[00:00] <daftykins> presume i'll have to force reboot xD
[00:01] <TJ-> send ctrl-alt-del from the hypervisor?
[00:01] <Bashing-om> daftykins: ' systemctl reboot ' ?
[00:01] <TJ-> you should be able to do systemctl reboot
[00:01] <daftykins> ah well i forced it already
[00:02] <daftykins> it took the password properly that time, booting recovery mode
[00:04] <daftykins> ooh heck of a lot of angry services
[00:06] <TJ-> that's unexpected, unless it is due to no network
[00:09] <daftykins> i popped netplan.io on and copied my conf, so i had an IP but non-working DNS
[00:09] <daftykins> just erased resolv.conf by hand and set a basic one so i could install openssh-server as i seem to have forgotten that too
[00:12] <TJ-> eeek, never delete it, let systemd-resolved manage it
[00:13] <daftykins> it must have had missing paths as the symlink was dead
[00:13] <daftykins> i think i can get by on that much, i just need fstab but it sucks having to edit through this console
[00:13] <daftykins> for some reason SSHing in as my user i get auto disconnected
[00:13] <daftykins> some property of the recovery mode perhaps?
[00:14] <TJ-> does it actually connect? is there a separate /home/ that isn't mounted due to no fstab?
[00:15] <daftykins> yep connects and gets killed after entering a password, nah /home/username is there fine
[00:15] <TJ-> journalctl -u ssh
[00:15] <daftykins> nevermind i have echo'd blkid into /etc/fstab and will just edit it down to what i want
[00:20] <daftykins> this was quite the adventure
[00:20] <TJ-> TIL ?
[00:20] <TJ-> is it working correctly now?
[00:21] <daftykins> still booting
[00:21] <daftykins> i see a message under plymouth "cryptsetup: xvda5_crypt: set up successfully"
[00:22] <daftykins> looks like i made an fstab error
[00:22] <daftykins> anywho i'll keep at it!
[00:22] <daftykins> SSH and login fine :)
[00:23] <TJ-> that means the cryptsetup-initramfs worked correctly
[00:23] <TJ-> nice one!
[00:25] <daftykins> :D thanks for the assist!
[00:25] <daftykins> so i need to fix at least this one from dmesg: [   21.162563] EXT4-fs (xvda1): VFS: Can't find ext4 filesystem
[00:25] <daftykins> not quite sure why that was wrong
[00:28] <TJ-> did you add an entry for xvda1 in fstab?
[00:28] <daftykins> yeah to avoid having to prune down to UUIDs
[00:28] <daftykins> presumably since it's encrypted that's erroneous
[00:28] <TJ-> I suspect you meant to put /dev/mapper/LUKS_BOOT
[00:29] <TJ-> that's where the ext FS is
[00:29] <TJ-> think of the block devices as a stack of those Russian dolls, one inside another ad infinitum
[00:30] <TJ-> then it is easier to relate which block device to reference
[00:30] <daftykins> yep
[00:30] <daftykins> quick fix to /etc/hosts to allow sudo to resolve $hostname
[00:30] <TJ-> sda > sda1 > LUKS > ext4 > dir > file
[00:32] <daftykins> systemctl status appeared to have a problem with a couple of units, might give me clues on what else is broken xD
[00:32] <daftykins> booting again to see what progress i've made
[00:32] <TJ-> at least you made it boot 1st time ... many fail on that
[00:32] <daftykins> hmm seem to be booting to a 30 second GRUB timeout on each boot now
[00:33] <daftykins> hehe :D yeah i can feel slightly smug!
[00:33] <daftykins> in realworld terms though, how far ahead is all this versus using the installer's encrypted LVM option?
[00:33] <TJ-> that timeout is likely due to the OS not setting the boot-success flag that GRUB tests so it shows the menu and runs the timeout
[00:34] <TJ-> well the installer cannot encrypt a separate /boot/
[00:34] <daftykins> mmm so there's the tamper risk
[00:34] <TJ-> that's the entire point of the tutorial
[00:35] <daftykins> yep
[00:35] <daftykins> for my use-case of a VM running atop an XCP-ng host though, do you think both choices are good enough?
[00:35] <TJ-> right - UEFI SecureBoot can at least detect tampering, but this makes it more difficult since kernel and initrd cannot be got at, and you can guard against GRUB's core being compromised in the BIOS boot by simply saving and checking its hash
[00:36] <daftykins> "systemctl status" reports a clean "running" now \o/
[00:36] <daftykins> boot isn't particularly fast, but it gets there
[00:37]  * TJ- awards daftykins the order of Tj, 1st class
[00:37] <TJ-> but it shouldn't boot more than once a year!
[00:37] <daftykins> woohoo \o/
[00:37] <daftykins> hahaha, that's true... well it's going to be an R-Studio server, so once it's created, hopefully there'll not be much trouble
[00:38] <daftykins> thanks to the beauty of virt, i can now snapshot that install and call it 'known good'
[00:39] <daftykins> well, after removing my easy passphrase i suppose ;)
[00:40] <daftykins> wow i think it's time to step away and get food!
[00:41] <TJ-> good plan - I've not eaten today yet (Saturday) and I'm doing an overnighter at the office currently
[00:42] <daftykins> ooh my!
[00:42] <daftykins> big task on?
[00:42] <daftykins> well many thanks once again, hope i didn't distract you too much :D
[00:44] <TJ-> I came in to do some electrical installations but can't make much noise overnight so doing some kernel build and test for our Turris Mox gateway switch/router, since I'm deploying Debian on it with latest kernel
[00:44] <TJ-> I can get on without distractions at weekends
[00:45] <daftykins> ah ha
[00:45] <daftykins> right, to that food young man! :)
[01:49] <TJ-> anyone else think asdfgh isn't really using an Ubuntu install?
[02:10] <daftykins> seems likely and i'm not even in there (:
[03:38] <lotuspsychje> good morning
[03:43] <TJ-> morning lotuspsychje
[03:44] <TJ-> guess who's still working!
[03:44] <lotuspsychje> hey TJ-
[03:44] <lotuspsychje> what madness are you trying to solve this time TJ-
[03:46] <TJ-> right now? checking if the kernel 5.9-rc8 has fixed bugs that affect our Turris Mox gateway/switch/routers ... looks like one may be solved: the hardware switch was eating IPv6 DHCP discovery multicast broadcasts... just tested and client now gets an IPv6 from the DHCPv6 server
[03:47] <TJ-> the other issue is UAS for USB3 storage suffering constant aborts when storage is plugged in. not solved, but there is a workaround of disabling/blacklisting uas and allowing usb_storage module to handle it instead
[03:47] <lotuspsychje> wow must be some shiny router if it needs 5.9
[03:48] <TJ-> the opposite. Turris ship it with an old 4.4 stable branch and openwrt, but I want Debian 10 + latest upstream kernel
[03:49] <lotuspsychje> i see
[03:49] <TJ-> The Mox is an amazing bit of kit - expandable via plug-on modules so we've got 3 x 8 gigabit ethernet modules, 1 x 4-port USB3, 1 x mini PCIe + SIM card slot, 1 x SFC port, and of course the CPU module itself
[03:50] <TJ-> so 26 gigabit ethernet ports
[03:50] <lotuspsychje> never heared of that brand before
[03:51] <TJ-> it's an open-source hardware project from nic.cz the Czech network infrastructure organisation. They started off with a kickstarter for the home router Turris Omnia and then developed the Mox for business and ISP
[03:52] <TJ-> think - souped up RasPi designed for networking
[03:53] <lotuspsychje> didnt know czechs were hardware players too :p
[03:59] <lotuspsychje> reviving old routers with linux, \o/
[04:03] <daftykins> most abandoned ones are on Linux :D
[04:04] <lotuspsychje> hehe
[04:13] <TJ-> Mox is very good; takes a lot to impress me but colour me impressed. We've been using them for about 6 months now
[04:15] <TJ-> the expandability via plug-on modules is the best bit by far. Add as many ethernet ports as you need
[04:16] <daftykins> ooh
[06:26] <Deyaa> How can I pass client IP throught nginx reverse proxy all the way to the website?
[06:27]  * daftykins looks at the topic
[06:38] <Maik> !topic | Deyaa
[06:39] <Maik> hmmm... doesn't work, too bad
[06:39] <Deyaa> I'm Sorry
[06:39] <Maik> np
[06:39] <Deyaa> Maik: I thought it is related to Ubuntu
[06:40] <Maik> support is in #ubuntu
[06:40] <Maik> this channel is non-support
[06:42] <lotuspsychje> Deyaa: there's also ##networking for network issues general
[06:43] <Deyaa> Okay thanks guys I appreciate it
[06:44] <Maik> yw
[18:49] <oft_gegong> is ubuntu done right?
[18:50] <oft_gegong> I'm 93% sure at least 84.7% of it is done right.
[22:18] <tomreyn> TJ-: i guess you could say so, at least for new users who do not know about terminal, synaptic, gnome-software
[22:19] <TJ-> it's the NIH aspect that is so wrong, and Canonical has a terrible record in that regard
[22:19] <tomreyn> it's how you make money
[22:20] <tomreyn> that's if it ever works out
[22:20] <TJ-> I disagree.. because now they've increased their cost base (dedicated developers)
[22:21] <tomreyn> you mean for developing the snap store?
[22:21] <TJ-> and when the next round of reorganisation/cuts hits, those devs may well be gone and it'll end up on life-support or orphaned as with Unity, ecryptfs, and countless others (Ubuntu One, etc.)
[22:21] <TJ-> tomreyn: developing and supporting the whole snap infrastructure... that'll only make money if it can reach a critical mass, but it is driving the audience away from Ubuntu
[22:23] <tomreyn> i'm sure it would if ubuntu server goes apt-less, i.e. becomes ubuntu core
[22:23]  * daftykins shudders in horror
[22:24] <TJ-> snap has driven me away and I've been a big supporter since 2004. I'm moving all our infra and workstations away to Debian/ I adopted LXD for containers but since it went snap-only I've dumped it and we now use k3s/k8s (Kubernetes)
[22:24] <TJ-> won't touch micro-k8s
[22:25] <TJ-> We've a few workstations still on Xubuntu but they're going to be moved off before xmas
[22:25] <tomreyn> TJ-: i think there are basically two strategies by which canonical can make money: support services + ready-made solutions and hosted services, all of which they do and how they're surviving. and those vendor lock-in OS changes, but this only works when critical mass accepts them, which so far hasn't happened, and i don't think it will, ever.
[22:26] <TJ-> And of course we know longer recommend Ubuntu to clients
[22:26] <tomreyn> i'm also moving back to debian, but it's a process
[22:26] <TJ-> tomreyn: agreed mostly; the niche for Ubuntu (server) is in cloud deployments and for desktop the relationship with Microsoft
[22:27] <TJ-> yep it is, but quite enjoyable :)
[22:28] <TJ-> Ironically though, I cannot support Debian on IRC since they have a stupid block on any IRC user with !*root*@  duh
[22:28] <TJ-> makes them read-only so cannot 'talk', or directly block from joining
[22:28] <tomreyn> i'm not so happy with debian on a desktop. gnome-shell is nice there, without the changes, but those older software versions without PPAs aren't great. i guess i just need to start backporting myself.
[22:28] <daftykins> O_O
[22:29] <tomreyn> hehehe, block on root@irc
[22:29] <daftykins> quick client config edit surely? :)
[22:29] <TJ-> ridiculous isn't it
[22:29] <tomreyn> is this on both freenode and oftc?
[22:29] <TJ-> it's just theatre, whoever set that doesn't understand IRC nor the IDENT protocol
[22:29] <TJ-> tomreyn: yes, both
[22:30] <tomreyn> they have some stubborn sysadmins for sure
[22:30] <tomreyn> sometimes that's good, other times bad
[22:30] <TJ-> OFTC: /join #debian = "#debian: Cannot join channel (+b)"
[22:31] <tomreyn> well, i guess you could work around it if you wanted ;)
[22:31] <tomreyn> but i also understand why you wouldnt
[22:32] <jeremy31> Using a terminal based IRC client
[22:32] <TJ-> their loss :)
[22:33] <TJ-> I run an ident server so can authenticate as root@ too
[22:33] <tomreyn> TJ-: turns out the person you were helping is actually using unity, so maybe it was an entirely different 'app store' they had
[22:33] <TJ-> tomreyn: yeah I noticed that... Unity on 20.04 ?
[22:33] <tomreyn> it's still in universe, i think
[22:34] <TJ-> right, but not a 'default' install option as was inferred
[22:34] <daftykins> apparently a couple of people are trying to get it back in as a flavour
[22:34] <tomreyn> oh, i think there is a fork which comes with unity
[22:35] <TJ-> I was helping a user with 2 NVMEs where one controller was disappearing randomly in ##linux ... I suggested swapping them between slots and so far the issue hasn't recurred! hard to explain the cause of that kind of voodoo
[22:35] <TJ-> daftykins: "couple" :D
[22:35] <jeremy31> bad connections
[22:35] <TJ-> jeremy31: it looks like a firmware bug
[22:36] <daftykins> PCIe lane count / controller+firmware a bad mix maybe
[22:36] <jeremy31> TJ-: could be
[22:36] <TJ-> the NVMEs aren't identical and there is some evidence that the 2 slots aren't identical - some additional GPIO 'stuff' apparently
[22:37]  * tomreyn shudders
[22:37] <TJ-> strangely the NVME that doesn't meet the spec (and is reported as such by the kernel) works fine; it's the 'correct' NVME that has the issue
[23:08] <daftykins> hrmm just noticed my sources.list in the debootstrap'd VM is very spartan, single line!
[23:11] <Bashing-om> daftykins: My spartan source.kist - for your reference: https://termbin.com/w6rkd .
[23:11] <daftykins> :) thanks, much appreciated
[23:13] <tomreyn> the canonical partner repository only contains adobe flash (which i think will finally die by the end of this year), and google-cloud-sdk for focal
[23:13] <tomreyn> so you may not even need that
[23:14] <daftykins> confused, i did a clean server install last night whilst tinkering - and that has universe and multiverse enabled, is that really default o0
[23:17] <tomreyn> shouldn't be, i guess, and i think there were bug reports about it before
[23:18] <tomreyn> daftykins: which image did you use?
[23:18] <daftykins> live-server
[23:18] <daftykins> 20.04.1
[23:18] <Bashing-om> daftykins: Great we  looked - I see an Uh OH in my sources.list file :(
[23:19] <daftykins> ubuntu-20.04.1-live-server-amd64.iso to be more precise
[23:23] <tomreyn> https://bugs.launchpad.net/subiquity/+bug/1783129
[23:24] <daftykins> that's the opposite of what i'm seeing
[23:24] <daftykins> https://termbin.com/w2na
[23:24] <tomreyn> yes, my point is that the configuration was changed on purpose
[23:27] <Bashing-om> Nope - my sources.list stands as good - I just thought I had made an error :)
[23:30] <tomreyn> https://bugs.launchpad.net/subiquity/+bug/1783129/comments/33 seems to state (i'm paraphrasing) "we want universe and it is now in there (again)"