13[00:06:03] <dpkg> i guess fbcon is a graphics driver built
into the kernel that accesses the video cards memory directly in a
linear io, framebuffered X is just a way of using that kernel's
framebuffer for graphics instead of the application itself having to
know how the card works.. executive summary: it's hardware
abstraction of the video, or slow, slow, slow... ask me about
<fbcon resolution>.
14[00:08:44] <gribouille> how can I know if framebuffer is
active?
90[01:04:53] <nvz> pretty sure logical sector size is the same
thing
91[01:05:19] <analogical> nope
92[01:07:59] <nvz> well none the less you can fret about
teminology all you want but I am fairly certain nothing in this
entire OS is going to tell you "cluster size" because
nothing calls anything that
93[01:08:12] <nvz> it uses blocks and physical/logical geometry
terminology
94[01:08:41] <nvz> so whatever metric you're looking for
you need to figure out what alternate term you're comfortable
with calling it
95[01:10:29] <nvz> my /dev/sda1 is ext4 and dumpe2fs says block
and fragment size is 4096, blkid -i says
MINIMUM_IO_SIZE="4096"
98[01:10:58] <nvz> I'm reasonably certain if you were to
grep the entire source code for everything in debian, you wont find
the word cluster used the way you use it anywhere
99[01:12:56] <nvz> afaik the term cluster as pertains to a
filesystem as you use it, means the minimum size or fragment size of
data within the filesystem
100[01:13:02] <nvz> thats exactly what these values are
101[01:13:10] <nvz> we just don't call it that
102[01:14:18] <nvz> and the reason we don't use such terms
is because we are not so narrowly scoped.. we support a TON of
filesystems which all work VASTLY different.. some dont even have a
static size like this
103[01:14:30] <nvz> some dynamically size these
"clusters"
109[01:15:45] <nvz> I say this because I used and supported
windows a long time.. then I found debian and been using and
supporting it about as long now.. and I haven't heard that term
since I made the switch
110[01:15:50] <flayer> why does it get so nuts sometimes
111[01:16:53] <nvz> because sometimes ya feel like a nut, and
sometimes you dont :P
112[01:18:05] *** Quits: teclo- (42@replaced-ip) (Quit: Lost terminal)
157[01:59:06] <CarlFK> anyone know if there is a new version
being worked on that respects and reports the versions of dependence
158[01:59:41] <nvz> near as I can tell based o wht this tool
does, there is no reason for it to consider version
159[01:59:42] *** Quits: mortderire (~mortderir@replaced-ip) (Remote host closed the connection)
160[02:00:18] <nvz> its purpose is to find out based on lists of
possible packages, which ones are common to them all to know which
ones should be part of a "base" system
161[02:00:26] <nvz> the versions are irrelevant to that end
214[03:06:11] <dpkg> "Does anyone have X or use Y?" is
taking a poll, not asking a good question that IRC helpers can
answer. Don't do it or sussudio's army of militant badgers
will hurt you. Also see <ask> and <bad polls>.
244[03:33:40] <sney> I guess if it was as simple as 'apt
install qtile' they wouldn't be so lost. and I see they
left, too.
245[03:34:40] <genr8_> hes a moron. the install guide is right
here
replaced-url
246[03:37:27] <sney> the debian instructions on that page refer
to a 'qtile' package that does not exist.
247[03:37:39] <sney> building python stuff from source is
relatively straightforward once you know what you're looking
at, but understandably daunting for a newbie
248[03:37:48] <sney> regardless, their vague-ass questions did
them in, clearly :P
286[04:47:07] <foul_owl> How do I find the chipset for a
bluetooth device if lspci is not showing it? (I'm guessing
lspci isn't showing it because the driver or firmware
isn't installed, but I can't determine that until I know
the chipset)
287[04:47:19] <nvz> lsusb
288[04:47:22] <mesaboogie> some are lsusb
289[04:47:26] <nvz> most bluetooth devices are usb
290[04:47:42] <dvs> lsrs232 ;-P
291[04:47:48] <foul_owl> Thank you! Even if it's internal
to the device?\
292[04:47:55] <mesaboogie> yes
293[04:48:05] <foul_owl> Thank you :)
294[04:48:05] <nvz> foul_owl: even if its on the exact same chip
as the pci wifi
342[05:26:44] <icypee> and go onto youtube and skip ahead in the
video
343[05:26:55] <icypee> the browser freezes
344[05:27:04] <icypee> do you guys know how to fix that?
345[05:29:20] <somiaj> hmm, dno't see any bug reports that
match that behavior.
346[05:29:51] <icypee> should i run it in the terminal?
347[05:30:17] <alex11> (i'm not joking when i say this)
google is known to optimize things for chrome and deride everything
else
348[05:30:23] <alex11> whether that's the problem here, i
don't know
349[05:31:39] <icypee> ** (WebKitWebProcess:3): WARNING **:
23:31:02.332: WebKit wasn't able to find the GL video sink
dependencies. Hardware-accelerated zero-copy video rendering
can't be enabled without this plugin.
353[05:33:58] <icypee> so nothing i can do about it?
354[05:34:01] <somiaj> and stable is older than those fixes, so
sounds like you should use another browser.
355[05:34:30] <somiaj> well you could compile newer versions
yourself, but I'm not seeing any easy solution in debian
stable. Though I also didn't find any bug reports related to
this, but I only looked at the browser, not webkit or gstreamer
361[05:36:51] <somiaj> I'm not seeing any clear path, and
depending on depednecies it may not be a simple thing, as
you'll have to backport both webkit gtk and gstreamer. Due to
other things that also depend on these, I dn't see it as an
easy one or two package fix
362[05:37:06] <somiaj> flatpak might work if you trust them, as
it should contain newer versions of all the libs and leave your
debian system alone
363[05:37:35] <icypee> o so if i compiled the new version it
probably wouldn't help?
364[05:39:26] <icypee> i think i might just stay on chromium
until ungoogled chromium gets fixed
365[05:41:46] <icypee> actually i could use iridium
366[05:42:08] <somiaj> I don't know how much work is going
to be required as other things depend on the libaries gstreamer and
webkit, so updating those could be a bit of work to ensure you do it
correctly and remain compadable with other software
371[05:43:15] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
372[05:43:17] <somiaj> what do you mean its google? What makes
chromium ungoogled? chomrium in debian doens't contain any
googles branding or non-free stuff in it
373[05:44:55] <imMute> yeah, isn't "googled
chromium" called "chrome" ?
374[05:46:32] <somiaj> well google does a lot with the chromium
codebase, so there is that, but I'm unsure how you would
ungoogle that, since google has put so much into the open source
base they build chrome on
375[05:46:48] <somiaj> I mean chroium has always been the
opensource base chrome was built on top of with google's
branding and additional non-free stuff
376[05:47:53] <somiaj> If it is specific features that you
don't like, might want to check, debian does disalble some of
them that are against debian's policy and DSFG, though
google/chromium does sneak stuff in there ocasionally, but usually
there is a bug report around that
378[05:49:13] <somiaj> "ungoogled-chromium is Google
Chromium, sans dependency on Google web services." Some of that
stuff is disabled in debian, though often it takes bug reports and
time, and I"m not sure on the exact details of what debian
disables
387[05:53:35] <n4dir> i'd assume that google has put quite
some effort in other browsers too. And if you go down deep enough in
that rabit hole, you would find it.
391[06:04:35] <nvz> browsers have just gotten ridiculous anymore
392[06:05:02] <nvz> when you need a bunch of extensions just to
browse the web without being harassed, you know things have gotten
out of hand
393[06:05:25] <n4dir> exactly.
394[06:05:54] <nvz> the thing where it keeps you from leaving a
page, the notification from pages, the ability to popup or open
other windows, etc, etc.. are all just features most people
don't even want
416[06:38:21] <nvz> yeah I came to the same conclusion and even
started coding to that end, but haven't gotten anyone to help
yet
417[06:39:15] <nvz> I'm not really a coder.. more a
dabbler.. I could use the help of somsone better able to lay out the
framework for a saner design than what I call, my APOC *(Atrocious
Proof Of Concept) code
418[06:39:59] <nvz> my idea is to use a link handler.. that can
take links from irc, web, email, anywhere, pre-process them,
dispatch various other programs to deal with them..
420[06:41:09] <nvz> open yt links with the video in a program of
your choice, pre-parse news articles and open them in a program of
your choice.. which is all my APOC code does.. but the idea is to
have a complete framework for handling all kinds of web content with
the core features of a browser, history, bookmarks, etc.. without
having to involve a browser
421[06:42:10] <nvz> the idea is to hook into the mime handling
of your system itself and handle links from anywhere and show you
what you want to see the way you want to see it
453[07:19:34] <Lope> I've got a host i5 4670k and a guest
in KVM, both running 4.19 kernel. When I suspend my host *while* the
VM running (idling), the VM goes to shit afterwards. Not entirely,
it still "works". But it runs slower, sometimes incredibly
slow if I've suspended the host many times over a few days. And
if I have suspended the host while the VM was running: when I shut
down the VM, I get all kinds of kernel errors in the VM's
terminal. Would I benefit from pausing the
454[07:19:34] <Lope> VM before I suspend the host? Or is suspend
just a problem regardless?
455[07:20:34] <nvz> o.O
456[07:21:47] <nvz> what would make you think that this should
even work at all?
457[07:22:06] <Lope> nvz, you mean suspend, or suspend with a VM
running?
458[07:22:36] <nvz> yeah.. what would make you think a normal
use case of virtualization is to suspend the host while the guest is
running?
459[07:22:47] <Lope> I would expect that KVM has an awareness of
what the host is doing, and would pause the VM automagically as
well.
460[07:22:56] <nvz> I see..
461[07:23:01] <Lope> I mean if the host stops, it can't
realistically expect the guest to keep running.
462[07:23:09] <nvz> I would expect that someone virualizing an
OS wouldnt even BE suspending
463[07:23:22] <Lope> I work in a VM.
464[07:23:33] <nvz> I'm sorry to hear that
465[07:23:42] <Lope> haha
466[07:23:45] <nvz> heh
467[07:23:58] <doubletwist> It makes sense to think that if the
host is *suspended* - that would include keeping the memory state of
anything running on the host, which I admit I would expect to
include the VM itself
468[07:24:00] <Lope> My VM is "my computer"
469[07:24:46] <Lope> I've got a crapton of hard drives
connected to my host, so I suspend so they get some rest over night
etc.
470[07:24:55] * nvz sicks Microsoft's lawyers on lope for using
the
471[07:25:04] <nvz> "my computer"
472[07:25:21] <Lope> LOL has microsoft trademarked "my
computer" hahahahha?
473[07:25:26] <nvz> idk, probably
474[07:26:03] <Lope> Interestingly, my PC uses roughly the same
power while idle as while suspended anyway.
475[07:26:07] <nvz> seriously though I dont have a ton of
experience with VMs, I only use them occasionally for volunteer
support here.. but your use case sounds crazy to me
476[07:26:31] <nvz> I would never even think to suspend a
computer while its virtualizing another computer
477[07:26:31] <Lope> Because the IME keeps running at full tilt
regardless and that's what seems to consume 50W regardless of
whether the PC is running idle, suspended, or off.
478[07:26:50] <Lope> So the only purpose that suspend serves is
my hard drives stop spinning.
479[07:26:52] <nvz> and I'd imagine most the people coding
this stuff wouldnt think you would either
480[07:27:14] <nvz> you do realize you can stop a disk without
suspending right?
481[07:27:27] <Lope> Gotta love that intel backdoor spyware
eating 50W 24/7. So important.
482[07:27:37] <nvz> of course y'know.. you gotta stop using
it too..
483[07:27:43] <nvz> or else its gonna start right back up
484[07:27:52] <nvz> but you can certainly stop it anytime you
want..
485[07:28:14] <nvz> doesn't make it a good idea.. because
parking and revving up a disk is a wear
486[07:28:23] <nvz> just as much as it running is
487[07:28:37] <joze> this web thing requires php 7.4
488[07:28:40] <joze> damn
489[07:28:44] <Lope> nvz, yeah, I suppose that's a better
alternative. But I'm not sure if ZFS will play ball with
suspending all the disks.
490[07:28:55] <Lope> It might just decide to spin them up again
when it farts.
491[07:28:58] <joze> when will testing be stable? :)
492[07:29:12] <nvz> joze: probably another year at least, but
you can place your bets now
493[07:29:14] <Lope> I'll ask the ZFS entorage.
494[07:29:30] <joze> +is it like horse betting?
495[07:29:54] <nvz> idk that anyone has done it lately but in
the past we've made a game of betting when the next release
would come
558[09:42:12] <ratrace> Anyone using SpamAssassin? Are your
sa-update(s) failing with
"/var/lib/spamassassin/3.004002/updates_spamassassin_org/1881814.tar.gz"
missing ?
577[10:15:01] <hundfred> hi, i want to use the free space on a
debian-live on flash drive, but the partition layout i found on the
stick confuses me :
replaced-url
583[10:20:35] *** Joins: mezzo (~mezzo@replaced-ip)
584[10:20:58] <nvz> what confuses you?
585[10:21:02] <genr8_> thats not an accurate partition layout.
MBR/GPT probably.
586[10:21:47] <somiaj> !hybrid images
587[10:21:47] <dpkg> Since the 6.0 "Squeeze" release,
Debian installation images for x86 systems - e.g. <netinst>,
<CD1>, DVD1 - are hybrid images. These can be written directly
to CD or HD Media (e.g. USB thumbdrive) without further preparation.
See
replaced-url
588[10:22:12] <somiaj> arg, they are also efi/legacy enabled, so
the partition table is not standard
636[11:22:16] <Lope> I'm trying to generate known_hosts,
but it doesn't seem to use a simple fingerprint as the
fingerprint (the last item on each line). it seems to hash it or
something, because the fingerprint does not even exist in plain-text
in known_hosts. Any ideas?
637[11:22:26] <Lope> And this has nothing to do with
HashKnownHosts.
657[11:47:27] <Lope> AndreasLutro, thanks bud, I've been
looking into it. I see that the last item is actually the entire
public key, not a fingerprint of it.
658[11:47:47] <Lope> AndreasLutro, I'm trying to figure out
how to show the public key using ssh-keygen, any ideas please? :)
670[12:00:27] <Lope> AndreasLutro, I don't see the point of
ssh-keyscan though, all it can possibly do is confirm someone has
MITM'd your connection. Other than that, as far as I can tell,
it's totally useless.
671[12:00:39] <ratrace> !xy
672[12:00:39] <dpkg> Slow down for a bit! Are you sure that you
need to jump through that particular hoop to achieve your goal? We
suspect you don't, so why don't you back up a bit and tell
us about the overall objective... We know that people often falsely
diagnose problems because they are too close to them -- it's
easy to miss that there is a better way to proceed. See
replaced-url
673[12:00:55] <Lope> hi ratrace
674[12:01:08] <ratrace> o/
675[12:01:29] <ratrace> so what are you _actually_ trying to
achieve?
676[12:01:32] <Lope> All good bud I solved my issue. Turns out I
was making a mistake. I was thinking I was typing ssh-keygen but I
was actually typing ssh-fingerprint LOL
677[12:01:42] <Lope> bad autopilot brain.
678[12:02:18] <ratrace> heh
679[12:02:39] <Lope> ratrace, there are a few servers, that I
have the fingerprints for, and wanted to populate known_hosts with
them
680[12:02:58] <Lope> but I only learned recently that
known_hosts doesn't actually store fingerprints. it stores
public keys.
681[12:03:03] <ratrace> yeah
682[12:03:29] <Lope> ratrace, have you tried running desktop
applications inside LXC?
683[12:03:39] <ratrace> long time ago
684[12:03:45] <Lope> hmm. Ok
685[12:03:49] <ratrace> why?
686[12:04:09] <Lope> Well, I tried ClearLinux in a VM recently
and was impressed by it's insanely fast boot time.
687[12:04:23] <Lope> But then discovered it's repos are
miniscule.
688[12:04:35] <ratrace> CL is artificial construct, and
experiment by Intel, tho
689[12:05:05] <Lope> yeah, because there's not much
software available for it, I'd need to actually run debian in
LXC
690[12:05:12] <Lope> for stuff that's not available in CL.
691[12:05:21] <Lope> (which is 90+% of software haha)
692[12:05:31] <Lope> Just experimenting.
693[12:06:44] <ratrace> that would totally defeat any speed
benefits of CL; as you're left with only the kernel from CL,
your entire userspace around a containerized program would be from
the container
694[12:07:12] <Lope> ratrace, I realize that. Basically I'd
get the speed benefits of the kernel and whatever software CL
offers, which isn't much.
710[12:09:27] <ratrace> you need to bind the xorg socket either
from the host or from another container running xorg, you need to
bind /dev items for dri/nvidi/gpu thingies, audio devices, and input
711[12:10:02] *** Quits: dselect (~dselect@replaced-ip) (Quit: ouch... that hurt)
712[12:10:07] <Lope> when you say input, you mean audio input?
713[12:10:16] <Lope> and webcam
714[12:10:18] <ratrace> I mean /dev/input/
715[12:10:24] <Lope> (not keyboard and mouse surely)
716[12:10:24] <Lope> ?
717[12:10:35] <ratrace> well yes, your xorg needs the devices
718[12:10:35] <Lope> because that would negate the security
benefits
719[12:10:48] <ratrace> Lope: duh, Xorg is one big negation of
security benefits.
720[12:11:03] <Lope> well if you give the container access to
your input devices, then they can just keylog everything.
721[12:11:04] <ratrace> but _something_ > nothing, so
it's not totally futile
725[12:12:03] <ratrace> Lope: but YES, even if you isolate and
containerize like that, xorg being xorg, it's possible to
exploit it and break through containment through xorg APIs
726[12:12:07] <Lope> so if you want to run semi-malware in a
container securely, I thought you could run *just* an application
without running an entire DE and xorg etc inside the container?
788[12:25:24] <ratrace> infact, it requries USERNS and
that's traditionally a very vulnerable part of the kernel
789[12:25:27] <oxek> Lope: I run skype, zoom and all the other
proprietary apps in either firejail or flatpak (bubblewrap) sandbox,
with a separate x11 server using xephyr so that they cannot perform
keylogging
801[12:29:09] <oxek> on linux, all the apps you run are
inherently trusted, that's how it was designed.
802[12:29:25] <oxek> hence, don't run untrusted apps
803[12:29:27] <Lope> oxek, do you have any reading materials for
using xephyr for this purpose? I see the wikipedia page doesn't
mention your use case of it.
805[12:29:59] <oxek> 1) start xephyr 2) start an app in xephyr?
806[12:30:11] <ratrace> xephyr is just false sense of security.
the kernel is most vulnerable and all your apps are sharing it. if
you _know_ you're running malware... just don't share the
kernel with it
807[12:30:11] <oxek> if you use firejail, then it has
--x11=xephyr option
808[12:30:35] <oxek> ratrace: kernel exploits are harder than
x11 exploits
810[12:30:52] <ratrace> oxek: I'm not so sure in 2020
811[12:31:02] <ratrace> kernel security has really deteriorated
812[12:31:04] *** Quits: bubi67 (~klo_jnk@replaced-ip) (Read error: No route to host)
813[12:31:04] <oxek> true, we don't have any certainties
left in 2020
814[12:31:39] <oxek> in any case, x11 is full of holes, wayland
aims to fix that but wayland is still not useable for many things
815[12:31:59] <Lope> ratrace, oxek has a point about x11
exploits though. Which makes me think you should run lots of stuff
in xephyr
816[12:32:23] <oxek> Lope: or just don't run untrusted
apps?
817[12:32:32] <Lope> oxek, "oxek> if you use firejail,
then it has --x11=xephyr option" do you mean you must have
xephyr installed to be able to use firejail with it's default
settings?
818[12:32:39] <ratrace> Lope: but it's less protection than
a full VM can give you
819[12:32:45] <ratrace> so why settle with mediocre?
820[12:33:07] <oxek> Lope: firejail does not utilize xephyr by
default in any of its profiles
821[12:33:07] <Lope> oxek, oh, my bad, I misunderstood. I get
what you're saying now.
823[12:33:44] <Lope> ratrace, I agree with you 100%. Surely
skype inside xephyr filefail inside a VM is better than running the
latter on the host.
824[12:34:25] <oxek> x11 security extension < xvfb <
xephyr with firejail or flatpak < linux containers or docker <
vm < another physical machine < another physical machine
disconnected from anything
825[12:34:26] <Lope> ratrace, I was thinking in terms of running
non-malware in firejail by default.
826[12:34:42] <Lope> Because for example, let's say you
open a bad PDF, now it malware's your whole X11 session.
827[12:34:44] <oxek> throw in some namespaces and cgroup
implementations somewhere in there
828[12:35:10] <oxek> Lope: don't open bad PDFs then?
829[12:35:19] <ratrace> well how do you know they're bad
830[12:35:32] <Lope> ratrace, so to be clear, I'm thinking
a VM (or better a separate PC) for malware like skype and zoom etc.
831[12:35:34] <ratrace> if you knew something was malware, then
security would be moot: just don't run it. lol
832[12:35:37] <oxek> if they come by email, they are bad. If
they are on some random webpage, then they are bad.
833[12:35:47] <Lope> And then firejail and xephyr for all normal
open source stuff.
834[12:35:57] <ratrace> Lope: don't forget the browser.
that's the most likely intrusion vector
835[12:36:07] <oxek> Lope: or just use qubes-os, it has debian
as one of the machines
836[12:36:32] <Lope> ratrace, yeah, I agree. it seems that
browsing in a VM would be best. Before I didn't want to hassle
with it, but I've been working with VM's more lately and
don't think it would be too bad.
837[12:36:36] <ratrace> I woulndn't trust qubes. not with
the amount of xen vulns reported monthly
838[12:36:50] <Lope> Also if you browse with a VM it would make
fingerprinting harder.
839[12:37:13] <oxek> qubes is still better than running a
browser without qubes
840[12:37:18] <Lope> especially if you use a windows VM or
whatever.
841[12:37:27] <ratrace> Lope: not necessarily. if your VM has
persistence, then it's the same thing
842[12:37:45] <oxek> I don't believe running qubes exposes
you to more problems than not running it
843[12:38:09] <ratrace> oxek: probably not, but it definitely
_does_ expose you to more than they claim
844[12:38:17] <Lope> ratrace, well, if I used a VM for browsing
I'd make it revert snapshot on shutdown.
845[12:38:31] <oxek> if you're at the point where you can
exploit xen, then you'd already have some way of exploiting the
stuff below xen - hence you could exploit a normal debian
installation
846[12:38:36] <ratrace> ie. "You had one job". or....
tool designed for security is by its nature insecure, etc...
849[12:39:12] <Lope> ratrace, but ofcourse one would need a way
to update the browser and then update the snapshot.
850[12:39:25] <oxek> Lope: take some time off, sit down, think,
and write down your threat model. Then prepare accordingly.
851[12:40:27] <Lope> The threat model is rather large if
you're thorough.
852[12:40:32] <ratrace> Lope: it all comes down to the balance
of probabilities. like oxek said, how likely it is to subvert xen to
begin with, etc...
853[12:41:05] <ratrace> and with that balance, running untrusted
stuff in VMs suffices. you can rollback images on shutdown, and have
separate update runs without firing up the untrusted apps, to update
the images, etc...
854[12:41:34] <Lope> ratrace, yeah that's easy enough to
do.
855[12:42:32] <oxek> it's sad to say, but if security is
really important to you, then perhaps debian is not the distro for
you. Debian does not have the latest updates.
856[12:43:00] <oxek> yes, debian tries to backport security
fixes, but it does not get new security features
857[12:43:02] <Lope> debian does run a little old I agree.
858[12:43:20] <oxek> also, bugfixes are not backported, and a
lot of bugfixes are security fixes too, they just aren't
labelled as such
859[12:43:29] <ratrace> unfortunately
860[12:43:45] <Lope> it's funny this whole conversation
started with me asking about running debian in LXC to be able to use
a different distro that has less software available.
861[12:44:15] <ratrace> the kernel devs are even recommending
everyone run the latest mainline, because they can't be
bothered with labelling every bugfix as security fix, where needed
865[12:44:51] <Lope> It seems like if you want stuff to be
secure you need stuff to be stateless with everything isolated etc.
866[12:45:16] <ratrace> no, you just need good defense in depth.
there's no single holy grail in security.
867[12:45:24] <oxek> to be fair, if it was up to me, I'd
rename "debian stable" to something else. Because a lot of
people think that the word "stable" refers to "does
not crash, gets bugfixes" but that's simply not true
868[12:45:25] <Lope> what kernel do you guys recommend to run
with Buster?
869[12:45:34] <Lope> I'm still on good old 4.19
870[12:45:54] <ratrace> I'm using that too
871[12:46:15] <oxek> Lope: default kernel unless you have
hardware that requires newer kernel
872[12:46:34] <ratrace> having been bitten by sns, I refuse
running non-lts kernels that aren't at least .10 old, or even
more in same cases
873[12:46:55] <Lope> ratrace, I've not been experimenting
with dropbear for a while, but did you see that it got ed25519
support?
876[12:47:08] <oxek> I have a machine that can't even boot
with the newer kernel
877[12:47:32] <Lope> ratrace, sns?
878[12:47:33] *** Quits: mezzo (~mezzo@replaced-ip) (Quit: leaving)
879[12:47:39] <ratrace> !sns
880[12:47:39] <dpkg> Shiny New Shit Syndrome is a serious
disorder, which usually breaks out into an epidemic every time
something new is released. If you have SNS, ask me about
<backports> and <ssb>; these are better options than
upgrading to <testing> because it is a <moving target>.
910[12:56:02] <akik> i ran into a weird problem with booting
debian buster from a usb stick with grub using hd-media vmlinuz and
initrd.gz. if the debian buster iso debian-10.5.0-amd64-netinst.iso
is in the same directory on the usb stick than
ubuntu-20.04-desktop-amd64.iso, the ubuntu iso gets mounted as
/cdrom in the debian buster installer and then the installer fails.
if i then remove the ubuntu iso from that directory and
911[12:56:08] <akik> boot again, the debian buster installer
works fine
912[12:56:19] <Lope> ratrace, that's true, although if you
break your bootup process then you're SOL.
913[12:56:48] <efloid> just upgraded to f2fs for main
filesystem. when booting i see a lot of repeating messages
"Begin: Running /scripts/local-block ... done." before the
system eventually boots. any idea what this is?
917[12:57:50] <Lope> ratrace, do I remember correctly that you
also use gentoo? or was that someone else?
918[12:57:57] <ratrace> I use gentoo too yes
919[12:58:33] <Lope> ratrace, is it possible to compile your
debian kernel optimizing it for newer CPU's similar to what
clearlinux does?
920[12:59:14] <Lope> (I've compiled kernels before, to fix
driver issues... but didn't do any performance changes)
921[12:59:47] *** Quits: pk (~pk@replaced-ip) (Quit: Lost terminal)
922[13:00:11] <Lope> <ratrace> Lope: or no ssh at all, but
a custom initramfs that fetches the key from somehwere <Lope>
ratrace, that's true, although if you break your bootup process
then you're SOL.
923[13:00:14] <ratrace> Lope: sure but you're asking the
wrong question
925[13:01:02] <ratrace> Lope: "debian kernel" is just
vanilla kernel + some debian specific patches. CL kernel is just
vanilla kernel with some CL specific patches AND compiler
shenanigans.
926[13:01:40] <Lope> okay, so can we do the compiler shenanigans
on the "vanilla kernel + some debian specific patches"
927[13:01:48] <ratrace> so of course it's possible but then
you're turning debian into CL ... because debian is just a
collection of software developed elsewhere, integrated into a whole
with some custom modifications
928[13:02:05] <Lope> Truth be told. Last time I compiled an
x86_64 kernel it was for ubuntu. And they've got their own git
repo if you want to compile the "ubuntu kernel"
929[13:02:13] <Lope> I assumed debian would have something
similar.
934[13:03:59] <Lope> so is it trivial to reproduce CL's
compiler shenanigans on the "debian kernel"?
935[13:04:59] <Lope> Another crazy question!!! *hold on to your
seat* Since you can run debian in a CL chroot. Could you just boot a
CL kernel with a debian rootfs?
939[13:05:54] <ratrace> Lope: maybe. but something tells me
you'd be disappointed with performance gains
940[13:06:16] <Lope> ratrace, well I've used CL in a VM and
it feels snappy as hell.
941[13:06:36] <Lope> but of course that's EVERYTHING
compiled with the shanigans, as you mentioned.
942[13:07:06] <ratrace> and that's the most important bit
here.... kernel itself is likely not a significant contributor to
the speedups
943[13:07:19] <Lope> ok. thanks.
944[13:12:33] <ratrace> oxek: "debian tries to backport
security fixes, but it does not get new security features" --
you mean for the kernel or userland too? anything specific as
example?
945[13:13:09] *** Quits: platvoeten (~platvoete@replaced-ip) (Remote host closed the connection)
946[13:13:13] <ratrace> I mean, it follows from the nature of
"Stable" (API/ABI stable) that new features aren't
introduced, with some exceptions, but I was wondering if you had
something specific in mind here
947[13:13:52] <Lope> ratrace, oxek: what were you guys referring
to when you said your confidence in the security of the linux kernel
is diminished in 2020?
948[13:14:15] <oxek> ratrace: kernel and userland.
949[13:14:43] <oxek> specific for userland, for example new
security features are not backported to esr versions of firefox
950[13:14:54] <ratrace> Lope: linux (kernel) security is
terrible. pretty much the opinion of any researcher who bothered
looking
951[13:15:14] <oxek> software security is terrible
952[13:15:34] <ratrace> Lope: a lot of bugs, unlabelled bugs,
not backported, and terra-ton of new code coming in, with new bugs,
each release
954[13:15:45] <Lope> well, terrible should be a relative
adjective in that sentence, surely?
955[13:16:05] <Lope> I mean windows has been exploited many more
times than Linux?
956[13:16:16] <ratrace> and kernel itself has little
security-specific features because Linus thinks infosec people are
"masturbating monkeys". so in that part, grsec/pax is
telling the truth.
957[13:16:21] <Lope> (times meaning number of distinct exploits)
961[13:16:37] <oxek> Lope: linux & windows are pretty much
on par in terms of kernel security
962[13:16:48] <ratrace> Lope: there's no way to know that
as windows is not open for audit and a public CVE list
963[13:16:50] <oxek> most security issues in windows are not due
to the windows kernel
964[13:17:16] <oxek> ratrace: we do know however which files get
patched in windows security updates, and see that those patches
rarely update kernel files
965[13:17:46] <ratrace> oxek: you also don't see the ones
they sit on using obscurity as a shield
966[13:17:53] <oxek> it's always some windows service
whenever it is a big security bug in windows, it's not the
kernel
967[13:18:03] <Lope> interesting. well one aspect of linux
kernel's philosophy which seems harmful to security is the idea
that it must be infinitely backwards compatible.
968[13:18:04] <ratrace> but anyway, window security definitely
improved with w10.
969[13:18:08] <oiaohm> oxek: it is not as straight forwards as
that.
970[13:18:19] <Lope> So software compiled to work on a 2.6
kernel must work on a 5.x kernel.
971[13:18:29] <oxek> Lope: I think you mean windows. Windows is
infinitely backwards compatible.
972[13:18:35] <Ede|Popede> oxek: or they'll just don't
tell you when it is the kernel
973[13:18:39] <Lope> But that seems retarded since 99.9% of
linux software is open source and in repositories etc.
974[13:18:56] <ratrace> oxek: they mean "never break
userspace" mantra of kernel devs
975[13:19:13] <oiaohm> oxek: there are a lot of thing that fixed
kernel level in Linux that windows fixed in windows API alterations
this leads to a race of user space patches over and over again.
976[13:19:17] <oxek> never break userspace != forever backwards
compatible
977[13:19:21] <Lope> surely if they broke backwards
compatibility and made it optional to choose what drivers you want
to compile, you could have a much smaller more secure kernel?
978[13:19:27] <ratrace> they're about to break it in 5.10
tho :) Avid fan of console scrollback? Prepare to get shocked!
979[13:19:43] <oxek> wait what's going on with console
scrollback?
980[13:19:45] <Lope> also a smaller kernel would fit better into
CPU cache so it would be faster as well.
981[13:19:53] <ratrace> oxek: technically true, but since
there's no formal specification of the userland, it kinda comes
out to that perpetual compatibility
982[13:19:53] <oiaohm> ratrace: console scrollback had a
security flaw and no maintiner.
983[13:20:17] <ratrace> and now it's going away.
984[13:20:21] <oiaohm> ratrace: if you want to be the maintainer
Linus has put it up for offer.
985[13:20:37] <ratrace> no, I don't care about it. just
giving a userspace breaking example.
986[13:20:38] *** Quits: r1nt3c (~r1nt3c@replaced-ip) (Remote host closed the connection)
987[13:21:13] <oiaohm> ratrace: that not absolutely userspace
breaking thinking screen/xterm.... can emulate it with userspace
stuff.
988[13:21:21] <oxek> I'm gonna miss console scrollback
989[13:21:35] <oiaohm> Most of the time I am not going to miss
it.
1024[13:26:15] <ratrace> and if GKH backports it, then the next
question is will Debian patch it back IN!
1025[13:26:51] <Lope> oiaohm, well one can jump through hoops to
install anything, but that's not the point.
1026[13:26:58] <oxek> to be fair, I don't expect linus and
other people around him to stay in charge of the kernel for long.
Probably gone by the end of 2020, and someone new will step up.
Perhaps even the license will change to gpl3, or gpl4 will be
invented.
1041[13:30:30] <ratrace> oxek: no I mean the commend about linus
and friends leaving the kernel by the end of 2020
1042[13:30:57] <oxek> ratrace: he and people around him make
others feel uncomfortable, and that's not allowed anymore in
2020
1043[13:31:22] <oxek> they are one false sexual misconduct
allegation away from being gone
1044[13:31:27] <ratrace> he ain't going anywhere
1045[13:32:08] <oxek> I'd prefer him to stay too, but
it's not up to me
1046[13:33:46] <ratrace> if, hypothetically, that happened,
it'd just be another fork. business as usual.
1047[13:34:08] <aaro> oxek: in what source do you base for that
info?
1048[13:34:40] <ratrace> it's literally impossible to remove
linux from the kernel. it's _maybe_ possible to remove him from
a specific _repository_ but so what. foss power. just use the repo
which he will put up elsewhere. duh.
1049[13:34:47] <ratrace> to remove *Linus from the kernel
1050[13:35:44] <ratrace> if that happened.... the computing
history will see schism like never before. and all the good stuff
will go opposite the SJW
1051[13:36:15] <oxek> ratrace: what about the head of FSF being
removed? that happened.
1052[13:36:51] <ratrace> the head of FSF did not directly control
the most used single piece of software in the world
1053[13:37:33] <Ede|Popede> wouldn't this be IME these days?
1054[13:37:35] <ratrace> and removal of RMS from FSF did not
remove RMS from spearheading development of software he was on even
before.
1055[13:37:43] <oxek> aaro: which info are you looking for? That
linus makes SJWs uncomfortable?
1056[13:37:55] <oiaohm> oxek: RMS case is is way different to
Linus. Linus is only a head of a development project. FSF board you
are technically head of a company.
1057[13:38:41] <aaro> oxek: you said linus is being removed from
kernel development, that info
1058[13:38:53] <oiaohm> Linus did have to improve his language
particularly if he wished to keep on visiting Australia and other
places with strict rules against verbal/written abuse.
1059[13:38:53] <ratrace> ALSo..... FSF is a joke. so no biggie.
1060[13:39:46] <oxek> oiaohm: isn't the linux foundation
related to linus?
1061[13:40:18] <oxek> aaro: I did not say that. I said I would
not be surprised if he was removed by the end of the year.
1062[13:40:41] <ratrace> removed from _what_ exactly?
1063[13:40:45] <ratrace> the mailing list?
1064[13:40:49] <oiaohm> oxek: Linux foundation pays Linus wages
but Linus himself is not on the board. Linus is techiclaly not in
any human resources position
1065[13:41:05] <oiaohm> That right Linus technically does not
manage staff.
1066[13:41:33] <oiaohm> Once you start managing staff on paper
you have a lot more legal requirements about fair treatment and
other things.
1068[13:41:42] <oxek> ratrace: removed = everyone cuts all ties
with him, linux kernel development becoming controlled by someone
else, him no longer reviewing patches or having anything to do with
linux anymore
1085[13:46:39] <oiaohm> oxek: Person in a project management role
proven to have done rape does not give the boss legal right to
remove him from position. It would in fact be illegal to remove
Linus from his current position with a false or real sexual
misconduct allegation.
1086[13:47:07] <oiaohm> Linus legal position is very different
since he is techically not in any human resources role.
1087[13:47:56] * abrotman wonders what he's wandered into ...
1088[13:47:58] <oiaohm> Yes the were able to push RMS out of FSF
board but they could not push RMS off of any GNU project he directly
managers either.
1089[13:48:08] *** Joins: chris (~chris@replaced-ip)
1090[13:48:27] *** chris is now known as Guest57112
1091[13:48:48] <oiaohm> oxek: basically there are limits on what
can and cannot be done. You get real management power over humans
you come way more simple to fire.
1092[13:49:11] *** Quits: Zarickan (~frederik@replaced-ip) (Quit: Lost terminal)
1094[13:49:44] <oiaohm> Fun way to get rid of someone who is
badly behaved in a company promote them to a roll with real
management power then kick them when they carry on with their past
miss behavour.
1096[13:50:29] <oxek> "we fully accept the presumption of
innocence, and to allow cooler heads to prevail we have taken
control of all domains and repositories, appointed a new team to
review patches, and all has been signed off by our corporate
sponsors and large contributors while the investigation is
ongoing"
1097[13:51:17] <oxek> nobody wants there to be two separate linux
kernels, hence everyone would get on board this new team
1142[14:19:30] <Lope> linus should just make a youtube video of
himself standing at his standing desk wearing a kilt and all false
sexual misconduct allegations will go to /dev/null.
1143[14:20:50] <Lope> anyone here good with wireguard?
1144[14:21:14] <Lope> i tried connecting to a wireguard VPN but
it's a totally foreign situation.
1145[14:21:26] <Lope> the routing table doesn't seem to get
updated.
1146[14:21:53] <Lope> Openvpn I can understand, but no idea WTF
is going on with wireguard. Basically once it's up, no traffic
can go anywhere and I don't know WTF is going on.
1148[14:26:18] <Lope> ratrace, you badly quoted Linus when you
said <ratrace> and kernel itself has little security-specific
features because Linus thinks infosec people are "masturbating
monkeys"
1149[14:26:27] <Lope> this is what he actually said
replaced-url
1150[14:26:56] <Lope> which I don't think anybody can
disagree with any of his assertions other than the arbitrary insult.
1154[14:30:28] <ratrace> Lope: but that's not the only
commentary of his on the subject. the whole "security bugs are
just bugs" stance and not labelling a lot of them is the
biggest issue
1155[14:31:00] <ratrace> and then their argument is, like, why
would you need specific labels, you should be using latest updates
anyway
1156[14:31:17] <ratrace> that's GKH's but... in
extension of Linus'
1159[14:36:47] <Lope> ratrace, I think you're
misinterpreting what Linus meant. He explained his sentiment with an
example. He said a security bug isn't more important than a bug
that makes a system crash.
1160[14:37:09] <Lope> So you're extrapolating that to mean
that he's saying a security bug isn't more important than
a trivial bug, but that's not what he said.
1161[14:37:25] <ratrace> I'm not . the oss-sec mailing list
community has been complaining that many bugs aren't labelled
with a CVE
1162[14:37:36] <Lope> He's saying a security bug is as
important as a crash bug.
1163[14:37:40] <ratrace> and GKH addressed that with a tl;dr --
use latest kernel
1164[14:37:55] <Lope> what's GKH?
1165[14:38:01] <Lope> oh yeah, I remember
1166[14:38:03] <Lope> hartman
1167[14:38:10] <ratrace> Greg Kroah Hartman, the lieutenant
1168[14:38:27] <tds> Lope: there's #wireguard for wg - but
otherwise, a pastebin of the output of `wg; ip route; ip rule; ip
route show table all` would be a good start
1237[15:06:39] <Lope> oxek, and enterprise doesn't care
about security?
1238[15:06:39] <oxek> that's what I thought, debian9 is
already in LTS mode only
1239[15:07:01] <oxek> Lope: security focused = qubes, whonix,
etc.
1240[15:07:03] <Lope> cipherize, yeah, so I guess after that it
could die.
1241[15:07:26] <Lope> oxek, okay, fair enough.
1242[15:07:27] <cipherize> Lope: That or they've been
working on getting the RHEL 7 kernel ready.
1243[15:07:46] <oxek> enterprise focused = making it useable in
enterprise, so security is often at odds with useability
1244[15:07:50] <Lope> cipherize, hard to say. But there must be
millions of openvz containers running still.
1245[15:07:58] <cipherize> oxek: That's not really a useful
comparison. End-user security obsessed is a completely different
beast than an enterprise distro.
1246[15:08:21] <cipherize> Security is absolutely a focus for
RHEL.
1247[15:08:41] <oxek> I'd say consistency of behavior is a
focus for RHEL
1257[15:09:28] <cipherize> Statements based on faulty premises
are themselves faulty.
1258[15:09:40] <Lope> cipherize, okay, well I agree with you.
1259[15:09:55] <Lope> I said RH is security focused, not security
obsessed.
1260[15:10:10] <oxek> RHEL still doesn't have all the newest
fixes for meltdown/spectre because it is not feasible to backport
them to the earliest supported kernels
1261[15:10:11] <Lope> that would be a clearer definition.
1262[15:10:15] <oxek> hence, not security focused
1263[15:10:28] <Lope> cos you could say whonix and qubes is
security obsessed.
1265[15:11:44] <Lope> speaking of meltdown/spectre... interesting
that Intel slows down dramatically with mitigations enabled in
windows, but AMD gets faster with latest CPU microcode (includes a
few spectre mitigations for AMD)
1267[15:11:55] <cipherize> oxek: You're trying to apply an
arbitrary and shifting definition to what "security
focused" means. Shipping a distro with SElinux enforcing by
default, native integration with deployable security profiles and
shipping STIG-compliant profiles, definitely indicates that
you're dead wrong.
1269[15:12:30] <cipherize> oxek: That is DEFINITELY security
focused. That's why DoD uses RHEL and not some other product.
And I'd know, I used to run a DoD datacenter.
1270[15:12:44] <Lope> deep.
1271[15:13:17] <Lope> if cipherize made a mistake he would have
been exhiled.
1272[15:13:20] <oxek> I stand by my earlier statement that they
are an enterprise-focused distro, where security is important to
them, however security is often at odds with useability and they
always go with being useable rather than secure when they need to
make a choice between those two.
1273[15:13:32] <cipherize> oxek: Applying EVERY SECURITY FIX EVER
isn't a reasonable action, even in the security world. You know
that, right?
1274[15:13:37] <Lope> cipherize, you could move in with edward.
1275[15:14:19] <cipherize> oxek: Apply a security fix because it
exists and crashing everything means you've just sacrificed
availability in order to say "yes, its patched." You just
ruined your own security posture.
1276[15:14:31] <oxek> DoD is hardly a good example of security
done right
1277[15:14:42] <oxek> no government agency is
1278[15:14:42] <cipherize> oxek: You'd be surprised, on the
infrastructure side.
1279[15:15:04] <Lope> cipherize, you don't like my jokes?
1280[15:15:11] <cipherize> oxek: National security/intelligence
is a whole different world.
1281[15:15:12] * n4dir heads over to ams and loads the noise module ...
1282[15:15:24] <cipherize> Lope: I didn't really get them.
o.o Sorry.
1283[15:15:40] <Lope> all good
1284[15:15:51] <Hallcyon> Is debian down still?
1285[15:15:54] <cipherize> oxek: So, yeah. Your arguments are
crap, here. Sorry.
1288[15:16:10] <cipherize> Hallcyon: Down for me, yes.
1289[15:16:15] <Hallcyon> :/
1290[15:16:24] <Hallcyon> I guess I'll move to Ubuntu
1291[15:16:40] <oxek> cipherize: one sysadmin can copy all sorts
of data an exfiltrate it, and their response to that is a change in
internal policy instead of technological improvements
1292[15:17:18] <cipherize> oxek: Another lesson from Security
101: Technical controls will NEVER provide full coverage. If a
change in policy fixes the issue, then fine.
1293[15:17:31] <abrotman> perhaps you'd like to use
#debian-offtopic
1294[15:17:32] <cipherize> oxek: If technical controls solved all
problems, we wouldn't need policies.
1295[15:17:35] <cipherize> abrotman: Fair.
1296[15:17:37] <oxek> they've been warned about those things
for decades, but they never cared, thinking it's not gonna
happen. And when it happened, they still didn't listen to us.
1302[15:20:10] <Lope> ratrace, I'll move my browser to
ubuntu to reduce fingerprinting... does that count? :)
1303[15:20:14] <oxek> Hallcyon: p.d.n is not an official debian
'product'. There are many other pastebins you could use,
including ubuntu pastebin. Hopefully you did not mean you're
switching an operating system because a 3rd party pastebin is down.
1307[15:21:51] <ratrace> Lope: don't forget to disable motd
and other spyware first :)
1308[15:21:59] <Hallcyon> oxek Unfortunately as much as I love
debian for its stability, the community pastebin is fundamental to
my workflow and thus with a heavy heart I must move.
1311[15:22:25] <oxek> ubuntu was on the verge of greatness,
almost capable to overtake the entire linux ecosystem, right before
they came out with Unity and focus on combining small phone screens
with huge desktop monitors.
1312[15:22:38] <Lope> ratrace, thanks for the reminder. I'll
do a ubuntu cleansing deep-dive.
1313[15:22:47] <Hallcyon> Any pastebin recommendations? Ubuntu
annoys me as requires signing in or username plus sign in for plain
text
1314[15:22:49] <n4dir> Hallcyon: you can't use a different
pastepage?
1315[15:23:01] <oxek> Hallcyon: what sort of features do you need
from a pastebin? termbin.com or 0x0.net
1316[15:23:04] <ratrace> Hallcyon: bpaste.net and dpaste.de are
my favorites
1317[15:23:13] <oxek> I mean 0x0.st
1318[15:23:34] <ratrace> termbin.com is nice when I need to pipe
output instead of feeding it copypasta
1319[15:23:35] <Lope> oxek, it was a good idea, but they just
failed. Not all projects succeed.
1344[15:28:24] <dpkg> somebody said nih was "Not Invented
Here" - a syndrome often suffered by developers and companies
who tend to reinvent the wheel for no reason other than being able
to put their name on it.
1360[15:32:20] <Lope> I heard snaps is a similar thing.
1361[15:32:48] <Lope> I read it's going to be a closed
source armageddon
1362[15:32:51] *** Quits: nickodd (~nickodd@replaced-ip) (Remote host closed the connection)
1363[15:33:28] <ratrace> Lope: if by that you mean it'll
allow vendors to package up their proprietary applications for
easier delivery into linux? yes. is that bad? no.
1364[15:34:02] <ratrace> same can happen with flatpaks, appimg,
docker, rocket, podman, ......
1367[15:34:33] <Lope> yeah, but with snaps it'll likely be
controlled by ubuntu.
1368[15:34:41] <Lope> (apparently)
1369[15:34:45] <ratrace> "controlled"
1370[15:34:48] <Lope> The next apple app store.
1371[15:34:55] <Lope> 30% commission baby
1372[15:34:57] <ratrace> Canonical wants the opposite, ZERO
involvement and maintainership
1373[15:35:22] <ratrace> whole reason they're pushing snaps
is to maximize deliverability while minimizing (their)
maintainership effort.
1374[15:35:23] <Lope> Oh, alright. I don't care enough to
really know anything about it.
1375[15:36:26] <oxek> the problem with ubuntu is the same as with
google or mozilla - you never know when they are going to drop the
product you're using
1385[15:40:41] <ratrace> see this Pinta issue someone mentioned.
Debian can't package it for policy reasons. so you can install
a premade container with it (assuming it's from the trusted
vendor). win-win.
1392[15:42:05] <ratrace> the only problem I have with snapstore
is that it allows anyone to upload anything, so you must be careful
and check that a snap is coming from its developers in an official
capacity.
1393[15:43:02] <oxek> that's why I prefer flathub. Check a
single yaml or json file, and it shows you where it gets its
sources.
1427[15:50:17] <oxek> the page is on github pages, and whoever
has access to it is making those changes
replaced-url
1428[15:50:43] <Lope> ratrace, so what do you think?
1429[15:50:49] <oxek> if the dev said something like
"Android x86 is used on many casino slot machines, hence the
casinos are providing financial support" then it would be ok
1430[15:50:53] <oxek> but no communication from dev about it
1431[15:51:09] <oxek> but it is so many casinos, from so many
places
1433[15:51:24] <Lope> You know I once had a small software
project... and tried to make money with it by doing affiliate
advertising. But affiliates didn't pay me a cent after
thousands of hits for months.
1434[15:51:26] <oxek> and most opensource projects get hardly any
sponsorship anyway
1435[15:51:30] <oxek> so it is all fishy
1436[15:51:58] <Lope> So I tried everything. I even tried putting
adultfriendfinder on the site. Didn't make shitall money.
Eventually I stopped bothering to pay for the hosting and took the
software project down.
1437[15:52:21] *** Quits: Twemlow (~igloo@replaced-ip) (Quit: Twemlow has now left the arena!)
1438[15:52:27] <Lope> So it's possible that the legitemate
devs have put casinos etc to make some money. I wouldn't blame
them for trying it.
1439[15:52:31] <ratrace> Lope: just sold off for link placement
1440[15:52:56] <oxek> in any case, it does not make me confident
about using android-x86
1441[15:53:11] <oxek> the lack of communication about it is the
worst part
1442[15:53:21] <Lope> oxek, I wouldn't say it's
"fishy" because the casinos will list on anybody's
site.
1443[15:53:53] <oxek> Lope: it's done by someone with access
to the devs github account, based on that commit I linked
1444[15:54:02] <oxek> it's not a simple advertisement space
1445[15:54:13] <oxek> and there are no affiliate links there
either
1446[15:54:24] <oxek> it's pure url addresses of casinos and
other questionable places
1447[15:54:32] <Lope> oxek, yeah. It could be the main dev
who's trying to monetize the site?
1448[15:54:51] <oxek> how would you monetize the site without any
tags on those links?
1450[15:54:58] <ratrace> there are multiple contributor to the
project. if nobody complained... they're either stupid
(associating their names with a project that's hacked) or
approving of the changes.
1451[15:55:20] <Lope> oxek, I tried to search DDG about
"android-x86 hacked" etc and couldn't find any news
articles about it.
1452[15:55:21] <oxek> or nobody actually checks the homepage and
the repo that controls the homepage
1453[15:56:35] <oxek> I mean, the page has "Luxury fake
rolex for sale under $50, the best replica rolex watches."
1454[15:56:50] <oxek> that certainly breaks at least some law
somewhere
1455[15:57:13] <oxek> I wouldn't want to use a project that
is essentially an operating system when it advertises such stuff
1456[15:58:27] <Lope> oxek, I think the lead dev is a chinese
dude.
1457[15:58:59] <Lope> In china the culture of caring about brand
copyright etc is not so popular.
1458[15:59:18] <ratrace> well..... anbox is packaged in Buster,
so..... just use that
1459[15:59:26] <Lope> I'm not making excuses for the
morality of it. Just saying that it's not proof that it's
been hacked.
1461[15:59:57] <Lope> ratrace, cool, never heard of it. Will have
a look thanks.
1462[16:00:13] <ratrace> Lope: eh, it's only most popular
tool :)
1463[16:00:33] <Lope> ratrace, I always thought that android-x86
was the go-to.
1464[16:00:53] <oxek> Lope: doesn't change how I feel about
it. How would you feel if debian homepage had such a huge sponsors
section with same links like android-x86 with no communication about
it?
1465[16:01:32] <oxek> would you think everything is ok and go
about your business downloading ISOs and using them to install your
operating system?
1466[16:01:36] <Lope> well, different because debian is not a
tiny project.
1467[16:01:47] <Lope> android-x86 has always been a tiny team.
1468[16:02:16] <oxek> debian unfortunately is a tiny project.
800k USD donations last year? That does not even pay for 10 devs
salary working fulltime.
1469[16:02:17] <Lope> I'm not saying I'm comfortable
using android-x86, no. All I'm saying is nothing you've
said is proof that it's been hacked.
1470[16:03:43] <joepublic> Not a good sign, though
1472[16:05:58] <Lope> Like I'm a pretty normal guy. I would
never think of getting involved in porn business or whatever. But
when I had a software site and couldn't monetize it with
anything available, I said "fuckit" and as a hail mary I
put adultfriendfinder on it to see if it would make money with the
10k hits per month it was getting. (as an experiment that I
wasn't entirely comfortable with, but did it more as a
tech/making-money-online experiment) But it made no money so I
1473[16:05:58] <Lope> just shut it down cos didn't want to
waste money on hosting. This was like 20 years ago.
1474[16:07:01] <Lope> So all I'm saying is don't jump
to the worst conclusions cos you see casinos and whatever else on a
tiny software project's site. Sometimes people need to make
money with a project or the project dies.
1475[16:07:05] <alex11> well this is an interesting discussion to
wake up to
1489[16:12:25] <ratrace> not talking about 20 years ago and a
single link to adultfinder, but about a page with dozens of links to
pron and casions and shady stuff
1494[16:18:42] <oxek> Lope: true, you only ever get a
confirmation that a site has been hacked once the site owners admit
to it. But for me I err on the side of caution and when something
looks hacked, I consider it hacked - and none of the devs responded
to emails about it in months.
1495[16:19:24] *** Quits: el_tabo (~Parker@replaced-ip) (Remote host closed the connection)
1501[16:21:40] <Lope> oxek, I didn't know that anbox
existed. Did you? If so, why were you interested in android-x86 over
anbox?
1502[16:21:40] <oxek> no reply does not mean confirmation of
anything though
1503[16:22:04] <Lope> I've installed anbox on an eee laptop
before. it was more of a gimmick than anything else.
1504[16:22:14] <oxek> Lope: I wanted to try anbox but it required
a newer CPU with some special feature than I had back then, so I
came across android-x86
1505[16:22:22] <oxek> anbox should work though in theory
1563[17:09:47] <cockroach> I recently installed Debian on an
older Macbook and it worked just great. Unfortunately I had to redo
the partitions afterwards and re-install grub, now I'm getting
some grub errors before it (successfully) boots and I think it takes
a bit longer. the errors are "error: no such device ",
followed by my /boot partitions UUID, and "error: no server is
specified" which sounds a bit like it's trying to boot
1605[17:30:56] <diogenes_> maybe it's related to that but
luks lvm, xfs is still terra incognita for me.
1606[17:32:19] <cockroach> it's a scary but fun combination.
also, on other machines it works just fine, but of course I'm
not using UEFI anywhere else...
1615[17:47:41] <oxek> cockroach: are you on debian stable or
testing? That config has syntax that looks like testing.
1616[17:48:10] <cockroach> oxek: stable (buster), according to my
sources.list
1617[17:48:53] <oxek> hmm. I did a diff of your config and mine,
and it looks almost identical except for insmod xfs vs insmod ext2
on my part, and the UUID parts
1618[17:48:57] <oxek> and a few other meaningless ones
1619[17:49:09] <oxek> so there's nothing immediatelly wrong
with it
1620[17:50:11] <cockroach> thanks for checking
1621[17:50:39] <cockroach> could it be that my manual
"grub-install" was different from what the debian
installer did?
1622[17:51:41] <cockroach> i.e. that the problem lies with the
way grub was installed to the disk rather than the config file?
1647[17:59:55] <cockroach> to the device, I used
'grub-install /dev/sda'
1648[18:00:05] <cockroach> hmm
1649[18:00:28] <banana34> fruits, especially bananas, are great
1650[18:00:41] <oxek> that command looks incomplete
1651[18:01:24] <cockroach> if I installed it to the partition,
then some other bootloader would have to be installed to the device,
right? can't say I fully get how UEFI works...
1662[18:12:47] <rokra> Hello, just did an upgrade of a debian OVH
VPS and now I m stukc to start Maria service due to the kernel
3.2.0-4-amd64 instead of booting on new one installed
linux-image-4.9.0-13-amd64, how to force it to restart on new kernel
?
1669[18:17:53] <towo`> rokra, maybe your vps is running on a host
kernel, not a guest one
1670[18:18:22] <tete_> hi, i'd like to create a cronjob that
gets executed after a reboot and print me some infos. i tried with:
@reboot /usr/bin/sleep 3 && wall "hello world"
1671[18:18:27] <tete_> but nothing happens after a reboot and
login as root
1734[19:06:14] <nvz> tete_: as root try this command
1735[19:06:22] <nvz> echo "hello" > /dev/tty1
1736[19:06:28] <nvz> and then press ctrl+alt+f1
1737[19:06:42] <nvz> and be amazed :P
1738[19:07:49] <nvz> the virtual consoles are files that can be
read and written to just like anything else. In linux most
everything is exposed to the filesystem
1776[19:32:47] <tete_> nvz, i have a script that adds a cronjob
with a @reboot, this script which is executed after the reboot does
some stuff and i want to inform anyone that sits at the terminal to
show whats going on
1777[19:33:30] <nvz> tete_: then, yes, what I just told you will
work.. it just has to be done as a user with permissions to access
/dev/tty1
1778[19:33:44] <nvz> but its less than ideal was just a proof of
concept
1779[19:33:54] <tete_> and for me, it looks like as if this
script is working even tho i am not logged in as root because the
files i create are generated but that "wall" does not show
anything, so i assume this job is executed but wall does nothing
because no one is logged in
1797[19:37:31] <nvz> I can't imagine what you're
actually doing, but it doesn't seem to make any sense.. you
shouldn't need to inform anyone not logged in of anything
1798[19:37:50] <tete_> this is for testing purposes of my
university
1799[19:38:22] <nvz> you should probably be writing to the motd
so they see it WHEN they login
1800[19:39:01] *** debhelper sets mode: +l 1143
1801[19:39:22] <nvz> tete_: but fwiw the non-login version of
motd is called issue
1818[19:41:55] <nvz> well look, I'm done with this issue,
you can ask someone else or you can write your own operating system
1819[19:42:00] <nvz> I'm telling you how things work :P
1820[19:42:04] <tete_> omg
1821[19:42:49] <nvz> yes omg is right.. you're being obtuse
about wanting to do something but not accepting the ways its
possible to do it
1822[19:42:58] <nvz> you want to use wall? rewrite it
1823[19:43:04] <nvz> thats not how it works
1824[19:43:14] <tete_> i did not say i am forced to use wall
1825[19:43:16] <nvz> you want a message before login, put it in
the damn /etc/issue file
1826[19:43:22] <tete_> i thought that should work, it does not,
ok, so i need to find another solution
1827[19:43:24] <nvz> or write directly to the tty
1828[19:43:56] <tete_> <nvz> or write directly to the tty
<- i told you now at least 3 times that this did not work
1829[19:44:06] <tete_> but seems like you are unable to
understand my problem that this did not work
1830[19:44:29] <nvz> it DOES work
1831[19:44:35] <nvz> if you do it like I told you.. AS ROOT
1832[19:44:46] <nvz> if the script isnt or can't run as
root, then change permissions of the tty
1833[19:44:53] <nvz> which again, this is a bad idea
1834[19:44:57] <tete_> wow
1835[19:45:13] <tete_> but ... did you read that i can access
/root and write in there, which requires the script being run as
root or with root permissions?
1843[19:46:21] <nvz> I didnt just tell you this... I tested it
first.. I opened an exterm typed sudo su, then the command I gave
you and I went to tty1 and it was there.. I did this because a LOT
has changed since I done something this silly.. and I wanted to make
sure it still works
1844[19:46:56] <tete_> jep nvz it works, WHEN I AM LOGGED IN
1852[19:47:50] <tete_> after the reboot i did a "cat
/root/id" and thats the output
1853[19:47:53] <nvz> again, you have to be logged in to do
anything.. and I wasnt logged onto tty1 when I did it, I was logged
in to lightdm on tty7 when I did it
1854[19:48:06] <_Fremen_> Hello everyone
1855[19:48:09] <nvz> there is no such thing as doing something on
a linux system without being logged in
1856[19:48:15] <nvz> because that would be ridiculous
1857[19:48:30] <_Fremen_> I asked this on debian testing but did
not receive an answer, can you help me with this?
1858[19:48:42] <_Fremen_> I am using debian testing and started
to experience a weird issue lately, when I restart the computer, the
sound is gone and only way to fix it is disconnect sound cable (the
green one) and reconnect it. Does anyone now what could cause this?
1863[19:51:28] <mihi> tete_, so could you explain again what
exactly is not working? Keep in mind that with systemd, gettys are
started when you switch to the terminal the first time, and it will
clear the screen.
1864[19:51:54] <mihi> So when you do 'echo hi
>/dev/tty5', switch to tty5 and back, then 'echo ho
>/dev/tty5' you will only see ho and not hi
1865[19:52:38] *** Quits: j7k6 (~j7k6@replaced-ip) (Remote host closed the connection)
1867[19:52:55] <tete_> in the university we set up a virtualbox
with debian. this debian virtualbox is configured to use virtualbox
addons etc. - and it requires a reboot. our goal was to automate as
much as possible. so i log in as root, start the script and it does
some stuff e.g. configuring network, installing the virtualbox
addons. then i create a crontab with @reboot so my script can
continue and then i do that reboot.
1868[19:53:21] <mihi> and all that time, the virtual machine is
showing the login prompt on tty1?
1869[19:53:24] <tete_> after that reboot, i want to continue and
print some information. i dont care if i have to login or not, but i
need information printed. unfortunately, with wall it did not work
1903[20:03:00] <mihi> yeah. By the way, when you are at
university, you should learn about shell quoting rules at some
point. It hurts my eyes when quoting useless words...
1907[20:03:39] <tete_> so do i have to use some sleep? how do i
know when i can print that info?
1908[20:03:49] <mihi> in other words, »echo hi« will
do the same as »echo "hi"« or even
»e"ch"o h"i"«
1909[20:04:20] <tete_> i know but it makes it easier for me to
read... its like a function, echo("some string...");
1910[20:04:32] <mihi> my suggestion would be to change
/etc/issue, sleep a bit, then change /etc/issue back. Or if you want
to do it fancy wait until ps lists the getty process on tty1.
1911[20:05:01] <mihi> but if it is only some information after
reboot, sleep should probably suffice
1912[20:06:43] <tete_> is /dev/tty for all tty's? so a echo
"hi" > /dev/tty would be better because if someone
switched the tty then he also recognizes it
1913[20:07:30] <nvz> the issue with cron and sleep in this
context, and trying to write to the tty is that it assumes things
run synchronously and there can never be any variance in how it
happens
1915[20:07:59] <nvz> if you want something to appear on the
console prior to login but after the system is all up and running
you use systemd and the /etc/issue file
1916[20:08:15] <mihi> /dev/tty will appear on the controlling tty
of the process running it (so nowhere when run from cron).
/dev/console appears on whatever tty is currently visible
1917[20:08:25] <unborn> hi all, I have one stupid one.. before I
was able to put password to zip files but now I cannot.. what
package I am missing please?
1921[20:09:23] <mihi> you could also chvt to an unused tty (of
your configuration) and then immediately print your message. But
include information how to get back
1922[20:09:36] <nvz> really the only reason I can see they dont
wanna use /etc/issue is they want to show the output of a script in
realtime while its running on reboot without being logged in
1924[20:10:03] <tete_> it is "realtime", i do some
stuff and want to print some echoes
1925[20:10:23] <tete_> like "going to set up
network...", doing that, and then printing "done.",
then "setting up some fancy bash colors" ...
1926[20:10:37] <nvz> can't do anything bash, bash isnt
running
1927[20:10:37] <tete_> and at the end a shutdown
1928[20:10:48] <nvz> you're not logged in :P
1929[20:10:49] <b_jonas> hi. for some reason X is loading the
fbdev and vesa drivers, not the intel drivers, despite that the
xserver-xorg-video-intel package is installed
1930[20:11:03] <tete_> i mean modifiying the profile of root
1931[20:11:10] <tete_> of course i can not see the colors
1932[20:11:25] <tete_> but when its finished and i log in the
bash prompt should be different
1934[20:11:41] <tete_> thanks, guess thats enough information to
continue
1935[20:11:50] <b_jonas> why is that?
1936[20:12:30] <nvz> tete_: if you'd described all that to
begin with I'd have told you to ditch cron and basically
everything you're doing and use systemd
1937[20:12:41] <mihi> tete_, so probably the "correct
way" would be to do the second half in a systemd unit that
uninstalls itself. So it will run amids the other boot messages (if
they are not hidden).
1938[20:13:06] <nvz> tete_: what you need is to have whatever is
running the first time create a systemd unit.. because a systemd
unit can do the kind of thing you describe, its what does all the
stuff you see at boot anyhow
1939[20:13:28] <nvz> then you need to have it all tear itself
down obviously cause its a one-time thing
1940[20:13:32] <tete_> hm... the documentation from our teacher
says "cron"
1941[20:13:39] <tete_> not sure if i can use systemd
1942[20:13:48] <mihi> tete_, is that a homework assignment?
1943[20:13:51] <nvz> @.@
1944[20:14:12] <tete_> not really - this is even not homework,
well, its optional homework
1945[20:14:16] <mihi> lots of people don't mind helping with
that, but please state it upfront if it is.
1946[20:14:36] <tete_> my english is not the best so its hard for
me to tell what i mean ;)
1947[20:15:05] <tete_> the homework was to execute some scripts
and if we have some more time and interest, we can try to automate
as much as possible
1948[20:15:23] <mihi> if it is not homework but your own
learning, first thing to learn is to ditch everything in the
documentation of your teacher. :D
1949[20:15:54] <mihi> In my experience, they are either outdated
or overcomplicated, but never are the best way to do it
1950[20:16:47] <tete_> but with cron it works on devuan too :P
1952[20:17:33] <mihi> there are scripts in debian to do this
regardless of init system. For sysvinit you would have to drop some
script in /etc/rcS (I believe)
1953[20:17:37] <tete_> i'll take a look at systemd, maybe
thats even better and then i can show the cron stuff as alternative
and the better way with systemd
1954[20:17:54] <unborn> uh thanks all.. I found it.. it works in
terminal :)
1997[21:04:53] <sney> I'm using it in bullseye and tbh I
don't notice a practical difference between it and 6.1. there
was one weird behavior after a crash but otherwise it's still
the same ol libreoffice
2031[21:22:30] <tmroland> but its jsut a simplified command for
useradd
2032[21:22:32] <tmroland> script
2033[21:22:34] <tmroland> or something
2034[21:22:48] <tmroland> at the most basic level and universal
level its useradd/groupadd/usermod/groupmod
2035[21:23:19] <tomreyn> yes, but on debian people should prefer
adduser/addgroup, unless they know exactly how to use those
directly.
2036[21:23:32] <tmroland> depends on the user what they prefer i
guess
2037[21:23:40] <tmroland> adduser is more easy
2038[21:23:43] <tmroland> for sure
2039[21:24:05] <diverdude> hmm ok... its a command made for
python:3.8.3-alpine `addgroup -S app && adduser -S app -G
app` but i wanted to make a similar for debian slim-buster
2040[21:24:09] <tmroland> then again debian is a bit
unconventional in some means
2041[21:24:15] <tmroland> like with uname -v
2042[21:24:18] <tmroland> returning the real kernel version
2043[21:24:20] <tmroland> instead of uname -r
2044[21:24:39] <tmroland> yes, its python script
2045[21:24:44] <tmroland> like i guessed
2046[21:24:44] <jmcnaught> diverdude: add a system group:
"addgroup --system groupname" add a user to the group:
"adduser username groupname"
2125[23:00:39] <tmroland> the other way around actually, uname -v
would return exact kernel version
2126[23:00:44] <tmroland> while uname -r only major minor
2127[23:01:02] <cipherize> Okay. Show me the output of uname -v
and uname -r. Exactly.
2128[23:01:15] <tmroland> i dont have sid installed any longer,
but once i do i will
2129[23:01:20] <tmroland> last i had it was weeks ago
2130[23:01:24] <tmroland> and it held true
2131[23:01:28] <tmroland> i came here asking about it, because it
semt really weird
2132[23:01:33] <tmroland> and one guy here said thats how it is
2133[23:01:41] <tmroland> and another guy said he didnt even know
2134[23:02:10] <tmroland> on any other distro uname -r returns
exact kernel version and uname -v only returns build date
2135[23:02:50] <tmroland> when i asked why its different on
debian, guy said i mustve been not using debian in the last 2
decades if i didnt notice that difference
2136[23:03:04] <tmroland> after, another one said he didnt notice
it either
2137[23:03:43] <cipherize> I'm going to prove a point, here.
Give me a moment.
2139[23:05:25] <cipherize> The content of uname -r and uname -v
are to some extent determined by the distro, but they all report
similar information, even if the format is different.
2145[23:08:20] <cipherize> uname -r is generally the package
version ("release"), and uname -v is build information.
2146[23:09:06] <cipherize> Distros without versioned packages
(e.g. Arch) won't need to reflect version data in uname -v, as
its already presented in uname -r.
2151[23:11:34] <cipherize> The fact that different information is
presented in uname -r/v on Debian is probably a consequence of how
packages and versions are managed by apt. Any distro using apt
probably presents data that way. Most other distros that I know of
reflect true versions in package names.
2180[23:28:21] <cipherize> tmroland: Sounds like you're
making mountains out of molehills, frankly.
2181[23:28:47] <tmroland> just explaining concretely what i meant
2182[23:28:52] <tmroland> to finish the subject
2183[23:29:01] *** debhelper sets mode: +l 1130
2184[23:29:09] <joepublic> Good non-debian-specific thing to know
is that uname responses vary among operating systems, and it's
a great idea to check uname -a
2185[23:29:24] <tmroland> not bothered by that difference
honestly
2186[23:29:45] <tmroland> its as good a distro as ever