4[00:02:18] <oxek> what sort of other fonts do you need? Many are already installed by default, if you installed things like libreoffice, firefox, and other gui apps
5[00:03:38] *** Quits: YWH_1 (~foo_drive@replaced-ip) (Remote host closed the connection)
6[00:03:44] <fling> ok
7[00:04:10] *** Quits: madmattco (~kimjongil@replaced-ip) (Quit: sending nukes your way)
44[00:36:16] *** Quits: Mister00X (quassel@replaced-ip) (Quit: "I'll be back" — Arnold Schwarzenegger)
45[00:43:00] <oxek> jhutchins: I'm still hurt that the very expensive fonts I bought were not upgraded to whatever the new format was, and they asked me to just buy them again for full price
46[00:43:21] <oxek> opentype or something of that sort
101[01:24:02] <truexfan81> whats the deal with sudo on debian 10? i've enabled the sudo group in /etc/sudoers and added my user to the sudo group but when i try to sudo it says i'm not in the sudoers file
102[01:24:37] <sney> log out and log back in
103[01:24:43] <truexfan81> did that
104[01:24:49] <truexfan81> even rebooted the entire vm
105[01:24:55] <sney> then you did something else wrong. pastebin your sudoers file
114[01:28:59] <truexfan81> and i see i'm going to have to make a few bash aliases for some of my preferred commands so i don't have to type in the full path to sbin every time lol
148[01:59:34] <balleyne> I'm having a strange issue with a server. It wouldn't boot. Would hang at "Cleaning temporary files..." I eventually got it to boot by renaming /tmp and creating a new empty /tmp and then it boot no problem. But I still can't so much as ls the renamed /oldtmp
149[02:00:04] <balleyne> Any thoughts on how to explore what's going on with a directory when ls won't even work? (just hangs indefinitely it seems)
172[02:29:34] <cybercrypto> balleyne: Well... I would start with knowing what is inside that mount point (perhaps too many files in there causing ls to hang?)
173[02:30:53] <cybercrypto> balleyne: if that dir is used to hold logs, do you know that? any file patterns like application_name_time_stampyyyymmmddd.log? if known... you could try ls a single file and check if returns something.
175[02:32:11] <cybercrypto> balleyne: besides that, you may want to boot from rescue, single mode and check filesystem from other tools... I am afraid you will need a bit of background about that mount point, before moving forward.... Does ls works in any other directories?
192[03:00:16] <dpkg> debsums is a utility that will check a package's files against their checksums. The "-a" argument will instruct it to also check configuration files: "apt install debsums; debsums -a -s". Almost all packages come with md5sums included in the package or apt will have generated them for you; generate missing ones with "apt-get install --reinstall `debsums -l`". Ask me about <md5sums>.
261[04:30:04] <avu> also if FSM forbids there is ever an exploit in ssh that can be used without authorizing first, all ssh services exposed on 22 will probably be exploited in a matter of hours
262[04:30:21] <avu> with another port, you may have a few hours more to react unless you are explicitly targeted
267[04:36:08] *** Quits: horribleprogram (~horriblep@replaced-ip) (Quit: Where I came from the Great Wild 'n shit, where you can get shot if you crack smiles and shit...)
268[04:38:01] *** debhelper sets mode: +l 1037
269[04:38:25] <somiaj> fail2ban is also nice
270[04:39:02] <sney> yeah, to clean up any stragglers
490[10:00:05] <tete_> anyone an idea how i could check if my pci soundcard is broken? first i thought its the mainboard or the ssd. now i removed the soundcard and everything seems to work, windows boots again, debian does not behave strange anymore, but is there some proof that was it? except installing the soundcard again and see if those problems occur again. maybe some dmesg entries or so?
494[10:01:33] <wisbit> hi everyone, after seeing that runc:[2:INIT] was using a lot of memory, I checked as suggested the list of leaky mount points with this command for i in `ls /proc/*/mountinfo`; do wc -l $i; done | sort -k 1 -n
495[10:02:05] <wisbit> it showed a very long list of /proc/$$$/mountinfo ($$$ represents a number)
496[10:02:17] <wisbit> I don't really know what to do with that.
497[10:02:31] <wisbit> is it a problem ? is it solvable ?
498[10:03:08] <ratrace> wisbit: is this debian or devuan?
499[10:03:12] <wisbit> debian
500[10:03:28] <wisbit> I have lots of dockers running on that server, if that is relevant
501[10:05:24] <ratrace> well, not sure what you mean by "leaky mount points", the proc mountinfo items list .... mount information
502[10:05:51] <ratrace> what exactly is the _problem_ that you have? runc process taking "a lot" of memory? How much? Out of how much in total?
503[10:07:00] <wisbit> it's taking 200Mo, it's a the top of the list of mem usage (now that docker and firefox are shutdown)
505[10:07:36] <wisbit> also, weird thing is the list of mountinfo, it refers to lots of apache and httpd processes, which are not even supposed to be running. apache service is down
520[10:19:19] <wisbit> I am not very familiar with this. It started by seeing this runc process in system monitor that was just hanging there, not knowing it I had a read online which lead me to what I mentioned earlier. Now, if that's not a big deal, than I can just drop it and it's all well and done.
522[10:21:47] <ratrace> wisbit: 200 MB doesn't _sound_ like big deal. open chromium and a few tabs and 2000MB it consumes won't be a big deal because that's chromium. relatively speaking.
623[11:11:20] <Franciman> jelly, the thing is that I am compiling a commit in the middle of two releases
624[11:11:25] <Franciman> probably they introduced an error
625[11:11:35] <Franciman> and then fixed it
626[11:11:51] <Franciman> because I can successfully build 4.16
627[11:12:02] <Franciman> but the bug is introduced between 4.15 and 4.16
628[11:12:07] <Franciman> > I hate qualcomm
629[11:14:21] <jelly> !debootstrap
630[11:14:21] <dpkg> debootstrap can create a basic Debian system from scratch, without apt/dpkg. Useful for installing in a <chroot>. It is key to installing Debian GNU/Linux from a Unix/Linux system. replaced-url
631[11:14:38] <jelly> !schroot
632[11:14:39] <dpkg> schroot is an easy way of setting up a <chroot> in a way that can be treated as a session. If desired, modification to the chroot can be prevented using overlayfs or LVM snapshots, making it very convenient for building packages or simply running packages from other releases with minimal containment. See replaced-url
636[11:15:01] <dpkg> sbuild is, like, The 'sbuild' package provides a way to build Debian packages within <chroot> environments that are managed using the <schroot> utility. Building within sbuild saves installing the build-dependencies on your machine and also compiles in a clean environment; sbuild is used on the Debian <buildd> network. See replaced-url
637[11:15:28] <jelly> I've seldom used any of the wrappers for debootstrap. There might be better alternatives.
683[12:01:08] <ratrace> hegemoOn: when you run apt-get noninteractively.... you need to tell it it's noninteractive with an env DEBIAN_FRONTEND=noninteractive
706[12:11:52] <hegemoOn> inconsistency detected by ld.so
707[12:12:00] <hegemoOn> ratrace: they are
708[12:12:03] <zodd> is there a way (website) which can draw me a picture what the effect (cascading) will be of installing a certain (backported) package so I know upfront what consequences it might have?
709[12:12:13] <hegemoOn> exactly the same iso with same setup installation
710[12:12:24] <hegemoOn> same hardware and same installation
711[12:12:26] <ratrace> hegemoOn: clearly something IS different about them
712[12:12:29] <hegemoOn> beside hiostname
713[12:12:51] <ratrace> hegemoOn: what is the action you're performing and what is the exact error you receive
723[12:14:58] *** Quits: nicopok (~nicopok@replaced-ip) (Remote host closed the connection)
724[12:15:42] <zodd> casus: I would like to upgrade chromium/chromedriver on a headless server running Buster to facilitate some software. If I pick the versions from Bullseye I might trigger a libc6 upgrade for instance which will enforce upgrading a lot of other stuff causing a semi dist upgrade which I do want to avoid
726[12:16:45] <ratrace> zodd: that's not the same as installing backported packages per your original question, that's mixing repos and that's seriously not recommended unless you want BrokenThings
728[12:17:23] <ratrace> zodd: there is no tool that can predict failures taht will happen. there is also no tool that can predict dependency clashes based on mixing repos, unless you count apt itself when you try to install something
730[12:17:35] <zodd> exactly. But backported packages can introduce backported libc6. At least I have had some experiences of that in the past. Do not want to go that road
731[12:18:00] <zodd> basically I am looking for a sandbox apt
752[12:23:20] <hegemoOn> one share, mounted on several clients
753[12:23:28] <ratrace> bottom line, if you have mixture of wheel and locally compiled (with custom options, even if -march=native) python modules, there may be clashe, yes. eitehr use wheel or compile.
754[12:23:39] <hegemoOn> if i do an md5sum on exported file, they are all the same
755[12:23:45] <ratrace> hegemoOn: which question, there's several?
768[12:37:02] <hegemoOn> well, my interrogation, was about nfs, and that suggested fact that nfs doesnt enforce constency of bits across all clients sharing the same export
769[12:37:11] <hegemoOn> which is quite surprising
774[12:38:40] <jelly> zodd, backported packages from debian backports will never introduce as significant changes as a new libc6. and building chromium is a pain if you do it yourself, so yes, testing or unstable in a container seems a reasonable approach
777[12:41:36] <ratrace> hegemoOn: but my point was, if you have nfs mounts, from which you execute code, you effectively introduce a variable in your setup. especially with python involved, and you mention "users" and implying you don't have control over which code they're running, and implying there may be locally compiled modules, vs wheel based modules .... that's a recipe for having setups that aren't identical
810[13:23:44] <queip> open software deliveres proper XMPP client with functionality like "staying the hell connected to server without manual intervention": no
811[13:23:51] <queip> why open software model failed us?
829[13:27:09] <queip> the entire reason for debian is that software in repos, besides of being open source, should generally be stable, e.g. provide most basic functions (Even if a bit old)
830[13:27:15] <jelly> why custom? Fix it and GIVE BACK the fix to upstream
831[13:27:28] <jelly> queip, that's not what "stable" means
832[13:27:28] <queip> jelly: so see you in 3-5 years?
834[13:27:49] <jelly> stable means: the set of issues is known and does not change for the duration of the release
835[13:28:01] *** debhelper sets mode: +l 1071
836[13:28:07] <jelly> it doesn't mean the software is fit for any particular purpose
837[13:28:18] <ratrace> that's even in the EULA
838[13:28:23] <jelly> ikr
839[13:28:27] <queip> jelly: that may be definition, but so then, users of debian stable should not be expected to find in repo software that works in it's most basic functions correctly, like text IM client that can stay connected to server?
840[13:29:07] <jelly> queip, correct. If things are broken, the best way forward is to help fixing them
842[13:29:29] <queip> so like "it's ok that is broken, because 1) you can't sue us haha look into EULA and 2) you should had fixed it 5 years ago lmao"?
843[13:29:51] <queip> ratrace: this bug is afaik among all servers, in gajim
844[13:29:59] <jelly> queip, it's more like, if you don't fix it now, it might still be crap in 3-5 from now and we'll have the same conversation AGAIN
845[13:30:02] <ratrace> but proprietary software servers?
846[13:30:21] <queip> ratrace: *all* servers, including open source server like ejabberd or whatever
847[13:30:35] <queip> it's bug in client only - it doesn't automatically re-try reconnection if it is in "Desyn" state
850[13:31:05] <jelly> the next best thing is to at least make sure the bug is reported so others are aware
851[13:31:09] <queip> jelly: and the end result is still apparently no one did
852[13:31:27] <jelly> queip, you're still thinking someone ELSE is supposed to do it
853[13:31:32] <queip> yeah
854[13:31:38] <jelly> that's the core misunderstanding
855[13:31:46] <queip> I'm not building LFS here, I want to use text chat
856[13:32:06] <jelly> queip, is the bug reported?
857[13:32:30] <queip> jelly: exactly. my observation is that it failed to worked out, no one fixed it. yes even if technically people can gloat "lol ur fault not fixing it"
858[13:33:07] <jelly> it's not gloating, it's stating the fact
859[13:33:42] <jelly> with open source, you're at least able to do something about other than reporting
860[13:33:56] <queip> lmao reported 13 years ago. but not sure if it's the same exact bug, or other with same symptoms. replaced-url
861[13:33:57] <jelly> with a closed source you're not able to do that
864[13:34:31] <queip> jelly: yes I know how OS works, the point is that this option allowed by OS is often not leading to good software at all
865[13:34:56] <ratrace> here's the thing. the whole idea of open source, libre source, GPL and similar licenses .... is that it's ALL built and made and designed for programmers, not for non-programming end users.
872[13:35:50] <queip> (and I think you are very wrong on that user base limit there)
873[13:35:51] <jelly> if you can't fix it, pay someone who can
874[13:35:59] <ratrace> queip: I never said there was a limit
875[13:36:08] <shtrb> ratrace, I would dissagree with your claim , I know a 90 year old who happen to use FoSS tools for many years for his day to dat usage
876[13:36:09] <ratrace> I said the entire idea of "here's the source code" is aimed for programmers
877[13:36:21] <queip> ok then debian.org should warn about it?
878[13:36:27] <ratrace> shtrb: and again, I never said they _cant_ do that
879[13:36:41] <jelly> queip, they do. It's basically in every open source licence.
880[13:36:48] <queip> "Yeah the jokes are true, this is OS for nerds only. You don't know C/C++/make/etc, then don't expect good experience it's not designed for you"? I hope that aint true ;)
881[13:36:53] <ratrace> shtrb: but a 90 year old NON programmer has zero gains from GPLs statement that modifications should be contributed back
882[13:37:17] <shtrb> ratrace, still better from being with MS grip
883[13:37:30] <ratrace> not even for _nerds_ the entire premise, initial idea, basement and foundation for the FOSS ecosystem is that source is freely available for modifications and reuse
884[13:37:35] <ratrace> shtrb: oh definitely.
885[13:37:42] <queip> not saying that payable opensource is a bad model, maybe there is some idea there
886[13:37:46] <ratrace> just saying: if you don't at least report a bug, nobody's gonna fix it
887[13:38:14] <jelly> if you report it, that doesn't mean too much, but at least other users can find it
888[13:38:16] <queip> fixing bugs is usually not fun at all and therefore expensive
889[13:38:17] <shtrb> queip, I dissagree with your claim , there are different tools, you can however pay (standard chagre can go as low as 50 euro per hour of work and normally a decent dev would say to you how much time it should take him )
890[13:38:34] <jelly> queip, it's fun if you like that sort of thing.
891[13:38:56] <queip> jelly: looking at state of how buggy most common programs are, it would seem it's not fun for many ;)
892[13:39:06] <shtrb> queip, it depends , I'm a dev and I don't remember when ever I was a annoyed from fixing existing bugs
893[13:39:15] <queip> no GOOD email client, no GOOD IM client exists in debian, never had
894[13:39:34] <queip> btw video drivers are also a bane
895[13:39:36] <shtrb> queip, we don't get enough time to fix stuff and priorities stuff , which is a different issue
896[13:39:37] <jelly> queip, how do you propose that situation to change?
897[13:39:41] <queip> (which might be more of vendor fault)
898[13:39:59] <queip> shtrb: yeah but common good IM and good email client
899[13:40:00] <shtrb> queip, mutt, kmail are very nice E-Mail clients, there is a plato for good IM client
900[13:40:03] <ratrace> queip: frankly, no good email client exists ANYWHERE. in MS, on Apple, on Android, on OSX ....
901[13:40:04] <queip> Im not asking for niche software here
902[13:40:17] <shtrb> queip, KTP and pidgin are extramly good
903[13:40:26] <queip> shtrb: kmail is totally messed up, though yeah only one with proper features. if you can get it to work
904[13:40:34] <ratrace> queip: and I can tell you that as an MTA admin for over 10 years who's seen her share of client side bugs and problems with all the email programs
905[13:40:43] *** Quits: Jerrynicki (~niklas@replaced-ip) (Remote host closed the connection)
906[13:40:46] <queip> shtrb: pidgin has OMEMO encryption now? attachments?
907[13:41:06] <shtrb> queip, that's not a definition for "GOOD" , that have a specific feature you wish to get
908[13:41:11] <queip> ratrace: kmail bugs include inability to work at all due to the akonadi things
909[13:41:17] <shtrb> OMEMO is a replacment , for existing and working OTP
910[13:41:28] <queip> *OTR
911[13:41:41] <jelly> omemo and otr are not things your grandma would care about
912[13:41:43] <shtrb> sorry OTR
913[13:41:44] <ratrace> shtrb: also this: I pad serious money for some games. They still, to this day, have glitches and bugs nobody fixed.
914[13:41:54] <queip> afaik omemo is superior; and otr in pidgin had lots of problems regarding authenticating the fpr
915[13:42:01] <ratrace> AllSoftwareSucks(tm)
916[13:42:16] *** Joins: creat (~creat@replaced-ip)
917[13:42:23] <shtrb> queip, have you reported the bugs regarding OTR in pidgin ?
918[13:42:26] <jelly> at least these days you can actually pay a debian developer to fix things, over freexian
919[13:42:27] <queip> ratrace: well games mostly do not have totally breaking bugs in most basic functions. unless it's like F67 or Cyberpunk2077 ;)
920[13:42:34] <queip> *F76
921[13:43:02] <ratrace> queip: well _some_ games obviously do. like _some_ email clients, _some_ xmpp clients, ... ;)
922[13:43:03] <shtrb> jelly, you can pay non DD too , to make it into upstream
924[13:43:16] <queip> shtrb: some bugs I reported, almost always they went unfixed so long I lost interested. but also seems other reported failing it too, another thing not working as some would envision, in foss community
925[13:43:39] <queip> ratrace: waiting for 1 good email, and 1 good im client in debian that will not break
926[13:43:52] <ratrace> queip: %s/in debian//
927[13:43:53] <jelly> queip, Debian merely shows that side of software development in public
928[13:44:09] <jelly> "we don't hide bugs"
929[13:44:10] <queip> kmail -> akondai craps out. most other client lacks functions. thunderbird broken external gpg (and lacks functions anyway)
930[13:44:33] <queip> im -> gajim CAN'T AUTOCONNECT (wtf). piding->otr has problems, and it's implementation of it has more problems
939[13:46:08] <queip> maybe we like like "Debian but less bugs"® that fixes most bugs but users pay yearly subscription
940[13:46:13] <queip> this still can be foss btw
941[13:46:22] <jelly> queip, it's called a LTS subscription.
942[13:46:27] <jelly> !lts
943[13:46:27] <dpkg> Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies. Ask me about <jessie-lts> and <stretch-lts> and see replaced-url
944[13:46:46] <queip> jelly: these problems existed mostly in Jessie too
945[13:46:55] <jelly> they don't fix "most" bugs, but you can pay for the specific packages you need to work
954[13:48:03] <jelly> and I'm sure LTS people will be happy to company's money to fix things in stable, too
955[13:48:15] <EdePopede> queip: long ago i couldn't play a discworld game from CD ("copy" "protection", so always keep it in the drive!) because the drive ran at full speed during the endless intro which couldn't be omited and right before it would have been done the drive decided to take a break to cool down. which made the software crash instantly because the data it waited for didn't arrive.
956[13:48:16] <queip> company?
957[13:48:45] <themill> I did hear of people who would love to be paid to maintain Qt/KDE stuff.
958[13:48:48] <jelly> queip, yes. well maybe you can sponsor 250EUR/month from your own pocket
959[13:48:51] <EdePopede> and this was a *commercial* product with a bug that would not have been necessary at all if someone wouldn't have hacked it with a "who cares" attitude.
960[13:49:08] <queip> jelly: but why are we talking about commercial user, what about desktop users
965[13:50:28] <jelly> queip, either you wait for a DD to fix it, and we know that usually does not work, or you fix it, or you pay someone. The context that "you pay someone" and that can be done via LTS.
966[13:51:11] <EdePopede> too much code for too few devs
967[13:51:22] <jelly> tanstaafl
968[13:51:40] <EdePopede> that's like a construction worker trying to feed his 8 children 100 years ago.
969[13:51:45] <jelly> open source != free bugless lunch
970[13:52:15] <queip> how about project where users (and heaving in mind also regular home users) pay like dunno 10-30$/year subscription , in return they get more support and especially it funds prioritization of fixing bugs they are affected by
972[13:52:57] <jelly> queip, you need at least $80 for an hour of dev work, and that's cheap
973[13:53:07] <queip> plot twist: the payment is more where no important bugs exist, less is buggy. e.g. 50$/y, but if some amount of basic programs are boken then only 30$, if more then 10$, and if things are very bad then they don't pay that year if still unfixed
974[13:53:46] <EdePopede> jelly: just imagine only half of the people investing their time and skills into some project which is just 1% different would instead work on whatever their code had been forked from
975[13:53:58] <queip> jelly: fyi almost no C/C++/Java/Pythin developer earns that much in Poland, usually x3-x6 less. just a tidbit
976[13:54:36] <jelly> queip, the DDs working on LTS get 80EUR/hour, and they're in all kinds of countries
977[13:55:05] <queip> wow I would be probably richest developer in my (major) town
978[13:55:19] <queip> anyway. yeah it just depends on number of uers
979[13:55:21] <queip> *users
980[13:55:35] <jelly> queip, if you're getting paid $12/hr, and are able to triage and backport security fixes, consider working for LTS. They are asking for more people.
981[13:55:50] <EdePopede> jelly: not only devs, that's true for a lot of jobs when it comes to eastern europe. without them prices for asparagus, strawberries and a lot of other agricultural products would just explode, and most of old people being on their own would have to chance to get anyone for daycare.
982[13:56:12] <jelly> EdePopede, I know, I live there.
983[13:56:43] <EdePopede> err. was an answer to queip this time, no idea where your nick appeared from xD
985[13:56:55] <queip> I bet reconnect bug is <1000$
986[13:57:03] <queip> bounties might be one idea
987[13:57:20] <queip> but a downside of this exact approach is that it almost incentives to create bugs, at some point
988[13:57:23] <EdePopede> the good thing in software is it's done a single time and if it is successful then !next
989[13:57:38] <shtrb> queip, you overestime charging values
990[13:57:48] <jelly> EdePopede, unless you have a cesspool like openssl
991[13:57:51] <EdePopede> devs creating bugs just to be able to fix them later? ey, they're not firefighters :P
992[13:58:16] <queip> EdePopede: "at some point". more like "why spend x3 more time and write more UTs and fuzzers and shit"
993[13:58:28] <queip> "at most this will result in getting LESS money for my friend"
994[13:58:46] <jelly> fuzzers are finding more bugs in eg. linux kernel than devs can fix.
995[13:59:02] <queip> when you pay for code remaining bug-free, it is motivation to use most productive approach, tests, UTs, all
996[13:59:24] <queip> jelly: security and quality of Linux is another can of worms, maybe one day
997[13:59:24] <jelly> there's hardly a reason to deliberately introduce new ones, when 70% are accidentally introduces anyway
998[14:00:02] <EdePopede> *nod* it's easy to blow air/liquids into a pipe and find out some gets lost somewhere than to find the hole (even in that exact situation)
1001[14:01:38] <EdePopede> also some things were considered fine when it all started (linux, bsd, unix), but aren't today anymore. SUID root (think beep), fingerd, the world is an evil place.
1002[14:02:16] <queip> decision maker of default on beep in linux bash should anyway be pushed to lava source block. in minecraft
1003[14:03:22] <queip> only hw developers ending beeper presence in PCs ended that blunder
1004[14:04:43] <EdePopede> because i looked at Discord again last week (suid chrome-sandbox) i also checked my system for them. there are a couple left, i really would like some other approach. the graphics i've seen showing how (iirc) pkexec works looked good. the critical stuff is done by privileged code which tells userland code to do something and gets it back to the user code requesting it.
1081[14:58:38] <queip> tinga: "You may submit bugs against the list archives using the lists.debian.org pseudo-package or contact the maintainer at listmaster@lists.debian.org. "
1082[14:58:57] <queip> (in footer)
1083[14:59:01] <tinga> OK I'll mail them. Thanks
1084[14:59:11] <jelly> tinga, I see four messages in replaced-url
1085[14:59:12] <EdePopede> tinga, looks ok here? replaced-url
1086[14:59:35] <queip> indeed I see 4 msgs there
1087[15:00:06] <tinga> It just endlessly spins for me ("transferring data from lists.debian.org")
1088[15:00:30] <jelly> try to quite your web browser and open it again :-D
1116[15:11:37] <tinga> Works fine if I disable LocalCDN add-on.
1117[15:11:43] <tinga> OK, got it solved.
1118[15:12:41] <tinga> (Well, at least in as far as it's a compatibility issue with that. Odd since I'm also using uBlock Origin with js off and I thought LocalCDN only stores js.)
1135[15:23:42] <Enissay> Using terminal SFTP to upload a file, it works fine, but if I interrupt the transfer then relaunch again, it gives me: `remote open("/myDir/myFile.deb"): Permission denied`
1170[15:56:55] <Enissay> ratrace: there is a small file yes. Normally it should either replace or resume. I get the same error when adding resume flag `put -a myfile.deb`
1171[15:57:12] <ratrace> Enissay: and what's ownership and permission on that file?
1186[16:01:30] <ratrace> Enissay: Unlesss .... you really _are_ using SFTP ( openssh's sftp(1) ) .. is taht the case?
1187[16:02:04] *** Quits: konrados (~konrados@replaced-ip) (Remote host closed the connection)
1188[16:02:11] <ratrace> (openssh's or some other openssh-ftp client)
1189[16:02:49] <twobitsprite> bullseye really doesn't have a /usr/bin/{or whatever}/python? and update-alternatives doesn't have alternatives for "python"?
1193[16:03:31] *** Quits: amunak (~amunak@replaced-ip) (Remote host closed the connection)
1194[16:03:40] <twobitsprite> do I really need to just make a symlink in /usr/local/python or something to run python scripts?
1195[16:03:51] <twobitsprite> I feel like I must be missing something
1196[16:04:28] <ratrace> interesting problem. I wonder if bullseye's idea of keeping python2.7 around means it's not switching `python` to `python3` just yet
1204[16:06:18] <twobitsprite> imMute: interesting... python-minimal has no installation candidate, but it does list replacements: python-is-python3 python-is-python2 python2-minimal
1205[16:06:25] <imMute> odd that it would show up in that search...
1206[16:06:29] <ratrace> but ... there'y python2.7-minimal
1218[16:09:26] <cws> twobitsprite: My suggestion would be to use 'env'.
1219[16:09:26] <twobitsprite> I get that python3 threw a spanner in the works for everyone... I'm just surprised Debian doesn't have some "python" executable in the path, and doesn't seem to have update-alternatives support...
1220[16:09:36] <cws> #!/usr/bin/env python2 or /usr/bin/env python3
1221[16:09:47] <twobitsprite> cws: env doesn't fix this. in fact, the script I'm trying to run is using env
1222[16:09:49] <imMute> twobitsprite: it also looks like if you upgrade from an older release that had python2.7 installed, you get pyton-is-python2 automatically. and I'm guessing that Debian either upgraded all their scripts or made the #! explicit
1223[16:10:01] <nkuttler> changing the system default python would probably break lots of stuff
1225[16:10:41] <ratrace> actually, that `python` means python2 exclusively, is mandated by a PEP. now with 2 being EOL'd there's another PEP that _allows_ `python` to mean `python3`
1227[16:11:23] <twobitsprite> I thought the convention going forward was to always assume "python" is python 2.x and if your script was written for python 3, to explicitly call "#!...python3"
1228[16:11:24] <ratrace> so the question _I_ am interested in is, does Bullseye implement the switch of `python` to mean `python3`, or does it still keep it to mean 2
1229[16:11:30] *** Quits: nicopok2 (~nicopok@replaced-ip) (Remote host closed the connection)
1236[16:12:18] <ratrace> twobitsprite: unless you install python2-minimal
1237[16:12:36] <twobitsprite> ratrace: you mean, python-is-python2
1238[16:12:54] <ratrace> and you shouldn't really. py2 in Bullseye is only there to support some important dependencies that couldn't be migrated in time. it's a dead python. unpatched. bereft of life. it's an ex python.
1239[16:12:57] <twobitsprite> ratrace: but that's my point, a lot of scripts assume there is a "python" on the path, and usually it's assumed that's python2
1240[16:13:00] <ratrace> twobitsprite: I mean python2-minimal
1241[16:13:05] <ratrace> which pulls in python2.7-minimal
1242[16:13:36] <ratrace> twobitsprite: yes, a lot of scripts expect `python` to mean 2
1243[16:13:38] <twobitsprite> ratrace: I thought someone said python2-minimal provides a "python2" executable, but not a "python" executable
1244[16:14:02] <twobitsprite> (I haven't verified, because I installed python-is-python2)
1245[16:14:10] <ratrace> cws's suggestion to use env is the best scripts can really do
1246[16:14:28] <twobitsprite> env doesn't fix it though
1247[16:14:36] <twobitsprite> you still need to know the executable name
1248[16:14:44] <twobitsprite> "#!/usr/bin/env python" still breaks
1249[16:15:00] <ratrace> ah yes, I confused the bins ... python2{.7}-minimal installs /usr/bin/python2.7
1250[16:15:26] <twobitsprite> and I just checked,
1251[16:15:34] <twobitsprite> I already had python2-minimal install
1255[16:16:27] <twobitsprite> and I know the "Right Thing(TM)" is for scripts to call "python2" or "python3", but a lot of existing scripts just call "python" (either as "#!/usr/bin/python" or "#!/usr/bin/env python")
1257[16:17:16] <twobitsprite> I just worry that bullseye is going to cause a lot of unexpected breakage when people start using it in production
1258[16:17:31] <karlpinc> FWIW, a history of what the python people suggest "python" runs: replaced-url
1259[16:17:44] <imMute> twobitsprite: those scripts will need to be updated. you can't expect to just move scripts/programs/processes forward without needing to update them once in a while.
1261[16:18:33] <ratrace> twobitsprite: it won't break packaged scripts. the idea is to have them properly reference the python they need, otherwise it's a massive bug that can be easily fixed
1262[16:18:42] <twobitsprite> imMute: /usr/bin/perl is still perl5
1267[16:19:42] <twobitsprite> *shrug* whatever, break people's shit, I'm just saying I think it's a bad decision that's going to make a lot of people mad at Debian
1268[16:20:33] <imMute> twobitsprite: not the same thing. python3 is the next version of python. perl6 is not the successor to perl5 (despite the name)
1292[16:31:28] <imMute> twobitsprite: extremely easy! 'sudo apt install python-is-python2' or upgrade from a system where python 2 is already installed.
1293[16:31:36] <ratrace> twobitsprite: but there's no more python2 for regular use. the package in bullseye is special and not recommended to install or use manually
1294[16:31:52] <ratrace> there shouldn't even been python2 in bullseye, but here we are....
1295[16:32:01] <cws> python2 is EOL, if you're still using it, stop, if you have stuff that uses it, update it.
1296[16:32:23] <cws> Its not pigheaded, its reality.
1297[16:34:05] <ayekat> distros aren't (and shouldn't be) responsible for maintaining dead stuff
1318[16:52:17] <ratrace> twobitsprite: this has nothing to do with "neckbeardery" (ass uming you mean hardened unix veteranism bordering luddism :) )
1319[16:52:37] <ratrace> python2 == EOL. dead. is no more. it's an ex python. bereft of life.
1320[16:52:59] <cws> ratrace++ for monty python python
1321[16:53:04] <ratrace> the only reason there's traces of it in Bullseye is that some important packages still depend on it, so it's a dependency, one that is DEAD, will not receive any updates and NOBODY should use it.
1322[16:53:08] <ratrace> cws: :)
1323[16:53:36] *** Quits: Vizva (~Vizva@replaced-ip) (Remote host closed the connection)
1326[16:54:01] <TheBigK02> booting old kernel helped... but what changed
1327[16:54:02] <ratrace> so if lack of /usr/bin/python breaks someone's python2 script in second half of 2021, that has nothing to do with debian.
1328[16:54:42] <ratrace> also, Debian would be quite within rights and PEP recommendations if /usr/bin/python symlinked to python3. that'd still break somoene's old, unpatched broken python2 script that expects `python` to be 2.x
1338[17:00:27] <Enissay> ratrace: I am not sure, not my server, how to check that ?
1339[17:02:04] <jhutchins> TheBigK02: It might give us some insight if we knew what release you're running, and which specific kernels are your "old" and "new".
1340[17:02:51] <ratrace> Enissay: well you know what client you're using.
1341[17:03:40] <ratrace> Enissay: is it openssh-ftp, like sftp(1), or perhaps Filezilla set up wiht openssh keys, or is it literally FTP, the one listening on port 21
1373[17:22:13] <shtrb> Enissay, I used it for a while you need to check what the server is listening on (what mode) , an interupted connection has a timeout of a few minutes for which you will not be able to erase or overwrite the file (until the server disconnect the previous connection )
1377[17:23:48] <shtrb> The easiest way to debug , is to connect using sftp and send ls (to see if you are even allowed to list it) and rm for that file and see if you have a permission to drop it.
1389[17:25:11] <ratrace> and I have a nagging suspicion here, that s/he isn't using "proftpd" user for SFTP, and there's a clash of uploading via FTP(S) and SFTP because FTP(S) files are owned by proftpd
1390[17:25:13] <shtrb> I think he might be using Filezilla Client but a different server (which would explain the proftpd)
1401[17:29:11] <ratrace> shtrb: I am asking if proftpd support openssh-ftp protocol, aka SFTP. I know proftpd does FTP(S) (FTP over TLS/SSL) .. but does it also do openssh-sftp ?
1406[17:29:57] <ratrace> okay. so the question is here, which user is SFTP tried as, and is there a clash between that user's, and uploads via FTPS which would be proftp unless configured wiht a uid map
1427[17:32:43] *** Quits: szorfein (~daggoth@replaced-ip) (Remote host closed the connection)
1428[17:32:47] <ratrace> maybe this is too much yak shaving, compared to the original problem. uploading a file, interrupting, then resuming would result with permission deined.
1436[17:34:38] <shtrb> If you disconnect mid download , and reconnect after one second you will not be able to continue because the file handle is still open
1437[17:34:44] <shtrb> *mid upload
1438[17:35:06] <ratrace> ah, and open in exclusive access mode or something. possible, yes. that'd explain this definitely.
1439[17:35:09] <ratrace> Enissay: ^^^^
1440[17:35:59] <shtrb> My common workaround for this is to try to manually to erase the file, if I can't it's this annoying issue and I just need to wait for a few minutes for it to free the file
1441[17:36:23] <shtrb> as long it's in TIMEWAIT state you can't do anything
1453[17:45:18] <jvwjgames> I am wondering why my laptop is going slow with Linux I have 4 gigs of RAM a Intel i3 processor and 2TB of HDD storage
1454[17:45:45] <Enissay> even after disconnecting and connecting again, the file still cannot be resumed/overriten. I see this in log `OPEN command for '/myFile.deb' blocked by 'STOR' handler`
1455[17:45:56] <greycat> 4 GB is considered a bit low if you run a web browser
1456[17:46:14] <jvwjgames> Even installing was slow
1457[17:46:46] <jvwjgames> My laptop doesn't use even a gig of RAM due to the lightweight version of desktop I am using
1462[17:48:57] <jelly> jvwjgames, if your workload isn't bottlenecked by RAM, replacing HDD with SSD would probably be the next best thing to improve general responsiveness
1463[17:50:27] <jvwjgames> Ok thanks
1464[17:50:38] <jvwjgames> Also the laptop is a Sony Vaio
1465[17:51:09] <jelly> cpu model. Not laptop brand.
1466[17:51:21] <shtrb> Enissay, STORE command is exactly what I mentioned before
1467[17:51:26] <jvwjgames> Oh sorry
1468[17:51:39] <jelly> grep model.name /proc/cpuinfo | head -n1
1469[17:52:38] <shtrb> ratrace, but WHY ?!
1470[17:52:48] <jelly> core2duo or older will feel sluggish in general, they don't have enough L2/L3 cache of the modern software builds
1471[17:53:16] <jvwjgames> Intel Core I3 M 370 @2.40Ghz
1472[17:54:01] <jelly> i3-370M
1473[17:54:12] <jvwjgames> Yes
1474[17:54:14] *** Quits: kfvn (~weechat@replaced-ip) (Remote host closed the connection)
1475[17:54:35] <shtrb> Enissay, STOR just mean the client is still sending data , if in reality you had disconnected it mean the server didn't drop the inernal handle
1492[17:57:28] <ratrace> shtrb: because on the server I have a megaton of transient connections (we host millions of images) that saturate the conntrack with dead items
1493[17:57:57] <ratrace> in 2021 there's really no legitimate case where a server would _need_ to take more than 15 secodns to respond to the fin/finack dance
1509[18:03:23] <jvwjgames> jelly: did you get the picture
1510[18:03:45] <imMute> ratrace: isn't TIMEWAIT only relevant when the connection is not cleanly closed? AFAIU, cleanly closed connections do not enter those wait states...
1519[18:06:10] <Enissay> shtrb: netstat doesnt show my conection, I mean a lot of empty lines; Using `ftpwho`, I could see my connection which disappears immediately after logout
1520[18:06:17] <ratrace> imMute: but the stack uses TIMEWAIT to wait a bit more for any residual packets belonging to the session to settle down
1521[18:07:09] <ratrace> remember the stack only validates TCP state based on serial number. it reassembles out of order packets but doesn't keep track of potential retransmissions and whether they've caused extraneous packets
1523[18:07:20] <jvwjgames> It is Kali but it's still based on Debian if this laptop is going to continue to go slow even if I change out the HDD to a SDD that's going to suck because I just barely bought this laptop 💻 from a pawn shop
1542[18:19:44] <jelly> jvwjgames, well there's no obvious reason for "slow" but we don't know what kali people have changed and can't help with that OS
1589[18:47:05] <cybercrypto> johnfg: What do you mean? Normally when you develop an application you may want to structure it to react to debug level as a configurable parameter.... Please, elaborate your question and clarify what you are looking.
1590[18:47:19] <greycat> you read the man page for the daemon, find out how to make it more verbose, and then edit the unit file
1591[18:47:45] <greycat> (by which I mean you either make a copy of the whole unit file in /etc/ and edit the copy, or you use a drop-in snippet in a .d directory)
1603[18:52:45] <rangergord> ratrace: as a Ubuntu user I liked it. I didn't have to leanr networkd or NetworkManager (I only knew ifupdown) , just one configuration frontend that works regardless of backend
1604[18:52:58] <ratrace> rangergord: but it only supports one backend, so....
1605[18:53:17] <rangergord> really? on Ubuntu Server it works with networkd, and on Ubuntu desktop it works with NM
1606[18:53:40] <ratrace> rangergord: you can't configure NM with options you can use for networkd, ... or can you?
1608[18:54:57] <rangergord> I don't know. But I'm pretty sure it's meant to, otherwise what's the point?. Anecdotally, the basics I know (set a static IP, DNS server, gateway, etc) worked on a Ubuntu Server system as well as on desktop despite using networkd and NM respectively.
1610[18:56:11] <rangergord> It would be a shame if netplan on Debian didn't do that too. I'm gonna be using Debian more and more, was hoping I could just use Netplan.
1628[18:58:46] <ratrace> maybe things changed recently, last time I tried that it failed misreably, only networkd was properly configurable
1629[18:59:02] <ratrace> anyhoo.... I _sincerely_ hope that canonical NIH crapware doesn't become dfault in debian.
1630[18:59:09] <rangergord> for someone who ONLY knows ifupdown (/etc/network/interfaces), and who only intends to use Ubuntu and Debian, netplan is a better time investment than learning NM/networkd, right?
1631[18:59:22] <rangergord> I got pretty productive in 30 minutes of reading netplan
1632[18:59:25] <cws> ratrace: oh get off it, jesus. netplan is a great tool.
1633[18:59:27] <rangergord> but I'm a very basic user
1639[18:59:49] <ratrace> rangergord: it's installable in bullseye
1640[19:00:00] <ratrace> cws: I do. it's shite NIHware
1641[19:00:21] <cws> ratrace: right, coming from the one who doesn't even know its functional capabilities
1642[19:00:23] <ratrace> if someone wants it, it's there to install and use. but becoming default? nope.
1643[19:00:25] <cws> ratrace: piss off
1644[19:00:30] <ratrace> blow me, retardo
1645[19:00:46] <rangergord> ratrace: that's not really what it is. It doesn't replace networkd/NM, it just provides a unified way of configuring either of them. Should cover us for the next decade or so before networkd absorbs NM.
1649[19:01:24] <ratrace> rangergord: I know, it's yaml config that then orchestrates specific backend
1650[19:01:29] <ratrace> "one Yaml to rule them all"
1651[19:02:21] <cws> still waiting for a technical justification of why its bad
1652[19:02:36] <cws> gonna be waiting a long time, i think
1653[19:02:49] <rangergord> ratrace: just hates Canonical :P
1654[19:02:52] <cws> "waaah canonical waaah"
1655[19:02:53] <ratrace> it's redundant. it does nothing but translate yaml to ini
1656[19:03:14] <cws> or nm configs, but you don't seem to be well versed in that half
1657[19:03:49] <ratrace> so what if I'm not? I don't use NM, it's not a secret.
1658[19:03:53] <rangergord> I'm happy learning different tools that do different things. But never happy learning 2 time-consuming equivalent ways of doing the same thing.
1672[19:05:59] <ratrace> if you want to use THAT to berate me because I said netplan.io stinks, go ahead. but that really makes YOU a canonical fanboi who can't stand someone disliking or hating their NIH crapware
1673[19:05:59] <rangergord> cws: I dont know what those are, but glad it supports advanced scenarios
1675[19:06:29] <rangergord> ratrace: if a lone, fiercely independent and free Debian developer of color had made it, would you still be ragging on it?
1676[19:06:58] <ratrace> rangergord: yes. becuase it doesn't do anything useful. it's Yet Another Abstraction layer that hides specifics of each backend.
1677[19:07:08] <cws> Don't expect an intellectually honest answer.
1678[19:07:20] <ratrace> however, DD wouldn't dream of doing nonsense like that, so that doesn't matter
1679[19:08:08] <jelly> rangergord, see that xkcd about standards.
1680[19:08:11] <rangergord> allright, fair enough. Let's agree to disagree :)
1681[19:08:36] <ratrace> rangergord: you _are_ of course free to use it if you like it. it's packaged, installable, and I never said anything against _that_ part.
1682[19:08:42] <rangergord> cws: do you know if Netplan lets you see the backend-specific configuration files it created from the yaml?
1696[19:11:20] <ratrace> has no reason to be build time dep. netplan.io _literally_ just translates yaml to ini and then triggers the backend into reconfiguring
1697[19:11:33] <rangergord> avu: idk why they dropped Unity. I like it better than Gnome. I still have to use Ubuntu 16.04 for an old toolchain and it's nicer than Gnome on Buster and CentOS 8.
1698[19:11:36] <cws> oh, sure enough. I often see netplan pulled in by cloud-init, but i guess that's not a hard dependency.
1700[19:12:09] <jelly> ratrace, I kind of agree with Canonical in not having to rely on systemd-networkd APIs and providing their own wrapper they can actually trust to be stable
1701[19:12:19] <jelly> systemd isn't good with stable APIs
1702[19:12:35] <ratrace> jelly: yah, that's called NIH. literally you just described NIH :)
1703[19:13:02] <rangergord> NIH implies no real value added. jelly just mentioned one value it adds, API stability.
1704[19:13:07] <jelly> and if some upstream explicitely says they won't keep API stable, then you want to NIH
1705[19:13:21] <cws> "netplan try" is worth it on its own.
1710[19:14:38] <jelly> but if RH wants to play that way, well.
1711[19:14:53] <ratrace> RH opted for NM everywhere
1712[19:15:40] <ratrace> which means they think NM API is stable enough to support across the product line they have. which makes netplan.io even less needed.
1713[19:15:41] <rangergord> cws: I just learned about cloud-init from you now. What makes it so widely adopted? Who's adopting it? In which situations? I see their website but I'm trying to think how someone like me might use it, would help if I knew concrete scenarios. Is this like Docker, for when the host system isn't installed yet?
1714[19:16:18] <cws> Nearly every cloud provider or cloud infra uses it. OpenStack, AWS, GCE, OVH, Hetzner, and I could go on.
1715[19:16:25] <jelly> it's simple and easy enough
1718[19:16:55] <cws> Every VM deployed gets a config dumped on it via cloud-init. Can be as minimal as "create this user," or as complex as... well, it can get VERY complex.
1719[19:17:00] <jelly> I'd use it on private cloud if VMware supported it better
1738[19:20:53] <ratrace> technically you can use ansible to do the same task cloud-init does, localhost
1739[19:21:05] <cws> Terraform uses cloud-init to do some of its early-stage config.
1740[19:21:05] <jelly> ratrace, that also requires OS _and_ ansible to magically be installed first
1741[19:21:20] <ratrace> so you can say that cloud-init is a subset of ansible functionality, aimed to be run locally, on boot. ansible is aimed to manage multiple distributed hosts
1742[19:21:44] <rangergord> so it's OS provisioning (cloud-init, Terraform) on cloud providers, vs configuration/management of a live OS (Ansible)
1751[19:22:33] <rangergord> "While terraform is used to setup the virtual hardware resources, cloud-init is used to initialize the OS level configuration including: user accounts, ssh login keys, packages, and networking."
1764[19:26:40] <rangergord> those are more like Ansible, in that they need a running system. These cloud tools are for tasks like "tell Amazon to create a VM with 6GB of RAM running Debian 10, user bob, network blah blah, then boot it". Then you would follow up with the Ansible/Saltstack/Chef/Puppet (I think)
1766[19:27:05] <rangergord> unless those 4 also support cloud provisioning, in which case I give up
1767[19:27:10] <ratrace> rangergord: you can do the same with ansible, saltstack, ... you just need a plugin for AWS APIs
1768[19:27:14] <ratrace> which afaik exist
1769[19:27:15] <rangergord> haha
1770[19:28:04] <ratrace> rangergord: cloud-init, while useful, is definitely not the only tool that can do that task. it only depends what you want, what you already have in your network, etc...
1773[19:28:37] <ratrace> personally, I use saltstack for all deployments now, including provisioning and thre's a bootstrapping agent included in VM images so when they fire up, they autoconfigure from the master settings
1877[20:58:35] <alandipert> fantastic! just got buster installed, loving it. playing with lxc - very cool
1878[20:58:53] <greycat> !i386
1879[20:58:53] <dpkg> Debian's i386 port is for some subset of the 32-bit x86 instruction set as has grown organically over the years. From Debian 6 Squeeze onwards, only 586 machines and newer are supported, while from Debian 9 Stretch, only 686 processors will be supported. See replaced-url
1925[21:15:44] <ratrace> EdePopede: I mean why would you run sudo after gksudo'ing something ... or if I misunderstood, what do you mean with gksudo -> sudo -> xterm -> bash?
1930[21:16:14] <ratrace> but you're already in a term... why gksudo xterm?
1931[21:16:15] <somiaj> More and more it is getting harder to run things in xorg (as root) from a terminal even if you have DISPLAY set correctly, partly because the enviorment is clobbered.
1932[21:16:21] <EdePopede> blame the gksudo team for doing it so
1936[21:16:51] <EdePopede> i'm really waiting for something as easy as windows has with "run as..."
1937[21:17:03] <rangergord> sney: well, the libraries seem to support 386, but both qt4-qmake and qt4-qmake:i386 install to /usr/bin/qmake. In my case I want to work on both a 32-bit and 64-bit Qt app. Guess this won't be a trivial matter.
1938[21:17:09] <EdePopede> right click, open the dialog, select the user, done
1939[21:17:58] <EdePopede> i can login as every user with an account in text mode, but in a DE it's a rabbit hole to open a root terminal
1940[21:18:27] <ratrace> EdePopede: and funny thing is, such a program would be dead easy to write. based on pkexec/polkit for permission delegation
1941[21:19:25] <EdePopede> for a kernel developer maybe, but not for 99% of the users in the wild
1942[21:19:26] <ratrace> meanwhile, I never found it too difficult to start a term and run su -l.
1943[21:19:36] <EdePopede> isn't su dead?
1944[21:19:41] <somiaj> no, su is not dead
1945[21:19:43] <ratrace> no?
1946[21:20:06] <EdePopede> i thought "use sudo, not su" was debian policy for years
1947[21:20:33] <ratrace> sudo -i or su -l effectively do the same thing
1948[21:20:45] <EdePopede> it was odd when i first encountered it on some knoppix disc years ago, but i got used to it
1949[21:21:37] <aminvakil> ratrace: isn't one of them require user password and other one root password?
1950[21:21:38] <EdePopede> anyway, is there a reason to keep a user shell below the root shell?
1951[21:21:58] <cws> aminvakil: by default, yes.
1952[21:22:16] <EdePopede> or could i have xterm start bash under root account doing some kind of auth?
1953[21:22:17] <aminvakil> ah, "effectively do the same thing" sure, they just do it differently
1954[21:22:34] *** Quits: mezzo (~mezzo@replaced-ip) (Quit: leaving)
1958[21:23:15] <cws> aminvakil: in its default invocation, sudo does something rather different. sudo allows you to run a single command under the context of a different user. su, in its default invocation, spawns a full new shell as the target user. By default, the target user in both cases is root.
1959[21:23:16] <EdePopede> ah, so gksu is just a frontend to su/sudo
1964[21:23:54] <somiaj> anyways, I think the issue is it is probably a bad idea to have a general tool that allows easy use to run abitary binaries as root (sudo with ALL permissions is even considered bad)
1965[21:24:05] <aminvakil> cws: yep, thanks for explanation.
1966[21:24:06] <somiaj> that and they keep changing which tools are best used for privlage essiclation on the desktop
1967[21:24:35] <EdePopede> tbh i even have a bad feeling with the cached passwords for sudo
1968[21:24:38] <ratrace> cws: no there's no such difference between sudo -i and su -l . both spawn a shell in full login context. and both can run a specific command, and as another user. sudo, however, has an entire language for expressing sudoer contexts and permissions
1970[21:24:46] <somiaj> EdePopede: I thought gksu was removed from debian a few release ago in favor of polkit (which debian still use, but policykit is now the standard)
1971[21:24:52] <cws> ratrace: what part of "default invocation" exceeded your ability to comprehend?
1975[21:25:08] <EdePopede> some blackhat tool would just have to sit in the background and wait for me to use it and then get a root shell.
1976[21:25:16] <ratrace> cws: still wrong in this comparison example
1977[21:25:27] <jhutchins> aminvakil: There have always been philosophical differences about whether to use su - (root shell) or sudo commands. It really depends on your environment and what you're trying to "secure" it from.
1978[21:25:28] <EdePopede> somiaj: on 9, but don't ask me for the codename
1979[21:25:30] <ratrace> somiaj: yes, one requires root password, the other your user's
1982[21:25:59] <EdePopede> somiaj: also has polkit but it seems i never got behind it. or it was just new, who knows.
1983[21:26:02] <cws> ratrace: Jesus, you are just a font of foolishness today.
1984[21:26:10] <somiaj> EdePopede: Sometimes it is just helpful to get use to more standard tools, I personally use sudo which is fairly independent and works to easily get root shells or run things as root.
1988[21:26:29] <cws> If you're specifying options after the command, its not the default invocation. I don't know how this is so hard to comprehend.
1989[21:26:32] <jhutchins> EdePopede: It wouldn't matter if an attacker got the root password or the password of a user that had sudo access.
1990[21:27:07] <EdePopede> somiaj: yeah, i don't need it too often with a root terminal open, but it really is convenient (besides tabbing sbin entries)
1991[21:27:46] <EdePopede> jhutchins: does a keylogger work without root access?
1992[21:27:56] <jhutchins> The main advantage of sudo is it allows you to give specific users root permissions for _some_ commands, and log the commands.
1993[21:28:04] <somiaj> EdePopede: but when it comes to desktops, each desktop might do things a bit different, xfce being more light weight might not have all of this configured using polkit as a full featured DE such as gnome/kde you might have things more configured
1994[21:28:34] <cws> jhutchins: I don't even use sudo to grant root access to stuff. I use it to grant a shell or execute certain commands as other non-root accounts, like a service account.
1995[21:28:38] <somiaj> same thing is true for those who use just simple wm, in the gui world, there is a lot of variety, so unless you are using some very big destkop, you may not have everything easily setup though the gui
1996[21:28:45] <rangergord> jhutchins: for 99.9% of people it just means "that word I gotta type before my command to make it work"
1997[21:29:05] <greycat> cws: setpriv(1)
1998[21:29:07] <aminvakil> EdePopede: you can add /sbin to your $PATH and you would be fine with "tabbing sbin entries"
1999[21:29:09] <EdePopede> wah gnome. a mostrosity. already the gtk bits firefox comes with piss me off. and i dropped kde together with suse years ago, iirc i didn't even make it to 4.
2000[21:29:40] <somiaj> EdePopede: sure but part of what you get with a monstrosity is a more full featured DE, that you don't have to additonally configure.
2003[21:29:49] <jhutchins> aminvakil: You do not need to add sbin to your path, you need to use the correct format of the command.
2004[21:29:50] <rangergord> EdePopede: modern KDE is great. It's like the Windows of Linux.
2005[21:30:10] <jhutchins> rangergord: I would not consider that a positive endorsement.
2006[21:30:13] <EdePopede> aminvakil: sure, but i prefer to keep things genuine. like i removed the predefined command aliases in hexchat (some oddities are hardcoded unfortunately).
2007[21:30:16] <cws> greycat: never messed with that too much - i'll check it out.
2008[21:30:24] <somiaj> EdePopede: though my advise is often learn more core tools like su/sudo gives one a bit more freedom and less requirements.
2009[21:30:25] <rangergord> jhutchins: that's cause you're the gentoo of #debian
2010[21:30:35] <EdePopede> rangergord: why, did they remove all the tweaks? ;)
2011[21:31:00] <aminvakil> jhutchins: not all binaries are included in /usr/bin and /bin iirc (in debian buster at least)
2012[21:31:14] <EdePopede> somiaj: definitely. i only would like to avoid 5 levels of commands to just get a root shell :/
2015[21:31:50] <rangergord> aminvakil: not even basic stuff like usermod. So to get tab completion on "sudo usermod <whatever", you gotta edit your bashrc and add sbin to PATH
2016[21:31:59] <rangergord> one of the QoL things that surprised me when I came from Ubuntu
2017[21:32:00] <aminvakil> so for tab completion to work with binaries in /sbin, that needs to be added to $PATH, right?
2018[21:32:05] <greycat> su and sudo are both designed to create a new session with new privileges, for extended interactive use, so they call PAM, they have whole PAM configs, they jump through all kinds of hoops, log all kinds of stuff... you don't want that when you're launching a daemon
2019[21:33:16] *** Quits: odnes (~odnes@replaced-ip) (Remote host closed the connection)
2020[21:33:23] *** Quits: jvwjgames (uid290762@replaced-ip) (Quit: Connection closed for inactivity)
2021[21:33:28] <jhutchins> aminvakil: The default paths are configured the way they are for good reasons. If you use the correct tools they work just fine.
2024[21:33:48] <jhutchins> If you're writing scripts, you should ALWAYS use explicit full paths.
2025[21:33:50] <aminvakil> ah, now i see what you meant
2026[21:33:56] <greycat> jhutchins: NO.
2027[21:34:08] <greycat> That is the opposite of what you should do.
2028[21:34:14] <aminvakil> i'm pretty sure debian has its own reasons on what to include and not to include in $PATH by default
2029[21:34:25] <greycat> !buster su
2030[21:34:25] <dpkg> In buster, su no longer overrides PATH by default, requiring that you use "su -" or "su -l" for login shells (which is not really a new thing at all...). See replaced-url
2031[21:34:36] <jhutchins> greycat: it's a policy that's served me well across multiple operating systems.
2032[21:34:42] <greycat> aminvakil: you might think that, but it would be unrealistically optimistic
2033[21:34:50] <aminvakil> greycat: :)
2034[21:35:05] <jelly> aminvakil, sometimes those reasons are cargo-culted and debian is VERY VERY slow at changing default settings
2035[21:35:24] <aminvakil> that doesn't suit me, so changing .bashrc is one of first things i do when i install a new debian
2036[21:35:35] <jelly> and that's just fine.
2037[21:35:40] <greycat> Expected.
2038[21:35:45] <jelly> ping used to be in a sbin dir for a long time
2040[21:36:01] <ratrace> because it was suid. now it grew fcaps
2041[21:36:14] <ratrace> and is no longer a ticking bomb
2042[21:36:20] <aminvakil> that's what i was trying to tell EdePopede, but when jhutchins stated that "You do not need to add sbin to your path, you need to use the correct format of the command", i thought there is something that i'm missing
2043[21:36:25] <jelly> that's not a reason to keep it in sbin
2044[21:36:39] <greycat> aminvakil: jhutchins is on crack today.
2047[21:37:17] <greycat> If you followed jhutchins's strategy and used /sbin/ping in your scripts, then when ping moved out of /sbin, all your scripts just broke.
2048[21:37:29] <jhutchins> greycat: I assume you're sayng NO for portability to systems with different file locations.
2049[21:37:30] <aminvakil> greycat: :), well maybe they're fine typing /sbin/command each and every time :P
2050[21:37:38] <jelly> ratrace, in fact, setuid explicitely, deliberatly allows non-root to do things. It's useless for a root-owned binary that is meant only to be run by root
2051[21:37:39] <EdePopede> i think i've also read something around full path or not in the context of env shebangs. only can't remember what.
2052[21:37:44] <greycat> jhutchins: even across debian releases
2053[21:37:47] <jelly> you know all that anyway
2054[21:38:16] <greycat> EdePopede: you may be thinking of #!/bin/bash vs. #!/usr/bin/env bash
2055[21:38:22] <jhutchins> greycat: Maintain your shit, no problems.
2056[21:38:43] <jhutchins> Read the changelogs.
2057[21:38:46] <EdePopede> greycat: not sure, is there also something with the usage of env's path?
2058[21:38:49] <greycat> jhutchins: or do it correctly in the first place and then you won't have to "maintain" it every release
2059[21:39:15] <jelly> even "ip" used to be in /sbin
2060[21:39:29] <greycat> ifconfig still is
2061[21:39:34] <aminvakil> now i
2062[21:39:53] <jelly> and /usr may or may not exist or be a symlink or whatever
2063[21:40:03] <aminvakil> now i'm getting what jelly and greycat meant about "debian has its own reasons" i've said before ...
2070[21:43:09] <ratrace> it's dumb any way you look at it. zfs and zpool for example. essential for boot process? may be. but also tools that are executed for informative reasons and don't even require root
2077[21:44:32] <greycat> the distinction between bin and sbin is the latter contains tools that are "designed to be used almost exclusively by sysadmins"
2078[21:44:51] <greycat> whether they abort without root privs, or not
2079[21:45:33] <greycat> "essential for booting" is what separates /usr from /
2080[21:45:46] <ratrace> well, "essential for booting" is what hier(7) says about sbin
2081[21:45:48] <greycat> because traditionally the /usr file system may not be available early in boot
2084[21:46:11] <ratrace> which may or may not be reasonable in 2021. personally the "sysadmin" criteria also is weak distinction
2085[21:47:17] <ratrace> some people (me included) just cram sbin in the regular path because there's really no security boundaryd there. just an annoyance where you need to use full path to access the tools as non-root (and not using su/sudo)
2094[21:51:22] <greycat> I haven't really done any research on the issue to see whether it would cause problems. I have no objection to it on interface grounds.
2095[21:51:38] *** Lord_of_Life_ is now known as Lord_of_Life
2096[21:52:38] <EdePopede> don't forget that the 4 *bin directories also do some sorting. having everything in a single directory would create a horror scenario for every new user who doesn't learn linux in a 6 month course.
2098[21:53:08] <aminvakil> fwiw it's been almost 8 years since arch has done this, replaced-url
2099[21:53:33] <jelly> well, another 8 years and debian might catch up
2100[21:54:24] <jelly> we did have ifconfig by default for like 18 years after ip was declared replacement
2101[21:54:52] <ratrace> EdePopede: I'm not sure sorting is relevant. and if there's clashes in naming ... well... that'd be terrible as putting sbin onto PATH with bin is not unusual for distros
2102[21:55:47] <EdePopede> ratrace: i'm glad i don't touch linux in 2021 for the first time, but did so in the 90s already. debian was 2 CDs back then instead of 16 DVDs.
2103[21:56:11] <ratrace> jhutchins did have a point with full paths. not using full paths is what apparently caused this little laughable gem: replaced-url
2104[21:56:23] <EdePopede> and one of the tasks to understand and know what it can do and actually does was to look at the programs i could start.
2106[21:57:26] <ratrace> having been a *nix beginner once too, I'm sure that wouldn't've made a difference too me. it'd all be overwhelming one way or another :)
2107[21:57:26] <EdePopede> do a basic ham install, list the binaries and remove everything from coreurils, bsdutils, util-linux. (no X for the moment). how much would be left?
2109[21:58:08] <ratrace> I learned my *nix on gentoo and LFS. so minimal {s}bin/ would really make no difference
2110[21:58:24] <EdePopede> the functionality of the default tools was definitely. i used grep to filter some entries from some files on the DOS partition, because MS FIND was just too stupid to do what it was told to :P
2111[21:59:24] <ratrace> my first contact with *nix was a VAX machine, but I got more involved with unix with BSD at uni. early 1990s.
2114[22:00:56] <EdePopede> LFS? all i had access to was what i could buy in a kiosk or bookshop. and not all of them had linux available. we have 2 in town which are part of publishing companies (also in town) and another one mostly specialized on medicine, but also had a nice niche with computer related topics.
2115[22:01:06] <EdePopede> lucky you!
2116[22:01:15] <ratrace> it wasn't until I ditched windows in mid 2000s and started digging through gentoo and LFS, where I learned the guts of linux and how it all works together
2117[22:01:43] <EdePopede> i always wished i could get my hands on a real vt100 just to understand wtf this is with the textronik window in xterm
2131[22:06:30] <EdePopede> ratrace: whas it the version with that odd interface thingy in the corners?
2132[22:06:55] <HelloShitty> ratrace, What you mean? I'm using my login right now
2133[22:07:23] <imMute> HelloShitty: when logrotate runs as root ~ likely refers to root's home dir, not your user's.
2134[22:07:26] <HelloShitty> You mean because I ran it with sudo?
2135[22:07:47] <HelloShitty> hum, ok but logrotate is not "recognized" if I don't use sudo
2136[22:08:03] <greycat> if you use ~ in a sudo command, the question is which shell does the tilde expansion, and what the value of HOME is at that moment
2137[22:08:05] <imMute> HelloShitty: that's because it's in a path that is not in your $PATH. like /usr/sbin/
2147[22:09:24] <EdePopede> ratrace: suse had it as preview in the last version i used. 3.99pre or something, didn't even work as propagated and was just odd.
2150[22:10:33] <EdePopede> ratrace: but some time later i installed debian/kde4 on the computer of a guy who managed to drag his radio from the firefox bookmark into a submenu and called me the next day to fix it xD
2151[22:10:51] <ratrace> heh
2152[22:10:53] <EdePopede> the rest of the time i had nothing to do with it, "it just worked"™
2154[22:11:19] <ratrace> KDE4 got a lot of flak because it changed a lot of things badly
2155[22:11:32] <ratrace> things got better with plasma
2156[22:11:46] <jelly> HelloShitty, logrotate has a design issue that basically makes it rotate each file once a day and not more often, even if you call it more often
2157[22:11:50] *** Quits: sandeepsureshpan (uid194925@replaced-ip) (Quit: Connection closed for inactivity)
2160[22:12:22] <EdePopede> not the naming, such changes (as with firefox) always confuse me and i usually don't get it sorted into the known versioning scheme. Java2 also was similar iirc.
2161[22:13:03] <HelloShitty> jelly, even if you have seetings like maxsize and the file grows bigger than that in less than a day?
2162[22:13:04] <ratrace> well "Plasma" changed the versioning too.. it's basically 5.x but separated components and the versioning is now all over the place
2217[22:24:48] *** Quits: szorfein (~daggoth@replaced-ip) (Remote host closed the connection)
2218[22:24:56] <ratrace> right right. so signal the whatever daemon is creating that
2219[22:25:29] <HelloShitty> signal? Meaning that I need to restart the application?
2220[22:25:33] <ratrace> logrotate(8) has pre or postrotate commands you can use to do that, with examples
2221[22:26:03] <ratrace> HelloShitty: depends how the daemon is written. nginx, for example, will use the HUP signal to reopen logs
2222[22:26:27] <HelloShitty> I have no idea what you are talking about. :\
2223[22:26:28] <ratrace> a daemon must be written to handle a signal (or some other way to "signal" it to reopen logs)
2224[22:26:45] <HelloShitty> Can I check that somehow?
2225[22:27:07] <ratrace> HelloShitty: it's simple. rotating logfiles messes up teh file handle. whichever daemon had it open to write into it, must be made to reopen the logfile
2227[22:27:19] <ratrace> HelloShitty: you can look into the documentation or source code of the daemon that's writing the logfile
2228[22:27:42] <HelloShitty> jeezzz
2229[22:28:02] <ratrace> well rotating logfiles and having facilities to handle that is common with *nix daemons.
2230[22:28:23] <ratrace> if someone wrote whatever daemon you're using, without that in mind.... well.... file a bug report. or simply restart/reload the app
2246[22:31:28] <ratrace> HelloShitty: but really, you should look into docs or source of the daemon. if it is not designed to handle logfile rotation (via signal(2) or some other API), your only otehr option is to restart it
2247[22:31:50] <HelloShitty> ok, will ask on their dev channel
2250[22:32:40] <ratrace> HelloShitty: another option, see if using "copytruncate" logrotate.conf directive helps
2251[22:33:12] <ratrace> it truncates the same file in place after creating a copy, instead of moving teh file and thus messing up file handles. BUT it may cause log corruption
2275[22:39:14] <ratrace> also, steam has the ability to run external games. maybe, just maybe, it does so with its own runtime libc, in which case it could work
2276[22:39:22] <ratrace> darsie: and then steam has its own runtime and libc
2277[22:39:39] <ratrace> and I see the game is certified to run on linux. which means it _will_ run on debian's installation of steam
2278[22:40:17] <ratrace> steam comes with its own runtime environment and doesn't depend on silly distro differences and lib versions.
2279[22:40:27] <darsie> A friend said buying on gog is good cause it doesn't use DRM.
2280[22:40:59] <ratrace> well you got the options now. choose whichever one you want.
2294[22:46:32] <ratrace> greycat: yes, steam "runtime" is based on ubuntu 12.04. it's not as dirty as it sounds, though, it's contained in a single directory
2312[23:00:49] <ratrace> EdePopede: what do you mean?
2313[23:01:13] <EdePopede> for example histappend is ignored. it is off but it appends at quit
2314[23:01:53] <EdePopede> and then changing HISTCONTROL to ignoreboth:erasedups works as expected only after another command is executed and then the HISTCONTROL is set again
2315[23:02:42] <EdePopede> which is fine for a running shell but because of the behaviour at quit it still dumps its content on top of HISTFILE
2320[23:03:44] <EdePopede> 1 history -c && grep -vE "^(#|$)" ~/conf/bash/HISTORY > $HISTFILE && history -r
2321[23:03:58] <EdePopede> that's my solution for this machine, rebuild it from a clean source on request
2322[23:05:18] <greycat> What's the bug number?
2323[23:06:37] <EdePopede> i had the pleasure to see this live again on the other PC because i fixed some startup values, fixed it, then history -w, then opened it later in a terminal and all was fine first. now even some of the entries i only used before logging into X are doubled.
2324[23:06:57] <EdePopede> greycat: what bug number?
2325[23:07:17] <greycat> of your bug, which you've rambled on about at length
2326[23:07:53] <EdePopede> what you call rambling was answering a question. which usually is considered good behaviour.
2328[23:08:49] <oxek> EdePopede: I "fixed" that bash issue by using zsh for interactive sessions (and running bash when needed).
2329[23:08:57] <oxek> bash has really annoying handling of history
2330[23:09:06] <EdePopede> besides that i would not even know where to report it and even if i'd have to create a new account every time
2331[23:09:25] <oxek> erasedups does not work the way you'd expect in bash
2332[23:09:27] <oxek> and that's by design
2333[23:09:41] *** Quits: wintersky (uid453465@replaced-ip) (Quit: Connection closed for inactivity)
2334[23:10:25] <EdePopede> oxek: i wanted to look at zsh, also csh years ago, but with bash being the default shell even 2 decades ago i preferred to stay with one instead juggling with 3 of them
2335[23:11:02] <oxek> EdePopede: you don't need to switch, you can run bash from zsh whenever you want
2336[23:11:04] <EdePopede> oh it does. only not when i set the variable initially, could see it again right now.
2337[23:11:08] <oxek> but for interactive use, zsh is superior
2338[23:11:18] <greycat> !bts
2339[23:11:18] <dpkg> Bug Tracking System for Debian packages, replaced-url
2340[23:11:21] <oxek> I don't know anything about csh
2341[23:11:42] <EdePopede> oxek: i prefer to stay with ONE tool of a kind until i'm using it on a pro level
2342[23:12:22] <EdePopede> lost enough time trying to find a text editor, a mail client, etc.. which fit my needs.
2343[23:12:25] <ratrace> I liked csh a lot, but hated the fact you couldn't do things like for loops on the single line
2344[23:13:05] <EdePopede> you can learn spanish and russian at the same time, but just don't try it with spanish, portuguese and italian. won't work for most people.
2346[23:13:25] <oxek> EdePopede: in that case, I can only tell you that this behavior you're observing in bash is annoying, and is by design, and will not change
2348[23:14:21] <oxek> also, in case you end up with any mac devices, they have zsh by default now, so zsh might be useful to know
2349[23:14:58] *** Parts: audrey (~audrey@replaced-ip) ("«La genezaj amaskrioj por la gastoj de Lot reeÄ¥as en nian propran tempon: ili estas same niaj krioj, nia sangosoifo; kaj ili estos la krioj, la soifo de niaj posteuloj.»")
2350[23:15:32] <greycat> EdePopede: there's also replaced-url
2352[23:15:59] <greycat> but if you have been in #debian for god knows how many years and don't even know how the bug system works, I don't have high hopes for you
2369[23:20:48] <oxek> bugs are always being stomped on, and new bugs are being developed all the time as well :)
2370[23:21:04] <ratrace> Would You Like to Know More? :)
2371[23:21:06] <EdePopede> greycat: nice solutions, only just the opposite of what i need. so i have to first run 3 commands from history after login to get it working as i want it, then before logout i better set HISTFILE= or to some unique name - or maybe even from the beginning, so bash has no chance to write to the file. tested this already, works pretty good. i only have to manually copy commands i want to keep around for later
2372[23:21:06] <EdePopede> manually into the master file, that's all.
2373[23:21:10] <oxek> ratrace: nice one :)
2374[23:21:16] <ratrace> ;)
2375[23:21:41] <EdePopede> oxek: mac? never.
2376[23:22:00] <oxek> EdePopede: you might get a "free" mac machine for work
2377[23:22:25] <EdePopede> won't happen.
2378[23:22:42] <darsie> dpkg bullseye has this dead link: replaced-url
2379[23:22:42] <dpkg> darsie: You are person #1 to send an unparseable request
2386[23:23:44] *** Quits: tux-kenobi (~tux-kenob@replaced-ip) (Remote host closed the connection)
2387[23:24:22] <oxek> should we remove the comma from the factoid?
2388[23:24:29] <EdePopede> oxek: i may switch to ARM something in the future because Wintel and IME and all the crap, something where debian will run, but i definitely won't buy a poisoned fruit.
2390[23:24:50] <cws> oh my lord, can we get past the vendor bashing please? it stopped being cool 20 years ago
2391[23:25:00] <EdePopede> even if it's a raspi or something similar, it's fine.
2392[23:25:43] <EdePopede> i have my reasons, it ain't bashing. at least not for most people.
2393[23:26:26] <cws> if you can't make a statement without leaning on edge-lord stuff like "poisoned fruit," you're not discussing, you're bashing.
2394[23:26:56] <EdePopede> seems you missed the news for many years. right to repair, walled garden, nothing?
2395[23:27:18] <cws> Okay, those are actual statements. Welcome to a fact-based discussion, its nice to have you with us.
2396[23:27:33] <EdePopede> there's a reason why i ditched XP for Linux on this PC, at it was not only its annoying behaviour.
2397[23:27:48] <sney> darsie: IME bullseye is fine as a desktop/laptop in its current state. haven't updated any webservers yet, but I'd imagine it's similarly usable for that. for best results, don't upgrade unless you are familiar enough with debian tools to unbreak any problems that may arise.
2398[23:28:00] <cws> ps macs aren't walled gardens, and if someone told you that, you should question their knowledge on the subject
2399[23:28:26] <darsie> sney: thx. I want it as desktop and play Surviving Mars.
2400[23:28:59] <darsie> Not sure if I'm familiar enough for unbreaking. I'll bother you if the need arises ;).
2401[23:29:22] <sney> well, bother #debian-next on OFTC (note, right now you are on freenode) - that's the official testing support channel
2402[23:29:35] <darsie> interesting.
2403[23:29:35] <sney> I am there along with a few hundred others
2404[23:29:40] <darsie> ok
2405[23:30:32] <oxek> is the oftc channel active though?
2406[23:30:56] *** Quits: Christian75 (~Christian@replaced-ip) (Remote host closed the connection)
2424[23:41:01] <EdePopede> added something to Grub, but it had no effect
2425[23:41:13] <EdePopede> does it have an option for this setting?
2426[23:43:34] <oxek> EdePopede: what are you trying to achieve?
2427[23:43:51] <ratrace> EdePopede: looking at initramfs-tools scripts, there doesn't seem to be a cmdline option used by "keymap" and setupcon(1)
2428[23:44:12] <EdePopede> to have a proper environment after start. everything works only the charset stays on latin1
2429[23:44:24] <ratrace> the keymap hook is placing setupcon(1) into initramfs, but that uses teh configured /etc/defaults/console-setup file which is also copied.
2430[23:45:11] <EdePopede> ratrace: i just add some options to the grub entry. odd enough that i'm using the localized one and still so many things must be set.
2433[23:46:23] <oxek> I'd be surprised if adding something to grub entry would modify charmaps/locales
2434[23:46:38] <KNERD> I set up a web site on apache. I see the ownership is "root" but there is no access issues with the site. SHouldn't that be "replaced-url
2435[23:47:04] <oxek> modifying /etc/default/console-setup CHARMAP works here, just verified by running setupcon afterwards and switching to the linux console
2436[23:47:05] <cws> KNERD: its actually best if the content of the site is not owned by replaced-url
2437[23:47:05] <darsie> Is it ok to upgrade to bullseye from xorg?
2438[23:47:35] <oxek> darsie: really a question for #debian-next on irc.oftc.net
2439[23:47:40] <darsie> k
2440[23:48:57] <KNERD> cws: oh okay. thanks. I need to have a non root user to have writable access to a folder. I guess I need to change that to replaced-url
2456[23:54:00] <ratrace> KNERD: WP also has a cli tool you can use for upgrades.
2457[23:55:48] <KNERD> ratrace: but I need to have the user have write access to that web root directory. I don't know of any other way than by making it a part of a group so it can install the module by FTO
2458[23:56:19] <KNERD> I am trying to get a module installed and it wants FTP
2459[23:56:37] <KNERD> unless the cli allows for module install from it
2460[23:57:13] <ratrace> the cli tool allows all administration be done, module installation, upgrades
2462[23:57:42] <ratrace> that way you can separate running user from PHP files owner, which increases security a LOT. most intrusion vectors I've seen with WP was modification of own PHP files
2463[23:57:56] *** Quits: b1anc (~user@replaced-ip) (Remote host closed the connection)
2464[23:58:02] <KNERD> but to get the WP installed
2465[23:58:05] <ratrace> then you designate specific directories where WP may write content/cache to, but still not be able to modify its PHP files
2467[23:58:31] <ratrace> HOWEVER ... if you require the WP Admin UI be used, then the runnin user must be able to modify its own PHP files, yes. that's the worst you can do with WP