21[00:09:13] <petn-randall> noob23: You can install intel-microcode, or amd64-microcode, and the kernel should make use of the new CPU instructions to fix it.
33[00:19:49] <Lyberta> there are mentions that "su" has changed in buster and recommends ALWAYS_SET_PATH in /etc/login.defs but that leads to warning when logging in: replaced-url
34[00:20:09] *** Quits: Space_Man (~Space_Man@replaced-ip) (Remote host closed the connection)
53[00:37:58] <jmcnaught> Lyberta: I recommend simply using 'su -l' instead of 'su' without arguments. With a login shell you will get root's $PATH with /sbin and /usr/sbin
54[00:38:22] <Lyberta> jmcnaught, but will this change current directory?
58[00:39:24] <rwp> If su'ing to root it's a good idea to change directory and get out of the non-root directory. Otherwise other things have a tendency to leave root owned files behind.
59[00:39:47] <jmcnaught> Debian before buster used su from login, but in buster has switched to the su from util-linux
86[00:57:21] <Lyberta> karlpinc, so if I want to keep current directory but become root via a root password I need to just use "su" with ALWAYS_SET_PATH, right?
88[00:59:41] <karlpinc> Lyberta: I don't know about ALWAYS_SET_PATH. What are you really trying to do? You wind up with a strange system that only you can admin if you start frobbing stuff like that.
89[01:00:27] <Lyberta> karlpinc, I guess I just new "open root terminal here" right click option in file manager...
90[01:00:31] <Lyberta> need*
91[01:01:08] <Lyberta> right now I use "open terminal here" and then type "su"
94[01:02:37] <karlpinc> Lyberta: I always open a regular terminal and "su -l" when I need to be root. Then, I'm logged in as root, in root's home directory etc., etc. And I can do things as root, things which generally should not be done in "regular" directories that are user accessable.
95[01:03:14] <karlpinc> Lyberta: Or, I use the UPG idiom and put my user in a group so that it has permissions it needs to do things like maintain website documents, etc.
96[01:03:28] <Lyberta> karlpinc, I have typing, so i prefer to open directory via mouse and then I need root terminal there
105[01:05:51] <karlpinc> Lyberta: If I were you I'd write a script that does what I want and stick it in a menu entry. I stay away from the GUI mostly. It's too slow.
111[01:07:17] <Lyberta> karlpinc, and for me mouse in the fastest way, like, I don't need to look at keyboard and move my hands to type
112[01:07:37] <karlpinc> Lyberta: You may need to log out and back in again, dunno.
113[01:08:28] <karlpinc> Lyberta: Reaching back and forth from the mouse to the keyboard is too slow. You're going to have to type stuff, so keeping your fingers on the keyboard is fastest.
114[01:08:50] <karlpinc> Lyberta: Of course if you can't type, that's different. It's worth learning, unless you've a disability.
116[01:10:13] <Lyberta> karlpinc, for me it's mostly web browser and gaming and for gaming I use arrow keys so switching to qwerty part of keyboard is slow
160[01:32:08] *** Quits: alexertech (~xb@replaced-ip) (Quit: Fades into the darkness)
161[01:32:40] <annadane> test left but in case anyone else wants openbox tips, obmenu, lxhotkey and tint2 are good packages and you can copy /etc/xdg/openbox to .config/openbox for your user
188[01:54:50] <epony> I was at work that day, watched it on TV live as it was happening, felt both very sad and disheartened.. couldn't believe it was possible this could happen.
189[01:54:59] *** Quits: penyuka_ibu2_sem (~androirc@replaced-ip) (Remote host closed the connection)
190[01:55:39] <epony> but what does it have to do with OpenBox configuration?
191[01:55:45] <magic_ninja_work> I was in 10th grade algebra class. I remember watching in awe. My teach was crying.
192[01:56:15] <magic_ninja_work> OpenBox configuration holds the keys to defeating ISIS
210[02:07:01] *** Quits: fearnothing (~nothing@replaced-ip) (Remote host closed the connection)
211[02:07:07] *** Joins: Immanuel (~Manu@replaced-ip)
212[02:07:33] <dstaring> I have discovered that commercial websites actively change around their JSON blobs and HTML in order to mess with my bots. It forces me to constantly manually verify that the info is actually correct and has not been screwed with. For example, a resource that list the registered vehicles for an address now puts "1" in the HTML and then later changes this by JavaScript-loading a JSON blob, parsing it and changing the DOM. That's evil.
213[02:07:47] <dstaring> It causes me constant stress as I have to keep up with their stupid changes.
214[02:08:10] <dstaring> (They charge so much for actual API access that I could never even come close to affording it.)
215[02:08:10] <annadane> name and shame!
216[02:08:28] <epony> use other web sites, that don't need JS :-)
217[02:08:39] <dstaring> epony: No such thing.
218[02:09:11] <epony> well what could you do then to solve it?
244[02:27:41] <ghormoon> hi, hypothetical question, is there some way to make linux "remount" a drive to a copy of it (somehow hold off writes for a little while to ensure sync is up to date, mount from another location) and keep (somehow remap) open files, so not kill any apps, just let them wait few seconds for io?
268[02:34:31] <ghormoon> let's say i have 1min old copy of the / partition, i want to freeze it, sync in the last minute of changes, mount it from the new location and disconnect the old one
269[02:34:42] <ghormoon> but it's kinda stretched scenario
270[02:34:44] <ghormoon> just came to my mind
271[02:34:54] <ghormoon> and rare so reboot is ok :D
272[02:35:01] <rant> idk what any of that means
273[02:35:24] <rant> sounds to me like you got a long list of other problems making you think you need to do this
274[02:35:39] <ghormoon> no, i'm just overengineering things :D
275[02:36:08] <ghormoon> thiking i can make a "live" usb, that would be able also to bootstrap itself to a real disk, start using it without reboot. but i can just reboot there
276[02:37:15] <jmcnaught> ghormoon: with LVM you can make a snapshot volume of a filesystem's underlying block device. You can then mount that snapshot somewhere and copy from it, or modify it. The original block device remains read-write. You can also merge a volume back to the state of the snapshot, but doing that with root filesystem would require reboot.
277[02:37:32] <rant> you are confusing terms and creating one x y problem after another
278[02:38:02] <rant> debian systems already do pretty much exactly what you describe.. its called a pivot_root
279[02:38:30] <jmcnaught> ghormoon: well I think you would definitely want to reboot after installing to make sure the system is installed properly
281[02:39:20] <rant> the linux kernel is full of such things.. pivot_root() kexec() etc..
282[02:39:58] <ghormoon> what happens if you do that and some random binary is writing to some file? will it write to the same filename in new root or die and need a restart?
286[02:41:15] <ghormoon> the backroud sync would be zfs send/recv, so i can do it kinda efficiently with -I to sync up the last minute of changes or so, no need to copy over lvm volume at once
287[02:41:39] *** Quits: mchnsmrrd (~androirc@replaced-ip) (Remote host closed the connection)
288[02:42:08] <dstaring> linux.die.net <-- I always read that domain as a sentence. "Linux: die, net!"
289[02:42:35] <annadane> die bart die
290[02:42:39] <epony> read it as "linux.the.net"
291[02:44:52] <dstaring> Epona the e-pony.
292[02:45:00] <epony> doesn't Debian have a manual pages somewhere replaced-url
293[02:46:24] <ghormoon> thinking if i can actually use criu somehow for that, just dump it, umount/sync/mount and restore
294[02:46:47] <ghormoon> especially for containers
308[03:00:07] <Lyberta> while updating to the newer kernel and regenerating initramfs I get: "run-parts: failed to exec /etc/initramfs/post-update.d//update-efi: No such file or directory", why is there a second slash out of sudden?
314[03:07:22] <ghormoon> is there something more generic than pivot_root to pivot any other mountpoint too? sometnig like mv but for a mountpoint?
315[03:08:20] <ryouma> when i booted stretch just now, it had a lot of messages that flew by, including a lot of messages about a mapped drive. /var/log does not seem to have this. i tried journalctl, but it does not have it either. what switches to journalctl do i use? i have bootlogd installed but it does not seem to do anything. i tried journalctl -b as it suggested but that does not work either.
316[03:09:11] <ryouma> ghormoon: i am ignorant but maybe bind mount could be useful?
317[03:09:35] <ghormoon> not sure what happens if you remove the original mount then? does it stay at the new place?
318[03:10:03] <ghormoon> which makes me think it will be even more complicates with containers as they use bind mounts, yay :D
320[03:11:23] <ryouma> ghormoon: dunno, i try to steer clear of them unless i am doing a chroot, just a random idea in case nobody who has a clue could help you
321[03:11:52] <ghormoon> i guess criu them out and back immediately after rmeounting would be the easiest in the end :D
322[03:12:24] <ryouma> my question above can be summarized as: "in stretch, a lot of booting stuff flew by. what do i do to look at all of them?"
427[04:40:55] <jetblackcloud> so, i'm a bit confused. it would appear per the debian "secure boot" web page that there is a package called "grub-efi-ia32-signed." yet, it doesn't come up in the repos with apt.
429[04:42:13] <dstaring> Do the ****** at Google not have a real e-mail list for Chromium support? I only get the "Login to Google account" screen of death no matter what I try to do.
430[04:42:29] <jetblackcloud> do an "apt-cache search grub-efi-ia32-signed" and nothing comes up.
431[04:42:40] <jmcnaught> jetblackcloud: are you on a 32-bit system?
434[04:43:54] <jetblackcloud> jmcnaught: no. but, i write a guide that teaches a means of creating a usb stick that can boot to either efi 64/32 or bios. with buster, the ability to secure boot is nice. and while the webpage says it can work with 32 bit, and there is a package to download from that link above, it does not appear to be in the repos.
435[04:44:33] <themill> dstaring: I'm not sure #debian would know.
436[04:44:42] <jetblackcloud> trying to figure out if i'm missing something.
445[04:47:32] <jmcnaught> jetblackcloud: if you are on an amd64 system and want to install a package that is only available for i386 then you need to add the architecture as in the wiki page I linked above.
449[04:48:15] <jetblackcloud> if you're running buster, test it out with apt-cache. i've yet to personally encounter a situation where a 32 bit efi install was needed. but the machines that use that are out there.
450[04:48:44] <jetblackcloud> so, trying to figure out what i need to do to address that instance in a future guide,
466[04:57:00] *** Quits: Prints (~333@replaced-ip) (Ping timeout: 252 seconds)
467[04:57:07] <jetblackcloud> jmcnaught: in past, installing the grub-efi-ia32-bin package without adding the i386 arch wasn't an issue. read about weird machines that used 64 bit cpu based os with 32 bit efi.
468[04:57:19] <jetblackcloud> figured there'd be something there for signed as well.
469[04:57:57] <themill> having i386 packages within amd64 was always a kludge and people have been trying to get rid of them and just use multiarch
470[04:58:47] <jetblackcloud> themill: for the screwy setup i read about, it appeared the only "32 bit" aspect was the uefi loader. everything else was 64. never encountered it myself.
471[04:59:01] *** debhelper sets mode: +l 1511
472[04:59:05] <jetblackcloud> some tablet based machines it seemed.
473[04:59:37] <themill> yes, there's a couple of classes of machines that need that sort of boot
474[04:59:46] <jetblackcloud> probably overkill on my part covering it. but, seemed worthwhile just in case.
488[05:09:09] <ryouma> booting stretch has a lot of messages that flew by (including a whole lot of messages about a mapped drive). /var/log does not seem to have this. i tried journalctl, but it does not have it either. i have bootlogd installed but it does not seem to do anything. i tried journalctl -b as it suggested but that does not work either. what switches to journalctl do i use?
489[05:10:04] <mureena> use bacon
490[05:10:09] <mureena> that'll fix it
491[05:11:15] <ryouma> mureena: p ruby-bacon - Small RSpec clone
492[05:11:50] <ryouma> what is the usual thing you do when you want to see exactly what flew by and disappeared when you boot?
493[05:11:55] <mureena> I suggest that you check the output of dmesg
494[05:12:18] <ryouma> i did that too. it does not contain the lines about the mapped drive.
495[05:12:38] <mureena> mapped drive, anything special on your fstab?
499[05:13:53] <jmcnaught> ryouma: are these mystery messages in early boot?
500[05:14:44] <ryouma> jmcnaught: they were definitely after i aws prompted for password for drive, but idk what constitutes early
501[05:15:03] <ryouma> for a partition*
502[05:15:47] <dstaring> What do you do when Chromium literally doesn't work according to instructions and their IRC rooms are 100% dead and they don't provide any kind of support besides the Google Cancer-only Google Spy Group BS?
503[05:15:50] <ryouma> so journalctl with no args is supposed to print everything that shows in booting except ... before it is initialized or something?
504[05:15:58] <dstaring> And Stack Exchange ignores all my questions...
505[05:16:41] <jmcnaught> ryouma: I don't think that messages from the initrd stage of booting are captured in the logs
506[05:16:56] <ryouma> jmcnaught: ah, i presume this is much after that, as i was prompted for luk s
507[05:17:13] <themill> dstaring: This really isn't on-topic for #debian. Given the way you write here, I'd have a guess that there's an issue with the way you ask the questions.
508[05:17:38] *** Quits: alex27m (~alex27m@replaced-ip) (Remote host closed the connection)
513[05:21:49] <jmcnaught> ryouma: my root filesystem is encrypted so it needs to be unlocked at boot. That's the initrd handling that, because root and its contents are not unlocked yet. init and journald and rsyslog aren't running yet because they're on the encrypted drive
514[05:22:30] <magic_ninja_work> So has debian implemented anything like silverblue?
515[05:23:17] <jmcnaught> ryouma: I think using systemd-boot it can record those early boot messages in the journal, but Debian uses GRUB and initframfs-tools instead
516[05:23:20] <magic_ninja_work> I was thinking about it. Seems like it would be a pretty good solution Industrial Stuff. I'm looking at making my own HMI.
517[05:23:29] <magic_ninja_work> Or rather platform to deploy industrial stuff.
518[05:24:24] *** Quits: debsan__ (~debsan@replaced-ip) (Remote host closed the connection)
524[05:26:38] <ryouma> jmcnaught: yeah it is root. so journalctl by itself gets me everythign i should be able to get on debian? unless i switch to some systemd booting system?
525[05:27:17] <jmcnaught> ryouma: I could be wrong about systemd-boot I don't think it replaces initrd
526[05:27:23] *** Quits: debsan__ (~debsan@replaced-ip) (Remote host closed the connection)
527[05:27:46] <jmcnaught> ryouma: but yeah the journal includes the complete kernel logs (dmesg) as well as the stdout and stderr of every service running
528[05:27:49] <ryouma> i vaguely remember that bootlogd used to get me everything i wanted, but no longer
532[05:30:46] <jmcnaught> ryouma: you could try adding 'debug' as a kernel command line arugment which according to this wiki page will put some debug information in /run/initramfs/initramfs.debug: replaced-url
538[05:35:01] <ryouma> is there a command to check the fsck status of an fs, without unmounting it? like, check status of root fs right now (even if it doesnt fsck it but just says what the result was)
539[05:36:40] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
541[05:37:52] *** Quits: saptech (~saptech@replaced-ip) (Quit: Now you see me, now you don't)
542[05:37:54] <ryouma> (lol, the initramfs debug shell has vi. that's great, but i'd be beeping and my computer would be swearing, or vice-versa. i wonder if it has nano.)
543[05:39:04] <somiaj> ryouma: journalctl -u systemd-fsck* -- seems to give you what happened at boot
551[05:43:06] <ryouma> somiaj: your cat command works great and actully shows me lots of lines for the mapped drive (it was fsck). your journalctl command doesn't show those.
554[05:47:50] <dstaring> epony: I have Firefox installed and use it exclusively as my browser. So that part is not the problem. The problem is that Firefox has no --dump-dom option, which Chromium at least *claims* to have (but actually doesn't, since it doesn't actually do anything)...
555[05:48:13] <dstaring> epony: The only way to dump the DOM in Firefox appears to be to install a bunch of unwanted cancerware such as Node.js and Selenium, and I wish I could avoid that.
556[05:48:21] <dstaring> (And even then, it's not clear how to do it.)
560[05:49:37] <ryouma> would it be useful to put nano on my boot partition? it uses shared libraries, so i don't know whether that is possible. can you make a shared library executable static?
561[05:51:17] *** Quits: yans (~yans@replaced-ip) (Quit: chaos is the only true answer)
577[06:06:00] <jmcnaught> ryouma: you can add binaries to the initrd, look at /usr/share/doc/initramfs-tools-core/examples/example_hook in that script it uses a copy_exec function
578[06:06:47] *** Quits: herlocksholmes (~herlocksh@replaced-ip) (Remote host closed the connection)
584[06:09:10] <ryouma> jmcnaught: thank you. looks like a task bigger than i can do right now but maybe if i take another look at it tomorrow. sounds like i cargo cult that if statement, add my executable, and redo the initrd. then take care to ... maintain the initrd across debian versions or somethign? not suer.
587[06:12:42] <jmcnaught> ryouma: you put the hook in /etc/initramfs-tools/hooks/ I had to do this once on jessie to use lvmcache I needed to add /usr/sbin/cache_check into the initrd as was a couple of kernel modules
591[06:14:57] <jmcnaught> I don't know what you mean by cargo cult in this context.
592[06:15:06] <jmcnaught> Use it without understanding it?
593[06:15:44] <ryouma> more or less
594[06:16:30] *** Quits: lord_helmet (~lordhelme@replaced-ip) (Remote host closed the connection)
595[06:16:31] *** Quits: dez (uid92154@replaced-ip) (Quit: Connection closed for inactivity)
596[06:16:43] <ryouma> but if it is in /etc, then it will not be run until root is mounted. so it would not be useful for th case when root is not mounted, i guess
601[06:17:54] <jmcnaught> ryouma: the hook script's copy_exec function copies a binary and its libraries into the initrd when update-initramfs -u is run
661[07:36:22] <themill> deetwelve: I don't think /etc/netconfig ever had anything to do with disabling ipv6 on a system. It's the config file for one particular library.
662[07:36:35] <themill> !noipv6
663[07:36:36] <dpkg> From Debian 6.0 "Squeeze" onwards, <IPv6> is built into the Linux kernel (excluding the loongson-2f flavour). To disable IPv6, add the kernel command line option ipv6.disable=1 to your bootloader.
664[07:36:51] <themill> ^^ that might well still work, I can't say that I've ever tried
680[07:52:55] <kreyren> how do i get linux 5.2 on debian bullseye ?
681[07:54:06] <jetblackcloud> any idea why grub-update hangs indefinitely after manual install of grub via cli in expert install? if i reboot into rescue, it works fine. but, not during install.
695[07:59:01] <jetblackcloud> some extra info. partion is msdos table. set up to support both efi and bios.
696[07:59:02] <kreyren> if curl is missing on your system -> install it
697[07:59:14] <jetblackcloud> on a reboot with rescue, update-grub works without issue.
698[07:59:53] <jetblackcloud> but, during expert install phase, in the shell at the end, after the grub-install routines are run, update-grub hangs with nothing
699[07:59:58] <kreyren> jetblackcloud, interesting.. what grub-mkconfig is used on rescue distro? host or chroot?
700[08:00:14] <jetblackcloud> chroot
701[08:00:30] <kreyren> what kernel is used on host and chroot
702[08:00:31] <jetblackcloud> and it's hanging in chroot during initial install
703[08:00:46] <kreyren> did you tried to pass grub-mkconfig manually?
704[08:02:10] <jetblackcloud> same kernel. 4.19.0-5-amd64. tried running grub-mkconfig manually. same issue.
705[08:02:40] <deetwelve> themill: strange that the file i used to edit and comment out ipv6 would force all ipv4 binds. now anytime i run something its automatically binding to ipv6 which i dont want.
706[08:02:49] <kreyren> just to be sane: `sudo apt update -y && sudo apt upgrade -y && sudo apt dist-upgrade -y && sudo apt autoremove -y`
727[08:11:55] <deetwelve> its not that its not offering ipv4, its just a pain to have to define it. and currently i cant find the parms for caddy to bind to 4
728[08:11:58] <jetblackcloud> root in sh as well
729[08:12:09] <jetblackcloud> still hanging in bash
730[08:12:27] <kreyren> jetblackcloud, so bash works? if yes -> try executing it now
731[08:12:44] <themill> deetwelve: most daemons would listen on all available networks
732[08:12:48] <kreyren> jetblackcloud, also i would suggest you to verify checksum of installer in case it got corrupted
733[08:12:50] <jetblackcloud> kreyren: i did. update-grub is still hanging.
734[08:13:24] <kreyren> sounds like bug to me then.. so we can either try to fix the installer or you can check if it's corrupted
735[08:13:24] <jetblackcloud> installer is fine. verified on download. and "update-grub" works if i reboot in rescue mode and run it.
736[08:13:26] <themill> deetwelve: no idea what caddy is though -- it doesn't seem to be in debian?
737[08:13:36] <deetwelve> caddyserver.com
738[08:13:54] <jetblackcloud> something is locking it up.
739[08:14:13] <kreyren> jetblackcloud, try to nuke /boot/grub and reinstall it then followup with update-grub
780[08:35:54] <jetblackcloud> kreyren: that is hanging as well
781[08:36:02] <kreyren> O.o
782[08:36:32] <kreyren> theories: hugged up scheduler, glibc issue
783[08:36:55] <jetblackcloud> kreyren: this is with a fresh install
784[08:37:07] <kreyren> sorry i sent wrong logic try this: `if grep -qF /boot/{initrd.img,config,System.map,vmlinuz}-4.19.0-5-amd64; then echo "all gut"; fi`
785[08:38:46] <jetblackcloud> also hanging
786[08:38:53] <kreyren> elaborate hanging
787[08:39:09] <jetblackcloud> text drops to next line
788[08:39:14] <jetblackcloud> no blinking cursor
789[08:39:17] <jetblackcloud> nothing
790[08:39:21] <kreyren> wait you are using sh so it wont work since i'm using {something,something1}
791[08:39:22] <jetblackcloud> absolute stall
792[08:39:28] <kreyren> hm
793[08:39:41] <jetblackcloud> should i go back to bash
794[08:40:19] <kreyren> verify that there are config- , System.map-, vmlinuz-, initrd.img- suffixed with your kernel version in /boot
800[08:42:42] <jetblackcloud> kreyren: i'm at a loss as well. i read that os-prober may have been the issue. but, i've tried removing it in test runs and this still happens.
801[08:43:08] <kreyren> it would have some output without os-prober based on my experience
802[08:43:21] <jetblackcloud> oddly, if i just let the standard non-expert run through, it works without issue. and with stretch, this issue didn't happen with expert install.
803[08:43:40] <kreyren> and assuming that curl returns C function it seems like something wrong with glibc or it may be affected by you using tor, but i lack the experience in that area
804[08:44:11] <jetblackcloud> if i reboot and go into rescue mode, update-grub works fine once i mount and drop the shell.
805[08:44:13] <kreyren> jetblackcloud, i would suggest filing a bug report and provide info for reproduction
806[08:44:29] <epony> jetblackcloud you should read grep's man page
807[08:44:34] <jetblackcloud> ok.
808[08:44:53] <kreyren> epony, eh? i've provided that logic for grep
809[08:45:07] <jetblackcloud> maybe i'm missing something. let me give you basic steps.
820[08:46:39] <kreyren> epony, works on my system (tm)
821[08:47:07] <jetblackcloud> encrypted root in 3rd logical partition
822[08:47:13] <kreyren> jetblackcloud, uefi doesnt care about filesystem you can use any table based on my results
823[08:47:23] <epony> kreyren try with $ grep .
824[08:47:39] <jetblackcloud> go through expert install and get to point of asking to install boot loader. choose "continue without boot loader." drop to shell.
825[08:47:58] <jetblackcloud> mount the random requirements. chroot target.
910[09:10:35] <dpkg> friendlyGoat: Please pastebin the contents of your /etc/apt/sources.list and /etc/apt/sources.list.d/*.list. The easiest way to do this is to pastebin the output of: head -v -n -0 /etc/apt/sources.list{,.d/*}
911[09:10:52] <generic> dist-upgrade
912[09:11:39] <xbow> friendlyGoat: just try # rgrep -nie 'stable' /etc/apt
913[09:11:48] <jetblackcloud> kreyren: sorry, pts was being bitchy, not proc.
914[09:12:01] <xbow> friendlyGoat: this will show all occurences
971[09:38:33] <dpkg> First, check for a backport on <debian-backports>. If unavailable: 1) Add a deb-src line for sid (not a deb line!); ask me about <deb-src sid> 2) enable debian-backports (see <bdo>) 3) apt update; apt install build-essential; apt build-dep packagename 4) apt -b source packagename 5) dpkg -i packagename-ver.deb To change compilation options, see <package recompile>; for versions newer than sid see <uupdate>.
972[09:40:50] <Kon-> !bdo
973[09:40:50] <dpkg> backports.debian.org (formerly backports.org) is an official repository of <backports> for the current stable (see <buster backports>) and oldstable (<stretch backports>) distributions, prepared by Debian developers. Ask me about <backport caveat> and read replaced-url
974[09:41:16] <zamuro> Kon- You bored at home or something?
975[09:41:23] <zamuro> !flood
976[09:41:23] <dpkg> It's considered impolite to paste many lines of text on IRC. Please don't do it. Pasting one line is fine. Pasting two lines you can usually get away with. Pasting three lines will get you insulted. Pasting four or more lines will get you kicked. If you want to paste, ask me about <paste>
977[09:41:54] <Kon-> Well, I want to know if the "enable backports" step is required to build a deb from deb-src sid on a Testing installation
978[09:42:10] <at0m> Kon-: you can also /msg dpkg $factoid
985[09:43:20] <at0m> if the info is relevant to the discussion here, you can !factoid, if it's for single user there's "dpkg: tell $nick about $factoid"
986[09:44:01] <ratrace> what kind of policy does debian apply to firefox-esr; now with 68.0-ESR released can we ever expect that version (or perhaps the next ESR) in stable?
990[09:46:02] <ratrace> at0m: but 60.x.x (current esr) expires in october
991[09:46:31] *** Quits: dez (uid92154@replaced-ip) (Quit: Connection closed for inactivity)
992[09:46:44] <annadane> when esr goes EOL we'll see the new esr
993[09:46:59] <sedrosken> yeah they'
994[09:47:02] <sedrosken> erp
995[09:47:08] <sedrosken> they'll figure it out then i'm sure
996[09:47:11] <at0m> ratrace: for desktop use, feel free to use backports or testing/sid. on servers, it would become messy if automated (security-)updates changed functionality, let alone config syntax etc
1005[09:48:21] <ratrace> at0m: yeah i know but iam not asking about that
1006[09:49:15] <vsayikiran> hi i am debian buster+mate+lightdm user with 2 local accounts user1 and user2......I wish to setup each account with its own locale values. Such that all menus are displayed in their local language......currently locales are installed and env variables set up, but only default english is applied across all user accounts. Kindly help me in this regard.
1014[09:50:10] *** Quits: Codier (~user@replaced-ip) (Remote host closed the connection)
1015[09:51:30] *** Quits: yonder (~yonder@replaced-ip) (Remote host closed the connection)
1016[09:51:30] <ratrace> at0m: both stretch and jessie have upgraded to 60.x.x so iam assuming that as the debian policy for firefox-esr; just wasn't sure
1017[09:52:49] *** Quits: Space_Man (~Space_Man@replaced-ip) (Remote host closed the connection)
1018[09:52:51] <noln> Kon-, backports is for isntalling pre-built pkgs from testing on stable. It's not to be enabled on testing. To build a package, apt-get -b source
1019[09:53:05] <ratrace> ah and i can use flatpak too? how's flatpak support on debian?
1022[09:53:59] <annadane> for firefox specifically? i don't know
1023[09:54:04] <Kon-> Okay noln, thanks. That's what I assumed but was confused because the info bot said "2) enable debian-backports" was step 2 for building a package from sid source
1024[09:54:47] <Kon-> I guess the purpose of that is to make sure Stable users have the most up to date libs before compiling
1025[09:54:52] <ratrace> annadane: i meant in general, i guess individual flatpak packages just work if the framework works
1026[09:55:04] <annadane> i haven't heard any problems
1027[09:55:11] <ratrace> i'll give it a spin
1028[09:55:22] <annadane> in stretch they actually recommended you install from backports but no longer as of buster, obviously
1029[09:56:17] <annadane> which may or may not change as buster ages but i guess flatpak was new as of stretch?
1031[09:57:03] <noln> Kon-, the ssb factoid tells how to make a backport. In general, compiling is done against the distro libs: to compile for stable you use libs from stable, not testing.
1032[09:58:10] <noln> That's what makes a frozen release... frozen.
1033[09:58:41] <weedly> and then you chill
1034[09:58:46] <annadane> initial release for flatpak, september 2015, so... stretch was the first release to include it
1035[09:59:02] <annadane> so now that it's matured it's unclear whether one will want to use buster-backports for flatpak in future
1036[09:59:26] <annadane> well i suppose it might've been in jessie backports but you get the point
1037[09:59:28] <ratrace> depends on functionality wanted or required?
1038[10:00:05] <annadane> the only two things *i* noticed were syntax changes compared to the manual and the fact flatpak's website specifically recommended stretch users to use the backports version
1039[10:01:16] <ratrace> probably due to those early versions needing bugs ironed out
1042[10:03:55] <annadane> oh right jessie-backports is discontinued anyway
1043[10:04:03] <annadane> was wondering if it'd show up there or not
1044[10:04:39] <noln> flatkill.org and other interesting articles discuss security problems of flatpaks et similia. Some are even inherent to the idea of a "bundled application image".
1045[10:06:41] <weedly> thats what you use to distro trojans
1046[10:07:31] <weedly> vul lib bundled in PROFIT
1047[10:07:45] <weedly> NSA lovers it
1048[10:08:50] <annadane> i've seen that and related discussions and i'm still pretty comfortable using flatpaks, but make up your own mind
1050[10:09:08] <ratrace> that's a rather old fud site; most of those arguments are not specific to flatpak packaged software; besides containers never were security frameworks as one needs something like selinux to secure them
1051[10:09:20] <annadane> that being said i use them for one package and not 20 of them
1052[10:09:45] <ratrace> it's good to have them should one need something unavailable regularly
1055[10:12:24] <annadane> i need to go over the manual more some day, there's a *lot* of behind the scenes stuff functionality that's easy to gloss over
1059[10:13:48] <annadane> i'm also honestly getting a little tired of "could execute arbitrary code" when the likelihood of it happening for any given vulnerability in any program is 0.00000000001%
1062[10:14:15] <annadane> i mean that's an exaggeration but still
1063[10:14:30] <noln> the point is that sandboxing is done by using a different uid and Xorg anyway, anything else is escapable by definition. Containers are meant to be secure as long as uid 0 is not mapped inside the container.
1075[10:19:04] <annadane> i think given a choice you probably should use something other than flatpak (for various reasons) but they're a good resource i suppose
1076[10:19:30] <annadane> whether flatpak is ESPECIALLY a security nightmare compared to other containerizations... i don't know
1077[10:21:01] <ratrace> on fedora at least it is secured by selinux
1078[10:21:03] <weedly> flatpak should run virtualized
1086[10:22:34] <jaggz> how do I scan networks (using a wifi-radar) when the wifi manager is using the device?
1087[10:22:55] <jaggz> I think I used to be able to use it, intermittently or something -- it used to figure out a way to access it, or find some window of time?
1088[10:23:03] <jaggz> but now, no matter what, I get "Device or resource busy"
1093[10:25:31] <annadane> "It is recommended to run such applications under a Wayland session that provides real isolation between graphical applications, unlike X." replaced-url
1116[10:43:47] <LinuxGuy2020> I was wondering if I use the program Timeshift to make a snapshot of my stable installation and then I upgrade to the unstable branch, can Timeshift effectively take me back to stable if I restore the snapshot?
1174[11:24:03] <kojibka> I've sticked to Buster since initial 'testing' time. Starting from March or May I could not get any updates except 3-rd party software due to it's Frozen state. Now as it is 'stable' I still could not update/upgrade it. Does it mean my system is in full order? I did try # apt-get update --allow-release-change , no luck so far. My ' /etc/apt/sources.list' : replaced-url
1216[11:47:10] <Tom-_> your sources.list looks fine. what is the symptom exactly?
1217[11:47:11] <Tom-_> !ask
1218[11:47:12] <dpkg> If you have a question, just ask! For example: "I have a problem with ___; I'm running Debian version ___. When I try to do ___ I get the following output ___. I expected it to do ___." Don't ask if you can ask, if anyone uses it, or pick one person to ask. We're all volunteers; make it easy for us to help you. If you don't get an answer try a few hours later or on debian-user@lists.debian.org. See <smart questions><errors>.
1220[11:49:13] <humpled> looks to me like one of the security lines should be uncommented
1221[11:49:13] <kojibka> Tom-_: #diogenes_: stated it right. All was commented out. That was surely not me. Probably some Buster transition bugs. All I did was follow wiki page above and all set back to normal
1222[11:49:50] <kojibka> Have no idea how it could happen!
1223[11:50:03] <humpled> the main line at the bottom won't give any upgrades until the next point release i guess
1224[11:50:08] <Tom-_> me neither, unless it was always commented out and you were really using some other sources file
1225[11:50:16] <Tom-_> but humpled is right, you should include security updates
1246[11:58:08] <dutchfish> one more thought, when you come from stretch is, sudo apt dist-upgrade, so all newer is pulled in, when apt/source.list is correct.
1251[12:01:12] <kojibka> dutchfish: Buster present on my system since it was 'testing' - almost from the first day. More then 1 year by now.😀️
1252[12:02:00] <kojibka> All this mess started the time is was declared 'Frozen-state'
1253[12:02:39] <kojibka> Anyway it is OK for now
1254[12:02:55] <kojibka> Thanks to developers!
1255[12:03:27] <dutchfish> kojibka, i have the same going on, still, after dist-upgrade it updated the sources.list automagically to stable. as is yours now. Of couse, after Buster was released.
1256[12:03:51] <dutchfish> kojibka, and apt got updated in the process.
1257[12:04:56] <dutchfish> kojibka, it tested both ways 1. Buster testing -> Buster stable. 2. Stretch upgrading to Buster, after Buster was released.
1263[12:06:34] <kojibka> dutchfish: For me 'buster' instead of 'testing' in 'sources.list' kept me safe from any other problems. This should give a rough idea to developers. May be it's time to avoid 'old-stable' , 'stable' and 'testing' in 'sources.list'? What do you think? As soon as release got upgraded there's a lot of confusion over veteran-noobs like myself!
1314[12:16:10] <zophyx_> wow, a gnome/debian store is a good idea
1315[12:17:02] <kojibka> zophyx_: !)
1316[12:17:43] <nope> Hi. when the computer sleeps the audio seems to change from hdmi/displayport to digital output. This is on buster gnome. Is there any way to make it stick to hdmi?
1353[12:33:02] *** Quits: makinazo_ (~makinazo_@replaced-ip) (Remote host closed the connection)
1354[12:33:11] <daifuco> Hi. when the computer sleeps the audio seems to change from hdmi/displayport to digital output. This is on buster gnome. Is there any way to make it stick to hdmi?
1360[12:36:24] <mathieu> daifuco: I had the same issue, this is annoying and I finally disable the analog jack device directly in the bios to leave the HDMI as the sole sound output
1361[12:36:42] <zophyx_> daifuco, you might have to find a way to run script on wakeup to correct that behavior
1367[12:40:04] <mathieu> humpled: no just an option that enable a device to be default and stays default even if another is connected and even if it is temporary disconnected
1369[12:41:03] <mathieu> it has to be coded in junction between the UI setting and the sound server, that might be the reason why it is not yet implemented
1370[12:41:35] <mathieu> I have an issue with a newly installed buster (w/ Gnome), the log application does not have privilege access to system log. I prefer to ask before making a mistake, what privilege I have to modify to fix this problem?
1373[12:44:11] <mathieu> The help is descriptive about the privilege scheme and how it works but is not specific to what group the admin user should have access to
1381[12:47:51] <daifuco> thanks mathieu and zophyx_ , i tried the on wake script on ubuntu but i cant remember if it worked, ill check disabling the analog audio
1441[13:26:04] <MTB2019> using debian9. on chrome there is a script on acertan websites(newspapers) with the "accept cookies click OK" message... that makes the browser freeze for like 2 minutes. whois is very inconvenient as u can imagine. any clue how to fix this ?
1443[13:32:22] <_Vi> Why `gpg2` can generate a detached signature, but `gpg1` says "secret key not available". Previously "aplty publish" worked, but after update to buster it doesn't.
1480[13:51:10] <themill> _Vi: apt uses gpgv to verify signatures, not gpg. In principle, you can use either gpg1 or gpg2 to make the signatures, just that aptly hadn't caught up with the fact that everyone had moved on from gpg1 already
1495[13:58:04] <themill> _Vi: if the aptly you have will instead run gpg2 and work, then you could remove the gpg1 package and pretend that it is installed with equivs.
1496[13:58:06] <themill> !equivs
1497[13:58:07] <dpkg> equivs is a package that enables you to create dummy packages that tell <apt> you really have installed (through some other means) the package. apt install equivs, and read /usr/share/doc/equivs/*, see also <usrlocal>. A better plan is often to adapt the Debian packages to your needs, ask me about <package recompile> <uupdate> <ssb>.
1498[13:58:29] <themill> (Note that when using equivs and things break, you get to keep all the pieces)
1499[13:59:11] <_Vi> `apt-get remove gnupg1` simply removed this one package. `aptly upload` works after that.
1505[14:00:48] <themill> (This is basically the standard failure mode of having both gnupg1 and gnupg2 installed, and it's not clear that there is any way of fixing that)
1506[14:01:13] *** Quits: BlueByte (~walther@replaced-ip) (Quit: This computer has gone to sleep)
1507[14:01:33] <terr_> she is 65
1508[14:03:18] <jelly> terr_, you probably wanted #debian-offtopic not #debian
1531[14:15:16] <jelly> NetTerminalGene, it does not seem to be configured as resolver by default. It starts, listens on all interfaces, does not answer dig google.com @127.0.0.1
1535[14:17:54] <jelly> NetTerminalGene, unless you have specific reasons to use Bind, there probably are better options for a local recursor. unbound or pdns-recursor come to mind
1540[14:20:09] <jelly> terr_, most of what you're writing does not seem to be coming through. If you're asking for tech help, make sure to read what your irc client is doing.
1555[14:28:38] <NetTerminalGene> jelly, dig A gnu.org @127.0.0.1 gives me output and 0 query time. does it work? but my /etc/resolv.conf shows the dns address i used before
1558[14:30:18] <jelly> NetTerminalGene, I have no idea how bind9 integrates with resolvconf these days. See if there's a service missing. See if there's a README.Debian in /usr/share/doc/bind9/
1580[14:38:00] <NetTerminalGene> it can connect sites
1581[14:38:46] <themill> MTB2019: you can install the firmware-misc-nonfree package as it contains some of those firmware blobs. You may or may not actually need those blobs for your hardware, of course.
1722[16:17:26] <Antioch> Hello. I've used rsync to copy a set of files/folders from HostA to HostB, moved and renamed things on HostB and want to sync the changes back to HostA. It appears that rsync cannot simply move and rename files, and instead wants to copy all the changed files/folders back leaving me with two copies on HostA. Is there any other tool I can use that will simply move/rename files as necessary on HostA without leaving me with two copies?
1723[16:18:13] *** Quits: amphiprions (~amphiprio@replaced-ip) (Remote host closed the connection)
1724[16:18:45] <themill> rsync can clean up the second copy (--delete options) but it will still do the transfer again. rsync is not a good tool for bidirectional syncing
1726[16:19:16] <maze88> Hi, I am getting a new laptop, what would be better, generally, and specifically for using with Debian - Dell Latitude 7300 or Thinkpad X390?
1727[16:20:21] <flipxyz> I really like thinkpads and never had any problem with it in terms of linux
1728[16:20:31] <Antioch> themill, what alternative do you suggest for this use case?
1729[16:20:33] <flipxyz> So I would X390
1730[16:20:37] <petn-randall> maze88: Thinkpads are known to run well on Linux in general. Don't know much about that Dell model. But if you do a quick internet search of "Dell Latitude 7300 Debian" you'll likely find some blog post of any issues that showed up.
1731[16:20:45] <tiggster79> maze88, either would be great, but Thinkpads are legendary for their Linux compatibility.
1734[16:21:26] <silver_hook> After updating to Buster, does it make sense to purge the older PHP and Postgres versions? And if so how do I do that?
1735[16:21:28] <themill> Antioch: I like unison for such things but it's far from perfect. git-annex can work well if you're syncing via some sort of repo
1736[16:21:33] <oiaohm> petn-randall: dell it depends on the model
1737[16:21:47] <oiaohm> petn-randall: and configuration of that model.
1738[16:22:00] <maze88> what do you mean by configuration of that model?
1739[16:22:02] <tiggster79> Plus Thinkpads are just awesome! My Thinkpad X280 is the nicest computer I've ever owned.
1740[16:22:06] <petn-randall> silver_hook: You likely want to migrate any database over before removing old postgres.
1741[16:22:16] <vsayikiran> maze88: I run buster on Dell latitude D520, 500gb HDD 7200rpm, 1GB DDR2 RAM...purchased in 2006
1742[16:22:49] <sysmox> lenovo has a poor linux support IMHO, don't know about DELL
1743[16:22:53] <oiaohm> tiggster79: the new thinkpads not so much they are starting to go the route of built in battery.
1744[16:23:00] <vsayikiran> since 2007 from time of debian 4.0(etch) and until now 2019 still working fine
1745[16:23:21] <tiggster79> If you want to go Dell, the XPS 13 is probably the best bet if you want full Linux support
1746[16:23:26] <oiaohm> sysmox: again with lenovo it depend model. Lenovo does make some models intentionally with Linux support.
1758[16:27:26] <tiggster79> maze88: I guess that depends on what you're looking for. They still are extremely durable and have amazing keyboards. If your goal is primarily expansion and upgrades, they have certainly slipped in that regard
1759[16:27:29] <maze88> I think I am veering towards Dell, I 'feel' I believe in them more then..
1760[16:27:35] <adfeno> After building a package using sbuild, I now have .DEB files, but how do I install them in my sbuild chroot / schroot ?
1761[16:28:20] <tiggster79> maze88, honestly you won't go wrong with either
1762[16:28:22] <sysmox> Under Linux, different Lenovo models have what's called Thermal Throttling (CPU capped), plus, also some models affected by fan noise because of turbo boost stays at 4GHz in idle. Lenovo solution is powershell commands.
1763[16:28:53] <themill> adfeno: if you want to do that permanently, then enter the chroot and install them. If you want them available to apt as build-deps on a future build, then make a local apt repo
1764[16:29:01] *** debhelper sets mode: +l 1558
1765[16:29:38] <oiaohm> sysmox: 2019 ThinkPad P-series from lenovo ship with Ubuntu installed out box. It really does depend on the model.
1766[16:29:41] <maze88> powershell commands? that doesn't sound linux-y to me! ):
1767[16:30:01] <oiaohm> sysmox: and of course those are not using powershell hacks or any other hacks.
1772[16:31:57] <adfeno> I must go now, I'm in a hurry. Thank you all ! :D
1773[16:31:57] <sysmox> oiaohm: yes, some modes might be great, AFAK, none of them support fingerprint reader under linux (it might have changed, though)
1780[16:36:23] <NetTerminalGene> guys, i installed "bind9 bind9utils bind9-doc bind9-host" packages. i want to remove them, but it wants to remove core gnome packages too. how can i remove these packages without removing other packages?
1786[16:39:13] <themill> NetTerminalGene: bind9-host is required; you can't remove it
1787[16:39:21] *** sdx is now known as Guest41830
1788[16:39:40] *** Quits: gangwan (~gangwan@replaced-ip) (Remote host closed the connection)
1789[16:39:46] <sourcream> xbow, I need to ban proxies when detected. Does /etc/hosts update real time or requires restart?
1790[16:39:57] <NetTerminalGene> themill, thanks
1791[16:40:33] <xbow> sourcream: no restart required
1792[16:40:57] <sourcream> xbow, so it updates right away after its modified?
1793[16:41:05] <sourcream> Also what if there is bunch of lines
1794[16:41:08] <sourcream> like thousands?
1795[16:41:13] <petn-randall> sourcream: Adding things in /etc/hosts just changes the DNS resolution. If you want to blackhole IP addresses, you'd do that with `ip route`.
1802[16:42:25] *** Quits: daifuco (~daif@replaced-ip) (Remote host closed the connection)
1803[16:42:34] <petn-randall> sourcream: You'll need something to set it up permanently. Either script it, or use shorewall (or many other tools for the job).
1804[16:42:37] <_abc_> Hello. Is there a debian package for gradio? I can only find sources and mint/etc packages. replaced-url
1805[16:42:41] <xbow> sourcream: depends what you want to do...
1820[16:46:34] <petn-randall> sourcream: If the xbox doesn't do a DNS lookup, the connection will go straight through when using /etc/hosts. So setting a nullroute or rejecting packets is the safer option.
1821[16:47:05] <sourcream> petn-randall, oh okay I see!
1839[16:52:03] <sourcream> petn-randall, okay! Oh yeah I got you. But also is this null routing most efficient way to drop unwanted traffic from ip addresses?
1840[16:52:11] <sourcream> tds, hmm il google
1841[16:53:12] *** Quits: yagi (~yagi@replaced-ip) (Remote host closed the connection)
1845[16:55:58] <tds> if you want most efficient, dropping as early as possible (ie iptables raw/prerouting, or maybe with tc/nft) is probably what you want
1847[16:56:27] <tds> and use ipsets if you want to drop many things with quick hash based lookups
1848[16:56:54] <tds> if you need to drop an awful lot of traffic, you might also want to look at dropping directly on NICs
1849[16:57:20] <silver_hook> petn-randall: I already did the migrations. Just wondering if it makes sense for security reasons to clean up older versions of binaries
1850[16:57:47] <jelly> dob1, that's a VERY good question
1851[16:58:28] <jelly> my znc users definitely do not have sudo-to-root rights
1904[17:21:24] <dob1> I mean, I want to encrypt the connection between my pc and the pc where is running the bnc, even if they are on the same network. I was thinking to use a self signed cert.
1905[17:21:37] <jelly> dob1, yes, but I also access it only via vpn.
1910[17:23:54] <tsujp> hey guys I am trying to set up an ssh tunnel from localhost, through the jumpbox host1, to the bastion host2 but it's not working. I use ssh keys for this, here's the command I am using, does anyone have any ideas?
1922[17:28:28] <jmcnaught> tsujp: do you know about ProxyJump (man ssh_config) and its commandline shortcut -J (man ssh)? You can probably simply do 'ssh -J user@host1 user@host2'
1923[17:28:47] <jmcnaught> tsujp: Also why log in as root, especially on the jump host?
1928[17:29:53] <tsujp> It needs to be a tunnel though because I want to run commands locally and have those hit the endpoint on host2, e.g. curl localhost:7007 and have it return the webpage on host2 and not my local machine
1951[17:37:49] <tsujp> Right, well let's just use ProxyJump for now because working > not-working
1952[17:38:01] <tsujp> How do I bind my localport say.. 9999 to the target host machine's port 9999
1953[17:38:14] *** Joins: kale (~kale@replaced-ip)
1954[17:38:23] <tsujp> So that I can view a website in my localbrowser, or do things like "curl localhost:9999" on my local machine and get the response from the server running on host2
1961[17:47:16] <tsujp> Okay so I've got this working `ssh -J jump,host1 host2`
1962[17:47:36] <tsujp> But I don't want to actually ssh into the machine, I just want the tunnel, so I tried adding `-D 7007` but that doesn't work. Am I doing something wrong?
1963[17:47:47] <tsujp> I want to access 7007 on host2 from my localmachine (for development purposes)
1964[17:48:10] <rudi_s> tsujp: -L ?
1965[17:48:36] <vsayikiran> I wish to install flash plugin from adobe website in firefox. installation guide says to copy libflashplayer.so file to default plugins directory.....which is that directory?
1966[17:49:27] <jmcnaught> tsujp: yeah did you try "ssh -J user@host1 -L 7007:host2:7007 user@host2"
1968[17:49:55] <tsujp> I need the jump there also jmcnaught
1969[17:50:17] <tsujp> Hmm -L 7007:host2:7007 says it's already bound, so I set it to some random 9999 and it says it's also bound so something is going wrong there rudi_s
1971[17:50:28] <jmcnaught> tsujp: that's what the -J was for in my command
1972[17:51:15] <Rust3dCor3> Hi. Anyone know a nice prog. for replaygain editing for mp3 files for buster? I was using mp3gain and easymp3gain in the past.
1973[17:51:26] <tsujp> You've only got host1 and host2 in yours though but I need jump, host1 and host2 jmcnaught
1974[17:51:29] <noln> vsayikiran, should be .mozilla/plugins create it if it doesn't exist
1975[17:52:10] <jmcnaught> tsujp: there are three hosts involved?
2012[18:13:25] <jmcnaught> NetTerminalGene: you have 127.0.0.1 in /etc/resolv.conf? Is it still there, is anything else there? How did you 'see ISP DNS?'
2013[18:14:14] <tsujp> okay jmcnaught I've got that but now I get curl: (56) Recv failure: Connection reset by peer
2018[18:15:04] <tsujp> I want to run this curl curl -X POST -H "Content-Type: application/json" --data '{"jsonrpc":"2.0","method":"web3_clientVersion","params":[],"id":67}' replaced-url
2024[18:18:53] *** Quits: Roedy (Roedy@replaced-ip) (Quit: See you IRL!)
2025[18:19:01] *** debhelper sets mode: +l 1564
2026[18:19:02] <jmcnaught> tsujp: with this command I only have keys on the local computer: 'ssh -J host1.example.org,host2.example.org -L 8080:target.example.org:80 host3.example.org' then if I go 'telnet localhost 8080' I am connected to port 80 on target.example.org
2060[18:40:12] <jmcnaught> tsujp: sorry I don't now what's going wrong without seeing the commands you're using. Maybe there is a problem with network or DNS configuration?
2114[19:11:56] *** Quits: tiggster79 (~stephen@replaced-ip) (Remote host closed the connection)
2115[19:14:25] <n-st> i'm trying to chroot into an old wheezy installation (3.16 kernel) from a live iso with kernel 4.19, and bash and zsh segfault immediately
2116[19:14:29] <n-st> is there anything i can do about that?
2117[19:14:46] <ChmEarl> n-st yes
2118[19:15:00] <petn-randall> srged: That's not a bad idea, though totally unrelated to your issue.
2238[20:42:44] <seekr> Does anyone here have experience using Clonezilla and/or other techniques for cloning a partition? I want to move my installed system to a new machine.
2310[21:27:12] <somiaj> debian-user: oh that is the desktop or filemanager app inside the desktop
2311[21:27:19] <debian-user> xdg?
2312[21:27:21] <moritz> Hi all. I've upgraded my server from stretch to buster, and now a systemd service that starts a docker container fails with: "Failed to trim compat systemd cgroup /system.slice/tau-alert.service: Device or resource busy"
2313[21:27:21] <debian-user> goddamnit
2314[21:27:28] <moritz> what does that mean, and how do I fix it?
2315[21:27:34] <debian-user> okay, thank you, greatly appreciate that
2316[21:27:45] <somiaj> debian-user: for those of us who don't use desktops, the files Downloads, Desktop, etc will not be created.
2317[21:28:05] <debian-user> i just hate the bloody capitalization
2318[21:28:10] <debian-user> i'm not a windows user, i can read
2319[21:28:30] <annadane> so mv /home/debian-user/Downloads /home/debian-user/downloads
2320[21:28:36] <debian-user> aha! there it is. thank you kindly
2321[21:28:47] <petn-randall> Huh? Capital letters are a thing on Linux filesystems.
2323[21:29:24] <debian-user> petn-randall: seriuosly? you seriously typed that?
2324[21:29:25] <somiaj> its more the xdg (freedesktop.org) standards and desktop files. I agree, I think they are silly, but then again I don't use a desktop so they usually aren't a problem for me
2325[21:29:30] <debian-user> cmon
2326[21:29:33] <somiaj> though I get annoyed at xdg apps that create them.
2327[21:29:36] <debian-user> you know what i am actually saying
2339[21:32:05] <somiaj> I would try to keep your comments on actuall support and not adding noise and agression to those trying to help
2340[21:32:27] <petn-randall> this ^
2341[21:32:31] <debian-user> i only dish it out in equal amounts
2342[21:32:50] <debian-user> petn-randall is welcome to not say anything if it isn't useful either
2343[21:32:58] <somiaj> and either you need to learn how to deal with xdg (I don't think there is much way around it at some level) or just avoid the desktop enviroments and build your system up from a simple window manager.
2346[21:33:10] <somiaj> debian-user: you are the only one dishing anythying out.
2347[21:33:15] <debian-user> somiaj: i agee *nod*
2348[21:33:30] <debian-user> well not on the last part but whatever
2349[21:33:39] <debian-user> i appreciate the heads up on xdg
2350[21:33:47] <mq> can somebody help me understanding processes/scripts and the "ownage" of them?
2351[21:34:03] <jmcnaught> moritz: can you show the service unit that is having the problem (with systemctl cat <unit>) and the systemctl status output from it?
2352[21:34:37] <somiaj> mq: in *nix, all files and thus process have a user who 'owns' the file or process.
2353[21:34:52] <mq> wait, i'll start over again: Is a script that is run by systemd owned by root?
2354[21:34:55] <somiaj> mq: in addition files (and process) have permissions on what can be done via a 'group' and then 'eveyone'.
2355[21:35:19] <mq> somiaj thanks. I think i mixed up some terminology here
2356[21:35:21] <somiaj> mq: not generally, root can run a process as any users, so systemd will start many processes as an appropriate user. Only some are actually run by root in the end.
2365[21:36:49] <somiaj> mq: so though the systemd unit/service is run by root, the process it forks (or creates) may be run by a different user. For example the apache process is run the the replaced-url
2381[21:39:07] <elm_> what do I need to do to still get updates from buster as it has been turned from testing to stable?
2382[21:39:09] *** Tom_- is now known as Tom-_
2383[21:39:12] <somiaj> You haven't described your actual task, but systemd uses unit files which can launch commands (or other scripts)
2384[21:39:25] <somiaj> but systemd is not like sysv which uses a lot of scripts, it uses unit files, and most things can be done with just the unit file.
2385[21:39:37] <annadane> elm_, you can set up unattended upgrades or subscribe to debian-security@lists.debian.org and run those updates manually
2388[21:40:01] *** Quits: ghoti (~paul@replaced-ip) (Read error: No route to host)
2389[21:40:03] <somiaj> also depending on the script, what you want it to do, a unit filie/systemd may not be the appropriate place for such things (user scripts can be run in different placese)
2391[21:40:40] <elm_> annadane: isn´t there a simple command I can enter to continue with user invoked updates?
2392[21:40:49] <somiaj> elm_: provided you have 'buster' in your sources.list and include the standard buster, buster security and buster updates (pre point release updates) in your sources.list, nothing, just upgrade as normal.
2393[21:41:01] <annadane> !buster sources.list
2394[21:41:01] <dpkg> A suitable /etc/apt/sources.list for "Buster" has three lines: "deb replaced-url
2395[21:41:05] <somiaj> if you use 'testing' in your sources.list, you might not be running buster anymore.
2396[21:41:06] <mq> somiaj: i would like to run a simple shutdown script, but every unit-file i created did either work not at all or if so it seemed unstable and didn't work after some time
2397[21:41:25] <somiaj> mq: simple shutdown script that does what?
2398[21:41:55] <somiaj> sounds like you need to read up on systemd docs on unit files and how configure a unit file to execute a certain script/command at shutdown.
2399[21:42:10] <somiaj> (I'd have to read up on it myself, as I don't write many shutdown specific scripts)
2400[21:42:24] <jmcnaught> moritz: that is curious. I would ask in #systemd if you don't get an answer here, in that channel you might need to be patient while it's still the weekend though
2401[21:42:33] <mq> somiaj: i've read them serveral times and i am looking for a simpler way. The script should send a shutdown command to another machine using client based ssh-key authentication.
2405[21:44:04] <mq> somiaj i managed to do this with a systemd-unit once or twice but it was allways buggy
2406[21:44:14] <somiaj> mq: and you want this shutdown request to happen everything machine A is shutdown, what about restarted (since it does go through a shutdown process)
2412[21:45:18] <somiaj> elm_: user invoked updates? You shoudln't have to change anything once buster was released and continue update/upgrading normally.
2413[21:45:27] <somiaj> (provided you use 'buster' and not 'testing' or now 'stable' in your sources.list)
2414[21:45:56] <moritz> jmcnaught: ok, thanks. I'm writing a bug report first
2415[21:46:03] <somiaj> mq: that does change things, because systemd will run shutdown scripts even with a restart.
2418[21:46:27] <somiaj> mq: maybe just write a custom shutdown script that shutsdown all the machines and run that vs trying to automate it via systemd.
2419[21:46:44] <noln> elm_, yw. Next time don't assume we know what's the problem, take the time to write a one-liner with your cmd and the error msg
2428[21:49:18] <somiaj> mq: that is one way to do it, you have to kinda anaylize your use case to see what is most affective for you, but a custom shutdown script that triggers shutdown on all machines you want at once might be more useful, than having a service automatically do this each shutdown.
2431[21:49:56] <somiaj> again this isn't a use case I'm familar with so I dont' really have any better suggetions. Either learn systemd well enough to know what targets you need to reference and have it be automatic, or just write a separte shutdown script.
2432[21:50:09] <somiaj> I also think there are often tools for managing multiple machines that may have this functionality built in.
2434[21:50:33] <somiaj> mq: just out of curiousity, why do you need one machien shutdown to trigger another, are these machiens linked via host/guest and vms?
2435[21:50:41] <mq> somiaj: thanks! My initial concern was that there are troubles with authentication scince i haven't really found a way to test it.
2436[21:51:12] <somiaj> provided you have the keys setup correctly it should work.
2438[21:52:18] <mq> somiaj: the command/script works perfectly when i run it as root in a shell. One machine controls the power of the other machine so the second one needs to shutdown simultaneausly/slightly before the first one.
2439[21:52:29] *** Quits: earend1 (uid170954@replaced-ip) (Quit: Connection closed for inactivity)
2446[21:55:47] <somiaj> provided there isn't some way the machine will trigger shutdown without you initiating it, you could just manually run the script
2447[21:56:10] <somiaj> though it appears you can configure systemd to do this, you just have to make sure you configure it right, seems it is possible, just not something that is that standard so could take some testing
2449[21:58:04] <mq> somiaj: ok. I thought /usr7lib/systemd/system-shutdown was intended for exactly those things scince it is easyer though. anyhow it doesn't work that way either.
2463[22:02:23] <somiaj> yup, which is why the examples in that stackexchange link run /bin/true at start, and then something at start down.
2464[22:02:39] <somiaj> the part that takes some work is ensuring it is run at the correct time (and maybe only run via an actual shutdown and not restart)
2465[22:02:55] <mq> jmcnaught: yes i am (sort of) familiar with this but it doesn't seem reliable
2466[22:03:14] *** Quits: conta (~Thunderbi@replaced-ip) (Remote host closed the connection)
2476[22:06:56] <mq> i only know that sshad disabled root-login completely at some point and i was wondering if there were any known changes regarding rsa authentication.
2483[22:08:27] <jmcnaught> mq: root logins aren't completely disabled by default, only with passwords. Key based authentication still works for root, and it's all configurable in /etc/ssh/sshd_config
2484[22:08:38] *** Quits: Thedarkb1-T60 (~Thedarkb-@replaced-ip) (Remote host closed the connection)
2494[22:13:45] <somiaj> there are also ways to setup keys to only run certain commands, if you want extra secruity you can limit what a key is actually allowed to do. For example I have keys that are only allowed to run rsync as root, they can't actually login and they can only pull data (not push)
2510[22:22:20] <mq> somiaj: i only log in as user and excepted the shutdown command in the sudoers-file on the remote machine. But that's interesting too.
2518[22:26:36] <mq> wait: as long as i'm here: i could technically place the unit in network-online.target.wants with ExecStop=myscript and OneShot=False, right?
2609[23:13:51] <BazookaTooth> n0a110w: the really slick screensavers ports for xscreensaver possibly. rss-somethingorother? haven't used those in ages so not sure of the current deb name