=== blackest_mamba_ is now known as blackest_mamba
=== tdannecy0 is now known as tdannecy
=== M4he is now known as mahe
[01:31] <Guest34i5u34> is there a way to target a ppa with -t (apt install) as I pinned the added ppa to 100 as I don't want every package out of it
[02:35] <Solar5589> I really like Xubuntu
[02:35] <Solar5589> It's tedious to have to manually unpack tar and zip files with CLI, but otherwise, its a very fast OS
[02:35] <Solar5589> I hereby and thus officially reccomend: XUbuntu as a Great Linux OS :D  !
[02:45] <enigma9o7> Solar, if you don't like using clie for archives, thunar supports an archiver plugin that is in official repo.
[02:45] <enigma9o7> `sudo apt install thunar-archive-plugin`
[02:47] <enigma9o7> (surprsied xubuntu didnt include it)
=== ledeni_ is now known as ledeni
[04:44] <kotodama> I tested i915.enable_dpcd_backlight=3 and it seems to have my laptop hang instead of auto-rebooting on using screen off feature (cc lotuspsychje, arraybolt3, ioria but they're off ;)
[04:44] <kotodama> I could also confirm it's happening if I set energy saving options to turn off screen on lid close
[04:45] <kotodama> (the auto reboots)
[04:45] <kotodama> so far suspend to ram doesn't seem affected
[04:45] <kotodama> using nomodeset prevents the reboot, but then after 1min or so after having the screen turn off, it turns on again
[04:45] <kotodama> and nomodeset also prevents the screen from turning off when suspending to ram
[04:46] <kotodama> I'm not sure what this means, but it feels like it could help understand the issue :)
[05:00] <ice9> I understand that updates that are "kept back" is to prevent issues until they are sovled right? but I have been getting this for the past month on every I new updates I get every few days for different packages; is that normal?
[05:06] <Bashing-om> ice9: I too have seen a lot of packages in the help state. One can check status: http://people.canonical.com/~ubuntu-archive/phased-updates.html .
[05:08] <whiskey76> Same. I tried to upgrade again just now and everything updated with no held packages. Ubuntu MATE.
[05:10] <ice9> cheese doesn't work with wayland until now however wayland is the default ... any workaround?
[05:14] <rfm> ice9, should still be able to select the x.org session from the gear menu on the login screen
[05:15] <ice9> rfm, it doesn't work for me (I have nvidia); xorg session gives black screen
[05:31] <Intelo> Hi,
[05:33] <Intelo> While installing ubuntu, if choose " encrypt disk " option (I assume this is LUKS), then choose / to be drive1  and /home to be drive2, will it encrypt two drives separately with same password and also unencrypt them at boot/login?
=== jimmyb4 is now known as jimmyb
[06:28] <Intelo> While installing ubuntu, if choose " encrypt disk " option (I assume this is LUKS), then choose / to be drive1  and /home to be drive2, will it encrypt two drives separately with same password and also unencrypt them at boot/login?
[06:53] <]BaTMaN[> Hello la room
[06:54] <toddc> Intelo: I did encryption + ZFS to the first drive then complted the install then added the second drive to the pool if that helps
[07:13] <thekevinhuang> hello/greetings!   Would anyone have a link or steps on how to get ubuntu on a lenovo legion duel 2 phone?
[07:17] <toddc> thekevinhuang: https://ubports.com/ you phone is not listed but there are instruction if you want to build it if you have the skill
[07:17] <toddc> thekevinhuang: https://devices.ubuntu-touch.io/?pk_vid=52c381dff711ce7f166417658758d8a3
[07:18] <thekevinhuang> hello toddc
[07:18] <toddc> thekevinhuang: https://docs.ubports.com/en/latest/porting/introduction/ building instructions
[07:20] <thekevinhuang> thanks checking these links out
[07:33] <lapion> Does anyone in here know the usb3 32 node limitation is per bus or per controller ?
[08:13] <pickanick> I see that 22.04 has emacs 27.1 which was released Aug 10, 2020. Emacs is now on 28.2. When is emacs likely to be updated?
[08:15] <Habbie> in 22.10
[08:29] <pickanick> 22.10 is not LTS. If I want to stay with an LTS 22.04, does that mean emacs does not get updated? It's confusing because there are many package updates on a weekly basis.
[08:42] <EriC^> !info emacs focla
[08:42] <ubottu> 'focla' is not a valid release
[08:42] <EriC^> !info emacs focal
[08:42] <ubottu> emacs (1:26.3+1-1ubuntu2, focal): GNU Emacs editor (metapackage). In component universe, is optional. Built by emacs. Size 13 kB / 76 kB
[08:43] <EriC^> !info emacs jammy
[08:43] <ubottu> emacs (1:27.1+1-3ubuntu5, jammy): GNU Emacs editor (metapackage). In component universe, is optional. Built by emacs. Size 13 kB / 77 kB
[08:43] <alkisg> Normally only security updates and bug fixes get to Debian and Ubuntu releases. An exception is the browser as it's security sensitive, and the kernel as it's required for new hardware support
[08:43] <Habbie> !info emacs kinetic
[08:43] <ubottu> emacs (1:27.1+1-3ubuntu5, kinetic): GNU Emacs editor (metapackage). In component universe, is optional. Built by emacs. Size 13 kB / 77 kB
[08:44] <Habbie> oh, kinetic is only a month away!
[08:55] <pickanick> alkisg: ah. thank you. I didn't the majority of the many updates were security/bug fixes.
[08:58] <noze> how can I convert a djvu to pdf while preserving the (searchable) text layer?
[08:59] <pickanick> I thought that there could be package version updates, provided they use the existing library versions?
[08:59] <lotuspsychje> noze: https://askubuntu.com/questions/46233/converting-djvu-to-pdf
[09:00] <pickanick> noze: Generally, I don't recommend it. creation of djvu is kind of a lossy process.
[09:01] <alkisg> pickanick: no, that's what separates "normal" distributions from "rolling" distributions; normal distributions use the same package versions until the next version of the distribution (e.g. 22.10)
[09:01] <pickanick> Ubuntu is a "normal distribution", Fedora is a "rolling"?
[09:02] <alkisg> No, both are normal
[09:02] <Habbie> fedora is "normal" too (except for Fedora Rawhide)
[09:02] <alkisg> Arch is rolling
[09:03] <noze> lotuspsychje: that's an answer from 10 years ago
[09:03] <noze> and all but one solution does not in fact preserve the text layer
[09:05] <noze> the one that does uses a very hard to maintain working stack of ruby packages and an outdated version of imagemagick
[09:16] <pickanick> noze: if you must, print to pdf from a viewer for djvu
[09:18] <noze> pickanick: that won't preserve the text layer, table of contents, or links
[10:09] <ogra> pickanick, ~$ snap info emacs | grep latest/stable
[10:09] <ogra>   latest/stable:    28.2                   2022-09-16 (1680) 241MB classic
[10:10] <ogra> pickanick, just install the snap
[10:11] <ogra> (there is also a 29.x in the edge channel if you like living on the edge 🙂 )
[10:19] <webchat65> hi
[10:20] <lotuspsychje> welcome webchat65
[10:47] <GSMarquis> I removed TLP from my install. However systemctl still sees it as a service. Not active, but its there.
=== LanDi1 is now known as LanDi
[10:55] <webchat65> im having an issue with the systemd-networkd service. It doesn't seem to start. The error is "Cannot resolve user name systemd-network: No such process". I'm on ubuntu 18.04 and systemd version 137. Anyone have any ideas?
[10:56] <webchat65> i can start systemd-networkd manually as root but it doesnt run with systemd
[10:56] <Habbie> is systemd-network in /etc/passwd?
[10:57] <webchat65> Habbie yeah
[10:57] <webchat65> there is not DynamicUser in the unit file. It's just User=systemd-network
=== dd3my is now known as Guest8191
[11:17] <pickanick> ogra, good idea! Snapcraft suggests "snap install emacs --classic"  ie "Put snap in classic mode and disable security confinement" Any idea why ?
[11:21] <ogra> pickanick, because it is an editor/IDE it has been created to run without any confinement ... thus you need to explicitly accept it as --classic (i.e. to install an unconfined snap, snapd always wants your explicit consent through that switch)
=== LanDi1 is now known as LanDi
[11:43] <webchat65> any ideas anyone?
[11:46] <watney> Woah! What's this Hexchat? Something new in Ubuntu?
[11:46] <pickanick> webchat65: I find systemd not very transparent. Are you sure you actually want systemd-networkd and not some similarly named service?
[11:49] <pickanick> In my experience, systemd makes staying on the beaten path easy and wandering from it troublesome.
[11:52] <webchat65> pickanick, i don't see any other networking service. And if i run the command that's in the unit file i can get the network up fine, it just doesnt work in systemd
[11:52] <webchat65> and yes i agree, systemd is annoying
=== LanDi1 is now known as LanDi
=== EriC^^_ is now known as EriC^^
[12:41] <lotuspsychje> ioria: <kotodama> I tested i915.enable_dpcd_backlight=3 and it seems to have my laptop hang instead of auto-rebooting on using screen off feature (cc lotuspsychje, arraybolt3, ioria but they're off ;)
[12:41] <kotodama> welcome back ;)
[12:41] <kotodama> thanks lotuspsychje
[12:41] <ioria> lotuspsychje, i see
[12:41] <kotodama> I could confirm setting screen off on lid close also triggers the reboot
[12:41] <lotuspsychje> maybe we should file a bug anyway kotodama
[12:42] <kotodama> sure
[12:42] <ioria> kotodama, refresh my memory; when your screen truns off, your laptop reboots ?
[12:42] <kotodama> also nomodeset prevents screen from turning off
[12:42] <lotuspsychje> kotodama: ubuntu-bug linux (from terminal)
[12:42] <kotodama> not at the exact moment but yes
[12:42] <kotodama> the screen turns off
[12:42] <kotodama> then I can move the mouse and wake it up
[12:42] <lotuspsychje> kotodama: then add a title + add description (bug story)
[12:43] <kotodama> but if I wait too much (one min or two) it hangs, then reboots
[12:43] <kotodama> lotuspsychje: thanks, I'll do some more tests before posting though, to make sure I'm being accurate in the description
[12:43] <ioria> kotodama, yes, would be better to write down the exact issue, so we can take a look
[12:44] <kotodama> will do, thanks again :)
[12:44] <BluesKaj> Hi all
[12:44] <ioria> kotodama, don't forget desktop env, kernel and hw specs
[12:44] <kotodama> sure
[12:45] <kotodama> output of sudo lshw is ok or too much details ?
[12:45] <ioria> kotodama, yes, also  'lspci -nnk'
[12:45] <lotuspsychje> kotodama: specialy if it happened across several ubuntu releases, a bug is handy
[12:46] <kotodama> yeah I should have reported that sooner, my bad
[12:46] <kotodama> I was a bit caught up in other stuff
[12:46] <lotuspsychje> its never too late dont worry
[12:46] <kotodama> :)
[12:58] <lowhat> hello
[12:58] <lowhat> hello?
[13:10] <xatrix> Hi, guys can you advice me ? I have Lenovo G50 laptop. With hybrid graphics. Display controller: Advanced Micro Devices, Inc. [AMD/ATI] Sun LE [Radeon HD 8550M / R5 M230] . Just upgraded from 20.04 -> 22.04. I installed amdgpu driver from https://repo.radeon.com/amdgpu/22.20/ubuntu . But something went wrong. I can only start X server using 'nomodeset' option in grub. This is Xorg.0.log with 'nomodeset' https://paste.debian.net/1255041/  , and this is
[13:10] <xatrix> Xorg.log without 'nomodeset'  https://paste.debian.net/1255042/
[13:10] <xatrix> Any idea what can i do to start the X server correctly ?
[13:12] <xatrix> [xatrix@MERNOV-NB ~]$ DRI_PRIME=1 glxinfo | grep "OpenGL renderer"
[13:12] <xatrix> OpenGL renderer string: llvmpipe (LLVM 14.0.1, 256 bits)
[13:12] <xatrix> w\o DRI_PRIME=1 it's the same
[13:14] <xatrix> 03:00.0 Display controller: Advanced Micro Devices, Inc. [AMD/ATI] Sun LE [Radeon HD 8550M / R5 M230]
[13:14] <xatrix> 	Subsystem: Lenovo Sun LE [Radeon HD 8550M / R5 M230]
[13:14] <xatrix> 	Kernel modules: radeon, amdgpu
[13:14] <xatrix> Please advice
[13:14] <lotuspsychje> xatrix: you might wanna browser recent bugs, im seeing a lot of them passby; xserver-xorg-video-amdgpu
[13:15] <xatrix> Also, my backlight control is not working. My BL is on the max level
[13:15] <lotuspsychje> xatrix: https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-video-amdgpu/+bugs?orderby=importance&start=0
[13:15] <lotuspsychje> see if you can find your case between them
[13:16] <xatrix> ok..i'll inspect it now
[13:18] <masber> hi, I am trying to update zoom in my ubuntu 20.04.4, I downloaded the .deb file from zoom website but the installation hangs when "ubuntu software" open. I can only see a spinning wheel and stays like this indefintely
[13:18] <masber> any advice?
[13:24] <xatrix> lotuspsychje, not actually found the proper bug.
[13:25] <ravage> masber, cd ~/Downlaods/; sudo apt install ./your-zoom.deb
[13:27] <ravage> masber, you can also use https://p.haxxors.com/uc848sl8.sh to automate updates in the future
[13:28] <masber> cool
[13:28] <masber> thx!
[13:28] <ravage> ( you would need to run that script with sudo)
[14:29] <amalgameate> hi, i often have multiple tabs open in a terminal window, each running vim.  is there a way to search my ~20 open tabs to find the one running vim for a specific file name?
[14:31] <nteod> amalgameate: Vim can be started as a server, so you can open all files under a same Vim. That should be better to navigate than having it scattered around tabs. Look for --remote in `man vim`.
=== nteod is now known as help
[14:41] <alturic> Hi all, I'm trying to create an iptables rule that will ratelimit connections, and I'm a bit confused as to why it seems to work when connecting via curl or nc, but not when using a browser.
[14:42] <alturic> Perhaps it's because I only have it tracking --state NEW? Which still technically wouldn't make sense since I assume multiple curl requests are ultimately like a browser?
=== nteod is now known as nteodosio
=== Guest5419 is now known as polo
=== polo is now known as GiverOfDomains
[15:46] <jrabbit> Hi channel, where would I go looking for information about strange (possibly hostile) disappearing updatable packages?
[15:47] <jrabbit> I had apt "disappear" upgradable grub packages after an `update` command that obviously only refreshed the index
[15:47] <jrabbit> So either there was a legitimate revert or a hostile rollback or a hostile update in my approximation
[15:48] <jrabbit> I checked the changelog for the grub package and didn't see any strange or recent entries. has this been seen elsewhere?
[15:48] <jrabbit> my understanding is if there's a pakcaging mistake a post version is created but possibly that debian process isn't the same for ubuntu?
[15:49] <lotuspsychje> jrabbit: /var/log/dpkg log would record the things you installed
[15:49] <alkisg> jrabbit: I've seen packages pushed in the ubuntu repositories and reverted within days without any post-versions (or explanations) :)
[15:50] <alkisg> I believe they only do that for grave regressions though, rarely, and it's probably something that phased updates will help avoid
[15:50] <jrabbit> alkisg:that's reassuring! thanks :)
[15:51] <jrabbit> lotuspsychje:yeah nothing there, I checked around just in case unattended-upgrades got me at a bad time
[15:51] <alkisg> jrabbit: usually you can then locate them in the proposed updates list
[15:52] <jrabbit> oh yep those are the three grub related packages I saw (looking via a third party site)
[15:55] <jrabbit> is there an appropriate place to +1 some methodology that tells us paranoid people "this was intended"?
[15:55] <ioria> jrabbit, what's the exact package name are we talking about ?
[15:56] <alkisg> The worst side-effect of this method is troubleshooting systems that managed to get the bad updates. E.g. 2 years later ubuntu 20.04 systems still had a "wrong libc version" that prohibited them from installing packages that depended on the correct version, like dkms
[15:56] <jrabbit>  grub-efi-amd64-signed grub-efi-amd64 and grub-efi-amd64-bin
[15:56] <ioria> and clang
[15:57] <ogra> jrabbit, there are a few discussion threads on discourse.ubuntu.com around phased updates ... you might want to add feedback there
[15:57] <alkisg> ogra: no that's about releasing a new package version into ubuntu archives, then revoking it
[15:57] <alkisg> It's not related to phased updates
[15:57] <jrabbit> thanks, I guess seeing "held back" on ubuntu should have been my first clue something new was cooking
[15:57] <ogra> (in fact it seems a new spac was just added today to allow proper grouping of phased updates)
[16:00] <alkisg> Example: https://bugs.launchpad.net/snap-core20/+bug/1926355, comment #15
[16:00] <ubottu> Launchpad bug 1926355 in snap-core20 "Snap applications segfault with new core20 (rev: 1015+)" [Critical, New]
[16:01] <alkisg> They released libc 2.31-0ubuntu9.3, then revoked it, and never pushed another update, so people that updated in that window now can't install e.g. dkms
[16:01] <ogra> ah
[16:01] <ogra> well, phasing is part f this (limiting the percentage of affected systems) but yeah, not actually the cause
[16:02] <ogra> s/f/of/
[16:02] <alkisg> In this example, phasing would have the exact same effect, i.e. a few users getting affected. Only a new package release would actually solve the issue.
[16:03] <alkisg> There's no "cancel phased package AND revert to previous version", right?
[16:03] <ogra> no, only by uploading the older package wth a higher version would actually solve it
[16:03] <ioria> you downgrade
[16:03] <yo_> um i need help
[16:03] <ogra> (which then ends up in awful version numbers)
[16:04] <alkisg> ioria: yup but that's manual, in the example above people didn't even know that a libc update was causing their issues 2 years later
[16:04] <ogra> 1.2.3-0foo~really-1.2.2 🙂
[16:04] <alkisg> ogra: yeh, but it's necessary in these cases :/
[16:04] <yo_> guys
[16:04] <ogra> !ask | yo
[16:04] <ubottu> yo: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
[16:04] <yo_> oh ok
[16:05] <ioria> alkisg, i remember that, i was affected
[16:05] <ogra> alkisg, yeah, it is about time that we switch libc to a snap ... then it will just be a "snap revert" 😄
[16:06] <alkisg> ogra: heh, don't get me started :D
[16:13] <cosmicrajiv> Hello, when I m trying to upgrade, this is what i get https://paste.ubuntu.com/p/dPggdWQW5P/plain/
[16:13] <cosmicrajiv> using 22.04.1
[16:13] <alkisg> cosmicrajiv: https://discourse.ubuntu.com/t/phased-updates-in-apt-in-21-04/20345
[16:16] <cosmicrajiv>  alkisg, yeah got it. thanks.
[16:16] <alkisg> 👍️
[16:59] <eam> is there a good place to ask about foreign language input? I'm trying to type using the intelligent pinyin selector but it seems broken - even basic characters (like the number 8) aren't available to be selected
[17:00] <eam> the pinyin selector seems extremely limited in functionality
=== scoobydoo_ is now known as scoobydoo
=== EriC^ is now known as EriC^^
[18:18] <goddard> Getting this with my eGPU
[18:18] <goddard> [drm:nv_drm_master_set [nvidia_drm]] *ERROR* [nvidia-drm] [GPU ID 0x00000100] Failed to grab modeset ownership
[18:20] <goddard> some others
[18:20] <goddard> https://paste.ubuntu.com/p/HJyMyfbbG4/
[18:21] <goddard> looks like maybe a BIOs error not sure if its related
[18:21] <goddard> https://paste.ubuntu.com/p/b2NqFm3Ngc/
[18:22] <sarnold> goddard: sometimes those are more or less harmless, sometimes they're a cause for concern. I suggest checking fwupd for firmware updates, or your motherboard manufacturer's website
[18:32] <goddard> sarnold: whatever the issue you is, it is a show stopper.  Keeps locking the system up with the eGPU.
[18:35] <oerheks> looks like this https://bugs.launchpad.net/acpi/+bug/1978398
[18:35] <ubottu> Launchpad bug 1978398 in Ubuntu "[    0.515312] ACPI BIOS Error (bug): Failure creating named object [\_SB.PC00.SAT0.PRT0.PWRG], AE_ALREADY_EXISTS (20210730/dswload2-326)" [Undecided, Confirmed]
[18:36] <oerheks> on kernel 5.15
[18:36] <oerheks> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1979030
[18:36] <ubottu> Launchpad bug 1979030 in linux (Ubuntu) "Multiple error and bugs during boot on Ubuntu 22.04 LTS" [Undecided, Confirmed]
[18:59] <goddard> yeah i jumped through all those launchpad bugs in the hopes they had a bug fix
[19:00] <goddard> none
[19:00] <goddard> its sad
[19:03] <sarnold> have you had any luck with fwupd or new firmwares from your vendor?
[19:04] <goddard> sarnold: i upgraded on windows using their utility
[19:04] <goddard> in linux i just see this
[19:04] <goddard> (fwupdate:17353): FuPluginUefiCapsule-WARNING **: 14:26:21.440: SMBIOS BIOS Characteristics Extension Byte 2 is invalid -- UEFI Specification is unsupported, but /sys/firmware/efi exists: offset bigger than size 9
[19:04] <goddard> thats using --list
[19:05] <goddard> the rest are unknown
[19:05] <sarnold> goddard: dang :(
[19:18] <goddard> i think maybe just x hangs though
[19:18] <goddard> or the nvidia driver
[19:18] <goddard> because sound still carries on like normal
[20:49] <yo_> so, i rebooted my ubuntu desktop install and now i booted into a command prompt? how do i fix this?
[20:51] <sarnold> yo_: if the goal is to get graphics up, try sudo systemctl isolate graphical.target
[20:51] <yo_> ok
[20:54] <yo_> did not work, the error started with mtd or something
[20:58] <sarnold> yo_: ugh. so, the mtd parts of the error message are almost certainly not actually related to your problem :(
[20:59] <yo_> aww
[20:59] <sarnold> yo_: and I can't find any bug reports for what your problem actually *is* -- just a bunch of folks trying to find answers..
[20:59] <yo_> damn thats a ongoing error i guess
[20:59] <yo_> i guess i will have to reinstall ubuntu...
[20:59] <sarnold> yo_: I suggest "ubuntu-bug gnome-shell", that'll start a bug report, and give you a huge link that you can use to finish the bug report
[21:00] <yo_> but that first
[21:00] <yo_> ok
[21:00] <yo_> cya
[21:00] <sarnold> it might just come back on the first update :/ -- without knowing what went wrong..
[21:22] <Sven_vB> Hi! I'm using Ubuntu focal on my notebook, with a USB hub attached. I'd like to limit what kind of devices are acceptable on that USB hub (especially, no 2nd level USB hubs) and in case of violations I want them logged to a file and the offending USB hub port shall be disabled until I manually re-enable it. How would I do that?
[21:24] <leftyfb> Sven_vB: https://a.co/d/4FTzVBB
[21:24] <Sven_vB> if possible, I'd also like allow keyboards and pointers conntected to that hub but they must initially be "floating" in the xinput sense, not auto-attached to the Virtual core pointer and Virtual core keyboard.
[21:24] <Sven_vB> leftyfb, thanks, will read!
[21:27] <Sven_vB> a physical lock probably won't help in my case. I want to protect against untrusted devices that look legit at first.
[21:27] <leftyfb> Sven_vB: I don't know of anything out of the box that does what you want. You want to lock down pretty low-level pieces of the OS based on some pre-determined, custom criteria
[21:28] <Sven_vB> yeah. kinda like netfilter for USB.
[21:28] <leftyfb> Sven_vB: look into apparmor/grsec/selinux and lock down every last bit and then write rules to allow the system to run and then write rules for your usb's
[21:29] <ogra> how about permanently powering down the USB bus and only power it on right before you plug in a trusted device ?
[21:29] <ogra> should be possible via sysfs
[21:29] <Sven_vB> I had hoped that I could run everything that's not ob that USB hub in traditional, lazy trust mode.
[21:29] <leftyfb> only certain internal hubs support powering off usb ports
[21:29] <leftyfb> most don't
[21:29] <Sven_vB> *on that
[21:30] <Sven_vB> power stealing is not something I worry about. blocking the communication with offenting ports would suffice.
[21:30] <leftyfb> physical ACL's
[21:30] <leftyfb> (locks)
[21:31] <ogra> https://lwn.net/Articles/143397/
[21:31] <ogra> powering down was not the right term 🙂
[21:31] <ogra> i meant unbind/bind
[21:31] <Sven_vB> ogra, I cannot tell whether the device is trustworthy, thus my need to defend at least against some kinds of attacks.
[21:31] <leftyfb> yep, you can unbind, but as soon as the cable in unplugged and plugged back in, it's detected and live again
[21:31] <Sven_vB> it's not a black/white scenario. I want to make my grey a bit brighter.
[21:32] <Sven_vB> I think "raise the bar" is the expression.
[21:32] <ogra> Sven_vB, you could maintain a udev rule that makes all USB devices being ingored except for a vendor/device ID whitelist ... but that still means you need to create that whitelist
[21:34] <leftyfb> that requires knowing the vendor ID of every possible device you want to plug in
[21:34] <ogra> yes
[21:34] <Sven_vB> ,
[21:34] <Sven_vB> l
[21:34] <Sven_vB> sorry
[21:34] <ogra> was that yur forehead htting the keyboard ?
[21:34] <Sven_vB> typing blind into the wrong window
[21:35] <ogra> 🙂
[21:35] <Sven_vB> ogra, whitelist for everything on that USB hub is ok, as long as all other USB ports are still as easy and open as before.
[21:35] <oerheks> vendor id, serial number ..
[21:36] <ogra> hmm, that might be a bit trickier to achieve ...
[21:36] <leftyfb> there are ways around this btw :)
[21:36] <ogra> (limiting to a single hub i mean)
[21:36] <Sven_vB> leftyfb, around what?
[21:37] <leftyfb> you are limiting based on the port on the hub, not the port on your machine
[21:37] <leftyfb> udev rules
[21:37] <ogra> i mean, udev is endlessly scriptable within its limitations ... but black/white listing *and* limiting to a single hub will end in quit a big scriptery
[21:37] <Sven_vB> yes. I won't plug questionable devices into any other port than that hub
[21:37] <leftyfb> and limiting the devices that can be plugged into a specific port
[21:39] <Sven_vB> the easy way would probably be to buy a separate computer for the questionable devices, but it's neither cheap nor ecologically friendly.
[21:39] <leftyfb> a pi can use OTG to pretend to be any vendor/serial
[21:40] <leftyfb> if someone really wants to get in, they'll get in. If you want to prevent that, you physically lock them out
[21:40] <Sven_vB> yeah so in addition to limiting by vendor/serial I probably want to also limit what kinds of device are acceptable. e.g. a realtek wifi antenna is not allowed to act as a CD ROM drive.
[21:40] <leftyfb> now you're writing your own usb stack
[21:41] <ogra> the kernel should manage that
[21:41] <Sven_vB> I know someone might still circumvent it. that's why I wrote "raise the bar"
[21:41] <leftyfb> good luck with all that
[21:41] <ogra> bt you can indeed limit subsystems as well in udev rules
[21:42] <ogra> though i guess at some point you will feel a performance impact due to the sheer size of the udev rule script you will create 🙂
[21:43] <Sven_vB> if the performance penalty applies only to devices on that hub, it might be acceptable. like a separate chain in netfilter.
[21:43] <ogra> well, it will apply to udev i guess
[21:44] <Sven_vB> I had a feeling already that my project won't be easy. :(
[21:44] <ogra> (not sure how selective it parses its rules)
[21:44] <sktsee> Sven_vB: check out usbguard. It's in universe and sounds exactly what you're looking for
[21:44] <Sven_vB> sktsee, nice! thanks!
[21:45] <leftyfb> well look at that
[21:45] <ogra> bah, already existing software 🙂 while we were just newly inventing the wheel !!!
[21:46] <oerheks> can it handle serialnumbers?
[21:46] <Sven_vB> ogra, you can still find reasons why usbguard is bad and needs to be reinvented. :D
[21:46] <ogra> 😄
[21:46] <leftyfb> it looks like it can hide the serials
[21:46] <leftyfb> https://usbguard.github.io/documentation/configuration.html
[21:47] <leftyfb> ah, it can filter on them as well https://usbguard.github.io/documentation/rule-language.html
[21:47] <Sven_vB> thanks all for your help, I'll read later and maybe report back,
[21:47] <leftyfb> and by port, etc
[21:47] <leftyfb> sktsee: good find
[21:47] <sktsee> thanks. look it up when all the fuss about bad usb was going around
[21:48] <oerheks> nice
[22:24] <dabbler> What would need to change in order to make my system preserve not just file modification timestamps, but creation timestamps too, when copying or moving files between file systems? The kernel? They cp and mv binaries?
[22:26] <Square> should i or should i not add ppa universe to install gnome tweaks? I see instructions with and w/o
[22:28] <EriC^^> !info gnome-tweaks
[22:28] <ubottu> gnome-tweaks (42~beta-1ubuntu2, jammy): tool to adjust advanced configuration settings for GNOME. In component universe, is optional. Built by gnome-tweaks. Size 59 kB / 416 kB
[22:28] <EriC^^> Square: ^ universe
[22:29] <leftyfb> dabbler: rsync
=== bankai__ is now known as bankai_
[22:38] <dabbler> leftyfb: ah, thanks. Forgot about rsync. I meant a permanent solution, but I guess the fact that rsync can preserve ctimes suggests it's the mv and cp binaries that I'd need to change. Unless there's an env var or some other kind of flag to change the behavior. Anyone know of such a thing?
[22:38] <leftyfb> huh?
[22:39] <leftyfb> dabbler: rsync will copy a file locally or remotely while preserving whatever attributes you like
[22:41] <dabbler> leftyfb: I understand. I don't want to have to use rsync every time I want to copy or move data between filesystems.
[22:41] <leftyfb> dabbler: what else would you use and why?
[22:43] <dabbler> leftyfb: mv and cp, a graphical shell, etc.
[22:43] <dabbler> Anything that moves data between filesystems
[22:43] <leftyfb> dabbler: ok, those will not preserve attributes like rsync and do not fit your requirements like rsync does
[22:45] <dabbler> leftyfb: Yes, hence my question: what would have to be altered to make them preserve ctimes too?
[22:45] <leftyfb> dabbler: their source code
[22:45] <leftyfb> dabbler: you would basically rewrite cp/mv to become rsync
[22:45] <leftyfb> or just use rsync
[22:46] <leftyfb> dabbler: btw, if the real goal of this is to utilize the GUI, there is grsync you can try
[22:48] <dabbler> No, the real goal is to comprehensively change the behavior of anything and everything that moves files between filesystems
[22:48] <leftyfb> dabbler: good luck
[22:49] <dabbler> Yes, thanks
[22:55] <leftyfb> hays: for i in proc sys dev dev/pts ;do sudo mount -o bind /$i /path/to/chroot/$i ;done
=== teal-tabbycat is now known as tealtabbycat
=== ick is now known as pickanick