28[00:34:28] *** combatvet_ is now known as CombatVet
29[00:37:45] <HelloShitty> Hello. I have this folder that is a
copy of another folder but they are no longer with the same content
because in the mentime, the original folder content has changed. Can
I use 'rsync' just to make this copy to match 100% of the
content of the original folder?
30[00:37:52] <HelloShitty> And both folders are in the same
media
60[01:02:27] <rr123> install debian inside virtualbox also
failed due to various network related or hash mismatch when install
the packages(after select tasksel)
61[01:04:47] *** Quits: Mister00X (quassel@replaced-ip) (Quit: "I'll be back" — Arnold
Schwarzenegger)
67[01:11:42] <SponiX> rr123: might want to do a checksum
against your install media. As virtualbox emulated hardware should
all easily work with Debian stable
68[01:12:09] <SponiX> rr123: I mean you _can_ screw up the
networking for it still, but you kinda have to try hard
215[03:31:02] <dannylee> ok i got Debian Buster working
good...but some website wont let me open up the source with
konqueror...but midori will let me view source and edit...in the
file manager i just set my default editor as emacs...i'm all
set to hack the Government...i;m afraid of newer version of
os...they just don"t like hackers...buster is a bit better than
i thought...
216[03:31:42] <jaggz> dannylee, wow.. what? what site?
221[03:34:01] <dannylee> ok they just don"t like me to see
there source code...but it all right...they are American t000..
222[03:34:25] <jaggz> dannylee, it doesn't make sense --
not something I've heard of. I can view source in ff and konq
223[03:34:49] <jaggz> the line length is longer than
konquerer's popup of the kate text editor allows so it gives me
a warning, but it loads and shows it fine
224[03:34:57] <jaggz> (aside from possibly cropping those lines)
489[10:41:53] <Lope> `grep 'model name' /proc/cpuinfo
| head -n 1` shows "model name : AMD Ryzen 9 5950X 16-Core
Processor"
490[10:42:28] <Lope> But in a VM, the CPU name shows up as a
more generalized "model name : AMD EPYC-Rome Processor"
491[10:42:38] <shtrb> What was the name of a FF extension that
used youtube-dl and external player to play videos instead of the
built in media player ? I looked at
replaced-url
492[10:42:41] <shtrb> ?
493[10:42:41] <Lope> How can I get that general name from my CPU
on the host?
494[10:43:14] <shtrb> Lope, you see data that your
virtualization software is declaring
497[10:44:31] <shtrb> Lope, libvirt can and will declare
different CPUs to your VMS
498[10:45:28] <Lope> shtrb, thanks, I'll ask the libvirt
guys
499[10:46:30] <shtrb> Perhaps I did not explained properly, when
you declare a VM in libvirt, libvirt would virtualize a cpu (like
the other devices like your graphical card)
500[10:47:01] <shtrb> Try selecting "Copy cpu
configuration"
510[10:53:53] <ratrace> even then it's still virtualized,
the hypervisor might block certain instructions
511[10:54:07] <Lope> ratrace, I have something to that effect,
yeah.
512[10:54:17] <Lope> I just want to figure out how to get the
generalized name.
513[10:54:43] <ratrace> that's windows or linux VM?
514[10:54:45] <Lope> Without actually spinning up a VM and
grabbing it from the VM
515[10:54:50] <Lope> Linux VM
516[10:54:59] <ratrace> however, Ryzen != EPYC
517[10:55:01] <Lope> `grep 'model name' /proc/cpuinfo
| head -n 1` on host and guest
518[10:55:11] <Lope> It actually is, hey.
519[10:55:17] <Lope> I mean same core architecture.
520[10:55:38] <Lope> Just some stuff is disabled, like RAM
encryption.
521[10:55:46] <ratrace> "well yes", but functionally
not. they come from the same waffer. like xeon and core are, but
they're not the same cpus functionally
578[11:11:31] <ratrace> you should definitely NOT use
-march=native inside VMs
579[11:11:56] <Lope> the model on host also different between
host and VM.
580[11:12:12] <Lope> so different family and model
581[11:12:22] <ratrace> right, so -march=native is a lie
582[11:12:31] <Lope> LIES, DAMN LIES!
583[11:12:32] <ratrace> you'll end up with software that
can't run
584[11:12:34] <m4r35n357> Hi all,, Jigdo is failing on the 5th
(& 6th) DVD, error is "couldn't connect to
78.129.164.123 port 59076: Connection timed out"
585[11:12:42] <Lope> ratrace, well, it runs inside the VM haha
586[11:12:50] <Lope> I bet it would run on the host, too.
587[11:13:05] <m4r35n357> command is: jigdo-lite
replaced-url
588[11:13:19] <Lope> ratrace, actually, opposite to what
you're saying, march native will result in software that's
more compatible than if it were compiled on host.
589[11:13:37] <m4r35n357> connects, logs in as anonymous, then
times out on every file
590[11:13:39] <ratrace> Lope: no, and I speak from experience
591[11:13:44] <Lope> Because the VM's vcpu's are
generalized for the sake of vulnerability mitigation, and ease of
live migration.
592[11:14:06] <ratrace> Lope: problem is the cpu is still
virtualized. gcc detects wrongly the supported instruction set. even
if "works" now, one of future rebuilds might brick it
593[11:14:28] <ratrace> Lope: I've had that happen more
than once with -march=native builds inside teh VMs, even with host
passthrough of the cpu.
594[11:14:42] <Lope> ah, so what march should I use for a VM on
5950x?
595[11:14:44] <ratrace> all of a sudden, one day, youget an
invalid opcode error and the thing crashes
596[11:14:51] <ratrace> Lope: generic
597[11:14:57] <Lope> generic!
598[11:14:58] <Lope> fuck that bro
599[11:14:59] <ratrace> and then use mtune for specific model
622[11:18:41] <ratrace> "gcc: oh, hey, I can use this
instruction!" "kvm: no you cain't" "gcc:
but it's in the reported cpu model" "kvm: no the cpu
is virtualized, I only pass through some features" "gcc:
but..." "kvm: no"
625[11:19:30] <ratrace> Lope: you're actually trying to do
the _opposite_ of what VMs stand for. you're trying to nativize
hardware for "performance" lie^Wbenefits
631[11:21:32] <ratrace> then compare to the SAME output on the
host. observe difference. cry yourself to sleep.
632[11:22:15] <ratrace> HOWEVER .... you CAN, specify individual
-mXXXX options for some features that are NOT virtualized and are
pass'ed through. options that might speed SIMD ops like avx,
avx2 and friends
634[11:23:37] <ratrace> in other words, decide on the _minimum_
feature set you want to support based on hardware you expect this to
run. this is what some distros are doing recently, like fedora, and
suites like Mesa
652[11:52:04] <Xalys> ratrace: I tried that, but I tested a few
packages, and couldn't find the symlinks in /etc/alternatives
in apt-file search (are symlinks in there?)
684[12:13:18] <ratrace> ideally you want specific -mXXXX
features taht your CPUs definitely support, especially for SIMD
friendly packages, which is mostly multimedia thingies
685[12:14:04] <ratrace> in my experience, -march=native is not
worth the trouble for vast majority of packages. few % speed bump if
at all. however it shines for specific packages that want SIMD, but
those are _often_ autodetecting at runtime
686[12:14:49] <ratrace> sometimes not. eg, -march=native vs no
-march yielded 50% improvement for me in python PIL compilation ..
but I tested baremetal only, dunno how that'll fare in VMs
687[12:15:06] <ratrace> as I mentioned, since I started getting
invalid opcode errors in VMs, I stopped -march=native
688[12:15:13] <Lope> it looks like setting an older -march will
make it run slower.
689[12:15:21] <Lope> Because it means it won't use newer
instructions.
690[12:15:33] <ratrace> it's not as clear cut as that
691[12:16:07] <Lope> fair enough
692[12:16:17] <Lope> well, yolo, going to run the native stuff
in my VM and see how it goes :)
693[12:16:23] <Lope> it's not for production, it's for
dev.
694[12:16:27] <Lope> Dev speed.
695[12:16:39] <ratrace> it's pointless, but it's your
L to YOLO :)
696[12:17:01] <Lope> you say pointless, but stuff might run 50%
faster
697[12:17:05] <Lope> that's not pointless
698[12:17:29] <Lope> I like it when stuff breaks.
699[12:17:37] <Lope> Cos if stuff doesn't break, I have to
do actual work.
700[12:18:01] <Lope> It would make my devops position more
redundant, if everything worked.
701[12:18:20] <Lope> -march is there for me, really.
702[12:18:46] <Lope> -march=do some work before march.
703[12:19:02] <ratrace> yes, I know you devops folks are making
up reasons for employment. got rid of dev ops ppl in my company some
time ago, never looked back :) /no-offense
706[12:21:27] <ratrace> the guy was literally creating issues ..
whether deliberately or by sheer lack of knowledge and skills,
thinking nodejs is an answer to everything, I don't know. but
the moment we got rid of him and the damned nodejs, guess waht: the
issues disappeared :)
707[12:21:41] <Xalys> lol
708[12:21:59] <Xalys> in my experience kiss is usually an
unknown concept to most devops ppl
713[12:23:37] <ratrace> like in this example, you no NOT want
-march=native system wide. you want to target specific packages with
specific -mXXX options, and benchmark to actually see improvement.
714[12:24:02] <ratrace> counterintuitively, march=native and
shoving -O3 everywhere (that many love to do, thinking --zomg-fast),
will actually slow down code in some cases
740[12:38:37] <Lope> When you change code it re-babels a whole
lot of shit and god knows what else.
741[12:38:42] <ratrace> march=native is okay for baremetal. you
build software for that specific hardware, speeds up things where
possible, that's okay.
742[12:39:05] <Lope> as I mentioned before, this is just for my
development environment, not production.
743[12:39:13] <ratrace> this is probably becoming very much
offtopic for #debian tho. your Q was about, I presume, kvm settings
on debian host
744[12:39:57] <ratrace> but in the development process where
you're thinking for hundreds of thousands of miliseconds
between two lines of code.... that 1-2ms speedup you gain with
native is insignificant :)
745[12:40:15] <ratrace> also, afaik gcc itself doesn't get
much improved if built with march=native itself.
747[12:40:55] <ratrace> you'll probably gain much more if
you ran with mitigations=off* *) Disclaimer: understand what that
does first :)
748[12:42:25] <Lope> haha, you think mitigations=off helps on
5950x?
749[12:42:40] <Lope> I know it actually hurts gaming
performance, when you do it in windows.
750[12:42:51] <ratrace> yes, AMD _is_ vulnerable to some spectre
variants
751[12:42:51] <Lope> Well, according to "Tech yes
City"
752[12:42:58] <Lope> I know
753[12:43:09] <Lope> But apparently having mitigations on makes
the CPU faster haha.
754[12:43:25] <Lope> Probably because optimizations are mixed in
with mitigations.
755[12:43:30] <ratrace> what?
756[12:43:37] <ratrace> [citation needed]
757[12:44:10] <Lope> According to the youtuber, "Tech yes
city" disabling mitigations makes intel CPU's run games
faster, but makes AMD CPU's (3000 and up) run games slower.
758[12:44:44] <Lope> that's just games, of course. Every
workload is "different"
759[12:45:17] <ratrace> according to phoronix, games are not
impacted by mitigations at all
760[12:45:55] <ratrace> phoronix numbers should not be used to
make generalized statements, but at the individual test level, those
numbers are more or less usable
761[12:46:15] <ratrace> ie, games are gpu intensive, not syscall
intensive (where there's impact)
763[12:46:23] <Lope> ratrace, according to tech yes city, it
drops FPS quite a lot in some games.
764[12:46:41] <Lope> I think up to 50% or something crazy in
some cases, for old gen2 Xeons etc.
765[12:46:46] <ratrace> according to phoronix, it doesn't.
so .... two sources, wildly opposite conclusions. TheMoreYouKnow(tm)
766[12:47:14] <ratrace> THENAGAIN ..... _windows_ is a kind of
its own so who knows what's going on there.....
767[12:47:30] <Lope> CPU is also very important for games though
768[12:47:39] <ratrace> on debian ... with steam ... I've
ran tests myself, showing FPS and running with mitigations=off and
without. no difference in games I ran
769[12:48:01] <ratrace> Lope: yes, but mitigations don't
affect cpu workloads uniformly. they're specific to syscalls
and, more precisely, context switches
770[12:48:27] <Lope> yeah, the effect varied from one game to
the next.
771[12:48:36] <ratrace> entrance, exit of functions, context
switches, ... a for-loop crunching numbers is not gonna be affected
by mitigations, unless it does a lot of syscalls and function calls
772[12:48:40] <Lope> Some games only saw a 2% drop on intel in
windows with mitigations on.
773[12:48:49] <Lope> Some I think even were the same.
774[12:49:16] <Lope> Of course, pro youtubers will make the CPU
do the heavy lifting when they test this sort of thing.
781[12:51:10] <ratrace> but pegging CPU doesn't
automatically mean bad performance due to mitigations.
782[12:51:11] <Lope> also, as you mentioned you tested on Linux.
The linux kernel people are obsessed with performance and have
changed things a lot to reduce the impact of mitigations.
783[12:51:20] <ratrace> specific, syscall heavy, workload has
the most impact
784[12:51:21] <Lope> Whereas I don't think the windows
people are as concerned.
785[12:51:44] *** Quits: OlCe (~user@replaced-ip) (Remote host closed the connection)
786[12:51:48] <Lope> It's not like Intel can fix
microsoft's slow code to cover their ass, (hide/reduce
performance loss of mitigations) like they can on Linux.
787[12:52:48] <Lope> As an example of this, windows was
massively slower than Linux on CPUs like 2990WX or whatever it was
called, for like 2 years.
788[12:53:09] <Lope> They don't seem to care about
performance in anywhere near the same quantity as Linux folks.
789[12:53:41] <Lope> Windows wasn't NUMA aware or whatever.
790[12:53:51] <ratrace> I don't think it's lack of
caring, but specific NT kernel design they can't really work
around
791[12:53:57] <Lope> It kept moving processes across NUMA nodes
constantly.
792[12:54:08] <Lope> nah, windows eventually fixed their shit.
793[12:54:12] <ratrace> it is, after all, a hybrid thing between
microkernel and a monolothic on, no?
832[13:29:06] <another> do you want to boot a headless machine
in a datacenter?
833[13:29:49] <ratrace> jack2019: that's pointless.... why
encrypt if the key is available on the same system, to automatically
unlock on boot?
834[13:30:24] <ratrace> jack2019: if you want proper automatic
unlocking, you might need something like a keyserver and custom
keyscript that uses the keyserver
835[13:30:57] <nkuttler> or dropbear
836[13:31:06] *** Quits: Lordseabeach (~Lordseabe@replaced-ip) (Remote host closed the connection)
837[13:31:11] <ratrace> or a USB stick, or some other storage
available on the server, that you can unplug.
838[13:31:25] <ratrace> dropbear is just a sshd. I guess you
then mean to unlock via ssh, but that's not automatic
839[13:31:48] <nkuttler> nothing is automatic unless you
automate it
840[13:31:54] <ratrace> the idea here is that you encrypt ONLY
(and ONLY!) to make data unavailable once the disks power down
841[13:32:04] <mspe> or full-fledged openssh-server ^^
842[13:32:16] <ratrace> you can't automate unlocking via
ssh.
843[13:32:32] <nkuttler> how much do you want to bet?
844[13:32:38] <mspe> you totally can
845[13:32:52] <ratrace> sigh.... _something_ or someone needs to
initate it
846[13:33:14] <ratrace> the point of "automatic
unlocking" here is that it .... automatically... unlocks on
boot, with no external agent actively ssh-ing in
847[13:33:36] <nkuttler> that's your constraint, not
jack2019's
848[13:33:45] <ratrace> CAN you do it theoretically? oh yes.
with a lot of convoluted checks like regular pings so if the server
goes off or is somehow singalling reboot, you ssh in and unlock even
with automation
849[13:34:11] <ratrace> OR .... make it as simple as using a
keyserver and a keyscript.
850[13:34:18] <ratrace> otherwise it's not
"automatic" unlocking on boot.
851[13:34:44] <jack2019> ratrace, keyserver?
852[13:35:08] <ratrace> jack2019: yes, a server that has the
keys that your keyscript will fetch over, say, https
853[13:36:07] <ratrace> there's a whole package that can do
that. mandos
854[13:36:29] <ratrace> doesn't seem to be packaged on
debian tho
858[13:37:09] <jack2019> ratrace, any time I want to reboot the
system, I have to upload the key to https? correct?
859[13:37:11] <ratrace> _however_ I prefer doing this with a
custom keyscript and a trusted keyserver
860[13:37:29] <ratrace> jack2019: not if you set up the server
to permanently have the key for download
861[13:37:54] <ratrace> jack2019: again, it's very
important to understand the threat model here: you ONLY do this so
that data becomes unavailable once the disk powers down and is
removed from the chassis
862[13:38:24] <ratrace> so you don't store the key on the
same disk. you can store it on a separate USB, separate disk, or
remotely on a keyserver.
905[14:23:58] <ratrace> for that use case, you can't store
the key on the disk itself, but you can keep it on a permanently
attached USB stick, or another drive, or remotely on a keyserver
907[14:25:18] <another> i assume you retire the key in the
keyserver, as soon as the drive is retired?
908[14:25:34] <ratrace> that assumes you can actually access the
data on it to wipe it out
909[14:26:07] <ratrace> what about disk failures where you
can't mount the fs to wipe it? but someone wiht forensic tools
CAN extract the key and thus data from the drive?
913[14:27:05] <ratrace> what about SSDs where linear sector
address is pointless and there's no guarantee you actually
deleted anything unless you exec'd some sort of firmware safe
delete ... which assumes the disk is operational
914[14:27:15] <another> the kes is on the keyserver. the disk
holds an unencypted boot+TLS+pgp
916[14:27:49] <ratrace> another: this is really very simple:
disc encryption with keys on the same disk is pointless.
917[14:28:16] <ratrace> no ifs, or buts, or whethers. so in that
case, if the user wants auto unlock on boot, the key has to be
elswhere. on another storage medium, on a remote server, wherever.
918[14:28:34] <another> ... i get the feeling there is a
communications problem
919[14:28:42] <ratrace> mandos is just one tool for that.
I'm not familiar with its internals, I just know it exists, and
I mentioned it in that context. I personally use custom keyscripts
for that
935[14:43:11] <ratrace> sigint: in our case, a whitelist of IPs
that can query for key; and the key is available only when we make
it such, which we do on planned reboots.
936[14:43:47] <ratrace> also, an attacker stealing teh server
from a secured rack in the datacenter where we host the servers is
also NOT part of the threat model
937[14:44:10] <ratrace> such attacker can attack the /boot
partition or the bios or uefi and find out the key in all sorts of
ways
940[14:45:21] <jack2019> ratrace, in case of middleman, can grab
the key?
941[14:45:41] <ratrace> depends how well you protect it. for
https, use your own CA and don't use public CA lists
942[14:45:51] <qman__> HTTPS with proper TLS and forward
security, I hope
943[14:46:39] <qman__> the CA doesn't really matter, but
there's no reason to complicate it with a public CA
944[14:46:41] <ratrace> and of course that. but ... if your
threat model involves actors that can attack your TLS ... you have
much bigger problems and that encryption is probably worhtless
945[14:47:02] *** Joins: conta (Thunderbir@replaced-ip)
946[14:47:41] <m4r35n357> Hi all, Jigdo is failing on the 5th
(& 6th) DVD, error is "couldn't connect to
78.129.164.123 port 59076: Connection timed out"
947[14:47:43] <m4r35n357> command is: jigdo-lite
replaced-url
948[14:47:45] <m4r35n357> connects, logs in as anonymous, then
times out on every file
952[14:49:22] *** Quits: conta (Thunderbir@replaced-ip) (Remote host closed the connection)
953[14:49:51] <ratrace> qman__: problem with public CA framework
is that .... it's worthless for a wide range of non-tinfoil-hat
situations. it's extremely weak for anything other than
protecting against noobs with no ability to rubber-hose a CA into
issuing fake certs
954[14:50:26] <ratrace> one can assume that all the chinese and
other shady country CAs that inhabit all the major browser and
distros CA lists ..... are not to be trusted
955[14:50:52] <jack2019> m4r35n357, it looks like dns problem,
ping -c 3 debian.org
959[14:52:19] <m4r35n357> jack2019, so what is the DNS problem?
960[14:52:26] <qman__> maybe, but that's not relevant here,
all that matters is that your certificate is from a CA sufficiently
trustworthy to not issue someone else certs with your name,
doesn't matter whether you run that CA or not
961[14:52:52] <qman__> the client doesn't need to trust all
CAs, only the one(s) issuing your cert
962[14:53:25] <qman__> since browsers aren't relevant here,
running your own is probably the easier way to do it
968[14:54:36] <ratrace> qman__: oh you mean "which CA you
use doesn't matter as long as YOU can trust it" . sure.
but that excludes all of the public CAs
969[14:55:10] <ratrace> qman__: and I'm not talking about
CAs issuing certs, I'm talking about CAs in your ca-certificate
list
981[14:59:31] <qman__> there is absolutely nothing stopping you
from changing which issuers you trust to only include a specific
public CA
982[14:59:33] <ratrace> qman__: well .. yes, okay, but assumes
that "trust". with self signed CA and no public ones in
the list, you don't need that trust
983[14:59:53] <ratrace> qman__: true, I misunderstood what you
said, sorry.
1022[15:21:36] <oxek> to be fair, I don't know why the
multiple-dvd releases of debian even exist either
1023[15:22:12] <m4r35n357> oxek, the 16GB jigdo sounds ideal, if
only . . .
1024[15:23:08] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
1025[15:23:23] <m4r35n357> so, either the jigdo templates are
wrong, or there are no files at ftp.uk.debian.org ;)
1026[15:24:14] <m4r35n357> I think the latter, since jigdo would
break everywhere if the templates are wrong
1027[15:24:52] <m4r35n357> I mean more likely incorrect file
structure at ftp.uk
1028[15:25:49] <oxek> why not use deb.debian.org instead?
1029[15:25:58] <oxek> it's faster than ftp.uk.d.o
1030[15:27:39] <m4r35n357> oxek, I try to use the best
"canonical" source, I think that is what one is supposed
to do, but I'm done being good, so I will, thanks!
1092[16:54:37] <m4r35n357> jhutchins, but I want a reasonably
"complete" last point release that I can install &
upgrade without an internet connection.
1245[19:17:35] <istrive> hellow world! I hope everyone is safe...
At least the social distancing is covered in chat rooms! ;)
1246[19:18:37] *** cajaroCAT is now known as spinningCat
1247[19:20:00] <istrive> I have installed PHP v7.3 (debian buster
default version), enabled the module in apache2 and it shows fine
the Info page (/var/replaced-url
1248[19:21:07] <istrive> I alreadyi get http error 500
1249[19:21:18] <cws> i would dig into the server/php logs to see
what's going on.
1331[20:32:20] <sney> barrier is in debian and it's packaged
for the arm arches, so it will probably install, but if that's
a very old rpi then the hardware may struggle
1345[20:39:02] <sney> strk: no, my suggestion was to install a
*current* debian version from
replaced-url
1346[20:39:12] <strk> I just find me turning my single-monitor
too many times, from one place to another, so have been thinking to
just add an additional monitor
1347[20:39:24] <strk> I could use just a cable and directly
connect it to the single-host
1348[20:39:38] <shtrb> strk , what's your actual goal ?
1349[20:39:38] <strk> but I thought... what's this rPI doing
in the drawer ? :P
1368[20:50:48] <strk> so as a result I've the first monitor
(HDMI) just showing a background and NO menu to start anything,
while the other monitor complains about "cannot display this
video mode"
1369[20:50:54] <strk> I think I saw this happening often with
that monitor
1370[20:51:05] <strk> I'll need now a command-line way to
change the VGA monitor resolution
1395[21:03:24] <strk> for some reason the desktop environment
thinks that the monitor on the left has to be preferred (desktop
icons, full-screen Kodi)
1396[21:03:40] <strk> do you have any idea what's
responsible for this ? The monitor on the *right* is
"primary"
1422[21:22:14] <dpkg> In systemd, "systemctl set-default
multi-user.target", or remove the DM package(s) with
"aptitude remove gdm3 kdm lightdm lxdm nodm sddm slim wdm
xdm". "echo false
>/etc/X11/default-display-manager" will also disable the DM,
or just hit ctrl-alt-fN to get to a console. nodm is the name of a
minimal/automatic display manager (replaced-url
1427[21:23:25] <greycat> That's GRUB. And that's all I
can tell you about your question.
1428[21:25:07] <line17> my question i want to set a password to
grub.
1429[21:25:09] <greycat> ... partly because I can't figure
out what you're actually asking for. Are you trying to
*prevent* the use of the GRUB menu? Or are you trying to reset the
root password? Or something about disk encryption? Or something
different?
1430[21:25:42] <line17> prevent the use of grub menu
1431[21:26:17] <line17> greycat, i found the answer
1432[21:26:25] <line17> thanks for your interest and effort
1433[21:26:32] <line17> appreciated!
1434[21:27:37] <aminvakil> line17: i'm not saying
that's useless, but keep in mind that if your pc gets stolen,
and the thief knows how to edit kernel line, they probably know they
can boot your linux without another kernel using a usb flash drive
1435[21:27:48] <aminvakil> s/without/with
1436[21:28:19] <line17> aminvakil, if i encrypt /boot and /sda
partition can they still edit kernel?
1437[21:28:36] <aminvakil> sda is not a partition
1438[21:28:48] <line17> you understood
1439[21:28:51] <aminvakil> you should encrypt your root partition
1440[21:28:54] <greycat> and /sda is not a directory either
1441[21:28:54] <line17> yes
1442[21:28:57] <line17> it is
1443[21:29:10] <greycat> unicorn:~$ ls -ld /sda
1444[21:29:10] <greycat> ls: cannot access '/sda': No
such file or directory
1445[21:29:16] <line17> :)
1446[21:29:21] <line17> i hate cats
1447[21:29:34] <cws> Threatened by smarter animals?
1448[21:30:02] <aminvakil> they don't need to edit your
kernel, they just boot your system with another kernel :) unless you
have encrypted your root partition
1449[21:30:07] <line17> cws, a mosquito had bited me
1467[21:34:54] <aminvakil> either way, if you don't encrypt
your /boot, someone can put a malicious code inside your bootloader
which can retrieve your luks password next time you type it in
1468[21:35:00] <aminvakil> that's the reason i think for
encrypting /boot
1469[21:35:31] <cws> Which requires physical access, or the
system operator being INCREDIBLY stupid.
1471[21:35:43] <aminvakil> and i don't think secure boot
helps here, because if someone has this access to modify /boot
files, they can change secure boot keys too
1473[21:35:52] <aminvakil> cws: right, which requires physical
access
1474[21:35:54] <cws> So unless you have a legitimate reason to
believe that someone is going to break into your house and modify
your bootloader, you're wasting your time.
1475[21:36:00] <aminvakil> exactly
1476[21:36:30] <aminvakil> or maybe if you go into hotels
frequently and leave your laptop out of your sight for long periods
1478[21:36:32] <line17> aminvakil, secure boot doesn't work
smoothly with /boot encryption iirc
1479[21:36:45] <cws> And if you are being targeted to that
degree, they'll skip that part and go straight to the
kidnap-you-truth-serum-wrench-to-the-head option, a la xkcd.
1480[21:36:59] <aminvakil> i was telling the situation that /boot
is not encrypted
1481[21:36:59] <line17> aminvakil, they don't need such
conspiracy theories.
1496[21:40:29] <ryouma> huh, i didn't think it was possible
to encrypt /boot and have it so that an attacker could have physical
access and still not be able to get in or be an evil maid or
whatever it is called
1560[22:00:25] <ryouma> what if you carry around a drive and boot
from it? are you still vulnerable to whatever is done to the
computer while youa re not htere?
1561[22:00:47] <oxek> ryouma: you're still vulnerable, but
the bar is set much higher.
1562[22:01:06] <oxek> meaning it will be resistant to local
police trying to bug it, but not to CIA/FBI/NSA
1563[22:01:27] <ryouma> you mean like they woul dhave to modify
hw or something?
1564[22:01:42] <oxek> yeah, modify bios, hdd firmware, etc.
1565[22:02:02] <oxek> or they might just put a bug into your
keyboard and retrieve it later
1566[22:02:13] <oxek> local PD don't have the skills for
that usually
1567[22:02:29] <aminvakil> local police could set up a
surveillance camera and retrieve password :P
1605[22:40:21] *** Quits: omarek (~b0rsuk@replaced-ip) (Quit: Lost terminal)
1606[22:40:59] <digitalD> I'm pretty sure someone stole the
candy off my desk in the office - of course, I haven't been in
the office since last March, so it may still be there...
¯\_(ツ)_/¯
1607[22:41:12] <digitalD> but I think theft is still a thing...
1670[23:17:54] <strk> shall I try to download a new raspbian
version ? I'm afraid the old rPI won't support it :(
1671[23:18:21] <craigevil> what PI do you have?
1672[23:18:34] <sney> strk: this is #debian. if you want to use
debian, there are images on raspi.debian.net. if you want raspbian,
you need to go to #raspbian.
1673[23:18:36] <strk> do you know how to tell from software ?
1674[23:19:08] <strk> craigevil: ^
1675[23:19:19] <strk> model name : ARMv6-compatible processor rev
7 (v6l)
1683[23:22:29] <dka> can anyone help? I use cinnamon with debian
latest and for some reaosn, I could not open my sound setting, and
my display settings
1684[23:22:34] <jhutchins> !raspian
1685[23:22:35] <dpkg> Raspberry Pi OS (previously called
Raspbian) is a distribution <based on Debian> made
specifically for the <Raspberry Pi>. Raspbian is not Debian
and it is not supported in #debian. Please use #raspbian (or
#raspberrypi) on irc.freenode.net for support.
replaced-url
1686[23:22:35] *** Quits: blackest_mamba (~blackest_@replaced-ip) (Remote host closed the connection)
1687[23:23:00] <dka> so I googled, and click on remove panel by
mistake. now I use cinnamon-settings to open the settings and re-add
a panel, but the add new panel bouton does not work
1689[23:23:17] <dka> it doesn't open anythting, doesn't
show any error message, my panel is removed so I can't really
use my desktop
1690[23:23:24] <dka> what are my best moves to fix this asap?
1691[23:23:49] <jhutchins> dka: Install xfce/
1692[23:24:02] <dka> what is that?
1693[23:24:14] <dka> a replacement for cinnamon?
1694[23:24:20] <dka> should I delete cinnamon first ?
1695[23:24:47] <jhutchins> dka: No need.
1696[23:25:00] <dka> how does the system know whish desktop to
use?
1697[23:25:10] <dka> Is it xfce4?
1698[23:25:50] <dka> Why would I want two desktop GUI on my
system?
1699[23:25:56] <dka> I just installed it, should I restart
1700[23:25:57] <jhutchins> Yes, and the greeter/login screen
should let you choose. Default is whatever you used last.
1701[23:26:24] <jhutchins> dka: Should only have to log out and
log back in, choosing xfce.
1702[23:26:53] <jhutchins> dka: Two so you can have a working
desktop, but go back to cinammon when you want.
1703[23:27:11] <jhutchins> !cinnamon
1704[23:27:11] <dpkg> Cinnamon is a fork of <GNOME Shell>
initially developed by the Linux Mint distribution. Packaged since
Debian 8 "Jessie", ask me about <install cinnamon>.
replaced-url
1705[23:27:55] <jhutchins> dka: cinnamon is a bit under-staffed.
1706[23:28:05] <Villux> There's some Linux Mint reset
instructions here, but it's from 5 years ago. No idea if
it's relevant here or not:
replaced-url
1707[23:28:25] <dka> I just reboot, and I got back in cinnamon,
without panel
1708[23:29:41] <dka> How do I switch to xfce and uninstall
cinnamon?
1709[23:30:59] <jhutchins> dka: Like I said, you have to pick it
in the greeter.
1719[23:39:27] <dka> it wasn't possible to fix cinnamon?
1720[23:39:54] <jhutchins> dka: Like anything else in Linux,
there is a learning curve for xfce. If everything worked the same as
cinnamon there'd be no point.
1721[23:39:55] <dka> if I dpkg -r cinnamon; dpkg -P cinnamon;
apt-get install cinnamon, would it work ?
1722[23:41:29] <nkuttler> ah, some tools, you configure them
once, and then they work for decades
1723[23:41:45] <oxek> dka: I can do everything you listed in xfce
1724[23:41:55] <dka> well i cant
1725[23:42:04] <cws> the solution, then, is learn.
1726[23:42:10] <dka> help me oxek
1727[23:42:14] <dka> if you know how to
1728[23:42:28] <jhutchins> dka: Documentation.
1729[23:42:41] <dka> I want : panel bottom, quick search
shortcut, open terminal keyboard shortcut
1730[23:42:43] <oxek> dka: keyboard shortcuts are unsurprisingly
in the keyboard settings
1731[23:42:58] <dka> well, you need to know the synthax,
theré's no tips
1732[23:43:04] <oxek> panel location is unsurprisingly in panel
settings
1733[23:43:43] <dka> you can't put it bottom from the
settings
1734[23:43:46] <oxek> search&start a program, by default
Alt-F3 or Alt-F2
1735[23:43:49] <oxek> etc.
1736[23:43:50] <dka> and you can't configure shortcut in
keyboard settings
1751[23:57:28] <alexrelis[m]> oxek: What might be the problem is
that I also use my USB flash drive to store Grub and /boot and then
boot from the USB.
1752[23:58:59] <oxek> alexrelis[m]: that exact setup worked for
me. Grub & /boot on a usb stick, harddrive truly full encrypted.
1753[23:59:56] <oxek> I can't remember if I tried
hibernation in that setup. Hibernation never really worked for me on
linux, on any machine, irrelevant of encryption or boot options.