gnarface | so when it says "*_netinstall.iso" it means the files with names ending in "_netinstall.iso" from that directory | 00:00 |
---|---|---|
gnarface | and the integrity check is just not supported by windows, you'll have to find documentation elsewhere and translate those commands yourself, sorry (i didn't do that either) | 00:01 |
gnarface | the verification steps aren't necessary to get a working install, those are just for your security | 00:03 |
gnarface | and if you're using the live image you don't have to pay attention to any of this you can just click the install button | 00:03 |
gnarface | but that does put you at risk from forged installers, so that's why there's all these extra checks available | 00:04 |
Guest7843 | well, what i did was d/l ISO image (devuan_chimaera_4.0.0) from a page geographically close (enough) to me, then i etched (?) that ISO image onto a flash drive, then on another computer i used live devuan to install devuan onto that other computer | 00:06 |
Guest7843 | so, it seems like i got the install. now, i just want to make sure that i got a secure copy, one that wasn't a "forged installer" so to speak | 00:07 |
gnarface | ah | 00:08 |
gnarface | well from that linux box, you can run those commands as shown | 00:08 |
gnarface | the part that says "user@hostname:~$" is just an example command-prompt. that's not part of the command. just copy&paste the rest of the lines, after the $ | 00:12 |
Guest7843 | okay, so from that new linux box, do the following? d/l SHA256SUMS from https://files.devuan.org/ . then, in terminal do: sha256sum --ignore-missing -c SHA256SUMS . then, in terminal, do: gpg --import devuan-devs.gpg . then, in terminal, do: gpg --verify SHA256SUMS.asc | 00:12 |
gnarface | no no, it means | 00:12 |
gnarface | the installer-iso directory | 00:12 |
Guest7843 | https://files.devuan.org/devuan_chimaera/installer-iso/ ? | 00:13 |
gnarface | SHASUMS is in the same subdirectory you get the ... yea | 00:13 |
gnarface | that one | 00:13 |
gnarface | that part of the instructions is meant to be release generic i guess but it's probably just confusing, sorry | 00:13 |
Guest7843 | eh, no need to apologize. i'm probably just dense, lol | 00:15 |
gnarface | you were smart enough to ask instead of just give up, that puts you ahead of most | 00:15 |
Guest7843 | so, after i d/l the SHA256SUMS.asc from the installer-iso directory, i can run those other commands: sha256sum --ignore-missing -c SHA256SUMS . THEN: gpg --import devuan-devs.gpg . THEN, in terminal, do: gpg --verify SHA256SUMS.asc | 00:18 |
gnarface | yea | 00:20 |
gnarface | obviously implied is that you run those commands in the same directory you downloaded the files to | 00:20 |
Guest7843 | yup, that makes sense. | 00:21 |
Guest7843 | also, i ran update/upgrade before on the other computer with devuan. will that affect the commands above in any way? like, did update/upgrade affect the OS (or ISO image or whatever) enough that i'll get "different" results? | 00:23 |
Guest7843 | in the other computer with devuan, i d/l SHA256SUMS, then in terminal did: sha256sum --ignore-missing -c SHA256SUMS | 00:28 |
Guest7843 | output: no file was verified | 00:28 |
gnarface | hmmm | 01:02 |
gnarface | i don't think it should have changed enough to affect anything, if Guest7843 comes back tell them that | 01:03 |
gnarface | but also that it probably assumes the files listed IN that SHA256SUMS file are also present in the directory | 01:03 |
lyubov_ | my install of Devuan chimaera via expert install and without shadow passwords, and with user account, did not allow root login. This is not via ssh but on the actual machine. Is this a known issue, i saw some suggestions of turning shadow passwords on to allow for root login? | 03:10 |
rwp | lyubov_, What was the error logged in /var/log/auth.log when root could not log in? Because it seems that it should be able to do so. | 05:00 |
rwp | Also I would want to manually verify that the password went into /etc/passwd when installing shadowless. | 05:00 |
rwp | But why avoid /etc/shadow? It's been in use for decades without problem. | 05:00 |
lyubov_ | as i wasn't able to get root, i had no read access to /var/log/auth.log | 05:04 |
lyubov_ | yeah, i will use shadow passwords going forward, that might be the issue | 05:05 |
lyubov_ | i don't have a good reason for not using it | 05:05 |
rwp | I myself would definitely use a shadow file. I did not realize there was an expert install option to avoid it! | 05:09 |
rwp | How did you install? Did you use a standard ISO? If so then those make great rescue disks. Boot it into rescue mode. Then you can set a new password and that will assuredly work. | 05:10 |
rwp | Plus booting the into rescue-mode you will be root in the rescue system. And therefore root in your newly installed system. And can look at the logs. | 05:10 |
lyubov_ | got it, thanks for the advice | 06:08 |
lyubov_ | and i used the netinstall iso | 06:09 |
Xenguy | You an awesome rocker! | 06:18 |
systemdlete | ubuntu claims their whois works for ipv6. I can't figure out how to do this on devuan. Clue please? | 13:38 |
systemdlete | (thanks) | 13:38 |
fsmithred | systemdlete, | 13:47 |
fsmithred | whois 2607:f8b0:4006:80e::200e | 13:47 |
systemdlete | I tried that. | 13:47 |
fsmithred | works here (chimaera) | 13:47 |
fsmithred | did you get an error message? | 13:48 |
systemdlete | well, I am trying one of those fe80 addresses | 13:48 |
systemdlete | fe80 is local, right? | 13:48 |
fsmithred | I don't know | 13:48 |
systemdlete | you are right fsmithred. Ijust should have picked a valid public address, that's all. | 13:49 |
systemdlete | private range ipv6 addresses will be just like ipv4 | 13:49 |
systemdlete | I was examining the garbage being shot at my WAN port just for kicks, just to see what people are doing out there. | 13:50 |
systemdlete | They are sending packets with bogus source addresses, maybe just to create traffic, idk. | 13:50 |
ShorTie | if you bridge in you get alot less garbage i do believe | 13:51 |
systemdlete | ShorTie: ? | 13:51 |
brocashelm | works here (ceres) | 13:51 |
systemdlete | brocashelm, fsmithred, ShorTie: works here also (beowulf) | 13:51 |
systemdlete | The problem was that I didn't check the address carefully. It's a private range or local address that wouldn't be in the public DNS | 13:52 |
mns` | Good morning (at least is morning here in Brasil) | 13:52 |
systemdlete | And I don't have my resolvers here set up for ipv6 yet. (upcoming project) | 13:53 |
systemdlete | so, my bad... (as usual) | 13:53 |
fsmithred | hi mns`, welcome. If you have a question, just ask. If you'd like to socialize, checkout #devuan-offtopic. | 13:57 |
systemdlete | devuan just keeps getting better. I'll be upgrading to chimaera in the near future. | 13:59 |
systemdlete | (unless daedalus happens first) | 14:00 |
fsmithred | daedalus won't happen for a long time. We just released chimaera. | 14:05 |
systemdlete | someone uttered here that daedalus might come right on chimaera's heels. | 14:06 |
fsmithred | is bookworm anywhere near freeze yet? | 14:06 |
brocashelm | fsmithred: https://release.debian.org/bookworm/freeze_policy.html | 14:06 |
brocashelm | so, not until 2023 at the earliest | 14:07 |
fsmithred | brocashelm, thanks | 14:07 |
brocashelm | no problem | 14:08 |
fsmithred | there are daedalus netinstall isos for testing purposes | 14:08 |
brocashelm | nice | 14:09 |
brocashelm | i'll download it | 14:09 |
fsmithred | oh, all installer isos it looks like | 14:09 |
systemdlete | thanks for that info. So I will definitely be upgrading to chimaera. | 14:09 |
brocashelm | on ceres and going for almost two years here, but only reason i'd keep a beowulf machine at this point is for xfce 4.12 (before the massive bloat) | 14:10 |
fsmithred | hm.. somebody made directories for desktop-live and minimal-live but they are empty. I guess that's a hint. | 14:10 |
systemdlete | brocashelm, thanks for that heads up. Are there any decent, full-featured desktops besides xfce that are not bloating? | 14:11 |
brocashelm | btw, is there a way to display refracta's ascii art via neofetch? i've tried messing with /etc/os-release and /etc/lsb-release files, but no dice (only change was a generic tux ascii) | 14:11 |
systemdlete | It is so sad to see what is happening to linux... | 14:12 |
fsmithred | I forget how to display the refracta logo, and it might not be in the iso. | 14:12 |
systemdlete | I guess the hardware manufacturers make more money as software bloats, so it is better for them. | 14:12 |
fsmithred | I'd have to look around to find it, and it might be out of reach right now. Or check at the old forum - I think you can find it there. | 14:12 |
brocashelm | systemdlete: probably mate if you're old school, or else kde plasma (most customizable). i used a little bit of lxqt (branched from lxde) and it was ok (kinda didn't like the pulseaudio dependency) | 14:12 |
systemdlete | lxqt had some issues for me. | 14:13 |
systemdlete | It seemed to be missing stuff. | 14:13 |
systemdlete | and, iirc, it might have been unstable but I forget exactly why I dropped it. | 14:13 |
systemdlete | kde is a beast | 14:13 |
brocashelm | in general, desktop environments are a dime-a-dozen when it comes to stability, and xfce was the least crap one for the longest time. i'd recommend checking out "xfce classic" before you upgrade to chimaera, since you might not like the gn*me csd bullshit being enforced (xfce classic forks libxfce4ui packages) | 14:14 |
brocashelm | i would consider mate, then. openbox is a lot lighter than xfwm4 as a wm | 14:14 |
av6 | i didn't notice xfce having bloat in 4.16, but what i did notice is a xfce4-panel bug that makes the window buttons go out of sync, and it happens pretty often for me | 14:14 |
systemdlete | I loved the look and feel of mate, but that one also had issues. | 14:14 |
av6 | so sometimes the only way to access certain windows is alt-tab | 14:15 |
brocashelm | my xfce now always starts at 400-500 mb, even if i sanitized startups (except for essentials) | 14:15 |
brocashelm | before, i could get it to 250-300 mb | 14:15 |
brocashelm | even when i boot a fresh refracta chimaera iso, it starts at 400-500 mb, so i know it's not on me | 14:15 |
systemdlete | I'm using lxde on a couple of beowulf VMs. They seem to work OK, but I occasionally notice latency and after several weeks of uptime, they start getting soggy. Menus appear to the left of where they should, but they are still usable. Just stupid looking | 14:16 |
brocashelm | i also hate those stupid new icons for the programs menu | 14:16 |
av6 | brocashelm: how can i find the no-csd packages of libxfce4ui in devuan? i'm using ones from github, but it's obviously a manual process to update them, i'd like a better way | 14:17 |
systemdlete | I find exiting and logging back in again usually solves it. But one should not need to... | 14:17 |
brocashelm | av6: there is gtk3-nocsd you can also try | 14:17 |
fsmithred | apt install gtk3-nocsd | 14:17 |
systemdlete | *nix is supposed to be STABLE and reliable. | 14:17 |
systemdlete | I think RH has hired an army of MS brats to write the code or something. | 14:18 |
systemdlete | but this is all off-topic... again. Sorry. | 14:18 |
brocashelm | i did install libxfce4ui-nocsd from the xubuntu experimental ppa (since i use ceres/unstable, anyway), and that worked fine. maintainer sometimes hangs around here (unit193) | 14:18 |
brocashelm | and this command helps: xfconf-query -c xsettings -p /Gtk/DialogsUseHeader -s false | 14:19 |
av6 | on the other hand, "all it takes to ruin ui design is one graphic designer", no need for an army | 14:19 |
brocashelm | my problem with xfce's development: they don't listen to their users (anymore) | 14:20 |
brocashelm | so this will affect downstream unless forked | 14:20 |
systemdlete | forked vs f*cked I guess? | 14:20 |
brocashelm | ;) | 14:20 |
fsmithred | brocashelm, I found the neofetch emblem. I'll upload it. | 14:28 |
fsmithred | https://get.refracta.org/files/misc/neofetch-refracta-emblem | 14:30 |
brocashelm | nice, thanks | 14:33 |
brocashelm | fsmithred: i see it's enabled if i run neofetch --ascii_distro refracted_devuan | 14:37 |
fsmithred | wtf? I just checked the list of recognized names | 14:38 |
fsmithred | yeah, that | 14:38 |
brocashelm | but how/where to make it a permanent config? | 14:38 |
fsmithred | I thought there was a way to specify the file to read | 14:38 |
brocashelm | i know it checks os-release/lsb-release first | 14:38 |
brocashelm | and i only put refracta instead of devuan | 14:38 |
fsmithred | and I thought there was a directory of emblems, but I guess they are all compiled in | 14:38 |
fsmithred | change the name in one of those files | 14:39 |
brocashelm | distrib_id value? | 14:39 |
fsmithred | it's going by os-release here | 14:39 |
brocashelm | id=devuan | 14:39 |
fsmithred | says Devuan, while my lsb-release says refracta | 14:39 |
brocashelm | yeah, i've attempted to edit the files | 14:40 |
brocashelm | in /usr/bin/neofetch - ascii_distro="auto" option (default) | 14:42 |
brocashelm | nope, nothing | 14:43 |
used____ | On Beowulf, latest kernel I think, `Linux beowulf 4.19.0-17-amd64 #1 SMP Debian 4.19.194-3 (2021-07-18)`, I enabled acpid logging to syslog, I get a LOT of events in the log: `Nov 27 19:20:26 beowulf acpid: completed input layer event "jack/lineout LINEOUT plug" | 16:19 |
used____ | Why is this so? It seems related to audio card use, the relevant plug is in all the time, and connects to an audio amp which is always on and has no standby/power control. | 16:20 |
used____ | There are like 30 events like this in 3 seconds then nothing. Wiggling the plug changes nothing. Playing audio also not. | 16:20 |
used____ | Upgrading kernel although unable to duplicate the jack flapping. | 16:24 |
used____ | The kernel was next to last, not last. | 16:25 |
used____ | Now upgrading to last. | 16:25 |
used____ | s/last/latest/ | 16:25 |
used____ | Reading acpid2 sources (the only way to get information on it apparently), shows it has gotten much more complex since using 'input layer' and 'netlink' for events instead of the old `/proc/acpi/event` which simply sourced strings. The "new" way to do it is, surprize, binary data. | 16:27 |
used____ | Another aspect of linux which is poisoned by rampant features nobody asked for. | 16:27 |
used____ | The acpid2 `input layer` event table (and names - important for scripting), are at: https://sourceforge.net/p/acpid2/code/ci/master/tree/input_layer.c | 16:28 |
used____ | Apparently reading sources is the newest (and only) way to get info on programs which are crucial for system operation. Welcome to the new 1990s. | 16:29 |
used____ | In the wonderful source file above, we see a LONG list of binary events, mapped to... strings. Iow, the event input layer supplies binary values which the C program translates to strings. You are never going to guess what `/proc/acpi/event`, the "old way" output? Strings! We have strings, via binary event files (several eventXX), a guessing game in acpi2 source which guesses which event files are useful, | 16:34 |
used____ | and a binary to string (!) translation table. This design choice probably shrank the 5MB vmlinuz kernel by perhaps 10kBytes. Yay, progress! </sarcasm> | 16:34 |
used____ | I never knew the kernel can generate a `{{{0,0}, EV_KEY, KEY_COFFEE, 1}, "button/coffee CFEE 00000080 00000000"},` event. Anyone got this key? I need one ;) | 16:35 |
used____ | (line 180 in source above) | 16:35 |
used____ | So, the simple string source from the kernel, was replaced by the input layer implementation, about 600 loc C, and by the netlink layer impl, another 600 loc of C, in acpi2. | 16:37 |
used____ | So now acpi2 is sort of like d-bus2 or such. Another binary monster replacing the usual (previously) ascii string sources for events. | 16:43 |
used____ | Oh, and, the netlink protocol used by acpi2 for crucial things, like button presses and worse, is "not a reliable protocol", being datagram/udp/raw socket oriented. I shudder. | 16:54 |
* wikan says hi | 17:56 | |
* used____ notes the old acpi string based interface went away in 2008-2009 | 18:02 | |
hagbard | meh, libfluidsynth-dev isn't installable in testing, because some dependency of it conflicts with elogind | 19:13 |
used____ | Not nice. All these "automation" crap things need to go. Back to basics. Text into/out of kernel /proc char devices. No d-bus, no elogind, no netlink layer kernel/user comms. | 19:14 |
used____ | Bring back linux 1.2.13 kernels! | 19:14 |
ham5urg_ | The dark force is trying hard, If I see a simplified modern kernel / linux in my live again, I will spend a beer or 10 more for used____ | 19:21 |
used____ | Seriously, these people automated and binary optimized the slowest of slow and rare events, like media plug in, partition table changes, jack plug in, button presses. | 19:34 |
used____ | I am really upset now, looking at *bsd how they do it. | 19:35 |
used____ | This being T-g Sunday, I understand the satiated silence from our overseas friends ;) | 19:56 |
used____ | Satiated and likely imbibed. | 19:58 |
Wonka | and hopefully not transmitting infections... | 20:03 |
used____ | If transmitting infections, increase Whisky imbibation, for sterilization. | 20:04 |
golinux | Please take it to opptopic | 20:07 |
golinux | offtopic rather | 20:08 |
used____ | Yes, sorry. | 20:10 |
systemdlete | So RDP is bad. But what about RDP in SSH tunnels? Remmina provides this; not having much luck with tigervnc | 22:27 |
systemdlete | RDP works, but it is a hazard without security | 22:27 |
gnarface | systemdlete: RDP in a SSH tunnel is probably fine but x11vnc works with both ssl and ssh support built-in | 23:01 |
gnarface | i seem to recall having an issue with the tigervnc server too when i tried it, i forget what now, but i haven't had any problems getting any clients connected to the x11vnc server | 23:02 |
gnarface | (though i'd recommend ssvnc if you care about security for this) | 23:02 |
systemdlete | does x11vnc have security? And does that create a session or scrape the (already running) desktop? | 23:03 |
systemdlete | I'm trying to do the scraper | 23:03 |
systemdlete | (maybe that is the difference, idk) | 23:04 |
gnarface | i've never once seen a vnc server that integrates with the system session manager on any OS | 23:05 |
gnarface | mabye that's just my inexperience | 23:05 |
gnarface | x11vnc afaik just scrapes the existing session whether it is logged in or not, like any other vnc server | 23:05 |
systemdlete | tiger has 2 versions: One that sets up a session on the host, and the other which literally interacts with a (presumably) running session | 23:06 |
gnarface | hmm, interesting | 23:06 |
systemdlete | So x11vnc is a scraper then? | 23:06 |
gnarface | the thing about tigervnc having its own X session vaguely rings a bell i guess, but i never used it that way | 23:06 |
gnarface | yea, x11vnc just forwards the display | 23:06 |
systemdlete | what do you mean by it "just scrapes the existing session whether it is logged in or not" -- how can there be a session if not logged in? I'm confused | 23:07 |
gnarface | but you can provide user authentication through the ssl features | 23:07 |
gnarface | if you have a graphical session manager there's a session even if you're not logged in | 23:07 |
gnarface | a gui login prompt is still running on Xorg | 23:07 |
systemdlete | Well, I'll try x11vnc. | 23:07 |
systemdlete | unless there is no display manager running, right? | 23:08 |
gnarface | yea i think x11vnc just doesn't work unless xorg is running then | 23:08 |
systemdlete | ah, ok | 23:08 |
systemdlete | In my case, that won't be an issue. But I've found that I had to disable the DM on some of my machines, mainly hardware not VM | 23:08 |
systemdlete | thanks for the tip re x11vnc | 23:09 |
systemdlete | that may make my trip easier. | 23:09 |
gnarface | yea no problem... the whole point is to use vnc to scrape an existing session, because if there's not a existing graphical session containing multiple windows then you can much more easily use x11 forwarding over ssh | 23:09 |
gnarface | (which doesn't require a vnc server because it just uses sshd and xorg libs) | 23:10 |
gnarface | but if you're trying to re-connect to a desktop where multiple windows were already open, rather than just gaining access to a single newly-launched window, then the x11 forwarding over ssh approach gets more tedious | 23:11 |
systemdlete | I'd prefer to scape the existing session because I often find myself switching hosts using the KVM switch as well as using remote sessions. It just depends what I am doing atm | 23:11 |
gnarface | yea i understand | 23:11 |
gnarface | vnc isn't any more secure than rdp by default but it has a lot of options | 23:12 |
systemdlete | ok | 23:12 |
systemdlete | wait, you are throwing me again: " if you're trying to re-connect to a desktop where multiple windows were already open, rather than just gaining access to a single newly-launched window, then the x11 forwarding over ssh approach gets more tedious" | 23:13 |
systemdlete | I think this is the option I want, isn't it? | 23:13 |
systemdlete | I want to switch back and forth between the actual remote host desktop (using KVM switch) and using remmina from the local host | 23:14 |
gnarface | x11 forwarding over ssh is something different from VNC and it doesn't forward the whole desktop at once, it just forwards one window at a time, and they have to be launched by ssh to work; they can't connect to already-opened programs like vnc and it has to be one program per ssh client | 23:15 |
systemdlete | I want to be in the exact same session either way | 23:15 |
systemdlete | oh, that's something else. | 23:15 |
systemdlete | No, I want the entire desktop in either case. | 23:15 |
gnarface | i think you want vnc, but to be pedantic i'm just pointing out that in a different situation, just bare ssh features would be easier | 23:16 |
systemdlete | btw, gnarface, I am going to be working behind my modem so security really isn't much of an issue, I think. But I want to practice good security hygiene as a rule | 23:16 |
systemdlete | gnarface: Yes, that I agree with. | 23:16 |
systemdlete | You know, now that I think about this, maybe window-by-window SSH would suffice for me. | 23:17 |
systemdlete | VNC might be overkill for what I am doing, actually. | 23:18 |
gnarface | the only problem is then they have to be launched by the connecting ssh client, you wouldn't be able to launch the program then change seats without relaunching it | 23:18 |
systemdlete | yeah. | 23:18 |
systemdlete | That's the rub, really. | 23:18 |
gnarface | most the time just regular ssh x11 fowarding does work fine for what i'm doing | 23:18 |
gnarface | vnc is nice when you want to switch seats though | 23:19 |
systemdlete | probably for me too | 23:19 |
systemdlete | yes, I agree | 23:19 |
gnarface | also, for ssh's x11 forwarding to work, the host machine only needs the x11 runtime libraries, not a full-blown xorg install | 23:20 |
gnarface | whereas with vnc, the host actually has to be running an xorg instance | 23:20 |
gnarface | which means it has to have a video card | 23:20 |
gnarface | sometimes that can be cumbersome | 23:21 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!