--- Log opened Sat Jun 16 00:00:00 2018 00:00 < ziggylazer> What? 00:00 < bls> nevermind 00:01 < ziggylazer> So you dont think that in the context of a cookie that could have a standard meaning? 00:01 < lnnb> could be your macintosh version id 00:01 < bls> no, I don't think that every instance of the string MAC in a cookie means message authentication code 00:02 < ziggylazer> But the wast majority 00:27 < jeffree> linux sucks 00:28 < meyou> hot take 00:51 < Pentode> i guess he's expecting some sort of emotional response to feed his troll organ 01:03 < jim> Am7/C: you sound almost exactly like Cmaj6! 01:04 < Cmaj6> Hi guys, can anybody recommend me good administration software for linux (and preferably cross platform). I'm talking about software to organize your bills, invoices, time registration, taxes, etc. etc. (basically, some form of accounting software or something, but used for freelancers) 01:04 < jim> in fact, there's no difference at all! 01:06 < jim> hmm, there's so many different software things you can get... 01:07 < Fahrradkette> Cmaj6: it depends how deep down the rabbit hole you want to go. The most simple solution would be a bunch of LibreOffice Calc sheets. On the other end of the spectrum, there are OpenSource ERP systems. 01:07 < Loshki> Cmaj6: https://opensource.com/life/17/10/personal-finance-tools-linux. (I don't use any of these myself) 01:07 < Cmaj6> Fahrradkette: i'm doing the Calc sheets route now, but it quickly goes out of hand and i don't want several sheets all over the place. Also, i don't like to write my own statistics for my work 01:07 < jim> Cmaj6, have you looked on github? 01:08 < Cmaj6> jim: no not yet (i don't know the correct lang to search for) 01:09 < Cmaj6> it's not financial software, but also not personal finance or so, it really needs to be targeted for small business owners 01:09 < jim> let me see 01:09 < Cmaj6> (i know the correct terms in dutch, but in english???) 01:09 < Fahrradkette> Cmaj6: so you want some sort of a QuickBooks clone? 01:09 < unkmar> Cmaj6: book keeping or accounting. We usually call it accounting software. 01:10 < jim> if you know those correct terms... let's see.. 01:10 < Cmaj6> Fahrradkette: don't know the quickbooks software, but taking a quick look at the site: i think that's what i need indeed 01:10 < Cmaj6> unkmar: thank you! 01:10 < Cmaj6> book keeping indeed!! 01:10 < Fahrradkette> there is tryton which might be one of the solutions 01:11 < Fahrradkette> I don't know if that's overkill for you though, it's a full blown system. Might take you longer to setup than it saves you in the long term 01:12 < Cmaj6> Fahrradkette: just took a look...i think it's overkill lol 01:12 < jim> Cmaj6, take a look at this... https://github.com/search?q=small+business+records 01:12 < Cmaj6> Fahrradkette unkmar jim : thnx for now! I'll do some search on the terms you guys provided! If after extensive research i still can't find what i am looking for, i'll get back here! :) 01:13 < Fahrradkette> Cmaj6: you might want to take a pen and paper and have a walk in the forrest/by the lake side to write down your requirements:) 01:14 < Cmaj6> Fahrradkette: i'll consider that ;) 01:14 < Fahrradkette> good luck with your decision :) 01:15 < jim> or, s/in the forest by the lake/any relaxing place where you can focus on what you want to/ 01:15 < mophed> please take me on this retreat 01:15 < unkmar> Cmaj6: My attempts at accounting software in linux has always been painful. But that was 10+ years ago. Hasn't been my problem in a long time. 01:16 < Cmaj6> unkmar: how did you solve it then? 01:16 < jim> sounds like a foist operation :) 01:17 < pnbeast> I think Corbet, on LWN, has periodic descriptions of accounting software he has tried. He's been unhappy, too. 01:18 < unkmar> Cmaj6: At the time. I was still trying to move to Linux from Windows. I just didn't move. I was running a business. I don't now. So, those problems have been someone elses. 01:19 < unkmar> I don't do personal accounting management. I generally don't buy things. So, I don't generally have finances to track. So, I never really solved the problem. Just stuck my head in the sand. 01:20 < Fahrradkette> ostrich confirmed^ 01:22 < Fahrradkette> Cmaj6: there is also the possibility to build that system yourself using LibreOffice Base or Kexi from the KDE calligra suite 01:24 < Fahrradkette> It really boils down on what you're ready to learn/do and how you're going to maintain it 01:24 < chowbok> Can I just say how much it annoys me when someone does "cat filename | grep whatever" 01:25 < xamithan> Do you like them to grep directly ? 01:25 < chowbok> Yeah, what's the point of cat in there? 01:25 < xamithan> So you can use other commands afterwards 01:26 < chowbok> You could with just as much logic do "cat filename | cat | cat | cat | grep whatever" 01:26 < mophed> chowbok: i always do that hahaha 01:26 < chowbok> xamithan: Example? 01:26 < Fahrradkette> oO a cat person 01:26 < mophed> cat .log | grep 01:26 < mophed> im just dumb i guess 01:27 < jim> 3 cats don't a cathouse make... 01:27 < xamithan> I can't really think of any currently, but I do cat first too. Didn't in the past grep not work direct ? 01:27 < chowbok> grep has worked directly for at least 20 years 01:27 < bls> if it didn't, it was in the 70s 01:28 < chowbok> Even if it didn't, you could still just do "grep foo < filename" 01:29 < bls> it's one of those cargo cult things that always show up in tutorials about using pipes, so people end up doing without really thinking about why, like sudo su or find | xargs 01:30 < xamithan> I think I know why I do it 01:31 < xamithan> if I'm using ps, or ss, I have to use that first 01:31 < xamithan> so I just use cat first too 01:31 < bls> ps|grep is another one of those patterns too :P 01:32 < chowbok> ps | grep is never really necessary except that most people (including myself) never feel like looking up the ps flags 01:33 < xamithan> is there an ss flag to list only certain ports ? 01:33 < xamithan> I've never really bothered to explore 01:33 < bls> yes, ss accpts filters 01:34 < bls> although it looks like they're only documented in a postscript file that comes with iproute-doc 01:38 < chowbok> ss -A tcp "sport = :22" 01:38 < chowbok> Shows you established inbound SSH connections 01:38 < chowbok> (assuming you're running sshd on port 22) 01:38 < xamithan> I think you are the first person other than the devs to use those flags 01:39 < chowbok> Heh 01:39 < chowbok> Probably 01:39 < chowbok> I wouldn't fault people for doing ss|grep 01:39 < xamithan> ss -tulpn | grep 01:39 < chowbok> I'm not against piping stuff through grep in general 01:39 < chowbok> I just think cat is almost always unnecessary 01:40 < chowbok> I see people do "cat filename | wc -l" too 01:40 * meyou pleads the fifth 01:40 < mophed> i litteraly just did that 01:40 < mophed> ">changes | wc -l" 01:41 < xamithan> Sometimes I like to cat my greps into another grep into a wc into a cut 01:41 < chowbok> Heh 01:41 < mophed> i lie that had to be piped to wc 01:47 < bls> grep is fine for plain text, but as soon as data has some semplance of structure to it, it's usually better to reach for a domain specific tool 01:51 * iflema downloads devuan 01:52 < mophed> i wish mysql had a grep 01:52 < meyou> select where! 01:53 < Fahrradkette> over() 01:53 < mophed> you cant search for broad terms 01:53 < lnnb> write webapps in C 01:53 < Fahrradkette> mophed: just rewrite grep in a big freaking CTE 01:54 < Fahrradkette> functional programming ftw, it's so elegant even though nobody understands it :P 01:54 < mophed> Fahrradkette: i just revert to phpmyadmin when i cant find it 01:55 < ksft> I just messed up some pointer initialization in C and printed uninitialized memory accidentally 01:55 < ksft> it seems to be part of my /etc/hosts 01:55 < Fahrradkette> no segfault? 01:56 < ksft> " number of spaces or tabs.## In the presence of the domain name service or NIS, this f" 01:56 < ksft> that's the string that was printed 01:56 < ksft> I thought things like that were supposed to be prevented for security 01:56 < lnnb> lol what kernel you using? 01:57 < ksft> ...Linux? 01:57 < ksft> I'm not sure what version 01:57 < Fahrradkette> so your user has read rights on /etc/hosts? 01:57 < lnnb> uname -a 01:57 < ksft> 4.12.5 01:58 < Fahrradkette> ls -l /etc/hosts 01:58 < ksft> Fahrradkette: my program doesn't read /etc/hosts 01:58 < GunqqerFriithian> KDE has nothing so ill ask here. I use deja-dup for backups, and in the system tray there is only a black box representing it and I can't open the window for deja-dup's progress. 01:58 < GunqqerFriithian> (Im using KDE 5.8) 01:59 < iflema> GunqqerFriithian: change(d) theme? 01:59 < GunqqerFriithian> I'm using arc-dark 01:59 < iflema> is it "current"? 01:59 < Fahrradkette> ksft: does the user running your program has read rights? 02:00 < GunqqerFriithian> everything I have is the most currents I can have (as far as I know) 02:00 < Fahrradkette> considering it's just "garbage" from before 02:01 < iflema> kde is at 5.13? is that included or did you "go and get it" 02:02 < GunqqerFriithian> I'm using 16.04.04 (ubuntu) and I'm using the kubuntu backports PPA 02:02 < iflema> medic! 02:03 < GunqqerFriithian> dang scouts, always wanting heals 02:04 < iflema> im assuming the theme and versions 02:05 < ksft> good news: I figured out the problem I've been debugging all day 02:05 < ksft> I wrote "=" instead of "==" 02:05 < iflema> standards and retards 02:05 < GunqqerFriithian> arc-dark for general theme, OSX cursor, ubuntu-mono-dark for icons 02:05 < Fahrradkette> stuck at basic times? 02:05 < Fahrradkette> scnr 02:06 < melissa666> I'm using binwalk to examine some a firmware image and the output looks like this: https://paste.pound-python.org/show/dahYbm6dpTd2eLnEq8Vs/ ... how do I decompress and examine the lzma compressed data listed there? I tried `binwalk -e firmware-image.bin` but I am getting an error "ARNING: Extractor.execute failed to run external extractor 'sasquatch -p 1 -le -d '%%squashfs-root%%' '%e'': [Errno 2] No such file or directory: 02:06 < melissa666> 'sasquatch': 'sasquatch'" ... what am I doing wrong? 02:07 < iflema> theres two themes... dark or light, pick a font... select a size... thanks for comming... 02:08 < GunqqerFriithian> ? 02:08 < iflema> oh wait... thats gnome... 02:09 < mophed> melissa666: is squashfs working? 02:09 < vovioheler> hello 02:09 < iflema> o\ 02:10 < vovioheler> how do i make a socks5 proxy with nc or ssh or somethingelse 02:10 < ziggylazer> iflema, suck to be a dick right? 02:10 < iflema> ziggylazer: takes time 02:11 < ziggylazer> Been practising hard then 02:11 < iflema> penis? 02:11 < melissa666> mophed, what do you mean? what should I check to determine if it's working properly? 02:12 < ziggylazer> Hey man if that what you like who am I to judge 02:12 < mophed> i have never personally used squashfs 02:12 < iflema> your mom 02:12 < mophed> but that error looks like its not setup correctly 02:12 < ziggylazer> Hahaha 02:12 < melissa666> me either - I'm trying to learn right now, because I need to figure out how this router works :) 02:12 < mophed> melissa666: https://en.wikipedia.org/wiki/SquashFS 02:14 < Fahrradkette> apt-cache policy squashfs-tools 02:14 < Fahrradkette> maybe binwalk has a dependency on it 02:16 < vovioheler> anyone knows a program just to forward trafic 02:16 < Fahrradkette> vovioheler: like a bridge device? 02:17 < iflema> i call it COP... citizens on patrol 02:17 < Fahrradkette> need to watch police academy again 02:17 < melissa666> actually, it seems that there is some git repo I need to clone called sasquatch ... surprised that they don't just package it with binwalk ... no instructions on how to properly install to get to work alongside system version of squashfs-tools .. 02:17 < melissa666> They are just asking me to clone a git repo that overwrites system packaged version of squashfs-tools, which seems like a bad idea to me 02:18 < Fahrradkette> oO 02:18 < vovioheler> Fahrradkette: i just want something to stay quiet and forward all the traffic that it gets 02:18 < iflema> lol proctor 02:18 < melissa666> vovioheler, you want to just passively intercept traffic, and then forward it? 02:19 < melissa666> do you want to do anything with it before forwarding? 02:19 < vovioheler> melissa666: no 02:19 < phinxy> Whats the input and output interfaces? 02:19 < jeffree> are there any purchasable linux distros which have fewer bugs? 02:19 < vovioheler> melissa666: but i dont want iptables 02:19 < kurahaupo> melissa666: clone it into where? I wouldn't do anything in / 02:20 < bls> why don't you want iptables? it'll do exactly what you're asking for 02:20 < pnbeast> vovioheler, what if you could intercept any traffic with an image in it, and change the image to a picture of a kitten? Would you like that? 02:20 < melissa666> kurahaupo, well, I can clone it too wherever. it's the build script they want me to run, which basically does wget to fetch squashfs 4.3 sources, builds it, and does sudo make install 02:20 < vovioheler> pnbeast: ethercap ? 02:20 < melissa666> https://github.com/devttys0/sasquatch/blob/master/build.sh 02:21 < phinxy> Why are tables synonymous to list/arrays? Is it some english slang? 02:21 < kurahaupo> jeffree: a distro is an editorial selection of packages; it has nothing to do with maintaining most of them 02:21 < GunqqerFriithian> What Dock do you guys reccomend? 02:21 < kurahaupo> phinxy: database terminology 02:21 < melissa666> phinxy, they are not synonomous 02:21 < jeffree> kurahaupo: what term was I looking for? 02:21 < melissa666> phinxy, you can represent a table as a multi-dimensional list/array, though 02:22 < jeffree> because they likely would not be writing everything from scratch 02:22 < vovioheler> can i use nc to forward the traffic? 02:22 < Fahrradkette> yeah, table kinda implies matrix which can be multi-dimensional 02:22 < phinxy> melissa666• In the sense that a table(kitchen table) and table(database table) share the same word. 02:23 < melissa666> phinxy, the word "synonym" means they share the same meaning, not the same word 02:23 < melissa666> (the word you're looking for is homonym) 02:23 < kurahaupo> jeffree: packages are maintained independently by different people. It sounds like you want a stable distro rather than a bleeding edge one; try "Debian Stable" 02:23 < vovioheler> what i want is something like a tunnel nothing else 02:24 < jeffree> that eliminates some problems while gaining others 02:24 < jeffree> I know I'm fucked either way 02:24 < xamithan> ssh tunnel ? 02:24 < bls> or a VPN 02:24 < xamithan> ike tunnel 02:24 < kurahaupo> jeffree: money doesn't make enough difference to be worth it in most cases 02:24 < jeffree> is OS X any good? 02:25 < GunqqerFriithian> imo yes 02:25 < xamithan> sure, it runs on unix 02:25 < bls> good is pretty subjective 02:25 < GunqqerFriithian> if I had a few g to burn I'd love an imac and MBP 02:25 < Fahrradkette> vovioheler: so all the traffic coming to your network interface will be routed to a specific (other) host? 02:25 < kurahaupo> jeffree: choose based on your use-case, rather than a vague criterion such as "fewer bugs". (Fewer bugs than what?) 02:25 < jeffree> do they still not sell the OS individually? 02:26 < GunqqerFriithian> sadly no, you have to make a hackintosh 02:26 < Fahrradkette> jeffree: no 02:26 < xamithan> No, all the customizations are based on the hardware 02:26 < kurahaupo> jeffree: who is "they"? 02:26 < GunqqerFriithian> also unless you have something that specifically needs OS X, I don't suggest trying to make a hackintosh 02:26 < jeffree> apple 02:26 < GunqqerFriithian> while good, not really worth it compared to linux 02:27 < Fahrradkette> I read that OS X's BSD is kinda messed and full of hacks 02:27 < kurahaupo> jeffree: Apple don't sell Linux 02:27 < vovioheler> sudo ssh -N -L 123:localhost:321 localhost ssh: connect to host localhost port 22: Connection refused 02:27 < jeffree> kurahaupo: I know 02:27 < vovioheler> this doesnt work its like what i want 02:27 < jeffree> kurahaupo: was talking OS X 02:27 < bls> jeffree: then maybe you should try ##macosx 02:27 < Pentode> i don't see any appeal in OS X. It's just a bastardized BSD unix with a really bad user interface. :| 02:28 < GunqqerFriithian> nah the UI is pretty good 02:28 < Fahrradkette> also, they don't yet ship python3 02:28 < GunqqerFriithian> homebrew my dude 02:28 < bls> heh, and homebrew is its own set of problems 02:28 < Pentode> it's pretty horrible. what is good, it looks good? it gets _everything_ wrong. 02:28 < GunqqerFriithian> I've had no prob with homebrew 02:28 < Pentode> and i mean everything 02:28 < Fahrradkette> also, they said "f*ck you OpenGL" 02:29 < Pentode> ;p 02:29 < vovioheler> Fahrradkette: i want an ssh tunnel that should work right? 02:29 < kurahaupo> Pentode: it's not what you're accustomed to, so it's bad for you. That doesn't make it objectively bad. 02:29 < bls> if the UI is *exactly* what you want, sure, but if you want to tweak anything the way you can on other *nix, you're out of luck 02:29 < klemax> after suspending, when the laptop comes back, there is a white error screen. i checked the kern log, and saw ati driver errors. have ati drivers changed with 4.15 kernel? 02:29 < GunqqerFriithian> I've used it myself, and even as a "poweruser" was perfectly happy with it 02:30 < Pentode> yes it does. i've used mac os for work for years. ;p 02:30 < Pentode> im very accustomed to it's suckyness ;) 02:30 < Fahrradkette> vovioheler: can you "draw" your network setup? Like what are the machines, which one should forward the traffic from which network card to...etc 02:30 < GunqqerFriithian> I've used OS X for years, and while yeah you have to install some stuff to get it where I want it it is no where near as bad as windows 02:31 < Pentode> but remember it's just an opinion. and you know what they say about those... 02:31 < Pentode> yeah well if i had to choose i probably would not use windows. 02:31 < Fahrradkette> doesn't windows has stuff like chocolately? that packet management system 02:32 < GunqqerFriithian> only place Ill use windows is inside a VM with an easilly accessable killswitch 02:32 < GunqqerFriithian> maybe even a physical key for it... 02:32 < bls> yes, but it's not really a first class citizen 02:32 < Fahrradkette> true that 02:33 < Fahrradkette> but how M$ changed lately, they might get something running. I doubt it, I mean office still actively develops VBA 02:33 < Fahrradkette> and office is where the money is 02:33 < GunqqerFriithian> you will pry libre office from my cold, dead, harddrives 02:34 < Fahrradkette> I wish libre office had a python IDE built in 02:34 < Fahrradkette> with code completion 02:34 < GunqqerFriithian> libre office isn't for development 02:34 < Fahrradkette> people write applications in LO base 02:34 < Fahrradkette> for many that's enough 02:34 < kurahaupo> Erk 02:35 < GunqqerFriithian> also why wouldn't you just get a standalone IDE? 02:35 < Fahrradkette> you want to have all the objects of your writer/calc/draw document available to code 02:35 < Fahrradkette> also some GUI elements 02:36 < Fahrradkette> like the shit M$ does in VBA 02:36 < dviola> what? you can use LO calc as a database? 02:36 < bls> but why would that get coupled with LO instead just being a normal standalone IDE that understands the LO structures? 02:36 < GunqqerFriithian> ^ 02:37 < bls> that monolithic app suit thing never turns out well 02:37 < bls> suite 02:37 < Fahrradkette> yeah, it doesn't matter where the IDE lives, it actually makes sense to have it running in a seperate process so you only kill that one when you have your while loop running forever 02:37 < Fahrradkette> nevertheless it got to be accessible 02:37 * kurahaupo buttons up his snazzy app suit jacket 02:37 < Pentode> personally i think microsoft is planning something dirty.. 02:37 < Fahrradkette> like "easy for laymen" 02:38 < Fahrradkette> so they don't have to run a full blown ERP but just have their inhouse made little thingy 02:38 < GunqqerFriithian> >Process is running wild and you can't kill it 02:38 < GunqqerFriithian> >`sudo kill -9 -1` 02:39 < bls> so we can get more "enterprise" apps that use excel or access on CIFS as a backing store for a business critical application? 02:39 < Fahrradkette> CIFS? 02:39 < bls> MS's networked filesystem aka SMB 02:39 < Fahrradkette> ah 02:40 < Fahrradkette> access on SMB...hmm 02:40 < Fahrradkette> there should not be more than 1 user using access simultaneously 02:40 < Fahrradkette> :P 02:40 < bls> and yet... 02:40 < Fahrradkette> I agree it's a horrible solution 02:41 < Fahrradkette> my point is, frontent gui development got to be easy for the inhouse laymen 02:41 < Fahrradkette> easy as VBA 02:42 < bls> I think the opposite. Don't cater to laypeople. They'll still find it difficult and you'll just make devs and/or power users irritated 02:43 < Fahrradkette> i meant the devs, sry 02:43 < Fahrradkette> like the ones who know a bit more than excel formulas 02:43 < synaps3> what java is good to install on ubuntu ? 02:43 < Fahrradkette> but not much more 02:44 < Fahrradkette> synaps3: openjdk 02:45 < Fahrradkette> kinda depends if you only want to run a java application, then you need the runtime (jre) 02:46 < Fahrradkette> if you want to make your own neat stuff, you'd want the development kit (jdk) 02:48 < Emn1ty> I was wondering if there was a simple way to give permissions to www-data user for writing to /dev/udp? I'm no networking guru and I've been banging my head against a lot of these docs for a while. Context is I have a deamon listening on 2000/udp (aws xray) and I need my php application to output log information on that socket. However it appears my application (running as www-data) does not have permission to write to the socket. I'm not entirely sure 02:48 < Emn1ty> especially because I can do it outside the application (though I am running as root) 02:50 < Barrt> Hi people 02:50 < Barrt> anyone still awake? 02:50 < GunqqerFriithian> no 02:52 < kerframil> Emn1ty: /dev/udp isn't a real file. that's a bash thing. 02:53 < Emn1ty> I am aware it's not a real file 02:53 < Euph0ria> Hi all. I have a process somewhere that is maxing out my network upload all the time. How can I find which process is maxing out my upload? I'm using ubuntu. 02:53 < mophed> tcpdump? 02:53 < CrystalMath> Emn1ty: so it doesn't have access to the socket itself 02:53 < CrystalMath> Emn1ty: maybe UDP is restricted for www-data? 02:53 < Emn1ty> tcpdump shows nothing 02:53 < kerframil> Emn1ty: then you should also know that giving permissions for "writing to /dev/udp" makes no sense. you don't need special privileges to dispatch a udp packet. 02:54 < CrystalMath> kerframil: unless there's some filter 02:54 < Euph0ria> Is there a task manager that shows network activity un ubuntu? 02:54 < kerframil> at least, not under normal circumstances 02:54 < kerframil> CrystalMath: yes, or a mandatory access control system of some kind 02:56 < kerframil> Euph0ria: iftop, among others 02:56 < mophed> Euph0ria: there is tcpdump 02:56 < mophed> https://openmaniak.com/tcpdump.php 02:56 < mophed> but that wont show you the process itself i dont think 02:57 < bls> also nethogs and iptraf 02:57 < Fahrradkette> doesn't netstat show the processes? 02:58 < Emn1ty> hm... forgive me for having improper terms. As I said I'm really not familiar with networking at all 02:58 < Emn1ty> and my only knowledge of UDP is from the docs for aws xray 02:58 < NoriusNotorius> Euph0ria: I like nload 02:59 < bls> netstat can, but it's deprecated. ss is the replacement 02:59 < prussian> death to /proc and the tools that use it 03:00 < Emn1ty> CrystalMath: how would I check for filters? 03:01 < kerframil> Emn1ty: if you were to explain the objective, what you've attempted in pursuit of that objective (code samples/test case), and exactly how that attempt is failing (error messages and such), you'd likely get more meaningful input 03:01 < Elladan> Emn1ty, you open a UDP socket by doing socket syscalls, not via /dev/udp. 03:01 < Elladan> Emn1ty, ... or you could pipe to/from some tool that talks udp for you. 03:02 < Euph0ria> iftop seems to show me where traffic is going but not which process. 03:02 < Elladan> I would suspect that PHP has some security features that prevent you from using UDP on the server without the right setting. 03:02 < kerframil> Emn1ty: so far, it seems that you want to connect to a UDP service bound to port 2000 from PHP, but the rest is unclear 03:03 < Elladan> (I mean, I have no idea if PHP even support UDP datagram sockets, but...) 03:03 < Emn1ty> kerframil: To give full context then. We are running php microservices. These run on AWS ECS in docker containers. Alongside these containers we are running another container which has aws xray deamon running in it that listens on an exposed port 2000/udp. 03:03 < Emn1ty> our php microservices will send data about handled requests and processes via the udp socket (yes it does support UDP datagrams) 03:04 < pnbeast> I would have suspected PHP has some security features, too, but history implies that I was wrong. 03:04 < Euph0ria> ifthop seems to say that it's sending traffic to 224.0.0.56. 03:04 < Emn1ty> I have confirmed that sending data from one container to another works in docker fine via udp, using the command I stated above (from the aws documentation) 03:05 < Emn1ty> actually, didn't state it 03:05 < Emn1ty> the command is: echo "my test" > /dev/udp/my-host/2000 03:05 < Emn1ty> tested on ubuntu:16.04 03:05 < Emn1ty> works 03:05 < bls> the OS/kernel isn't doing that, bash is 03:06 < Emn1ty> just providing context since it was asked for 03:06 < Euph0ria> tcpdump seems to agree by sending a constant stream in the console that the TX is going to 224.0.0.56, but not which process is doing it. 03:06 < kerframil> Emn1ty: do you have a test case for PHP? 03:07 < bls> so for PHP to interace with /dev/udp, you'd have to have it call out to a bash script. PHP is already insecure enough as it is, adding system() calls to shell scripts that interact with the networking subsystem...what could go wrong? 03:07 < Fahrradkette> it's in a docker 03:07 < Fahrradkette> so it's save 03:07 < Fahrradkette> didn't you read the ads? 03:08 < Fahrradkette> :è 03:08 < kerframil> bls: I'm hoping that's not what is happening here 03:08 < Emn1ty> bls: http://php.net/manual/en/function.socket-create.php 03:08 < bls> heh, I thought they'd finally admitted that docker wasn't a security mechanism 03:08 < Euph0ria> nload also seems to show outgoign network, but not which process is causing my TX to max out. 03:08 < bls> Emn1ty: right, that's be a *way* better idea than trying to do this via bash's /dev/udp emulation 03:08 < Emn1ty> I am not executing some bash script, I am using native functionality for PHP to open and send data to sockets 03:09 < Emn1ty> the thing is, the bash test case works while the php implementation does not 03:09 < NoriusNotorius> Euph0ria: have you tried nethogs? 03:09 < bls> Emn1ty: OK, "18:05 < Emn1ty> the command is: echo "my test" > /dev/udp/my-host/2000" had confused me 03:09 < Emn1ty> that was just my base test case to make sure connectivity was there 03:09 < Euph0ria> NoriusNotorius: No, but I'll give it a try. 03:09 < Sveta> hi NoriusNotorius thanks for the suggestion, nethogs is indeed a brilliant program :3 03:10 < Fahrradkette> nethogs shows the processes 03:10 < NoriusNotorius> np 03:10 < Sveta> i think it only shows them while they're running, so one might get away with maxing out bandwidth by running short tasks and then stopping them, but hopefully that's not the case here :) 03:11 < kerframil> Emn1ty: ok. so which parameters are you using for socket_create, and what are the reported errors? potential methods of perusing errors: set error_reporting to the maximal level, use socket_last_error() to convey an error number, and socket_strerror() to convert that number to a readable error message. 03:11 < Euph0ria> Nethogs seems to only show me that hexchat is running and it's processes. But not which process is sending data to 224.0.0.56. 03:11 < Emn1ty> I'll create a paste kerframil 03:11 < vovioheler> Fahrradkette: dam i still cant do what i want 03:12 < NoriusNotorius> Euph0ria: its dynamic, you might need to keep an eye on it for a bit 03:12 < Fahrradkette> vovioheler: I'm sorry about this, unfortunately I didn't understand what you're trying to do either :( 03:13 < Emn1ty> kerframil: https://pastebin.com/WqEn7PBg 03:13 < vovioheler> Fahrradkette: i want to use torsocks to forward all the trafic 03:14 < Emn1ty> it fails silently, as in the php code executes fine, the messages are just never recieved or sent 03:14 < NoriusNotorius> Euph0ria: I'm actually showing something similar in regards to my connections. I wonder if this is somehow related to dhclient 03:14 < bls> Emn1ty: tried #php? 03:14 < Emn1ty> I probably should, tbh 03:14 < Emn1ty> it was my next stop 03:15 < bls> because it may require some data structure to be initialized or some setting be changed before it'll work 03:15 < Euph0ria> doing a google search for 224.0.0.56 seems to suggest that it has something to do with pulseaudio server? 03:15 < vovioheler> Fahrradkette: torsocks recives an application, what i need is an application that recives traffic and forward i tried to use ssh -N -D 9999 localhost but it says Operation not permitted 03:15 < Fahrradkette> Emn1ty: if your daemon is in the same container, does it work then? 03:15 < Emn1ty> yes 03:15 < Fahrradkette> are they in the same namespace? 03:16 < Fahrradkette> or whatever that's called in docker 03:16 < Emn1ty> they are connected to the same network, yes 03:16 < Fahrradkette> so they see each others 03:16 < Emn1ty> right 03:16 < vovioheler> Fahrradkette: do you understand what am trying to do? 03:16 < Emn1ty> the difference is the application calling this code now is running as a different user, not root 03:17 < bls> vovioheler: torsocks only works with certain programs, and last I read, it was no longer being maintained 03:17 < Fahrradkette> vovioheler: i'm sorry I don't know anything about torsocks 03:18 < Fahrradkette> Emn1ty: could you try to "mock" the connection running a bash scritpt using su www-data? 03:18 < vovioheler> bls: i want to build isolated connections, anyway i can do that? 03:18 < Euph0ria> The upstream is constantly shooting 1.4+Mbps (my upstream max speed) to 224.0.0.56, and nethogs doesn't seem to recognize any processes sending data. I only have hexchat and synaptic open. 03:18 < vovioheler> bls: without torsocks 03:18 < Fahrradkette> connection across the docker containers 03:18 < bls> not sure. what do isolated connections have to do with torsocks? 03:19 < Emn1ty> yeah let me try that, Fahrradkette 03:19 < bls> vovioheler: oh, then read up on network namespaces 03:19 < Elladan> 224.* is a multicast address 03:19 < Fahrradkette> Euph0ria: did you run it as root? not all processes get reported to your normal user 03:19 < kerframil> Emn1ty: how did you determine that the data is neither sent nor received? have you actually confirmed that with tcpdump, for instance? 03:19 < Emn1ty> yes 03:19 < bls> vovioheler: you can create separate routing tables and run specific programs locked in to using them 03:20 < Emn1ty> kerframil: this is the command I used tcpdump -i lo -n udp port 2000 -X 03:21 < kerframil> Emn1ty: the xray service being hosted by the same machine, presumably 03:21 < vovioheler> bls: i know that the thing is i need to run same program with a different circuit 03:21 < Emn1ty> same machine, different containers 03:21 < vovioheler> bls: and i dont want to change circuits for other instances of the same program 03:22 < bls> vovioheler: so? 03:22 < Euph0ria> Fahrradkette: Yes, I ran it from the terminal usign sudo 03:23 < Fahrradkette> thats wierd 03:23 < bls> you get to pick and choose with instances of which application use which routing table when you start them 03:25 < vovioheler> bls: can u point me somewhere i can see examples 03:25 < kerframil> Emn1ty: might be worth verifying that lo is traversed - just to be sure: ip route get 03:27 < Emn1ty> hmm... it says the user is not available... that's strange, too 03:27 < bls> https://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/ https://blogs.igalia.com/dpino/2016/04/10/network-namespaces/ https://lwn.net/Articles/580893/ 03:28 < NoriusNotorius> Euph0ria: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/411688 03:28 < Emn1ty> Fahrradkette root@e89270f90276:/var/www/html# su www-data // This account is currently not available. 03:28 < Fahrradkette> oh 03:29 < NoriusNotorius> Euph0ria: seems like it may definitely be pulseaudio, try disabling it and monitor your connections 03:29 < kerframil> Emn1ty: that's because it has "nologin" as its login shell 03:30 < Emn1ty> ah... that makes sense tbh 03:30 < kerframil> Emn1ty: su -s /bin/bash www-data 03:30 < kerframil> Emn1ty: please also check the interface thing, or use -i any 03:31 < Emn1ty> ok 03:31 < Emn1ty> had to wait for this stuff to spin up again so a bit behind 03:31 < Euph0ria> NoriusNotorius: Sounds about right since my audio quit working after upgrading from 16.04. Honestly I don't even know how to disable it. :'( 03:31 < jim> kerframil, so that's for cases where a user doesn't have a shell? 03:32 < NoriusNotorius> Euph0ria: systemctl disable pulseaudio? 03:32 < kerframil> jim: for instance, where the login shell is defined as /sbin/nologin in passwd. you can run nologin directly to see what it does. 03:33 < kerframil> jim: it's nicer than, say, /bin/false, in so far as it actually prints a meaningful error 03:33 < jim> ok, so that's even a stronger case: where a user has a login shell but you want a different one, you can su -s /that/shell 03:34 < vovioheler> bls: that is what torsocks uses to make isolated connections? 03:34 < kerframil> yes 03:34 < Euph0ria> NoriusNotorius: I get a "Failed to disable unit: Unit file pulseaudio.service does not exist." 03:34 < jim> (which, without a user arg, will su you to root) 03:36 < Emn1ty> kerframil: ip route get 172.18.0.2 // 172.18.0.2 dev eth0 src 172.18.0.4 cache 03:36 < NoriusNotorius> Euph0ria: try https://learn.foundry.com/nuke/content/timeline_environment/managetimelines/audio_pulse.html 03:37 < bls> vovioheler: no, torsocks tries to insert a shim in between a program and certain calls into the networking stack. if that program doesn't use those calls, there's nothing to intercept and torsocks has no effect 03:37 < Emn1ty> Fahrradkette: also, running the echo command to udp does work from the www-data user 03:37 < Emn1ty> so definitely not it 03:37 < Euph0ria> NoriusNotorius: I'll do that. Thank you. 03:37 < Emn1ty> something is likely at issue with php 03:37 < kerframil> Emn1ty: lo is the wrong interface to be watching then 03:38 < Emn1ty> alright 03:39 < kerframil> Emn1ty: please repeat your test in PHP, while observing eth0 03:39 < bls> if this is between containers, you've likely got a vswitch/vether/network namespace running that would need to be inspected instead of the loopback 03:40 < kerframil> yeah. I'm not up to speed on containers but as soon as he mentioned them, I immediately wondered about his use of lo. 03:40 < Emn1ty> sorry, heh I am very new to this stuff 03:40 < Emn1ty> so truly apologize if I'm making things difficult 03:41 < kerframil> Emn1ty: the key thing is to be absolutely certain of your observations, and not reach for conclusions early 03:41 < Emn1ty> yeah 03:42 < Fahrradkette> does the xray doc say anything about the docker namespaces? 03:42 < Euph0ria> NoriusNotorius: That seemed to do it! 03:43 < Euph0ria> Thanks to all that helped and gave suggestions! 03:43 < bazhang> weren't some many millions of docker backdoored just dl'd from github? 03:44 < Euph0ria> Not much fun not having audio, but at least it's not flooding my system. 03:44 < Emn1ty> Fahrradkette: no, it just provides an example docker implementation to use which so far has worked 03:44 < Emn1ty> when throwing other things at it though is when it gets funky, like this application 03:44 < Emn1ty> in isolation I had no issues 03:44 < Emn1ty> anyways, pasting the results of the test 03:45 < bazhang> 17 Backdoored Images Downloaded 5 Million Times Removed From Docker Hub 03:45 < bazhang> not such a good thing 03:45 < Emn1ty> kerframil: https://pastebin.com/NmnVYn81 03:45 < Fahrradkette> so there is a high likelyhood the problem lies on the container isolation? 03:46 < Emn1ty> I'm not sure, mostly because I have another setup which tests basic connectivity between the containers and that passes, and sending things with that echo command I was using always works. It's the php application where it fails 03:46 < notmike> jQuery 03:46 < Euph0ria> NoriusNotorius: May I PM you? 03:47 < kerframil> Emn1ty: looks like the payload is being dispatched just fine 03:47 < Emn1ty> yeah 03:47 < Emn1ty> hm... 03:47 < kerframil> Emn1ty: you might also run tcpdump on the receieving side 03:47 < Emn1ty> yeah 03:47 < Emn1ty> let me do that 03:47 < kerframil> er, receiving 03:48 < kerframil> be sure to identify the interface traversed to reach 172.18.0.4, or use -i any if supported 03:49 < Emn1ty> so 03:49 < Emn1ty> it recieves 03:49 < Emn1ty> but the daemon doesn't pick it up 03:49 < Emn1ty> that... is weird 03:49 < kerframil> Emn1ty: at this point, your problem is almost certainly one of not speaking xray's protocol correctly 03:49 < kerframil> Emn1ty: unfortunately, I can't provide any insight on that 03:50 < Emn1ty> well, oddly this works locally 03:50 < Emn1ty> when the deamon runs in the same container it all works fine 03:50 < Fahrradkette> there might be a byte dropped 03:50 < Fahrradkette> it's udp after all 03:50 < Emn1ty> yeah 03:50 < Fahrradkette> does it allow tcp? 03:50 < Emn1ty> blah 03:50 < kerframil> and your payload was exactly the same when tested locally? 03:51 < kerframil> in the same container, that is 03:51 < Emn1ty> similar if not exact payloads 03:51 < T-Rog> is this a good place to ask about Wine gaming? 03:51 < Emn1ty> json objects 03:51 < kerframil> Emn1ty: as long as the method of composition was the same, that does seem suspicious. 03:52 < Fahrradkette> does xray accept tcp connections? 03:54 < T-Rog> I'm trying to play Bioshock 1 in wine and it *runs* but the mouse stutters and makes it impossible to play 03:54 < Emn1ty> kerframil: nope 03:54 < T-Rog> it's like the mouse doesn't want to move and when it does move, it jumps 03:54 < Emn1ty> all I can control is the port number 03:54 < kerframil> Emn1ty: noted, though it was Fahrradkette who asked 03:55 < Emn1ty> ah, sorry 03:56 < Fahrradkette> so in the worst case you'd need a process over at the xray container "translating" tcp to udp? 03:56 < Emn1ty> this is really weird, cause this all runs fine on my local machine but not on this remote machine 03:56 < Emn1ty> yeah, likely 03:56 < Emn1ty> some kind of translation 03:56 < Emn1ty> the other alternative is I use the aws xray sdk, which does everything with web api requests 03:56 < Emn1ty> but that's gonna be a lot worse performance wise 03:56 < Emn1ty> aws sdk* 03:57 < Emn1ty> there is no xray sdk for php (unfortunately, had to write my own) 03:57 < kerframil> Emn1ty: if you've confirmed that the packets are received by the xray host, I'm not sure what to suggest other than to go over the protocol requirements and be doubly sure that you didn't violate any of them. 03:57 < Emn1ty> yeah 03:58 < Emn1ty> there has to be something going on, but looking at it all there should at least be an output of error of somekind, usually it throws logs out for bad data being sent to the daemon 03:58 < kerframil> Emn1ty: also, check which address::port tuple xray is bound to, and whether that matches the trajectory of the packet 03:58 < kerframil> Emn1ty: netstat -lunp or ss -lunp 04:00 < kerframil> Emn1ty: also, any potential Netfilter (iptables) rules. just because a packet is received, doesn't mean it's allowed to be delivered to the application in question. 04:00 < Emn1ty> ok 04:00 < kerframil> that would be iptables-save -c 04:01 < Emn1ty> I think this might be it here: 04:01 < Emn1ty> udp 0 0 127.0.0.11:41829 0.0.0.0:* - 04:01 < Emn1ty> udp6 0 0 :::2000 :::* 1/xray 04:02 < Emn1ty> but I don't really know 04:02 < Emn1ty> I wonder if the application is writing to the other udp? 04:02 < jim> that second one looks like an ipv6 thing? 04:02 < Emn1ty> I suppose so 04:03 < Emn1ty> my understanding of what this stuff is is at its limit 04:03 < Emn1ty> I am only guessing at this point 04:04 < jim> the first one looks like an established connection too 04:04 < kerframil> Emn1ty: what does `sysctl net.ipv6.bindv6only` report from the xray host? 04:05 < Emn1ty> net.ipv6.bindv6only = 0 04:07 < kerframil> Emn1ty: could you not see any other entry for :2000 in your netstat/ss output? (for "udp" as well as "udp6")? 04:07 < kerframil> Emn1ty: ss -l '( sport = :2000 )' 04:08 < Emn1ty> kerframil: udp UNCONN 0 0 :::2000 :::* 04:10 < kerframil> Emn1ty: can you pastebin the whole of it e.g. ss -lnp '( sport = :2000 )' | nc termbin.com 9999 04:11 < Emn1ty> kerframil: http://termbin.com/vhwm 04:12 < kerframil> Emn1ty: this might be a problem 04:12 < Fahrradkette> Emn1ty: are you starting the daemon yourself or will you not have control over it when in prod? 04:13 < Emn1ty> we don't start the deamon but the docker container starts it upon being run 04:13 < Fahrradkette> on https://github.com/aws/aws-xray-daemon there are some command line options 04:13 < kerframil> in view of the above link, try -b 0.0.0.0:2000 04:14 < kerframil> and launching again, if any of this is possible 04:14 < Emn1ty> I can try that, sure 04:15 < kerframil> if you can, check with ss again afterwards 04:17 < jnewt1> anyone have any idea how to get my vnc connection to fit the client screen. I've tried -clip xinerama0 -scale 1920x1080 to fit to my laptop (server has 1 4k monitor and 1 1920x1080). I want it to work like rdp or teamviewer where it moves everything to one screen. I don't want scroll bars and windows on screens that don't exist on my client. 04:18 < Emn1ty> kerframil: that is already part of the run command in the dockerfile 04:18 < Emn1ty> CMD ["/usr/bin/xray", "-o", "--bind=0.0.0.0:2000", "--log-level", "warn"] 04:18 < bls> jnewt1: vnc screen size is determined by the server, not the client 04:19 < jnewt1> bls that is on the server 04:19 < Emn1ty> gonna rebuild the image and try again 04:20 < jnewt1> bls works fine in other remote connection programs. vnc can't handle it? 04:20 < kerframil> Emn1ty: interesting. it could be that IPv4 is serviced by virtue of the "dual-stack" approach. that's possible. even so, this is worth a try: -b 172.18.0.2:2000 04:20 < kerframil> Emn1ty: (or whatever the address was) 04:20 < kerframil> Emn1ty: also, feel free to pastebin iptables-save -c because looking at that is all I have left 04:20 < Emn1ty> yeah, I will once I've got the container running again 04:21 < bls> not sure then. I've always just specified the resolution when starting xvncserver and it's worked 04:23 < kerframil> jnewt1: I've never tried it, but the TigerVNC viewer - at least - has an option to instruct the server to "resize remote session to the local windows". whether your vnc server will obey that request is antoher matter. 04:24 < swift110> anyone have thinkpads here 04:24 < strive> swift110: :) 04:24 < bazhang> swift110, me 04:25 < bazhang> I wish it would die, so I could get a new one 04:25 < Emn1ty> iptables is giving me: iptables-save v1.6.0: Cannot initialize: Permission denied (you must be root) 04:25 < Emn1ty> despite being root 04:29 < bls> are you trying to run iptables inside or outside the container? 04:30 < Emn1ty> inside the container 04:31 < Emn1ty> kerframil: changing the bound ip was no good, same result 04:33 < kerframil> Emn1ty: I'm out of ideas. I don't think the binding was an issue anyway. had net.ipv6.bindv6only been set to 1, it would have been a different matter. 04:34 < Emn1ty> yeah 04:34 < Emn1ty> thanks for the help, kind of the end of my day anyways 04:36 < Fahrradkette> Emn1ty: you said you could send udp packets between both containers? 04:38 < kerframil> Fahrradkette: yes, he did say that - based on running tcpdump on both peers 04:38 < Fahrradkette> ah 04:39 < Fahrradkette> thought there was a mock script 04:40 < Fahrradkette> like, actually reading the data (and eyeballing if it's the hello world sent over the wire) 04:41 < kerframil> the dump did contain the entire payload 04:41 < kerframil> a jsom message ostensibly formatted to xray's expectations 04:42 < kerframil> Fahrradkette: https://pastebin.com/raw/NmnVYn81 04:43 < Fahrradkette> so it could still be that this dump got dropped by iptables? 04:44 < kerframil> that's a possibility but it seems that it isn't functional in the docker container 04:44 < kerframil> iptables-save just throws an error. I don't know much about how docker performs its containerisation. 04:48 < Fahrradkette> guess there are another stack of settings to fiddle acording to https://docs.docker.com/v17.09/engine/userguide/networking/default_network/container-communication/ 04:48 < Fahrradkette> like that --link= option 04:56 < kerframil> Fahrradkette: aye. and he said all was well when client and server occupied the same container. 04:56 < kerframil> Fahrradkette: he'll probably figure it out 04:56 < Fahrradkette> kerframil: yeah, I guess so, too 04:59 < dogbert2> anyone used an intel nuc mini box to run linux? 05:01 < mgolisch> is that a special even smaller version of a nuc? 05:02 < dogbert2> https://www.amazon.com/Intel-NUC5CPYH-Graphics-2-5-Inch-BOXNUC5CPYH/dp/B00XPVRR5M/ref=sr_1_5?s=electronics&ie=UTF8&qid=1529117741&sr=1-5&keywords=linux+mini+pc 05:03 < dogbert2> looks nice enuf for a linux box 05:04 < mgolisch> have used one of those as a htpc for many years 05:04 < mgolisch> not sure what to do with it now 05:05 < dogbert2> well, the price is pretty good 05:07 < OS-37380> !susie 05:13 < chowbok> dogbert2: FWIW, I'm running linux on one of these: http://www.azw-online.com/AZW/Product/Z83-VIntel-Mini-PC-Dongle.html 05:16 < dogbert2> interesting 05:16 < chowbok> I got it because the backup software I wanted to run didn't work very well on 32-bit, so I was having problems getting it to work with a Raspberry Pi 3 05:16 < chowbok> Of course, as soon as I bought it they came out with a stable 64-bit kernel for armv8 05:16 < chowbok> Oh well 05:17 < justsomeguy> I curious, does anyone else here monitor ##linux for interesting keywords? What keywords did you choose and why? I save log entries for messages containing the word "better", in order to find advice on what tool is appropriate for specific tasks. 05:18 < justsomeguy> s_I_I'm_ 05:18 < chowbok> Now I'm just going to find ways to add "better" to my messages all the time 05:19 < kerframil> you'd better not do that 05:19 < dgs> chowbok: you better not 05:20 < cr0w3> better not what> 05:20 < justsomeguy> Feel free :~} It's just an experiment to see if I can find interesting conversations or advice in the mix. 05:20 < chowbok> Maybe you need some better keywords 05:20 < dogbert2> you need better protection for your junk :) 05:21 < justsomeguy> lol, I think I do. I'll probably accumulate a few as times goes on. It's been working surprisingly well so far, though. 05:21 < Sveta> justsomeguy: i save the whole thing, the most frequent search is for my nick (since i read a lot and if it is interesting then i express it straight away) 05:22 < justsomeguy> Sveta: That's a good strategy if you actively participate a lot. I tried that for a while, but ended up getting overwhelmed. 05:22 < Sveta> justsomeguy: with quassel and a fresh head, reading the whole lot is also easy, the chat is formatted properly 05:22 < Sveta> justsomeguy: (it allows you to scroll up) 05:22 < justsomeguy> That's true. :) Plus, it's good to have it hand so you can run other text formatting or search utils on it later. 05:22 < Sveta> justsomeguy: if i were to adopt your technique, i'd add the word 'debian', as this is the distribution i use, and i'd perhaps like to know what's on 05:23 < Sveta> justsomeguy: i'll consider doing that :) 05:24 < justsomeguy> Sveta: Ps, since you're interested in Debian, there's a good article on it's progress twards 100% reproducible builds on lwn.net today https://lwn.net/Articles/757118/ 05:24 < justsomeguy> (It's unfortunately subscriber only, but will be free next week.) 05:25 * justsomeguy stops recommending unasked for news articles, since it occurs to him that It might be annoying. 05:26 < storge_> stop being annoying 05:26 < justsomeguy> Sorry, I will. 05:26 < storge> just kidding, doesn't bother me a bit. it's more information 05:26 < justsomeguy> :p 05:28 < Sveta> justsomeguy: :) 05:31 < TimmyT> hey guys, recently I have run a suspicious binary file by accident. How can I make sure if the Host is still clean or is infected with malware? 05:32 < dogbert2> can 05:32 < storge> there's no way to be sure 05:32 < dogbert2> can't really... 05:32 < storge> not 100% sure anyway. 05:32 < dogbert2> that's why you always run that stuff in a VM...if it's bad, blow the VM away and start over 05:34 < dogbert2> LOL...Las Vegas cop rapes wife's best friend...don't think he'll be married much longer 05:36 < ayecee> that's not something for here 05:37 < TimmyT> Well, maybe I should remove everything and reinstall them again, but another question is Can videos and photos and music be infected with malware? 05:37 < ayecee> yes 05:38 < MikeFromIT> Anything can be infected truthfully 05:38 < TimmyT> even textfiles? 05:38 < ayecee> it would rely on players processing malformed data incorrectly 05:38 < ayecee> probably not text files 05:38 < Hoolootwo> hmm, has anyone ever tried handing out null bytes as ssids? 05:38 < Hoolootwo> I'd like to try it but lede barfs on it 05:39 < ayecee> processing would stop at the first null byte, no? 05:39 < ayecee> hidden ssids are filled with nulls, iirc 05:39 < Hoolootwo> if it's a bad client implementation 05:39 < Hoolootwo> I think hidden ssids are 0-length, not filled with zeros 05:39 < Hoolootwo> or maybe 32-length null strings? 05:40 < ayecee> /shruggie 05:41 < justsomeguy> I would personally feel comfortable keeping his music files if they had been connected to an infected host. (Assuming they're not a weird file format.) Is that a bad idea? 05:41 < Hoolootwo> yeah, I'll stick to simple emoji and control carachters 05:41 < justsomeguy> s_his_my_ 05:41 < ayecee> justsomeguy: it's an unlikely vector, so probably fine. 05:42 < justsomeguy> That was my thinking. 05:42 < ayecee> though maybe more risky if you regularly download music and video files from questionable sources. 05:42 < Hoolootwo> right ^ 05:42 < justsomeguy> Nah, mostly ripped from CDs I own and saved as flac files. 05:42 < ayecee> still, it would require playing them with a vulnerable player. 05:44 < justsomeguy> There was that bug in ffmpeg a while back, with the Nintendo music format files that required an emulated CPU to run. It sort of made me reconsider if keeping my old media files was a good idea. 05:44 * justsomeguy still thinks it will be OK, but the article was cool. :) 05:45 < Hoolootwo> yeah, though that's a pretty special case of an uncommon format 05:45 < justsomeguy> True true. 05:45 < Hoolootwo> if it's all flac and mp3, it's probably all fine since people check those in the more popular players 05:58 < s0k_iT> so what are ppl's favorite distro? 05:59 < ayecee> tell us about yours 06:00 < syb0rg> probably ubuntu s0k_iT, that is the one I keep coming back to. I also have a laptop on arch, and the up to date packages are nice 06:03 < TimmyT> it's f*** killing my mine, it's my desktop and I'm not really doing any thing special on it. but the mind that my system may be infected by this chinese shit is killing me. 06:03 < s0k_iT> im ubuntu, and kali for pentesting 06:03 < ayecee> this is how people develop germ phobias 06:04 < syb0rg> lol. 06:04 < ayecee> o c mf d 06:04 < ziggylazer> haha 06:04 < s0k_iT> is there a way to pull a master irc open channel list? 06:04 < ayecee> s0k_iT: try /list 06:05 < s0k_iT> oh duh thanks 06:05 < s0k_iT> use to write scripts for irc when i was a kid now i barely know how to use it lol 06:06 < syb0rg> I know that feeling, for me it is web dev. I used to be semi competent with html css and javascript, now I have to look up every other tag/property/line of code if I mess with web stuff 06:07 < s0k_iT> same again 06:07 < syb0rg> stupid meat computer, why can't it remember things? 06:07 < s0k_iT> programming im more proficient now, but that stuff no 06:07 < ziggylazer> ayecee, solved the problem I asked you about earlier. 06:07 < ayecee> how so? 06:08 < ziggylazer> Type juggling with a cookie that had a MD5 in it. PHP 06:08 < ayecee> i see. was my understanding of the vulnerability correct? 06:09 < ziggylazer> I think you were almoste spot on 06:09 < ayecee> awesome 06:09 < ziggylazer> Since the sum got invalid. I had to add ==0 06:10 < ziggylazer> And ==0 is false 06:10 < ziggylazer> FALSE FALSE makes TRUE 06:10 < ziggylazer> php logic 06:11 < ayecee> so two wrongs DO make a right 06:11 < ziggylazer> always said that myselfe 06:12 < ayecee> take that, mom 06:12 < ziggylazer> haha 06:13 < ziggylazer> https://foxglovesecurity.com/2017/02/07/type-juggling-and-php-object-injection-and-sqli-oh-my/ 06:13 < ziggylazer> Explains it very nicely 06:14 < justsomeguy> That's why it's nice when languages/tools are easy to reason about. Too many implementation details makes for a lot of things to remember. 06:15 * justsomeguy just been a little exasperated while learning about the ugliness that is pure bash https://github.com/dylanaraps/pure-bash-bible 06:16 < yaldak> ayecee: is right IMO 06:16 * jim sees if anything's left 06:18 < horseface> does anybody here use mullvad? 06:18 < ayecee> no, you are the first 06:18 < jim> what's that/ 06:18 < jim> ? 06:18 < ayecee> does anyone here drive toyotas? 06:19 < horseface> i am just wondering if it is really slow for anybody else at the moment? 06:19 < horseface> i am getting download speeds of 20kb/s 06:19 < horseface> comapred to the usual of 5mb/s 06:20 < syb0rg> I assume they have multiple servers, horseface? 06:20 < syb0rg> you could always try another if you haven't 06:20 < jim> horseface, I think his point (which I agree with, but I have no judgement) is you should just ask... I would add that you should include lots of informative details 06:28 < ayecee> sometimes i worry about you 06:29 < ayecee> but then i wonder if i should worry about me instead 06:57 < toeshred> someone tols me TLS is better than SSH. Isn't that comparing apples and oranges? Seems like a dumb comment, but maybe I'm just not understanding what he means. 06:57 < ayecee> maybe ask him to clarify 06:57 < ayecee> i.e. better according to what criteria 06:57 < ayecee> where "more secure" is not an adequate description 06:58 < syb0rg> sure sounds like an apples and oranges situation to me 06:58 < ayecee> also consider the context around the statement, which we don't have access to. 06:59 < syb0rg> true, but without that context it seems like a silly statement 07:00 < ayecee> the phrase "taken out of context" exists for a reason 07:01 < ayecee> you know, because of the implication 07:01 < syb0rg> indeed. I am not saying that it is certainly a silly statement, but with only the information we have it seems like one 07:01 < syb0rg> those are some hefty implications 07:02 < ayecee> silly to pass judgment on it without context too 07:04 < syb0rg> judging the comment alone, I find it to be silly. However, I accept that context could change that. *shrug* 07:05 < ayecee> more incomplete than silly. 07:05 < syb0rg> it must be dead in here if we're really argiung about this ;) 07:06 < syb0rg> *arguing, rather 07:06 < ayecee> yup 07:13 < jeffree> what is systend-journald and should it be continually writing to disk? 07:13 < ayecee> the approximate equivalent to syslog, and yes 07:14 < jeffree> well, something unusual is going on, more disk writes than usual 07:14 < ayecee> ok 07:14 < jeffree> lol 07:15 < jeffree> it's almost like I'm running windows 07:15 < ziggylazer> If you provide people with more information they might be more inclined to answer 07:15 < ayecee> let's not get crazy now 07:16 < Tuxand> toeshred: are you or your friend cofused with ssl and ssh? 07:16 < jeffree> hdd light about once per second. iotop shows systemd-journald at the top 07:16 < ziggylazer> We are tackling this issue by blinking lights? 07:16 < ayecee> how often does it light normally, and where does iotop show systemd-journald normally when idle 07:17 < ayecee> also have you considered reading what it's writing 07:17 < ziggylazer> jeffree, time this 07:17 < ayecee> with journalctl 07:17 < toeshred> Tuxand: I'm of the understanding that TLS is just a secure security protocol, while ssh is an actual shell, and that the two are not comparable since they have different jobs. Am I wrong? 07:17 < ayecee> toeshred: in the context of the statement, yes, you're wrong. 07:18 < ayecee> or at least not right. 07:18 < ayecee> probably somewhere in between. 07:18 < toeshred> ayecee: so when he says "tls > ssh" it's because tls performs the same job as ssh (provides shell access)? 07:18 < jeffree> ayecee: it seems like usually its not often, definitely not something you can count 07:19 < jeffree> I bet if I reboot it stops 07:19 < ayecee> toeshred: when he says "tls > ssh", ask for more context, and/or provide us more context. 07:19 < jeffree> how do I read it 07:19 < ayecee> with journalctl 07:19 < ayecee> i mean seriously 07:19 < ziggylazer> breath 07:20 < ziggylazer> Its summer and nice weather outside. 07:20 < ayecee> sure is 07:20 < ayecee> if i were smart i'd turn off this glowbox and enjoy it. 07:21 < ziggylazer> Yeah I will go off the grid for atleast a week 07:21 < jeffree> lines 4795705-4795759/4795759 (END) 07:21 < jeffree> how do I see the end? 07:22 < ayecee> $G 07:22 < jeffree> nevermind 07:22 < jeffree> misread 07:23 < ayecee> i've just realized that the kink in my neck could be coming from having a secondary monitor on the same side at both home and work. 07:23 < jeffree> I'm an idiot 07:23 < jeffree> sorry to bother you guys 07:23 < ayecee> ok 07:24 < jeffree> it was something I had running and forgot about 07:24 < ziggylazer> ayecee, there you go. Got a project for the day 07:24 < ayecee> \o/ 07:26 < ziggylazer> I soon got yesterdays Real Time with Bill Mhar down. Coffee and a good breakfest is a standing Saturday tradition when catching up on what your side of the pond has been up to 07:27 < ayecee> that seems like a good tradition. mine is beer and more beer to forget what my side of the pond has been up to. 07:28 < ziggylazer> hahaha 07:29 < ziggylazer> We are starting to import the crazy here too 07:29 < ayecee> eh. i think we imported the crazy. EU has been thrashing over neighborwars. 07:30 < ziggylazer> Oh yes! 07:30 < ziggylazer> We have that shit down 07:30 < ayecee> proud traditions even 07:30 < ziggylazer> Yeah its in 07:30 < ziggylazer> insane 07:30 < ziggylazer> And EU is on the brink to breaking... 07:32 < ayecee> interesting times all around 07:32 < ziggylazer> I used to be much more upset with the status of this world of ours. Now I follow to see how crazy can It really get 07:33 < varshitbhat> 11:02 AM Hey,I have installed Ubuntu 18.4 in offline pc.i cannot get internet connection.but I've to install gnome-tweak-tool ,vlc media player,and dosbox emulator all offline.please help 07:33 < ayecee> cross-posting is bad form. 07:33 < ayecee> it's virtually a guarantee that you won't answer any questions. 07:34 < ExploitedKernel> I'm having an issue you with one of my Linux VPS's I bascially can't do anything with the system because it's in "Read-Only File system" for everything, I've tried rebooting, and it's still doing it. Anyone know how to get out of this? 07:34 < ayecee> so, good luck with that. 07:34 < ayecee> ExploitedKernel: contact the vps host 07:34 < ayecee> ExploitedKernel: maybe check dmesg output to see why it's read only. 07:35 < ExploitedKernel> Ya, look's like thats what it's going to me.. how do I check the dmesg sorry 07:35 < ayecee> you literally type dmesg and press enter 07:35 < ayecee> in the console or a shell 07:36 < ayecee> after logging in, of course 07:37 < ExploitedKernel> oh :P kk thanks got it. 07:39 < CrazyTux> why has Manjaro reached the top of distrowatch rankings all of a sudden? 07:40 < ayecee> distrowatch url for it was linked from somewhere popular 07:41 < ayecee> the popularity is ranked by how many people access the distrowatch page for a given distro 07:41 < CrazyTux> ok 07:42 < CrazyTux> Manjaro must be doing something right to deserve that. 07:43 < ayecee> no 07:43 < ayecee> that's not how it works 07:43 < CrazyTux> ok 07:44 < ayecee> the way it works is that one person posting one link to a popular place can skew the results 07:44 < CrazyTux> ok. 07:44 < CrazyTux> I understand. 07:44 < ziggylazer> How are the results quantified? 07:45 < ayecee> i don't know that i've ever seen it explicitly described 07:45 < ayecee> however i'd imagine that it's a decaying hit count, where hits from yesterday count a little less than today, and so forth. 07:46 < CrazyTux> ayecee, btw, which distro are you using now? 07:46 < ayecee> windows 10 07:46 < oneko> lol 07:46 < CrazyTux> lol. great. 07:47 < oneko> I switched to arch linux for better emoji support but not that emojis are on the latest ubuntu release i feel like switching back to ubuntu 07:48 < oneko> *now 07:49 < ziggylazer> emoji? 07:49 < ziggylazer> As in smiley faces? 07:50 < ziggylazer> Or is this some new framwork that have missed? 07:50 < ayecee> yes, grampa 07:50 < ayecee> smiley faces 07:50 < ziggylazer> No 07:50 < ziggylazer> Cant be 07:50 < ayecee> but with pictures 07:50 < ayecee> instead of text 07:51 < oneko> Yeah, pictures not typographics, ziggylazer 07:51 < ayecee> oneko: get off my lawn! 07:51 < CrazyTux> which is recommended for a newbie and a non technical end user? a rolling release distro or a fixed release one? 07:51 < ziggylazer> It just hurts... 07:51 < ayecee> CrazyTux: ubuntu 07:51 < CrazyTux> Manjaro btw is quite stable. 07:51 < ayecee> but wait 07:52 < ayecee> you ask this same goddamned question in slightly different forms every time you're here. 07:52 < ayecee> cut that shit out 07:52 < ziggylazer> CrazyTux, dosent mather what you use 07:52 < ayecee> let someone else ask for a change 07:52 < ziggylazer> learn how to use it instead 07:53 < ayecee> then you can guide them with all the knowledge you've accumulated 07:53 < CrazyTux> if we don't keep a distro like Manjaro updated for say a month could it create any problem? 07:53 < ayecee> yes 07:53 < ziggylazer> if it CAN? 07:54 < jim> CrazyTux, you should have plenty of info by now, maybe you can make a recommendation 07:54 < ziggylazer> But that goes for EVERY dist 07:54 < CrazyTux> suppose I don't have access to the computer and am unable to apply the updates. 07:54 < CrazyTux> and I apply the bulk updates at once. 07:54 < pxfgod> How does the 64-bit kernel run a 32-bit process. Is there a layer like WOW64 to translate syscalls to 64-bit??? 07:54 < ayecee> pxfgod: something like that, yes 07:56 < pxfgod> ayecee, Thanks, I am quiet clear. 07:56 < ziggylazer> Is this a symptom of summer? 07:56 < ayecee> no 07:57 < jim> CrazyTux, I know we've said this before... but you need to pick a dist and stick with it for about a year, so you can learn what it means to run a unix-alike 07:57 < ziggylazer> Kids got more spare time? 07:57 < ayecee> this is a symptom of late night/early morning in america 07:57 < ziggylazer> ah 07:57 < CrazyTux> jim, yes. I am not changing the distros I have installed on my computer now. 07:58 < ayecee> around this time the non-english speaking parts of the world are active, and the dialog becomes strained and sometimes incomprehensible. 07:58 < jim> good... keep em around for awhile so you can gain real experience 07:59 < ziggylazer> But what part? 07:59 < ayecee> the left part 07:59 < ziggylazer> Asia is up now 07:59 < ziggylazer> hahaha 07:59 < ziggylazer> left part 07:59 < ayecee> :D 08:00 < pxfgod> ayecee, `MultiArch`? right? 08:02 < ayecee> you're asking a lot of me to remember a conversation that's not on the screen 08:02 < ayecee> but yes, multiarch would normally be needed to run 32-bit stuff on 64-bit platform 08:05 < ziggylazer> Think IRC is around in another 10 years? 08:06 < ayecee> i hope so 08:06 < morf> better be 08:06 < ziggylazer> I dont think it will 08:06 < ayecee> i for one welcome our slack overlords 08:06 < ayecee> well, not really, but they do make a nice platform 08:07 < ziggylazer> Hehe maybe 08:07 < ayecee> if i could have their client opensourced and connected to an arbitrary irc server i would be so happy 08:07 < ziggylazer> last stronghold of free exchanges of ideas.. 08:11 < morf> i just don't uderstand what ppl see in slack 08:12 < ayecee> could you try 08:13 < ziggylazer> Have to ask. I heard something about Canada implementing a law that would compel speach 08:13 < ziggylazer> Was that done? 08:14 < ayecee> vague question is vague 08:15 < ziggylazer> I dont remember exactly what is was but something about how one could adress HBTQ ppl maybe? 08:15 < ziggylazer> I might just had a nightmare 08:16 < ayecee> hbtq people? 08:16 < morf> you mean you have to somehow guess how they selfidentify and called them right otherwise you will get a fine 08:16 < ayecee> i don't even 08:16 < morf> is that the one? i think it went through 08:17 < ziggylazer> LBGT 08:17 < ayecee> it's like a game of news telephone 08:17 < ayecee> lgbtq, probably 08:17 < ziggylazer> Ah yes 08:17 < ayecee> lesbian gay bisexual trans queer 08:18 < morf> https://www.lifesitenews.com/news/breaking-canada-passes-radical-law-forcing-gender-theory-acceptance 08:18 < ziggylazer> yeah just read 08:18 < ayecee> oh man, with an url like that the article is going to be a trainwreck. 08:19 < ayecee> yup, it is. calls the bill by two different names, for one 08:19 < ziggylazer> Thats a hard pill to swallow that bill... 08:20 < ayecee> especially if you rely on christian evangelicals to interpret it for you 08:20 < ziggylazer> If I cared at all what happens that would be something to worry about. 08:20 < ziggylazer> yeah fantastic 08:20 < ayecee> maybe read the bill itself if you're at all concerned, instead of reading the spin. 08:21 < ayecee> and if you're not concerned, don't bring it up 08:22 < ayecee> even if you are concerned, don't bring it up in ##linux 08:22 < morf> yeah just sit quietly 08:22 < ziggylazer> and shut up 08:22 < ayecee> i prefer stfu 08:22 < morf> best thing to do on irc :) 08:23 < ziggylazer> Nah never is 08:23 < ayecee> religion politics and society, rude things to bring up at the dinner table or on irc. 08:24 < ziggylazer> I think some hours allow for some latiitude 08:25 < no_gravity> Sometimes my machine takes ages to wind down. Is there a way to debug what is going on? 08:25 < ayecee> they do. you're testing them now. 08:25 < dongbag> Hey guys, I'm just a dumb dumb FW engineer and I'm trying to host a linux box on a "server" on a hosting service I can pay for monthly 08:26 < dongbag> I don't want a website or anything, just a remote linux machine w/ an global IP 08:26 < ziggylazer> Yeah I'll just let that go 08:26 < dongbag> what are these called? 08:26 < no_gravity> dongbag: VMs 08:26 < no_gravity> dongbag: You get those for a few bucks a month these days. 08:26 < dongbag> do they get me pick my own OS? 08:27 < no_gravity> dongbag: kinda 08:27 < dongbag> hm, I'm guessing it's on a hypervisor or something 08:27 < no_gravity> dongbag: Yup. Not dedicated hardware. 08:27 < no_gravity> dongbag: Of course, you can rent dedicated hardware too if you want. 08:28 < sauvin> Have a care. There's a VPS, and there's "shared hosting". These are NOT the same thing. 08:28 < dongbag> interesting, I'll have a look 08:28 < dongbag> thanx 08:30 < dongbag> I can't go wrong with AWS VM can I? 08:31 < no_gravity> dongbag: It works. But it's usually more expensive then other alternatives. 08:40 < sauvin> dongbag, check out Digital Ocean or Linode. 08:57 < GodOfSea> Hello 08:57 < GodOfSea> How do I create a GPT live usb of ubuntu ? 08:58 < GodOfSea> in ubuntu 08:58 < GodOfSea> I mean , I can easily do that in windows , using rufus , but dont have access to that 08:59 < ayecee> dd if=ubuntu.iso of=/dev/yourusbdevice 08:59 < ayecee> even in windows you don't need rufus for that. 08:59 < ayecee> imageusb would be fine. 09:01 < GodOfSea> See , I have a windows partition , its in GPT , and I deleted the bootloader , I wanna dual boot it with LInux , if I use dd , I get compatibility issue , and Mint doesnt recognize my windows , but when I did that with Rufus ( Rufus has an option for GPT or MBR ) Mint recognized my Win10 09:02 < ayecee> cool story 09:02 < ayecee> does not change advice. 09:03 < ayecee> also, what is "compatibility issue" 09:03 < GodOfSea> okkaay 09:03 < GodOfSea> Something to do with uefi 09:03 < ayecee> can't diagnose "something to do with" error messages 09:03 < ayecee> also, why would you delete the bootloader 09:04 < GodOfSea> I wanted to see what happens if I do that 09:04 < ayecee> something bad, apparently 09:05 < GodOfSea> and I had a arch installation , that I wanted to remove ,and start fresh with grub with Mint 09:05 < ayecee> where does ubuntu come into this 09:06 < GodOfSea> Ubuntu = Mint 09:06 < ayecee> no 09:06 < ayecee> fix your windows bootloader, then create a new mint usb installer with imageusb and not rufus. 09:09 < GodOfSea> Yeah , thats the best way , right now I can only use a live linux usb , cant access windows 09:09 < GodOfSea> Fortunately I got 2 USBs 09:13 < codebam> if dm-crypt is installed as a module how do I successfully boot from a fde drive encrypted with luks (dm-crypt)? 09:14 < codebam> dracut seemed to install dm, crypt, and lvm modules but it just gets to the screen where I'd usually enter my password and then tells me that it can't modprobe dm-crypt from /lib/modules/... 09:15 < codebam> the only way I've been able to boot is by building dm-crypt into the kernel 09:35 < V7> Hey all 09:36 < V7> Just installed netcat in arch, but when executing nc it just do nothing, I mean it just executes and exists 09:36 < V7> exits * 09:36 < V7> So, I've tried to remove package via: pacman -Rsn netcat, but it tells that no such target 09:36 < V7> does nothing * 09:38 < pingfloyd> us a package manager that doesn't suck? 09:41 < dongbag> I have an AWS server running, I want to open a socket on my home machine and write a simple program just to echo stuff 09:42 < dongbag> what kind of sercurity does the AWS have, how can I find out? 09:46 < pingfloyd> dongbag: what's the requirement for aws? 09:46 < pingfloyd> that shouldn't be required to do what you're trying to do 09:46 < pingfloyd> just use netcat 09:47 < dongbag> I'm just messing around with some IoT stuff, 09:47 < dongbag> i guess it would make sense to try it on my own computer first 09:47 < pingfloyd> nc is the shit 09:47 < pingfloyd> it's not called the networking swiss army knife for nothing 09:48 < dongbag> I didn't know it was called that at all 09:48 < dongbag> or that it existed 09:48 < dongbag> I'll look into it... 09:50 < pingfloyd> hold on a sec, I might have a good nc tutorial stashed away somewhere 09:50 < dongbag> sweeet 09:50 < dongbag> thnx 09:51 < pingfloyd> here's some examples of some of the things you can do https://null-byte.wonderhowto.com/how-to/hack-like-pro-use-netcat-swiss-army-knife-hacking-tools-0148657/ 09:51 < pingfloyd> it can do much more than that, but it's a decent primer 09:51 < pingfloyd> this is a nice little gold nugget https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf 09:52 < dongbag> cool, I'll read those 09:52 < dongbag> thanks 09:52 < pingfloyd> you're welcome, enjoy 09:58 < greenit> hi, can anyone help me getting the touchscreen of my HP Envy x360 15-bq102ng to work? I followed the instructions in this link: https://bugzilla.kernel.org/show_bug.cgi?id=198715 but it still isn't recognized and doesn't work... 10:25 < Lope> please remind me the name of the power program for making an x86_64 computer go into low power mode, you press tab and enter etc? 10:25 < Lope> good / bad 10:26 < Sitri> suspend? 10:27 < Lope> oh, it's powertop. That's what I thoght. But somehow ubuntu uninstalled it automagically :( so I doubted myself. 10:27 < Lope> cos it wasn't found. 10:27 < Lope> reinstalled it and used it now. 11:07 < TaZeR> are there any advantages to using LUKS2 vs LUKS1 for standard system setups? 11:15 < revenantscrub> well hey 11:28 < seven-eleven> hi 11:28 < seven-eleven> is there something similar to krunner in gnome? 11:30 < Sitri> What is krunner? 11:31 < lopid> an interface to baloo 11:31 < revel> "Framework for providing different actions given a string query" 11:32 < seven-eleven> it's a popup window where you can enter a command to start. it features auto completion and shortcuts to search websites. shortcuts can be for example "gg: example" to google or "az: computer" to search amazon 11:32 < seven-eleven> s/start/run 11:33 < seven-eleven> if there isn't i just use krunner inside gnome 11:34 < seven-eleven> interestingly my kde hotkeys work from within gnome once i open the hotkey setting from within krunner :D 11:36 < lopid> why not just use kde? 11:37 < cristian_c> hello 11:37 < seven-eleven> switch temporarily to gnome, because packettracer doesn't work properly from kde, like you can't drag & drop modules of a device 11:37 < cristian_c> I've built and installed easycap smi driver (kernel module) 11:37 < lopid> lame 11:37 < cristian_c> I've got driver sources from github repository (via AUR on archlinux, and via github in ubuntu) 11:38 < cristian_c> I've also loaded firmware too (in addition to driver loading) 11:38 < cristian_c> so, I've started vlc and I've connected easycap dongle to input source and to usb port 11:38 < cristian_c> if I look at dmesg output I see a large amount of messages (all them almost the same message) 11:39 < cristian_c> 'smi2021 Skip broken frame N line, but need 240 in current 480 height' 11:39 < cristian_c> where N is an integer number 11:39 < cristian_c> vlc screen is always blank, btw 11:39 < cristian_c> so, how could I solve this issue, in order to grab video from the device? 11:40 < cristian_c> any ideas? 12:00 < xdog> ну что вы ватманы? 12:06 < Armand> xdog: English may be more productive 12:06 < xdog> не говорю по ангельски 12:08 < Armand> я не говорю по-русски 12:08 < xdog> очень зря 12:08 < Armand> это шутка 12:08 < revel> xdog: Это чат только в по-английски 12:09 < xdog> так так так 12:09 < xdog> вот что за говнецо 12:09 < Armand> Да, но это правила 12:09 < xdog> У меня при наборе текста какие то автозаполнения включились, и печатает тарабарщину 12:10 < Armand> Hahahaa 12:11 < xdog> при чем происходит это какCCие 12:11 < xdog> во, видали какCCие 12:11 < xdog> что это за хрень? 12:11 < hexnewbie> How do I enable AudibleBell in X? I know ‘pactl load-module module-x11-bell’ disables it (I use that on one computer as a do-not-disturb mode), but on another computer AudibleBell is disabled *without* loading the module-x11-bell PA module. I want to enable it back somehow, so I actually know a bell sounded. I know plugging in USB keyboards or sound cards sometimes enables it (and ‘xkbbell -force’ always works). How? 12:12 < kingrodian> net o vas angliski v shkole? 12:12 < kingrodian> I dont get why russians dont speak english 12:12 < xdog> ya v schkole uchil nemeckii 12:12 < revel> A lot of them do. 12:12 < revel> Oh, he studied German. 12:12 < kingrodian> ah 12:12 < xdog> no ego ya tozhe ne znayu 12:13 < kingrodian> hahaha 12:13 < Armand> xdog: Английский, или вам может быть запрещено 12:13 < xdog> кто мне может быть запрещено? 12:13 < hexnewbie> I have worked it around by using module-x11-bell, but I 1) often don't hear the headphones when they aren't on my head, and 2) the PA bell totally ruins any music (plus, opening hexchat just blew my ears by playing 1000 bell samples at the same time) 12:14 < xdog> ПроCCCCCCCиCCCCCCсходитисходит 12:14 < xdog> от опять 12:14 * Armand prods jim 12:14 < xdog> как пофиксить? 12:14 < deniska> Speaking a language different from the one used in the room is considered rude 12:14 < kingrodian> he apparently wasnt taught english in school 12:15 < deniska> It's not an excuse 12:15 < kingrodian> its not 12:15 < Armand> I thought all Russian trolls were taught English ? 12:15 < Armand> :trollface: 12:15 < kingrodian> theres probably a russian linux channel somewhere 12:16 < deniska> I think there should be 12:16 < deniska> I know there's #ubuntu-ru for ubuntu stuff, not sure if there's a general linux russian chat 12:16 < deniska> (at least on freenode) 12:18 < Tuxand> deniska: well maybe we need to make a request to have channes for other languages 12:18 < hexnewbie> The #linux-ru one (no double hash, so official?) seems to have two people in it, and requires use of KOI8-R, which is.. ugh. 12:18 < deniska> 1994 called, wanted their encoding back :) 12:19 < BCMM> ... russia is by and large on unicode now, right? they're not a weird holdout like Japan? 12:20 < ToddenP> test] 12:21 < BCMM> hexnewbie: staffers are quite lax about namespace, at least until it becomes a problem. also, oddly enough, this channel *is* almost official https://freenode.linux.community/linux-sub-license/ 12:21 < BCMM> Alex4921: can't hear you; type louder 12:21 < hexnewbie> I don't know how you can be a holdout on Unicode realistically. Your word processing will be in unicode, GTK+ will force you to switch to UTF-8 locale, your web pages - even if in local encodings (those still live) will be converted to Unicode in the end (and will support Unicode through entities) 12:22 < GodOfSea> Hey 12:23 < BCMM> hexnewbie: japan is still a weird split between unicode and JIS. yes, it causes about as much weird compatibility problems as you'd think 12:24 < hexnewbie> I guess your LaTeX documents would be non-unicode (even if you used utf8 encoding for them), and some IRC communities can't switch. 12:24 < BCMM> but it was my understanding that cyrillic languages have all moved to unicode at about the same pace as latin 12:24 < BCMM> so i guess it's just that one weird channel? 12:24 < Alex4921> Nickserv command to change password again? 12:25 < deniska> BCMM: you still see a lot of cp1251 in places because шindoшs, but koi8-r is a real oddity these days 12:25 < Alex4921> Got it nvm 12:26 < BCMM> deniska: thanks, this stuff is interesting. old windows, right? it's utf-16 on modern windows? 12:27 < deniska> BCMM: it's all over the place on windows. Old 1-byte national encodings, utf-16 for internal windows things, utf-8 for some external windows things 12:28 < GodOfSea> So I dual booted win10 and linux mint , and now grub only shows Linux mint , nothing about windows And http://paste.ubuntu.com/p/tpMZF5hpZR/ we can see thats grub.cfg file doesnt have anything about /dev/sda1 (Windows 10) How do I change that 12:28 < deniska> BCMM: Let's say I still have to have an alias for "reencode this file from cp1251" when I use vim on windows :) 12:28 < GodOfSea> or how do I get it working 12:28 < hexnewbie> BCMM: Yeah, I understand how it happens and what problems it can cause. (I even have some Japanese editor (JWPce) installed in a Wine prefix when I needed to look up something without installing input methods, and was weirded out by how SJIS is present everywhere in the UI). I just don't understand which programs, other than plain text (editors, IRC) would ever be non-unicode. 12:28 < BCMM> oh wow cyrillic encoding is more complicated than i thought... so theres, like, the soviet one, the international one, and the microsoft one? 12:29 < deniska> BCMM: koi8-r was unixy one, cp1251 is windowsy one, cp866 is DOS one 12:29 < hexnewbie> BCMM: I have documents in Cyrillic encodings that don't make it to lists, and I was surprised iconv supported them 12:29 < deniska> BCMM: there was also a classical mac encoding for cyrillic 12:29 < hexnewbie> Namely, DOS encodings with no cpXXX for them 12:29 < GodOfSea> I tried adding menu-entry in /etc/grub.d/40_custom but no luck 12:31 < GodOfSea> . 12:32 < hexnewbie> Netscape 4 for GNU/Linux was particularly a pain, because when a page was encoded with CP1251, it would mistakenly submit the forms in the web page in KOI8-R encoding. 12:32 < deniska> GodOfSea: for starters, have you tried running update-grub script? 12:32 < deniska> hexnewbie: dark ages, I remember each web site having an encoding selector :) 12:33 < GodOfSea> yeah I did and tried os-prober , nothing 12:33 < GodOfSea> deniska can you take a look at the /etc/grub.d/40_custom file ? 12:34 < deniska> GodOfSea: yeah, mine's unedited 12:36 < GodOfSea> deniska check mine , I addded this https://paste.ubuntu.com/p/WKdp7NxHHP/ 12:38 < deniska> GodOfSea: I'm not really familiar with grub stuff because mine just worked. I remember, though, that you have to run update-grub after editing grub's configs in etc because it updates the files grub actually reads from /boot 12:39 < GodOfSea> yup , tried that too 12:40 < PaulePanter> Hi. Do you know if there is a site where changes in Linux LTS patch releases are summarized. 12:40 < PaulePanter> ? 12:40 < PaulePanter> I know, that there is a change-log https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.50 12:40 < PaulePanter> But it’d be nice if these were summarized. 12:41 < BCMM> PaulePanter: it's hard to see how they'd do it, really 12:41 < BCMM> PaulePanter: usually summaries cover major new features, and LTS releases don't do that 12:41 < BCMM> the whole changelog is boring, because the whole changelog is little bug fixes 12:42 < PaulePanter> BCMM: Often there are security issues fixed in there. 12:42 < PaulePanter> Greg’s assumption that everybody will use that new release and reboot is unrealistic. A lot of server admins just do not do it as rebooting takes too long thanks to badly written firmware. 12:43 < PaulePanter> BCMM: So it’d be great to have a hint, when one should really reboot. 12:43 < hexnewbie> Ah, found how I enable AudibleBell in KDE. It's hidden in Accessibility Features in System Settings. (Had to grep /usr/share/X11/xkb for AudibleBell after doing ‘apropos bell’, and when I found it in file named accessx it occurred to be it might be in the Accessibility section. One would think these things would be documented somewhere, and findable in search engines) 12:44 < PaulePanter> My current strategy is to search for *nfs* and *xfs* in the log, as that are the parts that I deem important. But I likely miss something. 12:46 < BCMM> PaulePanter: "rebooting takes too long thanks to badly written firmware" -> use kexec 12:48 < hexnewbie> Hm, I also figured out why attaching headphones would re-enable my AudibleBell accidentally - the headphones include a keyboard (mute button), which causes xkb to reinitialised. Haha 12:49 < GodOfSea> anyone here knows grub ? i have trouble getting my windows in grub menu 12:57 < GodOfSea> well ? 12:57 < Sitri> Just ask 12:58 < GodOfSea> I did 12:59 < GodOfSea> So I dual booted win10 and linux mint , and now grub only shows Linux mint , nothing about windows And http://paste.ubuntu.com/p/tpMZF5hpZR/ we can see thats grub.cfg file doesnt have anything about /dev/sda1 (Windows 10) How do I change that 12:59 < GodOfSea> https://paste.ubuntu.com/p/WKdp7NxHHP/ 13:00 < searedvandal> update-grub doesn't work? 13:01 < GodOfSea> no 13:01 < BCMM> GodOfSea: is it a uefi or bios install of windows? is it uefi or bios grub? 13:02 < GodOfSea> BCMM its gpt windows and MBR Linux 13:02 < BCMM> GodOfSea: linux can be booted either way regardless of partition type 13:02 < GodOfSea> Ok 13:02 < BCMM> but gpt windows will only boot with uefi, not legacy boot 13:03 < GodOfSea> So ? 13:03 < BCMM> GodOfSea: so what mode is your firmware booting in? 13:03 < GodOfSea> HOw do I check ? 13:04 < BCMM> well, you could disable legacy boot and see if it still loads grub, or if your mobo does it, you could open the "select boot device" menu and see if it tells you whether boot options are efi or legacy 13:04 < BCMM> did you install grub to the boot sector of your MBR disk, or to the ESP of your gpt disk? 13:05 < BCMM> oh right "Grub2 (v2.00) is installed in the MBR of /dev/sda" 13:05 < GodOfSea> windows was working before I installed linux alogside it and I deleted an arch partition and windows recovery partition before this Linux Mint installation 13:05 < BCMM> GodOfSea: so your pastebin says grub is installed on the mbr, implying that you're loading grub in legacy boot mode 13:05 < GodOfSea> yeah Grub is in MBR 13:06 < GodOfSea> Ohh 13:06 < BCMM> grub will not be able to chainload windows, because windows requires the firmware to be booted in uefi mode 13:06 < GodOfSea> Ok 13:07 < GodOfSea> So I need to get grub installed in GPT ? 13:07 < GodOfSea> in sda1 ? 13:07 < BCMM> GodOfSea: i don't know your partition and disk layout... 13:07 < BCMM> GodOfSea: i also don't know ubuntu. but on debian, there's a grub-legacy and grub-efi package 13:08 < BCMM> and you need to be using the second one if you want to work with gpt windows 13:08 < revel> Isn't grub-legacy GRUB 1.x? 13:08 < BCMM> revel: oh thanks, my mistake 13:08 < BCMM> grub-pc and grub-efi 13:08 < BCMM> revel: quite right, i muddled up "legacy boot" and "legacy grub" 13:08 < BCMM> it's grub-pc for grub 2 and legacy boot modes 13:09 < GodOfSea> grub-legacy-ec2 - Handles update-grub for ec2 instances 13:09 < GodOfSea> grub-pc - GRand Unified Bootloader, version 2 (PC/BIOS version) 13:09 < GodOfSea> grub-pc-bin - GRand Unified Bootloader, version 2 (PC/BIOS binaries) 13:09 < GodOfSea> grub-pc-dbg - GRand Unified Bootloader, version 2 (PC/BIOS debug files) 13:09 < GodOfSea> ubuntu has these 13:09 < BCMM> no grub-efi package? 13:10 < BCMM> what version of ubuntu is this? (lsb_release -a) 13:10 < GodOfSea> yes 13:11 < revel> Nice version :^) 13:11 < GodOfSea> 16.04 13:12 < GodOfSea> I mean there is grub-efi package 13:12 < BCMM> GodOfSea: there's something wrong with your apt, then... 13:12 < BCMM> https://packages.ubuntu.com/xenial/grub-efi 13:12 < GodOfSea> So ? 13:13 < BCMM> have you ever done an apt update (or equivalent)? 13:13 < BCMM> or is this a brand-new install that's never actually fetched a list of available updates? 13:13 < GodOfSea> I did sudo apt update 13:13 < BCMM> GodOfSea: and the lines you pasted above are results from apt-cache search grub? 13:14 < BCMM> or what? 13:14 < GodOfSea> so they are from apt-cache search grub-legacy 13:14 < revel> I mean there is grub-efi package 13:14 < BCMM> oh now i'm confused... 13:14 < BCMM> sorry i missed that line 13:15 < GodOfSea> grub will not be able to chainload windows, because windows requires the firmware to be booted in uefi mode 13:15 < BCMM> GodOfSea: you should install and set up grub-efi, so that you can boot grub in uefi mode 13:16 < BCMM> GodOfSea: grub will need to install itself to an efi support partition. it should fit inside the one Windows created 13:16 < GodOfSea> How do I do that ? 13:16 < GodOfSea> grub-install /dev/sda1 ? 13:18 < BCMM> it looks like ubuntu has a tool for this https://help.ubuntu.com/community/UEFI#Converting_Ubuntu_into_UEFI_or_Legacy_mode 13:18 < EriC^^> GodOfSea: just "grub-install" should do it 13:20 < GodOfSea> EriC^^: Installing for i386-pc platform. 13:20 < GodOfSea> grub-install.real: error: install device isn't specified 13:20 < oneko> *meow* 13:20 < EriC^^> GodOfSea: grub-pc is installed not grub-efi 13:20 < EriC^^> GodOfSea: what os is it? 13:20 < GodOfSea> Mint 18.03 13:21 < EriC^^> GodOfSea: can you pastebin your setup? sudo parted -ls | nc termbin.com 9999 13:22 < GodOfSea> http://termbin.com/6yqo 13:23 < revel> No ESP? 13:23 < EriC^^> GodOfSea: why do you want to convert to uefi? 13:23 < GodOfSea> I dont want to convert anything 13:23 < revel> I don't think Windows can boot on a combination of GPT + BIOS. 13:24 < EriC^^> GodOfSea: is windows installed or is that just a data partition? 13:24 < GodOfSea> I just want to use Win10 alongside Linux 13:24 < EriC^^> GodOfSea: aha is it a fresh windows install? 13:25 < GodOfSea> I was installed before I deleted the recovery partition , my arch installation and EFI Boot partition 13:25 < EriC^^> aha 13:25 < EriC^^> GodOfSea: do you have a windows installation usb? 13:25 < GodOfSea> So that Efi partition, That damn Efi Partiton , is where the problem started 13:26 < GodOfSea> yes , I have 13:26 < revel> Yes, you need an ESP if you want to boot with UEFI. 13:27 < EriC^^> GodOfSea: ok, first create an efi partition 13:27 < EriC^^> GodOfSea: type sudo cgdisk /dev/sda , delete the biosboot, create a partition with type "ef00" write changes and exit 13:28 < GodOfSea> Ok cool , I have 100MB free space available in the sector before sda1 13:30 < EriC^^> when you're done type "sudo partprobe && sudo parted -ls | nc termbin.com 9999" 13:31 < GodOfSea> Part. # Size Partition Type Partition Name 13:31 < GodOfSea> ---------------------------------------------------------------- 13:31 < GodOfSea> 1007.0 KiB free space 13:31 < GodOfSea> 4 615.0 MiB EFI System ef00 13:31 < GodOfSea> So this is good ? 13:32 < EriC^^> yeah 13:32 < GodOfSea> http://termbin.com/xfoi 13:33 < EriC^^> GodOfSea: type "sudo mkfs.fat /dev/sda4" 13:33 < GodOfSea> done 13:34 < EriC^^> GodOfSea: type "sudo blkid /dev/sda4" and copy the UUID 13:34 < GodOfSea> got it 13:34 < EriC^^> then sudo nano /etc/fstab and add the line "UUID= /boot/efi vfat defaults 0 1 13:35 < EriC^^> nevermind the quote before UUID 13:35 < GodOfSea> use vim :) 13:36 < GodOfSea> http://termbin.com/g2rt 13:36 < GodOfSea> So I dont edit any of those ? 13:37 < EriC^^> no 13:38 < Purec> i tried to install linux with fde incl. bootloader. that was difficult 13:39 < EriC^^> why 13:39 < GodOfSea> EriC^^: http://termbin.com/xla5 13:39 < Purec> not sure, maybe i got the partition setup wrong 13:40 < EriC^^> GodOfSea: ok, type "sudo mkdir /boot/efi && sudo mount /boot/efi" 13:40 < Purec> some guides were saying format the /boot using ext4 fs but i thought fat32 is the best one 13:40 < EriC^^> Purec: if you want /boot encrypted you can put it in "/" without a separate partition and use a grub option so it works 13:40 < GodOfSea> EriC^^: in /etc/fstab the tab, whitespaces dont matter ? 13:41 < EriC^^> GodOfSea: nope 13:41 < Purec> so 1 partition in total, i dont plan on swap 13:41 < GodOfSea> EriC^^: should I delete my menuentry that I added in /etc/grub.d/40_custom ? 13:42 < EriC^^> Purec: GRUB_ENABLE_CRYPTODISK=y add that to /etc/default/grub and run update-grub / grub-mkconfig 13:43 < EriC^^> GodOfSea: yeah 13:44 < GodOfSea> GodOfSea: ok, type "sudo mkdir /boot/efi && sudo mount /boot/efi" done 13:46 < EriC^^> GodOfSea: dpkg -l |grep "grub*" | nc termbin.com 9999 13:46 < EriC^^> GodOfSea: sorry, dpkg -l |grep grub | nc termbin.com 9999 13:47 < GodOfSea> http://termbin.com/stwx 13:48 < EriC^^> GodOfSea: sudo apt-get purge grub-pc-bin grub-pc 13:49 < GodOfSea> Ok now when I do dpkg -l |grep grub I see everything minus grub-pc* 13:51 < EriC^^> GodOfSea: ok, type "sudo grub-install --target=x86_64-efi" 13:52 < GodOfSea> Installing for x86_64-efi platform. 13:52 < GodOfSea> efibootmgr: EFI variables are not supported on this system. 13:52 < GodOfSea> efibootmgr: EFI variables are not supported on this system. 13:52 < GodOfSea> Installation finished. No error reported. 13:52 < BluesKaj> hiyas all 13:52 < GodOfSea> Cool 13:52 < EriC^^> GodOfSea: ok, that'll go away later when you're booted in uefi mode 13:53 < plexigras> how do i best restrict the files a command can modify 13:53 < EriC^^> GodOfSea: type "ls -lR /boot/efi | nc termbin.com 9999" 13:57 < GodOfSea> EriC^^: http://termbin.com/9pls5 14:00 < sauvin> plexigras, huh? 14:00 < BSODjunkie> Has anyone here used the windows ubuntu subsystem, I am confused about whether the files installed there are accessible via windows. For example if I pip installed a package 14:00 < plexigras> sauvin: what? 14:01 < Armand> Hey, sauvin.. you sexeh beast. o/ 14:01 < sauvin> That was my question. What do you mean by "restrict", and what kind of command? 14:01 < sauvin> Armand, you're not supposed to let two thousand people know I'm not wearing anything. :P 14:01 < Armand> Sorry.... I guess I should turn off the webcam too, right ? 14:02 < Armand> ^_^ 14:02 < EriC^^> GodOfSea: type "sudo mkdir -p/ boot/efi/efi/Microsoft/Boot /boot/efi/efi/Boot && sudo cp /boot/efi/efi/ubuntu/grubx64.efi /boot/efi/efi/boot/bootx64.efi" 14:02 < sauvin> :D 14:02 < EriC^^> GodOfSea: also sudo cp /boot/efi/efi/ubuntu/grubx64.efi /boot/efi/efi/Microsoft/Boot/bootmgfw.efi 14:02 < EriC^^> GodOfSea: sorry there's a typo in the first one 14:02 < EriC^^> GodOfSea: type "sudo mkdir -p /boot/efi/efi/Microsoft/Boot /boot/efi/efi/Boot && sudo cp /boot/efi/efi/ubuntu/grubx64.efi /boot/efi/efi/boot/bootx64.efi" 14:02 < GodOfSea> yup edited that 14:03 < GodOfSea> done 14:03 < EriC^^> GodOfSea: ok, type "sudo update-grub" 14:04 < GodOfSea> Well , it still doesnt show anything about Microsoft 14:04 < EriC^^> GodOfSea: try rebooting, if it works type "sudo grub-install" then you need to get your windows installation cd and reinstall its efi bootloader, then boot back into linux and set linux as the bootloader first in list (via sudo grub-install) 14:06 < GodOfSea> So you mean if it doesnt work , I have to reinstall its efi bootloader ? EriC^^ 14:06 < plexigras> sauvin: any command for example `echo 'test' >> some_file` 14:07 < plexigras> i want to restrict where this some_file can be writen 14:07 < EriC^^> GodOfSea: no it should work now, you need to install windows though 14:07 < EriC^^> GodOfSea: http://www.dell.com/support/article/us/en/04/sln300987/how-to-repair-the-efi-bootloader-on-a-gpt-hdd-for-windows-7-8-81-and-10-on-your-dell-pc?lang=en 14:07 < sauvin> plexigras, *any* command, eh? You're looking at directory permissions. 14:07 < plexigras> yes how do i best do that 14:08 < EriC^^> GodOfSea: you might need to use "/f All" in the end of the last command 14:10 < GodOfSea> EriC^^: The last command ? 14:11 < EriC^^> bcdboot c:\Windows /l en-us /s : All 14:17 < sauvin> plexigras, the only thing I can think of just offhand is to create a user with restricted privileges and use that user for your restrictive commands. 14:17 < plexigras> there has to be a better way :/ 14:22 < Zaplo> I have a Transcend 32GB USB 3.1 stick. It works on windows but on linux it only behaves well in USB 2 port, blue USB 3 ports make the stick overheat and system starts lagging very badly 14:22 < Zaplo> is this linux driver problem, or something that needs to be configured? 14:22 < Zaplo> using 4.17.0-rc6 14:24 < GodOfSea> Ok Cool EriC^^ : thanks , I am gonna reboot , I am Fa5tTurtle though 14:24 < sauvin> plexigras, why are you asking for this? 14:25 < sauvin> (maybe an alternative approach is possible) 14:25 < Fa5tTurtle> yeah, I am GodOfSea Eric 14:25 < EriC^^> GodOfSea: ok, np 14:25 < Zaplo> It is this dongle https://www.transcend-info.com/Products/No-610 14:26 < Fa5tTurtle> EriC^^: windows is not in grub 14:28 < EriC^^> Fa5tTurtle: firstly, switch to uefi mode in the bios, boot linux, see if "sudo grub-install" works or complains about efi variables 14:28 < Fa5tTurtle> ok :) 14:28 < EriC^^> then use the windows installation cd to install windows' efi files, then boot linux, reinstall grub and update-grub and it will show 14:29 < EriC^^> you may need to use a live usb to boot windows depending on your bios if it allows you to select an uefi entry at boot up with some F key or so 14:29 < EriC^^> *live usb to boot linux (later after you reinstall windows efi) 14:30 < Fa5tTurtle> i dont have a cd,i booted win10 into a usb using woeusb software in ubuntu 14:31 < phinxy> if [[ $(whoami) != "linus" ]]; then echo test; fi 14:32 < phinxy> Why was it working but no anymore? 14:32 < phinxy> Can anyone spot anything wrong with that? 14:32 < Fa5tTurtle> EriC^^ in bios System Configuration Uefi boot order i can see Ubuntu and Windows boot manager, though ubuntu boot manager is at top, 14:33 < EriC^^> Fa5tTurtle: aha cool 14:33 < Fa5tTurtle> so I am gonna move windows on top and see if it works 14:33 < EriC^^> set uefi mode on, csm legacy off 14:33 < EriC^^> Fa5tTurtle: it won't 14:34 < EriC^^> Fa5tTurtle: the efi files it needed to boot are long gone 14:34 < phinxy> Is [[ the same manual as [/test? 14:34 < CappyT> I don't know if is the right place to ask, but i'm having a bad time with a vpn on linux 14:34 < Fa5tTurtle> i gotta search i do disable legacy then 14:34 < CappyT> can i ask here? 14:35 < rpgio> yes you can 14:35 < rpgio> you can always ask 14:35 < rpgio> whether someone has the answer is a different question 14:36 < EriC^^> Fa5tTurtle: if uefi is enabled then csm legacy would be disabled usually 14:36 < EriC^^> csm legacy is the compatibility mode for legacy bios 14:37 < Fa5tTurtle> aha found it 14:37 < Zaplo> if you change csm legacy i think it wipes out list of uefi installations 14:37 < Zaplo> or maybe it was some other option 14:37 < Fa5tTurtle> legacy support : changed it to disable 14:39 < UnknoWn44> hello 14:40 < CappyT> @rpgio ok then 14:40 < UnknoWn44> i am new to irc can you see my msg ? or ihave to do something? i feel noone sees it 14:41 < UnknoWn44> yo 14:41 < EriC^^> UnknoWn44: yeah we see it 14:41 < UnknoWn44> ok sorry for that 14:41 < EriC^^> np 14:42 < CappyT> As i said, i configured a openvpn server to circumvent a captive portal in my organization.. everything works, except the fact that i don't go over 30Mbps.. and it's a problem with openvpn, iperf shwos well more bandwith between the client and server 14:42 < CappyT> -so after pain, tears and blood, i gave up on openvpn 14:42 < CappyT> i need a faster TCP vpn protocol 14:42 < Fa5tTurtle> EriC^^ i did sudo grub-install, no errors 14:42 < CappyT> which supports http proxy 14:43 < TheWild> hello 14:43 < YADW> Hey there! I don't know if this is the right place to ask, but I have some issues configuring a vnc connection over openssh tunneling 14:44 < EriC^^> Fa5tTurtle: ok, install the windows efi using the dell guide 14:44 < YADW> Basically, I use a dynamic DNS on port 4077 (the gateway then forwards to the right computer at port 22), and I'd like to set up a vnc connection via Remmina, which supports ssh tunneling. So, on the server machine, I start vnc on localhost, and when I try to connect from the client machine over ssh I get a confusing error message that tells me that the "ssh session failed to startup: success". Massive headache follows. 14:44 < Fa5tTurtle> Eric^^ the link again, i lost it, i am using my phone for irc right now 14:45 < YADW> Obviously a regular ssh session works flawlessly, by the way 14:47 < phinxy> zomg. The DEBUG trap which adds a color code between each command places them on $(command)'s as well.. 14:49 < domhnall> YADW: what's the vnc localhost: ? 14:49 < Fa5tTurtle> nvm EriC^^ found it, saved it in github 14:49 < YADW> domhnall 5900, that's the default port for display:0 14:50 < plexigras> is there a way to have `wait` not remove the process from the `jobs` list? 14:50 < domhnall> YADW: oh, thought it was 5901 14:51 < YADW> domhnall yes, because usually vnc runs on display:1. Afaik the port number depends on which virtual display it runs on 14:53 < YADW> Anyway, I don't think that should matter much, since it goes through a ssh tunnel (therefore on port 22) 14:54 < spare> YADW: ssh -NL local:port:remote:port user@host.domain forwards remote port to the box your on then just tell it to connect to localhost rather than execute a ssh session 14:55 < Fa5tTurtle> EriC^^ when I do bootrec /FixBoot it says Access is denied 14:57 < YADW> spare thank you, but it seems a bit different from what I'm trying to achieve 15:00 < spare> if you setup an ssh tunnel with remmina thats literally all its doing but apperently doesnt work ;P you can do that manually and just tell it vnc is on localhost so its not trying to wrap ssh 15:00 < YADW> spare, oh, that's cool. Didn't think of it that way, I'm trying it in a sec. 15:01 < spare> if its on localhost every uid:gid on the system can get access to it if you havent setup a password on both boxes qemu still forces a timing attack doesnt allow booting with a passphrase only setting it once its up : / 15:02 < YADW> spare, connection gets refused :( 15:03 < Furai> What would be the best way to back up whole server with databases, let's call it production server (which is not, but let's call it here like this)? Something that would allow me to restore most of it having a clean installation of the same OS elsewhere. I guess with RSYNC. The topic is probably already well answered on the Internet but there are so many different answers and I wondered what would be your 15:03 < Furai> preferred backup stategy of choice. 15:03 < spare> can you ssh in regardless ? ssh -L localhost:5900:localhost:5900 user@box would still open a normal shell and silently fail forwarding unless you set ExitOnForwardFailure 15:05 < Fa5tTurtle> EriC^^: I got windows to work from the bios boot manager 😀 15:05 < plexigras> how can i get the pid of the process that i waited for using `wait -n` ? 15:10 < dreamcat4> plexigras: sleep 30 & _PID="$!"; wait -n 15:10 < dreamcat4> where 'sleep 30' is the child process you spawned and are waiting to finish 15:10 < plexigras> i have more then one child process but only one wait -n 15:11 < dreamcat4> plexigras: well wait -n will wait for all of them. you can wait -n $PID & to make seperate wait tasks for each PID you can do each one seperately then 15:12 < plexigras> dreamcat4: no it does not it only waits fr the first one 15:12 < dreamcat4> ok here is an example to show you what i mean; 15:13 < dreamcat4> sleep 100 & _PID1="$!"; wait -n $_PID1 & sleep 200 & _PID2="$!"; wait -n $_PID2 & 15:14 < dreamcat4> the 1st wait cmd should wait for PID1 to finish. then the 2nd wait cmd should wait for PID2 to finish. then you know which wait is waiting for what 15:14 < plexigras> try only one wait -n at the end and you will se that the script will exit after the first child process ends 15:14 < dreamcat4> well i didn't say you should be doing that 15:15 < dreamcat4> then you need a loop afterwards (with a check). to stop your main process exiting immediately 15:15 < plexigras> thats not what i want and i don't know how many times i should tell you that 15:18 < dreamcat4> ok plexigras i see the mistake. i think you need to put each wait into its own sub-shell with ( ) 15:18 < dreamcat4> for eample: (sleep 100 & _PID1="$!"; wait -n $_PID1) & 15:18 < dreamcat4> then (sleep 200 & _PID2="$!"; wait -n $_PID2) & 15:18 < dreamcat4> is possible 15:19 < kuri0> how do i build a kernel deb package without rebuilding everything ? 15:19 < kuri0> make -j8 bindeb-pkg LOCALVERSION=-custom recompiles everything 15:20 < dreamcat4> plexigras: for any further help with the wait builtin function, ask on ##bash channel 15:20 < dreamcat4> because it is part of the interpreter 15:48 < V7> Hey all 15:48 < V7> Clean OS with xorg-server, xorg, xorg-twm, xorg-xinit and xterm 15:48 < V7> When I'm executing startx it shows a black screen with "input" cursor, but when I'm changing tty from tty1 to tty2 and back it shows a desktop 15:49 < jim> V7, what does an input cursor look like? 15:50 < V7> jim: Like this https://i.imgur.com/OIO07Tk.png 15:51 < jim> oh, like a textual insertion pooint 15:51 < V7> So, if I'd start xorg and then change tty from 1 to 2 and back to 1 then it shows a dekstop 15:51 < V7> It's strange 15:51 < V7> How to force xorg to stay on tty1 ? 15:52 < jim> I think you can feed startx with which vc 15:53 < V7> jim: So, I'm already at tty1 15:53 < V7> It just doesn't show desktop before changing from 1 to 2 and 1 15:55 < jim> The startx script is a front end to xinit(1) that provides a somewhat nicer user interface for running a single session of the X Window System. It is often run with no arguments. 16:00 < Li> I left a laptop on and came back found it off!! tried cat /var/log/syslog and syslog1 both files shows only logs starting from the new booting time. 16:00 < Li> how to view previous logs syslog.2.gz 16:00 < hexnewbie> Li: Battery drained? 16:00 < jim> maybe it sensed battery low? 16:00 < Li> hexnewbie: nope it would plugged into the mains 16:00 < Li> it was* 16:01 < jim> what happens when you hit a key on its keyboard? (shift would do it) 16:02 < hexnewbie> Overheating, closing the lid (causing suspend with no resume), not fully inserting the mains plug or the power supply connector - those are the more common causes a powered laptop can power down. 16:02 < hexnewbie> There's also suspend after a period of inactivity, which can also be one way trip if your suspend is broken 16:04 < hexnewbie> There's also a rogue party writing 'o' to /proc/sysrq-trigger (I guess the cat accidentally pressing the key combination is out of question, but I wouldn't necessarily rule out a human doing it) 16:09 < Li> hexnewbie: the question is how to use logs to find out what happend? 16:10 < Li> Konwing all thoes multiple possiblities, how to determine which one was the case! 16:10 < hexnewbie> sysrq is not logged at all, which is the main reason I suggested it as an explanation for seeing nothing in the logs. Hardware-triggered shutdown due to overheating would also not be in the logs. 16:10 < jim> Li, one thing you might do is look for an option to make the logs be verbose 16:10 < V7> jim: So, any thoughts ? 16:11 < hexnewbie> Suspend will be logged, albeit indirectly (I believe), as in you may get some weird messages in /var/log/kern.log unrelated directly to the suspend itself, but ones that only appear during suspend. 16:11 < jim> well it does sound like it's using vt1, but for some reason it doesn't do anything till you switch away for a moment 16:12 < jim> dunno why that would be 16:13 < jim> V7, and you're right, this does seem strange 16:13 < jim> back in a bit 16:19 < Li> hexnewbie: both syslog and kern.log and starting from the new starting time which 13:42:06 16:19 < Li> no previous logs exist 16:20 < triceratux> http://www.linuxandubuntu.com/home/microsofts-new-operating-system-based-on-linux 16:21 < wizzi> Hi, when i block someone with iptables thats mean he can't connect ? 16:23 < hexnewbie> wizzi: It depends on the meaning of ’block’ and ‘someone’. Dropping or rejecting NEW packets arriving from an IP means they can't connect, unless you accepted them in an earlier rule or they change their IP. 16:26 < hexnewbie> wizzi: (It's generally impossible to block a specific someone.) 16:30 < wizzi> hexnewbie, so how can i kick or block someone from my network ? 16:31 < wizzi> is there tools or .. ? 16:31 < hexnewbie> wizzi: From your network? What does that mean? 16:33 < pingfloyd> the way you block "someone" is lock, disable, or remove their account 16:33 < pingfloyd> blocking someone has nothing to do with iptables 16:40 < wizzi> hexnewbie, that's mean he's connecting on my wifi 16:42 < jim> wizzi, change your security somehow 16:42 < hexnewbie> wizzi: Don't run an open WiFi, or one with weak security (e.g. WEP is weak). Even if you blocked someone off the WiFi by some criteria, if your WiFi is unsecured, they'd still be able to listen in to everything you do over the WiFi 16:43 < MikeFromIT> You could try blacklisting their MAC address wizzi 16:43 < kurahaupo> wizzi: alternatively, allow them to connect, but confine them to a VLAN that doesn't let them do much/anything 16:43 < wizzi> hexnewbie, jim, i know that ...but if he always break your security what should you do ? 16:44 < wizzi> MikeFromIT, exactly ! 16:44 < jim> I've heard of randomizing the mac addr 16:44 < wizzi> kurahaupo, how can i do that ? 16:45 < MikeFromIT> It's pretty hard for someone to break WPA2. Turn WPS off as that is slightly easier to bruteforce and change your SSID and password 16:45 < kurahaupo> wizzi: log into your wifi and configure it there. How depends on what model of wifi you have 16:45 < hexnewbie> wizzi: 1) Turn on WPA-2. 2) Use a secure passphrase, emphasis on phrase, with high entropy. 3) Report the attacker to the police. 4) If they exploit a known vulnerability in your WiFi access point, replace with one that doesn't have it. 16:46 < wizzi> MikeFromIT, did you hear about "androdumper" ? 16:46 < jim> wizzi, does anyone in your house use the wireless too? 16:46 < wizzi> jim, yes 16:46 < jim> then you should go slow 16:47 < MikeFromIT> Looks pretty similar to any other tool used to exploit WPS 16:48 < wizzi> hexnewbie, this is not a solution ..i need to block them 16:48 < jim> wizzi, make sure everyone you want using the wireless can do wpa2, once you're sure, switch to wpa2 16:48 < Xiretza> uhhh, shouldn't `make defconfig` be the same as calling `make olddefconfig` with an empty .config? because it isn't, I have no idea which defaults olddefconfig uses, but they're not from the ARCH. 16:48 < BCMM> i'm all for keeping old hardware running, but stuff that doesn't do wpa2 is silly 16:49 < hexnewbie> wizzi: That's *the* solution. Blocking will not work. 16:49 < Xiretza> what I want is something that fills all the unspecified fields with the ARCH supplied defaults. 16:50 < jim> BCMM, I dunno if there's old hardware (or software) involved, but probably wizzi is more interested in keeping things working for everyone in his house 16:51 < jim> maybe there's not and it's fine... but he should make sure 16:52 < ggVGc> sounds like it'd be enough to turn off WPS for now 16:52 < ggVGc> WPS is useless anyway 16:52 < ggVGc> should be an option in the router settings 16:53 < wizzi> jim, hexnewbie,i tried iptables but didn't work 16:54 < jim> wizzi, is everyone you want using the wireless home right now? 16:54 < hexnewbie> wizzi: Neither would any blacklist, as they would be ineffective as they aren't a replacement for genuine wireless security. 16:55 < hexnewbie> wizzi: A whitelist may work, partially, as it would prevent the party from connecting until they discover they can use your MAC address. They would still be able to sniff your entire network traffic. 16:56 < pikaro> I'm currently with ramnode for my vps and would like to switch to kvm. their plans are fairly expensive, though, almost double from what other providers offer ($12/mo for 2G Ram / 25G NVMe). however, I've had good experiences with their service and uptime. is it worth switching to a cheaper provider? recommendations for a reliable one? 16:56 < tsaka__> I remember reading about native kernel support for limiting battery charge. Anyone know which version that is or have any links? 16:56 < pikaro> i know it's a bit OT, but I don't know any relevant channels 16:58 < searedvandal> pikaro, the provider I've been most happy with is Digital Ocean. 16:59 < oerheks> "native kernel support for limiting battery charge." never heard of that, and sounds a private project?? 17:00 < jim> pikaro, there is a bot, alis, that can assist you in finding channels on the freenode irc net. To get started, /msg alis help 17:00 < pikaro> searedvandal, they're a bit more expensive than ramnode if I'm looking at the correct list. 17:00 < pikaro> jim, cool, thanks! 17:00 < oneko> That sounds interesting, jim 17:01 < tsaka__> oerheks: no a lot of battery drivers support it, eg thinkpads 17:03 < searedvandal> tsaka__, for thinkpads I think it should be enough to enable the tp_smapi module 17:05 < jim> oneko, give it a shot... you never know what you'll find 17:06 < kazdax> how can i checkl the logs to find out why my linuix which is a redhat...shuts down after a while on its own ? 17:07 < searedvandal> tsaka__, and as far as I can see thinkpads are the only ones that can set the battery charge thresholds 17:07 < tsaka__> okay thanks 17:07 < searedvandal> tsaka__, http://www.thinkwiki.org/wiki/Tp_smapi#Battery_charge_control_features 17:10 < wizzi> sorry i'm back, hexnewbie how can that be ? is there a tool to do that or from router ? 17:11 < tsaka__> searedvandal: That's for old laptops only. I do remember reading about newer support coming in the kernel but struggle to find links 17:11 < hexnewbie> wizzi: To do what? 17:14 < wizzi> hexnewbie, "A whitelist may work" 17:15 < hexnewbie> wizzi: Whitelists and blacklists are, or at least were, a standard feature of routers. Given that it's pretty pointless from a security perspective, modern routers may lack it for your own protection, I don't know (haven't really used a web UI for those for quite some time) 17:17 < searedvandal> tsaka__, I see. well, if there is something in the pipeline, the linux-pm mailing list archive could be a place to dig 17:17 < hexnewbie> ‘May work’ means that if the person breaking into your WiFi doesn't know what they are doing, it may prevent them from using the internet. Maybe. But it's equivalent of checking the brand of shoes before letting people in, instead of a proper door lock. 17:21 < wizzi> hexnewbie, thank you :) 17:22 < pingfloyd> you mean whitelisting by mac address? 17:23 < hexnewbie> pingfloyd: Yeah. 17:24 < pingfloyd> I wouldn't say it's useless for security. Attacker how to figure out a mac address that's whitelisted. 17:25 < pingfloyd> I remember one day I found a rogue device on this pos router. I turned on access control and whitelisted my devices' mac address and it's never been back. 17:25 < pingfloyd> was the only saving grace of that pos router 17:25 < hexnewbie> Yeah, so it may work and keep them out with no internet. But they can still sniff you - either to get the macs, then use your mac; or to snoop on you. Breaking the security (something they have already done) is harder than finding out a mac. 17:25 < pingfloyd> also many routers you can't turn off WPS completely 17:26 < hexnewbie> My first ever router was secured by a MAC whitelist. 17:26 < pingfloyd> hexnewbie: they have to be on the network first to sniff 17:27 < pingfloyd> wired connection isn't a concern since that is secured by limit of physical access 17:27 < pingfloyd> so they're not going to be able to get on the wired network to sniff out traffic. 17:27 < hexnewbie> pingfloyd: You mean, the MAC whitelist may prevent them from using the WPS exploits (I'm not familiar with those per se)? 17:28 < pingfloyd> the whitelist is more of a workaround 17:28 < pingfloyd> like maybe they can get through WPS, but they're not going to get on unless they know one of the whitelisted mac addresses. 17:29 < pingfloyd> so while wps in that case, is easily bypassed, they still have to get past the whitelist in addition 17:29 < pingfloyd> a lot of routers will have setting for disabling wps, but they don't really disable it. 17:30 < pingfloyd> WPS really never should have been to begin with 17:30 < pingfloyd> it's whole concept is flawed 17:30 < bls> but we have to cater to laypeople/grandmas! 17:30 < pingfloyd> bls: and make them even easier marks 17:30 < pingfloyd> than they are already 17:31 < hexnewbie> Aren't the MACs visible in simple monitor mode? 17:33 < pingfloyd> maybe 17:35 < oneko> What's that sed one liner I can use to recursively replace all occurrences of a certain word with another word ? 17:37 < revel> That's just regular sed with the global flag (g) 17:37 < EriC^^> oneko: sed -e 's/word/anotherword/g' 17:38 < oneko> Thanks, revel ;-) 17:38 < hexnewbie> find /root/of/replacement -type f -exec grep 'certain word' {} \; -exec sed 's/certain word/another word/g ' {} + | grep 'another word' 17:38 < hexnewbie> oneko: Run that. If you're happy with the output, re-run the same with ‘sed -i.bak’ instead of ‘sed’ 17:38 < bls> and you can drop the greps 17:40 < hexnewbie> oneko: Review the changes with: find /root/of/replacement -type f -name '*.bak' -exec bash -c 'diff -u "${1%.bak}" "$1"' xx {} \; 17:41 < hexnewbie> oneko: if you're happy with the result, you can delete the .bak files 17:41 < oneko> wow 17:42 < oneko> Okay, let me see 17:42 < bls> and thank you for using the arg to -i 17:42 < pingfloyd> hexnewbie: looks like there's ways 17:47 < oneko> hexnewbie: On what shell should I be running that because apparently I am missing an argument to -exec 17:47 < oneko> find: missing argument to `-exec' 17:48 < bls> did you hand type the command string? 17:50 < oneko> I typed hand typed this into bash `find . -type f -exec grep 'azclient' {} \; -exec sed 's/word1/word2/g' {}` 17:51 < hexnewbie> oneko: The -exec needs to be terminated with either ';' (escaped or quoted) or + (the two have different meaning - plus would append more arguments to the same command) - you can't omit the plus 17:52 < hexnewbie> You could use \; instead of + if the difference confuses you, though (not the other way round) 17:53 < bls> and you really only need the exec with the sed 17:53 < hexnewbie> Is that guaranteed to not touch the files lacking the word? 17:54 < oneko> Okay, thanks a lot, hexnewbie 17:54 < oneko> On taking a good look I think I don't want to replace all the references :-P 17:54 < bls> if sed changes anything it wasn't told to, it's utterly and fundamentally broken 17:59 < hexnewbie> bls: I don't mean change, but touching the mtimes and souch 17:59 < DevilChaos> Hi all I'm trying to set up piratebox for a project the box is based on arch Linux has any of you set one of these box's up before ? I have mine working through the rasp pi but I can only access it through my laptop and browser I can from android or iOS I can connect to it through the WiFi hotspot though but not the browsers any help would be appreciated? 18:00 < DevilChaos> *can't through android and ios 18:01 < electrosys> in mutt how do you display emails from only a specific sender? filter on sender. 18:01 < pingfloyd> DevilChaos: what? 18:02 < bls> electrosys: pretty sure the search string is: ~s sender 18:02 < bls> but all those shorthands are well documented 18:03 < bls> hexnewbie: that'd require a look, but I doubt it would 18:03 < electrosys> bls: understood, but you have to press n to go to the next e-mail anway to change the view so only emails from a specific sender are displayed? 18:04 < pikaro> so I borked a debian by ripping out systemd. now I'm getting all kinds of weird permission errors - like, access to /etc/resolv.conf is denied or sudo can't read /etc/sudoers. however, about 90% of the system still run perfectly fine, there's no absolutely catastrophic failure, and for some applications it's only intermittent. I only removed systemd, systemd-sysvinit and libpam-systemd - I suspect it's the latter? could be a nice 18:04 < pikaro> learning opportunity to understand what's going on. 18:04 < bls> sorry, I don't understand what you're asking 18:04 < DevilChaos> Pingfloyd: I'm setting up piratebox for a project. Its an offline network sharing box for files chat and forum 18:05 < electrosys> pikaro: systemd is pretty monolithic so there are probably some tasks you need to handle on your own now. 18:05 < bls> electrosys: if you're wanting to restrict the view of messages to just the sender you searched for, you'll likely need to add something like notmuch onto mutt 18:05 < electrosys> apparently systemd does a lot more than systemv init did. theres a huge argument about systemd and its monolithic approach. 18:05 < pikaro> electrosys, I installed sysvinit of course, so that part should be there 18:06 < bls> pikaro: a decent amount of the system is now set up on the assumption that systemd will be there as the only thing accessing/controlling those files and/or networking config 18:06 < electrosys> bls: ok, thanks, ive heard of not much, and you need a little e-mail client stack, offlineimap, mutt, notmuch, msmtp. 18:07 < pikaro> bls, but in the strace I can see ping tries to directly fopen /etc/resolv.conf, for example 18:07 < electrosys> pikaro: no, see systemd handles a lot more of the administrative taks than systemv does. you see, thats what im saying about monolithic approach. 18:07 < bls> my setup used to be fetchmail + procmail + mutt + notmuch + msmtp 18:08 < pingfloyd> pikaro: since systemd has its tentacles deep into userland, it's not really that trivial to remove 18:08 < pikaro> and even if resolv.conf is 777: open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied) 18:08 < bls> ping isn't directly opening resolv.conf, glibc is 18:08 < pingfloyd> pikaro: sysv init on the other, was trivial to replace (other than you may need some new startup scripts). 18:08 < electrosys> pikaro: systemd as far as I can tell is like a windows program, it does everything for you. thats what the argument is about, it goes against the UNIX philosophy, which is to create many little programs that work together. 18:08 < pingfloyd> electrosys: it's totally windows philosophy 18:09 < bls> pikaro: do you have selinux or another MAC system or ACLs on the file? 18:09 < pikaro> electrosys, I know about the argument, but I want to understand what's going on on the technical level 18:09 < pingfloyd> electrosys: that whole "one program to rule them all" mentality 18:09 < bls> yes, the "I'm in program X and I need to do Y, so even though it has nothing to do with program X 18:09 < storge> cathedral wants to destroy the bazaar 18:09 < bls> 's problem domain, let's add it in anyway" 18:10 * triceratux got systemd to disappear by booting mx-linux 17.1 18:10 < electrosys> pingflyd: well, its really where your comming from as far as technical background. though it wouldn't be hard for you to write a script for your friend who is less inclined in the Unix Operating Environment than you are. 18:10 < pikaro> selinux is not installed 18:10 < pingfloyd> pikaro: this is why devuan exists 18:10 < pingfloyd> pikaro: because while you can simple remove systemd from debian, it turns out that some programs will break and those need to be addressed. 18:11 < electrosys> without-systemd.org 18:11 < bls> because due to network manager and/or the systemd networking thing, it's common to set ACLs on resolv.conf so they'll stop trashing it 18:11 < pikaro> electrosys, that's where I got the borking instructions from. DON'T follow them if your system isn't already shot, which mine was 18:11 < electrosys> im not messing around with systemd right now. 18:12 < electrosys> I'm trying to do all my daily tasks in the framebuffer. so I can live like a human being again. 18:12 < pingfloyd> pikaro: that method isn't very complete 18:12 < storge> some of those directions at without-systemd need to be updated as times change. same with any advice you find 18:12 < electrosys> no mouse. 18:12 < pikaro> pingfloyd, this isn't programs breaking - opening a file doesn't work when the permissions say the opposite. that's something very fundamental 18:12 < bls> in a cave with your hair shirt, oil lamps, and frame buffer? hehe 18:12 < storge> hair shirt 18:12 < pingfloyd> pikaro: that's programs breaking 18:13 < pikaro> mind that I can actually edit it as root, but ping can't access it if root executes ping 18:13 < bls> the basic access permissions might not be the only ones at play here 18:13 < electrosys> the effort is rewarding, cause its all pretty simple, it seems now a days driver support is so good, you don't have to fight around too much. Just learn the Unix Operating Environment. 18:13 < pingfloyd> pikaro: yes, this is what happens when you build the dist around systemd 18:13 < bls> I can "just learn the unix operating environment" in a fully graphical environment as well 18:14 < pingfloyd> pikaro: you take a way systemd, and it leaves programs, that assume its going to be installed, not working correctly. 18:14 < electrosys> pikaro: are you on vanilla debian? 18:14 < pingfloyd> I think the access issue is more of a symptom of the problem 18:15 < storge> pingfloyd: such programs are against reason and God 18:15 < pikaro> electrosys, pretty much yes, openvz kernel though - which is why the system was shot the moment systemd got on there 18:15 < bls> that or some of the other mechanisms that systemd has taken control of (cgroups first spring to mind) might be coming into play now that there's nothing else managing them 18:15 * storge wgets 4.17.2 18:17 < electrosys> devuan.org 18:18 < electrosys> dev one? 18:18 < electrosys> pikaro: have you hard of dev one? 18:18 * storge shrugs 18:18 < pikaro> bls, cgmanager was actually running, that might be it 18:18 < pikaro> stopping it wasn't enough but I never looked into cgroups before 18:19 < electrosys> pikaro: i understand you want to learn it on your own, maybe they have forums and you can pick their. they seem to be the experts on what your doing? 18:19 < bls> cgroups was an example, shouldn't be the reason ACLs are getting added to the file 18:19 < pingfloyd> having no mouse isn't going to make you more proficient 18:19 < electrosys> pingfloyd: im forced to configure more on my own. 18:20 < pingfloyd> it's just putting an artificial constraint on your workflow 18:20 < oiaohm> pikaro: https://github.com/ConsoleKit2/ConsoleKit2/issues/98 if you have cgmanager running it has not been maintained for quite a while now and it known to make systems behave strange. 18:20 < electrosys> you can't have your hand in three places at once. 18:20 < storge> he who has no mouse presses tab muchly 18:20 < electrosys> argument is over. 18:20 < pingfloyd> e.g., if you wanted to get better at bash. Open a Terminal emulator and work in bash. 18:20 < bls> "I would be lazy otherwise, so I'll live like a luddite" 18:20 < electrosys> hands i should say. 18:20 < pingfloyd> isn't going to matter if you're running bash at the console or in a terminal emulator 18:20 < oiaohm> pikaro: while systemd was loaded it most likely locked cgmanager out from causing hell. 18:21 < electrosys> pingfloyd: it matters a lot becuase i play movies different, i play audio differently. I figured out how to download and trash my e-mails but i still can't completly manage them. 18:21 < pingfloyd> other that in the terminal, it makes the workflow more manageable use all the other programs (e.g., having a good window management)> 18:21 < mguy> Would it be a dumb idea to use the exact same ssh key on all 3 of my computers to access my server? 18:21 < electrosys> it requires more of a concious effort, and im not bombarded by as much information that I didn't ask for 18:21 < bls> mguy: yes 18:22 < electrosys> its like bying a lego kit, or buying it pre built for you. 18:22 < electrosys> ... already glued together. 18:22 < bls> I can tailor exactly such an environment, but mine has true type font supports, a modern web browser, tiling or floating windows, multiple desktops 18:22 < storge> it's like an old oak table, that you spill milk on, but can't clean because you don't have arms. 18:23 < pikaro> well it can't have been ACLs in the way I'm finding on google, the fs isn't mounted with the option and I dont have getfacl/setfacl 18:23 < bls> mguy: imagine someone steals one of your computers. either they now have access to your server, or you have to lock yourself out and create new keys on your 2 remaining computers 18:23 < electrosys> mguy: you have to be very proactive with security, if it sounds dumb it probably is. 18:24 < mguy> bls: makes sense 18:24 < storge> if you cut corners, you invite compromise 18:24 < storge> (in security) 18:24 < electrosys> security or convience, you can't exactly have both. 18:25 < electrosys> but you can script your conviences yourself. 18:25 < storge> soon we'll turn it all over to alexa and we'll be safe 18:25 < mguy> Plus I guess you're not saving any time copying a key to a bunch of machines instead of just copying each key to the server 18:25 < pingfloyd> I think the lego analogy is a bit off. I know what you're saying, but there's more to it than that. You've got to consider what unix was when it was new. It made computing a lot easier compared to anything of the time. 18:25 < electrosys> pingfloyd: i don't think that has changed much. 18:25 < pingfloyd> because of its tenet of "gluing programs together". 18:26 < bls> mguy: you can also just drop `ssh-keygen ... && ssh-copy-id` in a script to automate the process 18:26 < pingfloyd> we've come a long way since them and it's evolved into what we have in our environment today 18:26 < pingfloyd> because of those early days and that tenet 18:26 < electrosys> unix is like having your own garden, you know what your eating. 18:26 < pingfloyd> not really 18:26 < bls> things have changed though, we can now address individual pixels, we don't *have* to live in a 80x24 ASCII only world anymore 18:26 < pingfloyd> AT&T was proprietary 18:27 < pingfloyd> the whole system v line 18:27 < electrosys> i see what your saying. 18:27 < pingfloyd> hence why you ended up with a rewriting of BSD and also why GNU was born. 18:27 < storge> gnu not unix 18:28 < electrosys> is ubntu mostly gnu? 18:28 < pingfloyd> it has the gnu userland yeah 18:28 < morf> probably 18:29 < bls> depends on how you measure it 18:29 < morf> or i mean mostly 18:29 < pingfloyd> It's definitely not anything close to gnu's definition of free software though. 18:29 < bls> it'll be some parts GNU, some MIT, some Apache, some BSD 18:29 < electrosys> how does the unix philosophy live on in something thats called "not unix"? 18:30 < storge> iamgination 18:30 < pingfloyd> electrosys: the "not unix" is a play on words 18:30 < pingfloyd> electrosys: gnu is a unix-like without a doubt 18:30 < pingfloyd> it's "not unix" in that it's not closed and proprietary like Unix 18:30 < bls> it doesn't strictly speaking. GNU has no qualms about adding features from other programs to one of their programs 18:31 < electrosys> obviously gnu believes in unix if it imitated it how will the little kiddies know what that philosphy is? 18:31 < bls> what used to be a pipe to another program for a specific purpose becomes an argument to a semi-related GNU one 18:32 < pingfloyd> what's funny is unix before the invention of the pipe (something AT&T developed at a certain point) 18:32 < pingfloyd> you could still have the same functionality, it's just you had to create lots of temporary files before pipes 18:34 < akd> I want to run a cron 18:34 < akd> but not as root 18:34 < akd> do I only need to edit the user just before the command in cron file ? 18:34 < storge> uh 18:35 < storge> what? 18:35 < electrosys> chrontab -e? 18:35 < storge> crontab -e ...no h 18:35 < fooman2011> Hello. I have keyboard troubles with a program when I run it through ssh. It works perfectly when it is launched directly on the machine tty, but some keyboard problems (due to SDL bug) occurs when I launch it throught ssh. Is there any way to launch this program throught ssh as if it was launched directly from the machine ? 18:36 < pingfloyd> imagine if AT&T had released UNIX with a free software license 18:36 < pingfloyd> gnu wouldn't exist 18:36 < bls> or plan9 18:36 < bls> ah, that was later 18:36 < electrosys> i still need to figure out how to copy links from elinks to irc. 18:36 < pingfloyd> and linux probably would have died off since there was no userland for gnu to provide in its earlier days. 18:36 < akd> what? 18:36 < bls> copy-paste them with your mouse 18:37 < electrosys> I dont have mouse support in my frame buffer. 18:37 < bls> also, note that elinks doesn't do TLS cert validation 18:37 < compdoc> so we are the victims of fate? 18:38 < electrosys> bls: k, im not set on it. or anything, there isn't a lot of web browsers that run in the framebuffer though it seems. 18:38 < electrosys> bls: is there a text based browser that has more security features? 18:38 < pingfloyd> compdoc: more like benefactors is what I'm thinking 18:39 < pingfloyd> compdoc: like, maybe AT&T UNIX being proprietary is a blessing in disguise and what ultimately kept unix (including unix-likes) alive all these years. 18:39 < pingfloyd> compdoc: i.e., the restrictions were the catalysts for the innovation 18:40 < bls> not sure. all the text based browsers are near abandonware as far as I know. I just stick with lynx when I'm in my "trying to trudge my way through working via ssh with a BT keyboard, an iPad, and ssh" 18:40 < pingfloyd> for example BSD requiring a complete code rewrite. 18:40 < pingfloyd> GNU and/or linux ever existing 18:41 < pingfloyd> as far as outside of X web browser, seems like links2 is about the best one 18:41 < apro> hi can i partition only a raw disk? 18:42 < bls> apro: you'll need to rephrase that because it doesn't make sense as you've asked it 18:42 < bls> i.e. what's "only a raw disk"? 18:42 < apro> bls: let me brief the question 18:42 < pingfloyd> I used the text-based browsers a lot in my earlier days of linux in order to figure out how to get X working 18:43 < apro> so i had 100G of new volume added to the instance; so i created fdisk and created a partition and mounted the filesystem to a new directory. in this case i used only 50% of the size 18:43 < apro> now can i reuse the remaining space left in that disk? 18:43 < bls> I use them to quick open URLs I know aren't going to be JS heavy when I'm sshed into a server, but that's about it. they're pretty miserable to use for near everything else 18:44 < electrosys> lynx looks nice. its a lot slower but probably implements for security stuff like your were saying. 18:44 < electrosys> bls: i like have all the text the same size 18:44 < bls> what instance? created fdisk? and yes, you can run a partitioning tool again and allocate from the free space 18:45 < bls> I don't and don't understand this fetish with fixed size characters 18:45 < electrosys> bls: its easier to read. 18:46 < baiguai> theyre sexy 18:46 < bls> then why don't we print books in fixed size fonts? 18:46 < apro> bls: aws ec2 instance.. i ran the command fdisk to create a partition.. the first time i ran the fdisk command, i gave the first sector as 1 and last sector as 109713152 18:46 < apro> bls: so when i run the fdisk for the second time to create a new partition, should i use first sector as 109713152?? 18:47 < bls> I couldn't tell you the exact sequence of key presses, but fdisk should be able to create a partition in the free space without you have to do block/cylinder/head/sector offset calculations 18:49 < electrosys> books are printed on white paper generally. 18:50 < electrosys> obviously formatting is needed. but i just see the framebruffer as a way to filter out all the noise from advertising and everything else that you dont ask for. 18:50 < electrosys> you have the informat you want at hand, nothing more nothing less, just requires some time to get it to work exactly the way you want. 18:50 < bls> I do that to, but by attacking the noise and distractions, not the GUI 18:51 < electrosys> bls: point well taken. 18:51 < electrosys> i went through some trama last year, mabye thats part of it, its helping me. 18:51 < electrosys> its helping me focus. 18:52 < electrosys> but i hacked around a lot in dos, before win95, win 95 was really the bain of my computer enjoyment. 18:52 < bls> if it allows you to hone your workflow, then more power to you; there are just some things you'll sacrifice that might not be worth it 18:52 < electrosys> it remindes me of those days, just 1000x better. 18:54 < electrosys> and games were always important to me 3d graphics always facinated me, so games were more accessable to me on windows. 18:54 < electrosys> maybe it was win 98, cause i think win 95 was still dos. 18:54 < bls> I've found I can get the same level with no DE, a tiling window manager, and a full screen xterm. allows me to use a text editor with proportional fonts, use a mouse to copy-paste from a PDF or JS heavy website when needed 18:55 < Sitri> electrosys: 98 and ME were still DOS-based 18:55 < Sitri> NT, 2000 and XP were all NT-based 18:55 < electrosys> i dont remember the shell support in 98 being as good? cause i dont think you were able to get to true dos in win98 18:55 < mguy> I think I used ME for about 2 hours total 18:55 < electrosys> ME was horrible. 18:56 < electrosys> it was on my moms machine, but i think it was able to run on shitty machines. 18:56 < mguy> I want to say Windows 2000 was out by then so I was already on that 18:57 < bls> I never really saw a difference between 95, 98, and ME. 2k was where I first noticed some improvements in the underlying OS 18:57 < pingfloyd> 2000 was around the same time, yes 18:57 < mguy> bls: like not crashing every few hours? 18:57 < bls> not just that, but the way a machine was programmed and/or managed 18:58 < pingfloyd> 2000 was a continuation from NT 4 18:58 < thrower> hi all 18:58 < electrosys> i think 98, was some twisted version of nt 18:58 < electrosys> it was like a migration path from dos to nt 18:59 < mguy> NT4 was great but buying enough RAM to run it and then buying supported sound, video, etc cards really added up 18:59 < electrosys> 98 was a big turn, and 10 now. 18:59 < mguy> Linux didn't like the winmodems and integrated graphics and sound cards of those days 19:00 < electrosys> thats why they were called winmodems, they really were winmodems, unhackable. 19:00 < electrosys> they must have made windows calls from the hardware or something. 19:00 < mguy> even winprinters bleh 19:00 < bls> it wasn't that linux didn't like them, it was that there were neither drivers nor hardware specs available to the community to support them 19:00 < electrosys> i was fortunate enough to be told to buy a usr. 19:01 < mguy> We got a T1 so I was able to salvage all the external modems from our old RocketPort modem bank 19:02 < electrosys> i had a 286/386 with renegade a single line and a good modem, i didn't play around with much else when i was a teenager. 19:03 < electrosys> i remeber downloading truespace 3d off of a bbs and thinking i was the shit for being able to do 3d on my little computer. 19:03 < mguy> There was another 3D program back then for DOS but I could never figure it out 19:03 < mguy> povray! 19:03 < pingfloyd> back when there weren't any good 3D modelling programs except 3dsmax and it was an arm and a leg 19:04 < mguy> pingfloyd: That's why you would drool over an SGI 19:04 < electrosys> i heard of povray, i think that was command line right? 19:04 < electrosys> wasn't that just a ray tracer? 19:05 < apro> what is the difference between using fdisk and lvm? 19:05 < mguy> yea I think you had to provide your own models 19:05 < mguy> apro: different layers of disk systems there 19:05 < apro> mguy: could you tell me more 19:06 < akd> sudo: unable to execute /root/paas/scripts/bin/backup: Permission denied 19:06 < akd> I've checked and the user is owning the script and execute permissons 19:07 < akd> what am I missing? 19:08 < mguy> apro: fdisk makes partitions on a disk...LVM can do many things like combining them, take snapshots... 19:08 < Toadisattva> my network manager shows me as connected to my network, but in order to ping or actually access the internet I have to run dhclient, is there a setting I can change or a way I can automate this process so I don't have to manually run dhclient every time I log in? 19:08 < mguy> apro: you could format a drive with fdisk but you present it to your system with LVM 19:09 < apro> what kind of presentation i can bring it? could you tell an example? 19:09 < bls> apro: fdisk creates partitions. that's it. lvm allows you to manage volumes within a partition for easier resizing, etc 19:09 < akd> I am unable to run a shell script as user master-backup `sudo: unable to execute /root/paas/scripts/bin/backup: Permission denied`, I have permission : `-rwxr-xr-x 1 master-backup master-backup 13938 Sep 15 2017 /root/paas/scripts/bin/backup` 19:10 < bls> akd: what are the permissions of the directories leading up to that file? what's the #! line in that file? 19:10 < akd> #!/bin/bash 19:11 < akd> drwxr-xr-x 2 root root 4096 Feb 7 16:07 . 19:11 < hexnewbie> akd: sudo -u master-backup namei -l /root/paas/scripts/bin/backup 19:12 < akd> what ids namei? 19:12 < akd> f: /root/paas/scripts/bin/backup 19:12 < akd> drwxr-xr-x root root / 19:12 < akd> drwx------ root root root 19:12 < akd> paas - No such file or directory 19:12 < hexnewbie> akd: It's unlikely that a user master-backup would have traverse access to /root, and I advise you not to give it. Instead move the script to /usr/local/bin or /opt/akd/backup-scripts 19:13 < hexnewbie> akd: Of course, if the name of the script is "backup", don't put it under /usr/local/bin under that name. 19:14 < akd> why? 19:14 < d3fragg3d> can someone help me? I am trying to connect to mpd via ncmpcpp, on the client machine I can telnet into mpd via telnet 192.... 6600 it responds with MPD, however in ncmpcpp with the same IP and port on the same machine it says "connection refused" anything obvious I am missing? 19:14 < hexnewbie> akd: Cause it would shadow any OS program named backup, because /usr/local/bin is in $PATH. Put it somewhere outside /root, but outside of $PATH, /opt/backup-scripts or /usr/local/backup-scripts will do 19:16 < hexnewbie> Wonderful, opening msn.com causes my fan to turn on. 19:16 * MrElendig suggests not storing your backupscripts in /root 19:16 < akd> hexnewbie, /opt is owned by root 19:16 < electrosys> hexnewbie: it doesn't supprise me, try the no-script web-browser plugin. 19:17 < electrosys> some of those web pages are turning into bot nets it seems, what the heck are they doing? 19:17 < hexnewbie> electrosys: Well, I opened it in chromium. But it's fine in Mozilla 19:17 < hexnewbie> (with NoScript) 19:17 < electrosys> hexnewbie: that doesn't really suprise me either. 19:18 < hexnewbie> akd: Yes, and it should be. Would it be a problem for you? 19:18 < electrosys> yup, cause its the javascript, i think thats one of the few ways to utilize client processing power from the server. 19:18 < electrosys> at least through a web-browser 19:19 < electrosys> ^^ same guy? 19:19 < hexnewbie> akd: master-backup wouldn't have access to root's personal and *sensitive* files in /root/, so you need to put it elsewhere (location owned by root is probably preferable) 19:19 < electrosys> person i should say. 19:22 < akd> hexnewbie, sudo: unable to execute /usr/local/bin/backup: Permission denied 19:23 < akd> lrwxrwxrwx 1 root staff 29 Jun 16 13:20 backup -> /root/paas/scripts/bin/backup 19:23 < akd> Can't I do that ? 19:23 < hexnewbie> akd: Nope. That's a symlink, it still reads it from /root 19:24 < Sitri> It'd work if it were a hardlink 19:24 < spare> cat /root/paas/scripts/bin/backup|sudo -u master-backup /bin/bash 19:25 < Sitri> what 19:25 < hexnewbie> akd: Also, if you can't get the permissions to the *backup* script right, I suggest you be very very careful with it, lest you accidentally fall do the fatal error from this folk story: https://it.slashdot.org/comments.pl?sid=11007635&cid=55044149 (have made the fatal mistake from the parable at least twice myself, thankfully catching it) 19:26 < spare> you can print the file as root and pipe it to bash ran as another user without needing file access 19:28 < Dagmar> Reminder: Hardlinks are never the answer. 19:28 < hexnewbie> To this question, at least, they are certainly not. 19:29 < electrosys> I was going to say, are hardlinks in the unix environment, like goto's in the programming invironment, basiclly a bad word you shouldn't use? 19:30 < asdfffdsa> Is there any way to switch to another user and log out of the original user? I guess I could just enable root login over ssh on this server while I do some maintenance but I'd rather not if I don't have to 19:31 < electrosys> asdffdsa: there must be a command to logout a user, maybe logoff has some extra switches? 19:31 < hexnewbie> electrosys: Hard links are useful for some tasks (e.g. incremental backups with rsnapshot, reducing space used by ancient data archives using hardlink, preparing DVDs for Windows where identical files do not occupy extra space - genisoimage respects it). 19:31 < electrosys> so not a good analagy then. 19:31 < hexnewbie> electrosys: No, goto is much more useful than hardlinks. :) 19:32 < electrosys> but goto's can make a mess, they shouldn't be used, as there are other mechanisims that solve the probram in a more maintainable way. 19:33 < storge> asdfffdsa: do you mean to run a screen or tmux session on the remote machine? 19:34 < hexnewbie> electrosys: That's not really true. Modern languages like C only provide local goto, which is limited in messiness, are irreplaceable in C when doing error handling, and I've seen them substituted with insanity (Apache code is riddled with do { ... } while (0); so it can use break instead of goto, which I find insane) 19:34 < Dagmar> because the people who use goto are people whose code you eventually wind up throwing away 19:35 < electrosys> hexnewbie: i can see error handeling, i dont know much C only C++ 19:36 < hexnewbie> egrep -rch 'goto\s+\S+;' /usr/src/linux | awk '{ s+= $1 } END { print s }' → 122580 19:36 < hexnewbie> Good throwaway code ;p 19:37 < asdfffdsa> storge: nah, i mean i ssh into a server via a non-root user and then logout of that user and login to root in a single command. but something else came up so i can't really do it now anyway 19:37 < akd> Why am I still getting a password prompt with ssh with public key authentication? 19:37 < akd> I am doing `sudo -u master-backup CLIENT_HOST=master-01 CLIENT_DRIVE=/backup backup push` 19:38 < akd> the backup shell script is using ssh I expect it to use the ssh private key of master-backup 19:38 < akd> instead, I have `master-backup@master-01's password: ` 19:39 < akd> My host private key is -rw------- 1 master-backup master-backup 1675 Sep 14 2017 id_rsa 19:39 < akd> the host .ssh directory is rwxr 19:39 < Dagmar> You need to specify the username to use on the remote end if it's not the same as the one on the local end 19:39 < akd> the distant host authorized_keys is chmod 600 19:39 < akd> it is the same username 19:40 < Dagmar> Then `sudo -u master-backup bash` and find out "in person" what's going wrong 19:40 < hexnewbie> akd: Inspect ~master-backup/.ssh/id_rsa, ~master-backup/.ssh/id_rsa.pub, and (on the server) ~master-backup/.ssh/authorized_keys with namei -l 19:41 < Dagmar> ...and to be perfectly honest, if you weren't defining the username and public key in ~master-backup/.ssh_config you were already doing it a bit wrong 19:41 < hexnewbie> akd: Also time to invest in ed25519 keys that come with 300% more tinfoil content. ;) 19:42 < akd> TBH it's time to check why email cant be send for 4 month and why backup havent been done for 4 month, why the authorized key have disappeard 19:42 < akd> and why did we fail to see that before 19:42 < akd> but yeah we will do all that we have a revamp of this part 19:42 < akd> we are a bit oustaffer 19:42 < sauvin> Except.... it's not really "tin foil" any more. It's all aluminum, which is transparent to many bands. 19:43 < akd> ssh master-01 -p10022 -I id_rsa 19:43 < akd> dlopen id_rsa failed: id_rsa: cannot open shared object file: No such file or directory 19:43 < MrElendig> was never tin 19:43 < MrElendig> tin foil 19:43 < hexnewbie> aluminium! *ducks* 19:44 < sauvin> It was before WWII. 19:44 < hexnewbie> akd: -i, small i, not -I, capital I 19:44 < akd> well, it is asking for the password 19:45 < akd> the public key is installed on the other host in /backup/.ssh/authorized keys, the perms are 600 and the file and directory are owned by master-backup 19:45 < MrElendig> sauvin: but generally with a different use case 19:45 < hexnewbie> akd: ssh -vvv master-01 19:45 < hexnewbie> akd: Is /backup/ the home directory of master-backup? 19:45 < sauvin> Um, no, it was used pretty much as aluminum foil is today. A major reason for moving to aluminum was that tin imparted a tinny taste to foods. 19:45 < MrElendig> actual tin foil leaves a taste on the food 19:46 < akd> hexnewbie, yes it is the home directory of master-backup 19:46 < akd> https://paste.gnome.org/pquyl9bmp 19:46 < Dagmar> ...and everyone loves eating small amounts of metals 19:46 < sauvin> But of course we do, but we're rapidly developing a taste for plastic. 19:46 < Drakonan> hello im trying to figure out how to get in to my iomega ix4-200d it says support access is enabled 19:46 < Drakonan> i have ssh access to it 19:46 < Drakonan> but idk what the password is and i dont see a way to set it from the web interface 19:47 < MrElendig> admin admin? :p 19:47 < Drakonan> for ssh? 19:47 < Drakonan> maybe root admin? but i already tried that 19:47 < MrElendig> literally admin admin 19:47 < hexnewbie> akd: The server didn't like the key. Does the /backup/.ssh/authorized_key contain the contents of the corresponding id_rsa.pub ? 19:47 < MrElendig> well ADMIN ADMIN 19:48 < Dagmar> Looks like "root" and "soho" for that one 19:48 < MrElendig> because yelling makes it more secure 19:48 < sauvin> This one? https://www.router-reset.com/reset-manuals/Iomega/StorCenter-IX4-200d 19:48 < akd> yes 19:48 < MrElendig> manual says ADMIN 19:48 < MrElendig> also, pretty much all iomega devices ever have used ADMIN ADMIN 19:48 < akd> on first time it contain the exact same content 19:48 * hexnewbie is very upset by these default password policies. Default password should always be 'YOLO!'. 19:49 < Drakonan> im sure for the web console that would be right? but not ssh? but i tried it anyway and it is denied 19:49 < akd> I did a test to compare both string 19:49 < akd> it return true, they are equal 19:49 < pingfloyd> default password should be "sitting duck" 19:49 < hexnewbie> akd: Anything in the server log? 19:50 < Drakonan> nothing relatvent 19:50 < Drakonan> relavent 19:50 < Drakonan> relevant 19:50 < MrElendig> try soho 19:50 < MrElendig> without the <>'s 19:50 < Dagmar> pingfloyd: If people didn't learn from the clicking drives, nothing we say now is going to stop them 19:50 < hexnewbie> akd: If not, you can try raising the LogLevel in sshd_config to DEBUG 19:50 < pingfloyd> lol 19:51 < akd> no there is nothing, because it ask for password, when I fail the password, I have authotication failure in the log of my distant host 19:51 < Dagmar> "Yes, I had numerous proprietary disks destroyed by a company's malfunctioning hardware, but I'm going to trust LOTS of data to them at once now." 19:51 < pingfloyd> yeah, trust them with a NAS now 19:52 < Dagmar> akd: If it's still asking for the password when you've used sudo bash to "be" that user, then you didn't set up key auth correctly 19:52 < Dagmar> Use ssh-copy-id already 19:52 < akd> Dagmar, I think I did 19:52 < hexnewbie> Having a copy of your critical files on a single floppy disk? It's OK, only 10% of my floppy disks have failed and lost data. 19:52 < MrElendig> I've been looking for a 4 bay nas, but basically concluded that I'm probably better off buying a hpe microserver 19:52 < MrElendig> cheaper too 19:52 < akd> The key hasn't moved for a while 19:52 < akd> I can generate a new one 19:52 < Dagmar> akd: At this point, that's called a "delusion" 19:53 < akd> why a key would have disappeard from the distant host ? 19:53 < pingfloyd> hexnewbie: it's not so bad if they're a *copy* 19:53 < pingfloyd> say 1 of many 19:53 < Dagmar> akd: One reason might be that it's no longer the same host. 19:53 < MrElendig> hexnewbie: 20 year ago I could buy a 100 stack of floppies and maybe one would be borked, a few years ago I bought a new 100 stack and I couldn't even find 20 of them that worked 19:53 < akd> Dagmar, it is 19:53 < akd> :D 19:53 < akd> I have only 3 19:54 < Dagmar> This is why you set it up, lock things down to a specific keypair, and treat failures like the hostile incursions they necessarily are 19:54 < akd> and they never changed 19:54 < MrElendig> Drakonan: soho worked? 19:54 < Dagmar> akd: ...and yet authentication-related files are mysteriously disappearing from the host? 19:54 < Dagmar> That's no longer your host, bruh 19:54 < pingfloyd> 10 years ago, I remember having a hard time finding any place still selling floppies. 19:54 < hexnewbie> MrElendig: That's weird, four years ago I ran ddrescue on all my floppies from my closet to image files, and only 2-3 had problems copying parts of the data. 19:55 < pingfloyd> floppies have always been hit and miss 19:55 < Drzacek> Hello there 19:55 < Dagmar> Just the same, iOmega made their own type of floppy, and the drives for reading them were rather flawed. 19:55 < pingfloyd> even in the 5 1/4" days 19:55 < Dagmar> ...and they basically ignored that problem for long enough that I won't trust them again 19:55 < MrElendig> hexnewbie: but those were probably old floppies 19:55 < Drakonan> MrElendig, right now i dont have any password at all... i just log right in from the web... so idk what to type for an ssh password 19:55 < Drakonan> security is disabled 19:56 < MrElendig> seems that for some reason they are incapable of making any reliable ones anymore 19:56 < pingfloyd> Dagmar: I remember when they tried to sweep that issue under the carpet 19:56 < hexnewbie> MrElendig: Yup. I know quality of everything has dropped, but aren't floppies nowadays only used by high-profile government types? 19:56 < akd> Dagmar, you seems so sure 19:56 < akd> I have tried to generate a new key 19:56 < Dagmar> "goodwill" on that trade name is all burnt up. They should just walk away from it 19:56 < akd> and added it to the host 19:56 < akd> still does not work 19:56 < MrElendig> or they are just repackaging some old stock that have been sitting next to a giant transformer for 20 years 19:56 < pingfloyd> they basically waited until all their customers finally formed a giant lynch mob 19:56 < pingfloyd> such great customer support 19:56 < MrElendig> the box that epicly failed was even proper 3m floppies 19:56 < Drakonan> was going to try and mount some nfs shares because apparently the device uses smb1 and windows 10 doesnt have it by defualt so was going to try and mount over nfs but its not working 19:57 < pingfloyd> it was funny how before that, there was sort of an iomega cult 19:57 < Drakonan> device is slow anyway so idc about overhead who knows may be faster since the device is so slow and nfs is "native"? 19:57 < Dagmar> they were almost the only people making larger-capacity magnetic storage that wasn't a horrible tape drive 19:57 < pingfloyd> the click of death was their Jim Jone's Koolaid 19:57 < sauvin> Dagmar, you got hit with the magical Click of Death? 19:58 < MrElendig> on some telecom hardware we ended up getting some cheap floppy->sd card adapters off ebay to keep them working, due to lack of a source for new reliable floppies 19:58 < MrElendig> works reasonably well 19:58 < Dagmar> The 120M "super" floppy would have murdered iOmega inside of a year if the timing weren't so bad with optical drives finally become less expensive than a new workstation 19:58 < Mattx> hey, how do I connect to a server using netcat, if there is a load balancer in front of it? I trying pining the domain and connecting directly to that ip, but that didn't work 19:58 < Dagmar> sauvin: No, I had to help clients who had them 19:58 < sauvin> I trashed more than one. :\ 19:58 < Drakonan> yay found it, was root / soho 19:59 < Mattx> I'm trying to run this: cat request.test | nc domain.com 443 19:59 < pingfloyd> I never had one, but remember reading a lot about the whole mess 19:59 < Dagmar> Drakonan: You mean, like I said from the start 19:59 < Mattx> but that shouldn't work probably, because it's ssl, don't know how to do it 19:59 < akd> Is it possible that my user is ban (fail2ban) 19:59 < Drzacek> If I may, I would like to have some questions answered, redarding keys, signing, gpg and stuff 19:59 < pingfloyd> HDDs are the new floppy drives 19:59 < jim> I've never experienced a 5 1/4" day... they were much taller for me 19:59 < sauvin> Mattx, thinking you may need socat or something that understands ssl. 19:59 < pingfloyd> (conventional HDDs) 19:59 < Dagmar> akd: If you can telnet to port 22 on the host and still see the OpenSSH banner, then fail2ban hasn't kicked you out yet 20:00 < Drzacek> why does signing something makes it safer? 20:00 < Drakonan> you never said root / soho so i googled soho because that sounded familiar and someone had posted 20:00 < akd> Dagmar, then why cant I use ssh key pair ? 20:00 < pingfloyd> Drzacek: it gives you a means to validate the something 20:00 < Dagmar> Looks like "root" and "soho" for that one 20:00 < akd> if I show you all the logs can you tell me ? I am absolutely sure keys are correct 20:00 < pingfloyd> Drakonan: that is, be able to see if it has changed (been tampered with) since it left the hands of the original author 20:01 < Dagmar> akd: Could be lots of reasons, some of which would probably show up if you were to assume the specified userid, and then run ssh with -vvv on it and read what it says 20:01 < Drzacek> pingfloyd, I understand the general idea behind it. I create a file, sign it, then there is a way to confirm the package wasn't tempered with 20:01 < pingfloyd> Drzacek: that's one usage, yes 20:01 < Drzacek> but it all comes down to - do you trust this signature? I mean, anyone can create a key and sign files wildly 20:01 < pingfloyd> Drzacek: you have to check the signature 20:02 < Dagmar> That's why there's a chain of trust and certificate signing authorities 20:02 < pingfloyd> the real question is if you trust the author 20:02 < Drzacek> for example, I can download the linux kernel and verify that the signature is valid 20:02 < Drakonan> too bad i still cant get nfs to mount 20:03 < Drzacek> pingfloyd, exactly, I believe this is my question 20:03 < pingfloyd> you don't trust the signature, it's more that after properly checking the signature, you know its good, and the question becomes about trusting the author knowing it's a pristine copy at that point. 20:03 < Mattx> sauvin, I'm trying with socat though it works completely different it seems 20:03 < MrElendig> never trust that linus dude, I've heard he is a communist 20:04 < Drzacek> pingfloyd, the only way I can currently imagine is 100% secure, is when I meet someone in person and obtain his public key - then I can verify the signed files if they match the key I received from him/her 20:04 < pingfloyd> Drzacek: with a gpg sig, you can check by having a web of trust in place (not very practical), or by verifying the fingerprint. This still leaves the dilemma of being able to identify if the fingerprint you're comparing against is pristine and authentic. 20:04 < Drzacek> but we are in internet, how does it work, how does this all trust work here 20:04 < rasputozen> do communists give bad tech reviews? 20:04 < pingfloyd> Drzacek: it's the fingerprint that will review if it is a forged signature 20:04 < pingfloyd> s/review/reveal 20:04 < MrElendig> rasputozen: yes, they only give average scores 20:04 < jim> MrElendig, he plays too much piano with lucy 20:04 < pingfloyd> a web of trust would as well 20:05 < MrElendig> rasputozen: instead of just giving 9.5/10 to everything like any good capitalist would 20:05 < rasputozen> MrElendig: yea but it lets the other scores stand out better 20:05 < Drzacek> pingfloyd, yeah the exact magic behind is still not very clear to me, but I'm trying to understand the basics now 20:05 < akd> I want to connect using SSH key/pair, this is my log from the distant host : https://paste.gnome.org/pmsxqwfdo , this is the log from my host https://paste.gnome.org/phci6y4l1 , why is it failing to use key? 20:05 < Drzacek> what is "a web of trust" 20:05 < MrElendig> (after being paid to do the review) 20:05 < MrElendig> Drzacek: wikipedia has a quite good page about that 20:05 < Drzacek> checking it now 20:06 < MrElendig> so do gpg, but it is a bit harder to read 20:06 < rasputozen> money doesnt lie 20:06 < jim> or tell the truth 20:06 < pnbeast> I think Bob Dylan said it swears. 20:07 < rasputozen> what of that gpg vulnerability 20:07 < akd> Dagmar, do you see the mistake I have made =[ ? 20:08 < MrElendig> rasputozen: fixed now 20:09 < hexnewbie> akd: Never confuse chmod with chown, except in confusing circumstances. 20:09 < rasputozen> but can i ever trust it again 20:09 < MrElendig> a bit strange that it have been in so long though 20:09 < Drzacek> okay, so in short - the keys are verified by multiple users and other 1) you trust that the one with many confirmations belongs to the person it says it belongs or 2) you have confirmed some keys yourself, and that other person confirmed some other keys etc and if you can find a chain connection == confirm,safe,secure - can trust 20:09 < MrElendig> rasputozen: there isn't anything better out there so... 20:09 < pingfloyd> rasputozen: are you trying to say proprietary is more trustworthy because it's all about money? 20:09 < MrElendig> rasputozen: also, if you didn't use --verbose for everything it was no issue 20:09 < MrElendig> :p 20:09 < BenderRodriguez> Does anyone know of a good rsync based app to facilitate backups 20:09 < akd> hexnewbie, yeah its a typo 20:10 < akd> I didnt do it on my host 20:10 < akd> That doesnt tell me at all how I can connect using ssh 20:10 < MrElendig> BenderRodriguez: I would consider something diff based 20:10 < sinatrablue> BenderRodriguez: rsyc? 20:10 < akd> backup or stop, its sunday 20:10 < akd> +]/ 20:10 < MrElendig> BenderRodriguez: rdiff/whatever 20:10 < pnbeast> BenderRodriguez, "rsnapshot" style... You can write a small wrapper script yourself that does it. 20:10 < pingfloyd> it's saturday here 20:10 < sinatrablue> BenderRodriguez: you could use grsync 20:10 < rasputozen> if you use btrfs the basic tools are pretty much a built in backup system 20:10 < BenderRodriguez> well actually 20:10 < BenderRodriguez> let me back up 20:11 < Drzacek> soooooo in order to trust people on the internet, I should go to the world tour, meet people and sign their gpg keys - right? 20:11 < MrElendig> incremental with snapshots/logs is nice 20:11 < BenderRodriguez> the files that I want to back up are on LVM volumes 20:11 < Armand> Drzacek: Yarp 20:11 < BenderRodriguez> i know LVM supports a snashot volume feature 20:11 < pingfloyd> Drzacek: that's the ideal way 20:11 < Drzacek> hwere do I start? 20:11 < BenderRodriguez> maybe it comes pre-built with backup functionality? 20:11 < MrElendig> BenderRodriguez: but not incremental, so expensive as hell 20:11 < Armand> Drzacek: Nearest pub. 20:11 < BenderRodriguez> hmm I see 20:11 < BenderRodriguez> this seems to be promising 20:11 < BenderRodriguez> https://github.com/laurent22/rsync-time-backup 20:11 < Drzacek> Armand, sounds good, doesn't work 20:11 < MrElendig> Drzacek: got to CCC 20:12 < Armand> lol 20:12 < rasputozen> btrfs has built in incremental but theres a little dancing you have to do 20:12 < akd> I want to connect using SSH key/pair, this is my log from the distant host : https://paste.gnome.org/pmsxqwfdo , this is the log from my host https://paste.gnome.org/phci6y4l1 , why is it failing to use key? 20:12 < Drzacek> MrElendig, define ccc 20:12 < MrElendig> rasputozen: eh simpler than most 20:12 < pingfloyd> Drzacek: but I think for practical purposes, that when the author publishes their fingerprint on say their website that is in turn validated by a CA signed certificate, that's fine. 20:12 < SuperSeriousCat> If your paying Im up for a pub run 20:12 < rasputozen> MrElendig: agreed 20:12 < BenderRodriguez> actually, rdiff looks interesting as well 20:12 < akd> debug1: Host '[master-rbx-01]:10022' is known and matches the ED25519 host key. 20:12 < BenderRodriguez> I'll give that a shot 20:12 < akd> Why./ 20:12 < rasputozen> its like git, theres complexity but its not unnecessary 20:12 < Drzacek> pingfloyd, does the CAcert verify the person somehow? 20:12 < pingfloyd> Drzacek: that becomes as good as you can practically get. Who goes to key signing parties anyway? 20:12 < MrElendig> Drzacek: https://www.ccc.de/en/ they hold a really nice congress every year 20:12 < hendrix> BenderRodriguez: I use Back In Time, which is great 20:13 < pingfloyd> Drzacek: that dependency on key signing parties is gpg's weakness 20:13 < akd> So no one can tell me why my ssh keys cant work between two host 20:13 < Drzacek> pingfloyd, didn't knew that there were such parties. Would totally go 20:13 < akd> I thought they were only hacker here 20:13 < MrElendig> Drzacek: https://en.wikipedia.org/wiki/Chaos_Communication_Congress 20:13 < pingfloyd> Drzacek: who's got time for that? 20:13 < pingfloyd> Drzacek: you merely checking sigs already distances you quite a bit from the low hanging fruit 20:13 < rasputozen> imo a system based on meeting people irl isnt acceptable for nerd culture 20:13 < Drzacek> pingfloyd, If I would play less world of tanks I probably would find the time 20:14 < pingfloyd> Drzacek: really, just being careful from what sources you download from avoids most of the problems. 20:14 < MrElendig> rasputozen: ccc/defcon are exceptions 20:14 < pingfloyd> like covers say 99% of making sure you get a pristine copy 20:14 < MrElendig> specially ccc 20:14 < hexnewbie> akd: Sorry. I thought you said “Dagmar, do you see the mistake I have made =[ ?” because you noticed your mistake. Your authorized_keys owner is wrong, it's not master-backup 20:15 < Drzacek> pingfloyd, I was thinking about the other way around - publish some stuff myself 20:15 < pingfloyd> like the guy that goes to the project's official site to download is a world ahead of the average idiot downloading from the latest and greatest download site scam. 20:16 < Drzacek> what's stoping me from git cloning stuff and trying to pretend I'm the official project site? If it gets enough click it will even show higher in google when someone looks for that 20:16 < pingfloyd> Drzacek: I think more of the reason to check sigs (assuming user practices common sense to begin with) is to make sure they're not altered via MITM from say the NSA. 20:17 < pnbeast> akd, did someone answer you yet? Did you 1. make keypair using ssh-keygen, 2. use ssh-copy-id to transfer pub key to "server", 3. have good perms on path to your key(s) 20:17 < pingfloyd> Drzacek: that your url will be different, or your certificate won't check out 20:17 < akd> (1) yes, (2) no , (3) yes I've posted the logs 20:18 < akd> hexnewbie, I have corrected that 20:18 < pingfloyd> Drzacek: it would be trivial if say the official site wasn't using https 20:18 < akd> and It is not that 20:18 < akd> even with proper user 20:18 < bls> or your commits won't be signed by one of the maintainers 20:18 < Drzacek> pingfloyd, it would be on github, for example 20:18 < Drzacek> so you're only left with "different name" 20:18 < pingfloyd> github has a CA certificate 20:18 < akd> pnbeast, I have generated the key using ssh-keygen, I did set permissions on the host, I did move in the distant host the key in authorized_keys and set chmod 660 to this file 20:18 < akd> I have posted all the logs 20:18 < Drzacek> pingfloyd, yes, but not for each project sites 20:19 < pingfloyd> if you went to http://github.com instead of https://github.com (and the certificate checks out) then there's need for concern 20:19 < hexnewbie> akd: I suspect sshd would refuse to use an authorized_keys with liberal 660 permissions 20:19 < pingfloyd> it would also be shame on github for not using https: to begin with 20:19 < bls> and doesn't github redirect to https? 20:19 < Drzacek> and instead calling my project "pingfloyd" like the original one, I would call it "pingfIoyd". 20:19 < pingfloyd> as they take away the user's ability to be able to assess they're at the authentic site 20:20 < pnbeast> akd, I would remove the "autorized" key file from the remote and use ssh-copy-id. It's just easier in the long run. 20:20 < akd> hexnewbie, I have tried 600 also 20:20 < pingfloyd> Drzacek: a certificate wouldn't make a difference there 20:20 < pnbeast> Maybe fixing the spelling will also help. Dunno, don't care. 20:20 < akd> pnbeast, sure I will do it 20:20 < Drzacek> yeah I guess 20:20 < Drzacek> anyways 20:20 < pingfloyd> Drzacek: because you could get a certificate signed by a CA for say pingfIoyd since it wasn't taken yet. 20:21 * pnbeast applies for a pingfIoyd cert. 20:21 < pingfloyd> and I would be at the official pingfIoyd site, which in our scenario happened to be a bad site. 20:21 < pingfloyd> i.e., we'd technically be at the official bad site. 20:21 < Drzacek> another question - master vs sub keys. Why? do I really need to? 20:21 * pnbeast creates a *worse* site using the fraudulent cert. 20:22 < akd> that work pnbeast 20:22 < MrElendig> you can use the master for everything if you want to 20:22 < pnbeast> ,next <- still broken. 20:22 < Drzacek> MrElendig, beside decrypting and signing? 20:23 < pingfloyd> Drzacek: I don't know for sure, but always seemed like a way to make taxonomizing easier. 20:24 < Drzacek> what's taxonomizing? 20:24 < pingfloyd> Drzacek: in other words, I think it is more a convenience feature 20:25 < Drzacek> also - file on disk or on smartcard? 20:27 < Mattx> ok, it's almost done. I'm using "cat request.test | openssl s_client -connect localhost:443" 20:27 < Mattx> but it doesn't wait for the response, it closes immediately 20:27 < Mattx> any idea? 20:27 < rcf> Drzacek: your idea of confusing users as to which reppository is legitimate is actually what Sourceforge did back in 2015 (if I recall correctly) when they took over projects that had left, building new installers with lots of adware for unaware googlers. 20:30 < Drzacek> I can see possible advantages of the external smartcard vs keyfile stored on my pc, but does it make any difference security-wise? Or is it just a placebo 20:31 < MrElendig> Drzacek: convenient portable format 20:31 < MrElendig> yubikeys/similar are nice too, though they have some limitations on the keys 20:31 < MrElendig> usually 20:31 < Drzacek> but beside being convenient? 20:32 < MrElendig> Drzacek: slightly lower risk of losing the key 20:32 < MrElendig> since it won't be permanently stored on the machine 20:32 < hassoon> i3 used to support dragging whatever i'm dragging and switching to any workspace at the same time, but now after upgrading my distro, i cannot do that, what package/functionality am I missing ? 20:32 < Drzacek> is there a full access to the key once I use the card with card reader? 20:32 < Drzacek> aka - it can be extracted? 20:32 < MrElendig> sidenote: print out the key on some dead trees and store a secure place too 20:33 < MrElendig> Drzacek: yes, else it wouldn't work 20:33 < fooman2011> re is it possible tu mute a tty in bash ? I mean, I would like to do this "ioctl(tty, KDSKBMUTE, 1) && ioctl(tty, KDSKBMODE, K_OFF)" in bash 20:33 < MrElendig> fooman2011: setterm 20:34 < pingfloyd> what if you don't have a printer? 20:34 < Drzacek> MrElendig, so if there would be hostile software running on the pc without me knowing, it could steal the key too 20:34 < MrElendig> Drzacek: yes 20:34 < pingfloyd> Drzacek: yes 20:34 < fooman2011> MrElendig: thanks 20:34 < MrElendig> Drzacek: this is why you never use keys on public machines and the like 20:34 < pingfloyd> Drzacek: that's kind of why there is an argument to be made why has passphrase auth on your private key is a good idea 20:35 < pingfloyd> it's inconvenient, but an agent can manage that 20:35 < MrElendig> private keys* 20:35 < Drzacek> pingfloyd, didn't knew the password was optional 20:35 < MrElendig> for auth there are more secure solutions, like u2f 20:35 < pingfloyd> Drzacek: you know like when you first generate the eky 20:35 < pingfloyd> *key 20:35 < pingfloyd> it prompts for a passphrase 20:35 < pingfloyd> which you can skip if you want 20:35 < pingfloyd> I think many do 20:36 < Drzacek> pingfloyd, yes it promts, got the impression it was mandatory 20:36 < MrElendig> but that is trivial to keylog too 20:36 < pingfloyd> security is always the dilemma of security vs. convenience 20:36 < pingfloyd> also security measures that cause too much inconvenience tend to get side-stepped or not utilized. 20:36 < Drzacek> well yeah, but the more I learn about it the more I think there is no way to be 100.0% sure 20:36 < pingfloyd> got to always factor in human nature 20:37 < pingfloyd> maybe if programmers were better at that, we'd have less exploits 20:39 < pingfloyd> It's like how software companies implement security and assume everyone else is going to do the say. That is, they're motivated to tighten their security because they care about security, while everyone else doesn't implement any more security than they're forced to. 20:40 < fooman2011> MrElendig: I looked for setterm. I don't see what is the option to use to mute the tty 20:40 < pingfloyd> like a Bank is only going to implement enough security to be compliant 20:41 < pingfloyd> Drzacek: yeah, there's no way to be 100% sure. 20:41 < MrElendig> fooman2011: setterm -blength 0 20:42 < Drzacek> pingfloyd, I don't know how it works, but a bank that implements only the requested minimum is risking their moneys. And risking moneys means they can lose moneys, and losing moneys is something the banks don't want to happen, so I would think they should be doing more than minimum to secure themselves 20:43 < fooman2011> MrElendig: setterm: terminal xterm does not support --blength 20:43 < pingfloyd> Drzacek: they don't care. It's all insured. 20:43 < pingfloyd> Drzacek: if they're compliant, they're covered 20:44 < Drzacek> it is insured. But people will stop trusting the bank and go elsweyr 20:46 < pingfloyd> Drzacek: like say you worked for some bank and were in charge of managing/updating/implementing their security. Let's say you really care about security, so you naturally feel it's a good idea to go above and beyond what is absolutely required. The bank isn't going to care nor give you due credit for that extra diligence in spite of the obvious positive ramifications of protecting everyone's money and 20:46 < pingfloyd> investments. Instead they're going to complain about your use of time. 20:47 < pingfloyd> Drzacek: it's not going to impact the customer from their point of view. 20:48 < pingfloyd> Drzacek: money turns up missing, the bank files a claim and continues to operate like normal from the Customer's POV. 20:49 < Drzacek> hmm I guess 20:50 < pingfloyd> as far as say account fraud, yeah customer will notice if their money is missing, but look how common place that has become. 20:50 < pingfloyd> it's now normalized. 20:50 < fooman2011> Is it possible to mute (block any character output) a tty in bash ? I mean, I would like to do this "ioctl(tty, KDSKBMUTE, 1) && ioctl(tty, KDSKBMODE, K_OFF)" in bash 20:50 < ntd> anyone using shinobi? 20:50 < pingfloyd> and that's created a whole snake oil industry like LifeLock etc. 20:50 < Drzacek> so just to summarize - I CAN get a card/card reader to make my life easier but it won't make things much more secure, I should get CA cert (?), go to a wild key-signing party, and probably also use subkeys during my happy internet events 20:50 < Sitri> The author of shinobi presumably 20:51 < bluezinc> Drzacek: context? 20:51 < ntd> my bad. any currently present users of this channel using shinobi? 20:51 < pingfloyd> you don't need a CA cert except maybe for you website so your visitors can tell it is your website they're viewing 20:51 < Sitri> Just ask your question 20:52 < Drzacek> bluezinc, uzing gpg key to sing software packages I create in order to distribute it evenly to all the people (or just the few that might want it) 20:52 < BenderRodriguez> Is there a way to get rdiff-backup utility to show progress during its run 20:52 < BenderRodriguez> at the very least, show the file it's currently processing 20:52 < BenderRodriguez> ? 20:52 < MrElendig> just use certbot for your site 20:52 < bluezinc> Drzacek: you're assuming that anyone actually verifies PGP keys... 20:52 < pingfloyd> bluezinc: haha 20:53 < pingfloyd> back to human nature 20:53 < MrElendig> certbot/letsencrypt 20:53 < bluezinc> pingfloyd: as always, the weakest link in your security is sitting behind the keyboard... 20:53 < pingfloyd> bluezinc: his smart users will appreciate his efforts though 20:53 < Drzacek> bluezinc, well, the specific use-case I have currently in mind assumes people use operating system that I prepared and they are only allowed to install packages signed by me 20:54 < Drzacek> bluezinc, but I also wanted to know how does that whole key trust thing works in general 20:54 < bluezinc> Drzacek: hmm... Sounds a little 1984-ish, but OK, then... 20:54 < Drzacek> MrElendig, I use it for my website, yes 20:54 < pingfloyd> the average idiot user will probably download his stuff from sites like sourceforge etc. 20:54 < bluezinc> Drzacek: in that case, I'm pretty sure it's just "gpg --sign" 20:54 < pingfloyd> actually probably even worse than sourceforge 20:55 < bdonnahue> hey guys, how can I use curl to do a get with multiple parameters? whats the syntax? is it ?p1="foob"&p2="bar" ?? 20:55 < pingfloyd> some "download site" that I've never heard of because I don't use such garbage. 20:55 < MrElendig> bdonnahue: curl can actually build that itself 20:55 < bls> it's pretty much what we're seeing right now with docker, and I expect to start happening with snaps/flatpaks 20:55 < Drzacek> bluezinc, yes it is 20:55 < bdonnahue> MrElendig, hmm not sure what you mean... asking google still 20:56 < electrosys> someone was asking about the exec: have you heard of xargs? 20:56 < MrElendig> bdonnahue: -d foo=1 -d bar=2 -d baz=3 20:56 < pingfloyd> electrosys: gnu's find, you rarely require xargs anymore 20:56 < bls> xargs is almost never what you should use instead of exec 20:57 < bdonnahue> MrElendig, thanks! 20:57 < MrElendig> er.. --data-urlencode 20:58 < pingfloyd> also not understanding shell word splitting well and using xargs can be pretty disastrous under the right circumstances. 20:58 < MrElendig> though if it is already encoded, -d is fine 20:58 < bls> and realistically, if you're in one of those situations where xargs can do something find can't, you're better off emulating it with a shell script and -exec + 21:00 < MrElendig> if you need find | xargs, always use print0 21:02 < yuken> How should I setup a SAMBA/CIFS mount to only try and mount when a network connection is found? FSTAB works perfectly for my always-connected box via ethernet, but doesn't like wi-fi 21:04 < MrElendig> yuken: networkmanager hook, systemd service 21:05 < bdonnahue> MrElendig, for some reason curl -X GET http://localhost:8500/v1/kv/locks?index=248 21:05 < bdonnahue> works 21:05 < bdonnahue> but the following does not 21:05 < bdonnahue> curl -X GET -d index=X-Consul-Index http://localhost:8500/v1/kv/locks 21:05 < bdonnahue> any thoughts? 21:06 < solidfox> finally encrypted my hard drive like we were talking about a few weeks ago 21:06 < pingfloyd> dm-crypt full disk? 21:06 < bdonnahue> ah nvm i figured it out 21:07 < solidfox> pingfloyd, idk. I think it's LVM Full disk encryption 21:07 < pingfloyd> okay 21:07 < pingfloyd> how you liking it? 21:07 < MrElendig> missing $? 21:07 < solidfox> pingfloyd, it ain't bad, it's actually less irritating if you use a different password than your user account. 21:07 < pingfloyd> solidfox: that's how I do it on my laptop LVM over Luks 21:08 < solidfox> pingfloyd, recently my friend's laptop was stolen 21:08 < solidfox> pingfloyd, so I decided I need to get serious about protecting mine. 21:09 < yuken> MrElendig, I have absolutely 0 clue how to do that. 21:09 < solidfox> pingfloyd, in spain apparently the police don't do anything, and stores don't have cameras 21:09 < solidfox> s/don't/can't 21:09 < MrElendig> eh, lots of stores has cameras 21:09 < solidfox> MrElendig, ah 21:09 < pingfloyd> solidfox: it's really sad that hasn't become a ubiquitous practice for portable devices in general 21:10 < MrElendig> usually the kind with image quality the 60's would be proud of though 21:10 < solidfox> pingfloyd, yeah 21:10 < pingfloyd> like where the assumption become that if something is portable, it's going to be using some form of FDE. 21:10 < pingfloyd> *becomes 21:10 < solidfox> FDE? 21:10 < solidfox> ah nvm 21:10 < pingfloyd> society is lagging, and needs to get to that point. 21:11 < MrElendig> it is the norm on portable tracking devices 21:11 < MrElendig> except the really low end ones 21:11 < pingfloyd> then you'll be able to have a little bit of confidence in your data being secure on them. 21:13 < MrElendig> but then again, they still sell phones with android 4.4 by the pallet 21:13 < zBrains> Hello, I'm trying to find out what happened to the openlunchbox project 21:13 < zBrains> or if anyone knows of something similar 21:14 < zBrains> open source modular laptops 21:14 < MrElendig> died 21:14 < MrElendig> you can just forget about the idea until we have affordable risc-v devices capable of running gnu/linux 21:15 < MrElendig> and some open wifi card 21:15 < MrElendig> sadly we don't have either, and the later is never going to happen 21:15 < solidfox> MrElendig, why never? 21:15 < zBrains> yeha why never 21:15 < MrElendig> because no hardware maker is going to spend the money 21:16 < solidfox> what if some good guy decides to design one that is open? 21:16 < solidfox> then any company can start making them and selling them according to that design 21:16 < MrElendig> solidfox: and who are going to pay for the 200k€++++ required for certification? 21:16 < zBrains> I wonder how mouch money would be needed to get enough work done to get it going 21:16 < solidfox> MrElendig, that ain't too much. just need some property to collect money 21:16 < solidfox> MrElendig, and debt 21:16 < zBrains> what type of certification we are talking about 21:17 < neoncortex> I need to be certified to connect into networks? I mean, routers check if it's certified or something? 21:17 < MrElendig> depends on which country you want to sell in 21:17 < neoncortex> wireless cards ^ 21:17 < solidfox> MrElendig, it costed 1 million to apply to become a marijuana farmer in PA 21:17 < zBrains> us 21:17 < solidfox> (I think) 21:17 < MrElendig> if you want it world wide: have fun because you have to test to about 80 different standards 21:17 < sauvin> Or more. 21:18 < solidfox> ah I see. well we don't need wifi, we have ethernet :D 21:18 < MrElendig> it's about 80ish for most rf devices 21:18 < MrElendig> solidfox: ok, then it is just 60 or so 21:18 < MrElendig> :p 21:18 < solidfox> hahaha 21:18 < zBrains> eveery day I find it hardeer to buy a machine with ethernet jajaja 21:19 < solidfox> zBrains, EN-us laughing only please. thankyou 21:19 < neoncortex> Because if we need not to be certified to connect, we just need someone to post a howto, soldering iron, eletric componets and arduinos are plenty 21:19 < MrElendig> actually, it is more like an order or two magnitude more 21:19 < iodev> zBrains: don't get me started on Wiif 21:19 < iodev> *wifi 21:19 < iodev> there are like 15 SSIDs here 21:19 < MrElendig> but about 60 "big items", which all includes various "sub" standards etc 21:19 < iodev> and they kill my bandwidth 21:20 < MrElendig> iodev: 5ghz can help 21:20 < solidfox> iodev, did you try switching to lower range 2.4 GHz 21:20 < solidfox> ah thats what I meant, 5ghz 21:20 < MrElendig> lower range, more channels 21:20 < iodev> solidfox: NO, too expensive 21:20 < zBrains> sorry I can only laugh in spanish ... at least when I'm being honest ;) 21:21 < iodev> plus my phone lacks support for it, only laptop can do 5 GH 21:21 < iodev> * GHz 21:21 < MrElendig> iodev: a 5GHz capable AP id about 30 usd 21:21 < solidfox> zBrains, lolol it's ok I was jk :P 21:21 < iodev> stupid key! 21:21 < MrElendig> is* 21:21 < iodev> MrElendig: does it run OpenWRT 21:21 < MrElendig> no 21:21 < iodev> MrElendig: does it also have ethernet 21:21 < iodev> if not, then no 21:21 < solidfox> idk why, I guess I'm just too lazy, but I pay like $10 a month for a router from comcast........ 21:22 < solidfox> verizon gives you a router for free but I think their internet is shyt 21:22 < PaulePanter> BCMM: Yes, kexec or coreboot. Though kexec is not always very well tested on x86 servers and devices do not fully reset and drivers mess up. 21:22 < PaulePanter> BCMM: At least it’s used on Power during boot. 21:22 < PaulePanter> Though they take quite long to boot to. 21:22 < MrElendig> solidfox: isp provided routers are generally trash 21:22 < iodev> solidfox: my ISP gives free Huawei HG crap 21:23 < solidfox> comparing verizon and comcast router to the netgear and lynksis routers I used a long time ago, they kinda seem similar mostly. 21:23 < MrElendig> solidfox: if you are paying 10/month you could replace it with a mikrotic/ubiq/similar and still come off in the positive after a year or two 21:24 < solidfox> MrElendig, ah 21:24 < MrElendig> wired router + however many access points you need 21:24 < MrElendig> wired only* 21:25 < MrElendig> or an all in one if a tiny flat or whatever 21:26 < MrElendig> 3-4 years would get you a newfangled mesh network 21:26 < MrElendig> plug and play mesh network* 21:26 < zBrains> MrElendig: is there any serios project trying to get the opensource risc-v going? 21:27 < MrElendig> zBrains: initial support is in the kernel, more to be added for 4.18 21:27 < MrElendig> still in early stages though 21:28 < MrElendig> zBrains: main prolem is that the only soc capable of running linux is currently on a 1000usd dev board 21:28 < zBrains> which one would that be? 21:28 < MrElendig> though there are some running linux on softcore risc-v in fpga 21:29 < MrElendig> hifive unleashed 21:29 < zBrains> probably equaly expensive (fpga) 21:29 < MrElendig> https://www.sifive.com/products/hifive-unleashed/ 21:30 < MrElendig> if you just want to play with the risc-v isa there are some <100usd dev boards 21:33 < zBrains> MrElendig: that's cool, thanks for the link 21:33 < MrElendig> there is also a risc-v emulator 21:33 < MrElendig> simulator* 21:33 < MrElendig> there is even a web one :p 21:33 < zBrains> is it part of SiFive or a seprate project? 21:34 < zBrains> just going through their page now 21:34 < zBrains> SiFive 21:37 < zBrains> MrElendig: gotta run now but I'll keep looking through these, thanks 21:47 < Drakonan> im trying to troubleshoot a simple cron script that... isn't working idk if its running or not or what any way i can learn more about it it shows up in crontab -l 21:47 < Drakonan> and if i run it manually it works... 21:47 < Drakonan> but it doesn't seem to work on the schedule i have told it to 21:48 < DLange> redirect its output to a log file, like > /tmp/mycronlog 21:48 < lopid> don't forget 2>&1 21:49 < Drakonan> # m h dom mon dow command 21:49 < Drakonan> */5 * * * * ~/duckdns/duck.sh >/dev/null 2>&1 21:49 < Drakonan> that is what is in there idk maybe its a using thing how do i know what user its running as? 21:49 < e36freak> use the full path 21:49 < e36freak> not ~ 21:49 < lopid> /dev/null, the ultimate log file 21:49 < e36freak> also true 21:49 < e36freak> and be aware thet cron environment is different 21:49 < e36freak> PATH is probably not gonna be the same either 21:50 < Drakonan> its a pi and im running raspbian its in the pi home dir... is that going to be an issue? is cron running as root? 21:50 < jim> the shell that runs the script is not guaranteed to understand ~ 21:50 < DLange> replace ~ with /home/whatevertheuseris/ or /root if that is root's crontab 21:50 < e36freak> Drakonan: just use the full path 21:52 < Drakonan> dumb question how do i edit it 21:52 < lopid> crontab -e 21:53 < Drakonan> ok cool found it and changed 21:55 < electrosys> does notmuch by default do only local indexing/labeling ? i have another solution for remote labels already. 21:57 < lopid> its home page would suggest that is its purpose 21:58 < electrosys> whats with some of these newer apps having their own online manual pages? 21:58 < electrosys> it should be in the man page 21:59 < pingfloyd> electrosys: it's laziness 22:00 < electrosys> or i guess its assumed that notmuch doesn't sync imap labels because it doesn't mention it. 22:00 < lopid> "no network code at all". have you read its home page? 22:01 < electrosys> that last paragraph needs to be scraped off of the website and added to the man pages when they are built. 22:02 < electrosys> thats all i needed. 22:02 < electrosys> it was my assumtion but, i try not to assume things when its my e-mail or any sensitive data rather. 22:02 < electrosys> especially data that syncs. 22:06 < lopid> now try notmuch :) 22:06 < lopid> ing 22:07 < sauvin> Now, THIS is just WRONG: "Warning: Program '/bin/bash' crashed." 22:08 < lopid> smells like microsoft 22:09 < pingfloyd> where did you see that? 22:09 < pingfloyd> was that WSL? 22:11 < sauvin> No. Ubuntu. 22:11 < sauvin> I mean, straight up 100% Kubuntu 16.04, in a Konsole. 22:13 < pingfloyd> I've never seen that message 22:13 < pingfloyd> was that in a log? 22:14 < sauvin> Nope. Right there in the Konsole. 22:15 < pnbeast> sauvin, and Konsole keeps running, or the GUI part does, anyway? 22:17 < sauvin> That particular TAB apparently restarted itself because the next thing appearing in that window is a bash prompt. 22:17 < pnbeast> I see. 22:17 < sauvin> A working bash, even. 22:17 < pnbeast> Maybe konsole has its own little init system to respawn a new shell! 22:18 < electrosys> if notmuch returns search results as a copy of all your emails in a different folder how would you do a mutt action on all the search results? 22:18 < sauvin> That's what I'm thinking. 22:18 < electrosys> im using a label scripts that adds X-Label for IMAP sync 22:18 < sauvin> It's just startling. I mean, in my whole life, I've never seen a shell crash, and my "whole life" goes back *before* the Commodore VIC-20. 22:18 < electrosys> so I need to be able to write to my search results. 22:19 < markasoftware> is there a variable like $EDITOR, but for the default terminal emulator? 22:19 < electrosys> maybe notmuch can make a link... hmm :u 22:19 < pingfloyd> sauvin: commodores never really crashed unless they were overheating 22:19 < pingfloyd> okay, occasionally they'd freeze up 22:20 < pnbeast> I liked their big hit, "Night Shift". 22:20 < sauvin> Commodores, in my experience, crashed when they tried to run badly written assembly code. 22:20 < sauvin> They were otherwise bulletproof. 22:20 < pingfloyd> I think everything crashes in those circumstances 22:21 < pingfloyd> that's the beauty of assembly though. Here's all the power, and if you screw it up, it's your fault. 22:30 < TheWild> hello 22:30 < TheWild> hey, why I can't mount a NFS share? 22:31 < lnnb> missing driver 22:31 < TheWild> "sudo mount 192.168.1.6:/media/ubuntu/7a0b1330-dca1-451e-be6b-ab2959e59d9b/thewild thewild" 22:31 < lopid> the computer is not turned on 22:31 < lnnb> pam is configured incorrectly 22:31 < mgolisch> it will probably tell you why 22:31 < TheWild> it's next to me, definitely turned on and the drivers are somewhat out-of-the-box in ubuntu 22:32 < TheWild> what is pam 22:32 < mgolisch> whats the error it shows? 22:32 < TheWild> btw, dmesg shows me nothing interesting 22:32 < lnnb> sudo is mounted on a filesystem mounted with MS_NOSUID 22:32 < TheWild> "missing codepage or helper program, or other error"... wait, what the hell? 22:33 < mgolisch> installed nfs-common? 22:33 < TheWild> remote computer is running Live "Try" Ubuntu and it has mount.nfs 22:33 < TheWild> but mine has not 22:33 < lnnb> your user doesn't have +rx in /sbin so it can't find the mount program 22:33 < lnnb> oh wait an error! 22:34 < TheWild> how's chance the live ubuntu already has nfs-common? 22:35 < TheWild> I thought it will get installed when I was installing Ubuntu 22:35 < mgolisch> still not sure what your even doing 22:35 < mgolisch> your mounting something from a computer that has booted from a ubuntu livecd? 22:35 < TheWild> yes 22:35 < mgolisch> does it have installed and started the nfs server at all? 22:35 < TheWild> yes 22:36 < TheWild> short: points out local computer does not have nfs-common installed. I do not remember if I ever explicitly removed it. 22:36 < TheWild> "Try Ubuntu" however seems to have it installed 22:36 < mgolisch> its never installed by default 22:37 < TheWild> okay, thanks mgolisch 22:38 < TheWild> I was betting I misconfigured server 22:44 < electrosys> ls 22:45 < revel> Does everyone else have this weird compulsion to run `ls` whenever they open a terminal session? 22:45 < MrElendig> no 22:45 < revel> s/every/any/ 22:47 < sadasaulna> revel: yes 22:47 < sadasaulna> revel: also "ps" 22:47 < revel> I guess it helps me remember "right, that's the system I'm on and the user I am" 22:48 < electrosys> it looks like i need to prevent the read only flag from being added when the search results mailbox is sown. 22:48 < electrosys> i tried % but it says, can not make writtable a read-only mailbox. 22:48 < sadasaulna> revel: that might be it, i often find myself typing uname -a at a prompt too, as if to remind myself exactly what i have in front of me 22:48 < electrosys> the search results are acutally links by default. 22:48 < revel> sadasaulna: I just like having htop running in a tmux tab thingy for that. 22:49 < sadasaulna> revel: yeah, its not for seeing processes, its just a compulsion 22:50 < sadasaulna> i'm quite fond of uptime too, for seeing load and basking in the uptime of a system. Years ago the counter for uptime was 32 bit and so could only count a little over three years, and I had firewalls whose uptime had wrapped 22:51 < revel> lol 22:51 < sadasaulna> and they were busy systems too, doing DNS for thousands of clients and reverse proxying and a whole bunch of stuff aside from firewalling 22:52 < sadasaulna> that was in the years before there was a vuln coming out every other week 22:53 < pnbeast> To be fair, the vulns were just *there*. There was a lot less talk about them. 22:53 < sadasaulna> pnbeast: exactly! I'm sure they were there we were just less aware of them 22:54 < sadasaulna> but we never got hacked, i had ssh open to the world no sshguard, there would be dozens of connections battering away with stupid guesses at passwords 22:55 < sadasaulna> our webserver on the other hand... that was vulnerable as hell, we hired at pentester and they didn't get in our firewalls but they went straight it through that dumb website we had 22:55 < pnbeast> In the early 2Ks, I ran a snort box on a well-established /24. I could basically generate an arbitarily large list of probes by adding as many rules as required. I.e., the malicious traffic seemed infinite. 22:56 < toothe> pnbeast: it is. 22:56 < toothe> Sometimes I think of moving my ssh port off 22 to like 2222 22:56 < pnbeast> The worst that happened while I was running the network was that someone exploited our formmail CGI script to send spam. It was my fault - I'd heard of the problem but not fixed it. 22:56 < sadasaulna> toothe: it cuts down on the crap for sure 22:57 < toothe> sadasaulna: Right. I might experiment with it, who knows. 22:57 < toothe> It might stop a drive-by attack 22:57 < toothe> but I use ssh certificates for authentication - and a very long passphrase, so I'm fine. 22:58 < sadasaulna> exactly, it just cuts the noise, so that you know that if you change your SSH to some really random port that someone trying it is a least a tiny bit more serious 22:58 < toothe> sadasaulna: was it for home use or enterprise? 22:58 < sadasaulna> enterprise, but I do it on home systems too just to cut down on the noise in the logs 22:59 < toothe> meaning, who attacks home users? 22:59 < sadasaulna> generally though on my home systems firewall rules only allow a few trusted subnets access to SSH, eg from VMs I have 22:59 < toothe> rather - what dedicated attacker attacks home users? 23:00 < _KaszpiR_> to attatck systems you are working on, for example at work 23:00 < balletjebal> have you ever watched your ssh logs how many have tried :P 23:00 < MrElendig> the bots doesn't care if you are Urist McRandom or Microsoft 23:00 < toothe> balletjebal: right! But, those are just drive-by attacks, no? 23:01 < srukle> Do you just have your home server open to the world? 23:01 < toothe> i'd like to figure out how to rename wp-admin on wordpress to soemthing else. 23:01 < MrElendig> hell, many of them go after residental, because of all the insecure routers, NAS, IoT etc 23:01 < balletjebal> toothe, true just sniffing 23:01 < pnbeast> MrElendig, how'd you know my name? 23:01 < electrosys> hmm, looks like you typically don't write or execute from .cache? 23:01 < toothe> srukle: yes, actually. Ports 22, 25, 80 and 443. 23:01 < electrosys> ~/.cache 23:01 < sadasaulna> srukle: I always have my home systems only open on SSH to some VMs I have nowadays 23:01 < srukle> You'd see some activity in your logs then. :P 23:01 < toothe> srukle: Each port runs its own jail, but you would have limited access to my home network. 23:01 < V7> Hey all 23:01 < toothe> I should probably stop that through firewall rules though. 23:02 < V7> Could anyone help me with setting up a sound card on arch32 ? 23:02 < toothe> functionally speaking, jails = docker 23:02 < srukle> does bsd use jails without docker? 23:02 < sadasaulna> but if you run an antispam setup, I might point out that drive by attacks are useful, you can use them to block ips or subnets you'd rather never hear from 23:02 < toothe> srukle: Yes. 23:02 < toothe> srukle: the attempt to get docker on it uses jails as its kernel primitive. 23:03 < toothe> I hope it comes soon. 23:03 < toothe> I really like docker. 23:03 < sadasaulna> i had a script that would automatically add the driveby ips to my "never talk SMTP to them" list 23:03 < toothe> but BSD users seem to look down on docker...I totally don't agree. 23:03 < sadasaulna> toothe: docker is nice in principle but in practice...urgh 23:03 < srukle> Well, you're a Linux user. Of course you disagree fundamentally. lol 23:04 < toothe> sadasaulna: oh? I love it. What's wrong with it? 23:04 < toothe> we run CoreOS at work. 23:04 < srukle> Do you like CoreOS at work? 23:04 < pnbeast> sadasaulna, what if someone fixed his h4xx0r3d box, then tried to email Amazon gift certs to all the victims of his broken box? You might have missed out. 23:04 < V7> Anyone ? 23:04 < toothe> well...tbh, I just wrote a few Dockerfile's, I don't maintain it. 23:04 < srukle> I'm trying to look for opinions especially for work environment. 23:04 < V7> #archlinux just throws me away 23:04 < toothe> srukle: But the guy who does use it loves CoreOS> 23:04 < sadasaulna> toothe: i like CoreOS idea, again in practice not so much, I'm not a fan of the devops mentality which seems to be "fail often" 23:05 < toothe> sadasaulna: That adds to the robustness, no? 23:05 < srukle> Haha, so there's a learning curve? 23:05 < toothe> srukle: A little bit, but it isn't like using Linux for the first time. 23:05 < sadasaulna> toothe: yes, again, in principle I like it.. what i'm not a fan of is making failure default 23:05 < toothe> fair. 23:05 < toothe> That was a problem on this one Amazon system I pentested. 23:06 < marius> sadasaulna, so how do you prepare for failures?\ 23:06 < toothe> their systems were auto-scaled, so their EC2's would go down and auto-scale constantly. I would produce a list of targets, and a day later 10% of the machines were off. 23:06 < toothe> were destroyed. 23:06 < toothe> which sounds fine cuz my scanning system would detect new EC2 instances, but my ssh creds would be wiped away. 23:07 < sadasaulna> marius: through proper engineering. I prefer the allow what is necessary approach to the block what isn't, getting offtopic a bit I admit, would take me an age to explain 23:07 < V7> So, does anyone had a problem with arch and sound system ? 23:07 < V7> alsamixer just shows only one column called "BEEP" 23:07 < sadasaulna> I like linux but I also run NetBSD and OpenBSD, and I like the solid engineering approach to the "assume things are going to fail" and "everything is in flux" approach 23:07 < V7> lspci shows "Hight Definition Card" 23:08 < sadasaulna> its a bit philosophical 23:08 < toothe> sadasaulna: okay, so I'm going to ask you the question I ask to all NetBSD users. Why NetBSD? 23:08 < toothe> What is it about NetBSD that makes people run it? 23:08 < toothe> I feel like I've never gotten a solid answer other than that its fun. 23:08 < sadasaulna> toothe: its such a well engineered, well documented piece of software, it is a understandable whoel 23:08 < sadasaulna> whole 23:08 < toothe> yeah, GNU code in general is weird. 23:08 < sadasaulna> which I find with Linux is much more difficult 23:09 < toothe> I'd like to see a rewrite of a lot of gnu core utils. 23:09 < sadasaulna> so I find NetBSD a brilliant system for learning UNIX, from the ground up, without distractions or poorly understood reasons for doing things 23:10 < toothe> concur. 23:10 < toothe> I ran Linux from about kernel 2.0. Back then things were a lot simpler. 23:10 < toothe> I feel like Linux is so complex nowadays. 23:10 < sadasaulna> like I say, I like Linux, I got my start in UNIX with HPUX, moved to Linx, spent years at that, and now spend time running Linux, NetBSD and some OpenBSD 23:10 < toothe> and not just the kernel, the entire OS. 23:10 < sadasaulna> toothe: yep, Linux was at 2.0 when i first ran it 23:10 < V7> Already trying to setup sound on arch about 4 hours and nothing. 23:10 < V7> Anyone 23:11 < MrElendig> there are other userlands than gnu you can use 23:11 < MrElendig> atleast 3 others 23:13 < sadasaulna> its ironic, that I have probably learned more about Linux by studying UnixV7, Minix and NetBSD than I have from running Linux itself 23:14 < sadasaulna> MrElendig: yeah, systemd is its own userland ;) 23:14 < MasterDebater> you learn more from studying than from using? whoda thunk?? 23:15 < sadasaulna> MasterDebater: I did years of using, nearly all on Linux, and I did little studying, I just made things work. Last few years I have studied UNIX more and i've done that mainly on non Linux systems 23:15 < sadasaulna> i'm out of work, used to be a well paid sysadmin, now for mental health reasons i have given up IT (and the money that goes with it) and have had more time to enjoy UNIX 23:15 < electrosys> hmm i had my hugo backwards oguh 23:16 < python476> hi guys 23:16 < V7> Does anyone use arch32 ? 23:16 < python476> I'm looking for places to read about linux netsec 23:16 < MrElendig> V7: someone does yes 23:16 < python476> beside /r/netsec , any good site ? 23:16 < electrosys> anyone know how you make the search results from notmuch-mutt writable? 23:18 < V7> The main thing is that sound with "alsa-utils" doesn't work 23:19 < TheWild> electrosys: you mean on google? Enter the developer console and type "document.body.contentEditable = true", then press enter. Now you can edit the results. Enjoy ;D 23:20 < V7> When trying to "modprobe snd_hda_intel index=0 model=6stack" speaker bumps two times and this is all 23:20 < python476> dominate your computer with the power of the dom 23:21 < pingfloyd> V7: why don't you just dump arch instead? 23:21 < pingfloyd> V7: they've cast you out of their cult, because you're still on 32-bit 23:22 < V7> Also, it's interesting that alsamixer shows only one column called "BEEP" 23:22 < pingfloyd> V7: could just run a sane dist and not deal with such issues 23:23 < jim> debian's probably gonna do that too eventually (so are the others, because: it's a lot of mirror space to support all the oldest machines along with the newest) 23:24 < revel> I think Debian's "eventually" for x86_32 is quite a ways away. 23:24 < jim> but they're probably not gonna do it today 23:24 < jim> yeah, agreed 23:25 < MasterDebater> you already can't run a bunch of mainstream software on linux 32 23:25 < pingfloyd> debian cares about supporting multiple architectures 23:25 < pingfloyd> mainstream being the crap you get on github? 23:25 < noahmg123> How can I get a list of the first three characters of files in a folder? 23:26 < jim> well they did get rid of a few archs 23:26 < MasterDebater> among other things 23:26 < V7> So, all of you mean that this issue because of i686 ? 23:26 < revel> They've dumped a couple of archs, though I think they had barely any users in any category (server, embedded, desktop, whatever) 23:26 < MasterDebater> google chrome for example 23:26 < revel> V7: I'd rather blame arch32 than the processor 23:26 < pingfloyd> those arches were pretty niche too 23:26 < V7> revel: Why ? 23:26 < noahmg123> I have a folder with filenames like "ABC_list.txt" and "XYZ_list.txt", and I just want the first three letters of each filename 23:27 < V7> noahmg123: #bash 23:27 < MrElendig> lsmod | grep snd 23:27 < revel> Because it's a small no-name distro, basically. 23:27 < noahmg123> V7: Will try over there, thanks 23:27 < electrosys> TheWild, i mean in mutt/notmuch 23:27 < jim> noahmg123, you mean you just want XYZ a bunch of times? 23:27 < revel> Debian's got bleeding edge variants if you want. 23:27 < V7> MrElendig: Thank you :) http://termbin.com/w51d 23:28 < MrElendig> noahmg123: https://mywiki.wooledge.org/BashGuide/Parameters#Parameter_Expansion 23:28 < electrosys> pwd 23:28 < MrElendig> noahmg123: bookmark the guide 23:28 < sadasaulna> revel: starting my lot in PA-RISC/HPUX i have a fondness for that architecture but i'm not sorry that Debian would throw it out, cos who the fuck really runs PARISC 23:28 < noahmg123> jim: no, each file has a different first three letters 23:28 < MrElendig> V7: alsamixer, press f6 23:28 < MrElendig> also fuser /dev/snd/* 23:29 < revel> Yeah, they're fairly niche. 23:29 < yakiza> HEllo everyone! i have just installed DEbian 9 on a DELL inspiror 3000 series (Laptop), i downloaded loaded my modues and i am able to see the interface and also see the wireless networks around me including mine. When i try to connect to it it gets stuck in authentication and times out 23:29 < jim> /foo/bar/bazzar/five/six/stix 23:29 < V7> MrElendig: Shows 3 options ( (default), 0 HDA Intel, enter device name... ) 23:30 < V7> "fuser /dev/snd/*" gives empty output 23:30 < jim> yakiza, does your laptop have an eth port? and, do you have a cable and a place on your router? 23:30 < MrElendig> select the second one 23:30 < electrosys> how do you make the mail box that is created from the mutt/notmuch search results in ~.cache/notmuch ? writeable? it seems the filesystem is writeable as its supposed to be. The search results are links to the e-mail files as im using maildir. 23:31 < V7> MrElendig: nothing changes :( 23:31 < V7> Stays one column with name "" 23:32 < MrElendig> updatedb; locate asoundrc 23:32 < pingfloyd> noahmg123: like: for file in *; do mv "$file" "${file%%_*}"; done (test run first by replacing mv with echo). 23:32 < yakiza> jim: yes thats how i am connected now here 23:32 < MrElendig> bash does indexes too 23:32 < jim> yakiza, ok, good... then you have a good chance of getting connected... do you have network manager? 23:33 < MrElendig> indexes/slices 23:33 < yakiza> jim: wicd 23:33 < MrElendig> yakiza: read logs, start with dmesg 23:33 < jim> ok, and in wicd, is where you see the wireless nets? 23:33 < yakiza> jim: yes i can see them on wicd i can also see them on terminal when i do a scan 23:34 < jim> ok, that should mean your wireless hardware works fine... 23:34 < V7> MrElendig: Empty output 23:35 < yakiza> jim: yes i assume so, i thought i would change the encryption when connected but every single item i tried doenst change a thing 23:35 < V7> Thank you very much MrElendig, really 23:35 < V7> For trying 23:35 < jim> yakiza, well you have to make sure your router can do them 23:36 < yakiza> jim: it used to work when i had KAli linux on it 23:36 < Dagmar> Well, you still need to supply a wpa_supplicant.conf 23:36 < Dagmar> http://wicd.sourceforge.net/templates.php 23:36 < neoncortex> Weid question, but: someone knows if there is a way to convert those cheap China wireless mini keyboards to wired? 23:37 < Dagmar> Not without a soldering pencil and some electronics knowledge 23:37 < neoncortex> I'm not that good in eletronics but I can follow a howto 23:37 < MrElendig> neoncortex: depends on the protocol used 23:37 < Dagmar> Just get one with bluetooth and use a bluetooth dongle 23:37 < MrElendig> some actually go usb -> rf -> usb 23:38 < neoncortex> MrElendig: Do you mean there's a chance to get a Usb chip there? 23:38 < Dagmar> Thanks to HID it's not that much of a deal to get a bluetooth wireless keyboard working (even with the fumblepad) 23:38 < yakiza> Dagmar: you think if i follow that pages tut it will work? 23:38 < MrElendig> why not buy a proper wired keyboard though? 23:38 < Dagmar> yakiza: Considering that it's maintained by the wicd maintainers? Yeah, it should work. 23:38 < jim> yakiza, do you have the wpa-supplicant package installed? 23:39 < yakiza> jim: i am not sure how could i check 23:39 < MrElendig> https://gitlab.manjaro.org/ste74/kernel-alive/issues/1 23:39 < V7> MrElendig: Also "aplay -l" shows no devices 23:39 < neoncortex> MrElendig: size, I did not find one small enough 23:39 < jim> take a look at the output of dpkg -s wpa-supplicant, near the top 23:39 < MrElendig> V7: getfacl /dev/snd/* 23:39 < neoncortex> the one I have is identical to this: https://i.ytimg.com/vi/JGlMhqX5To4/maxresdefault.jpg, but wireless 23:40 < MrElendig> neoncortex: define "small enough" 23:40 < Dagmar> neoncortex: I like those 23:40 < MrElendig> there are wired keyboards that fits in one hand 23:40 < neoncortex> MrElendig: To use with a raspberry pi 23:40 < Dagmar> It would have been nice if the keys weren't in a square grid, but they're otherwise pretty spiff for a media box 23:40 < MrElendig> about the size of your average phone 23:40 < jim> antgel, probably you just need one connection 23:40 < neoncortex> with a 3.5 screen 23:40 < Ameisen> Hi there. Not sure if it's quite a linux question 23:40 < Ameisen> however, can bash be instructed to load and call a function in a shared object? 23:40 < MrElendig> neoncortex: for that use case I would use a wireless one 23:40 < Ameisen> rather than instantiating a new process? 23:40 < n-iCe> hi 23:41 < Dagmar> Ameisen: Nope 23:41 < yakiza> jim: are you sure you have spelled that correct? 23:41 < MrElendig> unless you are building it into some box 23:41 < Ameisen> Dagmar - nuts 23:41 < yakiza> jim: dpkg-query: package 'wpa-supplicant' is not installed and no information is available 23:41 < V7> MrElendig: http://termbin.com/01yu 23:41 < Ameisen> I need to use the same scripts across multiple platforms, including Linux and Windows in msys2 23:41 < Dagmar> yakiza: apt search should turn up something 23:41 < jim> yakiza, ok one sec 23:41 < Ameisen> the scripts are OK in Linux, but awfully slow in Windows due to process creation 23:42 < Ameisen> I want to write a result cache, but it'd need to be something Bash can open in its own process rather than as a new process otherwise nothing is gained. 23:42 < Dagmar> yakiza: The package is around _somewhere_ but I just don't remember the package name for debian (probably has a dash instead of underscore) 23:42 < Ameisen> might need to fork bash then to add that functionality :( 23:42 < Dagmar> Ameisen: There's a better than average chance that you are doing something terribly, terribly wrong. 23:42 < Dagmar> Warning signs... "need to fork bash" 23:43 < MrElendig> neoncortex: google "ipazzport" and similar keyboards 23:43 < MrElendig> some of them work out of the box over usb 23:43 < revel> Dagmar: Well, Windows does suck at starting new processes. 23:43 < Dagmar> The one wot looks like an Xbox controller is also quite nice 23:43 < jim> yakiza, yep, misspelled. the correct spelling is the same, without the - 23:43 < MrElendig> V7: so you have a broken session, or this is over ssh 23:43 < Dagmar> revel: That's not our problem. *ahem* 23:43 < Dagmar> heh 23:44 < MrElendig> V7: or archlinux32 broke/disabled it 23:44 < neoncortex> MrElendig: that's the plan: https://learn.adafruit.com/mini-raspberry-pi-handheld-notebook-palmtop/overview 23:44 < MrElendig> V7: add your user to audio 23:44 < revel> It isn't. That's simply what he was talking about, and it's a solution to that, terrible as it may be. 23:44 < MrElendig> neoncortex: no need to modify if you get one with a working usb port 23:44 < yakiza> jim: i can see now some results 23:44 < Ameisen> Dagmar - ever run a massive configure script in Msys2? 23:44 < V7> MrElendig: Hm. I'm logged as root. I'll add root to audio group 23:45 < Ameisen> they're OK in speed on Linux (though still slow), but 10-100x slower in Windows 23:45 < yakiza> jim: https://pastebin.com/PPuJDbH9 23:45 < V7> This is local machine with clean arch 23:45 < MrElendig> V7: don't use root 23:45 < Ameisen> a universal caching solution'd be ideal. Just not sure how to implement it. 23:45 < Dagmar> Ameisen: Why on earth would I want to do that.? 23:45 < MrElendig> and adding root to audio obviously won't do anything 23:45 < V7> oh 23:45 < Dagmar> Three years of fighting with Access and Microsoft's idea of runtime licencing was enough. 23:45 < V7> clean arch32 * 23:46 < Dagmar> Not once have I considered going back. 23:46 < Ameisen> Dagmar - neither of those are really involved in what I'm doing :| 23:46 < Ameisen> I have a toolchain that's intended to be able to be built on Linux, BSD, or Windows (under an appropriate terminal emulator) 23:47 < jim> yakiza, so, yes, it's installed... incidently, if you have nc installed, you can pastebin the output of an arbitrary command, for example ls -CF if you run it like this: ls -CF | nc termbin.com 9999 23:47 < Dagmar> Unless it takes eight hours to complete, you might want to consider whether or not this time spent fighting it will _ever_ show a profit in your time 23:47 < Ameisen> I suspect the blame is mainly on cygwin/msys, simply because they just compiled bash/et al as was, and didn't modify them to remove fork/the stuff that's exceedingly slow 23:47 < Ameisen> Dagmar - build goes from like 2 hours to 6 23:47 < Dagmar> Windows is the new Slowaris, man 23:47 < Ameisen> not just in bash though. I think Windows doesn't like the access patterns in NTFS for things like access times, nor does it like emulating fork. 23:48 < revel> I think this channel is for GNU/Linux, not GNU/NT :P 23:48 < Ameisen> Eh, scripts and such written _for_ Windows are fine. I just don't want to have to have two sets of scripts. 23:48 < Ameisen> GNU/NT... is a bizarre thing to read. 23:48 < yakiza> jim: thanks, so what is the next step now? 23:48 < Ameisen> Stallman had a seizure somewhere. 23:48 < revel> lol 23:49 * Ameisen is now envisioning other environments... GNU/Macintosh System 7 23:49 < revel> Ameisen: Well, to be fair, I think the GNU project has this weird complex where they like porting free software to non-free platforms. 23:49 < Ameisen> GNU/Voyager 2 23:49 < Milos> How can I find all folders containing the octal bytes \357\200 in their name? With ls, they show random printable chars e.g. exclamation mark or a parenthesis, but the actual byte is \357\200\242 for example 23:49 < revel> I guess it helps people get accustomed to it and make the switch to free platforms easier. 23:49 < Milos> s/folders/directories/ 23:49 < MrElendig> Milos: 1. never parse ls 23:49 < MrElendig> Milos: 2. man find 23:49 < Ameisen> revel - yeah. In this case, though... things like bash shoudl really be ported simply because they don't actually have to make calls like fork, they just do. But that's the worst thing to do on NT. 23:50 < jim> maybe the best thing is to read their wiki... one sec 23:50 < Ameisen> not sure why Microsoft doesn't just add a fork syscall already. They already support everything for it in NT. 23:50 < Milos> MrElendig, what do you mean "never parse ls"? did I say I did? 23:50 < MrElendig> the use case sounded like it 23:50 < Milos> MrElendig, did you read my question? 23:50 < Ameisen> fork is also somewhat expensive in the Unix Subsystem 23:50 < MrElendig> I did 23:50 < revel> Milos: You can use `find` for this, as he suggested. 23:51 < Ameisen> oh well. back to figuring out why gcc doesn't want to build on this ubuntu system 23:51 < MrElendig> Ameisen: as expensive as on native 23:51 < Milos> I am already using find, but let me see if I can figure out how to search for bytes by entering in their string equivalent. Which is my question. 23:51 < Ameisen> the annoyance of going from a traditional build to dpkg 23:51 < MrElendig> native windows that is 23:51 < Ameisen> MrElendig - IIRC, the WSL is somewhat more optimized than most of the solutions such as in cygwin 23:52 < Ameisen> simply because it resides at the kernel layer 23:52 < revel> I think your shell should allow for entering octal or hex values. 23:52 < Ameisen> Ubuntu is actually pretty usable under WSL. 23:52 < Sveta> V7: re P3-1491-NNN, very few results, (I read Russian) someone on a forum says it is POS-1000, searching for that says 2.0 GHz, up to 8GB. accuracy of that is questionable.. perhaps your best bet would be asking ##hardware and pinging me to translate where things are difficult to understand 23:52 < Ameisen> just really weird to see see Ubuntu NT 23:52 < Ameisen> since there's no actual linux kernel 23:52 < MrElendig> could just copy/paste the bytes 23:53 < Milos> MrElendig, revel - not sure on first glance. Mind adding a tip instead of just read the manual? 23:53 < neoncortex> Those never parse ls thing is valid for people who write scripts to run all around in different systems, servers, etc. The common user can parse it at will I think 23:53 < MrElendig> or ${} 23:53 < MrElendig> ()* 23:53 < MrElendig> neoncortex: same really for finding things in a tree "by hand" 23:54 < V7> Sveta: I wholeheartedly appreciate everything you’ve done, really 23:54 < revel> printf '%s\n' $'\x21' 23:55 < revel> printf '%s\n' $'\041' 23:55 < Milos> looking 23:55 < MrElendig> find .... -name $(python3 -c "print('\357\200\242')" ... 23:56 < Milos> yeah, no. 23:56 < Milos> that's not what man find will tell you 23:56 < MrElendig> worksforme™ 23:56 < MrElendig> or as said, copy/paste 23:56 < jim> yakiza, do you have wireless-tools installed? 23:57 < revel> $'\357\200\242' works for me. 23:57 < yakiza> jim: yes 23:57 < revel> Though adding *s before and after it would hepl. 23:57 < Milos> nice. so I guess the bottom line is, my question should've been how do I convert octal string to bytes in bash 23:57 < Milos> thanks 23:57 < revel> So, err, -name \*$'\357\200\242'\* 23:57 < V7> Sveta: The main thing is that it's CPU is called Centaur which means noone would suggest anything about it, it's 32bit and doesn't have pae, cx8 flags which means that all famous 32bit distros won't work on it 23:58 < jim> ok, I think you have everything... there's a wiki page on the debian wiki, http://wiki.debian.org/WiFi 23:58 < MrElendig> there are a few non-pae 23:58 < MrElendig> not being i686 is a bigger issue 23:58 < jim> yakiza, ^^ 23:58 < V7> MrElendig: One were arch32 23:58 < yakiza> jim: fcking hell then why its not working ... 23:59 < V7> I've tried to find some as much minimal as possible and arch was a REALLY good variant 23:59 < MrElendig> yakiza: verbose mode, logs? 23:59 < V7> Because it doesn't need any desktop environment, but connection and sound 23:59 < Milos> revel, awesome. thanks. I remember seeing that $'\blah' syntax before a long time ago. thanks for helping! --- Log closed Sun Jun 17 00:00:01 2018