this is #debianan IRC-Channel at freenode
(freenode IRC service closed
2021-06-01)
0[00:01:07] <hop> growing the first primary partition,
shrinking the second one and all live with several domUs running
without interruption, though… that's alchemy (:
3[00:03:01] <tete_> hi, i am facing a problem with my mail
server. no mails are going through. so i checked the log and it
says: Oct 23 00:02:15 server postfix/smtp[3341]: 54FE55FA51:
to=<me@xxx.de>, relay=none, delay=0.14, delays=0.12/0.02/0/0,
dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024:
Connection refused)
4[00:03:09] <tete_> but amavis is listening on localhost:10024
16[00:05:45] <Mazhive> can somebody explain me why i cant print
pdf with cups i tried tons of permissions on the cups PDF folder but
still cant get it to work...
17[00:05:55] <tete_> so netstat -alpn | grep 10024 should print
2 results? or only the ipv6 one?
18[00:06:12] <Dagger> if it was listening on :: then the socket
would be able to accept v4 connections too, but only sockets
listening on :: get that feature, not ::1
19[00:06:14] <tete_> because i had this once that it only
printed the ipv6 one (iirc it was apache) but it was listening on
ipv4 and ipv6
28[00:09:35] <tete_> mails go through again, thanks
29[00:10:05] <tete_> another question: when i send an email
from me2@xxx.de to me@xxx.de with
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
content, it should get rejected/deleted by amavisd shouldnt it?
55[00:13:33] <sney> tete_: that sounds like amavis isn't
running it through the clamd (or whatever av daemon you're
using) process
56[00:15:04] *** Quits: astronavt (~astronavt@replaced-ip) (Remote host closed the connection)
57[00:15:12] <sney> maybe you are filtering the messages within
mynetworks less? e.g. from foo@mydomain.com to bar@mydomain.com
instead of testing from elsewhere
59[00:16:34] <tete_> hm no it must then be a problem in amavis
config, because i see in the log that the message went through
amavis but was not blocked
123[01:02:10] <sney> whenever you're hosting something on
the public internet, always be ready to blame dns for your problems.
I'm not familiar with dnsblog specifically, but everyone knows
what "lookup error, host not found" means
131[01:07:34] <sney> if dns isn't the problem then
it's one of your other rejects. comment them out one by one,
keep testing, figure out which one it is.
132[01:07:57] <sney> I don't have a prod email server
anymore so I can't check a working configuration, but I will
tell you that it's easy to be too restrictive.
226[03:06:49] <sney> c-c: I looked it up, and apparently
it's a security tool, but the installation nstructions tell you
to pipe curl to bash >_<
227[03:07:25] <sney> anything that targets linux in general, or
ubuntu/parrot/kali etc will also broadly apply to debian. but this
looks like it's probably dumb, anyway. if you want to harden
your system, define a threat model and be specific
228[03:08:39] <sponix> wyoung: well, it was a continuation from
a prior user/conversation between dka a user and I
229[03:08:56] <wyoung> Ah, OK
230[03:09:45] <sponix> wyoung: this user had a broken kernel 5.8
from backports issue -- I just looked at their ixni report again and
noticed now that it is most likely because they had sources from
Buster Sid Ubuntu Xenial and others all mixed in
231[03:09:58] <sponix> no wonder it broke
232[03:10:09] <wyoung> :S Start from scratch IMO
233[03:10:23] <wyoung> Are there many services and user data in
it?
234[03:10:30] <jim> hi, could someone help me locate an unsigned
version of 5.4 kernel, in snapshot.debian.org?
235[03:10:34] <wyoung> Or have you mounted them outside of it
236[03:10:51] <sponix> wyoung: pretty sure they ended up doing
that. But we attempted to help them for "hours" and missed
that it was a "Franken Debian" problem
245[03:14:08] <wyoung> jim: I wish I knew the answer to your
question. You have helped me out alot in the past.
246[03:14:10] <jim> I'm aware... but it's on snapshot,
but I can't find the images... also, could someone explain this
logic to me: in order that I could be able to build v4l2loopback
(which is 5.4 or under), in order to install the kernel headers, I
also need to install the kernel images?
247[03:14:46] <jim> is there any way to search that site?
248[03:15:06] <jim> that might allow me to search it myself :)
249[03:15:07] <sney> jim: well, if you're building a kernel
module to use, you will also need to use the matching kernel
250[03:15:19] <sney> the snapshot.debian.org front page has at
least 2 search boxes iirc
252[03:16:09] <jim> and that's what I want to do, but
it's asking me to install -all- of the images, plain, cloud,
somethign else, and the unsigned version
253[03:16:37] <sponix> jim: I can find 5.4 -- but not unsigned
for some reason
254[03:16:49] <jim> same here
255[03:16:49] <sney> you are probably misinterpreting the
output, at least a couple of those are likely metapackages
281[03:27:42] <tuxbts> I mean i need some assistance, if anyone
can help
282[03:28:15] <jim> seriously... you might get a different
result if you ask the original question (also, throw in as many
informative details as you know)
283[03:28:31] <sponix> tuxbts: you might just want to state your
issue(s) as descriptively as possible
284[03:29:59] <tuxbts> I did a fresh debian 10.6 install on my
laptop after logging in on home screen as I do anything, even a
click or app menu or open terminal, It starts to beep very loud
285[03:30:35] <tuxbts> and the system becomes completely
inoperable
286[03:31:02] <tuxbts> then i have to force shutdown
287[03:31:31] <jim> and its midnite and folks are asleep? so don
wan no beep?
288[03:31:37] <sponix> sney: I can't remember does the
Debian install image double as a Live session ?
289[03:31:39] <tuxbts> it seems to be a very rare issue as i
couldn't find anything related to it on any forum
290[03:32:32] <jim> sponix, some images (the multi gb ones) do,
but there are small ones that just have an installer
342[04:00:40] <tuxbts> @sponix: i did the same thing almost an
year ago, but faced same thing so moved to ubuntu
343[04:01:31] <sponix> tuxbts: if Debian for some reason will
just not work out. I can't help but recommend giving "MX
Linux" a try (vs Ubuntu or others)
344[04:02:45] <tuxbts> mxlinux is mostly for xfce face i guess,
and m more into gnome so, xfce extra stuff will be der
345[04:03:12] <tuxbts> and does mxlinux support gnome 3.38 or
3.36?
359[04:11:51] <Kurogane> Anyone can help with gnome + vnc? for
some reason when i connect via vnc i see gray screen, i tried many
configurations and not work always see gray screen. I'm using
debian 10.
360[04:12:20] <sponix> Kurogane: I use Teamviewer because it is
simple
361[04:15:23] <Kurogane> sponix, i not use teamviewer because i
can't using 24/7 because teamviewer ban you because
"think" is not personal use and i need to pay for "
364[04:17:16] <sponix> Kurogane: I see... I haven't used
regular VNC in ages... I think there is "tigervnc" or so
though
365[04:17:26] <jmcnaught> Kurogane: are you using Wayland? Did
you try logging in with Xorg?
366[04:17:38] <sponix> Wonder if "Anydesk" has a
similar use limitation
367[04:17:55] <sponix> jmcnaught: I keep forgetting
"Wayland" is a thing now
368[04:19:01] <jmcnaught> I use Wayland and it works for me, but
I do not use VNC.
369[04:19:47] <Kurogane> What is wayland?
370[04:19:50] <sponix> jmcnaught: pretty sure my Nvidia binaries
still only work well with X -- that sound correct ?
371[04:20:26] <sponix> Kurogane: It is another GUI base similar
to Xorg -- newer though
372[04:20:46] <jmcnaught> !wayland
373[04:20:46] <dpkg> Wayland is a display server protocol and
implementation library, intended as a simpler replacement for the X
Window System. Ask me about <weston>.
replaced-url
374[04:21:15] <c-c> afaics Nvidia drivers have a wayland fork
376[04:21:22] <jmcnaught> Kurogane: Wayland is now used by GNOME
by default, but it works different than Xorg and capturing the
entire screen is tricky with it.
382[04:25:07] <jmcnaught> Kobaz: log out of GNOME, and on the
login screen look for the gear icon under the password field. Select
'GNOME on Xorg' and log back in.
383[04:26:20] <blackfox> im looking to install openvpn mullvad
client, i did install the .deb file but didnt see it install, kernel
5.8
384[04:26:41] *** Quits: pvdp665564 (~pvdp@replaced-ip) (Remote host closed the connection)
385[04:27:29] <sponix> blackfox: mullvad.net had directions on
how to do it. follow them
389[04:29:57] <sponix> they also have the option to have the
website generate a wireguard client config for you to connect to
them -- I might just do that instead of installing their package
395[04:34:39] <Kurogane> jmcgnh, nop still see gray screen.
396[04:36:16] <jmcnaught> Kurogane: in GNOME settings if you go
to the Sharing section (left side-panel) does it have an option for
screen sharing there?
397[04:38:25] *** Quits: Tom01 (~tom@replaced-ip) (Remote host closed the connection)
399[04:44:02] <Kurogane> gnome settings? i see a setting and
there is sharing and there are some options, all are off except
remote login.
400[04:45:22] *** Quits: Prints (~333@replaced-ip) (Ping timeout: 260 seconds)
401[04:45:57] <jmcnaught> Kurogane: previously GNOME had the
ability to share the screen with VNC, it was configured under
Sharing settings. I do not have it, but maybe you do if you log in
with Xorg instead of Wayland.
423[05:18:07] <abff> is there an debian-installer specific
channel?
424[05:19:07] *** Quits: auk_ (auk@replaced-ip) (Remote host closed the connection)
425[05:19:12] *** Quits: auk (auk@replaced-ip) (Ping timeout: 272 seconds)
426[05:20:06] <abff> I've been setting up
replaced-url
427[05:21:29] <abff> I was guessing while trying to do the
install, I mounted the iso to /cdrom and /media but the mount
command was complaining about loopback interfaces
438[05:39:56] <abff> I think I got lucky, it's working now.
I created a second partition and dd'd the iso to that second
partition, then I was able to mount it to /cdrom
448[05:55:19] <maxtim> I have a dual boot system with Windows
installed. When I `fdisk -l` I see that the Windows partition has
the boot flag. What steps should I take to ensure Debian will boot
if I were to delete the win partition?
449[05:55:27] <Urk> RoyK> It still wouldn't kill it.
450[05:58:08] <Urk> RoyK> I used killall chrome, and that got
rid of it.
453[06:03:42] <ax562> I just added a new partition with a new
OS. I'm running grub off of my Debian 11 partition. What would
be the best way for Debian's grub to pick up my new OS and add
it to the OS choice screen when I boot?
469[06:27:07] <dpkg> #debian-next is the channel for
testing/unstable support on the OFTC network (irc.oftc.net), *not*
on freenode. If you get "Cannot join #debian-next (Channel is
invite only)." it means you did not read it's on
irc.oftc.net. See also
replaced-url
470[06:28:01] *** Quits: ax562 (aec28509@replaced-ip) (Remote host closed the connection)
473[06:31:24] *** Quits: tuxbts (uid384283@replaced-ip) (Quit: Connection closed for inactivity)
474[06:32:07] <maxtim> I have a dual boot system with Windows
installed. When I `fdisk -l` I see that the Windows partition has
the boot flag. What steps should I take to ensure Debian will boot
if I were to delete the win partition? Note* I understand that I
must use a live disk in order to do any operations ahead. I'm
not 100% sure where GRUB is installed
511[07:19:43] <maxtim> Nah, I kinda have a love affair with
System Rescue CD
512[07:20:09] <mtlsw> maxtim, nerd
513[07:20:11] <derpadmin> ah, love it too
514[07:20:14] <maxtim> lol
515[07:20:48] <derpadmin> so fdsik have an option "a"
to toggle a bootable flag
516[07:20:51] <mtlsw> I just downloaded/new sysrescue cd today
.. I'm wondering what good I can do with it -- considering I am
pretty well covered already just using gparted-live.
517[07:21:32] <derpadmin> guess I need to download the latest
version and put on my bootable key now
518[07:21:34] <alex11> i kind of just assume i can rescue a
debian system with the installer
519[07:21:35] <derpadmin> thanks guys LO
520[07:21:39] <alex11> i don't know if that's a false
belief or not
521[07:21:41] <maxtim> mtlsw, it's like having a tool that
can do just one thing versus a tool that can do all of it
523[07:22:06] <mtlsw> I usually don't need more than a
couple of utilities, which get updated with gparted-live ..
524[07:23:01] <mtlsw> it's only like 300 megs more (twice)
the size of gparted-live ... so whatever else I might be needing not
on gparted, I guess I should find in sysrescue -- but can't
think of anything.
525[07:23:06] <derpadmin> ok, so fdisk, add bootable flag
526[07:23:11] <derpadmin> growpart
527[07:23:17] <derpadmin> and resize2fs
528[07:23:20] <maxtim> so just make bootable flag to sda1
529[07:23:22] <derpadmin> we are done here?
530[07:23:43] <derpadmin> yup
531[07:23:46] <derpadmin> sda1
532[07:23:53] <maxtim> yeah, I mean that's what I was
already thinking. I guess I just needed some confirm
533[07:24:05] <mtlsw> gparted does that transparently.. much
safer... it's too much a mess to calculate filesystem size and
partition size. ---<<< ha you should know how many newbs
fall for only doing ONE and not the other and then totally corrupt
their filesystems.
534[07:25:10] <maxtim> yeah.... I'd rather blame myself
than another pice of software... mtlsw
535[07:25:23] <maxtim> still gonna back, back, back it up!
536[07:26:13] <maxtim> I heard this from someone on this
channel: There are two types of people: those who have suffered a
catastrophic data loss, and those who will.
537[07:27:02] <maxtim> You ain't gonna F me again, data
loss! Not Today Death!
538[07:27:27] <mtlsw> you should see on reddit -- constantly --
users do one thing and not the other, make a new
"Formatting" on a new parittion while it is actually
overwritting an overlapped filesystem.
539[07:27:29] <mtlsw> total mess.
540[07:27:47] <mtlsw> my suggestion is just to use
"gparted" unless you know what you're doing -- and
you're right -- backing up is a good thing.
546[07:30:08] <mtlsw> it's like doubled in size the last 2
years. Questions though are not on that particular reddit, but the
fact that the size of r/linux has like doubled, quite tells
something about the growing popularity of Linux
547[07:30:45] <maxtim> I just wanna see jokes and cat memes on
reddit. I sometimes look at r/WindowsTechSupport just for questions
I might be able to answer.
548[07:31:38] *** Quits: ax562 (aec28509@replaced-ip) (Remote host closed the connection)
549[07:31:41] <maxtim> I've never said I was an expert with
Linux. Wish I could, and perhaps that's an issue with linux,
and Debian specifically.
551[07:32:06] <mtlsw> I dont browser reddit -- I just use a news
aggregator to look at any titles that would interest me and then
check things out
552[07:32:18] <mtlsw> I never really use the "web
portal" for browsing new topics.
553[07:32:23] <mtlsw> I hate reddit in that way ;-)
554[07:32:34] <mtlsw> that means I actually don't like
memes. :)
555[07:33:01] <maxtim> I read fairly recently that the Debian
project has no issue with monies, but does have an issue with
programmers. in that they simply don't have enough of them
556[07:33:03] <mtlsw> it wastes too much my time to even care
:))
557[07:33:29] * mtlsw says you can use "rss" against
subreddits.
560[07:34:07] <mtlsw> it'd be great if the
debian-wiki+documentation was one project instead of two++
561[07:34:10] <maxtim> I kinda stopped using rss feeds a long
time ago
562[07:34:17] <mtlsw> I bet it would surpass the archwiki if
that were the case.
563[07:34:33] <maxtim> intersting notion
564[07:34:44] <derpadmin> mtlsw, resize2fs with no size argument
resize to the max of the partition available these days :)
565[07:34:45] <mtlsw> maxtim, rss feeds have only grown into
billion dollar bussinesses
566[07:35:23] <mtlsw> maxtim, maybe they're not called rss
up-front but you can export alot of those feed-services to .opml ,
and then import that into your rss app. Or even on your Android as
well.
567[07:36:08] <maxtim> mtlsw, i'll start looking at rss
again. noted
568[07:36:47] <mtlsw> derpadmin, you kind of missed my above
example.. trying using it after shrinking a partition. A lot of
noobs tend to forget to resize hte filesystem, and instead go ahead
with adding partitions and formatting things.
569[07:37:18] <derpadmin> ah, shrinking, yeah, that is more
dangerous :)
665[09:21:17] <genr8_> we have 3 different versions of
rng-tools, two are version 2.x, one is 5.x, both the maintainers
went to sleep, and there is a massive recent amount of activity on
github by a 3rd guy that needs to be audited for correctness, and
the concept of haveged and jitterentropy needs to be thought of as
well
666[09:23:27] <genr8_> The official repo is up to v6.10
replaced-url
667[09:23:52] <genr8_> and since its crypto we need the big
brains on duty
744[10:27:56] <shtrb> jelly, lol I had found the problem with my
playback (simultaneous ) - the application (dragon player) was using
the wrong sink :D
745[10:28:10] <shtrb> pulse audio had all ok :D
746[10:29:02] *** debhelper sets mode: +l 1155
747[10:29:57] *** Quits: blodkorv (~blodkorv@replaced-ip) (Remote host closed the connection)
885[13:27:40] <ytf0rd> my storage stuff is on lockdown
886[13:27:45] <ytf0rd> they say I need to pay
887[13:27:59] <ytf0rd> how to not pay and get files?
888[13:28:12] <ytf0rd> ?
889[13:28:15] <ytf0rd> ?
890[13:28:17] <ytf0rd> ?
891[13:28:19] <ytf0rd> ?
892[13:29:12] <ytf0rd> help pls
893[13:29:17] <ytf0rd> what to do?
894[13:29:59] <azeem_> what is hentia?
895[13:30:17] <shtrb> typo on a type of video resource
896[13:30:17] <ytf0rd> its a kinda of anime/manga
897[13:30:18] <shtrb> ?
898[13:30:30] <shtrb> error 567 from where ?
899[13:30:30] <azeem_> ytf0rd: how is this related to Debian?
900[13:30:49] <ksk> !problem
901[13:30:50] <dpkg> from memory, problem is something that can
be solved, fixed or worked around if properly described. A good
thorough description of the problem, with detailed steps of how to
reproduce the problem, the produced output, and the expected output,
is the best start to discuss a problem.
902[13:30:50] <ytf0rd> because it happened on debian I installed
a deb file and they did this
903[13:30:58] <kopper> ytf0rd: Your hentai is ransomwared?
904[13:30:59] <ytf0rd> they said wont have files until I pay
them
905[13:31:04] <kopper> Lol
906[13:31:07] <ytf0rd> whole drive
907[13:31:21] <ytf0rd> I was trying to download linux vr stuff
and they did this
908[13:31:22] <ksk> Should not have installed random .deb files
from the net, maybe :)
909[13:31:35] <shtrb> oh lord , you installed a .deb from
somewhere and not just the debian repositories ?!
910[13:31:37] <ytf0rd> I saw it on pirate bay
911[13:31:47] <c-c> name?
912[13:31:50] <ksk> !handbook
913[13:31:50] <dpkg> The Debian Administrator's Handbook is
at
replaced-url
914[13:31:51] <shtrb> ytf0rd, well , revert from backup
915[13:31:56] <ksk> ytf0rd: I suggest you read the handbook
916[13:32:18] <ytf0rd> its I cant get hentia vrs in the main
repos
917[13:32:28] <ytf0rd> how to get them in the main repos so dont
need pirate bay?
918[13:32:49] <shtrb> Do you mean hentai ?
919[13:32:55] <ytf0rd> yes
920[13:33:09] <ytf0rd> sorry english is poor come from india
921[13:33:14] <kopper> Weekend has started
922[13:33:39] <ytf0rd> what do I do to get files back need tool
cant loose files important
923[13:33:41] <ksk> ytf0rd: How about buying it from the vendor,
if they offer linux version of this software?
924[13:33:41] <shtrb> hentai , is just a term to describe
videos, you don't need to have a .deb to watch a specific video
926[13:34:05] <ytf0rd> no I was downloading exes and running
them in wine
927[13:34:14] <ksk> ytf0rd: if your system is rooted and
crypted, you cannot do anything. Restore from Backups.
928[13:34:15] <ytf0rd> but then I gave wine permision over a
whole drive
929[13:34:17] * shtrb facepalm
930[13:34:18] <c-c> kopper: yes, even natively english countries
lose language skills
931[13:34:29] <queip> maybe he was attacked by randomware virus?
that's quite an achievment to do on linux
932[13:34:35] <queip> *ransomware
933[13:34:38] <iamjfk11> ytf0rd torrent hash ?
934[13:34:52] <ytf0rd> it changed my background to a face of
anonymouse
935[13:34:59] <shtrb> queip , yes, wine become very good
recently !
936[13:35:03] <ksk> queip: Im rather inclinded to say: Wine must
be good, if ransomwe runs on it out of the box ;)
937[13:35:04] <c-c> queip: first it was .deb, now its random
.exe, and the whole deal is still trolling.
938[13:35:08] <ytf0rd> help he is asking for money
939[13:35:17] <kopper> c-c: I wasn't referring to his
language skills. I was referring to the fact that his porn is
ransomwared by installing something from PirateBay
946[13:37:57] <EdePopede> nice blueprint for a HOWNOTTODOIT
947[13:37:59] <shtrb> another, he did
948[13:38:10] <another> where?
949[13:38:36] <EdePopede> 23.10 13:30:50 <ytf0rd> because
it happened on debian I installed a deb file and they did this
950[13:38:46] <EdePopede> "why in #debian"
951[13:39:12] <another> ah, sry. missed that
952[13:39:55] <EdePopede> so people are still behaving like in
DOS times?
953[13:41:55] <shtrb> Just an observation , India has the second
largest english speaking population in the wold, you can now say
that US and Indian dialects the proper English :D
999[14:03:19] <shtrb> queip, well , I trust you that you had
found a bug report for that.
1000[14:03:20] <azeem_> but ok
1001[14:03:37] <shtrb> but , clean buster default config should
work (I did an installation last week )
1002[14:03:39] <queip> how to tell akonadi to use pgsql?
1003[14:04:31] <queip> shtrb: it is a well known problem that
kmail will stop receiving emails on mysql, perhaps it needs certain
kind of email servers, or high load, or many emails (I have
thousands) or some extra conditions but it is recognized by devels
1004[14:04:50] *** Quits: coot (~coot@replaced-ip) (Remote host closed the connection)
1008[14:05:39] <azeem_> queip: the documentation probably
explains how to switch to pgsql
1009[14:05:56] <azeem_> it's not a usual thing to do, so
probably you won't find somebody in here who knows off-hand
1010[14:06:00] <shtrb> queip, make sure you are not connecting to
running mysql server ! but rather use the standard per use instance
1011[14:06:10] <queip> shtrb: how?
1012[14:06:15] <ratrace> shtrb: what do you mean?
1013[14:06:16] <shtrb> about pg - here's a doc
replaced-url
1014[14:06:35] <queip> (user) akonadictl start -> DBUpdater
shown various errors, cant alert table, cant drop column external
etc
1015[14:06:37] <gpunk> queip: if akonadi fails to work, changing
backend is not really of actuality
1016[14:06:51] <gpunk> dig for the real issue with akonadi
1017[14:06:53] *** Quits: j7k6 (~j7k6@replaced-ip) (Remote host closed the connection)
1018[14:06:56] *** Quits: JohnML (~john1@replaced-ip) (Remote host closed the connection)
1019[14:06:57] <shtrb> ratrace, you can either have a mysql
server running and listning on a port . but you could also let
akonadi spawn a mysql server on demand
1020[14:07:03] <queip> gpunk: the real issue is that it is very
poorly written
1022[14:07:09] <shtrb> that's more for #plasma and #akonadi
to be honest
1023[14:07:12] <ratrace> shtrb: like a completely separate master
mysql instance?
1024[14:07:13] <gpunk> what is poorly written ?
1025[14:07:20] <shtrb> ratrace, exactly
1026[14:07:23] <ratrace> shtrb: that's just super extra
terrible......
1027[14:07:32] <shtrb> ratrace, welcome to akonadi
1028[14:07:37] <gpunk> and changing a backed of any software, is
not a way of fixing it
1029[14:07:40] * ratrace is happy there's no KDE ecosystem on its
computers
1030[14:07:40] <queip> gpunk: it seems to be popular opinion that
entire idea of akonadi is just bad, because it becomes very slow,
and kmail should never used it
1032[14:07:53] <gpunk> IF it woeks then, then you have found a
work-around, not a fix
1033[14:07:55] <shtrb> ratrace, you get used to it, it's not
a big deal anymore
1034[14:08:11] <queip> ratrace: old KDE was good
1035[14:08:15] <ratrace> shtrb: my OCD would neve, ever, allow
that
1036[14:08:27] <ratrace> queip: yeah, 3.x was awesomest
1037[14:08:28] <shtrb> queip, I find it odd that by default
config in debian you would hit that.
1038[14:08:28] *** Quits: coot (~coot@replaced-ip) (Remote host closed the connection)
1039[14:08:29] <queip> before people started with adding modern
things to it. it was systemd'd even before systemd ;))
1040[14:08:31] <gpunk> akonadi is fine, it is just that alot of
folks dont know what it is really actually
1041[14:08:41] *** Quits: Haudegen (~quassel@replaced-ip) (Quit: Bin weg.)
1042[14:08:44] <ratrace> queip: it's not modern things that
are proble, but bad developers
1043[14:08:50] <queip> gpunk: kmail DEVELOPERS say akonadi was a
bad idea to use
1044[14:09:01] <shtrb> please try create a brand new account ,
use the standard mariadb server installation as in server and test
there
1045[14:09:14] <gpunk> maybe, but doesnt mean it doesnt work
1046[14:09:24] <gpunk> I have never had an issue with ot
1047[14:09:27] <queip> shtrb: do you know how to instead just
nuke from orbit the current user's akonadi DBs and all? I do
not have any data there that needs saving
1048[14:09:42] <shtrb> yes , but I wish to let you an option to
restore your mess
1049[14:09:47] <ratrace> !ripley method
1050[14:09:47] <dpkg> "I say we take off and nuke the entire
site from orbit. It's the only way to be sure." -- Ellen
Ripley
1052[14:10:47] <gpunk> AND , what do you mean by not working
exactly ? (I just got in ...)
1053[14:11:16] <queip> gpunk: kmail on akonadi+mysql after first
hour to use stopped updating the emails, not downloading any new
emails
1054[14:11:42] <queip> shtrb: on new user, the kmail starts up,
yes
1055[14:11:42] <gpunk> have you taken action to be able too Logs
?
1056[14:11:43] <shtrb> queip, what you need to do is to backup
everything , remove the resources (uninstall) , erase the db
(.local/share/akonadi/* ) , prove P=NP , uninstall any extra thing
you had done in your workaround , apt-get install kontact
1057[14:11:59] <shtrb> queip, if on a new user it works ,
congrats you had broken your user config
1060[14:12:20] <shtrb> my comment about the steps was to nuke
everything
1061[14:13:01] <shtrb> as it work for another user, you can just
remove resources , erase local akonadi resources and directories ,
and start the service again
1062[14:13:07] <shtrb> just backup everything before hand
1063[14:13:26] <queip> shtrb: how to verify whether my current
akonadi uses mysql or pgsql actually?
1064[14:13:47] <shtrb> you can see via akonadiconsole or the
config files
1083[14:19:45] <shtrb> queip, ^ the config file where you can see
where it will try to connect and how
1084[14:21:13] <shtrb> in your case , just backup your home dir
and git rid of ~/.config/akonadi and ~/.local/share/akonadi*
~/.cache/akonadi* , make sure you backup everything BEFORE you start
erasing
1085[14:21:28] <shtrb> can't you create a new user on the
same machine and check it on the same machine ?
1087[14:22:41] <queip> oh damn the machine where I thought pgsql
helped, is still on mysql, seems just restarting server masked the
bug for now
1088[14:23:00] <shtrb> :D
1089[14:23:02] <gpunk> My idea is that, it could be only a
mariadb issue, hence you wont have to play with all akonadi stuff
1090[14:23:04] <queip> maybe in a decade linux will have an
actually good email client just that works
1091[14:23:15] <queip> shtrb: still, kmail developers say to use
pgsql and mysql version is crap
1092[14:23:47] <gpunk> queip: you have a superb email client,
very mature and fonctional: Evolution
1093[14:24:10] <gpunk> nothing compares to it, even outlook users
fall for it
1094[14:24:30] <shtrb> I think you should calm down , see that
kmail devs probably have a much updated version then you have on
debian (we are with buster after all), you also have other like
claws (no akonadi involved) or evolution and mutt
1095[14:24:45] <shtrb> gpunk, outlook is ... broken
1096[14:24:59] <gpunk> what do I care about outlook ?
1097[14:25:36] <shtrb> gpunk, you took their users to fall for
evolution , they would be happy with netscape communicator
1098[14:25:45] <queip> last time I used evolution it was crashing
a lot
1099[14:25:50] <queip> though that was 10+ years ago, hmm
1101[14:26:26] <gpunk> a package binary that crashes, doesnt
witness the quality of a piece of software
1102[14:26:35] <queip> seeing as it is Gnome, it is probably
badly writen C, and probably hides all advanced options from users
(the dumb user philosophy)
1103[14:26:36] <gpunk> you'd have to see with your distro
1136[14:30:13] <gpunk> you think you are smarter then K ou R or
Linus ?
1137[14:30:16] <queip> in C, probably part of the reason why we
at least yearly have a critical bug there
1138[14:30:21] <NetTerminalGene> i did "systemctl --now
disable apt-daily.timer apt-daily-upgrade.timer" but my buster
still check upgrades automatically at boot. how can i disable auto
update check?
1139[14:30:36] <queip> * critical vulnerability
1140[14:30:37] <gpunk> can you stop puking shit for a minute ?
1141[14:31:04] <shtrb> queip, akonadi is broken not because of
the language but because design choices, so many project had been
now broken because of "fancy" js and node crap .
1142[14:31:55] <gpunk> A man codes C for 15y, then tells me C is
crap
1143[14:32:03] <gpunk> lol
1144[14:32:05] <queip> shtrb: sure, usage of C is why I
wouldn't move to Evolution
1145[14:32:16] <shtrb> queip, but even in your case , I have a
hunch you had some odd config or choices that are broken
1146[14:32:24] <queip> gpunk: C++ includes C, I code in C++
1147[14:32:32] <queip> which is how I know C is bad :)
1148[14:32:47] <gpunk> I was coding in C, way before C++ was
invented
1149[14:33:03] <shtrb> queip, I'm too a "dev" with
a good background in both C and C++ , but I would never judge a
program just based on the language it had been done it.
1150[14:33:16] <vipthx> Hi guis, i have MB ASUS with nforce 570
chipset and CPU that mobo does not recognised it. CPU run at 800MHz
instead 3.2GHz. How can i overclock it in Debian?
1151[14:33:22] <gpunk> I was coding in C, way before C++ was
invented, so I went with the wave and learned C++ by my self
1152[14:33:27] <gpunk> I love c++
1153[14:33:34] <queip> well I was coding in asm around that time,
and I know I wouldn't trust anything hand written in asm now,
it's too error prone (besides rare specialized asm fragments
where really required)
1154[14:33:38] <gpunk> but many thnings are not made for c++
1155[14:34:02] <shtrb> queip, based on your answer , you would be
get yelled by C++ devs , C++ is no longer C with classes , these are
different paradigms , different appoachs
1156[14:34:37] <queip> well Im simply saying, I do not want to
attach myself to user programs written in language so
memory-dangerous as C, which is why Evolution is not for me
1157[14:34:44] <shtrb> feces even qt might get lost now , and we
will be left only with wxwidets and gtk
1158[14:35:11] <shtrb> And what language is not memory-dangerous
?
1159[14:35:18] <ratrace> %s/is no longer C with/is no longer just
C with/
1160[14:35:21] <queip> even C++ is hard, often seen crashes in
kmail and alike (in stable debian) related to invalid pointers. but
C is even harder, so just too much for my taste :)
1161[14:35:27] <ratrace> shtrb: why, Rust of course!
1162[14:35:46] <shtrb> ratrace, intellectually chalenged bugs can
be made in rust without a problem
1163[14:35:47] <queip> shtrb: well, python. subset of rust if
used properly. higher languages like dunno, haskel
1164[14:35:49] <gpunk> anyway, we changed subject
1165[14:36:01] <shtrb> "properly" is the key point here
1166[14:36:12] <gpunk> to answer our freind, the most mature and
complete email client there is , is evolution.
1167[14:36:23] <queip> shtrb: sure but better to just have
logical bugs, than logical+lowlevel. Also, logical usually do not
lead to RCE at least
1171[14:37:02] <shtrb> queip, i didn't see "low
level" bugs in your complain so far , only that it does not
work (sorry)
1172[14:37:19] <ratrace> shtrb: footshootage is ubiquitous among
bad developers and agnostic to language used :)
1173[14:37:27] <queip> very mature code, everyone run it. low
level C-style memory bug, and bam, basically most (all?) browsers,
across many (all?) platforms have now potential RCE
1174[14:37:32] <gpunk> what are you trying to say ? queip:
1175[14:37:32] <queip> (patched yesterday in Deb)
1176[14:37:54] <queip> that sadly mature code often has critical
bugs too, and if it is C code then probably has more of them
1177[14:37:59] <ratrace> queip: that's mostly coming from
terrible x86 design, rather than usage of C tho
1178[14:38:13] <gpunk> you prefer shrp maybe ? so get your self a
windows and stop criticising for critisising
1179[14:38:35] <shtrb> gpunk, I just gaged because of you
1180[14:38:41] <gpunk> lol
1181[14:38:42] <queip> ratrace: I think no CPU architecture can
save you fully from memory errors. some might mitigate with NX,
randomization and all. x86 already does
1182[14:38:58] <ratrace> queip: capability based hardware and
hardware fat pointers
1183[14:39:16] <queip> ratrace: like what arch does that
currently?
1184[14:39:32] <ratrace> queip: some RISCV based implementations
1185[14:39:40] <shtrb> I almost gurntee your akonadi issue is not
because of a "low level" error of memory bit flips or
incorrect types badly casted. but rather LOGIC ERRORS
1187[14:40:01] <queip> shtrb: sure, that is just another topic
that came up with Evolution
1188[14:40:05] <gpunk> I swear to go, since the last year or so,
I come across, all the time, folks that the only thing they do is:
contradicting and criticising anything you tell them
1189[14:40:11] <ratrace> queip: or ARM.... see: CHERI
1190[14:40:17] <gpunk> even if it makes then look ridiculous
1221[14:51:01] <queip> shtrb: you can also give it trust. but
what many people do not know, and do not intend to do, is that
giving trust also means the WOT thing, "trust that if this guy
says someone else X is trusted, then consider X trusted as
well"
1222[14:51:11] <queip> gpg messed up a bit the trust vs lsign
thing imo
1392[17:03:55] <fredl> hi guys, in my persistent iptables I have
-A INPUT -m conntrack -p tcp --dport 22 --ctstate
RELATED,ESTABLISHED -j ACCEPT
1393[17:04:10] <fredl> I'd like to conntrack the SSH
connections but nothing else
1394[17:04:53] <ratrace> fredl: what do you mean?
1395[17:05:52] <fredl> You know what connection tracking does
right?
1396[17:06:40] <fredl> in iptables output it looks like this: 320
23364 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate
RELATED,ESTABLISHED tcp dpt:22
1397[17:07:17] <ratrace> I know what the conntrack module is and
what it does yes. what do you mean about "conntrack the ssh
connecions but nothing else"
1399[17:07:36] *** Quits: lesless (~lessless@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
1400[17:07:57] <fredl> well it's a haproxy server, I
don't mind my, or co-workers, SSH connections to be put in the
conntrack table
1401[17:09:23] <fredl> So I figured with the -m conntrack
--ctstates, if I add a -p tcp --dport 22 that nf_conntrack would
only add the SSH connections to the conntrack table
1402[17:09:57] <fredl> it doesn't seem to work that way
though and I'm asking why
1412[17:11:56] <fredl> and the conntracking table gets HUGE
1413[17:12:17] <ratrace> well the nature of network traffic is
that it _has_ to be tracked, except for stateless things like UDP
1414[17:12:27] <ratrace> the very nature of TCP itself requires
it
1415[17:12:31] <fredl> ehm no
1416[17:12:37] <ratrace> well, serial numbers for starters
1417[17:12:39] <fredl> It's only for the firewalling,
conntrack
1418[17:13:11] <fredl> So that if an incoming packet matches
somethign that's in the conntracking table, not all the other
rules need to be checked
1419[17:13:13] <ratrace> that's not really true. flush teh
tables and then look up /proc/net/nf_conntrack
1420[17:13:29] <ratrace> connection tracking is about flows
1421[17:14:25] <fredl> well yeah but for very busy sites with
traffic that comes from a million different sources... is it useful
to keep those connections in the conntrack table?
1422[17:14:37] <fredl> even if just for a few seconds
1423[17:14:37] <ratrace> a packet is always in SOME state.
invalid (no known connection), new, established, related, untracked,
....
1429[17:15:47] <fredl> reassembling packets happens in the TCP
protocol
1430[17:16:00] <ratrace> right, so whta are you really asking
then?
1431[17:16:03] <fredl> conntracking is something entirely
different
1432[17:16:07] <ratrace> it's not really
1433[17:16:14] <fredl> it is
1434[17:16:22] <ratrace> well then you know better and your
problem is solved.
1435[17:17:11] <ratrace> also, the order of rules matters, so if
you want to -j ACCEPT before your established,related match, you can
do so
1436[17:17:37] <ratrace> also:
1437[17:17:39] <ratrace> !xy
1438[17:17:39] <dpkg> Slow down for a bit! Are you sure that you
need to jump through that particular hoop to achieve your goal? We
suspect you don't, so why don't you back up a bit and tell
us about the overall objective... We know that people often falsely
diagnose problems because they are too close to them -- it's
easy to miss that there is a better way to proceed. See
replaced-url
1448[17:26:00] <ratrace> fredl: by the way, if the conntrack
tables were separtae from the connection tracking part of tcp, then
iptables -F would flush the states and disconnect everything and
everyone, ssh conn included, and that never happens because the
iptable extension is just about matching the internal stack states
1491[18:08:58] <Matrox> to block ssh login attempts (i have
already disabled password auth but my logs are full of ssh attempts
to login) should i use fail2ban or the simpler sshguard?
1492[18:09:06] <jhutchins> Wow, big jump from buster to bullseye
1502[18:12:23] <Brigo> Matrox, they do basically the same, it is
just a matter of taste.
1503[18:12:36] <sney> Matrox: run it on an alternative port,
and/or use a firewall to restrict ssh access to allowed hosts only.
Your vps provider may have a web-based one you can use for this,
otherwise netfilter.
1504[18:13:01] <sney> blocking hosts that already attempted to
ssh is a losing battle on an internet full of botnets.
1505[18:13:23] *** Quits: chele (~chele@replaced-ip) (Remote host closed the connection)
1508[18:14:50] <taman> There's fwknop too, though it's
ipv4 only.
1509[18:14:51] <Matrox> sney, i open up my journalctl logs for
sshd, and i see a login attempt with different username (dictionary
attack) every second
1510[18:15:13] <Matrox> you can't even read journalctl
without filtering at this point
1511[18:15:36] <sney> Matrox: exactly, botnets. jhutchins is
right that the bots mostly target port 22, so if sshd is on (e.g.)
port 222, the bots won't hit it as hard.
1512[18:16:57] <Matrox> i see
1513[18:17:04] <sney> if you let the bots keep hammering your
server and only block them afterwards, they'll still be in your
logs, and fail2ban will increase the overhead as well
1514[18:17:22] <jhutchins> 222 is pretty well known these days.
1515[18:18:15] <sney> right, roll the dice and pick a 3 or 4
digit number.
1526[18:24:39] <dpkg> deb.debian.org is a mirror network that is
backed by international content delivery networks and for most
users, this is the most reliable <mirror> to use in the
<sources.list>. From Debian 9 "Stretch" onwards, apt
queries SRV records in DNS which then send it off to a CDN. Older
apt will get an HTTP redirect from deb.debian.org to the same CDNs.
See
replaced-url
1652[19:13:16] <JPT> conntrack is responsible for tracking
traffic within iptables/nftables rules. I don't understand why
you would want to blacklist them?
1653[19:14:37] <fredl> because I run haproxy on that box and
it's very busy, that flogs the conntracking table
1663[19:18:38] <fredl> this is one of those servers where libvirt
asks for a password and by the time you pasted the password you
already can't stop the bootloader and boot in single user more
1690[19:30:42] <fredl> Oh I guess I could try that
1691[19:30:54] <fredl> I just undid it and rebooted and now
it's fine again
1692[19:31:23] <fredl> I do have an academical curiosity to
figure out why
1693[19:31:35] <fredl> but alas not much time to find out
1694[19:32:25] <JPT> Well, if the machine is operational now, it
should be fine. :)
1695[19:32:40] <Matrox> if i install something with pip3 or pip,
is it in my default path? because i already have that package from
debian repos but want to get latest from pip
1696[19:32:48] <JPT> By the way, you can use sysctl to adjust the
conntrack limits to your needs, too
1705[19:33:35] <JPT> Matrox: I believe that your statement is
true. It may differ if you're within a virtualenv though. For
more details, perhaps ask the python people :)
1707[19:33:46] <somiaj> Matrox: by default yes, and as you have
discovered this is probably not best. You should use a python
virtualenv to install stuff to keep it indepdnent of your system.
1708[19:33:54] <fredl> I basically removed the --ctstate
RELATED,ESTABLISHED now tho
1709[19:34:10] <fredl> That also completely blocks any
conntracking to happen
1710[19:34:11] *** Quits: zathras (~zodd@replaced-ip) (Remote host closed the connection)
1712[19:35:02] <fredl> well huh, only after you have completely
nuked, erradicated, bombed EVERTHING that UFW leaves behind after
you install it by pure accident
1713[19:35:27] <JPT> fredl: That makes sense. If certain rules
are hit too often by traffic, you may want to stop using conntrack
for them and perhaps check tcp flags directly. It's not always
beautiful, but it should work fine.
1714[19:35:30] <Matrox> somiaj, i will just apt-get purge
old-package
1720[19:36:04] <JPT> fredl: However, consider increasing your
conntrack limits if your ruleset is important to you. Modern
machines should easily be able to track ~500k connections or more.
1726[19:38:36] <dpkg> In buster, su no longer overrides PATH by
default, requiring that you use "su -" or "su
-l" for login shells (which is not really a new thing at
all...). To approximate the previous behaviour, put
"ALWAYS_SET_PATH yes" in /etc/default/su (create it). See
replaced-url
1743[19:41:58] <JPT> fredl: The answer is: it depends. If you use
conntrack, once a new connection is tracked and allowed, all
follow-up packets can be allowed by one lookup within the first rule
in your chains.
1744[19:42:19] <JPT> On the other hand, you can have all packets
traverse the whole ruleset each and not use conntrack.
1745[19:42:35] <fredl> I guess it's a balance
1746[19:42:41] <JPT> Also, depending on how big your ruleset is,
using conntrack will also improve readability of your ruleset a lot.
1747[19:42:46] <JPT> Yes, it is.
1748[19:43:02] <fredl> If you have many long running
connections.... it makes a lot of sense to have a few conntracking
entries why not
1749[19:43:22] <fredl> But on a webserver with millions of hits
from all over the place I think it makes far less sense
1751[19:44:00] <JPT> Yeah, probably. The guys that run cloudflare
certainly have different requirements than what I want to do with my
vps running a private homepage.
1752[19:44:23] <fredl> Well this is a loadbalancer for quite a
busy site we're building :)
1754[19:44:59] <JPT> My personal experience with a
"busy" haproxy instance is the one I run at work, which
load balances for our exchange. It usually peaks handling a total of
about ~20-30k connections. It's fairly boring.
1762[19:46:31] <JPT> Since most of the communication is based on
https, I assume it's a ton of new connections over and over
again, but I'm not certain.
1763[19:47:06] <fredl> I'm thinking I might want to consider
doing conntracking on the *internal* connections
1768[19:48:24] <fredl> as they won't create a huge amount of
entries in the conntrack table I'd think
1769[19:48:35] <JPT> To talk about iptables based firewalls: Our
primary one uses conntrack for everything. It peaks at about ~70-80k
tracked connections, while also dealing with the usual trash traffic
coming from the internet. No performance issues so far.
1770[19:49:23] <JPT> We're a small sized university, and our
internet connection usually never exceeds transfers of about
1gbit/s.
1774[19:50:51] <fredl> well what's also important to
realize... this is a KVM VM
1775[19:51:19] <fredl> That would involve all sorts of tuning on
the hypervisor which I have fairly little control over
1776[19:52:55] <JPT> I mean - perhaps review your current
performance figures for your machine and then you can still
reconsider your options. My current point is: even with conntrack,
iptables/nftables is very efficient at tracking a big number of
connections without breaking a sweat.
1777[19:53:28] *** Quits: randombit (~randombit@replaced-ip) (Remote host closed the connection)
1792[20:07:22] <JPT> Matrox: 1) probably, I don't know for
sure. 2) If you have multiple python projects which require
different versions of the same modules, you can use different
virtualenvs to keep all these dependencies separated and prevent
incompatibility and other potential issues.
1797[20:08:34] <JPT> Virtualenvs are - afaik - best practise for
setting up any python project in order to keep your default/system
environment clean and be able to understand and easily track your
dependencies based individually.
1798[20:09:01] *** debhelper sets mode: +l 1174
1799[20:09:29] <JPT> I don't know about pipx, perhaps
that's one of many questions best asked in one of the many
existing python channels on freenode.
1800[20:09:45] <JPT> You can use "/msg alis list
python" to discover them
1887[21:28:57] <sney> TuxCrazy: looks like it's an electron
app, so it's probably pretty self-contained. the debian package
control files are missing from that repo though so it's hard to
be sure
1888[21:29:07] <enocoffee> from the options available i'd
choose the .AppImage.
1896[21:30:18] <sney> since the control files aren't
available, we have no way of knowing if it does anything wacky
during pre/postinst. appimage/snap/etc are completely isolated
1897[21:30:40] <TuxCrazy> but, the latest version of this
appimage doesn't seem to be working.
1898[21:30:50] <TuxCrazy> sney, ok
1899[21:30:53] <enocoffee> that's unfortunate.
1900[21:30:59] <TuxCrazy> I will use the appimage.
1901[21:31:21] <TuxCrazy> I am using the appimage of the previous
version. That works.
1902[21:31:33] <TuxCrazy> the latest one seems to have some
problem.
1957[22:31:00] <gpunk> hmm, it could be done by unloading the
driver :p
1958[22:31:10] <gpunk> but only in Linux :)
1959[22:31:35] <gpunk> so electrically the connection is there,
but no data is handled :)
1960[22:31:38] <foul_owl> Ahhh it can only be done for all usb
devices, not per usb port?
1961[22:32:34] <gpunk> I bleive so ... since unloading the
driver, means the kernel doesnt use USB anymore
1962[22:32:38] <foul_owl> Bascially I need to be able to 1. shut
off the data to a port 2. plug in my device 3. wait for the usb
device to boot 4. turn data on for the device
1963[22:32:53] <foul_owl> Gotcha
1964[22:33:09] <gpunk> ... this could be an X/Y problem,
1999[22:37:09] <greycat> Why is that when you give someone a
correct, efficient answer, the first thing they do is reject it and
demand a broken one...
2006[22:38:15] <gpunk> it is a new sport to systematically
contradict the interlocutor
2007[22:38:15] <n4dir> neilthereildeil: mywiki.wooledge.org ->
UsingFind has quite a few good examples for find, where you will
usually find what needs to be done.