libera/#devuan/ Friday, 2020-05-29

frabbiti want to overwrite an old hdd with random data via dd, but it always stops at abot 95 MB00:05
gnarfaceprobably hardware failure, but how long did you wait?00:06
gnarfacealso what command did you use?  maybe you just made a mistake with it00:06
koollmanalso, is there an actual error ?00:07
gnarfaceyea.... your random source could be running dry on entropy at 95MB, or you could be hitting a performance wall at 95MB of harddrive cache and simply killing it prematurely...00:07
gnarfaceif it's actual hardware failure it would be errors, possibly preceeded by a hard freeze of 120 seconds (default kernel I/O timeout)00:08
koollmanerrors could be mostly in dmesg or kernel logs, for a while00:08
gnarfacedd would most likely also report a discrepancy between the bytes in and bytes out00:08
frabbitok so its a 2,5" internal hddd that is connected via sata <-> usb adapter (two usb plugs to grant enought power). i get Input/output error.00:08
gnarfaceoh, so the 95MB might be the usb bridge's buffer too00:09
frabbiti always run dd with status=progress option00:09
gnarfaceuseless unless bs=51200:09
frabbitgnarface: what does that mean?00:09
gnarfacefrabbit: it means you haven't given us enough information to prove the data even makes it to the drive00:10
gnarfacedo you get errors running "hdparm -I" on it?00:10
gnarfaceor hdparm -T for that matter...00:11
koollmanprobably show us the full command first00:11
gnarfaceyea that would be a good idea00:11
frabbitno errors at hdparm -I00:11
frabbitcomand i ran for overwrite storages: dd if=/dev/urandon of=/dev/DEVICE status=progress00:12
gnarfaceassuming "urandon" is a typo and "DEVICE" was just a placeholder for the actual device name, it should work00:13
gnarfacetry badblocks instead00:13
frabbitgnarface:  i know ive done this dozens of times...00:13
gnarfacebadblocks -b 512 -o bad_blocks.txt -p 0 -s -w /dev/DEVICE00:14
frabbitgnarface: badblocks?00:14
gnarfaceactaully, swap the value of -b out with whatever "hdparm -I" said was your physical sector size00:15
frabbitwhat does this excatly?00:15
gnarfacebut unless the drive is pretty new it's probably 51200:15
frabbitits old00:15
gnarfacekinda like what you're trying to do with dd but it will save the list of damaged sectors to the text file00:16
gnarfaceit will be slow.  be patient00:16
frabbitso dd badblocks -b 512 -o bad_blocks.txt -p 0 -s -w /dev/DEVICE00:17
gnarfacewhat?  no00:17
gnarfacewhy are you prepending dd?00:17
gnarfacebadblocks is a binary like dd00:17
frabbiti see00:18
gnarfacei'm suggesting you use it instead, not together00:18
gnarfacethere is a man page00:18
frabbitdidnt know =)00:18
gnarfaceif you're trying to destroy data securely, maybe change -p to 2 or 3 (change it to 8 if you're trying to hide data from the NSA, but it's gonna take weeks to finish then, too)00:19
frabbitoh i see what u ment with "it will be slow"00:19
gnarface(in that case, you're probably better off just drilling holes in the drive then sawing it up into little pieces, actually.  but -p 8 might do the trick)00:19
frabbitnah the guy wants it back00:20
koollmanI consider that one pass is enough. If I care enough, hammer it is :)00:20
frabbitkoollman: i do always only one pass with dd00:20
frabbitof course it is enought everything else is esoteric...00:21
gnarfacethe default badblocks call doesn't add a huge amount of randomness to the test patterns but you can alter it to be whatever you want pretty much00:21
frabbitok 2% in 3 minutes... hdd is 160gb... let me calculate00:21
gnarfaceoh that's not too bad at all00:21
frabbitgnarface: i see00:22
gnarfaceyou're lucky it's not a 2TB drive :)00:22
frabbitbut why now dd wasnt working? is the drive broken somehow?00:22
gnarfacei think we are about to find out00:22
frabbitgavlee: yeah ^^00:22
koollmanit will get slower anyway, can't directly extrapolate speed on hdd00:22
frabbitgavlee: sorry you werent ment, was typo00:22
koollman(well, you can but it's not linear)00:23
frabbitbadblocks seems cool thx for lettig me know this programm exists00:23
gnarfacenp frabbit00:25
frabbit00:17 < gnarface> [...] if you're trying to hide data from the NSA, [...] - do u do this normally? =D00:25
gnarfacefrabbit: well, that's a loaded question on a number of levels.  first of all, if you're not trying to hide your data from EVERYONE who would misuse it (NSA provably amongst them) then you're really stupid.  second of all, i provide, amongst many other technical services, secure data deletion for people trying to resell their old hardware00:26
gnarfacebut really, you do have to weigh how long you want to wait to scrub the drive against how well funded you think the people interested in what was on there are00:27
koollmanI prefer to consider this problem with a different approach. I don't write data I wouldn't want to share directly on disk first. I start with full disk encryption00:28
gnarfacekoollman: that's a smart approach.  some of my clients use Windows though00:28
frabbitkoollman: i have fde here too00:28
gnarfacekoollman: or i should say used (usually in this situation they're selling an old Windows laptop to replace it with a Mac)00:28
koollmangnarface: well, windows can do it. but, yeah, need at least windows pro or 3rd party software00:29
frabbit[...]we mean that the drive itself is capable of running its own embedded OS[...]00:29
gnarfacekoollman: yea typically these are OEM installs i had nothing to do with, i don't actually support Windows anymore.  I just support people ditching it, in various capacities00:29
frabbitso a hdd/ssd can contain a hidden os that operates without u know it00:30
frabbitand that thing has dma00:30
koollmansome drives also support secure encryption, but it's often annoying to use right. And it is less likely on older drives. Although it is getting more and more common00:31
gnarfacefrabbit: oh, that reminds me.  there's also hidden space (replacement sectors for bad blocks) on most modern drives, though usually not more than the amount of space available as advertised, still enough usually to justify setting -p to 1 or more00:31
koollmanerr, I mean secure erase (with on-disk encryption)00:31
frabbitgnarface: yeah ive red about that00:31
gnarfacefrabbit: but basically, if you write a total of more data to the drive than the visible sectors + the hidden sectors, you should be able to scrub all of it.00:32
koollman'maybe' :)00:32
gnarfacefrabbit: but if this drive is failing writes, it's probably out of hidden sectors00:32
koollmancan't really trust any modern firmware to act in a sane way00:32
frabbitkoollman: yeah maybe =D00:33
gnarfacethere's always the microwave if you're desperate...00:33
gnarfacei hope it doesn't come to that though00:33
frabbitkoollman: word! if its not free u cant really say what it is doing...00:33
frabbitmagnet tape is safe i think...00:34
frabbitor stone00:34
koollmanI really like hammers for secure deletion. huge ones.  :)00:34
gnarfacemagnetic tape maybe if you keep it in a lead box00:34
frabbitgnarface: =D00:34
frabbitgnarface: so at home xD00:35
gnarfaceactually a tape degausser should work on a harddrive too but i don't know how fast00:35
gnarfacei haven't tried that00:35
gnarfacein theory that would be a MUCH faster way to erase the whole drive though00:35
koollmanit would also make it unusable00:35
gnarfacewould it break the drive?  using those degaussers on regular VHS tapes i do recall making a lot of noise and rattling the tape innards violently00:36
koollmanonly pretty old drives have low-level formatting utilites/capabilities00:36
koollman'modern' (like, 2005+) ones can't write precisely enough to redo cylinder markings00:37
gnarfaceso the ultimate verdict is there's no way to make this faster without damaging the drive00:37
koollmanit's made once in factory, if you lose that, you have a brick :)00:37
frabbitdo you think the people who create unfree hardware/firmware use unique free hw/fw instead?00:39
koollmanwhy would they ?00:40
frabbiti mean: i cant image that they use this crap they produce for themselfs00:40
gnarfaceusually it's something internally developed and heavily secret.  every once in a while you catch one of them stealing GPL'd code without attribution, but it's rare and usually those are newer less well funded companies00:40
frabbiteveryone who understands just a little bit of what all these devices could do, would try to avoid them00:40
koollmanto them it would be homemade stuff. they know what it is pretty well00:40
frabbitkoollman: sure, but i mean devices that they do not produce00:41
frabbita ram vendor do not have cpus for example00:41
koollmanoh. that depends. I suppose most would use them anyway00:41
gnarfacealright, let's not drive this discussion too far off into the weeds00:41
frabbitgnarface: yeah =D00:41
gnarfacefrabbit: my main point was just to emphasize that if you need the data scrubbed hard enough to protect against against magnetic resonance reconstruction attacks, check the badblocks manpage for the -t option00:43
gnarfacefrabbit: if you just want the drive emptied and verified, this should be fine00:43
gnarfacefrabbit: what we're looking for here (the smoking gun if the drive is physically failing) is for that bad_blocks.txt file to start filling up with numbers00:44
frabbittest pattern00:44
gnarfaceyea, you can alter the test pattern00:44
gnarfaceif you need it to be more "random"00:44
gnarfacedefault is something like FFFFFFFFF.... TTTTTTTTT...  AAAAAAAA...00:45
frabbithmm i dont think i understand this.. =(00:46
gnarfacejust remember there are man pages, so when you do start to understand you'll know where to go for answers00:47
* frabbit speaks out his last sentence after he reads the man page00:47
frabbiti do have to translate and understand it00:48
frabbitthats sometimes a bit more difficult00:49
frabbitalso i find that manpages are sometimes contains specific terms, that you only undertsands when u are a geek or something00:50
gnarfaceheh, sometimes we still have to translate too.  not all those man pages are model examples of the use of English00:50
frabbitsimple language would be good00:50
gnarfacewell, lots of the stuff referring to physical parameters of drives like blocks and sectors you should research if you aren't familiar with00:51
frabbitman pages should describe things in a way that are understandable for beginners too00:51
gnarfacethere is a certain base assumption you've made it through at least CS101 in a lot of these things00:51
frabbitgnarface: yeah and thats the loop you get in when you just want to erase ur data =D00:51
frabbitCS101? whats that again? xD00:52
gnarfaceyou can catch up on a lot of the hardware stuff if you can find training materials related to "A+ certification"00:52
gnarfacethat might be a good way to catch up00:53
gnarfacenot actually getting the certification, but studying the materials00:53
frabbitim not a common student or something. i just read things that interests me atm or that i have to because i need to do some specific task00:54
gnarfaceyou are playing catch-up because a lot of this stuff was written by people at a time when there really weren't "casual" computer users00:54
gnarfacea lot of us just grew up with these things00:54
frabbityeah real digital natives00:54
frabbitnot like these fake ones the media call young people who are smartphone zombies....00:55
gnarfaceyou're right.  it won't ever happen again.  modern tech is designed not to leak knowledge.  we're off into the weeds again though, that's editorialization not support00:55
frabbitgnarface: agree to both.00:56
frabbit#debianfork is 4 that right?00:56
frabbitok =)00:56
frabbitim in that channel since some minutes00:56
frabbitwhat are the minimal packages that i need in devuan to get a wlan usb to run via terminal?00:59
frabbiti have the "TP-LINK_TL-WN722N" here in Version 10 with that free atheros chipset00:59
gnarfacei think you just need wireless-tools, wpasupplicant and non-free firmware if the device requires it (atheros ones commonly do)01:00
frabbitthese two i got already01:00
gnarfaceactually strictly speaking you probably don't even need wpasupplicant but i can't imagine you'd actually want to run an unencrypted wifi or even a wep encryption wifi01:01
frabbitnon-free i dont think so, because it has that free chip as i said:
frabbitgnarface: of course not. wpa201:01
gnarfaceso with that setup, you should be able to just plug the wifi config directly into /etc/network/interfaces01:02
frabbiterrmm gotta test01:02
frabbitthe chipset btw.:
frabbitlsmod says ath9k_htc is there01:04
gnarfacedoes it show up in the output of "/sbin/ifconfig -a"01:04
frabbitwait i need firmware-atheros package first01:06
frabbitgnarface:  no it doesnt01:06
gnarfacei told you01:06
frabbitbut i havent it added to interface yet01:06
gnarfaceyea, it won't do anything until you have that firmware probably01:06
frabbitgnarface: yes i thought it came in stock01:07
gnarfaceuh, i think it depended on which installer you used01:07
gnarfaceand whether the device was present at install time01:07
gnarfaceif you skiped network config or if you didn't use the netinstall, it might not have added it by default01:08
gnarfacealso, if you did have it added but didn't keep "non-free" in your sources.list it's conceivable some upgrade might have removed it without replacing it if you weren't paying attention01:09
frabbiti broke something01:53
frabbitneed to cancel that badblocks process and reboot01:54
frabbitwhats that when i have no connection to the router, cant use the internet but ifdown -v eth0 gives me netwok not configured and ifup -v eth0 gives me RTNETLINK file exists01:56
frabbitdo i have to rm that file this RTNET line is talking about and then run ifup -v eth0 again01:56
frabbiti just put ifaces wlan0 inet static under the same line with eth0 adn runned ifup -v wlan001:59
frabbitthat was the point where i lost connection to the router01:59
frabbitbut even after removing that wrong wlan line from interface, i couldnt get a eth connection again...01:59
frabbiti treid service networking restart but that doesnt work02:00
gnarfacethere's a few things it could be, but first of all, never remove a device from /etc/network/interfaces while it is still up, or it gets confused02:01
frabbitgnarface: yeah thats what i painfully found out now =D02:01
frabbiti did a search for an eth0 file everywhere but i ddnt get a clue what to do02:02
gnarfacejust ifdown the device first, THEN comment it out in /etc/network/interfaces02:02
frabbitgnarface: yup02:02
frabbithower before i rebooted ive done this and added the correct device for the wlan stick in interfaces02:03
frabbitip a showed it to me02:03
gnarfacedid wpasupplicant also give you a dhcp client?02:04
frabbitbut i couldnt bring it up and i didnt found out (without internet) how to use it02:04
gnarfaceif you don't have a dhcp client installed you'll also have to give it a static ip in addition to the normal wifi stuff02:04
frabbiti do not wpa_suppcliant atm, im reading about it atm02:04
frabbitbut i have no dhcp here02:04
frabbityeah in interfaces right?02:05
frabbitlike the one for eth002:05
frabbitok =)02:05
gnarfaceyour router may need to be configured to allow static ip addresses02:05
frabbitmust it be different?02:05
frabbitthe router runs with static eth0 adress02:05
gnarfacecheesy plastic home routers often have different rules for the wifi from the physical ethernet ports02:06
gnarfaceso that's not a relevant comparison, necessarily02:06
frabbitoh i see...02:06
frabbitddnt know that only used wlan once02:06
gnarfaceyou'll want to read the device's documentation02:06
frabbitand for that "phone" here to visit f-droid02:07
gnarfaceyou need to be familiar enough with it's features to make sure it's set up to do what you want02:07
frabbitgnarface: errr.. i just want to try first02:07
gnarfaceit's not something i could even do completely blind02:07
gnarfacethere's not enough uniformity on consumer device features or default configurations02:08
frabbitreading wpa_suppcliant atm then try to type in my passphrase for the wpa of the router and edit the interfaces file before that02:08
frabbitshit.. what i have to do? so much stuff here? is that really necessary?02:12
frabbiti thought i could stick that thing in, edit interfaces file, type in my passphrase and thats it.02:13
gnarfacewell, there's too many unknowns for me to answer simply02:14
gnarfaceit will bear some testing02:14
frabbitim looking for videos now...02:15
gnarfacei've been able to get a wifi connection up with as little as just 2 additional lines below the iface line, but it varies a lot by protocol and device.  sometimes you need extra lines to specify stuff it can't auto-detect right due to limitations of the router firmware or the driver itself02:16
gnarfaceor maybe you're just getting the password format wrong02:16
gnarfaceor maybe the router isn't set up to allow static ip addresses for wifi by default (common)02:16
gnarfaceif you don't want to mess with router settings, then i'd check on that missing dhcp client first i think (usually they do enable dhcp by default)02:17
gnarfacein one particular case, the computer was just too slow and the router was impatient, so it would take MINUTES to finish connecting, and work fine once connected but fail to complete connecting like 4 out of 5 times02:18
gnarfacebut at this point for all i know you have everything else right and just forgot to specify the gateway02:19
frabbit password format wrong?02:20
gnarfacefrabbit: scrollback
frabbitthx =) but i read when this happens02:21
gnarfacefrabbit: yea there's different types of password actually.  they're not all just "string"  ... some of them are hex or decimal or limited ascii02:21
frabbitwait g4570n has quit (Ping timeout: 246 seconds)02:21
frabbitthats not me02:21
gnarfaceand some of them need special notation in the /etc/network/interfaces file02:21
gnarfaceignore that, i just copy+pasted from my window, so other parts/joins are in there02:22
frabbitwheres the message that i was disconnected?02:22
gnarfaceit didn't happen02:22
frabbitoh the people here block my parts and joins because it happens so often xD02:22
gnarfaceyou reconnected before your previous connection timed out that time02:22
frabbitoh ok, but i missed the last message from you02:23
frabbitdoesnt matter02:23
gnarfaceeverything in that paste was what you missed02:23
gnarfaceplus some bonus content02:23
frabbitgnarface: yes i know02:23
frabbitonly the last sentence02:23
frabbitnever mind02:24
frabbiti read the log site02:24
frabbitso how can i find out what passphrase type my router is using?02:24
gnarfaceit should be mentioned in the manual02:24
gnarfacebut you can probably heavily infer from it's gui02:25
frabbitit a very long passphrase with all types of characters02:25
frabbitin the router manaul? lol no way xD02:25
gnarfacei think the iwconfig manpage contains the /etc/network/interfaces file notation for various password types02:25
frabbitits just a thre pages "long" comic book02:25
gnarfacei'd have to dig out an old machine to check but i just remember having to prepend "s:" to certain passwords or there would be a parsing error02:27
gnarfacesomething like that02:27
gnarfacethe man pages are there so we don't have to remember every detail02:28
gnarfacebut once you get this working, i recommend you make a backup of that file02:28
frabbitim fucked up atm02:34
frabbitdidnt want to spend so much time again on computer stuff today02:35
gnarfacei don't blame you, but to some degree you only make it worse by thinking like that02:35
frabbitisnt there any step by step (video) tutorial?02:36
gnarfacemaybe but not that i know of02:36
gnarfacei had to learn to do this the hard way, before there were video tutorials02:36
gnarfacepart of the issue is that too much of the setup is going to be router specific02:37
frabbitit sucks that there a tons of tutorials for this gui shit: click here click here click here thasts it, but it lacks of terminal tutorials, espacially on yt02:37
frabbitwho needs all this etwok manager tutorials? you can click on that icon and see enable wifi or whatever, no one need a tutorial 4 that!02:37
frabbit*network manager02:38
gnarfaceheh, yea there's a real social barrier there.  once you absorb enough of the text you start neglecting the videos, but the video people neglect the text too...02:38
frabbitsometimes its good to have also visual and sound stuff for learning, i mean this is the oldest, most intuitive and efficent way how humans learn, not reading02:40
gnarfaceyea, it's true, but it's just very expensive to stick on the internet.  text is comparatively cheap, and again there's the generational thing;  most of us had reading beaten into us (sometimes literally)02:40
gnarfacepeople of that generation will tend to suggest you solve your reading problem before you solve your networking problem02:41
frabbitno one would say: hey read all that good books about martial arts and then fight against this expert fighter over there, im sure it wil be a fair fight. xD02:41
gnarfacehah, true02:41
gnarfacebut luckily the computer won't beat you up if you let your guard down (probably)02:42
frabbitbut there are some good tutorials for some stuff, ive found some good video tutorials for bash, lua and misc minimal terminal stuff02:43
MinceR"A computer once beat me at chess, but it was no match for me at kick boxing."02:44
frabbitand before i changed to devuan i saw a video about it ;)02:44
frabbitMinceR: =D02:44
frabbitManaging Wireless LAN on Command Line in Linux:
frabbitbut 8 years old02:48
gnarfacefrabbit: one thing is, you should also be able to completely define the wifi connection with just iwconfig and ifconfig commands.  maybe if you're having trouble with the /etc/network/interfaces syntax, try testing bare iwconfig and ifconfig commands for comparison, maybe it'll be easier to see the mistake that way02:49
gnarface(also maybe easier to see the relevant errors)02:49
frabbitis the device name of my wlan stick a sensible information that i shouldnt share?02:50
gnarfacewlan0?  probably not02:51
gnarfaceor the model#?  probably not either02:51
frabbitno its not wlan002:51
gnarfacethe wifi router itself, yea don't tell people the model of that unless it's desperate02:51
frabbitor the information interfaces contains?02:51
gnarfacethe password and SSID are highly sensitive, obviously02:52
frabbitip gateway etc.02:52
gnarfacethe internal LAN ip addresses less so, the public addresses very much so02:52
frabbitgnarface: haha =D02:52
frabbitlike my keys? ;P02:52
gnarfaceright.  make sure /etc/network/interfaces is not globally readable02:52
frabbitit isnt02:52
frabbitbut i wanted to paste it to show you02:53
frabbitso i wont then...02:53
frabbitor wait ill set placeholders02:53
gnarfaceoh.  yea i wouldn't paste it unless you swap out all the ip addresses and authentication info out with fake stuff02:53
frabbitok so i sticked in the wlan usb and runned ip a02:54
frabbitit shows up there at third place after lo and eth02:54
gnarfacewell that's progress02:54
frabbitthe name of that devices i copied into interfaces on a line #iface DEVICENAME inet static02:55
gnarfaceshould be correct02:56
frabbitbelow that i have just copied the address netmask and gateway line that i use for eth02:56
gnarfaceexcept it would be "iface DEVICENAME inet dhcp" if you're using dhcp02:56
frabbitall lines are disabled with # at the beginning atm02:56
frabbitgnarface: no i dont02:57
frabbiti use static02:57
gnarfacedid you say you had a "gateway" line under eth0 before?02:57
gnarfaceyou gotta move that to the wifi device02:58
frabbit02:54 < frabbit> below that i have just copied the address netmask and gateway line that i use for eth02:58
gnarfaceoh, ok yes, you said that02:58
frabbitgateway is the router right?02:58
gnarfaceyes, router's internal ("LAN") ip02:59
frabbitok =)02:59
gnarfacenote that it might be in a different subnet than the wired ethernet though... this is one of the things you have to actually check in the router02:59
gnarfacethey vary too much to guess02:59
frabbitso no i just have to run "ifdown eth0" to disable my current connection, then disable the eth lines in interfaces and enable the wlan ones02:59
gnarfacesome bridge with the physical ethernet, some set up an entirely separate range by default02:59
frabbitok i look at the router gui...03:00
gnarfaceso you might not be able to just copy the lines from eth0 to the wlan0 or whatever it's called... you might have to actually change the subnet.  check the router gui03:00
gnarfaceconsumer devices are all over the board on this behavior and you can't trust them to "do what's sane" in the best of cases, but you're at an important crossroads in your knowledge level, where the very concept of "do what's sane" is going to become a moving target in your head soon03:01
gnarfaceif you run "/sbin/route -n" with eth0 as your connection, then run it again after switching to wifi, you can see by the different output if the gateway is correct03:02
frabbiti cant find any information about gateway stuff in the router gui (its a shitty router...)03:04
frabbit/sbin/route -n? ok i will do this now, so im disconnected for a moment03:04
gnarfacebasically, see how "UG" is on a line that ends with "eth0" ?03:06
gnarfaceyou need to have only one "UG" line, and it needs to be on the device you're actually using, so it'll have to be on a line that ends with the name of your wifi device instead03:06
gnarfacethis is just a sanity check you can use when you're done to make sure it's right03:06
gnarfacethere are advanced situations where you might need two gateways simultaneously, but for now just consider that a broken configuration03:08
frabbitso /sbin/route -n has the same gateway on both03:08
gnarfaceyou mean it stays on eth0 even when you switch to wifi?03:09
frabbitbut i have no connection so, probably because i need to enter my passphrase somewhere before03:09
gnarfacetoo many possibilities for me to know03:09
frabbitso where to enter this?03:10
frabbitin some config file? is there a terminal prompt?03:11
gnarfacefrabbit: that's the thing, there's nowhere else to put it but /etc/network/interfaces, in this scenario03:19
gnarfacefrabbit: that's why i suggested trying it by iwconfig instead as a test03:19
frabbit=o ! u mean saving the passphrase in plaintext in interfaces?03:22
gnarfaceyea, that's why i said to make sure it's not globally readable.  but really only root should be able to read it (this is NOT the default)03:22
frabbitwhat the heck?!03:23
frabbiti can cat it into my term here!... o_003:23
gnarfacethe heck indeed03:23
frabbitok ive runed chmod 600 /etc/network/interfaces03:25
frabbitwhy is that not root only?03:25
frabbitby default?03:25
gnarfacebecause by default you're not expected to put passwords in there03:25
* frabbit wipes his ~/.bash_history03:26
gnarfaceremember, this network setup predates wireless networking03:26
gnarfacean example using dhcp03:26
frabbitthat wpa-psk is the passphrase?03:27
gnarfacebut in the past i've had to set other stuff, like wpa-driver, wpa-ssid, wpa-pairwise, wpa-group, wpa-key-mgmt, wpa-proto..... all kinds of stuff for less compatible routers03:27
gnarfaceyes, wpa-psk is the passphrase for wpa and wpa2... note that for wep it's actually something else (and has a different format)03:28
frabbitok ive wpa2 here03:28
frabbitthe only trustable thing as far as i understood...03:28
gnarfaceyea, nobody is using WEP anymore, i just mention it so you don't get confused looking at really old documentation03:28
frabbitgnarface: thy for the hint =)03:29
frabbitok so i can now add the ssid and the psk and do that thing again i did a few minutes ago right?03:29
gnarfaceifup wlan0?03:29
gnarfacein theory03:30
gnarfacemake sure it's down first03:30
frabbityes =)03:30
frabbitso i can bring it up but and the sticks makes party (led is blinking, that only happens when it is in use, plug it in alone idnt enough), but as it seems i cant use the internet03:48
frabbiti have output of ifup and mesg here03:48
frabbitand in demsg isnt written foobar becomes ready03:48
frabbitwhen i use the eth it says at last eth0 becomes ready03:49
gnarfaceso it starts to handshake and doesn't complete03:51
gnarfacethere could be a lot of reasons for that, but my first guess would be the static ip is refused by the router03:51
gnarfaceor maybe the gateway is wrong?03:51
gnarface"... becomes ready" might even be printed if the gateway is wrong though, not sure03:51
frabbitgnarface: how to find ot?03:51
frabbitgnarface: but it wasnt printed for the wlan03:52
gnarfacewell the first thing i'd do is check the router's GUI to make sure i'm even using the right IP range...03:52
gnarfaceyou could try DHCP to see what it assigns you, then guess from that03:52
frabbitgnarface: ouh... D= the last time i runned dhcp to test something, i couldnt get a connection anymore without it, even after purging it and reboot...03:54
frabbitingnain the end i had to reinstall devuan....03:55
frabbit*in the end03:55
frabbitwhats whith that first suggest by you?03:56
frabbitright ip range03:57
gnarfacefrabbit: well, the router will default to some *specific* ip range, and if your static setting is not in that range it won't work.04:00
gnarfacefrabbit: and that specific ip range may be different for the wireless and wired networks04:00
gnarfacei can't tell you much more than that without seeing the router's gui myself04:01
frabbitwhat do i have to look 4?04:02
gnarfaceit's probably with or near the wifi and dhcp settings04:02
gnarfacei'd expect the manual to mention it04:03
gnarfacebut i'd also expect you to be able to change it from the gui04:03
frabbitas i said the manual is a three sites comic book...04:03
frabbitgnarface: yeah i can change different addresses there04:03
gnarfaceyou're sure the router supports this wifi device, right?04:04
frabbitzeyes ive used it with my phone04:04
gnarfacethere can be different types of wireless... 802.11b, 802.11g, 802.11n, etc etc04:04
frabbitin replicant u need an external wifi device04:04
frabbitand ive used that device that im using atm on my laptop04:05
frabbiti have no other either04:05
gnarfacei'm sure it works with your phone, but that's not what i asked, i asked if you're sure THIS wifi device works with the router (the one you're trying to get working in the linux box right now... it's been used with this router before?  yes or no?)04:05
frabbiti have only one router04:05
frabbitso i use that router for my phone too04:06
gnarfacewhen you try to get it to connect, how long do you wait?04:06
frabbitok i also have a libre router, but i couldnt get that thing to work before...04:06
frabbitthe phone?04:06
gnarfaceno, the linux box04:06
frabbitthe laptop u mean?04:06
frabbitwith eth or wlan?04:07
gnarfacewlan... might take 60 seconds04:07
gnarfaceusually it's much faster but it could take up to a minute04:07
frabbitoh ok didnt know this o_004:07
frabbiti quit after 10 seconds or so ^_^04:07
frabbitso i try again04:07
gnarfacewhen it works you should be able to ping the gateway04:07
frabbitoh i pinged my webmailer04:08
frabbitbut that didnt worked04:08
frabbitso wait a minute and ping the gateway address ok got it04:08
frabbitok ive waited some minutes adn treid several times04:33
frabbitdoesnt work04:33
frabbitwith ping i get: Destination Host Unreachable04:34
frabbitso.. should i share pictures of the router webgui now?04:35
frabbitmaybe there are some templates somewhere... but you said: 02:49 < gnarface> the wifi router itself, yea don't tell people the model of that unless it's desperate04:37
* frabbit sighs04:38
frabbitdesperate house routers...04:38
gnarfacefrabbit: yea i was just saying that because if it turns out it something with known vulnerabilities you don't want everyone knowing that's all that stands between you and the internet04:42
gnarfacefrabbit: i'm sorry though, i'm out of ideas.  mabye if i saw the interface i could guess, but it's no guarantee04:43
gnarfacefrabbit: i think there's still a 50% chance it's some simple mistake i have forgot to warn you about04:43
gnarfacefrabbit: does dmesg say anything interesting while you're waiting for it to connect?04:44
frabbitah i didnt checked...04:44
frabbithm i dunno =(04:46
frabbiti dont understand the output04:46
frabbiti will censor the numbers and paste it04:46
frabbitgnarface: i pm it to you04:54
gnarfaceoh man04:56
gnarfacei'm sorry dude, looks like a bug.  but maybe get real close to the router and see if it says?04:57
gnarfaceimportant part is... first it says authenticated, then associated, then deauthenticating Reason: DEAUTH_LEAVING...04:57
gnarfacewhich i'm guessing means it thinks you logged off04:57
gnarfaceif it immediately logs you off thinking you logged off, that sounds like a known bug i've heard of04:58
frabbit"but maybe get real close to the router and see if it says?" err.. what?04:58
gnarfaceoh, i think maybe also could be a signal issue04:58
gnarfaceor some other interference04:58
frabbithm i think the last one is when i run ifdown on the wlan04:58
gnarfaceoh, that is you actually doing it then?  if so then, from this it just seems like it's working04:59
gnarfacethere's no sign of an error here in that case04:59
gnarfacei'm still outta ideas04:59
gnarfacereally might be the ip range thing...04:59
frabbitgnarface: i think so i didnt looked at dmesg before run ifdown04:59
gnarfacei'm going afk for a while but i'll be back later if you come up with any more evidence05:00
frabbitok ty to here =)05:00
frabbitno: ty so far05:01
frabbitand ty xD05:01
frabbiti will stay in irc while im sleeping, i need to run badblocks anyway, so cant turn off the machine05:03
frabbitthere was a vulnerability in gpg 2018: CVE-2018-12020 and here is said that version 2.2.8 fixed that bug. Devuan ascii has version 2.1.18. were that security fixes backported to versions wich are older then 2.2.8 or how was that handled?06:09
leafwizMy loggs are spammed with: May 29 09:23:22 sk-nms-zabbix brltty[605]: file system mount error: usbfs[brltty-usbfs] -> /var/run/brltty/usbfs: No such device09:24
leafwizOf flooded with :)  I saw there was a bug filed to Debian, but it seemed there where no resolution09:24
leafwizDo you guys know about this?09:25
leafwizI guess the solution is just to disable brltty09:26
enycHrrm...  Beowulf desktop weirdness not yet understood....13:38
enychad both "caja" and "soffice" in 100% CPU (i.e. loops) until killed and restarted ... wondering if somegui library / interaction causes this...13:39
frabbitanyone about the gpg vulnerability?15:41
frabbiti dont understand how these things handeled. does the version not matter?15:42
enycfrabbit: normally debian patch packages rather than changing whole verison , in most cases,  but exceptions exist15:42
enycfrabbit: normally devian passes most debian packages stragiht through to devuan users15:42
frabbitand how can i see if that security patch is in a specific version of a programm?15:43
frabbiti know that normally the third number of a version number is the patch number15:45
frabbitso here at my devuan ascii gpg 2.1.18 means there was 18 patches since version 2.115:46
frabbitbut gpg project says that they fixed that SigSpoof issue in version 2.2.815:46
frabbitits totally confusing15:46
frabbitis some of the 18 patches in devuans 2.1 gpg identically with the patch 8 in gpg 2.2?15:47
frabbithow to identify that?15:47
frabbitwhen theres a changelog for gpg it will say the patch came with 2.2.815:48
frabbitso.. is this the fixed gpg version in debian:
frabbitits not really evident to me... and even for no one who is not a dev or geek or whatever.. its confusing15:58
frabbiti mean if theres a news that says we fixed xy in distro xy thats easy to understand.15:59
fsmithreddoes gpg still work?15:59
frabbitfsmithred: huh? o_016:00
fsmithredHere, it seems to be broken more often than not.16:00
frabbitfor me its working16:00
fsmithreddo you know a keyserver that really exists and works?16:00
frabbitoh that doesnt work for me too16:01
frabbiti always download keys manually16:01
frabbitfrom websites16:01
fsmithredI used to use but it doesn't seem to work any more.16:01
frabbitfsmithred: do u know where in that debian versin number i can see the patch 8 from ggp 2.2?16:02
fsmithrednot sure what you're asking. You linked a page that shows a fix applied to an older version of gnupg.16:04
frabbiti mean stable debian was jessie when that fix came and it had a different version number, because programs in stable are always older then the newest release of that program.16:05
frabbitbut shouldnt there a unified indicator for such fixes that is evidend for all kind of versions of a program no matter what distro?16:06
frabbitfsmithred: there was this SigSpoof vulnerability in gpg 201816:06
frabbitgpg team fixed that with 2.2.816:07
frabbitthe version number of the version gpg was in debian stable at that time seems to be 1.4.1816:08
fsmithredlook at the page for the CVE16:08
frabbitfsmithred: yeah ive done this and its confusing16:08
fsmithredwhat cve is it? I see two for 201816:08
fsmithredappears to be fixed in jessie16:10
DNiedfsmithred: I use hkp:// -- no problems16:10
fsmithredbut enigmail is not16:10
frabbit15:50 < frabbit>
frabbitive posted that link already16:11
frabbitthats not the point16:11
frabbiti mean there should be an indicator in the versionnumber itself that shows if all available security fixes are in that specific version or not16:12
frabbitfor example16:12
fsmithredhow the hell would they know that?16:13
frabbitgpg 2.2.8 was the the gpg version that came with that fix for the SigSpoof issue16:13
fsmithredread the changelog for the package to see when specific bugs are closed16:13
frabbitat this tim the gpg version in debian stabel was 1.416:13
frabbitat that day debian bring that fix to their old version of gpg it was marked as the patch 18 of their gpg version 1.4 correct?16:14
frabbitbut there should be a suffix that indicate this fix16:15
fsmithredI don't know about patch numbers, but I can see that they did patch the 1.4 version16:15
fsmithredthe suffix indicates the iteration of the update16:15
frabbitfor example -s8 for the patch in gpg 2.216:16
frabbitso the debian version should named 1.4-s816:16
fsmithredyou asking to change the package naming conventions16:16
fsmithreddeb8u5 means jessie, fifth update of this package16:16
frabbitor im asking why they are so confusing16:16
frabbityeah thats what i know16:17
fsmithredbecause it's the debian way?16:17
onefangSome package updates include a LOT of security bug fixes.  That wouldn't work to include that info in the version number.16:17
onefangRead the release notes.16:17
frabbitonefang: why?16:17
onefangThere's even an apt add on that makes that very easy.16:17
onefangSo you can find the information you want to somehov encode in the version numbers.16:18
frabbitevery new fix could just add the number the devs of the programm used as their patch number16:18
onefangAnd if there's a dozen patches?16:18
frabbitis there a lack of space in a line=16:19
frabbit-s6472829 would be 6 million patches...16:19
frabbitits still short, 7 letters16:19
frabbitdeb8u5 is six letters16:20
onefangWhy would that be less confusing that reading actual descriptions in release notes?16:20
frabbitonefang: because every distro has its own16:20
frabbitso for a specific distro i need to check their specific release page on foobar.somewhere.org16:21
frabbitinstead of just running the version option with that program16:21
frabbitgpg --version16:21
frabbitonefang: what nope?16:21
onefangInstall apt-listchanges, and it will show you the release notes when you update a package.  This will include CVE numbers and actual descriptive text.  With an option to email it to you once installed.16:23
fsmithredthe version number will have the cve numbre of every patched vulnerability?16:23
frabbitif gpg releases a security fix and use the naming convention -s123 every distro could just add that suffix to its package version number as it adds that patch16:23
frabbitdebian: gpg --version 1.4-s123  --  arch: gpg --version 1.9-s123 and so on...16:24
frabbitonefang:  ok interessting didnt know that16:24
frabbitonefang: but not every distro have apt16:25
onefangSo you get MyGreatPackage-1.4-s123-s456-s789-s485-s23763-s13487697654-s1235485416:25
frabbitonefang: no16:25
onefangYes, coz not all packages get these patches applied all at once, some distros pick and choose.16:25
frabbitgpg 2.2-s123 means the 123 security patch for that program, no matter what version (2.2 here) it has16:26
onefangAnd CVE numbers are the industry standard for numbering these things.  They are longer than s123.16:26
frabbitthe hundred and twenty-three patch for that program since the first version of that program was released16:26
onefangThings don't work like that.  This is what we are trying to tell you.16:27
onefangTher are multipel patches, NOT16:27
frabbitonefang: no u dont understand me16:27
frabbit16:23 < onefang> So you get MyGreatPackage-1.4-s123-s456-s789-s485-s23763-s13487697654-s1235485416:27
frabbitthat indictaes that...16:27
onefangThere are multiple patches, NOT just a single patch that includes everything.16:27
frabbiti didnt said that16:27
frabbitif theres a security issues it will be patched correct?16:28
onefangThere will be one or more patches for EACH security issue.16:28
frabbitso for example theres security issue foobar16:29
frabbitand the actual version of the affected version ist 1.216:29
frabbitthe fix needs 3 patches16:29
frabbitthen the version would called 1.2-s3 after the patches16:30
onefangAnd the other six security issues?16:30
frabbitonefang: after 1.2-s3 there come 6 new patches u mena?16:31
onefangMyGreatPackage-1.4-s123-s456-s789-s485-s23763-s13487697654-s12354854  It gets unwieldy very quickly.16:31
frabbit1.2-s9 would be the most up to date version then16:31
frabbitread me posts!16:31
onefangRead mine.  ;-P16:32
frabbiti do so i can tell that u do not undertstand!16:32
onefangYou are assuming that all distros apply all patches in the exact same order.16:32
onefangIt doesn't work like that.16:32
frabbitif theres a security issue the distro will include the fix from the devs of a program16:33
fsmithrednot always16:33
frabbitfsmithred: yes16:33
frabbitand thats the point16:33
fsmithredsome vulnerabilities are left unpatched16:33
frabbitwith a unified suffix for the security fixes in the version number u could easily see that16:34
frabbit"look distro xy still has -s123 but newest is -s124"16:35
fsmithredI'm not getting how that would be easy16:35
fsmithredwhat's 124 mean?16:35
fsmithredwhat's 3?16:35
fsmithredthat's on another chart somewhere16:35
frabbitthe 124 security patch of that program16:35
fsmithredI need a table to convert CVE to single digit patch16:36
onefangAnd how does this 3 relate to the CVE you just read about in an article?16:36
frabbitcve doesnt matter16:36
onefangCVEs matter to the rest of the world.  That IS the unified numbering system you want us to reinvent.16:36
frabbitgpg devs see "oh theres a security problem" they make a fix16:37
frabbitit doesnt matter to the version number16:37
onefangExactly our point.16:37
fsmithredthe CVE number is how you find the description of the vulnerability16:37
onefangThat's why they mention CVEs in release notes.  B-)16:37
frabbiti didnt offered that16:37
fsmithredor any other discussions about how to fix it16:37
frabbitfsmithred: i know16:38
frabbitonefang: i know too16:38
onefangNo, you offered a long string of random random digits in version numbers that are as meaningless as what you are trying to replace.  It's no less confusing, which was your initial issue.16:39
frabbitmy point is to see with just a --version option if a program is up to date with the available security fixes for that program (not up to date with the newest features of that program)16:39
frabbitonefang: no tahts what u still think16:39
frabbithow many security patches has gpg got since its first release?16:40
frabbiti need a number16:41
onefangAnd how many of those may or may not have been applied to the three year old version in ASCII, with some being skipped for good reasons?  Which would completely invalidate simply reporting a count.16:41
frabbitonefang: "skipped for good reasons" ?16:42
frabbitskip a security fix for good reasons? o_016:42
onefangDidn't apply security issue 123, coz that only applies to a bug introduced in a later version, but we included 124, coz that applies.16:42
frabbitthats a point then finally16:43
* onefang smiles and heads to bed.16:43
frabbitbut then still one could use the -s suffix16:44
frabbitits then for all distros with that specific release version of that program16:44
onefangIt'll be up to you to convince ALL the developers to include that in their --version output.  Good luck.16:45
frabbitso programm-1.4-s3 in debian would be the same as programm-1.4-s3 in arch, but different from programm-1.5-s3 in gentoo or something...16:45
fsmithredand you realize that it's useless to talk to us about it, because we have no power to change it.16:46
frabbitonefang: i wont. but it would be easier to see if a program has newest security fixes, without visting a website first....16:46
frabbitfsmithred: i didnt want "you" to change it =D16:47
frabbitall taht talk started because of my confusion about that fix for the SigSpoof issue16:47
frabbitin gpg16:47
frabbitits a bit meta about that topic anyway....16:48
frabbitabout how far we can get to get a more default gnu/linux without loosing diversity...16:49
onefangThis horse is dead, ride it over to #debianfork, and don't forget to shut the stable door behind you.  So I don't have to wake up to 100 messages on this subject while I see if there's any Devuan support questions I can give some input to.16:49
frabbitonefang: whatever...16:50
frabbitgnarface: badblocks runned when i was sleeping. i have three times "done" here now without errors, can i stop it? its still running...16:51
frabbit12:08 elapsed16:52
frabbitthats hours not minutes16:52
frabbitwill the the terminal output of a program saved in some system log or any other system file (not program specific) by default?16:58
frabbitfor example pass give me the passphrase i asked for as a terminal output... even after running "reset" i can read that passphrase...16:59
frabbitby scrolling back17:00
frabbiti would prefer some sandbox output taht will be deleted after some time17:01
spuriaIDK what you'r doing, but SOME programs saves log, usually demons like nginx, openssh, or others. in normal conditions I can't recall a single program that could store a password in a log. the output of cli programs it's NOT usually stored (some terminal emulators do saves encrypted tmp outuput files that are deleted at some point, but they tells you that and I don't think you'r using one of those)17:05
frabbitspuria: yeah program specific logs is not what i ment17:06
frabbiti ment general logs (something like dmesg, yes i know terminal output is not tehre, but it logs alot of stuff not just from one specific program)17:07
frabbitand what is that scroll back thing?17:07
frabbiti use stterm17:07
spurianormally the only thing that is saved on terminal is what you type as a command, and you can see it (and modify/delete it) in .bash_history17:08
frabbiti can srollback to where my passphrase was outputted by "pass" even after hours...17:08
frabbitspuria: yeah i know17:08
frabbitbut thats input17:09
frabbitspuria: do u use pass?17:09
spuriain another terminal session do you still see the password?17:13
frabbitspuria: will try17:14
spuriacan you explain why?17:15
frabbiti closed it and opened another one17:15
frabbit but there i cant scroll back17:16
frabbitspuria: no i cant =D17:16
frabbitwill the terminbal output deleted or even overwritten after i close the terminal?17:17
spuriathat's the output, there's no need to save it from session to session, but it's coveniently stored in the same session for you to scroll it up to see it again, but it's gone when you close the session17:19
frabbitor is terminal output only in the ram and after i close the terminal the ram marks it as deleted, use it for other things?17:19
frabbitspuria: oh! where is it stored?17:20
spuriasomething like the second one you sayd17:20
frabbitthe ram17:20
frabbitlol "something" is tehre something else like the ram? =D17:21
spuriayes, it's temporary, the output it's not written (again, usually) anywhere in a persistent way17:21
frabbiti see. but in theory my passphrase stays in the ram until it will be overwritten with otehr data right?17:22
frabbiteven if i end the session or shut down but laptop has still power connection17:23
frabbitor is the temporary stored terminal output in ram encrypted?17:23
spuriawell, this in italian, could be better:
frabbitfirst is a genaral guide page, second only for people who understands italian...17:29
frabbitspuria: so u dont know17:30
spuriano I don't, i'm looking for a good class on computer science, and i think this is not the place where i'll find it17:31
frabbitis that a hint that i should visit such a class?17:32
spurianope, talking about myself17:32
frabbitspuria: okay =)17:33
frabbitif i would pipe the output of pass into a txt file and then wipe the textfile, would taht be a good solution?17:34
frabbiti mean is there still first invisible output on the terminal that is visible in the ram?17:35
golinuxfrabbit: Good grief.  I just had to wade through how many lines of babble for . . . nothing.17:59
golinuxNext time take it to #DEBIANFORK as onefang suggested.17:59
frabbitgolinux: the begin of this ws a question that was devuan specific18:13
frabbithow to ask a question that belongs to that in a channel where the other users who are at devuan cant be found?18:14
frabbit#debianfork is pretty empty18:15
frabbitso not all users who are in #devuan are in #debianfork too...18:15
frabbiteven #debian has no log website, so others who are not in #debianfork cant follow when the users continous the (sub)topic in a channel where they are not18:16
frabbitalso yesterday i joined #debianfork there was a video posted showing police violence... i dont want to see that18:18
frabbit#debianfork should be for computer near stuff only. i dont sit on my pc learning computer things to see then the same politic shit that i see every day everywhere else...18:20
frabbitgolinux: sorry i will try harder to split such discussions from now on18:20
furrywolfwhy is someone complaining about being told what is on-topic trying to tell others what is on-topic?18:21
frabbitbut when people in #debianfork will post hard stuff like that yesterday i will have to block them to avoid me seeing their posts... what sucks because maybe they could help me with computer questions...18:22
* ErRandir got rid of systemd in 2015 so reading #debianfork is like watching the history channel...18:28
scaniatruckerfrabbit: #debianfork is  a place for more social interactions between community members.19:33
frabbitscaniatrucker: hi.19:34
golinuxfrabbit: History . . . #debianfork is where we gathered before Devuan existed.   We were forking Debian!20:10
frabbittotally forgot that i need to stay here.. =(20:37
frabbitgnarface: badblocks is done now. i got no errors and the file is empty.20:37
frabbitim running now dd on it again adn its already over 500mb =)20:41
mcrI think that we need to add something to /usr/share/python-apt/templates so that add-apt-repository will be happy.  I am cp'ing the Debian files to see if that works.20:55
mcrOh, I had to add beowulf to the file. ick.20:57
golinuxfrabbit: History for future reference . . . #debianfork is where we gathered before Devuan existed.   We were forking Debian!21:04
frabbitgolinux: i know that.21:14
HumI installed info2www (and dwww) and lighttpd21:21
Humhttp:// isn't found21:21
HumIt is in /var/lib/info2www/infodoc.png . /etc/lighttpd/conf-enabled/90-debian-doc.conf is enabled, but info2www is not mentioned there21:22
HumAny hints=21:22
HumOK, found it in /usr/share/doc/info2www/README.Debian: it has to be manually configured21:27
gnarfacefrabbit: alright, well glad it's working now.  i can't tell you why dd didn't work in that case though.  i can only assume user error... like maybe /dev/urandom was linked to /dev/random for some reason, and you were running dry of entropy at 95MB, or something like that.  i could only speculate.23:17
frabbitgnarface: nah im running the same command atm...23:18
frabbitanzwaz thx for zour advice cause now its running23:18
gnarfaceno problem23:19
frabbit*anyway *your23:19
* frabbit wishes himself a keyboard where every letter has its own key and has the same layout with all latin languages23:20
frabbitfsmithred: =)23:20
* fsmithred wishes he could find the pipe character on it_IT layout23:21
frabbithmm left from y and pressing alt-gr?23:22
frabbitthats with german layout23:22
fsmithreddunno. I'm not there now, so I can't try it.23:22
fsmithredprobably different23:22
frabbityeah xD23:22
fsmithredI only go there to make sure it's possible to boot into other languages23:23
frabbitlook at commons for pictures of keyboards23:23
frabbitbut thats #debianfork23:24
frabbit(off topic expert talks...)23:24
fsmithredfoot pedals???23:25
frabbitah cant change the rooms here on tty... D=23:25
fsmithredpretty sure irssi will let you do that23:26
fsmithredbut I don't know how23:26
* frabbit is at debianfork now and tell the people how to do that xD23:29

Generated by 2.17.0 by Marius Gedminas - find it at!