3[00:05:14] <DDDD> Hello. I have an usb ethernet device which i use with my VM's to isolate them from the hosts built in NIC. I sometimes have issues mounting this on the guest OS because Debian 10 buster will mount the device itself and won't let virtualbox to assign it to the guest.
16[00:11:25] <DDDD> I do have a filter in virtualbox.
17[00:11:59] <DDDD> But when virtualbox is not active my host (debian) mounts the device instead. If i shutdown virtualbox and host mounts it i can never mount it on the virtualbox again.
18[00:12:10] <DDDD> So i'm guessing the host just won't let go of it sometimes :P
36[00:22:30] <miguel_clean> while GIT seems to address all of my text/source related storage & versioning requirements , I am still looking for something similar to cope with binary data
37[00:22:54] <miguel_clean> I read that git is not suited for this in general
38[00:23:11] *** Quits: mdmarmer (~mdmarmer@replaced-ip) (Remote host closed the connection)
39[00:23:29] <miguel_clean> please give me some ideas/hints what to explore
40[00:24:15] <freem> versionning and binaries does not really work together imo
41[00:24:37] <jhutchins> DDDD: You are running Network Manager in a GUI on your host?
42[00:24:39] <freem> because you can usually *not* do a diff between binaries
43[00:25:06] <jhutchins> freem: Sure you can.
44[00:25:30] <freem> in a generic fashion? So that the diffs are meaningful to the user?
45[00:25:36] <freem> I'm interested :)
46[00:25:40] <jhutchins> freem: You can use diff and path to update or modify them.
47[00:25:51] <DDDD> Well usually i use ifconfig but my usb nic is not even listen there or on the network manager gui
48[00:25:52] <jhutchins> s/path/patch
49[00:26:14] <miguel_clean> right now lets say Im playing with blender... I find myslef keeping each version of a model in a new file.. as I progress... car1.bledner... car2.blender. ... car22.blender...
51[00:26:38] <jhutchins> DDDD: Check dmesg to see what's activating it.
52[00:26:50] <freem> git's problem with such things is mostly that it makes the repo big, and same for the cloning
53[00:27:07] *** Quits: frgo (~frgo@replaced-ip) (Remote host closed the connection)
54[00:27:31] <jhutchins> DDDD: BTW ifconfig is deprecated and will probably be eventually removed.
55[00:27:33] <freem> I think git-lfs tries to improve on that situation. Some will also prefer the use of, for example, subversion, since when you "clone" you don't clone the whole repo
61[00:28:59] <jhutchins> freem: git should only clone modified files.
62[00:29:00] <hop> blender itself has support for archives of previous versions, no?
63[00:29:14] <DDDD> Probably because virtualbox has captured it now, problem is sometimes when i have to kill the virtualbox instance for some reason, then host (debian) captures it.
69[00:30:39] <hop> if you use a vcs, make sure to save uncompressed
70[00:30:58] <miguel_clean> I could of course use internal meachnics of each app to keep differnet versions/layers of 3d-models or paintings or whatever...
71[00:31:15] *** Quits: LEGITtimeTRAVELE (uid478739@replaced-ip) (Quit: Connection closed for inactivity)
72[00:31:25] *** nyaomin is now known as nyaomi
73[00:32:03] <hop> it's a non-trivial problem. always has been
74[00:32:46] <hop> using a backup tool that chunks the data could be an efficient option, like borg
75[00:33:08] <miguel_clean> it just seems so elegantly solved for sourceocde/text that I thought of having this for all my data
76[00:33:36] <hop> it's not about text, it's about having a diff tool
77[00:33:36] <miguel_clean> but, yeah I am afraid I have to do regular backups....
78[00:34:07] <miguel_clean> I am fine with having a super simple diff just saying: diff -> yes/no
79[00:34:08] <hop> precious few people think about that when designing their file format
107[00:41:40] <jhutchins> DDDD: That looks like the culprit. I'm sorry but I have no knowledge of how to disable that.
108[00:42:11] <jhutchins> DDDD: The two best sources for info on systemd are RedHat (who is funding it) and Arch, who have great documentation.
109[00:42:17] <jmcnaught> DDDD: what on Debian is using the ethernet adapter? Is it NetworkManager? NM will ignore interfaces in /etc/network/interfaces by default, so you could add a line like "iface enp7s0 inet manual" to get NM to ignore it.
142[00:58:15] <miguel_clean> what I know for sure.. I love my commits,branches,merges for source code... but the experience for binary data lacks badly behind
143[00:59:00] *** Quits: tryte (~tryte@replaced-ip) (Remote host closed the connection)
144[00:59:03] <hop> "behind" sounds like there is a solution. there is not
145[00:59:16] <miguel_clean> I am aware I can do dauly/weekly/monthly snapshots of my "MIGUEL_DATA" directory
157[01:07:08] <incal> hello, I just installed iamerican-insane on Debian, does that thereafter work in Emacs? (ispell-change-dictionary "american-insane") says "ispell-change-dictionary: Undefined dictionary: american-insane" but "american" works
158[01:07:59] <freem> projects I know which include binary assets use git, even if it's not practical. It sucks for bandwidth/storage use, especially since assets repo is usually a submodule (but this could be improved with different organisation), but it do provides most of the usual features of git: branch, tags, etc.
164[01:09:42] <miguel_clean> freem: hop: probably I could use git for ALL my stuff, given there is an option to selectively prune histories of file (1. not sure if such option exists, 2. not sure if this approach is not super-ineefficient.. should look it up).. \
165[01:10:04] <miguel_clean> hop: in practice most merges are fast forward
166[01:10:09] <freem> I disagree, it allows to have stable branches and branches with the "next" versions
167[01:10:33] <hop> sure. enjoy the cool-aid
168[01:10:33] <freem> miguel_clean: yes, you can rewrite history to remove files in git
169[01:11:01] <freem> use your favorite search engine for: password git remove :p
170[01:11:50] <DDDD> Shutdown got stuck here and i had to press the reset button after 10 min. replaced-url
171[01:11:50] <freem> I didn't said it was perfect, hop, but it's still better than nothing
172[01:12:06] <hop> wat?
173[01:12:11] <freem> lol. "Shutdown got stuck". I love that.
174[01:12:21] <hop> equating borg et al. to "nothing" is quite… bold
175[01:12:31] <freem> haha, right, right
176[01:12:40] <DDDD> Well it did lol :P
177[01:12:47] <DDDD> not my fault, well it probably is but :D
179[01:13:12] <freem> DDDD: I'm just amazed by the idea a shutdown can freeze
180[01:13:36] <hop> that train left around 1999
181[01:13:39] <DDDD> I'm gonna change UFW rules to only apply to main NIC and see if that helps
182[01:13:53] <DDDD> freem, believe it or not it's happened to me a lot of times in the past.
183[01:13:53] *** Quits: treeview (~treeview@replaced-ip) (Killed (Sigyn (Spam is off topic on freenode.)))
184[01:14:09] <DDDD> To be honest i'm to uneducated to use linux but i hate windows by principles
185[01:14:11] <freem> I believe you, don't worry
186[01:14:15] <DDDD> i won't touch a damn mac so here i am :P
187[01:14:43] <freem> I have seen systemd slow default boot, when a simple ethernet cable is not plugged in, after all
188[01:14:53] <miguel_clean> DDDD: now worries, I am just about to buy a shiny $$ mac to get time-machine
189[01:15:13] <miguel_clean> to stupid to opreate git et al
190[01:15:22] <freem> I also have read interesting document about how systemd's dependency mechanism can be... surprising.
191[01:15:25] *** Quits: Tobbi (~Tobbi@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
192[01:15:47] <freem> just for reference, this document: replaced-url
193[01:15:51] <DDDD> I just don't like apple by the sheer principle of it lol. Feels like you pay more then you have to just for the bling of it and they have lots of ideas what you're allowed to do with shit you bought yourself :P
194[01:16:14] <DDDD> Tho they have some nice products.
195[01:16:24] <miguel_clean> freem: tltr sorry
196[01:16:33] <freem> yeah, I guess so
197[01:16:38] <miguel_clean> but yes,... systemd sucks
198[01:16:39] <tehnull> suddenly my system time is 21 minutes fast and I can't figure out why it changed unfortunately I'm too much of a noob to sort this ouit
199[01:16:41] <tehnull> any ideas?
200[01:16:43] <freem> took me quite the time to read it
201[01:16:59] <freem> <miguel_clean> but yes,... systemd sucks <== those who really think that don't use systemd
210[01:18:33] <freem> or install "ntp", which will keep your system date synced
211[01:19:12] <freem> so you probably hate it as much as I hated windows, when I only knew windows and was too lazy to try something else
212[01:19:37] <DDDD> Damn network manager mounts the damn nic, i'll try the suggestion about /etc/network/interfaces from earlier
213[01:19:41] <freem> systemd have problems, but it also have quite the good points.
214[01:20:26] <hop> .oO(every generation needs its vi-vs-emacs)
215[01:20:34] <freem> :)
216[01:20:40] <tehnull> System clock synchronized: no
217[01:20:40] <tehnull> NTP service: active
218[01:20:43] <miguel_clean> freem: for my "real" work I do not have complete freedom to choose and set up each server form scratch, so I use THIS as an excuse here :P
219[01:21:00] <freem> yeah, this one is a good excuse, ofc
220[01:21:11] <tehnull> I don't understand why this happened it was fine yesterday and today it's gone mad and nothing should have changed between then and now
221[01:21:23] *** Quits: DDDD (~DDDD@replaced-ip) (Remote host closed the connection)
222[01:21:31] <miguel_clean> freem: do you use a simpler alternative in "prod" somewhere?
223[01:22:02] <miguel_clean> prod beeing = your grandma's cookie-shope
225[01:22:57] <tehnull> freem ntp is installed and running for over a year
226[01:22:59] <freem> miguel_clean: on the systems I had under my responsibility (IoT stuff, our softs were buggy as hell, needed a real, stable watchdog, simple enough to maintain, amd64&armhf, more than 200 systems, not physically reachable) I used runit. Same for the servers I had, same everywhere, actually.
227[01:23:07] <tehnull> in that case this should not have happened correct?
235[01:25:10] <freem> maybe the reference servers got some problem?
236[01:25:13] <miguel_clean> freem: makes me curious enough to have a look on runit (for my self-hosted stufff = to be hones.. 10 virtual boxes on ONE single physical machine, but anwyay.. might simplify things there)
243[01:26:52] <freem> miguel_clean: if that can help, I have some runit files here: replaced-url
244[01:26:57] <miguel_clean> top: freem: and all I have forgot: thankx for giving me input to my initial question and far beyond.. no risk to get bored :)
254[01:29:22] <mo1991> I am curious peoples thoughts on tlp, laptop-mode-tools, and so forth to increase battery life on a very modern laptop. Is this still something that is recommended? I am not noticing a big difference in either. Running debian bullseye on a i7,40gb ram, 2 seperate nvme hdd laptop
271[01:37:09] * dpkg puts on a hockey mask and jumps out at hop
272[01:37:23] <hop> i've also taken money from apple…
273[01:37:24] <mo1991> hop - I"m just joking with you. I just can't afford to pay double for a mac when I can't stand mac os and their hardware, although awesome, is not worth 2x$$
274[01:37:58] <polardroid> and the apple mothershippyness ; )
275[01:38:13] <hop> yet you want their battery efficiency
276[01:38:30] *** Quits: tehnull (~tehnull@replaced-ip) (Quit: watchdog watchdog0: watchdog did not stop!)
277[01:39:33] <mo1991> hop - My new lappy is getting pretty good battery on debian, but not as good as winblows. Does mac hardware really get better battery life running linux or just macblos?
278[01:40:01] <hop> linux is not the culprit
279[01:40:32] <hop> get rid of gnome/kde, firefox, systemd… your battery life will be great
304[01:41:40] <freem> well, since systemd can do socket activation, it might actually help with battery life
305[01:41:54] <hop> sure.
306[01:42:24] <mo1991> hop - suggestions? I have been running debian since woody, but never really on laptops. Typically my desktop is xfce, although lately I have been testing cinnamon. Never could stand gnome3
318[01:52:07] <mo1991> well, I guess back to my original question. Is anyone using TLP or laptop-mode-tools and seeing a noticeable difference in power savings on a modern laptop?
429[02:25:46] <tehnull> I woke up and was getting ssl errors and deduced it was my system time after noticing my time was set 26 days and 21 hrs too slow
430[02:26:09] <hop> so set your time, be done with it?
431[02:26:11] <tehnull> in spite of the rtc time being set to gmt and correct
432[02:26:34] <hop> the hardware clock is mostly only relevant at boot tie
433[02:26:35] <hop> time
434[02:26:44] <tehnull> right but uhh usually when your system time changes itself it's a good idea to look into it and discover the cause right?
435[02:27:27] <hop> well, can you repeat the problem?
436[02:28:42] <tehnull> I don't know how to state it any simpler than my time was wrong and I want to know why it was wrong
437[02:28:58] <tehnull> I have a brain injury so the issue is almost certainly me not communicating effectively
438[02:29:04] <hop> i understand, but there may be no answer
439[02:29:20] <tehnull> that doesn't seem great
440[02:29:28] <tehnull> in the context of security
441[02:29:38] <hop> life, box of chocolates, all that stuff
485[02:41:17] <hop> nothing happened. you are safe to presume that some random accident caused your system time to be off. until it happens again, just take it as that
486[02:42:22] <tehnull> well I engage in a lot of human rights activism of the kind that would attract both state and corporate attention
487[02:42:41] <tehnull> which is why I'm so on edge about it
513[03:09:05] <tehnull> I would think dd should work no?
514[03:09:11] <n4dir> i usually use "dd", but i think these days most just use cp (might well be that is even recommended)
515[03:09:24] <sponix> routebee: if you like etcher it can be obtained from the etcher.io website
516[03:11:23] <dvs> !etcher
517[03:11:24] <dpkg> Etcher is not a reliable way to copy Debian images for installation. Instead, use cp or dd for linux or win32diskimager for Windows. replaced-url
576[03:39:36] <jim> the laptop just has the base installed, and it was successful, booting the new install, and logging in as root succeeded
577[03:40:11] <jim> problem is, I don't know what packages are needed
578[03:40:27] <ectospasm> jim: did you install the non-free firmware package? You may need to enable the non-free apt repo
579[03:40:51] <ectospasm> !nofree
580[03:40:52] <jim> no net yet :)
581[03:40:56] <ectospasm> !nonfree
582[03:40:56] <dpkg> [non-free] a component which contains software that does not comply with the <DFSG>. To add non-free packages to your packages index, ask me about <non-free sources>. To see which non-free packages are installed ask me about <non-free list>.
583[03:41:29] <jim> do people still use that apt-offline thing?
584[03:41:46] <ectospasm> I do not, but I can't speak for many.
590[03:44:58] <slidesinger-ss> Question: Is there anyway to scale down lightdm? I have a very high res laptop monitor that required the font for grub to be increased to 48 point to appear normal sized. I am having the same issue with lightdm and so far have not been successful in finding anyway to scale either X or the display manager. Is there anyway to do this? Is it limited to font?
591[03:45:00] <slidesinger-ss> I did manage to enlarge the font dpi, but the results, while mostly readable, are not consistent at boot. Changing the scale of lightdm reports that the scale is changed, but there are no visible results.
592[03:45:38] <slidesinger-ss> I run openbox/tint2 on X with lightdm/light locker for years, never had this issue before.
594[03:48:19] <mrjpaxton[m]> I'm not an expert on LightDM. I just use regular getty, but I have used it a few times in the past. You've checked and gone through this page fully, right? - replaced-url
596[03:51:12] <mrjpaxton[m]> If you are editing /etc/lightdm/lightdm.conf directly, just be aware that any updates to LightDM will cause dpkg to create config files next to it with new settings that won't take place until you copy them over. So I'd recommend overriding any font config settings in /etc/lightdm/lightdm.conf.d/ only.
598[03:54:18] <csgeek> a noob question. I'm building a building 2 debian packages. I have a control file with two binaries being created. I'm working on the rules file now, but how do the build tools determine which target to call for the different packages if it creates two artifacts?
606[03:56:59] <ectospasm> I've been using a Memorex 1G USB flash drive for years, it has always been reliable for me.
607[03:57:31] <routebee> all these usbs work they just refuse to boot
608[03:57:47] <routebee> i had a scandisk that i could boot from but i have lost it
609[03:58:12] <mrjpaxton[m]> Yeah, I don't think I've ever had a USB drive fail on me. I usually end up getting rid of them because I need higher capacity, than letting them wear out. I guess that's kind of wasteful, but.... Eh.
698[05:20:12] <mrjpaxton[m]> Yeah, a lot of times too, you might need to turn HW crypto and/or power saving off for iwlwifi in order for it to work reliably. It's just a pain with some of the Intel Wi-Fi cards. :(
699[05:20:25] <mrjpaxton[m]> At least in the past, they were.
730[05:40:51] <edufmass> hello! I just want to install only polybar from testing, I've added testing source but when I try "apt -t testing install polybar" or "apt install polybar/testing".. apt wants to update a lot of packages
734[05:44:30] <mrjpaxton[m]> edufmass: Probably because you shouldn't be using testing with stable. You'll probably run into a bunch of issues. You'll either want to stick with stable, or go all in on Testing (in which case this channel does not support or help those using Testing. You'll need to use #debian-next on OFTC.) Maybe check to see if it's in debian-backports first.
735[05:44:36] <mrjpaxton[m]> ,v polybar
736[05:44:48] <mrjpaxton[m]> Hmm... I forgot how to do this....
737[05:45:24] <edufmass> ohh ok, there is one version in backport
738[05:45:26] <mrjpaxton[m]> Anyway, yes. Please read this page first: replaced-url
886[09:02:32] <hegemoOn> hello, how is it possible to investigate a repo at an url and see if it provides security-updates ?
887[09:02:56] <rudi_s> gholinbrown: Well, MITM is mostly a term used for an attack over some network connection, but yes. If you download the .deb from the debian mirror without verification, put it on a usb-drive and plug it into a computer without network access and then install it, yes, a MITM on the original connection can give you false packages.
904[09:14:05] <Elzington> This post from 2014 gives some insight about the process of package verification. I am unsure if there is more up-to-date info. replaced-url
947[10:10:18] <Azrael_-> i'm running my NAS behind a NAT and want to share a huge file with a friend. what is the easiest way to allow him downloading this file without opening too many holes or making it too difficult?
1027[10:15:36] <ratrace> samba over public internet (I assume?) is a HUGE no-no. ssh would require you to set up keys (as you should not be doing passwords for ssh on public internet)... http(s) is imho easiest
1032[10:16:22] <Azrael_-> with ssh my problem would be: how to lock him in into a specific folder and not allow forwarding/access to other ressources like port forwarding and such things
1064[10:25:38] <ratrace> Elzington: that's a rather flawed "tutorial" ... as "tutorials" usually are.... sudo chown root:root /home/john is terrible. implies world readable home dir for no reason. chown root:john is sane and fits the openssh requirements for chrooted sftp
1067[10:27:27] <lesless> How to play all mp3 files in a folder?
1068[10:27:38] *** Quits: Ayo (~quassel@replaced-ip) (Remote host closed the connection)
1069[10:28:01] *** debhelper sets mode: +l 1172
1070[10:28:13] <ratrace> lesless: with a media player of your choice like mpv, vlc, ...
1071[10:28:46] <Elzington> ratrace: Thanks for the info. I'll look more into that. Follow up question: is the reason they do the root:root /home/john to make the home directory for john not accessible, and only the public_html direcotry accessible?
1072[10:29:45] <ratrace> Elzington: no as that wouldn't work. to access /home/john/public_html, john would need access to ALL the parts of that path. /, /home/, /home/john/, /home/john/public_html/
1073[10:30:16] <Elzington> ratrace: ah, I see. Thank you very much
1074[10:30:19] <ratrace> the reason the tutorial does root:root is because the author does not understand what they're doing, and are probably reading from another "tutorial" while writing this one.....
1075[10:31:05] <Elzington> ratrace: yet again... I'm foiled by the google search... really appreciate the info
1076[10:31:11] <ratrace> the OpenSSH requirements for Chroot directive are described in sshd_config(5). ALL the path elements must be _owned_ by root (doesn't state the group) and nobody but root may have _write_ permissions to them.
1077[10:31:49] <ratrace> thus making /home/john owned by root:john, you can have it chmod'ed 750, so john has access, can sftp, and nobody else can enter their home, nor their sftp connections can cd out of it.
1081[10:37:17] <Elzington> the root:john and chmod 750 bit makes sense to me, the part I need to brush up on is the "john needs access to all the parts of that path, /, home/, home/john/, home/john, public_html" What locks john into his home directory if he needs access to all elements in the path?
1165[11:47:54] <narutowaifu> I have a question about hardware firmware. Does Debian or Linux install firmware for every hardware during initialization? IIUC firmware is not embedded in the hardware, but it must be loaded during boot time. So, does Debian load proprietary firmware??
1166[11:48:01] *** debhelper sets mode: +l 1191
1167[11:48:25] <azeem> narutowaifu: only if you use the nonfree installer images
1168[11:48:48] <ratrace> or if you install the appropriate firmware package, even after installation
1169[11:48:54] <narutowaifu> azeem how can the free image work then, if it doesn't load proprietary firmwares?
1176[11:50:47] <narutowaifu> ratrace does debian or linux have an open source for all the hardware? Or is there any firmware already embedded in the hardware? Let's say when I use my amd/nvidia GPU, does debian load an open source firmware to the card?
1194[11:55:41] <H4ndy> There's usually no good reason to try to re-implement a firmware blob for averal end-user hardware
1195[11:55:53] <narutowaifu> right, that's why I'd guess that only free drivers exist, but no free firmware for almost any hardware
1196[11:55:59] <ratrace> narutowaifu: depends. free (libre) firmware may be complete or incomplete, depending on how open the hw vendor is, whether there are patents etc... in general, firmware is a touchy subject and most stuff (at least I think) needs proprietary firmware
1197[11:56:06] <H4ndy> See how slow it goes for the Raspberry Pi, which is insanely popular, has all the docs and still nothing happens on the free firmware front
1198[11:57:05] <narutowaifu> thank guys for making this clear to me
1199[11:58:47] <ratrace> iirc not even the Purism products could achieve 100% libre firmware installations? or did they change recently, I think the last obstacle was bios?
1291[13:44:28] <johndoe85> im trying to mount -o loop -t iso996 /media/iso.img /mnt and im getting this error, wrong fs type, bad option, bad superblock on /dev/loop4, missing codepage or helper program, or other error.
1292[13:44:32] <johndoe85> i have tried losetup /dev/loop4 /media/iso.img and mount /dev/loop4 /mnt but with the same result
1306[13:48:34] <jelly> johndoe85, you could set up a loop device, then use kpartx to create per-partition device nodes, then mount those
1307[13:48:42] <johndoe85> im trying to setup a pxe server for network installs for my devices, and im at the stage where im going to mount the os.iso and then rsync it to /netboot/folder
1319[13:51:51] <johndoe85> no worries, it was this error i came here for, i have googled the error msg but without luck
1320[13:53:17] <jelly> the error basically means mount can't detect which filesystem TYPE exists on source, so and it can't mount anything unless it knows exactly which fs type to mount
1422[15:22:22] <TheLemonMan> hello, what's the general policy for unresponsive mainteiners?
1423[15:23:15] <jelly> !mia
1424[15:23:15] <dpkg> from memory, mia is missing in action. status of missing unknown. as opposed to KIA, POW, or AWOL. replaced-url
1425[15:24:23] <jelly> TheLemonMan, see if they're unresponsive for all their packages or they're ignoring only some; offer help if possible; if you're a DM or DD you can offer to make NMU fixes I guess
1430[15:26:13] <jelly> TheLemonMan, has it been a month?
1431[15:30:00] <TheLemonMan> I haven't reached out yet but there's a mail in the bug tracker dated Jan 2021 from the maintainer where they state they won't be able to look after that package
1477[16:16:53] <Nindustries> Brigo: it's just buster, but with some packages committed. Squid doesn't recognise 'ssl-bump', which makes me think it's not compiled with openssl support.
1478[16:17:00] <Nindustries> #squid is rather dead it seems fyi.
1479[16:17:30] <Nindustries> From the docs: Requires: --with-openssl
1488[16:23:04] <Nindustries> I'm not compiling it myself at this point, just apt install
1489[16:23:13] <Nindustries> Wait, Brigo, I can pass — with-openssl to apt install ?
1490[16:23:39] <Brigo> Nindustries, i don't think so
1491[16:23:55] <Nindustries> I'm confused. "In order to configure SSL bumping with squid, the installation package needs to be configured with the following parameters enabled."
1492[16:24:22] <Longshanks> Nindustries: usually you can get the source pacakge and compile it with the default options Debian use really easily. But the bonus is if you need to enable support for something Debian don't enable, it's a good starting point - you only need to add the option Debian don't use by default. openssl seems a very strange thing to omit though..
1493[16:24:51] <Nindustries> I checked squid -v, and it doesn't include ssl/openssl..
1575[17:10:15] <dpkg> If you have a question, just ask! For example: "I have a problem with ___; I'm running Debian version ___. When I try to do ___ I get the following output ___. I expected it to do ___." Don't ask if you can ask, if anyone uses it, or pick one person to ask. We're all volunteers; make it easy for us to help you. If you don't get an answer try a few hours later or on replaced-url
1581[17:12:06] <jelly> but also: fail2ban is largerly useless against ssh brute force attacks, that are highly distributed these days. Each attack iterates from a different IP, and they have thousands of IPs
1582[17:12:34] <Asterisco> i've recive an attack to postfix
1583[17:13:06] <jelly> what do your postfix logs look like?
1612[17:21:53] <jelly> Asterisco, which debian are you using? Where are the logs?
1613[17:22:05] <Asterisco> now i've problem of blacklisting
1614[17:22:10] <Asterisco> naturally
1615[17:22:21] <ratrace> ...sigh...
1616[17:22:21] <Asterisco> Jan 22 16:53:09 mail postfix/error[4840]: D4A2D340A6: to=<xzaeb95seo@gmail.com>, relay=none, delay=425535, delays=425534/0.43/0/0.83, dsn=4.7.28, status=deferred (delivery temporarily suspended: host alt2.gmail-smtp-in.l.google.com[142.250.4.27] refused to talk to me: 421-4.7.28 [79.2.176.41] Our system has detected an unusual amount of 421-4.7.28 unsolicited mail originating from your IP address. To protect our 421-4.7.28
1617[17:22:22] <Asterisco> users from spam, mail sent from your IP address has been temporarily 421-4.7.28 blocked. Please visit 421-4.7.28 replaced-url
1618[17:22:29] <jelly> !paste
1619[17:22:30] <dpkg> Do not paste more than 2 lines to this channel. Instead, use for text: replaced-url
1620[17:22:31] <pasiz> don't post on channel
1621[17:22:42] <ratrace> Asterisco: that's throttling..... normal for gmail
1622[17:22:44] <Asterisco> i need to correct fail2ban
1623[17:22:45] <jelly> Asterisco, ^ read what dpkg said. That's for you.
1624[17:22:58] <ratrace> Asterisco: STOP. and solve one by one problem.
1695[17:33:30] <Asterisco> i'm changiing the password og this user
1696[17:33:56] <Asterisco> but i think that fail2ban could help me to block bruteforce
1697[17:33:59] <Asterisco> or not?
1698[17:34:30] <jelly> Asterisco, that's not even 20 lines. Are you able to pastebin more?
1699[17:34:32] <greycat> Now, I am not a postfix user, but the lines in question that you showed us, which contain this email adderss, are coming from a program named "qmgr". I am guessing this means "queue manager". I am further guessing that it's trying to deliver a message that is already IN your queue.
1700[17:35:14] <jelly> !pastebinit
1701[17:35:14] <dpkg> A command-line tool to send data to a <pastebin>. To paste e.g. your sources.list do "apt-get install pastebinit; pastebinit /etc/apt/sources.list"; to paste the output of a program do e.g. "dmesg 2>&1 | pastebinit". For a list of pastebin sites do "pastebinit -l". See also <pastebinit config>, <nopaste>.
1704[17:35:59] <greycat> Showing logs that are failed outgoing deliveries of a message you have already ACCEPTED does not indicate an attack in the present time. Maybe you were attacked previously. But in that case you'd need to show the logs from the time you believe was an attack.
1705[17:36:07] <sig_9> Asterisco: shows they are plugged in but coming from speakers not wireless headset
1706[17:36:22] <Asterisco> ok so i need delete this queue
1707[17:36:24] <Asterisco> right?
1708[17:36:47] <pasiz> your mailserver, your decision
1709[17:36:56] <n4dir> sig_9: i got no further idea.
1714[17:38:16] <jelly> Asterisco, look dude. You probably have some mails in queue, put there by a spammer. We don't know how they got there, you would need to show more logs for that.
1715[17:38:19] <horribleprogram> /dev/sdb2 on /home/horribleprogram/share type exfat (rw,relatime,fmask=0022,dmask=0022,iocharset=utf8,errors=remount-ro) [BackupPlus]
1716[17:38:25] <n4dir> sig_9: hmm. really bad with soundsystem i am. Look at "alsamixer", perhaps you can mute speakers with "m" key and unmute headphones with the same key
1734[17:40:52] <horribleprogram> is there a way to make valid users just everyone
1735[17:40:55] <jelly> Asterisco, in order of priority, you should: 1) figure out exactly how spam comes in; it might be over smtp auth, or it might be some other way (eg. web app) 2) save a couple samples 3) change passwords IF the spammer used SMTP AUTH, which we don't know yet 4) clean the queue of spam _only_, preferably keeping valid mail
1739[17:41:27] <jelly> Asterisco, but to find out 1) it would be nice if you did EXACTLY what we asked you to do
1740[17:41:38] <horribleprogram> OH
1741[17:41:43] <horribleprogram> I think I get what you're saying
1742[17:41:47] <pasiz> horribleprogram: so in samba terms, write list
1743[17:41:50] <pasiz> and read list
1744[17:42:07] <horribleprogram> it's my mac that's preventing me from being able to write to it
1745[17:42:42] <jelly> Asterisco, are you able to read instructions carefully this time? If you don't understany why I, or someone else, has specified something, ASK, but don't give us partial info or your understanding of what's going on
1746[17:42:50] *** Quits: akp55 (~akp55@replaced-ip) (Disconnected by services)
1750[17:45:22] *** Quits: horribleprogram (~horriblep@replaced-ip) (Quit: Where I came from the Great Wild 'n shit, where you can get shot if you crack smiles and shit...)
1756[17:47:41] <greycat> I honestly don't think he's trolling. Just confused.
1757[17:48:01] *** Quits: Haudegen (~quassel@replaced-ip) (Quit: Bin weg.)
1758[17:48:07] <greycat> Also in WAAAAY over his head. Like, how did he get the root password on this mail server, because he sure as hell didn't set it up.
1759[17:48:13] <n4dir> thinking king crimson songs
1761[17:49:24] <jelly> greycat, "ispmail" is one of those tutorial web sites telling you how to set up a mail server step by step. A half trained monkey can follow it
1765[17:50:13] <greycat> I would classify that as "someone else set it up", if he ran a bunch of commands that someone else wrote, and did not understand a single one of them.
1766[17:50:28] <jelly> ¯\_(ツ)_/¯
1767[17:51:10] <greycat> Is my guess correct, that the log lines from "qmgr" are showing delivery attempts of a message he already has in his local queue?
1768[17:51:19] <jelly> I could tell them what to look for and how to identify source of a message in the queue, if they followed directions.
1769[17:51:25] <ratrace> greycat: yes, or qmgr just received it
1770[17:51:30] <jelly> yes, roughly
1771[17:51:50] <ratrace> with missing sasl lines, it looks like they might be an open relay but that log paste was too short for conclusions.
1773[17:52:07] <jelly> qmgr lines are usually irrelevant. you pick a queue id, then hunt the history for the _first_ time it appeared
1774[17:52:30] <ratrace> but... it's hard to accidentally make an open realy in postfix. you really need to explicitly configure an open relay by explicitly weakening restrictions
1775[17:52:31] <jelly> that log sample is way too short to draw any conclusions
1776[17:53:20] <jelly> and most of those messages in the sample have been in the queue for a long time delay=424745 <- this is seconds
1777[17:53:53] * ratrace does quick back of the napkin math ....... 4 days
1778[17:54:12] <ratrace> postfix default queue age is 5 days
1779[17:54:12] <greycat> 86400 per day, so about 5 days, yeah
1790[17:56:35] *** Lord_of_Life_ is now known as Lord_of_Life
1791[17:58:15] <jelly> ratrace, those lines from syslog, they're sent by different named commands (processes), there's "local", "qmgr", "master", "smtpd", ... "error"
1792[17:58:46] *** Quits: ledeni (~ledeni@replaced-ip) (Remote host closed the connection)
1793[17:59:05] <jelly> error is the one that generates a bounce after a permanent error (or in this case, after 4.91 days for some reason)
1794[18:00:46] *** Quits: sidmo_ (~ident@replaced-ip) (Remote host closed the connection)
1802[18:05:30] <ratrace> no.... wait..... postfix/pickup receives the bounce from MAILER-DAEMON, and injects into the queue which is then normally processed. at least on my installations.
1846[18:52:48] <hanasaki> working on setup of psad : log files are filled with psad: could not add iptables block rule for: the chains specified in psad: could not add iptables block rule for: do exist an show up in iptables -L didn't get anything more from running in debug mode. Thoughts on how to debug this ?
1865[18:58:42] <jelly> greycat, I could tell it to obey you when you ask it to rejoin #debian, if I figure out how
1866[18:59:10] <greycat> I made my bot respect an /invite as long as the invitation is for a channel that's on its approved list (configured in a file).
1867[18:59:32] <jelly> well let's see if that works here
1868[19:00:12] <jelly> hmph, if I tell it to part now it might forget about the desired channel presence
1887[19:03:01] <Asterisco> this email <pvnwyvascs@gmail.com>
1888[19:03:05] <Asterisco> is relly strange
1889[19:03:09] <greycat> As you were advised before, look for the message ID (presumably 16EF5296BB) in your logs. Find the *first* place in the logs that word appears.
1890[19:03:15] <jelly> Asterisco, pick one queue id. 16EF5296BB for example. find _all_ the lines for that queue id, for the last 5-6 days.
1891[19:03:33] <greycat> *all* is better than *first*
1892[19:03:35] <jelly> Asterisco, grep is a nice command.
1893[19:03:49] <greycat> zgrep is also nice, if they are in a rotated/compressed log
1894[19:03:55] <jelly> its cousins zgrep and zfgrep, too
1901[19:05:05] <Asterisco> Jan 22 18:58:41 mail postfix/error[10532]: D1FDC3FC8B: to=<3kx5rbabe0@gmail.com>, relay=none, delay=433261, delays=432963/297/0/0.61, dsn=4.7.28, status=deferred (delivery temporarily suspended: host alt4.gmail-smtp-in.l.google.com[74.125.28.27] refused to talk to me: 421-4.7.28 [79.2.176.41] Our system has detected an unusual amount of 421-4.7.28 unsolicited mail originating from your IP address. To protect our 421-4.7.28
1902[19:05:05] <Asterisco> users from spam, mail sent from your IP address has been temporarily 421-4.7.28 blocked. Please visit 421-4.7.28 replaced-url
1903[19:05:21] <jelly> Asterisco, what did we say about pasting in the channel?
1904[19:05:22] <Asterisco> is this the line incriminated
1905[19:05:26] *** Quits: hanasaki (~hanasaki@replaced-ip) (Remote host closed the connection)
1974[19:18:03] <greycat> I'm also looking at the timestamps on those 7, and they are all at __:__:01 or __:__:02. Like something is sending a message every minute.
1975[19:19:04] <greycat> Is "splash" a local user account? Does it have a crontab? Does it have any processes running?
1976[19:19:37] <Asterisco> ok...
1977[19:19:40] <ratrace> that mailq very much look compromised. question is only how
1978[19:19:50] <Asterisco> i've do root@flash:~# tail /var/log/mail.log| grep "B8BA9201BF"
1979[19:19:57] <Asterisco> nothing in log
1980[19:19:59] <greycat> Do not tail it.
1981[19:20:07] <greycat> You need to search the ENTIRE LOG.
2154[19:59:41] <Asterisco> it's possible that are so stupid?
2155[20:00:05] <sney> that's a hell of a conclusion.
2156[20:00:07] <ratrace> that's raciss!
2157[20:00:40] <jelly> no, anyone can be stupid regardless of their national affiliation
2158[20:01:35] <Asterisco> it's some concorrent
2159[20:02:14] * ratrace quietly puts 79.2.176.41 into the "permaban" ipset ansible config.... runs the playbook on the server fleet.
2160[20:02:34] <Asterisco> it0s also possible that use an italian botnet
2161[20:02:47] <Asterisco> and in italian a lot of ip address are dynamic
2162[20:02:50] *** Quits: koniu (~koniu@replaced-ip) (Remote host closed the connection)
2163[20:03:05] <moldorcoder7> hi does anybody knows why this redirection within a debian 9 docker container running on debian 9 host doesnt work , while it works on arch linux : replaced-url
2164[20:03:12] *** Quits: Grldfrdom (uid391113@replaced-ip) (Quit: Connection closed for inactivity)
2182[20:07:39] <ratrace> Asterisco: aruba.it is often a guest on our dynamic ban lists, due to attempted abuse of SMTP, IMAP and POP3
2183[20:07:44] <jelly> Asterisco, I've seen _really_ well written phishing spams in Croatian; someone has to be paying actual people to translate and proofread those
2184[20:07:51] <ratrace> so much so that I've actually permanently banned the whole company ASN
2185[20:08:06] <ratrace> they're free to contact us, by mail, to delist....... *giggitty*
2186[20:08:07] <Asterisco> no
2187[20:08:20] <Asterisco> the email that they send to gmail user
2188[20:08:33] <Asterisco> not is spam
2189[20:08:46] <jelly> ratrace, I've had fun trying to message a dns admin for a domain that blocks our recursors :-)
2198[20:13:19] *** Quits: earthundead (~earthunde@replaced-ip) (Remote host closed the connection)
2199[20:13:23] <sney> moldorcoder7: debian 10 switched to the nft backend for iptables (and update-alternatives can be used to switch back to the -legacy behavior), but 9 should still be regular iptables, unless whoever made your docker image did something "clever"
2201[20:14:30] *** Quits: ax56234 (~NickServ@replaced-ip) (Read error: No route to host)
2202[20:14:48] <moldorcoder7> sney, ha so i need the container and host to be matching in this case ?
2203[20:15:14] <greycat> ... are you even *allowed* to do firewall stuff inside a container?
2204[20:15:35] <sney> moldorcoder7: you'd have to ask #docker for an authoritative answer to that, I don't know anything about their networking internals
2205[20:15:49] *** Quits: sauvin (sauvin@replaced-ip) (Remote host closed the connection)
2206[20:16:16] <moldorcoder7> greycat, yes if you add the NET_ADMIN cap (and privilege flag)
2282[21:15:11] <moldorcoder7> sney, looks like nft tables are private to the container, while legacy tables are shared between host and container , do you have any idea why by any chance ?
2298[21:29:13] <csgeek> i'm trying to create a package in debian. I have the control, changelog, compat and created a rules file that installs all the needed file to DEBIAN/usr/local/<package> but when I try to run debuild it complains about missing files which exist and an empty binary package which results in nothing actually being created.
2299[21:29:18] <csgeek> Any ideas what I should look at?
2300[21:31:12] <alexrelis[m]> If I notice a bug in a package, but when I report the bug there's already an existing bug report that is the same issue, is it improper etiquette to reply to that thread saying you're experiencing the same issue. In other words, is it rude to bump a bug report?
2311[21:35:00] *** Quits: mortderire (~mortderir@replaced-ip) (Remote host closed the connection)
2312[21:35:07] <sney> moldorcoder7: nope! but I would guess that it was intentional, to allow more fine-tuning. netfilter.org probably explains it somewhere.
2317[21:35:57] <Brigo> alexrelis[m], it is not, it is helpfull just to know somebody else has the some problem
2318[21:36:20] <alexrelis[m]> Also, how do I attach a gpg signature to my email with reportbug?
2319[21:36:45] <Brigo> csgeek, you could ask in #mentors, they know more about this kind of stuff.
2320[21:37:10] <greycat> If you find a bug report from someone else who had the same problem, it may contain a workaround, or it may have a bunch of troubleshooting steps that have already been tried, which will save you having to repeat those. Or, which will confirm that you have the same bug, if you repeat them and get the same errors.
2321[21:37:25] <moldorcoder7> sney, my 2c would be some cgroup filtering on rules
2322[21:38:05] <oxek> what do I answer here during debian configuration? replaced-url
2323[21:38:53] <Brigo> csgeek, are you sure that BASE="./" is a good idea?
2324[21:39:25] <sney> oxek: depends on your system and your threat model. how many people are going to use it?
2325[21:39:37] <greycat> system-readable home dirs are the traditional unix way, because you share the computer with your coworkers or colleagues, and you may want to read their .profile for inspiration or whatever
2326[21:39:47] <oxek> sney: I will be the only physical human
2327[21:39:50] <greycat> if you want to hide your stuff from your fellow users, you can easily change the permissiosn on your own directory
2329[21:40:21] <sney> oxek: if it's just you and root and some service accounts, leave the default
2330[21:41:13] <oxek> and presumably, if I ever want to create some other user account for a family member, then all I'd need to do is change permissions on /home/myusername?
2331[21:41:25] <sney> yep
2332[21:41:31] <oxek> ok, thank you
2333[21:41:37] <greycat> or leave the permissions alone, because what are you trying to hide?
2334[21:41:46] <oxek> passwords in txt files
2335[21:41:48] <greycat> is your porn in your home dir?
2336[21:41:56] <oxek> I know it's bad practice, but it's what I have
2337[21:41:59] <greycat> a file with passwords in it is already going to be 600
2338[21:42:24] <oxek> ideally it would be, but I know I have all sorts of files all over the place with various permissions over the years
2339[21:42:30] <greycat> e.g. that's why your ~/.ssh/id_rsa has different perms from id_rsa.pub
2340[21:42:36] <HelloShitty> Hello. Is there any common place where I can look for available switches for ./configure when compiling programs from source?
2346[21:43:11] <sney> (with |less, for best results)
2347[21:43:14] <oxek> (as long as ./configure has a --help flag)
2348[21:43:26] <greycat> if it's a GNU autoconf configure script, it will
2349[21:43:30] <csgeek> when you say mentors, is that a #debian-mentors ?
2350[21:43:44] <oxek> csgeek: probably on OFTC not freenode
2351[21:43:45] <sney> csgeek: there is, on OFTC (note, right now you are on freenode)
2352[21:43:49] <greycat> !mentors
2353[21:43:49] <dpkg> extra, extra, read all about it, mentors is the system the Debian project uses to train new people to become Debian Developers or Debian Maintainers and get their packages into the Debian archive. Ask me about <nmg>. replaced-url
2354[21:44:13] <Brigo> csgeek, right, they are in another irc network, i forgot about that. Sorr.
2355[21:44:20] <csgeek> yup. I can switch servers it's fine. I've been on IRC for ages.. Debian packaging.. not so much. :)
2356[21:44:28] <greycat> IIRC #debian-mentors is for packages trying to be included in Debian (so your usr/local/... is right out), and #packaging is for anything else
2397[22:07:23] *** Quits: galex-713 (~quassel@replaced-ip) (Quit: No Ping reply in 180 seconds.)
2398[22:07:38] <greycat> you could conceivably get the help output if you change dir to an empty directory, and then touch -- --help, and then run ps * (or ** or *** ...)
2427[22:26:05] <altker128> Logging question here. Have a number of Debian servers, would like to use rsyslog to collect to a single rsyslog server. Any issues with having systemd write to syslog and have rsyslog(client) read from here and send to the remote server?
2428[22:26:32] <altker128> And yes, I'm aware that journalctl can be sent remotely. Looking into greylog or elk for log visualization, managment, etc
2429[22:26:47] <Vatum> my /sys/class/backlight doesn't contain anything for some reason and i cant change my backlight (either with the keyboard keys or xbacklight or other tools)
2431[22:27:05] <Vatum> how do i generate those? I read online this kernel boot parameter might help acpi_backlight=vendor
2432[22:27:18] <altker128> CommunistWolf: Does seem like an oversight. Are you talking about wood?
2433[22:27:33] <ratrace> altker128: no, that's the usual way of doing it. you could, if you wanted, use journald remote fetching functionality, but.....
2434[22:27:43] <altker128> ratrace: Yeah, enough said :)
2435[22:27:54] <oxek> CommunistWolf: what's the right channel for such a question??
2436[22:28:16] <altker128> ratrace: Have you used any of the "prettifier" things like greylog? Worth it?
2437[22:28:18] <ratrace> altker128: keep in mind that rsyslog can now do TLS
2445[22:31:08] <CommunistWolf> there's a ##DIY and a bunch of social ones. blockwork, wood, cement all need protection. so do bricks, after a while
2446[22:31:58] <ratrace> hrm... am I misunderstanding what rsync's --chown is supposed to do? I ran rsync as root (because reasons) between two servers and wanted to force uid:gid ownership on files, but rsync -crvi --exclude=/somefile remote:/path/to/ /local/path/to/ didn't chown the files....
2456[22:39:34] <greycat> If you ran it as root locally, I'd expect the files to end up owned by ag_77 locally. If you ran it as ratrace locally, then they'd be owned by ratrace.
2482[22:51:46] <ratrace> gotcha! you _need_ to also include -o and -g (which is implied in -a, which is why it worked for you)
2483[22:52:36] <ratrace> but that's not mentioned in the manpage for the --chown option. it IS mentioned for the --usermap option for which (and --groupmap) --chown is a shorthand.
2484[22:53:13] <greycat> You are in a maze of twisty options, all interlinked.
2485[22:53:44] <ratrace> indeed I am. now all I need is a damn grue.
2488[22:54:50] <ratrace> rsync -crigo --exclude=/.... --delete remote:/path/to/ /local/path/to/ and that's it for today's adventures in the Zork server.
2526[23:34:21] <Vatum> this is the diff. really small, does any of those configs influence /sys/class/backlight being empty between the two version?
2527[23:34:32] <Vatum> probably driver issue (i use radeon)
2528[23:36:18] <sney> nothing there looks related at a glance. you can follow this to bisect the kernel and find the exact commit that broke it, replaced-url
2529[23:36:55] <sney> you may also want to check the 5.9 in buster-backports, in case it was re-fixed in a newer version
2530[23:37:16] <ratrace> jeebus, backports still at 5.9? o.O
2531[23:38:33] <sney> some stuff (e.g. zfs) needed updates to build with 5.10, so backporting it is more of a process than usual
2532[23:38:48] <ratrace> ah yes.... keep forgetting about that
2535[23:48:00] <ryouma> i am trying to find out whether there is a backport for mpv in oldstable. i have backports in sources.list. is rmadison my only choice?
2549[23:50:53] <ratrace> Vatum: you could narrow it down by looking at kernel.org changelogs and see if any commit relates to backlight
2550[23:50:56] <ryouma> great, so no backport then. are there still package managers inside debian that have packages like mpv? like, idk, docker or snapsomething or whatever? no guix apparently.
2552[23:52:28] <ratrace> damn, if judd were here, could check backportability for mpv, so you could then:
2553[23:52:29] <ratrace> !ssb
2554[23:52:30] <dpkg> First, check for a backport on <debian-backports>. If unavailable: 1) Add a deb-src line for sid (not a deb line!); ask me about <deb-src sid> 2) enable debian-backports (see <bdo>) 3) apt update; apt install build-essential; apt build-dep packagename 4) apt -b source packagename 5) dpkg -i packagename-ver.deb To change compilation options, see <package recompile>; for versions newer than sid see <uupdate>.
2555[23:52:48] <sney> ryouma: well, as towo showed you in oftc #debian, there is a newer one in stretch-multimedia. debian-multimedia can be iffy, but if you just install 1 thing and then disable the repo, it's usually safe
2556[23:52:49] <ratrace> what IS wrong with judd? it's been slacking and missing from work for days now
2557[23:53:48] <sney> jelly got judd to rejoin earlier but I guess it dropped again. working normally on oftc, though. cc themill
2558[23:54:55] *** Joins: magyar (~magyar@replaced-ip)
2559[23:55:14] <ryouma> sney: my apologies to towo for missing that. huh so i do apt-get -t stretch-multimedia mpv (which is same as debian-multimedia?) after putting a line referring to it in my sources.list, and then coment out that line? what is iffy about it? security issues? i would then keep the same version of mpv?
2560[23:55:28] <sney> !why not dmm
2561[23:55:28] <dpkg> The deb-multimedia.org repository was once the only way of getting good multimedia support. By the release of Debian 6.0 "Squeeze" this was mostly not true and for Debian 7 "Wheezy" this situation is even better. Libraries from dmm are known to cause incompatibilities with packages from Debian; packages may not meet the <DFSG> so are not allowed in Debian. Use dmm as a last resort; ask me about <dmm pinning> and <dmm remove>.
2562[23:55:56] <ryouma> sney: ah never mind -- the version in stretch-multimedia is too old anyway
2563[23:56:16] <ryouma> got it, thanks
2564[23:56:19] <sney> then ratrace's suggestion of ssb is probably your best bet, unless it's available on flathub etc
2565[23:56:34] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
2568[23:58:01] <ryouma> sney: ratrace thaniks. i ahfve had mixed resuls (1 failure 1 success with handholding) trying to do that in the past. might try at some point with mpv.