130[02:54:58] <icypee> i tried that on xfce and gnome and they both didn't work
131[02:55:07] <sney> !doesn't work
132[02:55:07] <dpkg> "Doesn't work" is a vague statement. Does it sit on the couch all day long? Does it procrastinate doing the dishes? Does it beg on the street for change? Please be specific! Define 'it' and what it isn't doing. Give us more details so we can help you without needing to ask basic questions like "what's the error message?". Ask me about <smart questions>, <sicco> and <errors>.
133[02:55:43] <icypee> i tried installing fprintd on xfce and gnome and the prompt to scan my fingerprint wouldn't appear
134[02:57:59] <sney> did you identify your model of reader, and whether fprint supports it, and if you need to do anything else? remember #debian can't see your screen or read your mind, so it's best if you say what you already tried
135[02:58:24] <icypee> yes it supports it
136[02:58:34] <icypee> it reads my fingerprint in fprintd-enroll
307[07:18:24] <cheater> hi. in dpkg-query, what's the difference between Status-Status and Status-Want? my guess is that "Status-Status: installed" means that the package is installed right now, while "Status-Want: installed" means it's either installed now or will be installed after some sort of job runs, but I don't really know how that works exactly.
356[08:33:14] <themill> cheater: dpkg --set-selections is one of the places where selection state doesn't match state; partly failed package installations or removals is another
470[10:48:59] <otisolsen70> I just got an OOM event last night. Appearently triggered by dhcpd (kernel: dhcpd invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), nodemask=(null), order=0, oom_score_adj=0) Are there any resion why dhcpd would take up a huge amount of memory?
471[10:49:07] <otisolsen70> Possible memory leak?
472[10:49:56] <azeem> dhcpd just triggered it, it doesn't mean that it takes huge amounts
473[10:50:22] <azeem> probably best to pastebin the whole message (there should be more lines following with diagnostics), though those are pretty hard to decipher IME
474[10:50:28] <azeem> !paste
475[10:50:28] <dpkg> Do not paste more than 2 lines to this channel. Instead, use for text: replaced-url
476[10:51:03] <azeem> Lope: doesn't look like that noise-repellent is packaged?
521[11:02:17] <Haohmaru> jelly lv2 is a kind of linux-ish audio plugin format, so there would be host programs that load these, and a pile of lv2 plugins
526[11:03:03] <Haohmaru> Lope you just uhm.. install it and then make your host refresh/rescan for new plugins
527[11:03:10] <Haohmaru> it should just work(TM)
528[11:03:25] <uos_lyn> ksk: It is a Qt bug, and Qt official has been submitted to the patch that has been repaired, but there are not yet Patches in debian, so We want to submit it to Debian as well
537[11:09:16] <Haohmaru> check your host, who knows how it does it.. other plugin formats usually require manual rescanning because dodgy plugins can often cause the Host to freeze/crash or what not
583[12:19:09] <wonderworld> hey, i am having problems with /etc/hosts. It doesn't seem to be honored at all. i have "hosts: files dns" in nsswitch.conf but still if i check a hostname set in /etc/hosts, still the external dns is used
584[12:20:58] <ratrace> wonderworld: pastebin your hosts file, I bet it's in wrong format
635[13:38:44] <otisolsen70> gpunk, huh? I want something that takes a folder with photos and generates static html/css/javascript + thumbnails, etc. that I can put on a webserver (or browse locally) as a web gallery
636[13:39:04] <otisolsen70> gpunk, something like lazygal for example. Howerver, I would like something that is better or more modern.
646[13:47:37] <otisolsen70> So anyone know of any good static gallery generators that work on debian? Preferably something that is packages and apt-getable. But if something is fairly small and self-contained that will work also.
649[13:50:15] <otisolsen70> I found 'sigal' which looks promising: replaced-url
650[13:50:25] <gpunk> lol I love kiddos that run their mouth ONLY to contradict others ... did you type coppermine gallery on a search engine ? we are not here to spoonfeed you
660[14:01:52] <shtrb> CommunistWolf, if it's in fact DHCP-PD ,does it mean I should have an IPv6 lease file somewhere ?
661[14:03:24] <teo7> Hi, I've a wifi firmware missing problem.. i already added non-free source list and i installed firmware-linux-* and firmware-iwlwifi, but nothing..
662[14:03:24] <teo7> Then I also tried "modprobe -r iwlwifi; modprobe iwlwifi" but again nothing is changed.
663[14:03:25] <teo7> maybe there is some problem loading the downloaded modules
710[14:52:53] <jelly> uos_lyn: you'd typically file a bug report, add a pseudo-header Tag: patch, and attach or link the patches; it's not likely to get fixed in Debian 10 unless it's really really important, but it will get integrated in dev branch for the next release
711[14:53:07] <jelly> oops, that was supposed to be sent hours ago
727[15:03:15] <uniqdom> Hello, I'm seeing the message "Current command vanished from the unit file, execution of the command list won't be resumed" in some systemd unit file. what's that
738[15:15:44] <Frowney> I am running debian and want to put an xmodmap command into the User's session startup script? where can i find this on debian?
739[15:16:09] <ratrace> Frowney: ~/.xsessionrc
740[15:16:15] <Frowney> I researched this topic, and online they suggested just dropping a script into /etc/init.d/
741[15:16:26] <Frowney> ratrace thank you sir/madam
789[15:54:36] <Frowney> do i need to make it executable for it to work?
790[15:54:47] <ratrace> (and I don't know xmodmpa enough to tell if you that specific invocation will do what you want it to do)
791[15:54:59] <ratrace> Frowney: you don't, it's sourced
792[15:56:07] <greycat> I missed some of the context, but a systemd service would be *counter*productive if you're trying to modify an X session, as it won't run inside the X session.
793[15:56:20] <greycat> The traditional "shell-sourced dot files" approach is what you want.
794[15:57:23] <Frowney> my command works great in the terminal but am struggling with making it work, I will reboot to see if it it works after taking the shebang out and making it not an executable
795[15:57:24] <Frowney> brb
796[15:58:16] <Frowney> oh another question, i want to use the option _netdev in /etc/fstab to only mount these devices i mounted there _after_ my connection has been established, but it wont mount them after
797[15:58:19] <greycat> a shebang in a sourced dot file is ignored by the shell (the # makes it act like a comment), and the execute bit is likely also ignored
798[15:58:30] <greycat> likewise*
799[15:58:31] <jelly> ratrace: yes, server-side search does wonders
800[15:58:54] <Frowney> greycat so rebooting is moot without any further modifications?
801[15:58:57] *** Joins: mezzo (~mezzo@replaced-ip)
802[15:59:01] *** debhelper sets mode: +l 1192
803[15:59:17] <greycat> you wouldn't need to reboot anyway, just log out and log back in (or restart X, if you're doing startx)
804[15:59:31] <Frowney> can i put a sudo mount -a in that same .xsessionrc to remount my mounts?
805[15:59:34] <greycat> and for the _netdev thing,
806[15:59:35] <greycat> !auto
807[15:59:35] <dpkg> Interfaces marked "auto" are waited for by things that wait for the network to be up (like systemd's network-online.target). "allow-hotplug" means the interface is removable or not always needed, so network-online won't wait for it.
808[16:00:15] <ratrace> Frowney: no, no sudo in .xsessionrc. you can do remounts in other ways, but you need to specify what exactly you want, if you want assistance with that
809[16:00:18] <Frowney> so i needed auto option not _netdev!
810[16:00:31] <greycat> ... god DAMN it
811[16:00:55] <greycat> dpkg, auto =~ s#"auto"#"auto" in /etc/network/interfaces#
815[16:01:00] <ratrace> what auto what netdev? now *I* 've lost context :)
816[16:01:07] <greycat> !auto
817[16:01:07] <dpkg> Interfaces marked "auto" in /etc/network/interfaces are waited for by things that wait for the network to be up (like systemd's network-online.target). "allow-hotplug" means the interface is removable or not always needed, so network-online won't wait for it.
821[16:02:01] <ratrace> oh there was an interjected question.... I missed it
822[16:02:01] <Frowney> ratrace my bad :) in etc/fstab you can put the option _netdev, to signal that this is a network device that needs a network connection to be established
824[16:02:39] <Frowney> i misunderstood auto to be anoter possible option in etc/fstab but i know now that it is in /etc/network/interfaces
825[16:02:40] <greycat> and "wait for a network connection" means "wait for each interfaces designated as 'auto' to be brought up"
826[16:02:43] <ratrace> Frowney: yes I know that, but I don't know what exactly you want to achieve; you mentioned sudo mount for xsessionrc, and that's most definitely wrong thing to do
832[16:04:22] <greycat> which is stupidly debian's default
833[16:04:46] <Frowney> I am just greatful people even put in all this effort to creat something as beautiful
834[16:05:41] <Frowney> greycat to let fstab do that the _netdev is the wrong option, but instead i need to use auto in interfaces, correct?
835[16:05:46] <ratrace> Frowney: so you need what greycat said. auto in interfaces(5) and _netdev in fstab. netdev, btw, creates an implicity dependency on remote-fs.target which, I think, is implicitly dependent on network-online.target
836[16:06:00] <ratrace> *implicit
837[16:06:41] <ratrace> Frowney: you need both. auto to get the interface up on boot, and _netdev to designate the boot dependency
838[16:06:55] <ratrace> (dependency of the mountpoint on network)
839[16:07:17] *** Quits: endstille (~endstille@replaced-ip) (Quit: I'll be back.)
843[16:08:00] <Frowney> this option in interfaces(5) <greycat> dpkg, auto =~ s#"auto"#"auto" in /etc/network/interfaces# got it
844[16:08:01] <greycat> Debian sets up all interfaces (ethernet and wireless) as "allow-hotplug" by default, which breaks any kind of traditional server or workstation setup where you mount stuff at boot time after the (ethernet) network is up.
845[16:08:58] <greycat> On the server end, it breaks mountd because DNS isn't up at the time mountd slurps up all the hostnames in /etc/exports and tries to resolve them.
846[16:09:44] <gpunk> Please do not put system commands in .xintitrc .bashrc ... etc that is not a good practive, FYI, if you are using NetworkManager, there is a service called NetwManagerWaitOnline thingy, you can use it by playing with the orders/dependencies, that is the linux/unix way
847[16:10:07] <ratrace> Frowney: wait, that was an instruction for the bot to replace in factoid.... you need just "auto eth0" instead of "allow-hotplug eth0" , without quotes, on one line, assuming your interfaces is eth0, and if not, replace with what it actually is
848[16:10:11] *** Quits: JohnML (~john1@replaced-ip) (Remote host closed the connection)
896[16:39:58] <Frowney> neither the xmodmap in .xsessionrc nor the addition of auto eth0 in my intefaces worked, I think I should study X window system and Networkmanager instead of retrieing. thank you again for your help earlier
898[16:41:01] <ratrace> Frowney: addition? not replacement?
899[16:41:33] <ratrace> Frowney: and is your interface _really_ named eth0 ?
900[16:41:36] <Frowney> the file was empty, naming the interfaces.d folder as source(which i checked is empty)
901[16:41:48] <greycat> a) is this *real* Debian, or something else? b) is eth0 actually your interface name? c) are you running GNOME or some other desktop environment that might undo your xmodmap changes?
902[16:41:54] <Frowney> ratrace i got the name off of ifconfig
903[16:42:04] <greycat> what file was empty??
904[16:42:08] <ratrace> Frowney: is this devuan really?
905[16:42:22] <Frowney> interfaces(5)
906[16:42:43] <Frowney> yes i am running gnome
907[16:42:44] <greycat> if /etc/network/interfaces was empty then you are not using interfaces(5) which means you are using SOMETHING ELSE to configure your network
913[16:43:45] <greycat> To fix *what*!? I don't know what your goals are. I do know that GNOME loves to take full control of everything and will not let you (for example) set up your own mixed locale variables.
914[16:43:58] <Fox> Frowney: answer greycat's first question: are you running real/stock debian ?
915[16:44:14] <greycat> I wouldn't be shocked to learn that it also undoes all keyboard/mouse changes made by xmodmap, but I don't *know* for sure whether it does.
916[16:44:47] <ratrace> the choice of DE is irrelevant. The question is only where do you configure your network. Typical configuration with something like gnome is to have interfaces(5) manage your ethernet via dhcp, and NM then does wireless and maybe other transient, dynamic interfaces
917[16:44:50] <jelly> I'm not sure xmodmap has effect if they're accidentally on wayland, and if it does, it might be per-app
918[16:45:04] <ratrace> oh good catch, jells
919[16:45:20] <jelly> it's not a catch, it's a WAG
920[16:45:24] <ratrace> heh
921[16:45:30] <greycat> ratrace: there are multiple questions being asked simultaneously and they don't have anything in common. The xmodmap changes apparently have something to do with desired customizations of the X environment, but who the hell knwows whether they're even running X. It could be Wayland.
922[16:45:36] <jelly> based on how my Ubuntu laptop behaves
923[16:45:54] <ratrace> jelly: good nonetheless, it takes getting used to that gnome session is wayland by default if the gpu drivers permit it
924[16:45:55] <jelly> (each X app has its own keymap)
925[16:46:04] <gpunk> Frowney: I already tald, do not mix USER scripts and especially NOT Xorg with mounting FSs, NM manager Wait Online IS made exactly for that: WAIT for the network to be UP to DO things
926[16:46:09] <ratrace> greycat: indeed
927[16:48:45] <greycat> I'm not sure how one would even go about getting an empty /etc/network/interfaces on a Debian installation. Even if you use N-M, isn't loopback (lo) configured in /e/n/i?
928[16:48:45] <ratrace> afaik it is
929[16:48:45] <jelly> IIRC ifupdown sets up lo even without it (or systemd does, don't remenber)
931[16:48:49] *** Quits: Frowney (~user@replaced-ip) (Remote host closed the connection)
932[16:48:51] <ratrace> actually looking at mine (I use networkd), it's not empty, there's no lo. but ther IS a comment and source of /etc/network/interfaces.d/*
940[16:51:05] <ratrace> and huh.... one buster installation has "source /etc/network/interfaces.d/*", that's using the installer. and debootstrap'd servers have "source-directory /etc/network/interfaces.d"
943[16:51:46] <jelly> perhaps you had a new debootstrap
944[16:52:31] * jelly never heard of source-directory
945[16:52:50] <Frowney> I think I will do myself a better service if i just learn about networkmanager and gnome and how to uninstall xwayland and install real x
946[16:53:01] <Frowney> i am sorry for the grief, pls excuse me
947[16:53:06] *** Quits: Frowney (~user@replaced-ip) (Remote host closed the connection)
948[16:53:36] <ratrace> now there's a wrong premise to ragequit on.
998[17:42:37] <unixbsd> Can I run MS-Team to make phone calls, using DEBIAN Stable running on the PS4 (playstation) ?
999[17:43:34] <greycat> That is a huge twisted mass of mini-questions.
1000[17:44:30] <azeem> also probably best addressed to Microsoft and Sony
1001[17:44:36] <greycat> I count at least three: (1) can Debian stable be installed on the playstation 4 (2) can MS-Team run on Debian on the Playstation 4's architecture, whatever that is (3) can MS-Team make phone calls
1002[17:44:41] <sney> google says it's amd64, so as long as MS has a compatible binary it should be like running it on any other modern-ish pc
1003[17:44:49] <azeem> yes to (3)
1004[17:45:03] <azeem> well, Voip-like calls
1005[17:45:23] <azeem> and yes, there's ms teams .debs for amd64
1006[17:45:44] <ratrace> sounds like fake question
1007[17:45:55] <unixbsd> i am serious, i am unix master
1008[17:46:05] <ratrace> anyone knowing how to install linux on ps4 would know the answer to this one.
1009[17:46:23] <sney> sounds like you didn't take a minute to test it, so either you're still hardware shopping, or?
1010[17:47:02] <ratrace> unixbsd: then you already know the answer, "master".
1011[17:47:52] <unixbsd> ratrace: do believe me? check that unix master ;) replaced-url
1012[17:48:21] <ratrace> so you're not even running debian? =)
1017[17:52:16] <n4dir> "do you run debian" "even slackware". The most odd answer i read in a few minutes
1018[17:52:36] <azeem> unixbsd: anyway, the answer is: if you get debian stable to run on your playstation 4 and sound/mic is working, then ms teams should probably work as well
1043[18:14:52] <shtrb> not doing outbound calls, also working on refular amd64.
1044[18:14:53] <shtrb> ratrace, still better then snap
1045[18:15:13] <ratrace> possibru.
1046[18:15:59] <shtrb> it would had been much better , that all that "packagers" would do wnpp and pack normal and nice debs
1047[18:16:28] <ratrace> but upstreams are making that very difficult. look at Chromium.
1048[18:16:53] <ratrace> so, containerized applications makes sense. just not snap. that's horrible, horrible, garbage tech.
1049[18:17:00] <shtrb> I would have even donated a 10 euro for them to pack that (and I sure as hell other would have chimmed in to make the effort better)
1050[18:17:00] <jhutchins> Cross-platform package management just doesn't work on so many levels. It's not that hard to run multiple packagers.
1051[18:17:11] <ratrace> and I'm not sold on fatpacks either. methinks appimage has the most advantage.
1052[18:17:17] <shtrb> chromium is not a good example
1053[18:17:28] *** Quits: chele (~chele@replaced-ip) (Remote host closed the connection)
1064[18:19:40] <jelly> doesn't really matter, it's an Electron app
1065[18:19:52] <shtrb> jelly,I want to see that in *DEBIAN* repos not on a external repo , with , who know what rules and flows
1066[18:20:05] <jelly> shtrb: I want a pony.
1067[18:20:13] <ratrace> you already have one!
1068[18:20:15] <jhutchins> The problem is with libraries and support programs not having cross-version compatibility, and with apps requiring a specific version of a library. This goes against the modular shared-library nature of Linux.
1072[18:20:55] <jhutchins> jelly: I can arrange for that to happen. There's one up for sale at this month's auction in KS.
1073[18:21:17] <shtrb> #debian is teaming up to get jelly a pony
1074[18:21:30] <ratrace> not THAT pony!
1075[18:22:04] <shtrb> I can help in delivering (know how to operate farm machinery )
1076[18:23:19] <jelly> shtrb: at some point you either trust the vendor, or don't use their product. MS have sane repos set up with valid crypto signage.
1077[18:23:49] <ratrace> but the software in those repos, on the other hand...
1078[18:23:52] <jelly> having it packaged in Debian doesn't improve a whole lot in security
1080[18:24:05] <jhutchins> Two of the most expensive words in English when used together: "Free horse".
1081[18:24:40] <shtrb> trust is not a boolean question, having a package inside debian mean the package behaves properly with debian and not just with the packager machine
1245[20:24:42] <roycroft> this time, installing debian 10.6, dmesg sees the elo accutouch device, but the x.org config thinks it's a wacom touch screen
1246[20:25:30] <roycroft> i was able to calibrate it wiht xinput-calibrator, although the calibrator spit out a few errors at first, but it's not working correctly
1247[20:25:38] <roycroft> likely do thinking it's a wacom, not elo
1272[20:35:07] <roycroft> the thing is, i'm much more experienced with bsd than linux, although i've been running linux on the server farm at work for several years now
1273[20:35:38] <roycroft> but i don't have to deal with custom kernels/drivers on the work machines
1276[20:35:44] *** disillusion is now known as RussianInterfere
1277[20:35:53] <roycroft> so i installed that xserver-xorg-input-mutouch package
1278[20:36:00] <roycroft> in case it might help
1279[20:36:17] <roycroft> but i don't see it when listing available drivers with modprobe
1280[20:36:18] *** RussianInterfere is now known as disillusion
1281[20:36:24] <ksk> Maybe someone else knows something and can help you out. Its about 7pm in Europe right now, I know that there is much more traffic in here the ten hours before.
1287[20:37:09] <roycroft> but i'm usually in the office by 6am local time, so i'll try early tomorrow if i don't have it sorted out by then
1288[20:37:17] <ksk> roycroft: soo, it is usb? what does lsusb identify it as? IF you then google that, in regards to which driver/firmware/kernel-module/foo is needed, what is the picture?
1295[20:38:37] <ksk> I google a russian FTP offering "Linux Driver" :D
1296[20:38:56] <roycroft> i'll respectfully pass on that, thank you very much :)
1297[20:39:28] <ksk> okay I see, was just making sure we are on the same page here.
1298[20:39:45] <roycroft> while this machine will not be on the internet post-install, it will be controlling a large machine that is potentially rather dangerous
1301[20:41:25] <roycroft> the touchscreen worked fine with debian 8.x
1302[20:41:57] <greycat> if you still have that debian 8 system, or logs from it, check them and see what was being used, driver-wise
1303[20:42:13] <RoyK> (or just use debian :þ)
1304[20:42:27] <roycroft> and without meaning to offend anyone here, i never saw what the point is in the existence of ubuntu, other than to take debian and assign it completely different release version numbers and code names
1341[20:46:53] <roycroft> 1. that would be a 2-stage upgrade, and i have no idea if the debian 8 release i was running was close to the final one
1342[20:46:56] <jelly> roycroft: is it possible the wacom driver has subsumed the elo driver, and it's _supposed_ to be working?
1343[20:47:15] <roycroft> my experience has been that some of the package repositories disappear over time, so those upgrades of old systems can be challenging
1354[20:48:44] <roycroft> so to put things in perspective
1355[20:48:47] <roycroft> i'm not down right now
1356[20:49:08] <roycroft> i was not running the cnc controller with 8.x, decided to upgrade, and am now in a panic because i need it back
1357[20:49:19] <roycroft> this machine has never been in production
1358[20:49:25] <roycroft> it was a test build back then
1359[20:49:34] <ksk> roycroft: Mhhm? I read that as "install this drivers from our download area on your linux".
1360[20:49:54] <roycroft> and i'm now finishing up the hardware mods to the machine (the one being controlled), and am ready to finish the conversion from manual to cnc
1361[20:50:08] <roycroft> oh?
1362[20:51:03] <roycroft> sorry, i didn't go to that link when you posted it
1363[20:51:14] *** Quits: tommaso (~tommaso@replaced-ip) (Remote host closed the connection)
1364[20:51:14] *** Quits: CombatVet (~c4@replaced-ip) (Remote host closed the connection)
1365[20:51:24] <roycroft> i had dealt with elo before and they told me explicitly that they do not support linux and are not interested in even hearing about linux
1367[20:51:32] <roycroft> it appears they've had a change of heart on that
1368[20:51:49] <roycroft> or that the person i was dealing with got through their bad hair day
1369[20:52:06] <jelly> ksk: vendor-provided drivers are usually a) horrible b) horribly old, then someone sane puts lots and lots of patches on them and updates them for a recent kernel
1400[20:55:31] <dpkg> debsums is a utility that will check a package's files against their checksums. The "-a" argument will instruct it to also check configuration files: "apt install debsums; debsums -a -s". Almost all packages come with md5sums included in the package or apt will have generated them for you; generate missing ones with "apt-get install --reinstall `debsums -l`". Ask me about <md5sums>.
1409[20:58:46] <bioFart007> hello everyone, had a locale question. "locale: Cannot set LC_ALL to default locale: No such file or directory" is the message i get when trying to install or update anything on machine
1410[20:59:18] <greycat> !locales
1411[20:59:18] <dpkg> Use 'dpkg-reconfigure locales' to get it up and running. This generates <locale> definitions and also edits /etc/default/locale which sets the $LANG environment variable at login time. Use "LANG=C command" to change the output language for a one off command, ask me about <localised errors>. See also <mac locales>. replaced-url
1414[20:59:47] *** Quits: electro33 (uid613@replaced-ip) (Quit: Connection closed for inactivity)
1415[21:00:16] *** Quits: Vizva (~Vizva@replaced-ip) (Remote host closed the connection)
1416[21:00:20] <RoyK> greycat: shouldn't that also list installing the locales-all package in case you're in a hurry and can afford to waste a wee bit of diskspace?
1417[21:00:30] <bioFart007> i reconfigured and generated locales
1418[21:00:31] <jelly> bioFart007: what does "locale" command say in the same shell that you try to install stuff in?
1430[21:03:11] <jelly> ^ will tell you which locales are available
1431[21:03:13] <bioFart007> i can't its on another computer
1432[21:03:27] <jelly> !pastebinit
1433[21:03:27] <dpkg> A command-line tool to send data to a <pastebin>. To paste e.g. your sources.list do "apt-get install pastebinit; pastebinit /etc/apt/sources.list"; to paste the output of a program do e.g. "dmesg 2>&1 | pastebinit". For a list of pastebin sites do "pastebinit -l". See also <pastebinit config>, <nopaste>.
1434[21:03:28] <greycat> that computer is not connected to the internet?
1441[21:04:58] <bioFart007> its connected to the internet
1442[21:05:10] <bioFart007> but i can't install anything on it because of this locale issue
1443[21:05:14] <greycat> then you can use termbin.com and so on
1444[21:05:23] <jelly> bioFart007: do you maybe have curl installed?
1445[21:06:29] <jelly> bioFart007: how do you become root? Do you use sudo with your installation attempts, or do you first open a separate root shell somehow?
1447[21:06:43] <bioFart007> its redribbon if that means anything to anyone
1448[21:06:57] <jelly> dpkg: redribbon
1449[21:06:57] <dpkg> jelly: I wish you would RTFM.
1450[21:07:04] <jelly> sorry
1451[21:07:34] <greycat> google seems to say it's a Linux distribution
1452[21:07:41] <greycat> Introduction. Red Ribbon GNU/Linux for PS3 is a new PPC64 GNU/Linux distribution with support for Cell/BE, designed for Sony PS3. It is based on Debian GNU/Linux,
1453[21:07:47] <greycat> so, we probably can't help you
1454[21:07:50] <jelly> bioFart007: does "env LC_ALL=C apt-get install curl" work
1463[21:10:56] <ksk> bioFart007: It is totally offtopic in here, but it seems to me that there only was this 2011 release of "Red Ribbon GNU/LINUX", and there are no repositories or so available (anymore?).
1464[21:11:08] <greycat> (they left)
1465[21:11:09] <jelly> a PS3 is like what, $50 on ebay?
1522[22:03:48] <eyJhb> If I want to run kernel 5.7 on Debian 9.5 (stretch), but apt-update, apt-cache search only shows 5.9, how would I go about doing that?
1527[22:04:18] <sney> I don't think there ever was a 5.7 for stretch, though. just buster-backports and up
1528[22:04:38] <sney> still, kernels are pretty self-contained, so a snapshot 5.7 could work anyway
1529[22:05:48] <eyJhb> Hmm, weird. These servers are kinda weird in general
1530[22:06:00] <eyJhb> Praying for a reinstall, but given a little to survive for now
1531[22:06:06] <ratrace> what's so specific about that version?
1532[22:06:48] <eyJhb> Have two servers, the other has that version and works. Basically I do not want 5.9, as that requires virtualbox 6.x, and the software is not tested with that
1543[22:09:56] <eyJhb> I might be blind, but I cannot find it sney replaced-url
1544[22:10:02] <eyJhb> Just did a curl to make sure...
1545[22:10:08] <eyJhb> Oh...
1546[22:10:10] <eyJhb> Sorry
1547[22:10:47] <sney> yes, binary
1548[22:11:01] <uniqdom> I'm running a simple python script using systemd. The program starts correctly, but I'm unable to stop it using 'sudo systemctl stop app.service'. what could be the problem? The .service is this one: replaced-url
1550[22:12:04] <ratrace> uniqdom: why are you unable? what does it say when you try?
1551[22:12:07] *** Quits: Jerrynicki (~niklas@replaced-ip) (Remote host closed the connection)
1552[22:12:46] <uniqdom> the service seems to be stopped as I'm seeing it in journalctl. But I still see the python script running using ps aux
1553[22:13:07] <ratrace> uniqdom: is the app forking?
1554[22:13:19] <uniqdom> it has some threads
1555[22:13:21] <sney> uniqdom: there should be a field where you can set the dir to run from. I suspect that chain of commands in ExecStart is causing systemd to pick up the wron pid for the service
1556[22:13:21] <ratrace> and why do you set KillMode like that? why not leave the default
1557[22:13:46] <ratrace> sney: Type=simple, doesn't care about pidfile
1558[22:14:03] <uniqdom> oh sorry about that KillMode, I was trying to kill it somehow
1559[22:14:07] <uniqdom> i will remove KillMode
1560[22:14:29] <uniqdom> ratrace: should I change the Type?
1586[22:24:16] <ratrace> that's the one then. sney way on the money, I misread what they wrote, thought they meant pidfile.... usually meaningful for type=forking
1595[22:28:39] <greycat> The main point is that you are *not* writing a shell script to do all the setup. This isn't sysv-rc. You need to use systemd's internal features for all the setup (env vars, working directory, UID, GID, resource limits, ...) and then directly execute the ONE command that you need.
1597[22:29:13] <greycat> Sure, there are ways to work around that or fudge things, but try to do it right the first time. It'll save you a lot of headache.
1598[22:30:52] <karlpinc> I'm running xfce4-terminal. Sometimes when I ssh to a remote system which requires a password, I can't login. But I always seem to be able to when I stat a new terminal window. I'm always pasteing the password with the middle mouse button. Is there something that a terminal window might do to mess up middle-mouse-paste of a password?
1599[22:31:02] <karlpinc> s/stat/start/
1600[22:31:27] <greycat> did you try pasting directly at a shell prompt to see what's actually in the buffer?
1601[22:31:40] <karlpinc> Yes. it always seems to come out right....
1602[22:31:53] <roycroft> i don't know why that's happening to you, karlpinc
1603[22:32:01] <roycroft> but i would recommend not using passwords with ssh
1604[22:32:01] <karlpinc> I can be able to login in one window and not the one right next to it.
1605[22:32:04] <roycroft> use key exchange instead
1606[22:32:16] <roycroft> ssh-copy-id
1607[22:32:22] <karlpinc> roycroft: I am using key pairs. Sometimes a password as well.
1608[22:33:08] *** Quits: platvoeten (~platvoete@replaced-ip) (Remote host closed the connection)
1609[22:33:39] <ratrace> karlpinc: first of all, if you're allowing passwords, then your keys have ZERO security advantage
1610[22:34:10] <ratrace> second, please define "can't login" .. what error message exactly do you see?
1611[22:34:14] <karlpinc> I'm pretty much flailing around trying to figure this out. I've also thought that maybe some firewall hates me, and there's some sort of local-side port that's being re-used or something.
1622[22:35:33] <BCMM> ratrace: i am trying to make you realise that what you said has nothing to do with what karlpinc said
1623[22:35:42] <karlpinc> Lets move on.
1624[22:36:01] <ratrace> I beg to differ: "22:32 < karlpinc> roycroft: I am using key pairs. Sometimes a password as well."
1625[22:36:34] <karlpinc> As well as a key.... Anyway....
1626[22:36:39] <ratrace> also "I see password failure in the logs."
1627[22:37:12] <greycat> I'm guessing however you set up this gnetto two-factor authentication scheme might have some bugs in it.
1628[22:37:27] <ratrace> anyway, if you're using passwords and sometimes they fail until you start a new terminal? I'd look at locale or keymap settings
1629[22:37:31] <karlpinc> ratrace: Yes. I'm worried about something messing with my paste. Somehow. I can't figure out why the same password works sometimes and not others. Maybe it's the remote end. But maybe not.
1630[22:37:53] <greycat> You can rule out the paste issue by typing the damned thing.
1631[22:38:08] <greycat> If you can't type it, then it's not a password. It's a freaking second key.
1632[22:38:23] <karlpinc> greycat: Possibly. The ssh part is simple: AuthenticationMethods publickey,password
1633[22:38:45] <karlpinc> greycat: Good point. I'll try.
1634[22:39:02] <ratrace> eh pasting passwords
1635[22:39:24] <karlpinc> (That's why I use irc, to discover the obvious.)
1637[22:40:00] <karlpinc> ratrace: Yeah. But I just don't want to type 20 or 30 random characters.
1638[22:40:13] <ratrace> why not use just keys then....
1639[22:40:29] <karlpinc> ratrace: Because I want to require _both_ keys _and_ a password.
1640[22:40:50] <karlpinc> (key first)
1641[22:41:10] <ratrace> karlpinc: but this defeats the purpose.... ALSO, as I said, having BOTH keys and passwords (and I'm assuming you're NOT talking about privkey passphrase) does not increase security one bit
1642[22:41:32] <ratrace> or if you ARE talking about privkey passphrase, then use the ssh-agent and unlock it ONCE on login to your local user session
1645[22:42:28] <karlpinc> ratrace: Sure it does. You need a key, and a password. Nobody memorizes their key. So you need a device, and a password. 2 things are more secure than 1 thing.
1646[22:43:33] <ratrace> apparently you're not memorizing your password either. and I'm really failing to understand what exactly you're doing there. some kind of 2fa?
1647[22:43:47] <karlpinc> Yup. 2fa.
1648[22:43:49] <greycat> I called it ghetto two-factor authentication and I think I'm on the mark here.
1649[22:43:51] <ratrace> or are you REALLY talking about privkey passphrase and not PasswordAuthentication=yes
1650[22:43:56] <karlpinc> Right. I need 3 things.
1651[22:44:21] <ratrace> sounds overly convoluted for zero actual gain
1652[22:44:21] <karlpinc> ratrace: I am not talking about putting a password on a private key.
1653[22:44:46] <greycat> A password that you can remember or type is just a slightly longer key.
1654[22:44:49] <greycat> can't*
1655[22:44:55] <karlpinc> ratrace: Yes. If I were to memorize my passwords. But I only remember the most used.
1656[22:45:28] <ratrace> if you have a 2048 bit key, and a 20 char password (160bits) ... it's weaker than havign a single, say, 4096key key
1658[22:45:39] <karlpinc> greycat: Sorta. That's a matter of how I manage my passwords, which I'm not really interested in discussing.
1659[22:45:40] <ratrace> * 4096 bit
1660[22:45:53] <karlpinc> ratrace: Sure, if the only threat model is a brute force attack.
1661[22:46:19] <ratrace> and what other threat model is there then?
1662[22:46:44] <greycat> also, 20 typable characters is less than 160 bits
1663[22:46:46] <karlpinc> ratrace: If, on the other hand, the threat model is you lose your laptop which does not have an encrypted drive and there are no passwords on the private keys then the attacker has little work to do.
1664[22:47:01] <ratrace> that's solved with privkey passphrases. so put passphrases on the privkeys, duh.
1665[22:47:18] <ratrace> I'm with greycat on this one. ghetto 2fa that actualyl does NOTHING
1666[22:47:45] <greycat> apparently it succeeds in keeping him out at random
1667[22:48:10] <ratrace> I mean I'm literally having a jackie_chan_meme.jpg moment here. you're not putting passphrases on privkeys and then you're convoluting something somethign fake 2fa to protect AGAINST very use case where privkey passphrases ARE useful?!
1668[22:48:14] <roycroft> i acl access to ssh, so random people from random place can't even try to connect
1669[22:48:25] <roycroft> and i encrypt anything senstive on portable devices
1670[22:48:27] <ratrace> WHAT
1671[22:48:33] <roycroft> if you have a laptop you should encrypt your home directory
1672[22:49:18] <roycroft> when i need to access a network i manage and i'm some random, remote place, i vpn in, which avoids the acls
1673[22:49:30] <ratrace> and even if you don't..... just use a privkey passphrase, it's LITERALLY doing the same thing you're faking with that ghetto 2fa, BUT actually makes it work
1674[22:50:03] <roycroft> linuxcnc
1675[22:50:54] <karlpinc> ratrace: Wrong. Because the number of bits of randomness is not the issue. The issue is: how hard is it to get the secrets?
1676[22:50:58] <ratrace> greycat: you're right, 20 typeable chars is less than 160 bits, as it's 7x20, not 8x
1677[22:51:16] <greycat> not even 7 either...
1678[22:51:19] <ratrace> karlpinc: extremely hard with a 10-ish char privkey passphrase
1679[22:51:23] <greycat> somewhere between 6 and 7
1680[22:51:28] <ratrace> NSA can't really crack it hard.
1681[22:51:48] <ratrace> it's so hard, nobody would actually bother, they'd just tie you up and hit you with a $5 wrench until you give up your passprhase.
1684[22:52:22] <ratrace> but you're not using privkey passphrase, so I don't see your point at all
1685[22:52:47] <karlpinc> How is an attacker going to get my passwords? How are they going to get my keys? They are kept separate. So one method won't work to get both.
1686[22:52:56] <ratrace> I'm talking how hard it is to get the secrets when you put a passphrase on your ssh privkey
1687[22:53:10] <ratrace> karlpinc: again, they'll tie you up and hit you with a $5 wrench until you tell them both
1688[22:53:28] <ratrace> and I'm literally not joking. that method is faster than trying to bruteforce your privkey passphrase
1690[22:53:30] <roycroft> i would give up the secret before the first blow on the head
1691[22:53:31] <karlpinc> I'm talking about whether it matters to have 2 separate secrets, accessed different ways.
1692[22:53:40] <roycroft> nothing's worth getting beat up over
1693[22:53:41] <karlpinc> But actually, I'm not interested in talking about it.
1694[22:53:41] *** Quits: CyberManifest (~CyberMani@replaced-ip) (Remote host closed the connection)
1695[22:54:20] <ratrace> karlpinc: apparently you are, you came here for help on your convoluted, you-broke-it-yourself, fake 2fa method. we're telling you, you can achieve the same level of security with a nice, typeable, no-need-to-paste privkey passprhase.
1696[22:54:34] <karlpinc> I interested in figuring out how to reproduce the problem so I can type in the password and see if the problem is related to middle mouse paste.
1697[22:54:38] <roycroft> karlpinc: i think folks here think you're silly and your mother smells like elderberries
1698[22:55:29] <greycat> "roy" croft sounds french, so beware, or he will taunt you a second time
1699[22:55:37] <karlpinc> ratrace: A private key passphrase is not enforceable. I can't make people put passwords on their private keys. I can make them type in a separate password when they use their key.
1700[22:55:41] <roycroft> i'm new to this channel, though, so i'm not going to swear to that
1703[22:56:10] <noisemaker> Trying to install debian I get "Failed to install the base system \ The base system installation into /target/ failde. \ Check /var/log/syslog or see virtual console 4 for the details" How can I debug this really ?
1704[22:56:10] <ratrace> karlpinc: you also can't make them NOT write your convoluted 20 char passphrase, on a post-it note on their computer screen
1705[22:56:22] <ratrace> do yo see my point now? convoluted for zero actual security gain.
1711[22:57:18] <karlpinc> roycroft: As it happens, yes. What that matters I don't know.
1712[22:57:20] <ratrace> the stronger you make your security by making people do some work, the WEAKER you make it as those people seek ways to reduce the work and, in the process, reduce security. this is security psychology 101, taught at 1st year NSA indoctrination course.
1713[22:57:24] <eyJhb> What is the difference between linux-image-5.9.0-1-cloud-amd64 and linux-image-5.9.0-1-amd64 ? I got it on kernel 5.7 now, but I want to install wireguard witout changing the kernel again.
1715[22:57:27] <roycroft> if that is the case it is absolutely guaranteed that they will write their convoluted password on a post-it note and attach it to the screen
1716[22:57:31] <roycroft> or ot their keyboard
1717[22:57:53] <ratrace> eyJhb: the former is supposedly optimized to run as a kvm guest
1718[22:57:54] <karlpinc> Except that I don't make them have long random password. Just something reasonably good.
1719[22:57:59] <roycroft> have you never interacted with end users before?
1720[22:58:23] <roycroft> "reasonably good" is their streetname followed by the year their daughter was born, to most users
1721[22:58:35] <karlpinc> roycroft: Sure.
1722[22:58:40] <ratrace> karlpinc: as a sysadmin of 20+ years, I'm guaranteeing you, people will write your passphrases around.
1723[22:58:52] <eyJhb> ratrace: So I am guessing, if I accept that, then it will install kernel-5.9, and then it will update grub and use that kernel instead?
1724[22:58:53] <karlpinc> roycroft: Hence, the requirement of a key pair.
1725[22:59:04] <ratrace> if you're really concerned about user users going rogue or getting compromised, with an SSH access, you secure other layers
1726[22:59:22] <roycroft> the person who reads the sticky note on the screen will have access to the key
1727[22:59:36] <roycroft> because they'll be sitting in front of the computer
1728[22:59:40] <ratrace> noisemaker: you can ctrl-alt-F4 to get to tty4 and see what it says
1730[23:00:13] <ratrace> eyJhb: wait, I lost the context of what you're asking. if you accept _what_?
1731[23:00:50] <eyJhb> ratrace: Ohh sorry, if I install wireguard and it wants to install the linux-image-5.9.0-1-cloud-amd64, then it will update grub and I will be on that kernel, right?
1732[23:01:00] <eyJhb> If I agree to do so
1733[23:01:08] <ratrace> roycroft: in the company I work for, my business partner, ie. a top echelon personnel, used password "onlyiknowit1"
1734[23:01:17] <noisemaker> ratrace: that keys combination doesn't work
1741[23:02:43] <karlpinc> ratrace: So there's no point in putting a password on a private key then?
1742[23:02:51] <ratrace> so if I were so concerned, I'd go the other wa around and distribute PRIVATE keys too, that you yourself generated, and protected with a reasonable passphrase that people will still write on post-int notes
1744[23:03:53] <ratrace> karlpinc: it's generally better to protect key with passphrases
1745[23:04:36] <karlpinc> ratrace: Yes. And it's generally better to require something you have and something you know. What works best in actual practice depends on the circumstances.
1748[23:04:46] <ratrace> noisemaker: did you try to restart the installation procedure? could be transient issue, could be hardware issue
1749[23:05:02] <ratrace> karlpinc: that's done with _actual_ 2FA then
1750[23:05:17] <ratrace> OpenSSH can do proper 2fa
1751[23:05:49] <karlpinc> ratrace: Find me a definition of 2fa that excludes having a plain-old password as one factor.
1752[23:06:04] <ratrace> how about a second device
1753[23:06:34] <karlpinc> ratrace: My passwords are on a second device. I have to plug it in to get them.
1754[23:06:42] <noisemaker> ratrace: Let me restart.Should be from the scratch?
1755[23:06:47] <greycat> Traditional 2FA is "one thing you have, one thing you know", and a memorized-and-typed password qualifies. This "random 20 to 30 character string" doesn't qualify.
1758[23:07:30] <ratrace> noisemaker: you're using the installer ISO, right? did you verify the checksum after download?
1759[23:08:03] <karlpinc> greycat: I just don't seeing you convincing me that there's difference in security between a password that's easily memorized and one that isn't.
1760[23:08:12] <ratrace> karlpinc: I thought you said this was a policy for other users; do they also have the passwords on a second device?
1761[23:08:31] <greycat> oh god, I missed more stupidity while I was off washing dishes...
1762[23:08:43] <ratrace> here's the thing with 2FA. the second factor protects the first, nothing else
1763[23:08:45] <noisemaker> ratrace: I did check it from all 3 hash's. debian-10.6.0-amd64-xfce-CD-1.iso
1764[23:08:49] <karlpinc> ratrace: I don't know what they do. I suspect they memorize their passwords, and have a device holding their key pair.
1765[23:09:06] <greycat> then you should be doing that too
1766[23:09:15] <greycat> sounds like your users are better at this than you are
1768[23:10:04] <ratrace> karlpinc: so if you enforced a proper 2FA with, say, yubikeys, you'd know 100% what the factors involved were
1769[23:10:25] <karlpinc> greycat: I have a different password for every password I've ever created. There's no way I'm going to memiorise them all.
1770[23:10:31] <ratrace> you'd know that there's literally two devices needed to log in. their laptops (for example) with the ssh privkey, and their yubikey as the second physical device
1771[23:11:12] <karlpinc> ratrace: That's not the security system I'm paid to maintain.
1775[23:14:16] <karlpinc> I'm not saying it's the most secure system possible. But it is more secure than just keys. Which is where we started the conversation.