13[00:06:03] <dpkg> i guess fbcon is a graphics driver built into the kernel that accesses the video cards memory directly in a linear io, framebuffered X is just a way of using that kernel's framebuffer for graphics instead of the application itself having to know how the card works.. executive summary: it's hardware abstraction of the video, or slow, slow, slow... ask me about <fbcon resolution>.
14[00:08:44] <gribouille> how can I know if framebuffer is active?
90[01:04:53] <nvz> pretty sure logical sector size is the same thing
91[01:05:19] <analogical> nope
92[01:07:59] <nvz> well none the less you can fret about teminology all you want but I am fairly certain nothing in this entire OS is going to tell you "cluster size" because nothing calls anything that
93[01:08:12] <nvz> it uses blocks and physical/logical geometry terminology
94[01:08:41] <nvz> so whatever metric you're looking for you need to figure out what alternate term you're comfortable with calling it
95[01:10:29] <nvz> my /dev/sda1 is ext4 and dumpe2fs says block and fragment size is 4096, blkid -i says MINIMUM_IO_SIZE="4096"
98[01:10:58] <nvz> I'm reasonably certain if you were to grep the entire source code for everything in debian, you wont find the word cluster used the way you use it anywhere
99[01:12:56] <nvz> afaik the term cluster as pertains to a filesystem as you use it, means the minimum size or fragment size of data within the filesystem
100[01:13:02] <nvz> thats exactly what these values are
101[01:13:10] <nvz> we just don't call it that
102[01:14:18] <nvz> and the reason we don't use such terms is because we are not so narrowly scoped.. we support a TON of filesystems which all work VASTLY different.. some dont even have a static size like this
103[01:14:30] <nvz> some dynamically size these "clusters"
109[01:15:45] <nvz> I say this because I used and supported windows a long time.. then I found debian and been using and supporting it about as long now.. and I haven't heard that term since I made the switch
110[01:15:50] <flayer> why does it get so nuts sometimes
111[01:16:53] <nvz> because sometimes ya feel like a nut, and sometimes you dont :P
112[01:18:05] *** Quits: teclo- (42@replaced-ip) (Quit: Lost terminal)
157[01:59:06] <CarlFK> anyone know if there is a new version being worked on that respects and reports the versions of dependence
158[01:59:41] <nvz> near as I can tell based o wht this tool does, there is no reason for it to consider version
159[01:59:42] *** Quits: mortderire (~mortderir@replaced-ip) (Remote host closed the connection)
160[02:00:18] <nvz> its purpose is to find out based on lists of possible packages, which ones are common to them all to know which ones should be part of a "base" system
161[02:00:26] <nvz> the versions are irrelevant to that end
214[03:06:11] <dpkg> "Does anyone have X or use Y?" is taking a poll, not asking a good question that IRC helpers can answer. Don't do it or sussudio's army of militant badgers will hurt you. Also see <ask> and <bad polls>.
244[03:33:40] <sney> I guess if it was as simple as 'apt install qtile' they wouldn't be so lost. and I see they left, too.
245[03:34:40] <genr8_> hes a moron. the install guide is right here replaced-url
246[03:37:27] <sney> the debian instructions on that page refer to a 'qtile' package that does not exist.
247[03:37:39] <sney> building python stuff from source is relatively straightforward once you know what you're looking at, but understandably daunting for a newbie
248[03:37:48] <sney> regardless, their vague-ass questions did them in, clearly :P
286[04:47:07] <foul_owl> How do I find the chipset for a bluetooth device if lspci is not showing it? (I'm guessing lspci isn't showing it because the driver or firmware isn't installed, but I can't determine that until I know the chipset)
287[04:47:19] <nvz> lsusb
288[04:47:22] <mesaboogie> some are lsusb
289[04:47:26] <nvz> most bluetooth devices are usb
290[04:47:42] <dvs> lsrs232 ;-P
291[04:47:48] <foul_owl> Thank you! Even if it's internal to the device?\
292[04:47:55] <mesaboogie> yes
293[04:48:05] <foul_owl> Thank you :)
294[04:48:05] <nvz> foul_owl: even if its on the exact same chip as the pci wifi
342[05:26:44] <icypee> and go onto youtube and skip ahead in the video
343[05:26:55] <icypee> the browser freezes
344[05:27:04] <icypee> do you guys know how to fix that?
345[05:29:20] <somiaj> hmm, dno't see any bug reports that match that behavior.
346[05:29:51] <icypee> should i run it in the terminal?
347[05:30:17] <alex11> (i'm not joking when i say this) google is known to optimize things for chrome and deride everything else
348[05:30:23] <alex11> whether that's the problem here, i don't know
349[05:31:39] <icypee> ** (WebKitWebProcess:3): WARNING **: 23:31:02.332: WebKit wasn't able to find the GL video sink dependencies. Hardware-accelerated zero-copy video rendering can't be enabled without this plugin.
353[05:33:58] <icypee> so nothing i can do about it?
354[05:34:01] <somiaj> and stable is older than those fixes, so sounds like you should use another browser.
355[05:34:30] <somiaj> well you could compile newer versions yourself, but I'm not seeing any easy solution in debian stable. Though I also didn't find any bug reports related to this, but I only looked at the browser, not webkit or gstreamer
361[05:36:51] <somiaj> I'm not seeing any clear path, and depending on depednecies it may not be a simple thing, as you'll have to backport both webkit gtk and gstreamer. Due to other things that also depend on these, I dn't see it as an easy one or two package fix
362[05:37:06] <somiaj> flatpak might work if you trust them, as it should contain newer versions of all the libs and leave your debian system alone
363[05:37:35] <icypee> o so if i compiled the new version it probably wouldn't help?
364[05:39:26] <icypee> i think i might just stay on chromium until ungoogled chromium gets fixed
365[05:41:46] <icypee> actually i could use iridium
366[05:42:08] <somiaj> I don't know how much work is going to be required as other things depend on the libaries gstreamer and webkit, so updating those could be a bit of work to ensure you do it correctly and remain compadable with other software
371[05:43:15] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
372[05:43:17] <somiaj> what do you mean its google? What makes chromium ungoogled? chomrium in debian doens't contain any googles branding or non-free stuff in it
373[05:44:55] <imMute> yeah, isn't "googled chromium" called "chrome" ?
374[05:46:32] <somiaj> well google does a lot with the chromium codebase, so there is that, but I'm unsure how you would ungoogle that, since google has put so much into the open source base they build chrome on
375[05:46:48] <somiaj> I mean chroium has always been the opensource base chrome was built on top of with google's branding and additional non-free stuff
376[05:47:53] <somiaj> If it is specific features that you don't like, might want to check, debian does disalble some of them that are against debian's policy and DSFG, though google/chromium does sneak stuff in there ocasionally, but usually there is a bug report around that
378[05:49:13] <somiaj> "ungoogled-chromium is Google Chromium, sans dependency on Google web services." Some of that stuff is disabled in debian, though often it takes bug reports and time, and I"m not sure on the exact details of what debian disables
387[05:53:35] <n4dir> i'd assume that google has put quite some effort in other browsers too. And if you go down deep enough in that rabit hole, you would find it.
391[06:04:35] <nvz> browsers have just gotten ridiculous anymore
392[06:05:02] <nvz> when you need a bunch of extensions just to browse the web without being harassed, you know things have gotten out of hand
393[06:05:25] <n4dir> exactly.
394[06:05:54] <nvz> the thing where it keeps you from leaving a page, the notification from pages, the ability to popup or open other windows, etc, etc.. are all just features most people don't even want
416[06:38:21] <nvz> yeah I came to the same conclusion and even started coding to that end, but haven't gotten anyone to help yet
417[06:39:15] <nvz> I'm not really a coder.. more a dabbler.. I could use the help of somsone better able to lay out the framework for a saner design than what I call, my APOC *(Atrocious Proof Of Concept) code
418[06:39:59] <nvz> my idea is to use a link handler.. that can take links from irc, web, email, anywhere, pre-process them, dispatch various other programs to deal with them..
420[06:41:09] <nvz> open yt links with the video in a program of your choice, pre-parse news articles and open them in a program of your choice.. which is all my APOC code does.. but the idea is to have a complete framework for handling all kinds of web content with the core features of a browser, history, bookmarks, etc.. without having to involve a browser
421[06:42:10] <nvz> the idea is to hook into the mime handling of your system itself and handle links from anywhere and show you what you want to see the way you want to see it
453[07:19:34] <Lope> I've got a host i5 4670k and a guest in KVM, both running 4.19 kernel. When I suspend my host *while* the VM running (idling), the VM goes to shit afterwards. Not entirely, it still "works". But it runs slower, sometimes incredibly slow if I've suspended the host many times over a few days. And if I have suspended the host while the VM was running: when I shut down the VM, I get all kinds of kernel errors in the VM's terminal. Would I benefit from pausing the
454[07:19:34] <Lope> VM before I suspend the host? Or is suspend just a problem regardless?
455[07:20:34] <nvz> o.O
456[07:21:47] <nvz> what would make you think that this should even work at all?
457[07:22:06] <Lope> nvz, you mean suspend, or suspend with a VM running?
458[07:22:36] <nvz> yeah.. what would make you think a normal use case of virtualization is to suspend the host while the guest is running?
459[07:22:47] <Lope> I would expect that KVM has an awareness of what the host is doing, and would pause the VM automagically as well.
460[07:22:56] <nvz> I see..
461[07:23:01] <Lope> I mean if the host stops, it can't realistically expect the guest to keep running.
462[07:23:09] <nvz> I would expect that someone virualizing an OS wouldnt even BE suspending
463[07:23:22] <Lope> I work in a VM.
464[07:23:33] <nvz> I'm sorry to hear that
465[07:23:42] <Lope> haha
466[07:23:45] <nvz> heh
467[07:23:58] <doubletwist> It makes sense to think that if the host is *suspended* - that would include keeping the memory state of anything running on the host, which I admit I would expect to include the VM itself
468[07:24:00] <Lope> My VM is "my computer"
469[07:24:46] <Lope> I've got a crapton of hard drives connected to my host, so I suspend so they get some rest over night etc.
470[07:24:55] * nvz sicks Microsoft's lawyers on lope for using the
471[07:25:04] <nvz> "my computer"
472[07:25:21] <Lope> LOL has microsoft trademarked "my computer" hahahahha?
473[07:25:26] <nvz> idk, probably
474[07:26:03] <Lope> Interestingly, my PC uses roughly the same power while idle as while suspended anyway.
475[07:26:07] <nvz> seriously though I dont have a ton of experience with VMs, I only use them occasionally for volunteer support here.. but your use case sounds crazy to me
476[07:26:31] <nvz> I would never even think to suspend a computer while its virtualizing another computer
477[07:26:31] <Lope> Because the IME keeps running at full tilt regardless and that's what seems to consume 50W regardless of whether the PC is running idle, suspended, or off.
478[07:26:50] <Lope> So the only purpose that suspend serves is my hard drives stop spinning.
479[07:26:52] <nvz> and I'd imagine most the people coding this stuff wouldnt think you would either
480[07:27:14] <nvz> you do realize you can stop a disk without suspending right?
481[07:27:27] <Lope> Gotta love that intel backdoor spyware eating 50W 24/7. So important.
482[07:27:37] <nvz> of course y'know.. you gotta stop using it too..
483[07:27:43] <nvz> or else its gonna start right back up
484[07:27:52] <nvz> but you can certainly stop it anytime you want..
485[07:28:14] <nvz> doesn't make it a good idea.. because parking and revving up a disk is a wear
486[07:28:23] <nvz> just as much as it running is
487[07:28:37] <joze> this web thing requires php 7.4
488[07:28:40] <joze> damn
489[07:28:44] <Lope> nvz, yeah, I suppose that's a better alternative. But I'm not sure if ZFS will play ball with suspending all the disks.
490[07:28:55] <Lope> It might just decide to spin them up again when it farts.
491[07:28:58] <joze> when will testing be stable? :)
492[07:29:12] <nvz> joze: probably another year at least, but you can place your bets now
493[07:29:14] <Lope> I'll ask the ZFS entorage.
494[07:29:30] <joze> +is it like horse betting?
495[07:29:54] <nvz> idk that anyone has done it lately but in the past we've made a game of betting when the next release would come
558[09:42:12] <ratrace> Anyone using SpamAssassin? Are your sa-update(s) failing with "/var/lib/spamassassin/3.004002/updates_spamassassin_org/1881814.tar.gz" missing ?
577[10:15:01] <hundfred> hi, i want to use the free space on a debian-live on flash drive, but the partition layout i found on the stick confuses me : replaced-url
583[10:20:35] *** Joins: mezzo (~mezzo@replaced-ip)
584[10:20:58] <nvz> what confuses you?
585[10:21:02] <genr8_> thats not an accurate partition layout. MBR/GPT probably.
586[10:21:47] <somiaj> !hybrid images
587[10:21:47] <dpkg> Since the 6.0 "Squeeze" release, Debian installation images for x86 systems - e.g. <netinst>, <CD1>, DVD1 - are hybrid images. These can be written directly to CD or HD Media (e.g. USB thumbdrive) without further preparation. See replaced-url
588[10:22:12] <somiaj> arg, they are also efi/legacy enabled, so the partition table is not standard
636[11:22:16] <Lope> I'm trying to generate known_hosts, but it doesn't seem to use a simple fingerprint as the fingerprint (the last item on each line). it seems to hash it or something, because the fingerprint does not even exist in plain-text in known_hosts. Any ideas?
637[11:22:26] <Lope> And this has nothing to do with HashKnownHosts.
657[11:47:27] <Lope> AndreasLutro, thanks bud, I've been looking into it. I see that the last item is actually the entire public key, not a fingerprint of it.
658[11:47:47] <Lope> AndreasLutro, I'm trying to figure out how to show the public key using ssh-keygen, any ideas please? :)
670[12:00:27] <Lope> AndreasLutro, I don't see the point of ssh-keyscan though, all it can possibly do is confirm someone has MITM'd your connection. Other than that, as far as I can tell, it's totally useless.
671[12:00:39] <ratrace> !xy
672[12:00:39] <dpkg> Slow down for a bit! Are you sure that you need to jump through that particular hoop to achieve your goal? We suspect you don't, so why don't you back up a bit and tell us about the overall objective... We know that people often falsely diagnose problems because they are too close to them -- it's easy to miss that there is a better way to proceed. See replaced-url
673[12:00:55] <Lope> hi ratrace
674[12:01:08] <ratrace> o/
675[12:01:29] <ratrace> so what are you _actually_ trying to achieve?
676[12:01:32] <Lope> All good bud I solved my issue. Turns out I was making a mistake. I was thinking I was typing ssh-keygen but I was actually typing ssh-fingerprint LOL
677[12:01:42] <Lope> bad autopilot brain.
678[12:02:18] <ratrace> heh
679[12:02:39] <Lope> ratrace, there are a few servers, that I have the fingerprints for, and wanted to populate known_hosts with them
680[12:02:58] <Lope> but I only learned recently that known_hosts doesn't actually store fingerprints. it stores public keys.
681[12:03:03] <ratrace> yeah
682[12:03:29] <Lope> ratrace, have you tried running desktop applications inside LXC?
683[12:03:39] <ratrace> long time ago
684[12:03:45] <Lope> hmm. Ok
685[12:03:49] <ratrace> why?
686[12:04:09] <Lope> Well, I tried ClearLinux in a VM recently and was impressed by it's insanely fast boot time.
687[12:04:23] <Lope> But then discovered it's repos are miniscule.
688[12:04:35] <ratrace> CL is artificial construct, and experiment by Intel, tho
689[12:05:05] <Lope> yeah, because there's not much software available for it, I'd need to actually run debian in LXC
690[12:05:12] <Lope> for stuff that's not available in CL.
691[12:05:21] <Lope> (which is 90+% of software haha)
692[12:05:31] <Lope> Just experimenting.
693[12:06:44] <ratrace> that would totally defeat any speed benefits of CL; as you're left with only the kernel from CL, your entire userspace around a containerized program would be from the container
694[12:07:12] <Lope> ratrace, I realize that. Basically I'd get the speed benefits of the kernel and whatever software CL offers, which isn't much.
710[12:09:27] <ratrace> you need to bind the xorg socket either from the host or from another container running xorg, you need to bind /dev items for dri/nvidi/gpu thingies, audio devices, and input
711[12:10:02] *** Quits: dselect (~dselect@replaced-ip) (Quit: ouch... that hurt)
712[12:10:07] <Lope> when you say input, you mean audio input?
713[12:10:16] <Lope> and webcam
714[12:10:18] <ratrace> I mean /dev/input/
715[12:10:24] <Lope> (not keyboard and mouse surely)
716[12:10:24] <Lope> ?
717[12:10:35] <ratrace> well yes, your xorg needs the devices
718[12:10:35] <Lope> because that would negate the security benefits
719[12:10:48] <ratrace> Lope: duh, Xorg is one big negation of security benefits.
720[12:11:03] <Lope> well if you give the container access to your input devices, then they can just keylog everything.
721[12:11:04] <ratrace> but _something_ > nothing, so it's not totally futile
725[12:12:03] <ratrace> Lope: but YES, even if you isolate and containerize like that, xorg being xorg, it's possible to exploit it and break through containment through xorg APIs
726[12:12:07] <Lope> so if you want to run semi-malware in a container securely, I thought you could run *just* an application without running an entire DE and xorg etc inside the container?
788[12:25:24] <ratrace> infact, it requries USERNS and that's traditionally a very vulnerable part of the kernel
789[12:25:27] <oxek> Lope: I run skype, zoom and all the other proprietary apps in either firejail or flatpak (bubblewrap) sandbox, with a separate x11 server using xephyr so that they cannot perform keylogging
801[12:29:09] <oxek> on linux, all the apps you run are inherently trusted, that's how it was designed.
802[12:29:25] <oxek> hence, don't run untrusted apps
803[12:29:27] <Lope> oxek, do you have any reading materials for using xephyr for this purpose? I see the wikipedia page doesn't mention your use case of it.
805[12:29:59] <oxek> 1) start xephyr 2) start an app in xephyr?
806[12:30:11] <ratrace> xephyr is just false sense of security. the kernel is most vulnerable and all your apps are sharing it. if you _know_ you're running malware... just don't share the kernel with it
807[12:30:11] <oxek> if you use firejail, then it has --x11=xephyr option
808[12:30:35] <oxek> ratrace: kernel exploits are harder than x11 exploits
810[12:30:52] <ratrace> oxek: I'm not so sure in 2020
811[12:31:02] <ratrace> kernel security has really deteriorated
812[12:31:04] *** Quits: bubi67 (~klo_jnk@replaced-ip) (Read error: No route to host)
813[12:31:04] <oxek> true, we don't have any certainties left in 2020
814[12:31:39] <oxek> in any case, x11 is full of holes, wayland aims to fix that but wayland is still not useable for many things
815[12:31:59] <Lope> ratrace, oxek has a point about x11 exploits though. Which makes me think you should run lots of stuff in xephyr
816[12:32:23] <oxek> Lope: or just don't run untrusted apps?
817[12:32:32] <Lope> oxek, "oxek> if you use firejail, then it has --x11=xephyr option" do you mean you must have xephyr installed to be able to use firejail with it's default settings?
818[12:32:39] <ratrace> Lope: but it's less protection than a full VM can give you
819[12:32:45] <ratrace> so why settle with mediocre?
820[12:33:07] <oxek> Lope: firejail does not utilize xephyr by default in any of its profiles
821[12:33:07] <Lope> oxek, oh, my bad, I misunderstood. I get what you're saying now.
823[12:33:44] <Lope> ratrace, I agree with you 100%. Surely skype inside xephyr filefail inside a VM is better than running the latter on the host.
824[12:34:25] <oxek> x11 security extension < xvfb < xephyr with firejail or flatpak < linux containers or docker < vm < another physical machine < another physical machine disconnected from anything
825[12:34:26] <Lope> ratrace, I was thinking in terms of running non-malware in firejail by default.
826[12:34:42] <Lope> Because for example, let's say you open a bad PDF, now it malware's your whole X11 session.
827[12:34:44] <oxek> throw in some namespaces and cgroup implementations somewhere in there
828[12:35:10] <oxek> Lope: don't open bad PDFs then?
829[12:35:19] <ratrace> well how do you know they're bad
830[12:35:32] <Lope> ratrace, so to be clear, I'm thinking a VM (or better a separate PC) for malware like skype and zoom etc.
831[12:35:34] <ratrace> if you knew something was malware, then security would be moot: just don't run it. lol
832[12:35:37] <oxek> if they come by email, they are bad. If they are on some random webpage, then they are bad.
833[12:35:47] <Lope> And then firejail and xephyr for all normal open source stuff.
834[12:35:57] <ratrace> Lope: don't forget the browser. that's the most likely intrusion vector
835[12:36:07] <oxek> Lope: or just use qubes-os, it has debian as one of the machines
836[12:36:32] <Lope> ratrace, yeah, I agree. it seems that browsing in a VM would be best. Before I didn't want to hassle with it, but I've been working with VM's more lately and don't think it would be too bad.
837[12:36:36] <ratrace> I woulndn't trust qubes. not with the amount of xen vulns reported monthly
838[12:36:50] <Lope> Also if you browse with a VM it would make fingerprinting harder.
839[12:37:13] <oxek> qubes is still better than running a browser without qubes
840[12:37:18] <Lope> especially if you use a windows VM or whatever.
841[12:37:27] <ratrace> Lope: not necessarily. if your VM has persistence, then it's the same thing
842[12:37:45] <oxek> I don't believe running qubes exposes you to more problems than not running it
843[12:38:09] <ratrace> oxek: probably not, but it definitely _does_ expose you to more than they claim
844[12:38:17] <Lope> ratrace, well, if I used a VM for browsing I'd make it revert snapshot on shutdown.
845[12:38:31] <oxek> if you're at the point where you can exploit xen, then you'd already have some way of exploiting the stuff below xen - hence you could exploit a normal debian installation
846[12:38:36] <ratrace> ie. "You had one job". or.... tool designed for security is by its nature insecure, etc...
849[12:39:12] <Lope> ratrace, but ofcourse one would need a way to update the browser and then update the snapshot.
850[12:39:25] <oxek> Lope: take some time off, sit down, think, and write down your threat model. Then prepare accordingly.
851[12:40:27] <Lope> The threat model is rather large if you're thorough.
852[12:40:32] <ratrace> Lope: it all comes down to the balance of probabilities. like oxek said, how likely it is to subvert xen to begin with, etc...
853[12:41:05] <ratrace> and with that balance, running untrusted stuff in VMs suffices. you can rollback images on shutdown, and have separate update runs without firing up the untrusted apps, to update the images, etc...
854[12:41:34] <Lope> ratrace, yeah that's easy enough to do.
855[12:42:32] <oxek> it's sad to say, but if security is really important to you, then perhaps debian is not the distro for you. Debian does not have the latest updates.
856[12:43:00] <oxek> yes, debian tries to backport security fixes, but it does not get new security features
857[12:43:02] <Lope> debian does run a little old I agree.
858[12:43:20] <oxek> also, bugfixes are not backported, and a lot of bugfixes are security fixes too, they just aren't labelled as such
859[12:43:29] <ratrace> unfortunately
860[12:43:45] <Lope> it's funny this whole conversation started with me asking about running debian in LXC to be able to use a different distro that has less software available.
861[12:44:15] <ratrace> the kernel devs are even recommending everyone run the latest mainline, because they can't be bothered with labelling every bugfix as security fix, where needed
865[12:44:51] <Lope> It seems like if you want stuff to be secure you need stuff to be stateless with everything isolated etc.
866[12:45:16] <ratrace> no, you just need good defense in depth. there's no single holy grail in security.
867[12:45:24] <oxek> to be fair, if it was up to me, I'd rename "debian stable" to something else. Because a lot of people think that the word "stable" refers to "does not crash, gets bugfixes" but that's simply not true
868[12:45:25] <Lope> what kernel do you guys recommend to run with Buster?
869[12:45:34] <Lope> I'm still on good old 4.19
870[12:45:54] <ratrace> I'm using that too
871[12:46:15] <oxek> Lope: default kernel unless you have hardware that requires newer kernel
872[12:46:34] <ratrace> having been bitten by sns, I refuse running non-lts kernels that aren't at least .10 old, or even more in same cases
873[12:46:55] <Lope> ratrace, I've not been experimenting with dropbear for a while, but did you see that it got ed25519 support?
876[12:47:08] <oxek> I have a machine that can't even boot with the newer kernel
877[12:47:32] <Lope> ratrace, sns?
878[12:47:33] *** Quits: mezzo (~mezzo@replaced-ip) (Quit: leaving)
879[12:47:39] <ratrace> !sns
880[12:47:39] <dpkg> Shiny New Shit Syndrome is a serious disorder, which usually breaks out into an epidemic every time something new is released. If you have SNS, ask me about <backports> and <ssb>; these are better options than upgrading to <testing> because it is a <moving target>.
910[12:56:02] <akik> i ran into a weird problem with booting debian buster from a usb stick with grub using hd-media vmlinuz and initrd.gz. if the debian buster iso debian-10.5.0-amd64-netinst.iso is in the same directory on the usb stick than ubuntu-20.04-desktop-amd64.iso, the ubuntu iso gets mounted as /cdrom in the debian buster installer and then the installer fails. if i then remove the ubuntu iso from that directory and
911[12:56:08] <akik> boot again, the debian buster installer works fine
912[12:56:19] <Lope> ratrace, that's true, although if you break your bootup process then you're SOL.
913[12:56:48] <efloid> just upgraded to f2fs for main filesystem. when booting i see a lot of repeating messages "Begin: Running /scripts/local-block ... done." before the system eventually boots. any idea what this is?
917[12:57:50] <Lope> ratrace, do I remember correctly that you also use gentoo? or was that someone else?
918[12:57:57] <ratrace> I use gentoo too yes
919[12:58:33] <Lope> ratrace, is it possible to compile your debian kernel optimizing it for newer CPU's similar to what clearlinux does?
920[12:59:14] <Lope> (I've compiled kernels before, to fix driver issues... but didn't do any performance changes)
921[12:59:47] *** Quits: pk (~pk@replaced-ip) (Quit: Lost terminal)
922[13:00:11] <Lope> <ratrace> Lope: or no ssh at all, but a custom initramfs that fetches the key from somehwere <Lope> ratrace, that's true, although if you break your bootup process then you're SOL.
923[13:00:14] <ratrace> Lope: sure but you're asking the wrong question
925[13:01:02] <ratrace> Lope: "debian kernel" is just vanilla kernel + some debian specific patches. CL kernel is just vanilla kernel with some CL specific patches AND compiler shenanigans.
926[13:01:40] <Lope> okay, so can we do the compiler shenanigans on the "vanilla kernel + some debian specific patches"
927[13:01:48] <ratrace> so of course it's possible but then you're turning debian into CL ... because debian is just a collection of software developed elsewhere, integrated into a whole with some custom modifications
928[13:02:05] <Lope> Truth be told. Last time I compiled an x86_64 kernel it was for ubuntu. And they've got their own git repo if you want to compile the "ubuntu kernel"
929[13:02:13] <Lope> I assumed debian would have something similar.
934[13:03:59] <Lope> so is it trivial to reproduce CL's compiler shenanigans on the "debian kernel"?
935[13:04:59] <Lope> Another crazy question!!! *hold on to your seat* Since you can run debian in a CL chroot. Could you just boot a CL kernel with a debian rootfs?
939[13:05:54] <ratrace> Lope: maybe. but something tells me you'd be disappointed with performance gains
940[13:06:16] <Lope> ratrace, well I've used CL in a VM and it feels snappy as hell.
941[13:06:36] <Lope> but of course that's EVERYTHING compiled with the shanigans, as you mentioned.
942[13:07:06] <ratrace> and that's the most important bit here.... kernel itself is likely not a significant contributor to the speedups
943[13:07:19] <Lope> ok. thanks.
944[13:12:33] <ratrace> oxek: "debian tries to backport security fixes, but it does not get new security features" -- you mean for the kernel or userland too? anything specific as example?
945[13:13:09] *** Quits: platvoeten (~platvoete@replaced-ip) (Remote host closed the connection)
946[13:13:13] <ratrace> I mean, it follows from the nature of "Stable" (API/ABI stable) that new features aren't introduced, with some exceptions, but I was wondering if you had something specific in mind here
947[13:13:52] <Lope> ratrace, oxek: what were you guys referring to when you said your confidence in the security of the linux kernel is diminished in 2020?
948[13:14:15] <oxek> ratrace: kernel and userland.
949[13:14:43] <oxek> specific for userland, for example new security features are not backported to esr versions of firefox
950[13:14:54] <ratrace> Lope: linux (kernel) security is terrible. pretty much the opinion of any researcher who bothered looking
951[13:15:14] <oxek> software security is terrible
952[13:15:34] <ratrace> Lope: a lot of bugs, unlabelled bugs, not backported, and terra-ton of new code coming in, with new bugs, each release
954[13:15:45] <Lope> well, terrible should be a relative adjective in that sentence, surely?
955[13:16:05] <Lope> I mean windows has been exploited many more times than Linux?
956[13:16:16] <ratrace> and kernel itself has little security-specific features because Linus thinks infosec people are "masturbating monkeys". so in that part, grsec/pax is telling the truth.
957[13:16:21] <Lope> (times meaning number of distinct exploits)
961[13:16:37] <oxek> Lope: linux & windows are pretty much on par in terms of kernel security
962[13:16:48] <ratrace> Lope: there's no way to know that as windows is not open for audit and a public CVE list
963[13:16:50] <oxek> most security issues in windows are not due to the windows kernel
964[13:17:16] <oxek> ratrace: we do know however which files get patched in windows security updates, and see that those patches rarely update kernel files
965[13:17:46] <ratrace> oxek: you also don't see the ones they sit on using obscurity as a shield
966[13:17:53] <oxek> it's always some windows service whenever it is a big security bug in windows, it's not the kernel
967[13:18:03] <Lope> interesting. well one aspect of linux kernel's philosophy which seems harmful to security is the idea that it must be infinitely backwards compatible.
968[13:18:04] <ratrace> but anyway, window security definitely improved with w10.
969[13:18:08] <oiaohm> oxek: it is not as straight forwards as that.
970[13:18:19] <Lope> So software compiled to work on a 2.6 kernel must work on a 5.x kernel.
971[13:18:29] <oxek> Lope: I think you mean windows. Windows is infinitely backwards compatible.
972[13:18:35] <Ede|Popede> oxek: or they'll just don't tell you when it is the kernel
973[13:18:39] <Lope> But that seems retarded since 99.9% of linux software is open source and in repositories etc.
974[13:18:56] <ratrace> oxek: they mean "never break userspace" mantra of kernel devs
975[13:19:13] <oiaohm> oxek: there are a lot of thing that fixed kernel level in Linux that windows fixed in windows API alterations this leads to a race of user space patches over and over again.
976[13:19:17] <oxek> never break userspace != forever backwards compatible
977[13:19:21] <Lope> surely if they broke backwards compatibility and made it optional to choose what drivers you want to compile, you could have a much smaller more secure kernel?
978[13:19:27] <ratrace> they're about to break it in 5.10 tho :) Avid fan of console scrollback? Prepare to get shocked!
979[13:19:43] <oxek> wait what's going on with console scrollback?
980[13:19:45] <Lope> also a smaller kernel would fit better into CPU cache so it would be faster as well.
981[13:19:53] <ratrace> oxek: technically true, but since there's no formal specification of the userland, it kinda comes out to that perpetual compatibility
982[13:19:53] <oiaohm> ratrace: console scrollback had a security flaw and no maintiner.
983[13:20:17] <ratrace> and now it's going away.
984[13:20:21] <oiaohm> ratrace: if you want to be the maintainer Linus has put it up for offer.
985[13:20:37] <ratrace> no, I don't care about it. just giving a userspace breaking example.
986[13:20:38] *** Quits: r1nt3c (~r1nt3c@replaced-ip) (Remote host closed the connection)
987[13:21:13] <oiaohm> ratrace: that not absolutely userspace breaking thinking screen/xterm.... can emulate it with userspace stuff.
988[13:21:21] <oxek> I'm gonna miss console scrollback
989[13:21:35] <oiaohm> Most of the time I am not going to miss it.
1024[13:26:15] <ratrace> and if GKH backports it, then the next question is will Debian patch it back IN!
1025[13:26:51] <Lope> oiaohm, well one can jump through hoops to install anything, but that's not the point.
1026[13:26:58] <oxek> to be fair, I don't expect linus and other people around him to stay in charge of the kernel for long. Probably gone by the end of 2020, and someone new will step up. Perhaps even the license will change to gpl3, or gpl4 will be invented.
1041[13:30:30] <ratrace> oxek: no I mean the commend about linus and friends leaving the kernel by the end of 2020
1042[13:30:57] <oxek> ratrace: he and people around him make others feel uncomfortable, and that's not allowed anymore in 2020
1043[13:31:22] <oxek> they are one false sexual misconduct allegation away from being gone
1044[13:31:27] <ratrace> he ain't going anywhere
1045[13:32:08] <oxek> I'd prefer him to stay too, but it's not up to me
1046[13:33:46] <ratrace> if, hypothetically, that happened, it'd just be another fork. business as usual.
1047[13:34:08] <aaro> oxek: in what source do you base for that info?
1048[13:34:40] <ratrace> it's literally impossible to remove linux from the kernel. it's _maybe_ possible to remove him from a specific _repository_ but so what. foss power. just use the repo which he will put up elsewhere. duh.
1049[13:34:47] <ratrace> to remove *Linus from the kernel
1050[13:35:44] <ratrace> if that happened.... the computing history will see schism like never before. and all the good stuff will go opposite the SJW
1051[13:36:15] <oxek> ratrace: what about the head of FSF being removed? that happened.
1052[13:36:51] <ratrace> the head of FSF did not directly control the most used single piece of software in the world
1053[13:37:33] <Ede|Popede> wouldn't this be IME these days?
1054[13:37:35] <ratrace> and removal of RMS from FSF did not remove RMS from spearheading development of software he was on even before.
1055[13:37:43] <oxek> aaro: which info are you looking for? That linus makes SJWs uncomfortable?
1056[13:37:55] <oiaohm> oxek: RMS case is is way different to Linus. Linus is only a head of a development project. FSF board you are technically head of a company.
1057[13:38:41] <aaro> oxek: you said linus is being removed from kernel development, that info
1058[13:38:53] <oiaohm> Linus did have to improve his language particularly if he wished to keep on visiting Australia and other places with strict rules against verbal/written abuse.
1059[13:38:53] <ratrace> ALSo..... FSF is a joke. so no biggie.
1060[13:39:46] <oxek> oiaohm: isn't the linux foundation related to linus?
1061[13:40:18] <oxek> aaro: I did not say that. I said I would not be surprised if he was removed by the end of the year.
1062[13:40:41] <ratrace> removed from _what_ exactly?
1063[13:40:45] <ratrace> the mailing list?
1064[13:40:49] <oiaohm> oxek: Linux foundation pays Linus wages but Linus himself is not on the board. Linus is techiclaly not in any human resources position
1065[13:41:05] <oiaohm> That right Linus technically does not manage staff.
1066[13:41:33] <oiaohm> Once you start managing staff on paper you have a lot more legal requirements about fair treatment and other things.
1068[13:41:42] <oxek> ratrace: removed = everyone cuts all ties with him, linux kernel development becoming controlled by someone else, him no longer reviewing patches or having anything to do with linux anymore
1085[13:46:39] <oiaohm> oxek: Person in a project management role proven to have done rape does not give the boss legal right to remove him from position. It would in fact be illegal to remove Linus from his current position with a false or real sexual misconduct allegation.
1086[13:47:07] <oiaohm> Linus legal position is very different since he is techically not in any human resources role.
1087[13:47:56] * abrotman wonders what he's wandered into ...
1088[13:47:58] <oiaohm> Yes the were able to push RMS out of FSF board but they could not push RMS off of any GNU project he directly managers either.
1089[13:48:08] *** Joins: chris (~chris@replaced-ip)
1090[13:48:27] *** chris is now known as Guest57112
1091[13:48:48] <oiaohm> oxek: basically there are limits on what can and cannot be done. You get real management power over humans you come way more simple to fire.
1092[13:49:11] *** Quits: Zarickan (~frederik@replaced-ip) (Quit: Lost terminal)
1094[13:49:44] <oiaohm> Fun way to get rid of someone who is badly behaved in a company promote them to a roll with real management power then kick them when they carry on with their past miss behavour.
1096[13:50:29] <oxek> "we fully accept the presumption of innocence, and to allow cooler heads to prevail we have taken control of all domains and repositories, appointed a new team to review patches, and all has been signed off by our corporate sponsors and large contributors while the investigation is ongoing"
1097[13:51:17] <oxek> nobody wants there to be two separate linux kernels, hence everyone would get on board this new team
1142[14:19:30] <Lope> linus should just make a youtube video of himself standing at his standing desk wearing a kilt and all false sexual misconduct allegations will go to /dev/null.
1143[14:20:50] <Lope> anyone here good with wireguard?
1144[14:21:14] <Lope> i tried connecting to a wireguard VPN but it's a totally foreign situation.
1145[14:21:26] <Lope> the routing table doesn't seem to get updated.
1146[14:21:53] <Lope> Openvpn I can understand, but no idea WTF is going on with wireguard. Basically once it's up, no traffic can go anywhere and I don't know WTF is going on.
1148[14:26:18] <Lope> ratrace, you badly quoted Linus when you said <ratrace> and kernel itself has little security-specific features because Linus thinks infosec people are "masturbating monkeys"
1149[14:26:27] <Lope> this is what he actually said replaced-url
1150[14:26:56] <Lope> which I don't think anybody can disagree with any of his assertions other than the arbitrary insult.
1154[14:30:28] <ratrace> Lope: but that's not the only commentary of his on the subject. the whole "security bugs are just bugs" stance and not labelling a lot of them is the biggest issue
1155[14:31:00] <ratrace> and then their argument is, like, why would you need specific labels, you should be using latest updates anyway
1156[14:31:17] <ratrace> that's GKH's but... in extension of Linus'
1159[14:36:47] <Lope> ratrace, I think you're misinterpreting what Linus meant. He explained his sentiment with an example. He said a security bug isn't more important than a bug that makes a system crash.
1160[14:37:09] <Lope> So you're extrapolating that to mean that he's saying a security bug isn't more important than a trivial bug, but that's not what he said.
1161[14:37:25] <ratrace> I'm not . the oss-sec mailing list community has been complaining that many bugs aren't labelled with a CVE
1162[14:37:36] <Lope> He's saying a security bug is as important as a crash bug.
1163[14:37:40] <ratrace> and GKH addressed that with a tl;dr -- use latest kernel
1164[14:37:55] <Lope> what's GKH?
1165[14:38:01] <Lope> oh yeah, I remember
1166[14:38:03] <Lope> hartman
1167[14:38:10] <ratrace> Greg Kroah Hartman, the lieutenant
1168[14:38:27] <tds> Lope: there's #wireguard for wg - but otherwise, a pastebin of the output of `wg; ip route; ip rule; ip route show table all` would be a good start
1237[15:06:39] <Lope> oxek, and enterprise doesn't care about security?
1238[15:06:39] <oxek> that's what I thought, debian9 is already in LTS mode only
1239[15:07:01] <oxek> Lope: security focused = qubes, whonix, etc.
1240[15:07:03] <Lope> cipherize, yeah, so I guess after that it could die.
1241[15:07:26] <Lope> oxek, okay, fair enough.
1242[15:07:27] <cipherize> Lope: That or they've been working on getting the RHEL 7 kernel ready.
1243[15:07:46] <oxek> enterprise focused = making it useable in enterprise, so security is often at odds with useability
1244[15:07:50] <Lope> cipherize, hard to say. But there must be millions of openvz containers running still.
1245[15:07:58] <cipherize> oxek: That's not really a useful comparison. End-user security obsessed is a completely different beast than an enterprise distro.
1246[15:08:21] <cipherize> Security is absolutely a focus for RHEL.
1247[15:08:41] <oxek> I'd say consistency of behavior is a focus for RHEL
1257[15:09:28] <cipherize> Statements based on faulty premises are themselves faulty.
1258[15:09:40] <Lope> cipherize, okay, well I agree with you.
1259[15:09:55] <Lope> I said RH is security focused, not security obsessed.
1260[15:10:10] <oxek> RHEL still doesn't have all the newest fixes for meltdown/spectre because it is not feasible to backport them to the earliest supported kernels
1261[15:10:11] <Lope> that would be a clearer definition.
1262[15:10:15] <oxek> hence, not security focused
1263[15:10:28] <Lope> cos you could say whonix and qubes is security obsessed.
1265[15:11:44] <Lope> speaking of meltdown/spectre... interesting that Intel slows down dramatically with mitigations enabled in windows, but AMD gets faster with latest CPU microcode (includes a few spectre mitigations for AMD)
1267[15:11:55] <cipherize> oxek: You're trying to apply an arbitrary and shifting definition to what "security focused" means. Shipping a distro with SElinux enforcing by default, native integration with deployable security profiles and shipping STIG-compliant profiles, definitely indicates that you're dead wrong.
1269[15:12:30] <cipherize> oxek: That is DEFINITELY security focused. That's why DoD uses RHEL and not some other product. And I'd know, I used to run a DoD datacenter.
1270[15:12:44] <Lope> deep.
1271[15:13:17] <Lope> if cipherize made a mistake he would have been exhiled.
1272[15:13:20] <oxek> I stand by my earlier statement that they are an enterprise-focused distro, where security is important to them, however security is often at odds with useability and they always go with being useable rather than secure when they need to make a choice between those two.
1273[15:13:32] <cipherize> oxek: Applying EVERY SECURITY FIX EVER isn't a reasonable action, even in the security world. You know that, right?
1274[15:13:37] <Lope> cipherize, you could move in with edward.
1275[15:14:19] <cipherize> oxek: Apply a security fix because it exists and crashing everything means you've just sacrificed availability in order to say "yes, its patched." You just ruined your own security posture.
1276[15:14:31] <oxek> DoD is hardly a good example of security done right
1277[15:14:42] <oxek> no government agency is
1278[15:14:42] <cipherize> oxek: You'd be surprised, on the infrastructure side.
1279[15:15:04] <Lope> cipherize, you don't like my jokes?
1280[15:15:11] <cipherize> oxek: National security/intelligence is a whole different world.
1281[15:15:12] * n4dir heads over to ams and loads the noise module ...
1282[15:15:24] <cipherize> Lope: I didn't really get them. o.o Sorry.
1283[15:15:40] <Lope> all good
1284[15:15:51] <Hallcyon> Is debian down still?
1285[15:15:54] <cipherize> oxek: So, yeah. Your arguments are crap, here. Sorry.
1288[15:16:10] <cipherize> Hallcyon: Down for me, yes.
1289[15:16:15] <Hallcyon> :/
1290[15:16:24] <Hallcyon> I guess I'll move to Ubuntu
1291[15:16:40] <oxek> cipherize: one sysadmin can copy all sorts of data an exfiltrate it, and their response to that is a change in internal policy instead of technological improvements
1292[15:17:18] <cipherize> oxek: Another lesson from Security 101: Technical controls will NEVER provide full coverage. If a change in policy fixes the issue, then fine.
1293[15:17:31] <abrotman> perhaps you'd like to use #debian-offtopic
1294[15:17:32] <cipherize> oxek: If technical controls solved all problems, we wouldn't need policies.
1295[15:17:35] <cipherize> abrotman: Fair.
1296[15:17:37] <oxek> they've been warned about those things for decades, but they never cared, thinking it's not gonna happen. And when it happened, they still didn't listen to us.
1302[15:20:10] <Lope> ratrace, I'll move my browser to ubuntu to reduce fingerprinting... does that count? :)
1303[15:20:14] <oxek> Hallcyon: p.d.n is not an official debian 'product'. There are many other pastebins you could use, including ubuntu pastebin. Hopefully you did not mean you're switching an operating system because a 3rd party pastebin is down.
1307[15:21:51] <ratrace> Lope: don't forget to disable motd and other spyware first :)
1308[15:21:59] <Hallcyon> oxek Unfortunately as much as I love debian for its stability, the community pastebin is fundamental to my workflow and thus with a heavy heart I must move.
1311[15:22:25] <oxek> ubuntu was on the verge of greatness, almost capable to overtake the entire linux ecosystem, right before they came out with Unity and focus on combining small phone screens with huge desktop monitors.
1312[15:22:38] <Lope> ratrace, thanks for the reminder. I'll do a ubuntu cleansing deep-dive.
1313[15:22:47] <Hallcyon> Any pastebin recommendations? Ubuntu annoys me as requires signing in or username plus sign in for plain text
1314[15:22:49] <n4dir> Hallcyon: you can't use a different pastepage?
1315[15:23:01] <oxek> Hallcyon: what sort of features do you need from a pastebin? termbin.com or 0x0.net
1316[15:23:04] <ratrace> Hallcyon: bpaste.net and dpaste.de are my favorites
1317[15:23:13] <oxek> I mean 0x0.st
1318[15:23:34] <ratrace> termbin.com is nice when I need to pipe output instead of feeding it copypasta
1319[15:23:35] <Lope> oxek, it was a good idea, but they just failed. Not all projects succeed.
1344[15:28:24] <dpkg> somebody said nih was "Not Invented Here" - a syndrome often suffered by developers and companies who tend to reinvent the wheel for no reason other than being able to put their name on it.
1360[15:32:20] <Lope> I heard snaps is a similar thing.
1361[15:32:48] <Lope> I read it's going to be a closed source armageddon
1362[15:32:51] *** Quits: nickodd (~nickodd@replaced-ip) (Remote host closed the connection)
1363[15:33:28] <ratrace> Lope: if by that you mean it'll allow vendors to package up their proprietary applications for easier delivery into linux? yes. is that bad? no.
1364[15:34:02] <ratrace> same can happen with flatpaks, appimg, docker, rocket, podman, ......
1367[15:34:33] <Lope> yeah, but with snaps it'll likely be controlled by ubuntu.
1368[15:34:41] <Lope> (apparently)
1369[15:34:45] <ratrace> "controlled"
1370[15:34:48] <Lope> The next apple app store.
1371[15:34:55] <Lope> 30% commission baby
1372[15:34:57] <ratrace> Canonical wants the opposite, ZERO involvement and maintainership
1373[15:35:22] <ratrace> whole reason they're pushing snaps is to maximize deliverability while minimizing (their) maintainership effort.
1374[15:35:23] <Lope> Oh, alright. I don't care enough to really know anything about it.
1375[15:36:26] <oxek> the problem with ubuntu is the same as with google or mozilla - you never know when they are going to drop the product you're using
1385[15:40:41] <ratrace> see this Pinta issue someone mentioned. Debian can't package it for policy reasons. so you can install a premade container with it (assuming it's from the trusted vendor). win-win.
1392[15:42:05] <ratrace> the only problem I have with snapstore is that it allows anyone to upload anything, so you must be careful and check that a snap is coming from its developers in an official capacity.
1393[15:43:02] <oxek> that's why I prefer flathub. Check a single yaml or json file, and it shows you where it gets its sources.
1427[15:50:17] <oxek> the page is on github pages, and whoever has access to it is making those changes replaced-url
1428[15:50:43] <Lope> ratrace, so what do you think?
1429[15:50:49] <oxek> if the dev said something like "Android x86 is used on many casino slot machines, hence the casinos are providing financial support" then it would be ok
1430[15:50:53] <oxek> but no communication from dev about it
1431[15:51:09] <oxek> but it is so many casinos, from so many places
1433[15:51:24] <Lope> You know I once had a small software project... and tried to make money with it by doing affiliate advertising. But affiliates didn't pay me a cent after thousands of hits for months.
1434[15:51:26] <oxek> and most opensource projects get hardly any sponsorship anyway
1435[15:51:30] <oxek> so it is all fishy
1436[15:51:58] <Lope> So I tried everything. I even tried putting adultfriendfinder on the site. Didn't make shitall money. Eventually I stopped bothering to pay for the hosting and took the software project down.
1437[15:52:21] *** Quits: Twemlow (~igloo@replaced-ip) (Quit: Twemlow has now left the arena!)
1438[15:52:27] <Lope> So it's possible that the legitemate devs have put casinos etc to make some money. I wouldn't blame them for trying it.
1439[15:52:31] <ratrace> Lope: just sold off for link placement
1440[15:52:56] <oxek> in any case, it does not make me confident about using android-x86
1441[15:53:11] <oxek> the lack of communication about it is the worst part
1442[15:53:21] <Lope> oxek, I wouldn't say it's "fishy" because the casinos will list on anybody's site.
1443[15:53:53] <oxek> Lope: it's done by someone with access to the devs github account, based on that commit I linked
1444[15:54:02] <oxek> it's not a simple advertisement space
1445[15:54:13] <oxek> and there are no affiliate links there either
1446[15:54:24] <oxek> it's pure url addresses of casinos and other questionable places
1447[15:54:32] <Lope> oxek, yeah. It could be the main dev who's trying to monetize the site?
1448[15:54:51] <oxek> how would you monetize the site without any tags on those links?
1450[15:54:58] <ratrace> there are multiple contributor to the project. if nobody complained... they're either stupid (associating their names with a project that's hacked) or approving of the changes.
1451[15:55:20] <Lope> oxek, I tried to search DDG about "android-x86 hacked" etc and couldn't find any news articles about it.
1452[15:55:21] <oxek> or nobody actually checks the homepage and the repo that controls the homepage
1453[15:56:35] <oxek> I mean, the page has "Luxury fake rolex for sale under $50, the best replica rolex watches."
1454[15:56:50] <oxek> that certainly breaks at least some law somewhere
1455[15:57:13] <oxek> I wouldn't want to use a project that is essentially an operating system when it advertises such stuff
1456[15:58:27] <Lope> oxek, I think the lead dev is a chinese dude.
1457[15:58:59] <Lope> In china the culture of caring about brand copyright etc is not so popular.
1458[15:59:18] <ratrace> well..... anbox is packaged in Buster, so..... just use that
1459[15:59:26] <Lope> I'm not making excuses for the morality of it. Just saying that it's not proof that it's been hacked.
1461[15:59:57] <Lope> ratrace, cool, never heard of it. Will have a look thanks.
1462[16:00:13] <ratrace> Lope: eh, it's only most popular tool :)
1463[16:00:33] <Lope> ratrace, I always thought that android-x86 was the go-to.
1464[16:00:53] <oxek> Lope: doesn't change how I feel about it. How would you feel if debian homepage had such a huge sponsors section with same links like android-x86 with no communication about it?
1465[16:01:32] <oxek> would you think everything is ok and go about your business downloading ISOs and using them to install your operating system?
1466[16:01:36] <Lope> well, different because debian is not a tiny project.
1467[16:01:47] <Lope> android-x86 has always been a tiny team.
1468[16:02:16] <oxek> debian unfortunately is a tiny project. 800k USD donations last year? That does not even pay for 10 devs salary working fulltime.
1469[16:02:17] <Lope> I'm not saying I'm comfortable using android-x86, no. All I'm saying is nothing you've said is proof that it's been hacked.
1470[16:03:43] <joepublic> Not a good sign, though
1472[16:05:58] <Lope> Like I'm a pretty normal guy. I would never think of getting involved in porn business or whatever. But when I had a software site and couldn't monetize it with anything available, I said "fuckit" and as a hail mary I put adultfriendfinder on it to see if it would make money with the 10k hits per month it was getting. (as an experiment that I wasn't entirely comfortable with, but did it more as a tech/making-money-online experiment) But it made no money so I
1473[16:05:58] <Lope> just shut it down cos didn't want to waste money on hosting. This was like 20 years ago.
1474[16:07:01] <Lope> So all I'm saying is don't jump to the worst conclusions cos you see casinos and whatever else on a tiny software project's site. Sometimes people need to make money with a project or the project dies.
1475[16:07:05] <alex11> well this is an interesting discussion to wake up to
1489[16:12:25] <ratrace> not talking about 20 years ago and a single link to adultfinder, but about a page with dozens of links to pron and casions and shady stuff
1494[16:18:42] <oxek> Lope: true, you only ever get a confirmation that a site has been hacked once the site owners admit to it. But for me I err on the side of caution and when something looks hacked, I consider it hacked - and none of the devs responded to emails about it in months.
1495[16:19:24] *** Quits: el_tabo (~Parker@replaced-ip) (Remote host closed the connection)
1501[16:21:40] <Lope> oxek, I didn't know that anbox existed. Did you? If so, why were you interested in android-x86 over anbox?
1502[16:21:40] <oxek> no reply does not mean confirmation of anything though
1503[16:22:04] <Lope> I've installed anbox on an eee laptop before. it was more of a gimmick than anything else.
1504[16:22:14] <oxek> Lope: I wanted to try anbox but it required a newer CPU with some special feature than I had back then, so I came across android-x86
1505[16:22:22] <oxek> anbox should work though in theory
1563[17:09:47] <cockroach> I recently installed Debian on an older Macbook and it worked just great. Unfortunately I had to redo the partitions afterwards and re-install grub, now I'm getting some grub errors before it (successfully) boots and I think it takes a bit longer. the errors are "error: no such device ", followed by my /boot partitions UUID, and "error: no server is specified" which sounds a bit like it's trying to boot
1605[17:30:56] <diogenes_> maybe it's related to that but luks lvm, xfs is still terra incognita for me.
1606[17:32:19] <cockroach> it's a scary but fun combination. also, on other machines it works just fine, but of course I'm not using UEFI anywhere else...
1615[17:47:41] <oxek> cockroach: are you on debian stable or testing? That config has syntax that looks like testing.
1616[17:48:10] <cockroach> oxek: stable (buster), according to my sources.list
1617[17:48:53] <oxek> hmm. I did a diff of your config and mine, and it looks almost identical except for insmod xfs vs insmod ext2 on my part, and the UUID parts
1618[17:48:57] <oxek> and a few other meaningless ones
1619[17:49:09] <oxek> so there's nothing immediatelly wrong with it
1620[17:50:11] <cockroach> thanks for checking
1621[17:50:39] <cockroach> could it be that my manual "grub-install" was different from what the debian installer did?
1622[17:51:41] <cockroach> i.e. that the problem lies with the way grub was installed to the disk rather than the config file?
1647[17:59:55] <cockroach> to the device, I used 'grub-install /dev/sda'
1648[18:00:05] <cockroach> hmm
1649[18:00:28] <banana34> fruits, especially bananas, are great
1650[18:00:41] <oxek> that command looks incomplete
1651[18:01:24] <cockroach> if I installed it to the partition, then some other bootloader would have to be installed to the device, right? can't say I fully get how UEFI works...
1662[18:12:47] <rokra> Hello, just did an upgrade of a debian OVH VPS and now I m stukc to start Maria service due to the kernel 3.2.0-4-amd64 instead of booting on new one installed linux-image-4.9.0-13-amd64, how to force it to restart on new kernel ?
1669[18:17:53] <towo`> rokra, maybe your vps is running on a host kernel, not a guest one
1670[18:18:22] <tete_> hi, i'd like to create a cronjob that gets executed after a reboot and print me some infos. i tried with: @reboot /usr/bin/sleep 3 && wall "hello world"
1671[18:18:27] <tete_> but nothing happens after a reboot and login as root
1734[19:06:14] <nvz> tete_: as root try this command
1735[19:06:22] <nvz> echo "hello" > /dev/tty1
1736[19:06:28] <nvz> and then press ctrl+alt+f1
1737[19:06:42] <nvz> and be amazed :P
1738[19:07:49] <nvz> the virtual consoles are files that can be read and written to just like anything else. In linux most everything is exposed to the filesystem
1776[19:32:47] <tete_> nvz, i have a script that adds a cronjob with a @reboot, this script which is executed after the reboot does some stuff and i want to inform anyone that sits at the terminal to show whats going on
1777[19:33:30] <nvz> tete_: then, yes, what I just told you will work.. it just has to be done as a user with permissions to access /dev/tty1
1778[19:33:44] <nvz> but its less than ideal was just a proof of concept
1779[19:33:54] <tete_> and for me, it looks like as if this script is working even tho i am not logged in as root because the files i create are generated but that "wall" does not show anything, so i assume this job is executed but wall does nothing because no one is logged in
1797[19:37:31] <nvz> I can't imagine what you're actually doing, but it doesn't seem to make any sense.. you shouldn't need to inform anyone not logged in of anything
1798[19:37:50] <tete_> this is for testing purposes of my university
1799[19:38:22] <nvz> you should probably be writing to the motd so they see it WHEN they login
1800[19:39:01] *** debhelper sets mode: +l 1143
1801[19:39:22] <nvz> tete_: but fwiw the non-login version of motd is called issue
1818[19:41:55] <nvz> well look, I'm done with this issue, you can ask someone else or you can write your own operating system
1819[19:42:00] <nvz> I'm telling you how things work :P
1820[19:42:04] <tete_> omg
1821[19:42:49] <nvz> yes omg is right.. you're being obtuse about wanting to do something but not accepting the ways its possible to do it
1822[19:42:58] <nvz> you want to use wall? rewrite it
1823[19:43:04] <nvz> thats not how it works
1824[19:43:14] <tete_> i did not say i am forced to use wall
1825[19:43:16] <nvz> you want a message before login, put it in the damn /etc/issue file
1826[19:43:22] <tete_> i thought that should work, it does not, ok, so i need to find another solution
1827[19:43:24] <nvz> or write directly to the tty
1828[19:43:56] <tete_> <nvz> or write directly to the tty <- i told you now at least 3 times that this did not work
1829[19:44:06] <tete_> but seems like you are unable to understand my problem that this did not work
1830[19:44:29] <nvz> it DOES work
1831[19:44:35] <nvz> if you do it like I told you.. AS ROOT
1832[19:44:46] <nvz> if the script isnt or can't run as root, then change permissions of the tty
1833[19:44:53] <nvz> which again, this is a bad idea
1834[19:44:57] <tete_> wow
1835[19:45:13] <tete_> but ... did you read that i can access /root and write in there, which requires the script being run as root or with root permissions?
1843[19:46:21] <nvz> I didnt just tell you this... I tested it first.. I opened an exterm typed sudo su, then the command I gave you and I went to tty1 and it was there.. I did this because a LOT has changed since I done something this silly.. and I wanted to make sure it still works
1844[19:46:56] <tete_> jep nvz it works, WHEN I AM LOGGED IN
1852[19:47:50] <tete_> after the reboot i did a "cat /root/id" and thats the output
1853[19:47:53] <nvz> again, you have to be logged in to do anything.. and I wasnt logged onto tty1 when I did it, I was logged in to lightdm on tty7 when I did it
1854[19:48:06] <_Fremen_> Hello everyone
1855[19:48:09] <nvz> there is no such thing as doing something on a linux system without being logged in
1856[19:48:15] <nvz> because that would be ridiculous
1857[19:48:30] <_Fremen_> I asked this on debian testing but did not receive an answer, can you help me with this?
1858[19:48:42] <_Fremen_> I am using debian testing and started to experience a weird issue lately, when I restart the computer, the sound is gone and only way to fix it is disconnect sound cable (the green one) and reconnect it. Does anyone now what could cause this?
1863[19:51:28] <mihi> tete_, so could you explain again what exactly is not working? Keep in mind that with systemd, gettys are started when you switch to the terminal the first time, and it will clear the screen.
1864[19:51:54] <mihi> So when you do 'echo hi >/dev/tty5', switch to tty5 and back, then 'echo ho >/dev/tty5' you will only see ho and not hi
1865[19:52:38] *** Quits: j7k6 (~j7k6@replaced-ip) (Remote host closed the connection)
1867[19:52:55] <tete_> in the university we set up a virtualbox with debian. this debian virtualbox is configured to use virtualbox addons etc. - and it requires a reboot. our goal was to automate as much as possible. so i log in as root, start the script and it does some stuff e.g. configuring network, installing the virtualbox addons. then i create a crontab with @reboot so my script can continue and then i do that reboot.
1868[19:53:21] <mihi> and all that time, the virtual machine is showing the login prompt on tty1?
1869[19:53:24] <tete_> after that reboot, i want to continue and print some information. i dont care if i have to login or not, but i need information printed. unfortunately, with wall it did not work
1903[20:03:00] <mihi> yeah. By the way, when you are at university, you should learn about shell quoting rules at some point. It hurts my eyes when quoting useless words...
1907[20:03:39] <tete_> so do i have to use some sleep? how do i know when i can print that info?
1908[20:03:49] <mihi> in other words, »echo hi« will do the same as »echo "hi"« or even »e"ch"o h"i"«
1909[20:04:20] <tete_> i know but it makes it easier for me to read... its like a function, echo("some string...");
1910[20:04:32] <mihi> my suggestion would be to change /etc/issue, sleep a bit, then change /etc/issue back. Or if you want to do it fancy wait until ps lists the getty process on tty1.
1911[20:05:01] <mihi> but if it is only some information after reboot, sleep should probably suffice
1912[20:06:43] <tete_> is /dev/tty for all tty's? so a echo "hi" > /dev/tty would be better because if someone switched the tty then he also recognizes it
1913[20:07:30] <nvz> the issue with cron and sleep in this context, and trying to write to the tty is that it assumes things run synchronously and there can never be any variance in how it happens
1915[20:07:59] <nvz> if you want something to appear on the console prior to login but after the system is all up and running you use systemd and the /etc/issue file
1916[20:08:15] <mihi> /dev/tty will appear on the controlling tty of the process running it (so nowhere when run from cron). /dev/console appears on whatever tty is currently visible
1917[20:08:25] <unborn> hi all, I have one stupid one.. before I was able to put password to zip files but now I cannot.. what package I am missing please?
1921[20:09:23] <mihi> you could also chvt to an unused tty (of your configuration) and then immediately print your message. But include information how to get back
1922[20:09:36] <nvz> really the only reason I can see they dont wanna use /etc/issue is they want to show the output of a script in realtime while its running on reboot without being logged in
1924[20:10:03] <tete_> it is "realtime", i do some stuff and want to print some echoes
1925[20:10:23] <tete_> like "going to set up network...", doing that, and then printing "done.", then "setting up some fancy bash colors" ...
1926[20:10:37] <nvz> can't do anything bash, bash isnt running
1927[20:10:37] <tete_> and at the end a shutdown
1928[20:10:48] <nvz> you're not logged in :P
1929[20:10:49] <b_jonas> hi. for some reason X is loading the fbdev and vesa drivers, not the intel drivers, despite that the xserver-xorg-video-intel package is installed
1930[20:11:03] <tete_> i mean modifiying the profile of root
1931[20:11:10] <tete_> of course i can not see the colors
1932[20:11:25] <tete_> but when its finished and i log in the bash prompt should be different
1934[20:11:41] <tete_> thanks, guess thats enough information to continue
1935[20:11:50] <b_jonas> why is that?
1936[20:12:30] <nvz> tete_: if you'd described all that to begin with I'd have told you to ditch cron and basically everything you're doing and use systemd
1937[20:12:41] <mihi> tete_, so probably the "correct way" would be to do the second half in a systemd unit that uninstalls itself. So it will run amids the other boot messages (if they are not hidden).
1938[20:13:06] <nvz> tete_: what you need is to have whatever is running the first time create a systemd unit.. because a systemd unit can do the kind of thing you describe, its what does all the stuff you see at boot anyhow
1939[20:13:28] <nvz> then you need to have it all tear itself down obviously cause its a one-time thing
1940[20:13:32] <tete_> hm... the documentation from our teacher says "cron"
1941[20:13:39] <tete_> not sure if i can use systemd
1942[20:13:48] <mihi> tete_, is that a homework assignment?
1943[20:13:51] <nvz> @.@
1944[20:14:12] <tete_> not really - this is even not homework, well, its optional homework
1945[20:14:16] <mihi> lots of people don't mind helping with that, but please state it upfront if it is.
1946[20:14:36] <tete_> my english is not the best so its hard for me to tell what i mean ;)
1947[20:15:05] <tete_> the homework was to execute some scripts and if we have some more time and interest, we can try to automate as much as possible
1948[20:15:23] <mihi> if it is not homework but your own learning, first thing to learn is to ditch everything in the documentation of your teacher. :D
1949[20:15:54] <mihi> In my experience, they are either outdated or overcomplicated, but never are the best way to do it
1950[20:16:47] <tete_> but with cron it works on devuan too :P
1952[20:17:33] <mihi> there are scripts in debian to do this regardless of init system. For sysvinit you would have to drop some script in /etc/rcS (I believe)
1953[20:17:37] <tete_> i'll take a look at systemd, maybe thats even better and then i can show the cron stuff as alternative and the better way with systemd
1954[20:17:54] <unborn> uh thanks all.. I found it.. it works in terminal :)
1997[21:04:53] <sney> I'm using it in bullseye and tbh I don't notice a practical difference between it and 6.1. there was one weird behavior after a crash but otherwise it's still the same ol libreoffice
2031[21:22:30] <tmroland> but its jsut a simplified command for useradd
2032[21:22:32] <tmroland> script
2033[21:22:34] <tmroland> or something
2034[21:22:48] <tmroland> at the most basic level and universal level its useradd/groupadd/usermod/groupmod
2035[21:23:19] <tomreyn> yes, but on debian people should prefer adduser/addgroup, unless they know exactly how to use those directly.
2036[21:23:32] <tmroland> depends on the user what they prefer i guess
2037[21:23:40] <tmroland> adduser is more easy
2038[21:23:43] <tmroland> for sure
2039[21:24:05] <diverdude> hmm ok... its a command made for python:3.8.3-alpine `addgroup -S app && adduser -S app -G app` but i wanted to make a similar for debian slim-buster
2040[21:24:09] <tmroland> then again debian is a bit unconventional in some means
2041[21:24:15] <tmroland> like with uname -v
2042[21:24:18] <tmroland> returning the real kernel version
2043[21:24:20] <tmroland> instead of uname -r
2044[21:24:39] <tmroland> yes, its python script
2045[21:24:44] <tmroland> like i guessed
2046[21:24:44] <jmcnaught> diverdude: add a system group: "addgroup --system groupname" add a user to the group: "adduser username groupname"
2125[23:00:39] <tmroland> the other way around actually, uname -v would return exact kernel version
2126[23:00:44] <tmroland> while uname -r only major minor
2127[23:01:02] <cipherize> Okay. Show me the output of uname -v and uname -r. Exactly.
2128[23:01:15] <tmroland> i dont have sid installed any longer, but once i do i will
2129[23:01:20] <tmroland> last i had it was weeks ago
2130[23:01:24] <tmroland> and it held true
2131[23:01:28] <tmroland> i came here asking about it, because it semt really weird
2132[23:01:33] <tmroland> and one guy here said thats how it is
2133[23:01:41] <tmroland> and another guy said he didnt even know
2134[23:02:10] <tmroland> on any other distro uname -r returns exact kernel version and uname -v only returns build date
2135[23:02:50] <tmroland> when i asked why its different on debian, guy said i mustve been not using debian in the last 2 decades if i didnt notice that difference
2136[23:03:04] <tmroland> after, another one said he didnt notice it either
2137[23:03:43] <cipherize> I'm going to prove a point, here. Give me a moment.
2139[23:05:25] <cipherize> The content of uname -r and uname -v are to some extent determined by the distro, but they all report similar information, even if the format is different.
2145[23:08:20] <cipherize> uname -r is generally the package version ("release"), and uname -v is build information.
2146[23:09:06] <cipherize> Distros without versioned packages (e.g. Arch) won't need to reflect version data in uname -v, as its already presented in uname -r.
2151[23:11:34] <cipherize> The fact that different information is presented in uname -r/v on Debian is probably a consequence of how packages and versions are managed by apt. Any distro using apt probably presents data that way. Most other distros that I know of reflect true versions in package names.
2180[23:28:21] <cipherize> tmroland: Sounds like you're making mountains out of molehills, frankly.
2181[23:28:47] <tmroland> just explaining concretely what i meant
2182[23:28:52] <tmroland> to finish the subject
2183[23:29:01] *** debhelper sets mode: +l 1130
2184[23:29:09] <joepublic> Good non-debian-specific thing to know is that uname responses vary among operating systems, and it's a great idea to check uname -a
2185[23:29:24] <tmroland> not bothered by that difference honestly
2186[23:29:45] <tmroland> its as good a distro as ever