19[00:08:42] <ikonia> anyone using fustigit on debian buster ? I need to meet it as part of a build dependency, can't see any stand alone packages so considering the pros and cons of the different sources to get it, the gem seems the best bet
21[00:12:43] <Stonefruit> iflema: no need for an install party, what I already have installed is causing me a headache :)
22[00:13:47] *** Quits: Bjornn (~Bjornn@replaced-ip) (Remote host closed the connection)
23[00:13:47] <jmcnaught> ikonia: there is a gem2deb package that may be useful. If you do install the gem I recommend against installing it globally or as root. There is a bundler package in Debian, you can use that to install gems in a local context per-project.
113[01:15:02] <themill> Akuw: I'm sure pitivi can output to different aspect ratios. No tool can magically change the video aspect ratio however. Just like you can't change the aspect ratio of a piece of paper on your desk without doing something drastic to it.
115[01:15:57] <themill> You basically have 3 options: Stretch it so that it is distorted. Cut off the top and bottom. Put black bars on the sides. None of these is a good option.
208[03:00:27] *** Quits: ghost43 (~daer@replaced-ip) (Remote host closed the connection)
209[03:00:51] <sney> "dark mode" as a concept is a lot newer than most common linux applications. there's some effort to catch up, but some legacy stuff doesn't even have a way to do it
225[03:12:55] <Akuw> i need to know in my virtualbox machine
226[03:14:07] <sney> ah. virtualbox guests need to install the guest additions in order to be able to resize the window.
227[03:14:40] <sney> debian can't distribute the guest additions, but you should be able to mount the guest additions iso using one of the virtualbox menus. from there, you can run the installer script.
228[03:14:47] <Akuw> i have many resolutions there, but no 1280 x 720
229[03:15:07] <Akuw> only 1280x800
230[03:15:15] <Akuw> 1280x1024
231[03:15:42] <Akuw> i am asking this because i need to record screen with 16:9
232[03:17:28] <sney> if you are sure you have the vbox guest additions, and you still can't set the resolution to the one you want, it may be a limitation with virtualbox.
247[03:21:57] <jmcnaught> Maybe only linux-image-amd64 in buster-backports Provides the virtualbox-guest-modules virtual package, but "apt-file search vboxvideo.ko" finds that file in linux-image-4.19.0-11-amd64.
379[05:55:33] <KNERD> I saw on StackOverflow someone asking how to get GCC v7 onto Debian 8., and they were showing they were using a Debian repo for "experimental." I got Stretch installed on an old laptop, and I see it has only version 6.3. How would I get GCC v7 on n Debian 9? Doing an apt search I an only seeing version 6 availabel to installll
385[06:02:09] <themill> KNERD: things in experimental are not for stable releases. They're definitely not for oldstable. They also disappear soon after being uploaded to unstable so something from several years ago won't still be there.
387[06:05:17] <KNERD> themill: yeah, I am awarre of that, but the fact version 7 was available for install nearly 4 years ago, so one would think a stable version would be already available for Debian 9 instead of an older version 6
388[06:06:27] <f8e4> sup folks
389[06:06:30] <KNERD> or at least a means to install GCC v7
450[07:02:31] <jak2000> you recommend me delete the file?
451[07:03:00] <nkuttler> i recommend to read the errors. e.g. insserv: There is a loop between service GlassFish_swItsol and rc.local if start
452[07:03:08] <nkuttler> !rc.local
453[07:03:08] <dpkg> /etc/rc.local may be used to run simple commands at boot time. It exists by default in jessie or older; in stretch or newer you need to create it. Don't forget the <shebang> and be sure to chmod 755 it. rc.local is considered a hack, a stopgap, or a temporary band-aid; see <systemd>
454[07:03:39] <nkuttler> it looks like somebody messed with that server, and you should talk to them
470[07:11:35] <jak2000> need fix first this: insserv: Starting GlassFish_swItsol depends on rc.local and therefore on system facility `$all' which can not be true!
533[08:38:08] <jelly> xikuuky: does the screen work otherwise? Did the output stop as well? Perhaps you accidentally pressed Control+s and need to Control+q or Control+a, then q ?
534[08:38:20] <themill> unixbsd: No. It means knowing what you actually want prior to asking questions.
663[10:38:07] <jelly> uos_lyn: if you don't care about the differences, fix debian/whatever.symbols to match; if you plan to make a package that is ABI compatible with the one from Debian, then I suppose you'll need to fix the build process or the code
713[11:09:25] *** Quits: JohnML (~john1@replaced-ip) (Remote host closed the connection)
714[11:09:29] <jelly> uso: I don't know anything about dpkg-gensymbols, ask in #packaging on OFTC if you're making packages for not-Debian, or #debian-mentors also on irc.oftc.net if you're packaging for inclusion in Debian
715[11:09:47] <jelly> uos_lyn: I don't know anything about dpkg-gensymbols, ask in #packaging on OFTC if you're making packages for not-Debian, or #debian-mentors also on irc.oftc.net if you're packaging for inclusion in Debian
741[11:35:03] <rathdome> Hello everyone, I am having trouble getting my fans to work. They are working in Windows 10 with my current dual boot system. Does anyone have any ideas how to fix this?
742[11:35:15] *** Quits: monksam (~monksam@replaced-ip) (Remote host closed the connection)
819[13:04:08] <dob1> what is the recommended dir to put files commons to all users ? for example I put scripts in /usr/local/bin maybe /usr/local/share ?
820[13:04:12] *** Quits: Grldfrdom (uid391113@replaced-ip) (Quit: Connection closed for inactivity)
833[13:13:07] <dpkg> Debian follows the Filesystem Hierarchy Standard. The filesystem is categorized by purpose, not application. This allows, for example, the easy and efficient deployment of a read-only /usr area across a number of thin clients. See replaced-url
840[13:14:37] <Ede|Popede> > The root partition / must always physically contain /etc, /bin, /sbin, /lib and /dev, otherwise you won't be able to boot. Typically 250–350MB is needed for the root partition.
860[13:36:03] *** Quits: Anderson69s (~Thunderbi@replaced-ip) (Remote host closed the connection)
861[13:38:47] <dob1> davorin, I would try a live cd of whatever distribution with a newer kernel than the debian one to be sure that is not a driver issue
862[13:39:02] *** Joins: Louis (~Louis@replaced-ip)
863[13:39:06] <dob1> if it is you just have in some way to update the kernel
864[13:39:13] <davorin> well...currently downloading an ubuntu image
865[13:39:32] <davorin> i assume nuc10 gpu isn't supported...as i see no intel drivers loaded..
866[13:39:37] *** Quits: bewbs (~bewbs@replaced-ip) (Remote host closed the connection)
867[13:39:45] <dob1> ,v kernel-image
868[13:39:46] <judd> No package named 'kernel-image' was found in amd64.
869[13:39:50] <dob1> ,v linux-image
870[13:39:51] <judd> No package named 'linux-image' was found in amd64.
871[13:40:08] <dob1> hmmm the one on backports I don't know which version it is
883[13:43:11] <jelly> dob1: "newer" in version number does not mean too much there, canonical does care about hardware support up to a point and they often have fixes for weird hardware, esp. when paying customers file bugs
884[13:43:51] <dob1> jelly, I didn't know about this
885[13:45:27] <jelly> debian kernel team does too, but you need to actually file bugs
886[13:46:43] <ratrace> called "SAUCE" patches, that haven't been upstreamed (yet) and are specific to ubuntu kernels
902[13:56:50] <shtrb> Anyone have a suggestion for a QR app for plasma that I wouldn't need to screenshot the screen but could just select a rectangle on a screen ?
916[14:00:00] <shtrb> As jelly said ,I save a screenshot and feed it to qtqr , there must be a better way
917[14:00:10] <jelly> there was a tool you could drag an image or selection onto, and it would run a command on the clipboard contents, but the name escapes
1024[15:21:35] <wsky> check is there a kernel module for your raid
1025[15:21:39] <sstory> ratrace: Well I run a software RAID at home, but at work we are used to hardware RAIDs and they have done well with RAID10 and RAID6.
1026[15:21:43] <wsky> google it out, i wont do everything for oyu
1027[15:21:58] <wsky> or rather, ddg it out
1028[15:22:36] <Schrostfutz_> Hi, I'm afraid this is not the right place to ask, but I'll try my luck anyway. I'm trying to boot a VM image from gluster storage via libvirt on Debian 10. The corresponding VM's AppArmor profile, however, is not present whenever the gluster medium is configured. I'm not sure whether this is a configuration error on my end, a packaging problem, or an upstream error since I can't find any solutions online. Do you have any ideas?
1030[15:23:58] <ratrace> Schrostfutz_: the nature of your problem is not really clear. AppArmor is enabled by default but afaik not installed with policies, and there are very little policies. Is you policy/profile something custom?
1031[15:24:03] <McFloss> wsky: I had this raid controller intalled in Debian 9
1037[15:26:14] <Schrostfutz_> ratrace: No, I have not customized it (in fact I didn't know of its existance until I encountered my problem). When I add a gluster-based image to the VM and try to start it I get an error message about the missing profile. So far I've determined that the profile is present (autogenerated) iff there is no gluster image configured for the VM.
1038[15:26:33] <sstory> McFloss: OK. thanks! Since the OS would be installed on that, would it be easy in Debian installer to provide that compiled driver to use?
1049[15:29:21] <McFloss> sstory: worst case you can compile it in a virtual machine and load the module via usb during the installation
1050[15:29:38] <sstory> OK. Thanks!
1051[15:30:18] <ratrace> Schrostfutz_: it's probably not packaged. AA profiles are very.... lacking.
1052[15:30:24] <sstory> I was reading some review that said Debian was hard to configure. Is that just coming from an Ubuntu user or something? I am used to conf files in CentOS. Would it be comparable to that in terms of difficulty?
1053[15:30:53] <ratrace> Schrostfutz_: btw, which profile is autogenerated?
1054[15:31:41] <jelly> sstory: yes. Easier than CentOS in some ways, because defaults are better integrated into the OS and often allow to just install a service and run it immediately.
1057[15:32:23] <jelly> sstory: Worse than CentOS in some ways, because defaults are better integrated into the OS and services are often started and exposed automatically right after installation.
1058[15:32:40] <sstory> jelly: Great! Thanks for the information. My only concern at the moment is the shorter Lifecycle from 10 year to 5 years. I am a SMB with only a couple of guys so hard to keep everything up to date.
1059[15:33:09] *** Quits: ledeni (~ledeni@replaced-ip) (Remote host closed the connection)
1060[15:33:42] <Schrostfutz_> ratrace: There is a profile for each VM: replaced-url
1061[15:33:42] <sstory> Thanks for the tip. CentOS getting pretty bad with Windows style automatic crap that you "might" need as a helpless desktop noob and thus enabled on servers also.
1063[15:34:17] <jelly> sstory: it's 5 years only for a subset of software, and only if you count the separate Debian LTS effort which survives on sponsorship.
1064[15:34:45] <sstory> Oh. So it is actually shorter?
1077[15:35:52] <sstory> surely those ware part of LTS
1078[15:36:01] *** Quits: Lupricon (~Lupricon@replaced-ip) (Remote host closed the connection)
1079[15:36:05] <ratrace> Schrostfutz_: not sure how I can help you there, I work with static profiles and not even with libvirt. These dynamic things is not something you can control, and they don't have appropriate #includes to actually supply custom rules
1080[15:36:20] <jelly> sstory: the company behind the LTS team also does ELTS if you need more than 5 years.
1086[15:37:54] <Schrostfutz_> ratrace: Yeah, at first I thought the access was blocked and was trying to manually whitelist it/everything. That's how I noticed that the files are actually disappearing, so currently I'm thinking that's a bug, since the first file should be editable. I guess I'll open a bug report for libvirt since I don't get any repsonse in their IRC...
1087[15:38:14] <zykotick9> Schrostfutz_: no solution yet I see. Again, best of luck.
1088[15:38:17] <jelly> sstory: entry price for ELTS is LTS Silver sponsorship + variable amount for packages, >= 4kEUR a year. If you don't pay anything, you can still download patches for packages that someone else sponsored.
1091[15:38:56] <dpkg> Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies. Ask me about <jessie-lts> and <stretch-lts> and see replaced-url
1092[15:38:59] <jelly> !elts
1093[15:38:59] <dpkg> Limited commercial support for wheezy exists in form of Extended LTS, see replaced-url
1094[15:39:00] <sstory> Oh wow! Might as well stick with RHEL/IBM at that price.
1095[15:39:35] <jelly> sstory: that's regardless of the number of machines, unlike RHEL
1098[15:40:13] <jelly> you got 100 mail servers all with postfix and dovecot? Same price as just for one with the same set of packages.
1099[15:40:17] <sstory> Yeah. I think in all of the distros, the sponsors are leaving a gaping hole with SMBs that unlike Fortune 500s don't have that deep of pockets. It is a niche that need filling for sure.
1126[15:45:21] <jelly> for example, to go from debian 8 (2015) to debian 10 (2019), you'd have to read
1127[15:45:30] <jelly> dpkg, jessie->stretch
1128[15:45:31] <dpkg> Read (at least) the upgrading chapter of the <release notes> replaced-url
1129[15:45:34] <jelly> and then
1130[15:45:39] <jelly> dpkg, stretch->buster
1131[15:45:39] <dpkg> Read (at least) the upgrading chapter of the <release notes> replaced-url
1132[15:46:02] <sstory> One of the few nice things I can say about Windows is the ability to roll back on disaster. And we all know users aren't the most patient when thing go boom. :)
1133[15:46:29] <jelly> undo for the package system is one of the things MISSING in debian
1134[15:46:40] <ratrace> I can do that too. zfs rollback rpool/foo/herp/derp@snap :)
1135[15:46:46] <sstory> Yeah in most of Linux.
1136[15:47:06] <jelly> debian is quite explicit in not supporting even single package downgrades
1137[15:47:22] <sstory> ratrace: I was also looking at FreeBSD but seems a lot to learn to learn ZFS and especially with the time constraint RHEL just put on everyone.
1138[15:47:34] <ratrace> jelly: did I read somewhere that apt is getting transactional support? or did I dream that....
1139[15:47:47] <jelly> no idea
1140[15:47:49] <ratrace> sstory: why freebsd? that's the LEAST of enterprise supported OS...
1141[15:48:07] <ratrace> zfs on linux is THE reference OpenZFS implementation, thus it's "at home" here.
1142[15:48:27] <jelly> freebsd has openzfs now as well, from the same source tree, doesn't it?
1143[15:48:39] <ratrace> they rebased from solaris' to linux' yes
1144[15:49:14] <jelly> and it has pf and can do HA connection tracking
1145[15:49:16] <sstory> ratrace: Most of the CentOS community has just be woefully betrayed by IBM/RHEL reneging on their EOL date of 2029 for version 8. This has left many in a panic not know where to go. There aren't a lot of choices. What I value most is stability, easy of use and support for the few things I need to run.
1146[15:49:33] <ratrace> but freebsd has other, enterprise-unfriendly features. the base os is okay-ish, but the ports are not. "best" you get is 3-month branches of the unstable tree, which don't get much QA. A date arrives, the branch is cut out, you get abrupt updates.
1147[15:49:34] <sstory> So not knowing, most have gone looking
1148[15:50:01] <jelly> sstory: debian has a LOT more software than centos (even after accounting for EPEL and friends)
1149[15:50:02] <sstory> ratrace: Yeah. I am ignorant, though I have spent some time researching it.
1150[15:50:17] <ratrace> sstory: there's a number of alternatives now. Oracle, CloutLinux RHEL clone, CloudLinux' new CentOS Clone. RockyLinux (from the same people that brought you CentOS, btw)....
1151[15:50:38] <jelly> ratrace: which ones do actually exist right now?
1152[15:50:45] <jelly> OEL?
1153[15:51:04] <ratrace> Oracle and CloudLinux, where Oracle is completely free and CL is paid
1154[15:51:06] <sstory> jelly: I really need just a few things. Ability to provide NTP, BIND, postfix, Samba on a few servers
1155[15:51:21] <ratrace> Rocky is in its infancy, and so is CloudLinux's CentOS clone project
1156[15:51:23] <jelly> sstory: those are all in LTS
1157[15:52:00] <ratrace> There's also OpenSuSE if you want to remain in RPM land, and they say Leap is very close to SLES, kinda like CentOS was to RHEL
1158[15:52:10] <sstory> Yeah, I have seen all of those. Oracle has left bad trust issues with most people. Rocky looks promising but don't know the time until ready. We have until 2024 on version 7 to migrate off, but on version 8, 1 year. I already had a huge workload just to make that and now??
1159[15:52:30] <sstory> Thanks for all of the tips for sure.
1160[15:52:54] <ratrace> sstory: I've made a bet that RH will release RHEL completely free, wire-tripping the community efforts once again.
1161[15:52:57] <jelly> setting up workflows, builds, tests, for a new distro is surely going to take a nonzero amount of time
1163[15:53:26] <ratrace> jelly: took us over a year to migrate a dozen (heterogenous tho) FreeBSD deployments to Debian.
1164[15:53:41] <jelly> ratrace: what was wrong with freebsd?
1165[15:53:47] <sstory> The problem is no one trusts RHEL anymore! They blew their foots off with a shotgun. People are disillusioned, angry and exiting quickly.
1166[15:53:54] <ratrace> one by one, then you iron out bugs, most of it was watching and observing for edge cases before you take on the next one.
1167[15:54:07] <sstory> jelly: True that and thus the problem.
1168[15:54:12] <jelly> sstory: they're IBM now. We'll see what happens after IBM splits in two.
1169[15:54:14] <ratrace> jelly: mostly what I wrote above about ports. it's wild west and you have to doit all yourself and that's terrible
1170[15:54:21] <sstory> jelly: Yes.
1171[15:54:46] <ratrace> jelly: also, zero security features. "jails" but.... that's comes with a lot of baggage of its own, no tooling.
1172[15:54:54] <jelly> ratrace: did you consider debian/kfreebsd for a split second? :-)
1173[15:54:59] <sstory> ratrace: Yeah I was afraid of that and who has the time. Might as well do Arch and spend all of my time fixing/building the car rather than just driving it.
1174[15:55:25] <sstory> jelly: I saw it mentioned, but honestly don't even know the difference between it and debian.
1175[15:55:39] <sstory> Is it a UNIX clone rather than LINUX clone?
1176[15:55:40] <jelly> oh, not you, him
1177[15:55:48] <sstory> oh. Ok. Sorry
1178[15:56:09] <jelly> sstory: it's just debian atop a freebsd kernel
1179[15:56:12] <ratrace> jelly: no. no point in using superior userland with inferior kernel. and you and ten other people is too small of sample to rely on.
1180[15:57:12] <ratrace> "you" = self. yourself and ten other users of kfreebsd is too small userbase to rely on getting bugs spotted and fixed :)
1181[15:57:24] <ratrace> coulda just roll out LFS, I'd have greater userbase to rely on :)
1185[15:58:17] <ratrace> but even so, the lack of security features would STILL be present. there's nothing like Apparmor or selinux in freebsd. their MAC policies are completely radically different, and poorly supported.
1186[15:59:11] <ratrace> for our use case, we have a lot of WordPress sites to support. don't ask, that's what clients want, we do managed hosting. and those I can very much lock down with AppArmor.
1187[15:59:12] <jelly> honestly I like grsecurity better than any mainstream security feature, but their pricing range is similar to ELTS
1189[15:59:37] <ratrace> with jails, I could not. the jails themselves would still get infected and attack out, even though the rest of the system is isolated. jails are very poor security tool.
1194[16:03:51] <ratrace> jelly: apparmor is shaping up to be as powerful as grsec's RBAC. are those few extra patches gresc does worth the $$ ?
1195[16:04:18] <ratrace> What's up with KSPP ... how's that going. and really, for such very exposed systems, I'd actually trust RHEL more.
1196[16:04:42] <jelly> mainstream is catching up, if slowly and imperfectly
1197[16:04:46] <ratrace> they do damn good job in securing the kernel, and selinux is baked in and native. way more complx that grsec RBAC but also more powerful
1233[16:14:09] <Eryn_1983_FL> rsync: write failed on "/mnt/disk/pool/MOVIES/An.Inconvenient.Sequel.Truth.to.Power.2017.1080p.BluRay.x264-BRMP[rarbg]/an.inconvenient.sequel.truth.to.power.2017.1080p.bluray.x264-brmp.mkv": File too large (27)
1234[16:14:10] <short-bike> file (or files) ??
1235[16:14:11] <Eryn_1983_FL> rsync error: error in file IO (code 11) at receiver.c(374) [receiver=3.1.3]
1236[16:14:13] <ratrace> lemme guess, FAT32 and you have files bigger than 4G?
1237[16:14:13] <Eryn_1983_FL> it stopped
1238[16:14:17] <Eryn_1983_FL> yeah
1239[16:14:24] <Eryn_1983_FL> extfat
1240[16:15:03] <ratrace> try --max-size
1241[16:15:45] <Eryn_1983_FL> yeah
1242[16:15:45] <ratrace> but uh... exfat?
1243[16:15:55] <ratrace> max file size is in petabytes
1427[18:00:55] *** Quits: Haudegen (~quassel@replaced-ip) (Quit: Bin weg.)
1428[18:00:56] <boktan> so there must be a solution like they do on ubuntu on other distros too
1429[18:01:14] <ansimita> !ubuntu
1430[18:01:14] <dpkg> Ubuntu is based on Debian, but it is not Debian. Only Debian is supported on #debian. Use #ubuntu on chat.freenode.net instead. Even if the channel happens to be less helpful, support for distributions other than Debian is offtopic on #debian. See also <based on debian> and <ubuntuirc>.
1431[18:01:19] <greycat> Debian has signed kernels as well.
1432[18:01:25] <greycat> That doesn't mean #debian can tell you how they work.
1433[18:02:11] <boktan> if linux is a community distro then must be easy i think
1434[18:02:22] <boktan> if linux means it is better then windows at least
1435[18:02:23] <jhutchins> Solution looking for a problem.
1436[18:02:23] <boktan> :D
1437[18:02:49] <boktan> if this is a secret i dont know what to say :D
1450[18:15:35] <dob1> did you disabled secureboot? I did, it was a bad idea? to be honest at the time of installation I read the secureboot wiki and I remember I found it confusing/difficult so I disabled it to make things simpler
1454[18:17:40] <dob1> boktan, not specific to you, I read your question and I was asking it in general to persons here
1455[18:18:25] <boktan> msi meg z490 ace cannot disable secureboot completely... even if you disable it; it is enabled in somewhere :D
1456[18:18:49] <quadrathoch2> dob1 nowadays imho it should be pretty simple (it really depends on how bad your uefi is). but it normally takes like a minute to set everything up
1457[18:19:20] <boktan> let me show you what msi send me
1458[18:19:31] <dob1> quadrathoch2, but I remember you have to do the same thing at every kernel update, isn't it?
1459[18:19:37] <boktan> Sorry for the inconvenience caused you!In fact, we have tested the MB with the v131 BIOS and AMI original CRB BIOS. Sorry to say that the issue appears on both of the two BIOS.For your current issue, we suspect your current "kali linux" doesn\'t comply with Microsoft specifications, and it should be the limitation. Sorry for that, and we still
1460[18:19:38] <boktan> suggest you install windows system on the motherboard. Thanks!
1461[18:19:42] <boktan> the last message i get from them :D
1462[18:19:59] <quadrathoch2> dob1 nope, because you have a shim between uefi and the kernel :)
1463[18:20:43] <quadrathoch2> boktan sounds like to drop msi from the 'good for linux' list
1464[18:21:09] <dob1> quadrathoch2, and debian installer take care of this for me?
1471[18:23:11] <boktan> i did a little research in internet about signing the keys but it was hard for me to understand it because of my bad english ... it would be very nice if anyone was uploading it to youtube :D
1472[18:23:46] <boktan> signing the kernel*
1473[18:23:51] <boktan> sorry for misstype
1474[18:24:01] <quadrathoch2> boktan signing your own key, or specifically what?
1475[18:24:38] <boktan> i mean many linux distros are not signed by microsoft but some friends here suggested me to do it myself and this was what i was talking about quadrathoch2
1477[18:25:08] <quadrathoch2> boktan look into how those distros have you do it. because it's specific to them
1478[18:26:30] <jmcnaught> You only need to bother with a Machine Owner Key (MOK) if you are building out-of-tree kernel modules, such as with DKMS. My laptop has SecureBoot enabled, all I had to do was install Debian like normal (booting the installer in UEFI mode).
1483[18:28:48] <jmcnaught> If you are using VirtualBox then you are probably using DKMS-built modules. This part of the wiki page outlines the steps to use a MOK: replaced-url
1484[18:29:04] <dob1> I read it, at every virtualbox update?
1487[18:30:54] <dob1> ok let's say I forget this, does the system boot after reboot?
1488[18:31:01] <dob1> no, right?
1489[18:31:26] <dob1> or it just doesn't load virtualbox modules?
1490[18:31:34] <jmcnaught> I'm not using any out-of-tree modules on my machine with SecureBoot, but I think what would happen is only the unsigned module would fail to load.
1493[18:32:19] <jmcnaught> Alternatively if you are not already heavily invested in VirtualBox then maybe consider virt-manager/libvirt with QEMU+KVM which does not require an out-of-tree module.
1514[18:46:09] <quadrathoch2> boktan how would that be possible. because best case (for security) you only have the signing key of your distro in the uefi verified keys part. I guess you could still add a second one (just to have as a backup)
1530[18:49:36] <dob1> jmcnaught, and if you have added a new one?
1531[18:50:18] <jmcnaught> dob1: /root/MOK.priv *is* the new one that you as a Machine Owner create
1532[18:51:04] <jmcnaught> Debian can't distribute its own private key for people to use for signing their own modules. If the private key/shim was out there in the wild it would defeat the purpose of SecureBoot.
1533[18:51:31] <jmcnaught> _0xbadc0de_: look for entries in the logs that match the timestamps between closing the lid and trying to resume.
1534[18:51:44] <dob1> jmcnaught, it's a bit more clear now
1546[18:53:21] <jmcnaught> _0xbadc0de_: /var/log/syslog to start, or if you have enabled persistent journal then "journalctl -b -1 -e" to see the final messages from the previous boot.
1547[18:53:48] *** Quits: JohnML (~john1@replaced-ip) (Remote host closed the connection)
1548[18:53:52] <boktan> anyone have here msi meg z490 ace motherboard?
1550[18:54:21] <dob1> jmcnaught, but the wiki says "Most x86 hardware comes from the factory pre-loaded with Microsoft keys" so you have access to ms keys ? it's not the same as accessing the debian one?
1572[18:59:56] <quadrathoch2> _0xbadc0de_ if you can't handle secure boot that's one thing. but please keep your language at bay
1573[19:00:26] *** Quits: Ericounet (~Eric@replaced-ip) (Remote host closed the connection)
1574[19:00:40] <jmcnaught> _0xbadc0de_: it looks like you are using GDM as display manager with a KDE/Plasma session. That should work, but maybe try replacing gdm with sddm if you only use KDE.
1576[19:01:12] <boktan> _0xbadc0de_ i want to... but it's sadly not working on my motherboard... jmcnaught no but i want to install archlinux or parrot os or maybe kali, or Pop!_OS but i cant... i only have few options because of my motherboard haves some secureboot problems
1577[19:01:37] <_0xbadc0de_> boktan: you can't disable it?
1578[19:01:43] <_0xbadc0de_> via bios options?
1579[19:01:53] <boktan> _0xbadc0de_ i can disable it but its not working
1580[19:02:06] <boktan> msi did answer me about that and they was not able to do it too :D
1582[19:02:19] <boktan> do you want to see the message?
1583[19:02:22] <_0xbadc0de_> ya
1584[19:02:40] <boktan> this is the last message they sent me
1585[19:02:44] <boktan> i did tryed kali linux
1586[19:02:45] <boktan> Sorry for the inconvenience caused you!In fact, we have tested the MB with the v131 BIOS and AMI original CRB BIOS. Sorry to say that the issue appears on both of the two BIOS.For your current issue, we suspect your current "kali linux" doesn\'t comply with Microsoft specifications, and it should be the limitation. Sorry for that, and we still
1587[19:02:45] <boktan> suggest you install windows system on the motherboard. Thanks!
1610[19:05:01] <mason> boktan: Run Debian on it. That's what we support here anyway. And you can still learn about MOK and friends per that link I sent earlier.
1611[19:05:28] <_0xbadc0de_> boktan: kali is for faggots - but is there a "Enable CSM" option on the bios?
1612[19:05:47] *** Quits: fionnan (~fionnan@replaced-ip) (Remote host closed the connection)
1613[19:05:52] <jmcnaught> _0xbadc0de_: the f-word is unacceptable language.
1614[19:05:54] <greycat> _0xbadc0de_: do NOT use racial, sexual, or other slurs here.
1615[19:05:59] <mrkramps> is kali's kernel signed?
1627[19:07:06] <boktan> greycat did i ask anything about kali?
1628[19:07:18] <boktan> or you reading it wrong maybe?
1629[19:07:22] <greycat> 13:05 mrkramps> is kali's kernel signed?
1630[19:07:28] <boktan> its not my
1631[19:07:32] <boktan> tell it to him not to me
1632[19:07:32] <mason> boktan: There are two points. One, you don't have to do anything to get SecureBoot support in Debian out of the box. 2) The tooks are available if you do want to play with them.
1633[19:07:47] <mason> s/tooks/tools/
1634[19:07:50] <greycat> 13:05 mrkramps> is kali's kernel signed?
1635[19:07:51] <greycat> 13:06 greycat> ask the Kali Linux people. they might know. we don't.
1636[19:07:58] <greycat> neither one of those has your name in it
1658[19:27:09] <boktan> i cannot install any distro i want because of my secureboot problem of my motherboard problem and signing the kernel myself is hard to do for me
1659[19:27:40] <jelly> you'll always have WSL!
1660[19:27:42] <ratrace> tried ubuntu? srs question. if ubuntu can't run, sounds like you have one of those MS only firmwares/bioses
1670[19:29:44] <mason> jmcnaught: That's a crazy suggestion, especially in here!
1671[19:30:00] <ratrace> I thought they tried that frist
1672[19:30:10] <boktan> the problem is that i cannot choose any distro i want... debian works ubuntu works but one day maybe i want to try another distro... in google there is distros they are extra for privacy but they are not signed...
1673[19:30:14] <mason> ratrace: Come on. This is 2020.
1675[19:30:44] <jmcnaught> boktan: if Debian works, install Debian. Then use the other distros in virtual machines. Way simpler to manage than multi-booting anyways.
1676[19:30:58] <ratrace> mason: indeed :)
1677[19:31:15] <boktan> jmcnaught the same thing i can do over windows with virtualbox too :D
1678[19:31:22] *** Quits: JohnML (~john1@replaced-ip) (Remote host closed the connection)
1679[19:31:25] <ratrace> so wait, all this time wasted talking.... and you 'aven't even tried Debian?
1680[19:31:33] <boktan> the performance i will get is important too also
1753[20:05:23] <petn-randall> tgunr: If you pay close attention to the error message, you'll notice that you're not using the distro pip, but one you've installed in ~/.local/.
1795[20:24:23] <ratrace> tgunr: the whole point is, use a virtualenv and run pip inside it. don't install unpackaged python modules outside of a virtualenv
1796[20:26:21] *** tinfoil-1 is now known as tinfoil-hat
1800[20:26:55] *** Quits: yans (~yans@replaced-ip) (Quit: chaos is the only true answer)
1801[20:27:22] <ratrace> that's a general rule of thumb for python. just because some specific script doesn't mention it.... doesn't mean you should not do it
1833[20:59:10] <tgunr> same exact error as a user :(
1834[21:00:30] *** Quits: magyar (~magyar@replaced-ip) (Remote host closed the connection)
1835[21:01:01] *** Joins: magyar (~magyar@replaced-ip)
1836[21:05:02] <alexrelis[m]> I'm gonna ask here because I can't think of another place to ask: why can't I easily install a distro like Debian on my Android-based smartphone? Is the problem hardware support?
1837[21:05:02] <alexrelis[m]> And yes, I know about the Librem 5 and the Pinephone. I'm asking specifically about most modern Androids.
1838[21:05:23] <ratrace> tgunr: which error, RuntimeError: This API blah blah blah?
1859[21:12:17] <ratrace> I guess the packaged pip is simply broken. use virtualenv.
1860[21:12:43] <quadrathoch2> alexrelis[m] especially qualcomm is known for not caring about keeping up with kernel releases. that's why there are still alot of phones with kernel 3.*
1863[21:14:45] <alexrelis[m]> quadrathoch2: so the firmware that Qualcomm releases can't be used in GNU/Linux? Is that because of a licensing issue or is it because the way Android handles the firmware is different?
1864[21:15:34] <mrkramps> closed source, no publicly available and not uptodate
1880[21:22:07] <ratrace> also.... be very careful with searching like that and installing.
1881[21:22:32] <ratrace> what you should do is follow packages from their official documentation sites, to pypi, and carefuly type in the package name.
1882[21:22:46] <ratrace> unfortunately, pypi has lately been under attack of name squatters, installing malware under typo'd package names
1883[21:23:01] <ogo> so i have got pycharm installed with virtualenv, from command line i do "source activate" in the project/bin directory
1884[21:23:38] <ratrace> ogo: installed how?
1885[21:23:39] <ogo> if i use pip there the packages are visible for pycharm? or should i install pacakges from within pycharm?
1886[21:24:06] <ogo> pycharm is simply unpacked in /opt
1888[21:24:22] <ratrace> ogo: pycharm has its own GUI methods to manage project interpreter and packages. no need to use command line pip from its terminal but YES, that terminal should be running within the designated virtualenv (for the project)
1889[21:24:50] <ratrace> ogo: so you installed pycharm from the offical tarball. okay, that's how I use it too. you made it sound as if you install it WITH(IN) virtualenv ....
1890[21:25:14] <ratrace> however, your currently active project must have a virtualenv designated for it
1892[21:26:06] <ogo> yes i used the official tarball. i am a bit confused whether i need to do virtualenv from command line at all
1893[21:26:33] <ratrace> command line of its bult-in terminal view? no, as long as you have a virtualenv designated for the project
1894[21:26:34] <ogo> if pip from within pycharm works then i guess there is no need for me to "activate" the virtualenv
1895[21:26:49] <ogo> no command line of linux
1896[21:27:03] <ratrace> what do you mean by "no command line of linux" ....
1897[21:27:50] <ratrace> Please use FULL english sentences, with subjects, objects and verbs in appropriate relationship.
1898[21:27:52] <greycat> I think they mean "I can run it if I login with a shell and type these commands _____ but instead of doing that I want to _____ how can I"
1910[21:31:46] <ratrace> and btw the shell you get even has the prompt altered to show virtualenv name, just like activating it outside pycharm, on a shell
1911[21:31:50] <ogo> ratrace, sorry: I mean i did not use the bulitin terminal view of pycharm, but i used a linux terminal an went to the directory of the project (this directory was created by pycharm and had bin/activate script in it).
1913[21:32:20] <ratrace> ogo: then you need to activate the virtualenv
1914[21:32:23] <ogo> i sourced this "activate" script from the linux shell and then I used pip in the ensuing prompt
1915[21:32:47] <ratrace> a virtualenv is really just a modification of your PATH, to look up python binaries, libs and other things, inside the virtualenv directory first
1916[21:32:58] <ratrace> ogo: right, so that has nothing to do with pycharm
1917[21:33:53] *** Quits: jukeboh (~noname@replaced-ip) (Remote host closed the connection)
1918[21:34:02] <ogo> well I want the packages that are installed by pip from that virtualenv to be accessible to pycharm projects as well.
1922[21:35:19] <ogo> ok, how do I know which projects are assigned to which virtualenv?
1923[21:35:43] <ratrace> in the project settings, PYthon Interpreter tab
1924[21:36:08] <ratrace> I don't know if you can get a tabular view for all your projects at once, but inside active project, that's the way to manage its virtualenv
1952[21:51:55] <ratrace> there can't be a debian package due to packaging policies. JetBrains doesn't offer an LTS version that Debian could package for 3 years
1953[21:53:09] <ratrace> ogo: and what do you mean by that? pycharm doesn't carry any python, to need sync with system python
1954[21:53:25] <ratrace> it's an IDE based on Intellij which runs on JRE (Java).
1959[21:56:35] <mspe> does anyone know if apt-mirror is dead?
1960[21:56:49] <ogo> ratrace, for example right now I have two copies of the pacakge "keras". One is installed in the virtualenv of my pycharm project. the other I had installed a while ago via apt-get python3-keras
1969[22:05:52] <ogo> and i assume not all packages in pypi are available via apt-get, and those that are available offer a more recent version in pypi than what is packaged for apt-get, is that right?
2067[23:16:32] <woenx> Hi. I would like some advice. I have several computers at home (for me and some relatives) which have the same users. Changing the password is quite bothersome (go computer by computer and asking the person to change it every time). What would be the simplest way to sync these passwords among several computers?
2068[23:17:21] <ratrace> mirrorbird: a what?
2069[23:17:33] <mirrorbird> woenx, give everyone the same pw
2070[23:17:37] <ratrace> woenx: using config automation like ansible
2071[23:17:42] <woenx> aha
2072[23:17:55] <mirrorbird> ratrace, hotchix = hot chicks
2073[23:18:03] <mirrorbird> they don't like me to say it
2074[23:18:07] <woenx> I was thinking either 1) write a script so the NAS replicates the /etc/passwd and /etc/shadow to each computer, or 2) use openldap
2076[23:18:26] <jess> mirrorbird: are you just going to go between channels doing this bit
2077[23:18:36] <mirrorbird> jess, do you want to be my wife
2078[23:18:50] <ratrace> woenx: no need to replicate those files (and you can break things if there's different software installed on computers). ansible, for example, has the ability to set use password
2079[23:18:55] <mirrorbird> jess do you have milker
2080[23:18:56] <mirrorbird> s
2081[23:18:57] <greycat> If the computers are all on your home LAN, the simplest way would be NIS.
2082[23:19:01] *** debhelper sets mode: +l 1189
2083[23:19:11] <mirrorbird> they're limiting our lebensraum to 1189
2084[23:19:21] *** Quits: somazero (~somazero@replaced-ip) (Remote host closed the connection)
2085[23:19:23] <mirrorbird> genocide
2086[23:19:28] <ratrace> ohlook, someone wants to get a kickban.
2087[23:19:37] <woenx> I have never played with ansible. by a first look at google, isn't it a bit overkill?
2088[23:19:38] <greycat> NIS was literally *built* for keeping a centralized password database for a protected LAN.
2117[23:23:21] <mutante> login with fingerprint sensor?
2118[23:23:24] <woenx> ok, one of the reason is that the nas has a couple of services exposed to the internet, and there were some very easy passwords that I wanted to change
2119[23:23:49] <gnat_x> but if you remember a truly random ~20 char (more is better) password, that will on the whole be better than anything someone comes up with every 3 months.
2120[23:23:55] <woenx> Mmm, one of the laptops does not have fingerprint sensor, and in any case, it's support in ubuntu (what they use as a client) is not very good
2121[23:24:01] <ratrace> fingerprint is not a bad idea at all... or something like a yubikey
2123[23:24:22] <ratrace> woenx: oh so this is not really a debian question? :)
2124[23:24:30] <raidghost> not sure, just joined :P
2125[23:24:31] <mutante> I would usually not say it but if the combo is "grandma factor" and "low to medium security" then yea
2126[23:24:39] <woenx> no, the place where i want to centralise the password management is a debian
2127[23:25:00] <woenx> but the client computers are a mix of several distros + windows 10
2128[23:25:32] <ratrace> I'd really look into biometrics or yubikey. passwords are worst possible security mechanism, esp with people who aren't tech savvy
2129[23:25:39] <mutante> back to the original question.. you can rsync /etc/passwd and /etc/shadow but it seems very hacky to me.
2131[23:25:54] <raidghost> No polkit agent available to authenticate action org.libvirt.unix.manager
2132[23:26:01] <mutante> using something like ansible or chef or puppet to manage users is also a valid approach.. especially the more computers there are
2133[23:26:05] <raidghost> So there must be some package that i?ve missing, i guess?
2134[23:26:07] <ratrace> I would't. if there's different software installed, you could break things by rsycing passwd or shadow
2135[23:26:14] <woenx> mutante: that was my first thought, and I was already writing a script to do so, but I found some walls
2136[23:26:23] *** Quits: Christian75 (~Christian@replaced-ip) (Remote host closed the connection)
2137[23:26:43] <woenx> my idea was to compare the hash in the shadow file, and if it's different, change it.
2138[23:26:45] <mutante> woenx: I think I would use puppet to manage the users and all the software packages installed on all the computers.. and control it from the puppetmaster
2139[23:26:53] <mutante> woenx: but that's also because I already use it
2154[23:28:33] <woenx> What I had written so far, is a bash script that connects via ssh to a list of hosts (the client computers) using a key, checks the users in each computer, and checks if the shadow file is the same or not
2155[23:28:46] <woenx> aha
2156[23:29:22] <ratrace> woenx: do NOT touch passwd and shadow files directly. you'll break things.
2157[23:29:22] <raidghost> jmcnaught: using virt-manager from putty in windows with x11 forward
2161[23:29:57] <b1ackandwh1te_> I managed to put google 2 step auth in all internet account I could. 1 week ago my phone no water proof falled into the toilet pooped.
2162[23:30:01] <ratrace> yes. if you install different software on different computers, one may have an UID that nother doesn't, and you can break that by forcing entire passwd file
2163[23:30:15] <woenx> Yep, it's dangerous
2164[23:30:25] <woenx> you can be completely locked out of a computer
2165[23:30:33] <petn-randall> b1ackandwh1te_: And then you pulled out your backups?
2166[23:30:50] <woenx> so, leaving the same password for years at once, even if it's a simple one, is not such a bad idea then?
2167[23:30:52] <b1ackandwh1te_> backups?
2168[23:30:54] <raidghost> jmcnaught: trying to open virt-manager on my debian server from windows (putty + xming + x11 forward)
2169[23:31:00] <b1ackandwh1te_> nonono
2170[23:31:24] <ratrace> woenx: simplest thing is idempotent echo "<password>:<user>" | chpasswd ; you don' tneed to check for anything, just run that to set passwd. run again to change.
2171[23:31:34] <woenx> aha
2172[23:32:14] <woenx> yep, i was planning to user chpasswd
2173[23:32:42] <mrkramps> i'd be interested in how you deal with your relatives after password change when they cannot remember the new one for like 6 month
2174[23:32:47] <ratrace> there's a program that allows you to run single commands simultaneously on multiple computers, or really just use ansible. puppet is a monstrostity that pulls in 80+ packages of ruby, and is memory and cpu hungry just on idle. definitely super overkill for THIS task alone
2175[23:32:50] <mutante> Are you just looking for a solution how to change passwords on multiple machines or also to re-create more machines in the future.
2176[23:32:53] <woenx> the thing is, I cannot do that remotely through ssh because of sudo (it requires a password to be typed, and I don't want a passwordless sudo user)
2177[23:33:21] <woenx> I'll have a look at ansible. Or just changing the passwords manually and try to restrict access through other means
2178[23:33:28] <ratrace> woenx: you can with askpass ; or use ansible
2179[23:33:40] <mutante> woenx: sudo isn't ALL or nothing, you can configure sudo to let one user run one very specific command as one other user, it doesn't have to be ALL ALL just because that's popular
2180[23:33:51] <woenx> aha
2181[23:34:03] <woenx> so I could configure one user to allow just? chpass
2182[23:34:20] <ratrace> no, because they can chpass root . really, use ansible.
2183[23:34:20] <mutante> yea, or even with specific parameters only
2184[23:34:20] <woenx> Mmm, that sounds more realistic now
2185[23:34:25] <jmcnaught> raidghost: not sure how that would work. Any way for you to run virt-manager on Linux natively? virt-manager can manage remote libvirt instances/VMs.
2186[23:35:04] <ratrace> if you really need to use passwordless sudo, then you should prepare a script that runs explicit chpass for a specific user, but that's cumbersome to manage. really, use ansible. OR NIS as greycat suggested.
2187[23:35:28] <woenx> OK
2188[23:35:34] <mutante> or give them yubikeys
2189[23:35:38] <mutante> for xmas
2190[23:35:40] <ratrace> I'd go with yubikeys yes
2191[23:35:51] <raidghost> jmcnaught: not on linux on my workstation, And i wanted to do some test on a vm in my living room
2192[23:36:03] <mutante> but managing those is also cumbersome :p
2193[23:36:44] <ratrace> how 'bout thin clients and you really have one central computre to manage
2194[23:37:13] <ratrace> oooh oooh! what Linus (of Linus Tech Tips) did! One central beefy computer and only peripherals around the house. keyboard, monitor, moues, usb hub, audio/video.
2195[23:37:25] <mutante> hah, best idea so far.. you run a Debian machine and they just have terminals like back in the days. it's made for this model :)
2196[23:37:31] <woenx> The only thing I;'m worried about is the NAS, which has an ssh port open, and can be accessed using these user's passwords
2197[23:37:40] <woenx> I think i'll restric access to key only and that's it
2198[23:37:58] <woenx> and the users can set whatever password they want in their own computers, as simple as they wish
2199[23:38:00] <ratrace> mutante: no joke, you can install very minimalistic debian with openbox + vnc preconfigured to start up and connect to your main "server"
2200[23:38:24] <mutante> ratrace: yea, and it would solve the whole key management, good idea!
2201[23:38:28] <ratrace> so that local computer's desktop is nonexistent and vnc runs fullscreen, so the deskop they see, is from the server
2202[23:38:40] <mutante> woenx: get rid of PCs :)
2203[23:38:53] <jmcnaught> raidghost: maybe if you manage the VM with virsh over ssh on the command line, and use virt-viewer on Windows for the virtual console you could have better luck.
2204[23:38:54] <woenx> then the users would complain
2205[23:39:12] <mrkramps> i'd actually pxe boot the base system
2206[23:39:25] <mutante> pxe over internet was even a thing :p
2207[23:39:32] <b1ackandwh1te_> once I buy a new phone, transfer the SIM card and restore google account I will check the 2 step auth app, but I vaguely remember that the entryes (those that we create reading qrcode) dont restore.
2232[23:51:01] <woenx> What would be a good way to be informed about ssh login or failed attempts? I was thinking that maybe sending a mail or xmpp message when a failed attempt happened, but that would feel a bit spammy after a while.
2233[23:51:09] <woenx> What about a weekly report?
2234[23:51:26] <mutante> woenx: I think it would feel spammy after the first minute :)
2235[23:51:41] <mutante> well, speaking of servers on the Internet
2248[23:54:13] <woenx> and i'm only let a non-root user to log in
2249[23:54:33] <mutante> woenx: or go oldschool and since you are asking here.. install eggdrop IRC bot, write a TCL script to make the bot PM you right here on Freenode :)