6[00:05:52] <jhutchins> roycroft: Yes, cats can interact with touchscreens. In fact there are interactive walpapers and games specifically meant to entertain cats.
7[00:06:16] <jhutchins> roycroft: you need a moderately large screen. 8" is a bit small, 10"+ works better.
15[00:08:22] <jhutchins> roycroft: If your touchscreen is less than five and preferably less than three years old it should be fully supported in Linux.
18[00:09:20] <jhutchins> roycroft: At one point my job consisted of tracking down drivers for discontinued touchscreens and trying to get them to build on whatever flavor of Linux we were running that month (mostly Centos).
19[00:13:28] <tizef> Hi guys! Anyone who flashed his Bios with FreeDOS usb live from Debian?
28[00:23:30] <tizef> Yes my bios really bug, so I want to update it... From forum others complain about this bios version is actually 1.11 now have 1.16
66[00:41:08] <petn-randall> auk: `dpkg --configure --pending` should fix any remaining errors, and `apt-get install -f`. As long as there's disk space again.
67[00:42:08] <auk> petn-randall, thank you, gonna try that
180[01:37:44] <Abdullah> lol they just open windows for fresh air to come and enjoy air only while things are being done by some creepy hacker who installed some malware
185[01:39:01] <roycroft> but windows is so bloody hard to use, and even harder to admin
186[01:39:12] <Abdullah> Here in my country no one purchases windows. people buy a CD in 0.19 USD and install cracked version
187[01:39:26] <scrul00se> Abdullah: How about safely passing a password or unlocked ssh key from a regular user to root? Do you know if that's a doable thing?
188[01:39:48] <Abdullah> I never installed windows in my computers. linux was my first OS fortunately ;-)
198[01:42:59] <scrul00se> I use ed25519 for ssh, which works for me. But if I could find a safe way to get a key from gnome-keyring (because of the convenience of having it unlock with the user's login...
199[01:43:27] <scrul00se> ...to a keychain process running as root...
200[01:43:51] <Abdullah> I don't use gnome or some bloatware. I'm WM guy
201[01:44:04] <scrul00se> then I could make the whole thing totally transparent to a user such as my wife.
214[01:47:15] <Abdullah> xfce4 is fine. I suggested a guy to install debian. gave him XFCE4 iso image link. today he messaged me, he didn't like it and installed ubuntu ;-)
215[01:47:39] <Abdullah> I don't know if he was unable to do things or why he did that ;-)
216[01:47:53] <scrul00se> I learned a lot about ssh from here: replaced-url
219[01:49:14] <scrul00se> I like XFCE4, been using it for quite a while now. As for gnome bloatware, I just pay attention to what gets pulled in when I "apt install" something. If I don't like what I see, I hit "N"
220[01:49:31] <roycroft> i'll install something clean like mate
221[01:49:45] <scrul00se> *snerk*
222[01:50:07] <roycroft> i'm used to having what mac os calls spaces
227[01:51:18] <roycroft> i've been managing debian systems for many years, but always servers, not workstations
228[01:51:36] <roycroft> so debian + gui is kind of new to me, although i do run debian on my linuxcnc machine
229[01:52:29] <scrul00se> Um, I'm not familiar with macos, but... just your desktop gets full so you flip to virtual desktop 2, and it's a new empty space to fill with windows and then you can flip back and forth?
232[01:53:31] <roycroft> for exmple, i fill screen 1 with xterms, screen 2 has email client/contact manager/calendar, screen 3 has web browser, etc.
233[01:53:32] <scrul00se> Oh, most DE's will do that. I have four in my XFCE setup, but you can choose how many.
234[01:53:39] <roycroft> that way i'm not piling everything up in a single window
235[01:53:47] <roycroft> ok, i'll sort it out
236[01:53:50] <roycroft> thanks
237[01:54:20] <scrul00se> If you install a DE with 3d-acceleration support (*not* XFCE), you can set up flashy animations for switching them and everything.
238[01:54:34] <roycroft> my goal is to replicate my macbook pro environment as closely as possible, so that it will be easy to switch back and forth between machines
240[01:55:01] <Onyx47_> It's called virtual desktops or virtual workspaces, depending on the DE. And yeah, you need to set the number of them, though Gnome Shell has dynamic adding of workspaces, there are some extensions for KDE as well if you want that, not sure about other DEs
241[01:55:02] <roycroft> i'm not into flashy stuff much
242[01:55:07] <roycroft> i prefer functional
243[01:55:27] <roycroft> i've been using 9 "spaces" on mac os for years
244[01:55:27] <Abdullah> I have 10 workspaces in my setup
245[01:55:28] <scrul00se> Hah! Well, you're certainly not going to bend the mac to your will to mimic Debian. ;-)
246[01:55:44] <roycroft> i have multiple macs
247[01:55:48] <Abdullah> and accesing them is just super + ; key
248[01:56:01] <Abdullah> or just use mouse which I don't
249[01:56:11] <roycroft> even if i could, it makes more sense to me to have linux emulate the mac os environment than vice versa
250[01:56:14] <Abdullah> so full screen for one single program
251[01:56:16] <roycroft> less work
252[01:56:20] <Abdullah> plus I don't have a DE
253[01:56:34] <roycroft> well i have to beat this windows install into submission first
254[01:56:38] <scrul00se> I would just lose windows forever if I had ten virtual destops to keep straight.
255[01:56:42] <roycroft> then do the basic linux install
256[01:56:59] <roycroft> i have some windows apps that i need to use
257[01:57:04] <roycroft> so i can't get rid of windows
258[01:57:10] <Onyx47_> roycroft: there are tutorials to get it so close I managed to trick actual Mac users for good ten minutes as a joke, how far you want to go is up to you of course
259[01:57:24] <Abdullah> here is my setup. replaced-url
260[01:57:36] <roycroft> yeah, i installed linux mint on an old imac once and got it looking fairly like mac os
261[01:57:42] <scrul00se> I've got a *lot* of mileage out of dual-boot systems over the years.
262[01:57:46] <roycroft> (sorry for going off-topic)
263[01:57:47] <Abdullah> actually I loaded from playlist. lemme give you the short link, it might not be clickable
564[09:10:09] <khelair> good morning everyone. Can anybody tell me if debian 10 is the most recent version available for the cubieboard2 (ie armhf architecture)?
659[10:29:27] <khelair> hi everybody. I'm trying to install debian's armhf port. Unfortunately, the only monitor I have for this job is not exactly perfect, and it's not showing me the banner where it's supposed to show the installation login & password, and I can't find that damn info anywhere with google for some reason. can anybody help me find out that info?
660[10:29:35] <khelair> it would be very much appreciated!
672[10:34:47] <khelair> I'm not in the installer, I've just gotten the board to boot off of the SDCard from the image 'debian-10.6.0-armhf-xfce-CD-1.iso', it's giving me a standard username/password prompt
678[10:36:19] *** ellis8974 is now known as S3xyL1nux
679[10:36:35] <khelair> I assume that once I'm logged in I'll receive a message about what to run for the installer, or whatever would come next... I did this once, but it a was a long time ago, and my monitor wasn't as trashed at that point. Kids + electonics. :|
680[10:36:56] <themill> if it's going to a login prompt, then it's probably not booted off that installer image
689[10:42:23] <khelair> crazy, I thought they relied solely on the sdcard. it was not booting off of that. now to just figure out how to boot to there and hopefully this will all work out well!
690[10:43:38] *** Quits: auk (auk@replaced-ip) (Quit: Leaving)
691[10:43:39] <themill> Not sure about that hardware, but it's common enough that using debootstrap onto the card is better than using the installer.
692[10:44:13] <khelair> not sure how to go about that... do you know where I could find decent info on such, possibly?
694[10:46:08] <khelair> I'm seeing right now that cubieboard2 is supposed to try to boot from the sdcard first before its onboard storage. that would indicate that the media that I flashed probably isn't bootable, I assume? I just dd'ed over the .iso to my sdcard, should I be using another method?
702[10:47:50] *** Quits: Abrax (~Abrax@replaced-ip) (Remote host closed the connection)
703[10:47:52] *** Guest67174 is now known as S3xyL1nux
704[10:48:26] <khelair> I'm finding a whole lot on pxe/tftp installation, but I've scoured this doc awhile ago here and didn't find anything specific about how to write the image to an sdcard
706[10:48:50] <khelair> unless I should be using a u-boot image, perhaps
707[10:49:02] *** debhelper sets mode: +l 1164
708[10:49:13] <khelair> I did think that using an .iso format image for an sdcard sounded a bit off. this one looks like it uses a .img file, that seems a little more kosher to me
714[10:53:48] <jelly> khelair: depending on the version of uboot firmware used, those allwinner/sunxi SoC machines use the sd card as a kind-of /boot filesystem, has to be VFAT formatted with a config file and kernel and initrd in specific place. See #linux-sunxi channel and their wiki for installation methods or maybe #cubieboard
725[10:58:30] <khelair> I would assume it does. I am not looking to struggle with tftp this morning, though. I will I have to, but I know I can do this right from the sdcard as I've doen it before
726[10:59:46] <jelly> it's an old board, perhaps replaced-url
727[11:00:17] <khelair> I shall check those out, thank you
732[11:04:25] <jelly> > The images are provided in the form of a device-specific part (containing the partition table and the device-specific u-boot) and a device-independent part (containing the actual installer), which can be unpacked and concatenated together to build a complete installer image.
733[11:04:37] <jelly> oh that's a neat way to manage dtb I guess
734[11:04:58] <khelair> where are you seeing this at, if I may ask?
776[11:22:17] <khelair> heh this one, on the other hand, boots fine until it says that it's starting to read the kernel, then the screen goes dark and still has not come back up. bleh
778[11:23:32] <khelair> oh it was _armbian_ that I used before. hrm. I would really rather be on _debian_ specifically, but I may just have to fall back on this if this kernel issue doesn't resolve soon here
789[11:30:49] <Haohmaru> i'm looking into how to get a USB smartcard reader working (i actually only wanna see information from cards, not to authenticate with cards or anything practically useful), and everything i find points to some broken URLs on debian.org
793[11:33:01] <Haohmaru> i a bunch of programs that say "smartcard" including "cardpeek" and "pcsc-tools" and so far nothing.. they can't find a reader, yet i see it in lsusb
806[11:48:48] <ratrace> kats99: using startx requires permissions on all needed /dev/ nodes
807[11:49:20] <ratrace> requires *manually set and managed permissions, is what I mean. otherwies the DM in combo with logind, will deal with those
808[11:49:37] <ratrace> It's 2021 almost. Just use a friggin DM. :)
809[11:51:40] <kats99> there was no xorg.conf file before and i generated one using nvidia settings..i was able to use startx before..if i remove the xorg.conf file it will work but im trying to use the nvidia gpu here
810[11:52:04] <kats99> i was able to load the modules this time...
812[11:53:23] <kats99> xorg.conf.nvidia in etc/bumblebee
813[11:55:35] *** Quits: asymptotically (~asymptoti@replaced-ip) (Remote host closed the connection)
814[11:55:53] <Onyx47> you don't need the xorg.conf file to use nvidia's driver anyway, the modules just need to get loaded properly, and nvidia-driver package should do that for you
817[11:56:45] <Onyx47> or even nvidia's official installer if you're using that, which you should avoid unless you really, really need it for some reason
818[11:57:05] <ratrace> oh bumblebee changes everything. everything you know about setting up nvida on a system can be tossed out, when bumblebee is mentioned. :)
819[11:57:47] <Onyx47> oh goodie, that's still such a pain? didn't mess with switchable graphics for ages myself, is it still that bad?
821[11:59:20] <kats99> then it means that i have to run optirun for each and every program because even without xorg file i dont see the gpu being used
825[12:04:19] <ratrace> Onyx47: it is to my knowledge. I mean, I guess there's a way to get it all working, but definitely aint' out of the box auto setup anything.
829[12:10:01] *** Quits: dselect (~dselect@replaced-ip) (Quit: ouch... that hurt)
830[12:10:08] <Docscr> installed Konversation (IRC Client) Version 1.6-branch #4910 from KDE Frameworks 5.28.0, opened serverlist >>oh, nice, at least a "freenode" network preconfigured<< - alas I didn't feel at home at all, after much headdesking I found the actual server wasn't chat.freenode.net but irc.debian.sth - prettz rogue!
892[12:51:40] <adfeno> Hi all, in Icedove, how to increase font size of .conv-text (the input textarea that is bellow the chat history of IRC) ? I know I have to edit userContent.css or userContent.css and I have both working for other things, but it's notworking for .conv-text.
960[14:00:17] *** gigetoo_ is now known as gigetoo
961[14:01:10] <martinus__> apt question, let's say I issue 'apt install slapd', it would update 'libldap-2.4-2' as well, but is it expected to update 'libldap-common' (which is a dep of ''libldap-2.4-2' ? Asking because I issue the former command yesterday and today I got 'libldap-common' to update (but I don't remember if the latter package was pending yesterday).
1000[14:27:38] <dpkg> If you have a question, just ask! For example: "I have a problem with ___; I'm running Debian version ___. When I try to do ___ I get the following output ___. I expected it to do ___." Don't ask if you can ask, if anyone uses it, or pick one person to ask. We're all volunteers; make it easy for us to help you. If you don't get an answer try a few hours later or on replaced-url
1050[15:22:36] *** Quits: ov3rmind (~over0-07@replaced-ip) (Remote host closed the connection)
1051[15:22:37] <jhutchins> It's amusing that people still make administrative policies on their systems as if they have several hundred college students logging in to the system when in fact it's a single user environment.
1061[15:33:32] <ratrace> "single user" environment hasn't been the case in unix since its inception and isn't evne on a "single physical hooman operating the machine", with multitude of daemons, policy and permission separations, etc....
1062[15:33:44] <ratrace> otherwise one wants: MS|Free DOS.
1063[15:34:43] <ratrace> And if you use a browser, then you potentially have all kinds of different actual separate physical persons touching your system with their code as you browse random sites, in which case even DAC policies no longer cut it, and you need a MAC...
1069[15:36:18] <ratrace> shtrb: no thanks. even if I like the model in theory, there's a flurry of xen vulns once in a month it seems. so I'd rather DIY with kvm
1132[16:25:38] <Paerox> shtrb, Thanks for the link. So, "$ConfigDirectiveName" is legacy, and "command(%variables%)" are modern style, do I understand that correctly?
1133[16:26:42] <shtrb> yes
1134[16:27:18] <shtrb> legacy may be broken at any time soon
1180[16:57:23] <ratrace> jhutchins: but a *nix system is NOT a single user, even if single human is using it. the OS doesn't care if it's a human behind an uid or not
1186[16:59:37] <jhutchins> I guess people who have grown up in a GUI environment and have never logged in to a 1,000 user shell system have a different perspective.
1187[16:59:47] <greycat> We've got some workstations that are being used by multiple people simultaneously, due to the wonders of Covid-19.
1188[16:59:56] <greycat> VNC sessions for the users who are working from home.
1189[17:00:22] <jhutchins> greycat: Yech. Multi-VNC. My sympathies.
1190[17:00:58] <jhutchins> I think I'd take a different approach, but I have no idea what all the variables are.
1191[17:01:39] <n4dir> and full of wonders it all is, indeed.
1192[17:01:51] <ratrace> jhutchins: I think you mean the other way around. people grown up in a gui environment thinking they're the only "user" on the system, where in fact they aren't
1193[17:02:18] <n4dir> that would not be valid if you go for a cli only system?
1194[17:02:23] <ratrace> even a single UID can actually mean thousnds of physical people interacting with that system
1195[17:02:29] <jhutchins> I think I've encountered three use cases where VNC was a reasonable choice. Mostly there were better alternatives, but you pick your battles.
1197[17:03:04] <jhutchins> ratrace: You are looking at the system from an entirely different viewpoint, and that's part of the security problem..
1198[17:03:27] <greycat> Would you scream even louder if I told you they go through a Microsoft Windows "radmin" layer before running VNC on an internal Windows box to connect to the internal VNC session on the Debian box?
1199[17:03:32] <jhutchins> ratrace: People are securing public web services with local shell policies and expecting that to be effective.
1200[17:03:58] <ratrace> My viewpoint is actually security-centric, in which a singular human at a keyboard does not mean the system is running with ONE user, as far as security policies are concerned.
1201[17:03:59] <jhutchins> greycat: Nope, been there, already screamed as loud as I'm going to.
1202[17:04:53] <ratrace> (and frankly i'm not even concerned with single-human computers, I devise policies in which an UID is agnostic to the flesh or metal behind it)
1204[17:05:17] <ratrace> in that I don't care too much about UIDs at all, I prefer MACs instead of DACs
1205[17:06:14] <ratrace> and speaking of local shell policies, that's just aspect of the security , even for web servers.
1206[17:06:17] <jhutchins> I prefer WACs myself.
1207[17:07:02] <ratrace> see, people think "local exploit" only mean keyboard. while in fact, a RCE through, say, wordpress, turns EVERY "local" exploit on that machine into remote by virtue of allowing remote to execute any code they so desire, and in process, exploit the "local" privilege
1208[17:07:11] <ratrace> (... escalation vuln)
1209[17:07:51] <ratrace> I've actually had privilege (pun not intended) to observe a bot or something, maybe human, trying to exploit a kernel vuln through a WP exploit
1210[17:08:37] <ratrace> they were trying to download a remote file and exec it. while unfortunately the policy must allow WP to write files, even modify itself, and fetch files remotely (sigh...).... the MAC policy completly put a halt into that attempt to exec the code.
1212[17:09:18] <ratrace> so to be clear, the attacker was someone or somethigg, somewhere on the planet (the IP was .ru), exploiting a WP hole to launch second stage attack agains the kernel
1213[17:09:35] <ratrace> so you see, all those "local priv" policies can be tossed out because that person, or bot, just turned them all into remote vulns.
1215[17:10:29] <jhutchins> ratrace: When people apply security measures that are appropriate for publically exposed service systems to personal desktops, thinking they're being "security aware" it's just ... modern America I guess.
1216[17:11:25] <ratrace> depends on what the measures are. I treat my firefox as a hostile app that runs remote code that might try to exploit my system. And thus the AA policy and DAC policy below it, reflects that stance.
1218[17:11:52] <ratrace> (I write my own AA policies, the packaged ones are a joke)
1219[17:12:06] <zeedee> what is the proper way to restart networking? machine will not come back online unless i reboot
1220[17:12:16] *** Quits: milkt (~debian@replaced-ip) (Remote host closed the connection)
1221[17:12:22] <jhutchins> Meanwhile on another channel someone is worried about taking sufficient security measures on a machine that is not on a network.
1224[17:13:13] <ksk> jhutchins: if you have these internet coins on them, might be valid ;)
1225[17:13:25] <ratrace> jhutchins: but at the end of the day, treating FF that way, or the WP/php-fpm daemon, is effectively the same: you have running code which you're trying to isolate from a remote threat actor executing a successful first stage RCE. doesn't matter what the /usr/bin/<name> really is. both are exposed to a remote party.
1227[17:13:32] <zeedee> i had been doing sudo service networking restart
1228[17:14:05] *** Quits: xsisec_ (~xsisec@replaced-ip) (Remote host closed the connection)
1229[17:14:08] <ratrace> zeedee: the networking.service (which does the ifdown + ifup) applies if you're using the ifupdown framework, which is default on debian. are you using that?
1230[17:14:15] <ratrace> or perhaps networkd? network-manager? something else?
1231[17:14:17] <jhutchins> ratrace: See previous reference. No external connection. Not even local networking.
1232[17:14:18] *** Quits: dftxbs3e (~dftxbs3e@replaced-ip) (Remote host closed the connection)
1233[17:14:26] <ratrace> jhutchins: well that's different then, agreed
1239[17:16:28] *** Quits: szorfein (~daggoth@replaced-ip) (Remote host closed the connection)
1240[17:16:50] <jhutchins> ratrace: I have worked in environments where security lockdowns were appropriate. I managed servers that handled significant federal financial transactions, and had to argue for geo-ip blocking APEC and South American IPs.
1266[17:26:57] <zeedee> ratrace: yes, and yes. i understand that if networking service goes down so would ssh. I just expect it to show back up on the router after networking gets started again. But the machine never shows up, unless i reboot.
1268[17:27:52] <ratrace> zeedee: you'll have to look into the log files, maybe the service never gets back up for some reason. pastebin your config, could be something is breaking it
1269[17:28:16] <ratrace> but then it'd break on boot too, so this is a bit unusual :: definitely check in the logs
1276[17:31:31] <greycat> otherwise, if you're doing it in a raw shell, the shell dies as soon as the ssh session dies as soon as the network dies, which may kill the thing that's supposed to resuscitate the network
1277[17:31:33] <ja869117> OT ? - my laptop has died, a noble beast but old. My ? what would be a "good" replacement must be linux "capable?
1278[17:31:55] <zeedee> greycat: i use tmux at boot
1289[17:34:58] <zeedee> greycat: now i dont understand. if the machine reboots all sessions are gone. if i dont reboot and start a fresh ssh connection yes i reattach
1291[17:35:29] <greycat> All I'm saying is that if you ssh'ed in and then typed "service restart network" or whatever, but FORGOT to attach to your tmux session first, then that might explain your issue.
1292[17:36:26] <ratrace> I'm not sure systemd would break like that. unlike the "old" days where you actualyl execute the init script from within your shell, systemctl talks to pid1 afaik
1294[17:36:44] <ratrace> (and dbus if you exec it as unprivileged user)
1295[17:37:09] <greycat> Does it send a full "stop it and then restart it, please" message all at once, or does it send a "stop it" message, then wait for ack, then send a "now start it" message?
1296[17:37:12] <ratrace> ((but definitely run through tmux ,that's very good advice; I'm just saying I'm not sure it'd break like that))
1297[17:38:04] <ratrace> in systemd a "restart" is always ExecStop + ExecStart
1298[17:38:33] <ratrace> There's no ExecStopStart where one could, say, put "ifdown -a ; sleep 1 ; ifup -a"
1299[17:38:47] <ratrace> (one could put that into ExecReload tho)
1300[17:39:01] *** debhelper sets mode: +l 1199
1301[17:39:12] <zeedee> greycat: i appreciate the idea because i do overlook simple things but yes, always inside tmux
1315[17:45:24] <shtrb> jhutchins, sorry to jump into conversation, but many modern pc (and laptops) are no longer "not on a network anymore" , they are potential attack vector only waiting to upload your sensitve data to some attacker (aka a cloud service). Any machine is considered to be compromised after some time. A PC not connected to the internet but has access to interal WiFi (very common thing in Black networks) one day this mofo could be made on a public ip because
1316[17:45:25] <shtrb> of a intellectually chalenged mistake (seen it , been there )
1389[18:31:15] <ratrace> no, there has to be something in the logs. after you reboot, do grep ifup /var/log/messages (or enable persistent journald and use journalctl) , there has to be something about it
1390[18:31:59] <ratrace> if it comes back online on boot that means the configuration at least is correct, or else it wouldn't. so i'm betting there's something going on that prevents the ifup to complete, after ifdown, doens't make much sense otherwise
1398[18:36:06] <dpkg> In Debian releases 8-10, systemd's journal is not persistent by default. To enable a persistent journal, enable Storage=persistent in /etc/systemd/journald.conf. Persistence will be the default in Debian 11 Bullseye.
1400[18:38:25] <ratrace> well yeah, I mentioned it should be made persistent if journalctl is to be used.
1401[18:38:36] <jelly> isn't it enough to mkdir /var/log/journal and reboot?
1402[18:38:40] <ratrace> btw, is that settled, then? persistent journald WILL be default in bullseye?
1403[18:39:08] <ratrace> jelly: it is but that's the implicit way assuming defaults . Much better is to be explicit in the journald.conf
1404[18:39:09] <greycat> jelly: yes, because of course there have to be two completely different ways of doing it, both of them well documented in separate locations...
1405[18:39:30] <ratrace> they're all documented in the one and the same journald.conf(5)
1406[18:39:33] <jelly> ratrace: I want to avoid changing default conffiles.
1407[18:39:44] <ratrace> jelly: why
1408[18:39:53] <jelly> ratrace: because I like distro defaults
1409[18:39:59] <ratrace> /etc exists for the (sys)admin to configure their system as they wish
1410[18:40:06] <jelly> and I want to stick to them unless there's a good reason not to
1411[18:40:13] <ratrace> but by mkdir'ing youre changing distro defaults.... o.O
1412[18:40:26] <jelly> ratrace: I'm not changing any conffiles
1413[18:40:32] <ratrace> well anywya, if you prefer mkdir instead of being explicit in the configs, by all means.... :)
1414[18:40:48] <ratrace> sounds like an artificial constraint, but hey, whatever floats your boat ;)
1415[18:40:49] <jelly> and that makes less work on any upgrades and release upgrades.
1422[18:42:15] <jelly> jmcnaught: so that's three ways. :-)
1423[18:42:16] <ratrace> meanwhile.... is persistent journald definitely going to be default in bullseye? remember there was a conflict about it, assuming rsyslog will remain as well, which is just plain dumb....
1424[18:42:33] <greycat> jelly: but what if I happen to read systemd-journald(8) instead of journald.conf(5) ??!??!??
1425[18:42:41] <zeedee> greycat: do i need to do anything after making the change?
1434[18:44:28] <zeedee> ratrace: no ifup in /var/log/messages
1435[18:44:31] <jmcnaught> The systemd README.Debian says to do it the same way as systemd-journald(8)
1436[18:44:39] <ratrace> zeedee: how 'bout ifdown ?
1437[18:44:48] <greycat> is that right above the indented two-line recipe, or right after it, or somewhere VERY FAR away that nobody will ever see because they already saw the indented commands?
1438[18:44:52] <zeedee> nada
1439[18:45:36] <jelly> oh, forgot about chgrp/chmod. It's not just mkdir.
1441[18:46:08] <ratrace> jelly: HAH! and instead you could've just set Storage=persistent and be done with it (assuming jd restart being common to both methods)
1442[18:46:23] <ratrace> talk about making less work.....
1443[18:46:51] <jelly> ratrace: yes. More work once and less work on every future change in conffile is worth it.
1444[18:46:54] *** rf-n00b_ is now known as rf-n00b
1445[18:46:56] *** Quits: Deyaa (uid190709@replaced-ip) (Quit: Connection closed for inactivity)
1449[18:48:00] <ratrace> jelly: gee, every two years you have to review conffiles for any OTHER changes that may've not been caused by messing with files.... it really doesn't compute :)
1455[18:49:28] <ratrace> jelly: you should. new versions of software include new functionality and you should review what the new config options are, default or no default.
1456[18:49:34] <jelly> it's like you've never done a release upgrade
1457[18:49:58] <jelly> that doesn't have to be done interactively during release upgrade time.
1461[18:50:55] *** Quits: zapatista (~zapatista@replaced-ip) (Remote host closed the connection)
1462[18:51:24] <jelly> leave what? confold or confnew? Track conffiles for EVERY package? No. I care about precious few services, and trust the distro with most others.
1463[18:52:08] <ratrace> I don't trust the distro with anything, especially not debian and its bad defaults.
1464[18:52:10] <jelly> maybe you don't do interactive release upgrade in-place
1520[19:14:28] <wr> jelly, shtrb changing this will full disk encryption give any problem?
1521[19:14:43] <jelly> wr: is this a physical or a virtual machine?
1522[19:14:56] <shtrb> wr , as alex11 said , it would be hard to move stuff up , you can however configure your grub2 to take a different /boot from inside the encrypted disk part .
1523[19:15:00] <wr> jelly, physical
1524[19:15:04] <shtrb> we, * do as alex11 said
1525[19:15:37] <another> wr: how many kernels do you have installed?
1526[19:15:38] <jelly> wr: and the whole disk is just 30GB or so?
1527[19:15:58] <shtrb> *wr , do as alex11 said , it's easier to get rid of stuff you do not need anymore
1536[19:18:08] <shtrb> would you consider instead creating a new /boot inisde the encrypted parttion ?
1537[19:18:16] <shtrb> wr ,you are using kali @!$!@%%!%
1538[19:18:17] <alex11> welp, you're on kali
1539[19:18:30] <greycat> *plonk*
1540[19:18:36] <wr> shtrb, yes, is debian based
1541[19:18:42] <jelly> wr: that's not debian, but figure out which packages those belong to, and remove the oldest one that's not actually running right now
1542[19:19:01] *** debhelper sets mode: +l 1206
1543[19:19:03] <jelly> wr: we don't support derivative distros in here, sorry
1544[19:19:18] <wr> jelly, debian based, ah ok sorry
1545[19:19:32] <johnfg> I just checked, and even though I can connect with vnc, no screen coming up there either.
1557[19:21:16] <johnfg> jmcnaught: On both monitors for this system, they stay black when I move the mouse, enter something from the keyboard, etc.
1558[19:21:27] <jelly> wr: you would do the same thing, > figure out which packages those belong to, and remove the oldest one that's not actually running right now
1559[19:21:31] <shtrb> wr, one option would be to migrate a boot into / using somethign like replaced-url
1560[19:21:33] <wr> jelly, i did post it there, but seems the guys are busy, so far no reply
1561[19:21:45] <johnfg> However, when I choose a tty (other than tty7) I can login with no problem.
1562[19:21:52] <bla> Habe someone recently configured opencl with nvidia under bullseye? is something external required?
1563[19:22:05] *** Quits: JohnML (~john1@replaced-ip) (Remote host closed the connection)
1568[19:22:52] <shtrb> wr, it would be easier to uninstall old kernels
1569[19:22:57] <sney> bla: cuda isn't supported with nvidia and 5.9, either use an older kernel (5.8 should be ok) or wait for nvidia to publish the updated driver.
1570[19:23:06] <jelly> wr: I'll stop commenting on this issue in here now. Maybe try ##linux
1571[19:23:19] <sney> bla: and please take future bullseye questions to #debian-next on OFTC (note right now you are on freenode).
1572[19:23:28] <bla> sney: thanks a lot.
1573[19:24:04] <shtrb> johnfg, check if user have enough disk space and if .Xauthority is owned by the same user
1583[19:25:58] <wr> shtrb, i think just that solves this
1584[19:26:16] <wr> jelly, ok tahnks
1585[19:26:22] <wr> *thanks
1586[19:26:35] <shtrb> johnfg, sudo systemctl isolate multi-user , and then sudo systemctl isolate graphical
1587[19:26:36] * jelly wonders
1588[19:26:44] <jelly> dpkg, buster->bullseye
1589[19:26:44] <dpkg> In /etc/apt/sources.list, change "buster" to "bullseye", remove lines like buster-backports, debian-multimedia <dmo>, and other 3rd party repos as they are known to cause issues then do: apt update && apt upgrade && apt full-upgrade. Note that testing is a <moving target> and may be buggy, and read the sid FAQ: replaced-url
1607[19:29:38] <wr> any way can upgrade my debian buster to use xfce 4.14? and it be stable? not testing etc
1608[19:29:48] <alex11> xfce isn't backported so no not really
1609[19:30:02] <alex11> i don't know if it's possible to self backport; backporting whole desktops generally is hard
1610[19:30:08] <alex11> it's been done with MATE though
1611[19:30:23] <wr> alex11, do you think it will take long for it to have the xfce 4.14 on buster?
1612[19:30:36] <alex11> it will never be in buster
1613[19:30:38] <jelly> wr: it will never happen unless you do it yourself
1614[19:30:39] <shtrb> maybe something on OSB ?
1615[19:30:47] <wr> alex11, ah ok
1616[19:31:09] <jelly> and bullseye freeze is close. IF you absolutely need xfce 4.14 you might as well go try using that
1617[19:31:12] <alex11> but like it's xfce so you're probably not missing a lot with a newer version
1618[19:31:23] <greycat> In totally unrelated news I got to install libncurses-dev today. I built the bash 5.1.0-rc3 pre-release, and it did the ksh sideways-scrolling thing which I find unbearable. I installed libncurses-dev and rebuilt it, and now it's working properly.
1619[19:31:24] <jelly> they'd be missing .02
1620[19:31:25] <johnfg> brb on phone
1621[19:31:25] <wr> jelly, alex11 ok i get it, so now is time wait
1622[19:31:26] <alex11> or rather, with an older version
1651[19:40:54] <johnfg> Well, running 'systemctl isolate multi-user' messed up the ttys, and all I had was a blinking cursor. After a reboot, all looks good, but after a logout, not sure whether I'll have the graphical interface or not.
1652[19:41:51] <greycat> I believe the intent was that you would run that isolate command *after* you reach the failed state.
1653[19:42:12] <greycat> (and then the other isolate command, to restart the DM)
1659[19:43:07] <johnfg> jmcnaught: Buster, all updates.
1660[19:43:08] <zeedee> greycat: my interfaces file was bad. i had allow-hotplug enp1s0, should have been auto enp1s0. atleast that change seemed to fix things. thanks for the help
1661[19:43:14] <zeedee> ratrace: thank you too
1662[19:43:16] *** Quits: Newami (~Newami@replaced-ip) (Remote host closed the connection)
1663[19:43:39] <greycat> zeedee: congrats
1664[19:44:11] *** Quits: edlou (uid413273@replaced-ip) (Quit: Connection closed for inactivity)
1685[19:57:50] <zeedee> real quick, now that i can restart networking correctly, will an bad line in /etc/hosts cause me to lose remote connection? im now working on setting a fqdn. thanks folks
1686[19:58:08] <greycat> your /etc/hosts file doesn't do nearly as much as you think it does
1688[19:58:40] <greycat> it's used when some program decides to look up a hostname using the standard libc interfaces. it'll look there first (assuming your nsswitch.conf is default-ish), and then look in DNS if not found in /etc/hosts.
1691[19:59:29] <greycat> editing it doesn't have any effect on already-running programs, unless one of them decides to look up a new hostname, or ignore the cached value of the hostname it already has
1694[20:00:07] *** rgdgnfnfgh is now known as S3xyL1nux
1695[20:00:14] <shtrb> zeedee, /etc/hosts hold results that has a higher priorities than other options (like DNS , NMBD ) , you could drop yourself from being able to acess to some service (and by product fail to access to your identify provider if you are using LDAP/radius auth ) but chances are low for that.
1696[20:00:35] <zeedee> so sendmail complains about not having fqdn. sounds like i can edit hosts file and just re-run sendmailconfig?
1701[20:01:58] <shtrb> johnfg, if after isolate multi-user you had no option in tty to do isolate graphical you have something wrong on the DM level , session level , or a service inside your DE. a test in the failed state you can do (if you are under X ) to log in into a tty and run startX to see if you can enter a session there
1702[20:02:08] <zeedee> it works good on my rented vps... is there a better option? i just want to send alerts to myself
1710[20:06:58] <scrul00se> zeedee: personally I like to use msmtp to provide a tiny "dummy mta" which just uses my (paid, not local) email account to send alerts
1719[20:09:29] <johnfg> greycat: When I selected tty7, I had the DM login screen.
1720[20:09:50] <johnfg> Full DE session on tty1 though.
1721[20:10:05] <shtrb> can you try reproduce the probelm , and then try to run start X on a different tty
1722[20:10:20] <greycat> startx with no arguments on tty1 should definitely NOT kill a running X session on tty7
1723[20:10:21] <jelly> zeedee: msmtp-mta or dma if you're going to send all mail to one address
1724[20:10:28] <jelly> !nullmailer
1725[20:10:28] <dpkg> somebody said nullmailer was a minimal <MTA> for hosts which just sends directly to smart relays. Does not support /etc/aliases; define a catch-all alias in /etc/nullmailer/adminaddr instead, see adminaddr(5). replaced-url
1737[20:12:12] <jelly> zeedee: right, that's when you use a null mailer, a small tool that provides /usr/sbin/sendmail API but typically sends all mail generated on the server to one address, using one smtp auth server
1738[20:12:18] <johnfg> Looks like all I have running is needrestart-dbus-session.
1739[20:12:57] <jelly> scrul00se: aliases are nice, useful to sort mail later
1745[20:16:12] <scrul00se> jelly: Yep. My main use case for msmtp is a systemd oneshot containing a "mail" oneliner that sends "Unit %n failed!" and a log excerpt to my real-world email address, which I can add to the OnFailure directive of any systemd unit. I've been very happy with it
1763[20:24:22] *** Quits: platvoeten (~platvoete@replaced-ip) (Remote host closed the connection)
1764[20:26:06] <alexrelis[m]> I am trying to run an initial backup with Deja Dup. I've selected to back up my entire home/ folder, excluding Downloads/ and a few other places. When I run it I get this error:
1783[20:37:57] <johnfg> After I leave here in a bit, and come back around 6 p.m. MST, I'll see what I've got. Probably won't be able to troubleshoot any problems until Thursday, though.
1788[20:40:36] <johnfg> btw...does pastebinit not work any longer? I tried both a cat <file> | pastebinit; and a pastebinit <file>, and I got errors (the same).
1790[20:41:31] *** Quits: tizef (~tyzef@replaced-ip) (Read error: No route to host)
1791[20:41:51] <johnfg> Part of the error: /usr/bin/pastebinit:413: DeprecationWarning: pasteURLopener style of invoking requests is deprecated. Use newer urlopen functions/methods
1796[20:43:52] <johnfg> greycat: is pastebinit deprecated (as well as not working?)?
1797[20:44:28] <greycat> I have no idea. The three seconds I spent reading your error would be enough to make me give up on it, if I were trying to use it.
1806[20:47:11] <n4dir> I think the DeprecationWarningis really just that, a Warning. I had it not working, pastebinit, but the solution was not related to that.
1811[20:49:46] <Onyx47> damn, I should set up my shell differently on my laptop and desktop, I almost broke my apt sources.list right now, forgot I was SSHd into my laptop -.-
1850[21:11:28] <Waxhead> I asked this in Debian-next , but I might as well try here too. Is there some way to boot debian from a live-cd. e.g. "jump-start" without grub the main install from a chroot or something?
1860[21:14:25] <ratrace> then again your inability to look up a simple config option in the supervisord docs tells me that's gonna be Mission Impossible.
1861[21:14:36] <Wh0amI_> I discovered that debian is linux, what do I do ?!
1864[21:15:22] <karlpinc> I'm looking at a moin-moin wiki web page. I believe the font supplied by css is "Arial, Lucida Grande, sans-serif". Chromium seems to render it in DejaView Sans. I think firefix is rendering it as Aerial bold. I don't believe I have aerial installed (but am not sure how to check.) Anyway, all the text is bold in firefox, but not chromium. What's going on and what's the right way to fix it so firefox does not show everything in
1865[21:15:22] <karlpinc> bold?
1866[21:16:15] <ratrace> sounds like something broken in fontconfig
1867[21:16:45] <ratrace> "font supplied by css" would imply there's a .ttf definition for download, rendering your local fonts irrelevant, tho
1868[21:17:38] <ratrace> unless you really meant font-family definition, and not @font-face
1873[21:21:20] <karlpinc> (strangly, this particular wiki has a different font-family than replaced-url
1874[21:21:36] <ratrace> right, so with font-family, it lists fonts in order and your browser selects first found. Arial is not a free font, so it's unlikely you have it unless you explcitly installed it from somewhere. Lucida is not typical on linux systems, I don't recall if its free, so that leaves whatevre system would define as sans-serif
1882[21:26:02] <karlpinc> And firefox claims the default font is DejaView Serif. I think I'll ignore the problem and see if it goes away the next time firefox upgrades and breaks everything.
1896[21:33:40] *** Quits: neilthereildeil (47f1f4c4@replaced-ip) (Remote host closed the connection)
1897[21:34:19] <greycat> you can go to the wiki's SystemInfo page to get the software version + python version (and a lot more if you're logged in as the wiki admin)
1898[21:35:03] <karlpinc> I'm going to try installing moin locally and see if I can reproduce it.
1909[21:43:47] <Paerox> I'm having a hard time finding relevant info in the rsyslog docs. Perhaps someone can recommend me an alternative central logging solution?
1910[21:44:21] *** Quits: platvoeten (~platvoete@replaced-ip) (Remote host closed the connection)
1911[21:45:45] <karlpinc> Paerox: Or you could tell us your problem.
1912[21:47:02] *** Quits: endstille (~endstille@replaced-ip) (Quit: I'll be back.)
1914[21:48:32] <Paerox> karlpinc, I have a FortiGate which is currently logging to RAM only. The FortiGate has an option I can turn on so that it sends it's log to an rsyslog server. So far I've configured rsyslog to listen only to the LAN NIC. Now I want to log events on my FortiGate to a seperate folder under /var/log. My problem is that I cannot find the relevant modern-style configuration directive for rsyslog to do this.
1965[22:33:06] <Paerox> jhutchins, I'm not dissing rsyslog at all, I'm just having a hard time setting it up
1966[22:33:43] <Paerox> Today is the first time I'm customizing rsyslog
1967[22:34:09] <jhutchins> Paerox: You just have to hold your tongue right - meaning once you get the right perspective it all makes sense.
1968[22:34:34] <shtrb> ratrace, rsyslog is not that bad , used both of them , not that of an issue with most IT users
1969[22:35:13] <Paerox> I've had some success already with rsyslog btw! Got rsyslog to store messages from my Fortigate, but the messages ended up in /var/log/messages and not in a sepereate folder
1970[22:36:00] <shtrb> Paerox, create a custom conf file in rsyslog.d , the stops after matching , also My condolunces for Fortigate
1971[22:36:03] <jhutchins> Paerox: You should be able to get the syntax from the manpage.
1973[22:37:21] <Paerox> jhutchins, I'll have a proper look at the manpage. Just need a break first.
1974[22:38:36] <shtrb> Paerox, just finish the conf file with "& stop" that will stop processing , for example : $template RemoteStore, "/var/log/blabla/%HOSTNAME%/%timegenerated:1:10:date-rfc3339%"\n :source, isequal, "evilfortigate" -?RemoteStore\n& stop
1975[22:39:23] <jhutchins> Paerox: I'm no longer in an rsyslog environment, but wee had about 1500 servers on the last one I worked with.
1976[22:40:01] <jhutchins> Fortunately it was a "change once, run ansible" system.
1977[22:40:05] <shtrb> Paerox, this will put per date files with messages from machine called "evilfortigate"
1983[22:50:15] <ratrace> Paerox: it's an alternative syslog, and as the name implies, aimed at solving certain shortcomings of rsyslog. back at the time it was capable of TLS, but nowadays (in Buster at least) I think rsyslog is too. syslog-ng's config is way, way more intuitive to work with, tho.
1999[22:58:58] <jhutchins> greycat: I know, I probably have 20, many of which are not duplicates. I don't get political about which one to use.
2000[22:59:02] <ratrace> jhutchins: aparently you have lots of opinions about other people's opinions
2001[22:59:15] <jhutchins> ratrace: Some people's.
2002[22:59:43] <ratrace> I'm not being political about syslog-ng if that's what you're implying. I just mention it as an alternative. it's there, it exists, it has pros and cons, (in my book pros over rsylog are worth it), and it's packaged in debian
2013[23:02:23] <jhutchins> Paerox: At one point I had 200 pentiums in my basement. I was going to build a cluster, then I found out they wouldn't boot headless.
2017[23:04:03] *** Quits: EagleTG (~eagletg@replaced-ip) (Remote host closed the connection)
2018[23:04:04] <dvs> holy meterologist!
2019[23:04:07] <shtrb> Paerox, I was user of it's equipment , it made my life hard , it's MITM process was broken and made it virtually impossible to auth against services
2020[23:04:17] <jhutchins> greycat: Not a lot of planning on that project, just free servers and the existance of clustering.
2021[23:04:26] <Onyx47> just hook it into central heating and get rid of the furnace/boiler/whatever, duh
2022[23:05:14] <greycat> and you were going to power them all off a dozen power strips plugged into a single wall outlet, right?
2023[23:05:23] <jhutchins> A boat can be hauled up and put aboard a ship.
2024[23:05:23] <jhutchins> 
2025[23:05:23] <jhutchins> 1
2026[23:05:23] <jhutchins> Like
2027[23:05:33] <jhutchins> Like I said...
2028[23:05:33] *** jhutchins was kicked by debhelper (flood)
2060[23:16:03] *** ellis8974 is now known as S3xyL1nux
2061[23:16:05] <jhutchins> Paerox: Manpages are the most common docs, hence get the most hands and eyeballs. There are also info pages, mostly for pre-linux programs, /usr/share/doc, and wikis.
2062[23:16:23] <greycat> info pages are a GNU thing, not "pre-linux"
2074[23:21:31] <H-var> internet is a series of tubes
2075[23:21:48] <shtrb> Ethernet cables :D
2076[23:22:07] <greycat> I suppose it's possible that someone outside of GNU took a look at ROFF, took a look at Texinfo, and decided "... ok, I'll use Texinfo". But it wouldn't have been a large number of someones.
2095[23:32:46] <Paerox> shtrb, I didn't think daemon-reload was necessary (only for systemd unit files?). Tried to restart rsyslog after daemon-reload and afterwards i do "ls -Rlh|less" but i see no indication of frequenly updated log files or new ones.
2102[23:36:31] *** Quits: gelignite (~gelignite@replaced-ip) (Quit: Stay safe! Stay at home! Stop the chain reaction!)
2103[23:36:54] <Paerox> created the folder, restarted rsyslog, disabled and re-enabled the "Send logs to syslog" option in my FortiGate. nothing appears in the newly created folder