[02:01] <Sven_vB> hi :) does Ubuntu focal have drivers for RTL8152B network adapter? are they available on apt?
[02:05] <Sven_vB> also, how do I discover that? my search engine only finds tutorials for how to compile it. OTOH, Realtek network adapters usually work out of the box, which would explain why no-one blogs about them.
[02:05] <Sven_vB> (except for compile help)
[02:06] <JackFrost> The description of firmware-realtek includes   * Realtek RTL8152/RTL8153 firmware (rtl_nic/rtl8153b-2.fw)
[02:08] <Sven_vB> that's really close
[02:09] <oerheks>  fixed in the 5.9 kernel
[02:09] <oerheks> !hwe
[02:09] <oerheks> hwe give 5.11 ..
[02:09] <oerheks> https://itectec.com/ubuntu/ubuntu-cant-get-rtl8125b-working-on-20-04/
[02:10] <Sven_vB> does that mean the upcoming LTS will ship with the drivers?
[02:10] <oerheks> interesting how you would update..
[02:10] <oerheks> oh, sure
[02:10] <ravage> the current LTS ships with the drivers
[02:10] <oerheks> or install 21.10
[02:11] <Sven_vB> that sounds good. thanks JackFrost, oerheks and ravage. :)
[02:11] <ravage> 20.04 HWE is 5.11 or with edge even 5.13
[02:11] <ravage> so it should just work
[02:13] <tomreyn> and apparently the firmware is only needed for half duplex
[02:13] <tomreyn> ...seeing the commit message here https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/drivers/net/ethernet/realtek?id=0439297be95111cf9ef5ece2091af16d140ce2ef
[02:15] <jhutchins> tomreyn: So yet another mark against "wifi always needs non-free firmware".
[02:18] <tomreyn> jhutchins: i assume you're not quoting me?
[02:18] <oerheks> "always' is not true.
[02:19] <oerheks>  RTL8125B is wired, 2,5 gbE
[02:28] <jhutchins> I wonder if that's what the Intel firmware is for.
[06:14] <luca2006> film
[06:15] <matsaman> yes
[07:22]  * imman [ 0day (xc) Our ] OFFICIAL CHANNEL FOR DEAL 0DAY https://un.org https://tjc.org ... . https://ircnow.org channel #0dev and channel #0day
[07:36] <EugenMayer> Hello. Running 20, is it to be expected that checkarray triggers a rebuildArray/RebuildFinished event when it runs (regularly) just out of no reason (raid is just fine)?
[08:01] <pagios>  talking about PXE boot, i understand that one image can be deployed to multiple PCs over the network, my question is how is that achieved when the clients are not in total sync ? One pC asks for the image now, another asks after 5 seconds, the server sends the data to client1, but client2 is lagging how is that solved?
[08:36] <iomari891> greetings, many of my launchpad repos read "Cannot initiate the connection to ppa.launchpad.net:80 (2001:67c:1560:8008::19). - connect (101: Network is unreachable) [IP: 91.189.95.85 80]". ARe there alternative repos for launchpad?
[08:49] <iomari891> correction: I can't connect to any launchpad repo.
[10:30] <mozambique> I have a  raid controller can some one help me isntall it
[10:30] <mozambique> *install it
[10:42] <webchat10> hello. I have a catch 22 situation. I can't start apache2 because it is missing an SSL certificate from letsencrypt but I can't fix letsencrypt certificate because I don't have a live webserver
[10:47] <webchat10> any suggestions to point me in the right direction? Otherwise, I am thinking I might have to remove apache2 and reinstall...
[10:47] <webchat10> Jan 19 03:09:47 BELV-SERV4-NVR systemd[1]: Starting The Apache HTTP Server...
[10:47] <webchat10> Jan 19 03:09:48 BELV-SERV4-NVR apachectl[2173]: Action 'start' failed.
[10:47] <webchat10> Jan 19 03:09:48 BELV-SERV4-NVR apachectl[2173]: The Apache error log may have more information.
[10:47] <webchat10> Jan 19 03:09:48 BELV-SERV4-NVR systemd[1]: apache2.service: Control process exited, code=exited status=1
[10:47] <webchat10> Jan 19 03:09:48 BELV-SERV4-NVR systemd[1]: apache2.service: Failed with result 'exit-code'.
[10:47] <Maik> !paste | webchat10
[10:50] <webchat10> Jan 19 03:09:47 BELV-SERV4-NVR systemd[1]: Starting The Apache HTTP Server...
[10:50] <webchat10> Jan 19 03:09:48 BELV-SERV4-NVR apachectl[2173]: Action 'start' failed.
[10:50] <webchat10> Jan 19 03:09:48 BELV-SERV4-NVR apachectl[2173]: The Apache error log may have more information.
[10:50] <webchat10> Jan 19 03:09:48 BELV-SERV4-NVR systemd[1]: apache2.service: Control process exited, code=exited status=1
[10:50] <webchat10> Jan 19 03:09:48 BELV-SERV4-NVR systemd[1]: apache2.service: Failed with result 'exit-code'.
[10:50] <webchat10> Jan 19 03:09:48 BELV-SERV4-NVR systemd[1]: Failed to start The Apache HTTP Server.
[10:50] <Maik> sigh
[10:52] <Maik> webchat10: use  https://paste.ubuntu.com
[10:52] <webchat10> [Wed Jan 19 03:09:48.060678 2022] [ssl:emerg] [pid 2343:tid 139773782346688] AH02572: Failed to configure at least one certificate and key for www.example.com:443
[10:52] <webchat10> [Wed Jan 19 03:09:48.060976 2022] [ssl:emerg] [pid 2343:tid 139773782346688] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[10:52] <webchat10> [Wed Jan 19 03:09:48.060997 2022] [ssl:emerg] [pid 2343:tid 139773782346688] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
[10:52] <webchat10> AH00016: Configuration Failed
[10:52] <Maik> dude
[10:52] <Maik> what we asked you to do?
[10:53] <Maik> webchat10: or are you just fooling around, flooding the channel...?
[10:53] <webchat10> no, first time trying this site to ask for some help since my website is donw
[10:54] <webchat10> down
[10:54] <Maik> i told you twice to use  https://paste.ubuntu.com
[10:54] <webchat10> I tried copying some output to that paste.ubuntu.com and then I copied from there.
[10:54] <webchat10> Doesn't look right yet? you can't see my output?
[10:54] <Maik> you need to post the link....
[10:55] <webchat10> https://paste.ubuntu.com/p/VR57fspZ58/
[10:57] <webchat10> https://paste.ubuntu.com/p/zTBDkMB3R3/
[10:58] <webchat10> I changed my real domain and put example.com
[10:58] <webchat10> So, I'm asking how to remove references to my certificate and then i can try reissuing the certificate
[10:59] <Maik> that's all beyond my knowledge, wait for someone who knows how to assist you further
[10:59] <Maik> or ask in #linux maybe
[10:59] <webchat10> I messed up and only created my certificate via letsencrypt for i.e. example.com but not for www.example.com and I'm trying to fix it
[10:59] <djph> edit /etc/apache2/sites-available/yoursitename.conf (BACKUP FIRST!)
[10:59] <djph> oh
[10:59] <djph> oh
[10:59] <webchat10> I had used certbot
[10:59] <djph> in that case, just ask LE for the "www." as well
[10:59] <djph> um
[11:04] <djph> webchat10: certbot certonly -d comma,separated,domain,list --dry-run
[11:05] <djph> webchat10: note the "--dry-run" option -- that will let you verify the command will do what you expect.  If all looks well, re-run the command without that option.
[11:05] <webchat10> right. but I already removed my certs so I have to start over with certbot
[11:05] <webchat10> so, the error relates to missing my certificates (not found)
[11:07] <djph> Either (1) remove the symlink in /etc/apache2/sites-enabled/site-https so that apache doesn't try to spin up that webserver
[11:08] <djph> or (2) comment out the entire host:443 configuration directive in the file (if one config file is handling both 80 and 443)
[11:08] <djph> then restart apache.
[11:09] <webchat10> I try that
[11:22] <webchat10> I tried commenting out the two seperate directive files for 80 and 443 and then i remembered I probably want to the directive file for 80 and I restored its backup (for the port 80 directive file). But not working. I tried restarting apache2 but still won't start. The log file says it is still missing certificate file *.pem
[11:23] <djph> why did you touch ANYTHING in the :80 directive file
[11:23] <webchat10> its all ok, I restored it
[11:23] <djph> also, why is your :80 file referencing a cert at all?
[11:23] <webchat10> Its not
[11:24] <djph> how many sites are in sites-enabled?
[11:24] <djph> wait
[11:24] <djph> also
[11:24] <djph> EVERYTHING in /etc/apache2/sites-enabled is a SYMLINK back to /etc/apache2/sites-available, right?
[11:25] <webchat10> 2 virtual hosts. my site I'm trying to restore and one called example.com to see if could get 2 different web sites to show on localhost
[11:26] <webchat10> not sure about that
[11:26] <djph> webchat10: okay, check that
[11:29] <webchat10> https://paste.ubuntu.com/p/W7gYWdsg4v/
[11:29] <webchat10> It appears it is symlinked
[11:31] <djph> indeed
[11:31] <djph> so then just remove the symlink 000-default-le-ssl.conf
[11:31] <webchat10> in enabled or available?
[11:32] <djph> the SYMLINK is in sites-enabled
[11:32] <djph> leave the file in sites-available alone
[11:32] <webchat10> do you know syntax to remove symlink?
[11:33] <djph> "rm"
[11:33] <djph> well, "sudo rm thefilename"
[11:40] <webchat10> ok. If I go to the ip address the site works but if I go to http://sitename.com it tries to go to https://sitename.com and won't work yet
[11:41] <webchat10> so there is some file telling it to force to the https version of the site.
[11:44] <webchat10> RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
[11:44] <djph> yes, that configuration directive is in your default:80 file
[11:44] <webchat10> I'll try commenting out that?
[11:44] <djph> comment that out for the time being, then restart apache.
[11:45] <djph> although, as i recall, that doesn't actually mess with certbot
[11:48] <webchat10> yeah. commenting it out didn't work, the browser is still trying to redirect to https
[11:50] <djph> oh, it was a permanent redirect.  The browser remembers. Use a different browser / forget the site from the one you're using
[11:51] <webchat10> I'll try
[11:52] <djph> note that "forgetting" a site will also tend to remove stored passwords, so be careful there ;)
[11:53] <webchat10> another browser works fine for port 80 so I can now try to fix the certificate
[11:53] <webchat10> I think you so much. I'll advise if certbot gives me issue
[11:54] <webchat10> I can see how to do the sitename.com and www.sitename.com I think with certbot, I just missed it the first time
[12:03] <webchat10> https://paste.ubuntu.com/p/dwczKYSGRh/
[12:03] <webchat10> I know this isn't letsencrypt support but, I'm getting closer, just not quite right yet
[12:04] <nyuszika7h> how do I fix a cancelled snap refresh?
[12:04] <nyuszika7h> ❯ snap refresh telegram-desktop --edge
[12:04] <nyuszika7h> error: cannot refresh "telegram-desktop": refreshing disabled snap "telegram-desktop" not supported
[12:04] <nyuszika7h> ❯ snap enable telegram-desktop
[12:04] <nyuszika7h> error: snap "telegram-desktop" has "refresh-snap" change in progress
[12:06] <nyuszika7h> nvm, `snap abort --last=refresh` fixed it
[12:10] <djph> webchat10: See the logfile /var/log/letsencrypt/letsencrypt.log
[12:14] <webchat10> There is a bunch of information in theletsencrypt log about snap and the python script
[12:16] <djph> and I would imagine also the error it encountered
[12:16] <webchat10> it just says stopiteration, an internal error occured
[12:17] <djph> ... this is why I use 'certonly' ...
[12:17] <djph> actually, try that
[12:17] <djph> certbot certonly -d yourdomain.tld,www.yourdomain.tld --dry-run
[12:18] <djph> obviously, replace "yourdomain.tld" with the actual domain.
[12:18] <webchat10> right. Ok.
[12:18] <webchat10> so dry run to see if it will work, and then if it is succesfull, try again without dry run?
[12:18] <djph> yes
[12:19] <djph> basically "certonly" tells certbot that you only want it to get you the certificate(s) and that you will do the work yourself to link them in the relevant application(s)
[12:22] <webchat10> dry run says successful
[12:24] <djph> OK, so then run it without "dry run" (and PAY ATTENTION to the filenames / paths)
[12:24] <djph> er without "--dry-run"
[12:28] <webchat10> it just says no resert required. I did not choose to create new certs
[12:29] <webchat10> renewal not required
[12:29] <BluesKaj> Hiyas all
[12:30] <webchat10> I also restored my backup 443 directive file
[12:30] <djph> then certbot successfully created / downloaded your certs before.  Did it give you the Certificate Path?
[12:30] <webchat10> should I try creating new certs
[12:30] <webchat10> it didn't ask
[12:30] <djph> it doesn't _ask_ ; it _tells_ you
[12:30] <webchat10> yes, it says where the certs were saved
[12:31] <djph> okay, so edit your /etc/apache2/sites-available/domain-443 file, and make sure the apache directive for the certificate and key file is correct
[12:32] <webchat10> ok
[12:33] <djph> heyo BluesKaj
[12:33] <BluesKaj> hey djph
[12:34] <djph> webchat10: IIRC, it'll be  SSLCertificateFile /etc/letsencrypt/live/[site]/fullchain.pem  and SSLCertificateKeyFile /etc/letsencrypt/live/[site]/privkey.pem
[12:35] <webchat10> those pem file names should be listed in /etc/apache2/sites-available/000-default-le-ssl.conf?
[12:35] <djph> whatever file controls your HTTPS site
[12:36] <webchat10> right that is the file name that controls 443 directive
[12:36] <djph> if it's "000-default-le-ssl.conf", then yes.
[12:45] <webchat10> I added those lines and now it works! thianks so much for your help
[12:51] <badp> dearest creatures in creation, I have a question for your attention: does Ubuntu 21.10 use systemd-resolved, and/or will Ubuntu 22.04?
[12:52] <badp> (I'm currently using 20.04)
[12:52] <djph> badp: I'm pretty sure -resolved has been used since like 18.04
[13:03] <webchat10> My web site came up but it didn't show as secure. I had deleted the symbolic link previously. I re-added it here:
[13:03] <webchat10> sudo ln -s /etc/apache2/sites-available/000-default-le-ssl.conf /etc/apache2/sites-enabled/000-default-le-ssl.conf
[13:03] <webchat10> sudo service apache2 restart. now it shows with the padlock
[13:24] <tomreyn> iomari891: if the launchpad issue still affects you, and you think it's not your end but the server side, check the /topic in #launchpad for how to report such issues.
[13:30] <djph> webchat10: then you're good.  if you want, re-edit the default.conf so that it sends the https redirect
[13:36] <tomreyn> webchat10: there are the a2ensite and a2dissite commands for managing the symlinks in sites-enabled. and similarily a2enmod + a2dismod for modules.
[13:37] <badp> djph: you're right, I had misdiagnosed things. 20.04 does ship with resolved, it's just misbehaving for me
[13:38] <badp> for context, I'm the victim of Enterprise Grade Closed Source VPN Software™, wherein version 5.2 and 5.3 of global protect® take completely different routes in setting DNS things with... version 5.2 modifies resolv.conf directly (which is dirty but works well enough), whereas version 5.3 configures systemd-resolved (which is probably more elegant but only works for a few minutes before breaking). Hopefully resolved is better behaved in 22
[13:38] <badp> .04
[13:39] <badp> or Those Responsible will fix their Enterprise Grade Closed Source VPN Software™ :/
[13:40] <tomreyn> can't you just use openconnect?
[13:43] <badp> apparently there's a way to do that and still go through Okta®, yes, but I've already burned on this topic about 200% of the spoons I had budgeted :)
[13:44] <badp> thanks for the help~
[13:44] <djph> badp: wouldn't know. I don't use either :)
[13:44] <badp> wouldn't wish it on you either
[15:14] <Sven_vB> hi :) I'm using Ubuntu focal with NetworkManager for wifi. I want it to reconnect to the wifi whenever the access point's MAC disappears from the ARP list (arp -n). is there an easier way than writing my own bash script to periodically $(arp -n | grep …)?
[15:17] <Sven_vB> well yes, use the return value of grep -q … :D but really I meant just "than my own script".
[15:20] <djph> Sven_vB: as in NM loses the connection and doesn't automatically reconnect?
[15:31] <leftyfb> Sven_vB: why are you specifically mentioning "whenever the access point's MAC disappears from the ARP list"? Sure that happens when an AP is offline for some amount of time, but why exactly have you dug that deep?
[16:14] <Sven_vB> djph, according to NM the connection is still up. it seems dead though, yes.
[16:16] <Sven_vB> leftyfb, the AP's MAC was easy to find in iwconfig output, so arp -n was my first idea to check if it's online
[16:18] <leftyfb> Sven_vB: I don't understand using the client's arp table to determine if an AP is up. Doesn't the AP software/controller for this sort of thing? Or just a ping?
[16:18] <Sven_vB> originally my plan was to look up the IP in arp -n and then ping the AP, but it turns out that it vanishes from the list soon enough so pinging wasn't even necessary.
[16:19] <Sven_vB> my assumption is that the AP is always up, so if it becomes invisible, it's a local problem. only one of 8 Ubuntu focal machines is affected.
[16:20] <leftyfb> Sven_vB: I can't think of any case where a single AP would "become invisible" to 1 client and not others. Not unless it was done on purpose
[16:21] <Sven_vB> since "nmcli connection up id $wifiname" solves the problem, I assume it's a software problem.
[16:21] <leftyfb> I doubt it
[16:21] <leftyfb> just masks the problem
[16:22] <Sven_vB> probably some weird driver glitch for that one antenna chipset
[16:22] <djph> leftyfb: see it all the time when my mom takes her tablet outside :D
[16:22] <leftyfb> djph: yeah, that's a loss of signal and expected
[16:22] <Sven_vB> my attempts to fix the underlying problem have exhausted my spare time, so for now I'm ok with just reconnecting quickly enough
[16:23] <djph> leftyfb: yeah, you tell your luddite mom that and see what happens :D
[16:24] <Sven_vB> oh, I see now your doubt was referring to "solve"
[16:25] <Sven_vB> agreed then.
[16:29] <jsbach> hi, just wondering. what is the best way to stream internet radio on ubuntu? especially tune-in radio
[16:29] <Sven_vB> jsbach, send or receive?
[16:30] <jsbach> Sven_vB, just receive as an  audio player
[16:30] <Sven_vB> I like qmmp for that
[16:31] <jsbach> want to be able to login to tunein-radio.com for example
[16:31] <jsbach> Sven_vB, thanks. is that not the new xmms?
[16:31] <Sven_vB> I think it is
[16:32] <jsbach> ok
[16:32] <Sven_vB> if they use HTTP Basic Auth via HTTPS, you can probably just insert "user:pass@" in front of the hostname
[16:33] <jsbach> ah! ok! gotta google it. no time now. thought, ubuntu has already ported in some project which has a comfortable gui for that.
[16:33] <pirateman[m]> https://matrix.to/#/#thefreedomcellnetwork:halogen.city
[16:33] <jsbach> anyways nevermind
[16:33] <Sven_vB> jsbach, there may be more specialized projects indeed
[16:41] <octav1a> jsbach uses ubuntu, my life is complete
[16:45] <octav1a> Anyway I've got a question, I have a small compute cluster on a university network with five ubuntu 20.04 machines. They are all just dhcp. for a few years DNS seemed to work, you can ping the hostname of any of them and it resolves correctly. Yesterday I needed to do some maintenance on two of the five. The procedure was identical, they both came back up however, for one of them, the dns server seems to still have the old address cached, so using the
[16:45] <octav1a> hostname times out. But the other came up perfectly. I've tried running $ systemd-resolve --flush-caches on both the server itself as well as other machines on the network that try to connect, and I've of course waited  overnight. Why is the dns server still giving incorrect address?
[16:46] <jsbach> octav1a, even i have to do some compromises
[16:46] <octav1a> lol
[16:46] <octav1a> I'm glad Brandenburg 5 wasn't one of them.
[16:47] <Sven_vB> octav1a, hostname as in DHCP assignes fixed IPs by MAC, or do you mean avahi/mDNS hostnames?
[16:47] <djph> octav1a: weird that the host didn't just get the same IP address back.
[16:47] <Sven_vB> octav1a, how does the DNS server know about DHCP changes?
[16:50] <octav1a> Sven_vB: network admin is not completely my area of expertise, so I'm open to getting a better idea of what's actually going on. I assumed that by giving a hostname to the machines during the setup process, this name was transmitted to the network sometime after it was first connected. Therefore I'm assuming there should be some similar mechanism to update the address.
[16:50] <octav1a> I'm not sure how the IPs are distributed but obviously it's not static to MAC long term.
[16:51] <octav1a> (which I would assume for any CHDP really)
[16:51] <octav1a> DHCP*
[16:52] <octav1a> maybe this is more networking but I'm thinking there should be a suite of tools in ubuntu that would help to manage or configure these things at a high level.
[16:54] <Sven_vB> in your scenario it would seem useful to assign static IPs. that way you can give longer validity periods for the DNS entries.
[16:55] <Sven_vB> you'll need some way to notify the DNS about IP changes. if you use dynamic IPs, a good way would be to make the DHCP server notify your DNS.
[16:57] <octav1a> Are these things all controlled by the administrators of the DHCP and/or DNS server administrators? There would not be a way to 'push' the changes from the client machines? I don't manage those parts of the network.
[16:57] <jhutchin1> What is running your DNS server? Your DHCP server?  Do they talk with each other?
[16:58] <mncheckm> where is the focal server guide source? I can't find it in https://launchpad.net/serverguide only focal
[16:58] <mncheckm> I mean only bionic and xenial
[16:58] <ogra> mncheckm, probably a question for #ubuntu-server ...
[16:59] <mncheckm> ogra, for me that channel is empty since some time
[16:59] <mncheckm> ogra, never mind, it was a typo
[16:59] <ogra> 232 people there 🙂
[16:59] <Maik> https://ubuntu.com/server/docs
[17:00] <ogra> Maik, the source of it 😉
[17:01] <Maik> oops, my bad
[17:01] <oerheks> https://code.launchpad.net/serverguide
[17:02] <ogra> https://discourse.ubuntu.com/t/ubuntu-server-guide/12504 actually
[17:02] <ogra> IIRC all official docs moved to discourse as input/source
[17:34] <jhutchins> ogra: Perhaps there are some old links that we could clean up.
[17:36] <ogra> jhutchins, for sure
[17:41] <jason1237> hello
[17:42] <jason1237> have you managed to port PKGSRC to Ubuntu? I asked about 2 years ago. is it done already?
[17:43] <ogra> whom did you ask ?
[17:43] <jhutchins> jason1237: Why do you want it?
[17:43] <ogra> perhaps he/she is still around to answer 🙂 )
[17:44] <leftyfb> isn't that like asking about porting yum?
[17:44] <jhutchins> Isn't pkgsrc a package management system?  It would seem more likely for individual packages to be ported.
[17:44] <jhutchins> leftyfb: Yeah.
[17:44] <ogra> one could create a snap of it 😛
[17:44] <jhutchins> leftyfb: Then again, Yellowdog Update Manager...
[17:45] <jason1237> jhutchins: to make a package from source automatically, using user account.
[17:45] <leftyfb> jason1237: I see zero reason for any linux distro to port pkgsrc to linux
[17:45] <jason1237> jhutchins: pkgsrc is beautiful, innovative tool. it would be time to port it, after so many years.
[17:45] <jhutchins> jason1237: There are several ways to do that in native Ubuntu.
[17:45] <jason1237> why root account?
[17:46] <jason1237> jhutchins: i believe that native ubuntu, can do that.
[17:47] <jason1237> jhutchins:  pkgsrc :   cd www/firefox-esr ; make        <-- ubuntu certainly do that.
[17:47] <leftyfb> jason1237: yes, you can compile applications on ubuntu
[17:48] <webchat23> I found this jason1237 https://www.reddit.com/r/bashonubuntuonwindows/comments/eui9od/unprotip_using_netbsds_pkgsrc_within_ubuntu_lts/
[17:48] <jason1237> you need too and libs manually, in ubuntu.
[17:48] <jason1237> here it works in a single command and well: "make"
[17:48] <oerheks> Is that an issue? getting libs ?
[17:49] <jason1237> oh god
[17:49] <jason1237> i loose my time.
[17:49] <leftyfb> I feel like we disappointed them :)
[17:49] <leftyfb> now I'm not going to be able to sleep tonight
[17:49] <oerheks> I am so sorry, leftyfb
[18:12] <Kobaz> how would i go about making ssh logins go faster?  'markm {~} kobaz$ time ssh root@vbox-markm-64 ls' ---> real    0m0.265s       'markm {~} kobaz$ time ssh root@ch-dh.client ls'  --->  real    0m5.803s
[18:12] <Kobaz> I was thinking it could be dns lookups... but i have my ip in /etc/hosts on the ch-dh box
[18:13] <Kobaz> vbox-markm-64 is debian/buster   and ch-dh is ubuntu/bionic which is much-much slower
[18:14] <Kobaz> also... UseDNS no on ubuntu/bionic, doesn't make ssh any faster
[18:14] <Sven_vB> what's the latest leafpad that was shipped as a deb package, and which Ubuntu had it?
[18:15] <Kobaz> https://dpaste.com/2YYMEZN7L  does this have anything to do with sshd slowdowns? livepatch?
[18:16] <Sven_vB> from the man page search I found that bionic had leafpad 0.8.18.something, ... and then I found that it's a link to the package. nice.
[18:17] <tomreyn> Kobaz: use "time nc -z IP PORT" to measure the time spent on setting up the tcp connection
[18:17] <Kobaz> tomreyn: 0.03 seconds
[18:17] <tomreyn> for both?
[18:18] <Kobaz> vbox-markm-64 is .006
[18:18] <Kobaz> it's local on the lan... where ch-dh is on a vpn, with 30ms ping
[18:18] <tomreyn> so the network does not seem to pose an issue in both cases. now try the same for both using hostnames rather than ip addresses
[18:19] <Kobaz> correct
[18:19] <Kobaz> tomreyn: that's using hostnames actually
[18:19] <Kobaz> both hostnames are in local dns zones. so it's doing lookups as well, included in the time
[18:19] <tomreyn> okay, not what i sggested but thios means its neither the network nor the name resolution - on a quick glance
[18:19] <Kobaz> correct
[18:20] <tomreyn> so do the ssh connection on localhost on both systems
[18:20] <Kobaz> i knew it wasn't a network issue
[18:20] <tomreyn> we did not, though
[18:20] <Kobaz> yeah, that's fine
[18:21] <tomreyn> what does "yeah, that's fine" respond to?
[18:21] <Kobaz> localhost ssh is slow, yeah
[18:21] <Sven_vB> ... and then I found I don't even need to know which Ubuntu shipped it, and can instead just browse http://archive.ubuntu.com/ubuntu/pool/universe/l/leafpad/ .
[18:21] <Kobaz> that's fine: that you didn't know, and needed to find out
[18:22] <tomreyn> it's nice when you share relevant info, but it's also good that we established that.
[18:22] <tomreyn> so ssh localhost is slow somehwere. where?
[18:22] <Kobaz> if I were to hazard a guess, it's this snap.canonical-livepatch that kicks off when you ssh
[18:22] <Sven_vB> well I guess I need to still guess a version for the signature checks though.
[18:22] <Kobaz> tomreyn: on the ch-dh box
[18:23] <Kobaz> so, login prompt comes up quick, and then when you authenticate, then there's a delay
[18:23] <Kobaz> always wondered what caused that
[18:23] <tomreyn> Kobaz: shoould i then ask whether it is also slow on the other system or will you check on your own?
[18:23] <Kobaz> tomreyn: it's not.. vbox-markm-64 box is completely 'normal'
[18:24] <Kobaz> so basically i'm comparing another box with a pretty typical ssh setup on debian, to a typical out-of-the-box setup for ssh on ubuntu, and ubuntu is considerably slower for authenticating ssh
[18:24] <tomreyn> Kobaz: so compare authentication mechanisms used on both system, sshd (server) and ssh (client) configurations, and sshd versions.
[18:24] <Kobaz> both are using local pam with local user acounts
[18:25] <Kobaz> just wondering if there's like 'normal fixes' for that type of thing
[18:25] <Kobaz> like if you
[18:26] <Kobaz> if you're doing a lot of local ssh without reverse dns, then setting UseDNS no. is a big speedup... that sort of thing
[18:26] <Kobaz> tomreyn: so basically i guess i'll strace sshd for profiling and see what's taking so long
[18:27] <tomreyn> Kobaz: you can do this, or you can compare configurations, or you can ssh -vvv
[18:27] <Kobaz> yeah
[18:29] <tomreyn> Sven_vB: you can check which ubuntu release provides a package, and version of that, on https://packages.ubuntu.com
[18:29] <Sven_vB> tomreyn, thanks!
[18:30] <tomreyn> Sven_vB: note this site is community maintained and not guaranteed to always have the very latest info - though it usually does.
[18:31] <tomreyn> so you method of accessing archive mirrors directly is more reliable, but also more cumbersome
[18:32] <Sven_vB> yeah, currently trying to figure out how I can get apt to check the signature from http://archive.ubuntu.com/ubuntu/pool/universe/l/leafpad/leafpad_0.8.18.1-5.dsc
[18:34] <Kobaz> tomreyn: if I were to hazard a guess, it's related to this: Started snap.canonical-livepatch.canonical-livepatch.1128b499-1b1c-4efa-9ed6-65c3ef4e42f1.scope
[18:34]  * Sven_vB found debsig-verify
[18:34] <Kobaz> which goes to syslog any time an ssh session is opened
[18:37] <ogra> Kobaz, do you have livepatch running without valid token ?
[18:37] <tomreyn> Kobaz: i can't comment on that. if that's an option (production system?) you could try rebooting and see whether it makes a difference.
[18:42] <Kobaz> I inherited this box... not sure how to check for a valid token
[18:42] <Sven_vB> dscverify for said leafpad dsc reports "gpg: Signature made Tue Mar 15 18:34:58 2016 CET using RSA key ID 04EBE9EF" "gpg: Can't check signature: public key not found", odd, shouldn't it be signed with the Ubuntu Archive key?
[18:43] <mtellez> Hi, I'm using a dvorak keyboard layout. At instalation I select the closest match for my keyboard, which is Spanish Latam Dvorak, but this isn't quite right, so I set my layout manually with: setxkbmap -model pc68 -layout us -variant dvorak-alt-intl It works but at random times it is reverted. How can I made this permanent?
[18:46] <Sven_vB> mtellez, xkb changes seem to be reverted lots of times, especially when input devices are connected or disconnected. I'd try /etc/defaults/keyboard
[18:46] <Sven_vB> without the s
[18:49] <mtellez> Sven_vB: thanks for the quick response. I'm gonna try this.
[18:56] <Firefishe> I'm runnin 20.04 LTS on a M$ Surface Book 3.   I'm running kernel 5.14.16-surface.  I want to know how to utilize the "dtx" system to detach the tablet from the keyboard.
[19:04] <tomreyn> Firefishe: you're not using an ubuntu kernel -> you're not running ubuntu.
[19:05] <tomreyn> you could try installing a supported ubuntu version incl. kernel on this device (i do not know whether this can work), and get support here, or you could try asking in #linux
[19:11] <jhutchins> Firefishe: You can also try #linux-surface - it's unfortunate that Ubuntu on Surface is not supported here.
[19:12] <tomreyn> Ubuntu on * is supported here, but it consists of specific kernel and userland, not something someone else put together and calls "Ubuntu".
[19:17] <Firefishe> jhutchins: Umm... Thank you.  That's where I should be.
[19:27] <tomreyn> !livepatch | Kobaz
[19:44] <rautor> I'm on 20.4.3 LTS, I want to automatically upgrade and reboot my OS (even kernel) so I can leave it unattended. I've tried set this up as follows - https://paste.ubuntu.com/p/w4QpjWpfx8/ but when I logged in it says `2 updates can be applied immediately. To see these additional updates run: apt list --upgradable`. So I think it might not be
[19:44] <rautor> working. Am I missing something?
[19:45] <tomreyn> rautor: i think you'd usually just install the "unattended-upgrades" package
[19:46] <tomreyn> !info unattended-upgrades focal
[19:46] <rautor> tomreyn: sorry that isn't in the paste, i have done that as part of this setup (the paste, i think, shows me configuring it)
[19:47] <rautor> I'm following this guide: https://help.ubuntu.com/community/AutomaticSecurityUpdates
[19:47] <tomreyn> rautor: by default, it installs *security* updates automatically. you can reconfigure it to install all available updates
[19:48] <tomreyn> normally its configuration file should be /etc/apt/apt.conf.d/50-unattended-upgrades.conf (from memory)
[19:51] <tomreyn> and in there, you can uncomment additional apt sources from which updates should be installed automatically
[19:51] <rautor> tomreyn: ah, i thought i'd done that but perhaps not then! https://help.ubuntu.com/community/AutomaticSecurityUpdates <- with reference to this, is it `Unattended-Upgrade::Allowed-Origins` I want to change?
[19:51] <tomreyn> yes
[20:19] <rautor> tomreyn: thank you! that did the job!
[20:31] <agopo> I want to apt remove --purge all php* packages to prepare a clean install of php 8.0 . Only a few php-related packages are meant to stay. But sudo apt remove --purge php-* offers me libapache2-mod-php* libapache2-mod-php7.4* libapache2-mod-php8.0* phpmyadmin* pkg-php-tools* as well. I must be understanding the wildcard wrong. Can anyone help?
[20:34] <sarnold> agopo: probably libapache2-mod-php and libapache2-mod-php7.4 etc all Depend: upon some of the packages that you're removing
[20:34] <sarnold> agopo: that's probably best, different tools require different php versions
[20:34] <djph> agopo: most likely the libapache- packages rely... ^^ yeah, that
[20:34] <sarnold> agopo: so you should just remove all those other packages and provide them yourself, just like you're about to do with php
[20:38] <agopo> sarnold, djph But if I --purge phpmyadmin, won't my installation get destroyed, because it's removing config files as well?
[20:38] <oerheks> reinstall php 8 pulls them back in, no?
[20:38] <sarnold> agopo: you could save them aside, or use apt remove without the --purge..
[20:39] <agopo> I'll backup /etc/phpmyadmin
[21:27] <ubercube> I've now done a bit more reading about Secure Boot and come to the conclusion that it's worth at least experimenting with, but not in its default configuration. https://safeboot.dev/ seems to have the most comprehensive writeup on the subject I've found yet, though I'm going to have to do some of my own research on the AMD PSP side of things. Has
[21:27] <ubercube> anyone here tried what safeboot.dev is suggesting? I'm particularly happy that they take the re-signing steps seriously and store keys in hardware. I have no illusions, even with SIP enabled, that this will be as good as a pixel phone or an iOS device's secure boot chain (and those took many years and many bugs to get close to good). But I do think
[21:27] <ubercube> pushing these limits seems interesting and may have value for some threat models.
[21:29] <octnun> Hey all. All good?
[21:29] <jhutchins> ubercube: Do you understand what the original reason for developing secure boot was?
[21:31] <ubercube> I think that the nuance might depend on who you ask, but the general idea of controlling what runs on a given piece of hardware would be my answer. What that means to various parties certainly differs wildly. (Queue repeats of the TCG discussions form early on)
[21:31] <sarnold> ubercube: hopefully helpful to you https://wiki.ubuntu.com/UEFI/SecureBoot/Signing https://wiki.ubuntu.com/UEFI/SecureBoot/DKMS https://wiki.ubuntu.com/UEFI/SecureBoot
[21:33] <jhutchins> ubercube: It wasn't for the user to control.
[21:33] <Maik> octnun: if you don't have a ubuntu support question, offtopic chatter is in #ubuntu-offtopic ;)
[21:34] <ubercube> sarnold: thanks. I read all those yesterday before I decided that going shim-less is the way to go in order to avoid arbitrary things being booted.
[21:35] <ubercube> jhutchins: hence queue repeats of TCG discussions:)  or the walled garden discussions about apple. But in this case, I do seem to have some control and would like to use it :)
[21:35] <ubercube> I'll leave aside the debate about the secret hardware/software in the PSP for now.
[21:36] <sarnold> ubercube: I've never looked at replacing the keys in my own bios, but I thought that the shim would just use that same trust store
[21:37] <sarnold> ubercube: do you know off-hand if I'm wrong here?
[21:37] <matsaman> octnun: okay, ye?
[21:38] <ubercube> sarnold: as I understand it, the microsoft shim is only needed if you use the default keys. no microsoft shim is needed if you use your own keys. it's all spelled out in quite some depth at https://safeboot.dev/ in a way that's more comprehensive than anywhere else I've found. Doesn't look like it's for the faint of heart, though.
[21:39] <sarnold> ubercube: heh yeah.. certainly I tend to lose focus every time I look into secureboot anything
[21:41] <ubercube> sarnold: if you /just/ want secureboot, that seems to be fairly easy depending on your mainboard. If you want it to be less wide open, you need to do much more.
[21:41] <agopo> sarnold, djph Returning with news concerning the php update. The cleanup was successful, only php8.0 is installed. Ampache music server, Wordpress and Nextcloud are working, too. Phpmyadmin doesn't, but I'll fix that tomorrow
[21:41] <agopo> Thanks for your help
[21:42] <sarnold> agopo: woot :)
[21:42] <sarnold> ubercube: heh, well, "standard secureboot" is dead simple, it's basically the default behaviour.. no big deal, there. it's the "I want to require the system to boot only things I sign" that I get fuzzy on the details. thanks for the link.
[21:43] <dakotakae> Hey all, I need some help. I'm getting an error trying to do an apt full-upgrade right now. It's complaining that my boot disk is full. I removed old kernels using autoremove, but the complaint remains.
[21:43] <dakotakae> My boot disk was sized when I installed Ubuntu, I just used the automatic settings for a full-disk installation on my 256GB nvme drive.
[21:44] <dakotakae> How can I clear up enough space to finish up this update?
[21:44] <ubercube> sarnold: yeah that's far less straightforward, but the above seems to be steps in the right direction.
[21:44] <jhutchins> Partitioning makes sure that the space you need will be on the wrong partition.
[21:44] <octnun> I have an MSI laptop where I have an HDMI output. The monitor I have connected takes a while for the image to appear and sometimes it has no signal. Drivers are well installed. Can anyone give me a tip on this subject?
[21:45] <jhutchins> dakotakae: A full install takes less than 40G.
[21:45] <jhutchins> dakotakae: So you should be ok, the question is what's taking up the space on your /boot partition.
[21:46] <jhutchins> dakotakae: something like ls -lh /boot
[21:47] <dakotakae> https://pastebin.com/vKFcnb2F
[21:47] <sarnold> dakotakae: if you've just started deleting files in /boot that will complicate uninstalling the packages
[21:47] <sarnold> dakotakae: the best way to free up space in /boot is to truncate the files with bash's > redirections -- sudo -s , then > System.map-5.10.0-1057-oem
[21:48] <sarnold> dakotakae: and > vmlinuz-5.10.0-1057-oem  and > so on, for a specific old kernel that you will remove soon
[21:48] <dakotakae> yeah, no, I know not to touch boot directly :p
[21:48] <dakotakae> I removed old kernels the proper way.
[21:50] <dakotakae> Got it, truncating those two files helped. Thanks!
[21:50] <tomreyn> octnun: unless there are messages on this printed to    dmesg -w    (keep that running while conecting the external monitor) i'd guess on a firmware / hardware issue (try a bios upgrade?)
[21:50] <dakotakae> I just don't see why the boot partition is so small by default.
 ok, going to try your tips. thanks
[22:01] <robertparkerx> I've got a virtualhost setup for a directory but for some reason its showing default apache2 page
[22:15] <tomreyn> robertparkerx: apache httpd virtualhosts work based on hostnames or ip address/port combinations, not directories.
[22:16] <jhutchins> robertparkerx: What do the logs say?
[22:57] <webchat83> Hi! What is the link to live cd .iso nly for i386?
[22:57] <leftyfb> webchat83: there isn't one for the latest version of ubuntu
[22:57] <webchat83> For the last ver?
[22:57] <leftyfb> webchat83: https://ubuntu.com/blog/statement-on-32-bit-i386-packages-for-ubuntu-19-10-and-20-04-lts
[23:00] <webchat83> What is the link for the old downloads?
[23:02] <webchat83> I meant old versions?
[23:03] <oerheks> xubuntu lubuntu and mate 18.04  i386 are EOL
[23:03] <tomreyn> webchat83: only the ubuntu releases listed in the channel topic are supported here, and none of them is both providing i386 installers and still getting security updates
[23:03] <webchat83> Thanks  for the help!
[23:58] <Kangarooo> 1958046
[23:58] <Kangarooo> bug 1958046