[01:47] <gec>  hello
[02:15] <Guest554> hi
[02:16] <Guest554> Good Morning
[02:23] <jhutchins> I suppose that's possible.
[03:18] <humanBird> i installed docker.  now i don't know where this "docker" is.  apparently it DID install using ubuntu's package manager since i see a whole bunch of snap stuff.  But dpkg -L docker says there's no package.  is ubuntu just sucking?
[03:19] <humanBird> where do i find the docker installlation ?  I need to edit some configuration files pertaining to how docker works
[03:34] <oerheks_> what howto did you use?
[03:35] <oerheks_> https://docs.docker.com/engine/install/linux-postinstall/ or https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04 are the most used ones
[05:43] <kawasukie> hello, I had a question about ubuntu 20.04 LTS.  I was wondering if the kernal has been patched for the dirty pipe hack i read about yet.
[05:45] <Bashing-om> kawasukie: Yes patched. See the reports: https://wiki.ubuntu.com/UbuntuWeeklyNewsletter/Issue726 .
[05:46] <enigma9o7[m]> no, ubuntu didnt hear about that months ago,you better report it
[05:54] <kawasukie> thanks bashing-om
[06:05] <Jonno_FTW> hello
[06:10] <webchat73> anyone here use a GPS? what's the deal with qmapshack
[06:11] <webchat73> i remember qlandkarte showing my current location, but qmapshack doesn't. i'm not sure if it's a permission problem or if it really just doesn't show your location. package says gpsd is "suggested", not required
[07:28] <sea5kg> Hello
[10:40] <desperate> greets
[10:40] <desperate> I NEED HELP!!
[10:40] <desperate> HELLO??!!
[10:42] <desperate> IS IT POSSIBLE TO INSTALL FROM AN RUNNING SYSTEM?
[10:42] <desperate> ON A SECOND HDD?
[10:42] <desperate> anybody  around?
[10:42] <lotuspsychje> !patience | desperate
[10:43] <desperate> lotuspsychje:  |did you read my nick??
[10:43] <desperate> is therean installer app?
[10:48] <moha> sad3 is used for LVMing inj fresh Ubuntu installation with default settings. How can I check if sda3 is LVMed or not?
[10:48] <moha> in a script.
[11:03] <v0lZy> Hello
[11:04] <v0lZy> I'm having issues booting some ubuntu machine. Firstly, I had a problem that I had to fsck the root partition twice
[11:05] <v0lZy> I was being dropped to initramfs that didnt have fsck ... so I used a livecd to do a fsck on /dev/sda2 ... and then again re-ran it until fsck /dev/sda2 could not find any problems anymore
[11:06] <v0lZy> now, my root mounts with ordered data mode Opts: (null)
[11:06] <v0lZy> however, then I get this
[11:08] <v0lZy> Begin: Running /scripts/local-bottom ... done.
[11:08] <v0lZy> Begin: Running /scripts/init-bottom ... mkdir: can't create directory '/root/lib/modules': Read-only file system
[11:08] <v0lZy> Warning: No /lib/modules in target. cannot help.
[11:08] <v0lZy> done.
[11:08] <v0lZy> run-init: /sbin/init: No such file or directory
[11:08] <v0lZy> Target filesystem doesn't have requested /sbin/init.
[11:09] <v0lZy77> dang
[11:09] <v0lZy77> can I get the ban removed please
[11:10] <v0lZy77> anyhow
[11:11] <v0lZy77> This is the error I'm getting
[11:11] <v0lZy77> https://pasteboard.co/pqLhCKfgTAJu.png
[11:11] <v0lZy77> I'm not sure why its getting mounted RO
[11:13] <v0lZy77> if I try to cat /etc/fstab in initramfs, its not showing anything
[11:17] <v0lZy77> anyone able to help?
[11:18] <sm2> i wish i could but barely understand what you mean
[11:20] <v0lZy77> What I mean is, when I boot the VM, the boot process drops me into initramfs. See screenshot https://pasteboard.co/vKNHa2wowipT.png
[11:22] <v0lZy77> thats where things go wrong ... and last message before dropping into initramfs is: "No init found. Try passing init= bootarg"
[11:27] <sm2> if you join to lubuntu, they are normally quite nice with that stuff
[11:35] <v0lZy77> they say  my Bionic Beaver is EOL
[11:37] <guiverc> main Ubuntu 18.04 is still supported; flavors though never extended support past 3 years (main Ubuntu Desktop/Server/Cloud etc did) v0lZy77
[11:42] <Maik> v0lZy77: yep, it's EOL. as guiverc said, all the other buntu LTS flavors are only support for 3 years. Only main Ubuntu LTS gets 5 years of support.
[11:44] <v0lZy77> The issue im facing is probably not version specific anyhow
[11:51] <kc2bez> Since v0lZy77 is having an issue with main Ubuntu it should be supported here not in #lubuntu
[11:54] <v0lZy77> I'm just looking for how to get past this problem of root being mounted RO
[11:56] <v0lZy77> what runs the /init script in initramfs?
[11:56] <v0lZy77> oddly, I can't even do a umount /root ... device or resource busy
[12:00] <ogra> v0lZy77, the kernel runs /iit
[12:00] <ogra> *init
[12:01] <v0lZy77> If i do ps I can see some parameters
[12:01] <ogra> it then runs the various scripts (init-top/-bottom etc) ... which care for finding your controller/disk, then the rootfs and then mount it ...
[12:02] <ogra> ... as last step it calls the run-init binary to switch to /sbin/init in the newly mounted rootfs to continue booting
[12:02] <ogra> if you get "no init found" from it it indicates your rootfs disk is broken in some way
[12:03] <v0lZy77> the /scripts/init-bottom is wher eI get the erroir that mkdir: can't create directory '/root/lib/modules': read-only file system
[12:03] <ogra> (or that it gets pointed to the wrong disk or whatnot)
[12:03] <v0lZy77> it could create it if /root was not mounted ro...
[12:04] <ogra> well, if your disk is corrupt the kernel will mount it ro
[12:04] <v0lZy77> I did a fsck /dev/sda2 with a livecd
[12:04] <v0lZy77> twice, ... third time, its showing no errors
[12:04] <ogra> (so that you can still recover data from it before replacing for example)
[12:05] <v0lZy77> is a VM  disk...
[12:05] <ogra> well, examine the disk from te initrd ... /proc and sysfs should have all info
[12:06] <v0lZy77> if i do fsck /dev/sda2 (from livecd) I get /dev/sda2: clean, 191911/2621440 files, 4343149/10484992 blocks
[12:07] <ogra> well, did it have errors at some point ? might be that things got moved away into lost+found when you alloed it to repair (and then repair was not possible) in a former run
[12:08] <ogra> s/then/when/
[12:09] <v0lZy77> yes, there's a bunch of stuff in lost+found
[12:09] <ogra> well, that indicates a corrupt filesystem ...
[12:10] <v0lZy77> so fsck basically failed to recover everything I'm seeing in lost+found...
[12:11] <Maik> kc2bez: oh, it's main Ubuntu. Thanks for letting know
[12:11] <ogra> right, data on the disk that it was not clearly able to assign to an inode in the filesystem meta data ends up in there
[12:15] <v0lZy77> Hm
[12:15] <v0lZy77> why wouldnt it be able to assign these files to inodes?
[12:15] <gordonjcp> it's actually pretty rare to see anything in /lost+found these days
[12:15] <gordonjcp> v0lZy77: at some point while updating the file system it's crashed, and lost track of what goes where
[12:15] <gordonjcp> basically
[12:15] <v0lZy77> I mean, is there a way to process the lost+found so that the the files get recovered with new inodes?
[12:16] <gordonjcp> v0lZy77: you can look at the files and see if you can identify what they are/were
[12:16] <v0lZy77> well... some have -> /path
[12:16] <gordonjcp> v0lZy77: like I say it's surprisingly rare to have it screw up to that extent because modern filesystems are a lot more reliable
[12:16] <v0lZy77> those I'm guessing are  symbolic links...
[12:17] <gordonjcp> v0lZy77: in the olden days if it dropped its guts while writing out a superblock you were pretty screwed
[12:17] <gordonjcp> v0lZy77: these days journalling filesystems make a note of what they're going to do and how it should look when it's done, do it, ensure that it's safe, and then make a note that they've done it
[12:20] <v0lZy77> yeah, its the journaling that originialyl failed on block 0
[12:21] <v0lZy77> was saying  JBD2: Invalid checksum recovering block 0 in log
[12:21] <v0lZy77> JBD2: recovery failed
[12:21] <v0lZy77> error loading journal.
[12:22] <v0lZy77> I suppose it failed exactly on the blocks where the journal is
[12:36] <v0lZy77> bah
[12:36] <v0lZy77> Hopefully theres a backup
[12:36] <v0lZy77> Thanks for all the help so far
[12:37] <gordonjcp> v0lZy77: do you know what filesystem it is?
[12:38] <gordonjcp> ext-family filesystems have duplicate superblocks which might save you
[13:18] <BluesKaj> Hi all
[13:28] <webchat68> Is this channel suitable to get help with CIS workstation hardening?
[13:34] <ogra> webchat68, i'd try #ubuntu-security
[13:38] <webchat68> ogra nice, thanks
[13:52] <Guest220> welches verschiessene bloede arschloch hat dass internet kaputt gemacht ! meint zudem noch dass wir irgend so ein nazi datum 2022 haben ?
[13:54] <Guest220> koennen doch nur wieder irgendwelche faschistischen arschloecher gewesen sein
[13:55] <BSaboia> Ubuntu keeps changing the volume of my audio input (lowering it). How do I avoid it?
[13:56] <BSaboia> It is so annoying. I am talking to people on Zoom and then it goes basically mute, so people think I am muted or stopped talking or had an internet issue
[13:56] <Guest220> zoom zoom what
[13:58] <BSaboia> Zoom is a (bad) VoIP software
[13:58] <BSaboia> I don't like it, but it is what my company uses and I am required to use it
[13:59] <Guest220> skype
[13:59] <Guest220> teamspeak
[13:59] <Guest220> mumble
[13:59] <BSaboia> So, what about them?
[13:59] <BSaboia> You listed a lot of VoIP software. What about it?
[13:59] <Guest220> all for porn
[14:01] <Guest220> 85.22.344.66   joined
[14:03] <Guest220> holt mal dieses gruene arschloch von der eu hir ran   welche meint auf jeder scheiss seite  ein fucking abfrage machen zu muessen
[14:04] <Guest220> wer hat dieesm scheiss verein von der gez erlaubt  fuer dass internt geld nehmen zu duerfen
[14:04] <Guest220> seit wann sind zwangsstuern erlaubt ?
[14:05] <Guest220> seit wann sind zwangsgebuehren erlaubt?
[14:05] <Guest220> the internt is for free
[14:06] <Guest220> the internet is for free
[14:06] <Guest220> change the money system    ....
[14:28] <Guest220> also wer laesst sich lauter unfreiheitliches zeug einfallen ?
[14:29] <Guest220> meint dieses auch noch geil zu finden?
[14:31] <Guest220> sind doch nicht in einem scheiss nazi staat
[14:31] <Guest220> oder etwa doch
[14:34] <Guest220> oberste maxime erhaltung von freiheit and liberty
[14:35] <Guest220> 199.77.77.777 has joined
[14:36] <Guest220> zwangsarbeit ist fuer niemanden erlaubt!
[14:37] <Guest220> egal ob direkt oder indirekt
[14:38] <Guest220> hat wer schon einmal eins live gehoert   ?   irgendwie ist in der webcam ansicht immer ein marker enthalten   dort steht  "rechte"
[14:38] <BluesKaj> !de Guest220
[14:38] <Guest220> soll dies ein hinweis sein
[14:41] <BluesKaj> Guest220, In den meisten Ubuntu-Kanälen wird nur Englisch gesprochen. Für deutschsprachige Hilfe besuche bitte #ubuntu-de, #kubuntu-de, #edubuntu-de oder #ubuntu-at. Einfach "/join #ubuntu-de" eingeben. Danke für Dein Verständnis!
[14:41] <Guest220> was mit rechten sowie linken nazis geschieht kennen wir bereits aus der geschichte  gerade dann wenn diese zwang erzeugen oder erhalten erhalten
[14:43] <Guest220> Freie rede meinnungs äußerung sowie sprachwahl gilt ebenso im internet sonst kann man dass ding hier auch dicht machen  man kan auch mal den verfassungsschutz auf so etwas ansetzen dann werdet ihr eure freude haben
[14:44] <ogra> Guest220, this is an ubuntu support channel, what is your specific support question ?
[14:54] <BSaboia> ogra, he has none. Es gibt keine Frage. Someone should kick him
[15:03] <Maik> BSaboia: report him to the ops
[15:29] <Guest220> #FREEDOO
[16:44] <Enissay> Not sure what happened but all the sudden my super key doesnt open the `Show Applications` menu anymore
[16:45] <Enissay> Also window snapping is gone, omg
[16:45] <oerheks> super key shows all programm windows open...
[16:47] <Enissay> Not anymore... something happened after my last update :<
[16:47] <lotuspsychje> Enissay: check your dpkg logs for hints perhaps
[16:48] <Enissay> Okay, I have plenty of stuffs since March 1st, not sure what to look at exactly
[16:50] <lotuspsychje> Enissay: share in a pastebin, if you would like volunteers to have a look for you
[16:53] <Enissay> lotuspsychje: https://pastebin.com/ACsCR5xF  <3
[16:53] <jhutchins> Enissay: All the logs will show you is what packages were updated, they won't show you what changed.
[16:53] <jhutchins> Enissay: For that you'd have to look at the changelogs for each package.
[16:53] <Enissay> Oh my...
[16:55] <sarnold> Enissay: hmm, that looks like just one kernel update or something..
[17:02] <TheLinuxNerd> updating netplan.io
[17:02] <TheLinuxNerd> libs, that's what I received
[17:08] <webchat68> How can I make permission 0640 to all logfiles in /var/log? I configured the config in /etc/logrotate.d for wtmp, for example, but it didn't work.
[17:08] <webchat68> make permissions persistent*
[17:09] <jhutchins> webchat68: Why?
[17:10] <webchat68> jhutchins To comply with CIS benchmark (lvl 1 workstation). It is one of the rules
[17:12] <sarnold> isn't that just like sudo usg fix cis_level1_workstation  ? https://ubuntu.com/security/certifications/docs/usg/cis/compliance
[17:12] <webchat68> I did that, by the automation didn't apply for some reason - in multiple tests
[17:13] <sarnold> hrm :( that's probably worth a bugreport at least
[17:13] <sarnold> if you're having problems perhaps others are too
[17:14] <oerheks> find out with sudo logrotate /etc/logrotate.conf .d/<your app>/log.conf --debug
[17:15] <awegapsjvapoewk> what up
[17:15] <awegapsjvapoewk> what os yall using
[17:16] <oerheks> awegapsjvapoewk, you are in the ubuntu support channel, no polls please
[17:23] <ash_worksi> is there a shortcut key to dismiss notifications?
[17:25] <webchat68> sarnold where can I find how-to for that?
[17:26] <sarnold> webchat68: I'm hopeful 'ubuntu-bug usg' will do the trick
[17:27] <oerheks> ash_worksi, maybe this; https://itsfoss.com/do-not-disturb-mode-ubuntu/
[17:28] <webchat68> sarnold Just did that, it said something about apport being modified, and then showed an error of "this is not an official ubuntu package".
[17:28] <sarnold> webchat68: oh jeeze :(
[17:30] <webchat68> :D
[17:31] <ash_worksi> oerheks: well, the thing is I want to be notified
[17:31] <ash_worksi> I just don't want to have to use the mouse to dismiss it
[17:32] <ash_worksi> also, I tend to get duplicate notifications for some reason
[17:32] <oerheks> no short key, afaik, only Show the notification list	Super + V
[17:32] <oerheks> then tab-tab-tab...
[17:33] <webchat68> sarnold should I just restore the image, re-do the steps and try filling the bug report again?
[17:33] <webchat68> after, or before any "usg fix"?
[17:33] <oerheks> filing a bug for a non-ubuntu package seems useless to me..
[17:33] <sarnold> webchat68: probably the bug report won't go better a second time -- I *think* the right place to report a bug then is https://bugs.launchpad.net/ubuntu-security-certifications -- I'm not 100% positive on that, but some of these bugs are newish.. heh
[17:33] <ash_worksi> oerheks: I don't know if I'll ever reach a notification because it's out of focus
[17:33] <sarnold> oerheks: it's ubuntu, it's just not in the archive. apport apparently has a sad with that :(
[17:34] <ash_worksi> oerheks: and I don't know a shortcut to focus it
[17:34] <webchat68> sarnold wait, are we talking about aport, or usg?
[17:35] <sarnold> webchat68: the https://bugs.launchpad.net/ubuntu-security-certifications   link is (probably) for the usg problems
[17:36] <webchat41> hello
[17:38] <webchat41> im trying to boot up ubuntu from my usb drive. i installed it following a guide - now when i try to boot in UEFI, i get the ubuntu loading indicator for 2 minutes, then it asks me if i want to try attempt interactive netboot.
[17:38] <webchat41> if i press no, it tells me it found no live system on the drive. if i choose yes, it ends up being a 404 error
[17:38] <webchat41> idk what to do
[17:50] <sarnold> webchat68: there's also https://github.com/canonical/ubuntu-security-guide  :)
[17:55] <webchat68> sarnold Yeah, I'm giving it a try. Thanks! It is the same person supervising bugs in launchpad
[17:56] <sarnold> hehe, that changed a few minutes ago :) hehe
[18:13] <jjakob> https://bugs.launchpad.net/openssh/+bug/1885990
[18:14] <jjakob> fix NOT released
[18:17] <sarnold> jjakob: 'fix released' on a bare package (no target to series) means that the fix has been brought in to the devel release at the time
[18:19] <jjakob> the bug was reported against focal, it doesn't seem right
[18:19] <sarnold> jjakob: getting the bug fixed in a supported release takes more effort, https://wiki.ubuntu.com/StableReleaseUpdates is a good starting point
[18:21] <jjakob> I can see this being a security issue, if the user configures a Match block that would give it higher security than he actually gets (but doesn't notice something is not right because his config is silently ignored)
[18:22] <jjakob> on the other hand, fixing it may potentially change behavior on already running systems that have that Match in Include configuration, but it is getting silently ignored
[18:23] <jjakob> but IMO them relying on incorrect behavior is less of a problem than the potential security implication
[18:23] <oerheks> https://packages.ubuntu.com/focal-updates/openssh-server 1:8.2p1-4ubuntu0.4 ???
[18:23] <jjakob> yes
[18:25] <jjakob> e.g. have a Match block that sets ForceCommand or DisableForwarding, both would get silently ignored, the user has no idea the Match block is getting ignored because everything still works
[18:26] <jjakob> even if he looks at debug logs he sees the Match is getting used
[18:27] <leftyfb> I don't see how that is a security risk. They would not gain unauthorized access
[18:27] <jjakob> they would gain unauthorized access to what the user did not authorize them to
[18:28] <jjakob> ForceCommand and DisableForwarding are both restricting what the user has access to
[18:29] <jjakob> if those are silently ignored, the connecting user will have permission to do what he has not been authorized to
[18:30] <jjakob> this applies to every possible directive that the user could configure under a Match block
[18:30] <leftyfb> jjakob: ok, only thing you can do is wait on a response from the devs
[18:32] <jjakob> leftyfb: I will, for now I moved those includes into the main config file
[18:33] <markwdev> Anyone have some experience with sssd in here? Trying to see if there is a way to specify a list of preferred domain controllers to auth with?
[18:33] <markwdev> We have ~20 and I would like to limit the servers it tries to auth with as some are in remote locations.
[18:34] <jjakob> yes, freeipa uses it, so I've tinkered with it
[18:35] <clayot> I allegedly have Slack installed via Snap, but whenever I run it, it unceremoniously exits with no output at all. strace suggests it might be having permission issues with respect to my .Xauthority, but I thought Snap had its own way of doing permissions and so I'm not sure https://nopaste.nl/y1Z8dAATzw
[18:35] <jjakob> markwdev: in sssd.conf under [domain/foo.bar] ipa_server = _srv_, ipa1.foo.bar
[18:36] <markwdev> jjakob: Is that essentially saying "use anything from the srv record, but prefer ipa1" ?
[18:36] <clayot> my nopaste got cut off somehow https://nopaste.nl/mWwdyercjz
[18:36] <jjakob> I think that means use whatever you can contact first, in this order of preference
[18:37] <jjakob> but that only applies to freeipa, if you don't use it, it'll be a different config option
[18:37] <jjakob> look at man sssd.conf
[18:37] <leftyfb> clayot: https://downloads.slack-edge.com/releases/linux/4.24.0/prod/x64/slack-desktop-4.24.0-amd64.deb   you'll have MUCH better luck with their .deb package and repo
[18:37] <clayot> thanks @leftyfb
[19:36] <murthy> where can I read to know more about the new Ubuntu logo
[19:36] <ogra> https://ubuntu.com/blog/a-new-look-for-the-circle-of-friends ?
[19:36] <murthy> ty
[19:39] <murthy> ah that orange rectangle was to express the color boldly, right
[19:39] <murthy> That is what I was searching for
[19:48] <oerheks> "where can I read to know more about the new Ubuntu logo" lolz
[19:49] <oerheks> !rootirc
[20:04] <DakotaKae> Hi everyone! I'm setting up a new laptop with Ubuntu. It has 1x1TB SSD and 1x256GB SSD. What would be the best way to set-up partitions across these two disks to make the best use out of them? Should I let the installer auto-format the 1TB one and then just use the smaller one as essentially an extra disk owned by my user for extra storage? Put all
[20:04] <DakotaKae> of `/home` on the second disk? I plan on using the system for light gaming so Steam will be installed and stores to `$HOME/.steam` by default, so I'm thinking giving that as much room to grow as possible would be a good idea, therefore keeping it on the larger disk, but not entirely sure. What would y'all do in this situation?
[20:05] <oerheks> i would use 256 gb fully for ubuntu, and that 1Tb for other stuff. ubuntu itself installs in a single partition, unless you choose to do otherwise
[20:05] <oerheks> !partitioning
[20:07] <rjwiii> DakotaKae: I have the same setup here. I have a 250GB SSD & a 1TB HD. I use the 250GP SSD to house all the system files and set up the 1TB as /home. Has worked well for me ...
[20:09] <DakotaKae> rjwiii: Thanks! I was thinking I'd probably do that (especially as, like I said, I'll probably have a few Steam games on there), but wasn't sure because I know /opt can also get pretty large depending on some of the apps I've used before.
[20:09] <jjakob> I use a custom partitioning with LUKS and LVM, you could use BTRFS instead too
[20:11] <jjakob> make a big LUKS volume across the entire ssd, a VG inside the LUKS, then LVs for root and swap (root size just 20-40G for starting out so I have free VG space for other LVs for VMs), then you can create a filesystem on your hdd and symlink ~/.steam there
[20:12] <jjakob> I wouldn't put my entire ~ on a HDD, because it'll make apps run slow. leave ~ on a SSD
[20:13] <jjakob> you could probably configure steam to just put the big directories in some other place that is on the HDD and leave .steam in ~ as well
[20:14] <DakotaKae> Both of my drives are solid state. One is whatever NVME Lenovo uses by default, the larger is a Samsung Evo 980.
[20:14] <jjakob> oh right, I saw rjwiii mentioning a hdd
[20:16] <jjakob> the same still applies but not as critical, you can put ~ on the 1tb ssd as well, but decide if you want LUKS or not
[20:16] <jjakob> you can make it boot with just entering the password once, I have a guide for that on my github wiki
[20:18] <leftyfb> jjakob: the default ubuntu desktop installer has an option for that out of the box. No need for a tutorial
[20:19] <jjakob> the default installer doesn't encrypt /boot
[20:19] <leftyfb> https://jumpcloud.com//wp-content/uploads/2021/08/how-to-fde-ubuntu-20-04-2.png   it's just a checkbox
[20:19] <jjakob> yes but it leaves /boot unencrypted
[20:19] <jjakob> useless
[20:19] <leftyfb> jjakob: ok? Who is putting sensitive data on /boot?
[20:20] <jjakob> your kernel and initramfs is not sensitive to being replaced?
[20:21] <jjakob> I could just walk up, mount /boot, replace it with my modified version that has a keylogger, and you'd be none the wiser
[20:21] <leftyfb> FDE isn't meant to prevent someone from compromising your machine, only to prevent your sensitive data from being made available. If someone gets physical access to your machine, consider the OS unreliable
[20:22] <jjakob> people repeat that so much it drives me crazy
[20:22] <jjakob> it's not true
[20:22] <DakotaKae> Also, wouldn't Secure Boot prevent it from booting at that point due to it no longer being properly signed?
[20:23] <leftyfb> DakotaKae: in that case, consider it a notification to wipe and reinstall
[20:23] <DakotaKae> Exactly.
[20:23] <jjakob> if you encrypt /boot (by not having a separate /boot at all, and having grub decrypt the root luks) you are protected against anyone installing backdoors when you're not around
[20:24] <jjakob> no, you can have a machine that does not have UEFI, or you can sign it yourself, or bypass secure boot, or disable it in bios (which you haven't password protected)
[20:25] <jjakob> you'd need to fun a fully verified boot with a TPM to protect yourself without encrypting /boot
[20:26] <jjakob> there is the possibility that they install the backdoor into the bios itself, but that's a harder thing to do than just replacing your initramfs
[20:26] <jjakob> and initramfs isn't signed afaik
[20:27] <jjakob> e.g. coreboot+heads. but encrypting /boot IS more secure than not encrypting it, so I do it
[20:29] <DakotaKae> But my machine DOES have UEFI and I DID password protect it to prevent disabling it. If it is self-signed, the key would need to be enrolled in MOK, in which case I would need my BIOS password. This is becoming a conversation about "best possible protection" vs "what is actually needed". This is a system that I will keep at my desk or in my bed,
[20:29] <DakotaKae> keep my work stuff off of, and only use for personal projects/documents and light gaming. The most sensitive information would be information that I also have paper copies of (albeit in a SD box at my bank), so there are other ways to get it instead (things like mortgage info, tax document copies, etc.).
[20:29] <DakotaKae> I am not saying the steps you are suggesting are completely invalid in all scenarios, just that it would be overly cumbersome in mine.
[20:34] <jjakob> sure, you can use efi secure boot and manage your own keys (which is far more complicated than the setup I use) and then trust the bios and cpu to not be backdoored
[20:35] <jjakob> whatever suits your perceived threat
[20:57] <jhutchins> The great thing about Secure Boot is that it can prevent you from installing any new operating system not approved in the contract between your OEM and Microsoft.
[20:58] <oerheks> jhutchins, +1 if you put a password on your bios
[21:00] <Maximalist> 16:58 < Maximalist> trying to change my passphrase for LUKS FDE, running the command 'sudo cryptsetup luksChangeKey /dev/' but not sure what to put after dev. Which directory do i use?
[21:05] <nunya> I have Ubuntu with Cinnamon and Ubuntu Wayland as Options when I log in. I really don't like the Wayland Desktop. It seems like icons for files are in random order. Is there some way to configure the Wayland Desktop to at least sort in alphabetical order when adding a file to the desktop? Cinnamon does it but is very laggy opening files and context menus.
[21:06] <jjakob> Maximalist: the block device that holds the luks volume
[21:07] <jjakob> run lsblk and find it
[21:08] <nunya> Also every time I switch types of sessions my display (monitor) setting revert to default . Any way to preserve display preferences (single monitor) I'm using a laptop with an external monitor attached.
[21:08] <jjakob> could be a partition /dev/sdX or /dev/nvmeXnYpZ or a raid /dev/dm-X or a lvm lv /dev/myvg/mylv
[21:08] <Niklas__E> I had mysql installed and messed it up erlyier and now I try reinstall it. I deleted /etc/mysql and /var/lib/mysql and /var/log/mysql  but still got errors after reinstalled it with ap t install --reinstall mysql-server
[21:08] <Niklas__E> is there any other way to start over?
[21:09] <oerheks> use --purge ?
[21:10] <Niklas__E> apt remove --prune mysql-server?
[21:10] <oerheks> a lot more ... https://askubuntu.com/questions/1270094/how-to-completely-remove-mysql-from-my-system
[21:10] <jjakob> apt-get purge mysql-server mysql-client mysql-common; apt-get autoremove --purge
[21:11] <oerheks> and to check; which mysqld
[21:11] <Maximalist> jjakob: so it would just be my largest drive? The one with all my files essentially? Would it be the one at the top of the tree? Or just the one labled crypt?
[21:11] <jjakob> Maximalist: I don't know, lsblk should tell you that
[21:11] <jjakob> it depends on how it is
[21:12] <Maximalist> jjakob: that is what lsblk says. Would I select the partition labeled crypt?
[21:12] <Maximalist> it is labeled 'crypt' as the type
[21:12] <jjakob> probably. if it's not right, cryptsetup will complain, no harm done
[21:16] <Maximalist> that didnt seem to pan
[21:16] <Maximalist> ill try to search dev
[21:17] <nunya> I have Googled using "how to preserve display settings between ubuntu with wayland and Ubuntu with Cinnamon" as my search terms. If anyone can suggest better search terms plase let me know.
[21:17] <jjakob> paste the output of lsblk and I'll take a look
[21:17] <jjakob> nunya: do they revert to default or to the other setting you had in the other session?
[21:18] <Maximalist> solved
[21:18] <Maximalist> thank you jjakob
[21:19] <leftyfb> nunya: Cinnamon is not a display server.
[21:21] <leftyfb> nunya: If cinnamon will only work on xorg, I'm not aware of any automated way to convert xorg settings to wayland or the other way around. Just set them again. Or automate the settings you want to set in xorg/cinnamon with something like ansible
[21:24] <oerheks> Why would cinnamon/xorg - ubuntu (gnome/wayland) change display properties if you had set it right?
[21:25] <leftyfb> oerheks: I assume wayland doesn't use any xorg settings. Does it port them over when you switch?
[21:25] <oerheks> nope
[21:26] <oerheks> That is why i wonder..
[21:26] <nunya> oerheks: If I knew that I wouldn't be asking
[21:27] <oerheks> 2 display managers, 2 desktops..
[21:27] <leftyfb> right, so who's to assume any custom settings get ported over. I maybe get the problem, if they are explaining/understanding it correctly. But I don't think there's a seamless way to port things back and forth
[21:27] <leftyfb> nunya: can you explain your issue exactly?
[21:27] <Niklas__E> when i run now mysql_secure_installation, I write in a password and then I get .  Error: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
[21:27] <noarb> I'm having trouble getting a VM on a bridge to connect to the host its running on, but all other traffic to the LAN works ok. I have the tcpdump on the host here: https://bpa.st/VGBA because the seq & ack are the same, is this trying to send the same packet unsuccessfully?
[21:27] <oerheks> Niklas__E, did you reboot clean after --purge?
[21:28] <Niklas__E> nope, will try that
[21:32] <nunya> leftyfb: If I log into a session in Wayland and change the display settings to what I ant there and then log out and go into a session in Cinnamon the settings I have previously set for Cinnamon have been returned to default. Now if I go back into a Wayland session those settings have returned to default. I am using a laptop with external monitor. i would like the custom settings for the external monitor to remain whether Waylannd or
[21:32] <nunya> Cinnamon.
[21:32] <noarb> this is my netplan: https://bpa.st/RMMA could this problem because my host traffic is not on the bridge? Is it necessary for the host to be on the bridge, too?
[21:32] <leftyfb> nunya: are you really constantly switching between desktop environments?
[21:34] <marchello> hi all
[21:34] <nunya> If there is a config file I can copy of the settings I like and replace the file with default settings with the customs settings config file that woul be super!
[21:35] <marchello> getting error when trying to run apt-get upgrade, full text is here: https://pastebin.com/UaDReMm3 -- please advise
[21:35] <jhutchins> nunya: If you log out of a session, then log back in using the same desktop, do your settings persist or reset?
[21:35] <leftyfb> nunya: also, to be clear, wayland and cinnamon are not directly comparable. wayland is a desktop server/protocol just like xorg. cinnamon is a desktop environment like gnome or KDE. I do not know if cinnamon can use wayland or if requires xorg. I would look to see if you can configure your cinnamon desktop environment to use xorg or configure your ubuntu gnome desktop environment to use xorg so both desktop environments are using the same display
[21:35] <leftyfb> server
[21:35] <marchello> it's headless 18.04.6 LTS
[21:36] <nunya> leftyfb: Yes I have bee switching a lot in order to have the look and feel of Cinnamon in Wayland. Or converely if I could get rid of the menu lags and opening file lags in Cinnamon that would be great!
[21:37] <nunya> Try to have the look and feel of Cinnamion in Wayland is what I meant
[21:38] <leftyfb> nunya: any particular reason you require wayland over xorg?
[21:38] <genii> You can run xephyr under wayland to run an X server instead of constantly switching back and forth
[21:38] <nunya> jhutchins: If I log out of a session and then log into the same kind of session settings persist.
[21:40] <nunya> leftyfb:I'm not even sure the difference between Wayland and xorg.
[21:41] <leftyfb> nunya: then maybe set both cinnamon and ubuntu gnome to use xorg
[21:42] <nunya> leftyfb:How would I set both to use xorg. Also how to revert to what they were using originally if that doesn't solve my problem?
[21:43] <marchello> is it ok to use pastebin here or should I show you my errors in some other way?
[21:43] <leftyfb> nunya: https://linuxconfig.org/how-to-enable-disable-wayland-on-ubuntu-20-04-desktop
[21:43] <leftyfb> marchello: pastebin is preferred
[21:44] <leftyfb> !paste | marchello
[21:50] <oerheks> marchello, before upgrade, did you properly run apt update first?
[21:50] <oerheks> "sudo: unable to resolve host " sounds like you cahnged hostname?
[21:50] <nunya> I already have the choice of Ubuntu, Ubuntu with Wayland, Cinnamon in login screen. The link given seems to be adding or taking those out of login screen
[21:51] <oerheks> Please paste the contents of /etc/hostname and /etc/hosts to see if it differs
[21:51] <nunya> leftyfb: I already have the choice of Ubuntu, Ubuntu with Wayland, Cinnamon in login screen. The link given seems to be adding or taking those out of login screen
[21:52] <leftyfb> nunya: don't pick "Ubuntu with wayland"
[22:09] <marchello> oerheks, yes I did properly run apt update before running apt upgrade
[22:09] <oerheks> maroke, so you changed hostname?
[22:10] <marchello> oerheks, it's new host and actually I've added only prefix for now, it should be fully qualified hostname like m5.example.com (also I'm not sure this really matters here, but ok)
[22:12] <oerheks> also; grub-legacy-ec2 not installed on your VM ?
[22:16] <marchello> oerheks, just fixed hostname stuff
[22:18] <devilboy> ubuntu or ubuntu on wayland? what do you choose? I cannot find the pros and cons but ubuntu on wayland for some reason works smoothly in my laptop.
[22:18] <marchello> oerheks, regarding grub-legacy-ec2 -- please see https://pastebin.com/1gaEvfZB
[22:31] <mbeierl> https://www.cbtnuggets.com/blog/technology/networking/why-use-wayland-versus-x11
[22:55] <marchello> getting error when trying to run apt-get upgrade, full text is here: https://pastebin.com/UaDReMm3 -- please advise
[22:55] <marchello> also related error with grub-legacy-ec2 -- please see https://pastebin.com/1gaEvfZB
[23:10] <ash_worksi> part
[23:38] <goddard> ssh-copy-id never asks for me to enter the password just says it fails
[23:41] <tomreyn> goddard: just like ssh then?