14[00:12:49] <Antoine-> Hello, what is a good way of making backup over network? I currently have a home server that periodically fetches important files from my router then makes a backup. The problem is that I need to have the keys to my router in my home server. So if my home server is compromised, my router is compromised as well.
17[00:13:41] <Antoine-> Should I do it the other way around: have my router desposit the important files to my home server? This way, it would still have the keys to my home server, but it could be the keys for a low privilege user.
18[00:13:53] <Antoine-> Is that a good way of doing backups?
19[00:14:30] <milkt> Antoine-: what key are you using?
35[00:24:50] <aminvakil> I used the same method previously, backing up some configuration files from server on my laptop periodically, what I did was encrypting it with gpg just after copying files from server to my laptop
37[00:27:19] <Antoine-> aminvakil: Do you mean which program I have available to send my files? I only tried with scp. (I'm not sure I understood you question correctly, sorry..)
39[00:28:04] <aminvakil> You said you can instruct your router to send its configuration files instead of retrieving files from it
40[00:28:12] <aminvakil> How can your router do so?
41[00:28:17] <Antoine-> milkt: I meant saving snapshots of my config file. That's in case I mess something up, I can always restore my config to a working state
44[00:29:56] <aminvakil> 02:43 <Antoine-> Should I do it the other way around: have my router desposit the important files to my home server? This way, it would still have the keys to my home server, but it could be the keys for a low privilege user.
45[00:30:30] <aminvakil> Offtopic here though, nevermind
46[00:30:50] <milkt> Antoine-: then what about making keypair on your local pc and send pubkey to router or homeserver?
49[00:31:20] <Antoine-> aminvakil: Right. That's not how it is currently set up so I'm just thinking about a way atm. But I thought about something like, sending the file from the router to the home server at 20:00 with a cron job, then doing my backup (moving the file to somewhere else or archive it in some way) at 21:00.
50[00:31:31] <Antoine-> Idk if that's a reliable way
51[00:31:46] <aminvakil> What is your router?
52[00:32:18] <Antoine-> aminvakil: What software it runs you mean? It runs pfsense
56[00:33:23] *** Quits: Mister00X (quassel@replaced-ip) (Quit: "I'll be back" — Arnold Schwarzenegger)
57[00:33:24] <aminvakil> Either way, I guess appropriate way is to keep it on an encrypted partition and encrypting it with gpg keys
58[00:34:14] <aminvakil> Although keeping private key to access router in plaintext kills the whole purpose...
59[00:34:32] <Antoine-> milkt: I don't understand how that would help me, sorry :s. That way I could access my home server and router from my local pc? But I'd like to have my home server manage the backups
61[00:36:41] <Antoine-> aminvakil: What bothers me is having my router's keys on my home server..
62[00:36:44] <milkt> Antoine-: so do you mean, home server should be able to decrypt but should not have key?
63[00:37:53] <Antoine-> I don't know if I should be worried about having my router's key on my home server at all. If so, is it possible to avoid it while still making backups
64[00:38:14] <Taserface> is your router more secure than your home server?
65[00:38:39] <Taserface> i.e. is access more tightly controlled?
66[00:39:03] <Antoine-> So I thought about having my router connect to my home server instead because I could set it up in such a way that it only logs in as a low privileged user
67[00:39:21] <Antoine-> But maybe all this isn't relevant and I'm worrying for nothing :)
68[00:40:12] <aminvakil> It depends, low privilege user can do much more damage in some environment than root on an environment which does not contain much important data
69[00:40:28] <Antoine-> Taserface: Less people have access to my router. Less services running on it. I don't know if that makes it more secure. Maybe
70[00:40:56] <Antoine-> aminvakil: Hmmm, good point
77[00:43:22] <aminvakil> Backup your configurations periodically on a usb drive then:))
78[00:43:29] <Antoine-> aminvakil: It runs on its own hardware here
79[00:44:00] <Antoine-> Hmm, that could be a solution :)
80[00:44:04] <Taserface> antoine: generally for security purposes it's better to grant all of your devices access to the backup server, rather than the other way around.
81[00:44:17] *** Quits: xx (~e@replaced-ip) (Remote host closed the connection)
82[00:44:20] <Taserface> and if you can, restrict what devices can do on the backup server
83[00:44:42] <Taserface> as in, arrange it so all they can do is deposit backups
84[00:44:52] <aminvakil> If someone could access your hardware running pfsense you're compromised anyway
85[00:44:59] <Antoine-> Taserface: Ok, it makes sense!
86[00:45:56] <Taserface> if you were to do it the other way around, then your backup server the effective has (at least read) access to EVERYTHING and becomes an annoyingly high risk
87[00:46:16] <Antoine-> So all devices should access a low privileged user on the backup server
88[00:47:13] <Taserface> also if you can, get the devices to encrypt during backup.
90[00:47:48] <Antoine-> Exactly, that's what I thought. In my case its no big deal since its just me and a home server but I thought my backup scheme was wrong for bigger environment
91[00:48:01] *** debhelper sets mode: +l 1177
92[00:48:16] <Antoine-> Taserface: What do you mean encrypt during backup? Encrypt locally then send to the backup server?
93[00:48:35] <Taserface> yes that. encrypting on the backup server doesn't reallyhelp
94[00:48:53] <Taserface> so yeah I just realised, either way the backup has all of your files, or at least copies of them
95[00:49:00] <Taserface> so encryption helps
96[00:49:41] <Taserface> you can use a single backup key pair for everything, put the public key on all your devices, and keep the secret key somewhere safe
97[00:49:58] <Taserface> and/or use a good password on it
98[00:50:15] <Taserface> btw did you mention what backup software you are using?
99[00:50:41] <Antoine-> OK yes that sound like a good backup scheme
100[00:51:02] <Antoine-> Taserface: No, but it's just a shell script with scp and tar at the moment
101[00:51:13] <Antoine-> Very simple
102[00:51:25] <Taserface> excellent.
103[00:51:40] <Taserface> anyway have a mess around with gpg.
104[00:52:27] <Taserface> if you are clever you can figure out how to use pipelining to run something like tar|gpg -e|ssh "cat > backup.file"
105[00:52:37] <Taserface> so there is no need to create a temp file to copy
106[00:52:59] <Taserface> (I don't remember ALL the cmdline options but that's the gist of it, it can be done)
107[00:52:59] <Antoine-> I'll write this one down!
108[00:53:40] <Antoine-> I'll think about it. At least I have a better scheme in mind now :)
109[00:53:47] <Antoine-> Taserface: Thanks a lot!
110[00:56:30] <Antoine-> aminvakil, milkt: Thanks a lot guys for replying too
186[01:12:25] <dpkg> cluelessperson: KCI error, or a problem with the Keyboard-Chair Interface.
187[01:12:27] <JackFrost> Err dpkg --verify. Sorry, I normally just use debsums.
188[01:12:56] <cluelessperson> JackFrost, doesn't show anything either
189[01:12:59] * cluelessperson scans over --help
190[01:13:02] <sney> !confmiss
191[01:13:02] <dpkg> You have to especially tell the packaging system to reinstall config files because when they are gone, it is assumed that you want them to stay deleted. "aptitude -o DPkg::Options::='--force-confmiss' reinstall $packagename" will restore them (man dpkg for details). If the package uses <ucf> for config file management, ask me about <ucf confmiss>.
192[01:13:06] <sney> ^ this will reinstall the package with the original config files. it won't overwrite anything in ~ but should get you started.
193[01:13:48] <rgwu> That won't fix the problem of files bash honors that didn't come packaged with bash.
194[01:14:07] <JackFrost> Correct, nor will --verify show those. Just modified files.
202[01:17:41] <_shawn> could make a debootstrap to borrow the files from if you thought /etc/skel might have been tampered with
203[01:18:01] *** debhelper sets mode: +l 1178
204[01:18:30] <cluelessperson> yeah, I'm confused. I've at this point reinstalled bash with those options, and it doesn't appear to be the normal setup I expect with my servers
222[01:25:56] <Pols12> Hi! I just tried to backport libgcc from testing to my stable, but now I can't connect anymore: there GUI does not start (only cursor displays) and CTRL+ALT+F1 says logins is incorrect (even root!). What can I do?
239[01:42:02] <Pols12> Thanks for answering, Taserface. In fact, I manually installed packages, and I am pretty sure the last one was libgcc: it refuses to install without --auto-deconfigure, and with auto-deconfiure, it asks me to stop xscreensaver, so I have killed it before continuing, but I may misunderstand the risks
333[03:34:25] <LtL> I did a server, desktop and laptop, my method. the extra full oor dist upgrade does nothing and is not needed
334[03:35:18] <LtL> it is needed for release upgrades, not point releases
335[03:35:32] <themill> There's the occasional point release that does require removing packages to do the upgrade, in which case you're back to needing a full-upgrade. I don't recall that anything hit that for 10.7→10.8
336[03:35:41] <LtL> version upgrades rather
337[03:36:15] <LtL> right.. mine didn't.
338[03:36:55] <dvs> There was a kernel upgrade just before 10.8 so deeplogic might not have gotten it yet.
339[03:38:28] <LtL> apt upgrade pulled that kernel in also
340[03:38:42] <LtL> for me atleast iirc
341[03:44:06] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
457[07:11:27] <karlpinc> node1: `systemctl status ntp` and `ntpq -p`? It may be that you're not using systemd's time service, and are instead using the ntp daemon?
580[10:37:23] <Lope> is booting up a debian installation that has nvidia driver installed, on a VM that has no Nvidia GPU attached, normally a problem? I've tried to boot this VM a few times. I get a bunch of libvirtd segfault messages inside the VNC of the VM and it doesn't boot.
599[10:54:21] <ratrace> nvidia drivers installed means only there's .ko files around and .so thingies for xorg. if there's no nvidia gpu, those wouldn't even be loaded by the kernel and xorg
600[10:54:23] <jelly> Lope, so accuming the segfaults are on the libvirt client on the host, that's where you have to fix them
601[10:55:04] <jelly> ratrace, nvidia libgl1 would be used I think
602[10:55:37] <ratrace> jelly: yeah was just typing about the possibility of opengl libs interfering
603[10:55:59] <Lope> hmm. My biggest problem at the moment seems to be "A start job is running for Raise network interfaces" 1 min out of 5 mins
604[10:56:01] <jelly> those vnd wrappers are supposed to help apps using the right libgl1 but I don't know if those exist in buster and if they get installed by default
657[11:39:03] <milkt> is there way i can get old linux-headers-* package from official apt repository? specifically linux-headers-4.19.0-6-amd64 or linux-headers-4.19.0-6-all
741[13:00:14] <agiofws> firmware-amd-graphics is already the newest version (20200918-1~bpo10+1)
742[13:00:29] <n4dir> packages.debian.org can tell you which version of a given software is in the different repositories (or if at all)
743[13:01:08] <n4dir> if you install a packge it will install the version (or the hightest version, or according to pinning) to be found through your sources.list(s)
744[13:01:20] <agiofws> ok but i'm trying to eliminate some bugs that occur from my gpu drivers so i'm going for proprietary amd s/w
745[13:01:38] <n4dir> so, as Mister00X said, you use the version to be found in your repositories
746[13:02:19] <agiofws> i'm trying to follow this replaced-url
747[13:03:21] <Mister00X> seems like you allready got them> <agiofws> firmware-amd-graphics is already the newest version (20200918-1~bpo10+1)
748[13:03:59] *** Quits: conta (Thunderbir@replaced-ip) (Remote host closed the connection)
758[13:06:37] <tomreyn> "set to manually installed"
759[13:06:54] <tomreyn> use 'sudo apt-mark auto PACKAGENAME'
760[13:07:54] <agiofws> old ? Mister00X its an APU on a ryzen 5 cpu 4500U
761[13:08:05] <Mister00X> also agiofws you may want to describe you grafics problems a bit more so we can help you. Because maybe you're looking at the wrong place for a fix
762[13:09:20] <agiofws> Mister00X, that link is not for old cards but for the newest ones i think ?
763[13:09:52] <Mister00X> agiofws: this grub stuff is experimental and > AMDGPU/Vulkan on older cards is the section that grub entry is written
778[13:15:51] *** Quits: filohuhum (~filohuhum@replaced-ip) (Remote host closed the connection)
779[13:16:03] <tomreyn> your graphics card firmware loaded properly
780[13:16:05] <ratrace> yea, see, the radeon related firmware doesn't reference the word "radeon". looks sorted. you're also missing rtw88/rtw8821c_fw.bin that's probs in firmware-realtek package
785[13:17:23] <Mister00X> agiofws: as ratrace said you may be also missing the firmware for your rtl8821ce wifi card. Note that from my own suffering it may not work with all types of the rtl8821ce chips
786[13:17:44] <agiofws> how do i download firmware for 8821c?
787[13:17:57] <ratrace> agiofws: it's packaged in firmware-realted pacakge
795[13:19:13] <ratrace> agiofws: in general you should never install sofware by "downloading" from random sites, you should (always) use apt and friends, for packaged software. the exception becomes when you know what you're doing
806[13:21:58] <ratrace> I'd say chances are it'll continue to work, even better. I don't recall when installing missing firmware actually made things worse .... BUT .... as they call it around these parts..... it's RealCrap, so who the eff knows.
807[13:22:32] <Mister00X> Im astonished it works anyway
808[13:23:02] <Mister00X> cause mine is the source of great headaces for me
809[13:23:17] <ratrace> pry it out with a screwdriver and toss it in the fire
810[13:23:45] <Mister00X> ratrace: well Im going to get support with kernel 5.12
818[13:26:37] <n4dir> agiofws: it seems, seems !, that you should try to understand the basics of debian's package management. Downloading random stuff and installing it might or will lead into trouble in the long run, and that usually is not how installing packages is done in debian.
819[13:27:52] <n4dir> your questions made it sound like that, but perhaps i misunderstood.
820[13:28:07] <tomreyn> agiofws: regarding the graphics issues, i thnk we can sum up that you won't solve them in this debian version through software installations (unless those provide newer, compatible (to the rest of the system) versions of mesa and amdgpu drivers, and possibly Xorg, too)
823[13:29:31] <tomreyn> configuration changes *may* help contain the problems stemming from lack of implemented functionality to a degree. or, more likely, make things worse.
824[13:29:53] *** Quits: kfvn (~weechat@replaced-ip) (Remote host closed the connection)
838[13:36:41] <akas84> hello guys, can anyone help me with postfix? I am trying to catchall two different domains, and it does not work, it always goes to the one that is the same as the machine server :(
855[13:53:18] <akas84> I mean, it works, it accepts de emails, but sends them to the wrong user
856[13:53:26] <akas84> de => the :P
857[13:53:39] <akas84> will try there, thanks
858[13:53:54] <ratrace> akas84: you need to post your configs, logs etc... which is all explained in the getting_help factoid in #postfix. please ask there, this is not debian specific
859[13:54:19] <akas84> yes yes. I don't think it's debian specific
860[13:54:27] <akas84> at least not yet :D
861[13:54:50] <ratrace> (probably won't be at all, debian doesn't alter postfix)
862[13:55:16] <petn-randall> ratrace: While I agree with asking in #postfix is best, that's not the rules for getting support here. Any support question on Debian machines can be asked in here, whether Debian-specific or not.
863[13:55:40] <ratrace> I don't think this is violation of rules, but the question is so specific, it'll get better help in #postfix
864[13:55:59] <ratrace> and the bot there has the factoids the bots here don't :)
872[14:02:07] *** Quits: grumble (~Thunderbi@replaced-ip) (Quit: ACCORDING TO ALL KNOWN LAWS OF AVIATION THERE IS NO WAY A BEE SHOULD BE ABLE TO FLY ITS WINGS ARE TOO SMALL TO GET ITS FAT LITTLE BODY OFF THE GROUND THE BEE OF COURSE FLIES ANYWAY BECAUSE BEES DON'T CARE WHAT HUMANS THINK IS IMPOSSIBLE)
908[14:20:36] <dpkg> nopaste is a command-line tool to send data to a <pastebin>. To paste e.g. your sources.list do "aptitude install libapp-nopaste-perl; nopaste /etc/apt/sources.list"; to paste the output of a program do e.g. "dmesg | nopaste".
909[14:20:42] <agiofws> i think i had another cli paste bin
910[14:20:56] <ratrace> pastebinit ...
911[14:21:08] <ratrace> wgetpaste? but that's not packaged in debian afaik
912[14:22:02] <agiofws> Mister00X, here is my firmware pastebin replaced-url
913[14:23:43] <agiofws> anyway wifi is still working apart from realtek firmware failing to load
914[14:24:55] <Mister00X> agiofws: well in that case I would not bother with installing it. But if you really want to installit maybe try the version from backports
970[15:31:14] <mrfree> Hi all! I'd like to install debian on a raspberry pi. However, the device is not physically with me at the moment thus I need to use qemu to set everything up on a USB img. Eventually I'll ship the latter to be written on a USB stick and plugged to the device. Any suggestions on how to spawn the netinst using qemu-system-arm?
996[15:48:44] <Spintus> Hello :) I have 3 Debian machines which run on an ESXI. Unfortunately, I can no longer enter the LUKS password for all of them when starting. After confirming with the ENTER key nothing happens. No error message - nothing.
1010[15:56:08] <s_> my colleague recommended a system monitoring tool that basically had a graphical dashboard web ui.. but it was free. is there anything like that you know of?
1061[16:26:32] <s_> it seems like best practice is shifting away from use of packages... a lot of these tools are recommending direct downloads. it reminds me of the old days
1063[16:27:22] <debclair> Hello, I got a weird output of commands I didn’t run right while waiting for zsh to finish loading. I couldn’t copy the exact commands at the time, but they were errors about firefox files not found in cache/*/google-*/morgue/*. The actual commands were trying to delete those files that appear to be cache files Firefox stores in a per-website
1064[16:27:23] <debclair> basis. There seems to be a few tools online to decompress those “morgue” *.final files. I’m running Debian Stable, my Firefox is Developer Edition. My question is if this behavior is well known or if it could be a sign of intrusion in my system.
1065[16:29:27] *** Quits: beelzebuzz (~rasputin@replaced-ip) (Remote host closed the connection)
1080[16:36:33] <debclair> @jelly that made me suspicious as well. There’s nothing weird in all the regular startup files that I could think of. I even checked bash’s jic. The lag seemed to come from using direnv and it went away after removing the direnv hook.
1081[16:38:22] <jelly> if direnv looks for stuff in current directory, and you traverse dirs where you don't know exact contents of (say, pulled from someone's git you don't trust 100%), that sounds like a recipe for disaster
1083[16:39:25] <jelly> > Before each prompt it checks for the existence of an ".envrc" file in the current and parent directories. If the file exists, it is loaded [...]
1104[16:57:35] <Zajt> Hi, I am trying to fix keyboard language on my debian on my macbook. And I fixed it by doing: dpkg-reconfigure keyboard-configuration , and then: udevadm trigger --subsystem-match=input --action=change
1109[16:59:33] <Zajt> but this does not persist across reboots, and after fixing it in one terminal and I spawn a new i3 terminal window, it doesn't have the new keyboard layout
1110[16:59:48] <Zajt> I don't know why it doesn't get set through all shells and across reboot
1111[16:59:52] <Zajt> What am I missing?
1112[17:00:46] <th0r> Zajt, just a guess...are you running the commands as root?
1113[17:01:08] <Zajt> yes I ran it as root, that is needed th0r
1121[17:08:19] <debclair> @Zajt you could add the commands you used to your i3 config to enable them on startup as specified in this answer? replaced-url
1162[17:44:02] <dpkg> A backport is a package from a newer Debian branch, compiled from source for an older branch to avoid dependency and <ABI> complications. replaced-url
1229[18:46:12] <Zajt> Hi, how can I make this service start later during the boot process replaced-url
1230[18:46:29] <GNUtoo> Hi, I'm upgrading a machine to buster, and that machine had a php repos added (replaced-url
1231[18:46:41] <sney> Zajt: change the After value
1232[18:47:11] <GNUtoo> For instance with Arch / Parabola you can do pacman -Syuu and that will dongrade packages to the repos packages, but I didn't find how to do it in Debian
1233[18:47:15] <sney> GNUtoo: the sury packages should upgrade fine, just comment out the repo in sources.list
1234[18:47:41] <sney> apt does not support large scale downgrades.
1235[18:47:51] <aminvakil> what is your guys general advice on enabling backports in sources? do you enable it on your critical servers too? doesn't security updates gets backported to main?
1236[18:47:58] <GNUtoo> thanks a lot
1237[18:48:25] <Zajt> sney what should I put it as?
1238[18:48:33] <Zajt> if I wanna start as late as possible
1239[18:49:12] <sney> aminvakil: packages in backports usually get updated at the same time as the package in testing, so they do get "security" support even though they are not handled by the debian security team. still, I only install backports on a server if I have a specific need for that newer version.
1243[18:52:54] <sney> Zajt: that depends on your system. multi-user.target or graphical.target might be worth trying.
1244[18:53:08] *** Joins: conta (Thunderbir@replaced-ip)
1245[18:53:49] <aminvakil> i only used debian previously for my proxmox installations, i used centos everywhere else but as you know it's not possible anymore, i'm migrating all my playbooks, vms and stuff to debian slowly
1246[18:54:15] <Zajt> tried multi-user.target now, it doesn't run at all
1248[18:54:36] <Zajt> btw what is the "Restart=always" doing as mentioned here replaced-url
1249[18:54:40] <aminvakil> also as hendursaga asked debian does not come with selinux by default, but it can be configured as it's been written on replaced-url
1250[18:54:44] <Zajt> when will it restart?
1251[18:55:04] <aminvakil> what is your suggestion on that? using apparmor?
1252[18:55:20] <sney> debian recommends apparmor over selinux, yes.
1253[18:56:23] <aminvakil> sorry if this is a dumb question, i have very little experience with apparmor, does it support labeling files too like selinux?
1254[18:56:42] <aminvakil> so that for example apache cannot write on files even it's running as owner of files or so
1318[19:30:16] <sney> at the time, based on some comments, you'd think that installing systemd meant Lennart Poettering was going to personally come to your house and kick your dog. if that nonsense has been left out of the historical record, then that's not so bad, heh
1366[20:15:14] <Zajt> What is the recommended way to install ansible on debian? I ran apt update and then apt install ansible, but I get ansible-playbook version 2.7.7, but my friend have version 2.10.4
1368[20:16:25] <maxtim> My thought is to split the incoming syslog sources via ports with iptables. so 192.168.1.10:514 -> port 1514, 192.168.1.11:514 -> port 1515, etc...
1399[20:43:14] <piranhaphish> How can I disable warnings for an invalid signature when doing 'apt-get update' with a repository that is now defunct? I have added the key with 'apt-key add' and the signature in the complaint is the same as in APT's trust store. So I don't get it.
1403[20:46:50] <piranhaphish> I've tried "[trusted=yes]" in sources.list with no luck. I have another host using the same sources and it doesn't complain, but can't remember what I might have done to silence the warnings about the invalid signature
1404[20:46:51] *** Quits: fourstepper (~fourstepp@replaced-ip) (Remote host closed the connection)
1427[21:05:38] <slowly_stuck> what's the right way to set up encrypted dns? configure the system to query cloudflare (1.1.1.1) over ssl, or is there a way to do DoH/DoT on Buster?
1454[21:31:52] <taman> slowly_stuck: try a web search for something like "unbound dns over tls". Or s/unbound/your favourite resolver/ if you prefer.
1455[21:32:30] <aminvakil> how i can purge packages using autoremove ?
1456[21:33:12] <aminvakil> for example i install mariadb-server and then i execute apt purge mariadb-server and it will be purged with its configuration files
1457[21:33:30] <aminvakil> but apt autoremove will remove the dependencies leaving configuration files
1493[22:04:58] <rudi_s> hendursaga: There shouldn't be any (reasonable) limit.
1494[22:05:53] <rudi_s> Something like 80 characterso definately works and key-files of 4K or so work too. But I didn't test any more "extreme" limits.
1519[22:16:36] *** Quits: HeXiLeD (~grumpy@replaced-ip) (Remote host closed the connection)
1520[22:16:53] <rudi_s> hendursaga: Yes. - And depending on your level of paranoia you can always skip it, even for "blank" disks.
1521[22:17:19] <rudi_s> All it does is prevent an attacker from knowing which parts of the disk were written. This is not really relevent for most scenarios.
1522[22:17:26] <rudi_s> I never initialize my disks with random data.
1525[22:18:14] <hendursaga> Also, I downloaded the netinst iso and it only gives me the option to install core - is that expected? Like, would I have a graphical environment?
1529[22:19:44] <rudi_s> hendursaga: netinst requires internet access to install more packages. But you should be able to select anything you want in the installler.
1530[22:19:54] *** Quits: coot (~coot@replaced-ip) (Remote host closed the connection)
1531[22:20:04] <rudi_s> Personally I only install a minimal system (all options cleared) and then later install what I want with `apt`.
1532[22:20:29] <hendursaga> But it only listed one option?
1549[22:32:00] <n4dir> very raw version of the installation process would be: a couple of easy questions, including network setup; partitioner, installing the debian "base" system, taskel, where you get asked if and which DesktopEnvironment and a bit of other software to install, installing grub
1551[22:32:31] *** tnewman3 is now known as tnewman
1552[22:32:33] <n4dir> So you didn't see that checkboxes where you could pick from different DesktopEnvironments, cups, ssh, standard-task, a bit more?
1553[22:32:43] <hendursaga> Yes, I did not.
1554[22:32:56] <n4dir> that is weird, indeed. No idea, sorry
1594[22:43:19] <n4dir> calling gnome or kde lightweight sure doesn't lack humor
1595[22:43:42] <Azrael_-> hi
1596[22:43:45] <Azrael_-> i'm running "mysqldump <mydb> | gzip > backup.sql.gz" but i want to suppress all error output of mysqldump. i tried "mysqldump <mydb> 2> /dev/null | gzip > backup.sql.gz" but this didn't output anything any more. how do i do it properly?
1597[22:43:53] <hendursaga> I suppose if it runs on a PinePhone though... eh, Plasma it is.
1599[22:44:43] <_shawn> but I made an example of a very old system that, I should add only has 4gb of ram and 128gib ssd, that runs Kde and gnome3 both very smoothly. what are you using it on that you think it isn /not/ lightweight?
1630[22:56:09] <_shawn> hendursaga: if you just want to see how it will really work on your system, Solus uses non-free on their liveUSBs, they have .isos with Kde Plasma and Gnome3. Note: I am not recommending Solus other than for using their .iso to test the DEs
1631[22:56:10] <Rob_Jones> what if part of the service is web hosting?
1632[22:56:13] <jhutchins> Through a secure shell.
1640[22:58:41] *** Quits: n4dir (~n4dir@replaced-ip) (Remote host closed the connection)
1641[22:59:55] <Rob_Jones> what if you need a full dashboard management, emails, ssl, file management?
1642[23:00:42] <jhutchins> Rob_Jones: Either the clients hire someone who's capable of linux administration, or they pay you to do it.
1643[23:00:53] <aminvakil> jhutchins++
1644[23:01:06] *** Quits: riff-IRC (~riff2@replaced-ip) (Remote host closed the connection)
1645[23:01:30] <Rob_Jones> a lot of web hosts these days will provide that service though, not sure why someone would choose my company if they can get it somewere else
1664[23:28:02] *** Quits: dez (uid92154@replaced-ip) (Quit: Connection closed for inactivity)
1665[23:28:21] <ratrace> Rob_Jones: if you insist on a panel, use Plesk. Forget about the free and opensource stuff, that sucks beyond imagination
1666[23:28:38] <Rob_Jones> yeah I am looking into plesk
1667[23:28:50] <ratrace> that said.... panels suck. they're really only usefull if you're selling the panels themelves, in a shared hosting product to webmasters
1668[23:29:02] <Rob_Jones> im just no good with server administration
1669[23:29:04] <ratrace> if you don't intend to offer shared hosting accounts to webmasters ... forget plesk too
1670[23:29:07] <ratrace> learn it
1671[23:29:24] <ratrace> delegating that to a panel does not help when you find yourself in an anomaly that even the panel can't fix
1672[23:29:33] <Rob_Jones> i could do but I would always have that 'what if' thought in the back of my head
1673[23:29:39] <Rob_Jones> set up an email server
1674[23:29:44] <Rob_Jones> what if it gets compromised
1675[23:30:07] <ratrace> and you think panels are somehow fairy dust magick and 100% fault proof? no "what if" for "someone else's work that I know nothing about, aka the panel"?
1676[23:30:31] <Rob_Jones> thats true I guess, but surely they have alot more knowledge about this stuff then i do
1677[23:30:43] <ratrace> I'm paranoid. full of "what if" doubts. but I trust my own adminship far more than a panel
1678[23:31:07] <ratrace> Rob_Jones: I wasn't born with it tho
1679[23:31:20] <ratrace> maybe I learnt it. maybe it's maybelline.
1680[23:31:26] <Rob_Jones> :P
1681[23:31:38] <Rob_Jones> think its possible to learn from like udemy?
1682[23:31:51] <Rob_Jones> or where is the best place to go for linux server administration
1683[23:31:52] <ratrace> never used udemy courses, so I can't judge
1684[23:31:58] <Rob_Jones> other than this irc ofcourse ;)
1686[23:32:33] <ratrace> I learnt it by simply doing it. Used linux as my primary driver for a year or so before I dared running a public service, which was a VPS. Today I command a fleet of dozens of mission critical servers for a number of companies.
1687[23:32:45] <ratrace> public *server
1688[23:33:09] <ratrace> however, I've been "into hosting" since 1995, shared hosting user/webmaster. started using linux in 2006
1690[23:34:08] <ratrace> but you don't need that long to get used to and comfortable with running a server. my guess is anyone can learn to be comfortable with running a server within a year or two of direct experience
1691[23:35:18] <ratrace> (point here is, not to brag, but to tell you that even after all these years I still have "what if" doubts)
1692[23:35:52] <Rob_Jones> I guess its always going to be in the back of your mind
1695[23:36:05] <ratrace> btw, there's Linux Academy, I think they're more dedicated to Linux than Udemy with courses
1696[23:36:22] <Rob_Jones> Linux academy hmm cheers will look into that now
1697[23:36:27] <Rob_Jones> also on the topic of panels
1698[23:36:34] <ratrace> Rob_Jones: it'll never go away, esp. since the software constantly changes. each release brings a sackful of new bugs to be afraid of :)
1699[23:36:43] <Rob_Jones> what about web panels created by moi that communicate with shell scripts?
1700[23:36:56] <ratrace> by what?
1701[23:37:06] <Rob_Jones> moi (french for me) ;)
1702[23:37:16] <jhutchins> Rob_Jones: I've gotten most of my knowledge from books like the ones Orielly publishes. Running Linux was where I got my start. I have some books on bash, on MySQL, and on sendmail.
1703[23:37:38] <Rob_Jones> hmm i might have to look into my old university library
1704[23:37:39] <ratrace> Rob_Jones: oh bien sur... :)
1705[23:37:44] <jhutchins> Rob_Jones: These days there's a lot of good stuff on line, but you need to be sure it's current and from a reliable source.
1706[23:38:07] <Rob_Jones> yeah read something the other day then at the bottom of the post it said Aug 2012
1707[23:38:10] <Rob_Jones> was just like derp
1708[23:38:20] <ratrace> Rob_Jones: separation of (web) ui and higher privilege dedicated scripts is definitely the way to go (instead of running the web app in higher privilege mode)
1709[23:38:50] <jhutchins> Rob_Jones: A lot of the stuff I learned back in the 90s is still valid, but some is not.
1722[23:45:47] <Rob_Jones> anyone have any opinions on apache vs nginx
1723[23:47:13] <tomreyn> yes, a lot have opinions on this.
1724[23:47:35] <ratrace> pre-empting a httpd war? don't bother. nginx ftw, everyone knows that :) ;)
1725[23:51:13] <dvs> !start a web server war
1726[23:51:26] <ratrace> !start a httpd war
1727[23:51:38] * ratrace kicks dpkg
1728[23:51:50] <Rob_Jones> so what your saying is httpd is superior right ;)
1729[23:52:22] <hendursaga> ?!? Now this gets even more confusing! So, now, entering my LUKS password works, but not only that, but it shows asterisks when I type it in, which hasn't happened for the previous installations..
1730[23:52:57] <hendursaga> rudi_s: What do you make of it?
1731[23:53:11] <ratrace> it shouldn't be doing that. is that cryptsetup's initramfs scripts?
1732[23:53:16] <gordonfish> s/a httpd/an httpd/ # unless you're actually sounding it out some how ;p
1734[23:53:56] <gordonfish> (I would image attempting to do so to come out fairly flatulant..)
1735[23:54:20] <hendursaga> ratrace: I think so? Whatever is the first password to enter for decrypting the drive
1736[23:55:01] <hendursaga> And now, I installed KDE with my installation, but it does not boot into a graphical environment?!
1737[23:56:50] *** Quits: Vizva (~Vizva@replaced-ip) (Remote host closed the connection)
1738[23:57:23] <hendursaga> And now, after entering startx, all the graphics are positively corrupted. I think I saw some message about Radeon firmware missing.. that it?