freenode/#devuan/ Friday, 2018-07-13

fsmithredWe could start a 12-step program00:05
golinuxbozonius: How are you getting FF to play audio without it?  Did you do the apulse thing?00:06
bozoniusstep 1:  Admit to yourself that systemd, pulseaudio, and even avahi are not really helping you.00:06
bozoniusgolinux:  Yes, in some cases, apulse is needed.00:07
fsmithrednot needed with ff-esr in ascii00:07
bozoniusfsmithred:  Some versions of ff are OK without apulse or pulse00:07
golinuxTrue.  I thought you were playing with Beowulf.00:08
bozoniusI am... or was, anyway.  I haven't played with sound there yet.00:08
golinuxAnd had encountered00:08
bozoniusI was only commenting on james1138 comment00:08
golinuxthe end of FF as we've known it00:09
bozoniusomg... what new torture are we in for with ff00:09
golinuxpulseaudio will be required.00:10
bozoniusnot if you use apulse00:10
golinuxYes.  I was wondering if you'd done that.00:10
bozoniusno, sorry.00:10
bozoniusI could try it...00:10
fsmithredplease do. I'm not sure if it works.00:10
fsmithredwhat version of ff are you using?00:11
fsmithredin beowulf00:11
bozoniusuh... not sure.  Let me look00:11
golinuxI keep an eye out for an apulse howto.00:11
bozoniusprob whatever comes with it, and any updates00:11
fsmithredpretty sure 57 is the first one that requires pulse00:12
fsmithredthere's ff-61 (not esr) in sid/ceres00:12
bozoniusok running into a glitch00:18
EHeMAny help for an issue of `fsck.ext4` apparently not making it onto an initial ramdisk? (fsck.ext3 gets on, fsck.ext4 is being troublesome)00:18
bozoniusI only have headphones for my testbox00:19
bozonius(usb headphones) host ascii system lsusb shows the device, but it seems the guest (beowulf) does not see it)00:19
fsmithredaplay -l00:20
fsmithredsee which card is first00:20
fsmithredEHeM, maybe running 'update-initramfs -u' will fix it00:20
bozoniushuh... on the host, I am seeing card 0 analog, card 0 digital, and card 1 headset00:21
EHeMfsmithred: That was the obvious guess, didn't help.00:22
fsmithred you'll need to change the order of the cards00:22
EHeMfsmithred: Actually recreated them from scratch and `fsck.ext3` shows up, but `fsck.ext4` doesn't.00:23
fsmithredEHeM, that's weird00:23
EHeMI know.00:24
EHeMHmm, now it looks like one of my VMs it did manage to get in, but not in some other spots.00:26
bozoniusok, so I re-ordered the cards on the host (ascii) and I can record and playback on the host.  But the beowulf guest is not seeing any usb devices00:35
bozoniusI tried changing the vbox config for the vm from usb 3 to usb 2 support, but no change00:36
bozoniusI suppose I could  install beowulf to the host, but that will take some time...00:36
fsmithredyou shouldn't need to do that00:36
bozoniusor try my analog headset...00:36
fsmithreddoes your guest normally see the usb audio, or does it just pretend it has something else?00:37
bozonius"normally?" -- this is the first time I am trying the headset on the test box.00:38
fsmithredI think you should be able to leave the default vbox audio setting00:40
fsmithredas long as sound works on the host, I'd expect it to work in vbox00:41
fsmithredit'll just use ALSA00:41
bozoniusthe problem is that the guest doesn't see the usb device00:41
fsmithredwhy does it need to see that?00:41
bozoniusnow, I DO have pulse running on host00:41
fsmithredoh, then maybe set it to pulse instead of alsa00:42
bozoniusI could disable that and just use alsa there, but the headset works on the ascii host00:42
bozoniusit needs to see the device so it can be used in the guest00:42
bozoniusthe guest must capture the device first00:42
bozoniusbefore any application can "see" it00:42
fsmithredmine does not see my correct device00:43
bozoniusbut the trouble is that vbox itself, for the guest process that is, does not see it00:43
fsmithredhost has intel hd audio00:43
fsmithredvbox is using ac97.00:43
bozoniusare you using analog or digital headphones00:43
fsmithredjust looking at the audio settings on the laptop00:44
bozoniuswell, here's anothr thought00:44
bozoniusmaybe I can just plug in my speakers to the test box00:44
fsmithredthat should work00:44
bozoniusshould, yes00:44
* bozonius reaches...00:45
* bozonius tries to... must... grab...00:47
* bozonius agggggh!00:47
* bozonius is eaten by a tangle of wires in the corner behind the computers...00:47
bozonius(very sad)00:47
bozoniusboys, we have sound on beowulf!00:53
bozoniusnow, to see if ff works without pulse00:53
bozoniusping beowulf vm has ff 52.9.0 (ff-esr)00:58
EHeMbozonius: You created the Cordthulu?00:58
bozoniusI have to admit I might have created it... you know. It starts with one wire, then you drop another through, figuring that won't be a problem.  THen another, then another01:04
bozoniushaving some problems with network config01:15
bozoniusI tried disabling connman01:17
bozoniusbut even after stopping and starting network, it is not seeing the host01:17
bozoniusI usually don't have this many issues with simple ipv4 config01:18
bozoniuswith vbox01:18
bozoniusip a shows me the correct config, though I note ip route shows no default route01:18
bozoniusthis connman doesn't seem to be in sync with what network has01:19
bozoniusit was configured for the net, and I changed it (I thought) to .55 net, but then I see /etc/network/interfaces had not been updated -- still showed dhcp not static as I specified to connman01:20
bozoniusthe "Network" UI on ascii works fine...01:20
bozoniusmaybe one of you can kind of step me though  the config for this?01:21
fsmithredI normally set it to Bridged and eth0 and it just works01:23
bozoniuswell, I tried that also, I can retry that...01:24
bozoniusI had to kill dhclient01:24
fsmithredI don't set a static ip01:24
fsmithredit just gets an address from the router01:24
bozoniusI can ping the host, but no response comes back (I know it is going out to the host, because wireshark on the host shows the packets)01:50
bozoniuswhen I try to ping with -v, it tells me permission denied, attmpting raw socket...01:52
bozoniusand I am root01:52
bozoniusI tried allowing promiscuous mode on the adapter also01:52
bozoniussorry I am  on 2 keyboards01:53
bozonius(ignore "120"  and "kkkk")01:53
fsmithredyou're in the netdev group?01:53
bozoniusroot ?01:53
fsmithredoh, user01:54
bozoniusand, yes, my user "tester" is also in netdev.  But it might be irrelevant01:54
bozoniusbrb - water01:55
bozoniusany ideas?02:07
fsmithredgoogle the error message02:07
bozoniuswhy is it that the ascii host can see the packages coming over, but there is  no response at the guest?02:07
fsmithredI don't know.02:08
* bozonius is a complete ... !!!02:10
bozoniusI made a doodoo02:10
bozoniusgive me a few minutes to fix this...02:10
bozoniusI know exactly what stupid-ass thing I did THIS time02:10
bozoniusok the guest can now talk to host, but I've got a dns resolution problem...02:24
bozoniuspacket forwarding02:34
bozoniusI'll need to enable packet forwarding on the ascii host02:35
bozoniusdoes that require the whole firewall bit, or can I set something in sysctl?02:35
gnarfacebozonius: just enabling forwarding can be done via sysctl.  the default /etc/sysctl.conf probably has the lines already, just commented-out.02:41
gnarfacebozonius: (there are two lines, one for ipv4, and one for ipv6)02:41
bozoniusI did it by sysctl -w ... = 102:41
gnarfacethat will work too but won't persist through reboots02:42
bozoniuseven with -w?02:43
gnarfaceyea i think so, but i could be wrong i guess.  better test it to make sure.02:45
gnarfacejust in case you don't know, in the future it may help you to know that they correspond to values in files and sub-directories of /proc/sys that can be read and changed directly with root permission02:48
gnarfaceso net.ipv4.ip_forward, for example corresponds to /proc/sys/net/ipv4/ip_forward02:48
gnarface(this can be useful for finding the names of flags that *aren't* already included in the default comments of the sysctl.conf file)02:49
bozoniusok, I'll have to continue this later... got go see someone02:52
bozoniusI am curious what all those other forwarding flags are02:52
bozoniusthere's the ip_forward flag for ipv4, but for ipv6 there are a bunch, and also ones that correspon for v402:53
gnarfaceyea you can do all sorts of tcp/ip tuning in there02:53
gnarfaceluckily most of it you'll never have to touch02:54
bozoniusforwarding is still not working, though now with a dnsmasq running on the host (ascii), at least I can get dns (somewhat)02:54
bozoniusbut I still can't ping an actual target outside the local subnet02:54
gnarfaceyou had a firewall up?02:54
gnarfaceforwarding won't bypass the regular firewall rules02:55
bozoniusno not any02:55
gnarfacealright well if you dno't figure it out maybe i can help you later02:55
bozoniussure, thanks02:55
bozoniuswhat is your take on "connman," gnarface02:56
gnarfaceusually at that point i just start going device-by-device, using tcpdump and ping to see where the packets are falling off the path02:56
bozoniusright, and I regularly use wireshark02:56
bozoniuswhich might be overkill02:56
gnarfacesame diff02:56
gnarfacei can't say i've ever used connman02:56
bozoniusconnman seems to replace "Network" (networkmanager?) in beowulf02:57
bozoniuswell, I disabled it02:57
gnarfaceseems like that's possible. the description says it does the same thing but on the command-line02:57
gnarfaceyea i don't think you actually need it02:57
gnarfaceit might make life easier, or it might not02:57
bozonius(connman does have a gui)02:57
bozoniusnetworkmanager hardly made it easier many times, early on02:58
gnarfaceah, yes i see actually it has several front-ends listed on the arch wiki02:58
bozoniusI also disabled avahi02:58
bozoniusis that sinful?02:58
bozoniusthat wouldn't affect this02:58
gnarfacehah, no, it's smart to disable avahi for what you're doing.  avahi will down/up network devices without asking02:59
bozoniusmaybe for discovering dhcp servers, but everything here is static02:59
bozoniusI figure anything *lennart* it is prob best02:59
gnarfacei think the demand for avahi stems from a desire to be compatible with Apple's "bonjour" auto-configuring hotplug network stuff03:00
* EHeM for one is glad 192.168.56/24 is being used instead of 192.168.0/24 or 192.168.1/24.03:00
bozoniusI'm gonna toodle and help a friend make a spread sheet and maybe earn some money03:00
bozoniusavahi was nice to allow my ex-gf to print from her iphone03:01
gnarfaceyea stuff like that03:01
bozoniusavahi was not so nice every time there was an update03:01
bozoniusit inevitably broke wireless printing...03:01
gnarfacewhen you just want the network devices to find each other out of the box and you don't care about security, avahi is the way to go03:01
gnarfaceor at least, its the accepted approach03:01
bozoniussometimes I could fix it again, other times not03:01
gnarfacei just don't like it overthinking stuff for me03:02
bozoniusand it is actually smart, in a way, but too many surprises03:02
bozoniusI hear you03:02
gnarfacesay i unplug a ethernet cable, i don't want it to ifdown that network device03:02
gnarfacebut it will03:02
bozoniusI like a gui that just makes something easier to configure, but not add ridiculous wizards and the like.  I want to know what I am doing03:02
bozoniusok, back later...03:03
crimson_kingHow to disable a service with sysvinit? (to not start on boot)04:48
gnarfacecrimson_king: easiest way is with "update-rc.d [package name] disable"04:53
gnarfacecrimson_king: (check the update-rc.d man page for more details)04:55
crimson_kinggnarface, thank you04:55
gnarfaceno problem04:55
furrywolfmust...  resist...  making...  "in the court of"...  jokes...05:07
bozoniusLooks like iptables might be necessary for forwarding to work05:51
bozoniuscan't just set forwarding on05:51
mtnmanbozonius: do you mean ip forwarding?05:53
mtnmani just set up ip forwarding and found this very helpful:
mtnmanoops that wasn't it hang on05:54
bozoniusI'm  not  looking for masquerading per se.  I'm  trying to get two subnets to talk to each other, that's all.05:58
EHeMMerely forwarding without NAT doesn't need iptables, merely the appropriate routing table entries.05:59
EHeMThough if you're forwarding, often filtering is a valuable add-on.06:00
Leanderbozonius: this sounds like bridging06:14
bozoniusactually, I just solved it by installing IPfire and letting IT worry about all this...06:20
bozoniusand, yes, Leander, the IPfire VM is using bridging to a NIC on the testbox06:21
bozoniusbut now I am trying to remember why I did all this...06:22
bozoniussomething about testing sound...06:22
bozoniusthat was it.06:22
bozoniusjust like on jessie, it seems that pulseaudio won't go away until you obliterate it from the system06:31
bozoniusmerely unchecking the autostart for session does not quite do the trick.06:31
Criggiepulseaudio made me install devuan instead of debian.06:31
bozoniusseems I am getting sound without pulse running06:33
bozoniusapulse is not installed06:34
holla_some apps (firefox e.g.) require pulse, afaik06:35
CriggieI get ... (stops to check first)06:35
holla_so i don't think it's wise to purge it all together06:35
bozoniusapparently not, at least not on beowulf.  I am  getting sound from firefox somehow06:35
CriggieOK I do have pulseaudio running on devuan, but it works.  The previous debian install was kinda togued about.06:36
Criggieyou could just stop the pulseaudio service and test06:36
CriggieMy next issue is to get ffmpeg installed properly06:36
CriggieTHEREs a codebase with a history.06:36
holla_well i would stick with pulse and only disable it on demand (pasuspender(1))06:37
bozoniusCriggie: DId you see what I wrote?  I tried to stop pulseaudio, but it would not die06:37
bozoniuseven after I logged out/back in06:38
bozoniusI've seen this on other systems also.06:38
bozoniusgnarface, fsmithred:  Looks like we have speaker sound on beowulf, without apulse or pulse06:38
holla_bozonius: cp'd /etc/pulse/client.conf to '~/.config/pulse/' and disabled it there?06:39
bozoniusholla_:  No.  I did not.  The session UI in the desktop pretty much says by unchecking the box for pulseaudio (under autostart), it it supposed to not automatically start when you log in.06:40
bozoniusIt warns you that you may have to log out first, and I did that, but it was still running.  In fact, there were 2 children of pid 1 running pulseaudio06:41
bozoniusI was following the rules, obeying the laws, respecting my teachers and law enforcement, but it did no good06:42
bozoniusheheheh.  This is lxqt, btw, on beowulf devuan06:42
bozoniusholla_:  I will try to remember that trick in the future.  But it's OK, I don't really want pulseaudio on any of my systems anyway06:42
holla_bozonius: yw - yet again, i don't think it's sensible to get rid of pulse since many a pkg relies on it. even if you purge it, it will get pulled in again if you don't pin it07:02
bozoniusif a pkg  DOES require pulse, there is always apulse07:08
gnarfacei still can't figure out how to get apulse working with multi-arch software07:12
gnarfacei don't know if it can07:12
gnarfacesome of the more poorly behaved commercial software for linux is still a mix of 32-bit and 64-bit libraries (i assume because windows is that way) and apulse seems to only work for stuff that's been compiled against one single arch07:13
bozoniusI apologize to you all if I was sounding a bit authoritative. I'm not an expert on this.07:14
gnarfaceoh there might be a simple fix for that, i just don't know enough about library linking07:14
gnarfacethe point is just that apulse isn't a full replacement, yet07:14
bozoniusI have  been able to get sound with apulse pretty consistently across many programs.07:14
gnarfacethough it should be fine for open source stuff, because for open source stuff, there's no driving reason to have a mix of library architectures07:15
bozoniusand for commercial stuff... well, maybe there are open source alternatives?07:15
* bozonius never pays for software anymore07:15
gnarfacei can *almost* supplant all the actually required pulseaudio features with some clever ~/.asoundrc customizations bash scripting07:16
gnarfaceone or two things still elude me07:16
bozoniusyou are miles ahead of me here...07:16
gnarfacei got a lot of help from #alsa07:16
bozoniusI look at alsa configs and immediately get a bad case of  hives07:16
bozoniusI have as well.07:17
gnarfaceits weird, for sure07:17
bozoniusof course, grub.cfg files are not exactly clear either07:17
bozoniusmany of these files do not have extnensive docs, or they have docs but don't explain things clearly07:17
bozonius(I'm sure the docs are very clear to people who already understand them)07:18
bozoniuspart of the problem is nomenclature... too much doc out there includes words that are just plain incorrect07:18
bozoniusthought that's true for a lot of other writing these days07:19
bozoniusbareos backup, for instance, talks about "job defaults" (jobdefs) but you can have multiple defaults, which doesn't quite make sense.07:19
bozoniuswhat it is, really, is that a group of jobs can share certain defaults.07:20
bozoniuswhat I cant stand though is that many times, a setting doesn't truly override a default.07:20
bozoniusI just got my usb headset to work in beowulf in a VM running under ascii07:21
bozoniusgnarface:  OTOH, ff is 52.9, and I think the support for alsa ends later07:26
bozoniusso a better test would be  a later backport for beowulf07:26
bozoniushmmm.  according to what i've read, the support ended with 59.  So how is it that I can run 59.2  without pulse and still get sound ok?07:47
EHeMEven xfce4 depends on xfce4-pulseaudio-plugin.07:48
bozoniusI'm guessing that (maybe) Devuan is building their Firefox with alsa enabled?  Or possibly debian?07:53
gnarfacehard to say, but i thought mozilla actually removed it for a while then put it back a couple versions later, was what actually happened07:54
bozoniusbut do you agree maybe a much more recent ff version might make a better test?08:02
bozoniusin early 2017, people  chatting on reddit were concerned that eventually ff and even chrome would no longer support alsa08:02
bozoniusand that even the code for alsa support would be completely stripped08:02
Jjp137for firefox-esr 52.9.0, the Debian package is built with ALSA support enabled (see:
golinuxThat's progress needed for a 'modern' browser </sarcasm>08:03
Jjp137(commit:, bug report about it:
bozoniusJjp137:  thanks for that info08:05
gnarfacebozonius: i'm still using the firefox-esr version in ceres, except in the rare cases a website complains about it08:06
gnarface(i have both installed)08:06
bozoniusproblem though, is eventually, mozilla devs are threatening to remove the build option08:06
gnarfacei forsee more forks of firefox coming in the future08:06
bozoniusfirefork browser08:06
bozoniusgnarface:  you have ceres installed?   How did you do that?08:07
bozoniusfor beowulf, i just installed ascii and updated the sources to point to beowulf, apt-get update and upgrade08:08
bozoniusI might want to try a ceres, just for the heck08:08
gnarfacebozonius: uh... it was a pre-existing debian sid install that i just "upgraded" in-line.  upgrading from ascii *or* beowulf may actually work too though.08:11
gnarface(standard practice would be to go through beowulf to ceres, but due to the current unfinished state of beowulf, jumping over it from ascii might be a better choice for now... i'm not sure, it's not something i've tried yet)08:11
gnarfaceactually though, someone else here DID report that upgrading from ascii to ceres did work, at least before beowulf was an option08:12
bozoniusI could  try these  myself I suppose08:12
gnarfaceheh, well don't nuke a working ascii install to try it08:12
gnarfaceor at least, make sure you take a backup first08:12
bozoniusgod no...08:12
bozoniusthese are all VMs to start with, and I won't be touching the ascii runnng the testbox08:13
bozoniusbackup first, or snapshot08:13
gnarfacei'm only running it because some of the higher-budget commercial titles won't work with the newest nvidia drivers still compatible in ascii (mostly Blizzard's fault)08:13
gnarfaceand that's actually been the case for a while08:14
gnarfacethat's why i upgraded this install to sid back then08:14
bozoniuswho/what is Blizzard08:14
golinuxThere are actually some newer packages in ASCII than in beowulf  (and maybe ceres too)08:14
gnarfacebozonius: they're a commercial game creator/publisher.08:14
bozoniusgolinux:  I've successfully upgraded ascii to beowulf.  Which packages are those?08:15
golinuxI am the wrogn person to ask.08:16
golinuxI'm still on Jessie.08:16
bozoniusbut the right person to tell me this in the first place?08:16
bozoniusie, how did you know this to be true at all?08:16
golinuxI am kind of the Devusn librarian08:17
bozoniusok, so you've seen these packages but don't remember which ones?08:17
golinuxAnd follow all channels.08:17
gnarfaceit's the *elogind* *polkit* stuff, isn't it?08:18
golinuxI've read about probably08:18
gnarfacestuff related to slim/lightdm?08:18
golinuxoops two thoughts at once08:18
golinuxI has been discussed here, on the forum and dng.08:19
EHeMI discovered the existance of elogind and promptly felt sick to my stomach; it is not on any of my systems.08:19
gnarfacebozonius: anyway, i'm not sure it matters unless you're using a graphical login08:20
EHeMAppeared to be depending on *lots* of things which were otherwise unncessary.08:21
golinuxWhat about session management?08:21
golinuxIt is defanged of systemd thanks to gentoo.08:22
gnarfaceEHeM: hmmm, the apt-get option "--no-install-recommends" might be of interest to you08:22
EHeMI'm aware.08:22
gnarfaceoh ok, just making sure08:22
MinceRelogind still used to kill processes on logout by default08:22
golinuxIt solved a lot of problems with the desktop08:22
MinceRso i'd be careful with it08:22
golinuxIsn't elogind default in ASCII08:23
EHeMI'm sure there are situations where elogind is beneficial, but mine is not one (killing things on logout isn't valuable to me right now).08:23
gnarfaceheh, i gave up on graphical login managers back when graphics drivers were the usual problem with them.  now days i've just grown out of them.08:23
bozoniusis elogind really needed?  I mean what did people do back in the old days before elogind came along?08:23
gnarfacesomething like that08:24
MinceRthey had consolekit, and before that they had X running as root08:24
MinceRi prefer to use startx08:24
gnarfaceoh yea, suid root x08:24
MinceRmore flexible and doesn't need any of this cancer08:24
gnarfacemost the graphics drivers have been fixed so you don't even need to run it as root anymore08:24
golinuxBye.  Sleep time08:24
bozoniusI seem to recall somewhat graphical logins dating back to... oh, I don't know.  Maybe mandrake?08:25
bozoniusnight golinux08:25
bozoniusI don't  remember if I had to startx or the like... can't remember that far back08:26
bozoniusback in the days when linux was still nice...08:26
gnarfacestartx has always been around as far back as i can remember.  there were a lot fewer options for graphical login back then though08:27
bozoniusyeah, maybe you are right08:27
bozoniusgraphical logins have been around so long now, I am used to them08:27
asdgggthis should apply to debian aswell, is it possible to disable the automatic insserv'ing of services installed by apt?11:38
asdgggthere is the rc.d policy file to prevent the automatic (re)starting but I don't even want installed app to add themselves to the runlevels at all11:39
gnarfacei don't know of any such feature but that doesn't mean there isn't one11:43
gnarfaceit seems like something the individual packges would have to be set up to do11:43
gnarfacemaybe if you change the debconf priority threshold to whatever setting makes it ask the most questions, it will ask you that question too11:44
asdgggyes, seems like its in the .postinst files of the debs :s11:44
fsmithredeasy way to remove all the rc links11:49
fsmithredotherwise, 'update-rc.d -f <servicename> remove11:50
asdgggsure but that is what I want to prevent, installing something and then removing something the install did11:51
fsmithredI think your choices are 1. don't install it, or 2. repackage it differently11:52
gnarfaceits a good idea11:54
gnarfacebut mostly what i've seen is services either add themselves automatically, or else leave it to you to enable them manually11:54
gnarfacei don't know for sure that some may not ask if debconf priority is set low enough though11:55
gnarfacei know some packages will ask whether they're allowed to restart services during install11:56
asdggginteractive stuff isn't an option either11:57
asdgggbest way is probably to do some apt wrapper which replaces update-rc.d with some return 0 script during installations lol11:59
asdgggthis would fork for anything but a sysv-rc update12:00
gnarfacei wonder if you could use the alternatives system for that12:02
gnarfaceit seems possible12:02
fsmithredI think the package install scripts are supposed to use invoke-rc.d instead of update-rc.d, so maybe a dpkg-divert of invoke-rc.d would do it12:07
fsmithredbut then you'll have to deal with the ones you want to keep the links12:08
asdgggtbh it would be way better if packages could just echo something like "if you want to enable this service use update-rc.d blah blah" instead of force enabling themselves12:10
asdgggbut I guess its how debian works12:10
fsmithredyeah, you install something, and it just works, usually with sane defaults12:15
asdgggits a way to do it but in 95% of the cases when you install a service you need/want to configure it first before you start/insserv it12:20
Leanderthat's something that has been bothering me for a while too, and I see it as related to the issue of having no firewall up by default13:07
arminLeander: you're actually wishing for a firewall that is enabled by default?13:23
arminLeander: weird. still, ferm might be worth a short look.13:23
arminLeander: and no it won't solve that issue.13:23
Leanderarmin: it's just that services are started by default, for instance sshd, even though you might not want to be reachable from a local network13:24
LeanderI could imagine that by default, we'd have the base distribution with no firewall and no automatic enabling of services, and then there could be a more user-friendly derivative on which services are enabled by default *but* there's also a basic firewall13:29
elio_4but a whole preconfigured firewall isn't needed. On the other hand the default config of any service could bind to for a better security in general13:30
gnarfacearen't there any firewall packages that are enabled by default?13:31
gnarfacei figured there would be13:31
gnarfacei mean, once you install them that is13:31
LeanderI assume that most of them bind to localhost, indeed, but that's less user-friendly because you'd have to tinker with the config files13:31
fsmithredarno makes you go through a debconf dialog. I don't know about other firewalls.13:32
LeanderI never installed anything more than iptables, so I don't know13:32
arminLeander: that is a problem - yes. installing a service is different from starting a service. i totally agree with that one. but i fail to see how a firewall solves this.14:11
arminLeander: sure it would handle all cases of accidentally started programs that open listening sockets, but it still seems like not the right solution to the problem to me.14:12
Leanderarmin: I never said it was a solution, I just think that the lack of firewall can create an additional security issue14:13
arminLeander: true.14:13
TashtariHey all.  Does any mechanism exist to apply patches on top of files that are liable to get updated by a package?18:51
TashtariSpecifically... I'm trying to theme xfce4, and I'm finding I will need to change some of the /usr/share/applications/*.desktop files in order that certain applications will use different icons than the default.18:52
TashtariAnd I'd like to follow the path of least resistance, if one exists. :)18:53
golinuxTashtari: Just put the icons you want to use intp /usr/share/icons and themes into /usr/share/themes. Then select those options from the Xfce settings menu.19:53
Tashtarigolinux: The problem with that is that I effectively want to split the responsibility of what is currently a single icon.  Currently, for example, there's an icon of a monitor.  The display control panel uses this to denote actual monitors and also to denote the control panel itself.21:26
TashtariI want the control panel to be denoted by a different icon than the monitor, so I can't just replace the monitor icon.21:27
TashtariI have to actually change the .desktop file for the display control panel.  And that file is liable to be overwritten by an update of the relevant package.21:27
fsmithredTashtari, if you make your own .desktop files, give them unique names, and they will remain.21:34
fsmithredif you want to replace a file in a package with your own, in a way that it won't get replaced on upgrade, use dpkg-divert21:35
Tashtarifsmithred: Interesting, I'll look into that.  Thanks.21:36
ik5pvxdo I understand correctly that using "merged" in sources.list is equivalent to having "main contrib non-free" ?21:43
ik5pvxso what does merged stand for?21:44
fsmithredmerged means you get devuan packages and debian packages21:44
ik5pvxoh, ok21:44
fsmithredamprolla merges the repositories in a smart way21:44
fsmithredi.e. won't let you install systemd21:44
ik5pvxah, cool thanks21:44
fsmithredthere are a couple of repos that have /devuan instead of /merged21:44
ik5pvxI'll update my sources.list then21:44
fsmithredthose only have devuan packages, but that's for experimental stuff21:45
fsmithredmain contrib and non-free works the same as in debian21:45
ik5pvxfor jessie and ascii I should be fine with merged <codename> main contrib non-free, then?21:45
ik5pvxand there's a testing with the same meaning as debian, correct?21:46
fsmithredfor ascii, use, not auto.mirror or packages.devuan.org21:46
fsmithreddon't use testing/stable/unstable words21:46
fsmithreduse codenames21:46
fsmithredsometimes what's testing in devuan is stable in debian21:46
fsmithred(not at the moment)21:46
* ik5pvx updates a couple VMs with this info21:47
ik5pvxehm, so what's the codename equivalent of testing?21:56
ik5pvxmaybe I should just track ceres (unstable)21:57
fsmithredneither ceres nor beowulf has had much work done yet21:57
ik5pvxunderstandable, ascii has just been released, no?21:58
fsmithredif you upgrade from ascii, some of the devuanized packages will remain, because there aren't newer versions in beowulf or ceres21:58
fsmithredthat said, some people are using them and they basically work21:58
ik5pvxat the moment I have 2 VMs, one with jessie, and one with "testing", which I understand is not a great idea of a codename21:59
fsmithredis it ascii or beowulf?21:59
ik5pvxI'll prepare a clone of jessie and update it to ascii21:59
fsmithredwhich kernel is in your testing vm?22:00
ik5pvxI just put it in as testing, I thought the aliases had the same meaning as in debian. So I honestly don't know what I've been tracking22:00
fsmithredascii kernel22:00
ik5pvxok, let me do some renaming here22:01
fsmithredlook in /etc/devuan_version, os_version and debian_version22:01
fsmithredor maybe check the version of libc622:01
ik5pvxyeah it says ascii22:02
ik5pvxhm, there's no lsb-release?22:02
KatolaZik5pvx: lsb_release -a22:03
fsmithredthanks, I forgot about that22:04
ik5pvxwell ok, I guess I'll let those VMs update. Thanks for the help fsmithred22:24

Generated by 2.17.0 by Marius Gedminas - find it at!