[14:47] <Ussat> So, I know this is Ubuntu Server, but just a FYI, if anyone has RHEL / Centos Servers, DONT PATCH NOW:  https://pastebin.com/uGgCmVsQ
[15:39] <tomreyn> Ussat: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1889509
[15:39] <Ussat> NIce
[15:39] <Ussat> Ya I have put off all patching untill confirmed fixes
[17:31] <Amadex> Hellou :D
[18:42] <rangergord> Ussat, if that package had been a snap, it would have auto-updated and you'd be screwed
[18:43] <rangergord> stuff like this is a great example were complaining about inability to disable automatic updates of snaps
[18:43] <rangergord> frankly it's almost insulting for Canonical to insist on this
[18:43] <oerheks> one can schedule snap updates.
[18:44] <rangergord> you mean defer for a short period of time
[18:44] <rangergord> can I tell it "don't update this package unless I tell you to?" No.
[18:45] <rangergord> to me, a snap == rolling distro. LTS stops having any meaning.
[18:45] <oerheks> yes; refresh.hold: delays the next refresh until the defined time and date
[18:46] <rangergord> can I set that date to 2030? When I followed the discussion on launchpad, the dev insisted it's their philosophy not to let you defer by more than a couple of weeks.
[18:46] <oerheks> seems like you are just parrotting
[18:47] <rangergord> I'm parroting the Canonical dev working on snapd
[18:47] <rangergord> (one of them)
[20:28] <DammitJim> since what LTS version did we make apt the standard instead of apt-get or do I have that backwards?
[20:28] <sarnold> apt is the new front-end
[20:29] <oerheks> both are valid.
[20:29] <DammitJim> sarnold, since when? I'm trying to come up with standards at my office as to what we should use but I also don't want people to get confused
[20:29] <DammitJim> we still have Ubuntu 16 servers
[20:29] <oerheks> apt is just superiour.
[20:29] <DammitJim> what I'm starting to run into is apt is more robust and has more options
[20:29] <sarnold> DammitJim: apt is better for interactive use; apt-get is better for scripted ues
[20:29] <DammitJim> is apt-get looked down upon?
[20:29] <DammitJim> our scripts all use apt-get
[20:29] <sarnold> DammitJim: apt upgrade is far safer than apt-get dist-upgrade, and handles more conditions than apt-get upgrade
[20:29] <oerheks> The reality is that the first stable version of apt was released in the year 2014 but people started noticing it in 2016 with the release of Ubuntu 16.04
[20:30] <DammitJim> and that was one of the things I was going to ask my team to start changing
[20:30] <oerheks> https://itsfoss.com/apt-vs-apt-get-difference/
[20:30] <DammitJim> so, if I said.. hey guys, from now on (now that we finally put to sleep the last Ubuntu 14 server) we are using apt instead of apt-get, I won't run into any inconsistencies, right?
[20:30] <oerheks> nope, you are fine.
[20:31] <oerheks> when some dependensie issue pop up, apt install -f
[20:31] <DammitJim> why did you feel you needed to make that last comment about apt install -f?
[20:32] <oerheks> see apt vs apt-get, apt-get does not solve those issues on that level
[20:33] <DammitJim> what? apt-get still has a lot more functionalities to offer than apt? (per the link)
[20:33] <DammitJim> hhhmmmm... maybe I should stick with apt-get and not complicate things
[20:34] <oerheks> no, but an interesting conclusion
[20:34] <oerheks> you have no need to edit your scripts now, indeed
[20:34] <DammitJim> ok, thanks!
[20:50] <sdeziel> sarnold: the link from oerheks says that 'apt-get dist-upgrade' is replaced by 'apt full-upgrade'. Being an all time user of apt-get dist-upgrade, I'd like to know which replacement is better and for what reasons ;)
[20:53] <sarnold> sdeziel: hah, good question. I'm sure someone here's told me once before what full-upgrade does that's better than dist-upgrade but I've forgotten :(
[20:54] <sdeziel> dang... it's OK
[20:54] <sdeziel> thx
[21:04] <Ussat> rangergord, re: snaps, I rip them totally out of all my installs
[21:06] <oerheks> without snapd, no livepatch for you.
[21:43] <Aison0> Why is isc-dhcp-server accessing the ldap server? I have many of those messages: audit: type=1400 audit(1596185703.828:9389): apparmor="DENIED" operation="connect" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/dhcpd" name="run/slapd-inetserv.socket" pid=97436 comm="isc-worker0000" requested_mask="wr" denied_mask="wr" fsuid=110 ouid=0
[21:45] <sarnold> Aison0: wild guess, is your nsswitch configured to do lookups for something through ldap?
[21:45] <sdeziel> Aison0: is this when dhcpd starts up?
[21:45] <Aison0> Aison0, yes
[21:45] <Aison0> I'm using nssswitch to lookup ldap user/groups
[21:47] <Aison0> sdeziel, no, it happens regularly. dmesg is completele spamed with the message above
[21:49] <sdeziel> Aison0: hmm, I'd probably strace dhcpd's PID around the time those audit messages/Apparmor failures get logged
[21:50] <sdeziel> I can't think of anything obvious that would explain why dhcpd would do LDAP lookups
[21:50] <sdeziel> Aison0: maybe pastebin your nssswitch.conf?
[21:51] <Aison0> https://paste.ubuntu.com/p/CTBgmGF5tR/
[21:51] <sdeziel> hosts:          files dns ldap
[21:52] <sdeziel> that's possibly why it's trying to reach out to LDAP
[21:52] <sdeziel> potentially trying to do a reverse DNS lookup or something
[21:59] <Aison0> hmm
[21:59] <sdeziel> or potentially trying to resolve forward DNS from the config?
[22:00] <sdeziel> strac'ing should tell you
[22:24] <Aison0> damn connection...
[22:26] <sarnold> Aison0: the last we saw was: < Aison0> hmm  and you might have missed: < sdeziel> or potentially trying to resolve forward DNS from the config?  < sdeziel> strac'ing should tell you
[22:26] <Aison0> thx
[22:26] <Aison0> I disabled ldap for hosts
[22:26] <Aison0> maybe that's it
[22:26] <sarnold> any success?
[22:27] <sdeziel> could also be used for the networks and aliases lookup. I honestly don't know what those are :/