Debian 02-2012

<somiaj> you need to write an xorg.conf file <somiaj> !tell tertu about nvidia <BenNZ> tertu: have you tried blacklisting the nouveau module? <somiaj> !tell tertu about nvidia dkms <somiaj> BenNZ: he hasn’t tried telling xorg.conf to use the ‘nvidia’ driver yet and it won’t detect it automatically. <somiaj> tertu: that secont factoid tells you what you need to put in your xorg.conf (though it is slightly hard to read if you dn’t know n means enter) <somiaj> or new line <BenNZ> tertu: ok run sudo nvidia-xconfig and will create one <BenNZ> *it will <Matiasu> I’m using im-config in order to set the default input method (IM) but I have a problem: if I set that I don’t want to use IM (ie, none), it works well but ibus doesn’t start automatically and I can write in J<Matiasu> can’t use it and some keys doesn’t work as I expect (like Spanish tildes, I can’t write them) <Matiasu> what can I do? <somiaj> that will be overkill, you don’t need a full xorg.conf anymore, better to just use the one in the factoid and let the rest be detected automatically <Matiasu> I can’t write in Japanese * <tertu> does the identifier really matter? also a different guide includes a module section that loads the glx module, should I have that? <somiaj> tertu: call it anything <somiaj> tertu: you use to need that to reference it in other parts of the config, but that is all done automatically for the most part <tertu> that’s what I gathered <somiaj> tertu: nope, you just need three lines that tell what display driver to use <tertu> alright, i’ll give it a go <gnarface> tertu: i think nvidia’s driver loads the glx extension automatically whether you ask for it or not. other drivers may need it which is why you’ve seen it listed explicitly elsewhere <tertu> OK. <somiaj> gnarface: doesn’t the xorg server just try to load that module auotmatically by default now anyways? <somiaj> I really wish they would put a copy of that config snippet in /usr/share/doc/nvidia-kernel-common or some other appropraite package so users can just copy it to /etc/X11/xorg.conf.d/ <Matiasu> in other words: why on Earth if I say (using im-config) that my default IM must be ibus, GTK application think the system default IM is “XIM”? -.- <somiaj> mostly because most the info on it is missleading and they try to create full xorg.conf files with some tool, which could lead to issues with your keyboard/mouse or other devices in X <somiaj> s/missleading/old and missleading/ <gnarface> somiaj: i don’t know if its the x server or the driver. i just know my log file mentions that its loaded anyway even though i explicitly requested it <tertu> After that change, I can’t even get into the console <tertu> all i get is a screen with an oddly flickering cursor <gnarface> tertu: nouveau drivers loads some framebuffer thing the nvidia binary driver is allergic to <tyche> somiaj: It’s worse than that. I have a 27″ Samaung, and NVidia couldn’t recognize it. I spent two days at an extremely low res trying to figure out how, then had to build the xorg.conf myself. And I’m not a<somiaj> gnarface: I was just using a xorg.conf file from back in teh xfree86 days until recentally when I basically took everything out. <gnarface> somiaj: i kept mine. i like to be pedantic and i seem to run a lot of the types of hardware that xorg’s auto-detection features choke to death on <somiaj> tyche: I have to use a custom edid for my sony 40″ as it detects the hdmi audio and disables my sound (that I plug in from another sound card via rca). So there are still reasons to need xorg.conf, but most pe<tertu> !tell tertu about nvidia <somiaj> tertu: /msg dpkg <somiaj> tertu: you don’t need to spam us <freedom_> I have a few users on my PC. I would prefer then to not have permission to read or exec anything thing. Was wondering if this will cause problems with programs etc. <gnarface> heh <somiaj> freedom_: what kind of users? What do you want them to be able to do <tertu> man whenever i have problems i instantly become a blathering idiot <somiaj> freedom_: if they can’t readd/execute anything it is just that, they can’t do anything. <gnarface> freedom_: if by “problems” you mean that they won’t be able to read or exec anything, then yes <tertu> sorry about that <freedom_> They are not sudo but just normal desktop users. <somiaj> freedom_: well they have to be able to read/execute anyting assoicated with what ever applications they will run <malphas> Having a bizarre resolution error with APT. When I attempt to update, it says it’s unable to resolve any of the hosts in my sources list. However, I can ping those domains and it will resolve and ping them ju<somiaj> freedom_: what are you worried about? Are you wanting to keep data from one users off limits from data of another? <freedom_> sure thats fine but I don’t want them poking around in my home <malphas> Additionally, when I try and ssh out to a host, or links, etc, I get the same resolution error, but can still ping. <somiaj> freedom_: just chmod 750 all user dirs in home, then no one can peak in other users home dir <malphas> In a regular browser, I can reach any websites, including those in the sources list. <freedom_> Thats is what I was thinking. So only groups can do things. You think I might still bump into problems? <somiaj> freedom_: note if you are running a webserver and want to use domain.com/~user directories you have to be slightly careful with that, but for the most part just lock of users home dirs is fine. <freedom_> www-data <somiaj> freedom_: by default /home/user is owned by user and group user <freedom_> and thats it <somiaj> freedom_: yea you can make the group www-data if you need the webserver to get into the dir <gnarface> freedom_: if you don’t trust your shell users you are still at risk of them uploading malicious binaries they will own and be able to exec automatically <gnarface> freedom_: if you’re running a php website on the same box though the php is likely to be a far easier target <tertu> So apparently nouveau did not properly get blacklisted. <somiaj> though unless they find a root exploit (and they could, espically if you dont’ run stable with security updates) they can use those binarys to do anything they want. But for the most part, chmod 750 /home/user<somiaj> if you are really paranoid make an encrypted filesystem in your home dir that you only mount when you need it <somiaj> well make a file that is a loopback encrypted filesystem <freedom_> gnarface I do use noexec in my fstab for /tmp etc. But true that you say. Not so worried about that. Just don’t want my wife and kids reading my stuff. <malphas> No one seen this resolution problem before? <gnarface> freedom_: yea just chmod 750 on the home directories like somiaj suggested and that should cover you from that end <gnarface> freedom_: just don’t store any of your porn outside your own home directory, and don’t leave it logged in ;-P <somiaj> though having stuff you want to hide from your wife and kids, if you are that secerative make a crypto loopback file system. (: <freedom_> yeah Ill give that a go. If I have problems I just make groups <Matiasu> http://i.imgur.com/4XVsk.png <tertu> Well, some success <tertu> X starts without errors to a black screen <gnarface> freedom_: debian has existing groups for a lot of stuff you’ll commonly want, so you don’t necessarily need to add groups rather just add users to the existing ones. for example the ‘audio’ group will let t<gnarface> drive(s) <somiaj> tertu: again unless you share your xorg log we can’t really do much <BenNZ> tertu: try adding blacklist nouveau to /etc/modprobe.d/blacklist.conf <freedom_> gnarface thx for the help. <freedom_> and same to the others <malphas> Additionally, when I try and ssh out to a host, or links, etc, I get the same resolution error, but can still ping. I can browse everything fine in chrome, no dns issues. It just will not resolve anything wit<gnarface> malphas: browsers often cache dns info. <somiaj> malphas: care to share your sources.list file with us <malphas> It’s default, security.debian.org, ftp.us.debian.org are returning resolution errrors. <malphas> errors. <malphas> Additionally, I can’t get hosts to resolve via SSH <malphas> I can, however, ping any of these from the console without trouble. <malphas> It seems isolated to SSH and apt, so far. <malphas> W: Failed to fetch http://security.debian.org/dists/squeeze/updates/main/i18n/Translation-en_US.gz Could not resolve ‘security.debian.org’ <gnarface> so many things that could be wrong when you don’t respond with the info we’re asking for <malphas> PING security.debian.org (149.20.20.6) 56(84) bytes of data. <malphas> 64 bytes from security.debian.org (149.20.20.6): icmp_req=1 ttl=58 time=66.8 ms <malphas> There is nothing else in my sources.list… how would having those strings somehow prevent dns from working for SSH? <malphas> SSH doesn’t look at sources.list, but cannot resolve hostnames either. <tertu> http://pastebin.com/XGAiCys0 <malphas> Again, I can ping them, or reach them with a browser just fine. <gnarface> malphas: come on just work with us here. we have to be methodical about this or we’ll end up looking over the same thing you did <tertu> here’s before I blacklisted nouveau <BenNZ> tertu: have you blacklisted nouveau now? <malphas> gnarface: I’m not trying to make it harder, I’m asking what you expect to find in sources.list that might prevent SSH from resolving hosts <tertu> yes <BenNZ> tertu: there isnt enough in your corg.conf , run sudo nvidia-xconfig and reboot <gnarface> tertu: according to that log file it worked fine. what’s wrong ? <tertu> And X starts. Thank you so much, everyone! <malphas> I’ve been at this for hours. My sources list is default for using us mirrors, and security.debian.org. <gnarface> oh <tertu> gnarface: there was nothing displayed at all <freedom_> Oh one weird thing I bumped into. It that the cmd to open “Synaptic Package Manger” is su-to-root -X -c /usr/sbin/synaptic. Not even sudo -i or gksu can start it. I have to use my root pw. Is this normal? Ki<gnarface> tertu: were you missing a window manager? <tertu> probably. <tertu> anyways, it works now. <gnarface> tertu: black screen with nothing but a mouse? <gnarface> tertu: hooraay! <tertu> Nothing at all, not even a mouse. <malphas> tertu: Incorrect x server? <gnarface> tertu: but you installed a window manager and its fine now? or.. new problem? <malphas> which driver is your conf using? <tertu> No, no new problems <tertu> I blacklisted nouveau, restarted, and X ran perfectly <gnarface> good <gnarface> for a second there i thought you were telling us it was still broken <tertu> that was the run that the last log came from <gnarface> malphas: i expected to find an unrelated issue, i was going to address the ssh thing separately <gnarface> malphas: have you done dns queries directly against ALL the nameservers listed in your /etc/resolv.conf? <gnarface> malorie: one could be broken or out-of-date <malphas> Yes. <malphas> Each works fine. <malphas> I’m running dns locally, but just in case I tried external as well. <malphas> No changes. <gnarface> malorie: but i don’t suppose you’re gonna list them for us so we can verify that for ourselves either? <malphas> What’s confounding me is that the errors seem to be isolated to apt/ssh. Ping works perfectly fine resolving these hosts <malphas> and I can browse them all day long. <malphas> Is there perhaps some sort of shared library that apt/ssh use for handling resolutions? <malphas> I even went so far as to manually add the sources to my hosts file to bypass dns, no joy. <malphas> In 17 years of using debian, never seen this. <gnarface> malorie: its usually user error <BenNZ> malphas: does sudo apt-get update finish without error? <gnarface> malorie: you might want to check your routes to the sources. just because ICMP gets through doesn’t mean TCP will <gnarface> malorie: traceroute both with&without -T <malphas> BenNZ: No. I’m doing this as root. <BenNZ> malphas: what error do you get ? <malphas> The exact one I’ve been pasting <malphas> Unable to resolve any hosts <malphas> I can ping them perfectly well, or browse to them through Chrome <malphas> SSH also cannot resolve any domains. <lake> hi. i’d like to install debian under intel 64 bit os (i have 16gb of ram i want to use).do I download the ia64 image? <tertu> lake: you need the amd64 image. ia64 is Itanium. I made that mistake myself, sadly… <lake> tertu: thank you. that is confusing. <malphas> So no further things to try? No one knows if there’s a particular library perhaps used by SSH, APT or other cli utilities that might be missing? <gnarface> malphas: no, and nobody is likely to want to try very hard to help you when you won’t cooperate with them either. you’ve basically come in here and demanded us to double-check your work, for free, and then <malphas> Really? <malphas> What is it that you’ll find in my sources list, and I’m asking honestly here, that would affect SSH’s ability to resolve hosts? <gnarface> malphas: yea, really, and you probably should be checking your upstream connection too. they *can* go awry <malphas> If that were true, then I would see issues with every program. <malphas> Not just two CLI <gnarface> malorie: i honestly told you, didn’t you pay attention? i said what i expected to find there was a completely unrelated issue to the ssh one <karlpinc> malphas: The same thing that would affect everything’s ability to resolve? You only have the problem with ssh? <malphas> No <malphas> SSH/apt <malphas> ping works fine. <karlpinc> malphas: ping resolves and ssh does not? <malphas> I’m using, as sources, only ftp.us.debian.org for the stable branch <malphas> karlpinc: right. <malphas> I can ping security.debian.org fine, or ftp.us.debian.org <malphas> it resolves the mirrors in rotation fine <malphas> but apt will not resolve them <malphas> nor will SSH. <malphas> I can reach them in Chrome without issue <karlpinc> malphas: Do you know what DNS resolution is? <malphas> *sigh* yes. <LtL> malphas: pastebinit /etc/nsswitch.conf <gnarface> LtL: he won’t <malphas> http://pastebin.com/eXMFuWDF <malphas> gnarface: Still not trying to work against people, just not interesting in being spoken to like I just installed Ubuntu for the first time. <malphas> You still can’t tell me what would be in my sources list that would affect SSH’s ability to resolve hosts. <bootris> really, and you probably should be checking your upstream connection too. they *can* go awry <malphas> I’ve also mentioned several times now that my sources list is the debian default for the us mirror pool and security. <malphas> that’s it <malphas> bootris: How would upstream prevent DNS resolutions from only two specific programs <malphas> and not anything else? <gnarface> malphas: are you ignoring EVERY response? i am not assuming your ssh and apt are fucked up by the same problem <malphas> Not trying to be combative, just asking. <LtL> malphas: hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 <bootris> If that were true, then I would see issues with every program.. Not just two CLI <bootris> good night <malphas> bootris: Right. <malphas> LtL: trying that. <bootris> HATE MATH.. <LtL> malphas: try that entry, unless you’ve done something differently, and possibly /etc/init.d/networking restart <karlpinc> LtL: I always get rid of mdns. It’s nothing but trouble. <malphas> I generally do as well, but willing to try just about anything. <malphas> ltl: my networking settings are fine <malphas> No change. :/ <LtL> malphas: just a guess, sorry <malphas> W: Failed to fetch http://ftp.us.debian.org/debian/dists/squeeze-updates/main/i18n/Translation-en_US.gz Could not resolve ‘ftp.us.debian.org’ <malphas> PING ftp.us.debian.org (64.50.233.100) 56(84) bytes of data. <malphas> 64 bytes from ftp.us.debian.org (64.50.233.100): icmp_req=1 ttl=58 time=144 ms <malphas> Appreciate the try. <bootris> i get too.. you know what to right and wrong.. <malphas> I’ve tried three different DNS hosts, just to see <malphas> I’ve even tried manually making entries in my hosts file to bypass dns <malphas> nada. <malphas> and ONLY for those two programs. <karlpinc> Has anyone looked at malphas sources.list to see if he’s mixing releases or doing other strange things to break his system? <malphas> Again, how would my sources.list prevent me from using SSH <karlpinc> malphas: Because you’d install stuff to break ssh. <malphas> You can see in the above paste what my sources.list is using. <malphas> karlpinc: That’s insulting. <bootris> i used to play russians and bosnians oinline alot of puzzle video games mostly tetris variants <malphas> And no, I haven’t. <malphas> SSH won’t resolve, it connects fine <gnarface> malphas: selinux? <malphas> I’m ssh’d into my server now. <malphas> Not using SELinux <LtL> malphas: karlpinc knows what he’s talking about, just trying to help you. <bootris> why see the beach when you can see the whole universe? <karlpinc> malphas: No, it’s considering the possiblites. People come here all the time with problems caused by doing that. <malphas> LtL: I understand, but have been using debian for 17+ years. I promise I’ve checked the basics. <malphas> I’m not an expert by any means, but I do know what I’m doing. <malphas> Not trying to be a dick, honestly. <malphas> Just really frustrated with this. Never seen it before. <gnarface> debian version? <bootris> +syntax bootris <malphas> Linux wraith 2.6.32-5-amd64 #1 SMP Thu Nov 3 03:41:26 UTC 2011 x86_64 GNU/Linux <malphas> 6.0.3 <bootris> she has completely taken over their care and she hangs out with them after work every day <karlpinc> bootris: #debian-offtopic <gnarface> malphas: firewall? <malphas> gnarface: would prevent ping from performing the same resolution. <malphas> would also block Chrome <karlpinc> gnarface: I’m thinking tcpdump, just to see what’s happening. <bootris> yes.. haven’t had the pleasure to try pcp though <malphas> I’ll give it a shot, gotta install manually. <karlpinc> bootris: Get a grip and take it somewhere else. <gnarface> malphas: is your firewall a separate machine? if so i’d dump at that end too <bootris> I am not in the LiveCD. I was wondering how to do it without the live CD.. Nevermind, got it.. I really need to try to sudo something any time it doesn’t work as expected. =/ <malphas> I have my own iptables scripts on both machines; neither block or filter outgoing NS requests <malphas> and again, chrome/ping resolve fine <malphas> it’s ONLY ssh/apt <karlpinc> !ops bootris seems to be drooling into the channel <dpkg> Hydroxide, dondelelcaro, ):, helix, LoRez, RichiH, mentor, xk, abrotman, gravity, azeem, Maulkin, stew, peterS, Myon, Ganneff, weasel, zobel, themill, babilen: karlpinc complains about: bootris seems to be drool<malphas> I did try dropping them both on a whim though a few hours ago, no change. <gnarface> wget ? <bootris> maybe i should take some.. what is it derived from <bootris> i thinks its for olympic athletes and costs like 5000 dollars you are supposed to use it 1 hour a day <malphas> wget won’t resolve either. <malphas> accessing the same file with chrome works fine. <gnarface> malphas: even if you close and re-open chrome? <malphas> Yes, I cleared the cache manually. <bootris> kind of flip flopped.. sup Broke.. <malphas> wget works fine if I use the IP. <gnarface> Yes, *and* you cleared manually? <malphas> Yes. <gnarface> and you’re running a dns server locally <bootris> did they delete the entire list of aops? <bootris> !ops bootris seems to be drooling into the channel <dpkg> Hydroxide, dondelelcaro, ):, helix, LoRez, RichiH, mentor, xk, abrotman, gravity, azeem, Maulkin, stew, peterS, Myon, Ganneff, weasel, zobel, themill, babilen: bootris complains about: bootris seems to be drooli<malphas> I have one locally, and two remotely. <gnarface> and your /etc/resolv.conf has … 127.0.0.1 ? <malphas> None of them make any difference. <malphas> But again <malphas> ping works fine <malphas> no caching. <bootris> umm <gnarface> and you can use nslookup explicitly on every nameserver in your resolv.conf for that host? <karlpinc> malphas: And you’ve nothing in sources.list but debian repos and never have, right? <malphas> gnarface: yes. <karlpinc> gnarface: (I prefer dig.) <malphas> karlpinc: Right. <bootris> i often got syntax troubles with ffmpeg….. i took time to succeed…. but i never forget after… <malphas> I also prefer dig <bootris> wget won’t resolve either.. accessing the same file with chrome works fine. <malphas> but neither it nor nslookup have issues. <malphas> Right. <gnarface> malphas: ssh -v? <malphas> debug1: Reading configuration data /etc/ssh/ssh_config <malphas> debug1: Applying options for * <malphas> ssh: Could not resolve hostname thoughtbomb.org: Name or service not known <karlpinc> malphas: There’s also “getent hosts” to test the resolver itself. <malphas> root@wraith:/home/vaetis# getent hosts <malphas> 127.0.0.1 localhost <malphas> 127.0.1.1 wraith.gatenet wraith <malphas> 127.0.0.1 ip6-localhost ip6-loopback <malphas> Whoops. <malphas> Sorry for the flood. <karlpinc> malphas: It’s “getent hosts foo.example.com” <bootris> i flew my bike higher today than ever before <malphas> karlpinc: I know, no joy. <karlpinc> malphas: I’m thinking IPv6. What happens if you use -4 with ssh? <malphas> hmmm <malphas> That worked. <karlpinc> malphas: Ok. So IPv6 resolution is broken. <malphas> That’s interesting. <malphas> How would it be defaulting to 6? <malphas> and why only the cli tools, do you think? <karlpinc> malphas: ssh does. Some others also. Dunno which. <gnarface> malphas: does your local dns server listen on ::1? <malphas> yeah it’s listening for both 6 and 4 <bootris> sure <bootris> bleep you don’t even know me.. why are you insulting me