11[00:07:13] <judd> Package rng-tools (utils, optional) in stretch/amd64: Daemon to use a Hardware TRNG. Version: 2-unofficial-mt.14-1+b2; Size: 42.1k; Installed: 121k
87[00:57:56] <moaz> did the developers of debian/kFreeBSD simply replace the kernel, or did they have to edit userspace software significantly to make it compatible with the new kernel?
89[00:59:53] <YesMan> Hey I'm having performances issue with cinnamon windows, which are quite laggy in debian 9.5. However the issue is not present in Jessie 8.11 Live I just tried. Is there an easy way to find out the differences that could cause strecth to be less performant?
90[01:01:00] <YesMan> Also it takes ages to load from lightdm to the actual desktop
152[01:59:02] <sZbcE8qNfG> i'm trying to see how flaky openvpn is over a bad LTE connection
153[01:59:03] <armin> i use vpn technology, yes, but i don't trust third partys there.
154[01:59:17] <armin> depends if you move or not
155[01:59:30] <sZbcE8qNfG> i got a long commute and listen to music on my home server (samba + openvpn)....some patches of highway are deadzones for LTE connections
162[02:01:40] <sZbcE8qNfG> i'm talking about dead zones
163[02:01:46] <sZbcE8qNfG> like when the LTE conn will drop
164[02:01:53] <armin> well if the zone is dead it's dead
165[02:01:54] <sZbcE8qNfG> but after 20seconds, it will come back up again
166[02:02:06] <armin> will take some time until your buffer is empty
167[02:02:06] <sZbcE8qNfG> will openvpn automatically reconnect and continue or die
168[02:02:22] <armin> the idea of a vpn daemon is that it is up as much as it anyhow could
169[02:02:36] <at0m> sZbcE8qNfG: check out mpd, apt show mpd. if you stream that to VLC, you can pauze VLC and the time pauzed will serve as extra buffer for dead zones. not sure about 20s though, but worth a try.
170[02:02:37] <armin> any vpn daemon i know of would reconnect
172[02:03:11] <sZbcE8qNfG> no, i want to stick to samba and specific android apps
173[02:03:33] <armin> andsmb?
174[02:03:36] <at0m> sZbcE8qNfG: mpd, music player daemon, can be controlled (i ssh port-forward using irssiconnectbot) on one port, and stream on another (to which i connect my mobile VLC)
175[02:03:37] <sZbcE8qNfG> damn I cant wait for the librem5 to be released
176[02:03:44] <sZbcE8qNfG> yeah i have to resort to untrusted apps on android
178[02:04:05] <sZbcE8qNfG> atom what about photos?
179[02:04:14] <armin> sZbcE8qNfG: you have questionable requirements.
180[02:04:22] <at0m> sZbcE8qNfG: i run lineageOS actually. depends on what you trust eh.
181[02:04:59] <sZbcE8qNfG> i want to stick to old standard protocols like samba
182[02:05:08] <sZbcE8qNfG> maybe ssh
183[02:05:14] <armin> nexus 5x here, with a hardcore rugged case that makes the whole thing fat like hell.
184[02:05:19] <at0m> sZbcE8qNfG: photo's? i used to port-forward my smb, but since i dont have a decent client for that, i stopped using that. sshfs on laptop though.
185[02:05:22] <sZbcE8qNfG> i got a nexus 6p
186[02:05:22] <armin> works for me, survives any mosphit.
187[02:05:27] <michael2> hi, I have a problem where network manager returns "Error: read only filesystem" when it tries to write to the files in /etc/Networkmanager/system-connections. I suspect this is because the /lib/systemd/system/NetworkManager.service sets the properties: ProtectSystem=true, Protect-Home=read-only. I want to disable this so I created a new NetworkManager.service and set ProtectSystem=false and removed the
188[02:05:29] <michael2> `ProtectHome' option. but network manager still reports a read-only file system. how can I remove and disable this?
450[06:55:40] <n4dir> in a debian based distribution (raspian) the network interfaces didn't change to the new convention. My question is how the change is made, say by a certain package related to networking? wikipedia says "open source implementation available via udev/systemd", but raspian uses those too (hence i expected the change, and now am wondering why it didn't happen).
491[07:30:24] <pragomer> what would you recommend for password safe: keepassx, keepass2 or keepassxc ?
492[07:32:38] <kopper> Aren't those all secure and valid options?
493[07:33:30] <kopper> Although Keepass2 I belive Keepass2 is newer and richer with features
494[07:33:35] <kopper> Duh
495[07:33:36] <pragomer> I think so, but they arent compatible with each other (not in all directions); just wondered what you guys would choose and why
496[07:33:40] <kopper> More coffee
497[07:33:50] <kopper> I use Keepass2
498[07:34:01] *** debhelper sets mode: +l 1089
499[07:34:14] <pingfloyd> pragomer: between keepass2 and keepassx, I think the latter is better
530[08:12:24] <pingfloyd> never knew about that one
531[08:12:50] <n4dir> there are commands which exactly list which packages depend on an installed package, but i never understood it fully (rdepends comes to my mind, but really investigate this further).
532[08:13:15] <n4dir> yes, pingfloyd, i use the aptitude shortcut though i can miss something, as it is easy to remember.
533[08:13:50] <pingfloyd> I've always used things like apt-rdepends -r depends pkg for that, but that's handier.
534[08:14:17] <n4dir> i think it is more reliable. Like said: i am really not too sure.
536[08:14:50] <n4dir> i had aptitude why list something: i though: well, i don't care, but after removing it hell broke lose as x depends on y depends on z ...
575[08:54:22] <raziel86> When i run apt-get install -t stretch-backports nvidia-driver i get the errorif you no longer plan to use nvidia driver blah blah blah and asks me if i want to attempt to restore x config. No matter what i choose to do it does nothing.
756[11:28:23] <dob1> n_1-c_k, this is what I did: the link file + update-initramfs -u : doesn't work, I added to GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0" in /etc/default/grub and recreated grub.cfg in /boot/grub : doesn't work
757[11:29:03] <dob1> I delete /lib/udev/rules.d/73-usb-net-by-mac.rules
816[12:22:25] <dob1> booyah, I would like to name the interface created for an usb wifi dongle wlan1 or similar, right now it gives the name wlxSomeHexNumber. I tried systemd.link with match based on mac but, I don't now why, mac changes at every boot. So I am trying match by Path but I don't know how to get it
843[12:43:54] <muAdmDev> if yomeone remembers my cron-problem: deactivating LDAP in PAM+NSS solved the problem. Now I gotta get the PAM/NSS config straight so the system works with cron and LDAP in PAM/NSS. Thanks for your support!
847[12:49:10] <muAdmDev> I'd like to link /etc/pam_ldap.conf and /etc/libnss-ldap.conf to /etc/ldap/ldap.conf, any good reasons why I shouldn't have one config file containing everything, except that it might get crowded?
935[14:17:59] <bipul> I would like to create a file FILE-3 through comparing the difference from file FILE-1 & FILE-2 here it's describe in more details replaced-url
962[14:34:44] <EdePopede> bipul: can you grep the lines with the headers? then you could do 'grep -n' and extract the line numbers and feeding them to `sed '${from},${to}p` (or doing all this with awk, since you're using it yet)
966[14:35:40] <EdePopede> and for the usage: looks like an episode list to me with a 2nd file with those watched so far, list of the rest to be created. all this sorted by season
967[14:35:48] <jelly> it is allowed to pipe output(s) of awk, perhaps in a loop, to another awk
968[14:37:18] <EdePopede> bipul: just looking through mc's mc.ext file, has a similar concept. groups starting with '### ', entries with '# ', comments with '#'. so feel free to share your awk solution later :)
969[14:37:45] <bipul> EdePopede: sure love to do that :)
970[14:38:26] <EdePopede> yay, that's free software at its best \o/
971[14:38:52] <bipul> Yes, my all written scripts are having GNU license.
972[14:39:47] <Iridos> jelly, wait… doesn't that make the universe collapse in an infinite loop?
1033[15:36:54] <dpkg> * Guerin -> skool | <abrotman> where Guerin learns to control his irc client :) | <Guerin> amphi: i can control my irc client!!!1
1113[16:12:07] <petn-randall> deepblue: If this is a fresh install, I'd just start from scratch and use the stretch firmware installer. With jessie it'll be more work to set up, and it also only has limited security support.
1117[16:12:49] <dpkg> Security support for Debian 8 "Jessie" from the Debian Security Team ended on 2018-05-17. The amd64, i386, armel and armhf architectures will receive additional long term support (<LTS>) via <jessie/updates> until around 2020 for a 5 year lifetime total. See replaced-url
1118[16:14:43] <deepblue> petn-randall greycat , n4dir : ok,thanx a lot
1121[16:15:49] <ChrisH> On Debian Stretch (KDE) I build a LV on a full-partition-crypted PV/VG onto a external USB Disk. When I plug it on, KDE asks me to provide the Password but fails to mount the LV. The Disk is unlocked and a manual mount does succeed. I would like to have dolphin mount the LV to run a backup onto that disk. How could I do that? Searching google was not helpful so far.
1122[16:19:20] <petn-randall> ChrisH: I don't think that is possible, because that would allow unprivileged users to put VGs online.
1141[16:28:17] <nemo> petn-randall: dev built me a sid kernel, I force-installed it, -common headers, headers, kbuild and symlinked gcc-7 - result was a "working" environment 😃
1142[16:28:24] *** Quits: grumble (~grumble@replaced-ip) (Remote host closed the connection)
1143[16:28:28] <nemo> petn-randall: I'll just remember to undo all that once it makes it into backports
1144[16:28:36] <nemo> petn-randall: I confirmed with him it fixed the touchpad anyway
1145[16:28:43] <petn-randall> niiiice.
1146[16:28:50] <petn-randall> Was it Ben Hutchings?
1157[16:35:41] <karlpinc> ChrisH: If all that's needed is a mount how about using autofs to automatically mount the drive when referenced? After unlocking with kde.
1158[16:35:51] *** Quits: sm0x (~sm0x@replaced-ip) (Remote host closed the connection)
1209[17:13:16] <nemo> petn-randall: I realise my little laptop is not a big deal in the scheme of things distro-wise, but is pretty cool that people are happy to help if they aren't too busy and you actually ask...
1215[17:15:53] <petn-randall> nemo: Indeed. Most of the bug reports go unresolved because the kernel maintainer cannot reproduce the issue, due to missing hardware.
1216[17:16:40] <nemo> mmmm. BTW on that front
1217[17:16:46] <nemo> petn-randall: it appears it might have been resolved in ubuntu first?
1219[17:16:51] <petn-randall> nemo: And unfortunately they cannot trust every bug report, because a lot of users do poor debugging and blame an issue on a specific setting in the kernel (or other things). So the kernel maintainer are very reluctant to change things.
1220[17:16:56] <nemo> I guess the kernel is a place where ubuntu deviates from debian
1221[17:17:03] <nemo> but do you guys ever work together on stuff like this?
1222[17:17:08] <petn-randall> nemo: Not only the kernel, Ubuntu changes a lot of things from Debian.
1223[17:17:13] <greycat> or an ubuntu developer happened to have your laptop
1224[17:17:23] <petn-randall> nemo: There is some overlap, but not that much.
1226[17:17:54] <nemo> in this particular case there was also a couple of upstream kernel bugs - but unfortunately they were not linked to the debian bug report - I guess I should have done that when I found the debian one. oh well
1227[17:18:30] *** Quits: Immanuel (~Manu@replaced-ip) (Ping timeout: 264 seconds)
1228[17:18:42] *** Quits: n4dir (~user@replaced-ip) (Remote host closed the connection)
1232[17:19:22] <petn-randall> nemo: It's not that trivial, though. Enabling this feature might break some *other* hardware, so there needs to be some testing, or other ways of verification. Which is why the kernel devs don't touch settings that easily.
1236[17:19:50] <nemo> petn-randall: certainly crossed my mind
1237[17:20:11] <nemo> petn-randall: I think one thing that helped calm the kernel dev was that debian already had it enabled for some AMD - the arm ones ☺
1238[17:20:23] <nemo> but yeah, obv he wanted me to verify it worked
1249[17:25:20] *** Quits: Phizzy (~Phillip@replaced-ip) (Remote host closed the connection)
1250[17:25:21] *** Quits: de-facto (~de-facto@replaced-ip) (Remote host closed the connection)
1251[17:25:31] <nemo> situation in linux is so much better than in past tho - used to be getting *anything* to work on linux laptops was a real crapshoot
1256[17:26:51] *** Quits: Phizzy (~Phillip@replaced-ip) (Remote host closed the connection)
1257[17:27:37] <petn-randall> nemo: Indeed. Only downside is that practically every wifi controller nowadays needs non-free firmware. :(
1258[17:28:07] <nemo> hm...
1259[17:28:28] <nemo> petn-randall: firmware as in... code inside the wifi chip itself, or non-free blob to drive a dumb wifi controller run by the kernel?
1260[17:29:17] <nemo> petn-randall: non-free code in hardware is unfortunately everywhere these days. wifi, basically all CPUs and GPUs, SSDs..
1261[17:29:49] <nemo> wifi is certainly more disturbing since it has access to the outside world. at least my SSD is in theory more limited
1264[17:31:25] <petn-randall> nemo: Yes, non-free code running on the wifi chip. Also SSDs usually have some ARM chips on there with quite a bit of firmware running on it.
1271[17:35:51] <nemo> yeah, it's a problem and unfortunately there's no company out there AFAIK that is offering full FOSS hardware solution if I wanted to build a truly FOSS laptop
1272[17:35:54] <nemo> not enough demand
1273[17:36:11] <nemo> petn-randall: I just bought a pinebook for my SO to get her off the chromebook - even the pinebook is using that mali GPU w/ proprietary nonsense
1274[17:36:21] <nemo> although there's been some improvement on that front - I think there's finally a FOSS driver
1275[17:36:23] *** Quits: rovonovo_zoro (uid229900@replaced-ip) (Quit: Connection closed for inactivity)
1276[17:36:34] <nemo> and ofc the ARM chip is just the usual
1305[17:57:38] <jhutchins_wk> One reson for non-free firmware on wifi is that there are government regulations restricting the frequencies and power levels that are allowed, and there is fear of liability if the manufacturer fails to enforce those restrictions.
1348[18:11:59] <jhutchins_wk> petn-randall: I seem to recall seeing some things in dmesg that indicates it does decide, but I don't have non-US experience to compare.
1349[18:12:01] <SerajewelKS> you only need the first one
1387[18:27:18] <dpkg> A backport is a package from a newer Debian branch, compiled from source for an older branch to avoid dependency and <ABI> complications. replaced-url
1477[18:48:12] <antto> if synaptic works equivalently, it is safer for me to use it instead of commands
1478[18:48:34] <greycat> The .Real* are close to my oldest dot files. Same year. The oldest is actually .Xmodmap and it's all comments at the moment. It has a commented-out thing for swapping Caps Lock and Left Ctrl.
1516[18:55:58] *** Quits: will_haven (~will_have@replaced-ip) (Quit: You stupid cun#`%${%&`+'${`%&NO CARRIER)
1517[18:56:27] <jelly> TyrfingMjolnir: you'll want the version from stretch, not jessie, but yeah
1518[18:56:44] <KaffeeKatrin> Hello, I'm looking for a simple way to black some text in a pdf document, any suggestions on what application to use? or can evince do this somehow
1519[18:57:00] *** Quits: pdobrogost (uid195495@replaced-ip) (Quit: Connection closed for inactivity)
1520[18:57:00] <KaffeeKatrin> I know I could do it by importing to gimp
1521[18:57:05] <awal1> try pdfchain
1522[18:57:14] <KaffeeKatrin> awal1: I'll have a look, thank you
1542[19:07:00] <awal1> KaffeeKatrin, i just used pdfchain for split pdf docs. not sure about your goal
1543[19:07:19] <awal1> i suggested it bcoz it have several features and it is a good software
1544[19:07:21] <KaffeeKatrin> well, erasing text
1545[19:07:38] <awal1> i think you can do something with libbreoffice-draw too
1546[19:07:49] <KaffeeKatrin> got to hand in bankstatements for some gov office and I'm allowed to redact stuff
1547[19:07:56] <awal1> i split pdf s with it too
1548[19:08:02] <awal1> you may be able to erase
1549[19:08:04] <KaffeeKatrin> They don't need to know where I go to buy things
1550[19:08:04] <awal1> check it
1551[19:08:26] <KaffeeKatrin> at that point I might as well use gimp, or does that not remove the text really?
1552[19:08:32] <jelly> it does
1553[19:09:07] <jelly> assuming gimp really renders the whole thing to bitmaps to import
1554[19:09:14] <greycat> you can remove the pixels that constitute the text, or you can cover up those pixels with other pixels, so make sure you do the one you actually want
1559[19:11:59] <greycat> you could always edit the raw .pdf file and overwrite the strings with XXXXX
1560[19:12:13] <jelly> ^^
1561[19:12:26] <queip> KaffeeKatrin: there are tools if you google it
1562[19:12:28] <queip> some work
1563[19:12:32] <queip> it's actually complicated process
1564[19:12:44] <TyrfingMjolnir> I now did the complete install from DVD 1, however booting the system is not possible as drive letter changed from sdb to sda
1584[19:15:41] <tagomago> Hey people! Silly question. My Thunderbird just got auto-updated to 60.0 on my Stretch like 10 mins ago, and Lightning has disappeared. I already searched for the issue and tried this: replaced-url
1586[19:16:02] <jelly> TyrfingMjolnir: by default debian uses uuids in both grub.conf and fstab
1587[19:16:05] *** Joins: luna (~luna@replaced-ip)
1588[19:16:07] <luna> Debian mentioned in todays Gitlab event
1589[19:16:43] <petn-randall> tagomago: It's a known issue, and unfortunately didn't get fixed in time. You can simply remove the lightning calendar debian package, and install the extension by hand. Then your calendar will be back.
1645[19:28:30] <TyrfingMjolnir> jelly: There is no /boot/grub/device.map
1646[19:28:42] <jhutchins_wk> TyrfingMjolnir: Edits made through the grub boot menu are not persistent.
1647[19:28:51] <tagomago> Nah, jelly, I removed the Lightning package, re-opened Thunderbird and still can't see Calendars.
1648[19:28:52] <jelly> TyrfingMjolnir: what does your /proc/cmdline look right now?
1649[19:29:15] *** Quits: n9nes (~strn@replaced-ip) (Remote host closed the connection)
1650[19:29:22] <greycat> "If the device map file does not exist, then the GRUB utilities will assume a temporary device map on the fly. This is often good enough, particularly in the common case of single-disk systems." replaced-url
1669[19:34:06] <tagomago> So it looks like, on TB 60.0, Lightning still works as extension? But the updated Lightning version (6.2) doesn't work with that TB ver. I even can't install any Lightning version from the Thunderbird extension manager... All non-compatible. Sigh.
1697[19:46:38] <SerajewelKS> TyrfingMjolnir: you should just need to install the firmware-bnx2 package to get the network working. grab this URL and throw it on a thumb drive: replaced-url
1698[19:47:08] <SerajewelKS> then "dpkg -i" it, then reboot. or modprobe -r and modprobe the bnx2 module.
1699[19:49:10] <TyrfingMjolnir> Or is firmware-bnx2_20161130-3_all.deb on DVD1?
1700[19:49:21] <greycat> It won't be on the standard DVD images because it's non-free.
1701[19:49:22] <SerajewelKS> it's nonfree so i would assume not
1702[19:49:30] <TyrfingMjolnir> Oki
1703[19:49:49] <nyov> for curiosity's sake; what would be a good way to verify such a download against the local keyring?
1730[19:56:13] <greycat> I was actually hoping to find a link to the Lightning extension itself, but strangely, Google doesn't seem to want me to find that.
1747[19:59:22] <tagomago> I'll reinstall the Lightning package and see what happens
1748[19:59:42] <greycat> Isn't the debian package of lightning known NOT to work?
1749[19:59:55] <n4dir> i try to play a video with mpv, it does start, but it is so slow you can't watch it. I never use videoplayers and can't make any sense of the error message: replaced-url
1766[20:04:41] <nyov> just grepped my logs, someone else said this:
1767[20:04:43] <nyov> < mahe> Got it! The fix was quite simple: I just needed to install the lightning-l10n-* package for the same language as my thunderbird!
1768[20:04:46] <plasmoduck> Microsoft Debian for Window 10.
1769[20:04:48] <tagomago> Ok, my heart rate back to normal... thanks ploeple.
1770[20:05:27] <tagomago> Yeah, I also added my language pack for Lightning, that may be the key.
1777[20:09:58] <SerajewelKS> TyrfingMjolnir: all that should do is regenerate your grub config and copy needed grub files (modules/translations) to /boot/grub
1801[20:17:51] <TyrfingMjolnir> update-grub was run
1802[20:17:56] <TyrfingMjolnir> How do I verify this?
1803[20:18:22] <YesMan_> Hey does lspci being able to gather all the data on a device means that the device is correctly setup? I get a direct firmware load failed error for my GPU firmware at startup. As I have no GUI on the machine it's hard to check if the video is working fine
1804[20:18:41] <TyrfingMjolnir> Do I have to reboot?
1805[20:18:47] <TyrfingMjolnir> Or can I just cat some file?
1806[20:18:53] <greycat> in /boot/grub/grub.cfg you should have stuff like linux /vmlinuz-4.9.0-8-amd64 root=UUID=57cd3d98-68de-46b4-b8ad-ed3c8e2f7c10 ro
1807[20:19:07] <TyrfingMjolnir> # route -n
1808[20:19:08] <TyrfingMjolnir> bash: route: command not found
1821[20:22:01] *** Quits: Achylles (~Achylles@replaced-ip) (Remote host closed the connection)
1822[20:22:28] <TyrfingMjolnir> True
1823[20:22:30] <TyrfingMjolnir> Fixed now
1824[20:22:50] <TyrfingMjolnir> I also have this:
1825[20:22:51] <TyrfingMjolnir> locale: Cannot set LC_CTYPE to default locale: No such file or directory
1826[20:22:51] <TyrfingMjolnir> locale: Cannot set LC_ALL to default locale: No such file or directory
1827[20:22:53] <greycat> (I wish that weren't the case, and that it would simply give you a sources.list with the standard mirror lines, commented out.)
1828[20:23:21] <greycat> export LANG=C for now, and then run "dpkg-reconfigure locales"
1829[20:23:28] <greycat> After that, you can set your LANG properly.
1830[20:23:43] <TyrfingMjolnir> locale-gen enough to get rid of the nagging?
1832[20:25:37] *** Quits: astrofog (~astrofog@replaced-ip) (Remote host closed the connection)
1833[20:25:49] <TyrfingMjolnir> Hmmm
1834[20:26:01] <SerajewelKS> YesMan_: lspci doesn't really talk to the device, it just checks what kernel module is in use (as well as gathering some other info). so no, lspci's output should not change at all whether or not any required firmware was loaded.
1871[20:38:52] <SerajewelKS> YesMan: ah, gotcha. in that case maybe you just run a sample opencl calculation and see if it works.
1872[20:38:57] <greycat> You may end up having to track down whatever put those bogus values in your environment. Possibly places include ~/.profile ~/.bashrc /etc/environment /etc/default/locale
1925[21:12:59] <jhutchins_wk> TyrfingMjolnir: Usually just in /etc/network/interfaces
1926[21:13:00] <nyov> TyrfingMjolnir: I think that syntax is deprecated
1927[21:13:03] <BlAd3> but when open the screen for install in graphic he freez with black screen
1928[21:13:24] <nyov> (for interface name anyway)
1929[21:13:35] <jhutchins_wk> BlAd3: Try text-based install, you should be able to get enough installed to troubleshoot it.
1930[21:13:40] <TyrfingMjolnir> BlAd3: separate physical drives?
1931[21:13:46] <jhutchins_wk> BlAd3: Have you tried a Live iso?
1932[21:14:14] <jhutchins_wk> !kms
1933[21:14:14] <dpkg> Kernel Mode Setting (KMS) has graphical modes initialized by the Linux kernel instead of X. It is hardware dependent, introduced in Linux 2.6.29. Enabled via modprobe as of xserver-xorg-video-intel 2:2.9.1-2 and xserver-xorg-video-radeon 1:6.12.192-2. To disable, edit /etc/modprobe.d/{i915,radeon}-kms.conf or boot with the 'nomodeset' kernel command line parameter. replaced-url
1934[21:14:21] <BlAd3> lenovo legion ssd 512 adata and segate firecuda
1938[21:16:43] <BlAd3> i try with backbox and ubuntu and no problem
1939[21:16:47] <nyov> TyrfingMjolnir: I use lines like "up /sbin/ip addr add 192.x/24 broadcast 192.x dev br0" under an iface stanza to add more IPs per interface
1940[21:16:58] <BlAd3> but i would like return to debian
1941[21:17:00] <nyov> I'm not sure if there is a better way
1951[21:23:21] <stkt> is there some small tool that would allow me to pipe text into it and just write it to a file, which would allow me to move the file, maybe send a signal to it and then write to the new file instead? i have some continuous running command, so i can't trap any signals in my script to switch the file on my own.
1952[21:23:27] <SerajewelKS> TyrfingMjolnir: iptables is always "running," what do you mean by that?
1954[21:25:07] <greycat> stkt: you're describing precisely how logging works in daemontools's "multilog" and runit's "svlogd" and probably many other implementations of service manager logging
1955[21:25:21] <jhutchins_wk> TyrfingMjolnir: Do you NEED iptables?
1956[21:25:22] <TyrfingMjolnir> I set up NAT from LAN subnet to WAN NIC
1957[21:25:25] <greycat> you should be able to use one of those as a standalone program
1958[21:25:35] *** Quits: The_Loko (~The_Loko@replaced-ip) (Remote host closed the connection)
1959[21:25:42] <TyrfingMjolnir> It's the only application this node will run
1962[21:26:07] <SerajewelKS> TyrfingMjolnir: i use handwritten scripts that generate a config and pipe it to iptables-restore. i wrote a systemd service to execute that on boot, but you can also use a pre-up line to run that in /etc/network/interfaces
1963[21:26:33] <SerajewelKS> TyrfingMjolnir: you can set ip_forward on boot in /etc/sysctl.d
1965[21:26:48] *** Quits: n4dir (~user@replaced-ip) (Remote host closed the connection)
1966[21:27:18] <jhutchins_wk> !iptables
1967[21:27:18] <dpkg> [iptables] The user-space process used to administer iptables kernel parts on top of netfilter. Ask me about <netfilter docs>. For a proper Debian-way of setting up iptables, see replaced-url
1968[21:27:21] *** Quits: forgotmynick (uid24625@replaced-ip) (Quit: Connection closed for inactivity)
1970[21:28:16] <SerajewelKS> iptables-persistent is nice but i have a slightly more complex setup and use shell scripting to ease rule generation
1971[21:28:42] <greycat> systemd seems to be the only service manager that *doesn't* include a multilog analogue program, because it uses a whacky "journal" instead
1972[21:29:02] <TyrfingMjolnir> SerajewelKS: Is that on !gh?
1973[21:29:09] <SerajewelKS> plus there are some complexities when using e.g. fail2ban; if you reload your iptables config then all the fail2ban entries go away, so my "apply the firewall rules" script restarts fail2ban as well
1980[21:30:10] <TyrfingMjolnir> Very eager to learn
1981[21:30:15] <SerajewelKS> TyrfingMjolnir: TBH in your case i would go with iptables-persistent
1982[21:30:26] <SerajewelKS> i doubt your rules are as complex as mine ;)
1983[21:30:33] <TyrfingMjolnir> I just like to see different approaches
1984[21:30:35] <stkt> @greycat just a simple problem with that, i tried multilog already, problem is the max size limit is crazy small, approx 16MB … systemd .. PITA
1985[21:30:52] <greycat> you can configure the size for multilog
1992[21:33:09] *** Quits: nyov (~nyov@replaced-ip) (Quit: Recursive traversal of loopback mount points)
1993[21:35:13] <SerajewelKS> TyrfingMjolnir: (still working on sanitizing the rules) part of the complexity is that this node is also an ipv6 router, and i hate duplication. so i have a helper function to build out my v4 rules and v6 rules with the same script.
1994[21:35:20] <SerajewelKS> TyrfingMjolnir: it will make sense when you see it
1995[21:35:42] <SerajewelKS> plus there is a VPN. so this box routes to v4, v6, and VPN.
1996[21:36:04] <SerajewelKS> and i want to allow only some types of traffic in some directions. e.g. VPN-to-internet is disallowed, as is *some* VPN-to-VPN traffic.
2001[21:39:01] *** Quits: karakedi (~eAC53C340@replaced-ip) (Remote host closed the connection)
2002[21:39:16] <SerajewelKS> TyrfingMjolnir: these files live in /etc/network/iptables and on this machine i have "up /etc/network/iptables/apply" on my primary bridge interface
2003[21:40:18] <TyrfingMjolnir> Nice
2004[21:40:31] <TyrfingMjolnir> I do this using XSLT exporting from FileMaker
2005[21:40:46] <SerajewelKS> i forget what my ebtables rules are for, i think QOS
2007[21:41:07] <TyrfingMjolnir> But you are right yours is by far more complex than mine.
2008[21:41:45] <TyrfingMjolnir> SerajewelKS: Thanks for the inspiration
2009[21:42:35] <SerajewelKS> it got messy when i threw ipv6 in. i was using a single file that i piped to iptables-restore. but then i had the need for some rules to be v4-only or v6-only. so i prefixed those lines with @@v4@@ or @@v6@@ and used grep to weed out the "wrong" lines (@@v6@@ when building the v4 firewall) and then another grep to remove the prefixes.
2010[21:42:48] <SerajewelKS> that soon became difficult to manage. so then i wrote this script.
2014[21:45:37] <SerajewelKS> we have a firewall script on most of our servers where i work, written some 10+ years ago. it invokes iptables directly to build up the rules which means that every time it's applied, there's a small window when packets can arrive and bypass the firewall because it's half-built.
2015[21:45:52] <SerajewelKS> i've been slowly replacing it with scripts based very closely on these scripts i'm showing you
2017[21:47:00] <SerajewelKS> having a script build the rules is nice because you can base rules on the contents of other files for example. which we do in a few places.
2051[22:16:03] <majest1c> If I want to write a manual page for my bash script and the usage is "bash mstatus {login|logout|xlock|unxlock} [message]" What do I need to write under the synopsis page? exactly that?
2067[22:24:17] <jhutchins_wk> There's a template kicking around somewhere too.
2068[22:24:23] <majest1c> jhutchins_wk: Yeah, but would you understand how to use it by that? I mean is it generally understood that "bash mstatus {login|logout|xlock|unxlock} [message]" would use either, login, logout, xlock OR unxlock as argument then an optional messaged followed by that?
2069[22:27:11] <jhutchins_wk> That's the logic I know, except I'm not sure about curly brackets around the mandatory command.
2070[22:27:35] <jhutchins_wk> majest1c: for rfkill it's rfkill [options] command and the commands are listed below.
2081[22:31:29] *** Quits: jfoy (~jfoy@replaced-ip) (Remote host closed the connection)
2082[22:31:44] <x-fak> hi
2083[22:31:58] *** Quits: wonderer (~quakeroat@replaced-ip) (Quit: Famous quotes #75: "God gave men both a penis and a brain, but unfortunately not enough blood supply to run both at the same time." - Robin Williams, commenting on the Clinton/Lewinsky affair)
2084[22:32:08] <jhutchins_wk> majest1c: Have a look at that man-pages page, it's pretty thorough
2086[22:34:08] <x-fak> it's a question about debian, but maybe somone here has the knowledge. I got a site which offer a stream (HLS stream) that i'd like to download the video (.ts video), i try multiple tool with no results, can you help me? I tried with ffmpeg, youtube-dl, i got 403 error with ffmpeg
2093[22:36:49] <SerajewelKS> that won't work with HLS
2094[22:37:10] <x-fak> jhutchins_wk , i dont know how to get the correct with curl or wget, i'm afraid
2095[22:37:29] <SerajewelKS> x-fak: you may need to supply a browser user-agent to use ffmpeg. the server may be blocking the request based on the user-agent.
2100[22:39:28] <SerajewelKS> jhutchins_wk: HLS streams are a single master playlist that specifies URLs to other playlists, one per quality. then each of THOSE playlists is a list of .ts files that are each about 10 seconds long.
2101[22:39:34] <SerajewelKS> EdePopede: also ^
2102[22:39:50] <SerajewelKS> using curl/wget to download an HLS stream is entirely impractical
2103[22:39:54] <x-fak> SerajewelKS , it's right, i supply the user-agent using the ffmpeg switch called "-user_agent"
2104[22:40:19] <jhutchins_wk> SerajewelKS: Yeah, reading up on it. ffmpeg is frequently mentioned.
2105[22:40:21] <x-fak> and i supply the cookie using "-headers"
2106[22:41:03] <SerajewelKS> x-fak: there may be a firefox extension you could use that will do the same thing, in the same environment (cookie jar etc) that the site likes
2107[22:42:24] <EdePopede> SerajewelKS: could be tricky if the server expects an ID created from some JS, so the original request for the m3u8 and then vlc/mpv/curl for the .ts segments (unless it is a live stream, then the m3u8 must be rerequested also)
2112[22:43:38] <EdePopede> my experience is (youtube-dl) that once you got the segment addresses, (usually) akamai doesn't care about cookies and nothing
2113[22:43:39] <x-fak> EdePopede , i pretty sure i already tried that (i knew that curl trick) and i didnt work but i'll try again
2114[22:44:01] *** debhelper sets mode: +l 1139
2115[22:44:37] <SerajewelKS> EdePopede: it depends if they're using whatever akamai's stream protection option is
2116[22:44:52] <SerajewelKS> it works similarly to S3's signed URLs
2117[22:45:00] <EdePopede> x-fak: if you watch it for some time, how often is it fetched? maybe there is a timeout how long it is available with exactly the parameters used
2119[22:45:05] <x-fak> SerajewelKS , there's a firefox extension, which i sucessfully used to download the videos on the same site i'm trying to retrieve source video , it's called "The Stream Detector"
2120[22:45:16] <gedia> hello all, I'm trying to make a custom debian package where upstream doesn't ship a configure script, so I have to run autoreconf... however, if I do, debuild fails because the process creates new files in the "autotools" subdir of the source which weren't there before with: error: cannot represent change to autotools/install-sh and similar
2121[22:45:28] *** Quits: blackes__ (~blackest_@replaced-ip) (Remote host closed the connection)
2122[22:45:31] <gedia> how is it expected to work around this?
2123[22:45:31] <BlAd3> hi guy some suggestion for install debian using live
2124[22:45:48] <greycat> the usual suggestion is "Don't"
2125[22:46:26] <SerajewelKS> yeah i imagine you could use debootstrap if you know what you're doing but using the installer will be easier
2126[22:46:33] <x-fak> SerajewelKS , but now it doesnt work anymore, it seems, the addon is creating the right command line for mmpeg with everything needed, but i still got a 403 error now
2127[22:46:51] <BlAd3> with installe freez
2128[22:46:56] <BlAd3> with installer freez
2129[22:47:08] <SerajewelKS> x-fak: the URLs could stop working after the first use. it's hard to say without seeing the server's program.
2130[22:47:51] <foul_owl> I'm trying to install virtualbox guest additions. guest is debian 9. host is debian 8. guest cannot find linux/version.h but the headers are installed. specifically it's looking for "/lib/modules/$(uname -r)/build/include/linux/version.h"
2154[22:52:02] <foul_owl> Hmmm, it looks like both 4.9.0-7 and 4.9.0-8 are installed
2155[22:52:08] <foul_owl> And the headers are installed for both also
2156[22:52:49] <SerajewelKS> foul_owl: is build-essential installed?
2157[22:52:55] <foul_owl> Yes
2158[22:53:12] <foul_owl> From googling, it seems like everyone says "update to virutalbox 5.2" but that version is not in the repos
2159[22:53:29] <SerajewelKS> are you using guest addons from the repo or from the ISO
2160[22:53:30] <foul_owl> I would assume that this should work with packages found in the debian repos
2161[22:53:46] <foul_owl> I was attempting to install the addtions from the iso
2162[22:53:56] <foul_owl> I didn't realize there were guest additions from the repo to be honest
2163[22:54:00] <x-fak> EdePopede , i tried with firefox console, to get the curl command, i can save the file, but i think it's only a small part of the file, i cannot do anything with that
2164[22:54:02] <foul_owl> Should i prefer that?
2165[22:54:15] <tw> foul_owl: it's in contrib. It has the right dependencies to get you what you need.
2166[22:54:17] <SerajewelKS> not necessarily as the version won't match the host's virtualbox
2167[22:54:28] <SerajewelKS> better would be to track down what package provides that file that's missing
2168[22:54:36] <tw> at least as far as dkms and so forth.
2170[22:55:08] <BlAd3> the issue i think some with graphic card
2171[22:55:19] <EdePopede> x-fak: ts segments are usually afaik 3-10 seconds only, so just a few MB. should you get the m3u8 you'd have to load all of them listed there (or let vlc/mpv or so do it)
2190[22:59:13] <tw> there's some other virtualbox-guest-* packages in backports/contrib you might also want, but just the dkms package will make sure you have all the dependencies you need for actually building dkms things.
2191[22:59:17] <Arahael> If one has a fast SSD, and a (relatively) slow HDD, what are the options if one wants to make the overall system faster - set up the SSD as a cache (how?), or simply allocate the partitions sensibly (eg, put the OS and source code onto the SSD, and /home or /bigdata on the HDD)?
2193[23:00:16] <SerajewelKS> Arahael: my approach generally is to put everything on the SSD (including swap), mount the other disk as /mnt/storage for example, and as i find things that are big but don't suffer much from being on a slower disk i move them to /mnt/storage and leave a symlink pointing there
2195[23:00:27] <foul_owl> Awesome!! That worked :D
2196[23:00:29] <foul_owl> Thank you again
2197[23:00:36] <SerajewelKS> you definitely don't want to put swap on the magnetic drive
2198[23:00:52] <tw> Arahael: Sensible partitioning is probably the best choice. You can look at things like lvmcache if you want to try the other thing.
2199[23:00:53] <Arahael> SerajewelKS: Yes, swap - if any - should definitely be on the SSD. :)
2200[23:01:20] <Arahael> tw: Yeah, I was wondering what the tradeoffs were, I suspect "sensible partitioning" is the most efficient approach.
2210[23:03:23] <Arahael> tw: I mean, you can't just plop all the devices into the one LV and use that for partitioning, as LVM apparently doesn't consider diffeerent speeds.
2213[23:04:25] <tw> Arahael: you can totally plop 'em all in one VG and then create a lvmcache volume bound on the fast pv and the data volume sitting on the slow pv.
2214[23:04:41] *** Quits: n9nes (~strn@replaced-ip) (Remote host closed the connection)
2219[23:05:38] <Arahael> tw: Interesting. What's the performance like compaired to the simple method of simply putting everything on the SSD, except for /bigdata?
2220[23:05:42] *** Quits: thms (~thms@replaced-ip) (Remote host closed the connection)
2222[23:06:08] <tw> Arahael: generally worse, unless you're modifying your big files. Big files that you use once can evict little files you use often.
2223[23:06:28] <Arahael> tw: Ah, good point.
2224[23:06:49] <Arahael> I think I'll keep them separate, then.
2225[23:07:19] <Arahael> Probably use LVM, but keep them separate, for that reason, then. Thanks for that. :)
2226[23:09:00] *** Quits: dastier (~dastier@replaced-ip) (Remote host closed the connection)
2229[23:10:14] <ScottE> Arahael: ZFS L2ARC can do exactly this - use an SSD as an L2 cache for a spinning drive (or mirror/array of drives). ZFS on a root filesystem isn't trivial, though - I run all my systems with ZFS for everything, but it requires a debootstrap install that most people won't do.
2251[23:14:15] <SerajewelKS> Arahael: create new LVM PV on the different drive, add it to the VG with the volume you want to move, "pvmove" with the appropriate settings, "vgreduce" to remove the old PV
2252[23:14:23] <SerajewelKS> this can be done while the volume is mounted and in use
2253[23:14:42] <SerajewelKS> (or you can leave the old PV added if you plan to use it in the same VG for something else)
2254[23:14:47] <Arahael> SerajewelKS: Interesting. Well, that's an option.
2257[23:16:24] <SerajewelKS> i use LVM on every new debian system i set up for exactly this reason. the storage "reshaping" (to borrow a RAID term) you can perform while the system is up and available is crazy.
2258[23:16:44] <SerajewelKS> as long as you don't have to shrink a volume, odds are you can do it online
2259[23:16:47] *** Quits: ToBeCloud (uid51591@replaced-ip) (Quit: Connection closed for inactivity)
2260[23:17:33] <SerajewelKS> the only thing i don't really trust LVM with yet is RAID. i would rather use dmraid and then make the RAID logical volume an LVM PV.
2261[23:17:52] <Arahael> I've yet to trust RAID at all.
2262[23:18:17] <Arahael> I do indeed like LVM for just that, though - to be able to reshape everything, (to borrow a SerajewelKS term. ;) )
2264[23:18:38] <SerajewelKS> levels 1 and 10 are great
2265[23:19:27] *** dexta_ is now known as dexta
2266[23:19:50] <Arahael> I really don't have much need for RAID.
2267[23:19:55] <SerajewelKS> RAID0 is really only good if (a) you're using it as part of an unorthodox config where you can't use RAID10 but will still be mirroring, or (b) you need a large temporary workspace to assemble some data and it's not a big deal if the array dies because you can just regenerate all of the data.
2268[23:20:13] <SerajewelKS> (e.g. RAID0 would be fine to use as an on-disk cache, as long as the program using it can tolerate it suddenly disappearing)
2270[23:20:22] <Arahael> Although, if I had two M.2 SSD's...
2271[23:21:04] <SerajewelKS> RAID0 is terrible by itself for data you care about because you lose all your data if either disk fails. you basically double your chances of something going wrong.
2272[23:21:09] <SerajewelKS> i use RAID1 on my home NAS
2281[23:22:08] <Arahael> annadane: I tend to backup to the cloud, now.
2282[23:22:09] <annadane> not sure which brands are more trustworthy
2283[23:22:16] <Arahael> annadane: I use Amazon S3.
2284[23:22:24] <Arahael> Glacier, storage, if I can help it.
2285[23:22:44] <annadane> anyway it's off topic
2286[23:22:54] <SerajewelKS> i have some custom scripts that GPG-encrypt with a pubkey then upload to glacier. the privkey is split with ssss in multiple physical locations.
2287[23:23:34] <Arahael> SerajewelKS: Why GPG?
2288[23:23:46] <Arahael> SerajewelKS: You're better off using AES encryption.
2301[23:26:00] <SerajewelKS> most of the stuff on my NAS isn't backed up anyway, because it's a copy already. the NAS runs a plex server, which hosts all of our DVDs that i've ripped. so if the RAID1 fails then i haven't lost anything except the work that went into ripping them.
2309[23:27:11] <SerajewelKS> IIRC the way GPG does encryption, it creates a random symmetric key and encrypts that with the pubkey, then encrypts the message with the symmetric key
2310[23:27:27] <SerajewelKS> so you get the benefits of asymmetric encryption without the performance drawback
2312[23:28:00] *** Quits: rsx (~rsx@replaced-ip) (Remote host closed the connection)
2313[23:28:21] <tw> SerajewelKS: it's not efficient at the symmetric part, esp (as I understand) with the way it hmacs and signs at the end.
2314[23:28:38] <tw> it can easily take 20 minutes to gpg encrypt 1GB of data.
2315[23:28:40] <SerajewelKS> since the message key is random and different for each message this also prevents any kind of cleartext attacks against the GPG privkey
2316[23:28:55] <tw> But if speed is not an issue, it doesn't matter how long it takes.
2317[23:29:07] <SerajewelKS> tw: hmm. well yeah. i let my backups run overnight anyway.
2318[23:29:10] <Arahael> Right. It just seems a shame not to use hardware encryption.
2319[23:29:59] *** Quits: will_haven (~will_have@replaced-ip) (Remote host closed the connection)
2320[23:30:09] <SerajewelKS> the big issue with using something like raw AES is that i have to keep the key online
2325[23:31:09] <SerajewelKS> and i'm doing incremental backups so i only have to encrypt what changed since the last backup
2326[23:31:12] <tw> Out of curiosity, what's the point of shamir's key splitting? Are you using hw tokens as one of the secrets?
2327[23:31:30] *** Quits: m0d (~m0d@replaced-ip) (Disconnected by services)
2328[23:31:58] <SerajewelKS> tw: it's for catastrophic things, like my house burns down. i have the split shares stashed in locations other than my house, so i can reassemble the key in a worst case scenario, and even survive the loss of some number of physical pieces of the key.
2331[23:33:06] <SerajewelKS> plus if one share is compromised, an attacker doesn't gain any information
2332[23:33:49] <tw> They gain 1 of K required keys to recover your original.
2333[23:34:21] <SerajewelKS> as long as i find out that the share has been compromised i can destroy the other shares and re-split the key
2334[23:34:24] <tw> which I presume is fewer than the N keys you made, so it can handle losing subkeys.
2335[23:34:32] <Arahael> SerajewelKS: You can either download the key, decrypt it, and use it. Or just create a new key every time and encrypt it using GPG.
2336[23:34:39] <BlAd3> guy someone can help me?
2337[23:34:46] <Arahael> SerajewelKS: And frankly, creating a new key is probably better.
2338[23:35:12] <SerajewelKS> Arahael: downloading and decrypting the key means that i have to keep the key effectively online. creating a new key every time means i can't back up the key.
2339[23:35:38] <SerajewelKS> encrypted backups have a weak point: you lose the key, you lose your backups
2340[23:35:45] <Arahael> SerajewelKS: Sure you can, keep a local copy - and put the key with the backups.
2341[23:36:04] <SerajewelKS> the backups are on glacier. i don't want amazon to have the key at all.
2356[23:37:49] <SerajewelKS> Arahael: to reiterate what i said before, GPG message are encrypted with a symmetric algorithm. the key is randomly generated and then encrypted with the GPG pubkey being used.
2357[23:37:57] <BlAd3> same if i try to install with speech
2358[23:38:32] <BlAd3> it give the comand ma not in the screen some suggestion ?
2359[23:38:37] <SerajewelKS> IIRC this is primarily to prevent cleartext attacks against the GPG privkey. using an intermediate key prevents that.
2361[23:38:51] <tw> SerajewelKS: imo, keep multiple copies of your decryption key on gpg cards and call it good. Key splitting is cool, but is it that much better than a smartcard with a limited number of pin tries?
2364[23:39:03] <Arahael> SerajewelKS: Right, as I said, I must be mistaken. My whole point, however, is to ensure that you're taking advantage of hardware.
2369[23:39:38] <SerajewelKS> Arahael: while that would be nice, my backups happen overnight and are done when i wake up so making them faster is not really useful at the moment
2370[23:39:54] *** Quits: jfoy (~jfoy@replaced-ip) (Remote host closed the connection)
2392[23:43:14] <BlAd3> after i boot he open the screen for install debian
2393[23:43:29] <Arahael> tw: Trouble is, I keep blowing my budget. ;)
2394[23:43:38] <BlAd3> when i send for install black screen
2395[23:43:43] <SerajewelKS> what is rufus
2396[23:43:53] <jadax> hey, I have internet-less debian 9.2 box that I want to enable Asus USB AC56 adapter on(ID 0b05:17d2). Do you think I can download required packages on another machine and transfer them over USB thumbdrive?
2400[23:44:43] <BlAd3> if i start in live no issue
2401[23:44:54] <jadax> Arahael what do I need to enable it? linux-firmware package?
2402[23:45:11] <annadane> BlAd3, your issue is using rufus. use win32diskimager.
2403[23:45:15] <Arahael> jadax: You don't need anything special to enable it.
2404[23:45:37] <annadane> !rufus
2405[23:45:37] <dpkg> rufus is a tool that can be used to make bootable USB devices under Windows. It is not recommended for use with Debian CD/DVD images, as it mangles the installer in cruel and unusual ways, resulting in hard to debug problems. Ask me about <hybrid images>, <usb install>, <win32diskimager>.
2406[23:45:49] <jadax> should it be supported right away?
2407[23:45:57] <BlAd3> ok i go to try immediatly thanks annadane
2408[23:46:14] <Arahael> jadax: I misunderstood. (I'm slightly drunk). I thought you were asking about downloading packages on antoher machine and transferring them over USB.
2409[23:46:44] <Arahael> jadax: And you certainly can do that - that's called "sneakernet".
2410[23:46:57] <jadax> Arahael my follow-up question is what exactly do i need to download on another box
2411[23:47:09] <SerajewelKS> jadax: you may not need anything. have you tried it yet?
2412[23:47:14] <jadax> yes
2413[23:47:34] <jadax> I have no wireless adapters in "system" giu
2428[23:49:29] <SerajewelKS> jadax: sneakernet this file over and dpkg -i it: replaced-url
2429[23:49:44] <annadane> !tzdata
2430[23:49:44] <dpkg> A time zone is the standard time (aka local time) in a particular region. To change the timezone on Debian systems, execute "dpkg-reconfigure tzdata". Alternatively: "cp -b /usr/share/zoneinfo/$TZ /etc/localtime". Note that tzselect(1) does not change the timezone. Postfix users: execute "service postfix restart" to update localtime in the chroot.
2431[23:49:46] <SerajewelKS> you may need to unplug/replug the device after
2482[23:59:48] <queip> doesn't work = run libreoffice, new Writer document - set some text font properties: the language field has "Polish" but not with the "spellcheck" icon