7[00:07:44] <ryouma> bolt: but wouldn't that make the man page a little misleading? i.e. if you're not root, you're not going to experience reduced fragmentation at all?
8[00:08:09] <ryouma> (inb4 i know fragmetnation is rare but i also konw it occurs, not trying to start that debate)
9[00:08:32] <ryouma> i'm referring to a case where the disk is always near 100-m%
41[00:29:13] <dankbc> an sed question - i have a text `testA: \n some words cookie:cookievalue some more words\ntestB cookie:cookievalue some words\ntestC...` i want to "extract cookievalue (that always comes after `cookie:`) which comes after testB and before tectC". is it possible to only use sed to define this kind of after-before "scoping" and search/extract term
277[03:38:20] <kingsley> root$ mount /dev/sr0 /media
278[03:38:37] <kingsley> doesn't complain with...
279[03:38:50] <kingsley> mount: /media: wrong fs type, bad option, bad superblock on /dev/sr0, missing codepage or helper program, or other error.
280[03:38:52] <kingsley> ?
281[03:39:01] *** debhelper sets mode: +l 1534
282[03:39:26] <annadane> NetGirl, "man iptables"
283[03:39:45] *** Joins: Immanuel (~Manu@replaced-ip)
284[03:39:52] <annadane> NetGirl, or the arch wiki is also generally a good resource, just cut out the arch specific things you don't need. or use the debian wiki
285[03:40:01] <annadane> or any other sources of online documentation
286[03:40:04] <dvs> first, apt install iptables
287[03:40:16] <annadane> yeah installing it first helps.
303[03:45:33] <dpkg> extra, extra read all about it, su is switch/set user. It is used to change User ID's and/or gain super user access. Since Debian Buster, "su -" or "su -l" is needed to access programs located in /sbin. It provides an root environment as if the superuser had logged in directly. See "man su".
329[04:00:39] <kyle__> stupid question about how wms are setup/managed by lightdm by default in debian9: should it be offering you the installed wms in a dropdown on login, or is your choice config file based?
331[04:03:09] <NetGirl> have you restarted the dm? I don't know about lightdm specifically .. but I'm using it and it lets me chose
332[04:03:13] <NetGirl> I think.
333[04:03:17] <NetGirl> yeah, it does.
334[04:03:21] <kyle__> Yeah, I restarted it.
335[04:03:45] <kyle__> I wonder if it's some non-standard alteration they made for the debian release for pine64.
336[04:04:17] <NetGirl> gdm lets you chose desktop, lightdm has to be configured it seems
337[04:04:23] <NetGirl> judging from various screenshots
338[04:04:40] <NetGirl> actually.. check this out: replaced-url
339[04:05:01] <annadane> the thing with the su man page is that it tells you "use --login instead of -" but then in the options section it tells you they all do the same thing
375[04:12:24] <McErroneous> Hi, i am on a debian-based system, and my "mouse" keeps printing error-messages in a regular interval....... disturbing my ongoing tty "work"..., how do i redirect mouse errors that look like output from dmesg ?
376[04:13:24] <dvs> !debian based
377[04:13:24] <dpkg> Your distribution may be based on and have software in common with Debian, but it is not Debian. We don't and cannot know what changes were made by your distribution (compare replaced-url
382[04:14:39] <rue_mohr> everyone knows that hardware problems ultimitly get dumped on the software people to be sorted out
383[04:15:13] <McErroneous> I just need the messages to go somewhere , but not blowing up in my face while looking at the tty...
384[04:15:36] <kadiro> get another mouse
385[04:16:42] <McErroneous> Wow..., kadiro is a software engineer that solvs problems by just buying new hardware...
386[04:16:58] <kadiro> thank you :)
387[04:18:15] <McErroneous> nice trick..., next time if there is a "Houston we have a problem"-problem occurs.., , just tell them to get a new hardware..., instead of crying ....
395[04:20:26] <kyle__> There is a .desktop entry for i3 in /usr/share/xsessions, which from what I've read _should_ be where lightdm and other modern dms look for desktop sessions
404[04:22:58] <xormor> anything special I need to know about the Chromium OS (of Chrome Box) I use? I installed Linux Beta and it has a full-fledged Debian oldstable stretch 9.11, because I installed it. So it is a Debian, not a derivative, I think.
440[04:34:07] <rue_mohr> W: Download is performed unsandboxed as root as file 'freecad_0.18~pre1+dfsg1-5.dsc' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
485[05:05:32] <rue_mohr> so the error is specifially designed to prevent people from doing it as root and make them switch back and forth between users to achive one process!
494[05:15:30] <kadiro> Casper26, I didn't read all the content of your xsession errors file but i would suggest to see this link maybe it has something can help: replaced-url
495[05:15:50] <rue_mohr> Could not open file freecad_0.18~pre1+dfsg1-5.dsc - open (13: Permission denied) [IP: 207.210.46.249 80]
496[05:15:57] <rue_mohr> ^^^ when I did apt-get source as a user
534[05:28:02] <themill> For a brief period in the 1990s, people though throwing the kernel source code there made sense. They realised it didn't.
535[05:28:21] <themill> They even documented that in the FHS for you.
536[05:28:39] <rue_mohr> so I should litter the user directories with it?
537[05:28:54] <rue_mohr> like, home directories?
538[05:29:11] <themill> You should have a sensible place for source code that does not require you to interact with source code and compilers as root.
539[05:29:18] <karlpinc> rue_mohr: I'm not the best person to speak about this but a good approach to compliation on debian is to use debootstrap to create a chrooted environment in which to build. You can then install in that chroot the *-dev packages needed for compliation and then go on to build as a regular user.
540[05:30:00] <karlpinc> rue_mohr: When done you can take the result (often a .deb file) and install that out of the chroot. And cleanup is easy. Delete the chroot.
541[05:30:40] <rue_mohr> I compile all my programs to an a.out and put them in their on directory under the program name in /usr/local/bin
542[05:30:40] <karlpinc> rue_mohr: That way you don't wind up with lots-o-*-dev packages installed on your system.
543[05:30:44] <themill> As for your compilation question, fc_copy_file_if_different is provided by cmake itself.
548[05:31:19] <rue_mohr> so your implying cmake isn't installed?
549[05:31:32] <rue_mohr> which is odd, cause cmake issued the error
550[05:31:38] * themill did not say that
551[05:32:03] <rue_mohr> ok
552[05:32:21] <rue_mohr> if I seem like a jerk, its cause I'm kinda frustrated right now
553[05:32:29] <themill> You do, yes.
554[05:32:46] <rue_mohr> ok so, running cmake results in Unknown CMake command "fc_copy_file_if_different"
555[05:33:00] <rue_mohr> so I should check the cmake version I have
556[05:33:19] <rue_mohr> as fc_copy_file_if_different must have been a recent addition that I dont have via debian latency
557[05:33:30] <karlpinc> rue_mohr: (FWIW, if you are unfamiliar with various ways to keep your debian system running over periods of years or decades you might want to start with the "don't break debian" page on the debian wiki. I believe it has pointers to things like "stow" and other stuff which assists with how to install and live with non-debian software.)
558[05:33:58] <rue_mohr> my main system was installed in 2001 (this one)
559[05:34:07] <karlpinc> rue_mohr: Jolly good! :)
560[05:34:16] <themill> which release of Debian are you running?
561[05:34:31] <rue_mohr> less 64 bit, the notion of reinstalling has seemed silly
562[05:34:56] <rue_mohr> 8.8
563[05:35:12] <rue_mohr> believe me, there have been some battles
564[05:35:39] <themill> I'm not sure that you can complain about "Debian latency" in delivery packages when you intentionally run a rather out of date release
565[05:35:47] <rue_mohr> cmake version 3.13.4
566[05:35:49] <karlpinc> rue_mohr: Anyway, everybody is free to do what they want but some people here (not me) have some serious experience with compliation and cross-compliation and architecture simulation and so forth which appears to be very useful.
567[05:35:54] <rue_mohr> does ^^ that have that missing command?
568[05:36:12] <themill> It's not a cmake command, it's a macro within the freecad packge
569[05:36:23] <rue_mohr> ok,
570[05:36:36] <rue_mohr> which to me implies a dependency missing?
571[05:37:23] <rue_mohr> or is the cmake stuff broken for the freecad source package?
578[05:38:51] <themill> I can't say that I can care much about backporting things back two releases.
579[05:40:07] <rue_mohr> so, your telling me, that if you do apt-get build-dep freecad and apt-get source freecad you will be able to run cmake with no issues
580[05:40:27] <rue_mohr> dispite the fact I cant....
581[05:40:34] * themill didn't say that
582[05:40:44] <rue_mohr> <themill> it's clearly not a problem with cmake or the debian source package
583[05:40:55] <rue_mohr> ?
584[05:41:18] <rue_mohr> unless there is something I'm not considering, then that makes it a problem with me
585[05:41:22] <themill> just because it doesn't work on whatever weird butchered system you're running doesn't mean it's a problem with the packages
586[05:41:30] <rue_mohr> which is a good reason for someone else to try?
587[05:41:56] <rue_mohr> so apt-get build-dep must have failed
588[05:42:08] <themill> Or you could just upgrade to a supported release rather than making everyone else do work for you
589[05:42:10] <rue_mohr> otherwise the system would have what it needs to compile the system
590[05:42:34] <rue_mohr> how about if I told you I'm compiling this on another machine thats 9.7
591[05:43:08] <rue_mohr> cause the packages it wanted to remove to install the build-dep on my system were packages I want to keep
592[05:43:11] <rue_mohr> :)
593[05:43:58] <themill> that's still an entire release earlier than I'd expect to work
594[05:44:25] <rue_mohr> well its a scrap machine
595[05:44:35] <rue_mohr> shall I show you it doing the same thing a version up?
602[05:47:22] <rue_mohr> #debian wont help till I'v upgraded the system, Its going to take a while, shall we try again tommorow?
603[05:47:26] <rue_mohr> erp...
604[05:47:33] <karlpinc> rue_mohr: Thing is, freecad on buster is at version 0.18~pre1+dfsg1-5. Trying to compile that on stretch (debian 9) still might not work. (The judd bot's "checkbackports" command can be helpful here.)
627[05:50:56] <rue_mohr> it was installed fresh by the other guy
628[05:50:57] <karlpinc> rue_mohr: (Which you must know, if your system is that old. Anyway, it has things to do to avoid problems.)
629[05:50:59] <themill> sounds like you've either broken your cmake installation or you're not invoking it correctly
630[05:51:02] <rue_mohr> clean buster install
631[05:51:24] <themill> you've upgraded from 8.8 to 9.7 to 10.1 in faster than any of these things actually happen
632[05:51:40] <rue_mohr> on a clean buster install 10.1, the source package wont compile with a cmake error Unknown CMake command "fc_copy_file_if_different".
633[05:51:46] <themill> We *know* that the package compiles just fine in buster,
634[05:51:47] <rue_mohr> no, he did a clean install
635[05:51:56] <rue_mohr> well we cant verify that
636[05:52:04] *** Quits: EmeraldMoon (4c5b1569@replaced-ip) (Remote host closed the connection)
637[05:52:05] <rue_mohr> cause we have a clean 10.1 install that wont
638[05:52:52] <rue_mohr> I should have gone there when version became an argument, sorry
639[05:52:55] <themill> Two things, (a) we don't need to because Debian does, and (b) I have because I threw it at my buildd about 15min ago
640[05:53:35] <rue_mohr> you ran cmake ok?
641[05:54:05] <rue_mohr> thankyou, I'm glad SOMEONE can compile it!!!
696[06:19:55] <annadane> presumably it's just because before nftables you obviously couldn't have nftables syntax and people don't want to change their settings so nftables provides an iptables compatibility wrapper guy person thing
754[07:31:55] <z8z> Hello, my debian 10 with mate desktop is scanning any external harddrive archive with this atril-thumbnailer process keeping 1 core of my cpu at 100%. When this s**t has been introduced in debian mate desktop? Parent process is caja btw.
807[08:07:53] <lioh> hi all. what is the difference between vim.basic and vim.tiny? and which one is more powerful?
808[08:07:55] <z8z> tomreyn: What i cant understand is why this crap is enabled by default. This sounds like those apps that send usage data by default and if you complain they tell you "You can disable it"
809[08:08:38] <tomreyn> i can't help with complaints, just potential solutions
810[08:09:14] *** Quits: gh00p (~Thunderbi@replaced-ip) (Remote host closed the connection)
1008[09:40:03] <Mathisen> quick question is the Libarchive vulnerability fixed in buster yet ? can recall if i have updated it in past days. just reading about it now
1039[09:51:19] <k_sze> Does the update-ca-certificates command care if the local certificates (under /usr/local/share/ca-certificates/) are in a certain format?
1040[09:51:30] <k_sze> I know it wants files *ending in .crt*.
1059[09:54:17] <jelly> maybe, maybe not. If derivatives did not make changes, there wouldn't be any reason to make derivatives
1060[09:54:55] <k_sze> I don't think that's something worth changing. It would be waaaay too obscure.
1061[09:56:00] <jelly> discussing it here is not useful, since we. Just. Don't. Know.
1062[09:56:59] <jelly> I know however that putting our $work CA in /usr/local/share/ca-certificates/extra/company-CERT.crt in PEM works, on Debian 8 onwards
1063[09:57:16] <ratrace> aw, c'mon, it's based on debian. we MUST know.
1128[10:39:57] <jelly> k_sze: if you deleted the file from /usr/local/share/ca-certificates/ and just ran update-ca-certificates, those ought to be enough
1129[10:40:25] <jelly> k_sze: if it's not enough, you can certainly try to --fresh, or "dpkg-reconfigure ca-certificates" maybe
1130[10:40:51] <k_sze> jelly, update-ca-certificates reports how many added and how many deleted.
1131[10:41:15] <k_sze> The thing is, it just said 0 removed after I deleted the file.
1155[10:55:50] <hmpf1> Hi! Is there an easy way to avoid debootstrap to install 35 MB of locales? It's for an embedded device. And even the minbase has locales.
1189[11:16:27] <dob1> I see some commands, piped ones, where there is the "-" for exampe, cat foo | somecommand -
1190[11:16:29] <dob1> what is the -?
1191[11:17:03] <dob1> why it is needed?
1192[11:17:13] <jelly> k_sze: it might have been 0 removed if the thins was never added in the first place due to unrecognized file name or file format
1194[11:18:42] <jelly> dob1: it's a syntax convention that usually means "use standard input instead of an input file" or "use standard output instead of output file", depending on whether the tool is looking for input or output
1265[12:05:25] <dpkg> Posting the same question in several places at the same time (IRC channels, news groups, mailing lists, forums) is impolite; your time is NOT more valuable than everyone else's. Your question might be answered elsewhere, meanwhile we are wasting our time doing research for a problem you've already solved. Cross-posting can also make you look like a spammer and get you k:lined. See also <multiple ask> <hurry>.
1266[12:05:59] *** Joins: Immanuel (~Manu@replaced-ip)
1317[12:38:31] <Kats99> Locales: A double-quoted string preceded by a dollar sign will cause the string to be translated according to the current locale. If the current locale is "C" or "POSIX", the dollar sign is ignored. If the string is translated and replaced, the replacement is double-quoted.
1426[13:19:35] <vampirefrog> hi, I am looking for some help with xbindkeys, any idea where I can ask? basically I've bound Win + scroll wheel to volume, but the browser still receives the scroll events (sublime text and hexchat don't though), when pressing Win while scrolling
1428[13:20:33] <ratrace> hmpf1: the protocol is being deprecated and openssh devs recommend against using it. there was also a vuln recently with the openssh implementation
1460[13:41:03] <vampirefrog> no_gravity, looks like it, but I wouldn't know for sure. Can't hurt to submit it there, I guess
1461[13:41:03] <no_gravity> vampirefrog: It looks like issues regarding syntax highlighting are always replied to with "Contact the maintainer of that file" there.
1462[13:41:19] <vampirefrog> oh then you need to find the syntax highlight file
1463[13:41:27] *** Quits: fff (~quassel@replaced-ip) (Remote host closed the connection)
1464[13:41:28] <no_gravity> It's probabyl this one: replaced-url
1465[13:41:33] <no_gravity> But who is the maintainer?
1466[13:41:47] <vampirefrog> I mean it says it on the third line
1554[14:18:17] <deadrom> file server mounted via NFSv4. ddresuce iso to thumb drive attached locally. ggrescue spools up to 800MB/s and tells me after 3 seconds "Finished". that stays for as long as the real write takes, in the meanwhile I can't see if there are any problems, real progress speed etc.
1569[14:28:31] <vlt> deadrom: Is NFS relevant here? Does this happen similarly when reading from a local file system? (I'd presume yes.)
1570[14:29:01] *** debhelper sets mode: +l 1564
1571[14:29:06] <vlt> deadrom: I think it's some buffering for the device written to.
1572[14:29:13] <annadane> what is the underlying technology virt-manager uses? i want to virtualize something but don't want to install virt-manager just yet as it pulls in a million dependencies, how do i virtualize in a quick and dirty way?
1583[14:33:34] <dka> Hi, I am trying to start hexchat on startup (debian, cinnamon), I have create a startup that use `hexchat --minimize=2`, but instead, I have hexchat starting full screen and if I minimize it, it doesn't go to system tray. I always need to close it and start it one more time. Any Idea what to do ?
1585[14:34:47] <deadrom> vlt: directly from local disk is different, pumps buffers full then averages mb/s over local buffer use, starting at 600MB/s then dropping to the thumb drives' speed eventually
1586[14:34:53] <RoyK> dka: use irssi or weechat in a tmux or screen ;)
1614[14:48:44] <Scruloose> Can anyone point me at an easy way to install Deluge 2.0 on a Buster system? It doesn't seem to be in buster-backports.
1615[14:49:28] <petn-randall> !bat
1616[14:49:28] <dpkg> In order to troubleshoot your problem with apt-get, apt or aptitude we need ALL OF THE FOLLOWING information: 1. complete output of your apt-get/apt/aptitude run (including the command used) 2. output from "apt-cache policy pkg1 pkg2..." for ALL packages mentioned ANYWHERE in the problem, and 3. "apt-cache policy". Use replaced-url
1617[14:49:38] <petn-randall> Scruloose: You can try it with this ^^^
1631[14:54:08] <dpkg> First, check for a backport on <debian-backports>. If unavailable: 1) Add a deb-src line for sid (not a deb line!); ask me about <deb-src sid> 2) enable debian-backports (see <bdo>) 3) apt update; apt install build-essential; apt build-dep packagename 4) apt -b source packagename 5) dpkg -i packagename-ver.deb To change compilation options, see <package recompile>; for versions newer than sid see <uupdate>.
1632[14:54:13] <petn-randall> Scruloose: ^
1633[14:56:14] <Scruloose> Ah, that looks promising. Thanks!
1634[14:57:31] *** Quits: frgo (~frgo@replaced-ip) (Remote host closed the connection)
1676[15:19:17] <petn-randall> Now I'm curious, too. I always switched to German keyboard for this. However, on US english layout I cannot reproduce the ° output with "altgr shift 0 0". I get ].
1677[15:19:45] <petn-randall> compose o o works, though :)
1678[15:19:48] <petn-randall> Nice!
1679[15:19:53] *** Quits: timahvo1 (~rogue@replaced-ip) (Remote host closed the connection)
1680[15:20:00] <greycat> What is "altgr" for you? Do you actually have such a key, or is it emulated via xmodmap?
1682[15:21:03] <humbot> i have a key called AltGr, it produces a whole load of useful stuff in tty
1683[15:21:18] <humbot> like “fancy quotes”
1684[15:21:19] <petn-randall> I have a physical "altgr" key, yes.
1685[15:21:31] <greycat> So, not a pure US english layout then. ;-)
1686[15:21:41] <ksk> dka: google "debian inputting degree sign" - but what the grey cat refered you too looks like a way more debian-ish way to solve that ;)
1690[15:22:18] <petn-randall> Yes, German keyboard, US enlish layout, because the special chars have better placement than on the German keyboard. It's nicer for programming.
1697[15:27:11] <GenTooMan> petn-randall I never thought about that, how keyboard placement affects programming, likely because of many (computer) languages for programming being written in psuedo english.
1704[15:33:06] <petn-randall> GenTooMan: square and round brackets ()[] are convenient on the US english keyboard. On the German one it's AltGr + 8 or 9 for [], which requires you to move your hand away from the base line. Also ; is two keypresses instead of one. And many more. :)
1705[15:33:46] <greycat> on a pure US keyboard, () are Shift-9 and Shift-0
1713[15:38:17] *** Quits: oish (~charlie@replaced-ip) (Remote host closed the connection)
1714[15:38:31] <petn-randall> In the case of () it's shift + 8 or 9 on German, so it's roughly the same. But other symbols like '@\|/{}~ are more inconvenient, most of the time requiring some combination of AltGr + a further away key.
1723[15:39:22] *** Quits: traveltissues (~traveltis@replaced-ip) (Remote host closed the connection)
1724[15:40:07] <petn-randall> metbsd: IIRC iOS uses, just like Mac OS X, zeroconf/bonjour to discover printers. So yes, you can set that service up in Debian.
1730[15:44:21] <GenTooMan> greycat likely the [] are left overs from a time when braces were more commonly used than curly braces. I believe the layout is partly for convenience and likely based on statistical analysis (slide rule era?)
1750[15:59:29] <Ede|Popede> what are the files in /etc/apt/trusted.gpg.d? what do they contain? they are not mentioned in man gpg, man apt doesn't even contain the string gpg. is it secret debian information?
1752[16:00:26] <greycat> well, they have names like debian-archive-stretch-automatic.gpg so it's probably the per-release keys
1753[16:02:32] *** Quits: RebelCoder (~RebelCode@replaced-ip) (Remote host closed the connection)
1754[16:02:32] <Ede|Popede> and what is inside them? all that gpg seems to be able to do is to create a dot dir in my home and to wait for commands.
1755[16:02:39] <greycat> Also, dpkg -S says they come from a package named debian-archive-keyring and you can get the description for that package, etc.
1771[16:09:20] <Ede|Popede> well i know this is to prove that you did it and noone else. but i also tried to understand that whole concept with zimmermann's PGP in the days when i had to download the book from a non-us server. and no, i never got through it.
1781[16:12:09] <Ede|Popede> and actually i never needed this stuff besides for what debian uses it. i am in no relationship to the NSA or the FSB or whatever. i don't even care if some services or my provider can read my mail, i never had anything more relevant in them than somm address or a phone number.
1789[16:13:59] <greycat> Ede|Popede: when you do "apt update" or similar, apt downloads a list of the currently available packages and their checksums. This list is signed. Apt uses the files in the keyring (the ones we've been talking about) to verify this signature.
1792[16:15:40] <Ede|Popede> greycat: that's what i thought. but is that blob the *natural* form of existence for that info? means, the developer has some tool (i bet it is pgp itself) gives it some command with some parameters and it spits out that file?
1793[16:16:13] <greycat> At this point, you need to learn how gpg works, and I can't teach it to you. Find a manual.
1794[16:16:39] *** Quits: AlmarShenwan_ (~quassel@replaced-ip) (Remote host closed the connection)
1795[16:16:44] <Ede|Popede> man pages are meant to make people understand how progams work, right? well...
1796[16:16:57] <greycat> Then find a manual that isn't a man page.
1797[16:17:30] <greycat> try googling "gnupg for dummies" or something (I just did, and it didn't explode)
1798[16:17:37] *** Quits: Immanuel (~Manu@replaced-ip) (Ping timeout: 240 seconds)
1799[16:18:50] *** Joins: Immanuel (~Manu@replaced-ip)
1803[16:19:42] <Ede|Popede> it's a pity i didn't save the title of that particular book (for a lot of others i did), found it in a library before i even had internet, was an introduction to the history of cryptography going through all its stages starting with caesar, medieval times, french revolution, enigma, up to what was uptodate when it was written. some DES i think.
1805[16:20:05] <Scruloose> Ede|Popede: short answer is yes, that's the 'natural' form of this info. Anyone who has the gnupg program can generate a public/private keypair. Gnupg + private key allows signing things, and gnupg + corresponding public key (the things you're asking about) allows verifying those signatures.
1816[16:24:14] <Ede|Popede> Scruloose: that's about how far i went, maybe i was trying to understand how it works under the hood too hard, but then, i had no real reason to "simply use it". and a GUI with a "Just do it!" button is all but helpful, nothing but a magic wand keeping the mystery.
1817[16:24:40] *** Quits: AlmarShenwan (~quassel@replaced-ip) (Quit: No Ping reply in 180 seconds.)
1818[16:24:42] <Scruloose> petn-randall: My deluged from source is up and running, thanks! Will a regular "apt update" now give me some indication when the source package is updated? I assume I'll need to do the compile-and-install steps periodically to keep it up do date.
1827[16:25:59] <Scruloose> Ede|Popede: Well, going through a "how to pgp" guide to generate your own keypair and sign some arbitrary file can be fairly demystifying. If you want to fully understand the math behind asymmetric public-key crypto, that's way beyond my pay grade. ;-)
1828[16:26:00] <petn-randall> Scruloose: Yes, you're unfortunately required to track any possible updates by hand.
1834[16:27:46] <Scruloose> petn-randall: Fair enough. But will I get some sort of output from apt-get update or apt-get upgrade telling me when it's time?
1836[16:28:42] <petn-randall> Scruloose: No, since your compiled package is not available in any repos. If however some time in the future deluge is available in buster-backports, you'd get notified.
1837[16:29:25] <Scruloose> petn-randall: Good to know; thanks again!
1839[16:30:12] <karlpinc> Scruloose: I don't know but suspect not. However, there may be a mailing list or something you can subscribe to somewhere in the debian infrastructure that reports when a package is updated. (I've not been paying attention to just what you're doing.)
1846[16:33:24] <karlpinc> Ede|Popede: As long as you're generating key pairs and using them you might instead want to look into using ssh-keygen, and ~/.ssh/authorized_keys and so forth. I tend to use that way more than php, and the concepts are the same. (Although you don't get the signing v.s. encryping distinction. You do with certs though, so you can play around with that using openssl.) Anyway, ssh keys use basic public/private key pair concepts that
1847[16:33:24] <karlpinc> you're going to need to understand to do more complex stuff.
1848[16:33:26] *** Quits: tyranny12 (~blarg@replaced-ip) (Remote host closed the connection)
1853[16:35:34] <MikeDebian> Hi all. I'll be installing nodejs from deb.nodesource.com on a Debian 9 machine that already has Debian nodejs package installed. When trying to purge this Debian package it mentions it is not possible because another package depends on it (libkf5purpose-bin). I would say this package has no dependency on nodejs and from a read online it seems to be a bug. Can you confirm? Is it save to force the purge?
1854[16:35:39] *** Quits: mibo (~mibo@replaced-ip) (Remote host closed the connection)
1860[16:38:17] <dpkg> In order to troubleshoot your problem with apt-get, apt or aptitude we need ALL OF THE FOLLOWING information: 1. complete output of your apt-get/apt/aptitude run (including the command used) 2. output from "apt-cache policy pkg1 pkg2..." for ALL packages mentioned ANYWHERE in the problem, and 3. "apt-cache policy". Use replaced-url
1861[16:38:25] <petn-randall> MikeDebian: Can you provide all the info above? ^^^
1862[16:38:27] <Ede|Popede> karlpinc: thanks for that trigger. didn't even think of them myself now (as usual). seems hard to find a top down approach not targeting specific use cases, but giving the big picture first, which i always prefer.
1886[16:45:52] <karlpinc> f0x1: You need to select the underlying real partition and change its type so it is no longer used for LUKS but instead used for whatever you want. (I think.)
1887[16:45:53] <jelly> f0x1: you can always switch to console, wipe the luks format, go back to d-i and restart from re-reading the disk contents
1892[16:46:49] <petn-randall> MikeDebian: `dpkg --purge` is not the correct way to do this, you most likely want `apt purge nodejs`. I also can't see the nodesource repo in your output. Are you trying to install the node package by hand?
1893[16:46:58] <jelly> where's the console, Ctrl-Alt-F2? F3?
1894[16:47:04] * jelly does not remember
1895[16:47:12] <karlpinc> jelly: One of those. I forget also.
1896[16:47:16] <greycat> during install, f2 is a console
1897[16:47:55] <greycat> f4 is a tailed log file, and I don't remember what f3 is
1898[16:47:59] <karlpinc> f0x1: If it makes you feel better I always have to poke the installer's partitiong/LUKS/LVM interface with a stick until it eventually does what I want. But I can't think of a way to make it better so can't complain.
1903[16:48:52] <jelly> dpkg, d-i console is <reply>During the debian-installer there's a console waiting with a shell for manual manipulation at Ctrl-Alt-F2. After doing things, go back to the installer on Ctrl-Alt-F1
1904[16:48:52] <dpkg> console is <reply>During the debian-installer there's a console waiting with a shell for manual manipulation at Ctrl-Alt-F2. After doing things, go back to the installer on Ctrl-Alt-F1, you want to go to replaced-url
1905[16:49:04] <jelly> sigh
1906[16:49:28] <f0x1> karlpinc: you can't select the underlying partition because you're not allowed to modify it
1907[16:49:30] <jelly> dpkg, installer console is <reply>During the debian-installer there's a console waiting with a shell for manual manipulation at Ctrl-Alt-F2. After doing things, go back to the installer on Ctrl-Alt-F1
1910[16:49:45] * jelly is not going to remember that factoid name
1911[16:49:59] <f0x1> it'd be better if there was an option to delete the crypt partition from the "configure encrypted volumes" menu, similar to how you can delete LVM groups from their respective menu
1912[16:51:05] <karlpinc> f0x1: My guess would be to go into LVM then and do something to delete the physical volume. Anyway, the console will see you through. (You could change the underlying partition type there.)
1968[17:10:13] <jelly> I like the absolutely huge download button. It's pretty clear however it's a dated PoC, seeing as the download button points to stretch...
2017[17:17:48] <jelly> Furry_Kitty: right click on channel tab -> Settings -> Hide join/part messages
2018[17:17:58] <lunchslut> telegram is more than just a messenger, it's like its own little network. There are "channels" which are more like twitter feeds, and group chats that are more like IRC channels
2019[17:18:06] <han-solo> and they were very responsive, in the messenger group, so
2023[17:18:26] <f0x1> telegram has great UI, terrible backend/crypto tho
2024[17:18:37] <lunchslut> you can find movies, newspapers, music, etc. while i dont think its a great secure option for chatting, its a very comfortable modern chat environment
2046[17:20:19] <jelly> elichai2: LTS team does security for oldoldstable jessie
2047[17:20:22] <jelly> !jessie-lts
2048[17:20:22] <dpkg> Security support for Debian 8 "Jessie" from the Debian Security Team ended on 2018-05-17. The amd64, i386, armel and armhf architectures will receive additional long term support (<LTS>) via <jessie/updates> until around 2020 for a 5 year lifetime total. See replaced-url
2049[17:20:24] <han-solo> anyway, that's my exit. Later
2060[17:21:38] <jelly> elichai2: sometimes the LTS people are faster than Debian Security Team. Sometimes
2061[17:21:47] <n4dir> just wanted to say that for a while some recommended signal. Problem is as always: you will have to convince all your friends to use it too
2062[17:22:03] <jelly> elichai2: ... the security team decides an issue is not really critical enough
2064[17:23:18] <jelly> elichai2: whatever the security team does with stable (buster) and oldstable (stretch), you can see the current state on that cve lookup URL / security-tracker.debian.org
2065[17:23:50] <elichai2> can I ping somehow to look into updating the rust/cargo versions?
2070[17:24:57] <greycat> My understanding is that the only reason rust is *in* those releases is because it was needed to build the newer firefox-esr packages.
2071[17:25:04] <greycat> Or maybe it was chromium.
2075[17:26:33] <jelly> elichai2: I'm a bit disillusioned and consider ANY cloud-based service as a ticking bomb waiting to disappear under the feet of my users
2076[17:26:42] <riezaizu> any reason why netflix gives "browser not supported" in chromium today, but it worked fine before?
2077[17:26:46] <jelly> that includes the ones I maintain myself
2078[17:27:00] <elichai2> jelly: what?
2079[17:27:28] <greycat> talking about telegram et al.
2189[17:55:55] <jelly> Furry_Kitty: it's all good for 12 months since buster release, to give users enough time to plan _and execute_ an upgrade on their own time.
2190[17:56:00] <whislock> Furry_Kitty: Eventually, the software versions in oldstable will fall out of support. That "eventually" is not here yet.
2213[18:00:33] <jelly> ratrace: honestly I trust bwh more than gkh at this point.
2214[18:00:51] <oiaohm> Some of the reason why not as many security patches don't get backported to older versions like we would hope is the lack of nice solid testsuite to confirm that it broke nothing.
2215[18:01:10] <ratrace> that's just one part of it. the other is lack of upstream CVEs
2216[18:01:17] <jelly> and for the really important stuff, managed to convince $work to buy grsecurity subscription
2217[18:01:22] <ratrace> *an other (it's not just two)
2218[18:01:35] <oiaohm> jelly: really grsecurity does not have the missing bits.
2220[18:02:40] <jelly> oiaohm: they actively keep track of main tree, have backports that are NOT in longterm trees, and have some generic protections.
2221[18:02:58] <ratrace> but why do you think grsec is so good
2222[18:03:06] <ratrace> did anyone run an independent audit?
2223[18:03:42] <oiaohm> jelly: and it still as broken as any other distribution made kernel.
2224[18:03:59] <oiaohm> jelly: with cases of not all security patches applied.
2225[18:04:01] <jelly> ratrace: I don't need an "independent" audit, not does my boss require one thankfully
2229[18:04:11] <ratrace> oiaohm: back when it was free for all, it was broken even more. grsec policy used to be, back then at least (pre 4.9) to panic when something suspcious happens
2230[18:04:27] <jelly> oiaohm: it's "not all" but it's quite a bit better than longterm
2231[18:04:30] <ratrace> jelly: so how do you know, then, that you didn't just fall for marketing and hype?
2232[18:04:44] <ratrace> or maybe you ran audits so _you_ know? ;)
2233[18:04:52] <jelly> ratrace: yes.
2234[18:04:56] <jelly> duh!
2235[18:05:00] <ratrace> duh. :)
2236[18:05:11] <oiaohm> jelly: longterm had more patches in it than the grsecurity kernels over all as they did not take in some security fixes that broke their add ons.
2237[18:05:51] <oiaohm> jelly: grsecurity was not a magic cure all bullet . there has been a core problem with secuirty patching and qa with the Linux kernel for a long time.
2238[18:06:26] <jelly> oiaohm: noone says it's a magic buller. It's jsut better than what's available for free.
2239[18:06:31] <whislock> Nothing is a magic cure-all bullet. Not using what improvements are available because they're not perfect is stupid.
2240[18:06:51] <humbot> :v
2241[18:06:54] <ratrace> that's true but I'd need to be convinced there are improvements to begin with.
2242[18:07:09] <ratrace> which would require posessing a set of zerodays and attack both the mainline and grsec kernels and see which one fares better.
2243[18:07:25] <oiaohm> jelly: when it was available for free I did compare grsec to mainline kernel.
2244[18:07:32] <ratrace> now where the flak am I gonna find such zerodays...
2245[18:07:35] <oiaohm> jelly: it was not as good as it was cracked up to be.
2246[18:07:37] <whislock> ratrace: I'm sure there are plenty of orgs out there that will happily accept your money to do just that.
2263[18:10:40] <ratrace> spending gobs of money to get extra security then not using the features it provides. lol. what's the point. it's easier to get pwnt through userland than through kernel (in amount of vulns available)
2264[18:10:44] <oiaohm> jelly: around 2008 some of us started questioning it when we saw this. replaced-url
2265[18:10:53] <ratrace> jelly: that's just stupid.
2266[18:11:04] *** Quits: fflori (~fflori@replaced-ip) (Remote host closed the connection)
2267[18:11:39] <jelly> oiaohm: sure, but again, never having used it meant a big shrug for us
2274[18:13:13] <jelly> you can get a rough expecation of which features are reliable and which are shiny new shit, given enough time with any piece of software
2313[18:32:31] <zellfaze> I have a piece of software that freezes when exiting, and then when the process is killed causes my whole computer to completely lock up.
2314[18:32:43] <zellfaze> I end up having to hard reset it (magic syskey doesnt even work).
2315[18:32:54] <zellfaze> I have no idea where to even begin looking at logs.
2316[18:33:10] * zellfaze currently has the process hung in the background.
2317[18:33:12] <n4dir> won't hurt to let us know which piece of software.
2322[18:34:49] <ratrace> zellfaze: you can enable persistent journal and next time it happens, upon reboot, inspect, say, last 100 lines of previous boot's logs with journalctl -b -1 -n 100
2329[18:35:36] <ratrace> you can also dig through /var/log/syslog and try to find where the current boot start and look up lines above that.
2330[18:36:03] <ratrace> but that depends on the bug not locking up the IO mechanism.... which might not be the case, if sysrq is failing
2331[18:36:48] <ratrace> alternatively you could ssh in from another machine and tail dmesg with dmesg -w maybe it'll output something before the lockup
2357[18:40:43] <zellfaze> ...It didn't do it this time. That happens occasionally. It does hang like 90% of the time. So lets just open the game again. xD
2380[18:45:57] <bibble> zellfaze: there's security source. that means it auto installs security updates without manually installing unattended-upgrades ?
2382[18:46:19] <bibble> ratrace: what is bad about that app ?
2383[18:46:28] <ratrace> bibble: no. you need unattended-upgrades for debian to install them on itself (via systemd timer actually)
2384[18:46:33] <zellfaze> ^
2385[18:46:38] <bibble> Ah, OK
2386[18:46:48] <zellfaze> That line just means that if you manually run updates you will get security updates.
2387[18:46:51] <f0x1> ratrace: still no boot
2388[18:47:03] <bibble> zellfaze: ah
2389[18:47:15] <ratrace> bibble: well for starters it doesn't cover kernel updates with reboots, nor does it restart services when a lib updates, so it's PARTIAL update at best. which means you STILL have to manually re-check and apply updates, so why even bother with unattended.
2402[18:49:54] <ratrace> f0x1: you can lsinitramfs and then check for modules ; but you can troubleshoot this by going back to rescue, mount root again, and pastebin some stuff for us: /boot/grub/grub.cfg and the output of `blkid`
2405[18:50:45] <ratrace> f0x1: also crypttab --- if you have network in that VM you can cat each to | nc termbin.com 9999 and post URLs here. if you have no network, use a rescue env that does.
2412[18:51:49] <greycat> I wonder how much junk termbin.com gets.
2413[18:52:01] * zellfaze didn't even know it was a thing.
2414[18:52:04] * zellfaze is fascinated
2415[18:52:39] <greycat> I run a similar service, MUCH less popular, and almost every submission I get is rubbish from someone trying to use that port as a web proxy or something.
2417[18:53:16] <ratrace> proxy probes. my web servers access logs are full of such crap
2418[18:53:23] <zellfaze> Yeah
2419[18:53:41] <zellfaze> It's kind of amazing how little effort it takes to scan the whole Internet these days.
2420[18:54:11] <ratrace> zellfaze: there was this greyhat project, they said they could scan entire ipv4 space in a day. for open ports, that was, I think
2421[18:54:54] <zellfaze> ratrace: Zmap
2422[18:55:02] <zellfaze> "ZMap can scan the entire IPv4 address space in an hour on a single port"
2423[18:55:09] <greycat> Assuming you hit all 2^32 conceivable address (the real space is smaller), you'd need to scan 49710 per second.
2424[18:55:20] <zellfaze> It's like nmap, but faster and way less throughal
2425[18:55:32] * zellfaze butchered that spelling.
2457[19:04:56] <ratrace> f0x1: can you chroot into that root and then check: 1) that cryptsetup-initramfs is installed 2) that update-initramfs -u and update-grub both finish with no errors?
2459[19:06:08] <ratrace> f0x1: chroot like this, assuming rootfs is mounted on /mnt: mount -t proc proc /mnt/proc ; mount -B /dev /mnt/dev ; mount -B /dev/pts /mnt/dev/pts ; mount -B /sys /mnt/sys ; mount /dev/sda1 /mnt/boot ; chroot /mnt
2460[19:06:29] *** Quits: starch (~starch@replaced-ip) (Quit: rcirc on GNU Emacs 27.0.50)
2461[19:08:23] <f0x1> mount -B is an invalid option in the debian busybox
2487[19:19:20] <Furry_Kitty> What kind of crashes?
2488[19:19:22] <ratrace> JordiGH: you shouldn't, there are secvulns that are patched with 68 ; did you start with a fresh new profile as suggested earlier?
2489[19:19:41] *** Quits: zeSoup (~jsc@replaced-ip) (Remote host closed the connection)
2490[19:19:44] <JordiGH> Furry_Kitty: I don't know, you want to know which signal it received?
2491[19:19:49] <ALowther> What is the purpose for the majority of the executables in /bin? When I view the files in /bin and type `which BIN`, every single one that i have tested for provides me a path in /usr/bin. The files aren't symlinks either. Do they just have duplicates? What for?
2492[19:20:02] <JordiGH> ratrace: Why would I do such a thing? If it doesn't work with my current profile it plain doesn't work.
2539[19:29:27] <JordiGH> ratrace: I'm so frustrated because you so misunderstand the problem. I can be browsing for about an hour or so and then a crash happens. I have about 10 extensions. So you want me to try all possible 2^10 possibilities of extensions? That's 1024 hours of inconvenience, assuming I get a crash within an hour each time.
2540[19:29:42] <JordiGH> It's just the dumbest and most useless and most inconvenient way to determinw why Firefox is crashing.
2541[19:30:18] <JordiGH> Assuming the crash is even because of my extensions and not because of some other part of my profile.
2542[19:30:19] <greycat> It's not 2^10 permutations. Most likely it's *one* extension causing the issue, not some combination.
2543[19:30:26] <Scruloose> Looking for solutions, I'm seeing reference to the return packets being routed through the vpn even though the incoming connection is on the local/regular ethernet interface.
2544[19:30:31] <ratrace> JordiGH: but it's the only way. process of elimination. besides "run with a new profile" has been "the way" to fix FF post-udpate crashes for years.
2545[19:30:49] *** Quits: ALowther (~ALowther@replaced-ip) (Remote host closed the connection)
2546[19:30:53] <Scruloose> Does this info here seem accurate and current? replaced-url
2547[19:31:02] <ratrace> JordiGH: and even if you do manage to read what is sent to mozilla, my bet would be a lot of stack traces and state dumps, little hints as to what caused it
2548[19:32:03] <ratrace> infact, sometime in the past few releases, you HAD to start with a new profile, can't remember which was it. maybe even this 60->68 esr?
2549[19:32:04] <jelly> JordiGH: 1024 hours? Fire up a thousand machines in the cloud and run the same browser things!
2550[19:32:32] <JordiGH> greycat: Most likely, but you don't know. Either way, 10 hours of inconvenience, assuming I get a crash within an hour or so each time.
2551[19:32:41] <jelly> selenium is your friend!
2552[19:32:43] <noln> Bisection would take 3/4 steps. Halve the search space each step
2553[19:32:44] * jelly hides
2554[19:32:46] <JordiGH> ratrace: You ever heard of a debugger and core dumps?
2555[19:33:14] <ratrace> JordiGH: sure, but that takes hours. I've fixed all such crashes so far with a fresh new profile and a few elimination tests.
2556[19:33:19] <JordiGH> noln: It's not a bisection; there's no ordering on the extensions.
2557[19:33:27] <JordiGH> ratrace: Your method also takes hours.
2558[19:33:39] <greycat> JordiGH: do you have a BETTER approach? Then use that.
2584[19:39:11] <ALowther> greycat: Does that mean it is unique to Buster? Or that is the decision made by the team and all new distros moving forward will be structured in this way?
2610[19:44:17] * f0x1 is about to run into initramfs with a filled stomach :P
2611[19:44:33] <greycat> if nothing else, you're on the not-latest kernel
2612[19:45:24] <ratrace> f0x1: OS version in that first crash dump you posted shows the old 10.0 kernel version
2613[19:45:44] <JordiGH> So you think I should reboot?
2614[19:45:49] <karlpinc> Scruloose: The page you cited looks ok. But you want to diagnose the problem. The obvious thing to look at is the routing table when the VPN is running. "ip route show"
2615[19:45:51] <greycat> Linux 4.19.0-5-amd64
2616[19:46:01] <greycat> there's a -6- now
2617[19:46:07] <ratrace> JordiGH: but uptime says 2 hours...
2618[19:46:24] <greycat> is that system uptime, or firefox uptime?
2621[19:46:40] <lunchslut> is anyone else having issues changing input methods in qt based apps on 10.1? i have the same issue on two rather different machines
2622[19:46:41] <JordiGH> Seems more like firefox uptime.
2623[19:46:47] <lunchslut> (using ibus)
2624[19:46:49] <greycat> mouseover says "Length of time the process was running"
2625[19:46:50] <ratrace> oh yeah, good question.... oh definitely reboot that thing. /me bets 5€ that will fix the crashes :)
2626[19:47:05] <JordiGH> I'll take that bet. You accept Paypal?
2639[19:50:45] <Scruloose> The output with 'all' seems to be exactly the same, btw
2640[19:50:55] <karlpinc> Scruloose: good
2641[19:51:24] <karlpinc> Scruloose: What are you doing to setup the route? (openvpn's --route directive?) And what are you trying to do with your vpn in the first place.
2657[19:56:00] <Scruloose> karlpinc: And the objective is for traffic originating on the server (eg deluged) to go through the tunnel for anonymity, but to still be able to make connections into the server directly for ssh, deluge thin-client, etc.
2658[19:56:02] <greycat> then you'll find nothing and it'll be quick :)
2670[19:58:08] <Scruloose> karlpinc: "pushing configs"? I know I manually unpacked that from a zipfile and put it in /etc/openvpn/client/ and manually enabled openvpn-client in systemctl
2671[19:58:10] <karlpinc> greycat: (Way too much slapping to go around when it comes to systemd. Nobody has a hand that would stand up to the punishment.)
2672[19:58:20] <ratrace> meanwhile, why I think reboot might fix this... if I understnd the crash report correctly, the segfault was in the accessibility library, which usually means hardware probing or interaction
2673[19:58:23] <f0x1> hmm, update-grub just seems to hang
2674[19:58:30] <greycat> ratrace: even "journalctl | less" works normally. SOMEONE made a conscious decision to have it use less in a horiz-scroll mode.
2675[19:58:36] <karlpinc> Scruloose: The other end of the connection can tell your end to setup things.
2676[19:59:28] <karlpinc> Scruloose: I haven't thought about this stuff in a while....
2690[20:03:22] <greycat> ratrace: If I run "journalctl" with no arguments, not part of a pipeline, not redirected... then it automatically runs a process named "pager", which is linked to "less" via alternatives. So far, so good. But this instance does NOT work the same way "pager" does if I run that by itself. Checking the process's env, I see it has LESS=FRSXMK
2722[20:10:04] <Scruloose> karlpinc: I found a little more discussion of what looks to be the same issue I have (specifically mentions PIA) here: replaced-url
2723[20:10:14] <ratrace> f0x1: no idea really. with buster, crypsetup-initramfs is now installed separately. I'm not sure how the installer dealt with it before, I'm rarely using it
2724[20:10:23] *** zodd is now known as Guest36214
2727[20:10:45] <ratrace> f0x1: but update-initramfs will complain loudly if there's no cryptsetup-initramfs installed and root seems to be encrypted
2728[20:11:02] <karlpinc> Scruloose: I'm wondering why "y.y.y.y/y should be the subnet of your Linode's public IP address". (Havn't thought it through.)
2729[20:11:14] <f0x1> anyways, thanks ratrace for helping me debug
2735[20:12:22] <f0x1> I want to turn my current 2 disk RAID1 into just 1 normal disk (no raid), while keeping the data
2736[20:12:59] <f0x1> and then remove one of the hdd's that used to be in the RAID, put an SSD in it's place, and then start a new RAID1 with both my ssd's, keeping the data that was already on the initial ssd
2739[20:13:24] <f0x1> from what I've heard, that should be doable while keeping everything online
2740[20:13:30] <ratrace> f0x1: degrade by faultin, detaching, and zeroing-superblock for the disk you want to turn into single device; copy partitions + filesystems over
2741[20:13:59] <ratrace> the above assumes mdadm raid1
2742[20:14:02] <f0x1> hmm it's going to be annoying to copy all that data
2743[20:14:05] <f0x1> yeah it's mdadm
2744[20:14:22] <karlpinc> Scruloose: Seems to me that "y.y.y.y/y" should be "x.x.x.x/32". But that's without really understanding....
2745[20:14:22] <f0x1> is it bad to keep the RAID1, but just running with 1 disk, or does that have overhead?
2746[20:14:35] <Scruloose> karlpinc: Yeah, and my situation is not a VPS, it's a machine at home with a couple of port-forwards through my NAT router. The main bit I know I don't understand is whether that "public IP address" would be the server's own non-vpn local address in my case, or the router's WAN-facing public address.
2747[20:14:38] <jelly> f0x1: negligible overhead
2748[20:14:43] <ratrace> f0x1: might be able to speed it up by dd-ing the filesystem itself, but it'll retain the UUID so don't forget to change it
2749[20:15:21] <f0x1> jelly: ah, that makes part 1 easier
2750[20:15:39] <ratrace> my OCD would scream at permanently running a degraded array.....
2751[20:15:43] <jelly> f0x1: why don't you just fail and remove one device, then add the new device into the existing raid1?
2753[20:16:32] <Scruloose> karlpinc: By my reading, that comment does in fact say that y.y.y.y/y is simply the subnet to which x.x.x.x belongs
2754[20:16:42] <jelly> ratrace: I keep degraded raid1 most of the time, resyncing to external disk member once a month or so, then disconnecting it again
2758[20:17:09] <karlpinc> Scruloose: I think it'd be your non-vpn local address. The NATting allready has done all the translation and that's what you "see".
2759[20:17:11] <jelly> (except it's not offsite, just unplugged)
2761[20:17:33] <ratrace> jelly: yeah the degraded array backup method. DOWN GIRL! down. there, my OCD freaked out.
2762[20:17:46] <Scruloose> karlpinc: Cool. That lines up with my not-very-educated guess ;-)
2763[20:17:51] <karlpinc> Scruloose: The y.y.y.y/y is there in the event that your machine gateways traffic from the internet to your local network. This is unlikely to be the case.
2764[20:17:59] <f0x1> jelly: they are different RAIDS
2765[20:18:06] <f0x1> I'll write out what I'm trying to achieve
2768[20:19:14] <Scruloose> karlpinc: True. If any such gatewaying happens, it should be the NAT router doing it, not this machine.
2769[20:19:19] <karlpinc> Scruloose: So, ""the answer looks "right"". For some value of right. (But my brain has still not caught up and worked through all the details, and I don't have time to do that just now.)
2770[20:19:47] <ratrace> greycat: there's your culprit: replaced-url
2771[20:20:20] <Scruloose> karlpinc: Heh! Thanks for taking a look!
2777[20:21:59] <karlpinc> Scruloose: Thing is _all_ traffic originating on the local box will then go through the vpn. Even ssh connections you make to other places, etc. That will make it hard to reach the rest of your network from your local box.
2783[20:23:19] <f0x1> and I'd like to do all this with minimal downtime :>
2784[20:23:23] <ratrace> f0x1: so which RAID you wanted to split? from what I understand, the HDD RAID remains, and you're turning 1 SSD into a RAID1 + bache device with another bigger SSD
2785[20:23:47] <ratrace> f0x1: the only problem is that HDD RAID will need to be rebuild as bcache user, iirc you can't just attach bache to an existing fs
2786[20:23:55] *** Quits: sauvin (sauvin@replaced-ip) (Remote host closed the connection)
2787[20:24:05] <karlpinc> Scruloose: (I'd also muck about with the openvpn configs so that that "ip rule add from x.x.x.x table 128" is done when openvpn comes up, and undone when it goes down.)
2788[20:24:08] <ratrace> I might be wrong, but from what I know, the fs needs to be built layered atop of bcache
2789[20:24:09] <Scruloose> karlpinc: Ah. I see. So I'll want to figure out how to *also* exclude traffic originating on this box and destined for 192.168.1.x, then
2790[20:24:19] <f0x1> ratrace: I'm removing one of the HDD's, so the other HDD would be the sole disk in the old RAID
2797[20:25:22] <karlpinc> Scruloose: But that's for reaching your local network. It won't help when reaching, say, debian's security repo.
2798[20:25:59] <karlpinc> Scruloose: I've not paid attention to torrents in a long time. There may not _be_ an answer.
2799[20:26:38] <karlpinc> Scruloose: You may have to suck it up and understand what you are doing. :)
2800[20:26:47] <f0x1> ratrace: updated the txt to maybe be more clear
2801[20:26:49] <Scruloose> karlpinc: And the concern there would be if my vpn provider wants to snoop on my connection to say, debian's security repo, I take it?
2802[20:27:33] <Scruloose> karlpinc: Yeah, some 101 reading on IP routing and tunnelling may be in order, it's true.
2809[20:28:56] <ratrace> f0x1: but the SSD RAID1 (rootfs+swap) is unrelated to the HDD RAID1 (media), so you're basically taking out one HDD, turning the HDD RAID1 into single disk, and building a fresh new RAID1 from existing 256GB SSD + new 512GB SSD, half of which would run as bacache?
2815[20:29:33] <ratrace> f0x1: the only problem with that is turning single SSD into a raid member, online, that's not doable, you'd have to reboot for the / to change from single ssd to raid member
2817[20:29:41] <jelly> greycat: because why would it use the normal LESS!
2818[20:29:44] <karlpinc> Scruloose: Do you really want to go through the vpn when connecting to your bank? Maybe you do and maybe you don't but you should at least know what's happening.
2828[20:31:26] <f0x1> a reboot is fine, just trying to minimize downtime
2829[20:31:55] <jelly> no wait
2830[20:32:16] <jelly> greycat: why would it [journalctl] not use the normal LESS! Because fuck you, that's why
2831[20:32:25] <Scruloose> karlpinc: It's a good point. I mean, anything I do that's as sensitive as banking will a) not be on this machine and b) happens over ssl with certificate verification anyway, so I think with/without the VPN isn't much of an issue?
2833[20:33:05] <ratrace> f0x1: doable, I did it more than once. I'm just not aware of an ability to remove mdadm metadata and basically convert a raid1 member into a single disk, without zeroing superblock and removing all metadata, requiring basically a copy-over
2834[20:33:25] <greycat> jelly: I didn't study the code in depth. Something about special handling of Ctrl-C if the -K option is missing. And I suppose someone thought they knew better than the developers of less.
2836[20:33:43] <karlpinc> Scruloose: The Internet is built to not care about the paths the packets take. So you don't care either. Until you do.
2837[20:33:47] <ratrace> f0x1: but again, dd-ing the fs (as opposed to rsyncing it) from mdX to /dev/sdY is faster, and will require changing its UUID with tune2fs
2860[20:37:27] <jelly> and your .viewrc is noone's business
2861[20:37:32] <karlpinc> ratrace: I have it in my head you can have N>0 raid1 members. For instance, so you can start with a single disk and later add more. Of course it's not really raid1, but that keeps it from being degraded.
2864[20:37:44] <jelly> ratrace: it's a non-default default.
2865[20:38:02] <Scruloose> ratrace: It's true, they did eventually add the option to override their override of your system preference
2866[20:38:03] <jelly> ratrace: it's literally "we know better than you"
2867[20:38:13] <ratrace> karlpinc: technically you can build (Start with) raid1 array with just one disk. you supply "missing" for the other drive (it's a keyword for mdadm)
2868[20:38:22] <ratrace> karlpinc: but it's still a degraded raid1
2869[20:38:39] <karlpinc> ratrace: It shows as degraded?
2870[20:38:44] <ratrace> jelly: did anyone try to submit a patch and change that default of defaults? did it get shot down?
2876[20:40:20] <f0x1> so for then converting the ssd to RAID1 with the new drive, the arch wiki recommends creating a degraded RAID1 (with 'missing') on the new drive, rsyncing all the data, and then adding the old disk to the new RAID1 replaced-url
2877[20:40:32] <f0x1> is that the best way or is there some way to avoid having to rsync over the entire disk
2880[20:40:54] <ratrace> f0x1: that's pretty much it
2881[20:40:56] <f0x1> oh and there's LUKS and LVM involved too :<
2882[20:41:00] <ratrace> doesn't matter
2883[20:41:18] <ratrace> oh wait... actually... I don't know how to replace PVs in a LVM
2884[20:41:25] <karlpinc> f0x1: The bestest way is to use lvm. That will allow you to dynamically migrate the data from one physical volume to another without downtime.
2885[20:41:40] *** Quits: swift110 (~swift110@replaced-ip) (Remote host closed the connection)
2890[20:42:19] <ratrace> f0x1: so I can't say "doesn't matter" for LVM, I wouldn't know. doesn't matter for LUKS that's for sure; it's just another container -- just make sure that at the end of it, from a chroot, all the UUIDs match, crypttab matches, grub.cfg looks up the correct device, fstab UUIDs are correct.
2897[20:45:18] <karlpinc> f0x1: You also pvchange -x n foo for the physical volume you want to migrate off of so nothing new gets put there. When done you're free to remove the empty pv from the volume groups. At that point you can do "something new" with the old pv.
2900[20:46:17] <Lope> what modules do I need to load in initramfs besides zfs to get `zpool list` to work?
2901[20:46:23] <Lope> ratrace, ^
2902[20:46:37] <Lope> it says "no pools available"
2903[20:47:00] <f0x1> karlpinc: so the pvmove can be done while online, right?
2904[20:47:03] <ratrace> Lope: zfs pulls them in. zunicode,zavl,zcommon,znvpair,spl
2905[20:47:08] <GenTooMan> I find myself in need of tracking a specific USB device behavior in my linux system. Namely I need to find out of it's misbehaving or doing something unexpected. I attempted to try and use wireshark but was an epic failure.
2916[20:49:12] *** Quits: MenschZwoNull (~MenschZwo@replaced-ip) (Remote host closed the connection)
2917[20:49:45] <karlpinc> f0x1: Basically first turn off usage of the old pv, migrate to new pv, undo any vgs that use the old pv, and destroy the old pv.
2918[20:50:03] <Lope> ratrace oh brilliant, will try that. thanks
2919[20:50:29] <Lope> can anyone show me an example of /etc/network/interfaces including both ipv4 and ipv6 staticly set?
2921[20:51:03] <karlpinc> f0x1: The nice thing is that the data "just moves". So everything inside of lvm is untouched, the UUIDs of the logical volumes, etc.
2922[20:51:19] <Lope> I've got ipv4 working on my remote server. I tried adding the line "iface eth0 inet6 dhcp" to it but that broke it's ability to boot.
2923[20:51:41] <Lope> but I'd prefer to set the stuff staticly.
2936[20:53:37] <Lope> but the recovery console only functions due to DHCP being active probably.
2937[20:53:39] <karlpinc> f0x1: As soon as you do pvchange -x n no new sectors on the old pv are allocated. It may be that some are written to. But as the pvmove runs there are fewer and fewer of those sectors.
2956[20:57:52] <jhutchins_wk> Lope: Generally, let your router route and configure a gateway.
2957[20:57:53] <karlpinc> f0x1: As long as your thinking about this, google for "write amplification" for SSDs. It may be, depending on your ssd, you want leave about 20% of it unallocated to avoid slowdown. (The way to be sure of this is to have a least one partiton and leave entirely unpartitioned space on the drive.)
2964[20:58:36] <jhutchins_wk> Lope: Definitely let the router handle it.
2965[20:58:54] <Lope> Dagger, it works in the recovery console, and after I manually added the ip and gateway with ip commands I was able to ping google's ipv6 ip.
2983[21:03:08] <Lope> Dagger, I see there's a SLAAC thing in the docs.
2984[21:03:25] <greycat> I have no idea. I don't use pulse audio, or timidy, or a desktop environment.
2985[21:03:31] <Lope> Dagger, but the docs say if you use SLAAC you can't enable ipv6 forwarding otherwise SLAAC gets disabled
2986[21:03:31] <greycat> timidity*
2987[21:03:33] <karlpinc> f0x1: See also "secure erase" replaced-url
2988[21:03:51] <Lope> ipv6 forwarding meaning I've got VM's that need ipv6 access
2989[21:03:56] <Lope> sounds pretty important to me.
2990[21:04:05] <Dagger> it only gets disabled if you set accept_ra=1; if you set accept_ra=2 then it'll stay enabled
2991[21:04:09] <greycat> Maybe just restarting pulse audio would be enough.
2992[21:04:35] <Lope> can I set a metric in my /etc/network/interfaces file?
2993[21:04:41] <Lope> for gateway
2994[21:05:12] <Dagger> if you're receiving RAs then just let those set the gateway rather than doing it statically
2995[21:05:19] <ratrace> Lope: can't you bridge? do you have to forward?
2996[21:05:43] <Lope> ratrace, I tend to forward so things only get the access they really need.
2997[21:06:00] <f0x1> ahh this was probably the issue I ran into earlier with the chroot: "If you are installing GRUB in chroot environment using LVM and the grub-mkconfig hangs indefinitely, see replaced-url
2998[21:06:03] <Lope> I run VMs I don't necessarily trust.
2999[21:06:11] <Lope> can't have them running loose.
3000[21:06:18] <Lope> I even enable iptables on the bridge.
3001[21:06:21] <ratrace> Lope: you can still firewall them off, even with bridging
3002[21:06:49] <ratrace> f0x1: ah good to know, thanks
3034[21:21:20] <carramba_> hi all, I'm on debian (i386) and I'd like to install debian amd64 on another disk. How to do that? I don't have CD, I don't have pendrive. I've tried debootstrap, but failed
3051[21:26:11] <carramba_> greycat: sigh, maybe that's the reason debootstrap failed (no amd64 kernel). I just don't know if I could dd debian iso on the target disk, then install debian on the same disk
3053[21:26:30] <Lope> ratrace, Dagger: thanks, okay I've attempted to set only the IPv6 that my host tells me that they're giving me, then I enabled SLAAC and will see what it does.
3059[21:30:15] <Lope> the SLAAC thingy worked, mostly. I only specified the /64 IPv6 that the host tells me they're giving me, and SLAAC added the other /64 IP whatever that is.
3061[21:30:51] <Lope> the only thing I didn't get automagically was the default gateway. But I added manually now and now I can ping google's ipv6 so I'm going to add that to the interfaces file and hope it works.
3064[21:31:56] <jhutchins_wk> Anybody dealing with replication between datacenters?
3065[21:31:59] <Dagger> if you're receiving RAs, you should get a default gateway automatically out of the box. if SLAAC is enabled in the RAs then you should get an IP automatically -- you shouldn't need to change anything from the default Linux settings to get any of that
3079[21:34:31] <f0x1> karlpinc: I joined the channel today, so no backlog for me
3080[21:34:33] <Dagger> you can examine the RAs you're receiving with `rdisc6` (it's in the ndisc6 package). if you pastebin that then maybe I can tell you more than guesses and generalities
3081[21:34:50] <Lope> Dagger, okay, specifying the ipv6 gateway in the interfaces file worked. Just rebooted, all is well.
3085[21:35:31] <jhutchins_wk> Lope: It's not uncommon.
3086[21:35:49] <jhutchins_wk> Lope: Your addresses are static, right?
3087[21:35:58] <Dagger> I don't think it's sensible. autoconf will give you the correct setup, rather than fumbling around in the dark trying to replicate it while being unfamiliar with what you're doing
3089[21:36:47] <Dagger> and if the address ever changes, you won't need to manually discover that and update your config (I bet you don't have v6 monitoring up so you probably won't notice immediately)
3090[21:36:49] <Lope> jhutchins_wk, I've specified the address exactly as per this: "Mixing manual and automatic configuration" replaced-url
3100[21:39:18] <Lope> Dagger, thank you very much for your kind offer to help my friend. but it's late and I've gotta finish some other server stuff and get to bed. I'll send the support a ticket and ask them about it. They can just tell me what they recommend. Will save everyone time.
3103[21:39:44] <Dagger> if you're getting an address from SLAAC then you should definitely be getting a default route, unless you've changed accept_ra_defrtr
3119[21:43:31] <trek00> carramba_: you could try with kexec, it is fairly complicated but if you have time.. replaced-url
3120[21:43:50] <Dagger> SLAAC works provided the interface is up, you don't need to specify anything in /e/n/in for it
3121[21:44:32] <carramba_> thanks, right now I'm trying the other approach - add debian iso to grub configuration ,then boot into that to launch installer and tell it to install on the other drive
3122[21:44:48] <Lope> slaac: when I only had ipv4 stuff in e/n/i I had no ipv6 whatsoever.
3124[21:45:09] <Lope> Giving the auto inet6 thing a go, let's see what it does.
3125[21:45:10] *** Quits: cryptodan (~cryptodan@replaced-ip) (Remote host closed the connection)
3126[21:45:35] <Dagger> if you're using a modified version of Debian then something might have been disabled (VPS providers are pretty terrible at this sort of thing...)
3139[21:51:11] *** Quits: Newami (~Newami@replaced-ip) (Remote host closed the connection)
3140[21:51:36] <Lope> Dagger, the auto thing didn't give me the IP that the DC has allocated for me, only the other IP which is presumably automatic. and no gateway.
3141[21:51:55] <whislock> Lope: Does it start with fe80?
3143[21:52:49] <Lope> the automagical one starts with fe80 yes.
3144[21:53:05] <whislock> Yup, that's the link-scope address. Not very useful for internet stuff.
3145[21:53:29] <whislock> At least, not in the context of your interface address.
3146[21:53:34] <Lope> the one assigned by the DC to me which is presumably a block of "public" ipv6 IP's (I'm really talking out my ass here I know very little about IPv6) does not start with fe80.
3175[22:02:34] <whislock> Just set up the address and gateway your host gives you.
3176[22:02:59] <Lope> whislock, in the rescue environment I got a ff00::/8 route. But I have to set my ipv6 manually to have an ipv6. When I set it manually I didn't get a ff00::/8
3177[22:03:03] <Lope> Should I set it?
3178[22:03:15] <whislock> No.
3179[22:03:22] *** Quits: rany (~rany@replaced-ip) (Remote host closed the connection)
3180[22:03:50] <Lope> okay. So i'll just use the gateway they've given me (as I've done, which is working to ping google's IPv6) and leave it at that.
3205[22:16:47] <Dagger> openwrt configures a ULA /64 by default (so you can reach the router even when the internet is down); that's probably the most likely source of it
3206[22:16:47] <mutante> "the IPv6 address block fec0::/10 was reserved for site-local addresses,[2] that could be used within a "site" for private IPv6 networks. However, insufficient definition of the term site led to confusion over the governing routing rules. "
3208[22:17:40] <Habbie> a site can be wider than a LAN, that much is clear
3209[22:17:43] <Habbie> but not much else is clear;)
3210[22:17:57] <mutante> Lope: i think you are supposed to use fe80 now and that was deprecated in 2006
3211[22:18:06] <Lope> Dagger, whislock: I'm trying to block incoming IPv6 stuff to my server by default and just allow pings and request responses etc for now.
3215[22:18:44] *** Quits: manymany2 (b9716175@replaced-ip) (Remote host closed the connection)
3216[22:18:52] <Lope> I've done this so far: ip6tables -P INPUT DROP; ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
3217[22:18:55] <Dagger> ULAs have global scope, so your ULA prefix should be unique worldwide. but the internet won't have routes towards it, so internet connectivity doesn't work on ULAs
3218[22:19:01] <Orxata_> I have no sound and the audio try indicates "dummy output"
3219[22:19:06] <Lope> So far so good. but allowing echo request and reply isn't working.
3351[23:58:28] <martigan> Hey all, Q: If I'm going to disable all ipv6, should I add the disable lines in /etc/sysctl.conf or /etc/sysctl.d/99-sysctl.conf? Does it make a difference? And if so what is it?