutser83: probably they decrypt root
partition (containing /boot) from grub to read kernel and initrd,
then the kernel needs to decrypt again the root partition to boot
1060[15:22:52] <pileofstraw> 300 crashing machines update:
apparently the solution to never have a machine crash is to
configure crash logging on that machine
1061[15:23:11] <pileofstraw> i set up kexec/kdump on 10% of them
and they are rock solid for days its driving me nuts
1063[15:26:32] <oiaohm> pileofstraw: I have had something like
that trace to a bad batch of ram. By setting up kexec/kdump I had
allocated the bad area of ram causing problem to disappear.
1064[15:26:53] <oiaohm> That was 40+ machines with ram from
exactly the same batch.
1069[15:27:49] *** Parts: bswartz (~bswartz@replaced-ip) ("PRIVMSG #ubuntu-devel :ahasenack: Can I just fix a bug in
the package myself then?")
1070[15:28:16] <oiaohm> pileofstraw: if it that bad ram and the
kexec/dump setup allocated the bad area so nothing uses it the
buggers are not going to crash.
1071[15:29:05] <oiaohm> Have you performed a multi pass ram test
on any of them.
1072[15:29:26] <pileofstraw> Oh shoot I see what you are saying
now. lol.
1073[15:29:56] <pileofstraw> Yes I have. memtest86+ pro, 50
passes for over 24 h
1074[15:30:03] <pileofstraw> on a handful of them that had
crashed.
1075[15:30:07] <oiaohm> If it the fault I had it annoying as
hell.
1076[15:30:32] <pileofstraw> Honestly that's not the worst,
I could set up kexec/kdump on all of them and bypass the issue =)
1077[15:30:53] <pileofstraw> Can you specify the area of ram
allocation in kexec? you could run a front-half back-half test.
1078[15:31:10] <oiaohm> I could not answer that one.
1080[15:31:32] <oiaohm> I found it in past by a multi pass
memtest on one of the machines.
1081[15:32:21] <oiaohm> The issue I had was bad ram and 3 to 4
months latter a machine I had missed with the same ram from the same
batch the complete memory cards gave out.
1082[15:32:58] <oiaohm> So setting up kexec/kdump to hide it may
not be a long term move.
1083[15:33:41] <oiaohm> Ok when it ceases to hide the fault the
fault should be simple to find.
1102[15:46:08] <zodd> pileofstraw, I assume you have a logserver
and moniutoring setup and have ipmi/ilo/whatever in place?
1103[15:47:56] <pileofstraw> I do not. I would love to know if
that is useful, though, given that no logs are written to the local
machine during the crash.
1104[15:48:03] <zodd> indeed without
data/measuring/logging/probing it will be hard to diagnose
1105[15:48:29] <pileofstraw> My assumption was that since nothing
is written to kern.log, syslog, or X log it wasn't going to
send something to my log server.
1126[16:00:06] <pileofstraw> zodd: regardless, do you have any
reason to think that logs would be output to an external log server
but NOT written to any local logging?
1130[16:04:31] <zodd> no, not given the current insights. But the
same is true for the opposite. What I would do: #1 think of
differences between servers that have had problems and ones that did
not (if any). #2 check ipmi/ILO/DRACS/etc #3 check monitoring
services (do resources peak, when, why) #4 isolate one server and
create a test environment in which you can enforce the problem. Can
you do that consistently? etc
1131[16:04:38] *** Quits: charking (~charking@replaced-ip) (Quit: THANSK FOR WHATEVER)
1132[16:05:39] <zodd> given my current view/knowledge of the
situation your nick is striking. You are looking for a needle in a
haystack.
1133[16:06:23] <zodd> I sincerely hope Nagios can provide some
patterns/pointers
1134[16:06:26] <pileofstraw> These are not servers, they are
NUC7i5BNK media players
1140[16:07:00] <pileofstraw> I cannot reproduce the problem under
any circumstances that I have yet found.
1141[16:07:18] <brutser> can someone help me with encryption of
the root fs on debian 10? :
replaced-url
1142[16:07:21] <pileofstraw> Not that I can detect with
lm-sensors, plus they're running in outdoor signs in Calgary so
high temps are not realyl an issue.
1143[16:07:41] <pileofstraw> Of the 300 deployed machines I see
1-3 crashes per day at random.
1156[16:11:47] <pileofstraw> this is during normal operation on a
machine that has previously crashed.
1157[16:12:25] <pileofstraw> We don't really use complex
encoded files, these are adplayers. They don't undergo massive
load, they play jpegs and simple videos for the most part.
1158[16:12:33] <pileofstraw> But I am happy to test that on my
bench
1159[16:12:49] <pileofstraw> joepublic: outputting to large
format 1920x1080 LCDs
1160[16:12:57] <pileofstraw> ranging from 55" to 86"
1192[16:34:15] *** Quits: conta (~Thunderbi@replaced-ip) (Remote host closed the connection)
1193[16:34:58] <brutser> if i do a dualboot with debian, how can
i prevent debian thinking to use the swap partition of my first
install when doing the 2nd installation? also LVM seems to get mixed
up when doing dual installation, is that known?
1194[16:35:11] <zodd> no_gravity, depends on hardware and if the
bootloader can be hacked. Check if someone reverse engineered your
device and if not the answers is: maybe, but it will require a lot
of work and knowledge and some luck
1197[16:36:44] <no_gravity> zodd: I don't have a device. But
I would buy one if I could install Linux on it. Unfortunately it
seems information on it is very very sparse around the net.
1198[16:37:12] <joepublic> brutser, is there some reason you
wouldn't want a swap partition to be used by whatever boots?
1216[16:48:02] <brutser> cybercrypto: just i have a debian
installation on the system and i want to create a 2nd debian system
on encrypted volume, including boot - but when installing the 2nd
debian system, it starts using the swap of os1
1217[16:48:28] <brutser> also when i use LVM, i suddenly see swap
lv of os1 end up as lv on os2, quite weird
1221[16:51:04] <cybercrypto> brutser: i see. you want 2 debian
systems running on the same hardware-host, full encryption, and each
system using its own's swaps partitions
1222[16:51:07] *** Quits: coruja (~coruja@replaced-ip) (Remote host closed the connection)
1224[16:51:54] <cybercrypto> brutser: you name the lvm partitions
differently for each OS1 and 2 and you confirmed that OS2 is botting
using swap from OS1?
1225[16:52:27] <brutser> the LV's have similar names, but
different volume group
1244[17:02:41] <PaddyF> bt40: command line interface then :)
1245[17:03:01] <PaddyF> (maybe with sudo)
1246[17:03:09] <bt40> ok
1247[17:03:30] <schreiberstein> multistrap looks like the best
tool for the job. However, it is written in Perl and I do not want
to use something that is unmaintained and potentially unfixable for
me in the future.
1248[17:03:54] <bt40> Unable to init server: Could not connect:
Connection refused
1249[17:03:54] <bt40> (gedit:2820): Gtk-WARNING **: 20:33:36.886:
cannot open display: :0
1250[17:04:11] <bt40> is this problem with Wayland?
1251[17:04:25] <bt40> I also can not open sudo nautilus in
wayland session
1252[17:05:09] <Walex> bt40: "DISPLAY" and
":0" are X11 things.
1270[17:13:09] <diogenes_> watch out for wsky because here is the
last message in #fedora: fedbot has kicked wsky from #fedora
1271[17:13:14] <ratrace> bt40: also, you can't run gnome
applications with sudo. gksu is deprecated, so to open files that
require root privilege (like /var/log/syslog) you need
"admin:///path/to/file" URL given to, say, gedit
1272[17:13:38] <bt40> ok thanks
1273[17:13:49] <bt40> need to go go now, something urgent
1274[17:14:00] <ratrace> bt40: that said, you shouldn't open
syslog files in a text editor like that. cat, less or grep are your
best friend for logfiles
1293[17:21:15] <wsky> not absolutelly flawless at all
1294[17:21:16] <schreiberstein> If a package is maintained by the
Debian QA group (=> orphaned), does this mean it will not be
supported anymore if it breaks?
1295[17:21:37] <wsky> wait
1296[17:21:45] <wsky> this is #debian not #fedora
1297[17:21:53] <PaddyF> yup
1298[17:22:05] <wsky> i had no sleep for last 30h pardon me
1299[17:22:10] <wsky> anyways, /topic
1300[17:22:15] <PaddyF> +1
1301[17:22:36] <schreiberstein> wsky your name suggests
intoxication.
1302[17:22:48] <PaddyF> maybe its short for white sky
1308[17:25:55] <ajshell1> I have a rather exotic issue. Debian
(and Ubuntu) have an "apt" user that is a member of group
65534 (aka "nogroup").
1309[17:26:00] <ajshell1> However, I have an unprivileged LXC
container where I have to do user and group id remapping, which
involves remapping"nobody" and "nogroup"
1310[17:26:05] <ajshell1> (as described here:
replaced-url
1311[17:26:11] <ajshell1> This causes apt to no longer work in
the LXC container.
1312[17:26:18] <ajshell1> Can I change the group the apt user is
a member of, or should I just use CentOS or Fedora instead?
1321[17:30:29] *** zykotic10 is now known as zykotick9
1322[17:30:30] <ratrace> ajshell1: I suppose you can. Dunno if
any paths would need to change ownership to reflect that, but I
doubt it. nobody/nogroup shouldn't own any files anyway
1335[17:35:08] <hisacro_> I was setting up a system with netinst
iso, I choose only xfce & system essentials after installation
it came to ~1400 packages.. does choosing xfce installs debian
specific other packages..
1392[18:15:36] <zykotick9> hisacro: FYI debian "main"
doesn't have any non-free software, you need to look into the
non-free (and possibly contrib) repos.
1393[18:16:01] <ratrace> ice9: ran htop as root?
1394[18:16:09] <ice9> ratrace, yes it's as root already
1395[18:16:38] <ratrace> ice9: sorting by cpu usage? also, how
are you measuring load and cpu utilization?
1436[18:42:14] <RadoS> annadane, though I wonder why this
followed up: "I would appreciate it if you could reply to self
with signed mail re-stating this."
1437[18:42:27] <RadoS> Was there some deception/ sabotage going
on?
1438[18:42:31] <annadane> no clue
1439[18:43:18] <annadane> this was before my time :P
1444[18:46:50] <sawgood> Hey Debian pros: Since Debian 9 and 10:
have no firewall starting by default and since UFW is now the new
firewall process: do I have to do anything to install or use
iptables other than turing in it on?
1445[18:46:53] *** Quits: Tobbi (~Tobbi@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
1446[18:47:43] <sney> no firewall by default has been a debian
standard for a long time, because the user is expected to know if
they need a firewall. do you need a firewall?
1450[18:50:41] <sney> if you do: ufw is a frontend for netfilter.
If you would rather use netfilter directly, that is fine. Netfilter
upstream recommends that people migrate from the older iptables
interface to the new nftables instead.
1451[18:50:42] <sawgood> sney: perfect, and I agree: but is
iptables put on during an install of 9 using netinstall.iso
1452[18:50:59] *** Quits: tvm (~tvm@replaced-ip) (Quit: Lost terminal)
1453[18:51:08] <sney> iptables may or may not be installed
depending on what tasks are chosen during the install.
1454[18:53:01] <ratrace> I see no reason to migrate from the
iptables interface, since nft is likely to be come replaced by ebpf
based firewall.
1459[18:56:39] <sney> I firewall on separate devices as much as
possible so I am mostly outside this conversation anyway, but
iptables was 2.4 era tech and I'm honestly surprised it took
this long to be supplanted
1460[18:57:18] <sney> I generally only bring up nftables when the
person asking clearly doesn't already have a firewall on their
machine. if you're starting from 0, might as well use the
current thing.
1468[19:01:55] <sawgood> in CentOS: you can setup how iptables
starts/loads with a file in /etc/sysconfig called iptables-config
(does) Debian have that same type of process?
1473[19:03:52] <sawgood> ratrace: wonderful: can you help me with
this question; I have Debian 10 (Buster) running on 2 boxes, and I
want to use iptables: they were build using netinstall.ISO (and)
type= basic infrustructure server
1474[19:04:09] <sawgood> ratrace: what else should I add to these
(2) machines to have a full netfilter / iptables process?
1475[19:04:34] <ratrace> sawgood: install the `iptables` and
`iptables-persistent` packages
1476[19:05:28] <sawgood> ratrace: ok, but without installing
anything: already don't I have the iptables package on the box?
1479[19:07:04] <ratrace> sawgood: dpkg -l iptables ... if it
starts with "ii iptables ..." then it's installed.
`which` won't find it unless you're root, because
it's in /sbin/ that's not in unpriv user's PATH by
default
1481[19:08:12] <sawgood> ratrace: yes: ii iptables 1.8.2-4 amd64
administration tools for packet filtering and NAT
1482[19:08:13] <sawgood> r
1483[19:08:29] <ratrace> so you have it. probably not
iptables-persistent
1484[19:08:59] <sawgood> no I don't: adding now with apt-get
1485[19:09:40] <ratrace> sawgood: iptables-persistent works with
files under /etc/iptables/ which you can manually use via
iptables-restore and iptables-save (and ip6tables-restore,
ip6tables-save)
1486[19:10:21] <ratrace> installing iptables-persistent will ask
if you wanna save the current state, iirc
1492[19:15:16] <sawgood> ratrace: I added: iptables-persistent
package: and now I have a directory /etc/iptables with a file
rules.v4 ..... but is there a file for iptables-config (which) show
what iptables will do when it starts (not the filter rules)
1496[19:17:23] <ratrace> sawgood: what do you mean "iptables
will do"? it's only job is to manipulate the rules. the
iptables-persistent framework makes sure /etc/iptables/rules* is
loaded on boot
1497[19:18:44] <sawgood> ratrace: yes; got that part down:
thanks: but in CentOS there is an additional file in /etc/sysconfig
(called) iptables-config (and) cool things about iptables (and how
it will start) (go in here) and you still have another file which
store your rules when loading
1498[19:19:04] <sawgood> I'll pastebin the
/etc/sysconfig/iptables-config file to show you what I mean
1500[19:20:39] <ratrace> sawgood: what do you mean
"how" it will start? what kind of options are thre?
otherwise, /etc/sysconfig is the old way for service configuratoin,
before systemd. on debian, that's the role of /etc/default/
which are env vars sourced by service units, or used by init.d
scripts if they don't have a systemd unit yet
1501[19:20:59] <sawgood> ratrace: can you view this:
replaced-url
1502[19:21:11] <ratrace> keep in mind iptables is NOT a service.
that's why iptables-persistent plugin to the
netfilter-persistent service is needed
1503[19:21:33] <sawgood> maybe that doesn't apply: since my
CentOS box is 6 and using sysV and not systemd
1505[19:22:01] <ratrace> sawgood: okay so that's some kind
of centos-specific convenience service. if oyu want to specify
modules on boot in debian, it's /etc/modules
1508[19:22:41] *** Quits: mcnugit
(~User2.0@108-232-25-53.lightspeed.sndgca.sbcglobal.net) (Quit: My
MacBook has gone to sleep. ZZZzzz…)
1509[19:22:47] <sawgood> For Debian: I'll use: systemctl
enable iptables ...
1510[19:23:07] <ratrace> sawgood: it's all conveniecen
though. you can always whip up your own systemd unit to do whatever
you want with it, modprobing and managing /etc/iptables/rules* or
whatever else. iptables per se does not have a service
1513[19:24:38] <ratrace> sawgood: so you probably mean systemctl
enable netfilter-persistent.service, but you don't really have
to. on debian, almost any package with a service (with some
exceptions) will auto-enable and auto-start the service(s) upon
installation
1531[19:35:38] <sawgood> ratrace: ok got it: so if one has the
iptables package installed by default on Debian (different from UF@)
... then it started during boot: and all you have to do is add
iptables-persistent
1533[19:36:29] <sney> you got the opposite of it, actually
1534[19:36:40] <dvs> yeah
1535[19:37:16] <sney> if you have the iptables package installed
by default (it's recommended by network-manager so this is
common) then you have the iptables utility, which lets you control
the running kernel firewall rules.
1536[19:37:28] *** Quits: mortderire (mortderire@replaced-ip) (Remote host closed the connection)
1537[19:37:32] *** Quits: xcm (~xcm@replaced-ip) (Remote host closed the connection)
1538[19:37:34] <sney> if you want something to "started
during boot", *that* is what iptables-persistent is for.
1539[19:38:16] <sney> iptables itself is part of the linux
kernel. it is not a service and has nothing to do with sysv or
systemd.
1541[19:39:26] <sawgood> sney: thank you ... so just add
iptables-persistent and put in my rules then?
1542[19:40:08] <sney> yep!
1543[19:41:13] <sawgood> sney: since this is the case: iptables
is part of the kernel: and it is running with no rules: why then:
does Debian say by default UFW is the "new" firewall and
it is off by default?
1545[19:42:13] <ratrace> I'd say, since you have no idea how
iptables works, you're better off with a higher level firewall
like UFW or Shorewall
1546[19:42:28] <ratrace> firewalld is also available if you come
from CentOS 7+ world
1547[19:43:18] <sawgood> ratrace: I do have a solid grasp of
iptables (CentOS process), but as much Debian: I know how to make
rules: etc ...
1548[19:43:30] <sawgood> no firewalld for me: I want iptables ...
1549[19:43:56] <sawgood> ah: UFW is a front-end for iptables
(under Debian) got it ... sorry for bothering you so much about UFW
...
1550[19:44:31] <sawgood> UFW is a simplified firewall mechanism
that is implemented on top of iptables. UFW is not as flexible but
is easier to configure for common scenarios
1551[19:45:15] <cybercrypto> sawgood: I recommend you to read
ipfilter.org (project website) and understand the moving forward
architecture evolution. Iptables is not default in debian buster
anymore (you can use it still, of course... but it will be replaced
eventually).
1552[19:46:00] <cybercrypto> sawgood: UFW is just a
'front-end' to simplify the management of the
'firewall rules' for desktop users.
1555[19:47:45] <sawgood> cybercrypto: no kiddin: I know iptables:
just not how Debian uses it under 8/9/10, but I'm gaining on
this very fast ... no need for me to read up on iptables, but thanks
for the tip
1557[19:49:23] <sawgood> I was confused: thinking: and I
don't know why: that when CentOS switched to firewalld (and)
around that same time Debian started using UFW: that UFW as a new
firewall process (not iptables based) ... and that was my mistake
1559[19:50:05] <hl521> Hey, I'm tryin to install unifi to
adopt a switch and access point, but it seems to be failing since it
requires MongoDB <= 3.6.0, is there anyway to force installing
mongodb of that version, or will I have to install it via dpkg?
1561[19:50:22] <sawgood> BTW: you guys here are much nicer than
the CentOS room at times ... what a difference!
1562[19:50:35] <cybercrypto> sawgood: UFW is a front-end. if you
know iptables/ipfilter commands and sintax you dont need UFW at all.
1563[19:50:52] <sawgood> cybercrypto: right on, sir ... perfect!
1564[19:51:20] <sawgood> back in business Debian 9 / 10 using
iptables and iptables-persistent
1565[19:52:32] *** Quits: conta (~Thunderbi@replaced-ip) (Quit: conta)
1566[19:52:44] <cybercrypto> sawgood: if you dont want to learn
(dig commands iptables/ipfilter) you can still manage your own
'personal' desktop firewall using UFW with reasonable
quality. UFW facilitate that for you.
1573[19:55:30] <sawgood> cybercrypto: going / learning / moving
from CentOS 6 to 7 took a lot out of me, and for a while: I was
sticking with CentOS 6, but now I have 7 built all day / night, and
I'm gaining fast with Debian 9 and 10 skills
1574[19:55:46] <trysten> Do i understand correctly that _older_
versions of grub don't support raid metadata > 1.0?
1575[19:56:03] <trysten> And that newer versions should be able
to handle it? Where is this documented?
1577[19:57:17] <sney> that sounds like changelog material
1578[19:59:13] <cybercrypto> sawgood: visit the main project
site, that covers the firewall for linux kernel in general (distro
independent)
replaced-url
1580[20:00:41] <soft_concrete> hi, is it possible to add a static
route for an interface that is using DHCP, in
/etc/network/interfaces?
1581[20:01:27] <sney> yep, with an up command
1582[20:01:32] <soft_concrete> thanks
1583[20:01:38] <sney> 'man 5 interfaces' should have
examples
1584[20:02:47] <cybercrypto> sawgood: you can go to the main page
and check history to get a good overview about it. it started with
iptables -> netfilter -> nftables. Lots of improvements and
new features added.
1661[21:17:02] <mbnt> ratrace, It had to to with getting
proprietary drivers to work on Debian for video editing/blender.
Opencl is needed. You cannot get it in Debian.
1662[21:18:47] <mbnt> ratrace, Because there are proprietary
drivers tied in with it, only very specific distros are supported by
the developers. Even then, the supported distros have problems.
1674[21:23:11] <ratrace> this is all volunteer support on best
effort basis. sometimes you get an expert, sometimes you get a less
experienced answer but still willing to help.
1677[21:24:41] <mbnt> ratrace, If you post a dated link with
comments that indicate the 'solution' does not work, then
maybe you should not post that link.
1681[21:25:24] <mbnt> ratrace, Also, if that has to do with
proprietary software.
1682[21:25:56] <tomreyn> it was probably not on purpose. either
way, you chose to apply what was suggested on your system.
1683[21:26:42] *** Quits: endstille (~endstille@replaced-ip) (Quit: I'll be back.)
1684[21:26:55] <mbnt> tomreyn, that's the problem,
isn't it?
1685[21:27:03] <mbnt> too much trust.
1686[21:27:22] *** gh00p_ is now known as gh00p
1687[21:28:21] <BazookaTooth> right... then if your solution
would be to ban people that are helping you look for answers,
it's probably a good thing you can't. besides this is the
internet, where you should be using caution in the first place
1690[21:29:50] <mbnt> BazookaTooth, channels are generally places
where people who know give information. This is a bit more than not
knowing, this is a piece of bad information.
1691[21:30:26] <BazookaTooth> why are you assuming everyone in
this channel that speaks up is an expert?
1694[21:31:23] <mbnt> BazookaTooth, This is a very specific area
of knowledge I would not expect someone to speak about if they knew
what they were talking about.
1703[21:38:00] <mbnt> pileofstraw, Sort of different from
speaking about something you never implement for yourself.
1704[21:38:03] <sney> you can always tell whether I'm
speaking from expertise or just trying to help figure something out
by how much I use the word "probably"
1705[21:38:30] <sney> some people aren't as readable, but no
free support from irc is guaranteed or warrantied in any way
1723[21:44:56] <sney> well, debian being a free OS, the files
that are in the packages are available to you whether you're
running debian or not. that one in particular is here:
replaced-url
1724[21:45:13] <greycat> I should've told eir to wait more
than the default time period on this one. Oh well.
1725[21:45:15] <sney> I believe there is also a page on
wiki.debian.org for general artwork.
1741[21:51:47] <dpkg> from memory, sid is the codename for
<unstable>, named after the kid in Toy Story that breaks toys.
The great thing about running sid is that when it breaks, you get to
keep ALL the pieces!!
1742[21:51:53] <egrain> oh, unstable.
1743[21:52:16] <egrain> i'm sure there is a youtube video
somewhere explaining how sid was actually the good guy.
1744[21:52:39] <egrain> oh, right i remember. because he was not
hurting living things. how was he supposed to know that the toys
were alive?
1745[21:52:51] *** Quits: jerry (~jerry@replaced-ip) (Ping timeout: 260 seconds)
1746[21:53:02] <greycat> Even wanton destruction of property is
not a good guy thing.
1747[21:53:22] <egrain> anyway, how do i find plymouth-themes of
this sid character?
1748[21:53:30] *** Joins: jerry (~jerry@replaced-ip)
1768[21:57:01] <annadane> it took me the longest time to realize
that sid takes precedece over stable in a sources.list so even if
you install something that doesn't have a bunch of deps (though
it's still a bad thing to do in practice regardless for various
reasons) then it will start pulling other things from unstable... i
think
1850[22:44:58] <r3> I am trying to pass either "--foo"
or "" (nothing) to another command but " shuf -n1 -e
'' '--foo' " has "shuf"
complaining that it doesn't like "--foo" ... how do I
"escape" that syntactically ?
1858[22:48:29] <r3> hmm, I think I can instead place those two
options into a file, and have shuf read it from there rather than
using -e on the command line :)
1872[22:52:40] *** Quits: null1337 (~WhoAmI@replaced-ip) (Quit: If you're not living on the edge, you're taking
up too much space)
1873[22:53:11] <r3> yes, I've read the man page for it (I
wouldn't dream of asking in here if I hadn't first), but
am not understanding why your solution works when shuf -e
'' '--foo' doesn't
1874[22:53:38] <greycat> because you need -- to terminate the
OPTIONs and start on the ARGs
1875[22:54:02] <r3> OH! ok, that makes sense!
1876[22:54:22] <r3> I wonder if I've used that in the past
and not quite known what it does
1878[22:54:55] <r3> thanks a bunch for pointing that out!!
1879[22:54:57] <greycat> !--
1880[22:54:57] <dpkg> [--] commonly the end of arguments
delimiter for GNU or GNU like utilities. It disambiguates between a
literal "--" and arguments. Eg, rm -- --help will remove
"--help" from the current directory.
1881[22:55:13] <r3> that makes perfect sense
1882[22:55:21] <r3> !-
1883[22:55:21] <dpkg> well, - is this something later than
10-10-01 source ?
1884[22:55:50] <greycat> some commands use - to mean "stdin
or stdout". cat and tar are two examples.
1885[22:56:24] <r3> yes, I've done that before but was
hoping for a nice explanation as with '--' :)
1897[23:02:43] <r3> problem with being a polymath autodidact is
that there are occasional gaps in your knowledge - or it could be
that I'm getting old and just didn't remember that tidbit
:) In any case, thank you very much greycat :)
1904[23:04:51] <greycat> one other thing you might need to store
in your subconscious: in regular POSIX/Unix commands, the first
argument that doesn't start with - will typically act as an
implicit end-of-options flag. But GNU likes to "help" you
by looking past that for other args that start with -
1905[23:05:27] <greycat> So a command like "ls -l foo
-c" will successfully list files named foo and -c on Unix, but
not on GNU.
1936[23:35:08] <lowhope> Hi. I'm using the
netfilter-persistent service to set iptables rules on startup.
However, one rule mentions a nonexistent ipset which fails. What
would be a good place to put the ipset command to create the set on
startup before netfilter-persistent startup runs?