17[00:05:38] <alexrelis[m]> I think it's because when I
originally passed through a USB flash drive (which worked), I
safetly ejected in the Windows Guest VM the USB root hub that KVM
actually needed.
18[00:07:04] <jhutchins> alexrelis[m]: Sounds possible,
although I use virtualbox.
19[00:08:01] *** debhelper sets mode: +l 1195
20[00:08:01] <alexrelis[m]> At this point, I'm so sick and
tired of computer problems that I may as well live in the woods.
21[00:08:05] <jhutchins> alexrelis[m]: I've also done a
lot of VMWare. You do have to enable the device in the hypervisor.
22[00:08:19] <alexrelis[m]> I see.
23[00:08:56] <jhutchins> I take it there's an issue with
rebooting the VM?
24[00:09:02] <alexrelis[m]> No
25[00:09:14] <t3st3r> its not qemu thing, its some libvirt crap
26[00:09:17] <alexrelis[m]> jhutchins: The VM is working fine,
I just want to pass through a USB.
34[00:13:41] <Ede|Popede> seems i must change my root pw to
1111 or so just to avoid sitting half an hour in front of the tty
while it pauses after hell knows how many unsuccessful logins
35[00:14:21] <greycat> what the FUCK are you talking about
41[00:16:01] <Ede|Popede> doesn't matter if it's irc
or login. err wait, it does. no step 2 for login
42[00:16:23] <greycat> Are you trying to say "I have set
my root password to something I am unable to type consistently, and
this is causing me problems"?
43[00:16:45] <Ede|Popede> and then the keyboard is plain crap i
have to use, just because, and that's the next thing, it has no
cable. so i never know what actually arrives in the keyboard buffer
44[00:17:18] <Ede|Popede> whatever password it is i NEVER would
have the guarantee on that machine, just because end user hardware
sucks
45[00:17:34] <n4dir> my root password is root. That should
work, no matter what a crap keyboard you have.
46[00:17:39] <Ede|Popede> and i really can't pay 150€
for some gamer keyboard
47[00:17:48] * alexrelis[m] uploaded an image: image.png (241KiB)
<
replaced-url
48[00:18:16] <alexrelis[m]> n4dir: My root password is hunter2
49[00:18:24] <n4dir> that seems just as easy
50[00:18:34] <Ede|Popede> root is good, just needs 2 keys with
a neighbour
57[00:21:14] <Ede|Popede> "i did it because they told me
so" after asking why the fuck i got a facebook invitation in
the name of that person and was told by her she had uploaded her
contacts to the site -.-
58[00:21:27] <Ede|Popede> what? for a homecomputer?
67[00:28:53] <Ede|Popede> how to avoid SPoF and at the same
time not to spread access options. the only thing that's sure
in this model is that it will be the wrong decision.
68[00:29:34] <Monodroid> Happy new year and down with the covid
tyranny ;)
75[00:32:43] <Ede|Popede> some charity has been advertising for
decades "Brot statt Böller" (better donate than try
to frighten your neighbours' pets to death), though i prefer
"Bier statt Böller", cheers ;)
76[00:33:41] <robobox> why not both bread and beer?
77[00:33:51] <jhutchins> Ede|Popede: When using acronyms that
may not be commonly known by your audience, it is good practice
(according to journalistic style books) to spell out the terrm when
it is first used, with the acronym in either parenthases or square
brackets following the term. The acronym is then considered a valid
substitution in subsequent text.
78[00:34:03] <Ede|Popede> beer is liquid bread, so it's
inclusive ;)
87[00:35:48] <jhutchins> Ede|Popede: Yeah, that one's not
too bad if there's context, but you didn't give much.
88[00:36:13] <t3st3r> Ede|Popede> there're some funny
devices that could pretend they're keyboard and type password
for you :)
89[00:36:38] <Ede|Popede> some "thumbdrives" can do
about everything i've read :)
90[00:36:53] <Ede|Popede> including grilling your board
91[00:37:02] <t3st3r> though it's relatively exotic/geeky
approach - and if you fail to remember password and lose device, eh,
well...
92[00:38:32] <t3st3r> <Ede|Popede> including grilling
your board <- Oh, saw that as well. But TBH not the worst prank
on ppl who like to "borrow" items they don't own.
93[00:38:45] <brokencycle> Hi! I have a networking problem:
Given a Debian host with a bridge device and a VM (KVM)
94[00:38:47] <Ede|Popede> some years ago i realized that some
wifi devices come as storage until the driver gets installed. usb
really is universal and tbh i liked the approach. rather elegant.
95[00:39:06] <brokencycle> running on top, it seems to be
impossible to ping the host from the VM and vice versa. However,
pinging
96[00:39:26] <brokencycle> the VM from the outside, or pinging
the outside from the VM works like a charm.
97[00:40:03] <t3st3r> Ede|Popede> some cell modems also do
so. And few others. Actually USB device can change what it is on the
fly. Ever heard of BadUSB?
98[00:40:22] <Ede|Popede> t3st3r: rings a bell, but i gotta
read
99[00:40:40] <brokencycle> Both the host and the VM run Debian,
both are in the same netowork, IP wise, and there are no
100[00:40:44] <Ede|Popede> ah, that one. yep.
101[00:40:45] <t3st3r> This like double edged sword. If some usb
device elects to become keyboard, and type some funny crap... well,
guess
102[00:40:52] <brokencycle> iptables rules in the way, as far as
I can see.
103[00:41:15] <brokencycle> It's just that neither machines
answer to ARP requests.
104[00:41:37] <Ede|Popede> t3st3r: seems it came the year after
badbios
105[00:41:39] <brokencycle> Or so it seems.
106[00:42:03] <t3st3r> Ede|Popede> BadUSB is quite old thing
IIRC. Its concept is even older.
107[00:42:17] <Ede|Popede> the article i'm reading is from
2014
108[00:43:54] <Ede|Popede> oh, badbios was already able to use
speakers and microphones of air gapped systems to communicate
111[00:45:58] <t3st3r> There're many funny unexpected ways
to communicate. Say, some program attempted to display fairly
specific image on display - to provoke monitor cable into RF
emissions.
136[00:57:59] <Sarcutus> The coronavirus only has the goal of
killing lots of people. Not to hard to grok.
137[00:58:09] <Sarcutus> *too
138[00:58:10] <Sarcutus> ack
139[00:58:18] <Monodroid> they survey you with drones if you go
out, tell you when to go out etc. If you dont see that its not about
a virus, then let you vax
140[00:58:31] <CrystalMath> Sarcutus: nonsense!
141[00:58:32] <Monodroid> yeah..
142[00:58:36] <CrystalMath> viruses don't want to kill
people
143[00:58:39] <CrystalMath> their goal is to survive
144[00:58:41] <beelzebuzz> is this one of those cigar-smoking
lizard conversations?
145[00:58:43] <CrystalMath> like every other lifeform
147[00:58:57] <robobox> by using your resources up
148[00:59:21] <CrystalMath> they don't want to use too much
149[00:59:26] <robobox> if you want it to end sooner try
folding@home
150[00:59:29] <Sarcutus> CrystalMath: you're absolutely
correct, killing people is ACTUALLY totally secondary to the
virus's "goals," because it hasn't really got
any goals, it's just sort of like the wind
164[01:01:18] <Sarcutus> CrystalMath: Oh, they DEFINITELY evolve
and speciate. But do they die? Like Monodroid said, they can't
reproduce on their own ...
165[01:01:19] <CrystalMath> bacteria can reproduce robobox
166[01:01:28] <CrystalMath> no matter how much champaigne i
drink i will never not know that
167[01:01:32] <CrystalMath> they even do horizontal gene
transfer
171[01:02:14] *** Quits: Monodroid (~Mono3@replaced-ip) (Killed (Sigyn (Spam is off topic on freenode.)))
172[01:02:17] <Sarcutus> Bacteria are proper life forms. They
consume resources in their environments and reproduce by mitosis, if
I remember right ... they're certifiable.
173[01:02:19] <robobox> cloth
174[01:02:36] <format_c> This might be a discussion for the
off-topic channel?
175[01:02:41] <robobox> yeah
176[01:02:42] <CrystalMath> Sarcutus: absolutely, but i'm
on the side that holds that viruses are also lifeforms
178[01:03:18] <Sarcutus> CrystalMath: well, let's take this
to off-topic if we could, but your POV could be totally valid here.
Like I said, hot debate. :)
195[01:07:37] <CrystalMath> oh it's just the production
process for masks...
196[01:07:41] <CrystalMath> why is that important
197[01:07:54] <Ede|Popede> i'm not really good with names,
had to look for the name of 9 before, but this site rings a bell. so
i think sigyn's argument is valid.
198[01:08:13] <robobox> because statement first, facts to
support it later
199[01:08:38] *** Quits: gry (~test@replaced-ip) (Ping timeout: 272 seconds)
342[03:42:34] <judd> (help [<plugin>] [<command>])
-- This command gives a useful description of what <command>
does. <plugin> is only necessary if the command is in more
than one plugin.
350[03:44:19] <CrystalMath> Sun Jan 21 17:57:27 2018 +0100
351[03:44:27] <CrystalMath> there was a commit 3 days before
that was posted...
352[03:44:34] <CrystalMath> how in the world is that
unmaintained
353[03:44:57] <CrystalMath> i should maybe create a bug report
to add lightspark
354[03:45:04] <CrystalMath> it's still under very active
development
355[03:45:11] <sney> !wnpp
356[03:45:11] <dpkg> For information on packages which are not
in Debian but you think should be, check the Work-Needing and
Prospective Packages list at
replaced-url
357[03:45:40] <sney> knock yourself out, but don't expect
much traction on obsolete tech, unless they have a full reverse
engineered implementation or something
358[03:46:09] <foxide> Given that flash is basically dead...
359[03:46:29] <CrystalMath> lightspark is not dead
360[03:46:35] <CrystalMath> it had its last commit yesterday
361[03:47:00] <sney> the EOL date is today, which is why
suddenly everyone wants more flash implementations right now after
YEARS of declining support/interest
381[03:52:42] <CrystalMath> could i also do something a little
lazy, like
382[03:52:48] <sney> afaik you can't even get a salsa
account until after you've worked with debian-mentors a bit
383[03:52:49] <CrystalMath> file an RFP, and then if nobody
wants to maintain it
384[03:53:03] <CrystalMath> i also offer to maintain it
385[03:53:10] <sney> that is an option for sure
386[03:53:29] <sney> though if you want there to be a chance of
this getting into bullseye for the stable release, don't waste
any time
387[03:53:54] <CrystalMath> huh, when is bullseye coming?
388[03:54:00] <CrystalMath> i feel like buster came out pretty
recently
389[03:54:02] <sney> the freeze is in ~3 weeks
390[03:54:07] <CrystalMath> i still haven't upgraded to
buster
391[03:54:13] <CrystalMath> well, this machine i have
392[03:54:16] <sney> bullseye itself will probably drop around
september
393[03:54:18] <CrystalMath> but not all machines
394[03:54:24] <CrystalMath> september 2021?
395[03:54:27] <sney> yes
396[03:54:35] <CrystalMath> that's a debian schedule
i'm more familiar with :)
397[03:55:02] <sney> I can't speak for the release team
officially, but the last 2 freezes have lasted about 8 months, and
bullseye's is about to start. so aug/sept with wiggle room.
405[03:56:06] <CrystalMath> when was buster released?
406[03:56:24] <sney> !buster
407[03:56:24] <dpkg> Buster is the codename for the current
<stable> release, Debian 10, released 2019-07-06.
"Buster" is Andy's pet Dachshund in Toy Story, see
replaced-url
408[03:56:41] <CrystalMath> i remember i was extremely upset
about the change to freetype
409[03:56:49] <CrystalMath> so i modify the code of my own
freetype package
410[03:56:58] <CrystalMath> but i also mostly switched to bitmap
fonts, and got used to them
411[03:57:01] *** Quits: Grldfrdom (uid391113@replaced-ip) (Quit: Connection closed for inactivity)
412[03:57:02] <CrystalMath> at least they won't change on
me
413[03:57:19] *** de-facto_ is now known as de-facto
414[03:57:46] *** Quits: mrkramps (~mrkramps@replaced-ip) (Disconnected by services)
415[03:57:52] *** mrkramps_ is now known as mrkramps
416[03:59:44] <sponix> !bullseye
417[03:59:44] <dpkg> The release following Debian 10
"Buster" is codenamed "Bullseye" (Woody's
horse in Toy Story 2) and will be Debian 11. It is the current
"testing" release. Remember that testing is called testing
for a reason; good bug reports with patches are greatly appreciated!
replaced-url
418[04:00:27] <sponix> I should run Testing in a VM for shits
and giggles
419[04:00:56] *** Quits: ax562 (~ax562@replaced-ip) (Remote host closed the connection)
421[04:01:49] <sney> "shits and giggles" testing is
much earlier in the dev cycle. bullseye's major transitions are
all done and it's pretty solid atm
422[04:02:44] <sney> though if you're using anything
python2, or trying to upgrade to bullseye from a buster system that
has a toolchain installed via one of the bigger metapackages, it can
be a little messy still
423[04:02:45] *** Quits: TheLQ (4740ce97@replaced-ip) (Remote host closed the connection)
430[04:07:42] <sponix> sney: is there an installer for it, or is
it like sid where you install buster and then just swap the source
lines ?
431[04:08:01] *** debhelper sets mode: +l 1183
432[04:08:25] <sney> there's a testing installer, though it
can be more broken than the OS itself, I used the alpha3 image a
couple weeks ago and it worked
433[04:08:27] <sney> !testing installer
434[04:08:27] <dpkg> Repeat after me: the testing installer is
for testing the <installer>, not for installing
<testing>. To install testing, do a minimal installation using
the <stable> installer and ask me about
<stable->testing>. Installer bugs should be filed against
the debian-installer pseudopackage.
replaced-url
435[04:08:44] <sney> installing buster and upgrading is fine too
436[04:09:02] <sponix> LOL
437[04:09:07] <sponix> "repeat after me" ;)
438[04:10:20] <sponix> I think when I get my new extra computer
built, it will run Debian
439[04:10:24] <sney> "help, I used the testing installer
and everything is broken" was a common question for a while, I
think in the stretch era. it's still good advice.
440[04:10:35] <sponix> my new OLD computer that is
541[06:15:55] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
542[06:16:08] <smurfke> Hello I found a specific package that is
listed within:
replaced-url
543[06:16:17] <smurfke> how do I add 'sid' as a source
to my apt repo's?
544[06:17:00] <quadrathoch2> smurfke if you don't run sid,
don't
545[06:18:00] <foxide> !ssb
546[06:18:00] <dpkg> First, check for a backport on
<debian-backports>. If unavailable: 1) Add a deb-src line for
sid (not a deb line!); ask me about <deb-src sid> 2) enable
debian-backports (see <bdo>) 3) apt update; apt install
build-essential; apt build-dep packagename 4) apt -b source
packagename 5) dpkg -i packagename-ver.deb To change compilation
options, see <package recompile>; for versions newer than sid
see <uupdate>.
547[06:18:38] <foxide> smurfke: That process (ssb) is what you
do when you want to run a single sid package on an otherwise-stable
system. Not all packages can be built this way.
577[06:30:39] *** Quits: ax562 (~ax562@replaced-ip) (Remote host closed the connection)
578[06:30:42] <smurfke> How do I ask the bot about
"<deb-src sid>"?
579[06:30:47] <smurfke> !deb-src sid
580[06:30:47] <dpkg> You can get apt to download source packages
with a <deb-src> line in your <sources.list>. A suitable
entry for the sid release is: "deb-src
replaced-url
581[06:30:54] <smurfke> cool
582[06:31:08] <smurfke> !deb-src bullseye
583[06:31:08] <dpkg> You can get apt to download source packages
with a <deb-src> line in your <sources.list>. A suitable
entry for the bullseye release is: "deb-src
replaced-url
586[06:32:21] <dpkg> backports.debian.org (formerly
backports.org) is an official repository of <backports> for
the current stable (see <buster backports>) and oldstable
(<stretch backports>) distributions, prepared by Debian
developers. Ask me about <backport caveat> and read
replaced-url
597[06:34:49] <dpkg> Some packages intended for Bullseye (Debian
11) but recompiled for use with Buster (Debian 10) can be found in
the buster-backports repository. See
replaced-url
607[06:47:21] <smurfke> I succesfully added the bullseye src to
my sources.list because "apt-cache madison mypackage"
lists 2 versions now. One from buster/main and one from
bullseye/main.
608[06:47:41] <smurfke> How do I tell apt-get to install the
specific version of bullseye/main?
610[06:49:53] <quadrathoch2> smurfke so the package doesn't
exist in buster-backports?
611[06:50:27] <foxide> smurfke: You did not do as the
instructions told you to do if you added anything from bullseye.
612[06:50:54] <foxide> And if you're seeing things in apt
search, then you didn't add a src line, either, you added a
package line, and are close to breaking your system.
622[06:53:00] <smurfke> which is weird because the command
instructed me to do "1) Add a deb-src line for sid (not a deb
line!); ask me about <deb-src sid>"
623[06:53:08] <smurfke> I just replaced sid by bullseye
624[06:53:15] <foxide> Which you should not have done.
625[06:53:27] <foxide> It said sid specifically. Do that.
626[06:53:31] <smurfke> ah ok
627[06:54:15] <smurfke> I misunderstood your instruction on
following the same procedure and not mixing releases.
835[12:17:08] <rudi_s> NetTerminalGene: I don't know but I
think it won't (or you need a separate key). Is there a reason
why you don't want to use LVM? It's really useful to have
that as underlay because it's flexible.
836[12:17:53] <rudi_s> (The fact that the default debian
installer uses the whole disk for LVs and does not keep some space
unused makes it somewhat less useful on default installations
though.)
843[12:21:14] <NetTerminalGene> why should i add something like
that if i don't need it
844[12:21:27] <rudi_s> NetTerminalGene: The question is, why
not? It doesn't hurt performance, it's flexible and you
might find it useful in the future.
845[12:21:47] <rudi_s> For example to simplify encryption
because you can multiple "partitions" inside a single
encrypted volume.
846[12:21:57] <rudi_s> Of course there are different ways to
achieve this but LVM makes it simple.
847[12:23:15] <jelly> NetTerminalGene, if you're using
cryptsetup for fde, running lvm on top is probably the most often
used and well exercised setup
849[12:24:40] <ratrace> NetTerminalGene: even if it doesn't
it's extremely easy to do it yourself using cryptsetup's
plain, on boot, with a /dev/random key
850[12:25:51] <rudi_s> That won't work if you want to
hibernate though.
851[12:26:00] <ratrace> right
852[12:27:00] <ratrace> unless you whip up support for that with
an initramfs script, AND use LUKS instead of plain
888[13:06:21] <dpkg> debian/rules is the makefile used when
building a .deb from source, edit it to change compilation options.
Some packages use sophisticated build systems that should be
documented in debian/README.source. Also remember to make a new
entry in debian/changelog with "~yourname" (for a
backport) or "+yourname" (for a recompile) added to the
version number. See also <makefile>, <hold>, <package
recompile>, <source>, <unique package version>.
937[14:17:05] <rk4> but what i am reminded of is how many
disasters we've had in prod and said "ok srsly guys,
we're going to stop writing big buggy shell scripts"
977[14:50:16] <n4dir> no, i just meant to do it as recommended
(wether needed or not). I thought about it though, but he line which
was said to not work uses [[; and iirc inside of them double quotes
are not needed?
978[14:50:23] <rk4> you guys are too generous, the root cause
was he was lazy and impatient
1012[15:15:47] <Morg0th> Hello there, do I need Debian 11 to use
nvidia prime render offload? This page seems to indicate that, but
I'm not sure
replaced-url
1021[15:21:11] <abrotman> Morg0th: I can't answer the nVidia
question, but sure, you can move your system to Bullseye. It's
reasonably stable for a desktop/laptop. Do note that there's no
official security support, but instead via normal package updates
1071[15:56:07] <Elefanten> ArsenArsen: Where is the loadmod
supposed to be? I've got two servers which *should* be
identical, but they obviously aren't as one isn't booting.
1072[15:56:24] <ArsenArsen> in grub.cfg
1073[15:56:33] <ArsenArsen> check the grub console
1074[15:56:57] <ArsenArsen> try to load it in there
1177[17:15:22] <aLinux`> hey all,happy new year. i have myria
8315 bl (i know its a junk laptop) im trying to install
"debian-10.7.0-amd64-netinst.iso" i tried to boot from
diferent usb sticks but they all work perfectly fine on other
laptops.. on this myria after selecting "graphical
install" the installer hangs/freezes and the only way to exit
that its to shut off the
1178[17:15:23] <aLinux`> laptop. i tried diferent ways to prepare
usb sticks but the same result for this laptop. any solution to this
? also its a intel chipset with some intel celeron and wifi
realtek,no lan.
1192[17:26:23] <abrotman> aLinux`: how did you prepare the USB
stick?
1193[17:26:47] <aLinux`> abrotman rufus iso mode or dd
1194[17:26:49] <abrotman> ice99: You're capable of using
Google, this is a channel for people that need actual help
1195[17:27:04] <abrotman> aLinux`: from Linux, correct?
1196[17:27:10] <aLinux`> abrotman i did not find any similar
problems to mine
1197[17:27:13] <aLinux`> no.. windows
1198[17:27:18] <aLinux`> "rufus"
1199[17:27:21] <abrotman> dpkg: win32diskimager
1200[17:27:21] <dpkg> win32diskimager is much more reliable than
<rufus> or <unetbootin> for copying ISO images to USB
sticks and you can download it from
replaced-url
1233[17:46:12] <aLinux`> it wont go after pressing enter
1234[17:46:26] <aLinux`> right now im making a debian live one..
to test out
1235[17:46:43] <Ede|Popede> F10 to get the boot menu or sth?
1236[17:47:08] <aLinux`> no.. F10 after edit boot options
1237[17:47:26] <aLinux`> after entering debian boot menu
1238[17:47:35] <aLinux`> :(
1239[17:47:55] <Ede|Popede> ah right. boot the entry. i always
look what is offered, don't even bother remembering the keys xD
1240[17:48:01] *** debhelper sets mode: +l 1202
1241[17:48:28] <Ede|Popede> did you check with 'e' what
it does? maybe you can add/remove/modify some parameter
1242[17:48:48] <Elefanten> ArsenArsen: Switched the HBA card from
one server to the other and it solved it, but now the other server
has an issue. Currently re-flashing fw
1243[17:49:00] <aLinux`> well.. i cant remember exactly but im
testing now debian kde live to see if it boots
1258[17:58:10] <digdilem> deeplogic, personal taste. But I do
too. Gone from teeny tiny text to massive icons. But I hardly ever
go there so as problems go it's not a biggie.
1260[17:59:39] <boktan> hello i did buy one vps i want to let
them install debian on it but the seller is saying me there is no
panel for it but i found one named cloud panel is it similar to
plesk panel? which panels you suggest me?
1261[18:01:22] *** Quits: chipxxx (~androirc@replaced-ip) (Remote host closed the connection)
1262[18:01:29] <Ede|Popede> aLinux`: debug? and maybe unset
selinux. can't remember if it's even used when not
explicitely listed, my own grub issues are of a different nature
1263[18:02:38] <boktan> and cloud panel looks similar for me with
the panel of digital ocean but what is your suggestion friends?
1264[18:03:13] <zykotick9> aLinux`: have you tried the
"normal" (ie non-graphical) install? Same result?
1284[18:16:12] <zykotick9> boktan: that '!free whcp'
and the message from dpkg starting with "FOSS Web
Hosting..." was intended for you. you can use "/msg dpkg
DTC", "/msg dpkg GNUPanel", etc for more info when
you see something in <thesebrackets>.
1285[18:16:18] <grndslm> omg.... somebody please help me figure
out how to run a script thru screen or tmux in detached mode AT
BOOT....
1287[18:16:32] *** alexandro2332 is now known as S3xyL1nux
1288[18:16:52] <grndslm> i can run the script thru screen at
regular command line.... but when attempting to run it at boot, it
NEVER works.... no matter if I use rc-local, rc-local.service,
screen.service, crontab -e, etc....
1289[18:16:55] <grndslm> the simpler the better
1290[18:17:37] <grndslm> i actually had it working yesterday and
had to reinstall because of a bootloader issue.... now i can't
remember wtf i did!
1296[18:24:04] <aLinux`> unable to boot any install or live
debian
1297[18:24:05] <zykotick9> aLinux`: ummm :( good luck!
1298[18:24:19] *** Quits: boktan (b9f80f58@replaced-ip) (Remote host closed the connection)
1299[18:25:13] <pasiz> grndslm: do you have reason to use scree
1300[18:25:20] <pasiz> +n
1301[18:28:08] <zykotick9> grndslm: <my 2 cents> I'd
look for some environment variable being different between your user
(where it works) and when it's run at boot. Does your script
use full paths? Reply on some variable that doesn't exist when
being run at boot? </peanut gallery>
1304[18:31:58] <grndslm> pasiz: omg, yes, i have a reason.
i'm running this server headless, and there's no other
easy way to have this script run, show me output, and allow me to
interact with it
1305[18:32:01] <grndslm> except for maybe tmux
1306[18:32:05] <grndslm> i guess i should try that
1307[18:32:07] <grndslm> sheesh
1308[18:32:39] <pasiz> boot time script that needs interaction on
headless server
1311[18:33:23] <grndslm> zykotick9: yes, it uses full paths....
only 2, which are shown in all their glory.....
/home/grndslm/folder/folder/scriptFile.sh && /usr/bin/screen
1312[18:33:43] <grndslm> i cd to the directory with the
scriptFile.sh..... and then i run /usr/bin/screen ./scriptFile.sh
1313[18:33:52] <grndslm> couldn't be any simpler than that,
but it just gives me an error
1314[18:35:06] <grndslm> this is the output i'm seeing....
1358[19:00:44] <TundraBear> Ð ow to understand that the FireWire
adapter connected via the thunderbolt port was detected by the
system? lspci doesn't show him but in
sys/bus/thunderbolt/*/device_name i see him
1380[19:12:06] <pasiz> TundraBear: is the thunderbolt working
1381[19:12:32] <unixbsd> ALWAYS_SET_PATH yes <--- is the
solution to stay alike unix
1382[19:13:02] <TundraBear> pasiz, my sound card connected via
firewire is not shown into system. aplay -l doesn't show it.
But ffado have been installed. Thunderbolt is working.
1383[19:13:06] <unixbsd> the one that invented this should be
pottering
1386[19:13:47] <pasiz> unixbsd: who invented that minus sign is
ugly
1387[19:14:57] <pasiz> TundraBear: is your sound card drivers
loaded
1388[19:15:25] <unixbsd> wow ! this override works. I tried on
bullseye arm64 on my raspberry pi, just run the following command:
echo "ALWAYS_SET_PATH yes" >> /etc/default/su
1425[19:37:40] <TundraBear> Is my Thunderbolt to FireWire adapter
working correctly on Debian? I have found the information in
sys/bus/thunderbolt... Is it enough to be sure?
1459[19:59:01] <thorsten`> I'm installing via debootstrap
and haven't rebooted yet. My idea was to get all the necessary
modules in initramfs to make the new system boot on the first try.
1460[19:59:43] <quadrathoch2> as long as you have your esp
outside mdraid, you should be fine
1472[20:05:26] <thorsten`> hm it seems I made a mistake regarding
something earlier in the boot process.. though the efi-entry for
debian is there, grub does not show up... so I need to fix that
first and then I'll come back. Thanks so far! see you later
1516[20:53:56] *** Quits: debsan (~debsan@replaced-ip) (Remote host closed the connection)
1517[20:55:01] <disillusion> what is the the ufw command to deny
traffic from one IP address on Debian 10? I'm using one but
it's not working. I'm using "ufw deny from
123.123.123.123 to any" but the address is still communicating
with my server. I have 123.123.123.0/24 allowed, which is somehow
getting priority over the block, when a block is supposed to get
priority over a subdomain.
1519[20:57:21] <disillusion> In practical terms, all I'm
trying to do is stop a child from spamming on my network, and
I'm currently being laughed at by children for not knowing to
how to stop them from spamming. Blocking one IP address with ufw is
supposed to work.
1520[20:57:33] <sney> I haven't used ufw but typically,
firewall rules are evaluated in order. so you probably need to
change the priority of that rule.
1521[20:58:01] <tomreyn> i don't know your ufw answer
either, but you may be mixing up the terms 'subdomain' and
'subnet' here.
1526[21:00:22] <tomreyn> sudo ufw status numbered may help you
identify which is overruling which
1527[21:00:26] <disillusion> and then to block one address,
"sudo ufw deny from 123.123.123.5 to any" and I've
also tried "sudo ufw deny from 123.123.123.5 to any port
2000". Neither are working. The children are still laughing at
my inability to stop them.
1528[21:00:43] <sney> again, it is probably matching your
'allow' rule and passing the packet, before the
'block' rule is even evaluated. quick google says you use
'ufw insert' to add a rule in the correct order
1529[21:01:10] <PaddyF_> first match wins
1530[21:01:14] <tomreyn> and no, you most likely can't do
that on the gui
1531[21:01:17] <sney> this is pretty fundamental firewall stuff.
right now I'm with those children, haha
1539[21:04:12] <disillusion> so which gets priority in ufw, the
higher or lower numbers?
1540[21:04:16] <rander2> hello
1541[21:04:37] <rander2> happy new year
1542[21:04:46] <sney> disillusion: in most firewalls the lower
numbers are evaluated first, but you should check the manual to be
sure
1543[21:04:49] <PaddyF_> rander2: likewise
1544[21:05:22] <rander2> anyone know aws tesla ? is it expensive
?
1545[21:05:30] <disillusion> it's standard to allow a whole
subnet first and then block individual addresses later, which means
the higher numbers in ufw should over rule the lower numbers.
1548[21:06:34] <sney> first match wins. if you have an explicit
allow rule, and a packet matches that, it will be allowed and the
rest of the rules will not be used for that packet
1549[21:06:54] *** Quits: beardface (~bearface@replaced-ip) (Remote host closed the connection)
1550[21:08:19] *** Quits: zez (~zez@replaced-ip) (Remote host closed the connection)
1551[21:08:35] <tomreyn> rander2: i think you want to /join ##aws
1571[21:22:57] <disillusion> so I'm using mumble-server for
voice and text chat, which is what want to block specific users from
spamming, and I have to restart the mumble server after setting the
ufw rule. That's weird. I would expect that setting the
firewall rule blocks the port right away, but it doesn't.
Restarting mumble-server is what changes the firewall rule. I do
also have to use "ufw insert" to give the "deny"
higher priority.
1572[21:23:44] <sney> most firewalls also accept established
connections, so that's probably what you're looking at
there
1577[21:27:10] <disillusion> sney, so does it depend on the
particular service for whether or not a new firewall rule applies
without restarting the service?
1578[21:27:46] <disillusion> as in, some services apply the new
firewall rule while running while other services only apply the new
firewall rule after the service is restarted?
1579[21:28:43] <disillusion> if so, I don't like this
because it means I have to drop everyone from a group voice chat on
mumble-server, though just for a few seconds, just to block one
annoying user.
1582[21:29:35] <sney> the service doesn't "apply"
the firewall rule. this is still just your firewall evaluating its
rules in order. your firewall must have a rule at an even lower
priority to allow connections in the 'established' state
1583[21:29:58] <sney> (it's a pretty standard default and
makes sense in most environments)
1584[21:30:32] <disillusion> I'm using default debian
settings with ufw, then make some basic rules in the command line.
Nothing complicated.
1585[21:30:53] <sney> so any packets from a connection that is
already established will not have to be parsed by the firewall,
reducing your overhead.
1586[21:32:54] <disillusion> I'm pretty sure I've
tested this kind of thing a few years ago and was able to block
individual IPs in real time. Though if things can vary from distro
to distro, this can explain why I thought setting a deny for one
address would block it in real time on Debian 10. I guess this is
something that can change from distro to distro, version to version?
1587[21:33:48] <sney> broadly, defaults do change over time, this
is why documentation exists
1591[21:34:33] <sney> debian buster did switch to the nf_tables
kernel firewall module, and there were some low level syntax and
compatibility changes, but that shouldn't be exposed through a
frontend like ufw.
1598[21:39:46] <disillusion> I'll have to look into that.
But if I have other services running for users to access, such as an
apache server, I'll still need a method for blocking individual
addresses from everything. So just blocking on mumble-server
isn't always good enough.
1608[21:45:08] <disillusion> yes I know, but I can keep things
simple by blocking one address from everything. I was just surprised
to see that I blocked one address from everything and it was still
getting access.
1655[22:24:50] <tyzef> later you can change, try on virtuals
machins if you want
1656[22:25:15] <disillusion> Deyaa, gnome does Wayland, which can
come in handy if there's something wrong with X11. But gnome3
can be annoying with the search bar to find apps, which is imitating
Windows. KDE is heavier on the resources but has a more traditional
way of doing things, and is prettier with more options.
1657[22:25:32] <Deyaa> I just tried gnome but it's kinda
buffy
1658[22:25:39] <sney> !start a desktop war
1659[22:25:39] <dpkg> GNUStep: be different.
1660[22:26:00] <abrotman> Deyaa: so try KDE .. or try any of the
other 50 WMs or DEs in Linux
1661[22:26:09] <tyzef> now KDE lighter than Gnome
1662[22:26:24] <abrotman> please stop, Deyaa should decide on
their own
1663[22:26:34] <quadrathoch2> disillusion i never heard (in the
near past) that kde is heavier than gnome oO
1664[22:26:52] <abrotman> you can't possibly know their use
cases or requirements or workload .. just have them go try them both
1665[22:26:59] <Deyaa> I want to know your opinions abrotman
1668[22:27:25] <abrotman> Deyaa: My opinion? Go use them both,
come back in two weeks, let us know which you have chosen.
1669[22:27:30] <abrotman> Have a nice day
1670[22:27:36] <disillusion> well, I recently used gnome3 with
Wayland so that could make a difference. But yeah I noticed that
gnome3 is heavier than I expected it to be.
1681[22:32:01] <Deyaa> quadrathoch2: do you use KDE?
1682[22:32:15] <disillusion> Deyaa, I myself can work with any
desktop environemnt. lol I just want it to not be buggy or too heavy
for the computer I'm running it on. KDE has more visual and
layout options, plus has its own suite of apps which work together
well.
1683[22:32:21] <sney> the whole "lightweight" argument
disappeared as soon as compositing window managers became the norm.
your gui is hardware accelerated. KDE, once the king of
"bloat", is lightning fast on my laptop from 2014 because
the HD4000 is doing most of the heavy lifting
1684[22:32:56] <Deyaa> I'm actually converting from gnome
because there is a problem with xterm integration
1685[22:33:10] <disillusion> Deyaa, one thing I like about KDE is
being able to download themes from the settings window and apply
them right away.
1709[22:54:09] <tyzef> jhutchins, I was shy to say that...
1710[22:54:11] <bitdefect> Not a Debian specific question, still:
How do you normally set up a service user? I have a user which only
needs to run a cron job. I want a dedicated user so that the job
runs with lower privileges.
1717[22:57:12] <bitdefect> abrotman: Yeah I know the various
switches, but I typically then only end up with /bin/nologin, a UID
from a different range and no home dir.
1718[22:57:39] <abrotman> and then cron doesn't work?
1719[22:58:19] <bitdefect> abrotman: At least I think you can not
set up a cron job when the user has /bin/nologin as shell.
1790[23:56:12] <jhutchins> bitdefect: The correct method to lock
down SSH is to force a specific application (usually use for sftp).
Samba will allow only the users you specify only the privileges you
give them, but they can usually transfer and modify files.
1791[23:57:04] <jhutchins> bitdefect: I would also recommend that
the public port for ssh be something other than 22 or 222.
1792[23:58:35] <jhutchins> bitdefect: Not sure exactly what
you're trying to do, but you might also be interested in
sshchroot.