14[00:12:49] <Antoine-> Hello, what is a good way of making
backup over network? I currently have a home server that
periodically fetches important files from my router then makes a
backup. The problem is that I need to have the keys to my router in
my home server. So if my home server is compromised, my router is
compromised as well.
17[00:13:41] <Antoine-> Should I do it the other way around:
have my router desposit the important files to my home server? This
way, it would still have the keys to my home server, but it could be
the keys for a low privilege user.
18[00:13:53] <Antoine-> Is that a good way of doing backups?
19[00:14:30] <milkt> Antoine-: what key are you using?
35[00:24:50] <aminvakil> I used the same method previously,
backing up some configuration files from server on my laptop
periodically, what I did was encrypting it with gpg just after
copying files from server to my laptop
37[00:27:19] <Antoine-> aminvakil: Do you mean which program I
have available to send my files? I only tried with scp. (I'm
not sure I understood you question correctly, sorry..)
39[00:28:04] <aminvakil> You said you can instruct your router
to send its configuration files instead of retrieving files from it
40[00:28:12] <aminvakil> How can your router do so?
41[00:28:17] <Antoine-> milkt: I meant saving snapshots of my
config file. That's in case I mess something up, I can always
restore my config to a working state
44[00:29:56] <aminvakil> 02:43 <Antoine-> Should I do it
the other way around: have my router desposit the important files to
my home server? This way, it would still have the keys to my home
server, but it could be the keys for a low privilege user.
45[00:30:30] <aminvakil> Offtopic here though, nevermind
46[00:30:50] <milkt> Antoine-: then what about making keypair
on your local pc and send pubkey to router or homeserver?
49[00:31:20] <Antoine-> aminvakil: Right. That's not how
it is currently set up so I'm just thinking about a way atm.
But I thought about something like, sending the file from the router
to the home server at 20:00 with a cron job, then doing my backup
(moving the file to somewhere else or archive it in some way) at
21:00.
50[00:31:31] <Antoine-> Idk if that's a reliable way
51[00:31:46] <aminvakil> What is your router?
52[00:32:18] <Antoine-> aminvakil: What software it runs you
mean? It runs pfsense
56[00:33:23] *** Quits: Mister00X (quassel@replaced-ip) (Quit: "I'll be back" — Arnold
Schwarzenegger)
57[00:33:24] <aminvakil> Either way, I guess appropriate way is
to keep it on an encrypted partition and encrypting it with gpg keys
58[00:34:14] <aminvakil> Although keeping private key to access
router in plaintext kills the whole purpose...
59[00:34:32] <Antoine-> milkt: I don't understand how that
would help me, sorry :s. That way I could access my home server and
router from my local pc? But I'd like to have my home server
manage the backups
61[00:36:41] <Antoine-> aminvakil: What bothers me is having my
router's keys on my home server..
62[00:36:44] <milkt> Antoine-: so do you mean, home server
should be able to decrypt but should not have key?
63[00:37:53] <Antoine-> I don't know if I should be
worried about having my router's key on my home server at all.
If so, is it possible to avoid it while still making backups
64[00:38:14] <Taserface> is your router more secure than your
home server?
65[00:38:39] <Taserface> i.e. is access more tightly
controlled?
66[00:39:03] <Antoine-> So I thought about having my router
connect to my home server instead because I could set it up in such
a way that it only logs in as a low privileged user
67[00:39:21] <Antoine-> But maybe all this isn't relevant
and I'm worrying for nothing :)
68[00:40:12] <aminvakil> It depends, low privilege user can do
much more damage in some environment than root on an environment
which does not contain much important data
69[00:40:28] <Antoine-> Taserface: Less people have access to
my router. Less services running on it. I don't know if that
makes it more secure. Maybe
70[00:40:56] <Antoine-> aminvakil: Hmmm, good point
77[00:43:22] <aminvakil> Backup your configurations
periodically on a usb drive then:))
78[00:43:29] <Antoine-> aminvakil: It runs on its own hardware
here
79[00:44:00] <Antoine-> Hmm, that could be a solution :)
80[00:44:04] <Taserface> antoine: generally for security
purposes it's better to grant all of your devices access to the
backup server, rather than the other way around.
81[00:44:17] *** Quits: xx (~e@replaced-ip) (Remote host closed the connection)
82[00:44:20] <Taserface> and if you can, restrict what devices
can do on the backup server
83[00:44:42] <Taserface> as in, arrange it so all they can do
is deposit backups
84[00:44:52] <aminvakil> If someone could access your hardware
running pfsense you're compromised anyway
85[00:44:59] <Antoine-> Taserface: Ok, it makes sense!
86[00:45:56] <Taserface> if you were to do it the other way
around, then your backup server the effective has (at least read)
access to EVERYTHING and becomes an annoyingly high risk
87[00:46:16] <Antoine-> So all devices should access a low
privileged user on the backup server
88[00:47:13] <Taserface> also if you can, get the devices to
encrypt during backup.
90[00:47:48] <Antoine-> Exactly, that's what I thought. In
my case its no big deal since its just me and a home server but I
thought my backup scheme was wrong for bigger environment
91[00:48:01] *** debhelper sets mode: +l 1177
92[00:48:16] <Antoine-> Taserface: What do you mean encrypt
during backup? Encrypt locally then send to the backup server?
93[00:48:35] <Taserface> yes that. encrypting on the backup
server doesn't reallyhelp
94[00:48:53] <Taserface> so yeah I just realised, either way
the backup has all of your files, or at least copies of them
95[00:49:00] <Taserface> so encryption helps
96[00:49:41] <Taserface> you can use a single backup key pair
for everything, put the public key on all your devices, and keep the
secret key somewhere safe
97[00:49:58] <Taserface> and/or use a good password on it
98[00:50:15] <Taserface> btw did you mention what backup
software you are using?
99[00:50:41] <Antoine-> OK yes that sound like a good backup
scheme
100[00:51:02] <Antoine-> Taserface: No, but it's just a
shell script with scp and tar at the moment
101[00:51:13] <Antoine-> Very simple
102[00:51:25] <Taserface> excellent.
103[00:51:40] <Taserface> anyway have a mess around with gpg.
104[00:52:27] <Taserface> if you are clever you can figure out
how to use pipelining to run something like tar|gpg -e|ssh "cat
> backup.file"
105[00:52:37] <Taserface> so there is no need to create a temp
file to copy
106[00:52:59] <Taserface> (I don't remember ALL the cmdline
options but that's the gist of it, it can be done)
107[00:52:59] <Antoine-> I'll write this one down!
108[00:53:40] <Antoine-> I'll think about it. At least I
have a better scheme in mind now :)
109[00:53:47] <Antoine-> Taserface: Thanks a lot!
110[00:56:30] <Antoine-> aminvakil, milkt: Thanks a lot guys for
replying too
186[01:12:25] <dpkg> cluelessperson: KCI error, or a problem
with the Keyboard-Chair Interface.
187[01:12:27] <JackFrost> Err dpkg --verify. Sorry, I normally
just use debsums.
188[01:12:56] <cluelessperson> JackFrost, doesn't show
anything either
189[01:12:59] * cluelessperson scans over --help
190[01:13:02] <sney> !confmiss
191[01:13:02] <dpkg> You have to especially tell the packaging
system to reinstall config files because when they are gone, it is
assumed that you want them to stay deleted. "aptitude -o
DPkg::Options::='--force-confmiss' reinstall
$packagename" will restore them (man dpkg for details). If the
package uses <ucf> for config file management, ask me about
<ucf confmiss>.
192[01:13:06] <sney> ^ this will reinstall the package with the
original config files. it won't overwrite anything in ~ but
should get you started.
193[01:13:48] <rgwu> That won't fix the problem of files
bash honors that didn't come packaged with bash.
194[01:14:07] <JackFrost> Correct, nor will --verify show those.
Just modified files.
202[01:17:41] <_shawn> could make a debootstrap to borrow the
files from if you thought /etc/skel might have been tampered with
203[01:18:01] *** debhelper sets mode: +l 1178
204[01:18:30] <cluelessperson> yeah, I'm confused.
I've at this point reinstalled bash with those options, and it
doesn't appear to be the normal setup I expect with my servers
222[01:25:56] <Pols12> Hi! I just tried to backport libgcc from
testing to my stable, but now I can't connect anymore: there
GUI does not start (only cursor displays) and CTRL+ALT+F1 says
logins is incorrect (even root!). What can I do?
239[01:42:02] <Pols12> Thanks for answering, Taserface. In fact,
I manually installed packages, and I am pretty sure the last one was
libgcc: it refuses to install without --auto-deconfigure, and with
auto-deconfiure, it asks me to stop xscreensaver, so I have killed
it before continuing, but I may misunderstand the risks
333[03:34:25] <LtL> I did a server, desktop and laptop, my
method. the extra full oor dist upgrade does nothing and is not
needed
334[03:35:18] <LtL> it is needed for release upgrades, not point
releases
335[03:35:32] <themill> There's the occasional point
release that does require removing packages to do the upgrade, in
which case you're back to needing a full-upgrade. I don't
recall that anything hit that for 10.7→10.8
336[03:35:41] <LtL> version upgrades rather
337[03:36:15] <LtL> right.. mine didn't.
338[03:36:55] <dvs> There was a kernel upgrade just before 10.8
so deeplogic might not have gotten it yet.
339[03:38:28] <LtL> apt upgrade pulled that kernel in also
340[03:38:42] <LtL> for me atleast iirc
341[03:44:06] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
457[07:11:27] <karlpinc> node1: `systemctl status ntp` and `ntpq
-p`? It may be that you're not using systemd's time
service, and are instead using the ntp daemon?
580[10:37:23] <Lope> is booting up a debian installation that
has nvidia driver installed, on a VM that has no Nvidia GPU
attached, normally a problem? I've tried to boot this VM a few
times. I get a bunch of libvirtd segfault messages inside the VNC of
the VM and it doesn't boot.
599[10:54:21] <ratrace> nvidia drivers installed means only
there's .ko files around and .so thingies for xorg. if
there's no nvidia gpu, those wouldn't even be loaded by
the kernel and xorg
600[10:54:23] <jelly> Lope, so accuming the segfaults are on the
libvirt client on the host, that's where you have to fix them
601[10:55:04] <jelly> ratrace, nvidia libgl1 would be used I
think
602[10:55:37] <ratrace> jelly: yeah was just typing about the
possibility of opengl libs interfering
603[10:55:59] <Lope> hmm. My biggest problem at the moment seems
to be "A start job is running for Raise network
interfaces" 1 min out of 5 mins
604[10:56:01] <jelly> those vnd wrappers are supposed to help
apps using the right libgl1 but I don't know if those exist in
buster and if they get installed by default
657[11:39:03] <milkt> is there way i can get old linux-headers-*
package from official apt repository? specifically
linux-headers-4.19.0-6-amd64 or linux-headers-4.19.0-6-all
741[13:00:14] <agiofws> firmware-amd-graphics is already the
newest version (20200918-1~bpo10+1)
742[13:00:29] <n4dir> packages.debian.org can tell you which
version of a given software is in the different repositories (or if
at all)
743[13:01:08] <n4dir> if you install a packge it will install
the version (or the hightest version, or according to pinning) to be
found through your sources.list(s)
744[13:01:20] <agiofws> ok but i'm trying to eliminate some
bugs that occur from my gpu drivers so i'm going for
proprietary amd s/w
745[13:01:38] <n4dir> so, as Mister00X said, you use the version
to be found in your repositories
746[13:02:19] <agiofws> i'm trying to follow this
replaced-url
747[13:03:21] <Mister00X> seems like you allready got them>
<agiofws> firmware-amd-graphics is already the newest version
(20200918-1~bpo10+1)
748[13:03:59] *** Quits: conta (Thunderbir@replaced-ip) (Remote host closed the connection)
758[13:06:37] <tomreyn> "set to manually installed"
759[13:06:54] <tomreyn> use 'sudo apt-mark auto
PACKAGENAME'
760[13:07:54] <agiofws> old ? Mister00X its an APU on a ryzen 5
cpu 4500U
761[13:08:05] <Mister00X> also agiofws you may want to describe
you grafics problems a bit more so we can help you. Because maybe
you're looking at the wrong place for a fix
762[13:09:20] <agiofws> Mister00X, that link is not for old
cards but for the newest ones i think ?
763[13:09:52] <Mister00X> agiofws: this grub stuff is
experimental and > AMDGPU/Vulkan on older cards is the section
that grub entry is written
778[13:15:51] *** Quits: filohuhum (~filohuhum@replaced-ip) (Remote host closed the connection)
779[13:16:03] <tomreyn> your graphics card firmware loaded
properly
780[13:16:05] <ratrace> yea, see, the radeon related firmware
doesn't reference the word "radeon". looks sorted.
you're also missing rtw88/rtw8821c_fw.bin that's probs in
firmware-realtek package
785[13:17:23] <Mister00X> agiofws: as ratrace said you may be
also missing the firmware for your rtl8821ce wifi card. Note that
from my own suffering it may not work with all types of the
rtl8821ce chips
786[13:17:44] <agiofws> how do i download firmware for 8821c?
787[13:17:57] <ratrace> agiofws: it's packaged in
firmware-realted pacakge
795[13:19:13] <ratrace> agiofws: in general you should never
install sofware by "downloading" from random sites, you
should (always) use apt and friends, for packaged software. the
exception becomes when you know what you're doing
806[13:21:58] <ratrace> I'd say chances are it'll
continue to work, even better. I don't recall when installing
missing firmware actually made things worse .... BUT .... as they
call it around these parts..... it's RealCrap, so who the eff
knows.
807[13:22:32] <Mister00X> Im astonished it works anyway
808[13:23:02] <Mister00X> cause mine is the source of great
headaces for me
809[13:23:17] <ratrace> pry it out with a screwdriver and toss
it in the fire
810[13:23:45] <Mister00X> ratrace: well Im going to get support
with kernel 5.12
818[13:26:37] <n4dir> agiofws: it seems, seems !, that you
should try to understand the basics of debian's package
management. Downloading random stuff and installing it might or will
lead into trouble in the long run, and that usually is not how
installing packages is done in debian.
819[13:27:52] <n4dir> your questions made it sound like that,
but perhaps i misunderstood.
820[13:28:07] <tomreyn> agiofws: regarding the graphics issues,
i thnk we can sum up that you won't solve them in this debian
version through software installations (unless those provide newer,
compatible (to the rest of the system) versions of mesa and amdgpu
drivers, and possibly Xorg, too)
823[13:29:31] <tomreyn> configuration changes *may* help contain
the problems stemming from lack of implemented functionality to a
degree. or, more likely, make things worse.
824[13:29:53] *** Quits: kfvn (~weechat@replaced-ip) (Remote host closed the connection)
838[13:36:41] <akas84> hello guys, can anyone help me with
postfix? I am trying to catchall two different domains, and it does
not work, it always goes to the one that is the same as the machine
server :(
855[13:53:18] <akas84> I mean, it works, it accepts de emails,
but sends them to the wrong user
856[13:53:26] <akas84> de => the :P
857[13:53:39] <akas84> will try there, thanks
858[13:53:54] <ratrace> akas84: you need to post your configs,
logs etc... which is all explained in the getting_help factoid in
#postfix. please ask there, this is not debian specific
859[13:54:19] <akas84> yes yes. I don't think it's
debian specific
860[13:54:27] <akas84> at least not yet :D
861[13:54:50] <ratrace> (probably won't be at all, debian
doesn't alter postfix)
862[13:55:16] <petn-randall> ratrace: While I agree with asking
in #postfix is best, that's not the rules for getting support
here. Any support question on Debian machines can be asked in here,
whether Debian-specific or not.
863[13:55:40] <ratrace> I don't think this is violation of
rules, but the question is so specific, it'll get better help
in #postfix
864[13:55:59] <ratrace> and the bot there has the factoids the
bots here don't :)
872[14:02:07] *** Quits: grumble (~Thunderbi@replaced-ip) (Quit: ACCORDING TO ALL KNOWN LAWS OF AVIATION THERE IS NO WAY A
BEE SHOULD BE ABLE TO FLY ITS WINGS ARE TOO SMALL TO GET ITS FAT
LITTLE BODY OFF THE GROUND THE BEE OF COURSE FLIES ANYWAY BECAUSE
BEES DON'T CARE WHAT HUMANS THINK IS IMPOSSIBLE)
908[14:20:36] <dpkg> nopaste is a command-line tool to send data
to a <pastebin>. To paste e.g. your sources.list do
"aptitude install libapp-nopaste-perl; nopaste
/etc/apt/sources.list"; to paste the output of a program do
e.g. "dmesg | nopaste".
909[14:20:42] <agiofws> i think i had another cli paste bin
910[14:20:56] <ratrace> pastebinit ...
911[14:21:08] <ratrace> wgetpaste? but that's not packaged
in debian afaik
912[14:22:02] <agiofws> Mister00X, here is my firmware pastebin
replaced-url
913[14:23:43] <agiofws> anyway wifi is still working apart from
realtek firmware failing to load
914[14:24:55] <Mister00X> agiofws: well in that case I would not
bother with installing it. But if you really want to installit maybe
try the version from backports
970[15:31:14] <mrfree> Hi all! I'd like to install debian
on a raspberry pi. However, the device is not physically with me at
the moment thus I need to use qemu to set everything up on a USB
img. Eventually I'll ship the latter to be written on a USB
stick and plugged to the device. Any suggestions on how to spawn the
netinst using qemu-system-arm?
996[15:48:44] <Spintus> Hello :) I have 3 Debian machines which
run on an ESXI. Unfortunately, I can no longer enter the LUKS
password for all of them when starting. After confirming with the
ENTER key nothing happens. No error message - nothing.
1010[15:56:08] <s_> my colleague recommended a system monitoring
tool that basically had a graphical dashboard web ui.. but it was
free. is there anything like that you know of?
1061[16:26:32] <s_> it seems like best practice is shifting away
from use of packages... a lot of these tools are recommending direct
downloads. it reminds me of the old days
1063[16:27:22] <debclair> Hello, I got a weird output of commands
I didn’t run right while waiting for zsh to finish loading. I
couldn’t copy the exact commands at the time, but they were
errors about firefox files not found in cache/*/google-*/morgue/*.
The actual commands were trying to delete those files that appear to
be cache files Firefox stores in a per-website
1064[16:27:23] <debclair> basis. There seems to be a few tools
online to decompress those “morgue” *.final files.
I’m running Debian Stable, my Firefox is Developer Edition. My
question is if this behavior is well known or if it could be a sign
of intrusion in my system.
1065[16:29:27] *** Quits: beelzebuzz (~rasputin@replaced-ip) (Remote host closed the connection)
1080[16:36:33] <debclair> @jelly that made me suspicious as well.
There’s nothing weird in all the regular startup files that I
could think of. I even checked bash’s jic. The lag seemed to
come from using direnv and it went away after removing the direnv
hook.
1081[16:38:22] <jelly> if direnv looks for stuff in current
directory, and you traverse dirs where you don't know exact
contents of (say, pulled from someone's git you don't
trust 100%), that sounds like a recipe for disaster
1083[16:39:25] <jelly> > Before each prompt it checks for the
existence of an ".envrc" file in the current and parent
directories. If the file exists, it is loaded [...]
1104[16:57:35] <Zajt> Hi, I am trying to fix keyboard language on
my debian on my macbook. And I fixed it by doing: dpkg-reconfigure
keyboard-configuration , and then: udevadm trigger
--subsystem-match=input --action=change
1109[16:59:33] <Zajt> but this does not persist across reboots,
and after fixing it in one terminal and I spawn a new i3 terminal
window, it doesn't have the new keyboard layout
1110[16:59:48] <Zajt> I don't know why it doesn't get
set through all shells and across reboot
1111[16:59:52] <Zajt> What am I missing?
1112[17:00:46] <th0r> Zajt, just a guess...are you running the
commands as root?
1113[17:01:08] <Zajt> yes I ran it as root, that is needed th0r
1121[17:08:19] <debclair> @Zajt you could add the commands you
used to your i3 config to enable them on startup as specified in
this answer?
replaced-url
1162[17:44:02] <dpkg> A backport is a package from a newer Debian
branch, compiled from source for an older branch to avoid dependency
and <ABI> complications.
replaced-url
1229[18:46:12] <Zajt> Hi, how can I make this service start later
during the boot process
replaced-url
1230[18:46:29] <GNUtoo> Hi, I'm upgrading a machine to
buster, and that machine had a php repos added (replaced-url
1231[18:46:41] <sney> Zajt: change the After value
1232[18:47:11] <GNUtoo> For instance with Arch / Parabola you can
do pacman -Syuu and that will dongrade packages to the repos
packages, but I didn't find how to do it in Debian
1233[18:47:15] <sney> GNUtoo: the sury packages should upgrade
fine, just comment out the repo in sources.list
1234[18:47:41] <sney> apt does not support large scale
downgrades.
1235[18:47:51] <aminvakil> what is your guys general advice on
enabling backports in sources? do you enable it on your critical
servers too? doesn't security updates gets backported to main?
1236[18:47:58] <GNUtoo> thanks a lot
1237[18:48:25] <Zajt> sney what should I put it as?
1238[18:48:33] <Zajt> if I wanna start as late as possible
1239[18:49:12] <sney> aminvakil: packages in backports usually
get updated at the same time as the package in testing, so they do
get "security" support even though they are not handled by
the debian security team. still, I only install backports on a
server if I have a specific need for that newer version.
1243[18:52:54] <sney> Zajt: that depends on your system.
multi-user.target or graphical.target might be worth trying.
1244[18:53:08] *** Joins: conta (Thunderbir@replaced-ip)
1245[18:53:49] <aminvakil> i only used debian previously for my
proxmox installations, i used centos everywhere else but as you know
it's not possible anymore, i'm migrating all my playbooks,
vms and stuff to debian slowly
1246[18:54:15] <Zajt> tried multi-user.target now, it
doesn't run at all
1248[18:54:36] <Zajt> btw what is the "Restart=always"
doing as mentioned here
replaced-url
1249[18:54:40] <aminvakil> also as hendursaga asked debian does
not come with selinux by default, but it can be configured as
it's been written on
replaced-url
1250[18:54:44] <Zajt> when will it restart?
1251[18:55:04] <aminvakil> what is your suggestion on that? using
apparmor?
1252[18:55:20] <sney> debian recommends apparmor over selinux,
yes.
1253[18:56:23] <aminvakil> sorry if this is a dumb question, i
have very little experience with apparmor, does it support labeling
files too like selinux?
1254[18:56:42] <aminvakil> so that for example apache cannot
write on files even it's running as owner of files or so
1318[19:30:16] <sney> at the time, based on some comments,
you'd think that installing systemd meant Lennart Poettering
was going to personally come to your house and kick your dog. if
that nonsense has been left out of the historical record, then
that's not so bad, heh
1366[20:15:14] <Zajt> What is the recommended way to install
ansible on debian? I ran apt update and then apt install ansible,
but I get ansible-playbook version 2.7.7, but my friend have version
2.10.4
1368[20:16:25] <maxtim> My thought is to split the incoming
syslog sources via ports with iptables. so 192.168.1.10:514 ->
port 1514, 192.168.1.11:514 -> port 1515, etc...
1399[20:43:14] <piranhaphish> How can I disable warnings for an
invalid signature when doing 'apt-get update' with a
repository that is now defunct? I have added the key with
'apt-key add' and the signature in the complaint is the
same as in APT's trust store. So I don't get it.
1403[20:46:50] <piranhaphish> I've tried
"[trusted=yes]" in sources.list with no luck. I have
another host using the same sources and it doesn't complain,
but can't remember what I might have done to silence the
warnings about the invalid signature
1404[20:46:51] *** Quits: fourstepper (~fourstepp@replaced-ip) (Remote host closed the connection)
1427[21:05:38] <slowly_stuck> what's the right way to set up
encrypted dns? configure the system to query cloudflare (1.1.1.1)
over ssl, or is there a way to do DoH/DoT on Buster?
1454[21:31:52] <taman> slowly_stuck: try a web search for
something like "unbound dns over tls". Or s/unbound/your
favourite resolver/ if you prefer.
1455[21:32:30] <aminvakil> how i can purge packages using
autoremove ?
1456[21:33:12] <aminvakil> for example i install mariadb-server
and then i execute apt purge mariadb-server and it will be purged
with its configuration files
1457[21:33:30] <aminvakil> but apt autoremove will remove the
dependencies leaving configuration files
1493[22:04:58] <rudi_s> hendursaga: There shouldn't be any
(reasonable) limit.
1494[22:05:53] <rudi_s> Something like 80 characterso definately
works and key-files of 4K or so work too. But I didn't test any
more "extreme" limits.
1519[22:16:36] *** Quits: HeXiLeD (~grumpy@replaced-ip) (Remote host closed the connection)
1520[22:16:53] <rudi_s> hendursaga: Yes. - And depending on your
level of paranoia you can always skip it, even for "blank"
disks.
1521[22:17:19] <rudi_s> All it does is prevent an attacker from
knowing which parts of the disk were written. This is not really
relevent for most scenarios.
1522[22:17:26] <rudi_s> I never initialize my disks with random
data.
1525[22:18:14] <hendursaga> Also, I downloaded the netinst iso
and it only gives me the option to install core - is that expected?
Like, would I have a graphical environment?
1529[22:19:44] <rudi_s> hendursaga: netinst requires internet
access to install more packages. But you should be able to select
anything you want in the installler.
1530[22:19:54] *** Quits: coot (~coot@replaced-ip) (Remote host closed the connection)
1531[22:20:04] <rudi_s> Personally I only install a minimal
system (all options cleared) and then later install what I want with
`apt`.
1532[22:20:29] <hendursaga> But it only listed one option?
1549[22:32:00] <n4dir> very raw version of the installation
process would be: a couple of easy questions, including network
setup; partitioner, installing the debian "base" system,
taskel, where you get asked if and which DesktopEnvironment and a
bit of other software to install, installing grub
1551[22:32:31] *** tnewman3 is now known as tnewman
1552[22:32:33] <n4dir> So you didn't see that checkboxes
where you could pick from different DesktopEnvironments, cups, ssh,
standard-task, a bit more?
1553[22:32:43] <hendursaga> Yes, I did not.
1554[22:32:56] <n4dir> that is weird, indeed. No idea, sorry
1594[22:43:19] <n4dir> calling gnome or kde lightweight sure
doesn't lack humor
1595[22:43:42] <Azrael_-> hi
1596[22:43:45] <Azrael_-> i'm running "mysqldump
<mydb> | gzip > backup.sql.gz" but i want to suppress
all error output of mysqldump. i tried "mysqldump <mydb>
2> /dev/null | gzip > backup.sql.gz" but this didn't
output anything any more. how do i do it properly?
1597[22:43:53] <hendursaga> I suppose if it runs on a PinePhone
though... eh, Plasma it is.
1599[22:44:43] <_shawn> but I made an example of a very old
system that, I should add only has 4gb of ram and 128gib ssd, that
runs Kde and gnome3 both very smoothly. what are you using it on
that you think it isn /not/ lightweight?
1630[22:56:09] <_shawn> hendursaga: if you just want to see how
it will really work on your system, Solus uses non-free on their
liveUSBs, they have .isos with Kde Plasma and Gnome3. Note: I am not
recommending Solus other than for using their .iso to test the DEs
1631[22:56:10] <Rob_Jones> what if part of the service is web
hosting?
1632[22:56:13] <jhutchins> Through a secure shell.
1640[22:58:41] *** Quits: n4dir (~n4dir@replaced-ip) (Remote host closed the connection)
1641[22:59:55] <Rob_Jones> what if you need a full dashboard
management, emails, ssl, file management?
1642[23:00:42] <jhutchins> Rob_Jones: Either the clients hire
someone who's capable of linux administration, or they pay you
to do it.
1643[23:00:53] <aminvakil> jhutchins++
1644[23:01:06] *** Quits: riff-IRC (~riff2@replaced-ip) (Remote host closed the connection)
1645[23:01:30] <Rob_Jones> a lot of web hosts these days will
provide that service though, not sure why someone would choose my
company if they can get it somewere else
1664[23:28:02] *** Quits: dez (uid92154@replaced-ip) (Quit: Connection closed for inactivity)
1665[23:28:21] <ratrace> Rob_Jones: if you insist on a panel, use
Plesk. Forget about the free and opensource stuff, that sucks beyond
imagination
1666[23:28:38] <Rob_Jones> yeah I am looking into plesk
1667[23:28:50] <ratrace> that said.... panels suck. they're
really only usefull if you're selling the panels themelves, in
a shared hosting product to webmasters
1668[23:29:02] <Rob_Jones> im just no good with server
administration
1669[23:29:04] <ratrace> if you don't intend to offer shared
hosting accounts to webmasters ... forget plesk too
1670[23:29:07] <ratrace> learn it
1671[23:29:24] <ratrace> delegating that to a panel does not help
when you find yourself in an anomaly that even the panel can't
fix
1672[23:29:33] <Rob_Jones> i could do but I would always have
that 'what if' thought in the back of my head
1673[23:29:39] <Rob_Jones> set up an email server
1674[23:29:44] <Rob_Jones> what if it gets compromised
1675[23:30:07] <ratrace> and you think panels are somehow fairy
dust magick and 100% fault proof? no "what if" for
"someone else's work that I know nothing about, aka the
panel"?
1676[23:30:31] <Rob_Jones> thats true I guess, but surely they
have alot more knowledge about this stuff then i do
1677[23:30:43] <ratrace> I'm paranoid. full of "what
if" doubts. but I trust my own adminship far more than a panel
1678[23:31:07] <ratrace> Rob_Jones: I wasn't born with it
tho
1679[23:31:20] <ratrace> maybe I learnt it. maybe it's
maybelline.
1680[23:31:26] <Rob_Jones> :P
1681[23:31:38] <Rob_Jones> think its possible to learn from like
udemy?
1682[23:31:51] <Rob_Jones> or where is the best place to go for
linux server administration
1683[23:31:52] <ratrace> never used udemy courses, so I
can't judge
1684[23:31:58] <Rob_Jones> other than this irc ofcourse ;)
1686[23:32:33] <ratrace> I learnt it by simply doing it. Used
linux as my primary driver for a year or so before I dared running a
public service, which was a VPS. Today I command a fleet of dozens
of mission critical servers for a number of companies.
1687[23:32:45] <ratrace> public *server
1688[23:33:09] <ratrace> however, I've been "into
hosting" since 1995, shared hosting user/webmaster. started
using linux in 2006
1690[23:34:08] <ratrace> but you don't need that long to get
used to and comfortable with running a server. my guess is anyone
can learn to be comfortable with running a server within a year or
two of direct experience
1691[23:35:18] <ratrace> (point here is, not to brag, but to tell
you that even after all these years I still have "what if"
doubts)
1692[23:35:52] <Rob_Jones> I guess its always going to be in the
back of your mind
1695[23:36:05] <ratrace> btw, there's Linux Academy, I think
they're more dedicated to Linux than Udemy with courses
1696[23:36:22] <Rob_Jones> Linux academy hmm cheers will look
into that now
1697[23:36:27] <Rob_Jones> also on the topic of panels
1698[23:36:34] <ratrace> Rob_Jones: it'll never go away,
esp. since the software constantly changes. each release brings a
sackful of new bugs to be afraid of :)
1699[23:36:43] <Rob_Jones> what about web panels created by moi
that communicate with shell scripts?
1700[23:36:56] <ratrace> by what?
1701[23:37:06] <Rob_Jones> moi (french for me) ;)
1702[23:37:16] <jhutchins> Rob_Jones: I've gotten most of my
knowledge from books like the ones Orielly publishes. Running Linux
was where I got my start. I have some books on bash, on MySQL, and
on sendmail.
1703[23:37:38] <Rob_Jones> hmm i might have to look into my old
university library
1704[23:37:39] <ratrace> Rob_Jones: oh bien sur... :)
1705[23:37:44] <jhutchins> Rob_Jones: These days there's a
lot of good stuff on line, but you need to be sure it's current
and from a reliable source.
1706[23:38:07] <Rob_Jones> yeah read something the other day then
at the bottom of the post it said Aug 2012
1707[23:38:10] <Rob_Jones> was just like derp
1708[23:38:20] <ratrace> Rob_Jones: separation of (web) ui and
higher privilege dedicated scripts is definitely the way to go
(instead of running the web app in higher privilege mode)
1709[23:38:50] <jhutchins> Rob_Jones: A lot of the stuff I
learned back in the 90s is still valid, but some is not.
1722[23:45:47] <Rob_Jones> anyone have any opinions on apache vs
nginx
1723[23:47:13] <tomreyn> yes, a lot have opinions on this.
1724[23:47:35] <ratrace> pre-empting a httpd war? don't
bother. nginx ftw, everyone knows that :) ;)
1725[23:51:13] <dvs> !start a web server war
1726[23:51:26] <ratrace> !start a httpd war
1727[23:51:38] * ratrace kicks dpkg
1728[23:51:50] <Rob_Jones> so what your saying is httpd is
superior right ;)
1729[23:52:22] <hendursaga> ?!? Now this gets even more
confusing! So, now, entering my LUKS password works, but not only
that, but it shows asterisks when I type it in, which hasn't
happened for the previous installations..
1730[23:52:57] <hendursaga> rudi_s: What do you make of it?
1731[23:53:11] <ratrace> it shouldn't be doing that. is that
cryptsetup's initramfs scripts?
1732[23:53:16] <gordonfish> s/a httpd/an httpd/ # unless
you're actually sounding it out some how ;p
1734[23:53:56] <gordonfish> (I would image attempting to do so to
come out fairly flatulant..)
1735[23:54:20] <hendursaga> ratrace: I think so? Whatever is the
first password to enter for decrypting the drive
1736[23:55:01] <hendursaga> And now, I installed KDE with my
installation, but it does not boot into a graphical environment?!
1737[23:56:50] *** Quits: Vizva (~Vizva@replaced-ip) (Remote host closed the connection)
1738[23:57:23] <hendursaga> And now, after entering startx, all
the graphics are positively corrupted. I think I saw some message
about Radeon firmware missing.. that it?