20[00:31:58] <alexrelis[m]> How do I set the default file manager when I don't have a DE installed? I'm on Openbox and when I select to view a file in the folder it automatically opens up the Ranger file manager when I instead want to use pcmanfm.
29[00:41:10] <sponix> alexrelis[m]: not sure about doing files associated with a file manager, but here is links done with a specific browser replaced-url
30[00:41:23] <sponix> alexrelis[m]: this gio and such might do more than just browsers
40[00:45:59] <alexrelis[m]> Another thing I noticed when using Openbox is that when I open Synaptic my Openbox session freezes entirely and a couple of flatpaks don't open properly, including Element.
49[00:50:42] *** Quits: Deyaa (uid190709@replaced-ip) (Quit: Connection closed for inactivity)
50[00:50:42] *** Quits: ax562 (aec284f2@replaced-ip) (Remote host closed the connection)
51[00:51:31] <alexrelis[m]> sponix: you should try it. Other than the obscure issues I've had with it, it's really great if you want something really lightweight but aren't a fan of tiling wms.
65[01:00:25] <roycroft> and the management pane at the bottom right of the screen is not fun to deal with
66[01:00:41] <roycroft> is there another desktop environment where the window manager is easier to work with?
67[01:00:50] <roycroft> i used mate because it's very lean and clean
68[01:00:54] <Brigo> i use mate, i move the botton bar to the top, i think there is much better.
69[01:00:59] <roycroft> but i'm not married to the idea
70[01:01:27] <roycroft> i'm use to mac os
71[01:01:27] <Brigo> roycroft, i change windows with alt+tab, i think it is pretty easy.
72[01:01:45] <roycroft> i switch windows with ctl-number on mac os
73[01:01:46] <Brigo> i think is a gnome default, mate come from gnome 2
74[01:02:01] <roycroft> if i can change the behavior then i'll stick with mate, for now at least
75[01:02:20] <roycroft> i'd like to make it look and function as much like macos as possible
76[01:02:37] <roycroft> since i'll be switching back and forth between this machine and macs all the tiem
77[01:02:41] <scrul00se> I have a puzzle: Using an automated nightly backup system that needs to run as root, which uses a passphrase-protected ssh key to push to a regular account on a remote server... My goal is a user-transparent way to have the passphrase retrieved from a keyring (keepass? gnome-keyring?) and passed to a long-running root-owned agent (eg Funtoo's "keychain" in a reasonably secure way when the user logs in to the DE.
78[01:02:48] <roycroft> i can't make mac os look like a linu desktop
79[01:02:54] <Brigo> roycroft, you can configure shorcuts.
80[01:02:57] <roycroft> so it's best to make the linux desktop look like mac os
81[01:03:36] <roycroft> i'll look into that, and into moving the window manager bar to the top
82[01:03:56] <Brigo> i have heart about desktop environment just like that.
83[01:03:57] <roycroft> i just got this machine working today - it's been a struggle getting dual boot with windows working
84[01:04:06] <roycroft> i don't do dual boot much
85[01:04:15] <scrul00se> Thus far, I have keychain working nicely, with an autostart entry that uses sudo to launch keychain, but having to paste the password into a terminal window is not ideal.
86[01:04:15] <roycroft> and have never done it on uefi before
87[01:04:35] <Brigo> i have a bar in the top and other, thick one in the left side.
88[01:04:40] <sney> scrul00se: look at sudo's NOPASSWD option for specific commands
89[01:04:49] <roycroft> the machine is functional enough that i can take it out in the field and do work now
90[01:04:59] <roycroft> which was my immediate need
91[01:05:10] <roycroft> now i can work on tweaking it to my liking
93[01:05:29] <scrul00se> sney: Yep, got that in effect already, which skips the sudo prompt and gets you to the "unlock this ssh key" prompt.
94[01:06:59] <sney> passphrases are pretty pointless when it's a machine talking automatically to another machine, I assume there's some reason the ssh key needs to have one?
101[01:10:21] *** Quits: BrianG61UK (~BrianG61U@replaced-ip) (Remote host closed the connection)
102[01:10:26] <sney> seems a bit belt-and-suspenders, but ok. hm. maybe right now, focus on getting the password manager or equivalent to spit out the passphrase via a script. then once you have that part working, combine it with the existing sudo kludge to form backup voltron
104[01:11:55] <scrul00se> I'm wondering about, say, gnome-keyring's default keyring, which can be set to unlock on user login. Assuming I can pull the passphrase from that from a shell, can I expect simply piping it to "sudo keychain load <key-file>" work? And, like, not result in the passphrase displaying in-the-clear in ps or something?
110[01:13:12] <scrul00se> sney: fair point, at least in terms of "will it work". Does anybody see any egregiously obvious security "don't" there?
111[01:14:30] <sney> aside from the academic question of "if the computer can unlock the encryption on its own without user intervention, then was it ever truly encrypted", not really.
112[01:14:38] *** Quits: Haudegen (~quassel@replaced-ip) (Quit: No Ping reply in 180 seconds.)
113[01:14:47] <greycat> not really academic
114[01:15:04] <sney> particularly since it's an oddball use case, so you're going to be touching every piece individually.
115[01:15:25] <scrul00se> The user does unlock it, though, when they provide their password to log in to the DE
122[01:21:49] <scrul00se> Since this whole exercise is, admittedly, a bit belt-and-suspenders, I'm inclined to regard having this passphrase in a keyring that's protected only by the desktop login password and unlocked transparently when the user logs in as "good enough".
123[01:22:24] <sney> it really depends on what you're hardening against
124[01:24:07] <sney> if your main threat vector is "laptop theft" or equivalent, then that meme where someone has locked their door with a cheeto springs to mind, unless you're also using luks
125[01:26:45] <sney> really, the point of a passphrase is to require user consent to decrypt whatever the thing is. if you're abstracting the passphrase from the user context entirely, then it becomes pointless, and you should run borgbackup via cron with passphrase-less keys like a normal person
127[01:27:10] <sney> but also: whatever, it's your computer, and figuring out how to do this will at the very least make you better at all of the steps involved
134[01:33:40] <scrul00se> The threat model insofar as I have one is basically "if an attacker steals the machine or gets shell through a zero-day browser exploit or something, how high can I raise the bar against them deleting or ransomware-ing the backups? (which are indeed borgbackup)
140[01:35:46] <scrul00se> Making the ssh key inaccessible after a reboot or power loss by passphrase-protecting it and having the unlocked key only in root-owned memory seemed like it would raise that bar a notch.
147[01:38:04] <scrul00se> petn-randall: sort of. Turns out you can "append" things like delete commands, which will then be honoured on the next schedule pruning pass.
162[01:49:19] <n4dir> i would think for such an encrypted installation is the way to go.
163[01:49:55] <n4dir> cause as soon the machine is stolen the attacker could boot from a live and reset the user password quicky. I probably look at it from the wrong perspective
164[01:50:11] *** Quits: Space_Man (~Space_Man@replaced-ip) (Remote host closed the connection)
165[01:50:28] *** Quits: auk (auk@replaced-ip) (Max SendQ exceeded)
166[01:50:48] <scrul00se> But also yes, I acknowledge that outside of the "to see if I can", the combination of LUKS and a passwordless ssh key in only-readable-by-root directory on disk is adequate and sensible.
169[01:52:26] <scrul00se> n4dir: My thinking is that in rebooting to live, even without LUKS, if the unlocked password was only in root-owned RAM it's long-since flushed by the time the live system is up, so then, even without LUKS they need to get past the passphrase to use that key to compromise the backups.
170[01:52:51] <scrul00se> er, unlocked ssh key, that is. Sorry.
171[01:53:05] <n4dir> i don't know gnome-keyring or borgbackup, but if i use an ssh-key once it gets stored in ssh-agent, and later i can use it passwordless. I don't understand why one would need to "copy" something from gnome-keyring
172[01:53:30] <n4dir> scrul00se: ah, like that. ok, as said, just wondering over here, not saying anything.
176[01:55:41] <scrul00se> No worries! I am genuinely open to "that won't work because X" input too if you've got it.
177[01:56:06] <n4dir> scrul00se: but wait. You say you automatically start gnome-keyring after login. So after reset of password, reboot, login, he will have access, no?
179[01:57:22] <scrul00se> Nope. Attacker would have to actually know the old password in order to provide it to gnome-keyring. It's *transparent* at user login, but the process is actually that the same password is used separately for both.
180[01:58:27] <n4dir> i think i see. confusing for sure. Good luck
181[01:58:43] <scrul00se> So they can's use the ssh key directly 'cause it's passphrase-protected, and they can't get the passphrase out of the gnome-keyring without the owner's original login password.
182[01:58:58] <scrul00se> s/can's/can't
183[02:00:13] <scrul00se> (In real life, the ssh key is also in only-readable-by-root directory on a system with LUKS, so the *necessity* of my puzzle is very doubtful.)
186[02:01:38] <n4dir> 3 of my old laptops were stolen a month ago. I don't have any useful/private data in git repos on the one hand. And on the other i doubt anyone who steals 10+ year old laptops has a clue what ssh is.
187[02:02:19] <n4dir> probably some junkies. The Zippo on the desk was more worth than those laptops. And the midi keyboards for sure. lol
189[02:02:54] <scrul00se> Haha! Probably true. I'm both a privacy fanatic and the kind of person who finds dreaming up attack scenarios and figuring out how to thwart them kind of fun. ;-)
190[02:03:32] <scrul00se> Sorry about the laptops though. Even with being ancient machines, that sucks.
191[02:03:34] <n4dir> yeah, not saying i shouldn't have done it. Doesn't hurt to do it the right way. I didn't use luks as i use laptops only at home. Now am a bit angry for that
192[02:04:05] <n4dir> they could hardly use a WM, web-browsers not at all. Sure, still sucks a bit, but no loss of €
193[02:04:10] * scrul00se is no stranger to having to learn lessons the hard way. Sometimes several times before it sticks.
587[10:17:16] <DomasTux> How do i get debian bullseye?
588[10:17:43] *** Quits: gjerich (~quassel@replaced-ip) (Remote host closed the connection)
589[10:17:47] <Haohmaru> don't you wanna wait till it comes out first?
590[10:17:56] <DomasTux> No, i need the new kernel.
591[10:18:08] <Haohmaru> !bullseye
592[10:18:08] <dpkg> The release following Debian 10 "Buster" is codenamed "Bullseye" (Woody's horse in Toy Story 2) and will be Debian 11. It is the current "testing" release. Remember that testing is called testing for a reason; good bug reports with patches are greatly appreciated! replaced-url
673[11:48:43] <premoboss> hello, i am tryin to TOTALY silent the boot message at startup. i already recompiled kernel to silet it more than pssible. but during vbbot, i still have message as "[ OK ] Started Network Time Synchronization." or "[ OK ] Started Update UTMP about System Boot/Shutdown.". I try to change parameters into /etc/systemd/system.conf but no wat to shout up those messages. somehone can give me suggestion? thanks?
716[12:24:48] <eb0t> ok looks like i am sorting it ..fsck on the disk is now running
717[12:28:48] <premoboss> eb0t, it seems you nasve problem on file system... if worse, the physical storage is damage. rebbot with a live distro adn do fsck on all partitions of yout storage device.
718[12:29:28] <eb0t> yes ...the fsck has kind of fixed things...not sure how much yet ..but i think im gonna have to replace the disk
719[12:29:31] <eb0t> soonish
720[12:30:38] <ratrace> eb0t: you can check the SMART data for any indications of failure (noting that no indications doesn't mean it isn't failing). smartclt from smartmontools (--no-install-recommends to avoid halfa MTA installed if you don't want it)
721[12:30:40] <premoboss> soonish is too late. if you care your data, as soon as fsck is done, shut down , reboot witha live cd, mount read-only the partition you want to backup and save them.
722[12:31:10] <eb0t> no what i mean is that i have all files on a fileserver which is fine
725[12:31:26] <eb0t> so as long as i can boot and retrieve and do some work ill be ok for a good while
726[12:32:23] <eb0t> so i have fileserve on different machine...backup on different machine also ...and then this machine is just an interface to use to work from
727[12:32:33] <ratrace> keeping proper backups is always important. no backups == the data is not valuable.
728[12:32:49] <eb0t> yes...i once lost everything a few years ago...
729[12:32:57] <premoboss> ratrace, <3
730[12:33:01] <eb0t> since then i back up daily ..probably several times a day
757[12:40:57] <f-a> because I want to modify those
758[12:41:13] <ratrace> ah I see. and with sudo vim, tabbing doesn't give you options?
759[12:41:18] <f-a> nope
760[12:41:47] <ratrace> right. well, check the permissions on the folder. tab completion is done _before_ sudo is executing vim, as your userr, so if your user doens't have permission to look into that folder, it won't autocomplete.
761[12:42:30] <ratrace> alternatively run sudo -i to become proper root, and run vim on the files
762[12:43:08] <f-a> oh
763[12:43:16] <f-a> sudo -i, excellent, thanks
764[12:43:53] <ratrace> sudo -i or su -l , same effect but different passwords asked.
765[12:44:24] <f-a> I thought -l listed my avl commands
766[12:44:29] <f-a> but -i works like a charm, thanks
798[13:03:22] <quadrathoch2> strk you probably mean dpkg ;). afaik, mail is nice as it's trying to send over mails for multiple hours before it gives up. but read into that :/ there is just a distant memory
816[13:20:06] <Razva> hello. I've just finished installing Debian LXQT, everything is fine, except the fact that networking is managed by "connman". Never used it before.
817[13:20:22] <Razva> How can I remove "connman" and go back to the "normal" /etc/network/interfaces settings?
820[13:22:19] <ksk> Razva: what does "apt-get remove conman" give you? If it does not lead to "LXQT" components being removed, you might be good to go (and end up without networking)
821[13:22:51] <Razva> yeah, just removed it and rebooted, I'm curious if I'll have networking :)
822[13:23:27] <Razva> yyyyyyyyyyyup, it seems fine
823[13:23:41] <ksk> In general: If package connman would have provided the critical service "networking", and you then remove it, apt would install another package fitting that role automagicly
902[14:15:22] <ratrace> the only "overhead" is in actual encryption, which is CPU bound and with every modern CPU having AESNI, the default aes cipher will be far far faster than your sata3 6gbps can put through
903[14:16:05] <ratrace> (ie LUKS can saturate sata3 just fine)
904[14:16:37] <Razva> what do you think about VeraCrypt?
905[14:18:10] <ratrace> never really used it, LUKS works for all my needs
906[14:18:58] <ratrace> bbl, lunch
907[14:19:43] *** Quits: conta (Thunderbir@replaced-ip) (Quit: conta)
912[14:23:44] <ksk> ratrace: I cannot deny anything of what you said - but what would then be the reason for having an "In filesystem encryption", if not for performance? *confused*
913[14:24:32] <ksk> Razva: Regarding Veracrypt: It was forked off Truecrypt, and that project ended in a really strange state. /tinfoil-hat
918[14:26:19] <Lope> damn. I just hosed one of my computers.
919[14:26:31] <ksk> It was discontinued by the unknown authors, with the remark "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues." - see the webz.
920[14:26:47] <Lope> The one that I was setting up the other debian install on a flash drive from.
921[14:26:57] *** Quits: szorfein (~daggoth@replaced-ip) (Remote host closed the connection)
925[14:27:48] <Lope> So I repeated the rsync command just to see how fast it would compare the meta-data etc. which included a --delete and --delete-excluded
926[14:27:52] <Lope> hosed the whole PC hahahahahaha
929[14:28:21] <oiaohm> Razva: and the Veracrypt following code audit when they took over found quite a few problems.
930[14:28:24] <Lope> nothing on it but still a waste of time. it's one of these microsoft devices with special backdoor partitions that have to be there or it won't boot.
934[14:30:25] <oiaohm> ksk: to be correct the message "is not secure as it may contain unfixed security issues." text is one of the historic standard texts for a security project coming non maintained. That line of text is older than TrueCrypt.
935[14:31:16] <oiaohm> Sometimes recycling odd style messages are not suitable for current time and just cause confusion.
940[14:35:59] <Razva> Well, that's it I guess... I'm not doing NextCloud on this setup.
941[14:39:54] <ksk> oiaohm: oh, that is an interesting remark. So that message containing three words which staring letters make up "N S A " is not a hidden message? :P
964[15:18:58] <Lope> hey guys can you please help me with getting my surface pro 2 to boot linux again?
965[15:19:05] <oiaohm> ksk: there are other project discontuine messages contained three word starting with N. S. A. So that could be luck.
966[15:19:07] <Lope> I accidentally deleted my EFI partition's files.
967[15:19:46] <Lope> I've got the surface pro 2 windows recovery zip file that has EFI directories in it, which I've copied back into the efi partition.
968[15:19:58] <Lope> But grub install complains when I try install grub
976[15:29:46] <ratrace> ksk: "in filesystem encryption" permits per directory or per file, not better performance, in fact if anything, it's worse due to mapping overhead
1014[15:59:19] *** Quits: beelzebuzz (~rasputin@replaced-ip) (Remote host closed the connection)
1015[15:59:29] <Razva> I'm trying to install lxqt on a new (other system) but I'm getting "Unable to locate package lxqt". Any hints? Am I missing a repo maybe...?
1016[15:59:38] *** Quits: towo^work (~towo@replaced-ip) (Remote host closed the connection)
1062[16:09:15] <Razva> oook, executed update and upgrade
1063[16:09:46] <Razva> I'm ready a lot about lxqt vs xfce. The idea is that this machine will be used in order to run Firefox, LibreOffice and Telegram. And that's it.
1064[16:10:10] <Razva> It has plenty of RAM and CPU, but I see no reason to install a full-blown KDE/GNOME.
1068[16:10:56] <Razva> A lot of threads insist that the vast majority of apps are written for GTK not for QT and that the user might have issues with LXQT.
1069[16:11:01] <Haohmaru> there's also LXDE btw
1070[16:11:01] <quadrathoch2> it's a preference honestly, xfce builds ontop of gtk and lxqt on Qt. I do like xfce more as it's mature, lxqt is still in development
1071[16:11:04] <Razva> What do you think?
1072[16:11:16] <jelly> try one, use it for a couple weeks, then try the other
1073[16:11:45] <jelly> gtk apps WILL work on a Qt DE and vice versa.
1074[16:11:53] <Razva> ok
1075[16:12:05] <Razva> it seems that the majority of users prefer xfce
1099[16:23:53] <Razva> if anybody is interested: lxqt installs 1283 packages totaling 3231 MB of space, while xfce installs 1106 packages totaling 2544 MB of space
1100[16:24:34] <Razva> I'm going with Xfce just because most users seem to do so...
1117[16:35:23] <ratrace> that only swings in favor against xfce. that's 2:1, no xfce so far, which makes it 33% of users using xfce, by polls so far. not really "most" :)
1128[16:39:02] <EdePopede> is multibootusb a good method to create a multibootstick from debian? installed it from upstream then the few dependencies and at least it starts.
1137[16:43:39] <Lope> So I accidentally erased my EFI partition. Messing with this EFI stuff is new to me. Previously I had just left what Microsoft had left there and grub seemed to know what to do with it.
1140[16:44:44] <Lope> Rather than nuking my whole linux installation etc overwriting it with windows and then using some linux installer etc. I decided to try the linux tools. rfind-install and the normal grub efi stuff.
1141[16:45:10] <Lope> The good news is update-grub runs without errors now, and grub actually boots.
1143[16:45:28] *** Quits: lupulo (~lupulo@replaced-ip) (Remote host closed the connection)
1144[16:45:42] <Lope> the bad news is the only item in my grub menu is "System setup" which goes to the hardware UEFI system setup screen.
1145[16:45:48] <Lope> No kernels etc are listed.
1146[16:46:04] <Lope> But I just realised I need to reinstall my kernel packages so that they get populated in my /boot
1147[16:46:08] <Lope> then it'll probably work.
1148[16:46:28] <jelly> EdePopede: there is no "good" method to make d-i boot other than writing it on the whole stick. The code is a bit fragile and it may fail to find the iso in many cases.
1188[16:53:25] <Lope> ratrace, aaah, i forgot to autoremove
1189[16:53:26] <Lope> thanks bud
1190[16:53:51] <ratrace> jelly: just step into the phoronix cesspoo^W forum, stay a while. Get your vaccines first, that place is..... filthy :)
1191[16:54:02] <jelly> Razva: that's just colors, in a different place I think. I'm on KDE right now, not sure if firing out xfce4-system-settings is going to work
1192[16:54:07] *** epsilonKNOT is now known as aishat
1193[16:54:34] <jelly> xfce4-settings-manager !
1194[16:54:42] <Razva> yeah I found those settings but only 2 or 3 change the "looks" (from XP to 95), the rest just change the colors
1195[16:54:42] <jelly> see, I don't even remember how it's called
1196[16:54:55] <Lope> After this mistake, I'm going to be mounting my /boot/efi as ro
1197[16:55:01] <Lope> and probably also /boot
1198[16:55:12] <Lope> then just script it's remounting with my updates.
1206[16:56:33] <Lope> ratrace, are you saying that I should mount them automagically for those triggers
1207[16:56:37] <ratrace> Lope: yeah, no, you're right, ro mount sounds better.
1208[16:56:48] <Lope> yeah, I like a good ro
1209[16:56:53] <Lope> then you can see what's up.
1210[16:57:16] <jelly> Lope: do you not have backups for this system?
1211[16:57:35] *** aishat is now known as atammy
1212[16:57:46] <ratrace> Lope: you can have DPkg::Pre-Invoke and ::Post-Invoke /etc/apt/apt.conf.d/something triggers do that, but that's gonna remount them on every apt action
1213[16:57:52] <Lope> it's not my workstation, it's a experimental laptop.
1214[16:58:27] <ratrace> Lope: for example I use those triggers to remount /tmp (no)exec. Stupid apt needs /tmp exec .......
1215[16:58:35] <ratrace> actually dpkg does, not apt specifically.
1216[16:58:49] *** Quits: gryffus (~gryffus@replaced-ip) (Quit: This computer has gone to sleep)
1217[16:58:58] <Lope> ratrace, well my upgrade is scripted, so I can remount for every upgrade
1218[16:59:01] *** debhelper sets mode: +l 1196
1219[16:59:18] <Lope> although actually, some installs cause an initramfs-update to happen.
1220[16:59:20] <jelly> ratrace: hmm! apt might benefit from a private tmp there.
1221[16:59:31] <Lope> So I suppose it should happen for apt install as well as apt upgrade
1222[16:59:48] <ratrace> jelly: like a namespace similar to what systemd does? indeed.
1223[16:59:52] <Lope> ratrace, lol. now that I think about it. apt remove can also cause it.
1224[16:59:56] <ratrace> an unshare just for the apt run.
1225[17:00:00] <Lope> so basically anything other than apt update.
1226[17:00:28] <ratrace> Lope: an install of <apparently unrelated> package could trigger update-grub or update-initramfs.
1227[17:00:44] <ratrace> really just remount it on each apt run. a derpkg::post|pre-invoke does it
1228[17:02:14] <Lope> Amazing, looks like I fixed this surface pro 2.
1229[17:02:34] <Lope> Now it's totally devoid of microsoft binaries on the SSD.
1237[17:03:33] <samuelrajan747> I updated a xenial to focal by running sed on the sources.list, does that method has any known issues? I also took care of other ppa files inder sources.d.
1238[17:03:45] *** atammy is now known as epsilonKNOT
1268[17:12:54] <ratrace> you could try remove lxqt specific packages (with lxqt in the name), install xfce task, and then whatever orphans remain you could autoremove them or whatev
1269[17:13:35] <ksk> Razva: you can create a list of packages "xfce*"; check them manually, then feed them to "apt-get remove"
1270[17:14:14] <ratrace> and hell, I said the other way around. yes, remove xfce, install lxqt-...
1271[17:16:37] <Razva> ok I'll just reinstall and call it a day :)
1272[17:17:07] *** Quits: Kaboon (~Kaboon@replaced-ip) (Remote host closed the connection)
1314[17:27:46] <Razva> Wooowee. Didn't touched a Gentoo or a Slack for like...10+ years.
1315[17:28:24] <jelly> Razva: people you're selling to probably don't care which distro is underneath; Debian however provides a more decent, or at the very least a MUCH wider platform than CentOS if you're building a specific solution
1316[17:29:04] <ratrace> cPanel changes that a bit tho, with its own compiling and installation of stuffs like php, mysql, ...
1317[17:29:23] <ratrace> (ie it brings to centos the width that in itself it's missing, even with epel)
1318[17:29:23] <Razva> jelly: most shared-hosting customers have no understanding on what a "webhosting account" involves, they just want "a fast server and lots of email space".
1320[17:29:47] <ratrace> but now! .... ther'es centos streams. haven't tried them out yet, but that's supposed to bring extra, extra width to centos and clones and even RHEL
1321[17:29:56] <Razva> cPanel switched from compilation to rpms 3-4 years ago, finally.
1322[17:30:32] <ratrace> oh? shows how much I'm in the loop with it then
1323[17:30:48] <jelly> Razva: if I were put in control of $work web hosting, I'd migrate all the old centos 6 plesk stuff to debian 10 plesk stuff in a jiffy
1335[17:33:14] <jelly> Razva: noone is stopping you from making your own control panel ;-)
1336[17:33:32] <ksk> mhm there was a polish corp offering their panel, and also offering hosting on it. wonder if they survived, mhhm.
1337[17:33:55] <ratrace> we have our own control panel. our clients don't even know what a control panel is :) we do managed hosting.
1338[17:33:56] <jelly> it looks deceptively simple
1339[17:34:14] <ratrace> I concur.
1340[17:34:48] <Razva> well, us, small sellers, have no better alternative than just "go with the flow". some mid-sized companies tried to make their own CPs and...yeah...it's "ok-ish", but none of them wants to share/sell their work after paying tons of money
1341[17:35:07] <ratrace> you may think it's easy, you just ahve some db, some users, a bit of postfix config, db config, dns.... but.... under the hood there's a LOT going on especially if you wanna do it properly with proper privsep in place and not vector into root through http
1342[17:35:07] <Razva> I sell only unmanaged/cheapo
1343[17:35:48] <Razva> exactly, it's *not* simple at all, we've tried once and when we've made the calculations...heh...it was like...6 months profit...
1344[17:36:20] <ratrace> on the other hand, 100% control, much better security, ...
1345[17:37:08] <Razva> I've convinced about ~200 clients to move to plesk, but the vast majority (~2000) didn't agreed, even after receiving a 50% discount for the first year. they just didn't wanted to switch because "it was too different and missed a lot of features" (which it doesn't, they are just in different places)
1347[17:37:50] <Razva> heck, even today we're receiving tickets from Plesk users complaining that they cannot use java/tomcat apps and they want to go back to Plesk
1348[17:37:54] <jelly> Razva: customers don't like change. They'll invent reasons after the fact.
1351[17:38:43] <Razva> the only solution is to find an alternative and sell it to new customers. old customers usually upgrade, so a new cp can be upsold. but that takes time.
1352[17:38:59] <Razva> and as long as I can't find a decent cPanel alternative...well...:\
1357[17:40:05] *** s3xyl1nux__ is now known as S3xyL1nux
1358[17:40:16] <ratrace> Razva: no, it's our internal thing. our customers have no access to it.
1359[17:40:23] <Razva> ah ok
1360[17:40:32] <Razva> so your customers don't have access to any kind of control panel?
1361[17:43:50] <rootkea> Hello! I just installed Debian 10. I see networking.service failing with "Failed to start Raise network interfaces" message in boot log. Here's the relevant log from `journalctl -xb`: replaced-url
1362[17:44:15] <ratrace> Razva: they have some very limited access into their account where they see billing and stats and features activated
1363[17:44:23] <rootkea> From he log it seems this is related to interface renaming?
1364[17:44:28] *** Quits: edlou (uid413273@replaced-ip) (Quit: Connection closed for inactivity)
1366[17:44:53] <rootkea> How do I fix this and should this be fixed already in fresh install?
1367[17:44:56] <jelly> rootkea: pastebin the output of "ip l" or tell us what your iface is actually called right now, and whether it exist
1368[17:44:59] <jelly> s
1369[17:45:04] <rootkea> s/should/shouldn't
1370[17:45:18] <jelly> "shouldn't happen"
1371[17:47:18] <rootkea> jelly, ip -l o/p replaced-url
1372[17:48:39] <jelly> thank you for providing a /raw/ link!
1373[17:49:12] <rootkea> :)
1374[17:49:56] <jelly> rootkea: it is interesting that debian-installer configured with an iface named "eth0" and that probably deserves a bug report, but the workaround is simple: replace eth0 with enp1s0 in /etc/network/interfaces
1375[17:49:56] <Lope> Hey guys, I'm chrooted from ubuntu with 5.4 kernel to fix my debian system, the debian kernel is a different version number
1376[17:50:10] <Lope> dkms is trying to build looking in /lib/modules for the wrong kernel version
1377[17:50:24] <Lope> how can I make dkms use the chrooted kernel version?
1378[17:50:44] <jelly> Lope: dkms tool has command line options.
1379[17:50:58] *** Quits: TomyWork (~TomyLobo@replaced-ip) (Remote host closed the connection)
1380[17:51:03] <Razva> Lope: don't take my word on this, but wouldn't it be more time-effective to just reinstall everything? save your files on an external drive and start over
1381[17:51:13] <Lope> jelly, I'm not running dkms directly, I just did apt remove --purge zfsutils-linux; apt install zfs-utils linux
1387[17:51:54] <ratrace> Lope: I told you how in #zfsonlinux
1388[17:52:27] <jelly> rootkea: huh. If the live image uses calamares as installer and not d-i, then yes. I have no idea how installing from live works.
1389[17:52:39] <jelly> rootkea: actually, there's a better way
1390[17:52:42] <jelly> !installation report
1391[17:52:42] <dpkg> from memory, installation report is replaced-url
1392[17:54:42] *** Quits: erle- (~erle-@replaced-ip) (Remote host closed the connection)
1393[17:55:19] <rootkea> jelly, /etc/network/interfaces has single line "source-directory /etc/network/interfaces.d". So guess I should edit /etc/network/interfaces.d/setup which has "eth0" twice?
1404[18:00:08] <Razva> rootkea are you using LXQT? I had the exact same issue 6 hours ago :)
1405[18:00:19] <rootkea> xfce
1406[18:00:34] <jelly> that's a pretty standard default config
1407[18:00:52] <Razva> yeah, do you have connman installed? if yes, just `apt-get remove connman` and reboot
1408[18:01:24] <Razva> folks here's a question. is there any way to make a realvnc/tightvnc/realvnc connection as snappy as a RDP?
1409[18:01:25] <jelly> Razva: that's not going to change the incorrect file.
1410[18:01:27] <rootkea> jelly, So shouldn't eth0 been renamed already in interfaces.d/setup?
1411[18:01:39] <jelly> rootkea: it shouldn't have been named "eth0" in the first place.
1412[18:01:49] *** Quits: Haudegen (~quassel@replaced-ip) (Quit: Bin weg.)
1413[18:02:06] <Razva> jelly: yeah, my issue this morning was that basically connman was ignoring any settings I was making in `interfaces` and I had no idea what was going on :)
1414[18:02:38] <jelly> Razva: this user has ifupdown working, as seen in logs.
1415[18:02:41] <rootkea> jelly, So should I go ahead with renaming eth0 as you suggested?
1416[18:02:46] <jelly> rootkea: yes.
1417[18:03:09] <Razva> ^ regarding my question. Same machine, remote screen crawls on Xfce/Lxqt but was almost "instant" (like local) with RDP. nothing changed regarding hardware/networking/etc.
1418[18:04:14] <Razva> It's a KVM VM. Do I need to install any extra stuff, similar with qemu-tools?
1419[18:04:22] <jelly> Razva: rdp is a better protocol than vnc; that said there are lots of extensions for vnc to make things better but most free linux vnc servers seem to not implement them
1422[18:06:35] <Razva> I'm now trying RealVNC, because - from my findings - it's the most widely used commercial product, but it's way way slower compared with rdp
1428[18:09:25] <jelly> rootkea: my wild-ass guess is that for some reason live cd boots with a boot parameter that disables "predictable interface names"
1435[18:15:26] <jelly> debian-live-10.6.0-amd64-xfce+nonfree.iso 4%[=> ] 123.66M 8.37MB/s eta 5m 18s # so slow!
1436[18:15:51] * jelly cheats with lftp and pget
1437[18:16:19] <jelly> there we go.
1438[18:16:31] <ratrace> lftp!
1439[18:16:36] <rootkea> jelly, Earlier I experienced a bug with cryptsetup in 10 live image and reported the same against calamares
1440[18:17:12] <blurkis> why did debian drop ifconfig for ip command? That decision went over my head, and I just cant get the hang of using ip command, hahahaha
1441[18:17:14] <rootkea> Guess there are lot of differences between default and live iso installation
1442[18:17:46] *** Quits: gjerich (~quassel@replaced-ip) (Remote host closed the connection)
1443[18:18:14] <quadrathoch2> blurkis because ifconfig is deprecated, nobody wanted to take over
1444[18:18:16] <another> net-tools been deprecated for more than a decade
1445[18:18:33] <quadrathoch2> Ahh that was the name of the package
1446[18:18:42] <jelly> blurkis: Debian caught up with changes made 20 years ago, around kernel 2.4 when "ip" appeared and net-tools (ifconfig) got deprecated
1447[18:19:50] <jelly> blurkis: "ip a" is shorter than "ifconfig -a"!
1448[18:20:17] <rootkea> I have another startup service systemd-backlight@backlight:intel_backlight.service failing with "Failed to start Load/Save" Screen Backlight Brightness of backlight:intel_backlight." Here's the relevant log from journalctl -xb: replaced-url
1449[18:20:20] <jelly> you can still install net-tools if you want them. They are maintained again for some reason.
1464[18:25:12] <dpkg> Newer kernels for Debian stable releases are available from the <buster-backports> repository. After modifying your sources.list, run «apt update». To install the current backported kernel: «apt -t buster-backports install linux-image-`uname -r|sed 's,[^-]*-[^-]*-,,'`». To list available backported kernel image packages: «aptitude search '?narrow(~nlinux-image,?origin(Debian Backports))'».
1471[18:31:51] <blurkis> jelly: for sure. "ip a" is shorter. but ifconfig is whats stuck in my old dinobrain. Relearning seems to be impossible, *sigh*
1505[18:41:45] <dpkg> Request For Package (RFP) is the way to ask for a piece of software to be included in Debian. See replaced-url
1506[18:41:46] <petn-randall> EvanCarroll: It first gets uploaded by a maintainer to unstable, and if there are no release-critical bugs found it will usually migrate to testing after 10 days. It can be quicker for urgent packages, and slower if a library migration blocks it.
1507[18:42:03] <EvanCarroll> n4dir: so then the hold up on everything is getting it into unstable.
1508[18:42:05] <EvanCarroll> That's fair.
1509[18:42:31] <EvanCarroll> So is there a metohd to help out, a lot of the pacakges in debian unstable are old as poop.
1516[18:44:15] <n4dir> i guess this could be answered by the do-ocracy approach of debian. The package gets updated whenever it's maintainer thinks the time is right (might be: he has the time)
1517[18:44:18] <jelly> EvanCarroll: first, verify which versions are in unstable, and whether the maintainers are active; then ask the maintainer team whether they need help; you can become a debian maintainer and help with some of those
1519[18:44:32] <n4dir> So to help out you'd want to become a maintainer.
1520[18:44:54] <jelly> EvanCarroll: do you have any specific packages in mind?
1521[18:44:59] <n4dir> or help the maintainer, as jelly pointed out
1522[18:45:33] <rootkea> jelly, Since I have used non-free iso I see many non-free packages in vrms o/p. How do I know Which of these firmware packages am I using so that I can install bpo of them? I used `journalcrl -xb | grep firmware` and installed 3 packages. Am I missing something?
1543[18:50:19] <ratrace> sounds like Debian is totally not for your
1544[18:50:21] <ratrace> *you
1545[18:50:31] <ratrace> !sns
1546[18:50:31] <dpkg> Shiny New Shit Syndrome is a serious disorder, which usually breaks out into an epidemic every time something new is released. If you have SNS, ask me about <backports> and <ssb>; these are better options than upgrading to <testing> because it is a <moving target>.
1551[18:51:42] <EvanCarroll> jelly: I guess that's a valid point. buildah doesn't publish the minor releases in their changelog, so I have no idea what the status of that is.
1556[18:52:25] <jelly> right there in the changelog
1557[18:52:55] <EvanCarroll> Ok, point taken. I retract my poop statement. I'm willing to frame 5 months behind as old-as-poop, but certainly not 3 months. =)
1558[18:53:29] *** Quits: asymptotically (~asymptoti@replaced-ip) (Remote host closed the connection)
1559[18:53:48] <jelly> that said, go packages are ... speshul, I hear
1560[18:53:51] <EvanCarroll> I was using this changelog, replaced-url
1581[18:57:05] <ratrace> rpm spec is walk in the park on a nice, late summer afternoon (think september, neither hot nor cold). packaging for deb is what Matt Damon had to do in Martian
1585[18:57:29] <n4dir> i think that often upgrading a package if there already is a package in Debian, that is the whole /debian file, ... it can be easy.
1588[18:57:41] <n4dir> probably not the worst way to start with it. But i forgot all about it
1589[18:58:00] <n4dir> sorry the debian/ folder, not file
1590[18:58:06] <ratrace> strike one
1591[18:58:08] <EvanCarroll> that analogy just won the day.
1592[18:58:12] <n4dir> ratrace: ha ha
1593[18:58:13] <EvanCarroll> mic drop.
1594[18:58:19] <rootkea> So I am now on 5.8.0-0.bpo.2-amd64 but still startup service systemd-backlight@backlight:intel_backlight.service failing with "Failed to start Load/Save" Screen Backlight Brightness of backlight:intel_backlight." and When I login into xfce, the brightness is at max.
1595[18:58:20] <ratrace> (see you already stroke with deb pkg)
1596[18:58:25] <jelly> EvanCarroll: if you really want to package for Debian, then the mentors channels is right for you
1597[18:58:27] <jelly> !mentors
1598[18:58:27] <dpkg> i guess mentors is the system the Debian project uses to train new people to become Debian Developers or Debian Maintainers and get their packages into the Debian archive. Ask me about <nmg>. replaced-url
1599[18:58:44] *** Quits: Emmanuel_Chanel (~Emmanuel_@replaced-ip) (Remote host closed the connection)
1603[18:59:21] <jelly> EvanCarroll: if however you just want to learn about packaging in deb format for your own needs, then you probably want #packaging also over there on OFTC
1604[18:59:35] <ratrace> I tried the mentorship route for Ubuntu once. dropped it after their own tools didn't work.
1605[18:59:42] <sussudio> does #packaging do christmas presents?
1679[19:39:17] <dpkg> Shiny New Shit Syndrome is a serious disorder, which usually breaks out into an epidemic every time something new is released. If you have SNS, ask me about <backports> and <ssb>; these are better options than upgrading to <testing> because it is a <moving target>.
1685[19:43:37] <unixbsd> sns ;) funny description, works with systemd ?
1686[19:44:58] <ratrace> in what way?
1687[19:45:01] <unixbsd> !sns
1688[19:45:01] <dpkg> Shiny New Shit Syndrome is a serious disorder, which usually breaks out into an epidemic every time something new is released. If you have SNS, ask me about <backports> and <ssb>; these are better options than upgrading to <testing> because it is a <moving target>.
1689[19:45:35] <unixbsd> ratrace: nothing special about it, to mention.
1690[19:46:17] <ratrace> you're not making any sense
1709[19:55:30] <rootkea> Is there any standard regarding which x files dm has to source?
1710[19:57:26] <greycat> The DM doesn't read any.
1711[19:57:26] <unixbsd> .xinitrc is the oldest one, based on free X, Xorg. .xsession came later for modern desktops. freedesktop might be interesting to keep track.
1712[19:57:46] <greycat> The session that's launched BY the dm may read some. Debian patched things to use ~/.xsessionrc
1713[19:58:17] <greycat> Debian also patched their session to read ~/.xsession even when started by startx, so you don't have to keep both a .xinitrc and .xsession
1714[19:59:26] <unixbsd> startx still uses .xinitrc on debian. luckily, we go !sns ?
1715[19:59:40] <greycat> yes, it will use .xinitrc if there isn't a .xsession
1716[20:00:10] <unixbsd> startx shall use .xinitrc only. point. this is tragedy to change old reliable unix things.
1717[20:00:24] <greycat> ... no, startx *ON DEBIAN* will read either .xsession or .xinitrc
1729[20:03:48] <greycat> If you're only on Debian (e.g. your $HOME is not shared with any other systems), then you can simply use .xsession and that will work for both startx and DM-launched Debian X sessions.
1730[20:04:18] <greycat> That's why they made the change. So you would only have to maintain the one file.
1733[20:07:46] *** Quits: short-bike (~short-bik@replaced-ip) (Quit: And, on that note....)
1734[20:09:11] <rootkea> I want to turn off he beep (the one which is heard if we press backspace in login box or down-arrow on last row in thunar). I put `xset -b` in .xsessionrc which switched off the bell inn thunar.
1735[20:09:27] <rootkea> How do I disable bell in lightdm login box?
1738[20:11:40] <rootkea> I remember setting xset -b in .xprofile in my previous setup. But now it turns out that Debian tweaks lightdm to ignore .xprofile
1759[20:25:56] <rootkea> jelly, I just installed Debian 10.6.0 live again in VM and faced the same eth0 issue. Clearly a bug with live media installation.
1791[20:43:52] <Razva> do I need any special viewer or is the RealVNC Viewer fine?
1792[20:44:19] <sney> rdesktop is the standalone client, there are lots of others
1793[20:44:25] <MsK`> hello, I have a very weird bug. I'm trying to install xapian-core but apt-get says it doesn't know about it. I'm running an up to date buster so according to the package website, it should be there: replaced-url
1841[21:16:11] *** Quits: bamdad (~bamdad@replaced-ip) (Remote host closed the connection)
1842[21:16:14] <Paerox> Simple question about Docker: When I look at images at hub.docker.com from linuxserver.io, why is it that docker-compose is recommended over docker cli?
1867[21:46:39] <quadrathoch2> Paerox it's easier for you, as it's kinda documentation and running at the same time. as you wouldn't know what command you typed in 100% for your container (if you need to respin it for the newest version)
1918[22:44:38] <tinga> Hi. What can I do when I get "Maximum number of clients reached" from X? This is driving me crazy. I always reach this after a few weeks of uptime.
1922[22:46:59] <petn-randall> tinga: Where do you get this error?
1923[22:47:41] <tinga> petn-randall, this is the X client library reporting that. I see it from programs opening an X connection when run from the terminal, or it is written to ~/.xsession-errors
1925[22:48:05] <tinga> Opening new tabs in firefox then makes the tab crash, I can't open new terminal windows, etc., until I close some other windows. And I don't have so many open, really, it always appears as if it gets increasingly worse, so it might be some leaking somewhere.
1926[22:48:48] <tinga> I did find other people having that issue, though, IIRC, when I was googling around months ago (and couldn't find a solution).
1927[22:49:01] <tinga> Now I'm at the point where I simply patch X myself and rebuild, I've had enough.
1929[22:49:35] <greycat> googling it gives me a thread from Ubuntu, 10 years ago, and indicates that browsers can open a bunch of client connections
1930[22:49:36] <petn-randall> tinga: Did you check the amount of open connections?
1931[22:50:21] <petn-randall> I'm guessing that the limit is somewhere around 32k, so it might be that you have stale connections build up with time from a specific program.
1932[22:50:22] <tinga> Xorg is using 163348 KB RES, no prob with my 12 GB of RAM.
1933[22:50:25] *** Quits: platvoeten (~platvoete@replaced-ip) (Remote host closed the connection)
1934[22:50:27] <tinga> Let me check lsof
1935[22:50:49] <petn-randall> I'm not talking memory, I'm talking open connections.
1936[22:50:51] <greycat> According to the threads I'm seeing, the limit is/was 256.
1937[22:51:13] <tinga> Xorg has 1844 file handles; most of them "/drm mm object"
1967[22:59:25] <greycat> I've got firefox using 11, and I have a *lot* more than 11 tabs open in it, although I don't know if all of the tabs are fully loaded
1968[22:59:29] <tinga> And so what, nothing real on the system is running close to a limit.
1969[22:59:37] <tinga> So I just want that limit to be higher.
1987[23:07:52] <n4dir> all that sounds like a very strange solution to a problem not that clear. But what do i know
1988[23:08:12] <jmcnaught> tinga: I don't know exactly what sux is, I can't find it in Debian, but maybe it is related to your issue? Have you considered using firefox profiles? ("-P -no-remote" for example)
1989[23:08:24] <n4dir> jmcnaught: i recall it from the long gone past
2007[23:14:37] <tinga> I combine that with using rxvt using a separate X connection for each terminal.
2008[23:14:59] <tinga> I've been using Linux for 20 years and this is my way of working and I think it's valid.
2009[23:15:29] <tinga> So I don't care if people using gnome-terminal and not separating their firefox usage don't run into this issue, I care that it's limiting my usage.
2022[23:32:13] <tinga> "xlsclients | wc -l" increases by 1 for an xeyes instance, "ss|wc -l" by 2, regardless whether I start it as my main user, or from root via "sux $someotheruser xeyes".
2036[23:37:46] <greycat> I don't think this is the solution. If firefox or chromium is using too many connections, and you raise the limit by 300, what's to stop FF from just using another 300?
2046[23:40:56] <tinga> greycat, `xlsclients | wc -l` definitely goes up by 1 for each tab that has a page open, for me. Note that it only uses the new connection once it actually loads something, not for the empty tab.
2047[23:41:18] <tinga> Is it different for you?
2048[23:41:27] <greycat> now I'm afraid to find out
2050[23:42:46] <jmcnaught> "xlsclients | grep firefox | wc -l" started at 12 for me, I've opened four new tabs, the count is still 12. I have 71 tabs total open, most are not loaded.
2051[23:43:06] <tinga> jmcnaught, but did you load some url in those 4 new tabs?
2063[23:50:55] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
2064[23:50:55] <jmcnaught> tinga: this was with firefox-esr 78.4.1esr-1~deb10u1 but I just noticed that 78.5.0esr-1~deb10u1 is available. For add-ons I use noscript, uMatrix, decentraleyes, firefox multi-account containers
2068[23:55:28] <jmcnaught> tinga: when I restarted firefox after the upgrade "xlsclients | grep -c firefox" was 8, after loading a couple dozen tabs it's now at 12 again but definitely not one client per tab for me at least.
2069[23:56:00] <tinga> Thanks. I've just installed your add-ons except for noscript & uMatrix, checking
2070[23:56:36] <tinga> No change.
2071[23:57:42] <tinga> BTW, same thing when I run firefox as my main user (no involvement of sux)