[06:48] <lordievader> Good morning
[14:06] <ackk> xnox, hi, I have a grub question. what sets net_default_server and pxe_default_server when grub is downloaded over network (tftp or http) ? are the two vars equivalent?
[14:16] <xnox> ackk:  the two variables are not equivalent; grub netboot modules have code to retrieve information from firmware; i.e. poke pxe interface to scrape the dhcp lease from there and populate all of those variables.
[14:17] <xnox> ackk:  in suse/rhel/etc. they added non-upstream patch to do similar scrapping from UEFI http to reuse the EFI acquired dhcp lease for these things.
[14:17] <xnox> ackk:  but Ubuntu's grub doesn't ship those patches yet to also do the same for http boot.
[14:18] <ackk> xnox, I see. I'm trying to understand why does pxe_next_server gets set on https://bugs.launchpad.net/maas/+bug/1899581, although the machine did get grub over http
[14:18] <ackk> xnox, also, is (pxe) an alias for (tftp) ? I didn't find any reference of it in grub manual
[14:22] <maret> hello, I am setting up vsftpd server on ubuntu and I am trying to connect to it by IP address via filezilla biut I am get an error  Permission denied (publickey).Connection closed when running a command sftp user@ipaddress. I also  get an error from filezilla  -> failed to retreive directory listing. The error and vsftpd.conf    can be seen here
[14:22] <maret> https://pastebin.com/HU67phx8
[14:23] <xnox> ackk:  the two are orthogonal =) one is boot protocol; the other is file transfer protocol....... one can pxe boot over NFS/FTP/HTTPS/TFTP etc.....
[14:23] <xnox> ackk:  and EFI-HTTP boot protocol can happen over HTTP or HTTPS file transfer (but others/more might be added soon, i.e. nvme-over-ethernet)
[14:24] <xnox> ackk:  so efi machines; may do either PXE or EFI network boot; and get the files over TFTP/HTTP/HTTPS
[14:24] <xnox> however, some of those combinations currently don't work in our grub =(
[14:25] <xtao> maret: might be wrong about this, but i thought vsftpd was an FTP/FTPS server. sftp is neither of those
[14:25] <ackk> xnox, sure, but IIUC if you "configfile (pxe)/grub/grub.cfg" the server address used by default would be the one set in pxe_default_server, which depends on what happened during network boot?
[14:26] <ackk> (same for (http|tftp))
[14:26] <ackk> well, execpt it would use net_default_server I guess?
[14:46] <xnox> ackk:  true...... but i thought that efi-http patches faked same/similar vars in rhel/suse acutally to make things "still wrok"
[14:46] <xnox> ackk:  i think using net_default_server / next_server is the better ones, indeed.
[14:54] <ackk> xnox, what aboug (pxe) vs (tftp) in the configfile command, what is the difference?
[15:33] <RoyK> xnox: ftp != sftp, the latter is just ftp-like file transfer over ssh, like rsync or scp. FTP is long dead but some still stick to it, like systems from the ninetees or something
[15:34] <maret> xtao sorry i meant ftps,
[15:34] <maret> xtao point being i setup vsftpd but I am having a problem to connect to it
[15:35] <maret> hmm will maybe double check open ports but seems like a config. issue
[15:42] <teward> ftp and ftps both have *two* ports necessary for properly speaking, make sure you haveboth ports open (one's a data port and the other's a control port)
[15:42] <teward> and Passive FTP is a pain to get working sometimes if you use firewalls (gotta whitelist a huge section of ports)
[15:46] <xtao> the error you pasted said Permission denied (publickey) which looks like an authentication error with ssh/sftp where it's tried to authenticate using keys and failed. unless that error was nothing to do with it
[16:03] <teward> that's an SFTP tunneled FTP error, yes.
[16:03] <teward> sftp requires SSH keys, FTP doesn't ;P
[16:06] <patdk-lap> ftps is likely to never work, due to nat
[16:06] <patdk-lap> ftps also doesn't use public keys
[16:07] <JanC> FTPS can use public keys
[16:10] <JanC> (X509 keys)
[16:12] <patdk-lap> guess it depends on the ftp server implementation
[16:13] <patdk-lap> would imagine it would be using the x509 naming, client key
[16:21] <maret> i see so I should use ftps? and just stick with ftp?
[16:25] <patdk-lap> no one should be using ftp, unless you want 0 security
[16:25] <patdk-lap> ftps is almost impossible to make work
[16:26] <patdk-lap> sftp is really the only sane option
[16:27] <teward> ftp and ftps are both obsolete
[16:27] <teward> ftps is a pain to get working, because NAT.
[16:27] <teward> sftp is really the only sane way.
[16:42] <JanC> FTP is okay for anonymous downloads, as it works in most browsers also
[16:43] <Ussat> WAT !!!!!
[16:43] <Ussat> FTP is NEVER ok
[16:45] <xtao> firefox ripped out ftp in some recent version. i thought chrome had done so too actually
[16:45] <JanC> that's sad, as there is no real alternative for it
[16:46] <Ussat> its still in FF and Chrome, but its NEVER ok
[16:46] <xtao> ahhh no they haven't done it yet
[16:46] <xtao> it's scheduled for removal in 2021
[16:46] <Ussat> FTP is nevre never never ok
[16:46] <JanC> IIRC they removed gopher at some point
[16:46] <JanC> Ussat: so what alternative do you have?
[16:47] <Ussat> sftp, ftps, scp
[16:47] <JanC> can't do anonymous sftp/scp
[16:47] <Ussat> so ?
[16:48] <Ussat> FTP is never OK'
[16:48] <JanC> and FTPS _is_ FTP
[16:49] <Ussat> ...
[16:50] <sdeziel> SSH supports anonymous login IIRC
[16:51] <sdeziel> so anonymous sftp is possible
[16:55] <JanC> sdeziel: how would you do that?
[16:56] <sdeziel> JanC: https://superuser.com/questions/1152645/openssh-server-anonymous-account
[16:59] <JanC> right, that was sort of what I was thinking about, but it's not really the same as anonymous FTP (you still need to know what login to use etc.)
[17:01] <JanC> and it's not as easy to use obviously (e.g. no browser support)
[17:01] <Ussat> ...
[17:02] <sdeziel> JanC: true but web browsers are now actively trying to get rid of FTP
[17:02] <JanC> it's sad if there is no good replacement...
[17:03] <JanC> maybe they could implement WebDAV or something instead...
[17:03] <JanC> but that's way more complicated than FTP
[17:04] <ikonia> anonymous ftp is still very much in use/demand
[17:04] <JanC> but it would fit into the everything-over-HTTP-folly
[17:05] <ikonia> I'm still not seeing the everything-over-http demand beyond paper exercises
[17:06] <JanC> pretty much all streaming services do streaming over HTTP now, even if it's worse than dedicated streaming protocols
[17:06] <ikonia> yeah, that is common, same with api's
[17:09] <JanC> it has higher latency, suffers from caching issues (web caches aren't designed for real-time), it's much more complicated to do QoS on it because it's HTTP like everything else, ...
[17:37] <xnox> ackk:  so the prefies in the configfile / variable names is whatever $protocol grub things it can use..... i think......
[17:38] <xnox> ackk:  i will re-read the source code and come back to you with answers that are usable =)
[18:00] <ackk> thanks xnox
[22:01] <jayjo-> Is there a reason to prefer VNC or Spice for working with remote VMs with qemu+kvm?
[22:01] <jayjo-> From kvm-manager, it seems like the defaults are now for Spice
[22:05] <sarnold> jayjo-: this bug says you can get copy-paste across guest/host and arbitrary resolution if you run a guest agent https://bugs.launchpad.net/ubuntu/+source/spice-vdagent/+bug/1200296
[22:17] <jayjo-> I assume that's not available with plain/regular VNC? I am still working on it, but I can connect with VNC, not yet with the Spice defaults
[22:21] <jayjo-> is the vdagent a particular qemu guest agent? https://wiki.libvirt.org/page/Qemu_guest_agent
[22:22] <jayjo-> or https://wiki.qemu.org/Features/GuestAgent? Using QMP commands?
[22:25] <sarnold> I don't recall seeing copy-paste things across vnc, but I rarely used the graphical interface to vms
[22:25] <sarnold> re the agent, binary package spice-vdagent
[23:15] <compdoc> jayjo-, you can connect remotely with vnc? what desktop do you use?