[01:16] Checking for a new Ubuntu release [01:16] There is no development version of an LTS available [01:16] Hi, I tried to upgrade Ubuntu 2004 LTS to 2204 LTS and it says not it cannot do it [01:16] What am I donig wrong? I did sudo do-release-upgrade [01:16] lsb_release -a says focal 2004 [01:18] Linux server3 5.13.0-1036-oracle #43~20.04.1-Ubuntu SMP Tue Jun 14 01:06:54 UTC 2022 aarch64 aarch64 aarch64 GNU/Linux [01:20] stoned: do-release-upgrade -d [01:20] Ok [01:21] stoned: the lts-to-lts upgrade isn't really unlocked until the .1 point release, a few months after intiial release, to help make sure the worst of the bugs are taken care of [01:21] if you're interested in getting the new release easy, you can, but it's not the default [01:21] Ohhh. [01:21] Really [01:22] Can I just do it like debian way and test it out, if it fails, I have a backup image of the boot 50GB driv eon oracle free teir [01:22] I just used to change sources.list change distro name, update and upgrade [01:22] focal to jammy [01:22] I'm assuming the program do-release-upgrade automates this process? [01:22] it does [01:23] it does, and it also manages some transitions, known bugs, etc [01:23] Cool [01:23] does anyone have experience with `dconf watch`? im trying to use it in a bash script to run a function every time a key changes. [01:23] if you can just snapshot the disk in your cloud, hooray for that [01:24] Oracle cloud isn't bad, but it's Oracle. :( [01:24] amen :) [01:25] heres an example: https://pastebin.com/raw/0rAaBBKe [01:25] i cant seem to get the echo to run. any ideas? [01:26] does that have to be realtime? if not maybe use dconf dump and a diff? [01:27] groovetherapy: so, my wild-ass-guess: replace grep with "grep --line-buffered" [01:28] but, uh, that feels like an unconventional use of for i in $(); do ; blach ; done ... [01:28] I'm too spent to think about that now [01:28] so good luck there ;) [02:01] ravage: yeah real time is preferred...im trying to detect with the system changes from light mode to dark mode [02:01] sarnold: that was it!! good call. [02:01] sarnold: you were also right about it being an unconvential use of for loops... [02:04] sarnold: piping it to `read -line` and looping over that seems to be the solve === ootput4 is now known as ootput [02:07] ravage: sarnold: heres the script if you are interested [02:07] https://pastebin.com/XtCLvrVJ === esv_ is now known as esv [03:02] hello [03:06] hi how do I get zfs support in gparted? [03:06] ubuntu 22.04 [03:08] https://gparted.org/features.php [03:09] so support is limited [03:09] ah I see it can detect them but not create them, good enough thanks [03:10] gparted uses PHP :/ [03:13] Hey! I was here yesterday asking about ubuntu freezing. It just happened again - this time I had journalctl -f open. Unfortunately, the last message that came through journalctl was 4 minutes before the freeze. [03:14] Can someone remind me how to find the actual journalctl files are and how to access them again? [03:14] hey if i am trying to bind lets say bind /dev from one location to a next. do i bind the real location of the OS to the dummy location? [03:15] following these instructions: https://help.ubuntu.com/community/BootFromSD [03:15] Sorry, nevermind. I found it (journalctl -b -1) [03:17] tec: \o/ -= not a victim of the systemd-oomd bug are you ? [03:18] tekinm25: ^^ (not paying attention to my tab complete) :( [03:19] so i think i will mount /dev/mmcblk2p1 (which is where my real os i on the sd card) and then mount /dev/mmcblk1p3 /mnt/boot then bind the stuff from the real OS to other one [03:23] Bashing-om: Sorry, I must be really tired. What? Your tab complete? [03:24] Sorry. I'm feeling extra dumb today. Was that question directed at me as well? [03:27] tekinm25: Uh Huh - Just a reminder that systemd-oomd might be a factor: https://www.phoronix.com/scan.php?page=news_item&px=Ubuntu-Drops-Swap-Kill . [03:29] Ah OK. Thank you! I'll take a look at that. I forgot that I was going to try updating my bios (at someone elses suggestion yesterday) if journalctl didn't give me any easy clues about what's going on. [03:29] So, that'll give me something to pursue next. I appreciate it [03:46] so i am stuck at the step of cp /etc/resolv.conf /mnt/etc/resolv.conf b/c i want to copy paste the resolv.conf on the sd card to the temporary mnt point [03:54] I'm trying to update my bios but the download page suggests installing amd all in one drivers. I'm worried that could cause some kind of conflict with drivers I already have installed. Does anyone know installing amd all in one would cause issues with amdgpu? Or what other channel I could maybe ask this in? [04:28] hi :) I'm using Ubuntu focal with xfce, and I'd like to have an arrow or marker rectangle that reminds me where on the screen I want to look every now and then. what's the easiest way to get that? [04:28] oh I should check if ImageMagick's "display" can hide its window border [04:32] I'll make do with a hardware solution for now. if someone knows a software way, I'm still interested. === Probie960 is now known as Probie96 [04:41] Hi I tried to edit releas-upgrade files ,in properties it shows you are not the owner so you cant edit the file [04:43] subash_, it may help if you're specific as to what you're running & what you actually tried to edit.. release-upgrade files made me think of https://changelogs.ubuntu.com/meta-release which you won't have write access to [04:44] (that's the meta file which do-release-upgrade or ubuntu-release-upgrade tools access to see what upgrades are supported etc) [04:56] I tried to edit etc/update-manager/release-upgrades . I wanted to set the value prompt=never to prompt=normal. When i tried to replace and save it by editing it shows "Could not save the file “/etc/update-manager/release-upgrades”.You do not have the permissions necessary to save the file. Please check that you typed the location correctly and try again. [04:57] I went to properties and in permission it says you are not owner you cant change this permission [05:01] any way to solve [05:02] subash, elevate your privileges using `sudo` === diskin is now known as Guest7792 === diskin_ is now known as diskin === teal-tabbycat is now known as tealtabbycat === chadler6 is now known as chadler [06:39] upgrade from lts to lts went fine with -d so far. [06:39] Just reporting back. [06:43] stoned: 22.04.1 will be incoming pretty soon in august so, no worrys [06:48] Hey guys. I'm having some trouble installing Lubuntu (which uses the Calamares installer) on one particular finicky laptop. It keeps crashing just near the end of unpacking all of the files onto the disk. I know the ISO is good, and that it copied over properly onto the USB (I checked it). It looks like it keeps crashing with a bus error (SIGBUS), and I have no clue how to fix it. I'm installing Lubuntu 22.04 on an Acer C720 Chromebook [06:48] with Mr. Chromebox UEFI firmware. [06:50] maybe guiverc ^ [06:51] did ubuntu install before on that machine arraybolt3[m] ? [06:52] Yep. I have Lubuntu 21.10 on it until tonight, and I only decided to reinstall because I don't risk do-release-upgrades and I had 2 days left before EOL. [06:52] arraybolt3[m], I'll suggest just filing a bug report & looking there.. I'd also likely re-try with verbose logging on & hope for more detail (hey it may also work; verbose logging makes the calamares in 20.04 or earlier work much better for some reason; adjust timing slightly possibly) [06:53] guiverc: OK, sounds like a plan. I've noticed a very similar problem with a different Chromebook, but on that one installing onto a USB failed and installing onto the eMMC chip succeeded. I've installed this on plenty of VMs, so... [06:53] (Also, kinda weird that we went from working together on building Lubuntu to now I'm yelling "Help!" on the support channel...) [07:02] arraybolt3: a different approach would be to install in uefi mode in some vm, then dd/clone the result [07:03] alkisg: Yeah, I thought about that, but man, that's a lot of work. If all else fails, I'll probably do that. [07:03] arraybolt3[m], we all need to cry 'help' at times... arraybolt3[m] [07:04] arraybolt3: I actually prefer that; I have like 30 VMs and I dd over the network the one each school needs; it only takes 10 minutes, it's faster than a real installation [07:04] guiverc: True. But switching from "hey let's backport LXQt 1.1.0" to "hey guys why won't this install" is somewhat humbling LOL [07:04] only the first time :) [07:05] alkisg: That sounds cool, but that's definitely not something my network would survive. Still, that would be cool. [07:05] guiverc: Well, wouldn't you know it, your verbose mode trick worked. Calamares is plugging right along, and survived past the crash point this time. I think I'll have to write some documentation for this, this trick is awesome. Thank you! [07:07] maybe (trick), but also damn annoying as it's hard to find whatever the issue is.... (be it just timing) when we can't reliably get logs... [07:07] Don't you just love race conditions... [07:07] fyi: this type discussion should be in a lubuntu room, maybe -devel [07:08] Yeah, you're right. But hey, half the problem's solved! Now if I can only figure out why WiFI works in the live environment but then fails when my system is installed... [07:08] arraybolt3[m]: iso kernel might like your chipset, but once installed/update dislike kernel/wifi chipset [07:09] we see that a lot on realtek wifi for example [07:10] Eh, it's Atheros WiFi, it should be happy... [07:10] Another option is to unsquashfs the system, then remove the packages from the removal list, then finalize it. :P [07:10] Yeah, but this is Ubuntu, not Arch :-P [07:11] Still, whatever works. But it's working now. I'll keep that trick up my sleeve too, though, I thought maybe that was possible, but wasn't sure. [07:12] I mean, it's all Linux? I've never used Arch, but installed that way once with debootstrap and all. I made a doc to remind myself of some things. [07:13] Unit193: That's true. [07:22] So how can I get the WiFi working if the kernel's gone wonky? Will a simple full-system upgrade fix it? I'd try to just find WiFi drivers, but since the kernel is supposed to support Atheros drivers directly, I'm not sure what to do in this instance. I am getting a "Failed to start WPA Supplicant" warning during bootup. [07:27] OK, here's something even weirder. The program "wpa_supplicant" doesn't exist, and trying to run it makes apt tell me to install "wpasupplicant". Checking for the package using "dpkg-query -s" tells me that wpasupplicant is "install ok installed". So...? [07:27] Bug or hardware-specific glitch? [07:33] Nevermind, doing a full system upgrade fixed the problem. So now my system is fully functional! Thank you guys! I guess I have some bug reporting work ahead. === Bencraft14190 is now known as Bencraft1419 === ootput4 is now known as ootput [08:29] I tried the MATE desktop for a while but I no longer want it, so I uninstalled it. Howerver, my splash screen and GRUB colors still reflect those of MATE despite using gnome and wayland [08:29] anyone know how to reset them back to the proper colors and splash for gnome3? [08:30] dpkg -l | grep mate ==> and then remove the packages you no longer need [08:30] Such as plymouth-theme-ubuntu-mate-logo, plymouth-theme-ubuntu-mate-text etc [08:32] decided to purge plymouth completely [08:33] I did previously remove all the mate packages and wondered why there were a few traces left over but this seems to have fixed it all [08:42] When removing important packages such as plymouth make sure that you're not also removing essential packages that depend on them. If you see e.g. that 20 packages are going to get removed just because you removed plymouth, abort! [08:42] For example, removing plymouth on mate also removes lightdm, the display manager (login screen) [08:42] No idea about gnome or gdm3, I'm not using them [08:51] alkisg: this is what purge plymouth gives on ubuntu desktop 22.04; plymouth* plymouth-label* plymouth-theme-spinner* [08:51] plymouth-theme-ubuntu-text* === five617 is now known as five61 [08:53] lotuspsychje: ok not as problematic as on mate [09:14] hi [09:15] hi [09:19] hi luna [09:19] hey [09:19] what you wanna talk about [09:20] !support [09:20] The official ubuntu support channel is #ubuntu. Also see http://ubuntu.com/support and http://ubuntuforums.org and http://askubuntu.com [09:20] ok [09:21] what you guys wanna find out === diskin is now known as Guest9721 [09:26] how about hacking [09:40] illia: that topic does not fit in this channel [09:41] only ubuntu support questions here [09:42] ok === diskin_ is now known as diskin [09:56] I need php packages like php7.3-mysql but they aren't available. The default php-mysql uses php7.4 but I want php7.3 [10:01] sorry it uses php8 but I don't want that [10:09] Guest11, https://launchpad.net/~ondrej/+archive/ubuntu/php [10:18] ok, thanks === gabes1 is now known as gabes === diskin is now known as Guest2693 === diskin_ is now known as diskin [10:59] Why does the output of `dpkg -L libc6-dbg` not equal https://packages.ubuntu.com/focal/amd64/libc6-dbg/filelist (on 20.04) [10:59] The website lists ` /usr/lib/debug/lib/x86_64-linux-gnu/ld-2.31.so`, but thats not been installed [11:01] Full log: https://paste.sr.ht/~adot/7142208cfd210bce40847fa2696a4a16d8194812 [12:28] Hi! I see "~/snap". Curios, why has not been it hidden as ~/.snap? Is there a way once for every upcoming version grant access to ~/.* without rebuilding of snap pack? [12:30] For example I have snapped Editor, I want grant for Editor access to "~/.editor-buffer". Is it possible at all to do without rebuilding of a snap???? [12:30] To do once for every future version. === Bencraft14196 is now known as Bencraft1419 [12:46] Hi all [13:12] I have problems with sound. It works sometime, but often it jumps between working and not. Is there a way of reinstalling anything related to sound, e.g. drivers etc? === sorin is now known as Guest4588 === ootput2 is now known as ootput [14:58] I don't see a date for latest entry in http://changelogs.ubuntu.com/changelogs/pool/main/x/xorg-server/xorg-server_1.20.13-1ubuntu1~20.04.3/changelog ? Where else might I find the date when this was published? [14:59] how can i backup a vps, which do not have backup feature in control panel (the host does not provide backup option) but they do have rescue mode, can i use rsync to take backup of entire filesystem, and restore it, so if i mess up with server like install several packages and make mess, i can simply restore from backup to get server like freshly [14:59] installed? [15:00] nvm, I'm misreading the date (it's at the end of each entry, not the top, derp) [15:01] well a related question: I assume the date was when the changed were commited/merged, and not the date it was published in the apt repo? [15:05] Hi! Is there a way to search through sections with `apt`? I want to list all available shells, which seem to be in the 'universe/shells' category. [15:06] with aptitude, maybe .... [15:07] yeah, aptitude search shell... but doesn't show bash, for eg [15:08] Hmm, I see. Thanks. === stoned is now known as Hash [15:41] KBar aptitude search '~sshells' [15:59] Does someone know why a MBR ubuntu desktop installation has an empty /boot/efi partition? [16:02] goulashsoup, is /sys/firmware/efi populated ? [16:04] ioria no, `test -d /sys/firmware/efi && echo efi || echo bios` => "bios" [16:05] goulashsoup, so you booted in legacy mode [16:05] ioria Yes [16:05] goulashsoup, mount | grep boot [16:06] `mount | grep boot` [16:07] goulashsoup, not here, in the terminal [16:07] How to post multiple lines? [16:07] it skipped the next lines [16:07] !paste [16:07] For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic. [16:07] goulashsoup, mount | grep boot | nc termbin.com 9999 [16:09] I dont have an ubuntu acc yet, so.... [16:09] `/dev/sda5 on /boot type ext4 (rw,relatime)` [16:09] `/dev/sda1 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)` [16:10] goulashsoup, you have 2 boot partitions ; how many OSs ? [16:11] ioria One OS [16:11] goulashsoup, then, i don't think is correct [16:13] ioria So you mean, there is no reason behind it, is just a bug? === wbrawner__ is now known as wbrawner [16:13] ioria Related question https://superuser.com/questions/1613928/unexpected-efi-system-partition-id-on-mbr-disk [16:14] goulashsoup, sudo parted -l | nc termbin.com 9999 [16:14] mbr is unrelated to EFI, is this an UEFI machine? [16:14] hi [16:15] can I get support for ubuntu on this chat? [16:15] hi Guest8394, yes. [16:15] I have ubuntu installed on baremetal on cisco ucs server. Whenever start TOP or VIM, the putty session freezes [16:15] Ive never seen this before [16:16] TOP and VIM run just from from the console [16:16] im stumped [16:16] maybe you hit Ctrl S ; that stops all terminal output until a Ctrl Q is typed [16:17] * on vim [16:17] ioria Unfortunately termbin does not give any return value! [16:17] its definetly not an accidental key stroke [16:17] oerheks This is an MBR installation of ubuntu desktop, (UEFI legacy) [16:18] when I hit any key or combination of keys, putty doesnt respond [16:19] i can create a duplicate session and it works fine but certain programs like VIM, Nano and top cause the putty session to freeze [16:22] if you have your firewall setup to deny out going traffic how can you allow a specific snap? [16:24] Guest8394, since it happens in full-screen apps, I would expect that the putty terminal type setting and the TERM environment variable are mismatched. I couldn't tell you what they should be, though. === wbrawner9 is now known as wbrawner === lotuspsychje_ is now known as lotuspsychje [17:34] typing anything in "Ubuntu Software" just gives me the spinning wheel forever. [17:35] oh, apt update gives a few warnings [17:36] I guess I have a yarn repository whose signature is... expired? [18:09] ash_worksi: how would anyone but you know? [18:14] tomreyn: ah, thank you for asking. Sometimes I say stupid things to see if they are in fact stupid... [18:15] tomreyn: in this case, I was wondering if it's even possible that signatures expire [18:17] ash_worksi: yes, gpg signatures can expire. [18:17] I am still having problems with the forever spinning wheel on the software app [18:18] ash_worksi: and the "few warnings" of "apt update" are gone now? [18:18] working on that... they're all related to the yarn gpg key [18:19] if you're looking for help with this, you could share the output by running sudo apt-get update -y 2>&1 | nc termbin.com 9999 [18:22] tomreyn: https://gist.github.com/448f17842e99372c0a2d9d4c8d96e5d4 [18:24] ash_worksi: right, you need to find the current apt repository signing key for the existing dl.yarnpkg.com apt repository or different current / maintained apt repository for this software. [18:26] tomreyn: I mean, I don't even use yarn -- I'd rather just remove the repo from the list... how do you do that? === diskin is now known as Guest9451 [18:26] !ppa-purge | ash_worksi [18:26] ash_worksi: To disable a PPA from your sources and revert your packages back to default Ubuntu packages, install ppa-purge and use the command: « sudo ppa-purge ppa:/ » – For more information, see http://www.webupd8.org/2009/12/remove-ppa-repositories-via-command.html [18:27] checking the url for how to determine the repository-name/subdirectory [18:28] oh it doesn't say === keypushe- is now known as keypusher [18:29] tomreyn: is it possible to do something like `add-apt-repository --remove dl.yarnpkg.com` ? [18:30] (that command does not work apparently, but something like it?) === MiguelX4139 is now known as MiguelX413 [18:32] ash_worksi: I think you're looking for ppa-purge? [18:32] Or you can use "-r" with "add-apt-repository" rather than "--remove". [18:32] arraybolt3[m]: sure. But how do I resolve https://dl.yarnpkg.com to a ppa? [18:33] ash_worksi: Oh... hmm. That's probably not a PPA. Check your apt sources. [18:33] ls /etc/apt/sources.d [18:33] Er, no... [18:33] ls /etc/apt/sources.list.d [18:34] arraybolt3: https://gist.github.com/92e24698f519cfc7f7588325ab9ad8c5 [18:34] there's a yarn.list [18:35] That's what I noticed too. [18:35] it contains `deb stable ...` [18:36] Any mention of dl.yarnpkg.com in it? [18:36] arraybolt3: that's great and all... but how do I remove it? I am farily confident that there are lists you're not supposed to mess with for autogeneration purposes [18:36] arraybolt3: yes, it's that link exactly, I was just too lazy to type it: deb https://dl.yarnpkg.com/debian/ stable main [18:37] ash_worksi: The stuff in /etc/apt/sources.list.d is added by external stuff. The core sources are in a file, not in the sources.list.d directory (if I'm understanding correctly). I think all you have to do it delete the yarn.list file (and maybe the backup file of it, too), and then sudo apt update. [18:37] (By backup file, I meant "yarn.list.save") [18:38] arraybolt3: although I am confident that will work... is there a way you're _supposed_ to remove these "deb" files? [18:39] It looks like that's a pretty trustworthy way of doing it, given the Stack Exchange answer that says to do it got 230 upvotes. [18:39] https://askubuntu.com/questions/307/how-can-ppas-be-removed [18:39] It's the third answer in the list. [18:42] That answer mentions you should also remove the repositories signing key, and had a link on how to do that. [18:42] arraybolt3: nice, thank you. Out of curiosity, what did you google? [18:42] how to remove external repositories in apt [18:42] Ask Ubuntu was the third entry in the search on my system. [18:44] sorry, ppa-purge was probably not the right tool to suggest here [18:45] you can maybe make it work for non-PPAs, but it's not really the right tool for it. [18:51] arraybolt3: thanks, sometimes my limited lexicon translates to bad google-fu so I ask that question sometimes. [19:03] there is a way to add the key, as apt-add key is deprecated... <<< curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null [19:45] Does anyone have a document that says how to configure my wlan0 interface to be persistent? [19:45] This is for a Raspberry Pi running 21.04 [19:45] !21.04 [19:45] Ubuntu 21.04 (Hirsute Hippo) was the 34th release of Ubuntu, support ended on January 20, 2022. See !eol and https://lists.ubuntu.com/archives/ubuntu-announce/2022-January/000276.html [19:46] oh wow...maybe I should upgrade more frequently. [19:46] or use lts releases, or both [19:47] LOL I only pulled my 21.10 laptop out of the fire yesterday, it had 2 days left of support at the time [19:47] I don't really have a preference, this just runs minor low-traffic "stuff" [19:47] I don't have the `update-manager` applicaion. [19:47] application* [19:47] do-release-upgrade -c [19:48] Backup first! [19:48] arraybolt3[m]: YOLO! [19:48] arraybolt3[m]: I'm quite happy that you're using Matrix. [19:48] Trying to get my FreeBSD friends to use Matrix, no one budges. [19:48] 👍️ [19:49] should have done this in a tmux session [19:50] fikran: Ctrl+Alt+F3? [19:50] What does that do? [19:50] (Unless you're SSH'd into it, in which case make a second connection?) [19:50] I'm currently on a Chromebook, I wonder how F3s transition over [19:50] Switches to a new virtual terminal. [19:51] I'm sorry, I don't follow what you're saying? [19:51] So, in Linux, there's a bunch of things called "virtual terminals" where you can basically log into the machine and get a shell prompt. [19:51] right! [19:51] but, I ssh'ed into this machine. [19:51] Like, if I press Ctrl+Alt+F3 on my desktop, my screen will go black, a login prompt will appear, and if I log in from there, I get a Bash prompt. [19:52] In that instance, just connect to the same machine a second time. [19:52] wow, I don't think I"ve done that in years btw [19:52] Can confirm it works - I've got two SSH sessions from my Chromebook into my desktop ATM. [19:54] arraybolt3[m]: Just to be clear, in case I'm just misunderstanding you, you're saying switching a running session from an ssh terminal (pts/0 I believe?) into a tmux session without dropping the connection or anything? [19:54] fikran: No, I'm saying, you're on your Chromebook, just open a second terminal tab, and SSH into the same system, with the previous session still running. [19:55] fikran: Then log in - you'll get a second shell into the same system without terminating the first session. [19:55] No tmux involved. [19:55] Right! I'm not clear on the objective we're reaching there though? [19:56] I thought you needed a second shell, since you wanted to have done it in a tmux session, and the only use I know of for tmux is to have two or more shells. [19:56] (I might be missing something here.) [19:56] Yeah, we're talking past each other :) My bad! [19:56] I was starting the upgrade command in a non-tmux session, so if the ssh session dies, I lose the upgrade. [19:57] Ah. Oh dear. [19:57] Hold on, lemme look something up... [19:57] do-release-upgrade actually spawns a GNU screen session IIRC [19:58] yeah, I think so! It looks like a tmux session, not screen [19:59] there's reptyr "for moving running programs between ptys" [19:59] you're right, it#s tmux, not screen [20:00] hmm, no it's not :) [20:01] terminated with status 1 [20:01] Does this help? It's old, but it might still be helpful. https://stackoverflow.com/questions/625409/how-do-i-put-an-already-running-process-under-nohup [20:01] Oh great. [20:01] (re: terminated with status 1) ^ [20:04] hey how do i unblock a snap app from my firewall? [20:05] goddard, what snap/service exactly? [20:06] firefox [20:06] guwf for example === ootput4 is now known as ootput [20:06] Here, I also have Matrix. I might as well use it. [20:06] goddard: what is being blocked exactly? [20:07] leftyfb: if you have a firewall policy where you don't allow all outgoing [20:07] goddard: firewalls don't care about applications, only ports [20:07] ports and ip's [20:07] gufw has an application list [20:07] so that is just a static list? [20:07] arraybolt3[m]: re removing the apt key, I found yarn here: https://gist.github.com/ash-m/c5b9d1281f12617f1ac075c43d414e78#file-apt-key-list-sh-session-L41-L44 --- is the key the hex string on line 42? [20:07] I have Matrix and IRC right next to each other, Matrix is a bit faster. I didn't expect that. [20:08] goddard: iptables (which ufw and gufw are just front-ends for) doesn't care about applications [20:08] fikran[m]: please stay on topic [20:08] i thought it was like ZoneAlarm from back in the day and actively blocked an applications internet access [20:08] leftyfb: what if an app just uses another port? [20:08] leftyfb: pardon [20:09] fikran[m]: this channel is for support. If you'd like to chat about topics not related to ubuntu support, feel free to /join #ubuntu [20:09] i suspect you mean #ubuntu-offtopic [20:10] goddard: you typically use firefox to connect with websites on ports 80 and 443 (of course others depending). But so does apt and many other applications. If you're going to block outbound port 80 and 443, just unplug your computer from the internet. That's basically the same thing [20:10] tomreyn: ugh, yes, sorry [20:10] fikran[m]: /join #ubuntu-offtopic to chat [20:11] leftyfb: if you don't trust the applications you install not to send phone homes or "metrics" [20:11] goddard: then don't install it [20:11] The upgrade is still happening, I think I press "enter" or something and that gets interpreted the wrong way [20:11] leftyfb: that would be a perfect world wouldn't it :D [20:13] sudo ufw allow 53 sudo ufw allow http sudo ufw allow https ... sudo ufw app list comes in handy [20:14] ip tables sounds good for servers but not so good for desktops [20:14] but maybe you use a different firewall,.. [20:14] need another layer on top === MiguelX4130 is now known as MiguelX413 [20:14] ah, using iptables solely? [20:14] block an app then detect if it tries to go to another port [20:14] goddard: iptables is what runs the process. The others are front-ends that do various jobs of managing the tables. [20:14] maybe this is just apparmor or something? [20:15] goddard: What nefarious software are you running that you are afraid to let talk to the net? [20:15] i trust nothing and no one [20:15] jhutchins: Probably Firefox. [20:15] goddard: Unplugging the computer sounds like the best plan for you then. [20:15] let me guess; he is not even using ubuntu :-D [20:16] jhutchins: Windows has had this feature since XP [20:17] !info weechat === Furor is now known as Colere [20:17] weechat (3.5-1, jammy): Fast, light and extensible chat client (metapackage). In component universe, is optional. Built by weechat. Size 3 kB / 82 kB [20:18] oerheks: Weechat 3.5, it's a credible version. [20:19] goddard: Not sure what "feature" you're talking about, networking and firewalls on *nix are the foundation of the internet and are WAY earlier than XP. [20:20] jhutchins: enjoy the blast from the past https://www.incrediblecharts.com/help_troubleshooting/ic_zonealarm_personal_firewall.php [20:20] He means the ability to block application Internet access on the app level. [20:22] goddard: I don't know what you're trying to do .. but you could run a process in its own network namespace so it gets *no* networking, or only specific networking, etc; you could confine it with apparmor so you can decide which socket types it can use; you could confine it with seccomp so you can decide which socket types it can use; you could use firejail if you want ptrace-based 'live' mediation [20:22] goddard: https://tldp.org/HOWTO/IP-Masquerade-HOWTO/ipmasq-intro1.1.html [20:24] sarnold: yeah thats cool, but I just remember this app and I thought it was a nice feature to have. A little application that lets you know every time something is doing something. It had a bit of pain when you first launch it but after that nothing is talking outside unless you want it to. [20:24] arraybolt3[m]: re removing the apt key, I found yarn here: https://gist.github.com/ash-m/c5b9d1281f12617f1ac075c43d414e78#file-apt-key-list-sh-session-L41-L44 --- is the key the hex string on line 42? [20:24] Do you suppose he imagines that the name of an application has anything to do with how it accesses the internet? [20:24] did I miss a response to that? ^ [20:24] jhutchins: cmon man lets not act like I am not here [20:24] jhutchins: and i do understand it [20:24] Nope, I missed it. ash_worksi [20:24] woot [20:25] ash_worksi, there is a way to add the key, as apt-add key is deprecated... <<< curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null [20:25] oerheks: I am trying to remove a key [20:25] ash_worksi, oh, i thought that error says you had no key [20:26] it's an error? [20:26] oh [20:26] yeah [20:26] the original post [20:26] but I am getting rid of yarn [20:26] ash_worksi: I think that's the number. Just remove all the spaces. [20:26] or rather the original key was expired [20:26] arraybolt3[m]: I'll try it [20:29] goddard: If you're actually interested in what applications are using what ports, netstat can show you. It's not graphical or user friendly, but it has the info. [20:29] ss is more likely to be in the default installs [20:30] goddard: there are applications like NFS that use a standard port to establish the actual connection, then handle the actual traffic over a random port. [20:30] goddard: Most of those aren't general web applications, and have built-in security. [20:30] goddard: Generally, if you know what applications are running, you should know what ports are in use. [20:31] goddard: I think the reason that there isn't a grapical way to display that is because it's a lot of information and it's not very useful at all. === five611 is now known as five61 [20:32] goddard: If you want to find out what ports an application uses, there is the /etc/services file, and the man page for the app should tell you as well. [20:33] ive used opensnitch before [20:33] it is a clone off a mac app [20:33] but not as user friendly as zone alarm was from 1998 haha [20:34] goddard: Have you ever learned anything useful from it? [20:35] well lets say for example you need some application for work or you are downloading something you need to use and it has the dumb policy of collecting metrics on by default [20:35] this would prevent that use case [20:35] and to be honest i just enjoy it [20:35] blinkenlights [20:35] gives me member berries [20:35] ya [20:37] goddard: These appear to be firewall utilities (not, as some claim, actual firewalls): https://alternativeto.net/software/zone-alarm/?platform=linux [20:41] flatseal is useful for confinement security [20:42] i remember when i tried to create an app armor profile or work with SELinux it was a pain [20:42] FlatSeal is so simple [20:45] I've actually been using Snap as well for things like Flutter [20:45] What is the deal with Multi-pass? [20:45] it reminds me of WSL for Linux or something [20:45] Do snaps have something like flatseal? [20:45] goddard: https://multipass.run/ [20:46] goddard: you can manage connections and permissions with snaps from the CLI. You might be best asking in #snappy [20:46] mind you, I'm pretty sure you can't limit by port [20:47] kinda like docker [20:47] goddard: I think multipass mostly exists to make getting to ubuntu vms on windows (and os x?) quick and easy [20:47] goddard: "go install an oracle product first" is a bit of a big ask [20:48] so... even if `+ R` does work it kinda screwed up my current session so I had to restart [21:00] goddard: you seemed to be looking for this earlier - possibly what you would consider "flatseal for snaps": https://i.imgur.com/w7uaCas.png [21:00] those options are in Settings -> Applications [21:04] woah, didn't even know that existed [21:28] ahh ya nice [21:28] I am working on ubuntu 22.04 and I keep getting a message about snap-store needing an update. I have tried to do the step that I find online to do "sudo snap refresh" with all applications closed but it just gives me the error again as well. I have also tried to do a "sudo killall snap-store" but that didn't help as well. Does anyone have an idea how to fix this? [21:29] sudo snap refresh snap-store [21:30] do you have to restart the snap for it to take effect? [21:31] hi, bye [21:31]