8[00:01:51] <line17> karlpinc, now i want to clone my current disk to new SSD. i just insert the disk without formatting and use dd command for copying all bytes right? or should i format the drive before formatting? and another question is should i decrypt first (source) HDD before copying with dd?
9[00:01:57] <karlpinc> oxek: It also puts you marginally closer to the bleeding edge. If you _really_ want stable-ness then you omit *-updates. I've only ever had a problem once in 10 or 20 years, but....
10[00:02:15] <oxek> might as well not include buster-security then
11[00:02:31] <oxek> and only update on point releases
15[00:05:28] <karlpinc> line17: Depends on if you want a bit-for-bit copy or you want to move the data. dd does bit-for-bit. Then, because the new disk is probably a different size, you need to "do stuff" to use the extra space. You probably want to do a logical copy. If you 1) encrypt the new disk with "cryptsetup", then 2) add the (new encryped) disk as physical volume with "pvcreate". You can 3) use lvm to move the data content to the new disks, or
16[00:05:29] <karlpinc> just make new logical volumes and use "cp" (or rsync) to copy the data.
27[00:08:26] <line17> karlpinc, clone means just cloning a sheep. i want to copy all data (partitions, system, etc.) to new SSD and i won't use old one anymore
29[00:10:26] <karlpinc> line17: Then use lvm, per above. You don't even need to bring the system down. (But you will also need a boot partition (? I think still, these days?) and will need to install grub on the new ssd. I'm not really up on EFI and what that means in terms of copying. (I poke it with a stick when I need to.)
32[00:11:14] *** Quits: BenjiProd (~BenjiProd@replaced-ip) (Remote host closed the connection)
33[00:11:59] <rudi_s> line17: Just copy it with cat or dd. Lets say the current disk is /dev/sda (with /dev/sda1, 2, ...) and the new disk is /dev/sdb (should be without or only with a single partition) then you can run cat /dev/sda > /dev/sdb
34[00:12:02] <karlpinc> line17: So (maybe) three partitions. One for EFI, another for /boot and a third, encrypted, for your LVM physical volume. (But I can't really speak to EFI and what sort of copying is required for that. Someone here knows.)
35[00:12:20] <rudi_s> But be careful, if you target the wrong disk your data is gone.
36[00:12:41] *** Quits: LucaTM (~LucaTM@replaced-ip) (Quit: To infinity and beyond...)
37[00:12:41] <rudi_s> karlpinc: See backlog, line17 wants to clone the disk to move the data to larger SSD.
38[00:12:52] <karlpinc> rudi_s: Sure, but then, when his new SSD is larger than the old he won't be able to use the extra space. Fussing about will be required.
39[00:13:05] <rudi_s> karlpinc: Yes, also see backlog.
40[00:13:16] * karlpinc would prefer to have a single pv per physical drive.
41[00:13:25] <rudi_s> karlpinc: That's the plan.
42[00:13:39] <tga> did anyone here manage to mount an iphone/ipad?
43[00:13:45] <rudi_s> And important if you use LUKS because otherwise booting becomes "interesting".
44[00:14:18] <oxek> tga: does it use MTP?
45[00:15:13] <tga> oxek: I'm not sure what it uses, I don't think it's standard mtp
46[00:15:38] <line17> rudi_s, is this works for me? replaced-url
47[00:17:37] <rudi_s> line17: Some steps are weird (for example the unlock part) some are inefficient (dd is much slower than plain cat) and some steps are missing because they don't use LVM, but in theory it works like this.
48[00:18:40] <rudi_s> Btw. you should do this from a live cd or rescue system so you don't have any disk activity during the clone. If you do this from a regular running system you can get data corruption because it can change while the copy is being made.
49[00:18:53] <line17> rudi_s, when i bought new SSD i will come here and if you are available i want to make with you step by step. otherwise i think i will destroy my data. is that ok for you?
55[00:21:28] <rudi_s> line17: Sure (if I'm online) - but if you precisely state what you're planing to do you should be able to get help from many people here.
59[00:24:08] <rudi_s> ;-) Btw. I recommend saving/re-reading our conversation and trying to figure out the necessary commands for your setup. This should should help understanding the whole setup and migration plan.
65[00:28:49] <maxf> karlpinc: there was a dpkg warning about those two packages during the apt upgrade
66[00:29:03] <maxf> dpkg: avertissement: dégradation (« downgrade ») de openssl depuis 1.1.1j-1+0~20210301.25+debian10~1.gbp2578a0 vers 1.1.1d-0+deb10u6
67[00:29:03] <dpkg> maxf: You are person #1 to send an unparseable request
102[00:53:09] <maxf> gpg signature from that repo became suddenly invalid (I didn't change anything) and apt-upgrade warned me it would downgrade openssl and libssl1.1
105[00:54:20] <maxf> Then I disabled the repo (I do not use php on that server) and the next apt-upgrade didn't ask for validation and downgraded the packages.
115[00:58:17] <themill> maxf: the error message about the key explained that it was expired, not invalid, and the packages.sury.org instructions explained how to update it
126[01:02:40] <maxf> themill: yes 'signature', not key, my bad
127[01:03:32] <Caesar_NayKid> Got a question but it might be more of a general linux question than debian specific. I did an install before with a different distro and i think i had installed everything during the install on an nvme m.2 drive and then put my /home spanned on two other sata ssds.. that seemed to work fine. But i guess for this new setup (which will be Debian) I
128[01:03:33] <Caesar_NayKid> want to keep an SSD separate and dedicated to a VM.. how do i "set it up" properly? So if i install debian on my SSD1 full install and just have it install all the /hone /ext /bin etc all in that drive, When I partition SSD2 what the heck do i do to keep it separate? Im still very new to Linux and Windows minded so im used to dos/windows just
129[01:03:33] <Caesar_NayKid> creating a partition and then it gets a drive letter and that's how i access them separately.. any quick explanation or a link to somewhere that can help get my head wrapped around this?
130[01:04:45] <Caesar_NayKid> Or another chat if i should go there, I'll move over to join that
132[01:07:06] <sney> Caesar_NayKid: all of this is covered in the debian handbook link that you got earlier. IRC support is better for practical, right now stuff, not "what should I do next week/month/year when I actually have the computer" questions
133[01:07:29] *** Quits: forgotmynick (uid24625@replaced-ip) (Quit: Connection closed for inactivity)
134[01:08:01] *** debhelper sets mode: +l 942
135[01:08:46] <Caesar_NayKid> Ok thanks.
136[01:10:48] <sney> the easiest way to make sure your second disk is used for the vm guest would be to mount it as /var/lib/libvirt. it's possible to use the whole device directly, but afaik not something you can set up with the virt-manager gui.
137[01:11:35] <sney> in general, where windows would have you do everything 1 way, linux has more options than you can count. and there is no single "best" way to accomplish anything. so, read the manual, and try stuff.
144[01:20:45] <jack2019> sney, I am trying to install a guest kvm via virt install and all ok, until when try to configure the network via dchp or manual. cannot connect to br0.
240[03:02:07] <cluelessperson> Ooze, it entirely depends on what you use the system for. /var/ is generally used for storing system level application data. system logs, system service logs, system service data.
371[05:33:15] <asterismo> hi, i just deleted with shift+del a whole folder of an external drive that is encrypted with cryptsetup luks, can i recover it with testdisk?
372[05:34:25] <SponiX> asterismo: I would say the odds are very slim
373[05:34:39] *** Quits: Olipro (~Olipro@replaced-ip) (Quit: Don't flap your BGP at me sonny)
374[05:34:48] <Ede|Popede> would testdisk even see anything else than a blob?
375[05:34:51] <asterismo> the drive is not being used
440[06:14:53] <isapgswell> isapgswell how to enable backports?
441[06:15:01] <isapgswell> sponix how to enable backports?
442[06:15:15] <SponiX> !backports
443[06:15:15] <dpkg> A backport is a package from a newer Debian branch, compiled from source for an older branch to avoid dependency and <ABI> complications. replaced-url
444[06:16:33] <isapgswell> sponix where can i download debian unstable?
445[06:16:50] <isapgswell> sponix or testing
446[06:16:58] <isapgswell> sponix live distro
447[06:18:08] <SponiX> isapgswell: go to backports.debian.org and read there a bit
448[06:18:41] <SponiX> isapgswell: you don't need to jump to testing or sid to install a few backports to Buster
449[06:18:59] <jmcnaught> 5.8.0-45-generic sounds like a Ubuntu kernel to me
450[06:19:18] <isapgswell> jmcnaught yes
451[06:19:22] <isapgswell> sponix ok
452[06:20:07] <SponiX> WTF would he have an Ubuntu kernel on a Debian install ?
453[06:20:25] <SponiX> jmcnaught: good catch though :)
459[06:20:54] <isapgswell> sponix lol the opose sounds good
460[06:21:13] <isapgswell> sponix debian kernel into ubuntu distro
461[06:21:34] <SponiX> !frankendebian
462[06:21:34] <dpkg> When you get random packages from random repositories, mix multiple releases of Debian, or mix Debian and derived distributions, you have a mess. There's no way anyone can support this "distribution of Frankenstein" and #debian certainly doesn't want to even try. Ask me about <reinstall>
586[09:40:17] <martinus__> I have a question about apt. I upgraded the package 'openssl' with 'apt install openssl' and observed that it doesn't upgrade 'libssl1.1' automatically. It seems that libssl already satisfy the dependency on the new 'openssl' package. But it feels a bit misleading because I guess libssl should be upgraded as well.
587[09:41:37] <jelly> martinus__, you ought to keep the whole system patched up, not just specific packages
588[09:41:54] <martinus__> jelly: ok but that's not an answer ;)
599[09:46:12] <jelly> martinus__, the answer to "how do I keep all bits of openssl patched" is "change your workflow and keep EVERYTHING patched". This may not be what you asked, but it is what your installation very likely needs
600[09:47:04] <jelly> martinus__, it is unfortunate that "packages" in a DSA really means "source packages"
601[09:48:15] <jelly> listing all the different binary packages for all the different architectures would probably make the DSA a lot longer
602[09:48:24] <martinus__> but extremely more clear
603[09:48:39] <martinus__> just by adding something about it
604[09:48:53] <martinus__> even the "source" keyword
605[09:49:58] <martinus__> but right, it's written "We recommend that you upgrade your openssl packages."
682[11:04:09] <ratrace> wait until it trickles down, or ask at:
683[11:04:10] <ratrace> !debian-next
684[11:04:11] <dpkg> #debian-next is the channel for testing/unstable support on the OFTC network (irc.oftc.net), *not* on freenode. If you get "Cannot join #debian-next (Channel is invite only)." it means you did not read it's on irc.oftc.net. See also replaced-url
685[11:04:20] <oxek> !experimental
686[11:04:20] <dpkg> experimental is the bleeding edge of Debian Development. Packages here have been deemed unfit/DANGEROUS/untrustworthy/etc for release by the maintainer responsible for them. DO NOT INSTALL PACKAGES FROM EXPERIMENTAL WITHOUT KNOWING EXACTLY WHY AND WHAT YOU ARE DOING. #debian does _not_ support experimental. For an actual description, see section 4.6.4.3 of the Developer's Reference. replaced-url
687[11:04:45] <flrnd> btravis76: if you're in a hurry with gnome 40, you'd have better chances with something like Fedora or a rolling distro
688[11:04:59] <jelly> but is it in experimental because it's horribly broken, or is it there because sid is slushy
689[11:05:14] <oxek> it's gnome, so it's always horribly broken :p
724[11:07:58] <btravis76> Am going to run Bulleyes Debian
725[11:08:01] *** debhelper sets mode: +l 964
726[11:08:19] <ratrace> in star trek discovery, last season, they (plural) used they (singular) fora a character, and it was confusing, couldn't tell whom they (plural) are talking about. we need a new word.
730[11:09:11] <btravis76> but am switching to debain gnome in a little while
731[11:09:18] <btravis76> wish me luck
732[11:09:37] <TheBigK02> i feel like on desktop i need those half year releases... i like new shiny things :D
733[11:09:39] <ratrace> switchign to debian to use latest possible software sounds .... terribly, terribly mistaken :)
734[11:09:53] <TheBigK02> i can live with a little broken from time to time ;)
735[11:10:13] <btravis76> ratrace : Not a nooby lol
736[11:10:17] <oxek> !sns
737[11:10:17] <dpkg> Shiny New Shit Syndrome is a serious disorder, which usually breaks out into an epidemic every time something new is released. If you have SNS, ask me about <backports> and <ssb>; these are better options than upgrading to <testing> because it is a <moving target>.
738[11:10:26] <btravis76> Been using linux almost 8 years
739[11:10:34] <ratrace> unless you mean: I'm gonna switch to debian and wait until the traditional debian's stability policy approves gnome 40 as stable enough for .... Stable.
740[11:10:54] <btravis76> ratrace : Nailed it
741[11:10:56] <ratrace> that's perfectly fine tho. get used to debian and all its awesomeness until 40 trickles down ;)
742[11:11:34] <oxek> who knows, maybe gtk4 & gnome 40 will be made available only for paying customers under a different license
743[11:11:39] <oxek> hence not available in debian
744[11:11:59] <TheBigK02> but i love debian on servers... cant wait for release.. then i can finally get rid of that apt-pinning i did for some packages... :p
745[11:12:01] <ratrace> don't give them (Red Hat) ideas!
746[11:12:19] <flrnd> in my opinion, (and this explains why I like debian) having the latest and greatest is overrated. Sometime is true that having X feature or improvement is nice, but after nearle 2 decades using linux, I just want a system that works, and don't care about having all the shinny toys
749[11:13:19] <TheBigK02> its not only that... i like to use fancy hardware... for example my sennheiser earbuds wouldnt work if i woudlnt have switched from 20.04 to 20.10
750[11:13:28] <ratrace> flrnd: after nearly 2 decades of using linux, I still want to !sns sometimes :) but ye, mostly, especially on servers, I want JustWorks(tm)
751[11:13:43] <ksk> also, nothing wrong with installing "shiny foo" from upstream most of times, if your company/workflow/esoterics needs it.
752[11:13:53] <ratrace> true
753[11:13:58] <TheBigK02> and also AMD gets quite some tweaks here and there with newer kernel and so on....
754[11:14:07] <ksk> (Id not recommend installing latest Gnome from upstream, maybe :D )
755[11:14:31] <TheBigK02> another thing was a bug in KDE which couldnt handle proxy autodiscovery file... there are quite some reasons for me...
756[11:14:59] *** Quits: tzf (~tyzef@replaced-ip) (Remote host closed the connection)
757[11:15:00] <ratrace> there's gnome in snaps right? so one can try without danger of polluting/destroying the rest of the system. just "snap remove" if it doesn't work or breaks too horibly
758[11:15:13] <btravis76> wonder if gnome 40 is on debian-live-testing-amd64-gnome+nonfree.iso Date 2021-03-29 08:01 3.1G
759[11:15:14] <flrnd> then sid is better alternative as daily driver than stable
760[11:15:35] <rk4> reminds me...time to reboot and see how my shiny 5.11 kpkg goes!
761[11:15:35] <CommunistWolf> sigh
762[11:15:41] <ratrace> btravis76: nope, that's testing (upcoming Bullseye at the moment)
768[11:16:21] <flrnd> with testing in hard freeze, not sure when gnome 40 will enter in sid
769[11:16:47] <ratrace> summer/autumn 2021
770[11:17:16] <TheBigK02> from the looks ... gnome is to me some weird mix between macos and windows8... but i never used gnome... so ... im probably wrong
771[11:17:37] *** Quits: cdown (~cdown@replaced-ip) (Remote host closed the connection)
772[11:17:38] <flrnd> as a Mac user, it's a copycat wannabe xD
773[11:18:04] <ratrace> huh even snaps have 3.38 as latest .... THAT speaks volumes
774[11:18:06] *** Quits: kakaka (~koniu@replaced-ip) (Remote host closed the connection)
775[11:18:44] <btravis76> Just going to install debian-live-10.9.0-amd64-cinnamon+nonfree.iso
776[11:19:01] <btravis76> an wait until I see a video hit on a review of debian gnome 40
777[11:19:06] <TheBigK02> what is ur opinion on snap... for my part... i didnt get used to it yet... i try to avoid it for the most part
778[11:19:08] <flrnd> I teach design at the university. I've seen "this" behaviour a lot in students trying to reinvent the wheel in the name of being creative. GNOME suffers a lot from that. A few (real) UI/UX designers wouldn't hurt the project
779[11:19:13] <ratrace> btravis76: some say don't use "live" ISO for installation
780[11:19:19] <jelly> ratrace, only that Canonical is not crazy enough to try 40 yet, or that packaging needs work
812[11:27:43] *** Quits: cdown (~cdown@replaced-ip) (Remote host closed the connection)
813[11:28:14] <btravis76> flrnd : So your telling me there a chance
814[11:29:53] <flrnd> I'm telling you that the dock on Ubuntu has the exact functionality that dash 2 dock. The only difference are aesthetics (to match visually speacking the old Unity dock)
815[11:30:34] <flrnd> dash 2 dock will be more OSX-like, but the functionality is the same
819[11:31:32] <btravis76> love the dock in ubuntu that why am asking lol
820[11:31:47] <flrnd> :sigh:
821[11:32:08] <flrnd> btravis76: I don't know how :(
822[11:32:20] <btravis76> but when debain release gnome 40 am going to be quite about it
823[11:32:26] <btravis76> flrnd that ok
824[11:33:39] <btravis76> don't worry I understanding what you said on your first answer is not possible just trying to make you laugh on the dumber movie " SO YOU TELLING ME THERE A CHANCE " LMAO :') :') :')
923[13:03:42] <dob1> I am not sure how to negate this if bash condition if /bin/mountpoint -q "${mount2}" && /bin/mountpoint -q "${backup_mount}"; then
945[13:26:39] <ratrace> ! must be part of [ . [ is actually /bin/[ it's literally an executable that ... hacks.... its way into bash syntax to mimick a conditional syntactical sugar
964[13:35:18] <ratrace> okay who is the dpkg wrangler here .... this dumb idiot bot MUST be told to obey only specific regexes. I just accidentally created a factoid (which I cleared in privmsg with the idiot dpkg)
990[13:48:48] <ratrace> my only gripe here is that teh bot triggers on regexes and phrases that CAN be used in conversation that have nothing to do with the bot
992[13:49:03] <oxek> I think the whole debian ecosystem attracts a certain kind of user that's not as likely to be uncivilized as in some other places on the internet
993[13:49:19] <ratrace> the dpkg -l | grep thingy is, as can be seen here, a normal poart of convo, but if you start the sentence with dpkg, even without !, it triggers, which it SHOULD NOT
994[13:49:20] <Ede|Popede> yep, sometimes there's a reaction on false positives
995[13:49:31] <ratrace> teh bot must trigger on very specific, explicit, unaccidental, regex.
1095[15:05:26] <MrTrick> I've got a slow script. It works, just takes so long that it slows down the work.
1096[15:05:26] <MrTrick> Is there any tool good for watching it run, and coming back with metrics like how much TOTAL time it spent waiting for cpu, memory, disk, network?
1097[15:06:29] <MrTrick> (`top` et al are great for monitoring instant state of an ongoing process, I'm looking for accumulated state of one cycle of the script)
1098[15:07:24] <hejux> MrTrick: time /path/to/your/script
1112[15:20:29] <jelly> MrTrick, you wouldn't, but a script is a script, and calls other commands. You would look at which commands took the time and draw conclusions.
1115[15:21:25] <MrTrick> in the *other* direction it's easier. If network is slow, then db is the bottleneck, etc.
1116[15:21:31] <jelly> no ready-made tool that I know of to track all the threads and tell you which ones are waiting and when
1117[15:21:57] <MrTrick> Not even single thread? :-D
1118[15:22:07] <hejux> MrTrick: turn on the debug option of the script and run it
1119[15:22:37] <jelly> MrTrick, show me a script that's single threaded and does not call other commands, and I'll tell you that's not a script, it's a program
1173[15:38:37] <dpkg> cat /etc/debian_version (or lsb_release -sc). Or check /etc/apt/sources.list. If unsure about the distribution, $ cat /etc/{*version*,*release*,*issue*} should grab almost all distributions.
1197[15:41:54] <fltrz> ever given loads of thanks :)
1198[15:42:17] <hejux> i don't like this way, seperate the packages with bin/dev/doc
1199[15:42:26] <fltrz> my ancient as pharaoh version of debian can hobble along
1200[15:42:48] <hejux> debian 8 is still covered?
1201[15:42:53] *** Quits: Repox (~textual@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
1202[15:43:28] <ratrace> fltrz: we sometimes hve questions for wheezy, and I swear someone asked about sarge few weeks ago. so jessie ain't that ancient :)
1203[15:43:37] <greycat> !jessie lts
1204[15:43:43] <hejux> The Debian Long Term Support (LTS) Team hereby announces that Debian 8 jessie support has reached its end-of-life on June 30, 2020
1208[15:43:54] <dpkg> Security support for Debian 8 "Jessie" from the Debian Security Team ended on 2018-05-17. The amd64, i386, armel and armhf architectures received additional long term support (<LTS>) via <jessie/updates> until June 30, 2020 for a 5 year lifetime total. jessie-lts is no longer supported. Ask me about <jessie->stretch> and <stretch->buster>. See replaced-url
1210[15:44:57] <fltrz> yes, but don't worry about security, whoever compromised my system turned it into a honeypot anyway, its like bacteria, we live in symbiosis
1211[15:44:58] *** redcaptrickster is now known as redcaptrickster-
1212[15:45:11] *** Quits: redcaptrickster- (~redcaptri@replaced-ip) (Quit: My MacBook has gone to sleep. ZZZzzz…)
1213[15:46:00] <fltrz> just happy to still be able to fetch the libicu-dev fecal transplant
1227[15:48:42] <jelly> and ELTS costs a pretty penny. If your company can't afford a couple thousand euros a year, UPGRADE
1228[15:48:58] <jelly> !elts
1229[15:48:58] <dpkg> Limited commercial support for jessie exists in form of Extended LTS, see replaced-url
1230[15:49:06] <ratrace> holy cow
1231[15:49:12] <jelly> I probably need to update that.
1232[15:49:19] <ratrace> I'd rather say if you _need_ that ancient software and can't upgrade, you should really be paying up to Red Hat
1233[15:49:29] <fltrz> its no longer erroring on the include, but its seeing undefined references, but thats just probably me needing to figure out the compiler flags
1234[15:49:39] <jelly> ratrace, why would you pay effin Red Hat when you can keep using Debian
1235[15:49:47] <jelly> and pay Debian devs.
1236[15:50:14] <ratrace> because debian (E)LTS has nowhere near the guarantees of RH, even paid.
1243[15:51:20] <jelly> I'd rather pay a tiny .fr company with DDs than IBM
1244[15:51:23] <jelly> YMMV!
1245[15:51:38] <greycat> but if that doesn't work, read the man page for whatever function you're using, and ideally it will tell you which libraries to link
1246[15:51:48] <jelly> all of those are about equally able to backport CVEs
1247[15:51:55] <ratrace> frankly, I wouldn't. y'all can hate on RH but one thing is certain: they do majorty of work in the kernel, most of ecosystem and most of vulns are found by them.
1248[15:52:13] <hejux> greycat: is not a bot
1249[15:52:20] <ratrace> I don't use RH because I and my use cases, even the enterprise ones, do not need that level of guarantees.
1253[15:52:53] <jelly> I don't believe RH offers anything significantly better than Freexian
1254[15:52:54] <hejux> never get out dated
1255[15:53:12] <ratrace> hejux: what's that got to do, got to do, with anything I'm saying?
1256[15:53:32] <hejux> sorry i'm drunk
1257[15:53:32] <jelly> ratrace, except the bits of the code they're actually upstream for. Like device-mapper, LVM, some parts for the kernel, some parts of glibc
1259[15:53:53] <ratrace> some parts of gnome, some parts of NM, some parts of systemd, some parts of ..... frigin entrie ecosystem :)
1260[15:54:30] <jelly> ratrace, I honestly trust debian kernel people to do a better job of backporting stuff into 4.9 or 4.19 than RH keeping 3.10 safe
1261[15:54:46] <fltrz> hmm -Licu isn't fixing it, but I better stop pestering you, now its just a C/C++ gcc problem
1262[15:55:20] <ratrace> jelly: with majority of corporate kernel dev coming from RH, I'd be confidend they know what they're doing. The _are_ the Linux Kernel (tm)(r) developers.
1298[16:11:54] <ratrace> the context here is about code that ends up in kernel.org and thus used by the entire ecosystem. Sure, there's untold numbers of people who write kernel code for their own personal use that nobody else uses. there's also canonical with custom "SAUCE" patches that are ubuntu specific and not _yet_ upstreamed. I am not aware of DDs doing that except maybe occasionally, exceptionally, if even that.
1308[16:21:10] <ratrace> frankly, I wouldn't. simply by seeing and comparing where CVEs originate, who's mostly reporting them and how fast are fixes coming down in RH land vs Debian land.
1353[17:05:20] <jak2020> i try send a file with scp command: 695M Feb 6 06:03 debian-10.8.0-amd64-xfce-CD-1.iso but los the connection, then how to complete the upload file? thanks
1354[17:06:13] <greycat> use rsync instead
1355[17:06:14] <imMute> jak2020: run the command again. scp is not resumable.
1364[17:11:40] <greycat> use rsync instead, and it will pick up where scp stopped
1365[17:11:55] <greycat> if "ftp" is a directory, put a slash after it
1366[17:12:22] <imMute> does anyone know if there's a way to tell SSH to not store a host key for a specific host in known_hosts? I have a device that changes the SSH host key every time it reboots and having to delete known_hosts all the time sucks.
1367[17:12:39] <jak2020> yes is a directory ok thanks
1381[17:19:09] *** Quits: ax56234 (~NickServ@replaced-ip) (Remote host closed the connection)
1382[17:20:41] *** Quits: kakaka (~koniu@replaced-ip) (Remote host closed the connection)
1383[17:20:50] <jak2020> ok, actually: 15,171,584 2% 191.64kB/s 1:02:03 if i interrpt with ctrl+C and start gain would start on 2% right?
1384[17:21:01] <oxek> interesting, I never realized rsync has to exist on both sides. I thought if it exists only on the sending side, it just acts as a sort of network cp.
1387[17:21:19] <ratrace> jak2020: rsync doesn't literally resume. it does delta transfer check so it'd start from 0, realize there's delta chunks already present, and skip them
1388[17:21:49] <ratrace> essentially the same (transfers only what's missing), but nitpicky important distinction
1421[17:46:00] <dob1> in a script I am using ssh heredoc to execute some commands, in the heredoc part I am setting a variable, this will live just for the time the script is executed, right? (it's a password so I want to be sure)
1430[17:47:30] <dob1> greycat, can you explain please?
1431[17:47:55] <greycat> If this password is for ssh, use key auth instead. If this password is for sudo, ssh in as the CORRECT USER instead, or configure sudo not to require a password. If the password is for mysql, well, uh, talk to #mysql or upgrade to a better database.
1434[17:49:28] *** Quits: akp55 (~akp55@replaced-ip) (Remote host closed the connection)
1435[17:49:29] <dob1> greycat, it is not ssh password neither sudo one, it is the restic password that I use to run the backup on remote host so on heredoc part of ssh connection I have RESTIC_PASSWORD="somep password"
1436[17:50:01] <greycat> so the password is written in the clear, in the script
1437[17:50:13] <dob1> greycat, yes but not on remote host
1443[17:51:00] <dob1> greycat, the alternative si to create like enfs/gocryptfs directory on remote host and put inside it a file with the password.. no other idea
1444[17:51:25] <jelly> how do you even pronounce räträcé
1478[18:14:54] <graytron> imMute: since you don't care about security you could try setting IgnoreUserKnownHosts to "yes" in /etc/ssh/sshd_config (see "man sshd_config"). im pretty sure there used to be a similar client side option which allowed one to ignore the known_hosts file, but that doesn't seem to be the case anymore.
1482[18:16:22] <greycat> it's amazing how hard people will work to shoot themselves in the foot
1483[18:16:46] <graytron> oh yes
1484[18:16:48] *** Quits: fearnothing (~fearnothi@replaced-ip) (Remote host closed the connection)
1485[18:17:13] <jelly> on the other hand, people now have usage scenarios that ssh authors may not have thought of, and ssh is the default remote login tool
1488[18:17:32] <jelly> even if "remote" means "container running on the same machine"
1489[18:18:05] <graytron> imMute: maybe just ssh to "ssh-keygen -R host-name ; ssh-keygen -R host-ip ; ssh"
1490[18:18:48] <graytron> imMute: i mean, add an alias "ssh-keygen -R host-name ; ssh-keygen -R host-ip ; ssh"
1491[18:20:46] <imMute> graytron: the client and server are not on the same system. why would a client listen to a server that says "nah, you don't need to verify me" ?
1506[18:25:57] <qubit> What's the policy around bug fixes into stable? Bug #930839 was filed and closed as 'fixed' with fix in unstable back in 2019, but nothing in Buster stable. Should this fix be getting released to stable?
1508[18:26:03] <jelly> "... cloud-init initializes with random host keys, as it should," who knows
1509[18:26:24] <jelly> qubit, was the bug labeled as Found: in version in stable
1510[18:27:35] <qubit> I'm not seeing that exact text, but it says "Found in version ifupdown2/1.2.5-1" and 1.2.5-1 is the current version in stable
1511[18:27:40] <greycat> In *general*, bugs in stable are not fixed. Ever. Exceptions occur if the bug is security related, or considered serious enough to warrant a change in a point release.
1512[18:27:54] <jelly> debian developers often close bugs only in unstable, you need to poke them extra and say that the fix is useful in stable
1513[18:27:55] <qubit> ahh, ok. so I'd have to manually backport?
1514[18:28:30] <jelly> it's annoying but solves issues that are introduced when a fix for A breaks B
1515[18:29:36] <ratrace> "In *general*, bugs in stable are not fixed." let that sink in. must be dumbest policy ever to graze FOSS....
1521[18:32:06] <jelly> with Debian, you can quickly find the public bug report and know a) something is, in fact broken, and b) easily find the fix if you really need it
1534[18:39:45] <ratrace> oxek: you're assuming a bugfix changes the workflow
1535[18:39:55] *** Quits: TomyWork (~TomyLobo@replaced-ip) (Remote host closed the connection)
1536[18:40:08] <ratrace> jelly: I wouldn't count regressions as an argument against bugfixes. there's sometimes|often regressions in DSAs as well
1537[18:40:34] <oxek> ratrace: there's always that one person who has the weirdest workflow
1538[18:40:52] <ratrace> oxek: and that also applies to security fixes
1539[18:41:08] <ratrace> or political changes....
1540[18:41:18] <oxek> political changes?
1541[18:41:27] <ratrace> changes in code caused by politics
1542[18:41:31] <somiaj> So limiting the fixes to only the most important cases, security and grave bugs is the compormised debian has taken on their mostly frozen releases.
1543[18:42:33] *** Quits: Vizva (~Vizva@replaced-ip) (Remote host closed the connection)
1544[18:42:41] <oxek> I'm still looking for a distro that is like debian, but backports security AND bugfixes, without introducing new features. Probably doesn't exist.
1549[18:44:18] <imMute> oxek: CentOS is free is it not?
1550[18:44:28] <ratrace> oracle is too
1551[18:44:30] <oxek> CentOS is "dead" if we're to believe the doomsayers
1552[18:44:37] <somiaj> Yea, it takes a lot of man power and help from devs to nicely backport only the fix needed and sometimes this is just not possible, hence compremises.
1553[18:45:02] <ratrace> somiaj: which is why I'm surprised debian wouldn't (back)port bug fixes that don't have CVE attached
1554[18:45:38] <ratrace> then again there's taht freezing period where even CVE tagged changes don't trickle down...
1555[18:45:45] <somiaj> it depends on the bug, point releases contain multiple bug fixes
1587[19:16:29] <pvoigt> One of my Buster machines does not show the available 10.9 point release for upgrade. With the same package sources serveral other machines can be upgraded from 10.8 to 10.9. Any idea how to fix this?
1591[19:17:05] <dpkg> A suitable /etc/apt/sources.list for "Buster" has the lines: "deb replaced-url
1592[19:17:16] <oxek> the deb.debian.org one definitely has 10.9
1593[19:17:24] <Schwarzbaer> Hi. Any recommendations for a program to go through an image collection and tag the images?
1594[19:17:25] <greycat> !deb.debian.org
1595[19:17:25] <dpkg> deb.debian.org is a mirror network that is backed by international content delivery networks and for most users, this is the most reliable <mirror> to use in the <sources.list>. From Debian 9 "Stretch" onwards, apt queries SRV records in DNS which then send it off to a CDN. Older apt will get an HTTP redirect from deb.debian.org to the same CDNs. See replaced-url
1596[19:18:01] <oxek> the CDNs at deb.debian.org are 100% synchronized at all times, as far as I know
1597[19:18:03] <pvoigt> greycat, oxek: Thanks, will try that mirror.
1598[19:18:12] <oxek> it's not like the old httpredir one
1599[19:18:39] <greycat> "100% synchronized at all times" sounds like a fond wish, but it might be close enough in practice
1605[19:19:33] <oxek> last I asked about this, that's what I was told. They only make the new versions visible once all the servers have been synchronized
1606[19:19:48] <oxek> apparently something would break if that was not the case
1628[19:28:20] <oxek> they probably shouldn't have been running PHP on their git server :D
1629[19:28:26] <pvoigt> oxek: yes, apt updates sent ahead.
1630[19:29:18] <oxek> these supply chain attacks will be getting more frequent I guess
1631[19:29:20] <genr8_> Its DNS. its always DNS.
1632[19:29:51] <oxek> pvoigt: `apt policy base-files` on the affected machine? Unless you already fixed everything.
1633[19:31:14] <ratrace> oxek: the REAL fun here is that they're all fleeing to GH. So now we have one, central repo ecosystem to hack and then all the repos there will be totally pwnt. holy grail for supply chain attacks. Thanks, PHP, you're just dancing to their tune.
1634[19:31:54] <oxek> I think they just admitted they don't have the manpower/skills to handle security on their servers, so github is probably a better choice for them
1635[19:32:25] <oxek> It a choice between knowing your servers can be easily hacked, and knowing that it would likely take much more effort to hack github
1636[19:32:26] <pvoigt> base-files:
1637[19:32:28] <pvoigt> Installed: 10.3+deb10u8
1638[19:32:30] <pvoigt> Candidate: 10.3+deb10u8
1639[19:32:32] <pvoigt> Version table:
1640[19:32:34] <pvoigt> *** 10.3+deb10u8 500
1641[19:32:34] *** pvoigt was kicked by debhelper (flood)
1642[19:32:49] <imMute> ratrace: signed commits mitigates the problem of your hosting infra getting hacked.
1643[19:33:05] <oxek> hmm, I should probably always add a somment saying not to paste it directly in here but intead use some paste service
1655[19:49:11] <pvoigt> oxek: apt update took several minutes. I looks like the new mirror replaced-url
1656[19:50:41] <oxek> not much for me to do. You chose the "best" mirror deb.debian.org and ran a successful `apt update` which refreshed the contents of all local cache files.
1665[19:54:01] <pvoigt> Well, I have rebuild libsane from source several month ago due to a configuration error in the Debian provided package. I am no quite sure about the exact error but I thing it was a long black line on the scanned image.
1703[20:27:55] <pvoigt> oxek: OK, so I did not learn what went wrong with apt. Btw: Machine rebooted smoothly into 10.9. Thanks for your advice and feedback.
1760[20:55:53] <oxek> wine is not windows, hence it would fall under the category of "system modifications that change how the game runs"
1761[20:55:53] <Mathisen> i doubt proton is breaching any ToS. it is valves own stuff.
1762[20:55:54] <Ede|Popede> i've never seen a game stating "to be used on windows [$vers] only"
1763[20:56:11] <Mathisen> and proton would not work without wine
1764[20:56:21] <Ede|Popede> oxek, this would also be true for other windows versions
1765[20:56:22] <oxek> I've definitely seen games where unless you run on windows, you get banned because anticheat doesn't work or detects system modifications
1766[20:56:45] <Mathisen> thats diffrent
1767[20:56:51] <Ede|Popede> this kind of crap is one reason i'll never get a steam account
1768[20:56:55] <oxek> Ede|Popede: same
1769[20:57:21] <Ede|Popede> and if it does not *work* because of this than i'd blame the anticheat stuff
1770[20:57:22] <oxek> unless the game explicitly supports linux, and is sold separately without needing steam, I'm not getting that game
1771[20:57:37] <oxek> (I haven't played a game ever since steam came out...)
1772[20:58:03] <oxek> well ok, I tried minetest
1773[20:58:21] <oxek> oh and openarena
1774[20:58:34] *** Quits: catman370 (~catman@replaced-ip) (Quit: See you later..)
1775[20:58:37] <Ede|Popede> with my hardware i'm staying behind for natural reasons *g* but i pay for it, i want to HAVE something, not just "you may login to your account as long as we're fine with it"
1812[21:07:32] <dpkg> Shiny New Shit Syndrome is a serious disorder, which usually breaks out into an epidemic every time something new is released. If you have SNS, ask me about <backports> and <ssb>; these are better options than upgrading to <testing> because it is a <moving target>.
1813[21:07:37] <Ede|Popede> not my world xD
1814[21:07:45] <oxek> that's fair xD
1815[21:09:16] <flrnd> so, one of the sns synthoms is "I use arch btw", right?
1819[21:10:05] *** Quits: idhugo__ (~idhugo@replaced-ip) (Remote host closed the connection)
1820[21:10:09] <Mathisen> thats kinda true
1821[21:11:15] <oxek> I can't dislike arch, because their wiki is superior to anything else made by any other distro
1822[21:11:48] <sney> the SNS nerds always write the best documentation. gotta appreciate them, even if you don't dive in with them
1823[21:11:48] <oxek> and at the very least their wiki does not 403 me like the debian wiki does
1824[21:11:52] <Mathisen> the distro itself is not bad either
1825[21:12:31] <oxek> is it confession hour yet? ok, I'll start: I never managed to install arch, I only ever used it in premade containers or vm images.
1826[21:12:40] <flrnd> Nah, was a stupid bad joke
1827[21:14:11] <flrnd> and I agree with oxek, arch wiki is great
1828[21:14:35] <Mathisen> i used it as main dist for 3+ years now. for my desktop that is, for my VPS machines or other stuff i prefer debian.
1829[21:14:55] <NetTerminalGene> oxek: you need to be a teenage to install arch
1868[21:25:31] <NetTerminalGene> oxek: it's better to find a local installation guide i think. i installed like that. and it's not that hard really
1869[21:26:06] <oxek> to be fair, a script like this would be pretty neat for debian as well. I know debian has some preseed functionality, but it doesn't let me setup the partitioning the way I'd like.
1893[21:35:20] <oxek> I mean, it will work, and sudo will pick up some defaults (if arch works like debian), you'll just miss setup of secure_path and env_reset
1894[21:35:26] <oxek> which is pretty important but not critical
1895[21:35:36] <oxek> hmm, maybe it is critical, depending on your security needs
1897[21:37:22] *** Quits: Nokaji (~Nokaji@replaced-ip) (Quit: "... when the freedom they wished for most was freedom from responsibility then Athens ceased to be free and was never free again.” ~ Edward Gibbon (1737-1794) - Decline and Fall of the Roman Empire, 1909)
1898[21:39:19] *** Quits: Caesar_NayKid (~igloo@replaced-ip) (Remote host closed the connection)
1928[22:07:11] <Sia-> hi, postfix installed and everythin works without getting mails from my domain to each other. for example from wordpress@chawg.org to webmaster@chawg.org never reaching but if change the receiver to gmail or any other works fine!
1951[22:28:58] <deadrom> deb10 server with nfs4 mount of a server that is down at the moment. all file ops retry forever, a simple ls on the mount point stalls the console. umount says "device is busy" - impossble, it's shut down
1952[22:29:05] <deadrom> how do I get out of this?
1965[22:34:33] <genr8_> i know this is kind of like mindreading, but if that doesnt exist, then who knows what am I actually after ? The most minimal list of packages to get a system up and running
1987[22:41:39] <genr8_> does that sound right enough ?
1988[22:41:52] <jelly> genr8_, there's a different set of packages to get a debootstrap chroot running, or to get a VM running, or to get a bare metal server running
1994[22:43:01] <dpkg> debootstrap can create a basic Debian system from scratch, without apt/dpkg. Useful for installing in a <chroot>. It is key to installing Debian GNU/Linux from a Unix/Linux system. replaced-url
2000[22:44:15] <jelly> ramzy, that usually means either network or name resoultion (dns) isn't set up properly, or you really don't have internet connectivity
2053[23:06:09] <metbsd> i'm wondering,if stable is using 4.19, and 4.19 was released 2018 october, does this mean it doesn't support well hardware after 2018 october?
2054[23:06:30] <ratrace> cws: for windows host? I know there's drivers if win is guest.... but not if win is host
2055[23:07:00] <ratrace> (ie. redhat's virtio drivers for windows guests, network and scsi disks)
2056[23:07:16] <ratrace> metbsd: more or less
2057[23:07:45] <cws> ratrace: OH, sorry, I thought we meant guest.
2058[23:07:49] <petn-randall> metbsd: Only to a certain extent. Intel for example gets their drivers merged into the kernel well before their hardware gets sold. So an older kernel will support their newer hardware.
2086[23:18:25] <petn-randall> metbsd: It's your choice, but if anything on Debian doesn't work, I usually first try the kernel from backports before anything else.
2093[23:20:08] <flrnd> unless we're talking son bledding edge or rare hardware, if not work on debian won't work on other distros (and the other way around=)
2096[23:20:40] <dpkg> A backport is a package from a newer Debian branch, compiled from source for an older branch to avoid dependency and <ABI> complications. replaced-url
2097[23:20:56] <petn-randall> metbsd: ^^^ You install the kernel from backports, if that's what your question is.
2098[23:21:06] <flrnd> some hardware vendors release firmware updates for their laptops, others don't.
2102[23:22:01] <flrnd> I'd look for hardware issues, like intel+nvidia dgpus, it all depends if you just want install and forget (0 tinkerin) or you are willing to do some research
2103[23:22:16] <deadrom> 10 years ago when I build a media center of all dists out there it was debian who properly supported the intel hardware. not even ubuntu did. lasted for a decade.
2106[23:24:00] <deadrom> I hear some negativity recently about nvidia on linux. it still stands for me that if you want things to work in linux - go nvidia. was like that for me since... 2005? has that changed?
2107[23:24:21] <flrnd> yeah, many years ago I participated on a LAN party, I was in charge of an old proliant server (for a FTP to share stuff on the lan party) and I ended installing debian woody on that server after some fiascos
2118[23:26:51] <deadrom> oh, ye gods, an nvidia dev once introduced me to the finer details of how they handle that. but #nvidia is a good place for that *if* someone is around. got irc bouncer? :)
2186[23:48:16] <genr8_> debootstrap and cdebootstrap select all packages with Priority: required and Priority: important from the Debian mirror by default.