47[01:04:24] <dpkg> Java is a cross-platform C++-like OO language. Sun, now Oracle, has released most of its Java implementation under the GPL as <openjdk>. There are other implementations packaged; for Debian 6.0 "Squeeze" systems, Sun's JRE/JDK is in <non-free> (for i386, amd64 only). Ask me about <install java>. See also <java alternatives>, <icedtea>, <java ipv6>, <java-package>. replaced-url
48[01:04:35] <EdePopede> 6? looks like it could need an update
49[01:06:16] <sponix> !install java
50[01:06:16] <dpkg> To install the java runtime environment (JRE) to run java programs, install 'default-jre'; to compile java sources, install 'default-jdk'. You will often find additional openjdk-$X-jre or openjdk-$X-jre versions in <backports>. See also <java alternatives>, <java plugin>.
69[01:30:24] <amlchief> are there any known reasons on why NVMe disk write speed could be limited to 1.2 GB/s on Linux ? just tested the same drive on w2012 r2 server and got >3gb/s speeds for writes
87[01:38:53] <amlchief> I have tested this on 2 ssd's: Crucial P5 1Tb and Samsung 970 PRO NVMe 1 TB
88[01:39:01] *** debhelper sets mode: +l 1106
89[01:39:13] <amlchief> both disks same issue
90[01:39:34] <amlchief> on machines dell poweredge R630 and R620
91[01:39:45] <ratrace> and also, was windows tested on the same hardware? that limit sounds like within range of single channel ddr3 transfer rate, or a 10GBps NIC
95[01:40:49] <somiaj> amlchief: Anything in dmesg about what it is detecting the drives as and what speeds it assigns to them?
96[01:40:53] <cheapie> amlchief: This might be a bit of a stretch, but check if the device is properly negotiating PCIe 3.0 speeds under Linux... I don't see why it wouldn't, but who knows. *shrug*
97[01:40:58] <ratrace> scratch that about dd3, I missed by an order of magnitude
98[01:41:02] <somiaj> amlchief: also is this on the stable 4.19 kernel or a newer kernel?
99[01:41:03] <ratrace> *ddr3
100[01:41:51] <cheapie> "lspci -vv" should spew info about it, look for "Speed: 8GT/s" (or 16) under the "LnkSta" section.
103[01:42:41] <somiaj> cheapie: won't that just show what the device reports and not what the kernel actually assignmend, maybe lshw would be better to see details about what the kernel is actually using?
104[01:42:59] <ratrace> amlchief: also what were you dd'ing? /dev/zero?
105[01:43:12] *** Quits: frostschutz (~frostschu@replaced-ip) (Remote host closed the connection)
106[01:43:19] <amlchief> i'll gather info within 5 min, booting it up. yes it was /dev/zero
107[01:43:21] <cheapie> somiaj: It'll report what the device says the *current* link state us.
108[01:43:22] <cheapie> is*
109[01:43:45] <cipherize> It's possible that your writes were hitting areas of the disk that weren't trimmed.
110[01:43:48] <somiaj> ahh what the hardware link state is at? I see.
111[01:43:55] <amlchief> cipherize, i always trim
112[01:43:59] <amlchief> before tests
113[01:44:10] <cheapie> somiaj: Yes, whether it's PCIe 1/2/3/4/etc. and also the width.
114[01:44:28] <cheapie> somiaj: Not to be confused with LnkCap, which should show what the device is *capable* of.
115[01:45:39] <amlchief> i have also an asus desktop motherboard to perform the same test and as i remember it was same issue, but could confirm
160[02:03:03] <amlchief> do you have any speed test results to compare?
161[02:03:13] <genr8_> the Crucial is operating at around 500MB/s writes, and the Samsung at about 250MB/s. I know they should be faster than that, and in reverse.
162[02:03:32] <genr8_> Im not good at benchmarking SSDs in linux, i just know its not the same as windows.
163[02:03:48] *** lock964 is now known as S3xyL1nux
190[02:16:06] <cipherize> amlchief: If he's writing to a device, it's not a filesystem, nor is it mounted.
191[02:16:16] <genr8_> cipherize, you caught my drift for once
192[02:16:16] <amlchief> missed that part
193[02:16:32] <cipherize> !ops
194[02:16:32] <dpkg> Please invoke 'dpkg: ops $problem' to call the operators to deal with a specific problem. Misuse of this will lead to a ban. Operators can also be contacted in the #debian-ops channel.
195[02:16:43] <cipherize> !ops Repeated harassment by genr8_.
196[02:16:44] <dpkg> Hydroxide, dondelelcaro, LoRez, RichiH, mentor, abrotman, Maulkin, stew, peterS, Myon, Ganneff, weasel, zobel, themill, babilen, SynrG, jm_, somiaj, jelly, petn-randall, bremner: cipherize complains about a problem (see above)
216[02:44:34] <GoddlessMothers> sponix: aahhhhh *hugg;es the sponix* happy happy :) someone to speak with
217[02:44:46] <sney> o_o
218[02:44:52] <GoddlessMothers> sponix: was wondering if you knew much about live usb's ?
219[02:45:15] <amlchief> there are a lot of people to speak with
220[02:45:21] <abrotman> There's a Debian live USB .. be more specific
221[02:45:23] <somiaj> just ask your question
222[02:45:47] <GoddlessMothers> why not be a bit friendly first somiaj ? the world is busily headed nowhere as is :P
223[02:46:19] <themill> Or you could just ask your question ;)
224[02:46:27] <GoddlessMothers> so quick question is there any reason that editing the contents of rootfs.img and not changing the kernel or initramfs or anything of that nature in a live usb should cause livecd not to boot after doing so ? all i did is add some packages and do a mksquashfs and place that back, with the exact internal directory structure of the original back onto the usb's LiveOS directory. really onlu just
225[02:46:27] <GoddlessMothers> did a few dnf install's
226[02:46:35] <GoddlessMothers> there is the question :P
229[02:47:44] <GoddlessMothers> fedora but the layout using isolinux etc is relatively similar. have done something similar with debian and ubuntu previously.
230[02:48:06] <GoddlessMothers> grub should always load right ? first thing we should see ?
231[02:48:11] <abrotman> why not ask #fedora?
232[02:48:16] <abrotman> or ##linux
233[02:48:34] <GoddlessMothers> people here have always been more grumpily antisocial :P but helpful :)
234[02:48:41] <GoddlessMothers> and they dont talk much
235[02:48:43] <abrotman> Seems like if it worked in Debian before, it might be a Fedora-specific issue
236[02:48:53] * GoddlessMothers nods
237[02:49:37] <cipherize> GoddlessMothers: Remember that Red Hat-alikes boot in SELinux-enforcing mode. I don't know what SELinux attributes are preserved by mksquashfs; if they ARE preserved, and the things that you've added are not correctly labeled, you'll have problems that you won't encounter in Debian.
238[02:49:39] <GoddlessMothers> heh might be but not a sensible one, initrd's and the like is what grub uses to load shit right ? the uuids that are associated with the final images ?
240[02:50:51] <GoddlessMothers> ahhhh theres a nasty term, SELinux..... never encountered that before this crap. not part of debian ?
241[02:51:04] <cipherize> GoddlessMothers: And you should keep this question in #fedora. You didn't even give people five minutes to answer your question before jumping to a channel that isn't for Fedora questions.
242[02:51:33] <abrotman> (yes, Debian has SELinux)
243[02:51:40] <GoddlessMothers> cipherize: actually been waiting for like 20 minutes now :P
245[02:53:39] <cipherize> Your original question was asked in #fedora at 20:41:38 Eastern US time. You whined in #fedora at 20:43:28 (not even two minutes!), joined here at 20:43:45, and asked your off-topic question here at 20:46:27.
246[02:54:06] <cipherize> GoddlessMothers: The I in IRC does not stand for "instant." ;)
247[02:55:13] <abrotman> GoddlessMothers: regardless, you're OT here, please take it to the proper channel. This is not it.
248[02:55:18] <genr8_> the LiveCD .img most likely has a hybrid bootable sector, which when you uncompress it as an image and recompress it with squashfs, you lose the boot sector
249[02:56:22] <genr8_> you would need to do something about that. and idk what.
250[02:56:54] <genr8_> look into the scripts of how they generated the .img in the first place
251[02:57:32] <amlchief> so basically back to my nvme question, just finished the test on windows 2012 on the same machine by just swapping the boot disk: replaced-url
252[02:58:02] <amlchief> shoul i test on other distros with different kernels and then file a report if its' really a kernel problem?
253[02:58:28] <genr8_> sure. i didnt go that far, i just figured it was linux in general
256[03:00:19] <somiaj> amlchief: did you try the kernel from backports yet?
257[03:00:30] <amlchief> no, going to do it now
258[03:01:30] *** Quits: Python1320 (Python1320@replaced-ip) (Remote host closed the connection)
259[03:01:35] <somiaj> checking other distros might help, but I don't think the kernel varies that much at this level between distros (except for version).
260[03:02:21] <amlchief> well i'll test ubuntu , but i need debian anyway for production
261[03:03:01] <somiaj> might be better to try a fedora livecd or arch vs a debian based distro.
262[03:03:12] <amlchief> okay
263[03:03:36] <somiaj> Though I don't see the linux kernel at this level differing that much
264[03:03:43] <somiaj> (outsdie of version)
265[03:04:07] <amlchief> any idea about other tests i could perform?
266[03:04:24] <amlchief> or what should i look for in dmesg
267[03:04:50] <somiaj> I would just look for info around assigning this block device, usually it states what it is attached to and speeds
277[03:12:39] <gxp> Hi. First time here (well, first time on an irc server ever after 1996). Debian user since 2014. Three days ago I decided to jump into "Testing" because I want to collaborate to the project, somehow. I am trying to connect to #debian-next to no avail, though. Is that the correct channel, or is there a better one? TIA.
278[03:13:13] <sney> !debian-next
279[03:13:13] <dpkg> #debian-next is the channel for testing/unstable support on the OFTC network (irc.oftc.net), *not* on freenode. If you get "Cannot join #debian-next (Channel is invite only)." it means you did not read it's on irc.oftc.net. See also replaced-url
280[03:13:15] <cipherize> gxp: It's on a different network. OFTC.
281[03:14:00] <gxp> Ah, ok. That's the problem. Thanks a lot.
290[03:27:18] <genr8_> I assume a lot of fixes have gone into it. And the signatures indicate a lot of it is written by Intel. so our Samsung or Crucial drives may not be taking full advantage of the code. I know on Windows, Samsung has their own NVME driver that improves performance over the Microsoft default
291[03:29:01] <genr8_> i'd wager the kernel has more impact over it than the distro
292[03:29:05] <amlchief> however i performed a test on crucial nvme and it's driver independent on windows (even more performance than samsung)
295[03:33:36] <genr8_> true. well just guessing, but even if its not the driver itself, it could be the kernel's internals like overhead, memory allocation, locking/synchronization, interrupts.. that kind of plumbing
297[03:37:04] <amlchief> yep. sincerely when i was buying those i was expecting anything to go wrong but the linux :) was sure it would handle them firmly.
298[03:39:24] <somiaj> Linux often lags on new hardware, though since this is important for the server side, I'm a bit surprised (wonder if RHEL has any enchancments for this)
299[03:40:55] <genr8_> normal person cant do much besides change distro or live with it. even 700MB/s is fast enough for me to not care that much
300[03:43:27] <amlchief> i would go with sata III ssds at 500mb/s in appropriate hot-swappable disk slots if that speed range was acceptable for me. but not the case when you have a considerable amount of vms on the node
303[03:54:52] <amlchief> huh had to reformat that drive previously in windows to NTFS and it's giving 100mb/s writes under Linux now (ntfs-3g). Is ntfs-3g known for low speeds?
304[03:55:35] <nvz> I would strongly advise you NOT to write to ntfs created on windows
305[03:55:53] <nvz> if you must write to NTFS you should create it using the same linux tools you're going to write it with
306[03:56:14] <amlchief> it's was just for a quick test anyway, i never use NTFS in real world
320[04:07:59] <genr8_> whats weird is while thats happening, I can see in linux the device is actually committing either 250 or 500MB/s writes then followed by periods of 0. so the host cache buffer is doing some weird stuff. If i run oflag=direct, it goes 50MB/s :p
321[04:08:19] <genr8_> i have no idea how it works but its not ideal in the slighest
332[04:12:12] <ryouma> i like to do tunefs -m 0. but i can't figure out what argument will tell me what the current reserved blocks are. also, i find that if i do tunefs -m 0 twice, it will error the second time.
333[04:14:25] <ryouma> says it cannot find valid fs superblock the second time but not the first time
340[04:26:22] <somiaj> ryouma: see dumpe2fs to dump all info about a ext? filesystem.
341[04:26:57] <somiaj> ryouma: also I don't think you want -m 0, as reserved blocks really help if your drive fills up, and to keep it from getting to fraggmented if it is full
342[04:27:14] <somiaj> though turing it down on big devices does help out
343[04:27:55] <somiaj> amlchief: maybe check the kernel bugs and see if they have any issues raised about NVMe
344[04:28:24] *** Quits: hmuller (~hmuller@replaced-ip) (Quit: time for sleep)
345[04:28:59] <amlchief> btw there's nothing that reports nvme speed in dmesg. the only thing does is a pcie car attached in the other slot: mlx5_core 0000:04:00.1: 63.008 Gb/s available PCIe bandwidth (8.0 GT/s PCIe x8 link)
353[04:34:06] <somiaj> oh wait I'm backwards, that rreport was fredora was slower...
354[04:34:43] <ryouma> somiaj: well i think running it corrupted the fs
355[04:34:59] <ryouma> somiaj: i am getting i/o error. ls shows some lines like -????????? ? ? ? ? ? dus--2020-01-07-Tue-20-23-09
356[04:35:09] <ryouma> i thought tunefs -m 0 was harmless
357[04:35:43] <somiaj> was your drive almost full? I didn't think it would cause that problem. but i/o errors almost sound like hardare and not the file system.
358[04:36:03] <somiaj> I would unmount that drive or if it is / reboot into single user mode and fsck the file system, see if that can recover things
399[05:24:19] <asterismo_l> after installing debian 10 in an old PC with two IDE drives in a RAID1 array, everything went well. After updating the kernel to a newer version, it ran update-grub and it broke grub and now i get the arch-indepenedent ELF magic, whatever that means... so if i install a debian version which wont get any more kernel updates, its fine by me
400[05:25:01] <nvz> @.@
401[05:25:10] <asterismo_l> i remember debian 8 jessie as a great version
402[05:25:13] <asterismo_l> wheezy too
403[05:25:15] <asterismo_l> i dunno
404[05:25:30] <nvz> first of all, you can just not upgrade any package you like, as silly as that may be..
405[05:25:45] <nvz> secondly, kernel upgrades do not remove the old kernel, you can just boot the old one
406[05:26:23] <asterismo_l> on wheezy i get the systemd-free plus right?
409[05:26:51] <ryouma> somiaj: thanks. all i did was unmap and unmount it, then map and mount it, and it ran fsck by itself. and it said clean. which is sort of amazing.
417[05:29:28] <ryouma> somiaj: that dumpe2fs command printed so muchj out put (free blocks and such) that i had to interrupt it. idk what to look for. the reserved blocks are actually useful for defragmenting? so they are virtual blocks that are allocated to allow contiguity behind the scenes? id didn't know that. i thought they had no effect on fragmentation. maybe i should try 1 instead of 0 or so.
418[05:30:43] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
419[05:31:25] <ryouma> i did not see anything in dumpe2fs about reserved block percent. i saw Reserved block count: 24405786. but this is after running the -m 0, so idk why it would not be 0.
420[05:34:09] *** Quits: deb (~deb@replaced-ip) (Quit: Leaving)
434[05:50:11] *** Quits: yonder (~yonder@replaced-ip) (Remote host closed the connection)
435[05:50:20] *** Quits: astrofog (~astrofog@replaced-ip) (Remote host closed the connection)
436[05:51:40] <asterismo_l> question: i currently have a raid1 array which is an encrypted LVM. i switched to larger drives with dd and so i have the same space, how do i enlarge to the new drives capacity?
437[05:51:48] <asterismo_l> is there any good tutorial on this?
463[06:02:41] <gasull> I have Debian 11 for Python development. I need Python 3.7 for a particular project, but Debian 11 comes with Python 3.8. Whats the cleanest way of having Python 3.7 also installed?
476[06:08:53] <gasull> nvz: Can I have several Python versions installed? Something like the deadsnakes PPA but for Debian instead of Ubuntu?
477[06:09:01] <nvz> there is a huge python transition taking place, is one reason python development is going to be hell in testing/unstable, testing is far more complicated due to lag getting fixes and being frozen/slushy at times..
478[06:09:14] <ansimita> gasull: check out replaced-url
479[06:09:17] <nvz> you should be using some sort of container for this
481[06:10:18] <gasull> ansimita: I'm using pipenv, which is officially recommended by Python.org, but it requires the Python versions to be installed in the system.
488[06:13:12] <nvz> you should install stable, or seek help in #debian-next on irc.oftc.net
489[06:13:14] <gasull> I need Debian 11 for some of my Neovim plugins.
490[06:13:25] <nvz> you probably don't
491[06:13:36] <gasull> nvz: OK, thanks. I'll ask in #debian-next
492[06:13:49] <nvz> and youre probably going to run into all kinds of breakage and just make your life difficult for no good reason
493[06:15:51] <gasull> nvz: I need Debian 11 for some Neovim plugins I use. And I need Python 3.7 for a particular project. The only way I see to square the circle is Debian 11 with several Python versions installed.
494[06:16:24] <nvz> I'm willinig to bet it'd have been easier to solve the neovim problem on stable
496[06:18:10] <ansimita> gasull: have u tried using the latest neovim appimage on Debian stable instead of the neovim version packaged by Debian?
497[06:18:31] <nvz> and you'd have python 3.7 already, and wouldnt be facing all kinds of pain of the python and other transitions taking place which will be slower to be resolved in testing
498[06:18:37] <gasull> nvz: It wasn't possible, because even using apt pinning I needed to upgrade libc6 and a bunch of packages that got pulled with it.
500[06:19:00] <nvz> gasull: idk where you learned these habits of yours but hammering stuff into a system isnt the way to do it
501[06:19:28] <nvz> you don't just go pull packages that aren't for the system.. apparently you been using ubuntu too long or something
502[06:19:52] <nvz> there are many other solutions
503[06:21:05] <gasull> ansimita: I try to avoid having packages that I need to update manually without apt.
504[06:21:33] <ansimita> gasull: ok
505[06:21:58] <nvz> you could at the very least if you insist on this due to "having to update manually without apt" have just setup a minimal testing/unstable chroot for neovim and ran it from there
506[06:22:20] <nvz> and not put your whole system in a potentially broken and unsupportable state for one thing
507[06:22:44] <nvz> if you couldnt be bothered to just use something like was already suggested, or backporting the package
509[06:23:45] <nvz> you are going to be in a world of hurt.. its not going to be just easily upgrading via apt for you in testing with the kinds of things you want to do
510[06:23:56] <nvz> not with the things that are on the horizon
514[06:26:51] <gasull> nvz: I do something similar, since what I'm using is a virtual machine. Maybe I should have said that from the start.
515[06:27:37] <Nautilus> anyone mind a dumb Q? I'm setting up a laptop to do some remote access while I take a short trip. I googled how to upgrade Strech to Buster and also have teamviewer running now. I can't figure out how to make a desktop icon for the later... tips for search terms or link appreciated.
516[06:28:08] <nvz> gasull: yes but still you are depending on this virtual machine for your productive development purpose.. you need not break the whole VM for one thing
517[06:28:21] <nvz> and you need not a whole VM just for this
521[06:29:59] <gasull> nvz: Do you have a link where it explains how to set up chroot? I've rarely used chroot.
522[06:30:54] <nvz> gasull: I could maybe find one, but setting it up involves two packages and they're fairly straightforward I sense you probably have enough know-how that if you install and look at the manpages for these two pakcages you'll get the idea.. debootsrap and schroot
523[06:32:17] <nvz> gasull: you use debootstrap to install a debian base into a directory, and configure schroot to that directory to run your apps easily. you can then just chroot into that directory and use apt like its a normal system, but there is no overhead of a whole other kernel and dedicated resources, and you need not install an entire system, only what is required for what you need to run in that version
530[06:39:40] *** Quits: Jerrynicki (~niklas@replaced-ip) (Remote host closed the connection)
531[06:40:05] <nvz> gasull: if you wanna wget that use replaced-url
532[06:40:36] *** Quits: akp55__ (~akp55@replaced-ip) (Remote host closed the connection)
533[06:41:08] <nvz> gasull: in that video in 5 minutes.. and I screwed up a few things.. heh.. so it took longer than it needed to.. but I on buster installed and ran neovim from bullseye
535[06:41:41] * nvz hasn't used debootstrap or schroot in a long time, and never used neovim
536[06:42:38] <nvz> but the point is, I illustrated by making a video and doing it in such short time, just how easy it is
537[06:43:08] <nvz> and why I get really annoyed when people put their whole system at risk making it harder for us to support, when there are dead simple alternatives
538[06:43:24] <ryouma> why does apt-get tell me to use apt autoremove, and then apt-autoremove does not do what it is supposed to do? replaced-url
539[06:44:47] <nvz> ryouma: it looks to me like you did the removal of those packages already
540[06:46:02] <gasull> Nautilus: I believe it depends on your desktop environment: Xfce, Gnome, KDE, etc. Find what's the desktop environment you're using and then ask in the appropiate channel, like #xfce. I don't think the question is offtopic here, but those channels know that kind of stuff better.
544[06:47:00] <Nautilus> gotcha, not even sure how to tell.
545[06:48:00] <Nautilus> ... tell which desktop en
546[06:48:05] <nvz> if you're asking how to create a desktop/menu entry its not really desktop specific
547[06:48:11] <nvz> !which de
548[06:48:11] <dpkg> To figure out which Desktop Environment you are using, open a terminal and type the following command: `echo $XDG_CURRENT_DESKTOP` see also <which dm> <which x>.
550[06:48:54] <nvz> various DE may have their own GUI means of doing so.. but the standard way to create either a desktop icon or menu entry, works across all DEs
551[06:49:25] <Nautilus> got it, LXDE
552[06:49:28] <nvz> either is done by creating a .desktop file
573[06:56:16] <nvz> MATE and XFCE are probably the easiest to configure with minimal installed packages, disk and ram usage and such
574[06:56:21] <gasull> nvz: I just watched the whole video. Thanks.
575[06:56:29] <Nautilus> probably tried MATE on a distro 10+ years ago, also GNOME and or KDE half that ago. Maybe as an occasional user I should consider those? eg: a UI with more user convenience?
576[06:57:05] <nvz> gasull: no problem. its a handy thing to know how to do.. schroot will even setup things like the xauth and crap so you can easily run X apps from within the schroot on the "host" xsession
577[06:57:41] <nvz> gasull: you can always chroot to the target dir and apt install whatever you want and run it with schroot
578[06:58:37] <nvz> gasull: and you can make as many of those as you like, to keep things cleanly self-contained, and easily duplicate them using just simple cp commands, so you dont screw up your working environment
597[07:08:09] <dpkg> extra, extra, read all about it, de usage is The HDD/RAM of the 7 DE on Stretch: GNOME 4.2G 726M, KDE 4.1G 604M, Cinnamon 3.7G 482M, MATE 3.1G 215M, LXQt 3.1G 184M, LXDE 3.0G 180M, XFCE 2.9G 226M. For Buster usage, package lists, and screenshots of the same see replaced-url
626[07:31:02] <nvz> Nautilus: well wicd is an entire network framework, its not only for wifi.. but yeah.. all the other 5 DE use network-manager, only LXDE and LXQt use wicd
627[07:32:32] <Nautilus> sheesh. Thanks again.
628[07:35:24] *** Quits: Tempesta (Tempesta@replaced-ip) (Quit: See ya!)
652[07:59:44] <somiaj> bigfluff: the virtualbox packages from oracle work just fine as well
653[08:00:18] <bigfluff> jmcnaught: this looks like it will do perfectly
654[08:00:40] <somiaj> due to oracle policy we cannot support the packages in debian, but many use it. I prefer qemu-kvm as it works great for linux vms and is native in the linux kernel (no thrid party module), but if you need to do various windows vms, virtualbox I think is still better (though my few windows vm run just fine)
655[08:01:01] <bigfluff> somiaj: yes, was just hoping to have one less repository to deal with + kernel mods etc
656[08:01:20] <bigfluff> sounds like we are about on the same page :)
659[08:09:54] <tohoyn> I get the following error in /var/log/messages: An active wireless connection, in infrastructure mode, involves no access point?
660[08:10:02] <tohoyn> and my network does not work
669[08:13:01] <tohoyn> nvz: I need to get the network working
670[08:13:18] <tohoyn> wifi does not start up
671[08:13:34] <nvz> tohoyn: perhaps you could be more specific? there are many different ways of doing this
672[08:13:56] <tohoyn> nvz: what information do you need?
673[08:14:00] <nvz> tohoyn: are you trying to use a desktop environment of some sort?
674[08:14:22] <tohoyn> I use gnome
675[08:14:32] <nvz> so network-manager then?
676[08:14:41] <tohoyn> yes, exactly
677[08:14:52] <nvz> you are clicking on the little icon and selecting an AP and its not connecting?
678[08:15:04] <tohoyn> the icon does not appear
679[08:15:12] <tohoyn> in the status row
680[08:15:30] <nvz> tohoyn: ok, well the icon not showing up could mean there is a problem with network-manager itself, check systemctl status network-manager
715[08:25:03] <nvz> tangarora: that would likely depend on how you configure your network
716[08:25:17] <tangarora> my network is static
717[08:25:25] <tangarora> no gui
718[08:25:26] <nvz> tangarora: using /etc/netowrk/interfaces ?
719[08:26:16] *** ChanServ sets mode: +o themill
720[08:26:20] <nvz> you can still be using any number of things without a GUI.. /e/n/i, countless cli/curses frontends for it, network-manager, wicd, etc..
721[08:26:21] <tangarora> yes, and setup in bridging mode
722[08:26:34] *** themill changes topic to 'Current Debian release is buster, 10.6 point release /msg dpkg 10.6; /msg dpkg buster; /msg dpkg stretch->buster; /msg dpkg apt suite changed | Stretch has limited LTS support: /msg dpkg stretch-lts ; /msg dpkg 9.13 | NO FLOOD: /msg dpkg paste | offtopic: #debian-offtopic | testing/unstable: #debian-next @ irc.oftc.net | chanlogs: /msg dpkg irclog'
760[08:34:18] <jmcnaught> tangarora: do you have archive.canonical.com in your sources.list on Debian? Not a good idea.
761[08:34:27] <somiaj> ,i resolvconf
762[08:34:29] <judd> Package resolvconf (net, optional) in buster/amd64: name server information handler. Version: 1.79; Size: 72.4k; Installed: 191k; Homepage: replaced-url
763[08:34:40] *** Quits: dez (uid92154@replaced-ip) (Quit: Connection closed for inactivity)
764[08:34:47] <darsie> I still get this error replaced-url
765[08:34:55] <tangarora> oops! wrong server...
766[08:34:58] <somiaj> tangarora: that is needed for both dns-nameservers in /e/n/i to work and it locks /etc/resolv.conf and won't let other things overwrite it
768[08:35:58] <somiaj> darsie: let the server know about the error, that is a server error, not client.
769[08:36:17] <tohoyn> nvz: it gives -rw-r--r-- 1 root root 1122 elo 19 11:30 /lib/systemd/system/NetworkManager.service
770[08:36:34] <somiaj> darsie: sometimes it is due to to many cookies on your end, but if clearing you crach doesn't help...but really even if it is due to cookie size on your end, they need to configure their server correctly.
771[08:36:39] <darsie> somiaj: I already reported it.
772[08:37:15] <darsie> Works on my FF on android.
773[08:37:17] <somiaj> darsie: not much we can do to help, I have had a few of my servers do that due to various proxies/settings that just need to be adjusted to deal with headers correctly and so forth.
774[08:37:59] <darsie> and it works for nvz.
775[08:37:59] <somiaj> sure it could be that the way the older client is sending information is problemmatic, and they may just not support esr 68 and you'll have to wait for the new esr to make it into stable in that case
776[08:38:04] <nvz> tohoyn: are you sure you didnt make a typo when doing systemctl status network-manager
777[08:38:19] <tohoyn> I try that again
778[08:38:29] <nvz> somiaj: yeah, it works here, sounds more like a local configuration or proxy type issue going on
779[08:38:31] <somiaj> as I mentioned it could be due to cache/header size/cookies due to their authentication method.
780[08:39:09] <somiaj> nvz: I have a server that works for most, but ocassinally it would fail for some users, and in all cases it was the server side not dealing with edge cases correctly (and the server logs should say what the error actually is)
784[08:39:42] <somiaj> my case is mostly due to openodic and authentication cookies, I had to increase various limits to make it not error out on some users (but it worked fine for most), and sometimes clearing cache/cookies fixes things
785[08:39:45] <nvz> somiaj: hmm, yeah.. the error is vague and idk what to make of the swipe crap they talk about
786[08:40:12] <somiaj> the error is server side (though it could be due to client side cookies/cache), but someone with access to the server logs would be needed to track down it in more detail
787[08:40:43] <nvz> I'd try as a new user or fresh profile in FF or something
791[08:41:42] <somiaj> apache is just a beast, and sometimes edge cases cause it to break for various reasons depending on modules being used, but we can only guess what some third party server is doing.
792[08:41:57] <jmcnaught> Firefox also has a "Safe Mode" restart with add-ons disabled button at about:support
794[08:42:59] <darsie> jmcgnh: "restart with addons disabled"?
795[08:43:14] *** FutureBrain is now known as CrystalMath
796[08:43:14] <darsie> jmcnaught:
797[08:44:08] <jmcnaught> Instead of keeping an empty Firefox profile around you can go to about:support in the Firefox address bar, there's a button to restart the browser with add-ons disabled, for troubleshooting purposes. It has a lot of other information on that page as well.
800[08:46:01] <jmcnaught> aliexpress.com is a huge site that likely has dozens or hundreds of servers, possibly in different geographic areas, possibly different servers for mobile vs. desktop browsers.
801[08:46:06] <tohoyn> nvz: I get the following response: Unit network-manager.service could not be found
802[08:46:38] <jmcnaught> tohoyn: what about "systemctl status NetworkManager" (spelled CamelCase)?
803[08:46:46] <nvz> tohoyn: are you typing exactly what I said?
804[08:46:55] <tohoyn> jmcnaught: please wait
805[08:48:12] <jmcnaught> anyways re: aliexpress the server error isn't going to happen for everyone or all browsers, but the problem is still on the server end.
806[08:48:32] <nvz> the service file /is/ NetworkManager.service but typing systemctl status network-manager shows that service on my system
807[08:49:09] <jmcnaught> there's a symlink in /lib/systemd/system on buster, not sure if it existed in earlier releases or what release tohoyn is using.
808[08:49:44] <tohoyn> jmcnaught: that command works
809[08:49:59] <tohoyn> but I can't use nc termbin now
810[08:50:12] <sunkan> Why are there so often new kernel versions being released now (like 4.19.0-9, 4.19.0-10, 4.19.0-11)? Is it just me that finds it a bit annoying having to cleanup old kernels as a step in patching a machine or am I doing things wrong?
811[08:50:12] <nvz> tohoyn: is the service active and running?
812[08:50:21] <nvz> tohoyn: are there any errors shown at the bottom?
813[08:50:28] <jmcnaught> tohoyn: you cannot use nc because you have no network connection?
822[08:52:36] <jmcnaught> tohoyn: "systemctl status NetworkManager" (as root) will tell you current status and most recent few journal entries. You can also "journalctl -u NetworkManager" to look at the journals/logs of just NetworkManager. Look for errors, or pastebin it if you can.
823[08:52:54] <nvz> jmcnaught: the backstory on this issue is that they say after fooling with bluetooth, idk what that means exactly, their wifi is no longer working and they have no network icon in the panel anymore and got an error in /var/log/messages An active wireless connection, in infrastructure mode, involves no access point
824[08:53:17] <nvz> for all I know at this point they've not even restarted since this issue had occured
834[09:06:03] <alex11> sunkan, as far as i know, two reasons, 1) security fixes in a kernel branch 2) new releases in a kernel branch such that the old one can't be supported anymorer
835[09:06:04] <alex11> anymore
836[09:07:31] <alex11> not that you'd want to support it; even if there were no security fixes i think most people would want an updated kernel in that branch
837[09:07:44] <alex11> debian does have non security fixes
841[09:08:52] <sunkan> alex11: I'm just used to the stable versions having very rarely not updated the same kernel package previously, now it seems to be that almost for every point release there is a new kernel version.
843[09:09:29] <alex11> i'm not sure how that works out, i assume it's just new upstream releases rather than debian deciding to update it in the point release
845[09:10:08] *** Joins: mezzo (~mezzo@replaced-ip)
846[09:10:49] <sunkan> There is probably a good reason for why it is behaving like it is now. But I wonder if there should not be some automatic purging of the 3rd oldest and older kernels.
847[09:11:24] <alex11> oh, yeah, i can see it's frustrating if it takes up space and you're not consciously looking out for it
848[09:11:38] <alex11> you can run apt autoremove but i can see how you'd forget it (the 3rd kernel) exists
849[09:12:35] <sunkan> I'm thinking of new linux users as well, they may not be able to understand what to do when /boot becomes full during an update. But hopefully they will have a single / filesystem instead of a separate boot.
852[09:15:19] <sunkan> Also if 'apt autoremove' is run before the new kernel is installed it will not recommend a removal. I have a few old installations with small /boot that can't store three kernels at the same time, but I normally update "manually" using aptitude and take care of it there.
853[09:16:06] <sunkan> But I'm just about to update some machines using ansible and come to think of this again, will be trying the autoremove option there to see how it works.
854[09:16:22] <alex11> you can always file a wishlist bug but i'm not sure what the project would decide to do
857[09:19:09] <sunkan> I'm a bit skeptical to what the results would be. But I was also wondering if there was some old habit I have that cause the situation to arise, but I guess it is not and I will continue with the procedure as I'm used to.
861[09:20:36] <nvz> I too have systems with the same situation, and I've had the errors builting initrd when it gets full.. but I know how to deal with it and manually remove old kernels
863[09:21:39] <nvz> it is perhaps a somewhat concerning issue as default settings for using encryption will land you with a rather small /boot thats unencrypted and only large enough for about 3 kernels
864[09:22:00] <sunkan> I also have no problem dealing with it, but I'm afraid of less experienced people may end up in unnecessary problems.
870[09:23:57] <sunkan> And the EFI partition is of course not encrypted either if EFI is being used.
871[09:25:15] <nvz> sunkan: well to further compound your point about inexperienced users the bootloader no longer by default shows the old kernels, they're in a submenu Advanced boot options for Debian.. or something
872[09:25:30] <nvz> most users wouldnt even think to look in there to boot an old kernel if the new one failed to fully install
877[09:28:14] <sunkan> Agree, although at least 'apt' will mention that autoremove will remove these packages for you if you run it. But I think a real prompt for the kernels specifically could be a good addition to that.
878[09:28:22] <nvz> or the kernel team could have a check in the scripts postinst to make sure it succeeds and if not, due to out of space..
879[09:28:39] <sunkan> Maybe the graphical UI's have different semantics, I rarely use them so I don't know.
880[09:29:25] *** Parts: darsie (~kvirc@replaced-ip) ("No boundaries on the net!")
904[09:43:02] <sunkan> It seems that is used to "protect" the two latest kernels from being autoremoved. But is there anything that calls autoremove automatically?
905[09:43:13] <genr8_> perhaps not.
906[09:43:51] <sunkan> I mean it works, but it requires the user to run "apt autoremove" after updating the system.
907[09:44:06] <genr8_> it does tell you to do that
910[09:48:20] <sunkan> Yes, but it may be easy to miss for someone not used to looking for additional tasks after updating the system. And it is not consistent as with aptitude it does not show, and with apt-get I don't know if it mentions it or not.
911[09:49:07] <genr8_> apt-get and apt are nearly identical so it does
912[09:49:30] <genr8_> aptitude is meant for doing specific things
913[09:49:54] <sunkan> Ok, I can also understand that aptitude is more of an advanced tool so may require more knowledge of the user.
914[09:50:38] <genr8_> a /boot space check would be more useful
915[09:51:40] <sunkan> Yes, that may be the main point. If that could be checked in advance it would be possible to inform about removing old kernels before running out of disk space in /boot
916[09:51:48] <alex11> i agree though, i recently autoremoved a kernel but i happened to already know it was there
922[09:55:23] <genr8_> or maybe its time to stop recommending 256mb boot partitions in the installer, either bump it up to 512 or split the difference with 384
973[10:29:22] <leventel> the host is running on centos
974[10:30:22] <leventel> I've binded the directory as a volume which contains the certs
975[10:30:51] *** Quits: Sigyn (sigyn@replaced-ip) (Quit: i've seen things you people wouldn't believe. spam bots on fire off the shoulder of sigyn. i watched k-line beams glitter in the dark near the Tannhäuser Gate. all these moments will be lost in time, like tears in rain. time to /die)
976[10:30:54] <leventel> first I tried /usr/local/share/ca-certificates, but then update-ca-certificates did nothing
993[10:35:02] <genr8_> the webserver should provide the intermediates
994[10:35:13] <genr8_> the root should be all thats placed into the host store
995[10:35:41] <genr8_> you'll have to extract the root and make it its own file. use openssl
996[10:36:30] <leventel> ok, so I shouldn't edit the files with vi
997[10:36:37] <genr8_> no
998[10:36:45] <leventel> :)
999[10:37:17] <genr8_> i have this command in my history, its a start. this will print whats inside it. openssl x509 -in /etc/ssl/certs/Cybertrust_Global_Root.pem -inform PEM -text -noout
1000[10:38:39] <genr8_> i forget what command line options you need to split them up. openssl x509 --help
1001[10:38:46] <sunkan> I noticed that unattended-upgrades can autoremove the old kernel automatically. Had not noticed that before, am not using unattended-upgades that much but for some hosts it is perfectly fine.
1002[10:40:38] <genr8_> leventel, hmm i dont see the option. time to google stackoverflow
1003[10:41:25] *** Quits: zapatista (~zapatista@replaced-ip) (Remote host closed the connection)
1004[10:41:32] <genr8_> sunkan, that works then. I always remove u-a myself
1014[10:50:22] <leventel> genr8_: thanks for your help, I have to look into this deeper
1015[10:50:30] *** Quits: Immanuel (~Manu@replaced-ip) (Ping timeout: 272 seconds)
1016[10:50:42] <sunkan> oxek: That is what happened on the server I looked at, and I have no problem with that. The question as I see it is whether it should happen automatically in more places.
1022[10:53:16] *** Joins: Immanuel (~Manu@replaced-ip)
1023[10:54:07] <sunkan> oxek: When updating the linux-image-<arch> causes it to pull in a new kernel maybe?
1024[10:54:52] <sunkan> oxek: I mean in a more general way, and not just prompting the user to run 'apt autoremove' as that may be easily missed by a less experienced user.
1029[10:56:21] <sunkan> oxek: But as was mentioned a while ago maby some better checks for disk-space in /boot before trying to install a new kernel could be an option.
1056[11:17:22] <genr8_> instead of /etc/kernel/postinst.d/apt-auto-removal , you could have a preinst.d. nothings actually in that folder.
1057[11:19:21] <genr8_> im not sure if the pre-inst script returning an error propagates up to apt so the package installation just stops, or if it just means the script failed silently.
1085[11:38:10] <oxek> Onyx47: limit to 3 - does that mean they automatically remove older kernels, or just mark them for autoremoval and expect the user to run apt autoremove?
1090[11:44:16] <Onyx47> I think they remove them, at least I don't remember ever having a problem with /boot partition size, nor the ability to select more than 2 kernels back in GRUB
1091[11:44:38] <Onyx47> not that it has been a good few years since I ditched Mint so I'm working from memory here
1172[12:54:04] <ratrace> why are there even different upgrade actions? under which circumstances would someone want to refuse full-upgrade if that comes as a reuquirement of security or bugfix during a release
1174[12:56:00] *** webmind- is now known as webmind
1175[12:56:02] <ratrace> I mean, there's no alternative, not like you have a choice. there's that one upgrade that has to remove a package. you can't get the upgrade without removing the package. so why wouldn't it all be handled by single upgrade action
1176[12:56:04] <themill> Allowing apt to remove packages runs the risk that the solution it picks is "remove almost everything" rather than "upgrade almost everything but keep ths package back"
1179[12:56:34] <ratrace> themill: sure, but why does it have to be a separate action
1180[12:56:41] <themill> so that you get to choose
1181[12:56:47] <themill> you *have* to be able to choose
1182[12:56:52] <ratrace> choose what exactly?
1183[12:57:05] <themill> Whether removing packages is acceptable or not at that point intime
1184[12:57:09] <ratrace> if an upgrade needs to remove a package, and wants me to full-upgrade, do I have a choice to do the upgrade without removal?
1185[12:57:35] <ratrace> themill: oh but that can be done through a yes/no prompt like we already have if more than one pacakge is to be touched and -y wasn't used
1186[12:57:41] <themill> If you wish to run sid, for instance, you'd typically run "upgrade" then follow that with a "full-upgrade" and decide whether the removal or not is a good idea
1187[12:57:51] <ratrace> the part I don't understand is why it needs to be a separate apt verb
1188[12:58:07] <ratrace> but we already have modifiers like --no-install-recommends
1189[12:58:22] <ratrace> so having full-upgrade instead of apt upgrade --do-full (or whtev) is confusing to me
1190[12:58:36] <themill> there are modifiers for this too; having to type in an essay rather than a separate verb is not welcome when this is needed so much
1195[12:59:24] <themill> Your argument is a bit like "why does aptitude have -R when --without-recommends is already there, we should get rid of all the short forms"
1196[12:59:32] <ratrace> does the 1.2 seconds needed to type up an --extra-flag justify the confusion with multiple verbs? esp. when there's also difference in verbiage between apt and apt-get....
1197[12:59:40] <themill> If you're running testing or unstable, daily.
1198[13:00:30] <Haohmaru> can linux be NOT confusing?
1199[13:00:34] <ratrace> I don't think what I'm saying here compares to short vs long flag forms
1200[13:00:34] <themill> There isn't really confusion btw. It's not as complicated as you're making it out to be.
1202[13:01:15] <ratrace> it's not complicated. once you read the manpage, the difference is understandable. I was just wondering why's there different actions to begin with since conceptually that's just a modifier to otherwies regular upgrade
1203[13:01:25] <ratrace> and apparently new users do find it confusing
1206[13:02:10] <ratrace> Haohmaru: I'd just like to interject for a moment...
1207[13:02:35] <themill> We'd just end up having to explain that sometimes a security update needs "apt upgrade --some-extra-essay-to-allow-removals" and sometimes it doesn't. The complexity wouldn't be gone.
1208[13:03:08] <ratrace> or have apt upgrade to everything, removals included, and have a --flag that prevents it, since that I thin kwould be exception, rather than a rule
1209[13:03:17] <ratrace> (to prevent a removal for a needed upgrade)
1210[13:03:58] <ratrace> esp. if you run testing and sid, you've signed the contract whre you expect that to happen often :)
1211[13:04:03] <themill> no, that would be very unwelcome. If you're running anything other than (old)stable or you get your pinning wrong, you'd end up with a mess
1212[13:04:15] <themill> also, changing the meaning is a no-go.
1213[13:04:32] <Haohmaru> i hadn't heard that "a security upgrade can require packages to be removed"
1214[13:04:39] <ratrace> now, after all these years, I suppose it's a no go yes, POLA violation and all that
1226[13:07:20] <themill> I haven't used synaptic in years, but once upon a time its default action was dist-upgrade. It was great for breaking installations.
1227[13:07:35] <Haohmaru> *shrug*
1228[13:07:45] <ratrace> debian is very fragile, that way
1234[13:08:57] <Haohmaru> and i've rarely used "apt-get" by hand to install dumb things which i know the names of
1235[13:09:18] <ratrace> themill: thing is, if a I get a package upgrade in stalbe that wants to remove somethign, I'm none the wiser whether I should or shouldn't accept it, and I assume that's what's intended to be
1236[13:09:22] <Haohmaru> most of the time, i wanna browse the stuff and click around and read descriptions and search and see screenshots..
1239[13:09:58] <ratrace> of course, I'd test such upgrades before production, but I'd have little datapoint as to whether I should or should not accept it, other than knowing for a fact that some application I use or wrote myself, needs that particular version that's slated for removal
1240[13:10:18] <themill> ratrace: it could also be because of a misconfiguration on your part or something odd with a 3rd party repo or …; that's why you read the DSA as it will normally say if special action is required.
1268[13:45:26] <rootkea> Hi! I just installed Debian 10.6.0 amd64 xfce. But then after installation when I rebooted the machine, Debian boot failed with message "Failed to start Cryptography setup for luks-*". screenshot: replaced-url
1270[13:46:23] <rootkea> journalctl -xb shows "systemd-cryptseup: Failed to open key file" followed by "systemd-cryptseup: Failed to activate with key file '/crypto_keyfile.bin': Invalid argument" screenshot: replaced-url
1271[13:47:01] <rootkea> A day before yesterday I installed 10.5.0 and on first reboot it showed the same error message.
1272[13:47:28] <rootkea> How do I login in freshly installed Debian? Thanks!
1273[13:47:55] <rootkea> I chose to encrypt /home at the time of installation
1276[13:48:35] <JyZyXEL> i don't think systemd still supports crypttab keyscript=
1277[13:49:01] *** debhelper sets mode: +l 1147
1278[13:50:05] <rootkea> JyZyXEL, As an user I ticked "encrypt" and supplied the passphrase at installation and expected to be welcomed by freshly installed OS...
1283[13:51:30] <rootkea> JyZyXEL, umm how do I do that? FWIW root account was disabled. I enabled it using init=/bin/sh grub parameter and then setting the passwd
1299[13:58:04] <rootkea> JyZyXEL, what is "lukshome"? Is that a random name?
1300[14:00:08] <JyZyXEL> name under which the resulting decrypted device will be mapped to
1301[14:00:54] <rootkea> JyZyXEL, Anyways, I executed that command and it says "Failed to open key file"
1302[14:01:17] <JyZyXEL> does the key file exist? can you read it?
1303[14:01:31] <rootkea> And also `ls -a /` doesn't show crypto_keyfile.bin
1304[14:01:54] <JyZyXEL> well there's (one) of your problems
1305[14:02:51] *** Quits: tmm88 (~tmm88@replaced-ip) (Quit: Lost terminal)
1306[14:03:11] <rootkea> JyZyXEL, Installer asked me to encrypt or not. I checked "encrypt" and then supplied the passphrase. Clearly something is broken with the installer.
1319[14:07:29] <ratrace> also I dont recall debian using systemd crypto anything. debian has its own initramfs tools for that, based around crypttab and keyscripts. did anything change there recently? by recently I mean buster and onward?
1321[14:09:47] <rootkea> ratrace, I created /crypto_keyfile.bin as you suggested and then again cryptseup open which succeeded I think since no errors.
1328[14:12:11] <JyZyXEL> ratrace: systemd handles crypttab entries as well
1329[14:12:49] <ratrace> JyZyXEL: yea I know, but the question is how it's set up. looking at my setups, indeed I have to explicitely shush systemd so initramfs-tools only utilities are used
1330[14:12:50] <JyZyXEL> i think initramfs only opens cryptroot and the targets with "initramfs" option set
1331[14:13:04] <ratrace> ie. luks.crypttab=no in kernel options
1332[14:13:25] <ratrace> JyZyXEL: yes, that's some bug somethign something, but iirc installer does it.
1333[14:13:46] <ratrace> haven't used encryption from installer in a while, I almost always use debootstrap to install debian, so I could be wrong about its defaults.
1334[14:14:04] <ratrace> I do know, as you suggested, that systemd crypttab support is very lacking, esp. with keyscripts
1335[14:14:52] <JyZyXEL> i've been using debootstrap and chroot exclusively for very long also
1342[14:21:06] <ratrace> I'm not really sure what constructed that crypttab, I don't recall the installer being that dumb
1343[14:21:21] <JyZyXEL> that crypttab is missing the <key file> column
1344[14:21:48] <JyZyXEL> the third field should be the key file path
1345[14:21:51] <Haohmaru> the cat stole the key
1346[14:21:53] <ratrace> but... rootkea .... if it works now, don't touch it. otherwise you could replace that /crypto_keyfile.bin with none and drop the ,keyscript=/bin/cat option
1347[14:22:03] <ratrace> update-initramfs -u to update
1348[14:22:24] <ratrace> BUT ..... $1M question...... WHERE is that crypto_keyfile.bin located? in unencrypted /boot ?
1356[14:27:50] <rootkea> ratrace, I'm sorry but this is not what was intended at all. It doesn't ask for passphrase to decrypt /home. I think explicitly creating /crypto_keyfile.bin bypasses that.
1358[14:28:59] <ratrace> rootkea: well if you do as I said, removed keyfile and put "none" (no quotes) in the column, and removed keyscript, it's gonna ask for passphrase. might need to add "initramfs" (no quotes) option to crypttab, so it unlocks on boot
1361[14:29:40] <ratrace> because right now if that keyfile is on a plaintext device like unencrypted rootfs or /boot .... that encryption is completely useless
1363[14:30:41] <ratrace> I missed the part whre you said only /home was encrypted. I alwyas do FDE, not individual partitions, so I can't tell what other traps there are if the installer did _this_
1395[15:04:41] <bluesmith> hey guys, just installed emacs and wanted to try it out but the built in manual isn't available, how can I fix this? I'm on i386 arch
1396[15:06:07] *** Joins: Immanuel (~Manu@replaced-ip)
1397[15:06:22] <bluesmith> I got this error on the message buffer "user-error: Info file emacs does not exist"
1398[15:06:40] <greycat> ,file emacs.info
1399[15:06:46] <judd> Search for emacs.info in buster/amd64: wml: usr/share/wml/data/logos/logo-xemacs.info; elpa-notmuch: usr/share/emacs/site-lisp/elpa-src/notmuch-0.28.4/notmuch-emacs.info
1400[15:07:00] <greycat> *shrug* I tried
1401[15:07:20] <greycat> ,file emacs.info.gz
1402[15:07:24] <judd> Search for emacs.info.gz in buster/amd64: xemacs21-support: usr/share/info/xemacs21/xemacs.info.gz; emacs-common-non-dfsg: usr/share/info/emacs/emacs.info.gz
1403[15:07:38] <greycat> ok, that looks promising. try installing emacs-common-non-dfsg
1411[15:14:17] <bluesmith> greycat judd emacs-common-non-dfsg does not exist for my architecture
1412[15:14:24] <greycat> It's probably in non-free.
1413[15:15:00] <rootkea> ratrace, I deleted explicitly created /crypto_keyfile.bin, set <password> to "none" and removed "keyscript=/bin/cat" from <options> as you suggested and now Debian asks for passphrase to decrypt /home on boot! Thanks!
1414[15:15:02] <bluesmith> I only want to use main, guess I'll just get the pdf manual
1415[15:16:09] <rootkea> ratrace, But now I feel like this needs to be reported as we surely don't want user to jump these hoops to login in freshly installed Debian...
1416[15:16:36] <oxek> rootkea: you're the first to report this in a year of debian 10
1447[15:24:56] <rootkea> oxek, Please let me know if you want me to reinstall fresh (creating fesh partition table and partitions etc) and write all the steps I take.
1454[15:29:38] <rootkea> fireba11, I netinstalled on my own machine but this was friend's which I wanted to set up quickly hence the xfce iso instead of standard. :)
1457[15:30:59] <dpkg> Congratulations, dvs! You have won a one way ticket to Gaza!
1458[15:31:08] <dvs> damn!
1459[15:31:18] <ratrace> the installer from ISO doesn't have such options (gpt, keyfile, ...) you have to use manual partitioning to set up encrypted /home only ... is -live using some other installer?
1462[15:32:31] <rootkea> select "manual partitioning" then create GPT partition table and then create partitions. While creating /home select "encrypt" and set the passphrase.
1463[15:33:14] <ratrace> there aren't such options in the netinst ISO installer. is -live using some other installer?
1464[15:33:54] <ratrace> or maybe that's bullseye and not buster?
1467[15:34:50] <ratrace> well I'm looking at the 10.5 installer right now. I can't find where to do GPT instead of MBR partitioing.... maybe I'm blind...
1499[15:45:25] <ogo> what is the debian way of installing pycharm (python IDE)?
1500[15:45:58] <ratrace> ogo: I download the tarbal and unpack it in /opt/pycharm/pycharm-version , then symlink pycharm.sh to ~/bin/pycharm
1501[15:46:16] <ratrace> ogo: if you dislike that, you can use the snap, or flatpak if it exists.
1502[15:48:15] <ogo> ratrace, i suppose i wiil try unpacking the tarball, would it then just link the right library paths for already installed python packages?
1503[15:49:18] <ratrace> ogo: to run pycharm, it only needs java and it comes with its own jre. once run, the IDE manages python venvs, lib paths, per project, globaly, etc....
1504[15:49:37] <greycat> ... java?
1505[15:49:41] <ratrace> java
1506[15:49:48] <ratrace> it's a intellij based IDE
1516[15:54:21] <dpkg> The Debian Live project provides pre-built Debian live system images and allows creation of your own. NOT recommended for installing Debian. Live images are available from replaced-url
1517[15:54:35] <oxek> nobody spotted it because nobody uses -live to install debian, and even fewer choose to manually partition and pick encryption for /home
1518[15:54:40] <greycat> you could ask them how to report the bug in the most useful way
1533[16:02:00] <ogo> right now my set up is a mess: i have *.deb python libs, pip libs and even an installation of anacond. all because each tutorial i read suggests a different way
1534[16:02:03] <ratrace> ogo: virtualenvs are better for beginners because they're isolated environments (for python dependencies, libs, paths)
1588[16:35:18] <ratrace> ogo: python-pip-whl is pulled in by virtualenv
1589[16:36:23] <ratrace> but `virtualenv` only installs initial pip in the venv. you can then further pip install -U pip to upgrade it from pypi in the venv
1591[16:37:15] <ratrace> (hence the -whl, that is only the wheel version for using pip inside venv)
1592[16:39:24] <ogo> ratrace, thanx. then i will unpack the pycharm tarball in /opt and after that if i need additional python package i shouldn't use pip from linux command line, i should only use pip from isnide the virtual env. is that right?
1593[16:41:13] <ratrace> ogo: yes. pycharm has the ability to create and install into virtualenvs, from Project settings
1602[16:44:53] <ratrace> ogo: please do, but in short, virtualenvs are just directories inside which the python interpreter and its libs and _modules_ are installed. think of it as "chroot" but for python projects.
1603[16:45:24] <ratrace> when you "activate" it, you essentially alter your PATH so that `python` refers to the binary inside that dir, and not the system python binary. that binary inside the venv dir is built to always refer to libs inside that dir
1604[16:46:05] <ratrace> you can link to system python modules with --system-site-packages, but I always prefer to keep them fully isolated, thus --no-system-packages (which is default)
1605[16:46:38] <ratrace> important to note is that a venv is only a PATH alteration, so `python` and any `import` statements in it, will refer to modules in that venv
1607[16:47:17] <ratrace> that way you can keep multiple python versions and package versions and module versions and everything else, isolated between projects, each in its own virtualenv. now go read about it for all the juicy details and traps
1611[16:48:04] <ws2k3> im trying to unmount a filesystem. but i keep getting target is busy im trying to find out which proces this might be. lsof en fuser did not show anything usefull. any other things i could try?
1629[16:56:12] <ws2k3> ratrace: no as far as i can see no submounts the same block device is mounted on multiple locations but i think that should not matter?
1630[16:57:03] <ratrace> dunno, depends I suppose. can you be more precise? what filesystem, what kind of bind mounts are there, etc...
1631[16:58:13] <ws2k3> ratrace: its a /dev/drbd0 mounted onto /storagegl-bilder
1632[16:58:31] <ws2k3> ratrace: the /dev/drbd0 is mounted on multiple locations on the fs. but that should not matter i think
1641[17:03:22] *** Lord_of_Life_ is now known as Lord_of_Life
1642[17:03:32] <ws2k3> derpadmin: unfortunaly its in production
1643[17:04:37] *** Quits: horribleprogram (~horriblep@replaced-ip) (Quit: Where I came from the Great Wild 'n shit, where you can get shot if you crack smiles and shit...)
1644[17:04:56] <derpadmin> ws2k3, I have the feeling the process is using the mount
1664[17:14:05] <greycat> Depends on how you log in. ~/.profile only works for shell logins, and MAYBE wayland sessions, because someone told me wayland uses it, maybe possibly.
1672[17:17:09] <codedmart80> I am trying to use my jaybird bluetooth headphones. I want to use the mic as well. If I use HSP/HFP it seems to work for both, but the audio is horrible. If I select a2dp playback the audio sounds good, but it uses the internal laptop mic. If I select a2dp capture in the mic settings the output goes to the laptop speakers.
1678[17:19:52] <bluesmith> just installed emacs a while ago and after "apt remove emacs" and autroremove it's still there even after a reboot, why is it not uninstalling or how can I completely remove it? I even reinstalled it and did a purge but nothing changed
1699[17:24:38] <greycat> what do you mean by "illegal software"?
1700[17:24:54] <oxek> software under a free license, but considered illegal in some country
1701[17:25:01] <greycat> the non-US section was for that
1702[17:25:06] <greycat> !nonus
1703[17:25:07] <dpkg> Non-US is where we placed software previously unable to hosted within the USA. Changes in legislation mean that post-<Woody>, there is no non-US, so you don't need it for Sarge, Etch, Lenny, Squeeze, Wheezy or later. Ask me about <crypto> and <crypto in main>. Old non-US packages (for slink, potato, woody) are at archive.debian.org. replaced-url
1704[17:25:30] <greycat> if it becomes an issue again, I suppose you'd talk to the Debian developers about reactivating it
1705[17:25:50] <oxek> I remember the old crypto issues
1706[17:26:29] *** Quits: bluesmith (295135ad@replaced-ip) (Remote host closed the connection)
1708[17:26:42] <EdePopede> exporting the PGP book and returning it to digital with the help of volunteers...
1709[17:27:28] <oxek> as a purely hypothetical scenario, imagine it becomes illegal to distribute software that uses the word 'wine' in sweden. What would debian do?
1710[17:27:45] <EdePopede> and now there are 16 DVDs with binaries. btw, i've seen there's a USB-16G image, couldn't see how much of these 16 in included?
1714[17:29:08] <oxek> so would debian rename the package and other references to 'wine', and distribute this version, or would debian say "not our problem" and keep on having 'wine'
1715[17:29:10] <ratrace> also define "distribute in <country>"
1716[17:29:38] <greycat> You have too much god damned free time.
1717[17:29:38] <EdePopede> could debian be forced to block downloads to a particular country?
1718[17:29:39] <oxek> I don't know how to define it well, so I imagine something like those crypto issues in USA back then
1720[17:30:04] <oxek> greycat: got fired last monday, so I have plenty of time
1721[17:30:23] <ratrace> and define "debian" :) do you mean the Foundation? because the Foundation cannot be responsible if someone downloads from, say, USA servers something illegal in their specific country
1722[17:30:46] <EdePopede> reminds me of the discussion on age restricted TV programs. works fine as long the provider uses geo restriction to block general spreading, but having block lists for individual countries? no chance.
1723[17:30:53] <ratrace> they could use a VPN so no technical or reasonable measures could be done by anyone to prevent that.
1724[17:30:55] <oxek> hmm, define debian, I guess whatever is on official debian repositories in main
1726[17:31:45] <EdePopede> they could cause trouble for those who run the servers in sweden maybe. but more, i don't think so.
1727[17:31:46] <ratrace> oxek: there can be no such obligation or legal requirement
1728[17:32:24] <oxek> ratrace: that's why I said hypothetical scenario where sweden introduces such legislation. Would debian comply or not care?
1729[17:32:45] <ratrace> it's very important to know where does the police come aknockin' . so if Swen is hosting a .se mirror, physically in .se, then police come knockin on his door.
1730[17:33:12] <ratrace> they can't come knocking on a .de mirror door and the Chef can VPN "illegal" stuff from the .de mirror, so you get the point
1731[17:34:07] <oxek> so to take it back to the original question, debian has no issue having illegal software packages in its official repositories, as long as they adhere to DFSG?
1732[17:35:03] <joepublic> still depends on definitions.
1733[17:35:29] <oxek> you're right, I'd need to define it really well, and I don't feel like doing an exercise in formal logic right now
1734[17:35:36] <ratrace> oxek: take it this way. right now many software packages in debian repo are violating a number of patents. who do the trolls come after?
1735[17:35:44] <jhutchins> EdePopede: The laptop has no mechanism to control the TV at all. Casually surfing both the laptop/internet and the TV, I just keep absent-mindedly trying to use the laptop keys instead of the remote.
1736[17:35:46] <joepublic> illegal software. Software that cracks medical equipment to kill children? Probably not ethical, probably not included. Free software that some country frowns upon? Not an issue.
1737[17:36:21] <jhutchins> Similar to when I'm using either my phone or my tablet and the laptop at the same time and try to use touchscreen gestures on the laptop.
1738[17:36:43] <ratrace> oxek: it's not formal logic but jurisdiction. "Debian" is abstract. so one must mean the foundation or whatever the body responsible for hosting repository X, but if you shut it down, it'll just crop up in another domain, in a country where it's not illegal, so round and round we go
1744[17:37:37] <joepublic> point taken and thank you.
1745[17:37:37] <EdePopede> jhutchins: then i only hope you took precautions related to the iron ;)
1746[17:37:40] <teo7> Hi, I'm on Debian stable (then I also tried testing) and the PC audio hears much lower than it did on Windows. In my opinion, about half. My de is gnome, and the audio server pulseaudio, so I tried this guide -> replaced-url
1747[17:37:50] <ratrace> jhutchins: hashcat can be used to crack medical equipment to kill children. is it illegal?
1749[17:37:52] *** Quits: Prints (~333@replaced-ip) (Ping timeout: 260 seconds)
1750[17:37:55] <ratrace> (it's in the repos too)
1751[17:38:06] <teo7> In the paragraph "sound level is low or ..." but adding the line "flat-volumes = no" in that file, nothing has changed. How can I try?
1754[17:39:31] <EdePopede> ratrace: it is not originally meant for this explicite action. like this package changing your PC into a media center isn't illegal, but that one addon that used torrents to download everything... while as the same time also seeding, how surprising for some of its users :o
1759[17:40:22] <jhutchins> ratrace: You can not outlaw an idea.
1760[17:40:32] <EdePopede> and all this legal shit has the same effect like time travelling... breaks away all sanity from language while creating really bad headache.
1761[17:40:33] <ratrace> jhutchins: right. and I mistabbed, that was for joepublic. neway, offtopic.
1780[17:50:45] <asterismo_l> i created partitions at the end in both disks without format, and created a new md array
1781[17:50:58] <CtrlC> I tried adding "options snd-hda-intel model=MYMODEL" to /etc/modprobe.d/alsa-base.conf and now there's a headphone mic detected but it doesn't record anything.
1782[17:51:22] <CtrlC> It seems like debian is no longer using alsa-base package.
1783[17:51:38] <asterismo_l> now when i try to format the new array, it says there is no partition table, that i must create one. Will this delete the disk original partition table?
1784[17:51:53] <asterismo_l> will the system be able to boot after that?
1799[17:55:39] <Mazhive> jhutchins i am getting some headcache why one preseed line works add a second , the first doesnt seem to work any more and the second one is not applied
1800[17:58:15] <CtrlC> Even when I disconnect the jack it still lists a headset mic!
1802[17:59:08] <Mazhive> jhutchins: very frustrating because the check does not seem to regocnize the error so in order to check it i have to run the whole procudere on a vm , the install takes about 10 miuntes so every change i have to wait 10 minutes to see if it is applied
1805[18:01:41] <ratrace> asterismo_l: alright, and md0 is still resilvering. k, better leave it finish so you have redundancy before you start using it. also, backups are assumed. now, what's the problem exactly here? what's "format new array" means?
1817[18:04:53] <ratrace> that doesn't say anything, in context of whether you dd'd sdX, mdX or lvX "disks"
1818[18:05:02] <asterismo_l> sda
1819[18:05:15] <asterismo_l> and then recreated the raid
1820[18:05:56] <asterismo_l> anyway, the situation is that now i have unused space at the end of each disk, that i tried to format as a new raid1 array
1821[18:06:03] <asterismo_l> that is raid127 shown
1822[18:06:23] <asterismo_l> but i cannot format it to ext because it says there is no partition table
1823[18:06:36] <ratrace> asterismo_l: how are you trying to "format" it?
1824[18:06:37] <asterismo_l> i assume the partition table is the one y cloned from 500GB disks
1825[18:06:52] <asterismo_l> i formatted them using gparted each as no format
1826[18:06:55] <ratrace> you have nested partitions, that's a rather very convoluted setup you have there
1827[18:06:58] <asterismo_l> and created the array
1835[18:08:07] <ratrace> but..... I'd stop and rework that entire thing, it's abomination. you have primary partitioning in sdX1 and sdX2. then you joing sdX1 into md, which is partitioned (!!) and then one of those is a LUKS which is actually a volume group
1836[18:08:14] <asterismo_l> mkfs.ext4 that wont break any of the prior partitions right?
1837[18:08:53] <ratrace> mkfs.ext4 /dev/md127 should not touch other devices, like /dev/md0, or the GPT atop of that, or the luks device, or the volume group atop of that
1838[18:09:09] <asterismo_l> the encrypted LVM is what the debian installer did automatically
1839[18:09:32] <ratrace> but you partitioned md which is on partitioned sd{a,b}. that's just..... wrong.
1842[18:10:36] <ratrace> copy data to backups and reconsider the layout. why do you want two arrays? can you have one mirror atop of which you run luks atop of which you run LVM and then "partition" the LV into whatever you need?
1844[18:12:51] <tralala> after an upgrade to 10.6 the fan on my intel nuc works non-stop. Before that it was only working when the system was under load. Any ideas how to debug that?
1845[18:12:54] <ratrace> asterismo_l: a saner layout would be: sda1, sdb1 => bios_grub sda2,sdb2 => /boot ext4 sda3,sdb3 => md0 raid1 md0 => LUKS md0_crypt => LVM for lv_root, lv_swap, lv_vm
1859[18:19:49] <ratrace> tralala: (h)top run as root will show you the running processes and their states. with htop you can sort by io. also check iotop.
1894[18:27:25] <greycat> look at the actual processes
1895[18:27:38] <vincent-> Is there anyone using systemd-resolved and setting a search domain? On Debian Buster I'm setting "Domains=mydomain.com" in "/etc/systemd/resolved.conf". The output of "resolvectl" shows "DNS Domain: mydomain.com" and it even added a "search mydomain.com" to the "/etc/resolv.conf" (which is by the way a symlink to "/run/systemd/resolve/stub-resolv.conf"). With that, I can ping "myhost.mydomain.com" but I cannot ping just "myhost". The search
1896[18:27:38] <vincent-> domain is not being used to auto-complete the single-label host name.
1901[18:31:02] <ratrace> vincent-: what does grep hosts /etc/nsswitch.conf say?
1902[18:31:42] <tralala> greycat, the top cpu users are emacs, Xorg and the strange one is "Web Content"
1903[18:31:52] <ratrace> tralala: that's firefox
1904[18:32:33] <greycat> some browser, at least. gnome, firefox, whatever. and yes, I can absolutely envision a web browser tab churning 0.20 load average for all eternity
1909[18:35:46] <ratrace> greycat: hmm I thought firefox specifically named container threads like that, but I can't get it to do that now
1910[18:36:11] <greycat> I'm guessing tralala will know which browser is being used
1911[18:36:20] <tralala> it's firefox
1912[18:37:08] <tralala> I stopped it and the average load is down to 0.11 but the fan is still at full speed
1913[18:37:22] <greycat> give it a few minutes
1914[18:39:23] <ratrace> vincent-: not sure then. systemd-resolved afaik doesn't inject itself before resolv.conf, in fact it configures it as a symlink to a dynamic file in /run, the rest is glibc using /etc/resolv.conf and the "search" directive in it
1916[18:40:32] <tralala> greycat, the thing is that it's blowing cold air, so it seems like the kernel is not controlling it properly
1917[18:40:55] <ratrace> it's mostly never kernel controlling that but bios
1918[18:41:50] <vincent-> ratrace, yep, the /etc/resolv.conf is a symlink to /run/systemd/resolve/stub-resolv.conf. After configuring /etc/systemd/resolved.conf to add my domain to Domains= (and restarting the service), the "search" line gets added to the /etc/resolv.conf (still being a symlink).
1919[18:41:54] *** def_jam is now known as eb0t
1920[18:43:19] <ratrace> vincent-: do you have some definition for non-fqdn "myhost" in /etc/hosts ?
1921[18:43:26] <tralala> ratrace, the thing is that under 10.5 I didn't have the problem and the bios is the same
1922[18:43:57] <vincent-> ratrace, I can see that Fedora has a different value for "hosts" in /etc/nsswitch.conf. And no, I haven't touched /etc/hosts at all.
1923[18:43:58] <greycat> tralala: if you're *dead* set on pinning blame on the kernel, just boot the previous kernel and see if the problem goes away
1924[18:44:43] <ratrace> vincent-: I think various DEs and things configure that. I don't run a DE and mine is files dns mymachines
1925[18:44:53] <tralala> greycat, I'm not, I'm just wondering why it's happening all of a sudden
1926[18:45:26] <ratrace> tralala: and to determine that you need to control variables. booting into previous kernel and doing same post-boot steps is one way to exclude kernel version
1927[18:46:25] <ratrace> that said, for example, I've noticed 50% more IOPS happening during idle times on our servers, after 10.6 update. I have yet to run proper tests to find out what did that as I also upgraded zfs to 0.8.4, so I'll need a test case and controlled variables to pinpoint it
1929[18:47:07] <ratrace> alas, I can't be bothered.... :) it's just an increase in 20 to 30 iops on 5 minute averages during least busy parts of the day
2003[19:43:07] <greycat> If you mean some subset of that question, like "all of the CNAME records defined on that particular DNS server", ask the person who administers that DNS server.
2058[20:24:52] <ratrace> so far so good. no complaints about 68'th profile. privacybadger, cookiautodelete are the only to extensions I use, no issues. and most importantly, my network.trr settings I had from before stayed the way I put them, so no DoH for me.
2086[20:34:53] <greycat> even in lynx I can't see a raw link anywhere on the entire page
2087[20:35:38] <greycat> how the hell do people choose these paste sites. anyway? "Let's find a brand new one that will piss greycat off even more than all the ones before!"
2096[20:39:13] <greycat> oh, so you *also* found it to be running? before you found the original file, which is being disguised as a log file? and OMG, it's in /root?!?
2097[20:39:26] <greycat> I would be very, very worried.
2148[20:55:12] <alex11> one click activates the url bar (as opposed to double clicking in the old firefox) and no, the fact the text is highlighted does not put it in your paste buffer
2174[21:03:44] <jhutchins> NetTerminalGene: Just a reminder that this channel is for Debian support questions, not rants about browsers.
2175[21:04:13] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
2176[21:05:06] <codedmart> I installed debian on my macbook pro 2015. The fan has not stopped since I booted. I installed and ran services for acpid, thermald, tlp, and installed powertop and tried to calibrate.
2197[21:21:26] <judd> Package fancontrol (utils, optional) in buster/amd64: utility to control the fan speed. Version: 1:3.5.0-3; Size: 46.1k; Installed: 100k; Homepage: replaced-url
2208[21:25:36] <tomjaguarpaw> I'm really confused why 'apt-get update' on buster just pulled in firefox-esr 78.3.0esr-1~deb10u1. Buster used to have version 68. The data on these two pages seems to be inconsistent with respect to which version of firefox-esr should be in buster security: replaced-url
2209[21:25:43] *** Quits: Grldfrdom (uid391113@replaced-ip) (Quit: Connection closed for inactivity)
2211[21:27:52] <tomreyn> tomjaguarpaw: the old qa tracker hasn't gotten the update, yet. if you look at the current one you'll notice the change replaced-url
2213[21:30:18] <tomjaguarpaw> Thanks. I'm not used to major versions increasing in stable. Did this happen because it was the only way to patch a vulnerability?
2214[21:30:23] <ratrace> tomjaguarpaw: 68-esr is no more, 78-esr is it now, debian upgrades the package when it goes EOL, and that happened these days.
2215[21:30:39] <tomjaguarpaw> Ah, I see. Thank you.
2216[21:30:49] *** Quits: Jerrynicki (~niklas@replaced-ip) (Remote host closed the connection)
2217[21:31:00] *** Quits: x000 (~x000@replaced-ip) (Remote host closed the connection)
2218[21:31:12] <tomjaguarpaw> I can see that a package having an LTS cadence that is slightly off a Debian release cadence can pose problems!
2219[21:31:21] <greycat> firefox-esr 78 *just* hit buster-security a few hours ago
2242[21:44:31] <ratrace> JyZyXEL: maybe I'm a dd :)
2243[21:44:31] <JyZyXEL> oh i figured since that was the address on replaced-url
2244[21:44:40] <ratrace> nah, j/k. debian-security-announce@lists.debian.org is the one
2245[21:45:17] <greycat> "to contact us, mail debian-admin@lists.debian.org." is write-only. you can't subscribe and see what security bugs people are secretly reporting.
2264[22:10:16] <magyar> I'm trying to disable TLS 1.0 and TLS 1.1 using this >> SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 but I still see tls1.0 and 1.1 offered as a option
2265[22:10:25] <greycat> mods-available is a directory containing symlinks to config files. Apache reads these to activate modules when it starts up.
2266[22:11:36] <greycat> err, wait, I got that backwards. mods-available contains the actual config files, ones you're using as well as ones you're not. mods-enabled contains the symlinks to the ones you're using.
2267[22:13:23] *** Quits: mirrorbird (~psutcliff@replaced-ip) (Remote host closed the connection)
2271[22:16:20] *** Quits: pvdp66556 (~pvdp@replaced-ip) (Remote host closed the connection)
2272[22:16:21] <magyar> but when I nmap the site for TLS protocol, I see tls1.0 and tls1.1 still being offered
2273[22:17:16] <greycat> you said "using this" -- where did you put that line, exactly?
2274[22:19:02] <PaddyF> is it written somewhere what the debian system admin team suggests to use for mta (still exim?) and httpd (still apache?) without aiming to cause trouble
2275[22:19:09] <magyar> greycat: the file ../mods-enabled/ssl.conf has a line SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 within it
2288[22:23:47] <tomreyn> lupulo: if you ever return, this describes how this system likely got compromised (compomised pypi mirror hosting modified/ malicious "resquests" module): replaced-url
2289[22:24:09] <magyar> I've grepped for it within the /etc/apache2 dir
2307[22:29:53] *** Quits: mezzo (~mezzo@replaced-ip) (Quit: leaving)
2308[22:30:06] *** rf-n00b_ is now known as rf-n00b
2309[22:31:17] <greycat> From the last time we had this conversation: (1) Yes, you can see the *parent* of your process with ps, but if that parent PID is 1, it tells you nothing. (2) WHERE did you see "/usr/bin/python3 /root/.uds/_err.log > /dev/null 2>&1" with redirections?
2313[22:32:46] <lupulo> is it the calling program, greycat i have changed the program to something more suitable, that is the system answer [Done] "/usr/bin/python3 /root/.uds/_err.log > /dev/null 2>&1"
2354[23:02:28] <greycat> tomreyn: so, are you saying that lupulo's problem was caused by running "pip" (or something similar) as root, making a typo in the package name, and getting malicious code as a result, which pip then executed?
2361[23:08:02] <oxek> is it possible to instruct apt to never add any files to a particular path? Such as never add files to /usr/lib/firefox-esr/browser/features/ on firefox-esr update?
2362[23:08:17] *** Quits: mirrorbird (~psutcliff@replaced-ip) (Remote host closed the connection)
2410[23:27:56] <jhutchins> Mazhive: The default desktop is Gnome. lxde is a different desktop environment, with some utilities and default programs that are different. It is lighter and has fewer "features". It is also more configurable, but it may be harder to figure out configuration.
2411[23:28:00] <jhutchins> !lxde
2412[23:28:00] <dpkg> The Lightweight X11 Desktop Environment (LXDE) is available since Debian 5.0 "Lenny". To install, ask me about <install lxde>. replaced-url
2413[23:28:20] <jhutchins> Mazhive: You can install both and compare them for yourself.
2415[23:28:53] <Mazhive> :) ...so in general its gnome if otherwise selected in the tasksel
2416[23:29:56] <Mazhive> i need super lightweight but yet seemingly possible to dissipear while run a single program
2417[23:30:30] <jhutchins> Mazhive: If NOT otherwise selected. I don't know if you can do both at once in the installer.
2418[23:30:46] <jhutchins> I used gnome once and have never gone back.
2419[23:32:00] <Mazhive> my regular desktop is mate but now i need it to run 1 single program to be functional i need a display manager to draw it on screen.
2420[23:32:03] <n4dir> imho it is better to not install a DE during installation, but after reboot, *if* you want to go more lightweight.
2457[23:45:55] <Mazhive> view my boot on youtube replaced-url
2458[23:46:14] *** Quits: x000 (~x000@replaced-ip) (Remote host closed the connection)
2459[23:46:32] <GenTooMan> I am using buster I had an update for the kernel that failed to install "linux-image-4.19.0-11-amd64" but the latest says " 4.19+105+deb10u6" so I'm a little confused.
2460[23:46:40] <greycat> so... uh... you can't use TLSv1.3 in stretch-backports nginx because TLSv1.3 needs openssl 1.1.1 and there isn't a libssl1.1 in stretch-backports and the one in stretch is only 1.1.0l ... correct?
2461[23:47:02] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
2481[23:53:22] <GenTooMan> hmm any suggestions on how to limit firefox's memory abusage? I'm kind of sick of it growing endlessly and having to be nuked every 7 days.
2482[23:54:27] <ratrace> cgroups!
2483[23:54:53] <ratrace> also file a bug report. I haven't seen a FF memory leak in ages, esp. none since Quantum
2484[23:56:04] <greycat> maybe one of your extensions is extra leaky