--- Log opened Sat Jun 16 00:00:00 2018
00:00 < ziggylazer> What?
00:00 < bls> nevermind
00:01 < ziggylazer> So you dont think that in the context of a cookie that could have a standard meaning?
00:01 < lnnb> could be your macintosh version id
00:01 < bls> no, I don't think that every instance of the string MAC in a cookie means message authentication code
00:02 < ziggylazer> But the wast majority
00:27 < jeffree> linux sucks
00:28 < meyou> hot take
00:51 < Pentode> i guess he's expecting some sort of emotional response to feed his troll organ
01:03 < jim> Am7/C: you sound almost exactly like Cmaj6!
01:04 < Cmaj6> Hi guys, can anybody recommend me good administration software for linux (and preferably cross platform). I'm talking about software to organize your bills, invoices, time registration, taxes,  etc. etc. (basically, some form of accounting software or something, but used for freelancers)
01:04 < jim> in fact, there's no difference at all!
01:06 < jim> hmm, there's so many different software things you can get...
01:07 < Fahrradkette> Cmaj6: it depends how deep down the rabbit hole you want to go. The most simple solution would be a bunch of LibreOffice Calc sheets. On the other end of the spectrum, there are OpenSource ERP systems.
01:07 < Loshki> Cmaj6: https://opensource.com/life/17/10/personal-finance-tools-linux. (I don't use any of these myself)
01:07 < Cmaj6> Fahrradkette: i'm doing the Calc sheets route now, but it quickly goes out of hand and i don't want several sheets all over the place. Also, i don't like to write my own statistics for my work
01:07 < jim> Cmaj6, have you looked on github?
01:08 < Cmaj6> jim: no not yet (i don't know the correct lang to search for)
01:09 < Cmaj6> it's not financial software, but also not personal finance or so, it really needs to be targeted for small business owners
01:09 < jim> let me see
01:09 < Cmaj6> (i know the correct terms in dutch, but in english???)
01:09 < Fahrradkette> Cmaj6: so you want some sort of a QuickBooks clone?
01:09 < unkmar> Cmaj6: book keeping or accounting.  We usually call it accounting software.
01:10 < jim> if you know those correct terms... let's see..
01:10 < Cmaj6> Fahrradkette: don't know the quickbooks software, but taking a quick look at the site: i think that's what i need indeed
01:10 < Cmaj6> unkmar: thank you!
01:10 < Cmaj6> book keeping indeed!!
01:10 < Fahrradkette> there is tryton which might be one of the solutions
01:11 < Fahrradkette> I don't know if that's overkill for you though, it's a full blown system. Might take you longer to setup than it saves you in the long term
01:12 < Cmaj6> Fahrradkette: just took a look...i think it's overkill lol
01:12 < jim> Cmaj6, take a look at this... https://github.com/search?q=small+business+records
01:12 < Cmaj6> Fahrradkette unkmar jim : thnx for now! I'll do some search on the terms you guys provided! If after extensive research i still can't find what i am looking for, i'll get back here! :)
01:13 < Fahrradkette> Cmaj6: you might want to take a pen and paper and have a walk in the forrest/by the lake side to write down your requirements:)
01:14 < Cmaj6> Fahrradkette: i'll consider that ;)
01:14 < Fahrradkette> good luck with your decision :)
01:15 < jim> or, s/in the forest by the lake/any relaxing place where you can focus on what you want to/
01:15 < mophed> please take me on this retreat
01:15 < unkmar> Cmaj6: My attempts at accounting software in linux has always been painful.  But that was 10+ years ago.  Hasn't been my problem in a long time.
01:16 < Cmaj6> unkmar: how did you solve it then?
01:16 < jim> sounds like a foist operation :)
01:17 < pnbeast> I think Corbet, on LWN, has periodic descriptions of accounting software he has tried.  He's been unhappy, too.
01:18 < unkmar> Cmaj6: At the time.  I was still trying to move to Linux from Windows.  I just didn't move.  I was running a business. I don't now.  So, those problems have been someone elses.
01:19 < unkmar> I don't do personal accounting management.  I generally don't buy things.  So, I don't generally have finances to track.  So, I never really solved the problem.  Just stuck my head in the sand.
01:20 < Fahrradkette> ostrich confirmed^
01:22 < Fahrradkette> Cmaj6: there is also the possibility to build that system yourself using LibreOffice Base or Kexi from the KDE calligra suite
01:24 < Fahrradkette> It really boils down on what you're ready to learn/do and how you're going to maintain it
01:24 < chowbok> Can I just say how much it annoys me when someone does "cat filename | grep whatever"
01:25 < xamithan> Do you like them to grep directly ?
01:25 < chowbok> Yeah, what's the point of cat in there?
01:25 < xamithan> So you can use other commands afterwards
01:26 < chowbok> You could with just as much logic do "cat filename | cat | cat | cat | grep whatever"
01:26 < mophed> chowbok: i always do that hahaha
01:26 < chowbok> xamithan: Example?
01:26 < Fahrradkette> oO a cat person
01:26 < mophed> cat .log | grep
01:26 < mophed> im just dumb i guess
01:27 < jim> 3 cats don't a cathouse make...
01:27 < xamithan> I can't really think of any currently,  but I do cat first too.  Didn't in the past grep not work direct ?
01:27 < chowbok> grep has worked directly for at least 20 years
01:27 < bls> if it didn't, it was in the 70s
01:28 < chowbok> Even if it didn't, you could still just do "grep foo < filename"
01:29 < bls> it's one of those cargo cult things that always show up in tutorials about using pipes, so people end up doing without really thinking about why, like sudo su or find | xargs
01:30 < xamithan> I think I know why I do it
01:31 < xamithan> if I'm using ps,  or ss,  I have to use that first
01:31 < xamithan> so I just use cat first too
01:31 < bls> ps|grep is another one of those patterns too :P
01:32 < chowbok> ps | grep is never really necessary except that most people (including myself) never feel like looking up the ps flags
01:33 < xamithan> is there an ss flag to list only certain ports ?
01:33 < xamithan> I've never really bothered to explore
01:33 < bls> yes, ss accpts filters
01:34 < bls> although it looks like they're only documented in a postscript file that comes with iproute-doc
01:38 < chowbok> ss -A tcp "sport = :22"
01:38 < chowbok> Shows you established inbound SSH connections
01:38 < chowbok> (assuming you're running sshd on port 22)
01:38 < xamithan> I think you are the first person other than the devs to use those flags
01:39 < chowbok> Heh
01:39 < chowbok> Probably
01:39 < chowbok> I wouldn't fault people for doing ss|grep
01:39 < xamithan> ss -tulpn | grep
01:39 < chowbok> I'm not against piping stuff through grep in general
01:39 < chowbok> I just think cat is almost always unnecessary
01:40 < chowbok> I see people do "cat filename | wc -l" too
01:40  * meyou pleads the fifth
01:40 < mophed> i litteraly just did that
01:40 < mophed> ">changes | wc -l"
01:41 < xamithan> Sometimes I like to cat my greps into another grep into a wc into a cut
01:41 < chowbok> Heh
01:41 < mophed> i lie that had to be piped to wc
01:47 < bls> grep is fine for plain text, but as soon as data has some semplance of structure to it, it's usually better to reach for a domain specific tool
01:51  * iflema downloads devuan
01:52 < mophed> i wish mysql had a grep
01:52 < meyou> select where!
01:53 < Fahrradkette> over()
01:53 < mophed> you cant search for broad terms
01:53 < lnnb> write webapps in C
01:53 < Fahrradkette> mophed: just rewrite grep in a big freaking CTE
01:54 < Fahrradkette> functional programming ftw, it's so elegant even though nobody understands it :P
01:54 < mophed> Fahrradkette: i just revert to phpmyadmin when i cant find it
01:55 < ksft> I just messed up some pointer initialization in C and printed uninitialized memory accidentally
01:55 < ksft> it seems to be part of my /etc/hosts
01:55 < Fahrradkette> no segfault?
01:56 < ksft> " number of spaces or tabs.## In the presence of the domain name service or NIS, this f"
01:56 < ksft> that's the string that was printed
01:56 < ksft> I thought things like that were supposed to be prevented for security
01:56 < lnnb> lol what kernel you using?
01:57 < ksft> ...Linux?
01:57 < ksft> I'm not sure what version
01:57 < Fahrradkette> so your user has read rights on /etc/hosts?
01:57 < lnnb> uname -a
01:57 < ksft> 4.12.5
01:58 < Fahrradkette> ls -l /etc/hosts
01:58 < ksft> Fahrradkette: my program doesn't read /etc/hosts
01:58 < GunqqerFriithian> KDE has nothing so ill ask here. I use deja-dup for backups, and in the system tray there is only a black box representing it and I can't open the window for deja-dup's progress.
01:58 < GunqqerFriithian> (Im using KDE 5.8)
01:59 < iflema> GunqqerFriithian: change(d) theme?
01:59 < GunqqerFriithian> I'm using arc-dark
01:59 < iflema> is it "current"?
01:59 < Fahrradkette> ksft: does the user running your program has read rights?
02:00 < GunqqerFriithian> everything I have is the most currents I can have (as far as I know)
02:00 < Fahrradkette> considering it's just "garbage" from before
02:01 < iflema> kde is at 5.13? is that included or did you "go and get it"
02:02 < GunqqerFriithian> I'm using 16.04.04 (ubuntu) and I'm using the kubuntu backports PPA
02:02 < iflema> medic!
02:03 < GunqqerFriithian> dang scouts, always wanting heals
02:04 < iflema> im assuming the theme and versions
02:05 < ksft> good news: I figured out the problem I've been debugging all day
02:05 < ksft> I wrote "=" instead of "=="
02:05 < iflema> standards and retards
02:05 < GunqqerFriithian> arc-dark for general theme, OSX cursor, ubuntu-mono-dark for icons
02:05 < Fahrradkette> stuck at basic times?
02:05 < Fahrradkette> scnr
02:06 < melissa666> I'm using binwalk to examine some a firmware image and the output looks like this: https://paste.pound-python.org/show/dahYbm6dpTd2eLnEq8Vs/ ... how do I decompress and examine the lzma compressed data listed there? I tried `binwalk -e firmware-image.bin` but I am getting an error "ARNING: Extractor.execute failed to run external extractor 'sasquatch -p 1 -le -d '%%squashfs-root%%' '%e'': [Errno 2] No such file or directory:
02:06 < melissa666> 'sasquatch': 'sasquatch'" ... what am I doing wrong?
02:07 < iflema> theres two themes... dark or light, pick a font... select a size... thanks for comming...
02:08 < GunqqerFriithian> ?
02:08 < iflema> oh wait... thats gnome...
02:09 < mophed> melissa666: is squashfs working?
02:09 < vovioheler> hello
02:09 < iflema> o\
02:10 < vovioheler> how do i make a socks5 proxy with nc or ssh or somethingelse
02:10 < ziggylazer> iflema, suck to be a dick right?
02:10 < iflema> ziggylazer: takes time
02:11 < ziggylazer> Been practising hard then
02:11 < iflema> penis?
02:11 < melissa666> mophed, what do you mean? what should I check to determine if it's working properly?
02:12 < ziggylazer> Hey man if that what you like who am I to judge
02:12 < mophed> i have never personally used squashfs
02:12 < iflema> your mom
02:12 < mophed> but that error looks like its not setup correctly
02:12 < ziggylazer> Hahaha
02:12 < melissa666> me either - I'm trying to learn right now, because I need to figure out how this router works :)
02:12 < mophed> melissa666: https://en.wikipedia.org/wiki/SquashFS
02:14 < Fahrradkette> apt-cache policy squashfs-tools
02:14 < Fahrradkette> maybe binwalk has a dependency on it
02:16 < vovioheler> anyone knows a program just to forward trafic
02:16 < Fahrradkette> vovioheler: like a bridge device?
02:17 < iflema> i call it COP... citizens on patrol
02:17 < Fahrradkette> need to watch police academy again
02:17 < melissa666> actually, it seems that there is some git repo I need to clone called sasquatch ... surprised that they don't just package it with binwalk ... no instructions on how to properly install to get to work alongside system version of squashfs-tools ..
02:17 < melissa666> They are just asking me to clone a git repo that overwrites system packaged version of squashfs-tools, which seems like a bad idea to me
02:18 < Fahrradkette> oO
02:18 < vovioheler> Fahrradkette: i just want something to stay quiet and forward all the traffic that it gets
02:18 < iflema> lol proctor
02:18 < melissa666> vovioheler, you want to just passively intercept traffic, and then forward it?
02:19 < melissa666> do you want to do anything with it before forwarding?
02:19 < vovioheler> melissa666: no
02:19 < phinxy> Whats the input and output interfaces?
02:19 < jeffree> are there any purchasable linux distros which have fewer bugs?
02:19 < vovioheler> melissa666: but i dont want iptables
02:19 < kurahaupo> melissa666: clone it into where? I wouldn't do anything in /
02:20 < bls> why don't you want iptables? it'll do exactly what you're asking for
02:20 < pnbeast> vovioheler, what if you could intercept any traffic with an image in it, and change the image to a picture of a kitten?  Would you like that?
02:20 < melissa666> kurahaupo, well, I can clone it too wherever. it's the build script they want me to run, which basically does wget to fetch squashfs 4.3 sources, builds it, and does sudo make install
02:20 < vovioheler> pnbeast: ethercap ?
02:20 < melissa666> https://github.com/devttys0/sasquatch/blob/master/build.sh
02:21 < phinxy> Why are tables synonymous to list/arrays?  Is it some english slang?
02:21 < kurahaupo> jeffree: a distro is an editorial selection of packages; it has nothing to do with maintaining most of them
02:21 < GunqqerFriithian> What Dock do you guys reccomend?
02:21 < kurahaupo> phinxy: database terminology
02:21 < melissa666> phinxy, they are not synonomous
02:21 < jeffree> kurahaupo: what term was I looking for?
02:21 < melissa666> phinxy, you can represent a table as a multi-dimensional list/array, though
02:22 < jeffree> because they likely would not be writing everything from scratch
02:22 < vovioheler> can i use nc to forward the traffic?
02:22 < Fahrradkette> yeah, table kinda implies matrix which can be multi-dimensional
02:22 < phinxy> melissa666• In the sense that a table(kitchen table) and table(database table) share the same word.
02:23 < melissa666> phinxy, the word "synonym" means they share the same meaning, not the same word
02:23 < melissa666> (the word you're looking for is homonym)
02:23 < kurahaupo> jeffree: packages are maintained independently by different people. It sounds like you want a stable distro rather than a bleeding edge one; try "Debian Stable"
02:23 < vovioheler> what i want is something like a tunnel nothing else
02:24 < jeffree> that eliminates some problems while gaining others
02:24 < jeffree> I know I'm fucked either way
02:24 < xamithan> ssh tunnel ?
02:24 < bls> or a VPN
02:24 < xamithan> ike tunnel
02:24 < kurahaupo> jeffree: money doesn't make enough difference to be worth it in most cases
02:24 < jeffree> is OS X any good?
02:25 < GunqqerFriithian> imo yes
02:25 < xamithan> sure,  it runs on unix
02:25 < bls> good is pretty subjective
02:25 < GunqqerFriithian> if I had a few g to burn I'd love an imac and MBP
02:25 < Fahrradkette> vovioheler: so all the traffic coming to your network interface will be routed to a specific (other) host?
02:25 < kurahaupo> jeffree: choose based on your use-case, rather than a vague criterion such as "fewer bugs". (Fewer bugs than what?)
02:25 < jeffree> do they still not sell the OS individually?
02:26 < GunqqerFriithian> sadly no, you have to make a hackintosh
02:26 < Fahrradkette> jeffree: no
02:26 < xamithan> No,  all the customizations are based on the hardware
02:26 < kurahaupo> jeffree: who is "they"?
02:26 < GunqqerFriithian> also unless you have something that specifically needs OS X, I don't suggest trying to make a hackintosh
02:26 < jeffree> apple
02:26 < GunqqerFriithian> while good, not really worth it compared to linux
02:27 < Fahrradkette> I read that OS X's BSD is kinda messed and full of hacks
02:27 < kurahaupo> jeffree: Apple don't sell Linux
02:27 < vovioheler> sudo ssh -N -L 123:localhost:321 localhost                        ssh: connect to host localhost port 22: Connection refused
02:27 < jeffree> kurahaupo: I know
02:27 < vovioheler> this doesnt work its like what i want
02:27 < jeffree> kurahaupo: was talking OS X
02:27 < bls> jeffree: then maybe you should try ##macosx
02:27 < Pentode> i don't see any appeal in OS X. It's just a bastardized BSD unix with a really bad user interface. :|
02:28 < GunqqerFriithian> nah the UI is pretty good
02:28 < Fahrradkette> also, they don't yet ship python3
02:28 < GunqqerFriithian> homebrew my dude
02:28 < bls> heh, and homebrew is its own set of problems
02:28 < Pentode> it's pretty horrible. what is good, it looks good? it gets _everything_ wrong.
02:28 < GunqqerFriithian> I've had no prob with homebrew
02:28 < Pentode> and i mean everything
02:28 < Fahrradkette> also, they said "f*ck you OpenGL"
02:29 < Pentode> ;p
02:29 < vovioheler> Fahrradkette: i want an ssh tunnel that should work right?
02:29 < kurahaupo> Pentode: it's not what you're accustomed to, so it's bad for you. That doesn't make it objectively bad.
02:29 < bls> if the UI is *exactly* what you want, sure, but if you want to tweak anything the way you can on other *nix, you're out of luck
02:29 < klemax> after suspending, when the laptop comes back, there is a white error screen.  i checked the kern log, and saw ati driver errors. have ati drivers changed with 4.15 kernel?
02:29 < GunqqerFriithian> I've used it myself, and even as a "poweruser" was perfectly happy with it
02:30 < Pentode> yes it does. i've used mac os for work for years. ;p
02:30 < Pentode> im very accustomed to it's suckyness ;)
02:30 < Fahrradkette> vovioheler: can you "draw" your network setup? Like what are the machines, which one should forward the traffic from which network card to...etc
02:30 < GunqqerFriithian> I've used OS X for years, and while yeah you have to install some stuff to get it where I want it it is no where near as bad as windows
02:31 < Pentode> but remember it's just an opinion. and you know what they say about those...
02:31 < Pentode> yeah well if i had to choose i probably would not use windows.
02:31 < Fahrradkette> doesn't windows has stuff like chocolately? that packet management system
02:32 < GunqqerFriithian> only place Ill use windows is inside a VM with an easilly accessable killswitch
02:32 < GunqqerFriithian> maybe even a physical key for it...
02:32 < bls> yes, but it's not really a first class citizen
02:32 < Fahrradkette> true that
02:33 < Fahrradkette> but how M$ changed lately, they might get something running. I doubt it, I mean office still actively develops VBA
02:33 < Fahrradkette> and office is where the money is
02:33 < GunqqerFriithian> you will pry libre office from my cold, dead, harddrives
02:34 < Fahrradkette> I wish libre office had a python IDE built in
02:34 < Fahrradkette> with code completion
02:34 < GunqqerFriithian> libre office isn't for development
02:34 < Fahrradkette> people write applications in LO base
02:34 < Fahrradkette> for many that's enough
02:34 < kurahaupo> Erk
02:35 < GunqqerFriithian> also why wouldn't you just get a standalone IDE?
02:35 < Fahrradkette> you want to have all the objects of your writer/calc/draw document available to code
02:35 < Fahrradkette> also some GUI elements
02:36 < Fahrradkette> like the shit M$ does in VBA
02:36 < dviola> what? you can use LO calc as a database?
02:36 < bls> but why would that get coupled with LO instead just being a normal standalone IDE that understands the LO structures?
02:36 < GunqqerFriithian> ^
02:37 < bls> that monolithic app suit thing never turns out well
02:37 < bls> suite
02:37 < Fahrradkette> yeah, it doesn't matter where the IDE lives, it actually makes sense to have it running in a seperate process so you only kill that one when you have your while loop running forever
02:37 < Fahrradkette> nevertheless it got to be accessible
02:37  * kurahaupo buttons up his snazzy app suit jacket
02:37 < Pentode> personally i think microsoft is planning something dirty..
02:37 < Fahrradkette> like "easy for laymen"
02:38 < Fahrradkette> so they don't have to run a full blown ERP but just have their inhouse made little thingy
02:38 < GunqqerFriithian> >Process is running wild and you can't kill it
02:38 < GunqqerFriithian> >`sudo kill -9 -1`
02:39 < bls> so we can get more "enterprise" apps that use excel or access on CIFS as a backing store for a business critical application?
02:39 < Fahrradkette> CIFS?
02:39 < bls> MS's networked filesystem aka SMB
02:39 < Fahrradkette> ah
02:40 < Fahrradkette> access on SMB...hmm
02:40 < Fahrradkette> there should not be more than 1 user using access simultaneously
02:40 < Fahrradkette> :P
02:40 < bls> and yet...
02:40 < Fahrradkette> I agree it's a horrible solution
02:41 < Fahrradkette> my point is, frontent gui development got to be easy for the inhouse laymen
02:41 < Fahrradkette> easy as VBA
02:42 < bls> I think the opposite. Don't cater to laypeople. They'll still find it difficult and you'll just make devs and/or power users irritated
02:43 < Fahrradkette> i meant the devs, sry
02:43 < Fahrradkette> like the ones who know a bit more than excel formulas
02:43 < synaps3> what java is good to install on ubuntu ?
02:43 < Fahrradkette> but not much more
02:44 < Fahrradkette> synaps3: openjdk
02:45 < Fahrradkette> kinda depends if you only want to run a java application, then you need the runtime (jre)
02:46 < Fahrradkette> if you want to make your own neat stuff, you'd want the development kit (jdk)
02:48 < Emn1ty> I was wondering if there was a simple way to give permissions to www-data user for writing to /dev/udp? I'm no networking guru and I've been banging my head against a lot of these docs for a while. Context is I have a deamon listening on 2000/udp (aws xray) and I need my php application to output log information on that socket. However it appears my application (running as www-data) does not have permission to write to the socket. I'm not entirely sure 
02:48 < Emn1ty> especially because I can do it outside the application (though I am running as root)
02:50 < Barrt> Hi people
02:50 < Barrt> anyone still awake?
02:50 < GunqqerFriithian> no
02:52 < kerframil> Emn1ty: /dev/udp isn't a real file. that's a bash thing.
02:53 < Emn1ty> I am aware it's not a real file
02:53 < Euph0ria> Hi all.  I have a process somewhere that is maxing out my network upload all the time.  How can I find which process is maxing out my upload?  I'm using ubuntu.
02:53 < mophed> tcpdump?
02:53 < CrystalMath> Emn1ty: so it doesn't have access to the socket itself
02:53 < CrystalMath> Emn1ty: maybe UDP is restricted for www-data?
02:53 < Emn1ty> tcpdump shows nothing
02:53 < kerframil> Emn1ty: then you should also know that giving permissions for "writing to /dev/udp" makes no sense. you don't need special privileges to dispatch a udp packet.
02:54 < CrystalMath> kerframil: unless there's some filter
02:54 < Euph0ria> Is there a task manager that shows network activity un ubuntu?
02:54 < kerframil> at least, not under normal circumstances
02:54 < kerframil> CrystalMath: yes, or a mandatory access control system of some kind
02:56 < kerframil> Euph0ria: iftop, among others
02:56 < mophed> Euph0ria: there is tcpdump
02:56 < mophed> https://openmaniak.com/tcpdump.php
02:56 < mophed> but that wont show you the process itself i dont think
02:57 < bls> also nethogs and iptraf
02:57 < Fahrradkette> doesn't netstat show the processes?
02:58 < Emn1ty> hm... forgive me for having improper terms. As I said I'm really not familiar with networking at all
02:58 < Emn1ty> and my only knowledge of UDP is from the docs for aws xray
02:58 < NoriusNotorius> Euph0ria: I like nload
02:59 < bls> netstat can, but it's deprecated. ss is the replacement
02:59 < prussian> death to /proc and the tools that use it
03:00 < Emn1ty> CrystalMath: how would I check for filters?
03:01 < kerframil> Emn1ty: if you were to explain the objective, what you've attempted in pursuit of that objective (code samples/test case), and exactly how that attempt is failing (error messages and such), you'd likely get more meaningful input
03:01 < Elladan> Emn1ty, you open a UDP socket by doing socket syscalls, not via /dev/udp.
03:01 < Elladan> Emn1ty, ... or you could pipe to/from some tool that talks udp for you.
03:02 < Euph0ria> iftop seems to show me where traffic is going but not which process.
03:02 < Elladan> I would suspect that PHP has some security features that prevent you from using UDP on the server without the right setting.
03:02 < kerframil> Emn1ty: so far, it seems that you want to connect to a UDP service bound to port 2000 from PHP, but the rest is unclear
03:03 < Elladan> (I mean, I have no idea if PHP even support UDP datagram sockets, but...)
03:03 < Emn1ty> kerframil: To give full context then. We are running php microservices. These run on AWS ECS in docker containers. Alongside these containers we are running another container which has aws xray deamon running in it that listens on an exposed port 2000/udp.
03:03 < Emn1ty> our php microservices will send data about handled requests and processes via the udp socket (yes it does support UDP datagrams)
03:04 < pnbeast> I would have suspected PHP has some security features, too, but history implies that I was wrong.
03:04 < Euph0ria> ifthop seems to say that it's sending traffic to 224.0.0.56.
03:04 < Emn1ty> I have confirmed that sending data from one container to another works in docker fine via udp, using the command I stated above (from the aws documentation)
03:05 < Emn1ty> actually, didn't state it
03:05 < Emn1ty> the command is: echo "my test" > /dev/udp/my-host/2000
03:05 < Emn1ty> tested on ubuntu:16.04
03:05 < Emn1ty> works
03:05 < bls> the OS/kernel isn't doing that, bash is
03:06 < Emn1ty> just providing context since it was asked for
03:06 < Euph0ria> tcpdump seems to agree by sending a constant stream in the console that the TX is going to 224.0.0.56, but not which process is doing it.
03:06 < kerframil> Emn1ty: do you have a test case for PHP?
03:07 < bls> so for PHP to interace with /dev/udp, you'd have to have it call out to a bash script. PHP is already insecure enough as it is, adding system() calls to shell scripts that interact with the networking subsystem...what could go wrong?
03:07 < Fahrradkette> it's in a docker
03:07 < Fahrradkette> so it's save
03:07 < Fahrradkette> didn't you read the ads?
03:08 < Fahrradkette> :è
03:08 < kerframil> bls: I'm hoping that's not what is happening here
03:08 < Emn1ty> bls: http://php.net/manual/en/function.socket-create.php
03:08 < bls> heh, I thought they'd finally admitted that docker wasn't a security mechanism
03:08 < Euph0ria> nload also seems to show outgoign network, but not which process is causing my TX to max out.
03:08 < bls> Emn1ty: right, that's be a *way* better idea than trying to do this via bash's /dev/udp emulation
03:08 < Emn1ty> I am not executing some bash script, I am using native functionality for PHP to open and send data to sockets
03:09 < Emn1ty> the thing is, the bash test case works while the php implementation does not
03:09 < NoriusNotorius> Euph0ria: have you tried nethogs?
03:09 < bls> Emn1ty: OK, "18:05 < Emn1ty> the command is: echo "my test" > /dev/udp/my-host/2000" had confused me
03:09 < Emn1ty> that was just my base test case to make sure connectivity was there
03:09 < Euph0ria> NoriusNotorius: No, but I'll give it a try.
03:09 < Sveta> hi NoriusNotorius thanks for the suggestion, nethogs is indeed a brilliant program :3
03:10 < Fahrradkette> nethogs shows the processes
03:10 < NoriusNotorius> np
03:10 < Sveta> i think it only shows them while they're running, so one might get away with maxing out bandwidth by running short tasks and then stopping them, but hopefully that's not the case here :)
03:11 < kerframil> Emn1ty: ok. so which parameters are you using for socket_create, and what are the reported errors? potential methods of perusing errors: set error_reporting to the maximal level, use socket_last_error() to convey an error number, and socket_strerror() to convert that number to a readable error message.
03:11 < Euph0ria> Nethogs seems to only show me that hexchat is running and it's processes.  But not which process is sending data to 224.0.0.56.
03:11 < Emn1ty> I'll create a paste kerframil
03:11 < vovioheler> Fahrradkette: dam  i still cant do what i want
03:12 < NoriusNotorius> Euph0ria: its dynamic, you might need to keep an eye on it for a bit
03:12 < Fahrradkette> vovioheler: I'm sorry about this, unfortunately I didn't understand what you're trying to do either :(
03:13 < Emn1ty> kerframil: https://pastebin.com/WqEn7PBg
03:13 < vovioheler> Fahrradkette: i want to use torsocks to forward all the trafic
03:14 < Emn1ty> it fails silently, as in the php code executes fine, the messages are just never recieved or sent
03:14 < NoriusNotorius> Euph0ria: I'm actually showing something similar in regards to my connections. I wonder if this is somehow related to dhclient
03:14 < bls> Emn1ty: tried #php?
03:14 < Emn1ty> I probably should, tbh
03:14 < Emn1ty> it was my next stop
03:15 < bls> because it may require some data structure to be initialized or some setting be changed before it'll work
03:15 < Euph0ria> doing a google search for 224.0.0.56 seems to suggest that it has something to do with pulseaudio server?
03:15 < vovioheler> Fahrradkette: torsocks recives an application, what i need is an application that recives traffic and forward i tried to use ssh -N -D 9999 localhost but it says Operation not permitted
03:15 < Fahrradkette> Emn1ty: if your daemon is in the same container, does it work then?
03:15 < Emn1ty> yes
03:15 < Fahrradkette> are they in the same namespace?
03:16 < Fahrradkette> or whatever that's called in docker
03:16 < Emn1ty> they are connected to the same network, yes
03:16 < Fahrradkette> so they see each others
03:16 < Emn1ty> right
03:16 < vovioheler> Fahrradkette: do you understand what am trying to do?
03:16 < Emn1ty> the difference is the application calling this code now is running as a different user, not root
03:17 < bls> vovioheler: torsocks only works with certain programs, and last I read, it was no longer being maintained
03:17 < Fahrradkette> vovioheler: i'm sorry I don't know anything about torsocks
03:18 < Fahrradkette> Emn1ty: could you try to "mock" the connection running a bash scritpt using su www-data?
03:18 < vovioheler> bls: i want to build isolated connections, anyway i can do that?
03:18 < Euph0ria> The upstream is constantly shooting 1.4+Mbps (my upstream max speed) to 224.0.0.56, and nethogs doesn't seem to recognize any processes sending data.  I only have hexchat and synaptic open.
03:18 < vovioheler> bls: without torsocks
03:18 < Fahrradkette> connection across the docker containers
03:18 < bls> not sure. what do isolated connections have to do with torsocks?
03:19 < Emn1ty> yeah let me try that, Fahrradkette
03:19 < bls> vovioheler: oh, then read up on network namespaces
03:19 < Elladan> 224.* is a multicast address
03:19 < Fahrradkette> Euph0ria: did you run it as root? not all processes get reported to your normal user
03:19 < kerframil> Emn1ty: how did you determine that the data is neither sent nor received? have you actually confirmed that with tcpdump, for instance?
03:19 < Emn1ty> yes
03:19 < bls> vovioheler: you can create separate routing tables and run specific programs locked in to using them
03:20 < Emn1ty> kerframil: this is the command I used tcpdump -i lo -n udp port 2000 -X
03:21 < kerframil> Emn1ty: the xray service being hosted by the same machine, presumably
03:21 < vovioheler> bls: i know that the thing is i need to run same program with a different circuit
03:21 < Emn1ty> same machine, different containers
03:21 < vovioheler> bls: and i dont want to change circuits for other instances of the same program
03:22 < bls> vovioheler: so?
03:22 < Euph0ria> Fahrradkette: Yes, I ran it from the terminal usign sudo
03:23 < Fahrradkette> thats wierd
03:23 < bls> you get to pick and choose with instances of which application use which routing table when you start them
03:25 < vovioheler> bls: can u point me somewhere i can see examples
03:25 < kerframil> Emn1ty: might be worth verifying that lo is traversed - just to be sure: ip route get <target-ip-address>
03:27 < Emn1ty> hmm... it says the user is not available... that's strange, too
03:27 < bls> https://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/ https://blogs.igalia.com/dpino/2016/04/10/network-namespaces/ https://lwn.net/Articles/580893/
03:28 < NoriusNotorius> Euph0ria: https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/411688
03:28 < Emn1ty> Fahrradkette root@e89270f90276:/var/www/html# su www-data // This account is currently not available.
03:28 < Fahrradkette> oh
03:29 < NoriusNotorius> Euph0ria: seems like it may definitely be pulseaudio, try disabling it and monitor your connections
03:29 < kerframil> Emn1ty: that's because it has "nologin" as its login shell
03:30 < Emn1ty> ah... that makes sense tbh
03:30 < kerframil> Emn1ty: su -s /bin/bash www-data
03:30 < kerframil> Emn1ty: please also check the interface thing, or use -i any
03:31 < Emn1ty> ok
03:31 < Emn1ty> had to wait for this stuff to spin up again so a bit behind
03:31 < Euph0ria> NoriusNotorius: Sounds about right since my audio quit working after upgrading from 16.04.  Honestly I don't even know how to disable it. :'(
03:31 < jim> kerframil, so that's for cases where a user doesn't have a shell?
03:32 < NoriusNotorius> Euph0ria: systemctl disable pulseaudio?
03:32 < kerframil> jim: for instance, where the login shell is defined as /sbin/nologin in passwd. you can run nologin directly to see what it does.
03:33 < kerframil> jim: it's nicer than, say, /bin/false, in so far as it actually prints a meaningful error
03:33 < jim> ok, so that's even a stronger case: where a user has a login shell but you want a different one, you can su -s /that/shell
03:34 < vovioheler> bls: that is what torsocks uses to make isolated connections?
03:34 < kerframil> yes
03:34 < Euph0ria> NoriusNotorius: I get a "Failed to disable unit: Unit file pulseaudio.service does not exist."
03:34 < jim> (which, without a user arg, will su you to root)
03:36 < Emn1ty> kerframil: ip route get 172.18.0.2 // 172.18.0.2 dev eth0 src 172.18.0.4 cache
03:36 < NoriusNotorius> Euph0ria: try https://learn.foundry.com/nuke/content/timeline_environment/managetimelines/audio_pulse.html
03:37 < bls> vovioheler: no, torsocks tries to insert a shim in between a program and certain calls into the networking stack. if that program doesn't use those calls, there's nothing to intercept and torsocks has no effect
03:37 < Emn1ty> Fahrradkette: also, running the echo command to udp does work from the www-data user
03:37 < Emn1ty> so definitely not it
03:37 < Euph0ria> NoriusNotorius: I'll do that.  Thank you.
03:37 < Emn1ty> something is likely at issue with php
03:37 < kerframil> Emn1ty: lo is the wrong interface to be watching then
03:38 < Emn1ty> alright
03:39 < kerframil> Emn1ty: please repeat your test in PHP, while observing eth0
03:39 < bls> if this is between containers, you've likely got a vswitch/vether/network namespace running that would need to be inspected instead of the loopback
03:40 < kerframil> yeah. I'm not up to speed on containers but as soon as he mentioned them, I immediately wondered about his use of lo.
03:40 < Emn1ty> sorry, heh I am very new to this stuff
03:40 < Emn1ty> so truly apologize if I'm making things difficult
03:41 < kerframil> Emn1ty: the key thing is to be absolutely certain of your observations, and not reach for conclusions early
03:41 < Emn1ty> yeah
03:42 < Fahrradkette> does the xray doc say anything about the docker namespaces?
03:42 < Euph0ria> NoriusNotorius: That seemed to do it!
03:43 < Euph0ria> Thanks to all that helped and gave suggestions!
03:43 < bazhang> weren't some many millions of docker backdoored just dl'd from github?
03:44 < Euph0ria> Not much fun not having audio, but at least it's not flooding my system.
03:44 < Emn1ty> Fahrradkette: no, it just provides an example docker implementation to use which so far has worked
03:44 < Emn1ty> when throwing other things at it though is when it gets funky, like this application
03:44 < Emn1ty> in isolation I had no issues
03:44 < Emn1ty> anyways, pasting the results of the test
03:45 < bazhang> 17 Backdoored Images Downloaded 5 Million Times Removed From Docker Hub
03:45 < bazhang> not such a good thing
03:45 < Emn1ty> kerframil: https://pastebin.com/NmnVYn81
03:45 < Fahrradkette> so there is a high likelyhood the problem lies on the container isolation?
03:46 < Emn1ty> I'm not sure, mostly because I have another setup which tests basic connectivity between the containers and that passes, and sending things with that echo command I was using always works. It's the php application where it fails
03:46 < notmike> jQuery
03:46 < Euph0ria> NoriusNotorius: May I PM you?
03:47 < kerframil> Emn1ty: looks like the payload is being dispatched just fine
03:47 < Emn1ty> yeah
03:47 < Emn1ty> hm...
03:47 < kerframil> Emn1ty: you might also run tcpdump on the receieving side
03:47 < Emn1ty> yeah
03:47 < Emn1ty> let me do that
03:47 < kerframil> er, receiving
03:48 < kerframil> be sure to identify the interface traversed to reach 172.18.0.4, or use -i any if supported
03:49 < Emn1ty> so
03:49 < Emn1ty> it recieves
03:49 < Emn1ty> but the daemon doesn't pick it up
03:49 < Emn1ty> that... is weird
03:49 < kerframil> Emn1ty: at this point, your problem is almost certainly one of not speaking xray's protocol correctly
03:49 < kerframil> Emn1ty: unfortunately, I can't provide any insight on that
03:50 < Emn1ty> well, oddly this works locally
03:50 < Emn1ty> when the deamon runs in the same container it all works fine
03:50 < Fahrradkette> there might be a byte dropped
03:50 < Fahrradkette> it's udp after all
03:50 < Emn1ty> yeah
03:50 < Fahrradkette> does it allow tcp?
03:50 < Emn1ty> blah
03:50 < kerframil> and your payload was exactly the same when tested locally?
03:51 < kerframil> in the same container, that is
03:51 < Emn1ty> similar if not exact payloads
03:51 < T-Rog> is this a good place to ask about Wine gaming?
03:51 < Emn1ty> json objects
03:51 < kerframil> Emn1ty: as long as the method of composition was the same, that does seem suspicious.
03:52 < Fahrradkette> does xray accept tcp connections?
03:54 < T-Rog> I'm trying to play Bioshock 1 in wine and it *runs* but the mouse stutters and makes it impossible to play
03:54 < Emn1ty> kerframil: nope
03:54 < T-Rog> it's like the mouse doesn't want to move and when it does move, it jumps
03:54 < Emn1ty> all I can control is the port number
03:54 < kerframil> Emn1ty: noted, though it was Fahrradkette who asked
03:55 < Emn1ty> ah, sorry
03:56 < Fahrradkette> so in the worst case you'd need a process over at the xray container "translating" tcp to udp?
03:56 < Emn1ty> this is really weird, cause this all runs fine on my local machine but not on this remote machine
03:56 < Emn1ty> yeah, likely
03:56 < Emn1ty> some kind of translation
03:56 < Emn1ty> the other alternative is I use the aws xray sdk, which does everything with web api requests
03:56 < Emn1ty> but that's gonna be a lot worse performance wise
03:56 < Emn1ty> aws sdk*
03:57 < Emn1ty> there is no xray sdk for php (unfortunately, had to write my own)
03:57 < kerframil> Emn1ty: if you've confirmed that the packets are received by the xray host, I'm not sure what to suggest other than to go over the protocol requirements and be doubly sure that you didn't violate any of them.
03:57 < Emn1ty> yeah
03:58 < Emn1ty> there has to be something going on, but looking at it all there should at least be an output of error of somekind, usually it throws logs out for bad data being sent to the daemon
03:58 < kerframil> Emn1ty: also, check which address::port tuple xray is bound to, and whether that matches the trajectory of the packet
03:58 < kerframil> Emn1ty: netstat -lunp or ss -lunp
04:00 < kerframil> Emn1ty: also, any potential Netfilter (iptables) rules. just because a packet is received, doesn't mean it's allowed to be delivered to the application in question.
04:00 < Emn1ty> ok
04:00 < kerframil> that would be iptables-save -c
04:01 < Emn1ty> I think this might be it here:
04:01 < Emn1ty> udp        0      0 127.0.0.11:41829        0.0.0.0:*                           -
04:01 < Emn1ty> udp6       0      0 :::2000                 :::*                                1/xray
04:02 < Emn1ty> but I don't really know
04:02 < Emn1ty> I wonder if the application is writing to the other udp?
04:02 < jim> that second one looks like an ipv6 thing?
04:02 < Emn1ty> I suppose so
04:03 < Emn1ty> my understanding of what this stuff is is at its limit
04:03 < Emn1ty> I am only guessing at this point
04:04 < jim> the first one looks like an established connection too
04:04 < kerframil> Emn1ty: what does `sysctl net.ipv6.bindv6only` report from the xray host?
04:05 < Emn1ty> net.ipv6.bindv6only = 0
04:07 < kerframil> Emn1ty: could you not see any other entry for :2000 in your netstat/ss output? (for "udp" as well as "udp6")?
04:07 < kerframil> Emn1ty: ss -l '( sport = :2000 )'
04:08 < Emn1ty> kerframil: udp   UNCONN     0      0           :::2000                      :::*
04:10 < kerframil> Emn1ty: can you pastebin the whole of it e.g. ss -lnp '( sport = :2000 )' | nc termbin.com 9999
04:11 < Emn1ty> kerframil: http://termbin.com/vhwm
04:12 < kerframil> Emn1ty: this might be a problem
04:12 < Fahrradkette> Emn1ty: are you starting the daemon yourself or will you not have control over it when in prod?
04:13 < Emn1ty> we don't start the deamon but the docker container starts it upon being run
04:13 < Fahrradkette> on https://github.com/aws/aws-xray-daemon there are some command line options
04:13 < kerframil> in view of the above link, try -b 0.0.0.0:2000
04:14 < kerframil> and launching again, if any of this is possible
04:14 < Emn1ty> I can try that, sure
04:15 < kerframil> if you can, check with ss again afterwards
04:17 < jnewt1> anyone have any idea how to get my vnc connection to fit the client screen.  I've tried -clip xinerama0 -scale 1920x1080 to fit to my laptop (server has 1 4k monitor and 1 1920x1080). I want it to work like rdp or teamviewer where it moves everything to one screen.  I don't want scroll bars and windows on screens that don't exist on my client.
04:18 < Emn1ty> kerframil: that is already part of the run command in the dockerfile
04:18 < Emn1ty> CMD ["/usr/bin/xray", "-o", "--bind=0.0.0.0:2000", "--log-level", "warn"]
04:18 < bls> jnewt1: vnc screen size is determined by the server, not the client
04:19 < jnewt1> bls that is on the server
04:19 < Emn1ty> gonna rebuild the image and try again
04:20 < jnewt1> bls works fine in other remote connection programs.  vnc can't handle it?
04:20 < kerframil> Emn1ty: interesting. it could be that IPv4 is serviced by virtue of the "dual-stack" approach. that's possible. even so, this is worth a try: -b 172.18.0.2:2000
04:20 < kerframil> Emn1ty: (or whatever the address was)
04:20 < kerframil> Emn1ty: also, feel free to pastebin iptables-save -c because looking at that is all I have left
04:20 < Emn1ty> yeah, I will once I've got the container running again
04:21 < bls> not sure then. I've always just specified the resolution when starting xvncserver and it's worked
04:23 < kerframil> jnewt1: I've never tried it, but the TigerVNC viewer - at least - has an option to instruct the server to "resize remote session to the local windows". whether your vnc server will obey that request is antoher matter.
04:24 < swift110> anyone have thinkpads here
04:24 < strive> swift110: :)
04:24 < bazhang> swift110, me
04:25 < bazhang> I wish it would die, so I could get a new one
04:25 < Emn1ty> iptables is giving me: iptables-save v1.6.0: Cannot initialize: Permission denied (you must be root)
04:25 < Emn1ty> despite being root
04:29 < bls> are you trying to run iptables inside or outside the container?
04:30 < Emn1ty> inside the container
04:31 < Emn1ty> kerframil: changing the bound ip was no good, same result
04:33 < kerframil> Emn1ty: I'm out of ideas. I don't think the binding was an issue anyway. had net.ipv6.bindv6only been set to 1, it would have been a different matter.
04:34 < Emn1ty> yeah
04:34 < Emn1ty> thanks for the help, kind of the end of my day anyways
04:36 < Fahrradkette> Emn1ty: you said you could send udp packets between both containers?
04:38 < kerframil> Fahrradkette: yes, he did say that - based on running tcpdump on both peers
04:38 < Fahrradkette> ah
04:39 < Fahrradkette> thought there was a mock script
04:40 < Fahrradkette> like, actually reading the data (and eyeballing if it's the hello world sent over the wire)
04:41 < kerframil> the dump did contain the entire payload
04:41 < kerframil> a jsom message ostensibly formatted to xray's expectations
04:42 < kerframil> Fahrradkette: https://pastebin.com/raw/NmnVYn81
04:43 < Fahrradkette> so it could still be that this dump got dropped by iptables?
04:44 < kerframil> that's a possibility but it seems that it isn't functional in the docker container
04:44 < kerframil> iptables-save just throws an error. I don't know much about how docker performs its containerisation.
04:48 < Fahrradkette> guess there are another stack of settings to fiddle acording to https://docs.docker.com/v17.09/engine/userguide/networking/default_network/container-communication/
04:48 < Fahrradkette> like that --link= option
04:56 < kerframil> Fahrradkette: aye. and he said all was well when client and server occupied the same container.
04:56 < kerframil> Fahrradkette: he'll probably figure it out
04:56 < Fahrradkette> kerframil: yeah, I guess so, too
04:59 < dogbert2> anyone used an intel nuc mini box to run linux?
05:01 < mgolisch> is that a special even smaller version of a nuc?
05:02 < dogbert2> https://www.amazon.com/Intel-NUC5CPYH-Graphics-2-5-Inch-BOXNUC5CPYH/dp/B00XPVRR5M/ref=sr_1_5?s=electronics&ie=UTF8&qid=1529117741&sr=1-5&keywords=linux+mini+pc
05:03 < dogbert2> looks nice enuf for a linux box
05:04 < mgolisch> have used one of those as a htpc for many years
05:04 < mgolisch> not sure what to do with it now
05:05 < dogbert2> well, the price is pretty good
05:07 < OS-37380> !susie
05:13 < chowbok> dogbert2: FWIW, I'm running linux on one of these: http://www.azw-online.com/AZW/Product/Z83-VIntel-Mini-PC-Dongle.html
05:16 < dogbert2> interesting
05:16 < chowbok> I got it because the backup software I wanted to run didn't work very well on 32-bit, so I was having problems getting it to work with a Raspberry Pi 3
05:16 < chowbok> Of course, as soon as I bought it they came out with a stable 64-bit kernel for armv8
05:16 < chowbok> Oh well
05:17 < justsomeguy> I curious, does anyone else here monitor ##linux for interesting keywords? What keywords did you choose and why? I save log entries for messages containing the word "better", in order to find advice on what tool is appropriate for specific tasks.
05:18 < justsomeguy> s_I_I'm_
05:18 < chowbok> Now I'm just going to find ways to add "better" to my messages all the time
05:19 < kerframil> you'd better not do that
05:19 < dgs> chowbok: you better not
05:20 < cr0w3> better not what>
05:20 < justsomeguy> Feel free :~} It's just an experiment to see if I can find interesting conversations or advice in the mix.
05:20 < chowbok> Maybe you need some better keywords
05:20 < dogbert2> you need better protection for your junk :)
05:21 < justsomeguy> lol, I think I do. I'll probably accumulate a few as times goes on. It's been working surprisingly well so far, though.
05:21 < Sveta> justsomeguy: i save the whole thing, the most frequent search is for my nick (since i read a lot and if it is interesting then i express it straight away)
05:22 < justsomeguy> Sveta: That's a good strategy if you actively participate a lot. I tried that for a while, but ended up getting overwhelmed.
05:22 < Sveta> justsomeguy: with quassel and a fresh head, reading the whole lot is also easy, the chat is formatted properly
05:22 < Sveta> justsomeguy: (it allows you to scroll up)
05:22 < justsomeguy> That's true. :) Plus, it's good to have it hand so you can run other text formatting or search utils on it later.
05:22 < Sveta> justsomeguy: if i were to adopt your technique, i'd add the word 'debian', as this is the distribution i use, and i'd perhaps like to know what's on
05:23 < Sveta> justsomeguy: i'll consider doing that :)
05:24 < justsomeguy> Sveta: Ps, since you're interested in Debian, there's a good article on it's progress twards 100% reproducible builds on lwn.net today https://lwn.net/Articles/757118/
05:24 < justsomeguy> (It's unfortunately subscriber only, but will be free next week.)
05:25  * justsomeguy stops recommending unasked for news articles, since it occurs to him that It might be annoying.
05:26 < storge_> stop being annoying
05:26 < justsomeguy> Sorry, I will.
05:26 < storge> just kidding, doesn't bother me a bit. it's more information
05:26 < justsomeguy> :p
05:28 < Sveta> justsomeguy: :)
05:31 < TimmyT> hey guys, recently I have run a suspicious binary file by accident. How can I make sure if the Host is still clean or is infected with malware?
05:32 < dogbert2> can
05:32 < storge> there's no way to be sure
05:32 < dogbert2> can't really...
05:32 < storge> not 100% sure anyway.
05:32 < dogbert2> that's why you always run that stuff in a VM...if it's bad, blow the VM away and start over
05:34 < dogbert2> LOL...Las Vegas cop rapes wife's best friend...don't think he'll be married much longer
05:36 < ayecee> that's not something for here
05:37 < TimmyT> Well, maybe I should remove everything and reinstall them again, but another question is Can videos and photos and music be infected with malware?
05:37 < ayecee> yes
05:38 < MikeFromIT> Anything can be infected truthfully
05:38 < TimmyT> even textfiles?
05:38 < ayecee> it would rely on players processing malformed data incorrectly
05:38 < ayecee> probably not text files
05:38 < Hoolootwo> hmm, has anyone ever tried handing out null bytes as ssids?
05:38 < Hoolootwo> I'd like to try it but lede barfs on it
05:39 < ayecee> processing would stop at the first null byte, no?
05:39 < ayecee> hidden ssids are filled with nulls, iirc
05:39 < Hoolootwo> if it's a bad client implementation
05:39 < Hoolootwo> I think hidden ssids are 0-length, not filled with zeros
05:39 < Hoolootwo> or maybe 32-length null strings?
05:40 < ayecee> /shruggie
05:41 < justsomeguy> I would personally feel comfortable keeping his music files if they had been connected to an infected host. (Assuming they're not a weird file format.) Is that a bad idea?
05:41 < Hoolootwo> yeah, I'll stick to simple emoji and control carachters
05:41 < justsomeguy> s_his_my_
05:41 < ayecee> justsomeguy: it's an unlikely vector, so probably fine.
05:42 < justsomeguy> That was my thinking.
05:42 < ayecee> though maybe more risky if you regularly download music and video files from questionable sources.
05:42 < Hoolootwo> right ^
05:42 < justsomeguy> Nah, mostly ripped from CDs I own and saved as flac files.
05:42 < ayecee> still, it would require playing them with a vulnerable player.
05:44 < justsomeguy> There was that bug in ffmpeg a while back, with the Nintendo music format files that required an emulated CPU to run. It sort of made me reconsider if keeping my old media files was a good idea.
05:44  * justsomeguy still thinks it will be OK, but the article was cool. :)
05:45 < Hoolootwo> yeah, though that's a pretty special case of an uncommon format
05:45 < justsomeguy> True true.
05:45 < Hoolootwo> if it's all flac and mp3, it's probably all fine since people check those in the more popular players
05:58 < s0k_iT> so what are ppl's favorite distro?
05:59 < ayecee> tell us about yours
06:00 < syb0rg> probably ubuntu s0k_iT, that is the one I keep coming back to. I also have a laptop on arch, and the up to date packages are nice
06:03 < TimmyT> it's f*** killing my mine, it's my desktop and I'm not really doing any thing special on it. but the mind that my system may be infected by this chinese shit is killing me.
06:03 < s0k_iT> im ubuntu, and kali for pentesting
06:03 < ayecee> this is how people develop germ phobias
06:04 < syb0rg> lol.
06:04 < ayecee> o c mf d
06:04 < ziggylazer> haha
06:04 < s0k_iT> is there a way to pull a master irc open channel list?
06:04 < ayecee> s0k_iT: try /list
06:05 < s0k_iT> oh duh thanks
06:05 < s0k_iT> use to write scripts for irc when i was a kid now i barely know how to use it lol
06:06 < syb0rg> I know that feeling, for me it is web dev. I used to be semi competent with html css and javascript, now I have to look up every other tag/property/line of code if I mess with web stuff
06:07 < s0k_iT> same again
06:07 < syb0rg> stupid meat computer, why can't it remember things?
06:07 < s0k_iT> programming im more proficient now, but that stuff no
06:07 < ziggylazer> ayecee, solved the problem I asked you about earlier.
06:07 < ayecee> how so?
06:08 < ziggylazer> Type juggling with a cookie that had  a MD5 in it. PHP
06:08 < ayecee> i see. was my understanding of the vulnerability correct?
06:09 < ziggylazer> I think you were almoste spot on
06:09 < ayecee> awesome
06:09 < ziggylazer> Since the sum got invalid. I had to add ==0
06:10 < ziggylazer> And ==0 is false
06:10 < ziggylazer> FALSE FALSE makes TRUE
06:10 < ziggylazer> php logic
06:11 < ayecee> so two wrongs DO make a right
06:11 < ziggylazer> always said that myselfe
06:12 < ayecee> take that, mom
06:12 < ziggylazer> haha
06:13 < ziggylazer> https://foxglovesecurity.com/2017/02/07/type-juggling-and-php-object-injection-and-sqli-oh-my/
06:13 < ziggylazer> Explains it very nicely
06:14 < justsomeguy> That's why it's nice when languages/tools are easy to reason about. Too many implementation details makes for a lot of things to remember.
06:15  * justsomeguy just been a little exasperated while learning about the ugliness that is pure bash https://github.com/dylanaraps/pure-bash-bible
06:16 < yaldak> ayecee: is right IMO
06:16  * jim sees if anything's left
06:18 < horseface> does anybody here use mullvad?
06:18 < ayecee> no, you are the first
06:18 < jim> what's that/
06:18 < jim> ?
06:18 < ayecee> does anyone here drive toyotas?
06:19 < horseface> i am just wondering if it is really slow for anybody else at the moment?
06:19 < horseface> i am getting download speeds of 20kb/s
06:19 < horseface> comapred to the usual of 5mb/s
06:20 < syb0rg> I assume they have multiple servers, horseface?
06:20 < syb0rg> you could always try another if you haven't
06:20 < jim> horseface, I think his point (which I agree with, but I have no judgement) is you should just ask... I would add that you should include lots of informative details
06:28 < ayecee> sometimes i worry about you
06:29 < ayecee> but then i wonder if i should worry about me instead
06:57 < toeshred> someone tols me TLS is better than SSH. Isn't that comparing apples and oranges? Seems like a dumb comment, but maybe I'm just not understanding what he means.
06:57 < ayecee> maybe ask him to clarify
06:57 < ayecee> i.e. better according to what criteria
06:57 < ayecee> where "more secure" is not an adequate description
06:58 < syb0rg> sure sounds like an apples and oranges situation to me
06:58 < ayecee> also consider the context around the statement, which we don't have access to.
06:59 < syb0rg> true, but without that context it seems like a silly statement
07:00 < ayecee> the phrase "taken out of context" exists for a reason
07:01 < ayecee> you know, because of the implication
07:01 < syb0rg> indeed. I am not saying that it is certainly a silly statement, but with only the information we have it seems like one
07:01 < syb0rg> those are some hefty implications
07:02 < ayecee> silly to pass judgment on it without context too
07:04 < syb0rg> judging the comment alone, I find it to be silly. However, I accept that context could change that. *shrug*
07:05 < ayecee> more incomplete than silly.
07:05 < syb0rg> it must be dead in here if we're really argiung about this ;)
07:06 < syb0rg> *arguing, rather
07:06 < ayecee> yup
07:13 < jeffree> what is systend-journald and should it be continually writing to disk?
07:13 < ayecee> the approximate equivalent to syslog, and yes
07:14 < jeffree> well, something unusual is going on, more disk writes than usual
07:14 < ayecee> ok
07:14 < jeffree> lol
07:15 < jeffree> it's almost like I'm running windows
07:15 < ziggylazer> If you provide people with more information they might be more inclined to answer
07:15 < ayecee> let's not get crazy now
07:16 < Tuxand> toeshred: are you or your friend cofused with ssl and ssh?
07:16 < jeffree> hdd light about once per second. iotop shows systemd-journald at the top
07:16 < ziggylazer> We are tackling this issue by blinking lights?
07:16 < ayecee> how often does it light normally, and where does iotop show systemd-journald normally when idle
07:17 < ayecee> also have you considered reading what it's writing
07:17 < ziggylazer> jeffree, time this
07:17 < ayecee> with journalctl
07:17 < toeshred> Tuxand: I'm of the understanding that TLS is just a secure security protocol, while ssh is an actual shell, and that the two are not comparable since they have different jobs. Am I wrong?
07:17 < ayecee> toeshred: in the context of the statement, yes, you're wrong.
07:18 < ayecee> or at least not right.
07:18 < ayecee> probably somewhere in between.
07:18 < toeshred> ayecee: so when he says "tls > ssh" it's because tls performs the same job as ssh (provides shell access)?
07:18 < jeffree> ayecee: it seems like usually its not often, definitely not something you can count
07:19 < jeffree> I bet if I reboot it stops
07:19 < ayecee> toeshred: when he says "tls > ssh", ask for more context, and/or provide us more context.
07:19 < jeffree> how do I read it
07:19 < ayecee> with journalctl
07:19 < ayecee> i mean seriously
07:19 < ziggylazer> breath
07:20 < ziggylazer> Its summer and nice weather outside.
07:20 < ayecee> sure is
07:20 < ayecee> if i were smart i'd turn off this glowbox and enjoy it.
07:21 < ziggylazer> Yeah I will go off the grid for atleast a week
07:21 < jeffree> lines 4795705-4795759/4795759 (END)
07:21 < jeffree> how do I see the end?
07:22 < ayecee> $G
07:22 < jeffree> nevermind
07:22 < jeffree> misread
07:23 < ayecee> i've just realized that the kink in my neck could be coming from having a secondary monitor on the same side at both home and work.
07:23 < jeffree> I'm an idiot
07:23 < jeffree> sorry to bother you guys
07:23 < ayecee> ok
07:24 < jeffree> it was something I had running and forgot about
07:24 < ziggylazer> ayecee, there you go. Got a project for the day
07:24 < ayecee> \o/
07:26 < ziggylazer> I soon got yesterdays Real Time with Bill Mhar down. Coffee and a good breakfest is a standing Saturday tradition when catching up on what your side of the pond has been up to
07:27 < ayecee> that seems like a good tradition. mine is beer and more beer to forget what my side of the pond has been up to.
07:28 < ziggylazer> hahaha
07:29 < ziggylazer> We are starting to import the crazy here too
07:29 < ayecee> eh. i think we imported the crazy. EU has been thrashing over neighborwars.
07:30 < ziggylazer> Oh yes!
07:30 < ziggylazer> We have that shit down
07:30 < ayecee> proud traditions even
07:30 < ziggylazer> Yeah its in
07:30 < ziggylazer> insane
07:30 < ziggylazer> And EU is on the brink to breaking...
07:32 < ayecee> interesting times all around
07:32 < ziggylazer> I used to be much more upset with the status of this world of ours. Now I follow to see how crazy can It really get
07:33 < varshitbhat> 11:02 AM <varshitbhat> Hey,I have installed Ubuntu 18.4 in offline pc.i cannot get internet connection.but I've to install gnome-tweak-tool ,vlc media player,and dosbox emulator all offline.please help
07:33 < ayecee> cross-posting is bad form.
07:33 < ayecee> it's virtually a guarantee that you won't answer any questions.
07:34 < ExploitedKernel> I'm having an issue you with one of my Linux VPS's I bascially can't do anything with the system because it's in "Read-Only File system" for everything, I've tried rebooting, and it's still doing it. Anyone know how to get out of this?
07:34 < ayecee> so, good luck with that.
07:34 < ayecee> ExploitedKernel: contact the vps host
07:34 < ayecee> ExploitedKernel: maybe check dmesg output to see why it's read only.
07:35 < ExploitedKernel> Ya, look's like thats what it's going to me.. how do I check the dmesg sorry
07:35 < ayecee> you literally type dmesg and press enter
07:35 < ayecee> in the console or a shell
07:36 < ayecee> after logging in, of course
07:37 < ExploitedKernel> oh :P kk thanks got it.
07:39 < CrazyTux> why has Manjaro reached the top of distrowatch rankings all of a sudden?
07:40 < ayecee> distrowatch url for it was linked from somewhere popular
07:41 < ayecee> the popularity is ranked by how many people access the distrowatch page for a given distro
07:41 < CrazyTux> ok
07:42 < CrazyTux> Manjaro must be doing something right to deserve that.
07:43 < ayecee> no
07:43 < ayecee> that's not how it works
07:43 < CrazyTux> ok
07:44 < ayecee> the way it works is that one person posting one link to a popular place can skew the results
07:44 < CrazyTux> ok.
07:44 < CrazyTux> I understand.
07:44 < ziggylazer> How are the results quantified?
07:45 < ayecee> i don't know that i've ever seen it explicitly described
07:45 < ayecee> however i'd imagine that it's a decaying hit count, where hits from yesterday count a little less than today, and so forth.
07:46 < CrazyTux> ayecee, btw, which distro are you using now?
07:46 < ayecee> windows 10
07:46 < oneko> lol
07:46 < CrazyTux> lol. great.
07:47 < oneko> I switched to arch linux for better emoji support but not that emojis are on the latest ubuntu release i feel like switching back to ubuntu
07:48 < oneko> *now
07:49 < ziggylazer> emoji?
07:49 < ziggylazer> As in smiley faces?
07:50 < ziggylazer> Or is this some new framwork that have missed?
07:50 < ayecee> yes, grampa
07:50 < ayecee> smiley faces
07:50 < ziggylazer> No
07:50 < ziggylazer> Cant be
07:50 < ayecee> but with pictures
07:50 < ayecee> instead of text
07:51 < oneko> Yeah, pictures not typographics, ziggylazer
07:51 < ayecee> oneko: get off my lawn!
07:51 < CrazyTux> which is recommended for a newbie and a non technical end user? a rolling release distro or a fixed release one?
07:51 < ziggylazer> It just hurts...
07:51 < ayecee> CrazyTux: ubuntu
07:51 < CrazyTux> Manjaro btw is quite stable.
07:51 < ayecee> but wait
07:52 < ayecee> you ask this same goddamned question in slightly different forms every time you're here.
07:52 < ayecee> cut that shit out
07:52 < ziggylazer> CrazyTux, dosent mather what you use
07:52 < ayecee> let someone else ask for a change
07:52 < ziggylazer> learn how to use it instead
07:53 < ayecee> then you can guide them with all the knowledge you've accumulated
07:53 < CrazyTux> if we don't keep a distro like Manjaro updated for say a month could it create any problem?
07:53 < ayecee> yes
07:53 < ziggylazer> if it CAN?
07:54 < jim> CrazyTux, you should have plenty of info by now, maybe you can make a recommendation
07:54 < ziggylazer> But that goes for EVERY dist
07:54 < CrazyTux> suppose I don't have access to the computer and am unable to apply the updates.
07:54 < CrazyTux> and I apply the bulk updates at once.
07:54 < pxfgod> How does the 64-bit kernel run a 32-bit process. Is there a layer like WOW64 to translate syscalls to 64-bit???
07:54 < ayecee> pxfgod: something like that, yes
07:56 < pxfgod> ayecee, Thanks, I am quiet clear.
07:56 < ziggylazer> Is this a symptom of summer?
07:56 < ayecee> no
07:57 < jim> CrazyTux, I know we've said this before... but you need to pick a dist and stick with it for about a year, so you can learn what it means to run a unix-alike
07:57 < ziggylazer> Kids got more spare time?
07:57 < ayecee> this is a symptom of late night/early morning in america
07:57 < ziggylazer> ah
07:57 < CrazyTux> jim, yes. I am not changing the distros I have installed on my computer now.
07:58 < ayecee> around this time the non-english speaking parts of the world are active, and the dialog becomes strained and sometimes incomprehensible.
07:58 < jim> good... keep em around for awhile so you can gain real experience
07:59 < ziggylazer> But what part?
07:59 < ayecee> the left part
07:59 < ziggylazer> Asia is up now
07:59 < ziggylazer> hahaha
07:59 < ziggylazer> left part
07:59 < ayecee> :D
08:00 < pxfgod> ayecee, `MultiArch`? right?
08:02 < ayecee> you're asking a lot of me to remember a conversation that's not on the screen
08:02 < ayecee> but yes, multiarch would normally be needed to run 32-bit stuff on 64-bit platform
08:05 < ziggylazer> Think IRC is around in another 10 years?
08:06 < ayecee> i hope so
08:06 < morf> better be
08:06 < ziggylazer> I dont think it will
08:06 < ayecee> i for one welcome our slack overlords
08:06 < ayecee> well, not really, but they do make a nice platform
08:07 < ziggylazer> Hehe maybe
08:07 < ayecee> if i could have their client opensourced and connected to an arbitrary irc server i would be so happy
08:07 < ziggylazer> last stronghold of free exchanges of ideas..
08:11 < morf> i just don't uderstand what ppl see in slack
08:12 < ayecee> could you try
08:13 < ziggylazer> Have to ask. I heard something about Canada implementing a law that would compel speach
08:13 < ziggylazer> Was that done?
08:14 < ayecee> vague question is vague
08:15 < ziggylazer> I dont remember exactly what is was but something about how one could adress HBTQ ppl maybe?
08:15 < ziggylazer> I might just had a nightmare
08:16 < ayecee> hbtq people?
08:16 < morf> you mean you have to somehow guess how they selfidentify and called them right otherwise you will get a fine
08:16 < ayecee> i don't even
08:16 < morf> is that the one? i think it went through
08:17 < ziggylazer> LBGT
08:17 < ayecee> it's like a game of news telephone
08:17 < ayecee> lgbtq, probably
08:17 < ziggylazer> Ah yes
08:17 < ayecee> lesbian gay bisexual trans queer
08:18 < morf> https://www.lifesitenews.com/news/breaking-canada-passes-radical-law-forcing-gender-theory-acceptance
08:18 < ziggylazer> yeah just read
08:18 < ayecee> oh man, with an url like that the article is going to be a trainwreck.
08:19 < ayecee> yup, it is. calls the bill by two different names, for one
08:19 < ziggylazer> Thats a hard pill to swallow that bill...
08:20 < ayecee> especially if you rely on christian evangelicals to interpret it for you
08:20 < ziggylazer> If I cared at all what happens that would be something to worry about.
08:20 < ziggylazer> yeah fantastic
08:20 < ayecee> maybe read the bill itself if you're at all concerned, instead of reading the spin.
08:21 < ayecee> and if you're not concerned, don't bring it up
08:22 < ayecee> even if you are concerned, don't bring it up in ##linux
08:22 < morf> yeah just sit quietly
08:22 < ziggylazer> and shut up
08:22 < ayecee> i prefer stfu
08:22 < morf> best thing to do on irc :)
08:23 < ziggylazer> Nah never is
08:23 < ayecee> religion politics and society, rude things to bring up at the dinner table or on irc.
08:24 < ziggylazer> I think some hours allow for some latiitude
08:25 < no_gravity> Sometimes my machine takes ages to wind down. Is there a way to debug what is going on?
08:25 < ayecee> they do. you're testing them now.
08:25 < dongbag> Hey guys, I'm just a dumb dumb FW engineer and I'm trying to host a linux box on a "server" on a hosting service I can pay for monthly
08:26 < dongbag> I don't want a website or anything, just a remote linux machine w/ an global IP
08:26 < ziggylazer> Yeah I'll just let that go
08:26 < dongbag> what are these called?
08:26 < no_gravity> dongbag: VMs
08:26 < no_gravity> dongbag: You get those for a few bucks a month these days.
08:26 < dongbag> do they get me pick my own OS?
08:27 < no_gravity> dongbag: kinda
08:27 < dongbag> hm, I'm guessing it's on a hypervisor or something
08:27 < no_gravity> dongbag: Yup. Not dedicated hardware.
08:27 < no_gravity> dongbag: Of course, you can rent dedicated hardware too if you want.
08:28 < sauvin> Have a care. There's a VPS, and there's "shared hosting". These are NOT the same thing.
08:28 < dongbag> interesting, I'll have a look
08:28 < dongbag> thanx
08:30 < dongbag> I can't go wrong with AWS VM can I?
08:31 < no_gravity> dongbag: It works. But it's usually more expensive then other alternatives.
08:40 < sauvin> dongbag, check out Digital Ocean or Linode.
08:57 < GodOfSea> Hello
08:57 < GodOfSea> How do I create a GPT live usb of ubuntu ?
08:58 < GodOfSea> in ubuntu
08:58 < GodOfSea> I mean , I can easily do that in windows , using rufus , but dont have access to that
08:59 < ayecee> dd if=ubuntu.iso of=/dev/yourusbdevice
08:59 < ayecee> even in windows you don't need rufus for that.
08:59 < ayecee> imageusb would be fine.
09:01 < GodOfSea> See , I have a windows partition , its in GPT , and I deleted the bootloader , I wanna dual boot it with LInux , if I use dd , I get compatibility issue , and Mint doesnt recognize my windows , but when I did that with Rufus ( Rufus has an option for GPT or MBR ) Mint recognized my Win10
09:02 < ayecee> cool story
09:02 < ayecee> does not change advice.
09:03 < ayecee> also, what is "compatibility issue"
09:03 < GodOfSea> okkaay
09:03 < GodOfSea> Something to do with uefi
09:03 < ayecee> can't diagnose "something to do with" error messages
09:03 < ayecee> also, why would you delete the bootloader
09:04 < GodOfSea> I wanted to see what happens if I do that
09:04 < ayecee> something bad, apparently
09:05 < GodOfSea> and I had a arch installation , that I wanted to remove ,and start fresh with grub with Mint
09:05 < ayecee> where does ubuntu come into this
09:06 < GodOfSea> Ubuntu = Mint
09:06 < ayecee> no
09:06 < ayecee> fix your windows bootloader, then create a new mint usb installer with imageusb and not rufus.
09:09 < GodOfSea> Yeah , thats the best way , right now I can only use a live linux usb , cant access windows
09:09 < GodOfSea> Fortunately I got 2 USBs
09:13 < codebam> if dm-crypt is installed as a module how do I successfully boot from a fde drive encrypted with luks (dm-crypt)?
09:14 < codebam> dracut seemed to install dm, crypt, and lvm modules but it just gets to the screen where I'd usually enter my password and then tells me that it can't modprobe dm-crypt from /lib/modules/...
09:15 < codebam> the only way I've been able to boot is by building dm-crypt into the kernel
09:35 < V7> Hey all
09:36 < V7> Just installed netcat in arch, but when executing nc it just do nothing, I mean it just executes and exists
09:36 < V7> exits *
09:36 < V7> So, I've tried to remove package via: pacman -Rsn netcat, but it tells that no such target
09:36 < V7> does nothing *
09:38 < pingfloyd> us a package manager that doesn't suck?
09:41 < dongbag> I have an AWS server running, I want to open a socket on my home machine and write a simple program just to echo stuff
09:42 < dongbag> what kind of sercurity does the AWS have, how can I find out?
09:46 < pingfloyd> dongbag: what's the requirement for aws?
09:46 < pingfloyd> that shouldn't be required to do what you're trying to do
09:46 < pingfloyd> just use netcat
09:47 < dongbag> I'm just messing around with some IoT stuff,
09:47 < dongbag> i guess it would make sense to try it on my own computer first
09:47 < pingfloyd> nc is the shit
09:47 < pingfloyd> it's not called the networking swiss army knife for nothing
09:48 < dongbag> I didn't know it was called that at all
09:48 < dongbag> or that it existed
09:48 < dongbag> I'll look into it...
09:50 < pingfloyd> hold on a sec, I might have a good nc tutorial stashed away somewhere
09:50 < dongbag> sweeet
09:50 < dongbag> thnx
09:51 < pingfloyd> here's some examples of some of the things you can do https://null-byte.wonderhowto.com/how-to/hack-like-pro-use-netcat-swiss-army-knife-hacking-tools-0148657/
09:51 < pingfloyd> it can do much more than that, but it's a decent primer
09:51 < pingfloyd> this is a nice little gold nugget https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
09:52 < dongbag> cool, I'll read those
09:52 < dongbag> thanks
09:52 < pingfloyd> you're welcome, enjoy
09:58 < greenit> hi, can anyone help me getting the touchscreen of my HP Envy x360 15-bq102ng to work? I followed the instructions in this link: https://bugzilla.kernel.org/show_bug.cgi?id=198715 but it still isn't recognized and doesn't work...
10:25 < Lope> please remind me the name of the power program for making an x86_64 computer go into low power mode, you press tab and enter etc?
10:25 < Lope> good / bad
10:26 < Sitri> suspend?
10:27 < Lope> oh, it's powertop. That's what I thoght. But somehow ubuntu uninstalled it automagically :( so I doubted myself.
10:27 < Lope> cos it wasn't found.
10:27 < Lope> reinstalled it and used it now.
11:07 < TaZeR> are there any advantages to using LUKS2 vs LUKS1 for standard system setups?
11:15 < revenantscrub> well hey
11:28 < seven-eleven> hi
11:28 < seven-eleven> is there something similar to krunner in gnome?
11:30 < Sitri> What is krunner?
11:31 < lopid> an interface to baloo
11:31 < revel> "Framework for providing different actions given a string query"
11:32 < seven-eleven> it's a popup window where you can enter a command to start. it features auto completion and shortcuts to search websites. shortcuts can be for example "gg: example" to google or "az: computer" to search amazon
11:32 < seven-eleven> s/start/run
11:33 < seven-eleven> if there isn't i just use krunner inside gnome
11:34 < seven-eleven> interestingly my kde hotkeys work from within gnome once i open the hotkey setting from within krunner :D
11:36 < lopid> why not just use kde?
11:37 < cristian_c> hello
11:37 < seven-eleven> switch temporarily to gnome, because packettracer doesn't work properly from kde, like you can't drag & drop modules of a device
11:37 < cristian_c> I've built and installed easycap smi driver (kernel module)
11:37 < lopid> lame
11:37 < cristian_c> I've got driver sources from github repository (via AUR on archlinux, and via github in ubuntu)
11:38 < cristian_c> I've also loaded firmware too (in addition to driver loading)
11:38 < cristian_c> so, I've started vlc and I've connected easycap dongle to input source and to usb port
11:38 < cristian_c> if I look at dmesg output I see a large amount of messages (all them almost the same message)
11:39 < cristian_c> 'smi2021 Skip broken frame N line, but need 240 in current 480 height'
11:39 < cristian_c> where N is an integer number
11:39 < cristian_c> vlc screen is always blank, btw
11:39 < cristian_c> so, how could I solve this issue, in order to grab video from the device?
11:40 < cristian_c> any ideas?
12:00 < xdog> ну что вы ватманы?
12:06 < Armand> xdog: English may be more productive
12:06 < xdog> не говорю по ангельски
12:08 < Armand> я не говорю по-русски
12:08 < xdog> очень зря
12:08 < Armand> это шутка
12:08 < revel> xdog: Это чат только в по-английски
12:09 < xdog> так так так
12:09 < xdog> вот что за говнецо
12:09 < Armand> Да, но это правила
12:09 < xdog> У меня при наборе текста какие то автозаполнения включились, и печатает тарабарщину
12:10 < Armand> Hahahaa
12:11 < xdog> при чем происходит это какCCие
12:11 < xdog> во, видали какCCие
12:11 < xdog> что это за хрень?
12:11 < hexnewbie> How do I enable AudibleBell in X? I know ‘pactl load-module module-x11-bell’ disables it (I use that on one computer as a do-not-disturb mode), but on another computer AudibleBell is disabled *without* loading the module-x11-bell PA module. I want to enable it back somehow, so I actually know a bell sounded. I know plugging in USB keyboards or sound cards sometimes enables it (and ‘xkbbell -force’ always works). How?
12:12 < kingrodian> net o vas angliski v shkole?
12:12 < kingrodian> I dont get why russians dont speak english
12:12 < xdog> ya v schkole uchil nemeckii
12:12 < revel> A lot of them do.
12:12 < revel> Oh, he studied German.
12:12 < kingrodian> ah
12:12 < xdog> no ego ya tozhe ne znayu
12:13 < kingrodian> hahaha
12:13 < Armand> xdog: Английский, или вам может быть запрещено
12:13 < xdog> кто мне может быть запрещено?
12:13 < hexnewbie> I have worked it around by using module-x11-bell, but I 1) often don't hear the headphones when they aren't on my head, and 2) the PA bell totally ruins any music (plus, opening hexchat just blew my ears by playing 1000 bell samples at the same time)
12:14 < xdog> ПроCCCCCCCиCCCCCCсходитисходит
12:14 < xdog> от опять
12:14  * Armand prods jim
12:14 < xdog> как пофиксить?
12:14 < deniska> Speaking a language different from the one used in the room is considered rude
12:14 < kingrodian> he apparently wasnt taught english in school
12:15 < deniska> It's not an excuse
12:15 < kingrodian> its not
12:15 < Armand> I thought all Russian trolls were taught English ?
12:15 < Armand> :trollface:
12:15 < kingrodian> theres probably a russian linux channel somewhere
12:16 < deniska> I think there should be
12:16 < deniska> I know there's #ubuntu-ru for ubuntu stuff, not sure if there's a general linux russian chat
12:16 < deniska> (at least on freenode)
12:18 < Tuxand> deniska: well maybe we need to make a request to have channes for other languages
12:18 < hexnewbie> The #linux-ru one (no double hash, so official?) seems to have two people in it, and requires use of KOI8-R, which is.. ugh.
12:18 < deniska> 1994 called, wanted their encoding back :)
12:19 < BCMM> ... russia is by and large on unicode now, right? they're not a weird holdout like Japan?
12:20 < ToddenP> test]
12:21 < BCMM> hexnewbie: staffers are quite lax about namespace, at least until it becomes a problem. also, oddly enough, this channel *is* almost official https://freenode.linux.community/linux-sub-license/
12:21 < BCMM> Alex4921: can't hear you; type louder
12:21 < hexnewbie> I don't know how you can be a holdout on Unicode realistically. Your word processing will be in unicode, GTK+ will force you to switch to UTF-8 locale, your web pages - even if in local encodings (those still live) will be converted to Unicode in the end (and will support Unicode through entities)
12:22 < GodOfSea> Hey
12:23 < BCMM> hexnewbie: japan is still a weird split between unicode and JIS. yes, it causes about as much weird compatibility problems as you'd think
12:24 < hexnewbie> I guess your LaTeX documents would be non-unicode (even if you used utf8 encoding for them), and some IRC communities can't switch.
12:24 < BCMM> but it was my understanding that cyrillic languages have all moved to unicode at about the same pace as latin
12:24 < BCMM> so i guess it's just that one weird channel?
12:24 < Alex4921> Nickserv command to change password again?
12:25 < deniska> BCMM: you still see a lot of cp1251 in places because шindoшs, but koi8-r is a real oddity these days
12:25 < Alex4921> Got it nvm
12:26 < BCMM> deniska: thanks, this stuff is interesting. old windows, right? it's utf-16 on modern windows?
12:27 < deniska> BCMM: it's all over the place on windows. Old 1-byte national encodings, utf-16 for internal windows things, utf-8 for some external windows things
12:28 < GodOfSea> So I dual booted win10 and linux mint , and now grub only shows Linux mint , nothing about windows And http://paste.ubuntu.com/p/tpMZF5hpZR/ we can see thats grub.cfg file doesnt have anything about /dev/sda1 (Windows 10) How do I change that
12:28 < deniska> BCMM: Let's say I still have to have an alias for "reencode this file from cp1251" when I use vim on windows :)
12:28 < GodOfSea> or how do I get it working
12:28 < hexnewbie> BCMM: Yeah, I understand how it happens and what problems it can cause. (I even have some Japanese editor (JWPce) installed in a Wine prefix when I needed to look up something without installing input methods, and was weirded out by how SJIS is present everywhere in the UI). I just don't understand which programs, other than plain text (editors, IRC) would ever be non-unicode.
12:28 < BCMM> oh wow cyrillic encoding is more complicated than i thought... so theres, like, the soviet one, the international one, and the microsoft one?
12:29 < deniska> BCMM: koi8-r was unixy one, cp1251 is windowsy one, cp866 is DOS one
12:29 < hexnewbie> BCMM: I have documents in Cyrillic encodings that don't make it to lists, and I was surprised  iconv supported them
12:29 < deniska> BCMM: there was also a classical mac encoding for cyrillic
12:29 < hexnewbie> Namely,  DOS encodings with no cpXXX for them
12:29 < GodOfSea> I tried adding menu-entry in  /etc/grub.d/40_custom but no luck
12:31 < GodOfSea> .
12:32 < hexnewbie> Netscape 4 for GNU/Linux was particularly a pain, because when a page was encoded with CP1251, it would mistakenly submit the forms in the web page in KOI8-R encoding.
12:32 < deniska> GodOfSea: for starters, have you tried running update-grub script?
12:32 < deniska> hexnewbie: dark ages, I remember each web site having an encoding selector :)
12:33 < GodOfSea> yeah I did and tried os-prober , nothing
12:33 < GodOfSea> deniska can you take a look at the /etc/grub.d/40_custom file ?
12:34 < deniska> GodOfSea: yeah, mine's unedited
12:36 < GodOfSea> deniska check mine , I addded this https://paste.ubuntu.com/p/WKdp7NxHHP/
12:38 < deniska> GodOfSea: I'm not really familiar with grub stuff because mine just worked. I remember, though, that you have to run update-grub after editing grub's configs in etc because it updates the files grub actually reads from /boot
12:39 < GodOfSea> yup , tried that too
12:40 < PaulePanter> Hi. Do you know if there is a site where changes in Linux LTS patch releases are summarized.
12:40 < PaulePanter> ?
12:40 < PaulePanter> I know, that there is a change-log https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.50
12:40 < PaulePanter> But it’d be nice if these were summarized.
12:41 < BCMM> PaulePanter: it's hard to see how they'd do it, really
12:41 < BCMM> PaulePanter: usually summaries cover major new features, and LTS releases don't do that
12:41 < BCMM> the whole changelog is boring, because the whole changelog is little bug fixes
12:42 < PaulePanter> BCMM: Often there are security issues fixed in there.
12:42 < PaulePanter> Greg’s assumption that everybody will use that new release and reboot is unrealistic. A lot of server admins just do not do it as rebooting takes too long thanks to badly written firmware.
12:43 < PaulePanter> BCMM: So it’d be great to have a hint, when one should really reboot.
12:43 < hexnewbie> Ah, found how I enable AudibleBell in KDE. It's hidden in Accessibility Features in System Settings. (Had to grep /usr/share/X11/xkb for AudibleBell after doing ‘apropos bell’, and when I found it in file named accessx it occurred to be it might be in the Accessibility section. One would think these things would be documented somewhere, and findable in search engines)
12:44 < PaulePanter> My current strategy is to search for *nfs* and *xfs* in the log, as that are the parts that I deem important. But I likely miss something.
12:46 < BCMM> PaulePanter: "rebooting takes too long thanks to badly written firmware" -> use kexec
12:48 < hexnewbie> Hm, I also figured out why attaching headphones would re-enable my AudibleBell accidentally - the headphones include a keyboard (mute button), which causes xkb to reinitialised. Haha
12:49 < GodOfSea> anyone here knows grub ? i have trouble getting my windows in grub menu
12:57 < GodOfSea> well ?
12:57 < Sitri> Just ask
12:58 < GodOfSea> I did
12:59 < GodOfSea> So I dual booted win10 and linux mint , and now grub only shows Linux mint , nothing about windows And http://paste.ubuntu.com/p/tpMZF5hpZR/ we can see thats grub.cfg file doesnt have anything about /dev/sda1 (Windows 10) How do I change that
12:59 < GodOfSea> https://paste.ubuntu.com/p/WKdp7NxHHP/
13:00 < searedvandal> update-grub doesn't work?
13:01 < GodOfSea> no
13:01 < BCMM> GodOfSea: is it a uefi or bios install of windows? is it uefi or bios grub?
13:02 < GodOfSea> BCMM its gpt windows and MBR Linux
13:02 < BCMM> GodOfSea: linux can be booted either way regardless of partition type
13:02 < GodOfSea> Ok
13:02 < BCMM> but gpt windows will only boot with uefi, not legacy boot
13:03 < GodOfSea> So ?
13:03 < BCMM> GodOfSea: so what mode is your firmware booting in?
13:03 < GodOfSea> HOw do I check ?
13:04 < BCMM> well, you could disable legacy boot and see if it still loads grub, or if your mobo does it, you could open the "select boot device" menu and see if it tells you whether boot options are efi or legacy
13:04 < BCMM> did you install grub to the boot sector of your MBR disk, or to the ESP of your gpt disk?
13:05 < BCMM> oh right "Grub2 (v2.00) is installed in the MBR of /dev/sda"
13:05 < GodOfSea> windows was working before I installed linux alogside it and I deleted an arch partition and windows recovery partition before this Linux Mint installation
13:05 < BCMM> GodOfSea: so your pastebin says grub is installed on the mbr, implying that you're loading grub in legacy boot mode
13:05 < GodOfSea> yeah Grub is in MBR
13:06 < GodOfSea> Ohh
13:06 < BCMM> grub will not be able to chainload windows, because windows requires the firmware to be booted in uefi mode
13:06 < GodOfSea> Ok
13:07 < GodOfSea> So I need to get grub installed in GPT ?
13:07 < GodOfSea> in sda1 ?
13:07 < BCMM> GodOfSea: i don't know your partition and disk layout...
13:07 < BCMM> GodOfSea: i also don't know ubuntu. but on debian, there's a grub-legacy and grub-efi package
13:08 < BCMM> and you need to be using the second one if you want to work with gpt windows
13:08 < revel> Isn't grub-legacy GRUB 1.x?
13:08 < BCMM> revel: oh thanks, my mistake
13:08 < BCMM> grub-pc and grub-efi
13:08 < BCMM> revel: quite right, i muddled up "legacy boot" and "legacy grub"
13:08 < BCMM> it's grub-pc for grub 2 and legacy boot modes
13:09 < GodOfSea> grub-legacy-ec2 - Handles update-grub for ec2 instances
13:09 < GodOfSea> grub-pc - GRand Unified Bootloader, version 2 (PC/BIOS version)
13:09 < GodOfSea> grub-pc-bin - GRand Unified Bootloader, version 2 (PC/BIOS binaries)
13:09 < GodOfSea> grub-pc-dbg - GRand Unified Bootloader, version 2 (PC/BIOS debug files)
13:09 < GodOfSea> ubuntu has these
13:09 < BCMM> no grub-efi package?
13:10 < BCMM> what version of ubuntu is this? (lsb_release -a)
13:10 < GodOfSea> yes
13:11 < revel> Nice version :^)
13:11 < GodOfSea> 16.04
13:12 < GodOfSea> I mean there is grub-efi package
13:12 < BCMM> GodOfSea: there's something wrong with your apt, then...
13:12 < BCMM> https://packages.ubuntu.com/xenial/grub-efi
13:12 < GodOfSea> So ?
13:13 < BCMM> have you ever done an apt update (or equivalent)?
13:13 < BCMM> or is this a brand-new install that's never actually fetched a list of available updates?
13:13 < GodOfSea> I did sudo apt update
13:13 < BCMM> GodOfSea: and the lines you pasted above are results from apt-cache search grub?
13:14 < BCMM> or what?
13:14 < GodOfSea> so they are from apt-cache search grub-legacy
13:14 < revel> <GodOfSea> I mean there is grub-efi package
13:14 < BCMM> oh now i'm confused...
13:14 < BCMM> sorry i missed that line
13:15 < GodOfSea> <BCMM> grub will not be able to chainload windows, because windows requires the firmware to be booted in uefi mode
13:15 < BCMM> GodOfSea: you should install and set up grub-efi, so that you can boot grub in uefi mode
13:16 < BCMM> GodOfSea: grub will need to install itself to an efi support partition. it should fit inside the one Windows created
13:16 < GodOfSea> How do I do that ?
13:16 < GodOfSea> grub-install /dev/sda1 ?
13:18 < BCMM> it looks like ubuntu has a tool for this https://help.ubuntu.com/community/UEFI#Converting_Ubuntu_into_UEFI_or_Legacy_mode
13:18 < EriC^^> GodOfSea: just "grub-install" should do it
13:20 < GodOfSea> EriC^^: Installing for i386-pc platform.
13:20 < GodOfSea> grub-install.real: error: install device isn't specified
13:20 < oneko> *meow*
13:20 < EriC^^> GodOfSea: grub-pc is installed not grub-efi
13:20 < EriC^^> GodOfSea: what os is it?
13:20 < GodOfSea> Mint 18.03
13:21 < EriC^^> GodOfSea: can you pastebin your setup? sudo parted -ls | nc termbin.com 9999
13:22 < GodOfSea> http://termbin.com/6yqo
13:23 < revel> No ESP?
13:23 < EriC^^> GodOfSea: why do you want to convert to uefi?
13:23 < GodOfSea> I dont want to convert anything
13:23 < revel> I don't think Windows can boot on a combination of GPT + BIOS.
13:24 < EriC^^> GodOfSea: is windows installed or is that just a data partition?
13:24 < GodOfSea> I just want to  use Win10 alongside Linux
13:24 < EriC^^> GodOfSea: aha is it a fresh windows install?
13:25 < GodOfSea> I was installed before I deleted the recovery partition , my arch installation and EFI Boot partition
13:25 < EriC^^> aha
13:25 < EriC^^> GodOfSea: do you have a windows installation usb?
13:25 < GodOfSea> So that Efi partition, That damn Efi Partiton  , is where the problem started
13:26 < GodOfSea> yes , I have
13:26 < revel> Yes, you need an ESP if you want to boot with UEFI.
13:27 < EriC^^> GodOfSea: ok, first create an efi partition
13:27 < EriC^^> GodOfSea: type sudo cgdisk /dev/sda , delete the biosboot, create a partition with type "ef00" write changes and exit
13:28 < GodOfSea> Ok cool , I have 100MB free space available in the sector before sda1
13:30 < EriC^^> when you're done type "sudo partprobe && sudo parted -ls | nc termbin.com 9999"
13:31 < GodOfSea> Part. #     Size        Partition Type            Partition Name
13:31 < GodOfSea> ----------------------------------------------------------------
13:31 < GodOfSea>             1007.0 KiB  free space
13:31 < GodOfSea>    4        615.0 MiB   EFI System                ef00
13:31 < GodOfSea> So this is good ?
13:32 < EriC^^> yeah
13:32 < GodOfSea> http://termbin.com/xfoi
13:33 < EriC^^> GodOfSea: type "sudo mkfs.fat /dev/sda4"
13:33 < GodOfSea> done
13:34 < EriC^^> GodOfSea: type "sudo blkid /dev/sda4" and copy the UUID
13:34 < GodOfSea> got it
13:34 < EriC^^> then sudo nano /etc/fstab  and add the line "UUID=<uuid here>  /boot/efi       vfat    defaults      0       1
13:35 < EriC^^> nevermind the quote before UUID
13:35 < GodOfSea> use vim :)
13:36 < GodOfSea> http://termbin.com/g2rt
13:36 < GodOfSea> So I dont edit any of those ?
13:37 < EriC^^> no
13:38 < Purec> i tried to install linux with fde incl. bootloader. that was difficult
13:39 < EriC^^> why
13:39 < GodOfSea> EriC^^: http://termbin.com/xla5
13:39 < Purec> not sure, maybe i got the partition setup wrong
13:40 < EriC^^> GodOfSea: ok, type "sudo mkdir /boot/efi && sudo mount /boot/efi"
13:40 < Purec> some guides were saying format the /boot using ext4 fs but i thought fat32 is the best one
13:40 < EriC^^> Purec: if you want /boot encrypted you can put it in "/" without a separate partition and use a grub option so it works
13:40 < GodOfSea> EriC^^: in /etc/fstab the tab, whitespaces dont matter ?
13:41 < EriC^^> GodOfSea: nope
13:41 < Purec> so 1 partition in total, i dont plan on swap
13:41 < GodOfSea> EriC^^: should I delete my menuentry that I added in /etc/grub.d/40_custom ?
13:42 < EriC^^> Purec: GRUB_ENABLE_CRYPTODISK=y add that to /etc/default/grub and run update-grub / grub-mkconfig
13:43 < EriC^^> GodOfSea: yeah
13:44 < GodOfSea> <EriC^^> GodOfSea: ok, type "sudo mkdir /boot/efi && sudo mount /boot/efi" done
13:46 < EriC^^> GodOfSea: dpkg -l |grep "grub*" | nc termbin.com 9999
13:46 < EriC^^> GodOfSea: sorry, dpkg -l |grep grub | nc termbin.com 9999
13:47 < GodOfSea> http://termbin.com/stwx
13:48 < EriC^^> GodOfSea: sudo apt-get purge grub-pc-bin grub-pc
13:49 < GodOfSea> Ok now when I do  dpkg -l |grep grub  I see everything minus grub-pc*
13:51 < EriC^^> GodOfSea: ok, type "sudo grub-install --target=x86_64-efi"
13:52 < GodOfSea> Installing for x86_64-efi platform.
13:52 < GodOfSea> efibootmgr: EFI variables are not supported on this system.
13:52 < GodOfSea> efibootmgr: EFI variables are not supported on this system.
13:52 < GodOfSea> Installation finished. No error reported.
13:52 < BluesKaj> hiyas all
13:52 < GodOfSea> Cool
13:52 < EriC^^> GodOfSea: ok, that'll go away later when you're booted in uefi mode
13:53 < plexigras> how do i best restrict the files a command can modify
13:53 < EriC^^> GodOfSea: type "ls -lR /boot/efi | nc termbin.com 9999"
13:57 < GodOfSea> EriC^^: http://termbin.com/9pls5
14:00 < sauvin> plexigras, huh?
14:00 < BSODjunkie> Has anyone here used the windows ubuntu subsystem, I am confused about whether the files installed there are accessible via windows. For example if I pip installed a package
14:00 < plexigras> sauvin: what?
14:01 < Armand> Hey, sauvin.. you sexeh beast. o/
14:01 < sauvin> That was my question. What do you mean by "restrict", and what kind of command?
14:01 < sauvin> Armand, you're not supposed to let two thousand people know I'm not wearing anything. :P
14:01 < Armand> Sorry.... I guess I should turn off the webcam too, right ?
14:02 < Armand> ^_^
14:02 < EriC^^> GodOfSea: type "sudo mkdir -p/ boot/efi/efi/Microsoft/Boot /boot/efi/efi/Boot && sudo cp /boot/efi/efi/ubuntu/grubx64.efi /boot/efi/efi/boot/bootx64.efi"
14:02 < sauvin> :D
14:02 < EriC^^> GodOfSea: also sudo cp /boot/efi/efi/ubuntu/grubx64.efi /boot/efi/efi/Microsoft/Boot/bootmgfw.efi
14:02 < EriC^^> GodOfSea: sorry there's a typo in the first one
14:02 < EriC^^> GodOfSea: type "sudo mkdir -p /boot/efi/efi/Microsoft/Boot /boot/efi/efi/Boot && sudo cp /boot/efi/efi/ubuntu/grubx64.efi /boot/efi/efi/boot/bootx64.efi"
14:02 < GodOfSea> yup edited that
14:03 < GodOfSea> done
14:03 < EriC^^> GodOfSea: ok, type "sudo update-grub"
14:04 < GodOfSea> Well , it still doesnt show anything about Microsoft
14:04 < EriC^^> GodOfSea: try rebooting, if it works type "sudo grub-install" then you need to get your windows installation cd and reinstall its efi bootloader, then boot back into linux and set linux as the bootloader first in list (via sudo grub-install)
14:06 < GodOfSea> So you mean if it doesnt work , I have to reinstall its efi bootloader ? EriC^^
14:06 < plexigras> sauvin: any command for example `echo 'test' >> some_file`
14:07 < plexigras> i want to restrict where this some_file can be writen
14:07 < EriC^^> GodOfSea: no it should work now, you need to install windows though
14:07 < EriC^^> GodOfSea: http://www.dell.com/support/article/us/en/04/sln300987/how-to-repair-the-efi-bootloader-on-a-gpt-hdd-for-windows-7-8-81-and-10-on-your-dell-pc?lang=en
14:07 < sauvin> plexigras, *any* command, eh? You're looking at directory permissions.
14:07 < plexigras> yes how do i best do that
14:08 < EriC^^> GodOfSea: you might need to use "/f All" in the end of the last command
14:10 < GodOfSea> EriC^^: The last command ?
14:11 < EriC^^> bcdboot c:\Windows /l en-us /s <boot letter>: All
14:17 < sauvin> plexigras, the only thing I can think of just offhand is to create a user with restricted privileges and use that user for your restrictive commands.
14:17 < plexigras> there has to be a better way :/
14:22 < Zaplo> I have a Transcend 32GB USB 3.1 stick. It works on windows but on linux it only behaves well in USB 2 port, blue USB 3 ports make the stick overheat and system starts lagging very badly
14:22 < Zaplo> is this linux driver problem, or something that needs to be configured?
14:22 < Zaplo> using 4.17.0-rc6
14:24 < GodOfSea> Ok Cool EriC^^ : thanks , I am gonna reboot , I am Fa5tTurtle though
14:24 < sauvin> plexigras, why are you asking for this?
14:25 < sauvin> (maybe an alternative approach is possible)
14:25 < Fa5tTurtle> yeah,  I am GodOfSea Eric
14:25 < EriC^^> GodOfSea: ok, np
14:25 < Zaplo> It is this dongle https://www.transcend-info.com/Products/No-610
14:26 < Fa5tTurtle> EriC^^: windows is not in grub
14:28 < EriC^^> Fa5tTurtle: firstly, switch to uefi mode in the bios, boot linux, see if "sudo grub-install" works or complains about efi variables
14:28 < Fa5tTurtle> ok :)
14:28 < EriC^^> then use the windows installation cd to install windows' efi files, then boot linux, reinstall grub and update-grub and it will show
14:29 < EriC^^> you may need to use a live usb to boot windows depending on your bios if it allows you to select an uefi entry at boot up with some F key or so
14:29 < EriC^^> *live usb to boot linux (later after you reinstall windows efi)
14:30 < Fa5tTurtle> i dont have a cd,i booted win10 into a usb using woeusb software in ubuntu
14:31 < phinxy> if [[ $(whoami) != "linus" ]]; then echo test; fi
14:32 < phinxy> Why was it working but no anymore?
14:32 < phinxy> Can anyone spot anything wrong with that?
14:32 < Fa5tTurtle> EriC^^ in bios System Configuration Uefi boot order i can see Ubuntu and Windows boot manager, though ubuntu boot manager is at top,
14:33 < EriC^^> Fa5tTurtle: aha cool
14:33 < Fa5tTurtle> so I am gonna move windows on top and see if it works
14:33 < EriC^^> set uefi mode on, csm legacy off
14:33 < EriC^^> Fa5tTurtle: it won't
14:34 < EriC^^> Fa5tTurtle: the efi files it needed to boot are long gone
14:34 < phinxy> Is [[ the same manual as [/test?
14:34 < CappyT> I don't know if is the right place to ask, but i'm having a bad time with a vpn on linux
14:34 < Fa5tTurtle> i gotta search i do disable legacy then
14:34 < CappyT> can i ask here?
14:35 < rpgio> yes you can
14:35 < rpgio> you can always ask
14:35 < rpgio> whether someone has the answer is a different question
14:36 < EriC^^> Fa5tTurtle: if uefi is enabled then csm legacy would be disabled usually
14:36 < EriC^^> csm legacy is the compatibility mode for legacy bios
14:37 < Fa5tTurtle> aha found it
14:37 < Zaplo> if you change csm legacy i think it wipes out list of uefi installations
14:37 < Zaplo> or maybe it was some other option
14:37 < Fa5tTurtle> legacy support : changed it to disable
14:39 < UnknoWn44> hello
14:40 < CappyT> @rpgio ok then
14:40 < UnknoWn44> i am new to irc can you see my msg ? or ihave to do something? i feel noone sees it
14:41 < UnknoWn44> yo
14:41 < EriC^^> UnknoWn44: yeah we see it
14:41 < UnknoWn44> ok sorry for that
14:41 < EriC^^> np
14:42 < CappyT> As i said, i configured a openvpn server to circumvent a captive portal in my organization.. everything works, except the fact that i don't go over 30Mbps.. and it's a problem with openvpn, iperf shwos well more bandwith between the client and server
14:42 < CappyT> -so after pain, tears and blood, i gave up on openvpn
14:42 < CappyT> i need a faster TCP vpn protocol
14:42 < Fa5tTurtle> EriC^^ i did sudo grub-install,  no errors
14:42 < CappyT> which supports http proxy
14:43 < TheWild> hello
14:43 < YADW> Hey there! I don't know if this is the right place to ask, but I have some issues configuring a vnc connection over openssh tunneling
14:44 < EriC^^> Fa5tTurtle: ok, install the windows efi using the dell guide
14:44 < YADW> Basically, I use a dynamic DNS on port 4077 (the gateway then forwards to the right computer at port 22), and I'd like to set up a vnc connection via Remmina, which supports ssh tunneling. So, on the server machine, I start vnc on localhost, and when I try to connect from the client machine over ssh I get a confusing error message that tells me that the "ssh session failed to startup: success". Massive headache follows.
14:44 < Fa5tTurtle> Eric^^ the link again, i lost it,  i am using my phone for irc right now
14:45 < YADW> Obviously a regular ssh session works flawlessly, by the way
14:47 < phinxy> zomg.  The DEBUG trap which adds a color code between each command places them on $(command)'s as well..
14:49 < domhnall> YADW: what's the vnc localhost:<port> ?
14:49 < Fa5tTurtle> nvm EriC^^ found it,  saved it in github
14:49 < YADW> domhnall 5900, that's the default port for display:0
14:50 < plexigras> is there a way to have `wait` not remove the process from the `jobs` list?
14:50 < domhnall> YADW: oh, thought it was 5901
14:51 < YADW> domhnall yes, because usually vnc runs on display:1. Afaik the port number depends on which virtual display it runs on
14:53 < YADW> Anyway, I don't think that should matter much, since it goes through a ssh tunnel (therefore on port 22)
14:54 < spare> YADW: ssh -NL local:port:remote:port user@host.domain forwards remote port to the box your on then just tell it to connect to localhost rather than execute a ssh session
14:55 < Fa5tTurtle> EriC^^ when I do bootrec /FixBoot it says Access is denied
14:57 < YADW> spare thank you, but it seems a bit different from what I'm trying to achieve
15:00 < spare> if you setup an ssh tunnel with remmina thats literally all its doing but apperently doesnt work ;P you can do that manually and just tell it vnc is on localhost so its not trying to wrap ssh
15:00 < YADW> spare, oh, that's cool. Didn't think of it that way, I'm trying it in a sec.
15:01 < spare> if its on localhost every uid:gid on the system can get access to it if you havent setup a password on both boxes qemu still forces a timing attack doesnt allow booting with a passphrase only setting it once its up : /
15:02 < YADW> spare, connection gets refused :(
15:03 < Furai> What would be the best way to back up whole server with databases, let's call it production server (which is not, but let's call it here like this)? Something that would allow me to restore most of it having a clean installation of the same OS elsewhere. I guess with RSYNC. The topic is probably already well answered on the Internet but there are so many different answers and I wondered what would be your
15:03 < Furai> preferred backup stategy of choice.
15:03 < spare> can you ssh in regardless ? ssh -L localhost:5900:localhost:5900 user@box would still open a normal shell and silently fail forwarding unless you set ExitOnForwardFailure
15:05 < Fa5tTurtle> EriC^^:  I got windows to work from the bios boot manager 😀
15:05 < plexigras> how can i get the pid of the process that i waited for using `wait -n` ?
15:10 < dreamcat4> plexigras: sleep 30 & _PID="$!"; wait -n
15:10 < dreamcat4> where 'sleep 30' is the child process you spawned and are waiting to finish
15:10 < plexigras> i have more then one child process but only one wait -n
15:11 < dreamcat4> plexigras: well wait -n will wait for all of them. you can wait -n $PID & to make seperate wait tasks for each PID you can do each one seperately then
15:12 < plexigras> dreamcat4: no it does not it only waits fr the first one
15:12 < dreamcat4> ok here is an example to show you what i mean;
15:13 < dreamcat4> sleep 100 & _PID1="$!"; wait -n $_PID1 & sleep 200 & _PID2="$!"; wait -n $_PID2 &
15:14 < dreamcat4> the 1st wait cmd should wait for PID1 to finish. then the 2nd wait cmd should wait for PID2 to finish. then you know which wait is waiting for what
15:14 < plexigras> try only one wait -n at the end and you will se that the script will exit after the first child process ends
15:14 < dreamcat4> well i didn't say you should be doing that
15:15 < dreamcat4> then you need a loop afterwards (with a check). to stop your main process exiting immediately
15:15 < plexigras> thats not what i want and i don't know how many times i should tell you that
15:18 < dreamcat4> ok plexigras i see the mistake. i think you need to put each wait into its own sub-shell with ( )
15:18 < dreamcat4> for eample: (sleep 100 & _PID1="$!"; wait -n $_PID1) &
15:18 < dreamcat4> then (sleep 200 & _PID2="$!"; wait -n $_PID2) &
15:18 < dreamcat4> is possible
15:19 < kuri0> how do i build a kernel deb package without rebuilding everything ?
15:19 < kuri0> make -j8 bindeb-pkg LOCALVERSION=-custom recompiles everything
15:20 < dreamcat4> plexigras: for any further help with the wait builtin function, ask on ##bash channel
15:20 < dreamcat4> because it is part of the interpreter
15:48 < V7> Hey all
15:48 < V7> Clean OS with xorg-server, xorg, xorg-twm, xorg-xinit and xterm
15:48 < V7> When I'm executing startx it shows a black screen with "input" cursor, but when I'm changing tty from tty1 to tty2 and back it shows a desktop
15:49 < jim> V7, what does an input cursor look like?
15:50 < V7> jim: Like this https://i.imgur.com/OIO07Tk.png
15:51 < jim> oh, like a textual insertion pooint
15:51 < V7> So, if I'd start xorg and then change tty from 1 to 2 and back to 1 then it shows a dekstop
15:51 < V7> It's strange
15:51 < V7> How to force xorg to stay on tty1 ?
15:52 < jim> I think you can feed startx with which vc
15:53 < V7> jim: So, I'm already at tty1
15:53 < V7> It just doesn't show desktop before changing from 1 to 2 and 1
15:55 < jim> The startx script is a front end to xinit(1) that provides a somewhat nicer user interface for running a single session of the X Window System.  It is often run with no arguments.
16:00 < Li> I left a laptop on and came back found it off!! tried cat /var/log/syslog and syslog1 both files shows only logs starting from the new booting time.
16:00 < Li> how to view previous logs syslog.2.gz
16:00 < hexnewbie> Li: Battery drained?
16:00 < jim> maybe it sensed battery low?
16:00 < Li> hexnewbie: nope it would plugged into the mains
16:00 < Li> it was*
16:01 < jim> what happens when you hit a key on its keyboard? (shift would do it)
16:02 < hexnewbie> Overheating, closing the lid (causing suspend with no resume), not fully inserting the mains plug or the power supply connector - those are the more common causes a powered laptop can power down.
16:02 < hexnewbie> There's also suspend after a period of inactivity, which can also be one way trip if your suspend is broken
16:04 < hexnewbie> There's also a rogue party writing 'o' to /proc/sysrq-trigger (I guess the cat accidentally pressing the key combination is out of question, but I wouldn't necessarily rule out a human doing it)
16:09 < Li> hexnewbie: the question is how to use logs to find out what happend?
16:10 < Li> Konwing all thoes multiple possiblities, how to determine which one was the case!
16:10 < hexnewbie> sysrq is not logged at all, which is the main reason I suggested it as an explanation for seeing nothing in the logs. Hardware-triggered shutdown due to overheating would also not be in the logs.
16:10 < jim> Li, one thing you might do is look for an option to make the logs be verbose
16:10 < V7> jim: So, any thoughts ?
16:11 < hexnewbie> Suspend will be logged, albeit indirectly (I believe), as in you may get some weird messages in /var/log/kern.log unrelated directly to the suspend itself, but ones that only appear during suspend.
16:11 < jim> well it does sound like it's using vt1, but for some reason it doesn't do anything till you switch away for a moment
16:12 < jim> dunno why that would be
16:13 < jim> V7, and you're right, this does seem strange
16:13 < jim> back in a bit
16:19 < Li> hexnewbie: both syslog and kern.log and starting from the new starting time which 13:42:06
16:19 < Li> no previous logs exist
16:20 < triceratux> http://www.linuxandubuntu.com/home/microsofts-new-operating-system-based-on-linux
16:21 < wizzi> Hi, when i block someone with iptables thats mean he can't connect ?
16:23 < hexnewbie> wizzi: It depends on the meaning of ’block’ and ‘someone’. Dropping or rejecting NEW packets arriving from an IP means they can't connect, unless you accepted them in an earlier rule or they change their IP.
16:26 < hexnewbie> wizzi: (It's generally impossible to block a specific someone.)
16:30 < wizzi> hexnewbie, so how can i kick or block someone from my network ?
16:31 < wizzi> is there tools or .. ?
16:31 < hexnewbie> wizzi: From your network? What does that mean?
16:33 < pingfloyd> the way you block "someone" is lock, disable, or remove their account
16:33 < pingfloyd> blocking someone has nothing to do with iptables
16:40 < wizzi> hexnewbie, that's mean he's connecting on my wifi
16:42 < jim> wizzi, change your security somehow
16:42 < hexnewbie> wizzi: Don't run an open WiFi, or one with weak security (e.g. WEP is weak). Even if you blocked someone off the WiFi by some criteria, if your WiFi is unsecured, they'd still be able to listen in to everything you do over the WiFi
16:43 < MikeFromIT> You could try blacklisting their MAC address wizzi
16:43 < kurahaupo> wizzi: alternatively, allow them to connect, but confine them to a VLAN that doesn't let them do much/anything
16:43 < wizzi> hexnewbie, jim, i know that ...but if he always break your security what should you do ?
16:44 < wizzi> MikeFromIT, exactly !
16:44 < jim> I've heard of randomizing the mac addr
16:44 < wizzi> kurahaupo, how can i do that ?
16:45 < MikeFromIT> It's pretty hard for someone to break WPA2. Turn WPS off as that is slightly easier to bruteforce and change your SSID and password
16:45 < kurahaupo> wizzi: log into your wifi and configure it there. How depends on what model of wifi you have
16:45 < hexnewbie> wizzi: 1) Turn on WPA-2. 2) Use a secure  passphrase, emphasis on phrase, with high entropy. 3) Report the attacker to the police. 4) If they exploit a known vulnerability in your WiFi access point, replace with one that doesn't have it.
16:46 < wizzi> MikeFromIT, did you hear about "androdumper" ?
16:46 < jim> wizzi, does anyone in your house use the wireless too?
16:46 < wizzi> jim, yes
16:46 < jim> then you should go slow
16:47 < MikeFromIT> Looks pretty similar to any other tool used to exploit WPS
16:48 < wizzi> hexnewbie, this is not a solution ..i need to block them
16:48 < jim> wizzi, make sure everyone you want using the wireless can do wpa2, once you're sure, switch to wpa2
16:48 < Xiretza> uhhh, shouldn't `make defconfig` be the same as calling `make olddefconfig` with an empty .config? because it isn't, I have no idea which defaults olddefconfig uses, but they're not from the ARCH.
16:48 < BCMM> i'm all for keeping old hardware running, but stuff that doesn't do wpa2 is silly
16:49 < hexnewbie> wizzi: That's *the* solution. Blocking will not work.
16:49 < Xiretza> what I want is something that fills all the unspecified fields with the ARCH supplied defaults.
16:50 < jim> BCMM, I dunno if there's old hardware (or software) involved, but probably wizzi is more interested in keeping things working for everyone in his house
16:51 < jim> maybe there's not and it's fine... but he should make sure
16:52 < ggVGc> sounds like it'd be enough to turn off WPS for now
16:52 < ggVGc> WPS is useless anyway
16:52 < ggVGc> should be an option in the router settings
16:53 < wizzi> jim, hexnewbie,i tried iptables but didn't work
16:54 < jim> wizzi, is everyone you want using the wireless home right now?
16:54 < hexnewbie> wizzi: Neither would any blacklist, as they would be ineffective as they aren't a replacement for genuine wireless security.
16:55 < hexnewbie> wizzi: A whitelist may work, partially, as it would prevent the party from connecting until they discover they can use your MAC address. They would still be able to sniff your entire network traffic.
16:56 < pikaro> I'm currently with ramnode for my vps and would like to switch to kvm. their plans are fairly expensive, though, almost double from what other providers offer ($12/mo for 2G Ram / 25G NVMe). however, I've had good experiences with their service and uptime. is it worth switching to a cheaper provider? recommendations for a reliable one?
16:56 < tsaka__> I remember reading about native kernel support for limiting battery charge. Anyone know which version that is or have any links?
16:56 < pikaro> i know it's a bit OT, but I don't know any relevant channels
16:58 < searedvandal> pikaro, the provider I've been most happy with is Digital Ocean.
16:59 < oerheks> "native kernel support for limiting battery charge."  never heard of that, and sounds a private project??
17:00 < jim> pikaro, there is a bot, alis, that can assist you in finding channels on the freenode irc net. To get started, /msg alis help
17:00 < pikaro> searedvandal, they're a bit more expensive than ramnode if I'm looking at the correct list.
17:00 < pikaro> jim, cool, thanks!
17:00 < oneko> That sounds interesting, jim
17:01 < tsaka__> oerheks: no a lot of battery drivers support it, eg thinkpads
17:03 < searedvandal> tsaka__, for thinkpads I think it should be enough to enable the tp_smapi module
17:05 < jim> oneko, give it a shot... you never know what you'll find
17:06 < kazdax> how can i checkl the logs to find out why my linuix which is a redhat...shuts down after a while on its own ?
17:07 < searedvandal> tsaka__, and as far as I can see thinkpads are the only ones that can set the battery charge thresholds
17:07 < tsaka__> okay thanks
17:07 < searedvandal> tsaka__, http://www.thinkwiki.org/wiki/Tp_smapi#Battery_charge_control_features
17:10 < wizzi> sorry i'm back, hexnewbie how can that be ? is there a tool to do that or from router ?
17:11 < tsaka__> searedvandal: That's for old laptops only. I do remember reading about newer support coming in the kernel but struggle to find links
17:11 < hexnewbie> wizzi: To do what?
17:14 < wizzi> hexnewbie, "A whitelist may work"
17:15 < hexnewbie> wizzi: Whitelists and blacklists are, or at least were, a standard feature of routers. Given that it's pretty pointless from a security perspective, modern routers may lack it for your own protection, I don't know (haven't really used a web UI for those for quite some time)
17:17 < searedvandal> tsaka__, I see. well, if there is something in the pipeline, the linux-pm mailing list archive could be a place to dig
17:17 < hexnewbie> ‘May work’ means that if the person breaking into your WiFi doesn't know what they are doing, it may prevent them from using the internet. Maybe.  But it's equivalent of checking the brand of shoes before letting people in, instead of a proper door lock.
17:21 < wizzi> hexnewbie, thank you :)
17:22 < pingfloyd> you mean whitelisting by mac address?
17:23 < hexnewbie> pingfloyd: Yeah.
17:24 < pingfloyd> I wouldn't say it's useless for security.  Attacker how to figure out a mac address that's whitelisted.
17:25 < pingfloyd> I remember one day I found a rogue device on this pos router.  I turned on access control and whitelisted my devices' mac address and it's never been back.
17:25 < pingfloyd> was the only saving grace of that pos router
17:25 < hexnewbie> Yeah, so it may work and keep them out with no internet. But they can still sniff you - either to get the macs, then use your mac; or to snoop on you. Breaking the security (something they have already done) is harder than finding out a mac.
17:25 < pingfloyd> also many routers you can't turn off WPS completely
17:26 < hexnewbie> My first ever router was secured by a MAC whitelist.
17:26 < pingfloyd> hexnewbie: they have to be on the network first to sniff
17:27 < pingfloyd> wired connection isn't a concern since that is secured by limit of physical access
17:27 < pingfloyd> so they're not going to be able to get on the wired network to sniff out traffic.
17:27 < hexnewbie> pingfloyd: You mean, the MAC whitelist may prevent them from using the WPS exploits (I'm not familiar with those per se)?
17:28 < pingfloyd> the whitelist is more of a workaround
17:28 < pingfloyd> like maybe they can get through WPS, but they're not going to get on unless they know one of the whitelisted mac addresses.
17:29 < pingfloyd> so while wps in that case, is easily bypassed, they still have to get past the whitelist in addition
17:29 < pingfloyd> a lot of routers will have setting for disabling wps, but they don't really disable it.
17:30 < pingfloyd> WPS really never should have been to begin with
17:30 < pingfloyd> it's whole concept is flawed
17:30 < bls> but we have to cater to laypeople/grandmas!
17:30 < pingfloyd> bls: and make them even easier marks
17:30 < pingfloyd> than they are already
17:31 < hexnewbie> Aren't the MACs visible in simple monitor mode?
17:33 < pingfloyd> maybe
17:35 < oneko> What's that sed one liner I can use to recursively replace all occurrences of a certain word with another word ?
17:37 < revel> That's just regular sed with the global flag (g)
17:37 < EriC^^> oneko: sed -e 's/word/anotherword/g'
17:38 < oneko> Thanks, revel ;-)
17:38 < hexnewbie> find /root/of/replacement -type f -exec grep 'certain word' {} \; -exec sed 's/certain word/another word/g ' {} + | grep 'another word'
17:38 < hexnewbie> oneko: Run that. If you're happy with the output, re-run the same with ‘sed -i.bak’ instead of ‘sed’
17:38 < bls> and you can drop the greps
17:40 < hexnewbie> oneko: Review the changes with: find /root/of/replacement -type f -name '*.bak' -exec bash -c 'diff -u "${1%.bak}" "$1"' xx {} \;
17:41 < hexnewbie> oneko: if you're happy with the result, you can delete the .bak files
17:41 < oneko> wow
17:42 < oneko> Okay, let me see
17:42 < bls> and thank you for using the arg to -i
17:42 < pingfloyd> hexnewbie: looks like there's ways
17:47 < oneko> hexnewbie: On what shell should I be running that because apparently I am missing an argument to -exec
17:47 < oneko> find: missing argument to `-exec'
17:48 < bls> did you hand type the command string?
17:50 < oneko> I typed hand typed this into bash  `find . -type f -exec grep 'azclient' {} \; -exec sed 's/word1/word2/g' {}`
17:51 < hexnewbie> oneko: The -exec needs to be terminated with either ';' (escaped or quoted) or + (the two have different meaning - plus would append more arguments to the same command) - you can't omit the plus
17:52 < hexnewbie> You could use \; instead of + if the difference confuses you, though (not the other way round)
17:53 < bls> and you really only need the exec with the sed
17:53 < hexnewbie> Is that guaranteed to not touch the files lacking the word?
17:54 < oneko> Okay, thanks a lot, hexnewbie
17:54 < oneko> On taking a good look I think I don't want to replace all the references :-P
17:54 < bls> if sed changes anything it wasn't told to, it's utterly and fundamentally broken
17:59 < hexnewbie> bls: I don't mean change, but touching the mtimes and souch
17:59 < DevilChaos> Hi all I'm trying to set up piratebox for a project the box is based on arch Linux has any of you set one of these box's up before ? I have mine working through the rasp pi but I can only access it through my laptop and browser I can from android or iOS I can connect to it through the WiFi hotspot though but not the browsers any help would be appreciated?
18:00 < DevilChaos> *can't through android and ios
18:01 < electrosys> in mutt how do you display emails from only a specific sender? filter on sender.
18:01 < pingfloyd> DevilChaos: what?
18:02 < bls> electrosys: pretty sure the search string is: ~s sender
18:02 < bls> but all those shorthands are well documented
18:03 < bls> hexnewbie: that'd require a look, but I doubt it would
18:03 < electrosys> bls: understood, but you have to press n to go to the next e-mail anway to change the view so only emails from a specific sender are displayed?
18:04 < pikaro> so I borked a debian by ripping out systemd. now I'm getting all kinds of weird permission errors - like, access to /etc/resolv.conf is denied or sudo can't read /etc/sudoers. however, about 90% of the system still run perfectly fine, there's no absolutely catastrophic failure, and for some applications it's only intermittent. I only removed systemd, systemd-sysvinit and libpam-systemd - I suspect it's the latter? could be a nice
18:04 < pikaro> learning opportunity to understand what's going on.
18:04 < bls> sorry, I don't understand what you're asking
18:04 < DevilChaos> Pingfloyd: I'm setting up piratebox for a project. Its an offline network sharing box for files chat and forum
18:05 < electrosys> pikaro: systemd is pretty monolithic so there are probably some tasks you need to handle on your own now.
18:05 < bls> electrosys: if you're wanting to restrict the view of messages to just the sender you searched for, you'll likely need to add something like notmuch onto mutt
18:05 < electrosys> apparently systemd does a lot more than systemv init did. theres a huge argument about systemd and its monolithic approach.
18:05 < pikaro> electrosys, I installed sysvinit of course, so that part should be there
18:06 < bls> pikaro: a decent amount of the system is now set up on the assumption that systemd will be there as the only thing accessing/controlling those files and/or networking config
18:06 < electrosys> bls: ok, thanks, ive heard of not much, and you need a little e-mail client stack, offlineimap, mutt, notmuch, msmtp.
18:07 < pikaro> bls, but in the strace I can see ping tries to directly fopen /etc/resolv.conf, for example
18:07 < electrosys> pikaro: no, see systemd handles a lot more of the administrative taks than systemv does. you see, thats what im saying about monolithic approach.
18:07 < bls> my setup used to be fetchmail + procmail + mutt + notmuch + msmtp
18:08 < pingfloyd> pikaro: since systemd has its tentacles deep into userland, it's not really that trivial to remove
18:08 < pikaro> and even if resolv.conf is 777: open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
18:08 < bls> ping isn't directly opening resolv.conf, glibc is
18:08 < pingfloyd> pikaro: sysv init on the other, was trivial to replace (other than you may need some new startup scripts).
18:08 < electrosys> pikaro: systemd as far as I can tell is like a windows program, it does everything for you. thats what the argument is about, it goes against the UNIX philosophy, which is to create many little programs that work together.
18:08 < pingfloyd> electrosys: it's totally windows philosophy
18:09 < bls> pikaro: do you have selinux or another MAC system or ACLs on the file?
18:09 < pikaro> electrosys, I know about the argument, but I want to understand what's going on on the technical level
18:09 < pingfloyd> electrosys: that whole "one program to rule them all" mentality
18:09 < bls> yes, the "I'm in program X and I need to do Y, so even though it has nothing to do with program X
18:09 < storge> cathedral wants to destroy the bazaar
18:09 < bls> 's problem domain, let's add it in anyway"
18:10  * triceratux got systemd to disappear by booting mx-linux 17.1
18:10 < electrosys> pingflyd: well, its really where your comming from as far as technical background. though it wouldn't be hard for you to write a script for your friend who is less inclined in the Unix Operating Environment than you are.
18:10 < pikaro> selinux is not installed
18:10 < pingfloyd> pikaro: this is why devuan exists
18:10 < pingfloyd> pikaro: because while you can simple remove systemd from debian, it turns out that some programs will break and those need to be addressed.
18:11 < electrosys> without-systemd.org
18:11 < bls> because due to network manager and/or the systemd networking thing, it's common to set ACLs on resolv.conf so they'll stop trashing it
18:11 < pikaro> electrosys, that's where I got the borking instructions from. DON'T follow them if your system isn't already shot, which mine was
18:11 < electrosys> im not messing around with systemd right now.
18:12 < electrosys> I'm trying to do all my daily tasks in the framebuffer. so I can live like a human being again.
18:12 < pingfloyd> pikaro: that method isn't very complete
18:12 < storge> some of those directions at without-systemd need to be updated as times change. same with any advice you find
18:12 < electrosys> no mouse.
18:12 < pikaro> pingfloyd, this isn't programs breaking - opening a file doesn't work when the permissions say the opposite. that's something very fundamental
18:12 < bls> in a cave with your hair shirt, oil lamps, and frame buffer? hehe
18:12 < storge> hair shirt
18:12 < pingfloyd> pikaro: that's programs breaking
18:13 < pikaro> mind that I can actually edit it as root, but ping can't access it if root executes ping
18:13 < bls> the basic access permissions might not be the only ones at play here
18:13 < electrosys> the effort is rewarding, cause its all pretty simple, it seems now a days driver support is so good, you don't have to fight around too much. Just learn the Unix Operating Environment.
18:13 < pingfloyd> pikaro: yes, this is what happens when you build the dist around systemd
18:13 < bls> I can "just learn the unix operating environment" in a fully graphical environment as well
18:14 < pingfloyd> pikaro: you take a way systemd, and it leaves programs, that assume its going to be installed, not working correctly.
18:14 < electrosys> pikaro: are you on vanilla debian?
18:14 < pingfloyd> I think the access issue is more of a symptom of the problem
18:15 < storge> pingfloyd: such programs are against reason and God
18:15 < pikaro> electrosys, pretty much yes, openvz kernel though - which is why the system was shot the moment systemd got on there
18:15 < bls> that or some of the other mechanisms that systemd has taken control of (cgroups first spring to mind) might be coming into play now that there's nothing else managing them
18:15  * storge wgets 4.17.2
18:17 < electrosys> devuan.org
18:18 < electrosys> dev one?
18:18 < electrosys> pikaro: have you hard of dev one?
18:18  * storge shrugs
18:18 < pikaro> bls, cgmanager was actually running, that might be it
18:18 < pikaro> stopping it wasn't enough but I never looked into cgroups before
18:19 < electrosys> pikaro: i understand you want to learn it on your own, maybe they have forums and you can pick their. they seem to be the experts on what your doing?
18:19 < bls> cgroups was an example, shouldn't be the reason ACLs are getting added to the file
18:19 < pingfloyd> having no mouse isn't going to make you more proficient
18:19 < electrosys> pingfloyd: im forced to configure more on my own.
18:20 < pingfloyd> it's just putting an artificial constraint on your workflow
18:20 < oiaohm> pikaro: https://github.com/ConsoleKit2/ConsoleKit2/issues/98  if you have cgmanager running it has not been maintained for quite a while now and it known to make systems behave strange.
18:20 < electrosys> you can't have your hand in three places at once.
18:20 < storge> he who has no mouse presses tab muchly
18:20 < electrosys> argument is over.
18:20 < pingfloyd> e.g., if you wanted to get better at bash.  Open a Terminal emulator and work in bash.
18:20 < bls> "I would be lazy otherwise, so I'll live like a luddite"
18:20 < electrosys> hands i should say.
18:20 < pingfloyd> isn't going to matter if you're running bash at the console or in a terminal emulator
18:20 < oiaohm> pikaro: while systemd was loaded it most likely locked cgmanager out from causing hell.
18:21 < electrosys> pingfloyd: it matters a lot becuase i play movies different, i play audio differently. I figured out how to download and trash my e-mails but i still can't completly manage them.
18:21 < pingfloyd> other that in the terminal, it makes the workflow more manageable use all the other programs (e.g., having a good window management)>
18:21 < mguy> Would it be a dumb idea to use the exact same ssh key on all 3 of my computers to access my server?
18:21 < electrosys> it requires more of a concious effort, and im not bombarded by as much information that I didn't ask for
18:21 < bls> mguy: yes
18:22 < electrosys> its like bying a lego kit, or buying it pre built for you.
18:22 < electrosys> ... already glued together.
18:22 < bls> I can tailor exactly such an environment, but mine has true type font supports, a modern web browser, tiling or floating windows, multiple desktops
18:22 < storge> it's like an old oak table, that you spill milk on, but can't clean because you don't have arms.
18:23 < pikaro> well it can't have been ACLs in the way I'm finding on google, the fs isn't mounted with the option and I dont have getfacl/setfacl
18:23 < bls> mguy: imagine someone steals one of your computers. either they now have access to your server, or you have to lock yourself out and create new keys on your 2 remaining computers
18:23 < electrosys> mguy: you have to be very proactive with security, if it sounds dumb it probably is.
18:24 < mguy> bls: makes sense
18:24 < storge> if you cut corners, you invite compromise
18:24 < storge> (in security)
18:24 < electrosys> security or convience, you can't exactly have both.
18:25 < electrosys> but you can script your conviences yourself.
18:25 < storge> soon we'll turn it all over to alexa and we'll be safe
18:25 < mguy> Plus I guess you're not saving any time copying a key to a bunch of machines instead of just copying each key to the server
18:25 < pingfloyd> I think the lego analogy is a bit off.  I know what you're saying, but there's more to it than that.  You've got to consider what unix was when it was new.  It made computing a lot easier compared to anything of the time.
18:25 < electrosys> pingfloyd: i don't think that has changed much.
18:25 < pingfloyd> because of its tenet of "gluing programs together".
18:26 < bls> mguy: you can also just drop `ssh-keygen ... && ssh-copy-id` in a script to automate the process
18:26 < pingfloyd> we've come a long way since them and it's evolved into what we have in our environment today
18:26 < pingfloyd> because of those early days and that tenet
18:26 < electrosys> unix is like having your own garden, you know what your eating.
18:26 < pingfloyd> not really
18:26 < bls> things have changed though, we can now address individual pixels, we don't *have* to live in a 80x24 ASCII only world anymore
18:26 < pingfloyd> AT&T was proprietary
18:27 < pingfloyd> the whole system v line
18:27 < electrosys> i see what your saying.
18:27 < pingfloyd> hence why you ended up with a rewriting of BSD and also why GNU was born.
18:27 < storge> gnu not unix
18:28 < electrosys> is ubntu mostly gnu?
18:28 < pingfloyd> it has the gnu userland yeah
18:28 < morf> probably
18:29 < bls> depends on how you measure it
18:29 < morf> or i mean mostly
18:29 < pingfloyd> It's definitely not anything close to gnu's definition of free software though.
18:29 < bls> it'll be some parts GNU, some MIT, some Apache, some BSD
18:29 < electrosys> how does the unix philosophy live on in something thats called "not unix"?
18:30 < storge> iamgination
18:30 < pingfloyd> electrosys: the "not unix" is a play on words
18:30 < pingfloyd> electrosys: gnu is a unix-like without a doubt
18:30 < pingfloyd> it's "not unix" in that it's not closed and proprietary like Unix
18:30 < bls> it doesn't strictly speaking. GNU has no qualms about adding features from other programs to one of their programs
18:31 < electrosys> obviously gnu believes in unix if it imitated it how will the little kiddies know what that philosphy is?
18:31 < bls> what used to be a pipe to another program for a specific purpose becomes an argument to a semi-related GNU one
18:32 < pingfloyd> what's funny is unix before the invention of the pipe (something AT&T developed at a certain point)
18:32 < pingfloyd> you could still have the same functionality, it's just you had to create lots of temporary files before pipes
18:34 < akd> I want to run a cron
18:34 < akd> but not as root
18:34 < akd> do I only need to edit the user just before the command in cron file ?
18:34 < storge> uh
18:35 < storge> what?
18:35 < electrosys> chrontab -e?
18:35 < storge> crontab -e   ...no h
18:35 < fooman2011> Hello. I have keyboard troubles with a program when I run it through ssh. It works perfectly when it is launched directly on the machine tty, but some keyboard problems (due to SDL bug) occurs when I launch it throught ssh. Is there any way to launch this program throught ssh as if it was launched directly from the machine ?
18:36 < pingfloyd> imagine if AT&T had released UNIX with a free software license
18:36 < pingfloyd> gnu wouldn't exist
18:36 < bls> or plan9
18:36 < bls> ah, that was later
18:36 < electrosys> i still need to figure out how to copy links from elinks to irc.
18:36 < pingfloyd> and linux probably would have died off since there was no userland for gnu to provide in its earlier days.
18:36 < akd> what?
18:36 < bls> copy-paste them with your mouse
18:37 < electrosys> I dont have mouse support in my frame buffer.
18:37 < bls> also, note that elinks doesn't do TLS cert validation
18:37 < compdoc> so we are the victims of fate?
18:38 < electrosys> bls: k, im not set on it. or anything, there isn't a lot of web browsers that run in the framebuffer though it seems.
18:38 < electrosys> bls: is there a text based browser that has more security features?
18:38 < pingfloyd> compdoc: more like benefactors is what I'm thinking
18:39 < pingfloyd> compdoc: like, maybe AT&T UNIX being proprietary is a blessing in disguise and what ultimately kept unix (including unix-likes) alive all these years.
18:39 < pingfloyd> compdoc: i.e., the restrictions were the catalysts for the innovation
18:40 < bls> not sure. all the text based browsers are near abandonware as far as I know. I just stick with lynx when I'm in my "trying to trudge my way through working via ssh with a BT keyboard, an iPad, and ssh"
18:40 < pingfloyd> for example BSD requiring a complete code rewrite.
18:40 < pingfloyd> GNU and/or linux ever existing
18:41 < pingfloyd> as far as outside of X web browser, seems like links2 is about the best one
18:41 < apro> hi can i partition only a raw disk?
18:42 < bls> apro: you'll need to rephrase that because it doesn't make sense as you've asked it
18:42 < bls> i.e. what's "only a raw disk"?
18:42 < apro> bls: let me brief the question
18:42 < pingfloyd> I used the text-based browsers a lot in my earlier days of linux in order to figure out how to get X working
18:43 < apro> so i had 100G of new volume added to the instance; so i created fdisk and created a partition and mounted the filesystem to a new directory. in this case i used only 50% of the size
18:43 < apro> now can i reuse the remaining space left in that disk?
18:43 < bls> I use them to quick open URLs I know aren't going to be JS heavy when I'm sshed into a server, but that's about it. they're pretty miserable to use for near everything else
18:44 < electrosys> lynx looks nice. its a lot slower but probably implements for security stuff like your were saying.
18:44 < electrosys> bls: i like have all the text the same size
18:44 < bls> what instance? created fdisk? and yes, you can run a partitioning tool again and allocate from the free space
18:45 < bls> I don't and don't understand this fetish with fixed size characters
18:45 < electrosys> bls: its easier to read.
18:46 < baiguai> theyre sexy
18:46 < bls> then why don't we print books in fixed size fonts?
18:46 < apro> bls: aws ec2 instance.. i ran the command fdisk to create a partition.. the first time i ran the fdisk command, i gave the first sector as 1 and last sector as 109713152
18:46 < apro> bls: so when i run the fdisk for the second time to create a new partition, should i use first sector as 109713152??
18:47 < bls> I couldn't tell you the exact sequence of key presses, but fdisk should be able to create a partition in the free space without you have to do block/cylinder/head/sector offset calculations
18:49 < electrosys> books are printed on white paper generally.
18:50 < electrosys> obviously formatting is needed. but i just see the framebruffer as a way to filter out all the noise from advertising and everything else that you dont ask for.
18:50 < electrosys> you have the informat you want at hand, nothing more nothing less, just requires some time to get it to work exactly the way you want.
18:50 < bls> I do that to, but by attacking the noise and distractions, not the GUI
18:51 < electrosys> bls: point well taken.
18:51 < electrosys> i went through some trama last year, mabye thats part of it, its helping me.
18:51 < electrosys> its helping me focus.
18:52 < electrosys> but i hacked around a lot in dos, before win95, win 95 was really the bain of my computer enjoyment.
18:52 < bls> if it allows you to hone your workflow, then more power to you; there are just some things you'll sacrifice that might not be worth it
18:52 < electrosys> it remindes me of those days, just 1000x better.
18:54 < electrosys> and games were always important to me 3d graphics always facinated me, so games were more accessable to me on windows.
18:54 < electrosys> maybe it was win 98, cause i think win 95 was still dos.
18:54 < bls> I've found I can get the same level with no DE, a tiling window manager, and a full screen xterm. allows me to use a text editor with proportional fonts, use a mouse to copy-paste from a PDF or JS heavy website when needed
18:55 < Sitri> electrosys: 98 and ME were still DOS-based
18:55 < Sitri> NT, 2000 and XP were all NT-based
18:55 < electrosys> i dont remember the shell support in 98 being as good? cause i dont think you were able to get to true dos in win98
18:55 < mguy> I think I used ME for about 2 hours total
18:55 < electrosys> ME was horrible.
18:56 < electrosys> it was on my moms machine, but i think it was able to run on shitty machines.
18:56 < mguy> I want to say Windows 2000 was out by then so I was already on that
18:57 < bls> I never really saw a difference between 95, 98, and ME. 2k was where I first noticed some improvements in the underlying OS
18:57 < pingfloyd> 2000 was around the same time, yes
18:57 < mguy> bls: like not crashing every few hours?
18:57 < bls> not just that, but the way a machine was programmed and/or managed
18:58 < pingfloyd> 2000 was a continuation from NT 4
18:58 < thrower> hi all
18:58 < electrosys> i think 98, was some twisted version of nt
18:58 < electrosys> it was like a migration path from dos to nt
18:59 < mguy> NT4 was great but buying enough RAM to run it and then buying supported sound, video, etc cards really added up
18:59 < electrosys> 98 was a big turn, and 10 now.
18:59 < mguy> Linux didn't like the winmodems and integrated graphics and sound cards of those days
19:00 < electrosys> thats why they were called winmodems, they really were winmodems, unhackable.
19:00 < electrosys> they must have made windows calls from the hardware or something.
19:00 < mguy> even winprinters bleh
19:00 < bls> it wasn't that linux didn't like them, it was that there were neither drivers nor hardware specs available to the community to support them
19:00 < electrosys> i was fortunate enough to be told to buy a usr.
19:01 < mguy> We got a T1 so I was able to salvage all the external modems from our old RocketPort modem bank
19:02 < electrosys> i had a 286/386 with renegade a single line and a good modem, i didn't play around with much else when i was a teenager.
19:03 < electrosys> i remeber downloading truespace 3d off of a bbs and thinking i was the shit for being able to do 3d on my little computer.
19:03 < mguy> There was another 3D program back then for DOS but I could never figure it out
19:03 < mguy> povray!
19:03 < pingfloyd> back when there weren't any good 3D modelling programs except 3dsmax and it was an arm and a leg
19:04 < mguy> pingfloyd: That's why you would drool over an SGI
19:04 < electrosys> i heard of povray, i think that was command line right?
19:04 < electrosys> wasn't that just a ray tracer?
19:05 < apro> what is the difference between using fdisk and lvm?
19:05 < mguy> yea I think you had to provide your own models
19:05 < mguy> apro: different layers of disk systems there
19:05 < apro> mguy: could you tell me more
19:06 < akd> sudo: unable to execute /root/paas/scripts/bin/backup: Permission denied
19:06 < akd> I've checked and the user is owning the script and execute permissons
19:07 < akd> what am I missing?
19:08 < mguy> apro: fdisk makes partitions on a disk...LVM can do many things like combining them, take snapshots...
19:08 < Toadisattva> my network manager shows me as connected to my network, but in order to ping or actually access the internet I have to run dhclient, is there a setting I can change or a way I can automate this process so I don't have to manually run dhclient every time I log in?
19:08 < mguy> apro: you could format a drive with fdisk but you present it to your system with LVM
19:09 < apro> what kind of presentation i can bring it? could you tell an example?
19:09 < bls> apro: fdisk creates partitions. that's it. lvm allows you to manage volumes within a partition for easier resizing, etc
19:09 < akd> I am unable to run a shell script as user master-backup `sudo: unable to execute /root/paas/scripts/bin/backup: Permission denied`, I have permission : `-rwxr-xr-x 1 master-backup master-backup 13938 Sep 15  2017 /root/paas/scripts/bin/backup`
19:10 < bls> akd: what are the permissions of the directories leading up to that file? what's the #! line in that file?
19:10 < akd> #!/bin/bash
19:11 < akd> drwxr-xr-x  2 root         root          4096 Feb  7 16:07 .
19:11 < hexnewbie> akd: sudo -u master-backup namei -l /root/paas/scripts/bin/backup
19:12 < akd> what ids namei?
19:12 < akd> f: /root/paas/scripts/bin/backup
19:12 < akd> drwxr-xr-x root root /
19:12 < akd> drwx------ root root root
19:12 < akd>                      paas - No such file or directory
19:12 < hexnewbie> akd: It's unlikely that a user master-backup would have traverse access to /root, and I advise you not to give it. Instead move the script to /usr/local/bin or /opt/akd/backup-scripts
19:13 < hexnewbie> akd: Of course, if the name of the script is "backup", don't put it under /usr/local/bin under that name.
19:14 < akd> why?
19:14 < d3fragg3d> can someone help me? I am trying to connect to mpd via ncmpcpp, on the client machine I can telnet into mpd via telnet 192.... 6600 it responds with MPD, however in ncmpcpp with the same IP and port on the same machine it says "connection refused" anything obvious I am missing?
19:14 < hexnewbie> akd: Cause it would shadow any OS program named backup, because /usr/local/bin is in $PATH. Put it somewhere outside /root, but outside of $PATH, /opt/backup-scripts or /usr/local/backup-scripts will do
19:16 < hexnewbie> Wonderful, opening msn.com causes my fan to turn on.
19:16  * MrElendig suggests not storing your backupscripts in /root
19:16 < akd> hexnewbie, /opt is owned by root
19:16 < electrosys> hexnewbie: it doesn't supprise me, try the no-script web-browser plugin.
19:17 < electrosys> some of those web pages are turning into bot nets it seems, what the heck are they doing?
19:17 < hexnewbie> electrosys: Well, I opened it in chromium. But it's fine in Mozilla
19:17 < hexnewbie> (with NoScript)
19:17 < electrosys> hexnewbie: that doesn't really suprise me either.
19:18 < hexnewbie> akd: Yes, and it should be. Would it be a problem for you?
19:18 < electrosys> yup, cause its the javascript, i think thats one of the few ways to utilize client processing power from the server.
19:18 < electrosys> at least through a web-browser
19:19 < electrosys> ^^ same guy?
19:19 < hexnewbie> akd: master-backup wouldn't have access to root's personal and *sensitive* files in /root/, so you need to put it elsewhere (location owned by root is probably preferable)
19:19 < electrosys> person i should say.
19:22 < akd> hexnewbie,  sudo: unable to execute /usr/local/bin/backup: Permission denied
19:23 < akd> lrwxrwxrwx  1 root staff      29 Jun 16 13:20 backup -> /root/paas/scripts/bin/backup
19:23 < akd> Can't I do that ?
19:23 < hexnewbie> akd: Nope. That's a symlink, it still reads it from /root
19:24 < Sitri> It'd work if it were a hardlink
19:24 < spare> cat /root/paas/scripts/bin/backup|sudo -u master-backup /bin/bash
19:25 < Sitri> what
19:25 < hexnewbie> akd: Also, if you can't get the permissions to the *backup* script right, I suggest you be very very careful with it, lest you accidentally fall do the fatal error from this folk story: https://it.slashdot.org/comments.pl?sid=11007635&cid=55044149 (have made the fatal mistake from the parable at least twice myself, thankfully catching it)
19:26 < spare> you can print the file as root and pipe it to bash ran as another user without needing file access
19:28 < Dagmar> Reminder: Hardlinks are never the answer.
19:28 < hexnewbie> To this question, at least, they are certainly not.
19:29 < electrosys> I was going to say, are hardlinks in the unix environment, like goto's in the programming invironment, basiclly a bad word you shouldn't use?
19:30 < asdfffdsa> Is there any way to switch to another user and log out of the original user?  I guess I could just enable root login over ssh on this server while I do some maintenance but I'd rather not if I don't have to
19:31 < electrosys> asdffdsa: there must be a command to logout a user, maybe logoff has some extra switches?
19:31 < hexnewbie> electrosys: Hard links are useful for some tasks (e.g. incremental backups with rsnapshot, reducing space used by ancient data archives using hardlink, preparing DVDs for Windows where identical files do not occupy extra space - genisoimage respects it).
19:31 < electrosys> so not a good analagy then.
19:31 < hexnewbie> electrosys: No, goto is much more useful than hardlinks. :)
19:32 < electrosys> but goto's can make a mess, they shouldn't be used, as there are other mechanisims that solve the probram in a more maintainable way.
19:33 < storge> asdfffdsa: do you mean to run a screen or tmux session on the remote machine?
19:34 < hexnewbie> electrosys: That's not really true. Modern languages like C only provide local goto, which is limited in messiness, are irreplaceable in C when doing error handling, and I've seen them substituted with insanity (Apache code is riddled with do { ... } while (0); so it can use break instead of goto, which I find insane)
19:34 < Dagmar> because the people who use goto are people whose code you eventually wind up throwing away
19:35 < electrosys> hexnewbie: i can see error handeling, i dont know much C only C++
19:36 < hexnewbie> egrep -rch 'goto\s+\S+;' /usr/src/linux | awk '{ s+= $1 } END { print s }' → 122580
19:36 < hexnewbie> Good throwaway code ;p
19:37 < asdfffdsa> storge: nah, i mean i ssh into a server via a non-root user and then logout of that user and login to root in a single command.  but something else came up so i can't really do it now anyway
19:37 < akd> Why am I still getting a password prompt with ssh with public key authentication?
19:37 < akd> I am doing `sudo -u master-backup CLIENT_HOST=master-01 CLIENT_DRIVE=/backup backup push`
19:38 < akd> the backup shell script is using ssh I expect it to use the ssh private key of master-backup
19:38 < akd> instead, I have `master-backup@master-01's password: `
19:39 < akd> My host private key is -rw------- 1 master-backup master-backup 1675 Sep 14  2017 id_rsa
19:39 < akd> the host .ssh directory is rwxr
19:39 < Dagmar> You need to specify the username to use on the remote end if it's not the same as the one on the local end
19:39 < akd> the distant host authorized_keys is chmod 600
19:39 < akd> it is the same username
19:40 < Dagmar> Then `sudo -u master-backup bash` and find out "in person" what's going wrong
19:40 < hexnewbie> akd: Inspect ~master-backup/.ssh/id_rsa, ~master-backup/.ssh/id_rsa.pub, and (on the server) ~master-backup/.ssh/authorized_keys with namei -l
19:41 < Dagmar> ...and to be perfectly honest, if you weren't defining the username and public key in ~master-backup/.ssh_config you were already doing it a bit wrong
19:41 < hexnewbie> akd: Also time to invest in ed25519 keys that come with 300% more tinfoil content. ;)
19:42 < akd> TBH it's time to check why email cant be send for 4 month and why backup havent been done for 4 month, why the authorized key have disappeard
19:42 < akd> and why did we fail to see that before
19:42 < akd> but yeah we will do all that we have a revamp of this part
19:42 < akd> we are a bit oustaffer
19:42 < sauvin> Except.... it's not really "tin foil" any more. It's all aluminum, which is transparent to many bands.
19:43 < akd>  ssh master-01 -p10022 -I id_rsa
19:43 < akd> dlopen id_rsa failed: id_rsa: cannot open shared object file: No such file or directory
19:43 < MrElendig> was never tin
19:43 < MrElendig> tin foil
19:43 < hexnewbie> aluminium! *ducks*
19:44 < sauvin> It was before WWII.
19:44 < hexnewbie> akd: -i, small i, not -I, capital I
19:44 < akd> well, it is asking for the password
19:45 < akd> the public key is installed on the other host in /backup/.ssh/authorized keys, the perms are 600 and the file and directory are owned by master-backup
19:45 < MrElendig> sauvin: but generally with a different use case
19:45 < hexnewbie> akd: ssh -vvv master-01
19:45 < hexnewbie> akd: Is /backup/ the home directory of master-backup?
19:45 < sauvin> Um, no, it was used pretty much as aluminum foil is today. A major reason for moving to aluminum was that tin imparted a tinny taste to foods.
19:45 < MrElendig> actual tin foil leaves a taste on the food
19:46 < akd> hexnewbie, yes it is the home directory of master-backup
19:46 < akd> https://paste.gnome.org/pquyl9bmp
19:46 < Dagmar> ...and everyone loves eating small amounts of metals
19:46 < sauvin> But of course we do, but we're rapidly developing a taste for plastic.
19:46 < Drakonan> hello im trying to figure out how to get in to my iomega ix4-200d it says support access is enabled
19:46 < Drakonan> i have ssh access to it
19:46 < Drakonan> but idk what the password is and i dont see a way to set it from the web interface
19:47 < MrElendig> admin admin? :p
19:47 < Drakonan> for ssh?
19:47 < Drakonan> maybe root admin? but i already tried that
19:47 < MrElendig> literally admin admin
19:47 < hexnewbie> akd: The server didn't like the key. Does the /backup/.ssh/authorized_key contain the contents of the corresponding id_rsa.pub ?
19:47 < MrElendig> well ADMIN ADMIN
19:48 < Dagmar> Looks like "root" and "soho" for that one
19:48 < MrElendig> because yelling makes it more secure
19:48 < sauvin> This one? https://www.router-reset.com/reset-manuals/Iomega/StorCenter-IX4-200d
19:48 < akd> yes
19:48 < MrElendig> manual says ADMIN
19:48 < MrElendig> also, pretty much all iomega devices ever have used ADMIN ADMIN
19:48 < akd> on first time it contain the exact same content
19:48  * hexnewbie is very upset by these default password policies. Default password should always be 'YOLO!'.
19:49 < Drakonan> im sure for the web console that would be right? but not ssh? but i tried it anyway and it is denied
19:49 < akd> I did a test to compare both string
19:49 < akd> it return true, they are equal
19:49 < pingfloyd> default password should be "sitting duck"
19:49 < hexnewbie> akd: Anything in the server log?
19:50 < Drakonan> nothing relatvent
19:50 < Drakonan> relavent
19:50 < Drakonan> relevant
19:50 < MrElendig> try soho<thewebpassword>
19:50 < MrElendig> without the <>'s
19:50 < Dagmar> pingfloyd: If people didn't learn from the clicking drives, nothing we say now is going to stop them
19:50 < hexnewbie> akd: If not, you can try raising the LogLevel in sshd_config to DEBUG
19:50 < pingfloyd> lol
19:51 < akd> no there is nothing, because it ask for password, when I fail the password, I have authotication failure in the log of my distant host
19:51 < Dagmar> "Yes, I had numerous proprietary disks destroyed by a company's malfunctioning hardware, but I'm going to trust LOTS of data to them at once now."
19:51 < pingfloyd> yeah, trust them with a NAS now
19:52 < Dagmar> akd: If it's still asking for the password when you've used sudo bash to "be" that user, then you didn't set up key auth correctly
19:52 < Dagmar> Use ssh-copy-id already
19:52 < akd> Dagmar, I think I did
19:52 < hexnewbie> Having a copy of your critical files on a single floppy disk? It's OK, only 10% of my floppy disks have failed and lost data.
19:52 < MrElendig> I've been looking for a 4 bay nas, but basically concluded that I'm probably better off buying a hpe microserver
19:52 < MrElendig> cheaper too
19:52 < akd> The key hasn't moved for a while
19:52 < akd> I can generate a new one
19:52 < Dagmar> akd: At this point, that's called a "delusion"
19:53 < akd> why a key would have disappeard from the distant host ?
19:53 < pingfloyd> hexnewbie: it's not so bad if they're a *copy*
19:53 < pingfloyd> say 1 of many
19:53 < Dagmar> akd: One reason might be that it's no longer the same host.
19:53 < MrElendig> hexnewbie: 20 year ago I could buy a 100 stack of floppies and maybe one would be borked, a few years ago I bought a new 100 stack and I couldn't even find 20 of them that worked
19:53 < akd> Dagmar, it is
19:53 < akd> :D
19:53 < akd> I have only 3
19:54 < Dagmar> This is why you set it up, lock things down to a specific keypair, and treat failures like the hostile incursions they necessarily are
19:54 < akd> and they never changed
19:54 < MrElendig> Drakonan: soho<webpass> worked?
19:54 < Dagmar> akd: ...and yet authentication-related files are mysteriously disappearing from the host?
19:54 < Dagmar> That's no longer your host, bruh
19:54 < pingfloyd> 10 years ago, I remember having a hard time finding any place still selling floppies.
19:54 < hexnewbie> MrElendig: That's weird, four years ago I ran ddrescue on all my floppies from my closet to image files, and only 2-3 had problems copying parts of the data.
19:55 < pingfloyd> floppies have always been hit and miss
19:55 < Drzacek> Hello there
19:55 < Dagmar> Just the same, iOmega made their own type of floppy, and the drives for reading them were rather flawed.
19:55 < pingfloyd> even in the 5 1/4" days
19:55 < Dagmar> ...and they basically ignored that problem for long enough that I won't trust them again
19:55 < MrElendig> hexnewbie: but those were probably old floppies
19:55 < Drakonan> MrElendig, right now i dont have any password at all... i just log right in from the web... so idk what to type for an ssh password
19:55 < Drakonan> security is disabled
19:56 < MrElendig> seems that for some reason they are incapable of making any reliable ones anymore
19:56 < pingfloyd> Dagmar: I remember when they tried to sweep that issue under the carpet
19:56 < hexnewbie> MrElendig: Yup. I know quality of everything has dropped, but aren't floppies nowadays only used by high-profile government types?
19:56 < akd> Dagmar, you seems so sure
19:56 < akd> I have tried to generate a new key
19:56 < Dagmar> "goodwill" on that trade name is all burnt up.  They should just walk away from it
19:56 < akd> and added it to the host
19:56 < akd> still does not work
19:56 < MrElendig> or they are just repackaging some old stock that have been sitting next to a giant transformer for 20 years
19:56 < pingfloyd> they basically waited until all their customers finally formed a giant lynch mob
19:56 < pingfloyd> such great customer support
19:56 < MrElendig> the box that epicly failed was even proper 3m floppies
19:56 < Drakonan> was going to try and mount some nfs shares because apparently the device uses smb1 and windows 10 doesnt have it by defualt so was going to try and mount over nfs but its not working
19:57 < pingfloyd> it was funny how before that, there was sort of an iomega cult
19:57 < Drakonan> device is slow anyway so idc about overhead who knows may be faster since the device is so slow and nfs is "native"?
19:57 < Dagmar> they were almost the only people making larger-capacity magnetic storage that wasn't a horrible tape drive
19:57 < pingfloyd> the click of death was their Jim Jone's Koolaid
19:57 < sauvin> Dagmar, you got hit with the magical Click of Death?
19:58 < MrElendig> on some telecom hardware we ended up getting some cheap floppy->sd card adapters off ebay to keep them working, due to lack of a source for new reliable floppies
19:58 < MrElendig> works reasonably well
19:58 < Dagmar> The 120M "super" floppy would have murdered iOmega inside of a year if the timing weren't so bad with optical drives finally become less expensive than a new workstation
19:58 < Mattx> hey, how do I connect to a server using netcat, if there is a load balancer in front of it? I trying pining the domain and connecting directly to that ip, but that didn't work
19:58 < Dagmar> sauvin: No, I had to help clients who had them
19:58 < sauvin> I trashed more than one. :\
19:58 < Drakonan> yay found it, was root / soho
19:59 < Mattx> I'm trying to run this: cat request.test | nc domain.com 443
19:59 < pingfloyd> I never had one, but remember reading a lot about the whole mess
19:59 < Dagmar> Drakonan: You mean, like I said from the start
19:59 < Mattx> but that shouldn't work probably, because it's ssl, don't know how to do it
19:59 < akd> Is it possible that my user is ban (fail2ban)
19:59 < Drzacek> If I may, I would like to have some questions answered, redarding keys, signing, gpg and stuff
19:59 < pingfloyd> HDDs are the new floppy drives
19:59 < jim> I've never experienced a 5 1/4" day... they were much taller for me
19:59 < sauvin> Mattx, thinking you may need socat or something that understands ssl.
19:59 < pingfloyd> (conventional HDDs)
19:59 < Dagmar> akd: If you can telnet to port 22 on the host and still see the OpenSSH banner, then fail2ban hasn't kicked you out yet
20:00 < Drzacek> why does signing something makes it safer?
20:00 < Drakonan> you never said root / soho so i googled soho because that sounded familiar and someone had posted
20:00 < akd> Dagmar, then why cant I use ssh key pair ?
20:00 < pingfloyd> Drzacek: it gives you a means to validate the something
20:00 < Dagmar> <Dagmar> Looks like "root" and "soho" for that one
20:00 < akd> if I show you all the logs can you tell me ? I am absolutely sure keys are correct
20:00 < pingfloyd> Drakonan: that is, be able to see if it has changed (been tampered with) since it left the hands of the original author
20:01 < Dagmar> akd: Could be lots of reasons, some of which would probably show up if you were to assume the specified userid, and then run ssh with -vvv on it and read what it says
20:01 < Drzacek> pingfloyd, I understand the general idea behind it. I create a file, sign it, then there is a way to confirm the package wasn't tempered with
20:01 < pingfloyd> Drzacek: that's one usage, yes
20:01 < Drzacek> but it all comes down to - do you trust this signature? I mean, anyone can create a key and sign files wildly
20:01 < pingfloyd> Drzacek: you have to check the signature
20:02 < Dagmar> That's why there's a chain of trust and certificate signing authorities
20:02 < pingfloyd> the real question is if you trust the author
20:02 < Drzacek> for example, I can download the linux kernel and verify that the signature is valid
20:02 < Drakonan> too bad i still cant get nfs to mount
20:03 < Drzacek> pingfloyd, exactly, I believe this is my question
20:03 < pingfloyd> you don't trust the signature, it's more that after properly checking the signature, you know its good, and the question becomes about trusting the author knowing it's a pristine copy at that point.
20:03 < Mattx> sauvin, I'm trying with socat though it works completely different it seems
20:03 < MrElendig> never trust that linus dude, I've heard he is a communist
20:04 < Drzacek> pingfloyd, the only way I can currently imagine is 100% secure, is when I meet someone in person and obtain his public key - then I can verify the signed files if they match the key I received from him/her
20:04 < pingfloyd> Drzacek: with a gpg sig, you can check by having a web of trust in place (not very practical), or by verifying the fingerprint.  This still leaves the dilemma of being able to identify if the fingerprint you're comparing against is pristine and authentic.
20:04 < Drzacek> but we are in internet, how does it work, how does this all trust work here
20:04 < rasputozen> do communists give bad tech reviews?
20:04 < pingfloyd> Drzacek: it's the fingerprint that will review if it is a forged signature
20:04 < pingfloyd> s/review/reveal
20:04 < MrElendig> rasputozen: yes, they only give average scores
20:04 < jim> MrElendig, he plays too much piano with lucy
20:04 < pingfloyd> a web of trust would as well
20:05 < MrElendig> rasputozen: instead of just giving 9.5/10 to everything like any good capitalist would
20:05 < rasputozen> MrElendig: yea but it lets the other scores stand out better
20:05 < Drzacek> pingfloyd, yeah the exact magic behind is still not very clear to me, but I'm trying to understand the basics now
20:05 < akd> I want to connect using SSH key/pair, this is my log from the distant host : https://paste.gnome.org/pmsxqwfdo , this is the log from my host https://paste.gnome.org/phci6y4l1 , why is it failing to use key?
20:05 < Drzacek> what is "a web of trust"
20:05 < MrElendig> (after being paid to do the review)
20:05 < MrElendig> Drzacek: wikipedia has a quite good page about that
20:05 < Drzacek> checking it now
20:06 < MrElendig> so do gpg, but it is a bit harder to read
20:06 < rasputozen> money doesnt lie
20:06 < jim> or tell the truth
20:06 < pnbeast> I think Bob Dylan said it swears.
20:07 < rasputozen> what of that gpg vulnerability
20:07 < akd> Dagmar, do you see the mistake I have made =[ ?
20:08 < MrElendig> rasputozen: fixed now
20:09 < hexnewbie> akd: Never confuse chmod with chown, except in confusing circumstances.
20:09 < rasputozen> but can i ever trust it again
20:09 < MrElendig> a bit strange that it have been in so long though
20:09 < Drzacek> okay, so in short - the keys are verified by multiple users and other 1) you trust that the one with many confirmations belongs to the person it says it belongs or 2) you have confirmed some keys yourself, and that other person confirmed some other keys etc and if you can find a chain connection == confirm,safe,secure - can trust
20:09 < MrElendig> rasputozen: there isn't anything better out there so...
20:09 < pingfloyd> rasputozen: are you trying to say proprietary is more trustworthy because it's all about money?
20:09 < MrElendig> rasputozen: also, if you didn't use --verbose for everything it was no issue
20:09 < MrElendig> :p
20:09 < BenderRodriguez> Does anyone know of a good rsync based app to facilitate backups
20:09 < akd> hexnewbie, yeah its a typo
20:10 < akd> I didnt do it on my host
20:10 < akd> That doesnt tell me at all how I can connect using ssh
20:10 < MrElendig> BenderRodriguez: I would consider something diff based
20:10 < sinatrablue> BenderRodriguez: rsyc?
20:10 < akd> backup or stop,  its sunday
20:10 < akd> +]/
20:10 < MrElendig> BenderRodriguez: rdiff/whatever
20:10 < pnbeast> BenderRodriguez, "rsnapshot" style...   You can write a small wrapper script yourself that does it.
20:10 < pingfloyd> it's saturday here
20:10 < sinatrablue> BenderRodriguez: you could use grsync
20:10 < rasputozen> if you use btrfs the basic tools are pretty much a built in backup system
20:10 < BenderRodriguez> well actually
20:10 < BenderRodriguez> let me back up
20:11 < Drzacek> soooooo in order to trust people on the internet, I should go to the world tour, meet people and sign their gpg keys - right?
20:11 < MrElendig> incremental with snapshots/logs is nice
20:11 < BenderRodriguez> the files that I want to back up are on LVM volumes
20:11 < Armand> Drzacek: Yarp
20:11 < BenderRodriguez> i know LVM supports a snashot volume feature
20:11 < pingfloyd> Drzacek: that's the ideal way
20:11 < Drzacek> hwere do I start?
20:11 < BenderRodriguez> maybe it comes pre-built with backup functionality?
20:11 < MrElendig> BenderRodriguez: but not incremental, so expensive as hell
20:11 < Armand> Drzacek: Nearest pub.
20:11 < BenderRodriguez> hmm I see
20:11 < BenderRodriguez> this seems to be promising
20:11 < BenderRodriguez> https://github.com/laurent22/rsync-time-backup
20:11 < Drzacek> Armand, sounds good, doesn't work
20:11 < MrElendig> Drzacek: got to CCC
20:12 < Armand> lol
20:12 < rasputozen> btrfs has built in incremental but theres a little dancing you have to do
20:12 < akd> I want to connect using SSH key/pair, this is my log from the distant host : https://paste.gnome.org/pmsxqwfdo , this is the log from my host https://paste.gnome.org/phci6y4l1 , why is it failing to use key?
20:12 < Drzacek> MrElendig, define ccc
20:12 < MrElendig> rasputozen: eh simpler than most
20:12 < pingfloyd> Drzacek: but I think for practical purposes, that when the author publishes their fingerprint on say their website that is in turn validated by a CA signed certificate, that's fine.
20:12 < SuperSeriousCat> If your paying Im up for a pub run
20:12 < rasputozen> MrElendig: agreed
20:12 < BenderRodriguez> actually, rdiff looks interesting as well
20:12 < akd>  debug1: Host '[master-rbx-01]:10022' is known and matches the ED25519 host key.
20:12 < BenderRodriguez> I'll give that a shot
20:12 < akd> Why./
20:12 < rasputozen> its like git, theres complexity but its not unnecessary
20:12 < Drzacek> pingfloyd, does the CAcert verify the person somehow?
20:12 < pingfloyd> Drzacek: that becomes as good as you can practically get.  Who goes to key signing parties anyway?
20:12 < MrElendig> Drzacek:  https://www.ccc.de/en/   they hold a really nice congress every year
20:12 < hendrix> BenderRodriguez: I use Back In Time, which is great
20:13 < pingfloyd> Drzacek: that dependency on key signing parties is gpg's weakness
20:13 < akd> So no one can tell me why my ssh keys cant work between two host
20:13 < Drzacek> pingfloyd, didn't knew that there were such parties. Would totally go
20:13 < akd> I thought they were only hacker here
20:13 < MrElendig> Drzacek: https://en.wikipedia.org/wiki/Chaos_Communication_Congress
20:13 < pingfloyd> Drzacek: who's got time for that?
20:13 < pingfloyd> Drzacek: you merely checking sigs already distances you quite a bit from the low hanging fruit
20:13 < rasputozen> imo a system based on meeting people irl isnt acceptable for nerd culture
20:13 < Drzacek> pingfloyd, If I would play less world of tanks I probably would find the time
20:14 < pingfloyd> Drzacek: really, just being careful from what sources you download from avoids most of the problems.
20:14 < MrElendig> rasputozen: ccc/defcon are exceptions
20:14 < pingfloyd> like covers say 99% of making sure you get a pristine copy
20:14 < MrElendig> specially ccc
20:14 < hexnewbie> akd: Sorry. I thought you said “Dagmar, do you see the mistake I have made =[ ?” because you noticed your mistake. Your authorized_keys owner is wrong, it's not master-backup
20:15 < Drzacek> pingfloyd, I was thinking about the other way around - publish some stuff myself
20:15 < pingfloyd> like the guy that goes to the project's official site to download is a world ahead of the average idiot downloading from the latest and greatest download site scam.
20:16 < Drzacek> what's stoping me from git cloning stuff and trying to pretend I'm the official project site? If it gets enough click it will even show higher in google when someone looks for that
20:16 < pingfloyd> Drzacek: I think more of the reason to check sigs (assuming user practices common sense to begin with) is to make sure they're not altered via MITM from say the NSA.
20:17 < pnbeast> akd, did someone answer you yet?  Did you 1. make keypair using ssh-keygen, 2. use ssh-copy-id to transfer pub key to "server", 3. have good perms on path to your key(s)
20:17 < pingfloyd> Drzacek: that your url will be different, or your certificate won't check out
20:17 < akd> (1) yes, (2) no , (3) yes I've posted the logs
20:18 < akd> hexnewbie, I have corrected that
20:18 < pingfloyd> Drzacek: it would be trivial if say the official site wasn't using https
20:18 < akd> and It is not that
20:18 < akd> even with proper user
20:18 < bls> or your commits won't be signed by one of the maintainers
20:18 < Drzacek> pingfloyd, it would be on github, for example
20:18 < Drzacek> so you're only left with "different name"
20:18 < pingfloyd> github has a CA certificate
20:18 < akd> pnbeast, I have generated the key using ssh-keygen, I did set permissions on the host, I did move in the distant host the key in authorized_keys and set chmod 660 to this file
20:18 < akd> I have posted all the logs
20:18 < Drzacek> pingfloyd, yes, but not for each project sites
20:19 < pingfloyd> if you went to http://github.com instead of https://github.com (and the certificate checks out) then there's need for concern
20:19 < hexnewbie> akd: I suspect sshd would refuse to use an authorized_keys with liberal 660  permissions
20:19 < pingfloyd> it would also be shame on github for not using https: to begin with
20:19 < bls> and doesn't github redirect to https?
20:19 < Drzacek> and instead calling my project "pingfloyd" like the original one, I would call it "pingfIoyd".
20:19 < pingfloyd> as they take away the user's ability to be able to assess they're at the authentic site
20:20 < pnbeast> akd, I would remove the "autorized" key file from the remote and use ssh-copy-id.  It's just easier in the long run.
20:20 < akd> hexnewbie, I have tried 600 also
20:20 < pingfloyd> Drzacek: a certificate wouldn't make a difference there
20:20 < pnbeast> Maybe fixing the spelling will also help.  Dunno, don't care.
20:20 < akd> pnbeast, sure I will do it
20:20 < Drzacek> yeah I guess
20:20 < Drzacek> anyways
20:20 < pingfloyd> Drzacek: because you could get a certificate signed by a CA for say pingfIoyd since it wasn't taken yet.
20:21  * pnbeast applies for a pingfIoyd cert.
20:21 < pingfloyd> and I would be at the official pingfIoyd site, which in our scenario happened to be a bad site.
20:21 < pingfloyd> i.e., we'd technically be at the official bad site.
20:21 < Drzacek> another question - master vs sub keys. Why? do I really need to?
20:21  * pnbeast creates a *worse* site using the fraudulent cert.
20:22 < akd> that work pnbeast
20:22 < MrElendig> you can use the master for everything if you want to
20:22 < pnbeast> ,next   <-  still broken.
20:22 < Drzacek> MrElendig, beside decrypting and signing?
20:23 < pingfloyd> Drzacek: I don't know for sure, but always seemed like a way to make taxonomizing easier.
20:24 < Drzacek> what's taxonomizing?
20:24 < pingfloyd> Drzacek: in other words, I think it is more a convenience feature
20:25 < Drzacek> also - file on disk or on smartcard?
20:27 < Mattx> ok, it's almost done. I'm using "cat request.test | openssl s_client -connect localhost:443"
20:27 < Mattx> but it doesn't wait for the response, it closes immediately
20:27 < Mattx> any idea?
20:27 < rcf> Drzacek: your idea of confusing users as to which reppository is legitimate is actually what Sourceforge did back in 2015 (if I recall correctly) when they took over projects that had left, building new installers with lots of adware for unaware googlers.
20:30 < Drzacek> I can see possible advantages of the external smartcard vs keyfile stored on my pc, but does it make any difference security-wise? Or is it just a placebo
20:31 < MrElendig> Drzacek: convenient portable format
20:31 < MrElendig> yubikeys/similar are nice too, though they have some limitations on the keys
20:31 < MrElendig> usually
20:31 < Drzacek> but beside being convenient?
20:32 < MrElendig> Drzacek: slightly lower risk of losing the key
20:32 < MrElendig> since it won't be permanently stored on the machine
20:32 < hassoon> i3 used to support dragging whatever i'm dragging and switching to any workspace at the same time, but now after upgrading my distro, i cannot do that, what package/functionality am I missing ?
20:32 < Drzacek> is there a full access to the key once I use the card with card reader?
20:32 < Drzacek> aka - it can be extracted?
20:32 < MrElendig> sidenote: print out the key on some dead trees and store a secure place too
20:33 < MrElendig> Drzacek: yes, else it wouldn't work
20:33 < fooman2011> re is it possible tu mute a tty in bash ? I mean, I would like to do this "ioctl(tty, KDSKBMUTE, 1) && ioctl(tty, KDSKBMODE, K_OFF)"  in bash
20:33 < MrElendig> fooman2011: setterm
20:34 < pingfloyd> what if you don't have a printer?
20:34 < Drzacek> MrElendig, so if there would be hostile software running on the pc without me knowing, it could steal the key too
20:34 < MrElendig> Drzacek: yes
20:34 < pingfloyd> Drzacek: yes
20:34 < fooman2011> MrElendig: thanks
20:34 < MrElendig> Drzacek: this is why you never use keys on public machines and the like
20:34 < pingfloyd> Drzacek: that's kind of why there is an argument to be made why has passphrase auth on your private key is a good idea
20:35 < pingfloyd> it's inconvenient, but an agent can manage that
20:35 < MrElendig> private keys*
20:35 < Drzacek> pingfloyd, didn't knew the password was optional
20:35 < MrElendig> for auth there are more secure solutions, like u2f
20:35 < pingfloyd> Drzacek: you know like when you first generate the eky
20:35 < pingfloyd> *key
20:35 < pingfloyd> it prompts for a passphrase
20:35 < pingfloyd> which you can skip if you want
20:35 < pingfloyd> I think many do
20:36 < Drzacek> pingfloyd, yes it promts, got the impression it was mandatory
20:36 < MrElendig> but that is trivial to keylog too
20:36 < pingfloyd> security is always the dilemma of security vs. convenience
20:36 < pingfloyd> also security measures that cause too much inconvenience tend to get side-stepped or not utilized.
20:36 < Drzacek> well yeah, but the more I learn about it the more I think there is no way to be 100.0% sure
20:36 < pingfloyd> got to always factor in human nature
20:37 < pingfloyd> maybe if programmers were better at that, we'd have less exploits
20:39 < pingfloyd> It's like how software companies implement security and assume everyone else is going to do the say.  That is, they're motivated to tighten their security because they care about security, while everyone else doesn't implement any more security than they're forced to.
20:40 < fooman2011> MrElendig: I looked for setterm. I don't see what is the option to use to mute the tty
20:40 < pingfloyd> like a Bank is only going to implement enough security to be compliant
20:41 < pingfloyd> Drzacek: yeah, there's no way to be 100% sure.
20:41 < MrElendig> fooman2011: setterm -blength 0
20:42 < Drzacek> pingfloyd, I don't know how it works, but a bank that implements only the requested minimum is risking their moneys. And risking moneys means they can lose moneys, and losing moneys is something the banks don't want to happen, so I would think they should be doing more than minimum to secure themselves
20:43 < fooman2011> MrElendig: setterm: terminal xterm does not support --blength
20:43 < pingfloyd> Drzacek: they don't care.  It's all insured.
20:43 < pingfloyd> Drzacek: if they're compliant, they're covered
20:44 < Drzacek> it is insured. But people will stop trusting the bank and go elsweyr
20:46 < pingfloyd> Drzacek: like say you worked for some bank and were in charge of managing/updating/implementing their security.  Let's say you really care about security, so you naturally feel it's a good idea to go above and beyond what is absolutely required.  The bank isn't going to care nor give you due credit for that extra diligence in spite of the obvious positive ramifications of protecting everyone's money and
20:46 < pingfloyd> investments.  Instead they're going to complain about your use of time.
20:47 < pingfloyd> Drzacek: it's not going to impact the customer from their point of view.
20:48 < pingfloyd> Drzacek: money turns up missing, the bank files a claim and continues to operate like normal from the Customer's POV.
20:49 < Drzacek> hmm I guess
20:50 < pingfloyd> as far as say account fraud, yeah customer will notice if their money is missing, but look how common place that has become.
20:50 < pingfloyd> it's now normalized.
20:50 < fooman2011> Is it possible to mute (block any character output) a tty in bash ? I mean, I would like to do this "ioctl(tty, KDSKBMUTE, 1) && ioctl(tty, KDSKBMODE, K_OFF)"  in bash
20:50 < ntd> anyone using shinobi?
20:50 < pingfloyd> and that's created a whole snake oil industry like LifeLock etc.
20:50 < Drzacek> so just to summarize - I CAN get a card/card reader to make my life easier but it won't make things much more secure, I should get CA cert (?), go to a wild key-signing party, and probably also use subkeys during my happy internet events
20:50 < Sitri> The author of shinobi presumably
20:51 < bluezinc> Drzacek: context?
20:51 < ntd> my bad. any currently present users of this channel using shinobi?
20:51 < pingfloyd> you don't need a CA cert except maybe for you website so your visitors can tell it is your website they're viewing
20:51 < Sitri> Just ask your question
20:52 < Drzacek> bluezinc, uzing gpg key to sing software packages I create in order to distribute it evenly to all the people (or just the few that might want it)
20:52 < BenderRodriguez> Is there a way to get rdiff-backup utility to show progress during its run
20:52 < BenderRodriguez> at the very least, show the file it's currently processing
20:52 < BenderRodriguez> ?
20:52 < MrElendig> just use certbot for your site
20:52 < bluezinc> Drzacek: you're assuming that anyone actually verifies PGP keys...
20:52 < pingfloyd> bluezinc: haha
20:53 < pingfloyd> back to human nature
20:53 < MrElendig> certbot/letsencrypt
20:53 < bluezinc> pingfloyd: as always, the weakest link in your security is sitting behind the keyboard...
20:53 < pingfloyd> bluezinc: his smart users will appreciate his efforts though
20:53 < Drzacek> bluezinc, well, the specific use-case I have currently in mind assumes people use operating system that I prepared and they are only allowed to install packages signed by me
20:54 < Drzacek> bluezinc, but I also wanted to know how does that whole key trust thing works in general
20:54 < bluezinc> Drzacek: hmm...  Sounds a little 1984-ish, but OK, then...
20:54 < Drzacek> MrElendig, I use it for my website, yes
20:54 < pingfloyd> the average idiot user will probably download his stuff from sites like sourceforge etc.
20:54 < bluezinc> Drzacek: in that case, I'm pretty sure it's just "gpg --sign"
20:54 < pingfloyd> actually probably even worse than sourceforge
20:55 < bdonnahue> hey guys, how can I use curl to do a get with multiple parameters? whats the syntax? is it <endpoint>?p1="foob"&p2="bar" ??
20:55 < pingfloyd> some "download site" that I've never heard of because I don't use such garbage.
20:55 < MrElendig> bdonnahue: curl can actually build that itself
20:55 < bls> it's pretty much what we're seeing right now with docker, and I expect to start happening with snaps/flatpaks
20:55 < Drzacek> bluezinc, yes it is
20:55 < bdonnahue> MrElendig, hmm not sure what you mean... asking google still
20:56 < electrosys> someone was asking about the exec: have you heard of xargs?
20:56 < MrElendig> bdonnahue: -d foo=1 -d bar=2 -d baz=3
20:56 < pingfloyd> electrosys: gnu's find, you rarely require xargs anymore
20:56 < bls> xargs is almost never what you should use instead of exec
20:57 < bdonnahue> MrElendig, thanks!
20:57 < MrElendig> er.. --data-urlencode
20:58 < pingfloyd> also not understanding shell word splitting well and using xargs can be pretty disastrous under the right circumstances.
20:58 < MrElendig> though if it is already encoded, -d is fine
20:58 < bls> and realistically, if you're in one of those situations where xargs can do something find can't, you're better off emulating it with a shell script and -exec +
21:00 < MrElendig> if you need find | xargs, always use print0
21:02 < yuken> How should I setup a SAMBA/CIFS mount to only try and mount when a network connection is found? FSTAB works perfectly for my always-connected box via ethernet, but doesn't like wi-fi
21:04 < MrElendig> yuken: networkmanager hook, systemd service
21:05 < bdonnahue> MrElendig, for some reason curl -X GET http://localhost:8500/v1/kv/locks?index=248
21:05 < bdonnahue>  works
21:05 < bdonnahue> but the following does not
21:05 < bdonnahue> curl -X GET  -d index=X-Consul-Index http://localhost:8500/v1/kv/locks
21:05 < bdonnahue> any thoughts?
21:06 < solidfox> finally encrypted my hard drive like we were talking about a few weeks ago
21:06 < pingfloyd> dm-crypt full disk?
21:06 < bdonnahue> ah nvm i figured it out
21:07 < solidfox> pingfloyd, idk. I think it's LVM Full disk encryption
21:07 < pingfloyd> okay
21:07 < pingfloyd> how you liking it?
21:07 < MrElendig> missing $?
21:07 < solidfox> pingfloyd, it ain't bad, it's actually less irritating if you use a different password than your user account.
21:07 < pingfloyd> solidfox: that's how I do it on my laptop LVM over Luks
21:08 < solidfox> pingfloyd, recently my friend's laptop was stolen
21:08 < solidfox> pingfloyd, so I decided I need to get serious about protecting mine.
21:09 < yuken> MrElendig, I have absolutely 0 clue how to do that.
21:09 < solidfox> pingfloyd, in spain apparently the police don't do anything, and stores don't have cameras
21:09 < solidfox> s/don't/can't
21:09 < MrElendig> eh, lots of stores has cameras
21:09 < solidfox> MrElendig, ah
21:09 < pingfloyd> solidfox: it's really sad that hasn't become a ubiquitous practice for portable devices in general
21:10 < MrElendig> usually the kind with image quality the 60's would be proud of though
21:10 < solidfox> pingfloyd, yeah
21:10 < pingfloyd> like where the assumption become that if something is portable, it's going to be using some form of FDE.
21:10 < pingfloyd> *becomes
21:10 < solidfox> FDE?
21:10 < solidfox> ah nvm
21:10 < pingfloyd> society is lagging, and needs to get to that point.
21:11 < MrElendig> it is the norm on portable tracking devices
21:11 < MrElendig> except the really low end ones
21:11 < pingfloyd> then you'll be able to have a little bit of confidence in your data being secure on them.
21:13 < MrElendig> but then again, they still sell phones with android 4.4 by the pallet
21:13 < zBrains> Hello, I'm trying to find out what happened to the openlunchbox project
21:13 < zBrains> or if anyone knows of something similar
21:14 < zBrains> open source modular laptops
21:14 < MrElendig> died
21:14 < MrElendig> you can just forget about the idea until we have affordable risc-v devices capable of running gnu/linux
21:15 < MrElendig> and some open wifi card
21:15 < MrElendig> sadly we don't have either, and the later is never going to happen
21:15 < solidfox> MrElendig, why never?
21:15 < zBrains> yeha why never
21:15 < MrElendig> because no hardware maker is going to spend the money
21:16 < solidfox> what if some good guy decides to design one that is open?
21:16 < solidfox> then any company can start making them and selling them according to that design
21:16 < MrElendig> solidfox: and who are going to pay for the 200k€++++ required for certification?
21:16 < zBrains> I wonder how mouch money would be needed to get enough work done to get it going
21:16 < solidfox> MrElendig, that ain't too much. just need some property to collect money
21:16 < solidfox> MrElendig, and debt
21:16 < zBrains> what type of certification we are talking about
21:17 < neoncortex> I need to be certified to connect into networks? I mean, routers check if it's certified or something?
21:17 < MrElendig> depends on which country you want to sell in
21:17 < neoncortex> wireless cards ^
21:17 < solidfox> MrElendig, it costed 1 million to apply to become a marijuana farmer in PA
21:17 < zBrains> us
21:17 < solidfox> (I think)
21:17 < MrElendig> if you want it world wide: have fun because you have to test to about 80 different standards
21:17 < sauvin> Or more.
21:18 < solidfox> ah I see. well we don't need wifi, we have ethernet :D
21:18 < MrElendig> it's about 80ish for most rf devices
21:18 < MrElendig> solidfox: ok, then it is just 60 or so
21:18 < MrElendig> :p
21:18 < solidfox> hahaha
21:18 < zBrains> eveery day I find it hardeer to buy a machine with ethernet jajaja
21:19 < solidfox> zBrains, EN-us laughing only please. thankyou
21:19 < neoncortex> Because if we need not to be certified to connect, we just need someone to post a howto, soldering iron, eletric componets and arduinos are plenty
21:19 < MrElendig> actually, it is more like an order or two magnitude more
21:19 < iodev> zBrains: don't get me started on Wiif
21:19 < iodev> *wifi
21:19 < iodev> there are like 15 SSIDs here
21:19 < MrElendig> but about 60 "big items", which all includes various "sub" standards etc
21:19 < iodev> and they kill my bandwidth
21:20 < MrElendig> iodev: 5ghz can help
21:20 < solidfox> iodev, did you try switching to lower range 2.4 GHz
21:20 < solidfox> ah thats what I meant, 5ghz
21:20 < MrElendig> lower range, more channels
21:20 < iodev> solidfox: NO, too expensive
21:20 < zBrains> sorry I can only laugh in spanish ... at least when I'm being honest ;)
21:21 < iodev> plus my phone lacks support for it, only laptop can do 5 GH
21:21 < iodev> * GHz
21:21 < MrElendig> iodev: a 5GHz capable AP id about 30 usd
21:21 < solidfox> zBrains, lolol it's ok I was jk :P
21:21 < iodev> stupid key!
21:21 < MrElendig> is*
21:21 < iodev> MrElendig: does it run OpenWRT
21:21 < MrElendig> no
21:21 < iodev> MrElendig: does it also have ethernet
21:21 < iodev> if not, then no
21:21 < solidfox> idk why, I guess I'm just too lazy, but I pay like $10 a month for a router from comcast........
21:22 < solidfox> verizon gives you a router for free but I think their internet is shyt
21:22 < PaulePanter> BCMM: Yes, kexec or coreboot. Though kexec is not always very well tested on x86 servers and devices do not fully reset and drivers mess up.
21:22 < PaulePanter> BCMM: At least it’s used on Power during boot.
21:22 < PaulePanter> Though they take quite long to boot to.
21:22 < MrElendig> solidfox: isp provided routers are generally trash
21:22 < iodev> solidfox: my ISP gives free Huawei HG crap
21:23 < solidfox> comparing verizon and comcast router to the netgear and lynksis routers I used a long time ago, they kinda seem similar mostly.
21:23 < MrElendig> solidfox: if you are paying 10/month you could replace it with a mikrotic/ubiq/similar and still come off in the positive after a year or two
21:24 < solidfox> MrElendig, ah
21:24 < MrElendig> wired router + however many access points you need
21:24 < MrElendig> wired only*
21:25 < MrElendig> or an all in one if a tiny flat or whatever
21:26 < MrElendig> 3-4 years would get you a newfangled mesh network
21:26 < MrElendig> plug and play mesh network*
21:26 < zBrains> MrElendig: is there any serios project trying to get the opensource risc-v going?
21:27 < MrElendig> zBrains: initial support is in the kernel, more to be added for 4.18
21:27 < MrElendig> still in early stages though
21:28 < MrElendig> zBrains: main prolem is that the only soc capable of running linux is currently on a 1000usd dev board
21:28 < zBrains> which one would that be?
21:28 < MrElendig> though there are some running linux on softcore risc-v in fpga
21:29 < MrElendig> hifive unleashed
21:29 < zBrains> probably equaly expensive (fpga)
21:29 < MrElendig> https://www.sifive.com/products/hifive-unleashed/
21:30 < MrElendig> if you just want to play with the risc-v isa there are some <100usd dev boards
21:33 < zBrains> MrElendig: that's cool, thanks for the link
21:33 < MrElendig> there is also a risc-v emulator
21:33 < MrElendig> simulator*
21:33 < MrElendig> there is even a web one :p
21:33 < zBrains> is it part of SiFive or a seprate project?
21:34 < zBrains> just going through their page now
21:34 < zBrains> SiFive
21:37 < zBrains> MrElendig: gotta run now but I'll keep looking through these, thanks
21:47 < Drakonan> im trying to troubleshoot a simple cron script that... isn't working idk if its running or not or what any way i can learn more about it it shows up in crontab -l
21:47 < Drakonan> and if i run it manually it works...
21:47 < Drakonan> but it doesn't seem to work on the schedule i have told it to
21:48 < DLange> redirect its output to a log file, like > /tmp/mycronlog
21:48 < lopid> don't forget 2>&1
21:49 < Drakonan> # m h  dom mon dow   command
21:49 < Drakonan> */5 * * * * ~/duckdns/duck.sh >/dev/null 2>&1
21:49 < Drakonan> that is what is in there idk maybe its a using thing how do i know what user its running as?
21:49 < e36freak> use the full path
21:49 < e36freak> not ~
21:49 < lopid> /dev/null, the ultimate log file
21:49 < e36freak> also true
21:49 < e36freak> and be aware thet cron environment is different
21:49 < e36freak> PATH is probably not gonna be the same either
21:50 < Drakonan> its a pi and im running raspbian its in the pi home dir... is that going to be an issue? is cron running as root?
21:50 < jim> the shell that runs the script is not guaranteed to understand ~
21:50 < DLange> replace ~ with /home/whatevertheuseris/  or /root if that is root's crontab
21:50 < e36freak> Drakonan: just use the full path
21:52 < Drakonan> dumb question how do i edit it
21:52 < lopid> crontab -e
21:53 < Drakonan> ok cool found it and changed
21:55 < electrosys> does notmuch by default do only local indexing/labeling ? i have another solution for remote labels already.
21:57 < lopid> its home page would suggest that is its purpose
21:58 < electrosys> whats with some of these newer apps having their own online manual pages?
21:58 < electrosys> it should be in the man page
21:59 < pingfloyd> electrosys: it's laziness
22:00 < electrosys> or i guess its assumed that notmuch doesn't sync imap labels because it doesn't mention it.
22:00 < lopid> "no network code at all". have you read its home page?
22:01 < electrosys> that last paragraph needs to be scraped off of the website and added to the man pages when they are built.
22:02 < electrosys> thats all i needed.
22:02 < electrosys> it was my assumtion but, i try not to assume things when its my e-mail or any sensitive data rather.
22:02 < electrosys> especially data that syncs.
22:06 < lopid> now try notmuch :)
22:06 < lopid> ing
22:07 < sauvin> Now, THIS is just WRONG: "Warning: Program '/bin/bash' crashed."
22:08 < lopid> smells like microsoft
22:09 < pingfloyd> where did you see that?
22:09 < pingfloyd> was that WSL?
22:11 < sauvin> No. Ubuntu.
22:11 < sauvin> I mean, straight up 100% Kubuntu 16.04, in a Konsole.
22:13 < pingfloyd> I've never seen that message
22:13 < pingfloyd> was that in a log?
22:14 < sauvin> Nope. Right there in the Konsole.
22:15 < pnbeast> sauvin, and Konsole keeps running, or the GUI part does, anyway?
22:17 < sauvin> That particular TAB apparently restarted itself because the next thing appearing in that window is a bash prompt.
22:17 < pnbeast> I see.
22:17 < sauvin> A working bash, even.
22:17 < pnbeast> Maybe konsole has its own little init system to respawn a new shell!
22:18 < electrosys> if notmuch returns search results as a copy of all your emails in a different folder how would you do a mutt action on all the search results?
22:18 < sauvin> That's what I'm thinking.
22:18 < electrosys> im using a label scripts that adds X-Label for IMAP sync
22:18 < sauvin> It's just startling. I mean, in my whole life, I've never seen a shell crash, and my "whole life" goes back *before* the Commodore VIC-20.
22:18 < electrosys> so I need to be able to write to my search results.
22:19 < markasoftware> is there a variable like $EDITOR, but for the default terminal emulator?
22:19 < electrosys> maybe notmuch can make a link... hmm :u
22:19 < pingfloyd> sauvin: commodores never really crashed unless they were overheating
22:19 < pingfloyd> okay, occasionally they'd freeze up
22:20 < pnbeast> I liked their big hit, "Night Shift".
22:20 < sauvin> Commodores, in my experience, crashed when they tried to run badly written assembly code.
22:20 < sauvin> They were otherwise bulletproof.
22:20 < pingfloyd> I think everything crashes in those circumstances
22:21 < pingfloyd> that's the beauty of assembly though.  Here's all the power, and if you screw it up, it's your fault.
22:30 < TheWild> hello
22:30 < TheWild> hey, why I can't mount a NFS share?
22:31 < lnnb> missing driver
22:31 < TheWild> "sudo mount 192.168.1.6:/media/ubuntu/7a0b1330-dca1-451e-be6b-ab2959e59d9b/thewild thewild"
22:31 < lopid> the computer is not turned on
22:31 < lnnb> pam is configured incorrectly
22:31 < mgolisch> it will probably tell you why
22:31 < TheWild> it's next to me, definitely turned on and the drivers are somewhat out-of-the-box in ubuntu
22:32 < TheWild> what is pam
22:32 < mgolisch> whats the error it shows?
22:32 < TheWild> btw, dmesg shows me nothing interesting
22:32 < lnnb> sudo is mounted on a filesystem mounted with MS_NOSUID
22:32 < TheWild> "missing codepage or helper program, or other error"... wait, what the hell?
22:33 < mgolisch> installed nfs-common?
22:33 < TheWild> remote computer is running Live "Try" Ubuntu and it has mount.nfs
22:33 < TheWild> but mine has not
22:33 < lnnb> your user doesn't have +rx in /sbin so it can't find the mount program
22:33 < lnnb> oh wait an error!
22:34 < TheWild> how's chance the live ubuntu already has nfs-common?
22:35 < TheWild> I thought it will get installed when I was installing Ubuntu
22:35 < mgolisch> still not sure what your even doing
22:35 < mgolisch> your mounting something from a computer that has booted from a ubuntu livecd?
22:35 < TheWild> yes
22:35 < mgolisch> does it have installed and started the nfs server at all?
22:35 < TheWild> yes
22:36 < TheWild> short: points out local computer does not have nfs-common installed. I do not remember if I ever explicitly removed it.
22:36 < TheWild> "Try Ubuntu" however seems to have it installed
22:36 < mgolisch> its never installed by default
22:37 < TheWild> okay, thanks mgolisch
22:38 < TheWild> I was betting I misconfigured server
22:44 < electrosys> ls
22:45 < revel> Does everyone else have this weird compulsion to run `ls` whenever they open a terminal session?
22:45 < MrElendig> no
22:45 < revel> s/every/any/
22:47 < sadasaulna> revel: yes
22:47 < sadasaulna> revel: also "ps"
22:47 < revel> I guess it helps me remember "right, that's the system I'm on and the user I am"
22:48 < electrosys> it looks like i need to prevent the read only flag from being added when the search results mailbox is sown.
22:48 < electrosys> i tried % but it says, can not make writtable a read-only mailbox.
22:48 < sadasaulna> revel: that might be it, i often find myself typing uname -a at a prompt too, as if to remind myself exactly what i have in front of me
22:48 < electrosys> the search results are acutally links by default.
22:48 < revel> sadasaulna: I just like having htop running in a tmux tab thingy for that.
22:49 < sadasaulna> revel: yeah, its not for seeing processes, its just a compulsion
22:50 < sadasaulna> i'm quite fond of uptime too, for seeing load and basking in the uptime of a system.  Years ago the counter for uptime was 32 bit and so could only count a little over three years, and I had firewalls whose uptime had wrapped
22:51 < revel> lol
22:51 < sadasaulna> and they were busy systems too, doing DNS for thousands of clients and reverse proxying and a whole bunch of stuff aside from firewalling
22:52 < sadasaulna> that was in the years before there was a vuln coming out every other week
22:53 < pnbeast> To be fair, the vulns were just *there*.  There was a lot less talk about them.
22:53 < sadasaulna> pnbeast: exactly!  I'm sure they were there we were just less aware of them
22:54 < sadasaulna> but we never got hacked, i had ssh open to the world no sshguard, there would be dozens of connections battering away with stupid guesses at passwords
22:55 < sadasaulna> our webserver on the other hand... that was vulnerable as hell, we hired at pentester and they didn't get in our firewalls but they went straight it through that dumb website we had
22:55 < pnbeast> In the early 2Ks, I ran a snort box on a well-established /24.  I could basically generate an arbitarily large list of probes by adding as many rules as required.  I.e., the malicious traffic seemed infinite.
22:56 < toothe> pnbeast: it is.
22:56 < toothe> Sometimes I think of moving my ssh port off 22 to like 2222
22:56 < pnbeast> The worst that happened while I was running the network was that someone exploited our formmail CGI script to send spam.  It was my fault - I'd heard of the problem but not fixed it.
22:56 < sadasaulna> toothe: it cuts down on the crap for sure
22:57 < toothe> sadasaulna: Right. I might experiment with it, who knows.
22:57 < toothe> It might stop a drive-by attack
22:57 < toothe> but I use ssh certificates for authentication - and a very long passphrase, so I'm fine.
22:58 < sadasaulna> exactly, it just cuts the noise, so that you know that if you change your SSH to some really random port that someone trying it is a least a tiny bit more serious
22:58 < toothe> sadasaulna: was it for home use or enterprise?
22:58 < sadasaulna> enterprise, but I do it on home systems too just to cut down on the noise in the logs
22:59 < toothe> meaning, who attacks home users?
22:59 < sadasaulna> generally though on my home systems firewall rules only allow a few trusted subnets access to SSH, eg from VMs I have
22:59 < toothe> rather - what dedicated attacker attacks home users?
23:00 < _KaszpiR_> to attatck systems you are working on, for example at work
23:00 < balletjebal> have you ever watched your ssh logs how many have tried :P
23:00 < MrElendig> the bots doesn't care if you are Urist McRandom or Microsoft
23:00 < toothe> balletjebal: right! But, those are just drive-by attacks, no?
23:01 < srukle> Do you just have your home server open to the world?
23:01 < toothe> i'd like to figure out how to rename wp-admin on wordpress to soemthing else.
23:01 < MrElendig> hell, many of them go after residental, because of all the insecure routers, NAS, IoT etc
23:01 < balletjebal> toothe, true just sniffing
23:01 < pnbeast> MrElendig, how'd you know my name?
23:01 < electrosys> hmm, looks like you typically don't write or execute from .cache?
23:01 < toothe> srukle: yes, actually. Ports 22, 25, 80 and 443.
23:01 < electrosys> ~/.cache
23:01 < sadasaulna> srukle: I always have my home systems only open on SSH to some VMs I have nowadays
23:01 < srukle> You'd see some activity in your logs then. :P
23:01 < toothe> srukle: Each port runs its own jail, but you would have limited access to my home network.
23:01 < V7> Hey all
23:01 < toothe> I should probably stop that through firewall rules though.
23:02 < V7> Could anyone help me with setting up a sound card on arch32 ?
23:02 < toothe> functionally speaking, jails = docker
23:02 < srukle> does bsd use jails without docker?
23:02 < sadasaulna> but if you run an antispam setup, I might point out that drive by attacks are useful, you can use them to block ips or subnets you'd rather never hear from
23:02 < toothe> srukle: Yes.
23:02 < toothe> srukle: the attempt to get docker on it uses jails as its kernel primitive.
23:03 < toothe> I hope it comes soon.
23:03 < toothe> I really like docker.
23:03 < sadasaulna> i had a script that would automatically add the driveby ips to my "never talk SMTP to them" list
23:03 < toothe> but BSD users seem to look down on docker...I totally don't agree.
23:03 < sadasaulna> toothe: docker is nice in principle but in practice...urgh
23:03 < srukle> Well, you're a Linux user. Of course you disagree fundamentally. lol
23:04 < toothe> sadasaulna: oh? I love it. What's wrong with it?
23:04 < toothe> we run CoreOS at work.
23:04 < srukle> Do you like CoreOS at work?
23:04 < pnbeast> sadasaulna, what if someone fixed his h4xx0r3d box, then tried to email Amazon gift certs to all the victims of his broken box?  You might have missed out.
23:04 < V7> Anyone ?
23:04 < toothe> well...tbh, I just wrote a few Dockerfile's, I don't maintain it.
23:04 < srukle> I'm trying to look for opinions especially for work environment.
23:04 < V7> #archlinux just throws me away
23:04 < toothe> srukle: But the guy who does use it loves CoreOS>
23:04 < sadasaulna> toothe: i like CoreOS idea, again in practice not so much, I'm not a fan of the devops mentality which seems to be "fail often"
23:05 < toothe> sadasaulna: That adds to the robustness, no?
23:05 < srukle> Haha, so there's a learning curve?
23:05 < toothe> srukle: A little bit, but it isn't like using Linux for the first time.
23:05 < sadasaulna> toothe: yes, again, in principle I like it.. what i'm not a fan of is making failure default
23:05 < toothe> fair.
23:05 < toothe> That was a problem on this one Amazon system I pentested.
23:06 < marius> sadasaulna, so how do you prepare for failures?\
23:06 < toothe> their systems were auto-scaled, so their EC2's would go down and auto-scale constantly. I would produce a list of targets, and a day later 10% of the machines were off.
23:06 < toothe> were destroyed.
23:06 < toothe> which sounds fine cuz my scanning system would detect new EC2 instances, but my ssh creds would be wiped away.
23:07 < sadasaulna> marius: through proper engineering.  I prefer the allow what is necessary approach to the block what isn't, getting offtopic a bit I admit, would take me an age to explain
23:07 < V7> So, does anyone had a problem with arch and sound system ?
23:07 < V7> alsamixer just shows only one column called "BEEP"
23:07 < sadasaulna> I like linux but I also run NetBSD and OpenBSD, and I like the solid engineering approach to the "assume things are going to fail" and "everything is in flux" approach
23:07 < V7> lspci shows "Hight Definition Card"
23:08 < sadasaulna> its a bit philosophical
23:08 < toothe> sadasaulna: okay, so I'm going to ask you the question I ask to all NetBSD users. Why NetBSD?
23:08 < toothe> What is it about NetBSD that makes people run it?
23:08 < toothe> I feel like I've never gotten a solid answer other than that its fun.
23:08 < sadasaulna> toothe: its such a well engineered, well documented piece of software, it is a understandable whoel
23:08 < sadasaulna> whole
23:08 < toothe> yeah, GNU code in general is weird.
23:08 < sadasaulna> which I find with Linux is much more difficult
23:09 < toothe> I'd like to see a rewrite of a lot of gnu core utils.
23:09 < sadasaulna> so I find NetBSD a brilliant system for learning UNIX, from the ground up, without distractions or poorly understood reasons for doing things
23:10 < toothe> concur.
23:10 < toothe> I ran Linux from about kernel 2.0. Back then things were a lot simpler.
23:10 < toothe> I feel like Linux is so complex nowadays.
23:10 < sadasaulna> like I say, I like Linux, I got my start in UNIX with HPUX, moved to Linx, spent years at that, and now spend time running Linux, NetBSD and some OpenBSD
23:10 < toothe> and not just the kernel, the entire OS.
23:10 < sadasaulna> toothe: yep, Linux was at 2.0 when i first ran it
23:10 < V7> Already trying to setup sound on arch about 4 hours and nothing.
23:10 < V7> Anyone
23:11 < MrElendig> there are other userlands than gnu you can use
23:11 < MrElendig> atleast 3 others
23:13 < sadasaulna> its ironic, that I have probably learned more about Linux by studying UnixV7, Minix and NetBSD than I have from running Linux itself
23:14 < sadasaulna> MrElendig: yeah, systemd is its own userland ;)
23:14 < MasterDebater> you learn more from studying than from using? whoda thunk??
23:15 < sadasaulna> MasterDebater: I did years of using, nearly all on Linux, and I did little studying, I just made things work.  Last few years I have studied UNIX more and i've done that mainly on non Linux systems
23:15 < sadasaulna> i'm out of work, used to be a well paid sysadmin, now for mental health reasons i have given up IT (and the money that goes with it) and have had more time to enjoy UNIX
23:15 < electrosys> hmm i had my hugo backwards oguh
23:16 < python476> hi guys
23:16 < V7> Does anyone use arch32 ?
23:16 < python476> I'm looking for places to read about linux netsec
23:16 < MrElendig> V7: someone does yes
23:16 < python476> beside /r/netsec , any good site ?
23:16 < electrosys> anyone know how you make the search results from notmuch-mutt writable?
23:18 < V7> The main thing is that sound with "alsa-utils" doesn't work
23:19 < TheWild> electrosys: you mean on google? Enter the developer console and type "document.body.contentEditable = true", then press enter. Now you can edit the results. Enjoy ;D
23:20 < V7> When trying to "modprobe snd_hda_intel index=0 model=6stack" speaker bumps two times and this is all
23:20 < python476> dominate your computer with the power of the dom
23:21 < pingfloyd> V7: why don't you just dump arch instead?
23:21 < pingfloyd> V7: they've cast you out of their cult, because you're still on 32-bit
23:22 < V7> Also, it's interesting that alsamixer shows only one column called "BEEP"
23:22 < pingfloyd> V7: could just run a sane dist and not deal with such issues
23:23 < jim> debian's probably gonna do that too eventually (so are the others, because: it's a lot of mirror space to support all the oldest machines along with the newest)
23:24 < revel> I think Debian's "eventually" for x86_32 is quite a ways away.
23:24 < jim> but they're probably not gonna do it today
23:24 < jim> yeah, agreed
23:25 < MasterDebater> you already can't run a bunch of mainstream software on linux 32
23:25 < pingfloyd> debian cares about supporting multiple architectures
23:25 < pingfloyd> mainstream being the crap you get on github?
23:25 < noahmg123> How can I get a list of the first three characters of files in a folder?
23:26 < jim> well they did get rid of a few archs
23:26 < MasterDebater> among other things
23:26 < V7> So, all of you mean that this issue because of i686 ?
23:26 < revel> They've dumped a couple of archs, though I think they had barely any users in any category (server, embedded, desktop, whatever)
23:26 < MasterDebater> google chrome for example
23:26 < revel> V7: I'd rather blame arch32 than the processor
23:26 < pingfloyd> those arches were pretty niche too
23:26 < V7> revel: Why ?
23:26 < noahmg123> I have a folder with filenames like "ABC_list.txt" and "XYZ_list.txt", and I just want the first three letters of each filename
23:27 < V7> noahmg123: #bash
23:27 < MrElendig> lsmod | grep snd
23:27 < revel> Because it's a small no-name distro, basically.
23:27 < noahmg123> V7: Will try over there, thanks
23:27 < electrosys> TheWild, i mean in mutt/notmuch
23:27 < jim> noahmg123, you mean you just want XYZ a bunch of times?
23:27 < revel> Debian's got bleeding edge variants if you want.
23:27 < V7> MrElendig: Thank you :) http://termbin.com/w51d
23:28 < MrElendig> noahmg123: https://mywiki.wooledge.org/BashGuide/Parameters#Parameter_Expansion
23:28 < electrosys> pwd
23:28 < MrElendig> noahmg123: bookmark the guide
23:28 < sadasaulna> revel: starting my lot in PA-RISC/HPUX i have a fondness for that architecture but i'm not sorry that Debian would throw it out, cos who the fuck really runs PARISC
23:28 < noahmg123> jim: no, each file has a different first three letters
23:28 < MrElendig> V7: alsamixer, press f6
23:28 < MrElendig> also fuser /dev/snd/*
23:29 < revel> Yeah, they're fairly niche.
23:29 < yakiza> HEllo everyone! i have just installed DEbian 9 on a DELL inspiror 3000 series (Laptop),  i downloaded loaded my modues and i am able to see the interface and also see the wireless networks around me including mine. When i try to connect to it it gets stuck in authentication and times out
23:29 < jim> /foo/bar/bazzar/five/six/stix
23:29 < V7> MrElendig: Shows 3 options ( (default), 0 HDA Intel, enter device name... )
23:30 < V7> "fuser /dev/snd/*" gives empty output
23:30 < jim> yakiza, does your laptop have an eth port? and, do you have a cable and a place on your router?
23:30 < MrElendig> select the second one
23:30 < electrosys> how do you make the mail box that is created from the mutt/notmuch search results in ~.cache/notmuch ? writeable? it seems the filesystem is writeable as its supposed to be. The search results are links to the e-mail files as im using maildir.
23:31 < V7> MrElendig: nothing changes :(
23:31 < V7> Stays one column with name "<Beep>"
23:32 < MrElendig> updatedb; locate asoundrc
23:32 < pingfloyd> noahmg123: like: for file in *; do mv "$file" "${file%%_*}"; done  (test run first by replacing mv with echo).
23:32 < yakiza> jim:  yes thats how i am connected now here
23:32 < MrElendig> bash does indexes too
23:32 < jim> yakiza, ok, good... then you have a good chance of getting connected... do you have network manager?
23:33 < MrElendig> indexes/slices
23:33 < yakiza> jim:  wicd
23:33 < MrElendig> yakiza: read logs, start with dmesg
23:33 < jim> ok, and in wicd, is where you see the wireless nets?
23:33 < yakiza> jim:  yes i can see them on wicd i can also see them on terminal when i do a scan
23:34 < jim> ok, that should mean your wireless hardware works fine...
23:34 < V7> MrElendig: Empty output
23:35 < yakiza> jim:  yes i assume so, i thought i would change the encryption when connected but every single item i tried doenst change a thing
23:35 < V7> Thank you very much MrElendig, really
23:35 < V7> For trying
23:35 < jim> yakiza, well you have to make sure your router can do them
23:36 < yakiza> jim:  it used to work when i had KAli linux on it
23:36 < Dagmar> Well, you still need to supply a wpa_supplicant.conf
23:36 < Dagmar> http://wicd.sourceforge.net/templates.php
23:36 < neoncortex> Weid question, but: someone knows if there is a way to convert those cheap China wireless mini keyboards to wired?
23:37 < Dagmar> Not without a soldering pencil and some electronics knowledge
23:37 < neoncortex> I'm not that good in eletronics but I can follow a howto
23:37 < MrElendig> neoncortex: depends on the protocol used
23:37 < Dagmar> Just get one with bluetooth and use a bluetooth dongle
23:37 < MrElendig> some actually go usb -> rf -> usb
23:38 < neoncortex> MrElendig: Do you mean there's a chance to get a Usb chip there?
23:38 < Dagmar> Thanks to HID it's not that much of a deal to get a bluetooth wireless keyboard working (even with the fumblepad)
23:38 < yakiza> Dagmar: you think if i follow that pages tut it will work?
23:38 < MrElendig> why not buy a proper wired keyboard though?
23:38 < Dagmar> yakiza: Considering that it's maintained by the wicd maintainers?  Yeah, it should work.
23:38 < jim> yakiza, do you have the wpa-supplicant package installed?
23:39 < yakiza> jim:  i am not sure how could i check
23:39 < MrElendig> https://gitlab.manjaro.org/ste74/kernel-alive/issues/1
23:39 < V7> MrElendig: Also "aplay -l" shows no devices
23:39 < neoncortex> MrElendig: size, I did not find one small enough
23:39 < jim> take a look at the output of dpkg -s wpa-supplicant, near the top
23:39 < MrElendig> V7: getfacl /dev/snd/*
23:39 < neoncortex> the one I have is identical to this: https://i.ytimg.com/vi/JGlMhqX5To4/maxresdefault.jpg, but wireless
23:40 < MrElendig> neoncortex: define "small enough"
23:40 < Dagmar> neoncortex: I like those
23:40 < MrElendig> there are wired keyboards that fits in one hand
23:40 < neoncortex> MrElendig: To use with a raspberry pi
23:40 < Dagmar> It would have been nice if the keys weren't in a square grid, but they're otherwise pretty spiff for a media box
23:40 < MrElendig> about the size of your average phone
23:40 < jim> antgel, probably you just need one connection
23:40 < neoncortex> with a 3.5 screen
23:40 < Ameisen> Hi there. Not sure if it's quite a linux question
23:40 < Ameisen> however, can bash be instructed to load and call a function in a shared object?
23:40 < MrElendig> neoncortex: for that use case I would use a wireless one
23:40 < Ameisen> rather than instantiating a new process?
23:40 < n-iCe> hi
23:41 < Dagmar> Ameisen: Nope
23:41 < yakiza> jim:  are you sure you have spelled that correct?
23:41 < MrElendig> unless you are building it into some box
23:41 < Ameisen> Dagmar - nuts
23:41 < yakiza> jim:  dpkg-query: package 'wpa-supplicant' is not installed and no information is available
23:41 < V7> MrElendig: http://termbin.com/01yu
23:41 < Ameisen> I need to use the same scripts across multiple platforms, including Linux and Windows in msys2
23:41 < Dagmar> yakiza: apt search should turn up something
23:41 < jim> yakiza, ok one sec
23:41 < Ameisen> the scripts are OK in Linux, but awfully slow in Windows due to process creation
23:42 < Ameisen> I want to write a result cache, but it'd need to be something Bash can open in its own process rather than as a new process otherwise nothing is gained.
23:42 < Dagmar> yakiza: The package is around _somewhere_ but I just don't remember the package name for debian (probably has a dash instead of underscore)
23:42 < Ameisen> might need to fork bash then to add that functionality :(
23:42 < Dagmar> Ameisen: There's a better than average chance that you are doing something terribly, terribly wrong.
23:42 < Dagmar> Warning signs... "need to fork bash"
23:43 < MrElendig> neoncortex: google "ipazzport" and similar keyboards
23:43 < MrElendig> some of them work out of the box over usb
23:43 < revel> Dagmar: Well, Windows does suck at starting new processes.
23:43 < Dagmar> The one wot looks like an Xbox controller is also quite nice
23:43 < jim> yakiza, yep, misspelled. the correct spelling is the same, without the -
23:43 < MrElendig> V7: so you have a broken session, or this is over ssh
23:43 < Dagmar> revel: That's not our problem.  *ahem*
23:43 < Dagmar> heh
23:44 < MrElendig> V7: or archlinux32 broke/disabled it
23:44 < neoncortex> MrElendig: that's the plan: https://learn.adafruit.com/mini-raspberry-pi-handheld-notebook-palmtop/overview
23:44 < MrElendig> V7: add your user to audio
23:44 < revel> It isn't. That's simply what he was talking about, and it's a solution to that, terrible as it may be.
23:44 < MrElendig> neoncortex: no need to modify if you get one with a working usb port
23:44 < yakiza> jim:  i can see now some results
23:44 < Ameisen> Dagmar - ever run a massive configure script in Msys2?
23:44 < V7> MrElendig: Hm. I'm logged as root. I'll add root to audio group
23:45 < Ameisen> they're OK in speed on Linux (though still slow), but 10-100x slower in Windows
23:45 < yakiza> jim:  https://pastebin.com/PPuJDbH9
23:45 < V7> This is local machine with clean arch
23:45 < MrElendig> V7: don't use root
23:45 < Ameisen> a universal caching solution'd be ideal. Just not sure how to implement it.
23:45 < Dagmar> Ameisen: Why on earth would I want to do that.?
23:45 < MrElendig> and adding root to audio obviously won't do anything
23:45 < V7> oh
23:45 < Dagmar> Three years of fighting with Access and Microsoft's idea of runtime licencing was enough.
23:45 < V7> clean arch32 *
23:46 < Dagmar> Not once have I considered going back.
23:46 < Ameisen> Dagmar - neither of those are really involved in what I'm doing :|
23:46 < Ameisen> I have a toolchain that's intended to be able to be built on Linux, BSD, or Windows (under an appropriate terminal emulator)
23:47 < jim> yakiza, so, yes, it's installed... incidently, if you have nc installed, you can pastebin the output of an arbitrary command, for example ls -CF if you run it like this: ls -CF | nc termbin.com 9999
23:47 < Dagmar> Unless it takes eight hours to complete, you might want to consider whether or not this time spent fighting it will _ever_ show a profit in your time
23:47 < Ameisen> I suspect the blame is mainly on cygwin/msys, simply because they just compiled bash/et al as was, and didn't modify them to remove fork/the stuff that's exceedingly slow
23:47 < Ameisen> Dagmar - build goes from like 2 hours to 6
23:47 < Dagmar> Windows is the new Slowaris, man
23:47 < Ameisen> not just in bash though. I think Windows doesn't like the access patterns in NTFS for things like access times, nor does it like emulating fork.
23:48 < revel> I think this channel is for GNU/Linux, not GNU/NT :P
23:48 < Ameisen> Eh, scripts and such written _for_ Windows are fine. I just don't want to have to have two sets of scripts.
23:48 < Ameisen> GNU/NT... is a bizarre thing to read.
23:48 < yakiza> jim:  thanks, so what is the next step now?
23:48 < Ameisen> Stallman had a seizure somewhere.
23:48 < revel> lol
23:49  * Ameisen is now envisioning other environments... GNU/Macintosh System 7
23:49 < revel> Ameisen: Well, to be fair, I think the GNU project has this weird complex where they like porting free software to non-free platforms.
23:49 < Ameisen> GNU/Voyager 2
23:49 < Milos> How can I find all folders containing the octal bytes \357\200 in their name? With ls, they show random printable chars e.g. exclamation mark or a parenthesis, but the actual byte is \357\200\242 for example
23:49 < revel> I guess it helps people get accustomed to it and make the switch to free platforms easier.
23:49 < Milos> s/folders/directories/
23:49 < MrElendig> Milos: 1. never parse ls
23:49 < MrElendig> Milos: 2. man find
23:49 < Ameisen> revel  - yeah. In this case, though... things like bash shoudl really be ported simply because they don't actually have to make calls like fork, they just do. But that's the worst thing to do on NT.
23:50 < jim> maybe the best thing is to read their wiki... one sec
23:50 < Ameisen> not sure why Microsoft doesn't just add a fork syscall already. They already support everything for it in NT.
23:50 < Milos> MrElendig, what do you mean "never parse ls"? did I say I did?
23:50 < MrElendig> the use case sounded like it
23:50 < Milos> MrElendig, did you read my question?
23:50 < Ameisen> fork is also somewhat expensive in the Unix Subsystem
23:50 < MrElendig> I did
23:50 < revel> Milos: You can use `find` for this, as he suggested.
23:51 < Ameisen> oh well. back to figuring out why gcc doesn't want to build on this ubuntu system
23:51 < MrElendig> Ameisen: as expensive as on native
23:51 < Milos> I am already using find, but let me see if I can figure out how to search for bytes by entering in their string equivalent. Which is my question.
23:51 < Ameisen> the annoyance of going from a traditional build to dpkg
23:51 < MrElendig> native windows that is
23:51 < Ameisen> MrElendig - IIRC, the WSL is somewhat more optimized than most of the solutions such as in cygwin
23:52 < Ameisen> simply because it resides at the kernel layer
23:52 < revel> I think your shell should allow for entering octal or hex values.
23:52 < Ameisen> Ubuntu is actually pretty usable under WSL.
23:52 < Sveta> V7: re P3-1491-NNN, very few results, (I read Russian) someone on a forum says it is POS-1000, searching for that says 2.0 GHz, up to 8GB. accuracy of that is questionable.. perhaps your best bet would be asking ##hardware and pinging me to translate where things are difficult to understand
23:52 < Ameisen> just really weird to see see Ubuntu NT
23:52 < Ameisen> since there's no actual linux kernel
23:52 < MrElendig> could just copy/paste the bytes
23:53 < Milos> MrElendig, revel - not sure on first glance. Mind adding a tip instead of just read the manual?
23:53 < neoncortex> Those never parse ls thing is valid for people who write scripts to run all around in different systems, servers, etc. The common user can parse it at will I think
23:53 < MrElendig> or ${}
23:53 < MrElendig> ()*
23:53 < MrElendig> neoncortex: same really for finding things in a tree "by hand"
23:54 < V7> Sveta: I wholeheartedly appreciate everything you’ve done, really
23:54 < revel> printf '%s\n' $'\x21'
23:55 < revel> printf '%s\n' $'\041'
23:55 < Milos> looking
23:55 < MrElendig> find .... -name $(python3 -c "print('\357\200\242')" ...
23:56 < Milos> yeah, no.
23:56 < Milos> that's not what man find will tell you
23:56 < MrElendig> worksforme™
23:56 < MrElendig> or as said, copy/paste
23:56 < jim> yakiza, do you have wireless-tools installed?
23:57 < revel> $'\357\200\242' works for me.
23:57 < yakiza> jim:  yes
23:57 < revel> Though adding *s before and after it would hepl.
23:57 < Milos> nice. so I guess the bottom line is, my question should've been how do I convert octal string to bytes in bash
23:57 < Milos> thanks
23:57 < revel> So, err, -name \*$'\357\200\242'\*
23:57 < V7> Sveta: The main thing is that it's CPU is called Centaur which means noone would suggest anything about it, it's 32bit and doesn't have pae, cx8 flags which means that all famous 32bit distros won't work on it
23:58 < jim> ok, I think you have everything... there's a wiki page on the debian wiki, http://wiki.debian.org/WiFi
23:58 < MrElendig> there are a few non-pae
23:58 < MrElendig> not being i686 is a bigger issue
23:58 < jim> yakiza, ^^
23:58 < V7> MrElendig: One were arch32
23:58 < yakiza> jim:  fcking hell then why its not working ...
23:59 < V7> I've tried to find some as much minimal as possible and arch was a REALLY good variant
23:59 < MrElendig> yakiza: verbose mode, logs?
23:59 < V7> Because it doesn't need any desktop environment, but connection and sound
23:59 < Milos> revel, awesome. thanks. I remember seeing that $'\blah' syntax before a long time ago. thanks for helping!
--- Log closed Sun Jun 17 00:00:01 2018