19[00:08:42] <ikonia> anyone using fustigit on debian buster ?
I need to meet it as part of a build dependency, can't see any
stand alone packages so considering the pros and cons of the
different sources to get it, the gem seems the best bet
21[00:12:43] <Stonefruit> iflema: no need for an install party,
what I already have installed is causing me a headache :)
22[00:13:47] *** Quits: Bjornn (~Bjornn@replaced-ip) (Remote host closed the connection)
23[00:13:47] <jmcnaught> ikonia: there is a gem2deb package
that may be useful. If you do install the gem I recommend against
installing it globally or as root. There is a bundler package in
Debian, you can use that to install gems in a local context
per-project.
113[01:15:02] <themill> Akuw: I'm sure pitivi can output to
different aspect ratios. No tool can magically change the video
aspect ratio however. Just like you can't change the aspect
ratio of a piece of paper on your desk without doing something
drastic to it.
115[01:15:57] <themill> You basically have 3 options: Stretch it
so that it is distorted. Cut off the top and bottom. Put black bars
on the sides. None of these is a good option.
208[03:00:27] *** Quits: ghost43 (~daer@replaced-ip) (Remote host closed the connection)
209[03:00:51] <sney> "dark mode" as a concept is a lot
newer than most common linux applications. there's some effort
to catch up, but some legacy stuff doesn't even have a way to
do it
225[03:12:55] <Akuw> i need to know in my virtualbox machine
226[03:14:07] <sney> ah. virtualbox guests need to install the
guest additions in order to be able to resize the window.
227[03:14:40] <sney> debian can't distribute the guest
additions, but you should be able to mount the guest additions iso
using one of the virtualbox menus. from there, you can run the
installer script.
228[03:14:47] <Akuw> i have many resolutions there, but no 1280
x 720
229[03:15:07] <Akuw> only 1280x800
230[03:15:15] <Akuw> 1280x1024
231[03:15:42] <Akuw> i am asking this because i need to record
screen with 16:9
232[03:17:28] <sney> if you are sure you have the vbox guest
additions, and you still can't set the resolution to the one
you want, it may be a limitation with virtualbox.
247[03:21:57] <jmcnaught> Maybe only linux-image-amd64 in
buster-backports Provides the virtualbox-guest-modules virtual
package, but "apt-file search vboxvideo.ko" finds that
file in linux-image-4.19.0-11-amd64.
379[05:55:33] <KNERD> I saw on StackOverflow someone asking how
to get GCC v7 onto Debian 8., and they were showing they were using
a Debian repo for "experimental." I got Stretch installed
on an old laptop, and I see it has only version 6.3. How would I get
GCC v7 on n Debian 9? Doing an apt search I an only seeing version 6
availabel to installll
385[06:02:09] <themill> KNERD: things in experimental are not
for stable releases. They're definitely not for oldstable. They
also disappear soon after being uploaded to unstable so something
from several years ago won't still be there.
387[06:05:17] <KNERD> themill: yeah, I am awarre of that, but
the fact version 7 was available for install nearly 4 years ago, so
one would think a stable version would be already available for
Debian 9 instead of an older version 6
388[06:06:27] <f8e4> sup folks
389[06:06:30] <KNERD> or at least a means to install GCC v7
450[07:02:31] <jak2000> you recommend me delete the file?
451[07:03:00] <nkuttler> i recommend to read the errors. e.g.
insserv: There is a loop between service GlassFish_swItsol and
rc.local if start
452[07:03:08] <nkuttler> !rc.local
453[07:03:08] <dpkg> /etc/rc.local may be used to run simple
commands at boot time. It exists by default in jessie or older; in
stretch or newer you need to create it. Don't forget the
<shebang> and be sure to chmod 755 it. rc.local is considered
a hack, a stopgap, or a temporary band-aid; see <systemd>
454[07:03:39] <nkuttler> it looks like somebody messed with that
server, and you should talk to them
470[07:11:35] <jak2000> need fix first this: insserv: Starting
GlassFish_swItsol depends on rc.local and therefore on system
facility `$all' which can not be true!
533[08:38:08] <jelly> xikuuky: does the screen work otherwise?
Did the output stop as well? Perhaps you accidentally pressed
Control+s and need to Control+q or Control+a, then q ?
534[08:38:20] <themill> unixbsd: No. It means knowing what you
actually want prior to asking questions.
663[10:38:07] <jelly> uos_lyn: if you don't care about the
differences, fix debian/whatever.symbols to match; if you plan to
make a package that is ABI compatible with the one from Debian, then
I suppose you'll need to fix the build process or the code
713[11:09:25] *** Quits: JohnML (~john1@replaced-ip) (Remote host closed the connection)
714[11:09:29] <jelly> uso: I don't know anything about
dpkg-gensymbols, ask in #packaging on OFTC if you're making
packages for not-Debian, or #debian-mentors also on irc.oftc.net if
you're packaging for inclusion in Debian
715[11:09:47] <jelly> uos_lyn: I don't know anything about
dpkg-gensymbols, ask in #packaging on OFTC if you're making
packages for not-Debian, or #debian-mentors also on irc.oftc.net if
you're packaging for inclusion in Debian
741[11:35:03] <rathdome> Hello everyone, I am having trouble
getting my fans to work. They are working in Windows 10 with my
current dual boot system. Does anyone have any ideas how to fix
this?
742[11:35:15] *** Quits: monksam (~monksam@replaced-ip) (Remote host closed the connection)
819[13:04:08] <dob1> what is the recommended dir to put files
commons to all users ? for example I put scripts in /usr/local/bin
maybe /usr/local/share ?
820[13:04:12] *** Quits: Grldfrdom (uid391113@replaced-ip) (Quit: Connection closed for inactivity)
833[13:13:07] <dpkg> Debian follows the Filesystem Hierarchy
Standard. The filesystem is categorized by purpose, not application.
This allows, for example, the easy and efficient deployment of a
read-only /usr area across a number of thin clients. See
replaced-url
840[13:14:37] <Ede|Popede> > The root partition / must always
physically contain /etc, /bin, /sbin, /lib and /dev, otherwise you
won't be able to boot. Typically 250–350MB is needed for
the root partition.
860[13:36:03] *** Quits: Anderson69s (~Thunderbi@replaced-ip) (Remote host closed the connection)
861[13:38:47] <dob1> davorin, I would try a live cd of whatever
distribution with a newer kernel than the debian one to be sure that
is not a driver issue
862[13:39:02] *** Joins: Louis (~Louis@replaced-ip)
863[13:39:06] <dob1> if it is you just have in some way to
update the kernel
864[13:39:13] <davorin> well...currently downloading an ubuntu
image
865[13:39:32] <davorin> i assume nuc10 gpu isn't
supported...as i see no intel drivers loaded..
866[13:39:37] *** Quits: bewbs (~bewbs@replaced-ip) (Remote host closed the connection)
867[13:39:45] <dob1> ,v kernel-image
868[13:39:46] <judd> No package named 'kernel-image'
was found in amd64.
869[13:39:50] <dob1> ,v linux-image
870[13:39:51] <judd> No package named 'linux-image'
was found in amd64.
871[13:40:08] <dob1> hmmm the one on backports I don't know
which version it is
883[13:43:11] <jelly> dob1: "newer" in version number
does not mean too much there, canonical does care about hardware
support up to a point and they often have fixes for weird hardware,
esp. when paying customers file bugs
884[13:43:51] <dob1> jelly, I didn't know about this
885[13:45:27] <jelly> debian kernel team does too, but you need
to actually file bugs
886[13:46:43] <ratrace> called "SAUCE" patches, that
haven't been upstreamed (yet) and are specific to ubuntu
kernels
902[13:56:50] <shtrb> Anyone have a suggestion for a QR app for
plasma that I wouldn't need to screenshot the screen but could
just select a rectangle on a screen ?
916[14:00:00] <shtrb> As jelly said ,I save a screenshot and
feed it to qtqr , there must be a better way
917[14:00:10] <jelly> there was a tool you could drag an image
or selection onto, and it would run a command on the clipboard
contents, but the name escapes
1024[15:21:35] <wsky> check is there a kernel module for your
raid
1025[15:21:39] <sstory> ratrace: Well I run a software RAID at
home, but at work we are used to hardware RAIDs and they have done
well with RAID10 and RAID6.
1026[15:21:43] <wsky> google it out, i wont do everything for oyu
1027[15:21:58] <wsky> or rather, ddg it out
1028[15:22:36] <Schrostfutz_> Hi, I'm afraid this is not the
right place to ask, but I'll try my luck anyway. I'm
trying to boot a VM image from gluster storage via libvirt on Debian
10. The corresponding VM's AppArmor profile, however, is not
present whenever the gluster medium is configured. I'm not sure
whether this is a configuration error on my end, a packaging
problem, or an upstream error since I can't find any solutions
online. Do you have any ideas?
1030[15:23:58] <ratrace> Schrostfutz_: the nature of your problem
is not really clear. AppArmor is enabled by default but afaik not
installed with policies, and there are very little policies. Is you
policy/profile something custom?
1031[15:24:03] <McFloss> wsky: I had this raid controller
intalled in Debian 9
1037[15:26:14] <Schrostfutz_> ratrace: No, I have not customized
it (in fact I didn't know of its existance until I encountered
my problem). When I add a gluster-based image to the VM and try to
start it I get an error message about the missing profile. So far
I've determined that the profile is present (autogenerated) iff
there is no gluster image configured for the VM.
1038[15:26:33] <sstory> McFloss: OK. thanks! Since the OS would
be installed on that, would it be easy in Debian installer to
provide that compiled driver to use?
1049[15:29:21] <McFloss> sstory: worst case you can compile it in
a virtual machine and load the module via usb during the
installation
1050[15:29:38] <sstory> OK. Thanks!
1051[15:30:18] <ratrace> Schrostfutz_: it's probably not
packaged. AA profiles are very.... lacking.
1052[15:30:24] <sstory> I was reading some review that said
Debian was hard to configure. Is that just coming from an Ubuntu
user or something? I am used to conf files in CentOS. Would it be
comparable to that in terms of difficulty?
1053[15:30:53] <ratrace> Schrostfutz_: btw, which profile is
autogenerated?
1054[15:31:41] <jelly> sstory: yes. Easier than CentOS in some
ways, because defaults are better integrated into the OS and often
allow to just install a service and run it immediately.
1057[15:32:23] <jelly> sstory: Worse than CentOS in some ways,
because defaults are better integrated into the OS and services are
often started and exposed automatically right after installation.
1058[15:32:40] <sstory> jelly: Great! Thanks for the information.
My only concern at the moment is the shorter Lifecycle from 10 year
to 5 years. I am a SMB with only a couple of guys so hard to keep
everything up to date.
1059[15:33:09] *** Quits: ledeni (~ledeni@replaced-ip) (Remote host closed the connection)
1060[15:33:42] <Schrostfutz_> ratrace: There is a profile for
each VM:
replaced-url
1061[15:33:42] <sstory> Thanks for the tip. CentOS getting pretty
bad with Windows style automatic crap that you "might"
need as a helpless desktop noob and thus enabled on servers also.
1063[15:34:17] <jelly> sstory: it's 5 years only for a
subset of software, and only if you count the separate Debian LTS
effort which survives on sponsorship.
1064[15:34:45] <sstory> Oh. So it is actually shorter?
1077[15:35:52] <sstory> surely those ware part of LTS
1078[15:36:01] *** Quits: Lupricon (~Lupricon@replaced-ip) (Remote host closed the connection)
1079[15:36:05] <ratrace> Schrostfutz_: not sure how I can help
you there, I work with static profiles and not even with libvirt.
These dynamic things is not something you can control, and they
don't have appropriate #includes to actually supply custom
rules
1080[15:36:20] <jelly> sstory: the company behind the LTS team
also does ELTS if you need more than 5 years.
1086[15:37:54] <Schrostfutz_> ratrace: Yeah, at first I thought
the access was blocked and was trying to manually whitelist
it/everything. That's how I noticed that the files are actually
disappearing, so currently I'm thinking that's a bug,
since the first file should be editable. I guess I'll open a
bug report for libvirt since I don't get any repsonse in their
IRC...
1087[15:38:14] <zykotick9> Schrostfutz_: no solution yet I see.
Again, best of luck.
1088[15:38:17] <jelly> sstory: entry price for ELTS is LTS Silver
sponsorship + variable amount for packages, >= 4kEUR a year. If
you don't pay anything, you can still download patches for
packages that someone else sponsored.
1091[15:38:56] <dpkg> Debian Long Term Support (LTS) is a project
to extend the lifetime of all Debian stable releases to (at least) 5
years. Debian LTS is not handled by the Debian security team, but by
a separate group of volunteers and companies. Ask me about
<jessie-lts> and <stretch-lts> and see
replaced-url
1092[15:38:59] <jelly> !elts
1093[15:38:59] <dpkg> Limited commercial support for wheezy
exists in form of Extended LTS, see
replaced-url
1094[15:39:00] <sstory> Oh wow! Might as well stick with RHEL/IBM
at that price.
1095[15:39:35] <jelly> sstory: that's regardless of the
number of machines, unlike RHEL
1098[15:40:13] <jelly> you got 100 mail servers all with postfix
and dovecot? Same price as just for one with the same set of
packages.
1099[15:40:17] <sstory> Yeah. I think in all of the distros, the
sponsors are leaving a gaping hole with SMBs that unlike Fortune
500s don't have that deep of pockets. It is a niche that need
filling for sure.
1126[15:45:21] <jelly> for example, to go from debian 8 (2015) to
debian 10 (2019), you'd have to read
1127[15:45:30] <jelly> dpkg, jessie->stretch
1128[15:45:31] <dpkg> Read (at least) the upgrading chapter of
the <release notes>
replaced-url
1129[15:45:34] <jelly> and then
1130[15:45:39] <jelly> dpkg, stretch->buster
1131[15:45:39] <dpkg> Read (at least) the upgrading chapter of
the <release notes>
replaced-url
1132[15:46:02] <sstory> One of the few nice things I can say
about Windows is the ability to roll back on disaster. And we all
know users aren't the most patient when thing go boom. :)
1133[15:46:29] <jelly> undo for the package system is one of the
things MISSING in debian
1134[15:46:40] <ratrace> I can do that too. zfs rollback
rpool/foo/herp/derp@snap :)
1135[15:46:46] <sstory> Yeah in most of Linux.
1136[15:47:06] <jelly> debian is quite explicit in not supporting
even single package downgrades
1137[15:47:22] <sstory> ratrace: I was also looking at FreeBSD
but seems a lot to learn to learn ZFS and especially with the time
constraint RHEL just put on everyone.
1138[15:47:34] <ratrace> jelly: did I read somewhere that apt is
getting transactional support? or did I dream that....
1139[15:47:47] <jelly> no idea
1140[15:47:49] <ratrace> sstory: why freebsd? that's the
LEAST of enterprise supported OS...
1141[15:48:07] <ratrace> zfs on linux is THE reference OpenZFS
implementation, thus it's "at home" here.
1142[15:48:27] <jelly> freebsd has openzfs now as well, from the
same source tree, doesn't it?
1143[15:48:39] <ratrace> they rebased from solaris' to
linux' yes
1144[15:49:14] <jelly> and it has pf and can do HA connection
tracking
1145[15:49:16] <sstory> ratrace: Most of the CentOS community has
just be woefully betrayed by IBM/RHEL reneging on their EOL date of
2029 for version 8. This has left many in a panic not know where to
go. There aren't a lot of choices. What I value most is
stability, easy of use and support for the few things I need to run.
1146[15:49:33] <ratrace> but freebsd has other,
enterprise-unfriendly features. the base os is okay-ish, but the
ports are not. "best" you get is 3-month branches of the
unstable tree, which don't get much QA. A date arrives, the
branch is cut out, you get abrupt updates.
1147[15:49:34] <sstory> So not knowing, most have gone looking
1148[15:50:01] <jelly> sstory: debian has a LOT more software
than centos (even after accounting for EPEL and friends)
1149[15:50:02] <sstory> ratrace: Yeah. I am ignorant, though I
have spent some time researching it.
1150[15:50:17] <ratrace> sstory: there's a number of
alternatives now. Oracle, CloutLinux RHEL clone, CloudLinux'
new CentOS Clone. RockyLinux (from the same people that brought you
CentOS, btw)....
1151[15:50:38] <jelly> ratrace: which ones do actually exist
right now?
1152[15:50:45] <jelly> OEL?
1153[15:51:04] <ratrace> Oracle and CloudLinux, where Oracle is
completely free and CL is paid
1154[15:51:06] <sstory> jelly: I really need just a few things.
Ability to provide NTP, BIND, postfix, Samba on a few servers
1155[15:51:21] <ratrace> Rocky is in its infancy, and so is
CloudLinux's CentOS clone project
1156[15:51:23] <jelly> sstory: those are all in LTS
1157[15:52:00] <ratrace> There's also OpenSuSE if you want
to remain in RPM land, and they say Leap is very close to SLES,
kinda like CentOS was to RHEL
1158[15:52:10] <sstory> Yeah, I have seen all of those. Oracle
has left bad trust issues with most people. Rocky looks promising
but don't know the time until ready. We have until 2024 on
version 7 to migrate off, but on version 8, 1 year. I already had a
huge workload just to make that and now??
1159[15:52:30] <sstory> Thanks for all of the tips for sure.
1160[15:52:54] <ratrace> sstory: I've made a bet that RH
will release RHEL completely free, wire-tripping the community
efforts once again.
1161[15:52:57] <jelly> setting up workflows, builds, tests, for a
new distro is surely going to take a nonzero amount of time
1163[15:53:26] <ratrace> jelly: took us over a year to migrate a
dozen (heterogenous tho) FreeBSD deployments to Debian.
1164[15:53:41] <jelly> ratrace: what was wrong with freebsd?
1165[15:53:47] <sstory> The problem is no one trusts RHEL
anymore! They blew their foots off with a shotgun. People are
disillusioned, angry and exiting quickly.
1166[15:53:54] <ratrace> one by one, then you iron out bugs, most
of it was watching and observing for edge cases before you take on
the next one.
1167[15:54:07] <sstory> jelly: True that and thus the problem.
1168[15:54:12] <jelly> sstory: they're IBM now. We'll
see what happens after IBM splits in two.
1169[15:54:14] <ratrace> jelly: mostly what I wrote above about
ports. it's wild west and you have to doit all yourself and
that's terrible
1170[15:54:21] <sstory> jelly: Yes.
1171[15:54:46] <ratrace> jelly: also, zero security features.
"jails" but.... that's comes with a lot of baggage of
its own, no tooling.
1172[15:54:54] <jelly> ratrace: did you consider debian/kfreebsd
for a split second? :-)
1173[15:54:59] <sstory> ratrace: Yeah I was afraid of that and
who has the time. Might as well do Arch and spend all of my time
fixing/building the car rather than just driving it.
1174[15:55:25] <sstory> jelly: I saw it mentioned, but honestly
don't even know the difference between it and debian.
1175[15:55:39] <sstory> Is it a UNIX clone rather than LINUX
clone?
1176[15:55:40] <jelly> oh, not you, him
1177[15:55:48] <sstory> oh. Ok. Sorry
1178[15:56:09] <jelly> sstory: it's just debian atop a
freebsd kernel
1179[15:56:12] <ratrace> jelly: no. no point in using superior
userland with inferior kernel. and you and ten other people is too
small of sample to rely on.
1180[15:57:12] <ratrace> "you" = self. yourself and ten
other users of kfreebsd is too small userbase to rely on getting
bugs spotted and fixed :)
1181[15:57:24] <ratrace> coulda just roll out LFS, I'd have
greater userbase to rely on :)
1185[15:58:17] <ratrace> but even so, the lack of security
features would STILL be present. there's nothing like Apparmor
or selinux in freebsd. their MAC policies are completely radically
different, and poorly supported.
1186[15:59:11] <ratrace> for our use case, we have a lot of
WordPress sites to support. don't ask, that's what clients
want, we do managed hosting. and those I can very much lock down
with AppArmor.
1187[15:59:12] <jelly> honestly I like grsecurity better than any
mainstream security feature, but their pricing range is similar to
ELTS
1189[15:59:37] <ratrace> with jails, I could not. the jails
themselves would still get infected and attack out, even though the
rest of the system is isolated. jails are very poor security tool.
1194[16:03:51] <ratrace> jelly: apparmor is shaping up to be as
powerful as grsec's RBAC. are those few extra patches gresc
does worth the $$ ?
1195[16:04:18] <ratrace> What's up with KSPP ... how's
that going. and really, for such very exposed systems, I'd
actually trust RHEL more.
1196[16:04:42] <jelly> mainstream is catching up, if slowly and
imperfectly
1197[16:04:46] <ratrace> they do damn good job in securing the
kernel, and selinux is baked in and native. way more complx that
grsec RBAC but also more powerful
1233[16:14:09] <Eryn_1983_FL> rsync: write failed on
"/mnt/disk/pool/MOVIES/An.Inconvenient.Sequel.Truth.to.Power.2017.1080p.BluRay.x264-BRMP[rarbg]/an.inconvenient.sequel.truth.to.power.2017.1080p.bluray.x264-brmp.mkv":
File too large (27)
1234[16:14:10] <short-bike> file (or files) ??
1235[16:14:11] <Eryn_1983_FL> rsync error: error in file IO (code
11) at receiver.c(374) [receiver=3.1.3]
1236[16:14:13] <ratrace> lemme guess, FAT32 and you have files
bigger than 4G?
1237[16:14:13] <Eryn_1983_FL> it stopped
1238[16:14:17] <Eryn_1983_FL> yeah
1239[16:14:24] <Eryn_1983_FL> extfat
1240[16:15:03] <ratrace> try --max-size
1241[16:15:45] <Eryn_1983_FL> yeah
1242[16:15:45] <ratrace> but uh... exfat?
1243[16:15:55] <ratrace> max file size is in petabytes
1427[18:00:55] *** Quits: Haudegen (~quassel@replaced-ip) (Quit: Bin weg.)
1428[18:00:56] <boktan> so there must be a solution like they do
on ubuntu on other distros too
1429[18:01:14] <ansimita> !ubuntu
1430[18:01:14] <dpkg> Ubuntu is based on Debian, but it is not
Debian. Only Debian is supported on #debian. Use #ubuntu on
chat.freenode.net instead. Even if the channel happens to be less
helpful, support for distributions other than Debian is offtopic on
#debian. See also <based on debian> and <ubuntuirc>.
1431[18:01:19] <greycat> Debian has signed kernels as well.
1432[18:01:25] <greycat> That doesn't mean #debian can tell
you how they work.
1433[18:02:11] <boktan> if linux is a community distro then must
be easy i think
1434[18:02:22] <boktan> if linux means it is better then windows
at least
1435[18:02:23] <jhutchins> Solution looking for a problem.
1436[18:02:23] <boktan> :D
1437[18:02:49] <boktan> if this is a secret i dont know what to
say :D
1450[18:15:35] <dob1> did you disabled secureboot? I did, it was
a bad idea? to be honest at the time of installation I read the
secureboot wiki and I remember I found it confusing/difficult so I
disabled it to make things simpler
1454[18:17:40] <dob1> boktan, not specific to you, I read your
question and I was asking it in general to persons here
1455[18:18:25] <boktan> msi meg z490 ace cannot disable
secureboot completely... even if you disable it; it is enabled in
somewhere :D
1456[18:18:49] <quadrathoch2> dob1 nowadays imho it should be
pretty simple (it really depends on how bad your uefi is). but it
normally takes like a minute to set everything up
1457[18:19:20] <boktan> let me show you what msi send me
1458[18:19:31] <dob1> quadrathoch2, but I remember you have to do
the same thing at every kernel update, isn't it?
1459[18:19:37] <boktan> Sorry for the inconvenience caused you!In
fact, we have tested the MB with the v131 BIOS and AMI original CRB
BIOS. Sorry to say that the issue appears on both of the two
BIOS.For your current issue, we suspect your current "kali
linux" doesn\'t comply with Microsoft specifications, and
it should be the limitation. Sorry for that, and we still
1460[18:19:38] <boktan> suggest you install windows system on the
motherboard. Thanks!
1461[18:19:42] <boktan> the last message i get from them :D
1462[18:19:59] <quadrathoch2> dob1 nope, because you have a shim
between uefi and the kernel :)
1463[18:20:43] <quadrathoch2> boktan sounds like to drop msi from
the 'good for linux' list
1464[18:21:09] <dob1> quadrathoch2, and debian installer take
care of this for me?
1471[18:23:11] <boktan> i did a little research in internet about
signing the keys but it was hard for me to understand it because of
my bad english ... it would be very nice if anyone was uploading it
to youtube :D
1472[18:23:46] <boktan> signing the kernel*
1473[18:23:51] <boktan> sorry for misstype
1474[18:24:01] <quadrathoch2> boktan signing your own key, or
specifically what?
1475[18:24:38] <boktan> i mean many linux distros are not signed
by microsoft but some friends here suggested me to do it myself and
this was what i was talking about quadrathoch2
1477[18:25:08] <quadrathoch2> boktan look into how those distros
have you do it. because it's specific to them
1478[18:26:30] <jmcnaught> You only need to bother with a Machine
Owner Key (MOK) if you are building out-of-tree kernel modules, such
as with DKMS. My laptop has SecureBoot enabled, all I had to do was
install Debian like normal (booting the installer in UEFI mode).
1483[18:28:48] <jmcnaught> If you are using VirtualBox then you
are probably using DKMS-built modules. This part of the wiki page
outlines the steps to use a MOK:
replaced-url
1484[18:29:04] <dob1> I read it, at every virtualbox update?
1487[18:30:54] <dob1> ok let's say I forget this, does the
system boot after reboot?
1488[18:31:01] <dob1> no, right?
1489[18:31:26] <dob1> or it just doesn't load virtualbox
modules?
1490[18:31:34] <jmcnaught> I'm not using any out-of-tree
modules on my machine with SecureBoot, but I think what would happen
is only the unsigned module would fail to load.
1493[18:32:19] <jmcnaught> Alternatively if you are not already
heavily invested in VirtualBox then maybe consider
virt-manager/libvirt with QEMU+KVM which does not require an
out-of-tree module.
1514[18:46:09] <quadrathoch2> boktan how would that be possible.
because best case (for security) you only have the signing key of
your distro in the uefi verified keys part. I guess you could still
add a second one (just to have as a backup)
1530[18:49:36] <dob1> jmcnaught, and if you have added a new one?
1531[18:50:18] <jmcnaught> dob1: /root/MOK.priv *is* the new one
that you as a Machine Owner create
1532[18:51:04] <jmcnaught> Debian can't distribute its own
private key for people to use for signing their own modules. If the
private key/shim was out there in the wild it would defeat the
purpose of SecureBoot.
1533[18:51:31] <jmcnaught> _0xbadc0de_: look for entries in the
logs that match the timestamps between closing the lid and trying to
resume.
1534[18:51:44] <dob1> jmcnaught, it's a bit more clear now
1546[18:53:21] <jmcnaught> _0xbadc0de_: /var/log/syslog to start,
or if you have enabled persistent journal then "journalctl -b
-1 -e" to see the final messages from the previous boot.
1547[18:53:48] *** Quits: JohnML (~john1@replaced-ip) (Remote host closed the connection)
1548[18:53:52] <boktan> anyone have here msi meg z490 ace
motherboard?
1550[18:54:21] <dob1> jmcnaught, but the wiki says "Most x86
hardware comes from the factory pre-loaded with Microsoft keys"
so you have access to ms keys ? it's not the same as accessing
the debian one?
1572[18:59:56] <quadrathoch2> _0xbadc0de_ if you can't
handle secure boot that's one thing. but please keep your
language at bay
1573[19:00:26] *** Quits: Ericounet (~Eric@replaced-ip) (Remote host closed the connection)
1574[19:00:40] <jmcnaught> _0xbadc0de_: it looks like you are
using GDM as display manager with a KDE/Plasma session. That should
work, but maybe try replacing gdm with sddm if you only use KDE.
1576[19:01:12] <boktan> _0xbadc0de_ i want to... but it's
sadly not working on my motherboard... jmcnaught no but i want to
install archlinux or parrot os or maybe kali, or Pop!_OS but i
cant... i only have few options because of my motherboard haves some
secureboot problems
1577[19:01:37] <_0xbadc0de_> boktan: you can't disable it?
1578[19:01:43] <_0xbadc0de_> via bios options?
1579[19:01:53] <boktan> _0xbadc0de_ i can disable it but its not
working
1580[19:02:06] <boktan> msi did answer me about that and they was
not able to do it too :D
1582[19:02:19] <boktan> do you want to see the message?
1583[19:02:22] <_0xbadc0de_> ya
1584[19:02:40] <boktan> this is the last message they sent me
1585[19:02:44] <boktan> i did tryed kali linux
1586[19:02:45] <boktan> Sorry for the inconvenience caused you!In
fact, we have tested the MB with the v131 BIOS and AMI original CRB
BIOS. Sorry to say that the issue appears on both of the two
BIOS.For your current issue, we suspect your current "kali
linux" doesn\'t comply with Microsoft specifications, and
it should be the limitation. Sorry for that, and we still
1587[19:02:45] <boktan> suggest you install windows system on the
motherboard. Thanks!
1610[19:05:01] <mason> boktan: Run Debian on it. That's what
we support here anyway. And you can still learn about MOK and
friends per that link I sent earlier.
1611[19:05:28] <_0xbadc0de_> boktan: kali is for faggots - but is
there a "Enable CSM" option on the bios?
1612[19:05:47] *** Quits: fionnan (~fionnan@replaced-ip) (Remote host closed the connection)
1613[19:05:52] <jmcnaught> _0xbadc0de_: the f-word is
unacceptable language.
1614[19:05:54] <greycat> _0xbadc0de_: do NOT use racial, sexual,
or other slurs here.
1615[19:05:59] <mrkramps> is kali's kernel signed?
1627[19:07:06] <boktan> greycat did i ask anything about kali?
1628[19:07:18] <boktan> or you reading it wrong maybe?
1629[19:07:22] <greycat> 13:05 mrkramps> is kali's kernel
signed?
1630[19:07:28] <boktan> its not my
1631[19:07:32] <boktan> tell it to him not to me
1632[19:07:32] <mason> boktan: There are two points. One, you
don't have to do anything to get SecureBoot support in Debian
out of the box. 2) The tooks are available if you do want to play
with them.
1633[19:07:47] <mason> s/tooks/tools/
1634[19:07:50] <greycat> 13:05 mrkramps> is kali's kernel
signed?
1635[19:07:51] <greycat> 13:06 greycat> ask the Kali Linux
people. they might know. we don't.
1636[19:07:58] <greycat> neither one of those has your name in it
1658[19:27:09] <boktan> i cannot install any distro i want
because of my secureboot problem of my motherboard problem and
signing the kernel myself is hard to do for me
1659[19:27:40] <jelly> you'll always have WSL!
1660[19:27:42] <ratrace> tried ubuntu? srs question. if ubuntu
can't run, sounds like you have one of those MS only
firmwares/bioses
1670[19:29:44] <mason> jmcnaught: That's a crazy suggestion,
especially in here!
1671[19:30:00] <ratrace> I thought they tried that frist
1672[19:30:10] <boktan> the problem is that i cannot choose any
distro i want... debian works ubuntu works but one day maybe i want
to try another distro... in google there is distros they are extra
for privacy but they are not signed...
1673[19:30:14] <mason> ratrace: Come on. This is 2020.
1675[19:30:44] <jmcnaught> boktan: if Debian works, install
Debian. Then use the other distros in virtual machines. Way simpler
to manage than multi-booting anyways.
1676[19:30:58] <ratrace> mason: indeed :)
1677[19:31:15] <boktan> jmcnaught the same thing i can do over
windows with virtualbox too :D
1678[19:31:22] *** Quits: JohnML (~john1@replaced-ip) (Remote host closed the connection)
1679[19:31:25] <ratrace> so wait, all this time wasted
talking.... and you 'aven't even tried Debian?
1680[19:31:33] <boktan> the performance i will get is important
too also
1753[20:05:23] <petn-randall> tgunr: If you pay close attention
to the error message, you'll notice that you're not using
the distro pip, but one you've installed in ~/.local/.
1795[20:24:23] <ratrace> tgunr: the whole point is, use a
virtualenv and run pip inside it. don't install unpackaged
python modules outside of a virtualenv
1796[20:26:21] *** tinfoil-1 is now known as tinfoil-hat
1800[20:26:55] *** Quits: yans (~yans@replaced-ip) (Quit: chaos is the only true answer)
1801[20:27:22] <ratrace> that's a general rule of thumb for
python. just because some specific script doesn't mention
it.... doesn't mean you should not do it
1833[20:59:10] <tgunr> same exact error as a user :(
1834[21:00:30] *** Quits: magyar (~magyar@replaced-ip) (Remote host closed the connection)
1835[21:01:01] *** Joins: magyar (~magyar@replaced-ip)
1836[21:05:02] <alexrelis[m]> I'm gonna ask here because I
can't think of another place to ask: why can't I easily
install a distro like Debian on my Android-based smartphone? Is the
problem hardware support?
1837[21:05:02] <alexrelis[m]> And yes, I know about the Librem 5
and the Pinephone. I'm asking specifically about most modern
Androids.
1838[21:05:23] <ratrace> tgunr: which error, RuntimeError: This
API blah blah blah?
1859[21:12:17] <ratrace> I guess the packaged pip is simply
broken. use virtualenv.
1860[21:12:43] <quadrathoch2> alexrelis[m] especially qualcomm is
known for not caring about keeping up with kernel releases.
that's why there are still alot of phones with kernel 3.*
1863[21:14:45] <alexrelis[m]> quadrathoch2: so the firmware that
Qualcomm releases can't be used in GNU/Linux? Is that because
of a licensing issue or is it because the way Android handles the
firmware is different?
1864[21:15:34] <mrkramps> closed source, no publicly available
and not uptodate
1880[21:22:07] <ratrace> also.... be very careful with searching
like that and installing.
1881[21:22:32] <ratrace> what you should do is follow packages
from their official documentation sites, to pypi, and carefuly type
in the package name.
1882[21:22:46] <ratrace> unfortunately, pypi has lately been
under attack of name squatters, installing malware under typo'd
package names
1883[21:23:01] <ogo> so i have got pycharm installed with
virtualenv, from command line i do "source activate" in
the project/bin directory
1884[21:23:38] <ratrace> ogo: installed how?
1885[21:23:39] <ogo> if i use pip there the packages are visible
for pycharm? or should i install pacakges from within pycharm?
1886[21:24:06] <ogo> pycharm is simply unpacked in /opt
1888[21:24:22] <ratrace> ogo: pycharm has its own GUI methods to
manage project interpreter and packages. no need to use command line
pip from its terminal but YES, that terminal should be running
within the designated virtualenv (for the project)
1889[21:24:50] <ratrace> ogo: so you installed pycharm from the
offical tarball. okay, that's how I use it too. you made it
sound as if you install it WITH(IN) virtualenv ....
1890[21:25:14] <ratrace> however, your currently active project
must have a virtualenv designated for it
1892[21:26:06] <ogo> yes i used the official tarball. i am a bit
confused whether i need to do virtualenv from command line at all
1893[21:26:33] <ratrace> command line of its bult-in terminal
view? no, as long as you have a virtualenv designated for the
project
1894[21:26:34] <ogo> if pip from within pycharm works then i
guess there is no need for me to "activate" the virtualenv
1895[21:26:49] <ogo> no command line of linux
1896[21:27:03] <ratrace> what do you mean by "no command
line of linux" ....
1897[21:27:50] <ratrace> Please use FULL english sentences, with
subjects, objects and verbs in appropriate relationship.
1898[21:27:52] <greycat> I think they mean "I can run it if
I login with a shell and type these commands _____ but instead of
doing that I want to _____ how can I"
1910[21:31:46] <ratrace> and btw the shell you get even has the
prompt altered to show virtualenv name, just like activating it
outside pycharm, on a shell
1911[21:31:50] <ogo> ratrace, sorry: I mean i did not use the
bulitin terminal view of pycharm, but i used a linux terminal an
went to the directory of the project (this directory was created by
pycharm and had bin/activate script in it).
1913[21:32:20] <ratrace> ogo: then you need to activate the
virtualenv
1914[21:32:23] <ogo> i sourced this "activate" script
from the linux shell and then I used pip in the ensuing prompt
1915[21:32:47] <ratrace> a virtualenv is really just a
modification of your PATH, to look up python binaries, libs and
other things, inside the virtualenv directory first
1916[21:32:58] <ratrace> ogo: right, so that has nothing to do
with pycharm
1917[21:33:53] *** Quits: jukeboh (~noname@replaced-ip) (Remote host closed the connection)
1918[21:34:02] <ogo> well I want the packages that are installed
by pip from that virtualenv to be accessible to pycharm projects as
well.
1922[21:35:19] <ogo> ok, how do I know which projects are
assigned to which virtualenv?
1923[21:35:43] <ratrace> in the project settings, PYthon
Interpreter tab
1924[21:36:08] <ratrace> I don't know if you can get a
tabular view for all your projects at once, but inside active
project, that's the way to manage its virtualenv
1952[21:51:55] <ratrace> there can't be a debian package due
to packaging policies. JetBrains doesn't offer an LTS version
that Debian could package for 3 years
1953[21:53:09] <ratrace> ogo: and what do you mean by that?
pycharm doesn't carry any python, to need sync with system
python
1954[21:53:25] <ratrace> it's an IDE based on Intellij which
runs on JRE (Java).
1959[21:56:35] <mspe> does anyone know if apt-mirror is dead?
1960[21:56:49] <ogo> ratrace, for example right now I have two
copies of the pacakge "keras". One is installed in the
virtualenv of my pycharm project. the other I had installed a while
ago via apt-get python3-keras
1969[22:05:52] <ogo> and i assume not all packages in pypi are
available via apt-get, and those that are available offer a more
recent version in pypi than what is packaged for apt-get, is that
right?
2067[23:16:32] <woenx> Hi. I would like some advice. I have
several computers at home (for me and some relatives) which have the
same users. Changing the password is quite bothersome (go computer
by computer and asking the person to change it every time). What
would be the simplest way to sync these passwords among several
computers?
2068[23:17:21] <ratrace> mirrorbird: a what?
2069[23:17:33] <mirrorbird> woenx, give everyone the same pw
2070[23:17:37] <ratrace> woenx: using config automation like
ansible
2071[23:17:42] <woenx> aha
2072[23:17:55] <mirrorbird> ratrace, hotchix = hot chicks
2073[23:18:03] <mirrorbird> they don't like me to say it
2074[23:18:07] <woenx> I was thinking either 1) write a script so
the NAS replicates the /etc/passwd and /etc/shadow to each computer,
or 2) use openldap
2076[23:18:26] <jess> mirrorbird: are you just going to go
between channels doing this bit
2077[23:18:36] <mirrorbird> jess, do you want to be my wife
2078[23:18:50] <ratrace> woenx: no need to replicate those files
(and you can break things if there's different software
installed on computers). ansible, for example, has the ability to
set use password
2079[23:18:55] <mirrorbird> jess do you have milker
2080[23:18:56] <mirrorbird> s
2081[23:18:57] <greycat> If the computers are all on your home
LAN, the simplest way would be NIS.
2082[23:19:01] *** debhelper sets mode: +l 1189
2083[23:19:11] <mirrorbird> they're limiting our lebensraum
to 1189
2084[23:19:21] *** Quits: somazero (~somazero@replaced-ip) (Remote host closed the connection)
2085[23:19:23] <mirrorbird> genocide
2086[23:19:28] <ratrace> ohlook, someone wants to get a kickban.
2087[23:19:37] <woenx> I have never played with ansible. by a
first look at google, isn't it a bit overkill?
2088[23:19:38] <greycat> NIS was literally *built* for keeping a
centralized password database for a protected LAN.
2117[23:23:21] <mutante> login with fingerprint sensor?
2118[23:23:24] <woenx> ok, one of the reason is that the nas has
a couple of services exposed to the internet, and there were some
very easy passwords that I wanted to change
2119[23:23:49] <gnat_x> but if you remember a truly random ~20
char (more is better) password, that will on the whole be better
than anything someone comes up with every 3 months.
2120[23:23:55] <woenx> Mmm, one of the laptops does not have
fingerprint sensor, and in any case, it's support in ubuntu
(what they use as a client) is not very good
2121[23:24:01] <ratrace> fingerprint is not a bad idea at all...
or something like a yubikey
2123[23:24:22] <ratrace> woenx: oh so this is not really a debian
question? :)
2124[23:24:30] <raidghost> not sure, just joined :P
2125[23:24:31] <mutante> I would usually not say it but if the
combo is "grandma factor" and "low to medium
security" then yea
2126[23:24:39] <woenx> no, the place where i want to centralise
the password management is a debian
2127[23:25:00] <woenx> but the client computers are a mix of
several distros + windows 10
2128[23:25:32] <ratrace> I'd really look into biometrics or
yubikey. passwords are worst possible security mechanism, esp with
people who aren't tech savvy
2129[23:25:39] <mutante> back to the original question.. you can
rsync /etc/passwd and /etc/shadow but it seems very hacky to me.
2131[23:25:54] <raidghost> No polkit agent available to
authenticate action org.libvirt.unix.manager
2132[23:26:01] <mutante> using something like ansible or chef or
puppet to manage users is also a valid approach.. especially the
more computers there are
2133[23:26:05] <raidghost> So there must be some package that
i?ve missing, i guess?
2134[23:26:07] <ratrace> I would't. if there's
different software installed, you could break things by rsycing
passwd or shadow
2135[23:26:14] <woenx> mutante: that was my first thought, and I
was already writing a script to do so, but I found some walls
2136[23:26:23] *** Quits: Christian75 (~Christian@replaced-ip) (Remote host closed the connection)
2137[23:26:43] <woenx> my idea was to compare the hash in the
shadow file, and if it's different, change it.
2138[23:26:45] <mutante> woenx: I think I would use puppet to
manage the users and all the software packages installed on all the
computers.. and control it from the puppetmaster
2139[23:26:53] <mutante> woenx: but that's also because I
already use it
2154[23:28:33] <woenx> What I had written so far, is a bash
script that connects via ssh to a list of hosts (the client
computers) using a key, checks the users in each computer, and
checks if the shadow file is the same or not
2155[23:28:46] <woenx> aha
2156[23:29:22] <ratrace> woenx: do NOT touch passwd and shadow
files directly. you'll break things.
2157[23:29:22] <raidghost> jmcnaught: using virt-manager from
putty in windows with x11 forward
2161[23:29:57] <b1ackandwh1te_> I managed to put google 2 step
auth in all internet account I could. 1 week ago my phone no water
proof falled into the toilet pooped.
2162[23:30:01] <ratrace> yes. if you install different software
on different computers, one may have an UID that nother
doesn't, and you can break that by forcing entire passwd file
2163[23:30:15] <woenx> Yep, it's dangerous
2164[23:30:25] <woenx> you can be completely locked out of a
computer
2165[23:30:33] <petn-randall> b1ackandwh1te_: And then you pulled
out your backups?
2166[23:30:50] <woenx> so, leaving the same password for years at
once, even if it's a simple one, is not such a bad idea then?
2167[23:30:52] <b1ackandwh1te_> backups?
2168[23:30:54] <raidghost> jmcnaught: trying to open virt-manager
on my debian server from windows (putty + xming + x11 forward)
2169[23:31:00] <b1ackandwh1te_> nonono
2170[23:31:24] <ratrace> woenx: simplest thing is idempotent echo
"<password>:<user>" | chpasswd ; you don'
tneed to check for anything, just run that to set passwd. run again
to change.
2171[23:31:34] <woenx> aha
2172[23:32:14] <woenx> yep, i was planning to user chpasswd
2173[23:32:42] <mrkramps> i'd be interested in how you deal
with your relatives after password change when they cannot remember
the new one for like 6 month
2174[23:32:47] <ratrace> there's a program that allows you
to run single commands simultaneously on multiple computers, or
really just use ansible. puppet is a monstrostity that pulls in 80+
packages of ruby, and is memory and cpu hungry just on idle.
definitely super overkill for THIS task alone
2175[23:32:50] <mutante> Are you just looking for a solution how
to change passwords on multiple machines or also to re-create more
machines in the future.
2176[23:32:53] <woenx> the thing is, I cannot do that remotely
through ssh because of sudo (it requires a password to be typed, and
I don't want a passwordless sudo user)
2177[23:33:21] <woenx> I'll have a look at ansible. Or just
changing the passwords manually and try to restrict access through
other means
2178[23:33:28] <ratrace> woenx: you can with askpass ; or use
ansible
2179[23:33:40] <mutante> woenx: sudo isn't ALL or nothing,
you can configure sudo to let one user run one very specific command
as one other user, it doesn't have to be ALL ALL just because
that's popular
2180[23:33:51] <woenx> aha
2181[23:34:03] <woenx> so I could configure one user to allow
just? chpass
2182[23:34:20] <ratrace> no, because they can chpass root .
really, use ansible.
2183[23:34:20] <mutante> yea, or even with specific parameters
only
2184[23:34:20] <woenx> Mmm, that sounds more realistic now
2185[23:34:25] <jmcnaught> raidghost: not sure how that would
work. Any way for you to run virt-manager on Linux natively?
virt-manager can manage remote libvirt instances/VMs.
2186[23:35:04] <ratrace> if you really need to use passwordless
sudo, then you should prepare a script that runs explicit chpass for
a specific user, but that's cumbersome to manage. really, use
ansible. OR NIS as greycat suggested.
2187[23:35:28] <woenx> OK
2188[23:35:34] <mutante> or give them yubikeys
2189[23:35:38] <mutante> for xmas
2190[23:35:40] <ratrace> I'd go with yubikeys yes
2191[23:35:51] <raidghost> jmcnaught: not on linux on my
workstation, And i wanted to do some test on a vm in my living room
2192[23:36:03] <mutante> but managing those is also cumbersome :p
2193[23:36:44] <ratrace> how 'bout thin clients and you
really have one central computre to manage
2194[23:37:13] <ratrace> oooh oooh! what Linus (of Linus Tech
Tips) did! One central beefy computer and only peripherals around
the house. keyboard, monitor, moues, usb hub, audio/video.
2195[23:37:25] <mutante> hah, best idea so far.. you run a Debian
machine and they just have terminals like back in the days.
it's made for this model :)
2196[23:37:31] <woenx> The only thing I;'m worried about is
the NAS, which has an ssh port open, and can be accessed using these
user's passwords
2197[23:37:40] <woenx> I think i'll restric access to key
only and that's it
2198[23:37:58] <woenx> and the users can set whatever password
they want in their own computers, as simple as they wish
2199[23:38:00] <ratrace> mutante: no joke, you can install very
minimalistic debian with openbox + vnc preconfigured to start up and
connect to your main "server"
2200[23:38:24] <mutante> ratrace: yea, and it would solve the
whole key management, good idea!
2201[23:38:28] <ratrace> so that local computer's desktop is
nonexistent and vnc runs fullscreen, so the deskop they see, is from
the server
2202[23:38:40] <mutante> woenx: get rid of PCs :)
2203[23:38:53] <jmcnaught> raidghost: maybe if you manage the VM
with virsh over ssh on the command line, and use virt-viewer on
Windows for the virtual console you could have better luck.
2204[23:38:54] <woenx> then the users would complain
2205[23:39:12] <mrkramps> i'd actually pxe boot the base
system
2206[23:39:25] <mutante> pxe over internet was even a thing :p
2207[23:39:32] <b1ackandwh1te_> once I buy a new phone, transfer
the SIM card and restore google account I will check the 2 step auth
app, but I vaguely remember that the entryes (those that we create
reading qrcode) dont restore.
2232[23:51:01] <woenx> What would be a good way to be informed
about ssh login or failed attempts? I was thinking that maybe
sending a mail or xmpp message when a failed attempt happened, but
that would feel a bit spammy after a while.
2233[23:51:09] <woenx> What about a weekly report?
2234[23:51:26] <mutante> woenx: I think it would feel spammy
after the first minute :)
2235[23:51:41] <mutante> well, speaking of servers on the
Internet
2248[23:54:13] <woenx> and i'm only let a non-root user to
log in
2249[23:54:33] <mutante> woenx: or go oldschool and since you are
asking here.. install eggdrop IRC bot, write a TCL script to make
the bot PM you right here on Freenode :)