67[01:05:39] <PMT> If I have a case where a stretch install cd
booted properly, a buster install cd does not, and a stretch install
dist-upgraded to buster does, where should I report it?
101[01:40:52] <dupin> mtn I know thai is probably for
debian-next but anyway
102[01:41:59] <dupin> mtn echo 'APT::Default-Release
"testing";' > /etc/apt/apt.conf.d/20-tum.conf ,
then edit sources.list, copy your primary testing line and change
the copy to unstable
106[01:43:41] <PMT> What are you reading, and what are you
specifically trying to accomplish?
107[01:43:59] <sney> open sources.list, take the line that ends
with 'bullseye main', copy it, change 'bullseye'
to 'sid' in the copy
108[01:44:02] <sney> !tum
109[01:44:02] <dpkg> [Testing-Unstable Mix] echo
'APT::Default-Release "testing";' >
/etc/apt/apt.conf.d/20-tum.conf , then edit sources.list, copy your
primary testing line and change the copy to unstable, then 'apt
update'. Use 'apt -t unstable install foo' to install
foo from unstable rather than testing. WARNING to SYNAPTIC users:
Synaptic ignores Default-Release: set Preferences->Distribution.
181[02:25:37] <cybrNaut> ryouma: i think update-initramfs looks
at /etc/crypttab and works out which one is the "/" mount,
and it only copies that one line to (initrd):cryptroot/crypttab. I
thought that was a bug, but now I realize that's deliberate.
190[02:28:02] <ryouma> cybrNaut: actually i ran across
references saying that it copies to
/etc/initramfs-tools/conf.d/cryptroot, which then gets put in
initramfs.
191[02:28:53] <ryouma> however, i have not confirmed this. and
writing to /etc is a little weird and would presumably be limited to
only a few tools.
194[02:29:13] <cybrNaut> PMT: it reports that it can't find
the key file for crypt5 and crypt6, which is apparently the
initramfs trying to mount those volumes
195[02:29:24] <PMT> Yeah, that's not too surprising to me.
196[02:30:28] <ryouma> also, why would update-initramfs know
which line in /etc/crypttab refers to the root partition? the only
possibilities i can think of are it uses the first line,w hich is
not documented in either of the relevant man pages, or the name,
which could change.
197[02:31:28] <cybrNaut> PMT: i guess i was a bit surprized
because crypt4 ("/") is unlocked just fine, so
theoretically initramfs should have been able to find the key
files.. but in teh end it doesn't matter because i think the
kernel is supposed to mount the other drives
198[02:32:13] <cybrNaut> ryouma: i have no idea how it figures
it out.. i'm just judging from the inputs and outputs
199[02:32:37] <PMT> It doesn't look that hard.
200[02:32:47] <PMT> Assuming you're on a system that
already has them unlocked.
201[02:34:27] <ryouma> i am just saying a priori, before you
create the initramfs in the first place, there isn't any
information b3esides sequence to indicate that
202[02:34:30] <cybrNaut> since update-initramfs is run in a
chrooted environment, it probably just looks at the UUID that maps
to /
203[02:34:55] <ryouma> that would make more sense, if it is run
chrooted, but sometimes it is not
204[02:35:05] <ryouma> but maybe it doesw the same thing anyway
205[02:35:49] <cybrNaut> in any case, it looks like the bullseye
kernel is screwing up here.
206[02:36:05] <ryouma> but it contradicts the laim that crypttab
is used, unless it looks in crypttab to match that uuid
207[02:36:24] <PMT> I would suspect it's the bullseye
initramfs, not the kernel
208[02:37:03] <cybrNaut> initramfs says "cryptsetup:
crypt4: set up successfully", then it's done at that
point, no?
209[02:37:20] <cybrNaut> then I get "[17.934028]
systemd[1]: Failed to mount
/run/systemd/cryptsetup/keydev-crypt5"
210[02:37:36] <ryouma> this might or might not be relevant:
systemd-cryptsetup-generator
211[02:37:51] <ryouma> which has a man page
212[02:39:29] *** Quits: catman370 (~catman@replaced-ip) (Quit: See you later..)
220[02:43:12] *** Quits: Tom01 (~tom@replaced-ip) (Remote host closed the connection)
221[02:43:40] *** Quits: Hallodri (~Vizva@replaced-ip) (Remote host closed the connection)
222[02:44:00] <PMT> I believe systemd generators are supposed to
get triggered without your explicit involvement, but the manual
probably documents how the behavior can be changed.
284[03:39:37] <terr> Quick real dumb question. I think the
answer is yes. When we install a working copy of Debian on a
bootable external drive, will it run both on 32 bit hardware and 64
bit hardware (in 64 bit mode). I can create two install versions. I
just need to know what to look for. I am looking to have the base
system backed up on a single drive which can be stored in a bank
vault. If I need two (2) versions I would probably want them to
share a partition becaus
285[03:40:04] <terr> I have the extended of course
286[03:41:08] <sney> 32-bit x86 debian will run on both 32-bit
and 64-bit x86 hardware. that's probably the easiest way to
accomplish this.
287[03:41:59] <terr> Ya. But it will be in 32 bit mode on the 64
bit machine. Right?I
288[03:42:38] <sney> it will be running 32-bit code and drivers,
yes
290[03:44:05] <sney> if you said some reason that wasn't
acceptable, it was cut off. your first comment ended partway through
the word "because"
291[03:44:24] <terr> Not what I want. I can create 2 primaries
and an extended. Can grub boot Debian out of the extended?
292[03:45:05] <sney> afaik yes, haven't tried it that I
remember
293[03:45:12] <coc0nut> is freenode being phased out ?
294[03:45:17] <sney> !oftc move
295[03:45:17] <dpkg> irc.debian.org moved to OFTC on June 4th
2006, see
replaced-url
296[03:45:27] <sney> coc0nut: note the year ^ .
297[03:45:38] <terr> Because there are only 3 primary partitions
available
298[03:45:52] <sney> non-OFTC debian channels will probably be
maintained as long as people come to them with questions, but the
official ones are already not on freenode.
299[03:46:31] <terr> Where are they?
300[03:46:33] <coc0nut> i heard something of exodus or
something?
301[03:46:51] <sney> OFTC, as said just now by myself and the
bot.
302[03:47:27] <sney> yes, there is some political turmoil
happening with freenode right now. there are articles on many
websites if you want to research more about it
303[03:47:29] <coc0nut> okies... :) i like freenode!
304[03:47:38] <terr> I think I will worry about that later.
307[03:48:50] <sney> terr: why do you care if your portable
debian install is native 64-bit? memory usage?
308[03:50:19] <buu> PMT: What the heck does the
'usage' tab of `nvme list` show?
309[03:50:42] <terr> Because it's going to be running 64
bit code. I am leaving the 32 bit world behind. But I still have
very useful machines
310[03:50:46] <buu> It says stuff like "1.60 TB / 1.60
TB" but df says 1.5T 897G 570G 62%
311[03:51:48] <terr> Sne
312[03:51:51] <PMT> buu: my naive hypothesis (I actually have
yet to run NVMe on Linux) would be that your filesystem isn't
doing whatever the equivalent for NVME of TRIM/DISCARD/... is.
313[03:52:26] *** Quits: klaus-vb (~klaus-vb@replaced-ip) (Remote host closed the connection)
315[03:53:45] <sney> terr: then yes, you'd need 2 installs.
but they can easily can share a /home partition so the user data is
the same.
316[03:54:05] <buu> PMT: I thought those were deprecated for
nvme
317[03:54:12] <terr> Sney, also, some are different
architectures. If grub can boot out of the extended partition then
I'll just make several partitions. These are about 100 GB each.
318[03:54:24] <PMT> buu: That's possible, it was just a
hypothesis.
319[03:54:52] <buu> PMT: Maybe it's something about drive
life
320[03:55:02] <sney> afaik grub can boot from an extended
partition. just try it and see what happens.
321[03:55:09] <PMT> I doubt it would be measured in Gb/Tb then.
322[03:55:11] <buu> PMT: One of the exact same disks reports
1.54 TB / 1.60 TB
323[03:56:12] <terr> Sney, that was my first conclusion. Can
grub boot out of an extended partition?
324[03:56:20] <sney> afaik grub can boot from an extended
partition. just try it and see what happens.
325[03:56:54] <terr> If it can it solves my problems. Thanks
330[04:00:00] <PMT> buu: AFAICT everyone recommending not doing
discards on NVMe is citing an Arch wiki post or an Intel forum post
circa 2015 where they say they recommend using manual fstrim
commands periodically rather than continuous discards, so I'm
going to guess that people are misunderstanding "do it in
batches, not continuously" as "don't do it"
331[04:00:18] <PMT> But again, I am not an expert.
333[04:01:30] <PMT> (Unless fstrim uses entirely different calls
from enabling discards on filesystems, which would astonish me, but
is not impossible)
368[04:54:50] <terr> Another really dumb question only because I
have never tried it... I have three (4) 64 bit machines and a
Raspberry Pi. Can I create a single bootable partition on an
external drive and boot ANY machine from it? Note: RPi is not even
the same CPU arch so I really doubt it. They can (and likely should
be) separate. Two (2) purposes. And the drives have enough capacity.
I do a backup and stuff it in the bank vault. House burns down. I
have backup medi
414[06:00:37] <terr> Ryouma, each machine has 3 bootable
partitions. I am wondering if a windows 7 install for both a laptop
and a desktop can live in the same partition?
415[06:01:23] *** Quits: catman370 (~catman@replaced-ip) (Quit: See you later..)
416[06:02:11] <ryouma> idk, unfortunately. but even pretty
similar machines might require different settings in principle. for
example, network card naming?
417[06:02:42] <PMT> I know Windows 7 and newer got better about
dynamically handling devices changing at boot, but I doubt
they're _that_ flexible.
419[06:03:10] <PMT> Also, I don't think even Windows 10
really likes booting from external devices, period.
420[06:03:15] <terr> Ryouma, same issue with Linux, but I feel
far more comfortable. In all cases the loader should simply load the
correct drivers from the pool available. In Linux I can use modprobe
and insmod.
421[06:03:49] <terr> I have no idea yet what winders might do
and I hate it.
422[06:03:53] <PMT> (I know there are ways to get it to happen,
the most obvious example of which is the Windows installer itself,
but I do not know what caveats are involved.)
423[06:04:09] <ryouma> not the same thing, but i used to chase
after the idea that i could have even just 2 root partitions on a
spindle, and choose them from the same boot partition. but gave up
on the idea as it seemed complex in practice. i would not attempt
what you are. but that is just me.
425[06:06:32] <terr> Well, I don't want to ever use windows
10 ever. If I have to it will be behind a firewall so robust it will
think it is in a submarine at the bottom of Lake Vostok in
Antarctica
426[06:07:31] <terr> Ryoume, I have it running now with 7 and
10.
427[06:07:56] <PMT> A) You should probably already be doing that
with 7, given that it's not getting updates, IIRC.
428[06:08:26] <terr> I might be forced to if I am forced to use
something like Fusion 360
429[06:10:27] <terr> At this point I have no software that
requires Windows 7 or 10. But I have to set up these machines and I
may as well set them up so I have it if I need it.
430[06:11:41] <terr> Fusion 360 has a license and I will be
happy to tell AutoDesk to find Lake Vostock
431[06:13:54] <terr> Fusion 360 is good to generate a tool path
for a mill. So I sacrifice a $200 computer so I can use it if I need
it.
432[06:14:21] <terr> This is why I have so many machines
433[06:14:46] *** Quits: ChubaDuba (~ChubaDuba@replaced-ip) (Remote host closed the connection)
442[06:27:39] <PMT> you said that before, and I replied that I
doubt they'd measure that in TB unless it were TBW, at which
point I doubt they'd be such low sizes
443[06:27:47] <PMT> oh, sorry, i was scrolled up, nvm me
462[06:45:10] <tigryss> hi I have problem with my 2 display.
Nvidia X Server doesn't "see" my laptop eDP-1
internal display only the HDMI and usbc(DP).
463[06:45:11] <tigryss> I try to configure in the xorg.conf, but
it works only separate Screen0 or Screen1 can someone check please
what I'm missing?
504[07:29:23] <k-man> tzf: in a vm maybe? can you still find the
iso's for it?
505[07:31:05] <tzf> k-man, yes I kept the .iso from 2013 hehe !
506[07:33:16] *** Quits: marko1325 (~Thunderbi@replaced-ip) (Remote host closed the connection)
507[07:33:53] <tzf> i want to install it on my new(old) Lenovo
e430 ! otherwise maybe I will install nakeDeb... normally I install
openbox noDE, just I add tint2 for my wife and kids... but today I
add to delete my debian to install window$Xp to update the bios,
grrrr !!!
508[07:34:21] <tzf> so yet I am OSless on my e430...
509[07:34:44] <tzf> so Squeeze, nakeDeb or my usual OBnoDE
510[07:35:19] <tzf> I miss squeeze, less cpu and ram consuption
511[07:36:14] <tzf> gnome2 I was fan and I don't love on
Mate what is however a great fork no doubts
561[09:18:32] <tigryss> hi I have problem with my 2 display.
Nvidia X Server doesn't "see" my laptop eDP-1
internal display only the HDMI and usbc(DP).
562[09:18:33] <tigryss> I try to configure in the xorg.conf, but
it works only separate Screen0 or Screen1 can someone check please
what I'm missing?
609[10:37:32] <tigryss> Sorry for delay, I didn't hear the
beep :D
610[10:39:23] <jelly> there's four DP-* there. Is this an
Optimus setup?
611[10:40:02] <jelly> !optimus
612[10:40:02] <dpkg> The Bumblebee project aims to provide
support for the Nvidia Optimus GPU switching technology on Linux
systems. GeForce 400M (4xxM) and later mobile GPU series are
Optimus-enabled; if «lspci -nn | grep
'\[030[02]\]'» returns two lines, the laptop likely
uses Optimus. Packaged for Debian <jessie> and <stretch>
and <buster> and <bullseye>.
replaced-url
613[10:40:36] <jelly> never had such hardware, I don't know
the best way to configure it
639[11:08:33] <Hi-Angel> tigryss: in general, you chose a
Wayland session before logging in in DM. You need you DE to support
Wayland, of course. Currently Gnome has great support for Wayland;
and KDE support I think is getting there. Sway also has great
Wayland support if you're into pure i3-like environment.
649[11:12:22] <Hi-Angel> NVidia has problems with wayland. That
said, I'm not sure it matters because usually there's no
point in running the DE on the discreete GPU as opposed to
integrated one (which would be an intel GPU in your case).
650[11:12:33] <tigryss> kernel is 5.10.0 and nvidia driver is
460.73.01
651[11:15:11] <tigryss> but strange that xrandr not
"see" the hdmi and the dp ports, only eDP-1, and the
nvidia driver see everything else but not the eDP-1
652[11:15:12] <Hi-Angel> tigryss: anyway, for NVidia wayland
support you may want to track news like this (e.g. subscribe to the
merge request the article refers to)
replaced-url
653[11:16:42] <Hi-Angel> Hmm, yeah, that's odd. I
can't comment on this though because I never really worked with
NVidia. I only know that its driver isn't well integrated into
the rest of the ecosystem (such as DRI PRIME and Wayland support),
but that's it.
669[11:30:48] <Hi-Angel> Can somebody elaborate the following
sentence in debian packaging docs: "If your program uses
configuration files but also rewrites them on its own, it's
best not to make them conffiles because dpkg will then prompt users
to verify the changes all the time". What I'm unclear on
here is: what else should I do? If I omit a file from `conffiles`,
it will be overwritten. Should I instead force the file be
"untracked"?
690[11:50:00] <themill> Hi-Angel: you'd be better off
asking that on irc.oftc.net either in #debian or more specifically
in #debian-mentors for Debian packages or #packaging for
personal/local packages.
722[12:18:27] <tigryss> strange: login appears as extended
monitor on both display, but if I gave the correct login and pass
drop back to login again and again...
818[14:32:06] <EdePopede> just because i've seen the old
https question coming up a few times in the past, this was exactly
my argument why https would be a good thing despit cryptosigs, they
both target different issues:
replaced-url
837[15:05:50] <jelly> EdePopede, if you have a nation-state
level actor against you, they will be able to figure out which
packages you're downloading even over https, using flow
analysis
838[15:06:16] <jelly> https helps, but not too much
839[15:07:38] <EdePopede> jelly: yeah, i think i've read
something about NSA wanting to has their hands on all of Tor nodes
(connect and exit) to do this kind of analysis :)
862[15:33:58] <cybrNaut> EdePopede: you started comparing
cryptosigs to SSL, which is not a matter of disclosure; it's a
matter of authenticity. cryptosigs give zero confidentiality, so
Jelly's comment about spooks figuring out which pkgs you
install seems irrelevant, but relevant to the article you cited,
which is orthoganol to the thesis
863[15:35:06] <cybrNaut> for authenticity, I trust cryptosigs a
little more than HTTPS because CAs have been compromized.
866[15:36:45] <cybrNaut> but for anti-reconnaisance to conceal
pkg installations from disclosure, the best answer ATM is Tor, which
is supported by the apt-transport-tor pkg
867[15:36:47] <EdePopede> cybrNaut: right, but the whole thing
when this came up was about 3rd parties knowing what you were
downloading. see "they both target different issues".
877[15:40:27] <EdePopede> heh yeah. the download part is faster
than the unpacking part xD
878[15:40:33] *** Quits: stormkl (~stormkl@replaced-ip) (Remote host closed the connection)
879[15:41:09] <EdePopede> i've read some stuff when it
became a thing, but since i never needed it... and back then i think
performance has been an issue.
880[15:41:27] <jelly> do tor hidden services have some sort of
load balancing of anycast
881[15:41:33] <jelly> or* anycast
882[15:42:05] <cybrNaut> note that Ubuntu/Mint users are totally
fucked in this regard because there are no HTTPS mirrors and no
onion mirrors either, last time I checked
883[15:42:57] <PMT> I would be surprised if Tor had something
like that.
885[15:43:07] <cybrNaut> jelly: AFAIK there is no load balancing
with *.onion. The path should be as random as possible.
886[15:43:40] <jelly> ouch
887[15:43:40] <cybrNaut> if they were to load balance, it would
make circuits predictable which would be self-defeating
888[15:44:38] <jelly> application-level lb with a dozen
hardcoded addresses is so 90s
889[15:49:45] <cybrNaut> there is no application-level lb
either, because that would still defeat the main purpose. You could
write such an app though, and it wouldn't defeat /all/ Tor
purposes and use cases. E.g. you would trade anonymity for
performance, but you would retain the ability to keep your ISP in
the dark about your traffic.
890[15:50:56] <jelly> reliability > performance
891[15:51:13] <cybrNaut> i beleive you could even reduce the
number of hops as well.. i see no reason you couldn't do a 1
hop circuit if you wanted.
892[15:51:51] <cybrNaut> reliability is fine over tor because
it's TCP not UDP.
893[15:51:56] *** Quits: neirac (~neirac@replaced-ip) (Remote host closed the connection)
894[15:52:53] *** Hash is now known as UniversePresiden
900[15:55:51] <cybrNaut> what i don't know is if your
circuit could go direct to the onion. I suspect it would be possible
if the onion address would permit being used as a guard node.
901[15:56:02] *** Quits: neirac (~neirac@replaced-ip) (Remote host closed the connection)
902[15:57:27] <cybrNaut> that's when it would matter if
your threat model includes targetted surveillance, or just mass
surveillance. mass surveillance mechanisms would not register that
you are visiting a Debian mirror, but of course careful inspection
would reveal that.
907[16:00:30] <cybrNaut> So now in the US, ISPs can fully
exploit data they collect on customers without their knowledge or
consent, and I'm not sure Biden is motivated to overturn Trump
on that
920[16:06:01] <cybrNaut> some people only use Tor when making a
drug deal, which is foolish because it trains their adversaries on
which packets to pay attention to. Using tor for everything makes no
traffic stand out in particular
939[16:22:17] <coc0nut> speaking of Tor... i have this alert in
my firewall.. ET TOR Known Tor Relay/Router (Not Exit) Node Traffic
group 102 - and that is without any knowingly connection from me to
tor. so im thinking the tor is connecting to me. my firewall is
blocking everything that i havent connected to...
940[16:22:36] <PMT> My RPi4 works fine for what I use it for
(backup storage).
944[16:24:57] <coc0nut> i was sent some pretty shady files a
while back. i deleted them, but i might think they have left a
backdoor. should i wipe all my drives in that computer and do a
fresh install?
945[16:26:40] <coc0nut> a dos program to download music from
spotify etc. and some anarchist documents of hacking stuff :p
probably straight from piratebay hehe
946[16:26:55] <jelly> "was sent"?
947[16:27:06] <coc0nut> on discord
948[16:27:39] <jelly> this doesn't sound like a
Debian-specific question
955[16:29:41] <PMT> "just" downloading files, with
exceedingly rare exceptions, doesn't backdoor your machine.
Now, if they can get run, all bets are off.
963[16:32:41] <petn-randall> coc0nut: You have connected to an
IP address that also runs a Tor relay server on the same IP address.
Which is a totally bogus thing to warn about. You probably want to
throw with a high arc that "firewall" into the bin.
964[16:33:25] <coc0nut> hehe :)
965[16:36:52] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
1023[17:30:28] <dpkg> Release-Critical bugs are Debian bugs with
critical, grave or serious severities, preventing the next release
of Debian. See the graph at
replaced-url
1036[17:35:10] <jelly> 4.14 Aug 2019; Debian 10, July 2019 with
version freeze in Januaty
1037[17:37:20] <tigryss> jelly: with this config(replaced-url
1038[17:38:27] <PMT> ...in what sense is it working, if you
can't start X?
1039[17:40:40] <tigryss> if I disable multi-user.target, then
linux login starting in graphical mod with 2 monitors, but if I
login with the correct user/pass throw back to login again and again
1040[17:40:45] <jelly> tigryss, I _think_ most of that ought to
be automatic, but also I've never used an optimus setup. Can
you leave just the Device sections, and see what happens?
1041[17:41:38] <dvs> tigryss: logging in as root?
1042[17:41:53] <tigryss> dvs: no
1043[17:41:57] <PMT> getting kicked back to the login prompt
sounds like a non-X problem, guessing without seeing the logs.
1044[17:42:48] <PMT> Do your logs contain anything interesting?
1194[19:49:25] <maxrazer> sney, I wonder why those errors exist
still, perhaps they are unique to Debian? I'm not sure how many
months/years the dev version is behind.
1195[19:50:27] <PMT> maxrazer: I mean, there's a bug open to
prevent the package from ever migrating out of unstable.
1196[19:50:40] <PMT> (And I don't mean that's a side
effect, I mean that's the entire purpose of the bug.)
1202[19:53:08] <PMT> maxrazer: the latest wine-development
package in unstable is up to September 2020's release.
1203[19:55:38] <jhutchins> Wine's develoment has always been
difficult for distributions to track, because there's lag.
1204[19:55:52] <sney> maxrazer: I see mgilbert uploaded wine 5.17
to unstable a few days ago, so it seems like they are intentionally
tracking the 5.x series rather than moving to 6+. since this is
debian, it's likely that the wine team are trying to find a
stable wine version that is reasonably current with upstream, and
would also be upgradable from 5.0.3 without much turmoil.
1205[19:56:09] <jhutchins> Microsoft has a history of making
minor protocol changes for the sole purpose of breaking
non-Microsoft access to things.
1206[19:56:13] <sney> but you'd have to ask the wine team
(er, party) to be sure.
1207[19:57:59] <PMT> sney: they also uploaded the immediately
prior release the very same day, so I'm guessing they're
working their way through in order.
1210[19:59:54] <sney> yeah. oh - not a lot of uploads last year,
which makes sense because bullseye would have been the priority. so
they are playing catch-up.
1213[20:00:58] <PMT> I'm surprised they're going in
order like that and not just trying whatever the last stable release
they might accept is, and if it has bugs, bisect on releases to find
the newest one that works in log(N), not N. But I'm sure
there's a reason.
1223[20:05:23] <maxrazer> I have tried to use their winehq
repository before. Do you think I will get the same bug as the
official debian package though?
1224[20:06:35] <PMT> Who knows? Depends whether it's been
fixed in their version or not.
1225[20:07:09] <maxrazer> I would hope the Commercial Crossover
version would work well. They offer .deb package. I wouldn't
even mind supporting the project.
1227[20:07:40] <sney> IME it works fine as long as you actually
read and follow the instructions at the top of the page,
replaced-url
1228[20:08:26] <maxrazer> I'm not exactly sure I need a
newer version, but I have run into that at times in steam where I
needed a newer version or Glorious Eggroll. I've also had stuff
fail before in Lutris and I don't know if a newer version would
work. There is a lutris version that looks very new though which
follows the upstream.
1229[20:08:45] <sney> steam's wine is a completely separate
fork called proton.
1230[20:08:59] <sney> what is your actual goal?
1231[20:09:09] <maxrazer> Yeah, I know. But I'm drawing from
that experience and thinking games I'm trying to run outside of
Steam that don't work may work with a newer version of Wine.
1232[20:09:51] <PMT> And if it doesn't work on latest
vanilla wine, you can go report a bug to them. :P
1233[20:10:12] <maxrazer> Yeah, I guess so.
1234[20:10:40] <PMT> Admittedly, I do still have one or two bugs
that I still get emails about from before Wine switched to version
numbers, but most of them got fixed.
1235[20:10:57] <maxrazer> I'm not sure if the winehq version
comes with DXVK baked in or not. I know the debian one does. But, I
think in other distros it does not. It is not part of the project if
I remember correctly. Then there is setup.
1313[21:54:23] *** Quits: Numero-6 (~Numero-6@replaced-ip) (Quit: << - Qui etes vous ? - Je suis le nouveau numero 2 -
Qui est le numero 1 ? - Vous etes le numero 6 - Je ne suis pas un
numero ! Je suis un homme libre!! >>)
1331[22:09:34] <cybrNaut> isn't /boot quite sensitive? if
malware gets installed on /boot, nothing stops interception of
everything else after you boot
1332[22:11:22] <cybrNaut> and i think anyone with physical access
could trivially enfect /boot
1339[22:14:09] <PMT> cybrNaut: in theory, an alternative is
signing the bits in /boot with keys you control, then loading those
keys into the list of secure boot things in the BIOS.
1340[22:14:34] <PMT> (I say "in theory" because
I've never implemented this myself.)
1343[22:16:43] <cybrNaut> i wonder if a traveler were to refuse
to give up their pw as they go through a security checkpoint / TSA /
immigration-customs, the agent could disappear into a backroom with
your laptop, load dodgy stuff onto /boot, and give it back. You
think "they've only made a copy of the encrypted
data" (which I hear they sometimes do), but perhaps
they've also got some code that will send them the pw when you
1344[22:16:49] <cybrNaut> enter it.
1345[22:18:05] <sney> one approach for that threat model is to
not even have /boot on the laptop's internal disk
1346[22:18:28] <sney> unlabeled thumbdrive that you can identify
visually, etc
1347[22:19:20] <PMT> I have heard tales but never personally
observed being asked to demonstrate a machine booting, though that
was in the context of thinking it might be a bomb.
1353[22:20:26] <sney> yeah, just reserve a 4GB space at the
beginning of the disk that boots some windows PE environment that
only exists for that purpose
1366[22:27:13] <cybrNaut> might encrypted /boot be security by
obscurity? An attacker could copy /boot bit for bit, compress it,
then install malware that does something bad just before restoring
/boot as it was. even a post-boot check would pass, but there could
be something in RAM that shouldn't be there
1368[22:28:06] <cybrNaut> maybe an encrypted /boot doesn't
compress well, which would kill that attack
1369[22:28:37] <oxek> cybrNaut: /boot is not the bootloader
anyway
1370[22:28:44] <oxek> and they can mess with the bootloader if
they want
1371[22:29:10] <oxek> if you're booting from the harddrive,
and not a separate usb stick, then something has to remain
unencrypted on the harddrive anyway
1372[22:29:27] <oxek> and that something can be trivially
attacked (software for this is being sold and every agency has it)
1382[22:33:00] <gregor2> I am trying to run a chroot of debian on
Lineage OS 18.1 on a xiaomi mi 8. But i get an error when running
'debootstrap/debootstrap --second-stage'.
/debootstrap/debootstrap.log it says 'ERROR: Your kernel
version indicates a revision number of 255 or greater.'. uname
-r says '4.9.268-perf-....'
1390[22:40:38] <cybrNaut> i should probably encrypt /boot to step
up my game, for academic reasons, until i learn to do better. is it
safe to assume it's solid technology? That it won't cause
data loss unless I forget the password?
1397[22:46:34] <gregor2> But now? I probably cant fix the problem
by just giving it a wrong number can i?
1398[22:47:10] <PMT> You would fix it by changing your
kernel's version number, probably. I'm not aware of a
wrapper for e.g. chroot to make it lie about that, though I imagine
one could exist.
1412[22:51:25] <velix> `dpkg-query -S libglib-2.0.so.0.6600.8`
<-- anyone with an idea, how to use the pattern system so that
dpkg-query does NOT use wildcards on the right side?
1445[23:07:14] <cybrNaut> encrypted /boot apparently needs a
bleeding edge partition type. my versions of gdisk and sgdisk
don't even know partition type 8309 exists
1464[23:14:36] <cybrNaut> jhutchins: but encrypted /boot may not
be worth the effort if i have to mess with a different partition
tool. the Bullseye blu-ray doesn't have any version of sgdisk
it seems
1465[23:14:37] <jelly> dpkg, oftc move =~ s/will remain on both
networks for the foreseeable future/are in both networks for the
time being/
1491[23:22:18] *** Quits: mirak (~mirak@replaced-ip) (Remote host closed the connection)
1492[23:22:48] <cybrNaut>
debian-edu-bullseye-DI-rc1-amd64-BD-1.iso has gdisk but not sgdisk.
Someone should reconsider that, since sgdisk is more capable than
gdisk.
1493[23:23:15] <sney> iso contents are determined by popcon
scores
1494[23:23:22] *** Quits: stormkl (~stormkl@replaced-ip) (Remote host closed the connection)
1496[23:23:48] <sney> sometimes it takes newer tools time to get
ranked high enough.
1497[23:25:09] <cybrNaut> it's terrible that the tor pkg is
excluded because that's one thing that some people need to
install /before/ standing up the network
1523[23:35:41] <cybrNaut> oxek: the ISO does not have the Tor
pkg, so that doesn't help
1524[23:36:22] <oxek> cybrNaut: the bootstrapping already
requires you to download *something*, so you might as well download
everything you need before installation
1525[23:36:23] <cybrNaut> oxek> and the tor package over Tor
as well <= that's if you have it to start with. otherwise
tor itself must be fetched over clearnet
1526[23:36:49] <oxek> if you can somehow download the CD image,
then you can download the tor package as well
1527[23:36:53] <cybrNaut> that's exactly why it should be
part of the ISO
1531[23:37:46] <oxek> it being on the ISO would require the user
to know how to switch to console and manually install it - and if
they know how to do that then they are already skilled enough to do
it without help from debian
1532[23:38:10] <oxek> or it would need another option during
installation, which would require new code, testing, ... which d-i
ppl don't have time for
1533[23:38:29] *** Quits: servis (~xxx@replaced-ip) (Quit: Leaving)
1534[23:39:06] <cybrNaut> the installer being Tor-aware would be
nice for novices, but ATM not even experts are accommodated
1535[23:39:38] <oxek> at the moment, the installer can't
even install over https without you having to switch to console and
manually `apt-install ca-certificates`
1536[23:39:49] <cybrNaut> that is, i'm doing a bootstrap
install from the disc, and there is no Tor pkg on it
1537[23:40:00] <cybrNaut> that's pretty bad
1538[23:40:15] *** Quits: jpw (~jpw@replaced-ip) (Remote host closed the connection)
1561[23:46:34] <jelly> I don't know how decent the last one
is
1562[23:47:03] <cybrNaut> i use tails as well, but tails has
issues installing to a normal internal drive last time I checked
1563[23:47:31] <jhutchins> Y'know, I've managed the
servers that handle all of the logistics for the U.S. government.
Straight Red Hat. No tor, no luks, no on-system firewalls.
1564[23:47:42] <jelly> it's going to be easier to fix the
existing privacy distro than to fix the 100 little things in debian
1565[23:48:02] <cybrNaut> Tails is designed to only install to a
DVD or USB stick
1566[23:48:41] <cybrNaut> and even then, there's an updating
problem, because it's treated as a read-only image
1567[23:49:19] <jelly> probably because it is
1568[23:49:43] <cybrNaut> i have to update various pkgs in
strange ways, and some pkgs i can only run very old versions of..
stuff i have on life support
1569[23:50:09] <cybrNaut> so Tails is a non-starter for those
tasks
1570[23:51:49] <cybrNaut> jhutchins: a lot of government projects
are quite poor on security.
1571[23:52:08] <cybrNaut> Even the NSA has been unable to secure
their own hacking tools
1572[23:52:39] <jhutchins> cybrNaut: Heh. Imaginary security
maybe. The only problem we had was a DDOS from China and South
America.
1573[23:53:43] <cybrNaut> 8 US states have put their voter reg
sites on Cloudflare, which means they've allowed Cloudflare to
see everyones voter registration records (including the non-public
parts)
1574[23:54:58] <jhutchins> People have been killed by falling
pianos. Always use an umbrella.
1575[23:55:09] <jhutchins> I'm off topic, I'll drop
this.
1576[23:55:37] <ryouma> cybrNaut: why wouldnt ssl prevent tat
1577[23:55:40] <ryouma> tls
1578[23:55:42] <cybrNaut> jhutchins: you just have to change it
to "People have been killed by falling debian computers"
1580[23:56:56] <jelly> cybrNaut, if you have strange stuff, set
up your own repo
1581[23:57:05] <cybrNaut> ryouma: prevent what? Cloudflare from
seeing the data? No, because the tunnel stops at Cloudflare's
server. CF is the endpoint
1583[23:58:07] <cybrNaut> Cloudflare sees all usernames and
unhashed passwords that traverse their servers, and that's
around ~30% of the web right now
1584[23:59:25] <cybrNaut> yes, it's mind-boggling that most
of the population has allowing Cloudflare to have that much data