130[02:54:58] <icypee> i tried that on xfce and gnome and they
both didn't work
131[02:55:07] <sney> !doesn't work
132[02:55:07] <dpkg> "Doesn't work" is a vague
statement. Does it sit on the couch all day long? Does it
procrastinate doing the dishes? Does it beg on the street for
change? Please be specific! Define 'it' and what it
isn't doing. Give us more details so we can help you without
needing to ask basic questions like "what's the error
message?". Ask me about <smart questions>, <sicco>
and <errors>.
133[02:55:43] <icypee> i tried installing fprintd on xfce and
gnome and the prompt to scan my fingerprint wouldn't appear
134[02:57:59] <sney> did you identify your model of reader, and
whether fprint supports it, and if you need to do anything else?
remember #debian can't see your screen or read your mind, so
it's best if you say what you already tried
135[02:58:24] <icypee> yes it supports it
136[02:58:34] <icypee> it reads my fingerprint in fprintd-enroll
307[07:18:24] <cheater> hi. in dpkg-query, what's the
difference between Status-Status and Status-Want? my guess is that
"Status-Status: installed" means that the package is
installed right now, while "Status-Want: installed" means
it's either installed now or will be installed after some sort
of job runs, but I don't really know how that works exactly.
356[08:33:14] <themill> cheater: dpkg --set-selections is one of
the places where selection state doesn't match state; partly
failed package installations or removals is another
470[10:48:59] <otisolsen70> I just got an OOM event last night.
Appearently triggered by dhcpd (kernel: dhcpd invoked oom-killer:
gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0,
oom_score_adj=0) Are there any resion why dhcpd would take up a huge
amount of memory?
471[10:49:07] <otisolsen70> Possible memory leak?
472[10:49:56] <azeem> dhcpd just triggered it, it doesn't
mean that it takes huge amounts
473[10:50:22] <azeem> probably best to pastebin the whole
message (there should be more lines following with diagnostics),
though those are pretty hard to decipher IME
474[10:50:28] <azeem> !paste
475[10:50:28] <dpkg> Do not paste more than 2 lines to this
channel. Instead, use for text:
replaced-url
476[10:51:03] <azeem> Lope: doesn't look like that
noise-repellent is packaged?
521[11:02:17] <Haohmaru> jelly lv2 is a kind of linux-ish audio
plugin format, so there would be host programs that load these, and
a pile of lv2 plugins
526[11:03:03] <Haohmaru> Lope you just uhm.. install it and then
make your host refresh/rescan for new plugins
527[11:03:10] <Haohmaru> it should just work(TM)
528[11:03:25] <uos_lyn> ksk: It is a Qt bug, and Qt official has
been submitted to the patch that has been repaired, but there are
not yet Patches in debian, so We want to submit it to Debian as well
537[11:09:16] <Haohmaru> check your host, who knows how it does
it.. other plugin formats usually require manual rescanning because
dodgy plugins can often cause the Host to freeze/crash or what not
583[12:19:09] <wonderworld> hey, i am having problems with
/etc/hosts. It doesn't seem to be honored at all. i have
"hosts: files dns" in nsswitch.conf but still if i check a
hostname set in /etc/hosts, still the external dns is used
584[12:20:58] <ratrace> wonderworld: pastebin your hosts file, I
bet it's in wrong format
635[13:38:44] <otisolsen70> gpunk, huh? I want something that
takes a folder with photos and generates static html/css/javascript
+ thumbnails, etc. that I can put on a webserver (or browse locally)
as a web gallery
636[13:39:04] <otisolsen70> gpunk, something like lazygal for
example. Howerver, I would like something that is better or more
modern.
646[13:47:37] <otisolsen70> So anyone know of any good static
gallery generators that work on debian? Preferably something that is
packages and apt-getable. But if something is fairly small and
self-contained that will work also.
649[13:50:15] <otisolsen70> I found 'sigal' which
looks promising:
replaced-url
650[13:50:25] <gpunk> lol I love kiddos that run their mouth
ONLY to contradict others ... did you type coppermine gallery on a
search engine ? we are not here to spoonfeed you
660[14:01:52] <shtrb> CommunistWolf, if it's in fact
DHCP-PD ,does it mean I should have an IPv6 lease file somewhere ?
661[14:03:24] <teo7> Hi, I've a wifi firmware missing
problem.. i already added non-free source list and i installed
firmware-linux-* and firmware-iwlwifi, but nothing..
662[14:03:24] <teo7> Then I also tried "modprobe -r
iwlwifi; modprobe iwlwifi" but again nothing is changed.
663[14:03:25] <teo7> maybe there is some problem loading the
downloaded modules
710[14:52:53] <jelly> uos_lyn: you'd typically file a bug
report, add a pseudo-header Tag: patch, and attach or link the
patches; it's not likely to get fixed in Debian 10 unless
it's really really important, but it will get integrated in dev
branch for the next release
711[14:53:07] <jelly> oops, that was supposed to be sent hours
ago
727[15:03:15] <uniqdom> Hello, I'm seeing the message
"Current command vanished from the unit file, execution of the
command list won't be resumed" in some systemd unit file.
what's that
738[15:15:44] <Frowney> I am running debian and want to put an
xmodmap command into the User's session startup script? where
can i find this on debian?
739[15:16:09] <ratrace> Frowney: ~/.xsessionrc
740[15:16:15] <Frowney> I researched this topic, and online they
suggested just dropping a script into /etc/init.d/
741[15:16:26] <Frowney> ratrace thank you sir/madam
789[15:54:36] <Frowney> do i need to make it executable for it
to work?
790[15:54:47] <ratrace> (and I don't know xmodmpa enough to
tell if you that specific invocation will do what you want it to do)
791[15:54:59] <ratrace> Frowney: you don't, it's
sourced
792[15:56:07] <greycat> I missed some of the context, but a
systemd service would be *counter*productive if you're trying
to modify an X session, as it won't run inside the X session.
793[15:56:20] <greycat> The traditional "shell-sourced dot
files" approach is what you want.
794[15:57:23] <Frowney> my command works great in the terminal
but am struggling with making it work, I will reboot to see if it it
works after taking the shebang out and making it not an executable
795[15:57:24] <Frowney> brb
796[15:58:16] <Frowney> oh another question, i want to use the
option _netdev in /etc/fstab to only mount these devices i mounted
there _after_ my connection has been established, but it wont mount
them after
797[15:58:19] <greycat> a shebang in a sourced dot file is
ignored by the shell (the # makes it act like a comment), and the
execute bit is likely also ignored
798[15:58:30] <greycat> likewise*
799[15:58:31] <jelly> ratrace: yes, server-side search does
wonders
800[15:58:54] <Frowney> greycat so rebooting is moot without any
further modifications?
801[15:58:57] *** Joins: mezzo (~mezzo@replaced-ip)
802[15:59:01] *** debhelper sets mode: +l 1192
803[15:59:17] <greycat> you wouldn't need to reboot anyway,
just log out and log back in (or restart X, if you're doing
startx)
804[15:59:31] <Frowney> can i put a sudo mount -a in that same
.xsessionrc to remount my mounts?
805[15:59:34] <greycat> and for the _netdev thing,
806[15:59:35] <greycat> !auto
807[15:59:35] <dpkg> Interfaces marked "auto" are
waited for by things that wait for the network to be up (like
systemd's network-online.target). "allow-hotplug"
means the interface is removable or not always needed, so
network-online won't wait for it.
808[16:00:15] <ratrace> Frowney: no, no sudo in .xsessionrc. you
can do remounts in other ways, but you need to specify what exactly
you want, if you want assistance with that
809[16:00:18] <Frowney> so i needed auto option not _netdev!
810[16:00:31] <greycat> ... god DAMN it
811[16:00:55] <greycat> dpkg, auto =~
s#"auto"#"auto" in /etc/network/interfaces#
815[16:01:00] <ratrace> what auto what netdev? now *I* 've
lost context :)
816[16:01:07] <greycat> !auto
817[16:01:07] <dpkg> Interfaces marked "auto" in
/etc/network/interfaces are waited for by things that wait for the
network to be up (like systemd's network-online.target).
"allow-hotplug" means the interface is removable or not
always needed, so network-online won't wait for it.
821[16:02:01] <ratrace> oh there was an interjected question....
I missed it
822[16:02:01] <Frowney> ratrace my bad :) in etc/fstab you can
put the option _netdev, to signal that this is a network device that
needs a network connection to be established
824[16:02:39] <Frowney> i misunderstood auto to be anoter
possible option in etc/fstab but i know now that it is in
/etc/network/interfaces
825[16:02:40] <greycat> and "wait for a network
connection" means "wait for each interfaces designated as
'auto' to be brought up"
826[16:02:43] <ratrace> Frowney: yes I know that, but I
don't know what exactly you want to achieve; you mentioned sudo
mount for xsessionrc, and that's most definitely wrong thing to
do
832[16:04:22] <greycat> which is stupidly debian's default
833[16:04:46] <Frowney> I am just greatful people even put in
all this effort to creat something as beautiful
834[16:05:41] <Frowney> greycat to let fstab do that the _netdev
is the wrong option, but instead i need to use auto in interfaces,
correct?
835[16:05:46] <ratrace> Frowney: so you need what greycat said.
auto in interfaces(5) and _netdev in fstab. netdev, btw, creates an
implicity dependency on remote-fs.target which, I think, is
implicitly dependent on network-online.target
836[16:06:00] <ratrace> *implicit
837[16:06:41] <ratrace> Frowney: you need both. auto to get the
interface up on boot, and _netdev to designate the boot dependency
838[16:06:55] <ratrace> (dependency of the mountpoint on
network)
839[16:07:17] *** Quits: endstille (~endstille@replaced-ip) (Quit: I'll be back.)
843[16:08:00] <Frowney> this option in interfaces(5)
<greycat> dpkg, auto =~ s#"auto"#"auto" in
/etc/network/interfaces# got it
844[16:08:01] <greycat> Debian sets up all interfaces (ethernet
and wireless) as "allow-hotplug" by default, which breaks
any kind of traditional server or workstation setup where you mount
stuff at boot time after the (ethernet) network is up.
845[16:08:58] <greycat> On the server end, it breaks mountd
because DNS isn't up at the time mountd slurps up all the
hostnames in /etc/exports and tries to resolve them.
846[16:09:44] <gpunk> Please do not put system commands in
.xintitrc .bashrc ... etc that is not a good practive, FYI, if you
are using NetworkManager, there is a service called
NetwManagerWaitOnline thingy, you can use it by playing with the
orders/dependencies, that is the linux/unix way
847[16:10:07] <ratrace> Frowney: wait, that was an instruction
for the bot to replace in factoid.... you need just "auto
eth0" instead of "allow-hotplug eth0" , without
quotes, on one line, assuming your interfaces is eth0, and if not,
replace with what it actually is
848[16:10:11] *** Quits: JohnML (~john1@replaced-ip) (Remote host closed the connection)
896[16:39:58] <Frowney> neither the xmodmap in .xsessionrc nor
the addition of auto eth0 in my intefaces worked, I think I should
study X window system and Networkmanager instead of retrieing. thank
you again for your help earlier
898[16:41:01] <ratrace> Frowney: addition? not replacement?
899[16:41:33] <ratrace> Frowney: and is your interface _really_
named eth0 ?
900[16:41:36] <Frowney> the file was empty, naming the
interfaces.d folder as source(which i checked is empty)
901[16:41:48] <greycat> a) is this *real* Debian, or something
else? b) is eth0 actually your interface name? c) are you running
GNOME or some other desktop environment that might undo your xmodmap
changes?
902[16:41:54] <Frowney> ratrace i got the name off of ifconfig
903[16:42:04] <greycat> what file was empty??
904[16:42:08] <ratrace> Frowney: is this devuan really?
905[16:42:22] <Frowney> interfaces(5)
906[16:42:43] <Frowney> yes i am running gnome
907[16:42:44] <greycat> if /etc/network/interfaces was empty
then you are not using interfaces(5) which means you are using
SOMETHING ELSE to configure your network
913[16:43:45] <greycat> To fix *what*!? I don't know what
your goals are. I do know that GNOME loves to take full control of
everything and will not let you (for example) set up your own mixed
locale variables.
914[16:43:58] <Fox> Frowney: answer greycat's first
question: are you running real/stock debian ?
915[16:44:14] <greycat> I wouldn't be shocked to learn that
it also undoes all keyboard/mouse changes made by xmodmap, but I
don't *know* for sure whether it does.
916[16:44:47] <ratrace> the choice of DE is irrelevant. The
question is only where do you configure your network. Typical
configuration with something like gnome is to have interfaces(5)
manage your ethernet via dhcp, and NM then does wireless and maybe
other transient, dynamic interfaces
917[16:44:50] <jelly> I'm not sure xmodmap has effect if
they're accidentally on wayland, and if it does, it might be
per-app
918[16:45:04] <ratrace> oh good catch, jells
919[16:45:20] <jelly> it's not a catch, it's a WAG
920[16:45:24] <ratrace> heh
921[16:45:30] <greycat> ratrace: there are multiple questions
being asked simultaneously and they don't have anything in
common. The xmodmap changes apparently have something to do with
desired customizations of the X environment, but who the hell knwows
whether they're even running X. It could be Wayland.
922[16:45:36] <jelly> based on how my Ubuntu laptop behaves
923[16:45:54] <ratrace> jelly: good nonetheless, it takes
getting used to that gnome session is wayland by default if the gpu
drivers permit it
924[16:45:55] <jelly> (each X app has its own keymap)
925[16:46:04] <gpunk> Frowney: I already tald, do not mix USER
scripts and especially NOT Xorg with mounting FSs, NM manager Wait
Online IS made exactly for that: WAIT for the network to be UP to DO
things
926[16:46:09] <ratrace> greycat: indeed
927[16:48:45] <greycat> I'm not sure how one would even go
about getting an empty /etc/network/interfaces on a Debian
installation. Even if you use N-M, isn't loopback (lo)
configured in /e/n/i?
928[16:48:45] <ratrace> afaik it is
929[16:48:45] <jelly> IIRC ifupdown sets up lo even without it
(or systemd does, don't remenber)
931[16:48:49] *** Quits: Frowney (~user@replaced-ip) (Remote host closed the connection)
932[16:48:51] <ratrace> actually looking at mine (I use
networkd), it's not empty, there's no lo. but ther IS a
comment and source of /etc/network/interfaces.d/*
940[16:51:05] <ratrace> and huh.... one buster installation has
"source /etc/network/interfaces.d/*", that's using
the installer. and debootstrap'd servers have
"source-directory /etc/network/interfaces.d"
943[16:51:46] <jelly> perhaps you had a new debootstrap
944[16:52:31] * jelly never heard of source-directory
945[16:52:50] <Frowney> I think I will do myself a better
service if i just learn about networkmanager and gnome and how to
uninstall xwayland and install real x
946[16:53:01] <Frowney> i am sorry for the grief, pls excuse me
947[16:53:06] *** Quits: Frowney (~user@replaced-ip) (Remote host closed the connection)
948[16:53:36] <ratrace> now there's a wrong premise to
ragequit on.
998[17:42:37] <unixbsd> Can I run MS-Team to make phone calls,
using DEBIAN Stable running on the PS4 (playstation) ?
999[17:43:34] <greycat> That is a huge twisted mass of
mini-questions.
1000[17:44:30] <azeem> also probably best addressed to Microsoft
and Sony
1001[17:44:36] <greycat> I count at least three: (1) can Debian
stable be installed on the playstation 4 (2) can MS-Team run on
Debian on the Playstation 4's architecture, whatever that is
(3) can MS-Team make phone calls
1002[17:44:41] <sney> google says it's amd64, so as long as
MS has a compatible binary it should be like running it on any other
modern-ish pc
1003[17:44:49] <azeem> yes to (3)
1004[17:45:03] <azeem> well, Voip-like calls
1005[17:45:23] <azeem> and yes, there's ms teams .debs for
amd64
1006[17:45:44] <ratrace> sounds like fake question
1007[17:45:55] <unixbsd> i am serious, i am unix master
1008[17:46:05] <ratrace> anyone knowing how to install linux on
ps4 would know the answer to this one.
1009[17:46:23] <sney> sounds like you didn't take a minute
to test it, so either you're still hardware shopping, or?
1010[17:47:02] <ratrace> unixbsd: then you already know the
answer, "master".
1011[17:47:52] <unixbsd> ratrace: do believe me? check that unix
master ;)
replaced-url
1012[17:48:21] <ratrace> so you're not even running debian?
=)
1017[17:52:16] <n4dir> "do you run debian" "even
slackware". The most odd answer i read in a few minutes
1018[17:52:36] <azeem> unixbsd: anyway, the answer is: if you get
debian stable to run on your playstation 4 and sound/mic is working,
then ms teams should probably work as well
1043[18:14:52] <shtrb> not doing outbound calls, also working on
refular amd64.
1044[18:14:53] <shtrb> ratrace, still better then snap
1045[18:15:13] <ratrace> possibru.
1046[18:15:59] <shtrb> it would had been much better , that all
that "packagers" would do wnpp and pack normal and nice
debs
1047[18:16:28] <ratrace> but upstreams are making that very
difficult. look at Chromium.
1048[18:16:53] <ratrace> so, containerized applications makes
sense. just not snap. that's horrible, horrible, garbage tech.
1049[18:17:00] <shtrb> I would have even donated a 10 euro for
them to pack that (and I sure as hell other would have chimmed in to
make the effort better)
1050[18:17:00] <jhutchins> Cross-platform package management just
doesn't work on so many levels. It's not that hard to run
multiple packagers.
1051[18:17:11] <ratrace> and I'm not sold on fatpacks
either. methinks appimage has the most advantage.
1052[18:17:17] <shtrb> chromium is not a good example
1053[18:17:28] *** Quits: chele (~chele@replaced-ip) (Remote host closed the connection)
1064[18:19:40] <jelly> doesn't really matter, it's an
Electron app
1065[18:19:52] <shtrb> jelly,I want to see that in *DEBIAN* repos
not on a external repo , with , who know what rules and flows
1066[18:20:05] <jelly> shtrb: I want a pony.
1067[18:20:13] <ratrace> you already have one!
1068[18:20:15] <jhutchins> The problem is with libraries and
support programs not having cross-version compatibility, and with
apps requiring a specific version of a library. This goes against
the modular shared-library nature of Linux.
1072[18:20:55] <jhutchins> jelly: I can arrange for that to
happen. There's one up for sale at this month's auction in
KS.
1073[18:21:17] <shtrb> #debian is teaming up to get jelly a pony
1074[18:21:30] <ratrace> not THAT pony!
1075[18:22:04] <shtrb> I can help in delivering (know how to
operate farm machinery )
1076[18:23:19] <jelly> shtrb: at some point you either trust the
vendor, or don't use their product. MS have sane repos set up
with valid crypto signage.
1077[18:23:49] <ratrace> but the software in those repos, on the
other hand...
1078[18:23:52] <jelly> having it packaged in Debian doesn't
improve a whole lot in security
1080[18:24:05] <jhutchins> Two of the most expensive words in
English when used together: "Free horse".
1081[18:24:40] <shtrb> trust is not a boolean question, having a
package inside debian mean the package behaves properly with debian
and not just with the packager machine
1245[20:24:42] <roycroft> this time, installing debian 10.6,
dmesg sees the elo accutouch device, but the x.org config thinks
it's a wacom touch screen
1246[20:25:30] <roycroft> i was able to calibrate it wiht
xinput-calibrator, although the calibrator spit out a few errors at
first, but it's not working correctly
1247[20:25:38] <roycroft> likely do thinking it's a wacom,
not elo
1272[20:35:07] <roycroft> the thing is, i'm much more
experienced with bsd than linux, although i've been running
linux on the server farm at work for several years now
1273[20:35:38] <roycroft> but i don't have to deal with
custom kernels/drivers on the work machines
1276[20:35:44] *** disillusion is now known as RussianInterfere
1277[20:35:53] <roycroft> so i installed that
xserver-xorg-input-mutouch package
1278[20:36:00] <roycroft> in case it might help
1279[20:36:17] <roycroft> but i don't see it when listing
available drivers with modprobe
1280[20:36:18] *** RussianInterfere is now known as disillusion
1281[20:36:24] <ksk> Maybe someone else knows something and can
help you out. Its about 7pm in Europe right now, I know that there
is much more traffic in here the ten hours before.
1287[20:37:09] <roycroft> but i'm usually in the office by
6am local time, so i'll try early tomorrow if i don't have
it sorted out by then
1288[20:37:17] <ksk> roycroft: soo, it is usb? what does lsusb
identify it as? IF you then google that, in regards to which
driver/firmware/kernel-module/foo is needed, what is the picture?
1295[20:38:37] <ksk> I google a russian FTP offering "Linux
Driver" :D
1296[20:38:56] <roycroft> i'll respectfully pass on that,
thank you very much :)
1297[20:39:28] <ksk> okay I see, was just making sure we are on
the same page here.
1298[20:39:45] <roycroft> while this machine will not be on the
internet post-install, it will be controlling a large machine that
is potentially rather dangerous
1301[20:41:25] <roycroft> the touchscreen worked fine with debian
8.x
1302[20:41:57] <greycat> if you still have that debian 8 system,
or logs from it, check them and see what was being used, driver-wise
1303[20:42:13] <RoyK> (or just use debian :þ)
1304[20:42:27] <roycroft> and without meaning to offend anyone
here, i never saw what the point is in the existence of ubuntu,
other than to take debian and assign it completely different release
version numbers and code names
1341[20:46:53] <roycroft> 1. that would be a 2-stage upgrade, and
i have no idea if the debian 8 release i was running was close to
the final one
1342[20:46:56] <jelly> roycroft: is it possible the wacom driver
has subsumed the elo driver, and it's _supposed_ to be working?
1343[20:47:15] <roycroft> my experience has been that some of the
package repositories disappear over time, so those upgrades of old
systems can be challenging
1354[20:48:44] <roycroft> so to put things in perspective
1355[20:48:47] <roycroft> i'm not down right now
1356[20:49:08] <roycroft> i was not running the cnc controller
with 8.x, decided to upgrade, and am now in a panic because i need
it back
1357[20:49:19] <roycroft> this machine has never been in
production
1358[20:49:25] <roycroft> it was a test build back then
1359[20:49:34] <ksk> roycroft: Mhhm? I read that as "install
this drivers from our download area on your linux".
1360[20:49:54] <roycroft> and i'm now finishing up the
hardware mods to the machine (the one being controlled), and am
ready to finish the conversion from manual to cnc
1361[20:50:08] <roycroft> oh?
1362[20:51:03] <roycroft> sorry, i didn't go to that link
when you posted it
1363[20:51:14] *** Quits: tommaso (~tommaso@replaced-ip) (Remote host closed the connection)
1364[20:51:14] *** Quits: CombatVet (~c4@replaced-ip) (Remote host closed the connection)
1365[20:51:24] <roycroft> i had dealt with elo before and they
told me explicitly that they do not support linux and are not
interested in even hearing about linux
1367[20:51:32] <roycroft> it appears they've had a change of
heart on that
1368[20:51:49] <roycroft> or that the person i was dealing with
got through their bad hair day
1369[20:52:06] <jelly> ksk: vendor-provided drivers are usually
a) horrible b) horribly old, then someone sane puts lots and lots of
patches on them and updates them for a recent kernel
1400[20:55:31] <dpkg> debsums is a utility that will check a
package's files against their checksums. The "-a"
argument will instruct it to also check configuration files:
"apt install debsums; debsums -a -s". Almost all packages
come with md5sums included in the package or apt will have generated
them for you; generate missing ones with "apt-get install
--reinstall `debsums -l`". Ask me about <md5sums>.
1409[20:58:46] <bioFart007> hello everyone, had a locale
question. "locale: Cannot set LC_ALL to default locale: No such
file or directory" is the message i get when trying to install
or update anything on machine
1410[20:59:18] <greycat> !locales
1411[20:59:18] <dpkg> Use 'dpkg-reconfigure locales' to
get it up and running. This generates <locale> definitions and
also edits /etc/default/locale which sets the $LANG environment
variable at login time. Use "LANG=C command" to change the
output language for a one off command, ask me about <localised
errors>. See also <mac locales>.
replaced-url
1414[20:59:47] *** Quits: electro33 (uid613@replaced-ip) (Quit: Connection closed for inactivity)
1415[21:00:16] *** Quits: Vizva (~Vizva@replaced-ip) (Remote host closed the connection)
1416[21:00:20] <RoyK> greycat: shouldn't that also list
installing the locales-all package in case you're in a hurry
and can afford to waste a wee bit of diskspace?
1417[21:00:30] <bioFart007> i reconfigured and generated locales
1418[21:00:31] <jelly> bioFart007: what does "locale"
command say in the same shell that you try to install stuff in?
1430[21:03:11] <jelly> ^ will tell you which locales are
available
1431[21:03:13] <bioFart007> i can't its on another computer
1432[21:03:27] <jelly> !pastebinit
1433[21:03:27] <dpkg> A command-line tool to send data to a
<pastebin>. To paste e.g. your sources.list do "apt-get
install pastebinit; pastebinit /etc/apt/sources.list"; to paste
the output of a program do e.g. "dmesg 2>&1 |
pastebinit". For a list of pastebin sites do "pastebinit
-l". See also <pastebinit config>, <nopaste>.
1434[21:03:28] <greycat> that computer is not connected to the
internet?
1441[21:04:58] <bioFart007> its connected to the internet
1442[21:05:10] <bioFart007> but i can't install anything on
it because of this locale issue
1443[21:05:14] <greycat> then you can use termbin.com and so on
1444[21:05:23] <jelly> bioFart007: do you maybe have curl
installed?
1445[21:06:29] <jelly> bioFart007: how do you become root? Do you
use sudo with your installation attempts, or do you first open a
separate root shell somehow?
1447[21:06:43] <bioFart007> its redribbon if that means anything
to anyone
1448[21:06:57] <jelly> dpkg: redribbon
1449[21:06:57] <dpkg> jelly: I wish you would RTFM.
1450[21:07:04] <jelly> sorry
1451[21:07:34] <greycat> google seems to say it's a Linux
distribution
1452[21:07:41] <greycat> Introduction. Red Ribbon GNU/Linux for
PS3 is a new PPC64 GNU/Linux distribution with support for Cell/BE,
designed for Sony PS3. It is based on Debian GNU/Linux,
1453[21:07:47] <greycat> so, we probably can't help you
1454[21:07:50] <jelly> bioFart007: does "env LC_ALL=C
apt-get install curl" work
1463[21:10:56] <ksk> bioFart007: It is totally offtopic in here,
but it seems to me that there only was this 2011 release of
"Red Ribbon GNU/LINUX", and there are no repositories or
so available (anymore?).
1464[21:11:08] <greycat> (they left)
1465[21:11:09] <jelly> a PS3 is like what, $50 on ebay?
1522[22:03:48] <eyJhb> If I want to run kernel 5.7 on Debian 9.5
(stretch), but apt-update, apt-cache search only shows 5.9, how
would I go about doing that?
1527[22:04:18] <sney> I don't think there ever was a 5.7 for
stretch, though. just buster-backports and up
1528[22:04:38] <sney> still, kernels are pretty self-contained,
so a snapshot 5.7 could work anyway
1529[22:05:48] <eyJhb> Hmm, weird. These servers are kinda weird
in general
1530[22:06:00] <eyJhb> Praying for a reinstall, but given a
little to survive for now
1531[22:06:06] <ratrace> what's so specific about that
version?
1532[22:06:48] <eyJhb> Have two servers, the other has that
version and works. Basically I do not want 5.9, as that requires
virtualbox 6.x, and the software is not tested with that
1543[22:09:56] <eyJhb> I might be blind, but I cannot find it
sney
replaced-url
1544[22:10:02] <eyJhb> Just did a curl to make sure...
1545[22:10:08] <eyJhb> Oh...
1546[22:10:10] <eyJhb> Sorry
1547[22:10:47] <sney> yes, binary
1548[22:11:01] <uniqdom> I'm running a simple python script
using systemd. The program starts correctly, but I'm unable to
stop it using 'sudo systemctl stop app.service'. what
could be the problem? The .service is this one:
replaced-url
1550[22:12:04] <ratrace> uniqdom: why are you unable? what does
it say when you try?
1551[22:12:07] *** Quits: Jerrynicki (~niklas@replaced-ip) (Remote host closed the connection)
1552[22:12:46] <uniqdom> the service seems to be stopped as
I'm seeing it in journalctl. But I still see the python script
running using ps aux
1553[22:13:07] <ratrace> uniqdom: is the app forking?
1554[22:13:19] <uniqdom> it has some threads
1555[22:13:21] <sney> uniqdom: there should be a field where you
can set the dir to run from. I suspect that chain of commands in
ExecStart is causing systemd to pick up the wron pid for the service
1556[22:13:21] <ratrace> and why do you set KillMode like that?
why not leave the default
1557[22:13:46] <ratrace> sney: Type=simple, doesn't care
about pidfile
1558[22:14:03] <uniqdom> oh sorry about that KillMode, I was
trying to kill it somehow
1559[22:14:07] <uniqdom> i will remove KillMode
1560[22:14:29] <uniqdom> ratrace: should I change the Type?
1586[22:24:16] <ratrace> that's the one then. sney way on
the money, I misread what they wrote, thought they meant pidfile....
usually meaningful for type=forking
1595[22:28:39] <greycat> The main point is that you are *not*
writing a shell script to do all the setup. This isn't sysv-rc.
You need to use systemd's internal features for all the setup
(env vars, working directory, UID, GID, resource limits, ...) and
then directly execute the ONE command that you need.
1597[22:29:13] <greycat> Sure, there are ways to work around that
or fudge things, but try to do it right the first time. It'll
save you a lot of headache.
1598[22:30:52] <karlpinc> I'm running xfce4-terminal.
Sometimes when I ssh to a remote system which requires a password, I
can't login. But I always seem to be able to when I stat a new
terminal window. I'm always pasteing the password with the
middle mouse button. Is there something that a terminal window might
do to mess up middle-mouse-paste of a password?
1599[22:31:02] <karlpinc> s/stat/start/
1600[22:31:27] <greycat> did you try pasting directly at a shell
prompt to see what's actually in the buffer?
1601[22:31:40] <karlpinc> Yes. it always seems to come out
right....
1602[22:31:53] <roycroft> i don't know why that's
happening to you, karlpinc
1603[22:32:01] <roycroft> but i would recommend not using
passwords with ssh
1604[22:32:01] <karlpinc> I can be able to login in one window
and not the one right next to it.
1605[22:32:04] <roycroft> use key exchange instead
1606[22:32:16] <roycroft> ssh-copy-id
1607[22:32:22] <karlpinc> roycroft: I am using key pairs.
Sometimes a password as well.
1608[22:33:08] *** Quits: platvoeten (~platvoete@replaced-ip) (Remote host closed the connection)
1609[22:33:39] <ratrace> karlpinc: first of all, if you're
allowing passwords, then your keys have ZERO security advantage
1610[22:34:10] <ratrace> second, please define "can't
login" .. what error message exactly do you see?
1611[22:34:14] <karlpinc> I'm pretty much flailing around
trying to figure this out. I've also thought that maybe some
firewall hates me, and there's some sort of local-side port
that's being re-used or something.
1622[22:35:33] <BCMM> ratrace: i am trying to make you realise
that what you said has nothing to do with what karlpinc said
1623[22:35:42] <karlpinc> Lets move on.
1624[22:36:01] <ratrace> I beg to differ: "22:32 <
karlpinc> roycroft: I am using key pairs. Sometimes a password as
well."
1625[22:36:34] <karlpinc> As well as a key.... Anyway....
1626[22:36:39] <ratrace> also "I see password failure in the
logs."
1627[22:37:12] <greycat> I'm guessing however you set up
this gnetto two-factor authentication scheme might have some bugs in
it.
1628[22:37:27] <ratrace> anyway, if you're using passwords
and sometimes they fail until you start a new terminal? I'd
look at locale or keymap settings
1629[22:37:31] <karlpinc> ratrace: Yes. I'm worried about
something messing with my paste. Somehow. I can't figure out
why the same password works sometimes and not others. Maybe
it's the remote end. But maybe not.
1630[22:37:53] <greycat> You can rule out the paste issue by
typing the damned thing.
1631[22:38:08] <greycat> If you can't type it, then
it's not a password. It's a freaking second key.
1632[22:38:23] <karlpinc> greycat: Possibly. The ssh part is
simple: AuthenticationMethods publickey,password
1633[22:38:45] <karlpinc> greycat: Good point. I'll try.
1634[22:39:02] <ratrace> eh pasting passwords
1635[22:39:24] <karlpinc> (That's why I use irc, to discover
the obvious.)
1637[22:40:00] <karlpinc> ratrace: Yeah. But I just don't
want to type 20 or 30 random characters.
1638[22:40:13] <ratrace> why not use just keys then....
1639[22:40:29] <karlpinc> ratrace: Because I want to require
_both_ keys _and_ a password.
1640[22:40:50] <karlpinc> (key first)
1641[22:41:10] <ratrace> karlpinc: but this defeats the
purpose.... ALSO, as I said, having BOTH keys and passwords (and
I'm assuming you're NOT talking about privkey passphrase)
does not increase security one bit
1642[22:41:32] <ratrace> or if you ARE talking about privkey
passphrase, then use the ssh-agent and unlock it ONCE on login to
your local user session
1645[22:42:28] <karlpinc> ratrace: Sure it does. You need a key,
and a password. Nobody memorizes their key. So you need a device,
and a password. 2 things are more secure than 1 thing.
1646[22:43:33] <ratrace> apparently you're not memorizing
your password either. and I'm really failing to understand what
exactly you're doing there. some kind of 2fa?
1647[22:43:47] <karlpinc> Yup. 2fa.
1648[22:43:49] <greycat> I called it ghetto two-factor
authentication and I think I'm on the mark here.
1649[22:43:51] <ratrace> or are you REALLY talking about privkey
passphrase and not PasswordAuthentication=yes
1650[22:43:56] <karlpinc> Right. I need 3 things.
1651[22:44:21] <ratrace> sounds overly convoluted for zero actual
gain
1652[22:44:21] <karlpinc> ratrace: I am not talking about putting
a password on a private key.
1653[22:44:46] <greycat> A password that you can remember or type
is just a slightly longer key.
1654[22:44:49] <greycat> can't*
1655[22:44:55] <karlpinc> ratrace: Yes. If I were to memorize my
passwords. But I only remember the most used.
1656[22:45:28] <ratrace> if you have a 2048 bit key, and a 20
char password (160bits) ... it's weaker than havign a single,
say, 4096key key
1658[22:45:39] <karlpinc> greycat: Sorta. That's a matter of
how I manage my passwords, which I'm not really interested in
discussing.
1659[22:45:40] <ratrace> * 4096 bit
1660[22:45:53] <karlpinc> ratrace: Sure, if the only threat model
is a brute force attack.
1661[22:46:19] <ratrace> and what other threat model is there
then?
1662[22:46:44] <greycat> also, 20 typable characters is less than
160 bits
1663[22:46:46] <karlpinc> ratrace: If, on the other hand, the
threat model is you lose your laptop which does not have an
encrypted drive and there are no passwords on the private keys then
the attacker has little work to do.
1664[22:47:01] <ratrace> that's solved with privkey
passphrases. so put passphrases on the privkeys, duh.
1665[22:47:18] <ratrace> I'm with greycat on this one.
ghetto 2fa that actualyl does NOTHING
1666[22:47:45] <greycat> apparently it succeeds in keeping him
out at random
1667[22:48:10] <ratrace> I mean I'm literally having a
jackie_chan_meme.jpg moment here. you're not putting
passphrases on privkeys and then you're convoluting something
somethign fake 2fa to protect AGAINST very use case where privkey
passphrases ARE useful?!
1668[22:48:14] <roycroft> i acl access to ssh, so random people
from random place can't even try to connect
1669[22:48:25] <roycroft> and i encrypt anything senstive on
portable devices
1670[22:48:27] <ratrace> WHAT
1671[22:48:33] <roycroft> if you have a laptop you should encrypt
your home directory
1672[22:49:18] <roycroft> when i need to access a network i
manage and i'm some random, remote place, i vpn in, which
avoids the acls
1673[22:49:30] <ratrace> and even if you don't..... just use
a privkey passphrase, it's LITERALLY doing the same thing
you're faking with that ghetto 2fa, BUT actually makes it work
1674[22:50:03] <roycroft> linuxcnc
1675[22:50:54] <karlpinc> ratrace: Wrong. Because the number of
bits of randomness is not the issue. The issue is: how hard is it to
get the secrets?
1676[22:50:58] <ratrace> greycat: you're right, 20 typeable
chars is less than 160 bits, as it's 7x20, not 8x
1677[22:51:16] <greycat> not even 7 either...
1678[22:51:19] <ratrace> karlpinc: extremely hard with a 10-ish
char privkey passphrase
1679[22:51:23] <greycat> somewhere between 6 and 7
1680[22:51:28] <ratrace> NSA can't really crack it hard.
1681[22:51:48] <ratrace> it's so hard, nobody would actually
bother, they'd just tie you up and hit you with a $5 wrench
until you give up your passprhase.
1684[22:52:22] <ratrace> but you're not using privkey
passphrase, so I don't see your point at all
1685[22:52:47] <karlpinc> How is an attacker going to get my
passwords? How are they going to get my keys? They are kept
separate. So one method won't work to get both.
1686[22:52:56] <ratrace> I'm talking how hard it is to get
the secrets when you put a passphrase on your ssh privkey
1687[22:53:10] <ratrace> karlpinc: again, they'll tie you up
and hit you with a $5 wrench until you tell them both
1688[22:53:28] <ratrace> and I'm literally not joking. that
method is faster than trying to bruteforce your privkey passphrase
1690[22:53:30] <roycroft> i would give up the secret before the
first blow on the head
1691[22:53:31] <karlpinc> I'm talking about whether it
matters to have 2 separate secrets, accessed different ways.
1692[22:53:40] <roycroft> nothing's worth getting beat up
over
1693[22:53:41] <karlpinc> But actually, I'm not interested
in talking about it.
1694[22:53:41] *** Quits: CyberManifest (~CyberMani@replaced-ip) (Remote host closed the connection)
1695[22:54:20] <ratrace> karlpinc: apparently you are, you came
here for help on your convoluted, you-broke-it-yourself, fake 2fa
method. we're telling you, you can achieve the same level of
security with a nice, typeable, no-need-to-paste privkey passprhase.
1696[22:54:34] <karlpinc> I interested in figuring out how to
reproduce the problem so I can type in the password and see if the
problem is related to middle mouse paste.
1697[22:54:38] <roycroft> karlpinc: i think folks here think
you're silly and your mother smells like elderberries
1698[22:55:29] <greycat> "roy" croft sounds french, so
beware, or he will taunt you a second time
1699[22:55:37] <karlpinc> ratrace: A private key passphrase is
not enforceable. I can't make people put passwords on their
private keys. I can make them type in a separate password when they
use their key.
1700[22:55:41] <roycroft> i'm new to this channel, though,
so i'm not going to swear to that
1703[22:56:10] <noisemaker> Trying to install debian I get
"Failed to install the base system \ The base system
installation into /target/ failde. \ Check /var/log/syslog or see
virtual console 4 for the details" How can I debug this really
?
1704[22:56:10] <ratrace> karlpinc: you also can't make them
NOT write your convoluted 20 char passphrase, on a post-it note on
their computer screen
1705[22:56:22] <ratrace> do yo see my point now? convoluted for
zero actual security gain.
1711[22:57:18] <karlpinc> roycroft: As it happens, yes. What that
matters I don't know.
1712[22:57:20] <ratrace> the stronger you make your security by
making people do some work, the WEAKER you make it as those people
seek ways to reduce the work and, in the process, reduce security.
this is security psychology 101, taught at 1st year NSA
indoctrination course.
1713[22:57:24] <eyJhb> What is the difference between
linux-image-5.9.0-1-cloud-amd64 and linux-image-5.9.0-1-amd64 ? I
got it on kernel 5.7 now, but I want to install wireguard witout
changing the kernel again.
1715[22:57:27] <roycroft> if that is the case it is absolutely
guaranteed that they will write their convoluted password on a
post-it note and attach it to the screen
1716[22:57:31] <roycroft> or ot their keyboard
1717[22:57:53] <ratrace> eyJhb: the former is supposedly
optimized to run as a kvm guest
1718[22:57:54] <karlpinc> Except that I don't make them have
long random password. Just something reasonably good.
1719[22:57:59] <roycroft> have you never interacted with end
users before?
1720[22:58:23] <roycroft> "reasonably good" is their
streetname followed by the year their daughter was born, to most
users
1721[22:58:35] <karlpinc> roycroft: Sure.
1722[22:58:40] <ratrace> karlpinc: as a sysadmin of 20+ years,
I'm guaranteeing you, people will write your passphrases
around.
1723[22:58:52] <eyJhb> ratrace: So I am guessing, if I accept
that, then it will install kernel-5.9, and then it will update grub
and use that kernel instead?
1724[22:58:53] <karlpinc> roycroft: Hence, the requirement of a
key pair.
1725[22:59:04] <ratrace> if you're really concerned about
user users going rogue or getting compromised, with an SSH access,
you secure other layers
1726[22:59:22] <roycroft> the person who reads the sticky note on
the screen will have access to the key
1727[22:59:36] <roycroft> because they'll be sitting in
front of the computer
1728[22:59:40] <ratrace> noisemaker: you can ctrl-alt-F4 to get
to tty4 and see what it says
1730[23:00:13] <ratrace> eyJhb: wait, I lost the context of what
you're asking. if you accept _what_?
1731[23:00:50] <eyJhb> ratrace: Ohh sorry, if I install wireguard
and it wants to install the linux-image-5.9.0-1-cloud-amd64, then it
will update grub and I will be on that kernel, right?
1732[23:01:00] <eyJhb> If I agree to do so
1733[23:01:08] <ratrace> roycroft: in the company I work for, my
business partner, ie. a top echelon personnel, used password
"onlyiknowit1"
1734[23:01:17] <noisemaker> ratrace: that keys combination
doesn't work
1741[23:02:43] <karlpinc> ratrace: So there's no point in
putting a password on a private key then?
1742[23:02:51] <ratrace> so if I were so concerned, I'd go
the other wa around and distribute PRIVATE keys too, that you
yourself generated, and protected with a reasonable passphrase that
people will still write on post-int notes
1744[23:03:53] <ratrace> karlpinc: it's generally better to
protect key with passphrases
1745[23:04:36] <karlpinc> ratrace: Yes. And it's generally
better to require something you have and something you know. What
works best in actual practice depends on the circumstances.
1748[23:04:46] <ratrace> noisemaker: did you try to restart the
installation procedure? could be transient issue, could be hardware
issue
1749[23:05:02] <ratrace> karlpinc: that's done with _actual_
2FA then
1750[23:05:17] <ratrace> OpenSSH can do proper 2fa
1751[23:05:49] <karlpinc> ratrace: Find me a definition of 2fa
that excludes having a plain-old password as one factor.
1752[23:06:04] <ratrace> how about a second device
1753[23:06:34] <karlpinc> ratrace: My passwords are on a second
device. I have to plug it in to get them.
1754[23:06:42] <noisemaker> ratrace: Let me restart.Should be
from the scratch?
1755[23:06:47] <greycat> Traditional 2FA is "one thing you
have, one thing you know", and a memorized-and-typed password
qualifies. This "random 20 to 30 character string"
doesn't qualify.
1758[23:07:30] <ratrace> noisemaker: you're using the
installer ISO, right? did you verify the checksum after download?
1759[23:08:03] <karlpinc> greycat: I just don't seeing you
convincing me that there's difference in security between a
password that's easily memorized and one that isn't.
1760[23:08:12] <ratrace> karlpinc: I thought you said this was a
policy for other users; do they also have the passwords on a second
device?
1761[23:08:31] <greycat> oh god, I missed more stupidity while I
was off washing dishes...
1762[23:08:43] <ratrace> here's the thing with 2FA. the
second factor protects the first, nothing else
1763[23:08:45] <noisemaker> ratrace: I did check it from all 3
hash's. debian-10.6.0-amd64-xfce-CD-1.iso
1764[23:08:49] <karlpinc> ratrace: I don't know what they
do. I suspect they memorize their passwords, and have a device
holding their key pair.
1765[23:09:06] <greycat> then you should be doing that too
1766[23:09:15] <greycat> sounds like your users are better at
this than you are
1768[23:10:04] <ratrace> karlpinc: so if you enforced a proper
2FA with, say, yubikeys, you'd know 100% what the factors
involved were
1769[23:10:25] <karlpinc> greycat: I have a different password
for every password I've ever created. There's no way
I'm going to memiorise them all.
1770[23:10:31] <ratrace> you'd know that there's
literally two devices needed to log in. their laptops (for example)
with the ssh privkey, and their yubikey as the second physical
device
1771[23:11:12] <karlpinc> ratrace: That's not the security
system I'm paid to maintain.
1775[23:14:16] <karlpinc> I'm not saying it's the most
secure system possible. But it is more secure than just keys. Which
is where we started the conversation.