6[00:05:52] <jhutchins> roycroft: Yes, cats can interact with
touchscreens. In fact there are interactive walpapers and games
specifically meant to entertain cats.
7[00:06:16] <jhutchins> roycroft: you need a moderately large
screen. 8" is a bit small, 10"+ works better.
15[00:08:22] <jhutchins> roycroft: If your touchscreen is less
than five and preferably less than three years old it should be
fully supported in Linux.
18[00:09:20] <jhutchins> roycroft: At one point my job
consisted of tracking down drivers for discontinued touchscreens and
trying to get them to build on whatever flavor of Linux we were
running that month (mostly Centos).
19[00:13:28] <tizef> Hi guys! Anyone who flashed his Bios with
FreeDOS usb live from Debian?
28[00:23:30] <tizef> Yes my bios really bug, so I want to
update it... From forum others complain about this bios version is
actually 1.11 now have 1.16
66[00:41:08] <petn-randall> auk: `dpkg --configure --pending`
should fix any remaining errors, and `apt-get install -f`. As long
as there's disk space again.
67[00:42:08] <auk> petn-randall, thank you, gonna try that
180[01:37:44] <Abdullah> lol they just open windows for fresh
air to come and enjoy air only while things are being done by some
creepy hacker who installed some malware
185[01:39:01] <roycroft> but windows is so bloody hard to use,
and even harder to admin
186[01:39:12] <Abdullah> Here in my country no one purchases
windows. people buy a CD in 0.19 USD and install cracked version
187[01:39:26] <scrul00se> Abdullah: How about safely passing a
password or unlocked ssh key from a regular user to root? Do you
know if that's a doable thing?
188[01:39:48] <Abdullah> I never installed windows in my
computers. linux was my first OS fortunately ;-)
198[01:42:59] <scrul00se> I use ed25519 for ssh, which works for
me. But if I could find a safe way to get a key from gnome-keyring
(because of the convenience of having it unlock with the user's
login...
199[01:43:27] <scrul00se> ...to a keychain process running as
root...
200[01:43:51] <Abdullah> I don't use gnome or some
bloatware. I'm WM guy
201[01:44:04] <scrul00se> then I could make the whole thing
totally transparent to a user such as my wife.
214[01:47:15] <Abdullah> xfce4 is fine. I suggested a guy to
install debian. gave him XFCE4 iso image link. today he messaged me,
he didn't like it and installed ubuntu ;-)
215[01:47:39] <Abdullah> I don't know if he was unable to
do things or why he did that ;-)
216[01:47:53] <scrul00se> I learned a lot about ssh from here:
replaced-url
219[01:49:14] <scrul00se> I like XFCE4, been using it for quite
a while now. As for gnome bloatware, I just pay attention to what
gets pulled in when I "apt install" something. If I
don't like what I see, I hit "N"
220[01:49:31] <roycroft> i'll install something clean like
mate
221[01:49:45] <scrul00se> *snerk*
222[01:50:07] <roycroft> i'm used to having what mac os
calls spaces
227[01:51:18] <roycroft> i've been managing debian systems
for many years, but always servers, not workstations
228[01:51:36] <roycroft> so debian + gui is kind of new to me,
although i do run debian on my linuxcnc machine
229[01:52:29] <scrul00se> Um, I'm not familiar with macos,
but... just your desktop gets full so you flip to virtual desktop 2,
and it's a new empty space to fill with windows and then you
can flip back and forth?
232[01:53:31] <roycroft> for exmple, i fill screen 1 with
xterms, screen 2 has email client/contact manager/calendar, screen 3
has web browser, etc.
233[01:53:32] <scrul00se> Oh, most DE's will do that. I
have four in my XFCE setup, but you can choose how many.
234[01:53:39] <roycroft> that way i'm not piling everything
up in a single window
235[01:53:47] <roycroft> ok, i'll sort it out
236[01:53:50] <roycroft> thanks
237[01:54:20] <scrul00se> If you install a DE with
3d-acceleration support (*not* XFCE), you can set up flashy
animations for switching them and everything.
238[01:54:34] <roycroft> my goal is to replicate my macbook pro
environment as closely as possible, so that it will be easy to
switch back and forth between machines
240[01:55:01] <Onyx47_> It's called virtual desktops or
virtual workspaces, depending on the DE. And yeah, you need to set
the number of them, though Gnome Shell has dynamic adding of
workspaces, there are some extensions for KDE as well if you want
that, not sure about other DEs
241[01:55:02] <roycroft> i'm not into flashy stuff much
242[01:55:07] <roycroft> i prefer functional
243[01:55:27] <roycroft> i've been using 9
"spaces" on mac os for years
244[01:55:27] <Abdullah> I have 10 workspaces in my setup
245[01:55:28] <scrul00se> Hah! Well, you're certainly not
going to bend the mac to your will to mimic Debian. ;-)
246[01:55:44] <roycroft> i have multiple macs
247[01:55:48] <Abdullah> and accesing them is just super + ; key
248[01:56:01] <Abdullah> or just use mouse which I don't
249[01:56:11] <roycroft> even if i could, it makes more sense to
me to have linux emulate the mac os environment than vice versa
250[01:56:14] <Abdullah> so full screen for one single program
251[01:56:16] <roycroft> less work
252[01:56:20] <Abdullah> plus I don't have a DE
253[01:56:34] <roycroft> well i have to beat this windows
install into submission first
254[01:56:38] <scrul00se> I would just lose windows forever if I
had ten virtual destops to keep straight.
255[01:56:42] <roycroft> then do the basic linux install
256[01:56:59] <roycroft> i have some windows apps that i need to
use
257[01:57:04] <roycroft> so i can't get rid of windows
258[01:57:10] <Onyx47_> roycroft: there are tutorials to get it
so close I managed to trick actual Mac users for good ten minutes as
a joke, how far you want to go is up to you of course
259[01:57:24] <Abdullah> here is my setup.
replaced-url
260[01:57:36] <roycroft> yeah, i installed linux mint on an old
imac once and got it looking fairly like mac os
261[01:57:42] <scrul00se> I've got a *lot* of mileage out
of dual-boot systems over the years.
262[01:57:46] <roycroft> (sorry for going off-topic)
263[01:57:47] <Abdullah> actually I loaded from playlist. lemme
give you the short link, it might not be clickable
564[09:10:09] <khelair> good morning everyone. Can anybody tell
me if debian 10 is the most recent version available for the
cubieboard2 (ie armhf architecture)?
659[10:29:27] <khelair> hi everybody. I'm trying to install
debian's armhf port. Unfortunately, the only monitor I have for
this job is not exactly perfect, and it's not showing me the
banner where it's supposed to show the installation login &
password, and I can't find that damn info anywhere with google
for some reason. can anybody help me find out that info?
660[10:29:35] <khelair> it would be very much appreciated!
672[10:34:47] <khelair> I'm not in the installer, I've
just gotten the board to boot off of the SDCard from the image
'debian-10.6.0-armhf-xfce-CD-1.iso', it's giving me a
standard username/password prompt
678[10:36:19] *** ellis8974 is now known as S3xyL1nux
679[10:36:35] <khelair> I assume that once I'm logged in
I'll receive a message about what to run for the installer, or
whatever would come next... I did this once, but it a was a long
time ago, and my monitor wasn't as trashed at that point. Kids
+ electonics. :|
680[10:36:56] <themill> if it's going to a login prompt,
then it's probably not booted off that installer image
689[10:42:23] <khelair> crazy, I thought they relied solely on
the sdcard. it was not booting off of that. now to just figure out
how to boot to there and hopefully this will all work out well!
690[10:43:38] *** Quits: auk (auk@replaced-ip) (Quit: Leaving)
691[10:43:39] <themill> Not sure about that hardware, but
it's common enough that using debootstrap onto the card is
better than using the installer.
692[10:44:13] <khelair> not sure how to go about that... do you
know where I could find decent info on such, possibly?
694[10:46:08] <khelair> I'm seeing right now that
cubieboard2 is supposed to try to boot from the sdcard first before
its onboard storage. that would indicate that the media that I
flashed probably isn't bootable, I assume? I just dd'ed
over the .iso to my sdcard, should I be using another method?
702[10:47:50] *** Quits: Abrax (~Abrax@replaced-ip) (Remote host closed the connection)
703[10:47:52] *** Guest67174 is now known as S3xyL1nux
704[10:48:26] <khelair> I'm finding a whole lot on pxe/tftp
installation, but I've scoured this doc awhile ago here and
didn't find anything specific about how to write the image to
an sdcard
706[10:48:50] <khelair> unless I should be using a u-boot image,
perhaps
707[10:49:02] *** debhelper sets mode: +l 1164
708[10:49:13] <khelair> I did think that using an .iso format
image for an sdcard sounded a bit off. this one looks like it uses a
.img file, that seems a little more kosher to me
714[10:53:48] <jelly> khelair: depending on the version of uboot
firmware used, those allwinner/sunxi SoC machines use the sd card as
a kind-of /boot filesystem, has to be VFAT formatted with a config
file and kernel and initrd in specific place. See #linux-sunxi
channel and their wiki for installation methods or maybe #cubieboard
725[10:58:30] <khelair> I would assume it does. I am not looking
to struggle with tftp this morning, though. I will I have to, but I
know I can do this right from the sdcard as I've doen it before
726[10:59:46] <jelly> it's an old board, perhaps
replaced-url
727[11:00:17] <khelair> I shall check those out, thank you
732[11:04:25] <jelly> > The images are provided in the form
of a device-specific part (containing the partition table and the
device-specific u-boot) and a device-independent part (containing
the actual installer), which can be unpacked and concatenated
together to build a complete installer image.
733[11:04:37] <jelly> oh that's a neat way to manage dtb I
guess
734[11:04:58] <khelair> where are you seeing this at, if I may
ask?
776[11:22:17] <khelair> heh this one, on the other hand, boots
fine until it says that it's starting to read the kernel, then
the screen goes dark and still has not come back up. bleh
778[11:23:32] <khelair> oh it was _armbian_ that I used before.
hrm. I would really rather be on _debian_ specifically, but I may
just have to fall back on this if this kernel issue doesn't
resolve soon here
789[11:30:49] <Haohmaru> i'm looking into how to get a USB
smartcard reader working (i actually only wanna see information from
cards, not to authenticate with cards or anything practically
useful), and everything i find points to some broken URLs on
debian.org
793[11:33:01] <Haohmaru> i a bunch of programs that say
"smartcard" including "cardpeek" and
"pcsc-tools" and so far nothing.. they can't find a
reader, yet i see it in lsusb
806[11:48:48] <ratrace> kats99: using startx requires
permissions on all needed /dev/ nodes
807[11:49:20] <ratrace> requires *manually set and managed
permissions, is what I mean. otherwies the DM in combo with logind,
will deal with those
808[11:49:37] <ratrace> It's 2021 almost. Just use a
friggin DM. :)
809[11:51:40] <kats99> there was no xorg.conf file before and i
generated one using nvidia settings..i was able to use startx
before..if i remove the xorg.conf file it will work but im trying to
use the nvidia gpu here
810[11:52:04] <kats99> i was able to load the modules this
time...
812[11:53:23] <kats99> xorg.conf.nvidia in etc/bumblebee
813[11:55:35] *** Quits: asymptotically (~asymptoti@replaced-ip) (Remote host closed the connection)
814[11:55:53] <Onyx47> you don't need the xorg.conf file to
use nvidia's driver anyway, the modules just need to get loaded
properly, and nvidia-driver package should do that for you
817[11:56:45] <Onyx47> or even nvidia's official installer
if you're using that, which you should avoid unless you really,
really need it for some reason
818[11:57:05] <ratrace> oh bumblebee changes everything.
everything you know about setting up nvida on a system can be tossed
out, when bumblebee is mentioned. :)
819[11:57:47] <Onyx47> oh goodie, that's still such a pain?
didn't mess with switchable graphics for ages myself, is it
still that bad?
821[11:59:20] <kats99> then it means that i have to run optirun
for each and every program because even without xorg file i dont see
the gpu being used
825[12:04:19] <ratrace> Onyx47: it is to my knowledge. I mean, I
guess there's a way to get it all working, but definitely
aint' out of the box auto setup anything.
829[12:10:01] *** Quits: dselect (~dselect@replaced-ip) (Quit: ouch... that hurt)
830[12:10:08] <Docscr> installed Konversation (IRC Client)
Version 1.6-branch #4910 from KDE Frameworks 5.28.0, opened
serverlist >>oh, nice, at least a "freenode" network
preconfigured<< - alas I didn't feel at home at all,
after much headdesking I found the actual server wasn't
chat.freenode.net but irc.debian.sth - prettz rogue!
892[12:51:40] <adfeno> Hi all, in Icedove, how to increase font
size of .conv-text (the input textarea that is bellow the chat
history of IRC) ? I know I have to edit userContent.css or
userContent.css and I have both working for other things, but
it's notworking for .conv-text.
960[14:00:17] *** gigetoo_ is now known as gigetoo
961[14:01:10] <martinus__> apt question, let's say I issue
'apt install slapd', it would update
'libldap-2.4-2' as well, but is it expected to update
'libldap-common' (which is a dep of
''libldap-2.4-2' ? Asking because I issue the former
command yesterday and today I got 'libldap-common' to
update (but I don't remember if the latter package was pending
yesterday).
1000[14:27:38] <dpkg> If you have a question, just ask! For
example: "I have a problem with ___; I'm running Debian
version ___. When I try to do ___ I get the following output ___. I
expected it to do ___." Don't ask if you can ask, if
anyone uses it, or pick one person to ask. We're all
volunteers; make it easy for us to help you. If you don't get
an answer try a few hours later or on
replaced-url
1050[15:22:36] *** Quits: ov3rmind (~over0-07@replaced-ip) (Remote host closed the connection)
1051[15:22:37] <jhutchins> It's amusing that people still
make administrative policies on their systems as if they have
several hundred college students logging in to the system when in
fact it's a single user environment.
1061[15:33:32] <ratrace> "single user" environment
hasn't been the case in unix since its inception and isn't
evne on a "single physical hooman operating the machine",
with multitude of daemons, policy and permission separations,
etc....
1062[15:33:44] <ratrace> otherwise one wants: MS|Free DOS.
1063[15:34:43] <ratrace> And if you use a browser, then you
potentially have all kinds of different actual separate physical
persons touching your system with their code as you browse random
sites, in which case even DAC policies no longer cut it, and you
need a MAC...
1069[15:36:18] <ratrace> shtrb: no thanks. even if I like the
model in theory, there's a flurry of xen vulns once in a month
it seems. so I'd rather DIY with kvm
1132[16:25:38] <Paerox> shtrb, Thanks for the link. So,
"$ConfigDirectiveName" is legacy, and
"command(%variables%)" are modern style, do I understand
that correctly?
1133[16:26:42] <shtrb> yes
1134[16:27:18] <shtrb> legacy may be broken at any time soon
1180[16:57:23] <ratrace> jhutchins: but a *nix system is NOT a
single user, even if single human is using it. the OS doesn't
care if it's a human behind an uid or not
1186[16:59:37] <jhutchins> I guess people who have grown up in a
GUI environment and have never logged in to a 1,000 user shell
system have a different perspective.
1187[16:59:47] <greycat> We've got some workstations that
are being used by multiple people simultaneously, due to the wonders
of Covid-19.
1188[16:59:56] <greycat> VNC sessions for the users who are
working from home.
1189[17:00:22] <jhutchins> greycat: Yech. Multi-VNC. My
sympathies.
1190[17:00:58] <jhutchins> I think I'd take a different
approach, but I have no idea what all the variables are.
1191[17:01:39] <n4dir> and full of wonders it all is, indeed.
1192[17:01:51] <ratrace> jhutchins: I think you mean the other
way around. people grown up in a gui environment thinking
they're the only "user" on the system, where in fact
they aren't
1193[17:02:18] <n4dir> that would not be valid if you go for a
cli only system?
1194[17:02:23] <ratrace> even a single UID can actually mean
thousnds of physical people interacting with that system
1195[17:02:29] <jhutchins> I think I've encountered three
use cases where VNC was a reasonable choice. Mostly there were
better alternatives, but you pick your battles.
1197[17:03:04] <jhutchins> ratrace: You are looking at the system
from an entirely different viewpoint, and that's part of the
security problem..
1198[17:03:27] <greycat> Would you scream even louder if I told
you they go through a Microsoft Windows "radmin" layer
before running VNC on an internal Windows box to connect to the
internal VNC session on the Debian box?
1199[17:03:32] <jhutchins> ratrace: People are securing public
web services with local shell policies and expecting that to be
effective.
1200[17:03:58] <ratrace> My viewpoint is actually
security-centric, in which a singular human at a keyboard does not
mean the system is running with ONE user, as far as security
policies are concerned.
1201[17:03:59] <jhutchins> greycat: Nope, been there, already
screamed as loud as I'm going to.
1202[17:04:53] <ratrace> (and frankly i'm not even concerned
with single-human computers, I devise policies in which an UID is
agnostic to the flesh or metal behind it)
1204[17:05:17] <ratrace> in that I don't care too much about
UIDs at all, I prefer MACs instead of DACs
1205[17:06:14] <ratrace> and speaking of local shell policies,
that's just aspect of the security , even for web servers.
1206[17:06:17] <jhutchins> I prefer WACs myself.
1207[17:07:02] <ratrace> see, people think "local
exploit" only mean keyboard. while in fact, a RCE through, say,
wordpress, turns EVERY "local" exploit on that machine
into remote by virtue of allowing remote to execute any code they so
desire, and in process, exploit the "local" privilege
1208[17:07:11] <ratrace> (... escalation vuln)
1209[17:07:51] <ratrace> I've actually had privilege (pun
not intended) to observe a bot or something, maybe human, trying to
exploit a kernel vuln through a WP exploit
1210[17:08:37] <ratrace> they were trying to download a remote
file and exec it. while unfortunately the policy must allow WP to
write files, even modify itself, and fetch files remotely
(sigh...).... the MAC policy completly put a halt into that attempt
to exec the code.
1212[17:09:18] <ratrace> so to be clear, the attacker was someone
or somethigg, somewhere on the planet (the IP was .ru), exploiting a
WP hole to launch second stage attack agains the kernel
1213[17:09:35] <ratrace> so you see, all those "local
priv" policies can be tossed out because that person, or bot,
just turned them all into remote vulns.
1215[17:10:29] <jhutchins> ratrace: When people apply security
measures that are appropriate for publically exposed service systems
to personal desktops, thinking they're being "security
aware" it's just ... modern America I guess.
1216[17:11:25] <ratrace> depends on what the measures are. I
treat my firefox as a hostile app that runs remote code that might
try to exploit my system. And thus the AA policy and DAC policy
below it, reflects that stance.
1218[17:11:52] <ratrace> (I write my own AA policies, the
packaged ones are a joke)
1219[17:12:06] <zeedee> what is the proper way to restart
networking? machine will not come back online unless i reboot
1220[17:12:16] *** Quits: milkt (~debian@replaced-ip) (Remote host closed the connection)
1221[17:12:22] <jhutchins> Meanwhile on another channel someone
is worried about taking sufficient security measures on a machine
that is not on a network.
1224[17:13:13] <ksk> jhutchins: if you have these internet coins
on them, might be valid ;)
1225[17:13:25] <ratrace> jhutchins: but at the end of the day,
treating FF that way, or the WP/php-fpm daemon, is effectively the
same: you have running code which you're trying to isolate from
a remote threat actor executing a successful first stage RCE.
doesn't matter what the /usr/bin/<name> really is. both
are exposed to a remote party.
1227[17:13:32] <zeedee> i had been doing sudo service networking
restart
1228[17:14:05] *** Quits: xsisec_ (~xsisec@replaced-ip) (Remote host closed the connection)
1229[17:14:08] <ratrace> zeedee: the networking.service (which
does the ifdown + ifup) applies if you're using the ifupdown
framework, which is default on debian. are you using that?
1230[17:14:15] <ratrace> or perhaps networkd? network-manager?
something else?
1231[17:14:17] <jhutchins> ratrace: See previous reference. No
external connection. Not even local networking.
1232[17:14:18] *** Quits: dftxbs3e (~dftxbs3e@replaced-ip) (Remote host closed the connection)
1233[17:14:26] <ratrace> jhutchins: well that's different
then, agreed
1239[17:16:28] *** Quits: szorfein (~daggoth@replaced-ip) (Remote host closed the connection)
1240[17:16:50] <jhutchins> ratrace: I have worked in environments
where security lockdowns were appropriate. I managed servers that
handled significant federal financial transactions, and had to argue
for geo-ip blocking APEC and South American IPs.
1266[17:26:57] <zeedee> ratrace: yes, and yes. i understand that
if networking service goes down so would ssh. I just expect it to
show back up on the router after networking gets started again. But
the machine never shows up, unless i reboot.
1268[17:27:52] <ratrace> zeedee: you'll have to look into
the log files, maybe the service never gets back up for some reason.
pastebin your config, could be something is breaking it
1269[17:28:16] <ratrace> but then it'd break on boot too, so
this is a bit unusual :: definitely check in the logs
1276[17:31:31] <greycat> otherwise, if you're doing it in a
raw shell, the shell dies as soon as the ssh session dies as soon as
the network dies, which may kill the thing that's supposed to
resuscitate the network
1277[17:31:33] <ja869117> OT ? - my laptop has died, a noble
beast but old. My ? what would be a "good" replacement
must be linux "capable?
1278[17:31:55] <zeedee> greycat: i use tmux at boot
1289[17:34:58] <zeedee> greycat: now i dont understand. if the
machine reboots all sessions are gone. if i dont reboot and start a
fresh ssh connection yes i reattach
1291[17:35:29] <greycat> All I'm saying is that if you
ssh'ed in and then typed "service restart network" or
whatever, but FORGOT to attach to your tmux session first, then that
might explain your issue.
1292[17:36:26] <ratrace> I'm not sure systemd would break
like that. unlike the "old" days where you actualyl
execute the init script from within your shell, systemctl talks to
pid1 afaik
1294[17:36:44] <ratrace> (and dbus if you exec it as unprivileged
user)
1295[17:37:09] <greycat> Does it send a full "stop it and
then restart it, please" message all at once, or does it send a
"stop it" message, then wait for ack, then send a
"now start it" message?
1296[17:37:12] <ratrace> ((but definitely run through tmux
,that's very good advice; I'm just saying I'm not
sure it'd break like that))
1297[17:38:04] <ratrace> in systemd a "restart" is
always ExecStop + ExecStart
1298[17:38:33] <ratrace> There's no ExecStopStart where one
could, say, put "ifdown -a ; sleep 1 ; ifup -a"
1299[17:38:47] <ratrace> (one could put that into ExecReload tho)
1300[17:39:01] *** debhelper sets mode: +l 1199
1301[17:39:12] <zeedee> greycat: i appreciate the idea because i
do overlook simple things but yes, always inside tmux
1315[17:45:24] <shtrb> jhutchins, sorry to jump into
conversation, but many modern pc (and laptops) are no longer
"not on a network anymore" , they are potential attack
vector only waiting to upload your sensitve data to some attacker
(aka a cloud service). Any machine is considered to be compromised
after some time. A PC not connected to the internet but has access
to interal WiFi (very common thing in Black networks) one day this
mofo could be made on a public ip because
1316[17:45:25] <shtrb> of a intellectually chalenged mistake
(seen it , been there )
1389[18:31:15] <ratrace> no, there has to be something in the
logs. after you reboot, do grep ifup /var/log/messages (or enable
persistent journald and use journalctl) , there has to be something
about it
1390[18:31:59] <ratrace> if it comes back online on boot that
means the configuration at least is correct, or else it
wouldn't. so i'm betting there's something going on
that prevents the ifup to complete, after ifdown, doens't make
much sense otherwise
1398[18:36:06] <dpkg> In Debian releases 8-10, systemd's
journal is not persistent by default. To enable a persistent
journal, enable Storage=persistent in /etc/systemd/journald.conf.
Persistence will be the default in Debian 11 Bullseye.
1400[18:38:25] <ratrace> well yeah, I mentioned it should be made
persistent if journalctl is to be used.
1401[18:38:36] <jelly> isn't it enough to mkdir
/var/log/journal and reboot?
1402[18:38:40] <ratrace> btw, is that settled, then? persistent
journald WILL be default in bullseye?
1403[18:39:08] <ratrace> jelly: it is but that's the
implicit way assuming defaults . Much better is to be explicit in
the journald.conf
1404[18:39:09] <greycat> jelly: yes, because of course there have
to be two completely different ways of doing it, both of them well
documented in separate locations...
1405[18:39:30] <ratrace> they're all documented in the one
and the same journald.conf(5)
1406[18:39:33] <jelly> ratrace: I want to avoid changing default
conffiles.
1407[18:39:44] <ratrace> jelly: why
1408[18:39:53] <jelly> ratrace: because I like distro defaults
1409[18:39:59] <ratrace> /etc exists for the (sys)admin to
configure their system as they wish
1410[18:40:06] <jelly> and I want to stick to them unless
there's a good reason not to
1411[18:40:13] <ratrace> but by mkdir'ing youre changing
distro defaults.... o.O
1412[18:40:26] <jelly> ratrace: I'm not changing any
conffiles
1413[18:40:32] <ratrace> well anywya, if you prefer mkdir instead
of being explicit in the configs, by all means.... :)
1414[18:40:48] <ratrace> sounds like an artificial constraint,
but hey, whatever floats your boat ;)
1415[18:40:49] <jelly> and that makes less work on any upgrades
and release upgrades.
1422[18:42:15] <jelly> jmcnaught: so that's three ways. :-)
1423[18:42:16] <ratrace> meanwhile.... is persistent journald
definitely going to be default in bullseye? remember there was a
conflict about it, assuming rsyslog will remain as well, which is
just plain dumb....
1424[18:42:33] <greycat> jelly: but what if I happen to read
systemd-journald(8) instead of journald.conf(5) ??!??!??
1425[18:42:41] <zeedee> greycat: do i need to do anything after
making the change?
1434[18:44:28] <zeedee> ratrace: no ifup in /var/log/messages
1435[18:44:31] <jmcnaught> The systemd README.Debian says to do
it the same way as systemd-journald(8)
1436[18:44:39] <ratrace> zeedee: how 'bout ifdown ?
1437[18:44:48] <greycat> is that right above the indented
two-line recipe, or right after it, or somewhere VERY FAR away that
nobody will ever see because they already saw the indented commands?
1438[18:44:52] <zeedee> nada
1439[18:45:36] <jelly> oh, forgot about chgrp/chmod. It's
not just mkdir.
1441[18:46:08] <ratrace> jelly: HAH! and instead you
could've just set Storage=persistent and be done with it
(assuming jd restart being common to both methods)
1442[18:46:23] <ratrace> talk about making less work.....
1443[18:46:51] <jelly> ratrace: yes. More work once and less work
on every future change in conffile is worth it.
1444[18:46:54] *** rf-n00b_ is now known as rf-n00b
1445[18:46:56] *** Quits: Deyaa (uid190709@replaced-ip) (Quit: Connection closed for inactivity)
1449[18:48:00] <ratrace> jelly: gee, every two years you have to
review conffiles for any OTHER changes that may've not been
caused by messing with files.... it really doesn't compute :)
1455[18:49:28] <ratrace> jelly: you should. new versions of
software include new functionality and you should review what the
new config options are, default or no default.
1456[18:49:34] <jelly> it's like you've never done a
release upgrade
1457[18:49:58] <jelly> that doesn't have to be done
interactively during release upgrade time.
1461[18:50:55] *** Quits: zapatista (~zapatista@replaced-ip) (Remote host closed the connection)
1462[18:51:24] <jelly> leave what? confold or confnew? Track
conffiles for EVERY package? No. I care about precious few services,
and trust the distro with most others.
1463[18:52:08] <ratrace> I don't trust the distro with
anything, especially not debian and its bad defaults.
1464[18:52:10] <jelly> maybe you don't do interactive
release upgrade in-place
1520[19:14:28] <wr> jelly, shtrb changing this will full disk
encryption give any problem?
1521[19:14:43] <jelly> wr: is this a physical or a virtual
machine?
1522[19:14:56] <shtrb> wr , as alex11 said , it would be hard to
move stuff up , you can however configure your grub2 to take a
different /boot from inside the encrypted disk part .
1523[19:15:00] <wr> jelly, physical
1524[19:15:04] <shtrb> we, * do as alex11 said
1525[19:15:37] <another> wr: how many kernels do you have
installed?
1526[19:15:38] <jelly> wr: and the whole disk is just 30GB or so?
1527[19:15:58] <shtrb> *wr , do as alex11 said , it's easier
to get rid of stuff you do not need anymore
1536[19:18:08] <shtrb> would you consider instead creating a new
/boot inisde the encrypted parttion ?
1537[19:18:16] <shtrb> wr ,you are using kali @!$!@%%!%
1538[19:18:17] <alex11> welp, you're on kali
1539[19:18:30] <greycat> *plonk*
1540[19:18:36] <wr> shtrb, yes, is debian based
1541[19:18:42] <jelly> wr: that's not debian, but figure out
which packages those belong to, and remove the oldest one
that's not actually running right now
1542[19:19:01] *** debhelper sets mode: +l 1206
1543[19:19:03] <jelly> wr: we don't support derivative
distros in here, sorry
1544[19:19:18] <wr> jelly, debian based, ah ok sorry
1545[19:19:32] <johnfg> I just checked, and even though I can
connect with vnc, no screen coming up there either.
1557[19:21:16] <johnfg> jmcnaught: On both monitors for this
system, they stay black when I move the mouse, enter something from
the keyboard, etc.
1558[19:21:27] <jelly> wr: you would do the same thing, >
figure out which packages those belong to, and remove the oldest one
that's not actually running right now
1559[19:21:31] <shtrb> wr, one option would be to migrate a boot
into / using somethign like
replaced-url
1560[19:21:33] <wr> jelly, i did post it there, but seems the
guys are busy, so far no reply
1561[19:21:45] <johnfg> However, when I choose a tty (other than
tty7) I can login with no problem.
1562[19:21:52] <bla> Habe someone recently configured opencl with
nvidia under bullseye? is something external required?
1563[19:22:05] *** Quits: JohnML (~john1@replaced-ip) (Remote host closed the connection)
1568[19:22:52] <shtrb> wr, it would be easier to uninstall old
kernels
1569[19:22:57] <sney> bla: cuda isn't supported with nvidia
and 5.9, either use an older kernel (5.8 should be ok) or wait for
nvidia to publish the updated driver.
1570[19:23:06] <jelly> wr: I'll stop commenting on this
issue in here now. Maybe try ##linux
1571[19:23:19] <sney> bla: and please take future bullseye
questions to #debian-next on OFTC (note right now you are on
freenode).
1572[19:23:28] <bla> sney: thanks a lot.
1573[19:24:04] <shtrb> johnfg, check if user have enough disk
space and if .Xauthority is owned by the same user
1583[19:25:58] <wr> shtrb, i think just that solves this
1584[19:26:16] <wr> jelly, ok tahnks
1585[19:26:22] <wr> *thanks
1586[19:26:35] <shtrb> johnfg, sudo systemctl isolate multi-user
, and then sudo systemctl isolate graphical
1587[19:26:36] * jelly wonders
1588[19:26:44] <jelly> dpkg, buster->bullseye
1589[19:26:44] <dpkg> In /etc/apt/sources.list, change
"buster" to "bullseye", remove lines like
buster-backports, debian-multimedia <dmo>, and other 3rd party
repos as they are known to cause issues then do: apt update
&& apt upgrade && apt full-upgrade. Note that
testing is a <moving target> and may be buggy, and read the
sid FAQ:
replaced-url
1607[19:29:38] <wr> any way can upgrade my debian buster to use
xfce 4.14? and it be stable? not testing etc
1608[19:29:48] <alex11> xfce isn't backported so no not
really
1609[19:30:02] <alex11> i don't know if it's possible
to self backport; backporting whole desktops generally is hard
1610[19:30:08] <alex11> it's been done with MATE though
1611[19:30:23] <wr> alex11, do you think it will take long for it
to have the xfce 4.14 on buster?
1612[19:30:36] <alex11> it will never be in buster
1613[19:30:38] <jelly> wr: it will never happen unless you do it
yourself
1614[19:30:39] <shtrb> maybe something on OSB ?
1615[19:30:47] <wr> alex11, ah ok
1616[19:31:09] <jelly> and bullseye freeze is close. IF you
absolutely need xfce 4.14 you might as well go try using that
1617[19:31:12] <alex11> but like it's xfce so you're
probably not missing a lot with a newer version
1618[19:31:23] <greycat> In totally unrelated news I got to
install libncurses-dev today. I built the bash 5.1.0-rc3
pre-release, and it did the ksh sideways-scrolling thing which I
find unbearable. I installed libncurses-dev and rebuilt it, and now
it's working properly.
1619[19:31:24] <jelly> they'd be missing .02
1620[19:31:25] <johnfg> brb on phone
1621[19:31:25] <wr> jelly, alex11 ok i get it, so now is time
wait
1622[19:31:26] <alex11> or rather, with an older version
1651[19:40:54] <johnfg> Well, running 'systemctl isolate
multi-user' messed up the ttys, and all I had was a blinking
cursor. After a reboot, all looks good, but after a logout, not sure
whether I'll have the graphical interface or not.
1652[19:41:51] <greycat> I believe the intent was that you would
run that isolate command *after* you reach the failed state.
1653[19:42:12] <greycat> (and then the other isolate command, to
restart the DM)
1659[19:43:07] <johnfg> jmcnaught: Buster, all updates.
1660[19:43:08] <zeedee> greycat: my interfaces file was bad. i
had allow-hotplug enp1s0, should have been auto enp1s0. atleast that
change seemed to fix things. thanks for the help
1661[19:43:14] <zeedee> ratrace: thank you too
1662[19:43:16] *** Quits: Newami (~Newami@replaced-ip) (Remote host closed the connection)
1663[19:43:39] <greycat> zeedee: congrats
1664[19:44:11] *** Quits: edlou (uid413273@replaced-ip) (Quit: Connection closed for inactivity)
1685[19:57:50] <zeedee> real quick, now that i can restart
networking correctly, will an bad line in /etc/hosts cause me to
lose remote connection? im now working on setting a fqdn. thanks
folks
1686[19:58:08] <greycat> your /etc/hosts file doesn't do
nearly as much as you think it does
1688[19:58:40] <greycat> it's used when some program decides
to look up a hostname using the standard libc interfaces. it'll
look there first (assuming your nsswitch.conf is default-ish), and
then look in DNS if not found in /etc/hosts.
1691[19:59:29] <greycat> editing it doesn't have any effect
on already-running programs, unless one of them decides to look up a
new hostname, or ignore the cached value of the hostname it already
has
1694[20:00:07] *** rgdgnfnfgh is now known as S3xyL1nux
1695[20:00:14] <shtrb> zeedee, /etc/hosts hold results that has a
higher priorities than other options (like DNS , NMBD ) , you could
drop yourself from being able to acess to some service (and by
product fail to access to your identify provider if you are using
LDAP/radius auth ) but chances are low for that.
1696[20:00:35] <zeedee> so sendmail complains about not having
fqdn. sounds like i can edit hosts file and just re-run
sendmailconfig?
1701[20:01:58] <shtrb> johnfg, if after isolate multi-user you
had no option in tty to do isolate graphical you have something
wrong on the DM level , session level , or a service inside your DE.
a test in the failed state you can do (if you are under X ) to log
in into a tty and run startX to see if you can enter a session there
1702[20:02:08] <zeedee> it works good on my rented vps... is
there a better option? i just want to send alerts to myself
1710[20:06:58] <scrul00se> zeedee: personally I like to use msmtp
to provide a tiny "dummy mta" which just uses my (paid,
not local) email account to send alerts
1719[20:09:29] <johnfg> greycat: When I selected tty7, I had the
DM login screen.
1720[20:09:50] <johnfg> Full DE session on tty1 though.
1721[20:10:05] <shtrb> can you try reproduce the probelm , and
then try to run start X on a different tty
1722[20:10:20] <greycat> startx with no arguments on tty1 should
definitely NOT kill a running X session on tty7
1723[20:10:21] <jelly> zeedee: msmtp-mta or dma if you're
going to send all mail to one address
1724[20:10:28] <jelly> !nullmailer
1725[20:10:28] <dpkg> somebody said nullmailer was a minimal
<MTA> for hosts which just sends directly to smart relays.
Does not support /etc/aliases; define a catch-all alias in
/etc/nullmailer/adminaddr instead, see adminaddr(5).
replaced-url
1737[20:12:12] <jelly> zeedee: right, that's when you use a
null mailer, a small tool that provides /usr/sbin/sendmail API but
typically sends all mail generated on the server to one address,
using one smtp auth server
1738[20:12:18] <johnfg> Looks like all I have running is
needrestart-dbus-session.
1739[20:12:57] <jelly> scrul00se: aliases are nice, useful to
sort mail later
1745[20:16:12] <scrul00se> jelly: Yep. My main use case for msmtp
is a systemd oneshot containing a "mail" oneliner that
sends "Unit %n failed!" and a log excerpt to my real-world
email address, which I can add to the OnFailure directive of any
systemd unit. I've been very happy with it
1763[20:24:22] *** Quits: platvoeten (~platvoete@replaced-ip) (Remote host closed the connection)
1764[20:26:06] <alexrelis[m]> I am trying to run an initial
backup with Deja Dup. I've selected to back up my entire home/
folder, excluding Downloads/ and a few other places. When I run it I
get this error:
1783[20:37:57] <johnfg> After I leave here in a bit, and come
back around 6 p.m. MST, I'll see what I've got. Probably
won't be able to troubleshoot any problems until Thursday,
though.
1788[20:40:36] <johnfg> btw...does pastebinit not work any
longer? I tried both a cat <file> | pastebinit; and a
pastebinit <file>, and I got errors (the same).
1790[20:41:31] *** Quits: tizef (~tyzef@replaced-ip) (Read error: No route to host)
1791[20:41:51] <johnfg> Part of the error:
/usr/bin/pastebinit:413: DeprecationWarning: pasteURLopener style of
invoking requests is deprecated. Use newer urlopen functions/methods
1796[20:43:52] <johnfg> greycat: is pastebinit deprecated (as
well as not working?)?
1797[20:44:28] <greycat> I have no idea. The three seconds I
spent reading your error would be enough to make me give up on it,
if I were trying to use it.
1806[20:47:11] <n4dir> I think the DeprecationWarningis really
just that, a Warning. I had it not working, pastebinit, but the
solution was not related to that.
1811[20:49:46] <Onyx47> damn, I should set up my shell
differently on my laptop and desktop, I almost broke my apt
sources.list right now, forgot I was SSHd into my laptop -.-
1850[21:11:28] <Waxhead> I asked this in Debian-next , but I
might as well try here too. Is there some way to boot debian from a
live-cd. e.g. "jump-start" without grub the main install
from a chroot or something?
1860[21:14:25] <ratrace> then again your inability to look up a
simple config option in the supervisord docs tells me that's
gonna be Mission Impossible.
1861[21:14:36] <Wh0amI_> I discovered that debian is linux, what
do I do ?!
1864[21:15:22] <karlpinc> I'm looking at a moin-moin wiki
web page. I believe the font supplied by css is "Arial, Lucida
Grande, sans-serif". Chromium seems to render it in DejaView
Sans. I think firefix is rendering it as Aerial bold. I don't
believe I have aerial installed (but am not sure how to check.)
Anyway, all the text is bold in firefox, but not chromium.
What's going on and what's the right way to fix it so
firefox does not show everything in
1865[21:15:22] <karlpinc> bold?
1866[21:16:15] <ratrace> sounds like something broken in
fontconfig
1867[21:16:45] <ratrace> "font supplied by css" would
imply there's a .ttf definition for download, rendering your
local fonts irrelevant, tho
1868[21:17:38] <ratrace> unless you really meant font-family
definition, and not @font-face
1873[21:21:20] <karlpinc> (strangly, this particular wiki has a
different font-family than
replaced-url
1874[21:21:36] <ratrace> right, so with font-family, it lists
fonts in order and your browser selects first found. Arial is not a
free font, so it's unlikely you have it unless you explcitly
installed it from somewhere. Lucida is not typical on linux systems,
I don't recall if its free, so that leaves whatevre system
would define as sans-serif
1882[21:26:02] <karlpinc> And firefox claims the default font is
DejaView Serif. I think I'll ignore the problem and see if it
goes away the next time firefox upgrades and breaks everything.
1896[21:33:40] *** Quits: neilthereildeil (47f1f4c4@replaced-ip) (Remote host closed the connection)
1897[21:34:19] <greycat> you can go to the wiki's SystemInfo
page to get the software version + python version (and a lot more if
you're logged in as the wiki admin)
1898[21:35:03] <karlpinc> I'm going to try installing moin
locally and see if I can reproduce it.
1909[21:43:47] <Paerox> I'm having a hard time finding
relevant info in the rsyslog docs. Perhaps someone can recommend me
an alternative central logging solution?
1910[21:44:21] *** Quits: platvoeten (~platvoete@replaced-ip) (Remote host closed the connection)
1911[21:45:45] <karlpinc> Paerox: Or you could tell us your
problem.
1912[21:47:02] *** Quits: endstille (~endstille@replaced-ip) (Quit: I'll be back.)
1914[21:48:32] <Paerox> karlpinc, I have a FortiGate which is
currently logging to RAM only. The FortiGate has an option I can
turn on so that it sends it's log to an rsyslog server. So far
I've configured rsyslog to listen only to the LAN NIC. Now I
want to log events on my FortiGate to a seperate folder under
/var/log. My problem is that I cannot find the relevant modern-style
configuration directive for rsyslog to do this.
1965[22:33:06] <Paerox> jhutchins, I'm not dissing rsyslog
at all, I'm just having a hard time setting it up
1966[22:33:43] <Paerox> Today is the first time I'm
customizing rsyslog
1967[22:34:09] <jhutchins> Paerox: You just have to hold your
tongue right - meaning once you get the right perspective it all
makes sense.
1968[22:34:34] <shtrb> ratrace, rsyslog is not that bad , used
both of them , not that of an issue with most IT users
1969[22:35:13] <Paerox> I've had some success already with
rsyslog btw! Got rsyslog to store messages from my Fortigate, but
the messages ended up in /var/log/messages and not in a sepereate
folder
1970[22:36:00] <shtrb> Paerox, create a custom conf file in
rsyslog.d , the stops after matching , also My condolunces for
Fortigate
1971[22:36:03] <jhutchins> Paerox: You should be able to get the
syntax from the manpage.
1973[22:37:21] <Paerox> jhutchins, I'll have a proper look
at the manpage. Just need a break first.
1974[22:38:36] <shtrb> Paerox, just finish the conf file with
"& stop" that will stop processing , for example :
$template RemoteStore,
"/var/log/blabla/%HOSTNAME%/%timegenerated:1:10:date-rfc3339%"\n
:source, isequal, "evilfortigate" -?RemoteStore\n&
stop
1975[22:39:23] <jhutchins> Paerox: I'm no longer in an
rsyslog environment, but wee had about 1500 servers on the last one
I worked with.
1976[22:40:01] <jhutchins> Fortunately it was a "change
once, run ansible" system.
1977[22:40:05] <shtrb> Paerox, this will put per date files with
messages from machine called "evilfortigate"
1983[22:50:15] <ratrace> Paerox: it's an alternative syslog,
and as the name implies, aimed at solving certain shortcomings of
rsyslog. back at the time it was capable of TLS, but nowadays (in
Buster at least) I think rsyslog is too. syslog-ng's config is
way, way more intuitive to work with, tho.
1999[22:58:58] <jhutchins> greycat: I know, I probably have 20,
many of which are not duplicates. I don't get political about
which one to use.
2000[22:59:02] <ratrace> jhutchins: aparently you have lots of
opinions about other people's opinions
2001[22:59:15] <jhutchins> ratrace: Some people's.
2002[22:59:43] <ratrace> I'm not being political about
syslog-ng if that's what you're implying. I just mention
it as an alternative. it's there, it exists, it has pros and
cons, (in my book pros over rsylog are worth it), and it's
packaged in debian
2013[23:02:23] <jhutchins> Paerox: At one point I had 200
pentiums in my basement. I was going to build a cluster, then I
found out they wouldn't boot headless.
2017[23:04:03] *** Quits: EagleTG (~eagletg@replaced-ip) (Remote host closed the connection)
2018[23:04:04] <dvs> holy meterologist!
2019[23:04:07] <shtrb> Paerox, I was user of it's equipment
, it made my life hard , it's MITM process was broken and made
it virtually impossible to auth against services
2020[23:04:17] <jhutchins> greycat: Not a lot of planning on that
project, just free servers and the existance of clustering.
2021[23:04:26] <Onyx47> just hook it into central heating and get
rid of the furnace/boiler/whatever, duh
2022[23:05:14] <greycat> and you were going to power them all off
a dozen power strips plugged into a single wall outlet, right?
2023[23:05:23] <jhutchins> A boat can be hauled up and put aboard
a ship.
2024[23:05:23] <jhutchins> 
2025[23:05:23] <jhutchins> 1
2026[23:05:23] <jhutchins> Like
2027[23:05:33] <jhutchins> Like I said...
2028[23:05:33] *** jhutchins was kicked by debhelper (flood)
2060[23:16:03] *** ellis8974 is now known as S3xyL1nux
2061[23:16:05] <jhutchins> Paerox: Manpages are the most common
docs, hence get the most hands and eyeballs. There are also info
pages, mostly for pre-linux programs, /usr/share/doc, and wikis.
2062[23:16:23] <greycat> info pages are a GNU thing, not
"pre-linux"
2074[23:21:31] <H-var> internet is a series of tubes
2075[23:21:48] <shtrb> Ethernet cables :D
2076[23:22:07] <greycat> I suppose it's possible that
someone outside of GNU took a look at ROFF, took a look at Texinfo,
and decided "... ok, I'll use Texinfo". But it
wouldn't have been a large number of someones.
2095[23:32:46] <Paerox> shtrb, I didn't think daemon-reload
was necessary (only for systemd unit files?). Tried to restart
rsyslog after daemon-reload and afterwards i do "ls
-Rlh|less" but i see no indication of frequenly updated log
files or new ones.
2102[23:36:31] *** Quits: gelignite (~gelignite@replaced-ip) (Quit: Stay safe! Stay at home! Stop the chain reaction!)
2103[23:36:54] <Paerox> created the folder, restarted rsyslog,
disabled and re-enabled the "Send logs to syslog" option
in my FortiGate. nothing appears in the newly created folder