71[00:50:17] <sney> ok. what is in your /etc/network/interfaces?
72[00:50:27] *** Quits: [E]sc (~playboy@replaced-ip) (Remote host closed the connection)
73[00:50:32] <blackop> well in my other machine there is normally wifi icon but not on this machine
74[00:51:25] <Thedarkb-Desktop> Modprobe it out and back in again.
75[00:51:26] <blackop> sney: there are configs
76[00:51:45] <blackop> Thedarkb-Desktop: i tried modprobe but didnt work
77[00:52:01] <Thedarkb-Desktop> I remember you from ##ibmthinkpad
78[00:52:09] <blackop> Thedarkb-Desktop: yup
79[00:52:15] <sney> blackop: if your wireless interface is listed in /etc/network/interfaces, network-manager will ignore it. Remove the entry from that file and restart network-manager.
82[00:53:20] <blackop> sney: should i delete that fire or where my previous wifi connection info exists
83[00:53:27] <blackop> ?
84[00:53:57] <trek00> blackop: lspci -k shows a module loaded for your card?
85[00:54:04] <sney> blackop: you should edit that file and remove any lines which refer to your wifi adapter.
86[00:54:08] <blackop> trek00: yes
87[00:54:39] <Waxhead> Howdy , this may be a stupid question. But I copyed (rsync -aHAXx) my rootfs to another drive on another fs. Then I edited /etc/fstab with the new UUID for my new rootfs, ran dpkg-reconfigure grub-pc and installed grub on all drives (I've got 24 of them), ran update-grub and my system still boots up from the old rootfs... What am I missing?!
88[00:55:15] <Waxhead> (I even tried chrooting to the new rootfs)
89[00:55:30] <Waxhead> (....and doing the exact same as above)
90[00:55:41] <blackop> typing on french keyboard is crazyy
91[00:55:50] <blackop> it is azerty keyboard
92[00:56:06] <trek00> blackop: is there an entry for your wifi card on /etc/network/interfaces?
93[00:56:09] <blackop> sney: ok i deleted wifi line
97[00:56:23] <blackop> i deleted wifi info from there
98[00:56:34] <blackop> there are some other configs there
99[00:56:48] <blackop> should i leave or remove them also?
100[00:57:14] <sney> blackop: there should be 2 lines "auto lo" and "iface lo inet loopback" that need to be in that file. everything else is optional.
101[00:57:17] <trek00> blackop: you should leave lo interface
116[00:59:38] <trek00> Waxhead: you should modify the /etc/fstab on the new rootfs, then chroot and run update-grub and check again that /boot/grub/grub.cfg on the new rootfs
127[01:03:42] <Waxhead> trek00: just what I done... but without the livecd... could it be some systemd thing that prevent the bind mount for working properly ?
136[01:08:12] <trek00> Waxhead: may be you could add GRUB_DEVICE_UUID=your-new-uuid to /etc/default/grub
137[01:08:17] <Waxhead> trek00: I get a couple of warnings on grub-update. /dev/sdX not initialized in udev database even after waiting for 10000000 microseconds
138[01:08:25] <Waxhead> (not sure I got the number of 0's right)
139[01:09:18] <Waxhead> trek00: I can try to add that to /etc/default/grub yes, I would prefer it to work the "correct way" :)
141[01:09:59] <trek00> Waxhead: usually i boot adding manually the right uuid to the grub menu, then i run update-grub once booted from the right device
146[01:13:28] <trek00> Waxhead: the use the GRUB_DEVICE_UUID conf, then update-grub and check if grub.cfg is ok, then reboot and if it's all ok, remove the GRUB_DEVICE_UUID and rerun update-grub
147[01:13:36] <blackop> sney: trek00: it is working thanks a lot
153[01:18:00] <Waxhead> trek00: well, I'll keep that in mind. I am starting to get too tired to try... UUID's are never a good idea when you are sleepy ;) - so for now , thanks a bunch for your help! Appreciated!
154[01:18:31] <trek00> :)
155[01:19:57] *** Quits: tuxmania (~tuxmania@replaced-ip) (Remote host closed the connection)
157[01:21:17] <Waxhead> Arrrh.... why not - thanks to EVERYBODY that tries to help out. IRC is a friendlier place than it was 20 years ago, but still - not often that is being said so why the heck not! :) Can't hurt (too much) to try to spread some positive vibes once in a wile! ;)
201[01:55:39] <asterismo_l> hi, is mongo-db supported in debian buster? or is there anyway to install it without breaking the system installing libcurl3?
202[01:56:07] <n-iCe> Hello guys, how can I stop debian to restore my last windows
203[01:57:02] <Gryllida> n-iCe: in what desktop environment?
206[01:58:57] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
207[01:59:53] <n-iCe> Gryllida: xfce
208[02:01:06] *** Quits: de-facto (~de-facto@replaced-ip) (Quit: See you around.)
209[02:01:15] *** Quits: b1ack0p (~M@replaced-ip) (Quit: good nite)
210[02:01:40] <Gryllida> n-iCe: Open Session and Startup from Menu - > Settings -> Settings Manager. Untick the Automatically save sessions on logout under Logout Settings.
225[02:06:54] <trek00> Gryllida: may be you can set the cpu scaling governor to powersave: echo powersave | tee /sys/devices/system/cpu/cpu[0-9]*/cpufreq/scaling_governor
226[02:07:42] <Gryllida> trek00: is this what thermald does?
227[02:09:00] <Maizum> after install nvidia driver i need to login on tty2 also to have desktop working any idea?
228[02:09:01] *** debhelper sets mode: +l 1261
229[02:09:10] <Maizum> Xfce4
230[02:12:00] *** Quits: ecbrown (~user@replaced-ip) (Remote host closed the connection)
231[02:12:09] <trek00> Gryllida: may be thermald does more things i don't know
232[02:12:26] *** Quits: Tom01 (~tom@replaced-ip) (Read error: No route to host)
233[02:12:52] <Maizum> after install nvidia driver i need to loging on tty also to start xfce4 any idea?Xorg conflit?
234[02:13:12] <trek00> Maizum: if you don't log in on tty, what happens?
240[02:13:48] *** Quits: kristijonas (~kristijon@replaced-ip) (Remote host closed the connection)
241[02:14:08] <trek00> Maizum: then after login on a tty, the desktop appears on the X session?
242[02:14:23] <Maizum> yes verything
243[02:14:31] <Maizum> works then
244[02:14:51] <Maizum> everything
245[02:15:48] <trek00> Maizum: i really don't know, is there some non-standard configuration? some error messages on screen or inside log files like /var/log/syslog?
361[03:57:50] <mason> Did something significant change between Debian 9 and 10 re: fail2ban? Trying to spin up a Buster equivalent to a server, and I don't see fail2ban spinning up its iptables entries.
362[03:58:56] <sponix> think there might be a new one, something not called iptables anymore
363[03:59:13] <mason> Right, but iptables still exists as a compatibility layer.
372[04:00:58] <sponix> I have fail2ban installed, or at least thought I did -- and don't even have nftables installed
373[04:01:14] <mason> On Buster?
374[04:01:28] <sponix> Yes
375[04:01:37] <sponix> Buster base anyway
376[04:01:51] <mason> It's working unproblematically on Stretch here. I've not yet found what's different.
377[04:02:40] <sponix> I'm going to check my logs if possible, and see if it is doing "anything" for me lol
378[04:02:59] <mason> sponix: You should see iptables it set up.
379[04:03:13] <mason> sponix: You can also say fail2ban-client status to see what's active.
380[04:03:38] <mason> For me, identical between the two systems, just no iptables, which means it's effectively doing nothing.
381[04:04:40] <sponix> mason: yeah, that status says it is active on sshd. But my iptables is blank, and my fail2ban.log is also -- so seems it is either purely cosmetic for me, or working some damn good it has no complaints :)
443[04:28:21] <sponix> mason: after following that guide with fail2ban.local file, "enabled = true" under sshd section, setting my port to 66534 (my port I use for ssh), and a few other things. It is not at least writing to /var/log/fail2ban.log with information that makes it look functional
444[04:28:46] <sponix> mason: I recommend you give that webpage a 2nd look as it does seem Buster needs a little more fail2ban love to get it going :)
445[04:28:48] <mason> sponix: Do you see rules?
446[04:29:00] * sponix goes to check
447[04:29:00] <mason> iptables -L, do you see fail2ban tables?
451[04:29:45] <mason> sponix: Even if there are no hits, it ought to set up the tables so they exist and are ready for rules.
452[04:29:50] <saptech> I recently purchased an Epson WF-3720 AIO printer. Running Debian Linux, I have the printer & scanner working, but I can't use the ADF tray. Any ideas/suggestions on getting it working?
453[04:29:56] <sponix> mason: nope, still no rules. But from what I read it is only going to add a ban to iptables if it is triggered
454[04:30:26] <mason> sponix: Easily tested. And in this case since I'm migrating an active server, there were no end of IPs it ought to have banned.
455[04:30:42] <sponix> mason: try to hit my sponix.asuscomm.com with ssh on port 66534 a few times and see if it does anything ?
456[04:30:59] <mason> sponix: Argh, kk. I hate doing that even when requested but I'll do it.
457[04:31:21] <sponix> 2020-05-05 21:26:30,819 fail2ban.server [4716]: INFO Jail sshd is not a JournalFilter instance
465[04:34:31] <sponix> mason: oh, well I meant 65534 -- read my mind ;)
466[04:35:00] <sponix> mason: well I did connect from my phone, and nothing logged in fail2ban about it, and /var/log/auth.log does show my sshd login as legit
482[04:41:10] <mason> ah, that's a lot then, sorry
483[04:42:54] <sponix> I could always change it.. Just what I did
484[04:43:25] <sponix> mason: well... Yeah, I need to change my default ban action from iptables-multisomething to just iptables -- but it did just try to run it after the dozen or so failed attempts, so it is working
485[04:43:26] <mason> don't forget to reload the service
486[04:43:40] <sponix> I just need to fix that, and it should generate the iptables rule
487[04:43:53] <mason> sponix: Eh? You needed to move iptables-multiport to iptables for it to work?
488[04:44:41] <mason> sponix: in Stretch, banaction = iptables-multiport works and generates iptables rules
489[04:44:56] *** Quits: sa-ghosts (~sa-ghosts@replaced-ip) (Quit: see you later ~)
524[04:56:01] <sponix> sponix sshd[23032]: error: maximum authentication attempts exceeded for sponix from 192.168.1.1 port 50582 ssh2 [preauth]\nMay 5 21:42:14 sponix sshd[24976]: Failed password for sponix from 192.168.1.1 port 50606 ssh2', 'ipfailures': 10, 'ipjailfailures': 10})': Error banning 192.168.1.1
525[04:56:27] <mason> sponix: And now... you see rules?
526[04:56:56] <sponix> trying, I don't know how to work ufw lol
527[04:57:03] <sponix> going to see if they show up in gufw now
528[04:57:13] <mason> sponix: Here's the thing - even without active bad guys to ban there should be actionstart = <iptables> -N f2b-<name> and others at service start time.
529[04:57:52] <sponix> it still can't figure out how to ban me
530[04:57:56] <sponix> still no rules
531[04:58:02] <mason> This is not encouraging.
532[04:58:04] * sponix goes to look at the documentation again
552[05:13:08] <mason> My Ubuntu 18.04 test VM is almost up and ready to test, and that'll help figure out if it's something in the Debian package or not.
553[05:13:26] <mason> Ubuntu's fixed stuff that's lagged in Debian in the past, so it'll be a useful data point.
592[05:42:14] <annadane> kline, pretty sure he's a maintainer, did you try his email?
593[05:43:12] <sponix> mason: Yeah.... It is correctly banning me through iptables now. I will bookmark that. And sleep a little safer at night knowing no Malaysians can brute force my ssh ;)
594[05:43:22] <annadane> i found the username but i dunno if i should just say it in the chat
732[07:20:40] <mason> Easier to just write my own I think. I've got parsers that comb through logs to find badness, and they're a far sight simpler than what fail2ban has become.
733[07:21:28] <mason> Also, I noticed that xbl.spamhaus lists most of the sites that'd otherwise be banned, so that might help obviate the issue.
734[07:22:01] <mason> My random sampling of five hosts that did doorknob jiggling had five positive results from xbl.
813[08:06:44] *** Quits: user217_ (~user217_@replaced-ip) (Remote host closed the connection)
814[08:07:09] *** Quits: VoidFox (~VoidFox@replaced-ip) (Quit: Women do not snore, burp, sweat, or pass gas. Therefore them must bitch or they will blow up)
817[08:07:47] <setra> hello I encountered after jessie to buster upgrade the issue that if I start a virtualmachine that in my syslog appears failed to get cgroup backend for 'getCpuacctUsage' and my virtual machine does not start. I tried all I could find and added a Delegate=yes to the Service but nothing really helps. Fact is that no virtual machine can be started anymore
818[08:08:50] *** Quits: user217_ (~user217_@replaced-ip) (Remote host closed the connection)
961[09:34:17] <shtrb> What would be the proper syntax for apparmor to avoid ( audit: type=1400 audit(1588750217.481:104): apparmor="DENIED" operation="file_mmap" profile="/usr/bin/pidgin//sanitized_helper" name="/tmp/.glzUh8qM" pid=9442 comm="x-replaced-url
1088[12:09:15] <ratrace> shtrb: okay I see. the sanitized helper is in abstractions/ubuntu-helpers and used via abstractions/ubuntu-browsers which is included in the pidgin profile
1089[12:09:58] <ratrace> shtrb: ubuntu is apparmor upstream so that's where the stupid name comes from. anyway, problem is the whole sanitized_helper abstraction does not expect gpu acceleration needing userland file access, like nvidia does.
1090[12:10:53] *** Quits: dselect (~dselect@replaced-ip) (Quit: ouch... that hurt)
1091[12:11:40] <ratrace> shtrb: so, one hack would be to add those rules in the /etc/apparmor.d/abstractions/ubuntu-helpers, in the "sanitized_helper" profile, you can add it near the end, BUT.... it'll get overwritten with next update unless the package manager will back off seeing the file is under /etc, I don't know
1092[12:11:58] <ratrace> unfortunately the abstraction(s) do not have #includes built in for local user overrides, like main profiles do
1094[12:12:32] <ratrace> that'd be one reason why I almost never use packaged profiles and build my own, even if I take the packaged profiles as a starting point.
1096[12:14:02] <ratrace> you could also try to file a bug but that requires a report via launchpad.net and in my experience usually falls on deaf eears so I'm not bothering, I just build my own profiles.
1168[13:32:39] <oxek> How do I synchronize time on debian? I know it should do it automatically, but it does not, so I need to do it manually (but not as manually as setting the actual time manually).
1169[13:33:10] <oxek> is there some command to one-off synchronize time on-demand?
1170[13:33:16] <bguebert> time command is ntpdate i think
1171[13:33:39] <oxek> is that supposed to be installed by default?
1172[13:33:48] <bguebert> I don't think so
1173[13:33:51] *** Prints is now known as oxycontin
1219[13:48:52] <IsUp> ratrace: i need to set env variables for 'freeswitch.service'. right now i am using /etc/default/freeswitch to accomplish this. is this should be avoided?
1221[13:49:57] <satanist> hi i have alwas problems with copy paste under x, because there are 3 diffrend selection one programm uses primary and an other programm reads out of the clipboard. is there a way to merge these three selections?
1222[13:53:14] <joepublic> The nice thing about clipboard standards is that there are so many to choose from
1223[13:53:43] <bguebert> isn't that a bad thing when you want them to work together?
1230[14:01:11] <ratrace> IsUp: as you can see it has the EnvironmentFile directive, which is okay. /etc/default/ has always been a place to specify env vars for services.
1232[14:01:26] <ratrace> IsUp: however, that's not "system wide" as you originally asked.
1233[14:02:00] <ratrace> satanist: there's two, not three cliboards under xorg. depending on your DE, there might be extensions that merge them if they aren't already
1234[14:02:26] <annadane> somiaj, just for your information, xset s off && xset -dpms does work in MATE
1235[14:03:14] <bguebert> putting that env var in /etc/profile would work for users logged in, not sure about cron jobs and things like that or if it is the "best" way
1238[14:06:34] <IsUp> ratrace: got it. i am just testing /etc/environment - is there any way to reload this file after making changes instead of reboot?
1252[14:15:38] <ratrace> satanist: ah, no there isn't afaik. if you're having trouble with the terminal, the terminal itself might have plugins or configurations, like urxvt does for example
1253[14:15:54] <satanist> also according to /usr/share/doc/xorg-docs/icccm/icccm.html there are three selections ``clients need deal with''
1254[14:16:04] <ratrace> I use i3-wm too and sometimes it pisses me off, those two separate clipboards
1255[14:16:20] <satanist> why is this i3-wm problem?
1256[14:16:39] <oxek> shtrb: ntpsec-ntpdate installed both `ntpdate` and `ntpdig`, any idea which one is better to use?
1257[14:16:59] <satanist> this is a xorg problem, why are there multible selections for copy paste without an config option to merge them
1258[14:17:03] <ratrace> satanist: there's really two, "primary" and "clipboard". I don't think any application uses "secondary" these days
1259[14:18:21] <ratrace> satanist: it's a complete mess kind of problem. basically it's xorg's main fault and DEs/WMs may or may not merge them into one. i3-wm surely doesn't, as it's just a WM and not a DE so I guess the devs think it's not its job to manage the "clipboards"
1263[14:19:39] <ratrace> IsUp: then I'm sorry, I wouldn't know. daemon-reload _should_ work, as that reloads and reinits the generators, and per systemd.environment-generator(7) manpage, that's exactly what should've happened
1266[14:20:16] <ratrace> IsUp: however, it also says the reload will affect any service started subsequently...
1267[14:20:45] <IsUp> ratrace: thank you so much
1268[14:23:38] <jmd> Does anyone know what the holdup is getting Gettext 0.2 into Debian?
1269[14:24:27] <somiaj> annadane: still surprised there isn't a configuration for that, but I use that for my wm. I almost think you could put options in xorg.conf to make that default, but I have been too lazy to do that, so instead I type that command into my laptop every time I reboot it
1270[14:24:43] <satanist> ratrace: you know how selections work? for a client (even if it's the DE/WM) there is no way to merge them, the only way is to read them out and take ownershipp
1271[14:25:21] <satanist> taking ownershipp is something I don't want, because I use a pwmanager based on selections
1283[14:34:00] *** tadeus_brick is now known as TadeusTaD
1284[14:34:32] <ratrace> satanist: well then pick one and use it, eg. the "clipboard" one, so you explicitely need to copy and paste instead of rely on selection
1291[14:38:59] <satanist> the problem I have is, that some programms use one selection and other a other one, so I can't sometimes direct copy and have some old data in the selection
1292[14:39:31] <satanist> so I want to tell xorg that all three default selections are handled as they would be the same
1294[14:40:17] <ratrace> satanist: most if not all GUI prorgams can use "clipboard" via ctrl-(shift-)c and -v. terminals usually need coercing to do so. urxvt, for example, can do it and there's a config option for that.
1297[14:41:10] <ratrace> using selection is really very annoying. you can't select this text, then copy, then select this text then replace with copied. any selection replaces previous in memory.
1302[14:43:31] <ratrace> satanist: per definition of the problem it's unsolvable. ctrl-c is explicit copy action. merging that with selection would make it obsolete, as you have to select to copy, and selection would already do the copy.
1319[14:47:28] <pitch> so where is the nfs config?
1320[14:47:36] <satanist> ratrace: I understand this is the default behavior, but this doesn't match my usage, therefore I'm searching for a flag/option to change it
1323[14:48:21] <ratrace> pitch: services are now handled by systemd. env for services is in /etc/default unless they explicitly set env via service unit. network is in /etc/network/interfaces if you're using default ifupdown framework
1392[15:03:53] <pitch> back to topic: i was looking for a simple approach of getting a network share from linux to include in win10. i thought nfs would be nice, but thats from beeing used to just write a line in /etc/exports and be done.
1413[15:06:58] <pitch> it was for me too. thats why i was so excited. setup my nfs. checked for funtion with my laptop -> nice. trying with windows: nothing.
1431[15:18:39] <pitch> i am just a casual linux user for 20+ years, which makes me an advanced computer user i guess, but still... never really haggled with multiOS systems/networks. now i was asked to make this bunch of Win10pro machines backup themselfs to another location.
1439[15:24:20] <ratrace> pitch: what I'd do, if possible, is install them into VMs. there's a nifty video by Linus Tech Tips, the guy replaced all his computres at home withh a single beefy server running VMs with dedicated CPUs and GPUs, exposed to extra thin clients via firewire-or-whatwasit + usb cables for peripherals.
1440[15:24:44] <ratrace> I'll be doing the same but the host will be linux of course.
1441[15:25:25] <greycat> judd file ec_sys*
1442[15:25:29] <judd> Search for ec_sys* in buster/amd64: libitpp-dev: usr/include/itpp/comm/rec_syst_conv_code.h; golang-go4-dev: usr/share/gocode/src/go4.org/osutil/exec_sysctl.go
1443[15:25:43] <greycat> It does not appear to exist, at least under that name. Perhaps you could tell us what it *is*.
1444[15:27:01] <pitch> ratrace: thats a nice thing for a close quarter situation. this is a private household with a carpentry and a small office combined.
1448[15:27:48] <pitch> so i would need to run 200+ meters of firewire/usb-c/fiber/whatever
1449[15:27:52] <Maizum__> ops
1450[15:27:56] <BadPractice> greycat, it is some interface to talk with an embedded controller of my thinkpad (i think). I want to control my red dot as in replaced-url
1451[15:28:16] <ratrace> pitch: sure. just tossing ideas out there ;) virtualized windows = easiest thing to maintain
1452[15:28:23] <pitch> true
1453[15:28:43] <greycat> BadPractice: not very good instructions, apparently...
1454[15:28:56] <greycat> OK, google it is!
1455[15:29:11] <pitch> i would love to have a zfs-pool fed virtualisation for myself and my girlfriend at home. atm its just the hardware lacking.
1456[15:29:42] <pitch> because i love my computer games. but windows is just a PAIN
1457[15:29:43] <greycat> Google gives me replaced-url
1458[15:30:42] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
1459[15:30:50] <pitch> ratrace: if you are planning on building this yourself: beware. the more recent nvidia drivers detect PCI-passthrough and send the card into 2D-only
1460[15:31:15] <pitch> throwing error 3xx.
1461[15:31:28] <ratrace> pitch: I know. fixed with cpuid haxx
1462[15:31:35] <pitch> uuuuuh
1463[15:31:39] <pitch> clever
1464[15:31:46] <pitch> never thought about that.
1465[15:32:16] <ratrace> that alone has put nvidia on my sh!t list. I'll be switching to all all AMD+ATI as soon as finances allow.
1466[15:32:34] <ratrace> all *out
1467[15:32:51] <pitch> my solution: feeding my gaming machine with network boot. normally it boots into a headless linux to crunch em numbers. if powered by the buttons it boots windows10 to game.
1468[15:32:55] <ksk> BadPractice: ubuntu seems to ship that module via linux-modules - as far as I can tell debian does not.
1490[15:36:08] <f8e4> latest is CHANGES-1.14 nginx-1.14.2
1491[15:36:13] <BadPractice> greycat, ksk so seems like my best bet ist to compile that module myself. thanks for your help
1492[15:36:15] <greycat> !stable
1493[15:36:15] <dpkg> [stable] The status of a Debian release when no packages will be added or version-bumped, and changes will only fix security issues and critical bugs. Packages can be removed in rare circumstances. The current stable version of Debian is Buster (10.x); ask me about <releases>. Security bugs are fixed in stable by backporting the fix to the stable version (ask me about <security backports>). replaced-url
1494[15:36:22] <greycat> !buster freeze
1495[15:36:22] <dpkg> Buster started the freeze process on 2019-01-12 see replaced-url
1496[15:36:58] <ratrace> f8e4: do you need any specific functionality in newer versions or a bug fix that's not available in debian's standard package?
1497[15:37:07] <ksk> f8e4: if the nginx package in debian does not fit your needs, check the "repos for debian from nginx.org" - they are of good quality.
1498[15:37:16] <f8e4> ratrace scared only: latest == most secure often
1499[15:37:33] <pitch> true but not most stable.
1500[15:37:36] <f8e4> do i break (again) sth if i install the replaced-url
1501[15:37:36] <ratrace> f8e4: also latest == new (security) bugs often
1502[15:37:43] <pitch> what the purpose of debian is
1503[15:37:44] <Maizum__> , /msg alis LIST #freenode* -min 10
1504[15:37:51] <ksk> f8e4: The Debian team will take care of handling everything security related. It works well most of times..
1505[15:37:52] <ratrace> Maizum__: pls stop that crap
1506[15:38:06] <Maizum__> sorry
1507[15:38:24] <ratrace> f8e4: security bugs are backported to debian's nginx. unless you know there's a specific functionality or bug fixed upstream and not backported, I'd recommend stay with debian standard packages.
1508[15:38:33] <annadane> speaking of security and the discussion from earlier, salt did get patched
1511[15:38:41] <dpkg> The Tracker of Doom is a vulnerability database maintained by the Debian security team, viewable at replaced-url
1512[15:38:54] <joepublic> speaking of security, the current mitigation for saltstack problems is apparently to unplug the machines and set them on fire, replaced-url
1513[15:38:55] <ratrace> annadane: and exposed my worst nightmare about running salt on publicly accessible servers
1514[15:38:56] *** Quits: IsUp (~tamer@replaced-ip) (Remote host closed the connection)
1515[15:39:17] *** Guest94791 is now known as zodd__
1517[15:39:59] <pitch> f8e4: if you want recent features go for rolling release distros, like arch (?) or voidlinux. they are fine most of the time, but eentually they will break your whole system with one update.
1518[15:40:36] <ratrace> the bestest rolling release is of course gentoo. there will be no discussion or challenging of this statement. thank you, have a nice day.
1519[15:40:45] <pitch> on the other hand distros like debian often carry years old packages/versions but more or less guarantee you that they wont break anything while updating
1520[15:41:19] <annadane> or run a rolling release... in a VM, where you can have your cake and eat it too (mostly)
1521[15:41:34] <ratrace> pitch: true that, but they'll also carry bugs for years </devils-advocate> in my case, I can't use HTTP2 because it's broken in the current version of nginx.
1522[15:41:38] <joepublic> well, it's a little harder to eat, because it's really only virtual cake
1523[15:41:41] <pitch> ratrace: is gentoot rolling release? it just includes an alias for git pull FOO && make basically
1525[15:42:26] <ratrace> pitch: it's rolling release yes, but rolling release != what you said. gentoo is way more tested than that, and has a period of stabilization. pop into #gentoo if you're instrested ;)
1526[15:42:46] <DavePage> Any suggestions on how I can raise an issue with the Debian kernel team? Basically our VM hosts are broken in Debian 9 because of replaced-url
1545[15:45:17] <sudomake> there is another guy/girl who has the same problem and also using debian 10.3.
1546[15:45:28] <sudomake> we just both reported it on linux channel
1547[15:45:38] <ratrace> DavePage: then I think you did pretty much all you could until it's fixed in Debian
1548[15:45:51] <sudomake> when I heard that he had the same problem I came to this channel
1549[15:45:57] <ratrace> sudomake: can you elaborate? what do you mean trials? what error do you get?
1550[15:46:03] <DavePage> ratrace: Which is my concern, if it's not fixed in Debian next time there's a security release then updating will reintroduce the problem :/
1551[15:46:12] <cbilt> sudomake, so, you forgot your password?
1552[15:46:14] <pitch> DavePage: you can only fix it yourself and start a PR
1553[15:46:19] <ratrace> DavePage: that's why you use the debsrc kernel and rebuild on each update with your patch
1554[15:46:48] <sudomake> ratrace, login fails when I want to resume session from stand-by (sleep mode with the lid put down)
1556[15:46:54] <ratrace> actually for the kernel I think there's now a different method, than using the srcdeb, annadane do you remember the factoid perhaps?
1557[15:47:02] <mirrorbird> i also have the problem with login
1650[16:09:45] <sudomake> greycat, it is not like a login loop. I remember the login loop from ubuntu, where one is directed to desktop but the screen jumps back to login window
1651[16:10:16] * greycat stops reading google results and closes the tab and goes back to what he was doing before
1711[16:24:42] <greycat> The choice between "no RAID, if a single disk fails, I lose, but I get to use all 8 TB of storage" and "RAID 5, if a single disk fails I can recover, but I only get to use 6 TB of storage" is not one we can make for you. And I don't know enough about those other choices to say anything.
1726[16:26:03] <ratrace> raid10 two may fail, if in different mirror groups
1727[16:26:23] *** Quits: nickodd (~nickodd@replaced-ip) (Remote host closed the connection)
1728[16:27:29] <greycat> I have a hard time understanding people who don't care about their data, only how fast it can be read for the brief time that it survives.
1729[16:27:45] <DavePage> Also depends on whether you're using spinning rust or SSD - a RAID10 works better with TRIM than RAID5/6
1730[16:27:46] <greycat> Must be a millennial thing.
1731[16:28:12] <sudomake> BazookaToof, I turned the computer off. will try a few things including your suggestion
1733[16:28:34] <greycat> Or maybe some Buddhist thing. All data are ephemeral. When the data is gone, it is gone, and I will simply move to a new state, change my name, and start all over.
1734[16:29:01] <DavePage> greycat: For a file server, you're right. For a data processing server, you may care more about throughput than redundancy.
1735[16:29:18] <ratrace> true, depends on use case.
1736[16:29:37] <ratrace> the use case here is "desktop" if i'm not mistaken, and with 4 drives, I'd go for raid10.
1737[16:30:02] <DavePage> (a RAID-1 SSD mirror as a writeback cache on top of RAID 5/6 spinning rust is a reasonable all-round compromise IME)
1739[16:30:35] <greycat> who the hell puts 8 TB across 4 drives in a desktop box
1740[16:30:50] <jla20> ratrace, yes, desktop, and 4 spinning rust.
1741[16:30:55] <ratrace> someone with alotta steam games they don't wanna redownload? :)
1742[16:31:08] <DavePage> Somebody with an impressive pr0n collection?
1743[16:31:27] <greycat> but we *just* got through learning that they don't care about data longevity in any way, so they *will* be re-downloading all those games ...
1744[16:31:41] <rozie> DavePage: you don't need performance for that one
1748[16:32:28] <DavePage> I like the idea of ZFS, but I CBA messing around with the CDDL drama
1749[16:32:46] <rozie> jla20: ragarding your question: it depends. there's no silver bullet
1750[16:32:47] <ratrace> greycat: seems to me they want both performance and reliability, with performance being a bit more important. thus, I'm assuming a 4-wide raid0 is out of the question :)
1754[16:33:11] <ratrace> DavePage: what CDDL drama do you think you'd be messing with, as a user and not developer of zfs?
1755[16:33:21] <rozie> but as you asked about performance & reliability, not mentioning space, raid10 is obvious solution
1756[16:33:38] <sudomake> BazookaToof, as I suspected, when I restarted computer after shutdown, I was able to login immediately. which makes me think of a problem with stand-by mode, where I also had a VM on. I also would like to add that I had often freezes with this VM lately (CPU perf. at 100%), which did and did not happen at the same time with the login problem. even though the VM problem may not be directly related, the login problem seems related to the
1758[16:33:48] <greycat> that uses 2 out of the 4 disks for redundancy?
1759[16:34:08] <jla20> greycat, I help shutdown a small business, they had installed a server about a year before. The owner gave me the HW, but the server had been physically damaged.
1768[16:35:39] *** Quits: Tom01 (~tom@replaced-ip) (Remote host closed the connection)
1769[16:35:48] *** cdown_ is now known as cdown
1770[16:36:09] <rozie> I'd also consider raid1 with one hot spare and one stock drive
1771[16:37:21] <ratrace> what for. unused disk is a waste of space
1772[16:37:24] <BazookaToof> sudomake: change your password to use only keys shared with US keyboard layout. this reminds me of something that caused problems for me when using JIS keyboards a few years ago
1774[16:39:25] <greycat> So, when sudomake said they didn't change ANYTHING yesterday, that was a complete fabrication, because they changed their password?
1775[16:40:15] <ratrace> the plot thickens!
1776[16:40:27] <BazookaToof> well there was also some bit about it only breaking after a suspend or something so..
1777[16:40:37] <sudomake> yes, the second time login works, too
1778[16:40:43] <greycat> Sorry, I have a bad habit of asking passive-aggressive rhetorical questions. We already knew that they changed something, because the problem "started yesterday".
1787[16:42:13] <ratrace> problems after standby immediately scream GPU for me, from experience. and gnome being a POS that also requires HW acceleration, my suspicion would be key strokes / input being messed up due to that. it happened before.
1788[16:42:14] <sudomake> if the problem were related to us keys, I should be having problems with login after shutdown-restart
1789[16:42:18] <sudomake> if the problem were related to us keys, I should be having problems with login after shutdown-restart
1807[16:47:19] <jla20> sudomake, I must have missed something! what did you change prior to the failure
1808[16:47:49] <sudomake> jla20, I didnt change anything
1809[16:48:05] <sudomake> that is the story made up by others with no clear aim to be here
1810[16:48:21] <ratrace> sudomake: so there's two questions the volunteers spending their time to support you posed, that you still have to answer.
1811[16:48:25] <sudomake> ratrace, two questions? I must have missed among the noise
1812[16:48:31] <sudomake> I was looking for your questions
1813[16:48:32] <ratrace> 1) is the problem reproducible in tty, 2) did you try different keymap
1814[16:49:03] <sudomake> ok, I will change the password to US keys, and try it on tty
1815[16:49:15] <ratrace> your assumption about keymap does not hold. post-standby corruption in the code can cause any number of things that aren't visible after shutdown-restart
1816[16:49:30] <jla20> sudomake, things don't just happen! something must have changed or you have a hardware failure!
1817[16:50:15] <sudomake> jla20, I swear I had no problem the day before. I put the computer to sleep, and went to sleep myself. and the next morning this happened
1818[16:50:32] <ratrace> my bet is still with the gpu, but that's just me
1819[16:50:54] <ratrace> is that nvidia perchance? that tends to have issues with standby
1822[16:53:06] <jla20> sudomake, that sounds like a HW problem. I suggest you do a full shutdown and restart. power off, disconnect from PS, reconnect, restart
1832[16:58:44] <jla20> sudomake, I use APC Backup UPS's for my systems/ network equipment ... they filter the Power supply and provide power to the system, should the main s go out
1833[16:59:09] *** Quits: zodd (~Zzzzzzzzz@replaced-ip) (Remote host closed the connection)
1834[16:59:42] <pileofstraw> why would the "monit" package be in stretch, buster-backports and bullseye? Did it just skip a buster release?
1857[17:06:22] <ratrace> lol some entitled rusers in that thread
1858[17:06:26] <pileofstraw> I was just reading that, lol
1859[17:06:27] <pileofstraw> hilarious.
1860[17:07:02] <pileofstraw> well that's a pain. before I get it from backports, can anyone suggest a package that will let me monitor a directory and send a slack message when it exceeds a size threshold
1863[17:09:31] <ratrace> pileofstraw: sure nagios could do somethign liek that, but it sounds rather very specific, so I'm guessing you can use any monitoring service that allows you to whip up a quick custom plugin. I use munin and this would be dead easy with munin
1873[17:13:56] <jla20> A long time ago I used to use "sbackup" as my desktop backup program. Does anybody know of a replacement
1874[17:14:38] <ratrace> pileofstraw: SIZE=$(du -sb /path/to/dir | cut -f1); if [ $SIZE -ge $THRESHOLD ]; then curl ...slack_api_call_here ; fi # hardly calls for installing whole monitoring suites just for this, if you're using nagios already
1879[17:20:58] <greycat> Avoid using all-caps variable names, because they may conflict with environment variables and internal shell variables. Quotes are important.
1896[17:31:35] <sudomake> BazookaToof, but it cant be lying in the password characters, obviously. something to do with stand-by? since after shutdown-restart the former password was accepted, too.
1897[17:32:36] <BazookaToof> dunno. don't care. just know it fixed my problems with JIS keyboards
1905[17:33:41] <DammitJim> in the past, we have always just run: apt-get update && apt-get -y upgrade && apt-get -y dist-upgrade && apt-get -y autoremove
1906[17:34:02] <DammitJim> but from what I'm gathering, that's not very safe because you don't know what you are installing beforehand..
1907[17:34:22] <DammitJim> do any of you use special mechanisms to know what you are updating?
1917[17:41:45] <sudomake> I just changed my pw back to the former one, and didnt have login problem after stand-by. perhaps it is not a problem that happens every time. ratrace mentioned above some kind of corruption. what do you think the reason can be?
1920[17:42:38] <sudomake> or perhaps it is a problem that happens after frequent stand-bys. maybe I should shutdown regularly. is that kind of thing familiar?
1929[17:46:43] <sudomake> I dont know if youve been following the conversations with other people on the topic, but I wasnt able to login to resume session after stand-by. I shutdown and restarted, now I can login. dont know if it is now solved, or if I have to shutdown every time I have such problems.
1938[17:53:12] <BCMM> DammitJim: i'm probably missing something here. why not just leave off the -y?
1939[17:53:51] <BCMM> i mean, if you're running apt manually from the command line anyway, it has a built-in feature where it tells you what it's about to do by default
1940[17:53:53] <dvs> BCMM, I think they are running this as an automatic script
1941[17:54:17] <greycat> which is a bad and dangerous thing
1942[17:54:23] <dvs> yup
1943[17:54:28] <BCMM> dvs: it seems likely, but i hope that's not what they're doing
1959[18:01:37] <DammitJim> so, if I need to be able to test the upgrade first, how do I ensure that the same packages get upgraded once we do this on the production systems?
1960[18:01:55] *** Quits: tgunr (~davec@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
1986[18:28:58] <imMute> DammitJim: make a note of which packages were updated and to what version during testing and check that those are the packages/versions available whne you do the upgrade for real.
1988[18:29:49] <imMute> DammitJim: alternately, use the snapshot.debian.org infrastructure to "lock" your view of the apt repo to a specific point in time.
1989[18:30:12] <DammitJim> imMute, snapshot sounds like a great way of doing this
1990[18:30:21] <DammitJim> not sure I can do the former... that's just way too much work
1992[18:31:07] <imMute> DammitJim: for the former, run 'apt list --upgradable' and save it to a text file. do that during the real upgrade too and if the diff between the files is empty, nothing new has snuck in
1993[18:31:42] <DammitJim> imMute, I have to do this for hundreds of servers
2003[18:34:33] <Kobaz> once saltstack debian packages are fixed with the new security issue, then that'll be safe
2004[18:34:35] <DammitJim> I use saltstack and they don't provide a way to only upgrade the packages you tested for to the proper version in an automated way
2005[18:34:41] *** Quits: Haudegen (~quassel@replaced-ip) (Quit: Bin weg.)
2015[18:39:37] <annadane> Kobaz, salt did get fixed
2016[18:39:42] <Kobaz> oh cool
2017[18:39:49] <annadane> though i don't know if salt and saltstack are two different things
2018[18:39:52] <annadane> :P
2019[18:39:57] <annadane> but yeah i got the email
2020[18:40:24] <annadane> i also don't know what "fixed" means, whether that's completely fixed or "this is still super messed up, unplug your machines anyway"
2021[18:40:50] <DammitJim> what salt problem are you guys referring to?
2022[18:40:55] <greycat> !salt
2023[18:40:55] <dpkg> Salt is a tool used for remote mass system management. A vulnerability has recently become public (March to May 2020) and is being actively exploited. See <replaced-url
2024[18:41:00] <DammitJim> I had to patch my master late last week due to a security vulnerability
2154[20:22:55] <pileofstraw> alright in my continuing saga to diagnose random reboots in a cohort of 300 identical machines at a rate of 1-3 per day
2155[20:23:37] <pileofstraw> I am taking 10% of that grouping and setting up kexec/kdump/crash, then running a cronjob to execute a script that checks the size of /var/crash and if it exceeds a threshold it CURLs to a slack app called Dumpy The A**hole Kernel
2156[20:23:44] <pileofstraw> who then messages me with the hostname of the crashed system
2163[20:27:38] <greycat> At the moment I'm assuming it's the infamous "intel driver crashing" bug that only some people seem to run into.
2164[20:27:50] <pileofstraw> It's a two pronged issue and both prongs are possibly unrelated
2165[20:28:16] <pileofstraw> 300+ intel NUC7i5BNK machines running debian stretch went through this issue: replaced-url
2166[20:28:25] <pileofstraw> Without finding cause I field upgraded them all to Buster.
2167[20:28:49] <pileofstraw> Then I started seeing hard lockups during regular operation, with X frozen on whatever it was showing during the lock. No logging is generated.
2169[20:29:10] <pileofstraw> Since then I've been bugging everyone in here for many days on what to try. I cannot reproduce the lockup but the volume of machines in the field means I see about 1-3 per day.
2170[20:29:22] <pileofstraw> I am trying to capture a kernel dump
2171[20:29:57] <pileofstraw> in trying to mitigate it I also discovered the iTCO_wdt watchdog on the NUC7i5BNK is 100% broken, lol
2172[20:30:08] <pileofstraw> talking to intel support about that
2179[20:32:09] <pileofstraw> I am not sure of anything.
2180[20:32:15] <pileofstraw> I have no idea what it is.
2181[20:32:38] <pileofstraw> But I think I've ruled out RAM and unless there was a bad run of NUCs I am hoping it's a bug and not chronically broken hardware.
2184[20:33:29] <petn-randall> pileofstraw: I'd try a different OS on those machines to see if you have hard lockups there, too. If you have, you can at least say with some certainty that it's a hw issue.
2186[20:33:52] <greycat> Have you tried variants on: have some of them on-and-running but not in X/Wayland, or have some of them on-and-running-in-plain-fvwm-no-we-browser? To rule out things like "it's the 3d acceleration".
2190[20:34:55] <pileofstraw> So I have approximately 15 machines in my shop that I can kill X on. At best, if X is the problem, I wont have a definitive answer.
2191[20:35:03] <pileofstraw> It'll either be "X was the problem" or "the crash just hasn't happened yet"
2192[20:35:10] *** flayer is now known as potatoes
2193[20:35:15] <pileofstraw> I can't kill any of the in-field X instances because these are revenue generating adplayers.
2194[20:35:26] <pileofstraw> same answer for the web browser.
2195[20:35:40] *** potatoes is now known as Guest35906
2196[20:35:40] <greycat> I'm not saying it's X. I'm saying it's probably some specific part of the graphics chipset being exercised in a vigorous way by apps that use 3D acceleration, such as GNOME.
2197[20:35:43] *** Guest35906 is now known as flayer
2211[20:40:48] <joepublic> but still more than visa or framebuffer can handle in the absense of the intel drivers?
2212[20:40:53] <joepublic> *vesa
2213[20:40:59] <lpancescu> i also had MATE+compiz hanging on an intel chipset (work laptop) just by switching windows with alt+tab a few times. don't even get me started on nouveau hanging the system with gnome jsut by changing backgrounds...
2217[20:41:48] <pileofstraw> joepublic: what do you mean in the absence of intel drivers?
2218[20:42:21] <a90c> what do you suggest about installing old graphic card's drivers on new distros? whats the best way to do it?
2219[20:42:23] <pileofstraw> like instead of installing the driver stack from 01 and instead using the i915 kernel module with nonfree firmware?
2220[20:42:29] <ham5urg> I would like to build a ldap based login-server so to be used by windows-clients, linux-clients and a samba-server for /home (win and linux) as well as for /some_work_space.
2227[20:43:58] <pileofstraw> joepublic: with this frequency i might not see a crash on an affected system for months? a year?
2228[20:44:10] <pileofstraw> whatever I test with, without being able to reproduce this, I need to do on dozens of machines. it sucks
2229[20:44:53] <joepublic> suckage acknowledged. I didn't really mean test for the crash so much as a test system to see if everything would be fast/capable enough if i915 is blacklisted.
2243[20:50:37] *** Quits: tgunr (~davec@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
2244[20:50:46] <FUtz> hey guys, when i use ssh -X or ssh -Y and i run gedit (for example) gedit will open grafically in my local host and remote host? or just in my localhost?
2245[20:52:03] <greycat> just in what you consider local
2272[21:06:15] <metbsd> is there a way to restore init.d files?
2273[21:06:24] <somiaj> !confmiss
2274[21:06:24] <dpkg> You have to especially tell the packaging system to reinstall config files because when they are gone, it is assumed that you want them to stay deleted. "aptitude -o DPkg::Options::='--force-confmiss' reinstall $packagename" will restore them (man dpkg for details). If the package uses <ucf> for config file management, ask me about <ucf confmiss>.
2275[21:06:34] <somiaj> metbsd: assuming they are beging treated as a conffile ^^
2300[21:16:19] <exceptionz> i switched from testing to sid some time ago. is there any way to filter out the packages uploaded/updated in the last x days for package updates over apt? if not, is there a cli-way to get the information "uploaded/updated" per package?
2305[21:17:42] <annadane> that confmiss factoid is a bit confusing, i'd replace $packagename with <name of package> or something
2306[21:17:44] <somiaj> exceptionz: sid questions should be on #debian-next on irc.oftc.net, and if running sid you should really stay current with the package versions.
2307[21:17:54] <annadane> i know it isn't _that_ confusing but still
2308[21:18:16] <annadane> unless you specifically need the $
2309[21:18:28] <somiaj> It could be a learning expereience, $foo is often a varaible.
2310[21:18:44] <greycat> At some point you have to cut your losses and realize that if you have to dumb down a factoid TOO much, your target audience isn't even Debian users any longer. It's Windows users or something.
2311[21:19:01] <somiaj> what about do I need <>, I don't see how your suggestion changes the are special characters needed or not.
2312[21:19:01] *** debhelper sets mode: +l 1310
2313[21:19:16] <greycat> Plus, if you're dealing with someone THIS dumb, the redirection angle brackets are even more dangerous than the expansion dollar sign.
2314[21:19:21] <somiaj> apt install <fvwm> would fail for the same reason as apt install $fvwm
2315[21:19:41] <exceptionz> somiaj: thanks for the information. i will try to post it on oftc. in fact, i just plan to filter out the packages that have been updated in the last 3-5 days. x should not be that big :D.
2316[21:19:45] <somiaj> well actually not, $fvwm might be a variable in the shell, while <> tries redriects.
2317[21:19:59] <annadane> yeah, all good points
2318[21:20:07] <somiaj> exceptionz: it could be, really if you want to filter 5 days, run testing
2319[21:20:19] <somiaj> testing is said filter
2320[21:21:11] <exceptionz> somiaj: yeah, that's right, that's what i've been doing all along. only it bugs me during freeze.
2321[21:21:22] <somiaj> !slushy
2322[21:21:22] <dpkg> When a <testing> release becomes frozen, <unstable> tends to partially freeze as well. This is because developers are reluctant to upload radically new software to unstable, in case the frozen software in testing needs minor updates and to fix release critical bugs which keep testing from becoming <stable>.
2328[21:24:25] *** Quits: benlue (~benlue@replaced-ip) (Quit: Lost terminal)
2329[21:24:34] <somiaj> exceptionz: also realize that sid/testing is often more buggy than normal (if that is a thing) right after a release, so maybe it is worth stablizing with testing, then waiting a bit before upgrading to testing again.
2332[21:25:50] <somiaj> exceptionz: there are also acceptable ways to install stuff from sid in testing, but in general, if you want a filter to catch bugs, run testing.
2345[21:32:35] *** halvors1 is now known as halvors
2346[21:32:36] <exceptionz> somiaj: my usage information was not quite accurate anyway. i didn't use pure testing but a mixture of testing and sid with some pinnings. i just thought that i should switch to sid completely at some point. however, except for freeze time, it feels unnecessary, and with the additional hints you provided (especially about developer tendencies during freeze), i will reconsider it. my main concern with that filter was to encounter bugs
2347[21:32:36] <exceptionz> for which it is more likely that a corresponding issue has already been created.
2394[22:18:25] <boeg> well, i tried stable a while back, but i found a lot of software not available in newer versions i needed, so it didn't work for me, so I just ended up installing arch, but I thought to see about trying debian again, but maybe with either testing or unstable to have a bit newer versions available, although not sure which of the two to go with. My intuition says testing
2395[22:18:59] *** Quits: Tobbi (~Tobbi@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
2396[22:19:01] <greycat> What specific "software" do you "need" to be still raw and bleeding?
2443[22:44:32] <sney> zodd: it looks like some people have tried to get etherpad into debian but effort stalled a couple times. it doesn't look like there are any license issues. why not use etherpad, then, and be the one who gets it into debian
2444[22:46:20] <zodd> etherpad used to have their own apt repo in the past so it seems. No idea why that was abandoned
2478[23:01:41] *** Quits: CGZero (220285@replaced-ip) (Quit: Lost terminal)
2479[23:01:51] <sawgood> greycat: I too like saying its not full Debian: its an image, but others around me say I'm wrong and that this is full Debian 9, so I let it go
2482[23:02:30] <greycat> The relevant part here is that you had to do something to work around the non-Debian piece of the "image". Debian does not install dhcpcd by default. Raspbian does, I believe.
2483[23:02:40] <greycat> So your OS is probably closer to Raspbian than Debian.
2484[23:02:44] <sawgood> greycat: when I install Debin 9 or 10 from netinstall.ISO I do not face that concern
2487[23:03:31] <sney> if a hardware OEM rolls an image with all packages from debian sources, it is still debian, it's what debian itself refers to as "blends." a lot of those arm board vendors include a proprietary repo for extra packages though
2488[23:03:41] <sawgood> greycat: are you guys seeing lots of Rasberry/Debian usage boggles here?
2489[23:04:06] <greycat> We are constantly harassed by "based on Debian" people.
2490[23:04:06] <sney> but just using a different dhcp client than the standard debian task(s) isn't enough to consider something a derivative IMO
2497[23:05:33] <phogg> If it's not bug-for-bug like Debian it's hard to support if all you can check against is real Debian.
2498[23:06:21] <sney> digital ocean rolled their own kernel but otherwise it's 100% buster? oops, too bad
2499[23:06:46] <phogg> If it's Debian repos + some additional vendor repos and packages it's probably close enough that you can support it, up until the vendor packages become involved. If it's a custom rolled install image it's hard to be sure that it's *just* a different package selection.
2500[23:06:54] <sawgood> I really like using small form factor PCs with multiple NICs for full Debian from .ISO installs: this is my 1st time using Rasberry/Debian ... I had them sitting on a shelf not in use: so I thought why not try to make them work
2501[23:07:15] <phogg> from experience it's usually not just Debian + a package selection, it's that AND random config changes by people who don't necessarily know what they're breaking
2502[23:08:02] <phogg> sawgood: a good impulse, but be sure to be up front about that for support purposes
2503[23:08:15] <sney> yeah and we can still support that because it's no different from a user breaking their own system, in practice
2504[23:08:31] <zodd> hmm. The dependency list of etherpad is quite impressive....
2505[23:08:51] <phogg> sney: at least in those cases there's some hope the user will be able to *tell you what he changed*
2506[23:08:59] <sney> hahaha sure maybe
2507[23:09:06] <sney> "I don't know I was on stackexchange"
2508[23:09:38] <phogg> I'm certainly more confident in telling him how to reset to the baseline and then move forward.
2509[23:11:14] <sney> "I did chmod 777 is that ok"
2510[23:11:45] <sney> "I followed this howto for installing $thing (links blog page from 2009)"
2511[23:12:05] <sney> and those are the ones who tell you.
2516[23:13:08] *** Quits: wonderer (~quakeroat@replaced-ip) (Quit: Famous quotes #120: "The fear of death is the most unjustified of all fears, for there's no risk of accident for someone who's dead.")
2540[23:23:30] <oxek> this is the first month that I am using debian and I am wondering how security updates work with respect to firefox-esr. Firefox 68.8.0esr is out and contains security fixes, but debian contains 68.7.0esr.
2541[23:23:47] <oxek> Does debian not update firefox for the lifetime of a release, and only backport very specific patches
2542[23:23:50] <otyugh> n_1-c_k, diogenes_ : this gives the codename, not the "freshness" of it (oldstable/stable/testing...) :(
2543[23:24:06] <oxek> or has debian determined that none of the security issues in 68.8.0esr affect the version in debian?
2544[23:24:14] <oxek> or am I being impatient?
2545[23:24:27] <tomreyn> oxek: you can check this here replaced-url
2560[23:27:04] <oxek> this is so weird, I did `apt update` just before asking this question and no updates were found, I did it again now and it sees the firefox-esr update... Sorry for the noise.
2590[23:43:47] <pileofstraw> oxek: i've seen that happen, its odd
2591[23:43:49] <pileofstraw> its like apt has to catch up
2592[23:44:24] <oxek> pileofstraw: but my understanding is that `apt update` hits the security repo, which is the same for everyone because it is not a mirror
2593[23:44:36] <oxek> so it's really weird
2594[23:44:38] *** Quits: tgunr (~davec@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
2595[23:44:53] <sney> the mirrors are distributed and don't all sync immediately. security.debian.org is a round robin dns I believe, not a single host
2608[23:49:15] *** Quits: isostatic (uid224824@replaced-ip) (Quit: Connection closed for inactivity)
2609[23:50:17] <LtL> oxek: no
2610[23:51:06] *** BrianG61UK_ is now known as BrianG61UK
2611[23:51:12] <LtL> oxek: subscribe to the mailing list and you'll be notified of all security announcements before they hit the repo's.
2612[23:51:27] <oxek> LtL: I was wondering because greycat wrote "And even if you're using the older security.debian.org URLs" so I thought there was something newer. Like using deb.debian.org for the security updates as well.
2613[23:51:50] *** Quits: mase-tech (~mase-tech@replaced-ip) (Remote host closed the connection)