282[04:56:51] <Heston> Is there any reason why a debian stretch installation would ever check the cdrom drive without any interaction from myself? Is it safe to assume ive been rooted?
283[04:58:14] <cws> Check in what way?
284[04:58:14] <sney> no, it's normal for various programs and/or the kernel to sync disks, which might cause an optical drive to spin up or blink etc
291[05:00:06] <sney> it's highly unlikely to get "rooted" out of nowhere, particularly on a personal computer on a private network.
292[05:00:26] <sney> you can use stuff like debsums to make sure your packages are still kosher though,
293[05:00:28] <sney> !debsums
294[05:00:28] <dpkg> debsums is a utility that will check a package's files against their checksums. The "-a" argument will instruct it to also check configuration files: "apt install debsums; debsums -a -s". Almost all packages come with md5sums included in the package or apt will have generated them for you; generate missing ones with "apt-get install --reinstall `debsums -l`". Ask me about <md5sums>.
295[05:00:35] <Heston> maybe so but that type of activity is nerve racking
318[05:11:27] <cws> For systems without a GUI, yes. For systems with a graphical environment, its often NetworkManager.
319[05:11:55] <somiaj> it is one of the many ways debian offers, though usually just use /etc/network/interfaces to configure the scripts (I prefer that)
320[05:12:38] <somiaj> note you can use networkmanager from the command line, no need for a gui
321[05:14:15] <Celmor[m]> if systemd-networkd is available I'll use that. I don't like having to configure stuff with scripts since you don't necessarily know what state the system is in and it pretty much requires to re-configure all network interfaces to reload the configuration changes
322[05:14:23] *** Quits: catman370 (~catman@replaced-ip) (Quit: See you later..)
323[05:14:29] <Celmor[m]> even netplan is better IMO
324[05:14:41] <cws> netplan is actually pretty great, imho.
325[05:15:02] <sney> systemd-networkd is available, and getting a bit more popular anecdotally. ifupdown is the default configured by the installer but that's all, you're free to use whatever.
326[05:15:20] <somiaj> Celmor[m]: systemd-networkd is avaiable, just disabled by default. Note you really don't do much with scripts, you just configure the interfaces file and the scripts do the rest, I find it fairly painless
327[05:15:53] <Celmor[m]> well, systems building/based on top of debian expect that ifupdown is used which is why I was asking
328[05:15:56] <somiaj> the interfaces file is just a set of options, and for most setups you don't need to much (though for more complicated setups other tools might be easier)
329[05:16:29] <Celmor[m]> I have to mess around with iptables rules and when I saw that I had to put in the rules in that script I was done with ifupdown
330[05:16:36] <somiaj> Celmor[m]: really the only thing in debian is to choose the tool you like and use it, don't mix. Debian provides you lots of choices as to which tool you like the best.
331[05:17:11] <somiaj> what you don't have to do that, I think you are finding incorrect info, iptables have their own set of scripst which you don't have to include in the interfaces file (though note you should be using nftables these days anyways)
332[05:17:21] <Celmor[m]> sure, because linux provides you with lots of options. I was just wondering if debian had a preference and it appeared to be ifupdown
333[05:17:31] <cws> Not a preference. Only a default.
334[05:17:49] <Celmor[m]> only a matter of wording
335[05:17:50] <somiaj> Celmor[m]: The fact that you are messing with scripts makes me think you aren't using them in a standard way.
336[05:18:07] <Celmor[m]> that's the solution I found from SO
337[05:18:42] <cws> Celmor[m]: A preference implies that you sacrifice function or otherwise encounter functional issues if you go with something else. A default is simply a consequence of needing SOMETHING there to manage networking post-install.
339[05:19:48] <Celmor[m]> specifying a default also means tooling building on top of your system expect the default configuration. for example proxmox, either you use ifupdown (in which case you can configure networks through the UI) or you have to do it all manually on the CLI
348[05:22:15] <Celmor[m]> it still uses the same debian repos and for all intents and purposes is based on debian. I'm not blaming debian for things proxmox does wrong but I was just wondering about the choice of using ifupdown as default where the proxmox quirks resulted as a consequence from
349[05:22:18] <cws> And if they've chosen to base their stuff on ifupdown, that's their choice. Ask them why, that's not a Debian concern.
350[05:23:37] <cws> networkmanager is only a package away. networkd is a built-in.
351[05:23:49] <Celmor[m]> settings something as a default has more consequences and choosing something "ancient" like ifupdown means packages don't try to implement any extra support for more modern alternatives
352[05:23:50] <cws> Proxmox depended on ifupdown by choice, not by requirement.
353[05:24:21] <cws> Nothing has stopped proxmox, or any other user or project, from using networkd immediately.
354[05:24:46] <cws> So, again, this is a proxmox question, and as such is offtopic in this channel.
355[05:24:53] <Celmor[m]> all I was wondering about was the choice of using or rather staying on ifupdown
356[05:25:03] <Celmor[m]> by debian
357[05:25:32] <Celmor[m]> whatever proxmox decides to user while considering debians default (which still is ifupdown) is another topic
358[05:25:34] <Celmor[m]> use*
359[05:25:39] <cws> Nothing is stopping anyone from using whatever network manager they want to use. Your question is predicated upon an issue that doesn't exist.
360[05:26:45] <Celmor[m]> not saying there's an issue per se. at the danger of repeating myself, just the implication of setting a default has more consequences, not just for debian itself, which the developer behind might not intend.
361[05:27:06] <Celmor[m]> that's all I have to say. thanks
362[05:27:17] <cws> You're imagining implications that don't exist.
366[05:29:32] <Heston> sney, thanks for the response
367[05:30:25] <somiaj> what makes you think ifupdown is acient, it uses ip and modern tools in the scripts, and the interfaces file is fairly straight forward. Again sounds like you are using something built on top of debian, not debian or debian's interfaces file.
381[05:45:20] <somiaj> solrize: yea, I had the same issue, searching for "R" just matches too many things.
382[05:45:57] <somiaj> oh I did this with apt search which doens't have the number of character limitation, but searcing for "R" or "C" even if you could would return too many things.
384[05:47:42] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
385[05:48:30] <somiaj> though seems apt search " R " and apt search " C " does help a bit, though can't see a way to only search the short descriptions (not long descriptions too)
386[05:49:57] <somiaj> but doens't appear you can do " R " at packages.debian.org, which is 3 characters.
387[05:52:01] *** Quits: Grldfrdom (uid391113@replaced-ip) (Quit: Connection closed for inactivity)
388[05:54:44] <solrize> oh i hadn't thought of using quotes
414[06:37:54] <solrize> what is the debianistically correct way to install a newer version of something than the one in the distro? like if i want to run python 3.9 or 3.10
422[06:47:45] <jmcnaught> solrize: you do not want to replace the system python3 because other software relies on it and a newer Python could introduce changes in behaviour. You could install a newer python3 somewhere like /opt or maybe in your $HOME but using a chroot or container is probably better.
423[06:48:47] <somiaj> solrize: python is kinda a special case, but it is fairly easy to install a newer python, just use virtual enviorments.
424[06:49:37] <somiaj> solrize: But I installed python 3.8 and 3.9 by (a) download the python source, (b) compile it in $HOME (but don't install it just compile it), (c) call the binary that was built and use it to create a virtual enviorment, from there you can use that version of python inside its own directory separate of your system.
434[06:54:28] <somiaj> solrize: basically it puts all of the python binaries in /some/directory, and then has a script that you run that sets up your enviorment that anything to deal with python/pip is installed and run from only inside that directory independent of your system.
435[06:57:00] <jmcnaught> somiaj: virtualenvwrapper makes it even sweeter
436[07:00:01] *** Quits: riff-IRC (~riff2@replaced-ip) (Remote host closed the connection)
438[07:00:35] <jmcnaught> python 3 also has a venv module that is similar in the standard library, but I don't think this allows you to select an arbitrary python3 interpreter.
443[07:02:56] <somiaj> I just used the built one, but by default it juses the binary that ran it, which is fine, if you wanted a different binary, use that to build the enviorment.
444[07:03:06] <TechieGuy> Hi, I'm installing debian with debootstrap. Now in the "Run Debootstrap
445[07:03:41] <jhutchins> I don't see anything amazingly new being developed on those enviroments.
446[07:03:42] <TechieGuy> stage" of doc. What to do if I want to install debian testing? Can I replace buster with sid?
447[07:04:05] <somiaj> TechieGuy: well sid isn't testing, but yes you can specific which release to download when you run debootstrap.
448[07:04:12] <somiaj> TechieGuy: I think you mean bullseye if you really want testing.
449[07:04:21] <TechieGuy> Which one is testing? :D
450[07:04:28] <TechieGuy> Ok
451[07:04:35] <jhutchins> TechieGuy: Yes, and you can break your system and make it unusable.
452[07:04:49] <TechieGuy> jhutchins: What?!
453[07:05:03] <jhutchins> TechieGuy: If your goal is to play with the system, go for it.
455[07:05:20] <TechieGuy> Hi, I'm installing debian with debootstrap. Now in the "Run Debootstrapstage" of doc. What to do if I want to install debian testing? Can I replace buster with sid?
456[07:05:25] <TechieGuy> This was the full msg
457[07:05:27] <TechieGuy> jhutchins:
458[07:05:50] <jhutchins> TechieGuy: If you actually rely on your system to get work done, it's a bad idea.
459[07:06:16] <jmcnaught> TechieGuy: is this the doc you are following? replaced-url
460[07:06:34] <TechieGuy> But stable branch contains very old packages. And, I can handle minor issues.
461[07:06:36] *** Quits: JordiGH (jordi@replaced-ip) (Remote host closed the connection)
467[07:09:09] <somiaj> due to the freeze bullseye is fairly usable right now as the focus is just on the remaing rc-bugs, the biggest draw back is the lack of security support
471[07:10:04] <TechieGuy> Only stable has better security? somiaj
472[07:10:38] <TechieGuy> Well, then, can I install specific testing packages on stable?
473[07:10:49] <somiaj> sid has fairly decent security support (at higher risk of broken packages), since when a security vunl is found, the package in stable gets fixed, and a new package gets uploaded to sid
474[07:11:18] <TechieGuy> can I install specific testing packages on stable?
475[07:11:20] <somiaj> But then packages have to wait at least 5 days (often longer) to migrate to testing, so that is why seuciry in testing isn't that good
476[07:11:21] <jmcnaught> There is a backports repository with newer versions of select packages compiled for Debian stable.
485[07:13:28] <TechieGuy> Well, so what should I do if I want newer packages than stable and still have security fixes?
486[07:13:44] <TechieGuy> I loved debian except the dated pkgs in stable
487[07:14:13] <somiaj> TechieGuy: wait until the next release, any 'newer software' you install, you become responsible for the support and secuirty of.
488[07:14:42] <somiaj> TechieGuy: outside of sns (newer version numbers), what exactly is it you need that stable doesn't provide? To many older versions are a feature not a drawback.
490[07:15:21] <somiaj> And note there are various ways you can install newer versions of specific programs you work with in a safe manner, and still have the stability and security support on your base system.
491[07:15:56] <TechieGuy> Such as my DE, Plasma Desktop, has added a lot of features in 5.20, somiaj
492[07:15:59] <somiaj> backports is one (though backports don't have direct security support), though complinig a local install of the software is also a reasonable way.
496[07:16:51] <somiaj> TechieGuy: DEs are big bloated nightmares of package dependencies, you won't easily get them backported. Here, either wait until the next release in 2-4 months, or run testing and deal with limited security support. Many desktop users are just fine using bullseye
497[07:17:08] <somiaj> there is no easy/nice way to backport a DE, they are to big and interconnected.
498[07:17:50] <TechieGuy> Can you suggest me other way or other distro which has everything of debian and newer pkgs in stable branch?
499[07:17:52] <somiaj> but many desktop users run testing just fine, and just deal with the limited security support (which isn't too bad on a desktop system that isn't actively serving software and has multiple users accessing)
502[07:18:21] <somiaj> there are even ways to install the package from sid for grave (kernel usually) based security issues.
503[07:18:51] <somiaj> TechieGuy: there are lots of based off debian distros people like. But most of us here would suggest debian and say it is worth the 2-4 month wait to get the newer features in the next release.
509[07:20:29] <somiaj> Debian just suggests and supports a frozen stable release, testing/unstalbe is the development branch for those who want to test out the next release before it is officially released. Many use testing/unstable as their desktop, I was just trying to point out some of its drawbacks.
510[07:20:42] <jmcnaught> TechieGuy: The Debian stable way is to use the same versions of most software for a couple years at a time. When Debian gets a new release every couple of years you get newer versions of software and new features.
511[07:21:35] <jmcnaught> TechieGuy: "stable" here means static or unchanging. You can count on security updates in Debian and not have to worry that something might need to be reconfigured because of a new version.
512[07:21:44] <somiaj> (With the added advantage you know it is fairly well tested, and has good security support for the 2-3 years you run it)
514[07:22:47] <jmcnaught> For many applications there are newer packages on backports, and there are other options like Flatpak and Snap packages too.
515[07:22:49] <somiaj> TechieGuy: note I ran debian testing/sid as my desktop for years, it isn't that bad, but it is not an 'offical release'. But for someone from gentoo you may find it just fine (once you undersatnd how the development model works)
516[07:23:20] <somiaj> I just got tired of constant updates, fixing my machine when updates break things/or change things, and so on, and found stable suited my needs, I just ahd to wait a little longer to get new fancy features.
517[07:23:24] <somiaj> !sns
518[07:23:24] <dpkg> Shiny New Shit Syndrome is a serious disorder, which usually breaks out into an epidemic every time something new is released. If you have SNS, ask me about <backports> and <ssb>; these are better options than upgrading to <testing> because it is a <moving target>.
519[07:23:25] <abff> sid is solid
520[07:23:45] <TechieGuy> somiaj: I'm only worried about security updates. I'm sensitive about security.
521[07:24:27] <somiaj> TechieGuy: a lot of sercurity depends on what you use your machine for, most security issues are not vulnabilities for desktop systems which don't have remote users.
522[07:24:28] *** Quits: citypw (~citypw@replaced-ip) (Remote host closed the connection)
528[07:25:25] <somiaj> TechieGuy: if you really want to run testing, you have to pay attention to the DSA (debian security announcments) and if you see something that may affect you, often times installing the package form sid will work just fine while you wait for the fix to propage to testing.
529[07:26:07] <somiaj> But to me if stability and security are primarly concerns, it might be worth waiting a little longer to get newer software/features (though as I said, bullseye will probably be released in 4 months or so, so not long of a wait)
543[07:53:14] <craigevil> could be i removed it will try reinstalling or trying a different one
544[07:53:28] <jhutchins> craigevil: flatpack: not developed, or supppred by Debian.
545[07:54:06] <jhutchins> apt is supported. Flatpack and Snap are not.
546[07:54:10] <somiaj> ahh seems that flatpak creates some backup ld cache in /run/..., which is a tmpfs, and that is probably where you are running out of space.
551[07:57:02] <jhutchins> Containers are actually a good way to experiment with undeveloped software, but reallly can't support them here.
552[07:57:23] <somiaj> we can't really support some random flatpak you download though, but it appears that flatpak creates some tmp ldconfig in /run/ld-so-cache-dir/<long string>/, and since that is a tmpfs, it could be is what is filling up and giving you the out of space error.
553[07:57:44] <somiaj> Unsure if you can pass flatpak options to change where this backup/cache is built
556[08:01:54] <somiaj> maybe creating a link at /run/ld-so-cache-dir/ to someplace on your hd could also work. Is your /run partition basically full, or maybe this flatpak just requires a lot more space than most do
614[08:34:07] <TheBigK02> and my server i reinstalled on jessie... i had some weird booting issue i remember... and at some point i gave up and reinstalled and restored from backup. hard when u cant look at the screen while booting
615[08:35:06] <TheBigK02> why would someone have a heart attack. raspi is just the hardware and debian the OS. its support related isnt it?
616[08:35:47] <craigevil> only if you are running debian and not raspi os
617[08:36:03] <TheBigK02> i want to switch TO debian... nothing wrong in that, isnt it? :)
618[08:36:37] <craigevil> grab one of the images from here replaced-url
619[08:36:57] <TheBigK02> awesome. will do :)
620[08:37:19] <TheBigK02> im not at home right now. but may be today or on weekend... will see... thanks
627[08:38:30] <TheBigK02> is some sort of home server for me... doing a side to side vpn.. and some services like boot environment and some NAS features...
629[08:40:24] *** Joins: mezzo (~mezzo@replaced-ip)
630[08:40:27] <craigevil> my pi400 is kinda a frankendebian, started off as the official raspi arm64, i updated that, then added testing, upgraded to that, then added unstable and upgraded to that
631[08:40:49] <craigevil> still has the raspi kernel and configs, everything else is sid
642[08:49:12] <oxek> is that surprisingly low, hence sarcasm about loving your connection, or surprisingly fast, hence actually loving your connection?
643[08:49:22] <oxek> I don't remember the last time I waited 49s for anything
644[08:50:13] <oxek> s/low/slow
645[08:51:32] <craigevil> it would have been like 5 seconds if i wasn't using a vpn
646[08:52:15] <craigevil> even with the vpn 380+MB in 49 seconds seemed pretty good, i use uget
746[10:30:15] <TechieGuy> Btw, in Gentoo, installing a pkg from testing branch is super easy. Just add the pkg and it's deps' name to a text file. I wish smthng like that were in Debian
764[10:42:10] <dpkg> A backport is a package from a newer Debian branch, compiled from source for an older branch to avoid dependency and <ABI> complications. replaced-url
765[10:42:22] <jelly> !debian-backports
766[10:42:22] <dpkg> backports.debian.org (formerly backports.org) is an official repository of <backports> for the current stable (see <buster backports>) and oldstable (<stretch backports>) distributions, prepared by Debian developers. Ask me about <backport caveat> and read replaced-url
767[10:42:25] <TechieGuy> jelly: Very sad. But may i ask why?
768[10:42:54] <jelly> TechieGuy, binary, compiled packages and dependencies don't make it easy
769[10:43:27] <jelly> esp within a single namespace. It's probably easy on NixOS
770[10:43:57] <TechieGuy> Suppose, I download a .deb and it's deps from testing branch. can't I just install it with dpkg?
771[10:44:26] <jelly> in general, no, you can't
772[10:45:02] <jelly> tehnically you can, but the resulting installation in unsupportable by anyone
773[10:45:09] <jelly> !frankendebian
774[10:45:09] <dpkg> When you get random packages from random repositories, mix multiple releases of Debian, or mix Debian and derived distributions, you have a mess. There's no way anyone can support this "distribution of Frankenstein" and #debian certainly doesn't want to even try. Ask me about <reinstall>
775[10:45:12] <TechieGuy> What is the reason? What issues may occur?
776[10:46:58] <jelly> various components rely on one another and are only tested well within a release. Mixing and matching does several things: 1) new unforeseen interactions 2) impossible to apply security patches because patching relices on strictly monotonic version increases
778[10:48:09] <TechieGuy> Suppose, I won't take pkgs from random repos or mix stable and testing, everything but the downloaded pkg will be stable, my pkg won't even belong to core system pkgs and just a normal user pkg. In that case?
779[10:48:31] <TechieGuy> The pkg will be from packages.debian.org
780[10:49:29] <jelly> TechieGuy, 2) still stands, even if the package has no extra dependency
781[10:50:16] <TechieGuy> Ok. That's not a big concern though. What could be the harms arising from 2?
800[11:01:09] <jelly> TechieGuy, if you're installing a slim or embedded system with very limited disk space, you can pick and choose which xorg video driver to install first, then install xorg server and it won't pull in video-all
801[11:02:33] <TechieGuy> jelly: I'll use modesetting for intel
802[11:03:10] <jelly> TechieGuy, if you're installing on a general purpose x86 workstation or laptop with enough disk space, 10GB for / filesystem or more, I suggest ignoring the percieved bloat and installing Recommends as well
803[11:03:35] <jelly> !install kde
804[11:03:35] <dpkg> The 'kde-standard' package gets you the common set-up, 'kde-plasma-desktop' and 'kde-plasma-netbook' provide minimal KDE 4 setups with respective flavouring, and 'kde-full' installs everything KDE 4. To install using Debian-Installer (if not using KDE CD-1): from the 'Software selection' dialog, choose "KDE" (use space bar to toggle selections), then "Continue".
805[11:04:07] <jelly> that's a bit dated but those package names still pull in all the plasma bit
810[11:12:12] <b0rsuk> What's the command to run a game in terminal in such a way that it spawns a new terminal? My priority is that error messages should be visible if it crashes or fails to run.
811[11:12:31] <b0rsuk> I also want to set terminal title, so gnome-terminal is out. xfce4-terminal is an option.
812[11:13:25] *** Quits: Jerrynicki (~niklas@replaced-ip) (Remote host closed the connection)
814[11:13:45] <b0rsuk> I'm using i3 window manager, and I'm putting simple shell scripts and/or symlinks in $HOME/bin so I can press $MOD-d, opening dmenu and running an app by typing.
826[11:28:13] <jelly> TechieGuy, to avoid pulling in a metapackage with all the drivers, like xserver-xorg-video-all, you'd figure out which package pulls it in, see if there's an alternative dependency and install that first
838[11:30:50] <jelly> TechieGuy, best ask the mirror owner
839[11:31:10] <TechieGuy> :/
840[11:31:36] <jelly> !debian mirror checker
841[11:31:36] <dpkg> Debian mirrors have timestamp files we use to determine how recently they have been updated. Here are some statistics the mirror maintainers provide: replaced-url
891[11:59:43] <dpkg> build-deps are the packages you need to compile a package. "aptitude build-dep package-you-want-to-build" will install them, or use mk-build-deps (equivs package) to have undo-able build-dep installation. If using <uupdate> or <ssb> to update a package, you will likely need additional -dev packages. You can «/msg judd builddeps package».
892[11:59:56] <jelly> !package rebuild
893[11:59:56] <dpkg> 1) Add a <deb-src> line for your current release to your sources.list 2) apt update; apt install build-essential devscripts fakeroot; apt build-dep packagename 3) as any user, apt-get source packagename 4) cd packagename-version/; ask me about <debian/rules>; 5) dpkg-buildpackage -uc -us 6) as root, apt install ../packagename-version.deb. Ask me about <debian/rules>, <nocheck>, <nostrip>, <apt-get source>.
894[12:00:02] <jelly> !simple sid backport
895[12:00:02] <dpkg> First, check for a backport on <debian-backports>. If unavailable: 1) Add a deb-src line for sid (not a deb line!); ask me about <deb-src sid> 2) enable debian-backports (see <bdo>) 3) apt update; apt install build-essential; apt build-dep packagename 4) apt -b source packagename 5) dpkg -i packagename-ver.deb To change compilation options, see <package recompile>; for versions newer than sid see <uupdate>.
904[12:02:37] <avu> I think the misunderstanding here might be that apt installs build-deps by default as TechieGuy thinks those drivers are just build-deps.
911[12:03:18] <jelly> build deps are completely separate from binary deps
912[12:03:22] <jelly> TechieGuy, you can't translate best practices from a source-based distro to a binary-package based distro easily. The tradeoffs are different, and with a binary package distro you live with the choices your
925[12:05:12] <avu> TechieGuy: are you sure you are reading that Arch site right? Pretty sure they also need at least one of those driver packages at runtime
926[12:05:13] <jelly> the fact they don't make a distinction between binary deps and build deps betrays the underlying structure of a source-based distro
928[12:05:51] <jelly> in any case, I told you what to do to reduce the set of packages -- install one video driver FIRST
929[12:06:00] <jelly> any one
930[12:06:45] <jelly> and I also said why it's not worth bothering to do this kind of micromanagement
931[12:07:06] <jelly> do it only if you have very little space to install.
932[12:07:17] <jelly> or maybe if your bandwidth is very expensive
933[12:07:52] <jelly> otherwise, best practice is just to let apt install what it wants to install
934[12:08:22] <avu> disk space is much cheaper than human time usually
935[12:08:30] <jelly> (and that in general includes Recommends, don't avoid them unless you know EXACTLY why your software's going to work without them)
942[12:10:36] <avu> jelly: I'm not aware of these kinds of providers being the norm anywhere except maybe mobile plans which slow down after a certain amount of data transfered but those are, again, usually not used for Debian installations
948[12:14:22] <TechieGuy> Sometimes apt asks for confirmation, smtimes it doesn't.
949[12:15:22] <ratrace> if you request one package installed and there's no additional deps, it won't ask for confirmation. it _will_ ask for confirmation of _removal_ even if one package.
950[12:15:26] <jelly> it doesn't ask if the goal can be achieved by doing exactly what you told it to and nothing else
975[12:33:11] <lessless> I have to turn on/off my external hdd after os has fully loaded. Otherwise it doesn't see it - there is a bunch of "usb usb2-port2: Cannot enable. Maybe the USB cable is bad?" In dmesg
981[12:40:30] <jelly> lessless, maybe try a different port? usb devices and hosts have all sorts of quirks
982[12:40:41] <ratrace> lessless: could be shitty controller on that thing. could be power options and disk going to sleep on inactivity. see if you can use hdparm to force no spindown or something
983[12:40:58] <lessless> Interesting, thanks!
984[12:41:52] *** Quits: Haudegen (~quassel@replaced-ip) (Quit: Bin weg.)
1024[13:22:09] <jelly> also Tab key tells me he's gone
1025[13:22:15] <ratrace> he's gone
1026[13:22:27] <jelly> but nor forgotten
1027[13:22:49] <ratrace> like two seconds after posting the sources list. I thought maybe accidental ctrl+w this-aint-vim-but-browser-haha-closed problem
1028[13:22:49] <jelly> he shall always live in our hearts
1029[13:23:25] <EdePopede> good news that hexchat finally did remove that keybinding in 2.14
1030[13:24:07] * ratrace raises a glass of schanpps. "To the Tech Guy! Perished in the deadly battle with desktop shortcuts. Skål"
1038[13:25:27] <dpkg> Release-Critical bugs are Debian bugs with critical, grave or serious severities, preventing the next release of Debian. See the graph at replaced-url
1039[13:25:42] <EdePopede> my hope is that Gtk will change to a somewhat sane state in v4
1040[13:25:42] <jelly> 176 is rather low
1041[13:26:05] <ratrace> where's that poll trigger ... methinks I'm winning
1042[13:26:06] <jelly> quick, someone make a Gtk2 compatible wrapper for Qt
1063[13:40:39] <tanja84dk> Just a small question how do I figure out at what point in rc2.d it starts things there is enabled with systemctl? Its because I need to make sure the firewall scripts are run prior
1064[13:40:41] <TechieGuy> Anyone answered my prev. ques.?
1074[13:46:24] <jelly> tanja84dk, systemd doesn't run things in predefined order, it runs as much as possible in parallel, taking care of declared dependencies
1075[13:47:23] <abrotman> TechieGuy: you only have it in backports
1076[13:47:28] <jelly> tanja84dk, if you need to set up firewall rules using a custom way instead of using eg. iptables-persistent, set them up when an interface is brought up, probably (/etc/network/if-up.d/)
1077[13:47:46] <TechieGuy> abrotman: What to add?
1078[13:47:52] <jelly> !contrib
1079[13:47:52] <dpkg> [contrib] Debian packages that contain <DFSG>-compliant software, but have dependencies not in main (possibly packaged for Debian in non-free). To get contrib packages, add lines like "deb replaced-url
1084[13:49:13] <tanja84dk> jelly, thanks alot going to look into that, and yeah its my barebone iptables rules that I need to get set prior several services because they add their own rules
1085[13:49:16] <jelly> if you plan to use intel firmware, you can install that as well, but from a third, non-free section
1089[13:49:58] <dpkg> Edit /etc/apt/sources.list, ensure that the two main Debian mirror lines end with "main contrib non-free" rather than just "main", then «apt-get update». But bear in mind that you'll be installing <non-free> software. These may have onerous terms; check the licenses. See also <sources.list>.
1092[13:50:39] <jelly> IF that is your goal, you don't need to iucode-tool manually at all
1093[13:51:11] <ratrace> tanja84dk: rc.d belongs to sysvinit scripts. it's not directly managed by systemctl, I believe it's the other way around, the sysv generator creates units out of existing init scripts
1095[13:51:38] <TechieGuy> jelly: intel-microcode complains of intel-iucode
1096[13:51:53] <ratrace> complains how?
1097[13:52:18] <jelly> TechieGuy, if you use apt to install it, and you have correct repos enabled, it will just work
1098[13:52:58] <tanja84dk> its just prior using docker for something I just had it in /etc/rc2.d but yeah thanks alot I'm looking into it how to apply it when network gets up
1099[13:53:11] <jelly> TechieGuy, avoid downloading packages manually and trying to install them one by one, if you can use apt
1106[13:54:28] <ratrace> it should. pesky peers resetting connexions!
1107[13:54:56] <jelly> you don't see appels resetting connections I'll tell you that
1108[13:55:19] <jelly> or anges.
1109[13:55:31] <ratrace> emons too?
1110[13:55:45] <tanja84dk> ohh sorry I asked my bad. Just found out what my issue actually were. Just found out the if-pre-up.d actually had to restore firewall but their path makes no sense for me
1111[13:56:33] <DaRock> evidently the api for vmdb2 has changed and the build system hasn't caught up - but being a debian newb I have no idea how to go about fixing the issue
1112[13:56:43] <tanja84dk> so going to fix it that way by editing the firewall restore file in there. And thanks alot jelly for actually pointing me in a better way
1113[13:57:29] <ratrace> DaRock: maybe a specific chan @ OFTC would be more helpful? what's that, RPi image?
1114[13:57:41] <jelly> you're welcome
1115[13:57:54] <DaRock> yeah rpi image, but ore specific chan?
1116[13:58:21] <jelly> ratrace, clearly we need an alot bot just to respond to these
1117[13:58:25] <ratrace> yeah jelly, thank the alot. bring it fruits and other sacrifices.
1118[13:58:33] <DaRock> this is a debian build after all
1119[13:58:41] *** jelly is now known as alot
1120[13:58:49] *** alot is now known as jelly
1121[13:58:50] <echoSMILE> Hi. How to config the system to limit any process to not cross 50% of CPU's capacity ?
1122[13:58:55] <jelly> sadly, registered
1123[13:58:58] <ratrace> jelly: how many chans did you just spam with that :)
1124[13:59:02] <jelly> 120
1125[13:59:04] <ratrace> coulda just asked ze nicksrv :)
1126[13:59:05] <tanja84dk> btw the issue were actually that it wanted to use iptables-restore from /root folder and not /etc
1127[13:59:15] <jelly> it's the channel limit on freenode
1132[14:00:04] <DaRock> I'm not looking for raspbian...
1133[14:00:56] <ratrace> echoSMILE: you can use cgroups
1134[14:01:30] <ratrace> echoSMILE: infact, systemd service units can use the Limit directives. for user initiated processes, it's a bit trickier, but you can still utilize cgroups
1135[14:02:03] <ratrace> systemd.resource-control(5) for more info
1193[14:35:11] <tanja84dk> Well it were more after I added the firewall ( my running and working firewall ) to the iptables-restore ( took a iptables-save ) then it wont get ip at boot ( eth0 stays down )
1194[14:35:34] <tanja84dk> so I guess something fucked it really up at boot
1196[14:35:52] <cws> tanja84dk: Maybe this is laziness on my part, but I would recommend using something that manages these processes for you, like ufw or firewalld.
1197[14:36:03] <tanja84dk> searching in syslog right now to try figuring out what happend
1198[14:36:27] <tanja84dk> no thanks ufw is really no go
1199[14:36:40] <McErroneous> msg tanja84dk hallo
1200[14:36:41] <cws> Why's that?
1201[14:36:55] <McErroneous> same here...
1202[14:37:17] <cws> And there's also firewalld. Besides, iptables is going away. It's being replaced with nftables.
1203[14:37:24] <tanja84dk> I have always used iptables directly ( since debian 4 ) where I know what is happening
1207[14:37:46] <cws> Well, now your firewall has locked you out. Maybe its time to try something new.
1208[14:37:54] <cws> McErroneous: See the previous about iptables being deprecated.
1209[14:38:03] <cws> Times change, things change, and you have to learn new things.
1210[14:38:09] <tanja84dk> I never trust the system ( never ) to open ports by it self its a security risk
1211[14:38:12] <McErroneous> cws: nvm...
1212[14:38:21] <cws> tanja84dk: neither ufw nor firewalld do that.
1213[14:38:35] <cws> tanja84dk: You, the admin, have to tell either one what ports are allowed.
1214[14:38:48] <cws> They're just interfaces for nftables anyway.
1215[14:38:53] <neoclust> Hi
1216[14:39:05] <tanja84dk> and that has never been best practice. cws are you also using upnp
1217[14:39:17] <cws> tanja84dk: Yes, actually, it has. And no, I am not.
1218[14:39:25] <neoclust> i need help on my debian 9 i see i have icu65 ( 65.1-1+0~20200223.8+debian9~1.gbp519cf3 ) but i don't find from where i downloaded it
1219[14:39:30] <neoclust> does someone can help me ?
1220[14:39:35] <McErroneous> cws, help to tackle the problem using iptables..., dont recommend updates or upgrades.., introducing new things...,
1221[14:39:43] <cws> tanja84dk: I REALLY suggest you don't go down the security and best-practices rabbithole with me. You are ILL prepared for that.
1222[14:39:55] <cws> McErroneous: Don't tell me how to help. Either be productive or stop typing.
1223[14:40:01] <cws> McErroneous: Thank you.
1224[14:40:07] <tanja84dk> putted cws on ignore for spam
1225[14:40:15] <cws> Be my guest :)
1226[14:40:49] <wintersky> . for sure
1227[14:40:59] *** Quits: MagicalWizzy (~MagicalWi@replaced-ip) (Remote host closed the connection)
1237[14:50:49] <sigint> I'd like to point that most cloud providers have firewalls/security groups that can be configured via an API, it is usually good enough to replace iptables in each instance.
1252[14:53:22] <ratrace> tanja84dk: me too. they'll pry them out of my cold dead hands :)
1253[14:53:24] <iridos> mmh, for some weeks now, chromium doesnt go back and forward in the history using XF86Back and XF86Forward … that was so handy on the laptop to have that… but I cannot find in the changelog that they changed that or if there s maybe an option to re-enable it
1254[14:54:02] <qman__> yes, he is - I went down the road of trying to learn half a dozen iptables frontends and in the end, spent a few days learning how to use iptables directly, and it made a lot more sense and worked a lot better
1255[14:54:43] <qman__> of course, these days, nftables is the replacement, so if you're starting now, start there instead
1256[14:54:54] <ratrace> qman__: I'm not a "he". also please note I don't see what cws is typing, he's on my ignore list. and I recommend don't argue with him. you'll be verbally shat on.
1257[14:56:42] <iridos> ALT_L and left/right still works … but that's by far not so nice as a single key, specially as alt_l is on the other side of the kbd and you always need both hands
1268[15:04:59] <tanja84dk> ratrace, But yeah I dont know if something else in the server has fucked up under upgrades so as soon the rsync backup is done then it will get formatted and then starting with the firewall and then building up again
1270[15:05:25] <EdePopede> iridos: do you still have the old version around to do a direct comparison of 2 clean profiles? if they changed it w/o further notice that would be really bad po(or)licy.
1312[15:23:58] <ratrace> iridos: I heard the term "stalebian" circulating in the arch community :)
1313[15:24:50] <shtrb> jelly, just wait for IE to come back from the dead :D
1314[15:25:26] <_0xbadc0de_> hello guys - my issue is that I have a debian machine (debian 10) with two gpus. I have manually configured the machine to have a static ip address by editing /etc/network/interfaces
1315[15:26:06] <_0xbadc0de_> the issue is that when I remove one of the gpus the network interface associated with the ethernet cable that connects to my lan is renamed
1317[15:26:33] <ratrace> _0xbadc0de_: eh... buggy BIOS/EFI thingy ... known thing with "predictable naming". I recommend you tie NIC name to its MAC address
1318[15:26:44] <_0xbadc0de_> it changes from enp1s0 to enp2s0
1319[15:27:15] <ratrace> it's a known issue with systemd's udev's "predictable naming"
1320[15:27:47] <jelly> ratrace, you could shorten it further to "stalian" or "stalin"?
1321[15:28:01] *** debhelper sets mode: +l 1076
1322[15:28:06] <ratrace> the way I confiugre my systems is to revert back to ethX naming, and then I tie NIC name with its MAC using networkd and a .link unit. iirc you can also tie them using interfaces(5)
1323[15:28:40] <ratrace> jelly: and then further to alin -> alon -> alot. The Alot again :) damned beast
1332[15:30:49] <ratrace> if you ahve only ONE network card, then you don't really have to bind it with its MAC. eth0 won't change if a GPU is removed. eth0 and, say, eth1 MIGHT exchange on boot randomly in some cases, which is where tying it to MAC is needed.
1333[15:31:58] <_0xbadc0de_> ratrace: I believe I do, when I do ip a I get only one network interface after lo
1361[15:41:34] <ratrace> _0xbadc0de_: yes, this is correct
1362[15:41:40] <_0xbadc0de_> ratrace: the new name for the network interface will then be eth0?
1363[15:42:02] <ratrace> _0xbadc0de_: the "first" one as reported by BIOS will be eth0. "second" one eth1, etc..... since you have only one, it'll be just eth0
1364[15:42:19] <_0xbadc0de_> OK. so no need to tie to MAC addr then?
1365[15:42:46] <ratrace> no need in this case, but it'd be future proofing if you did.
1366[15:43:27] <ratrace> mind you, even if you didn't, it's only about buggy BIOSes where the ethX order changes on boot, so it's not a rule or mandatory: just a wise, future-proof precaution
1391[15:50:41] <_0xbadc0de_> so we are all ready, can I reboot?
1392[15:50:42] <cws> /boot/grub/grub.cfg
1393[15:50:54] <jelly> if this is an important setting that you want applied regardless of the menu entry chosen for boot, then put it in GRUB_CMDLINE_LINUX= instead of the _DEFAULT setting
1548[18:33:34] <ratrace> anyone running Xorg via startx? Haven't done that in a long while and I forgot all the configuration deets but .... for reason that's beyond me running startx as non-root here, still results with Xorg running as root. I looked for a dangling setuid bin or something ... didn't find any. wth?
1557[18:36:11] * sney has typed /usr/lib/nagios/plugins so many times it's practically muscle memory
1558[18:36:13] <ratrace> so now what. I heard some folks here running xorgs as regular users . short of removing the setuid ... what's the trick here?
1559[18:37:06] <ratrace> on gentoo you'd simply install xorg wihtout the setuid bit and had to deal with permissions manually, so that part I know what to expect. I'm just not familiar with the "run xorg without setuid bit on debian" part
1565[18:40:53] <somiaj> yup, the legacy server will not do that, and for those who use display managers, I still think the displaymanager runs as root, though maybe it runs as some non-root user and then calls an authentication command
1566[18:40:56] <ratrace> somiaj: yes yes, I just realized that I had xserver-xorg-legacy installed which installs teh setuid xorg, as of stretch. NO idea how that ended up on my system. this was a fresh buster installation
1568[18:41:29] <somiaj> maybe some dm depends on it
1569[18:41:32] <ratrace> that would require I first aptitude installed aptitude :)
1570[18:41:49] <ratrace> somiaj: I removed the package, it removed nothing else. so whatever pulled it in, came as recommended or suggested, by teh installer
1571[18:41:51] <sney> then apt rdepends xserver-xorg-legacy and parse the list with your eyeballs
1572[18:41:56] <somiaj> yea, the why and search features of aptitude ahve me end up installing it when I don't need it.
1573[18:42:21] <ratrace> seems like xserver-xorg recommends it
1575[18:42:43] <somiaj> ratrace: probably because of all the issues some users had with non setuid xorg
1576[18:43:00] <somiaj> when it first rolled out in testing, there was lots of people having trouble with xorg working like they were use to
1577[18:43:23] <somiaj> I personally never ran into any issues, though I only use a simple window manager, I think display managers and desktops had more issues
1586[18:47:46] <karlpinc> Just dropped in, after getting the X security updates. Is there a package I should be removing?
1587[18:48:11] <ratrace> karlpinc: no. I switched to rootless xorg and _I_ had to remove the legacy xorg thingy that was setuid
1588[18:48:45] <karlpinc> ratrace: I see. (Maybe I should too, but don't want to have to think.... :)
1589[18:48:53] <ratrace> otherwise, just regular upgrade for DSA-4893-1
1590[18:49:25] <somiaj> how did you test if xorg was setuid or not, just ps?
1591[18:49:52] <ratrace> find -perm -4000
1592[18:50:07] <ratrace> I didn't know _which_ bin/file would be setuid so I was looking for all of them
1593[18:50:54] <ratrace> then I found the /usr/lib/xorg/Xorg.wrap which belongs to xserver-xorg-legacy and then I remembered about that package and setuid xorg
1596[18:52:09] <somiaj> I meant how were you testing if the current running xorg was setuid or not, anyways, seems lightdm runs xorg as root, so using a dm (which problably most do) probably makes it so the legacy package is a reasonable recommended package
1597[18:52:31] <ratrace> somiaj: ah I just greped ps for xorg and saw it running as root
1598[18:53:05] <ratrace> yes lightdm will run it as root. I'm using startx, and that's why I was confused at first. seems like _only_ gdm will run rootless xorg, among all the DMs
1600[18:53:46] *** Quits: XenGi (~quassel@replaced-ip) (Remote host closed the connection)
1601[18:53:57] <ratrace> essentially I just switched from lightdm to startx today, took the opportunity of xorg update + some firmware updates, so I figured if I'm rebooting, let's try out startx
1603[18:54:55] <somiaj> I do like how systemd with startx replaces the tty it runs on, which makes it so you can't ctrl-alt-f? to get back tot he tty, though quiting/ending your window manger will drop the user back into an open shell (so one advantage of a dm)
1604[18:55:14] <somiaj> though lock screens and disabling things like ctrl-alt-backspace (which is by default) will protect against that
1605[18:55:52] <karlpinc> I'm running Xorg from a custom systemd config, to run it on an additional vt to get me a gui on my headless box. I don't suppose there's some special username or some such if I did not want to run X as root?
1606[18:55:53] <ratrace> and having a wraper for startx that basically exits the login shell when startx drops
1607[18:55:54] <somiaj> and I guess if they have access to quite your wm, they probably have access to run a terminal, so same difference.
1608[18:56:29] <ratrace> indeed. physical access to the console usually means game over
1609[18:56:33] <somiaj> karlpinc: I would just create a user for that, the whole point of non-setuid xorg is any user can run it, they just may need to be some groups for hardware access.
1610[18:57:01] <karlpinc> somiaj: Righto then. I'll put it on the list. ;) Thanks.
1611[18:57:25] <jmcnaught> The hardware access is managed by logind as far as I know
1612[18:57:38] <ratrace> I already run firefox, steam and some other programs as other users (+ apparmor profile on them), but xorg is .... xorg. I want, with upgrade to Bullseye, to switch from i3 to sway, and go full wayland, and leave xorg only for steam and whever needs it, run as separate, apparmored users.
1664[19:27:42] <karlpinc> xaero: (Top of the document says that, as a rule, uids/gids not in the base-passwd package should be obtained dynamically. So all you can count on is the user/group names.)
1681[19:40:41] <ratrace> now this is weird. I just had vim lock up in a tmux panel. kill -9 vim's_pid did nothing. tmux seemed locked too, couldn't switch panes, but I _could_ ctrl+b and :kill-session
1682[19:41:09] <ratrace> that I couldn't kill -9 that vim is a bit worrying
1735[20:16:59] <cheche> Given that new Debian versions use a random device name for the network interface (enp2s0,enp1s10) instead of eth0. is there a way to tell etherwake which default interface to use?
1736[20:17:45] <cheche> be fore I could run "etherwake 11:22:33:44:55:66)
1737[20:17:54] <rudi_s> cheche: You can change the name.
1738[20:17:57] <sney> it's not random, it's based on pci locations, so it is more predictable than the previous eth0 approach which was susceptible to race conditions.
1739[20:18:09] <sney> but you can use a systemd.link file to define a name based on the mac address if you want
1740[20:18:21] <cheche> now I need to use: "etherwak -i enp2s0 11:22:33:44:55:66"
1761[20:20:36] <ratrace> rudi_s: in fact ... you don't even have to revert to ethX. you can use whatever name you want and bind it to a MAC, via networkd .link unit
1762[20:20:44] <rudi_s> ratrace: I read it's problemtic with systemd's link files at least.
1763[20:20:49] <ratrace> I think it's possible even via interfaces(5)
1764[20:20:58] <sney> plus with a custom name it's clear at a glance that it's something you defined, rather than a change in automatic kernel behavior
1765[20:21:01] <ratrace> rudi_s: I've been doing this for our fleet of servers for years now. it's fine.
1766[20:21:03] <rudi_s> ratrace: I know (see above). I use e0, e1, e2.
1767[20:21:19] <karlpinc> cheche: For info on the naming schemes, etc., see: replaced-url
1768[20:21:22] <ratrace> rudi_s: yea, you can force/use whatever name you want
1769[20:21:38] <ratrace> greycat: btw ... is your xorg running as non-root?
1775[20:22:49] <oxek> that's an unusual ordering of things
1776[20:23:03] <ratrace> greycat: k. because I today switched from lightdm to startx and was confused why xorg was still running as root. the culprit was xorg-server-legacy package that somehow got installed, probably as "recommended" by xorg-server
1795[20:32:08] <greycat> well, it only shows two settings(?) for xserver-xorg-legacy ... no idea whether one of them is responsible for the difference between ratrace's system and mine
1812[20:37:19] <greycat> ratrace: Xorg.wrap(1) seems to be the only documentation there is, and it says it "will autodetect if root rights are necessary".
1813[20:37:44] <ratrace> well, it autodetected wrong.
1814[20:37:53] *** Quits: chele (~chele@replaced-ip) (Remote host closed the connection)
1815[20:38:21] *** Quits: XsiSec (~xsisec@replaced-ip) (Remote host closed the connection)
1816[20:38:52] <ratrace> I think the only problem here is xserver-xorg-legacy being "Recommends" of xserver-xorg. if anything it should be a dep of DM that requires setuid xorg
1819[20:39:51] <ratrace> I usually run with no-install-recommends, but this was pulled in by the installer
1820[20:40:01] <greycat> Back in ... stretch(?) ... it was separated out and offered for chipsets that require it. I don't know how the autodetection works. Or which chipsets need it. Probably any that can't do KMS.
1825[20:43:11] *** Scotty_Trees|Zzz is now known as Scotty_Trees
1826[20:43:27] <ratrace> hrm...
1827[20:43:34] <Hrym> Hi! I'm trying out Bullseye on one of my laptops, and are now trying to understand why suspend hangs when a file is open on a autofs+nfs share, this was not happening on Buster. Have I missed something obvious?
1832[20:43:54] <dpkg> #debian-next is the channel for testing/unstable support on the OFTC network (irc.oftc.net), *not* on freenode. If you get "Cannot join #debian-next (Channel is invite only)." it means you did not read it's on irc.oftc.net. See also replaced-url
1882[21:37:39] <Caesar_NayKid> Anyone know how i can have my Debian default to having a Realtek nic on and connecting during Debian boot and leave off an intel nic to be available for a guest OS?
1883[21:38:52] <ratrace> Caesar_NayKid: if you don't configure intel nic on the host, it won't be used
1884[21:39:16] <ratrace> however, what exactly do you mean by "available for a guest OS"? pci passthru?
1885[21:39:47] <Caesar_NayKid> I guess so. I just turn it off and it is available in the guest.
1886[21:40:49] <Caesar_NayKid> Yea, it is configured in Qemu/Virt-Manager as a Physical PCI device
1887[21:41:00] <Caesar_NayKid> And it works
1888[21:41:36] <Caesar_NayKid> But when i boot Debian (host) it enables that Intel nic by default
1891[21:42:10] <Caesar_NayKid> Yeah, im using the gnome terminology probably, but there's a gui toggle
1892[21:42:11] <ratrace> if you don't configure it, it won't be used. _however_ pci passthrough requires you to assign the hardware to vfio-pci _before_ its regular driver grabs it
1893[21:42:58] <Caesar_NayKid> That's handled in the XML when i power up the VM
1894[21:43:08] <Caesar_NayKid> And it works properly
1895[21:43:19] <ratrace> if it "works properly" ... where's the problem?
1897[21:43:34] <Caesar_NayKid> I guess i need to "unconfigure it" then from the host?
1898[21:43:53] <ratrace> also I doubt we're talking about the same things, unless virt-manager/libvirt is capable of reassigning pci devices to different drivers
1899[21:44:06] <ratrace> Caesar_NayKid: again, if "it works properly" ... where's the problem?
1900[21:44:21] <Caesar_NayKid> The problem was described twice above, Debian defaults to use that nic.
1901[21:44:37] <Caesar_NayKid> I turn it off so I don't risk a conflict i assume
1902[21:44:46] <ratrace> I don't think you understand.... if it WORKS PROPERLY ..... then what does NOT work properly?
1903[21:45:01] <jmcnaught> libvirt can reassign PCI devices. I assign my second GPU to vfio-pci at boot, but I also pass an NVMe and USB controller and libvirt just handles those.
1904[21:45:01] <ratrace> if you pci passthrough a device, then the host cannot and won't use it
1910[21:46:22] <Caesar_NayKid> So, when I boot Debian, the intel adapater grabs an IP address for Debian.
1911[21:46:45] <ratrace> Caesar_NayKid: so you see, either it works properly (pci passthru'd to guest, host CANNOT use it) or it does NOT (it's NOT pci-passthru'd to the guest, and the host is using it). so which is it?
1912[21:46:47] <Caesar_NayKid> I click "turn off" in the gui on that
1913[21:47:28] <ratrace> sorry I don't know what that means or does. you'll have to be more specific with your config. show examples of outputs and configs that you ahve and that don't work as expected.
1916[21:48:18] *** Quits: jerry (~jerry@replaced-ip) (Ping timeout: 260 seconds)
1917[21:49:09] <jmcnaught> Caesar_NayKid: if you do not want the host/hypervisor OS to use that Intel NIC at all, then you can assign it to vfio-pci at boot so it will only be used by guests.
1918[21:49:31] <Caesar_NayKid> Thanks jmcnaught where do i do that?
1919[21:49:39] <jmcnaught> Caesar_NayKid: "lspci -nnd 8086::0200" should list your Intel NIC with its PCI-ID (it will start with 8086:)
1920[21:49:42] *** Joins: jerry (~jerry@replaced-ip)
1921[21:50:25] <ratrace> I literally said that and Caesar_NayKid literally said "That's handled in the XML when i power up the VM \n And it works properly"
1922[21:50:38] <jmcnaught> Caesar_NayKid: take that and make a file in /etc/modprobe.d/ with contents "options vfio-pci ids=8086:abcd" (replace abcd with actual values)
1926[21:51:36] <ratrace> eg... softdep <your_intel_module>: vfio-pci you can add that in the same modprobe.d file
1927[21:51:52] <ratrace> (regular kernel *module)
1928[21:51:58] <jmcnaught> Caesar_NayKid: then add a line for vfio-pci to /etc/modules. You might need to run "update-initramfs -u"… or what I do is add "modules-load=vfio_pci" to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub
1929[21:53:24] <Caesar_NayKid> Hmm. Ok I screenshot all that so i can read on those commands
1931[21:54:08] <Caesar_NayKid> Thought it might just be editing a single config file but appears to be something new that i need to spend some time with
1971[22:16:02] <jhutchins> Celmor[m]: *nic usually doesn't care about file extensions (.conf) - it looks at the first word of the data to see what it is.
1972[22:16:07] <oxek> Caesar_NayKid: probably don't use any weird characters
1973[22:16:13] <oxek> spaces, etc.
1974[22:16:21] <Caesar_NayKid> Caesar.conf
1975[22:16:26] <greycat> There are several places where file extensions matter.
1976[22:17:26] <oxek> greycat: one of the strangest places is /etc/sudoers.d/, where a file must not have an extension if it is to work
1977[22:17:33] <greycat> The C compiler front-end uses extensions to decide what kind of file it's dealing with. Web servers use extensions to decide the Content-Type on static files. Some config directories require files to end with .conf.
1978[22:17:39] <EdePopede> saves some work by avoiding sniffing.
1979[22:17:45] <jmcnaught> Caesar_NayKid: do a favour to your future self and include a note about the purpose of the file in a comment
1980[22:18:16] <greycat> And yes, some config directories require filenames NOT to contain dots, because .bak and .20210419 and so forth generally mean backup copies.
1981[22:18:30] *** Quits: de-facto (~de-facto@replaced-ip) (Disconnected by services)
2026[22:32:11] <greycat> The worst that can happen is your network interface won't work. If that happens, it won't stop your system from booting, so you can just boot it up, undo your change, and go back to how it was.
2037[22:35:04] <jmcnaught> What you are doing is also easy to undo. If you run "lspci -kd ::0200" it will show you the kernel driver module in use for your ethernet controllers. What you are trying to do is replace the kernel driver module with vfio-pci which dedicates the device for pass through to a virtual machine.
2038[22:35:19] <Caesar_NayKid> EdePopede: that sounds dope.. but beyond my current skillset likely
2073[22:39:33] <greycat> Even simpler than "if the internet doesn't come up" -- just write a snippet in rc.local which will sleep for 10 minutes, then undo your change and reboot. If you are able to login during those 10 minutes, then you kill that script and remove it from rc.local.
2105[22:47:24] <sney> httpd is a recommendation, iirc. but it can be nginx or whatever instead of apache, as long as you aren't installing libapache2-mod-php
2106[22:47:25] <Foxfir3> how can apache be a depency? I know that its not.
2124[22:50:38] <sney> jhutchins: try looking at the package, it says Depends: libapache2-mod-php7.4 | php7.4-fpm | php7.4-cgi, php7.4-common
2125[22:50:45] <sney> it's not a "bug" it's just a weird/legacy choice.
2126[22:50:58] <Foxfir3> okay. debian-next. thanks. also, it seems strange that a 'webserver' during the installation is the apache webserver
2127[22:51:07] <sney> this is the same in buster, it's just s/7.4/7.3/
2128[22:51:47] <sney> apache2 has the highest popcon score so it's the default http server in debian. it's also the http server that is used by debian web services.
2129[22:51:49] <sney> !popcon
2130[22:51:50] <dpkg> extra, extra, read all about it, popcon is the Debian Popularity contest, the basis for what packages appear on the first few CDs/DVDs etc (by rank). Install the popularity-contest package to participate. See the results at replaced-url
2155[22:57:46] <sney> Foxfir3: most instructions for installing a webserver stack specify whether to install mod-php or php-fpm, if someone is doing 'apt install php' with nothing specified it might be assumed that they don't know what they're doing, and need the most basic setup. which is apache and mod-php.
2156[22:57:47] <greycat> ordinary users *can't* restart cron so it had to be designed without that need
2157[22:57:51] <sney> !invite only
2158[22:57:51] <dpkg> Many debian channels are on the OFTC network (irc.oftc.net), *not* on freenode. If you try to join one and you see "Cannot join (Channel is invite only)." it means you did not read it's on irc.oftc.net. See also replaced-url
2161[22:58:06] <sney> OFTC is a separate network, right now you are on freenode.
2162[22:58:10] <Caesar_NayKid> Debian next is over there yeah
2163[22:58:43] <Foxfir3> sney: thanks. on the british freenode
2164[22:58:54] *** Quits: sinaowolabi (~Sina@replaced-ip) (Remote host closed the connection)
2165[22:59:16] <sney> and apache is still way more popular than nginx in debian, see replaced-url
2166[22:59:57] <greycat> Debian users tend to be very traditional and resistant to changing.
2167[23:00:58] <Foxfir3> sney: depends on OS. im used to php just install php. Installing nodejs doesnt install apache. And in fact both Nodejs and php has built in servers. so its a design error to have php run as a metapackage
2169[23:01:27] <acu> is anyone here having experience using nvme in a RAIDZ for one year or close ? I am very confident on spining disks - works years - but I did not use nvme or ssd in Raid for long time and I want to create a RADZ with 3 NVME 2 TB each - and I do not know if I need to go for enterprise or what is the cheapest nvme 2 TB that I could go with (or if you share whatever any one uses it will be great)
2172[23:02:04] <jmcnaught> Foxfir3: maybe php-cli is what you want then?
2173[23:02:09] <Foxfir3> sney: no biggie. just interesting that when installing Debian it tries to lure the user into install Apache webserver. so its not only under the php install.
2175[23:02:50] <sney> Foxfir3: there is no "lure" it's just the most popular package. nobody is making a decision to try to make you do something one way or another.
2178[23:03:38] <sney> Foxfir3: I agree that mod-php should probably not be the first choice of php implementation, since even in apache2, FPM is a better choice with better performance. but there is no malice here, the apache/php maintainers are not trying to trick you
2179[23:03:48] <sney> sane defaults are provided and you can choose whether or not to follow them. that's it.
2181[23:04:26] <oxek> sney: should still probably be changed
2182[23:04:42] <Foxfir3> sney: almost. during Debian install, its Apache is just named 'webserver'. No hint as to what server will be installed.
2183[23:05:07] <Foxfir3> sney: its a leftover from the old days.
2184[23:05:20] <Caesar_NayKid> Uh oh. I entered the wrong target path to do an rsync in cron (target directory does not exist) anyone know if it will create it somehow or just fail?
2185[23:05:27] <Foxfir3> sney: fpm with Apache?
2186[23:05:29] <sney> Foxfir3: the debian install guide provides the details of every single option in the debian installer, with even more defaults available in the release notes. the installer team assumes you will at least look at one or the other document
2187[23:05:54] <sney> yes, fpm with apache2 with the event or worker mpm
2188[23:06:22] <Foxfir3> sney: thanks. will have to check that out.
2189[23:06:23] <jhutchins> ,v php7
2190[23:06:24] <judd> No package named 'php7' was found in amd64.
2191[23:06:26] <sney> speaking of "leftovers from the old days", libapache2-mod-php hasn't been a good idea for a production service in... 8 years/
2214[23:12:47] *** Quits: xet7 (~xet7@replaced-ip) (Remote host closed the connection)
2215[23:13:31] <sney> acu: try asking in #zfs as they have more raidz users. but I have heard that solid state devices in general are becoming very popular with raidz
2216[23:14:32] <Foxfir3> sney: found the solution replaced-url
2217[23:14:33] *** Quits: catman370 (~catman@replaced-ip) (Quit: See you later..)
2218[23:15:08] <sney> Foxfir3: yes, as you can see the instructions specify php-fpm. [14:57:45] <sney> Foxfir3: most instructions for installing a webserver stack specify whether to install mod-php or php-fpm
2222[23:15:50] <sney> using Sury's 3rd party repo makes no difference in dependencies here, since Ondrej maintains the packages for debian as well. they are practically identical except for available versions/patch sets.
2223[23:16:08] <Caesar_NayKid> How can i check in the terminal if cifs is installed?
2227[23:16:39] <Foxfir3> sney: not correct. installing php in a traditional manner requires a private PPA. Basically a hack, while it should be standard
2228[23:16:47] *** Quits: sinaowolabi (~Sina@replaced-ip) (Remote host closed the connection)
2229[23:17:03] <oxek> Caesar_NayKid: `apt list cifs-utils` would show [installed] if it is installed
2233[23:17:52] <sney> Foxfir3: under php installation it says quite clearly, "$ sudo apt install php php-fpm". this would make php install fpm, which means mod-php is not installed, and apache is not a dependency. it's the same in debian without the ppa. feel free to try it with that exact command.
2270[23:28:16] <oxek> I have a separate question for anyone, what's the correct way of calling this 'deb replaced-url
2271[23:28:46] <Caesar_NayKid> Pretty sure, when i typed apt list by itself it blew up the terminal I can't scroll back past python3-report.. something
2282[23:30:48] <Caesar_NayKid> Thanks for being mostly patient with me everyone. I know after a few hours of sifting through forums and reddits of randoms i can find this info so appreciate you tryna h.b.o.
2283[23:30:50] <oxek> primary works I guess
2284[23:31:00] <Caesar_NayKid> I have done some searches on apt in general
2285[23:31:13] <Caesar_NayKid> Just still new to me.
2287[23:32:03] <Caesar_NayKid> Im aware I may have bit off alot and jumped into the deep end so to speak but it's all working great so far, i really am liking Debian.
2305[23:45:15] <oztunan> Not now. I mostly joined to observe. I may have a question in the future. I've been a gnu/linux and debian user for a long time.
2306[23:45:51] <sney> #987227 cc Foxfir3, oxek
2307[23:45:51] <oztunan> Lately I've decided to use debian more exclusively.
2308[23:46:38] <oxek> sney: thank you
2309[23:46:45] <oztunan> I'm getting tired of instability and commercialization.
2335[23:58:00] <Caesar_NayKid> So, im trying to mount a windows share in Debian. This guide told me to make a file ~/.smbcredentials to save the username and password in.
2336[23:58:11] <Caesar_NayKid> Where does it save that file?
2337[23:58:18] <Caesar_NayKid> ~/
2338[23:58:45] <sney> ~ is shorthand for your home directory
2339[23:58:47] <avu> Caesar_NayKid: the ~ refers to the current user's home directory
2340[23:58:56] <sney> you can do 'ls -l ~' to see this
2341[23:59:06] <Caesar_NayKid> The file reference is /home/username in the file but when i go there I don't see that file
2342[23:59:18] <sney> and files that begin with . are hidden
2343[23:59:25] <avu> Caesar_NayKid: use -a with ls to see "hidden" files