20[00:31:58] <alexrelis[m]> How do I set the default file
manager when I don't have a DE installed? I'm on Openbox
and when I select to view a file in the folder it automatically
opens up the Ranger file manager when I instead want to use pcmanfm.
29[00:41:10] <sponix> alexrelis[m]: not sure about doing files
associated with a file manager, but here is links done with a
specific browser
replaced-url
30[00:41:23] <sponix> alexrelis[m]: this gio and such might do
more than just browsers
40[00:45:59] <alexrelis[m]> Another thing I noticed when using
Openbox is that when I open Synaptic my Openbox session freezes
entirely and a couple of flatpaks don't open properly,
including Element.
49[00:50:42] *** Quits: Deyaa (uid190709@replaced-ip) (Quit: Connection closed for inactivity)
50[00:50:42] *** Quits: ax562 (aec284f2@replaced-ip) (Remote host closed the connection)
51[00:51:31] <alexrelis[m]> sponix: you should try it. Other
than the obscure issues I've had with it, it's really
great if you want something really lightweight but aren't a fan
of tiling wms.
65[01:00:25] <roycroft> and the management pane at the bottom
right of the screen is not fun to deal with
66[01:00:41] <roycroft> is there another desktop environment
where the window manager is easier to work with?
67[01:00:50] <roycroft> i used mate because it's very lean
and clean
68[01:00:54] <Brigo> i use mate, i move the botton bar to the
top, i think there is much better.
69[01:00:59] <roycroft> but i'm not married to the idea
70[01:01:27] <roycroft> i'm use to mac os
71[01:01:27] <Brigo> roycroft, i change windows with alt+tab, i
think it is pretty easy.
72[01:01:45] <roycroft> i switch windows with ctl-number on mac
os
73[01:01:46] <Brigo> i think is a gnome default, mate come from
gnome 2
74[01:02:01] <roycroft> if i can change the behavior then
i'll stick with mate, for now at least
75[01:02:20] <roycroft> i'd like to make it look and
function as much like macos as possible
76[01:02:37] <roycroft> since i'll be switching back and
forth between this machine and macs all the tiem
77[01:02:41] <scrul00se> I have a puzzle: Using an automated
nightly backup system that needs to run as root, which uses a
passphrase-protected ssh key to push to a regular account on a
remote server... My goal is a user-transparent way to have the
passphrase retrieved from a keyring (keepass? gnome-keyring?) and
passed to a long-running root-owned agent (eg Funtoo's
"keychain" in a reasonably secure way when the user logs
in to the DE.
78[01:02:48] <roycroft> i can't make mac os look like a
linu desktop
79[01:02:54] <Brigo> roycroft, you can configure shorcuts.
80[01:02:57] <roycroft> so it's best to make the linux
desktop look like mac os
81[01:03:36] <roycroft> i'll look into that, and into
moving the window manager bar to the top
82[01:03:56] <Brigo> i have heart about desktop environment
just like that.
83[01:03:57] <roycroft> i just got this machine working today -
it's been a struggle getting dual boot with windows working
84[01:04:06] <roycroft> i don't do dual boot much
85[01:04:15] <scrul00se> Thus far, I have keychain working
nicely, with an autostart entry that uses sudo to launch keychain,
but having to paste the password into a terminal window is not
ideal.
86[01:04:15] <roycroft> and have never done it on uefi before
87[01:04:35] <Brigo> i have a bar in the top and other, thick
one in the left side.
88[01:04:40] <sney> scrul00se: look at sudo's NOPASSWD
option for specific commands
89[01:04:49] <roycroft> the machine is functional enough that i
can take it out in the field and do work now
90[01:04:59] <roycroft> which was my immediate need
91[01:05:10] <roycroft> now i can work on tweaking it to my
liking
93[01:05:29] <scrul00se> sney: Yep, got that in effect already,
which skips the sudo prompt and gets you to the "unlock this
ssh key" prompt.
94[01:06:59] <sney> passphrases are pretty pointless when
it's a machine talking automatically to another machine, I
assume there's some reason the ssh key needs to have one?
101[01:10:21] *** Quits: BrianG61UK (~BrianG61U@replaced-ip) (Remote host closed the connection)
102[01:10:26] <sney> seems a bit belt-and-suspenders, but ok.
hm. maybe right now, focus on getting the password manager or
equivalent to spit out the passphrase via a script. then once you
have that part working, combine it with the existing sudo kludge to
form backup voltron
104[01:11:55] <scrul00se> I'm wondering about, say,
gnome-keyring's default keyring, which can be set to unlock on
user login. Assuming I can pull the passphrase from that from a
shell, can I expect simply piping it to "sudo keychain load
<key-file>" work? And, like, not result in the passphrase
displaying in-the-clear in ps or something?
110[01:13:12] <scrul00se> sney: fair point, at least in terms of
"will it work". Does anybody see any egregiously obvious
security "don't" there?
111[01:14:30] <sney> aside from the academic question of
"if the computer can unlock the encryption on its own without
user intervention, then was it ever truly encrypted", not
really.
112[01:14:38] *** Quits: Haudegen (~quassel@replaced-ip) (Quit: No Ping reply in 180 seconds.)
113[01:14:47] <greycat> not really academic
114[01:15:04] <sney> particularly since it's an oddball use
case, so you're going to be touching every piece individually.
115[01:15:25] <scrul00se> The user does unlock it, though, when
they provide their password to log in to the DE
122[01:21:49] <scrul00se> Since this whole exercise is,
admittedly, a bit belt-and-suspenders, I'm inclined to regard
having this passphrase in a keyring that's protected only by
the desktop login password and unlocked transparently when the user
logs in as "good enough".
123[01:22:24] <sney> it really depends on what you're
hardening against
124[01:24:07] <sney> if your main threat vector is "laptop
theft" or equivalent, then that meme where someone has locked
their door with a cheeto springs to mind, unless you're also
using luks
125[01:26:45] <sney> really, the point of a passphrase is to
require user consent to decrypt whatever the thing is. if
you're abstracting the passphrase from the user context
entirely, then it becomes pointless, and you should run borgbackup
via cron with passphrase-less keys like a normal person
127[01:27:10] <sney> but also: whatever, it's your
computer, and figuring out how to do this will at the very least
make you better at all of the steps involved
134[01:33:40] <scrul00se> The threat model insofar as I have one
is basically "if an attacker steals the machine or gets shell
through a zero-day browser exploit or something, how high can I
raise the bar against them deleting or ransomware-ing the backups?
(which are indeed borgbackup)
140[01:35:46] <scrul00se> Making the ssh key inaccessible after
a reboot or power loss by passphrase-protecting it and having the
unlocked key only in root-owned memory seemed like it would raise
that bar a notch.
147[01:38:04] <scrul00se> petn-randall: sort of. Turns out you
can "append" things like delete commands, which will then
be honoured on the next schedule pruning pass.
162[01:49:19] <n4dir> i would think for such an encrypted
installation is the way to go.
163[01:49:55] <n4dir> cause as soon the machine is stolen the
attacker could boot from a live and reset the user password quicky.
I probably look at it from the wrong perspective
164[01:50:11] *** Quits: Space_Man (~Space_Man@replaced-ip) (Remote host closed the connection)
165[01:50:28] *** Quits: auk (auk@replaced-ip) (Max SendQ exceeded)
166[01:50:48] <scrul00se> But also yes, I acknowledge that
outside of the "to see if I can", the combination of LUKS
and a passwordless ssh key in only-readable-by-root directory on
disk is adequate and sensible.
169[01:52:26] <scrul00se> n4dir: My thinking is that in
rebooting to live, even without LUKS, if the unlocked password was
only in root-owned RAM it's long-since flushed by the time the
live system is up, so then, even without LUKS they need to get past
the passphrase to use that key to compromise the backups.
170[01:52:51] <scrul00se> er, unlocked ssh key, that is. Sorry.
171[01:53:05] <n4dir> i don't know gnome-keyring or
borgbackup, but if i use an ssh-key once it gets stored in
ssh-agent, and later i can use it passwordless. I don't
understand why one would need to "copy" something from
gnome-keyring
172[01:53:30] <n4dir> scrul00se: ah, like that. ok, as said,
just wondering over here, not saying anything.
176[01:55:41] <scrul00se> No worries! I am genuinely open to
"that won't work because X" input too if you've
got it.
177[01:56:06] <n4dir> scrul00se: but wait. You say you
automatically start gnome-keyring after login. So after reset of
password, reboot, login, he will have access, no?
179[01:57:22] <scrul00se> Nope. Attacker would have to actually
know the old password in order to provide it to gnome-keyring.
It's *transparent* at user login, but the process is actually
that the same password is used separately for both.
180[01:58:27] <n4dir> i think i see. confusing for sure. Good
luck
181[01:58:43] <scrul00se> So they can's use the ssh key
directly 'cause it's passphrase-protected, and they
can't get the passphrase out of the gnome-keyring without the
owner's original login password.
182[01:58:58] <scrul00se> s/can's/can't
183[02:00:13] <scrul00se> (In real life, the ssh key is also in
only-readable-by-root directory on a system with LUKS, so the
*necessity* of my puzzle is very doubtful.)
186[02:01:38] <n4dir> 3 of my old laptops were stolen a month
ago. I don't have any useful/private data in git repos on the
one hand. And on the other i doubt anyone who steals 10+ year old
laptops has a clue what ssh is.
187[02:02:19] <n4dir> probably some junkies. The Zippo on the
desk was more worth than those laptops. And the midi keyboards for
sure. lol
189[02:02:54] <scrul00se> Haha! Probably true. I'm both a
privacy fanatic and the kind of person who finds dreaming up attack
scenarios and figuring out how to thwart them kind of fun. ;-)
190[02:03:32] <scrul00se> Sorry about the laptops though. Even
with being ancient machines, that sucks.
191[02:03:34] <n4dir> yeah, not saying i shouldn't have
done it. Doesn't hurt to do it the right way. I didn't use
luks as i use laptops only at home. Now am a bit angry for that
192[02:04:05] <n4dir> they could hardly use a WM, web-browsers
not at all. Sure, still sucks a bit, but no loss of €
193[02:04:10] * scrul00se is no stranger to having to learn lessons
the hard way. Sometimes several times before it sticks.
587[10:17:16] <DomasTux> How do i get debian bullseye?
588[10:17:43] *** Quits: gjerich (~quassel@replaced-ip) (Remote host closed the connection)
589[10:17:47] <Haohmaru> don't you wanna wait till it comes
out first?
590[10:17:56] <DomasTux> No, i need the new kernel.
591[10:18:08] <Haohmaru> !bullseye
592[10:18:08] <dpkg> The release following Debian 10
"Buster" is codenamed "Bullseye" (Woody's
horse in Toy Story 2) and will be Debian 11. It is the current
"testing" release. Remember that testing is called testing
for a reason; good bug reports with patches are greatly appreciated!
replaced-url
673[11:48:43] <premoboss> hello, i am tryin to TOTALY silent the
boot message at startup. i already recompiled kernel to silet it
more than pssible. but during vbbot, i still have message as "[
OK ] Started Network Time Synchronization." or "[ OK ]
Started Update UTMP about System Boot/Shutdown.". I try to
change parameters into /etc/systemd/system.conf but no wat to shout
up those messages. somehone can give me suggestion? thanks?
716[12:24:48] <eb0t> ok looks like i am sorting it ..fsck on the
disk is now running
717[12:28:48] <premoboss> eb0t, it seems you nasve problem on
file system... if worse, the physical storage is damage. rebbot with
a live distro adn do fsck on all partitions of yout storage device.
718[12:29:28] <eb0t> yes ...the fsck has kind of fixed
things...not sure how much yet ..but i think im gonna have to
replace the disk
719[12:29:31] <eb0t> soonish
720[12:30:38] <ratrace> eb0t: you can check the SMART data for
any indications of failure (noting that no indications doesn't
mean it isn't failing). smartclt from smartmontools
(--no-install-recommends to avoid halfa MTA installed if you
don't want it)
721[12:30:40] <premoboss> soonish is too late. if you care your
data, as soon as fsck is done, shut down , reboot witha live cd,
mount read-only the partition you want to backup and save them.
722[12:31:10] <eb0t> no what i mean is that i have all files on
a fileserver which is fine
725[12:31:26] <eb0t> so as long as i can boot and retrieve and
do some work ill be ok for a good while
726[12:32:23] <eb0t> so i have fileserve on different
machine...backup on different machine also ...and then this machine
is just an interface to use to work from
727[12:32:33] <ratrace> keeping proper backups is always
important. no backups == the data is not valuable.
728[12:32:49] <eb0t> yes...i once lost everything a few years
ago...
729[12:32:57] <premoboss> ratrace, <3
730[12:33:01] <eb0t> since then i back up daily ..probably
several times a day
757[12:40:57] <f-a> because I want to modify those
758[12:41:13] <ratrace> ah I see. and with sudo vim, tabbing
doesn't give you options?
759[12:41:18] <f-a> nope
760[12:41:47] <ratrace> right. well, check the permissions on
the folder. tab completion is done _before_ sudo is executing vim,
as your userr, so if your user doens't have permission to look
into that folder, it won't autocomplete.
761[12:42:30] <ratrace> alternatively run sudo -i to become
proper root, and run vim on the files
762[12:43:08] <f-a> oh
763[12:43:16] <f-a> sudo -i, excellent, thanks
764[12:43:53] <ratrace> sudo -i or su -l , same effect but
different passwords asked.
765[12:44:24] <f-a> I thought -l listed my avl commands
766[12:44:29] <f-a> but -i works like a charm, thanks
798[13:03:22] <quadrathoch2> strk you probably mean dpkg ;).
afaik, mail is nice as it's trying to send over mails for
multiple hours before it gives up. but read into that :/ there is
just a distant memory
816[13:20:06] <Razva> hello. I've just finished installing
Debian LXQT, everything is fine, except the fact that networking is
managed by "connman". Never used it before.
817[13:20:22] <Razva> How can I remove "connman" and
go back to the "normal" /etc/network/interfaces settings?
820[13:22:19] <ksk> Razva: what does "apt-get remove
conman" give you? If it does not lead to "LXQT"
components being removed, you might be good to go (and end up
without networking)
821[13:22:51] <Razva> yeah, just removed it and rebooted,
I'm curious if I'll have networking :)
822[13:23:27] <Razva> yyyyyyyyyyyup, it seems fine
823[13:23:41] <ksk> In general: If package connman would have
provided the critical service "networking", and you then
remove it, apt would install another package fitting that role
automagicly
902[14:15:22] <ratrace> the only "overhead" is in
actual encryption, which is CPU bound and with every modern CPU
having AESNI, the default aes cipher will be far far faster than
your sata3 6gbps can put through
903[14:16:05] <ratrace> (ie LUKS can saturate sata3 just fine)
904[14:16:37] <Razva> what do you think about VeraCrypt?
905[14:18:10] <ratrace> never really used it, LUKS works for all
my needs
906[14:18:58] <ratrace> bbl, lunch
907[14:19:43] *** Quits: conta (Thunderbir@replaced-ip) (Quit: conta)
912[14:23:44] <ksk> ratrace: I cannot deny anything of what you
said - but what would then be the reason for having an "In
filesystem encryption", if not for performance? *confused*
913[14:24:32] <ksk> Razva: Regarding Veracrypt: It was forked
off Truecrypt, and that project ended in a really strange state.
/tinfoil-hat
918[14:26:19] <Lope> damn. I just hosed one of my computers.
919[14:26:31] <ksk> It was discontinued by the unknown authors,
with the remark "WARNING: Using TrueCrypt is not secure as it
may contain unfixed security issues." - see the webz.
920[14:26:47] <Lope> The one that I was setting up the other
debian install on a flash drive from.
921[14:26:57] *** Quits: szorfein (~daggoth@replaced-ip) (Remote host closed the connection)
925[14:27:48] <Lope> So I repeated the rsync command just to see
how fast it would compare the meta-data etc. which included a
--delete and --delete-excluded
926[14:27:52] <Lope> hosed the whole PC hahahahahaha
929[14:28:21] <oiaohm> Razva: and the Veracrypt following code
audit when they took over found quite a few problems.
930[14:28:24] <Lope> nothing on it but still a waste of time.
it's one of these microsoft devices with special backdoor
partitions that have to be there or it won't boot.
934[14:30:25] <oiaohm> ksk: to be correct the message "is
not secure as it may contain unfixed security issues." text is
one of the historic standard texts for a security project coming non
maintained. That line of text is older than TrueCrypt.
935[14:31:16] <oiaohm> Sometimes recycling odd style messages
are not suitable for current time and just cause confusion.
940[14:35:59] <Razva> Well, that's it I guess... I'm
not doing NextCloud on this setup.
941[14:39:54] <ksk> oiaohm: oh, that is an interesting remark.
So that message containing three words which staring letters make up
"N S A " is not a hidden message? :P
964[15:18:58] <Lope> hey guys can you please help me with
getting my surface pro 2 to boot linux again?
965[15:19:05] <oiaohm> ksk: there are other project discontuine
messages contained three word starting with N. S. A. So that could
be luck.
966[15:19:07] <Lope> I accidentally deleted my EFI
partition's files.
967[15:19:46] <Lope> I've got the surface pro 2 windows
recovery zip file that has EFI directories in it, which I've
copied back into the efi partition.
968[15:19:58] <Lope> But grub install complains when I try
install grub
976[15:29:46] <ratrace> ksk: "in filesystem
encryption" permits per directory or per file, not better
performance, in fact if anything, it's worse due to mapping
overhead
1014[15:59:19] *** Quits: beelzebuzz (~rasputin@replaced-ip) (Remote host closed the connection)
1015[15:59:29] <Razva> I'm trying to install lxqt on a new
(other system) but I'm getting "Unable to locate package
lxqt". Any hints? Am I missing a repo maybe...?
1016[15:59:38] *** Quits: towo^work (~towo@replaced-ip) (Remote host closed the connection)
1062[16:09:15] <Razva> oook, executed update and upgrade
1063[16:09:46] <Razva> I'm ready a lot about lxqt vs xfce.
The idea is that this machine will be used in order to run Firefox,
LibreOffice and Telegram. And that's it.
1064[16:10:10] <Razva> It has plenty of RAM and CPU, but I see no
reason to install a full-blown KDE/GNOME.
1068[16:10:56] <Razva> A lot of threads insist that the vast
majority of apps are written for GTK not for QT and that the user
might have issues with LXQT.
1069[16:11:01] <Haohmaru> there's also LXDE btw
1070[16:11:01] <quadrathoch2> it's a preference honestly,
xfce builds ontop of gtk and lxqt on Qt. I do like xfce more as
it's mature, lxqt is still in development
1071[16:11:04] <Razva> What do you think?
1072[16:11:16] <jelly> try one, use it for a couple weeks, then
try the other
1073[16:11:45] <jelly> gtk apps WILL work on a Qt DE and vice
versa.
1074[16:11:53] <Razva> ok
1075[16:12:05] <Razva> it seems that the majority of users prefer
xfce
1099[16:23:53] <Razva> if anybody is interested: lxqt installs
1283 packages totaling 3231 MB of space, while xfce installs 1106
packages totaling 2544 MB of space
1100[16:24:34] <Razva> I'm going with Xfce just because most
users seem to do so...
1117[16:35:23] <ratrace> that only swings in favor against xfce.
that's 2:1, no xfce so far, which makes it 33% of users using
xfce, by polls so far. not really "most" :)
1128[16:39:02] <EdePopede> is multibootusb a good method to
create a multibootstick from debian? installed it from upstream then
the few dependencies and at least it starts.
1137[16:43:39] <Lope> So I accidentally erased my EFI partition.
Messing with this EFI stuff is new to me. Previously I had just left
what Microsoft had left there and grub seemed to know what to do
with it.
1140[16:44:44] <Lope> Rather than nuking my whole linux
installation etc overwriting it with windows and then using some
linux installer etc. I decided to try the linux tools. rfind-install
and the normal grub efi stuff.
1141[16:45:10] <Lope> The good news is update-grub runs without
errors now, and grub actually boots.
1143[16:45:28] *** Quits: lupulo (~lupulo@replaced-ip) (Remote host closed the connection)
1144[16:45:42] <Lope> the bad news is the only item in my grub
menu is "System setup" which goes to the hardware UEFI
system setup screen.
1145[16:45:48] <Lope> No kernels etc are listed.
1146[16:46:04] <Lope> But I just realised I need to reinstall my
kernel packages so that they get populated in my /boot
1147[16:46:08] <Lope> then it'll probably work.
1148[16:46:28] <jelly> EdePopede: there is no "good"
method to make d-i boot other than writing it on the whole stick.
The code is a bit fragile and it may fail to find the iso in many
cases.
1188[16:53:25] <Lope> ratrace, aaah, i forgot to autoremove
1189[16:53:26] <Lope> thanks bud
1190[16:53:51] <ratrace> jelly: just step into the phoronix
cesspoo^W forum, stay a while. Get your vaccines first, that place
is..... filthy :)
1191[16:54:02] <jelly> Razva: that's just colors, in a
different place I think. I'm on KDE right now, not sure if
firing out xfce4-system-settings is going to work
1192[16:54:07] *** epsilonKNOT is now known as aishat
1193[16:54:34] <jelly> xfce4-settings-manager !
1194[16:54:42] <Razva> yeah I found those settings but only 2 or
3 change the "looks" (from XP to 95), the rest just change
the colors
1195[16:54:42] <jelly> see, I don't even remember how
it's called
1196[16:54:55] <Lope> After this mistake, I'm going to be
mounting my /boot/efi as ro
1197[16:55:01] <Lope> and probably also /boot
1198[16:55:12] <Lope> then just script it's remounting with
my updates.
1206[16:56:33] <Lope> ratrace, are you saying that I should mount
them automagically for those triggers
1207[16:56:37] <ratrace> Lope: yeah, no, you're right, ro
mount sounds better.
1208[16:56:48] <Lope> yeah, I like a good ro
1209[16:56:53] <Lope> then you can see what's up.
1210[16:57:16] <jelly> Lope: do you not have backups for this
system?
1211[16:57:35] *** aishat is now known as atammy
1212[16:57:46] <ratrace> Lope: you can have DPkg::Pre-Invoke and
::Post-Invoke /etc/apt/apt.conf.d/something triggers do that, but
that's gonna remount them on every apt action
1213[16:57:52] <Lope> it's not my workstation, it's a
experimental laptop.
1214[16:58:27] <ratrace> Lope: for example I use those triggers
to remount /tmp (no)exec. Stupid apt needs /tmp exec .......
1215[16:58:35] <ratrace> actually dpkg does, not apt
specifically.
1216[16:58:49] *** Quits: gryffus (~gryffus@replaced-ip) (Quit: This computer has gone to sleep)
1217[16:58:58] <Lope> ratrace, well my upgrade is scripted, so I
can remount for every upgrade
1218[16:59:01] *** debhelper sets mode: +l 1196
1219[16:59:18] <Lope> although actually, some installs cause an
initramfs-update to happen.
1220[16:59:20] <jelly> ratrace: hmm! apt might benefit from a
private tmp there.
1221[16:59:31] <Lope> So I suppose it should happen for apt
install as well as apt upgrade
1222[16:59:48] <ratrace> jelly: like a namespace similar to what
systemd does? indeed.
1223[16:59:52] <Lope> ratrace, lol. now that I think about it.
apt remove can also cause it.
1224[16:59:56] <ratrace> an unshare just for the apt run.
1225[17:00:00] <Lope> so basically anything other than apt
update.
1226[17:00:28] <ratrace> Lope: an install of <apparently
unrelated> package could trigger update-grub or update-initramfs.
1227[17:00:44] <ratrace> really just remount it on each apt run.
a derpkg::post|pre-invoke does it
1228[17:02:14] <Lope> Amazing, looks like I fixed this surface
pro 2.
1229[17:02:34] <Lope> Now it's totally devoid of microsoft
binaries on the SSD.
1237[17:03:33] <samuelrajan747> I updated a xenial to focal by
running sed on the sources.list, does that method has any known
issues? I also took care of other ppa files inder sources.d.
1238[17:03:45] *** atammy is now known as epsilonKNOT
1268[17:12:54] <ratrace> you could try remove lxqt specific
packages (with lxqt in the name), install xfce task, and then
whatever orphans remain you could autoremove them or whatev
1269[17:13:35] <ksk> Razva: you can create a list of packages
"xfce*"; check them manually, then feed them to
"apt-get remove"
1270[17:14:14] <ratrace> and hell, I said the other way around.
yes, remove xfce, install lxqt-...
1271[17:16:37] <Razva> ok I'll just reinstall and call it a
day :)
1272[17:17:07] *** Quits: Kaboon (~Kaboon@replaced-ip) (Remote host closed the connection)
1314[17:27:46] <Razva> Wooowee. Didn't touched a Gentoo or a
Slack for like...10+ years.
1315[17:28:24] <jelly> Razva: people you're selling to
probably don't care which distro is underneath; Debian however
provides a more decent, or at the very least a MUCH wider platform
than CentOS if you're building a specific solution
1316[17:29:04] <ratrace> cPanel changes that a bit tho, with its
own compiling and installation of stuffs like php, mysql, ...
1317[17:29:23] <ratrace> (ie it brings to centos the width that
in itself it's missing, even with epel)
1318[17:29:23] <Razva> jelly: most shared-hosting customers have
no understanding on what a "webhosting account" involves,
they just want "a fast server and lots of email space".
1320[17:29:47] <ratrace> but now! .... ther'es centos
streams. haven't tried them out yet, but that's supposed
to bring extra, extra width to centos and clones and even RHEL
1321[17:29:56] <Razva> cPanel switched from compilation to rpms
3-4 years ago, finally.
1322[17:30:32] <ratrace> oh? shows how much I'm in the loop
with it then
1323[17:30:48] <jelly> Razva: if I were put in control of $work
web hosting, I'd migrate all the old centos 6 plesk stuff to
debian 10 plesk stuff in a jiffy
1335[17:33:14] <jelly> Razva: noone is stopping you from making
your own control panel ;-)
1336[17:33:32] <ksk> mhm there was a polish corp offering their
panel, and also offering hosting on it. wonder if they survived,
mhhm.
1337[17:33:55] <ratrace> we have our own control panel. our
clients don't even know what a control panel is :) we do
managed hosting.
1338[17:33:56] <jelly> it looks deceptively simple
1339[17:34:14] <ratrace> I concur.
1340[17:34:48] <Razva> well, us, small sellers, have no better
alternative than just "go with the flow". some mid-sized
companies tried to make their own CPs and...yeah...it's
"ok-ish", but none of them wants to share/sell their work
after paying tons of money
1341[17:35:07] <ratrace> you may think it's easy, you just
ahve some db, some users, a bit of postfix config, db config,
dns.... but.... under the hood there's a LOT going on
especially if you wanna do it properly with proper privsep in place
and not vector into root through http
1342[17:35:07] <Razva> I sell only unmanaged/cheapo
1343[17:35:48] <Razva> exactly, it's *not* simple at all,
we've tried once and when we've made the
calculations...heh...it was like...6 months profit...
1344[17:36:20] <ratrace> on the other hand, 100% control, much
better security, ...
1345[17:37:08] <Razva> I've convinced about ~200 clients to
move to plesk, but the vast majority (~2000) didn't agreed,
even after receiving a 50% discount for the first year. they just
didn't wanted to switch because "it was too different and
missed a lot of features" (which it doesn't, they are just
in different places)
1347[17:37:50] <Razva> heck, even today we're receiving
tickets from Plesk users complaining that they cannot use
java/tomcat apps and they want to go back to Plesk
1348[17:37:54] <jelly> Razva: customers don't like change.
They'll invent reasons after the fact.
1351[17:38:43] <Razva> the only solution is to find an
alternative and sell it to new customers. old customers usually
upgrade, so a new cp can be upsold. but that takes time.
1352[17:38:59] <Razva> and as long as I can't find a decent
cPanel alternative...well...:\
1357[17:40:05] *** s3xyl1nux__ is now known as S3xyL1nux
1358[17:40:16] <ratrace> Razva: no, it's our internal thing.
our customers have no access to it.
1359[17:40:23] <Razva> ah ok
1360[17:40:32] <Razva> so your customers don't have access
to any kind of control panel?
1361[17:43:50] <rootkea> Hello! I just installed Debian 10. I see
networking.service failing with "Failed to start Raise network
interfaces" message in boot log. Here's the relevant log
from `journalctl -xb`:
replaced-url
1362[17:44:15] <ratrace> Razva: they have some very limited
access into their account where they see billing and stats and
features activated
1363[17:44:23] <rootkea> From he log it seems this is related to
interface renaming?
1364[17:44:28] *** Quits: edlou (uid413273@replaced-ip) (Quit: Connection closed for inactivity)
1366[17:44:53] <rootkea> How do I fix this and should this be
fixed already in fresh install?
1367[17:44:56] <jelly> rootkea: pastebin the output of "ip
l" or tell us what your iface is actually called right now, and
whether it exist
1368[17:44:59] <jelly> s
1369[17:45:04] <rootkea> s/should/shouldn't
1370[17:45:18] <jelly> "shouldn't happen"
1371[17:47:18] <rootkea> jelly, ip -l o/p
replaced-url
1372[17:48:39] <jelly> thank you for providing a /raw/ link!
1373[17:49:12] <rootkea> :)
1374[17:49:56] <jelly> rootkea: it is interesting that
debian-installer configured with an iface named "eth0" and
that probably deserves a bug report, but the workaround is simple:
replace eth0 with enp1s0 in /etc/network/interfaces
1375[17:49:56] <Lope> Hey guys, I'm chrooted from ubuntu
with 5.4 kernel to fix my debian system, the debian kernel is a
different version number
1376[17:50:10] <Lope> dkms is trying to build looking in
/lib/modules for the wrong kernel version
1377[17:50:24] <Lope> how can I make dkms use the chrooted kernel
version?
1378[17:50:44] <jelly> Lope: dkms tool has command line options.
1379[17:50:58] *** Quits: TomyWork (~TomyLobo@replaced-ip) (Remote host closed the connection)
1380[17:51:03] <Razva> Lope: don't take my word on this, but
wouldn't it be more time-effective to just reinstall
everything? save your files on an external drive and start over
1381[17:51:13] <Lope> jelly, I'm not running dkms directly,
I just did apt remove --purge zfsutils-linux; apt install zfs-utils
linux
1387[17:51:54] <ratrace> Lope: I told you how in #zfsonlinux
1388[17:52:27] <jelly> rootkea: huh. If the live image uses
calamares as installer and not d-i, then yes. I have no idea how
installing from live works.
1389[17:52:39] <jelly> rootkea: actually, there's a better
way
1390[17:52:42] <jelly> !installation report
1391[17:52:42] <dpkg> from memory, installation report is
replaced-url
1392[17:54:42] *** Quits: erle- (~erle-@replaced-ip) (Remote host closed the connection)
1393[17:55:19] <rootkea> jelly, /etc/network/interfaces has
single line "source-directory /etc/network/interfaces.d".
So guess I should edit /etc/network/interfaces.d/setup which has
"eth0" twice?
1404[18:00:08] <Razva> rootkea are you using LXQT? I had the
exact same issue 6 hours ago :)
1405[18:00:19] <rootkea> xfce
1406[18:00:34] <jelly> that's a pretty standard default
config
1407[18:00:52] <Razva> yeah, do you have connman installed? if
yes, just `apt-get remove connman` and reboot
1408[18:01:24] <Razva> folks here's a question. is there any
way to make a realvnc/tightvnc/realvnc connection as snappy as a
RDP?
1409[18:01:25] <jelly> Razva: that's not going to change the
incorrect file.
1410[18:01:27] <rootkea> jelly, So shouldn't eth0 been
renamed already in interfaces.d/setup?
1411[18:01:39] <jelly> rootkea: it shouldn't have been named
"eth0" in the first place.
1412[18:01:49] *** Quits: Haudegen (~quassel@replaced-ip) (Quit: Bin weg.)
1413[18:02:06] <Razva> jelly: yeah, my issue this morning was
that basically connman was ignoring any settings I was making in
`interfaces` and I had no idea what was going on :)
1414[18:02:38] <jelly> Razva: this user has ifupdown working, as
seen in logs.
1415[18:02:41] <rootkea> jelly, So should I go ahead with
renaming eth0 as you suggested?
1416[18:02:46] <jelly> rootkea: yes.
1417[18:03:09] <Razva> ^ regarding my question. Same machine,
remote screen crawls on Xfce/Lxqt but was almost "instant"
(like local) with RDP. nothing changed regarding
hardware/networking/etc.
1418[18:04:14] <Razva> It's a KVM VM. Do I need to install
any extra stuff, similar with qemu-tools?
1419[18:04:22] <jelly> Razva: rdp is a better protocol than vnc;
that said there are lots of extensions for vnc to make things better
but most free linux vnc servers seem to not implement them
1422[18:06:35] <Razva> I'm now trying RealVNC, because -
from my findings - it's the most widely used commercial
product, but it's way way slower compared with rdp
1428[18:09:25] <jelly> rootkea: my wild-ass guess is that for
some reason live cd boots with a boot parameter that disables
"predictable interface names"
1435[18:15:26] <jelly> debian-live-10.6.0-amd64-xfce+nonfree.iso
4%[=> ] 123.66M 8.37MB/s eta 5m 18s # so slow!
1436[18:15:51] * jelly cheats with lftp and pget
1437[18:16:19] <jelly> there we go.
1438[18:16:31] <ratrace> lftp!
1439[18:16:36] <rootkea> jelly, Earlier I experienced a bug with
cryptsetup in 10 live image and reported the same against calamares
1440[18:17:12] <blurkis> why did debian drop ifconfig for ip
command? That decision went over my head, and I just cant get the
hang of using ip command, hahahaha
1441[18:17:14] <rootkea> Guess there are lot of differences
between default and live iso installation
1442[18:17:46] *** Quits: gjerich (~quassel@replaced-ip) (Remote host closed the connection)
1443[18:18:14] <quadrathoch2> blurkis because ifconfig is
deprecated, nobody wanted to take over
1444[18:18:16] <another> net-tools been deprecated for more than
a decade
1445[18:18:33] <quadrathoch2> Ahh that was the name of the
package
1446[18:18:42] <jelly> blurkis: Debian caught up with changes
made 20 years ago, around kernel 2.4 when "ip" appeared
and net-tools (ifconfig) got deprecated
1447[18:19:50] <jelly> blurkis: "ip a" is shorter than
"ifconfig -a"!
1448[18:20:17] <rootkea> I have another startup service
systemd-backlight@backlight:intel_backlight.service failing with
"Failed to start Load/Save" Screen Backlight Brightness of
backlight:intel_backlight." Here's the relevant log from
journalctl -xb:
replaced-url
1449[18:20:20] <jelly> you can still install net-tools if you
want them. They are maintained again for some reason.
1464[18:25:12] <dpkg> Newer kernels for Debian stable releases
are available from the <buster-backports> repository. After
modifying your sources.list, run «apt update». To
install the current backported kernel: «apt -t
buster-backports install linux-image-`uname -r|sed
's,[^-]*-[^-]*-,,'`». To list available backported
kernel image packages: «aptitude search
'?narrow(~nlinux-image,?origin(Debian Backports))'».
1471[18:31:51] <blurkis> jelly: for sure. "ip a" is
shorter. but ifconfig is whats stuck in my old dinobrain. Relearning
seems to be impossible, *sigh*
1505[18:41:45] <dpkg> Request For Package (RFP) is the way to ask
for a piece of software to be included in Debian. See
replaced-url
1506[18:41:46] <petn-randall> EvanCarroll: It first gets uploaded
by a maintainer to unstable, and if there are no release-critical
bugs found it will usually migrate to testing after 10 days. It can
be quicker for urgent packages, and slower if a library migration
blocks it.
1507[18:42:03] <EvanCarroll> n4dir: so then the hold up on
everything is getting it into unstable.
1508[18:42:05] <EvanCarroll> That's fair.
1509[18:42:31] <EvanCarroll> So is there a metohd to help out, a
lot of the pacakges in debian unstable are old as poop.
1516[18:44:15] <n4dir> i guess this could be answered by the
do-ocracy approach of debian. The package gets updated whenever
it's maintainer thinks the time is right (might be: he has the
time)
1517[18:44:18] <jelly> EvanCarroll: first, verify which versions
are in unstable, and whether the maintainers are active; then ask
the maintainer team whether they need help; you can become a debian
maintainer and help with some of those
1519[18:44:32] <n4dir> So to help out you'd want to become a
maintainer.
1520[18:44:54] <jelly> EvanCarroll: do you have any specific
packages in mind?
1521[18:44:59] <n4dir> or help the maintainer, as jelly pointed
out
1522[18:45:33] <rootkea> jelly, Since I have used non-free iso I
see many non-free packages in vrms o/p. How do I know Which of these
firmware packages am I using so that I can install bpo of them? I
used `journalcrl -xb | grep firmware` and installed 3 packages. Am I
missing something?
1543[18:50:19] <ratrace> sounds like Debian is totally not for
your
1544[18:50:21] <ratrace> *you
1545[18:50:31] <ratrace> !sns
1546[18:50:31] <dpkg> Shiny New Shit Syndrome is a serious
disorder, which usually breaks out into an epidemic every time
something new is released. If you have SNS, ask me about
<backports> and <ssb>; these are better options than
upgrading to <testing> because it is a <moving target>.
1551[18:51:42] <EvanCarroll> jelly: I guess that's a valid
point. buildah doesn't publish the minor releases in their
changelog, so I have no idea what the status of that is.
1556[18:52:25] <jelly> right there in the changelog
1557[18:52:55] <EvanCarroll> Ok, point taken. I retract my poop
statement. I'm willing to frame 5 months behind as old-as-poop,
but certainly not 3 months. =)
1558[18:53:29] *** Quits: asymptotically (~asymptoti@replaced-ip) (Remote host closed the connection)
1559[18:53:48] <jelly> that said, go packages are ... speshul, I
hear
1560[18:53:51] <EvanCarroll> I was using this changelog,
replaced-url
1581[18:57:05] <ratrace> rpm spec is walk in the park on a nice,
late summer afternoon (think september, neither hot nor cold).
packaging for deb is what Matt Damon had to do in Martian
1585[18:57:29] <n4dir> i think that often upgrading a package if
there already is a package in Debian, that is the whole /debian
file, ... it can be easy.
1588[18:57:41] <n4dir> probably not the worst way to start with
it. But i forgot all about it
1589[18:58:00] <n4dir> sorry the debian/ folder, not file
1590[18:58:06] <ratrace> strike one
1591[18:58:08] <EvanCarroll> that analogy just won the day.
1592[18:58:12] <n4dir> ratrace: ha ha
1593[18:58:13] <EvanCarroll> mic drop.
1594[18:58:19] <rootkea> So I am now on 5.8.0-0.bpo.2-amd64 but
still startup service
systemd-backlight@backlight:intel_backlight.service failing with
"Failed to start Load/Save" Screen Backlight Brightness of
backlight:intel_backlight." and When I login into xfce, the
brightness is at max.
1595[18:58:20] <ratrace> (see you already stroke with deb pkg)
1596[18:58:25] <jelly> EvanCarroll: if you really want to package
for Debian, then the mentors channels is right for you
1597[18:58:27] <jelly> !mentors
1598[18:58:27] <dpkg> i guess mentors is the system the Debian
project uses to train new people to become Debian Developers or
Debian Maintainers and get their packages into the Debian archive.
Ask me about <nmg>.
replaced-url
1599[18:58:44] *** Quits: Emmanuel_Chanel (~Emmanuel_@replaced-ip) (Remote host closed the connection)
1603[18:59:21] <jelly> EvanCarroll: if however you just want to
learn about packaging in deb format for your own needs, then you
probably want #packaging also over there on OFTC
1604[18:59:35] <ratrace> I tried the mentorship route for Ubuntu
once. dropped it after their own tools didn't work.
1605[18:59:42] <sussudio> does #packaging do christmas presents?
1679[19:39:17] <dpkg> Shiny New Shit Syndrome is a serious
disorder, which usually breaks out into an epidemic every time
something new is released. If you have SNS, ask me about
<backports> and <ssb>; these are better options than
upgrading to <testing> because it is a <moving target>.
1685[19:43:37] <unixbsd> sns ;) funny description, works with
systemd ?
1686[19:44:58] <ratrace> in what way?
1687[19:45:01] <unixbsd> !sns
1688[19:45:01] <dpkg> Shiny New Shit Syndrome is a serious
disorder, which usually breaks out into an epidemic every time
something new is released. If you have SNS, ask me about
<backports> and <ssb>; these are better options than
upgrading to <testing> because it is a <moving target>.
1689[19:45:35] <unixbsd> ratrace: nothing special about it, to
mention.
1690[19:46:17] <ratrace> you're not making any sense
1709[19:55:30] <rootkea> Is there any standard regarding which x
files dm has to source?
1710[19:57:26] <greycat> The DM doesn't read any.
1711[19:57:26] <unixbsd> .xinitrc is the oldest one, based on
free X, Xorg. .xsession came later for modern desktops. freedesktop
might be interesting to keep track.
1712[19:57:46] <greycat> The session that's launched BY the
dm may read some. Debian patched things to use ~/.xsessionrc
1713[19:58:17] <greycat> Debian also patched their session to
read ~/.xsession even when started by startx, so you don't have
to keep both a .xinitrc and .xsession
1714[19:59:26] <unixbsd> startx still uses .xinitrc on debian.
luckily, we go !sns ?
1715[19:59:40] <greycat> yes, it will use .xinitrc if there
isn't a .xsession
1716[20:00:10] <unixbsd> startx shall use .xinitrc only. point.
this is tragedy to change old reliable unix things.
1717[20:00:24] <greycat> ... no, startx *ON DEBIAN* will read
either .xsession or .xinitrc
1729[20:03:48] <greycat> If you're only on Debian (e.g. your
$HOME is not shared with any other systems), then you can simply use
.xsession and that will work for both startx and DM-launched Debian
X sessions.
1730[20:04:18] <greycat> That's why they made the change. So
you would only have to maintain the one file.
1733[20:07:46] *** Quits: short-bike (~short-bik@replaced-ip) (Quit: And, on that note....)
1734[20:09:11] <rootkea> I want to turn off he beep (the one
which is heard if we press backspace in login box or down-arrow on
last row in thunar). I put `xset -b` in .xsessionrc which switched
off the bell inn thunar.
1735[20:09:27] <rootkea> How do I disable bell in lightdm login
box?
1738[20:11:40] <rootkea> I remember setting xset -b in .xprofile
in my previous setup. But now it turns out that Debian tweaks
lightdm to ignore .xprofile
1759[20:25:56] <rootkea> jelly, I just installed Debian 10.6.0
live again in VM and faced the same eth0 issue. Clearly a bug with
live media installation.
1791[20:43:52] <Razva> do I need any special viewer or is the
RealVNC Viewer fine?
1792[20:44:19] <sney> rdesktop is the standalone client, there
are lots of others
1793[20:44:25] <MsK`> hello, I have a very weird bug. I'm
trying to install xapian-core but apt-get says it doesn't know
about it. I'm running an up to date buster so according to the
package website, it should be there:
replaced-url
1841[21:16:11] *** Quits: bamdad (~bamdad@replaced-ip) (Remote host closed the connection)
1842[21:16:14] <Paerox> Simple question about Docker: When I look
at images at hub.docker.com from linuxserver.io, why is it that
docker-compose is recommended over docker cli?
1867[21:46:39] <quadrathoch2> Paerox it's easier for you, as
it's kinda documentation and running at the same time. as you
wouldn't know what command you typed in 100% for your container
(if you need to respin it for the newest version)
1918[22:44:38] <tinga> Hi. What can I do when I get "Maximum
number of clients reached" from X? This is driving me crazy. I
always reach this after a few weeks of uptime.
1922[22:46:59] <petn-randall> tinga: Where do you get this error?
1923[22:47:41] <tinga> petn-randall, this is the X client library
reporting that. I see it from programs opening an X connection when
run from the terminal, or it is written to ~/.xsession-errors
1925[22:48:05] <tinga> Opening new tabs in firefox then makes the
tab crash, I can't open new terminal windows, etc., until I
close some other windows. And I don't have so many open,
really, it always appears as if it gets increasingly worse, so it
might be some leaking somewhere.
1926[22:48:48] <tinga> I did find other people having that issue,
though, IIRC, when I was googling around months ago (and
couldn't find a solution).
1927[22:49:01] <tinga> Now I'm at the point where I simply
patch X myself and rebuild, I've had enough.
1929[22:49:35] <greycat> googling it gives me a thread from
Ubuntu, 10 years ago, and indicates that browsers can open a bunch
of client connections
1930[22:49:36] <petn-randall> tinga: Did you check the amount of
open connections?
1931[22:50:21] <petn-randall> I'm guessing that the limit is
somewhere around 32k, so it might be that you have stale connections
build up with time from a specific program.
1932[22:50:22] <tinga> Xorg is using 163348 KB RES, no prob with
my 12 GB of RAM.
1933[22:50:25] *** Quits: platvoeten (~platvoete@replaced-ip) (Remote host closed the connection)
1934[22:50:27] <tinga> Let me check lsof
1935[22:50:49] <petn-randall> I'm not talking memory,
I'm talking open connections.
1936[22:50:51] <greycat> According to the threads I'm
seeing, the limit is/was 256.
1937[22:51:13] <tinga> Xorg has 1844 file handles; most of them
"/drm mm object"
1967[22:59:25] <greycat> I've got firefox using 11, and I
have a *lot* more than 11 tabs open in it, although I don't
know if all of the tabs are fully loaded
1968[22:59:29] <tinga> And so what, nothing real on the system is
running close to a limit.
1969[22:59:37] <tinga> So I just want that limit to be higher.
1987[23:07:52] <n4dir> all that sounds like a very strange
solution to a problem not that clear. But what do i know
1988[23:08:12] <jmcnaught> tinga: I don't know exactly what
sux is, I can't find it in Debian, but maybe it is related to
your issue? Have you considered using firefox profiles? ("-P
-no-remote" for example)
1989[23:08:24] <n4dir> jmcnaught: i recall it from the long gone
past
2007[23:14:37] <tinga> I combine that with using rxvt using a
separate X connection for each terminal.
2008[23:14:59] <tinga> I've been using Linux for 20 years
and this is my way of working and I think it's valid.
2009[23:15:29] <tinga> So I don't care if people using
gnome-terminal and not separating their firefox usage don't run
into this issue, I care that it's limiting my usage.
2022[23:32:13] <tinga> "xlsclients | wc -l" increases
by 1 for an xeyes instance, "ss|wc -l" by 2, regardless
whether I start it as my main user, or from root via "sux
$someotheruser xeyes".
2036[23:37:46] <greycat> I don't think this is the solution.
If firefox or chromium is using too many connections, and you raise
the limit by 300, what's to stop FF from just using another
300?
2046[23:40:56] <tinga> greycat, `xlsclients | wc -l` definitely
goes up by 1 for each tab that has a page open, for me. Note that it
only uses the new connection once it actually loads something, not
for the empty tab.
2047[23:41:18] <tinga> Is it different for you?
2048[23:41:27] <greycat> now I'm afraid to find out
2050[23:42:46] <jmcnaught> "xlsclients | grep firefox | wc
-l" started at 12 for me, I've opened four new tabs, the
count is still 12. I have 71 tabs total open, most are not loaded.
2051[23:43:06] <tinga> jmcnaught, but did you load some url in
those 4 new tabs?
2063[23:50:55] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
2064[23:50:55] <jmcnaught> tinga: this was with firefox-esr
78.4.1esr-1~deb10u1 but I just noticed that 78.5.0esr-1~deb10u1 is
available. For add-ons I use noscript, uMatrix, decentraleyes,
firefox multi-account containers
2068[23:55:28] <jmcnaught> tinga: when I restarted firefox after
the upgrade "xlsclients | grep -c firefox" was 8, after
loading a couple dozen tabs it's now at 12 again but definitely
not one client per tab for me at least.
2069[23:56:00] <tinga> Thanks. I've just installed your
add-ons except for noscript & uMatrix, checking
2070[23:56:36] <tinga> No change.
2071[23:57:42] <tinga> BTW, same thing when I run firefox as my
main user (no involvement of sux)