71[01:33:15] <annadane> you're welcome to say it rocks, just don't ask questions about it here
72[01:33:25] <annadane> !based on debian
73[01:33:25] <dpkg> Your distribution may be based on and have software in common with Debian, but it is not Debian. We don't and cannot know what changes were made by your distribution (compare replaced-url
96[02:00:22] <mbnt> Hi, my mobo has a feature called XMP, where I can switch the RAM speed to what it is capable of instead of the default speed. However, when I boot into my Debian OS, it behaves all wonky. Can Debian support XMP?
97[02:01:07] *** Quits: de-facto (~de-facto@replaced-ip) (Quit: See you around.)
98[02:01:08] <mbnt> So, on auto setting, debian is fine, on XMP, programs freeze/crash/data goes missing
108[02:03:22] <sney> it would be upstream linux, since it's a hardware thing. the other possibility is that the "capable of" speed is over-estimated and you're really overclocking the ram past what it can handle
109[02:03:35] <trek00> it should work on linux, but it really depends by the hardware configuration (ddr and mobo)
138[02:15:10] <sney> it gets upgraded when you upgrade to a new debian release, e.g. 9 to 10. the default-jdk for debian 10 will stay the same except for bugfixes etc
160[02:25:02] <mbnt> "ultra durable", or so it claims. : - b
161[02:25:37] <mbnt> Well, Blender chokes when I use it, so maybe it will choke less.
162[02:26:00] <randompleb> Damn I had a LGA 775 board G41M-ES2L still works. My 1155 board (ASUS) battery died so I replaced it with my gigaby te one. I believe they had "dual bios" as advertisement back in 2008..
163[02:26:12] <trek00> mbnt: it should work, but after a bit of tuning on timings
164[02:26:34] <mbnt> trek00, So I look for timings in the BIOS/
165[02:26:36] <mbnt> ?
166[02:26:53] <trek00> mbnt: yes
167[02:27:16] <trek00> mbnt: don't expect big improvements on the speed however
168[02:27:19] <mbnt> I'm such a newb
169[02:27:21] <mbnt> thanks
170[02:27:34] <trek00> mbnt: are you using blender via opencl?
171[02:28:19] <trek00> (on the internal gpu?)
172[02:28:21] <mbnt> mbnt, Yeah. I have the amd proprietary drivers installed for Ubuntu and Windows (multiboot) but I also have Debian
173[02:28:34] <mbnt> I don't think I can install amdgpupro for Debian
193[02:35:38] <hunter0one> Came back to Debian today =)
194[02:38:34] <trek00> mbnt: if you want use opensource drivers with opencl from amdgpu-pro you could, but no guarantees it will work fine replaced-url
195[02:38:55] <trek00> hunter0one: feel good?
196[02:39:12] <hunter0one> trek00: Absolutely
197[02:39:17] <trek00> good! :)
198[02:39:35] <hunter0one> I always come back. Maybe I can end my distro hopping habit.
205[02:44:01] <mbnt> nor are proprietary nvidea ones, is this true?
206[02:44:40] <sney> nvidia proprietary works very well but when there's a problem you're out of luck, and they don't always keep up with kernel/xorg changes as fast as we'd like.
207[02:44:57] <sney> nouveau is fine for basic usage and older gpus
208[02:45:23] <sney> there was a time when amd said they were going to scrap the proprietary (then fglrx) linux driver and just contribute to radeon. I'm not sure what happened to that
209[02:45:25] <trek00> mbnt: with amd they are focusing more on opensource drivers on linux, but the opencl part (radeon on compute ROCm) is not yet available on debian/ubuntu
222[02:51:57] <trek00> mbnt: the open amdgpu should be faster and more stable then amdgpu-pro, it should be better to install only the opencl part from amdgpu-pro
223[02:53:18] <tomreyn> there's also a fully open opencl stack, but it's not as mature.
224[02:53:39] <mbnt> trek00, I will look into that link you sent me
225[02:53:54] <mbnt> It would be awesome to do real video editingon Debian
226[02:53:56] <trek00> mbnt: i think Stallman is never gone to jail :)
227[02:54:20] <mbnt> trek00, He did go, briefly, because he protested against AMD proprietary drivers
236[02:56:06] <trek00> Protesting against proprietary software in April 2006, Stallman held a "Don't buy from ATI, enemy of your freedom" placard at a speech by an ATI representative in the building where Stallman worked, resulting in the police being called. replaced-url
286[03:46:03] <dpkg> Many debian channels are on the OFTC network (irc.oftc.net), *not* on freenode. If you try to join one and you see "Cannot join (Channel is invite only)." it means you did not read it's on irc.oftc.net. See also replaced-url
365[05:21:20] <mbnt> Unit193: I cannot get into my GUI now because of that
366[05:21:43] <Unit193> I believe someone else tried to give you answers, and you didn't seem to like them.
367[05:21:49] <RodrigoBR> Debian is lighter than Ubuntu, thus it's better. There are many files and solutions common to both. And since Ubuntu is so famous, you'll find lots of answers on Google that serve for Debian as well
368[05:22:10] <mbnt> Unit193: It was not that I did not like it, rather, it was that it did not work.
369[05:22:32] <RodrigoBR> video drivers for Linux suck, because they're most proprietary
370[05:22:41] <mbnt> Unit193: And I did not like that it did not work.
371[05:22:47] <RodrigoBR> So install the proper video driver is the first thing you should do after installing the system
372[05:22:52] <Unit193> mbnt: So other than "didn't work" and "tried that already", do you have some error output or something?
373[05:23:09] <mbnt> Unit193: Yeah, no GUI
374[05:23:23] <mbnt> Not even command line unless I get into rescue mode
375[05:23:36] <RodrigoBR> @mbnt Have you tried unix.stackexchange.com already?
376[05:24:05] <mbnt> I was hoping a straightforward uninstall of all that crab would bring me to the pre-install state
377[05:24:09] <Unit193> mbnt: So when you tried to remove the offending package, what output did you get?
378[05:24:14] <mbnt> Is that asking too much?
379[05:24:44] <mbnt> Nothing in the following line, so the assumption was that it worked
380[05:25:00] <mbnt> Then when I reboot, I got an existential nada
381[05:25:26] <RodrigoBR> Have you tried unix.stackexchange.com already?
382[05:25:34] <Unit193> Anything in /var/log/Xorg.0.log?
383[05:25:38] <mbnt> Except in rescue mode
384[05:26:17] <mbnt> Unit193: Ahhh, you mean spend a coupld of days trying to debug versus reinstalling for an hour or two
385[05:26:37] <Unit193> No, I do not mean that but if you'd rather re-install, that's fine. :)
386[05:27:09] <mbnt> Apparently uninstalling is not so straightforward
387[05:27:35] <Unit193> If a package is poorly created, it might not.
462[07:00:39] *** Quits: bnw (~bnw@replaced-ip) (Remote host closed the connection)
463[07:04:23] <bolt> I just realized I'm postponing upgrading to buster only because I can't be arsed configuring all of my tiling wm stuff, all the hotkeys and customizations again... My config is getting in the way of me doing stuff O.o
464[07:05:08] <somiaj> what wm do you use?
465[07:05:13] <bolt> awesome
466[07:05:40] <bolt> And, as you do with a tiling wm, I've customized the hell out of it to make everything work brilliantly.
467[07:06:40] <somiaj> and all of this customization lives nicely in $HOME right?
471[07:07:49] <somiaj> anyways you can upgrade in place from stretch->buster, and with most WMs all the configuration should live nicely in $HOME, so provided awsome didn't do any incpmadable changes from 4.0 to 4.3, you shuld be able to upgrade in place and have the exact same setup
472[07:07:53] <bolt> somiaj: of course it does. I've already tested upgrading however, and things will break. A bunch of programs change their window hints and such so my custom positioning rules break.
473[07:07:57] <somiaj> (At least as far sa the wm goes)
474[07:08:40] <somiaj> hmm, I've been running fvwm for 10+ years, and I dno't have to change much of anything, except a few styles here and there, maybe you should be triggering off of diffrent hints
475[07:09:02] <somiaj> though you could also just being using software that changes its class/resource/name way more often than ti should
476[07:09:43] <bolt> Time to go window manager hunting and finding something less fancy that I can live with, because this is just stupid. After all, I can survive even on Windows for some of my workflow. I must be able to find a WM that's tolerable with less than an hour of work :)
478[07:10:56] <somiaj> do you just use a ton of software, because maybe that is the difference here, i do most my work in xterms, so I have xterm/firefox and maybe a few other gui apps that I rarely use like gvim, and eveince
480[07:13:15] <bolt> Yeah, I have to use a lot of different stuff. so much so that I went the route of running many GUI apps in separate docker containers so their packages and dependencies won't clutter up my main system. That worked surprisingly well.
481[07:13:22] <RodrigoBR> No way you can do a bash script to save all the configuration to a file, and other script to put it back again? That would be useful!
482[07:13:51] <RodrigoBR> I've never used wm though, so sorry if it's a silly idea
483[07:14:00] <bolt> The bash script would have to know about all the changes to every single piece of software :)
492[07:20:01] <somiaj> RodrigoBR: problem is lots of gui software is garbage and doens't realize how important ICCCM2/EWMH hints are
493[07:20:22] <somiaj> so they change things without realize the ramifications to us windowmanager users who use that to control our enviroment
494[07:21:28] <BazookaTooth> strange form of tech debt
495[07:21:41] <RodrigoBR> ok, but let me understand: awesome helps you setting a default window position for many different software? It must put these definitions somewhere, in its own dir or in each program dir, right?
496[07:22:24] <somiaj> RodrigoBR: that is not the issue, a window manager is what xorg uses to control where windows appear, how they are layed out, which window has focus, which window is on top of another and so on.
497[07:22:43] <RodrigoBR> right
498[07:23:05] <somiaj> some of the customizations a user might want is to run firefox on desktop 2 maximized
499[07:23:45] <somiaj> so everytime firefox is run it should be put on desktop 2 and maximized, now the window manager needs to be able to identify what window firefox is so it can put the right window in the right spot per the user's confiragion
500[07:24:06] <RodrigoBR> what I'm thinking is: if you customized everything, this customization is somewhere, or in the awesome dir, or in each program's dir
501[07:24:23] <RodrigoBR> in the second case, awesome still has to know which programs are those
502[07:24:30] <somiaj> well if in one relase firefox identifaction string was 'firefox 52' and in the next release it was 'firefox 62', the confiugration is broken, because the window manager will not be able to identify the window any more, since the program changed its name
503[07:24:45] <RodrigoBR> oh I see
504[07:24:51] <somiaj> so bolt would have to go manually reconfigure each and every window that changed its name in the custom config file
505[07:24:56] <RodrigoBR> so it's not only updating Debian to 10, but every software
506[07:24:59] <somiaj> for a few windows it might not be a big deal, for tons of apps it will
507[07:25:46] <RodrigoBR> unless you're able to parse the names to extract just the basename, not the version. I think that's possible in a script, and not overwhelmingly hard
508[07:25:52] <somiaj> I have the same issue when I upgrade my system, but I run about 10 apps max (90% of my work is in terminals and xterms) so it doesn't bother me to update a few things
513[07:26:56] <somiaj> well what if the name changes are more distracstic than my example, but anyways, I'm surprised things change that much, but I don't run quickly evolving software
514[07:26:57] <RodrigoBR> That's something every user will want
525[07:33:27] <qman__> I also use awesome, the problem there is that they have major breaking changes too frequently
526[07:33:50] <qman__> to the point where upgrading required essentially rewriting rc.lua, not even a simple find/replace or patch would do
527[07:34:44] <qman__> the documentaiton also leaves a lot to be desired from this specific issue
528[07:34:45] <RodrigoBR> Well, I use most of my windows maximized, and I'm a big friend of Alt+Tab. That do it to me
529[07:36:48] <qman__> the window selection issue is real, too - certain apps just refuse to be managed by the window manager, they pop up on the "active" screen regardless of configuration
530[07:37:01] <qman__> it's infuriating
531[07:38:03] <qman__> unfortuantely I haven't found a better solution yet
539[07:42:37] <somiaj> qman__: I say use fvwm, it works great for me, though it isn't a fully tiling wm, you can configure almost everything and make it almost tile
540[07:42:38] <qman__> interesting, but I'm not sure how that could work with tiling window managers
554[07:58:48] <shtrb> Good morning ,is "sudo rsync -av -X -P /home /mnt/backup/" incorrect way to copy home folder with ownership preservation (/home/userX and all files have the proper ownership , but /home/userX/.ssh is owned by root ) ?
567[08:04:31] <shtrb> /mnt/backup/home/userX/.ssh is owned y root , but /home/userX/.ssh is not
568[08:04:49] <somiaj> is this backup ran as root?
569[08:04:53] <shtrb> yes
570[08:04:58] <shtrb> *sudo
571[08:05:23] <somiaj> if you remove /mnt/backup/home/userX/.ssh and then run it again, the new directory gets owned by root?
572[08:05:31] <shtrb> yes
573[08:05:54] <somiaj> anyways, I have never noticed this happening, but I don't use -X or -P on my rsync commands, though I don't see why they would affect this.
574[08:05:56] <shtrb> It's all subfolders for each user are owned by root in such case
576[08:07:06] <shtrb> If anything I recently install apparmor-extra-plugins, but I do not see any denied messages yet
577[08:08:07] <shtrb> Also the users are logged in during the backup
578[08:08:48] <somiaj> I don't see why -a is not preserving ownwership, though in my test (which did preserve ownership) I found I don't like mixing -v and -P
579[08:09:29] <shtrb> it's just verbose and progress
580[08:09:32] <somiaj> oh I guess it doesn't matter, maybe I experced somethign different from -P, but I doublt that is the issue
581[08:09:50] <somiaj> yea, I was thinking progress would be a refreshing percent, but the verbose kept it scrolling
621[09:05:11] *** Quits: Grldfrdom (uid391113@replaced-ip) (Quit: Connection closed for inactivity)
622[09:05:30] <ratrace> shtrb: --info=progress2 will give you overall progress, -P is just per file. -a should totally preserve ownership. Is this a mounted filesystem, perhaps somethign thta doesn't support permissions? fat? smb protocol?
629[09:11:21] <ratrace> shtrb: what happens if you just cp -a /home/userX/.ssh /mnt/backup/home/userX/ (after having removed .ssh from /mnt/backup/home/userX) ?
634[09:12:48] <ratrace> shtrb: that's absolutely impossible unless you're not giving us all info. there must be some protocol involved that doesn't know permissions, in sending files to that mountpoint.
635[09:13:23] *** Quits: dez (uid92154@replaced-ip) (Quit: Connection closed for inactivity)
636[09:13:24] <ratrace> is this a linux system? is there a setuid on /mnt/backup/home/userX ? is THAT owned by root too?
642[09:15:07] <shtrb> Oh feces , I got help in a different channel , I was checking few seconds after the rsync and copy , I had been told I should run sync and after that the ownership was correct !
643[09:15:37] <shtrb> Thank you ratrace and somiaj , it was just me not knowing I had to wait little bit more and run sync
651[09:17:23] <ratrace> that's bad though, because you have something there that's messing up things and you don't know what it is
652[09:18:02] <ratrace> are you 100% sure that /mnt/... is not over nfs, smb or anything like thta, that would munge or remap permissions? are you in a namespce and observing ownership from outside?
653[09:20:52] <shtrb> ratrace, /dev/mapper/backup on /mnt/backup type ext4 (rw,relatime) (it's over luks ) , I have no idea about namespaces but I had recently installed apparmor-extra (but no denied messages or anything in kern.log for now )
1001[14:17:49] <trek00> brutser83: probably they decrypt root partition (containing /boot) from grub to read kernel and initrd, then the kernel needs to decrypt again the root partition to boot
1060[15:22:52] <pileofstraw> 300 crashing machines update: apparently the solution to never have a machine crash is to configure crash logging on that machine
1061[15:23:11] <pileofstraw> i set up kexec/kdump on 10% of them and they are rock solid for days its driving me nuts
1063[15:26:32] <oiaohm> pileofstraw: I have had something like that trace to a bad batch of ram. By setting up kexec/kdump I had allocated the bad area of ram causing problem to disappear.
1064[15:26:53] <oiaohm> That was 40+ machines with ram from exactly the same batch.
1069[15:27:49] *** Parts: bswartz (~bswartz@replaced-ip) ("PRIVMSG #ubuntu-devel :ahasenack: Can I just fix a bug in the package myself then?")
1070[15:28:16] <oiaohm> pileofstraw: if it that bad ram and the kexec/dump setup allocated the bad area so nothing uses it the buggers are not going to crash.
1071[15:29:05] <oiaohm> Have you performed a multi pass ram test on any of them.
1072[15:29:26] <pileofstraw> Oh shoot I see what you are saying now. lol.
1073[15:29:56] <pileofstraw> Yes I have. memtest86+ pro, 50 passes for over 24 h
1074[15:30:03] <pileofstraw> on a handful of them that had crashed.
1075[15:30:07] <oiaohm> If it the fault I had it annoying as hell.
1076[15:30:32] <pileofstraw> Honestly that's not the worst, I could set up kexec/kdump on all of them and bypass the issue =)
1077[15:30:53] <pileofstraw> Can you specify the area of ram allocation in kexec? you could run a front-half back-half test.
1078[15:31:10] <oiaohm> I could not answer that one.
1080[15:31:32] <oiaohm> I found it in past by a multi pass memtest on one of the machines.
1081[15:32:21] <oiaohm> The issue I had was bad ram and 3 to 4 months latter a machine I had missed with the same ram from the same batch the complete memory cards gave out.
1082[15:32:58] <oiaohm> So setting up kexec/kdump to hide it may not be a long term move.
1083[15:33:41] <oiaohm> Ok when it ceases to hide the fault the fault should be simple to find.
1102[15:46:08] <zodd> pileofstraw, I assume you have a logserver and moniutoring setup and have ipmi/ilo/whatever in place?
1103[15:47:56] <pileofstraw> I do not. I would love to know if that is useful, though, given that no logs are written to the local machine during the crash.
1104[15:48:03] <zodd> indeed without data/measuring/logging/probing it will be hard to diagnose
1105[15:48:29] <pileofstraw> My assumption was that since nothing is written to kern.log, syslog, or X log it wasn't going to send something to my log server.
1126[16:00:06] <pileofstraw> zodd: regardless, do you have any reason to think that logs would be output to an external log server but NOT written to any local logging?
1130[16:04:31] <zodd> no, not given the current insights. But the same is true for the opposite. What I would do: #1 think of differences between servers that have had problems and ones that did not (if any). #2 check ipmi/ILO/DRACS/etc #3 check monitoring services (do resources peak, when, why) #4 isolate one server and create a test environment in which you can enforce the problem. Can you do that consistently? etc
1131[16:04:38] *** Quits: charking (~charking@replaced-ip) (Quit: THANSK FOR WHATEVER)
1132[16:05:39] <zodd> given my current view/knowledge of the situation your nick is striking. You are looking for a needle in a haystack.
1133[16:06:23] <zodd> I sincerely hope Nagios can provide some patterns/pointers
1134[16:06:26] <pileofstraw> These are not servers, they are NUC7i5BNK media players
1140[16:07:00] <pileofstraw> I cannot reproduce the problem under any circumstances that I have yet found.
1141[16:07:18] <brutser> can someone help me with encryption of the root fs on debian 10? : replaced-url
1142[16:07:21] <pileofstraw> Not that I can detect with lm-sensors, plus they're running in outdoor signs in Calgary so high temps are not realyl an issue.
1143[16:07:41] <pileofstraw> Of the 300 deployed machines I see 1-3 crashes per day at random.
1156[16:11:47] <pileofstraw> this is during normal operation on a machine that has previously crashed.
1157[16:12:25] <pileofstraw> We don't really use complex encoded files, these are adplayers. They don't undergo massive load, they play jpegs and simple videos for the most part.
1158[16:12:33] <pileofstraw> But I am happy to test that on my bench
1159[16:12:49] <pileofstraw> joepublic: outputting to large format 1920x1080 LCDs
1160[16:12:57] <pileofstraw> ranging from 55" to 86"
1192[16:34:15] *** Quits: conta (~Thunderbi@replaced-ip) (Remote host closed the connection)
1193[16:34:58] <brutser> if i do a dualboot with debian, how can i prevent debian thinking to use the swap partition of my first install when doing the 2nd installation? also LVM seems to get mixed up when doing dual installation, is that known?
1194[16:35:11] <zodd> no_gravity, depends on hardware and if the bootloader can be hacked. Check if someone reverse engineered your device and if not the answers is: maybe, but it will require a lot of work and knowledge and some luck
1197[16:36:44] <no_gravity> zodd: I don't have a device. But I would buy one if I could install Linux on it. Unfortunately it seems information on it is very very sparse around the net.
1198[16:37:12] <joepublic> brutser, is there some reason you wouldn't want a swap partition to be used by whatever boots?
1216[16:48:02] <brutser> cybercrypto: just i have a debian installation on the system and i want to create a 2nd debian system on encrypted volume, including boot - but when installing the 2nd debian system, it starts using the swap of os1
1217[16:48:28] <brutser> also when i use LVM, i suddenly see swap lv of os1 end up as lv on os2, quite weird
1221[16:51:04] <cybercrypto> brutser: i see. you want 2 debian systems running on the same hardware-host, full encryption, and each system using its own's swaps partitions
1222[16:51:07] *** Quits: coruja (~coruja@replaced-ip) (Remote host closed the connection)
1224[16:51:54] <cybercrypto> brutser: you name the lvm partitions differently for each OS1 and 2 and you confirmed that OS2 is botting using swap from OS1?
1225[16:52:27] <brutser> the LV's have similar names, but different volume group
1244[17:02:41] <PaddyF> bt40: command line interface then :)
1245[17:03:01] <PaddyF> (maybe with sudo)
1246[17:03:09] <bt40> ok
1247[17:03:30] <schreiberstein> multistrap looks like the best tool for the job. However, it is written in Perl and I do not want to use something that is unmaintained and potentially unfixable for me in the future.
1248[17:03:54] <bt40> Unable to init server: Could not connect: Connection refused
1249[17:03:54] <bt40> (gedit:2820): Gtk-WARNING **: 20:33:36.886: cannot open display: :0
1250[17:04:11] <bt40> is this problem with Wayland?
1251[17:04:25] <bt40> I also can not open sudo nautilus in wayland session
1252[17:05:09] <Walex> bt40: "DISPLAY" and ":0" are X11 things.
1270[17:13:09] <diogenes_> watch out for wsky because here is the last message in #fedora: fedbot has kicked wsky from #fedora
1271[17:13:14] <ratrace> bt40: also, you can't run gnome applications with sudo. gksu is deprecated, so to open files that require root privilege (like /var/log/syslog) you need "admin:///path/to/file" URL given to, say, gedit
1272[17:13:38] <bt40> ok thanks
1273[17:13:49] <bt40> need to go go now, something urgent
1274[17:14:00] <ratrace> bt40: that said, you shouldn't open syslog files in a text editor like that. cat, less or grep are your best friend for logfiles
1293[17:21:15] <wsky> not absolutelly flawless at all
1294[17:21:16] <schreiberstein> If a package is maintained by the Debian QA group (=> orphaned), does this mean it will not be supported anymore if it breaks?
1295[17:21:37] <wsky> wait
1296[17:21:45] <wsky> this is #debian not #fedora
1297[17:21:53] <PaddyF> yup
1298[17:22:05] <wsky> i had no sleep for last 30h pardon me
1299[17:22:10] <wsky> anyways, /topic
1300[17:22:15] <PaddyF> +1
1301[17:22:36] <schreiberstein> wsky your name suggests intoxication.
1302[17:22:48] <PaddyF> maybe its short for white sky
1308[17:25:55] <ajshell1> I have a rather exotic issue. Debian (and Ubuntu) have an "apt" user that is a member of group 65534 (aka "nogroup").
1309[17:26:00] <ajshell1> However, I have an unprivileged LXC container where I have to do user and group id remapping, which involves remapping"nobody" and "nogroup"
1310[17:26:05] <ajshell1> (as described here: replaced-url
1311[17:26:11] <ajshell1> This causes apt to no longer work in the LXC container.
1312[17:26:18] <ajshell1> Can I change the group the apt user is a member of, or should I just use CentOS or Fedora instead?
1321[17:30:29] *** zykotic10 is now known as zykotick9
1322[17:30:30] <ratrace> ajshell1: I suppose you can. Dunno if any paths would need to change ownership to reflect that, but I doubt it. nobody/nogroup shouldn't own any files anyway
1335[17:35:08] <hisacro_> I was setting up a system with netinst iso, I choose only xfce & system essentials after installation it came to ~1400 packages.. does choosing xfce installs debian specific other packages..
1392[18:15:36] <zykotick9> hisacro: FYI debian "main" doesn't have any non-free software, you need to look into the non-free (and possibly contrib) repos.
1393[18:16:01] <ratrace> ice9: ran htop as root?
1394[18:16:09] <ice9> ratrace, yes it's as root already
1395[18:16:38] <ratrace> ice9: sorting by cpu usage? also, how are you measuring load and cpu utilization?
1436[18:42:14] <RadoS> annadane, though I wonder why this followed up: "I would appreciate it if you could reply to self with signed mail re-stating this."
1437[18:42:27] <RadoS> Was there some deception/ sabotage going on?
1438[18:42:31] <annadane> no clue
1439[18:43:18] <annadane> this was before my time :P
1444[18:46:50] <sawgood> Hey Debian pros: Since Debian 9 and 10: have no firewall starting by default and since UFW is now the new firewall process: do I have to do anything to install or use iptables other than turing in it on?
1445[18:46:53] *** Quits: Tobbi (~Tobbi@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
1446[18:47:43] <sney> no firewall by default has been a debian standard for a long time, because the user is expected to know if they need a firewall. do you need a firewall?
1450[18:50:41] <sney> if you do: ufw is a frontend for netfilter. If you would rather use netfilter directly, that is fine. Netfilter upstream recommends that people migrate from the older iptables interface to the new nftables instead.
1451[18:50:42] <sawgood> sney: perfect, and I agree: but is iptables put on during an install of 9 using netinstall.iso
1452[18:50:59] *** Quits: tvm (~tvm@replaced-ip) (Quit: Lost terminal)
1453[18:51:08] <sney> iptables may or may not be installed depending on what tasks are chosen during the install.
1454[18:53:01] <ratrace> I see no reason to migrate from the iptables interface, since nft is likely to be come replaced by ebpf based firewall.
1459[18:56:39] <sney> I firewall on separate devices as much as possible so I am mostly outside this conversation anyway, but iptables was 2.4 era tech and I'm honestly surprised it took this long to be supplanted
1460[18:57:18] <sney> I generally only bring up nftables when the person asking clearly doesn't already have a firewall on their machine. if you're starting from 0, might as well use the current thing.
1468[19:01:55] <sawgood> in CentOS: you can setup how iptables starts/loads with a file in /etc/sysconfig called iptables-config (does) Debian have that same type of process?
1473[19:03:52] <sawgood> ratrace: wonderful: can you help me with this question; I have Debian 10 (Buster) running on 2 boxes, and I want to use iptables: they were build using netinstall.ISO (and) type= basic infrustructure server
1474[19:04:09] <sawgood> ratrace: what else should I add to these (2) machines to have a full netfilter / iptables process?
1475[19:04:34] <ratrace> sawgood: install the `iptables` and `iptables-persistent` packages
1476[19:05:28] <sawgood> ratrace: ok, but without installing anything: already don't I have the iptables package on the box?
1479[19:07:04] <ratrace> sawgood: dpkg -l iptables ... if it starts with "ii iptables ..." then it's installed. `which` won't find it unless you're root, because it's in /sbin/ that's not in unpriv user's PATH by default
1481[19:08:12] <sawgood> ratrace: yes: ii iptables 1.8.2-4 amd64 administration tools for packet filtering and NAT
1482[19:08:13] <sawgood> r
1483[19:08:29] <ratrace> so you have it. probably not iptables-persistent
1484[19:08:59] <sawgood> no I don't: adding now with apt-get
1485[19:09:40] <ratrace> sawgood: iptables-persistent works with files under /etc/iptables/ which you can manually use via iptables-restore and iptables-save (and ip6tables-restore, ip6tables-save)
1486[19:10:21] <ratrace> installing iptables-persistent will ask if you wanna save the current state, iirc
1492[19:15:16] <sawgood> ratrace: I added: iptables-persistent package: and now I have a directory /etc/iptables with a file rules.v4 ..... but is there a file for iptables-config (which) show what iptables will do when it starts (not the filter rules)
1496[19:17:23] <ratrace> sawgood: what do you mean "iptables will do"? it's only job is to manipulate the rules. the iptables-persistent framework makes sure /etc/iptables/rules* is loaded on boot
1497[19:18:44] <sawgood> ratrace: yes; got that part down: thanks: but in CentOS there is an additional file in /etc/sysconfig (called) iptables-config (and) cool things about iptables (and how it will start) (go in here) and you still have another file which store your rules when loading
1498[19:19:04] <sawgood> I'll pastebin the /etc/sysconfig/iptables-config file to show you what I mean
1500[19:20:39] <ratrace> sawgood: what do you mean "how" it will start? what kind of options are thre? otherwise, /etc/sysconfig is the old way for service configuratoin, before systemd. on debian, that's the role of /etc/default/ which are env vars sourced by service units, or used by init.d scripts if they don't have a systemd unit yet
1501[19:20:59] <sawgood> ratrace: can you view this: replaced-url
1502[19:21:11] <ratrace> keep in mind iptables is NOT a service. that's why iptables-persistent plugin to the netfilter-persistent service is needed
1503[19:21:33] <sawgood> maybe that doesn't apply: since my CentOS box is 6 and using sysV and not systemd
1505[19:22:01] <ratrace> sawgood: okay so that's some kind of centos-specific convenience service. if oyu want to specify modules on boot in debian, it's /etc/modules
1508[19:22:41] *** Quits: mcnugit (~User2.0@108-232-25-53.lightspeed.sndgca.sbcglobal.net) (Quit: My MacBook has gone to sleep. ZZZzzz…)
1509[19:22:47] <sawgood> For Debian: I'll use: systemctl enable iptables ...
1510[19:23:07] <ratrace> sawgood: it's all conveniecen though. you can always whip up your own systemd unit to do whatever you want with it, modprobing and managing /etc/iptables/rules* or whatever else. iptables per se does not have a service
1513[19:24:38] <ratrace> sawgood: so you probably mean systemctl enable netfilter-persistent.service, but you don't really have to. on debian, almost any package with a service (with some exceptions) will auto-enable and auto-start the service(s) upon installation
1531[19:35:38] <sawgood> ratrace: ok got it: so if one has the iptables package installed by default on Debian (different from UF@) ... then it started during boot: and all you have to do is add iptables-persistent
1533[19:36:29] <sney> you got the opposite of it, actually
1534[19:36:40] <dvs> yeah
1535[19:37:16] <sney> if you have the iptables package installed by default (it's recommended by network-manager so this is common) then you have the iptables utility, which lets you control the running kernel firewall rules.
1536[19:37:28] *** Quits: mortderire (mortderire@replaced-ip) (Remote host closed the connection)
1537[19:37:32] *** Quits: xcm (~xcm@replaced-ip) (Remote host closed the connection)
1538[19:37:34] <sney> if you want something to "started during boot", *that* is what iptables-persistent is for.
1539[19:38:16] <sney> iptables itself is part of the linux kernel. it is not a service and has nothing to do with sysv or systemd.
1541[19:39:26] <sawgood> sney: thank you ... so just add iptables-persistent and put in my rules then?
1542[19:40:08] <sney> yep!
1543[19:41:13] <sawgood> sney: since this is the case: iptables is part of the kernel: and it is running with no rules: why then: does Debian say by default UFW is the "new" firewall and it is off by default?
1545[19:42:13] <ratrace> I'd say, since you have no idea how iptables works, you're better off with a higher level firewall like UFW or Shorewall
1546[19:42:28] <ratrace> firewalld is also available if you come from CentOS 7+ world
1547[19:43:18] <sawgood> ratrace: I do have a solid grasp of iptables (CentOS process), but as much Debian: I know how to make rules: etc ...
1548[19:43:30] <sawgood> no firewalld for me: I want iptables ...
1549[19:43:56] <sawgood> ah: UFW is a front-end for iptables (under Debian) got it ... sorry for bothering you so much about UFW ...
1550[19:44:31] <sawgood> UFW is a simplified firewall mechanism that is implemented on top of iptables. UFW is not as flexible but is easier to configure for common scenarios
1551[19:45:15] <cybercrypto> sawgood: I recommend you to read ipfilter.org (project website) and understand the moving forward architecture evolution. Iptables is not default in debian buster anymore (you can use it still, of course... but it will be replaced eventually).
1552[19:46:00] <cybercrypto> sawgood: UFW is just a 'front-end' to simplify the management of the 'firewall rules' for desktop users.
1555[19:47:45] <sawgood> cybercrypto: no kiddin: I know iptables: just not how Debian uses it under 8/9/10, but I'm gaining on this very fast ... no need for me to read up on iptables, but thanks for the tip
1557[19:49:23] <sawgood> I was confused: thinking: and I don't know why: that when CentOS switched to firewalld (and) around that same time Debian started using UFW: that UFW as a new firewall process (not iptables based) ... and that was my mistake
1559[19:50:05] <hl521> Hey, I'm tryin to install unifi to adopt a switch and access point, but it seems to be failing since it requires MongoDB <= 3.6.0, is there anyway to force installing mongodb of that version, or will I have to install it via dpkg?
1561[19:50:22] <sawgood> BTW: you guys here are much nicer than the CentOS room at times ... what a difference!
1562[19:50:35] <cybercrypto> sawgood: UFW is a front-end. if you know iptables/ipfilter commands and sintax you dont need UFW at all.
1563[19:50:52] <sawgood> cybercrypto: right on, sir ... perfect!
1564[19:51:20] <sawgood> back in business Debian 9 / 10 using iptables and iptables-persistent
1565[19:52:32] *** Quits: conta (~Thunderbi@replaced-ip) (Quit: conta)
1566[19:52:44] <cybercrypto> sawgood: if you dont want to learn (dig commands iptables/ipfilter) you can still manage your own 'personal' desktop firewall using UFW with reasonable quality. UFW facilitate that for you.
1573[19:55:30] <sawgood> cybercrypto: going / learning / moving from CentOS 6 to 7 took a lot out of me, and for a while: I was sticking with CentOS 6, but now I have 7 built all day / night, and I'm gaining fast with Debian 9 and 10 skills
1574[19:55:46] <trysten> Do i understand correctly that _older_ versions of grub don't support raid metadata > 1.0?
1575[19:56:03] <trysten> And that newer versions should be able to handle it? Where is this documented?
1577[19:57:17] <sney> that sounds like changelog material
1578[19:59:13] <cybercrypto> sawgood: visit the main project site, that covers the firewall for linux kernel in general (distro independent) replaced-url
1580[20:00:41] <soft_concrete> hi, is it possible to add a static route for an interface that is using DHCP, in /etc/network/interfaces?
1581[20:01:27] <sney> yep, with an up command
1582[20:01:32] <soft_concrete> thanks
1583[20:01:38] <sney> 'man 5 interfaces' should have examples
1584[20:02:47] <cybercrypto> sawgood: you can go to the main page and check history to get a good overview about it. it started with iptables -> netfilter -> nftables. Lots of improvements and new features added.
1661[21:17:02] <mbnt> ratrace, It had to to with getting proprietary drivers to work on Debian for video editing/blender. Opencl is needed. You cannot get it in Debian.
1662[21:18:47] <mbnt> ratrace, Because there are proprietary drivers tied in with it, only very specific distros are supported by the developers. Even then, the supported distros have problems.
1674[21:23:11] <ratrace> this is all volunteer support on best effort basis. sometimes you get an expert, sometimes you get a less experienced answer but still willing to help.
1677[21:24:41] <mbnt> ratrace, If you post a dated link with comments that indicate the 'solution' does not work, then maybe you should not post that link.
1681[21:25:24] <mbnt> ratrace, Also, if that has to do with proprietary software.
1682[21:25:56] <tomreyn> it was probably not on purpose. either way, you chose to apply what was suggested on your system.
1683[21:26:42] *** Quits: endstille (~endstille@replaced-ip) (Quit: I'll be back.)
1684[21:26:55] <mbnt> tomreyn, that's the problem, isn't it?
1685[21:27:03] <mbnt> too much trust.
1686[21:27:22] *** gh00p_ is now known as gh00p
1687[21:28:21] <BazookaTooth> right... then if your solution would be to ban people that are helping you look for answers, it's probably a good thing you can't. besides this is the internet, where you should be using caution in the first place
1690[21:29:50] <mbnt> BazookaTooth, channels are generally places where people who know give information. This is a bit more than not knowing, this is a piece of bad information.
1691[21:30:26] <BazookaTooth> why are you assuming everyone in this channel that speaks up is an expert?
1694[21:31:23] <mbnt> BazookaTooth, This is a very specific area of knowledge I would not expect someone to speak about if they knew what they were talking about.
1703[21:38:00] <mbnt> pileofstraw, Sort of different from speaking about something you never implement for yourself.
1704[21:38:03] <sney> you can always tell whether I'm speaking from expertise or just trying to help figure something out by how much I use the word "probably"
1705[21:38:30] <sney> some people aren't as readable, but no free support from irc is guaranteed or warrantied in any way
1723[21:44:56] <sney> well, debian being a free OS, the files that are in the packages are available to you whether you're running debian or not. that one in particular is here: replaced-url
1724[21:45:13] <greycat> I should've told eir to wait more than the default time period on this one. Oh well.
1725[21:45:15] <sney> I believe there is also a page on wiki.debian.org for general artwork.
1741[21:51:47] <dpkg> from memory, sid is the codename for <unstable>, named after the kid in Toy Story that breaks toys. The great thing about running sid is that when it breaks, you get to keep ALL the pieces!!
1742[21:51:53] <egrain> oh, unstable.
1743[21:52:16] <egrain> i'm sure there is a youtube video somewhere explaining how sid was actually the good guy.
1744[21:52:39] <egrain> oh, right i remember. because he was not hurting living things. how was he supposed to know that the toys were alive?
1745[21:52:51] *** Quits: jerry (~jerry@replaced-ip) (Ping timeout: 260 seconds)
1746[21:53:02] <greycat> Even wanton destruction of property is not a good guy thing.
1747[21:53:22] <egrain> anyway, how do i find plymouth-themes of this sid character?
1748[21:53:30] *** Joins: jerry (~jerry@replaced-ip)
1768[21:57:01] <annadane> it took me the longest time to realize that sid takes precedece over stable in a sources.list so even if you install something that doesn't have a bunch of deps (though it's still a bad thing to do in practice regardless for various reasons) then it will start pulling other things from unstable... i think
1850[22:44:58] <r3> I am trying to pass either "--foo" or "" (nothing) to another command but " shuf -n1 -e '' '--foo' " has "shuf" complaining that it doesn't like "--foo" ... how do I "escape" that syntactically ?
1858[22:48:29] <r3> hmm, I think I can instead place those two options into a file, and have shuf read it from there rather than using -e on the command line :)
1872[22:52:40] *** Quits: null1337 (~WhoAmI@replaced-ip) (Quit: If you're not living on the edge, you're taking up too much space)
1873[22:53:11] <r3> yes, I've read the man page for it (I wouldn't dream of asking in here if I hadn't first), but am not understanding why your solution works when shuf -e '' '--foo' doesn't
1874[22:53:38] <greycat> because you need -- to terminate the OPTIONs and start on the ARGs
1875[22:54:02] <r3> OH! ok, that makes sense!
1876[22:54:22] <r3> I wonder if I've used that in the past and not quite known what it does
1878[22:54:55] <r3> thanks a bunch for pointing that out!!
1879[22:54:57] <greycat> !--
1880[22:54:57] <dpkg> [--] commonly the end of arguments delimiter for GNU or GNU like utilities. It disambiguates between a literal "--" and arguments. Eg, rm -- --help will remove "--help" from the current directory.
1881[22:55:13] <r3> that makes perfect sense
1882[22:55:21] <r3> !-
1883[22:55:21] <dpkg> well, - is this something later than 10-10-01 source ?
1884[22:55:50] <greycat> some commands use - to mean "stdin or stdout". cat and tar are two examples.
1885[22:56:24] <r3> yes, I've done that before but was hoping for a nice explanation as with '--' :)
1897[23:02:43] <r3> problem with being a polymath autodidact is that there are occasional gaps in your knowledge - or it could be that I'm getting old and just didn't remember that tidbit :) In any case, thank you very much greycat :)
1904[23:04:51] <greycat> one other thing you might need to store in your subconscious: in regular POSIX/Unix commands, the first argument that doesn't start with - will typically act as an implicit end-of-options flag. But GNU likes to "help" you by looking past that for other args that start with -
1905[23:05:27] <greycat> So a command like "ls -l foo -c" will successfully list files named foo and -c on Unix, but not on GNU.
1936[23:35:08] <lowhope> Hi. I'm using the netfilter-persistent service to set iptables rules on startup. However, one rule mentions a nonexistent ipset which fails. What would be a good place to put the ipset command to create the set on startup before netfilter-persistent startup runs?