this is #debianan IRC-Channel at freenode (freenode IRC service closed 2021-06-01)
0[00:01:07] <hop> growing the first primary partition, shrinking the second one and all live with several domUs running without interruption, though… that's alchemy (:
3[00:03:01] <tete_> hi, i am facing a problem with my mail server. no mails are going through. so i checked the log and it says: Oct 23 00:02:15 server postfix/smtp[3341]: 54FE55FA51: to=<me@xxx.de>, relay=none, delay=0.14, delays=0.12/0.02/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
4[00:03:09] <tete_> but amavis is listening on localhost:10024
16[00:05:45] <Mazhive> can somebody explain me why i cant print pdf with cups i tried tons of permissions on the cups PDF folder but still cant get it to work...
17[00:05:55] <tete_> so netstat -alpn | grep 10024 should print 2 results? or only the ipv6 one?
18[00:06:12] <Dagger> if it was listening on :: then the socket would be able to accept v4 connections too, but only sockets listening on :: get that feature, not ::1
19[00:06:14] <tete_> because i had this once that it only printed the ipv6 one (iirc it was apache) but it was listening on ipv4 and ipv6
28[00:09:35] <tete_> mails go through again, thanks
29[00:10:05] <tete_> another question: when i send an email from me2@xxx.de to me@xxx.de with X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* content, it should get rejected/deleted by amavisd shouldnt it?
55[00:13:33] <sney> tete_: that sounds like amavis isn't running it through the clamd (or whatever av daemon you're using) process
56[00:15:04] *** Quits: astronavt (~astronavt@replaced-ip) (Remote host closed the connection)
57[00:15:12] <sney> maybe you are filtering the messages within mynetworks less? e.g. from foo@mydomain.com to bar@mydomain.com instead of testing from elsewhere
59[00:16:34] <tete_> hm no it must then be a problem in amavis config, because i see in the log that the message went through amavis but was not blocked
123[01:02:10] <sney> whenever you're hosting something on the public internet, always be ready to blame dns for your problems. I'm not familiar with dnsblog specifically, but everyone knows what "lookup error, host not found" means
131[01:07:34] <sney> if dns isn't the problem then it's one of your other rejects. comment them out one by one, keep testing, figure out which one it is.
132[01:07:57] <sney> I don't have a prod email server anymore so I can't check a working configuration, but I will tell you that it's easy to be too restrictive.
226[03:06:49] <sney> c-c: I looked it up, and apparently it's a security tool, but the installation nstructions tell you to pipe curl to bash >_<
227[03:07:25] <sney> anything that targets linux in general, or ubuntu/parrot/kali etc will also broadly apply to debian. but this looks like it's probably dumb, anyway. if you want to harden your system, define a threat model and be specific
228[03:08:39] <sponix> wyoung: well, it was a continuation from a prior user/conversation between dka a user and I
229[03:08:56] <wyoung> Ah, OK
230[03:09:45] <sponix> wyoung: this user had a broken kernel 5.8 from backports issue -- I just looked at their ixni report again and noticed now that it is most likely because they had sources from Buster Sid Ubuntu Xenial and others all mixed in
231[03:09:58] <sponix> no wonder it broke
232[03:10:09] <wyoung> :S Start from scratch IMO
233[03:10:23] <wyoung> Are there many services and user data in it?
234[03:10:30] <jim> hi, could someone help me locate an unsigned version of 5.4 kernel, in snapshot.debian.org?
235[03:10:34] <wyoung> Or have you mounted them outside of it
236[03:10:51] <sponix> wyoung: pretty sure they ended up doing that. But we attempted to help them for "hours" and missed that it was a "Franken Debian" problem
245[03:14:08] <wyoung> jim: I wish I knew the answer to your question. You have helped me out alot in the past.
246[03:14:10] <jim> I'm aware... but it's on snapshot, but I can't find the images... also, could someone explain this logic to me: in order that I could be able to build v4l2loopback (which is 5.4 or under), in order to install the kernel headers, I also need to install the kernel images?
247[03:14:46] <jim> is there any way to search that site?
248[03:15:06] <jim> that might allow me to search it myself :)
249[03:15:07] <sney> jim: well, if you're building a kernel module to use, you will also need to use the matching kernel
250[03:15:19] <sney> the snapshot.debian.org front page has at least 2 search boxes iirc
252[03:16:09] <jim> and that's what I want to do, but it's asking me to install -all- of the images, plain, cloud, somethign else, and the unsigned version
253[03:16:37] <sponix> jim: I can find 5.4 -- but not unsigned for some reason
254[03:16:49] <jim> same here
255[03:16:49] <sney> you are probably misinterpreting the output, at least a couple of those are likely metapackages
281[03:27:42] <tuxbts> I mean i need some assistance, if anyone can help
282[03:28:15] <jim> seriously... you might get a different result if you ask the original question (also, throw in as many informative details as you know)
283[03:28:31] <sponix> tuxbts: you might just want to state your issue(s) as descriptively as possible
284[03:29:59] <tuxbts> I did a fresh debian 10.6 install on my laptop after logging in on home screen as I do anything, even a click or app menu or open terminal, It starts to beep very loud
285[03:30:35] <tuxbts> and the system becomes completely inoperable
286[03:31:02] <tuxbts> then i have to force shutdown
287[03:31:31] <jim> and its midnite and folks are asleep? so don wan no beep?
288[03:31:37] <sponix> sney: I can't remember does the Debian install image double as a Live session ?
289[03:31:39] <tuxbts> it seems to be a very rare issue as i couldn't find anything related to it on any forum
290[03:32:32] <jim> sponix, some images (the multi gb ones) do, but there are small ones that just have an installer
342[04:00:40] <tuxbts> @sponix: i did the same thing almost an year ago, but faced same thing so moved to ubuntu
343[04:01:31] <sponix> tuxbts: if Debian for some reason will just not work out. I can't help but recommend giving "MX Linux" a try (vs Ubuntu or others)
344[04:02:45] <tuxbts> mxlinux is mostly for xfce face i guess, and m more into gnome so, xfce extra stuff will be der
345[04:03:12] <tuxbts> and does mxlinux support gnome 3.38 or 3.36?
359[04:11:51] <Kurogane> Anyone can help with gnome + vnc? for some reason when i connect via vnc i see gray screen, i tried many configurations and not work always see gray screen. I'm using debian 10.
360[04:12:20] <sponix> Kurogane: I use Teamviewer because it is simple
361[04:15:23] <Kurogane> sponix, i not use teamviewer because i can't using 24/7 because teamviewer ban you because "think" is not personal use and i need to pay for "
364[04:17:16] <sponix> Kurogane: I see... I haven't used regular VNC in ages... I think there is "tigervnc" or so though
365[04:17:26] <jmcnaught> Kurogane: are you using Wayland? Did you try logging in with Xorg?
366[04:17:38] <sponix> Wonder if "Anydesk" has a similar use limitation
367[04:17:55] <sponix> jmcnaught: I keep forgetting "Wayland" is a thing now
368[04:19:01] <jmcnaught> I use Wayland and it works for me, but I do not use VNC.
369[04:19:47] <Kurogane> What is wayland?
370[04:19:50] <sponix> jmcnaught: pretty sure my Nvidia binaries still only work well with X -- that sound correct ?
371[04:20:26] <sponix> Kurogane: It is another GUI base similar to Xorg -- newer though
372[04:20:46] <jmcnaught> !wayland
373[04:20:46] <dpkg> Wayland is a display server protocol and implementation library, intended as a simpler replacement for the X Window System. Ask me about <weston>. replaced-url
374[04:21:15] <c-c> afaics Nvidia drivers have a wayland fork
376[04:21:22] <jmcnaught> Kurogane: Wayland is now used by GNOME by default, but it works different than Xorg and capturing the entire screen is tricky with it.
382[04:25:07] <jmcnaught> Kobaz: log out of GNOME, and on the login screen look for the gear icon under the password field. Select 'GNOME on Xorg' and log back in.
383[04:26:20] <blackfox> im looking to install openvpn mullvad client, i did install the .deb file but didnt see it install, kernel 5.8
384[04:26:41] *** Quits: pvdp665564 (~pvdp@replaced-ip) (Remote host closed the connection)
385[04:27:29] <sponix> blackfox: mullvad.net had directions on how to do it. follow them
389[04:29:57] <sponix> they also have the option to have the website generate a wireguard client config for you to connect to them -- I might just do that instead of installing their package
395[04:34:39] <Kurogane> jmcgnh, nop still see gray screen.
396[04:36:16] <jmcnaught> Kurogane: in GNOME settings if you go to the Sharing section (left side-panel) does it have an option for screen sharing there?
397[04:38:25] *** Quits: Tom01 (~tom@replaced-ip) (Remote host closed the connection)
399[04:44:02] <Kurogane> gnome settings? i see a setting and there is sharing and there are some options, all are off except remote login.
400[04:45:22] *** Quits: Prints (~333@replaced-ip) (Ping timeout: 260 seconds)
401[04:45:57] <jmcnaught> Kurogane: previously GNOME had the ability to share the screen with VNC, it was configured under Sharing settings. I do not have it, but maybe you do if you log in with Xorg instead of Wayland.
423[05:18:07] <abff> is there an debian-installer specific channel?
424[05:19:07] *** Quits: auk_ (auk@replaced-ip) (Remote host closed the connection)
425[05:19:12] *** Quits: auk (auk@replaced-ip) (Ping timeout: 272 seconds)
426[05:20:06] <abff> I've been setting up replaced-url
427[05:21:29] <abff> I was guessing while trying to do the install, I mounted the iso to /cdrom and /media but the mount command was complaining about loopback interfaces
438[05:39:56] <abff> I think I got lucky, it's working now. I created a second partition and dd'd the iso to that second partition, then I was able to mount it to /cdrom
448[05:55:19] <maxtim> I have a dual boot system with Windows installed. When I `fdisk -l` I see that the Windows partition has the boot flag. What steps should I take to ensure Debian will boot if I were to delete the win partition?
449[05:55:27] <Urk> RoyK> It still wouldn't kill it.
450[05:58:08] <Urk> RoyK> I used killall chrome, and that got rid of it.
453[06:03:42] <ax562> I just added a new partition with a new OS. I'm running grub off of my Debian 11 partition. What would be the best way for Debian's grub to pick up my new OS and add it to the OS choice screen when I boot?
469[06:27:07] <dpkg> #debian-next is the channel for testing/unstable support on the OFTC network (irc.oftc.net), *not* on freenode. If you get "Cannot join #debian-next (Channel is invite only)." it means you did not read it's on irc.oftc.net. See also replaced-url
470[06:28:01] *** Quits: ax562 (aec28509@replaced-ip) (Remote host closed the connection)
473[06:31:24] *** Quits: tuxbts (uid384283@replaced-ip) (Quit: Connection closed for inactivity)
474[06:32:07] <maxtim> I have a dual boot system with Windows installed. When I `fdisk -l` I see that the Windows partition has the boot flag. What steps should I take to ensure Debian will boot if I were to delete the win partition? Note* I understand that I must use a live disk in order to do any operations ahead. I'm not 100% sure where GRUB is installed
511[07:19:43] <maxtim> Nah, I kinda have a love affair with System Rescue CD
512[07:20:09] <mtlsw> maxtim, nerd
513[07:20:11] <derpadmin> ah, love it too
514[07:20:14] <maxtim> lol
515[07:20:48] <derpadmin> so fdsik have an option "a" to toggle a bootable flag
516[07:20:51] <mtlsw> I just downloaded/new sysrescue cd today .. I'm wondering what good I can do with it -- considering I am pretty well covered already just using gparted-live.
517[07:21:32] <derpadmin> guess I need to download the latest version and put on my bootable key now
518[07:21:34] <alex11> i kind of just assume i can rescue a debian system with the installer
519[07:21:35] <derpadmin> thanks guys LO
520[07:21:39] <alex11> i don't know if that's a false belief or not
521[07:21:41] <maxtim> mtlsw, it's like having a tool that can do just one thing versus a tool that can do all of it
523[07:22:06] <mtlsw> I usually don't need more than a couple of utilities, which get updated with gparted-live ..
524[07:23:01] <mtlsw> it's only like 300 megs more (twice) the size of gparted-live ... so whatever else I might be needing not on gparted, I guess I should find in sysrescue -- but can't think of anything.
525[07:23:06] <derpadmin> ok, so fdisk, add bootable flag
526[07:23:11] <derpadmin> growpart
527[07:23:17] <derpadmin> and resize2fs
528[07:23:20] <maxtim> so just make bootable flag to sda1
529[07:23:22] <derpadmin> we are done here?
530[07:23:43] <derpadmin> yup
531[07:23:46] <derpadmin> sda1
532[07:23:53] <maxtim> yeah, I mean that's what I was already thinking. I guess I just needed some confirm
533[07:24:05] <mtlsw> gparted does that transparently.. much safer... it's too much a mess to calculate filesystem size and partition size. ---<<< ha you should know how many newbs fall for only doing ONE and not the other and then totally corrupt their filesystems.
534[07:25:10] <maxtim> yeah.... I'd rather blame myself than another pice of software... mtlsw
535[07:25:23] <maxtim> still gonna back, back, back it up!
536[07:26:13] <maxtim> I heard this from someone on this channel: There are two types of people: those who have suffered a catastrophic data loss, and those who will.
537[07:27:02] <maxtim> You ain't gonna F me again, data loss! Not Today Death!
538[07:27:27] <mtlsw> you should see on reddit -- constantly -- users do one thing and not the other, make a new "Formatting" on a new parittion while it is actually overwritting an overlapped filesystem.
539[07:27:29] <mtlsw> total mess.
540[07:27:47] <mtlsw> my suggestion is just to use "gparted" unless you know what you're doing -- and you're right -- backing up is a good thing.
546[07:30:08] <mtlsw> it's like doubled in size the last 2 years. Questions though are not on that particular reddit, but the fact that the size of r/linux has like doubled, quite tells something about the growing popularity of Linux
547[07:30:45] <maxtim> I just wanna see jokes and cat memes on reddit. I sometimes look at r/WindowsTechSupport just for questions I might be able to answer.
548[07:31:38] *** Quits: ax562 (aec28509@replaced-ip) (Remote host closed the connection)
549[07:31:41] <maxtim> I've never said I was an expert with Linux. Wish I could, and perhaps that's an issue with linux, and Debian specifically.
551[07:32:06] <mtlsw> I dont browser reddit -- I just use a news aggregator to look at any titles that would interest me and then check things out
552[07:32:18] <mtlsw> I never really use the "web portal" for browsing new topics.
553[07:32:23] <mtlsw> I hate reddit in that way ;-)
554[07:32:34] <mtlsw> that means I actually don't like memes. :)
555[07:33:01] <maxtim> I read fairly recently that the Debian project has no issue with monies, but does have an issue with programmers. in that they simply don't have enough of them
556[07:33:03] <mtlsw> it wastes too much my time to even care :))
557[07:33:29] * mtlsw says you can use "rss" against subreddits.
560[07:34:07] <mtlsw> it'd be great if the debian-wiki+documentation was one project instead of two++
561[07:34:10] <maxtim> I kinda stopped using rss feeds a long time ago
562[07:34:17] <mtlsw> I bet it would surpass the archwiki if that were the case.
563[07:34:33] <maxtim> intersting notion
564[07:34:44] <derpadmin> mtlsw, resize2fs with no size argument resize to the max of the partition available these days :)
565[07:34:45] <mtlsw> maxtim, rss feeds have only grown into billion dollar bussinesses
566[07:35:23] <mtlsw> maxtim, maybe they're not called rss up-front but you can export alot of those feed-services to .opml , and then import that into your rss app. Or even on your Android as well.
567[07:36:08] <maxtim> mtlsw, i'll start looking at rss again. noted
568[07:36:47] <mtlsw> derpadmin, you kind of missed my above example.. trying using it after shrinking a partition. A lot of noobs tend to forget to resize hte filesystem, and instead go ahead with adding partitions and formatting things.
569[07:37:18] <derpadmin> ah, shrinking, yeah, that is more dangerous :)
665[09:21:17] <genr8_> we have 3 different versions of rng-tools, two are version 2.x, one is 5.x, both the maintainers went to sleep, and there is a massive recent amount of activity on github by a 3rd guy that needs to be audited for correctness, and the concept of haveged and jitterentropy needs to be thought of as well
666[09:23:27] <genr8_> The official repo is up to v6.10 replaced-url
667[09:23:52] <genr8_> and since its crypto we need the big brains on duty
744[10:27:56] <shtrb> jelly, lol I had found the problem with my playback (simultaneous ) - the application (dragon player) was using the wrong sink :D
745[10:28:10] <shtrb> pulse audio had all ok :D
746[10:29:02] *** debhelper sets mode: +l 1155
747[10:29:57] *** Quits: blodkorv (~blodkorv@replaced-ip) (Remote host closed the connection)
885[13:27:40] <ytf0rd> my storage stuff is on lockdown
886[13:27:45] <ytf0rd> they say I need to pay
887[13:27:59] <ytf0rd> how to not pay and get files?
888[13:28:12] <ytf0rd> ?
889[13:28:15] <ytf0rd> ?
890[13:28:17] <ytf0rd> ?
891[13:28:19] <ytf0rd> ?
892[13:29:12] <ytf0rd> help pls
893[13:29:17] <ytf0rd> what to do?
894[13:29:59] <azeem_> what is hentia?
895[13:30:17] <shtrb> typo on a type of video resource
896[13:30:17] <ytf0rd> its a kinda of anime/manga
897[13:30:18] <shtrb> ?
898[13:30:30] <shtrb> error 567 from where ?
899[13:30:30] <azeem_> ytf0rd: how is this related to Debian?
900[13:30:49] <ksk> !problem
901[13:30:50] <dpkg> from memory, problem is something that can be solved, fixed or worked around if properly described. A good thorough description of the problem, with detailed steps of how to reproduce the problem, the produced output, and the expected output, is the best start to discuss a problem.
902[13:30:50] <ytf0rd> because it happened on debian I installed a deb file and they did this
903[13:30:58] <kopper> ytf0rd: Your hentai is ransomwared?
904[13:30:59] <ytf0rd> they said wont have files until I pay them
905[13:31:04] <kopper> Lol
906[13:31:07] <ytf0rd> whole drive
907[13:31:21] <ytf0rd> I was trying to download linux vr stuff and they did this
908[13:31:22] <ksk> Should not have installed random .deb files from the net, maybe :)
909[13:31:35] <shtrb> oh lord , you installed a .deb from somewhere and not just the debian repositories ?!
910[13:31:37] <ytf0rd> I saw it on pirate bay
911[13:31:47] <c-c> name?
912[13:31:50] <ksk> !handbook
913[13:31:50] <dpkg> The Debian Administrator's Handbook is at replaced-url
914[13:31:51] <shtrb> ytf0rd, well , revert from backup
915[13:31:56] <ksk> ytf0rd: I suggest you read the handbook
916[13:32:18] <ytf0rd> its I cant get hentia vrs in the main repos
917[13:32:28] <ytf0rd> how to get them in the main repos so dont need pirate bay?
918[13:32:49] <shtrb> Do you mean hentai ?
919[13:32:55] <ytf0rd> yes
920[13:33:09] <ytf0rd> sorry english is poor come from india
921[13:33:14] <kopper> Weekend has started
922[13:33:39] <ytf0rd> what do I do to get files back need tool cant loose files important
923[13:33:41] <ksk> ytf0rd: How about buying it from the vendor, if they offer linux version of this software?
924[13:33:41] <shtrb> hentai , is just a term to describe videos, you don't need to have a .deb to watch a specific video
926[13:34:05] <ytf0rd> no I was downloading exes and running them in wine
927[13:34:14] <ksk> ytf0rd: if your system is rooted and crypted, you cannot do anything. Restore from Backups.
928[13:34:15] <ytf0rd> but then I gave wine permision over a whole drive
929[13:34:17] * shtrb facepalm
930[13:34:18] <c-c> kopper: yes, even natively english countries lose language skills
931[13:34:29] <queip> maybe he was attacked by randomware virus? that's quite an achievment to do on linux
932[13:34:35] <queip> *ransomware
933[13:34:38] <iamjfk11> ytf0rd torrent hash ?
934[13:34:52] <ytf0rd> it changed my background to a face of anonymouse
935[13:34:59] <shtrb> queip , yes, wine become very good recently !
936[13:35:03] <ksk> queip: Im rather inclinded to say: Wine must be good, if ransomwe runs on it out of the box ;)
937[13:35:04] <c-c> queip: first it was .deb, now its random .exe, and the whole deal is still trolling.
938[13:35:08] <ytf0rd> help he is asking for money
939[13:35:17] <kopper> c-c: I wasn't referring to his language skills. I was referring to the fact that his porn is ransomwared by installing something from PirateBay
946[13:37:57] <EdePopede> nice blueprint for a HOWNOTTODOIT
947[13:37:59] <shtrb> another, he did
948[13:38:10] <another> where?
949[13:38:36] <EdePopede> 23.10 13:30:50 <ytf0rd> because it happened on debian I installed a deb file and they did this
950[13:38:46] <EdePopede> "why in #debian"
951[13:39:12] <another> ah, sry. missed that
952[13:39:55] <EdePopede> so people are still behaving like in DOS times?
953[13:41:55] <shtrb> Just an observation , India has the second largest english speaking population in the wold, you can now say that US and Indian dialects the proper English :D
999[14:03:19] <shtrb> queip, well , I trust you that you had found a bug report for that.
1000[14:03:20] <azeem_> but ok
1001[14:03:37] <shtrb> but , clean buster default config should work (I did an installation last week )
1002[14:03:39] <queip> how to tell akonadi to use pgsql?
1003[14:04:31] <queip> shtrb: it is a well known problem that kmail will stop receiving emails on mysql, perhaps it needs certain kind of email servers, or high load, or many emails (I have thousands) or some extra conditions but it is recognized by devels
1004[14:04:50] *** Quits: coot (~coot@replaced-ip) (Remote host closed the connection)
1008[14:05:39] <azeem_> queip: the documentation probably explains how to switch to pgsql
1009[14:05:56] <azeem_> it's not a usual thing to do, so probably you won't find somebody in here who knows off-hand
1010[14:06:00] <shtrb> queip, make sure you are not connecting to running mysql server ! but rather use the standard per use instance
1011[14:06:10] <queip> shtrb: how?
1012[14:06:15] <ratrace> shtrb: what do you mean?
1013[14:06:16] <shtrb> about pg - here's a doc replaced-url
1014[14:06:35] <queip> (user) akonadictl start -> DBUpdater shown various errors, cant alert table, cant drop column external etc
1015[14:06:37] <gpunk> queip: if akonadi fails to work, changing backend is not really of actuality
1016[14:06:51] <gpunk> dig for the real issue with akonadi
1017[14:06:53] *** Quits: j7k6 (~j7k6@replaced-ip) (Remote host closed the connection)
1018[14:06:56] *** Quits: JohnML (~john1@replaced-ip) (Remote host closed the connection)
1019[14:06:57] <shtrb> ratrace, you can either have a mysql server running and listning on a port . but you could also let akonadi spawn a mysql server on demand
1020[14:07:03] <queip> gpunk: the real issue is that it is very poorly written
1022[14:07:09] <shtrb> that's more for #plasma and #akonadi to be honest
1023[14:07:12] <ratrace> shtrb: like a completely separate master mysql instance?
1024[14:07:13] <gpunk> what is poorly written ?
1025[14:07:20] <shtrb> ratrace, exactly
1026[14:07:23] <ratrace> shtrb: that's just super extra terrible......
1027[14:07:32] <shtrb> ratrace, welcome to akonadi
1028[14:07:37] <gpunk> and changing a backed of any software, is not a way of fixing it
1029[14:07:40] * ratrace is happy there's no KDE ecosystem on its computers
1030[14:07:40] <queip> gpunk: it seems to be popular opinion that entire idea of akonadi is just bad, because it becomes very slow, and kmail should never used it
1032[14:07:53] <gpunk> IF it woeks then, then you have found a work-around, not a fix
1033[14:07:55] <shtrb> ratrace, you get used to it, it's not a big deal anymore
1034[14:08:11] <queip> ratrace: old KDE was good
1035[14:08:15] <ratrace> shtrb: my OCD would neve, ever, allow that
1036[14:08:27] <ratrace> queip: yeah, 3.x was awesomest
1037[14:08:28] <shtrb> queip, I find it odd that by default config in debian you would hit that.
1038[14:08:28] *** Quits: coot (~coot@replaced-ip) (Remote host closed the connection)
1039[14:08:29] <queip> before people started with adding modern things to it. it was systemd'd even before systemd ;))
1040[14:08:31] <gpunk> akonadi is fine, it is just that alot of folks dont know what it is really actually
1041[14:08:41] *** Quits: Haudegen (~quassel@replaced-ip) (Quit: Bin weg.)
1042[14:08:44] <ratrace> queip: it's not modern things that are proble, but bad developers
1043[14:08:50] <queip> gpunk: kmail DEVELOPERS say akonadi was a bad idea to use
1044[14:09:01] <shtrb> please try create a brand new account , use the standard mariadb server installation as in server and test there
1045[14:09:14] <gpunk> maybe, but doesnt mean it doesnt work
1046[14:09:24] <gpunk> I have never had an issue with ot
1047[14:09:27] <queip> shtrb: do you know how to instead just nuke from orbit the current user's akonadi DBs and all? I do not have any data there that needs saving
1048[14:09:42] <shtrb> yes , but I wish to let you an option to restore your mess
1049[14:09:47] <ratrace> !ripley method
1050[14:09:47] <dpkg> "I say we take off and nuke the entire site from orbit. It's the only way to be sure." -- Ellen Ripley
1052[14:10:47] <gpunk> AND , what do you mean by not working exactly ? (I just got in ...)
1053[14:11:16] <queip> gpunk: kmail on akonadi+mysql after first hour to use stopped updating the emails, not downloading any new emails
1054[14:11:42] <queip> shtrb: on new user, the kmail starts up, yes
1055[14:11:42] <gpunk> have you taken action to be able too Logs ?
1056[14:11:43] <shtrb> queip, what you need to do is to backup everything , remove the resources (uninstall) , erase the db (.local/share/akonadi/* ) , prove P=NP , uninstall any extra thing you had done in your workaround , apt-get install kontact
1057[14:11:59] <shtrb> queip, if on a new user it works , congrats you had broken your user config
1060[14:12:20] <shtrb> my comment about the steps was to nuke everything
1061[14:13:01] <shtrb> as it work for another user, you can just remove resources , erase local akonadi resources and directories , and start the service again
1062[14:13:07] <shtrb> just backup everything before hand
1063[14:13:26] <queip> shtrb: how to verify whether my current akonadi uses mysql or pgsql actually?
1064[14:13:47] <shtrb> you can see via akonadiconsole or the config files
1083[14:19:45] <shtrb> queip, ^ the config file where you can see where it will try to connect and how
1084[14:21:13] <shtrb> in your case , just backup your home dir and git rid of ~/.config/akonadi and ~/.local/share/akonadi* ~/.cache/akonadi* , make sure you backup everything BEFORE you start erasing
1085[14:21:28] <shtrb> can't you create a new user on the same machine and check it on the same machine ?
1087[14:22:41] <queip> oh damn the machine where I thought pgsql helped, is still on mysql, seems just restarting server masked the bug for now
1088[14:23:00] <shtrb> :D
1089[14:23:02] <gpunk> My idea is that, it could be only a mariadb issue, hence you wont have to play with all akonadi stuff
1090[14:23:04] <queip> maybe in a decade linux will have an actually good email client just that works
1091[14:23:15] <queip> shtrb: still, kmail developers say to use pgsql and mysql version is crap
1092[14:23:47] <gpunk> queip: you have a superb email client, very mature and fonctional: Evolution
1093[14:24:10] <gpunk> nothing compares to it, even outlook users fall for it
1094[14:24:30] <shtrb> I think you should calm down , see that kmail devs probably have a much updated version then you have on debian (we are with buster after all), you also have other like claws (no akonadi involved) or evolution and mutt
1095[14:24:45] <shtrb> gpunk, outlook is ... broken
1096[14:24:59] <gpunk> what do I care about outlook ?
1097[14:25:36] <shtrb> gpunk, you took their users to fall for evolution , they would be happy with netscape communicator
1098[14:25:45] <queip> last time I used evolution it was crashing a lot
1099[14:25:50] <queip> though that was 10+ years ago, hmm
1101[14:26:26] <gpunk> a package binary that crashes, doesnt witness the quality of a piece of software
1102[14:26:35] <queip> seeing as it is Gnome, it is probably badly writen C, and probably hides all advanced options from users (the dumb user philosophy)
1103[14:26:36] <gpunk> you'd have to see with your distro
1136[14:30:13] <gpunk> you think you are smarter then K ou R or Linus ?
1137[14:30:16] <queip> in C, probably part of the reason why we at least yearly have a critical bug there
1138[14:30:21] <NetTerminalGene> i did "systemctl --now disable apt-daily.timer apt-daily-upgrade.timer" but my buster still check upgrades automatically at boot. how can i disable auto update check?
1139[14:30:36] <queip> * critical vulnerability
1140[14:30:37] <gpunk> can you stop puking shit for a minute ?
1141[14:31:04] <shtrb> queip, akonadi is broken not because of the language but because design choices, so many project had been now broken because of "fancy" js and node crap .
1142[14:31:55] <gpunk> A man codes C for 15y, then tells me C is crap
1143[14:32:03] <gpunk> lol
1144[14:32:05] <queip> shtrb: sure, usage of C is why I wouldn't move to Evolution
1145[14:32:16] <shtrb> queip, but even in your case , I have a hunch you had some odd config or choices that are broken
1146[14:32:24] <queip> gpunk: C++ includes C, I code in C++
1147[14:32:32] <queip> which is how I know C is bad :)
1148[14:32:47] <gpunk> I was coding in C, way before C++ was invented
1149[14:33:03] <shtrb> queip, I'm too a "dev" with a good background in both C and C++ , but I would never judge a program just based on the language it had been done it.
1150[14:33:16] <vipthx> Hi guis, i have MB ASUS with nforce 570 chipset and CPU that mobo does not recognised it. CPU run at 800MHz instead 3.2GHz. How can i overclock it in Debian?
1151[14:33:22] <gpunk> I was coding in C, way before C++ was invented, so I went with the wave and learned C++ by my self
1152[14:33:27] <gpunk> I love c++
1153[14:33:34] <queip> well I was coding in asm around that time, and I know I wouldn't trust anything hand written in asm now, it's too error prone (besides rare specialized asm fragments where really required)
1154[14:33:38] <gpunk> but many thnings are not made for c++
1155[14:34:02] <shtrb> queip, based on your answer , you would be get yelled by C++ devs , C++ is no longer C with classes , these are different paradigms , different appoachs
1156[14:34:37] <queip> well Im simply saying, I do not want to attach myself to user programs written in language so memory-dangerous as C, which is why Evolution is not for me
1157[14:34:44] <shtrb> feces even qt might get lost now , and we will be left only with wxwidets and gtk
1158[14:35:11] <shtrb> And what language is not memory-dangerous ?
1159[14:35:18] <ratrace> %s/is no longer C with/is no longer just C with/
1160[14:35:21] <queip> even C++ is hard, often seen crashes in kmail and alike (in stable debian) related to invalid pointers. but C is even harder, so just too much for my taste :)
1161[14:35:27] <ratrace> shtrb: why, Rust of course!
1162[14:35:46] <shtrb> ratrace, intellectually chalenged bugs can be made in rust without a problem
1163[14:35:47] <queip> shtrb: well, python. subset of rust if used properly. higher languages like dunno, haskel
1164[14:35:49] <gpunk> anyway, we changed subject
1165[14:36:01] <shtrb> "properly" is the key point here
1166[14:36:12] <gpunk> to answer our freind, the most mature and complete email client there is , is evolution.
1167[14:36:23] <queip> shtrb: sure but better to just have logical bugs, than logical+lowlevel. Also, logical usually do not lead to RCE at least
1171[14:37:02] <shtrb> queip, i didn't see "low level" bugs in your complain so far , only that it does not work (sorry)
1172[14:37:19] <ratrace> shtrb: footshootage is ubiquitous among bad developers and agnostic to language used :)
1173[14:37:27] <queip> very mature code, everyone run it. low level C-style memory bug, and bam, basically most (all?) browsers, across many (all?) platforms have now potential RCE
1174[14:37:32] <gpunk> what are you trying to say ? queip:
1175[14:37:32] <queip> (patched yesterday in Deb)
1176[14:37:54] <queip> that sadly mature code often has critical bugs too, and if it is C code then probably has more of them
1177[14:37:59] <ratrace> queip: that's mostly coming from terrible x86 design, rather than usage of C tho
1178[14:38:13] <gpunk> you prefer shrp maybe ? so get your self a windows and stop criticising for critisising
1179[14:38:35] <shtrb> gpunk, I just gaged because of you
1180[14:38:41] <gpunk> lol
1181[14:38:42] <queip> ratrace: I think no CPU architecture can save you fully from memory errors. some might mitigate with NX, randomization and all. x86 already does
1182[14:38:58] <ratrace> queip: capability based hardware and hardware fat pointers
1183[14:39:16] <queip> ratrace: like what arch does that currently?
1184[14:39:32] <ratrace> queip: some RISCV based implementations
1185[14:39:40] <shtrb> I almost gurntee your akonadi issue is not because of a "low level" error of memory bit flips or incorrect types badly casted. but rather LOGIC ERRORS
1187[14:40:01] <queip> shtrb: sure, that is just another topic that came up with Evolution
1188[14:40:05] <gpunk> I swear to go, since the last year or so, I come across, all the time, folks that the only thing they do is: contradicting and criticising anything you tell them
1189[14:40:11] <ratrace> queip: or ARM.... see: CHERI
1190[14:40:17] <gpunk> even if it makes then look ridiculous
1221[14:51:01] <queip> shtrb: you can also give it trust. but what many people do not know, and do not intend to do, is that giving trust also means the WOT thing, "trust that if this guy says someone else X is trusted, then consider X trusted as well"
1222[14:51:11] <queip> gpg messed up a bit the trust vs lsign thing imo
1392[17:03:55] <fredl> hi guys, in my persistent iptables I have -A INPUT -m conntrack -p tcp --dport 22 --ctstate RELATED,ESTABLISHED -j ACCEPT
1393[17:04:10] <fredl> I'd like to conntrack the SSH connections but nothing else
1394[17:04:53] <ratrace> fredl: what do you mean?
1395[17:05:52] <fredl> You know what connection tracking does right?
1396[17:06:40] <fredl> in iptables output it looks like this: 320 23364 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED tcp dpt:22
1397[17:07:17] <ratrace> I know what the conntrack module is and what it does yes. what do you mean about "conntrack the ssh connecions but nothing else"
1399[17:07:36] *** Quits: lesless (~lessless@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
1400[17:07:57] <fredl> well it's a haproxy server, I don't mind my, or co-workers, SSH connections to be put in the conntrack table
1401[17:09:23] <fredl> So I figured with the -m conntrack --ctstates, if I add a -p tcp --dport 22 that nf_conntrack would only add the SSH connections to the conntrack table
1402[17:09:57] <fredl> it doesn't seem to work that way though and I'm asking why
1412[17:11:56] <fredl> and the conntracking table gets HUGE
1413[17:12:17] <ratrace> well the nature of network traffic is that it _has_ to be tracked, except for stateless things like UDP
1414[17:12:27] <ratrace> the very nature of TCP itself requires it
1415[17:12:31] <fredl> ehm no
1416[17:12:37] <ratrace> well, serial numbers for starters
1417[17:12:39] <fredl> It's only for the firewalling, conntrack
1418[17:13:11] <fredl> So that if an incoming packet matches somethign that's in the conntracking table, not all the other rules need to be checked
1419[17:13:13] <ratrace> that's not really true. flush teh tables and then look up /proc/net/nf_conntrack
1420[17:13:29] <ratrace> connection tracking is about flows
1421[17:14:25] <fredl> well yeah but for very busy sites with traffic that comes from a million different sources... is it useful to keep those connections in the conntrack table?
1422[17:14:37] <fredl> even if just for a few seconds
1423[17:14:37] <ratrace> a packet is always in SOME state. invalid (no known connection), new, established, related, untracked, ....
1429[17:15:47] <fredl> reassembling packets happens in the TCP protocol
1430[17:16:00] <ratrace> right, so whta are you really asking then?
1431[17:16:03] <fredl> conntracking is something entirely different
1432[17:16:07] <ratrace> it's not really
1433[17:16:14] <fredl> it is
1434[17:16:22] <ratrace> well then you know better and your problem is solved.
1435[17:17:11] <ratrace> also, the order of rules matters, so if you want to -j ACCEPT before your established,related match, you can do so
1436[17:17:37] <ratrace> also:
1437[17:17:39] <ratrace> !xy
1438[17:17:39] <dpkg> Slow down for a bit! Are you sure that you need to jump through that particular hoop to achieve your goal? We suspect you don't, so why don't you back up a bit and tell us about the overall objective... We know that people often falsely diagnose problems because they are too close to them -- it's easy to miss that there is a better way to proceed. See replaced-url
1448[17:26:00] <ratrace> fredl: by the way, if the conntrack tables were separtae from the connection tracking part of tcp, then iptables -F would flush the states and disconnect everything and everyone, ssh conn included, and that never happens because the iptable extension is just about matching the internal stack states
1491[18:08:58] <Matrox> to block ssh login attempts (i have already disabled password auth but my logs are full of ssh attempts to login) should i use fail2ban or the simpler sshguard?
1492[18:09:06] <jhutchins> Wow, big jump from buster to bullseye
1502[18:12:23] <Brigo> Matrox, they do basically the same, it is just a matter of taste.
1503[18:12:36] <sney> Matrox: run it on an alternative port, and/or use a firewall to restrict ssh access to allowed hosts only. Your vps provider may have a web-based one you can use for this, otherwise netfilter.
1504[18:13:01] <sney> blocking hosts that already attempted to ssh is a losing battle on an internet full of botnets.
1505[18:13:23] *** Quits: chele (~chele@replaced-ip) (Remote host closed the connection)
1508[18:14:50] <taman> There's fwknop too, though it's ipv4 only.
1509[18:14:51] <Matrox> sney, i open up my journalctl logs for sshd, and i see a login attempt with different username (dictionary attack) every second
1510[18:15:13] <Matrox> you can't even read journalctl without filtering at this point
1511[18:15:36] <sney> Matrox: exactly, botnets. jhutchins is right that the bots mostly target port 22, so if sshd is on (e.g.) port 222, the bots won't hit it as hard.
1512[18:16:57] <Matrox> i see
1513[18:17:04] <sney> if you let the bots keep hammering your server and only block them afterwards, they'll still be in your logs, and fail2ban will increase the overhead as well
1514[18:17:22] <jhutchins> 222 is pretty well known these days.
1515[18:18:15] <sney> right, roll the dice and pick a 3 or 4 digit number.
1526[18:24:39] <dpkg> deb.debian.org is a mirror network that is backed by international content delivery networks and for most users, this is the most reliable <mirror> to use in the <sources.list>. From Debian 9 "Stretch" onwards, apt queries SRV records in DNS which then send it off to a CDN. Older apt will get an HTTP redirect from deb.debian.org to the same CDNs. See replaced-url
1652[19:13:16] <JPT> conntrack is responsible for tracking traffic within iptables/nftables rules. I don't understand why you would want to blacklist them?
1653[19:14:37] <fredl> because I run haproxy on that box and it's very busy, that flogs the conntracking table
1663[19:18:38] <fredl> this is one of those servers where libvirt asks for a password and by the time you pasted the password you already can't stop the bootloader and boot in single user more
1690[19:30:42] <fredl> Oh I guess I could try that
1691[19:30:54] <fredl> I just undid it and rebooted and now it's fine again
1692[19:31:23] <fredl> I do have an academical curiosity to figure out why
1693[19:31:35] <fredl> but alas not much time to find out
1694[19:32:25] <JPT> Well, if the machine is operational now, it should be fine. :)
1695[19:32:40] <Matrox> if i install something with pip3 or pip, is it in my default path? because i already have that package from debian repos but want to get latest from pip
1696[19:32:48] <JPT> By the way, you can use sysctl to adjust the conntrack limits to your needs, too
1705[19:33:35] <JPT> Matrox: I believe that your statement is true. It may differ if you're within a virtualenv though. For more details, perhaps ask the python people :)
1707[19:33:46] <somiaj> Matrox: by default yes, and as you have discovered this is probably not best. You should use a python virtualenv to install stuff to keep it indepdnent of your system.
1708[19:33:54] <fredl> I basically removed the --ctstate RELATED,ESTABLISHED now tho
1709[19:34:10] <fredl> That also completely blocks any conntracking to happen
1710[19:34:11] *** Quits: zathras (~zodd@replaced-ip) (Remote host closed the connection)
1712[19:35:02] <fredl> well huh, only after you have completely nuked, erradicated, bombed EVERTHING that UFW leaves behind after you install it by pure accident
1713[19:35:27] <JPT> fredl: That makes sense. If certain rules are hit too often by traffic, you may want to stop using conntrack for them and perhaps check tcp flags directly. It's not always beautiful, but it should work fine.
1714[19:35:30] <Matrox> somiaj, i will just apt-get purge old-package
1720[19:36:04] <JPT> fredl: However, consider increasing your conntrack limits if your ruleset is important to you. Modern machines should easily be able to track ~500k connections or more.
1726[19:38:36] <dpkg> In buster, su no longer overrides PATH by default, requiring that you use "su -" or "su -l" for login shells (which is not really a new thing at all...). To approximate the previous behaviour, put "ALWAYS_SET_PATH yes" in /etc/default/su (create it). See replaced-url
1743[19:41:58] <JPT> fredl: The answer is: it depends. If you use conntrack, once a new connection is tracked and allowed, all follow-up packets can be allowed by one lookup within the first rule in your chains.
1744[19:42:19] <JPT> On the other hand, you can have all packets traverse the whole ruleset each and not use conntrack.
1745[19:42:35] <fredl> I guess it's a balance
1746[19:42:41] <JPT> Also, depending on how big your ruleset is, using conntrack will also improve readability of your ruleset a lot.
1747[19:42:46] <JPT> Yes, it is.
1748[19:43:02] <fredl> If you have many long running connections.... it makes a lot of sense to have a few conntracking entries why not
1749[19:43:22] <fredl> But on a webserver with millions of hits from all over the place I think it makes far less sense
1751[19:44:00] <JPT> Yeah, probably. The guys that run cloudflare certainly have different requirements than what I want to do with my vps running a private homepage.
1752[19:44:23] <fredl> Well this is a loadbalancer for quite a busy site we're building :)
1754[19:44:59] <JPT> My personal experience with a "busy" haproxy instance is the one I run at work, which load balances for our exchange. It usually peaks handling a total of about ~20-30k connections. It's fairly boring.
1762[19:46:31] <JPT> Since most of the communication is based on https, I assume it's a ton of new connections over and over again, but I'm not certain.
1763[19:47:06] <fredl> I'm thinking I might want to consider doing conntracking on the *internal* connections
1768[19:48:24] <fredl> as they won't create a huge amount of entries in the conntrack table I'd think
1769[19:48:35] <JPT> To talk about iptables based firewalls: Our primary one uses conntrack for everything. It peaks at about ~70-80k tracked connections, while also dealing with the usual trash traffic coming from the internet. No performance issues so far.
1770[19:49:23] <JPT> We're a small sized university, and our internet connection usually never exceeds transfers of about 1gbit/s.
1774[19:50:51] <fredl> well what's also important to realize... this is a KVM VM
1775[19:51:19] <fredl> That would involve all sorts of tuning on the hypervisor which I have fairly little control over
1776[19:52:55] <JPT> I mean - perhaps review your current performance figures for your machine and then you can still reconsider your options. My current point is: even with conntrack, iptables/nftables is very efficient at tracking a big number of connections without breaking a sweat.
1777[19:53:28] *** Quits: randombit (~randombit@replaced-ip) (Remote host closed the connection)
1792[20:07:22] <JPT> Matrox: 1) probably, I don't know for sure. 2) If you have multiple python projects which require different versions of the same modules, you can use different virtualenvs to keep all these dependencies separated and prevent incompatibility and other potential issues.
1797[20:08:34] <JPT> Virtualenvs are - afaik - best practise for setting up any python project in order to keep your default/system environment clean and be able to understand and easily track your dependencies based individually.
1798[20:09:01] *** debhelper sets mode: +l 1174
1799[20:09:29] <JPT> I don't know about pipx, perhaps that's one of many questions best asked in one of the many existing python channels on freenode.
1800[20:09:45] <JPT> You can use "/msg alis list python" to discover them
1887[21:28:57] <sney> TuxCrazy: looks like it's an electron app, so it's probably pretty self-contained. the debian package control files are missing from that repo though so it's hard to be sure
1888[21:29:07] <enocoffee> from the options available i'd choose the .AppImage.
1896[21:30:18] <sney> since the control files aren't available, we have no way of knowing if it does anything wacky during pre/postinst. appimage/snap/etc are completely isolated
1897[21:30:40] <TuxCrazy> but, the latest version of this appimage doesn't seem to be working.
1898[21:30:50] <TuxCrazy> sney, ok
1899[21:30:53] <enocoffee> that's unfortunate.
1900[21:30:59] <TuxCrazy> I will use the appimage.
1901[21:31:21] <TuxCrazy> I am using the appimage of the previous version. That works.
1902[21:31:33] <TuxCrazy> the latest one seems to have some problem.
1957[22:31:00] <gpunk> hmm, it could be done by unloading the driver :p
1958[22:31:10] <gpunk> but only in Linux :)
1959[22:31:35] <gpunk> so electrically the connection is there, but no data is handled :)
1960[22:31:38] <foul_owl> Ahhh it can only be done for all usb devices, not per usb port?
1961[22:32:34] <gpunk> I bleive so ... since unloading the driver, means the kernel doesnt use USB anymore
1962[22:32:38] <foul_owl> Bascially I need to be able to 1. shut off the data to a port 2. plug in my device 3. wait for the usb device to boot 4. turn data on for the device
1963[22:32:53] <foul_owl> Gotcha
1964[22:33:09] <gpunk> ... this could be an X/Y problem,
1999[22:37:09] <greycat> Why is that when you give someone a correct, efficient answer, the first thing they do is reject it and demand a broken one...
2006[22:38:15] <gpunk> it is a new sport to systematically contradict the interlocutor
2007[22:38:15] <n4dir> neilthereildeil: mywiki.wooledge.org -> UsingFind has quite a few good examples for find, where you will usually find what needs to be done.