281[00:29:17] <annadane> just thinking of the wine discussions earlier and at other times, where someone wants to use wine from winehq and people keep asking "why not just use debian's", i get a lot better performance out of certain games using winehq's newer wine versions; i do understand debian's general philosophy of "but the old versions work fine" but wanting newer wine is very legitimate
282[00:29:45] <somiaj> annadane: it totally depends on the games/apps you run.
283[00:29:52] <annadane> people just have to understand that libfaudio0 isn't in debian stable and they need to get it from OBS
284[00:30:08] <somiaj> annadane: some games will workt he same in both, some apps will, some apps will work better in older versions of wine (this does happen), some work in newer
285[00:30:09] <shibboleth> anyone have a favorite software which can manage old ipod/nanos (pre iphone)?
311[00:39:18] <johnfg> Here's what I did: mount /dev/vg0/lvol3 /mnt/temp; 2nd: cp -R /var /mnt/temp; 3rd: mv var var.old; 4th: edited /etc/fstab to add this line:
312[00:39:24] <pingfloyd> johnfg: why not allocate more PEs to the LV that you're using for /?
356[01:12:42] <annadane> really serious fixes tend to get fast-tracked
357[01:12:49] *** Quits: toli (~toli@replaced-ip) (Ping timeout: 264 seconds)
358[01:12:50] *** toli_ is now known as toli
359[01:13:03] <annadane> but for a desktop... it depends on your threat model, and we do mostly recommend stable, but i feel one should generally be ok
366[01:14:50] <annadane> it looks terrible on paper but i'm not sure the h4x0r's will get you through some security hole, automatically, if you run testing
378[01:20:27] <annadane> hierbat, for specific things, you can generally just install the sid version to get immediate fixes, though this may or may not involve apt pinning, i've never really run any mixed systems
383[01:22:25] <hierbat> annadane: alas I have to be invited
384[01:22:48] <johnfg> I didn't get this before, when I didn't copy things correctly: cp: cannot overwrite directory '/mnt/temp/run' with non-directory. Should I be concerned?
385[01:22:48] <annadane> hierbat, oftc, not freenode
386[01:22:50] <somiaj> hierbat: in general people who want stability and secuirty run stable.
387[01:23:07] <johnfg> somiaj: I'd acted too quickly to do things the easy way you had mentioned.
388[01:23:35] *** Quits: ghost43 (~daer@replaced-ip) (Remote host closed the connection)
389[01:23:55] <dmnb> Hi, anyone have knowledge about tinyproxy?
392[01:24:32] <somiaj> hierbat: most of the issues are local vulns, so if you aren't running any services or have multiple users on the system, webbrowsers are the biggest thing to worry about.
393[01:24:54] <somiaj> johnfg: are you trying to now cp -R /var/* /mnt/tmp/?
462[02:20:13] *** Quits: torbo (~user@replaced-ip) (Remote host closed the connection)
463[02:20:22] <joepublic> that's not how facts work...
464[02:20:27] <randompleb> wsky, What's this nonsense. What would someone do with your passwkrd? Do you have a public server running on your machine? Do you have sensitivr data? Please dont troll here
465[02:20:27] <wsky> that's what you think
466[02:20:55] <wsky> somehow there are people aware of my personal data on a fresh debi9an instalation
503[02:28:56] <joepublic> debian might be at the hardware level? say that again slowly
504[02:29:00] <inthl> I am NSA. what can I guys help you with?
505[02:29:17] <randompleb> heartbleed got overlooked because of their internal memory allocation routines AFAIK
506[02:29:25] <annadane> heartbleed was openssl in general, not specifically debian
507[02:29:45] <inthl> it got overlooked because noone noticed and noone was mr. expert enough to review that stuff, everyone used it for convenience.
508[02:29:46] <inthl> next?
509[02:29:58] <wsky> remember the original crypt and decrypt from the original unix
510[02:30:09] <wsky> they let whole world use it only after they cracked it
511[02:30:17] <inthl> what's the news?
512[02:30:35] <randompleb> Yes, why is this surprising? Security's a process
513[02:30:37] <annadane> now, it is provably true thanks to snowden that the nsa does try to weaken encryption, so i don't doubt that they've tried general backdoors, but you're making a specific claim about debian
514[02:30:39] <wsky> that any other linux system is same case scenario
516[02:31:05] <randompleb> wsky, then what are you proposing we should use?
517[02:31:08] <wsky> the security is ilusoric and linux distros are honeypots attrackting people for security and exploiting them even more than windows
518[02:31:25] <annadane> i promise you it's not more than windows
519[02:31:30] <inthl> again, what's the news? the pentagon employs 25.000 mathematicians, what do you think they are doing all day long?
520[02:31:33] <annadane> open source is generally inherently *more* secure
536[02:34:43] <inthl> a friendly hint from your nsa guys: do not use the usual encryption stronger than 2048 bits - everything higher makes it actually easier for the mathematicians to break
537[02:34:49] <annadane> debian has routinely very quickly patched security holes
538[02:34:57] <annadane> so you're making specific claims about the project
539[02:35:00] <annadane> you're not very convincing
540[02:35:23] <joepublic> a pastor, perhaps, or nurse?
541[02:35:26] <wsky> what you believe in is a mirage
542[02:35:51] <randompleb> wsky, where's the proof? Ive been asking for it ever since you got here ..
543[02:36:51] <randompleb> On a side note, when is debian getting support for luks2 /boot. Grub added the support in January.
544[02:37:01] <inthl> my dick is hard right now. theoretically I could proof that. how about you? tell us something we don't know about - that may or may not be a 0day
545[02:37:38] <joepublic> nice rhetorical skills.
546[02:37:40] <wsky> randompleb: can't proove that
557[02:39:28] <randompleb> wsky, Yes, I can too because I have eyes
558[02:39:36] <joepublic> 1. Is the U.S. government busily engaged in spying on its citizens, possibly including people here? That is a yes. really no argument about that.
559[02:39:59] <joepublic> 2. Is any system fully secure? That's a philosophical question, but its answer is "probably not".
560[02:40:06] <wsky> joepublic: that's right
561[02:40:24] <inthl> let's face it, make it very short: the nsa - less likely any other agency from outside us - can obtain any information from you and the hardware you use. there is just one condition: you have to be of interest, a target. assume that for every country's leaders and politicians, lobby activists, ceo's of every non-pussy revenue company
562[02:40:29] <inthl> linux or not.
563[02:40:37] <wsky> there is no possible way i was able to get compromised in any known way to me yet i am compromised
564[02:40:39] <joepublic> 3. Does debian work in secret to hide such disclosures? Again, easy answer. No. bugs.debian.org.
565[02:40:44] <annadane> conspiracy theorists who tend to be correct, try to calmly explain to others their position, how they arrived at their position, and what the general public is missing. conspiracy theorists who are just crackpots speak in absolutes, about how "i have eyes" and "i see what's around me" and "what you believe in is a mirage"
566[02:40:55] <wsky> annadane lives in a wonderland
567[02:41:00] <inthl> the answer to my text is short: don't be a target
568[02:41:02] <annadane> give your specific claims. we have no idea who these "people on freenode" are who "have your information"
569[02:41:03] <inthl> stay below the radar
570[02:41:05] <annadane> wsky, fuck you.
571[02:41:08] <wsky> <3
572[02:41:11] <annadane> i don't suffer fools.
573[02:41:27] <joepublic> heh you're doing it right now
574[02:41:43] <randompleb> wsky, Is it possible that I'm talking to you is not real. And you'rebin a VM?
575[02:41:48] <inthl> guys, I just told you the conditions. there's nothing more to summarize
576[02:41:50] <annadane> you haven't even specified how you've been compromised, for all we know it has nothing to do with debian
578[02:42:30] <joepublic> inthl, you are kind of wrong. With automated widespread collection, you do not need to be a target at all.
579[02:43:03] <randompleb> Yes, but automated data can be huge. Filtering that for valuable targets make sense
580[02:43:07] <joepublic> example of widespread automated collection, replaced-url
581[02:43:13] <inthl> well that's not the right conclusion. the issue is that data, or mostly meta-data, is collected from everyone - but it won't lead to any further investigation, until you don't become a target
582[02:43:47] <inthl> this meta data just makes it way easier to identify a target and get to him/her in case they become a target
583[02:43:52] <annadane> the NSA absolutely does spy on people and does try to implement backdoors, but that's different from saying that debian specifically is a honeypot
584[02:43:56] <inthl> stay below the radar.
585[02:44:10] <inthl> I use debian on all my hosts, there are plenty
586[02:44:11] <joepublic> too late, I am a dues paying card carrying libertarian party member
587[02:44:19] <inthl> I feel safer than with anything else - not safe, but safer
588[02:44:31] <wsky> i felt safer on 98se
589[02:44:41] <annadane> and actually, if we wanted to make that argument, debian isn't run by a company, it's a volunteer effort, so if anything you'd think it's harder to exploit
590[02:44:43] <randompleb> lmao I should come here more often
591[02:44:45] <wsky> back in 00s
592[02:44:46] <joepublic> wsky, I can find you a 98se download link if you like.
593[02:44:47] <inthl> i watched most porn with 92se
594[02:45:12] <inthl> the meta data collection was way less with 98se than it is today
595[02:45:39] <inthl> at that time, phone calls and voice to text translation for bell atlantic and all the others was of priority
596[02:46:12] <joepublic> sure, president, bomb, allah, local terror cell, upcoming operation
597[02:46:14] <inthl> its peak was in the 80s I think
598[02:46:21] <inthl> blackbriar
599[02:46:33] <joepublic> we think it's really got legs.
600[02:47:23] <randompleb> Ive got three legs and the middle one is gonna get buried in someone if buster doesnt get gcc docs soon
601[02:47:26] <inthl> don't forget treadstone, prism and ubuntu
602[02:47:44] <joepublic> gcc docs are non-free. read them from the upstream.
603[02:48:05] <inthl> you know, he is right in one thing
604[02:48:09] <randompleb> Yeah, but i think theyre available from the backports too?
605[02:48:09] *** Quits: dftxbs3e (~dftxbs3e@replaced-ip) (Remote host closed the connection)
607[02:48:46] <inthl> ubuntu is a debian derivate, the most used distro out there - hence a mass-metadata target. ubuntu takes too much sources from debian without in-depth checks, so there you go. debian is unsafe.
608[02:49:04] <annadane> windows is *so* trustworthy, how microsoft forced everyone to update to windows 10 and several people have concerns about their telemetry
609[02:49:09] <annadane> yeah, much more secure than debian
611[02:49:24] <inthl> dude I just told you, debian is not safe.
612[02:49:35] <inthl> I'm gonna switch to bsd
613[02:49:48] <joepublic> wait, didn't that heartbleed thing come straight from OpenBSD?
614[02:49:52] <randompleb> No
615[02:49:55] <randompleb> it didnt
616[02:50:05] <inthl> who cares? considering that irc is 'not secure', i just became a target
617[02:50:10] <inthl> so it is over for me anyway
618[02:50:23] <randompleb> openbsd forked openssl into libressl after the heartbleed incodent
619[02:50:23] <annadane> if you're going to make any argument that debian is insecure then don't use "people on freenode have my info" as an example and specifically without being concrete about why you think it's the OS's fault
620[02:50:29] <joepublic> yeah you are chatting in the channel where someone said bomb president allah
621[02:50:35] <wsky> i'm migrating to freebsd
622[02:50:38] <wsky> because fall
623[02:50:39] *** Quits: ghost43 (~daer@replaced-ip) (Remote host closed the connection)
624[02:51:00] <inthl> I'm megrating to windows 10, because xhamster hardware video accelleration
625[02:51:02] <joepublic> please note that chatting from freebsd is similarly unencrypted and nonsecure
626[02:51:10] <joepublic> please note that chatting from Windows 10 is similarly unencrypted and nonsecure
627[02:51:41] <randompleb> Genuine question, how come gcc docs is non free?
628[02:51:44] <inthl> then novell netware it is. or that cisco os. what could be more trustworthy than cisco?
629[02:51:52] <annadane> probably because of invariant sections
633[02:52:08] <annadane> i don't know for sure, but it's gnu, 99% that's the reason why
634[02:53:16] <inthl> guys please let me work on my stuff. to get more m0ney, because I want to become a real target. thanks
635[02:53:23] <annadane> but it should still be packaged in debian at least, i'd be surprised if not
636[02:53:38] <randompleb> Also, on the topic of apparmor vs selinux? i get that that selinux is complex. Was this the only reason apparmor was chosen?
655[02:55:41] <joepublic> or just get the package from packages.debian.org and install it
656[02:56:02] <annadane> *i* am cautious to typically only install from main, but yeah, i can see where other users don't bother checking
657[02:57:04] <tyzef> somiaj I struggle to mount the usb pen dribe on net install. I had found the file, it's /var/log/syslog
658[02:57:42] <randompleb> What format is the pendrive in?
659[02:57:49] <tyzef> normally I simply do : mount /dev/sdc /mnt
660[02:57:57] <tyzef> udb
661[02:58:09] *** zazagx is now known as zxwayland
662[02:58:19] <tyzef> format is udb
663[02:59:40] <annadane> the fact debian even separates things judiciously into main contrib and non-free and by default is 100% free software is a further argument against debian being a honeypot... but whatever...
664[03:00:05] <joepublic> debian is a great platform for building a honeypot, of course
665[03:00:11] <randompleb> udb? First time hearing that... Does anyone here have any knowledge aboht thi
666[03:00:32] <joepublic> unless it's a type for "usb", then no
671[03:02:08] <annadane> social contract? honeypot.
672[03:02:14] <annadane> excellent reputation since 1993? honeypot.
673[03:02:23] <randompleb> Again, does anyone know why Debian chose apparmor over selinux? I get that selinix is complex but that cant be the only reason...
679[03:03:23] <annadane> there are specific reasons for not selinux by default i just don't remember what they are
680[03:03:55] <silverballz> anyone find a machine code monitor yet?
681[03:04:21] <annadane> i think one issue selinux has suffered from is it becomes a little bit like Mandatory Access Control on windows where *everything* asks for permission to run... but this is going off memory, i don't really know
687[03:06:23] <randompleb> I see. thanks. also, radare2 got removed earlier because the radare developers didnt support the veraion shipped with debian.Any idea if it's coming back? I know I can just compile it myself or get an appimage
690[03:08:35] <annadane> anecdotally, a comment from reddit: "Personally, while SELinux may be useful in some corner cases, its extra complexity makes it a non-starter for me. I'm more likely to make a config mistake using SELinux than run into a situation where SELinux is the better tool for the job. I've used AppArmor and it works well, is a lot easier to set up and does the job. For 99% of use cases AppArmor is probably going to be just as useful, without all the
691[03:08:35] <annadane> headaches."
692[03:09:19] <tyzef> sorry randompleb, it's UDF
693[03:09:20] <annadane> plus yeah apparmor is integrated by default as of debian 10 so that's a good reason to use it
701[03:13:14] <randompleb> thanks for the link. Will check it out now. tyzef i beleve you need to specify the udf format with "-t udf" when using the mount command. i may be wrong but try it anyway
764[03:29:53] <tyzef> it show everything but my knowledge is to low for me to explain it
765[03:30:09] <randompleb> Maybe because your wifi driver is non free ? Debian installer doesnt contain non free firmware? Can this be the reason or was it working
766[03:30:13] <randompleb> earlier?
767[03:30:13] <tyzef> i need to pastebin it
768[03:30:49] <tyzef> we suspect kernel issue
769[03:31:12] <randompleb> which laptop do you have?
770[03:31:19] <tyzef> eeepc
771[03:31:31] *** Slumlord_ is now known as Slumlord
794[03:41:10] <somiaj> there is the kernel the installer is using, you could try to install that in your debian 10 and see if the network card with it, if it does you have basically idenfieid where this regresion occured
800[03:44:32] <tyzef> well I will give a try asap, it's here near by 7am and I haven't yet slept, i take a nap, let you know asap ! thank you all for your attention and help !
801[03:44:36] <dvs> Hey oh!
802[03:45:26] <johnfg> somiaj: Did you see anything else wrong with the way I went about moving/mounting /var? When I rebooted, there were problems, even though /var was mounted. Not sure what it was. I had to boot in recovery mode to get things back.
803[03:45:56] <somiaj> the only thing I noticed is why your mew mount point had a /var/var
804[03:46:01] <somiaj> oh you were using -R, one second.
805[03:46:39] <somiaj> yea, you probably need to use -a, so permissions and symlinks are preservered, I wasn't paying that close attention, just trying to answer your /var/var/ mostly
806[03:46:50] *** Quits: ecbrown (~user@replaced-ip) (Remote host closed the connection)
807[03:46:50] <johnfg> Right, and I did your correction.
826[03:59:19] <ectospasm> I prefer `rsync -av` over `cp -Ra` because if the operation stops for whatever reason, you can pick up where you left off instead of copying files that have already been copied.
877[05:43:41] <brieweb> I upgraded to Debian buster on my server and Xen upgraded to Xen 4.11, but it won't boot. I was able to go back and boot Xen 4.8 from grub
878[05:43:44] <brieweb> any tips?
879[05:44:21] <brieweb> I see three things that load on the screen. loading kernel, loading xen, and then loading ramdisk. Nothing else appears and it just hangs
924[06:41:23] <somiaj> brieweb: usually vendor services are in /lib/systemd/system, so those might be local edits using systemctl edit service, or somethting similar. You could see if moving those out of the way (for a backup) helps things
925[06:41:58] <somiaj> and by vendor, debian supplied services, (though postinstall scripts may add links in /etc/systemd
926[06:43:25] <brieweb> funny thing is I upgraded to xen-4.11, yet I did not do an autoremove and it doesn't have any scripts there
927[06:43:37] <brieweb> but, I will try moving them out of the way
928[06:43:49] <brieweb> I should look at the release notes for xen-4.11
930[06:44:58] <somiaj> I don't know xen so can't really help there, I just know that the standard for how debian packages should be putting their service files in /lib/systemd not /etc
931[06:45:05] <somiaj> but local overrides will be in /etc
946[07:21:56] <brieweb> I deleted the two files /etc/systemd/xenconsoled.service and /etc/systemd/system/xenconsoled.service and it still brings it up when I boot into Xen 4.8. Xen 4.11 still won't boot though. I also loaded the intel-microcode
947[07:22:11] <brieweb> I could always reinstall the hypervisor.
948[07:22:20] <somiaj> brieweb: well wihtout the files in /etc, it will use the files in /lib
949[07:22:29] <somiaj> you can mask the service if you don't want it to be brought up at all
950[07:22:36] <brieweb> ok
951[07:23:14] <brieweb> I wonder if somehow it stops the xen 4.11 from booting?
981[07:44:06] <somiaj> you may have to manually change the pinning for certain repos for these edge cases where version number or upping the pinning of a single repo with -t doens't work. But according to the man page, it appears you can't list more than one repo
982[07:45:01] <velix> Okay, no problem then. I'll play around with it. Thanks for your ideas.
983[07:45:07] <somiaj> from the man page "In short, this option lets you have simple control .." I think it assuming if you need more complicated control you would actually use pinning
1100[10:48:13] <ansimita> invra: looks like you have to compile (the latest release) from source with a rustc newer than one that's provided for buster
1104[10:49:08] <invra> ansimita: do you know a bit awesomewm? how would i make it so i can launch for example synaptic? i need some kind of gksu or something?
1105[10:49:46] <ansimita> invra: unfortunately I am not familiar with awesomewm
1175[12:03:12] *** Quits: Ericounet (~Eric@replaced-ip) (Quit: Je m'en vais ...)
1176[12:04:07] <algun> Hey. How come there’s no Android Studio in the repo? What’s against DFSG about it (except perhaps the binary that Google builds)?
1221[12:46:26] <algun> petn-randall: surely you are not suggesting Debian users are disinterested in Android development? Android Studio is the very primary tool for it.
1222[12:46:53] <algun> I would say it depends on the interest in packaging and mintenance.
1342[14:25:52] <velix> Anyone with an idea, why `/etc/skel/.bashrc` only allows `color_prompt=yes` for `xterm-color`? `xterm-256color` is a legit setting, but gets ignored here.
1354[14:42:20] <petn-randall> Lope: What does the /foo.sh do? I've just recently had a similar problem and noticed that the network* targets are more complex than you'd think.
1355[14:42:57] <Lope> petn-randall, weird, it seems to not start on a fresh boot, but starts after a reboot...
1357[14:44:48] <Lope> petn-randall, it does all sorts of stuff that I need to do to init the server.
1358[14:45:19] <Lope> petn-randall, I could separate it into stuff that can happen before network, which is 99% of it. and stuff that can happen after network.
1359[14:45:29] <Lope> but that doesn't fix it if it doesn't run the stuff after network.
1360[14:45:46] <Lope> doesn't solve the problem, just 99% solves it.
1361[14:46:05] <Lope> (just saying in theory, I've not tried this)
1362[14:46:37] <petn-randall> Lope: Thing is, after "network" can mean very different things.
1363[14:47:50] <petn-randall> Lope: After=network.target does not mean it'll run when a working internet connection is up.
1364[14:49:07] <petn-randall> That's why I'm asking for details on the script.
1365[14:49:23] <Lope> petn-randall, the only network thing i need is to mount a nfs
1366[14:49:38] <Lope> but I put all kinds of crap in this script which changes over time
1367[14:49:53] <Lope> so i would like it to generally run when the network is operational
1368[14:50:11] <Lope> petn-randall, seems like a simple enough desire?
1369[14:50:49] <petn-randall> Lope: Then you need "After=network-online.target" in the [Unit] section, and "WantedBy=network-online.target" in the [Install] section.
1370[14:51:01] <petn-randall> And you'll risk it never running when the network config fails.
1371[14:51:33] <Lope> petn-randall, does network online mean that it has a working internet connection?
1372[14:51:38] <petn-randall> yes
1373[14:51:40] <Lope> or just that the port is active?
1374[14:51:51] <Lope> I just want port is active, because it's a NFS lan thing
1375[14:52:01] <Lope> I still want it to work even if the internet is down.
1391[15:02:26] <annadane> is there a reason why thunar isn't keeping my file association for .jar, as java -jar? and i can't find it in the mime type editor either so i can't edit it like that
1392[15:02:51] <petn-randall> Lope: Also one pitfall I noticed during testing is that just updating your unit file is not enough. You need to run `systemctl reenable <unit>` for it to update the symlinks from the [Install] section.
1393[15:04:38] <Lope> petn-randall, thanks for your help bud. I unfortunately had 2 services with the same name on different servers, and they had different Before and After conditions. the one that was having issues had some rather impossible conditions.
1395[15:05:06] <Lope> petn-randall, what happens if you say Before and then list services that don't exist (have not been installed/setup yet) would that prevent startup?
1396[15:06:20] <petn-randall> Lope: Not sure. If there's an After= condition that doesn't exist I'd expect it not to start, though.
1414[15:33:00] <pileofstraw> I thought perhaps I had solved my problem of random infrequent hard lockups in 300 deployed NUC7i5BNK machines by discovering that the nonfree firmware had not been deployed, so I puppetized it out to all the machines
1415[15:33:04] <pileofstraw> and 2 more have since locked up
1416[15:33:11] <pileofstraw> crushing my soul like peanut shells
1417[15:34:08] <pileofstraw> wondering if anyone has any ideas on finding the source of a hard lockup given that zero logs are generated and it requires an in-person hard reset to fix
1422[15:36:36] <Agiofws> i've stumbled upon a package inconsistancy trying to install wine on debian buster it all ends down to a package that is not supported in buster anymore and i don't know how to go about it
1423[15:36:38] *** Quits: overlaws (~overlaws@replaced-ip) (Remote host closed the connection)
1433[15:42:31] <dpkg> [Basic Apt* Troubleshooting]. To diagnose your problem, we need ALL OF THE FOLLOWING information: 1. complete output of your apt-get/apt/aptitude run (including the command used) 2. output from "apt-cache policy pkg1 pkg2..." for ALL packages mentioned ANYWHERE in the problem, and 3. "apt-cache policy". Use replaced-url
1434[15:42:42] <petn-randall> Agiofws: Can you provide all of the above in a single paste? ^^^
1435[15:42:43] <Agiofws> can anyone tell me why wine in buster depends on libunistring0:i386 while that package is not supported in buster?
1436[15:43:31] <Agiofws> petn-randall, ok than you i'll try to provide
1449[15:50:04] <rozenglass> overlaws: xfce-terminal is developed by the xfce project, but you can run any other terminal emulator while using xfce. The arch-wiki contains a big list, many of which are available debian replaced-url
1454[15:52:01] <rozenglass> overlaws: although, many terminal emulators are not as user-friendly as xfce-terminal, so it might be worth trying to solve the issues you have with the xfce-terminal
1464[15:57:32] <EdePopede> debtags are better than sliced bread!
1465[15:58:21] <petn-randall> Agiofws: I'd remove the wine repos you have there, remove any wine packages, and then just install regular wine from Debian.
1466[15:59:09] <Agiofws> in sources.list ?
1467[15:59:26] <petn-randall> Agiofws: Yes, and in /etc/apt/sources.list.d/*
1468[16:00:51] <rozenglass> EdePopede: I tried the debtags web UI before recommending the arch-wiki, but searching for x11::terminal, found results like a backgammon game and an xrdp client, and obvious things missing, like konsole and rxvt-unicode
1481[16:07:32] <EdePopede> rozenglass: the correct combination can be tricky sometimes, and unluckily there are also a lot of packages missing some tags or not using it at all
1482[16:09:56] <EdePopede> rozenglass: usually i request some packages i remember and then look what they have in common ;)
1506[16:22:30] <Agiofws> petn-randall, if i go down the rabbit hole trying to install wine32 it also ends up to libunistring0:i386 commenting out the external repos
1552[17:09:32] <pileofstraw> i would love if there was a guide to untangle the insanely complicated nature of having the right intel drivers installed on Buster
1553[17:09:40] <pileofstraw> Haven't felt like this much of an idiot in...at least hours
1558[17:11:45] <braingain> pileofstraw: most of intel stuff is already supported by the kernel. theres a microcode package but other than that.. what kind of drivers do you want to install?
1559[17:12:54] <pileofstraw> I am running a kaby lake system and asking in #intel-gfx, the answer to "should I be running something more involved than stock 4.19 kernel with firmware-misc-nonfree" was "Oh my yes."
1561[17:13:19] <pileofstraw> Also whether to run xserver-xorg-video-intel vs xserver-xorg-core
1562[17:13:25] <pileofstraw> i just feel lost!
1563[17:13:56] <joepublic> did the "oh my yes" people recommend anything specific? If not, nothing to install
1564[17:14:28] <braingain> kaby lake is '2017ish.. is your screen black tho?
1565[17:16:33] <pileofstraw> the central problem I am trying to solve is random intermittent hard lockups requiring a physical reset with no logging of any kind
1566[17:16:55] <pileofstraw> Screen is not black, it locks up with content showing in X. In fact the time and date show, so I can see when it happens.
1567[17:17:46] <pileofstraw> I kind of just have nothing to go on. I discovered these machines didn't have the firmware-misc-nonfree package so I put it on all 300 machines, but the lockups continue.
1568[17:17:47] <lwp> pileofstraw, xserver-xorg-video-intel depends on xserver-xorg-core, so if you need the -intel package, you will be running both
1569[17:17:53] *** Quits: ecbrown (~user@replaced-ip) (Remote host closed the connection)
1570[17:18:22] <lwp> ,i xserver-xorg-video-intel
1571[17:18:23] <judd> Package xserver-xorg-video-intel (x11, optional) in buster/amd64: X.Org X server -- Intel i8xx, i9xx display driver. Version: 2:2.99.917+git20180925-2; Size: 1606.2k; Installed: 3202k; Homepage: replaced-url
1572[17:18:32] <tomreyn> pileofstraw: did you run a different kernel version and / or debian (or other linux distro, or even other OS) on this system fine previously (and how long ago was that)?
1574[17:19:03] <pileofstraw> tomreyn: these were previously running stretch and I remote dist-upgraded them to solve a possibly-related problem with a totally different system.
1575[17:19:08] <pileofstraw> that problem is documented here:
1576[17:19:52] *** Quits: DEB-alain (~DEB-alain@replaced-ip) (Remote host closed the connection)
1579[17:20:23] <pileofstraw> Moving to Buster stopped this specific lockup from happening, but now it seems to just lock up after boot and when X is running
1580[17:20:33] <tomreyn> so you're saying you release upgraded multiple systems with the same hardware configurations from stretch to buster, because a different system than the one freezing on buster experienced these lockups previously?
1581[17:21:19] <pileofstraw> Of the 300 systems I have involved here, 1-3 of them lock up every day. So far over the course of this dozens of them have locked up.
1582[17:21:29] <pileofstraw> So I hypothesized this problem was common to all of the identical systems.
1585[17:21:50] <pileofstraw> it's not fun and very expensive and very humbling.
1586[17:22:37] <braingain> my Kaby Lake Mac also hangs up from time to time 1/14 days
1587[17:22:53] <tomreyn> hmm that's not very reproducible, but at least it is.
1588[17:23:11] <lwp> pileofstraw, I don't know the answer to your question about uninstalling
1589[17:23:34] <pileofstraw> So the problem described in the above stackexchange I managed to reproduce by putting 9 of these machines on a bench and cron-rebooting them every 2 minutes as it happened during soft reboots
1590[17:23:43] <pileofstraw> And it would take about 24h before all 9 would be crashed.
1596[17:24:38] <pileofstraw> I am looking into getting systemd to persist its journal across all 300 machines, in case there is a slim chance I get a crumb of logging in systemd that I'm not currently getting in the traditional /var/log files
1597[17:24:47] <pileofstraw> but I feel like that'll be 15 hours of work to learn nothing
1598[17:24:58] <tomreyn> i assume firmwares are all up to date?
1599[17:25:35] <joepublic> pileofstraw, is this helpful information? replaced-url
1600[17:25:46] <rozenglass> pileofstraw: there are two intel video drivers as far as I understand, the xserver-xorg-video-intel one, and a built-in one in core. If you install the *-intel one, then it is used by default. If you uninstall it, then the built-in one is used instead. The built-in driver is the recommended one in most cases.
1603[17:26:37] <pileofstraw> tomreyn: the most recent thing I did was puppet-deploy firmware-misc-nonfree to all the machines, dmesg was definitely reporting that it was probably missing firmware while loading the i915 kernel module
1604[17:26:38] *** Quits: frgo_ (~frgo@replaced-ip) (Remote host closed the connection)
1605[17:26:42] <pileofstraw> but since then I've had more machines lock up.
1609[17:27:44] <tomreyn> unfortunately intel linux drivers are discomposing lately, not just the gpu ones. and then there are the rapid less tested microcode updates.
1610[17:27:49] <tomreyn> had you tried dis_ucode_ldr ?
1611[17:27:54] *** Quits: uniqdom (~uniqdom@replaced-ip) (Remote host closed the connection)
1612[17:28:17] <tomreyn> that'd make them fall back to the ucode that's embedded in the mainboard firmware ("BIOS")
1613[17:29:36] <pileofstraw> tomreyn: from here replaced-url
1620[17:30:42] <pileofstraw> joepublic: so far this is very up my alley and I wish I had found this sooner, thank you
1621[17:30:56] <tomreyn> hmm you're right, the ucodes are less likely to be the cause of the new lockup, but more likely of the old ones (locking up during initrd load)
1634[17:35:43] <pileofstraw> rozenglass: thank you for this explanation, I will remove xserver-xorg-video-intel from all these machines (after testing)
1635[17:35:44] <tomreyn> i915 is the kernel module, xorg drivers are 2d drivers for X, they are orthogonal, can't be directly compared
1641[17:38:45] <tomreyn> pstore is handy on uefi systems, and this should be uefi systems
1642[17:38:54] <pileofstraw> definitely uefi
1643[17:39:01] *** debhelper sets mode: +l 1258
1644[17:39:38] <pileofstraw> tomreyn: the i915 vs xorg driver delineation is one of the things i am finding so confusing, i need a better primer on how these components interrelate
1645[17:40:24] <pileofstraw> not only that but i keep reading that i should be using mesa
1650[17:44:12] <tomreyn> mesa is the generic open source graphics stack. you are using it whenever you use intel or amd gpus with open source kernel drivers.
1653[17:45:09] <rozenglass> pileofstraw: mesa is basically an opengl implementation for 3D accelerated graphics. Unless you are using Nvidia proprietary drivers, then you are most likely using mesa.
1654[17:45:11] <tomreyn> mesa is needed for 3d graphics acceleration
1661[17:48:06] <tomreyn> there also vulkan, though, to makes things even more complicated for you ;)
1662[17:48:07] <johnfg> Just wanted to say thanks to those who helped me out yesterday. I've got /var moved to another logical volume, and the system is running properly. Just needed to correct a few mistakes.
1663[17:48:21] <rozenglass> pileofstraw: honestly, I think getting xorg and general journal logs from the previous locked boot is most likely your best chance by now.
1684[18:04:51] <quarterback> I'm getting messages in debian to install security updates everyday. Is it really necessary? Can I just turn the message off? I have nftables intalled. It seems like the system is secure.
1694[18:07:42] <quarterback> I must have used a testing repository in debian somewhere.
1695[18:08:39] <quarterback> How do I enable equalizer in pulse effects? All other options can be modified but the equalizer option is not highlighted.
1697[18:08:52] <pileofstraw> rozenglass: final syslog messages on this particular machine are dhclient trying to DHCP on its wifi interface (which I am not using) and not getting anything
1699[18:09:21] <pileofstraw> Then the next line is Apr 29, 7:17pm when our tech was on site
1700[18:09:23] <somiaj> quarterback: Installing the security updates is suggested. It is often only one or two packages per update, and only targeted fixes to fix the security issues. These are all documented in the DSA annoucments.
1702[18:09:41] <rozenglass> pileofstraw: If you have syslog from previous boots, then I don't think persisting journald will you much more, as far as my experience they're almost identical on debian
1703[18:09:46] <quarterback> somiaj, I will take a look at that. Thanks.
1704[18:09:51] <pileofstraw> that is what I was afraid of.
1705[18:11:31] <rozenglass> pileofstraw: and the kern.log? do you have it from before the lockdown? what's near the end of it?
1724[18:21:19] <rozenglass> pileofstraw: do you have Xorg logs?
1725[18:21:35] <pileofstraw> xorg by default stores this boot and the last boot, I think. So nope.
1726[18:21:43] <pileofstraw> but I will when my tech reboots the 2 that are currently locked up, ugh.
1727[18:21:59] <oxek> Should I install pylint using `apt install pylint` or `pip install pylint`? I don't really understand the distinction.
1728[18:22:57] <rozenglass> pileofstraw: if you are using debian 9+ then the Xserver can be run without root, and depending on how it's run the logs might be in the user's home (~/.local/share/xorg) instead of /var/log
1730[18:23:18] <somiaj> oxek: you should install the debian packages if you want it on your debian system.
1731[18:23:37] <somiaj> oxek: the difference is pylint packaged by debian is teted to work with debian, pylint from pip will install the latest version, which isn't fully tested.
1735[18:24:05] *** Quits: beardface (~bearface@replaced-ip) (Remote host closed the connection)
1736[18:24:15] <oxek> ah, so whenever I have the option, I should use debian version?
1737[18:24:22] <oxek> and use pip for any venv?
1738[18:24:28] <rozenglass> oxek: `apt` is the official Debian package manager, `pip` is a python-specific package manager. `pip` is better used when developing python packages generally
1739[18:25:11] <rozenglass> oxek: yes, when you have the option it's best to use the debian version
1740[18:25:47] <somiaj> oxek: it depends on your use case, I woudln't use pip on your debian system. I would create a virtual enviorment if you need to install stuff either not in debian, or of different versions
1741[18:26:41] <oxek> My usecase is setting up vscode and wanting some linter.
1742[18:26:51] <oxek> So I guess pylint using apt it is
1743[18:26:51] <somiaj> getting in the habbit of using pip outside a debian system could lead to other issues depending on what you install with it
1744[18:27:32] <oxek> is it possible to use the debian versions of packages in the virtual environemnts?
1745[18:27:38] <somiaj> which is the main reason for virtual enviroments, to be able to isolate all the python libaries/programs you need for a specific action and have it be independent of your main system.
1749[18:29:19] <rozenglass> oxek: Just don't use any global installation method using language-specific package managers (don't ever type sudo before them) I've had awful breakage back in the day because of that XD
1753[18:31:03] <rozenglass> oxek: what I would sometimes do, is modify the config of the language-specifc package manager to install into my home directory instead of on a system-level. Then you can add the installation path to your $PATH environment variable, and you'd be able to use the binary tools almost like any other debian-specific package.
1754[18:31:34] <somiaj> rozenglass: that is the whole point of the python virtual enviroments I keep mentioning, you can install things there (they can be owned by a user or root) and be completely independent of the system.
1755[18:31:52] <pileofstraw> ok actionables: 1) check fresh xorg post-crash logging, 2) make X use the intel i915 driver, 3) update intel microcode
1756[18:31:53] <oxek> I'm just starting with this, so I don't yet understand fully what you wrote, but I am making a note of it. Thanks for trying to help.
1757[18:31:57] <pileofstraw> x 300 and then wait.
1758[18:32:26] <somiaj> pileofstraw: do you really want to use the i915 driver, most suggest using the modesetting driver these days (which talks to the kms i915 module)
1759[18:32:34] <oxek> I already know to not blindly use sudo when something doesn't work
1760[18:32:42] <somiaj> the xorg-video-intel really isn't needed and the modesetting driver is prefered is my understanding
1761[18:33:07] <somiaj> pileofstraw: also some intel cards need firmware, firmware-misc-nonfree I think is the package that has it
1763[18:34:12] <rozenglass> somiaj: I haven't used any python virtual envs, so I'm not sure, can you call binaries inside the env from outside the env? Would it be safe to set a $PATH into the insides of a virtual env? I had the impression that the applications that create and handle the envs do other things to set it up.
1764[18:35:41] <somiaj> rozenglass: I would look them up, the whole point of them is to be able to have multiple enviorments with different versions of python packages, compeltely independent of the system
1766[18:36:26] <annadane> yes you can call virtualenv binaries outside of it, it just has to be in your path
1767[18:36:27] <rozenglass> pileofstraw: 1) yup, that might be helpful, 2) I'm not sure what you mean here, do you want to re-install the xorg-video-intel drivers? 3) okay :)
1768[18:36:28] <oxek> to verify, I probably am never gonna need or want multiple independent versions of pylint, so installing it using apt should be what I want, yes?
1769[18:36:52] <pileofstraw> Got it, so rather than i915, uninstall xserver-xorg-video-intel on all machines.
1784[18:40:12] <somiaj> pileofstraw: if you have the modesetting driver, it should be used by default, so having xserver-xorg-video-intel installed won't matter. You can check the Xorg.0.log to see what driver is actually used, and provide a small xorg.conf.d/ snippit to force one over the other. There might be rare cases the intel driver works better, but most things aer switching to the generic modesetting driver and using kms
1785[18:40:18] <somiaj> standards, vs a single driver per gpu manufacture
1786[18:40:19] <rozenglass> pileofstraw: 300 machines sound like fun :) what do you use them for if you don't mind me asking
1788[18:44:04] <rozenglass> somiaj: I don't know about the latest debian versions, but at some point early when the modsetting driver was newly being advertised, I clearly remember installing the -intel driver and it automatically taking precedence (reintroducing my screen-trearing issues). So checking the logs to confirm which one is loaded is probably good. uninstalling the -intel driver is 100% guaranteed to not have it loaded :P
1790[18:45:43] <somiaj> rozenglass: which is why I said you can check the Xorg.0.log file to see what driver is being loaded, and use an xorg.conf.d/ snippit to configure what one is used.
1791[18:46:05] <somiaj> personally I like having both installed, so I can compare the two, as somtimes the intel driver does work better, but less and less as times go on
1814[19:06:58] <pileofstraw> based on this xorg log it looks like it is already using modesetting
1815[19:07:24] <pileofstraw> So I have no idea what best practice is at this point. If it's already using the generic modesetting driver and locking up, I guess I need to change something.
1816[19:07:41] *** Quits: klokken (~klokken@replaced-ip) (Remote host closed the connection)
1854[19:19:14] <Azathoth2533> Yes. It is linked in mine as well. But I mean to remove /var/run.
1855[19:19:31] <oxek> somiaj: yeah I was confused by the guide on the pylint website where it just called it pylint
1856[19:19:55] <somiaj> Azathoth2533: what would you gain from that? The only way to do that is to ensure that all software that uses /run to store data uses /run and not /var/run, and due to this link not all software could be updated.
1859[19:21:08] <somiaj> I personally don't see what removing a link will achive, besides possibly breaking software that didn't move from /var/run to /run as standards evolved
1860[19:21:18] <Azathoth2533> I have installed bedrock on top of debian. And it appears it only needs one of them.
1862[19:22:05] <paradigm> Azathoth2533: Bedrock should create that symlink for you
1863[19:22:10] <Azathoth2533> I am instructed to keep one of them and then repair the system.
1864[19:22:35] <somiaj> you only have one of them, the link is just to ensure that software that is still using /var/run puts everyting in /run (a single location)
1869[19:23:35] <paradigm> Azathoth2533: On my Bedrock+Debian box, /var/run is a symlink to /run, which is a directory. That's probably what you want to mimic.
1870[19:24:44] <paradigm> I'm guessing your system somehow has both /var/run and /run as real directories; I have no idea how that happened. Presumably you can remove the directory at /var/run and make it a symlink to /run (or just remove /var/run and reboot, in which case Bedrock should create that symlink)
1876[19:26:55] <somiaj> for a running system you may want to copy /var/run to /run frist before turining it to a link (or do this form a live system where the data in /var/run may not affect a running program)
1877[19:27:31] <somiaj> and yes if /var/run is not a link, something is setup incorrectly, the link is what makes everything use a central location
1887[19:30:22] <paradigm> For Azathoth2533's purpose, Bedrock is kind of like a chroot manager, and he's got debian in a chroot; it's not wholly unfitting. But yes, #bedrock probably would have been a better place to ask.
1888[19:30:35] <oxek> I suppose debian can be the starting point for bedrock
1892[19:32:45] <Azathoth2533> Removing /var/run and rebooting did not work.
1893[19:33:04] <somiaj> ahh okay, yea we support the actual container/chroot, though in this case something happened on the creation level if it isn't creating it to debian's standards.
1894[19:33:19] <somiaj> Azathoth2533: you needed to make /var/run a link to /run, my guess is software creates that directory if it didn't exist
1895[19:34:33] <paradigm> Bedrock just uses debootstrap to set it up. I can't reproduce a difficulty there, it works fine for me.
1898[19:35:53] <Azathoth2533> @somiaj I have both of them present. And they do contain similar files. How do I symlink /var/run to /run? Or see if it already is?
1916[19:43:37] <Azathoth2533> It worked. I think I transitioned from /var/run to /run from the output.
1917[19:43:49] <pileofstraw> After reading a lot about intel-microcode I am going to install it on 300 machines and see if that gives me some stability. I think thats the best I got right now.
1918[19:43:58] <pileofstraw> my cpu is listed on the microcode update guidance
1919[19:44:14] <somiaj> Azathoth2533: yup, what the link does is make it so /run and /var/run are effiectivally the same location, but applications can use either.
1920[19:44:26] <somiaj> pileofstraw: are these really new machines?
1921[19:44:39] <somiaj> pileofstraw: also 300 machines, is this a lab, wondering why you are using xorg on so many machines?
1922[19:45:35] <somiaj> pileofstraw: note you may also want to see if a firmware update for the machines is available, you probably can't deploy this, but firmware updates will contain new microcodes, and maybe other fixes to the firmware fo the machines
1923[19:45:54] <somiaj> (by firmware I mean what use to be called bios, you get from the manifacture)
1924[19:46:22] <pileofstraw> I'm sure they have Intel "bios" updates as they've been in the field for quite a while. To do that would involve recalling them.
1925[19:46:38] <pileofstraw> They are all NUC7i5BNK machines, not a lab. they are deployed across Canada.
1926[19:46:43] <pileofstraw> digital signage machines
1927[19:47:33] <pileofstraw> So some were purchased recently, in the last six or nine months, but this particular model was launched Q1 2017
1928[19:48:15] <somiaj> ahh yea, unless you have local tech's firwmare updates will be not possible. microcode will address cpu issues, but you could have other issues.
1929[19:48:17] *** pyre is now known as pyre_
1930[19:48:51] <pileofstraw> other issues that the microcode will not address, or do you mean that a microcode update will cause other issues?
1931[19:49:02] <somiaj> If you have some of them locally you could see and try firmware updates, and if that works maybe think about how to get a local tech to slowly upgrade them. Hopefully the microcode works. You could also try backport kernel/firmware, but I would avoid this if you can for security issues.
1932[19:49:04] <pileofstraw> fwiw these machines have a variety of bios versions on them.
1933[19:49:15] <Azathoth2533> @somiaj I am again asked to remove one of the directories. Is there any way I can remove /var/run entirely?
1934[19:49:23] <somiaj> pileofstraw: the micorcode update will only affect the cpus, if there were other firmware issues (acpi, etc) you can't do this user land.
1935[19:49:26] *** Quits: Zardoz (~Zardoz@replaced-ip) (Remote host closed the connection)
1936[19:49:41] <somiaj> Azathoth2533: why? There is no point, you only have one directory and one linke.
1937[19:50:26] <somiaj> Azathoth2533: some software still uses /var/run, what the link does is ensure that such software stores its run data in /run, I see no reason you need to remove that link, the link takes up basically 0 space, and allows applications to use /var/run to put data in /run without rebuilding the softweare
1938[19:50:33] <Azathoth2533> @somiaj Why am I notified at init to keep only one of them.
1939[19:51:18] <somiaj> I don't know, on debian there is a link, and I have never seen the message you ahve seen.
1940[19:51:24] <somiaj> Azathoth2533: what is the output of 'ls -ld /var/log'
1941[19:51:35] <somiaj> arg 'ls -ld /var/un'
1942[19:51:36] <pileofstraw> somiaj: makes perfect sense. Short of recalling them all or spending a hundred tech hours I will have to take whatever fixes I can get. I just wish this was more reproducible.
1943[19:51:37] <somiaj> arg 'ls -ld /var/run'
1944[19:52:07] <somiaj> pileofstraw: yea, I would start with the microcode and help. Why is xorg running on these machines? do people actually locally use xorg at all?
1945[19:53:43] <oxek> on a similar note, anyone know if debian has a plan to change the mountpoint of /boot/efi to simply /efi?
1952[19:54:58] <pileofstraw> nothing is used locally on these machines, they are all remotely installed in signs. I feel my phrasing will be wrong but X is what's showing our ad stack on the attached LCD displays
1953[19:55:01] <somiaj> Azathoth2533: I dont think you can delete that directory and then ln -fs /run /var/, while the system is running nativelly.
1954[19:55:21] <pileofstraw> we're using X as the window manager to output ads.
1955[19:55:43] <somiaj> pileofstraw: ahh I see, I was just courious why you were running xorg and hoping you could just remove it, but that makes sense.
1961[19:57:30] <somiaj> Azathoth2533: oh yea, you ran my misstyped command, that is better, yea /var/run -> /run is a link, I do not know why you are being told to remove one. You want that link there.
1962[19:57:34] <pileofstraw> somiaj: not until i get our ascii-based ad platform finished =)
1965[19:58:23] <somiaj> pileofstraw: well hopefully the microcode helps, and these are intel machines not some arm device? Anyways, I am not use to such hardware, so I can't really be of much more help
1971[20:00:25] <somiaj> pileofstraw: you do have firmware-misc-nonfree installed to right?
1972[20:00:58] <somiaj> anyways if microcode doesn't help, you could try the firmware/kernel from backports, but I would try to stick witht he stock kernel if at all possible.
1973[20:01:16] <pileofstraw> Yes, on Thursday I rolled that out to every machine, and was crushed when a few crashed Friday and today.
1974[20:01:36] <somiaj> assuming you did reboot after the install?
1975[20:01:43] <pileofstraw> Every machine reboots every night, yeah
1977[20:02:14] <pileofstraw> I should state openly that I am not even positive this crash is due to video. I just cannot think of many things that would hard-lock a debian system and produce absolutely no logging output.
1978[20:02:24] <johnjay> is there a relatively bugfree way to start something on graphical login?
1979[20:02:27] <pileofstraw> that leads me to think its something low level
1991[20:04:52] <somiaj> johnjay: do you want this to run on the display manager? even .xsessionrc won't run until the user logins
1992[20:05:19] <somiaj> pileofstraw: depends on the crash, but kernelpanics dont' often log, and some crashes are just a hard freeze, not all are kernel panics
1994[20:05:31] <paradigm> Azathoth2533: to be clear, that message you're seeing when booting is from Bedrock, not Debian. If you successfully made /var/run a symlink to run and you're still seeing that message, the issue may be on Bedrock's end, and #bedrock would be a more suitable place to ask.
1995[20:06:06] <pileofstraw> fair. yeah this one hard locks on whatever X is showing at that instant, and openSSH (and presumably all networking) dies
1997[20:06:19] <somiaj> pileofstraw: the fact that this is happening on multiple machines, i would almost suggest check the memeory, random lockups/freezes can be due to bad memeory.
1999[20:06:40] <somiaj> but I would highly doubt all the machines have the same bad memeory
2000[20:06:58] <pileofstraw> I have run memtest86+ on multiple machines, which is of limited use
2001[20:07:25] <pileofstraw> i'm not sure if you saw the stackexchange link I posted but when I was diagnosing the boot issue I also changed memory and could still reproduce it.
2002[20:07:31] <pileofstraw> but maybe that's unrelated.
2005[20:08:26] <somiaj> well I'm not sure what is best, maybe 1) try micrcocode, 2) get a single machine locally, update firmware. If it is firmware, you are just gonna have to figure out how to get a tech to each system.
2006[20:08:27] *** Quits: Ericounet (~Eric@replaced-ip) (Remote host closed the connection)
2009[20:08:59] <somiaj> The only other thing you may want to try is build a custom kernel and disable features you are not using.
2010[20:09:16] <somiaj> though this really isn't needed in this day and age, but it is something you could test on a local machine just to try to help diagnose things
2042[20:36:37] <pileofstraw> deploy enough machines and we'll get hit with everything that hits the industry, I suppose
2043[20:36:57] <rozenglass> yeah :)
2044[20:38:46] <rozenglass> pileofstraw: sorry I haven't looked at your xorg logs because pastebin is blocked in the country I'm in, and I don't have the laptop with tor/bridges/vpn on hand
2045[20:40:40] <johnjay> somiaj: ah i didn't know the distinction. i want it to run after i login
2046[20:40:48] <johnjay> so putting something in .xsessionrc makes Xorg run it for everybody?
2074[20:51:39] <frikinz> then use bridges. I host a hidden one for that purpose.
2075[20:51:40] <rozenglass> wikipedia was blocked for more than two years, and only recently the constitutional court declared the block unconstitutional, and so it was unblocked
2076[20:52:13] <rozenglass> frikinz: I do use bridges when I need to :)
2077[20:52:33] <frikinz> Good. That motivates me to keep on hosting that
2078[20:52:42] <rozenglass> pileofstraw: so, according to the logs you have Iris Plus Graphics
2079[20:53:57] <oxek> why don't people use paste.debian.net in #debian...
2081[20:54:12] <annadane> they want to be different, i guess
2082[20:54:26] <ratrace> it's broken, often marks as spam something that isn't, and prevents posting
2083[20:54:29] <rozenglass> frikinz: thanks for hosting it :) in extreme cases like during the military coupe attempt, only such efforts helped us know what the heck was going on. With planes flying everywhere, explosions, and firefights breaking all over the place, it's very awful to not know what's going on.
2084[20:54:51] <rozenglass> pileofstraw: I found this replaced-url
2085[20:54:52] <annadane> p.d.n is broken? really?
2086[20:55:11] <oxek> I haven't been able to use pastebin.com in years due to blocking, but pdn never failed me
2087[20:55:51] <annadane> i know p.d.n says you have to insert at least two line breaks for small pastes, but...
2088[20:55:55] <frikinz> rozenglass: yeah I've been in such countries and I've been fighting censorship for like 20 years. Good luck
2089[20:56:34] <rozenglass> frikinz: I'm actually from Syria originally, so Turkey is a breath of fresh air for me :)
2090[20:56:54] <rozenglass> pileofstraw: and replaced-url
2107[21:01:30] <somiaj> oh haha, yea that site (.net) is community run, can be slow and goes down. termbin.com is a nice one to use and easy from the command line
2108[21:01:33] <somiaj> !termbin
2109[21:01:34] <dpkg> well, termbin is you can paste to termbin.com from terminal via: cat /path/to/file | nc termbin.com 9999
2113[21:02:54] <jmcnaught> surely dpkg means 'nc termbin.com 9999 < /path/to/file'
2114[21:03:00] <jhutchins> !gpm
2115[21:03:00] <dpkg> gpm (General Purpose Mouse) is a package for use of the mouse in a Linux (text-only) console. Install it, then use left button to select text, middle or right button to paste. In some applications (such as elinks), you have to hold down Shift in order to cut or paste, otherwise the application itself interprets the mouse clicks. replaced-url
2116[21:03:53] <somiaj> what about echo or any other ways get info
2117[21:04:26] <somiaj> so piping is nice, but the example there is like nails to a chalkboard for all those who don't like to cat a file into less or grep
2179[21:46:59] <pileofstraw> Well logging into a machine via SSH and running hardinfo I get a pile of output but it gets to GPu Drawing and just ends.
2180[21:47:05] <pileofstraw> which makes sense as its likely dependant on X
2181[21:47:31] <pileofstraw> so running export DISPLAY=:0 first seems to cause it to run properly in X instead of in the ssh session
2182[21:48:01] <pileofstraw> and I'm just left with a blank line that will accept keyboard input (so it's not locked up) and presumably all sorts of fun draw-y things are happening in X
2189[21:51:37] <rozenglass> pileofstraw: whoops, yes, those issues are about a different architecture. If it was not reproducible in the way described in the issue, then trying the workarounds is probably not worth it
2190[21:51:55] <lwp> pileofstraw, can you use ssh -X when you connect ?
2191[21:52:16] <rozenglass> pileofstraw: I have to go sleep now, sorry I couldn't be of more help
2192[21:52:23] <somiaj> though ssh -X might not trigger gpu issues on the host
2193[21:53:11] <pileofstraw> rozenglass: I appreciate the help you have given, thanks so much!
2205[22:01:32] <tyzef_> so two problem I see here... of course me first, I may had simply fixed the matter with that command from the beginning means 1 week ago... the other possibility, it really come from the kernel
2207[22:02:04] <somiaj> tyzef_: you could also use snapshot.debian.org to install all the kerneles between the one that worked and the current one, identify the exact kernel that the regression occurs and report a bug.
2258[22:20:35] <gswan> Hey can anyone tell me what xen and or libvirt is? Ive used qemu to emulate arm devices on my x86 machine and kvm to emulate x86 machines, but i dont know what those other ones do.
2259[22:21:03] <somiaj> tyzef_: you should see debian, and then another option right below it, you go down, select that option, and all the other kenernels you have installed should become avaialbe to choose.
2260[22:21:49] <somiaj> gswan: qemu-kvm are often used together, qemu is full software emulation of different hardware, kvm uses the hardware emulation features of modern cpus, so even with using kvm, one often uses parts of qemu for network enumlation and what not.
2263[22:22:31] <somiaj> gswan: xen is a completely different model of emulation, xen uses the hardware emulation (simlar to kvm) but does things in a container, so all instances using xen share the same kernel, while with kvm they emulate the whole hardware and have indvidual kernels.
2264[22:23:03] <somiaj> gswan: xen has some preformance increases because of the shared kernel, but other issues (you must use the same arch as the host, you must use a container that is compadable with the host's kernel, etc)
2268[22:24:10] <somiaj> gswan: libvirt is a libary, or collection of tools that allow you to manage virutal machines. libvirt can work with qemu-kvm (what I use it for), it can also work with with virtualbox, and might even work with xen (unsure here). libvirt gives tools like virsh and virt-manager to make manging virtual machines easier than calling qemu or kvm directly with all the different comand line options you may need
2269[22:24:16] <somiaj> for a particuarl vm.
2270[22:24:27] *** Quits: rabbitear_g (~rabbitear@replaced-ip) (Remote host closed the connection)
2281[22:27:17] <somiaj> tyzef_: if not, run update-grub
2282[22:28:44] <gswan> OK so i get QEMU, KVM, libvirt, but what do yoj mean that xen shares kernels? LIke it can use just 1 single kernel for, say 3 vms?
2283[22:28:58] <somiaj> gswan: lxc and docker are other container like methods, they are a bit different from xen, but function similarly in that you use containers and share the kernel.
2284[22:29:08] <somiaj> gswan: do you know what a chroot (or bsd jail is)?
2288[22:29:44] <gswan> so is it just like docker, but it emulates the whole root filesystem?
2289[22:29:55] <somiaj> gswan: xen is a very advanced chroot/jail, in which all instances share the hosts kernel, but have their own userspace (so one container can't access anotehrs infromation)
2290[22:30:38] <somiaj> gswan: there are differences between xen and docker, but similar in that xen provides containers, though it is from my understand more powerful than docker or lxc, in how isolated and independent the containers are. I don't use either so I only know the vague basics.
2291[22:30:55] <somiaj> xen's containers are way closer to a full vm than a docker conatiner
2312[22:42:41] <tyzef_> still no choice in grub...
2313[22:42:44] <somiaj> tyzef_: you should follow a bit closer, I don't need to check every thing. You need to boot of the newer kernel to test it. If you don't see it in grub run 'update-grub' as I said.
2314[22:42:58] <somiaj> oh wait, you did run update-grub
2321[22:44:40] <rekishi> I have a dumb question concerning issues in UL, I recently purchased a new(to me) server, the previous owner had no performance issues, and it will UL/DL full speed inside the network and DL fullspeed from outside the network but throttles the hell out of outbound traffic, initially I noticed a dying drive so I replaced the OS drive, but the issue persists and doesnt persist when using Kubuntu
2330[22:48:27] <somiaj> tyzef_: oh wait, I see, does the wireless card work with that kernel? That is the newest kernel, and not the one from the netinstaller.
2359[22:58:37] <Gigglebyte> rekishi> Supposed to be
2360[22:58:38] <sney> you can download the zoom deb from their website and use it on buster. as you said, it's proprietary so it's not distributed by debian
2361[22:59:20] <rekishi> any ideas on whats throttling my UL?
2362[22:59:22] <sney> there is a f/oss program called jitsi that does the same thing. it's not currently in debian either but I think the process is ongoing to get it uploaded.
2363[22:59:54] <sney> rekishi: is that bare metal or a VM?
2366[23:00:06] *** Quits: dastier (~dastier@replaced-ip) (Remote host closed the connection)
2367[23:00:25] <sney> hmm. what network hardware?
2368[23:00:30] <rekishi> whats REALLY weird, is that the old OS drive and the new OS drives were WD Blacks, and a WD blue was beating it
2369[23:00:47] <rekishi> but since there wasnt an issue before i dont think its a hard drive issue
2370[23:01:13] <Gigglebyte> is zoom meeting in the repos? I see a Zoom something, but realize proprietary software is not in the repository.
2371[23:01:26] <sney> Gigglebyte: I already answered your question. please read.
2372[23:01:50] <rekishi> Gigglebyte:
2373[23:01:54] <rekishi> fug
2374[23:02:29] <tyzef_> somiaj, does the problem had been because i changed something as well, before in my wifi router password, ther was some ! and ? and I now had removed them...
2375[23:02:31] <Gigglebyte> sney> the file on zoom's website doesn't work, and it looks like the filename has been changed, or isn't correct.
2376[23:02:46] <sney> !doesnt work
2377[23:02:46] <dpkg> "Doesn't work" is a vague statement. Does it sit on the couch all day long? Does it procrastinate doing the dishes? Does it beg on the street for change? Please be specific! Define 'it' and what it isn't doing. Give us more details so we can help you without needing to ask basic questions like "what's the error message?". Ask me about <smart questions>, <sicco> and <errors>.
2378[23:03:15] <sney> that said, I use the zoom deb on my buster laptop and it's fine, and support for 3rd party software is not offered in this channel anyway
2380[23:05:33] <rekishi> sney: so far this is what testing I have done, 1. changed ports 2. changed OS drives 3. Changed distros. What I found was that changing ports did nothing (shocker since theyre the same NIC) changing the drives did nothing (5Mb to 7Mb) and changing distros alleviated the issue. howevever the distro test was without going back and setting up all the services that run on my buster box.
2381[23:05:56] *** Quits: gswan (~gswan@replaced-ip) (Quit: Lost terminal)
2382[23:05:57] <rekishi> the major network hogs on the debian box rn are transmission, apache, ssh
2383[23:06:05] <sney> rekishi: what network hardware is it? I've seen bnx2 have some weird behavior with MTU configuration
2384[23:06:53] <rekishi> its a SFP+ card with a SFP+ to RJ45 adapter, its something on an inventec board
2389[23:11:38] <sney> still, I'd look at the MTU size. having it set too large can result in fragmentation and/or a lot of transmission retries, which manifests as reduced speed
2415[23:24:08] <cyveris> I'm aware; that also wasn't really my question. I know that they CAN. I'm interested in what IS.
2416[23:24:09] <rekishi> stopping them changed nothing, and they were running before on the old metal with no issues
2417[23:24:23] <cyveris> Well, something is causing them to send a ton of traffic outbound.
2418[23:24:47] <cyveris> How are you measuring their activity, network-wise?
2419[23:24:56] <cyveris> At the firewall, or elsewhere?
2420[23:25:42] <rekishi> its an assumption theyre hogging bandwidth, however the only way I am testing UL is using speedtest-cli which is still telling only 3.5Mb up
2421[23:26:06] <rekishi> previously I tested bias by having a friend DL from my box but had similar results
2440[23:36:45] <jaakkos> I wanted to use Property= [Match] rule with systemd, which was introduced in v.243. Buster backports has 244.3-1~bpo10+1, and /usr/share/doc/systemd/NEWS.gz lists this feature; it's documented here replaced-url
2441[23:37:18] <jaakkos> However, it's missing from 'man 5 systemd.link', and the feature is not recognized by systemd. I wonder what's up with that.