| frabbit | i want to overwrite an old hdd with random data via dd, but it always stops at abot 95 MB | 00:05 |
|---|---|---|
| frabbit | why? | 00:05 |
| gnarface | probably hardware failure, but how long did you wait? | 00:06 |
| gnarface | also what command did you use? maybe you just made a mistake with it | 00:06 |
| koollman | also, is there an actual error ? | 00:07 |
| gnarface | yea.... your random source could be running dry on entropy at 95MB, or you could be hitting a performance wall at 95MB of harddrive cache and simply killing it prematurely... | 00:07 |
| gnarface | if it's actual hardware failure it would be errors, possibly preceeded by a hard freeze of 120 seconds (default kernel I/O timeout) | 00:08 |
| koollman | errors could be mostly in dmesg or kernel logs, for a while | 00:08 |
| gnarface | dd would most likely also report a discrepancy between the bytes in and bytes out | 00:08 |
| frabbit | ok so its a 2,5" internal hddd that is connected via sata <-> usb adapter (two usb plugs to grant enought power). i get Input/output error. | 00:08 |
| gnarface | oh, so the 95MB might be the usb bridge's buffer too | 00:09 |
| frabbit | i always run dd with status=progress option | 00:09 |
| gnarface | useless unless bs=512 | 00:09 |
| frabbit | gnarface: what does that mean? | 00:09 |
| gnarface | frabbit: it means you haven't given us enough information to prove the data even makes it to the drive | 00:10 |
| gnarface | do you get errors running "hdparm -I" on it? | 00:10 |
| gnarface | or hdparm -T for that matter... | 00:11 |
| koollman | probably show us the full command first | 00:11 |
| gnarface | yea that would be a good idea | 00:11 |
| frabbit | no errors at hdparm -I | 00:11 |
| frabbit | comand i ran for overwrite storages: dd if=/dev/urandon of=/dev/DEVICE status=progress | 00:12 |
| gnarface | assuming "urandon" is a typo and "DEVICE" was just a placeholder for the actual device name, it should work | 00:13 |
| frabbit | *urandom | 00:13 |
| gnarface | try badblocks instead | 00:13 |
| frabbit | gnarface: i know ive done this dozens of times... | 00:13 |
| gnarface | badblocks -b 512 -o bad_blocks.txt -p 0 -s -w /dev/DEVICE | 00:14 |
| frabbit | gnarface: badblocks? | 00:14 |
| gnarface | actaully, swap the value of -b out with whatever "hdparm -I" said was your physical sector size | 00:15 |
| frabbit | what does this excatly? | 00:15 |
| gnarface | but unless the drive is pretty new it's probably 512 | 00:15 |
| frabbit | its old | 00:15 |
| gnarface | kinda like what you're trying to do with dd but it will save the list of damaged sectors to the text file | 00:16 |
| frabbit | ok | 00:16 |
| gnarface | it will be slow. be patient | 00:16 |
| frabbit | so dd badblocks -b 512 -o bad_blocks.txt -p 0 -s -w /dev/DEVICE | 00:17 |
| gnarface | what? no | 00:17 |
| frabbit | hm? | 00:17 |
| gnarface | why are you prepending dd? | 00:17 |
| gnarface | badblocks is a binary like dd | 00:17 |
| frabbit | i see | 00:18 |
| gnarface | i'm suggesting you use it instead, not together | 00:18 |
| gnarface | there is a man page | 00:18 |
| frabbit | didnt know =) | 00:18 |
| gnarface | if you're trying to destroy data securely, maybe change -p to 2 or 3 (change it to 8 if you're trying to hide data from the NSA, but it's gonna take weeks to finish then, too) | 00:19 |
| frabbit | oh i see what u ment with "it will be slow" | 00:19 |
| gnarface | (in that case, you're probably better off just drilling holes in the drive then sawing it up into little pieces, actually. but -p 8 might do the trick) | 00:19 |
| frabbit | nah the guy wants it back | 00:20 |
| koollman | I consider that one pass is enough. If I care enough, hammer it is :) | 00:20 |
| frabbit | koollman: i do always only one pass with dd | 00:20 |
| frabbit | of course it is enought everything else is esoteric... | 00:21 |
| gnarface | the default badblocks call doesn't add a huge amount of randomness to the test patterns but you can alter it to be whatever you want pretty much | 00:21 |
| frabbit | ok 2% in 3 minutes... hdd is 160gb... let me calculate | 00:21 |
| gnarface | oh that's not too bad at all | 00:21 |
| frabbit | gnarface: i see | 00:22 |
| gnarface | you're lucky it's not a 2TB drive :) | 00:22 |
| frabbit | but why now dd wasnt working? is the drive broken somehow? | 00:22 |
| gnarface | i think we are about to find out | 00:22 |
| frabbit | gavlee: yeah ^^ | 00:22 |
| frabbit | gnarface: | 00:22 |
| koollman | it will get slower anyway, can't directly extrapolate speed on hdd | 00:22 |
| frabbit | gavlee: sorry you werent ment, was typo | 00:22 |
| koollman | (well, you can but it's not linear) | 00:23 |
| frabbit | badblocks seems cool thx for lettig me know this programm exists | 00:23 |
| frabbit | *letting | 00:23 |
| gnarface | np frabbit | 00:25 |
| frabbit | 00:17 < gnarface> [...] if you're trying to hide data from the NSA, [...] - do u do this normally? =D | 00:25 |
| gnarface | frabbit: well, that's a loaded question on a number of levels. first of all, if you're not trying to hide your data from EVERYONE who would misuse it (NSA provably amongst them) then you're really stupid. second of all, i provide, amongst many other technical services, secure data deletion for people trying to resell their old hardware | 00:26 |
| gnarface | but really, you do have to weigh how long you want to wait to scrub the drive against how well funded you think the people interested in what was on there are | 00:27 |
| koollman | I prefer to consider this problem with a different approach. I don't write data I wouldn't want to share directly on disk first. I start with full disk encryption | 00:28 |
| gnarface | koollman: that's a smart approach. some of my clients use Windows though | 00:28 |
| frabbit | koollman: i have fde here too | 00:28 |
| gnarface | koollman: or i should say used (usually in this situation they're selling an old Windows laptop to replace it with a Mac) | 00:28 |
| frabbit | but...: https://libreboot.org/faq.html#hddssd-firmware | 00:29 |
| koollman | gnarface: well, windows can do it. but, yeah, need at least windows pro or 3rd party software | 00:29 |
| frabbit | [...]we mean that the drive itself is capable of running its own embedded OS[...] | 00:29 |
| gnarface | koollman: yea typically these are OEM installs i had nothing to do with, i don't actually support Windows anymore. I just support people ditching it, in various capacities | 00:29 |
| frabbit | so a hdd/ssd can contain a hidden os that operates without u know it | 00:30 |
| frabbit | and that thing has dma | 00:30 |
| koollman | some drives also support secure encryption, but it's often annoying to use right. And it is less likely on older drives. Although it is getting more and more common | 00:31 |
| gnarface | frabbit: oh, that reminds me. there's also hidden space (replacement sectors for bad blocks) on most modern drives, though usually not more than the amount of space available as advertised, still enough usually to justify setting -p to 1 or more | 00:31 |
| koollman | err, I mean secure erase (with on-disk encryption) | 00:31 |
| frabbit | gnarface: yeah ive red about that | 00:31 |
| gnarface | frabbit: but basically, if you write a total of more data to the drive than the visible sectors + the hidden sectors, you should be able to scrub all of it. | 00:32 |
| koollman | 'maybe' :) | 00:32 |
| gnarface | frabbit: but if this drive is failing writes, it's probably out of hidden sectors | 00:32 |
| koollman | can't really trust any modern firmware to act in a sane way | 00:32 |
| frabbit | koollman: yeah maybe =D | 00:33 |
| gnarface | there's always the microwave if you're desperate... | 00:33 |
| gnarface | i hope it doesn't come to that though | 00:33 |
| frabbit | koollman: word! if its not free u cant really say what it is doing... | 00:33 |
| frabbit | magnet tape is safe i think... | 00:34 |
| frabbit | xD | 00:34 |
| frabbit | or stone | 00:34 |
| koollman | I really like hammers for secure deletion. huge ones. :) | 00:34 |
| gnarface | magnetic tape maybe if you keep it in a lead box | 00:34 |
| gnarface | underground | 00:34 |
| frabbit | gnarface: =D | 00:34 |
| frabbit | gnarface: so at home xD | 00:35 |
| gnarface | actually a tape degausser should work on a harddrive too but i don't know how fast | 00:35 |
| gnarface | i haven't tried that | 00:35 |
| gnarface | in theory that would be a MUCH faster way to erase the whole drive though | 00:35 |
| koollman | it would also make it unusable | 00:35 |
| gnarface | would it break the drive? using those degaussers on regular VHS tapes i do recall making a lot of noise and rattling the tape innards violently | 00:36 |
| koollman | only pretty old drives have low-level formatting utilites/capabilities | 00:36 |
| koollman | 'modern' (like, 2005+) ones can't write precisely enough to redo cylinder markings | 00:37 |
| gnarface | hmmm | 00:37 |
| gnarface | so the ultimate verdict is there's no way to make this faster without damaging the drive | 00:37 |
| koollman | it's made once in factory, if you lose that, you have a brick :) | 00:37 |
| frabbit | do you think the people who create unfree hardware/firmware use unique free hw/fw instead? | 00:39 |
| koollman | why would they ? | 00:40 |
| frabbit | i mean: i cant image that they use this crap they produce for themselfs | 00:40 |
| gnarface | usually it's something internally developed and heavily secret. every once in a while you catch one of them stealing GPL'd code without attribution, but it's rare and usually those are newer less well funded companies | 00:40 |
| frabbit | everyone who understands just a little bit of what all these devices could do, would try to avoid them | 00:40 |
| koollman | to them it would be homemade stuff. they know what it is pretty well | 00:40 |
| frabbit | koollman: sure, but i mean devices that they do not produce | 00:41 |
| frabbit | a ram vendor do not have cpus for example | 00:41 |
| koollman | oh. that depends. I suppose most would use them anyway | 00:41 |
| gnarface | alright, let's not drive this discussion too far off into the weeds | 00:41 |
| frabbit | gnarface: yeah =D | 00:41 |
| gnarface | frabbit: my main point was just to emphasize that if you need the data scrubbed hard enough to protect against against magnetic resonance reconstruction attacks, check the badblocks manpage for the -t option | 00:43 |
| gnarface | frabbit: if you just want the drive emptied and verified, this should be fine | 00:43 |
| gnarface | frabbit: what we're looking for here (the smoking gun if the drive is physically failing) is for that bad_blocks.txt file to start filling up with numbers | 00:44 |
| frabbit | test pattern | 00:44 |
| gnarface | yea, you can alter the test pattern | 00:44 |
| gnarface | if you need it to be more "random" | 00:44 |
| gnarface | default is something like FFFFFFFFF.... TTTTTTTTT... AAAAAAAA... | 00:45 |
| frabbit | hmm i dont think i understand this.. =( | 00:46 |
| gnarface | just remember there are man pages, so when you do start to understand you'll know where to go for answers | 00:47 |
| * frabbit speaks out his last sentence after he reads the man page | 00:47 | |
| frabbit | i do have to translate and understand it | 00:48 |
| frabbit | thats sometimes a bit more difficult | 00:49 |
| frabbit | also i find that manpages are sometimes contains specific terms, that you only undertsands when u are a geek or something | 00:50 |
| gnarface | heh, sometimes we still have to translate too. not all those man pages are model examples of the use of English | 00:50 |
| frabbit | simple language would be good | 00:50 |
| gnarface | well, lots of the stuff referring to physical parameters of drives like blocks and sectors you should research if you aren't familiar with | 00:51 |
| frabbit | man pages should describe things in a way that are understandable for beginners too | 00:51 |
| gnarface | there is a certain base assumption you've made it through at least CS101 in a lot of these things | 00:51 |
| frabbit | gnarface: yeah and thats the loop you get in when you just want to erase ur data =D | 00:51 |
| frabbit | CS101? whats that again? xD | 00:52 |
| gnarface | you can catch up on a lot of the hardware stuff if you can find training materials related to "A+ certification" | 00:52 |
| gnarface | that might be a good way to catch up | 00:53 |
| gnarface | not actually getting the certification, but studying the materials | 00:53 |
| frabbit | im not a common student or something. i just read things that interests me atm or that i have to because i need to do some specific task | 00:54 |
| gnarface | you are playing catch-up because a lot of this stuff was written by people at a time when there really weren't "casual" computer users | 00:54 |
| gnarface | a lot of us just grew up with these things | 00:54 |
| frabbit | yeah real digital natives | 00:54 |
| frabbit | not like these fake ones the media call young people who are smartphone zombies.... | 00:55 |
| gnarface | you're right. it won't ever happen again. modern tech is designed not to leak knowledge. we're off into the weeds again though, that's editorialization not support | 00:55 |
| frabbit | gnarface: agree to both. | 00:56 |
| frabbit | #debianfork is 4 that right? | 00:56 |
| gnarface | yes | 00:56 |
| frabbit | ok =) | 00:56 |
| frabbit | im in that channel since some minutes | 00:56 |
| frabbit | what are the minimal packages that i need in devuan to get a wlan usb to run via terminal? | 00:59 |
| frabbit | i have the "TP-LINK_TL-WN722N" here in Version 10 with that free atheros chipset | 00:59 |
| gnarface | i think you just need wireless-tools, wpasupplicant and non-free firmware if the device requires it (atheros ones commonly do) | 01:00 |
| frabbit | these two i got already | 01:00 |
| gnarface | actually strictly speaking you probably don't even need wpasupplicant but i can't imagine you'd actually want to run an unencrypted wifi or even a wep encryption wifi | 01:01 |
| frabbit | non-free i dont think so, because it has that free chip as i said: https://deviwiki.com/wiki/TP-LINK_TL-WN722N_v1.x | 01:01 |
| frabbit | gnarface: of course not. wpa2 | 01:01 |
| gnarface | so with that setup, you should be able to just plug the wifi config directly into /etc/network/interfaces | 01:02 |
| frabbit | ok... | 01:02 |
| frabbit | errmm gotta test | 01:02 |
| frabbit | the chipset btw.: https://deviwiki.com/wiki/Atheros_AR9271L | 01:03 |
| frabbit | lsmod says ath9k_htc is there | 01:04 |
| gnarface | does it show up in the output of "/sbin/ifconfig -a" | 01:04 |
| gnarface | ? | 01:04 |
| frabbit | wait i need firmware-atheros package first | 01:06 |
| frabbit | gnarface: no it doesnt | 01:06 |
| gnarface | i told you | 01:06 |
| frabbit | but i havent it added to interface yet | 01:06 |
| gnarface | yea, it won't do anything until you have that firmware probably | 01:06 |
| frabbit | gnarface: yes i thought it came in stock | 01:07 |
| gnarface | uh, i think it depended on which installer you used | 01:07 |
| gnarface | and whether the device was present at install time | 01:07 |
| gnarface | if you skiped network config or if you didn't use the netinstall, it might not have added it by default | 01:08 |
| gnarface | also, if you did have it added but didn't keep "non-free" in your sources.list it's conceivable some upgrade might have removed it without replacing it if you weren't paying attention | 01:09 |
| frabbit | i broke something | 01:53 |
| frabbit | need to cancel that badblocks process and reboot | 01:54 |
| frabbit | *needed | 01:54 |
| frabbit | whats that when i have no connection to the router, cant use the internet but ifdown -v eth0 gives me netwok not configured and ifup -v eth0 gives me RTNETLINK file exists | 01:56 |
| frabbit | ? | 01:56 |
| frabbit | do i have to rm that file this RTNET line is talking about and then run ifup -v eth0 again | 01:56 |
| frabbit | i just put ifaces wlan0 inet static under the same line with eth0 adn runned ifup -v wlan0 | 01:59 |
| frabbit | that was the point where i lost connection to the router | 01:59 |
| frabbit | but even after removing that wrong wlan line from interface, i couldnt get a eth connection again... | 01:59 |
| frabbit | i treid service networking restart but that doesnt work | 02:00 |
| frabbit | *tried | 02:00 |
| gnarface | there's a few things it could be, but first of all, never remove a device from /etc/network/interfaces while it is still up, or it gets confused | 02:01 |
| frabbit | gnarface: yeah thats what i painfully found out now =D | 02:01 |
| frabbit | i did a search for an eth0 file everywhere but i ddnt get a clue what to do | 02:02 |
| gnarface | just ifdown the device first, THEN comment it out in /etc/network/interfaces | 02:02 |
| frabbit | gnarface: yup | 02:02 |
| frabbit | hower before i rebooted ive done this and added the correct device for the wlan stick in interfaces | 02:03 |
| frabbit | *however | 02:03 |
| frabbit | ip a showed it to me | 02:03 |
| gnarface | did wpasupplicant also give you a dhcp client? | 02:04 |
| frabbit | but i couldnt bring it up and i didnt found out (without internet) how to use it | 02:04 |
| gnarface | if you don't have a dhcp client installed you'll also have to give it a static ip in addition to the normal wifi stuff | 02:04 |
| frabbit | i do not wpa_suppcliant atm, im reading about it atm | 02:04 |
| frabbit | but i have no dhcp here | 02:04 |
| frabbit | yeah in interfaces right? | 02:05 |
| gnarface | yes | 02:05 |
| frabbit | like the one for eth0 | 02:05 |
| frabbit | ok =) | 02:05 |
| gnarface | your router may need to be configured to allow static ip addresses | 02:05 |
| frabbit | must it be different? | 02:05 |
| frabbit | the router runs with static eth0 adress | 02:05 |
| frabbit | *address | 02:05 |
| gnarface | cheesy plastic home routers often have different rules for the wifi from the physical ethernet ports | 02:06 |
| gnarface | so that's not a relevant comparison, necessarily | 02:06 |
| frabbit | oh i see... | 02:06 |
| frabbit | ddnt know that only used wlan once | 02:06 |
| gnarface | you'll want to read the device's documentation | 02:06 |
| frabbit | and for that "phone" here to visit f-droid | 02:07 |
| gnarface | you need to be familiar enough with it's features to make sure it's set up to do what you want | 02:07 |
| frabbit | gnarface: errr.. i just want to try first | 02:07 |
| gnarface | it's not something i could even do completely blind | 02:07 |
| gnarface | there's not enough uniformity on consumer device features or default configurations | 02:08 |
| frabbit | reading wpa_suppcliant atm then try to type in my passphrase for the wpa of the router and edit the interfaces file before that | 02:08 |
| frabbit | shit.. what i have to do? so much stuff here? is that really necessary? | 02:12 |
| frabbit | i thought i could stick that thing in, edit interfaces file, type in my passphrase and thats it. | 02:13 |
| gnarface | well, there's too many unknowns for me to answer simply | 02:14 |
| gnarface | it will bear some testing | 02:14 |
| frabbit | =( | 02:15 |
| frabbit | im looking for videos now... | 02:15 |
| gnarface | i've been able to get a wifi connection up with as little as just 2 additional lines below the iface line, but it varies a lot by protocol and device. sometimes you need extra lines to specify stuff it can't auto-detect right due to limitations of the router firmware or the driver itself | 02:16 |
| gnarface | or maybe you're just getting the password format wrong | 02:16 |
| gnarface | or maybe the router isn't set up to allow static ip addresses for wifi by default (common) | 02:16 |
| gnarface | if you don't want to mess with router settings, then i'd check on that missing dhcp client first i think (usually they do enable dhcp by default) | 02:17 |
| gnarface | in one particular case, the computer was just too slow and the router was impatient, so it would take MINUTES to finish connecting, and work fine once connected but fail to complete connecting like 4 out of 5 times | 02:18 |
| gnarface | but at this point for all i know you have everything else right and just forgot to specify the gateway | 02:19 |
| frabbit | password format wrong? | 02:20 |
| gnarface | frabbit: scrollback http://paste.debian.net/1149474/ | 02:20 |
| frabbit | thx =) but i read http://maemo.cloud-7.de/irclogs/freenode/_devuan/ when this happens | 02:21 |
| gnarface | frabbit: yea there's different types of password actually. they're not all just "string" ... some of them are hex or decimal or limited ascii | 02:21 |
| frabbit | wait g4570n has quit (Ping timeout: 246 seconds) | 02:21 |
| frabbit | thats not me | 02:21 |
| gnarface | and some of them need special notation in the /etc/network/interfaces file | 02:21 |
| gnarface | ignore that, i just copy+pasted from my window, so other parts/joins are in there | 02:22 |
| frabbit | wheres the message that i was disconnected? | 02:22 |
| gnarface | it didn't happen | 02:22 |
| g4570n | 0/ | 02:22 |
| frabbit | oh the people here block my parts and joins because it happens so often xD | 02:22 |
| gnarface | you reconnected before your previous connection timed out that time | 02:22 |
| frabbit | oh ok, but i missed the last message from you | 02:23 |
| frabbit | doesnt matter | 02:23 |
| gnarface | everything in that paste was what you missed | 02:23 |
| gnarface | plus some bonus content | 02:23 |
| frabbit | gnarface: yes i know | 02:23 |
| frabbit | no | 02:23 |
| frabbit | only the last sentence | 02:23 |
| frabbit | never mind | 02:24 |
| frabbit | =) | 02:24 |
| frabbit | i read the log site | 02:24 |
| gnarface | anyway | 02:24 |
| frabbit | so how can i find out what passphrase type my router is using? | 02:24 |
| gnarface | it should be mentioned in the manual | 02:24 |
| gnarface | but you can probably heavily infer from it's gui | 02:25 |
| frabbit | it a very long passphrase with all types of characters | 02:25 |
| frabbit | in the router manaul? lol no way xD | 02:25 |
| gnarface | i think the iwconfig manpage contains the /etc/network/interfaces file notation for various password types | 02:25 |
| frabbit | its just a thre pages "long" comic book | 02:25 |
| frabbit | *three | 02:25 |
| frabbit | ok | 02:26 |
| gnarface | i'd have to dig out an old machine to check but i just remember having to prepend "s:" to certain passwords or there would be a parsing error | 02:27 |
| gnarface | something like that | 02:27 |
| gnarface | the man pages are there so we don't have to remember every detail | 02:28 |
| gnarface | but once you get this working, i recommend you make a backup of that file | 02:28 |
| frabbit | im fucked up atm | 02:34 |
| frabbit | didnt want to spend so much time again on computer stuff today | 02:35 |
| gnarface | i don't blame you, but to some degree you only make it worse by thinking like that | 02:35 |
| frabbit | isnt there any step by step (video) tutorial? | 02:36 |
| gnarface | maybe but not that i know of | 02:36 |
| gnarface | i had to learn to do this the hard way, before there were video tutorials | 02:36 |
| gnarface | part of the issue is that too much of the setup is going to be router specific | 02:37 |
| frabbit | it sucks that there a tons of tutorials for this gui shit: click here click here click here thasts it, but it lacks of terminal tutorials, espacially on yt | 02:37 |
| frabbit | who needs all this etwok manager tutorials? you can click on that icon and see enable wifi or whatever, no one need a tutorial 4 that! | 02:37 |
| frabbit | *network manager | 02:38 |
| gnarface | heh, yea there's a real social barrier there. once you absorb enough of the text you start neglecting the videos, but the video people neglect the text too... | 02:38 |
| frabbit | yes | 02:39 |
| frabbit | sometimes its good to have also visual and sound stuff for learning, i mean this is the oldest, most intuitive and efficent way how humans learn, not reading | 02:40 |
| gnarface | yea, it's true, but it's just very expensive to stick on the internet. text is comparatively cheap, and again there's the generational thing; most of us had reading beaten into us (sometimes literally) | 02:40 |
| gnarface | people of that generation will tend to suggest you solve your reading problem before you solve your networking problem | 02:41 |
| frabbit | no one would say: hey read all that good books about martial arts and then fight against this expert fighter over there, im sure it wil be a fair fight. xD | 02:41 |
| gnarface | hah, true | 02:41 |
| frabbit | yeah | 02:42 |
| gnarface | but luckily the computer won't beat you up if you let your guard down (probably) | 02:42 |
| frabbit | lol | 02:42 |
| frabbit | but there are some good tutorials for some stuff, ive found some good video tutorials for bash, lua and misc minimal terminal stuff | 02:43 |
| MinceR | "A computer once beat me at chess, but it was no match for me at kick boxing." | 02:44 |
| frabbit | and before i changed to devuan i saw a video about it ;) | 02:44 |
| frabbit | MinceR: =D | 02:44 |
| frabbit | Managing Wireless LAN on Command Line in Linux: https://www.youtube.com/watch?v=qVqkldgPjjo | 02:47 |
| frabbit | but 8 years old | 02:48 |
| gnarface | frabbit: one thing is, you should also be able to completely define the wifi connection with just iwconfig and ifconfig commands. maybe if you're having trouble with the /etc/network/interfaces syntax, try testing bare iwconfig and ifconfig commands for comparison, maybe it'll be easier to see the mistake that way | 02:49 |
| gnarface | (also maybe easier to see the relevant errors) | 02:49 |
| frabbit | is the device name of my wlan stick a sensible information that i shouldnt share? | 02:50 |
| gnarface | wlan0? probably not | 02:51 |
| gnarface | or the model#? probably not either | 02:51 |
| frabbit | no its not wlan0 | 02:51 |
| gnarface | the wifi router itself, yea don't tell people the model of that unless it's desperate | 02:51 |
| frabbit | or the information interfaces contains? | 02:51 |
| gnarface | the password and SSID are highly sensitive, obviously | 02:52 |
| frabbit | ip gateway etc. | 02:52 |
| gnarface | the internal LAN ip addresses less so, the public addresses very much so | 02:52 |
| frabbit | gnarface: haha =D | 02:52 |
| frabbit | like my keys? ;P | 02:52 |
| gnarface | right. make sure /etc/network/interfaces is not globally readable | 02:52 |
| frabbit | it isnt | 02:52 |
| frabbit | but i wanted to paste it to show you | 02:53 |
| frabbit | so i wont then... | 02:53 |
| frabbit | or wait ill set placeholders | 02:53 |
| gnarface | oh. yea i wouldn't paste it unless you swap out all the ip addresses and authentication info out with fake stuff | 02:53 |
| frabbit | ok so i sticked in the wlan usb and runned ip a | 02:54 |
| frabbit | it shows up there at third place after lo and eth | 02:54 |
| gnarface | well that's progress | 02:54 |
| frabbit | the name of that devices i copied into interfaces on a line #iface DEVICENAME inet static | 02:55 |
| frabbit | *device | 02:56 |
| gnarface | should be correct | 02:56 |
| frabbit | below that i have just copied the address netmask and gateway line that i use for eth | 02:56 |
| gnarface | except it would be "iface DEVICENAME inet dhcp" if you're using dhcp | 02:56 |
| frabbit | all lines are disabled with # at the beginning atm | 02:56 |
| frabbit | gnarface: no i dont | 02:57 |
| frabbit | i use static | 02:57 |
| gnarface | did you say you had a "gateway" line under eth0 before? | 02:57 |
| frabbit | yes | 02:57 |
| gnarface | you gotta move that to the wifi device | 02:58 |
| frabbit | 02:54 < frabbit> below that i have just copied the address netmask and gateway line that i use for eth | 02:58 |
| gnarface | oh, ok yes, you said that | 02:58 |
| frabbit | gateway is the router right? | 02:58 |
| gnarface | yes, router's internal ("LAN") ip | 02:59 |
| frabbit | ok =) | 02:59 |
| gnarface | note that it might be in a different subnet than the wired ethernet though... this is one of the things you have to actually check in the router | 02:59 |
| gnarface | they vary too much to guess | 02:59 |
| frabbit | so no i just have to run "ifdown eth0" to disable my current connection, then disable the eth lines in interfaces and enable the wlan ones | 02:59 |
| gnarface | some bridge with the physical ethernet, some set up an entirely separate range by default | 02:59 |
| frabbit | oh... | 02:59 |
| gnarface | yea | 03:00 |
| frabbit | ok i look at the router gui... | 03:00 |
| gnarface | so you might not be able to just copy the lines from eth0 to the wlan0 or whatever it's called... you might have to actually change the subnet. check the router gui | 03:00 |
| gnarface | consumer devices are all over the board on this behavior and you can't trust them to "do what's sane" in the best of cases, but you're at an important crossroads in your knowledge level, where the very concept of "do what's sane" is going to become a moving target in your head soon | 03:01 |
| gnarface | if you run "/sbin/route -n" with eth0 as your connection, then run it again after switching to wifi, you can see by the different output if the gateway is correct | 03:02 |
| frabbit | i cant find any information about gateway stuff in the router gui (its a shitty router...) | 03:04 |
| frabbit | /sbin/route -n? ok i will do this now, so im disconnected for a moment | 03:04 |
| gnarface | basically, see how "UG" is on a line that ends with "eth0" ? | 03:06 |
| gnarface | you need to have only one "UG" line, and it needs to be on the device you're actually using, so it'll have to be on a line that ends with the name of your wifi device instead | 03:06 |
| gnarface | this is just a sanity check you can use when you're done to make sure it's right | 03:06 |
| gnarface | there are advanced situations where you might need two gateways simultaneously, but for now just consider that a broken configuration | 03:08 |
| frabbit | back | 03:08 |
| frabbit | so /sbin/route -n has the same gateway on both | 03:08 |
| gnarface | you mean it stays on eth0 even when you switch to wifi? | 03:09 |
| frabbit | but i have no connection so, probably because i need to enter my passphrase somewhere before | 03:09 |
| gnarface | possibly | 03:09 |
| gnarface | too many possibilities for me to know | 03:09 |
| frabbit | so where to enter this? | 03:10 |
| frabbit | in some config file? is there a terminal prompt? | 03:11 |
| gnarface | frabbit: that's the thing, there's nowhere else to put it but /etc/network/interfaces, in this scenario | 03:19 |
| gnarface | frabbit: that's why i suggested trying it by iwconfig instead as a test | 03:19 |
| frabbit | =o ! u mean saving the passphrase in plaintext in interfaces? | 03:22 |
| gnarface | yea, that's why i said to make sure it's not globally readable. but really only root should be able to read it (this is NOT the default) | 03:22 |
| frabbit | what? | 03:23 |
| frabbit | wait | 03:23 |
| frabbit | what the heck?! | 03:23 |
| frabbit | i can cat it into my term here!... o_0 | 03:23 |
| gnarface | the heck indeed | 03:23 |
| frabbit | ok ive runed chmod 600 /etc/network/interfaces | 03:25 |
| frabbit | why is that not root only? | 03:25 |
| frabbit | by default? | 03:25 |
| gnarface | because by default you're not expected to put passwords in there | 03:25 |
| * frabbit wipes his ~/.bash_history | 03:26 | |
| gnarface | remember, this network setup predates wireless networking | 03:26 |
| frabbit | ok | 03:26 |
| gnarface | http://paste.debian.net/1149478/ | 03:26 |
| gnarface | here | 03:26 |
| gnarface | an example using dhcp | 03:26 |
| frabbit | that wpa-psk is the passphrase? | 03:27 |
| gnarface | but in the past i've had to set other stuff, like wpa-driver, wpa-ssid, wpa-pairwise, wpa-group, wpa-key-mgmt, wpa-proto..... all kinds of stuff for less compatible routers | 03:27 |
| gnarface | yes, wpa-psk is the passphrase for wpa and wpa2... note that for wep it's actually something else (and has a different format) | 03:28 |
| frabbit | ok ive wpa2 here | 03:28 |
| frabbit | the only trustable thing as far as i understood... | 03:28 |
| gnarface | yea, nobody is using WEP anymore, i just mention it so you don't get confused looking at really old documentation | 03:28 |
| frabbit | gnarface: thy for the hint =) | 03:29 |
| frabbit | *thx | 03:29 |
| frabbit | ok so i can now add the ssid and the psk and do that thing again i did a few minutes ago right? | 03:29 |
| gnarface | ifup wlan0? | 03:29 |
| gnarface | in theory | 03:30 |
| frabbit | yeah | 03:30 |
| gnarface | make sure it's down first | 03:30 |
| frabbit | yes =) | 03:30 |
| frabbit | brb | 03:30 |
| frabbit | so i can bring it up but and the sticks makes party (led is blinking, that only happens when it is in use, plug it in alone idnt enough), but as it seems i cant use the internet | 03:48 |
| frabbit | i have output of ifup and mesg here | 03:48 |
| frabbit | *dmesg | 03:48 |
| frabbit | and in demsg isnt written foobar becomes ready | 03:48 |
| frabbit | when i use the eth it says at last eth0 becomes ready | 03:49 |
| gnarface | so it starts to handshake and doesn't complete | 03:51 |
| gnarface | there could be a lot of reasons for that, but my first guess would be the static ip is refused by the router | 03:51 |
| gnarface | or maybe the gateway is wrong? | 03:51 |
| gnarface | "... becomes ready" might even be printed if the gateway is wrong though, not sure | 03:51 |
| frabbit | gnarface: how to find ot? | 03:51 |
| frabbit | gnarface: but it wasnt printed for the wlan | 03:52 |
| gnarface | well the first thing i'd do is check the router's GUI to make sure i'm even using the right IP range... | 03:52 |
| gnarface | you could try DHCP to see what it assigns you, then guess from that | 03:52 |
| frabbit | gnarface: ouh... D= the last time i runned dhcp to test something, i couldnt get a connection anymore without it, even after purging it and reboot... | 03:54 |
| frabbit | ingnain the end i had to reinstall devuan.... | 03:55 |
| frabbit | *in the end | 03:55 |
| frabbit | whats whith that first suggest by you? | 03:56 |
| frabbit | right ip range | 03:57 |
| gnarface | frabbit: well, the router will default to some *specific* ip range, and if your static setting is not in that range it won't work. | 04:00 |
| gnarface | frabbit: and that specific ip range may be different for the wireless and wired networks | 04:00 |
| gnarface | i can't tell you much more than that without seeing the router's gui myself | 04:01 |
| frabbit | what do i have to look 4? | 04:02 |
| gnarface | it's probably with or near the wifi and dhcp settings | 04:02 |
| gnarface | i'd expect the manual to mention it | 04:03 |
| gnarface | but i'd also expect you to be able to change it from the gui | 04:03 |
| frabbit | as i said the manual is a three sites comic book... | 04:03 |
| frabbit | gnarface: yeah i can change different addresses there | 04:03 |
| gnarface | you're sure the router supports this wifi device, right? | 04:04 |
| frabbit | zeyes ive used it with my phone | 04:04 |
| gnarface | there can be different types of wireless... 802.11b, 802.11g, 802.11n, etc etc | 04:04 |
| frabbit | *yes | 04:04 |
| frabbit | in replicant u need an external wifi device | 04:04 |
| frabbit | and ive used that device that im using atm on my laptop | 04:05 |
| frabbit | i have no other either | 04:05 |
| gnarface | i'm sure it works with your phone, but that's not what i asked, i asked if you're sure THIS wifi device works with the router (the one you're trying to get working in the linux box right now... it's been used with this router before? yes or no?) | 04:05 |
| frabbit | yes | 04:05 |
| frabbit | i have only one router | 04:05 |
| gnarface | ok | 04:05 |
| frabbit | so i use that router for my phone too | 04:06 |
| gnarface | when you try to get it to connect, how long do you wait? | 04:06 |
| frabbit | ok i also have a libre router, but i couldnt get that thing to work before... | 04:06 |
| frabbit | the phone? | 04:06 |
| gnarface | no, the linux box | 04:06 |
| frabbit | the laptop u mean? | 04:06 |
| gnarface | yes | 04:06 |
| frabbit | with eth or wlan? | 04:07 |
| gnarface | wlan... might take 60 seconds | 04:07 |
| gnarface | usually it's much faster but it could take up to a minute | 04:07 |
| frabbit | oh ok didnt know this o_0 | 04:07 |
| frabbit | i quit after 10 seconds or so ^_^ | 04:07 |
| frabbit | so i try again | 04:07 |
| gnarface | when it works you should be able to ping the gateway | 04:07 |
| frabbit | oh i pinged my webmailer | 04:08 |
| frabbit | but that didnt worked | 04:08 |
| frabbit | so wait a minute and ping the gateway address ok got it | 04:08 |
| frabbit | brb | 04:08 |
| frabbit | ok ive waited some minutes adn treid several times | 04:33 |
| frabbit | doesnt work | 04:33 |
| frabbit | with ping i get: Destination Host Unreachable | 04:34 |
| frabbit | so.. should i share pictures of the router webgui now? | 04:35 |
| frabbit | maybe there are some templates somewhere... but you said: 02:49 < gnarface> the wifi router itself, yea don't tell people the model of that unless it's desperate | 04:37 |
| * frabbit sighs | 04:38 | |
| frabbit | desperate house routers... | 04:38 |
| gnarface | frabbit: yea i was just saying that because if it turns out it something with known vulnerabilities you don't want everyone knowing that's all that stands between you and the internet | 04:42 |
| gnarface | frabbit: i'm sorry though, i'm out of ideas. mabye if i saw the interface i could guess, but it's no guarantee | 04:43 |
| gnarface | frabbit: i think there's still a 50% chance it's some simple mistake i have forgot to warn you about | 04:43 |
| gnarface | frabbit: does dmesg say anything interesting while you're waiting for it to connect? | 04:44 |
| frabbit | ah i didnt checked... | 04:44 |
| frabbit | hm i dunno =( | 04:46 |
| frabbit | i dont understand the output | 04:46 |
| frabbit | i will censor the numbers and paste it | 04:46 |
| gnarface | ok | 04:46 |
| frabbit | gnarface: i pm it to you | 04:54 |
| frabbit | ok | 04:56 |
| gnarface | oh man | 04:56 |
| gnarface | i'm sorry dude, looks like a bug. but maybe get real close to the router and see if it says? | 04:57 |
| gnarface | important part is... first it says authenticated, then associated, then deauthenticating Reason: DEAUTH_LEAVING... | 04:57 |
| gnarface | which i'm guessing means it thinks you logged off | 04:57 |
| gnarface | if it immediately logs you off thinking you logged off, that sounds like a known bug i've heard of | 04:58 |
| frabbit | "but maybe get real close to the router and see if it says?" err.. what? | 04:58 |
| gnarface | oh, i think maybe also could be a signal issue | 04:58 |
| gnarface | or some other interference | 04:58 |
| frabbit | hm i think the last one is when i run ifdown on the wlan | 04:58 |
| gnarface | oh, that is you actually doing it then? if so then, from this it just seems like it's working | 04:59 |
| gnarface | there's no sign of an error here in that case | 04:59 |
| gnarface | i'm still outta ideas | 04:59 |
| gnarface | really might be the ip range thing... | 04:59 |
| frabbit | gnarface: i think so i didnt looked at dmesg before run ifdown | 04:59 |
| gnarface | i'm going afk for a while but i'll be back later if you come up with any more evidence | 05:00 |
| frabbit | ok ty to here =) | 05:00 |
| frabbit | no: ty so far | 05:01 |
| frabbit | and ty leo.org xD | 05:01 |
| frabbit | i will stay in irc while im sleeping, i need to run badblocks anyway, so cant turn off the machine | 05:03 |
| frabbit | there was a vulnerability in gpg 2018: CVE-2018-12020 and here https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html is said that version 2.2.8 fixed that bug. Devuan ascii has version 2.1.18. were that security fixes backported to versions wich are older then 2.2.8 or how was that handled? | 06:09 |
| leafwiz | Hey | 09:23 |
| leafwiz | My loggs are spammed with: May 29 09:23:22 sk-nms-zabbix brltty[605]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device | 09:24 |
| leafwiz | Of flooded with :) I saw there was a bug filed to Debian, but it seemed there where no resolution | 09:24 |
| leafwiz | https://lists.debian.org/debian-accessibility/2016/11/msg00092.html | 09:25 |
| leafwiz | Do you guys know about this? | 09:25 |
| leafwiz | I guess the solution is just to disable brltty | 09:26 |
| enyc | Hrrm... Beowulf desktop weirdness not yet understood.... | 13:38 |
| enyc | had both "caja" and "soffice" in 100% CPU (i.e. loops) until killed and restarted ... wondering if somegui library / interaction causes this... | 13:39 |
| frabbit | anyone about the gpg vulnerability? | 15:41 |
| frabbit | i dont understand how these things handeled. does the version not matter? | 15:42 |
| enyc | frabbit: normally debian patch packages rather than changing whole verison , in most cases, but exceptions exist | 15:42 |
| enyc | frabbit: normally devian passes most debian packages stragiht through to devuan users | 15:42 |
| frabbit | and how can i see if that security patch is in a specific version of a programm? | 15:43 |
| frabbit | i know that normally the third number of a version number is the patch number | 15:45 |
| frabbit | so here at my devuan ascii gpg 2.1.18 means there was 18 patches since version 2.1 | 15:46 |
| frabbit | but gpg project says that they fixed that SigSpoof issue in version 2.2.8 | 15:46 |
| frabbit | so... | 15:46 |
| frabbit | its totally confusing | 15:46 |
| frabbit | is some of the 18 patches in devuans 2.1 gpg identically with the patch 8 in gpg 2.2? | 15:47 |
| frabbit | how to identify that? | 15:47 |
| frabbit | when theres a changelog for gpg it will say the patch came with 2.2.8 | 15:48 |
| frabbit | https://security-tracker.debian.org/tracker/CVE-2018-12020 | 15:52 |
| frabbit | so.. is this the fixed gpg version in debian: https://security-tracker.debian.org/tracker/DSA-4224-1 | 15:55 |
| frabbit | 1.4.18-7+deb8u5 | 15:55 |
| frabbit | its not really evident to me... and even for no one who is not a dev or geek or whatever.. its confusing | 15:58 |
| frabbit | i mean if theres a news that says we fixed xy in distro xy thats easy to understand. | 15:59 |
| fsmithred | does gpg still work? | 15:59 |
| frabbit | fsmithred: huh? o_0 | 16:00 |
| fsmithred | Here, it seems to be broken more often than not. | 16:00 |
| frabbit | for me its working | 16:00 |
| fsmithred | do you know a keyserver that really exists and works? | 16:00 |
| frabbit | oh that doesnt work for me too | 16:01 |
| frabbit | i always download keys manually | 16:01 |
| frabbit | from websites | 16:01 |
| fsmithred | I used to use pgp.mit.edu but it doesn't seem to work any more. | 16:01 |
| frabbit | fsmithred: do u know where in that debian versin number i can see the patch 8 from ggp 2.2? | 16:02 |
| fsmithred | not sure what you're asking. You linked a page that shows a fix applied to an older version of gnupg. | 16:04 |
| frabbit | i mean stable debian was jessie when that fix came and it had a different version number, because programs in stable are always older then the newest release of that program. | 16:05 |
| frabbit | but shouldnt there a unified indicator for such fixes that is evidend for all kind of versions of a program no matter what distro? | 16:06 |
| frabbit | fsmithred: there was this SigSpoof vulnerability in gpg 2018 | 16:06 |
| frabbit | gpg team fixed that with 2.2.8 | 16:07 |
| frabbit | the version number of the version gpg was in debian stable at that time seems to be 1.4.18 | 16:08 |
| fsmithred | look at the page for the CVE | 16:08 |
| frabbit | fsmithred: yeah ive done this and its confusing | 16:08 |
| fsmithred | what cve is it? I see two for 2018 | 16:08 |
| frabbit | CVE-2018-12020 | 16:09 |
| fsmithred | https://security-tracker.debian.org/tracker/CVE-2018-12020 | 16:10 |
| fsmithred | appears to be fixed in jessie | 16:10 |
| DNied | fsmithred: I use hkp://keyserver.ubuntu.com -- no problems | 16:10 |
| fsmithred | but enigmail is not | 16:10 |
| frabbit | 15:50 < frabbit> https://security-tracker.debian.org/tracker/CVE-2018-12020 | 16:10 |
| frabbit | ive posted that link already | 16:11 |
| frabbit | thats not the point | 16:11 |
| frabbit | i mean there should be an indicator in the versionnumber itself that shows if all available security fixes are in that specific version or not | 16:12 |
| frabbit | for example | 16:12 |
| fsmithred | how the hell would they know that? | 16:13 |
| frabbit | gpg 2.2.8 was the the gpg version that came with that fix for the SigSpoof issue | 16:13 |
| fsmithred | read the changelog for the package to see when specific bugs are closed | 16:13 |
| frabbit | at this tim the gpg version in debian stabel was 1.4 | 16:13 |
| frabbit | at that day debian bring that fix to their old version of gpg it was marked as the patch 18 of their gpg version 1.4 correct? | 16:14 |
| frabbit | but there should be a suffix that indicate this fix | 16:15 |
| fsmithred | I don't know about patch numbers, but I can see that they did patch the 1.4 version | 16:15 |
| fsmithred | the suffix indicates the iteration of the update | 16:15 |
| frabbit | for example -s8 for the patch in gpg 2.2 | 16:16 |
| frabbit | so the debian version should named 1.4-s8 | 16:16 |
| fsmithred | you asking to change the package naming conventions | 16:16 |
| frabbit | yes | 16:16 |
| fsmithred | deb8u5 means jessie, fifth update of this package | 16:16 |
| frabbit | or im asking why they are so confusing | 16:16 |
| frabbit | yeah thats what i know | 16:17 |
| fsmithred | because it's the debian way? | 16:17 |
| onefang | Some package updates include a LOT of security bug fixes. That wouldn't work to include that info in the version number. | 16:17 |
| onefang | Read the release notes. | 16:17 |
| frabbit | onefang: why? | 16:17 |
| onefang | There's even an apt add on that makes that very easy. | 16:17 |
| onefang | So you can find the information you want to somehov encode in the version numbers. | 16:18 |
| frabbit | every new fix could just add the number the devs of the programm used as their patch number | 16:18 |
| onefang | And if there's a dozen patches? | 16:18 |
| frabbit | -s6472829 | 16:18 |
| frabbit | is there a lack of space in a line= | 16:19 |
| frabbit | ? | 16:19 |
| frabbit | -s6472829 would be 6 million patches... | 16:19 |
| frabbit | its still short, 7 letters | 16:19 |
| frabbit | deb8u5 is six letters | 16:20 |
| onefang | Why would that be less confusing that reading actual descriptions in release notes? | 16:20 |
| frabbit | onefang: because every distro has its own | 16:20 |
| frabbit | so for a specific distro i need to check their specific release page on foobar.somewhere.org | 16:21 |
| frabbit | instead of just running the version option with that program | 16:21 |
| frabbit | gpg --version | 16:21 |
| onefang | Nope. | 16:21 |
| frabbit | onefang: what nope? | 16:21 |
| onefang | Install apt-listchanges, and it will show you the release notes when you update a package. This will include CVE numbers and actual descriptive text. With an option to email it to you once installed. | 16:23 |
| fsmithred | the version number will have the cve numbre of every patched vulnerability? | 16:23 |
| frabbit | if gpg releases a security fix and use the naming convention -s123 every distro could just add that suffix to its package version number as it adds that patch | 16:23 |
| frabbit | debian: gpg --version 1.4-s123 -- arch: gpg --version 1.9-s123 and so on... | 16:24 |
| frabbit | onefang: ok interessting didnt know that | 16:24 |
| frabbit | onefang: but not every distro have apt | 16:25 |
| onefang | So you get MyGreatPackage-1.4-s123-s456-s789-s485-s23763-s13487697654-s12354854 | 16:25 |
| frabbit | onefang: no | 16:25 |
| onefang | Yes, coz not all packages get these patches applied all at once, some distros pick and choose. | 16:25 |
| frabbit | gpg 2.2-s123 means the 123 security patch for that program, no matter what version (2.2 here) it has | 16:26 |
| onefang | And CVE numbers are the industry standard for numbering these things. They are longer than s123. | 16:26 |
| frabbit | the hundred and twenty-three patch for that program since the first version of that program was released | 16:26 |
| frabbit | *security-patch | 16:26 |
| onefang | Things don't work like that. This is what we are trying to tell you. | 16:27 |
| onefang | Ther are multipel patches, NOT | 16:27 |
| frabbit | onefang: no u dont understand me | 16:27 |
| frabbit | 16:23 < onefang> So you get MyGreatPackage-1.4-s123-s456-s789-s485-s23763-s13487697654-s12354854 | 16:27 |
| frabbit | that indictaes that... | 16:27 |
| onefang | There are multiple patches, NOT just a single patch that includes everything. | 16:27 |
| frabbit | *facepalm* | 16:27 |
| frabbit | i didnt said that | 16:27 |
| frabbit | if theres a security issues it will be patched correct? | 16:28 |
| frabbit | *issue | 16:28 |
| onefang | There will be one or more patches for EACH security issue. | 16:28 |
| frabbit | yeah | 16:28 |
| frabbit | so for example theres security issue foobar | 16:29 |
| frabbit | and the actual version of the affected version ist 1.2 | 16:29 |
| frabbit | the fix needs 3 patches | 16:29 |
| frabbit | then the version would called 1.2-s3 after the patches | 16:30 |
| onefang | And the other six security issues? | 16:30 |
| frabbit | -sSUMMARY-OF-SECURITY-PATCHES-HERE-THE-PROGRAM-GOT-SINCE-ITS-FIRST-RELEASE | 16:30 |
| frabbit | onefang: after 1.2-s3 there come 6 new patches u mena? | 16:31 |
| frabbit | *mean | 16:31 |
| onefang | MyGreatPackage-1.4-s123-s456-s789-s485-s23763-s13487697654-s12354854 It gets unwieldy very quickly. | 16:31 |
| frabbit | 1.2-s9 would be the most up to date version then | 16:31 |
| frabbit | dude... | 16:31 |
| frabbit | read me posts! | 16:31 |
| onefang | Read mine. ;-P | 16:32 |
| frabbit | *my | 16:32 |
| frabbit | i do so i can tell that u do not undertstand! | 16:32 |
| onefang | You are assuming that all distros apply all patches in the exact same order. | 16:32 |
| onefang | It doesn't work like that. | 16:32 |
| frabbit | if theres a security issue the distro will include the fix from the devs of a program | 16:33 |
| fsmithred | not always | 16:33 |
| frabbit | fsmithred: yes | 16:33 |
| frabbit | and thats the point | 16:33 |
| fsmithred | some vulnerabilities are left unpatched | 16:33 |
| frabbit | with a unified suffix for the security fixes in the version number u could easily see that | 16:34 |
| frabbit | "look distro xy still has -s123 but newest is -s124" | 16:35 |
| fsmithred | I'm not getting how that would be easy | 16:35 |
| fsmithred | what's 124 mean? | 16:35 |
| fsmithred | what's 3? | 16:35 |
| fsmithred | that's on another chart somewhere | 16:35 |
| frabbit | the 124 security patch of that program | 16:35 |
| fsmithred | I need a table to convert CVE to single digit patch | 16:36 |
| onefang | And how does this 3 relate to the CVE you just read about in an article? | 16:36 |
| frabbit | cve doesnt matter | 16:36 |
| fsmithred | ??? | 16:36 |
| onefang | CVEs matter to the rest of the world. That IS the unified numbering system you want us to reinvent. | 16:36 |
| frabbit | gpg devs see "oh theres a security problem" they make a fix | 16:37 |
| frabbit | it doesnt matter to the version number | 16:37 |
| onefang | Exactly our point. | 16:37 |
| frabbit | fine | 16:37 |
| fsmithred | the CVE number is how you find the description of the vulnerability | 16:37 |
| onefang | That's why they mention CVEs in release notes. B-) | 16:37 |
| frabbit | i didnt offered that | 16:37 |
| fsmithred | or any other discussions about how to fix it | 16:37 |
| frabbit | fsmithred: i know | 16:38 |
| frabbit | onefang: i know too | 16:38 |
| onefang | No, you offered a long string of random random digits in version numbers that are as meaningless as what you are trying to replace. It's no less confusing, which was your initial issue. | 16:39 |
| frabbit | my point is to see with just a --version option if a program is up to date with the available security fixes for that program (not up to date with the newest features of that program) | 16:39 |
| frabbit | onefang: no tahts what u still think | 16:39 |
| frabbit | how many security patches has gpg got since its first release? | 16:40 |
| frabbit | i need a number | 16:41 |
| onefang | And how many of those may or may not have been applied to the three year old version in ASCII, with some being skipped for good reasons? Which would completely invalidate simply reporting a count. | 16:41 |
| frabbit | onefang: "skipped for good reasons" ? | 16:42 |
| frabbit | skip a security fix for good reasons? o_0 | 16:42 |
| onefang | Didn't apply security issue 123, coz that only applies to a bug introduced in a later version, but we included 124, coz that applies. | 16:42 |
| frabbit | hmm... | 16:43 |
| frabbit | thats a point then finally | 16:43 |
| * onefang smiles and heads to bed. | 16:43 | |
| frabbit | but then still one could use the -s suffix | 16:44 |
| frabbit | its then for all distros with that specific release version of that program | 16:44 |
| onefang | It'll be up to you to convince ALL the developers to include that in their --version output. Good luck. | 16:45 |
| frabbit | so programm-1.4-s3 in debian would be the same as programm-1.4-s3 in arch, but different from programm-1.5-s3 in gentoo or something... | 16:45 |
| fsmithred | and you realize that it's useless to talk to us about it, because we have no power to change it. | 16:46 |
| frabbit | onefang: i wont. but it would be easier to see if a program has newest security fixes, without visting a website first.... | 16:46 |
| frabbit | fsmithred: i didnt want "you" to change it =D | 16:47 |
| frabbit | all taht talk started because of my confusion about that fix for the SigSpoof issue | 16:47 |
| frabbit | in gpg | 16:47 |
| frabbit | its a bit meta about that topic anyway.... | 16:48 |
| frabbit | about how far we can get to get a more default gnu/linux without loosing diversity... | 16:49 |
| onefang | This horse is dead, ride it over to #debianfork, and don't forget to shut the stable door behind you. So I don't have to wake up to 100 messages on this subject while I see if there's any Devuan support questions I can give some input to. | 16:49 |
| frabbit | onefang: whatever... | 16:50 |
| frabbit | gnarface: badblocks runned when i was sleeping. i have three times "done" here now without errors, can i stop it? its still running... | 16:51 |
| frabbit | 12:08 elapsed | 16:52 |
| frabbit | thats hours not minutes | 16:52 |
| frabbit | will the the terminal output of a program saved in some system log or any other system file (not program specific) by default? | 16:58 |
| frabbit | for example pass give me the passphrase i asked for as a terminal output... even after running "reset" i can read that passphrase... | 16:59 |
| frabbit | by scrolling back | 17:00 |
| frabbit | i would prefer some sandbox output taht will be deleted after some time | 17:01 |
| frabbit | *that | 17:01 |
| spuria | IDK what you'r doing, but SOME programs saves log, usually demons like nginx, openssh, or others. in normal conditions I can't recall a single program that could store a password in a log. the output of cli programs it's NOT usually stored (some terminal emulators do saves encrypted tmp outuput files that are deleted at some point, but they tells you that and I don't think you'r using one of those) | 17:05 |
| frabbit | spuria: yeah program specific logs is not what i ment | 17:06 |
| frabbit | i ment general logs (something like dmesg, yes i know terminal output is not tehre, but it logs alot of stuff not just from one specific program) | 17:07 |
| frabbit | and what is that scroll back thing? | 17:07 |
| frabbit | i use stterm | 17:07 |
| spuria | normally the only thing that is saved on terminal is what you type as a command, and you can see it (and modify/delete it) in .bash_history | 17:08 |
| frabbit | i can srollback to where my passphrase was outputted by "pass foobar.website" even after hours... | 17:08 |
| frabbit | spuria: yeah i know | 17:08 |
| frabbit | but thats input | 17:09 |
| frabbit | spuria: do u use pass? | 17:09 |
| spuria | in another terminal session do you still see the password? | 17:13 |
| frabbit | spuria: will try | 17:14 |
| frabbit | no | 17:15 |
| spuria | can you explain why? | 17:15 |
| frabbit | i closed it and opened another one | 17:15 |
| frabbit | but there i cant scroll back | 17:16 |
| frabbit | spuria: no i cant =D | 17:16 |
| frabbit | will the terminbal output deleted or even overwritten after i close the terminal? | 17:17 |
| spuria | that's the output, there's no need to save it from session to session, but it's coveniently stored in the same session for you to scroll it up to see it again, but it's gone when you close the session | 17:19 |
| frabbit | or is terminal output only in the ram and after i close the terminal the ram marks it as deleted, use it for other things? | 17:19 |
| frabbit | spuria: oh! where is it stored? | 17:20 |
| spuria | something like the second one you sayd | 17:20 |
| frabbit | the ram | 17:20 |
| frabbit | lol "something" is tehre something else like the ram? =D | 17:21 |
| spuria | yes, it's temporary, the output it's not written (again, usually) anywhere in a persistent way | 17:21 |
| frabbit | i see. but in theory my passphrase stays in the ram until it will be overwritten with otehr data right? | 17:22 |
| frabbit | even if i end the session or shut down but laptop has still power connection | 17:23 |
| frabbit | or is the temporary stored terminal output in ram encrypted? | 17:23 |
| spuria | http://tldp.org/ | 17:25 |
| spuria | well, this in italian, could be better: http://a2.pluto.it/a2/a21.htm | 17:28 |
| frabbit | =/ | 17:29 |
| frabbit | first is a genaral guide page, second only for people who understands italian... | 17:29 |
| frabbit | spuria: so u dont know | 17:30 |
| spuria | no I don't, i'm looking for a good class on computer science, and i think this is not the place where i'll find it | 17:31 |
| frabbit | ... | 17:32 |
| frabbit | is that a hint that i should visit such a class? | 17:32 |
| spuria | nope, talking about myself | 17:32 |
| frabbit | spuria: okay =) | 17:33 |
| frabbit | if i would pipe the output of pass into a txt file and then wipe the textfile, would taht be a good solution? | 17:34 |
| frabbit | i mean is there still first invisible output on the terminal that is visible in the ram? | 17:35 |
| golinux | frabbit: Good grief. I just had to wade through how many lines of babble for . . . nothing. | 17:59 |
| golinux | Next time take it to #DEBIANFORK as onefang suggested. | 17:59 |
| frabbit | golinux: the begin of this ws a question that was devuan specific | 18:13 |
| frabbit | how to ask a question that belongs to that in a channel where the other users who are at devuan cant be found? | 18:14 |
| frabbit | #debianfork is pretty empty | 18:15 |
| frabbit | so not all users who are in #devuan are in #debianfork too... | 18:15 |
| frabbit | even #debian has no log website, so others who are not in #debianfork cant follow when the users continous the (sub)topic in a channel where they are not | 18:16 |
| frabbit | *#debianfork | 18:17 |
| frabbit | also yesterday i joined #debianfork there was a video posted showing police violence... i dont want to see that | 18:18 |
| frabbit | #debianfork should be for computer near stuff only. i dont sit on my pc learning computer things to see then the same politic shit that i see every day everywhere else... | 18:20 |
| frabbit | golinux: sorry i will try harder to split such discussions from now on | 18:20 |
| furrywolf | why is someone complaining about being told what is on-topic trying to tell others what is on-topic? | 18:21 |
| frabbit | but when people in #debianfork will post hard stuff like that yesterday i will have to block them to avoid me seeing their posts... what sucks because maybe they could help me with computer questions... | 18:22 |
| * ErRandir got rid of systemd in 2015 so reading #debianfork is like watching the history channel... | 18:28 | |
| MinceR | :> | 18:32 |
| scaniatrucker | frabbit: #debianfork is a place for more social interactions between community members. | 19:33 |
| frabbit | scaniatrucker: hi. | 19:34 |
| frabbit | xD | 19:35 |
| golinux | frabbit: History . . . #debianfork is where we gathered before Devuan existed. We were forking Debian! | 20:10 |
| frabbit | totally forgot that i need to stay here.. =( | 20:37 |
| frabbit | gnarface: badblocks is done now. i got no errors and the file is empty. | 20:37 |
| frabbit | im running now dd on it again adn its already over 500mb =) | 20:41 |
| frabbit | *and | 20:41 |
| mcr | I think that we need to add something to /usr/share/python-apt/templates so that add-apt-repository will be happy. I am cp'ing the Debian files to see if that works. | 20:55 |
| mcr | Oh, I had to add beowulf to the Debian.info file. ick. | 20:57 |
| golinux | frabbit: History for future reference . . . #debianfork is where we gathered before Devuan existed. We were forking Debian! | 21:04 |
| frabbit | golinux: i know that. | 21:14 |
| Hum | I installed info2www (and dwww) and lighttpd | 21:21 |
| Hum | http://127.0.0.1/info2www/infodoc.png isn't found | 21:21 |
| Hum | It is in /var/lib/info2www/infodoc.png . /etc/lighttpd/conf-enabled/90-debian-doc.conf is enabled, but info2www is not mentioned there | 21:22 |
| Hum | Any hints= | 21:22 |
| Hum | OK, found it in /usr/share/doc/info2www/README.Debian: it has to be manually configured | 21:27 |
| gnarface | frabbit: alright, well glad it's working now. i can't tell you why dd didn't work in that case though. i can only assume user error... like maybe /dev/urandom was linked to /dev/random for some reason, and you were running dry of entropy at 95MB, or something like that. i could only speculate. | 23:17 |
| frabbit | gnarface: nah im running the same command atm... | 23:18 |
| frabbit | anzwaz thx for zour advice cause now its running | 23:18 |
| gnarface | no problem | 23:19 |
| frabbit | *anyway *your | 23:19 |
| * frabbit wishes himself a keyboard where every letter has its own key and has the same layout with all latin languages | 23:20 | |
| fsmithred | lol | 23:20 |
| frabbit | fsmithred: =) | 23:20 |
| * fsmithred wishes he could find the pipe character on it_IT layout | 23:21 | |
| frabbit | hmm left from y and pressing alt-gr? | 23:22 |
| frabbit | thats with german layout | 23:22 |
| fsmithred | dunno. I'm not there now, so I can't try it. | 23:22 |
| fsmithred | oh | 23:22 |
| fsmithred | probably different | 23:22 |
| frabbit | yeah xD | 23:22 |
| MinceR | https://i.pinimg.com/originals/f4/06/31/f40631f830920eb21cdfba17314cfc29.jpg | 23:23 |
| fsmithred | I only go there to make sure it's possible to boot into other languages | 23:23 |
| frabbit | look at commons for pictures of keyboards | 23:23 |
| frabbit | but thats #debianfork | 23:24 |
| frabbit | (off topic expert talks...) | 23:24 |
| fsmithred | foot pedals??? | 23:25 |
| frabbit | ah cant change the rooms here on tty... D= | 23:25 |
| fsmithred | pretty sure irssi will let you do that | 23:26 |
| fsmithred | but I don't know how | 23:26 |
| * frabbit is at debianfork now and tell the people how to do that xD | 23:29 | |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!
